e5423c7916
docs(04-01): complete Wave 0 test scaffold plan — SUMMARY and STATE updated
...
- 04-01-SUMMARY.md: 30 stubs across 5 files, zero new failures, self-check passed
- STATE.md: plan 1/9 in progress, session log and decisions updated
2026-05-25 18:27:20 +02:00
c8a0443ad2
feat(04-01): add Wave 0 xfail stubs for DOC-02, ADMIN-06, SEC-08, SEC-09
...
- test_documents.py: append 4 stubs (content_stream 200, 206, admin_403, no_presigned_url)
- test_audit.py: create new file with 4 stubs (viewer, no_doc_content, user_403, export_csv)
- test_security.py: create new file with 2 stubs (credentials_enc_not_in_response, delete_user_cleans_files)
- All stubs: xfail(strict=False), body is pytest.xfail("not implemented yet")
2026-05-25 18:25:18 +02:00
e0075989df
feat(04-01): add Wave 0 xfail stubs for FOLD and SHARE requirements
...
- test_folders.py: 13 stubs for FOLD-01..05 (create, rename, delete, move, breadcrumb, sort, FTS)
- test_shares.py: 7 stubs for SHARE-01..05 (share, received list, quota isolation, revoke, duplicate)
- FTS tests carry both xfail and skipif(INTEGRATION) decorators
- All stubs: xfail(strict=False), body is pytest.xfail("not implemented yet")
2026-05-25 18:23:40 +02:00
747303246a
docs(04): create phase 4 plan (9 plans, 7 waves)
...
Folders, Sharing, Quotas & Document UX — plans verified (0 blockers,
2 non-blocking warnings). Covers FOLD-01..05, SHARE-01..05, SEC-08/09,
ADMIN-06, DOC-01/02.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-25 18:20:16 +02:00
752cf987aa
docs(04): UI design contract
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-25 14:30:10 +02:00
ff379ad6e3
docs(04): UI design contract for folders, sharing, quotas & document UX phase
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-25 14:23:29 +02:00
e7e1740573
docs(04): capture phase context
2026-05-25 14:13:46 +02:00
e89a12a062
Update Phase 3 UAT handoff — 9/10 tests pass, UAT-3 browser check pending
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-25 11:31:19 +02:00
a5f202b069
Fix Phase 3 UAT blockers: MinIO presigned URL hostname, CORS, admin flush→commit, auth refresh race
...
Bugs fixed:
- minio_backend.py: generate_presigned_put_url and presigned_get_url used internal
_client (minio:9000) instead of _public_client (localhost:9000). Browser received
ERR_NAME_NOT_RESOLVED. Fixed by using _public_client with region='us-east-1' to
skip region-discovery HTTP request from inside the container.
- docker-compose.yml: MINIO_API_CORS_ALLOW_ORIGIN was set from CORS_ORIGINS which
uses pydantic JSON list format '["http://localhost:5173 "]'. MinIO expected a plain
string and never matched the origin. Fixed to use FRONTEND_URL instead.
- admin.py: All write handlers (create_user, update_user_status, update_user_quota,
update_ai_config) used session.flush() without session.commit(). Changes appeared
to succeed (response reflected in-memory state) but rolled back on session close.
Fixed by replacing flush() with commit() in all four write handlers.
- auth.js: Concurrent refresh() calls from QuotaBar and App.vue on page reload caused
a token rotation race — first call rotated the cookie, second arrived with stale
cookie and cleared accessToken. Fixed by deduplicating with a shared in-flight
promise (_refreshInFlight).
Phase 3 UAT: 9/10 pass. UAT-3 (QuotaBar visual) pending browser confirmation.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-25 11:30:41 +02:00
b5dde2aad9
wip: Phase 3 UAT in progress — 2/10 tests pass, upload XHR bug open
...
Fixes applied this session:
- frontend/src/api/client.js: noRefreshPaths exclusion prevents auth 401s
from triggering session-expired error on login/register/refresh
- frontend/src/router/index.js: async beforeEach with silent refresh()
restores session from httpOnly cookie on page reload
UAT state: 2 pass (cold-start, admin block), 1 open (XHR upload network error),
7 pending. MinIO PUT fails in browser — needs console output to diagnose.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-24 21:26:50 +02:00
a5994d9ff4
chore: commit pending phase-3 work and add TEST_ACCOUNTS.md
...
