Skip to content

fix(login): use system identity in ResetTemporaryPassword mediator call#276

Merged
The127 merged 1 commit intomainfrom
fix/reset-temp-password-system-identity
Apr 25, 2026
Merged

fix(login): use system identity in ResetTemporaryPassword mediator call#276
The127 merged 1 commit intomainfrom
fix/reset-temp-password-system-identity

Conversation

@The127
Copy link
Copy Markdown
Owner

@The127 The127 commented Apr 25, 2026

Summary

  • /logins/* deliberately skips authentication.Middleware (the login flow is pre-authentication; the login token in the URL is the capability, no Bearer token yet). So the request context carries no CurrentUser.
  • ResetTemporaryPassword is the only login-flow handler that issues a mediator command (commands.SetPassword). PolicyBehaviour.evaluatePolicy calls authentication.GetCurrentUser unconditionally and panics with "current user not found".
  • Inject authentication.SystemUser() into the mediator-call context: PolicyBehaviour short-circuits to Allowed, SetPassword runs. The login token plus the LoginStepTemporaryPassword guard are the proof of authority; the server is acting as a trusted system actor on the user's behalf, which is exactly what authentication.SystemUser() exists for.

Why this was latent

Until v0.5.2 the access-request approve flow in keyline-saas-admin-api was 401-blocking on POST /api/virtual-servers/portal/users (system-admin role had no user:create permission). Once v0.5.2 fixed that, the first portal user with a temp password reached the reset-temp-password step in production, and the panic surfaced.

Test plan

  • go build ./... clean
  • After release: complete an access-request approve, log in with the temp password, reset to a real password — should succeed (currently 500s with handler panic)

Follow-up worth considering

  • No login-handler tests exist today (internal/handlers/login_test.go is missing). The login flow is exercised end-to-end nowhere. Worth a focused e2e test pass for the temp-password flow.

@The127
fix(login): use system identity in ResetTemporaryPassword mediator call
e58a662 
/logins/* skips authentication.Middleware (login flow is
pre-authentication), so the request context carries no CurrentUser.
ResetTemporaryPassword is the only login-flow handler that issues a
mediator command (commands.SetPassword), and PolicyBehaviour calls
authentication.GetCurrentUser unconditionally — which panics with
"current user not found" when none is set.

Inject authentication.SystemUser() into the mediator-call context so
PolicyBehaviour short-circuits to Allowed. The login token plus the
LoginStepTemporaryPassword guard are the proof that the caller is
authorised to reset their own temp password; the server is acting as
a trusted system actor on the user's behalf.

Latent bug: surfaced as soon as the access-request approve flow in
keyline-saas-admin-api could finally provision portal users with
temp passwords (Keyline v0.5.2 fixed the system-admin permissions
that gated that). Before v0.5.2 nobody ever reached this handler.

Signed-off-by: karo <karolin.kostial@gmail.com>
@The127 The127 merged commit c65a0dd into main Apr 25, 2026
8 checks passed
@The127 The127 deleted the fix/reset-temp-password-system-identity branch April 25, 2026 11:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@The127