* ✨
* wip
* wip
* Moduledoc false
* wip
* Update extra/lib/plausible/auth/sso/saml_config.ex
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* Include only data keys present in changes
* Improve audit logging for SSO domain verification
Make it more compact and hopefully more readable to CS
* Harden existing tests
* Use consistent naming
* Update audit entries migration: use UUIDs for primary keys
* Fix up tests
* Format
* Only test audit for EE
* Remove temporary String.Chars implementation
* Always log keys as per `derive` directive; include changes for inserts
* Write `actor_type` to audit entries
* Extract Audit.Repo functions
* Moduledocs
* Include change in audited deletions
* Make audit available only in EE build
A bit clunky? cc @zoldar
* Put test behind ee compilation flag
* Pin user e-mail in test
* Ensure encoder opts are passed for nested calls
* Carry `__allow_not_loaded__` even if no extractor defined
* Turn `actor_type` into an ecto enum type
* Remove unused function
* s/sso_forced/sso_force_mode_changed
* Unwrap single item list for protocol implementation
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* Migration: audit entries (#5581)
* Migration: audit entries
* Put migration behind EE conditional
---------
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* Add a new domain change flow when scriptv2 flag is enabled
* Use liveview for change domain flow
* Move additional steps to notice, include general info about domain change
* Format
---------
Co-authored-by: Artur Pata <artur.pata@gmail.com>
* new verifier script with tests + telemetry
* dataDomainMismatch tests
* more tests for callbackStatus and plausibleInstalled
* create priv/verifier subfolder + fix Elixir CI
* bump CI cache version
* organize verifier tests
* Remove accidentally committed verifier
* Rework compilation: Make it a variant, always return new verifier code in tests
* Make priv/tracker/verifier/ exist
* Handle static checks with grace
* Fix paths
* Fix paths
* Add some tests
* Add one more test
* split up the JS
* proxyLikely + code structure refactor + unit tests
* fix telemetry fields
* move most telemetry to logs
* run verifier tests only on chromium
* detect wordpressPlugin and wordpressLikely
* detect GTM
* rename JS checks
* detect cookiebot
* include new fields in logs
* different logs for browserless request vs js failures
* detect manual extension
* detect unknown attrs + fix logging
* stick to Elixir checks for snippet detection
* fix codespell
* fix IO.inspect
* remove unnecessary fields from test mock
* cookiebot doc
* move test into verifier subfolder
* do not duplicate ts types
* comma -> semicolon in log
* test dynamically loaded snippet
* improve logging on Browserless error
---------
Co-authored-by: Karl-Aksel Puulmann <oxymaccy@gmail.com>
* Sync pathname to event.props.path for special path-based goals
* Stop adding event.props.path for 'Form: Submission' events
* Update tracker script version
* Fix test expectations
* Fix format
* Simplify maybe_put_props_path with 'with'
* Add specs, fix factory
* Update tracker changelog
* Update EE/CE changelog
* Remove business logic from factory
* Refactor event.props.path sync result to be validated with the rest of the custom props
* Clarify doctests and update function name
* CRM: allow custom plan editing
* Use standard edit button
* Update extra/lib/plausible_web/live/customer_support/live/team.ex
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
---------
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* Implement automatic re-login on SSO session expiration
* Adjust allowed range of `sso_session_timeout_minutes` in team policy
* Test autosubmit rendering
* Test `UserSessions.get_by_token/1`
* Test expired session case for `AuthPlug`
* Test `UserAuth.get_user_session` case for expired session
* Test `HandleExpiredSession` plug
* Offer team switcher on /sites if applicable
- in case of empty My Personal Sites view, and with
another team with sites being available
- redirect straight to first team upon invoking team
switcher, if there's only one available
- redirect to /sites from team switcher, if there
are no set-up teams available
* Remove unused test helper
* Store and use last team identifier
* Remove alert about starting trial when adding first site
* Format
* Update lib/plausible_web/live/sites.ex
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
---------
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* Implement plug for checking SSO team access
* Add the new plug to the `browser` pipeline and adjust routes
* Don't log in on failed provisioning and display issue notice instead
* Require user to be provisioned as SSO before toggling "Force SSO"
* Label SSO members explicitly in team management LV
* Make slight layout and copy adjustments in provision issue view
* Improve copy (h/t @aerosol)
* First pass: store login preference
* Only set login preference if SSO is used
* Change mock DNS to use port 5354 and `domain_id` for parameter
* Make login forms use flash message for error passing
---------
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* Setup MFA properly in SSO tests
* Move `new_identity` test helper to common helpers
* Make standard login only allow Owner SSO users
* Implement `Plausible.Users.type/1` for determining user type
* Implement plug restricting action based on user type
* Restrict or adjust access to settings actions to SSO users
* Make a very small refactor to `Auth.SSO` helper
* Prevent SSO users from acceptig team invitations
* Prevent SSO users from adding websites under "My Presonal Sites"
* Prevent implicit team creation by SSO users
* Add workaround for compiler warning under CE
* Remove SSO user on removing membership
* Prevent changing role to owner when 2FA not enabled
* Prevent provisioning from standard user with active personal team
* Fix `Auth.lookup/1` to not break for standard users on multiple teams
* Use `Plausible.always/1` (h/t @aerosol)
* Revert "Use `Plausible.always/1` (h/t @aerosol)"
This reverts commit 0ee7dd84d3.