Includes planning artifacts (03-CONTEXT, 03-DISCUSSION-LOG, 03-02-SUMMARY),
integration test script, MinIO/auth/docker fixes, and local dev account reference.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-24 11:30:56 +02:00
254e756cb8
docs(03-05): complete frontend presigned upload + quota bar plan
...
- 03-05-SUMMARY.md: plan summary covering 3-step XHR upload, QuotaBar.vue, UploadProgress error block, STORE-03/04/05 completed
- STATE.md: advance to plan 5 checkpoint pending; add 5 key decisions from plan 03-05
2026-05-23 22:02:03 +02:00
23c568ae89
feat(03-05): create QuotaBar.vue; embed in AppSidebar between topics nav and footer
...
- QuotaBar.vue: new sidebar quota widget — onMounted calls authStore.fetchQuota(); computed pct/barColor/labelColor/label from authStore.quota; color thresholds <80% indigo-500, 80-95% amber-500, >=95% red-500; skeleton loading state (animate-pulse); hides on loadFailed (v-if); role=progressbar with aria-valuenow/aria-valuemin/aria-valuemax/aria-label
- AppSidebar.vue: import QuotaBar; insert <QuotaBar /> between </nav> and settings footer div
- Frontend build exits 0 (verified)
2026-05-23 20:49:07 +02:00
eb18428d07
feat(03-05): 3-step presigned upload + quota state in auth store + progress UI
...
- api/client.js: extend request() to attach .status and .payload on 413 structured errors; remove legacy uploadDocument multipart function
- stores/auth.js: add quota ref({used_bytes:0, limit_bytes:0}) and fetchQuota() action (silent catch); expose in store return
- stores/documents.js: replace single upload() with uploadToMinIO XHR helper + 3-step async action (getUploadUrl→XHR PUT→confirmUpload); track uploadProgress map keyed by filename+timestamp (T-03-25); call fetchQuota after upload success and document delete
- components/upload/UploadProgress.vue: add aria progressbar per row, percentage label, quota rejection error block (role=alert, red-50/red-200) from item.quotaError; use plain anchor for Manage storage link
2026-05-23 20:46:24 +02:00
6bd57629ce
docs(03-04): complete flat-file settings retirement and per-user AI classification plan
...
- 03-04-SUMMARY.md: Plan complete — classifier signature, env var defaults, security
mitigations T-03-17/18/19/21 all resolved; DOC-03, DOC-05 requirements completed
- STATE.md: Advance to Plan 4/5 complete, add 5 key decisions from this plan
- ROADMAP.md: Mark 03-04-PLAN.md complete (Wave 4)
- REQUIREMENTS.md: Mark DOC-03 and DOC-05 as complete
2026-05-23 20:39:33 +02:00
349912cac3
feat(03-04): replace settings UI with admin-managed placeholder; update API client
...
- views/SettingsView.vue: Replace full form with static placeholder card. No store
imports, no API calls. Shows "AI configuration is managed by your administrator."
(D-12, T-03-21)
- stores/settings.js: Deleted — only consumed by SettingsView; no other imports
- api/client.js: Remove getSettings, patchSettings, testProvider, getDefaultPrompt
(// Settings section deleted). Add getMyQuota() for quota bar (Plan 03-05).
Add getUploadUrl() and confirmUpload() for presigned upload flow (Plan 03-05).
2026-05-23 20:34:15 +02:00
6849ebd1e6
feat(03-04): retire flat-file settings; wire per-user AI config via DB lookup
...
- config.py: Remove SETTINGS_FILE, DEFAULT_SYSTEM_PROMPT, DEFAULT_SETTINGS
constants; add system_prompt, default_ai_provider, default_ai_model to Settings
- services/classifier.py: Add _DEFAULT_SYSTEM_PROMPT module constant; classify_document
and suggest_topics_for_document accept ai_provider/ai_model kwargs; no longer calls
storage.load_settings() — uses app_settings defaults with DB-supplied overrides (D-14, D-15)
- services/storage.py: Delete load_settings, save_settings, mask_api_key, settings_masked;
remove from __all__; remove import copy, json, DEFAULT_SETTINGS, SETTINGS_FILE (D-12)
- tasks/document_tasks.py: _run resolves user.ai_provider/ai_model via session.get(User,
doc.user_id) and passes through to classifier; task signature unchanged (T-03-19)
- api/settings.py: Deleted — /api/settings endpoint removed (D-12)
- main.py: Remove settings_router import and include_router call
- tests/test_settings.py: Replace all tests with test_settings_endpoint_removed (404, green)
- tests/test_classifier.py: Implement test_per_user_provider, test_celery_task_uses_user_provider,
test_default_provider_fallback; remove xfail markers (DOC-03, DOC-05)
2026-05-23 20:32:55 +02:00
aadc69fea0
docs(03-03): complete per-user document and topic isolation plan
...
