simon/ifb-schulapp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0dd915eeb2ea45fe88cf6007703c8868139d5c12
ifb-schulapp/public
T
History
Simon 0dd915eeb2 fix: harden auth, admin, teacher, and e2ee endpoints 
- Invalidate JWTs on password change/reset via token_version
- Constant-time login compare against dummy hash to prevent user enum
- Register validates subject against subjects table + user_subjects link
- Last-admin guard on account delete and admin role/status PATCH
- purgeUser unlinks teacher_materials storage files
- 2FA setup/regenerate require password, setup blocks while enabled
- Group sender keys: existing-distributor check + INSERT OR IGNORE
- class_events: type whitelist, ISO date regex, end >= start check
- Teacher absences DELETE: ownership check (teacher_id)
- class_timetable POST: HHMM validation, overlap detection
- class_timetable PUT: subject restricted to teacher list, HHMM + overlap
- Register VALID_SUBJECTS removed; dynamic subjects from DB
- /api/subjects made public (needed by register form)
2026-04-21 13:18:17 +02:00
..
admin.html
feat: email verification via Resend + admin user management
2026-04-18 01:33:45 +02:00
app.html
fix: harden auth, admin, teacher, and e2ee endpoints
2026-04-21 13:18:17 +02:00
datenschutz.html
chore: remove school-brand impersonation from public pages
2026-04-18 01:33:53 +02:00
e2ee.js
feat: add TOTP 2FA with QR code and manual secret entry
2026-04-17 22:56:39 +02:00
favicon.svg
clean initial commit
2026-04-17 00:12:47 +02:00
index.html
chore: remove school-brand impersonation from public pages
2026-04-18 01:33:53 +02:00
login.html
fix: harden auth, admin, teacher, and e2ee endpoints
2026-04-21 13:18:17 +02:00
reset-password.html
feat: password reset via email
2026-04-18 01:36:26 +02:00