From c31209b740ccfe6221bfbe2772a358afa5b403f3 Mon Sep 17 00:00:00 2001 From: Daniel Bedeleanu Date: Sat, 11 Apr 2026 14:25:03 +0300 Subject: [PATCH] chore: translate remaining Romanian code comments to English (STRICT ENGLISH POLICY) --- backend/main.py | 4 ++-- backend/routers/users.py | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/backend/main.py b/backend/main.py index d00f3dae..476c0e9b 100644 --- a/backend/main.py +++ b/backend/main.py @@ -15,12 +15,12 @@ log.info("Database tables verified.") app = FastAPI(title="TFM aInventory API", version="1.1.0") log.info("TFM aInventory API process started.") -# [H-02] Rate limiting pe API +# [H-02] Rate limiting on API limiter = Limiter(key_func=get_remote_address) app.state.limiter = limiter app.add_exception_handler = limiter.add_exception_handler -# [SECURITY FIX M-01] CORS: allow_origins=["*"] + allow_credentials=True este invalid per spec. +# [SECURITY FIX M-01] CORS: allow_origins=["*"] + allow_credentials=True is invalid per spec. # Originile permise se configurează via variabila de mediu ALLOWED_ORIGINS (comma-separated). # Fallback sigur: doar localhost pentru development. _raw_origins = os.environ.get( diff --git a/backend/routers/users.py b/backend/routers/users.py index 64da8b86..41e7b16a 100644 --- a/backend/routers/users.py +++ b/backend/routers/users.py @@ -114,11 +114,11 @@ def get_users( db: Session = Depends(get_db), current_user: auth.TokenData = Depends(auth.get_current_user) ): - """[C-01] Lista utilizatori — doar pentru useri autentificati.""" + """[C-01] User list — only for authenticated users.""" users = db.query(models.User).all() # Auto-seed if empty if not users: - # [SECURITY FIX C-03] Generare parolă aleatoare în loc de "admin" hardcodat + # [SECURITY FIX C-03] Generate random password instead of hardcoded "admin" initial_password = secrets.token_urlsafe(16) new_user = models.User( username="Admin", @@ -164,8 +164,8 @@ def login(form_data: schemas.UserLogin, db: Session = Depends(get_db)): if verify_password(form_data.password, user.hashed_password): authenticated = True elif user and not user.hashed_password: - # [SECURITY FIX C-02] Bypass-ul pentru utilizatori fără parolă a fost eliminat. - # Utilizatorii LDAP trebuie să se autentifice prin fluxul LDAP de mai jos. + # [SECURITY FIX C-02] Bypass for passwordless users has been removed. + # LDAP users must authenticate via the LDAP flow below. pass # If local failed, try LDAP