apunkt/trustgraph
1
0
Fork 0
mirror of https://github.com/trustgraph-ai/trustgraph.git synced 2026-06-10 23:35:14 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
trustgraph/trustgraph-flow
History
Cyber MacGeddon ac9968b1e0 fix: skip authorise() for AUTHENTICATED/PUBLIC sentinels in WebSocket mux 
The mux unconditionally called auth.authorise() for every operation,
passing capability sentinels like AUTHENTICATED ("__authenticated__")
to the IAM regime. Since no role grants "__authenticated__", the regime
denied the request — breaking whoami (and any future AUTHENTICATED-only
operation) over the WebSocket path while the HTTP endpoints worked fine.

Match the guard pattern used by iam_endpoint.py and registry_endpoint.py:
only call authorise() for real capability strings, not sentinels.
2026-06-03 09:44:11 +01:00
..
trustgraph fix: skip authorise() for AUTHENTICATED/PUBLIC sentinels in WebSocket mux 2026-06-03 09:44:11 +01:00
pyproject.toml Open 2.5 release branch (#939) 2026-05-19 16:07:27 +01:00
README.md Maint/fix build env (#84) 2024-09-30 19:47:09 +01:00

README.md

See https://trustgraph.ai/