fix(security): require a configured session secret in production
session_secret defaulted to a random per-process value, which silently invalidates all sessions on restart and rotates the management client secret. Add _resolve_session_secret(): use the configured secret; allow a generated one only in debug or for a localhost issuer; otherwise fail startup. The management client secret is now tied to the resolved session secret. Refs: porchlight-wvx Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
c175633980
commit
cf2754f302
3 changed files with 40 additions and 5 deletions
|
|
@ -19,7 +19,7 @@ scope = ["openid", "profile"]
|
|||
toml_file = tmp_path / "test.toml"
|
||||
toml_file.write_text(toml_content)
|
||||
|
||||
settings = Settings(_toml_file=str(toml_file))
|
||||
settings = Settings(_toml_file=str(toml_file), session_secret="x" * 32)
|
||||
app = create_app(settings)
|
||||
|
||||
async with (
|
||||
|
|
@ -41,7 +41,7 @@ scope = ["openid", "profile"]
|
|||
|
||||
async def test_manage_app_always_registered() -> None:
|
||||
"""The internal manage-app client is always registered, even without config file clients."""
|
||||
settings = Settings(issuer="https://test.example.com")
|
||||
settings = Settings(issuer="https://test.example.com", session_secret="x" * 32)
|
||||
app = create_app(settings)
|
||||
|
||||
async with (
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue