Commit Graph

1010 Commits

Author SHA1 Message Date
Rosa Gutierrez d88949288c Check and report on Sec-Fetch-Site header for forgery protection
This is a great, solid alternative to CSRF tokens for CSRF protection
when we aren't worried about older browsers or other kind of actors
doing modifying requests in our app, and could be a good test for future
upstreaming to Rails (although there we'd need to continue using CSRF
tokens or at least letting people opt out manually).

Let's start checking the header and reporting on it when CSRF fails or
when it doesn't match the other checks Rails does, and then promote this
to be the only way to defend from CSRF.
2025-11-25 19:19:50 +01:00
Stanko K.R. f64a49dcc0 Determine staff members based on flag
This replaces the old system based on email addresses, the aim is to make it more generic and thus appropriate for OSS/self-hosting

See: https://3.basecamp.com/2914079/buckets/37331921/todos/9302705265#__recording_9320051455
2025-11-25 14:09:31 +01:00
Mike Dalessio 9f117159a6 Restore structured logging of queenbee_id
and clean up some other small remaining "plan b" to-dos.
2025-11-24 15:50:45 -05:00
Mike Dalessio e0aa1d257e Drop User.system and replace with Account#system_user 2025-11-24 13:23:57 -05:00
Jason Zimdars a9da44b575 Merge pull request #1663 from basecamp/not-now-polish
Not now polish
2025-11-24 10:33:25 -06:00
Kevin McConnell bd259f7795 Add optimistic pausing to avoid stale reads
Instead of writer pinning, we'll track the last transaction ID of each
write in the session. Then on each read we'll wait for the replica to
report that this transaction is available.

If it doesn't become available within a reasonable timeout, we'll
proceed anyway, and accept the possibility of a stale read.

The hope here is that most of the time, the replica is caught up in the
time between a write request and the following read request. If it's
not, we now have a little tolerance to wait for it, which hopefully
proves enough to stale reads are not encountered in normal use.

We also disable the writer affinity opt-out mechanism that we had
before, since we will no longer be using writer affinity at the load
balancer.
2025-11-24 13:29:52 +00:00
Stanko K.R. 46d80f2ca2 Serve system user avatar as an asset 2025-11-24 13:16:14 +01:00
Stanko K.R. e85c5736c9 Render system user avatars using redirects 2025-11-24 12:05:32 +01:00
Jason Zimdars 56aa3f2a5b Update test 2025-11-24 12:04:33 +01:00
Mike Dalessio 26ccbf6968 Merge pull request #1695 from basecamp/flavorjones/better-card-edit-form-behavior
Update card buttons dynamically
2025-11-23 23:36:10 -05:00
Mike Dalessio db51b616bb Handle notifs created before the current bundle starts_at 2025-11-22 22:38:23 -05:00
Mike Dalessio a29dd89683 Make sure Bundle#ends_at is set before validation
otherwise we risk creating overlapping bundles and not catching it.
2025-11-22 22:19:05 -05:00
Mike Dalessio b05ecb7809 Update card buttons dynamically
User flows when editing a card look like:
- Click "Edit" → the closure buttons are replaced by "Save changes"
- Submit card form → Saves and restores closure buttons
- Press ESC while editing → Cancels and restores closure buttons

Also, renamed for clarity:
- _title.html.erb → _content.html.erb

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-22 12:14:39 -05:00
Mike Dalessio 4dc28943da Don't let cloudflare cache avatars
The issue here is that anyone else who views my avatar will cause it
to be cached, and then I can't easily bust the cache if I change my
avatar.
2025-11-22 09:48:28 -05:00
Jason Zimdars 0482d3b5ba Update test 2025-11-21 17:08:04 -06:00
Mike Dalessio ec8974640f User avatar responses have cache-control "public"
ref: https://app.fizzy.do/5986089/cards/3125
2025-11-21 16:08:52 -06:00
Mike Dalessio af0e2488d0 Improve avatar image handling
- redirect avatar image requests to the rails_blob_url, instead of
  streaming them through the web app
- use a thumbnail variant for avatar images
- only put avatar initials behind the stale? check (not the image
  redirect, which would result in browsers rendering broken images when
  an avatar is changed, until max-age expires)
2025-11-21 16:08:52 -06:00
Stanko K.R. fe909d6dc5 Disable stale while revalidate for own avatar
Locally, having stale_while_revalidate works great, but in production when we are behind CloudFlare, this results in an old image being shown after you upload a new one

