diff --git a/apps/remix/app/routes/_unauthenticated+/signin.tsx b/apps/remix/app/routes/_unauthenticated+/signin.tsx
index 5ea5a5398..4f9920fc3 100644
--- a/apps/remix/app/routes/_unauthenticated+/signin.tsx
+++ b/apps/remix/app/routes/_unauthenticated+/signin.tsx
@@ -1,8 +1,11 @@
+import { authClient } from '@documenso/auth/client';
import { getOptionalSession } from '@documenso/auth/server/lib/utils/get-session';
import {
IS_GOOGLE_SSO_ENABLED,
IS_MICROSOFT_SSO_ENABLED,
+ IS_OIDC_AUTO_REDIRECT_DISABLED,
IS_OIDC_SSO_ENABLED,
+ isSigninEnabledForProvider,
isSignupEnabledForProvider,
OIDC_PROVIDER_LABEL,
} from '@documenso/lib/constants/auth';
@@ -11,6 +14,7 @@ import { Alert, AlertDescription } from '@documenso/ui/primitives/alert';
import { msg } from '@lingui/core/macro';
import { useLingui } from '@lingui/react';
import { Trans } from '@lingui/react/macro';
+import { Loader2Icon } from 'lucide-react';
import { useEffect, useState } from 'react';
import { Link, redirect, useSearchParams } from 'react-router';
@@ -28,10 +32,20 @@ export async function loader({ request }: Route.LoaderArgs) {
const { isAuthenticated } = await getOptionalSession(request);
// SSR env variables.
- const isGoogleSSOEnabled = IS_GOOGLE_SSO_ENABLED;
- const isMicrosoftSSOEnabled = IS_MICROSOFT_SSO_ENABLED;
- const isOIDCSSOEnabled = IS_OIDC_SSO_ENABLED;
+ const isEmailPasswordSigninEnabled = isSigninEnabledForProvider('email');
+ const isGoogleSSOEnabled = IS_GOOGLE_SSO_ENABLED && isSigninEnabledForProvider('google');
+ const isMicrosoftSSOEnabled = IS_MICROSOFT_SSO_ENABLED && isSigninEnabledForProvider('microsoft');
+ const isOIDCSSOEnabled = IS_OIDC_SSO_ENABLED && isSigninEnabledForProvider('oidc');
+
+ // Automatically redirect to OIDC when it is the only enabled signin transport,
+ // unless the redirect has been explicitly disabled via env.
+ const isOIDCOnlyTransport =
+ isOIDCSSOEnabled && !isEmailPasswordSigninEnabled && !isGoogleSSOEnabled && !isMicrosoftSSOEnabled;
+
+ const shouldAutoRedirectToOIDC = isOIDCOnlyTransport && !IS_OIDC_AUTO_REDIRECT_DISABLED;
+
const oidcProviderLabel = OIDC_PROVIDER_LABEL;
+
const isSignupEnabled =
isSignupEnabledForProvider('email') ||
(IS_GOOGLE_SSO_ENABLED && isSignupEnabledForProvider('google')) ||
@@ -47,18 +61,28 @@ export async function loader({ request }: Route.LoaderArgs) {
}
return {
+ isEmailPasswordSigninEnabled,
isGoogleSSOEnabled,
isMicrosoftSSOEnabled,
isOIDCSSOEnabled,
isSignupEnabled,
oidcProviderLabel,
returnTo,
+ shouldAutoRedirectToOIDC,
};
}
export default function SignIn({ loaderData }: Route.ComponentProps) {
- const { isGoogleSSOEnabled, isMicrosoftSSOEnabled, isOIDCSSOEnabled, isSignupEnabled, oidcProviderLabel, returnTo } =
- loaderData;
+ const {
+ isEmailPasswordSigninEnabled,
+ isGoogleSSOEnabled,
+ isMicrosoftSSOEnabled,
+ isOIDCSSOEnabled,
+ isSignupEnabled,
+ oidcProviderLabel,
+ returnTo,
+ shouldAutoRedirectToOIDC,
+ } = loaderData;
const { _ } = useLingui();
@@ -76,6 +100,27 @@ export default function SignIn({ loaderData }: Route.ComponentProps) {
setIsEmbeddedRedirect(params.get('embedded') === 'true');
}, []);
+ useEffect(() => {
+ if (!shouldAutoRedirectToOIDC) {
+ return;
+ }
+
+ void authClient.oidc.signIn({ redirectPath: returnTo ?? '/' });
+ }, [shouldAutoRedirectToOIDC, returnTo]);
+
+ if (shouldAutoRedirectToOIDC) {
+ return (
+
@@ -95,6 +140,7 @@ export default function SignIn({ loaderData }: Route.ComponentProps) {
()
return c.json({ error: 'Upload failed' }, 500);
}
})
- .post('/presigned-post-url', sValidator('json', ZGetPresignedPostUrlRequestSchema), async (c) => {
- const userId = await resolveFileUploadUserId(c);
-
- if (!userId) {
- return c.json({ error: 'Unauthorized' }, 401);
- }
-
- const { fileName, contentType } = c.req.valid('json');
-
- if (!isAllowedUploadContentType(contentType)) {
- return c.json({ error: 'Unsupported content type' }, 400);
- }
-
- try {
- const { key, url } = await getPresignPostUrl(fileName, contentType, userId);
-
- return c.json({ key, url } satisfies TGetPresignedPostUrlResponse);
- } catch (err) {
- console.error(err);
-
- throw new AppError(AppErrorCode.UNKNOWN_ERROR);
- }
- })
.get(
'/envelope/:envelopeId/envelopeItem/:envelopeItemId',
sValidator('param', ZGetEnvelopeItemFileRequestParamsSchema),
diff --git a/apps/remix/server/api/files/files.types.ts b/apps/remix/server/api/files/files.types.ts
index 99f775274..28cb5ded2 100644
--- a/apps/remix/server/api/files/files.types.ts
+++ b/apps/remix/server/api/files/files.types.ts
@@ -13,27 +13,6 @@ export const ZUploadPdfResponseSchema = DocumentDataSchema.pick({
export type TUploadPdfRequest = z.infer;
export type TUploadPdfResponse = z.infer;
-export const ALLOWED_UPLOAD_CONTENT_TYPES = ['application/pdf', 'image/jpeg', 'image/png', 'image/webp'] as const;
-
-export const isAllowedUploadContentType = (contentType: string): boolean => {
- const normalizedContentType = contentType.split(';').at(0)?.trim().toLowerCase();
-
- return ALLOWED_UPLOAD_CONTENT_TYPES.some((allowed) => allowed === normalizedContentType);
-};
-
-export const ZGetPresignedPostUrlRequestSchema = z.object({
- fileName: z.string().min(1),
- contentType: z.string().min(1),
-});
-
-export const ZGetPresignedPostUrlResponseSchema = z.object({
- key: z.string().min(1),
- url: z.string().min(1),
-});
-
-export type TGetPresignedPostUrlRequest = z.infer;
-export type TGetPresignedPostUrlResponse = z.infer;
-
export const ZGetEnvelopeItemFileRequestParamsSchema = z.object({
envelopeId: z.string().min(1),
envelopeItemId: z.string().min(1),
diff --git a/apps/remix/server/router.ts b/apps/remix/server/router.ts
index 19747d4b2..8c9138404 100644
--- a/apps/remix/server/router.ts
+++ b/apps/remix/server/router.ts
@@ -105,7 +105,6 @@ app.route('/api/auth', auth);
// Files route.
app.use('/api/files/upload-pdf', fileRateLimitMiddleware);
-app.use('/api/files/presigned-post-url', fileRateLimitMiddleware);
app.route('/api/files', filesRoute);
// AI route.
diff --git a/docker/production/compose.yml b/docker/production/compose.yml
index b84e9bf65..2a4abc6c3 100644
--- a/docker/production/compose.yml
+++ b/docker/production/compose.yml
@@ -64,6 +64,12 @@ services:
- NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNUP=${NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNUP}
- NEXT_PUBLIC_DISABLE_OIDC_SIGNUP=${NEXT_PUBLIC_DISABLE_OIDC_SIGNUP}
- NEXT_PRIVATE_ALLOWED_SIGNUP_DOMAINS=${NEXT_PRIVATE_ALLOWED_SIGNUP_DOMAINS}
+ - NEXT_PUBLIC_DISABLE_SIGNIN=${NEXT_PUBLIC_DISABLE_SIGNIN}
+ - NEXT_PUBLIC_DISABLE_EMAIL_PASSWORD_SIGNIN=${NEXT_PUBLIC_DISABLE_EMAIL_PASSWORD_SIGNIN}
+ - NEXT_PUBLIC_DISABLE_GOOGLE_SIGNIN=${NEXT_PUBLIC_DISABLE_GOOGLE_SIGNIN}
+ - NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNIN=${NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNIN}
+ - NEXT_PUBLIC_DISABLE_OIDC_SIGNIN=${NEXT_PUBLIC_DISABLE_OIDC_SIGNIN}
+ - NEXT_PUBLIC_DISABLE_OIDC_AUTO_REDIRECT=${NEXT_PUBLIC_DISABLE_OIDC_AUTO_REDIRECT}
- NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH=${NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH:-/opt/documenso/cert.p12}
- NEXT_PRIVATE_SIGNING_PASSPHRASE=${NEXT_PRIVATE_SIGNING_PASSPHRASE}
- NEXT_PUBLIC_USE_INTERNAL_URL_BROWSERLESS=${NEXT_PUBLIC_USE_INTERNAL_URL_BROWSERLESS}
diff --git a/package-lock.json b/package-lock.json
index cb4e523f1..d86982437 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -15,7 +15,7 @@
"dependencies": {
"@ai-sdk/google-vertex": "3.0.81",
"@documenso/prisma": "*",
- "@libpdf/core": "^0.4.0",
+ "@libpdf/core": "^0.4.1",
"@lingui/conf": "^5.6.0",
"@lingui/core": "^5.6.0",
"@marsidev/react-turnstile": "^1.5.0",
@@ -4661,9 +4661,9 @@
"license": "MIT"
},
"node_modules/@libpdf/core": {
- "version": "0.4.0",
- "resolved": "https://registry.npmjs.org/@libpdf/core/-/core-0.4.0.tgz",
- "integrity": "sha512-G9nZRjf9DGDJaS/C23YWogk8akPM7O/6HfMslxVsKTKRbbbb+0szpQIetcGGUGRu7KtmBDmGDWCgz//DXSmq8A==",
+ "version": "0.4.1",
+ "resolved": "https://registry.npmjs.org/@libpdf/core/-/core-0.4.1.tgz",
+ "integrity": "sha512-DWGxWw1na8oFPixz+b6kOgu4tMD8xJLDgyPGVUNqIswO5POHAxsqmTvUvDW0IrwHP7kFRHBV3I3T/KhTABf9rA==",
"license": "MIT",
"dependencies": {
"@noble/ciphers": "^2.2.0",
diff --git a/package.json b/package.json
index d0ffcb2b5..27e69e864 100644
--- a/package.json
+++ b/package.json
@@ -87,7 +87,7 @@
"dependencies": {
"@ai-sdk/google-vertex": "3.0.81",
"@documenso/prisma": "*",
- "@libpdf/core": "^0.4.0",
+ "@libpdf/core": "^0.4.1",
"@lingui/conf": "^5.6.0",
"@lingui/core": "^5.6.0",
"@prisma/extension-read-replicas": "^0.4.1",
diff --git a/packages/app-tests/e2e/admin/organisations/update-organisation-member-role.spec.ts b/packages/app-tests/e2e/admin/organisations/update-organisation-member-role.spec.ts
index 2e0d53fb5..b73ed6f7f 100644
--- a/packages/app-tests/e2e/admin/organisations/update-organisation-member-role.spec.ts
+++ b/packages/app-tests/e2e/admin/organisations/update-organisation-member-role.spec.ts
@@ -526,7 +526,7 @@ test('[ADMIN]: verify organisation access after ownership change', async ({ page
// Should be able to access organisation settings
await expect(page.getByText('Organisation Settings')).toBeVisible();
await expect(page.getByLabel('Organisation Name*')).toBeVisible();
- await expect(page.getByRole('button', { name: 'Update organisation' })).toBeVisible();
+ await expect(page.getByLabel('Organisation Name*')).toBeEnabled();
// Should have delete permissions
await expect(page.getByRole('button', { name: 'Delete' })).toBeVisible();
diff --git a/packages/app-tests/e2e/api/v2/unauthorized-api-access/api-access-file-upload.spec.ts b/packages/app-tests/e2e/api/v2/unauthorized-api-access/api-access-file-upload.spec.ts
index 21b58d737..6aac373cf 100644
--- a/packages/app-tests/e2e/api/v2/unauthorized-api-access/api-access-file-upload.spec.ts
+++ b/packages/app-tests/e2e/api/v2/unauthorized-api-access/api-access-file-upload.spec.ts
@@ -44,46 +44,6 @@ test.describe('File upload endpoint authorization', () => {
expect(res.status()).toBe(401);
});
- test('rejects an unauthenticated presigned-post-url request', async ({ request }) => {
- const res = await request.post(`${WEBAPP_BASE_URL}/api/files/presigned-post-url`, {
- headers: { 'Content-Type': 'application/json' },
- data: { fileName: 'test.pdf', contentType: 'application/pdf' },
- });
-
- expect(res.ok()).toBeFalsy();
- expect(res.status()).toBe(401);
- });
-
- test('rejects a presigned-post-url request with an invalid presign token', async ({ request }) => {
- const res = await request.post(`${WEBAPP_BASE_URL}/api/files/presigned-post-url`, {
- headers: {
- 'Content-Type': 'application/json',
- Authorization: 'Bearer not-a-real-token',
- },
- data: { fileName: 'test.pdf', contentType: 'application/pdf' },
- });
-
- expect(res.ok()).toBeFalsy();
- expect(res.status()).toBe(401);
- });
-
- test('rejects a presigned-post-url request with a disallowed content type', async ({ request }) => {
- const { user, team } = await seedUser();
- const presignToken = await createPresignTokenForUser(user.id, team.id);
-
- const res = await request.post(`${WEBAPP_BASE_URL}/api/files/presigned-post-url`, {
- headers: {
- 'Content-Type': 'application/json',
- Authorization: `Bearer ${presignToken}`,
- },
- data: { fileName: 'malware.exe', contentType: 'application/x-msdownload' },
- });
-
- // Authenticated, but the content type is not on the allow-list.
- expect(res.ok()).toBeFalsy();
- expect(res.status()).toBe(400);
- });
-
test('allows an upload-pdf request authorized by a valid presign token', async ({ request }) => {
const { user, team } = await seedUser();
const presignToken = await createPresignTokenForUser(user.id, team.id);
diff --git a/packages/app-tests/e2e/branding-logo-optimise.spec.ts b/packages/app-tests/e2e/branding-logo-optimise.spec.ts
new file mode 100644
index 000000000..8f26de966
--- /dev/null
+++ b/packages/app-tests/e2e/branding-logo-optimise.spec.ts
@@ -0,0 +1,37 @@
+import { optimiseBrandingLogo } from '@documenso/lib/utils/images/logo';
+import { expect, test } from '@playwright/test';
+import sharp from 'sharp';
+
+const makePng = async (width = 1200, height = 1200) =>
+ sharp({
+ create: { width, height, channels: 3, background: { r: 10, g: 20, b: 30 } },
+ })
+ .png()
+ .toBuffer();
+
+test.describe('optimiseBrandingLogo', () => {
+ test('re-encodes a valid image to a PNG buffer', async () => {
+ const input = await makePng();
+
+ const output = await optimiseBrandingLogo(input);
+
+ const metadata = await sharp(output).metadata();
+
+ expect(metadata.format).toBe('png');
+ });
+
+ test('bounds the image to a maximum of 512px on its largest side', async () => {
+ const input = await makePng(2000, 1000);
+
+ const output = await optimiseBrandingLogo(input);
+
+ const metadata = await sharp(output).metadata();
+
+ expect(metadata.width).toBeLessThanOrEqual(512);
+ expect(metadata.height).toBeLessThanOrEqual(512);
+ });
+
+ test('rejects input that is not a valid image', async () => {
+ await expect(optimiseBrandingLogo(Buffer.from('this is not an image'))).rejects.toThrow();
+ });
+});
diff --git a/packages/app-tests/e2e/branding-logo-upload.spec.ts b/packages/app-tests/e2e/branding-logo-upload.spec.ts
new file mode 100644
index 000000000..2b7bd6602
--- /dev/null
+++ b/packages/app-tests/e2e/branding-logo-upload.spec.ts
@@ -0,0 +1,225 @@
+import fs from 'node:fs';
+import path from 'node:path';
+
+import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
+import { prisma } from '@documenso/prisma';
+import { seedUser } from '@documenso/prisma/seed/users';
+import { expect, type Page, test } from '@playwright/test';
+
+import { apiSignin } from './fixtures/authentication';
+
+test.describe.configure({ mode: 'parallel' });
+
+const LOGO_PATH = path.join(__dirname, '../../assets/logo.png');
+
+type MultipartFile = { name: string; mimeType: string; buffer: Buffer };
+
+const enableBrandingAndUpload = async (page: Page) => {
+ // Enable custom branding so the file input is no longer disabled.
+ await page.getByTestId('enable-branding').click();
+ await page.getByRole('option', { name: 'Yes' }).click();
+
+ // Upload the logo file through the real multipart route.
+ await page.locator('input[type="file"]').setInputFiles(LOGO_PATH);
+
+ await page.getByRole('button', { name: 'Save changes' }).first().click();
+ await expect(page.getByText('Your branding preferences have been updated').first()).toBeVisible();
+};
+
+/**
+ * POST a logo straight to the dedicated multipart tRPC route using the
+ * authenticated browser cookies. This bypasses the client-side form validation,
+ * which is the only way to exercise the server-side image validation /
+ * sanitisation (`zfdBrandingImageFile` + `optimiseBrandingLogo`) and the entitlement gate.
