feat(api): add break-glass local authentication module #559

jason.woltje · 2026-02-28T18:05:00Z

jason.woltje commented

2026-02-28 18:05:00 +00:00

MS21-AUTH-001 + AUTH-002 + AUTH-003: LocalAuth module with setup and login endpoints. bcrypt, rate limiting, timing-safe token comparison, deactivation checks. 27 new tests. 3353 total pass.

Refs: MS21-AUTH-001, MS21-AUTH-002, MS21-AUTH-003

MS21-AUTH-001 + AUTH-002 + AUTH-003: LocalAuth module with setup and login endpoints. bcrypt, rate limiting, timing-safe token comparison, deactivation checks. 27 new tests. 3353 total pass. Refs: MS21-AUTH-001, MS21-AUTH-002, MS21-AUTH-003

jason.woltje added 1 commit 2026-02-28 18:05:01 +00:00

feat(api): add break-glass local authentication module

ci/woodpecker/push/orchestrator Pipeline is pending

Details

ci/woodpecker/push/web Pipeline is pending

Details

ci/woodpecker/push/api Pipeline failed

Details

2d7fb285c3

Implement LocalAuth module for emergency access without OIDC.
Endpoints: POST /api/auth/local/setup (first-time user creation with
BREAKGLASS_SETUP_TOKEN), POST /api/auth/local/login (email + password).
Both return 404 when ENABLE_LOCAL_AUTH != true. Uses bcrypt (12 rounds)
for password hashing and creates BetterAuth-compatible sessions.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

jason.woltje merged commit ac16d6ed88 into main

2026-02-28 18:05:20 +00:00

jason.woltje deleted branch feat/ms21-break-glass

2026-02-28 18:05:20 +00:00

jason.woltje referenced this issue from a commit

2026-02-28 18:05:22 +00:00

feat(api): add break-glass local authentication module (#559)

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: mosaic/stack#559