* First pass: store login preference
* Only set login preference if SSO is used
* Change mock DNS to use port 5354 and `domain_id` for parameter
* Make login forms use flash message for error passing
---------
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* Setup MFA properly in SSO tests
* Move `new_identity` test helper to common helpers
* Make standard login only allow Owner SSO users
* Implement `Plausible.Users.type/1` for determining user type
* Implement plug restricting action based on user type
* Restrict or adjust access to settings actions to SSO users
* Make a very small refactor to `Auth.SSO` helper
* Prevent SSO users from acceptig team invitations
* Prevent SSO users from adding websites under "My Presonal Sites"
* Prevent implicit team creation by SSO users
* Add workaround for compiler warning under CE
* Remove SSO user on removing membership
* Prevent changing role to owner when 2FA not enabled
* Prevent provisioning from standard user with active personal team
* Fix `Auth.lookup/1` to not break for standard users on multiple teams
* Use `Plausible.always/1` (h/t @aerosol)
* Revert "Use `Plausible.always/1` (h/t @aerosol)"
This reverts commit 0ee7dd84d3.
* Rename `RestrictType` -> `RestrictUserType`
* Make the configuration intent more explicit in `RestrictUserType` plug
* Rename plug file
* List only sites under team in Sites API if team id provided
* Add tests for Sites API create site with team_id provided
* Implement `GET /api/v1/sites/teams` endpoint
* Remove team identifier input from Team settings
* Use feature availability function
* Fix tests setup
* Implement team deletion and refactor user deletion
* Secure team deletion endpoints with team access plug
* Add dedicated tests for `Teams.delete/1`
* Test new controller actions and views
* Rephrase "Setup a team" => "Create a team"
* Improve team-related copy
* Fix personal team removal on user delete with multiple teams
* Wrap `delete_user!` contents in a transaction
* Add notice in user deletion view in case of multiple teams ownership
* Add a basic test and fix copy
* Rename "My Team" to "My Personal Sites"
* Rename "Create" to "Setup" in context of teams
* Set default Team Name to "Username's Team"
* wip
* end
* Expose team identifier
* fixup
* team id
* wip
* Rename `Teams.name()` -> `Teams.default_name()` for clarity
* Update test name
* Always reset team name when navigating to Team CTA
* Always use default team name for non-setup team
* Add tests for team name function
* Put sites list heading change behind FF
* Don't rely on FF for implicit team existence check
* Remove unnecessary team pick by parameter in site creation action
* Put first 3 teams in auth assigns context
* Fix setting current team from session
* Make `dropdown_item` component accept method for link
* Implement embedded team switcher in nav bar
* Store only personal team under my_team
* WIP
* Minor team switcher visual tweak
* Fix personal team selection
* Show only guest sites when no team picked
* Show CTA only in reference to `@my_team`
* Fix dedicated team switcher view
* Move picker indicator to the right in dedicated team select
* Alter site listing logic and fix tests
* Add viewer invitation to seeds
* Fix embedded team switch display condition
* Switch current team after setup
* Explicitly clean current team session value when no longer valid
* Remove redundant team switching logic
* Add quick link to team settings
* Don't show quick link when there's no current team
* Fix dedicated team switcher for no current team case
* Add test for my team fallback case
* Don't allow opening team settings for personal team
* Fix formatting
* Add site listing tests
* Fix team switching to avoid clash with existing conn params
* Fix formatting
* Remove unneeded `method` from `dropdown_item` component
* Decalre attributes for `team_switcher` component
* Render Invoices/Subscription sections based on team state
* Fix formatting
---------
Co-authored-by: Adam Rutkowski <hq@mtod.org>
* Deal with segments when guest member is removed
* Handle segments when user removed from team
* Deal with user deletion
* Fix spelling
* Fix postgres client make task
* Remove migration
* Add tests for `Teams.get_or_create/1` and `Teams.get_by_owner/1`
* Start populating `current_team` in assigns fetching value from session
* Clean up team passing in invitation services
* Make site transfer service handle multi-team scenario
* Handle multi-team and permission transfer errors on controller level
* Handle multi-teams in site creation on service and controller level
* Drop validation limiting full membership to a single team
* Make user deletion account for public team ownership
* Adjust feature availability checks for Stats API key
* Use current_team when determining limits on site transfer invitation
* Adjust trial upgrade email submission to account for multiple owners
* Remove unnecessary `Teams.load_for_site/1`
* Spike renaming `owner` and `ownership` relationships to plural versions
* Make HelpScout integration handle owner of multiple teams gracefully
* Add FIXME note
* Resolve paddle callback issue by always provisioning a new team when none passed
* Set `current_team` as `my_team` only when user is an owner
* Implement basics of Teams CRM
* Extend Teams CRM
* Further adjust User and Site CRM and refine Team CRM
* Convert Enterprise Plan CRM to refer to team directly and not via user
* Remove unused virtual fields from User schema
* Add note to HelpScout integration
* Allow listing multiple owners under Site Settings / People
* Remove unused User schema relations
* Fix current team fetch in auth plug and context
* Implement basic team switcher
* Ensure (site) editor role is properly handled in site actions auth
* Don't set `site_limit_exceeded` error marker on `permission_denied` error
* Link from HS integration to Team CRM instead of User CRM when available
* Ensure consistent ordering of preloaded owners
* Add `with_subscription` preload for optimisitation
* Add ability to search sites by team identifier
* Add ability to pick team when transferring ownership directly
* Fix failing HelpScout tests
* Scope by team when listing sites in dashboard and via API (optional)
* Add ability to search by team identifier in plans CRM lookup widget
* Add subscription plan, status and grace period to team status info
* Expose teams list in user CRM edit form and fix team details CRM view
* Fix Team Switcher styling
* Reorganise header nav menu
* Avoid additional queries when authenticating user
* Hide the pay/site transfer message on lock screen when teams FF is on
---------
Co-authored-by: Adam Rutkowski <hq@mtod.org>
* Implement `return_to` query param on login form
* Add `return_to` to 404 login link
* Implement `return_to` for 2fa flow as well
* Remove remaining references to `login_dest`
* Add query string to 404 return to param
* Make sure the query string is also added to `return_to` in 404
* Various improvements
* Undow unnecessary change
* Use assigns over query params
* Revert unneeded changes to error reporter
* Mix format
* Use nicer heex syntax for conditional templating
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* Do not use explicit assigns for `return_to`
* Only redirect if it's a path
* Add fallback for redirect_path argument
---------
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* Comment out legacy fields and relationships
* WIP
* WIP 2
* WIP 3
* wip
* Remove teams backfill and consistency check scripts
* WIP 3
* Fix CheckUsage tests
* Update billing/subscription tests
* WIP 4
* Make site transfer fail if some invitation already exists
* Fixup: do symmetric invitation/site transfer check
* Update UI bugs: make listing sites/inviting admins work like before
* Fix Sites test
* Fix external sites controller test
* Fix live sites tests
* Fix props availability lookup
* Fix site controller tests
* Fix billing controller tests
* WIP - accept invitation tests
* Another round of test fixes + invitations logic bugs
* users_test -> teams_test
* Update registration via invitation
Here, we still rely on "polymorphic" invitation structures,
hence the "unified by id" helper.
For now, it'll remain local unless we discover it's
needed in the broader `Teams.Invitations` context.
cc @zoldar
* Yet another round of test and bugfixes along the way
* Include team in site setup success e-mail
* Fix send_site_setup_emails worker
* Fixed almost all tests except CRM ones
* Update enterprise plan admin test
* Fix CRM + remaining tests
* Address credo warnings (modulo one FIXME)
* Remove last FIXME and rephrase the invitation test case description
* Set Team fields via User CRM transparently
* Map user reference in Enterprise Plan CRM via team owner
* Fix resource actions in user CRM
* Get rid of warning when opening create form in API keys CRM
* Stop emitting warnings when editing Enterprise Plans via CRM
* Tests: Bump await_clickhouse_count interval
* Remove XXX marker
* Fix register from invitation link in email sent for ownership transfer
* Simplify fetching all pending site ownership site IDs
* Remove commented out schema fields
* Remove unused functions
* Address flakiness in ingest counter tests
* Remove unused `Teams.Sites.create`
* Don't restart trial on team with subscription when creating site
* Account for cases of legacy teams with empty trial expiry date
* Revert "Address flakiness in ingest counter tests"
This reverts commit 60dc1e4115.
* Fix flaky ingest counters tests under load
* Attempt 2
* Pre-emptively hardcode site ids in sampling cache test
to avoid supplying the same IDs alongside with counters test,
that inserts through another repo (async).
what we're observing is, clickhouse not summing mergetree columns fast
enough, even though we wait quite a bit.
