v1.2.6j - feat: signature builder overhaul, MFA, Google OAuth redirect, template signature preview

Signature Builder (components/SignatureBuilder.tsx):
- Rich-text paste import: replaced textarea with contenteditable div that
  captures clipboard text/html for direct Gmail/Outlook signature paste
- Auto-import on paste with field auto-fill, stays in builder mode for editing
- Header/banner image: new headerImageUrl field with S3 upload, full-width
  cover photo rendering at top of all 12 signature templates via wrapperStart
- Banner height slider (60-200px) with live preview
- Website link display text: users can set different display label vs actual URL
- Fixed Icons8 icon mapping (mail→new-post, globe→globe--v1) for proper
  contact icon rendering across all templates
- Increased client-side upload limit to 2MB with clear error messaging

Outreach Template Preview (app/api/outreach/preview/template/route.ts):
- Template previews in FirstContactWizard now show the user's actual saved
  signature from the DB instead of a generic "Jordan Mitchell" placeholder
- Fallback chain: client → brand → user's saved signature → default

Google OAuth (app/api/google/callback/route.ts):
- Redirect after OAuth now goes to /profile?tab=integration&google=connected
  instead of /en/crm/leads, fixing both the redirect and persistence issues

MFA & Auth:
- LoginComponent.tsx: MFA sign-in flow updates
- MfaSettings.tsx: profile MFA settings updates
- lib/mfa-utils.ts: MFA utility changes

Author: GenRevo89

app/(auth)/sign-in/components/LoginComponent.tsx

@@ -210,7 +210,8 @@ export function LoginComponent() {
       const options = res.data;
 
       // 2. Trigger browser biometric prompt
-      const asseResp = await startAuthentication(options);
+      // v13: startAuthentication expects { optionsJSON }
+      const asseResp = await startAuthentication({ optionsJSON: options });
 
       // 3. Verify with backend
       const verifyRes = await axios.post("/api/auth/mfa/webauthn/auth-verify", {

app/(routes)/profile/components/MfaSettings.tsx

@@ -1,6 +1,7 @@
 "use client";
 
 import { useState, useEffect } from "react";
+import { useRouter } from "next/navigation";
 import { Button } from "@/components/ui/button";
 import { Card, CardContent, CardDescription, CardFooter, CardHeader, CardTitle } from "@/components/ui/card";
 import { Badge } from "@/components/ui/badge";
@@ -16,11 +17,27 @@ interface MfaSettingsProps {
 
 export function MfaSettings({ user }: MfaSettingsProps) {
     const { toast } = useToast();
+    const router = useRouter();
     const [loading, setLoading] = useState(false);
     const [mfaData, setMfaData] = useState<any>(null);
     const [setupStep, setSetupStep] = useState<"idle" | "totp" | "sms" | "webauthn">("idle");
     const [totpCode, setTotpCode] = useState("");
-    const [isMfaEnabled, setIsMfaEnabled] = useState(user.mfaEnabled);
+    const [isMfaEnabled, setIsMfaEnabled] = useState(user.mfaEnabled ?? false);
+    const [mfaMethod, setMfaMethod] = useState<string>(user.mfaMethod ?? "NONE");
+
+    // Fetch fresh MFA status on mount to handle cases where server prop is stale
+    useEffect(() => {
+        const fetchStatus = async () => {
+            try {
+                const res = await axios.get("/api/user/mfa/status");
+                setIsMfaEnabled(res.data.mfaEnabled);
+                setMfaMethod(res.data.mfaMethod || "NONE");
+            } catch {
+                // Fall back to server-provided value
+            }
+        };
+        fetchStatus();
+    }, []);
 