See: https://app.fizzy.do/5986089/cards/2978
2025-11-21 19:26:38 +01:00
Mike Dalessio 7a057b81af Merge pull request #1682 from basecamp/flavorjones/active-storage-cleanup
Drop the "max previewable file size" limit
2025-11-21 10:56:54 -05:00
Mike Dalessio b2e3c7b1c7 Drop the "max previewable file size" limit
which was originally introduced to work around timing issues causing
us to try (and fail) to generate previews on sqlite read replicas.
2025-11-21 10:55:20 -05:00
Jorge Manrubia 93ee8899a0 More robust implementation to prevent method injection attacks 2025-11-21 10:38:16 +01:00
Jason Zimdars dca002bd64 Update test 2025-11-20 21:51:07 -06:00
Mike Dalessio 1bbb6d0c03 Fix race condition in Card::ActivitySpike::DetectionJob
The check-then-act pattern in `register_activity_spike` has been
replaced with `find_or_create_by!` to eliminate the race condition
that could lead to creating multiple activity spikes for a card. To
support this change, the `card_id` index on `cards_activity_spikes`
has been made unique.

ref: https://app.fizzy.do/5986089/cards/3063
2025-11-20 15:40:42 -05:00
Mike Dalessio 88750a3498 Prefer Time.current to Time.now 2025-11-20 09:13:17 -05:00
Stanko K.R. 8a1cbdd0ae Fix links in previews 2025-11-20 10:49:29 +01:00
Stanko K.R. cc41a42221 Fix missing avatars in notification bundle emails 2025-11-20 10:33:42 +01:00
Mike Dalessio 19d8e41b38 Merge pull request #1646 from basecamp/flavorjones/improve-search-results
Improve search results
2025-11-19 18:09:18 -05:00
Mike Dalessio 99fe5ff934 Make sure that comments show up in search properly
when the search term appears in both the comment and the card description
2025-11-19 18:02:36 -05:00
Mike Dalessio 378705a30d Deduplicate filter results
when both a card and that card's comments match the search term, we
don't want to show it multiple times.

ref: https://app.fizzy.do/5986089/cards/3030
2025-11-19 17:51:38 -05:00
Jason Zimdars f35623b75f Capitalize 2025-11-19 16:47:02 -06:00
Jason Zimdars 67da7cba75 Update test 2025-11-19 16:46:09 -06:00
Mike Dalessio a5f5b592c2 test: remove redundant session setup 2025-11-19 17:43:40 -05:00
Mike Dalessio c53b56c1db Display a helpful error message when join code is exhausted
ref: https://app.fizzy.do/5986089/cards/3015
2025-11-19 15:53:25 -05:00
Mike Dalessio dbbee2c661 Stalled cards are unstalled by anything that touches updated_at
ref: https://app.fizzy.do/5986089/cards/2492
2025-11-18 17:46:56 -05:00
Jorge Manrubia b55bd70a8a Make system test stable
We need to wait for the request to materialize before checking the DB
2025-11-18 10:20:02 +01:00
Jason Zimdars cc9363987f Update test 2025-11-17 17:44:34 -06:00
Mike Dalessio 97a6916ae1 Update a card's created_at when it is published
ref: https://app.fizzy.do/5986089/cards/2854
2025-11-17 17:39:25 -05:00
Stanko K.R. 0f7b1312eb Fix tests broken by optimizations 2025-11-17 17:45:24 +01:00
Mike Dalessio e599c462b2 Fix test from 0d55c966 to use Current.account 2025-11-17 09:14:23 -05:00
Mike Dalessio 0a76d10184 Add test for dragging cards
See fix in ec25d73c
2025-11-17 09:12:41 -05:00
Stanko K.R. 3b56b3f970 Fix failing test due to duplicate user 2025-11-17 09:12:41 -05:00
Mike Dalessio 73812817e9 Improve card entropic test 2025-11-17 09:12:41 -05:00
Mike Dalessio 4976e4a7bb Update Card::Entropic so its scopes work cross-accounts
with an eye towards making the postpone_all_due recurring job work efficiently.
2025-11-17 09:12:41 -05:00
Mike Dalessio e3d86bb21e Clean up some spots where "current account" is ambiguous
Primarily this is in tests (which were caught by temporarily
introducing acts_as_tenant and enabling safety checks), but notably
action cable connections were not working properly, and that's now
fixed.
2025-11-17 09:12:41 -05:00
Mike Dalessio 954d094d18 Fix the stacked notifications to respect time-sortable uuid 2025-11-17 09:12:41 -05:00
Stanko K.R. 01367c097f Fix skipped tests 2025-11-17 09:12:41 -05:00
Stanko K.R. a0251255a7 Rename IdenityMailer to UserMailer 2025-11-17 09:12:41 -05:00
Stanko K.R. e0693de7c3 Scope jobs and controllers by account 2025-11-17 09:12:41 -05:00
Kevin McConnell b4f3ee5d86 Include broadcast test helpers
We were relying on these without explicitly including them, leading to
flaky tests.
2025-11-17 09:12:41 -05:00
Donal McBreen 11acbda36d Fix search tests to work without memberships 2025-11-17 09:12:41 -05:00