284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Integration Tests / Check for relevant changes (push) Waiting to run
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Mobile checks / Mobile unit tests (push) Waiting to run
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Temporal Readiness / fast-readiness (push) Waiting to run
Temporal Readiness / docker-parity (push) Waiting to run
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Unit Tests / Skipped-test budget (push) Waiting to run
Unit Tests / Nx affected unit tests (push) Waiting to run
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz Source: /opt/alga-psa on psa.joliet.tech
620 lines
15 KiB
JSON
620 lines
15 KiB
JSON
[
|
|
{
|
|
"id": "T001",
|
|
"description": "Providers tab renders Microsoft card alongside existing Google card.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F001"
|
|
]
|
|
},
|
|
{
|
|
"id": "T002",
|
|
"description": "Microsoft settings status action returns success for authorized internal admin user.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F002",
|
|
"F010"
|
|
]
|
|
},
|
|
{
|
|
"id": "T003",
|
|
"description": "Microsoft settings status action returns masked values only (no raw secret content).",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F002",
|
|
"F009"
|
|
]
|
|
},
|
|
{
|
|
"id": "T004",
|
|
"description": "Microsoft settings save action rejects empty client ID.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F003"
|
|
]
|
|
},
|
|
{
|
|
"id": "T005",
|
|
"description": "Microsoft settings save action rejects empty client secret.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F003"
|
|
]
|
|
},
|
|
{
|
|
"id": "T006",
|
|
"description": "Microsoft settings save action defaults tenant ID to `common` when omitted.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F003",
|
|
"F008",
|
|
"F049"
|
|
]
|
|
},
|
|
{
|
|
"id": "T007",
|
|
"description": "Microsoft settings save action persists `microsoft_client_id` in tenant secrets.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F006"
|
|
]
|
|
},
|
|
{
|
|
"id": "T008",
|
|
"description": "Microsoft settings save action persists `microsoft_client_secret` in tenant secrets.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F007"
|
|
]
|
|
},
|
|
{
|
|
"id": "T009",
|
|
"description": "Microsoft settings save action persists `microsoft_tenant_id` in tenant secrets.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F008"
|
|
]
|
|
},
|
|
{
|
|
"id": "T010",
|
|
"description": "Microsoft settings status action exposes derived redirect URI and scope metadata.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F002"
|
|
]
|
|
},
|
|
{
|
|
"id": "T011",
|
|
"description": "Microsoft settings reset action disconnects Microsoft email providers for the tenant.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F004"
|
|
]
|
|
},
|
|
{
|
|
"id": "T012",
|
|
"description": "Microsoft settings reset action disconnects Microsoft calendar providers for the tenant.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F004"
|
|
]
|
|
},
|
|
{
|
|
"id": "T013",
|
|
"description": "Microsoft settings save/reset actions are exported via integrations action index and callable from UI imports.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F005"
|
|
]
|
|
},
|
|
{
|
|
"id": "T014",
|
|
"description": "Non-admin user receives permission error on Microsoft settings save.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F010"
|
|
]
|
|
},
|
|
{
|
|
"id": "T015",
|
|
"description": "Client-portal user context is denied on Microsoft settings status/save/reset actions.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F011"
|
|
]
|
|
},
|
|
{
|
|
"id": "T016",
|
|
"description": "Microsoft readiness helper returns ready only when both `microsoft_client_id` and `microsoft_client_secret` exist.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F012"
|
|
]
|
|
},
|
|
{
|
|
"id": "T017",
|
|
"description": "Google readiness helper returns ready only when both `google_client_id` and `google_client_secret` exist.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F013"
|
|
]
|
|
},
|
|
{
|
|
"id": "T018",
|
|
"description": "CE Microsoft email form no longer blocks save due to manual client credentials fields.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F014",
|
|
"F017"
|
|
]
|
|
},
|
|
{
|
|
"id": "T019",
|
|
"description": "CE Microsoft email form shows Providers CTA when Microsoft readiness is false.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F015"
|
|
]
|
|
},
|
|
{
|
|
"id": "T020",
|
|
"description": "CE Microsoft calendar form shows Providers CTA when Microsoft readiness is false.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F016"
|
|
]
|
|
},
|
|
{
|
|
"id": "T021",
|
|
"description": "CE Microsoft calendar form can save provider metadata without manual OAuth credential entry.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F016",
|
|
"F018"
|
|
]
|
|
},
|
|
{
|
|
"id": "T022",
|
|
"description": "CE Microsoft email provider persistence writes null/derived credential fields rather than requiring form-entered secrets.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F017"
|
|
]
|
|
},
|
|
{
|
|
"id": "T023",
|
|
"description": "Google provider readiness for MSP SSO uses `google_client_id`/`google_client_secret` and does not require Gmail PubSub keys.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F013"
