You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add token validation to the role_required decorator to prevent bypassing authentication checks.
Findings (1)
[MEDIUM] design at backend/app/utils/decorators.py:90 — role_required decorator does not validate token before checking roles. Unlike other decorators (token_required, admin_required, etc.), it assumes request.current_user is already set without calling _extract_and_validate_token(), making it vulnerable to use without prior token validation. Fix sketch: Call _extract_and_validate_token() at the start of the decorated function to ensure token is validated before checking roles.
Generated by GITA v0.1.0 onboarding agent against amass. Milestone confidence: 0.90.
Add token validation to the role_required decorator to prevent bypassing authentication checks.
Findings (1)
backend/app/utils/decorators.py:90— role_required decorator does not validate token before checking roles. Unlike other decorators (token_required, admin_required, etc.), it assumes request.current_user is already set without calling _extract_and_validate_token(), making it vulnerable to use without prior token validation.Fix sketch: Call _extract_and_validate_token() at the start of the decorated function to ensure token is validated before checking roles.
Generated by GITA v0.1.0 onboarding agent against
amass. Milestone confidence: 0.90.