Move session and API-key helper services into access module #2

Closed
opened 2026-07-06 11:42:41 +02:00 by zemion · 2 comments
Owner

Scope

Move access-owned runtime helper services for sessions, API keys, and password hashing into govoplan-access while keeping core compatibility import paths intact.

Acceptance Criteria

  • govoplan_access.backend.security owns the helper implementations.
  • govoplan_core.security.* compatibility wrappers preserve existing imports.
  • Focused access/module/boundary checks pass.
## Scope Move access-owned runtime helper services for sessions, API keys, and password hashing into `govoplan-access` while keeping core compatibility import paths intact. ## Acceptance Criteria - `govoplan_access.backend.security` owns the helper implementations. - `govoplan_core.security.*` compatibility wrappers preserve existing imports. - Focused access/module/boundary checks pass.
Author
Owner

Codex State: done

Summary

  • Moved session, API-key, and password helper implementations into govoplan-access with core compatibility wrappers.
  • Left encrypted secret helpers in core for now because secret-provider ownership remains an explicit architecture decision.

Changed Files

  • src/govoplan_access/backend/security/api_keys.py
  • src/govoplan_access/backend/security/sessions.py
  • src/govoplan_access/backend/security/passwords.py
  • /mnt/DATA/git/govoplan-core/src/govoplan_core/security/api_keys.py
  • /mnt/DATA/git/govoplan-core/src/govoplan_core/security/sessions.py
  • /mnt/DATA/git/govoplan-core/src/govoplan_core/security/passwords.py
  • /mnt/DATA/git/govoplan-core/docs/ACCESS_EXTRACTION_PLAN.md

Verification

  • ./.venv/bin/python -m py_compile core/access security wrappers and moved modules
  • ./.venv/bin/python scripts/check_dependency_boundaries.py
  • ./.venv/bin/python -m unittest tests.test_access_contracts
  • ./.venv/bin/python -m unittest tests.test_module_system
  • ./.venv/bin/python -m unittest tests.test_api_smoke.ApiSmokeTests.test_mailbox_message_listing_reports_total_count
  • ./scripts/check-focused.sh

Next / Blocked

  • Keep issue open until the local multi-repo worktree changes are committed and pushed.
## Codex State: done ### Summary - Moved session, API-key, and password helper implementations into govoplan-access with core compatibility wrappers. - Left encrypted secret helpers in core for now because secret-provider ownership remains an explicit architecture decision. ### Changed Files - `src/govoplan_access/backend/security/api_keys.py` - `src/govoplan_access/backend/security/sessions.py` - `src/govoplan_access/backend/security/passwords.py` - `/mnt/DATA/git/govoplan-core/src/govoplan_core/security/api_keys.py` - `/mnt/DATA/git/govoplan-core/src/govoplan_core/security/sessions.py` - `/mnt/DATA/git/govoplan-core/src/govoplan_core/security/passwords.py` - `/mnt/DATA/git/govoplan-core/docs/ACCESS_EXTRACTION_PLAN.md` ### Verification - `./.venv/bin/python -m py_compile core/access security wrappers and moved modules` - `./.venv/bin/python scripts/check_dependency_boundaries.py` - `./.venv/bin/python -m unittest tests.test_access_contracts` - `./.venv/bin/python -m unittest tests.test_module_system` - `./.venv/bin/python -m unittest tests.test_api_smoke.ApiSmokeTests.test_mailbox_message_listing_reports_total_count` - `./scripts/check-focused.sh` ### Next / Blocked - Keep issue open until the local multi-repo worktree changes are committed and pushed.
Author
Owner

Codex State: done

Summary

  • Session, API-key, and password helpers are owned by govoplan_access.backend.security.
  • Restored govoplan_core.security compatibility wrappers that re-export the access implementations.

Changed Files

  • /mnt/DATA/git/govoplan-core/src/govoplan_core/security/api_keys.py
  • /mnt/DATA/git/govoplan-core/src/govoplan_core/security/sessions.py
  • /mnt/DATA/git/govoplan-core/src/govoplan_core/security/passwords.py
  • /mnt/DATA/git/govoplan-core/tests/test_module_system.py

Verification

  • cd /mnt/DATA/git/govoplan-core && ./.venv/bin/python -m unittest tests.test_module_system
  • cd /mnt/DATA/git/govoplan-core && ./.venv/bin/python -m unittest tests.test_api_smoke.ApiSmokeTests.test_cookie_session_requires_csrf_for_mutations tests.test_api_smoke.ApiSmokeTests.test_tenant_user_group_role_and_api_key_administration tests.test_api_smoke.ApiSmokeTests.test_profile_refresh_and_system_role_protection_model
## Codex State: done ### Summary - Session, API-key, and password helpers are owned by govoplan_access.backend.security. - Restored govoplan_core.security compatibility wrappers that re-export the access implementations. ### Changed Files - `/mnt/DATA/git/govoplan-core/src/govoplan_core/security/api_keys.py` - `/mnt/DATA/git/govoplan-core/src/govoplan_core/security/sessions.py` - `/mnt/DATA/git/govoplan-core/src/govoplan_core/security/passwords.py` - `/mnt/DATA/git/govoplan-core/tests/test_module_system.py` ### Verification - `cd /mnt/DATA/git/govoplan-core && ./.venv/bin/python -m unittest tests.test_module_system` - `cd /mnt/DATA/git/govoplan-core && ./.venv/bin/python -m unittest tests.test_api_smoke.ApiSmokeTests.test_cookie_session_requires_csrf_for_mutations tests.test_api_smoke.ApiSmokeTests.test_tenant_user_group_role_and_api_key_administration tests.test_api_smoke.ApiSmokeTests.test_profile_refresh_and_system_role_protection_model`
Sign in to join this conversation.
No Label
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: add-ideas/govoplan-access#2
No description provided.