From 7062fadf0b8f533c8b8836ec57edcbb88fb2d086 Mon Sep 17 00:00:00 2001 From: David Nguyen Date: Tue, 30 Jun 2026 15:45:48 +1000 Subject: [PATCH 01/10] fix: add additional team group permission checks (#3052) --- .../app-tests/e2e/teams/team-groups.spec.ts | 163 ++++++++++++++++++ .../server/team-router/delete-team-group.ts | 9 + .../server/team-router/update-team-group.ts | 7 +- 3 files changed, 177 insertions(+), 2 deletions(-) create mode 100644 packages/app-tests/e2e/teams/team-groups.spec.ts diff --git a/packages/app-tests/e2e/teams/team-groups.spec.ts b/packages/app-tests/e2e/teams/team-groups.spec.ts new file mode 100644 index 000000000..74c7f6372 --- /dev/null +++ b/packages/app-tests/e2e/teams/team-groups.spec.ts @@ -0,0 +1,163 @@ +import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app'; +import { generateDatabaseId } from '@documenso/lib/universal/id'; +import { prisma } from '@documenso/prisma'; +import { seedTeamMember } from '@documenso/prisma/seed/teams'; +import { seedUser } from '@documenso/prisma/seed/users'; +import { expect, type Page, test } from '@playwright/test'; +import { OrganisationGroupType, OrganisationMemberRole, TeamMemberRole } from '@prisma/client'; + +import { apiSignin } from '../fixtures/authentication'; + +const WEBAPP_BASE_URL = NEXT_PUBLIC_WEBAPP_URL(); + +test.describe.configure({ mode: 'parallel' }); + +/** + * Calls a team-group tRPC mutation directly, bypassing the UI. + * + * The UI only ever surfaces CUSTOM / INTERNAL_ORGANISATION groups, so these + * authorisation rules must be enforced on the server - a crafted request can + * target any `teamGroupId`, including the system-managed INTERNAL_TEAM groups. + */ +const callTeamGroupMutation = ( + page: Page, + procedure: 'team.group.delete' | 'team.group.update', + teamId: number, + input: Record, +) => + page.context().request.post(`${WEBAPP_BASE_URL}/api/trpc/${procedure}`, { + headers: { 'content-type': 'application/json', 'x-team-id': teamId.toString() }, + data: JSON.stringify({ json: input }), + }); + +/** + * Every team is created with three system-managed INTERNAL_TEAM groups + * (admin/manager/member). They are the backbone of team-specific access and, + * like organisation internal groups, must not be deletable - deleting them + * silently strips team members of access while leaving the team row in place. + */ +test('[TEAMS]: internal team groups cannot be deleted via the API', async ({ page }) => { + // Member inheritance OFF: membership is granted exclusively through the team's + // INTERNAL_TEAM groups, so removing them is what causes the access loss. + const { user: owner, team } = await seedUser({ inheritMembers: false }); + + // A direct team member whose access depends on the INTERNAL_TEAM member group. + const directMember = await seedTeamMember({ teamId: team.id, role: TeamMemberRole.MEMBER }); + + await apiSignin({ page, email: owner.email }); + + const internalTeamGroups = await prisma.teamGroup.findMany({ + where: { + teamId: team.id, + organisationGroup: { type: OrganisationGroupType.INTERNAL_TEAM }, + }, + }); + + // admin + manager + member. + expect(internalTeamGroups).toHaveLength(3); + + for (const group of internalTeamGroups) { + const response = await callTeamGroupMutation(page, 'team.group.delete', team.id, { + teamId: team.id, + teamGroupId: group.id, + }); + + expect(response.status(), `INTERNAL_TEAM ${group.teamRole} group must not be deletable`).not.toBe(200); + } + + // None of the internal groups were removed. + const remaining = await prisma.teamGroup.count({ + where: { + teamId: team.id, + organisationGroup: { type: OrganisationGroupType.INTERNAL_TEAM }, + }, + }); + + expect(remaining).toBe(3); + + // The direct member therefore keeps their team access. + const memberStillHasAccess = await prisma.teamGroup.findFirst({ + where: { + teamId: team.id, + organisationGroup: { + type: OrganisationGroupType.INTERNAL_TEAM, + organisationGroupMembers: { + some: { organisationMember: { userId: directMember.id } }, + }, + }, + }, + }); + + expect(memberStillHasAccess).not.toBeNull(); +}); + +/** + * Guards against over-blocking: user-created (CUSTOM) team groups are not + * internal and must remain removable by team managers/admins. + */ +test('[TEAMS]: custom team groups can still be deleted', async ({ page }) => { + const { user: owner, organisation, team } = await seedUser({ inheritMembers: false }); + + const customGroup = await prisma.organisationGroup.create({ + data: { + id: generateDatabaseId('org_group'), + name: `custom-${team.url}`, + type: OrganisationGroupType.CUSTOM, + organisationRole: OrganisationMemberRole.MEMBER, + organisationId: organisation.id, + teamGroups: { + create: { + id: generateDatabaseId('team_group'), + teamId: team.id, + teamRole: TeamMemberRole.MEMBER, + }, + }, + }, + include: { teamGroups: true }, + }); + + const customTeamGroup = customGroup.teamGroups[0]; + + await apiSignin({ page, email: owner.email }); + + const response = await callTeamGroupMutation(page, 'team.group.delete', team.id, { + teamId: team.id, + teamGroupId: customTeamGroup.id, + }); + + expect(response.status()).toBe(200); + + const deleted = await prisma.teamGroup.findUnique({ where: { id: customTeamGroup.id } }); + + expect(deleted).toBeNull(); +}); + +/** + * The same root cause affects updates: an INTERNAL_TEAM group's role must not be + * editable either, otherwise a team admin could rewrite the backbone roles + * (e.g. promote the member group to admin). + */ +test('[TEAMS]: internal team groups cannot be updated via the API', async ({ page }) => { + const { user: owner, team } = await seedUser({ inheritMembers: false }); + + await apiSignin({ page, email: owner.email }); + + const internalMemberGroup = await prisma.teamGroup.findFirstOrThrow({ + where: { + teamId: team.id, + teamRole: TeamMemberRole.MEMBER, + organisationGroup: { type: OrganisationGroupType.INTERNAL_TEAM }, + }, + }); + + const response = await callTeamGroupMutation(page, 'team.group.update', team.id, { + id: internalMemberGroup.id, + data: { teamRole: TeamMemberRole.ADMIN }, + }); + + expect(response.status()).not.toBe(200); + + const reloaded = await prisma.teamGroup.findUniqueOrThrow({ where: { id: internalMemberGroup.id } }); + + expect(reloaded.teamRole).toBe(TeamMemberRole.MEMBER); +}); diff --git a/packages/trpc/server/team-router/delete-team-group.ts b/packages/trpc/server/team-router/delete-team-group.ts index a3953f4c1..50a3cc68b 100644 --- a/packages/trpc/server/team-router/delete-team-group.ts +++ b/packages/trpc/server/team-router/delete-team-group.ts @@ -53,6 +53,15 @@ export const deleteTeamGroupRoute = authenticatedProcedure }); } + // You cannot delete internal team groups. These are the system-managed + // admin/manager/member groups that back the team's role-based access, and + // deleting them would silently strip team members of their access. + if (group.organisationGroup.type === OrganisationGroupType.INTERNAL_TEAM) { + throw new AppError(AppErrorCode.UNAUTHORIZED, { + message: 'You are not allowed to delete internal team groups', + }); + } + // You cannot delete internal organisation groups. // The only exception is deleting the "member" organisation group which is used to allow // all organisation members to access a team. diff --git a/packages/trpc/server/team-router/update-team-group.ts b/packages/trpc/server/team-router/update-team-group.ts index f348d49fb..cd11f92d2 100644 --- a/packages/trpc/server/team-router/update-team-group.ts +++ b/packages/trpc/server/team-router/update-team-group.ts @@ -45,9 +45,12 @@ export const updateTeamGroupRoute = authenticatedProcedure }); } - if (teamGroup.organisationGroup.type === OrganisationGroupType.INTERNAL_ORGANISATION) { + if ( + teamGroup.organisationGroup.type === OrganisationGroupType.INTERNAL_ORGANISATION || + teamGroup.organisationGroup.type === OrganisationGroupType.INTERNAL_TEAM + ) { throw new AppError(AppErrorCode.UNAUTHORIZED, { - message: 'You are not allowed to update internal organisation groups', + message: 'You are not allowed to update internal groups', }); } From 3b110cf70de23bb9aad0f6ec7737626ed8d64360 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gr=C3=A9gory=20Chevalier?= <158556490+GregCnpp@users.noreply.github.com> Date: Tue, 30 Jun 2026 07:52:59 +0200 Subject: [PATCH 02/10] fix: french translation for confirmation message (#3050) --- packages/lib/translations/fr/web.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/lib/translations/fr/web.po b/packages/lib/translations/fr/web.po index 1305373bc..181b21a64 100644 --- a/packages/lib/translations/fr/web.po +++ b/packages/lib/translations/fr/web.po @@ -8424,7 +8424,7 @@ msgstr "Veuillez réessayer ou contacter notre support." #. placeholder {0}: `'${t(deleteMessage)}'` #: apps/remix/app/components/dialogs/envelope-delete-dialog.tsx msgid "Please type {0} to confirm" -msgstr "Veuiillez taper {0} pour confirmer" +msgstr "Veuillez taper {0} pour confirmer" #. placeholder {0}: user.email #: apps/remix/app/components/dialogs/account-delete-dialog.tsx From 562d78e2d7f20db0f1d5dc63375379b3af0d07c5 Mon Sep 17 00:00:00 2001 From: Kendry Grullon Date: Tue, 30 Jun 2026 02:08:09 -0400 Subject: [PATCH 03/10] feat: add granular signin disable flags and OIDC auto-redirect (#2857) --- .env.example | 14 +++ .../configuration/environment.mdx | 54 +++++++++ .../deployment/docker-compose.mdx | 13 ++ .../docs/self-hosting/deployment/docker.mdx | 6 + .../docs/self-hosting/deployment/railway.mdx | 6 + apps/remix/app/components/forms/signin.tsx | 112 ++++++++++-------- .../_unauthenticated+/forgot-password.tsx | 11 +- .../reset-password.$token.tsx | 5 + .../reset-password._index.tsx | 11 +- .../app/routes/_unauthenticated+/signin.tsx | 56 ++++++++- docker/production/compose.yml | 6 + .../auth/server/lib/errors/error-codes.ts | 1 + packages/auth/server/routes/email-password.ts | 25 ++++ packages/lib/constants/auth.ts | 27 +++++ packages/lib/translations/de/web.po | 5 + packages/lib/translations/en/web.po | 5 + packages/lib/translations/es/web.po | 5 + packages/lib/translations/fr/web.po | 5 + packages/lib/translations/it/web.po | 5 + packages/lib/translations/ja/web.po | 5 + packages/lib/translations/ko/web.po | 5 + packages/lib/translations/nl/web.po | 5 + packages/lib/translations/pl/web.po | 5 + packages/lib/translations/pt-BR/web.po | 5 + packages/lib/translations/zh/web.po | 5 + packages/tsconfig/process-env.d.ts | 7 ++ render.yaml | 12 ++ turbo.json | 6 + 28 files changed, 371 insertions(+), 56 deletions(-) diff --git a/.env.example b/.env.example index be3ecaab3..5f3da7c1f 100644 --- a/.env.example +++ b/.env.example @@ -180,6 +180,20 @@ NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNUP= NEXT_PUBLIC_DISABLE_OIDC_SIGNUP= # OPTIONAL: Comma-separated list of email domains allowed to sign up (e.g., example.com,acme.org). NEXT_PRIVATE_ALLOWED_SIGNUP_DOMAINS= +# OPTIONAL: Set to "true" to disable all signin methods (email, Google, Microsoft, OIDC). +NEXT_PUBLIC_DISABLE_SIGNIN= +# OPTIONAL: Set to "true" to disable email/password signin only. Also closes /forgot-password and /reset-password. +NEXT_PUBLIC_DISABLE_EMAIL_PASSWORD_SIGNIN= +# OPTIONAL: Set to "true" to hide the Google signin button. +NEXT_PUBLIC_DISABLE_GOOGLE_SIGNIN= +# OPTIONAL: Set to "true" to hide the Microsoft signin button. +NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNIN= +# OPTIONAL: Set to "true" to hide the OIDC signin button. +NEXT_PUBLIC_DISABLE_OIDC_SIGNIN= +# OPTIONAL: When OIDC is the only enabled signin transport, /signin auto-redirects +# to the OIDC provider (rendering only a spinner). Set to "true" to disable this +# and keep showing the signin page. +NEXT_PUBLIC_DISABLE_OIDC_AUTO_REDIRECT= # OPTIONAL: Set to true to use internal webapp url in browserless requests. NEXT_PUBLIC_USE_INTERNAL_URL_BROWSERLESS=false diff --git a/apps/docs/content/docs/self-hosting/configuration/environment.mdx b/apps/docs/content/docs/self-hosting/configuration/environment.mdx index 4ec25e213..4b910b43b 100644 --- a/apps/docs/content/docs/self-hosting/configuration/environment.mdx +++ b/apps/docs/content/docs/self-hosting/configuration/environment.mdx @@ -272,6 +272,12 @@ For detailed certificate setup, see [Signing Certificate](/docs/self-hosting/con | `NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNUP` | Block new accounts via Microsoft. Existing linked users can still sign in | `false` | | `NEXT_PUBLIC_DISABLE_OIDC_SIGNUP` | Block new accounts via OIDC, including the organisation portal | `false` | | `NEXT_PRIVATE_ALLOWED_SIGNUP_DOMAINS` | Comma-separated list of email domains allowed to sign up (e.g., `example.com,acme.org`) | | +| `NEXT_PUBLIC_DISABLE_SIGNIN` | Master switch. Disable all signin methods application-wide | `false` | +| `NEXT_PUBLIC_DISABLE_EMAIL_PASSWORD_SIGNIN` | Disable email/password signin. Also closes `/forgot-password` and `/reset-password` | `false` | +| `NEXT_PUBLIC_DISABLE_GOOGLE_SIGNIN` | Hide the Google signin button | `false` | +| `NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNIN` | Hide the Microsoft signin button | `false` | +| `NEXT_PUBLIC_DISABLE_OIDC_SIGNIN` | Hide the OIDC signin button | `false` | +| `NEXT_PUBLIC_DISABLE_OIDC_AUTO_REDIRECT` | Disable the automatic `/signin` redirect when OIDC is the only enabled transport | `false` | | `NEXT_PUBLIC_POSTHOG_KEY` | PostHog API key for analytics and feature flags | | | `NEXT_PUBLIC_FEATURE_BILLING_ENABLED` | Enable billing features | `false` | @@ -303,6 +309,44 @@ NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNUP="true" NEXT_PUBLIC_DISABLE_SIGNUP="true" ``` +### Sign-in Restrictions + +You can control which methods are available for users to sign in with the following environment variables: + +- **`NEXT_PUBLIC_DISABLE_SIGNIN`** (master switch): Set to `true` to block all signin methods (email/password, Google, Microsoft, OIDC). Hides every signin entry point on `/signin` and rejects email/password signin server-side with a `SIGNIN_DISABLED` error. +- **`NEXT_PUBLIC_DISABLE_EMAIL_PASSWORD_SIGNIN`**: Set to `true` to disable email/password signin only. The email/password form is hidden, the `/forgot-password` and `/reset-password` pages redirect to `/signin`, and the corresponding server endpoints reject requests. SSO signin is unaffected. +- **`NEXT_PUBLIC_DISABLE_GOOGLE_SIGNIN`**, **`NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNIN`**, **`NEXT_PUBLIC_DISABLE_OIDC_SIGNIN`**: Set to `true` to hide the matching SSO button on the signin page. Useful when an SSO provider is kept configured for account linking but not advertised as a signin entry point. + +These flags are opt-in: when none are set, signin behaviour is unchanged from a stock Documenso instance. + +```bash +# Allow only OIDC signin (e.g. enterprise SSO-only) +NEXT_PUBLIC_DISABLE_EMAIL_PASSWORD_SIGNIN="true" +NEXT_PUBLIC_DISABLE_GOOGLE_SIGNIN="true" +NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNIN="true" + +# Or disable signin entirely +NEXT_PUBLIC_DISABLE_SIGNIN="true" +``` + +### OIDC Auto-redirect + +When OIDC is the only enabled signin transport on your instance, `/signin` automatically redirects users straight to the OIDC provider instead of showing the signin form. The page renders a spinner while the redirect happens. No extra configuration is required — disabling every other signin method is enough to trigger it. + +- **`NEXT_PUBLIC_DISABLE_OIDC_AUTO_REDIRECT`**: Set to `true` to opt out of the automatic redirect and keep rendering the signin page even when OIDC is the only enabled transport. + +The redirect only triggers when OIDC is configured and email/password, Google, and Microsoft signin are all disabled. If any other transport remains enabled, the signin form is shown as normal. + +```bash +# OIDC-only signin: disabling all other methods auto-redirects to the provider +NEXT_PUBLIC_DISABLE_EMAIL_PASSWORD_SIGNIN="true" +NEXT_PUBLIC_DISABLE_GOOGLE_SIGNIN="true" +NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNIN="true" + +# Opt out of the auto-redirect while still OIDC-only +# NEXT_PUBLIC_DISABLE_OIDC_AUTO_REDIRECT="true" +``` + --- ## AI Features @@ -446,6 +490,16 @@ NEXT_PRIVATE_SIGNING_PASSPHRASE="your-certificate-password" # NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNUP="true" # NEXT_PUBLIC_DISABLE_OIDC_SIGNUP="true" # NEXT_PRIVATE_ALLOWED_SIGNUP_DOMAINS="example.com,acme.org" + +# Sign-in restrictions (optional) +# NEXT_PUBLIC_DISABLE_SIGNIN="true" +# NEXT_PUBLIC_DISABLE_EMAIL_PASSWORD_SIGNIN="true" +# NEXT_PUBLIC_DISABLE_GOOGLE_SIGNIN="true" +# NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNIN="true" +# NEXT_PUBLIC_DISABLE_OIDC_SIGNIN="true" + +# Opt out of the automatic OIDC redirect when OIDC is the only enabled transport (optional) +# NEXT_PUBLIC_DISABLE_OIDC_AUTO_REDIRECT="true" ``` --- diff --git a/apps/docs/content/docs/self-hosting/deployment/docker-compose.mdx b/apps/docs/content/docs/self-hosting/deployment/docker-compose.mdx index b3590a7f2..84e228115 100644 --- a/apps/docs/content/docs/self-hosting/deployment/docker-compose.mdx +++ b/apps/docs/content/docs/self-hosting/deployment/docker-compose.mdx @@ -163,6 +163,19 @@ NEXT_PUBLIC_DISABLE_SIGNUP=false # NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNUP=true # NEXT_PUBLIC_DISABLE_OIDC_SIGNUP=true # NEXT_PRIVATE_ALLOWED_SIGNUP_DOMAINS=example.com,acme.org + +# Signin restrictions (optional) +# Master switch — disables every signin method +# NEXT_PUBLIC_DISABLE_SIGNIN=true +# Per-method switches (optional). Each disables that signin path. +# NEXT_PUBLIC_DISABLE_EMAIL_PASSWORD_SIGNIN=true +# NEXT_PUBLIC_DISABLE_GOOGLE_SIGNIN=true +# NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNIN=true +# NEXT_PUBLIC_DISABLE_OIDC_SIGNIN=true + +# When OIDC is the only enabled transport, /signin auto-redirects to the provider. +# Set this to opt out and keep showing the signin page (optional). +# NEXT_PUBLIC_DISABLE_OIDC_AUTO_REDIRECT=true ``` Generate secure secrets using: `openssl rand -base64 32` diff --git a/apps/docs/content/docs/self-hosting/deployment/docker.mdx b/apps/docs/content/docs/self-hosting/deployment/docker.mdx index 7d6d4b9cd..68508e767 100644 --- a/apps/docs/content/docs/self-hosting/deployment/docker.mdx +++ b/apps/docs/content/docs/self-hosting/deployment/docker.mdx @@ -112,6 +112,12 @@ See [Email Configuration](/docs/self-hosting/configuration/email) for other tran | `NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNUP` | Block new accounts via Microsoft OAuth | `false` | | `NEXT_PUBLIC_DISABLE_OIDC_SIGNUP` | Block new accounts via OIDC (incl. organisation portal) | `false` | | `NEXT_PRIVATE_ALLOWED_SIGNUP_DOMAINS` | Comma-separated list of allowed signup email domains | | +| `NEXT_PUBLIC_DISABLE_SIGNIN` | Master switch — disable all signin methods | `false` | +| `NEXT_PUBLIC_DISABLE_EMAIL_PASSWORD_SIGNIN` | Disable email/password signin only | `false` | +| `NEXT_PUBLIC_DISABLE_GOOGLE_SIGNIN` | Hide the Google signin button | `false` | +| `NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNIN` | Hide the Microsoft signin button | `false` | +| `NEXT_PUBLIC_DISABLE_OIDC_SIGNIN` | Hide the OIDC signin button | `false` | +| `NEXT_PUBLIC_DISABLE_OIDC_AUTO_REDIRECT` | Disable auto-redirect to OIDC when it is the only transport | `false` | For the complete list, see [Environment Variables](/docs/self-hosting/configuration/environment). diff --git a/apps/docs/content/docs/self-hosting/deployment/railway.mdx b/apps/docs/content/docs/self-hosting/deployment/railway.mdx index 81392a37d..501edca1c 100644 --- a/apps/docs/content/docs/self-hosting/deployment/railway.mdx +++ b/apps/docs/content/docs/self-hosting/deployment/railway.mdx @@ -159,6 +159,12 @@ NEXT_PRIVATE_SMTP_FROM_ADDRESS=noreply@yourdomain.com | `NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNUP`| Block new accounts via Microsoft OAuth | `false` | | `NEXT_PUBLIC_DISABLE_OIDC_SIGNUP` | Block new accounts via OIDC (incl. organisation portal)| `false` | | `NEXT_PRIVATE_ALLOWED_SIGNUP_DOMAINS` | Comma-separated list of allowed signup email domains | | +| `NEXT_PUBLIC_DISABLE_SIGNIN` | Master switch — disable all signin methods | `false` | +| `NEXT_PUBLIC_DISABLE_EMAIL_PASSWORD_SIGNIN` | Disable email/password signin only | `false` | +| `NEXT_PUBLIC_DISABLE_GOOGLE_SIGNIN` | Hide the Google signin button | `false` | +| `NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNIN`| Hide the Microsoft signin button | `false` | +| `NEXT_PUBLIC_DISABLE_OIDC_SIGNIN` | Hide the OIDC signin button | `false` | +| `NEXT_PUBLIC_DISABLE_OIDC_AUTO_REDIRECT` | Disable auto-redirect to OIDC when it is the only transport | `false` | | `NEXT_PRIVATE_SIGNING_PASSPHRASE` | Passphrase for signing certificate | - | | `DOCUMENSO_DISABLE_TELEMETRY` | Disable anonymous telemetry | `false` | diff --git a/apps/remix/app/components/forms/signin.tsx b/apps/remix/app/components/forms/signin.tsx index 09e72d7b2..16b9943ca 100644 --- a/apps/remix/app/components/forms/signin.tsx +++ b/apps/remix/app/components/forms/signin.tsx @@ -58,6 +58,7 @@ export type TSignInFormSchema = z.infer; export type SignInFormProps = { className?: string; initialEmail?: string; + isEmailPasswordSigninEnabled?: boolean; isGoogleSSOEnabled?: boolean; isMicrosoftSSOEnabled?: boolean; isOIDCSSOEnabled?: boolean; @@ -68,6 +69,7 @@ export type SignInFormProps = { export const SignInForm = ({ className, initialEmail, + isEmailPasswordSigninEnabled = true, isGoogleSSOEnabled, isMicrosoftSSOEnabled, isOIDCSSOEnabled, @@ -324,66 +326,78 @@ export const SignInForm = ({
- ( - - - Email - + {isEmailPasswordSigninEnabled && ( + <> + ( + + + Email + - - - + + + - - - )} - /> + + + )} + /> - ( - - - Password - + ( + + + Password + - - - + + + - + -

- - Forgot your password? - -

-
- )} - /> +

+ + Forgot your password? + +

+
+ )} + /> - {turnstileSiteKey && !isTwoFactorAuthenticationDialogOpen && ( - + {turnstileSiteKey && !isTwoFactorAuthenticationDialogOpen && ( + + )} + + + )} - - {!isEmbeddedRedirect && ( <> - {hasSocialAuthEnabled && ( + {isEmailPasswordSigninEnabled && hasSocialAuthEnabled && (
diff --git a/apps/remix/app/routes/_unauthenticated+/forgot-password.tsx b/apps/remix/app/routes/_unauthenticated+/forgot-password.tsx index 68d721c83..c47d0c256 100644 --- a/apps/remix/app/routes/_unauthenticated+/forgot-password.tsx +++ b/apps/remix/app/routes/_unauthenticated+/forgot-password.tsx @@ -1,6 +1,7 @@ +import { isSigninEnabledForProvider } from '@documenso/lib/constants/auth'; import { msg } from '@lingui/core/macro'; import { Trans } from '@lingui/react/macro'; -import { Link } from 'react-router'; +import { Link, redirect } from 'react-router'; import { ForgotPasswordForm } from '~/components/forms/forgot-password'; import { appMetaTags } from '~/utils/meta'; @@ -9,6 +10,14 @@ export function meta() { return appMetaTags(msg`Forgot Password`); } +export async function loader() { + if (!isSigninEnabledForProvider('email')) { + throw redirect('/signin'); + } + + return null; +} + export default function ForgotPasswordPage() { return (
diff --git a/apps/remix/app/routes/_unauthenticated+/reset-password.$token.tsx b/apps/remix/app/routes/_unauthenticated+/reset-password.$token.tsx index 279b68426..0d9ebfe8b 100644 --- a/apps/remix/app/routes/_unauthenticated+/reset-password.$token.tsx +++ b/apps/remix/app/routes/_unauthenticated+/reset-password.$token.tsx @@ -1,3 +1,4 @@ +import { isSigninEnabledForProvider } from '@documenso/lib/constants/auth'; import { getResetTokenValidity } from '@documenso/lib/server-only/user/get-reset-token-validity'; import { msg } from '@lingui/core/macro'; import { Trans } from '@lingui/react/macro'; @@ -13,6 +14,10 @@ export function meta() { } export async function loader({ params }: Route.LoaderArgs) { + if (!isSigninEnabledForProvider('email')) { + throw redirect('/signin'); + } + const { token } = params; const isValid = await getResetTokenValidity({ token }); diff --git a/apps/remix/app/routes/_unauthenticated+/reset-password._index.tsx b/apps/remix/app/routes/_unauthenticated+/reset-password._index.tsx index 6e25d11d7..83ed01042 100644 --- a/apps/remix/app/routes/_unauthenticated+/reset-password._index.tsx +++ b/apps/remix/app/routes/_unauthenticated+/reset-password._index.tsx @@ -1,7 +1,8 @@ +import { isSigninEnabledForProvider } from '@documenso/lib/constants/auth'; import { Button } from '@documenso/ui/primitives/button'; import { msg } from '@lingui/core/macro'; import { Trans } from '@lingui/react/macro'; -import { Link } from 'react-router'; +import { Link, redirect } from 'react-router'; import { appMetaTags } from '~/utils/meta'; @@ -9,6 +10,14 @@ export function meta() { return appMetaTags(msg`Reset Password`); } +export async function loader() { + if (!isSigninEnabledForProvider('email')) { + throw redirect('/signin'); + } + + return null; +} + export default function ResetPasswordPage() { return (
diff --git a/apps/remix/app/routes/_unauthenticated+/signin.tsx b/apps/remix/app/routes/_unauthenticated+/signin.tsx index 5ea5a5398..4f9920fc3 100644 --- a/apps/remix/app/routes/_unauthenticated+/signin.tsx +++ b/apps/remix/app/routes/_unauthenticated+/signin.tsx @@ -1,8 +1,11 @@ +import { authClient } from '@documenso/auth/client'; import { getOptionalSession } from '@documenso/auth/server/lib/utils/get-session'; import { IS_GOOGLE_SSO_ENABLED, IS_MICROSOFT_SSO_ENABLED, + IS_OIDC_AUTO_REDIRECT_DISABLED, IS_OIDC_SSO_ENABLED, + isSigninEnabledForProvider, isSignupEnabledForProvider, OIDC_PROVIDER_LABEL, } from '@documenso/lib/constants/auth'; @@ -11,6 +14,7 @@ import { Alert, AlertDescription } from '@documenso/ui/primitives/alert'; import { msg } from '@lingui/core/macro'; import { useLingui } from '@lingui/react'; import { Trans } from '@lingui/react/macro'; +import { Loader2Icon } from 'lucide-react'; import { useEffect, useState } from 'react'; import { Link, redirect, useSearchParams } from 'react-router'; @@ -28,10 +32,20 @@ export async function loader({ request }: Route.LoaderArgs) { const { isAuthenticated } = await getOptionalSession(request); // SSR env variables. - const isGoogleSSOEnabled = IS_GOOGLE_SSO_ENABLED; - const isMicrosoftSSOEnabled = IS_MICROSOFT_SSO_ENABLED; - const isOIDCSSOEnabled = IS_OIDC_SSO_ENABLED; + const isEmailPasswordSigninEnabled = isSigninEnabledForProvider('email'); + const isGoogleSSOEnabled = IS_GOOGLE_SSO_ENABLED && isSigninEnabledForProvider('google'); + const isMicrosoftSSOEnabled = IS_MICROSOFT_SSO_ENABLED && isSigninEnabledForProvider('microsoft'); + const isOIDCSSOEnabled = IS_OIDC_SSO_ENABLED && isSigninEnabledForProvider('oidc'); + + // Automatically redirect to OIDC when it is the only enabled signin transport, + // unless the redirect has been explicitly disabled via env. + const isOIDCOnlyTransport = + isOIDCSSOEnabled && !isEmailPasswordSigninEnabled && !isGoogleSSOEnabled && !isMicrosoftSSOEnabled; + + const shouldAutoRedirectToOIDC = isOIDCOnlyTransport && !IS_OIDC_AUTO_REDIRECT_DISABLED; + const oidcProviderLabel = OIDC_PROVIDER_LABEL; + const isSignupEnabled = isSignupEnabledForProvider('email') || (IS_GOOGLE_SSO_ENABLED && isSignupEnabledForProvider('google')) || @@ -47,18 +61,28 @@ export async function loader({ request }: Route.LoaderArgs) { } return { + isEmailPasswordSigninEnabled, isGoogleSSOEnabled, isMicrosoftSSOEnabled, isOIDCSSOEnabled, isSignupEnabled, oidcProviderLabel, returnTo, + shouldAutoRedirectToOIDC, }; } export default function SignIn({ loaderData }: Route.ComponentProps) { - const { isGoogleSSOEnabled, isMicrosoftSSOEnabled, isOIDCSSOEnabled, isSignupEnabled, oidcProviderLabel, returnTo } = - loaderData; + const { + isEmailPasswordSigninEnabled, + isGoogleSSOEnabled, + isMicrosoftSSOEnabled, + isOIDCSSOEnabled, + isSignupEnabled, + oidcProviderLabel, + returnTo, + shouldAutoRedirectToOIDC, + } = loaderData; const { _ } = useLingui(); @@ -76,6 +100,27 @@ export default function SignIn({ loaderData }: Route.ComponentProps) { setIsEmbeddedRedirect(params.get('embedded') === 'true'); }, []); + useEffect(() => { + if (!shouldAutoRedirectToOIDC) { + return; + } + + void authClient.oidc.signIn({ redirectPath: returnTo ?? '/' }); + }, [shouldAutoRedirectToOIDC, returnTo]); + + if (shouldAutoRedirectToOIDC) { + return ( +
+
+ +

