cb5f7037b2
Harden module runtime: audited listener failures and DI-first resolver
2026-03-25 10:02:03 +01:00
d1eeac6692
feat: add LDAP authentication as per-tenant login method
...
Add LDAP as a third authentication option alongside local password and
Microsoft Entra ID SSO. Per-tenant configuration supports Active Directory,
OpenLDAP, and FreeIPA with configurable attribute mapping, search-then-bind
and direct-bind methods, encrypted bind credentials (AES-256-GCM),
profile sync on login, and user auto-provisioning via external identity
linking.
Includes admin UI for connection settings with test-connection button,
login page LDAP form, 25 new PHPUnit tests, and de/en translations.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-25 07:26:04 +01:00
07fbb96246
test: add PHPUnit coverage for 7 critical Tier 1 services (GR-TEST-001)
...
199 new tests across 9 files covering auth, user lifecycle, and settings:
- ApiTokenService: create/validate/rotate/revoke, timing-safe hash, tenant scope
- ApiTokenEndpointService: pagination, scope filtering, tenant resolution, expiry
- SsoUserLinkService: 2-phase identity lookup, provisioning, profile+avatar sync
- UserAssignmentService: sync methods, assignable-role freeze, transactions
- UserLifecycleAuditService: encrypted snapshots, enum normalization, retention
- UserLifecycleRestoreService: full restore flow, 9 error exits, rollback
- AdminSettingsService: API/lifecycle, Microsoft/telemetry, color/SMTP validation
Workflow: TEST-TIER1-001 (Analyst → Planner → Executor → Code Review → Security Review → Acceptance → Finalizer — all pass)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-22 23:29:07 +01:00
975651b183
fix: eliminate $_SESSION drift in SessionProvider and add notification UI states
...
Pass AppContainer to SessionProvider::clear() so all module providers use
SessionStoreInterface consistently instead of raw $_SESSION. Also add
loading and error states to the notification bell dropdown (GR-UI-014).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-20 22:49:03 +01:00
ae74fc3251
Stabilize service suite hygiene
2026-03-19 20:35:15 +01:00
011d662dfc
Drop redundant crypto gateway tests
2026-03-19 20:17:11 +01:00
72c7f1b337
Tighten service test signal
2026-03-19 20:15:48 +01:00
28008c008c
Trim remember me delegation tests
2026-03-19 20:04:14 +01:00
83aadb3535
Deduplicate crypto gateway tests
2026-03-19 19:36:17 +01:00
ef72b34c40
feat: module architecture improvements — session keys, dependency graph, event dispatcher, deactivation hooks
...
Six targeted improvements to the modular monolith platform:
1. Fix AddressBook session key prefix to follow module.<id>.* convention
2. Move ADDRESS_BOOK_VIEW permission constant from core PermissionService into module
3. Add declarative JSON schema for module manifests (.agents/contracts/)
4. Add `requires` field with missing-dependency and circular-dependency detection
5. Add lightweight fire-and-forget event dispatcher (user.created/deleted/login/logout)
6. Add module deactivation hook interface and CLI script (bin/module-deactivate.php)
Includes 15 new architecture/unit tests covering all new functionality.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-19 18:20:13 +01:00
c7b8fd516a
feat: extend module platform with UI slots, runtime components, CLI tooling and {{userId}} search support
...
Completes the generic module platform that enables modules to contribute
UI elements, runtime JS components, and search resources without any
core hardcoding.
New generic UI slot types:
- topbar.right_item: module-contributed topbar buttons
- layout.body_end_template: module-contributed dialog/overlay templates
- layout.head_style: module-contributed global CSS
- runtime.component: declarative JS component registration with phase ordering
New infrastructure:
- ModuleAutoloader: PSR-4 autoloading for module-local PHP classes
- ModuleRuntimePageBuilder: symlinks module pages into runtime directory
- ModuleRuntimeAssetPublisher: publishes module CSS/JS to web/modules/
- ModulePermissionSynchronizer: syncs module permissions to DB
- CLI scripts: module-runtime-sync, module-build, module-migrate,
module-permissions-sync, module-assets-sync
- {{userId}} placeholder in SearchDataService for user-scoped search queries
- Component runtime with phased initialization (early/default/late)
- AppContainer.protectExistingBindings() to prevent module→core overwrites
- Architecture tests: ModuleStructureContractTest, CoreTemplateIsolationTest,
FrontendComponentRuntimeContractTest, AppContainerIsolationContractTest
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-18 22:19:56 +01:00
9688848401
Global Boomarks
2026-03-14 21:45:58 +01:00
f6777113ec
test(gateways): add 27 unit tests for 3 security-critical gateway classes
...
AuthCryptoGatewayTest (10 tests): encrypt/decrypt round-trip, unique IVs,
Crypto payload format verification (GR-SEC-005), error handling.
SettingsCryptoGatewayTest (9 tests): interface compliance, round-trip,
AES-256-GCM format, tampered ciphertext handling.
OidcHttpGatewayTest (8 tests): success, 401/500, network error, malformed JSON.
Plan amended: PermissionGateway removed (does not exist in codebase).
SC-002 amended: payload format verification accepted as Crypto delegation proof.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-13 13:57:33 +01:00
892da0048d
refactor(arch): enforce gateway compliance and remove service-wrapping gateways
2026-03-13 11:31:33 +01:00
24a6b79f7a
Fix tenant SSO status mode and refactor status UI tiles
2026-03-12 10:01:24 +01:00
964c07a9de
feat(auth): add microsoft auto-remember policy with tenant override and configurable remember TTL
2026-03-10 22:48:10 +01:00
af8ee10930
feat(auth): keep remember tokens on session timeout
...
- add timeout-specific logout path without remember-token revocation
- reset session timers after remember-me auto login
- compact session policy wording in admin settings (DE/EN)
- extend auth tests for timeout/manual logout behavior
2026-03-09 20:47:21 +01:00
7153fec05c
feat(auth): harden login flows and finalize quality-check coverage
2026-03-07 22:54:33 +01:00
fb6f87374f
fix(theme): stabilize tenant switch theme propagation and toggle race handling
...
Task: REVIEW-USER-THEME-001
2026-03-07 20:14:29 +01:00
549d9dd6f4
test(auth): add 33 unit tests for AuthService and RememberMeService
...
AuthServiceTest (17 tests): canLoginToTenant, refreshSessionAuthState,
loginUserById, login email-not-verified branch.
RememberMeServiceTest (16 tests): rememberUser, autoLoginFromCookie
(all 11 branches), forgetCurrentUser, forgetAllForUser,
expireAllTokensByAdmin.
Also fixes: 3 PHPStan errors in FrontendTelemetryIngestService,
8 CS-Fixer violations in out-of-scope files (ordered_imports,
braces_position).
All quality gates green: QG-001 (429 tests/0 failures),
QG-002 (0 errors), QG-003 (11 arch tests pass), QG-006 (0 violations).
Task: AUTH-LOGIN-REVIEW-001
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-06 11:43:31 +01:00
9a08f96c11
agent foundation
2026-03-06 00:44:52 +01:00
8f4dd5840d
major update
2026-03-04 15:56:58 +01:00
99db252f60
instances added god may help
2026-02-23 12:58:19 +01:00