+ */
+const postOrganisationBrandingLogo = async (page: Page, organisationId: string, file: MultipartFile | null) => {
+ const multipart: Record = {
+ payload: JSON.stringify({ organisationId }),
+ };
+
+ if (file) {
+ multipart.brandingLogo = file;
+ }
+
+ return await page
+ .context()
+ .request.post(`${NEXT_PUBLIC_WEBAPP_URL()}/api/trpc/organisation.settings.updateBrandingLogo`, { multipart });
+};
+
+/**
+ * Grant the organisation the custom-branding entitlement. The positive branding
+ * flows require it whenever billing is enabled; with billing disabled the gate is
+ * bypassed, so this keeps these tests valid in both modes.
+ */
+const grantCustomBranding = async (organisationClaimId: string) => {
+ await prisma.organisationClaim.update({
+ where: { id: organisationClaimId },
+ data: { flags: { allowLegacyEnvelopes: true, allowCustomBranding: true } },
+ });
+};
+
+test('[BRANDING_LOGO]: uploads an organisation branding logo via the dedicated route', async ({ page }) => {
+ const { user, organisation } = await seedUser({ isPersonalOrganisation: false });
+
+ await grantCustomBranding(organisation.organisationClaim.id);
+
+ await apiSignin({
+ page,
+ email: user.email,
+ redirectPath: `/o/${organisation.url}/settings/branding`,
+ });
+
+ await enableBrandingAndUpload(page);
+
+ const settings = await prisma.organisationGlobalSettings.findUniqueOrThrow({
+ where: { id: organisation.organisationGlobalSettingsId },
+ });
+
+ expect(settings.brandingLogo).toBeTruthy();
+
+ const parsed = JSON.parse(settings.brandingLogo);
+ expect(parsed).toHaveProperty('type');
+ expect(parsed).toHaveProperty('data');
+});
+
+test('[BRANDING_LOGO]: uploads a team branding logo via the dedicated route', async ({ page }) => {
+ const { user, team, organisation } = await seedUser({ isPersonalOrganisation: false });
+
+ await grantCustomBranding(organisation.organisationClaim.id);
+
+ await apiSignin({
+ page,
+ email: user.email,
+ redirectPath: `/t/${team.url}/settings/branding`,
+ });
+
+ await enableBrandingAndUpload(page);
+
+ // TeamGlobalSettings has no `teamId` column (the FK lives on Team), so read it
+ // through the team relation.
+ const teamWithSettings = await prisma.team.findUniqueOrThrow({
+ where: { id: team.id },
+ include: { teamGlobalSettings: true },
+ });
+
+ expect(teamWithSettings.teamGlobalSettings?.brandingLogo).toBeTruthy();
+
+ const parsed = JSON.parse(teamWithSettings.teamGlobalSettings?.brandingLogo ?? '');
+ expect(parsed).toHaveProperty('type');
+ expect(parsed).toHaveProperty('data');
+});
+
+test('[BRANDING_LOGO]: clears the organisation branding logo when the user removes it', async ({ page }) => {
+ const { user, organisation } = await seedUser({ isPersonalOrganisation: false });
+
+ await grantCustomBranding(organisation.organisationClaim.id);
+
+ await apiSignin({
+ page,
+ email: user.email,
+ redirectPath: `/o/${organisation.url}/settings/branding`,
+ });
+
+ await enableBrandingAndUpload(page);
+
+ // Confirm the logo was stored before we clear it.
+ const settings = await prisma.organisationGlobalSettings.findUniqueOrThrow({
+ where: { id: organisation.organisationGlobalSettingsId },
+ });
+
+ expect(settings.brandingLogo).toBeTruthy();
+
+ // Remove the logo and save again.
+ await page.getByRole('button', { name: 'Remove' }).click();
+ await page.getByRole('button', { name: 'Save changes' }).first().click();
+
+ // Clearing the logo persists an empty string via the dedicated route.
+ await expect
+ .poll(async () => {
+ const updated = await prisma.organisationGlobalSettings.findUniqueOrThrow({
+ where: { id: organisation.organisationGlobalSettingsId },
+ });
+
+ return updated.brandingLogo;
+ })
+ .toBe('');
+});
+
+test('[BRANDING_LOGO]: validates and sanitises the logo on the server', async ({ page }) => {
+ const { user, organisation } = await seedUser({ isPersonalOrganisation: false });
+
+ await grantCustomBranding(organisation.organisationClaim.id);
+
+ await apiSignin({
+ page,
+ email: user.email,
+ redirectPath: `/o/${organisation.url}/settings/branding`,
+ });
+
+ // Positive control: a genuine PNG is accepted and stored. This also proves the
+ // direct multipart request shape matches what the route expects.
+ const validResponse = await postOrganisationBrandingLogo(page, organisation.id, {
+ name: 'logo.png',
+ mimeType: 'image/png',
+ buffer: fs.readFileSync(LOGO_PATH),
+ });
+
+ expect(validResponse.ok()).toBeTruthy();
+
+ const afterValid = await prisma.organisationGlobalSettings.findUniqueOrThrow({
+ where: { id: organisation.organisationGlobalSettingsId },
+ });
+
+ expect(afterValid.brandingLogo).toBeTruthy();
+
+ // Bytes that pass the MIME/size allowlist but are not a real image must be
+ // rejected by the server (the `sharp` re-encode) without changing stored state.
+ const invalidResponse = await postOrganisationBrandingLogo(page, organisation.id, {
+ name: 'fake.png',
+ mimeType: 'image/png',
+ buffer: Buffer.from('this is definitely not a valid png'),
+ });
+
+ expect(invalidResponse.ok()).toBeFalsy();
+ expect(invalidResponse.status()).toBeGreaterThanOrEqual(400);
+ expect(invalidResponse.status()).toBeLessThan(500);
+
+ const afterInvalid = await prisma.organisationGlobalSettings.findUniqueOrThrow({
+ where: { id: organisation.organisationGlobalSettingsId },
+ });
+
+ // The previously stored, valid logo is left untouched by the rejected upload.
+ expect(afterInvalid.brandingLogo).toBe(afterValid.brandingLogo);
+});
+
+test('[BRANDING_LOGO]: rejects setting a logo without the custom-branding entitlement', async ({ page }) => {
+ // The entitlement is only enforced when billing is enabled; with billing off
+ // the check is intentionally skipped server-side, so this can't be exercised.
+ test.skip(
+ process.env.NEXT_PUBLIC_FEATURE_BILLING_ENABLED !== 'true',
+ 'Entitlement is only enforced when billing is enabled.',
+ );
+
+ // Seeded organisations have no `allowCustomBranding` claim flag.
+ const { user, organisation } = await seedUser({ isPersonalOrganisation: false });
+
+ await apiSignin({
+ page,
+ email: user.email,
+ redirectPath: `/o/${organisation.url}/settings/branding`,
+ });
+
+ const response = await postOrganisationBrandingLogo(page, organisation.id, {
+ name: 'logo.png',
+ mimeType: 'image/png',
+ buffer: fs.readFileSync(LOGO_PATH),
+ });
+
+ expect(response.ok()).toBeFalsy();
+
+ const settings = await prisma.organisationGlobalSettings.findUniqueOrThrow({
+ where: { id: organisation.organisationGlobalSettingsId },
+ });
+
+ expect(settings.brandingLogo).toBeFalsy();
+});
diff --git a/packages/app-tests/e2e/envelopes/envelope-expiration-settings.spec.ts b/packages/app-tests/e2e/envelopes/envelope-expiration-settings.spec.ts
index 806585193..fa1545d17 100644
--- a/packages/app-tests/e2e/envelopes/envelope-expiration-settings.spec.ts
+++ b/packages/app-tests/e2e/envelopes/envelope-expiration-settings.spec.ts
@@ -19,7 +19,7 @@ test('[ENVELOPE_EXPIRATION]: set custom expiration period at organisation level'
});
// Wait for the form to load.
- await expect(page.getByRole('button', { name: 'Update' }).first()).toBeVisible();
+ await expect(page.getByTestId('document-language-trigger')).toBeVisible();
// Change the amount to 2.
const amountInput = page.getByTestId('envelope-expiration-amount');
@@ -35,7 +35,7 @@ test('[ENVELOPE_EXPIRATION]: set custom expiration period at organisation level'
await unitTrigger.click();
await page.getByRole('option', { name: 'Weeks' }).click();
- await page.getByRole('button', { name: 'Update' }).first().click();
+ await page.getByRole('button', { name: 'Save changes' }).first().click();
await expect(page.getByText('Your document preferences have been updated').first()).toBeVisible();
// Verify via database.
@@ -57,14 +57,14 @@ test('[ENVELOPE_EXPIRATION]: disable expiration at organisation level', async ({
redirectPath: `/o/${organisation.url}/settings/document`,
});
- await expect(page.getByRole('button', { name: 'Update' }).first()).toBeVisible();
+ await expect(page.getByTestId('document-language-trigger')).toBeVisible();
// Find the mode select (shows "Custom duration") and change to "Never expires".
const modeTrigger = page.getByTestId('envelope-expiration-mode');
await modeTrigger.click();
await page.getByRole('option', { name: 'Never expires' }).click();
- await page.getByRole('button', { name: 'Update' }).first().click();
+ await page.getByRole('button', { name: 'Save changes' }).first().click();
await expect(page.getByText('Your document preferences have been updated').first()).toBeVisible();
// Verify via database.
@@ -109,7 +109,7 @@ test('[ENVELOPE_EXPIRATION]: team overrides organisation expiration', async ({ p
redirectPath: `/t/${team.url}/settings/document`,
});
- await expect(page.getByRole('button', { name: 'Update' }).first()).toBeVisible();
+ await expect(page.getByTestId('document-language-trigger')).toBeVisible();
// The expiration picker mode select should show "Inherit from organisation" by default.
const modeTrigger = page.getByTestId('envelope-expiration-mode');
@@ -128,7 +128,7 @@ test('[ENVELOPE_EXPIRATION]: team overrides organisation expiration', async ({ p
await unitTrigger.click();
await page.getByRole('option', { name: 'Days' }).click();
- await page.getByRole('button', { name: 'Update' }).first().click();
+ await page.getByRole('button', { name: 'Save changes' }).first().click();
await expect(page.getByText('Your document preferences have been updated').first()).toBeVisible();
// Verify team setting is overridden.
diff --git a/packages/app-tests/e2e/features/include-document-certificate.spec.ts b/packages/app-tests/e2e/features/include-document-certificate.spec.ts
index 335fb2389..6d44581f6 100644
--- a/packages/app-tests/e2e/features/include-document-certificate.spec.ts
+++ b/packages/app-tests/e2e/features/include-document-certificate.spec.ts
@@ -324,10 +324,7 @@ test.describe('Signing Certificate Tests', () => {
.click();
await page.getByRole('option', { name: 'No' }).click();
- await page
- .getByRole('button', { name: /Update/ })
- .first()
- .click();
+ await page.getByRole('button', { name: 'Save changes' }).first().click();
await page.waitForTimeout(1000);
@@ -347,10 +344,7 @@ test.describe('Signing Certificate Tests', () => {
.getByRole('combobox')
.click();
await page.getByRole('option', { name: 'Yes' }).click();
- await page
- .getByRole('button', { name: /Update/ })
- .first()
- .click();
+ await page.getByRole('button', { name: 'Save changes' }).first().click();
await page.waitForTimeout(1000);
diff --git a/packages/app-tests/e2e/organisations/manage-organisation.spec.ts b/packages/app-tests/e2e/organisations/manage-organisation.spec.ts
index f14777b08..23fcdedc6 100644
--- a/packages/app-tests/e2e/organisations/manage-organisation.spec.ts
+++ b/packages/app-tests/e2e/organisations/manage-organisation.spec.ts
@@ -60,7 +60,7 @@ test('[ORGANISATIONS]: manage general settings', async ({ page }) => {
await page.getByLabel('Organisation URL*').clear();
await page.getByLabel('Organisation URL*').fill(updatedOrganisationId);
- await page.getByRole('button', { name: 'Update organisation' }).click();
+ await page.getByRole('button', { name: 'Save changes' }).click();
// Check we have been redirected to the new organisation URL and the name is updated.
await page.waitForURL(`/o/${updatedOrganisationId}/settings/general`);
diff --git a/packages/app-tests/e2e/organisations/organisation-team-preferences.spec.ts b/packages/app-tests/e2e/organisations/organisation-team-preferences.spec.ts
index 48ab68685..336222d93 100644
--- a/packages/app-tests/e2e/organisations/organisation-team-preferences.spec.ts
+++ b/packages/app-tests/e2e/organisations/organisation-team-preferences.spec.ts
@@ -39,7 +39,7 @@ test('[ORGANISATIONS]: manage document preferences', async ({ page }) => {
await page.getByRole('option', { name: 'No' }).click();
await page.getByTestId('include-signing-certificate-trigger').click();
await page.getByRole('option', { name: 'No' }).click();
- await page.getByRole('button', { name: 'Update' }).first().click();
+ await page.getByRole('button', { name: 'Save changes' }).first().click();
await expect(page.getByText('Your document preferences have been updated').first()).toBeVisible();
const teamSettings = await getTeamSettings({
@@ -73,7 +73,7 @@ test('[ORGANISATIONS]: manage document preferences', async ({ page }) => {
await page.getByTestId('document-date-format-trigger').click();
await page.getByRole('option', { name: 'MM/DD/YYYY', exact: true }).click();
- await page.getByRole('button', { name: 'Update' }).first().click();
+ await page.getByRole('button', { name: 'Save changes' }).first().click();
await expect(page.getByText('Your document preferences have been updated').first()).toBeVisible();
const updatedTeamSettings = await getTeamSettings({
@@ -128,7 +128,7 @@ test('[ORGANISATIONS]: manage branding preferences', async ({ page }) => {
await page.getByRole('textbox', { name: 'Brand Website' }).fill('https://documenso.com');
await page.getByRole('textbox', { name: 'Brand Details' }).click();
await page.getByRole('textbox', { name: 'Brand Details' }).fill('BrandDetails');
- await page.getByRole('button', { name: 'Update' }).first().click();
+ await page.getByRole('button', { name: 'Save changes' }).first().click();
await expect(page.getByText('Your branding preferences have been updated').first()).toBeVisible();
const teamSettings = await getTeamSettings({
@@ -150,7 +150,7 @@ test('[ORGANISATIONS]: manage branding preferences', async ({ page }) => {
await page.getByRole('textbox', { name: 'Brand Website' }).fill('https://example.com');
await page.getByRole('textbox', { name: 'Brand Details' }).click();
await page.getByRole('textbox', { name: 'Brand Details' }).fill('UpdatedBrandDetails');
- await page.getByRole('button', { name: 'Update' }).first().click();
+ await page.getByRole('button', { name: 'Save changes' }).first().click();
await expect(page.getByText('Your branding preferences have been updated').first()).toBeVisible();
const updatedTeamSettings = await getTeamSettings({
@@ -165,7 +165,7 @@ test('[ORGANISATIONS]: manage branding preferences', async ({ page }) => {
// Test inheritance by setting team back to inherit from organisation
await page.getByTestId('enable-branding').click();
await page.getByRole('option', { name: 'Inherit from organisation' }).click();
- await page.getByRole('button', { name: 'Update' }).first().click();
+ await page.getByRole('button', { name: 'Save changes' }).first().click();
await expect(page.getByText('Your branding preferences have been updated').first()).toBeVisible();
await page.waitForTimeout(2000);
@@ -208,7 +208,7 @@ test('[ORGANISATIONS]: manage email preferences', async ({ page }) => {
await page.getByRole('checkbox', { name: 'Email the signer if the document is still pending' }).uncheck();
await page.getByRole('checkbox', { name: 'Email recipients when a pending document is deleted' }).uncheck();
- await page.getByRole('button', { name: 'Update' }).first().click();
+ await page.getByRole('button', { name: 'Save changes' }).first().click();
await expect(page.getByText('Your email preferences have been updated').first()).toBeVisible();
const teamSettings = await getTeamSettings({
@@ -245,7 +245,7 @@ test('[ORGANISATIONS]: manage email preferences', async ({ page }) => {
await page.getByRole('checkbox', { name: 'Email recipients when the document is completed', exact: true }).uncheck();
await page.getByRole('checkbox', { name: 'Email the owner when the document is completed' }).uncheck();
- await page.getByRole('button', { name: 'Update' }).first().click();
+ await page.getByRole('button', { name: 'Save changes' }).first().click();
await expect(page.getByText('Your email preferences have been updated').first()).toBeVisible();
const updatedTeamSettings = await getTeamSettings({
@@ -292,7 +292,7 @@ test('[ORGANISATIONS]: manage email preferences', async ({ page }) => {
await page.getByRole('textbox', { name: 'Reply to email' }).fill('');
await page.getByRole('combobox').filter({ hasText: 'Override organisation settings' }).click();
await page.getByRole('option', { name: 'Inherit from organisation' }).click();
- await page.getByRole('button', { name: 'Update' }).first().click();
+ await page.getByRole('button', { name: 'Save changes' }).first().click();
await expect(page.getByText('Your email preferences have been updated').first()).toBeVisible();
await page.waitForTimeout(1000);
diff --git a/packages/app-tests/e2e/signing-branding.spec.ts b/packages/app-tests/e2e/signing-branding.spec.ts
index 9cd9fbf85..1292d2f83 100644
--- a/packages/app-tests/e2e/signing-branding.spec.ts
+++ b/packages/app-tests/e2e/signing-branding.spec.ts
@@ -142,3 +142,38 @@ test('[SIGNING_BRANDING]: embedded signing does not render custom logo Brand Web
await expect(page.locator(`a[href="${BRANDING_URL}"]`)).toHaveCount(0);
await expect(page.getByRole('link', { name: `${team.name}'s Logo` })).toHaveCount(0);
});
+
+test('[SIGNING_BRANDING]: custom logo renders when branding is enabled and is hidden when disabled', async ({
+ page,
+}) => {
+ const { user, team, organisation } = await seedUser();
+
+ await enableOrganisationBranding({
+ organisationGlobalSettingsId: organisation.organisationGlobalSettingsId,
+ });
+
+ const { recipients } = await seedPendingDocumentWithFullFields({
+ owner: user,
+ teamId: team.id,
+ recipients: ['enabled-disabled-branding-signer@test.documenso.com'],
+ fields: [FieldType.SIGNATURE],
+ updateDocumentOptions: { internalVersion: 2 },
+ });
+
+ // Branding enabled → the custom logo is rendered on the signing page.
