fix(audit): MEDIUMs sweep — mobile More-sheet, portal profile, inline override, dialog UX, ext-EOI gate
R2-M11: mobile More-sheet missing 4 destinations. Added Reservations, Notifications, Residential, Website analytics — anyone using mobile chrome to triage on the go can now reach those domains. R2-M12: portal had no profile / change-password surface. New /portal/profile page with read-only contact details + a ChangePasswordForm component, backed by a new POST /api/portal/auth/change-password endpoint and changePortalPassword() service function. Audits both ok and failure cases at warning severity. Added Profile to PortalNav. R2-M1: portal dashboard "My Memberships" tile had no href and no /portal/memberships route — dead-end on tap. Hidden until a memberships page ships; the count remains in the underlying data. R2-M7: InlineStagePicker never sent override:true so users with interests.override_stage couldn't actually use the perm from the inline chip — they had to fall back to the modal picker. Now the picker auto-detects when a transition isn't legal AND the user has override_stage, sets override:true, and supplies a default reason. Frontend M2: hard-delete-dialog confirm stage now has a "Send a new code" link in case the original expired before the user could enter it. Avoids forcing a full Cancel + reopen. Frontend M4: audit-log-list date-range validation. From > To now shows an inline error and skips the request rather than firing an empty-range query that surfaces "no entries found". R2-M6: external-EOI route now requires interests.edit AND documents.upload_signed (defense-in-depth) — uploading a signed EOI mutates interest state, so the upload-signed perm alone shouldn't let a custom role flip an interest. 1175/1175 vitest passing. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Matt Ciaccio
88
src/components/portal/change-password-form.tsx
Normal file
88
src/components/portal/change-password-form.tsx
Normal file
@@ -0,0 +1,88 @@
|
||||
'use client';
|
||||
|
||||
import { useState } from 'react';
|
||||
import { toast } from 'sonner';
|
||||
|
||||
import { Button } from '@/components/ui/button';
|
||||
import { Input } from '@/components/ui/input';
|
||||
import { Label } from '@/components/ui/label';
|
||||
|
||||
export function ChangePasswordForm() {
|
||||
const [current, setCurrent] = useState('');
|
||||
const [next, setNext] = useState('');
|
||||
const [confirm, setConfirm] = useState('');
|
||||
const [pending, setPending] = useState(false);
|
||||
|
||||
const valid = current.length > 0 && next.length >= 9 && next === confirm;
|
||||
|
||||
async function handleSubmit(e: React.FormEvent) {
|
||||
e.preventDefault();
|
||||
if (!valid) return;
|
||||
setPending(true);
|
||||
try {
|
||||
const res = await fetch('/api/portal/auth/change-password', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify({ currentPassword: current, newPassword: next }),
|
||||
});
|
||||
const body = (await res.json().catch(() => ({}))) as { error?: string };
|
||||
if (!res.ok) {
|
||||
throw new Error(body.error || 'Password change failed');
|
||||
}
|
||||
toast.success('Password updated.');
|
||||
setCurrent('');
|
||||
setNext('');
|
||||
setConfirm('');
|
||||
} catch (err) {
|
||||
toast.error(err instanceof Error ? err.message : 'Password change failed');
|
||||
} finally {
|
||||
setPending(false);
|
||||
}
|
||||
}
|
||||
|
||||
return (
|
||||
<form onSubmit={handleSubmit} className="space-y-4 max-w-md">
|
||||
<div className="space-y-1.5">
|
||||
<Label htmlFor="cp-current">Current password</Label>
|
||||
<Input
|
||||
id="cp-current"
|
||||
type="password"
|
||||
autoComplete="current-password"
|
||||
value={current}
|
||||
onChange={(e) => setCurrent(e.target.value)}
|
||||
required
|
||||
/>
|
||||
</div>
|
||||
<div className="space-y-1.5">
|
||||
<Label htmlFor="cp-new">New password</Label>
|
||||
<Input
|
||||
id="cp-new"
|
||||
type="password"
|
||||
autoComplete="new-password"
|
||||
value={next}
|
||||
onChange={(e) => setNext(e.target.value)}
|
||||
minLength={9}
|
||||
required
|
||||
/>
|
||||
<p className="text-xs text-gray-500">At least 9 characters.</p>
|
||||
</div>
|
||||
<div className="space-y-1.5">
|
||||
<Label htmlFor="cp-confirm">Confirm new password</Label>
|
||||
<Input
|
||||
id="cp-confirm"
|
||||
type="password"
|
||||
autoComplete="new-password"
|
||||
value={confirm}
|
||||
onChange={(e) => setConfirm(e.target.value)}
|
||||
required
|
||||
/>
|
||||
{confirm && next !== confirm && (
|
||||
<p className="text-xs text-destructive">Passwords don’t match.</p>
|
||||
)}
|
||||
</div>
|
||||
<Button type="submit" disabled={!valid || pending}>
|
||||
{pending ? 'Updating…' : 'Update password'}
|
||||
</Button>
|
||||
</form>
|
||||
);
|
||||
}
|
||||
@@ -2,7 +2,15 @@
|
||||
|
||||
import Link from 'next/link';
|
||||
import { usePathname } from 'next/navigation';
|
||||
import { LayoutDashboard, Anchor, FileText, Receipt, Sailboat, CalendarCheck } from 'lucide-react';
|
||||
import {
|
||||
LayoutDashboard,
|
||||
Anchor,
|
||||
FileText,
|
||||
Receipt,
|
||||
Sailboat,
|
||||
CalendarCheck,
|
||||
User,
|
||||
} from 'lucide-react';
|
||||
import { cn } from '@/lib/utils';
|
||||
|
||||
const navItems = [
|
||||
@@ -12,6 +20,7 @@ const navItems = [
|
||||
{ label: 'Reservations', href: '/portal/my-reservations', icon: CalendarCheck },
|
||||
{ label: 'Documents', href: '/portal/documents', icon: FileText },
|
||||
{ label: 'Invoices', href: '/portal/invoices', icon: Receipt },
|
||||
{ label: 'Profile', href: '/portal/profile', icon: User },
|
||||
];
|
||||
|
||||
export function PortalNav() {
|
||||
|
||||
Reference in New Issue
Block a user