Commit Graph

46 Commits

Author SHA1 Message Date
Mike Dalessio bb2d3a59b5 prefactor: update search to use published cards
We're about to make a change to assert that draft cards are not added
to the search index, and so let's make the intention behind these
tests clear first.
2026-01-23 11:07:43 -05:00
Stanko K.R. b6edb93c47 Pin sign in attempts to the current session
This makes it way more difficult to brute-force a magic link.

Original implementation by udiudi. Ref: https://github.com/udiudi/fizzy/pull/1/files

Discussion: https://github.com/basecamp/fizzy/discussions/1981

Co-Authored-By: Udi <udi@udi.codes>
2025-12-11 19:05:54 +01:00
Kevin McConnell 0e443d3602 Use initializer to configure tenant mode 2025-12-11 11:20:43 +00:00
Kevin McConnell a5580666a7 Single tenant by default & update tests 2025-12-11 11:20:43 +00:00
Mike Dalessio abe48f0efa Ensure user toggles on board edit page are cached properly
Not including the disabled flag as part of the cache resulted in
issues like the one described in #1992
2025-12-08 14:21:56 -05:00
Donal McBreen 19b0e25eac Split sqlite/mysql record stuff 2025-11-21 09:15:19 +00:00
Donal McBreen bb36b4846f Support SQLite searching 2025-11-21 09:15:19 +00:00
Mike Dalessio e3d86bb21e Clean up some spots where "current account" is ambiguous
Primarily this is in tests (which were caught by temporarily
introducing acts_as_tenant and enabling safety checks), but notably
action cable connections were not working properly, and that's now
fixed.
2025-11-17 09:12:41 -05:00
Donal McBreen 11acbda36d Fix search tests to work without memberships 2025-11-17 09:12:41 -05:00
Donal McBreen 28efe28f24 Replace Search::Index with Search::Records
Lean on ActiveRecord models for searching and strip out the raw SQL.
Replaces the search_index_* tables with sharded search_records_* tables
as that allows us to use a Search::Record model name.

A Class is dynamically created for each record table shard so that we
and we can access it via the Search::Record.for_account(account_id)
method.
2025-11-17 09:12:40 -05:00
Jorge Manrubia 3b34703db3 Make sure that only admins or card creators can delete cards 2025-11-05 16:37:43 +01:00
Jorge Manrubia bfc0b75e6c Not used 2025-11-03 07:16:11 +01:00
Stanko Krtalić 98755844a1 Remove the internal API
* Bind sessions to identities
* Remove references to the identity token
* Move email changes to identity
* Move account menu into a turbo-frame
* Create tenants from a tenanted route
2025-10-31 16:26:08 +01:00
Stanko K.R. 79b012f319 Add Join Codes 2025-10-31 16:24:30 +01:00
Stanko K.R. 5cef4ffeb0 Add sign in flow using magic links 2025-10-31 16:22:12 +01:00
Mike Dalessio ffe9fdb099 test: assert on the redirect in the login helper
which can help diagnose more subtle Rails errors like in https://github.com/basecamp/activerecord-tenanted/issues/210
2025-10-06 17:00:36 -04:00
Mike Dalessio 47370084d2 Remove code related to Launchpad auth or 37id Users 2025-10-02 16:33:23 -04:00
Mike Dalessio 2630e4bd74 Extract 37id and QB controllers, models, and tests 2025-09-13 16:03:02 -04:00
Mike Dalessio 8f39c015ea Tests now pass with local authentication
This is the first step of a multi-step SaaS engine extraction.

Looking ahead to an open source release, we need to make sure that
local authentication is treated as an "official" option, and not just
a hack I added for Kevin to do load testing outside our DC. So this PR
gets to green, and adds a CI step in "local authentication" mode.

This all probably feels a little hacky to you, Reader, but the goal of
this change is to ease the next step, which will be extracting the
37id and Queenbee integrations into a proprietary "SaaS mode" engine.

