DevOps Engineer 8c5fdf1e9c feat(security): blacklist + password strength validation — fix weak passwords HRT-63 ...

- Add WEAK_PASSWORDS set (50+ common passwords) in saas_auth.py
- Add validate_password_strength() function: checks min length, blacklist, digits, letters
- Replace raw len() checks in /register and /change-password with validate_password_strength()
- Add TestWeakPasswordRejection class in test_security.py: parametrized weak pwd test, strong pwd 201 test, no-digit, no-letter tests

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-04-27 15:01:57 +02:00

14 KiB

Raw Blame History

View Raw