Commit Graph

8272 Commits

Author SHA1 Message Date
Italo Matos cd4fbc011c Refactor: Replace reverse_merge with with_defaults for improved readability
Replace all occurrences of reverse_merge with with_defaults across the codebase.
The with_defaults method provides clearer intent and better readability when
setting default values for hash parameters.

Changes:
- app/helpers/columns_helper.rb: Update column_frame_tag method
- app/models/user/email_address_changeable.rb: Update generate_email_address_change_token method
- app/models/account.rb: Update create_with_owner method
- app/controllers/concerns/filter_scoped.rb: Update filter_params method

This refactoring maintains the same functionality while improving code clarity.
2025-12-14 14:22:06 -03:00
Jorge Manrubia 31542373ee Merge pull request #2112 from JangoCG/feature/rate-limit-join-codes
feat: protect join codes from brute-force attacks
2025-12-14 09:43:28 +01:00
Jorge Manrubia 01a5d194ba Merge pull request #2135 from italomatos/refactor/improve-time-window-parser-readability
Refactor: Simplify TimeWindowParser using Rails convenience methods
2025-12-14 09:42:07 +01:00
Jorge Manrubia 95c82a234b Merge pull request #2114 from robzolkos/remove-unused-install-svg
Remove unused install.svg and its CSS class
2025-12-14 09:40:18 +01:00
Jorge Manrubia 57008e0026 Merge pull request #2111 from robzolkos/remove-unpaired-view-transition-name
Remove unpaired view-transition-name
2025-12-14 09:39:08 +01:00
Jorge Manrubia cac9088ad3 Merge pull request #2105 from seuros/main
feat: expose closed boolean in card JSON API
2025-12-14 09:36:32 +01:00
Jorge Manrubia 4085c63d4f Merge pull request #2077 from hiendinhngoc/docs/add-missing-kamal-init-step
Add missing `kamal init` step to docs/kamal-deployment.md setup instructions
2025-12-14 09:30:47 +01:00
Jorge Manrubia e3987d2d08 Merge pull request #2063 from basecamp/lexxy-prompt-padding
Fix Lexxy prompt list padding by lowering rich-text specificity
2025-12-14 09:29:44 +01:00
Jorge Manrubia d7e5d4218f Merge pull request #2032 from tomycostantino/update-columns-on-actions
Fix: board columns actions are stale when moving a column moves
2025-12-14 09:28:57 +01:00
hiendinhngoc 90a48e3119 Fix unexpected remove empty line from README 2025-12-14 14:24:53 +07:00
hiendinhngoc 8a0180da40 Fix conflict and move the update from README to docs/kamal-deployment.md 2025-12-14 14:22:34 +07:00
Italo Matos 5ade7e1a52 Refactor: Simplify TimeWindowParser using Rails convenience methods
- Replace `beginning_of_day..end_of_day` with `all_day`
- Replace `beginning_of_week..end_of_week` with `all_week`
- Replace `beginning_of_month..end_of_month` with `all_month`
- Replace `beginning_of_year..end_of_year` with `all_year`

These changes improve code readability by using idiomatic Rails
methods that accomplish the same thing in a more concise and
expressive way.
2025-12-13 16:31:48 -03:00
nu-wa 472dbeee8c SMTP: support SMTPS on port 465 (#2132)
* Add more configuration options for the SMTP connection

* Add SMTP_TLS option for implicit TLS connections

For SMTPS servers (typically port 465), set SMTP_TLS=true.
Port auto-defaults to 465 when TLS is enabled, 587 otherwise.
STARTTLS is used by default and automatically disabled when TLS is on.

Fixes boolean conversion bug in original PR (string "false" is truthy)
and removes insecure default for certificate verification.

---------

Co-authored-by: Jeremy Daer <jeremy@37signals.com>
2025-12-13 10:57:08 -08:00
Jeremy Daer 3d3593c8f6 Bump fizzy-saas to retain fewer docker images (#2134)
References https://github.com/basecamp/fizzy-saas/pull/32
2025-12-13 10:39:01 -08:00
Ítalo Matos 2066109003 Add test coverage for with_golden_first scope (#2130)
* Add test coverage for with_golden_first scope

Test verifies that the with_golden_first scope correctly orders
golden cards before non-golden cards in query results.

* Refactor golden test: use instance variables, add subordering coverage

Extract @golden and @non_golden fixtures into setup for reuse across
all tests. Simplify with_golden_first test to verify both primary
ordering (golden before non-golden) and subordering preservation.

---------

Co-authored-by: Jeremy Daer <jeremy@37signals.com>
2025-12-13 10:34:35 -08:00
Mike Dalessio 3584df6816 Merge pull request #2133 from basecamp/flavorjones/handle-image-uploads-better
Improve avatar image handling
2025-12-13 13:25:54 -05:00
Ítalo Matos fbc586646f Refactor: improve query scope composition with merge syntax (#2131)
* Refactor: improve query scope composition with merge syntax

Replace manual WHERE clause concatenation with Rails' merge method
for more elegant and maintainable scope composition across Card,
Comment, and Filter models. This approach better follows Rails
conventions and improves code readability.

* Extend scope composition improvements to Card::Closeable

Apply the same nested hash syntax pattern to closures table references
in order and where clauses.

