CapaKraken/packages/db/prisma/migrations at 13262b5cecd5e2ea1c08f9d1558f670e08c626ae - CapaKraken - Gitea: Git with a cup of tea

Hartmut/CapaKraken

Files

T

History

Hartmut afabaa0b7a fix(security): prevent TOTP replay attacks and fix user enumeration in verifyTotp

Adds lastTotpAt timestamp to User model. After a successful TOTP validation,
the timestamp is recorded. Any reuse of the same code within the 30-second
window is rejected as a replay attack.

verifyTotp now returns a single generic UNAUTHORIZED error regardless of
whether the user ID is invalid or TOTP is not enabled, preventing enumeration
of user IDs and MFA status.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-09 21:41:09 +02:00

..

20260401000000_active_sessions

fix(auth): make active-session check fail-open; add missing DB migration

2026-04-01 18:38:05 +02:00

20260402000000_user_isactive

feat: user invite flow, deactivate/delete, favicon, dashboard loading fix, admin full-width

2026-04-02 20:19:26 +02:00

.gitkeep

chore(repo): initialize planarchy workspace

2026-03-14 14:31:09 +01:00

20260310_jsonb_gin_indexes.sql

feat(platform): harden access scoping and delivery baseline

2026-03-30 00:27:31 +02:00

20260313_demand_assignment_additive.sql

feat(platform): harden access scoping and delivery baseline

2026-03-30 00:27:31 +02:00

20260314_dispo_import_roster_source_kind.sql

feat(platform): harden access scoping and delivery baseline

2026-03-30 00:27:31 +02:00

20260314_dispo_import_staged_resource_rates.sql

feat(platform): harden access scoping and delivery baseline

2026-03-30 00:27:31 +02:00

20260314_dispo_import_staging.sql

feat(platform): harden access scoping and delivery baseline

2026-03-30 00:27:31 +02:00

20260328_assistant_approvals.sql

feat(platform): harden access scoping and delivery baseline

2026-03-30 00:27:31 +02:00

20260328_holiday_calendar_integrity.sql

feat(platform): harden access scoping and delivery baseline

2026-03-30 00:27:31 +02:00

20260328_holiday_calendars.sql

feat(platform): harden access scoping and delivery baseline

2026-03-30 00:27:31 +02:00

20260328_report_templates.sql

feat(platform): harden access scoping and delivery baseline

2026-03-30 00:27:31 +02:00

20260330_system_role_config_view_planning.sql

feat(auth): introduce explicit planning read permission

2026-03-30 09:15:07 +02:00

20260330_vacation_deduction_snapshots.sql

feat(platform): checkpoint current implementation state

2026-04-01 07:42:03 +02:00

20260407_assignment_composite_indexes.sql

feat(api): add audit helpers, tool registry, shared tool manifest types, and UI primitives

2026-04-09 21:14:26 +02:00

20260409_add_deleted_at.sql

feat(db): add deletedAt audit timestamp to soft-deletable models

2026-04-09 20:03:38 +02:00

20260409_assignment_composite_indexes.sql

fix(db): add SetNull cascade on Assignment→DemandRequirement + composite indexes

2026-04-09 14:03:11 +02:00

20260409_assignment_demand_requirement_cascade.sql

fix(db): add SetNull cascade on Assignment→DemandRequirement + composite indexes

2026-04-09 14:03:11 +02:00

20260409_assignment_overbooking_acknowledged.sql

fix(infra): apply missing migrations, fix Dockerfile.dev ui package reference

2026-04-09 20:29:21 +02:00

20260409_user_last_totp_at.sql

fix(security): prevent TOTP replay attacks and fix user enumeration in verifyTotp

2026-04-09 21:41:09 +02:00