     const fetchMfaSetup = async (type: string) => {
         setLoading(true);
@@ -32,13 +49,15 @@ export function MfaSettings({ user }: MfaSettingsProps) {
             } else if (type === "webauthn") {
                 const res = await axios.get("/api/user/mfa/webauthn/register-options");
                 const options = res.data;
-                const attResp = await startRegistration(options);
+                const attResp = await startRegistration({ optionsJSON: options });
                 await axios.post("/api/user/mfa/webauthn/register-verify", {
                     body: attResp,
                     currentOptions: options
                 });
                 toast({ title: "Success", description: "Biometric authentication registered successfully." });
                 setIsMfaEnabled(true);
+                setMfaMethod("WEBAUTHN");
+                router.refresh();
             }
         } catch (error: any) {
             toast({
@@ -61,8 +80,10 @@ export function MfaSettings({ user }: MfaSettingsProps) {
             });
             toast({ title: "MFA Enabled", description: "TOTP Authentication is now active." });
             setIsMfaEnabled(true);
+            setMfaMethod("TOTP");
             setSetupStep("idle");
             setTotpCode("");
+            router.refresh();
         } catch (error: any) {
             toast({
                 variant: "destructive",
@@ -80,6 +101,8 @@ export function MfaSettings({ user }: MfaSettingsProps) {
             await axios.post("/api/user/mfa/disable");
             toast({ title: "MFA Disabled", description: "Your account is now less secure." });
             setIsMfaEnabled(false);
+            setMfaMethod("NONE");
+            router.refresh();
         } catch (error) {
             toast({ variant: "destructive", title: "Error", description: "Failed to disable MFA." });
         } finally {
@@ -101,8 +124,13 @@ export function MfaSettings({ user }: MfaSettingsProps) {
                         </div>
                     </div>
                     {isMfaEnabled ? (
-                        <div className="bg-emerald-500/10 text-emerald-400 border border-emerald-500/20 px-3 py-1 rounded-full text-xs font-semibold flex items-center">
-                            <CheckCircle2 className="h-3 w-3 mr-1" /> Protected
+                        <div className="bg-emerald-500/10 text-emerald-400 border border-emerald-500/20 px-3 py-1 rounded-full text-xs font-semibold flex items-center gap-1">
+                            <CheckCircle2 className="h-3 w-3" /> Protected
+                            {mfaMethod && mfaMethod !== "NONE" && (
+                                <span className="text-emerald-500/60 ml-1">
+                                    ({mfaMethod === "TOTP" ? "Authenticator" : mfaMethod === "WEBAUTHN" ? "Passkey" : mfaMethod})
+                                </span>
+                            )}
                         </div>
                     ) : (
                         <Badge variant="destructive" className="bg-red-500/10 text-red-400 border-red-500/20 px-3 py-1">
@@ -192,7 +220,38 @@ export function MfaSettings({ user }: MfaSettingsProps) {
                 ) : null}
 
                 {isMfaEnabled && setupStep === "idle" && (
-                    <div className="mt-8 pt-6 border-t border-white/5">
+                    <div className="mt-8 pt-6 border-t border-white/5 space-y-4">
+                        {/* Reset MFA */}
+                        <div className="flex items-center justify-between p-4 bg-amber-500/5 rounded-xl border border-amber-500/10">
+                            <div>
+                                <h4 className="text-sm font-bold text-amber-400 uppercase tracking-widest">Reset Method</h4>
+                                <p className="text-xs text-muted-foreground mt-1">Switch to a different authentication method or regenerate your current one.</p>
+                            </div>
+                            <Button
+                                variant="outline"
+                                size="sm"
+                                className="border-amber-500/30 text-amber-400 hover:bg-amber-500/10"
+                                onClick={async () => {
+                                    setLoading(true);
+                                    try {
+                                        await axios.post("/api/user/mfa/disable");
+                                        setIsMfaEnabled(false);
+                                        setMfaMethod("NONE");
+                                        toast({ title: "MFA Reset", description: "Choose a new authentication method below." });
+                                        // Keep setupStep as idle — the method cards will now show since isMfaEnabled is false
+                                    } catch {
+                                        toast({ variant: "destructive", title: "Error", description: "Failed to reset MFA." });
+                                    } finally {
+                                        setLoading(false);
+                                    }
+                                }}
+                                disabled={loading}
+                            >
+                                {loading && <Loader2 className="h-4 w-4 mr-2 animate-spin" />}
+                                Reset MFA
+                            </Button>
+                        </div>
+                        {/* Disable MFA */}
                         <div className="flex items-center justify-between p-4 bg-red-500/5 rounded-xl border border-red-500/10">
                             <div>
                                 <h4 className="text-sm font-bold text-red-400 uppercase tracking-widest">Danger Zone</h4>

