docuseal

Commit Graph

Author	SHA1	Message	Date
Wabo	dacefffd24	Allow Google SSO to be configured from /settings/sso (DB fallback) Until now, Google SSO required setting GOOGLE_CLIENT_ID / GOOGLE_CLIENT_SECRET / GOOGLE_ALLOWED_DOMAINS in the environment and restarting the container. This commit adds a UI-driven configuration path that doesn't need a restart, while keeping ENV as the priority source for production deployments. Storage: new EncryptedConfig key `google_sso_configs` (added to CONFIG_KEYS) with shape: { enabled: bool, client_id, client_secret, allowed_domains: [..] } The secret rides on Rails' `encrypts :value` like every other EncryptedConfig record. Strategy registration: the Devise initializer now always registers :google_oauth2 with a setup proc, so the omniauth routes exist unconditionally. The setup proc calls Wabosign.google_sso_credentials per request — that helper checks ENV first (priority) and falls back to the DB. Empty creds yield :source => :none and the Google button is hidden by the sign-in partial. User model: :omniauthable + omniauth_providers: [:google_oauth2] are now unconditional (matches the always-registered route). The boot-time fragile gating that broke `bundle exec puma` when env vars weren't set is gone. Routes: omniauth_callbacks no longer depends on ENV. /settings/sso gains a :create action. SsoSettingsController#create persists the form payload via the existing EncryptedConfig pattern (and never overwrites a saved secret with a blank). View: /settings/sso is now a real form (client_id, client_secret, allowed_domains, enabled toggle) instead of an env-only status panel. A banner explains ENV precedence when GOOGLE_CLIENT_ID is set. The redirect URI to register in Google Cloud Console is shown in the "not configured" state. User#default_sso_account now prefers the account that owns the UI-saved config so JIT-provisioned users land in the right tenant when an admin sets up SSO from the UI in a multi-account deployment. Specs: the omniauth_callbacks request specs were stubbing the removed Wabosign::GOOGLE_* constants. Switched them to `allow(Wabosign).to receive(:google_sso_credentials)`. All 5 pass. Smoke-tested the rebuilt image in three states: - No ENV, no DB: container boots, /sign_in 200, no button. - DB config saved: button appears on the very next /sign_in render. - ENV set + DB set: ENV wins (allowed_domains and creds come from ENV). Docs: GOOGLE_SSO.md gains a section describing the UI path and how the two sources interact. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	1 month ago
Wabo	ad12ef7fb5	Add Google Workspace SSO via omniauth-google-oauth2 Adds "Sign in with Google" as an additive auth path next to email and password. When GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET are set, the Google button appears on the sign-in page and the SSO settings page shows an env-driven status panel. Access is restricted to Workspace domains listed in GOOGLE_ALLOWED_DOMAINS (CSV); the hd claim is re-verified server-side on every callback so a misconfigured Google consent screen cannot bypass it. New users from an allowed domain are JIT-provisioned in the default account (oldest, or pinned via GOOGLE_DEFAULT_ACCOUNT_ID). Existing users with a matching email get linked to their Google identity on first sign-in; identity collisions (same email, different Google uid) are rejected. Google's MFA is trusted: users signed in via Google do not see the WaboSign OTP prompt or the FORCE_MFA setup redirect. Password sign-in keeps working unchanged, including its existing OTP gate. Implementation: - Devise gains :omniauthable when SSO is enabled; users get provider/uid columns with a partial unique index that allows NULL for password-only rows. - Users::OmniauthCallbacksController handles /users/auth/google_oauth2/ callback, sets session[:bypass_otp_for_sso], and redirects on failure. - SessionsController#destroy clears the bypass flag on sign-out. - DashboardController#maybe_redirect_mfa_setup honours the flag and User#signed_in_via_sso?. - The previously empty _omniauthable.html.erb stub now renders the Google button. Request specs cover happy path, link-existing-user, domain rejection, identity collision, and 2FA bypass. GOOGLE_SSO.md is the operator-facing setup, behaviour, verification, and troubleshooting guide. README links to it. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	1 month ago
