bmersereau slams the door on a silent auth bypass

A misconfigured deployment used to quietly trust any login token as proof of identity; this fix makes it fail loudly instead.

securityinfrastructure

bmersereau found a soft spot in how the app checks who's logged in. The frontend leans on Supabase, a hosted service that handles the database and user sign-in. If the settings that connect to Supabase went missing, the old code didn't stop - it just took whatever token the caller handed over and treated it as a verified user. In practice, that meant a badly configured server could stop checking identity at all and never announce it.

The change rips out that fallback everywhere it appeared. Now, if the connection details are absent, the app refuses to start that path and returns a hard error, so the problem surfaces at once rather than silently opening the front door. bmersereau also added a batch of automated tests to keep the safer behavior from slipping back in. The work was written up as closing four related security tickets, though it was closed without being merged upstream.

So what Anyone running a Mike fork in production should care: a silent auth bypass is exactly the kind of flaw that turns into a breach headline.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?