← All tests

R1.3.1 — Cashier picker + manager POS PIN + anti-escalation (prod)

2026-04-22 on prod. Four security/UX gaps in R1.3 closed in one cycle: (1) PIN-collision via two-step picker-then-PIN Lock screen; (2) Store Manager / Owner unlock path via "Unlock as {name}" button; (3) Unattended-terminal risk via mandatory separate POS PIN for managers (new tenant_users.pos_pin_hash, inline "Set your POS PIN" dialog); (4) Cashier-escalation via Set-PIN on unattended manager session — setOwnPosPinAction now requires the caller's Commerce password, bcrypt-verified against password_hash. All captured on get-coffee.nixtech.app.

14/14 R1.3.1 prod click-through passed. Full flow: "Set your POS PIN" CTA → password-gated dialog (wrong password rejected, correct accepted) → Manager override appears → keypad with ShieldCheck badge → wrong PIN error → correct PIN → PreShift → $100 cash → Register renders → Lock → pick cashier tile → cashier PIN → resume into the manager's open session. DB assertion confirmed cafe.sessions.opened_by_user_id set and opened_by_pin_id NULL for the manager unlock path.
Mid-gate fixes: (a) listCashiersForRegister now falls back to all tenant cashiers when the register isn't mapped — same OR-fallback spirit as M1 (commit 90d1bce). (b) Flaky UI transition after router.refresh() on cold Workers — test adds a hard-reload fallback: server state (cookie + DB row) is always correct, so a reload always surfaces the new phase.
47/47 total prod tests green — no regressions from this push.
test-r1-3-1-picker-prod.mjs14/14
test-phase1-prod.mjs11/11
test-m1-prod.mjs10/10
test-phase2-sso-outdoor-prod.mjs6/6
test-phase2-cafe-multishop-prod.mjs6/6