- 03-03-SUMMARY.md: documents all endpoint auth guards, ownership assertions, namespace isolation pattern, and SQLite compat deviations
- STATE.md: advance to Plan 3/5 complete, add 6 key decisions (get_regular_user, 404-not-403, CASE WHEN, or_/is_(None), AI user namespace)
- ROADMAP.md: mark 03-03-PLAN.md complete
- REQUIREMENTS.md: mark SEC-04 and DOC-04 complete
2026-05-23 20:22:12 +02:00
5950a3f5c2
feat(03-03): wire get_current_user into /api/topics/*; add load_topics_for_user; POST /api/admin/topics
...
- api/topics.py: add get_current_user dep to all 5 handlers (list, create, update, delete, suggest)
- list_topics: uses load_topics_for_user (system topics + user's own) with user-scoped doc counts
- create_topic: passes user_id=current_user.id (never creates system topics via regular endpoint)
- update_topic/delete_topic: ownership assertion — system topics and other users' topics return 404
- api/admin.py: add SystemTopicCreate model + POST /api/admin/topics (user_id=NULL, admin-only)
- services/storage.py: add or_ import; load_topics_for_user (D-17); create_topic gains user_id param with namespace-scoped dedup; topic_doc_counts gains optional user_id for user-scoped counts; add load_topics_for_user to __all__
- services/classifier.py: replace load_topics with load_topics_for_user(doc.user_id); pass user_id=doc.user_id to create_topic for AI-suggested topics (D-11)
- Tests: update all topic tests to pass auth headers; implement test_topic_namespace, test_admin_create_system_topic, test_regular_user_cannot_create_system_topic, test_topics_require_auth
2026-05-23 20:15:44 +02:00
b28bb01995
feat(03-03): add get_regular_user dep; wire auth + ownership into /api/documents/*
...
- Add get_regular_user FastAPI dep (rejects admin with 403) to deps/auth.py
- Wire Depends(get_regular_user) into all 6 /api/documents/* handlers
- upload-url: replace null-user/... object_key with str(current_user.id)/...; set user_id=current_user.id
- confirm: remove Wave 2 doc.user_id is None guard — quota runs unconditionally; add ownership assertion (404 on cross-user)
- list: filter by user_id=current_user.id via storage.list_metadata(user_id=...)
- get/delete/classify: ownership assertion (doc.user_id != current_user.id → 404)
- storage.list_metadata: add required user_id param + Document.user_id == user_id filter
- storage.delete_document: remove if doc.user_id is not None guard; use CASE WHEN for SQLite-compat quota decrement
- Tests: update existing tests to pass auth headers; implement test_cross_user_access_404, test_admin_cannot_access_documents, test_documents_require_auth; mark test_confirm_endpoint xfail(strict=False) for SQLite UUID mismatch
2026-05-23 20:05:34 +02:00
0d51d023ce
feat(03-02): implement presigned upload flow, quota enforcement, cleanup task
...
- Replace POST /api/documents/upload with POST /api/documents/upload-url + /{id}/confirm
- upload-url: create pending Document row with user_id=None (Wave 2), return presigned PUT URL
- confirm: stat MinIO for authoritative size (T-03-05), atomic quota UPDATE (T-03-06, STORE-03)
- Confirm returns 413 with {used_bytes, limit_bytes, rejected_bytes} on quota exceeded (STORE-05)
- Wave 2 guard: skip quota UPDATE when doc.user_id is None (Plan 03-03 removes this)
- Add GET /api/auth/me/quota to api/auth.py (STORE-04)
- services/storage.py: remove save_upload (D-04); add GREATEST(0, used_bytes-delta) quota decrement to delete_document (STORE-06)
- tasks/document_tasks.py: add cleanup_abandoned_uploads Celery beat task (D-06)
- celery_app.py: add beat_schedule for cleanup-abandoned-uploads every 30 minutes
- tests/test_documents.py: replace legacy /upload tests with xfail; add real test logic for upload-url/confirm/get-quota
- tests/test_quota.py: implement real test logic with xfail for PostgreSQL-specific SQL
2026-05-23 14:32:12 +02:00
3ed6dd494f
feat(03-02): extend StorageBackend ABC and MinIOBackend with presigned PUT and stat_object
...
