Commit Graph

1531 Commits

Author SHA1 Message Date
Stanko K.R. 84213265e7 Render friendly error message when using an invalid token 2025-12-03 15:37:27 +01:00
Stanko K.R. 6e9381abb8 Fix crash in join code redemption race condition 2025-12-03 13:29:20 +01:00
Dave Kimura 337af0a575 Merge branch 'basecamp:main' into main 2025-12-02 16:08:26 -05:00
Dave Kimura 2f740c81c0 (account): encode external_account_id in slug
- Use `AccountSlug.encode` to generate slug instead of raw ID
  - Fixes where slug is /1 and will be in the proper format of /0000001
2025-12-02 16:07:04 -05:00
Mike Dalessio a2e024c1b5 Disconnect action cable when user is deactivated
ref: https://app.fizzy.do/5986089/cards/2785
2025-12-02 14:26:04 -05:00
Jorge Manrubia dfe8e7bd5d Scope general broadcasts by account
Because DoS ourselves is not fun
2025-12-02 18:10:49 +01:00
Jorge Manrubia 32fe4339ee Remove general broadcast temporarily 2025-12-02 18:03:19 +01:00
Kevin McConnell f7e2b4e0ba Don't compress attachments in export
Since they are typically images and videos, which are already
compressed.
2025-12-02 10:39:56 +00:00
Kevin McConnell d24726c1d3 Merge pull request #1768 from basecamp/data-exports
Add "data export" feature
2025-12-02 09:56:40 +00:00
Stanko K.R. 78c6751fa0 Prohibit link local addresses 2025-12-02 09:32:15 +01:00
Jason Zimdars 15f4454861 Remove line breaks, update back button copy
Lexxy no longer requires two returns between items
2025-12-01 23:52:21 -06:00
Jorge Manrubia af0113c9ee After touch should trigger board touch too
The change in https://github.com/basecamp/fizzy/commit/c606de7b41f57734c4c859c5fc3d98c952b26d58#diff-1ecde9fb1ee2494e5d94e807f51f861928f77cfcfb0884889911b62a32c2ff4cL4-R23 was preventing marking cards as golden from broadcasting
2025-12-02 05:55:49 +01:00
Kevin McConnell 2c1ab1bb29 Formatting 2025-12-01 17:19:59 +00:00
Kevin McConnell 3eaf9cb350 Put fizzy in the export filename 2025-12-01 16:01:41 +00:00
Kevin McConnell c492e6c4c4 Make the JSON prettier 2025-12-01 15:54:24 +00:00
Kevin McConnell 45afe494ec Skip missing files 2025-12-01 15:40:07 +00:00
Kevin McConnell 12f6dbf79f Handle remote image attachments too 2025-12-01 15:36:35 +00:00
Kevin McConnell e16cc21b0a Add "data export" feature
- Adds a button in Account Settings where you can request a ZIP export of your
  Fizzy data
- Export files are created in the background. When ready, a link to
  download them is sent to the requester.
- Exports expire after 24 hours. And are limited to 10 per day.
2025-12-01 15:23:26 +00:00
Jorge Manrubia 29d07e7326 Fix: not detecting mentions when publishing saved drafts
The problem was that publishing a card with `#publish` was tracking the event
after updating the status, which was clearing the saved changes and preventing the
code from detecting the mention.

See:
https://app.fizzy.do/5986089/cards/2835
2025-12-01 15:39:45 +01:00
Mike Dalessio edf6b53469 Introduce an "owner" role, and prevent it from being administered
to prevent the owner from being demoted or kicked out.

ref: https://app.fizzy.do/5986089/cards/3213
2025-11-29 14:13:29 -05:00
Stanko K.R. 2311efd03e Make sign up Magic Links work across devices
Previously if someone started signing in on their phone, but finished it on their laptop, they'd end up on the menu screen with no account. Bu tracking the purpose of a Magic Link we can always direct the user to sign up if they requested a magic link through sign up. This also makes the logic for changing the copy in the email more robust.
2025-11-29 12:36:00 +01:00
Mike Dalessio 434a9671cc Ensure Account::ExternalIdSequenceTest.value is never nil
If no record exists, create it. This fixes a test in fizzy-saas in
test/models/signup_test.rb that was not actually testing with a valid
external account id.
2025-11-28 14:27:14 -05:00
Jorge Manrubia 4e09352c09 Bring simple signup flow from the fizzy-saas gem
We skip the QB code and we fill external account ids automatically on creation with a sequence

