* Implement automatic re-login on SSO session expiration
* Adjust allowed range of `sso_session_timeout_minutes` in team policy
* Test autosubmit rendering
* Test `UserSessions.get_by_token/1`
* Test expired session case for `AuthPlug`
* Test `UserAuth.get_user_session` case for expired session
* Test `HandleExpiredSession` plug
* Implement plug for checking SSO team access
* Add the new plug to the `browser` pipeline and adjust routes
* Don't log in on failed provisioning and display issue notice instead
* Require user to be provisioned as SSO before toggling "Force SSO"
* Label SSO members explicitly in team management LV
* Make slight layout and copy adjustments in provision issue view
* Improve copy (h/t @aerosol)
* First pass: store login preference
* Only set login preference if SSO is used
* Change mock DNS to use port 5354 and `domain_id` for parameter
* Make login forms use flash message for error passing
---------
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* Setup MFA properly in SSO tests
* Move `new_identity` test helper to common helpers
* Make standard login only allow Owner SSO users
* Implement `Plausible.Users.type/1` for determining user type
* Implement plug restricting action based on user type
* Restrict or adjust access to settings actions to SSO users
* Make a very small refactor to `Auth.SSO` helper
* Prevent SSO users from acceptig team invitations
* Prevent SSO users from adding websites under "My Presonal Sites"
* Prevent implicit team creation by SSO users
* Add workaround for compiler warning under CE
* Remove SSO user on removing membership
* Prevent changing role to owner when 2FA not enabled
* Prevent provisioning from standard user with active personal team
* Fix `Auth.lookup/1` to not break for standard users on multiple teams
* Use `Plausible.always/1` (h/t @aerosol)
* Revert "Use `Plausible.always/1` (h/t @aerosol)"
This reverts commit 0ee7dd84d3.
* Rename `RestrictType` -> `RestrictUserType`
* Make the configuration intent more explicit in `RestrictUserType` plug
* Rename plug file
* Add SSO user as a team member on provisioning
* Implement fake SSO actions and basic login form
* Handle team member limit error and adjust login redirect in `UserAuth`
* Always switch to related SSO team on SSO user login
* Ensure `timeout_at` is set when creating new standard user session
* Add env var flag for gating SSO
* Hide SSO login link when SSO disabled
* Hide SSO routes when SSO disabled
* Implement nonce-based allowance for js in SSO content security policy
* Test controller actions
* Add more tests for UserAuth
* Add sync tests for `GateSSO` plug and env var flag in disabled state
* Add test for SSO owner logging in via standard login
* Add `SSO.Identity` struct
* Ensure timestamps are set to second resolution to avoid issues
* Implement `SSO.provision_user/1`
* Implement `UserAuth.log_in_user/3` clause accepting identity
* Fix type declaration in `UserAuth`
* Rename "My Team" to "My Personal Sites"
* Rename "Create" to "Setup" in context of teams
* Set default Team Name to "Username's Team"
* wip
* end
* Expose team identifier
* fixup
* team id
* wip
* Rename `Teams.name()` -> `Teams.default_name()` for clarity
* Update test name
* Always reset team name when navigating to Team CTA
* Always use default team name for non-setup team
* Add tests for team name function
* Put sites list heading change behind FF
* Don't rely on FF for implicit team existence check
* Remove unnecessary team pick by parameter in site creation action
* Put first 3 teams in auth assigns context
* Fix setting current team from session
* Make `dropdown_item` component accept method for link
* Implement embedded team switcher in nav bar
* Store only personal team under my_team
* WIP
* Minor team switcher visual tweak
* Fix personal team selection
* Show only guest sites when no team picked
* Show CTA only in reference to `@my_team`
* Fix dedicated team switcher view
* Move picker indicator to the right in dedicated team select
* Alter site listing logic and fix tests
* Add viewer invitation to seeds
* Fix embedded team switch display condition
* Switch current team after setup
* Explicitly clean current team session value when no longer valid
* Remove redundant team switching logic
* Add quick link to team settings
* Don't show quick link when there's no current team
* Fix dedicated team switcher for no current team case