* Rename `RestrictType` -> `RestrictUserType`
* Make the configuration intent more explicit in `RestrictUserType` plug
* Rename plug file
* Allow caching tracker script on CE
Open questions with this approach:
- `ingestion_url`: Using `PlausibleWeb.Endpoint.url()` requires that endpoint has started, but we
want to pre-warm the cache _before_ the endpoint starts. To work around this, a different approach
is used to get the right url.
- caching: Other caches currently cache database models, this caches a string. Will this cause issues?
* Slightly better workaround
* Lazier timers
* Scriptv2 onboarding: review flow
* Make sure bundled features are enabled by default in v2 onboarding
* Call get_or_create correctly
* Refactor custom plan form to use boolean-based checkboxes
* wip
* Fix up typespcs
* Extract domain status enum to module macros
* Cancel verification jobs when integration is removed
* Revisit verification interface
* Supply local DNS server for domain ownership testing
* Rename a test
* 👾
* Use identifier when submitting domain verification
* Disallow re-verification of already verified domains
* Add dependencies necessary for implementing real SAML adapter
* Implement real SAML adapter
* Add make target for easily provisioning local IdP service
* Implement a separate cookie for storing mid-auth SAML state
* Test and improve validation in `RealSAMLAdapater`
* Rename `extra/fixtures` to `extra/fixture` in consistency with `fixture`
* Avoid warnings when running test in CE mode
* Hard match on `integration_id` in `RealSAMLAdapter.signin/2`
Co-authored-by: Adam Rutkowski <hq@mtod.org>
* Improve relay state validation
Co-authored-by: Adam Rutkowski <hq@mtod.org>
* Require `integration_id` parameter in `sso` make target (#5501)
* Fix formatting
* Store assertion fixtures as XMLs instead of Base64 encoded strings
* Switch to upstream `main` branch of `simple_saml`
---------
Co-authored-by: Adam Rutkowski <hq@mtod.org>
* make starter tier flag team based not user
* old upgrade page for active or recently ended trials
* adjustments to plan benefits
* mention losing grandfathering when on v4
* extract plan benefits into separate module
* unit tests for plan benefits + fix enterprise site/team_member benefits
* hide Starter tier from grandfathered Growth
Also get rid of the grandfathered notice in Growth plan box
* choose_plan_test.exs to ee_only
* fix ci
* actually fix ci
* stop displaying new starter features for grandfathered teams
* bump starter tier launch date
* Revert "stop displaying new starter features for grandfathered teams"
This reverts commit e024a82d14.
* Extend core APIs for better insight into SSO state during setup
* Adjust `toggle_switch` compoenent to accept global attributes
* Improve textarea variant of input component
* Make first very crude pass on SSO setup UI
* Display "Single Sign-On" settings option only when enabled
* Extract SP identity ID function to SAMLConfig as a public one
* Move SAML controller logic behind an adapter
* Don't apply CSRF protection to SAML consume endpoint
* Make copy adjustments
* Change SSO sidebar icon
* Fix `fake_domain_verify` handling before integration is set up
* Tweak configuration markup
* Sanitize PEM input
* Tweak SSO settings sections + prevent domain deletion if applicable
* Minor tweaks to SSO settings tiles
* Bootstrap basic test suite
* Ensure SSO settings are guarded by env var
* Make sure to retry fake domain validation on integration-less cycle
* Trim idp entity id input
* Dedup assertions
* Fix domain identifier interpolation
* Tidy up integration fetching
* Expand tests for SSOManagement LV with fixes
---------
Co-authored-by: Adam Rutkowski <hq@mtod.org>
* feature gate creating shared links
* feature gate GET shared_link
* stop granting shared links access in code + organize tests
* allow GET shared_link for WP
* prevent shared link creation with special name
unless created by the Plugins API, the name WordPress - Shared Dashboard
will be considered reserved.
* do not render special shared links in site settings > visibility
* remove hardcoded special name from test
* add function doc for special names
* prevent updates to special name as well
* warn about losing access to shared links
* make features_usage return empty list on ce
* Update lib/plausible/sites.ex
Co-authored-by: hq1 <hq@mtod.org>
* move special name check to changeset
* fix tests
---------
Co-authored-by: hq1 <hq@mtod.org>
* Redefine what `on_trial?` means
No subscription combined with
non-zero trial_days_left designates an ongoing trial.
Conversely, any subscription in any state means
the trial is inactive.
* Fix cancellation notices
We now show the cancellation warning
when the subscription is about to expire.
* Implement the ability to lock cancelled subscriptions
in case a refund is made
* Dedup notice body
* Spawn confirmation alert before locking
* Revert "CRM: team (un)lock regardless of grace period (#5440)"
This reverts commit bb63c0d0e4.
* Implement grace period (un)lock just like in kaffy
* Test grace period handling
* Implement `SSO.Domains.remove/1,2` and `SSO.Domains.check_can_remove/1`
* Add `sso_domain` relation to `Auth.User` schema
* Populate `user.sso_domain` on provisioning and validate identity domain
* Simplify lookup by domain in `SSO.Domains.remove/1,2`
* Extend tests
* Derive user name from email in fake SAML controller
* Fix formatting
* Implement SSO Domain validation chain
* Use iolists 🆒
* Use aliases
* Update moduledoc
* Update test/plausible/auth/sso/domain/validation_test.exs
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* Update test/plausible/auth/sso/domain/validation_test.exs
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* Update test/plausible/auth/sso/domain/validation_test.exs
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* Match non-empty list for meta tag check
---------
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* keep teams feature explicitly for UI
* keep devsubscriptions in sync with prod
On prod, when a subscription is created without a current team in assings,
a new team is force created for that user.
