Skip to content

fix: avoid logging env dashboard password#9135

Closed
LIghtJUNction wants to merge 1 commit into
masterfrom
codex/fix-exposure-of-initial-dashboard-password
Closed

fix: avoid logging env dashboard password#9135
LIghtJUNction wants to merge 1 commit into
masterfrom
codex/fix-exposure-of-initial-dashboard-password

Conversation

@LIghtJUNction

@LIghtJUNction LIghtJUNction commented Jul 4, 2026

Copy link
Copy Markdown
Member

Motivation

  • Prevent accidental leakage of operator-provided dashboard secrets when the app prints the startup WebUI banner.
  • The previous behavior stored ASTRBOT_DASHBOARD_INITIAL_PASSWORD in the transient _generated_dashboard_password attribute which was later included verbatim in logger output.
  • Keep existing functionality that hashes and enforces the initial password while removing the one-shot plaintext exposure to logs.

Description

  • Change AstrBotConfig._reset_generated_dashboard_password to avoid setting self._generated_dashboard_password when ASTRBOT_DASHBOARD_INITIAL_PASSWORD is present in the environment by writing generated_password if DASHBOARD_INITIAL_PASSWORD_ENV not in os.environ else None into the attribute.
  • Preserve hashing of the provided password into conf['dashboard']['pbkdf2_password'] and legacy MD5 field so authentication behavior is unchanged.
  • Update the unit test test_empty_dashboard_password_uses_initial_password_env to assert that env-provided passwords are hashed into config but are not exposed via config._generated_dashboard_password.

Testing

  • Ran code style checks with uv run --no-sync ruff format astrbot/core/config/astrbot_config.py tests/unit/test_config.py and uv run --no-sync ruff check astrbot/core/config/astrbot_config.py tests/unit/test_config.py, which passed.
  • Attempted to run uv run --no-sync pytest tests/unit/test_config.py -q, but test execution was blocked due to missing test runtime dependency pytest_asyncio in the environment.
  • Static/diff validation verifies astrbot/core/config/astrbot_config.py and tests/unit/test_config.py were updated to implement and assert the new non-logging behavior.

Codex Task

Summary by Sourcery

Ensure environment-provided dashboard passwords are no longer stored in a runtime attribute that is later logged, while keeping authentication behavior unchanged.

Bug Fixes:

  • Stop exposing the ASTRBOT_DASHBOARD_INITIAL_PASSWORD value via the generated dashboard password attribute that can end up in logs.

Tests:

  • Update dashboard password configuration tests to confirm env-provided passwords are hashed into config but not exposed via the generated password attribute.

Copilot AI review requested due to automatic review settings July 4, 2026 08:55

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

@dosubot dosubot Bot added size:XS This PR changes 0-9 lines, ignoring generated files. area:core The bug / feature is about astrbot's core, backend labels Jul 4, 2026

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request ensures that when the dashboard initial password is provided via an environment variable, the generated dashboard password attribute is set to None instead of exposing the password. The corresponding unit test has been updated to verify this behavior, ensuring that env-provided passwords are secure and not exposed. I have no feedback to provide.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've reviewed your changes and they look great!


Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 4, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs
astrbot-docs d5826a3 Commit Preview URL

Branch Preview URL
Jul 04 2026, 09:02 AM

@LIghtJUNction

Copy link
Copy Markdown
Member Author

This was also intentionally designed.

@LIghtJUNction LIghtJUNction deleted the codex/fix-exposure-of-initial-dashboard-password branch July 4, 2026 11:57
@LIghtJUNction

Copy link
Copy Markdown
Member Author

It's best not to put passwords in the logs, but I don't think it matters that much.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

aardvark area:core The bug / feature is about astrbot's core, backend codex size:XS This PR changes 0-9 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants