chore: translate remaining Romanian code comments to English (STRICT ENGLISH POLICY)
This commit is contained in:
@@ -15,12 +15,12 @@ log.info("Database tables verified.")
|
||||
app = FastAPI(title="TFM aInventory API", version="1.1.0")
|
||||
log.info("TFM aInventory API process started.")
|
||||
|
||||
# [H-02] Rate limiting pe API
|
||||
# [H-02] Rate limiting on API
|
||||
limiter = Limiter(key_func=get_remote_address)
|
||||
app.state.limiter = limiter
|
||||
app.add_exception_handler = limiter.add_exception_handler
|
||||
|
||||
# [SECURITY FIX M-01] CORS: allow_origins=["*"] + allow_credentials=True este invalid per spec.
|
||||
# [SECURITY FIX M-01] CORS: allow_origins=["*"] + allow_credentials=True is invalid per spec.
|
||||
# Originile permise se configurează via variabila de mediu ALLOWED_ORIGINS (comma-separated).
|
||||
# Fallback sigur: doar localhost pentru development.
|
||||
_raw_origins = os.environ.get(
|
||||
|
||||
@@ -114,11 +114,11 @@ def get_users(
|
||||
db: Session = Depends(get_db),
|
||||
current_user: auth.TokenData = Depends(auth.get_current_user)
|
||||
):
|
||||
"""[C-01] Lista utilizatori — doar pentru useri autentificati."""
|
||||
"""[C-01] User list — only for authenticated users."""
|
||||
users = db.query(models.User).all()
|
||||
# Auto-seed if empty
|
||||
if not users:
|
||||
# [SECURITY FIX C-03] Generare parolă aleatoare în loc de "admin" hardcodat
|
||||
# [SECURITY FIX C-03] Generate random password instead of hardcoded "admin"
|
||||
initial_password = secrets.token_urlsafe(16)
|
||||
new_user = models.User(
|
||||
username="Admin",
|
||||
@@ -164,8 +164,8 @@ def login(form_data: schemas.UserLogin, db: Session = Depends(get_db)):
|
||||
if verify_password(form_data.password, user.hashed_password):
|
||||
authenticated = True
|
||||
elif user and not user.hashed_password:
|
||||
# [SECURITY FIX C-02] Bypass-ul pentru utilizatori fără parolă a fost eliminat.
|
||||
# Utilizatorii LDAP trebuie să se autentifice prin fluxul LDAP de mai jos.
|
||||
# [SECURITY FIX C-02] Bypass for passwordless users has been removed.
|
||||
# LDAP users must authenticate via the LDAP flow below.
|
||||
pass
|
||||
|
||||
# If local failed, try LDAP
|
||||
|
||||
Reference in New Issue
Block a user