plate-auth

4 Commits 2 Branches 1 Tag

Author	SHA1	Message	Date
Patrick Plate	9d314a49c6	test(w7): greenfield consumer integration test CI / build (push) Failing after 33s Details Release / publish-maven (push) Failing after 25s Details Release / publish-npm (push) Failing after 1m7s Details Integration test module (it/) simulates a zero-code consumer of plate-auth-starter: - TestConsumerApplication: minimal @SpringBootApplication - AuthBootstrapIT: verifies all required beans are present + PermissiveOrgValidator default - ExchangeFlowIT: full exchange flow (valid envelope → tokens, tampered sig → 401, replay → 401) - PlateAuthFlywayMigrationIT: V1-V6 migration test (CI-only, requires Docker/Testcontainers) Also adds: - SecurityConfig: extracted from auto-config to separate @Configuration for proper bean ordering - PlateAuthExceptionHandler: SecurityException → 401, IllegalArgument → 400 - PlateAuthFlywayConfig: @ConditionalOnProperty(plate.auth.flyway.enabled) for test flexibility - @AutoConfigurationPackage for entity scanning from starter JAR - @Order(-100) on SecurityFilterChain for priority over defaults - CORS: allowedOriginPatterns(*) when no origins configured (dev-friendly) All 5 tests green locally (2 Docker-dependent skipped without CI env). v0.1.0	2026-06-24 16:11:38 +02:00
Patrick Plate	a2e4393d05	feat(w5): dual Flyway history (V1-V6) Migrations in db/migration/auth/ with separate flyway_schema_history_auth table: - V1: users + user_identities (with provider/subject unique constraint) - V2: memberships (polymorphic org_type/org_id, unique per user+org) - V3: invitations (64-char token, status lifecycle) - V4: access_requests (requester → reviewer workflow) - V5: Microsoft tenant_id partial index on user_identities - V6: login_events + refresh_tokens + revinfo actor_user_id column PlateAuthFlywayConfig runs a second Flyway bean against flyway_schema_history_auth, independent of consumer's own flyway_schema_history. Runs at bean init (before JPA).	2026-06-24 15:48:00 +02:00
Patrick Plate	63c953d9b9	feat(w2): auth core entities + Google OAuth + JWT + NextAuth bridge Extracted from InspectFlow Sprint 14.1-14.2, repackaged to de.platesoft.auth.: - Entities: User, UserIdentity, Membership, Invitation, AccessRequest, LoginEvent, RefreshToken - Enums: Role, OrgType, MembershipRole, MembershipStatus, InvitationStatus, AccessRequestStatus, LoginProvider - Services: JwtService, ExchangeService, MembershipService, LoginEventService - Filter: JwtAuthenticationFilter - Controller: OAuthController (POST /api/auth/exchange) - Config: PlateAuthAutoConfiguration, PlateAuthProperties (plate.auth. namespace) - Repositories: all auth-related JPA repositories - SPI: OrgValidator, OrgDisplayNameResolver, InvitationMailer, AccessRequestMailer, OnboardingHook - SPI defaults: PermissiveOrgValidator (WARN per call), LoggingInvitationMailer, LoggingAccessRequestMailer, DefaultOrgDisplayNameResolver, NoOpOnboardingHook - DTOs: ExchangePayload, TokenResponse - Security: BCrypt encoder, stateless session, CORS from PlateAuthProperties - META-INF/spring AutoConfiguration.imports registered All @Value refs replaced with PlateAuthProperties injection. No references to de.platesoft.inspectflow.* remain.	2026-06-24 15:46:54 +02:00
Patrick Plate	973c82f304	feat(w1): maven skeleton + CI scaffold - Parent POM: de.platesoft:plate-auth-parent with ${revision} CI-friendly versioning - plate-auth-starter module: Spring Boot 4.1.0 starter deps (web, jpa, security, validation, jwt, flyway, envers) - @platesoft/auth npm package skeleton: tsup bundler, conditional exports, TypeScript strict - Gitea Actions: ci.yml (on push/PR) + release.yml (on v* tag) - distributionManagement pointing to Gitea Package Registry (Maven + npm) - Apache-2.0 LICENSE, README with quickstart, CHANGELOG, .editorconfig, .gitignore - pnpm workspace with packages/auth - Maven BUILD SUCCESS verified locally	2026-06-24 15:40:17 +02:00