AdminGit2026/nis2-agile
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
de09af6d7e
nis2-agile/public
History
DevEnv nis2-agile de09af6d7e [FEAT] Fase 3 backend: portale fornitore OTP/magic-link (SupplierPortalController) 
Auth fornitore SEPARATA dagli utenti interni (supplier_users/otp/sessions, mig 034):
- SUPPLIER_JWT_SECRET dedicato, aud=supplier-portal, claim sp_uid/supplier_id/org_id
  (mai user_id); requireSupplierSession() verifica jti in supplier_sessions
  (revocabile), non tocca users/active_sessions.
- OTP 8 cifre SHA-256, 15min, lockout persistente (attempts+locked_until),
  invalidazione OTP precedenti, hash_equals, rate-limit email+IP.
- magic-link 32B hashed single-use (consumo atomico solo su verify).
- request-otp risposta opaca anti-enumerazione.
- OTP via EmailService::sendViaTemplate (/api/emails/send, fuori da email_log).
- Endpoint: requestOtp/verifyOtp (no auth) + me/getQuestionnaire/saveAnswers
  (PATCH autosave)/submitQuestionnaire. Ownership campaign.supplier_id==session (no IDOR).
- Scoring per-vulnerabilita (Art.21.3), snapshot domande immutabile.
- config: SUPPLIER_JWT_SECRET + PATCH in CORS_ALLOWED_METHODS.
- routes: controllerMap + actionMap supplier-portal.

php -l OK su tutti. Tabelle 034 gia' applicate su host.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-05-31 17:40:20 +02:00
..
admin [FEAT] UI Fasi 4+5: Impersonate banner + Preferenze + Branding white-label (v1.6.0) 2026-05-29 13:28:57 +02:00
css [UX] FAB feedback: pill cyan con label, animazione pulse, stile lg231 2026-03-10 11:27:19 +01:00
docs [DOCS] Pagina documentazione Testing & Simulazione 2026-03-10 09:40:27 +01:00
integrations [MIGRATE] Migrazione a nis2.agile.software 2026-03-07 14:07:10 +01:00
js [FEAT] Fase 2 backend: campagne questionario (questionnaire_campaigns) + scadenze/ricorrenze 2026-05-31 17:14:24 +02:00
.htaccess [FIX] Deploy fixes - Auth header passthrough, dashboard query, landing page 2026-02-17 18:08:43 +01:00
api-status.php [CORE] Initial project scaffold - NIS2 Agile Compliance Platform 2026-02-17 17:50:18 +01:00
architecture.html [FEAT] i18n IT/EN, Help Online contestuale, pagina Architettura 2026-02-18 08:34:37 +01:00
assessment.html [SEC+UX] Hardening sicurezza + miglioramenti UX pre-audit 2026-02-20 12:01:33 +01:00
assets.html [FIX] ri-review guida: 2 fix guida + 2 fix prodotto UI orfane 2026-05-31 08:51:30 +02:00
companies.html [DOCS] Help: HelpSystem.init su normative + companies (edit prima falliti) 2026-05-31 16:42:08 +02:00
cross-analysis.html [FEAT] L4 AI Cross-Analysis — analisi aggregata multi-org per consulenti 2026-03-09 08:17:53 +01:00
dashboard.html [FIX] Test multi-agente: dashboard gauge + risks backToList/loadFair 2026-05-31 14:56:10 +02:00
forgot-password.html [FEAT] Allineamento NIS2 ↔ TRPG (Fasi 1-5): SSO + Sessions + Reset + Impersonate + Branding 2026-05-29 13:18:35 +02:00
guida.html [FIX] Precisione normativa: relazione finale +1 mese DALLA NOTIFICA + guida allineata 2026-05-31 16:13:21 +02:00
incidents.html [FIX] incidents.html: apostrofi non-escaped in evalSignificance rompevano l'intera pagina 2026-05-31 11:12:03 +02:00
index-en.html [FEAT] UI: guida online, landing EN, mobile-conversion, ai-assistant, bug-reporter + help/i18n 2026-05-29 15:42:00 +02:00
index.html [FEAT] UI: guida online, landing EN, mobile-conversion, ai-assistant, bug-reporter + help/i18n 2026-05-29 15:42:00 +02:00
index.php [FEAT] Fase 3 backend: portale fornitore OTP/magic-link (SupplierPortalController) 2026-05-31 17:40:20 +02:00
