fix(auth): validate JWT secret length, equalize login timing, reduce TTL to 24h

2026-05-15 16:16:58 +02:00
parent 50a08d8ed6
commit 75e8d349e3
3 changed files with 23 additions and 11 deletions
--- a/crates/adapters/auth/src/lib.rs
+++ b/crates/adapters/auth/src/lib.rs
@@ -95,7 +95,7 @@ mod tests {

    #[test]
    fn generate_and_validate_token() {
-        let svc = JwtAuthService::new("secret".into(), 3600);
+        let svc = JwtAuthService::new("a-secret-that-is-at-least-32-bytes!!".into(), 3600);
        let id = UserId::new();
        let tok = svc.generate_token(&id).unwrap();
        let parsed = svc.validate_token(&tok.token).unwrap();
@@ -104,7 +104,7 @@ mod tests {

    #[test]
    fn invalid_token_returns_unauthorized() {
-        let svc = JwtAuthService::new("secret".into(), 3600);
+        let svc = JwtAuthService::new("a-secret-that-is-at-least-32-bytes!!".into(), 3600);
        let err = svc.validate_token("not.a.token").unwrap_err();
        assert!(matches!(err, DomainError::Unauthorized));
    }