Skip to content

Disallow using session token to change password#2905

Merged
ryan-pratt merged 2 commits intomainfrom
bug/set-password
Mar 3, 2026
Merged

Disallow using session token to change password#2905
ryan-pratt merged 2 commits intomainfrom
bug/set-password

Conversation

@ryan-pratt
Copy link
Copy Markdown
Contributor

@ryan-pratt ryan-pratt commented Mar 2, 2026
edited
Loading

Slightly reworked the verify_no_service method to allow more restrictive verification, which is used by the auth controller.

@codecov
Copy link
Copy Markdown

codecov bot commented Mar 2, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 78.28%. Comparing base (02086f8) to head (3b28ea6).
⚠️ Report is 7 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2905      +/-   ##
==========================================
+ Coverage   78.25%   78.28%   +0.03%     
==========================================
  Files         673      673              
  Lines       55191    55195       +4     
  Branches      728      728              
==========================================
+ Hits        43190    43211      +21     
+ Misses      11923    11906      -17     
  Partials       78       78
Flag Coverage Δ
python 79.33% <ø> (-0.01%) ⬇️
ruby-api 80.07% <100.00%> (+0.37%) ⬆️
ruby-backend 82.17% <100.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@ryan-pratt
Copy link
Copy Markdown
Contributor Author

ryan-pratt commented Mar 2, 2026
edited
Loading

Playwright failure is unrelated and fixed in #2884 / 54ab731 nvm rebased

Sonar is complaining about an existing raise <string literal> which I think we don't care about?

@jmthomas
Copy link
Copy Markdown
Member

jmthomas commented Mar 3, 2026

Playwright failure is unrelated and fixed in #2884 / 54ab731

Sonar is complaining about an existing raise <string literal> which I think we don't care about?

Yeah they want dedicated Exception classes for everything. I don't think we care right now. Plus it's a Medium finding.

@ryan-pratt ryan-pratt marked this pull request as ready for review March 3, 2026 00:26
@ryan-pratt ryan-pratt requested review from jmthomas and ryanmelt March 3, 2026 00:26
@ryan-pratt
More attempts for rate limit test
3b28ea6 
I do not understand how it failed in gh
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Mar 3, 2026

Quality Gate Failed Quality Gate failed

Failed conditions
1 New issue

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

jmthomas
jmthomas approved these changes Mar 3, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@jmthomas jmthomas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will this change fix this playwright failure: https://github.com/OpenC3/cosmos/actions/runs/22632511227/job/65586306397?pr=2906

@ryan-pratt
Copy link
Copy Markdown
Contributor Author

ryan-pratt commented Mar 3, 2026

Will this change fix this playwright failure: https://github.com/OpenC3/cosmos/actions/runs/22632511227/job/65586306397?pr=2906

Yes

@ryan-pratt ryan-pratt merged commit 2e62371 into main Mar 3, 2026
29 of 31 checks passed
@ryan-pratt ryan-pratt deleted the bug/set-password branch March 3, 2026 22:22
jmthomas pushed a commit that referenced this pull request Mar 21, 2026
@ryan-pratt @jmthomas
Merge pull request #2905 from OpenC3/bug/set-password
3ac9bc7 
Disallow using session token to change password
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jmthomas jmthomas jmthomas approved these changes

@ryanmelt ryanmelt Awaiting requested review from ryanmelt

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ryan-pratt @jmthomas