xTr1m/GameList
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Migrate current password hashing to Argon2id

Browse Source
This commit is contained in:
Frank Tovar
2026-02-18 21:06:22 +01:00
parent a130cba41a
commit e55a1b01f4
9 changed files with 46 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
TESTS.md
View File

@@ -38,7 +38,7 @@ stateDiagram-v2
- Database uniqueness guard enforces single owner row (`IsOwner=true`) even if writes bypass endpoint-level checks.
- `/api/auth/options` reports owner presence for registration UI behavior.
- Login success updates LastLoginAt and sets DisplayName if null; rejects wrong password/username; enforces length limits.
- Successful login upgrades legacy password-hash versions to current hash parameters.
- Successful login upgrades legacy password-hash versions to current Argon2id parameters.
- Logout clears cookie.
- EnsurePlayerExistsMiddleware: signed cookie for deleted player returns 401 and clears auth.
- Cookie contains admin claim; non-admin cookie cannot access admin routes (401/403 via filter).