Skip to content

Improve security when one tenant is comporomised#131

Open
MatejFrnka wants to merge 3 commits into
developfrom
feature/73-improve-security-of-tenant-uuid
Open

Improve security when one tenant is comporomised#131
MatejFrnka wants to merge 3 commits into
developfrom
feature/73-improve-security-of-tenant-uuid

Conversation

@MatejFrnka

@MatejFrnka MatejFrnka commented Jul 9, 2026

Copy link
Copy Markdown
Collaborator

The original approach to authentication where if a single tenant was compromised, attacker could issue uuids with any tenant uuid they want, which would compromise all other tenants as well.

This adds restriction to only allow specific tenants on specific apis. This means if one tenant is compromised, it won't allow attacker to access other tenants.

closes #73

@MatejFrnka
MatejFrnka force-pushed the feature/73-improve-security-of-tenant-uuid branch from 5550598 to a1baa11 Compare July 9, 2026 22:49
@MatejFrnka MatejFrnka changed the title Fix ruff issues Improve security when one tenant is comporomised Jul 9, 2026
@MatejFrnka

Copy link
Copy Markdown
Collaborator Author

Todo: test this before merging

@MatejFrnka
MatejFrnka force-pushed the feature/73-improve-security-of-tenant-uuid branch from a1baa11 to 8ef11c1 Compare July 10, 2026 12:09
@MatejFrnka
MatejFrnka marked this pull request as ready for review July 10, 2026 21:00
@MatejFrnka
MatejFrnka requested a review from hranasit July 10, 2026 21:06
@@ -120,3 +120,28 @@ jobs:
- name: '[check] Run Ruff'

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"The original approach to authentication where if a single tenant was compromised, attacker could issue uuids with any tenant uuid they want, which would compromise all other tenants as well."

What uuids do you mean? Like new tenant uuis?

msg = f"Invalid config value: 'auth.allowed_apis[{index}].tenant_uuid' must be a UUID or '*'"
raise ValueError(msg) from error

if WILDCARD in {normalized_url, tenant_uuid}:

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It might be useful to introduce separate production and development modes in the future. But maybe it is too much for this project, just an idea.

Comment thread service/config.test.yaml
@@ -0,0 +1,20 @@
auth:
allowed_apis:
- url: "https://your-dsw-instance.example.com/wizard-api"

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this mean that every tenant must now be explicitly listed in the configuration?
I’m wondering whether this might be too tightly coupled to the config. Would each newly created tenant need to be added manually before it can use the API?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Show templates based on tenant_uuid

2 participants