app/api/outreach/preview/template/route.ts

@@ -72,6 +72,16 @@ export async function POST(req: Request) {
             } catch { }
         }
 
+        // Fetch the user's saved signature from their profile
+        let userSignature: string | undefined;
+        try {
+            const user = await prismadb.users.findUnique({
+                where: { id: session.user.id },
+                select: { signature_html: true },
+            });
+            if (user?.signature_html) userSignature = user.signature_html as string;
+        } catch { }
+
         const baseUrl = process.env.NEXTAUTH_URL || "";
 
         const brandColorHex = (body.props?.brand?.accentColor || brandColor || "#1f2937").replace("#", "");
@@ -93,7 +103,7 @@ export async function POST(req: Request) {
             subjectPreview: body.props?.subjectPreview || "Exploring Partnership Opportunities",
             bodyText: body.props?.bodyText || DEFAULT_PREVIEW_BODY,
             resources: resolvedResources,
-            signatureHtml: body.props?.signatureHtml || brandSignature || DEFAULT_SIGNATURE,
+            signatureHtml: body.props?.signatureHtml || brandSignature || userSignature || DEFAULT_SIGNATURE,
             brand: {
                 accentColor: body.props?.brand?.accentColor || brandColor,
                 secondaryColor: body.props?.brand?.secondaryColor || undefined,

app/api/user/mfa/status/route.ts

@@ -0,0 +1,29 @@
+import { NextResponse } from "next/server";
+import { getServerSession } from "next-auth";
+import { authOptions } from "@/lib/auth";
+import { prismadb } from "@/lib/prisma";
+
+export async function GET() {
+    const session = await getServerSession(authOptions);
+
+    if (!session?.user?.id) {
+        return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+    }
+
+    const user = await prismadb.users.findUnique({
+        where: { id: session.user.id },
+        select: {
+            mfaEnabled: true,
+            mfaMethod: true,
+        },
+    });
+
+    if (!user) {
+        return NextResponse.json({ error: "User not found" }, { status: 404 });
+    }
+
+    return NextResponse.json({
+        mfaEnabled: user.mfaEnabled,
+        mfaMethod: user.mfaMethod,
+    });
+}

components/SignatureBuilder.tsx

@@ -91,6 +91,7 @@ interface SignatureData {
   websiteDisplayText: string;
   profileImage: string;
   companyLogoUrl: string;
+  headerImageUrl: string;
   companyTagline: string;
   accentColor: string;
   template: "professional" | "modern" | "minimalist" | "elegant" | "creative" | "banner" | "corporate" | "compact" | "tech" | "classic" | "social" | "dense";
@@ -105,6 +106,7 @@ interface SignatureData {
   contactIconSize: number;
   contactFieldsOrder: ("phone" | "email" | "website")[];
   showSeparator: boolean;
+  headerImageHeight: number;
 }
 
 interface SignatureBuilderProps {
@@ -181,8 +183,14 @@ const hexToRgb = (hex: string) => {
 
 const getIconUrl = (name: string, color: string) => {
   const hex = color.replace("#", "");
-  // Map 'twitter' to 'twitterx' for Icons8 compatibility
-  const iconName = name === 'twitter' ? 'twitterx' : name;
+  // Map icon names to valid Icons8 icon identifiers
+  const iconMap: Record<string, string> = {
+    phone: 'phone',
+    mail: 'new-post',
+    globe: 'globe--v1',
+    twitter: 'twitterx',
+  };
+  const iconName = iconMap[name] || name;
   return `https://img.icons8.com/ios-filled/50/${hex}/${iconName}.png`;
 };
 
