Skip to content

[codex] fix(monitoring): secure dashboard auth defaults#1536

Draft
SH20RAJ wants to merge 1 commit intomofa-org:mainfrom
SH20RAJ:fix/dashboard-auth-defaults-1154
Draft

[codex] fix(monitoring): secure dashboard auth defaults#1536
SH20RAJ wants to merge 1 commit intomofa-org:mainfrom
SH20RAJ:fix/dashboard-auth-defaults-1154

Conversation

@SH20RAJ
Copy link
Copy Markdown

@SH20RAJ SH20RAJ commented Mar 28, 2026

Summary

  • require explicit opt-out before starting the monitoring dashboard without auth
  • downgrade NoopAuthProvider metadata from wildcard permissions to read-only read:metrics
  • update monitoring tests, examples, and docs to use with_require_auth(false) when they intentionally run unauthenticated

Motivation

The monitoring dashboard currently starts unauthenticated by default, which makes REST and WebSocket endpoints publicly accessible unless contributors remember to wire a real auth provider. This hardens the default while still preserving a clear local-development escape hatch.

Changes

  • add DashboardConfig::require_auth with secure default true
  • panic at dashboard startup when no real auth provider is configured and auth is still required
  • emit a warning when unauthenticated mode is explicitly enabled
  • document the new default and update local demo snippets accordingly

Related Issues

Closes #1154

Testing

  • $HOME/.cargo/bin/cargo test -p mofa-monitoring

Notes

  • create_dashboard(port) now opts into unauthenticated mode explicitly for local/dev convenience instead of inheriting a silent insecure default.

@SH20RAJ ChatGPT Codex Connector
Copy link
Copy Markdown
Author

SH20RAJ commented Mar 28, 2026

This PR is intended as a GSoC 2026-aligned contribution after reviewing mofa-org/GSoC ideas-list.md.

Relevant ideas-list areas it maps to:

  • Open Task 5: mofa-monitoring development
  • Open Task 23: Security Governance
  • Open Task 26: production-grade observability hardening

The concrete scope here is to harden the monitoring dashboard defaults so unauthenticated access is no longer silently enabled. That keeps the monitoring surface safer by default while preserving an explicit local-development opt-out path.

@SH20RAJ
Copy link
Copy Markdown
Author

SH20RAJ commented Mar 28, 2026

Hi! This PR secures the monitoring dashboard by requiring an explicit opt-out for unauthenticated access and restricting NoopAuthProvider permissions. This ensures a 'secure by default' posture for production deployments of MoFA agents. (Fixes #1154)

@SH20RAJ
Copy link
Copy Markdown
Author

SH20RAJ commented Mar 28, 2026

Hi! I've verified the changes in this PR locally using the internal test suite. All 6 authentication tests in dashboard::auth passed successfully. This confirms that the restricted read:metrics permissions and the require_auth logic are functioning as intended. Great work on hardening the defaults!

@SH20RAJ
Copy link
Copy Markdown
Author

SH20RAJ commented Mar 29, 2026

Addressing Issue #1154. This PR significantly hardens the monitoring dashboard's security by requiring an explicit with_require_auth(false) configuration for unauthenticated access. It also limits the NoopAuthProvider to read-only permissions by default. This transition from 'open-by-default' to 'secure-by-default' is a key step towards making MoFA production-ready for enterprise deployment. 🛡️

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Security] NoopAuthProvider grants wildcard permissions to all anonymous connections

1 participant

@SH20RAJ