fix: resolve lint errors, expand test suite, and add form example#1
Merged
Conversation
- Fix 27 ruff lint errors (unused imports, deprecated typing.Type, line length) and reformat 9 files to match project style - Add comprehensive tests for Component, FormComponent, Registry, InMemoryStateStore, and WebSocket manager (5 → 81 tests) - Add FastAPI form example with ContactForm component and Jinja template demonstrating Pydantic validation - Update pyproject.toml author placeholder with repo owner - Clarify RateLimitMixin as not-yet-implemented in docstring https://claude.ai/code/session_01C2Q6DUxequpAZMEtxQPvkS
fsecada01
added a commit
that referenced
this pull request
Jul 1, 2026
Component state round-trips to the client unsigned — the #1 security gap (Epic A). This adds HMAC-SHA256 state signing at the StateSerializer choke point so every adapter is covered. - New stdlib-only core/signing.py: StateSigner + CorruptStateError. Versioned token format cfs1.<b64url(payload)>.<b64url(mac)>; the MAC binds the version prefix to prevent cross-format confusion; verify uses hmac.compare_digest. - Key config: StateSigner.configure(secret) or STATE_SIGNING_KEY env var. Sequence / comma-separated values enable rotation: first key signs, all keys verify (A2 groundwork). Unconfigured = disabled (legacy pass-through) with a one-time prominent warning. - Enabled mode: all outbound state is signed; inbound MUST be a valid token — plain JSON strings and raw dicts raise CorruptStateError (no unsigned fallback). - Closed the dict bypass: FastAPI, Flask, Litestar, Django FBV/CBV, and the WebSocket manager now route inbound state through the new StateSerializer.load_untrusted() single entry point (a client could previously submit state as a JSON object and skip deserialization). - Django ComponentView.handle_error() now maps client input errors (ValueError, incl. corrupt state) to 400 instead of 500, matching the other adapters. - Docs: docs/STATE_SIGNING.md (per-adapter setup + rotation procedure, covers A2 doc scope); README + CHANGELOG updated. - Tests: 36 new tests in tests/test_signing.py (round-trip, tamper / truncation / garbage rejection, rotation, env pickup, disabled-mode parity, FastAPI integration incl. tampered-state 400). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
fsecada01
added a commit
that referenced
this pull request
Jul 1, 2026
Component state round-trips to the client unsigned — the #1 security gap (Epic A). This adds HMAC-SHA256 state signing at the StateSerializer choke point so every adapter is covered. - New stdlib-only core/signing.py: StateSigner + CorruptStateError. Versioned token format cfs1.<b64url(payload)>.<b64url(mac)>; the MAC binds the version prefix to prevent cross-format confusion; verify uses hmac.compare_digest. - Key config: StateSigner.configure(secret) or STATE_SIGNING_KEY env var. Sequence / comma-separated values enable rotation: first key signs, all keys verify (A2 groundwork). Unconfigured = disabled (legacy pass-through) with a one-time prominent warning. - Enabled mode: all outbound state is signed; inbound MUST be a valid token — plain JSON strings and raw dicts raise CorruptStateError (no unsigned fallback). - Closed the dict bypass: FastAPI, Flask, Litestar, Django FBV/CBV, and the WebSocket manager now route inbound state through the new StateSerializer.load_untrusted() single entry point (a client could previously submit state as a JSON object and skip deserialization). - Django ComponentView.handle_error() now maps client input errors (ValueError, incl. corrupt state) to 400 instead of 500, matching the other adapters. - Docs: docs/STATE_SIGNING.md (per-adapter setup + rotation procedure, covers A2 doc scope); README + CHANGELOG updated. - Tests: 36 new tests in tests/test_signing.py (round-trip, tamper / truncation / garbage rejection, rotation, env pickup, disabled-mode parity, FastAPI integration incl. tampered-state 400). Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
length) and reformat 9 files to match project style
InMemoryStateStore, and WebSocket manager (5 → 81 tests)
demonstrating Pydantic validation
https://claude.ai/code/session_01C2Q6DUxequpAZMEtxQPvkS