778402fec7
All checks were successful
CI / Unit & Component Tests (pull_request) Successful in 3m11s
CI / OCR Service Tests (pull_request) Successful in 20s
CI / Backend Unit Tests (pull_request) Successful in 3m21s
CI / fail2ban Regex (pull_request) Successful in 40s
CI / Semgrep Security Scan (pull_request) Successful in 19s
CI / Compose Bucket Idempotency (pull_request) Successful in 1m0s
Integration test: - Adds post_without_csrf_token_returns_403_CSRF_TOKEN_MISSING to AuthSessionIntegrationTest, verifying CSRF is active end-to-end (not just in @WebMvcTest slices). SessionRevocationConfig (new): - Replaces fragile @ConditionalOnBean/@ConditionalOnMissingBean on @Service beans with a single @Configuration @Bean method that accepts JdbcIndexedSessionRepository as @Autowired(required=false). Spring resolves the optional parameter reliably after auto-configuration fires, choosing JdbcSessionRevocationAdapter when available and NoOpSessionRevocationAdapter otherwise. - JdbcSessionRevocationAdapter and NoOpSessionRevocationAdapter are now plain implementation classes (no @Service/@Conditional annotations). Addresses Sara Concern 2 from PR #617 review. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>