49ab77b3a3
Some checks failed
CI / php-lint (push) Successful in 25s
CI / secret-scan (pull_request) Successful in 9s
CI / secret-scan (push) Successful in 13s
CI / static-tests (push) Successful in 36s
CI / php-lint (pull_request) Successful in 19s
CI / static-tests (pull_request) Successful in 41s
CI / auto-merge (push) Has been skipped
CI / auto-merge (pull_request) Failing after 5s
CRUD produits server-rendered sous /admin/products (index/create/edit/delete).
- ProductRepository sur DatabaseInterface : all/find/create/update/delete +
categoryExists, allowlist mass-assignment (RG-T16).
- ProductController : validation serveur bornee (RG-T18) — categorie existante,
nom <=120, prix > 0 et <= UINT32, TVA dans {55,100}, image <=255,
display_order 0..65535.
- PIN equipier (RG-T13) exige UNIQUEMENT si price_cents ou vat_rate change a
l'update, et systematiquement a la suppression ; sinon write simple sans PIN.
- audit_log (RG-T14) ecrit dans la meme transaction (RG-T08) que la mutation,
acteur resolu via PinVerifier::resolveActingUser (email + PIN, is_active = 1).
- Suppression FK-safe : hard delete seulement si non referencee, sinon
PDOException 23000 -> 422.
- Mitigation brute-force PIN : chaque echec ecrit un audit_log pin.failed
(detectable). Le throttle PIN degressif complet est un chunk dedie a venir.
Tests : 172 verts (452 assertions), PHPStan L6 clean.
|
||
|---|---|---|
| .. | ||
| AuthControllerTest.php | ||
| AuthorizerTest.php | ||
| AuthServiceTest.php | ||
| CsrfTest.php | ||
| MeControllerTest.php | ||
| PasswordHasherTest.php | ||
| PasswordResetControllerTest.php | ||
| PasswordResetServiceTest.php | ||
| PinVerifierTest.php | ||
| SessionGuardTest.php | ||
| ThrottlePolicyTest.php | ||
| UserDirectoryTest.php | ||