b993c25927
Fix test image build: use amd64 runner, single-platform build
2 weeks ago
07ed359766
Fix GHCR permissions: add explicit packages:write to workflow
2 weeks ago
65a77e029a
Fix docker-login-action version for arm64 runner
2 weeks ago
37aebb338e
Add public test Docker image build workflow
...
Builds and pushes ghcr.io/wabolabs/wabosign:test on every master push.
Publicly pullable, no auth required. Non-default tag distinguishes from
stable wabolabs/wabosign releases.
2 weeks ago
4faa0dcd6b
Shorten pending test reasons for Rubocop compliance
2 weeks ago
3c64e515b6
Fix Rubocop offenses in new spec files
...
- Auto-correct layout, alignment, and indentation issues
- Add reasons to all pending tests
- Fix line length violations
2 weeks ago
95a56d4648
Add comprehensive E2E test suite and Docker test infrastructure
...
System specs (10 new files, 880 lines):
- Fork branding: brand name display, personalization form, upstream attribution
- Account logo: section visibility, placeholder, attached logo display
- Signing flow: enforced order, signature clear/redraw, resubmit, optional fields, decline
- Role-based access: admin/editor/viewer nav and button visibility matrix
- SMS/SSO settings: placeholder visibility in single-tenant mode
- Submission lifecycle: send-to-recipients, sign flow, completion verification
- Template CRUD: restore archived, share link toggle, folder navigation
- Feature toggles: 7 toggle integration tests (decline, delegate, reason, order, typed sig, MFA, resubmit)
API request specs (1 new file, 91 lines):
- User show, template clone, submission documents, form/submission events, tools merge
Docker test infrastructure:
- Dockerfile.test: Ruby 4.0.5 + Chrome + Node 20 + pdfium + libvips
- docker-compose.test.yml: PostgreSQL 14 + test service with volume caching
- bin/test: convenience script for running tests locally
Fix existing specs to match actual HTML/CSS:
- Rename .navbar selectors (no such class exists)
- Fix button/link selectors for Clone/Archive/Restore
- Fix modal selectors for share link and send-to-recipients
- Fix signing reason select selector (Vue-rendered)
- Fix complete button selector (Vue teleport)
- Fix awaiting view text (uppercase CSS)
- Fix pending/completed status text (uppercase badges)
2 weeks ago
776384cacd
Fix 29 Dependabot vulnerabilities in npm dependencies
...
Critical:
- form-data: unsafe random for boundary (4.0.0→4.0.4)
High:
- axios: prototype pollution, SSRF, MitM, DoS (1.8.2→1.16.0)
- cross-spawn: ReDoS (7.0.3→7.0.6)
- picomatch: ReDoS (2.3.1→2.3.2)
- flatted: prototype pollution via parse (3.x→3.4.2)
- immutable: prototype pollution (4.x→4.3.8)
- svgo: entity expansion DoS (3.0.2→3.3.3)
- path-to-regexp: ReDoS (0.1.12→0.1.13)
- follow-redirects: auth header leak (1.15.6→1.16.0)
- js-yaml: prototype pollution (4.1.0→4.1.1)
- markdown-it: ReDoS (14.1.0→14.1.1)
- nanoid: predictable output (3.3.x, already patched)
- micromatch: ReDoS (4.0.5→4.0.8)
- serialize-javascript: RCE (6.0.1→6.0.2)
- lodash: prototype pollution (4.17.x→4.18.0)
- qs: DoS (6.14.1→6.15.2)
Medium:
- postcss: XSS (8.4.31/8.4.49/8.5.6→8.5.10)
- rollbar: prototype pollution (2.26.4→2.26.5)
- webpack-dev-server: source exposure (5.2.3→5.2.4)
Also updates direct dep version specs and adds yarn resolutions
for consistent transitive dependency versioning.
Not fixed (no patch available yet): devise open redirect,
faraday URI bypass. Already fixed: jwt HMAC bypass (closed alert).
3 weeks ago
38566399b0
Fix CI: add bin/sync-upstream to rebrand allowlists, install libvips for assets precompile
3 weeks ago
f725834cae
Automate upstream sync workflow and fix CI gaps
...
- bin/sync-upstream: automation script for upstream tag sync with
logo file restoration from ORIG_HEAD after merge
- CI: setup-node@v1->@v4, set-output->$GITHUB_OUTPUT,
docuseal_test->wabosign_test, add rebrand-check and
assets-precompile jobs
- Docker: checkout@v3->@v4, metadata-action@v4->@v5,
login-action@v3->@v6, images->wabolabs/wabosign, add PR build test
- rebrand-sync: add logo paths to DENY_PATHS
- .gitattributes: add -merge for brand logo files
- REBRANDING.md: update per-sync workflow with logo restoration step
3 weeks ago
b0965eb276
Restore WaboSign W mark logos overwritten by upstream sync
...
The 3.0.2 upstream sync (977a98a5
3 weeks ago
36e26f7549
Merge remote-tracking branch 'upstream/master'
3 weeks ago
78264a3584
Always register Google OAuth2 strategy in test env so route helper is available
3 weeks ago
f848f073aa
Fix CI failures: omniauth config, users#index auth, missing logo partials
...
- Add Google OAuth2 provider config to devise initializer (was lost in upstream sync)
- Add explicit admin authorization check for UsersController#index
- Create _wabosign_logo partials for start_form and submit_form (were renamed by rebrand-sync but files never created)
3 weeks ago
49cd964938
Fix brand_name form rendering, add missing GOOGLE_SSO_KEY, fix Docuseal references
...
- Add brand_name_form partial to personalization settings page
- Use brand_name or PRODUCT_NAME in title partial instead of hardcoded WaboSign
- Add missing EncryptedConfig::GOOGLE_SSO_KEY constant
- Replace deleted Docuseal module references with Wabosign in powered_by and email_attribution
3 weeks ago
20a1ec661b
Add BRAND_NAME_KEY to ALLOWED_KEYS in personalization_settings_controller
3 weeks ago
b378d30635
Fix Rubocop LineLength offense in sms_settings_controller
3 weeks ago
5360d5420b
Add omniauth gems to Gemfile (required for Google SSO)
3 weeks ago
f81edc07e5
Add :omniauthable to User model's devise declarations (required for Google SSO)
3 weeks ago
d9b86d464c
Restore fork-specific features lost during upstream sync:
...
- README.md: Restore WaboSign branding and content (was overwritten by upstream)
- Routes: Restore account_logo, omniauth_callbacks, send_sms, sms test_message, sso create actions
- Account model: Restore LOGO constants and logo attachment
- User model: Restore EDITOR_ROLE, VIEWER_ROLE, editor?, viewer?, from_google_omniauth, signed_in_via_sso?, default_sso_account
- Ability model: Restore role-based permissions (admin, editor, viewer)
- SMS controller: Restore create and test_message actions
- SSO controller: Restore create action and fix config key
- Brakeman fix: Escape JSON in mcp_settings to fix XSS warning
3 weeks ago
a153e926f8
Restore EDITOR_ROLE, VIEWER_ROLE, and editor?, viewer? methods to User model (fork-specific, removed during upstream sync)
3 weeks ago
ae16a0a0bf
Restore brand_name method to Account model (fork-specific, removed during upstream sync)
3 weeks ago
727a25e22d
Restore BRAND_NAME_KEY constant to AccountConfig (fork-specific, removed during upstream sync)
3 weeks ago
89571e17e1
Add missing constants to lib/wabosign.rb (CONSOLE_URL, CLOUD_URL, CDN_URL, etc.) — these were in deleted lib/docuseal.rb
3 weeks ago
9137d4384d
Remove lib/docuseal.rb — conflicts with lib/wabosign.rb (Zeitwerk expects lib/docuseal.rb to define Docuseal module)
3 weeks ago
d9587b5a2d
Merge temp-rebrand: sync to upstream 3.0.2 + rebrand-check update
3 weeks ago
6fb7a1a779
Update rebrand-check to tolerate new upstream patterns (i18n keys, Twitter handles, github.com/docusealco)
3 weeks ago
977a98a5da
Sync to upstream 3.0.2 — integrate 28 upstream commits with WaboSign rebrand
3 weeks ago
1f89accac3
Merge from docusealco/wip
3 weeks ago
9fcaef4cf7
use new_from_memory_copy
3 weeks ago
d5738a0631
disable variant_processor
3 weeks ago
8bf7a1f95a
adjust image detect fields
3 weeks ago
04cf36891e
fix complete button press enter
3 weeks ago
b2d9948c30
remove active storage analyzers
3 weeks ago
a2c9ac1707
remove image_processing
3 weeks ago
46a6bd0108
fix stamp
3 weeks ago
5f069e7a40
use load vips
3 weeks ago
ff57e5c6ae
fix pdfa
3 weeks ago
f65b6e2d76
add confirm prompt for template upload via URL
3 weeks ago
58fd180ae0
update gem
3 weeks ago
cd6503c4c3
adjust image size
3 weeks ago
e8b36c2b6d
update gh stars
3 weeks ago
51743f1359
fix spec
3 weeks ago
504c42646b
refactor template builder data
3 weeks ago
c61e84d1b4
adjust archive
3 weeks ago
b8ab01c46c
add dynamic documents to template response
3 weeks ago
9558060bde
check resubmit config
3 weeks ago
0741c879f1
use expires_at with file links
3 weeks ago
dca4a705ce
Merge upstream/master (tag 3.0.1) via sync/upstream-3.0.1
...
Upstream highlights (17 commits, DocuSeal 3.0.1):
- convert images on upload (JPEG for opaque images, PNG for alpha)
- security headers
- handle dangerous file extensions
- isolate editor nodes
- gem updates
- image autorotation fix
WaboSign conflict resolutions:
- Kept per-account branded_product_name() calls throughout PDF generation
- Took upstream's smarter image format selection (JPEG/PNG based on alpha)
- Kept deleted SaaS-only controllers (newsletters, enquiries, console_redirect)
- Kept deleted docs/api/ (intentionally removed in WaboSign 1.0.0)
- Took upstream convert-upload custom element for template upload button
- Removed vendor/bundle (upstream added in 3.0.1; fork excludes /vendor)
- Applied encoding-error fix to bin/rebrand-sync
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
3 weeks ago
6589867c9c
Remove vendor/bundle from tracking (upstream added in 3.0.1, not wanted in fork)
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
3 weeks ago
Wabo
Alex Turchyn
Pete Matsyburka