sure/test/models at 65d8129cf297c3c0eff7c52493f65c601d3a7bde - sure

QT/sure

mirror of https://github.com/we-promise/sure.git synced 2026-05-31 08:19:03 +00:00

Files

Guillem Arias 65d8129cf2 fix(retirement): review fixes — IDOR, adjustment cap, bucket access

Addresses PR #2046 review (superagent P1, Codex P2, jjmata):

- IDOR (P1): a statement could reference another plan's pension_source
  via a crafted pension_source_id, leaking the source name + points
  history. Goal::RetirementStatement now validates the source belongs
  to the same plan.
- Adjustment cap was bypassable: the limit lived only on Goal::Retirement
  (parent validations don't run on child saves), so the CRUD path allowed
  an 11th. Goal::RetirementAdjustment now enforces it on create.
- Bucket account selection (and the show-page candidate list) now filter
  through accounts.accessible_by(Current.user), so a private account
  shared away from the user can't be added via a crafted POST.
- Comment clarifying the deliberate update_column in soft_replace!.

Tests for the IDOR guard + the child-level cap.

2026-05-30 09:39:31 +02:00

account

fix(enable-banking): preserve claimed pending date on subsequent syncs (#1797 )

2026-05-14 21:33:22 +02:00

assistant

feat(goals): v2 architecture — drop ledger, derive balance, add pledge

2026-05-14 16:07:14 +02:00

balance

feat(balance): Preserve historical balances as waypoints for linked accounts (#1663 )

2026-05-13 21:27:50 +02:00

binance_account

Add Binance support, heavily inspired by the Coinbase one (#1317 )

2026-04-07 14:43:17 +02:00

binance_item

Add Binance support, heavily inspired by the Coinbase one (#1317 )

2026-04-07 14:43:17 +02:00

brex_account/transactions

feat(sync): add Brex provider connections (#1752 )

2026-05-13 18:13:48 +02:00

brex_entry

feat(sync): add Brex provider connections (#1752 )

2026-05-13 18:13:48 +02:00

brex_item

feat(sync): add Brex provider connections (#1752 )

2026-05-13 18:13:48 +02:00

coinstats_account

Add CoinStats exchange portfolio sync and normalize linked investment charts (#1308 )

2026-04-01 20:25:06 +02:00

coinstats_entry

Add CoinStats exchange portfolio sync and normalize linked investment charts (#1308 )

2026-04-01 20:25:06 +02:00

coinstats_item

Add DeFi via Coinstats (#1417 )

2026-04-11 21:37:07 +02:00

concerns

feat: add SSL_CA_FILE and SSL_VERIFY environment variables to support… (#894 )

2026-02-06 18:04:03 +01:00

enable_banking_account

fix(enable-banking): fix pending→posted auto-claim producing badge, duplicate, and wrong date (#1783 )

2026-05-13 14:03:37 +02:00

enable_banking_entry

fix(enable-banking): import transactions missing transaction_id and entry_reference (#1767 )

2026-05-12 00:17:49 +02:00

enable_banking_item

fix(enable-banking): gracefully skip PDNG fetch for ASPSPs that don't support it (#1789 )

2026-05-13 17:54:09 +02:00

eval

feat: add SSL_CA_FILE and SSL_VERIFY environment variables to support… (#894 )

2026-02-06 18:04:03 +01:00

exchange_rate

Add improvements from security providers to FX providers also (#1445 )

2026-04-13 00:51:23 +02:00

family

fix(exports): align CSV roundtrip contracts (#1725 )

2026-05-13 20:07:00 +02:00

goal

fix(retirement): review fixes — IDOR, adjustment cap, bucket access

2026-05-30 09:39:31 +02:00

goal_pledge

feat(goals): v2 architecture — drop ledger, derive balance, add pledge

2026-05-14 16:07:14 +02:00

holding

Add Interactive Brokers Provider (#1722 )

2026-05-12 23:45:19 +02:00

ibkr_account

feat(ibkr): compute net_market_flows from IBKR equity equity delta and trade flows (#1970 )

2026-05-26 22:48:23 +02:00

ibkr_item

Add Interactive Brokers Provider (#1722 )

2026-05-12 23:45:19 +02:00

indexa_capital_account

Fix IndexaCapital sync, account setup, and balance/type bugs (#1562 )

2026-04-27 18:33:22 +02:00

kraken_account

feat(providers): add Kraken exchange sync (#1759 )

2026-05-12 00:22:37 +02:00

kraken_item

feat(providers): add Kraken exchange sync (#1759 )

2026-05-12 00:22:37 +02:00

lunchflow_account/investments

Implement holdings for lunch flow (#590 )

2026-01-09 13:14:14 +01:00

lunchflow_entry

fix: add logic to skip future pending transactions and add cleanup ta… (#1011 )

2026-02-19 18:58:01 +01:00

lunchflow_item

feat: process pending transactions from lunchflow (#731 )

2026-01-23 00:53:24 +01:00

plaid_account

Make categories global (#1160 )

2026-03-11 15:54:01 +01:00

plaid_entry

Providers factory (#250 )

2025-10-28 19:32:27 +01:00

plaid_item

Increase specificity of filter when fetching Plaid liabilities

2025-05-24 19:16:55 -04:00

provider

Retry Enable Banking sync with provider-corrected date range (#1801 )

2026-05-17 12:09:51 +02:00

provider_merchant

Provider merchants enhancement (#1254 )

2026-03-23 12:34:43 +01:00

recurring_transaction

Recurring scoping implementation (#1300 )

2026-03-26 19:01:35 +01:00

rule

fix: Transfers were not syncing between accounts (#987 )

2026-02-16 13:50:06 +01:00

security

Add super_admin debug event log (#1816 )

2026-05-17 16:55:01 +02:00

simplefin

UI Suggestions for Account Types in Setup Modal + Stats-Based Inactive Handling (#368 )

2025-11-24 14:07:14 +01:00

simplefin_account

fix(simplefin): treat Vanguard/Fidelity cost_basis as total when needed (#1772 )

2026-05-13 18:17:10 +02:00

simplefin_entry

Add Binance support, heavily inspired by the Coinbase one (#1317 )

2026-04-07 14:43:17 +02:00

simplefin_item

SimpleFIN: setup UX + same-provider relink + card-replacement detection (#1493 )

2026-04-18 09:50:34 +02:00

snaptrade_account

fix: correct SnapTrade cash activity signs (#1634 )

2026-05-12 00:55:46 +02:00

sophtron_item

[codex] Add Sophtron manual sync fixes (#1714 )

2026-05-09 21:55:20 +02:00

transaction

Add Interactive Brokers Provider (#1722 )

2026-05-12 23:45:19 +02:00

transfer

Add exchange rate feature with multi-currency transactions and transfers support (#1099 )

2026-04-08 21:05:58 +02:00

valuation

Start and end balance anchors for historical account balances (#2455 )

2025-07-15 11:42:41 -04:00

vector_store

feat(vector-store): Implement pgvector adapter for self-hosted RAG (#1211 )

2026-03-20 17:01:31 +01:00

account_ibkr_creation_test.rb

Add Interactive Brokers Provider (#1722 )

2026-05-12 23:45:19 +02:00

account_import_test.rb

fix(exports): align CSV roundtrip contracts (#1725 )

2026-05-13 20:07:00 +02:00

account_provider_test.rb

Add (beta) CoinStats Crypto Wallet Integration with Balance and Transaction Syncing (#512 )

2026-01-07 15:59:04 +01:00

account_share_test.rb

Family sharing (#1272 )

2026-03-25 10:50:23 +01:00

account_simplefin_creation_test.rb

UI Suggestions for Account Types in Setup Modal + Stats-Based Inactive Handling (#368 )

2025-11-24 14:07:14 +01:00

account_statement_test.rb

feat(statements): add account statement vault (#1753 )

2026-05-13 21:05:11 +02:00

account_test.rb

fix : account destroyed cascade transfer destruction then … (#1795 )

2026-05-24 13:27:27 +02:00

actual_import_test.rb

Add Actual Budget CSV import flow (#1830 )

