f60bc484f7
Some checks failed
CI / secret-scan (push) Successful in 10s
CI / static-tests (push) Successful in 30s
CI / php-lint (push) Successful in 20s
CI / secret-scan (pull_request) Successful in 9s
CI / php-lint (pull_request) Successful in 19s
CI / static-tests (pull_request) Successful in 30s
CI / auto-merge (push) Has been skipped
CI / auto-merge (pull_request) Failing after 5s
ProfileController -> GET/POST /admin/profile/pin : l'utilisateur connecte definit/change SON propre PIN (cible = guard.userId issu de la session, jamais un champ de formulaire -> pas d'IDOR). CSRF (RG-T01) + validation serveur (PinVerifier::meetsLengthPolicy : numerique + bornes min/max, RG-T18 ; confirmation). PIN stocke en hash argon2id. Ecriture gardee sur 1 ligne affectee (pas de faux succes silencieux). UserRepository : ecritures user hors auth (setPinHash retourne le compte de lignes, pinIsSet). Prerequis du modele 'identifiant equipier + PIN' des actions sensibles (CRUD produits). 152 tests (unit + integration), PHPStan L6. Revue adversariale passee, 3 findings corriges. |
||
|---|---|---|
| .. | ||
| Admin | ||
| Auth | ||
| Core | ||
| ConfigTest.php | ||
| RouterTest.php | ||