fix(admin): chemin d'echec PIN atomique (pin.failed + throttle dans 1 transaction) #30

Merged

Corentin merged 1 commit from fix/pin-failure-atomicity into dev

2026-06-16 14:21:50 +02:00

Author	SHA1	Message	Date
Imugiii	a3fa72cf86	fix(admin): chemin d'echec PIN atomique (pin.failed + throttle dans 1 transaction) All checks were successful CI / php-lint (pull_request) Successful in 25s Details CI / static-tests (push) Successful in 37s Details CI / auto-merge (pull_request) Successful in 7s Details CI / secret-scan (pull_request) Successful in 11s Details CI / auto-merge (push) Has been skipped Details CI / static-tests (pull_request) Successful in 41s Details CI / secret-scan (push) Successful in 8s Details CI / php-lint (push) Successful in 24s Details Sur un PIN invalide, ProductController ecrivait la trace audit pin.failed (autocommit) PUIS appelait PinThrottle::recordFailure (qui ouvrait SA propre transaction) : deux ecritures non atomiques, un crash entre les deux laissait un etat partiel, en tension avec le claim RG-T08 (audit dans la meme transaction que l'effet). - PinThrottle : extraction de recordFailureWithin(db, ...) (memes effets, SANS transaction propre) ; recordFailure() reste l'API autonome (l'enveloppe). - ProductController (update + destroy) : les chemins d'echec PIN enveloppent logFailedPin(, ...) + recordFailureWithin(, ...) dans UNE transaction. - logFailedPin prend desormais le de la transaction. Aucun changement de test necessaire (les assertions audit/throttle tiennent dans la transaction). 188 verts, PinThrottleDbTest 2/2 contre la vraie DB, PHPStan L6.	2026-06-16 12:15:21 +00:00

Author

SHA1

Message

Date

Imugiii

a3fa72cf86

fix(admin): chemin d'echec PIN atomique (pin.failed + throttle dans 1 transaction)

CI / php-lint (pull_request) Successful in 25s

Details

CI / static-tests (push) Successful in 37s

Details

CI / auto-merge (pull_request) Successful in 7s

Details

CI / secret-scan (pull_request) Successful in 11s

Details

CI / auto-merge (push) Has been skipped

Details

CI / static-tests (pull_request) Successful in 41s

Details

CI / secret-scan (push) Successful in 8s

Details

CI / php-lint (push) Successful in 24s

Details

Sur un PIN invalide, ProductController ecrivait la trace audit pin.failed
(autocommit) PUIS appelait PinThrottle::recordFailure (qui ouvrait SA propre
transaction) : deux ecritures non atomiques, un crash entre les deux laissait un
etat partiel, en tension avec le claim RG-T08 (audit dans la meme transaction que
l'effet).

- PinThrottle : extraction de recordFailureWithin(db, ...) (memes effets, SANS
  transaction propre) ; recordFailure() reste l'API autonome (l'enveloppe).
- ProductController (update + destroy) : les chemins d'echec PIN enveloppent
  logFailedPin(, ...) + recordFailureWithin(, ...) dans UNE transaction.
- logFailedPin prend desormais le  de la transaction.

Aucun changement de test necessaire (les assertions audit/throttle tiennent dans
la transaction). 188 verts, PinThrottleDbTest 2/2 contre la vraie DB, PHPStan L6.

2026-06-16 12:15:21 +00:00