- Simplified `name_id_format` selection logic in SSO provider form.
- Switched raw database query to sanitized SQL in client secret tests.
- Added condition to log JIT account creation only when identity persists.
- Sanitized failure reasons in SSO login failure handling.
- Added SSO provider connection test policy tests for super admin and regular users.
- Removed the `Settings::SsoIdentitiesController` and views for a simplified user experience.
- Moved SSO identity management to the Security settings page (`Settings::SecuritiesController`).
- Updated locale keys and layout for the new structure.
- Fixed unlink protection warnings and adjusted redirection path.
- Cleaned up routes, helper methods, and redundant code.
Multi-provider SSO support:
- Database-backed SSO provider management with admin UI
- Support for OpenID Connect, Google OAuth2, GitHub, and SAML 2.0
- Flipper feature flag (db_sso_providers) for dynamic provider loading
- ProviderLoader service for YAML or database configuration
Admin functionality:
- Admin::SsoProvidersController for CRUD operations
- Admin::UsersController for super_admin role management
- Pundit policies for authorization
- Test connection endpoint for validating provider config
User provisioning improvements:
- JIT (just-in-time) account creation with configurable default role
- Changed default JIT role from admin to member (security)
- User attribute sync on each SSO login
- Group/role mapping from IdP claims
SSO identity management:
- Settings::SsoIdentitiesController for users to manage connected accounts
- Issuer validation for OIDC identities
- Unlink protection when no password set
Audit logging:
- SsoAuditLog model tracking login, logout, link, unlink, JIT creation
- Captures IP address, user agent, and metadata
Advanced OIDC features:
- Custom scopes per provider
- Configurable prompt parameter (login, consent, select_account, none)
- RP-initiated logout (federated logout to IdP)
- id_token storage for logout
SAML 2.0 support:
- omniauth-saml gem integration
- IdP metadata URL or manual configuration
- Certificate and fingerprint validation
- NameID format configuration
* feat: Add toggle on mobile to show/hide checkboxes in transaction page
* fix: Add multi-select toggle also in activities page. Make JS controller compatible also in this view.
* feat: Add category in mobile view
* feat: Add mobile layout for transaction categories
* feat: Add margin for pagination on mobile
* fix: Ensure category exists when displaying the name
* fix: Adjust mobile paddings
* fix: Display "uncategorized" label if no category is set
* fix: Expand transaction name/subtitle
* feat: Add merchant name on desktop view
* feat: Move merchant name before account name
* fix: Add class to hide merchant on mobile
* feat: Add merchant logo on mobile
* fix: add pointer-events-none to merchant image on mobile view
* feat: toggle header checkbox in transaction page when button is clicked
* Remove unnecessary CSS class
* Remove duplicate CSS class
* Remove wrong Enable Banking logo URL
* Update app/views/transactions/_transaction.html.erb
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Signed-off-by: Alessio Cappa <104093777+alessiocappa@users.noreply.github.com>
* Revert "Update app/views/transactions/_transaction.html.erb"
This reverts commit 9766c50a1d.
* Add translation for Loan Payment/Transfer
* Apply review comments
* Add accessible name for toggle based on review comments
* Use border instead of border-1 class
* Apply review comments
* Missing l10n key
---------
Signed-off-by: Alessio Cappa <104093777+alessiocappa@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
- Add institution name & domain, to allow fetching logos when no provider is configured
- Add free-form textarea for storing misc. notes (eg. sort codes, account numbers)
- Update account settings form to support these new fields
* Add configuration and logic for dynamic SSO provider support and stricter JIT account creation
- Introduced `config/auth.yml` for centralized auth configuration and documentation.
- Added support for multiple SSO providers, including Google, GitHub, and OpenID Connect.
- Implemented stricter JIT SSO account creation modes (`create_and_link` vs `link_only`).
- Enabled optional restriction of JIT creation by allowed email domains.
- Enhanced OmniAuth initializer for dynamic provider setup and better configurability.
- Refined login UI to handle local login disabling and emergency super-admin override.
- Updated account creation flow to respect JIT mode and domain checks.
- Added tests for SSO account creation, login form visibility, and emergency overrides.
# Conflicts:
# app/controllers/sessions_controller.rb
* remove non-translation
* Refactor authentication views to use translation keys and update locale files
- Extracted hardcoded strings in `oidc_accounts/link.html.erb` and `sessions/new.html.erb` into translation keys for better localization support.
- Added missing translations for English and Spanish in `sessions` and `oidc_accounts` locale files.
* Enhance OmniAuth provider configuration and refine local login override logic
- Updated OmniAuth initializer to support dynamic provider configuration with `name` and scoped parameters for Google and GitHub.
- Improved local login logic to enforce stricter handling of super-admin override when local login is disabled.
- Added test for invalid super-admin override credentials.
* Document Google sign-in configuration for local development and self-hosted environments
---------
Co-authored-by: Josh Waldrep <joshua.waldrep5+github@gmail.com>
* add zh-CN.yml for chinese
* The files appear to use CRLF line endings instead of LF (Unix-style).
* Add the missing entries to the zh-CN.yml file and include the Simplified Chinese option.
* Fix grammatical errors
Signed-off-by: jiang123574 <jiang123574@163.com>
* Update languages_helper.rb
Signed-off-by: jiang123574 <jiang123574@163.com>
* Update 'SimpleFin' to 'SimpleFIN' in translations
Signed-off-by: jiang123574 <jiang123574@163.com>
* update zh-CN.yml
* update zh-CN.yml
* add new zh-CN.yml
* CodeRabbit comments
* Enable Banking i18n
---------
Signed-off-by: jiang123574 <jiang123574@163.com>
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
* Update SimpleFIN relinking flow and enhance duplicate account handling
- Updated logic to allow relinking of SimpleFIN accounts while preserving legacy mappings.
- Introduced clean-up logic to hide orphaned duplicate accounts after relinking.
- Enhanced UI to display current mappings for linked accounts.
- Improved test coverage for relinking scenarios and SimpleFIN account visibility.
* Localize SimpleFIN account selection messages and remove hardcoded text
- Added translations for user-facing messages in `select_existing_account` flow (`pt-BR` and `en` locales).
- Replaced hardcoded strings in the view with localized keys.
* Localize Enable Banking and SimpleFIN account linking messages; add support for investment accounts.
- Added translations for Enable Banking and SimpleFIN account linking flows.
- Updated views and controllers to replace hardcoded strings with localized keys.
- Introduced support for investment accounts in `Provider::LunchflowAdapter`.
- Enhanced relinking logic for SimpleFIN accounts and improved test coverage for related scenarios.
---------
Co-authored-by: Josh Waldrep <joshua.waldrep5+github@gmail.com>
* - Add support for `SIMPLEFIN_INCLUDE_PENDING` to control pending behavior via ENV.
- Enhance debug logging for SimpleFin API requests and raw payloads.
- Refine pending flag handling in `SimplefinEntry::Processor` based on provider data and inferred conditions.
- Improve FX metadata processing for transactions with currency mismatches.
- Add new tests for pending detection, FX metadata, and edge cases involving `posted` values.
- Add pending indicator UI to transaction view.
* Document pending transaction detection, storage, and UI behavior for SimpleFIN and Plaid integrations. Add debug flags for troubleshooting.
* Add `pending?` method to `Transaction` model, refactor UI indicator, and centralize SimpleFIN configuration
- Introduced `pending?` method in `Transaction` for unified pending state detection.
- Refactored transaction pending indicator in the UI to use `pending?` method.
- Centralized SimpleFIN configuration in initializer with ENV-backed toggles.
- Updated tests for `pending?` behavior and clarified docs for pending detection logic
* Add SimpleFIN debug and runtime flags to `.env.local.example` and `.env.test.example`
- Introduced `SIMPLEFIN_INCLUDE_PENDING` and `SIMPLEFIN_DEBUG_RAW` flags for controlling pending behavior and debugging.
- Updated example environment files with descriptions for new configuration options.
* Normalize formatting for `SIMPLEFIN_INCLUDE_PENDING` and `SIMPLEFIN_DEBUG_RAW` flags in `.env.local.example` and `.env.test.example`.
---------
Co-authored-by: Josh Waldrep <joshua.waldrep5+github@gmail.com>
* Fix record violation
and add toggle for recurring feature
* Run only once per sync cycle ( 30 sec )
* FIX params passing
* Add collapsible to recurring section
* FIX preferences error catch
* Add RSwag coverage for chat API
* Linter
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Signed-off-by: Juan José Mata <jjmata@jjmata.com>
* Add transaction rswag
* FIX linter
---------
Signed-off-by: Juan José Mata <jjmata@jjmata.com>
Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: sokie <sokysrm@gmail.com>
* Address remaining CodeRabbit comments from PR #267
This commit addresses the remaining unresolved code review comments:
1. Fix down migration in drop_was_merged_from_transactions.rb
- Add null: false, default: false constraints to match original column
- Ensures proper rollback compatibility
2. Fix bare rescue in maps_helper.rb compute_duplicate_only_flag
- Replace bare rescue with rescue StandardError => e
- Add proper logging for debugging
- Follows Ruby best practices by being explicit about exception handling
These changes improve code quality and follow Rails/Ruby best practices.
* Refactor `SimplefinItemsController` and add tests for balances sync and account relinking behavior
- Replaced direct sync execution with `SyncJob` for asynchronous handling of balances sync.
- Updated account relinking logic to prevent disabling accounts with other active provider links.
- Removed unused `compute_relink_candidates` method.
- Added tests to verify `balances` action enqueues `SyncJob` and relinking respects account-provider relationships.
* Refactor balances sync to use runtime-only `balances_only` flag
- Replaced persistent `sync_stats` usage with runtime `balances_only?` predicate via `define_singleton_method`.
