auth: Sprint 02 — auth hardening (Pydantic models, challenge binding, admin gates)
- Add max_length validation to LoginRequest (username 128, password 1024) - Replace raw request.json() with Pydantic models in RBAC override/update endpoints - Replace raw request.json() with Pydantic models in passkey register/login/delete - Bind passkey challenges to session-bound challenge_id (prevents cross-session replay) - Gate audit log and security log endpoints behind admin role - Fix fragile opc_db.json.dumps() → import json directly - Add COOKIE_SECURE=False startup warning (suppress with ALLOW_INSECURE_COOKIES) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
@@ -3,6 +3,7 @@ Agent Executor Service - Executes agent tasks and manages their lifecycle
|
||||
"""
|
||||
|
||||
import asyncio
|
||||
import json
|
||||
import logging
|
||||
import os
|
||||
from datetime import datetime
|
||||
@@ -270,8 +271,8 @@ class AgentExecutor:
|
||||
WHERE id = $4
|
||||
""",
|
||||
"completed",
|
||||
opc_db.json.dumps(result),
|
||||
opc_db.json.dumps(result.get("actions", [])),
|
||||
json.dumps(result),
|
||||
json.dumps(result.get("actions", [])),
|
||||
execution_id,
|
||||
)
|
||||
|
||||
@@ -304,8 +305,8 @@ class AgentExecutor:
|
||||
WHERE id = $4
|
||||
""",
|
||||
"pending_approval",
|
||||
opc_db.json.dumps(result),
|
||||
opc_db.json.dumps(result.get("actions", [])),
|
||||
json.dumps(result),
|
||||
json.dumps(result.get("actions", [])),
|
||||
execution_id,
|
||||
)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user