AdminGit2026/nis2-agile
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1d13166d7a
nis2-agile/docs/sql
History
DevEnv nis2-agile e4f9e9179e [FEAT] Allineamento NIS2 ↔ TRPG (Fasi 1-5): SSO + Sessions + Reset + Impersonate + Branding 
Implementazione completa del progetto allineamento alla suite Evix (TRPG/lg231),
basato sul doc canonico docs/GAP_TRPG_NIS2_ALIGNMENT.md (5 fasi, 18 gap).

Version 1.0.0 → 1.5.0

Fase 1 — SSO Federation (v1.1.0)
- Migration 015_sso_columns: users.sso_identity_id + password_version
- application/services/SsoHelper.php (client SSO dual-mode, cURL nativo, zero deps)
- AuthController::login() + changePassword() conditional SSO (SSO_MODE=local default)

Fase 2 — Multi-device Sessions (v1.2.0)
- Migration 016_active_sessions: tabella + refresh_tokens.session_jti
- BaseController::requireAuth() verifica jti + last_activity throttle + parseDeviceLabel
- login() genera jti, logout/changePassword revoca selettiva
- GET/DELETE /auth/sessions[/{id}]
- UI settings.html tab Sicurezza con lista device + revoca

Fase 3 — Password Reset + Tenant Switcher (v1.3.0)
- Migration 017_password_reset_tokens (TTL 30min, single-use)
- POST /auth/forgot-password (risposta opaca) + reset-password
- Pagine forgot-password.html + reset-password.html (con strength bar)
- EmailService::sendPasswordReset
- POST /auth/switchContext con rotazione JWT + organization_id claim
- Dropdown tenant in sidebar esposto a tutti gli utenti con ≥2 org

Fase 4 — Impersonate + Preferences + Versioning UI (v1.4.0)
- POST /auth/impersonate (super_admin o consulente stesso firm, TTL 1h, audit)
- Migration 018_user_preferences: users.theme/timezone/notif_email/notif_inapp
- GET/PUT /auth/preferences
- Sidebar footer mostra versione + changelog modal su click

Fase 5 — Branding white-label + Auth-gate (v1.5.0)
- Migration 019_firm_branding (logo/colori/brand_name per consulting firm)
- BrandingController GET /branding/current (auth opzionale) + PUT
- common.js auto-applica CSS variables al boot
- public/js/auth-gate.js (gate password client-side per docs riservati, da TRPG)

Skip motivati:
- G15 demo login: simulator esistenti coprono
- G18 refactor controllers: rinviato (~5gg, valore tecnico solo)

Cron sync SSO: AgileHub Ticket #220 aperto a team AGILEHUB per estendere
sso-password-sync.sh al DB nis2_agile_db. Prerequisito per switch SSO_MODE=dual.

Backup files: tutti i file modificati hanno .bak.pre-{fase}-{ts} sia in DEV
sia in /var/www/nis2-agile/.backups/ su Hetzner (rollback ready).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-29 13:18:35 +02:00
..
001_initial_schema.sql [CORE] Initial project scaffold - NIS2 Agile Compliance Platform 2026-02-17 17:50:18 +01:00
002_email_log.sql [FEAT] Add EmailService, RateLimitService, ReportService + integrations 2026-02-17 19:12:46 +01:00
003_voluntary_compliance.sql [FEAT] Visura auto-fill, adesione volontaria, modulo NCR/CAPA 2026-02-18 08:12:57 +01:00
004_ncr_capa.sql [FEAT] Visura auto-fill, adesione volontaria, modulo NCR/CAPA 2026-02-18 08:12:57 +01:00
005_consultant_support.sql [FEAT] Ruolo Consulente + Wizard Registrazione v2 2026-02-20 08:53:30 +01:00
006_security_improvements.sql [FIX] Migration 006: usa stored procedure per indici condizionali 2026-02-20 12:08:44 +01:00
007_services_api.sql [FIX] Migration SQL: INT NOT NULL per FK verso organizations/users (signed) 2026-03-07 13:22:08 +01:00
008_whistleblowing.sql [FIX] Migration SQL: INT NOT NULL per FK verso organizations/users (signed) 2026-03-07 13:22:08 +01:00
009_normative_updates.sql [FIX] Migration SQL: INT NOT NULL per FK verso organizations/users (signed) 2026-03-07 13:22:08 +01:00
010_audit_hash_chain.sql [FEAT] Simulazioni Demo + Audit Trail Certificato SHA-256 2026-03-07 13:56:53 +01:00
011_provisioning.sql [INTEG] Provisioning B2B automatico + fix JWT helpers 2026-03-07 15:02:11 +01:00
012_invites.sql [INVITE] Sistema inviti/licenze B2B + provisioning con invite_token 2026-03-07 15:22:25 +01:00
013_license_ext.sql [DB] Fix migration 013: MySQL 8.0 compat + script deploy idempotente 2026-03-07 16:48:53 +01:00
014_feedback.sql [FEAT] Sistema Segnalazioni & Risoluzione AI (feedback) 2026-03-10 08:51:52 +01:00
015_sso_columns.sql [FEAT] Allineamento NIS2 ↔ TRPG (Fasi 1-5): SSO + Sessions + Reset + Impersonate + Branding 2026-05-29 13:18:35 +02:00
016_active_sessions.sql [FEAT] Allineamento NIS2 ↔ TRPG (Fasi 1-5): SSO + Sessions + Reset + Impersonate + Branding 2026-05-29 13:18:35 +02:00
017_password_reset.sql [FEAT] Allineamento NIS2 ↔ TRPG (Fasi 1-5): SSO + Sessions + Reset + Impersonate + Branding 2026-05-29 13:18:35 +02:00
018_user_preferences.sql [FEAT] Allineamento NIS2 ↔ TRPG (Fasi 1-5): SSO + Sessions + Reset + Impersonate + Branding 2026-05-29 13:18:35 +02:00
019_firm_branding.sql [FEAT] Allineamento NIS2 ↔ TRPG (Fasi 1-5): SSO + Sessions + Reset + Impersonate + Branding 2026-05-29 13:18:35 +02:00
deploy_013.sh [DB] Fix migration 013: MySQL 8.0 compat + script deploy idempotente 2026-03-07 16:48:53 +01:00
reset-demo.sql [FIX] reset-demo.sql: gestione trigger audit_log + drop/recreate 2026-03-09 09:51:40 +01:00