letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(audit): MEDIUMs sweep — mobile More-sheet, portal profile, inline override, dialog UX, ext-EOI gate

Browse Source 
R2-M11: mobile More-sheet missing 4 destinations. Added Reservations,
Notifications, Residential, Website analytics — anyone using mobile
chrome to triage on the go can now reach those domains.

R2-M12: portal had no profile / change-password surface. New
/portal/profile page with read-only contact details + a
ChangePasswordForm component, backed by a new POST
/api/portal/auth/change-password endpoint and
changePortalPassword() service function. Audits both ok and failure
cases at warning severity. Added Profile to PortalNav.

R2-M1: portal dashboard "My Memberships" tile had no href and no
/portal/memberships route — dead-end on tap. Hidden until a
memberships page ships; the count remains in the underlying data.

R2-M7: InlineStagePicker never sent override:true so users with
interests.override_stage couldn't actually use the perm from the
inline chip — they had to fall back to the modal picker. Now the
picker auto-detects when a transition isn't legal AND the user has
override_stage, sets override:true, and supplies a default reason.

Frontend M2: hard-delete-dialog confirm stage now has a "Send a new
code" link in case the original expired before the user could enter
it. Avoids forcing a full Cancel + reopen.

Frontend M4: audit-log-list date-range validation. From > To now
shows an inline error and skips the request rather than firing an
empty-range query that surfaces "no entries found".

R2-M6: external-EOI route now requires interests.edit AND
documents.upload_signed (defense-in-depth) — uploading a signed EOI
mutates interest state, so the upload-signed perm alone shouldn't
let a custom role flip an interest.

1175/1175 vitest passing.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Matt Ciaccio
2026-05-06 22:38:59 +02:00
parent da7ede71d6
commit b4fb3b2ca6
11 changed files with 303 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/app/(portal)/portal/dashboard/page.tsx
View File

@@ -1,5 +1,5 @@
import { redirect } from 'next/navigation';
import { Anchor, FileText, Receipt, Sailboat, Building2, CalendarCheck } from 'lucide-react';
import { Anchor, FileText, Receipt, Sailboat, CalendarCheck } from 'lucide-react';
import type { Metadata } from 'next';
import { getPortalSession } from '@/lib/portal/auth';
@@ -55,12 +55,9 @@ export default async function PortalDashboardPage() {
icon={Sailboat}
href="/portal/my-yachts"
/>
<PortalCard
title="My Memberships"
value={dashboard.counts.memberships}
description="Companies where you hold an active role"
icon={Building2}
/>
{/* My Memberships tile was a dead-end (no href, no /portal/memberships
route). Hidden until a memberships page ships. The count is still
available in the underlying dashboard data when needed. */}
<PortalCard
title="My Active Reservations"
value={dashboard.counts.activeReservations}

42
src/app/(portal)/portal/profile/page.tsx Normal file
View File

@@ -0,0 +1,42 @@
import { redirect } from 'next/navigation';
import type { Metadata } from 'next';
import { getPortalSession } from '@/lib/portal/auth';
import { ChangePasswordForm } from '@/components/portal/change-password-form';
export const metadata: Metadata = { title: 'Profile' };
export default async function PortalProfilePage() {
const session = await getPortalSession();
if (!session) redirect('/portal/login');
return (
<div className="space-y-6">
<div>
<h1 className="text-2xl font-semibold text-gray-900">Profile</h1>
<p className="text-sm text-gray-500 mt-1">
Read-only contact details and self-service password change.
</p>
</div>
<div className="bg-white rounded-lg border p-6 space-y-2 text-sm">
<div className="flex items-baseline justify-between">
<span className="text-gray-500">Email</span>
<span className="font-medium">{session.email}</span>
</div>
<p className="text-xs text-gray-400 pt-1">
To update name, phone, or address, please contact your port team they keep the records
authoritative.
</p>
</div>
<div className="bg-white rounded-lg border p-6">
<h2 className="text-base font-semibold text-gray-900 mb-1">Change password</h2>
<p className="text-sm text-gray-500 mb-4">
You&rsquo;ll need your current password to confirm.
</p>
<ChangePasswordForm />
</div>
</div>
);
}