|
|
]
|
|
},
|
|
{
|
|
"id": "T024",
|
|
"description": "CE MSP login renders Google and Microsoft SSO buttons from non-stub implementation.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F019"
|
|
]
|
|
},
|
|
{
|
|
"id": "T025",
|
|
"description": "SSO buttons remain disabled until email input is non-empty.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F020"
|
|
]
|
|
},
|
|
{
|
|
"id": "T026",
|
|
"description": "Microsoft button triggers resolver call before invoking NextAuth signIn.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F021"
|
|
]
|
|
},
|
|
{
|
|
"id": "T027",
|
|
"description": "Google button triggers resolver call before invoking NextAuth signIn.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F022"
|
|
]
|
|
},
|
|
{
|
|
"id": "T028",
|
|
"description": "Resolver failure always shows same generic error message text in MSP login UI.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F023"
|
|
]
|
|
},
|
|
{
|
|
"id": "T029",
|
|
"description": "Client portal login UI remains unchanged and does not render new SSO buttons.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F024"
|
|
]
|
|
},
|
|
{
|
|
"id": "T030",
|
|
"description": "Resolver endpoint accepts valid payload and returns `{ ok: true }` with context cookie when source is resolvable.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F025",
|
|
"F032"
|
|
]
|
|
},
|
|
{
|
|
"id": "T031",
|
|
"description": "Resolver endpoint rejects invalid provider values with generic failure response shape.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F026",
|
|
"F031"
|
|
]
|
|
},
|
|
{
|
|
"id": "T032",
|
|
"description": "Resolver endpoint normalizes email case/whitespace before lookup.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F026",
|
|
"F027"
|
|
]
|
|
},
|
|
{
|
|
"id": "T033",
|
|
"description": "Resolver selects tenant source for Microsoft when user exists and tenant Microsoft secrets are present.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F028"
|
|
]
|
|
},
|
|
{
|
|
"id": "T034",
|
|
"description": "Resolver selects tenant source for Google when user exists and tenant Google secrets are present.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F028"
|
|
]
|
|
},
|
|
{
|
|
"id": "T035",
|
|
"description": "Resolver selects app fallback source when user exists but tenant Microsoft config is missing and app fallback exists.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F029",
|
|
"F034"
|
|
]
|
|
},
|
|
{
|
|
"id": "T036",
|
|
"description": "Resolver selects app fallback source when user exists but tenant Google config is missing and app fallback exists.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F029",
|
|
"F035"
|
|
]
|
|
},
|
|
{
|
|
"id": "T037",
|
|
"description": "Resolver unknown-user path with available app fallback returns same success schema as known-user-missing-provider path.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F030",
|
|
"F031"
|
|
]
|
|
},
|
|
{
|
|
"id": "T038",
|
|
"description": "Resolver unknown-user path with no available fallback returns same generic failure schema as known-user-no-source path.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F030",
|
|
"F031",
|
|
"F036"
|
|
]
|
|
},
|
|
{
|
|
"id": "T039",
|
|
"description": "Resolver context cookie payload excludes raw client IDs and client secrets.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F033"
|
|
]
|
|
},
|
|
{
|
|
"id": "T040",
|
|
"description": "Resolver context cookie includes provider, source, issuedAt/expiresAt, nonce, and signature.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F032",
|
|
"F043"
|
|
]
|
|
},
|
|
{
|
|
"id": "T041",
|
|
"description": "Resolver uses `MICROSOFT_OAUTH_CLIENT_ID` + `MICROSOFT_OAUTH_CLIENT_SECRET` for Microsoft fallback readiness check.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F034"
|
|
]
|
|
},
|
|
{
|
|
"id": "T042",
|
|
"description": "Resolver uses `GOOGLE_OAUTH_CLIENT_ID` + `GOOGLE_OAUTH_CLIENT_SECRET` for Google fallback readiness check.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F035"
|
|
]
|
|
},
|
|
{
|
|
"id": "T043",
|
|
"description": "Resolver returns generic failure when tenant source missing and fallback source missing.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F036"
|
|
]
|
|
},
|
|
{
|
|
"id": "T044",
|
|
"description": "Resolver rate limiter blocks repeated abusive attempts and returns generic failure response.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F037"
|
|
]
|
|
},
|
|
{
|
|
"id": "T045",
|
|
"description": "Resolver structured logs include provider and source classification but no raw email, secrets, or explicit existence marker.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F038"
|
|
]
|
|
},
|
|
{
|
|
"id": "T046",
|
|
"description": "CE build registers Google/Microsoft OAuth providers in NextAuth when fallback or tenant-selected source is available.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F039"
|
|
]
|
|
},
|
|
{
|
|
"id": "T047",
|
|
"description": "Auth options are not stuck on stale provider secrets across attempts with different resolver cookies.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F040"
|
|
]
|
|
},
|
|
{
|
|
"id": "T048",
|
|
"description": "NextAuth secret resolver uses tenant source from valid resolver cookie for Microsoft.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F041"
|
|
]
|
|
},
|
|
{
|
|
