chore: regenerate poetry.lock to match pyproject.toml#2
Merged
github-actions[bot] merged 1 commit intoMar 3, 2026
Merged
Conversation
Harshit28j
pushed a commit
that referenced
this pull request
Mar 20, 2026
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Harshit28j
pushed a commit
that referenced
this pull request
Apr 25, 2026
Continuation of Veria E3NpkuAd / Audit-B hardening. All three are the same anti-pattern PR BerriAI#25904 already addressed for _user_is_org_admin and /user/delete: route-level gate trusts a caller-supplied scope field, handler operates on a different scope. 1. /user/update no longer silently creates a user when the target email doesn't exist. Pre-fix, an org admin could supply a fresh email + caller-chosen budget/models/metadata; the INSERT path created the user with no org attachment, bypassing /user/new's org/team authorization. Now require PROXY_ADMIN for the create branch; return 404 otherwise. Also fixes /user/bulk_update because it dispatches through the same _update_single_user_helper. 2. /team/bulk_member_add with all_users=true restricted to PROXY_ADMIN. The flag pulls every user in the database into the target team, ignoring org scope — any team admin could use it to capture every user across every org into their team. 3. /team/update now verifies destination-org admin rights. When the request carries an organization_id that differs from the team's current org, an org admin of the caller's current org could previously relocate the team into any other org (draining their resources, or capturing a team they once administered). Require PROXY_ADMIN or org-admin of the DESTINATION org for the relocation. Regression tests for #1 and #3; #2 covered by the existing bulk_add suite after the gate addition.
Harshit28j
pushed a commit
that referenced
this pull request
Apr 25, 2026
Audit-B #2. _check_key_admin_access was gated on max_budget/spend changes only, which meant a non-admin caller could blanket-rewrite any OTHER field on any key (key_alias, models, tpm_limit, rpm_limit, metadata, tags, allowed_routes, guardrails, blocked, duration, permissions, auto_rotate, access_group_ids, object_permission, …) as long as they avoided budget/spend. Example attack: POST /key/update { key: sk-victim-in-org-B, models: [], blocked: true, organization_id: org-A, } The caller is org-admin of org-A, which satisfies the route gate; the handler then wipes models and blocks the victim's key. Policy after this fix: - PROXY_ADMIN: always allowed. - Key OWNER (matching user_id): allowed for non-budget fields; budget/spend changes still require team/org admin. - Everyone else: must pass _check_key_admin_access (PROXY_ADMIN / key-owner / team-admin / org-admin of the key). Regression test confirms a non-owner INTERNAL_USER cannot rewrite key_alias/blocked on someone else's key; existing test covers the owner-can-update-alias case; existing test covers internal-user-cannot-modify-max-budget.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Automated regeneration of
poetry.lockafterpyproject.tomlwas updated onmain.Fixes the recurring CI failure: