fix: derive user_id from authenticated session to prevent IDOR in AutoGen Studio#7912
Open
AUTHENSOR wants to merge 1 commit into
Open
fix: derive user_id from authenticated session to prevent IDOR in AutoGen Studio#7912AUTHENSOR wants to merge 1 commit into
AUTHENSOR wants to merge 1 commit into
Conversation
…uery param All API routes in autogen-studio accepted user_id as a client-supplied query parameter (or request body field) instead of deriving it from the authenticated session. This is an Insecure Direct Object Reference (IDOR) vulnerability: any authenticated user can read, modify, or delete any other users teams, sessions, gallery entries, settings, and runs by supplying a different user_id value. The fix uses the existing get_current_user dependency (which extracts the user ID from request.state.user set by the auth middleware) instead of the client-supplied query parameter. Affected routes (5 files, 13 endpoints): - sessions: list, get, update, delete, list_runs - teams: list, get, delete - gallery: upsert, list, get, delete - settings: get - runs: create Signed-off-by: John Kearney <johndanielkearney@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
fix: derive user_id from authenticated session, not client-supplied query param
Summary
All API routes in autogen-studio accept
user_idas a client-supplied queryparameter instead of deriving it from the authenticated session. This is an
Insecure Direct Object Reference (IDOR) vulnerability: any authenticated
user can read, modify, or delete any other user's teams, sessions, gallery
entries, settings, and runs by supplying a different
user_idvalue.The fix uses the existing
get_current_userdependency (which extracts theuser ID from
request.state.userset by the auth middleware) instead of theclient-supplied query parameter.
The vulnerability
FastAPI treats
user_id: str(withoutDepends(...)) as a query parameter.A user sends
GET /api/teams/42?user_id=victimand receives victim's teamconfiguration — including agent definitions, model configs, and potentially
API keys embedded in team configs.
Exploitation
The auth middleware IS in place and correctly sets
request.state.user. Theget_current_user(request: Request)function exists and correctly extractsthe authenticated user ID from the session. The routes simply don't use it.
The fix
get_current_userextractsrequest.state.user.id(set byAuthMiddleware).If auth is disabled (
type: "none"), it falls back toDEFAULT_USER_ID.Affected routes
13 endpoints across 5 files:
sessions.pyteams.pygallery.pysettingsroute.pyruns.pyDiff: +21/−20 across 5 files.
Impact
teams, sessions (including conversation history), gallery entries, and settings
or modify other users' resources
include sensitive user data
model configurations
Environment
microsoft/autogencommit:027ecf0(main)autogen-studio(Python)