fix(GRO-2089): correct Authentik customer credential source in §5.25 pre-conditions

The UAT_PLAYBOOK §5.25 (Customer Portal — Better Auth SSO Bridge) pre-condition incorrectly stated that the Authentik customer password comes from seed-uat-passwords:customer-password. That Secret holds the *Better Auth* email+password credential — a different identity store. The actual Authentik uat-customer password lives in authentik-uat-users-credentials:uat_customer_password, provisioned by infra/terraform/users.tf with lifecycle.ignore_changes = [password]. UAT testers were using the Better Auth value at the Authentik OIDC step and getting 401'd, blocking GRO-2026. Verified 2026-06-02: pulling the correct Secret value, signing in via SSO, and POST /api/portal/session-from-auth all succeed (returns 201 with valid portal session). Co-Authored-By: Paperclip <noreply@paperclip.ing>
Merge pull request 'Promote uat → main: GRO-2012 RescheduleFlow portalSessionId fallback' (#40 ) from uat into main
2026-06-02 14:40:01 +00:00 · 2026-06-01 19:10:08 +00:00 · 2026-06-01 17:46:35 +00:00 · 2026-06-01 16:38:14 +00:00 · 2026-05-27 02:27:32 +00:00 · 2026-05-26 13:23:52 +00:00
2 changed files with 17 additions and 1 deletions
@@ -0,0 +1,11 @@
 {
  "mcpServers": {
    "gitea": {
      "type": "http",
      "url": "https://git-mcp.farh.net/mcp",
      "headers": {
        "Authorization": "Bearer ${GITEA_TOKEN}"
      }
    }
  }
 }
@@ -354,7 +354,12 @@ These cases cover the `CustomerPortal` initialisation path that bridges an Authe
 **Pre-conditions:**
- UAT is configured with Authentik SSO and the `seed-uat-passwords` Secret in `groombook-uat` provides the seeded customer credentials (`uat-seed-password-source` memory).
+- UAT is configured with Authentik SSO. The seeded customer **Authentik** password lives in the `authentik-uat-users-credentials` Secret in the `groombook-uat` namespace (key `uat_customer_password`) — **NOT** in `seed-uat-passwords:customer-password` (that Secret holds the *Better Auth* email+password credential, a separate identity store; see GRO-2089). Pull the Authentik password at the start of every run:
  ```bash
  CUSTOMER_AUTHENTIK=$(kubectl get secret authentik-uat-users-credentials -n groombook-uat \
    -o jsonpath='{.data.uat_customer_password}' | base64 -d)
  ```
  The Authentik user is provisioned by Terraform (`infra/terraform/users.tf`); the `lifecycle.ignore_changes = [password]` block means the password is set on initial creation and never auto-rotated, so the value held in the live Secret is the one Authentik itself has. If Authentik rejects it, the user was re-provisioned out-of-band via the Authentik admin UI and the Secret has drifted from the live identity — fix the Secret (or the admin-set password) and re-run.
 - `POST /api/portal/session-from-auth` from [GRO-1866](https://paperclip.farhoodlabs.com/GRO/issues/GRO-1866) is deployed on UAT.
 - Clear cookies and localStorage between cases unless otherwise noted.
Author	SHA1	Message	Date
Flea Flicker	affb697708	fix(GRO-2089): correct Authentik customer credential source in §5.25 pre-conditions CI / Test (pull_request) Successful in 22s Details CI / Lint & Typecheck (pull_request) Successful in 28s Details CI / Build & Push Docker Image (pull_request) Successful in 15s Details The UAT_PLAYBOOK §5.25 (Customer Portal — Better Auth SSO Bridge) pre-condition incorrectly stated that the Authentik customer password comes from seed-uat-passwords:customer-password. That Secret holds the Better Auth email+password credential — a different identity store. The actual Authentik uat-customer password lives in authentik-uat-users-credentials:uat_customer_password, provisioned by infra/terraform/users.tf with lifecycle.ignore_changes = [password]. UAT testers were using the Better Auth value at the Authentik OIDC step and getting 401'd, blocking GRO-2026. Verified 2026-06-02: pulling the correct Secret value, signing in via SSO, and POST /api/portal/session-from-auth all succeed (returns 201 with valid portal session). Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-02 14:40:01 +00:00
Scrubs McBarkley	fdff0977ad	Merge pull request 'Promote uat → main: GRO-2012 RescheduleFlow portalSessionId fallback' (#40 ) from uat into main CI / Test (push) Successful in 23s Details CI / Lint & Typecheck (push) Successful in 29s Details CI / Build & Push Docker Image (push) Successful in 16s Details Promote uat → main: GRO-2012 RescheduleFlow portalSessionId fallback Gate checks: - UAT: GRO-2023 done (CTO verified, `ec29f719`) - Security: GRO-2032 Barkley PASS - UAT_PLAYBOOK.md: TC-WEB-5.26 present Fix: CustomerPortal.tsx:329 sessionId={session?.id ?? portalSessionId} Fix commit: `f29f1828c8` Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-01 19:10:08 +00:00
The Dogfather	ec29f71974	Merge pull request 'Promote to UAT: GRO-2012 RescheduleFlow portalSessionId fallback' (#39 ) from dev into uat CI / Test (push) Successful in 21s Details CI / Lint & Typecheck (push) Successful in 30s Details CI / Build & Push Docker Image (push) Successful in 10s Details CI / Test (pull_request) Successful in 21s Details CI / Lint & Typecheck (pull_request) Successful in 28s Details CI / Build & Push Docker Image (pull_request) Successful in 13s Details	2026-06-01 17:46:35 +00:00