* disable team creation when no point to create it
* fix ce_test compile warning
* fix tests on CE
* Update lib/plausible/teams/billing.ex
Co-authored-by: hq1 <hq@mtod.org>
* add solo team in seeds
* fix top border blur + stop autofocusing input when blurred
---------
Co-authored-by: hq1 <hq@mtod.org>
* Add SSO user as a team member on provisioning
* Implement fake SSO actions and basic login form
* Handle team member limit error and adjust login redirect in `UserAuth`
* Always switch to related SSO team on SSO user login
* Ensure `timeout_at` is set when creating new standard user session
* Add env var flag for gating SSO
* Hide SSO login link when SSO disabled
* Hide SSO routes when SSO disabled
* Implement nonce-based allowance for js in SSO content security policy
* Test controller actions
* Add more tests for UserAuth
* Add sync tests for `GateSSO` plug and env var flag in disabled state
* Add test for SSO owner logging in via standard login
* Ensure team locked state is updated on site creation and removal
* Do not lock team when there are no sites
* Ensure SiteLocker is only run on EE
* Get rid of troublesome alias
* Update tracker config in scriptv2 onboarding
* Use actual scriptv2 installation script
* Unwrap result from transaction
* Only run cache purge tests on ee
* replace yellow warning notice with more inviting cta (funnels)
* align VAT notice with /year on the upgrade page
* improve tooltip component
do not hide the tooltip when the mouse enters the tooltip itself directly
from the trigger element. This allows clicking links in tooltips.
* improve site segments feature gate UI
Disable the save button when site segment option is selected in create or
edit form. Also render a different upgrade notice if the user is not the owner.
* replace upgrade notices with blur UI
To fully get rid of Notice.premium_feature, we will also display a
"not allowed" cursor with tooltips asking to upgrade where necessary.
* extract toggle switch component
* Hide currency toggle from goal edit form
The currency field cannot be changed for an existing goal anyway. Therefore
it makes sense not to show it at all. This commit makes the currency picker
always visible when editing a revenue goal, and always hidden for custom
event edit form.
* simplify api key creation form
Turn "Sites API access" into a toggle switch identical to "Enable revenue
tracking" in goal creation form.
* remove team setup CTAs for Starter tier
* fix team member limit for starter
* adjust v5 plan limits and limit exceeded notices
* do not display global notices on upgrade-success page
* fix settings/subscription monthly quota boxes alignment
* fix CI
* use tailwind backdrop-blur
* remove dangling log + avoid passing setSaveDisabled
* remove duplicate function clauses revenue goals
* revert create api key UI change but disable button still
* optimize for darkmode
* blur team settings > team members for Starter
* rename team accounts to team management
* Add `locked_by_admin` to teams schema
* Implement team locking
* Look up `teams.locked_by_admin` in relevant background services
* Add background servive tests
* Type faster than think!
* Purge bunny cdn cache when tracker script config is updated
* Only allow one purge task scheduled per site
Tested by adding logging and toggling a checkbox a few times. Only one job got executed.
* Typo
* Add `SSO.Identity` struct
* Ensure timestamps are set to second resolution to avoid issues
* Implement `SSO.provision_user/1`
* Implement `UserAuth.log_in_user/3` clause accepting identity
* Fix type declaration in `UserAuth`
* Plugins API for tracker script configuration
* no support for track_404_pages in plugins api
* Update lib/plausible_web/plugins/api/controllers/tracker_script_configuration.ex
Co-authored-by: Uku Taht <Uku.taht@gmail.com>
* Restructure update code
* Remove dead code
---------
Co-authored-by: Uku Taht <Uku.taht@gmail.com>
* tracker_script_configuration table migration
* tracker_script_configuration schema + upsert tests
* TrackerScriptConfiguration: read from installation_meta, double-write, refactor installation flow to work off of new model
* Fix a test
* add a new (feature flagged) upgrade page offering v5 plans
* include starter tier plans in available_plans_for + use dev prices in test
* upgrade page remodelling with starter tier
* mobile optimizations
* optimize for darkmode
* add embedded dashboards as a growth benefit
* do not hide header on LegacyChoosePlan
* consistent v5 plan feature order
* slight grandfathering notice adjustment
* display monthly price too on yearly plans
* default to v5 plans unlesss legacy? is true
* refactor: suggest volume not plan for emails
* align back link with page title
* render grandfathering notice for growth v4 too
* WIP: init() for plausible.js
* Reformat whitespace
* Handle double-initialization gracefully
* Script customProperties option
* Remove pageview-props from tracker script interpolation - its now an advanced config
* Add compile option for compiling the web snippet. This can then be copied to e.g. onboarding
* Switch minification from uglify-js to swc
* Use 4 passes for optimal output
* Remove use strict to remove it from output. Uglifyjs already removed this
* Minor optimization: Remove nulls from output via runningEngagementStart
* Minor optimization: Reduce onIgnoredEvent
* config_json -> config_js
* Dead attribute
* Remove guard for engagements
* More protective customProperties
* Object.assign
* chore: Bump tracker_script_version to 10
* No need for default in Object.assign
* Remove dead guard
* PlausibleWeb.Tracker -> PlausibleWeb.TrackerPlug
* Support getting plausible-main.js via app from `/js/s-${tag}`
tag currently is site.installation_meta["id"] but im planning (separately) to
introduce a different, shorter id version (using something like NanoId/HashId).
This will be introduced in a separate PR though
* Mark some variables as legacy
* Remove compile-time dependency on plausible-main.js
* Fix build
* moduledoc
* Bump CACHE_VERSION to ensure plausible-main is compiled
* 404 consistently
* Revert "Remove compile-time dependency on plausible-main.js"
This reverts commit 4b533ef0f6.
* Ensure file exists at compile-time
* flat_map over reject
* assert -> refute
* JSON.encode!
* fix sandbox plans v4 to be in sync with prod ones
* sync sandbox plans + unify formatting
* create v5 plans in paddle prod + sandbox + Mix.tasks
* add teams and shared links features
* remove unused line of code
* paddle credentials as module attrs
* remove teams and shared links as growth benefits for time being
* Add profile_url helper clause
* Add notes
* Sort features alphabetically
* Fix checkbox/textarea components
* Unrlelated: update combobox docs
* Initial customer support UI
* Unrelated: don't expand member dropdown if disabled
* Cross link both CRMs
* Remove unused things
* Stop polluting history with tab navigation
* Truncate search results
* Format
* Use routes in favour of phx-click events
* Fix / keypress to search focus
* Rename phx event
* Rename remaining save events
* Fix up x-data
* Fix alpine placeholder event
* Enable progress animation with topbar
* Team: separate assign clauses per tab
* Site: separate assign clauses per tab
* lint
* Replace URI patch on filter text update
* Unifyu filter_bar component usage
* !fixup
* Fix up filter form event name
* Fix number formatting as you type
* Fix enterprise plan number inputs
* Link CS from HelpScout
* Remove target=_blank from kaffy URLs
* Pre-fill custom plans
* Rework the billing tab
* Make checkbox labels clickable
* Put Stats API first
* Format
* Credo
* !fixup
* Don't show empty labels
* Add CLI arguments to compile.js and logging
* Rename folder
* Extract compile code, es modules
* Add a progress bar
* Remove handlebars
* Update report-sizes
* Remove debug code
* inline
* More generous split
* Allow positional arguments for compiling
* Add watch option to compile
* Add compileFile logic
* Most tests run under playwright
* All tests runnable
* Update playwright, remove hack
Note that upgrading to latest failed due to a new test failure. This
might be due to a chrome update.
* Compile script on the fly for tests
* Minor refactor for compileAll
* es module for generate-variants.js
* Allow passing suffix to compilation script - this can be used to generate separate files for comparison
* Fix positionals
* Switch from 2 passes to 1 pass
Did some data analysis on this data:
- Compared to master, 1 pass increased brotli size by 0.7%, 2 passes 0.4%.
Given the change is insignificant enough, we can ignore it for now
The increase is likely due to order of operations in compilation and
some inlined functions getting lost.
* Move customEvents.js to plausible.js
* Clean up API
* Suffix default
* Rework variants.json, globals stored there
* Add more variants under test
* Distribute work across multiple worker threads
Compile time went on my machine from 60s -> 30s
* Fixup server
* Update canSkipCompile
* chore: Bump tracker_script_version to 7
* Update scripts
* Update node-version
* Experiment with adding a small delay to page
* Casing
* rename variable
* Update help text
* features -> compileIds, backport functionality from other branch
* Migrate some
* Making progress
* All fixed
* Convert interval picker to tsx
* Fix format
* Fix tests
* Make sure focus outline looks right on DropdownTabButton
* Refactor Site Switcher to Popover
* Fix site switcher test
* Better jsdom mocks in assets tests
* Try svg placeholder favicon
* Update favicon test
* Try giving transition config directly
* Remove empty props
* Remove unnecessary closeDropdown to prevent Firefox transition issue
* Register open dropmenus globally
This is needed to prevent invalid state when navigating with site hotkeys with Firefox while a dropdown is open and coming back using browser
* Colocate popover-specific component
* Clarify behaviour on hitting hotkey for current site
* Try fix Firefox issue
* Try 1.7.19
* Commit to @headlessui/react v1.7.x
* Fix last two transition origins
* Align active tab on baseline
* Remove unneeded global dropmenu state
* Add changelog
* Funnels menu is searchable and scrollable
* Fix transform origin
* Stop funnels menu from holding onto search state
* Mandate ref be passed to SearchInput from the outside
* Bring back previous dev config
* Dedicated MIX_ENV for load testing + change k6 script
* Remove unused env var
* Remove test flag
* Add .env.load
* Fixup
* Extend API key creation with support for Sites API keys
* Remove unnecessary disabled state and improve radio component styling
* Add more tests
* Don't expose Sites API keys in CE
* Only show the notice if Sites API feature is actually disabled
* Adjust API keys subtitle
* Fix condition in one of actions
* Revert "Temporarily disable ingest metrics (#5369)"
This reverts commit b96e96a7f6.
* Add :tools to MIX_ENV=dev
* Stop tracking caches hit ratio in favour of raw counters
* Change how generic notices refer the account
It's now "This team", unless no team is selected.
