Commit Graph

8206 Commits

Author SHA1 Message Date
Kevin McConnell 0c2d3cccb1 Merge pull request #2084 from basecamp/disable-ssl-env
Add `DSIABLE_SSL` env option
2025-12-12 09:40:21 +00:00
Kevin McConnell e13565ee70 Merge pull request #2104 from basecamp/remove-unused-include
Remove redundant include
2025-12-12 09:14:15 +00:00
Stanko Krtalić 7b989484f5 Merge pull request #2103 from basecamp/fix-race-condition-on-join-code-redemption
Wrap join code redemption in a lock
2025-12-12 10:03:53 +01:00
Stanko K.R. c8a5d01771 Wrap join code redemption in a lock 2025-12-12 09:59:42 +01:00
Kevin McConnell 8d32a322e9 Remove redundant include
This is no longer needed since af0e2488 removed the streaming of
avatar images.
2025-12-12 08:58:52 +00:00
Stanko Krtalić c43c184691 Merge pull request #2093 from robzolkos/add-qr-codes-controller-test
Add QrCodesController test
2025-12-12 08:11:51 +01:00
Stanko Krtalić 0e70ab18e8 Merge pull request #2102 from basecamp/replace-custom-code-generator-with-base32
Replace custom code generator with Base32
2025-12-12 07:57:10 +01:00
Stanko K.R. a4d11e169f Replace custom code generator with Base32 2025-12-12 07:45:23 +01:00
Stanko Krtalić 23425cb67b Merge pull request #2086 from basecamp/harden-magic-links
Pin sign in attempts to the current session
2025-12-12 07:23:19 +01:00
Stanko K.R. f4ef9c9580 Test that you can't go to the magic link screen without an email 2025-12-12 07:16:07 +01:00
Jeremy Daer 586015c3f9 Bundle drift detection and correction (#2101)
Gemfile.saas evals Gemfile, so shared gems should have identical versions
in both lockfiles. This adds bin/bundle-drift to detect and fix drift:

* `bin/bundle-drift check` compares shared gem versions
* `bin/bundle-drift correct` seeds Gemfile.lock from Gemfile.saas.lock
  and re-locks, letting Bundler prune SaaS-only gems while preserving
  shared versions

Adds drift check to bin/ci and GitHub CI. Corrects existing drift.
2025-12-11 21:32:34 -08:00
Ítalo Matos 2e33262960 Refactor: Use Rails range syntax in ActivitySpike query (#2080)
Replace SQL string syntax with Rails range syntax for date filtering
in the ActivitySpike::Detector. This improves code readability and
follows Rails idioms.

Changed from:
  .where("created_at >= ?", recent_period.seconds.ago)

To:
  .where(created_at: recent_period.seconds.ago..)

This modernizes the codebase while maintaining the same functionality.
2025-12-11 20:40:31 -08:00
Javier Valencia 8f68e13707 Fix indentation in multi_db.rb initializer (#2082) 2025-12-11 20:37:28 -08:00
Anthony f2a2878382 Fix typo in translate property in card columns CSS (#2090)
Rename incorrect CSS property from `translaate` to `translate`
2025-12-11 20:36:54 -08:00
Ítalo Matos 0833c52aa0 Refactor: use idiomatic .last instead of .order(:desc).first (#2098)
Simplifies the last_event method in ActivitySpike::Detector by using
the more idiomatic Rails pattern .order(:created_at).last instead of
.order(created_at: :desc).first. Both generate the same SQL query but
.last is more readable and conventional in Rails codebases.
2025-12-11 20:35:38 -08:00
Jeremy Daer 2e17b78e08 bin/bundle-both (#2100)
Convenience for bundling both OSS and SaaS in lock-step:
```bash
> bin/bundle-both install

▸ OSS: Gemfile
bundle install
Bundle complete! 45 Gemfile dependencies, 161 gems now installed.
Use `bundle info [gemname]` to see where a bundled gem is installed.

▸ SaaS: Gemfile.saas
bundle install
Bundle complete! 63 Gemfile dependencies, 187 gems now installed.
Use `bundle info [gemname]` to see where a bundled gem is installed.
```
2025-12-11 20:26:06 -08:00
Jankees van Woezik 78fc80cf35 API: Allow updates to last_active_at (#2076)
* Allow Card#last_updated_at to be set

This is useful when doing an import from another system. I'm currently
working on a script to import our Github issues into Fizzy.

This is discussed in
https://github.com/basecamp/fizzy/pull/2056#discussion_r2609560246

* Add nil fallback and expand test coverage for last_active_at

Adds a safety fallback to Time.current if created_at is unexpectedly nil
during card creation.

Test coverage to verify:
* last_active_at defaults to created_at when not provided
* last_active_at can be updated via API on existing cards
* import workflow where last_active_at is restored after comments
* publishing doesn't overwrite explicit last_active_at values

