User are marked as verified after a join code is redeemed. The user is
redirected to Users::VerificationsController, either:
- after submitting a valid magic link code,
- or immediately after redeeming the join code (if they're already
authenticated with the correct identity)
Account owners are automatically verified when the account is
created (because they have already provided a magic link code at that
point).
This sets up for later commits that will backfill existing users and
require verification before sending notification emails.
Co-Authored-By: Claude <noreply@anthropic.com>
- Adds a button in Account Settings where you can request a ZIP export of your
Fizzy data
- Export files are created in the background. When ready, a link to
download them is sent to the requester.
- Exports expire after 24 hours. And are limited to 10 per day.
Previously we were fitting the image inside a 256x256 box while keeping
it's original aspect ratio. But this can lead to images that are
squished and/or pixelated when we try to show them inside a square
container in the app.
Instead we can resize them to be square.
- redirect avatar image requests to the rails_blob_url, instead of
streaming them through the web app
- use a thumbnail variant for avatar images
- only put avatar initials behind the stale? check (not the image
redirect, which would result in browsers rendering broken images when
an avatar is changed, until max-age expires)
- Switch to binary 16 for UUID keys
- Remove AccountScopedRecord base class, all model use binary uuids now
- Fix the search sql to serialize uuids properly
- Patch the MySQL schema dumper to output binary lengths
* Bind sessions to identities
* Remove references to the identity token
* Move email changes to identity
* Move account menu into a turbo-frame
* Create tenants from a tenanted route
- New untenanted Identity and Membership models
- New `identity_token` cookie with path "/" holds state across tenants
We're not sure whether the untenanted database will be sqlite or
MySQL, and so I've been careful to minimize
- database reads, placing them behind etags and caching
- database writes, only writing when a new Session is created (login)
Note that we track two things in the identity_token cookie: a signed
id, and the updated_at for the underlying Identity object. This allows
us to effectively cache on the Identity without having to hit the
database, by using an Identity::Mock object that is compatible with
etag and cache methods.
The new integration test shows the desired user-facing behavior, which
is to make it easy to login without a tenanted URL and to jump between
tenants.
- the untenanted "login_help" page shows all linked memberships
- the jump menu shows all linked memberships (except the current)
Also introduced a utility script to populate existing employee
Identities, grouping accounts by email address.
This is the first step of a multi-step SaaS engine extraction.
Looking ahead to an open source release, we need to make sure that
local authentication is treated as an "official" option, and not just
a hack I added for Kevin to do load testing outside our DC. So this PR
gets to green, and adds a CI step in "local authentication" mode.
This all probably feels a little hacky to you, Reader, but the goal of
this change is to ease the next step, which will be extracting the
37id and Queenbee integrations into a proprietary "SaaS mode" engine.
In service of that goal, this commit simply wraps all of the dependent
code and tests with a conditional check on
`config.x.local_authentication`.
* main: (50 commits)
Regenerate fixtures
Let summaries know about collections
Regenerate fixtures
More tweaks
Regenerate fixtures after tweaking prompt
Fix model selection (I had broken it!)
Some prompt refinements
Some of us have basecamp.com email addresses
Update nokogiri and thor to addres CVEs
Fix tests
Format
Move model options to helper
Tidy up the admin tool for prompts
Extract methods
Format
Default to the current summary
Make models selectable
Add an animated effect for the generating state
Remove debug
Wrap them both in the container so the generating state looks right
...
* main:
Update dependencies
dep: bump to ruby 3.4.5
Switch to docker-dev
Cache needs to include publication key
First iteration on adding new users, from the console.
Fix clear button position in Safari
Give them screen reader labels
Not needed
Add missing `lang` attribute
Restore missing aspect ratio on the perma
Give the field more space when typing on mobile
We're only concerned with truncating the placeholder, scope to that
Make sure users can't login from launchpad if they're deactivated
Destroy the SignalId::User when a user is deactivated