* Fix PDF regeneration after change requests
Allow PDFs to be regenerated when a submitter re-completes after a change
request by using timestamp-based detection. This ensures new PDFs are
generated while preserving old ones for audit trail.
Changes:
- Allow multiple 'complete' events per submitter (remove unique constraint)
- Compare event timestamps with completion time to detect stale events
- Add current_documents method to get latest PDF generation
- Prevent waiting forever on stale retry/start events from previous attempts
* Update audit trail generation for change requests
Regenerate audit trail PDF when submitter re-completes after a change request.
Remove DocuSeal branding from audit trail header and add missing translations
for request_changes events.
Changes:
- Regenerate audit trail when created before latest completion timestamp
- Remove DocuSeal logo and branding from audit trail header
- Add request_changes_by_html translations (English and Spanish)
- Generate new audit trail before cleaning up old ones (safer approach)
- Clean up old audit trail PDFs, keeping only the newest
* Change 'Request Changes' button text to 'Submit'
* Remove Download button from submissions view
* Fix download endpoint to return current documents after re-completion
* Add comprehensive tests and apply rubocop fixes
- Add tests for Submitter#current_documents method
- Add tests for PDF regeneration on re-completion
- Add tests for audit trail regeneration logic
- Apply rubocop fixes: use Rails range syntax, fix indentation
- Extract generate_and_record_documents to reduce method length
* fix potential NoMethodError and rubocop fixes
* Use ActiveStorage::Attachment directly instead of `#audit_trail`
* Fix line length in `process`
* Add download URL generator endpoint for API
* rubocop/spec fixes
* move logic out of view into controller
* move build_signed_urls method logic into new SignedDocumentUrlBuilder service
* slim down controller and its request specs
* Fix port conflicts by changing Rails to 3001 and webpack to 3036
* Update Procfile.dev to use port 3001
* Update README_LOCAL_SETUP.md with foreman and separate terminal options
* Document both servers are required for development
* Add partnership template authorization and ability system
* Update template authorization to support partnership context
* Add request context-based authorization for API access
* Implement hybrid partnership/account authorization logic
* Add submission authorization conditions for partnerships
* Support global partnership template access
* Add template cloning services for partnership workflows
* Update template cloning to require explicit target parameters, to allow for cloning for either account or from partnership
* Add Templates::CloneToAccount service for partnership to account cloning
* Add Templates::CloneToPartnership service for global to partnership cloning
* Add logic to detect account vs partnership template cloning with validation
* Add folder assignment logic for cloned templates
* Add external authentication and partnership support
* Update ExternalAuthService to support partnership OR account authentication
* Implement user assignment to accounts when partnership context is provided
* Support pure partnership authentication without account assignment
* Update API controllers for partnership template support
* Add partnership request context to API base controller
* Update submissions controller to support partnership templates
* Add partnership template cloning to templates clone controller
* Refactor template controller webhook logic to reduce complexity
* Support external_account_id parameter for partnership workflows
* Update web controllers and views for partnership template support
* Add tests
* erb_lint fixes
* add local claude file
* shared concern for handling partnership context
* remove overly permissive case
* global templates should be available for partnerships and accounts
* pass through access context in vue
* add tests
* add partnership context and tests to submissions
* add token refresh as last resort for a corrupted token
Remove hardcoded CloudFront domains and key pair IDs from repository.
All CloudFront configuration now loaded from ENV variables for security:
- CF_URL: CloudFront distribution URL
- CF_KEY_PAIR_ID: CloudFront key pair identifier
- CF_KEY_SECRET: AWS Secrets Manager path for private key
- SECURED_STORAGE_BUCKET: S3 bucket name
- SECURED_STORAGE_REGION: AWS region
This prevents exposure of infrastructure identifiers in public repository.
Configuration should be set via cpdocuseal deployment module.
Implement compliance storage configuration using AWS CloudFront signed URLs for completed documents. This reuses the existing ATS infrastructure to provide secure, time-limited access to document storage while maintaining backward compatibility with legacy storage.
- Add aws-sdk-cloudfront dependency for URL signing
- Create DocumentSecurityService for CloudFront signed URL generation
- Add secured storage service configuration in storage.yml
- Update completed_documents model with storage_location tracking
- Modify download controllers to use signed URLs for secured storage
- Add compliance_storage.yml configuration for different environments
- Update submitter completion job to track storage location
BREAKING CHANGE: Requires SECURED_STORAGE_BUCKET and SECURED_STORAGE_REGION environment variables for staging/production environments
- Add account_groups table and model
- Add account_group references to accounts, users, templates, template_folders
- Make account_id nullable on users, templates, template_folders
- Add controllers and specs
* Consolidate account groups migrations
- Replace 8 separate migrations with 2 consolidated ones
- Create account groups and relationships in one migration
- Make account_id columns nullable in second migration
* this logic is being handled in external_auth_controller
* remove unnecessary controllers
* remove unnecessary routes
* refactor account_group.default_template_folder
* align method with Account version of this method
* refactor controllers to move complex logic to service
* move account/account group validation to concern
* this method is not yet needed
* we may implement this differently in next ticket to handle account and account group syncing for templates.
* rubocop violation fixes
* a few more refactors and add tests
* Change external_account_group_id to integer type
* Refactored external_account_group_id from string to integer in models, migrations, factories, and specs for consistency.
* Merged account_id nullability changes into a single migration and removed the obsolete migrations.
* Updated authentication logic to require either account or account_group presence for user activation.
* Add external_id fields to accounts and users tables
Adds external_account_id and external_user_id fields to support
integration with external ATS systems. These fields will map
DocuSeal accounts/users to their corresponding ATS entities.
* Add external ID support to Account and User models
Implements find_or_create_by_external_id methods for both Account
and User models to support automatic provisioning from external
ATS systems. Users now have access tokens for authentication.
* Add external authentication API endpoint
Creates /api/external_auth/get_user_token endpoint for external API systems
to authenticate users and receive access tokens.
* Refactor authentication to support token-based login
Replaces demo user authentication and setup redirect logic with token-based authentication via params, session, or X-Auth-Token header.
Users do not login, they are just authenticated via token.
* Replace authenticate_user! with authenticate_via_token!
Refactored controllers to use authenticate_via_token! instead of authenticate_user! for authentication. Added authenticate_via_token! method to ApiBaseController.
* Update controller authentication and authorization logic
Removed and replaced several before_action and authorization checks in ExportController, SetupController, and TemplateDocumentsController.
* Add external authentication API endpoint
* Add IframeAuthentication concern for AJAX requests in iframe context
* Create shared concern to handle authentication from HTTP referer
* Extracts auth token from referer URL when AJAX requests don't include token
* Supports Vue component requests within iframes
* Remove old user authentication from dashboard controller
* Quick fix for request changes
Now that we have scoped users, we're changing this to compare to the template authot
* rubocop fixes
* Add and update authentication and model specs
Introduces new specs for iframe authentication, account, user, application controller, and external auth API.
* add safe navigation and remove dead method
* new controller to handle change requests
* add button and modal on completed submission view to request changes
* webhook job will send out to external API when submission is updated for changes_requested_at
* email will be sent to user that need to make changes
* submission status steps back from "completed"
This commit removes various visual elements like logos, banners, and
buttons to create a cleaner and more focused user experience. It also
adds context files for AI assistants to aid in development.
We'll need to properly strip out the user authentication stuff in the future. Since they'll already be logged into CareerPlug we don't another login here.
* automatically log in as a Demo Account user for now
Julie Graceffa
Ryan Arakawa
Bernardo Anderson
Bernardo Anderson
Mikhael Rakauskas
Mikhael Rakauskas
Pete Matsyburka
Alex Turchyn