fix(auth) : use dedicated plainPassword field for password hashing

- Add non-persisted plainPassword field to User entity (write-only via API) - Remove direct write access to password field - Update UserPasswordHasherProcessor to hash from plainPassword - Update frontend DTO and UserDrawer component Ticket: T-009 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-17 15:23:29 +01:00
parent 2ac815d074
commit ed58a402b0
4 changed files with 28 additions and 8 deletions
--- a/frontend/components/user/UserDrawer.vue
+++ b/frontend/components/user/UserDrawer.vue
@@ -1,5 +1,5 @@
 <template>
-    <AppDrawer v-model="isOpen" :title="isEditing ? 'Modifier un utilisateur' : 'Ajouter un utilisateur'">
+    <AppDrawer v-model="isOpen" :title="isEditing ? $t('users.editUser') : $t('users.addUser')">
        <form class="flex flex-col gap-2" @submit.prevent="handleSubmit">
            <MalioInputText
                v-model="form.username"
@@ -90,6 +90,8 @@ import { useProjectService } from '~/services/projects'
 import type { Client } from '~/services/dto/client'
 import type { Project } from '~/services/dto/project'

+const { t } = useI18n()
+
 const props = defineProps<{
    modelValue: boolean
    item: UserData | null
@@ -114,7 +116,7 @@ const clients = ref<Client[]>([])
 const allProjects = ref<Project[]>([])

 const clientOptions = computed(() => [
-    { label: 'Aucun client', value: null as number | null },
+    { label: t('common.noClient'), value: null as number | null },
    ...clients.value.map((c) => ({ label: c.name, value: c.id as number | null })),
 ])

@@ -190,7 +192,7 @@ async function handleSubmit() {
            allowedProjects: form.allowedProjectIds.map((id) => `/api/projects/${id}`),
        }
        if (form.password) {
-            payload.password = form.password
+            payload.plainPassword = form.password
        }

        if (isEditing.value && props.item) {