Description
Officer accounts should not be allowed to log in outside of defined curfew hours. Currently, the system may record curfew violations but does not actively prevent login attempts during restricted times.
This issue focuses on enforcing curfew rules, not just reporting them.
Acceptance Criteria
- Curfew hours are configurable (e.g. via environment variable or database)
- Officer login attempts outside curfew hours are blocked
- Clear and user-friendly error message is displayed
- Curfew checks apply to all authentication entry points
- Logic is centralized (not duplicated across routes)
- System time handling accounts for timezone correctly
Out of Scope
- Security reporting and audit logging (tracked in a separate issue)
Labels
security, auth, backend, high-priority
Description
Officer accounts should not be allowed to log in outside of defined curfew hours. Currently, the system may record curfew violations but does not actively prevent login attempts during restricted times.
This issue focuses on enforcing curfew rules, not just reporting them.
Acceptance Criteria
Out of Scope
Labels
security,auth,backend,high-priority