docuseal

Commit Graph

Author	SHA1	Message	Date
Wabo	a9a61c7979	Custom account logo with SVG sanitization Replaces the disabled "logo upload not bundled in OSS" placeholder with a real upload flow. Logos attach to the Account via ActiveStorage (`has_one_attached :logo`) and replace the default WaboSign mark at every render site that previously rendered `shared/_logo`. Accepted formats: PNG, JPEG, and SVG. SVGs go through `AccountLogo.sanitize_upload` before storage: - `<script>` and `<foreignObject>` elements removed - every `on*` attribute stripped (onclick, onload, onerror, …) - `href` / `xlink:href` dropped unless the value starts with `#` (in-doc fragment) or `data:` (inert in <img> context) Raster uploads pass through unchanged. 2 MB upload cap on all formats. Dispatch is a new `shared/_account_logo.html.erb` partial — takes an optional `account:` local and emits either `<img>` (logo attached) or falls back to the existing inline `shared/_logo.html.erb` SVG. All swapped render sites pass the right account expression: - shared/_title.html.erb → current_account - start_form/_brand_logo.html.erb → @template.account - submit_form/_brand_logo.html.erb → @submitter.submission.account - templates_uploads/show.html.erb → current_account - submissions/_logo.html.erb → @submission \|\| @submitter accounts - templates_share_link_qr/_logo.html.erb → @template.account The landing page stays on the default mark (no account context). Static favicon/PWA manifest/preview.png stay on the default brand. Audit-trail PDF (`lib/submissions/generate_audit_trail.rb#add_logo`) now calls `PdfIcons.account_logo_io(submission.account)`. SVG logos are rasterized to PNG via ActiveStorage variants (libvips + librsvg, both present in the production image via the `vips` Alpine pkg). On any failure path the helper logs and falls back to `PdfIcons.logo_io` so audit-trail generation never crashes on a bad logo. Routes: `resource :account_logo, only: %i[create destroy]` nested under `/settings`. AccountLogoController authorizes via `authorize!(:manage, current_account)` and routes the form back to `/settings/personalization` on success or failure. Specs (11/11 pass in the Ruby 4.0.1 + Postgres-14 container): - spec/lib/account_logo_spec.rb — 6 sanitizer unit cases - spec/requests/account_logo_controller_spec.rb — 5 request cases Smoke-tested end-to-end in the built image: - PNG round-trips through attach/download. - Malicious SVG (`<script>` + onload + alert) saves with all three payloads scrubbed from the stored bytes. - SVG → PNG rasterization for the PDF path produces a 18 KB PNG with valid PNG magic — confirms libvips/librsvg is actually wired in the production Alpine image. - After purge, `PdfIcons.account_logo_io` is byte-identical to `PdfIcons.logo_io` (clean fallback). - /settings/personalization renders the new form with all expected fields. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	1 month ago
Wabo	1872a0995b	Wire SMS sending via BulkVS Replaces the SMS placeholder with an actual provider integration. v1 ships BulkVS only; the architecture leaves room for additional providers behind the same Sms.send_message interface. Storage: - EncryptedConfig key `sms_configs` (added to CONFIG_KEYS): { provider, enabled, basic_auth_token, from_number, delivery_webhook_url } - AccountConfig key `submitter_invitation_sms` for the per-account SMS body template override. Service layer: - lib/sms.rb — Sms.enabled_for?(account), Sms.send_message (account:, to:, text:), Sms.normalize_phone - lib/sms/providers/bulkvs.rb — POST to https://portal.bulkvs.com/api/v1.0/messageSend with the pre-encoded Basic Auth header from the BulkVS portal. Surfaces non-2xx responses as Sms::ProviderError with the upstream message. Background sending: - app/jobs/send_submitter_invitation_sms_job.rb — mirrors SendSubmitterInvitationEmailJob; substitutes account-template variables via the existing ReplaceEmailVariables module so {account.name} / {submitter.link} / etc. work in the SMS body. - submitters_controller#maybe_resend_email_sms already enqueues this job when params[:send_sms] == '1', so the existing "Send SMS" toggle in the submitter edit form now does what it says on the tin. Controllers/routes: - SmsSettingsController gains create + test_message; the test_message action lets an admin verify their config with a one-off SMS against any phone number. - SubmittersSendSmsController#create powers the per-submitter "Send SMS" button (mirrors SubmittersSendEmailController). - Routes: resources :sms with create + test_message; submitters nested resources :send_sms. Views: - app/views/sms_settings/index.html.erb — real form replacing the "not bundled" placeholder. Status banner reflects live config. Test-send card renders only when SMS is enabled. - app/views/submissions/_send_sms_button.html.erb — was a permanently disabled stub; now button_to the new send_sms endpoint when SMS is configured and the submitter has a phone number. Falls back to a tooltip explaining what's missing otherwise. - app/views/submissions/_send_sms.html.erb — was a placeholder render; now shows a real "send SMS on save" toggle when SMS is configured. - app/views/personalization_settings/_signature_request_sms_form.html.erb + show.html.erb — per-account SMS body override with variable documentation. Smoke-tested in a built image: - /settings/sms renders 200, all form fields present. - /settings/personalization renders the SMS body field. - With saved (bogus) creds, Sms.send_message hits BulkVS over HTTPS and surfaces the real 401 as Sms::ProviderError — proves the transport is wired, not just the boot path. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	1 month ago
Wabo	2796ddf424	Rebrand DocuSeal to WaboSign and unlock Pro features Renames the product to WaboSign across UI, mailers, locales, assets, and internal Ruby module. Keeps the upstream DocuSeal attribution required by AGPLv3 §7(b) in the powered-by footer, email attribution, README, and a new NOTICE file. Migration renames the AATL cert identifier in encrypted configs from docuseal_aatl to wabosign_aatl. Removes multitenant-gated Pro upsell UI (Plans/Console/Upgrade links, SMS/SSO/bulk-send/logo placeholders, reminder-duration restriction, the "DocuSeal Pro" email-attribution toggle, conditions/formula/payment pricing links) so every shipped feature is reachable on a self-hosted deployment. Multitenant routing logic is preserved. Drops Discord, Twitter, and ChatGPT/AI-assistant chrome. Embedding modal keeps the upstream <docuseal-form> / @docuseal/* SDK contract so existing embedded forms continue to work; documented in NOTICE. REBRANDING.md captures the change inventory for future maintainers. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	1 month ago
Pete Matsyburka	6627d7eac5	fix erblint	2 months ago
Pete Matsyburka	81a6a48d70	validate color	2 months ago
Pete Matsyburka	39407557f2	adjust page preview	2 months ago
Pete Matsyburka	c7afe33c72	add time formats	2 months ago
Pete Matsyburka	7cdf263da1	add screen reader mode	2 months ago
Pete Matsyburka	ee65a5693c	improve accessibility	2 months ago
Pete Matsyburka	bb2fb7a0c2	refactor download	2 months ago
Pete Matsyburka	8f8b36617a	fix first party download from preview	2 months ago
Pete Matsyburka	eaedaa96bb	fix rubocop	3 months ago
Pete Matsyburka	db6e2eb7ca	preserve order with verification	3 months ago
Pete Matsyburka	c23eca0ade	fix field style	3 months ago
Pete Matsyburka	f4b7528c0d	fix send form	3 months ago
Pete Matsyburka	37196ff89f	add dynamic documents	4 months ago
Pete Matsyburka	3d0c7f1118	markdown in preferences	4 months ago
Alex Turchyn	39cc82ce0c	add markdown editor	4 months ago
Pete Matsyburka	ba84741a64	invite party via field	4 months ago
Pete Matsyburka	825322d489	adjust for custom domain	4 months ago
Pete Matsyburka	118f4a231b	detailed time format	4 months ago
Pete Matsyburka	fe6baba8bf	fix erb lint	4 months ago
Pete Matsyburka	9b7745c565	hide resend on archived	4 months ago
Pete Matsyburka	2056301f70	remember send tab selection	4 months ago
Pete Matsyburka	2fc5e9cfb3	format cells	5 months ago
Pete Matsyburka	6060a2b798	fix icon	5 months ago
Pete Matsyburka	ce12af68b2	fix required	5 months ago
Pete Matsyburka	c05f8d47aa	require 2fa	5 months ago
Pete Matsyburka	b10ed46ccc	add kba	6 months ago
Pete Matsyburka	d078727070	recipient fields condition	6 months ago
Pete Matsyburka	0d8e2c5ff0	adjust signature size	6 months ago
Pete Matsyburka	d525e0597a	recipient fields config	6 months ago
Pete Matsyburka	881d189715	fix phone	6 months ago
Alex Turchyn	a8b5e00814	show field boxes on the submissions page	6 months ago
Pete Matsyburka	4f013ca927	do not combine with verification	6 months ago
Pete Matsyburka	d9823feef7	fix option	6 months ago
Alex Turchyn	6e43a42274	add email 2FA	6 months ago
Pete Matsyburka	de5cd92dba	adjust send email	7 months ago
Pete Matsyburka	269e2beeaa	fix preview	8 months ago
Pete Matsyburka	32691b0c0d	add background	8 months ago
Pete Matsyburka	f8e9787675	fix edit email detailed	9 months ago
Pete Matsyburka	9cc92b59b3	add strikethrough	9 months ago
Pete Matsyburka	cd83d918e5	fix csp	9 months ago
Pete Matsyburka	b64a84a362	add csp	9 months ago
Pete Matsyburka	4c1ccd65bf	fix condition field value	10 months ago
Pete Matsyburka	0388927c5b	fix readonly date	10 months ago
Pete Matsyburka	ec01529014	show readonly fields	10 months ago
Pete Matsyburka	d3273d879a	add order ui	11 months ago
Pete Matsyburka	b2b97a313a	prefillable fields	11 months ago
Pete Matsyburka	69d63ecffe	with signature id reason	11 months ago

1 2 3 4 5

209 Commits (ee5a295e577daba1f56597f30dcb2df4a60e3da2)