feat(auth): implement PASETO token generation and validation service #89

Merged
Rodrigo2003-PT merged 8 commits from feat/auth-paseto-token-service into main 2025-11-01 17:08:53 +00:00
Rodrigo2003-PT commented 2025-10-31 22:12:53 +00:00 (Migrated from github.com)
No description provided.
AndreFerreira5 (Migrated from github.com) reviewed 2025-10-31 22:12:53 +00:00
vascodias23 (Migrated from github.com) reviewed 2025-11-01 02:15:40 +00:00
vascodias23 (Migrated from github.com) left a comment

There are critical safety issues that need to be addressed. Other aspects of the implementations look good, but need more in-depth and careful checking - more reviewers should be assigned and spend some time examining this PR, namely those familiar with the authentication modules.

There are critical safety issues that need to be addressed. Other aspects of the implementations look good, but need more in-depth and careful checking - more reviewers should be assigned and spend some time examining this PR, namely those familiar with the authentication modules.
@ -44,6 +46,7 @@ python_files = ["test_*.py", "*_test.py"]
python_classes = ["Test*"]
vascodias23 (Migrated from github.com) commented 2025-11-01 01:57:30 +00:00

Mismatch between this file and authentication/config.py.
env_files = ["src/.env"] is inconsistent with the path set in the config file: env_file=".env

Mismatch between this file and `authentication/config.py`. `env_files = ["src/.env"]` is inconsistent with the path set in the config file: `env_file=".env`
vascodias23 (Migrated from github.com) commented 2025-11-01 02:10:27 +00:00

This will never raise an error since a predefined key exists in authentication/config.py. If a key is not defined, the initialization will accept the compromised key

This will never raise an error since a predefined key exists in `authentication/config.py`. If a key is not defined, the initialization will accept the compromised key
@ -0,0 +75,4 @@
if v < 8:
raise ValueError("Minimum password length should be at least 8")
return v
vascodias23 (Migrated from github.com) commented 2025-11-01 01:27:55 +00:00

Severe Security Issue: Commiting a hardcoded, default value permanently compromises it. In the case that a real environment variable is not set when running the deployed app, the fallback value is this default, which is compromised.
A configuration file should never provide a default value for a secret. It should only define the requirement for one. If no key is set, an error must be raised.
Also, this specific key (53d629...) should be permanently burned and must never be used again in any environment, since it is forever compromised.

**Severe Security Issue**: Commiting a hardcoded, default value permanently compromises it. In the case that a real environment variable is not set when running the deployed app, the fallback value is this default, which is compromised. A configuration file should never provide a default value for a secret. It should only define the requirement for one. If no key is set, an error must be raised. Also, this specific key (`53d629...`) should be permanently burned and must never be used again in any environment, since it is forever compromised.
AndreFerreira5 commented 2025-11-01 16:24:05 +00:00 (Migrated from github.com)

i fixed the main problems, please review the changes @Rodrigo2003-PT @vascodias23 @Cordeir01

i fixed the main problems, please review the changes @Rodrigo2003-PT @vascodias23 @Cordeir01
AndreFerreira5 (Migrated from github.com) reviewed 2025-11-01 16:31:25 +00:00
@ -0,0 +75,4 @@
if v < 8:
raise ValueError("Minimum password length should be at least 8")
return v
AndreFerreira5 (Migrated from github.com) commented 2025-11-01 16:31:25 +00:00

took the liberty of setting an empty key as default. this allows us to read the actually key from the environment and if it is non existent, the app later throws an error because the key is just an empty string. in the case of testing, i generate a random key and inject it into the settings object before the tests run (0bc5fc0) as the tests don't need reproducibility of the key

took the liberty of setting an empty key as default. this allows us to read the actually key from the environment and if it is non existent, the app later throws an error because the key is just an empty string. in the case of testing, i generate a random key and inject it into the settings object before the tests run ([0bc5fc0](https://github.com/AndreFerreira5/starranja/pull/89/commits/0bc5fc0b3a21537956a052cf2c71df95c3b86622)) as the tests don't need reproducibility of the key
AndreFerreira5 (Migrated from github.com) reviewed 2025-11-01 16:31:50 +00:00
@ -44,6 +46,7 @@ python_files = ["test_*.py", "*_test.py"]
python_classes = ["Test*"]
AndreFerreira5 (Migrated from github.com) commented 2025-11-01 16:31:50 +00:00

fixed and now the .env file should sit on the root of the project, alongside the .env.example

fixed and now the .env file should sit on the root of the project, alongside the .env.example
Cordeir01 (Migrated from github.com) approved these changes 2025-11-01 16:43:47 +00:00
Sign in to join this conversation.
No description provided.