* Fix ingest counter tests by accounting for delayed summation
---------
Co-authored-by: Adam Rutkowski <hq@mtod.org>
* Pre-emptively introduce `site.team_owner` relation
* Drop null constraint on user_id from subscriptions and enterprise_plans
* Temporarily remove populating old schemas in Teams.Test
* Point to site.owner via new schema
* Switch more reads to teams schema WIP
* Fix AuhtorizeSiteAccess test
There's no need to translate `admin`<->`editor` here,
the redundancy is inlined wherever the plug is initialized.
* Fix regions test
* Fix main graph test
* Fix authorization test
* Try to rely on team for subscription/plans where applicable
* Test fixes
* Fix plans test
* Prep for CheckUsage changes
* Skip remaining CheckUsage tests for now
* Fix user deletion to account for team relations
* Fix HelpScout tests
* 💀 Modify ingestion to read team schemas
* Made all tests green except skipped ones
* Mute warnings about transferring site with no order
By making artificial site membership struct,
when reading data off team membership schema.
* Fix site removal test case
* Re-enable locked site tests, that don't have to rely on `SiteLocker`
* Format
* Revert "Mute warnings about transferring site with no order"
This reverts commit 0e45f8c9d9.
* Re-enable old models and fix remaining tests
* Use new factories in a long running minio test
* FIXME->TODO
* Fix remaining tests in legacy mode (no FF raised)
* oof
cc @zoldar
* Add missing definitions of editor role in FE code
* Remove no longer relevant comment about roles
* Fix JS formatting
* Always prioritize site transfers over memberships in sites list
* Fix misaligned "Reject" invitation button
* Fix site pinning when user is guest in multiple sites in team
* Fix subscription settings controller tests
---------
Co-authored-by: Adam Rutkowski <hq@mtod.org>
* Outline /settings/v2 fundamentals
* Add setting tiles stubs
* Bootstrap name change
* Bootstrap theme change
* Bootstrap security settings
* Use table component for listing sessions
* Disable current e-mail field
* Implement Danger Zone
* Deal with compilation warnings
* Implement "Subscription" section
* Implement invoices list
* Fix invoices empty state & add API keys
* Fix headings in Subscription section
* Fix API keys mobile view
* Fix subscription boxes width
* Fix formatting
* Move tests for settings WIP
* Adjust remaining tests and router placement
Include docs links in tiles, where applicable.
* Fix remaining routes and remove dead code
* Fix route in a live view where no @conn is available
* Update mobile view settings picker
* Format
* Fix subscription section headings
* Fix account e-mail on dark mode
* Delete unused template
* Fix mobile setting section picker
* Optimize Login Management tile for mobile
* Update invoices section with docs link
* Update copy
* Remove trailing dots from (sub)titles
* Fix CSV export padding for "exporting" state
* Align subscription status to the right
* Fix failing test
* Fix subscription status alignment once again
* Improve subscription mobile view a little
* Fixup test compilation 🙈
* Add extra margin to subscription status box
* Make cancel button in 2FA modals expand in mobile view
* Stats API only
* Capitalize "Current session" indicator
* Show "Show More" invoices button only when there's >12
* tiny change
* Update changelog
---------
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
Co-authored-by: Marko Saric <34340819+metmarkosaric@users.noreply.github.com>
* Enable exceptions when revoking all user sessions
* Add `User` changeset for changing password
* Make button in `2fa_input` component optional
* Implement password change from User Settings
* Add tests
* Fix 2FA modal cancel button formatting
* Update changelog
* Don't pass redundant params to `render_settings` and clean up code a bit
* Render one error per field in password reset form
* Refactor inline form 2FA validation
---------
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* Implement listing user sessions in user settings
* Make copy adjustments (h/t @metmarkosaric)
* Make warning button text color more consistent across user settings
* Add tests for `UserAuth.revoke_user_session/2`
* Test and improve `Auth.UserSessions`
* Test and improve controller actions
* Update CHANGELOG.md