44
src/app/api/portal/auth/change-password/route.ts Normal file
View File

@@ -0,0 +1,44 @@
import { NextRequest, NextResponse } from 'next/server';
import { z } from 'zod';
import { eq } from 'drizzle-orm';
import { db } from '@/lib/db';
import { portalUsers } from '@/lib/db/schema/portal';
import { errorResponse, UnauthorizedError, ValidationError } from '@/lib/errors';
import { getPortalSession } from '@/lib/portal/auth';
import { changePortalPassword } from '@/lib/services/portal-auth.service';
const bodySchema = z.object({
currentPassword: z.string().min(1),
newPassword: z.string().min(9),
});
export async function POST(req: NextRequest): Promise<NextResponse> {
try {
const session = await getPortalSession();
if (!session) throw new UnauthorizedError('Portal session required');
let body: unknown;
try {
body = await req.json();
} catch {
throw new ValidationError('Invalid request body');
}
const { currentPassword, newPassword } = bodySchema.parse(body);
const user = await db.query.portalUsers.findFirst({
where: eq(portalUsers.email, session.email),
});
if (!user) throw new UnauthorizedError('Portal account not found');
await changePortalPassword({
portalUserId: user.id,
currentPassword,
newPassword,
});
return NextResponse.json({ data: { ok: true } });
} catch (error) {
return errorResponse(error);
}
}

11
src/app/api/v1/interests/[id]/external-eoi/route.ts
View File

@@ -2,7 +2,7 @@ import { NextResponse } from 'next/server';
import { withAuth, withPermission } from '@/lib/api/helpers';
import { uploadExternallySignedEoi } from '@/lib/services/external-eoi.service';
import { errorResponse, NotFoundError, ValidationError } from '@/lib/errors';
import { errorResponse, ForbiddenError, NotFoundError, ValidationError } from '@/lib/errors';
export const POST = withAuth(
withPermission('documents', 'upload_signed', async (req, ctx, params) => {
@@ -10,6 +10,15 @@ export const POST = withAuth(
const interestId = params.id;
if (!interestId) throw new NotFoundError('Interest');
// Defense-in-depth: uploading an externally-signed EOI mutates
// the interest's effective state (flips it to "signed"). Require
// interests.edit in addition to documents.upload_signed so a
// custom role with the upload bit but no interest-edit can't flip
// an interest. Super-admin bypasses (audit R2-M6).
if (!ctx.isSuperAdmin && !ctx.permissions?.interests?.edit) {
throw new ForbiddenError('interests.edit required to upload an external EOI');
}
const form = await req.formData();
const file = form.get('file');
if (!file || !(file instanceof File)) {

16
src/components/admin/audit/audit-log-list.tsx
View File

@@ -140,8 +140,12 @@ export function AuditLogList() {
if (source !== 'all') params.set('source', source);
if (debouncedSearch) params.set('search', debouncedSearch);
if (debouncedUserId) params.set('userId', debouncedUserId);
if (dateFrom) params.set('dateFrom', new Date(dateFrom).toISOString());
if (dateTo) {
// Skip the date filters when From > To — the inline warning below
// tells the user to fix it; we don't want to fire a request with a
// useless empty range either.
const datesValid = !(dateFrom && dateTo && dateFrom > dateTo);
if (datesValid && dateFrom) params.set('dateFrom', new Date(dateFrom).toISOString());
if (datesValid && dateTo) {
const end = new Date(dateTo);
end.setHours(23, 59, 59, 999);
params.set('dateTo', end.toISOString());
@@ -207,6 +211,8 @@ export function AuditLogList() {
Boolean(dateFrom) ||
Boolean(dateTo);
const dateRangeInvalid = Boolean(dateFrom && dateTo && dateFrom > dateTo);
const columns: ColumnDef<AuditEntry, unknown>[] = [
{
accessorKey: 'createdAt',
@@ -475,6 +481,12 @@ export function AuditLogList() {
) : null}
</div>
{dateRangeInvalid && (
<p className="mt-2 text-xs text-destructive">
From date must be on or before To date date filter ignored.
</p>
)}
{loadError && !loading && entries.length === 0 ? (
<div className="mt-4 rounded-md border border-destructive/30 bg-destructive/5 p-4 text-sm space-y-2">
<p className="text-destructive">Couldn&rsquo;t load audit log: {loadError}</p>

