stack

mosaic/stack

Fork 0

Commit Graph

Author	SHA1	Message	Date
Jason Woltje	ffc10c9a45	feat(api): add MS21 user fields for admin, local auth, and invitations (#553 ) All checks were successful ci/woodpecker/push/orchestrator Pipeline was successful Details ci/woodpecker/push/web Pipeline was successful Details ci/woodpecker/push/api Pipeline was successful Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-02-28 17:47:03 +00:00
Jason Woltje	6d92251fc1	fix(SEC-WEB-27+28): Robust email validation + role cast validation All checks were successful ci/woodpecker/push/woodpecker Pipeline was successful Details SEC-WEB-27: Replace weak email.includes('@') check with RFC 5322-aligned programmatic validation (isValidEmail). Uses character-level domain label validation to avoid ReDoS vulnerabilities from complex regex patterns. SEC-WEB-28: Replace unsafe 'as WorkspaceMemberRole' type casts with runtime validation (toWorkspaceMemberRole) that checks against known enum values and falls back to MEMBER for invalid inputs. Applied in both InviteMember.tsx and MemberList.tsx. Adds 43 tests covering validation logic, InviteMember component, and MemberList component behavior. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-06 15:40:05 -06:00

Author

SHA1

Message

Date

Jason Woltje

ffc10c9a45

feat(api): add MS21 user fields for admin, local auth, and invitations (#553 )

ci/woodpecker/push/orchestrator Pipeline was successful

Details

ci/woodpecker/push/web Pipeline was successful

Details

ci/woodpecker/push/api Pipeline was successful

Details

Co-authored-by: Jason Woltje <jason@diversecanvas.com>
Co-committed-by: Jason Woltje <jason@diversecanvas.com>

2026-02-28 17:47:03 +00:00

Jason Woltje

6d92251fc1

fix(SEC-WEB-27+28): Robust email validation + role cast validation

ci/woodpecker/push/woodpecker Pipeline was successful

Details

SEC-WEB-27: Replace weak email.includes('@') check with RFC 5322-aligned
programmatic validation (isValidEmail). Uses character-level domain label
validation to avoid ReDoS vulnerabilities from complex regex patterns.

SEC-WEB-28: Replace unsafe 'as WorkspaceMemberRole' type casts with
runtime validation (toWorkspaceMemberRole) that checks against known enum
values and falls back to MEMBER for invalid inputs. Applied in both
InviteMember.tsx and MemberList.tsx.

Adds 43 tests covering validation logic, InviteMember component, and
MemberList component behavior.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-06 15:40:05 -06:00

2 Commits