* Only owner and billing roles can access/manage subscriptions
* Change how Team Settings options are exposed:
- Subscription only available to owner/billing roles
- Invoices only available to owner/billing roles
- API Keys only available to owner/billing/admin/editor roles
* s/team members/members - to avoid repetition
* Only owner/billing can manage dev subscriptions
* Adjust existing tests
* Add test
* streamline dev subscriptions
* spawn -> Task
* fix button alignment
* do not define routes in test env
* remove explicit mentions of dev env when deciding whether to sandbox paddle
* decide checkout behaviour at compile time
* Timex -> Date
* hum
* make it work for enterprise plans too
* allow convenient subscription status change
* fix ci warnings
* remove redundant commented out code
* fix crash + review suggestion
---------
Co-authored-by: Adam Rutkowski <hq@mtod.org>
We're seeing warnings as follows:
```
(plausible 0.0.1) lib/plausible/stats/legacy/legacy_query_builder.ex:32: Plausible.Stats.Legacy.QueryBuilder.from/4 |
| (plausible 0.0.1) lib/plausible/stats/query.ex:143: Plausible.Stats.Query.put_imported_opts/2 |
| (plausible 0.0.1) lib/plausible/stats/query.ex:163: Plausible.Stats.Query.get_imports_in_range/2 |
| (plausible 0.0.1) lib/plausible/imported.ex:98: Plausible.Imported.completed_imports_in_query_range/2 |
| (plausible 0.0.1) lib/plausible/stats/query.ex:65: Plausible.Stats.Query.date_range/2 |
| (elixir 1.17.3) lib/calendar/date.ex:111: Date.range/2 |
|
warning: a negative range was inferred for Date.range/2, call Date.range/3 instead with -1 as third argument
```
As well as some Stats API queries with the date time range reversed.
This PR makes it explicit we support passing the range in reverse and
handles that without warnings. Along the way added some tests.
Ref: https://3.basecamp.com/5308029/buckets/36789884/card_tables/cards/8415153184
* improve the error message on the change teams screen
* Update membership_controller.ex
* Adjust tests
---------
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* Change `:forbidden` error to `:permission_denied` for consistency
* Stop force-filling timestamp fields on personal team and membership
* Fix password field name in (re)generate 2FA recovery codes form
* Update User schema with a field required by teams migration
* Start cloak vault for self-hosted release migrations.
Since this one is using schemas, existing encrypted columns
do require cloak to be up.
* Update changelog
* Make trial notification ee-only
* Replace `Plausible.ee?/0` with `ee?/0` across the codebase
* Bump release date
* Stop showing footer with stats, except when user is not logged in / viewing shared dashboard
* Add testsfor Site Settings menu CE and EE
* Fix test titles, test org and tags
* Fix migration that was not working
cc @macobo
* Fixup old migrations to use `community_edition?` predicate
* Move hourly api request limit migration to the bottom
The odds are low that self-hosters use that one, but let's
make sure it runs after teams have been migrated.
* Tag dump plans as ee only
* APIv2: More tolerant shorthands for date ranges
I was using APIv2 today and got pissed off that I couldn't do
`"date_range": "3d"`. So I went ahead and fixed this issue...
* Changelog
* typegen
* fix
* More invalid tests
Filters autocomplete only showed `"is", "segment"` under autocomplete
instead of all options. This is due to limitations in the vscode
autocomplete package which I don't fully understand but have to do with
partially overlapping `oneOf` definitions. As such the fix was to make
each `oneOf` element as independent of each other as possible.
Basecamp ref: http://localhost:8001/docs/stats-api-playground
* Set site and member limits to unlimited for CE
* Don't even compile billing tests that trigger warnings in `ce_test`
* Split layout test into 2 distinct tests for CE and EE due to limits
* Update CHANGELOG.md
* Remove redundant test tag
* Make `site_role/2` return whether real is team or site scoped
* Rename `has_admin_access?` => `has_editor_access?`
* Switch current team if user is a team member in site's team
* Remove new_time_on_page feature flag
* Update tests to use new time on page
* Mark time-on-page as a public metric in APIv2
* CHANGELOG.md
* Validate time_on_page in APIv2
* Update typing
* Remove redudant arguments
* Update GA4 test
* Update stats_controller_test
* Remove assertion from csv_importer
* Add nil case to new time on page tests
* CSV import/export support for time-on-page
Note only the new time-on-page metric is exported this way
* visibility check for graphing of time_on_page
* FE no longer receives/sends legacy_time_on_page_cutoff
* Remove current_user from exports
* Remove legacy_time_on_page_cutoff from query.include, make behavior work off of site.legacy_time_on_page_cutoff explicitly
* Remove dead function
* More current_user_id removals
Currently, every now and then the async combo box tests fail, probably
due to timing races. This is a rudementary attempt at fixing this by
making the test less sensitive to timing.
* Remove editor->admin mapping from Site Settings > People
* Restrict editor role and allow admin to update site role
* Disable actions in Site Settings > People for roles other than admin and owner
* Fix test
* Update labeling of guest members in CRM for clarity
* Update phrasing in other spots of UI
* Update CHANGELONG.md
* Revise team related banners displayed under Site Settings > People
* Fix permissions check for role update
* Send e-mail to new owners when site team is changed
* Improve subject copy
Co-authored-by: hq1 <hq@mtod.org>
* Update copy in test
---------
Co-authored-by: hq1 <hq@mtod.org>
* Append `__team` parameter to URLs in notification e-mails
* Improve copy in guest to team member promotion email
* Make "return_to" set in redirect in `RequireAccountPlug` actually work
* Improve accepted site transfer e-mail phrasing and link
* Set team when creating API key
* Create API key with team ID and adjust API key CRM
* Make CRM work with team-less API keys still
* Scope owner's API keys by team on setup
* Rate limit team scoped API keys by their team
* Enforce team scoping for API key with a team
* Prevent using legacy API keys against setup teams
* Enforce team scoping in Sites API too
* Scope API keys list in settings by team
* Do not prevent legacy API keys from accessing setup teams
* List legacy API keys across all teams
* Display "API Keys" under "Team Settings" when team is setup
* Scope teams index in Sites API as well
* Test Sites API actions
* Revert "Scope owner's API keys by team on setup"
This reverts commit 08fd5b4e801417a28ebb9937457cf3e59f7386a0.
