Commit Graph

138 Commits

Author SHA1 Message Date
Stanko K.R. 017bcc9ce1 Polish up Passkey interface
- Fix indentation
- Split awkward initializer into separate methods
- Rename credentials to passkeys
- Simplify authenticator registry loading
- Flatten nested errors under ActionPack::WebAuthn
- Set passkey current params only requests that use it
- Inline anemic methods
- Replace custom validation with ActiveModel::Validation
- Rename identity to holder in Passkey
- Rename credentials to passkeys in JS
- Extract framework library out of controllers
- Pass params hashes down to ActionPack
- Attempt to simplify public interface
- Push data decoding down to the classes representing the data
- Introduce has_passkeys
- Add CBOR bigint support
- Rename ActionPack::WebAuthn::Passkey to ActionPack::Passkey
- Add create_passkey_button helper
- Rename public-key to creation-options
- Add sign_in_with_passkey_button helper
- Dispatch events for the whole Passkey lifecycle
- Add ED25519 support
- Prevent crash on missing meta tag
- Validate resident key options
- Don't clobber existing ActionPack config options
- Validate cryptographic params
- Move CurrentWebAuthnRequest into ActionPack::Passkey
- Use ActiveModel::Attributes for Options objects
- Implement expiring challanges
- Add lifecycle events
- Extract param helpers into Request
- Add passkey_creation_options and passkey_request_options helpers
- Add create_passkey_challenge to make it easier to override the create method if needed
- Prefix all view helpers with passkey_
- Auto-include ActionPack::Passkey::Holder
- Make the passkey challange url configurable
- Add a reminder about Passkeys to the magic link email
2026-03-18 11:51:10 +01:00
Andy Smith f4fbe17b22 Nicer passkey styles 2026-03-18 11:51:09 +01:00
Andy Smith ee7fc3495d Move passkeys button below profile area 2026-03-18 11:51:09 +01:00
Stanko K.R. fbe9252db1 Auto-suggest name for new Passkeys
- Use plain client data json everywhere
- Expose AAGUID and backed_up on Credentials
- Make attestation verifiers configurable
- Auto-suggest names for passkeys and show icons
2026-03-18 11:49:59 +01:00
Stanko K.R. da69039476 Implement Passkey authentication 2026-03-18 11:49:23 +01:00
Andy Smith 70c19e4881 Style polish 2026-03-18 11:49:23 +01:00
Stanko K.R. 6c58fd9bdd Implement Passkey registration
- Create Identity credentials
- Add management UI and registration flow
2026-03-18 11:48:52 +01:00
Rosa Gutierrez 1c2de6ca79 Clear offline cache on sign-in as well as sign-out
Rename logout controller to clear-offline-cache and attach it to the
magic link verification form so the service worker cache is cleared
when a different user signs in.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-10 10:20:54 +01:00
Rosa Gutierrez a949f1e3ae Clear offline cache when logging out
Adds a logout Stimulus controller that sends a message to the service
worker to clear all cached content when the user logs out. This ensures
that cached data from one user isn't accessible after logout.

The implementation:
- Adds logout_controller.js that posts { action: "clearCache" } to the
  service worker via postMessage
- Updates logout buttons to use the controller on form submission

Also fixes data-turbo placement: moved from button to form element where
it actually takes effect for disabling Turbo Drive form submissions.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-03-10 10:20:54 +01:00
Adrien Maston 8a2a93563d Remove fixed panel size 2026-03-04 10:51:29 +01:00
Adrien Maston c606a9f40c Remove fixed panel size 2026-03-03 10:59:23 +01:00
Alp Keser 610cf7a190 Merge pull request #2398 from basecamp/notifications-tray-api
Add JSON response support for `notifications/tray`
2026-02-18 13:19:59 +03:00
Andy Smith eee93cb17d Merge pull request #2553 from basecamp/apostrophe-fix
Use the correct apostrophe character
2026-02-16 10:12:50 -06:00
Andy Smith 26c380448b Use the correct apostrophe character 2026-02-16 10:03:53 -06:00
Denis Švara af2efe6d76 Add avatar_url to the shared user JSON partial. 2026-02-12 14:55:34 +03:00
Alexander Zaytsev 8855d7408f Merge branch 'main' into dialog-ux-improvements 2026-02-05 17:46:33 +01:00
Adrien Maston a6a20fa56e Merge branch 'main' into mobile/hide-sections-from-apps
* main: (65 commits)
  Fix crash due to missing ActiveStorage URL options
  Capture backtrace of nested errors
  Remove debug code
  Add more debug info
  Pass all service options
  Prevent duplicate files in user data export
  Write in binmode
  Replace custom IO object with a transport manager IO
  Explain imports & exports
  Add missing method to IO object
  Rename jobs
  Finishing touches
  Delete accounts for failed imports
  Check that associations don't exist
  Bust the cache after import
  Explicitly use the default storage service
  Fix ActiveStorage writing to disk
  Fix crash on successful import email
  Fix orphaned attachments when deleting the whole account
  Add size to remote io
  ...
2026-02-03 10:49:16 +01:00
Adrien Maston 88d99e58bc Hide appearance/devices/developer panel on profile page 2026-02-02 17:30:12 +01:00
Andy Smith 5278b8e5fd Touch up the Download Export page 2026-02-02 12:36:48 +01:00
Andy Smith 60787a00ef Touch up export modals 2026-02-02 12:36:48 +01:00
Andy Smith e892b74cf2 Simplify settings layout and correct h2 levels 2026-02-02 12:36:48 +01:00
Stanko K.R. 19ae555c2e Convert Account::SingleUserExport to User::DataExport 2026-02-02 12:36:48 +01:00
Alexander Zaytsev 09f9b7fb45 Adjust copy in QR code dialogs 2026-01-26 21:59:04 +01:00
Alexander Zaytsev 850762cd4e Replace [x] button with Done button 2026-01-26 21:54:36 +01:00
Alexander Zaytsev 0d4f4c831e Make QR dialogs smaller on desktop 2026-01-26 21:54:01 +01:00
Rosa Gutierrez 527ffc42b9 Use relative URLs where possible across all the app
Skipping API responses, where we need absolute URLs, and those that are
intended for sharing or external use:

- account/join_codes/show.html.erb - Join code URL for sharing
- boards/edit/_publication.html.erb - Publication URL for sharing
- public/* views - Public page URLs and og:url meta tags
- pwa/manifest.json.erb - PWA manifest needs absolute URLs

For this, we had to replace `url_for` used with Active Storage variants
and previews with the specific path helper (for Active Storage
representations).
2026-01-14 11:01:42 +01:00
Kevin McConnell 741eff7bdc Revert "Merge pull request #1865 from basecamp/public-avatar-caching"
This reverts commit c628f14c01, reversing
changes made to 4bafc73236.
2025-12-15 13:07:13 +00:00
Kevin McConnell eec96ff384 Serve own avatar from its own endpoint
This allows us to have different cache controls depending on whether
you're viewing your own avatar, or someone else's. Your own avatar will
always be fresh, while other folks' avatars can be pulled from the CDN.
2025-12-12 09:03:35 +00:00
Rob Zolkos cbcd433ad8 Fix typo: minues → minutes 2025-12-11 14:36:20 -05:00
Jason Zimdars 04d3ac50b2 Clean-up post merge and rework layout to accomodate API and Appearance blocks 2025-12-10 16:46:58 -06:00
Jason Zimdars 6f25b70b7f Merge branch 'main' into theme-switcher-revised 2025-12-10 16:30:36 -06:00
Jason Zimdars 2d359fa230 Clean-up styles and JS controller, use radios 2025-12-10 16:15:45 -06:00
Stanko K.R. 7b30ca203e Add index actions for Comments and Columns
Also, fix crash when a deactivated user is serialized (they don't have
an identity).
2025-12-10 09:23:52 +01:00
Stanko K.R. f3ff0c605e Add pagination to most places and fix cards pagination 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson 9fceef16e9 Fix quoting 2025-12-10 09:23:52 +01:00
Jay Ohms 5ad7b973cb Add API support for users 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson d2bdd13909 Inline anemic partial 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson 88902485e1 Access tokens are strictly personal 2025-12-10 09:23:52 +01:00
Jason Zimdars 073d1af862 List, create, and revoke access tokens 2025-12-10 09:23:52 +01:00
Jason Zimdars 48c83f34b0 Add developer section to user profile 2025-12-10 09:23:52 +01:00
Jason Zimdars 8db6f508bf Merge branch 'main' into theme-switcher-revised 2025-12-08 17:58:46 -06:00
Jason Zimdars 2b99c09089 Rework settings for clarity, separation, and consistency 2025-12-08 17:54:06 -06:00
Jason Zimdars 18c0a78759 Prefer component and utility classes when possible 2025-12-08 17:53:40 -06:00
Bruno Canepa 5175353979 Split svg into files and add a css file 2025-12-08 18:40:27 -03:00
Mike Dalessio 675600af72 Improve presentation of validation errors 2025-12-06 14:57:27 -05:00
Mike Dalessio c388f5ef20 Display validation errors for user profiles.
Specifically this will help people understand why their SVG avatar
uploads are being rejected, and will keep the RecordInvalid exception
out of Sentry logs.
2025-12-06 14:34:08 -05:00
Mike Dalessio 1883473de1 Remove duplication in the list of supported avatar file types 2025-12-06 14:34:08 -05:00
Bruno Canepa 6ae9486b4d add 3 toggle botons 2025-12-06 14:29:49 -03:00
Mike Dalessio fc8ef33332 Show unverified status on user profile page
Display "Unverified" with an explanation instead of the email address
for users who haven't confirmed their identity. Hide the card links
and activity timeline since unverified users won't have any activity.

Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-05 21:51:44 -05:00
Mike Dalessio 4602cd3cdd Add verified_at timestamp to use for spam prevention
User are marked as verified after a join code is redeemed. The user is
redirected to Users::VerificationsController, either:

- after submitting a valid magic link code,
- or immediately after redeeming the join code (if they're already
  authenticated with the correct identity)

Account owners are automatically verified when the account is
created (because they have already provided a magic link code at that
point).

This sets up for later commits that will backfill existing users and
require verification before sending notification emails.

Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-05 21:51:44 -05:00