QT/sure
1
0
Fork 0
mirror of https://github.com/we-promise/sure.git synced 2026-05-09 13:45:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
d3c1c03e3b28eecb77ec7dcdfa5f03e14bba2d02
sure/app/views/accounts/_account.html.erb
LPW 0a96bf199d SimpleFIN: setup UX + same-provider relink + card-replacement detection (#1493) 
* SimpleFIN: setup UX + same-provider relink + card-replacement detection

Fixes three bugs and adds auto-detection for credit-card fraud replacement.

Bugs:
- Importer: per-institution auth errors no longer flip the whole item to
  requires_update. Partial errors stay on sync_stats so other institutions
  keep syncing.
- Setup page: new activity badges (recent / dormant / empty / likely-closed)
  via SimplefinAccount::ActivitySummary. Likely-closed (dormant + near-zero
  balance + prior history) defaults to "skip" in the type picker.
- Relink: link_existing_account allows SimpleFIN to SimpleFIN swaps by
  atomically detaching the old AccountProvider inside a transaction. Adds
  "Change SimpleFIN account" menu item on linked-account dropdowns.

Feature (credit-card scope only):
- SimplefinItem::ReplacementDetector runs post-sync. Pairs a linked dormant
  zero-balance sfa with an unlinked active sfa at the same institution and
  account type. Persists suggestions on Sync#sync_stats.
- Inline banner on the SimpleFIN item card prompts relink via CustomConfirm.
  Per-pair dismiss button scoped to the current sync (resurfaces on next
  sync if still applicable). Auto-suppresses once the relink has landed.

Dev tooling:
- bin/rails simplefin:seed_fraud_scenario[email] creates a realistic broken
  pair for manual QA; cleanup_fraud_scenario reverses it.

* Address review feedback on #1493

- ReplacementDetector: symmetric one-to-one matching. Two dormant cards
  pointing at the same active card are now both skipped — previously the
  detector could emit two suggestions that would clobber each other if
  the user accepted both.
- ReplacementDetector: require non-blank institution names on both sides
  before matching. Blank-vs-blank was accidentally treated as equal,
  risking cross-provider false matches when SimpleFIN omitted org_data.
- ActivitySummary: fall back to "posted" when "transacted_at" is 0
  (SimpleFIN's "unknown" sentinel). Integer 0 is truthy in Ruby, so the
  previous `|| fallback` short-circuited and ignored posted.
- Controller: dismiss key is now the (dormant, active) pair so dismissing
  one candidate for a dormant card doesn't suppress others.
- Helper test: freeze time around "6.hours.ago" and "5.days.ago"
  assertions so they don't flake when the suite runs before 06:00.

* Address second review pass on #1493

- ReplacementDetector: canonicalize account_type in one place so filtering
  (supported_type?) and matching (type_matches?) agree on "credit card"
  vs "credit_card" variants.
- ReplacementDetector: skip candidates with nil current_balance. nil is
  "unknown," not "zero" — previously fell back to 0 and passed the near-
  zero gate, allowing suggestions without balance evidence.
2026-04-18 09:50:34 +02:00