- Add generate_presigned_put_url and stat_object abstract methods to StorageBackend ABC
- Extend MinIOBackend with dual client (self._client internal + self._public_client public)
- MinIOBackend.__init__ accepts optional public_endpoint param (RESEARCH.md Finding 3)
- generate_presigned_put_url uses self._public_client for browser-resolvable URLs
- stat_object uses self._client.stat_object and returns .size (authoritative, T-03-05)
- get_storage_backend() passes public_endpoint=settings.minio_public_endpoint
- config.py adds minio_public_endpoint field (RESEARCH.md Finding 3)
- docker-compose.yml: MINIO_API_CORS_ALLOW_ORIGIN on minio service (T-03-09)
- docker-compose.yml: MINIO_PUBLIC_ENDPOINT on backend service
- docker-compose.yml: new celery-beat service (RESEARCH.md Finding 10)
2026-05-23 13:52:16 +02:00
4e9b586ec4
docs(03-01): complete Wave 0 scaffolding plan — migration 0003 + xfail stubs
...
- Create 03-01-SUMMARY.md with all 19 new test IDs, task commits, and decisions
- Update STATE.md: phase 3 in progress, plan 1/5 complete, 3 new key decisions
- Update ROADMAP.md: mark 03-01-PLAN.md as complete (2026-05-23)
2026-05-23 13:48:07 +02:00
807a1b3e67
feat(03-01): create Alembic migration 0003 for multi-user isolation
...
- revision="0003", down_revision="0002"
- upgrade(): collects null-user object_keys, deletes document_topics cascade,
deletes null-user documents, removes MinIO objects (skip if MINIO_ENDPOINT unset),
deletes all topics (D-10), alters documents.user_id NOT NULL via batch_alter_table,
creates ix_topics_user_id index, reconciles quotas.used_bytes from SUM(size_bytes)
- downgrade(): drops ix_topics_user_id, reverts user_id to nullable; documents not restored
- batch_alter_table ensures SQLite compatibility for test suite
- MinIO step gated on MINIO_ENDPOINT env var for safe SQLite test runs
2026-05-23 13:44:22 +02:00
21ec9cb4c3
test(03-01): add Wave 0 xfail stubs and shared fixtures for Phase 3
...
- Add auth_user, admin_user, mock_minio_presigned, mock_minio_stat fixtures to conftest.py
- Create test_quota.py with 4 xfail stubs (STORE-03, STORE-05, STORE-06, SC2 race)
- Append test_migration_0003 to test_alembic.py (full pre-seed + post-migration assertions)
- Append 3 classifier xfail stubs (DOC-03, DOC-05, D-15)
- Append 6 document xfail stubs (D-05, STORE-04, SEC-04, D-16)
- Append 4 topic xfail stubs (DOC-04, D-09, D-17)
- Append test_settings_endpoint_removed stub (D-12)
- All 19 new test IDs collect cleanly with xfail(strict=False)
2026-05-23 13:42:37 +02:00
fdc32d431d
docs(03): create Phase 3 execution plan — document migration & multi-user isolation
...
5 plans across 5 sequential waves covering: Alembic migration 0003 (null-user
cleanup, NOT NULL constraint, quota reconciliation), presigned MinIO PUT upload
flow with atomic quota enforcement, auth guards on all document/topic endpoints,
flat-file settings retirement + per-user AI classification, and frontend quota bar
with 3-step XHR upload progress.
Verification passed across all 12 dimensions. All 8 phase requirements covered
(STORE-03/04/05/06, SEC-04, DOC-03/04/05).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-23 13:36:28 +02:00
1ba578c7f6
docs(03): UI design contract for Phase 3 document migration
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-23 10:21:05 +02:00
5905642a31
docs(03): UI design contract for document migration and quota UI
...
Phase 3 UI-SPEC covering two-step presigned upload progress bar,
quota usage bar (amber 80% / red 95%), and 413 quota rejection
inline error block — all inheriting Phase 2 design system tokens.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-23 10:16:28 +02:00
f261c1a53b
docs(02): defer SC5 admin-JWT/document-403 to Phase 3 per D-07; clean STATE.md
...
