Commit Graph

8232 Commits

Author SHA1 Message Date
Italo Matos 5ade7e1a52 Refactor: Simplify TimeWindowParser using Rails convenience methods
- Replace `beginning_of_day..end_of_day` with `all_day`
- Replace `beginning_of_week..end_of_week` with `all_week`
- Replace `beginning_of_month..end_of_month` with `all_month`
- Replace `beginning_of_year..end_of_year` with `all_year`

These changes improve code readability by using idiomatic Rails
methods that accomplish the same thing in a more concise and
expressive way.
2025-12-13 16:31:48 -03:00
nu-wa 472dbeee8c SMTP: support SMTPS on port 465 (#2132)
* Add more configuration options for the SMTP connection

* Add SMTP_TLS option for implicit TLS connections

For SMTPS servers (typically port 465), set SMTP_TLS=true.
Port auto-defaults to 465 when TLS is enabled, 587 otherwise.
STARTTLS is used by default and automatically disabled when TLS is on.

Fixes boolean conversion bug in original PR (string "false" is truthy)
and removes insecure default for certificate verification.

---------

Co-authored-by: Jeremy Daer <jeremy@37signals.com>
2025-12-13 10:57:08 -08:00
Jeremy Daer 3d3593c8f6 Bump fizzy-saas to retain fewer docker images (#2134)
References https://github.com/basecamp/fizzy-saas/pull/32
2025-12-13 10:39:01 -08:00
Ítalo Matos 2066109003 Add test coverage for with_golden_first scope (#2130)
* Add test coverage for with_golden_first scope

Test verifies that the with_golden_first scope correctly orders
golden cards before non-golden cards in query results.

* Refactor golden test: use instance variables, add subordering coverage

Extract @golden and @non_golden fixtures into setup for reuse across
all tests. Simplify with_golden_first test to verify both primary
ordering (golden before non-golden) and subordering preservation.

---------

Co-authored-by: Jeremy Daer <jeremy@37signals.com>
2025-12-13 10:34:35 -08:00
Mike Dalessio 3584df6816 Merge pull request #2133 from basecamp/flavorjones/handle-image-uploads-better
Improve avatar image handling
2025-12-13 13:25:54 -05:00
Ítalo Matos fbc586646f Refactor: improve query scope composition with merge syntax (#2131)
* Refactor: improve query scope composition with merge syntax

Replace manual WHERE clause concatenation with Rails' merge method
for more elegant and maintainable scope composition across Card,
Comment, and Filter models. This approach better follows Rails
conventions and improves code readability.

* Extend scope composition improvements to Card::Closeable

Apply the same nested hash syntax pattern to closures table references
in order and where clauses.

* Remove unnecessary outer braces from where clause

---------

Co-authored-by: Jeremy Daer <jeremy@37signals.com>
2025-12-13 10:10:13 -08:00
Mike Dalessio 139bf3cf81 Validate avatar sizes 2025-12-13 13:05:30 -05:00
Mike Dalessio db4c8c1138 Introduce Vips configuration 2025-12-13 12:41:37 -05:00
Jeremy Daer 82626f020d Tailscale serve support (#2126)
Ensure we can serve the app from multiple hosts without breaking links.
* Switch unnecessary full URLs to paths
* Drop default host/port URL options for controllers

