04995e3712
feat(session): preserve intended URL across session timeout and add expiry warning dialog
...
When a session expires, the user's current URL is now captured and restored
after re-authentication (via remember-me cookie or manual login), instead of
always redirecting to the dashboard. A JavaScript session warning dialog
appears ~2 minutes before idle timeout, allowing users to extend their session
with a single click. Includes open-redirect prevention via URL validation,
Microsoft SSO callback support, and 33 unit tests.
Refs: SESSION-REDIRECT-PRESERVE-001
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-13 14:28:49 +01:00
d4978d1504
test(services): add 88 unit tests for 7 critical service classes
...
RateLimiterServiceTest (17): hit/isBlocked/reset/registerFailure, fail-open,
sliding window, scope normalization.
PermissionServiceTest (24): userHas, getUserPermissions, cache hit/miss/refresh,
clearUserCache, CRUD, system permission protection.
RoleServiceTest (9): createFromAdmin, updateFromAdmin, deleteByUuid,
Admin role protection, duplicate code rejection.
TenantServiceTest (8): CRUD, department-dependent deletion blocking.
DepartmentServiceTest (14): listPaged scope filtering, groupActiveByTenantIds,
createFromAdmin, deleteByUuid, syncTenants.
MailServiceTest (8): send logging, MailerException handling, template metadata.
UserLifecycleServiceTest (8): advisory locking, deactivation, deletion,
snapshot failure skip, privileged user exclusion, manual trigger type.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-13 13:57:54 +01:00
f6777113ec
test(gateways): add 27 unit tests for 3 security-critical gateway classes
...
AuthCryptoGatewayTest (10 tests): encrypt/decrypt round-trip, unique IVs,
Crypto payload format verification (GR-SEC-005), error handling.
SettingsCryptoGatewayTest (9 tests): interface compliance, round-trip,
AES-256-GCM format, tampered ciphertext handling.
OidcHttpGatewayTest (8 tests): success, 401/500, network error, malformed JSON.
Plan amended: PermissionGateway removed (does not exist in codebase).
SC-002 amended: payload format verification accepted as Crypto delegation proof.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-13 13:57:33 +01:00
cf4a7ec9d5
test(access): finalize operations authorization policy coverage
2026-03-13 13:35:34 +01:00
d28f85ac9e
refactor(repository): deduplicate unwrap and id array helpers
2026-03-13 13:12:51 +01:00
efa031ea5f
plans doc and settings
2026-03-13 12:05:34 +01:00
010690de19
refactor(actions): deduplicate audit metadata and grid user count enrichment
2026-03-13 12:05:11 +01:00
892da0048d
refactor(arch): enforce gateway compliance and remove service-wrapping gateways
2026-03-13 11:31:33 +01:00
964c07a9de
feat(auth): add microsoft auto-remember policy with tenant override and configurable remember TTL
2026-03-10 22:48:10 +01:00
7c75df51bb
Erweiterung Contracts und Guards
2026-03-09 19:56:08 +01:00
8d6cfa2fbc
fix broken doc links
2026-03-09 18:30:52 +01:00
7153fec05c
feat(auth): harden login flows and finalize quality-check coverage
2026-03-07 22:54:33 +01:00
9168730a8a
further things around login
2026-03-07 21:21:47 +01:00
fb6f87374f
fix(theme): stabilize tenant switch theme propagation and toggle race handling
...
Task: REVIEW-USER-THEME-001
2026-03-07 20:14:29 +01:00
dc6c135473
fix(auth): improve login accessibility semantics and add auth contract test
...
Task: AUTH-LOGIN-ACCESSIBILITY-001
2026-03-06 20:46:22 +01:00
72886f4784
docs: restructure docs to diataxis and finalize DOCS-RESTRUCTURE-001
2026-03-06 12:25:18 +01:00
9caa0a4f75
docs(agent): add SUPERGLOBAL-MIGRATION-001 run artifacts
...
Plan, execution report, guard review, acceptance review, and
finalize artifacts for the superglobal-to-abstraction migration
(87 pages migrated from $_SESSION/$_SERVER to
SessionStoreInterface/RequestRuntimeInterface).
Task: SUPERGLOBAL-MIGRATION-001
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-06 11:44:22 +01:00
549d9dd6f4
test(auth): add 33 unit tests for AuthService and RememberMeService
...
AuthServiceTest (17 tests): canLoginToTenant, refreshSessionAuthState,
loginUserById, login email-not-verified branch.
RememberMeServiceTest (16 tests): rememberUser, autoLoginFromCookie
(all 11 branches), forgetCurrentUser, forgetAllForUser,
expireAllTokensByAdmin.
Also fixes: 3 PHPStan errors in FrontendTelemetryIngestService,
8 CS-Fixer violations in out-of-scope files (ordered_imports,
braces_position).
All quality gates green: QG-001 (429 tests/0 failures),
QG-002 (0 errors), QG-003 (11 arch tests pass), QG-006 (0 violations).
Task: AUTH-LOGIN-REVIEW-001
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-06 11:43:31 +01:00
9a08f96c11
agent foundation
2026-03-06 00:44:52 +01:00