See:
https://github.com/basecamp/fizzy-saas/pull/7
2025-11-28 15:53:58 +01:00
Jorge Manrubia 2061ab4ab2 Use dedicated sequence record instead of deal with issues with ids and uuids when using the previous approach 2025-11-28 15:53:58 +01:00
Jorge Manrubia 07b4c55185 Auto-increment external_account_id automatically by default to allow upcoming simple signups 2025-11-28 15:53:58 +01:00
Mike Dalessio 3f8d10d679 Merge pull request #1747 from basecamp/flavorjones/perf-20251127
Address some N+1 query situations
2025-11-27 12:46:56 -05:00
Mike Dalessio 09366fc949 style: rubocop fix 2025-11-27 12:34:31 -05:00
Stanko K.R. e3d91f4ba2 Fix join codes skipping user setup
If someone joined an account with the same identity as they were signed in with the old logic would skip the user setup step
2025-11-27 17:59:17 +01:00
Mike Dalessio 50fe973105 Remove N+1 on the cards board. 2025-11-27 11:30:54 -05:00
Mike Dalessio 0ab3aaca72 Preload Event to avoid N+1s on the timeline 2025-11-27 11:27:10 -05:00
Mike Dalessio 79c9ea2ce1 Remove a bunch of N+1s
related to notification and comment rendering
2025-11-27 11:08:45 -05:00
Jason Zimdars 5e971f41af Set entropy to 1 year so cards don't close before they can play 2025-11-27 09:18:33 -06:00
Jason Zimdars 48d9a25820 Fix that 'closed'->'done' change broke this route 2025-11-26 14:58:17 -06:00
Mike Dalessio 9446bc18d2 Simplify Current.with_account and .without_account
Co-authored-by: Jeffrey Hardy <jeff@37signals.com>
2025-11-26 12:31:49 -05:00
Donal McBreen c4498212dc Merge branch 'main' into sqlite
* main: (116 commits)
  Ensure avatar thumbnails are square
  Update useragent to recognize twitterbot/facebot
  Add defensive styles for non-square avatar images
  Update test for copy changes
  Missed commit
  AI: standardize on https://agents.md
  Make it clear this is just notifications, not comprehensive activity
  AI: configure MCP servers for Chrome, Grafana, and Sentry (#1727)
  Allow requests from Google Image Proxy
  Update to basecamp's useragent fork
  Clean up a little bit the CSRF reporting code
  Claude: production observability guidance (#1725)
  Prevent autoscroll to the root columns container to prevent jump on page load
  Include full name string so you can type your name to filter
  Prioritize current user and assigned users in assignment dropdown
  Check and report on Sec-Fetch-Site header for forgery protection
  bundle update
  Bump bootsnap from 1.18.6 to 1.19.0
  Bump rails from `077c3ad` to `17f6e00`
  Fix cards getting stuck in edit mode
  ...
2025-11-26 10:07:41 +00:00
Donal McBreen 9c86205510 Enforce SQLite column limits via CHECK constraints
Patch the sqlite adapter to add CHECK constraints for string and text
column limits. We'll do them inline, so that any column changes
automatically update the constraints.
2025-11-26 09:50:29 +00:00
Kevin McConnell ca5065a378 Ensure avatar thumbnails are square
Previously we were fitting the image inside a 256x256 box while keeping
it's original aspect ratio. But this can lead to images that are
squished and/or pixelated when we try to show them inside a square
container in the app.

Instead we can resize them to be square.
2025-11-26 09:21:46 +00:00
Donal McBreen 97bcdf1853 Enforce column limits via concern
SQLite columns lengths are purely informational, so we'll enforce the
limits via a concern that checks the lengths from the schema.
2025-11-25 15:32:34 +00:00
Donal McBreen c2eb840e2b Use Uuid type directly 2025-11-25 13:47:08 +00:00
Stanko K.R. f64a49dcc0 Determine staff members based on flag
This replaces the old system based on email addresses, the aim is to make it more generic and thus appropriate for OSS/self-hosting

See: https://3.basecamp.com/2914079/buckets/37331921/todos/9302705265#__recording_9320051455
2025-11-25 14:09:31 +01:00
Donal McBreen b571303385 Don't use Current.account for search records
It doesn't actually work, and even if we could make it work reliably
we are better off if the records always know to go to the right shard.

It does make the interface a bit more complicated as we need to select
the right shard class with `for(account_id)`.
2025-11-25 11:34:41 +00:00
Mike Dalessio e0aa1d257e Drop User.system and replace with Account#system_user 2025-11-24 13:23:57 -05:00
Stanko K.R. e85c5736c9 Render system user avatars using redirects 2025-11-24 12:05:32 +01:00
Jason Zimdars 433a19e103 Add an avatar for the System user 2025-11-24 12:04:33 +01:00
Jason Zimdars 0c49d3c2a6 Use "Done" for consistency
Closed is domain language
2025-11-24 12:04:33 +01:00
Jason Zimdars 86932803e4 Clarify not now move actions copy 2025-11-24 12:03:34 +01:00
Jason Zimdars 5fac18d01f Restore auto-postponed events to the timeline 2025-11-24 12:03:34 +01:00
Mike Dalessio 09e6a15c6e Merge pull request #1696 from basecamp/flavorjones/avoid-overlapping-bundles
Prevent overlapping bundles from being created
2025-11-23 10:20:17 -05:00
Jorge Manrubia f0851988a2 Revert tentatively
Kevin got a bunch of dups, need to look into this more calmly https://3.basecamp.com/2914079/buckets/37331921/chats/9301300227
2025-11-23 10:18:39 +01:00
Mike Dalessio db51b616bb Handle notifs created before the current bundle starts_at 2025-11-22 22:38:23 -05:00