Marcel ea65611690 fix(auth): logout invalidates session before audit (CWE-613) ...

Reorder AuthSessionController.logout so HttpSession.invalidate runs before
AuthService.logout, and wrap the audit call in try/catch so an exception (e.g.
the user was deleted between login and logout, making the audit-time
findByEmail throw) cannot leave the session row alive in spring_session.
The user's intent — "log me out" — is honoured even when audit fails.
Addresses PR #612 / Nora B2.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-05-17 22:38:57 +02:00

..

.mvn/wrapper

build: add mvn properties

2026-03-17 13:33:02 +00:00

api_tests

feat(transcription): add "Alle als fertig markieren" bulk action (#345) (#352)

2026-04-28 08:34:26 +02:00

src

fix(auth): logout invalidates session before audit (CWE-613)

2026-05-17 22:38:57 +02:00

.dockerignore

devops(backend): add .dockerignore to exclude target/ from build context

2026-04-15 11:33:03 +02:00

.gitignore

restructure: flatten workspace nesting, move devcontainer to root

2026-03-15 11:47:58 +01:00

CLAUDE.md

docs(legibility): fix three review blockers in DOC-7

2026-05-06 07:41:02 +02:00

Dockerfile

devops(backend): pin eclipse-temurin tags, skip test compilation, document jar glob

2026-04-15 11:33:03 +02:00

HELP.md

restructure: flatten workspace nesting, move devcontainer to root

2026-03-15 11:47:58 +01:00

lombok.config

refactor(thumbnail): route document access through DocumentService

2026-05-05 07:20:01 +02:00

mvnw

restructure: flatten workspace nesting, move devcontainer to root

2026-03-15 11:47:58 +01:00

mvnw.cmd

build: add mvn properties

2026-03-17 13:33:02 +00:00

pom.xml

test(auth): integration tests for full session lifecycle and idle-timeout

2026-05-17 19:50:22 +02:00