98afac24b1
test: add 92 tests for 12 untested gateway and service classes
...
Cover Settings gateways (Session, LoginPersistence, SystemAudit, Smtp,
FrontendTelemetry, Metadata, App), Auth gateways (ExternalIdentity,
Tenant), DirectorySettings, UserSettings, and HotkeyService.
Gateway test coverage rises from 25% to 52%, overall service/gateway
coverage from 58.6% to 70.7%.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-04-13 20:46:20 +02:00
5699bc6c5b
refactor(config): remove runtime config files and centralize route/bootstrap
2026-04-01 20:27:42 +02:00
0c351f6aff
refactor(audit): extract audit domain into self-contained module
...
Move the entire audit subsystem (system audit, API audit, import audit,
user lifecycle audit, frontend telemetry) from core into modules/audit/.
Core decoupling via interface-based injection:
- AuditRecorderInterface replaces SystemAuditService in 10+ core services
- UserLifecycleAuditInterface / ImportAuditInterface for specialized flows
- NullAuditRecorder fallback when audit module is disabled
- ApiBootstrap/ApiResponse use null-safe callable resolvers
Module structure (modules/audit/):
- Manifest with routes, permissions, scheduler jobs, authorization policy
- 9 services, 8 repositories, 6 domain enums, 4 job handlers
- 33 page files, 4 JS files, 8 test files, migration scripts, i18n
Core cleanup:
- OperationsAuthorizationPolicy, UiCapabilityMap, PermissionService
surgically cleaned of audit-specific constants
- Sidebar template cleared of hardcoded audit navigation
- AuditModuleIsolationContractTest ensures no future core→module coupling
All quality gates pass: 1346 tests (19,276 assertions), PHPStan level 5
clean, architecture contracts verified.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-25 21:12:49 +01:00
07fbb96246
test: add PHPUnit coverage for 7 critical Tier 1 services (GR-TEST-001)
...
199 new tests across 9 files covering auth, user lifecycle, and settings:
- ApiTokenService: create/validate/rotate/revoke, timing-safe hash, tenant scope
- ApiTokenEndpointService: pagination, scope filtering, tenant resolution, expiry
- SsoUserLinkService: 2-phase identity lookup, provisioning, profile+avatar sync
- UserAssignmentService: sync methods, assignable-role freeze, transactions
- UserLifecycleAuditService: encrypted snapshots, enum normalization, retention
- UserLifecycleRestoreService: full restore flow, 9 error exits, rollback
- AdminSettingsService: API/lifecycle, Microsoft/telemetry, color/SMTP validation
Workflow: TEST-TIER1-001 (Analyst → Planner → Executor → Code Review → Security Review → Acceptance → Finalizer — all pass)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-22 23:29:07 +01:00
555199b217
fix: PHPStan and test strictness improvements
...
Add bin/ scripts to PHPStan scanFiles, suppress property.onlyWritten for
by-ref test properties, add exhaustive default match arm, use explicit
expects() on mock stubs, fix data provider return type, and simplify
redundant null check in NotificationServiceTest.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-22 14:15:36 +01:00
b873efc973
Strengthen settings gateway tests
2026-03-19 20:32:34 +01:00
011d662dfc
Drop redundant crypto gateway tests
2026-03-19 20:17:11 +01:00
5c7a1148ac
Consolidate settings session policy tests
2026-03-19 19:45:16 +01:00
bc72fa50a6
Consolidate settings normalization tests
2026-03-19 19:43:55 +01:00
83aadb3535
Deduplicate crypto gateway tests
2026-03-19 19:36:17 +01:00
f6777113ec
test(gateways): add 27 unit tests for 3 security-critical gateway classes
...
AuthCryptoGatewayTest (10 tests): encrypt/decrypt round-trip, unique IVs,
Crypto payload format verification (GR-SEC-005), error handling.
SettingsCryptoGatewayTest (9 tests): interface compliance, round-trip,
AES-256-GCM format, tampered ciphertext handling.
OidcHttpGatewayTest (8 tests): success, 401/500, network error, malformed JSON.
Plan amended: PermissionGateway removed (does not exist in codebase).
SC-002 amended: payload format verification accepted as Crypto delegation proof.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-13 13:57:33 +01:00
892da0048d
refactor(arch): enforce gateway compliance and remove service-wrapping gateways
2026-03-13 11:31:33 +01:00
964c07a9de
feat(auth): add microsoft auto-remember policy with tenant override and configurable remember TTL
2026-03-10 22:48:10 +01:00
792af5a532
feat(settings): add admin session policy management
2026-03-09 20:07:55 +01:00
11ca546eae
feat(security): add session timeout + transaction wrapping (B1)
...
Session timeout: configurable idle (default 30min) and absolute (default 8h)
timeouts via DB settings, enforced in web/index.php on every request.
Timestamps set at login in action layer; graceful fallback for pre-existing
sessions.
Transaction wrapping: UserAccountService.createFromAdmin/register, roles
create/edit, and permissions edit now wrap multi-step DB operations in
transactions to guarantee atomicity.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-09 19:16:26 +01:00
9a08f96c11
agent foundation
2026-03-06 00:44:52 +01:00
8f4dd5840d
major update
2026-03-04 15:56:58 +01:00
7b53faca37
bisschen tests fixen
2026-02-23 16:00:04 +01:00
99db252f60
instances added god may help
2026-02-23 12:58:19 +01:00