114 lines
5.9 KiB
Plaintext
Raw Blame History

<%# locals: (account:, return_to: nil) %>
<% is_default = Current.user&.default_account_id == account.id %>
<%= turbo_frame_tag dom_id(account) do %>
<div class="relative p-4 flex items-center justify-between gap-3 group/account hover:bg-surface-hover">
<div class="flex items-center gap-3">
<%= render "accounts/logo", account: account, size: "md" %>
<div>
<% if account.pending_deletion? %>
<p class="text-sm font-medium text-primary">
<span>
<%= account.name %>
</span>
<span class="text-red-500 animate-pulse">
(deletion in progress...)
</span>
</p>
<% else %>
<div class="flex items-center gap-1.5">
<%= link_to account.name, account, class: [(account.active? ? "text-primary" : "text-subdued"), "text-sm font-medium hover:underline"], data: { turbo_frame: "_top" } %>
<% if account.shared? %>
<%= icon("users", class: "w-3.5 h-3.5 text-secondary", title: account.owned_by?(Current.user) ? nil : account.owner&.display_name) %>
<% end %>
<% if account.institution_name.present? %>
<span class="hidden sm:inline text-secondary">• <%= account.institution_name %></span>
<% end %>
</div>
<% if account.long_subtype_label %>
<p class="text-sm text-secondary truncate"><%= account.long_subtype_label %></p>
<% end %>
<% if account.supports_default? && is_default %>
<p class="text-xs text-secondary opacity-50"><%= t("accounts.account.default_label") %></p>
<% end %>
<% if account.institution_name.present? %>
<p class="sm:hidden text-sm text-secondary truncate"><%= account.institution_name %></p>
<% end %>
<% end %>
</div>
</div>
<div class="flex items-center gap-4">
<% if account.draft? %>
<!-- Balance hidden for draft accounts -->
<% elsif account.syncing? %>
<div class="w-16 h-6 bg-loader rounded-full animate-pulse"></div>
<% else %>
<p class="text-sm font-medium privacy-sensitive <%= account.active? ? "text-primary" : "text-subdued" %>">
<%= format_money account.balance_money %>
</p>
<% end %>
<% if account.draft? %>
<%= render DS::Link.new(
text: "Complete setup",
href: edit_account_path(account, return_to: return_to),
variant: :outline,
frame: :modal
) %>
<% elsif !account.pending_deletion? %>
<% permission = account.permission_for(Current.user) %>
<%= render DS::Menu.new(icon_vertical: true, mobile_fullwidth: false, max_width: "280px") do |menu| %>
<% if permission.in?([ :owner, :full_control ]) %>
<% menu.with_item(variant: "link", text: t("accounts.account.edit"), href: edit_account_path(account, return_to: return_to), icon: "pencil-line", data: { turbo_frame: :modal }) %>
<% end %>
<% menu.with_item(variant: "link", text: t("accounts.account.sharing"), href: account_sharing_path(account), icon: "users", data: { turbo_frame: :modal }) %>
<% if Current.user&.admin? %>
<% if !account.linked? && %w[Depository CreditCard Investment Crypto].include?(account.accountable_type) %>
<% menu.with_item(variant: "link", text: t("accounts.account.link_provider"), href: select_provider_account_path(account), icon: "link", data: { turbo_frame: :modal }) %>
<% elsif account.linked? %>
<%# Same-provider relink (e.g., card-replacement fraud). Only surfaced for
SimpleFIN-linked accounts today; other providers can be added later. %>
<% if account.linked_to?("SimplefinAccount") %>
<% menu.with_item(
variant: "link",
text: t("accounts.account.change_simplefin_account"),
href: select_existing_account_simplefin_items_path(account_id: account.id),
icon: "arrow-left-right",
data: { turbo_frame: :modal }
) %>
<% end %>
<% menu.with_item(variant: "link", text: t("accounts.account.unlink_provider"), href: confirm_unlink_account_path(account), icon: "unlink", data: { turbo_frame: :modal }) %>
<% end %>
<% end %>
<% if permission.in?([ :owner, :full_control ]) %>
<% menu.with_item(variant: "divider") %>
<% if account.active? %>
<% menu.with_item(variant: "button", text: t("accounts.account.disable"), href: toggle_active_account_path(account), method: :patch, icon: "toggle-right", data: { turbo_frame: :_top }) %>
<% elsif account.disabled? %>
<% menu.with_item(variant: "button", text: t("accounts.account.enable"), href: toggle_active_account_path(account), method: :patch, icon: "toggle-left", data: { turbo_frame: :_top }) %>
<% end %>
<% end %>
<% if is_default %>
<% menu.with_item(variant: "button", text: t("accounts.account.remove_default"), href: remove_default_account_path(account), method: :patch, icon: "star-off", data: { turbo_frame: :_top }) %>
<% elsif account.eligible_for_transaction_default? %>
<% menu.with_item(variant: "button", text: t("accounts.account.set_default"), href: set_default_account_path(account), method: :patch, icon: "star", data: { turbo_frame: :_top }) %>
<% end %>
<% if account.owned_by?(Current.user) && !account.linked? %>
<% menu.with_item(variant: "divider") %>
<% menu.with_item(variant: "button", text: t("accounts.account.delete"), href: account_path(account), method: :delete, icon: "trash-2", confirm: CustomConfirm.for_resource_deletion("account", high_severity: true), data: { turbo_frame: :_top }) %>
<% end %>
<% end %>
<% end %>
</div>
</div>
<% end %>
Reference in New Issue View Git Blame Copy Permalink