+ Redirecting to {oidcProviderLabel || 'OIDC'}... +

+
+
+ ); + } + return (
@@ -95,6 +140,7 @@ export default function SignIn({ loaderData }: Route.ComponentProps) {
() .post('/authorize', sValidator('json', ZSignInSchema), async (c) => { const requestMetadata = c.get('requestMetadata'); + if (!isSigninEnabledForProvider('email')) { + throw new AppError(AuthenticationErrorCode.SigninDisabled, { + statusCode: 400, + }); + } + const { email, password, totpCode, backupCode, csrfToken, captchaToken } = c.req.valid('json'); const loginLimitResult = await loginRateLimit.check({ @@ -244,6 +251,12 @@ export const emailPasswordRoute = new Hono() const { password, currentPassword } = c.req.valid('json'); const requestMetadata = c.get('requestMetadata'); + if (!isSigninEnabledForProvider('email')) { + throw new AppError(AuthenticationErrorCode.SigninDisabled, { + statusCode: 400, + }); + } + const { session, user } = await getSession(c); await updatePassword({ @@ -346,6 +359,12 @@ export const emailPasswordRoute = new Hono() .post('/forgot-password', sValidator('json', ZForgotPasswordSchema), async (c) => { const requestMetadata = c.get('requestMetadata'); + if (!isSigninEnabledForProvider('email')) { + throw new AppError(AuthenticationErrorCode.SigninDisabled, { + statusCode: 400, + }); + } + const { email } = c.req.valid('json'); const forgotLimitResult = await forgotPasswordRateLimit.check({ @@ -377,6 +396,12 @@ export const emailPasswordRoute = new Hono() .post('/reset-password', sValidator('json', ZResetPasswordSchema), async (c) => { const requestMetadata = c.get('requestMetadata'); + if (!isSigninEnabledForProvider('email')) { + throw new AppError(AuthenticationErrorCode.SigninDisabled, { + statusCode: 400, + }); + } + const { token, password } = c.req.valid('json'); const resetLimitResult = await resetPasswordRateLimit.check({ diff --git a/packages/lib/constants/auth.ts b/packages/lib/constants/auth.ts index 4768540d4..c4c8727ed 100644 --- a/packages/lib/constants/auth.ts +++ b/packages/lib/constants/auth.ts @@ -41,6 +41,14 @@ export const IS_OIDC_SSO_ENABLED = Boolean( export const OIDC_PROVIDER_LABEL = env('NEXT_PRIVATE_OIDC_PROVIDER_LABEL'); +/** + * Opt-out flag for the automatic OIDC redirect. + * + * When OIDC is the only enabled signin transport we redirect to the provider + * automatically. Set this to "true" to keep rendering the signin page instead. + */ +export const IS_OIDC_AUTO_REDIRECT_DISABLED = env('NEXT_PUBLIC_DISABLE_OIDC_AUTO_REDIRECT') === 'true'; + export const USER_SECURITY_AUDIT_LOG_MAP: Record = { ACCOUNT_SSO_LINK: 'Linked account to SSO', ACCOUNT_SSO_UNLINK: 'Unlinked account from SSO', @@ -188,3 +196,22 @@ export const isSignupEnabledForProvider = (provider: 'email' | 'google' | 'micro return env(flagMap[provider]) !== 'true'; }; + +/** + * Check if signin is enabled for the given provider. + * The master switch takes precedence over the per-provider flags. + */ +export const isSigninEnabledForProvider = (provider: 'email' | 'google' | 'microsoft' | 'oidc'): boolean => { + if (env('NEXT_PUBLIC_DISABLE_SIGNIN') === 'true') { + return false; + } + + const flagMap = { + email: 'NEXT_PUBLIC_DISABLE_EMAIL_PASSWORD_SIGNIN', + google: 'NEXT_PUBLIC_DISABLE_GOOGLE_SIGNIN', + microsoft: 'NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNIN', + oidc: 'NEXT_PUBLIC_DISABLE_OIDC_SIGNIN', + } as const; + + return env(flagMap[provider]) !== 'true'; +}; diff --git a/packages/lib/translations/de/web.po b/packages/lib/translations/de/web.po index f1f748764..6ec6e94f1 100644 --- a/packages/lib/translations/de/web.po +++ b/packages/lib/translations/de/web.po @@ -8917,6 +8917,11 @@ msgstr "Weiterleitungs-URL" msgid "Redirecting" msgstr "Weiterleitung" +#. placeholder {0}: oidcProviderLabel || 'OIDC' +#: apps/remix/app/routes/_unauthenticated+/signin.tsx +msgid "Redirecting to {0}..." +msgstr "" + #: apps/remix/app/components/forms/signup.tsx #: apps/remix/app/components/general/claim-account.tsx msgid "Registration Successful" diff --git a/packages/lib/translations/en/web.po b/packages/lib/translations/en/web.po index 454a46e1e..07cf034bc 100644 --- a/packages/lib/translations/en/web.po +++ b/packages/lib/translations/en/web.po @@ -8908,6 +8908,11 @@ msgstr "Redirect URL" msgid "Redirecting" msgstr "Redirecting" +#. placeholder {0}: oidcProviderLabel || 'OIDC' +#: apps/remix/app/routes/_unauthenticated+/signin.tsx +msgid "Redirecting to {0}..." +msgstr "Redirecting to {0}..." + #: apps/remix/app/components/forms/signup.tsx #: apps/remix/app/components/general/claim-account.tsx msgid "Registration Successful" diff --git a/packages/lib/translations/es/web.po b/packages/lib/translations/es/web.po index 4eef75f10..2d44ea007 100644 --- a/packages/lib/translations/es/web.po +++ b/packages/lib/translations/es/web.po @@ -8917,6 +8917,11 @@ msgstr "URL de redirección" msgid "Redirecting" msgstr "Redireccionando" +#. placeholder {0}: oidcProviderLabel || 'OIDC' +#: apps/remix/app/routes/_unauthenticated+/signin.tsx +msgid "Redirecting to {0}..." +msgstr "" + #: apps/remix/app/components/forms/signup.tsx #: apps/remix/app/components/general/claim-account.tsx msgid "Registration Successful" diff --git a/packages/lib/translations/fr/web.po b/packages/lib/translations/fr/web.po index 181b21a64..fb2b175d2 100644 --- a/packages/lib/translations/fr/web.po +++ b/packages/lib/translations/fr/web.po @@ -8917,6 +8917,11 @@ msgstr "URL de redirection" msgid "Redirecting" msgstr "Redirection" +#. placeholder {0}: oidcProviderLabel || 'OIDC' +#: apps/remix/app/routes/_unauthenticated+/signin.tsx +msgid "Redirecting to {0}..." +msgstr "" + #: apps/remix/app/components/forms/signup.tsx #: apps/remix/app/components/general/claim-account.tsx msgid "Registration Successful" diff --git a/packages/lib/translations/it/web.po b/packages/lib/translations/it/web.po index d59511b72..1fd209ef4 100644 --- a/packages/lib/translations/it/web.po +++ b/packages/lib/translations/it/web.po @@ -8917,6 +8917,11 @@ msgstr "URL di reindirizzamento" msgid "Redirecting" msgstr "Reindirizzamento" +#. placeholder {0}: oidcProviderLabel || 'OIDC' +#: apps/remix/app/routes/_unauthenticated+/signin.tsx +msgid "Redirecting to {0}..." +msgstr "" + #: apps/remix/app/components/forms/signup.tsx #: apps/remix/app/components/general/claim-account.tsx msgid "Registration Successful" diff --git a/packages/lib/translations/ja/web.po b/packages/lib/translations/ja/web.po index 2c710627f..f2fc95818 100644 --- a/packages/lib/translations/ja/web.po +++ b/packages/lib/translations/ja/web.po @@ -8917,6 +8917,11 @@ msgstr "リダイレクト URL" msgid "Redirecting" msgstr "リダイレクト中" +#. placeholder {0}: oidcProviderLabel || 'OIDC' +#: apps/remix/app/routes/_unauthenticated+/signin.tsx +msgid "Redirecting to {0}..." +msgstr "" + #: apps/remix/app/components/forms/signup.tsx #: apps/remix/app/components/general/claim-account.tsx msgid "Registration Successful" diff --git a/packages/lib/translations/ko/web.po b/packages/lib/translations/ko/web.po index 802fe31f9..743a6ef9a 100644 --- a/packages/lib/translations/ko/web.po +++ b/packages/lib/translations/ko/web.po @@ -8917,6 +8917,11 @@ msgstr "리디렉션 URL" msgid "Redirecting" msgstr "리디렉션 중" +#. placeholder {0}: oidcProviderLabel || 'OIDC' +#: apps/remix/app/routes/_unauthenticated+/signin.tsx +msgid "Redirecting to {0}..." +msgstr "" + #: apps/remix/app/components/forms/signup.tsx #: apps/remix/app/components/general/claim-account.tsx msgid "Registration Successful" diff --git a/packages/lib/translations/nl/web.po b/packages/lib/translations/nl/web.po index 49953db32..4c8da7804 100644 --- a/packages/lib/translations/nl/web.po +++ b/packages/lib/translations/nl/web.po @@ -8917,6 +8917,11 @@ msgstr "Redirect-URL" msgid "Redirecting" msgstr "Doorsturen" +#. placeholder {0}: oidcProviderLabel || 'OIDC' +#: apps/remix/app/routes/_unauthenticated+/signin.tsx +msgid "Redirecting to {0}..." +msgstr "" + #: apps/remix/app/components/forms/signup.tsx #: apps/remix/app/components/general/claim-account.tsx msgid "Registration Successful" diff --git a/packages/lib/translations/pl/web.po b/packages/lib/translations/pl/web.po index 010ea2157..de84f4a84 100644 --- a/packages/lib/translations/pl/web.po +++ b/packages/lib/translations/pl/web.po @@ -8918,6 +8918,11 @@ msgstr "Adres URL przekierowania" msgid "Redirecting" msgstr "Przekierowywanie" +#. placeholder {0}: oidcProviderLabel || 'OIDC' +#: apps/remix/app/routes/_unauthenticated+/signin.tsx +msgid "Redirecting to {0}..." +msgstr "" + #: apps/remix/app/components/forms/signup.tsx #: apps/remix/app/components/general/claim-account.tsx msgid "Registration Successful" diff --git a/packages/lib/translations/pt-BR/web.po b/packages/lib/translations/pt-BR/web.po index 85490df57..027ae4255 100644 --- a/packages/lib/translations/pt-BR/web.po +++ b/packages/lib/translations/pt-BR/web.po @@ -8908,6 +8908,11 @@ msgstr "URL de Redirecionamento" msgid "Redirecting" msgstr "Redirecionando" +#. placeholder {0}: oidcProviderLabel || 'OIDC' +#: apps/remix/app/routes/_unauthenticated+/signin.tsx +msgid "Redirecting to {0}..." +msgstr "" + #: apps/remix/app/components/forms/signup.tsx #: apps/remix/app/components/general/claim-account.tsx msgid "Registration Successful" diff --git a/packages/lib/translations/zh/web.po b/packages/lib/translations/zh/web.po index e107bc848..975a3583c 100644 --- a/packages/lib/translations/zh/web.po +++ b/packages/lib/translations/zh/web.po @@ -8917,6 +8917,11 @@ msgstr "重定向 URL" msgid "Redirecting" msgstr "正在重定向" +#. placeholder {0}: oidcProviderLabel || 'OIDC' +#: apps/remix/app/routes/_unauthenticated+/signin.tsx +msgid "Redirecting to {0}..." +msgstr "" + #: apps/remix/app/components/forms/signup.tsx #: apps/remix/app/components/general/claim-account.tsx msgid "Registration Successful" diff --git a/packages/tsconfig/process-env.d.ts b/packages/tsconfig/process-env.d.ts index 6757ed47c..d02df2be0 100644 --- a/packages/tsconfig/process-env.d.ts +++ b/packages/tsconfig/process-env.d.ts @@ -93,6 +93,13 @@ declare namespace NodeJS { NEXT_PUBLIC_DISABLE_OIDC_SIGNUP?: string; NEXT_PRIVATE_ALLOWED_SIGNUP_DOMAINS?: string; + NEXT_PUBLIC_DISABLE_SIGNIN?: string; + NEXT_PUBLIC_DISABLE_EMAIL_PASSWORD_SIGNIN?: string; + NEXT_PUBLIC_DISABLE_GOOGLE_SIGNIN?: string; + NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNIN?: string; + NEXT_PUBLIC_DISABLE_OIDC_SIGNIN?: string; + NEXT_PUBLIC_DISABLE_OIDC_AUTO_REDIRECT?: string; + NEXT_PRIVATE_BROWSERLESS_URL?: string; NEXT_PRIVATE_JOBS_PROVIDER?: 'inngest' | 'local' | 'bullmq'; diff --git a/render.yaml b/render.yaml index 9a29fae4d..2b82e7f14 100644 --- a/render.yaml +++ b/render.yaml @@ -163,6 +163,18 @@ services: sync: false - key: NEXT_PUBLIC_DISABLE_OIDC_SIGNUP sync: false + - key: NEXT_PUBLIC_DISABLE_SIGNIN + sync: false + - key: NEXT_PUBLIC_DISABLE_EMAIL_PASSWORD_SIGNIN + sync: false + - key: NEXT_PUBLIC_DISABLE_GOOGLE_SIGNIN + sync: false + - key: NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNIN + sync: false + - key: NEXT_PUBLIC_DISABLE_OIDC_SIGNIN + sync: false + - key: NEXT_PUBLIC_DISABLE_OIDC_AUTO_REDIRECT + sync: false - key: NEXT_PUBLIC_USE_INTERNAL_URL_BROWSERLESS sync: false diff --git a/turbo.json b/turbo.json index c5c0db0f7..b417941fa 100644 --- a/turbo.json +++ b/turbo.json @@ -53,6 +53,12 @@ "NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNUP", "NEXT_PUBLIC_DISABLE_OIDC_SIGNUP", "NEXT_PRIVATE_ALLOWED_SIGNUP_DOMAINS", + "NEXT_PUBLIC_DISABLE_SIGNIN", + "NEXT_PUBLIC_DISABLE_EMAIL_PASSWORD_SIGNIN", + "NEXT_PUBLIC_DISABLE_GOOGLE_SIGNIN", + "NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNIN", + "NEXT_PUBLIC_DISABLE_OIDC_SIGNIN", + "NEXT_PUBLIC_DISABLE_OIDC_AUTO_REDIRECT", "NEXT_PRIVATE_PLAIN_API_KEY", "NEXT_PUBLIC_DOCUMENT_SIZE_UPLOAD_LIMIT", "NEXT_PRIVATE_DOCUMENSO_LICENSE_KEY", From 5a8335e0eb01823b560cb5644bd1db2b105195d7 Mon Sep 17 00:00:00 2001 From: Arun Kumar <147901612+Arunkoo@users.noreply.github.com> Date: Wed, 1 Jul 2026 12:49:21 +0530 Subject: [PATCH 04/10] fix: webhook payload contains stale deletedAt on document cancellation (#2980) --- packages/lib/server-only/document/delete-document.ts | 6 ++++-- packages/lib/server-only/envelope/create-envelope.ts | 2 +- packages/lib/server-only/envelope/duplicate-envelope.ts | 2 +- .../server-only/template/create-document-from-template.ts | 2 +- packages/lib/types/subscription.ts | 2 +- 5 files changed, 8 insertions(+), 6 deletions(-) diff --git a/packages/lib/server-only/document/delete-document.ts b/packages/lib/server-only/document/delete-document.ts index 0a4456d5c..8dd0b69de 100644 --- a/packages/lib/server-only/document/delete-document.ts +++ b/packages/lib/server-only/document/delete-document.ts @@ -83,15 +83,17 @@ export const deleteDocument = async ({ id, userId, teamId, requestMetadata }: De // Handle hard or soft deleting the actual document if user has permission. if (hasDeleteAccess) { - await handleDocumentOwnerDelete({ + const updatedEnvelope = await handleDocumentOwnerDelete({ envelope, user, requestMetadata, }); + const envelopeForWebhook = { ...envelope, ...(updatedEnvelope ?? {}) }; + await triggerWebhook({ event: WebhookTriggerEvents.DOCUMENT_CANCELLED, - data: ZWebhookDocumentSchema.parse(mapEnvelopeToWebhookDocumentPayload(envelope)), + data: ZWebhookDocumentSchema.parse(mapEnvelopeToWebhookDocumentPayload(envelopeForWebhook)), userId, teamId, }); diff --git a/packages/lib/server-only/envelope/create-envelope.ts b/packages/lib/server-only/envelope/create-envelope.ts index 4ca73a387..2bbb079fd 100644 --- a/packages/lib/server-only/envelope/create-envelope.ts +++ b/packages/lib/server-only/envelope/create-envelope.ts @@ -37,9 +37,9 @@ import { extractDerivedDocumentMeta } from '../../utils/document'; import { createDocumentAuthOptions, createRecipientAuthOptions } from '../../utils/document-auth'; import { buildTeamWhereQuery } from '../../utils/teams'; import { incrementDocumentId, incrementTemplateId } from '../envelope/increment-id'; +import { assertOrganisationRatesAndLimits } from '../rate-limit/assert-organisation-rates-and-limits'; import { assertCompatibleRecipientRole } from '../signature-level/assert-compatible-recipient-role'; import { resolveSignatureLevel } from '../signature-level/resolve-signature-level'; -import { assertOrganisationRatesAndLimits } from '../rate-limit/assert-organisation-rates-and-limits'; import { getTeamSettings } from '../team/get-team-settings'; import { assertUserNotDisabledById } from '../user/assert-user-not-disabled'; import { triggerWebhook } from '../webhooks/trigger/trigger-webhook'; diff --git a/packages/lib/server-only/envelope/duplicate-envelope.ts b/packages/lib/server-only/envelope/duplicate-envelope.ts index a904bb3f2..4770814f8 100644 --- a/packages/lib/server-only/envelope/duplicate-envelope.ts +++ b/packages/lib/server-only/envelope/duplicate-envelope.ts @@ -10,8 +10,8 @@ import { nanoid, prefixedId } from '../../universal/id'; import type { EnvelopeIdOptions } from '../../utils/envelope'; import { getEnvelopeWhereInput } from '../envelope/get-envelope-by-id'; import { incrementDocumentId, incrementTemplateId } from '../envelope/increment-id'; -import { resolveSignatureLevel } from '../signature-level/resolve-signature-level'; import { assertOrganisationRatesAndLimits } from '../rate-limit/assert-organisation-rates-and-limits'; +import { resolveSignatureLevel } from '../signature-level/resolve-signature-level'; import { triggerWebhook } from '../webhooks/trigger/trigger-webhook'; export interface DuplicateEnvelopeOptions { diff --git a/packages/lib/server-only/template/create-document-from-template.ts b/packages/lib/server-only/template/create-document-from-template.ts index 114a3c2ef..47158c3f0 100644 --- a/packages/lib/server-only/template/create-document-from-template.ts +++ b/packages/lib/server-only/template/create-document-from-template.ts @@ -51,8 +51,8 @@ import { buildTeamWhereQuery } from '../../utils/teams'; import { getEnvelopeWhereInput } from '../envelope/get-envelope-by-id'; import { incrementDocumentId } from '../envelope/increment-id'; import { insertFormValuesInPdf } from '../pdf/insert-form-values-in-pdf'; -import { resolveSignatureLevel } from '../signature-level/resolve-signature-level'; import { assertOrganisationRatesAndLimits } from '../rate-limit/assert-organisation-rates-and-limits'; +import { resolveSignatureLevel } from '../signature-level/resolve-signature-level'; import { getTeamSettings } from '../team/get-team-settings'; import { triggerWebhook } from '../webhooks/trigger/trigger-webhook'; import { getOrganisationTemplateWhereInput } from './get-organisation-template-by-id'; diff --git a/packages/lib/types/subscription.ts b/packages/lib/types/subscription.ts index d25028e10..ba14433fc 100644 --- a/packages/lib/types/subscription.ts +++ b/packages/lib/types/subscription.ts @@ -52,7 +52,7 @@ export const ZClaimFlagsSchema = z.object({ signingReminders: z.boolean().optional(), cscQesSigning: z.boolean().optional(), - + /** * Controls whether an organisation is prevented from sending emails. * From 393b51d4847bb0ff3b1c6f47341aa9c76770eef4 Mon Sep 17 00:00:00 2001 From: David Nguyen Date: Thu, 2 Jul 2026 14:52:28 +1000 Subject: [PATCH 05/10] fix: add sticky form update button (#3056) --- .../forms/branding-preferences-form.tsx | 100 +++++++++++---- .../forms/document-preferences-form.tsx | 26 ++-- .../forms/email-preferences-form.tsx | 27 ++-- .../components/forms/form-sticky-save-bar.tsx | 119 ++++++++++++++++++ .../forms/organisation-update-form.tsx | 39 ++---- .../app/components/forms/team-update-form.tsx | 39 ++---- .../o.$orgUrl.settings.branding.tsx | 3 + .../o.$orgUrl.settings.document.tsx | 2 + .../o.$orgUrl.settings.email.tsx | 2 + .../t.$teamUrl+/settings.branding.tsx | 3 + .../t.$teamUrl+/settings.document.tsx | 2 + .../t.$teamUrl+/settings.email.tsx | 2 + .../update-organisation-member-role.spec.ts | 2 +- .../envelope-expiration-settings.spec.ts | 12 +- .../include-document-certificate.spec.ts | 10 +- .../organisations/manage-organisation.spec.ts | 2 +- .../organisation-team-preferences.spec.ts | 16 +-- .../app-tests/e2e/teams/manage-team.spec.ts | 2 +- .../e2e/teams/team-settings-save-bar.spec.ts | 79 ++++++++++++ .../e2e/teams/team-signature-settings.spec.ts | 4 +- 20 files changed, 359 insertions(+), 132 deletions(-) create mode 100644 apps/remix/app/components/forms/form-sticky-save-bar.tsx create mode 100644 packages/app-tests/e2e/teams/team-settings-save-bar.spec.ts diff --git a/apps/remix/app/components/forms/branding-preferences-form.tsx b/apps/remix/app/components/forms/branding-preferences-form.tsx index e420fdae7..561fb5512 100644 --- a/apps/remix/app/components/forms/branding-preferences-form.tsx +++ b/apps/remix/app/components/forms/branding-preferences-form.tsx @@ -21,6 +21,8 @@ import { z } from 'zod'; import { useOptionalCurrentTeam } from '~/providers/team'; import { useCspNonce } from '~/utils/nonce'; +import { FormStickySaveBar } from './form-sticky-save-bar'; + const MAX_FILE_SIZE = 5 * 1024 * 1024; // 5MB const ACCEPTED_FILE_TYPES = ['image/jpeg', 'image/png', 'image/webp']; @@ -71,38 +73,82 @@ export function BrandingPreferencesForm({ const parsedColors = ZCssVarsSchema.safeParse(settings.brandingColors); const initialColors = parsedColors.success ? parsedColors.data : {}; + // The saved state the form maps to. Used both as the reactive `values` source and as + // the explicit target for a Reset (see handleReset). + const savedValues: TBrandingPreferencesFormSchema = { + brandingEnabled: settings.brandingEnabled ?? null, + brandingUrl: settings.brandingUrl ?? '', + brandingLogo: undefined, + brandingCompanyDetails: settings.brandingCompanyDetails ?? '', + brandingColors: initialColors, + brandingCss: settings.brandingCss ?? '', + }; + const form = useForm({ - values: { - brandingEnabled: settings.brandingEnabled ?? null, - brandingUrl: settings.brandingUrl ?? '', - brandingLogo: undefined, - brandingCompanyDetails: settings.brandingCompanyDetails ?? '', - brandingColors: initialColors, - brandingCss: settings.brandingCss ?? '', - }, + values: savedValues, resolver: zodResolver(ZBrandingPreferencesFormSchema), }); const isBrandingEnabled = form.watch('brandingEnabled'); + const getSavedLogoPreviewUrl = () => { + if (!settings.brandingLogo) { + return ''; + } + + const file = JSON.parse(settings.brandingLogo); + + if (!('type' in file) || !('data' in file)) { + return ''; + } + + const logoUrl = + context === 'Team' + ? `${NEXT_PUBLIC_WEBAPP_URL()}/api/branding/logo/team/${team?.id}` + : `${NEXT_PUBLIC_WEBAPP_URL()}/api/branding/logo/organisation/${organisation?.id}`; + + return `${logoUrl}?v=${Date.now()}`; + }; + useEffect(() => { - if (settings.brandingLogo) { - const file = JSON.parse(settings.brandingLogo); + const savedLogoPreviewUrl = getSavedLogoPreviewUrl(); - if ('type' in file && 'data' in file) { - const logoUrl = - context === 'Team' - ? `${NEXT_PUBLIC_WEBAPP_URL()}/api/branding/logo/team/${team?.id}` - : `${NEXT_PUBLIC_WEBAPP_URL()}/api/branding/logo/organisation/${organisation?.id}`; - - setPreviewUrl(logoUrl + '?v=' + Date.now()); - setHasLoadedPreview(true); - } + if (savedLogoPreviewUrl) { + setPreviewUrl(savedLogoPreviewUrl); } setHasLoadedPreview(true); }, [settings.brandingLogo]); + // Reset the form to the saved values. The form is driven by the `values` prop (no + // `defaultValues`), so `reset()` with no argument doesn't re-baseline the dirty check; + // passing the saved values clears the per-field dirty tracking (dirtyFields). + const handleReset = () => { + setPreviewUrl(getSavedLogoPreviewUrl()); + form.reset(savedValues); + }; + + // `formState.isDirty` is unreliable for a `values`-driven form: after a reset (or a + // save + refetch) it can stay true even though every field already matches its saved + // value and `dirtyFields` is empty. Derive the flag from `dirtyFields` instead so the + // sticky save bar reliably disappears. + const hasUnsavedChanges = Object.keys(form.formState.dirtyFields).length > 0; + + // Re-baseline the form to the just-saved state after a successful submit. The `values` + // prop re-syncs most fields once the route refetches, but write-only fields (the logo + // is a File that isn't reflected back into `values`) would otherwise stay dirty and + // keep the save bar visible. Relies on the page handler rethrowing on error so we only + // re-baseline on success. + const handleFormSubmit = form.handleSubmit(async (data) => { + try { + await onFormSubmit(data); + } catch { + return; + } + + form.reset(form.getValues()); + }); + // Cleanup ObjectURL on unmount or when previewUrl changes useEffect(() => { return () => { @@ -114,7 +160,7 @@ export function BrandingPreferencesForm({ return ( - +
- {!isBrandingEnabled &&
} + {!isBrandingEnabled &&
} - {!isBrandingEnabled &&
} + {!isBrandingEnabled &&
}
@@ -538,11 +584,11 @@ export function BrandingPreferencesForm({
)} -
- -
+
diff --git a/apps/remix/app/components/forms/document-preferences-form.tsx b/apps/remix/app/components/forms/document-preferences-form.tsx index ee552d043..f1a0b6d8a 100644 --- a/apps/remix/app/components/forms/document-preferences-form.tsx +++ b/apps/remix/app/components/forms/document-preferences-form.tsx @@ -21,7 +21,6 @@ import { ReminderSettingsPicker } from '@documenso/ui/components/document/remind import { RecipientRoleSelect } from '@documenso/ui/components/recipient/recipient-role-select'; import { Alert } from '@documenso/ui/primitives/alert'; import { AvatarWithText } from '@documenso/ui/primitives/avatar'; -import { Button } from '@documenso/ui/primitives/button'; import { Combobox } from '@documenso/ui/primitives/combobox'; import { Form, @@ -46,6 +45,7 @@ import { z } from 'zod'; import { useOptionalCurrentTeam } from '~/providers/team'; import { DefaultRecipientsMultiSelectCombobox } from '../general/default-recipients-multiselect-combobox'; +import { FormStickySaveBar } from './form-sticky-save-bar'; /** * Can't infer this from the schema since we need to keep the schema inside the component to allow @@ -147,9 +147,21 @@ export const DocumentPreferencesForm = ({ resolver: zodResolver(ZDocumentPreferencesFormSchema), }); + const handleFormSubmit = form.handleSubmit(async (data) => { + try { + await onFormSubmit(data); + } catch { + // The page handler surfaces its own error toast. Keep the form dirty so + // the save bar stays visible and the user can retry. + return; + } + + form.reset(data); + }); + return (
- +
{!isPersonalLayoutMode && ( )} -
- -
+ form.reset()} + />
diff --git a/apps/remix/app/components/forms/email-preferences-form.tsx b/apps/remix/app/components/forms/email-preferences-form.tsx index 4ab981d93..818868005 100644 --- a/apps/remix/app/components/forms/email-preferences-form.tsx +++ b/apps/remix/app/components/forms/email-preferences-form.tsx @@ -4,7 +4,6 @@ import { DEFAULT_DOCUMENT_EMAIL_SETTINGS, ZDocumentEmailSettingsSchema } from '@ import { zEmail } from '@documenso/lib/utils/zod'; import { trpc } from '@documenso/trpc/react'; import { DocumentEmailCheckboxes } from '@documenso/ui/components/document/document-email-checkboxes'; -import { Button } from '@documenso/ui/primitives/button'; import { Form, FormControl, @@ -22,6 +21,8 @@ import type { TeamGlobalSettings } from '@prisma/client'; import { useForm } from 'react-hook-form'; import { z } from 'zod'; +import { FormStickySaveBar } from './form-sticky-save-bar'; + const ZEmailPreferencesFormSchema = z.object({ emailId: z.string().nullable(), emailReplyTo: zEmail().nullable(), @@ -59,9 +60,21 @@ export const EmailPreferencesForm = ({ settings, onFormSubmit, canInherit }: Ema const emails = emailData?.data || []; + const handleFormSubmit = form.handleSubmit(async (data) => { + try { + await onFormSubmit(data); + } catch { + // The page handler surfaces its own error toast. Keep the form dirty so + // the save bar stays visible and the user can retry. + return; + } + + form.reset(data); + }); + return (
- +
{organisation.organisationClaim.flags.emailDomains && ( -
- -
+ form.reset()} + />
diff --git a/apps/remix/app/components/forms/form-sticky-save-bar.tsx b/apps/remix/app/components/forms/form-sticky-save-bar.tsx new file mode 100644 index 000000000..1d37f9482 --- /dev/null +++ b/apps/remix/app/components/forms/form-sticky-save-bar.tsx @@ -0,0 +1,119 @@ +import { cn } from '@documenso/ui/lib/utils'; +import { Button } from '@documenso/ui/primitives/button'; +import { Trans, useLingui } from '@lingui/react/macro'; +import { AnimatePresence, motion } from 'framer-motion'; +import { AlertTriangleIcon } from 'lucide-react'; +import { useEffect, useRef, useState } from 'react'; + +export type FormStickySaveBarProps = { + isDirty: boolean; + isSubmitting: boolean; + onReset: () => void; +}; + +/** + * A single `position: sticky` bar rendered at the bottom of the form. + * + * - When the form's end is on screen it settles into place as a plain footer (just the + * Reset / Save buttons). + * - When the form's end is scrolled off, it sticks to the bottom of the viewport and + * shows the "unsaved changes" pill chrome. + * + * Because it's the same element in the form's flow, it auto-aligns to the form and the + * float <-> dock hand-off is a native, scroll-linked transition (no measurement, no + * shared-layout morph). A 1px sentinel below it detects the stuck state so we can toggle + * the pill chrome. + */ +export const FormStickySaveBar = ({ isDirty, isSubmitting, onReset }: FormStickySaveBarProps) => { + const { t } = useLingui(); + + const sentinelRef = useRef(null); + const [isStuck, setIsStuck] = useState(false); + + useEffect(() => { + const sentinel = sentinelRef.current; + + if (!sentinel) { + return; + } + + // The sentinel sits at the bar's resting position (the end of the form). While the + // bar is stuck to the bottom of the viewport the sentinel is scrolled past (out of + // view); once you reach the form's end it comes into view and the bar settles. + const observer = new IntersectionObserver( + ([entry]) => { + setIsStuck(!entry.isIntersecting); + }, + { + root: null, + rootMargin: '0px 0px -24px 0px', + threshold: 0, + }, + ); + + observer.observe(sentinel); + + return () => { + observer.disconnect(); + }; + }, []); + + // Show the floating pill chrome only when there are unsaved changes AND the form's + // end is off screen. + const isFloating = isDirty && isStuck; + + return ( + <> +
+ + {isFloating && ( + + + + You have unsaved changes + + + )} + + +
+ {isDirty && ( + + )} + + +
+
+ + {/* Sentinel: detects when the sticky bar is floating (stuck) vs settled (docked). */} +
+ + ); +}; diff --git a/apps/remix/app/components/forms/organisation-update-form.tsx b/apps/remix/app/components/forms/organisation-update-form.tsx index 7ac15b1c7..5d4c2c88f 100644 --- a/apps/remix/app/components/forms/organisation-update-form.tsx +++ b/apps/remix/app/components/forms/organisation-update-form.tsx @@ -4,7 +4,6 @@ import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app'; import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error'; import { trpc } from '@documenso/trpc/react'; import { ZUpdateOrganisationRequestSchema } from '@documenso/trpc/server/organisation-router/update-organisation.types'; -import { Button } from '@documenso/ui/primitives/button'; import { Form, FormControl, FormField, FormItem, FormLabel, FormMessage } from '@documenso/ui/primitives/form/form'; import { Input } from '@documenso/ui/primitives/input'; import { useToast } from '@documenso/ui/primitives/use-toast'; @@ -12,11 +11,12 @@ import { zodResolver } from '@hookform/resolvers/zod'; import { msg } from '@lingui/core/macro'; import { useLingui } from '@lingui/react'; import { Trans } from '@lingui/react/macro'; -import { AnimatePresence, motion } from 'framer-motion'; import { useForm } from 'react-hook-form'; import { useNavigate } from 'react-router'; import type { z } from 'zod'; +import { FormStickySaveBar } from './form-sticky-save-bar'; + const ZOrganisationUpdateFormSchema = ZUpdateOrganisationRequestSchema.shape.data.pick({ name: true, url: true, @@ -137,36 +137,11 @@ export const OrganisationUpdateForm = () => { )} /> -
- - {form.formState.isDirty && ( - - - - )} - - - -
+ form.reset()} + />
diff --git a/apps/remix/app/components/forms/team-update-form.tsx b/apps/remix/app/components/forms/team-update-form.tsx index fdf569f95..8dddaee2b 100644 --- a/apps/remix/app/components/forms/team-update-form.tsx +++ b/apps/remix/app/components/forms/team-update-form.tsx @@ -2,7 +2,6 @@ import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app'; import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error'; import { trpc } from '@documenso/trpc/react'; import { ZUpdateTeamRequestSchema } from '@documenso/trpc/server/team-router/update-team.types'; -import { Button } from '@documenso/ui/primitives/button'; import { Form, FormControl, FormField, FormItem, FormLabel, FormMessage } from '@documenso/ui/primitives/form/form'; import { Input } from '@documenso/ui/primitives/input'; import { useToast } from '@documenso/ui/primitives/use-toast'; @@ -10,11 +9,12 @@ import { zodResolver } from '@hookform/resolvers/zod'; import { msg } from '@lingui/core/macro'; import { useLingui } from '@lingui/react'; import { Trans } from '@lingui/react/macro'; -import { AnimatePresence, motion } from 'framer-motion'; import { useForm } from 'react-hook-form'; import { useNavigate } from 'react-router'; import type { z } from 'zod'; +import { FormStickySaveBar } from './form-sticky-save-bar'; + export type UpdateTeamDialogProps = { teamId: number; teamName: string; @@ -135,36 +135,11 @@ export const TeamUpdateForm = ({ teamId, teamName, teamUrl }: UpdateTeamDialogPr )} /> -
- - {form.formState.isDirty && ( - - - - )} - - - -
+ form.reset()} + /> diff --git a/apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx b/apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx index 9243b9d4c..707c4ad96 100644 --- a/apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx +++ b/apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx @@ -104,6 +104,9 @@ export default function OrganisationSettingsBrandingPage() { description: t`We were unable to update your branding preferences at this time, please try again later`, variant: 'destructive', }); + + // Rethrow so the form knows the save failed and keeps the unsaved changes. + throw err; } }; diff --git a/apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.document.tsx b/apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.document.tsx index de9786aed..9d73e00bc 100644 --- a/apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.document.tsx +++ b/apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.document.tsx @@ -105,6 +105,8 @@ export default function OrganisationSettingsDocumentPage() { description: t`We were unable to update your document preferences at this time, please try again later`, variant: 'destructive', }); + + throw err; } }; diff --git a/apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email.tsx b/apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email.tsx index 16144b1a5..0db136f7b 100644 --- a/apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email.tsx +++ b/apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email.tsx @@ -49,6 +49,8 @@ export default function OrganisationSettingsGeneral() { description: t`We were unable to update your email preferences at this time, please try again later`, variant: 'destructive', }); + + throw err; } }; diff --git a/apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx b/apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx index b674dc460..0401d4da2 100644 --- a/apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx +++ b/apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx @@ -99,6 +99,9 @@ export default function TeamsSettingsPage() { description: t`We were unable to update your branding preferences at this time, please try again later`, variant: 'destructive', }); + + // Rethrow so the form knows the save failed and keeps the unsaved changes. + throw err; } }; diff --git a/apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.document.tsx b/apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.document.tsx index b42f8a66e..fd734847f 100644 --- a/apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.document.tsx +++ b/apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.document.tsx @@ -96,6 +96,8 @@ export default function TeamsSettingsPage() { description: t`We were unable to update your document preferences at this time, please try again later`, variant: 'destructive', }); + + throw err; } }; diff --git a/apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.email.tsx b/apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.email.tsx index e624c57e2..8b64a21bc 100644 --- a/apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.email.tsx +++ b/apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.email.tsx @@ -49,6 +49,8 @@ export default function TeamEmailSettingsGeneral() { description: t`We were unable to update your email preferences at this time, please try again later`, variant: 'destructive', }); + + throw err; } }; diff --git a/packages/app-tests/e2e/admin/organisations/update-organisation-member-role.spec.ts b/packages/app-tests/e2e/admin/organisations/update-organisation-member-role.spec.ts index 2e0d53fb5..b73ed6f7f 100644 --- a/packages/app-tests/e2e/admin/organisations/update-organisation-member-role.spec.ts +++ b/packages/app-tests/e2e/admin/organisations/update-organisation-member-role.spec.ts @@ -526,7 +526,7 @@ test('[ADMIN]: verify organisation access after ownership change', async ({ page // Should be able to access organisation settings await expect(page.getByText('Organisation Settings')).toBeVisible(); await expect(page.getByLabel('Organisation Name*')).toBeVisible(); - await expect(page.getByRole('button', { name: 'Update organisation' })).toBeVisible(); + await expect(page.getByLabel('Organisation Name*')).toBeEnabled(); // Should have delete permissions await expect(page.getByRole('button', { name: 'Delete' })).toBeVisible(); diff --git a/packages/app-tests/e2e/envelopes/envelope-expiration-settings.spec.ts b/packages/app-tests/e2e/envelopes/envelope-expiration-settings.spec.ts index 806585193..fa1545d17 100644 --- a/packages/app-tests/e2e/envelopes/envelope-expiration-settings.spec.ts +++ b/packages/app-tests/e2e/envelopes/envelope-expiration-settings.spec.ts @@ -19,7 +19,7 @@ test('[ENVELOPE_EXPIRATION]: set custom expiration period at organisation level' }); // Wait for the form to load. - await expect(page.getByRole('button', { name: 'Update' }).first()).toBeVisible(); + await expect(page.getByTestId('document-language-trigger')).toBeVisible(); // Change the amount to 2. const amountInput = page.getByTestId('envelope-expiration-amount'); @@ -35,7 +35,7 @@ test('[ENVELOPE_EXPIRATION]: set custom expiration period at organisation level' await unitTrigger.click(); await page.getByRole('option', { name: 'Weeks' }).click(); - await page.getByRole('button', { name: 'Update' }).first().click(); + await page.getByRole('button', { name: 'Save changes' }).first().click(); await expect(page.getByText('Your document preferences have been updated').first()).toBeVisible(); // Verify via database. @@ -57,14 +57,14 @@ test('[ENVELOPE_EXPIRATION]: disable expiration at organisation level', async ({ redirectPath: `/o/${organisation.url}/settings/document`, }); - await expect(page.getByRole('button', { name: 'Update' }).first()).toBeVisible(); + await expect(page.getByTestId('document-language-trigger')).toBeVisible(); // Find the mode select (shows "Custom duration") and change to "Never expires". const modeTrigger = page.getByTestId('envelope-expiration-mode'); await modeTrigger.click(); await page.getByRole('option', { name: 'Never expires' }).click(); - await page.getByRole('button', { name: 'Update' }).first().click(); + await page.getByRole('button', { name: 'Save changes' }).first().click(); await expect(page.getByText('Your