Commit Graph

34 Commits

Author SHA1 Message Date
Jeremy Daer ea8a78cc22 Fix stale-read race when creating push subscriptions
(Caught one such uniqueness exception in the wild)

* 200 OK -> 204 No Content, default status
* No need to touch the subscription when found
* Drop superflous test
2025-12-09 01:34:37 -08:00
Mike Dalessio 4602cd3cdd Add verified_at timestamp to use for spam prevention
User are marked as verified after a join code is redeemed. The user is
redirected to Users::VerificationsController, either:

- after submitting a valid magic link code,
- or immediately after redeeming the join code (if they're already
  authenticated with the correct identity)

Account owners are automatically verified when the account is
created (because they have already provided a magic link code at that
point).

This sets up for later commits that will backfill existing users and
require verification before sending notification emails.

Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-05 21:51:44 -05:00
Kevin McConnell 6475ad3425 Don't try to resize non-variable avatars 2025-12-04 13:36:21 +00:00
Stanko K.R. 84213265e7 Render friendly error message when using an invalid token 2025-12-03 15:37:27 +01:00
Stanko K.R. 46d80f2ca2 Serve system user avatar as an asset 2025-11-24 13:16:14 +01:00
Stanko K.R. e85c5736c9 Render system user avatars using redirects 2025-11-24 12:05:32 +01:00
Mike Dalessio 4dc28943da Don't let cloudflare cache avatars
The issue here is that anyone else who views my avatar will cause it
to be cached, and then I can't easily bust the cache if I change my
avatar.
2025-11-22 09:48:28 -05:00
Mike Dalessio 64bac96545 User avatar responses have cache-control "public"
ref: https://app.fizzy.do/5986089/cards/3125
2025-11-21 16:11:39 -05:00
Mike Dalessio bcb43305b6 Improve avatar image handling
- redirect avatar image requests to the rails_blob_url, instead of
  streaming them through the web app
- use a thumbnail variant for avatar images
- only put avatar initials behind the stale? check (not the image
  redirect, which would result in browsers rendering broken images when
  an avatar is changed, until max-age expires)
2025-11-21 15:16:46 -05:00
Stanko K.R. fe909d6dc5 Disable stale while revalidate for own avatar
Locally, having stale_while_revalidate works great, but in production when we are behind CloudFlare, this results in an old image being shown after you upload a new one

See: https://app.fizzy.do/5986089/cards/2978
2025-11-21 19:26:38 +01:00
Stanko K.R. e0693de7c3 Scope jobs and controllers by account 2025-11-17 09:12:41 -05:00
Stanko K.R. 56c41d45eb Reinstate email changes 2025-11-17 09:12:40 -05:00
Stanko K.R. 34d83aaa7c Fix tests after the removal of memberships 2025-11-17 09:12:40 -05:00
Stanko K.R. edf837fed3 Drop memberships 2025-11-17 09:12:39 -05:00
Stanko K.R. 6858b96619 Simplify join codes 2025-11-17 09:12:17 -05:00
Mike Dalessio dbf66f9a50 Constrain user queries to the current or relevant account 2025-11-17 09:11:57 -05:00
Jason Zimdars 7a58c23e55 Copy edits for unified flow 2025-11-07 07:06:28 +01:00
Jorge Manrubia 2bb90eab13 Use the sole collection as the root for a better onboarding experience for new accounts 2025-11-04 17:09:35 +01:00
David Heinemeier Hansson f9ff13cdc4 Add http caching for user events 2025-11-03 14:25:32 +01:00
David Heinemeier Hansson b05e7c04e1 Ensure you can only delete your own avatar or else you have to be admin 2025-11-03 14:21:48 +01:00
David Heinemeier Hansson 4c2f3ef0b8 Style 2025-11-03 14:21:25 +01:00
David Heinemeier Hansson 3ec9308345 Always bang for exceptions 2025-11-03 14:21:06 +01:00
Jorge Manrubia ebe1617f42 Format 2025-11-03 09:29:43 +01:00
David Heinemeier Hansson 43069b1ea4 Extract Users::JoinsController from overloaded UsersController
Good code smell is when the before_action callbacks stack up but can't
be shared across actions
2025-11-02 17:49:25 +01:00
David Heinemeier Hansson bced7405df Extract events loading from overloaded UsersController 2025-11-02 17:31:28 +01:00
Jason Zimdars 8f47db3ced Add service worker and subscriptions controllers 2025-07-15 15:22:32 -05:00
Jorge Manrubia 5e3b5b6d7c Make avatars public so that they work in public collections 2025-06-09 15:03:21 +02:00
David Heinemeier Hansson a106b1b6a7 Join the two users controllers but split out role setting 2025-04-12 20:30:47 +02:00
David Heinemeier Hansson 6bbf68a4f9 The tenanted db is the account scope 2025-04-12 20:06:34 +02:00
Jorge Manrubia 40df93eed7 Max max age for your own avatar
So that you don't get confused when you don't see it update
after changing it.
2025-04-07 06:59:36 +02:00
Kevin McConnell f50a880d6b Avoid double render in Avatars#show
After sending the conditional 304 response, we were still attempting to
render the response, which is unnecessary.
2025-03-12 09:05:50 +00:00
Jason Zimdars 66640bbac0 Remove avatars 2024-12-18 16:24:39 -06:00
Jeffrey Hardy 6953701df4 Scope user finding by Current.account 2024-10-04 12:51:04 -04:00
Jason Zimdars 9e28359587 Add proper avatars for users 2024-10-04 10:54:11 -05:00