UMBRA

History

Kyle Pope ab84c7bc53 Fix review findings: transaction atomicity, perf, and UI polish

Backend fixes:
- session.py: record_failed/successful_login use flush() not commit()
  — callers own transaction boundary (BUG-2 atomicity fix)
- auth.py: Add explicit commits after record_failed_login where callers
  raise immediately; add commit before TOTP mfa_token return path
- passkeys.py: JOIN credential+user lookup in login/complete (W-1 perf)
- passkeys.py: Move mfa_enforce_pending clear before main commit (S-2)
- passkeys.py: Add Path(ge=1, le=2147483647) on DELETE endpoint (BUG-3)
- auth.py: Switch has_passkeys from COUNT to EXISTS with LIMIT 1 (W-2)
- passkey.py: Add single-worker nonce cache comment (H-1)

Frontend fixes:
- PasskeySection: emerald→green badge colors (W-3 palette)
- PasskeySection: text-[11px]/text-[10px]→text-xs (W-4 a11y minimum)
- PasskeySection: Scope deleteMutation.isPending to per-item (W-5)
- nginx.conf: Permissions-Policy publickey-credentials use (self) (H-2)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-17 22:59:59 +08:00

audit.py

Extract real client IP from proxy headers instead of Docker bridge IP

2026-03-01 19:20:07 +08:00

auth.py

Address code review findings across all phases

2026-03-13 00:19:33 +08:00

calendar_sharing.py

Fix CompoundSelect chaining: use standalone union_all()

2026-03-16 20:39:40 +08:00

connection.py

Action QA findings: refactor sync to accept resolved values