← All tests

R1.3.1 — Cashier picker + manager POS PIN (prod)

2026-04-22 on prod. Three security/UX gaps in R1.3 closed in one cycle: (1) PIN-collision via two-step picker-then-PIN Lock screen; (2) Store Manager / Owner unlock path via "Unlock as {name}" button; (3) Unattended-terminal risk via mandatory separate POS PIN for managers (new tenant_users.pos_pin_hash, inline "Set your POS PIN" dialog on first use). All captured on get-coffee.nixtech.app.

13/13 R1.3.1 prod click-through passed. Full flow: "Set your POS PIN" CTA → dialog → Manager override appears → keypad with ShieldCheck badge → wrong PIN error → correct PIN → PreShift → $100 cash → Register renders → Lock → pick cashier tile → cashier PIN → resume into the manager's open session. DB assertion confirmed cafe.sessions.opened_by_user_id set and opened_by_pin_id NULL for the manager unlock path.
Mid-gate fix: first run passed 12/13; cashier tile wasn't visible after Lock because listCashiersForRegister with an unmapped register (shopId=null) only returned null-shop cashiers. Updated the fallback to show every active cashier in the tenant when the register isn't mapped — same OR-fallback spirit as M1 and openShiftAction. Commit 90d1bce.
46/46 total prod tests green — no regressions from this push.
test-r1-3-1-picker-prod.mjs13/13
test-phase1-prod.mjs11/11
test-m1-prod.mjs10/10
test-phase2-sso-outdoor-prod.mjs6/6
test-phase2-cafe-multishop-prod.mjs6/6