* Turn `Plausible.Auth.UserSession` into full schema
* Implement token based sessions and use them as default
* Ignore expired user sessions during retrieval from DB
* Implement plug bumping user session last used and timeout timestamps
* Implement Oban worker removing expired user sessions with grace period
* Implement legacy session conversion on touch, when applicable
* Update `UserAuth` moduledoc
* Extend `UserAuth` tests to account for db-backed session tokens
* Update CHANGELOG
* Add tests for `UserSessionTouch` plug
* Add test for `CleanUserSessions` worker
* Add logging of legacy session retrievals
* Use single update permitting stale records when touching user session
* Don't fetch session and user for external API endpoints (/api/event too)
* Refactor `Users.with_subscription/1` and expose helper query
* Skip fetching session in legacy `SessionTimeoutPlug`
* Rely on user session assign from `AuthContext` in `SentryContext`
* Silence legacy session warnings in `UserSessionTouchTest`
* Rely on session assign from `AuthPlug` in `SuperAdminOnlyPlug`
* Change `UserAuth` to get session, user and last subscription in one go
* Avoid refetching user session in `AuthorizeSiteAccess` plug
* Fix code formatting
* Refactor `UserAuth.get_user_token/1` (h/t @aerosol)
* Remove bogus empty opts from `scope` declarations in router
* Only touch session once an hour and keep `user.last_seen` in sync
* Bring back logging of legacy token use
* Migration: add installation meta
* Update site schema with installation meta
* Remove VERIFICATION_ENABLED env var
* Add context API to create/remove special goals
* Add context api to update installation meta
* Remove verification enabled check
* Update new progress flow definitions
* Update generic components
* Remove internal /status API
* Implement installation live view
* Update traffic change notifier link
* Update verification, no more modal
* Update routes
* Remove focus.html - will unify everything under app layout
* Fix broken link
* Update templates with focus_box mostly
* Update controller tests
* Update controllers and stop using the focus layout
* copy changes
* Update verification.ex
* Remove dead template
* Update settings_general.html.heex
* Update copy in tests
* Update installation.ex
* Remove dangling dot
* Fix link
* Update installation.ex
* Update installation.ex
* Better tooltips?
* Simpler labels
* Revert "Simpler labels"
This reverts commit 797560ef82f2067458b03b884be5aecc8fdc72bc.
* Add copy to clipboard link and fix snippet's dark mode
* Offer installation detection skip only if ws connected
* Put COPY link at the bottom with background
* Make tooltips link to docs
* Fix cherry-pick gone wrong
* Hide tooltips on mobile screens
* WIP: 404 tracking wizard
* Revert "WIP: 404 tracking wizard"
This reverts commit a9c9c79bbd.
* Update lib/plausible_web/live/components/verification.ex
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* Update lib/plausible_web/live/installation.ex
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* Use current_user from socket.assigns
* Update lib/plausible_web/live/installation.ex
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* Use current_user from socket.assigns
* Use conn.private to steer verification tests
* Drop non-sticky tooltip in favour of component parametrization
Co-authored-by: Artur Pata <artur.pata@gmail.com>
* Reapply "WIP: 404 tracking wizard"
This reverts commit 3ba81671d7.
* Fix installation tests including 404 tracking
* Fixup the tooltip component
* Format
* Update installation.ex
* Put flash whenever installation option changes
* Use last known installation type on domain change
* Extract user flow definition to provide compile-time checks
* See if this helps running CE migrations successfully
* Use `styled_link` on registration/login views
* Don't crash when there's no conn.private carried over
* Format
* Push "Determining installation type" message a bit lower
* Use links and footer lists uniformly
This commit introduces a `<.focus_list/>` component
for rendering focus box footer links with colored
discs. It also equips generic link components
with the ability of sending non-GET requests
along with CSRF token, so we can apply uniform
styling and stop using legacy Phoenix link tags.
cc @zoldar @apata
* ws 👾
* Render more descriptive flashes on script config change
---------
Co-authored-by: Marko Saric <34340819+metmarkosaric@users.noreply.github.com>
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
Co-authored-by: Artur Pata <artur.pata@gmail.com>
* Extract session management from AuthController
* Don't explicitly pass `current_user_id` to `live_render`'s session
* Add ability to retrieve session and user from token via `UserAuth`
* Always fetch current user (or just id) via `UserAuth` API
* Introduce `UserSession` as an embedded schema for now
* Make `UserAuth.get_user/1` accept `UserSession` as an input
* Introduce LV auth context populating user data from session on mount
* Refactor `AuthPlug` and make it populate `current_user_session` as well
* Rely on authenticated user data provided by auth plug or LV context
* Make `Sites.get_for_user(!)` accept `User` struct as well
* Set `logged_in` cookie explicitly when it's out of sync with session
* Expand modules documentation a bit
* Improve and extend tests slightly
* First pass: unify onboarding UI
* Dark mode fixes
* Format
* Update self-hosted index
* Remove unnecessary child box in Enter Your 2FA screen
* Fixup Enter Your 2FA screen
* Add safeguard against flaky auth rate limit tests
* Fix typo in a log message
* Extract and abstract rate limiting from `AuthController`
* Fix flaky rate limit test tag
* Don't leak prefix from auth rate limit
* Use more compact map syntax
* Remove special tag in favor of `eventually` test util function
* Set default selected tab to last cycle when rendering usage
...And never disable this tab.
* rename Ongoing cycle to Upcoming cycle
* fix tests
* mix format
* Create a stub of site settings section for imports and exports
* Use legacy site import indication to determine UA import handling
* Add provisional logos for upcoming import sources
* Stub basics of import page
* Add very rudimentary support for multiple UA imports
* Implement imports list as live view
* Add support for opening LV modal from backend and closing from frontend
* Introduce notion of themes to `button` and `button_link` components
* Add confirmation modal on deleting import
* Swap GA4 logo
* Implement disabled state support for `button_link` component
* Disable export and non-implemented import sources
* Use native starts start date for upper boundary of import time range
* Ensure integrations view uses legacy UA import flow
* Remove unnecessary preload in SiteController
* Remove unnecessary exception for legacy imports
* Move API controller stats tests under PlausibleWeb
* Test listing imports
* Add test for explicit listener setup
* Add tests for legacy flag state in UA importer
* Add test for purging legacy import data
* Add tests for `Sites.native_stats_start_date`
* Test forgetting imports
* Add `Stats.Clickhouse.imported_pageview_counts/1` and fix test flakiness
* Show page view counts on imports list
* Add tests for static imports and exports view
* Adjust button look slightly
* Use `case` instead of `cond`
* Make feature flag customisable per site
* Fix buttons and empty state styling
* Add another import to seeds
* Use JS confirm dialog instead of modal for deletion confirmations
* Revert "Add support for opening LV modal from backend and closing from frontend"
This reverts commit 260e6c753032b451542e24be9edc2118790b5a00.
* Default `legacy` to false when inserting new import jobs
* Drop `method` attribute from `button_link` and `unstyled_link` components
* remove unused functionality
We can now safely delete all the logic around users who are on trial and
signed up *before* the business tiers release, since that's no longer
possible
* add monthly_pageview_limit fn clause that takes a user
* make Quota.site_limit return enterprise site limit
...not `:unlimited`, as we still need to display it
in the account settings.
* make `team_member_limit/1` return :unlimited on small_build
* improve team_member_usage/1 function doc
* stop displaying unlimited symbol in usage section
These unlimited limits include:
* `monthly_pageview_limit` for trials
* `team_member_limit` for old enterprise plans
* `site limit` for old accounts (before 2021-05-05)
* format
* small refactor case clause + move mod vars
* review suggestions
* Add 2FA actions to `AuthController`
* Hook up new `AuthController` actions to router
* Add `qr_code` to project dependencies
* Implement generic `qr_code` component rendering SVG QR code from text
* Implement enabled and disabled 2FA setting state in user settings view
* Implement view for initiating 2FA setup
* Implement view for verifying 2FA setup
* Implement view for rendering generated 2FA recovery codes
* Implement view for verifying 2FA code
* Implement view for verifying 2FA recovery code
* Improve `input_with_clipboard` component
* Improve view for initiating 2FA setup
* Improve verify 2FA setup view
* Implement `verify_2fa_input` component
* Improve view for verifying 2FA setup
* Improve view rendering generated 2FA recovery codes
* Use `verify_2fa_input` component in verify 2FA view