@@ -230,6 +238,7 @@ const SignatureBuilder: React.FC<SignatureBuilderProps> = ({ hasAccess = true, b
     websiteDisplayText: "",
     profileImage: "",
     companyLogoUrl: "https://storage.googleapis.com/tgl_cdn/images/Medallions/TUC.png",
+    headerImageUrl: "",
     companyTagline: "Simple Choices. Complex Outcomes.",
     accentColor: DEFAULT_COLOR,
     template: "professional",
@@ -244,6 +253,7 @@ const SignatureBuilder: React.FC<SignatureBuilderProps> = ({ hasAccess = true, b
     contactIconSize: 15,
     contactFieldsOrder: ["phone", "email", "website"],
     showSeparator: true,
+    headerImageHeight: 120,
   });
 
   const [saving, setSaving] = useState(false);
@@ -416,7 +426,7 @@ const SignatureBuilder: React.FC<SignatureBuilderProps> = ({ hasAccess = true, b
   };
 
   // Handler: Image Upload
-  const handleImageUpload = async (file: File, field: "profileImage" | "companyLogoUrl") => {
+  const handleImageUpload = async (file: File, field: "profileImage" | "companyLogoUrl" | "headerImageUrl") => {
     // Client-side size check: 2MB max
     const MAX_FILE_SIZE = 2 * 1024 * 1024;
     if (file.size > MAX_FILE_SIZE) {
@@ -428,7 +438,7 @@ const SignatureBuilder: React.FC<SignatureBuilderProps> = ({ hasAccess = true, b
       // SPECIAL HANDLING FOR COMPANY LOGO:
       // Upload RAW to preserve transparency perfectly for all formats (PNG, WebP, GIF, etc).
       // This fixes the issue where logos were getting black backgrounds or artifacts.
-      if (field === "companyLogoUrl") {
+      if (field === "companyLogoUrl" || field === "headerImageUrl") {
         const formData = new FormData();
         formData.append("file", file); // Upload raw file
 
@@ -437,7 +447,7 @@ const SignatureBuilder: React.FC<SignatureBuilderProps> = ({ hasAccess = true, b
 
         if (res.ok && json?.document?.document_file_url) {
           startUpdate(field, json.document.document_file_url);
-          toast.success("Logo uploaded!");
+          toast.success(field === "headerImageUrl" ? "Header image uploaded!" : "Logo uploaded!");
           return json.document.document_file_url;
         } else {
           throw new Error(json?.error || "Upload failed");
@@ -782,7 +792,7 @@ const SignatureBuilder: React.FC<SignatureBuilderProps> = ({ hasAccess = true, b
     }
     const {
       firstName, lastName, title, department, phone, email, website,
-      profileImage, companyLogoUrl, companyTagline, accentColor,
+      profileImage, companyLogoUrl, headerImageUrl, companyTagline, accentColor,
       template, socialLinks, textColor, backgroundColor, highlightLastName, transparentBackground, medallions, imageShape, contactIconSize
     } = data;
 
@@ -831,10 +841,22 @@ const SignatureBuilder: React.FC<SignatureBuilderProps> = ({ hasAccess = true, b
     const displayTitle = title.replace(/\n/g, '<br/>');
     const displayDepartment = department.replace(/\n/g, '<br/>');
 