document preferences have been updated').first()).toBeVisible(); // Verify via database. @@ -109,7 +109,7 @@ test('[ENVELOPE_EXPIRATION]: team overrides organisation expiration', async ({ p redirectPath: `/t/${team.url}/settings/document`, }); - await expect(page.getByRole('button', { name: 'Update' }).first()).toBeVisible(); + await expect(page.getByTestId('document-language-trigger')).toBeVisible(); // The expiration picker mode select should show "Inherit from organisation" by default. const modeTrigger = page.getByTestId('envelope-expiration-mode'); @@ -128,7 +128,7 @@ test('[ENVELOPE_EXPIRATION]: team overrides organisation expiration', async ({ p await unitTrigger.click(); await page.getByRole('option', { name: 'Days' }).click(); - await page.getByRole('button', { name: 'Update' }).first().click(); + await page.getByRole('button', { name: 'Save changes' }).first().click(); await expect(page.getByText('Your document preferences have been updated').first()).toBeVisible(); // Verify team setting is overridden. diff --git a/packages/app-tests/e2e/features/include-document-certificate.spec.ts b/packages/app-tests/e2e/features/include-document-certificate.spec.ts index 335fb2389..6d44581f6 100644 --- a/packages/app-tests/e2e/features/include-document-certificate.spec.ts +++ b/packages/app-tests/e2e/features/include-document-certificate.spec.ts @@ -324,10 +324,7 @@ test.describe('Signing Certificate Tests', () => { .click(); await page.getByRole('option', { name: 'No' }).click(); - await page - .getByRole('button', { name: /Update/ }) - .first() - .click(); + await page.getByRole('button', { name: 'Save changes' }).first().click(); await page.waitForTimeout(1000); @@ -347,10 +344,7 @@ test.describe('Signing Certificate Tests', () => { .getByRole('combobox') .click(); await page.getByRole('option', { name: 'Yes' }).click(); - await page - .getByRole('button', { name: /Update/ }) - .first() - .click(); + await page.getByRole('button', { name: 'Save changes' }).first().click(); await page.waitForTimeout(1000); diff --git a/packages/app-tests/e2e/organisations/manage-organisation.spec.ts b/packages/app-tests/e2e/organisations/manage-organisation.spec.ts index f14777b08..23fcdedc6 100644 --- a/packages/app-tests/e2e/organisations/manage-organisation.spec.ts +++ b/packages/app-tests/e2e/organisations/manage-organisation.spec.ts @@ -60,7 +60,7 @@ test('[ORGANISATIONS]: manage general settings', async ({ page }) => { await page.getByLabel('Organisation URL*').clear(); await page.getByLabel('Organisation URL*').fill(updatedOrganisationId); - await page.getByRole('button', { name: 'Update organisation' }).click(); + await page.getByRole('button', { name: 'Save changes' }).click(); // Check we have been redirected to the new organisation URL and the name is updated. await page.waitForURL(`/o/${updatedOrganisationId}/settings/general`); diff --git a/packages/app-tests/e2e/organisations/organisation-team-preferences.spec.ts b/packages/app-tests/e2e/organisations/organisation-team-preferences.spec.ts index 48ab68685..336222d93 100644 --- a/packages/app-tests/e2e/organisations/organisation-team-preferences.spec.ts +++ b/packages/app-tests/e2e/organisations/organisation-team-preferences.spec.ts @@ -39,7 +39,7 @@ test('[ORGANISATIONS]: manage document preferences', async ({ page }) => { await page.getByRole('option', { name: 'No' }).click(); await page.getByTestId('include-signing-certificate-trigger').click(); await page.getByRole('option', { name: 'No' }).click(); - await page.getByRole('button', { name: 'Update' }).first().click(); + await page.getByRole('button', { name: 'Save changes' }).first().click(); await expect(page.getByText('Your document preferences have been updated').first()).toBeVisible(); const teamSettings = await getTeamSettings({ @@ -73,7 +73,7 @@ test('[ORGANISATIONS]: manage document preferences', async ({ page }) => { await page.getByTestId('document-date-format-trigger').click(); await page.getByRole('option', { name: 'MM/DD/YYYY', exact: true }).click(); - await page.getByRole('button', { name: 'Update' }).first().click(); + await page.getByRole('button', { name: 'Save changes' }).first().click(); await expect(page.getByText('Your document preferences have been updated').first()).toBeVisible(); const updatedTeamSettings = await getTeamSettings({ @@ -128,7 +128,7 @@ test('[ORGANISATIONS]: manage branding preferences', async ({ page }) => { await page.getByRole('textbox', { name: 'Brand Website' }).fill('https://documenso.com'); await page.getByRole('textbox', { name: 'Brand Details' }).click(); await page.getByRole('textbox', { name: 'Brand Details' }).fill('BrandDetails'); - await page.getByRole('button', { name: 'Update' }).first().click(); + await page.getByRole('button', { name: 'Save changes' }).first().click(); await expect(page.getByText('Your branding preferences have been updated').first()).toBeVisible(); const teamSettings = await getTeamSettings({ @@ -150,7 +150,7 @@ test('[ORGANISATIONS]: manage branding preferences', async ({ page }) => { await page.getByRole('textbox', { name: 'Brand Website' }).fill('https://example.com'); await page.getByRole('textbox', { name: 'Brand Details' }).click(); await page.getByRole('textbox', { name: 'Brand Details' }).fill('UpdatedBrandDetails'); - await page.getByRole('button', { name: 'Update' }).first().click(); + await page.getByRole('button', { name: 'Save changes' }).first().click(); await expect(page.getByText('Your branding preferences have been updated').first()).toBeVisible(); const updatedTeamSettings = await getTeamSettings({ @@ -165,7 +165,7 @@ test('[ORGANISATIONS]: manage branding preferences', async ({ page }) => { // Test inheritance by setting team back to inherit from organisation await page.getByTestId('enable-branding').click(); await page.getByRole('option', { name: 'Inherit from organisation' }).click(); - await page.getByRole('button', { name: 'Update' }).first().click(); + await page.getByRole('button', { name: 'Save changes' }).first().click(); await expect(page.getByText('Your branding preferences have been updated').first()).toBeVisible(); await page.waitForTimeout(2000); @@ -208,7 +208,7 @@ test('[ORGANISATIONS]: manage email preferences', async ({ page }) => { await page.getByRole('checkbox', { name: 'Email the signer if the document is still pending' }).uncheck(); await page.getByRole('checkbox', { name: 'Email recipients when a pending document is deleted' }).uncheck(); - await page.getByRole('button', { name: 'Update' }).first().click(); + await page.getByRole('button', { name: 'Save changes' }).first().click(); await expect(page.getByText('Your email preferences have been updated').first()).toBeVisible(); const teamSettings = await getTeamSettings({ @@ -245,7 +245,7 @@ test('[ORGANISATIONS]: manage email preferences', async ({ page }) => { await page.getByRole('checkbox', { name: 'Email recipients when the document is completed', exact: true }).uncheck(); await page.getByRole('checkbox', { name: 'Email the owner when the document is completed' }).uncheck(); - await page.getByRole('button', { name: 'Update' }).first().click(); + await page.getByRole('button', { name: 'Save changes' }).first().click(); await expect(page.getByText('Your email preferences have been updated').first()).toBeVisible(); const updatedTeamSettings = await getTeamSettings({ @@ -292,7 +292,7 @@ test('[ORGANISATIONS]: manage email preferences', async ({ page }) => { await page.getByRole('textbox', { name: 'Reply to email' }).fill(''); await page.getByRole('combobox').filter({ hasText: 'Override organisation settings' }).click(); await page.getByRole('option', { name: 'Inherit from organisation' }).click(); - await page.getByRole('button', { name: 'Update' }).first().click(); + await page.getByRole('button', { name: 'Save changes' }).first().click(); await expect(page.getByText('Your email preferences have been updated').first()).toBeVisible(); await page.waitForTimeout(1000); diff --git a/packages/app-tests/e2e/teams/manage-team.spec.ts b/packages/app-tests/e2e/teams/manage-team.spec.ts index 293ac0113..5e4892444 100644 --- a/packages/app-tests/e2e/teams/manage-team.spec.ts +++ b/packages/app-tests/e2e/teams/manage-team.spec.ts @@ -66,7 +66,7 @@ test('[TEAMS]: update team', async ({ page }) => { await page.getByLabel('Team URL*').clear(); await page.getByLabel('Team URL*').fill(updatedTeamId); - await page.getByRole('button', { name: 'Update team' }).click(); + await page.getByRole('button', { name: 'Save changes' }).click(); // Check we have been redirected to the new team URL and the name is updated. await page.waitForURL(`${NEXT_PUBLIC_WEBAPP_URL()}/t/${updatedTeamId}/settings`); diff --git a/packages/app-tests/e2e/teams/team-settings-save-bar.spec.ts b/packages/app-tests/e2e/teams/team-settings-save-bar.spec.ts new file mode 100644 index 000000000..272b649e7 --- /dev/null +++ b/packages/app-tests/e2e/teams/team-settings-save-bar.spec.ts @@ -0,0 +1,79 @@ +import { seedUser } from '@documenso/prisma/seed/users'; +import { expect, test } from '@playwright/test'; + +import { apiSignin } from '../fixtures/authentication'; + +test('[TEAMS]: settings save bar docks at the bottom of the form', async ({ page }) => { + const { user, team } = await seedUser(); + + await apiSignin({ + page, + email: user.email, + redirectPath: `/t/${team.url}/settings`, + }); + + await expect(page.getByLabel('Team Name*')).toBeVisible(); + + const saveButton = page.getByRole('button', { name: 'Save changes' }); + + // Pristine: the docked Save button is present but disabled; no Undo, no floating notice. + await expect(saveButton).toBeVisible(); + await expect(saveButton).toBeDisabled(); + await expect(page.getByRole('button', { name: 'Undo' })).toHaveCount(0); + await expect(page.getByText('You have unsaved changes')).not.toBeVisible(); + + // Make a change → Save enables and Undo appears. + const updatedName = `team-${Date.now()}`; + await page.getByLabel('Team Name*').clear(); + await page.getByLabel('Team Name*').fill(updatedName); + + await expect(saveButton).toBeEnabled(); + await expect(page.getByRole('button', { name: 'Undo' })).toBeVisible(); + + // Undo → value restored, Save disabled again, Undo gone. + await page.getByRole('button', { name: 'Undo' }).click(); + await expect(page.getByLabel('Team Name*')).toHaveValue(team.name); + await expect(saveButton).toBeDisabled(); + await expect(page.getByRole('button', { name: 'Undo' })).toHaveCount(0); + + // Change again → Save → success toast, returns to a pristine (disabled) state. + await page.getByLabel('Team Name*').clear(); + await page.getByLabel('Team Name*').fill(updatedName); + await expect(saveButton).toBeEnabled(); + await saveButton.click(); + + await expect(page.getByText('Your team has been successfully updated.').first()).toBeVisible(); + await expect(saveButton).toBeDisabled(); +}); + +test('[ORGANISATIONS]: settings save bar floats when the form footer is off-screen', async ({ page }) => { + const { user, organisation } = await seedUser({ + isPersonalOrganisation: false, + }); + + await apiSignin({ + page, + email: user.email, + redirectPath: `/o/${organisation.url}/settings/document`, + }); + + // Wait for the long document-preferences form to load. + await expect(page.getByTestId('document-language-trigger')).toBeVisible(); + + // Pristine: no floating notice even though the footer is below the fold. + await expect(page.getByText('You have unsaved changes')).not.toBeVisible(); + + // Edit a field near the top → the footer is off-screen, so the floating pill appears. + await page.getByTestId('document-language-trigger').click(); + await page.getByRole('option', { name: 'German' }).click(); + + await expect(page.getByText('You have unsaved changes')).toBeVisible(); + await expect(page.getByRole('button', { name: 'Save changes' })).toBeVisible(); + + // Scroll to the footer → the floating pill merges into the docked buttons and the + // notice disappears. + await page.evaluate(() => window.scrollTo(0, document.body.scrollHeight)); + + await expect(page.getByText('You have unsaved changes')).not.toBeVisible(); + await expect(page.getByRole('button', { name: 'Save changes' })).toBeVisible(); +}); diff --git a/packages/app-tests/e2e/teams/team-signature-settings.spec.ts b/packages/app-tests/e2e/teams/team-signature-settings.spec.ts index 7b4e4541e..078d0cab7 100644 --- a/packages/app-tests/e2e/teams/team-signature-settings.spec.ts +++ b/packages/app-tests/e2e/teams/team-signature-settings.spec.ts @@ -75,7 +75,7 @@ test('[TEAMS]: check signature modes can be disabled', async ({ page }) => { await item.click(); } - await page.getByRole('button', { name: 'Update' }).first().click(); + await page.getByRole('button', { name: 'Save changes' }).first().click(); // Wait for the update to complete await expect(page.getByText('Document preferences updated', { exact: true })).toBeVisible(); @@ -140,7 +140,7 @@ test('[TEAMS]: check signature modes work for templates', async ({ page }) => { await item.click(); } - await page.getByRole('button', { name: 'Update' }).first().click(); + await page.getByRole('button', { name: 'Save changes' }).first().click(); // Wait for finish await expect(page.getByText('Document preferences updated', { exact: true })).toBeVisible(); From 2332b0316be550548964d0af6452b9a3fa3c7be5 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 2 Jul 2026 14:58:56 +1000 Subject: [PATCH 06/10] chore: extract translations (#3013) --- packages/lib/translations/de/web.po | 44 ++++++++++-------- packages/lib/translations/en/web.po | 64 +++++++++++++++++++------- packages/lib/translations/es/web.po | 44 ++++++++++-------- packages/lib/translations/fr/web.po | 44 ++++++++++-------- packages/lib/translations/it/web.po | 44 ++++++++++-------- packages/lib/translations/ja/web.po | 44 ++++++++++-------- packages/lib/translations/ko/web.po | 44 ++++++++++-------- packages/lib/translations/nl/web.po | 44 ++++++++++-------- packages/lib/translations/pl/web.po | 45 ++++++++++-------- packages/lib/translations/pt-BR/web.po | 64 +++++++++++++++++++------- packages/lib/translations/zh/web.po | 44 ++++++++++-------- 11 files changed, 328 insertions(+), 197 deletions(-) diff --git a/packages/lib/translations/de/web.po b/packages/lib/translations/de/web.po index 6ec6e94f1..596094b11 100644 --- a/packages/lib/translations/de/web.po +++ b/packages/lib/translations/de/web.po @@ -2441,6 +2441,7 @@ msgstr "Branding-Logo" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Branding Preferences" msgstr "Markenpräferenzen" @@ -3572,6 +3573,7 @@ msgid "Currently all organisation members can access this team" msgstr "Derzeit können alle Organisationsmitglieder auf dieses Team zugreifen" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Currently branding can only be configured for Teams and above plans." msgstr "Zurzeit kann das Branding nur für Teams und darüber konfiguriert werden." @@ -4214,8 +4216,8 @@ msgstr "Dokument storniert" #: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx #: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx +#: packages/lib/jobs/definitions/emails/send-document-deleted-emails.handler.ts #: packages/lib/server-only/admin/admin-super-delete-document.ts -#: packages/lib/server-only/document/delete-document.ts msgid "Document Cancelled" msgstr "Dokument storniert" @@ -7942,6 +7944,11 @@ msgstr "Original" msgid "Otherwise, the document will be created as a draft." msgstr "Andernfalls wird das Dokument als Entwurf erstellt." +#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx +#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx +msgid "Overlapping fields detected" +msgstr "" + #: apps/remix/app/components/forms/document-preferences-form.tsx #: apps/remix/app/components/forms/email-preferences-form.tsx msgid "Override organisation settings" @@ -9197,9 +9204,7 @@ msgstr "Umschlag erneut senden" msgid "Resend verification" msgstr "Bestätigung erneut senden" -#: apps/remix/app/components/forms/organisation-update-form.tsx #: apps/remix/app/components/forms/public-profile-form.tsx -#: apps/remix/app/components/forms/team-update-form.tsx #: apps/remix/app/components/general/organisation-usage-reset-button.tsx msgid "Reset" msgstr "Zurücksetzen" @@ -9384,6 +9389,7 @@ msgid "Save as Template" msgstr "Als Vorlage speichern" #: apps/remix/app/components/dialogs/email-transport-update-dialog.tsx +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx msgid "Save changes" msgstr "Änderungen speichern" @@ -10224,6 +10230,11 @@ msgstr "Website Einstellungen" msgid "Skip" msgstr "Überspringen" +#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx +#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx +msgid "Some fields are placed on top of each other. This may complicate the signing process or cause fields to not work as expected." +msgstr "" + #: packages/ui/primitives/document-flow/missing-signature-field-dialog.tsx msgid "Some signers have not been assigned a signature field. Please assign at least 1 signature field to each signer before proceeding." msgstr "Einige Unterzeichner haben noch kein Unterschriftsfeld zugewiesen bekommen. Bitte weisen Sie jedem Unterzeichner mindestens ein Unterschriftsfeld zu, bevor Sie fortfahren." @@ -12254,6 +12265,7 @@ msgstr "Nicht autorisiert" msgid "Uncompleted" msgstr "Unvollendet" +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx #: packages/ui/primitives/signature-pad/signature-pad-draw.tsx msgid "Undo" msgstr "Rückgängig" @@ -12303,6 +12315,10 @@ msgstr "Verknüpfung aufheben" msgid "Unpin" msgstr "Lösen" +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx +msgid "Unsaved changes" +msgstr "" + #: apps/remix/app/routes/_authenticated+/admin+/_layout.tsx #: apps/remix/app/routes/_authenticated+/admin+/unsealed-documents._index.tsx msgid "Unsealed Documents" @@ -12322,9 +12338,6 @@ msgstr "Unbetitelte Gruppe" #: apps/remix/app/components/dialogs/team-group-update-dialog.tsx #: apps/remix/app/components/dialogs/team-member-update-dialog.tsx #: apps/remix/app/components/dialogs/webhook-edit-dialog.tsx -#: apps/remix/app/components/forms/branding-preferences-form.tsx -#: apps/remix/app/components/forms/document-preferences-form.tsx -#: apps/remix/app/components/forms/email-preferences-form.tsx #: apps/remix/app/components/forms/public-profile-form.tsx #: apps/remix/app/components/general/envelope-editor/envelope-editor-settings-dialog.tsx #: apps/remix/app/components/tables/admin-claims-table.tsx @@ -12347,6 +12360,7 @@ msgstr "Banner aktualisieren" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains._index.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Update Billing" msgstr "Rechnungsdaten aktualisieren" @@ -12374,10 +12388,6 @@ msgstr "E-Mail aktualisieren" msgid "Update Fields" msgstr "Felder aktualisieren" -#: apps/remix/app/components/forms/organisation-update-form.tsx -msgid "Update organisation" -msgstr "Organisation aktualisieren" - #: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx #: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx #: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx @@ -12413,10 +12423,6 @@ msgstr "Rolle aktualisieren" msgid "Update Subscription Claim" msgstr "Abonnementsanspruch aktualisieren" -#: apps/remix/app/components/forms/team-update-form.tsx -msgid "Update team" -msgstr "Team aktualisieren" - #: apps/remix/app/components/dialogs/team-email-update-dialog.tsx #: apps/remix/app/components/dialogs/team-email-update-dialog.tsx msgid "Update team email" @@ -12947,7 +12953,7 @@ msgstr "Warten" msgid "Waiting for others" msgstr "Warten auf andere" -#: packages/lib/server-only/document/send-pending-email.ts +#: packages/lib/jobs/definitions/emails/send-document-pending-email.handler.ts msgid "Waiting for others to complete signing." msgstr "Warten auf andere, um die Unterzeichnung abzuschließen." @@ -13921,8 +13927,7 @@ msgstr "Du wurdest eingeladen, {0} auf Documenso beizutreten" msgid "You have been invited to join the following organisation" msgstr "Sie wurden eingeladen, der folgenden Organisation beizutreten" -#: packages/lib/server-only/recipient/delete-envelope-recipient.ts -#: packages/lib/server-only/recipient/set-document-recipients.ts +#: packages/lib/jobs/definitions/emails/send-recipient-removed-email.handler.ts msgid "You have been removed from a document" msgstr "Du wurdest von einem Dokument entfernt" @@ -14042,6 +14047,10 @@ msgstr "Sie haben den Zugriff erfolgreich widerrufen." msgid "You have the right to withdraw your consent to use electronic signatures at any time before completing the signing process. To withdraw your consent, please contact the sender of the document. In failing to contact the sender you may reach out to <0>{SUPPORT_EMAIL} for assistance. Be aware that withdrawing consent may delay or halt the completion of the related transaction or service." msgstr "Sie haben das Recht, Ihre Zustimmung zur Verwendung elektronischer Unterschriften jederzeit vor Abschluss des Unterzeichnungsprozesses zu widerrufen. Um Ihre Zustimmung zu widerrufen, kontaktieren Sie bitte den Absender des Dokuments. Sollten Sie den Absender nicht erreichen, können Sie sich für Unterstützung an <0>{SUPPORT_EMAIL} wenden. Seien Sie sich bewusst, dass der Widerruf der Zustimmung den Abschluss der zugehörigen Transaktion oder Dienstleistung verzögern oder stoppen kann." +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx +msgid "You have unsaved changes" +msgstr "" + #: apps/remix/app/components/dialogs/team-member-update-dialog.tsx msgid "You have updated {memberName}." msgstr "Sie haben {memberName} aktualisiert." @@ -14721,4 +14730,3 @@ msgstr "Ihr Verifizierungscode:" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx msgid "your-domain.com another-domain.com" msgstr "your-domain.com another-domain.com" - diff --git a/packages/lib/translations/en/web.po b/packages/lib/translations/en/web.po index 07cf034bc..23d2f1c8f 100644 --- a/packages/lib/translations/en/web.po +++ b/packages/lib/translations/en/web.po @@ -2436,6 +2436,7 @@ msgstr "Branding Logo" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Branding Preferences" msgstr "Branding Preferences" @@ -3567,6 +3568,7 @@ msgid "Currently all organisation members can access this team" msgstr "Currently all organisation members can access this team" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Currently branding can only be configured for Teams and above plans." msgstr "Currently branding can only be configured for Teams and above plans." @@ -4209,8 +4211,8 @@ msgstr "Document cancelled" #: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx #: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx +#: packages/lib/jobs/definitions/emails/send-document-deleted-emails.handler.ts #: packages/lib/server-only/admin/admin-super-delete-document.ts -#: packages/lib/server-only/document/delete-document.ts msgid "Document Cancelled" msgstr "Document Cancelled" @@ -7937,6 +7939,11 @@ msgstr "Original" msgid "Otherwise, the document will be created as a draft." msgstr "Otherwise, the document will be created as a draft." +#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx +#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx +msgid "Overlapping fields detected" +msgstr "Overlapping fields detected" + #: apps/remix/app/components/forms/document-preferences-form.tsx #: apps/remix/app/components/forms/email-preferences-form.tsx msgid "Override organisation settings" @@ -8772,6 +8779,10 @@ msgstr "Recipient ID:" msgid "Recipient rejected the document" msgstr "Recipient rejected the document" +#: packages/lib/utils/document-audit-logs.ts +msgid "Recipient rejected the document externally" +msgstr "Recipient rejected the document externally" + #: apps/remix/app/components/general/admin-global-settings-section.tsx msgid "Recipient removed" msgstr "Recipient removed" @@ -9188,9 +9199,7 @@ msgstr "Resend Envelope" msgid "Resend verification" msgstr "Resend verification" -#: apps/remix/app/components/forms/organisation-update-form.tsx #: apps/remix/app/components/forms/public-profile-form.tsx -#: apps/remix/app/components/forms/team-update-form.tsx #: apps/remix/app/components/general/organisation-usage-reset-button.tsx msgid "Reset" msgstr "Reset" @@ -9375,6 +9384,7 @@ msgid "Save as Template" msgstr "Save as Template" #: apps/remix/app/components/dialogs/email-transport-update-dialog.tsx +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx msgid "Save changes" msgstr "Save changes" @@ -10215,6 +10225,11 @@ msgstr "Site Settings" msgid "Skip" msgstr "Skip" +#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx +#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx +msgid "Some fields are placed on top of each other. This may complicate the signing process or cause fields to not work as expected." +msgstr "Some fields are placed on top of each other. This may complicate the signing process or cause fields to not work as expected." + #: packages/ui/primitives/document-flow/missing-signature-field-dialog.tsx msgid "Some signers have not been assigned a signature field. Please assign at least 1 signature field to each signer before proceeding." msgstr "Some signers have not been assigned a signature field. Please assign at least 1 signature field to each signer before proceeding." @@ -11093,6 +11108,23 @@ msgstr "The document signing process will be stopped" msgid "The document was created but could not be sent to recipients." msgstr "The document was created but could not be sent to recipients." +#: packages/lib/utils/document-audit-logs.ts +msgid "The document was rejected externally by {onBehalfOf} on behalf of {user}" +msgstr "The document was rejected externally by {onBehalfOf} on behalf of {user}" + +#: packages/lib/utils/document-audit-logs.ts +#: packages/lib/utils/document-audit-logs.ts +msgid "The document was rejected externally by {onBehalfOf} on behalf of the recipient" +msgstr "The document was rejected externally by {onBehalfOf} on behalf of the recipient" + +#: packages/lib/utils/document-audit-logs.ts +msgid "The document was rejected externally on behalf of {user}" +msgstr "The document was rejected externally on behalf of {user}" + +#: packages/lib/utils/document-audit-logs.ts +msgid "The document was rejected externally on behalf of the recipient" +msgstr "The document was rejected externally on behalf of the recipient" + #: apps/remix/app/components/dialogs/envelope-delete-dialog.tsx msgid "The document will be hidden from your account" msgstr "The document will be hidden from your account" @@ -12228,6 +12260,7 @@ msgstr "Unauthorized" msgid "Uncompleted" msgstr "Uncompleted" +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx #: packages/ui/primitives/signature-pad/signature-pad-draw.tsx msgid "Undo" msgstr "Undo" @@ -12277,6 +12310,10 @@ msgstr "Unlink" msgid "Unpin" msgstr "Unpin" +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx +msgid "Unsaved changes" +msgstr "Unsaved changes" + #: apps/remix/app/routes/_authenticated+/admin+/_layout.tsx #: apps/remix/app/routes/_authenticated+/admin+/unsealed-documents._index.tsx msgid "Unsealed Documents" @@ -12296,9 +12333,6 @@ msgstr "Untitled Group" #: apps/remix/app/components/dialogs/team-group-update-dialog.tsx #: apps/remix/app/components/dialogs/team-member-update-dialog.tsx #: apps/remix/app/components/dialogs/webhook-edit-dialog.tsx -#: apps/remix/app/components/forms/branding-preferences-form.tsx -#: apps/remix/app/components/forms/document-preferences-form.tsx -#: apps/remix/app/components/forms/email-preferences-form.tsx #: apps/remix/app/components/forms/public-profile-form.tsx #: apps/remix/app/components/general/envelope-editor/envelope-editor-settings-dialog.tsx #: apps/remix/app/components/tables/admin-claims-table.tsx @@ -12321,6 +12355,7 @@ msgstr "Update Banner" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains._index.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Update Billing" msgstr "Update Billing" @@ -12348,10 +12383,6 @@ msgstr "Update email" msgid "Update Fields" msgstr "Update Fields" -#: apps/remix/app/components/forms/organisation-update-form.tsx -msgid "Update organisation" -msgstr "Update organisation" - #: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx #: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx #: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx @@ -12387,10 +12418,6 @@ msgstr "Update role" msgid "Update Subscription Claim" msgstr "Update Subscription Claim" -#: apps/remix/app/components/forms/team-update-form.tsx -msgid "Update team" -msgstr "Update team" - #: apps/remix/app/components/dialogs/team-email-update-dialog.tsx #: apps/remix/app/components/dialogs/team-email-update-dialog.tsx msgid "Update team email" @@ -12921,7 +12948,7 @@ msgstr "Waiting" msgid "Waiting for others" msgstr "Waiting for others" -#: packages/lib/server-only/document/send-pending-email.ts +#: packages/lib/jobs/definitions/emails/send-document-pending-email.handler.ts msgid "Waiting for others to complete signing." msgstr "Waiting for others to complete signing." @@ -13895,8 +13922,7 @@ msgstr "You have been invited to join {0} on Documenso" msgid "You have been invited to join the following organisation" msgstr "You have been invited to join the following organisation" -#: packages/lib/server-only/recipient/delete-envelope-recipient.ts -#: packages/lib/server-only/recipient/set-document-recipients.ts +#: packages/lib/jobs/definitions/emails/send-recipient-removed-email.handler.ts msgid "You have been removed from a document" msgstr "You have been removed from a document" @@ -14016,6 +14042,10 @@ msgstr "You have successfully revoked access." msgid "You have the right to withdraw your consent to use electronic signatures at any time before completing the signing process. To withdraw your consent, please contact the sender of the document. In failing to contact the sender you may reach out to <0>{SUPPORT_EMAIL} for assistance. Be aware that withdrawing consent may delay or halt the completion of the related transaction or service." msgstr "You have the right to withdraw your consent to use electronic signatures at any time before completing the signing process. To withdraw your consent, please contact the sender of the document. In failing to contact the sender you may reach out to <0>{SUPPORT_EMAIL} for assistance. Be aware that withdrawing consent may delay or halt the completion of the related transaction or service." +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx +msgid "You have unsaved changes" +msgstr "You have unsaved changes" + #: apps/remix/app/components/dialogs/team-member-update-dialog.tsx msgid "You have updated {memberName}." msgstr "You have updated {memberName}." diff --git a/packages/lib/translations/es/web.po b/packages/lib/translations/es/web.po index 2d44ea007..eaa06c120 100644 --- a/packages/lib/translations/es/web.po +++ b/packages/lib/translations/es/web.po @@ -2441,6 +2441,7 @@ msgstr "Logotipo de Marca" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Branding Preferences" msgstr "Preferencias de marca" @@ -3572,6 +3573,7 @@ msgid "Currently all organisation members can access this team" msgstr "Actualmente, todos los miembros de la organización pueden acceder a este equipo" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Currently branding can only be configured for Teams and above plans." msgstr "Actualmente la marca solo se puede configurar para Equipos y planes superiores." @@ -4214,8 +4216,8 @@ msgstr "Documento cancelado" #: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx #: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx +#: packages/lib/jobs/definitions/emails/send-document-deleted-emails.handler.ts #: packages/lib/server-only/admin/admin-super-delete-document.ts -#: packages/lib/server-only/document/delete-document.ts msgid "Document Cancelled" msgstr "Documento cancelado" @@ -7942,6 +7944,11 @@ msgstr "Original" msgid "Otherwise, the document will be created as a draft." msgstr "De lo contrario, el documento se creará como un borrador." +#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx +#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx +msgid "Overlapping fields detected" +msgstr "" + #: apps/remix/app/components/forms/document-preferences-form.tsx #: apps/remix/app/components/forms/email-preferences-form.tsx msgid "Override organisation settings" @@ -9197,9 +9204,7 @@ msgstr "Reenviar sobre (envelope)" msgid "Resend verification" msgstr "Reenviar verificación" -#: apps/remix/app/components/forms/organisation-update-form.tsx #: apps/remix/app/components/forms/public-profile-form.tsx -#: apps/remix/app/components/forms/team-update-form.tsx #: apps/remix/app/components/general/organisation-usage-reset-button.tsx msgid "Reset" msgstr "Restablecer" @@ -9384,6 +9389,7 @@ msgid "Save as Template" msgstr "Guardar como plantilla" #: apps/remix/app/components/dialogs/email-transport-update-dialog.tsx +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx msgid "Save changes" msgstr "Guardar cambios" @@ -10224,6 +10230,11 @@ msgstr "Configuraciones del sitio" msgid "Skip" msgstr "Omitir" +#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx +#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx +msgid "Some fields are placed on top of each other. This may complicate the signing process or cause fields to not work as expected." +msgstr "" + #: packages/ui/primitives/document-flow/missing-signature-field-dialog.tsx msgid "Some signers have not been assigned a signature field. Please assign at least 1 signature field to each signer before proceeding." msgstr "Algunos firmantes no han sido asignados a un campo de firma. Asigne al menos 1 campo de firma a cada firmante antes de continuar." @@ -12254,6 +12265,7 @@ msgstr "No autorizado" msgid "Uncompleted" msgstr "Incompleto" +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx #: packages/ui/primitives/signature-pad/signature-pad-draw.tsx msgid "Undo" msgstr "Deshacer" @@ -12303,6 +12315,10 @@ msgstr "Desvincular" msgid "Unpin" msgstr "Desanclar" +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx +msgid "Unsaved changes" +msgstr "" + #: apps/remix/app/routes/_authenticated+/admin+/_layout.tsx #: apps/remix/app/routes/_authenticated+/admin+/unsealed-documents._index.tsx msgid "Unsealed Documents" @@ -12322,9 +12338,6 @@ msgstr "Grupo sin título" #: apps/remix/app/components/dialogs/team-group-update-dialog.tsx #: apps/remix/app/components/dialogs/team-member-update-dialog.tsx #: apps/remix/app/components/dialogs/webhook-edit-dialog.tsx -#: apps/remix/app/components/forms/branding-preferences-form.tsx -#: apps/remix/app/components/forms/document-preferences-form.tsx -#: apps/remix/app/components/forms/email-preferences-form.tsx #: apps/remix/app/components/forms/public-profile-form.tsx #: apps/remix/app/components/general/envelope-editor/envelope-editor-settings-dialog.tsx #: apps/remix/app/components/tables/admin-claims-table.tsx @@ -12347,6 +12360,7 @@ msgstr "Actualizar banner" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains._index.