Skip to content

13-07-2025

Pre-release
Pre-release
Compare
Choose a tag to compare
@fulleni fulleni released this 13 Jul 17:12
· 202 commits to main since this release
13-07-2025
46bba64
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

🛡️ Authentication System Hardening

This release delivers a focused set of critical security and stability enhancements to the API's authentication system, specifically targeting the dashboard login flow. We have refactored the authorization logic and implemented new security checks to create a more robust and secure login process.

Key Authentication Enhancements

  • Critical Security Fix: Email Verification Check
    A new security check has been implemented during dashboard login code verification. This explicitly verifies that the email provided in the request matches the email associated with the found user, preventing a potential account access loophole.

  • Enhanced Dashboard Authorization Logic
    Dashboard login access is now determined by a specific dashboard.login permission instead of a direct role check. The flow also includes a critical re-verification step during code validation to ensure permissions are checked at the exact moment of login.

  • More Resilient API Request Parsing
    The /request-code endpoint has been improved to robustly handle the isDashboardLogin flag whether it is sent as a boolean (true) or a string ("true"), preventing potential client-side errors and improving API resilience.

  • Improved Error Handling & Logging
    The authentication service now captures and logs full stack traces for unexpected exceptions, providing more comprehensive information for debugging. The internal validation logic has also been refactored for better clarity and maintainability.

Assets 2
Loading