* Do not render PA contact on self-hosted instances
* Improve flash message phrasing on generated recovery codes
* Add byline with a warning to disable 2FA modal
* Extract modal to component and move 2FA components to dedicated module
* First pass on loading state for "generate new codes"
* Adjust modal button logic
* Fix button in verify_2fa_input component
* Use button component in activate view
* Implement wait states for recovery code related actions properly
* Apply rate limiting to 2FA verification
* Log failed 2FA code input attempts
* Add ability to trust device and skip 2FA for 30 days
* Improve styling in dark mode
* Fix waiting state under Chrome and Safari
* Delete trust cookie when disabling 2FA
* Put 2FA behind a feature flag
* Extract 2FA cookie deletion
* ff fixup
* Improve session management during 2FA login
* Extract part of 2FA controller logic to a separate module and clean up a bit
* Clear 2FA user session when rate limit hit
* Add id to form in verify 2FA setup view
* Add controller tests for 2FA actions and login action
* Update CHANGELOG.md
* Use `full_build?()` instead of `@is_selfhost` removed after rebase
* Update `Auth.TOTP` moduledoc
* Add TOTP token management and make `TOTP.enable` more test-friendly
* Use TOTP token for device trust feature
* Use zero-deps `eqrcode` instead of deps-heavy `qr_code`
* Improve flash messages copy
Co-authored-by: hq1 <hq@mtod.org>
* Make one more copy improvement
Co-authored-by: hq1 <hq@mtod.org>
* Fix copy in remaining spots
* Change redirect after login to accept URLs from #3560 (h/t @aerosol)
* Add tests checking handling login_dest on login and 2FA verification
* Fix regression in email activation form submit button behavior
* Rename `PlausibleWeb.TwoFactor` -> `PlausibleWeb.TwoFactor.Session`
* Move `qr_code` component under `Components.TwoFactor`
* Set domain and secure options for new cookies
---------
Co-authored-by: hq1 <hq@mtod.org>
* refactor asking for the monthly pageview usage
* add tests for usage and limits section in account settings
* display pageview usage per billing cycle for active subscribers
* disable cycle tabs if no usage
* make current billing cycle whole
...instead of capping it at today's date
* run queries for different cycles concurrently
* fix linebreak bug
* add calculate usage action into CRM
* change some names of assigns
* block subscribing to a plan by pageview usage
Depending on whether the customer has already subscribed or not, checking
their pageview usage is different:
* If they're not subscribed yet, we allow them to subscribe to a plan If
it their last 30 days usage does not exceed the plan pageview limit by
more than 15% (30% for when subscribing to a 10k plan)
* For existing subscribers, we'll use the exact same mechanism that we're
using for locking sites - the last two billing cycles usage. If both
cycles exceed the plan limit by more than 10% - we don't allow them to
subscribe to the plan
* apply credo suggestion
* prevent highlight bar overflow
* move disabled classes to button element
* optimize for darkmode
* unify link and text styling on the same horizontal line
'Upgrade' & 'Update billing details' links + billing interval text were
positioned on the same line. The font size was similar, but not the same
* improve exceeded_limits function readability
* Refactor some tests and remove code duplication
* override allow upgrade when limits exceeded
In cases where limits are exceeded, we can set the boolean flag
`allow_next_upgrade_override` to `true` in the CRM. This will allow
the user to upgrade to any plan they want. After they've upgraded or
changed their plan - the flag will automatically reset to `false`.
* only apply upgrade override for exceeded pageview limit
* fix tests on the CI
* make current_cycle usage always displayed by default
* make pageview allowance margin more clear
* add comment
* Disable super-admin checks on small build
* Mute a test writing to stdout
* Move sampling outside of small build
* Convert waiting_first_pageview to heex and stop relying on env vars
* Set site limit unlimited on small build
* Stop relying on app env to get trial expiry
* Remove custom domains - including migration
* Remove is_selfhosted from layout view
* Quota fixup
* Stop relying on app env for self hosted registration
* Stop relying on app env for pass reset success
* Apply on_trial? check only on full build
* Update templates relying on app env
* Adjusts auth controller tests for small build
* Trial fixup
* Fixup
* Stop relying on app env
* Rest of the fsckn owl
* Update typespecs
* Fix dialyzer warning
* Remove unused module
* Credo + format
* GeoIP is not, for full build
* Use `small_build?()` where applicable
* Implement bypassing FirstLaunchPlug without insertions
* Get Marko's patch de58a18a85
* Test is-dbip=false presence
* Fix typespec
* Remove future hardcodes
* Handle `nil` from `Plausible.Geo.database_type()`
* Remove XXX marker
* Use one typespec for two clauses
* Introduce `MIX_ENV=small_dev`
* Revert "Use one typespec for two clauses"
This reverts commit 8d8cd21764.