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Update Billing" msgstr "Actualizar facturación" @@ -12374,10 +12388,6 @@ msgstr "Actualizar correo electrónico" msgid "Update Fields" msgstr "Actualizar Campos" -#: apps/remix/app/components/forms/organisation-update-form.tsx -msgid "Update organisation" -msgstr "Actualizar organización" - #: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx #: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx #: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx @@ -12413,10 +12423,6 @@ msgstr "Actualizar rol" msgid "Update Subscription Claim" msgstr "Actualizar reclamo de suscripción" -#: apps/remix/app/components/forms/team-update-form.tsx -msgid "Update team" -msgstr "Actualizar equipo" - #: apps/remix/app/components/dialogs/team-email-update-dialog.tsx #: apps/remix/app/components/dialogs/team-email-update-dialog.tsx msgid "Update team email" @@ -12947,7 +12953,7 @@ msgstr "Esperando" msgid "Waiting for others" msgstr "Esperando a otros" -#: packages/lib/server-only/document/send-pending-email.ts +#: packages/lib/jobs/definitions/emails/send-document-pending-email.handler.ts msgid "Waiting for others to complete signing." msgstr "Esperando a que otros completen la firma." @@ -13921,8 +13927,7 @@ msgstr "Te han invitado a unirte a {0} en Documenso" msgid "You have been invited to join the following organisation" msgstr "Has sido invitado a unirte a la siguiente organización" -#: packages/lib/server-only/recipient/delete-envelope-recipient.ts -#: packages/lib/server-only/recipient/set-document-recipients.ts +#: packages/lib/jobs/definitions/emails/send-recipient-removed-email.handler.ts msgid "You have been removed from a document" msgstr "Te han eliminado de un documento" @@ -14042,6 +14047,10 @@ msgstr "Has revocado el acceso con éxito." msgid "You have the right to withdraw your consent to use electronic signatures at any time before completing the signing process. To withdraw your consent, please contact the sender of the document. In failing to contact the sender you may reach out to <0>{SUPPORT_EMAIL} for assistance. Be aware that withdrawing consent may delay or halt the completion of the related transaction or service." msgstr "Usted tiene el derecho de retirar su consentimiento para usar firmas electrónicas en cualquier momento antes de completar el proceso de firma. Para retirar su consentimiento, comuníquese con el remitente del documento. Si no se comunica con el remitente, puede comunicarse con <0>{SUPPORT_EMAIL} para obtener asistencia. Tenga en cuenta que retirar el consentimiento puede retrasar o detener la finalización de la transacción o servicio relacionado." +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx +msgid "You have unsaved changes" +msgstr "" + #: apps/remix/app/components/dialogs/team-member-update-dialog.tsx msgid "You have updated {memberName}." msgstr "Has actualizado a {memberName}." @@ -14721,4 +14730,3 @@ msgstr "Su código de verificación:" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx msgid "your-domain.com another-domain.com" msgstr "su-dominio.com otro-dominio.com" - diff --git a/packages/lib/translations/fr/web.po b/packages/lib/translations/fr/web.po index fb2b175d2..a6ca6fd07 100644 --- a/packages/lib/translations/fr/web.po +++ b/packages/lib/translations/fr/web.po @@ -2441,6 +2441,7 @@ msgstr "Logo de la marque" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Branding Preferences" msgstr "Préférences de branding" @@ -3572,6 +3573,7 @@ msgid "Currently all organisation members can access this team" msgstr "Actuellement, tous les membres de l'organisation peuvent accéder à cette équipe" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Currently branding can only be configured for Teams and above plans." msgstr "Actuellement, la personnalisation de la marque ne peut être configurée que pour les plans Équipe et plus." @@ -4214,8 +4216,8 @@ msgstr "Document annulé" #: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx #: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx +#: packages/lib/jobs/definitions/emails/send-document-deleted-emails.handler.ts #: packages/lib/server-only/admin/admin-super-delete-document.ts -#: packages/lib/server-only/document/delete-document.ts msgid "Document Cancelled" msgstr "Document Annulé" @@ -7942,6 +7944,11 @@ msgstr "Original" msgid "Otherwise, the document will be created as a draft." msgstr "Sinon, le document sera créé sous forme de brouillon." +#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx +#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx +msgid "Overlapping fields detected" +msgstr "" + #: apps/remix/app/components/forms/document-preferences-form.tsx #: apps/remix/app/components/forms/email-preferences-form.tsx msgid "Override organisation settings" @@ -9197,9 +9204,7 @@ msgstr "Renvoyer l’enveloppe" msgid "Resend verification" msgstr "Renvoyer la vérification" -#: apps/remix/app/components/forms/organisation-update-form.tsx #: apps/remix/app/components/forms/public-profile-form.tsx -#: apps/remix/app/components/forms/team-update-form.tsx #: apps/remix/app/components/general/organisation-usage-reset-button.tsx msgid "Reset" msgstr "Réinitialiser" @@ -9384,6 +9389,7 @@ msgid "Save as Template" msgstr "Enregistrer comme modèle" #: apps/remix/app/components/dialogs/email-transport-update-dialog.tsx +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx msgid "Save changes" msgstr "Enregistrer les modifications" @@ -10224,6 +10230,11 @@ msgstr "Paramètres du site" msgid "Skip" msgstr "Ignorer" +#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx +#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx +msgid "Some fields are placed on top of each other. This may complicate the signing process or cause fields to not work as expected." +msgstr "" + #: packages/ui/primitives/document-flow/missing-signature-field-dialog.tsx msgid "Some signers have not been assigned a signature field. Please assign at least 1 signature field to each signer before proceeding." msgstr "Certains signataires n'ont pas été assignés à un champ de signature. Veuillez assigner au moins 1 champ de signature à chaque signataire avant de continuer." @@ -12254,6 +12265,7 @@ msgstr "Non autorisé" msgid "Uncompleted" msgstr "Non complet" +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx #: packages/ui/primitives/signature-pad/signature-pad-draw.tsx msgid "Undo" msgstr "Annuler" @@ -12303,6 +12315,10 @@ msgstr "Délier" msgid "Unpin" msgstr "Détacher" +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx +msgid "Unsaved changes" +msgstr "" + #: apps/remix/app/routes/_authenticated+/admin+/_layout.tsx #: apps/remix/app/routes/_authenticated+/admin+/unsealed-documents._index.tsx msgid "Unsealed Documents" @@ -12322,9 +12338,6 @@ msgstr "Groupe sans titre" #: apps/remix/app/components/dialogs/team-group-update-dialog.tsx #: apps/remix/app/components/dialogs/team-member-update-dialog.tsx #: apps/remix/app/components/dialogs/webhook-edit-dialog.tsx -#: apps/remix/app/components/forms/branding-preferences-form.tsx -#: apps/remix/app/components/forms/document-preferences-form.tsx -#: apps/remix/app/components/forms/email-preferences-form.tsx #: apps/remix/app/components/forms/public-profile-form.tsx #: apps/remix/app/components/general/envelope-editor/envelope-editor-settings-dialog.tsx #: apps/remix/app/components/tables/admin-claims-table.tsx @@ -12347,6 +12360,7 @@ msgstr "Mettre à jour la bannière" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains._index.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Update Billing" msgstr "Mettre à jour la facturation" @@ -12374,10 +12388,6 @@ msgstr "Mettre à jour l'e-mail" msgid "Update Fields" msgstr "Mettre à jour les champs" -#: apps/remix/app/components/forms/organisation-update-form.tsx -msgid "Update organisation" -msgstr "Mettre à jour l'organisation" - #: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx #: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx #: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx @@ -12413,10 +12423,6 @@ msgstr "Mettre à jour le rôle" msgid "Update Subscription Claim" msgstr "Mettre à jour la réclamation d'abonnement" -#: apps/remix/app/components/forms/team-update-form.tsx -msgid "Update team" -msgstr "Mettre à jour l'équipe" - #: apps/remix/app/components/dialogs/team-email-update-dialog.tsx #: apps/remix/app/components/dialogs/team-email-update-dialog.tsx msgid "Update team email" @@ -12947,7 +12953,7 @@ msgstr "En attente" msgid "Waiting for others" msgstr "En attente des autres" -#: packages/lib/server-only/document/send-pending-email.ts +#: packages/lib/jobs/definitions/emails/send-document-pending-email.handler.ts msgid "Waiting for others to complete signing." msgstr "En attente que d'autres terminent la signature." @@ -13921,8 +13927,7 @@ msgstr "Vous avez été invité à rejoindre {0} sur Documenso" msgid "You have been invited to join the following organisation" msgstr "Vous avez été invité à rejoindre l'organisation suivante" -#: packages/lib/server-only/recipient/delete-envelope-recipient.ts -#: packages/lib/server-only/recipient/set-document-recipients.ts +#: packages/lib/jobs/definitions/emails/send-recipient-removed-email.handler.ts msgid "You have been removed from a document" msgstr "Vous avez été supprimé d'un document" @@ -14042,6 +14047,10 @@ msgstr "Vous avez révoqué l'accès avec succès." msgid "You have the right to withdraw your consent to use electronic signatures at any time before completing the signing process. To withdraw your consent, please contact the sender of the document. In failing to contact the sender you may reach out to <0>{SUPPORT_EMAIL} for assistance. Be aware that withdrawing consent may delay or halt the completion of the related transaction or service." msgstr "Vous avez le droit de retirer votre consentement à l'utilisation des signatures électroniques à tout moment avant de terminer le processus de signature. Pour retirer votre consentement, veuillez contacter l'expéditeur du document. Si vous ne contactez pas l'expéditeur, vous pouvez contacter <0>{SUPPORT_EMAIL} pour obtenir de l'aide. Sachez que le retrait de consentement peut retarder ou arrêter l'achèvement de la transaction ou du service associé." +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx +msgid "You have unsaved changes" +msgstr "" + #: apps/remix/app/components/dialogs/team-member-update-dialog.tsx msgid "You have updated {memberName}." msgstr "Vous avez mis à jour {memberName}." @@ -14721,4 +14730,3 @@ msgstr "Votre code de vérification :" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx msgid "your-domain.com another-domain.com" msgstr "your-domain.com another-domain.com" - diff --git a/packages/lib/translations/it/web.po b/packages/lib/translations/it/web.po index 1fd209ef4..af3f6de43 100644 --- a/packages/lib/translations/it/web.po +++ b/packages/lib/translations/it/web.po @@ -2441,6 +2441,7 @@ msgstr "Logo del Marchio" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Branding Preferences" msgstr "Preferenze per il branding" @@ -3572,6 +3573,7 @@ msgid "Currently all organisation members can access this team" msgstr "Attualmente tutti i membri dell'organizzazione possono accedere a questo team" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Currently branding can only be configured for Teams and above plans." msgstr "Attualmente il marchio può essere configurato solo per i piani Team e superiori." @@ -4214,8 +4216,8 @@ msgstr "Documento annullato" #: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx #: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx +#: packages/lib/jobs/definitions/emails/send-document-deleted-emails.handler.ts #: packages/lib/server-only/admin/admin-super-delete-document.ts -#: packages/lib/server-only/document/delete-document.ts msgid "Document Cancelled" msgstr "Documento Annullato" @@ -7942,6 +7944,11 @@ msgstr "Originale" msgid "Otherwise, the document will be created as a draft." msgstr "Altrimenti, il documento sarà creato come bozza." +#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx +#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx +msgid "Overlapping fields detected" +msgstr "" + #: apps/remix/app/components/forms/document-preferences-form.tsx #: apps/remix/app/components/forms/email-preferences-form.tsx msgid "Override organisation settings" @@ -9197,9 +9204,7 @@ msgstr "Invia nuovamente busta" msgid "Resend verification" msgstr "Reinvia verifica" -#: apps/remix/app/components/forms/organisation-update-form.tsx #: apps/remix/app/components/forms/public-profile-form.tsx -#: apps/remix/app/components/forms/team-update-form.tsx #: apps/remix/app/components/general/organisation-usage-reset-button.tsx msgid "Reset" msgstr "Ripristina" @@ -9384,6 +9389,7 @@ msgid "Save as Template" msgstr "Salva come modello" #: apps/remix/app/components/dialogs/email-transport-update-dialog.tsx +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx msgid "Save changes" msgstr "Salva le modifiche" @@ -10224,6 +10230,11 @@ msgstr "Impostazioni del sito" msgid "Skip" msgstr "Salta" +#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx +#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx +msgid "Some fields are placed on top of each other. This may complicate the signing process or cause fields to not work as expected." +msgstr "" + #: packages/ui/primitives/document-flow/missing-signature-field-dialog.tsx msgid "Some signers have not been assigned a signature field. Please assign at least 1 signature field to each signer before proceeding." msgstr "Alcuni firmatari non hanno un campo firma assegnato. Assegna almeno 1 campo di firma a ciascun firmatario prima di procedere." @@ -12254,6 +12265,7 @@ msgstr "Non autorizzato" msgid "Uncompleted" msgstr "Incompleto" +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx #: packages/ui/primitives/signature-pad/signature-pad-draw.tsx msgid "Undo" msgstr "Annulla" @@ -12303,6 +12315,10 @@ msgstr "Scollega" msgid "Unpin" msgstr "Rimuovi" +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx +msgid "Unsaved changes" +msgstr "" + #: apps/remix/app/routes/_authenticated+/admin+/_layout.tsx #: apps/remix/app/routes/_authenticated+/admin+/unsealed-documents._index.tsx msgid "Unsealed Documents" @@ -12322,9 +12338,6 @@ msgstr "Gruppo senza nome" #: apps/remix/app/components/dialogs/team-group-update-dialog.tsx #: apps/remix/app/components/dialogs/team-member-update-dialog.tsx #: apps/remix/app/components/dialogs/webhook-edit-dialog.tsx -#: apps/remix/app/components/forms/branding-preferences-form.tsx -#: apps/remix/app/components/forms/document-preferences-form.tsx -#: apps/remix/app/components/forms/email-preferences-form.tsx #: apps/remix/app/components/forms/public-profile-form.tsx #: apps/remix/app/components/general/envelope-editor/envelope-editor-settings-dialog.tsx #: apps/remix/app/components/tables/admin-claims-table.tsx @@ -12347,6 +12360,7 @@ msgstr "Aggiorna banner" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains._index.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Update Billing" msgstr "Aggiorna fatturazione" @@ -12374,10 +12388,6 @@ msgstr "Aggiorna email" msgid "Update Fields" msgstr "Aggiorna campi" -#: apps/remix/app/components/forms/organisation-update-form.tsx -msgid "Update organisation" -msgstr "Aggiorna organizzazione" - #: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx #: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx #: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx @@ -12413,10 +12423,6 @@ msgstr "Aggiorna ruolo" msgid "Update Subscription Claim" msgstr "Aggiorna reclamo di sottoscrizione" -#: apps/remix/app/components/forms/team-update-form.tsx -msgid "Update team" -msgstr "Aggiorna team" - #: apps/remix/app/components/dialogs/team-email-update-dialog.tsx #: apps/remix/app/components/dialogs/team-email-update-dialog.tsx msgid "Update team email" @@ -12947,7 +12953,7 @@ msgstr "In attesa" msgid "Waiting for others" msgstr "In attesa di altri" -#: packages/lib/server-only/document/send-pending-email.ts +#: packages/lib/jobs/definitions/emails/send-document-pending-email.handler.ts msgid "Waiting for others to complete signing." msgstr "In attesa che altri completino la firma." @@ -13921,8 +13927,7 @@ msgstr "Sei stato invitato a unirti a {0} su Documenso" msgid "You have been invited to join the following organisation" msgstr "Sei stato invitato a unirti alla seguente organizzazione" -#: packages/lib/server-only/recipient/delete-envelope-recipient.ts -#: packages/lib/server-only/recipient/set-document-recipients.ts +#: packages/lib/jobs/definitions/emails/send-recipient-removed-email.handler.ts msgid "You have been removed from a document" msgstr "Sei stato rimosso da un documento" @@ -14042,6 +14047,10 @@ msgstr "Hai revocato con successo l'accesso." msgid "You have the right to withdraw your consent to use electronic signatures at any time before completing the signing process. To withdraw your consent, please contact the sender of the document. In failing to contact the sender you may reach out to <0>{SUPPORT_EMAIL} for assistance. Be aware that withdrawing consent may delay or halt the completion of the related transaction or service." msgstr "Hai il diritto di ritirare il tuo consenso all'uso delle firme elettroniche in qualsiasi momento prima di completare il processo di firma. Per ritirare il tuo consenso, contatta il mittente del documento. Nel caso in cui non riesci a contattare il mittente, puoi contattare <0>{SUPPORT_EMAIL} per assistenza. Sii consapevole che il ritiro del consenso potrebbe ritardare o fermare il completamento della transazione o del servizio correlato." +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx +msgid "You have unsaved changes" +msgstr "" + #: apps/remix/app/components/dialogs/team-member-update-dialog.tsx msgid "You have updated {memberName}." msgstr "Hai aggiornato {memberName}." @@ -14721,4 +14730,3 @@ msgstr "Il tuo codice di verifica:" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx msgid "your-domain.com another-domain.com" msgstr "tuo-dominio.com altro-dominio.com" - diff --git a/packages/lib/translations/ja/web.po b/packages/lib/translations/ja/web.po index f2fc95818..a71b944ec 100644 --- a/packages/lib/translations/ja/web.po +++ b/packages/lib/translations/ja/web.po @@ -2441,6 +2441,7 @@ msgstr "ブランディングロゴ" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Branding Preferences" msgstr "ブランディング設定" @@ -3572,6 +3573,7 @@ msgid "Currently all organisation members can access this team" msgstr "現在、すべての組織メンバーがこのチームにアクセスできます" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Currently branding can only be configured for Teams and above plans." msgstr "現在、ブランディングは Teams プラン以上のみ設定できます。" @@ -4214,8 +4216,8 @@ msgstr "文書は取り消されました" #: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx #: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx +#: packages/lib/jobs/definitions/emails/send-document-deleted-emails.handler.ts #: packages/lib/server-only/admin/admin-super-delete-document.ts -#: packages/lib/server-only/document/delete-document.ts msgid "Document Cancelled" msgstr "文書はキャンセルされました" @@ -7942,6 +7944,11 @@ msgstr "オリジナル" msgid "Otherwise, the document will be created as a draft." msgstr "チェックを入れない場合、文書は下書きとして作成されます。" +#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx +#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx +msgid "Overlapping fields detected" +msgstr "" + #: apps/remix/app/components/forms/document-preferences-form.tsx #: apps/remix/app/components/forms/email-preferences-form.tsx msgid "Override organisation settings" @@ -9197,9 +9204,7 @@ msgstr "封筒を再送信" msgid "Resend verification" msgstr "認証を再送" -#: apps/remix/app/components/forms/organisation-update-form.tsx #: apps/remix/app/components/forms/public-profile-form.tsx -#: apps/remix/app/components/forms/team-update-form.tsx #: apps/remix/app/components/general/organisation-usage-reset-button.tsx msgid "Reset" msgstr "リセット" @@ -9384,6 +9389,7 @@ msgid "Save as Template" msgstr "テンプレートとして保存" #: apps/remix/app/components/dialogs/email-transport-update-dialog.tsx +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx msgid "Save changes" msgstr "変更を保存" @@ -10224,6 +10230,11 @@ msgstr "サイト設定" msgid "Skip" msgstr "スキップ" +#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx +#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx +msgid "Some fields are placed on top of each other. This may complicate the signing process or cause fields to not work as expected." +msgstr "" + #: packages/ui/primitives/document-flow/missing-signature-field-dialog.tsx msgid "Some signers have not been assigned a signature field. Please assign at least 1 signature field to each signer before proceeding." msgstr "一部の署名者に署名フィールドが割り当てられていません。続行する前に、各署名者に少なくとも 1 つの署名フィールドを割り当ててください。" @@ -12254,6 +12265,7 @@ msgstr "権限がありません" msgid "Uncompleted" msgstr "未完了" +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx #: packages/ui/primitives/signature-pad/signature-pad-draw.tsx msgid "Undo" msgstr "元に戻す" @@ -12303,6 +12315,10 @@ msgstr "リンク解除" msgid "Unpin" msgstr "ピン留めを解除" +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx +msgid "Unsaved changes" +msgstr "" + #: apps/remix/app/routes/_authenticated+/admin+/_layout.tsx #: apps/remix/app/routes/_authenticated+/admin+/unsealed-documents._index.tsx msgid "Unsealed Documents" @@ -12322,9 +12338,6 @@ msgstr "無題のグループ" #: apps/remix/app/components/dialogs/team-group-update-dialog.tsx #: apps/remix/app/components/dialogs/team-member-update-dialog.tsx #: apps/remix/app/components/dialogs/webhook-edit-dialog.tsx -#: apps/remix/app/components/forms/branding-preferences-form.tsx -#: apps/remix/app/components/forms/document-preferences-form.tsx -#: apps/remix/app/components/forms/email-preferences-form.tsx #: apps/remix/app/components/forms/public-profile-form.tsx #: apps/remix/app/components/general/envelope-editor/envelope-editor-settings-dialog.tsx #: apps/remix/app/components/tables/admin-claims-table.tsx @@ -12347,6 +12360,7 @@ msgstr "バナーを更新" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains._index.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Update Billing" msgstr "請求情報を更新" @@ -12374,10 +12388,6 @@ msgstr "メールを更新" msgid "Update Fields" msgstr "フィールドを更新" -#: apps/remix/app/components/forms/organisation-update-form.tsx -msgid "Update organisation" -msgstr "組織を更新" - #: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx #: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx #: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx @@ -12413,10 +12423,6 @@ msgstr "役割を更新" msgid "Update Subscription Claim" msgstr "サブスクリプションクレームを更新" -#: apps/remix/app/components/forms/team-update-form.tsx -msgid "Update team" -msgstr "チームを更新" - #: apps/remix/app/components/dialogs/team-email-update-dialog.tsx #: apps/remix/app/components/dialogs/team-email-update-dialog.tsx msgid "Update team email" @@ -12947,7 +12953,7 @@ msgstr "保留中" msgid "Waiting for others" msgstr "他の人の完了待ち" -#: packages/lib/server-only/document/send-pending-email.ts +#: packages/lib/jobs/definitions/emails/send-document-pending-email.handler.ts msgid "Waiting for others to complete signing." msgstr "他の署名者による署名完了を待っています。" @@ -13921,8 +13927,7 @@ msgstr "Documenso で {0} に参加するよう招待されています" msgid "You have been invited to join the following organisation" msgstr "次の組織に参加するよう招待されています。" -#: packages/lib/server-only/recipient/delete-envelope-recipient.ts -#: packages/lib/server-only/recipient/set-document-recipients.ts +#: packages/lib/jobs/definitions/emails/send-recipient-removed-email.handler.ts msgid "You have been removed from a document" msgstr "ドキュメントから削除されました" @@ -14042,6 +14047,10 @@ msgstr "アクセスを正常に取り消しました。" msgid "You have the right to withdraw your consent to use electronic signatures at any time before completing the signing process. To withdraw your consent, please contact the sender of the document. In failing to contact the sender you may reach out to <0>{SUPPORT_EMAIL} for assistance. Be aware that withdrawing consent may delay or halt the completion of the related transaction or service." msgstr "署名プロセスを完了する前であれば、電子署名の利用に対する同意をいつでも撤回する権利があります。同意を撤回するには、文書の送信者に連絡してください。送信者に連絡できない場合は、<0>{SUPPORT_EMAIL} までお問い合わせください。同意を撤回すると、関連する取引やサービスの完了が遅延または中止される可能性がある点にご注意ください。" +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx +msgid "You have unsaved changes" +msgstr "" + #: apps/remix/app/components/dialogs/team-member-update-dialog.tsx msgid "You have updated {memberName}." msgstr "{memberName} を更新しました。" @@ -14721,4 +14730,3 @@ msgstr "認証コード:" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx msgid "your-domain.com another-domain.com" msgstr "your-domain.com another-domain.com" - diff --git a/packages/lib/translations/ko/web.po b/packages/lib/translations/ko/web.po index 743a6ef9a..f7844a294 100644 --- a/packages/lib/translations/ko/web.po +++ b/packages/lib/translations/ko/web.po @@ -2441,6 +2441,7 @@ msgstr "브랜딩 로고" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Branding Preferences" msgstr "브랜딩 환경설정" @@ -3572,6 +3573,7 @@ msgid "Currently all organisation members can access this team" msgstr "현재 모든 조직 구성원이 이 팀에 접근할 수 있습니다." #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Currently branding can only be configured for Teams and above plans." msgstr "브랜딩은 현재 Teams 요금제 이상에서만 구성할 수 있습니다." @@ -4214,8 +4216,8 @@ msgstr "문서가 취소되었습니다" #: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx #: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx +#: packages/lib/jobs/definitions/emails/send-document-deleted-emails.handler.ts #: packages/lib/server-only/admin/admin-super-delete-document.ts -#: packages/lib/server-only/document/delete-document.ts msgid "Document Cancelled" msgstr "문서가 취소됨" @@ -7942,6 +7944,11 @@ msgstr "원본" msgid "Otherwise, the document will be created as a draft." msgstr "그렇지 않으면 문서는 초안으로 생성됩니다." +#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx +#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx +msgid "Overlapping fields detected" +msgstr "" + #: apps/remix/app/components/forms/document-preferences-form.tsx #: apps/remix/app/components/forms/email-preferences-form.tsx msgid "Override organisation settings" @@ -9197,9 +9204,7 @@ msgstr "봉투 다시 보내기" msgid "Resend verification" msgstr "인증 다시 보내기" -#: apps/remix/app/components/forms/organisation-update-form.tsx #: apps/remix/app/components/forms/public-profile-form.tsx -#: apps/remix/app/components/forms/team-update-form.tsx #: apps/remix/app/components/general/organisation-usage-reset-button.tsx msgid "Reset" msgstr "초기화" @@ -9384,6 +9389,7 @@ msgid "Save as Template" msgstr "템플릿으로 저장" #: apps/remix/app/components/dialogs/email-transport-update-dialog.tsx +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx msgid "Save changes" msgstr "변경 사항 저장" @@ -10224,6 +10230,11 @@ msgstr "사이트 설정" msgid "Skip" msgstr "건너뛰기" +#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx +#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx +msgid "Some fields are placed on top of each other. This may complicate the signing process or cause fields to not work as expected." +msgstr "" + #: packages/ui/primitives/document-flow/missing-signature-field-dialog.tsx msgid "Some signers have not been assigned a signature field. Please assign at least 1 signature field to each signer before proceeding." msgstr "일부 서명자에게 서명 필드가 할당되지 않았습니다. 진행하기 전에 각 서명자에게 최소 1개 이상의 서명 필드를 할당해 주세요." @@ -12254,6 +12265,7 @@ msgstr "권한이 없습니다" msgid "Uncompleted" msgstr "미완료" +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx #: packages/ui/primitives/signature-pad/signature-pad-draw.tsx msgid "Undo" msgstr "실행 취소" @@ -12303,6 +12315,10 @@ msgstr "연결 해제" msgid "Unpin" msgstr "고정 해제" +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx +msgid "Unsaved changes" +msgstr "" + #: apps/remix/app/routes/_authenticated+/admin+/_layout.tsx #: apps/remix/app/routes/_authenticated+/admin+/unsealed-documents._index.tsx msgid "Unsealed Documents" @@ -12322,9 +12338,6 @@ msgstr "제목 없는 그룹" #: apps/remix/app/components/dialogs/team-group-update-dialog.tsx #: apps/remix/app/components/dialogs/team-member-update-dialog.tsx #: apps/remix/app/components/dialogs/webhook-edit-dialog.tsx -#: apps/remix/app/components/forms/branding-preferences-form.tsx -#: apps/remix/app/components/forms/document-preferences-form.tsx -#: apps/remix/app/components/forms/email-preferences-form.tsx #: apps/remix/app/components/forms/public-profile-form.tsx #: apps/remix/app/components/general/envelope-editor/envelope-editor-settings-dialog.tsx #: apps/remix/app/components/tables/admin-claims-table.tsx @@ -12347,6 +12360,7 @@ msgstr "배너 업데이트" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains._index.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Update Billing" msgstr "결제 정보 업데이트" @@ -12374,10 +12388,6 @@ msgstr "이메일 업데이트" msgid "Update Fields" msgstr "필드 업데이트" -#: apps/remix/app/components/forms/organisation-update-form.tsx -msgid "Update organisation" -msgstr "조직 업데이트" - #: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx #: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx #: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx @@ -12413,10 +12423,6 @@ msgstr "역할 업데이트" msgid "Update Subscription Claim" msgstr "구독 클레임 업데이트" -#: apps/remix/app/components/forms/team-update-form.tsx -msgid "Update team" -msgstr "팀 업데이트" - #: apps/remix/app/components/dialogs/team-email-update-dialog.tsx #: apps/remix/app/components/dialogs/team-email-update-dialog.tsx msgid "Update team email" @@ -12947,7 +12953,7 @@ msgstr "대기 중" msgid "Waiting for others" msgstr "다른 사람을 기다리는 중" -#: packages/lib/server-only/document/send-pending-email.ts +#: packages/lib/jobs/definitions/emails/send-document-pending-email.handler.ts msgid "Waiting for others to complete signing." msgstr "다른 서명자들이 이 문서에 서명 완료하기를 기다리는 중입니다." @@ -13921,8 +13927,7 @@ msgstr "Documenso에서 {0} 조직에 초대되었습니다." msgid "You have been invited to join the following organisation" msgstr "다음 조직에 참여하라는 초대를 받았습니다." -#: packages/lib/server-only/recipient/delete-envelope-recipient.ts -#: packages/lib/server-only/recipient/set-document-recipients.ts +#: packages/lib/jobs/definitions/emails/send-recipient-removed-email.handler.ts msgid "You have been removed from a document" msgstr "문서에서 제거되었습니다." @@ -14042,6 +14047,10 @@ msgstr "접근 권한을 성공적으로 철회했습니다." msgid "You have the right to withdraw your consent to use electronic signatures at any time before completing the signing process. To withdraw your consent, please contact the sender of the document. In failing to contact the sender you may reach out to <0>{SUPPORT_EMAIL} for assistance. Be aware that withdrawing consent may delay or halt the completion of the related transaction or service." msgstr "전자 서명을 완료하기 전 언제든지 전자 서명 사용에 대한 동의를 철회할 권리가 있습니다. 동의를 철회하려면 문서 발송자에게 문의해 주세요. 발송자에게 연락할 수 없는 경우 <0>{SUPPORT_EMAIL}로 도움을 요청해 주세요. 동의를 철회하면 관련 거래나 서비스가 지연되거나 중단될 수 있습니다." +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx +msgid "You have unsaved changes" +msgstr "" + #: apps/remix/app/components/dialogs/team-member-update-dialog.tsx msgid "You have updated {memberName}." msgstr "{memberName}을(를) 업데이트했습니다." @@ -14721,4 +14730,3 @@ msgstr "인증 코드:" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx msgid "your-domain.com another-domain.com" msgstr "your-domain.com another-domain.com" - diff --git a/packages/lib/translations/nl/web.po b/packages/lib/translations/nl/web.po index 4c8da7804..0eedbcad7 100644 --- a/packages/lib/translations/nl/web.po +++ b/packages/lib/translations/nl/web.po @@ -2441,6 +2441,7 @@ msgstr "Branding-logo" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Branding Preferences" msgstr "Brandingvoorkeuren" @@ -3572,6 +3573,7 @@ msgid "Currently all organisation members can access this team" msgstr "Momenteel hebben alle organisatieleden toegang tot dit team" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Currently branding can only be configured for Teams and above plans." msgstr "Branding kan momenteel alleen worden geconfigureerd voor Teams- en hogere abonnementen." @@ -4214,8 +4216,8 @@ msgstr "Document geannuleerd" #: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx #: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx +#: packages/lib/jobs/definitions/emails/send-document-deleted-emails.handler.ts #: packages/lib/server-only/admin/admin-super-delete-document.ts -#: packages/lib/server-only/document/delete-document.ts msgid "Document Cancelled" msgstr "Document geannuleerd" @@ -7942,6 +7944,11 @@ msgstr "Origineel" msgid "Otherwise, the document will be created as a draft." msgstr "Anders wordt het document als concept aangemaakt." +#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx +#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx +msgid "Overlapping fields detected" +msgstr "" + #: apps/remix/app/components/forms/document-preferences-form.tsx #: apps/remix/app/components/forms/email-preferences-form.tsx msgid "Override organisation settings" @@ -9197,9 +9204,7 @@ msgstr "Envelope opnieuw verzenden" msgid "Resend verification" msgstr "Verificatie opnieuw verzenden" -#: apps/remix/app/components/forms/organisation-update-form.tsx #: apps/remix/app/components/forms/public-profile-form.tsx -#: apps/remix/app/components/forms/team-update-form.tsx #: apps/remix/app/components/general/organisation-usage-reset-button.tsx msgid "Reset" msgstr "Resetten" @@ -9384,6 +9389,7 @@ msgid "Save as Template" msgstr "Opslaan als sjabloon" #: apps/remix/app/components/dialogs/email-transport-update-dialog.tsx +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx msgid "Save changes" msgstr "Wijzigingen opslaan" @@ -10224,6 +10230,11 @@ msgstr "Site‑instellingen" msgid "Skip" msgstr "Overslaan" +#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx +#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx +msgid "Some fields are placed on top of each other. This may complicate the signing process or cause fields to not work as expected." +msgstr "" + #: packages/ui/primitives/document-flow/missing-signature-field-dialog.tsx msgid "Some signers have not been assigned a signature field. Please assign at least 1 signature field to each signer before proceeding." msgstr "Sommige ondertekenaars hebben geen handtekeningveld toegewezen gekregen. Wijs ten minste 1 handtekeningveld toe aan elke ondertekenaar voordat je doorgaat." @@ -12254,6 +12265,7 @@ msgstr "Niet gemachtigd" msgid "Uncompleted" msgstr "Onvoltooid" +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx #: packages/ui/primitives/signature-pad/signature-pad-draw.tsx msgid "Undo" msgstr "Ongedaan maken" @@ -12303,6 +12315,10 @@ msgstr "Ontkoppelen" msgid "Unpin" msgstr "Losmaken" +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx +msgid "Unsaved changes" +msgstr "" + #: apps/remix/app/routes/_authenticated+/admin+/_layout.tsx #: apps/remix/app/routes/_authenticated+/admin+/unsealed-documents._index.tsx msgid "Unsealed Documents" @@ -12322,9 +12338,6 @@ msgstr "Naamloze groep" #: apps/remix/app/components/dialogs/team-group-update-dialog.tsx #: apps/remix/app/components/dialogs/team-member-update-dialog.tsx #: apps/remix/app/components/dialogs/webhook-edit-dialog.tsx -#: apps/remix/app/components/forms/branding-preferences-form.tsx -#: apps/remix/app/components/forms/document-preferences-form.tsx -#: apps/remix/app/components/forms/email-preferences-form.tsx #: apps/remix/app/components/forms/public-profile-form.tsx #: apps/remix/app/components/general/envelope-editor/envelope-editor-settings-dialog.tsx #: apps/remix/app/components/tables/admin-claims-table.tsx @@ -12347,6 +12360,7 @@ msgstr "Banner bijwerken" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains._index.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Update Billing" msgstr "Facturering bijwerken" @@ -12374,10 +12388,6 @@ msgstr "E-mail bijwerken" msgid "Update Fields" msgstr "Velden bijwerken" -#: apps/remix/app/components/forms/organisation-update-form.tsx -msgid "Update organisation" -msgstr "Organisatie bijwerken" - #: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx #: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx #: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx @@ -12413,10 +12423,6 @@ msgstr "Rol bijwerken" msgid "Update Subscription Claim" msgstr "Abonnementsclaim bijwerken" -#: apps/remix/app/components/forms/team-update-form.tsx -msgid "Update team" -msgstr "Team bijwerken" - #: apps/remix/app/components/dialogs/team-email-update-dialog.tsx #: apps/remix/app/components/dialogs/team-email-update-dialog.tsx msgid "Update team email" @@ -12947,7 +12953,7 @@ msgstr "Wachten" msgid "Waiting for others" msgstr "Wachten op anderen" -#: packages/lib/server-only/document/send-pending-email.ts +#: packages/lib/jobs/definitions/emails/send-document-pending-email.handler.ts msgid "Waiting for others to complete signing." msgstr "Wachten tot anderen het ondertekenen hebben voltooid." @@ -13921,8 +13927,7 @@ msgstr "Je bent uitgenodigd om {0} op Documenso te joinen" msgid "You have been invited to join the following organisation" msgstr "Je bent uitgenodigd om lid te worden van de volgende organisatie" -#: packages/lib/server-only/recipient/delete-envelope-recipient.ts -#: packages/lib/server-only/recipient/set-document-recipients.ts +#: packages/lib/jobs/definitions/emails/send-recipient-removed-email.handler.ts msgid "You have been removed from a document" msgstr "Je bent verwijderd uit een document" @@ -14042,6 +14047,10 @@ msgstr "Je hebt de toegang succesvol ingetrokken." msgid "You have the right to withdraw your consent to use electronic signatures at any time before completing the signing process. To withdraw your consent, please contact the sender of the document. In failing to contact the sender you may reach out to <0>{SUPPORT_EMAIL} for assistance. Be aware that withdrawing consent may delay or halt the completion of the related transaction or service." msgstr "Je hebt het recht je toestemming voor het gebruik van elektronische handtekeningen op elk moment vóór voltooiing van het ondertekeningsproces in te trekken. Neem hiervoor contact op met de verzender van het document. Als dat niet lukt, kun je contact opnemen met <0>{SUPPORT_EMAIL} voor hulp. Houd er rekening mee dat het intrekken van toestemming de voltooiing van de betreffende transactie of dienst kan vertragen of stopzetten." +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx +msgid "You have unsaved changes" +msgstr "" + #: apps/remix/app/components/dialogs/team-member-update-dialog.tsx msgid "You have updated {memberName}." msgstr "Je hebt {memberName} bijgewerkt." @@ -14721,4 +14730,3 @@ msgstr "Uw verificatiecode:" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx msgid "your-domain.com another-domain.com" msgstr "your-domain.com another-domain.com" - diff --git a/packages/lib/translations/pl/web.po b/packages/lib/translations/pl/web.po index de84f4a84..4c6cd062f 100644 --- a/packages/lib/translations/pl/web.po +++ b/packages/lib/translations/pl/web.po @@ -2441,6 +2441,7 @@ msgstr "Logo marki" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Branding Preferences" msgstr "Ustawienia brandingu" @@ -2501,7 +2502,6 @@ msgstr "Akceptując prośbę, przyznasz zespołowi {0} następujące uprawnienia #: packages/email/templates/confirm-team-email.tsx msgid "By accepting this request, you will be granting <0>{teamName} access to:" -msgstr "Akceptując prośbę, umożliwisz zespołowi <0>{teamName} na:" msgstr "Akceptując prośbę, umożliwisz zespołowi <0>{teamName}:" #: apps/remix/app/components/dialogs/envelope-delete-dialog.tsx @@ -3573,6 +3573,7 @@ msgid "Currently all organisation members can access this team" msgstr "Obecnie wszyscy użytkownicy organizacji mogą uzyskać dostęp tego zespołu" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Currently branding can only be configured for Teams and above plans." msgstr "Branding możesz skonfigurować tylko w planie Teams i wyższym." @@ -4215,8 +4216,8 @@ msgstr "Anulowano dokument" #: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx #: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx +#: packages/lib/jobs/definitions/emails/send-document-deleted-emails.handler.ts #: packages/lib/server-only/admin/admin-super-delete-document.ts -#: packages/lib/server-only/document/delete-document.ts msgid "Document Cancelled" msgstr "Dokument został anulowany" @@ -7943,6 +7944,11 @@ msgstr "Oryginalny" msgid "Otherwise, the document will be created as a draft." msgstr "W przeciwnym razie dokument zostanie utworzony jako wersja robocza." +#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx +#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx +msgid "Overlapping fields detected" +msgstr "" + #: apps/remix/app/components/forms/document-preferences-form.tsx #: apps/remix/app/components/forms/email-preferences-form.tsx msgid "Override organisation settings" @@ -9198,9 +9204,7 @@ msgstr "Wyślij ponownie kopertę" msgid "Resend verification" msgstr "Wyślij ponownie wiadomość weryfikacyjną" -#: apps/remix/app/components/forms/organisation-update-form.tsx #: apps/remix/app/components/forms/public-profile-form.tsx -#: apps/remix/app/components/forms/team-update-form.tsx #: apps/remix/app/components/general/organisation-usage-reset-button.tsx msgid "Reset" msgstr "Resetuj" @@ -9385,6 +9389,7 @@ msgid "Save as Template" msgstr "Zapisz jako szablon" #: apps/remix/app/components/dialogs/email-transport-update-dialog.tsx +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx msgid "Save changes" msgstr "Zapisz zmiany" @@ -10225,6 +10230,11 @@ msgstr "Ustawienia strony" msgid "Skip" msgstr "Pomiń" +#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx +#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx +msgid "Some fields are placed on top of each other. This may complicate the signing process or cause fields to not work as expected." +msgstr "" + #: packages/ui/primitives/document-flow/missing-signature-field-dialog.tsx msgid "Some signers have not been assigned a signature field. Please assign at least 1 signature field to each signer before proceeding." msgstr "Niektórym podpisującym nie przypisano pola podpisu. Przypisz co najmniej jedno pole podpisu do każdego podpisującego." @@ -12255,6 +12265,7 @@ msgstr "Nieautoryzowany" msgid "Uncompleted" msgstr "Niezakończono" +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx #: packages/ui/primitives/signature-pad/signature-pad-draw.tsx msgid "Undo" msgstr "Cofnij" @@ -12304,6 +12315,10 @@ msgstr "Rozłącz" msgid "Unpin" msgstr "Odepnij" +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx +msgid "Unsaved changes" +msgstr "" + #: apps/remix/app/routes/_authenticated+/admin+/_layout.tsx #: apps/remix/app/routes/_authenticated+/admin+/unsealed-documents._index.tsx msgid "Unsealed Documents" @@ -12323,9 +12338,6 @@ msgstr "Grupa bez nazwy" #: apps/remix/app/components/dialogs/team-group-update-dialog.tsx #: apps/remix/app/components/dialogs/team-member-update-dialog.tsx #: apps/remix/app/components/dialogs/webhook-edit-dialog.tsx -#: apps/remix/app/components/forms/branding-preferences-form.tsx -#: apps/remix/app/components/forms/document-preferences-form.tsx -#: apps/remix/app/components/forms/email-preferences-form.tsx #: apps/remix/app/components/forms/public-profile-form.tsx #: apps/remix/app/components/general/envelope-editor/envelope-editor-settings-dialog.tsx #: apps/remix/app/components/tables/admin-claims-table.tsx @@ -12348,6 +12360,7 @@ msgstr "Zaktualizuj baner" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains._index.