Shell 1
```bash
bin/dev
```

Shell 2
```bash
tailscale serve http://fizzy.localhost:3006
```
2025-12-13 09:29:50 -08:00
Jeremy Daer 43ab17df2f Update tests with final method naming: record! -> record 2025-12-12 21:47:10 -08:00
Mike Dalessio 202a2f599e Merge pull request #2123 from basecamp/flavorjones/development-minio-csp
CSP config to allow Minio in development
2025-12-12 17:15:36 -05:00
Mike Dalessio 7d6cf62665 CSP config to allow Minio in development 2025-12-12 17:00:17 -05:00
Mike Dalessio 08525282de Merge pull request #2122 from basecamp/flavorjones/limit-staging-beta-to-internal
Drop the `staff?` requirement in beta and staging
2025-12-12 15:36:18 -05:00
Mike Dalessio 43fd8ab691 Update fizzy-saas to get employee restriction in staging 2025-12-12 15:31:22 -05:00
Mike Dalessio 9cff236f66 Drop staff restriction in beta and staging
because it was preventing testing of signups.
2025-12-12 15:12:46 -05:00
David Heinemeier Hansson c9e9e7be55 Unused 2025-12-12 20:40:47 +01:00
Mike Dalessio 029227af0a Merge pull request #2113 from basecamp/flavorjones/queenbee-staging-update
saas: Bump queenbee gem for new staging location
2025-12-12 13:10:20 -05:00
Mike Dalessio 6a244b17e6 Use new FIZZY_GH_TOKEN with limited access
because this is a public repo and so doesn't have access to the
private org secret GH_TOKEN anymore.
2025-12-12 13:04:26 -05:00
Jason Zimdars 0bc3ccb528 Merge pull request #2109 from basecamp/theme-tweak
Apply theme preference before body renders
2025-12-12 11:48:47 -06:00
Rosa Gutierrez 7f5fa6d715 Use Sec-Fetch-Site exclusively for CSRF protection
And close the gap with JSON requests, which shouldn't be allowed if
Sec-Fetch-Site is 'cross-site' or 'none', only if it's empty as this
wouldn't be coming from a browser.
2025-12-12 18:37:32 +01:00
Kevin McConnell c636e1a0bd Merge pull request #2116 from basecamp/docker-docs
Document Docker image deployment
2025-12-12 17:30:11 +00:00
Kevin McConnell 4218f2e161 Document Docker image deployment
Also split the README a bit, to move the details under /docs.
2025-12-12 17:26:50 +00:00
Andy Smith 0181b1df84 Merge pull request #2115 from basecamp/maybe-mini-bubble-position
Better mini-bubble position for the Maybe column
2025-12-12 11:17:44 -06:00
Mike Dalessio 430caed61e saas: Bump queenbee gem for new staging location 2025-12-12 11:52:30 -05:00
Kevin McConnell 87ad234f32 Apply theme preference before body
To avoid any visual flashes of the old theme before the Stimulus
controllers load, we can apply the saved theme from `<head>` whenever
there is a full page load.

This applies to both the regular and public views, as we're doing it in
the shared head partial.
2025-12-12 14:17:58 +00:00
Kevin McConnell 0c2d3cccb1 Merge pull request #2084 from basecamp/disable-ssl-env
Add `DSIABLE_SSL` env option
2025-12-12 09:40:21 +00:00
Kevin McConnell e13565ee70 Merge pull request #2104 from basecamp/remove-unused-include
Remove redundant include
2025-12-12 09:14:15 +00:00
Stanko Krtalić 7b989484f5 Merge pull request #2103 from basecamp/fix-race-condition-on-join-code-redemption
Wrap join code redemption in a lock
2025-12-12 10:03:53 +01:00
Stanko K.R. c8a5d01771 Wrap join code redemption in a lock 2025-12-12 09:59:42 +01:00
Kevin McConnell 8d32a322e9 Remove redundant include
This is no longer needed since af0e2488 removed the streaming of
avatar images.
2025-12-12 08:58:52 +00:00
Stanko Krtalić c43c184691 Merge pull request #2093 from robzolkos/add-qr-codes-controller-test
Add QrCodesController test
2025-12-12 08:11:51 +01:00
Stanko Krtalić 0e70ab18e8 Merge pull request #2102 from basecamp/replace-custom-code-generator-with-base32
Replace custom code generator with Base32
2025-12-12 07:57:10 +01:00
Stanko K.R. a4d11e169f Replace custom code generator with Base32 2025-12-12 07:45:23 +01:00
Stanko Krtalić 23425cb67b Merge pull request #2086 from basecamp/harden-magic-links
Pin sign in attempts to the current session
2025-12-12 07:23:19 +01:00
Stanko K.R. f4ef9c9580 Test that you can't go to the magic link screen without an email 2025-12-12 07:16:07 +01:00
Jeremy Daer 586015c3f9 Bundle drift detection and correction (#2101)
Gemfile.saas evals Gemfile, so shared gems should have identical versions
in both lockfiles. This adds bin/bundle-drift to detect and fix drift:

* `bin/bundle-drift check` compares shared gem versions
* `bin/bundle-drift correct` seeds Gemfile.lock from Gemfile.saas.lock
  and re-locks, letting Bundler prune SaaS-only gems while preserving
  shared versions

Adds drift check to bin/ci and GitHub CI. Corrects existing drift.
2025-12-11 21:32:34 -08:00
Ítalo Matos 2e33262960 Refactor: Use Rails range syntax in ActivitySpike query (#2080)
Replace SQL string syntax with Rails range syntax for date filtering
in the ActivitySpike::Detector. This improves code readability and
follows Rails idioms.

