fix(sessions): hash tokens at rest and revoke on ban/kick #95
No reviewers
Labels
No labels
area:api
area:core
area:docs
area:infra
area:ux
dependencies
documentation
duplicate
good first issue
help wanted
invalid
question
rust
status:complete
status:partial
status:planned
type:bug
type:design
type:feature
type:infra
type:refactor
type:refactor
type:research
type:ux
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
icub3d/decentcom!95
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "feature/78-session-hashing"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Summary
Fixes #78 (follow-up to the closed #65). Two problems: session tokens were stored/compared in plaintext (a DB or log leak = usable bearer tokens), and ban/kick never invalidated the target's sessions or live connections.
Changes
Hash at rest
SHA-256(token); look up and delete by hash. The raw token is returned to the client at creation and never persisted.010_hash_session_tokens.sql: clears existing rows (every user re-authenticates once) and renamessessions.token->token_hash.Revoke on ban/kick
SessionStore::delete_user_sessions(user_id), called from bothban_memberandkick_member.ConnectionRegistry::disconnect_user(user_id): each connection holds anArc<Notify>close signal; ban/kick fires it and the gateway loop closes the socket (close code 4003) and unregisters.Behavior change
A kicked/banned user's existing token is now immediately invalid (
401) and their live WebSocket is dropped. Re-authentication still works (auth isn't blocked by a ban), but a ban still blocks the actual rejoin. Updated the two membership tests to reflect this.Tests
token_is_stored_hashed_not_in_plaintext- stored column is the hash, raw token still resolves.delete_user_sessions_removes_all_of_a_users_sessions- scoped to the user.disconnect_user_fires_close_signal_for_each_connection.kick_*/ban_*membership tests: old token -> 401, re-auth required to rejoin.Full server suite green (118 tests);
clippy -D warningsclean.Closes #78