- Updated `SimplefinItemsController` `balances` action to pass `balances_only` flag to `SyncJob`.
- Enhanced `SyncJob` to attach transient `balances_only?` flag for execution.
- Adjusted `SimplefinItem::Syncer` logic to rely on the runtime `balances_only?` method.
- Updated controller tests to validate runtime flag usage in `SyncJob`.
---------
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Josh Waldrep <joshua.waldrep5+github@gmail.com>
Updated the Helm release workflow to generate a nightly version and package the chart accordingly.
Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
* Add Helm chart for Sure Rails app deployment.
- Introduced initial Helm chart structure for deploying the Sure Rails app with Sidekiq on Kubernetes.
- Added optional CloudNativePG and Redis-Operator subcharts for high availability of PostgreSQL and Redis.
- Implemented configuration guards for mutual exclusivity between Redis operators.
- Included support for Horizontal Pod Autoscalers (HPAs) for web and worker deployments.
- Added default configurations for CronJobs, database migrations, and Ingress setup.
- Generated NOTES.txt for deployment guidance and troubleshooting.
- Added example profiles for simple and high-availability hosting setups in README.md.
- Enhanced templates with helper functions for reusable logic and secret management.
* Refactor Helm chart to use shared _env.tpl helper for environment variable injection.
- Added `_env.tpl` for managing environment variables across workloads (web, worker, jobs, etc.).
- Replaced repetitive inline environment configurations with reusable `sure.env` helper.
- Enhanced `redis-simple` configurations with support for dynamic persistence settings and resource limits.
- Updated `values.yaml` with improved defaults for multi-node cluster setups.
- Extended cleanup scripts to handle RedisSentinel CRs.
* Refactor Helm chart templates for consistency and improved readability
- Simplified `simplefin-backfill-job.yaml` by quoting backfill args for cleaner rendering.
- Removed unused `extraEnvFrom` logic from `_env.tpl`.
- Streamlined `redis-simple-deployment.yaml` by restructuring `volumeMounts` and `volumes` blocks for better condition handling.
* Bump Sure Helm chart version to 1.0.0 for initial stable release.
* Update README: Redis subchart to use OT redis-operator and improve secret management examples.
- Replaced `dandydev/redis-ha` with `OT-CONTAINER-KIT redis-operator`
- Added Redis secret configurations examples for flexible secret management.
- Updated README with new Redis configuration instructions, examples, and auto-wiring precedence adjustments.
* Enhance Redis-Operator Helm chart with managed scheduling, topology spreading, and fallback logic
- Introduced `managed.*` fields for optional RedisReplication configurations, prioritizing them over top-level settings.
- Added support for `nodeSelector`, `affinity`, `tolerations`, `topologySpreadConstraints`, and customized `workloadResources` for Redis pods.
- Updated default Redis image to `v8.4.0` in templates.
- Improved persistence configuration with fallback support.
- Updated README and values.yaml with examples and guidance for high-availability setups.
- Enhanced CNPG chart with scheduling options for consistency.
* Update README with improved Redis-Operator usage examples and secret placeholder guidance
- Added instructions for constructing `REDIS_URL` in Kubernetes manifests using placeholders.
- Replaced sensitive values in example secrets with non-sensitive placeholders (`__SET_SECRET__`).
- Included notes on linting Helm templates and YAML to avoid false-positive CI errors.
---------
Co-authored-by: Josh Waldrep <joshua.waldrep5+github@gmail.com>
* Highlight current month in trends insights table
Refactored the logic to apply special styling and label to the row representing the current month, using a date comparison instead of relying on the last index. This ensures the current month is always highlighted, regardless of its position in the data.
* Highlight current month in trends insights
Added an is_current_month flag to trends data in the controller and updated the view to use this flag for highlighting the current month. This improves clarity and avoids redundant date comparisons in the view.
- Updated `date_utils.rb` to return `nil` for timestamps equal to 0.
- Enhanced `SimplefinItem::Importer` to merge transactions by prioritizing non-pending records with valid posted timestamps.
- Introduced a comparator and key-builder for resolving transaction conflicts systematically.
Co-authored-by: Josh Waldrep <joshua.waldrep5+github@gmail.com>
* Add API endpoint for triggering family sync
Introduces Api::V1::SyncController with a create action to queue a family sync, applying all active rules and syncing accounts. Adds corresponding route, JSON response view, and comprehensive controller tests for authorization and response validation.
* Rename started_at to syncing_at in sync API response
Updated the sync create JSON response to use 'syncing_at' instead of 'started_at'. Adjusted related controller test to check for 'syncing_at'. Also updated API authentication header in test to use 'X-Api-Key' instead of Bearer token.
* Update app/controllers/api/v1/sync_controller.rb
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Mark Hendriksen <hendriksen-mark@hotmail.com>
---------
Signed-off-by: Mark Hendriksen <hendriksen-mark@hotmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
