504b490d3b
Canalul web trece de la 100% deschis (hardcodat cont 1) la autentificat si multi-tenant. Un service nou se inregistreaza din browser, primeste o cheie API (o singura data) si o sesiune; contul se creeaza "in asteptare" (active=0) si nu trimite la RAR pana la activarea de catre admin (tools/account.py activate). - users + app/users.py: parole scrypt (salt per-user, eticheta parametri onorata la verify pentru migrare cost), email unic case-insensitive - sesiune: SessionMiddleware (same_site=strict, https_only config) + app/web/session.py (current_account/web_account/require_login->LoginRequired, set_session clear-inainte) - CSRF (app/web/csrf.py) enforce in prod inclusiv pe login/signup + rate-limit in-proces (app/web/ratelimit.py) pe signup si login - signup/login/logout (app/web/auth_routes.py): signup tranzactie atomica, cheie-o-data, log SIGNUP pentru descoperire admin - dashboard + import scoped pe contul sesiunii (regula NULL->cont 1); toate rutele web care ating date sensibile sub require_login; nomenclator ramane global - banner "cont in asteptare" pentru conturi active=0 - gate worker: claim_one LEFT JOIN accounts COALESCE(active,1)=1 (account_id NULL=activ) VERIFY context curat (2 runde): leak cross-account /_fragments/mapari prins+reparat. /code-review high: csrf_token lipsa pe re-randari de eroare, scrypt_params ignorat, login fara rate-limit -- toate reparate. 361 teste pass (de la 313). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
29 lines
926 B
HTML
29 lines
926 B
HTML
{% extends "base.html" %}
|
|
{% block title %}Autentificare — Gateway RAR AUTOPASS{% endblock %}
|
|
{% block content %}
|
|
<div class="card" style="max-width:400px;margin:40px auto;">
|
|
<h2 style="margin-top:0;">Autentificare</h2>
|
|
|
|
{% if error %}
|
|
<div class="banner" style="margin-bottom:12px;padding:8px 12px;">{{ error }}</div>
|
|
{% endif %}
|
|
|
|
<form method="post" action="/login">
|
|
<input type="hidden" name="csrf_token" value="{{ csrf_token }}">
|
|
<p>
|
|
<label>Email</label><br>
|
|
<input type="email" name="email" required style="width:100%;">
|
|
</p>
|
|
<p>
|
|
<label>Parola</label><br>
|
|
<input type="password" name="parola" required style="width:100%;">
|
|
</p>
|
|
<button type="submit" style="width:100%;margin-top:8px;">Intra in cont</button>
|
|
</form>
|
|
|
|
<p style="text-align:center;font-size:13px;margin-top:16px;">
|
|
Cont nou? <a href="/signup">Inregistrare</a>
|
|
</p>
|
|
</div>
|
|
{% endblock %}
|