* refactor asserting plan generation in plans_test.exs
* stop grandfathering old expired trials
For users who registered before the business tiers release, we want to
offer a chance to subscribe to a grandfathered plan. However, if they
let their trial expire and don't subscribe in the next 10 days, they'll
lose that opportunity.
* stop grandfathering expired subscriptions
* remove default title and icon from Generic.notice
* fix bug with dismissable notice
classList is null when dismissable_id is not given
* alias Plausible.Auth.User
* Refactor Generic.notice component
Make it easy to apply different colors
* move subscription_cancelled_notice across the app
And remove from user settings > subscription box. Also, include a note
about losing grandfathered status when letting the subscription expire.
* allow full width in Generic.notice
* use Generic.notice for subscription_past_due_notice
* use Generic.notice for subscription_paused_notice
* prevent two notices clashing into each other with gap-y-2
* define attrs for phx components
* optimize for light mode
* make subscription cancelled notice dismissable
but if it's dismiss, show it in the place where it was before in the
account settings > subscription box
* make function private
* replace function doc with regular comment to avoid compile warning
* use array for classnames
Co-authored-by: Vinicius Brasil <vini@hey.com>
* fix typos in function doc
---------
Co-authored-by: Vinicius Brasil <vini@hey.com>
* price formatting
* fix space underlined
* add a redirect from :upgrade to :choose_plan
* Add premium feature notice to revenue goals
* add the number of API request to plan benefits
* be more explicit about Stats API requests
* start linking to the new upgrade page if FF enabled
* add redirect to :upgrade_to_enterprise_plan from :choose_plan
This commit intends to keep the existing behaviour of redirecting users
directly to the enterprise upgrade page when they click on an upgrade
link in an email and have an enterprise plan configured.
Hence, we can also simplify the /settings template and only link to
'/billing/choose-plan', even for enterprise plans.
* deprecate /billing/change-plan route based on FF
* Move new site template to HEEX
* Move new team member invitation template to HEEX
* Standardize exceeded limits error message
* Fix failing tests
* Limit Stats API access to unlimited trials
---------
Co-authored-by: Vinicius Brasil <vini@hey.com>
* Bump deps
* Bump stack
* Fix deprecation warnings
* Fix VCR cassettes mismatch due to OTP-18414
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* Format & fix flaky tests
* Handle raw IPv4 hostnames; test public suffix TLD
* Configure locus db cache_dir
So that maxmind unavailability doesn't affect
application startup. PERSISTENT_CACHE_DIR env var is used
to point locus at the GeoIP DB file.
* WIP: Remove ExVCR
* Fix test env config
* Fixup exvcr
* Remove exvcr from deps
* Add convert script
* Remove exvcr cassettes
* Remove convert script
* Rename test
* Update moduledoc
* Update dockerfile
* Bump CI cache
* Tag more slow tests, why not?
* Use charlist for locus cache option
* Pin nodejs
* Merge google tests, make them async
---------
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* Refactor email verification codes generation to avoid predictability
* Improve `Site.Memberships.any?` slightly
* Update tests
* Fix seeds
* Use `expired?` predicate for checking verification code validity in tests
* Store verification code as string in database to avoid unnecessary int casting
* Include ApiKey functions in Auth context
* Make feature notice work without %Site{}
Previously the extra feature notice required a %Site{} in order to check
the owner plan. However, not every feature is scoped by site, for
example the Stats API. For features like this, a %User{} is required,
and not a %Site{}.
This commit replaces the `:site` param with `:billable_user`, which is
common to both site and user-scoped features.
* Add stats_api to the list of extra features
* Limit API Key creation based on user plan
This pull request implements limits to funnels, revenue goals and custom props based on the site owner plan. It extends the current "premium feature" notice to account for the new plans, trials and the on-going private preview. Stats API is not in the context of this pull request, but will be implemented likewise.
