- Added PGPASSWORD environment variable check at script start
- Replaced 3 instances of hardcoded 'NordaBiz2025Secure' with $PGPASSWORD
- Added usage instructions and security warning (CWE-798)
- Script now exits with error if PGPASSWORD is not set
- Removed hardcoded DATABASE_URL assignment with 'NordaBiz2025Secure' password
- Added comprehensive warning comment about CWE-798 security vulnerability
- Script now relies on DATABASE_URL environment variable or safe fallback from database.py
- Follows same security pattern as other updated scripts (run_migration.py, etc.)
- Replaced hardcoded password 'NordaBiz2025Secure' with placeholder 'CHANGE_ME'
- Added comprehensive warning comment about CWE-798 (Use of Hard-coded Credentials)
- Production credentials must now be set via DATABASE_URL environment variable
Fixed 2 minor inaccuracies found during verification:
- Company logos count: 82 → 80 images
- Python packages count: 13 → 16 packages
Comprehensive verification completed:
✅ No static HTML references
✅ All files exist
✅ Technology versions correct
✅ Commands verified
✅ Production details accurate
See technical-verification-report.md for full details.
Completed comprehensive key features inventory for README.md update.
Created key-features-inventory.md (19KB) documenting 20 features:
- 5 user-facing features (Company Directory, Search, AI Chat, Auth, Notifications)
- 8 admin features (News, Social Media, SEO, GBP/IT Audits, Forum, Calendar, Users)
- 7 technical features (API, Deployment, Security, Database, Verification, External APIs, Testing)
All features categorized by priority (top/high/medium) and documented with:
- Implementation status (all LIVE)
- Technology stack
- Endpoints/scripts
- Database tables
- Source references
Acceptance criteria met:
✓ Complete feature list from CLAUDE.md
✓ User-facing vs admin features categorized
✓ All features documented with details and sources
Files created in .auto-claude/specs/:
- key-features-inventory.md (19KB)
- Updated build-progress.txt
- Updated implementation_plan.json
- Add dark admin bar below main navigation (visible only for admins)
- Group admin functions into 3 dropdowns: Zarządzanie, Audyty, Analityka
- Remove admin links from user dropdown menu
- Keep user menu clean with only personal items
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add POST /api/admin/users/ai-parse endpoint for text/image parsing
- Add POST /api/admin/users/bulk-create for batch user creation
- Add "Dodaj z AI" button with purple gradient in admin users panel
- Add 3-step modal flow (Input → Review → Results)
- Support text paste from any source (email, Excel, CRM, Slack)
- Support screenshot upload and clipboard paste (Ctrl+V / Cmd+V)
- AI extracts emails, names, matches companies, detects admin roles
- Display generated passwords with copy functionality
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Zmiana lazy='joined' dla relationship w modelu User
aby uniknąć błędu podczas dostępu do current_user.company w szablonach
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add /admin/users panel for managing users (toggle admin, toggle verified, assign company, reset password, delete)
- Add link to admin menu in base.html
- Replace native confirm()/alert() with styled modals and toast notifications
- Add confirmation modal for password reset with warning icon
- Add styled reset URL modal with copy functionality
- Add danger-styled confirmation modal for user deletion
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove sensitive tokens from logs (show only 8-char preview)
- Enforce SECRET_KEY minimum 32 characters (no default value)
- Reduce login rate limit from 100/hour to 5/hour
- Remove exposed PageSpeed API key from CLAUDE.md
BREAKING: Application requires SECRET_KEY >= 32 chars in .env
Author: Maciej Pienczyn z wykorzystaniem AI i Claude Opus
- Add /release-notes route with changelog from v1.0.0 to v1.9.0
- Document all major features added since platform launch
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add /admin/gbp-audit panel with completeness stats, field coverage, company table
- Add /admin/social-audit panel with platform coverage, top followers, company table
- Update admin menu with new dashboard links
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add value attribute to 5 text input fields (it_provider_name, it_contact_name,
it_contact_email, azure_tenant_name, ad_domain_name)
- Add content to collaboration_notes textarea
- Add JavaScript initialization for 23 select dropdowns in initializeForm()
