mirror of
https://github.com/screentinker/screentinker.git
synced 2026-06-17 03:32:32 -06:00
538f4a7b03
The non-security gaps named in the public-API self-review: - gap-fix: zone_id (playlist items) + layout_id (device PUT) accepted and returned on read, INCLUDING the cross-tenant rejection (the is_template OR workspace_id guard - the security-relevant one). - docs serving: /openapi.yaml serves the spec, /docs returns the Redoc page. - i18n drift-guard: apitoken.* keys have full parity across en/es/fr/de/pt (a key missing in one locale fails CI). - token lifecycle branches: token-create workspace-membership validation and last_used_at stamping (integration), plus the must_change_password gate (unit test via the in-memory DB injection - cross-process WAL visibility is unreliable for that branch in-process). 119 tests total (was 108), all in the existing node --test job. Closes #92 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| admin-users.test.js | ||
| ai-design.test.js | ||
| api.test.js | ||
| apitoken-unit.test.js | ||
| branding.test.js | ||
| config-paths.test.js | ||
| i18n-tokens.test.js | ||
| openapi-contract.test.js | ||
| operator-permissions.test.js | ||
| schedule-eval.test.js | ||
| schema-check.test.js | ||
| security-fixes.test.js | ||
| tenant-cascade-migration.test.js | ||
| tizen-eval-drift.test.js | ||
| user-deletion.test.js | ||
| widget-render-xss.test.js | ||