SC5 admin JWT on /api/documents/* returning 403 is explicitly deferred to
Phase 3 SC4 (D-07: existing doc endpoints stay public until Phase 3 auth
enforcement). ROADMAP updated. Duplicate Open Questions removed from STATE.md.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-22 20:28:55 +02:00
80eb280233
docs(02): phase 2 verification report
...
4/5 success criteria verified; 1 blocker gap identified: admin JWT
does not return 403 on document content endpoints because api/documents.py
has no auth enforcement (Phase 1 legacy state, deferred to Phase 3 per D-03).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-22 20:21:01 +02:00
858be6260e
docs(02-05): execution summary and state update
...
- 02-05-SUMMARY.md: admin panel frontend complete — AdminView, three tab components, AppSidebar update
- STATE.md: Phase 2 complete (5/5 plans), progress 40%, decisions added
- ROADMAP.md: Phase 2 marked complete, all 5 plans checked
- REQUIREMENTS.md: ADMIN-01 through ADMIN-05 and ADMIN-07 marked complete
2026-05-22 20:12:05 +02:00
92e3d755d0
feat(02-05): AppSidebar admin link and user identity footer
...
- Add conditional Admin nav link (v-if authStore.user?.role === 'admin') with shield SVG icon
- Add user identity footer: initials avatar (bg-indigo-100), email (truncate flex-1), sign-out icon button (aria-label="Sign out")
- Import useAuthStore alongside existing topicsStore; add useRouter for post-logout redirect
- All existing nav links, topicsStore reference, and scoped styles preserved unchanged
2026-05-22 20:09:16 +02:00
9137f41537
feat(02-05): admin tab components and AdminView
...
- AdminView.vue: tabbed layout (Users | Quotas | AI Config) with UI-SPEC tab strip classes
- AdminUsersTab.vue: user table with create form (crypto.getRandomValues password), inline deactivation confirmation, reactivate, reset-password, row-level spinner, empty state
- AdminQuotasTab.vue: quota inline edit with MB display, usage %, warning when limit < usage
- AdminAiConfigTab.vue: AI provider/model per-user with 1.5s "Saved" confirmation
- client.js: fix adminDeactivateUser/adminReactivateUser to use PATCH /status endpoint, fix adminResetUserPassword to /password-reset, fix adminUpdateAiConfig to send ai_provider/ai_model, add adminGetUserQuota
- No impersonation UI in any admin component (T-02-31)
2026-05-22 20:09:05 +02:00
bcb63bf8aa
docs(02-04): execution summary and state update
...
- 02-04-SUMMARY.md: admin API plan complete (18 tests, 7 endpoints, all security checks pass)
- STATE.md: advanced to plan 4/5, updated metrics and session continuity
2026-05-22 20:03:34 +02:00
f94e8d8b4a
feat(02-04): implement admin API endpoints — user CRUD, quota management, AI config
...
- GET /api/admin/users: list users (safe fields only, ordered by created_at)
- POST /api/admin/users: create user (password_must_change=True, quota init)
- PATCH /api/admin/users/{id}/status: deactivate/reactivate with sole-admin guard
- POST /api/admin/users/{id}/password-reset: Celery email dispatch (no token returned)
- GET /api/admin/users/{id}/quota: quota view with MB helpers
- PATCH /api/admin/users/{id}/quota: quota adjust with below-usage warning
- PATCH /api/admin/users/{id}/ai-config: assign AI provider/model per user
- _user_to_dict() whitelist helper prevents password_hash/credentials_enc leakage
- No impersonation endpoint (ADMIN-07 enforced by omission)
- get_current_admin Depends() on every handler (SEC-07)
- Updated backend/main.py to include admin_router
- Fixed test: mock send_reset_email.delay to avoid Redis in unit tests
2026-05-22 20:01:37 +02:00
cbad9acac1
test(02-04): RED phase — admin API test suite (11 tests, expect fail until admin.py exists)
2026-05-22 19:59:16 +02:00
833f869a48
docs(02-03): execution summary and state update
...
- 02-03-SUMMARY.md: TOTP enrollment endpoints, password reset, account management UI
- STATE.md: advanced to Plan 3/5 complete, added key decisions
2026-05-22 19:57:09 +02:00
d73e2f6112
feat(02-03): TOTP enrollment flow, backup codes, AccountView, ConfirmBlock
...
