dmolinari/SIG-CM2.0
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

UDT-002: Logout + Refresh Token con rotación y chain revocation #3

Merged
dmolinari merged 36 commits from feature/UDT-002 into main 2026-04-14 17:37:47 +00:00
Conversation 0 Commits 36 Files Changed 47 +2359 -41

36 Commits

Author SHA1 Message Date
dmolinari
96dbeecc0f fix(web): use endsWith for /auth path exclusion in refresh interceptor 
Avoids substring-match false positives on future endpoints whose URL could
contain /auth/refresh or /auth/login as infix (W-01 from verify report).
 2026-04-14 13:59:37 -03:00
dmolinari
7fadb88da0 docs(web): smoke test checklist UDT-002 — login, refresh, logout, reuse detection 2026-04-14 13:52:59 -03:00
dmolinari
dd4f4dbd5e test(web): LoginPage — verify setAuth receives expiresIn and calculates expiresAt 2026-04-14 13:51:41 -03:00
dmolinari
bdaaaffaf6 feat(web): axiosClient — request/response interceptors with singleton refresh queue 2026-04-14 13:50:49 -03:00
dmolinari
d40b7247fc feat(web): authApi — add refresh() and logout() with types and tests 2026-04-14 13:49:39 -03:00
dmolinari
f806e0a483 test(web): authStore TDD — refreshToken, expiresAt, clearAuth, updateAccess, logout async 2026-04-14 13:48:50 -03:00
dmolinari
f1d4ea0047 fix(test): RefreshTokenRepository tests use Respawn pattern instead of transaction isolation 
Transaction-scoped tests conflicted with the repository opening its own connection,
blocking on FK locks for the uncommitted seeded user and causing timeouts.
Switched to the Respawn pattern used by UsuarioRepositoryTests ([Collection("Database")])
which commits seed data and resets between test classes.
 2026-04-14 13:45:53 -03:00
dmolinari
fd2ff8a802 feat(api): map InvalidRefreshTokenException and TokenReuseDetectedException to generic 401 2026-04-14 13:28:45 -03:00
dmolinari
8768067fdd feat(api): add /refresh [AllowAnonymous] and /logout [Authorize] endpoints to AuthController 2026-04-14 13:28:45 -03:00
dmolinari
4e7b2690bd test(api): add Refresh and Logout endpoint integration tests RED 2026-04-14 13:28:44 -03:00
dmolinari
aed26e3de9 feat(infra): register RefreshTokenRepository, RefreshTokenGenerator, ClientContext and handlers in DI 2026-04-14 13:28:36 -03:00
dmolinari
cb4250f7b3 feat(infra): implement ClientContext for IP and UserAgent from IHttpContextAccessor 2026-04-14 13:28:35 -03:00
dmolinari
19ac807500 feat(infra): add RefreshTokenDays to JwtOptions and AuthOptions config 2026-04-14 13:28:35 -03:00
dmolinari
0c809da633 feat(infra): implement RefreshTokenRepository with Dapper and add GetByIdAsync to UsuarioRepository 2026-04-14 13:28:29 -03:00
dmolinari
e405c0453b test(infra): add RefreshTokenRepository integration tests RED 2026-04-14 13:28:28 -03:00
dmolinari
d326dd87e0 feat(infra): implement RefreshTokenGenerator with cryptographic random bytes 2026-04-14 13:28:24 -03:00
dmolinari
2806e8dfa6 test(infra): add RefreshTokenGenerator tests RED 2026-04-14 13:28:24 -03:00
dmolinari
c910ff2fc5 feat(infra): implement GetPrincipalFromExpiredToken in JwtService 2026-04-14 13:28:20 -03:00
dmolinari
a363e3658d test(infra): add GetPrincipalFromExpiredToken tests for JwtService RED 2026-04-14 13:28:20 -03:00
dmolinari
8bbd2b6f2a feat(app): update LoginCommandHandler to persist hashed refresh token on login 2026-04-14 13:28:16 -03:00
dmolinari
b79efc778a test(app): extend LoginCommandHandler tests with refresh token persistence cases RED 2026-04-14 13:28:15 -03:00
dmolinari
6c02197369 feat(app): implement LogoutCommand handler with idempotent revocation 2026-04-14 13:28:10 -03:00
dmolinari
15a7687e4c test(app): add LogoutCommandHandler tests RED 2026-04-14 13:28:10 -03:00
dmolinari
f5e67b78a5 feat(app): implement RefreshCommand handler with token rotation and chain revocation 2026-04-14 13:28:06 -03:00
dmolinari
25639398c2 test(app): add RefreshCommandHandler tests RED 2026-04-14 13:28:02 -03:00
dmolinari
971f6f572f feat(app): add IClientContext abstraction for IP and UserAgent 2026-04-14 13:17:12 -03:00
dmolinari
84006776b6 feat(app): add IRefreshTokenGenerator abstraction 2026-04-14 13:17:12 -03:00
dmolinari
802c89ffe5 feat(app): add IRefreshTokenRepository abstraction 2026-04-14 13:17:11 -03:00
dmolinari
ba6dffb137 feat(app): extend IJwtService with GetPrincipalFromExpiredToken 2026-04-14 13:17:11 -03:00
dmolinari
83c6a95ee2 feat(domain): add InvalidRefreshTokenException and TokenReuseDetectedException 2026-04-14 13:16:44 -03:00
dmolinari
aacfd29673 feat(domain): add TokenHasher SHA-256 base64url helper 2026-04-14 13:16:43 -03:00
dmolinari
22aff10330 test(domain): add TokenHasher tests RED 2026-04-14 13:16:43 -03:00
dmolinari
99bb3364c3 feat(domain): add RefreshToken entity with factory methods and IsActive logic 2026-04-14 13:16:38 -03:00
dmolinari
2efe4115c4 test(domain): add RefreshToken entity tests RED 2026-04-14 13:16:36 -03:00
dmolinari
ffb68db57e db(auth): add V002__create_refresh_token migration with chain revocation indexes 2026-04-14 13:14:47 -03:00
dmolinari
3b66415e17 fix(web): default API port to 5212 2026-04-14 12:54:36 -03:00