Skip to content

OAUTH-001C1B: redact Strava callback failures#245

Merged
daliu merged 1 commit into
mainfrom
codex/issue-242-strava-callback-redaction
Jul 14, 2026
Merged

OAUTH-001C1B: redact Strava callback failures#245
daliu merged 1 commit into
mainfrom
codex/issue-242-strava-callback-redaction

Conversation

@daliu

@daliu daliu commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

Outcome

Members now receive one plain, actionable Strava connection failure instead of a provider query or callable error detail.

Closes #242. Canonical tracker: #88.

Scope

  • Issue: OAUTH-001C1B — Redact browser-rendered Strava callback failures #242 / OAUTH-001C1B
  • What changed: both truthy callback error values and rejected exchange values map to We could not connect Strava. Please return to My Account and try again.; the rejected value is never captured, inspected, coerced, rendered, or logged; the error paragraph is an assertive atomic alert.
  • Tests: one focused callback describe was added to the already-scanned Account.test.tsx; the lint inventory did not change.
  • Officer guide: one separately named source-only procedure records safe review, proof, stop, undo, and escalation steps.
  • What did not change: Auth/readiness ordering, missing-code and state checks, server-only exchange call, success replace-navigation, Back-to-account link, URL/history contents, OAuth state design, input bounds, App Check, tokens/scopes/account binding, Firebase, Strava configuration, production data, deployment, or live behavior.
  • Migration impact: none; no schema, role, data, provider, or migration behavior changes.

Officer handoff

  • Officer impact: members receive a fixed next step without provider/query details; this is source only until separately published and verified.
  • Officer documentation: docs/officers/EVENTS_SHOP_MEMBERS.md
  • Approving role: membership lead plus platform/security owner
  • Preview or redacted screenshot: None — synthetic DOM assertions verify the exact fixed output; no callback value or real account was opened or captured.
  • Screenshot checked at: Not applicable
  • Plain-language undo plan: use one reviewed frontend revert or safe roll-forward, then publish and verify that replacement revision separately if the earlier revision was released.
  • Deployment evidence: no release requested; no Firebase deployment, Strava/provider action, production-data action, website publication, or live-member test was performed.

Proof by surface

  • Source changed: exact rebased commit ade71897 on base 378f012 on three claimed paths only
  • Intended old-source red proof: 2 failures showed the raw decoded query canary and rejected Error.message
  • Focused callback/account tests: 27/27 passed
  • Full frontend Jest: 250/250 passed
  • Frontend direct ESLint: passed with zero findings on both TSX paths
  • Frontend lint gate: passed; unchanged 106 files / 123 reviewed legacy errors / 7 reviewed legacy warnings
  • TypeScript no-emit check: passed
  • SPA, CI/release workflow, and artifact-safety checks: 45/45 passed
  • Functions lint: passed
  • Functions unit tests: 1,539 passed / 64 skipped
  • Firestore Rules emulator: 378/378 passed
  • Commerce journal real Firestore emulator: 63/63 passed
  • Diagnostic production build: passed
  • Independent security/privacy review: PASS
  • Independent officer/UX review: PASS
  • Final reviewed diff SHA-256: 1aecb4925eb042091ec2183c3ad5d9611d672f368a511e4d719c673db08f5249
  • Code merged: not yet
  • Website published: not yet
  • Netlify intended commit verified: not yet
  • runmprc.com verified: not yet
  • Firebase deployed: not relevant; no Firebase source changed and no deployment ran
  • Outside provider configured: not relevant; no Strava setting changed
  • Outside provider verified: not yet / no provider call was made
  • Production behavior verified: not yet

Safety review

  • No secrets, recovery codes, private member data, payment data, real callback values, or provider calls are included.
  • Planned/live behavior is marked NOT AVAILABLE YET.
  • Skipped deployments are reported as incomplete, not green/live.
  • No diagram changed because page structure, data movement, permissions, account ownership, and deployment topology are unchanged.
  • The officer guide names the specialist-only source/release evidence and requires no terminal action from an officer.
  • React escaping already prevents markup execution; this fixes privacy disclosure and usable failure wording, not an XSS issue.
  • Residual URL/history, state/replay, bounds, App Check, token/scope, provider, deployment, and live-verification work remains open under STRAVA-001 — Harden and modernize the existing Strava OAuth connection #88.

@netlify

netlify Bot commented Jul 14, 2026

Copy link
Copy Markdown

Deploy Preview for luminous-fox-7c393f ready!

Name Link
🔨 Latest commit ade7189
🔍 Latest deploy log https://app.netlify.com/projects/luminous-fox-7c393f/deploys/6a55dfa47ce0400008cd5ddc
😎 Deploy Preview https://deploy-preview-245--luminous-fox-7c393f.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@daliu daliu force-pushed the codex/issue-242-strava-callback-redaction branch from 5f212e6 to ade7189 Compare July 14, 2026 07:05
@daliu

daliu commented Jul 14, 2026

Copy link
Copy Markdown
Contributor Author

Final review evidence for exact head ade718973b46c769ab8a9a570f14cce9ea50f44d on base 378f012f007698094916b8c01bf4c18dbccf8085:

  • independent security/privacy exact-diff review: PASS
  • independent officer/UX exact-diff review: PASS
  • final diff SHA-256: 1aecb4925eb042091ec2183c3ad5d9611d672f368a511e4d719c673db08f5249
  • hosted CI run 29313390015: all five required jobs passed
  • Netlify result is a deploy preview only; production was not published
  • exact scope remains three claimed paths; disjoint SEC-DOC-001B: correct Functions production audit count #244 SECURITY.md correction is preserved

GitHub still requires a formal second-account review. The project has no separate reviewer account in this session, so this evidence supports the established admin-squash path. No Firebase, Strava/provider, production-data, website-production, or live-member action occurred.

@daliu daliu merged commit e2e1987 into main Jul 14, 2026
9 checks passed
@daliu daliu deleted the codex/issue-242-strava-callback-redaction branch July 14, 2026 07:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

OAUTH-001C1B — Redact browser-rendered Strava callback failures

1 participant