feat: backport auth-validation preflight + email_login credentials
Backport upstream Shannon PR #335: - Add credential validation activity that drives a real browser login before the full pipeline, catching bad credentials early - New email_login credentials type for magic-link and email-OTP flows - Make credentials.password optional for passwordless flows - Playwright stealth config (chrome.runtime, plugin simulation, UA) - Centralize prompt directory resolution into resolvePromptDir helper - New AUTH_LOGIN_FAILED error code with non-retryable classification - Remove dangerous-pattern validation on credentials.password - Pipeline-testing stub for auth validation (returns success) - Auth validation timeout of 10 minutes for browser-based login - .playwright directory workspace overlay for CLI/Docker Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
@@ -39,9 +39,33 @@
|
||||
"type": "string",
|
||||
"pattern": "^[A-Za-z2-7]+=*$",
|
||||
"description": "TOTP secret for two-factor authentication (Base32 encoded, case insensitive)"
|
||||
},
|
||||
"email_login": {
|
||||
"type": "object",
|
||||
"description": "Email-based login credentials for magic-link and email-OTP flows",
|
||||
"properties": {
|
||||
"address": {
|
||||
"type": "string",
|
||||
"format": "email",
|
||||
"description": "Email address for authentication"
|
||||
},
|
||||
"password": {
|
||||
"type": "string",
|
||||
"minLength": 1,
|
||||
"maxLength": 255,
|
||||
"description": "Password for the email account"
|
||||
},
|
||||
"totp_secret": {
|
||||
"type": "string",
|
||||
"pattern": "^[A-Za-z2-7]+=*$",
|
||||
"description": "TOTP secret for email 2FA (Base32 encoded)"
|
||||
}
|
||||
},
|
||||
"required": ["address", "password"],
|
||||
"additionalProperties": false
|
||||
}
|
||||
},
|
||||
"required": ["username", "password"],
|
||||
"required": ["username"],
|
||||
"additionalProperties": false
|
||||
},
|
||||
"login_flow": {
|
||||
|
||||
Reference in New Issue
Block a user