groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2026-05-19 18:01:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
Part-DB-server/tests/Controller
History
Sebastian Almberg dd8698840d Harden backup security: password confirmation, CSRF, env toggle 
Address security review feedback from jbtronics:

- Add IS_AUTHENTICATED_FULLY to all sensitive endpoints (create/delete
  backup, delete log, download backup, start update, restore)
- Change backup download from GET to POST with CSRF token
- Require password confirmation before downloading backups (backups
  contain sensitive data like password hashes and secrets)
- Add DISABLE_BACKUP_DOWNLOAD env var (default: disabled) to control
  whether backup downloads are allowed
- Add password confirmation modal with security warning in template
- Add comprehensive tests: auth checks, env var blocking, POST-only
  enforcement, status/progress endpoint auth
2026-03-05 19:06:54 +01:00
..
AdminPages Ran rector and made tests final 2026-02-14 23:32:43 +01:00
BatchEdaControllerTest.php Enhance KiCad integration: API v2, batch EDA editing, field export control (#1241) 2026-03-01 22:10:13 +01:00
BulkInfoProviderImportControllerTest.php Ran rector and made tests final 2026-02-14 23:32:43 +01:00
KiCadApiControllerTest.php Enhance KiCad integration: API v2, batch EDA editing, field export control (#1241) 2026-03-01 22:10:13 +01:00
PartControllerTest.php Ran rector and made tests final 2026-02-14 23:32:43 +01:00
RedirectControllerTest.php Ran rector and made tests final 2026-02-14 23:32:43 +01:00
ScanControllerTest.php Ran rector and made tests final 2026-02-14 23:32:43 +01:00
UpdateManagerControllerTest.php Harden backup security: password confirmation, CSRF, env toggle 2026-03-05 19:06:54 +01:00