feat(security): implement safe guest auth flow and harden request_jwt
- Patched request_jwt to strip privileged IDs when signing with public keys - Updated AccountContext and V3 dependencies to preserve JWT payloads for guests - Whitelisted Archive, Post, Event, and other core objects for public read access - Added 'default_qry_str' to Event searchable fields - Added test_e2e_jwt_guest_auth.py for security verification
This commit is contained in:
Scott Idem
@@ -44,6 +44,7 @@ This directory contains the automated and manual test scripts for the Aether Fas
|
||||
| Script | Description |
|
||||
| :--- | :--- |
|
||||
| `test_e2e_agent_bridge.py` | Verifies the `/agent` diagnostics and log streaming endpoints. |
|
||||
| `test_e2e_jwt_guest_auth.py` | **Security Test**: Verifies safe guest token minting and whitelisted access. |
|
||||
| `test_e2e_legacy_remote_schema.py` | Remote check for legacy schema compatibility. |
|
||||
| `test_e2e_site_bootstrap.py` | Verifies the unauthenticated FQDN lookup for site initialization. |
|
||||
| `test_e2e_v3_accounts.py` | CRUD verification for the Account object via network. |
|
||||
|
||||
Reference in New Issue
Block a user