- TotpEnrollment.vue: three-step enrollment (setup → verify → backup-codes); emits 'enrolled'
- BackupCodesDisplay.vue: 2-column grid, copy-all clipboard, acknowledgment checkbox
- ConfirmBlock.vue: reusable inline confirmation block with 'confirmed'/'cancelled' emits
- AccountView.vue: TOTP section (enrollment or disable), change-password with breach/wrong-pw error handling, sign-out-all with ConfirmBlock
- npm run build exits 0
2026-05-22 19:54:53 +02:00
43e1d0145e
feat(02-03): add TOTP setup/enable/disable, password reset, and frontend_url to config
...
- GET /api/auth/totp/setup: returns provisioning_uri + secret (400 if already enabled)
- POST /api/auth/totp/enable: rate-limited 10/min, verifies TOTP code with Redis replay prevention, returns 10 backup codes
- DELETE /api/auth/totp: disables TOTP, clears secret, deletes backup codes
- POST /api/auth/password-reset: always returns 202 (anti-enumeration), enqueues Celery email task
- POST /api/auth/password-reset/confirm: validates token, strength, HIBP; updates password; no auto-login (AUTH-05)
- config.py: added frontend_url setting for password reset link construction
- test_auth_totp.py: all 11 tests passing (GREEN)
2026-05-22 19:52:36 +02:00
d7831e9382
test(02-03): add failing tests for TOTP endpoints, password reset, logout-all
...
- test_totp_setup_returns_uri: GET /api/auth/totp/setup returns provisioning_uri + secret
- test_totp_setup_already_enabled: returns 400 when totp_enabled=True
- test_totp_setup_requires_auth: returns 401/403 without Bearer
- test_password_reset_always_202_nonexistent: anti-enumeration for non-existent email
- test_password_reset_always_202_existing: anti-enumeration for existing email
- test_password_reset_confirm_invalid_token: returns 400 for bad token
- test_password_reset_confirm_weak_password: returns 422 for weak password
- test_password_reset_confirm_valid_no_autologin: returns 200 with no access_token (AUTH-05)
- test_logout_all_revokes_tokens: returns 200 with revoked message
- test_logout_all_requires_auth: returns 401/403 without Bearer
- test_totp_enable_rate_limit: 11th call returns 429
2026-05-22 19:50:51 +02:00
3d487b82ef
docs(02-02): execution summary — auth API endpoints + frontend auth wall complete
...
Requirements completed: AUTH-01, AUTH-02, AUTH-04, SEC-01, SEC-02, SEC-03, SEC-05
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-22 19:48:33 +02:00
3b7d362600
feat(02-02): frontend auth store, router guard, Login/Register views
...
- frontend/src/stores/auth.js: useAuthStore with accessToken in memory
only (never browser storage); login() accepts options.backupCode
- frontend/src/api/client.js: extended with Bearer token injection,
401 auto-refresh retry, all auth/admin API functions, changePassword
- frontend/src/router/index.js: auth routes added (/login, /register,
/password-reset, /account, /admin); beforeEach guard redirects
unauthenticated users to /login with redirect param
- frontend/src/layouts/AuthLayout.vue: centered bare layout for auth pages
- frontend/src/views/auth/LoginView.vue: three-step flow (password, TOTP,
backup code); "Use a backup code instead" link; UI-SPEC copywriting
- frontend/src/views/auth/RegisterView.vue: registration with
PasswordStrengthBar; HIBP error display; UI-SPEC copywriting
- frontend/src/components/auth/PasswordStrengthBar.vue: 4-segment bar
- frontend/src/components/ui/AppSpinner.vue: animate-spin SVG spinner
- Stub views: PasswordResetView, NewPasswordView, AccountView, AdminView
- .gitignore: exclude frontend/node_modules, dist, package-lock.json
npm run build exits 0. All acceptance criteria verified.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-22 19:45:21 +02:00
1882edfff6
feat(02-02): auth API endpoints + security hardening + Python 3.9 compat
...
