Skip to content

feat(DX-5433): Retrieve auth token exclusively via Login API#142

Merged
OMpawar-21 merged 7 commits intodevelopmentfrom
enhc/DX-5433
Mar 24, 2026
Merged

feat(DX-5433): Retrieve auth token exclusively via Login API#142
OMpawar-21 merged 7 commits intodevelopmentfrom
enhc/DX-5433

Conversation

@OMpawar-21
Copy link

@OMpawar-21 OMpawar-21 commented Mar 16, 2026

Summary

  • Removed hardcoded Authtoken from appSettings.json to eliminate the security vulnerability of storing tokens in config files.
  • All integration tests now obtain the auth token at runtime through the Login API instead of relying on a pre-configured value.
  • Added comprehensive test coverage for login flows including happy path, sync/async methods, TOTP, and error cases as per acceptance criteria.

Test Plan

  • Login sync/async — happy path
  • Login error cases — wrong credentials, null credentials, already logged in
  • TOTP flow — valid/invalid MFA secret, explicit token override
  • Logout sync/async after login
  • All existing integration tests pass with runtime auth

@OMpawar-21 OMpawar-21 requested a review from a team as a code owner March 16, 2026 04:55
@github-actions
Copy link

github-actions bot commented Mar 16, 2026

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type Count (with fixes) Without fixes Threshold Result
🔴 Critical Severity 0 0 10 ✅ Passed
🟠 High Severity 0 0 25 ✅ Passed
🟡 Medium Severity 0 0 0 ✅ Passed
🔵 Low Severity 0 0 0 ✅ Passed

⏱️ SLA Breach Summary

✅ No SLA breaches detected. All vulnerabilities are within acceptable time thresholds.

Severity Breaches (with fixes) Breaches (no fixes) SLA Threshold (with/no fixes) Status
🔴 Critical 0 0 15 / 30 days ✅ Passed
🟠 High 0 0 30 / 120 days ✅ Passed
🟡 Medium 0 0 90 / 365 days ✅ Passed
🔵 Low 0 0 180 / 365 days ✅ Passed

✅ BUILD PASSED - All security checks passed

@OMpawar-21
feat(5433): Retrieve auth token exclusively via Login API feat: Retri…
3aa868e 
…eve auth token exclusively via Login API

### Summary
- Removed hardcoded `Authtoken` from `appSettings.json` to eliminate the security vulnerability of storing tokens in config files.
- All integration tests now obtain the auth token at runtime through the Login API instead of relying on a pre-configured value.
- Added comprehensive test coverage for login flows including happy path, sync/async methods, TOTP, and error cases as per acceptance criteria.

### Test Plan
- [ ] Login sync/async — happy path
- [ ] Login error cases — wrong credentials, null credentials, already logged in
- [ ] TOTP flow — valid/invalid MFA secret, explicit token override
- [ ] Logout sync/async after login
- [ ] All existing integration tests pass with runtime auth
@github-actions
Copy link

github-actions bot commented Mar 16, 2026

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type Count (with fixes) Without fixes Threshold Result
🔴 Critical Severity 0 0 10 ✅ Passed
🟠 High Severity 0 0 25 ✅ Passed
🟡 Medium Severity 0 0 0 ✅ Passed
🔵 Low Severity 0 0 0 ✅ Passed

⏱️ SLA Breach Summary

✅ No SLA breaches detected. All vulnerabilities are within acceptable time thresholds.

Severity Breaches (with fixes) Breaches (no fixes) SLA Threshold (with/no fixes) Status
🔴 Critical 0 0 15 / 30 days ✅ Passed
🟠 High 0 0 30 / 120 days ✅ Passed
🟡 Medium 0 0 90 / 365 days ✅ Passed
🔵 Low 0 0 180 / 365 days ✅ Passed

✅ BUILD PASSED - All security checks passed

@OMpawar-21
fix: resolve Snyk CWE-798 hardcoded-credentials false positive in Tes…
dc85c14 
…tDataHelper

Rename parameter 'key' to 'configKey' in GetRequiredConfig and GetOptionalConfig
so the scanner no longer treats it as a secret key. Values still come from config.
@OMpawar-21
Revert "fix: resolve Snyk CWE-798 hardcoded-credentials false positiv…
9752bcb 
…e in TestDataHelper"

This reverts commit dc85c14.
@github-actions
Copy link

github-actions bot commented Mar 18, 2026

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type Count (with fixes) Without fixes Threshold Result
🔴 Critical Severity 0 0 10 ✅ Passed
🟠 High Severity 0 0 25 ✅ Passed
🟡 Medium Severity 0 0 0 ✅ Passed
🔵 Low Severity 0 0 0 ✅ Passed

⏱️ SLA Breach Summary

✅ No SLA breaches detected. All vulnerabilities are within acceptable time thresholds.

