Imugiii
|
f60bc484f7
|
feat(admin): definition self-service du PIN d'action sensible (P3)
CI / secret-scan (push) Successful in 10s
CI / static-tests (push) Successful in 30s
CI / php-lint (push) Successful in 20s
CI / secret-scan (pull_request) Successful in 9s
CI / php-lint (pull_request) Successful in 19s
CI / static-tests (pull_request) Successful in 30s
CI / auto-merge (push) Has been skipped
CI / auto-merge (pull_request) Failing after 5s
ProfileController -> GET/POST /admin/profile/pin : l'utilisateur connecte definit/change SON
propre PIN (cible = guard.userId issu de la session, jamais un champ de formulaire -> pas d'IDOR).
CSRF (RG-T01) + validation serveur (PinVerifier::meetsLengthPolicy : numerique + bornes min/max,
RG-T18 ; confirmation). PIN stocke en hash argon2id. Ecriture gardee sur 1 ligne affectee (pas de faux
succes silencieux). UserRepository : ecritures user hors auth (setPinHash retourne le compte de lignes,
pinIsSet). Prerequis du modele 'identifiant equipier + PIN' des actions sensibles (CRUD produits).
152 tests (unit + integration), PHPStan L6. Revue adversariale passee, 3 findings corriges.
|
2026-06-15 20:00:48 +00:00 |
|
|
|
8290ceabc4
|
feat: CRUD categories P3 (rendu serveur, garde + CSRF + validation) (#15)
CI / secret-scan (push) Successful in 7s
CI / php-lint (push) Successful in 18s
CI / static-tests (push) Successful in 27s
CI / auto-merge (push) Has been skipped
|
2026-06-15 21:45:31 +02:00 |
|
|
|
2bc22ab5c8
|
feat: shell back-office P3 (pages rendues serveur + garde) (#14)
CI / secret-scan (push) Successful in 7s
CI / php-lint (push) Successful in 16s
CI / static-tests (push) Successful in 30s
CI / auto-merge (push) Has been skipped
|
2026-06-15 21:25:06 +02:00 |
|
|
|
7c35f8e2dc
|
feat: PIN d action sensible P2 (PinVerifier RG-T13) (#13)
CI / secret-scan (push) Successful in 8s
CI / php-lint (push) Successful in 16s
CI / static-tests (push) Successful in 30s
CI / auto-merge (push) Has been skipped
|
2026-06-15 21:00:11 +02:00 |
|
|
|
f979a2339e
|
feat: RBAC P2 (autorisation par permission + garde de session + /api/me) (#12)
CI / secret-scan (push) Successful in 8s
CI / php-lint (push) Successful in 19s
CI / static-tests (push) Successful in 33s
CI / auto-merge (push) Has been skipped
|
2026-06-15 20:45:19 +02:00 |
|
|
|
1b0b20c12d
|
feat: authentification back-office P2 (login/logout/reset, throttle, audit) (#11)
CI / secret-scan (push) Successful in 7s
CI / php-lint (push) Successful in 17s
CI / static-tests (push) Successful in 32s
CI / auto-merge (push) Has been skipped
|
2026-06-15 20:18:59 +02:00 |
|