2026-05-18 18:38:53 +02:00

address_test.rb

fix: change postal_code column from integer to string (#1585 )

2026-04-29 15:30:04 +02:00

api_key_test.rb

Protect demo API key from deletion (#919 )

2026-02-06 21:25:52 +01:00

archived_export_test.rb

Add post-trial inactive Family cleanup with data archival (#1199 )

2026-03-14 20:14:18 +01:00

assistant_message_test.rb

fix(chat): eager pending AssistantMessage to fix Turbo subscribe race (#1657 ) (#1658 )

2026-05-03 20:33:29 +02:00

assistant_test.rb

fix(chat): eager pending AssistantMessage to fix Turbo subscribe race (#1657 ) (#1658 )

2026-05-03 20:33:29 +02:00

balance_sheet_test.rb

feat(i18n): add Hungarian translations for strings extracted in #1806 (#1817 )

2026-05-18 20:49:28 +02:00

binance_account_test.rb

Add Binance support, heavily inspired by the Coinbase one (#1317 )

2026-04-07 14:43:17 +02:00

binance_item_test.rb

Add Binance support, heavily inspired by the Coinbase one (#1317 )

2026-04-07 14:43:17 +02:00

brex_account_test.rb

feat(sync): add Brex provider connections (#1752 )

2026-05-13 18:13:48 +02:00

brex_item_test.rb

feat(sync): add Brex provider connections (#1752 )

2026-05-13 18:13:48 +02:00

budget_category_test.rb

Budget page refactor: split into(All - Over Budget - On Track) (#1195 )

2026-04-13 20:03:55 +02:00

budget_test.rb

Hide nested budget categories in the Budget spent donut (#1544 )

2026-04-23 21:28:38 +02:00

category_import_test.rb

Make categories global (#1160 )

2026-03-11 15:54:01 +01:00

category_test.rb

fix: add hex color validation to Category model and form (to solve #1247 ) (#1341 )

2026-04-01 20:27:29 +02:00

chat_test.rb

fix(chat): eager pending AssistantMessage to fix Turbo subscribe race (#1657 ) (#1658 )

2026-05-03 20:33:29 +02:00

coinbase_account_test.rb

Add Coinbase exchange integration with CDP API support (#704 )

2026-01-21 22:56:39 +01:00

coinbase_item_test.rb

Add Coinbase exchange integration with CDP API support (#704 )

2026-01-21 22:56:39 +01:00

coinstats_account_test.rb

Add DeFi via Coinstats (#1417 )

2026-04-11 21:37:07 +02:00

coinstats_item_test.rb

Add (beta) CoinStats Crypto Wallet Integration with Balance and Transaction Syncing (#512 )

2026-01-07 15:59:04 +01:00

crypto_test.rb

Fix crypto subtype for trades api (#1022 )

2026-02-19 19:51:42 +01:00

current_test.rb

Use DB for auth sessions (#1233 )

2024-10-03 14:42:22 -04:00

debug_log_entry_test.rb

Add super_admin debug event log (#1816 )

2026-05-17 16:55:01 +02:00

enable_banking_account_test.rb

feat(enable-banking): enhance transaction import, metadata handling, and UI (#1406 )

2026-04-10 23:19:48 +02:00

entry_split_test.rb

feat(splits): add exclusion support for splits and improve rendering (#1661 )

2026-05-09 12:36:41 +02:00

exchange_rate_pair_test.rb

Add improvements from security providers to FX providers also (#1445 )

2026-04-13 00:51:23 +02:00

exchange_rate_test.rb

Fix foreign currency accounts using wrong exchange rate in balance sheet totals (#1010 )

2026-02-19 18:07:47 +01:00

family_document_test.rb

Add Family vector search function call / support for document vault (#961 )

2026-02-11 15:22:56 +01:00

family_export_test.rb

More rebranding changes (#159 )

2025-09-24 00:19:51 +02:00

family_test.rb

feat: add currency management for families with enabled currencies (#1419 )

2026-04-13 19:53:04 +02:00

goal_pledge_test.rb

perf + tests(goals): share account-ids across velocity windows + cover gaps

2026-05-18 21:11:30 +02:00

goal_test.rb

fix(retirement): isolate retirement goals from savings goal routes

2026-05-29 10:25:05 +02:00

holding_test.rb

Add Interactive Brokers Provider (#1722 )