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Update Billing" msgstr "Zaktualizuj płatności" @@ -12375,10 +12388,6 @@ msgstr "Zaktualizuj adres e-mail" msgid "Update Fields" msgstr "Zaktualizuj pola" -#: apps/remix/app/components/forms/organisation-update-form.tsx -msgid "Update organisation" -msgstr "Zaktualizuj organizację" - #: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx #: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx #: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx @@ -12414,10 +12423,6 @@ msgstr "Zaktualizuj rolę" msgid "Update Subscription Claim" msgstr "Zaktualizuj subskrypcję" -#: apps/remix/app/components/forms/team-update-form.tsx -msgid "Update team" -msgstr "Zaktualizuj zespół" - #: apps/remix/app/components/dialogs/team-email-update-dialog.tsx #: apps/remix/app/components/dialogs/team-email-update-dialog.tsx msgid "Update team email" @@ -12948,7 +12953,7 @@ msgstr "Oczekiwanie" msgid "Waiting for others" msgstr "Oczekiwanie na innych" -#: packages/lib/server-only/document/send-pending-email.ts +#: packages/lib/jobs/definitions/emails/send-document-pending-email.handler.ts msgid "Waiting for others to complete signing." msgstr "Oczekiwanie na zakończenie podpisywania przez innych." @@ -13922,8 +13927,7 @@ msgstr "Dołącz do organizacji {0} w Documenso" msgid "You have been invited to join the following organisation" msgstr "Masz zaproszenie do dołączenia do następującej organizacji" -#: packages/lib/server-only/recipient/delete-envelope-recipient.ts -#: packages/lib/server-only/recipient/set-document-recipients.ts +#: packages/lib/jobs/definitions/emails/send-recipient-removed-email.handler.ts msgid "You have been removed from a document" msgstr "Usunięto Cię z dokumentu" @@ -14043,6 +14047,10 @@ msgstr "Dostęp został unieważniony." msgid "You have the right to withdraw your consent to use electronic signatures at any time before completing the signing process. To withdraw your consent, please contact the sender of the document. In failing to contact the sender you may reach out to <0>{SUPPORT_EMAIL} for assistance. Be aware that withdrawing consent may delay or halt the completion of the related transaction or service." msgstr "Masz prawo wycofać swoją zgodę na używanie podpisów elektronicznych w dowolnym momencie przed zakończeniem procesu podpisywania. Aby wycofać zgodę, skontaktuj się z nadawcą dokumentu. Jeśli nie możesz skontaktować się z nadawcą, napisz do nas na adres <0>{SUPPORT_EMAIL}. Pamiętaj, że wycofanie zgody może opóźnić lub wstrzymać realizację danej transakcji lub usługi." +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx +msgid "You have unsaved changes" +msgstr "" + #: apps/remix/app/components/dialogs/team-member-update-dialog.tsx msgid "You have updated {memberName}." msgstr "Użytkownik {memberName} został zaktualizowany." @@ -14722,4 +14730,3 @@ msgstr "Twój kod weryfikacyjny:" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx msgid "your-domain.com another-domain.com" msgstr "twoja-domena.pl inna-domena.pl" - diff --git a/packages/lib/translations/pt-BR/web.po b/packages/lib/translations/pt-BR/web.po index 027ae4255..ba02bfa14 100644 --- a/packages/lib/translations/pt-BR/web.po +++ b/packages/lib/translations/pt-BR/web.po @@ -2436,6 +2436,7 @@ msgstr "Logo da Marca" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Branding Preferences" msgstr "Preferências da Marca" @@ -3567,6 +3568,7 @@ msgid "Currently all organisation members can access this team" msgstr "Atualmente, todos os membros da organização podem acessar esta equipe" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Currently branding can only be configured for Teams and above plans." msgstr "Atualmente, a marca só pode ser configurada para planos Teams e superiores." @@ -4209,8 +4211,8 @@ msgstr "" #: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx #: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx +#: packages/lib/jobs/definitions/emails/send-document-deleted-emails.handler.ts #: packages/lib/server-only/admin/admin-super-delete-document.ts -#: packages/lib/server-only/document/delete-document.ts msgid "Document Cancelled" msgstr "Documento Cancelado" @@ -7937,6 +7939,11 @@ msgstr "Original" msgid "Otherwise, the document will be created as a draft." msgstr "Caso contrário, o documento será criado como um rascunho." +#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx +#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx +msgid "Overlapping fields detected" +msgstr "" + #: apps/remix/app/components/forms/document-preferences-form.tsx #: apps/remix/app/components/forms/email-preferences-form.tsx msgid "Override organisation settings" @@ -8772,6 +8779,10 @@ msgstr "" msgid "Recipient rejected the document" msgstr "" +#: packages/lib/utils/document-audit-logs.ts +msgid "Recipient rejected the document externally" +msgstr "" + #: apps/remix/app/components/general/admin-global-settings-section.tsx msgid "Recipient removed" msgstr "" @@ -9188,9 +9199,7 @@ msgstr "" msgid "Resend verification" msgstr "Reenviar verificação" -#: apps/remix/app/components/forms/organisation-update-form.tsx #: apps/remix/app/components/forms/public-profile-form.tsx -#: apps/remix/app/components/forms/team-update-form.tsx #: apps/remix/app/components/general/organisation-usage-reset-button.tsx msgid "Reset" msgstr "Redefinir" @@ -9375,6 +9384,7 @@ msgid "Save as Template" msgstr "" #: apps/remix/app/components/dialogs/email-transport-update-dialog.tsx +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx msgid "Save changes" msgstr "" @@ -10215,6 +10225,11 @@ msgstr "Configurações do Site" msgid "Skip" msgstr "Pular" +#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx +#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx +msgid "Some fields are placed on top of each other. This may complicate the signing process or cause fields to not work as expected." +msgstr "" + #: packages/ui/primitives/document-flow/missing-signature-field-dialog.tsx msgid "Some signers have not been assigned a signature field. Please assign at least 1 signature field to each signer before proceeding." msgstr "Alguns signatários não receberam um campo de assinatura. Por favor, atribua pelo menos 1 campo de assinatura a cada signatário antes de prosseguir." @@ -11093,6 +11108,23 @@ msgstr "" msgid "The document was created but could not be sent to recipients." msgstr "O documento foi criado, mas não pôde ser enviado aos destinatários." +#: packages/lib/utils/document-audit-logs.ts +msgid "The document was rejected externally by {onBehalfOf} on behalf of {user}" +msgstr "" + +#: packages/lib/utils/document-audit-logs.ts +#: packages/lib/utils/document-audit-logs.ts +msgid "The document was rejected externally by {onBehalfOf} on behalf of the recipient" +msgstr "" + +#: packages/lib/utils/document-audit-logs.ts +msgid "The document was rejected externally on behalf of {user}" +msgstr "" + +#: packages/lib/utils/document-audit-logs.ts +msgid "The document was rejected externally on behalf of the recipient" +msgstr "" + #: apps/remix/app/components/dialogs/envelope-delete-dialog.tsx msgid "The document will be hidden from your account" msgstr "O documento será ocultado da sua conta" @@ -12228,6 +12260,7 @@ msgstr "Não autorizado" msgid "Uncompleted" msgstr "Não concluído" +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx #: packages/ui/primitives/signature-pad/signature-pad-draw.tsx msgid "Undo" msgstr "" @@ -12277,6 +12310,10 @@ msgstr "Desvincular" msgid "Unpin" msgstr "Desafixar" +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx +msgid "Unsaved changes" +msgstr "" + #: apps/remix/app/routes/_authenticated+/admin+/_layout.tsx #: apps/remix/app/routes/_authenticated+/admin+/unsealed-documents._index.tsx msgid "Unsealed Documents" @@ -12296,9 +12333,6 @@ msgstr "Grupo sem título" #: apps/remix/app/components/dialogs/team-group-update-dialog.tsx #: apps/remix/app/components/dialogs/team-member-update-dialog.tsx #: apps/remix/app/components/dialogs/webhook-edit-dialog.tsx -#: apps/remix/app/components/forms/branding-preferences-form.tsx -#: apps/remix/app/components/forms/document-preferences-form.tsx -#: apps/remix/app/components/forms/email-preferences-form.tsx #: apps/remix/app/components/forms/public-profile-form.tsx #: apps/remix/app/components/general/envelope-editor/envelope-editor-settings-dialog.tsx #: apps/remix/app/components/tables/admin-claims-table.tsx @@ -12321,6 +12355,7 @@ msgstr "Atualizar Banner" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains._index.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Update Billing" msgstr "Atualizar Faturamento" @@ -12348,10 +12383,6 @@ msgstr "Atualizar e-mail" msgid "Update Fields" msgstr "Atualizar Campos" -#: apps/remix/app/components/forms/organisation-update-form.tsx -msgid "Update organisation" -msgstr "Atualizar organização" - #: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx #: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx #: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx @@ -12387,10 +12418,6 @@ msgstr "Atualizar função" msgid "Update Subscription Claim" msgstr "Atualizar Reivindicação de Assinatura" -#: apps/remix/app/components/forms/team-update-form.tsx -msgid "Update team" -msgstr "Atualizar equipe" - #: apps/remix/app/components/dialogs/team-email-update-dialog.tsx #: apps/remix/app/components/dialogs/team-email-update-dialog.tsx msgid "Update team email" @@ -12921,7 +12948,7 @@ msgstr "Aguardando" msgid "Waiting for others" msgstr "Aguardando outros" -#: packages/lib/server-only/document/send-pending-email.ts +#: packages/lib/jobs/definitions/emails/send-document-pending-email.handler.ts msgid "Waiting for others to complete signing." msgstr "Aguardando outros completarem a assinatura." @@ -13895,8 +13922,7 @@ msgstr "Você foi convidado para participar de {0} no Documenso" msgid "You have been invited to join the following organisation" msgstr "Você foi convidado para participar da seguinte organização" -#: packages/lib/server-only/recipient/delete-envelope-recipient.ts -#: packages/lib/server-only/recipient/set-document-recipients.ts +#: packages/lib/jobs/definitions/emails/send-recipient-removed-email.handler.ts msgid "You have been removed from a document" msgstr "Você foi removido de um documento" @@ -14016,6 +14042,10 @@ msgstr "Você revogou o acesso com sucesso." msgid "You have the right to withdraw your consent to use electronic signatures at any time before completing the signing process. To withdraw your consent, please contact the sender of the document. In failing to contact the sender you may reach out to <0>{SUPPORT_EMAIL} for assistance. Be aware that withdrawing consent may delay or halt the completion of the related transaction or service." msgstr "Você tem o direito de retirar seu consentimento para usar assinaturas eletrônicas a qualquer momento antes de concluir o processo de assinatura. Para retirar seu consentimento, entre em contato com o remetente do documento. Se não conseguir entrar em contato com o remetente, você pode entrar em contato com <0>{SUPPORT_EMAIL} para obter assistência. Esteja ciente de que a retirada do consentimento pode atrasar ou interromper a conclusão da transação ou serviço relacionado." +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx +msgid "You have unsaved changes" +msgstr "" + #: apps/remix/app/components/dialogs/team-member-update-dialog.tsx msgid "You have updated {memberName}." msgstr "Você atualizou {memberName}." diff --git a/packages/lib/translations/zh/web.po b/packages/lib/translations/zh/web.po index 975a3583c..1f191746c 100644 --- a/packages/lib/translations/zh/web.po +++ b/packages/lib/translations/zh/web.po @@ -2441,6 +2441,7 @@ msgstr "品牌 Logo" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Branding Preferences" msgstr "品牌偏好设置" @@ -3572,6 +3573,7 @@ msgid "Currently all organisation members can access this team" msgstr "目前所有组织成员都可以访问此团队" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Currently branding can only be configured for Teams and above plans." msgstr "目前仅 Teams 及以上套餐可以配置品牌。" @@ -4214,8 +4216,8 @@ msgstr "文档已被取消" #: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx #: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx +#: packages/lib/jobs/definitions/emails/send-document-deleted-emails.handler.ts #: packages/lib/server-only/admin/admin-super-delete-document.ts -#: packages/lib/server-only/document/delete-document.ts msgid "Document Cancelled" msgstr "文档已取消" @@ -7942,6 +7944,11 @@ msgstr "原始" msgid "Otherwise, the document will be created as a draft." msgstr "否则将把文档创建为草稿。" +#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx +#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx +msgid "Overlapping fields detected" +msgstr "" + #: apps/remix/app/components/forms/document-preferences-form.tsx #: apps/remix/app/components/forms/email-preferences-form.tsx msgid "Override organisation settings" @@ -9197,9 +9204,7 @@ msgstr "重新发送信封" msgid "Resend verification" msgstr "重新发送验证" -#: apps/remix/app/components/forms/organisation-update-form.tsx #: apps/remix/app/components/forms/public-profile-form.tsx -#: apps/remix/app/components/forms/team-update-form.tsx #: apps/remix/app/components/general/organisation-usage-reset-button.tsx msgid "Reset" msgstr "重置" @@ -9384,6 +9389,7 @@ msgid "Save as Template" msgstr "另存为模板" #: apps/remix/app/components/dialogs/email-transport-update-dialog.tsx +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx msgid "Save changes" msgstr "保存更改" @@ -10224,6 +10230,11 @@ msgstr "站点设置" msgid "Skip" msgstr "跳过" +#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx +#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx +msgid "Some fields are placed on top of each other. This may complicate the signing process or cause fields to not work as expected." +msgstr "" + #: packages/ui/primitives/document-flow/missing-signature-field-dialog.tsx msgid "Some signers have not been assigned a signature field. Please assign at least 1 signature field to each signer before proceeding." msgstr "部分签署人尚未被分配签名字段。请在继续前为每位签署人至少分配 1 个签名字段。" @@ -12254,6 +12265,7 @@ msgstr "未授权" msgid "Uncompleted" msgstr "未完成" +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx #: packages/ui/primitives/signature-pad/signature-pad-draw.tsx msgid "Undo" msgstr "撤销" @@ -12303,6 +12315,10 @@ msgstr "取消关联" msgid "Unpin" msgstr "取消固定" +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx +msgid "Unsaved changes" +msgstr "" + #: apps/remix/app/routes/_authenticated+/admin+/_layout.tsx #: apps/remix/app/routes/_authenticated+/admin+/unsealed-documents._index.tsx msgid "Unsealed Documents" @@ -12322,9 +12338,6 @@ msgstr "未命名组" #: apps/remix/app/components/dialogs/team-group-update-dialog.tsx #: apps/remix/app/components/dialogs/team-member-update-dialog.tsx #: apps/remix/app/components/dialogs/webhook-edit-dialog.tsx -#: apps/remix/app/components/forms/branding-preferences-form.tsx -#: apps/remix/app/components/forms/document-preferences-form.tsx -#: apps/remix/app/components/forms/email-preferences-form.tsx #: apps/remix/app/components/forms/public-profile-form.tsx #: apps/remix/app/components/general/envelope-editor/envelope-editor-settings-dialog.tsx #: apps/remix/app/components/tables/admin-claims-table.tsx @@ -12347,6 +12360,7 @@ msgstr "更新横幅" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains._index.tsx +#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx msgid "Update Billing" msgstr "更新计费" @@ -12374,10 +12388,6 @@ msgstr "更新邮箱" msgid "Update Fields" msgstr "更新字段" -#: apps/remix/app/components/forms/organisation-update-form.tsx -msgid "Update organisation" -msgstr "更新组织" - #: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx #: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx #: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx @@ -12413,10 +12423,6 @@ msgstr "更新角色" msgid "Update Subscription Claim" msgstr "更新订阅声明" -#: apps/remix/app/components/forms/team-update-form.tsx -msgid "Update team" -msgstr "更新团队" - #: apps/remix/app/components/dialogs/team-email-update-dialog.tsx #: apps/remix/app/components/dialogs/team-email-update-dialog.tsx msgid "Update team email" @@ -12947,7 +12953,7 @@ msgstr "等待中" msgid "Waiting for others" msgstr "等待其他人" -#: packages/lib/server-only/document/send-pending-email.ts +#: packages/lib/jobs/definitions/emails/send-document-pending-email.handler.ts msgid "Waiting for others to complete signing." msgstr "正在等待其他人完成签署。" @@ -13921,8 +13927,7 @@ msgstr "您已被邀请加入 Documenso 上的 {0}" msgid "You have been invited to join the following organisation" msgstr "您已被邀请加入以下组织" -#: packages/lib/server-only/recipient/delete-envelope-recipient.ts -#: packages/lib/server-only/recipient/set-document-recipients.ts +#: packages/lib/jobs/definitions/emails/send-recipient-removed-email.handler.ts msgid "You have been removed from a document" msgstr "您已被从某个文档中移除" @@ -14042,6 +14047,10 @@ msgstr "你已成功撤销访问权限。" msgid "You have the right to withdraw your consent to use electronic signatures at any time before completing the signing process. To withdraw your consent, please contact the sender of the document. In failing to contact the sender you may reach out to <0>{SUPPORT_EMAIL} for assistance. Be aware that withdrawing consent may delay or halt the completion of the related transaction or service." msgstr "在完成签署流程之前,你有权随时撤回对使用电子签名的同意。要撤回同意,请联系文档的发送方。如果无法联系发送方,你可以通过 <0>{SUPPORT_EMAIL} 与我们联系以获得协助。请注意,撤回同意可能会延迟或中止相关交易或服务的完成。" +#: apps/remix/app/components/forms/form-sticky-save-bar.tsx +msgid "You have unsaved changes" +msgstr "" + #: apps/remix/app/components/dialogs/team-member-update-dialog.tsx msgid "You have updated {memberName}." msgstr "您已更新 {memberName}。" @@ -14721,4 +14730,3 @@ msgstr "您的验证码:" #: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx msgid "your-domain.com another-domain.com" msgstr "your-domain.com another-domain.com" - From 337f85f02119fef19ccec7ff0a208cfc95ba5bd7 Mon Sep 17 00:00:00 2001 From: Lucas Smith Date: Thu, 2 Jul 2026 15:09:07 +1000 Subject: [PATCH 07/10] chore: upgrade libpdf (#3058) --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index cb4e523f1..d86982437 100644 --- a/package-lock.json +++ b/package-lock.json @@ -15,7 +15,7 @@ "dependencies": { "@ai-sdk/google-vertex": "3.0.81", "@documenso/prisma": "*", - "@libpdf/core": "^0.4.0", + "@libpdf/core": "^0.4.1", "@lingui/conf": "^5.6.0", "@lingui/core": "^5.6.0", "@marsidev/react-turnstile": "^1.5.0", @@ -4661,9 +4661,9 @@ "license": "MIT" }, "node_modules/@libpdf/core": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/@libpdf/core/-/core-0.4.0.tgz", - "integrity": "sha512-G9nZRjf9DGDJaS/C23YWogk8akPM7O/6HfMslxVsKTKRbbbb+0szpQIetcGGUGRu7KtmBDmGDWCgz//DXSmq8A==", + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/@libpdf/core/-/core-0.4.1.tgz", + "integrity": "sha512-DWGxWw1na8oFPixz+b6kOgu4tMD8xJLDgyPGVUNqIswO5POHAxsqmTvUvDW0IrwHP7kFRHBV3I3T/KhTABf9rA==", "license": "MIT", "dependencies": { "@noble/ciphers": "^2.2.0", diff --git a/package.json b/package.json index d0ffcb2b5..27e69e864 100644 --- a/package.json +++ b/package.json @@ -87,7 +87,7 @@ "dependencies": { "@ai-sdk/google-vertex": "3.0.81", "@documenso/prisma": "*", - "@libpdf/core": "^0.4.0", + "@libpdf/core": "^0.4.1", "@lingui/conf": "^5.6.0", "@lingui/core": "^5.6.0", "@prisma/extension-read-replicas": "^0.4.1", From d35d13db23dbff7e4abed63d50f3b4fea2e5e1b3 Mon Sep 17 00:00:00 2001 From: David Nguyen Date: Thu, 2 Jul 2026 15:51:19 +1000 Subject: [PATCH 08/10] fix: remove presigned branding upload (#3053) --- .../forms/branding-preferences-form.tsx | 17 +- .../o.$orgUrl.settings.branding.tsx | 20 +- .../t.$teamUrl+/settings.branding.tsx | 19 +- apps/remix/server/api/files/files.ts | 29 +-- apps/remix/server/api/files/files.types.ts | 21 -- apps/remix/server/router.ts | 1 - .../api-access-file-upload.spec.ts | 40 ---- .../e2e/branding-logo-optimise.spec.ts | 37 +++ .../e2e/branding-logo-upload.spec.ts | 225 ++++++++++++++++++ .../app-tests/e2e/signing-branding.spec.ts | 35 +++ packages/lib/constants/branding.ts | 10 + .../branding/store-branding-logo.ts | 26 ++ packages/lib/universal/upload/put-file.ts | 72 +----- packages/lib/utils/images/logo.ts | 12 + .../trpc/server/organisation-router/router.ts | 2 + .../update-organisation-branding-logo.ts | 69 ++++++ ...update-organisation-branding-logo.types.ts | 17 ++ .../update-organisation-settings.ts | 2 - .../update-organisation-settings.types.ts | 1 - packages/trpc/server/team-router/router.ts | 2 + .../team-router/update-team-branding-logo.ts | 69 ++++++ .../update-team-branding-logo.types.ts | 17 ++ .../team-router/update-team-settings.ts | 2 - .../team-router/update-team-settings.types.ts | 1 - packages/trpc/utils/zod-form-data.ts | 20 ++ 25 files changed, 575 insertions(+), 191 deletions(-) create mode 100644 packages/app-tests/e2e/branding-logo-optimise.spec.ts create mode 100644 packages/app-tests/e2e/branding-logo-upload.spec.ts create mode 100644 packages/lib/server-only/branding/store-branding-logo.ts create mode 100644 packages/trpc/server/organisation-router/update-organisation-branding-logo.ts create mode 100644 packages/trpc/server/organisation-router/update-organisation-branding-logo.types.ts create mode 100644 packages/trpc/server/team-router/update-team-branding-logo.ts create mode 100644 packages/trpc/server/team-router/update-team-branding-logo.types.ts diff --git a/apps/remix/app/components/forms/branding-preferences-form.tsx b/apps/remix/app/components/forms/branding-preferences-form.tsx index 561fb5512..ef3ff6b34 100644 --- a/apps/remix/app/components/forms/branding-preferences-form.tsx +++ b/apps/remix/app/components/forms/branding-preferences-form.tsx @@ -1,5 +1,10 @@ import { useCurrentOrganisation } from '@documenso/lib/client-only/providers/organisation'; import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app'; +import { + BRANDING_LOGO_ALLOWED_TYPES, + BRANDING_LOGO_MAX_SIZE_BYTES, + BRANDING_LOGO_MAX_SIZE_MB, +} from '@documenso/lib/constants/branding'; import { DEFAULT_BRAND_COLORS, DEFAULT_BRAND_RADIUS } from '@documenso/lib/constants/theme'; import { ZCssVarsSchema } from '@documenso/lib/types/css-vars'; import { cn } from '@documenso/ui/lib/utils'; @@ -23,15 +28,15 @@ import { useCspNonce } from '~/utils/nonce'; import { FormStickySaveBar } from './form-sticky-save-bar'; -const MAX_FILE_SIZE = 5 * 1024 * 1024; // 5MB -const ACCEPTED_FILE_TYPES = ['image/jpeg', 'image/png', 'image/webp']; - const ZBrandingPreferencesFormSchema = z.object({ brandingEnabled: z.boolean().nullable(), brandingLogo: z .instanceof(File) - .refine((file) => file.size <= MAX_FILE_SIZE, 'File size must be less than 5MB') - .refine((file) => ACCEPTED_FILE_TYPES.includes(file.type), 'Only .jpg, .png, and .webp files are accepted') + .refine( + (file) => file.size <= BRANDING_LOGO_MAX_SIZE_BYTES, + `File size must be less than ${BRANDING_LOGO_MAX_SIZE_MB}MB`, + ) + .refine((file) => BRANDING_LOGO_ALLOWED_TYPES.includes(file.type), 'Only .jpg, .png, and .webp files are accepted') .nullish(), brandingUrl: z.string().url().optional().or(z.literal('')), brandingCompanyDetails: z.string().max(500).optional(), @@ -245,7 +250,7 @@ export function BrandingPreferencesForm({ { const file = e.target.files?.[0]; diff --git a/apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx b/apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx index 707c4ad96..c719f087f 100644 --- a/apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx +++ b/apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx @@ -1,7 +1,6 @@ import { useCurrentOrganisation } from '@documenso/lib/client-only/providers/organisation'; import { useSession } from '@documenso/lib/client-only/providers/session'; import { IS_BILLING_ENABLED } from '@documenso/lib/constants/app'; -import { putFile } from '@documenso/lib/universal/upload/put-file'; import { canExecuteOrganisationAction, isPersonalLayout } from '@documenso/lib/utils/organisations'; import type { SanitizeBrandingCssWarning } from '@documenso/lib/utils/sanitize-branding-css'; import { trpc } from '@documenso/trpc/react'; @@ -49,26 +48,29 @@ export default function OrganisationSettingsBrandingPage() { const { mutateAsync: updateOrganisationSettings } = trpc.organisation.settings.update.useMutation(); + const { mutateAsync: updateOrganisationBrandingLogo } = trpc.organisation.settings.updateBrandingLogo.useMutation(); + const onBrandingPreferencesFormSubmit = async (data: TBrandingPreferencesFormSchema) => { try { const { brandingEnabled, brandingLogo, brandingUrl, brandingCompanyDetails, brandingColors, brandingCss } = data; - let uploadedBrandingLogo: string | undefined; + // Upload (or clear) the logo through the dedicated, server-validated route. + if (brandingLogo instanceof File || brandingLogo === null) { + const formData = new FormData(); - if (brandingLogo) { - uploadedBrandingLogo = JSON.stringify(await putFile(brandingLogo)); - } + formData.append('payload', JSON.stringify({ organisationId: organisation.id })); - // Empty the branding logo if the user unsets it. - if (brandingLogo === null) { - uploadedBrandingLogo = ''; + if (brandingLogo instanceof File) { + formData.append('brandingLogo', brandingLogo); + } + + await updateOrganisationBrandingLogo(formData); } const result = await updateOrganisationSettings({ organisationId: organisation.id, data: { brandingEnabled: brandingEnabled ?? undefined, - brandingLogo: uploadedBrandingLogo, brandingUrl, brandingCompanyDetails, brandingColors, diff --git a/apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx b/apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx index 0401d4da2..6035941d3 100644 --- a/apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx +++ b/apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx @@ -1,6 +1,5 @@ import { useCurrentOrganisation } from '@documenso/lib/client-only/providers/organisation'; import { IS_BILLING_ENABLED } from '@documenso/lib/constants/app'; -import { putFile } from '@documenso/lib/universal/upload/put-file'; import { canExecuteOrganisationAction } from '@documenso/lib/utils/organisations'; import type { SanitizeBrandingCssWarning } from '@documenso/lib/utils/sanitize-branding-css'; import { trpc } from '@documenso/trpc/react'; @@ -38,6 +37,7 @@ export default function TeamsSettingsPage() { }); const { mutateAsync: updateTeamSettings } = trpc.team.settings.update.useMutation(); + const { mutateAsync: updateTeamBrandingLogo } = trpc.team.settings.updateBrandingLogo.useMutation(); const canConfigureBranding = organisation.organisationClaim.flags.allowCustomBranding || !IS_BILLING_ENABLED(); @@ -48,22 +48,23 @@ export default function TeamsSettingsPage() { try { const { brandingEnabled, brandingLogo, brandingUrl, brandingCompanyDetails, brandingColors, brandingCss } = data; - let uploadedBrandingLogo: string | undefined; + // Upload (or clear) the logo through the dedicated, server-validated route. + if (brandingLogo instanceof File || brandingLogo === null) { + const formData = new FormData(); - if (brandingLogo) { - uploadedBrandingLogo = JSON.stringify(await putFile(brandingLogo)); - } + formData.append('payload', JSON.stringify({ teamId: team.id })); - // Empty the branding logo if the user unsets it. - if (brandingLogo === null) { - uploadedBrandingLogo = ''; + if (brandingLogo instanceof File) { + formData.append('brandingLogo', brandingLogo); + } + + await updateTeamBrandingLogo(formData); } const result = await updateTeamSettings({ teamId: team.id, data: { brandingEnabled, - brandingLogo: uploadedBrandingLogo, brandingUrl: brandingUrl || null, brandingCompanyDetails: brandingCompanyDetails || null, brandingColors, diff --git a/apps/remix/server/api/files/files.ts b/apps/remix/server/api/files/files.ts index 6885c7bfb..bbca38885 100644 --- a/apps/remix/server/api/files/files.ts +++ b/apps/remix/server/api/files/files.ts @@ -1,9 +1,8 @@ import { getOptionalSession } from '@documenso/auth/server/lib/utils/get-session'; import { APP_DOCUMENT_UPLOAD_SIZE_LIMIT } from '@documenso/lib/constants/app'; -import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error'; +import { AppError } from '@documenso/lib/errors/app-error'; import { verifyEmbeddingPresignToken } from '@documenso/lib/server-only/embedding-presign/verify-embedding-presign-token'; import { putNormalizedPdfFileServerSide } from '@documenso/lib/universal/upload/put-file.server'; -import { getPresignPostUrl } from '@documenso/lib/universal/upload/server-actions'; import { prisma } from '@documenso/prisma'; import { sValidator } from '@hono/standard-validator'; import type { Prisma } from '@prisma/client'; @@ -12,14 +11,11 @@ import { Hono } from 'hono'; import type { HonoEnv } from '../../router'; import { checkEnvelopeFileAccess, handleEnvelopeItemFileRequest, resolveFileUploadUserId } from './files.helpers'; import { - isAllowedUploadContentType, - type TGetPresignedPostUrlResponse, ZGetEnvelopeItemFileDownloadRequestParamsSchema, ZGetEnvelopeItemFileRequestParamsSchema, ZGetEnvelopeItemFileRequestQuerySchema, ZGetEnvelopeItemFileTokenDownloadRequestParamsSchema, ZGetEnvelopeItemFileTokenRequestParamsSchema, - ZGetPresignedPostUrlRequestSchema, ZUploadPdfRequestSchema, } from './files.types'; import getEnvelopeItemPdfRoute from './routes/get-envelope-item-pdf'; @@ -61,29 +57,6 @@ export const filesRoute = new Hono() return c.json({ error: 'Upload failed' }, 500); } }) - .post('/presigned-post-url', sValidator('json', ZGetPresignedPostUrlRequestSchema), async (c) => { - const userId = await resolveFileUploadUserId(c); - - if (!userId) { - return c.json({ error: 'Unauthorized' }, 401); - } - - const { fileName, contentType } = c.req.valid('json'); - - if (!isAllowedUploadContentType(contentType)) { - return c.json({ error: 'Unsupported content type' }, 400); - } - - try { - const { key, url } = await getPresignPostUrl(fileName, contentType, userId); - - return c.json({ key, url } satisfies TGetPresignedPostUrlResponse); - } catch (err) { - console.error(err); - - throw new AppError(AppErrorCode.UNKNOWN_ERROR); - } - }) .get( '/envelope/:envelopeId/envelopeItem/:envelopeItemId', sValidator('param', ZGetEnvelopeItemFileRequestParamsSchema), diff --git a/apps/remix/server/api/files/files.types.ts b/apps/remix/server/api/files/files.types.ts index 99f775274..28cb5ded2 100644 --- a/apps/remix/server/api/files/files.types.ts +++ b/apps/remix/server/api/files/files.types.ts @@ -13,27 +13,6 @@ export const ZUploadPdfResponseSchema = DocumentDataSchema.pick({ export type TUploadPdfRequest = z.infer; export type TUploadPdfResponse = z.infer; -export const ALLOWED_UPLOAD_CONTENT_TYPES = ['application/pdf', 'image/jpeg', 'image/png', 'image/webp'] as const; - -export const isAllowedUploadContentType = (contentType: string): boolean => { - const normalizedContentType = contentType.split(';').at(0)?.trim().toLowerCase(); - - return ALLOWED_UPLOAD_CONTENT_TYPES.some((allowed) => allowed === normalizedContentType); -}; - -export const ZGetPresignedPostUrlRequestSchema = z.object({ - fileName: z.string().min(1), - contentType: z.string().min(1), -}); - -export const ZGetPresignedPostUrlResponseSchema = z.object({ - key: z.string().min(1), - url: z.string().min(1), -}); - -export type TGetPresignedPostUrlRequest = z.infer; -export type TGetPresignedPostUrlResponse = z.infer; - export const ZGetEnvelopeItemFileRequestParamsSchema = z.object({ envelopeId: z.string().min(1), envelopeItemId: z.string().min(1), diff --git a/apps/remix/server/router.ts b/apps/remix/server/router.ts index 19747d4b2..8c9138404 100644 --- a/apps/remix/server/router.ts +++ b/apps/remix/server/router.ts @@ -105,7 +105,6 @@ app.route('/api/auth', auth); // Files route. app.use('/api/files/upload-pdf', fileRateLimitMiddleware); -app.use('/api/files/presigned-post-url', fileRateLimitMiddleware); app.route('/api/files', filesRoute); // AI route. diff --git a/packages/app-tests/e2e/api/v2/unauthorized-api-access/api-access-file-upload.spec.ts b/packages/app-tests/e2e/api/v2/unauthorized-api-access/api-access-file-upload.spec.ts index 21b58d737..6aac373cf 100644 --- a/packages/app-tests/e2e/api/v2/unauthorized-api-access/api-access-file-upload.spec.ts +++ b/packages/app-tests/e2e/api/v2/unauthorized-api-access/api-access-file-upload.spec.ts @@ -44,46 +44,6 @@ test.describe('File upload endpoint authorization', () => { expect(res.status()).toBe(401); }); - test('rejects an unauthenticated presigned-post-url request', async ({ request }) => { - const res = await request.post(`${WEBAPP_BASE_URL}/api/files/presigned-post-url`, { - headers: { 'Content-Type': 'application/json' }, - data: { fileName: 'test.pdf', contentType: 'application/pdf' }, - }); - - expect(res.ok()).toBeFalsy(); - expect(res.status()).toBe(401); - }); - - test('rejects a presigned-post-url request with an invalid presign token', async ({ request }) => { - const res = await request.post(`${WEBAPP_BASE_URL}/api/files/presigned-post-url`, { - headers: { - 'Content-Type': 'application/json', - Authorization: 'Bearer not-a-real-token', - }, - data: { fileName: 'test.pdf', contentType: 'application/pdf' }, - }); - - expect(res.ok()).toBeFalsy(); - expect(res.status()).toBe(401); - }); - - test('rejects a presigned-post-url request with a disallowed content type', async ({ request }) => { - const { user, team } = await seedUser(); - const presignToken = await createPresignTokenForUser(user.id, team.id); - - const res = await request.post(`${WEBAPP_BASE_URL}/api/files/presigned-post-url`, { - headers: { - 'Content-Type': 'application/json', - Authorization: `Bearer ${presignToken}`, - }, - data: { fileName: 'malware.exe', contentType: 'application/x-msdownload' }, - }); - - // Authenticated, but the content type is not on the allow-list. - expect(res.ok()).toBeFalsy(); - expect(res.status()).toBe(400); - }); - test('allows an upload-pdf request authorized by a valid presign token', async ({ request }) => { const { user, team } = await seedUser(); const presignToken = await createPresignTokenForUser(user.id, team.id); diff --git a/packages/app-tests/e2e/branding-logo-optimise.spec.ts b/packages/app-tests/e2e/branding-logo-optimise.spec.ts new file mode 100644 index 000000000..8f26de966 --- /dev/null +++ b/packages/app-tests/e2e/branding-logo-optimise.spec.ts @@ -0,0 +1,37 @@ +import { optimiseBrandingLogo } from '@documenso/lib/utils/images/logo'; +import { expect, test } from '@playwright/test'; +import sharp from 'sharp'; + +const makePng = async (width = 1200, height = 1200) => + sharp({ + create: { width, height, channels: 3, background: { r: 10, g: 20, b: 30 } }, + }) + .png() + .toBuffer(); + +test.describe('optimiseBrandingLogo', () => { + test('re-encodes a valid image to a PNG buffer', async () => { + const input = await makePng(); + + const output = await optimiseBrandingLogo(input); + + const metadata = await sharp(output).metadata(); + + expect(metadata.format).toBe('png'); + }); + + test('bounds the image to a maximum of 512px on its largest side', async () => { + const input = await makePng(2000, 1000); + + const output = await optimiseBrandingLogo(input); + + const metadata = await sharp(output).metadata(); + + expect(metadata.width).toBeLessThanOrEqual(512); + expect(metadata.height).toBeLessThanOrEqual(512); + }); + + test('rejects input that is not a valid image', async () => { + await expect(optimiseBrandingLogo(Buffer.from('this