Commit Graph

34 Commits

Author SHA1 Message Date
Mike Dalessio 0160f215f2 Validate email before creating identity during sign-up and sign-in
Avoid Sentry exceptions when attackers try to stuff invalid emails. The
browser performs form field validation that should normally prevent this
from occurring, so we just return 422 without validation error messages.

Also:

- extract redirect_to_session_magic_link helper
- some controller refactoring and cleanup
2025-12-06 16:52:16 -05:00
Stanko K.R. a8f328c921 Sign up new users on sign in 2025-12-04 11:30:21 +01:00
Jorge Manrubia c9ebb79dbd Add some protections around sharing the magic link in development 2025-12-02 10:51:14 +01:00
Stanko K.R. 658b5a07cf Organize everything under Signups 2025-11-29 11:46:09 +01:00
Stanko K.R. 5747445977 Create signups controller 2025-11-29 10:15:48 +01:00
Jorge Manrubia d4ad62109c Rename/extract methods 2025-11-28 15:53:58 +01:00
Jorge Manrubia 4e09352c09 Bring simple signup flow from the fizzy-saas gem
We skip the QB code and we fill external account ids automatically on creation with a sequence

See:
https://github.com/basecamp/fizzy-saas/pull/7
2025-11-28 15:53:58 +01:00
Mike Dalessio 47c05e6d6a Restore basic auth on signup
broken in 6e304958
2025-11-19 14:12:59 -05:00
David Heinemeier Hansson 6e304958be No need to protect local dev/test 2025-11-18 14:32:54 +01:00
Stanko K.R. 8fa9566c07 Update sign up 2025-11-17 09:12:40 -05:00
Mike Dalessio 89d1299ec0 Fix authentication on "untenanted" controllers
trying out the name "disallow_account_scope" for this, but I don't
think it's quite right yet.
2025-11-17 09:11:47 -05:00
Mike Dalessio 086a9ceada Revert some auth pieces of "Account.sole → Current.account" 2025-11-17 09:11:45 -05:00
Mike Dalessio d41d50d52b Account.sole → Current.account
and some other de-tenant changes, including removing the controller
tenanting concerns
2025-11-17 09:11:40 -05:00
David Heinemeier Hansson 1bab9e95aa Don't want to use real credentials in dev either 2025-11-08 16:29:29 +01:00
Stanko K.R. bbe74966a1 Extract saas helpers into a concern 2025-11-07 07:08:24 +01:00
Stanko K.R. 3f4d500103 Unify sign in and sign up 2025-11-07 07:06:25 +01:00
Mike Dalessio d6db4c930b Print the magic link code in the console in development 2025-11-06 14:51:25 -05:00
David Heinemeier Hansson 877e62dec5 No CR when there are only two statements 2025-11-02 16:30:49 +01:00
Stanko Krtalić 98755844a1 Remove the internal API
* Bind sessions to identities
* Remove references to the identity token
* Move email changes to identity
* Move account menu into a turbo-frame
* Create tenants from a tenanted route
2025-10-31 16:26:08 +01:00
Jason Zimdars 5652e5699f Update design, logo, and copy 2025-10-31 16:26:08 +01:00
Stanko K.R. 201c3e27d3 Update tests for the Internal API 2025-10-31 16:26:08 +01:00
Stanko K.R. c8843360fe Clean up and simplify magic links 2025-10-31 16:23:38 +01:00
Stanko K.R. 5cef4ffeb0 Add sign in flow using magic links 2025-10-31 16:22:12 +01:00
Mike Dalessio 2630e4bd74 Extract 37id and QB controllers, models, and tests 2025-09-13 16:03:02 -04:00
Mike Dalessio e84cd529d5 The "sign out" button now clears the Launchpad login.
ref: https://fizzy.37signals.com/5986089/collections/2/cards/1382
2025-08-15 12:25:10 -04:00
Mike Dalessio 57269b1b9c Allow local authentication with LOCAL_AUTHENTICATION=1
You can touch `tmp/local-auth.txt` to persist this setting.
2025-08-06 17:05:35 -04:00
Mike Dalessio fa1c5f7279 Remove session controller actions other than delete
and do some general cleanup around sessions controllers and the
sign_in_as test helper
2025-07-02 15:03:28 -04:00
Kevin McConnell c84926692e Never show login page to a logged in user 2025-01-13 14:20:42 +00:00
David Heinemeier Hansson b53a2b8880 Fix url reference 2024-10-19 19:07:48 -07:00
David Heinemeier Hansson b7efd04a43 Use _path consistently in the controllers when not changing host 2024-10-19 19:00:04 -07:00
Jeffrey Hardy 7863bb5862 Prompt for first-run setup when no accounts exist 2024-09-30 13:17:31 -04:00
Jeffrey Hardy 1d2de248ee Only active users can authenticate 2024-09-24 15:51:38 -04:00
Jeffrey Hardy e3983d5bbe Use Rails' new sessions generator to replace the existing setup
Ref: https://github.com/rails/rails/pull/52328
2024-08-20 14:17:05 -04:00
Kevin McConnell c4fb1bdc76 Add minimal authentication flow to get started 2024-06-21 16:45:29 +01:00