2026-05-12 23:45:19 +02:00

ibkr_account_processor_test.rb

fix(ibkr): correct historical cash/non-cash split for linked accounts (#1813 )

2026-05-18 21:03:04 +02:00

ibkr_item_importer_test.rb

Add Interactive Brokers Provider (#1722 )

2026-05-12 23:45:19 +02:00

ibkr_item_report_parser_test.rb

Add Interactive Brokers Provider (#1722 )

2026-05-12 23:45:19 +02:00

ibkr_item_test.rb

Add Interactive Brokers Provider (#1722 )

2026-05-12 23:45:19 +02:00

impersonation_session_test.rb

More rebranding changes (#159 )

2025-09-24 00:19:51 +02:00

import_encoding_test.rb

Reports print functionality (#622 )

2026-01-12 14:40:30 +01:00

income_statement_test.rb

Providers sharing (#1273 )

2026-03-25 17:47:04 +01:00

indexa_capital_account_test.rb

Implement Indexa Capital provider with real API integration (#933 )

2026-02-08 18:19:37 +01:00

indexa_capital_item_test.rb

Implement Indexa Capital provider with real API integration (#933 )

2026-02-08 18:19:37 +01:00

investment_statement_test.rb

Investments currency fix (#1436 )

2026-04-11 15:09:59 +02:00

investment_test.rb

feat(investments): add India investment subtypes and exchange support (#1659 )

2026-05-05 01:04:29 +02:00

invitation_test.rb

Enforce one pending invitation per email across all families (#1173 )

2026-03-10 13:44:53 +01:00

invite_code_test.rb

Use consistent language for invite codes

2024-02-02 19:37:10 -06:00

kraken_item_test.rb

feat(providers): add Kraken exchange sync (#1759 )

2026-05-12 00:22:37 +02:00

loan_test.rb

Fix loan account subtype not persisting on create (#1491 )

2026-04-18 00:06:24 +02:00

lunchflow_item_test.rb

Constrain Lunchflow base URL to trusted endpoint (#1768 )

2026-05-12 12:18:17 +02:00

market_data_importer_test.rb

Add throttling and cross-rate for twelve data (#1396 )

2026-04-07 20:46:05 +02:00

mercury_account_test.rb

fix(mercury): support named multiple API connections (#1627 )

2026-05-03 10:56:31 +02:00

mercury_item_test.rb

fix(mercury): support named multiple API connections (#1627 )

2026-05-03 10:56:31 +02:00

mint_import_test.rb

feat(api): add import preflight validation (#1755 )

2026-05-12 00:00:49 +02:00

mobile_device_test.rb

Fix mobile login "Record not found" for unseeded instances (#916 )

2026-02-06 18:04:29 +01:00

oidc_identity_test.rb

fix(sso): preserve user-edited name across OIDC logins (#1777 )

2026-05-12 21:55:22 +02:00

pdf_import_test.rb

feat(api): expose import row diagnostics (#1644 )

2026-05-05 01:12:48 +02:00

pension_source_test.rb

feat(retirement): PR2 data models — pension sources, statements, bucket

2026-05-29 10:36:18 +02:00

period_test.rb

Fixes & Improvements (#316 )

2025-11-11 19:51:07 +01:00

plaid_account_test.rb

feat: scope Mercury account uniqueness to mercury_item (#1032 )

2026-03-19 15:17:55 +01:00

plaid_item_test.rb

Lunch flow improvements (#268 )

2025-10-31 13:29:44 +01:00

provider_connection_status_test.rb

feat(providers): add Kraken exchange sync (#1759 )

2026-05-12 00:22:37 +02:00

provider_test.rb

Use faraday retry, move retry logic to concrete provider level (#2042 )

2025-04-01 08:41:49 -04:00

qif_import_test.rb

QIF imports: Add date format auto-detection and manual override (#1368 )

2026-04-05 09:27:24 +02:00

recurring_transaction_test.rb

feat(recurring): allow marking transfers as recurring (#895 ) (#1589 )