The Dogfather	bd2a0d9516	Merge pull request 'Promote dev -> uat: GRO-2011 login-blank fix (+ GRO-1867)' (#37 ) from dev into uat CI / Test (push) Successful in 19s Details CI / Lint & Typecheck (push) Successful in 23s Details CI / Build & Push Docker Image (push) Successful in 10s Details	2026-06-01 16:38:14 +00:00
The Dogfather	0e5e9d1f16	Merge pull request 'chore: promote dev → uat (GRO-1829 SW fix)' (#32 ) from dev into uat CI / Test (push) Successful in 13s Details CI / Lint & Typecheck (push) Successful in 23s Details CI / Build & Push Docker Image (push) Successful in 15s Details Merge: promote dev → uat (GRO-1829 SW fix)	2026-05-27 02:27:32 +00:00
The Dogfather	3b4d0f15f6	Merge pull request 'chore: promote dev → uat (GRO-1795 StatusBadge)' (#28 ) from dev into uat CI / Lint & Typecheck (push) Successful in 17s Details CI / Test (push) Successful in 13s Details CI / Build & Push Docker Image (push) Successful in 34s Details Merge PR #28: promote dev → uat (GRO-1795 StatusBadge)	2026-05-26 13:23:52 +00:00
The Dogfather	87939e5413	Merge pull request 'chore: promote dev → uat (GRO-1794 booking analytics)' (#27 ) from dev into uat CI / Test (push) Successful in 19s Details CI / Lint & Typecheck (push) Successful in 22s Details CI / Build & Push Docker Image (push) Successful in 12s Details Merge dev → uat: GRO-1794 booking funnel analytics events	2026-05-26 13:16:39 +00:00
The Dogfather	4e3a038bf3	Merge pull request 'Promote dev → uat (GRO-1793: dynamic time slots)' (#25 ) from dev into uat CI / Test (push) Successful in 14s Details CI / Lint & Typecheck (push) Successful in 16s Details CI / Build & Push Docker Image (push) Failing after 6s Details Promote dev → uat: GRO-1793 dynamic portal time slots (#25)	2026-05-26 13:02:16 +00:00
Scrubs McBarkley	2aad7cb6a0	Merge pull request 'promote: uat → main (GRO-1757 SSO auto-provision fix)' (#21 ) from uat into main CI / Test (push) Successful in 13s Details CI / Lint & Typecheck (push) Successful in 21s Details CI / Build & Push Docker Image (push) Successful in 13s Details	2026-05-26 02:16:28 +00:00
Lint Roller	8349ea00de	Merge pull request 'promote: dev → uat (GRO-1757 SSO auto-provision fix)' (#19 ) from dev into uat CI / Test (push) Successful in 13s Details CI / Lint & Typecheck (push) Successful in 33s Details CI / Build & Push Docker Image (push) Successful in 14s Details CI / Test (pull_request) Successful in 19s Details CI / Lint & Typecheck (pull_request) Successful in 24s Details CI / Build & Push Docker Image (pull_request) Successful in 15s Details promote: dev → uat (GRO-1757 SSO auto-provision fix)	2026-05-25 23:48:10 +00:00
Chris Farhood	0c41640f59	Add .mcp.json CI / Test (push) Successful in 20s Details CI / Lint & Typecheck (push) Successful in 27s Details CI / Build & Push Docker Image (push) Successful in 4m1s Details	2026-05-24 18:15:24 +00:00
The Dogfather	0306c7fbd9	Merge pull request 'chore(GRO-1592): promote dev→uat SSO session cookie fix' (#16 ) from promote-uat-gro1592 into uat CI / Test (push) Successful in 12s Details CI / Lint & Typecheck (push) Successful in 18s Details CI / Build & Push Docker Image (push) Failing after 39s Details	2026-05-23 14:13:43 +00:00
Chris Farhood	93da2f1dd8	chore: promote dev→uat for GRO-1592 SSO session cookie fix CI / Lint & Typecheck (pull_request) Successful in 17s Details CI / Test (pull_request) Successful in 18s Details CI / Build & Push Docker Image (pull_request) Failing after 41s Details - Fixed frontend auth client baseURL fallback to use window.location.origin - Added UAT test coverage (TC-AUTH-5.3.4) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 14:13:12 +00:00
The Dogfather	62cbfe4e43	Merge pull request 'promote: dev → uat (GRO-1173 buffer rules + GRO-1470 pet save persistence)' (#14 ) from dev into uat CI / Test (push) Successful in 14s Details CI / Lint & Typecheck (push) Successful in 19s Details CI / Build & Push Docker Image (push) Successful in 9s Details promote: dev → uat (GRO-1173 buffer rules + GRO-1470 pet save persistence) (#14) Merged-By: The Dogfather (CTO) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 19:46:41 +00:00
The Dogfather	db6a2a1bbf	Merge pull request 'promote: dev → uat (Renovate config, GRO-1081)' (#11 ) from dev into uat promote: dev → uat (Renovate config, GRO-1081) Merge PR #11: dev → uat promotion Includes: chore: add Renovate config (GRO-1081)	2026-05-20 12:42:04 +00:00
The Dogfather	032a3796ba	Merge pull request 'chore: promote dev to uat (CI Docker registry fix)' (#10 ) from dev into uat chore: promote dev to uat (CI Docker registry fix) (#10) Promotes GRO-1348 CI registry fix to UAT.	2026-05-20 11:17:21 +00:00
the-dogfather-cto[bot]	cac8fc947e	chore(GRO-1289): promote dev to uat — add UAT_PLAYBOOK.md chore(GRO-1289): promote dev to uat — add UAT_PLAYBOOK.md	2026-05-14 21:13:56 +00:00
the-dogfather-cto[bot]	592be1301c	chore: promote dev to uat (#3 ) chore: promote dev to uat	2026-05-11 13:19:33 +00:00