* Test and slightly simplify API key CRM logic
* Test API key provisioning from Account Settings
* Test `AuthorizePublicApi` plug adjustments
* Simplify conditionals (h/t @aerosol)
* Change back to using `schema` in CRM logic
* Don't run tests triggering Kaffy warning locally
* Run quirky Kaffy tests only on CI in EE env
* site.legacy_time_on_page_cutoff migration
* Update migration logic
* Cronjob for setting legacy_time_on_page_cutoff
* Test site creation default legacy_time_on_page_cutoff
* Use site.legacy_time_on_page_cutoff
Leaving the query param logic for now for testing purposes
* tweak cron
* Work around defaults in tests
* Fixes
* Make cutoff date in job configurable - useful for backfilling
* Make column width of time-on-page wider
This will accomodate for the warnings
* Update warning messsage
* Breakdown table: Show space between * and warning in tooltip
* change 7d and 30d periods in API v2
* change 7d and 30d periods in legacy API
* add 28d and 90d into the dashboard
* add tests
* add 28d and 90d to public API v2
* changelog
* npm run generate-types
* typo
* fix NPM test
* fix interval_test
* add P shortcut for last month
* hide last 30d from datepicker but keep keybind functional
* fix keybind hints
* Timex to Date + helpful comment
* prettier format
* adjust comment
* mention 30d -> 28d in changelog as well
* make period hidden param new default
* Expose change_team/3 interface
* Extend `Teams.Users` context
* Update tests
* Implement change site's team UI
* Update tests
* Fixup for CE/EE
* Mark more tests as EE only
* Add extra plug-level protection
* fix typo to stop logging error in test output
* add time:minute interval to internal api schema
* always get visitors and visits from sessions table when time:minute dimension used
* query-api generate types
* changelog update
* Limit rate of requests for Stats/Sites API via Team directly
* Add logging of guest and non-member API key access for tracking
* Add more tests
* Don't log super admin and capture logs in test output
* Fix a typo in existing `capture_log` tag
* Add `Team.hourly_api_request_limit` and update it on plan change
* Fix tests for CE
* Fix CE tests once more
* Add backfill script
* Fix backfill script tests for CE
* List only sites under team in Sites API if team id provided
* Add tests for Sites API create site with team_id provided
* Implement `GET /api/v1/sites/teams` endpoint
* Remove team identifier input from Team settings
* Use feature availability function
* Fix tests setup
* List site guests via Sites API
* Create guests via sites API
* Delete guest memberships/invitations via Sites API
* Credo
* Test e-mail delivery
* Format
* Update extra/lib/plausible_web/controllers/api/external_sites_controller.ex
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* Update lib/plausible/sites.ex
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* Use aliases for optional where clauses
* Swap order columns
* Use GuestMembership.id in the union query
* Prefer explicit enums over boolean status
---------
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* Implement team deletion and refactor user deletion
* Secure team deletion endpoints with team access plug
* Add dedicated tests for `Teams.delete/1`
* Test new controller actions and views
* Rephrase "Setup a team" => "Create a team"
* Improve team-related copy
* Fix personal team removal on user delete with multiple teams
* Wrap `delete_user!` contents in a transaction
* Add notice in user deletion view in case of multiple teams ownership
* Add a basic test and fix copy
* Allow site transfer between different teams of the same user
* Fix typespec
* More type and branching fixes to satisfy dialyzer
* Alter when site transfers are included in sites listing
As now it's possible to transfer site between teams of the same user,
the site listing logic has to account for that. With this change, site
transfers are shown along sites under the condition that user is either
switched to personal sites view without a team or the team they
are currently switched to is different from the one the site belongs to
now.
* Make site danger zone available to admins
* Authorize admins to transfer sites on plug level
* Allow admin to initiate site transfer
For when both GTM & WordPress Plugin are detected,
give WP priority. Also, consider `data-cfasync`
a known attribute since it's the plugin that
adds that.
* Backend: get rid of scroll_depth.ex
This commit starts treating the scroll depth feature as *always visible*,
removing the ClickHouse queries on dashboard loads and starting to always
include scroll_depth in dashboard reports and export queries.
