Commit Graph

203 Commits

Author SHA1 Message Date
Stanko Krtalić eceb6c9b43 Add self-service account deletion (#2246)
* Add self-service account deletion

* Disable access to cancelled accounts & implement Stripe interactions

* Add tests

* Fix failing tests

* Remove cancelled accounts from lists

* Fix incorrect redirect

* Use _path instead of _url for consistency

* Don't track how far the inicieration job got

We still want the step tracking so that the job can be interrupted. But, since the scope is idempotent, we don't need to track how far it got.

* Specify the exact time when the data will be deleted

* Fix crash due to unadvancable cursor

* Rename up_for_incineration to due_for_incineration

* Regenrate the schema

* Fix incorrect path check

* Migrate the SQLite schema

* Only show the cancel button on cancellable accounts

* Check that a subscirption method exists before calling it

* Ignore job failures due to missing records when an account gets deleted

* Skip sending notifications on cancelled accounts

* Use collbacks to integrate

* Add a blank line between queue_as and discard_on

* Break checks into methods

* Inline methods

* Rename Account::IncinerateJob

* Run migrations

* Migrate SQLite
2026-01-12 14:21:05 +01:00
Jorge Manrubia 6d05ab428e Remove engagements
We are not using this anymore!
2026-01-07 16:43:33 +01:00
Jorge Manrubia ee80b87c8c Add billing system with Stripe
🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Jason Zimdars <jz@37signals.com>
2025-12-16 16:44:20 +01:00
Jeremy Daer 94e991df07 Gitleaks: ignore legit non-sensitive API keys and tokens in docs/ and test/ (#2068) 2025-12-10 14:23:55 -08:00
Mike Dalessio 3191c4ec1e Get gitleaks-audit green again 2025-12-10 17:05:19 -05:00
David Heinemeier Hansson 895b0e13b8 Drop the need for access tokens to have a session 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson db29562c4c Tie access token directly to session
We need to present them differently in the session list and prevent them
from being deleted
2025-12-10 09:23:52 +01:00
David Heinemeier Hansson d384971ea2 Test the boards API 2025-12-10 09:23:52 +01:00
David Heinemeier Hansson a81c681a8d Add access token authentication via HTTP AUTHORIZATION bearer header 2025-12-10 09:23:52 +01:00
Mike Dalessio 4602cd3cdd Add verified_at timestamp to use for spam prevention
User are marked as verified after a join code is redeemed. The user is
redirected to Users::VerificationsController, either:

- after submitting a valid magic link code,
- or immediately after redeeming the join code (if they're already
  authenticated with the correct identity)

Account owners are automatically verified when the account is
created (because they have already provided a magic link code at that
point).

This sets up for later commits that will backfill existing users and
require verification before sending notification emails.

Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-05 21:51:44 -05:00
Kevin McConnell 6475ad3425 Don't try to resize non-variable avatars 2025-12-04 13:36:21 +00:00
Vladimir Dementyev 3832b6230f + connection_test.rb 2025-12-03 16:40:44 +03:00
Kevin McConnell e16cc21b0a Add "data export" feature
- Adds a button in Account Settings where you can request a ZIP export of your
  Fizzy data
- Export files are created in the background. When ready, a link to
  download them is sent to the requester.
- Exports expire after 24 hours. And are limited to 10 per day.
2025-12-01 15:23:26 +00:00
Mike Dalessio edf6b53469 Introduce an "owner" role, and prevent it from being administered
to prevent the owner from being demoted or kicked out.

ref: https://app.fizzy.do/5986089/cards/3213
2025-11-29 14:13:29 -05:00
Jorge Manrubia 8baf5b8abd Make mission control only accessible for staff members 2025-11-28 15:53:58 +01:00
Mike Dalessio 7f46063c25 Introduce gitleaks to the codebase
- `bin/setup` installs gitleaks
- add `gitleaks dir` command to CI
- configure gitleaks to ignore tmp, log, and encrypted files
- tag existing false positives with `gitleaks:allow`
- add historical false positives to the ignore list
2025-11-26 15:46:47 -05:00
Mike Dalessio e0aa1d257e Drop User.system and replace with Account#system_user 2025-11-24 13:23:57 -05:00
Mike Dalessio 4976e4a7bb Update Card::Entropic so its scopes work cross-accounts
with an eye towards making the postpone_all_due recurring job work efficiently.
2025-11-17 09:12:41 -05:00
Mike Dalessio fe6df7085f Finish the rollout of account_id to all core data models
Schema:
- add account_id to tables it was missing from
- make account_id a required column everywhere
- add [account_id] indexes, or add `account_id` to existing indices

