kitos 2865846db2 fix(auth): prevent reuse of current password on first-access change ...

When must_change_password is true the user must pick a genuinely new
password. Added a verify_password check against the existing hash before
accepting the new value, raising BusinessRuleViolation if they match.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-28 16:56:47 +02:00

1.7 KiB

Raw Blame History

View Raw