* Implement PoC for email reverification flow on update
* Improve user settings form and email change validation
* Expose `previous_email` in Kaffy CRM
* Improve plugs setup and remove dead action from AuthController
* Fix seeds
* Extract predicate query functions from AuthController
* Add tests
* Update CHANGELOG.md
* Rename `has_any_sites?` to `Memberships.any?` and `has_any_memberships?`
* Improve flash message on cancelling email change
* Cover one more test case for email update
* rename enterprise?/1 function
* change link text to Upgrade when subscription deleted
* extract paddle_button and paddle_script components
* create a new upgrade-to-enterprise-plan page
* extract upgrade_link component
* rename function
* link to enterprise plan upgrade page from settings
...if the user has an enterprise plan configured
* fetch enterprise plan price on the new page
* add change_enterprise_plan functionality on the new page
* render existing change_enterprise_plan_contact_us.html
...when subscribed to latest configured enterprise plan
* rename vars and extract resumable? fn
* remove dead billing route
* small test refactor: extract convenience fn
* add tests for...
...restricting paused and past_due subscription access to the new
enterprise plan page.
1. redirect to /settings from the controller action
2. hiding the change-plan link from the user settings
* implement redirect to /settings
* hide the enterprise upgrade/change-plan link
* add tests for a deleted enterprise subscription
* plug in the new controller action and delete dead code
* optimize for dark mode
* fix compile warning
* credo fix
* display N/A instead of crash when price nil
* change subscription.status type to Ecto.Enum
Also, create a new `Subscription.Status` module that exposes macros to
return the used atom values (prevent typos at compiletime).
* fix bug (@conn not available anymore)
* use Routes.billing_path where applicable
* add a status() type
* silence credo
* refactor suggestion from review
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
* Remove the __using__ macro from Subscription.Status
... instead be explicit about requires and aliases and also order
the use, import, require, and alias clauses according to
https://github.com/christopheradams/elixir_style_guide#module-attribute-ordering
* drop the virtual Enteprise 'price_per_interval' field
* apply review suggestion to make the code more DRY
* use dot syntax to fetch current user in new controller actions
* fix formatting
---------
Co-authored-by: Adrian Gruntkowski <adrian.gruntkowski@gmail.com>
This change addresses two problems:
* controller action crashing missing "token" param - it's handled gracefully
now and will not pollute Sentry anymore with http://sentry.plausible.io/organizations/sentry/issues/4319
* LiveView receives email extracted from token on initial page load instead
of reverifying token on every re-mount (which can happen when somebody
leaves form open for an extended period of time; rare but happens and
needlessly pollutes Sentry as well)
* Add zxcvbn dependency
* Change password length range requirement from 6-64 to 12-128
* Reimplement register form in LV
* Implement server-side check for password strength
* Add rudimentary strength meter
* Make password input with strength a separate component and improve it
* Fix existing tests to provide strong enough password
* Apply formatting
* Replace existing registration form with new one
* Hide built-in label in `.input` component when none provided
* Crop password to first 32 chars for analysis by zxcvbn
* Add tests for new form components
* Integrate hCaptcha into LV
* Fix existing AuthController tests
* Add tests for Live.RegisterForm
* Hide strength meter when password input is empty
* Randomize client IP in headers during tests to avoid hitting rate limit
* Apply auxilliary formatting fixes to AuthController
* Integrate registration from invitation into LV registration logic
* Fix existing password set and reset forms
* Make `password_length_hint` component more customizable
* Optimize `Auth.User.set_password/2`
* Remove unnecessary attribute from registration form
* Move password set and reset forms to LV
* Add tests for SetPasswordForm LV component
* Add tests for password checks in `Auth.User`
* Document code a bit
* Implement simpler approach to hCaptcha integration
* Update CHANGELOG.md
* Improve consistency of color scheme
* Introduce debounce across all text inputs in registration and password forms
* Fix email input background in register form
* Ensure only single error is rendered for empty password confirmation case
* Remove `/password` form entirely in favor of preferred password reset
* Remove unnecessary `router` option from `live_render` calls
* Make expensive assigns in LV with `assign_new` (h/t @aerosol)
* Accept passwords longer than 32 bytes uniformly as very strong
* Avoid displaying blank error side by side with weak password error
* Make register actions handle errors gracefully
* Render only a single piece of feedback to reduce noise
* Make register and password reset forms pw manager friendly (h/t @cnkk)
* Move registration forms to live routes
* Delete no longer used deadviews
* Adjust registration form in accordance to changes in #3290
* Reintroduce dogfood page path for invitation form from #3290
* Use alternative approach to submitting plausible metrics from LV form
* Rename metrics events and extend tests to account for them
Adam Rutkowski
Adrian Gruntkowski
Uku Taht
RobertJoonas
Vini Brasil