This ensures that when editing an existing IT Audit, all previously entered values
are displayed in the form instead of showing empty fields with placeholders.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Edge cases handled:
1. Partial submission:
- Added is_partial flag to save response
- Dynamic success message based on completeness score
- Completeness threshold messages (< 30%, 30-70%, > 70%)
2. Company without audit:
- Fixed template to show "Brak audytu" for companies without audit
- Added "Utwórz audyt" button (+ icon) for companies without audit
- Fixed data structure mismatch between route and template
3. Multiple audit history:
- Added get_company_audit_history() convenience function
- Added has_company_audit() helper function
- Added /api/it-audit/history/<company_id> API endpoint
- Returns history_count in save response
Other fixes:
- Fixed stats variable naming in admin_it_audit route
- Fixed collaboration_matches data structure for template
- Fixed url_for to use slug instead of company_id
- Fixed match_type filter (shared_licensing not shared_m365_licensing)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Created comprehensive test suite for IT audit collaboration matching:
1. Unit tests (tests/test_it_audit_collaboration.py):
- 12 tests verifying all 6 match types
- Backup replication, shared licensing, Teams federation
- Shared monitoring, collective purchasing, knowledge sharing
- Edge cases for size parsing and similarity
2. Integration test script (scripts/test_collaboration_matching.py):
- Creates test audits with matching criteria
- Runs collaboration matching algorithm
- Verifies matches saved to database
All unit tests pass (12/12).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Created templates/it_audit.html for /audit/it/<slug> route that displays:
- Overall score with circular progress indicator
- Security, collaboration, completeness metrics
- Technology stack summary (Azure AD, M365, EDR, MFA, etc.)
- Collaboration flags (shared licensing, backup replication, etc.)
- Recommendations section
- Empty state when no audit data exists
Follows SEO audit template pattern for consistency.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add user-facing IT audit dashboard route following the pattern of existing
SEO and GBP audit dashboards:
- Route: /audit/it/<slug>
- Access control: admin can view any company, members only their own
- Returns latest IT audit data with scores, technology flags, and recommendations
- Renders it_audit.html template
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add API endpoint for getting IT audit collaboration matches for a company.
- Admin-only access (matches are not visible to regular users per spec)
- Returns all matches where company is either party A or B
- Includes partner company info, match type/score/reason, status
- Follows existing API patterns (login_required, try/finally, jsonify)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implemented POST endpoint at /it-audit/save that:
- Accepts JSON or form data with IT audit fields
- Validates company access (admin for any, users for their own)
- Parses boolean, array, and string fields with proper type handling
- Uses ITAuditService to save audit with scoring calculation
- Returns JSON with audit scores and redirect URL
- Includes rate limiting (30 per hour)
- Handles errors with rollback and logging
Added helper function _parse_it_audit_form_data() to properly parse:
- Boolean fields (checkboxes)
- Array fields (multi-select)
- String fields
- JSON fields (zabbix_integration)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add Flask route for IT audit form display:
- GET /it-audit/form with optional company_id query parameter
- Access control: admin can access any company, users only their own
- Defaults to current user's company if no company_id provided
- Pre-fills form with existing audit data if available
- Renders it_audit_form.html template
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implemented the IT audit admin dashboard route at /admin/it-audit that:
- Checks for admin authentication (is_admin flag)
- Queries all active companies with their latest IT audit data
- Calculates statistics (audit count, avg scores, maturity distribution)
- Provides technology adoption stats (Azure AD, M365, PBS, Zabbix, EDR, DR)
- Queries collaboration flags from IT audits
- Retrieves and organizes collaboration matches by type
- Renders admin/it_audit_dashboard.html template
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
