diora-web/accounts/urls.py
marwin 817323ad19
All checks were successful
Build and push Docker image / build (push) Successful in 14s
Test / test (push) Successful in 15s
Accounts: fix password change key migration
The old key comparison was wrong — the localStorage key may have been
randomly generated rather than PBKDF2-derived. Fix:
- Add /accounts/check-password/ to validate the old password server-side
  before touching any keys
- Use the localStorage key directly as the old decryption key (it is
  always the correct source of truth, regardless of how it was generated)
- Derive the new key from the new password via PBKDF2

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-25 16:46:03 +02:00

18 lines
976 B
Python

from django.contrib.auth.views import LogoutView
from django.urls import path
from . import views
urlpatterns = [
path('register/', views.register, name='register'),
path('login/', views.login_view, name='login'),
path('logout/', LogoutView.as_view(), name='logout'),
path('settings/', views.settings_view, name='settings'),
path('lastfm/connect/', views.lastfm_connect, name='lastfm_connect'),
path('lastfm/callback/', views.lastfm_callback, name='lastfm_callback'),
path('lastfm/disconnect/', views.lastfm_disconnect, name='lastfm_disconnect'),
path('background/upload/', views.upload_background, name='upload_background'),
path('background/delete/', views.delete_background, name='delete_background'),
path('focus-station/', views.save_focus_station, name='save_focus_station'),
path('check-password/', views.check_password, name='check_password'),
path('change-password/', views.change_password, name='change_password'),
]