Commit Graph

93 Commits

Author SHA1 Message Date
Stanko K.R. 635dbb90cb Rename the Import controller to Account::Import 2026-02-02 12:36:48 +01:00
Andy Smith d55aa25f9a Polish the session menu page 2026-02-02 12:36:48 +01:00
Stanko K.R. 161efb0b8e Implement basic imports 2026-02-02 12:36:48 +01:00
Rosa Gutierrez 527ffc42b9 Use relative URLs where possible across all the app
Skipping API responses, where we need absolute URLs, and those that are
intended for sharing or external use:

- account/join_codes/show.html.erb - Join code URL for sharing
- boards/edit/_publication.html.erb - Publication URL for sharing
- public/* views - Public page URLs and og:url meta tags
- pwa/manifest.json.erb - PWA manifest needs absolute URLs

For this, we had to replace `url_for` used with Active Storage variants
and previews with the specific path helper (for Active Storage
representations).
2026-01-14 11:01:42 +01:00
Alexander Zaytsev 6c6a7be607 Balance magic link instructions 2026-01-13 09:51:35 +01:00
Andy Smith 509f0ca305 Consolidate footer text into a shared partial 2026-01-09 11:57:45 -06:00
Andrii Furmanets a84530a97f Add rel noopener to external links 2026-01-07 21:52:20 +02:00
Andy Smith d36f7db7fc uppercase text on magic link input 2025-12-17 14:19:51 -06:00
Jason Zimdars 0dccd7e19c Move email address into hint line 2025-12-11 19:31:20 -06:00
Stanko K.R. 8a66369d64 Show the email address you are signing in with 2025-12-11 19:18:01 +01:00
Kevin McConnell cad1e97e8a Don't need to call this out 2025-12-11 11:20:43 +00:00
Adam Haris eb8655dc8e refactor: use MULTI_TENANT env variable, model concern instead of controller (#accepting_signups?) 2025-12-10 15:14:22 +01:00
Adam Haris fec93e2168 fix typo 2025-12-10 07:14:27 +01:00
Adam Haris 0780b5168f add env variable to disable multi-tenancy 2025-12-09 15:40:01 +01:00
Mike Dalessio 5865d79ed9 Display the verification code in the dev env
This seems better and easier than the console log.
2025-12-06 13:46:13 -05:00
Jeremy Daer 529f5af5f6 CSP adherence: fix magic links console logging (#1989)
* CSP: fix magic link console logging by including nonce in the script tag

* Remove unused back-nav controller

Unused since c0f842427d

Eliminates a potential CSP violation with javascript: URI
2025-12-06 10:08:22 -08:00
Mike Dalessio fa549a370b Add a system test for joining an account
Reworked the magic link stimulus controller, because the system test
was causing double-submission of the form (because the event was
bubbling up). I think that change simplifies the form and will still
work well for iOS devices.
2025-12-05 21:51:44 -05:00
Kevin McConnell 184a827965 Show alert message on login when rate limited
When the auth-related controllers hit rate limits they set an alert in
the flash. But we weren't displaying the flash on the public layout, so
those were never seen.

Changed to surface the alert. But also change the "Try another code"
message to be shake-only instead, to match the current behaviour.
2025-12-03 11:29:42 +00:00
Kevin McConnell cdc1f9b143 Allow typing magic links on mobile
When typing a magic link, rather than pasting it, iOS seems to send
`keydown.enter`, and we weren't submitting the form in that case.