* Add test for my team fallback case
* Don't allow opening team settings for personal team
* Fix formatting
* Add site listing tests
* Fix team switching to avoid clash with existing conn params
* Fix formatting
* Remove unneeded `method` from `dropdown_item` component
* Decalre attributes for `team_switcher` component
* Render Invoices/Subscription sections based on team state
* Fix formatting
---------
Co-authored-by: Adam Rutkowski <hq@mtod.org>
* Add tests for `Teams.get_or_create/1` and `Teams.get_by_owner/1`
* Start populating `current_team` in assigns fetching value from session
* Clean up team passing in invitation services
* Make site transfer service handle multi-team scenario
* Handle multi-team and permission transfer errors on controller level
* Handle multi-teams in site creation on service and controller level
* Drop validation limiting full membership to a single team
* Make user deletion account for public team ownership
* Adjust feature availability checks for Stats API key
* Use current_team when determining limits on site transfer invitation
* Adjust trial upgrade email submission to account for multiple owners
* Remove unnecessary `Teams.load_for_site/1`
* Spike renaming `owner` and `ownership` relationships to plural versions
* Make HelpScout integration handle owner of multiple teams gracefully
* Add FIXME note
* Resolve paddle callback issue by always provisioning a new team when none passed
* Set `current_team` as `my_team` only when user is an owner
* Implement basics of Teams CRM
* Extend Teams CRM
* Further adjust User and Site CRM and refine Team CRM
* Convert Enterprise Plan CRM to refer to team directly and not via user
* Remove unused virtual fields from User schema
* Add note to HelpScout integration
* Allow listing multiple owners under Site Settings / People
* Remove unused User schema relations
* Fix current team fetch in auth plug and context
* Implement basic team switcher
* Ensure (site) editor role is properly handled in site actions auth
* Don't set `site_limit_exceeded` error marker on `permission_denied` error
* Link from HS integration to Team CRM instead of User CRM when available
* Ensure consistent ordering of preloaded owners
* Add `with_subscription` preload for optimisitation
* Add ability to search sites by team identifier
* Add ability to pick team when transferring ownership directly
* Fix failing HelpScout tests
* Scope by team when listing sites in dashboard and via API (optional)
* Add ability to search by team identifier in plans CRM lookup widget
* Add subscription plan, status and grace period to team status info
* Expose teams list in user CRM edit form and fix team details CRM view
* Fix Team Switcher styling
* Reorganise header nav menu
* Avoid additional queries when authenticating user
* Hide the pay/site transfer message on lock screen when teams FF is on
---------
Co-authored-by: Adam Rutkowski <hq@mtod.org>
* Implement `return_to` query param on login form
* Add `return_to` to 404 login link
* Implement `return_to` for 2fa flow as well
* Remove remaining references to `login_dest`
* Add query string to 404 return to param
* Make sure the query string is also added to `return_to` in 404
* Various improvements
* Undow unnecessary change
* Use assigns over query params
* Revert unneeded changes to error reporter
* Mix format
* Use nicer heex syntax for conditional templating
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* Do not use explicit assigns for `return_to`
* Only redirect if it's a path
* Add fallback for redirect_path argument
---------
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* Comment out legacy fields and relationships
* WIP
* WIP 2
* WIP 3
* wip
* Remove teams backfill and consistency check scripts
* WIP 3
* Fix CheckUsage tests
* Update billing/subscription tests
* WIP 4
* Make site transfer fail if some invitation already exists
* Fixup: do symmetric invitation/site transfer check
* Update UI bugs: make listing sites/inviting admins work like before
* Fix Sites test
* Fix external sites controller test
* Fix live sites tests
* Fix props availability lookup
* Fix site controller tests
* Fix billing controller tests
* WIP - accept invitation tests
* Another round of test fixes + invitations logic bugs
* users_test -> teams_test
* Update registration via invitation
Here, we still rely on "polymorphic" invitation structures,
hence the "unified by id" helper.
