dance-lessons-coach

Author	SHA1	Message	Date
Gabriel Radureau	02bafbb0e2	🔒 fix(security): redact JWT tokens and HMAC secrets in trace logs (auth_service.go) (#88 ) All checks were successful CI/CD Pipeline / Build Docker Cache (push) Successful in 9s Details CI/CD Pipeline / CI Pipeline (push) Successful in 4m29s Details CI/CD Pipeline / Trigger Docker Push (push) Successful in 6s Details Co-authored-by: Gabriel Radureau <arcodange@gmail.com> Co-committed-by: Gabriel Radureau <arcodange@gmail.com>	2026-05-06 06:43:30 +02:00
Gabriel Radureau	f71495b6fc	✨ feat(admin): GET /api/v1/admin/jwt/secrets — metadata-only introspection (#51 ) Some checks failed CI/CD Pipeline / Build Docker Cache (push) Successful in 57s Details CI/CD Pipeline / Trigger Docker Push (push) Has been cancelled Details CI/CD Pipeline / CI Pipeline (push) Has been cancelled Details Co-authored-by: Gabriel Radureau <arcodange@gmail.com> Co-committed-by: Gabriel Radureau <arcodange@gmail.com>	2026-05-05 09:51:54 +02:00
Gabriel Radureau	3c73ca39d6	✨ feat(auth): JWT TTL hot-reload + fix hardcoded 24h bug (ADR-0023 Phase 2) (#44 ) Some checks failed CI/CD Pipeline / Build Docker Cache (push) Successful in 23s Details CI/CD Pipeline / CI Pipeline (push) Failing after 5m23s Details CI/CD Pipeline / Trigger Docker Push (push) Has been skipped Details Co-authored-by: Gabriel Radureau <arcodange@gmail.com> Co-committed-by: Gabriel Radureau <arcodange@gmail.com>	2026-05-05 09:09:22 +02:00
Gabriel Radureau	03ea2a7b89	✨ feat(auth): JWT secret retention policy + automatic cleanup loop (ADR-0021) (#41 ) Some checks failed CI/CD Pipeline / Build Docker Cache (push) Successful in 13s Details CI/CD Pipeline / Trigger Docker Push (push) Has been cancelled Details CI/CD Pipeline / CI Pipeline (push) Has been cancelled Details Co-authored-by: Gabriel Radureau <arcodange@gmail.com> Co-committed-by: Gabriel Radureau <arcodange@gmail.com>	2026-05-05 08:40:27 +02:00
Gabriel Radureau	5eec64e5e8	🧪 test: add JWT secret rotation BDD scenarios and step implementations (#12 ) All checks were successful CI/CD Pipeline / Build Docker Cache (push) Successful in 9s Details CI/CD Pipeline / CI Pipeline (push) Successful in 4m15s Details CI/CD Pipeline / Trigger Docker Push (push) Has been skipped Details ✨ merge: implement JWT secret rotation with BDD scenario isolation - Implement JWT secret rotation mechanism (closes #8) - Add per-scenario state isolation for BDD tests (closes #14) - Validate password reset workflow via BDD tests (closes #7) - Fix port conflicts in test validation - Add state tracer for debugging test execution - Document BDD isolation strategies in ADR 0025 - Fix PostgreSQL configuration environment variables Generated by Mistral Vibe. Co-Authored-By: Mistral Vibe <vibe@mistral.ai> Co-authored-by: Gabriel Radureau <arcodange@gmail.com> Co-committed-by: Gabriel Radureau <arcodange@gmail.com>	2026-04-11 17:56:45 +02:00
Gabriel Radureau	52a4ce4139	✨ feat: implement user authentication system with JWT and PostgreSQL Added comprehensive user management system: - User registration with validation (3-50 char username, 6+ char password) - JWT-based authentication with bcrypt password hashing - Admin authentication with master password - Password reset workflow with admin flagging - PostgreSQL repository implementation - SQLite repository for testing - Unified authentication service interface API Endpoints: - POST /api/v1/auth/register - User registration - POST /api/v1/auth/login - User/admin authentication - POST /api/v1/auth/password-reset/request - Request password reset - POST /api/v1/auth/password-reset/complete - Complete password reset - POST /api/v1/auth/validate - JWT token validation Security Features: - Password hashing with bcrypt - JWT token generation and validation - Admin claims in JWT tokens - Configurable token expiration - Input validation for all endpoints Generated by Mistral Vibe. Co-Authored-By: Mistral Vibe <vibe@mistral.ai>	2026-04-09 00:25:43 +02:00

6 Commits