Imugiii
|
f60bc484f7
|
feat(admin): definition self-service du PIN d'action sensible (P3)
CI / secret-scan (push) Successful in 10s
CI / static-tests (push) Successful in 30s
CI / php-lint (push) Successful in 20s
CI / secret-scan (pull_request) Successful in 9s
CI / php-lint (pull_request) Successful in 19s
CI / static-tests (pull_request) Successful in 30s
CI / auto-merge (push) Has been skipped
CI / auto-merge (pull_request) Failing after 5s
ProfileController -> GET/POST /admin/profile/pin : l'utilisateur connecte definit/change SON
propre PIN (cible = guard.userId issu de la session, jamais un champ de formulaire -> pas d'IDOR).
CSRF (RG-T01) + validation serveur (PinVerifier::meetsLengthPolicy : numerique + bornes min/max,
RG-T18 ; confirmation). PIN stocke en hash argon2id. Ecriture gardee sur 1 ligne affectee (pas de faux
succes silencieux). UserRepository : ecritures user hors auth (setPinHash retourne le compte de lignes,
pinIsSet). Prerequis du modele 'identifiant equipier + PIN' des actions sensibles (CRUD produits).
152 tests (unit + integration), PHPStan L6. Revue adversariale passee, 3 findings corriges.
|
2026-06-15 20:00:48 +00:00 |
|