serversdown
b8e4718318
fix: link project to its portal client (project.client_id) so the portal isn't empty
...
Caught by adversarial review of the scope test: portal_client_for_project minted a
dedicated client but never set project.client_id, so the client-scoped routes found
no projects — every location 404'd, including the client's own (empty portal). Now
links the project + adds a positive-case test.
2026-06-15 23:53:19 +00:00
serversdown
c3eb900b7e
test: portal session is isolated to its own project (404 on others)
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-06-15 23:48:08 +00:00
serversdown
c74dada8b3
fix: treat enabled-but-passwordless portal as inactive (no dead form / self-lockout)
2026-06-15 23:46:14 +00:00
serversdown
d75f405857
feat: per-project portal password gate (/portal/p/{token}) + lockout
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-06-15 23:41:37 +00:00
serversdown
446d8704f9
refactor: hoist Project import to top; drop unused test import
2026-06-15 23:39:14 +00:00
serversdown
c04830a0ad
feat: per-project portal session mint + link-token resolve + lockout
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-06-15 23:35:48 +00:00
serversdown
b11e1a554f
feat: add per-project portal gate columns + migration
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-06-15 23:32:41 +00:00
serversdown
ad6de946b5
refactor: simplify verify_password except clause; drop unused import
2026-06-15 23:31:14 +00:00
serversdown
d44625374d
feat: argon2 password hashing helpers for the portal
2026-06-15 23:29:26 +00:00
serversdown
33069a070d
test: tidy conftest fixtures per review (drop dead try/finally, scope override cleanup, rm unused import)
2026-06-15 23:28:16 +00:00
serversdown
ec5d986ac5
test: stand up pytest harness + add argon2-cffi
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-06-15 23:23:41 +00:00
serversdown