Changed from:
  .where("created_at >= ?", recent_period.seconds.ago)

To:
  .where(created_at: recent_period.seconds.ago..)

This modernizes the codebase while maintaining the same functionality.
2025-12-11 20:40:31 -08:00
Javier Valencia 8f68e13707 Fix indentation in multi_db.rb initializer (#2082) 2025-12-11 20:37:28 -08:00
Anthony f2a2878382 Fix typo in translate property in card columns CSS (#2090)
Rename incorrect CSS property from `translaate` to `translate`
2025-12-11 20:36:54 -08:00
Ítalo Matos 0833c52aa0 Refactor: use idiomatic .last instead of .order(:desc).first (#2098)
Simplifies the last_event method in ActivitySpike::Detector by using
the more idiomatic Rails pattern .order(:created_at).last instead of
.order(created_at: :desc).first. Both generate the same SQL query but
.last is more readable and conventional in Rails codebases.
2025-12-11 20:35:38 -08:00
Jeremy Daer 2e17b78e08 bin/bundle-both (#2100)
Convenience for bundling both OSS and SaaS in lock-step:
```bash
> bin/bundle-both install

▸ OSS: Gemfile
bundle install
Bundle complete! 45 Gemfile dependencies, 161 gems now installed.
Use `bundle info [gemname]` to see where a bundled gem is installed.

▸ SaaS: Gemfile.saas
bundle install
Bundle complete! 63 Gemfile dependencies, 187 gems now installed.
Use `bundle info [gemname]` to see where a bundled gem is installed.
```
2025-12-11 20:26:06 -08:00
Jankees van Woezik 78fc80cf35 API: Allow updates to last_active_at (#2076)
* Allow Card#last_updated_at to be set

This is useful when doing an import from another system. I'm currently
working on a script to import our Github issues into Fizzy.

This is discussed in
https://github.com/basecamp/fizzy/pull/2056#discussion_r2609560246

* Add nil fallback and expand test coverage for last_active_at

Adds a safety fallback to Time.current if created_at is unexpectedly nil
during card creation.

Test coverage to verify:
* last_active_at defaults to created_at when not provided
* last_active_at can be updated via API on existing cards
* import workflow where last_active_at is restored after comments
* publishing doesn't overwrite explicit last_active_at values

---------

Co-authored-by: Jeremy Daer <jeremy@37signals.com>
2025-12-11 19:06:03 -08:00
Jason Zimdars eeb016c934 Merge pull request #2055 from xakpc/hotfix/wider-support-for-fonts
hotfix: Expand font stack for better cross-OS support
2025-12-11 20:16:50 -06:00
Jason Zimdars c6efed854e Merge pull request #2088 from robzolkos/fix-view-transition-typo
Fix view-transition-name typo in public card show
2025-12-11 20:12:12 -06:00
Jason Zimdars 7d6b316f77 Merge pull request #2094 from robzolkos/fix-duplicate-use-word
Fix duplicate word: use use → use
2025-12-11 20:08:39 -06:00
Jason Zimdars 6fc4845d62 Merge pull request #2095 from robzolkos/fix-minutes-typo
Fix typo: minues → minutes
2025-12-11 20:07:29 -06:00
Jason Zimdars b21ed270dc Merge pull request #2092 from basecamp/text-update-for-entropy
Fix typo in _entropy.html.erb
2025-12-11 20:06:40 -06:00
Jason Zimdars 0dccd7e19c Move email address into hint line 2025-12-11 19:31:20 -06:00
Matthew Kent eb06884ea7 Bump fizzy-saas to pickup another staging change. 2025-12-11 16:19:06 -08:00
Mike Dalessio 2716368769 Remove the rails credentials from .gitattributes
because they make historical diffs very slow when searching history
with git pickaxe et al
2025-12-11 17:28:22 -05:00