+    // Social-media-style banner header — wide cover image at top, templates render content below
+    const bannerHeight = data.headerImageHeight || 120;
+    const headerHtml = headerImageUrl ? `
+      <table cellpadding="0" cellspacing="0" border="0" style="width: 100%; max-width: 600px; border-collapse: collapse; margin-bottom: 0;">
+        <tr>
+          <td style="padding: 0;">
+            <img src="${headerImageUrl}" style="display: block; width: 100%; max-width: 600px; height: ${bannerHeight}px; object-fit: cover; border-radius: 8px 8px 0 0;" alt="Banner" />
+          </td>
+        </tr>
+      </table>
+    ` : '';
+
     // Wrapper style for background color
     const bgColorStyle = transparentBackground ? 'background-color: transparent;' : `background-color: ${backgroundColor};`;
     const wrapperStyle = `${bgColorStyle} padding: 20px;`;
-    const wrapperStart = `<div style="${wrapperStyle}">`;
+    const wrapperStart = `<div style="${wrapperStyle}">${headerHtml}`;
     const wrapperEnd = `</div>`;
 
     // Social Icons HTML
@@ -1631,6 +1653,68 @@ const SignatureBuilder: React.FC<SignatureBuilderProps> = ({ hasAccess = true, b
                               </div>
                             </div>
                           )}
+
+                          {/* Header / Banner Image — social-media-style cover photo */}
+                          <div className="space-y-3 pt-2">
+                            <div>
+                              <Label>Header / Banner Image</Label>
+                              <p className="text-xs text-muted-foreground">Add a social-media-style cover photo above your signature. Profile photo will overlap it automatically.</p>
+                            </div>
+                            <div className="flex items-start gap-6">
+                              <div className="shrink-0">
+                                <div className="w-40 h-20 rounded bg-muted border-2 border-dashed border-gray-600 flex items-center justify-center overflow-hidden relative group">
+                                  {data.headerImageUrl ? (
+                                    <img src={data.headerImageUrl} alt="Header" className="w-full h-full object-cover" />
+                                  ) : (
+                                    <div className="flex flex-col items-center gap-1">
+                                      <ImageIcon className="w-5 h-5 text-muted-foreground" />
+                                      <span className="text-[10px] text-muted-foreground">Cover Photo</span>
+                                    </div>
+                                  )}
+                                  <label className="absolute inset-0 bg-black/50 flex items-center justify-center opacity-0 group-hover:opacity-100 transition-opacity cursor-pointer">
+                                    <Upload className="w-5 h-5 text-white" />
+                                    <input type="file" className="hidden" accept="image/*" onChange={(e) => {
+                                      const file = e.target.files?.[0];
+                                      if (file) handleImageUpload(file, "headerImageUrl");
+                                    }} disabled={uploading} />
+                                  </label>
+                                </div>
+                              </div>
+                              <div className="flex-1 space-y-2">
+                                <Input value={data.headerImageUrl} onChange={(e) => startUpdate("headerImageUrl", e.target.value)} placeholder="https://... or upload" />
+                                {data.headerImageUrl && (
+                                  <Button variant="ghost" size="sm" className="text-xs text-destructive" onClick={() => startUpdate("headerImageUrl", "")}>
+                                    <Trash2 className="w-3 h-3 mr-1" /> Remove
+                                  </Button>
+                                )}
+                              </div>
+                            </div>
+
+                            {/* Banner Height Slider — only visible when header image is set */}
+                            {data.headerImageUrl && (
+                              <div className="space-y-2 pt-2">
+                                <div className="flex items-center justify-between">
+                                  <Label className="text-sm">Banner Height</Label>
+                                  <span className="text-sm font-bold text-primary bg-primary/10 px-2 py-0.5 rounded-md border border-primary/20">
+                                    {data.headerImageHeight}px
+                                  </span>
+                                </div>
+                                <input
+                                  type="range"
+                                  min="60"
+                                  max="200"
+                                  step="5"
+                                  value={data.headerImageHeight}
+                                  onChange={(e) => startUpdate("headerImageHeight", Number(e.target.value))}
+                                  className="w-full h-2 bg-muted rounded-lg appearance-none cursor-pointer accent-primary"
+                                />
+                                <div className="flex justify-between text-[10px] text-muted-foreground uppercase tracking-widest font-semibold px-1">
+                                  <span>Compact</span>
+                                  <span>Tall</span>
+                                </div>
+                              </div>
+                            )}
+                          </div>
                         </div>
                       )}