BizGaze_Remote

Нет описания

История

Sravan 5448cf0614 fix(auth): BizGaze-only login + admin sees all sessions When BIZGAZE_LOGIN_URL is configured, verify credentials ONLY against BizGaze (no local-password fallback) so stale in-app accounts can't shadow a BizGaze login. Everyone is then provisioned into the same tenant, restoring the admin's team-scoped "see all sessions" report. - login: BizGaze-only when the IdP is configured; local path kept for dev/tests - provisionFromBizgaze: keep role in sync with BizGaze (isAdmin) on every login; optional ADMIN_EMAILS allowlist as a lockout safety net - block POST /api/users (add local agent) when BizGaze is the IdP — this is what previously split tenants - scripts/migrate-bizgaze-only.js: one-time, dry-run-by-default cleanup that deletes pre-BizGaze local accounts (no sso_user_created audit entry) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>		6 дней назад
..
migrate-bizgaze-only.js	fix(auth): BizGaze-only login + admin sees all sessions	6 дней назад

Sravan 5448cf0614 fix(auth): BizGaze-only login + admin sees all sessions

When BIZGAZE_LOGIN_URL is configured, verify credentials ONLY against BizGaze
(no local-password fallback) so stale in-app accounts can't shadow a BizGaze
login. Everyone is then provisioned into the same tenant, restoring the admin's
team-scoped "see all sessions" report.

- login: BizGaze-only when the IdP is configured; local path kept for dev/tests
- provisionFromBizgaze: keep role in sync with BizGaze (isAdmin) on every login;
  optional ADMIN_EMAILS allowlist as a lockout safety net
- block POST /api/users (add local agent) when BizGaze is the IdP — this is what
  previously split tenants
- scripts/migrate-bizgaze-only.js: one-time, dry-run-by-default cleanup that
  deletes pre-BizGaze local accounts (no sso_user_created audit entry)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

6 дней назад

migrate-bizgaze-only.js

fix(auth): BizGaze-only login + admin sees all sessions

6 дней назад