693e4a03bf
All checks were successful
CI / secret-scan (pull_request) Successful in 15s
CI / php-lint (pull_request) Successful in 28s
CI / static-tests (pull_request) Successful in 1m6s
CI / js-tests (pull_request) Successful in 40s
CI / secret-scan (push) Successful in 14s
CI / php-lint (push) Successful in 33s
CI / static-tests (push) Successful in 1m11s
CI / js-tests (push) Successful in 38s
Client SMTP maison (zero lib, contrainte from-scratch) : ESMTP + STARTTLS + AUTH LOGIN, conduit par SmtpClient contre un SmtpTransport injectable (seam de test). SmtpMailer assemble un message text/plain UTF-8 (dot-stuffing, en-tetes RFC2047) et implemente l'interface Mailer existante. PasswordResetController choisit SmtpMailer si SMTP_HOST+USER+PASSWORD presents, sinon garde LogMailer (dev sans infra mail inchange). STARTTLS exige avant AUTH (pas d'auth en clair). Garde anti-injection CRLF sur les adresses (SmtpClient) + filter_var du destinataire (SmtpMailer). readReply borne (anti-boucle sur reponse malformee). Secrets uniquement en .env (hote) : placeholders dans .env.example / .env.prod.example, rien de versionne. Revue compliance : verdict block initial (injection CRLF + readReply non borne), 2 must_fix corriges + tests de regression. 8 tests SMTP, 429 total, PHPStan L6. |
||
|---|---|---|
| .. | ||
| AuthControllerTest.php | ||
| AuthorizerTest.php | ||
| AuthServiceTest.php | ||
| CsrfTest.php | ||
| MeControllerTest.php | ||
| PasswordHasherTest.php | ||
| PasswordResetControllerTest.php | ||
| PasswordResetServiceTest.php | ||
| PinThrottleTest.php | ||
| PinVerifierTest.php | ||
| SessionGuardTest.php | ||
| SmtpClientTest.php | ||
| SmtpMailerTest.php | ||
| ThrottlePolicyTest.php | ||
| UserDirectoryTest.php | ||