|
|
@@ -442,6 +442,28 @@
|
|
|
reporter, so after a partial purge the seed will re-fire. Also a
|
|
|
cheap repeated-write DoS.
|
|
|
- **Severity: 2**
|
|
|
+- **Status:** Fixed in `5c15fc5`. `MaintenanceController::seedDemo`
|
|
|
+ now requires `confirm: "SEED"` in the request body and returns
|
|
|
+ `400 validation_failed` otherwise — symmetric with `purge`'s
|
|
|
+ `"PURGE"` gate. The check runs before the 409 already-seeded
|
|
|
+ shortcut and before any DB write, so a drive-by POST or repeated
|
|
|
+ cost-imposition burst is rejected without touching `reporters`.
|
|
|
+ The OpenAPI spec (`api/public/openapi.yaml` and `api/openapi.php`)
|
|
|
+ documents the new request body and the 400 response. The UI BFF
|
|
|
+ is updated end-to-end: `AdminClient::seedDemo` sends
|
|
|
+ `confirm: "SEED"` (`ui/src/ApiClient/AdminClient.php`),
|
|
|
+ `SettingsController::seedDemo` requires the user to type `SEED`
|
|
|
+ in the form and surfaces a flash error otherwise
|
|
|
+ (`ui/src/Controllers/SettingsController.php`), and the seed-demo
|
|
|
+ modal mirrors the purge modal's typed-confirm UX in
|
|
|
+ `ui/resources/views/pages/settings/index.twig`. Regression test
|
|
|
+ `testSeedDemoRequiresLiteralConfirmString` in
|
|
|
+ `api/tests/Integration/Admin/MaintenanceControllerTest.php`
|
|
|
+ asserts both no-body and wrong-literal POSTs return 400 and that
|
|
|
+ no `reporters`/`reports` rows landed; the existing
|
|
|
+ `testSeedDemoPopulatesDataAndIsIdempotent` /
|
|
|
+ `testSeedDemoForbiddenForViewer` cases were updated to send the
|
|
|
+ new body.
|
|
|
|
|
|
### F16 — Admin-role API tokens are not bound to a `user_id` → privilege persists after offboarding
|
|
|
- **Files:** `api/src/Application/Admin/TokensController.php:142-155, 166-177`,
|
chiappa