 Hartmut
|
d3bfa8ca98
|
test(mfa): full MFA test coverage — unit + E2E
Unit tests (packages/api — 13 tests):
- generateTotpSecret: DB write, returns secret + uri
- verifyAndEnableTotp: valid token enables; invalid/already-enabled/no-secret guards
- verifyTotp (login): valid → ok; invalid → UNAUTHORIZED; not-enabled → BAD_REQUEST
- getCurrentMfaStatus: reads totpEnabled flag
E2E tests (apps/web/e2e/dev-system/mfa.spec.ts — 7 scenarios):
- Setup flow: generate secret, enable with valid code, reject invalid code, UI QR check
- Login flow: MFA prompt appears, valid code logs in, wrong code shows error + stays on prompt
- Login without MFA: no TOTP prompt for users without MFA enabled
Also: start.sh health-check timeout 30s → 90s (container startup can exceed 30s)
Co-Authored-By: claude-flow <ruv@ruv.net>
|
2026-04-01 22:30:36 +02:00 |
|
|
Hartmut
|
bfdf0a82da
|
security/platform: close audit findings #19–#26
Tests, CSP nonce middleware, SSRF guard, perf-route hardening,
Docker env isolation, migration runbook, RBAC E2E coverage.
Tickets resolved:
- #19: MfaSetup.test.ts — static source tests confirming local QR rendering
- #20: ssrf-guard.test.ts (16 tests) + webhook-procedure-support mock fix
- #21: /api/perf route.test.ts (5 tests) — header-only auth, fail-closed
- #22: middleware.ts (nonce-based CSP) + middleware.test.ts (6 tests);
layout.tsx async + nonce prop; CSP removed from next.config.ts
- #23: Active-session registry enforcement verified (already in codebase)
- #24: docker-compose.yml REDIS_URL hardcoded (no host-env substitution)
- #25: docker-compose.yml REDIS_URL + docs/developer-runbook.md created
- #26: e2e/dev-system/rbac-data-access.spec.ts (12 tests, 3 roles × 4 procedures)
Quality gates: tsc clean, api 1447/1447, web 189/189 passing.
Turbo concurrency capped at 2 (package.json) to prevent OOM under
parallel test runs.
Co-Authored-By: claude-flow <ruv@ruv.net>
|
2026-04-01 22:14:20 +02:00 |
|
|
Hartmut
|
7277e60691
|
test(api): widen resource capacity edge coverage
|
2026-04-01 07:52:40 +02:00 |
|
|
Hartmut
|
071ea13cc4
|
test(api): stabilize chargeability stats regression
|
2026-04-01 07:45:02 +02:00 |
|
|
Hartmut
|
8c5be51251
|
feat(platform): checkpoint current implementation state
|
2026-04-01 07:42:03 +02:00 |
|
|
Hartmut
|
41916a4e46
|
refactor(api): share owned resource read access
|
2026-04-01 07:35:34 +02:00 |
|
|
Hartmut
|
a0c98cf24d
|
test(api): close assistant split regression gaps
|
2026-04-01 07:33:00 +02:00 |
|
|
Hartmut
|
254f2caa94
|
test(api): cover assistant timeline resource selection
|
2026-04-01 00:44:53 +02:00 |
|
|
Hartmut
|
3d9d3dd5a7
|
test(api): cover assistant system role configs
|
2026-04-01 00:44:42 +02:00 |
|
|
Hartmut
|
9c58952170
|
test(api): cover assistant import export tools
|
2026-04-01 00:44:29 +02:00 |
|
|
Hartmut
|
67f57e2791
|
test(api): cover ai client helpers
|
2026-04-01 00:44:16 +02:00 |
|
|
Hartmut
|
ef282e5e00
|
test(api): add assistant master data mutation helpers
|
2026-04-01 00:42:49 +02:00 |
|
|
Hartmut
|
ed021947ad
|
test(api): add assistant timeline allocation mutation helpers
|
2026-04-01 00:42:43 +02:00 |
|
|
Hartmut
|
0039a9997a
|
test(api): cover assistant project computation views
|
2026-04-01 00:42:02 +02:00 |
|
|
Hartmut
|
22ead3ca3d
|
test(api): cover assistant project cover tools
|
2026-04-01 00:41:55 +02:00 |
|
|
Hartmut
|
30b202c391
|
test(api): cover assistant change history queries
|
2026-04-01 00:41:46 +02:00 |
|
|
Hartmut
|
740ef0ecdb
|
test(api): cover assistant master data rate lookup
|
