Commit Graph

7968 Commits

Author SHA1 Message Date
Jeremy Daer 8eb01da057 Process blob variants using local files
Rails does post-upload variant processing using the same file upload
in https://github.com/rails/rails/pull/56327

Unrelated Lexxy bump:
Pulls in https://github.com/basecamp/lexxy/pull/493 to work around `dom_id`
removal from ActionText tag in https://github.com/rails/rails/pull/51238
2025-12-08 23:41:15 -08:00
Jeremy Daer b23a5d0b7c Fix flaky tests caused by leaky show_exceptions twiddling (#2028)
Rails memoizes `@app_env_config`, so running push subscriptions test
after join codes test will result in running with `show_exceptions:
:none`, causing RecordInvalid to raise instead of returning 422 status.

References #1996
2025-12-08 23:27:36 -08:00
Jeremy Daer 49c4f2adc6 Fix ActiveStorage FileNotFoundError with immediate variant processing (#2022)
When ActiveStorage::Record uses `connects_to` for read replica support,
it creates a separate connection pool from ApplicationRecord. This causes
`after_commit` callbacks to fire in non-deterministic order - the
Attachment's `create_variants` callback can fire before the User model's
upload callback completes, resulting in FileNotFoundError.

The fix removes replica connection configuration from ActiveStorage::Record
so it shares the same connection pool as application models, ensuring
proper callback ordering.

Also reverts test workarounds that were added to work around this issue,
since the root cause is now fixed.

See: https://github.com/rails/rails/issues/53694
2025-12-08 14:44:49 -08:00
Jorge Manrubia cb0e9b9962 Immediate avatar and embed variants (#2002)
Reverts #2001
Restores #1955
2025-12-08 14:17:06 -08:00
Jason Zimdars f8a812f038 Merge pull request #2021 from basecamp/internal/pr-2000
Update font stack
2025-12-08 16:10:23 -06:00
Andy Smith fbb47eda4d Merge pull request #2020 from basecamp/lexxy-highlight-fixes-ios
Account for browser button styled and adjust mobile padding for perma BG
2025-12-08 16:04:34 -06:00
Jason Zimdars 3cdcd3f00c Should be in global gitignore 2025-12-08 16:03:39 -06:00
Andy Smith bc8ecc3e91 Account for browser button styled and adjust mobile padding for perma BG 2025-12-08 15:59:58 -06:00
Andy Smith 14e763ec59 Merge pull request #2019 from basecamp/wrap-lexxy-overflow
Wrap the overflow menu
2025-12-08 15:47:09 -06:00
Andy Smith 27585a75b2 Wrap the overflow menu 2025-12-08 15:01:47 -06:00
Mike Dalessio e1c9b7df1e doc: update style doc reference for LLM agents 2025-12-08 15:29:26 -05:00
Mike Dalessio 5328d63840 Merge pull request #2017 from basecamp/flavorjones/2003-identity-destroy-cleanup
Fix Identity destruction callback ordering
2025-12-08 15:21:54 -05:00
Mike Dalessio 3c4b838b25 Fix Identity destruction callback ordering
ref: #2003

Co-authored-by: Dylan <dylan@restaurantcare.com.au>
2025-12-08 15:12:38 -05:00
Mike Dalessio e4b5139683 Merge pull request #2015 from basecamp/dependabot-cooldown
Adopt a cooldown period for dependency updates
2025-12-08 15:01:36 -05:00
Mike Dalessio 15fda97ac0 Merge pull request #2016 from basecamp/flavorjones/1992-fix-toggle-caching
Ensure user toggles on board edit page are cached properly
2025-12-08 14:30:15 -05:00
Mike Dalessio abe48f0efa Ensure user toggles on board edit page are cached properly
Not including the disabled flag as part of the cache resulted in
issues like the one described in #1992
2025-12-08 14:21:56 -05:00
Rosa Gutierrez 2352f30b61 Adopt a cooldown period for dependency updates
As suggested by @flavorjones, and explained in:
https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns

This applies:
- 7 days as default: from the article, a 7-day
cooldown would have prevented 8 out of 10 recent
supply chain attacks. It seems reasonably long
but not crazy long.
- 14 days for major versions, to give some time
to the community to find problems.
2025-12-08 20:05:03 +01:00
Jeremy Daer dcc005be34 Add lazy error context for Rails error reporter (#2014)
Register a middleware with Rails.error that adds identity_id and
account_id from Current attributes. Only evaluated when an error
is actually reported, avoiding the cost on successful requests.
2025-12-08 11:00:40 -08:00
Mike Dalessio c2380dc057 Merge pull request #2013 from basecamp/flavorjones/1992-board-admin
Disable board edit buttons for select all/none when not privileged
2025-12-08 13:46:53 -05:00
Mike Dalessio 48730d67e0 Disable board edit buttons for select all/none when not privileged
ref: https://github.com/basecamp/fizzy/discussions/1992
2025-12-08 13:32:41 -05:00
Jeremy Daer b88182c3ad Autotuner: use structured logging instead of Sentry (#2011)
Move thousands of info-level Sentry events to logs. Query Loki rather
than downsampling events: `event.action = "run.ruby-script",
script.name = "autotuner"`
2025-12-08 10:01:28 -08:00
Jason Zimdars bc073a7e79 Merge pull request #2008 from nqst/involvement-button-label-restore
Restore "Watch this" / "Stop watching" button labels
2025-12-08 11:57:16 -06:00
Mike Dalessio cf6d3e2361 Merge pull request #2010 from basecamp/flavorjones/search-results-datetime
Add datetime to the search results
2025-12-08 12:12:36 -05:00
Mike Dalessio 642506e79e Add datetime to the search results
I find it helpful (especially when going through a long list of
results) to know how far back in time I'm looking.