"id": "T049",
|
|
"description": "NextAuth secret resolver uses tenant source from valid resolver cookie for Google.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F041"
|
|
]
|
|
},
|
|
{
|
|
"id": "T050",
|
|
"description": "Invalid resolver cookie signature is ignored and app fallback is used.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F042",
|
|
"F043"
|
|
]
|
|
},
|
|
{
|
|
"id": "T051",
|
|
"description": "Expired resolver cookie context is ignored and app fallback is used.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F042",
|
|
"F043"
|
|
]
|
|
},
|
|
{
|
|
"id": "T052",
|
|
"description": "Resolver cookie is overwritten on subsequent SSO start attempts (new nonce and expiry).",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F044"
|
|
]
|
|
},
|
|
{
|
|
"id": "T053",
|
|
"description": "CE OAuth mapper resolves internal user by normalized email for Microsoft profile and returns expected extended user shape.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F045",
|
|
"F046"
|
|
]
|
|
},
|
|
{
|
|
"id": "T054",
|
|
"description": "CE OAuth mapper resolves internal user by normalized email for Google profile and returns expected extended user shape.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F045",
|
|
"F046"
|
|
]
|
|
},
|
|
{
|
|
"id": "T055",
|
|
"description": "CE OAuth mapper rejects inactive user accounts.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F045",
|
|
"F046"
|
|
]
|
|
},
|
|
{
|
|
"id": "T056",
|
|
"description": "CE OAuth mapper rejects client user_type for MSP SSO flow.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F045",
|
|
"F046"
|
|
]
|
|
},
|
|
{
|
|
"id": "T057",
|
|
"description": "EE build path continues to use enterprise registry profile mapper unchanged.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F047"
|
|
]
|
|
},
|
|
{
|
|
"id": "T058",
|
|
"description": "CE MSP OAuth sign-in succeeds without EE account-link persistence dependencies.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F048"
|
|
]
|
|
},
|
|
{
|
|
"id": "T059",
|
|
"description": "Microsoft OAuth issuer/authorization path uses tenant ID when provided, else defaults to `common`.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F049"
|
|
]
|
|
},
|
|
{
|
|
"id": "T060",
|
|
"description": "Code comments/docs include explicit anti-enumeration guidance in resolver/auth flow modules.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F050"
|
|
]
|
|
},
|
|
{
|
|
"id": "T061",
|
|
"description": "`.env.example` documents CE MSP fallback usage for `GOOGLE_OAUTH_*` and `MICROSOFT_OAUTH_*` keys.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F051"
|
|
]
|
|
},
|
|
{
|
|
"id": "T062",
|
|
"description": "Integration docs describe provider setup order for Microsoft and Google in Providers settings before account connection flows.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F052"
|
|
]
|
|
},
|
|
{
|
|
"id": "T063",
|
|
"description": "DB-backed integration sanity (happy path): resolver selects tenant source when matching internal user row and tenant secret readiness are present.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F027",
|
|
"F028"
|
|
]
|
|
},
|
|
{
|
|
"id": "T064",
|
|
"description": "DB-backed integration sanity (guard path): resolver for unknown email returns generic response without user-existence details.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F030",
|
|
"F031"
|
|
]
|
|
},
|
|
{
|
|
"id": "T065",
|
|
"description": "DB-backed integration sanity (fallback path): resolver selects app source when user row exists but tenant readiness is absent.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F029",
|
|
"F034",
|
|
"F035"
|
|
]
|
|
},
|
|
{
|
|
"id": "T066",
|
|
"description": "End-to-end MSP Microsoft SSO with tenant source succeeds from login form to authenticated redirect.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F021",
|
|
"F028",
|
|
"F041",
|
|
"F046"
|
|
]
|
|
},
|
|
{
|
|
"id": "T067",
|
|
"description": "End-to-end MSP Google SSO with tenant source succeeds from login form to authenticated redirect.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F022",
|
|
"F028",
|
|
"F041",
|
|
"F046"
|
|
]
|
|
},
|
|
{
|
|
"id": "T068",
|
|
"description": "End-to-end MSP Microsoft SSO fallback source succeeds when tenant source is absent but app fallback exists.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F021",
|
|
"F029",
|
|
"F034",
|
|
"F042"
|
|
]
|
|
},
|
|
{
|
|
"id": "T069",
|
|
"description": "End-to-end MSP Google SSO fallback source succeeds when tenant source is absent but app fallback exists.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F022",
|
|
"F029",
|
|
"F035",
|
|
"F042"
|
|
]
|
|
},
|
|
{
|
|
"id": "T070",
|
|
"description": "End-to-end MSP SSO start failure shows same generic UI messaging for unknown user and known-unconfigured tenant.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F023",
|
|
"F030",
|
|
"F031"
|
|
]
|
|
},
|
|
{
|
|
"id": "T071",
|
|
"description": "End-to-end CE credentials login (non-SSO) remains unaffected by resolver cookie behavior.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F040",
|
|
"F042",
|
|
"F044"
|
|
]
|
|
},
|
|
{
|
|
"id": "T072",
|
|
"description": "End-to-end client portal login behavior remains unchanged with no new SSO affordances introduced.",
|
|
"implemented": true,
|
|
"featureIds": [
|
|
"F024"
|
|
]
|
|
}
|
|
]
|