2026-04-01 00:41:40 +02:00 |
|
|
Hartmut
|
43c4ad37f3
|
test(api): cover assistant auth guard
|
2026-04-01 00:41:31 +02:00 |
|
|
Hartmut
|
f52380dc53
|
test(api): cover assistant chargeability report
|
2026-04-01 00:41:26 +02:00 |
|
|
Hartmut
|
95940f005b
|
test(api): cover assistant budget status
|
2026-04-01 00:41:17 +02:00 |
|
|
Hartmut
|
1d4e5c62b0
|
test(api): cover assistant insights and scenarios
|
2026-04-01 00:41:09 +02:00 |
|
|
Hartmut
|
38a7826326
|
test(api): cover assistant advanced timeline views
|
2026-04-01 00:38:55 +02:00 |
|
|
Hartmut
|
8349c5e0b3
|
test(api): cover assistant advanced resource ranking
|
2026-04-01 00:38:49 +02:00 |
|
|
Hartmut
|
248973c87d
|
test(api): cover assistant estimate version status errors
|
2026-04-01 00:38:15 +02:00 |
|
|
Hartmut
|
c65ae132d3
|
test(api): cover assistant estimate revision export errors
|
2026-04-01 00:38:10 +02:00 |
|
|
Hartmut
|
f1427a3f85
|
test(api): cover assistant estimate planning handoff errors
|
2026-04-01 00:38:03 +02:00 |
|
|
Hartmut
|
a07057438e
|
test(api): cover assistant estimate weekly phasing errors
|
2026-04-01 00:37:59 +02:00 |
|
|
Hartmut
|
7b6a4f6436
|
test(api): cover assistant estimate commercial term errors
|
2026-04-01 00:37:45 +02:00 |
|
|
Hartmut
|
276751c4ca
|
test(api): cover assistant estimate draft errors
|
2026-04-01 00:37:45 +02:00 |
|
|
Hartmut
|
0b535a6a5f
|
test(api): cover assistant estimate clone paths
|
2026-04-01 00:37:45 +02:00 |
|
|
Hartmut
|
80c31cc53f
|
test(api): cover assistant estimate reads
|
2026-04-01 00:37:38 +02:00 |
|
|
Hartmut
|
c510eeae37
|
test(api): cover assistant dispo import tools
|
2026-04-01 00:36:26 +02:00 |
|
|
Hartmut
|
ef9ec798ed
|
test(api): cover assistant dispo staged resolution
|
2026-04-01 00:36:22 +02:00 |
|
|
Hartmut
|
542d61bed3
|
test(api): cover assistant dispo staged reads
|
2026-04-01 00:36:17 +02:00 |
|
|
Hartmut
|
e76b4b2cfe
|
test(api): cover assistant timeline project shifts
|
2026-04-01 00:35:28 +02:00 |
|
|
Hartmut
|
7949aeb2e4
|
test(api): cover assistant timeline inline allocation update
|
2026-04-01 00:35:16 +02:00 |
|
|
Hartmut
|
3607d73b84
|
test(api): cover assistant timeline allocation shifts
|
2026-04-01 00:35:16 +02:00 |
|
|
Hartmut
|
adf25f328f
|
test(api): cover assistant timeline batch quick assign
|
2026-04-01 00:34:25 +02:00 |
|
|
Hartmut
|
705b570684
|
test(api): cover assistant timeline quick assign
|
2026-04-01 00:34:18 +02:00 |
|
|
Hartmut
|
2b8e1a1bf1
|
test(api): cover assistant allocation mutations
|
2026-04-01 00:33:28 +02:00 |
|
|
Hartmut
|
3a82a52897
|
test(api): cover assistant allocation reads
|
2026-04-01 00:31:51 +02:00 |
|
|
Hartmut
|
53158dc60d
|
test(api): cover assistant comment tools
|
2026-04-01 00:30:23 +02:00 |
|
|
Hartmut
|
f6c252be34
|
test(api): cover assistant client mutations
|
2026-04-01 00:29:44 +02:00 |
|
|
Hartmut
|
e1228244e9
|
test(api): cover assistant demand tools
|
2026-04-01 00:29:07 +02:00 |
|
|
Hartmut
|
40bf22a01a
|
test(api): cover assistant role mutations
|
2026-04-01 00:28:30 +02:00 |
|
|
Hartmut
|
a154cd8658
|
test(api): cover assistant org unit mutations
|
2026-04-01 00:27:29 +02:00 |
|
|
Hartmut
|
1a9212fa5f
|
test(api): cover assistant metro city mutations
|
2026-04-01 00:26:53 +02:00 |
|
|
Hartmut
|
c88f2342d5
|
test(api): cover assistant country tools
|
2026-04-01 00:26:21 +02:00 |
|
|
Hartmut
|
734e1eff42
|
test(api): cover assistant audit reads
|
2026-04-01 00:24:21 +02:00 |
|
|
Hartmut
|
1e569a9855
|
test(api): cover assistant broadcast sends
|
2026-04-01 00:22:24 +02:00 |
|