Commit Graph

50 Commits

Author SHA1 Message Date
Stanko K.R. f66fa886bc Return apostrophes to our preferred style 2026-04-15 17:31:10 +02:00
Stanko K.R. c2fe41d376 Fix sign in flow 2026-03-27 10:13:57 +01:00
Stanko K.R. 9614c1ecfb Add a button to sign in with a passkey 2026-03-26 15:59:09 +01:00
Stanko K.R. 693415bc71 Rename request options to authentication options 2026-03-25 17:26:49 +01:00
Stanko K.R. 4fb1cddb4c Use WebComponents for buttons
This simplifies the loading and cleanup logic, while providing ubiquitous support across JS frameworks. Buttons can now be added in any way imaginable and still work without requiring additional initialization. The upside of this aproach is that it doesn't require a mutation observer nor a global click listener, and is supported by all browsers that also support passkeys.
2026-03-25 17:26:49 +01:00
Stanko K.R. 017bcc9ce1 Polish up Passkey interface
- Fix indentation
- Split awkward initializer into separate methods
- Rename credentials to passkeys
- Simplify authenticator registry loading
- Flatten nested errors under ActionPack::WebAuthn
- Set passkey current params only requests that use it
- Inline anemic methods
- Replace custom validation with ActiveModel::Validation
- Rename identity to holder in Passkey
- Rename credentials to passkeys in JS
- Extract framework library out of controllers
- Pass params hashes down to ActionPack
- Attempt to simplify public interface
- Push data decoding down to the classes representing the data
- Introduce has_passkeys
- Add CBOR bigint support
- Rename ActionPack::WebAuthn::Passkey to ActionPack::Passkey
- Add create_passkey_button helper
- Rename public-key to creation-options
- Add sign_in_with_passkey_button helper
- Dispatch events for the whole Passkey lifecycle
- Add ED25519 support
- Prevent crash on missing meta tag
- Validate resident key options
- Don't clobber existing ActionPack config options
- Validate cryptographic params
- Move CurrentWebAuthnRequest into ActionPack::Passkey
- Use ActiveModel::Attributes for Options objects
- Implement expiring challanges
- Add lifecycle events
- Extract param helpers into Request
- Add passkey_creation_options and passkey_request_options helpers
- Add create_passkey_challenge to make it easier to override the create method if needed
- Prefix all view helpers with passkey_
- Auto-include ActionPack::Passkey::Holder
- Make the passkey challange url configurable
- Add a reminder about Passkeys to the magic link email
2026-03-18 11:51:10 +01:00
Stanko K.R. da69039476 Implement Passkey authentication 2026-03-18 11:49:23 +01:00
Stanko K.R. 6c58fd9bdd Implement Passkey registration
- Create Identity credentials
- Add management UI and registration flow
2026-03-18 11:48:52 +01:00
Adam Haris eb8655dc8e refactor: use MULTI_TENANT env variable, model concern instead of controller (#accepting_signups?) 2025-12-10 15:14:22 +01:00
Adam Haris 0780b5168f add env variable to disable multi-tenancy 2025-12-09 15:40:01 +01:00
Jason Zimdars 235c20f3aa Capitalize sentence 2025-12-01 09:54:57 -06:00
Stanko K.R. 354dd1e95a Update signup with the design from signin 2025-11-29 11:58:48 +01:00
Jason Zimdars 13dce732b2 Fussy punctuation 2025-11-17 17:01:08 -06:00
Jason Fried 8534584052 Small copy adjustment on the new or sign in screen. 2025-11-17 13:14:12 -08:00
Jason Zimdars bdde877de3 Apply the new hotkey and style to all back buttons
Also updates design for email address change screens
2025-11-11 15:13:30 -06:00
Jason Zimdars 1190ae101d Ensure sign-in screens adapt on mobile 2025-11-11 14:14:49 -06:00
Jason Zimdars e7646fab96 More copy and design edits 2025-11-07 07:08:24 +01:00
Jason Zimdars 2fee728392 Copy and design 2025-11-07 07:08:24 +01:00
Jason Zimdars 7a58c23e55 Copy edits for unified flow 2025-11-07 07:06:28 +01:00
Jason Zimdars 5652e5699f Update design, logo, and copy 2025-10-31 16:26:08 +01:00
Mike Dalessio a429f05503 Fix logo references 2025-10-31 16:26:08 +01:00
Jason Zimdars c0b4205b3c Fix missing images 2025-10-31 16:24:30 +01:00
Jason Zimdars 193d8bd9b5 Style email and magic link code screens 2025-10-31 16:22:12 +01:00
Stanko K.R. 5cef4ffeb0 Add sign in flow using magic links 2025-10-31 16:22:12 +01:00
Jason Zimdars f5384baf63 Boxcar -> BOXCAR 2025-10-23 15:05:36 -07:00
Jason Zimdars 49e87310d7 Rename Fizzy, Boxcar 2025-10-22 13:42:41 -07:00
Mike Dalessio 3399e45130 Introduce an "Identity" model to ease login
- New untenanted Identity and Membership models
- New `identity_token` cookie with path "/" holds state across tenants