For now, it'll remain local unless we discover it's
needed in the broader `Teams.Invitations` context.
cc @zoldar
* Yet another round of test and bugfixes along the way
* Include team in site setup success e-mail
* Fix send_site_setup_emails worker
* Fixed almost all tests except CRM ones
* Update enterprise plan admin test
* Fix CRM + remaining tests
* Address credo warnings (modulo one FIXME)
* Remove last FIXME and rephrase the invitation test case description
* Set Team fields via User CRM transparently
* Map user reference in Enterprise Plan CRM via team owner
* Fix resource actions in user CRM
* Get rid of warning when opening create form in API keys CRM
* Stop emitting warnings when editing Enterprise Plans via CRM
* Tests: Bump await_clickhouse_count interval
* Remove XXX marker
* Fix register from invitation link in email sent for ownership transfer
* Simplify fetching all pending site ownership site IDs
* Remove commented out schema fields
* Remove unused functions
* Address flakiness in ingest counter tests
* Remove unused `Teams.Sites.create`
* Don't restart trial on team with subscription when creating site
* Account for cases of legacy teams with empty trial expiry date
* Revert "Address flakiness in ingest counter tests"
This reverts commit 60dc1e4115.
* Fix flaky ingest counters tests under load
* Attempt 2
* Pre-emptively hardcode site ids in sampling cache test
to avoid supplying the same IDs alongside with counters test,
that inserts through another repo (async).
what we're observing is, clickhouse not summing mergetree columns fast
enough, even though we wait quite a bit.
* Fix ingest counter tests by accounting for delayed summation
---------
Co-authored-by: Adam Rutkowski <hq@mtod.org>
* Pre-emptively introduce `site.team_owner` relation
* Drop null constraint on user_id from subscriptions and enterprise_plans
* Temporarily remove populating old schemas in Teams.Test
* Point to site.owner via new schema
* Switch more reads to teams schema WIP
* Fix AuhtorizeSiteAccess test
There's no need to translate `admin`<->`editor` here,
the redundancy is inlined wherever the plug is initialized.
* Fix regions test
* Fix main graph test
* Fix authorization test
* Try to rely on team for subscription/plans where applicable
* Test fixes
* Fix plans test
* Prep for CheckUsage changes
* Skip remaining CheckUsage tests for now
* Fix user deletion to account for team relations
* Fix HelpScout tests
* 💀 Modify ingestion to read team schemas
* Made all tests green except skipped ones
* Mute warnings about transferring site with no order
By making artificial site membership struct,
when reading data off team membership schema.
* Fix site removal test case
* Re-enable locked site tests, that don't have to rely on `SiteLocker`
* Format
* Revert "Mute warnings about transferring site with no order"
This reverts commit 0e45f8c9d9.
* Re-enable old models and fix remaining tests
* Use new factories in a long running minio test
* FIXME->TODO
* Fix remaining tests in legacy mode (no FF raised)
* oof
cc @zoldar
* Add missing definitions of editor role in FE code
* Remove no longer relevant comment about roles
* Fix JS formatting
* Always prioritize site transfers over memberships in sites list
* Fix misaligned "Reject" invitation button
* Fix site pinning when user is guest in multiple sites in team
* Fix subscription settings controller tests
---------
Co-authored-by: Adam Rutkowski <hq@mtod.org>
* Populate `current_team` to site's team and make site and subscription preloads consistent
* Accept only full `User` struct in `Users.get_for_user(!)`
* Make all uses of `Sites.get_for_user(!)` switch on team schema
* Remove redundant preloads for funnel/props settings
* Use adapter transitions in subscription settings
* Use team's schema subscription when listing invoices
* Fix typespec
* Turn owned site IDs into a specific query
* Add clauses for when FF is on but no team has been created
* Fix formatting
---------
Co-authored-by: Adam Rutkowski <hq@mtod.org>
* Extend schemas with new fields and relationships for teams
* Implement listing sites and sites with invitations with teams
* Implement creating invitations with teams
* Implement accepting invites with teams
* Add `Teams.SiteTransfer` schema
* Implement creating ownership transfers
* Implement accepting site transfer between teams
* Make results shapes from `Teams.Memberships` role functions more consistent
* Remove :team relation from ApiKey schema
* Pass and provision team on subscription creation
* Pass and provision team on enterprise plan creation
* Implement creating site for a team
* Keep team in sync during legacy ownership transfer and invitations
* Resolve conflict in `Teams.get_or_create` without transaction
* Abstract `GracePeriod` manipulation behind `Plausible.Users`
* Put `User.start_trial` behind `Plausible.Users` API
* Sync team fields on user update, if team exists
* Sync cleaning invitations, updating and removing members
* Transfer invitations too
* Implement backfill script
* Allow separate pg repo for backfill script
* Rollback purposefully at the end
* Update backfill script with parallel processing
* Use `IS DISTINCT FROM` when comparing nullable fields
* Handle no teams to backfill case gracefully when reporting
* Parallelize guest memberships backfill
* Remove transaction wrapping and query timeouts
* Make team sync check more granular and fix formatting
* Wrap single team backfill in a transatction for consistent restarts
* Make invitation and site transfer backfills preserve invitation ID
* Update migration repo config for easier dev access
* Backfill teams for users with subscriptions without sites
* Log timestamps
* Put teams sync behind a compile-time flag
* Keep timestamps in sync and fix subscriptions backfill
* Fix formatting
* Make credo happy
* Don't `use Plausible.Migration` to avoid dialyzer complaining
None of the tooling from there is used anywhere and `@repo` can
be defined directly in the migration script.
