anti
8db593a544
These had been red since the changes they cover landed — invisible because the pre-commit gate runs mypy/ruff/bandit/pip-audit but NOT pytest, so failing tests don't block commits and quietly accumulate. - SSE stream/events auth migrated from ?token=<jwt> to a single-use ?ticket= (commit efb4e49d). Three tests still passed a raw JWT as ?token= and got 401. Updated to mint a ticket via POST /auth/sse-ticket and pass ?ticket= (attacker events, topology events, /stream). - The user-creation password policy is min_length=12; the RBAC admin-access test still used a 10-char password and was rejected. Bumped to a valid one.
4.1 KiB
4.1 KiB