+ await page.goto(`/sign/${recipients[0].token}`);
+ await expectPlainBrandingLogo(page, `${team.name}'s Logo`);
+
+ // Disable branding while keeping the stored logo (the team inherits this).
+ await prisma.organisationGlobalSettings.update({
+ where: { id: organisation.organisationGlobalSettingsId },
+ data: { brandingEnabled: false },
+ });
+
+ // Branding disabled → the custom logo is gone and the Documenso fallback
+ // (an internal link to "/") is shown instead.
+ await page.goto(`/sign/${recipients[0].token}`);
+
+ await expect(page.getByRole('img', { name: `${team.name}'s Logo` })).toHaveCount(0);
+ await expect(page.locator('a[href="/"]').first()).toBeVisible();
+});
diff --git a/packages/app-tests/e2e/teams/manage-team.spec.ts b/packages/app-tests/e2e/teams/manage-team.spec.ts
index 293ac0113..5e4892444 100644
--- a/packages/app-tests/e2e/teams/manage-team.spec.ts
+++ b/packages/app-tests/e2e/teams/manage-team.spec.ts
@@ -66,7 +66,7 @@ test('[TEAMS]: update team', async ({ page }) => {
await page.getByLabel('Team URL*').clear();
await page.getByLabel('Team URL*').fill(updatedTeamId);
- await page.getByRole('button', { name: 'Update team' }).click();
+ await page.getByRole('button', { name: 'Save changes' }).click();
// Check we have been redirected to the new team URL and the name is updated.
await page.waitForURL(`${NEXT_PUBLIC_WEBAPP_URL()}/t/${updatedTeamId}/settings`);
diff --git a/packages/app-tests/e2e/teams/team-groups.spec.ts b/packages/app-tests/e2e/teams/team-groups.spec.ts
new file mode 100644
index 000000000..74c7f6372
--- /dev/null
+++ b/packages/app-tests/e2e/teams/team-groups.spec.ts
@@ -0,0 +1,163 @@
+import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
+import { generateDatabaseId } from '@documenso/lib/universal/id';
+import { prisma } from '@documenso/prisma';
+import { seedTeamMember } from '@documenso/prisma/seed/teams';
+import { seedUser } from '@documenso/prisma/seed/users';
+import { expect, type Page, test } from '@playwright/test';
+import { OrganisationGroupType, OrganisationMemberRole, TeamMemberRole } from '@prisma/client';
+
+import { apiSignin } from '../fixtures/authentication';
+
+const WEBAPP_BASE_URL = NEXT_PUBLIC_WEBAPP_URL();
+
+test.describe.configure({ mode: 'parallel' });
+
+/**
+ * Calls a team-group tRPC mutation directly, bypassing the UI.
+ *
+ * The UI only ever surfaces CUSTOM / INTERNAL_ORGANISATION groups, so these
+ * authorisation rules must be enforced on the server - a crafted request can
+ * target any `teamGroupId`, including the system-managed INTERNAL_TEAM groups.
+ */
+const callTeamGroupMutation = (
+ page: Page,
+ procedure: 'team.group.delete' | 'team.group.update',
+ teamId: number,
+ input: Record,
+) =>
+ page.context().request.post(`${WEBAPP_BASE_URL}/api/trpc/${procedure}`, {
+ headers: { 'content-type': 'application/json', 'x-team-id': teamId.toString() },
+ data: JSON.stringify({ json: input }),
+ });
+
+/**
+ * Every team is created with three system-managed INTERNAL_TEAM groups
+ * (admin/manager/member). They are the backbone of team-specific access and,
+ * like organisation internal groups, must not be deletable - deleting them
+ * silently strips team members of access while leaving the team row in place.
+ */
+test('[TEAMS]: internal team groups cannot be deleted via the API', async ({ page }) => {
+ // Member inheritance OFF: membership is granted exclusively through the team's
+ // INTERNAL_TEAM groups, so removing them is what causes the access loss.
+ const { user: owner, team } = await seedUser({ inheritMembers: false });
+
+ // A direct team member whose access depends on the INTERNAL_TEAM member group.
+ const directMember = await seedTeamMember({ teamId: team.id, role: TeamMemberRole.MEMBER });
+
+ await apiSignin({ page, email: owner.email });
+
+ const internalTeamGroups = await prisma.teamGroup.findMany({
+ where: {
+ teamId: team.id,
+ organisationGroup: { type: OrganisationGroupType.INTERNAL_TEAM },
+ },
+ });
+
+ // admin + manager + member.
+ expect(internalTeamGroups).toHaveLength(3);
+
+ for (const group of internalTeamGroups) {
+ const response = await callTeamGroupMutation(page, 'team.group.delete', team.id, {
+ teamId: team.id,
+ teamGroupId: group.id,
+ });
+
+ expect(response.status(), `INTERNAL_TEAM ${group.teamRole} group must not be deletable`).not.toBe(200);
+ }
+
+ // None of the internal groups were removed.
+ const remaining = await prisma.teamGroup.count({
+ where: {
+ teamId: team.id,
+ organisationGroup: { type: OrganisationGroupType.INTERNAL_TEAM },
+ },
+ });
+
+ expect(remaining).toBe(3);
+
+ // The direct member therefore keeps their team access.
+ const memberStillHasAccess = await prisma.teamGroup.findFirst({
+ where: {
+ teamId: team.id,
+ organisationGroup: {
+ type: OrganisationGroupType.INTERNAL_TEAM,
+ organisationGroupMembers: {
+ some: { organisationMember: { userId: directMember.id } },
+ },
+ },
+ },
+ });
+
+ expect(memberStillHasAccess).not.toBeNull();
+});
+
+/**
+ * Guards against over-blocking: user-created (CUSTOM) team groups are not
+ * internal and must remain removable by team managers/admins.
+ */
+test('[TEAMS]: custom team groups can still be deleted', async ({ page }) => {
+ const { user: owner, organisation, team } = await seedUser({ inheritMembers: false });
+
+ const customGroup = await prisma.organisationGroup.create({
+ data: {
+ id: generateDatabaseId('org_group'),
+ name: `custom-${team.url}`,
+ type: OrganisationGroupType.CUSTOM,
+ organisationRole: OrganisationMemberRole.MEMBER,
+ organisationId: organisation.id,
+ teamGroups: {
+ create: {
+ id: generateDatabaseId('team_group'),
+ teamId: team.id,
+ teamRole: TeamMemberRole.MEMBER,
+ },
+ },
+ },
+ include: { teamGroups: true },
+ });
+
+ const customTeamGroup = customGroup.teamGroups[0];
+
+ await apiSignin({ page, email: owner.email });
+
+ const response = await callTeamGroupMutation(page, 'team.group.delete', team.id, {
+ teamId: team.id,
+ teamGroupId: customTeamGroup.id,
+ });
+
+ expect(response.status()).toBe(200);
+
+ const deleted = await prisma.teamGroup.findUnique({ where: { id: customTeamGroup.id } });
+
+ expect(deleted).toBeNull();
+});
+
+/**
+ * The same root cause affects updates: an INTERNAL_TEAM group's role must not be
+ * editable either, otherwise a team admin could rewrite the backbone roles
+ * (e.g. promote the member group to admin).
+ */
+test('[TEAMS]: internal team groups cannot be updated via the API', async ({ page }) => {
+ const { user: owner, team } = await seedUser({ inheritMembers: false });
+
+ await apiSignin({ page, email: owner.email });
+
+ const internalMemberGroup = await prisma.teamGroup.findFirstOrThrow({
+ where: {
+ teamId: team.id,
+ teamRole: TeamMemberRole.MEMBER,
+ organisationGroup: { type: OrganisationGroupType.INTERNAL_TEAM },
+ },
+ });
+
+ const response = await callTeamGroupMutation(page, 'team.group.update', team.id, {
+ id: internalMemberGroup.id,
+ data: { teamRole: TeamMemberRole.ADMIN },
+ });
+
+ expect(response.status()).not.toBe(200);
+
+ const reloaded = await prisma.teamGroup.findUniqueOrThrow({ where: { id: internalMemberGroup.id } });
+
+ expect(reloaded.teamRole).toBe(TeamMemberRole.MEMBER);
+});
diff --git a/packages/app-tests/e2e/teams/team-settings-save-bar.spec.ts b/packages/app-tests/e2e/teams/team-settings-save-bar.spec.ts
new file mode 100644
index 000000000..272b649e7
--- /dev/null
+++ b/packages/app-tests/e2e/teams/team-settings-save-bar.spec.ts
@@ -0,0 +1,79 @@
+import { seedUser } from '@documenso/prisma/seed/users';
+import { expect, test } from '@playwright/test';
+
+import { apiSignin } from '../fixtures/authentication';
+
+test('[TEAMS]: settings save bar docks at the bottom of the form', async ({ page }) => {
+ const { user, team } = await seedUser();
+
+ await apiSignin({
+ page,
+ email: user.email,
+ redirectPath: `/t/${team.url}/settings`,
+ });
+
+ await expect(page.getByLabel('Team Name*')).toBeVisible();
+
+ const saveButton = page.getByRole('button', { name: 'Save changes' });
+
+ // Pristine: the docked Save button is present but disabled; no Undo, no floating notice.
+ await expect(saveButton).toBeVisible();
+ await expect(saveButton).toBeDisabled();
+ await expect(page.getByRole('button', { name: 'Undo' })).toHaveCount(0);
+ await expect(page.getByText('You have unsaved changes')).not.toBeVisible();
+
+ // Make a change → Save enables and Undo appears.
+ const updatedName = `team-${Date.now()}`;
+ await page.getByLabel('Team Name*').clear();
+ await page.getByLabel('Team Name*').fill(updatedName);
+
+ await expect(saveButton).toBeEnabled();
+ await expect(page.getByRole('button', { name: 'Undo' })).toBeVisible();
+
+ // Undo → value restored, Save disabled again, Undo gone.
+ await page.getByRole('button', { name: 'Undo' }).click();
+ await expect(page.getByLabel('Team Name*')).toHaveValue(team.name);
+ await expect(saveButton).toBeDisabled();
+ await expect(page.getByRole('button', { name: 'Undo' })).toHaveCount(0);
+
+ // Change again → Save → success toast, returns to a pristine (disabled) state.
+ await page.getByLabel('Team Name*').clear();
+ await page.getByLabel('Team Name*').fill(updatedName);
+ await expect(saveButton).toBeEnabled();
+ await saveButton.click();
+
+ await expect(page.getByText('Your team has been successfully updated.').first()).toBeVisible();
+ await expect(saveButton).toBeDisabled();
+});
+
+test('[ORGANISATIONS]: settings save bar floats when the form footer is off-screen', async ({ page }) => {
+ const { user, organisation } = await seedUser({
+ isPersonalOrganisation: false,
+ });
+
+ await apiSignin({
+ page,
+ email: user.email,
+ redirectPath: `/o/${organisation.url}/settings/document`,
+ });
+
+ // Wait for the long document-preferences form to load.
+ await expect(page.getByTestId('document-language-trigger')).toBeVisible();
+
+ // Pristine: no floating notice even though the footer is below the fold.
+ await expect(page.getByText('You have unsaved changes')).not.toBeVisible();
+
+ // Edit a field near the top → the footer is off-screen, so the floating pill appears.
+ await page.getByTestId('document-language-trigger').click();
+ await page.getByRole('option', { name: 'German' }).click();
+
+ await expect(page.getByText('You have unsaved changes')).toBeVisible();
+ await expect(page.getByRole('button', { name: 'Save changes' })).toBeVisible();
+
+ // Scroll to the footer → the floating pill merges into the docked buttons and the
+ // notice disappears.
+ await page.evaluate(() => window.scrollTo(0, document.body.scrollHeight));
+
+ await expect(page.getByText('You have unsaved changes')).not.toBeVisible();
+ await expect(page.getByRole('button', { name: 'Save changes' })).toBeVisible();
+});
diff --git a/packages/app-tests/e2e/teams/team-signature-settings.spec.ts b/packages/app-tests/e2e/teams/team-signature-settings.spec.ts
index 7b4e4541e..078d0cab7 100644
--- a/packages/app-tests/e2e/teams/team-signature-settings.spec.ts
+++ b/packages/app-tests/e2e/teams/team-signature-settings.spec.ts
@@ -75,7 +75,7 @@ test('[TEAMS]: check signature modes can be disabled', async ({ page }) => {
await item.click();
}
- await page.getByRole('button', { name: 'Update' }).first().click();
+ await page.getByRole('button', { name: 'Save changes' }).first().click();
// Wait for the update to complete
await expect(page.getByText('Document preferences updated', { exact: true })).toBeVisible();
@@ -140,7 +140,7 @@ test('[TEAMS]: check signature modes work for templates', async ({ page }) => {
await item.click();
}
- await page.getByRole('button', { name: 'Update' }).first().click();
+ await page.getByRole('button', { name: 'Save changes' }).first().click();
// Wait for finish
await expect(page.getByText('Document preferences updated', { exact: true })).toBeVisible();
diff --git a/packages/auth/server/lib/errors/error-codes.ts b/packages/auth/server/lib/errors/error-codes.ts
index 858457190..dbce82f09 100644
--- a/packages/auth/server/lib/errors/error-codes.ts
+++ b/packages/auth/server/lib/errors/error-codes.ts
@@ -17,6 +17,7 @@ export const AuthenticationErrorCode = {
// TwoFactorMissingSecret: 'TWO_FACTOR_MISSING_SECRET',
// TwoFactorMissingCredentials: 'TWO_FACTOR_MISSING_CREDENTIALS',
InvalidTwoFactorCode: 'INVALID_TWO_FACTOR_CODE',
+ SigninDisabled: 'SIGNIN_DISABLED',
SignupDisabled: 'SIGNUP_DISABLED',
SignupDisposableEmail: 'SIGNUP_DISPOSABLE_EMAIL',
// IncorrectTwoFactorBackupCode: 'INCORRECT_TWO_FACTOR_BACKUP_CODE',
diff --git a/packages/auth/server/routes/email-password.ts b/packages/auth/server/routes/email-password.ts
index 7cf2735cf..8d890b81a 100644
--- a/packages/auth/server/routes/email-password.ts
+++ b/packages/auth/server/routes/email-password.ts
@@ -1,6 +1,7 @@
import {
isDisposableEmail,
isEmailDomainAllowedForSignup,
+ isSigninEnabledForProvider,
isSignupEnabledForProvider,
} from '@documenso/lib/constants/auth';
import { EMAIL_VERIFICATION_STATE } from '@documenso/lib/constants/email';
@@ -64,6 +65,12 @@ export const emailPasswordRoute = new Hono()
.post('/authorize', sValidator('json', ZSignInSchema), async (c) => {
const requestMetadata = c.get('requestMetadata');
+ if (!isSigninEnabledForProvider('email')) {
+ throw new AppError(AuthenticationErrorCode.SigninDisabled, {
+ statusCode: 400,
+ });
+ }
+
const { email, password, totpCode, backupCode, csrfToken, captchaToken } = c.req.valid('json');
const loginLimitResult = await loginRateLimit.check({
@@ -244,6 +251,12 @@ export const emailPasswordRoute = new Hono()
const { password, currentPassword } = c.req.valid('json');
const requestMetadata = c.get('requestMetadata');
+ if (!isSigninEnabledForProvider('email')) {
+ throw new AppError(AuthenticationErrorCode.SigninDisabled, {
+ statusCode: 400,
+ });
+ }
+
const { session, user } = await getSession(c);
await updatePassword({
@@ -346,6 +359,12 @@ export const emailPasswordRoute = new Hono()
.post('/forgot-password', sValidator('json', ZForgotPasswordSchema), async (c) => {
const requestMetadata = c.get('requestMetadata');
+ if (!isSigninEnabledForProvider('email')) {
+ throw new AppError(AuthenticationErrorCode.SigninDisabled, {
+ statusCode: 400,
+ });
+ }
+
const { email } = c.req.valid('json');
const forgotLimitResult = await forgotPasswordRateLimit.check({
@@ -377,6 +396,12 @@ export const emailPasswordRoute = new Hono()
.post('/reset-password', sValidator('json', ZResetPasswordSchema), async (c) => {
const requestMetadata = c.get('requestMetadata');
+ if (!isSigninEnabledForProvider('email')) {
+ throw new AppError(AuthenticationErrorCode.SigninDisabled, {
+ statusCode: 400,
+ });
+ }
+
const { token, password } = c.req.valid('json');
const resetLimitResult = await resetPasswordRateLimit.check({
diff --git a/packages/auth/server/types/email-password.ts b/packages/auth/server/types/email-password.ts
index eafaca28c..5303d326c 100644
--- a/packages/auth/server/types/email-password.ts
+++ b/packages/auth/server/types/email-password.ts
@@ -1,4 +1,4 @@
-import { ZNameSchema } from '@documenso/lib/constants/auth';
+import { ZNameSchema } from '@documenso/lib/types/name';
import { zEmail } from '@documenso/lib/utils/zod';
import { z } from 'zod';
diff --git a/packages/lib/constants/auth.ts b/packages/lib/constants/auth.ts
index 4768540d4..cb514979b 100644
--- a/packages/lib/constants/auth.ts
+++ b/packages/lib/constants/auth.ts
@@ -1,25 +1,10 @@
import MailChecker from 'mailchecker';
-import { z } from 'zod';
import { env } from '../utils/env';
import { NEXT_PUBLIC_WEBAPP_URL } from './app';
export const SALT_ROUNDS = 12;
-export const URL_PATTERN = /https?:\/\/|www\./i;
-
-/**
- * Shared name schema that disallows URLs to prevent phishing via email rendering.
