Salastil/odysseus
1
0
Fork 0
mirror of https://github.com/pewdiepie-archdaemon/odysseus.git synced 2026-06-16 01:35:36 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix: avoid double bcrypt on login by using create_session_trusted (#3236)

Browse Source 
* fix: avoid double bcrypt on login by adding create_session_trusted

* fix: update test to expect create_session_trusted instead of create_session
This commit is contained in:
Ashvin
2026-06-07 18:40:53 +05:30
committed by GitHub
parent 83b0ab7cd3
commit cbbb41dfb1
3 changed files with 11 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/test_auth_event_loop.py
+3 -3
View File
@@ -95,7 +95,7 @@ def test_login_offloads_bcrypt_bearing_calls(monkeypatch):
monkeypatch.setattr("routes.auth_routes.asyncio.to_thread", fake_to_thread)
auth.verify_password.return_value = True
auth.totp_enabled.return_value = False
auth.create_session.return_value = "tok-123"
auth.create_session_trusted.return_value = "tok-123"
login = _login_endpoint(auth)
@@ -107,7 +107,7 @@ def test_login_offloads_bcrypt_bearing_calls(monkeypatch):
assert result["ok"] is True
auth.verify_password.assert_called_once()
auth.create_session.assert_called_once()
auth.create_session_trusted.assert_called_once()
# The whole point: the expensive bcrypt-bearing calls go through
# asyncio.to_thread rather than running inline in the request coroutine.
assert calls == [auth.verify_password, auth.create_session]
assert calls == [auth.verify_password, auth.create_session_trusted]