We're not sure whether the untenanted database will be sqlite or
MySQL, and so I've been careful to minimize

- database reads, placing them behind etags and caching
- database writes, only writing when a new Session is created (login)

Note that we track two things in the identity_token cookie: a signed
id, and the updated_at for the underlying Identity object. This allows
us to effectively cache on the Identity without having to hit the
database, by using an Identity::Mock object that is compatible with
etag and cache methods.

The new integration test shows the desired user-facing behavior, which
is to make it easy to login without a tenanted URL and to jump between
tenants.

- the untenanted "login_help" page shows all linked memberships
- the jump menu shows all linked memberships (except the current)

Also introduced a utility script to populate existing employee
Identities, grouping accounts by email address.
2025-10-10 10:12:25 -04:00
Mike Dalessio 57269b1b9c Allow local authentication with LOCAL_AUTHENTICATION=1
You can touch `tmp/local-auth.txt` to persist this setting.
2025-08-06 17:05:35 -04:00
Mike Dalessio fa1c5f7279 Remove session controller actions other than delete
and do some general cleanup around sessions controllers and the
sign_in_as test helper
2025-07-02 15:03:28 -04:00
Jason Zimdars 60890b10ee Remove translations feature 2025-04-09 14:11:32 -05:00
Andy Smith 51d907fca3 Replace stray image_tag instances and remove colorize class 2025-04-02 14:32:21 -05:00
David Heinemeier Hansson de6f782ca3 Extract icon_tag helper to reduce repetition 2025-03-29 17:22:51 +01:00
Mike Dalessio 1a4e2fdea4 Remove unnecessary "turbo: false" from forms
because the turbo responses have been moved from EventsController to
Events::PagesController, we can now redirect to the Events index page
within a turbo session.
2025-03-26 07:47:01 -04:00
Jason Zimdars 28a569c49b Tickets 2025-03-17 21:24:08 -05:00
Jason Zimdars c4bc9242e2 Fix sign-in logo 2025-02-21 10:49:27 -06:00
Jason Zimdars 1d0562f905 Refactor 2025-02-21 10:44:40 -06:00
Jason Zimdars 0d4dc9f474 Use new bubble shape 2024-11-19 09:52:50 -06:00
Jeffrey Hardy 7863bb5862 Prompt for first-run setup when no accounts exist 2024-09-30 13:17:31 -04:00
Jason Zimdars 0c2fb156a7 Polish logo placeholder 2024-09-18 12:55:36 -05:00
Jason Zimdars bcfba64c69 Polish sign-in screen 2024-09-11 16:27:15 -05:00
Jason Zimdars 925247acfc Rework main layout, comments layout, and list layout 2024-09-09 17:53:13 -05:00
Jeffrey Hardy 40863453e0 Recast categories as tags 2024-09-05 17:36:48 -04:00
Jeffrey Hardy 5aae70298b Rename Splat to Bubble 2024-09-04 14:54:11 -04:00
Jeffrey Hardy 84e586ff65 Render the assigned page title 2024-08-20 14:17:08 -04:00
Jeffrey Hardy c36831c0ed Remove default username input value from params until needed 2024-08-20 14:17:08 -04:00
Jeffrey Hardy e3983d5bbe Use Rails' new sessions generator to replace the existing setup
Ref: https://github.com/rails/rails/pull/52328
2024-08-20 14:17:05 -04:00
Jason Zimdars 81abde2849 Some polish and name change stuff 2024-08-08 18:06:19 -05:00
Jason Zimdars 7bb16e0bcc Refine new splat shape 2024-08-05 17:10:38 -05:00
Jason Zimdars ac38edd49e Design sign-in flow 2024-07-24 17:42:43 -05:00
Kevin McConnell c4fb1bdc76 Add minimal authentication flow to get started 2024-06-21 16:45:29 +01:00