- */
-export const ZNameSchema = z
- .string()
- .trim()
- .min(3, { message: 'Please enter a valid name.' })
- .max(255, { message: 'Name cannot be more than 255 characters.' })
- .refine((value) => !URL_PATTERN.test(value), {
- message: 'Name cannot contain URLs.',
- });
-
export const IDENTITY_PROVIDER_NAME: Record = {
DOCUMENSO: 'Documenso',
GOOGLE: 'Google',
@@ -41,6 +26,14 @@ export const IS_OIDC_SSO_ENABLED = Boolean(
export const OIDC_PROVIDER_LABEL = env('NEXT_PRIVATE_OIDC_PROVIDER_LABEL');
+/**
+ * Opt-out flag for the automatic OIDC redirect.
+ *
+ * When OIDC is the only enabled signin transport we redirect to the provider
+ * automatically. Set this to "true" to keep rendering the signin page instead.
+ */
+export const IS_OIDC_AUTO_REDIRECT_DISABLED = env('NEXT_PUBLIC_DISABLE_OIDC_AUTO_REDIRECT') === 'true';
+
export const USER_SECURITY_AUDIT_LOG_MAP: Record = {
ACCOUNT_SSO_LINK: 'Linked account to SSO',
ACCOUNT_SSO_UNLINK: 'Unlinked account from SSO',
@@ -188,3 +181,22 @@ export const isSignupEnabledForProvider = (provider: 'email' | 'google' | 'micro
return env(flagMap[provider]) !== 'true';
};
+
+/**
+ * Check if signin is enabled for the given provider.
+ * The master switch takes precedence over the per-provider flags.
+ */
+export const isSigninEnabledForProvider = (provider: 'email' | 'google' | 'microsoft' | 'oidc'): boolean => {
+ if (env('NEXT_PUBLIC_DISABLE_SIGNIN') === 'true') {
+ return false;
+ }
+
+ const flagMap = {
+ email: 'NEXT_PUBLIC_DISABLE_EMAIL_PASSWORD_SIGNIN',
+ google: 'NEXT_PUBLIC_DISABLE_GOOGLE_SIGNIN',
+ microsoft: 'NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNIN',
+ oidc: 'NEXT_PUBLIC_DISABLE_OIDC_SIGNIN',
+ } as const;
+
+ return env(flagMap[provider]) !== 'true';
+};
diff --git a/packages/lib/constants/branding.ts b/packages/lib/constants/branding.ts
index f50cc7098..0f00237b7 100644
--- a/packages/lib/constants/branding.ts
+++ b/packages/lib/constants/branding.ts
@@ -9,3 +9,13 @@
* cap so a malicious or runaway payload can't exhaust PostCSS/server memory.
*/
export const BRANDING_CSS_MAX_LENGTH = 256 * 1024;
+
+/**
+ * Branding logo upload constraints. Enforced server-side at the TRPC request
+ * boundary (`zfdBrandingImageFile`) and reused by the client form for matching UX.
+ */
+export const BRANDING_LOGO_MAX_SIZE_MB = 5;
+
+export const BRANDING_LOGO_MAX_SIZE_BYTES = BRANDING_LOGO_MAX_SIZE_MB * 1024 * 1024;
+
+export const BRANDING_LOGO_ALLOWED_TYPES: string[] = ['image/jpeg', 'image/png', 'image/webp'];
diff --git a/packages/lib/server-only/branding/store-branding-logo.ts b/packages/lib/server-only/branding/store-branding-logo.ts
new file mode 100644
index 000000000..af0601aec
--- /dev/null
+++ b/packages/lib/server-only/branding/store-branding-logo.ts
@@ -0,0 +1,26 @@
+import { AppError, AppErrorCode } from '../../errors/app-error';
+import { putFileServerSide } from '../../universal/upload/put-file.server';
+import { optimiseBrandingLogo } from '../../utils/images/logo';
+
+/**
+ * Validate, sanitise and store an uploaded branding logo. Returns the
+ * `JSON.stringify({ type, data })` reference persisted in the `brandingLogo`
+ * column (the same format the serving endpoints already expect).
+ */
+export const buildBrandingLogoData = async (file: File): Promise => {
+ const buffer = Buffer.from(await file.arrayBuffer());
+
+ const optimised = await optimiseBrandingLogo(buffer).catch(() => {
+ throw new AppError(AppErrorCode.INVALID_BODY, {
+ message: 'The branding logo must be a valid image file.',
+ });
+ });
+
+ const documentData = await putFileServerSide({
+ name: 'branding-logo.png',
+ type: 'image/png',
+ arrayBuffer: async () => Promise.resolve(optimised),
+ });
+
+ return JSON.stringify(documentData);
+};
diff --git a/packages/lib/server-only/document/delete-document.ts b/packages/lib/server-only/document/delete-document.ts
index 0a4456d5c..8dd0b69de 100644
--- a/packages/lib/server-only/document/delete-document.ts
+++ b/packages/lib/server-only/document/delete-document.ts
@@ -83,15 +83,17 @@ export const deleteDocument = async ({ id, userId, teamId, requestMetadata }: De
// Handle hard or soft deleting the actual document if user has permission.
if (hasDeleteAccess) {
- await handleDocumentOwnerDelete({
+ const updatedEnvelope = await handleDocumentOwnerDelete({
envelope,
user,
requestMetadata,
});
+ const envelopeForWebhook = { ...envelope, ...(updatedEnvelope ?? {}) };
+
await triggerWebhook({
event: WebhookTriggerEvents.DOCUMENT_CANCELLED,
- data: ZWebhookDocumentSchema.parse(mapEnvelopeToWebhookDocumentPayload(envelope)),
+ data: ZWebhookDocumentSchema.parse(mapEnvelopeToWebhookDocumentPayload(envelopeForWebhook)),
userId,
teamId,
});
diff --git a/packages/lib/server-only/envelope/create-envelope.ts b/packages/lib/server-only/envelope/create-envelope.ts
index 4ca73a387..2bbb079fd 100644
--- a/packages/lib/server-only/envelope/create-envelope.ts
+++ b/packages/lib/server-only/envelope/create-envelope.ts
@@ -37,9 +37,9 @@ import { extractDerivedDocumentMeta } from '../../utils/document';
import { createDocumentAuthOptions, createRecipientAuthOptions } from '../../utils/document-auth';
import { buildTeamWhereQuery } from '../../utils/teams';
import { incrementDocumentId, incrementTemplateId } from '../envelope/increment-id';
+import { assertOrganisationRatesAndLimits } from '../rate-limit/assert-organisation-rates-and-limits';
import { assertCompatibleRecipientRole } from '../signature-level/assert-compatible-recipient-role';
import { resolveSignatureLevel } from '../signature-level/resolve-signature-level';
-import { assertOrganisationRatesAndLimits } from '../rate-limit/assert-organisation-rates-and-limits';
import { getTeamSettings } from '../team/get-team-settings';
import { assertUserNotDisabledById } from '../user/assert-user-not-disabled';
import { triggerWebhook } from '../webhooks/trigger/trigger-webhook';
diff --git a/packages/lib/server-only/envelope/duplicate-envelope.ts b/packages/lib/server-only/envelope/duplicate-envelope.ts
index a904bb3f2..4770814f8 100644
--- a/packages/lib/server-only/envelope/duplicate-envelope.ts
+++ b/packages/lib/server-only/envelope/duplicate-envelope.ts
@@ -10,8 +10,8 @@ import { nanoid, prefixedId } from '../../universal/id';
import type { EnvelopeIdOptions } from '../../utils/envelope';
import { getEnvelopeWhereInput } from '../envelope/get-envelope-by-id';
import { incrementDocumentId, incrementTemplateId } from '../envelope/increment-id';
-import { resolveSignatureLevel } from '../signature-level/resolve-signature-level';
import { assertOrganisationRatesAndLimits } from '../rate-limit/assert-organisation-rates-and-limits';
+import { resolveSignatureLevel } from '../signature-level/resolve-signature-level';
import { triggerWebhook } from '../webhooks/trigger/trigger-webhook';
export interface DuplicateEnvelopeOptions {
diff --git a/packages/lib/server-only/rate-limit/compute-quota-flags.ts b/packages/lib/server-only/rate-limit/compute-quota-flags.ts
index ea463cf69..556955942 100644
--- a/packages/lib/server-only/rate-limit/compute-quota-flags.ts
+++ b/packages/lib/server-only/rate-limit/compute-quota-flags.ts
@@ -1,4 +1,4 @@
-import { QUOTA_WARNING_THRESHOLD } from './get-quota-alert-kind';
+import { isQuotaExceeded, isQuotaNearing } from '../../universal/quota-usage';
export type QuotaFlags = {
isDocumentQuotaExceeded: boolean;
@@ -22,39 +22,6 @@ type ComputeQuotaFlagsOptions = {
};
};
-/**
- * A quota of `null` means unlimited (never exceeded). A quota of `0` means
- * blocked (always exceeded). Otherwise usage `>=` quota is exceeded.
- */
-const isQuotaExceeded = (quota: number | null, usage: number): boolean => {
- if (quota === null) {
- return false;
- }
-
- if (quota === 0) {
- return true;
- }
-
- return usage >= quota;
-};
-
-/**
- * A counter is "nearing" its quota once usage reaches the warning threshold
- * (80% of the quota, rounded up) but has not yet been exceeded. Nearing and
- * exceeded are mutually exclusive per counter.
- */
-const isQuotaNearing = (quota: number | null, usage: number): boolean => {
- if (quota === null || quota === 0) {
- return false;
- }
-
- if (isQuotaExceeded(quota, usage)) {
- return false;
- }
-
- return usage >= Math.ceil(quota * QUOTA_WARNING_THRESHOLD);
-};
-
export const computeQuotaFlags = ({ quotas, usage }: ComputeQuotaFlagsOptions): QuotaFlags => {
return {
isDocumentQuotaExceeded: isQuotaExceeded(quotas.documentQuota, usage?.documentCount ?? 0),
diff --git a/packages/lib/server-only/rate-limit/get-quota-alert-kind.ts b/packages/lib/server-only/rate-limit/get-quota-alert-kind.ts
index afaaeaa14..3082e864e 100644
--- a/packages/lib/server-only/rate-limit/get-quota-alert-kind.ts
+++ b/packages/lib/server-only/rate-limit/get-quota-alert-kind.ts
@@ -1,4 +1,4 @@
-export const QUOTA_WARNING_THRESHOLD = 0.8;
+import { getQuotaWarningCount } from '../../universal/quota-usage';
export type QuotaAlertKind = 'quota' | 'quotaNearing';
@@ -32,7 +32,7 @@ export const getQuotaAlertKind = (opts: GetQuotaAlertKindOptions): QuotaAlertKin
// From here newCount < quota, so for tiny quotas (1-4) where the rounded-up
// warning threshold equals the quota itself, the warning can never fire — the
// exhausting request is handled by the quota branch above.
- const warningCount = Math.ceil(quota * QUOTA_WARNING_THRESHOLD);
+ const warningCount = getQuotaWarningCount(quota);
const didCrossWarning = newCount >= warningCount && previousCount < warningCount;
diff --git a/packages/lib/server-only/template/create-document-from-template.ts b/packages/lib/server-only/template/create-document-from-template.ts
index 114a3c2ef..47158c3f0 100644
--- a/packages/lib/server-only/template/create-document-from-template.ts
+++ b/packages/lib/server-only/template/create-document-from-template.ts
@@ -51,8 +51,8 @@ import { buildTeamWhereQuery } from '../../utils/teams';
import { getEnvelopeWhereInput } from '../envelope/get-envelope-by-id';
import { incrementDocumentId } from '../envelope/increment-id';
import { insertFormValuesInPdf } from '../pdf/insert-form-values-in-pdf';
-import { resolveSignatureLevel } from '../signature-level/resolve-signature-level';
import { assertOrganisationRatesAndLimits } from '../rate-limit/assert-organisation-rates-and-limits';
+import { resolveSignatureLevel } from '../signature-level/resolve-signature-level';
import { getTeamSettings } from '../team/get-team-settings';
import { triggerWebhook } from '../webhooks/trigger/trigger-webhook';
import { getOrganisationTemplateWhereInput } from './get-organisation-template-by-id';
diff --git a/packages/lib/translations/de/web.po b/packages/lib/translations/de/web.po
index f1f748764..596094b11 100644
--- a/packages/lib/translations/de/web.po
+++ b/packages/lib/translations/de/web.po
@@ -2441,6 +2441,7 @@ msgstr "Branding-Logo"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Branding Preferences"
msgstr "Markenpräferenzen"
@@ -3572,6 +3573,7 @@ msgid "Currently all organisation members can access this team"
msgstr "Derzeit können alle Organisationsmitglieder auf dieses Team zugreifen"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Currently branding can only be configured for Teams and above plans."
msgstr "Zurzeit kann das Branding nur für Teams und darüber konfiguriert werden."
@@ -4214,8 +4216,8 @@ msgstr "Dokument storniert"
#: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx
#: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx
+#: packages/lib/jobs/definitions/emails/send-document-deleted-emails.handler.ts
#: packages/lib/server-only/admin/admin-super-delete-document.ts
-#: packages/lib/server-only/document/delete-document.ts
msgid "Document Cancelled"
msgstr "Dokument storniert"
@@ -7942,6 +7944,11 @@ msgstr "Original"
msgid "Otherwise, the document will be created as a draft."
msgstr "Andernfalls wird das Dokument als Entwurf erstellt."
+#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx
+#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx
+msgid "Overlapping fields detected"
+msgstr ""
+
#: apps/remix/app/components/forms/document-preferences-form.tsx
#: apps/remix/app/components/forms/email-preferences-form.tsx
msgid "Override organisation settings"
@@ -8917,6 +8924,11 @@ msgstr "Weiterleitungs-URL"
msgid "Redirecting"
msgstr "Weiterleitung"
+#. placeholder {0}: oidcProviderLabel || 'OIDC'
+#: apps/remix/app/routes/_unauthenticated+/signin.tsx
+msgid "Redirecting to {0}..."
+msgstr ""
+
#: apps/remix/app/components/forms/signup.tsx
#: apps/remix/app/components/general/claim-account.tsx
msgid "Registration Successful"
@@ -9192,9 +9204,7 @@ msgstr "Umschlag erneut senden"
msgid "Resend verification"
msgstr "Bestätigung erneut senden"
-#: apps/remix/app/components/forms/organisation-update-form.tsx
#: apps/remix/app/components/forms/public-profile-form.tsx
-#: apps/remix/app/components/forms/team-update-form.tsx
#: apps/remix/app/components/general/organisation-usage-reset-button.tsx
msgid "Reset"
msgstr "Zurücksetzen"
@@ -9379,6 +9389,7 @@ msgid "Save as Template"
msgstr "Als Vorlage speichern"
#: apps/remix/app/components/dialogs/email-transport-update-dialog.tsx
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
msgid "Save changes"
msgstr "Änderungen speichern"
@@ -10219,6 +10230,11 @@ msgstr "Website Einstellungen"
msgid "Skip"
msgstr "Überspringen"
+#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx
+#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx
+msgid "Some fields are placed on top of each other. This may complicate the signing process or cause fields to not work as expected."
+msgstr ""
+
#: packages/ui/primitives/document-flow/missing-signature-field-dialog.tsx
msgid "Some signers have not been assigned a signature field. Please assign at least 1 signature field to each signer before proceeding."
msgstr "Einige Unterzeichner haben noch kein Unterschriftsfeld zugewiesen bekommen. Bitte weisen Sie jedem Unterzeichner mindestens ein Unterschriftsfeld zu, bevor Sie fortfahren."
