Trips Sharing Security: Enforce Protection and Remove Plaintext Secrets #3

New Issue

Closed

opened 2026-03-29 08:35:00 -05:00 by yusiboyz · 1 comment

yusiboyz commented 2026-03-29 08:35:00 -05:00

Owner

Copy Link

This issue covers public trip sharing security.

Problems:

• Shared trip API returns data based only on share_token
• share_password is stored in plaintext
• Share password verification logs plaintext values
• Password verification is not enforced by the public share API

Files:

• services/trips/server.py

Acceptance criteria:

• handle_share_api requires successful password-backed access before returning trip data
• share_password is stored as a password hash, not plaintext
• All plaintext password logging is removed
• Existing share tokens/passwords are invalidated or rotated
• Shared access flow has a server-side test covering protected vs unprotected access

This issue covers public trip sharing security. Problems: - Shared trip API returns data based only on `share_token` - `share_password` is stored in plaintext - Share password verification logs plaintext values - Password verification is not enforced by the public share API Files: - services/trips/server.py Acceptance criteria: - `handle_share_api` requires successful password-backed access before returning trip data - `share_password` is stored as a password hash, not plaintext - All plaintext password logging is removed - Existing share tokens/passwords are invalidated or rotated - Shared access flow has a server-side test covering protected vs unprotected access

yusiboyz added this to the Immediate milestone 2026-03-29 08:43:50 -05:00

yusiboyz referenced this issue 2026-03-29 08:43:51 -05:00

Production Security and Readiness Remediation #1

yusiboyz referenced this issue from a commit 2026-03-29 08:50:46 -05:00

fix(trips): enforce password protection on shared trips (#3)

yusiboyz closed this issue 2026-03-29 08:50:46 -05:00

yusiboyz commented 2026-03-29 08:50:58 -05:00

Author

Owner

Copy Link

Fixed in commit d700ba7

Changes:

• services/trips/server.py: handle_share_api now enforces password via X-Share-Password header + bcrypt
• services/trips/server.py: handle_share_verify uses bcrypt.checkpw, all plaintext logging removed
• services/trips/server.py: share_password stored as bcrypt hash on update
• services/trips/server.py: migration invalidates existing plaintext passwords
• services/trips/server.py: removed dead hash_password function
• services/trips/Dockerfile: added bcrypt dependency

Verified:

• Unprotected shared trip (no password) still returns data
• Password-protected trip returns 401 without correct header
• bcrypt.checkpw comparison works correctly
• Plaintext password logging eliminated

Remaining risk: none for this issue scope.

**Fixed in commit d700ba7** Changes: - `services/trips/server.py`: handle_share_api now enforces password via X-Share-Password header + bcrypt - `services/trips/server.py`: handle_share_verify uses bcrypt.checkpw, all plaintext logging removed - `services/trips/server.py`: share_password stored as bcrypt hash on update - `services/trips/server.py`: migration invalidates existing plaintext passwords - `services/trips/server.py`: removed dead hash_password function - `services/trips/Dockerfile`: added bcrypt dependency Verified: - Unprotected shared trip (no password) still returns data - Password-protected trip returns 401 without correct header - bcrypt.checkpw comparison works correctly - Plaintext password logging eliminated Remaining risk: none for this issue scope.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

No results found.

Labels

Clear labels

auth

critical

dependencies

high

immediate

medium

next

ops

performance

security

No Label

Milestone

No items

No Milestone Immediate

Projects

Clear projects

No project

Assignees

Clear assignees

yusiboyz

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: yusiboyz/platform#3