19
src/components/clients/hard-delete-dialog.tsx
View File

@@ -122,9 +122,22 @@ export function HardDeleteDialog({ open, onOpenChange, clientId, clientName, onD
<div className="space-y-3">
<div className="flex items-start gap-2 rounded-md border border-blue-300 bg-blue-50 p-3 text-xs text-blue-900">
<Mail className="h-4 w-4 shrink-0 mt-0.5" />
<div>
Code sent to <span className="font-mono">{maskedEmail}</span>. It expires in 10
minutes. Check your inbox and enter both fields below.
<div className="flex-1">
<div>
Code sent to <span className="font-mono">{maskedEmail}</span>. It expires in 10
minutes.
</div>
<button
type="button"
onClick={() => {
setCode('');
requestCode.mutate();
}}
disabled={requestCode.isPending}
className="mt-1 text-blue-700 underline-offset-2 hover:underline disabled:opacity-60"
>
{requestCode.isPending ? 'Sending…' : 'Send a new code'}
</button>
</div>
</div>
<div className="space-y-1.5">

23
src/components/interests/inline-stage-picker.tsx
View File

@@ -18,6 +18,8 @@ import {
safeStage,
type PipelineStage,
} from '@/components/clients/pipeline-constants';
import { canTransitionStage } from '@/lib/constants';
import { usePermissions } from '@/hooks/use-permissions';
interface InlineStagePickerProps {
interestId: string;
@@ -47,15 +49,28 @@ export function InlineStagePicker({
const [open, setOpen] = useState(false);
const [reason, setReason] = useState('');
const [pendingStage, setPendingStage] = useState<string | null>(null);
const { can } = usePermissions();
const canOverride = can('interests', 'override_stage');
const stage = safeStage(currentStage);
const mutation = useMutation({
mutationFn: async (next: PipelineStage) =>
apiFetch(`/api/v1/interests/${interestId}/stage`, {
mutationFn: async (next: PipelineStage) => {
// Auto-set override:true when the picked stage isn't a legal
// transition AND the user has override_stage. Without this, the
// permission was unreachable from the inline picker (audit R2-M7)
// and users had to fall back to the modal InterestStagePicker.
const needsOverride = !canTransitionStage(stage, next);
const useOverride = needsOverride && canOverride;
return apiFetch(`/api/v1/interests/${interestId}/stage`, {
method: 'PATCH',
body: { pipelineStage: next, reason: reason.trim() || undefined },
}),
body: {
pipelineStage: next,
reason: reason.trim() || (useOverride ? 'Manual override (inline)' : undefined),
override: useOverride || undefined,
},
});
},
onSuccess: (_data, next) => {
queryClient.invalidateQueries({ queryKey: ['interests', interestId] });
queryClient.invalidateQueries({ queryKey: ['interests'] });

8
src/components/layout/mobile/more-sheet.tsx
View File

@@ -3,11 +3,15 @@
import Link from 'next/link';
import { usePathname } from 'next/navigation';
import {
Anchor,
BarChart3,
Bell,
BellRing,
Bookmark,
Building2,
FileText,
Globe,
Home,
Mail,
Receipt,
Settings,
@@ -42,6 +46,10 @@ const MORE_ITEMS: MoreItem[] = [
{ label: 'Invoices', icon: FileText, segment: 'invoices' },
{ label: 'Expenses', icon: Receipt, segment: 'expenses' },
{ label: 'Inbox', icon: Mail, segment: 'email' },
{ label: 'Reservations', icon: Anchor, segment: 'berth-reservations' },
{ label: 'Notifications', icon: BellRing, segment: 'notifications' },
{ label: 'Residential', icon: Home, segment: 'residential/clients' },
{ label: 'Website analytics', icon: Globe, segment: 'website-analytics' },
{ label: 'Alerts', icon: ShieldAlert, segment: 'alerts' },
{ label: 'Reports', icon: BarChart3, segment: 'reports' },
{ label: 'Reminders', icon: Bell, segment: 'reminders' },

