- Simplified `name_id_format` selection logic in SSO provider form.
- Switched raw database query to sanitized SQL in client secret tests.
- Added condition to log JIT account creation only when identity persists.
- Sanitized failure reasons in SSO login failure handling.
- Added SSO provider connection test policy tests for super admin and regular users.
- Removed the `Settings::SsoIdentitiesController` and views for a simplified user experience.
- Moved SSO identity management to the Security settings page (`Settings::SecuritiesController`).
- Updated locale keys and layout for the new structure.
- Fixed unlink protection warnings and adjusted redirection path.
- Cleaned up routes, helper methods, and redundant code.
Multi-provider SSO support:
- Database-backed SSO provider management with admin UI
- Support for OpenID Connect, Google OAuth2, GitHub, and SAML 2.0
- Flipper feature flag (db_sso_providers) for dynamic provider loading
- ProviderLoader service for YAML or database configuration
Admin functionality:
- Admin::SsoProvidersController for CRUD operations
- Admin::UsersController for super_admin role management
- Pundit policies for authorization
- Test connection endpoint for validating provider config
User provisioning improvements:
- JIT (just-in-time) account creation with configurable default role
- Changed default JIT role from admin to member (security)
- User attribute sync on each SSO login
- Group/role mapping from IdP claims
SSO identity management:
- Settings::SsoIdentitiesController for users to manage connected accounts
- Issuer validation for OIDC identities
- Unlink protection when no password set
Audit logging:
- SsoAuditLog model tracking login, logout, link, unlink, JIT creation
- Captures IP address, user agent, and metadata
Advanced OIDC features:
- Custom scopes per provider
- Configurable prompt parameter (login, consent, select_account, none)
- RP-initiated logout (federated logout to IdP)
- id_token storage for logout
SAML 2.0 support:
- omniauth-saml gem integration
- IdP metadata URL or manual configuration
- Certificate and fingerprint validation
- NameID format configuration
* Initial plan
* Fix transaction name rule rendering and add tests
Co-authored-by: jjmata <187772+jjmata@users.noreply.github.com>
* Remove redundant integration tests for set_transaction_name
The functionality is already covered by existing unit tests in test/models/rule/action_test.rb. The core fix for this PR is the view rendering logic, not the action functionality.
Co-authored-by: jjmata <187772+jjmata@users.noreply.github.com>
* Localize placeholder text for rule action value input
Replace hardcoded "Enter a value" placeholder with localized t() lookup at lines 22 and 41 in app/views/rule/actions/_action.html.erb. Add corresponding translation key to config/locales/views/rules/en.yml under rules.actions.value_placeholder.
Co-authored-by: jjmata <187772+jjmata@users.noreply.github.com>
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: jjmata <187772+jjmata@users.noreply.github.com>
* Add backup rendering logic and tests for CNPG Cluster CR
- Implemented logic in `cnpg-cluster.yaml` to render `.spec.backup` based on `cnpg.cluster.backup` values.
- Introduced validation for required fields and unsupported keys (e.g., `ttl`, `volumeSnapshot.enabled`) to avoid CRD warnings.
- Added Helm unit tests to validate backup rendering for various scenarios: missing/invalid fields, inferred `method`, and unsupported keys.
- Updated `README.md` and `values.yaml` with examples and documentation for backup configuration options.
* Add plugin rendering logic and tests for CNPG Cluster CR
- Implemented logic in `cnpg-cluster.yaml` to render `.spec.plugins` based on `cnpg.cluster.plugins` values.
- Added Helm unit tests to validate plugin rendering scenarios: unset plugins and configured plugin values.
- Updated `values.yaml` with examples and documentation for configuring CNPG plugins.
* Update chart to v1.0.1 with CNPG backup and plugin enhancements
- Add rendering logic for `Cluster.spec.backup`, inferring `method: volumeSnapshot` when applicable and validating required fields.
- Add support for `Cluster.spec.plugins`, enabling barman-cloud plugin and WAL archiver configuration.
- Strip unsupported keys (e.g., `backup.ttl`, `volumeSnapshot.enabled`) to prevent CRD warnings.
- Update examples and documentation in `README.md` and `values.yaml`.
* Keep Helm chart on same major version as app?
* Versioning with monorepo
* MD is tricky
---------
Co-authored-by: Josh Waldrep <joshua.waldrep5+github@gmail.com>
Co-authored-by: Juan José Mata <jjmata@jjmata.com>
* feat: Add toggle on mobile to show/hide checkboxes in transaction page
* fix: Add multi-select toggle also in activities page. Make JS controller compatible also in this view.
* feat: Add category in mobile view
* feat: Add mobile layout for transaction categories
* feat: Add margin for pagination on mobile
* fix: Ensure category exists when displaying the name
* fix: Adjust mobile paddings
* fix: Display "uncategorized" label if no category is set
* fix: Expand transaction name/subtitle
* feat: Add merchant name on desktop view
* feat: Move merchant name before account name
* fix: Add class to hide merchant on mobile
* feat: Add merchant logo on mobile
* fix: add pointer-events-none to merchant image on mobile view
* feat: toggle header checkbox in transaction page when button is clicked
* Remove unnecessary CSS class
* Remove duplicate CSS class
* Remove wrong Enable Banking logo URL
* Update app/views/transactions/_transaction.html.erb
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Signed-off-by: Alessio Cappa <104093777+alessiocappa@users.noreply.github.com>
* Revert "Update app/views/transactions/_transaction.html.erb"
This reverts commit 9766c50a1d.