is not an image'))).rejects.toThrow(); + }); +}); diff --git a/packages/app-tests/e2e/branding-logo-upload.spec.ts b/packages/app-tests/e2e/branding-logo-upload.spec.ts new file mode 100644 index 000000000..2b7bd6602 --- /dev/null +++ b/packages/app-tests/e2e/branding-logo-upload.spec.ts @@ -0,0 +1,225 @@ +import fs from 'node:fs'; +import path from 'node:path'; + +import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app'; +import { prisma } from '@documenso/prisma'; +import { seedUser } from '@documenso/prisma/seed/users'; +import { expect, type Page, test } from '@playwright/test'; + +import { apiSignin } from './fixtures/authentication'; + +test.describe.configure({ mode: 'parallel' }); + +const LOGO_PATH = path.join(__dirname, '../../assets/logo.png'); + +type MultipartFile = { name: string; mimeType: string; buffer: Buffer }; + +const enableBrandingAndUpload = async (page: Page) => { + // Enable custom branding so the file input is no longer disabled. + await page.getByTestId('enable-branding').click(); + await page.getByRole('option', { name: 'Yes' }).click(); + + // Upload the logo file through the real multipart route. + await page.locator('input[type="file"]').setInputFiles(LOGO_PATH); + + await page.getByRole('button', { name: 'Save changes' }).first().click(); + await expect(page.getByText('Your branding preferences have been updated').first()).toBeVisible(); +}; + +/** + * POST a logo straight to the dedicated multipart tRPC route using the + * authenticated browser cookies. This bypasses the client-side form validation, + * which is the only way to exercise the server-side image validation / + * sanitisation (`zfdBrandingImageFile` + `optimiseBrandingLogo`) and the entitlement gate. + */ +const postOrganisationBrandingLogo = async (page: Page, organisationId: string, file: MultipartFile | null) => { + const multipart: Record = { + payload: JSON.stringify({ organisationId }), + }; + + if (file) { + multipart.brandingLogo = file; + } + + return await page + .context() + .request.post(`${NEXT_PUBLIC_WEBAPP_URL()}/api/trpc/organisation.settings.updateBrandingLogo`, { multipart }); +}; + +/** + * Grant the organisation the custom-branding entitlement. The positive branding + * flows require it whenever billing is enabled; with billing disabled the gate is + * bypassed, so this keeps these tests valid in both modes. + */ +const grantCustomBranding = async (organisationClaimId: string) => { + await prisma.organisationClaim.update({ + where: { id: organisationClaimId }, + data: { flags: { allowLegacyEnvelopes: true, allowCustomBranding: true } }, + }); +}; + +test('[BRANDING_LOGO]: uploads an organisation branding logo via the dedicated route', async ({ page }) => { + const { user, organisation } = await seedUser({ isPersonalOrganisation: false }); + + await grantCustomBranding(organisation.organisationClaim.id); + + await apiSignin({ + page, + email: user.email, + redirectPath: `/o/${organisation.url}/settings/branding`, + }); + + await enableBrandingAndUpload(page); + + const settings = await prisma.organisationGlobalSettings.findUniqueOrThrow({ + where: { id: organisation.organisationGlobalSettingsId }, + }); + + expect(settings.brandingLogo).toBeTruthy(); + + const parsed = JSON.parse(settings.brandingLogo); + expect(parsed).toHaveProperty('type'); + expect(parsed).toHaveProperty('data'); +}); + +test('[BRANDING_LOGO]: uploads a team branding logo via the dedicated route', async ({ page }) => { + const { user, team, organisation } = await seedUser({ isPersonalOrganisation: false }); + + await grantCustomBranding(organisation.organisationClaim.id); + + await apiSignin({ + page, + email: user.email, + redirectPath: `/t/${team.url}/settings/branding`, + }); + + await enableBrandingAndUpload(page); + + // TeamGlobalSettings has no `teamId` column (the FK lives on Team), so read it + // through the team relation. + const teamWithSettings = await prisma.team.findUniqueOrThrow({ + where: { id: team.id }, + include: { teamGlobalSettings: true }, + }); + + expect(teamWithSettings.teamGlobalSettings?.brandingLogo).toBeTruthy(); + + const parsed = JSON.parse(teamWithSettings.teamGlobalSettings?.brandingLogo ?? ''); + expect(parsed).toHaveProperty('type'); + expect(parsed).toHaveProperty('data'); +}); + +test('[BRANDING_LOGO]: clears the organisation branding logo when the user removes it', async ({ page }) => { + const { user, organisation } = await seedUser({ isPersonalOrganisation: false }); + + await grantCustomBranding(organisation.organisationClaim.id); + + await apiSignin({ + page, + email: user.email, + redirectPath: `/o/${organisation.url}/settings/branding`, + }); + + await enableBrandingAndUpload(page); + + // Confirm the logo was stored before we clear it. + const settings = await prisma.organisationGlobalSettings.findUniqueOrThrow({ + where: { id: organisation.organisationGlobalSettingsId }, + }); + + expect(settings.brandingLogo).toBeTruthy(); + + // Remove the logo and save again. + await page.getByRole('button', { name: 'Remove' }).click(); + await page.getByRole('button', { name: 'Save changes' }).first().click(); + + // Clearing the logo persists an empty string via the dedicated route. + await expect + .poll(async () => { + const updated = await prisma.organisationGlobalSettings.findUniqueOrThrow({ + where: { id: organisation.organisationGlobalSettingsId }, + }); + + return updated.brandingLogo; + }) + .toBe(''); +}); + +test('[BRANDING_LOGO]: validates and sanitises the logo on the server', async ({ page }) => { + const { user, organisation } = await seedUser({ isPersonalOrganisation: false }); + + await grantCustomBranding(organisation.organisationClaim.id); + + await apiSignin({ + page, + email: user.email, + redirectPath: `/o/${organisation.url}/settings/branding`, + }); + + // Positive control: a genuine PNG is accepted and stored. This also proves the + // direct multipart request shape matches what the route expects. + const validResponse = await postOrganisationBrandingLogo(page, organisation.id, { + name: 'logo.png', + mimeType: 'image/png', + buffer: fs.readFileSync(LOGO_PATH), + }); + + expect(validResponse.ok()).toBeTruthy(); + + const afterValid = await prisma.organisationGlobalSettings.findUniqueOrThrow({ + where: { id: organisation.organisationGlobalSettingsId }, + }); + + expect(afterValid.brandingLogo).toBeTruthy(); + + // Bytes that pass the MIME/size allowlist but are not a real image must be + // rejected by the server (the `sharp` re-encode) without changing stored state. + const invalidResponse = await postOrganisationBrandingLogo(page, organisation.id, { + name: 'fake.png', + mimeType: 'image/png', + buffer: Buffer.from('this is definitely not a valid png'), + }); + + expect(invalidResponse.ok()).toBeFalsy(); + expect(invalidResponse.status()).toBeGreaterThanOrEqual(400); + expect(invalidResponse.status()).toBeLessThan(500); + + const afterInvalid = await prisma.organisationGlobalSettings.findUniqueOrThrow({ + where: { id: organisation.organisationGlobalSettingsId }, + }); + + // The previously stored, valid logo is left untouched by the rejected upload. + expect(afterInvalid.brandingLogo).toBe(afterValid.brandingLogo); +}); + +test('[BRANDING_LOGO]: rejects setting a logo without the custom-branding entitlement', async ({ page }) => { + // The entitlement is only enforced when billing is enabled; with billing off + // the check is intentionally skipped server-side, so this can't be exercised. + test.skip( + process.env.NEXT_PUBLIC_FEATURE_BILLING_ENABLED !== 'true', + 'Entitlement is only enforced when billing is enabled.', + ); + + // Seeded organisations have no `allowCustomBranding` claim flag. + const { user, organisation } = await seedUser({ isPersonalOrganisation: false }); + + await apiSignin({ + page, + email: user.email, + redirectPath: `/o/${organisation.url}/settings/branding`, + }); + + const response = await postOrganisationBrandingLogo(page, organisation.id, { + name: 'logo.png', + mimeType: 'image/png', + buffer: fs.readFileSync(LOGO_PATH), + }); + + expect(response.ok()).toBeFalsy(); + + const settings = await prisma.organisationGlobalSettings.findUniqueOrThrow({ + where: { id: organisation.organisationGlobalSettingsId }, + }); + + expect(settings.brandingLogo).toBeFalsy(); +}); diff --git a/packages/app-tests/e2e/signing-branding.spec.ts b/packages/app-tests/e2e/signing-branding.spec.ts index 9cd9fbf85..1292d2f83 100644 --- a/packages/app-tests/e2e/signing-branding.spec.ts +++ b/packages/app-tests/e2e/signing-branding.spec.ts @@ -142,3 +142,38 @@ test('[SIGNING_BRANDING]: embedded signing does not render custom logo Brand Web await expect(page.locator(`a[href="${BRANDING_URL}"]`)).toHaveCount(0); await expect(page.getByRole('link', { name: `${team.name}'s Logo` })).toHaveCount(0); }); + +test('[SIGNING_BRANDING]: custom logo renders when branding is enabled and is hidden when disabled', async ({ + page, +}) => { + const { user, team, organisation } = await seedUser(); + + await enableOrganisationBranding({ + organisationGlobalSettingsId: organisation.organisationGlobalSettingsId, + }); + + const { recipients } = await seedPendingDocumentWithFullFields({ + owner: user, + teamId: team.id, + recipients: ['enabled-disabled-branding-signer@test.documenso.com'], + fields: [FieldType.SIGNATURE], + updateDocumentOptions: { internalVersion: 2 }, + }); + + // Branding enabled → the custom logo is rendered on the signing page. + await page.goto(`/sign/${recipients[0].token}`); + await expectPlainBrandingLogo(page, `${team.name}'s Logo`); + + // Disable branding while keeping the stored logo (the team inherits this). + await prisma.organisationGlobalSettings.update({ + where: { id: organisation.organisationGlobalSettingsId }, + data: { brandingEnabled: false }, + }); + + // Branding disabled → the custom logo is gone and the Documenso fallback + // (an internal link to "/") is shown instead. + await page.goto(`/sign/${recipients[0].token}`); + + await expect(page.getByRole('img', { name: `${team.name}'s Logo` })).toHaveCount(0); + await expect(page.locator('a[href="/"]').first()).toBeVisible(); +}); diff --git a/packages/lib/constants/branding.ts b/packages/lib/constants/branding.ts index f50cc7098..0f00237b7 100644 --- a/packages/lib/constants/branding.ts +++ b/packages/lib/constants/branding.ts @@ -9,3 +9,13 @@ * cap so a malicious or runaway payload can't exhaust PostCSS/server memory. */ export const BRANDING_CSS_MAX_LENGTH = 256 * 1024; + +/** + * Branding logo upload constraints. Enforced server-side at the TRPC request + * boundary (`zfdBrandingImageFile`) and reused by the client form for matching UX. + */ +export const BRANDING_LOGO_MAX_SIZE_MB = 5; + +export const BRANDING_LOGO_MAX_SIZE_BYTES = BRANDING_LOGO_MAX_SIZE_MB * 1024 * 1024; + +export const BRANDING_LOGO_ALLOWED_TYPES: string[] = ['image/jpeg', 'image/png', 'image/webp']; diff --git a/packages/lib/server-only/branding/store-branding-logo.ts b/packages/lib/server-only/branding/store-branding-logo.ts new file mode 100644 index 000000000..af0601aec --- /dev/null +++ b/packages/lib/server-only/branding/store-branding-logo.ts @@ -0,0 +1,26 @@ +import { AppError, AppErrorCode } from '../../errors/app-error'; +import { putFileServerSide } from '../../universal/upload/put-file.server'; +import { optimiseBrandingLogo } from '../../utils/images/logo'; + +/** + * Validate, sanitise and store an uploaded branding logo. Returns the + * `JSON.stringify({ type, data })` reference persisted in the `brandingLogo` + * column (the same format the serving endpoints already expect). + */ +export const buildBrandingLogoData = async (file: File): Promise => { + const buffer = Buffer.from(await file.arrayBuffer()); + + const optimised = await optimiseBrandingLogo(buffer).catch(() => { + throw new AppError(AppErrorCode.INVALID_BODY, { + message: 'The branding logo must be a valid image file.', + }); + }); + + const documentData = await putFileServerSide({ + name: 'branding-logo.png', + type: 'image/png', + arrayBuffer: async () => Promise.resolve(optimised), + }); + + return JSON.stringify(documentData); +}; diff --git a/packages/lib/universal/upload/put-file.ts b/packages/lib/universal/upload/put-file.ts index 5a7eeecc0..46b53a861 100644 --- a/packages/lib/universal/upload/put-file.ts +++ b/packages/lib/universal/upload/put-file.ts @@ -1,10 +1,5 @@ -import { env } from '@documenso/lib/utils/env'; -import type { TGetPresignedPostUrlResponse, TUploadPdfResponse } from '@documenso/remix/server/api/files/files.types'; -import { DocumentDataType } from '@prisma/client'; -import { base64 } from '@scure/base'; -import { match } from 'ts-pattern'; +import type { TUploadPdfResponse } from '@documenso/remix/server/api/files/files.types'; -import { NEXT_PUBLIC_WEBAPP_URL } from '../../constants/app'; import { AppError } from '../../errors/app-error'; type File = { @@ -58,68 +53,3 @@ export const putPdfFile = async (file: File, options?: PutFileOptions) => { return result; }; - -/** - * Uploads a file to the appropriate storage location. - */ -export const putFile = async (file: File, options?: PutFileOptions) => { - const NEXT_PUBLIC_UPLOAD_TRANSPORT = env('NEXT_PUBLIC_UPLOAD_TRANSPORT'); - - return await match(NEXT_PUBLIC_UPLOAD_TRANSPORT) - .with('s3', async () => putFileInObjectStorage(file, {}, options)) - .with('azure-blob', async () => putFileInObjectStorage(file, { 'x-ms-blob-type': 'BlockBlob' }, options)) - .otherwise(async () => putFileInDatabase(file)); -}; - -const putFileInDatabase = async (file: File) => { - const contents = await file.arrayBuffer(); - - const binaryData = new Uint8Array(contents); - - const asciiData = base64.encode(binaryData); - - return { - type: DocumentDataType.BYTES_64, - data: asciiData, - }; -}; - -const putFileInObjectStorage = async (file: File, extraHeaders: Record, options?: PutFileOptions) => { - const getPresignedUrlResponse = await fetch(`${NEXT_PUBLIC_WEBAPP_URL()}/api/files/presigned-post-url`, { - method: 'POST', - headers: { - 'Content-Type': 'application/json', - ...buildUploadAuthHeaders(options), - }, - body: JSON.stringify({ - fileName: file.name, - contentType: file.type, - }), - }); - - if (!getPresignedUrlResponse.ok) { - throw new Error(`Failed to get presigned post url, failed with status code ${getPresignedUrlResponse.status}`); - } - - const { url, key }: TGetPresignedPostUrlResponse = await getPresignedUrlResponse.json(); - - const body = await file.arrayBuffer(); - - const response = await fetch(url, { - method: 'PUT', - headers: { - 'Content-Type': 'application/octet-stream', - ...extraHeaders, - }, - body, - }); - - if (!response.ok) { - throw new Error(`Failed to upload file "${file.name}", failed with status code ${response.status}`); - } - - return { - type: DocumentDataType.S3_PATH, - data: key, - }; -}; diff --git a/packages/lib/utils/images/logo.ts b/packages/lib/utils/images/logo.ts index b81f7c012..98b2edebb 100644 --- a/packages/lib/utils/images/logo.ts +++ b/packages/lib/utils/images/logo.ts @@ -8,3 +8,15 @@ export const loadLogo = async (file: Uint8Array) => { content, }; }; + +/** + * Validate and sanitise an uploaded branding logo. Re-encoding through `sharp` + * proves the bytes are a real raster image and strips any embedded payloads. + * Throws if the input cannot be parsed as an image. + */ +export const optimiseBrandingLogo = async (input: Buffer | Uint8Array): Promise => { + return await sharp(input) + .resize(512, 512, { fit: 'inside', withoutEnlargement: true }) + .png({ quality: 80 }) + .toBuffer(); +}; diff --git a/packages/trpc/server/organisation-router/router.ts b/packages/trpc/server/organisation-router/router.ts index 3a66faab0..e0c1bbba4 100644 --- a/packages/trpc/server/organisation-router/router.ts +++ b/packages/trpc/server/organisation-router/router.ts @@ -20,6 +20,7 @@ import { getOrganisationsRoute } from './get-organisations'; import { leaveOrganisationRoute } from './leave-organisation'; import { resendOrganisationMemberInviteRoute } from './resend-organisation-member-invite'; import { updateOrganisationRoute } from './update-organisation'; +import { updateOrganisationBrandingLogoRoute } from './update-organisation-branding-logo'; import { updateOrganisationGroupRoute } from './update-organisation-group'; import { updateOrganisationMemberRoute } from './update-organisation-members'; import { updateOrganisationSettingsRoute } from './update-organisation-settings'; @@ -55,6 +56,7 @@ export const organisationRouter = router({ }, settings: { update: updateOrganisationSettingsRoute, + updateBrandingLogo: updateOrganisationBrandingLogoRoute, }, internal: { getOrganisationSession: getOrganisationSessionRoute, diff --git a/packages/trpc/server/organisation-router/update-organisation-branding-logo.ts b/packages/trpc/server/organisation-router/update-organisation-branding-logo.ts new file mode 100644 index 000000000..a4ee8ffcd --- /dev/null +++ b/packages/trpc/server/organisation-router/update-organisation-branding-logo.ts @@ -0,0 +1,69 @@ +import { IS_BILLING_ENABLED } from '@documenso/lib/constants/app'; +import { ORGANISATION_MEMBER_ROLE_PERMISSIONS_MAP } from '@documenso/lib/constants/organisations'; +import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error'; +import { buildBrandingLogoData } from '@documenso/lib/server-only/branding/store-branding-logo'; +import { getOrganisationClaim } from '@documenso/lib/server-only/organisation/get-organisation-claims'; +import { buildOrganisationWhereQuery } from '@documenso/lib/utils/organisations'; +import { prisma } from '@documenso/prisma'; + +import { authenticatedProcedure } from '../trpc'; +import { + ZUpdateOrganisationBrandingLogoRequestSchema, + ZUpdateOrganisationBrandingLogoResponseSchema, +} from './update-organisation-branding-logo.types'; + +export const updateOrganisationBrandingLogoRoute = authenticatedProcedure + .input(ZUpdateOrganisationBrandingLogoRequestSchema) + .output(ZUpdateOrganisationBrandingLogoResponseSchema) + .mutation(async ({ ctx, input }) => { + const { user } = ctx; + const { payload, brandingLogo } = input; + const { organisationId } = payload; + + ctx.logger.info({ + input: { + organisationId, + }, + }); + + const organisation = await prisma.organisation.findFirst({ + where: buildOrganisationWhereQuery({ + organisationId, + userId: user.id, + roles: ORGANISATION_MEMBER_ROLE_PERMISSIONS_MAP['MANAGE_ORGANISATION'], + }), + }); + + if (!organisation) { + throw new AppError(AppErrorCode.UNAUTHORIZED, { + message: 'You do not have permission to update this organisation.', + }); + } + + // Setting a logo requires the custom-branding entitlement; clearing it is + // always allowed so a downgraded organisation can still remove its logo. + if (brandingLogo && IS_BILLING_ENABLED()) { + const claim = await getOrganisationClaim({ organisationId }); + + if (claim.flags?.allowCustomBranding !== true) { + throw new AppError(AppErrorCode.UNAUTHORIZED, { + message: 'Your plan does not allow custom branding.', + }); + } + } + + const brandingLogoValue = brandingLogo ? await buildBrandingLogoData(brandingLogo) : ''; + + await prisma.organisation.update({ + where: { + id: organisation.id, + }, + data: { + organisationGlobalSettings: { + update: { + brandingLogo: brandingLogoValue, + }, + }, + }, + }); + }); diff --git a/packages/trpc/server/organisation-router/update-organisation-branding-logo.types.ts b/packages/trpc/server/organisation-router/update-organisation-branding-logo.types.ts new file mode 100644 index 000000000..059902921 --- /dev/null +++ b/packages/trpc/server/organisation-router/update-organisation-branding-logo.types.ts @@ -0,0 +1,17 @@ +import { z } from 'zod'; +import { zfd } from 'zod-form-data'; + +import { zfdBrandingImageFile, zodFormData } from '../../utils/zod-form-data'; + +export const ZUpdateOrganisationBrandingLogoRequestSchema = zodFormData({ + payload: zfd.json( + z.object({ + organisationId: z.string(), + }), + ), + brandingLogo: zfdBrandingImageFile().optional(), +}); + +export const ZUpdateOrganisationBrandingLogoResponseSchema = z.void(); + +export type TUpdateOrganisationBrandingLogoRequest = z.infer; diff --git a/packages/trpc/server/organisation-router/update-organisation-settings.ts b/packages/trpc/server/organisation-router/update-organisation-settings.ts index 625f79114..156e40e69 100644 --- a/packages/trpc/server/organisation-router/update-organisation-settings.ts +++ b/packages/trpc/server/organisation-router/update-organisation-settings.ts @@ -44,7 +44,6 @@ export const updateOrganisationSettingsRoute = authenticatedProcedure // Branding related settings. brandingEnabled, - brandingLogo, brandingUrl, brandingCompanyDetails, brandingColors, @@ -174,7 +173,6 @@ export const updateOrganisationSettingsRoute = authenticatedProcedure // Branding related settings. brandingEnabled, - brandingLogo, brandingUrl, brandingCompanyDetails, brandingColors: normalizedBrandingColors === null ? Prisma.DbNull : normalizedBrandingColors, diff --git a/packages/trpc/server/organisation-router/update-organisation-settings.types.ts b/packages/trpc/server/organisation-router/update-organisation-settings.types.ts index d7b7d1c0d..62caa07fc 100644 --- a/packages/trpc/server/organisation-router/update-organisation-settings.types.ts +++ b/packages/trpc/server/organisation-router/update-organisation-settings.types.ts @@ -32,7 +32,6 @@ export const ZUpdateOrganisationSettingsRequestSchema = z.object({ // Branding related settings. brandingEnabled: z.boolean().optional(), - brandingLogo: z.string().optional(), brandingUrl: z.string().optional(), brandingCompanyDetails: z.string().optional(), brandingColors: ZCssVarsSchema.nullish(), diff --git a/packages/trpc/server/team-router/router.ts b/packages/trpc/server/team-router/router.ts index 26a1d9913..d05e2af13 100644 --- a/packages/trpc/server/team-router/router.ts +++ b/packages/trpc/server/team-router/router.ts @@ -25,6 +25,7 @@ import { ZUpdateTeamEmailMutationSchema, } from './schema'; import { updateTeamRoute } from './update-team'; +import { updateTeamBrandingLogoRoute } from './update-team-branding-logo'; import { updateTeamGroupRoute } from './update-team-group'; import { updateTeamMemberRoute } from './update-team-member'; import { updateTeamSettingsRoute } from './update-team-settings'; @@ -50,6 +51,7 @@ export const teamRouter = router({ }, settings: { update: updateTeamSettingsRoute, + updateBrandingLogo: updateTeamBrandingLogoRoute, }, // Old routes (to be migrated) diff --git a/packages/trpc/server/team-router/update-team-branding-logo.ts b/packages/trpc/server/team-router/update-team-branding-logo.ts new file mode 100644 index 000000000..2196bb068 --- /dev/null +++ b/packages/trpc/server/team-router/update-team-branding-logo.ts @@ -0,0 +1,69 @@ +import { IS_BILLING_ENABLED } from '@documenso/lib/constants/app'; +import { TEAM_MEMBER_ROLE_PERMISSIONS_MAP } from '@documenso/lib/constants/teams'; +import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error'; +import { buildBrandingLogoData } from '@documenso/lib/server-only/branding/store-branding-logo'; +import { getOrganisationClaimByTeamId } from '@documenso/lib/server-only/organisation/get-organisation-claims'; +import { buildTeamWhereQuery } from '@documenso/lib/utils/teams'; +import { prisma } from '@documenso/prisma'; + +import { authenticatedProcedure } from '../trpc'; +import { + ZUpdateTeamBrandingLogoRequestSchema, + ZUpdateTeamBrandingLogoResponseSchema, +} from './update-team-branding-logo.types'; + +export const updateTeamBrandingLogoRoute = authenticatedProcedure + .input(ZUpdateTeamBrandingLogoRequestSchema) + .output(ZUpdateTeamBrandingLogoResponseSchema) + .mutation(async ({ ctx, input }) => { + const { user } = ctx; + const { payload, brandingLogo } = input; + const { teamId } = payload; + + ctx.logger.info({ + input: { + teamId, + }, + }); + + const team = await prisma.team.findFirst({ + where: buildTeamWhereQuery({ + teamId, + userId: user.id, + roles: TEAM_MEMBER_ROLE_PERMISSIONS_MAP['MANAGE_TEAM'], + }), + }); + + if (!team) { + throw new AppError(AppErrorCode.UNAUTHORIZED, { + message: 'You do not have permission to update this team.', + }); + } + + // Setting a logo requires the custom-branding entitlement; clearing it is + // always allowed so a downgraded team can still remove its logo. + if (brandingLogo && IS_BILLING_ENABLED()) { + const claim = await getOrganisationClaimByTeamId({ teamId }); + + if (claim.flags?.allowCustomBranding !== true) { + throw new AppError(AppErrorCode.UNAUTHORIZED, { + message: 'Your plan does not allow custom branding.', + }); + } + } + + const brandingLogoValue = brandingLogo ? await buildBrandingLogoData(brandingLogo) : ''; + + await prisma.team.update({ + where: { + id: team.id, + }, + data: { + teamGlobalSettings: { + update: { + brandingLogo: brandingLogoValue, + }, + }, + }, + }); + }); diff --git a/packages/trpc/server/team-router/update-team-branding-logo.types.ts b/packages/trpc/server/team-router/update-team-branding-logo.types.ts new file mode 100644 index 000000000..171537eaa --- /dev/null +++ b/packages/trpc/server/team-router/update-team-branding-logo.types.ts @@ -0,0 +1,17 @@ +import { z } from 'zod'; +import { zfd } from 'zod-form-data'; + +import { zfdBrandingImageFile, zodFormData } from '../../utils/zod-form-data'; + +export const ZUpdateTeamBrandingLogoRequestSchema = zodFormData({ + payload: zfd.json( + z.object({ + teamId: z.number(), + }), + ), + brandingLogo: zfdBrandingImageFile().optional(), +}); + +export const ZUpdateTeamBrandingLogoResponseSchema = z.void(); + +export type TUpdateTeamBrandingLogoRequest = z.infer; diff --git a/packages/trpc/server/team-router/update-team-settings.ts b/packages/trpc/server/team-router/update-team-settings.ts index c5db1d12a..c8a81b4b8 100644 --- a/packages/trpc/server/team-router/update-team-settings.ts +++ b/packages/trpc/server/team-router/update-team-settings.ts @@ -42,7 +42,6 @@ export const updateTeamSettingsRoute = authenticatedProcedure // Branding related settings. brandingEnabled, - brandingLogo, brandingUrl, brandingCompanyDetails, brandingColors, @@ -176,7 +175,6 @@ export const updateTeamSettingsRoute = authenticatedProcedure // Branding related settings. brandingEnabled, - brandingLogo, brandingUrl, brandingCompanyDetails, brandingColors: normalizedBrandingColors === null ? Prisma.DbNull : normalizedBrandingColors, diff --git a/packages/trpc/server/team-router/update-team-settings.types.ts b/packages/trpc/server/team-router/update-team-settings.types.ts index 31ec4c5b0..72990ce77 100644 --- a/packages/trpc/server/team-router/update-team-settings.types.ts +++ b/packages/trpc/server/team-router/update-team-settings.types.ts @@ -35,7 +35,6 @@ export const ZUpdateTeamSettingsRequestSchema = z.object({ // Branding related settings. brandingEnabled: z.boolean().nullish(), - brandingLogo: z.string().nullish(), brandingUrl: z.string().nullish(), brandingCompanyDetails: z.string().nullish(), brandingColors: ZCssVarsSchema.nullish(), diff --git a/packages/trpc/utils/zod-form-data.ts b/packages/trpc/utils/zod-form-data.ts index d62c50635..82f3b39d2 100644 --- a/packages/trpc/utils/zod-form-data.ts +++ b/packages/trpc/utils/zod-form-data.ts @@ -1,4 +1,9 @@ import { APP_DOCUMENT_UPLOAD_SIZE_LIMIT } from '@documenso/lib/constants/app'; +import { + BRANDING_LOGO_ALLOWED_TYPES, + BRANDING_LOGO_MAX_SIZE_BYTES, + BRANDING_LOGO_MAX_SIZE_MB, +} from '@documenso/lib/constants/branding'; import { megabytesToBytes } from '@documenso/lib/universal/unit-convertions'; import type { ZodRawShape } from 'zod'; import z from 'zod'; @@ -17,6 +22,21 @@ export const zfdFile = () => { }); }; +/** + * A `zfd.file()` schema constrained to branding-logo images: size-limited and + * restricted to a MIME allowlist. Use for server-side branding logo uploads. + */ +export const zfdBrandingImageFile = () => { + return zfd + .file() + .refine((file) => file.size <= BRANDING_LOGO_MAX_SIZE_BYTES, { + message: `File cannot be larger than ${BRANDING_LOGO_MAX_SIZE_MB}MB`, + }) + .refine((file) => BRANDING_LOGO_ALLOWED_TYPES.includes(file.type), { + message: 'File must be a JPG, PNG, or WebP image', + }); +}; + /** * This helper takes the place of the `z.object` at the root of your schema. * It wraps your schema in a `z.preprocess` that extracts all the data out of a `FormData` From a55e6d94849a3a127f20f160fe93d466df7c9c13 Mon Sep 17 00:00:00 2001 From: Catalin Pit Date: Thu, 2 Jul 2026 09:20:56 +0300 Subject: [PATCH 09/10] fix: block invisible & control characters and URLs in names (#2978) --- .../dialogs/folder-create-dialog.tsx | 5 +- .../dialogs/folder-update-dialog.tsx | 6 +- .../dialogs/passkey-create-dialog.tsx | 4 +- .../dialogs/team-email-update-dialog.tsx | 10 +- .../components/forms/email-transport-form.tsx | 5 +- apps/remix/app/components/forms/profile.tsx | 2 +- apps/remix/app/components/forms/signup.tsx | 2 +- .../app/components/general/claim-account.tsx | 4 +- ...ettings-security-passkey-table-actions.tsx | 3 +- .../o.$orgUrl.settings.groups.$id.tsx | 5 +- packages/auth/server/types/email-password.ts | 2 +- packages/lib/constants/auth.ts | 15 -- packages/lib/types/name.test.ts | 145 ++++++++++++++++++ packages/lib/types/name.ts | 68 ++++++++ .../create-admin-organisation.types.ts | 5 +- .../create-subscription-claim.types.ts | 3 +- .../server/admin-router/create-user.types.ts | 2 +- .../create-email-transport.types.ts | 5 +- .../update-email-transport.types.ts | 5 +- .../update-admin-organisation.types.ts | 4 +- .../server/admin-router/update-user.types.ts | 3 +- .../create-api-token.types.ts | 3 +- .../auth-router/create-passkey.types.ts | 3 +- .../auth-router/update-passkey.types.ts | 3 +- .../create-organisation-email.types.ts | 3 +- packages/trpc/server/folder-router/schema.ts | 5 +- .../create-organisation-group.types.ts | 3 +- .../create-organisation.types.ts | 8 +- .../update-organisation-group.types.ts | 3 +- packages/trpc/server/profile-router/schema.ts | 2 +- .../server/team-router/create-team.types.ts | 5 +- packages/trpc/server/team-router/schema.ts | 11 +- .../server/team-router/update-team.types.ts | 5 +- packages/trpc/server/webhook-router/schema.ts | 8 + 34 files changed, 286 insertions(+), 79 deletions(-) create mode 100644 packages/lib/types/name.test.ts create mode 100644 packages/lib/types/name.ts diff --git a/apps/remix/app/components/dialogs/folder-create-dialog.tsx b/apps/remix/app/components/dialogs/folder-create-dialog.tsx index c2cf21eaa..395feaf37 100644 --- a/apps/remix/app/components/dialogs/folder-create-dialog.tsx +++ b/apps/remix/app/components/dialogs/folder-create-dialog.tsx @@ -1,3 +1,4 @@ +import { ZNameSchema } from '@documenso/lib/types/name'; import { trpc } from '@documenso/trpc/react'; import { Button } from '@documenso/ui/primitives/button'; import { @@ -23,7 +24,7 @@ import { useParams } from 'react-router'; import { z } from 'zod'; const ZCreateFolderFormSchema = z.object({ - name: z.string().min(1, { message: 'Folder name is required' }), + name: ZNameSchema, }); type TCreateFolderFormSchema = z.infer; @@ -65,7 +66,7 @@ export const FolderCreateDialog = ({ type, trigger, parentFolderId, ...props }: toast({ description: t`Folder created successfully`, }); - } catch (err) { + } catch (_err) { toast({ title: t`Failed to create folder`, description: t`An unknown error occurred while creating the folder.`, diff --git a/apps/remix/app/components/dialogs/folder-update-dialog.tsx b/apps/remix/app/components/dialogs/folder-update-dialog.tsx index 1c57bc27d..db859431a 100644 --- a/apps/remix/app/components/dialogs/folder-update-dialog.tsx +++ b/apps/remix/app/components/dialogs/folder-update-dialog.tsx @@ -1,5 +1,6 @@ import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error'; import { DocumentVisibility } from '@documenso/lib/types/document-visibility'; +import { ZNameSchema } from '@documenso/lib/types/name'; import { trpc } from '@documenso/trpc/react'; import type { TFolderWithSubfolders } from '@documenso/trpc/server/folder-router/schema'; import { Button } from '@documenso/ui/primitives/button'; @@ -23,8 +24,6 @@ import { useEffect } from 'react'; import { useForm } from 'react-hook-form'; import { z } from 'zod'; -import { useOptionalCurrentTeam } from '~/providers/team'; - export type FolderUpdateDialogProps = { folder: TFolderWithSubfolders | null; isOpen: boolean; @@ -32,7 +31,7 @@ export type FolderUpdateDialogProps = { } & Omit; export const ZUpdateFolderFormSchema = z.object({ - name: z.string().min(1), + name: ZNameSchema, visibility: z.nativeEnum(DocumentVisibility).optional(), }); @@ -40,7 +39,6 @@ export type TUpdateFolderFormSchema = z.infer; export const FolderUpdateDialog = ({ folder, isOpen, onOpenChange }: FolderUpdateDialogProps) => { const { t } = useLingui(); - const team = useOptionalCurrentTeam(); const { toast } = useToast(); const { mutateAsync: updateFolder } = trpc.folder.updateFolder.useMutation(); diff --git a/apps/remix/app/components/dialogs/passkey-create-dialog.tsx b/apps/remix/app/components/dialogs/passkey-create-dialog.tsx index 5a51cd8d4..3fe62a653 100644 --- a/apps/remix/app/components/dialogs/passkey-create-dialog.tsx +++ b/apps/remix/app/components/dialogs/passkey-create-dialog.tsx @@ -1,5 +1,6 @@ import { MAXIMUM_PASSKEYS } from '@documenso/lib/constants/auth'; import { AppError } from '@documenso/lib/errors/app-error'; +import { ZNameSchema } from '@documenso/lib/types/name'; import { trpc } from '@documenso/trpc/react'; import { Alert, AlertDescription, AlertTitle } from '@documenso/ui/primitives/alert'; import { Button } from '@documenso/ui/primitives/button'; @@ -25,14 +26,13 @@ import { useForm } from 'react-hook-form'; import { match } from 'ts-pattern'; import { UAParser } from 'ua-parser-js'; import { z } from 'zod'; - export type PasskeyCreateDialogProps = { trigger?: React.ReactNode; onSuccess?: () => void; } & Omit; const ZCreatePasskeyFormSchema = z.object({ - passkeyName: z.string().min(3), + passkeyName: ZNameSchema, }); type TCreatePasskeyFormSchema = z.infer; diff --git a/apps/remix/app/components/dialogs/team-email-update-dialog.tsx b/apps/remix/app/components/dialogs/team-email-update-dialog.tsx index 6eb5b0e88..3fbddc3c2 100644 --- a/apps/remix/app/components/dialogs/team-email-update-dialog.tsx +++ b/apps/remix/app/components/dialogs/team-email-update-dialog.tsx @@ -1,4 +1,5 @@ import { trpc } from '@documenso/trpc/react'; +import { ZUpdateTeamEmailMutationSchema } from '@documenso/trpc/server/team-router/schema'; import { Button } from '@documenso/ui/primitives/button'; import { Dialog, @@ -19,16 +20,16 @@ import type * as DialogPrimitive from '@radix-ui/react-dialog'; import { useEffect, useState } from 'react'; import { useForm } from 'react-hook-form'; import { useRevalidator } from 'react-router'; -import { z } from 'zod'; +import type { z } from 'zod'; export type TeamEmailUpdateDialogProps = { teamEmail: TeamEmail; trigger?: React.ReactNode; } & Omit; -const ZUpdateTeamEmailFormSchema = z.object({ - name: z.string().trim().min(1, { message: 'Please enter a valid name.' }), -}); +const ZUpdateTeamEmailFormSchema = ZUpdateTeamEmailMutationSchema.pick({ + data: true, +}).shape.data; type TUpdateTeamEmailFormSchema = z.infer; @@ -44,6 +45,7 @@ export const TeamEmailUpdateDialog = ({ teamEmail, trigger, ...props }: TeamEmai defaultValues: { name: teamEmail.name, }, + mode: 'onSubmit', }); const { mutateAsync: updateTeamEmail } = trpc.team.email.update.useMutation(); diff --git a/apps/remix/app/components/forms/email-transport-form.tsx b/apps/remix/app/components/forms/email-transport-form.tsx index 2e20fdb59..c8af2f478 100644 --- a/apps/remix/app/components/forms/email-transport-form.tsx +++ b/apps/remix/app/components/forms/email-transport-form.tsx @@ -1,3 +1,4 @@ +import { ZNameSchema } from '@documenso/lib/types/name'; import { Form, FormControl, @@ -15,8 +16,8 @@ import { useForm } from 'react-hook-form'; import { z } from 'zod'; const ZEmailTransportFormSchema = z.object({ - name: z.string().min(1), - fromName: z.string().min(1), + name: ZNameSchema, + fromName: ZNameSchema, fromAddress: z.string().email(), type: z.enum(['SMTP_AUTH', 'SMTP_API', 'RESEND', 'MAILCHANNELS']), host: z.string().optional(), diff --git a/apps/remix/app/components/forms/profile.tsx b/apps/remix/app/components/forms/profile.tsx index a9b81bc02..3449a747f 100644 --- a/apps/remix/app/components/forms/profile.tsx +++ b/apps/remix/app/components/forms/profile.tsx @@ -1,5 +1,5 @@ import { useSession } from '@documenso/lib/client-only/providers/session'; -import { ZNameSchema } from '@documenso/lib/constants/auth'; +import { ZNameSchema } from '@documenso/lib/types/name'; import { trpc } from '@documenso/trpc/react'; import { cn } from '@documenso/ui/lib/utils'; import { Button } from '@documenso/ui/primitives/button'; diff --git a/apps/remix/app/components/forms/signup.tsx b/apps/remix/app/components/forms/signup.tsx index a53131f08..4c7a18aec 100644 --- a/apps/remix/app/components/forms/signup.tsx +++ b/apps/remix/app/components/forms/signup.tsx @@ -1,8 +1,8 @@ import communityCardsImage from '@documenso/assets/images/community-cards.png'; import { authClient } from '@documenso/auth/client'; import { useAnalytics } from '@documenso/lib/client-only/hooks/use-analytics'; -import { ZNameSchema } from '@documenso/lib/constants/auth'; import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error'; +import { ZNameSchema } from '@documenso/lib/types/name'; import { env } from '@documenso/lib/utils/env'; import { zEmail } from '@documenso/lib/utils/zod'; import { ZPasswordSchema } from '@documenso/trpc/server/auth-router/schema'; diff --git a/apps/remix/app/components/general/claim-account.tsx b/apps/remix/app/components/general/claim-account.tsx index 110549bc7..4301391e6 100644 --- a/apps/remix/app/components/general/claim-account.tsx +++ b/apps/remix/app/components/general/claim-account.tsx @@ -1,6 +1,7 @@ import { authClient } from '@documenso/auth/client'; import { useAnalytics } from '@documenso/lib/client-only/hooks/use-analytics'; import { AppError } from '@documenso/lib/errors/app-error'; +import { ZNameSchema } from '@documenso/lib/types/name'; import { env } from '@documenso/lib/utils/env'; import { zEmail } from '@documenso/lib/utils/zod'; import { ZPasswordSchema } from '@documenso/trpc/server/auth-router/schema'; @@ -19,7 +20,6 @@ import { useRef } from 'react'; import { useForm } from 'react-hook-form'; import { useNavigate } from 'react-router'; import { z } from 'zod'; - import { SIGNUP_ERROR_MESSAGES } from '~/components/forms/signup'; export type ClaimAccountProps = { @@ -30,7 +30,7 @@ export type ClaimAccountProps = { export const ZClaimAccountFormSchema = z .object({ - name: z.string().trim().min(1, { message: msg`Please enter a valid name.