In service of that goal, this commit simply wraps all of the dependent
code and tests with a conditional check on
`config.x.local_authentication`.
2025-09-13 15:21:00 -04:00
Jorge Manrubia 5b68750713 Generate weekly highlights instead of daily ones
https://3.basecamp.com/2914079/buckets/37331921/todos/9010176047
2025-09-01 16:01:19 +02:00
Jorge Manrubia fa82dc0384 Remove code related to Fizzy Do /command support and filtering
https://3.basecamp.com/2914079/buckets/37331921/messages/8961776532
2025-08-18 13:41:20 +02:00
Stanko K.R. 33daa866f3 Test the list cards tool 2025-08-13 15:14:12 +02:00
Mike Dalessio 5540b0fd1b Make sure session cookie has the correct path for the tenant
ref: https://fizzy.37signals.com/5986089/collections/7/cards/1234
2025-08-10 18:53:52 -04:00
Jorge Manrubia 711d9207ed Little refactor + missing test 2025-07-25 10:04:07 +02:00
Jorge Manrubia 7de45cc061 Remove vcr_record! and fix VCR fixtures due to different timestamps 2025-07-24 16:48:06 +02:00
Mike Dalessio fa1c5f7279 Remove session controller actions other than delete
and do some general cleanup around sessions controllers and the
sign_in_as test helper
2025-07-02 15:03:28 -04:00
Mike Dalessio b8368de002 Update the Command classes to handle paths with account slugs 2025-07-01 15:56:14 -04:00
Jorge Manrubia a7cdf964dd Fix tests after updating rails 2025-06-13 10:49:52 +02:00
Jorge Manrubia b9ec71ff84 Format 2025-06-05 15:21:18 +02:00
Jorge Manrubia d22cbe6f7f Add tests for stalled detection 2025-06-05 15:09:55 +02:00
Jorge Manrubia 7c1bd23460 Exclude body checking in this test
Requests like summarize can result in completely different responses
2025-06-05 13:02:40 +02:00
Jorge Manrubia fa04016cbe Revert "Revert "Replace House with Lexical"" 2025-05-29 14:25:16 +02:00
Jorge Manrubia 08d8b2e5ff Revert "Replace House with Lexical" 2025-05-29 14:22:27 +02:00
Jorge Manrubia 6d88975d46 Use existing method 2025-05-29 13:07:20 +02:00
Jorge Manrubia 34eb8f1672 Format 2025-05-29 12:38:07 +02:00
Jorge Manrubia ecf82d8703 Make tests pass with action text 2025-05-29 12:37:16 +02:00
Jorge Manrubia b8f94c4ecb Add VCR and some initial tests 2025-05-16 13:29:18 +02:00
Jorge Manrubia 863ced55c4 Add tests 2025-05-06 14:17:28 +02:00
David Heinemeier Hansson 7adbd8d634 Use card rerendering instead of redirects 2025-04-17 15:20:27 +02:00
David Heinemeier Hansson dbf61f4fc3 Use _path in all cases where we are not potentially changing the domain 2025-04-13 08:17:36 +02:00
Jorge Manrubia cfe91c25c9 Add admin role, make sure only admins can remove and promote other users 2025-04-03 17:43:29 +02:00
Kevin McConnell 16a80ff3a6 More dynamic activity scores
This introduces a more dynamic system of activity scoring, to improve
the way bubbles "bubble up" due to their activity. There are a few
different parts we can tune here, and it's likely we'll need to make
adjustments once we get a feel for how this works in practice.

The basic idea here is:

- We assign points for certain types of event that happen on a bubble. A
  boost gets 1 point, a comment gets 10 points, and so on.
- These points decay over time, at a rate of 50% per day. So old
  activity is worth much less than new activity. Bubbles should rise up
  quickly when acted upon, bit will float back down if left idle.
- Some comments can score higher than others: the first comment from
  each person on a bubble is worth more (20) because it signals that
  more people are getting involved; and comments that follow a comment
  by a different author are also worth more (15) because that signals
  there's ongoing conversation between people, not just a series of
  notes being left by one individual.

In terms of implementation, we persist the score on the bubble
whenever it changes, but we handle the decay on the client side. That
allows us to cache the bubble representation without having to
continually change it while its activity decays.

We also keep a separate `activity_score_order` attribute on the model.
This can be used to sort the bubbles in order of "most active", without
having to think about the decay.
2025-03-05 17:16:31 +00:00
Kevin McConnell 66d0f29d45 Notify on pop as well
And DRY up some duplication.
2025-01-13 14:21:47 +00:00
Jose Farias 6b8b989058 sign_in -> sign_in_as 2024-10-09 12:48:21 -04:00
Jeffrey Hardy e3983d5bbe Use Rails' new sessions generator to replace the existing setup
Ref: https://github.com/rails/rails/pull/52328
2024-08-20 14:17:05 -04:00
Kevin McConnell c4fb1bdc76 Add minimal authentication flow to get started 2024-06-21 16:45:29 +01:00