* Fix OIDC household invitation (issue #900)
- Auto-add existing user when inviting by email (no invite email sent)
- Accept page: choose 'Create account' or 'Sign in' (supports OIDC)
- Store invitation token in session on sign-in; accept after login (password,
OIDC, OIDC link, OIDC JIT, MFA)
- Invitation#accept_for!(user): add user to household and mark accepted
- Defensive guards: nil/blank user, token normalization, accept_for! return check
* Address PR review: rename accept_for! to accept_for, i18n OIDC notice, test fixes, stub Rails.application.config
* Fix flaky system test: assert only configure step, not flash message
Co-authored-by: Cursor <cursoragent@cursor.com>
---------
Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
Co-authored-by: mkdev11 <jaysmth689+github@users.noreply.github.com>
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
* Add localization for onboarding goals across multiple languages
* Add password requirements localization for multiple languages
* Refactor localization keys for authentication messages
* Add `oidc` localization key for multiple languages
* Add OIDC account localization for multiple languages
* Add localization for trial and profile setup across multiple languages
* Refactor OIDC button label fallback to prioritize label presence over localization key
* Refactor onboarding tests to use I18n for text assertions and button labels
* Linter
* Last test fix?!?
* We keep both `oidc` and `openid_connect` due to contatenation issues
---------
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
* Add Dutch (nl) translations for UI and models
Added comprehensive Dutch translation files for models, views, mailers, and Doorkeeper, covering accounts, categories, admin, and more. Updated languages_helper.rb to include 'nl' as a supported language. Improved capitalization and consistency in existing Dutch date and number formats.
* ai sugestions
* nitpick fix
* Fix Dutch translations and improve consistency
Corrected minor issues and improved consistency in Dutch locale files, including fixing typos, updating terminology (e.g., 'Self-Hosting' to 'Zelfhosting', 'Provider selectie' to 'Providerselectie'), and ensuring proper formatting. No functional changes were made; this commit only affects translation files.
* Update Dutch translations for product name and pluralization
Replaced hardcoded product names with %{product_name} in password reset and API key views for improved reusability. Updated wallet setup message in CoinStats item model to support correct Dutch pluralization.
* Update nl.yml
* feat(zh-TW): add Traditional Chinese localization support
Integrates comprehensive zh-TW locale files across UI, models, emails, and helpers.
Updates language mapping for Chinese (Traditional) and adds translations for various modules.
Establishes full Traditional Chinese support in the app.
* feat(locales): add zh-TW translations
Add comprehensive Traditional Chinese (zh-TW) translations for UI, defaults,
Doorkeeper, mailers, models, and views to provide full Taiwanese localization
and improve wording consistency.
Replace and update several existing zh-TW entries for clarity and consistency.
Also expose the Postgres port in the example compose for easier local
development and apply minor locale/typo/whitespace fixes.
* feat(locales): add zh-TW translations
Add Traditional Chinese (zh-TW) locale files across many views and settings
to provide Taiwanese localization. Introduce updated translations for
authentication, onboarding, settings, integrations (Plaid, SimpleFin,
Lunch Flow), accounts, reports, and various resource pages.
Remove or replace legacy locale files to align with the revamped i18n
structure and copy organization. This enables full zh-TW support for the UI.
* chore(docker): remove published Postgres port
Remove the published Postgres port mapping (5432) from the example
docker-compose file to avoid exposing the database to the host and to
prevent accidental port conflicts. Keeps the example more secure and
focused on internal service networking.
* docs(i18n): 統一 SimpleFIN 在繁體中文翻譯的大小寫
將 zh-TW 翻譯中所有出現的 "SimpleFin" 更新為品牌正確的 "SimpleFIN",
包含標題、提示文字、成功/錯誤訊息及表單標籤,以維持品牌名稱一致性
並提升使用者介面的翻譯準確性。
Multi-provider SSO support:
- Database-backed SSO provider management with admin UI
- Support for OpenID Connect, Google OAuth2, GitHub, and SAML 2.0
- Flipper feature flag (db_sso_providers) for dynamic provider loading
- ProviderLoader service for YAML or database configuration
Admin functionality:
- Admin::SsoProvidersController for CRUD operations
- Admin::UsersController for super_admin role management
- Pundit policies for authorization
- Test connection endpoint for validating provider config
User provisioning improvements:
- JIT (just-in-time) account creation with configurable default role
- Changed default JIT role from admin to member (security)
- User attribute sync on each SSO login
- Group/role mapping from IdP claims
SSO identity management:
- Settings::SsoIdentitiesController for users to manage connected accounts
- Issuer validation for OIDC identities
- Unlink protection when no password set
Audit logging:
- SsoAuditLog model tracking login, logout, link, unlink, JIT creation
- Captures IP address, user agent, and metadata
Advanced OIDC features:
- Custom scopes per provider
- Configurable prompt parameter (login, consent, select_account, none)
- RP-initiated logout (federated logout to IdP)
- id_token storage for logout
SAML 2.0 support:
- omniauth-saml gem integration
- IdP metadata URL or manual configuration
- Certificate and fingerprint validation
- NameID format configuration
* Add configuration and logic for dynamic SSO provider support and stricter JIT account creation
- Introduced `config/auth.yml` for centralized auth configuration and documentation.
- Added support for multiple SSO providers, including Google, GitHub, and OpenID Connect.
- Implemented stricter JIT SSO account creation modes (`create_and_link` vs `link_only`).
- Enabled optional restriction of JIT creation by allowed email domains.
- Enhanced OmniAuth initializer for dynamic provider setup and better configurability.
