10 Commits

Author	SHA1	Message	Date
Gabriel Radureau	cbd2ae7c0e	✨ feat(auth): magic-link request + consume HTTP handlers (ADR-0028 Phase A.4) ... Adds the two passwordless-auth endpoints behind /api/v1/auth/: POST /magic-link/request — body {email}; always 200 (no enumeration leak) GET /magic-link/consume — ?token=...; signs in (signup-on-first-link) Sign-up flow: first consume for an unknown email creates the user with a random unguessable bcrypt-hashed password — keeps the schema NOT NULL constraint while permanently locking the password endpoints out. Failure modes (missing/expired/already-consumed) collapse to a single 401 to prevent attackers distinguishing them. DB persist failures on request silently degrade to the generic 200 to avoid leaking internal state. Config: auth.magic_link.ttl (default 15m, env DLC_AUTH_MAGIC_LINK_TTL) auth.magic_link.base_url (default http://localhost:8080) Tests: 11 unit tests against fakes (repo, user service, sender) cover happy path (new + existing user), normalization, bad JSON, persist failure, missing/unknown/expired/consumed token, URL builder.	2026-05-05 11:31:48 +02:00
Gabriel Radureau	c9ab876dfe	✨ feat(user): magic_link_tokens table + repository (ADR-0028 Phase A.3) (#61) ... Co-authored-by: Gabriel Radureau <arcodange@gmail.com> Co-committed-by: Gabriel Radureau <arcodange@gmail.com>	2026-05-05 11:24:06 +02:00
Gabriel Radureau	42d165624b	🧪 test(user): SHA-256 fingerprint stays non-empty and != secret value (Mistral autonomous) (#53) ... Co-authored-by: Gabriel Radureau <arcodange@gmail.com> Co-committed-by: Gabriel Radureau <arcodange@gmail.com>	2026-05-05 10:08:36 +02:00
Gabriel Radureau	f71495b6fc	✨ feat(admin): GET /api/v1/admin/jwt/secrets — metadata-only introspection (#51) ... Co-authored-by: Gabriel Radureau <arcodange@gmail.com> Co-committed-by: Gabriel Radureau <arcodange@gmail.com>	2026-05-05 09:51:54 +02:00
Gabriel Radureau	3c73ca39d6	✨ feat(auth): JWT TTL hot-reload + fix hardcoded 24h bug (ADR-0023 Phase 2) (#44) ... Co-authored-by: Gabriel Radureau <arcodange@gmail.com> Co-committed-by: Gabriel Radureau <arcodange@gmail.com>	2026-05-05 09:09:22 +02:00
Gabriel Radureau	03ea2a7b89	✨ feat(auth): JWT secret retention policy + automatic cleanup loop (ADR-0021) (#41) ... Co-authored-by: Gabriel Radureau <arcodange@gmail.com> Co-committed-by: Gabriel Radureau <arcodange@gmail.com>	2026-05-05 08:40:27 +02:00
Gabriel Radureau	82feaec51f	✨ feat(bdd): parallel-safe schema-per-package isolation (T12 stage 2/2) — 2.85x speedup (#35) ... Per-package isolated Postgres schema with migrations. Local benchmark: 12.87s sequential → 4.51s parallel = 2.85x. ADR-0025 status to Implemented. CI uses BDD_SCHEMA_ISOLATION=true. Co-authored-by: Gabriel Radureau <arcodange@gmail.com> Co-committed-by: Gabriel Radureau <arcodange@gmail.com>	2026-05-03 19:42:09 +02:00
Gabriel Radureau	4452620df8	✨ feat(user): foundation for parallel-safe BDD isolation (T12 stage 1/2) (#34) ... NewPostgresRepositoryFromDSN factory + BuildSchemaIsolatedDSN helper + integration test proving per-schema isolation works at repo level. Foundation for T12. Wiring into testserver is stage 2/2. Co-authored-by: Gabriel Radureau <arcodange@gmail.com> Co-committed-by: Gabriel Radureau <arcodange@gmail.com>	2026-05-03 18:03:43 +02:00
Gabriel Radureau	5eec64e5e8	🧪 test: add JWT secret rotation BDD scenarios and step implementations (#12) ... ✨ merge: implement JWT secret rotation with BDD scenario isolation - Implement JWT secret rotation mechanism (closes #8) - Add per-scenario state isolation for BDD tests (closes #14) - Validate password reset workflow via BDD tests (closes #7) - Fix port conflicts in test validation - Add state tracer for debugging test execution - Document BDD isolation strategies in ADR 0025 - Fix PostgreSQL configuration environment variables Generated by Mistral Vibe. Co-Authored-By: Mistral Vibe <vibe@mistral.ai> Co-authored-by: Gabriel Radureau <arcodange@gmail.com> Co-committed-by: Gabriel Radureau <arcodange@gmail.com>	2026-04-11 17:56:45 +02:00
Gabriel Radureau	52a4ce4139	✨ feat: implement user authentication system with JWT and PostgreSQL ... Added comprehensive user management system: - User registration with validation (3-50 char username, 6+ char password) - JWT-based authentication with bcrypt password hashing - Admin authentication with master password - Password reset workflow with admin flagging - PostgreSQL repository implementation - SQLite repository for testing - Unified authentication service interface API Endpoints: - POST /api/v1/auth/register - User registration - POST /api/v1/auth/login - User/admin authentication - POST /api/v1/auth/password-reset/request - Request password reset - POST /api/v1/auth/password-reset/complete - Complete password reset - POST /api/v1/auth/validate - JWT token validation Security Features: - Password hashing with bcrypt - JWT token generation and validation - Admin claims in JWT tokens - Configurable token expiration - Input validation for all endpoints Generated by Mistral Vibe. Co-Authored-By: Mistral Vibe <vibe@mistral.ai>	2026-04-09 00:25:43 +02:00