When a session expires, the user's current URL is now captured and restored after re-authentication (via remember-me cookie or manual login), instead of always redirecting to the dashboard. A JavaScript session warning dialog appears ~2 minutes before idle timeout, allowing users to extend their session with a single click. Includes open-redirect prevention via URL validation, Microsoft SSO callback support, and 33 unit tests. Refs: SESSION-REDIRECT-PRESERVE-001 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
60 lines
3.0 KiB
JSON
60 lines
3.0 KiB
JSON
{
|
|
"task_id": "SESSION-REDIRECT-PRESERVE-001",
|
|
"verdict": "pass",
|
|
"checked_guard_ids": [
|
|
"GR-CORE-001",
|
|
"GR-CORE-003",
|
|
"GR-CORE-010",
|
|
"GR-SEC-001",
|
|
"GR-UI-015",
|
|
"GR-UI-011",
|
|
"GR-UI-012",
|
|
"GR-LANG-001",
|
|
"GR-LANG-002",
|
|
"GR-TEST-001",
|
|
"GR-TEST-002"
|
|
],
|
|
"checked_quality_gate_ids": [
|
|
"QG-001",
|
|
"QG-002",
|
|
"QG-006"
|
|
],
|
|
"findings": [
|
|
{
|
|
"id": "F-001",
|
|
"severity": "low",
|
|
"rule_ref": "GR-CORE-010",
|
|
"summary": "Execution report evidence for GR-CORE-010 describes DI container registration instead of DB schema idempotency. The guard is about idempotent SQL scripts in db/updates/. Since this task introduces no DB schema changes, the guard is trivially satisfied (no action needed), but the evidence text is misleading.",
|
|
"file": "agent-system/runs/SESSION-REDIRECT-PRESERVE-001/execution-report.json"
|
|
},
|
|
{
|
|
"id": "F-002",
|
|
"severity": "low",
|
|
"rule_ref": "GR-UI-011",
|
|
"summary": "Execution report evidence for GR-UI-011 describes i18n usage (t() helper), but the guard requires JS reuse-first (prefer existing exports over new functions). Actual verification: app-session-warning.js is a new component for a new feature with no existing equivalent, so creating a new module is justified. Guard satisfied, but evidence description was incorrect.",
|
|
"file": "web/js/components/app-session-warning.js"
|
|
},
|
|
{
|
|
"id": "F-003",
|
|
"severity": "low",
|
|
"rule_ref": "GR-UI-012",
|
|
"summary": "Execution report evidence for GR-UI-012 describes a11y attributes (aria-labelledby, aria-live), but the guard requires CSS reuse-first (prefer existing classes over new rules). Actual verification: no new CSS files were added; the dialog reuses existing button classes (primary, secondary outline) and the native <dialog> element. Guard satisfied, but evidence description was incorrect.",
|
|
"file": "templates/partials/app-session-warning-dialog.phtml"
|
|
},
|
|
{
|
|
"id": "F-004",
|
|
"severity": "low",
|
|
"rule_ref": "GR-UI-015",
|
|
"summary": "Execution report evidence for GR-UI-015 describes dialog focus trap and ESC prevention, but the guard requires i18n key completeness (all language files updated in same merge). Actual verification: all 4 new keys (Session expiring, Your session will expire in {countdown}..., Extend session, Log out) are present in both default_en.json and default_de.json with non-empty values. Guard satisfied, but evidence description was incorrect.",
|
|
"file": "i18n/default_en.json"
|
|
},
|
|
{
|
|
"id": "F-005",
|
|
"severity": "medium",
|
|
"rule_ref": "QG-006",
|
|
"summary": "QG-006 (CS Fixer) was marked as skipped in the execution report with the note that formatting was auto-applied on save. GR-LANG-002 requires passing composer cs:check without diff. The check was never explicitly run and verified. Recommend running 'composer cs:check' to confirm compliance before merge.",
|
|
"file": "agent-system/runs/SESSION-REDIRECT-PRESERVE-001/execution-report.json"
|
|
}
|
|
]
|
|
}
|