From 405e507898d2cce6a03fbcf0d60edd84a34f7842 Mon Sep 17 00:00:00 2001 From: Ahmet Abdullah Gultekin Date: Wed, 22 Apr 2026 21:37:27 +0000 Subject: [PATCH] =?UTF-8?q?chore(web-app):=20bump=20submodule=20to=20Scope?= =?UTF-8?q?=20B=20=E2=80=94=20verify.fivucsas.com=20refresh?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Submodule bump a4c0053 → 70a4c06 to pull in Rollingcat-Software/web-app#25 (Scope B UI refresh for verify-app). - HostedLoginApp / VerifyApp / LoginMfaFlow visuals only; every OAuth handler, postMessage event, frame-bust effect, step component, SDK byte, CSP header preserved. - verify-widget/html/index.html regenerated by sync-assets.sh so the Docker image picks up the new bundle hashes. - fivucsas-auth.js SDK untouched — sha384 on live matches staged copy, bys-demo + every external integrator's SRI hash stays valid. Deploy: 3-step sync ran (build:verify → sync-assets.sh → docker compose up -d --build verify-widget). verify.fivucsas.com/ and /login → 200. 56/56 verify-app tests green; 608/608 full suite green. Co-Authored-By: Claude Opus 4.7 --- CHANGELOG.md | 61 +++++++++++++++++++++++++++++++++++ verify-widget/html/index.html | 6 ++-- web-app | 2 +- 3 files changed, 65 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bed1af6..53400bb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,67 @@ All notable changes to the FIVUCSAS platform. Dates are in ISO 8601 format. See each submodule's own `CHANGELOG.md` for granular per-repo changes. +## [2026-04-22b] UI refresh — verify.fivucsas.com (Scope B) + +Follow-up to Scope A. Polishes the hosted login surface +(`verify.fivucsas.com/login`) and the iframe widget +(`verify.fivucsas.com/?session_id=…`). + +**Zero functional change.** Preserves every OAuth handler, +postMessage event shape, frame-bust effect, `assertSafeRedirectScheme` +guard, step component, SDK byte, CSP header, and Permissions-Policy +delegation. The `fivucsas-auth.js` SDK is **not rebuilt** — SHA-384 on +live matches the staged copy, so `bys-demo`'s SRI hash and every +external integrator's `integrity="sha384-…"` attribute remain valid. + +### Changed + +- `web-app/` submodule bump: `a4c0053 → 70a4c06`. Pulls in + [Rollingcat-Software/web-app#25](https://github.com/Rollingcat-Software/web-app/pull/25): + - `src/verify-app/HostedLoginApp.tsx` — `HostedFrame` rebuilt: + ambient radial gradient canvas (light + dark aware), gradient + brand-mark above the card, "Secured by FIVUCSAS" pill with + `VerifiedUserOutlined` icon, Poppins display title, + `verify.fivucsas.com` microcopy footer. All `parseHostedParams`, + `resolveLocale`, frame-bust effect, tenant meta fetch with + AbortController + 10s timeout, `handleLoginComplete` + (`/oauth2/authorize/complete` call), and `handleCancel` preserved. + - `src/verify-app/VerifyApp.tsx` — iframe body wrapper tokens tuned; + transparent background preserved so parent page styling still + bleeds through the widget. Every postMessage emission + (`sendReady`, `sendStepChange`, `sendComplete`, `sendCancel`, + `sendError`, `onParentMessage`, `setParentOrigin`) and every + handler preserved. + - `src/verify-app/LoginMfaFlow.tsx` — Card chrome softened + (mode-aware elevation, 20 px radius), header uses Poppins display + font with tighter letter-spacing, cancel button with compact close + icon. Phase state machine + every one of the 10 step components + (`PasswordStep`, `MethodPickerStep`, `TotpStep`, `SmsOtpStep`, + `EmailOtpMfaStep`, `FaceCaptureStep`, `VoiceStep`, + `FingerprintStep`, `QrCodeStep`, `HardwareKeyStep`, `NfcStep`) + untouched. + +- `verify-widget/html/index.html` — regenerated by `sync-assets.sh` + to point at the new verify-app bundle + (`/assets/index-DGYB7Ly1.js`, `mui-vendor-DkSS5YNQ.js`, + `react-vendor-BkVLglrX.js`). This is the tracked entry for the + Docker image; asset chunks themselves remain gitignored. + +### Deploy (followed the required 3-step sync) + +1. `cd web-app && npm run build:verify` — clean, produced `dist-verify/` +2. `cd ../verify-widget && ./sync-assets.sh` — staged 43 files into + `verify-widget/html/`. SDK files (`fivucsas-auth.js`, `.esm.js`, + `.map`) kept their 2026-04-18 mtimes (untouched). +3. `docker compose -f docker-compose.prod.yml up -d --build verify-widget` + — nginx image rebuilt, container is healthy. + +**Live verification:** +- `https://verify.fivucsas.com/` + `/login` → 200 +- `sha384sum` on live `/fivucsas-auth.js` matches local staged copy — + SRI hashes in `bys-demo/index.html` + `callback.html` still valid +- 56 / 56 verify-app Vitest tests green, 608 / 608 full suite green + ## [2026-04-22] UI refresh — landing, web-app shell, BYS demo (Scope A) Zero functional change across the whole refresh. Every route, handler, diff --git a/verify-widget/html/index.html b/verify-widget/html/index.html index a8317d0..1ca6aff 100644 --- a/verify-widget/html/index.html +++ b/verify-widget/html/index.html @@ -24,10 +24,10 @@ html, body { width: 100%; min-height: 100%; overflow-x: hidden; } body { font-family: 'Inter', -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif; } - + - - + + diff --git a/web-app b/web-app index a4c0053..70a4c06 160000 --- a/web-app +++ b/web-app @@ -1 +1 @@ -Subproject commit a4c005343cda7944f2822887065ed1c14e24ffb1 +Subproject commit 70a4c06405c517045e8359f73e30d4a7fb1eb8ca