Imugiii
|
693e4a03bf
|
feat(auth): envoi reel de l'email de reset via relais SMTP (Brevo)
CI / secret-scan (pull_request) Successful in 15s
CI / php-lint (pull_request) Successful in 28s
CI / static-tests (pull_request) Successful in 1m6s
CI / js-tests (pull_request) Successful in 40s
CI / secret-scan (push) Successful in 14s
CI / php-lint (push) Successful in 33s
CI / static-tests (push) Successful in 1m11s
CI / js-tests (push) Successful in 38s
Client SMTP maison (zero lib, contrainte from-scratch) : ESMTP + STARTTLS +
AUTH LOGIN, conduit par SmtpClient contre un SmtpTransport injectable (seam de
test). SmtpMailer assemble un message text/plain UTF-8 (dot-stuffing, en-tetes
RFC2047) et implemente l'interface Mailer existante. PasswordResetController
choisit SmtpMailer si SMTP_HOST+USER+PASSWORD presents, sinon garde LogMailer
(dev sans infra mail inchange).
STARTTLS exige avant AUTH (pas d'auth en clair). Garde anti-injection CRLF sur
les adresses (SmtpClient) + filter_var du destinataire (SmtpMailer). readReply
borne (anti-boucle sur reponse malformee). Secrets uniquement en .env (hote) :
placeholders dans .env.example / .env.prod.example, rien de versionne.
Revue compliance : verdict block initial (injection CRLF + readReply non borne),
2 must_fix corriges + tests de regression. 8 tests SMTP, 429 total, PHPStan L6.
|
2026-06-23 13:31:47 +00:00 |
|
|
|
60535bbe00
|
feat(admin): modal de re-autorisation PIN (#52)
CI / secret-scan (push) Successful in 15s
CI / php-lint (push) Successful in 19s
CI / static-tests (push) Successful in 1m5s
CI / js-tests (push) Successful in 32s
CI / auto-merge (push) Has been skipped
|
2026-06-18 13:17:59 +02:00 |
|
|
|
6557dd9c6c
|
fix(auth): leurre anti-enumeration sur la demande de reset (#26)
CI / secret-scan (push) Has been cancelled
CI / static-tests (push) Has been cancelled
CI / php-lint (push) Has been cancelled
CI / auto-merge (push) Has been cancelled
|
2026-06-16 14:20:59 +02:00 |
|
|
|
ad5203d3fc
|
feat(admin): throttle du PIN d action sensible par acteur (RG-T22) (#18)
CI / secret-scan (push) Successful in 8s
CI / php-lint (push) Successful in 20s
CI / static-tests (push) Successful in 32s
CI / auto-merge (push) Has been skipped
|
2026-06-16 00:06:33 +02:00 |
|
|
|
2756fb4080
|
feat(admin): CRUD produits avec PIN conditionnel et audit (#17)
CI / secret-scan (push) Successful in 12s
CI / php-lint (push) Successful in 22s
CI / static-tests (push) Successful in 36s
CI / auto-merge (push) Has been skipped
|
2026-06-15 22:35:50 +02:00 |
|
|
|
2bc22ab5c8
|
feat: shell back-office P3 (pages rendues serveur + garde) (#14)
CI / secret-scan (push) Successful in 7s
CI / php-lint (push) Successful in 16s
CI / static-tests (push) Successful in 30s
CI / auto-merge (push) Has been skipped
|
2026-06-15 21:25:06 +02:00 |
|
|
|
7c35f8e2dc
|
feat: PIN d action sensible P2 (PinVerifier RG-T13) (#13)
CI / secret-scan (push) Successful in 8s
CI / php-lint (push) Successful in 16s
CI / static-tests (push) Successful in 30s
CI / auto-merge (push) Has been skipped
|
2026-06-15 21:00:11 +02:00 |
|
|
|
f979a2339e
|
feat: RBAC P2 (autorisation par permission + garde de session + /api/me) (#12)
CI / secret-scan (push) Successful in 8s
CI / php-lint (push) Successful in 19s
CI / static-tests (push) Successful in 33s
CI / auto-merge (push) Has been skipped
|
2026-06-15 20:45:19 +02:00 |
|
|
|
1b0b20c12d
|
feat: authentification back-office P2 (login/logout/reset, throttle, audit) (#11)
CI / secret-scan (push) Successful in 7s
CI / php-lint (push) Successful in 17s
CI / static-tests (push) Successful in 32s
CI / auto-merge (push) Has been skipped
|
2026-06-15 20:18:59 +02:00 |
|