Models:
- add `belongs_to :account` to all models (default to using a domain
  model's account whenever possible)
- add account_id in all the necessary fixtures
- add account_id to insert_all hashes
- pass account_id to a few initialize calls

Miscellaneous:
- update the import script to set account_id

Note that I'm not adding account_id to the join tables primarily
because I couldn't think of an easy way to populate it without making
it a full Join model, and that was more work than I have time to take
on right now.
2025-11-17 09:12:40 -05:00
Stanko K.R. 8fa9566c07 Update sign up 2025-11-17 09:12:40 -05:00
Donal McBreen 0e3084f9d3 Fix up join code fixtures and tests 2025-11-17 09:12:36 -05:00
Kevin McConnell e9e68646e3 Fix this test without changing app code 2025-11-17 09:12:31 -05:00
Kevin McConnell 1959e15f7e Fix more tests
These are mainly because the fixture's UUIDs are deterministic rather
than time-sortable, and more places where we need to correct the fixture
IDs as well.
2025-11-17 09:12:31 -05:00
Kevin McConnell c97ea9131f Fix some failing Tests
- Add explicit IDs to fixtures to avoid getting ints
- Remove ordering dependencies in assertions
2025-11-17 09:12:31 -05:00
Mike Dalessio e4011ef211 Update primary keys on customer data to UUIDs
- schema changes to primary and foreign keys
- fixture changes
- customer data models subclass AccountScopedRecord
- import script updated
2025-11-17 09:12:30 -05:00
Stanko K.R. 6858b96619 Simplify join codes 2025-11-17 09:12:17 -05:00
Stanko K.R. 32d96db7d9 Replace card id with card number 2025-11-17 09:12:15 -05:00
Mike Dalessio fbda61f45d Remove TODO comment that I completed 2025-11-17 09:11:57 -05:00
Mike Dalessio ff8d786144 Filter boards by account 2025-11-17 09:11:57 -05:00
Mike Dalessio dbf66f9a50 Constrain user queries to the current or relevant account 2025-11-17 09:11:57 -05:00
Stanko K.R. 8b1ca5e7fb Remove unused account associations 2025-11-17 09:11:42 -05:00
Stanko K.R. 1d6dd09272 Update fixutres 2025-11-17 09:11:42 -05:00
Mike Dalessio 006aa4d6b3 Tests need to set up the script_name properly
which requires tweaking fixtures for the memberships and the account
2025-11-17 09:11:42 -05:00
Mike Dalessio 362427b383 More changes to get setup and tests to run 2025-11-17 09:11:42 -05:00
Jorge Manrubia 80d309cd22 Keep current logical names for colors
So that the db values are not tied to the specific CSS
2025-11-14 11:44:04 +01:00
Jorge Manrubia 1f56adf8aa Reuse logo as avatar 2025-11-07 12:56:43 +01:00
Jorge Manrubia f544dc74f5 Add test 2025-11-07 12:55:04 +01:00
Jorge Manrubia 39ec6cf062 Replace collection with board in the code, tests green 2025-11-05 13:41:12 +01:00
Jorge Manrubia 03a345609e Baseline replacing collection with board across code 2025-11-05 13:31:54 +01:00
Stanko K.R. 5f26690aa1 Redirect to the account you joined after sign in 2025-11-04 07:20:16 +01:00
David Heinemeier Hansson b3474ec97d Rename Entropy::Configuration to just Entropy 2025-11-02 13:11:41 +01:00
Stanko Krtalić 98755844a1 Remove the internal API
* Bind sessions to identities
* Remove references to the identity token
* Move email changes to identity
* Move account menu into a turbo-frame
* Create tenants from a tenanted route
2025-10-31 16:26:08 +01:00
Stanko K.R. 79b012f319 Add Join Codes 2025-10-31 16:24:30 +01:00
Stanko K.R. c8843360fe Clean up and simplify magic links 2025-10-31 16:23:38 +01:00
Stanko K.R. 5cef4ffeb0 Add sign in flow using magic links 2025-10-31 16:22:12 +01:00
Mike Dalessio d0215e9fd2 Introduce untenanted Identity and Membership models
and a script to populate these tables for existing 37id users
2025-10-31 16:22:12 +01:00
Jorge Manrubia 7a1dde1a81 Add tests 2025-10-29 16:41:04 +01:00
Jorge Manrubia 9317a82570 Remove Fizzy Ask
Since we are not going to ship it
2025-10-27 14:45:30 +01:00
Jason Zimdars da413e7540 Remove closure reasons 2025-10-15 16:15:56 -05:00
Jorge Manrubia 7cb575b329 Exclude drafts from filtered cards 2025-10-07 10:32:10 +02:00