- Refined login UI to handle local login disabling and emergency super-admin override.
- Updated account creation flow to respect JIT mode and domain checks.
- Added tests for SSO account creation, login form visibility, and emergency overrides.
# Conflicts:
# app/controllers/sessions_controller.rb
* remove non-translation
* Refactor authentication views to use translation keys and update locale files
- Extracted hardcoded strings in `oidc_accounts/link.html.erb` and `sessions/new.html.erb` into translation keys for better localization support.
- Added missing translations for English and Spanish in `sessions` and `oidc_accounts` locale files.
* Enhance OmniAuth provider configuration and refine local login override logic
- Updated OmniAuth initializer to support dynamic provider configuration with `name` and scoped parameters for Google and GitHub.
- Improved local login logic to enforce stricter handling of super-admin override when local login is disabled.
- Added test for invalid super-admin override credentials.
* Document Google sign-in configuration for local development and self-hosted environments
---------
Co-authored-by: Josh Waldrep <joshua.waldrep5+github@gmail.com>
* add zh-CN.yml for chinese
* The files appear to use CRLF line endings instead of LF (Unix-style).
* Add the missing entries to the zh-CN.yml file and include the Simplified Chinese option.
* Fix grammatical errors
Signed-off-by: jiang123574 <jiang123574@163.com>
* Update languages_helper.rb
Signed-off-by: jiang123574 <jiang123574@163.com>
* Update 'SimpleFin' to 'SimpleFIN' in translations
Signed-off-by: jiang123574 <jiang123574@163.com>
* update zh-CN.yml
* update zh-CN.yml
* add new zh-CN.yml
* CodeRabbit comments
* Enable Banking i18n
---------
Signed-off-by: jiang123574 <jiang123574@163.com>
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
* Add friendly PWA offline error page
When the PWA fails to connect to the server, users now see a branded
offline page with a friendly "technical difficulties" message, the
app logo, and a reload button. The page automatically attempts to
reload when connectivity is restored.
Changes:
- Created public/offline.html with branded offline experience
- Updated service worker to cache and serve offline page on network failures
- Added service worker registration in application.js
- Service worker now handles navigation requests with offline fallback
* Extract PWA offline logo to separate cached asset
Move the inline SVG logo from offline.html to a separate file at
public/logo-offline.svg. This makes the logo asset easily identifiable
and maintainable, as it may diverge from other logo versions in the future.
Changes:
- Created public/logo-offline.svg with the offline page logo
- Updated service worker to cache logo as part of OFFLINE_ASSETS array
- Updated fetch handler to serve cached offline assets
- Updated offline.html to reference logo file instead of inline SVG
* Update offline message for better readability
Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
* CodeRabbit comments
* Keep 40x and 50x flowing
* Dark mode
* Logo tweaks
* Login/sign up cleanup
---------
Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
Co-authored-by: Claude <noreply@anthropic.com>
* added german translation
consistently added all translation yml files for german language
* Correct quotation and syntax errors in new de locale files
Corrected misplaced or missing quotation marks in YAML
* Updated German translations
Added missing files, fixed for customizable branding
* corrected yml formatting
added missing "" when : where used in the string
* Interpolation errors
* More interpolation issues
* Last round of interpolation errors?
* Add German to supported locales
* Still a few more interpolations
---------
Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
* ADD: Additional ES locales
* ADD: Initialize YAML structure for accounts and subscriptions locales
* FIX: Adjust line breaks in Spanish locale files for clarity
* Add CA locales for models
* Add CA locales for views
* Use translations in activity feed
* Additional CA locales
* Fix typo
---------
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
* Add OpenID Connect login support
* Add docs for OIDC config with Google Auth
* Use Google styles for log in
- Add support for linking existing account
- Force users to sign-in with passoword first, when linking existing accounts
- Add support to create new user when using OIDC
- Add identities to user to prevent account take-ver
- Make tests mocking instead of being integration tests
- Manage session handling correctly
- use OmniAuth.config.mock_auth instead of passing auth data via request env
* Conditionally render Oauth button
- Set a config item `configuration.x.auth.oidc_enabled`
- Hide button if disabled
---------
Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
Signed-off-by: soky srm <sokysrm@gmail.com>
Co-authored-by: sokie <sokysrm@gmail.com>
* fix: Capitialize month and day names in Norwegian
* fix: Add missing filler word
* chore: rebrand from Maybe to Sure
* chore: Add nb mail invite translation
* chore: Add nb translation for account model
* chore: Add address model translation
* chore: Add nb translation for entry model
* chore: add nb translation for time_series model
* chore: Add nb translation transfer mdoel
* chore: Add nb translation to trend model
* chore: Add nb translation to user model
* chore: more translations
* chore: More translation
* Update config/locales/views/application/nb.yml
Signed-off-by: Daddie0 <33762262+GoByeBye@users.noreply.github.com>
* Update config/locales/views/credit_cards/nb.yml
Signed-off-by: Daddie0 <33762262+GoByeBye@users.noreply.github.com>
* chore: more translations
* chore: rename more maybe strings to NB
* chore: more translations
* chore: More nb translations....
* chore: Final translations nb
* Update config/locales/views/accounts/nb.yml
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Daddie0 <33762262+GoByeBye@users.noreply.github.com>
---------
Signed-off-by: Daddie0 <33762262+GoByeBye@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Make forms more composable, opt-in to form builder
* Remove unused method
* Simpler money input controls
* Add in new form styling to imports
* Lint fixes
* Small tweak of multi select styles
