[#NUMERO_TICKET] TITRE TICKET #1

Closed

matthieu wants to merge 0 commits from refactor/simplify-catalog-delete into develop

pull from: refactor/simplify-catalog-delete

merge into: MALIO-DEV:develop

MALIO-DEV:develop

MALIO-DEV:feat/custom-field-name-autocomplete

MALIO-DEV:refactor/simplification-globale

MALIO-DEV:feat/empty-slot-highlight

MALIO-DEV:refactor/infra-reorganize

MALIO-DEV:feature/docker-deployment

MALIO-DEV:master

MALIO-DEV:feature/SIRH-6-page-de-reinitialisation-mdp

MALIO-DEV:feat/json-to-tables-normalization

Conversation 0 Commits - Files Changed -

matthieu commented 2026-03-08 17:44:51 +00:00

Owner

Copy Link

Numéro du ticket	Titre du ticket

Description de la PR

Modification du .env

Check list

• Pas de régression
• TU/TI/TF rédigée
• TU/TI/TF OK
• CHANGELOG modifié

| Numéro du ticket | Titre du ticket | |------------------|-----------------| | | | ## Description de la PR ## Modification du .env ## Check list - [ ] Pas de régression - [ ] TU/TI/TF rédigée - [ ] TU/TI/TF OK - [ ] CHANGELOG modifié

matthieu added 9 commits 2026-03-08 17:44:51 +00:00

chore : clean project config — untrack .idea/, gitignore Zone.Identifier and frontend/, blank JWT secret ... bab13e5c57

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

refactor(backend) : extract CuidEntityTrait, abstract audit subscriber, merge history controllers ... 74f77a3ba8

- Extract shared ID generation + timestamps into CuidEntityTrait used by all entities
- Create AbstractAuditSubscriber to deduplicate audit logic across 7 subscribers
- Merge per-entity history controllers into single EntityHistoryController
- Delete redundant ComposantHistory/MachineHistory/PieceHistory/ProductHistoryController
- Add OpenApiDecorator for API documentation customization
- Disable failOnDeprecation in PHPUnit (vendor API Platform deprecation)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

chore(config) : add DAMA test bundle, update API Platform config, improve makefile ... 0709d01240

- Register DAMADoctrineTestBundle for test env (transaction rollback)
- Update API Platform title/description, add pagination defaults
- Configure services for new controllers and commands
- Update makefile targets

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

fix(security) : harden auth, session, document access and health endpoint ... b342d0e50a

- Remove orphaned PUBLIC_ACCESS rule for deleted /api/test route
- Remove JWT login firewall (app is session-based only)
- Set APP_SECRET placeholder (real value must be in .env.local)
- Remove JWT env vars from .env
- Add session regeneration on login (prevent session fixation)
- Remove Document.path from API serialization groups (prevent path leak)
- Restrict health check details to ROLE_ADMIN (anonymes get status only)
- Add path traversal guard in DocumentStorageService
- Convert CreateProfileCommand password to interactive hidden prompt
- Restrict Profile Get endpoint to ROLE_ADMIN
- Change api firewall to stateless: false (matches session-based auth)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

test(api) : add comprehensive API test suite (161 tests) ... efc6ec5691

- Add AbstractApiTestCase with auth helpers and entity factories
- Add tests for all entities: Machine, Piece, Composant, Product, Site,
  ModelType, Constructeur, CustomField, CustomFieldValue, Document,
  MachineComponentLink, MachinePieceLink, MachineProductLink, Profile
- Add controller tests: CommentController, EntityHistory
- Add HealthCheck, Filter, Pagination, Validation, Session tests
- Test auth (401), authorization (403), CRUD, and edge cases

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

docs : update project documentation and frontend submodule pointer ... 33e3f25850

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

fix(security) : disable session migration on API firewall ... 33fc80cbc2

Symfony's default session_fixation_strategy (migrate) regenerated the
session ID on every authenticated request, breaking concurrent API calls
from the SPA — only the first request succeeded, all others got 401.
The login controller already calls $session->migrate(true) explicitly,
so disabling automatic migration is safe.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

feat(machine) : add custom field management on machine detail page ... d3cd3fc3ce

- Fix: return customFieldValues in structure endpoint (was hardcoded null)
- Frontend: add editor to create/edit/delete custom field definitions
- Tests: add integration tests for structure values + definition CRUD

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

docs : update CLAUDE.md with custom controllers, fields architecture and factories ... dcb5f15769

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

matthieu closed this pull request 2026-03-09 14:54:05 +00:00

matthieu deleted branch refactor/simplify-catalog-delete 2026-03-09 14:54:05 +00:00

Pull request closed

This pull request cannot be reopened because the branch was deleted.

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

No items

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

malio matthieu tristan

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: MALIO-DEV/Inventory#1