@@ -12249,6 +12265,7 @@ msgstr "Nicht autorisiert"
msgid "Uncompleted"
msgstr "Unvollendet"
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
#: packages/ui/primitives/signature-pad/signature-pad-draw.tsx
msgid "Undo"
msgstr "Rückgängig"
@@ -12298,6 +12315,10 @@ msgstr "Verknüpfung aufheben"
msgid "Unpin"
msgstr "Lösen"
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
+msgid "Unsaved changes"
+msgstr ""
+
#: apps/remix/app/routes/_authenticated+/admin+/_layout.tsx
#: apps/remix/app/routes/_authenticated+/admin+/unsealed-documents._index.tsx
msgid "Unsealed Documents"
@@ -12317,9 +12338,6 @@ msgstr "Unbetitelte Gruppe"
#: apps/remix/app/components/dialogs/team-group-update-dialog.tsx
#: apps/remix/app/components/dialogs/team-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/webhook-edit-dialog.tsx
-#: apps/remix/app/components/forms/branding-preferences-form.tsx
-#: apps/remix/app/components/forms/document-preferences-form.tsx
-#: apps/remix/app/components/forms/email-preferences-form.tsx
#: apps/remix/app/components/forms/public-profile-form.tsx
#: apps/remix/app/components/general/envelope-editor/envelope-editor-settings-dialog.tsx
#: apps/remix/app/components/tables/admin-claims-table.tsx
@@ -12342,6 +12360,7 @@ msgstr "Banner aktualisieren"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains._index.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Update Billing"
msgstr "Rechnungsdaten aktualisieren"
@@ -12369,10 +12388,6 @@ msgstr "E-Mail aktualisieren"
msgid "Update Fields"
msgstr "Felder aktualisieren"
-#: apps/remix/app/components/forms/organisation-update-form.tsx
-msgid "Update organisation"
-msgstr "Organisation aktualisieren"
-
#: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx
@@ -12408,10 +12423,6 @@ msgstr "Rolle aktualisieren"
msgid "Update Subscription Claim"
msgstr "Abonnementsanspruch aktualisieren"
-#: apps/remix/app/components/forms/team-update-form.tsx
-msgid "Update team"
-msgstr "Team aktualisieren"
-
#: apps/remix/app/components/dialogs/team-email-update-dialog.tsx
#: apps/remix/app/components/dialogs/team-email-update-dialog.tsx
msgid "Update team email"
@@ -12942,7 +12953,7 @@ msgstr "Warten"
msgid "Waiting for others"
msgstr "Warten auf andere"
-#: packages/lib/server-only/document/send-pending-email.ts
+#: packages/lib/jobs/definitions/emails/send-document-pending-email.handler.ts
msgid "Waiting for others to complete signing."
msgstr "Warten auf andere, um die Unterzeichnung abzuschließen."
@@ -13916,8 +13927,7 @@ msgstr "Du wurdest eingeladen, {0} auf Documenso beizutreten"
msgid "You have been invited to join the following organisation"
msgstr "Sie wurden eingeladen, der folgenden Organisation beizutreten"
-#: packages/lib/server-only/recipient/delete-envelope-recipient.ts
-#: packages/lib/server-only/recipient/set-document-recipients.ts
+#: packages/lib/jobs/definitions/emails/send-recipient-removed-email.handler.ts
msgid "You have been removed from a document"
msgstr "Du wurdest von einem Dokument entfernt"
@@ -14037,6 +14047,10 @@ msgstr "Sie haben den Zugriff erfolgreich widerrufen."
msgid "You have the right to withdraw your consent to use electronic signatures at any time before completing the signing process. To withdraw your consent, please contact the sender of the document. In failing to contact the sender you may reach out to <0>{SUPPORT_EMAIL}0> for assistance. Be aware that withdrawing consent may delay or halt the completion of the related transaction or service."
msgstr "Sie haben das Recht, Ihre Zustimmung zur Verwendung elektronischer Unterschriften jederzeit vor Abschluss des Unterzeichnungsprozesses zu widerrufen. Um Ihre Zustimmung zu widerrufen, kontaktieren Sie bitte den Absender des Dokuments. Sollten Sie den Absender nicht erreichen, können Sie sich für Unterstützung an <0>{SUPPORT_EMAIL}0> wenden. Seien Sie sich bewusst, dass der Widerruf der Zustimmung den Abschluss der zugehörigen Transaktion oder Dienstleistung verzögern oder stoppen kann."
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
+msgid "You have unsaved changes"
+msgstr ""
+
#: apps/remix/app/components/dialogs/team-member-update-dialog.tsx
msgid "You have updated {memberName}."
msgstr "Sie haben {memberName} aktualisiert."
@@ -14716,4 +14730,3 @@ msgstr "Ihr Verifizierungscode:"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
msgid "your-domain.com another-domain.com"
msgstr "your-domain.com another-domain.com"
-
diff --git a/packages/lib/translations/en/web.po b/packages/lib/translations/en/web.po
index 454a46e1e..23d2f1c8f 100644
--- a/packages/lib/translations/en/web.po
+++ b/packages/lib/translations/en/web.po
@@ -2436,6 +2436,7 @@ msgstr "Branding Logo"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Branding Preferences"
msgstr "Branding Preferences"
@@ -3567,6 +3568,7 @@ msgid "Currently all organisation members can access this team"
msgstr "Currently all organisation members can access this team"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Currently branding can only be configured for Teams and above plans."
msgstr "Currently branding can only be configured for Teams and above plans."
@@ -4209,8 +4211,8 @@ msgstr "Document cancelled"
#: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx
#: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx
+#: packages/lib/jobs/definitions/emails/send-document-deleted-emails.handler.ts
#: packages/lib/server-only/admin/admin-super-delete-document.ts
-#: packages/lib/server-only/document/delete-document.ts
msgid "Document Cancelled"
msgstr "Document Cancelled"
@@ -7937,6 +7939,11 @@ msgstr "Original"
msgid "Otherwise, the document will be created as a draft."
msgstr "Otherwise, the document will be created as a draft."
+#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx
+#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx
+msgid "Overlapping fields detected"
+msgstr "Overlapping fields detected"
+
#: apps/remix/app/components/forms/document-preferences-form.tsx
#: apps/remix/app/components/forms/email-preferences-form.tsx
msgid "Override organisation settings"
@@ -8772,6 +8779,10 @@ msgstr "Recipient ID:"
msgid "Recipient rejected the document"
msgstr "Recipient rejected the document"
+#: packages/lib/utils/document-audit-logs.ts
+msgid "Recipient rejected the document externally"
+msgstr "Recipient rejected the document externally"
+
#: apps/remix/app/components/general/admin-global-settings-section.tsx
msgid "Recipient removed"
msgstr "Recipient removed"
@@ -8908,6 +8919,11 @@ msgstr "Redirect URL"
msgid "Redirecting"
msgstr "Redirecting"
+#. placeholder {0}: oidcProviderLabel || 'OIDC'
+#: apps/remix/app/routes/_unauthenticated+/signin.tsx
+msgid "Redirecting to {0}..."
+msgstr "Redirecting to {0}..."
+
#: apps/remix/app/components/forms/signup.tsx
#: apps/remix/app/components/general/claim-account.tsx
msgid "Registration Successful"
@@ -9183,9 +9199,7 @@ msgstr "Resend Envelope"
msgid "Resend verification"
msgstr "Resend verification"
-#: apps/remix/app/components/forms/organisation-update-form.tsx
#: apps/remix/app/components/forms/public-profile-form.tsx
-#: apps/remix/app/components/forms/team-update-form.tsx
#: apps/remix/app/components/general/organisation-usage-reset-button.tsx
msgid "Reset"
msgstr "Reset"
@@ -9370,6 +9384,7 @@ msgid "Save as Template"
msgstr "Save as Template"
#: apps/remix/app/components/dialogs/email-transport-update-dialog.tsx
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
msgid "Save changes"
msgstr "Save changes"
@@ -10210,6 +10225,11 @@ msgstr "Site Settings"
msgid "Skip"
msgstr "Skip"
+#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx
+#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx
+msgid "Some fields are placed on top of each other. This may complicate the signing process or cause fields to not work as expected."
+msgstr "Some fields are placed on top of each other. This may complicate the signing process or cause fields to not work as expected."
+
#: packages/ui/primitives/document-flow/missing-signature-field-dialog.tsx
msgid "Some signers have not been assigned a signature field. Please assign at least 1 signature field to each signer before proceeding."
msgstr "Some signers have not been assigned a signature field. Please assign at least 1 signature field to each signer before proceeding."
@@ -11088,6 +11108,23 @@ msgstr "The document signing process will be stopped"
msgid "The document was created but could not be sent to recipients."
msgstr "The document was created but could not be sent to recipients."
+#: packages/lib/utils/document-audit-logs.ts
+msgid "The document was rejected externally by {onBehalfOf} on behalf of {user}"
+msgstr "The document was rejected externally by {onBehalfOf} on behalf of {user}"
+
+#: packages/lib/utils/document-audit-logs.ts
+#: packages/lib/utils/document-audit-logs.ts
+msgid "The document was rejected externally by {onBehalfOf} on behalf of the recipient"
+msgstr "The document was rejected externally by {onBehalfOf} on behalf of the recipient"
+
+#: packages/lib/utils/document-audit-logs.ts
+msgid "The document was rejected externally on behalf of {user}"
+msgstr "The document was rejected externally on behalf of {user}"
+
+#: packages/lib/utils/document-audit-logs.ts
+msgid "The document was rejected externally on behalf of the recipient"
+msgstr "The document was rejected externally on behalf of the recipient"
+
#: apps/remix/app/components/dialogs/envelope-delete-dialog.tsx
msgid "The document will be hidden from your account"
msgstr "The document will be hidden from your account"
@@ -12223,6 +12260,7 @@ msgstr "Unauthorized"
msgid "Uncompleted"
msgstr "Uncompleted"
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
#: packages/ui/primitives/signature-pad/signature-pad-draw.tsx
msgid "Undo"
msgstr "Undo"
@@ -12272,6 +12310,10 @@ msgstr "Unlink"
msgid "Unpin"
msgstr "Unpin"
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
+msgid "Unsaved changes"
+msgstr "Unsaved changes"
+
#: apps/remix/app/routes/_authenticated+/admin+/_layout.tsx
#: apps/remix/app/routes/_authenticated+/admin+/unsealed-documents._index.tsx
msgid "Unsealed Documents"
@@ -12291,9 +12333,6 @@ msgstr "Untitled Group"
#: apps/remix/app/components/dialogs/team-group-update-dialog.tsx
#: apps/remix/app/components/dialogs/team-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/webhook-edit-dialog.tsx
-#: apps/remix/app/components/forms/branding-preferences-form.tsx
-#: apps/remix/app/components/forms/document-preferences-form.tsx
-#: apps/remix/app/components/forms/email-preferences-form.tsx
#: apps/remix/app/components/forms/public-profile-form.tsx
#: apps/remix/app/components/general/envelope-editor/envelope-editor-settings-dialog.tsx
#: apps/remix/app/components/tables/admin-claims-table.tsx
@@ -12316,6 +12355,7 @@ msgstr "Update Banner"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains._index.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Update Billing"
msgstr "Update Billing"
@@ -12343,10 +12383,6 @@ msgstr "Update email"
msgid "Update Fields"
msgstr "Update Fields"
-#: apps/remix/app/components/forms/organisation-update-form.tsx
-msgid "Update organisation"
-msgstr "Update organisation"
-
#: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx
@@ -12382,10 +12418,6 @@ msgstr "Update role"
msgid "Update Subscription Claim"
msgstr "Update Subscription Claim"
-#: apps/remix/app/components/forms/team-update-form.tsx
-msgid "Update team"
-msgstr "Update team"
-
#: apps/remix/app/components/dialogs/team-email-update-dialog.tsx
#: apps/remix/app/components/dialogs/team-email-update-dialog.tsx
msgid "Update team email"
@@ -12916,7 +12948,7 @@ msgstr "Waiting"
msgid "Waiting for others"
msgstr "Waiting for others"
-#: packages/lib/server-only/document/send-pending-email.ts
+#: packages/lib/jobs/definitions/emails/send-document-pending-email.handler.ts
msgid "Waiting for others to complete signing."
msgstr "Waiting for others to complete signing."
@@ -13890,8 +13922,7 @@ msgstr "You have been invited to join {0} on Documenso"
msgid "You have been invited to join the following organisation"
msgstr "You have been invited to join the following organisation"
-#: packages/lib/server-only/recipient/delete-envelope-recipient.ts
-#: packages/lib/server-only/recipient/set-document-recipients.ts
+#: packages/lib/jobs/definitions/emails/send-recipient-removed-email.handler.ts
msgid "You have been removed from a document"
msgstr "You have been removed from a document"
@@ -14011,6 +14042,10 @@ msgstr "You have successfully revoked access."
msgid "You have the right to withdraw your consent to use electronic signatures at any time before completing the signing process. To withdraw your consent, please contact the sender of the document. In failing to contact the sender you may reach out to <0>{SUPPORT_EMAIL}0> for assistance. Be aware that withdrawing consent may delay or halt the completion of the related transaction or service."
msgstr "You have the right to withdraw your consent to use electronic signatures at any time before completing the signing process. To withdraw your consent, please contact the sender of the document. In failing to contact the sender you may reach out to <0>{SUPPORT_EMAIL}0> for assistance. Be aware that withdrawing consent may delay or halt the completion of the related transaction or service."
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
+msgid "You have unsaved changes"
+msgstr "You have unsaved changes"
+
#: apps/remix/app/components/dialogs/team-member-update-dialog.tsx
msgid "You have updated {memberName}."
msgstr "You have updated {memberName}."
diff --git a/packages/lib/translations/es/web.po b/packages/lib/translations/es/web.po
index 4eef75f10..eaa06c120 100644
--- a/packages/lib/translations/es/web.po
+++ b/packages/lib/translations/es/web.po
@@ -2441,6 +2441,7 @@ msgstr "Logotipo de Marca"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Branding Preferences"
msgstr "Preferencias de marca"
@@ -3572,6 +3573,7 @@ msgid "Currently all organisation members can access this team"
msgstr "Actualmente, todos los miembros de la organización pueden acceder a este equipo"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Currently branding can only be configured for Teams and above plans."
msgstr "Actualmente la marca solo se puede configurar para Equipos y planes superiores."
@@ -4214,8 +4216,8 @@ msgstr "Documento cancelado"
#: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx
#: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx
+#: packages/lib/jobs/definitions/emails/send-document-deleted-emails.handler.ts
#: packages/lib/server-only/admin/admin-super-delete-document.ts
-#: packages/lib/server-only/document/delete-document.ts
msgid "Document Cancelled"
msgstr "Documento cancelado"
@@ -7942,6 +7944,11 @@ msgstr "Original"
msgid "Otherwise, the document will be created as a draft."
msgstr "De lo contrario, el documento se creará como un borrador."
+#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx
+#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx
+msgid "Overlapping fields detected"
+msgstr ""
+
#: apps/remix/app/components/forms/document-preferences-form.tsx
#: apps/remix/app/components/forms/email-preferences-form.tsx
msgid "Override organisation settings"
@@ -8917,6 +8924,11 @@ msgstr "URL de redirección"
msgid "Redirecting"
msgstr "Redireccionando"
+#. placeholder {0}: oidcProviderLabel || 'OIDC'
+#: apps/remix/app/routes/_unauthenticated+/signin.tsx
+msgid "Redirecting to {0}..."
+msgstr ""
+
#: apps/remix/app/components/forms/signup.tsx
#: apps/remix/app/components/general/claim-account.tsx
msgid "Registration Successful"
@@ -9192,9 +9204,7 @@ msgstr "Reenviar sobre (envelope)"
msgid "Resend verification"
msgstr "Reenviar verificación"
-#: apps/remix/app/components/forms/organisation-update-form.tsx
#: apps/remix/app/components/forms/public-profile-form.tsx
-#: apps/remix/app/components/forms/team-update-form.tsx
#: apps/remix/app/components/general/organisation-usage-reset-button.tsx
msgid "Reset"
msgstr "Restablecer"
@@ -9379,6 +9389,7 @@ msgid "Save as Template"
msgstr "Guardar como plantilla"
#: apps/remix/app/components/dialogs/email-transport-update-dialog.tsx
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
msgid "Save changes"
msgstr "Guardar cambios"
@@ -10219,6 +10230,11 @@ msgstr "Configuraciones del sitio"
msgid "Skip"
msgstr "Omitir"
+#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx
+#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx
+msgid "Some fields are placed on top of each other. This may complicate the signing process or cause fields to not work as expected."
+msgstr ""
+
#: packages/ui/primitives/document-flow/missing-signature-field-dialog.tsx
msgid "Some signers have not been assigned a signature field. Please assign at least 1 signature field to each signer before proceeding."
msgstr "Algunos firmantes no han sido asignados a un campo de firma. Asigne al menos 1 campo de firma a cada firmante antes de continuar."
@@ -12249,6 +12265,7 @@ msgstr "No autorizado"
msgid "Uncompleted"
msgstr "Incompleto"
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
#: packages/ui/primitives/signature-pad/signature-pad-draw.tsx
msgid "Undo"
msgstr "Deshacer"
@@ -12298,6 +12315,10 @@ msgstr "Desvincular"
msgid "Unpin"
msgstr "Desanclar"
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
+msgid "Unsaved changes"
+msgstr ""
+
#: apps/remix/app/routes/_authenticated+/admin+/_layout.tsx
#: apps/remix/app/routes/_authenticated+/admin+/unsealed-documents._index.tsx
msgid "Unsealed Documents"
@@ -12317,9 +12338,6 @@ msgstr "Grupo sin título"
#: apps/remix/app/components/dialogs/team-group-update-dialog.tsx
#: apps/remix/app/components/dialogs/team-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/webhook-edit-dialog.tsx
-#: apps/remix/app/components/forms/branding-preferences-form.tsx
-#: apps/remix/app/components/forms/document-preferences-form.tsx
-#: apps/remix/app/components/forms/email-preferences-form.tsx
#: apps/remix/app/components/forms/public-profile-form.tsx
#: apps/remix/app/components/general/envelope-editor/envelope-editor-settings-dialog.tsx
#: apps/remix/app/components/tables/admin-claims-table.tsx
@@ -12342,6 +12360,7 @@ msgstr "Actualizar banner"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains._index.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Update Billing"
msgstr "Actualizar facturación"
@@ -12369,10 +12388,6 @@ msgstr "Actualizar correo electrónico"
msgid "Update Fields"
msgstr "Actualizar Campos"
-#: apps/remix/app/components/forms/organisation-update-form.tsx
-msgid "Update organisation"
-msgstr "Actualizar organización"
-
#: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx
@@ -12408,10 +12423,6 @@ msgstr "Actualizar rol"
msgid "Update Subscription Claim"
msgstr "Actualizar reclamo de suscripción"
-#: apps/remix/app/components/forms/team-update-form.tsx
-msgid "Update team"
-msgstr "Actualizar equipo"
-
#: apps/remix/app/components/dialogs/team-email-update-dialog.tsx
#: apps/remix/app/components/dialogs/team-email-update-dialog.tsx
msgid "Update team email"
@@ -12942,7 +12953,7 @@ msgstr "Esperando"
msgid "Waiting for others"
msgstr "Esperando a otros"
-#: packages/lib/server-only/document/send-pending-email.ts
+#: packages/lib/jobs/definitions/emails/send-document-pending-email.handler.ts
msgid "Waiting for others to complete signing."
msgstr "Esperando a que otros completen la firma."
