Jason Woltje
a220c2dc0a
fix(#5,#36): Fix critical security issues and add comprehensive tests
SECURITY FIXES:
- Replace generic Error with UnauthorizedException in all controllers
- Fix workspace isolation bypass in findAll methods (CRITICAL)
- Controllers now always use req.user.workspaceId, never allow query override
CODE FIXES:
- Fix redundant priority logic in tasks.service.ts
- Use TaskPriority.MEDIUM as default instead of undefined
TEST ADDITIONS:
- Add multi-tenant isolation tests for all services (tasks, events, projects)
- Add database constraint violation handling tests (P2002, P2003, P2025)
- Add missing controller error tests for events and projects controllers
- All new tests verify authentication and workspace isolation
RESULTS:
- All 247 tests passing
- Test coverage: 94.35% (exceeds 85% requirement)
- Critical security vulnerabilities fixed
Fixes #5
Refs #36
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-28 18:55:07 -06:00
..
2026-01-28 17:26:34 -06:00
2026-01-28 18:55:07 -06:00
2026-01-28 13:31:33 -06:00
2026-01-28 15:07:04 -06:00
2026-01-28 13:31:33 -06:00
2026-01-28 17:26:34 -06:00
2026-01-28 13:31:33 -06:00
2026-01-28 17:26:34 -06:00
2026-01-28 13:31:33 -06:00