security: require authentication on logout endpoint by AtlasLabs797 · Pull Request #18 · AtlasLabs797/AtlasBalance

AtlasLabs797 · 2026-05-20T09:50:40Z

Harden session management by removing anonymous access to the POST /api/auth/logout endpoint to reduce unnecessary attack surface and audit noise, and associate the change to version V-01.07.

Replaced [AllowAnonymous] with [Authorize] on Logout in Atlas Balance/backend/src/AtlasBalance.API/Controllers/AuthController.cs and recorded the finding and mitigation in Documentacion/LOG_ERRORES_INCIDENCIAS.md and Documentacion/DOCUMENTACION_CAMBIOS.md.

Attempted to run the targeted automated test dotnet test ... --filter FullyQualifiedName~AuthControllerTests, but the command failed in this environment because dotnet is not installed (dotnet: No such file or directory), so no tests were executed here; please run the backend test suite and full CI (including Docker/Testcontainers E2E) in CI/DEV to validate the change.

security: require auth for logout endpoint

bd9f79e

AtlasLabs797 added the codex label May 20, 2026 — with ChatGPT Codex Connector

AtlasLabs797 deleted the branch V-01.08 May 20, 2026 09:52

AtlasLabs797 closed this May 20, 2026

Provide feedback