AcadeNice/corentin_wakdo
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: PIN self-service P3 (/admin/profile/pin) #16

Merged
Corentin merged 1 commit from feat/p3-set-pin into dev 2026-06-15 22:04:15 +02:00
Conversation 0 Commits 1 Files changed 7 +515 -1
Corentin commented 2026-06-15 22:00:50 +02:00
Owner
Copy link

Definition self-service du PIN d'action sensible (P3, prerequis du modele equipier+PIN).

  • ProfileController GET/POST /admin/profile/pin : l'utilisateur connecte definit/change SON propre PIN
    (cible = session guard.userId, jamais un champ de form -> pas d'IDOR). CSRF + validation serveur
    (numerique + bornes min/max, confirmation). Hash argon2id. Ecriture gardee sur 1 ligne affectee.
  • UserRepository : setPinHash (retourne le compte de lignes), pinIsSet.

Qualite : 152 tests (unit + integration DB auto-skippee), PHPStan L6 vert, E2E (definition du PIN admin).
Revue adversariale passee, 3 findings corriges (suppression du fallback ?? 0 + extraction explicite,
gate sur ligne affectee, assertion cible = session user).

Base volontaire : dev.

Definition self-service du PIN d'action sensible (P3, prerequis du modele equipier+PIN). - ProfileController GET/POST /admin/profile/pin : l'utilisateur connecte definit/change SON propre PIN (cible = session guard.userId, jamais un champ de form -> pas d'IDOR). CSRF + validation serveur (numerique + bornes min/max, confirmation). Hash argon2id. Ecriture gardee sur 1 ligne affectee. - UserRepository : setPinHash (retourne le compte de lignes), pinIsSet. Qualite : 152 tests (unit + integration DB auto-skippee), PHPStan L6 vert, E2E (definition du PIN admin). Revue adversariale passee, 3 findings corriges (suppression du fallback ?? 0 + extraction explicite, gate sur ligne affectee, assertion cible = session user). Base volontaire : dev.
Corentin added 1 commit 2026-06-15 22:00:50 +02:00
feat(admin): definition self-service du PIN d'action sensible (P3)
Some checks failed
CI / secret-scan (push) Successful in 10s
Details
CI / static-tests (push) Successful in 30s
Details
CI / php-lint (push) Successful in 20s
Details
CI / secret-scan (pull_request) Successful in 9s
Details
CI / php-lint (pull_request) Successful in 19s
Details
CI / static-tests (pull_request) Successful in 30s
Details
CI / auto-merge (push) Has been skipped
Details
CI / auto-merge (pull_request) Failing after 5s
Details
f60bc484f7 
ProfileController -> GET/POST /admin/profile/pin : l'utilisateur connecte definit/change SON
propre PIN (cible = guard.userId issu de la session, jamais un champ de formulaire -> pas d'IDOR).
CSRF (RG-T01) + validation serveur (PinVerifier::meetsLengthPolicy : numerique + bornes min/max,
RG-T18 ; confirmation). PIN stocke en hash argon2id. Ecriture gardee sur 1 ligne affectee (pas de faux
succes silencieux). UserRepository : ecritures user hors auth (setPinHash retourne le compte de lignes,
pinIsSet). Prerequis du modele 'identifiant equipier + PIN' des actions sensibles (CRUD produits).
152 tests (unit + integration), PHPStan L6. Revue adversariale passee, 3 findings corriges.
Corentin added the
auto-merge
 label 2026-06-15 22:00:51 +02:00
Corentin merged commit f63ac9873c into dev 2026-06-15 22:04:15 +02:00
Corentin deleted branch feat/p3-set-pin 2026-06-15 22:04:15 +02:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
auto-merge

Fusion automatique sur CI verte

No labels
auto-merge
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: AcadeNice/corentin_wakdo#16
No description provided.
Delete branch "feat/p3-set-pin"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?