- backend/api/auth.py: register, login (TOTP+backup), refresh, logout,
me, change-password; per-account Redis rate limit; HIBP check
- backend/main.py: Origin validation middleware, CSP headers middleware,
CORS locked to settings.cors_origins, Redis lifespan (app.state.redis),
admin bootstrap, auth router included, slowapi SlowAPIMiddleware
- backend/services/email.py: already created in Plan 01 (verified exists)
- Python 3.9 compat: fixed match statement in ai/__init__.py,
str|None union syntax in openai_provider.py, api/documents.py,
api/topics.py, api/settings.py, services/classifier.py
All 17 tests in test_auth_api.py pass.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-22 19:35:38 +02:00
1d425d4392
test(02-02): add failing tests for auth API endpoints
...
RED phase - 17 tests covering register, login, TOTP, backup codes,
per-account rate limiting, Origin validation, change-password, and
password_must_change flow.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-22 19:35:31 +02:00
479b72ef9a
docs(02-01): execution summary — auth service layer, deps, migration complete
...
- 02-01-SUMMARY.md: 3 tasks complete, 31 tests passing, all verification checks passed
- STATE.md: Phase 2 plan 1/5 complete, decisions added, open questions resolved
2026-05-22 19:27:29 +02:00
c4613b6b87
feat(02-01): implement deps/auth.py FastAPI dependency chain with tests
...
- get_current_user: validates Bearer JWT via decode_access_token, loads User from DB
raises HTTP 401 on invalid/expired token, missing user, or deactivated account
- get_current_admin: wraps get_current_user, raises HTTP 403 on role != 'admin' (T-02-07)
- Admin impersonation architecturally excluded (ADMIN-07, T-02-08) — no code path bypasses role check
- tests/test_auth_deps.py: 7 tests covering happy path, tampered token, inactive user, 403 non-admin, 200 admin
2026-05-22 19:25:16 +02:00
9fc820d893
feat(02-01): implement services/auth.py full auth service layer and email_tasks.py
...
- services/auth.py: Argon2 password hashing (pwdlib), constant-time verify (SEC-06)
- JWT create/decode for access tokens and password-reset tokens (typ claim validation, T-02-01)
- Refresh token lifecycle: create, rotate, revoke-all with family revocation (AUTH-07, RFC 9700)
- Family revocation enqueues send_security_alert_email.delay on token reuse (T-02-02)
- TOTP provisioning (pyotp) and verification with Redis replay prevention, valid_window=1 (AUTH-08)
- Backup code generation (8-char hex uppercase), storage (Argon2 hashed), constant-time verify (T-02-03)
- HIBP k-anonymity check via SHA-1 prefix (T-02-05), fail-open on network error (T-02-06)
- Admin bootstrap: idempotent, logs WARNING if env vars missing (D-04/D-05/D-06)
- services/email.py: SMTP send + dev stdout fallback (D-01/D-02)
- tasks/email_tasks.py: send_reset_email and send_security_alert_email Celery tasks
- celery_app.py: add email queue route for tasks.email_tasks.*
- TDD tests: 17 tests covering all auth primitives and family revocation
2026-05-22 19:23:42 +02:00
12c6487855
feat(02-01): add BackupCode ORM model, password_must_change field, Alembic migration, extend Settings
...
- Add BackupCode model to db/models.py with user_id FK, code_hash (Argon2), used_at (nullable)
- Add ix_backup_codes_user_id index on backup_codes.user_id
- Add password_must_change BOOLEAN NOT NULL DEFAULT false to User model (ADMIN-01)
- Extend config.py Settings with JWT, SMTP, admin bootstrap, and CORS fields (D-01, D-04, D-09)
- Add env_list_separator=',' for cors_origins env var parsing
- Append PyJWT, pwdlib[argon2], pyotp, aioredis, slowapi to requirements.txt
- Add .env.example entries for SECRET_KEY, ADMIN_EMAIL, SMTP_*, CORS_ORIGINS
- Create migration 0002 adding backup_codes table and password_must_change column
- Add TDD tests for all Task 1 acceptance criteria (7 tests pass)
2026-05-22 19:19:52 +02:00
16584ade00
docs(02): create phase 2 plan — Users & Authentication
...
5 plans across 5 waves covering AUTH-01..08, SEC-01..03/05..07,
ADMIN-01..05/07. Includes security hardening (Origin validation,
per-account rate limiting, TOTP replay prevention, refresh token
family revocation with security alert), TOTP + backup code login,
and admin panel frontend.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-22 19:13:44 +02:00
333978d7cb
docs(02): UI design contract for Phase 2 — Users & Authentication
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-22 15:12:02 +02:00
curo1305