b6b110254a
feat(expense): add per-expense FunctionalClass override
2026-06-24 19:05:07 -07:00
d3e6b5aed5
feat(ministry): add DefaultFunctionalClass for Form 990 functional split
2026-06-24 19:00:36 -07:00
ac84097254
test(expense): assert Form990LineCode projection resolves
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-06-24 18:57:14 -07:00
971bf165cc
feat(expense): map category group/subcategory to Form 990 lines
2026-06-24 18:53:13 -07:00
28eba8a3ea
feat(giving): include Sunday attendance total in offering session list
2026-06-24 11:24:31 -07:00
8d91bbeb31
feat(attendance): add SetCountsAsync to set all three age groups for a date
2026-06-24 11:14:09 -07:00
e88ea7917f
add church profile.
ci-cd-vm / ci-cd (push) Successful in 2m31s
2026-06-24 08:21:31 -07:00
d327a5146c
Merge branch 'feature/change-password'
2026-06-23 20:36:26 -07:00
4276ca890b
WIP
2026-06-23 20:36:18 -07:00
180dea60c1
feat(auth): add ChangePasswordAsync with other-session revocation and audit
2026-06-23 19:47:43 -07:00
5a915ebdd1
Harden notifications: bump MailKit, bound webhook body, share truncation, skip soft-deleted members
2026-06-23 19:29:23 -07:00
c8bc7103ba
Add LineNotificationService with send, binding, and group ops
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-06-23 19:17:10 -07:00
3eeb314dc2
Add IMessageChannel and Line REST implementation
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-06-23 19:13:42 -07:00
0ddb34dd20
Add EmailService with recipient resolution and logging
...
TDD: IEmailService interface, EmailService resolves member emails + raw addresses (case-insensitive dedup), sends via ISmtpDispatcher, writes a NotificationLog per recipient (sent/failed), and never aborts the batch on a single failure.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-23 19:11:13 -07:00
85bf329d93
Add Line webhook signature verification helper
...
Implements LineSignature.IsValid() using HMAC-SHA256 + FixedTimeEquals to prevent timing attacks; includes xUnit tests for valid, tampered, and null/empty header cases.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-23 19:07:01 -07:00
47aec287aa
update mobile view for expense.
2026-06-23 13:49:38 -07:00
62592c29ae
Add audit logs.
ci-cd-vm / ci-cd (push) Successful in 4m2s
2026-06-23 12:13:47 -07:00
870eeec82a
Add role control
2026-06-23 07:19:08 -07:00
2af169fa60
Fix null payee.
2026-06-20 18:05:22 -07:00
3558c67fd7
WIP
2026-06-20 17:51:33 -07:00
f55807fa7d
wip
2026-06-20 15:13:23 -07:00
e1f99158aa
fix(expense): resolve current user id from 'sub' JWT claim
...
Live verification revealed the JWT carries the user id in the 'sub' claim
(NameClaimType=sub, MapInboundClaims=false), so ClaimTypes.NameIdentifier is
null at runtime. This caused ExpensesController.GetMine/GetById to throw
NullReferenceException (500) on the '!.Value', and made the services fall back
to 'system' — silently defeating the self-ownership guard. Resolve via
NameIdentifier (unit tests) then 'sub' (real tokens). Adds a regression test.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
2026-05-29 19:08:21 -07:00
86d9879a6d
feat(expense): add MonthlyStatementService with server-side recompute + tests
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-29 18:34:39 -07:00
d9289008f6
feat(expense): add ExpenseService with state machine + receipt storage + tests
...
TDD: wrote 8 tests first (red), then implemented IExpenseService + ExpenseService
covering CRUD, Draft→PendingApproval→Approved→Paid state machine, soft-delete,
per-owner access guards, and receipt blob round-trip via IFileStorage.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-29 18:28:38 -07:00
015f689d9b
feat(expense): add ExpenseCategoryService + tests
...
TDD cycle: wrote 3 xUnit tests first (red), then implemented
IExpenseCategoryService + ExpenseCategoryService (green).
2026-05-29 18:24:07 -07:00
e7bf07c2ad
feat(storage): add IFileStorage + local-disk implementation
...
