Skip to content

Releases: Hawk-API/hawkapi-users

v0.2.0

Choose a tag to compare

@ashimov ashimov released this 10 Jun 11:40

Security hardening.

  • Login returns a generic 401 for both invalid credentials and disabled accounts, removing an account-status enumeration oracle (CWE-204)
  • Optional rate_limiter hook on login and password-reset-request endpoints (CWE-307)
  • Email helpers raise if the URL template still points at the example.com placeholder

v0.1.0 — User lifecycle

Choose a tag to compare

@ashimov ashimov released this 16 May 17:39

Initial release. Full user lifecycle (register / login / verify / password reset) on top of hawkapi-auth + hawkapi-sqlalchemy + hawkapi-mail. Security review applied before ship — see CHANGELOG.