groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2026-05-19 18:01:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
Part-DB-server/tests
History
Sebastian Almberg dd8698840d Harden backup security: password confirmation, CSRF, env toggle 
Address security review feedback from jbtronics:

- Add IS_AUTHENTICATED_FULLY to all sensitive endpoints (create/delete
  backup, delete log, download backup, start update, restore)
- Change backup download from GET to POST with CSRF token
- Require password confirmation before downloading backups (backups
  contain sensitive data like password hashes and secrets)
- Add DISABLE_BACKUP_DOWNLOAD env var (default: disabled) to control
  whether backup downloads are allowed
- Add password confirmation modal with security warning in template
- Add comprehensive tests: auth checks, env var blocking, POST-only
  enforcement, status/progress endpoint auth
2026-03-05 19:06:54 +01:00
..
API Added API endpoint for generating labels (#1234) 2026-02-15 16:03:07 +01:00
assets Added custom part status (#1053) 2025-10-27 21:58:16 +01:00
Command Enhance KiCad integration: API v2, batch EDA editing, field export control (#1241) 2026-03-01 22:10:13 +01:00
Controller Harden backup security: password confirmation, CSRF, env toggle 2026-03-05 19:06:54 +01:00
DataTables/Filters Ran rector and made tests final 2026-02-14 23:32:43 +01:00
Doctrine Ran rector and made tests final 2026-02-14 23:32:43 +01:00
Entity Show HTML files in the HTML sandbox if enabled 2026-02-24 22:40:23 +01:00
EnvVarProcessors Ran rector and made tests final 2026-02-14 23:32:43 +01:00
EventListener Ran rector and made tests final 2026-02-14 23:32:43 +01:00
EventSubscriber Ran rector and made tests final 2026-02-14 23:32:43 +01:00
Exceptions Ran rector and made tests final 2026-02-14 23:32:43 +01:00
Form/InfoProviderSystem Ran rector and made tests final 2026-02-14 23:32:43 +01:00
Helpers Ran rector and made tests final 2026-02-14 23:32:43 +01:00
Repository Ran rector and made tests final 2026-02-14 23:32:43 +01:00
Security Ran rector and made tests final 2026-02-14 23:32:43 +01:00
Serializer Enhance KiCad integration: API v2, batch EDA editing, field export control (#1241) 2026-03-01 22:10:13 +01:00
Services Fix test failures: add locale prefix to URLs, correct log directory path 2026-03-03 21:09:41 +01:00
Settings Ran rector and made tests final 2026-02-14 23:32:43 +01:00
Twig Moved remaining twig extensions to new attributes system 2026-02-15 00:23:30 +01:00
Validator Ran rector and made tests final 2026-02-14 23:32:43 +01:00
.gitignore Initial commit 2019-02-23 16:49:38 +01:00
ApplicationAvailabilityFunctionalTest.php Ran rector and made tests final 2026-02-14 23:32:43 +01:00
bootstrap.php Updated phpunit recipe 2025-07-13 16:53:41 +02:00
DatatablesAvailabilityTest.php Ran rector and made tests final 2026-02-14 23:32:43 +01:00
object-manager.php Fixed PHPstan issues 2023-08-28 22:39:29 +02:00
SettingsTestHelper.php Run rector 2025-07-14 00:26:40 +02:00
symfony-container.php Added declare strict types to all files 2023-06-11 18:59:07 +02:00