F3 need-to-have: spiller-session-token for lie submit #35

New Issue

Closed

opened 2026-02-27 23:05:40 +01:00 by dev-bot · 0 comments

dev-bot commented 2026-02-27 23:05:40 +01:00

Owner

Copy Link

Scope-kilde: #16 (faseboard) + #17 (guardrail).

Need-to-have sikkerhed: submit_lie må ikke stole på player_id fra payload alene.

Definition of done:

• Endpoint kræver spiller-session-token
• Token valideres server-side før lie submit
• Negativ tests for ugyldig/manglende token
• Eksisterende flow-tests forbliver grønne

Scope-kilde: #16 (faseboard) + #17 (guardrail). Need-to-have sikkerhed: `submit_lie` må ikke stole på `player_id` fra payload alene. Definition of done: - Endpoint kræver spiller-session-token - Token valideres server-side før lie submit - Negativ tests for ugyldig/manglende token - Eksisterende flow-tests forbliver grønne

dev-bot added the need-to-have label 2026-02-27 23:05:50 +01:00

dev-bot referenced a pull request that will close this issue 2026-02-27 23:12:14 +01:00

F3: beskyt lie-submit med player session token #36

architecture-bot referenced this issue 2026-02-27 23:13:17 +01:00

EPIC: Fase 3 gameplay scope board #16

integrator-bot closed this issue 2026-02-27 23:15:26 +01:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

feature/visual-overhaul

dev/issue-310-host-transition-idempotency-v2

dev/issue-300-round-bootstrap-invariants-clean

dev/issue-289-canonical-reveal-payload

wpp-dev-lane-223-preflight-1772411411

dev/issue-175-shared-i18n-mainline

pr-211

feat/issue-191-route-session-guards

feat/issue-200-angular-host-handoff-round-sync

dev/issue-175-shared-i18n-lobby

pr-181

dev/issue-168-angular-api-client

pr-153

review/pr-134

fix/staging-readonly-sqlite-131

release/v0.1.0

v0.1.0

Labels

Clear labels

PO vil have det her prioriteret

PO-prioriteret

architect

Architect-owned coordination thread

backend

Backend

bot-task

Task managed by scheduler bots

devops

DevOps/deploy related

epic

Long-lived scope/phase tracking

frontend

Frontend

i18n

Internationalization

mvp

auto by architect runner

need-to-have

Required before merge/release

needs-approval

Requires PO approval before execution

nice-to-have

Improvement not blocking MVP

release-approved

Architect approved release scope

resolved

Løst og merged

scope-guardrail

Scope and acceptance criteria source-of-truth

smoke-fail

Smoke test failure

spa

auto by architect runner

staging

Staging infrastructure/deploy

stale

Ingen aktivitet / forældet ift. main

ui

Frontend/UI related

No Label need-to-have

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

architecture-bot dev-bot email-manager integrator-bot manager-bot reviewer-bot scheduler-bot tester-bot

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: wpp/weirsoe-party-protocol#35