fix(critical): SAML signature bypass - remove lax fallback allowing forged assertions#3427
fix(critical): SAML signature bypass - remove lax fallback allowing forged assertions#3427namann5 wants to merge 2 commits into
Conversation
Two issues that prevent the application from starting: 1. rom backend.payload_middleware import PayloadLimitMiddleware references a module that does not exist on the gssoc branch, causing an immediate ModuleNotFoundError at import time. Removed the import and its corresponding �dd_middleware call. 2. create_client() is called on line 37 without being imported — the rom supabase import create_client import was missing, causing a NameError at runtime when SUPABASE_URL and SUPABASE_SERVICE_KEY are both configured. Added the missing import.
…s forged assertions The verify_saml_response function had multiple code paths that silently set signature_valid = True when cryptographic verification failed: 1. Lines 218-221: After both RSA-SHA256 and RSA-SHA1 verification failed, signature_valid was still set to True with a comment about 'developer flexibility for local test cases'. 2. Lines 222-225: If any exception occurred during initialization, the catch block set signature_valid = True as a 'default validation fallback'. 3. Lines 226-229: When no signature element was found or no cert was configured, signature_valid was unconditionally set to True. This meant any attacker could forge a SAML response and bypass authentication entirely. The fix removes all fallback-to-true paths and requires valid cryptographic proof for SAML assertions.
|
@namann5 is attempting to deploy a commit to the ritesh Team on Vercel. A member of the Team first needs to authorize it. |
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Description
Fixes critical SAML signature bypass vulnerability in
backend/auth/saml_provider.py. Theverify_saml_responsefunction had multiple code paths that silently setsignature_valid = Truewhen cryptographic verification failed, allowing attackers to forge SAML assertions.Related Issue
Fixes #3424
Changes
verified: Falseverified: Falseverified: Falsesig_errorfield on successType of Change