Skip to content

chore: remove dead pre-Vite webpack whitelist in auth utils#36

Merged
knep merged 1 commit into
masterfrom
chore/remove-dead-webpack-auth-code
Jul 1, 2026
Merged

chore: remove dead pre-Vite webpack whitelist in auth utils#36
knep merged 1 commit into
masterfrom
chore/remove-dead-webpack-auth-code

Conversation

@knep

@knep knep commented Jul 1, 2026

Copy link
Copy Markdown
Owner

Summary

Removes dead code in src/web/web_auth_utils.py, left over from the pre-Vite (webpack) build. Noted as a follow-up when fixing #31 (blank login page).

is_allowed_during_login() still special-cased old webpack-style login asset paths (/js/login.js, /css/login.css, /fonts/..., /img/...) via a remove_webpack_suffixes() helper and a login_resources whitelist. Since the Vite migration, all of the login page's JS/CSS/fonts/images are built under /assets/ — already whitelisted, and verified live in production (the #31 fix). The old paths can therefore never occur in a real request anymore.

Changes

  • Remove remove_webpack_suffixes(), webpack_prefixed_extensions, and the login_resources whitelist.
  • is_allowed_during_login() now just checks: favicon, the login page itself, /assets/, and /theme/ (custom theme assets).
  • No behaviour change for any real request — the removed code was unreachable.

Testing

  • Removed WebpackSuffixesTest (tested the deleted function) and the old-webpack-style parameterized cases from LoginResourcesTest; added /theme/ coverage that existed in the code path but wasn't tested before.
  • pytest src/tests/1734 passed (14 fewer than before master, exactly the removed dead-code tests — no other regressions).
  • Verified no remaining references to remove_webpack_suffixes, webpack_prefixed_extensions, or login_resources anywhere in src/.

🤖 Generated with Claude Code

is_allowed_during_login() still special-cased old webpack-style login asset
paths (/js/login.js, /css/login.css, /fonts/..., /img/...) via the
remove_webpack_suffixes() helper and a login_resources whitelist. Since the
Vite migration, all of the login page's JS/CSS/fonts/images are built under
/assets/ (already whitelisted, and verified in production — see the #31 login
blank-page fix), so these old paths can never occur in a real request anymore.

Remove remove_webpack_suffixes(), webpack_prefixed_extensions, and
login_resources; is_allowed_during_login() now just checks favicon, the login
page itself, /assets/, and /theme/ (custom theme assets). No behaviour change
for any real request.

Test file updated to match: drop WebpackSuffixesTest (tested the removed
function) and the old-style parameterized cases; add /theme/ coverage that
existed in code but wasn't tested. 1734 backend tests pass (14 fewer than
before — exactly the removed dead-code tests, no other regressions).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@codecov-commenter

Copy link
Copy Markdown

⚠️ Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@knep knep merged commit 6c1c68f into master Jul 1, 2026
8 checks passed
@knep knep deleted the chore/remove-dead-webpack-auth-code branch July 1, 2026 12:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants