@openparachute/hub 0.5.13-rc.42 → 0.5.13-rc.43

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/package.json +1 -1
  2. package/src/__tests__/oauth-handlers.test.ts +5 -2
  3. package/src/__tests__/oauth-ui.test.ts +7 -2
  4. package/src/oauth-ui.ts +4 -4
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@openparachute/hub",
3
- "version": "0.5.13-rc.42",
3
+ "version": "0.5.13-rc.43",
4
4
  "description": "parachute — the local hub for the Parachute ecosystem (discovery, ports, lifecycle, soon OAuth).",
5
5
  "license": "AGPL-3.0",
6
6
  "publishConfig": {
package/src/__tests__/oauth-handlers.test.ts CHANGED
@@ -209,7 +209,9 @@ describe("handleAuthorizeGet", () => {
209
209
  const res = handleAuthorizeGet(db, req, { issuer: ISSUER });
210
210
  expect(res.status).toBe(200);
211
211
  const html = await res.text();
212
- expect(html).toContain("Authorize");
212
+ // Page h1: "Approve <client>?" per design-system.md §5 verb canon
213
+ // (Workstream I, 2026-05-25 — was "Authorize <client>?").
214
+ expect(html).toContain("Approve");
213
215
  expect(html).toContain("MyApp");
214
216
  expect(html).toContain("vault:read");
215
217
  expect(html).toContain('name="__action" value="consent"');
@@ -4498,8 +4500,9 @@ describe("inline approve button on pending /oauth/authorize (#208)", () => {
4498
4500
  expect(reentryRes.status).toBe(200);
4499
4501
  const consentHtml = await reentryRes.text();
4500
4502
  // Consent screen markers (renderConsent uses these).
4503
+ // Page h1: "Approve <client>?" per design-system.md §5 (was "Authorize").
4501
4504
  expect(consentHtml).toContain('name="__action" value="consent"');
4502
- expect(consentHtml).toContain("Authorize");
4505
+ expect(consentHtml).toContain("Approve");
4503
4506
  expect(consentHtml).toContain("RoundTrip");
4504
4507
  } finally {
4505
4508
  cleanup();
package/src/__tests__/oauth-ui.test.ts CHANGED
@@ -95,7 +95,9 @@ describe("renderConsent", () => {
95
95
  clientName: "MyApp",
96
96
  scopes: ["vault:read", "vault:admin"],
97
97
  });
98
- expect(html).toContain("Authorize");
98
+ // Page h1: "Approve <client>?" per design-system.md §5 verb canon
99
+ // (Workstream I, 2026-05-25 — was "Authorize <client>?").
100
+ expect(html).toContain("Approve");
99
101
  expect(html).toContain("MyApp");
100
102
  expect(html).toContain("client-abc");
101
103
  expect(html).toContain("vault:read");
@@ -485,7 +487,10 @@ describe("renderApprovePending unauthenticated CTAs", () => {
485
487
  approveForm: { csrfToken: CSRF, returnTo: "/oauth/authorize?client_id=client-xyz" },
486
488
  });
487
489
  expect(html).toContain('action="/oauth/authorize/approve"');
488
- expect(html).toContain("Approve and continue");
490
+ // Workstream I, 2026-05-25 — button label "Approve and continue"
491
+ // → "Approve" per design-system.md §5 (Approve is canon; the suffix
492
+ // was verbal noise implying optionality where there is none).
493
+ expect(html).toContain(">Approve</button>");
489
494
  expect(html).not.toContain("Sign in as admin to approve");
490
495
  expect(html).not.toContain("Or send this link to your hub admin");
491
496
  expect(html).not.toContain("parachute auth approve-client");
package/src/oauth-ui.ts CHANGED
@@ -173,7 +173,7 @@ export interface ErrorViewProps {
173
173
  * response to an `/oauth/authorize?...` request, `loginNextUrl`
174
174
  * is that same authorize URL (pathname+search) so the operator
175
175
  * lands BACK on the OAuth flow after sign-in — now authenticated,
176
- * they see the inline "Approve and continue" form, click once,
176
+ * they see the inline "Approve" form, click once,
177
177
  * and the OAuth flow resumes through consent → redirect_uri.
178
178
  * Without this, post-login the operator lands on the SPA approve
179
179
  * page, which approves the client but discards the original
@@ -348,7 +348,7 @@ export function renderConsent(props: ConsentViewProps): string {
348
348
  <span class="brand-mark">⌬</span>
349
349
  <span class="brand-name">Parachute</span>
350
350
  </div>
351
- <h1>Authorize <span class="client-name">${escapeHtml(clientName)}</span>?</h1>
351
+ <h1>Approve <span class="client-name">${escapeHtml(clientName)}</span>?</h1>
352
352
  <p class="subtitle">
353
353
  This app is requesting access to your Parachute account.
354
354
  </p>
@@ -373,7 +373,7 @@ export function renderConsent(props: ConsentViewProps): string {
373
373
  </div>
374
374
  </form>
375
375
  </div>`;
376
- return baseDocument(`Authorize ${clientName}`, body);
376
+ return baseDocument(`Approve ${clientName}`, body);
377
377
  }
378
378
 
379
379
  function renderVaultPicker(picker: VaultPicker): string {
@@ -505,7 +505,7 @@ export function renderApprovePending(props: ApprovePendingViewProps): string {
505
505
  ${renderCsrfHiddenInput(approveForm.csrfToken)}
506
506
  <input type="hidden" name="client_id" value="${escapeHtml(clientId)}" />
507
507
  <input type="hidden" name="return_to" value="${escapeHtml(approveForm.returnTo)}" />
508
- <button type="submit" class="btn btn-primary">Approve and continue</button>
508
+ <button type="submit" class="btn btn-primary">Approve</button>
509
509
  </form>`
510
510
  : renderUnauthenticatedApproveCtas(hubOrigin, clientId, loginNextUrl);
511
511
  const body = `