The old key comparison was wrong — the localStorage key may have been randomly generated rather than PBKDF2-derived. Fix: - Add /accounts/check-password/ to validate the old password server-side before touching any keys - Use the localStorage key directly as the old decryption key (it is always the correct source of truth, regardless of how it was generated) - Derive the new key from the new password via PBKDF2 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
18 lines
976 B
Python
18 lines
976 B
Python
from django.contrib.auth.views import LogoutView
|
|
from django.urls import path
|
|
from . import views
|
|
|
|
urlpatterns = [
|
|
path('register/', views.register, name='register'),
|
|
path('login/', views.login_view, name='login'),
|
|
path('logout/', LogoutView.as_view(), name='logout'),
|
|
path('settings/', views.settings_view, name='settings'),
|
|
path('lastfm/connect/', views.lastfm_connect, name='lastfm_connect'),
|
|
path('lastfm/callback/', views.lastfm_callback, name='lastfm_callback'),
|
|
path('lastfm/disconnect/', views.lastfm_disconnect, name='lastfm_disconnect'),
|
|
path('background/upload/', views.upload_background, name='upload_background'),
|
|
path('background/delete/', views.delete_background, name='delete_background'),
|
|
path('focus-station/', views.save_focus_station, name='save_focus_station'),
|
|
path('check-password/', views.check_password, name='check_password'),
|
|
path('change-password/', views.change_password, name='change_password'),
|
|
]
|