* Remove unnecessary outer braces from where clause

---------

Co-authored-by: Jeremy Daer <jeremy@37signals.com>
2025-12-13 10:10:13 -08:00
Mike Dalessio 139bf3cf81 Validate avatar sizes 2025-12-13 13:05:30 -05:00
Mike Dalessio db4c8c1138 Introduce Vips configuration 2025-12-13 12:41:37 -05:00
Jeremy Daer 82626f020d Tailscale serve support (#2126)
Ensure we can serve the app from multiple hosts without breaking links.
* Switch unnecessary full URLs to paths
* Drop default host/port URL options for controllers

Shell 1
```bash
bin/dev
```

Shell 2
```bash
tailscale serve http://fizzy.localhost:3006
```
2025-12-13 09:29:50 -08:00
Jeremy Daer 43ab17df2f Update tests with final method naming: record! -> record 2025-12-12 21:47:10 -08:00
Mike Dalessio 202a2f599e Merge pull request #2123 from basecamp/flavorjones/development-minio-csp
CSP config to allow Minio in development
2025-12-12 17:15:36 -05:00
Mike Dalessio 7d6cf62665 CSP config to allow Minio in development 2025-12-12 17:00:17 -05:00
Mike Dalessio 08525282de Merge pull request #2122 from basecamp/flavorjones/limit-staging-beta-to-internal
Drop the `staff?` requirement in beta and staging
2025-12-12 15:36:18 -05:00
Mike Dalessio 43fd8ab691 Update fizzy-saas to get employee restriction in staging 2025-12-12 15:31:22 -05:00
Mike Dalessio 9cff236f66 Drop staff restriction in beta and staging
because it was preventing testing of signups.
2025-12-12 15:12:46 -05:00
David Heinemeier Hansson c9e9e7be55 Unused 2025-12-12 20:40:47 +01:00
Mike Dalessio 029227af0a Merge pull request #2113 from basecamp/flavorjones/queenbee-staging-update
saas: Bump queenbee gem for new staging location
2025-12-12 13:10:20 -05:00
Mike Dalessio 6a244b17e6 Use new FIZZY_GH_TOKEN with limited access
because this is a public repo and so doesn't have access to the
private org secret GH_TOKEN anymore.
2025-12-12 13:04:26 -05:00
Jason Zimdars 0bc3ccb528 Merge pull request #2109 from basecamp/theme-tweak
Apply theme preference before body renders
2025-12-12 11:48:47 -06:00
Rosa Gutierrez 7f5fa6d715 Use Sec-Fetch-Site exclusively for CSRF protection
And close the gap with JSON requests, which shouldn't be allowed if
Sec-Fetch-Site is 'cross-site' or 'none', only if it's empty as this
wouldn't be coming from a browser.
2025-12-12 18:37:32 +01:00
Kevin McConnell c636e1a0bd Merge pull request #2116 from basecamp/docker-docs
Document Docker image deployment
2025-12-12 17:30:11 +00:00
Kevin McConnell 4218f2e161 Document Docker image deployment
Also split the README a bit, to move the details under /docs.
2025-12-12 17:26:50 +00:00
Andy Smith 0181b1df84 Merge pull request #2115 from basecamp/maybe-mini-bubble-position
Better mini-bubble position for the Maybe column
2025-12-12 11:17:44 -06:00
Rob Zolkos 412bf09e30 Remove unused install.svg and its CSS class
The install.svg file and .icon--install CSS class (which was duplicated)
appear to have never been used. Added in c3b946c96.
2025-12-12 12:08:10 -05:00
Andy Smith 9649880b62 Ensure images and videos are centered 2025-12-12 11:03:31 -06:00
Andy Smith e97e3b126e Merge branch 'main' into lexxy-prompt-padding 2025-12-12 11:00:08 -06:00
Mike Dalessio 430caed61e saas: Bump queenbee gem for new staging location 2025-12-12 11:52:30 -05:00
Cengiz Guertusgil 09a2e7d7d7 feat: add rate limit to join codes controller 2025-12-12 17:21:57 +01:00
Rob Zolkos a12dfea3c8 Remove unpaired view-transition-name from public card show 2025-12-12 10:50:51 -05:00
Kevin McConnell 87ad234f32 Apply theme preference before body
To avoid any visual flashes of the old theme before the Stimulus
controllers load, we can apply the saved theme from `<head>` whenever
there is a full page load.

This applies to both the regular and public views, as we're doing it in
the shared head partial.
2025-12-12 14:17:58 +00:00
Kevin McConnell 0c2d3cccb1 Merge pull request #2084 from basecamp/disable-ssl-env
Add `DSIABLE_SSL` env option
2025-12-12 09:40:21 +00:00
Kevin McConnell e13565ee70 Merge pull request #2104 from basecamp/remove-unused-include
Remove redundant include
2025-12-12 09:14:15 +00:00
Abdelkader Boudih b5caa8716d feat: expose closed boolean in card JSON API
Adds `closed` field to card JSON response, allowing API consumers
to detect closed status without parsing the status enum or making
additional API calls.
2025-12-12 10:12:21 +01:00
Stanko Krtalić 7b989484f5 Merge pull request #2103 from basecamp/fix-race-condition-on-join-code-redemption
Wrap join code redemption in a lock
2025-12-12 10:03:53 +01:00
Stanko K.R. c8a5d01771 Wrap join code redemption in a lock 2025-12-12 09:59:42 +01:00
Kevin McConnell 8d32a322e9 Remove redundant include
This is no longer needed since af0e2488 removed the streaming of
avatar images.
2025-12-12 08:58:52 +00:00
Stanko Krtalić c43c184691 Merge pull request #2093 from robzolkos/add-qr-codes-controller-test
Add QrCodesController test
2025-12-12 08:11:51 +01:00
Stanko Krtalić 0e70ab18e8 Merge pull request #2102 from basecamp/replace-custom-code-generator-with-base32
Replace custom code generator with Base32
2025-12-12 07:57:10 +01:00
Stanko K.R. a4d11e169f Replace custom code generator with Base32 2025-12-12 07:45:23 +01:00