Torbjørn Lindahl 7dae8faf62 security: fix timing attack vulnerability and incorrect method call ...

- Use secrets.compare_digest() for token comparison instead of == to
  prevent timing-based attacks that could leak token information
- Fix rotate_session_auth_token() to call the correct method
  rotate_session_token() instead of non-existent rotate_session_auth_token()

2026-02-05 00:36:07 +01:00

7.3 KiB

Raw Blame History

View Raw