A note on the timestamp being used: it's the search index
timestamp. Using the card or comment `updated_at` is fraught because
we do so much touching of records (e.g., comment is touched when a
reaction is added; card is touched when a comment is added). Let's
display the search record's `created_at`, which is the ordering used
for the overall results.
2025-12-08 11:58:54 -05:00
Mike Dalessio 63805aee0f Merge pull request #1984 from gijigae/fix/japanese-ime-input
Fix Japanese IME input handling for tag, step, and reaction fields
2025-12-08 11:09:33 -05:00
Alexander Zaytsev c479235c60 Fix involvement button label 2025-12-08 15:54:36 +01:00
Robin Brandt 2110fba227 Bump mittens to 0.3.1 (#2006) 2025-12-08 15:26:39 +01:00
Jorge Manrubia 15983cede3 No need to pass Currentl.user since it is the default value for the param 2025-12-07 20:03:06 +01:00
Mike Dalessio 30422486df Merge pull request #2005 from basecamp/flavorjones/join-code-email-validation
Validate email before creating identity during join code redemption
2025-12-07 13:33:01 -05:00
Mike Dalessio 661a7e5e2d Validate email before creating identity during join code redemption
Avoid Sentry exceptions when attackers try to stuff invalid emails. The
browser performs form field validation that should normally prevent this
from occurring, so we just return 422 without validation error messages.

See similar change in #1996 for sign-in and sign-up
2025-12-07 13:26:34 -05:00
user 0b1a25c6b9 Ignore RubyMine project files in .gitignore 2025-12-07 20:47:25 +09:00
Jorge Manrubia 12eceb97eb Merge pull request #2001 from basecamp/revert-1955-immediate-variants
Revert "Immediate avatar and embed variants"
2025-12-07 12:09:03 +01:00
Jorge Manrubia c8c91259c7 Revert "Immediate avatar and embed variants" 2025-12-07 12:06:03 +01:00
Jorge Manrubia 7fe22b5767 Merge pull request #1971 from ari-party/patch-02
README.md codeblock consistency
2025-12-07 11:59:52 +01:00
Jorge Manrubia 2ef0377f56 Merge pull request #1966 from ari-party/main
Add WEB_CONCURRENCY env support for Puma worker count
2025-12-07 11:59:15 +01:00
Jorge Manrubia 568783efd1 Merge pull request #1905 from basecamp/web-push-ssrf
Security: Web Push SSRF
2025-12-07 11:58:14 +01:00
Jorge Manrubia 91017c9208 Merge pull request #1955 from basecamp/immediate-variants
Immediate avatar and embed variants
2025-12-07 11:50:02 +01:00
Jorge Manrubia 4a6f28b7c5 Merge pull request #1948 from jstarner/custom-delete-modals
Replace turbo confirmation dialogs with custom delete modals
2025-12-07 11:48:58 +01:00
Jorge Manrubia 9f20e8bfbb Merge pull request #1973 from basecamp/lightbox-transitionend-handler
Fix lightbox transitionend listener leak
2025-12-07 11:44:03 +01:00
Jorge Manrubia d19c02d19d Merge pull request #1998 from felixefelip/test-notifications_settings_controller
Test Notifications::SettingsController
2025-12-07 11:43:13 +01:00
Jorge Manrubia f2c676e69d Merge pull request #1983 from AmiasYaska/fix-activity-typo
Fix typo in back link: Actvity -> Activity
2025-12-07 11:42:20 +01:00
Jorge Manrubia d90548873d Merge pull request #1999 from basecamp/refactor-column-title-route
Make column have a proper ID instead of inferring it from the title
2025-12-07 11:39:35 +01:00
Jorge Manrubia 31a41e66c2 Make column have a proper ID instead of inferring it from the title 2025-12-07 11:34:54 +01:00
Felipe Felix 4c9d8edbc6 Test Notifications::SettingsController 2025-12-07 04:25:11 -03:00
Mike Dalessio a6cb569945 Merge pull request #1996 from basecamp/flavorjones/email-validation-in-signup-signin
Validate email before creating identity during sign-up and sign-in
2025-12-06 16:56:38 -05:00
Mike Dalessio 0160f215f2 Validate email before creating identity during sign-up and sign-in
Avoid Sentry exceptions when attackers try to stuff invalid emails. The
browser performs form field validation that should normally prevent this
from occurring, so we just return 422 without validation error messages.

Also:

- extract redirect_to_session_magic_link helper
- some controller refactoring and cleanup
2025-12-06 16:52:16 -05:00
Mike Dalessio 95ba2c01b8 Add email validation to Signup 2025-12-06 16:50:39 -05:00
Mike Dalessio 3ff45d77bb Ensure test coverage for invalid Signup#complete 2025-12-06 16:46:51 -05:00
Mike Dalessio b2250b6d35 Ensure test coverage for all branches of JoinCodesController#create 2025-12-06 16:40:51 -05:00
Mike Dalessio d747d1bfa3 Ensure we have good test coverage on Signup.create_identity
because we're relying on it returning a MagicLink
2025-12-06 16:40:17 -05:00