Severity Breaches (with fixes) Breaches (no fixes) SLA Threshold (with/no fixes) Status
🔴 Critical 0 0 15 / 30 days ✅ Passed
🟠 High 0 0 30 / 120 days ✅ Passed
🟡 Medium 0 0 90 / 365 days ✅ Passed
🔵 Low 0 0 180 / 365 days ✅ Passed

✅ BUILD PASSED - All security checks passed

1 similar comment
@github-actions
Copy link

github-actions bot commented Mar 18, 2026

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type Count (with fixes) Without fixes Threshold Result
🔴 Critical Severity 0 0 10 ✅ Passed
🟠 High Severity 0 0 25 ✅ Passed
🟡 Medium Severity 0 0 0 ✅ Passed
🔵 Low Severity 0 0 0 ✅ Passed

⏱️ SLA Breach Summary

✅ No SLA breaches detected. All vulnerabilities are within acceptable time thresholds.

Severity Breaches (with fixes) Breaches (no fixes) SLA Threshold (with/no fixes) Status
🔴 Critical 0 0 15 / 30 days ✅ Passed
🟠 High 0 0 30 / 120 days ✅ Passed
🟡 Medium 0 0 90 / 365 days ✅ Passed
🔵 Low 0 0 180 / 365 days ✅ Passed

✅ BUILD PASSED - All security checks passed

@github-actions
Copy link

github-actions bot commented Mar 18, 2026

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type Count (with fixes) Without fixes Threshold Result
🔴 Critical Severity 0 0 10 ✅ Passed
🟠 High Severity 0 0 25 ✅ Passed
🟡 Medium Severity 0 0 0 ✅ Passed
🔵 Low Severity 0 0 0 ✅ Passed

⏱️ SLA Breach Summary

✅ No SLA breaches detected. All vulnerabilities are within acceptable time thresholds.

Severity Breaches (with fixes) Breaches (no fixes) SLA Threshold (with/no fixes) Status
🔴 Critical 0 0 15 / 30 days ✅ Passed
🟠 High 0 0 30 / 120 days ✅ Passed
🟡 Medium 0 0 90 / 365 days ✅ Passed
🔵 Low 0 0 180 / 365 days ✅ Passed

✅ BUILD PASSED - All security checks passed

@github-actions
Copy link

github-actions bot commented Mar 18, 2026

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type Count (with fixes) Without fixes Threshold Result
🔴 Critical Severity 0 0 10 ✅ Passed
🟠 High Severity 0 0 25 ✅ Passed
🟡 Medium Severity 0 0 0 ✅ Passed
🔵 Low Severity 0 0 0 ✅ Passed

⏱️ SLA Breach Summary

✅ No SLA breaches detected. All vulnerabilities are within acceptable time thresholds.

Severity Breaches (with fixes) Breaches (no fixes) SLA Threshold (with/no fixes) Status
🔴 Critical 0 0 15 / 30 days ✅ Passed
🟠 High 0 0 30 / 120 days ✅ Passed
🟡 Medium 0 0 90 / 365 days ✅ Passed
🔵 Low 0 0 180 / 365 days ✅ Passed

✅ BUILD PASSED - All security checks passed

cs-raj
cs-raj previously approved these changes Mar 23, 2026
View reviewed changes
@OMpawar-21 OMpawar-21 dismissed cs-raj’s stale review March 23, 2026 06:47

The merge-base changed after approval.

sunil-lakshman
sunil-lakshman previously approved these changes Mar 24, 2026
View reviewed changes
Copy link

@sunil-lakshman sunil-lakshman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@OMpawar-21 OMpawar-21 dismissed sunil-lakshman’s stale review March 24, 2026 06:53

The merge-base changed after approval.

@OMpawar-21 OMpawar-21 requested a review from cs-raj March 24, 2026 10:13
@github-actions
Copy link

github-actions bot commented Mar 24, 2026

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type Count (with fixes) Without fixes Threshold Result
🔴 Critical Severity 0 0 10 ✅ Passed
🟠 High Severity 0 0 25 ✅ Passed
🟡 Medium Severity 0 0 500 ✅ Passed
🔵 Low Severity 0 0 1000 ✅ Passed

⏱️ SLA Breach Summary

✅ No SLA breaches detected. All vulnerabilities are within acceptable time thresholds.

Severity Breaches (with fixes) Breaches (no fixes) SLA Threshold (with/no fixes) Status
🔴 Critical 0 0 15 / 30 days ✅ Passed
🟠 High 0 0 30 / 120 days ✅ Passed
🟡 Medium 0 0 90 / 365 days ✅ Passed
🔵 Low 0 0 180 / 365 days ✅ Passed

✅ BUILD PASSED - All security checks passed

@OMpawar-21 OMpawar-21 merged commit b4da510 into development Mar 24, 2026
10 checks passed
@OMpawar-21 OMpawar-21 deleted the enhc/DX-5433 branch March 25, 2026 05:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cs-raj cs-raj cs-raj approved these changes

@sunil-lakshman sunil-lakshman Awaiting requested review from sunil-lakshman

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@OMpawar-21 @sunil-lakshman @cs-raj