refactor(usermanagement): implement code review findings for User Management BC

Address all 18 findings from security code review (5 critical, 7 medium, 6 low): Domain: make User and Role immutable with wither-pattern, add status transition guards (ACTIVE->LOCKED, LOCKED->ACTIVE, ACTIVE|LOCKED->INACTIVE, INACTIVE->ACTIVE) Application: enforce authorization via AuthorizationPort in all use cases, add input validation, introduce LockUserCommand/UnlockUserCommand/RemoveRoleCommand, fix audit event on password change failure (K5), use flatMap/mapError chains Infrastructure: JWT blacklist with TTL and scheduled cleanup, login rate limiting (5 attempts/15min), configurable CORS, generic error messages, conditional Swagger, seed data context restriction Tests: unit tests for all 10 use cases, adapted domain and integration tests
2026-03-28 16:09:35 +01:00 · 2026-02-19 10:11:20 +01:00 · 2026-02-19 10:11:20 +01:00 · 05878b1ce9
commit 05878b1ce9
parent a1161cfbad
45 changed files with 1989 additions and 2207 deletions
--- a/backend/src/main/resources/db/changelog/changes/004-seed-admin-user.sql
+++ b/backend/src/main/resources/db/changelog/changes/004-seed-admin-user.sql
@ -1,26 +1,18 @@
 -- Seed Admin User for initial system access
-- Username: admin
-- Password: admin123
-- BCrypt hash with strength 12

-- Insert Admin User
 INSERT INTO users (id, username, email, password_hash, branch_id, status, created_at, last_login)
 VALUES (
-    '00000000-0000-0000-0000-000000000001',  -- Fixed UUID for admin
+    '00000000-0000-0000-0000-000000000001',
    'admin',
    'admin@effigenix.com',
-    '$2a$12$SJmX80hUZoA66W77CX7cHeRw1TPscXD6S8HYEZfhJ5PxTfkbwbLdi',  -- BCrypt hash for "admin123"
-    NULL,  -- No branch = global access
+    '$2a$12$SJmX80hUZoA66W77CX7cHeRw1TPscXD6S8HYEZfhJ5PxTfkbwbLdi',
+    NULL,
    'ACTIVE',
    CURRENT_TIMESTAMP,
    NULL
 );

-- Assign ADMIN role to admin user
 INSERT INTO user_roles (user_id, role_id)
 SELECT '00000000-0000-0000-0000-000000000001', id
 FROM roles
 WHERE name = 'ADMIN';
-
-- Add comment
-COMMENT ON TABLE users IS 'Default admin user: username=admin, password=admin123 (CHANGE IN PRODUCTION!)';
--- a/backend/src/main/resources/db/changelog/db.changelog-master.xml
+++ b/backend/src/main/resources/db/changelog/db.changelog-master.xml
@ -8,7 +8,7 @@
    <include file="db/changelog/changes/001-create-user-management-schema.xml"/>
    <include file="db/changelog/changes/002-seed-roles-and-permissions.xml"/>
    <include file="db/changelog/changes/003-create-audit-logs-table.xml"/>
-    <include file="db/changelog/changes/004-seed-admin-user.xml"/>
+    <include file="db/changelog/changes/004-seed-admin-user.xml" context="dev"/>
    <include file="db/changelog/changes/005-create-masterdata-schema.xml"/>
    <include file="db/changelog/changes/006-create-supplier-schema.xml"/>
    <include file="db/changelog/changes/007-create-customer-schema.xml"/>