* Frontend: remove site.scrollDepthVisible
* adjust csv_importer_test
* remove site.scroll_depth_visible_at
* Replace GET /segments and GET /segments/:segment_id with server-rendered list, fix issue with dashboard report columns
* Remove WIP comments and throw earlier for invalid dashboard state
* Fix Segments details issue on public / shared link sites, add tests
* Get rid of `billable_user` in favour of `current_role`
* s/current_role/current_team_role
* Sort it out (tm)
* Remove unresolvable property from sentry context
* Test & adjust dashboard locked box
* Satisfy a test
* parse scroll depth from string in ingestion
* drop engagement that are missing both sd and e
* parse engagement time from string too
* fix flaky test
* move dropping into a more suitable place in code
* add test
* silence credo
* Support passing `include` as a query parameter for dashboard APIs
* Mark time-on-page metric sortable
It now is thanks to the changed query
* new-time-on-page flag with cutoff being sent to the frontend
* Add correct tooltip title
* Implement metric warning for when legacy and new time_on_page metrics are mixed
* Send legacy_time_on_page_cutoff to backend
* Make time-on-page graphable with the new metric
* Only show metric warnings for time_on_page if flag is enabled
* Changelog
* Solve an clickhouse error when querying timeseries with only legacy time-on-page
* Add tests for timeseries of new time-on-page
Along the way fix an issue with comparisons not working properly
* Solve a typing issue
* Allow toggling legacy_time_on_page_cutoff off in dashboard
* Slightly better workaround
* Solve typing issue
* Prettier
* Guard against no warning
* Solve warning
* Update role enums with billing
* [wip] Ensure no team management can be done for roles other than admin/editor
* Track `current_role` at plug/mount level
* Some team role policy enforcement
* Guard remaining routes based on current team role
* Notify billing members via check usage worker
* Include billing members in trial/locked notifications
* Permissive team access policy when no current team assigned
Effectively the plug should no-op, so that existing user
notices/alerts can be displayed.
* Send cancellation notifications to billing role members
* Include billing members in renewal notifications
* Update moduledoc
* Exclude :guest role from team access auth plug
* Default to time_on_page
* Add new columns to schema
* Read from new column in legacy query
* Read/write new imported_pages columns
* Remove time_on_page column from imported_pages
* Simple, stupid new_time_on_page metric
* Update csv_importer schema
* Refactor: consistent __internal helpers, this will help with joining the query
* Refactor select_joined_metrics
* Refactor: pass `query` to event_metric
* Refactor: remove needless site argument from various calls
* Legacy joining query attempt
* Move test around
* Add more tests for both legacy and new time_on_page metrics in query API
* time_on_page reported in seconds
* timeseries test for metric
* WIP
* Wrap main query in subquery - without this run into trouble performing the join
* Calculate time_on_page in main query, no more new_time_on_page
* Add some TODOs
* Return NULL over 0 when no visits with time-on-page data
* Update moduledoc
* Update some tests that were not expecting integers
* Add a TODO
* Update tests
* Make graphing time series with combined metrics work.
* Slightly more consistent approach to flag updating in APIv2
* Seeds with engagement data
* Make graphing time series when cutoff is in the middle work
Bakes less assumptions into everything as well.
* Rename to legacy_time_on_page_cutoff
* Fixup lib/plausible_web/controllers/api/external_query_api_controller.ex
* Remove a todo and dead/misleading code
* Remove a resolved todo
* Remove needless rounding
* gen types
* Update pages test
* Remove needless columns from select
* Update tests: timestamps and remove comment
* Flip branches
* Rename "My Team" to "My Personal Sites"
* Rename "Create" to "Setup" in context of teams
* Set default Team Name to "Username's Team"
* wip
* end
* Expose team identifier
* fixup
* team id
* wip
* Rename `Teams.name()` -> `Teams.default_name()` for clarity
* Update test name
* Always reset team name when navigating to Team CTA
* Always use default team name for non-setup team
* Add tests for team name function
* Put sites list heading change behind FF
* Don't rely on FF for implicit team existence check
* Remove unnecessary team pick by parameter in site creation action
* Put first 3 teams in auth assigns context
* Fix setting current team from session
* Make `dropdown_item` component accept method for link
* Implement embedded team switcher in nav bar
* Store only personal team under my_team
* WIP
* Minor team switcher visual tweak
* Fix personal team selection
* Show only guest sites when no team picked
* Show CTA only in reference to `@my_team`
* Fix dedicated team switcher view
* Move picker indicator to the right in dedicated team select
* Alter site listing logic and fix tests
* Add viewer invitation to seeds
* Fix embedded team switch display condition
* Switch current team after setup
* Explicitly clean current team session value when no longer valid
* Remove redundant team switching logic
* Add quick link to team settings
* Don't show quick link when there's no current team
* Fix dedicated team switcher for no current team case
* Add test for my team fallback case
* Don't allow opening team settings for personal team
* Fix formatting
* Add site listing tests
* Fix team switching to avoid clash with existing conn params
* Fix formatting
* Remove unneeded `method` from `dropdown_item` component
* Decalre attributes for `team_switcher` component
* Render Invoices/Subscription sections based on team state
* Fix formatting
---------
Co-authored-by: Adam Rutkowski <hq@mtod.org>
* make scroll depth public in json schema
* add test for 400 response
* add info paragraphs in 'add goal' form
* changelog update
* fix typo
---------
Co-authored-by: Uku Taht <Uku.taht@gmail.com>
This was unexpected breakage from releasing new tracker script with engagement tracking to the world. Users are seeing inflated current visitors counts compared to top sources report.
* Remove Segments API feature gate since flag is globally true
* Include auth param with all requests when on shared dashboard
* Update changelog
* Remove feature flag check plug
* Unify logic, refactor names
* Refactor name
* Remove "team layout updated" flash message
* Remove flash when switching team
* Prevent illegal UI states when at team members limit already
* Test UI states at team members limit
* Remove unnecessary socket assign
* Main graph: Graph revenue metrics as zeroes instead of nils.
This has no effect on existing APIs as:
- Comparisons/empty data point logic only affects APIv1 which does not expose revenue metrics
Also changes semantics for visit_duration to be more in-line with the
rest.