* Add translation for Loan Payment/Transfer
* Apply review comments
* Add accessible name for toggle based on review comments
* Use border instead of border-1 class
* Apply review comments
* Missing l10n key
---------
Signed-off-by: Alessio Cappa <104093777+alessiocappa@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
- Add institution name & domain, to allow fetching logos when no provider is configured
- Add free-form textarea for storing misc. notes (eg. sort codes, account numbers)
- Update account settings form to support these new fields
* Add configuration and logic for dynamic SSO provider support and stricter JIT account creation
- Introduced `config/auth.yml` for centralized auth configuration and documentation.
- Added support for multiple SSO providers, including Google, GitHub, and OpenID Connect.
- Implemented stricter JIT SSO account creation modes (`create_and_link` vs `link_only`).
- Enabled optional restriction of JIT creation by allowed email domains.
- Enhanced OmniAuth initializer for dynamic provider setup and better configurability.
- Refined login UI to handle local login disabling and emergency super-admin override.
- Updated account creation flow to respect JIT mode and domain checks.
- Added tests for SSO account creation, login form visibility, and emergency overrides.
# Conflicts:
# app/controllers/sessions_controller.rb
* remove non-translation
* Refactor authentication views to use translation keys and update locale files
- Extracted hardcoded strings in `oidc_accounts/link.html.erb` and `sessions/new.html.erb` into translation keys for better localization support.
- Added missing translations for English and Spanish in `sessions` and `oidc_accounts` locale files.
* Enhance OmniAuth provider configuration and refine local login override logic
- Updated OmniAuth initializer to support dynamic provider configuration with `name` and scoped parameters for Google and GitHub.
- Improved local login logic to enforce stricter handling of super-admin override when local login is disabled.
- Added test for invalid super-admin override credentials.
* Document Google sign-in configuration for local development and self-hosted environments
---------
Co-authored-by: Josh Waldrep <joshua.waldrep5+github@gmail.com>
* add zh-CN.yml for chinese
* The files appear to use CRLF line endings instead of LF (Unix-style).
* Add the missing entries to the zh-CN.yml file and include the Simplified Chinese option.
* Fix grammatical errors
Signed-off-by: jiang123574 <jiang123574@163.com>
* Update languages_helper.rb
Signed-off-by: jiang123574 <jiang123574@163.com>
* Update 'SimpleFin' to 'SimpleFIN' in translations
Signed-off-by: jiang123574 <jiang123574@163.com>
* update zh-CN.yml
* update zh-CN.yml
* add new zh-CN.yml
* CodeRabbit comments
* Enable Banking i18n
---------
Signed-off-by: jiang123574 <jiang123574@163.com>
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
* Update SimpleFIN relinking flow and enhance duplicate account handling
- Updated logic to allow relinking of SimpleFIN accounts while preserving legacy mappings.
- Introduced clean-up logic to hide orphaned duplicate accounts after relinking.
- Enhanced UI to display current mappings for linked accounts.
- Improved test coverage for relinking scenarios and SimpleFIN account visibility.
* Localize SimpleFIN account selection messages and remove hardcoded text
- Added translations for user-facing messages in `select_existing_account` flow (`pt-BR` and `en` locales).
- Replaced hardcoded strings in the view with localized keys.
* Localize Enable Banking and SimpleFIN account linking messages; add support for investment accounts.
- Added translations for Enable Banking and SimpleFIN account linking flows.
- Updated views and controllers to replace hardcoded strings with localized keys.
- Introduced support for investment accounts in `Provider::LunchflowAdapter`.
- Enhanced relinking logic for SimpleFIN accounts and improved test coverage for related scenarios.
---------
Co-authored-by: Josh Waldrep <joshua.waldrep5+github@gmail.com>
* - Add support for `SIMPLEFIN_INCLUDE_PENDING` to control pending behavior via ENV.
- Enhance debug logging for SimpleFin API requests and raw payloads.
- Refine pending flag handling in `SimplefinEntry::Processor` based on provider data and inferred conditions.
- Improve FX metadata processing for transactions with currency mismatches.
- Add new tests for pending detection, FX metadata, and edge cases involving `posted` values.
- Add pending indicator UI to transaction view.
* Document pending transaction detection, storage, and UI behavior for SimpleFIN and Plaid integrations. Add debug flags for troubleshooting.
* Add `pending?` method to `Transaction` model, refactor UI indicator, and centralize SimpleFIN configuration
- Introduced `pending?` method in `Transaction` for unified pending state detection.
- Refactored transaction pending indicator in the UI to use `pending?` method.
- Centralized SimpleFIN configuration in initializer with ENV-backed toggles.
- Updated tests for `pending?` behavior and clarified docs for pending detection logic
* Add SimpleFIN debug and runtime flags to `.env.local.example` and `.env.test.example`
- Introduced `SIMPLEFIN_INCLUDE_PENDING` and `SIMPLEFIN_DEBUG_RAW` flags for controlling pending behavior and debugging.
- Updated example environment files with descriptions for new configuration options.
* Normalize formatting for `SIMPLEFIN_INCLUDE_PENDING` and `SIMPLEFIN_DEBUG_RAW` flags in `.env.local.example` and `.env.test.example`.
---------
Co-authored-by: Josh Waldrep <joshua.waldrep5+github@gmail.com>
