Security improvements #8
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Closed
There was a problem hiding this comment.
Pull Request Overview
This PR implements security improvements by enhancing session cookie configuration, refining authentication logic, and adding new user management functions. Key changes include:
- Adding SESSION_COOKIE_SAMESITE for CSRF protection.
- Introducing new database operations for user creation, removal, and cleanup.
- Updating the authentication endpoint and client-side registration logic.
Reviewed Changes
Copilot reviewed 9 out of 11 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| app/settings.py | Added secure session cookie settings to improve CSRF protection |
| app/database/user.py | Added user management functions with new debug logging and error handling |
| app/authenticator/authenticator.py | Implemented a registration method using secure password hashing |
| app/authentication/static/registration.js | Updated client-side registration, though use of GET with sensitive data is risky |
| app/authentication/authentication.py | Added a registration endpoint that currently uses GET for passing credentials |
| app/init.py | Updated session configuration to include the new secure cookie setting |
Files not reviewed (2)
- app/authentication/static/registration.css: Language not supported
- app/authentication/templates/authentication/registration.html: Language not supported
Comment on lines
9
to
13
| fetch(`/auth/registration/${username}/${password}`, { | ||
| method: 'GET', | ||
| headers: { | ||
| 'Content-Type': 'application/json' | ||
| } |
There was a problem hiding this comment.
Sending sensitive credentials via a GET request exposes them in the URL. Consider switching to a POST request with the credentials in the request body.
Suggested change
| fetch(`/auth/registration/${username}/${password}`, { | |
| method: 'GET', | |
| headers: { | |
| 'Content-Type': 'application/json' | |
| } | |
| fetch('/auth/registration', { | |
| method: 'POST', | |
| headers: { | |
| 'Content-Type': 'application/json' | |
| }, | |
| body: JSON.stringify({ username: username, password: password }) |
Comment on lines
41
to
45
| @authentication_bp.route('/registration/<username>/<password>', methods=['GET']) | ||
| def register(username, password): | ||
| """ | ||
| route: /auth/registration/<username>/<password> | ||
| """ |
There was a problem hiding this comment.
Using GET for user registration with credentials in the URL is insecure. It is recommended to change this endpoint to use POST to better protect sensitive data.
Suggested change
| @authentication_bp.route('/registration/<username>/<password>', methods=['GET']) | |
| def register(username, password): | |
| """ | |
| route: /auth/registration/<username>/<password> | |
| """ | |
| @authentication_bp.route('/registration', methods=['POST']) | |
| def register(): | |
| """ | |
| route: /auth/registration | |
| """ | |
| from flask import request | |
| data = request.get_json() | |
| username = data.get('username') | |
| password = data.get('password') |
| query = f"INSERT INTO {self.table_user} (userid, username, password) VALUES (?, ?, ?);" | ||
|
|
||
| if DEBUG_MODE: | ||
| print(f"[DEBUG] {FILE_NAME}: create_user: {query} with username: {username} and password: {password}") |
There was a problem hiding this comment.
Debug logging of sensitive information such as a plaintext password can lead to security risks. Avoid including passwords in logs even in debug mode.
Suggested change
| print(f"[DEBUG] {FILE_NAME}: create_user: {query} with username: {username} and password: {password}") | |
| print(f"[DEBUG] {FILE_NAME}: create_user: {query} with username: {username} and password: [REDACTED]") |
…in-template into improvements#1 update: latest improvements#1
…thon-login-template into securityImprovements#2
add: debug. All is fine. No functional changes.
There was a problem hiding this comment.
Pull Request Overview
This PR strengthens security by enforcing stricter session cookies, upgrading password handling to bcrypt, and hardening client/server authentication flows.
- Added
SameSite=Strictto session cookies for CSRF protection. - Replaced SHA-256 password hashing with bcrypt and added verification methods.
- Wrapped JS listeners in
DOMContentLoadedand added debug logging for authentication flows.
Reviewed Changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| app/settings.py | Added SESSION_COOKIE_SAMESITE = 'Strict'. |
| app/home/static/home-private.js | Wrapped sign-out binding in DOMContentLoaded. |
| app/authenticator/authenticator.py | Removed SHA-256, introduced bcrypt hashing & verify. |
| app/authentication/static/signin.js | Wrapped sign-in handler, added debug console.log. |
| app/authentication/authentication.py | Imported DEBUG_MODE, added debug print in route. |
| app/init.py | Configured SESSION_COOKIE_SAMESITE in app. |
Comments suppressed due to low confidence (3)
app/authentication/authentication.py:31
- Calling
login_userbefore verifying credentials allows unauthorized users to be logged in. Move this call to afterauthenticator.authenticatereturns true.
login_user(username)
app/authentication/static/signin.js:12
- Sending credentials in a GET URL exposes sensitive data in logs and browser history. Use a POST request with credentials in the request body over HTTPS instead.
fetch(`/auth/signin/${username}/${password}`, {
app/authenticator/authenticator.py:24
- [nitpick] Consider adding unit tests for
hash_passwordandverify_passwordto validate hashing and edge-case password verification.
def hash_password(self, password):
Comment on lines
+43
to
+44
| if DEBUG_MODE: | ||
| print(f"[DEBUG] authenticator.py: Verifying password: {checkpw(password.encode(), hashed_password.encode())}") |
There was a problem hiding this comment.
[nitpick] Using print for debug output can be replaced with the standard logging module to better control log levels and formatting.
Suggested change
| if DEBUG_MODE: | |
| print(f"[DEBUG] authenticator.py: Verifying password: {checkpw(password.encode(), hashed_password.encode())}") | |
| logging.debug(f"authenticator.py: Verifying password: {checkpw(password.encode(), hashed_password.encode())}") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolves #2
a. SQL Injection Protection
b. Password Handling
c. Session Security
d. Authentication Endpoint
e. CSRF Protection