Imugiii
b6dfc2a56c
feat(admin): modal de re-autorisation PIN au moment de l'action sensible
...
CI / static-tests (push) Successful in 2m18s
CI / js-tests (push) Successful in 49s
CI / secret-scan (pull_request) Successful in 18s
CI / secret-scan (push) Successful in 37s
CI / php-lint (push) Successful in 52s
CI / php-lint (pull_request) Successful in 22s
CI / static-tests (pull_request) Successful in 1m30s
CI / js-tests (pull_request) Successful in 36s
CI / auto-merge (push) Has been skipped
CI / auto-merge (pull_request) Failing after 5s
Les formulaires d'action sensible (RG-T13) portaient un fieldset PIN inline noye en bas
de page (email equipier + PIN), peu clair pour un equipier non technique. pin-modal.js
(CSP-safe, auto-detecte les formulaires via #pin_email) masque ce fieldset et fait surgir
un modal au clic sur l'action, avec l'email de l'utilisateur connecte pre-rempli (expose
via UserDirectory + <body data-user-email>) et le PIN a saisir. Contrat serveur inchange
(il lit toujours pin_email + pin), aucune modif des 8 formulaires concernes.
Tests : 3 tests jsdom (masquage, ouverture, prefill, confirmation, refus si vide) ;
UserDirectoryTest mis a jour (email). PHPUnit 301 + PHPStan L6 verts.
2026-06-18 11:04:53 +00:00
6557dd9c6c
fix(auth): leurre anti-enumeration sur la demande de reset ( #26 )
CI / secret-scan (push) Has been cancelled
CI / static-tests (push) Has been cancelled
CI / php-lint (push) Has been cancelled
CI / auto-merge (push) Has been cancelled
2026-06-16 14:20:59 +02:00
ad5203d3fc
feat(admin): throttle du PIN d action sensible par acteur (RG-T22) ( #18 )
CI / secret-scan (push) Successful in 8s
CI / php-lint (push) Successful in 20s
CI / static-tests (push) Successful in 32s
CI / auto-merge (push) Has been skipped
2026-06-16 00:06:33 +02:00
2756fb4080
feat(admin): CRUD produits avec PIN conditionnel et audit ( #17 )
CI / secret-scan (push) Successful in 12s
CI / php-lint (push) Successful in 22s
CI / static-tests (push) Successful in 36s
CI / auto-merge (push) Has been skipped
2026-06-15 22:35:50 +02:00
2bc22ab5c8
feat: shell back-office P3 (pages rendues serveur + garde) ( #14 )
CI / secret-scan (push) Successful in 7s
CI / php-lint (push) Successful in 16s
CI / static-tests (push) Successful in 30s
CI / auto-merge (push) Has been skipped
2026-06-15 21:25:06 +02:00
7c35f8e2dc
feat: PIN d action sensible P2 (PinVerifier RG-T13) ( #13 )
CI / secret-scan (push) Successful in 8s
CI / php-lint (push) Successful in 16s
CI / static-tests (push) Successful in 30s
CI / auto-merge (push) Has been skipped
2026-06-15 21:00:11 +02:00
f979a2339e
feat: RBAC P2 (autorisation par permission + garde de session + /api/me) ( #12 )
CI / secret-scan (push) Successful in 8s
CI / php-lint (push) Successful in 19s
CI / static-tests (push) Successful in 33s
CI / auto-merge (push) Has been skipped
2026-06-15 20:45:19 +02:00
1b0b20c12d
feat: authentification back-office P2 (login/logout/reset, throttle, audit) ( #11 )
CI / secret-scan (push) Successful in 7s
CI / php-lint (push) Successful in 17s
CI / static-tests (push) Successful in 32s
CI / auto-merge (push) Has been skipped
2026-06-15 20:18:59 +02:00