88
src/components/portal/change-password-form.tsx Normal file
View File

@@ -0,0 +1,88 @@
'use client';
import { useState } from 'react';
import { toast } from 'sonner';
import { Button } from '@/components/ui/button';
import { Input } from '@/components/ui/input';
import { Label } from '@/components/ui/label';
export function ChangePasswordForm() {
const [current, setCurrent] = useState('');
const [next, setNext] = useState('');
const [confirm, setConfirm] = useState('');
const [pending, setPending] = useState(false);
const valid = current.length > 0 && next.length >= 9 && next === confirm;
async function handleSubmit(e: React.FormEvent) {
e.preventDefault();
if (!valid) return;
setPending(true);
try {
const res = await fetch('/api/portal/auth/change-password', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ currentPassword: current, newPassword: next }),
});
const body = (await res.json().catch(() => ({}))) as { error?: string };
if (!res.ok) {
throw new Error(body.error || 'Password change failed');
}
toast.success('Password updated.');
setCurrent('');
setNext('');
setConfirm('');
} catch (err) {
toast.error(err instanceof Error ? err.message : 'Password change failed');
} finally {
setPending(false);
}
}
return (
<form onSubmit={handleSubmit} className="space-y-4 max-w-md">
<div className="space-y-1.5">
<Label htmlFor="cp-current">Current password</Label>
<Input
id="cp-current"
type="password"
autoComplete="current-password"
value={current}
onChange={(e) => setCurrent(e.target.value)}
required
/>
</div>
<div className="space-y-1.5">
<Label htmlFor="cp-new">New password</Label>
<Input
id="cp-new"
type="password"
autoComplete="new-password"
value={next}
onChange={(e) => setNext(e.target.value)}
minLength={9}
required
/>
<p className="text-xs text-gray-500">At least 9 characters.</p>
</div>
<div className="space-y-1.5">
<Label htmlFor="cp-confirm">Confirm new password</Label>
<Input
id="cp-confirm"
type="password"
autoComplete="new-password"
value={confirm}
onChange={(e) => setConfirm(e.target.value)}
required
/>
{confirm && next !== confirm && (
<p className="text-xs text-destructive">Passwords don&rsquo;t match.</p>
)}
</div>
<Button type="submit" disabled={!valid || pending}>
{pending ? 'Updating…' : 'Update password'}
</Button>
</form>
);
}

11
src/components/portal/portal-nav.tsx
View File

@@ -2,7 +2,15 @@
import Link from 'next/link';
import { usePathname } from 'next/navigation';
import { LayoutDashboard, Anchor, FileText, Receipt, Sailboat, CalendarCheck } from 'lucide-react';
import {
LayoutDashboard,
Anchor,
FileText,
Receipt,
Sailboat,
CalendarCheck,
User,
} from 'lucide-react';
import { cn } from '@/lib/utils';
const navItems = [
@@ -12,6 +20,7 @@ const navItems = [
{ label: 'Reservations', href: '/portal/my-reservations', icon: CalendarCheck },
{ label: 'Documents', href: '/portal/documents', icon: FileText },
{ label: 'Invoices', href: '/portal/invoices', icon: Receipt },
{ label: 'Profile', href: '/portal/profile', icon: User },
];
export function PortalNav() {

48
src/lib/services/portal-auth.service.ts
View File

@@ -159,6 +159,54 @@ export async function resendActivation(portalUserId: string, portId: string): Pr
});
}
// ─── Self-service password change (logged-in portal user) ───────────────────
export async function changePortalPassword(args: {
portalUserId: string;
currentPassword: string;
newPassword: string;
}): Promise<void> {
if (args.newPassword.length < MIN_PASSWORD_LENGTH) {
throw new ValidationError(`Password must be at least ${MIN_PASSWORD_LENGTH} characters`);
}
const user = await db.query.portalUsers.findFirst({
where: eq(portalUsers.id, args.portalUserId),
});
if (!user || !user.isActive || !user.passwordHash) {
throw new UnauthorizedError('Account not found');
}
const ok = await verifyPassword(args.currentPassword, user.passwordHash);
if (!ok) {
void createAuditLog({
userId: null,
portId: user.portId,
action: 'password_change',
entityType: 'portal_user',
entityId: user.id,
metadata: { ok: false, reason: 'wrong_current_password' },
severity: 'warning',
source: 'auth',
});
throw new UnauthorizedError('Current password is incorrect');
}
const passwordHash = await hashPassword(args.newPassword);
await db
.update(portalUsers)
.set({ passwordHash, updatedAt: new Date() })
.where(eq(portalUsers.id, user.id));
void createAuditLog({
userId: null,
portId: user.portId,
action: 'password_change',
entityType: 'portal_user',
entityId: user.id,
metadata: { ok: true },
severity: 'info',
source: 'auth',
});
}
// ─── Activation: client sets their initial password ──────────────────────────
export async function activateAccount(rawToken: string, password: string): Promise<void> {