pictureFrame-webApp

football2801/pictureFrame-webApp

Fork 0

Commit Graph

Author	SHA1	Message	Date
football2801	3c1d5f0eae	feat(story-1.4): user login with remember_me, inline error, logout - Login Twig template: styled to match register page; inline "Incorrect email or password" on both fields (no email-existence disclosure); aria-invalid on error - security.yaml: always_remember_me: true — REMEMBERME cookie set on every login - Logout: /logout → session invalidated → 302 /login (Symfony firewall handles it) Verified: correct creds → 302 / + REMEMBERME cookie; wrong creds → 302 /login + inline error on re-render; logout → 302 /login; GET / after logout → 302 /login Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-27 23:36:39 -04:00
football2801	694843bdf0	feat(story-1.3): user registration with auto-login and inline validation - RegistrationFormType: email + plainPassword, NotBlank/Email/Length(min=8) constraints - SecurityController: register action hashes password, persists user, auto-logs in via Security::login() - User entity: UniqueEntity constraint — "An account with this email already exists" - Register Twig template: inline errors per field (role=alert), blur-validation JS (client fires on blur not keystroke; server-error flag prevents blur clobbering server messages) - csrf.yaml: switched from stateless UX-dependent tokens to standard session CSRF (stateless token IDs require Stimulus JS to inject the real value — we removed Stimulus) Verified: happy path → 302 + auto-login; duplicate email → 422 + inline error; short password → 422 + inline error Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-27 23:25:42 -04:00
football2801	a55b3bd187	feat(story-1.2): Vue 3 SPA scaffold, base component library, User entity, SpaController Frontend: - Vue 3 + Vite + TypeScript strict in frontend/; builds to public/build/ - Vue Router (hash-history, requiresAuth guard → /login) and Pinia - Global SCSS design tokens with 6 full themes (Warm Craft, Playful Pop, Sage & Cream, Dusty Mauve, Ocean Dusk, Honey & Slate) - Base components: BaseButton (5 variants), BaseInput (floating label, error state), BaseBottomSheet (slide-up, focus trap, tap-outside dismiss), BaseCard, BaseChip, BaseToast (2.5s auto-dismiss, aria-live polite), BottomNav (4 tabs, hides at 960px) - Type stubs for all API shapes: User, Device, Image, StickerLayer, RenderedAsset, Token Backend: - SpaController catch-all serves public/build/index.html; excludes api/setup/token/login/register - User entity (email+password+roles+theme); UserRepository with PasswordUpgrader - SecurityController with /login, /logout, /register stubs; Twig login form - security.yaml: form_login firewall, remember_me, role_hierarchy, access_control - Migration: create user table Verified: npm run build succeeds, GET / → 302 /login (unauthenticated) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-27 23:21:29 -04:00

Author

SHA1

Message

Date

football2801

3c1d5f0eae

feat(story-1.4): user login with remember_me, inline error, logout

- Login Twig template: styled to match register page; inline "Incorrect email or
  password" on both fields (no email-existence disclosure); aria-invalid on error
- security.yaml: always_remember_me: true — REMEMBERME cookie set on every login
- Logout: /logout → session invalidated → 302 /login (Symfony firewall handles it)

Verified: correct creds → 302 / + REMEMBERME cookie; wrong creds → 302 /login +
          inline error on re-render; logout → 302 /login; GET / after logout → 302 /login

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-27 23:36:39 -04:00

football2801

694843bdf0

feat(story-1.3): user registration with auto-login and inline validation

- RegistrationFormType: email + plainPassword, NotBlank/Email/Length(min=8) constraints
- SecurityController: register action hashes password, persists user, auto-logs in via Security::login()
- User entity: UniqueEntity constraint — "An account with this email already exists"
- Register Twig template: inline errors per field (role=alert), blur-validation JS
  (client fires on blur not keystroke; server-error flag prevents blur clobbering server messages)
- csrf.yaml: switched from stateless UX-dependent tokens to standard session CSRF
  (stateless token IDs require Stimulus JS to inject the real value — we removed Stimulus)

Verified: happy path → 302 + auto-login; duplicate email → 422 + inline error;
          short password → 422 + inline error

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-27 23:25:42 -04:00

football2801

a55b3bd187

feat(story-1.2): Vue 3 SPA scaffold, base component library, User entity, SpaController

Frontend:
- Vue 3 + Vite + TypeScript strict in frontend/; builds to public/build/
- Vue Router (hash-history, requiresAuth guard → /login) and Pinia
- Global SCSS design tokens with 6 full themes (Warm Craft, Playful Pop, Sage & Cream, Dusty Mauve, Ocean Dusk, Honey & Slate)
- Base components: BaseButton (5 variants), BaseInput (floating label, error state),
  BaseBottomSheet (slide-up, focus trap, tap-outside dismiss), BaseCard, BaseChip,
  BaseToast (2.5s auto-dismiss, aria-live polite), BottomNav (4 tabs, hides at 960px)
- Type stubs for all API shapes: User, Device, Image, StickerLayer, RenderedAsset, Token

Backend:
- SpaController catch-all serves public/build/index.html; excludes api/setup/token/login/register
- User entity (email+password+roles+theme); UserRepository with PasswordUpgrader
- SecurityController with /login, /logout, /register stubs; Twig login form
- security.yaml: form_login firewall, remember_me, role_hierarchy, access_control
- Migration: create user table

Verified: npm run build succeeds, GET / → 302 /login (unauthenticated)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-27 23:21:29 -04:00

3 Commits