Skip to content

Commit d88e328

Browse files
committed
docs: mark completed items in SECURITY-REVIEW and CODE_REVIEW
Mark items as completed: - SECURITY-REVIEW `#22`: Missing Max Length on Input Fields - SECURITY-REVIEW `#25`: Magic Numbers Without Constants - CODE_REVIEW `#9`: Path Construction in email.py All changes have been implemented and tested.
1 parent febf645 commit d88e328

File tree

2 files changed

+14
-0
lines changed

2 files changed

+14
-0
lines changed

CODE_REVIEW.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -247,6 +247,10 @@ hash_to_verify = str(user_do.password) if user_do else DUMMY_PASSWORD_HASH
247247

248248
### 9. `app/managers/email.py:39` - Path Construction
249249

250+
> [!NOTE]
251+
> **Done**: Changed from string-based `".."` to explicit `Path.parent.parent`
252+
> for better clarity and maintainability.
253+
250254
**Issue:** Awkward `".."` string in path construction:
251255

252256
```python

SECURITY-REVIEW.md

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -371,6 +371,11 @@
371371

372372
### 22. Missing Max Length on Input Fields
373373

374+
> [!NOTE]
375+
> **Done**: Added `max_length` constraints to all user request schemas
376+
> (UserRegisterRequest, UserLoginRequest, UserEditRequest, UserChangePasswordRequest).
377+
> Values now match database constraints: password=128, first_name=30, last_name=50.
378+
374379
**Location**: `app/schemas/request/user.py:38-39, 57-59`
375380

376381
- **Issue**: User registration/edit fields lack maximum length validation:
@@ -407,6 +412,11 @@
407412

408413
### 25. Magic Numbers Without Constants
409414

415+
> [!NOTE]
416+
> **Done**: Extracted hardcoded token expiry values to module-level constants
417+
> (REFRESH_TOKEN_EXPIRE_MINUTES, VERIFY_TOKEN_EXPIRE_MINUTES,
418+
> RESET_TOKEN_EXPIRE_MINUTES) for better maintainability.
419+
410420
**Location**: `app/managers/auth.py:85, 114, 144`
411421

412422
- **Issue**: Hardcoded expiry times scattered throughout:

0 commit comments

Comments
 (0)