* Drop SSL workarounds in the backfill script
---------
Co-authored-by: Adam Rutkowski <hq@mtod.org>
* Enable exceptions when revoking all user sessions
* Add `User` changeset for changing password
* Make button in `2fa_input` component optional
* Implement password change from User Settings
* Add tests
* Fix 2FA modal cancel button formatting
* Update changelog
* Don't pass redundant params to `render_settings` and clean up code a bit
* Render one error per field in password reset form
* Refactor inline form 2FA validation
---------
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* Implement listing user sessions in user settings
* Make copy adjustments (h/t @metmarkosaric)
* Make warning button text color more consistent across user settings
* Add tests for `UserAuth.revoke_user_session/2`
* Test and improve `Auth.UserSessions`
* Test and improve controller actions
* Update CHANGELOG.md
* Remove support for legacy user sessions
* Implement revoking all sessions for a given user
* Revoke all user sessions on password reset
* Add tests for revoking all user sessions on password reset
* Reload page when dashboard API request fails with 404
* Revert "Reload page when dashboard API request fails with 404"
This reverts commit 77d1a1035658915f9afe538afc5fb9a3da0ec905.
* Turn `Plausible.Auth.UserSession` into full schema
* Implement token based sessions and use them as default
* Ignore expired user sessions during retrieval from DB
* Implement plug bumping user session last used and timeout timestamps
* Implement Oban worker removing expired user sessions with grace period
* Implement legacy session conversion on touch, when applicable
* Update `UserAuth` moduledoc
* Extend `UserAuth` tests to account for db-backed session tokens
* Update CHANGELOG
* Add tests for `UserSessionTouch` plug
* Add test for `CleanUserSessions` worker
* Add logging of legacy session retrievals
* Use single update permitting stale records when touching user session
* Don't fetch session and user for external API endpoints (/api/event too)
* Refactor `Users.with_subscription/1` and expose helper query
* Skip fetching session in legacy `SessionTimeoutPlug`
* Rely on user session assign from `AuthContext` in `SentryContext`
* Silence legacy session warnings in `UserSessionTouchTest`
* Rely on session assign from `AuthPlug` in `SuperAdminOnlyPlug`
* Change `UserAuth` to get session, user and last subscription in one go
* Avoid refetching user session in `AuthorizeSiteAccess` plug
* Fix code formatting
* Refactor `UserAuth.get_user_token/1` (h/t @aerosol)
* Remove bogus empty opts from `scope` declarations in router
* Only touch session once an hour and keep `user.last_seen` in sync
* Bring back logging of legacy token use
* Extract session management from AuthController
* Don't explicitly pass `current_user_id` to `live_render`'s session
* Add ability to retrieve session and user from token via `UserAuth`
* Always fetch current user (or just id) via `UserAuth` API
* Introduce `UserSession` as an embedded schema for now
* Make `UserAuth.get_user/1` accept `UserSession` as an input
* Introduce LV auth context populating user data from session on mount
* Refactor `AuthPlug` and make it populate `current_user_session` as well
* Rely on authenticated user data provided by auth plug or LV context
* Make `Sites.get_for_user(!)` accept `User` struct as well
* Set `logged_in` cookie explicitly when it's out of sync with session
* Expand modules documentation a bit
* Improve and extend tests slightly
Adrian Gruntkowski
Adam Rutkowski
Uku Taht