refactor(usermanagement): implement code review findings for User Management BC

Address all 18 findings from security code review (5 critical, 7 medium, 6 low): Domain: make User and Role immutable with wither-pattern, add status transition guards (ACTIVE->LOCKED, LOCKED->ACTIVE, ACTIVE|LOCKED->INACTIVE, INACTIVE->ACTIVE) Application: enforce authorization via AuthorizationPort in all use cases, add input validation, introduce LockUserCommand/UnlockUserCommand/RemoveRoleCommand, fix audit event on password change failure (K5), use flatMap/mapError chains Infrastructure: JWT blacklist with TTL and scheduled cleanup, login rate limiting (5 attempts/15min), configurable CORS, generic error messages, conditional Swagger, seed data context restriction Tests: unit tests for all 10 use cases, adapted domain and integration tests
2026-03-28 17:04:49 +01:00 · 2026-02-19 10:11:20 +01:00 · 2026-02-19 10:11:20 +01:00 · 05878b1ce9
commit 05878b1ce9
parent a1161cfbad
45 changed files with 1989 additions and 2207 deletions
--- a/backend/src/main/resources/application-prod.yml
+++ b/backend/src/main/resources/application-prod.yml
@ -0,0 +1,17 @@
+springdoc:
+  api-docs:
+    enabled: false
+  swagger-ui:
+    enabled: false
+
+logging:
+  level:
+    root: WARN
+    de.effigenix: INFO
+    org.springframework.security: WARN
+    org.hibernate.SQL: WARN
+
+server:
+  error:
+    include-message: never
+    include-binding-errors: never