Force-add the EF migration excluded by the Migrations/ gitignore rule, so
the UserInvitations table migration is versioned alongside the feature.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
TDD: IEmailService interface, EmailService resolves member emails + raw addresses (case-insensitive dedup), sends via ISmtpDispatcher, writes a NotificationLog per recipient (sent/failed), and never aborts the batch on a single failure.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Implements LineSignature.IsValid() using HMAC-SHA256 + FixedTimeEquals to prevent timing attacks; includes xUnit tests for valid, tampered, and null/empty header cases.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Creates MemberChannelBinding, LineBindingCode, MessagingGroup, and NotificationLog
entities under ROLAC.API.Entities.Notifications; wires DbSets and fluent config into
AppDbContext; generates EF migration AddNotifications creating the four tables.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Final-review findings:
- ExpenseCategoriesController was finance-only at the class level, but the member
self-service reimbursement form reads the category list to populate its dropdown,
so members got 403 and could not submit. Open GET to any authenticated user;
keep group/subcategory writes finance-only (mirrors MinistriesController).
Verified live with a member-role account: reads 200, writes 403, self-submit 200.
- MonthlyStatementService Update/Finalize now use FirstOrDefaultAsync for
convention consistency with the rest of the service layer.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Live verification revealed the JWT carries the user id in the 'sub' claim
(NameClaimType=sub, MapInboundClaims=false), so ClaimTypes.NameIdentifier is
null at runtime. This caused ExpensesController.GetMine/GetById to throw
NullReferenceException (500) on the '!.Value', and made the services fall back
to 'system' — silently defeating the self-ownership guard. Resolve via
NameIdentifier (unit tests) then 'sub' (real tokens). Adds a regression test.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
TDD: wrote 8 tests first (red), then implemented IExpenseService + ExpenseService
covering CRUD, Draft→PendingApproval→Approved→Paid state machine, soft-delete,
per-owner access guards, and receipt blob round-trip via IFileStorage.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds IFileStorage abstraction and LocalDiskFileStorage for receipt file storage with path-traversal protection, and registers it in DI. Includes 3 TDD-verified xUnit tests.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Chris Chen