Barcode Betty 89293d1811 fix(api): hash session token with SHA-256 before DB lookup ...

Better-Auth v1.2+ stores SHA-256(raw_token) in the sessions.token
column. The cookie/Bearer header carries the raw token, so the API was
doing a plain-text lookup that would never match a hashed value —
causing all authenticated endpoints to return 401.

- Add hashlib import and hash token in _validate_session_token()
- Update conftest._create_test_user_and_session() to store hashed tokens
- Update test_expired_session_rejected() to store hashed tokens

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-04-04 19:00:09 +00:00

..

test_auth

fix(api): hash session token with SHA-256 before DB lookup

2026-04-04 19:00:09 +00:00

test_e2e

fix: correct email-in-address format, remove dead code, update tests (#110)

2026-04-03 13:34:21 +00:00

test_middleware

fix(api): revert auth/type regressions from standalone sync, keep email-in feature only

2026-04-03 09:40:39 +00:00

test_routes

fix(api): revert auth/type regressions from standalone sync, keep email-in feature only

2026-04-03 09:40:39 +00:00

test_services

feat: merge cartsnitch/api into api/ subdirectory

2026-03-28 02:24:02 +00:00

__init__.py

feat: merge cartsnitch/api into api/ subdirectory

2026-03-28 02:24:02 +00:00

conftest.py

fix(api): hash session token with SHA-256 before DB lookup

2026-04-04 19:00:09 +00:00

test_encrypted_json.py

feat: merge cartsnitch/api into api/ subdirectory

2026-03-28 02:24:02 +00:00

test_models.py

feat: merge cartsnitch/api into api/ subdirectory

2026-03-28 02:24:02 +00:00

test_openapi.py

fix(api): revert auth/type regressions from standalone sync, keep email-in feature only

2026-04-03 09:40:39 +00:00