* Improve dashboard main graph
- Graph tooltip for revenue metrics now shows revenue with the relevant
monetary unit.
- Graph tooltips for scroll depth, visit duration and so on now shows `-`
instead of 0 on dates where no relevant visits occurred.
* Remove business logic duplication
A test in test/plausible_web/plugs/tracker_test.exs was failing due to
cached version of tracker script being used in other PRs.
The reason it didn't fail in the original PR adding the test was that
changes in tracker script bypassed the cache **for that pr**.
* Revert "Ensure no export button is rendered for public roles"
This reverts commit 213fafe041.
* Revert "Restrict public CSV export access (#5089)"
This reverts commit d3d0547484.
* Keep the Role.public enum needed elsewhere
* Reveal segment filters in v2 Stats API, update changelog
* Indicate that otherwise internal filter resolves when it is part of a segment
* Update segment related query parser tests
* Separate PR for changelog
* Implement Site Segments billing feature
* Make sure Site Segments benefit appears only when feature flag is present
* Add site_segments flag to v3 plans
* Refactor new filter menu back to ghost button
* Stop error state from persisting (#5131)
* Refactor how Segments appear on Choose Plan page
* Limit to 500 segments per site
* Resolve segment owner names and dates in site timezone in the BE
* Fix SegmentAuthorship
* Fix issue with updating dangling segment
* Refactor flaky PATCH segment test
* Unify segment type label logic
* Refactor SegmentOwnership type definitions for clarity
* Deal with segments when guest member is removed
* Handle segments when user removed from team
* Deal with user deletion
* Fix spelling
* Fix postgres client make task
* Remove migration
* WIP
* Load members
* Assert that we know has_not_done will not work without changes
* Add tests
* Assert that dates are in the expected format
* Add tests, better authorship dates, api.js -> api.ts
* Add error panels
* Flatten errors on the API side
* Stop name copy from getting too long
* Make comparison mode and edit segment modes exclusive
* Fix flicker calculating space
* Fix issue with definite state not persisting
* Unhitch modals from query-context
* Separate API format and dashboard format of segment_data
* Clarify purpose of useDefiniteLocationState
* Tweak UI: site switcher, save as segment
* Fix issues with modals
* Remove commented and unnecessary code, better query context
* Fix too permissive site members dataset
* Make sure Segment doesn't show up as an option to customer without the FF
* Fix issue with 'See more' menu being present when it should not be
* Permit :has_not_done filter in segments
* Refactor to matching on filter list structure
* Flatten :and stemming from segment filters on first level
* Update test
* Refactor: remove metrics argument from merge_imported()
* Support querying percentage without visitors metric
* Fix ordering by special metrics with imports causing a 500
We don't calculate all metrics directly on imports, hence cannot order
the import by them either.
* Changelog
* dont let blue background overflow rounded corners
* move scroll goal creation into a separate tab
* render goal type as Scroll
* add scroll goal edit capability
* implement automatic display name update in create form
* make UX more user-friendly
* autoselect the entire display name on first focus
* adjust tests
* set min value to 1 in scroll_threshold input
* rename goal trigger tab
* Add tests for `Teams.get_or_create/1` and `Teams.get_by_owner/1`
* Start populating `current_team` in assigns fetching value from session
* Clean up team passing in invitation services
* Make site transfer service handle multi-team scenario
* Handle multi-team and permission transfer errors on controller level
* Handle multi-teams in site creation on service and controller level
* Drop validation limiting full membership to a single team
* Make user deletion account for public team ownership
* Adjust feature availability checks for Stats API key
* Use current_team when determining limits on site transfer invitation
* Adjust trial upgrade email submission to account for multiple owners
* Remove unnecessary `Teams.load_for_site/1`
* Spike renaming `owner` and `ownership` relationships to plural versions
* Make HelpScout integration handle owner of multiple teams gracefully
* Add FIXME note
* Resolve paddle callback issue by always provisioning a new team when none passed
* Set `current_team` as `my_team` only when user is an owner
* Implement basics of Teams CRM
* Extend Teams CRM
* Further adjust User and Site CRM and refine Team CRM
* Convert Enterprise Plan CRM to refer to team directly and not via user
* Remove unused virtual fields from User schema
* Add note to HelpScout integration
* Allow listing multiple owners under Site Settings / People
* Remove unused User schema relations
* Fix current team fetch in auth plug and context
* Implement basic team switcher
* Ensure (site) editor role is properly handled in site actions auth
* Don't set `site_limit_exceeded` error marker on `permission_denied` error
* Link from HS integration to Team CRM instead of User CRM when available
* Ensure consistent ordering of preloaded owners
* Add `with_subscription` preload for optimisitation
* Add ability to search sites by team identifier
* Add ability to pick team when transferring ownership directly
* Fix failing HelpScout tests
* Scope by team when listing sites in dashboard and via API (optional)
* Add ability to search by team identifier in plans CRM lookup widget
* Add subscription plan, status and grace period to team status info
* Expose teams list in user CRM edit form and fix team details CRM view
* Fix Team Switcher styling
* Reorganise header nav menu
* Avoid additional queries when authenticating user
* Hide the pay/site transfer message on lock screen when teams FF is on
---------
Co-authored-by: Adam Rutkowski <hq@mtod.org>
Adrian Gruntkowski
Adam Rutkowski
RobertJoonas
Uku Taht
Artur Pata
Karl-Aksel Puulmann
Cenk Kücük
Marko Saric
ruslandoga