ulysses/core
SurprisedDuck 7d10fb6260
Reserve internal sentinel usernames
`core.middleware.require_admin` grants admin to any request whose
`request.state.current_user == "internal-tool"` — the sentinel meant only
for the in-process tool-loopback path. But the normal cookie auth path
(app.py) sets `current_user` to the raw username, and neither `create_user`
nor the signup route reserved that name. As a result an account literally
named "internal-tool" was silently treated as admin by every
`require_admin`-gated route. With self-service signup enabled this is an
anonymous -> admin privilege escalation.

Reserve the full synthetic-owner set the codebase already special-cases —
"internal-tool", "api", "demo", "system" (see `_SYNTHETIC_OWNERS` in
routes/assistant_routes.py and the matching guards in src/task_scheduler.py
and routes/research_routes.py). "api" collides with the bearer-token owner
sentinel; "demo"/"system" would leave a real account denied an assistant
and inconsistently owner-scoped.

Refuse to create or rename into any reserved name (case/space-normalized),
and reject empty usernames while we're here. Adds a regression test.

Co-authored-by: Claude <noreply@anthropic.com>
2026-06-02 05:58:58 +09:00
..
__init__.py Odysseus v1.0 2026-05-31 23:58:26 +09:00
atomic_io.py Add native Windows compatibility layer 2026-06-01 15:09:47 +09:00
auth.py Reserve internal sentinel usernames 2026-06-02 05:58:58 +09:00
constants.py Odysseus v1.0 2026-05-31 23:58:26 +09:00
database.py Scope email calendar extraction to account owner 2026-06-01 23:12:32 +09:00
exceptions.py Odysseus v1.0 2026-05-31 23:58:26 +09:00
middleware.py Fix email-thread HTML injection, attachment path traversal, and missing authz (#475) 2026-06-01 22:20:17 +09:00
models.py Odysseus v1.0 2026-05-31 23:58:26 +09:00
platform_compat.py Add native Windows compatibility layer 2026-06-01 15:09:47 +09:00
session_manager.py Fix chat message history timestamps 2026-06-01 11:18:18 +09:00