mirror of
https://github.com/Memo-2023/mana-monorepo.git
synced 2026-05-15 00:41:09 +02:00
0dfd603892
Rate-limiting feedback: - LoginPage detects 429/account-locked errors and shows countdown timer - Submit button disabled during cooldown period Audit log: - GET /auth/security-events endpoint (JWT-protected) in auth controller - getSecurityEvents() in BetterAuthService + shared-auth client - AuditLog component with event type labels, relative dates, UA parsing - Integrated in ManaCore settings page E2E tests (passkey-2fa.e2e-spec.ts): - Passkey registration/authentication flow tests - Auth guard enforcement (protected vs public endpoints) - 2FA passthrough route existence tests - Edge cases (cross-user access, missing fields, token shape) CSRF note: Already covered by Better Auth (SameSite + HttpOnly + Trusted Origins). Token refresh already has 4-retry + offline detection. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| calendar | ||
| chat | ||
| citycorners | ||
| clock | ||
| contacts | ||
| context | ||
| docs | ||
| manacore | ||
| manadeck | ||
| matrix | ||
| mukke | ||
| nutriphi | ||
| photos | ||
| picture | ||
| planta | ||
| playground | ||
| presi | ||
| questions | ||
| skilltree | ||
| storage | ||
| todo | ||
| traces | ||
| zitare | ||