@@ -13916,8 +13927,7 @@ msgstr "Te han invitado a unirte a {0} en Documenso"
msgid "You have been invited to join the following organisation"
msgstr "Has sido invitado a unirte a la siguiente organización"
-#: packages/lib/server-only/recipient/delete-envelope-recipient.ts
-#: packages/lib/server-only/recipient/set-document-recipients.ts
+#: packages/lib/jobs/definitions/emails/send-recipient-removed-email.handler.ts
msgid "You have been removed from a document"
msgstr "Te han eliminado de un documento"
@@ -14037,6 +14047,10 @@ msgstr "Has revocado el acceso con éxito."
msgid "You have the right to withdraw your consent to use electronic signatures at any time before completing the signing process. To withdraw your consent, please contact the sender of the document. In failing to contact the sender you may reach out to <0>{SUPPORT_EMAIL}0> for assistance. Be aware that withdrawing consent may delay or halt the completion of the related transaction or service."
msgstr "Usted tiene el derecho de retirar su consentimiento para usar firmas electrónicas en cualquier momento antes de completar el proceso de firma. Para retirar su consentimiento, comuníquese con el remitente del documento. Si no se comunica con el remitente, puede comunicarse con <0>{SUPPORT_EMAIL}0> para obtener asistencia. Tenga en cuenta que retirar el consentimiento puede retrasar o detener la finalización de la transacción o servicio relacionado."
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
+msgid "You have unsaved changes"
+msgstr ""
+
#: apps/remix/app/components/dialogs/team-member-update-dialog.tsx
msgid "You have updated {memberName}."
msgstr "Has actualizado a {memberName}."
@@ -14716,4 +14730,3 @@ msgstr "Su código de verificación:"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
msgid "your-domain.com another-domain.com"
msgstr "su-dominio.com otro-dominio.com"
-
diff --git a/packages/lib/translations/fr/web.po b/packages/lib/translations/fr/web.po
index 1305373bc..a6ca6fd07 100644
--- a/packages/lib/translations/fr/web.po
+++ b/packages/lib/translations/fr/web.po
@@ -2441,6 +2441,7 @@ msgstr "Logo de la marque"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Branding Preferences"
msgstr "Préférences de branding"
@@ -3572,6 +3573,7 @@ msgid "Currently all organisation members can access this team"
msgstr "Actuellement, tous les membres de l'organisation peuvent accéder à cette équipe"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Currently branding can only be configured for Teams and above plans."
msgstr "Actuellement, la personnalisation de la marque ne peut être configurée que pour les plans Équipe et plus."
@@ -4214,8 +4216,8 @@ msgstr "Document annulé"
#: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx
#: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx
+#: packages/lib/jobs/definitions/emails/send-document-deleted-emails.handler.ts
#: packages/lib/server-only/admin/admin-super-delete-document.ts
-#: packages/lib/server-only/document/delete-document.ts
msgid "Document Cancelled"
msgstr "Document Annulé"
@@ -7942,6 +7944,11 @@ msgstr "Original"
msgid "Otherwise, the document will be created as a draft."
msgstr "Sinon, le document sera créé sous forme de brouillon."
+#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx
+#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx
+msgid "Overlapping fields detected"
+msgstr ""
+
#: apps/remix/app/components/forms/document-preferences-form.tsx
#: apps/remix/app/components/forms/email-preferences-form.tsx
msgid "Override organisation settings"
@@ -8424,7 +8431,7 @@ msgstr "Veuillez réessayer ou contacter notre support."
#. placeholder {0}: `'${t(deleteMessage)}'`
#: apps/remix/app/components/dialogs/envelope-delete-dialog.tsx
msgid "Please type {0} to confirm"
-msgstr "Veuiillez taper {0} pour confirmer"
+msgstr "Veuillez taper {0} pour confirmer"
#. placeholder {0}: user.email
#: apps/remix/app/components/dialogs/account-delete-dialog.tsx
@@ -8917,6 +8924,11 @@ msgstr "URL de redirection"
msgid "Redirecting"
msgstr "Redirection"
+#. placeholder {0}: oidcProviderLabel || 'OIDC'
+#: apps/remix/app/routes/_unauthenticated+/signin.tsx
+msgid "Redirecting to {0}..."
+msgstr ""
+
#: apps/remix/app/components/forms/signup.tsx
#: apps/remix/app/components/general/claim-account.tsx
msgid "Registration Successful"
@@ -9192,9 +9204,7 @@ msgstr "Renvoyer l’enveloppe"
msgid "Resend verification"
msgstr "Renvoyer la vérification"
-#: apps/remix/app/components/forms/organisation-update-form.tsx
#: apps/remix/app/components/forms/public-profile-form.tsx
-#: apps/remix/app/components/forms/team-update-form.tsx
#: apps/remix/app/components/general/organisation-usage-reset-button.tsx
msgid "Reset"
msgstr "Réinitialiser"
@@ -9379,6 +9389,7 @@ msgid "Save as Template"
msgstr "Enregistrer comme modèle"
#: apps/remix/app/components/dialogs/email-transport-update-dialog.tsx
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
msgid "Save changes"
msgstr "Enregistrer les modifications"
@@ -10219,6 +10230,11 @@ msgstr "Paramètres du site"
msgid "Skip"
msgstr "Ignorer"
+#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx
+#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx
+msgid "Some fields are placed on top of each other. This may complicate the signing process or cause fields to not work as expected."
+msgstr ""
+
#: packages/ui/primitives/document-flow/missing-signature-field-dialog.tsx
msgid "Some signers have not been assigned a signature field. Please assign at least 1 signature field to each signer before proceeding."
msgstr "Certains signataires n'ont pas été assignés à un champ de signature. Veuillez assigner au moins 1 champ de signature à chaque signataire avant de continuer."
@@ -12249,6 +12265,7 @@ msgstr "Non autorisé"
msgid "Uncompleted"
msgstr "Non complet"
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
#: packages/ui/primitives/signature-pad/signature-pad-draw.tsx
msgid "Undo"
msgstr "Annuler"
@@ -12298,6 +12315,10 @@ msgstr "Délier"
msgid "Unpin"
msgstr "Détacher"
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
+msgid "Unsaved changes"
+msgstr ""
+
#: apps/remix/app/routes/_authenticated+/admin+/_layout.tsx
#: apps/remix/app/routes/_authenticated+/admin+/unsealed-documents._index.tsx
msgid "Unsealed Documents"
@@ -12317,9 +12338,6 @@ msgstr "Groupe sans titre"
#: apps/remix/app/components/dialogs/team-group-update-dialog.tsx
#: apps/remix/app/components/dialogs/team-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/webhook-edit-dialog.tsx
-#: apps/remix/app/components/forms/branding-preferences-form.tsx
-#: apps/remix/app/components/forms/document-preferences-form.tsx
-#: apps/remix/app/components/forms/email-preferences-form.tsx
#: apps/remix/app/components/forms/public-profile-form.tsx
#: apps/remix/app/components/general/envelope-editor/envelope-editor-settings-dialog.tsx
#: apps/remix/app/components/tables/admin-claims-table.tsx
@@ -12342,6 +12360,7 @@ msgstr "Mettre à jour la bannière"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains._index.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Update Billing"
msgstr "Mettre à jour la facturation"
@@ -12369,10 +12388,6 @@ msgstr "Mettre à jour l'e-mail"
msgid "Update Fields"
msgstr "Mettre à jour les champs"
-#: apps/remix/app/components/forms/organisation-update-form.tsx
-msgid "Update organisation"
-msgstr "Mettre à jour l'organisation"
-
#: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx
@@ -12408,10 +12423,6 @@ msgstr "Mettre à jour le rôle"
msgid "Update Subscription Claim"
msgstr "Mettre à jour la réclamation d'abonnement"
-#: apps/remix/app/components/forms/team-update-form.tsx
-msgid "Update team"
-msgstr "Mettre à jour l'équipe"
-
#: apps/remix/app/components/dialogs/team-email-update-dialog.tsx
#: apps/remix/app/components/dialogs/team-email-update-dialog.tsx
msgid "Update team email"
@@ -12942,7 +12953,7 @@ msgstr "En attente"
msgid "Waiting for others"
msgstr "En attente des autres"
-#: packages/lib/server-only/document/send-pending-email.ts
+#: packages/lib/jobs/definitions/emails/send-document-pending-email.handler.ts
msgid "Waiting for others to complete signing."
msgstr "En attente que d'autres terminent la signature."
@@ -13916,8 +13927,7 @@ msgstr "Vous avez été invité à rejoindre {0} sur Documenso"
msgid "You have been invited to join the following organisation"
msgstr "Vous avez été invité à rejoindre l'organisation suivante"
-#: packages/lib/server-only/recipient/delete-envelope-recipient.ts
-#: packages/lib/server-only/recipient/set-document-recipients.ts
+#: packages/lib/jobs/definitions/emails/send-recipient-removed-email.handler.ts
msgid "You have been removed from a document"
msgstr "Vous avez été supprimé d'un document"
@@ -14037,6 +14047,10 @@ msgstr "Vous avez révoqué l'accès avec succès."
msgid "You have the right to withdraw your consent to use electronic signatures at any time before completing the signing process. To withdraw your consent, please contact the sender of the document. In failing to contact the sender you may reach out to <0>{SUPPORT_EMAIL}0> for assistance. Be aware that withdrawing consent may delay or halt the completion of the related transaction or service."
msgstr "Vous avez le droit de retirer votre consentement à l'utilisation des signatures électroniques à tout moment avant de terminer le processus de signature. Pour retirer votre consentement, veuillez contacter l'expéditeur du document. Si vous ne contactez pas l'expéditeur, vous pouvez contacter <0>{SUPPORT_EMAIL}0> pour obtenir de l'aide. Sachez que le retrait de consentement peut retarder ou arrêter l'achèvement de la transaction ou du service associé."
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
+msgid "You have unsaved changes"
+msgstr ""
+
#: apps/remix/app/components/dialogs/team-member-update-dialog.tsx
msgid "You have updated {memberName}."
msgstr "Vous avez mis à jour {memberName}."
@@ -14716,4 +14730,3 @@ msgstr "Votre code de vérification :"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
msgid "your-domain.com another-domain.com"
msgstr "your-domain.com another-domain.com"
-
diff --git a/packages/lib/translations/it/web.po b/packages/lib/translations/it/web.po
index d59511b72..af3f6de43 100644
--- a/packages/lib/translations/it/web.po
+++ b/packages/lib/translations/it/web.po
@@ -2441,6 +2441,7 @@ msgstr "Logo del Marchio"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Branding Preferences"
msgstr "Preferenze per il branding"
@@ -3572,6 +3573,7 @@ msgid "Currently all organisation members can access this team"
msgstr "Attualmente tutti i membri dell'organizzazione possono accedere a questo team"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Currently branding can only be configured for Teams and above plans."
msgstr "Attualmente il marchio può essere configurato solo per i piani Team e superiori."
@@ -4214,8 +4216,8 @@ msgstr "Documento annullato"
#: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx
#: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx
+#: packages/lib/jobs/definitions/emails/send-document-deleted-emails.handler.ts
#: packages/lib/server-only/admin/admin-super-delete-document.ts
-#: packages/lib/server-only/document/delete-document.ts
msgid "Document Cancelled"
msgstr "Documento Annullato"
@@ -7942,6 +7944,11 @@ msgstr "Originale"
msgid "Otherwise, the document will be created as a draft."
msgstr "Altrimenti, il documento sarà creato come bozza."
+#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx
+#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx
+msgid "Overlapping fields detected"
+msgstr ""
+
#: apps/remix/app/components/forms/document-preferences-form.tsx
#: apps/remix/app/components/forms/email-preferences-form.tsx
msgid "Override organisation settings"
@@ -8917,6 +8924,11 @@ msgstr "URL di reindirizzamento"
msgid "Redirecting"
msgstr "Reindirizzamento"
+#. placeholder {0}: oidcProviderLabel || 'OIDC'
+#: apps/remix/app/routes/_unauthenticated+/signin.tsx
+msgid "Redirecting to {0}..."
+msgstr ""
+
#: apps/remix/app/components/forms/signup.tsx
#: apps/remix/app/components/general/claim-account.tsx
msgid "Registration Successful"
@@ -9192,9 +9204,7 @@ msgstr "Invia nuovamente busta"
msgid "Resend verification"
msgstr "Reinvia verifica"
-#: apps/remix/app/components/forms/organisation-update-form.tsx
#: apps/remix/app/components/forms/public-profile-form.tsx
-#: apps/remix/app/components/forms/team-update-form.tsx
#: apps/remix/app/components/general/organisation-usage-reset-button.tsx
msgid "Reset"
msgstr "Ripristina"
@@ -9379,6 +9389,7 @@ msgid "Save as Template"
msgstr "Salva come modello"
#: apps/remix/app/components/dialogs/email-transport-update-dialog.tsx
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
msgid "Save changes"
msgstr "Salva le modifiche"
@@ -10219,6 +10230,11 @@ msgstr "Impostazioni del sito"
msgid "Skip"
msgstr "Salta"
+#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx
+#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx
+msgid "Some fields are placed on top of each other. This may complicate the signing process or cause fields to not work as expected."
+msgstr ""
+
#: packages/ui/primitives/document-flow/missing-signature-field-dialog.tsx
msgid "Some signers have not been assigned a signature field. Please assign at least 1 signature field to each signer before proceeding."
msgstr "Alcuni firmatari non hanno un campo firma assegnato. Assegna almeno 1 campo di firma a ciascun firmatario prima di procedere."
@@ -12249,6 +12265,7 @@ msgstr "Non autorizzato"
msgid "Uncompleted"
msgstr "Incompleto"
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
#: packages/ui/primitives/signature-pad/signature-pad-draw.tsx
msgid "Undo"
msgstr "Annulla"
@@ -12298,6 +12315,10 @@ msgstr "Scollega"
msgid "Unpin"
msgstr "Rimuovi"
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
+msgid "Unsaved changes"
+msgstr ""
+
#: apps/remix/app/routes/_authenticated+/admin+/_layout.tsx
#: apps/remix/app/routes/_authenticated+/admin+/unsealed-documents._index.tsx
msgid "Unsealed Documents"
@@ -12317,9 +12338,6 @@ msgstr "Gruppo senza nome"
#: apps/remix/app/components/dialogs/team-group-update-dialog.tsx
#: apps/remix/app/components/dialogs/team-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/webhook-edit-dialog.tsx
-#: apps/remix/app/components/forms/branding-preferences-form.tsx
-#: apps/remix/app/components/forms/document-preferences-form.tsx
-#: apps/remix/app/components/forms/email-preferences-form.tsx
#: apps/remix/app/components/forms/public-profile-form.tsx
#: apps/remix/app/components/general/envelope-editor/envelope-editor-settings-dialog.tsx
#: apps/remix/app/components/tables/admin-claims-table.tsx
@@ -12342,6 +12360,7 @@ msgstr "Aggiorna banner"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains._index.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Update Billing"
msgstr "Aggiorna fatturazione"
@@ -12369,10 +12388,6 @@ msgstr "Aggiorna email"
msgid "Update Fields"
msgstr "Aggiorna campi"
-#: apps/remix/app/components/forms/organisation-update-form.tsx
-msgid "Update organisation"
-msgstr "Aggiorna organizzazione"
-
#: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx
@@ -12408,10 +12423,6 @@ msgstr "Aggiorna ruolo"
msgid "Update Subscription Claim"
msgstr "Aggiorna reclamo di sottoscrizione"
-#: apps/remix/app/components/forms/team-update-form.tsx
-msgid "Update team"
-msgstr "Aggiorna team"
-
#: apps/remix/app/components/dialogs/team-email-update-dialog.tsx
#: apps/remix/app/components/dialogs/team-email-update-dialog.tsx
msgid "Update team email"
@@ -12942,7 +12953,7 @@ msgstr "In attesa"
msgid "Waiting for others"
msgstr "In attesa di altri"
-#: packages/lib/server-only/document/send-pending-email.ts
+#: packages/lib/jobs/definitions/emails/send-document-pending-email.handler.ts
msgid "Waiting for others to complete signing."
msgstr "In attesa che altri completino la firma."
@@ -13916,8 +13927,7 @@ msgstr "Sei stato invitato a unirti a {0} su Documenso"
msgid "You have been invited to join the following organisation"
msgstr "Sei stato invitato a unirti alla seguente organizzazione"
-#: packages/lib/server-only/recipient/delete-envelope-recipient.ts
-#: packages/lib/server-only/recipient/set-document-recipients.ts
+#: packages/lib/jobs/definitions/emails/send-recipient-removed-email.handler.ts
msgid "You have been removed from a document"
msgstr "Sei stato rimosso da un documento"
@@ -14037,6 +14047,10 @@ msgstr "Hai revocato con successo l'accesso."
msgid "You have the right to withdraw your consent to use electronic signatures at any time before completing the signing process. To withdraw your consent, please contact the sender of the document. In failing to contact the sender you may reach out to <0>{SUPPORT_EMAIL}0> for assistance. Be aware that withdrawing consent may delay or halt the completion of the related transaction or service."
msgstr "Hai il diritto di ritirare il tuo consenso all'uso delle firme elettroniche in qualsiasi momento prima di completare il processo di firma. Per ritirare il tuo consenso, contatta il mittente del documento. Nel caso in cui non riesci a contattare il mittente, puoi contattare <0>{SUPPORT_EMAIL}0> per assistenza. Sii consapevole che il ritiro del consenso potrebbe ritardare o fermare il completamento della transazione o del servizio correlato."