integrazioniext.html [SEC] Redatta chiave API mktg esposta in pagine pubbliche (F1 security audit) 2026-05-31 16:16:53 +02:00
kb.html [DOCS] Help contestuale cablato su whistleblowing/normative/companies/kb 2026-05-31 16:40:57 +02:00
licenseExt.html [FEAT] licenseExt: sezione dati destinatario pre-compila form + link pronto + modale con recipient data 2026-03-10 12:00:26 +01:00
login.html [FEAT] Allineamento NIS2 ↔ TRPG (Fasi 1-5): SSO + Sessions + Reset + Impersonate + Branding 2026-05-29 13:18:35 +02:00
mktg-api-doc.html [SEC] Redatta chiave API mktg esposta in pagine pubbliche (F1 security audit) 2026-05-31 16:16:53 +02:00
mobile-conversion.css [FEAT] UI: guida online, landing EN, mobile-conversion, ai-assistant, bug-reporter + help/i18n 2026-05-29 15:42:00 +02:00
mobile-conversion.js [FEAT] UI: guida online, landing EN, mobile-conversion, ai-assistant, bug-reporter + help/i18n 2026-05-29 15:42:00 +02:00
nis2-license-api.postman.json [MKTG-API] Fix: Postman collection in public root 2026-03-07 16:05:49 +01:00
normative.html [DOCS] Help: HelpSystem.init su normative + companies (edit prima falliti) 2026-05-31 16:42:08 +02:00
onboarding.html [UX] Standardizzazione login/register/onboarding + Test Runner v2 2026-03-07 17:11:25 +01:00
policies.html [UX+SEC] Eccellenza pre-audit: idle timeout, loading states, i18n, UX polish 2026-02-20 12:25:52 +01:00
presentation.html [FEAT] Presentazione NIS2 Agile nel repo (presentation.html) 2026-03-09 15:31:07 +01:00
register.html [FEAT] Simulatore B2B licenze + registrazione ridotta 2026-03-10 15:26:23 +01:00
reports.html [FIX] ri-review guida: 2 fix guida + 2 fix prodotto UI orfane 2026-05-31 08:51:30 +02:00
reset-password.html [FEAT] Allineamento NIS2 ↔ TRPG (Fasi 1-5): SSO + Sessions + Reset + Impersonate + Branding 2026-05-29 13:18:35 +02:00
risks.html [FIX] Test multi-agente: dashboard gauge + risks backToList/loadFair 2026-05-31 14:56:10 +02:00
service-continuity.html [FEAT] UI: guida online, landing EN, mobile-conversion, ai-assistant, bug-reporter + help/i18n 2026-05-29 15:42:00 +02:00
settings.html [FEAT] UI Fasi 4+5: Impersonate banner + Preferenze + Branding white-label (v1.6.0) 2026-05-29 13:28:57 +02:00
setup-org.html [FIX] Fix annual_turnover field name in setup-org.html 2026-02-17 19:49:57 +01:00
simulate-b2b.html [FEAT] Simulatore B2B licenze + registrazione ridotta 2026-03-10 15:26:23 +01:00
simulate-nis2-big.php [FEAT] Services API: full-snapshot endpoint + BigSim SSE wrapper 2026-03-17 15:16:00 +01:00
simulate-nis2.php [FIX] simulate wrapper: PHP_BINARY→php-cli corretto (FPM≠CLI) 2026-03-10 10:51:48 +01:00
simulate.html [FIX] simulate.html: card BIG + training user_ids array fix 2026-03-17 15:32:02 +01:00
supplier-assessment.html [FEAT] Self-assessment fornitori (P3 supply chain) - portale pubblico con token 2026-05-30 10:19:01 +02:00
supply-chain.html [FIX] supply-chain: selettore modale errato (#app-modal -> #modal-overlay) 2026-05-31 14:40:03 +02:00
test-runner.php [FIX] test-runner: aggiorna email/password ai valori del simulatore 2026-03-09 10:03:14 +01:00
training.html [FIX] i18n funzionante + bug audit.html + help system 2026-02-20 11:17:04 +01:00
version.json [DOCS] Help contestuale cablato su whistleblowing/normative/companies/kb 2026-05-31 16:40:57 +02:00
whistleblowing.html [DOCS] Help contestuale cablato su whistleblowing/normative/companies/kb 2026-05-31 16:40:57 +02:00
workflow.html [FEAT] Compliance Journey — workflow visivo 6 fasi NIS2 2026-03-09 07:54:15 +01:00