lilleman b5af4ba6cd E2E for token timeout + refresh (todo §4); full-stack auth-refresh.spec.ts (real Ory stack): a lapsed session JWT is silently re-minted from the live Kratos session (roles re-read from Keto), and cleared once the session is revoked; ory/kratos/e2e.yml shortens the tokenizer ttl to 8s + adds JWT_CLOCK_SKEW_SEC config so re-mint fires at expiry; scope visual suite to visual.spec.ts

2026-06-18 11:32:23 +02:00

..

auth-refresh.spec.ts

E2E for token timeout + refresh (todo §4); full-stack auth-refresh.spec.ts (real Ory stack): a lapsed session JWT is silently re-minted from the live Kratos session (roles re-read from Keto), and cleared once the session is revoked; ory/kratos/e2e.yml shortens the tokenizer ttl to 8s + adds JWT_CLOCK_SKEW_SEC config so re-mint fires at expiry; scope visual suite to visual.spec.ts

2026-06-18 11:32:23 +02:00

package-lock.json

Add dockerized Playwright E2E (todo §1); screenshot live pages + foundation mockups, assert shared design-system styles match

2026-06-15 16:37:21 +02:00

package.json

Add dockerized Playwright E2E (todo §1); screenshot live pages + foundation mockups, assert shared design-system styles match

2026-06-15 16:37:21 +02:00

playwright.config.ts

Add dockerized Playwright E2E (todo §1); screenshot live pages + foundation mockups, assert shared design-system styles match

2026-06-15 16:37:21 +02:00

visual.spec.ts

Secure cookie flags + CSRF for our own POST forms (todo §4); SECURE_COOKIES toggle on session/CSRF cookies; csrf.ts signed double-submit token + body.ts form reader; logout is now a CSRF-guarded POST form

2026-06-18 11:12:32 +02:00