---------

Co-authored-by: Jeremy Daer <jeremy@37signals.com>
2025-12-11 19:06:03 -08:00
Jason Zimdars eeb016c934 Merge pull request #2055 from xakpc/hotfix/wider-support-for-fonts
hotfix: Expand font stack for better cross-OS support
2025-12-11 20:16:50 -06:00
Jason Zimdars c6efed854e Merge pull request #2088 from robzolkos/fix-view-transition-typo
Fix view-transition-name typo in public card show
2025-12-11 20:12:12 -06:00
Jason Zimdars 7d6b316f77 Merge pull request #2094 from robzolkos/fix-duplicate-use-word
Fix duplicate word: use use → use
2025-12-11 20:08:39 -06:00
Jason Zimdars 6fc4845d62 Merge pull request #2095 from robzolkos/fix-minutes-typo
Fix typo: minues → minutes
2025-12-11 20:07:29 -06:00
Jason Zimdars b21ed270dc Merge pull request #2092 from basecamp/text-update-for-entropy
Fix typo in _entropy.html.erb
2025-12-11 20:06:40 -06:00
Jason Zimdars 0dccd7e19c Move email address into hint line 2025-12-11 19:31:20 -06:00
Matthew Kent eb06884ea7 Bump fizzy-saas to pickup another staging change. 2025-12-11 16:19:06 -08:00
Mike Dalessio 2716368769 Remove the rails credentials from .gitattributes
because they make historical diffs very slow when searching history
with git pickaxe et al
2025-12-11 17:28:22 -05:00
Rob Zolkos cbcd433ad8 Fix typo: minues → minutes 2025-12-11 14:36:20 -05:00
Rob Zolkos 3ef7ef5110 Fix duplicate word: use use → use 2025-12-11 14:00:10 -05:00
Rob Zolkos 9ca5e792f1 Add QrCodesController test 2025-12-11 13:51:18 -05:00
Brian Bailey f193f47376 Fix typo in _entropy.html.erb 2025-12-11 13:50:34 -05:00
Stanko K.R. 8a66369d64 Show the email address you are signing in with 2025-12-11 19:18:01 +01:00
Stanko K.R. abaed12124 Prohibit access to magic links unless an email address 2025-12-11 19:17:39 +01:00
Mike Dalessio cd487a7409 Merge pull request #2091 from basecamp/flavorjones/fix-redirect-from-active-storage-controllers
Explicitly use main_app for URL helpers
2025-12-11 13:07:44 -05:00
Stanko K.R. b6edb93c47 Pin sign in attempts to the current session
This makes it way more difficult to brute-force a magic link.

Original implementation by udiudi. Ref: https://github.com/udiudi/fizzy/pull/1/files

Discussion: https://github.com/basecamp/fizzy/discussions/1981

Co-Authored-By: Udi <udi@udi.codes>
2025-12-11 19:05:54 +01:00
Mike Dalessio 679a073c6b Add test coverage for the require_unauthenticated_access redirect 2025-12-11 13:02:54 -05:00
Mike Dalessio 3d523b84fc Explicitly use main_app for URL helpers
in controller concerns that are mixed into other engines' controllers. This prevents errors like:

> NoMethodError: undefined method 'session_menu_url' for an instance of ActiveStorage::DirectUploadsController

See also 912bb8a8 and 5ee10800
2025-12-11 12:55:32 -05:00
Fernando Álvarez ef3c49d9ad Bump fizzy-saas
Related to updating URL on staging environment.
2025-12-11 18:26:01 +01:00
Zoltan Hosszu 761fd8ccfb Make list style same for every indentation
Adds 'list-style: disc' to ordered and unordered lists in rich-text-content.css to ensure consistent bullet styling.
2025-12-11 18:11:50 +01:00
Jason Zimdars 2a17976f9c Merge pull request #1972 from viniciussoares/fix/auto-close-knob-bug-ios-safari
Fix auto-close knob showing range thumb on iOS Safari
2025-12-11 11:05:25 -06:00
Rob Zolkos 5dab9f8a3c Fix view-transition-name typo in public card show
Note: This transition name isn't paired with any other element,
so could be removed entirely if not planned for future use.
2025-12-11 11:42:30 -05:00
Kevin McConnell 154a3d79ee Add DSIABLE_SSL env option
`assume_ssl` and `force_ssl` are often used together:

- When running behind a terminating proxy (including Thruster) you'll
  want both.
- When running without SSL (like on localhost) you'll want neither.

To simplify setup for those cases, we add the `DISABLE_SSL` option. When
set to `true` all SSL-related behaviour is turned off. When left as the
default, it's on.

We can still use `ASSUME_SSL` and `FORCE_SSL` to set those separately
if required.
2025-12-11 16:11:18 +00:00
Kevin McConnell ddf4d2454d Merge pull request #2085 from basecamp/gemfile-lock-fix
Update Gemfile.saas.lock
2025-12-11 16:10:54 +00:00
Andy Smith 00d870c502 Merge pull request #2061 from nqst/blank-slates-updates
Blank slate adjustments
2025-12-11 10:08:56 -06:00
Kevin McConnell 4edd49374a Update Gemfile.saas.lock
To bring in line with change in [36419c3600]
2025-12-11 16:04:55 +00:00
Jason Zimdars 1e59bc9f6f Merge pull request #2023 from basecamp/theme-switcher-revised
Theme switcher revised
2025-12-11 09:46:11 -06:00
Jason Zimdars 941ce1f775 Need to use has*Target to check for optional static targets to prevent console errors 2025-12-11 09:38:34 -06:00
Jason Zimdars 2a0cf4efe9 Turn #theme into a proper setter 2025-12-11 09:31:12 -06:00
Jason Zimdars 21586291fa Prefer normal if/else conditional 2025-12-11 08:59:13 -06:00
Thiago Youssef 36419c3600 Bump rails version to remove svg renderer patch (#2081) 2025-12-11 15:15:54 +01:00
Kevin McConnell 193a28f6c8 Merge pull request #2035 from harisadam/single_tenant
Add env-configurable option to disable public signups
2025-12-11 13:08:19 +00:00
Kevin McConnell 05d176cc31 Test that sign in respects single tenant state 2025-12-11 12:49:03 +00:00