molecule-ai/molecule-core
35
0
Fork 2
Code Issues 16 Pull Requests 2 Actions 49 Packages Projects Releases Wiki Activity
5eb08332ee
molecule-core/workspace-template/tests/test_transcript_auth.py
Hongming Wang 5eb08332ee fix(security): /transcript endpoint fails closed when auth token missing (#328) 
Severity HIGH. The /transcript route in main.py used `if expected:`
around the bearer-token compare, so `get_token()` returning None (no
/configs/.auth_token on disk — bootstrap window, deleted file, OSError)
silently skipped the entire auth check. Any container on
molecule-monorepo-net could GET /transcript during the provisioning
window and walk away with the full session log (user messages, Claude
tool calls, assistant replies).

The platform's TranscriptHandler always has a valid token (it acquired
one at workspace registration), so tightening this gate has no
legitimate-caller impact. Only unauthenticated sniffers lose access,
which was never the intended contract of #287.

Fix:

1. Extracted the auth gate into `workspace-template/transcript_auth.py`
   — a 20-line module with no heavy imports so the security-critical
   code is unit-testable without standing up the full uvicorn/a2a/httpx
   stack (the former inline guard could only be tested end-to-end,
   which explains why the regression shipped in #287).

2. `transcript_authorized(expected, auth_header)` returns False when
   `expected` is None or empty — the #328 fix — and otherwise does
   strict equality against "Bearer <expected>".

3. main.py's inline handler calls the extracted function:
     if not _transcript_authorized(get_token(), auth_header):
         return 401

4. New tests/test_transcript_auth.py covers: None token, empty token,
   valid bearer, wrong bearer, missing header, case-sensitive prefix,
   whitespace fuzzing. All 7 pass.

Closes #328

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-15 21:17:37 -07:00

48 lines
1.7 KiB
Python
Raw Blame History

"""Tests for the #328 fix — /transcript endpoint must fail-CLOSED when
the workspace auth token is not yet on disk.
Prior behaviour (regressed in #287): `if expected:` skipped the auth
check when `get_token()` returned None, so any container on
`molecule-monorepo-net` could read the full session log during the
bootstrap window. The fix lifts the guard into transcript_auth.py for
testability.
"""
from transcript_auth import transcript_authorized
def test_missing_token_fails_closed():
# #328 regression: None token MUST return False (was the fail-open bug).
assert transcript_authorized(None, "Bearer anything") is False
def test_empty_token_fails_closed():
# Empty string is as-bad-as None — also a fail-closed case.
assert transcript_authorized("", "Bearer anything") is False
def test_valid_bearer_passes():
assert transcript_authorized("tok-123", "Bearer tok-123") is True
def test_wrong_bearer_fails():
assert transcript_authorized("tok-123", "Bearer other-token") is False
def test_missing_header_fails_even_when_expected_is_set():
# Empty auth header (not sent at all) must fail — client forgot.
assert transcript_authorized("tok-123", "") is False
def test_case_sensitive_bearer_prefix():
# Strict equality matches platform wsauth.BearerTokenFromHeader
# which is also case-sensitive on the "Bearer " prefix. Documenting
# the behavior so a future refactor is a conscious choice.
assert transcript_authorized("tok-123", "bearer tok-123") is False
def test_extra_whitespace_in_header_fails():
# Strict equality — accidental double space between Bearer and token
# must fail so an adversary can't test fuzzed variations.
assert transcript_authorized("tok-123", "Bearer tok-123") is False
Reference in New Issue View Git Blame Copy Permalink