Files

50 lines
3.4 KiB
JSON

{
"task_id": "2026-04-24-action-csrf-centralization-step3",
"issue_summary": "Nach Wave 2 waren in pages/admin noch einzelne Endpunkte mit direkten requestInput()->method() und Session::checkCsrfToken()-Checks vorhanden (JSON/Data und einige User-POST-Endpoints). Ziel ist die komplette Zentralisierung der Request/CSRF-Guards in pages/admin.",
"affected_layers": ["pages", "core/Support", "tests"],
"affected_files": [
{ "path": "core/Support/helpers/request.php", "role": "Action guard helpers (POST/CSRF) extended for JSON-focused endpoints" },
{ "path": "pages/admin/users/theme().php", "role": "User theme switch endpoint (POST + optional JSON)" },
{ "path": "pages/admin/users/switch-tenant().php", "role": "Tenant context switch endpoint (POST + optional JSON)" },
{ "path": "pages/admin/session-ping/data().php", "role": "JSON keepalive endpoint (POST-only + CSRF)" },
{ "path": "pages/admin/tenants/ldap-test-connection/data().php", "role": "JSON LDAP test endpoint (POST-only + CSRF)" },
{ "path": "pages/admin/users/create().php", "role": "User create form action (POST + CSRF)" },
{ "path": "pages/admin/users/bulk($action).php", "role": "Bulk user mutation endpoint (JSON + CSRF)" },
{ "path": "pages/admin/users/api-token-create($id).php", "role": "API token create action (POST + CSRF)" },
{ "path": "pages/admin/users/api-token-revoke($id).php", "role": "API token revoke action (POST + CSRF)" },
{ "path": "pages/admin/imports/index().php", "role": "Import multi-stage POST flow with in-page error rendering" },
{ "path": "tests/Architecture/AdminActionRequestGuardContractTest.php", "role": "New architecture contract to block direct legacy method/csrf checks in pages/admin" }
],
"existing_patterns": [
"Most admin actions already migrated to actionRequirePost/actionRequireCsrf in waves 1+2",
"Remaining inline checks were concentrated in a small set of JSON/data and legacy user actions",
"Some endpoints need JSON payload/status customization and non-redirect CSRF failure handling"
],
"related_tests": [
"tests/Architecture/AdminActionRequestGuardContractTest.php",
"tests/Architecture/PostEndpointCsrfContractTest.php",
"tests/Architecture/PostRedirectGetContractTest.php",
"tests/Architecture/AuthzAdminSettingsContractTest.php",
"tests/Architecture/AuthzAdminMasterDataContractTest.php",
"tests/Architecture/AuthzAdminUsersContractTest.php"
],
"security_surface": {
"authz_relevant": true,
"tenant_scope_relevant": true,
"input_handling": true,
"crypto_relevant": false,
"file_upload_relevant": false,
"notes": "Focus remains on GR-SEC-001 CSRF hardening and preserving existing authz / redirect/json behavior."
},
"assumptions": [
"Scope is strictly pages/admin completion; non-admin pages and module pages are out-of-scope for this step.",
"Existing JSON response payload shapes must be preserved where already consumed by frontend code.",
"No service/repository business logic changes are required."
],
"risks_discovered": [
"JSON-only data endpoints need helper support beyond default Request::wantsJson detection and default payload shape.",
"imports/index keeps CSRF errors in-page (non-redirect), requiring non-redirect helper mode.",
"api-token create/revoke previously had no explicit POST method guard; adding it must keep redirect behavior safe."
]
}