mirror of
https://github.com/nesquena/hermes-webui.git
synced 2026-05-25 11:10:18 +00:00
Lucas Coutinho
e6e91e4973
Concurrent failed logins raced on _login_attempts because no lock guarded the dict. Add _LOGIN_ATTEMPTS_LOCK and wrap both _check_login_rate() and _record_login_attempt() with it. Extract _load_key() to de-duplicate key file I/O. Add _pbkdf2_key() that loads .pbkdf2_key (separate from .signing_key) so PBKDF2 and HMAC signing no longer share a key — key reuse across cryptographic primitives is unsafe. Update _hash_password() to use _pbkdf2_key() as its default salt, with an optional *salt* kwarg so verify_password() can try the legacy .signing_key salt during transparent migration. When the old hash matches, save_settings() re-hashes with _pbkdf2_key() and _invalidate_password_hash_cache() ensures the next request sees the upgraded hash without a restart. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>