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
+msgid "You have unsaved changes"
+msgstr ""
+
#: apps/remix/app/components/dialogs/team-member-update-dialog.tsx
msgid "You have updated {memberName}."
msgstr "Hai aggiornato {memberName}."
@@ -14716,4 +14730,3 @@ msgstr "Il tuo codice di verifica:"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
msgid "your-domain.com another-domain.com"
msgstr "tuo-dominio.com altro-dominio.com"
-
diff --git a/packages/lib/translations/ja/web.po b/packages/lib/translations/ja/web.po
index 2c710627f..a71b944ec 100644
--- a/packages/lib/translations/ja/web.po
+++ b/packages/lib/translations/ja/web.po
@@ -2441,6 +2441,7 @@ msgstr "ブランディングロゴ"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Branding Preferences"
msgstr "ブランディング設定"
@@ -3572,6 +3573,7 @@ msgid "Currently all organisation members can access this team"
msgstr "現在、すべての組織メンバーがこのチームにアクセスできます"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Currently branding can only be configured for Teams and above plans."
msgstr "現在、ブランディングは Teams プラン以上のみ設定できます。"
@@ -4214,8 +4216,8 @@ msgstr "文書は取り消されました"
#: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx
#: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx
+#: packages/lib/jobs/definitions/emails/send-document-deleted-emails.handler.ts
#: packages/lib/server-only/admin/admin-super-delete-document.ts
-#: packages/lib/server-only/document/delete-document.ts
msgid "Document Cancelled"
msgstr "文書はキャンセルされました"
@@ -7942,6 +7944,11 @@ msgstr "オリジナル"
msgid "Otherwise, the document will be created as a draft."
msgstr "チェックを入れない場合、文書は下書きとして作成されます。"
+#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx
+#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx
+msgid "Overlapping fields detected"
+msgstr ""
+
#: apps/remix/app/components/forms/document-preferences-form.tsx
#: apps/remix/app/components/forms/email-preferences-form.tsx
msgid "Override organisation settings"
@@ -8917,6 +8924,11 @@ msgstr "リダイレクト URL"
msgid "Redirecting"
msgstr "リダイレクト中"
+#. placeholder {0}: oidcProviderLabel || 'OIDC'
+#: apps/remix/app/routes/_unauthenticated+/signin.tsx
+msgid "Redirecting to {0}..."
+msgstr ""
+
#: apps/remix/app/components/forms/signup.tsx
#: apps/remix/app/components/general/claim-account.tsx
msgid "Registration Successful"
@@ -9192,9 +9204,7 @@ msgstr "封筒を再送信"
msgid "Resend verification"
msgstr "認証を再送"
-#: apps/remix/app/components/forms/organisation-update-form.tsx
#: apps/remix/app/components/forms/public-profile-form.tsx
-#: apps/remix/app/components/forms/team-update-form.tsx
#: apps/remix/app/components/general/organisation-usage-reset-button.tsx
msgid "Reset"
msgstr "リセット"
@@ -9379,6 +9389,7 @@ msgid "Save as Template"
msgstr "テンプレートとして保存"
#: apps/remix/app/components/dialogs/email-transport-update-dialog.tsx
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
msgid "Save changes"
msgstr "変更を保存"
@@ -10219,6 +10230,11 @@ msgstr "サイト設定"
msgid "Skip"
msgstr "スキップ"
+#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx
+#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx
+msgid "Some fields are placed on top of each other. This may complicate the signing process or cause fields to not work as expected."
+msgstr ""
+
#: packages/ui/primitives/document-flow/missing-signature-field-dialog.tsx
msgid "Some signers have not been assigned a signature field. Please assign at least 1 signature field to each signer before proceeding."
msgstr "一部の署名者に署名フィールドが割り当てられていません。続行する前に、各署名者に少なくとも 1 つの署名フィールドを割り当ててください。"
@@ -12249,6 +12265,7 @@ msgstr "権限がありません"
msgid "Uncompleted"
msgstr "未完了"
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
#: packages/ui/primitives/signature-pad/signature-pad-draw.tsx
msgid "Undo"
msgstr "元に戻す"
@@ -12298,6 +12315,10 @@ msgstr "リンク解除"
msgid "Unpin"
msgstr "ピン留めを解除"
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
+msgid "Unsaved changes"
+msgstr ""
+
#: apps/remix/app/routes/_authenticated+/admin+/_layout.tsx
#: apps/remix/app/routes/_authenticated+/admin+/unsealed-documents._index.tsx
msgid "Unsealed Documents"
@@ -12317,9 +12338,6 @@ msgstr "無題のグループ"
#: apps/remix/app/components/dialogs/team-group-update-dialog.tsx
#: apps/remix/app/components/dialogs/team-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/webhook-edit-dialog.tsx
-#: apps/remix/app/components/forms/branding-preferences-form.tsx
-#: apps/remix/app/components/forms/document-preferences-form.tsx
-#: apps/remix/app/components/forms/email-preferences-form.tsx
#: apps/remix/app/components/forms/public-profile-form.tsx
#: apps/remix/app/components/general/envelope-editor/envelope-editor-settings-dialog.tsx
#: apps/remix/app/components/tables/admin-claims-table.tsx
@@ -12342,6 +12360,7 @@ msgstr "バナーを更新"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains._index.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Update Billing"
msgstr "請求情報を更新"
@@ -12369,10 +12388,6 @@ msgstr "メールを更新"
msgid "Update Fields"
msgstr "フィールドを更新"
-#: apps/remix/app/components/forms/organisation-update-form.tsx
-msgid "Update organisation"
-msgstr "組織を更新"
-
#: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx
@@ -12408,10 +12423,6 @@ msgstr "役割を更新"
msgid "Update Subscription Claim"
msgstr "サブスクリプションクレームを更新"
-#: apps/remix/app/components/forms/team-update-form.tsx
-msgid "Update team"
-msgstr "チームを更新"
-
#: apps/remix/app/components/dialogs/team-email-update-dialog.tsx
#: apps/remix/app/components/dialogs/team-email-update-dialog.tsx
msgid "Update team email"
@@ -12942,7 +12953,7 @@ msgstr "保留中"
msgid "Waiting for others"
msgstr "他の人の完了待ち"
-#: packages/lib/server-only/document/send-pending-email.ts
+#: packages/lib/jobs/definitions/emails/send-document-pending-email.handler.ts
msgid "Waiting for others to complete signing."
msgstr "他の署名者による署名完了を待っています。"
@@ -13916,8 +13927,7 @@ msgstr "Documenso で {0} に参加するよう招待されています"
msgid "You have been invited to join the following organisation"
msgstr "次の組織に参加するよう招待されています。"
-#: packages/lib/server-only/recipient/delete-envelope-recipient.ts
-#: packages/lib/server-only/recipient/set-document-recipients.ts
+#: packages/lib/jobs/definitions/emails/send-recipient-removed-email.handler.ts
msgid "You have been removed from a document"
msgstr "ドキュメントから削除されました"
@@ -14037,6 +14047,10 @@ msgstr "アクセスを正常に取り消しました。"
msgid "You have the right to withdraw your consent to use electronic signatures at any time before completing the signing process. To withdraw your consent, please contact the sender of the document. In failing to contact the sender you may reach out to <0>{SUPPORT_EMAIL}0> for assistance. Be aware that withdrawing consent may delay or halt the completion of the related transaction or service."
msgstr "署名プロセスを完了する前であれば、電子署名の利用に対する同意をいつでも撤回する権利があります。同意を撤回するには、文書の送信者に連絡してください。送信者に連絡できない場合は、<0>{SUPPORT_EMAIL}0> までお問い合わせください。同意を撤回すると、関連する取引やサービスの完了が遅延または中止される可能性がある点にご注意ください。"
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
+msgid "You have unsaved changes"
+msgstr ""
+
#: apps/remix/app/components/dialogs/team-member-update-dialog.tsx
msgid "You have updated {memberName}."
msgstr "{memberName} を更新しました。"
@@ -14716,4 +14730,3 @@ msgstr "認証コード:"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
msgid "your-domain.com another-domain.com"
msgstr "your-domain.com another-domain.com"
-
diff --git a/packages/lib/translations/ko/web.po b/packages/lib/translations/ko/web.po
index 802fe31f9..f7844a294 100644
--- a/packages/lib/translations/ko/web.po
+++ b/packages/lib/translations/ko/web.po
@@ -2441,6 +2441,7 @@ msgstr "브랜딩 로고"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Branding Preferences"
msgstr "브랜딩 환경설정"
@@ -3572,6 +3573,7 @@ msgid "Currently all organisation members can access this team"
msgstr "현재 모든 조직 구성원이 이 팀에 접근할 수 있습니다."
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Currently branding can only be configured for Teams and above plans."
msgstr "브랜딩은 현재 Teams 요금제 이상에서만 구성할 수 있습니다."
@@ -4214,8 +4216,8 @@ msgstr "문서가 취소되었습니다"
#: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx
#: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx
+#: packages/lib/jobs/definitions/emails/send-document-deleted-emails.handler.ts
#: packages/lib/server-only/admin/admin-super-delete-document.ts
-#: packages/lib/server-only/document/delete-document.ts
msgid "Document Cancelled"
msgstr "문서가 취소됨"
@@ -7942,6 +7944,11 @@ msgstr "원본"
msgid "Otherwise, the document will be created as a draft."
msgstr "그렇지 않으면 문서는 초안으로 생성됩니다."
+#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx
+#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx
+msgid "Overlapping fields detected"
+msgstr ""
+
#: apps/remix/app/components/forms/document-preferences-form.tsx
#: apps/remix/app/components/forms/email-preferences-form.tsx
msgid "Override organisation settings"
@@ -8917,6 +8924,11 @@ msgstr "리디렉션 URL"
msgid "Redirecting"
msgstr "리디렉션 중"
+#. placeholder {0}: oidcProviderLabel || 'OIDC'
+#: apps/remix/app/routes/_unauthenticated+/signin.tsx
+msgid "Redirecting to {0}..."
+msgstr ""
+
#: apps/remix/app/components/forms/signup.tsx
#: apps/remix/app/components/general/claim-account.tsx
msgid "Registration Successful"
@@ -9192,9 +9204,7 @@ msgstr "봉투 다시 보내기"
msgid "Resend verification"
msgstr "인증 다시 보내기"
-#: apps/remix/app/components/forms/organisation-update-form.tsx
#: apps/remix/app/components/forms/public-profile-form.tsx
-#: apps/remix/app/components/forms/team-update-form.tsx
#: apps/remix/app/components/general/organisation-usage-reset-button.tsx
msgid "Reset"
msgstr "초기화"
@@ -9379,6 +9389,7 @@ msgid "Save as Template"
msgstr "템플릿으로 저장"
#: apps/remix/app/components/dialogs/email-transport-update-dialog.tsx
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
msgid "Save changes"
msgstr "변경 사항 저장"
@@ -10219,6 +10230,11 @@ msgstr "사이트 설정"
msgid "Skip"
msgstr "건너뛰기"
+#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx
+#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx
+msgid "Some fields are placed on top of each other. This may complicate the signing process or cause fields to not work as expected."
+msgstr ""
+
#: packages/ui/primitives/document-flow/missing-signature-field-dialog.tsx
msgid "Some signers have not been assigned a signature field. Please assign at least 1 signature field to each signer before proceeding."
msgstr "일부 서명자에게 서명 필드가 할당되지 않았습니다. 진행하기 전에 각 서명자에게 최소 1개 이상의 서명 필드를 할당해 주세요."
@@ -12249,6 +12265,7 @@ msgstr "권한이 없습니다"
msgid "Uncompleted"
msgstr "미완료"
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
#: packages/ui/primitives/signature-pad/signature-pad-draw.tsx
msgid "Undo"
msgstr "실행 취소"
@@ -12298,6 +12315,10 @@ msgstr "연결 해제"
msgid "Unpin"
msgstr "고정 해제"
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
+msgid "Unsaved changes"
+msgstr ""
+
#: apps/remix/app/routes/_authenticated+/admin+/_layout.tsx
#: apps/remix/app/routes/_authenticated+/admin+/unsealed-documents._index.tsx
msgid "Unsealed Documents"
@@ -12317,9 +12338,6 @@ msgstr "제목 없는 그룹"
#: apps/remix/app/components/dialogs/team-group-update-dialog.tsx
#: apps/remix/app/components/dialogs/team-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/webhook-edit-dialog.tsx
-#: apps/remix/app/components/forms/branding-preferences-form.tsx
-#: apps/remix/app/components/forms/document-preferences-form.tsx
-#: apps/remix/app/components/forms/email-preferences-form.tsx
#: apps/remix/app/components/forms/public-profile-form.tsx
#: apps/remix/app/components/general/envelope-editor/envelope-editor-settings-dialog.tsx
#: apps/remix/app/components/tables/admin-claims-table.tsx
@@ -12342,6 +12360,7 @@ msgstr "배너 업데이트"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains._index.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Update Billing"
msgstr "결제 정보 업데이트"
@@ -12369,10 +12388,6 @@ msgstr "이메일 업데이트"
msgid "Update Fields"
msgstr "필드 업데이트"
-#: apps/remix/app/components/forms/organisation-update-form.tsx
-msgid "Update organisation"
-msgstr "조직 업데이트"
-
#: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx
@@ -12408,10 +12423,6 @@ msgstr "역할 업데이트"
msgid "Update Subscription Claim"
msgstr "구독 클레임 업데이트"
-#: apps/remix/app/components/forms/team-update-form.tsx
-msgid "Update team"
-msgstr "팀 업데이트"
-
#: apps/remix/app/components/dialogs/team-email-update-dialog.tsx
#: apps/remix/app/components/dialogs/team-email-update-dialog.tsx
msgid "Update team email"
@@ -12942,7 +12953,7 @@ msgstr "대기 중"
msgid "Waiting for others"
msgstr "다른 사람을 기다리는 중"
-#: packages/lib/server-only/document/send-pending-email.ts
+#: packages/lib/jobs/definitions/emails/send-document-pending-email.handler.ts
msgid "Waiting for others to complete signing."
msgstr "다른 서명자들이 이 문서에 서명 완료하기를 기다리는 중입니다."
@@ -13916,8 +13927,7 @@ msgstr "Documenso에서 {0} 조직에 초대되었습니다."
msgid "You have been invited to join the following organisation"
msgstr "다음 조직에 참여하라는 초대를 받았습니다."
-#: packages/lib/server-only/recipient/delete-envelope-recipient.ts
-#: packages/lib/server-only/recipient/set-document-recipients.ts
+#: packages/lib/jobs/definitions/emails/send-recipient-removed-email.handler.ts
msgid "You have been removed from a document"
msgstr "문서에서 제거되었습니다."
@@ -14037,6 +14047,10 @@ msgstr "접근 권한을 성공적으로 철회했습니다."
msgid "You have the right to withdraw your consent to use electronic signatures at any time before completing the signing process. To withdraw your consent, please contact the sender of the document. In failing to contact the sender you may reach out to <0>{SUPPORT_EMAIL}0> for assistance. Be aware that withdrawing consent may delay or halt the completion of the related transaction or service."
msgstr "전자 서명을 완료하기 전 언제든지 전자 서명 사용에 대한 동의를 철회할 권리가 있습니다. 동의를 철회하려면 문서 발송자에게 문의해 주세요. 발송자에게 연락할 수 없는 경우 <0>{SUPPORT_EMAIL}0>로 도움을 요청해 주세요. 동의를 철회하면 관련 거래나 서비스가 지연되거나 중단될 수 있습니다."
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
+msgid "You have unsaved changes"
+msgstr ""
+
#: apps/remix/app/components/dialogs/team-member-update-dialog.tsx
msgid "You have updated {memberName}."
msgstr "{memberName}을(를) 업데이트했습니다."
@@ -14716,4 +14730,3 @@ msgstr "인증 코드:"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
msgid "your-domain.com another-domain.com"
msgstr "your-domain.com another-domain.com"
-
diff --git a/packages/lib/translations/nl/web.po b/packages/lib/translations/nl/web.po
index 49953db32..0eedbcad7 100644
--- a/packages/lib/translations/nl/web.po
+++ b/packages/lib/translations/nl/web.po
@@ -2441,6 +2441,7 @@ msgstr "Branding-logo"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Branding Preferences"
msgstr "Brandingvoorkeuren"
@@ -3572,6 +3573,7 @@ msgid "Currently all organisation members can access this team"
msgstr "Momenteel hebben alle organisatieleden toegang tot dit team"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Currently branding can only be configured for Teams and above plans."
msgstr "Branding kan momenteel alleen worden geconfigureerd voor Teams- en hogere abonnementen."
@@ -4214,8 +4216,8 @@ msgstr "Document geannuleerd"
#: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx
#: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx
+#: packages/lib/jobs/definitions/emails/send-document-deleted-emails.handler.ts
#: packages/lib/server-only/admin/admin-super-delete-document.ts
-#: packages/lib/server-only/document/delete-document.ts
msgid "Document Cancelled"
msgstr "Document geannuleerd"
@@ -7942,6 +7944,11 @@ msgstr "Origineel"
msgid "Otherwise, the document will be created as a draft."
msgstr "Anders wordt het document als concept aangemaakt."