2026-05-12 00:37:47 +02:00

retirement_bucket_entry_test.rb

feat(retirement): PR2 data models — pension sources, statements, bucket

2026-05-29 10:36:18 +02:00

rule_import_test.rb

fix: preserve wrapped rule import json values (#1358 )

2026-04-03 12:38:37 +02:00

rule_test.rb

Add "Transaction account" as rule condition filter (#1186 )

2026-03-13 07:59:45 +01:00

security_test.rb

Move back to brandfetch (#1427 )

2026-04-10 17:42:16 +02:00

setting_test.rb

Fixes & Improvements (#316 )

2025-11-11 19:51:07 +01:00

simplefin_account_processor_test.rb

Fix SimpleFIN inverting Loan account balances (#1574 )

2026-04-29 13:00:38 +02:00

simplefin_account_test.rb

feat(i18n): extract hardcoded English strings to locale files (#1806 )

2026-05-17 09:52:49 +02:00

simplefin_item_dedupe_test.rb

Simplefin enhancements v2 (#267 )

2025-11-17 21:51:37 +01:00

simplefin_item_test.rb

Fix SimpleFin investment holdings and comprehensive integration improvements (#104 )

2025-10-22 19:51:24 +02:00

snaptrade_account_processor_test.rb

Add Interactive Brokers Provider (#1722 )

2026-05-12 23:45:19 +02:00

snaptrade_account_test.rb

FIX schema drift and snaptrade and mercury issues (#1232 )

2026-03-20 14:52:09 +01:00

snaptrade_data_helpers_test.rb

Add comprehensive tests for SnaptradeAccount processors and data helpers. (#742 )

2026-01-23 00:27:00 +01:00

snaptrade_item_test.rb

Scope SnapTrade orphan cleanup to current family (#1769 )

2026-05-12 12:17:00 +02:00

sophtron_account_test.rb

[codex] Complete Sophtron account mapping (#1698 )

2026-05-08 15:15:23 +02:00

sophtron_item_test.rb

[codex] Add Sophtron manual sync fixes (#1714 )

2026-05-09 21:55:20 +02:00

sso_provider_test.rb

Normalize legacy SSO icon values before validation (#955 )

2026-02-10 23:14:58 +01:00

sso_provider_tester_test.rb

fix(auth): surface exact OIDC issuer mismatches (#1666 )

2026-05-05 00:47:45 +02:00

subscription_test.rb

Improve rules - add name, allow sorting, improve UI (#2177 )

2025-05-13 15:53:13 -04:00

sure_import_test.rb

feat(imports): verify Sure NDJSON import readback (#1869 )

2026-05-20 21:35:22 +02:00

sync_test.rb

feat(api): expose sync status (#1635 )

2026-05-06 22:02:21 +02:00

tag_test.rb

Account::Sync model and test fixture simplifications (#968 )

2024-07-10 11:22:59 -04:00

trade_import_test.rb

fix(exports): align CSV roundtrip contracts (#1725 )

2026-05-13 20:07:00 +02:00

trade_test.rb

Add Interactive Brokers Provider (#1722 )

2026-05-12 23:45:19 +02:00

transaction_attachment_validation_test.rb

feat(transaction): add support for file attachments using Active Storage (#713 )

2026-03-14 23:56:27 +01:00

transaction_import_test.rb

fix(exports): align CSV roundtrip contracts (#1725 )

2026-05-13 20:07:00 +02:00

transaction_test.rb

Add Interactive Brokers Provider (#1722 )

2026-05-12 23:45:19 +02:00

transfer_test.rb

Add investment activity detection, labels, and exclusions

2026-01-12 15:35:14 -05:00

trend_test.rb

New Design System + Codebase Refresh (#1823 )

2025-02-21 11:57:59 -05:00

user_message_test.rb

fix(chat): eager pending AssistantMessage to fix Turbo subscribe race (#1657 ) (#1658 )

2026-05-03 20:33:29 +02:00

user_test.rb

refactor: rename beta features gate to preview features (#1837 )

2026-05-19 14:41:02 +02:00