- Add non-persisted plainPassword field to User entity (write-only via API)
- Remove direct write access to password field
- Update UserPasswordHasherProcessor to hash from plainPassword
- Update frontend DTO and UserDrawer component
Ticket: T-009
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Use getMimeType() instead of getClientMimeType() to prevent MIME spoofing
- Change IsGranted to IS_AUTHENTICATED_FULLY so ROLE_CLIENT can access avatars
- Remove Groups from avatarFileName (only avatarUrl needed by frontend)
- Disable aggressive caching to prevent stale avatar images
- Add error handling to avatar upload in profile page
- Use i18n for "Mon profil" button text
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Install symfony/mcp-bundle, add STDIO + HTTP transport config,
API token auth on User entity with custom authenticator and firewall,
generate-api-token console command, Nginx /_mcp location, fixture token.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- ActiveTimeEntryProvider returns active timer for current user
- TimeEntry fixtures with 10 sample entries for the SIRH project
- Add time_entry:read group to Project, User, and TaskType for embedded serialization
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add User API operations (GET, POST, PATCH, DELETE) with password
hashing processor, frontend service, drawer and admin tab.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
