df50d5e7f8
Archived proposals:
- add-trigger-conditions-weekly-subscription: Trigger conditions and weekly subscription
- update-api-consistency: WebSocket auth, optimistic locking, workload defaults
All implementations were already complete in previous commits (f5f870d).
Updated tasks.md with implementation summary.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
19 lines
989 B
Markdown
19 lines
989 B
Markdown
## MODIFIED Requirements
|
|
### Requirement: Secure WebSocket Authentication
|
|
The system SHALL authenticate WebSocket connections without exposing tokens in URL query parameters.
|
|
|
|
#### Scenario: WebSocket connection with token in first message
|
|
- **WHEN** client connects to WebSocket endpoint without a query token
|
|
- **THEN** server waits for authentication message containing JWT token
|
|
- **THEN** server validates token before accepting further messages
|
|
- **THEN** server sends an authentication acknowledgment message
|
|
|
|
#### Scenario: WebSocket connection with invalid token
|
|
- **WHEN** client sends an invalid or expired token
|
|
- **THEN** server sends an error message indicating invalid or expired token
|
|
- **THEN** server closes the connection with an authentication error code
|
|
|
|
#### Scenario: WebSocket connection timeout without authentication
|
|
- **WHEN** client connects but does not send authentication within 10 seconds
|
|
- **THEN** server closes the connection with appropriate error code
|