crewli

bert.hausmans/crewli

Fork 0

Commit Graph

Author	SHA1	Message	Date
bert.hausmans	2656818c35	refactor(form-field): extract legacy conditional_logic shape normaliser Three byte-identical copies of `normaliseLegacyGroupShape` lived in FormFieldService, StoreFormFieldRequest, and UpdateFormFieldRequest. WS-5d (form_fields.options) would have been the fourth copy. Hoist the helper to a single public static on FormFieldConditionalLogicService and have all three call sites delegate. Implementation: - `FormFieldConditionalLogicService::normaliseLegacyShape(array)` — pure recursive passthrough. Translates the ARCH §8 JSON group shape (`{"all": [...]}` / `{"any": [...]}`) into the service's internal `{"operator", "children"}` form. Does NOT validate; malformed shapes return as-is and surface downstream as `InvalidConditionalLogicSpecException` from `assertSpecsValid`. - Group operator catalogue sourced from `FormFieldConditionalLogicGroupOperator::values()` instead of an `['all', 'any']` literal — single source of truth for future operator additions. - All three call sites switched to the static method. The two FormRequests reach it via the existing `use` import; FormFieldService sits in the same namespace. Behaviour preserved exactly: - Existing FormFieldApiTest (cyclic logic rejection), FormFieldStrictConditionalLogicRequestTest (strict-validator rejection paths), and FormFieldConditionalLogicServiceTest (service-level paths) all green without modification. New unit tests pin the passthrough contract (8 tests): - Valid ALL / ANY translations - Recursive nested-group translation (depth 2) - Internal shape unchanged - Condition leaf passthrough - Unknown group key (`xor`) returned unchanged for downstream `assertSpecsValid` to reject - Empty array unchanged - Non-array children stripped silently Tests: 1150 → 1158 green (3110 → 3124 assertions). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-25 00:57:06 +02:00
bert.hausmans	948687f27e	feat: enterprise MFA with TOTP, email codes, backup codes, and trusted devices Three verification methods (TOTP authenticator, email code, backup codes), trusted device management with 30-day expiry, role-based enforcement for super_admin and org_admin, admin reset capability, and full test coverage (46 tests). Modifies login flow to support MFA challenge/response with temporary session tokens stored in cache. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-15 20:45:55 +02:00

Author

SHA1

Message

Date

bert.hausmans

2656818c35

refactor(form-field): extract legacy conditional_logic shape normaliser

Three byte-identical copies of `normaliseLegacyGroupShape` lived in
FormFieldService, StoreFormFieldRequest, and UpdateFormFieldRequest.
WS-5d (form_fields.options) would have been the fourth copy. Hoist
the helper to a single public static on FormFieldConditionalLogicService
and have all three call sites delegate.

Implementation:

  - `FormFieldConditionalLogicService::normaliseLegacyShape(array)` —
    pure recursive passthrough. Translates the ARCH §8 JSON group shape
    (`{"all": [...]}` / `{"any": [...]}`) into the service's internal
    `{"operator", "children"}` form. Does NOT validate; malformed shapes
    return as-is and surface downstream as
    `InvalidConditionalLogicSpecException` from `assertSpecsValid`.
  - Group operator catalogue sourced from
    `FormFieldConditionalLogicGroupOperator::values()` instead of an
    `['all', 'any']` literal — single source of truth for future
    operator additions.
  - All three call sites switched to the static method. The two
    FormRequests reach it via the existing `use` import; FormFieldService
    sits in the same namespace.

Behaviour preserved exactly:

  - Existing FormFieldApiTest (cyclic logic rejection),
    FormFieldStrictConditionalLogicRequestTest (strict-validator
    rejection paths), and FormFieldConditionalLogicServiceTest
    (service-level paths) all green without modification.

New unit tests pin the passthrough contract (8 tests):

  - Valid ALL / ANY translations
  - Recursive nested-group translation (depth 2)
  - Internal shape unchanged
  - Condition leaf passthrough
  - Unknown group key (`xor`) returned unchanged for downstream
    `assertSpecsValid` to reject
  - Empty array unchanged
  - Non-array children stripped silently

Tests: 1150 → 1158 green (3110 → 3124 assertions).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-25 00:57:06 +02:00

bert.hausmans

948687f27e

feat: enterprise MFA with TOTP, email codes, backup codes, and trusted devices

Three verification methods (TOTP authenticator, email code, backup codes),
trusted device management with 30-day expiry, role-based enforcement for
super_admin and org_admin, admin reset capability, and full test coverage
(46 tests). Modifies login flow to support MFA challenge/response with
temporary session tokens stored in cache.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-15 20:45:55 +02:00

2 Commits