Add logout button to admin dashboard and test to verify its presence.
This completes the missing acceptance criterion for Story 1.4:
"Logout option available from admin interface"
Changes:
- Add logout form with CSRF protection to dashboard header
- Add integration test to verify logout button is present
- All tests pass (24/24)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Implement Story 1.2 (Admin Login) with full TDD approach including:
- RateLimit model for tracking authentication attempts
- LoginForm for admin authentication with email, password, and remember_me fields
- Rate limiting utility functions (check, increment, reset)
- admin_required decorator for route protection
- Login route with rate limiting (5 attempts per 15 minutes)
- Logout route with session clearing
- Admin dashboard now requires authentication
- Login template with flash message support
- 14 comprehensive integration tests covering all acceptance criteria
- Email normalization to lowercase
- Session persistence with configurable duration (7 or 30 days)
All acceptance criteria met:
- Login form accepts email and password
- Invalid credentials show appropriate error message
- Successful login redirects to admin dashboard
- Session persists across browser refreshes
- Rate limiting after 5 failed attempts
Test coverage: 90.67% (exceeds 80% requirement)
All linting and type checking passes
Story: 1.2
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