`.id }), + name: ZNameSchema, email: zEmail().min(1), password: ZPasswordSchema, }) diff --git a/apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx b/apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx index 7feb0e191..180dc3e44 100644 --- a/apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx +++ b/apps/remix/app/components/tables/settings-security-passkey-table-actions.tsx @@ -1,3 +1,4 @@ +import { ZNameSchema } from '@documenso/lib/types/name'; import { trpc } from '@documenso/trpc/react'; import { cn } from '@documenso/ui/lib/utils'; import { Button } from '@documenso/ui/primitives/button'; @@ -29,7 +30,7 @@ export type SettingsSecurityPasskeyTableActionsProps = { }; const ZUpdatePasskeySchema = z.object({ - name: z.string(), + name: ZNameSchema, }); type TUpdatePasskeySchema = z.infer; diff --git a/apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx b/apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx index 307cfe479..b3abcb81a 100644 --- a/apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx +++ b/apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.groups.$id.tsx @@ -3,6 +3,7 @@ import { ORGANISATION_MEMBER_ROLE_HIERARCHY } from '@documenso/lib/constants/org import { EXTENDED_ORGANISATION_MEMBER_ROLE_MAP } from '@documenso/lib/constants/organisations-translations'; import { TEAM_MEMBER_ROLE_MAP } from '@documenso/lib/constants/teams-translations'; import { AppError } from '@documenso/lib/errors/app-error'; +import { ZNameSchema } from '@documenso/lib/types/name'; import { trpc } from '@documenso/trpc/react'; import type { TFindOrganisationGroupsResponse } from '@documenso/trpc/server/organisation-router/find-organisation-groups.types'; import { Button } from '@documenso/ui/primitives/button'; @@ -28,7 +29,6 @@ import { useMemo, useState } from 'react'; import { useForm } from 'react-hook-form'; import { Link } from 'react-router'; import { z } from 'zod'; - import { OrganisationGroupDeleteDialog } from '~/components/dialogs/organisation-group-delete-dialog'; import { GenericErrorLayout } from '~/components/general/generic-error-layout'; import { @@ -36,7 +36,6 @@ import { OrganisationMembersMultiSelectCombobox, } from '~/components/general/organisation-members-multiselect-combobox'; import { SettingsHeader } from '~/components/general/settings-header'; - import type { Route } from './+types/o.$orgUrl.settings.groups.$id'; export default function OrganisationGroupSettingsPage({ params }: Route.ComponentProps) { @@ -113,7 +112,7 @@ export default function OrganisationGroupSettingsPage({ params }: Route.Componen } const ZUpdateOrganisationGroupFormSchema = z.object({ - name: z.string().min(1, msg`Name is required`.id), + name: ZNameSchema, organisationRole: z.nativeEnum(OrganisationMemberRole), memberIds: z.array(z.string()), }); diff --git a/packages/auth/server/types/email-password.ts b/packages/auth/server/types/email-password.ts index eafaca28c..5303d326c 100644 --- a/packages/auth/server/types/email-password.ts +++ b/packages/auth/server/types/email-password.ts @@ -1,4 +1,4 @@ -import { ZNameSchema } from '@documenso/lib/constants/auth'; +import { ZNameSchema } from '@documenso/lib/types/name'; import { zEmail } from '@documenso/lib/utils/zod'; import { z } from 'zod'; diff --git a/packages/lib/constants/auth.ts b/packages/lib/constants/auth.ts index c4c8727ed..cb514979b 100644 --- a/packages/lib/constants/auth.ts +++ b/packages/lib/constants/auth.ts @@ -1,25 +1,10 @@ import MailChecker from 'mailchecker'; -import { z } from 'zod'; import { env } from '../utils/env'; import { NEXT_PUBLIC_WEBAPP_URL } from './app'; export const SALT_ROUNDS = 12; -export const URL_PATTERN = /https?:\/\/|www\./i; - -/** - * Shared name schema that disallows URLs to prevent phishing via email rendering. - */ -export const ZNameSchema = z - .string() - .trim() - .min(3, { message: 'Please enter a valid name.' }) - .max(255, { message: 'Name cannot be more than 255 characters.' }) - .refine((value) => !URL_PATTERN.test(value), { - message: 'Name cannot contain URLs.', - }); - export const IDENTITY_PROVIDER_NAME: Record = { DOCUMENSO: 'Documenso', GOOGLE: 'Google', diff --git a/packages/lib/types/name.test.ts b/packages/lib/types/name.test.ts new file mode 100644 index 000000000..376831883 --- /dev/null +++ b/packages/lib/types/name.test.ts @@ -0,0 +1,145 @@ +import { describe, expect, it } from 'vitest'; + +import { ZNameSchema } from './name'; + +describe('ZNameSchema', () => { + describe('valid names', () => { + it('accepts a normal name', () => { + expect(ZNameSchema.safeParse('Example User')).toEqual({ + success: true, + data: 'Example User', + }); + }); + + it('accepts international characters', () => { + expect(ZNameSchema.safeParse('Døcumensø Üser')).toEqual({ + success: true, + data: 'Døcumensø Üser', + }); + }); + + it('trims surrounding whitespace', () => { + expect(ZNameSchema.safeParse(' Documenso User ')).toEqual({ + success: true, + data: 'Documenso User', + }); + }); + + it('accepts names at the minimum length', () => { + expect(ZNameSchema.safeParse('DU')).toEqual({ + success: true, + data: 'DU', + }); + }); + + it('accepts names at the maximum length', () => { + const name = + 'DocumensoUser DocumensoUser DocumensoUser DocumensoUser DocumensoUser DocumensoUser DocumensoUser Do'; + + expect(name.length).toBe(100); + expect(ZNameSchema.safeParse(name)).toEqual({ + success: true, + data: name, + }); + }); + }); + + describe('length validation', () => { + it('rejects names shorter than 2 characters', () => { + expect(ZNameSchema.safeParse('D')).toMatchObject({ + success: false, + error: { + issues: [{ message: 'Please enter a valid name.' }], + }, + }); + }); + + it('rejects names longer than 100 characters', () => { + const name = + 'DocumensoUser DocumensoUser DocumensoUser DocumensoUser DocumensoUser DocumensoUser DocumensoUser Doc'; + + expect(name.length).toBe(101); + expect(ZNameSchema.safeParse(name)).toMatchObject({ + success: false, + error: { + issues: [{ message: 'Name cannot be more than 100 characters.' }], + }, + }); + }); + + it('rejects whitespace-only input after trim', () => { + expect(ZNameSchema.safeParse(' ')).toMatchObject({ + success: false, + }); + }); + }); + + describe('URL validation', () => { + it.each([ + 'https://example.com', + 'http://example.com', + 'HTTPS://EXAMPLE.COM', + 'Northwind www.example.com', + 'www.example.com', + ])('rejects URLs in names: %s', (value) => { + expect(ZNameSchema.safeParse(value)).toMatchObject({ + success: false, + error: { + issues: expect.arrayContaining([expect.objectContaining({ message: 'Name cannot contain URLs.' })]), + }, + }); + }); + }); + + describe('invalid character validation', () => { + it.each([ + ['NUL character', 'Acme\u0000Corp'], + ['zero-width space', 'Acme\u200bCorp'], + ['bidi override', 'Acme\u202eCorp'], + ['byte order mark', 'Acme\ufeffCorp'], + ['lone surrogate', 'Acme\ud800Corp'], + ['tag character', `Acme${String.fromCodePoint(0xe0041)}Corp`], + ['noncharacter', 'Acme\ufffeCorp'], + ['private use character', 'Acme\ue000Corp'], + ['Hangul filler', 'Acme\u3164Corp'], + ['braille blank', 'Acme\u2800Corp'], + ['combining grapheme joiner', 'Acme\u034fCorp'], + ])('rejects names containing a %s', (_label, value) => { + expect(ZNameSchema.safeParse(value)).toMatchObject({ + success: false, + error: { + issues: expect.arrayContaining([expect.objectContaining({ message: 'Name contains invalid characters.' })]), + }, + }); + }); + + it.each([ + ['fixed form', String.raw`Acme\u200bCorp`], + ['uppercase U', String.raw`Acme\U200BCorp`], + ['braced form', String.raw`Acme\u{200b}Corp`], + ['braced form with leading zeros', String.raw`Acme\u{0000200b}Corp`], + ['lone surrogate', String.raw`Acme\ud800Corp`], + ])('rejects literal \\u escape sequences stored as text (%s)', (_label, value) => { + expect(ZNameSchema.safeParse(value)).toMatchObject({ + success: false, + error: { + issues: expect.arrayContaining([expect.objectContaining({ message: 'Name contains invalid characters.' })]), + }, + }); + }); + + it.each([ + ['escape of a valid code point', String.raw`Acme\u0041Corp`], + ['braced escape of a valid astral code point', String.raw`Acme\u{1F600}Corp`], + ['braced escape beyond the Unicode range', String.raw`Acme\u{FFFFFFF}Corp`], + ['incomplete escape sequence', String.raw`Acme\u00 Corp`], + ['unterminated braced escape', String.raw`Acme\u{200bCorp`], + ['astral characters such as emoji', 'Acme 😀 Corp'], + ['emoji with a variation selector', 'I ❤️ Docs'], + ])('accepts %s', (_label, value) => { + expect(ZNameSchema.safeParse(value)).toMatchObject({ + success: true, + }); + }); + }); +}); diff --git a/packages/lib/types/name.ts b/packages/lib/types/name.ts new file mode 100644 index 000000000..14f0f4b7d --- /dev/null +++ b/packages/lib/types/name.ts @@ -0,0 +1,68 @@ +import { z } from 'zod'; + +export const URL_PATTERN = /https?:\/\/|www\./i; + +/** + * Characters that render as empty/invisible or break text layout: + * + * - `\p{C}` - control, format, lone surrogate, private use and + * unassigned code points (NUL, zero-width spaces, bidi + * overrides, BOM, tag characters, noncharacters). + * - `\p{Zl}\p{Zp}` - line and paragraph separators. + * - `\u{034F}` - combining grapheme joiner (invisible). Kept outside the + * character class because it is a combining mark, which + * lint rules reject inside classes. + * - remaining - letters that render as blank (Hangul fillers, braille blank). + * + * The `\p{...}` classes are maintained by the Unicode database, so newly + * assigned characters in these categories are covered automatically. + */ +const INVALID_CHARACTER_REGEX = /[\p{C}\p{Zl}\p{Zp}\u{115F}\u{1160}\u{2800}\u{3164}\u{FFA0}]|\u{034F}/u; + +const hasInvalidCharacter = (value: string) => INVALID_CHARACTER_REGEX.test(value); + +/** + * Matches literal `\uXXXX` and `\u{XXXX}` escape sequences stored verbatim as + * text (e.g. the 6 characters `\`, `u`, `2`, `0`, `0`, `b`), which can still + * break rendering downstream if anything decodes them. + */ +const ESCAPE_SEQUENCE_PATTERN = /\\u(?:([0-9a-f]{4})|\{([0-9a-f]+)\})/gi; + +const hasInvalidEscapeSequence = (value: string) => { + for (const [, fixedHex, bracedHex] of value.matchAll(ESCAPE_SEQUENCE_PATTERN)) { + const codePoint = parseInt(fixedHex ?? bracedHex, 16); + + if (codePoint > 0x10ffff) { + continue; + } + + // Decode the escape and run it through the same character policy as the + // unescaped check, so the two can never drift apart. + if (hasInvalidCharacter(String.fromCodePoint(codePoint))) { + return true; + } + } + + return false; +}; + +export const hasInvalidTextCharacters = (value: string) => + hasInvalidCharacter(value) || hasInvalidEscapeSequence(value); + +/** + * Shared name schema that disallows URLs to prevent phishing via email rendering, + * and invisible/control characters that render as empty or break the UI. + */ +export const ZNameSchema = z + .string() + .trim() + .min(2, { message: 'Please enter a valid name.' }) + .max(100, { message: 'Name cannot be more than 100 characters.' }) + .refine((value) => !URL_PATTERN.test(value), { + message: 'Name cannot contain URLs.', + }) + .refine((value) => !hasInvalidTextCharacters(value), { + message: 'Name contains invalid characters.', + }); + +export type TName = z.infer; diff --git a/packages/trpc/server/admin-router/create-admin-organisation.types.ts b/packages/trpc/server/admin-router/create-admin-organisation.types.ts index 7c142bba6..a86750ab3 100644 --- a/packages/trpc/server/admin-router/create-admin-organisation.types.ts +++ b/packages/trpc/server/admin-router/create-admin-organisation.types.ts @@ -1,11 +1,10 @@ +import { ZNameSchema } from '@documenso/lib/types/name'; import { z } from 'zod'; -import { ZOrganisationNameSchema } from '../organisation-router/create-organisation.types'; - export const ZCreateAdminOrganisationRequestSchema = z.object({ ownerUserId: z.number(), data: z.object({ - name: ZOrganisationNameSchema, + name: ZNameSchema, }), }); diff --git a/packages/trpc/server/admin-router/create-subscription-claim.types.ts b/packages/trpc/server/admin-router/create-subscription-claim.types.ts index f1cfbad60..9cb1da986 100644 --- a/packages/trpc/server/admin-router/create-subscription-claim.types.ts +++ b/packages/trpc/server/admin-router/create-subscription-claim.types.ts @@ -1,8 +1,9 @@ +import { ZNameSchema } from '@documenso/lib/types/name'; import { ZClaimFlagsSchema, ZRateLimitArraySchema } from '@documenso/lib/types/subscription'; import { z } from 'zod'; export const ZCreateSubscriptionClaimRequestSchema = z.object({ - name: z.string().min(1), + name: ZNameSchema, teamCount: z.number().int().min(0), memberCount: z.number().int().min(0), envelopeItemCount: z.number().int().min(1), diff --git a/packages/trpc/server/admin-router/create-user.types.ts b/packages/trpc/server/admin-router/create-user.types.ts index 6e1b65438..6c629a291 100644 --- a/packages/trpc/server/admin-router/create-user.types.ts +++ b/packages/trpc/server/admin-router/create-user.types.ts @@ -1,4 +1,4 @@ -import { ZNameSchema } from '@documenso/lib/constants/auth'; +import { ZNameSchema } from '@documenso/lib/types/name'; import { z } from 'zod'; export const ZCreateUserRequestSchema = z.object({ diff --git a/packages/trpc/server/admin-router/email-transport/create-email-transport.types.ts b/packages/trpc/server/admin-router/email-transport/create-email-transport.types.ts index 26a47c12c..ecfa77bd4 100644 --- a/packages/trpc/server/admin-router/email-transport/create-email-transport.types.ts +++ b/packages/trpc/server/admin-router/email-transport/create-email-transport.types.ts @@ -1,9 +1,10 @@ import { ZEmailTransportConfigSchema } from '@documenso/lib/server-only/email/email-transport-config'; +import { ZNameSchema } from '@documenso/lib/types/name'; import { z } from 'zod'; export const ZCreateEmailTransportRequestSchema = z.object({ - name: z.string().min(1), - fromName: z.string().min(1), + name: ZNameSchema, + fromName: ZNameSchema, fromAddress: z.string().email(), config: ZEmailTransportConfigSchema, }); diff --git a/packages/trpc/server/admin-router/email-transport/update-email-transport.types.ts b/packages/trpc/server/admin-router/email-transport/update-email-transport.types.ts index d007c7e19..c8924c175 100644 --- a/packages/trpc/server/admin-router/email-transport/update-email-transport.types.ts +++ b/packages/trpc/server/admin-router/email-transport/update-email-transport.types.ts @@ -4,6 +4,7 @@ import { ZSmtpApiConfigSchema, ZSmtpAuthConfigSchema, } from '@documenso/lib/server-only/email/email-transport-config'; +import { ZNameSchema } from '@documenso/lib/types/name'; import { z } from 'zod'; // Reuses the canonical transport config schemas, but relaxes the secret field so @@ -21,8 +22,8 @@ const ZUpdateConfigSchema = z.discriminatedUnion('type', [ export const ZUpdateEmailTransportRequestSchema = z.object({ id: z.string(), data: z.object({ - name: z.string().min(1), - fromName: z.string().min(1), + name: ZNameSchema, + fromName: ZNameSchema, fromAddress: z.string().email(), config: ZUpdateConfigSchema, }), diff --git a/packages/trpc/server/admin-router/update-admin-organisation.types.ts b/packages/trpc/server/admin-router/update-admin-organisation.types.ts index 5f5d4a17a..47e9927cc 100644 --- a/packages/trpc/server/admin-router/update-admin-organisation.types.ts +++ b/packages/trpc/server/admin-router/update-admin-organisation.types.ts @@ -1,13 +1,13 @@ +import { ZNameSchema } from '@documenso/lib/types/name'; import { z } from 'zod'; -import { ZOrganisationNameSchema } from '../organisation-router/create-organisation.types'; import { ZTeamUrlSchema } from '../team-router/schema'; import { ZCreateSubscriptionClaimRequestSchema } from './create-subscription-claim.types'; export const ZUpdateAdminOrganisationRequestSchema = z.object({ organisationId: z.string(), data: z.object({ - name: ZOrganisationNameSchema.optional(), + name: ZNameSchema.optional(), url: ZTeamUrlSchema.optional(), claims: ZCreateSubscriptionClaimRequestSchema.pick({ teamCount: true, diff --git a/packages/trpc/server/admin-router/update-user.types.ts b/packages/trpc/server/admin-router/update-user.types.ts index 153b5a785..300db6fa7 100644 --- a/packages/trpc/server/admin-router/update-user.types.ts +++ b/packages/trpc/server/admin-router/update-user.types.ts @@ -1,10 +1,11 @@ +import { ZNameSchema } from '@documenso/lib/types/name'; import { zEmail } from '@documenso/lib/utils/zod'; import { Role } from '@prisma/client'; import { z } from 'zod'; export const ZUpdateUserRequestSchema = z.object({ id: z.number().min(1), - name: z.string().nullish(), + name: ZNameSchema.nullish(), email: zEmail().optional(), roles: z.array(z.nativeEnum(Role)).optional(), }); diff --git a/packages/trpc/server/api-token-router/create-api-token.types.ts b/packages/trpc/server/api-token-router/create-api-token.types.ts index c73c65833..c362bdf50 100644 --- a/packages/trpc/server/api-token-router/create-api-token.types.ts +++ b/packages/trpc/server/api-token-router/create-api-token.types.ts @@ -1,8 +1,9 @@ +import { ZNameSchema } from '@documenso/lib/types/name'; import { z } from 'zod'; export const ZCreateApiTokenRequestSchema = z.object({ teamId: z.number(), - tokenName: z.string().min(3, { message: 'The token name should be 3 characters or longer' }), + tokenName: ZNameSchema, expirationDate: z.string().nullable(), }); diff --git a/packages/trpc/server/auth-router/create-passkey.types.ts b/packages/trpc/server/auth-router/create-passkey.types.ts index d5d2483a4..b6ff4a163 100644 --- a/packages/trpc/server/auth-router/create-passkey.types.ts +++ b/packages/trpc/server/auth-router/create-passkey.types.ts @@ -1,8 +1,9 @@ +import { ZNameSchema } from '@documenso/lib/types/name'; import { ZRegistrationResponseJSONSchema } from '@documenso/lib/types/webauthn'; import { z } from 'zod'; export const ZCreatePasskeyRequestSchema = z.object({ - passkeyName: z.string().trim().min(1), + passkeyName: ZNameSchema, verificationResponse: ZRegistrationResponseJSONSchema, }); diff --git a/packages/trpc/server/auth-router/update-passkey.types.ts b/packages/trpc/server/auth-router/update-passkey.types.ts index e898234da..310389396 100644 --- a/packages/trpc/server/auth-router/update-passkey.types.ts +++ b/packages/trpc/server/auth-router/update-passkey.types.ts @@ -1,8 +1,9 @@ +import { ZNameSchema } from '@documenso/lib/types/name'; import { z } from 'zod'; export const ZUpdatePasskeyRequestSchema = z.object({ passkeyId: z.string().trim().min(1), - name: z.string().trim().min(1), + name: ZNameSchema, }); export const ZUpdatePasskeyResponseSchema = z.void(); diff --git a/packages/trpc/server/enterprise-router/create-organisation-email.types.ts b/packages/trpc/server/enterprise-router/create-organisation-email.types.ts index 22ff2779c..0a3830c53 100644 --- a/packages/trpc/server/enterprise-router/create-organisation-email.types.ts +++ b/packages/trpc/server/enterprise-router/create-organisation-email.types.ts @@ -1,9 +1,10 @@ +import { ZNameSchema } from '@documenso/lib/types/name'; import { zEmail } from '@documenso/lib/utils/zod'; import { z } from 'zod'; export const ZCreateOrganisationEmailRequestSchema = z.object({ emailDomainId: z.string(), - emailName: z.string().min(1).max(100), + emailName: ZNameSchema, email: zEmail().toLowerCase(), // This does not need to be validated to be part of the domain. diff --git a/packages/trpc/server/folder-router/schema.ts b/packages/trpc/server/folder-router/schema.ts index a3c18b78d..396e121c1 100644 --- a/packages/trpc/server/folder-router/schema.ts +++ b/packages/trpc/server/folder-router/schema.ts @@ -1,4 +1,5 @@ import { ZFolderTypeSchema } from '@documenso/lib/types/folder-type'; +import { ZNameSchema } from '@documenso/lib/types/name'; import { ZFindResultResponse, ZFindSearchParamsSchema } from '@documenso/lib/types/search-params'; import { DocumentVisibility } from '@documenso/prisma/generated/types'; import FolderSchema from '@documenso/prisma/generated/zod/modelSchema/FolderSchema'; @@ -42,7 +43,7 @@ const ZFolderParentIdSchema = z .describe('The folder ID to place this folder within. Leave empty to place folder at the root level.'); export const ZCreateFolderRequestSchema = z.object({ - name: z.string(), + name: ZNameSchema, parentId: ZFolderParentIdSchema.optional(), type: ZFolderTypeSchema.optional(), }); @@ -52,7 +53,7 @@ export const ZCreateFolderResponseSchema = ZFolderSchema; export const ZUpdateFolderRequestSchema = z.object({ folderId: z.string().describe('The ID of the folder to update'), data: z.object({ - name: z.string().optional().describe('The name of the folder'), + name: ZNameSchema.optional().describe('The name of the folder'), parentId: ZFolderParentIdSchema.optional().nullable(), visibility: z.nativeEnum(DocumentVisibility).optional().describe('The visibility of the folder'), pinned: z.boolean().optional().describe('Whether the folder should be pinned'), diff --git a/packages/trpc/server/organisation-router/create-organisation-group.types.ts b/packages/trpc/server/organisation-router/create-organisation-group.types.ts index af824d426..3588f8015 100644 --- a/packages/trpc/server/organisation-router/create-organisation-group.types.ts +++ b/packages/trpc/server/organisation-router/create-organisation-group.types.ts @@ -1,3 +1,4 @@ +import { ZNameSchema } from '@documenso/lib/types/name'; import { OrganisationMemberRole } from '@prisma/client'; import { z } from 'zod'; @@ -14,7 +15,7 @@ import { z } from 'zod'; export const ZCreateOrganisationGroupRequestSchema = z.object({ organisationId: z.string(), organisationRole: z.nativeEnum(OrganisationMemberRole), - name: z.string().max(100), + name: ZNameSchema, memberIds: z.array(z.string()), }); diff --git a/packages/trpc/server/organisation-router/create-organisation.types.ts b/packages/trpc/server/organisation-router/create-organisation.types.ts index e18846120..97bb6ee86 100644 --- a/packages/trpc/server/organisation-router/create-organisation.types.ts +++ b/packages/trpc/server/organisation-router/create-organisation.types.ts @@ -1,3 +1,4 @@ +import { ZNameSchema } from '@documenso/lib/types/name'; import { z } from 'zod'; // export const createOrganisationMeta: TrpcOpenApiMeta = { @@ -10,13 +11,8 @@ import { z } from 'zod'; // }, // }; -export const ZOrganisationNameSchema = z - .string() - .min(3, { message: 'Minimum 3 characters' }) - .max(50, { message: 'Maximum 50 characters' }); - export const ZCreateOrganisationRequestSchema = z.object({ - name: ZOrganisationNameSchema, + name: ZNameSchema, priceId: z.string().optional(), }); diff --git a/packages/trpc/server/organisation-router/update-organisation-group.types.ts b/packages/trpc/server/organisation-router/update-organisation-group.types.ts index a32187edc..e6f4eb03f 100644 --- a/packages/trpc/server/organisation-router/update-organisation-group.types.ts +++ b/packages/trpc/server/organisation-router/update-organisation-group.types.ts @@ -1,3 +1,4 @@ +import { ZNameSchema } from '@documenso/lib/types/name'; import { OrganisationMemberRole } from '@prisma/client'; import { z } from 'zod'; @@ -14,7 +15,7 @@ import { z } from 'zod'; export const ZUpdateOrganisationGroupRequestSchema = z.object({ id: z.string(), - name: z.string().nullable().optional(), + name: ZNameSchema.nullable().optional(), organisationRole: z.nativeEnum(OrganisationMemberRole).optional(), memberIds: z.array(z.string()).optional(), }); diff --git a/packages/trpc/server/profile-router/schema.ts b/packages/trpc/server/profile-router/schema.ts index 4f1873096..5bcf2fe4e 100644 --- a/packages/trpc/server/profile-router/schema.ts +++ b/packages/trpc/server/profile-router/schema.ts @@ -1,4 +1,4 @@ -import { ZNameSchema } from '@documenso/lib/constants/auth'; +import { ZNameSchema } from '@documenso/lib/types/name'; import { z } from 'zod'; export const ZFindUserSecurityAuditLogsSchema = z.object({ diff --git a/packages/trpc/server/team-router/create-team.types.ts b/packages/trpc/server/team-router/create-team.types.ts index efbedccfe..b4bc56679 100644 --- a/packages/trpc/server/team-router/create-team.types.ts +++ b/packages/trpc/server/team-router/create-team.types.ts @@ -1,5 +1,6 @@ +import { ZNameSchema } from '@documenso/lib/types/name'; import { z } from 'zod'; -import { ZTeamNameSchema, ZTeamUrlSchema } from './schema'; +import { ZTeamUrlSchema } from './schema'; // export const createTeamMeta: TrpcOpenApiMeta = { // openapi: { @@ -13,7 +14,7 @@ import { ZTeamNameSchema, ZTeamUrlSchema } from './schema'; export const ZCreateTeamRequestSchema = z.object({ organisationId: z.string(), - teamName: ZTeamNameSchema, + teamName: ZNameSchema, teamUrl: ZTeamUrlSchema, inheritMembers: z .boolean() diff --git a/packages/trpc/server/team-router/schema.ts b/packages/trpc/server/team-router/schema.ts index 35ee0b59a..620ad1cb4 100644 --- a/packages/trpc/server/team-router/schema.ts +++ b/packages/trpc/server/team-router/schema.ts @@ -1,5 +1,5 @@ -import { URL_PATTERN, ZNameSchema } from '@documenso/lib/constants/auth'; import { PROTECTED_TEAM_URLS } from '@documenso/lib/constants/teams'; +import { ZNameSchema } from '@documenso/lib/types/name'; import { zEmail } from '@documenso/lib/utils/zod'; import { TeamMemberRole } from '@prisma/client'; import { z } from 'zod'; @@ -32,15 +32,6 @@ export const ZTeamUrlSchema = z message: 'This URL is already in use.', }); -export const ZTeamNameSchema = z - .string() - .trim() - .min(3, { message: 'Team name must be at least 3 characters long.' }) - .max(30, { message: 'Team name must not exceed 30 characters.' }) - .refine((value) => !URL_PATTERN.test(value), { - message: 'Team name cannot contain URLs.', - }); - export const ZCreateTeamEmailVerificationMutationSchema = z.object({ teamId: z.number(), name: ZNameSchema, diff --git a/packages/trpc/server/team-router/update-team.types.ts b/packages/trpc/server/team-router/update-team.types.ts index c75abdf30..f28675b1b 100644 --- a/packages/trpc/server/team-router/update-team.types.ts +++ b/packages/trpc/server/team-router/update-team.types.ts @@ -1,6 +1,7 @@ +import { ZNameSchema } from '@documenso/lib/types/name'; import { z } from 'zod'; -import { ZTeamNameSchema, ZTeamUrlSchema } from './schema'; +import { ZTeamUrlSchema } from './schema'; export const MAX_PROFILE_BIO_LENGTH = 256; @@ -19,7 +20,7 @@ export const MAX_PROFILE_BIO_LENGTH = 256; export const ZUpdateTeamRequestSchema = z.object({ teamId: z.number(), data: z.object({ - name: ZTeamNameSchema.optional(), + name: ZNameSchema.optional(), url: ZTeamUrlSchema.optional(), profileBio: z .string() diff --git a/packages/trpc/server/webhook-router/schema.ts b/packages/trpc/server/webhook-router/schema.ts index 1abd126a4..87ebf53d2 100644 --- a/packages/trpc/server/webhook-router/schema.ts +++ b/packages/trpc/server/webhook-router/schema.ts @@ -1,4 +1,5 @@ import { isPrivateUrl } from '@documenso/lib/server-only/webhooks/is-private-url'; +import { URL_PATTERN } from '@documenso/lib/types/name'; import { WebhookTriggerEvents } from '@prisma/client'; import { z } from 'zod'; @@ -7,6 +8,13 @@ export const ZWebhookUrlSchema = z .url() .refine((url) => !isPrivateUrl(url), { message: 'Webhook URL cannot point to a private or loopback address', + }) + /* + * Without this, values like "foo: bar" would be valid URLs. + * Keep the same error message as the zod url() validator. + */ + .refine((value) => URL_PATTERN.test(value), { + message: 'Invalid url', }); export const ZCreateWebhookRequestSchema = z.object({ From 50f272be876f14a2e22518552f5030c3117c3391 Mon Sep 17 00:00:00 2001 From: Catalin Pit Date: Thu, 2 Jul 2026 09:50:11 +0300 Subject: [PATCH 10/10] fix: admin organisation limits and usage UI (#3014) --- .../general/admin-global-settings-section.tsx | 113 +++++-- .../components/general/claim-limit-fields.tsx | 95 ++++-- .../general/organisation-usage-panel.tsx | 302 +++++++++++++---- .../organisation-usage-reset-button.tsx | 2 + .../general/rate-limit-array-input.tsx | 165 +++++++-- .../admin+/organisations.$id.tsx | 312 +++++++++--------- .../_authenticated+/admin+/teams.$id.tsx | 6 +- .../rate-limit/compute-quota-flags.ts | 35 +- .../rate-limit/get-quota-alert-kind.ts | 4 +- packages/lib/types/subscription.ts | 39 ++- packages/lib/universal/quota-usage.test.ts | 99 ++++++ packages/lib/universal/quota-usage.ts | 57 ++++ .../server/admin-router/get-admin-team.ts | 1 + .../admin-router/get-admin-team.types.ts | 3 + 14 files changed, 880 insertions(+), 353 deletions(-) create mode 100644 packages/lib/universal/quota-usage.test.ts create mode 100644 packages/lib/universal/quota-usage.ts diff --git a/apps/remix/app/components/general/admin-global-settings-section.tsx b/apps/remix/app/components/general/admin-global-settings-section.tsx index 5f21e7900..760684077 100644 --- a/apps/remix/app/components/general/admin-global-settings-section.tsx +++ b/apps/remix/app/components/general/admin-global-settings-section.tsx @@ -5,6 +5,7 @@ import { msg } from '@lingui/core/macro'; import { useLingui } from '@lingui/react'; import { Trans } from '@lingui/react/macro'; import type { OrganisationGlobalSettings, TeamGlobalSettings } from '@prisma/client'; +import type { ReactNode } from 'react'; import { DetailsCard, DetailsValue } from '~/components/general/admin-details'; @@ -25,38 +26,72 @@ const emailSettingsKeys = Object.keys(EMAIL_SETTINGS_LABELS) as (keyof TDocument type AdminGlobalSettingsSectionProps = { settings: TeamGlobalSettings | OrganisationGlobalSettings | null; isTeam?: boolean; + /** When viewing a team, the parent organisation settings the team inherits from. */ + inheritedSettings?: OrganisationGlobalSettings | null; }; -export const AdminGlobalSettingsSection = ({ settings, isTeam = false }: AdminGlobalSettingsSectionProps) => { +export const AdminGlobalSettingsSection = ({ + settings, + isTeam = false, + inheritedSettings, +}: AdminGlobalSettingsSectionProps) => { const { _ } = useLingui(); - const notSetLabel = isTeam ? Inherited : Not set; if (!settings) { return null; } - const textValue = (value: string | null | undefined) => { - if (value === null || value === undefined) { - return notSetLabel; + const notSet = Not set; + + const inheritedValue = (value: ReactNode) => { + if (!isTeam || value === null) { + return notSet; } - return value; + return ( + + + Inherited: + + {value} + + ); }; - const brandingTextValue = (value: string | null | undefined) => { - if (value === null || value === undefined || value.trim() === '') { - return notSetLabel; + const textValue = (value: string | null | undefined, inherited?: string | null) => { + if (value && value.trim() !== '') { + return value; } - return value; + if (inherited && inherited.trim() !== '') { + return inheritedValue(inherited); + } + + return notSet; }; - const booleanValue = (value: boolean | null | undefined) => { - if (value === null || value === undefined) { - return notSetLabel; + const booleanLabel = (value: boolean) => (value ? Enabled : Disabled); + + const booleanValue = (value: boolean | null | undefined, inherited?: boolean | null) => { + if (value !== null && value !== undefined) { + return booleanLabel(value); } - return value ? Enabled : Disabled; + return inherited !== null && inherited !== undefined ? inheritedValue(booleanLabel(inherited)) : notSet; + }; + + const visibilityLabel = (value: string | null | undefined) => { + return value && DOCUMENT_VISIBILITY[value] ? _(DOCUMENT_VISIBILITY[value].value) : null; + }; + + const visibilityValue = (value: string | null | undefined, inherited?: string | null) => { + const label = visibilityLabel(value); + + if (label !== null) { + return label; + } + + return inheritedValue(visibilityLabel(inherited)); }; const parsedEmailSettings = ZDocumentEmailSettingsSchema.safeParse(settings.emailDocumentSettings); @@ -65,70 +100,82 @@ export const AdminGlobalSettingsSection = ({ settings, isTeam = false }: AdminGl
Document visibility}> - {settings.documentVisibility != null - ? _(DOCUMENT_VISIBILITY[settings.documentVisibility].value) - : notSetLabel} + {visibilityValue(settings.documentVisibility, inheritedSettings?.documentVisibility)} Document language}> - {textValue(settings.documentLanguage)} + {textValue(settings.documentLanguage, inheritedSettings?.documentLanguage)} Document timezone}> - {textValue(settings.documentTimezone)} + {textValue(settings.documentTimezone, inheritedSettings?.documentTimezone)} Date format}> - {textValue(settings.documentDateFormat)} + {textValue(settings.documentDateFormat, inheritedSettings?.documentDateFormat)} Include sender details}> - {booleanValue(settings.includeSenderDetails)} + + {booleanValue(settings.includeSenderDetails, inheritedSettings?.includeSenderDetails)} + Include signing certificate}> - {booleanValue(settings.includeSigningCertificate)} + + {booleanValue(settings.includeSigningCertificate, inheritedSettings?.includeSigningCertificate)} + Include audit log}> - {booleanValue(settings.includeAuditLog)} + {booleanValue(settings.includeAuditLog, inheritedSettings?.includeAuditLog)} Delegate document ownership}> - {booleanValue(settings.delegateDocumentOwnership)} + + {booleanValue(settings.delegateDocumentOwnership, inheritedSettings?.delegateDocumentOwnership)} + Typed signature}> - {booleanValue(settings.typedSignatureEnabled)} + + {booleanValue(settings.typedSignatureEnabled, inheritedSettings?.typedSignatureEnabled)} + Upload signature}> - {booleanValue(settings.uploadSignatureEnabled)} + + {booleanValue(settings.uploadSignatureEnabled, inheritedSettings?.uploadSignatureEnabled)} + Draw signature}> - {booleanValue(settings.drawSignatureEnabled)} + + {booleanValue(settings.drawSignatureEnabled, inheritedSettings?.drawSignatureEnabled)} + Branding}> - {booleanValue(settings.brandingEnabled)} + {booleanValue(settings.brandingEnabled, inheritedSettings?.brandingEnabled)} Branding logo}> - {brandingTextValue(settings.brandingLogo)} + {textValue(settings.brandingLogo, inheritedSettings?.brandingLogo)} Branding URL}> - {brandingTextValue(settings.brandingUrl)} + {textValue(settings.brandingUrl, inheritedSettings?.brandingUrl)} Branding company details}> - {brandingTextValue(settings.brandingCompanyDetails)} + + {textValue(settings.brandingCompanyDetails, inheritedSettings?.brandingCompanyDetails)} + Email reply-to}> - {textValue(settings.emailReplyTo)} + {textValue(settings.emailReplyTo, inheritedSettings?.emailReplyTo)} {isTeam && parsedEmailSettings.success && ( @@ -145,7 +192,7 @@ export const AdminGlobalSettingsSection = ({ settings, isTeam = false }: AdminGl )} AI features}> - {booleanValue(settings.aiFeaturesEnabled)} + {booleanValue(settings.aiFeaturesEnabled, inheritedSettings?.aiFeaturesEnabled)}
); diff --git a/apps/remix/app/components/general/claim-limit-fields.tsx b/apps/remix/app/components/general/claim-limit-fields.tsx index ed29c8fc3..c90a92430 100644 --- a/apps/remix/app/components/general/claim-limit-fields.tsx +++ b/apps/remix/app/components/general/claim-limit-fields.tsx @@ -1,11 +1,4 @@ -import { - FormControl, - FormDescription, - FormField, - FormItem, - FormLabel, - FormMessage, -} from '@documenso/ui/primitives/form/form'; +import { FormControl, FormField, FormItem, FormLabel, FormMessage } from '@documenso/ui/primitives/form/form'; import { Input } from '@documenso/ui/primitives/input'; import { Trans, useLingui } from '@lingui/react/macro'; import type { ReactNode } from 'react'; @@ -13,6 +6,13 @@ import type { Control, FieldValues, Path } from 'react-hook-form'; import { RateLimitArrayInput } from './rate-limit-array-input'; +/** + * The rate-limit editor renders its own per-row inline errors, but a submit + * attempt can still surface array-level Zod issues (e.g. a committed duplicate + * window). Rendering the field's message here guarantees the form never fails + * silently when those errors are not tied to a row the editor is showing. + */ + type ClaimLimitFieldsProps = { control: Control; /** e.g. '' for the claim form, 'claims.' for the org admin form. */ @@ -20,6 +20,12 @@ type ClaimLimitFieldsProps = { disabled?: boolean; }; +type LimitGroup = { + title: ReactNode; + quotaKey: string; + rateLimitKey: string; +}; + export const ClaimLimitFields = ({ control, prefix = '', @@ -30,13 +36,33 @@ export const ClaimLimitFields = ({ // eslint-disable-next-line @typescript-eslint/consistent-type-assertions const name = (key: string) => `${prefix}${key}` as Path; - const renderQuotaField = (key: string, label: ReactNode, description: ReactNode) => ( + const limitGroups: LimitGroup[] = [ + { + title: Documents, + quotaKey: 'documentQuota', + rateLimitKey: 'documentRateLimits', + }, + { + title: Emails, + quotaKey: 'emailQuota', + rateLimitKey: 'emailRateLimits', + }, + { + title: API, + quotaKey: 'apiQuota', + rateLimitKey: 'apiRateLimits', + }, + ]; + + const renderQuotaField = (group: LimitGroup) => ( ( - {label} + + Monthly quota + ({ onChange={(e) => field.onChange(e.target.value === '' ? null : parseInt(e.target.value, 10))} /> - {description} )} /> ); - const renderRateLimitField = (key: string, label: ReactNode) => ( + const renderRateLimitField = (group: LimitGroup) => ( ( - {label} @@ -71,27 +95,30 @@ export const ClaimLimitFields = ({ ); return ( -
- - Limits - +
+
+

