AdminGit2026/nis2-agile
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
397185e245
nis2-agile/application/controllers
History
DevEnv nis2-agile de09af6d7e [FEAT] Fase 3 backend: portale fornitore OTP/magic-link (SupplierPortalController) 
Auth fornitore SEPARATA dagli utenti interni (supplier_users/otp/sessions, mig 034):
- SUPPLIER_JWT_SECRET dedicato, aud=supplier-portal, claim sp_uid/supplier_id/org_id
  (mai user_id); requireSupplierSession() verifica jti in supplier_sessions
  (revocabile), non tocca users/active_sessions.
- OTP 8 cifre SHA-256, 15min, lockout persistente (attempts+locked_until),
  invalidazione OTP precedenti, hash_equals, rate-limit email+IP.
- magic-link 32B hashed single-use (consumo atomico solo su verify).
- request-otp risposta opaca anti-enumerazione.
- OTP via EmailService::sendViaTemplate (/api/emails/send, fuori da email_log).
- Endpoint: requestOtp/verifyOtp (no auth) + me/getQuestionnaire/saveAnswers
  (PATCH autosave)/submitQuestionnaire. Ownership campaign.supplier_id==session (no IDOR).
- Scoring per-vulnerabilita (Art.21.3), snapshot domande immutabile.
- config: SUPPLIER_JWT_SECRET + PATCH in CORS_ALLOWED_METHODS.
- routes: controllerMap + actionMap supplier-portal.

php -l OK su tutti. Tabelle 034 gia' applicate su host.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-05-31 17:40:20 +02:00
..
AdminController.php [CORE] Initial project scaffold - NIS2 Agile Compliance Platform 2026-02-17 17:50:18 +01:00
AiController.php [FEAT] AiController /api/ai/ask (ARIA) -> askWithRag + fix DNS Qdrant php-fpm 2026-05-29 18:55:44 +02:00
AssessmentController.php [CORE] Initial project scaffold - NIS2 Agile Compliance Platform 2026-02-17 17:50:18 +01:00
AssetController.php [FIX] P2: uniformato relevance_criteria - score() salva criteri piatti come bulkUpsert (finding review) 2026-05-30 11:45:17 +02:00
AuditController.php [FEAT] Gap Analysis estesa ai requisiti ACN (specifiche di base 164179/2025) 2026-05-31 08:07:38 +02:00
AuthController.php [FIX] Auth CRITICI da test multi-agente: register senza jti + revoca sessione singola 2026-05-31 15:01:22 +02:00
BaseController.php [FEAT] Allineamento NIS2 ↔ TRPG (Fasi 1-5): SSO + Sessions + Reset + Impersonate + Branding 2026-05-29 13:18:35 +02:00
BrandingController.php [FEAT] Allineamento NIS2 ↔ TRPG (Fasi 1-5): SSO + Sessions + Reset + Impersonate + Branding 2026-05-29 13:18:35 +02:00
ContactController.php [FIX] MktgLeadController + ContactController: getRequestBody → getJsonBody 2026-03-09 12:19:21 +01:00
CrossAnalysisController.php [FEAT] L4 AI Cross-Analysis — analisi aggregata multi-org per consulenti 2026-03-09 08:17:53 +01:00
DashboardController.php [FIX] Test multi-agente: dashboard gauge + risks backToList/loadFair 2026-05-31 14:56:10 +02:00
FeedbackController.php [FIX] FeedbackController/Service: u.name → u.full_name (colonna corretta) 2026-03-10 08:56:19 +01:00
IncidentController.php [FIX] Precisione normativa: relazione finale +1 mese DALLA NOTIFICA + guida allineata 2026-05-31 16:13:21 +02:00
index.php [FEAT] Services API: full-snapshot endpoint + BigSim SSE wrapper 2026-03-17 15:16:00 +01:00
InviteController.php [FIX] InviteController requireRole→requireSuperAdmin + OnboardingController add RateLimitService 2026-03-10 15:54:16 +01:00
KnowledgeBaseController.php [FEAT] Knowledge Base RAG multi-livello (SYSTEM/FIRM/ORG) + Qdrant + Voyage 2026-05-29 15:44:13 +02:00
MktgLeadController.php [FEAT] MktgLead getJsonBody + script import-feedback-to-nexus + seed demo agile-tech 2026-05-29 15:42:05 +02:00
NonConformityController.php [FIX] ServicesController: query assessment_responses reale + NonConformityController: getPagination named keys 2026-03-09 10:22:40 +01:00
NormativeController.php [FIX] Database::execute() → Database::query() in 5 controller 2026-03-07 16:49:58 +01:00
OnboardingController.php [FIX] InviteController requireRole→requireSuperAdmin + OnboardingController add RateLimitService 2026-03-10 15:54:16 +01:00
OrganizationController.php [FIX][SEC] Connettori: autorizzazione per-org + secret allowlist (findings review multi-agente) 2026-05-30 11:37:25 +02:00
PolicyController.php [FIX] Policy: UNIQUE(policy_id,version) + diff LCS posizionale (findings review) 2026-05-30 11:39:38 +02:00
RiskController.php [FIX] computeFair: validazione range input (no overflow DECIMAL, no negativi/NaN/vuln>1) - finding review 2026-05-30 12:15:13 +02:00
ServicesController.php [FIX] P1 ingestion: retry su collisione incident_code + dedup race graceful + try/catch CCM (findings review) 2026-05-30 11:40:50 +02:00
SupplierPortalController.php [FEAT] Fase 3 backend: portale fornitore OTP/magic-link (SupplierPortalController) 2026-05-31 17:40:20 +02:00
SupplyChainController.php [FEAT] Fase 2 backend: campagne questionario (questionnaire_campaigns) + scadenze/ricorrenze 2026-05-31 17:14:24 +02:00
TrainingController.php [CORE] Initial project scaffold - NIS2 Agile Compliance Platform 2026-02-17 17:50:18 +01:00
WebhookController.php [FIX] Database::execute() → Database::query() in 5 controller 2026-03-07 16:49:58 +01:00
WhistleblowingController.php [FIX] Database::execute() → Database::query() in 5 controller 2026-03-07 16:49:58 +01:00