Wabo	2796ddf424	Rebrand DocuSeal to WaboSign and unlock Pro features Renames the product to WaboSign across UI, mailers, locales, assets, and internal Ruby module. Keeps the upstream DocuSeal attribution required by AGPLv3 §7(b) in the powered-by footer, email attribution, README, and a new NOTICE file. Migration renames the AATL cert identifier in encrypted configs from docuseal_aatl to wabosign_aatl. Removes multitenant-gated Pro upsell UI (Plans/Console/Upgrade links, SMS/SSO/bulk-send/logo placeholders, reminder-duration restriction, the "DocuSeal Pro" email-attribution toggle, conditions/formula/payment pricing links) so every shipped feature is reachable on a self-hosted deployment. Multitenant routing logic is preserved. Drops Discord, Twitter, and ChatGPT/AI-assistant chrome. Embedding modal keeps the upstream <docuseal-form> / @docuseal/* SDK contract so existing embedded forms continue to work; documented in NOTICE. REBRANDING.md captures the change inventory for future maintainers. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	1 month ago
Pete Matsyburka	135f0826d2	fix style	1 month ago
Pete Matsyburka	5710f0177b	update gh stars	1 month ago
Pete Matsyburka	76659497b7	typos	1 month ago
Pete Matsyburka	1fa953104a	update gh stars	1 month ago
Pete Matsyburka	10fd624bec	add revisions	1 month ago
Alex Turchyn	04ec2f8260	allow permanent delete submissions in archived templates	1 month ago
Pete Matsyburka	01dd3fefe5	retry webhooks in test mode	1 month ago
Pete Matsyburka	45ae954c0c	add hmac webhook secret	1 month ago
Pete Matsyburka	1304849b55	update gh stars	1 month ago
Pete Matsyburka	6557329e97	gh 13k	1 month ago
Pete Matsyburka	6d3ad4a869	update gh stars	2 months ago
Pete Matsyburka	f70bf530ba	hide qr link	2 months ago
Pete Matsyburka	809c6b1aa8	fix modal open	2 months ago
Pete Matsyburka	d96d252df3	use post for test mode	2 months ago
Pete Matsyburka	a184fa11f1	move auth links	2 months ago
Pete Matsyburka	6627d7eac5	fix erblint	2 months ago
Pete Matsyburka	81a6a48d70	validate color	2 months ago
Pete Matsyburka	39407557f2	adjust page preview	2 months ago
Pete Matsyburka	c7afe33c72	add time formats	2 months ago
Pete Matsyburka	992a1b26c0	adjust tooltip position	2 months ago
Pete Matsyburka	7cdf263da1	add screen reader mode	2 months ago
Pete Matsyburka	ee65a5693c	improve accessibility	2 months ago
Pete Matsyburka	5ea6289b7a	fix test mode modal	2 months ago
Pete Matsyburka	a64bc3c618	change button style	2 months ago
Pete Matsyburka	e689687805	fix erblint	2 months ago
Pete Matsyburka	f995e1864c	add shared link qr code	2 months ago
Pete Matsyburka	11b0b16ca7	prefill signature client side	2 months ago
Pete Matsyburka	bb2fb7a0c2	refactor download	2 months ago
Pete Matsyburka	8f8b36617a	fix first party download from preview	2 months ago
Pete Matsyburka	2303c21cea	download users csv	2 months ago
Pete Matsyburka	eaedaa96bb	fix rubocop	3 months ago
Pete Matsyburka	41152f90fc	fix erblint	3 months ago
Pete Matsyburka	ffb75238b4	disable confetti by default	3 months ago
Pete Matsyburka	6ffc88b4ed	fix n+1	3 months ago
Pete Matsyburka	640b451727	adjust shared link	3 months ago
Pete Matsyburka	db6e2eb7ca	preserve order with verification	3 months ago
Pete Matsyburka	3eb0b8a89f	allow to delegate	3 months ago
Pete Matsyburka	c23eca0ade	fix field style	3 months ago
Pete Matsyburka	f4b7528c0d	fix send form	3 months ago
Alex Turchyn	8e2e780a1a	fix webhook events filtering	3 months ago
Pete Matsyburka	7aba2eb4da	disable decline	3 months ago
Pete Matsyburka	b4d137c0de	remove flash	4 months ago
Alex Turchyn	62a969d8fe	add MCP support	4 months ago
Pete Matsyburka	b2dfa83f18	upload json	4 months ago
Pete Matsyburka	37196ff89f	add dynamic documents	4 months ago
Pete Matsyburka	4a484aca69	hide storage nav if configured with env	4 months ago
Pete Matsyburka	0bf37d571a	update color	4 months ago

1 2 3 4 5 ...

784 Commits (dacefffd245e59ca44f52edc3c02a6c96d582e8c)