+ Limits +

+

+ + Empty quota means unlimited, 0 blocks the resource. Rate limit windows accept values like 5m, 1h or 24h. + +

+
- {renderQuotaField( - 'documentQuota', - Monthly document quota, - Empty = Unlimited, 0 = Blocked, - )} - {renderRateLimitField('documentRateLimits', Document rate limits)} +
+
+ {limitGroups.map((group) => ( +
+

{group.title}

- {renderQuotaField( - 'emailQuota', - Monthly email quota, - Empty = Unlimited, 0 = Blocked, - )} - {renderRateLimitField('emailRateLimits', Email rate limits)} - - {renderQuotaField('apiQuota', Monthly API quota, Empty = Unlimited, 0 = Blocked)} - {renderRateLimitField('apiRateLimits', API rate limits)} + {renderQuotaField(group)} + {renderRateLimitField(group)} +
+ ))} +
+
); }; diff --git a/apps/remix/app/components/general/organisation-usage-panel.tsx b/apps/remix/app/components/general/organisation-usage-panel.tsx index c9ed06265..99a69a661 100644 --- a/apps/remix/app/components/general/organisation-usage-panel.tsx +++ b/apps/remix/app/components/general/organisation-usage-panel.tsx @@ -1,13 +1,38 @@ import { currentMonthlyPeriod } from '@documenso/lib/universal/monthly-period'; +import { + getQuotaUsagePercent, + isQuotaExceeded, + isQuotaNearing, + normalizeCapacityLimit, +} from '@documenso/lib/universal/quota-usage'; +import { cn } from '@documenso/ui/lib/utils'; +import type { BadgeProps } from '@documenso/ui/primitives/badge'; +import { Badge } from '@documenso/ui/primitives/badge'; import { Progress } from '@documenso/ui/primitives/progress'; import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from '@documenso/ui/primitives/select'; import { Trans } from '@lingui/react/macro'; import type { OrganisationClaim, OrganisationMonthlyStat } from '@prisma/client'; -import { useState } from 'react'; -import { match } from 'ts-pattern'; +import type { LucideIcon } from 'lucide-react'; +import { FileIcon, MailIcon, MailOpenIcon, PlugIcon, UsersIcon, UsersRoundIcon } from 'lucide-react'; +import type { ReactNode } from 'react'; +import { useId, useState } from 'react'; + import { OrganisationUsageResetButton } from './organisation-usage-reset-button'; +type CapacityUsage = { + members: number; + teams: number; +}; + +type UsageRow = { + counter: 'document' | 'email' | 'api'; + label: ReactNode; + icon: LucideIcon; + used: number; + effectiveLimit: number | null; +}; + type OrganisationUsagePanelProps = { organisationId: string; monthlyStats: Pick< @@ -15,13 +40,151 @@ type OrganisationUsagePanelProps = { 'period' | 'documentCount' | 'emailCount' | 'apiCount' | 'emailReports' >[]; organisationClaim: OrganisationClaim; + capacityUsage?: CapacityUsage; +}; + +type UsageCardState = { + status: { + label: ReactNode; + variant: NonNullable; + }; + percent: number; + hasFiniteLimit: boolean; + progressClassName: string; + subtext: ReactNode; +}; + +type UsageCardStateOptions = { + used: number; + limit: number | null | undefined; + footnote?: ReactNode; +}; + +const getUsageCardState = ({ used, limit, footnote }: UsageCardStateOptions): UsageCardState => { + const percent = getQuotaUsagePercent(used, limit ?? null); + const hasFiniteLimit = Boolean(limit && limit > 0); + + if (limit === null || limit === undefined) { + return { + status: { label: Unlimited, variant: 'neutral' }, + percent, + hasFiniteLimit, + progressClassName: '', + subtext: footnote ?? null, + }; + } + + if (limit === 0) { + return { + status: { label: Blocked, variant: 'destructive' }, + percent, + hasFiniteLimit, + progressClassName: '', + subtext: footnote ?? Resource blocked, + }; + } + + if (used > limit) { + return { + status: { label: Exceeded, variant: 'destructive' }, + percent, + hasFiniteLimit, + progressClassName: '[&>div]:bg-destructive', + subtext: footnote ?? null, + }; + } + + if (isQuotaExceeded(limit, used)) { + return { + status: { label: Limit reached, variant: 'orange' }, + percent, + hasFiniteLimit, + progressClassName: '[&>div]:bg-orange-500 dark:[&>div]:bg-orange-400', + subtext: footnote ?? null, + }; + } + + if (isQuotaNearing(limit, used)) { + return { + status: { label: Near limit, variant: 'warning' }, + percent, + hasFiniteLimit, + progressClassName: '[&>div]:bg-yellow-500 dark:[&>div]:bg-yellow-400', + subtext: footnote ?? null, + }; + } + + return { + status: { label: Within limit, variant: 'default' }, + percent, + hasFiniteLimit, + progressClassName: '', + subtext: footnote ?? null, + }; +}; + +type UsageStatCardProps = { + label: ReactNode; + icon: LucideIcon; + used: number; + limit: number | null | undefined; + /** When true the card is a plain counter with no limit, status or progress. */ + countOnly?: boolean; + footnote?: ReactNode; + action?: ReactNode; +}; + +const UsageStatCard = ({ label, icon: Icon, used, limit, countOnly = false, footnote, action }: UsageStatCardProps) => { + const { status, percent, hasFiniteLimit, progressClassName, subtext } = getUsageCardState({ used, limit, footnote }); + + return ( +
+
+
+ + {label} +
+ + {!countOnly && ( + + {status.label} + + )} +
+ +
+
+
+ + {used.toLocaleString()} + + {hasFiniteLimit ? ( + / {limit?.toLocaleString()} + ) : null} +
+ + {hasFiniteLimit ? ( + {percent}% + ) : null} +
+ + {hasFiniteLimit ? : null} + + {subtext ?

{subtext}

: null} +
+ + {action ?
{action}
: null} +
+ ); }; export const OrganisationUsagePanel = ({ organisationId, monthlyStats, organisationClaim, + capacityUsage, }: OrganisationUsagePanelProps) => { + const monthlyUsagePeriodId = useId(); const [selectedPeriod, setSelectedPeriod] = useState(() => monthlyStats[0]?.period); const selectedStat = monthlyStats.find((stat) => stat.period === selectedPeriod) ?? monthlyStats[0]; @@ -30,86 +193,105 @@ export const OrganisationUsagePanel = ({ // current period), so only offer the reset action when viewing the current month. const isCurrentPeriod = selectedStat?.period === currentMonthlyPeriod(); - const rows = [ + const capacityRows = capacityUsage + ? [ + { + key: 'members', + label: Members, + icon: UsersIcon, + used: capacityUsage.members, + limit: normalizeCapacityLimit(organisationClaim.memberCount), + }, + { + key: 'teams', + label: Teams, + icon: UsersRoundIcon, + used: capacityUsage.teams, + limit: normalizeCapacityLimit(organisationClaim.teamCount), + }, + ] + : []; + + const monthlyRows: UsageRow[] = [ { - counter: 'document' as const, + counter: 'document', label: Documents, + icon: FileIcon, used: selectedStat?.documentCount ?? 0, effectiveLimit: organisationClaim.documentQuota, }, { - counter: 'email' as const, + counter: 'email', label: Emails, + icon: MailIcon, used: selectedStat?.emailCount ?? 0, effectiveLimit: organisationClaim.emailQuota, }, { - counter: 'api' as const, + counter: 'api', label: API requests, + icon: PlugIcon, used: selectedStat?.apiCount ?? 0, effectiveLimit: organisationClaim.apiQuota, }, ]; return ( -
-
-

- Usage for period: {selectedStat?.period || 'N/A'} -

+
+ {capacityRows.length > 0 ? ( +
+ {capacityRows.map((row) => ( + + ))} +
+ ) : null} - {monthlyStats.length > 0 && ( - - )} -
+
+
+

+ Monthly usage +

- {rows.map((row) => { - const percent = - row.effectiveLimit && row.effectiveLimit > 0 - ? Math.min(100, Math.round((row.used / row.effectiveLimit) * 100)) - : 0; + {monthlyStats.length > 0 ? ( + + ) : null} +
- return ( -
-
- {row.label} - - {row.used} /{' '} - {match(row.effectiveLimit) - .with(null, () => Unlimited) - .with(0, () => Blocked) - .otherwise(String)} - -
+
+ {monthlyRows.map((row) => ( + + ) : undefined + } + /> + ))} - {row.effectiveLimit && row.effectiveLimit > 0 ? : null} - - {selectedStat && isCurrentPeriod && ( -
- -
- )} -
- ); - })} - -
-
- - Reports - - {selectedStat?.emailReports ?? 0} + Reports} + icon={MailOpenIcon} + used={selectedStat?.emailReports ?? 0} + limit={null} + countOnly + footnote={Sent this period} + />
diff --git a/apps/remix/app/components/general/organisation-usage-reset-button.tsx b/apps/remix/app/components/general/organisation-usage-reset-button.tsx index 7451f6e1c..bec8b8dd6 100644 --- a/apps/remix/app/components/general/organisation-usage-reset-button.tsx +++ b/apps/remix/app/components/general/organisation-usage-reset-button.tsx @@ -2,6 +2,7 @@ import { trpc } from '@documenso/trpc/react'; import { Button } from '@documenso/ui/primitives/button'; import { useToast } from '@documenso/ui/primitives/use-toast'; import { Trans, useLingui } from '@lingui/react/macro'; +import { RotateCcwIcon } from 'lucide-react'; import { useRevalidator } from 'react-router'; type OrganisationUsageResetButtonProps = { @@ -32,6 +33,7 @@ export const OrganisationUsageResetButton = ({ organisationId, counter }: Organi loading={isPending} onClick={() => reset({ organisationId, counter })} > + Reset ); diff --git a/apps/remix/app/components/general/rate-limit-array-input.tsx b/apps/remix/app/components/general/rate-limit-array-input.tsx index a2adaad38..a0197764f 100644 --- a/apps/remix/app/components/general/rate-limit-array-input.tsx +++ b/apps/remix/app/components/general/rate-limit-array-input.tsx @@ -1,7 +1,9 @@ +import { RATE_LIMIT_WINDOW_REGEX } from '@documenso/lib/types/subscription'; import { Button } from '@documenso/ui/primitives/button'; import { Input } from '@documenso/ui/primitives/input'; -import { Trans } from '@lingui/react/macro'; +import { Trans, useLingui } from '@lingui/react/macro'; import { PlusIcon, Trash2Icon } from 'lucide-react'; +import { useState } from 'react'; type RateLimitEntryValue = { window: string; max: number }; @@ -11,50 +13,153 @@ type RateLimitArrayInputProps = { disabled?: boolean; }; +const EMPTY_ENTRY: RateLimitEntryValue = { window: '', max: 0 }; + +/** A row counts as "started" once either field has input; fully-empty rows are dropped on commit. */ +const hasEntryInput = (entry: RateLimitEntryValue) => entry.window.trim() !== '' || entry.max > 0; + +/** Keep in-progress rows; drop rows that are completely empty. */ +const persistEntries = (entries: RateLimitEntryValue[]) => { + return entries.map((entry) => ({ ...entry, window: entry.window.trim() })).filter(hasEntryInput); +}; + export const RateLimitArrayInput = ({ value, onChange, disabled }: RateLimitArrayInputProps) => { - const entries = value ?? []; + const { t } = useLingui(); + const [draftEntry, setDraftEntry] = useState(null); + + const entries = draftEntry ? [...value, draftEntry] : value.length ? value : [EMPTY_ENTRY]; + + const getWindowError = (entry: RateLimitEntryValue, index: number) => { + const window = entry.window.trim(); + + if (!hasEntryInput(entry)) { + return null; + } + + if (window === '') { + return t`Enter a window, e.g. 5m`; + } + + if (!RATE_LIMIT_WINDOW_REGEX.test(window)) { + return t`Use a duration with a unit, e.g. 5m, 1h, or 24h`; + } + + const isDuplicateWindow = entries.some((otherEntry, otherIndex) => { + return otherIndex !== index && otherEntry.window.trim() === window; + }); + + return isDuplicateWindow ? t`Use a unique window for each rate limit` : null; + }; + + const getMaxError = (entry: RateLimitEntryValue) => { + if (!hasEntryInput(entry)) { + return null; + } + + return entry.max > 0 ? null : t`Enter a max request count greater than 0`; + }; const updateEntry = (index: number, patch: Partial) => { - const next = entries.map((entry, i) => (i === index ? { ...entry, ...patch } : entry)); - onChange(next); + if (index >= value.length) { + const nextDraftEntry = { ...(draftEntry ?? EMPTY_ENTRY), ...patch }; + + if (hasEntryInput(nextDraftEntry)) { + onChange(persistEntries([...value, nextDraftEntry])); + setDraftEntry(null); + return; + } + + setDraftEntry(nextDraftEntry); + return; + } + + const next = value.map((entry, i) => (i === index ? { ...entry, ...patch } : entry)); + onChange(persistEntries(next)); }; const removeEntry = (index: number) => { - onChange(entries.filter((_, i) => i !== index)); + if (index >= value.length) { + setDraftEntry(null); + return; + } + + const next = value.filter((_, i) => i !== index); + onChange(persistEntries(next)); }; const addEntry = () => { - onChange([...entries, { window: '5m', max: 100 }]); + setDraftEntry(EMPTY_ENTRY); }; + const hasErrors = entries.some((entry, index) => getWindowError(entry, index) || getMaxError(entry)); + const isAddDisabled = disabled || value.length === 0 || Boolean(draftEntry) || hasErrors; + return (
- {entries.map((entry, index) => ( -
- updateEntry(index, { window: e.target.value })} - /> - updateEntry(index, { max: parseInt(e.target.value, 10) || 0 })} - /> - -
- ))} +
+ + Window + + + Max requests + +
- +
+ + {windowError ?

{windowError}

: null} + {maxError ?

{maxError}

: null} +
+ ); + })} + +
); diff --git a/apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx b/apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx index ac668ee3f..d895b338d 100644 --- a/apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx +++ b/apps/remix/app/routes/_authenticated+/admin+/organisations.$id.tsx @@ -8,6 +8,7 @@ import { getHighestOrganisationRoleInGroup } from '@documenso/lib/utils/organisa import { trpc } from '@documenso/trpc/react'; import type { TGetAdminOrganisationResponse } from '@documenso/trpc/server/admin-router/get-admin-organisation.types'; import { ZUpdateAdminOrganisationRequestSchema } from '@documenso/trpc/server/admin-router/update-admin-organisation.types'; +import { cn } from '@documenso/ui/lib/utils'; import { Accordion, AccordionContent, AccordionItem, AccordionTrigger } from '@documenso/ui/primitives/accordion'; import { Alert, AlertDescription, AlertTitle } from '@documenso/ui/primitives/alert'; import { Badge } from '@documenso/ui/primitives/badge'; @@ -30,7 +31,7 @@ import { useToast } from '@documenso/ui/primitives/use-toast'; import { zodResolver } from '@hookform/resolvers/zod'; import { msg } from '@lingui/core/macro'; import { Trans, useLingui } from '@lingui/react/macro'; -import { OrganisationMemberRole } from '@prisma/client'; +import { OrganisationMemberRole, SubscriptionStatus } from '@prisma/client'; import { ExternalLinkIcon, InfoIcon, Loader } from 'lucide-react'; import { useMemo } from 'react'; import { useForm } from 'react-hook-form'; @@ -42,7 +43,6 @@ import { AdminOrganisationDeleteDialog } from '~/components/dialogs/admin-organi import { AdminOrganisationMemberDeleteDialog } from '~/components/dialogs/admin-organisation-member-delete-dialog'; import { AdminOrganisationMemberUpdateDialog } from '~/components/dialogs/admin-organisation-member-update-dialog'; import { AdminOrganisationSyncSubscriptionDialog } from '~/components/dialogs/admin-organisation-sync-subscription-dialog'; -import { DetailsCard, DetailsValue } from '~/components/general/admin-details'; import { AdminGlobalSettingsSection } from '~/components/general/admin-global-settings-section'; import { ClaimLimitFields } from '~/components/general/claim-limit-fields'; import { GenericErrorLayout } from '~/components/general/generic-error-layout'; @@ -268,54 +268,32 @@ export default function OrganisationGroupSettingsPage({ params, loaderData }: Ro -
-
-
-

- Organisation usage -

-

- Current usage against organisation limits. -

-
-
+ -
- Members}> - - {organisation.members.length} /{' '} - {organisation.organisationClaim.memberCount === 0 - ? t`Unlimited` - : organisation.organisationClaim.memberCount} - - - - Teams}> - - {organisation.teams.length} /{' '} - {organisation.organisationClaim.teamCount === 0 ? t`Unlimited` : organisation.organisationClaim.teamCount} - - -
- -
- -
-
+
-

+

Global Settings

-

+

Default settings applied to this organisation.

@@ -335,7 +313,15 @@ export default function OrganisationGroupSettingsPage({ params, loaderData }: Ro className="mt-16" /> - +
Subscription @@ -343,7 +329,12 @@ export default function OrganisationGroupSettingsPage({ params, loaderData }: Ro {organisation.subscription ? ( - {i18n._(SUBSCRIPTION_STATUS_MAP[organisation.subscription.status])} subscription found + + {organisation.subscription.status === SubscriptionStatus.ACTIVE && ( + ) : ( No subscription found @@ -356,6 +347,7 @@ export default function OrganisationGroupSettingsPage({ params, loaderData }: Ro
} /> -