Skip to content

feat: enhanced authentication by adding #797

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
AnishSarkar22 wants to merge 3 commits into from
Closed

feat: enhanced authentication by adding #797

AnishSarkar22 wants to merge 3 commits into from

Conversation

@AnishSarkar22
Copy link
Contributor

@AnishSarkar22 AnishSarkar22 commented Feb 8, 2026
edited by recurseml bot
Loading

Description

  • Enhanced user authentication by adding specific error handling for non-existent accounts.
  • Implemented rate limiting for authentication endpoints and enhance error handling for login attempts.

Motivation and Context

FIX #

Screenshots

API Changes

  • This PR includes API changes

Change Type

  • Bug fix
  • New feature
  • Performance improvement
  • Refactoring
  • Documentation
  • Dependency/Build system
  • Breaking change
  • Other (specify):

Testing Performed

  • Tested locally
  • Manual/QA verification

Checklist

  • Follows project coding standards and conventions
  • Documentation updated as needed
  • Dependencies updated as needed
  • No lint/build errors or new warnings
  • All relevant tests are passing

High-level PR Summary

This PR enhances the authentication security by implementing rate limiting on authentication endpoints (login, registration, and password reset) to prevent brute force attacks and user enumeration. It introduces specific error handling to distinguish between non-existent accounts (LOGIN_USER_NOT_FOUND) and incorrect passwords, uses Redis-backed rate limiting with SlowAPI middleware, and updates the frontend to handle the new error codes. The changes also improve logging for security monitoring and remove redundant toast notifications from the login form.

⏱️ Estimated Review Time: 30-90 minutes

💡 Review Order Suggestion
Order File Path
1 surfsense_backend/pyproject.toml
2 surfsense_backend/uv.lock
3 surfsense_web/lib/auth-errors.ts
4 surfsense_backend/app/users.py
5 surfsense_web/app/(home)/login/LocalLoginForm.tsx
6 surfsense_backend/app/app.py

Need help? Join our Discord

Analyze latest changes

@vercel
Copy link

vercel bot commented Feb 8, 2026

@AnishSarkar22 is attempting to deploy a commit to the Rohan Verma's projects Team on Vercel.

A member of the Team first needs to authorize it.

recurseml[bot]
recurseml bot reviewed Feb 8, 2026
View reviewed changes
Copy link

@recurseml recurseml bot left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review by RecurseML

🔍 Review performed on 20a13df..79f004b

✨ No bugs found, your code is sparkling clean

✅ Files analyzed, no issues (4)

surfsense_backend/app/app.py
surfsense_backend/pyproject.toml
surfsense_web/app/(home)/login/LocalLoginForm.tsx
surfsense_web/lib/auth-errors.ts

⏭️ Files skipped (1)
  Locations  
surfsense_backend/uv.lock

AnishSarkar22
AnishSarkar22 commented Feb 8, 2026
View reviewed changes
recurseml[bot]
recurseml bot reviewed Feb 11, 2026
View reviewed changes
Copy link

@recurseml recurseml bot left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review by RecurseML

🔍 Review performed on 79f004b..bcdfd23

✨ No bugs found, your code is sparkling clean

✅ Files analyzed, no issues (4)

surfsense_backend/app/users.py
surfsense_web/app/(home)/login/LocalLoginForm.tsx
surfsense_web/app/dashboard/[search_space_id]/documents/(manage)/components/RowActions.tsx
surfsense_web/lib/auth-errors.ts

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@recurseml recurseml[bot] recurseml[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@AnishSarkar22