Skip to content

security: store one-time token hashes instead of raw tokens#76

Draft
enlorik wants to merge 1 commit into
mainfrom
security/hash-one-time-tokens
Draft

security: store one-time token hashes instead of raw tokens#76
enlorik wants to merge 1 commit into
mainfrom
security/hash-one-time-tokens

Conversation

@enlorik

@enlorik enlorik commented Jul 18, 2026

Copy link
Copy Markdown
Owner

Noticed the email-verification and password-reset tokens were sitting in the database in plain form, so anyone who got a copy of those tables could use every still-valid link. Now only a SHA-256 hash is persisted (new little TokenHasher component; the column keeps its old "token" name so the schema doesn't change) and the raw token only ever appears in the emailed link — incoming tokens get hashed before lookup, and expiry/used checks behave exactly as before. Deployment note: tokens issued before this change stop working once it ships, since we only have their raw value stored — they're short-lived and single-use anyway, so re-requesting a link covers it. mvn test went from 185 to 198 tests (new hasher vectors plus hash-vs-raw coverage in both token services), all passing.

@enlorik

enlorik commented Jul 18, 2026

Copy link
Copy Markdown
Owner Author

@codex review

@chatgpt-codex-connector

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. Bravo.

Reviewed commit: aa2714d360

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant