fix(auth): enforce read-only sessions on all write routes #94
No reviewers
Labels
No labels
area:api
area:core
area:docs
area:infra
area:ux
dependencies
documentation
duplicate
good first issue
help wanted
invalid
question
rust
status:complete
status:partial
status:planned
type:bug
type:design
type:feature
type:infra
type:refactor
type:refactor
type:research
type:ux
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
icub3d/decentcom!94
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "feature/77-readonly-enforcement"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Summary
Fixes #77. The
is_read_onlysession flag (unapproved/revoked bots) was enforced in exactly one handler (create_message). Every other write route — reactions, attachments, message edit/delete, profile updates, invite creation — ignored it, so a read-only session could still mutate state.Fix
Enforce it centrally in the
AuthUserextractor: reject any request whose session is read-only and whose HTTP method is unsafe (POST/PUT/PATCH/DELETE) with403. Every authenticated handler funnels throughAuthUser(directly or viaMemberUser/UserPermissions), so this covers all current and future write routes with no per-handler duplication and no extra DB lookup. Removed the now-redundant check increate_message.Safe methods (GET/HEAD/OPTIONS) are unaffected — read-only sessions keep read access.
Tests
read_only_session_blocks_writes_but_allows_reads: a member's normal session posts (baseline 200), then a read-only session for the same member gets 403 on POST and 200 on GET.bot_approval_flowstill passes (unapproved bot write → 403, approved bot re-auth → writable).Full server suite green (116 tests);
clippy -D warningsclean.Closes #77