cardosofelipe/fast-next-template
Template
1
0
Fork 1
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Enhance OAuth security and state validation

Browse Source 
- Implemented stricter OAuth security measures, including CSRF protection via state parameter validation and redirect_uri checks.
- Updated OAuth models to support timezone-aware datetime comparisons, replacing deprecated `utcnow`.
- Enhanced logging for malformed Basic auth headers during token, introspect, and revoke requests.
- Added allowlist validation for OAuth provider domains to prevent open redirect attacks.
- Improved nonce validation for OpenID Connect tokens, ensuring token integrity during Google provider flows.
- Updated E2E and unit tests to cover new security features and expanded OAuth state handling scenarios.
This commit is contained in:
Felipe Cardoso
2025-11-25 23:50:43 +01:00
parent 7716468d72
commit 400d6f6f75
14 changed files with 246 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
backend/tests/e2e/conftest.py
View File

@@ -214,9 +214,6 @@ async def e2e_superuser(e2e_client):
"""
from uuid import uuid4
from app.crud.user import user as user_crud
from app.schemas.users import UserCreate
email = f"admin-{uuid4().hex[:8]}@example.com"
password = "SuperAdmin123!"

4
backend/tests/e2e/test_admin_workflows.py
View File

@@ -21,7 +21,7 @@ pytestmark = [
]
async def register_user(client, email: str, password: str = "SecurePassword123!"):
async def register_user(client, email: str, password: str = "SecurePassword123!"): # noqa: S107
"""Helper to register a user."""
resp = await client.post(
"/api/v1/auth/register",
@@ -35,7 +35,7 @@ async def register_user(client, email: str, password: str = "SecurePassword123!"
return resp.json()
async def login_user(client, email: str, password: str = "SecurePassword123!"):
async def login_user(client, email: str, password: str = "SecurePassword123!"): # noqa: S107
"""Helper to login a user."""
resp = await client.post(
"/api/v1/auth/login",

2
backend/tests/e2e/test_organization_workflows.py
View File

@@ -22,7 +22,7 @@ pytestmark = [
]
async def register_and_login(client, email: str, password: str = "SecurePassword123!"):
async def register_and_login(client, email: str, password: str = "SecurePassword123!"): # noqa: S107
"""Helper to register a user and get tokens."""
# Register
await client.post(