Adds IFileStorage abstraction and LocalDiskFileStorage for receipt file storage with path-traversal protection, and registers it in DI. Includes 3 TDD-verified xUnit tests.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-29 18:18:28 -07:00
f6f06d841c
feat(ministry): add Ministry entity, seed (10), and read endpoint
2026-05-29 18:03:28 -07:00
a573179714
feat(giving): match giver member name in single-giving search (spec §4.2)
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-28 17:24:47 -07:00
86041c0d05
fix(giving): map duplicate-date race to 409 + return zelle/paypal refs in session detail
2026-05-28 16:53:24 -07:00
e04776460d
feat(giving): offering-session batch service with server-side totals + locking
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-28 16:47:19 -07:00
8ff93e3698
test(giving): cover anonymous member-id stripping and delete-lock guard
2026-05-28 16:42:18 -07:00
2b6f29e775
feat(giving): single-entry giving service with paging + lock guard
...
Adds GivingListItemDto, GivingDto, CreateGivingRequest, UpdateGivingRequest DTOs;
IGivingService interface; GivingService implementation with category/date filtering,
OfferingSession lock guard (Submitted/Reconciled), and DI registration in Program.cs.
Covered by 4 xUnit tests (TDD: red → green).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-28 16:38:32 -07:00
cb15d30980
refactor(giving): drop unused accessor from category service + add deactivate-missing test
2026-05-28 16:33:27 -07:00
798dfa3fe0
feat(giving): giving-category service with CRUD + soft-disable
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-28 16:29:31 -07:00
3ab0998793
feat: add UserManagementService with temp-password creation and deactivation
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-27 14:08:50 -07:00
bfffdee2a8
feat: add MemberService with soft-delete and paged search
...
Implements IMemberService with Create/Read/Update/soft-Delete operations,
NickName/zh-name search, status and hasUser filtering, and full xUnit coverage
(11 tests). Uses separate user-lookup query for InMemory DB compatibility; detaches
entity after soft-delete so query-filter assertions work correctly in tests.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-27 14:00:59 -07:00
2aa095c158
Task 11: Smoke test fixes (all 5 scenarios pass)
...
TokenService.GenerateRefreshToken():
- Switched to URL-safe Base64 (RFC 4648 §5): +→-, /→_, no = padding.
- Characters are unreserved per RFC 6265, so Response.Cookies.Append
does NOT percent-encode the value. Request.Cookies reads back exact value.
AuthController:
- CookieOptions.Secure = !env.IsDevelopment()
Plain HTTP in local dev works; HTTPS-only in staging/production.
- Inject IWebHostEnvironment for environment-aware Secure flag.
TokenServiceTests:
- Updated GenerateRefreshToken test: 86-char URL-safe Base64 instead
of 64-byte standard Base64. 16/16 tests pass.
Smoke test results (http://localhost:5209 ):
1. POST /api/auth/login → 200 + rolac_rt cookie + JWT
2. POST /api/auth/refresh → 200 + new token (rotation)
3. POST /api/auth/logout → 204 + cookie cleared
4. Refresh with revoked token → 401
5. Wrong password → 401
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-26 19:28:20 -07:00
9db8b34181
Task 6: AuthService + 9 unit tests (16/16 pass)
...
- IAuthService: LoginAsync / RefreshAsync / LogoutAsync
- AuthService: refresh-token rotation, hashed storage, LastLoginAt update
- AuthServiceTests: 5 login + 3 refresh + 1 logout tests via Moq + EF InMemory
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-26 17:38:56 -07:00
f74563bb36
Task 5: TokenService + unit tests (7/7 pass)
...
- ITokenService: GenerateAccessToken / GenerateRefreshToken / HashToken
- TokenService: JWT (HS256, 15-min), 64-byte CSPRNG refresh, SHA-256 hex hash
- Role claims use short JWT name role (v7.x JsonWebTokenHandler compatible)
- TokenServiceTests: 7 xUnit tests, payload decoded via Base64Url+System.Text.Json
to avoid Microsoft.IdentityModel 7.1.2/7.5.2 version-mismatch issues
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-05-26 17:34:56 -07:00
Chris Chen