docuseal

Commit Graph

Author	SHA1	Message	Date
Ryan Arakawa	a1ed992ee4	CP-10294 add account groups (#19 ) - Add account_groups table and model - Add account_group references to accounts, users, templates, template_folders - Make account_id nullable on users, templates, template_folders - Add controllers and specs * Consolidate account groups migrations - Replace 8 separate migrations with 2 consolidated ones - Create account groups and relationships in one migration - Make account_id columns nullable in second migration * this logic is being handled in external_auth_controller * remove unnecessary controllers * remove unnecessary routes * refactor account_group.default_template_folder * align method with Account version of this method * refactor controllers to move complex logic to service * move account/account group validation to concern * this method is not yet needed * we may implement this differently in next ticket to handle account and account group syncing for templates. * rubocop violation fixes * a few more refactors and add tests * Change external_account_group_id to integer type * Refactored external_account_group_id from string to integer in models, migrations, factories, and specs for consistency. * Merged account_id nullability changes into a single migration and removed the obsolete migrations. * Updated authentication logic to require either account or account_group presence for user activation.	3 months ago
Ryan Arakawa	4ec9e7fc5e	CP-10370 authentication (#15 ) * Add external_id fields to accounts and users tables Adds external_account_id and external_user_id fields to support integration with external ATS systems. These fields will map DocuSeal accounts/users to their corresponding ATS entities. * Add external ID support to Account and User models Implements find_or_create_by_external_id methods for both Account and User models to support automatic provisioning from external ATS systems. Users now have access tokens for authentication. * Add external authentication API endpoint Creates /api/external_auth/get_user_token endpoint for external API systems to authenticate users and receive access tokens. * Refactor authentication to support token-based login Replaces demo user authentication and setup redirect logic with token-based authentication via params, session, or X-Auth-Token header. Users do not login, they are just authenticated via token. * Replace authenticate_user! with authenticate_via_token! Refactored controllers to use authenticate_via_token! instead of authenticate_user! for authentication. Added authenticate_via_token! method to ApiBaseController. * Update controller authentication and authorization logic Removed and replaced several before_action and authorization checks in ExportController, SetupController, and TemplateDocumentsController. * Add external authentication API endpoint * Add IframeAuthentication concern for AJAX requests in iframe context * Create shared concern to handle authentication from HTTP referer * Extracts auth token from referer URL when AJAX requests don't include token * Supports Vue component requests within iframes * Remove old user authentication from dashboard controller * Quick fix for request changes Now that we have scoped users, we're changing this to compare to the template authot * rubocop fixes * Add and update authentication and model specs Introduces new specs for iframe authentication, account, user, application controller, and external auth API. * add safe navigation and remove dead method	4 months ago

Author

SHA1

Message

Date

Ryan Arakawa

a1ed992ee4

CP-10294 add account groups (#19 )

- Add account_groups table and model
- Add account_group references to accounts, users, templates, template_folders
- Make account_id nullable on users, templates, template_folders
- Add controllers and specs

* Consolidate account groups migrations

- Replace 8 separate migrations with 2 consolidated ones
- Create account groups and relationships in one migration
- Make account_id columns nullable in second migration

* this logic is being handled in external_auth_controller

* remove unnecessary controllers
* remove unnecessary routes

* refactor account_group.default_template_folder

* align method with Account version of this method

* refactor controllers to move complex logic to service

* move account/account group validation to concern

* this method is not yet needed

* we may implement this differently in next ticket to handle account and account group syncing for templates.

* rubocop violation fixes

* a few more refactors and add tests

* Change external_account_group_id to integer type

* Refactored external_account_group_id from string to integer in models, migrations, factories, and specs for consistency.
* Merged account_id nullability changes into a single migration and removed the obsolete migrations.
* Updated authentication logic to require either account or account_group presence for user activation.

Ryan Arakawa

4ec9e7fc5e

CP-10370 authentication (#15 )

* Add external_id fields to accounts and users tables

Adds external_account_id and external_user_id fields to support
integration with external ATS systems. These fields will map
DocuSeal accounts/users to their corresponding ATS entities.

* Add external ID support to Account and User models

Implements find_or_create_by_external_id methods for both Account
and User models to support automatic provisioning from external
ATS systems. Users now have access tokens for authentication.

* Add external authentication API endpoint

Creates /api/external_auth/get_user_token endpoint for external API systems
to authenticate users and receive access tokens.

* Refactor authentication to support token-based login

Replaces demo user authentication and setup redirect logic with token-based authentication via params, session, or X-Auth-Token header.

Users do not login, they are just authenticated via token.

* Replace authenticate_user! with authenticate_via_token!

Refactored controllers to use authenticate_via_token! instead of authenticate_user! for authentication. Added authenticate_via_token! method to ApiBaseController.

* Update controller authentication and authorization logic

Removed and replaced several before_action and authorization checks in ExportController, SetupController, and TemplateDocumentsController.

* Add external authentication API endpoint

* Add IframeAuthentication concern for AJAX requests in iframe context

* Create shared concern to handle authentication from HTTP referer
* Extracts auth token from referer URL when AJAX requests don't include token
* Supports Vue component requests within iframes

* Remove old user authentication from dashboard controller

* Quick fix for request changes

Now that we have scoped users, we're changing this to compare to the template authot

* rubocop fixes

* Add and update authentication and model specs

Introduces new specs for iframe authentication, account, user, application controller, and external auth API.

* add safe navigation and remove dead method

2 Commits (0470f1a48e6cfe0c111927bc8fe6b5e81c06dec0)