Changed to submit the form in either case, and use the state of the
input target to help guard against double submissions.
2025-12-02 20:09:26 +00:00
Jason Zimdars 8c1d3c6c42 Copy edits 2025-12-02 09:08:57 -06:00
Mike Dalessio 80a6ffc55e Add an expiration note to emails and the magic link page.
ref: https://app.fizzy.do/5986089/cards/3211
2025-12-02 08:41:00 -05:00
Jason Zimdars 235c20f3aa Capitalize sentence 2025-12-01 09:54:57 -06:00
Stanko K.R. e302e79b55 Remove unused view 2025-11-29 11:59:10 +01:00
Stanko K.R. 354dd1e95a Update signup with the design from signin 2025-11-29 11:58:48 +01:00
Jorge Manrubia 4e09352c09 Bring simple signup flow from the fizzy-saas gem
We skip the QB code and we fill external account ids automatically on creation with a sequence

See:
https://github.com/basecamp/fizzy-saas/pull/7
2025-11-28 15:53:58 +01:00
Jason Zimdars 13dce732b2 Fussy punctuation 2025-11-17 17:01:08 -06:00
Jason Fried 8534584052 Small copy adjustment on the new or sign in screen. 2025-11-17 13:14:12 -08:00
Mike Dalessio 6a3135b67a Introduce a simple stimulus controller for the magic link form
which avoids the double-submit problem from:

- https://app.fizzy.do/5986089/cards/2980
- https://app.fizzy.do/5986089/cards/2771
2025-11-17 14:48:20 -05:00
Stanko K.R. 8fa9566c07 Update sign up 2025-11-17 09:12:40 -05:00
Stanko K.R. edf837fed3 Drop memberships 2025-11-17 09:12:39 -05:00
Mike Dalessio d41d50d52b Account.sole → Current.account
and some other de-tenant changes, including removing the controller
tenanting concerns
2025-11-17 09:11:40 -05:00
Jason Zimdars 5668612287 Add icon to public footer 2025-11-12 09:31:06 -06:00
Jason Zimdars 776a8e3c0a Typo 2025-11-11 16:08:27 -06:00
Jason Zimdars bdde877de3 Apply the new hotkey and style to all back buttons
Also updates design for email address change screens
2025-11-11 15:13:30 -06:00
Jason Zimdars 90967374d3 Add for Fizzy and 37signals 2025-11-11 14:18:46 -06:00
Jason Zimdars 1190ae101d Ensure sign-in screens adapt on mobile 2025-11-11 14:14:49 -06:00
Jason Zimdars df02f48007 Update support email, fine-tune attribution lines 2025-11-10 13:43:35 -06:00
David Heinemeier Hansson fef9c2dab6 turbo_frame_tag has built-in dom_id expansion 2025-11-08 16:42:41 +01:00
Jason Zimdars e7646fab96 More copy and design edits 2025-11-07 07:08:24 +01:00
Stanko K.R. bbe74966a1 Extract saas helpers into a concern 2025-11-07 07:08:24 +01:00
Jason Zimdars 2fee728392 Copy and design 2025-11-07 07:08:24 +01:00
Jason Zimdars 7a58c23e55 Copy edits for unified flow 2025-11-07 07:06:28 +01:00
Mike Dalessio d6db4c930b Print the magic link code in the console in development 2025-11-06 14:51:25 -05:00
Jason Zimdars aaa24074f3 Fix magic link code input
Fix that paste action didn't work and hitting `enter` caused the form to
post twice
2025-11-04 13:18:14 -06:00
Jorge Manrubia 2bb90eab13 Use the sole collection as the root for a better onboarding experience for new accounts 2025-11-04 17:09:35 +01:00
Kevin McConnell 4146dc2b92 Disable Turbo prefetch on signup link
This is because we have basic auth enabled there, so prefetching will
trigger the popup.
2025-11-04 12:51:41 +00:00
Jason Zimdars 7d154b682e Rename 'BOXCAR' to 'Fizzy'
Missed files
2025-11-03 16:30:44 -06:00
Jason Zimdars 1f58cd11b0 Show busy state when submitting forms 2025-10-31 16:26:08 +01:00
Stanko Krtalić 98755844a1 Remove the internal API
* Bind sessions to identities
* Remove references to the identity token
* Move email changes to identity
* Move account menu into a turbo-frame
* Create tenants from a tenanted route
2025-10-31 16:26:08 +01:00
Jason Zimdars 5652e5699f Update design, logo, and copy 2025-10-31 16:26:08 +01:00