* main: (65 commits)
Fix crash due to missing ActiveStorage URL options
Capture backtrace of nested errors
Remove debug code
Add more debug info
Pass all service options
Prevent duplicate files in user data export
Write in binmode
Replace custom IO object with a transport manager IO
Explain imports & exports
Add missing method to IO object
Rename jobs
Finishing touches
Delete accounts for failed imports
Check that associations don't exist
Bust the cache after import
Explicitly use the default storage service
Fix ActiveStorage writing to disk
Fix crash on successful import email
Fix orphaned attachments when deleting the whole account
Add size to remote io
...
Skipping API responses, where we need absolute URLs, and those that are
intended for sharing or external use:
- account/join_codes/show.html.erb - Join code URL for sharing
- boards/edit/_publication.html.erb - Publication URL for sharing
- public/* views - Public page URLs and og:url meta tags
- pwa/manifest.json.erb - PWA manifest needs absolute URLs
For this, we had to replace `url_for` used with Active Storage variants
and previews with the specific path helper (for Active Storage
representations).
This allows us to have different cache controls depending on whether
you're viewing your own avatar, or someone else's. Your own avatar will
always be fresh, while other folks' avatars can be pulled from the CDN.
Specifically this will help people understand why their SVG avatar
uploads are being rejected, and will keep the RecordInvalid exception
out of Sentry logs.
Display "Unverified" with an explanation instead of the email address
for users who haven't confirmed their identity. Hide the card links
and activity timeline since unverified users won't have any activity.
Co-Authored-By: Claude <noreply@anthropic.com>
User are marked as verified after a join code is redeemed. The user is
redirected to Users::VerificationsController, either:
- after submitting a valid magic link code,
- or immediately after redeeming the join code (if they're already
authenticated with the correct identity)
Account owners are automatically verified when the account is
created (because they have already provided a magic link code at that
point).
This sets up for later commits that will backfill existing users and
require verification before sending notification emails.
Co-Authored-By: Claude <noreply@anthropic.com>