Improve log_account endpoint validation
Summary
- Add CSRF header validation to
/api/auth/log_accountendpoint to align with other auth endpoints - Add username format validation before processing
Changes
- Import and call
checkCsrfHeaderfor request validation - Add
isSafeForLogging()helper to validate username format - Return 400 error for malformed usernames
Test Plan
-
Verify normal login/logout flows still work -
Verify malformed username returns 400 error