+#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx
+#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx
+msgid "Overlapping fields detected"
+msgstr ""
+
#: apps/remix/app/components/forms/document-preferences-form.tsx
#: apps/remix/app/components/forms/email-preferences-form.tsx
msgid "Override organisation settings"
@@ -8917,6 +8924,11 @@ msgstr "Redirect-URL"
msgid "Redirecting"
msgstr "Doorsturen"
+#. placeholder {0}: oidcProviderLabel || 'OIDC'
+#: apps/remix/app/routes/_unauthenticated+/signin.tsx
+msgid "Redirecting to {0}..."
+msgstr ""
+
#: apps/remix/app/components/forms/signup.tsx
#: apps/remix/app/components/general/claim-account.tsx
msgid "Registration Successful"
@@ -9192,9 +9204,7 @@ msgstr "Envelope opnieuw verzenden"
msgid "Resend verification"
msgstr "Verificatie opnieuw verzenden"
-#: apps/remix/app/components/forms/organisation-update-form.tsx
#: apps/remix/app/components/forms/public-profile-form.tsx
-#: apps/remix/app/components/forms/team-update-form.tsx
#: apps/remix/app/components/general/organisation-usage-reset-button.tsx
msgid "Reset"
msgstr "Resetten"
@@ -9379,6 +9389,7 @@ msgid "Save as Template"
msgstr "Opslaan als sjabloon"
#: apps/remix/app/components/dialogs/email-transport-update-dialog.tsx
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
msgid "Save changes"
msgstr "Wijzigingen opslaan"
@@ -10219,6 +10230,11 @@ msgstr "Site‑instellingen"
msgid "Skip"
msgstr "Overslaan"
+#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx
+#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx
+msgid "Some fields are placed on top of each other. This may complicate the signing process or cause fields to not work as expected."
+msgstr ""
+
#: packages/ui/primitives/document-flow/missing-signature-field-dialog.tsx
msgid "Some signers have not been assigned a signature field. Please assign at least 1 signature field to each signer before proceeding."
msgstr "Sommige ondertekenaars hebben geen handtekeningveld toegewezen gekregen. Wijs ten minste 1 handtekeningveld toe aan elke ondertekenaar voordat je doorgaat."
@@ -12249,6 +12265,7 @@ msgstr "Niet gemachtigd"
msgid "Uncompleted"
msgstr "Onvoltooid"
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
#: packages/ui/primitives/signature-pad/signature-pad-draw.tsx
msgid "Undo"
msgstr "Ongedaan maken"
@@ -12298,6 +12315,10 @@ msgstr "Ontkoppelen"
msgid "Unpin"
msgstr "Losmaken"
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
+msgid "Unsaved changes"
+msgstr ""
+
#: apps/remix/app/routes/_authenticated+/admin+/_layout.tsx
#: apps/remix/app/routes/_authenticated+/admin+/unsealed-documents._index.tsx
msgid "Unsealed Documents"
@@ -12317,9 +12338,6 @@ msgstr "Naamloze groep"
#: apps/remix/app/components/dialogs/team-group-update-dialog.tsx
#: apps/remix/app/components/dialogs/team-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/webhook-edit-dialog.tsx
-#: apps/remix/app/components/forms/branding-preferences-form.tsx
-#: apps/remix/app/components/forms/document-preferences-form.tsx
-#: apps/remix/app/components/forms/email-preferences-form.tsx
#: apps/remix/app/components/forms/public-profile-form.tsx
#: apps/remix/app/components/general/envelope-editor/envelope-editor-settings-dialog.tsx
#: apps/remix/app/components/tables/admin-claims-table.tsx
@@ -12342,6 +12360,7 @@ msgstr "Banner bijwerken"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains._index.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Update Billing"
msgstr "Facturering bijwerken"
@@ -12369,10 +12388,6 @@ msgstr "E-mail bijwerken"
msgid "Update Fields"
msgstr "Velden bijwerken"
-#: apps/remix/app/components/forms/organisation-update-form.tsx
-msgid "Update organisation"
-msgstr "Organisatie bijwerken"
-
#: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx
@@ -12408,10 +12423,6 @@ msgstr "Rol bijwerken"
msgid "Update Subscription Claim"
msgstr "Abonnementsclaim bijwerken"
-#: apps/remix/app/components/forms/team-update-form.tsx
-msgid "Update team"
-msgstr "Team bijwerken"
-
#: apps/remix/app/components/dialogs/team-email-update-dialog.tsx
#: apps/remix/app/components/dialogs/team-email-update-dialog.tsx
msgid "Update team email"
@@ -12942,7 +12953,7 @@ msgstr "Wachten"
msgid "Waiting for others"
msgstr "Wachten op anderen"
-#: packages/lib/server-only/document/send-pending-email.ts
+#: packages/lib/jobs/definitions/emails/send-document-pending-email.handler.ts
msgid "Waiting for others to complete signing."
msgstr "Wachten tot anderen het ondertekenen hebben voltooid."
@@ -13916,8 +13927,7 @@ msgstr "Je bent uitgenodigd om {0} op Documenso te joinen"
msgid "You have been invited to join the following organisation"
msgstr "Je bent uitgenodigd om lid te worden van de volgende organisatie"
-#: packages/lib/server-only/recipient/delete-envelope-recipient.ts
-#: packages/lib/server-only/recipient/set-document-recipients.ts
+#: packages/lib/jobs/definitions/emails/send-recipient-removed-email.handler.ts
msgid "You have been removed from a document"
msgstr "Je bent verwijderd uit een document"
@@ -14037,6 +14047,10 @@ msgstr "Je hebt de toegang succesvol ingetrokken."
msgid "You have the right to withdraw your consent to use electronic signatures at any time before completing the signing process. To withdraw your consent, please contact the sender of the document. In failing to contact the sender you may reach out to <0>{SUPPORT_EMAIL}0> for assistance. Be aware that withdrawing consent may delay or halt the completion of the related transaction or service."
msgstr "Je hebt het recht je toestemming voor het gebruik van elektronische handtekeningen op elk moment vóór voltooiing van het ondertekeningsproces in te trekken. Neem hiervoor contact op met de verzender van het document. Als dat niet lukt, kun je contact opnemen met <0>{SUPPORT_EMAIL}0> voor hulp. Houd er rekening mee dat het intrekken van toestemming de voltooiing van de betreffende transactie of dienst kan vertragen of stopzetten."
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
+msgid "You have unsaved changes"
+msgstr ""
+
#: apps/remix/app/components/dialogs/team-member-update-dialog.tsx
msgid "You have updated {memberName}."
msgstr "Je hebt {memberName} bijgewerkt."
@@ -14716,4 +14730,3 @@ msgstr "Uw verificatiecode:"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
msgid "your-domain.com another-domain.com"
msgstr "your-domain.com another-domain.com"
-
diff --git a/packages/lib/translations/pl/web.po b/packages/lib/translations/pl/web.po
index 010ea2157..4c6cd062f 100644
--- a/packages/lib/translations/pl/web.po
+++ b/packages/lib/translations/pl/web.po
@@ -2441,6 +2441,7 @@ msgstr "Logo marki"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Branding Preferences"
msgstr "Ustawienia brandingu"
@@ -2501,7 +2502,6 @@ msgstr "Akceptując prośbę, przyznasz zespołowi {0} następujące uprawnienia
#: packages/email/templates/confirm-team-email.tsx
msgid "By accepting this request, you will be granting <0>{teamName}0> access to:"
-msgstr "Akceptując prośbę, umożliwisz zespołowi <0>{teamName}0> na:"
msgstr "Akceptując prośbę, umożliwisz zespołowi <0>{teamName}0>:"
#: apps/remix/app/components/dialogs/envelope-delete-dialog.tsx
@@ -3573,6 +3573,7 @@ msgid "Currently all organisation members can access this team"
msgstr "Obecnie wszyscy użytkownicy organizacji mogą uzyskać dostęp tego zespołu"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Currently branding can only be configured for Teams and above plans."
msgstr "Branding możesz skonfigurować tylko w planie Teams i wyższym."
@@ -4215,8 +4216,8 @@ msgstr "Anulowano dokument"
#: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx
#: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx
+#: packages/lib/jobs/definitions/emails/send-document-deleted-emails.handler.ts
#: packages/lib/server-only/admin/admin-super-delete-document.ts
-#: packages/lib/server-only/document/delete-document.ts
msgid "Document Cancelled"
msgstr "Dokument został anulowany"
@@ -7943,6 +7944,11 @@ msgstr "Oryginalny"
msgid "Otherwise, the document will be created as a draft."
msgstr "W przeciwnym razie dokument zostanie utworzony jako wersja robocza."
+#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx
+#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx
+msgid "Overlapping fields detected"
+msgstr ""
+
#: apps/remix/app/components/forms/document-preferences-form.tsx
#: apps/remix/app/components/forms/email-preferences-form.tsx
msgid "Override organisation settings"
@@ -8918,6 +8924,11 @@ msgstr "Adres URL przekierowania"
msgid "Redirecting"
msgstr "Przekierowywanie"
+#. placeholder {0}: oidcProviderLabel || 'OIDC'
+#: apps/remix/app/routes/_unauthenticated+/signin.tsx
+msgid "Redirecting to {0}..."
+msgstr ""
+
#: apps/remix/app/components/forms/signup.tsx
#: apps/remix/app/components/general/claim-account.tsx
msgid "Registration Successful"
@@ -9193,9 +9204,7 @@ msgstr "Wyślij ponownie kopertę"
msgid "Resend verification"
msgstr "Wyślij ponownie wiadomość weryfikacyjną"
-#: apps/remix/app/components/forms/organisation-update-form.tsx
#: apps/remix/app/components/forms/public-profile-form.tsx
-#: apps/remix/app/components/forms/team-update-form.tsx
#: apps/remix/app/components/general/organisation-usage-reset-button.tsx
msgid "Reset"
msgstr "Resetuj"
@@ -9380,6 +9389,7 @@ msgid "Save as Template"
msgstr "Zapisz jako szablon"
#: apps/remix/app/components/dialogs/email-transport-update-dialog.tsx
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
msgid "Save changes"
msgstr "Zapisz zmiany"
@@ -10220,6 +10230,11 @@ msgstr "Ustawienia strony"
msgid "Skip"
msgstr "Pomiń"
+#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx
+#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx
+msgid "Some fields are placed on top of each other. This may complicate the signing process or cause fields to not work as expected."
+msgstr ""
+
#: packages/ui/primitives/document-flow/missing-signature-field-dialog.tsx
msgid "Some signers have not been assigned a signature field. Please assign at least 1 signature field to each signer before proceeding."
msgstr "Niektórym podpisującym nie przypisano pola podpisu. Przypisz co najmniej jedno pole podpisu do każdego podpisującego."
@@ -12250,6 +12265,7 @@ msgstr "Nieautoryzowany"
msgid "Uncompleted"
msgstr "Niezakończono"
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
#: packages/ui/primitives/signature-pad/signature-pad-draw.tsx
msgid "Undo"
msgstr "Cofnij"
@@ -12299,6 +12315,10 @@ msgstr "Rozłącz"
msgid "Unpin"
msgstr "Odepnij"
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
+msgid "Unsaved changes"
+msgstr ""
+
#: apps/remix/app/routes/_authenticated+/admin+/_layout.tsx
#: apps/remix/app/routes/_authenticated+/admin+/unsealed-documents._index.tsx
msgid "Unsealed Documents"
@@ -12318,9 +12338,6 @@ msgstr "Grupa bez nazwy"
#: apps/remix/app/components/dialogs/team-group-update-dialog.tsx
#: apps/remix/app/components/dialogs/team-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/webhook-edit-dialog.tsx
-#: apps/remix/app/components/forms/branding-preferences-form.tsx
-#: apps/remix/app/components/forms/document-preferences-form.tsx
-#: apps/remix/app/components/forms/email-preferences-form.tsx
#: apps/remix/app/components/forms/public-profile-form.tsx
#: apps/remix/app/components/general/envelope-editor/envelope-editor-settings-dialog.tsx
#: apps/remix/app/components/tables/admin-claims-table.tsx
@@ -12343,6 +12360,7 @@ msgstr "Zaktualizuj baner"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains._index.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Update Billing"
msgstr "Zaktualizuj płatności"
@@ -12370,10 +12388,6 @@ msgstr "Zaktualizuj adres e-mail"
msgid "Update Fields"
msgstr "Zaktualizuj pola"
-#: apps/remix/app/components/forms/organisation-update-form.tsx
-msgid "Update organisation"
-msgstr "Zaktualizuj organizację"
-
#: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx
@@ -12409,10 +12423,6 @@ msgstr "Zaktualizuj rolę"
msgid "Update Subscription Claim"
msgstr "Zaktualizuj subskrypcję"
-#: apps/remix/app/components/forms/team-update-form.tsx
-msgid "Update team"
-msgstr "Zaktualizuj zespół"
-
#: apps/remix/app/components/dialogs/team-email-update-dialog.tsx
#: apps/remix/app/components/dialogs/team-email-update-dialog.tsx
msgid "Update team email"
@@ -12943,7 +12953,7 @@ msgstr "Oczekiwanie"
msgid "Waiting for others"
msgstr "Oczekiwanie na innych"
-#: packages/lib/server-only/document/send-pending-email.ts
+#: packages/lib/jobs/definitions/emails/send-document-pending-email.handler.ts
msgid "Waiting for others to complete signing."
msgstr "Oczekiwanie na zakończenie podpisywania przez innych."
@@ -13917,8 +13927,7 @@ msgstr "Dołącz do organizacji {0} w Documenso"
msgid "You have been invited to join the following organisation"
msgstr "Masz zaproszenie do dołączenia do następującej organizacji"
-#: packages/lib/server-only/recipient/delete-envelope-recipient.ts
-#: packages/lib/server-only/recipient/set-document-recipients.ts
+#: packages/lib/jobs/definitions/emails/send-recipient-removed-email.handler.ts
msgid "You have been removed from a document"
msgstr "Usunięto Cię z dokumentu"
@@ -14038,6 +14047,10 @@ msgstr "Dostęp został unieważniony."
msgid "You have the right to withdraw your consent to use electronic signatures at any time before completing the signing process. To withdraw your consent, please contact the sender of the document. In failing to contact the sender you may reach out to <0>{SUPPORT_EMAIL}0> for assistance. Be aware that withdrawing consent may delay or halt the completion of the related transaction or service."
msgstr "Masz prawo wycofać swoją zgodę na używanie podpisów elektronicznych w dowolnym momencie przed zakończeniem procesu podpisywania. Aby wycofać zgodę, skontaktuj się z nadawcą dokumentu. Jeśli nie możesz skontaktować się z nadawcą, napisz do nas na adres <0>{SUPPORT_EMAIL}0>. Pamiętaj, że wycofanie zgody może opóźnić lub wstrzymać realizację danej transakcji lub usługi."
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
+msgid "You have unsaved changes"
+msgstr ""
+
#: apps/remix/app/components/dialogs/team-member-update-dialog.tsx
msgid "You have updated {memberName}."
msgstr "Użytkownik {memberName} został zaktualizowany."
@@ -14717,4 +14730,3 @@ msgstr "Twój kod weryfikacyjny:"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
msgid "your-domain.com another-domain.com"
msgstr "twoja-domena.pl inna-domena.pl"
-
diff --git a/packages/lib/translations/pt-BR/web.po b/packages/lib/translations/pt-BR/web.po
index 85490df57..ba02bfa14 100644
--- a/packages/lib/translations/pt-BR/web.po
+++ b/packages/lib/translations/pt-BR/web.po
@@ -2436,6 +2436,7 @@ msgstr "Logo da Marca"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Branding Preferences"
msgstr "Preferências da Marca"
@@ -3567,6 +3568,7 @@ msgid "Currently all organisation members can access this team"
msgstr "Atualmente, todos os membros da organização podem acessar esta equipe"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Currently branding can only be configured for Teams and above plans."
msgstr "Atualmente, a marca só pode ser configurada para planos Teams e superiores."
@@ -4209,8 +4211,8 @@ msgstr ""
#: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx
#: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx
+#: packages/lib/jobs/definitions/emails/send-document-deleted-emails.handler.ts
#: packages/lib/server-only/admin/admin-super-delete-document.ts
-#: packages/lib/server-only/document/delete-document.ts
msgid "Document Cancelled"
msgstr "Documento Cancelado"
@@ -7937,6 +7939,11 @@ msgstr "Original"
msgid "Otherwise, the document will be created as a draft."
msgstr "Caso contrário, o documento será criado como um rascunho."
+#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx
+#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx
+msgid "Overlapping fields detected"
+msgstr ""
+
#: apps/remix/app/components/forms/document-preferences-form.tsx
#: apps/remix/app/components/forms/email-preferences-form.tsx
msgid "Override organisation settings"
@@ -8772,6 +8779,10 @@ msgstr ""
msgid "Recipient rejected the document"
msgstr ""
+#: packages/lib/utils/document-audit-logs.ts
+msgid "Recipient rejected the document externally"
+msgstr ""
+
#: apps/remix/app/components/general/admin-global-settings-section.tsx
msgid "Recipient removed"
msgstr ""
@@ -8908,6 +8919,11 @@ msgstr "URL de Redirecionamento"
msgid "Redirecting"
msgstr "Redirecionando"
+#. placeholder {0}: oidcProviderLabel || 'OIDC'
+#: apps/remix/app/routes/_unauthenticated+/signin.tsx
+msgid "Redirecting to {0}..."
+msgstr ""
+
#: apps/remix/app/components/forms/signup.tsx
#: apps/remix/app/components/general/claim-account.tsx
msgid "Registration Successful"
@@ -9183,9 +9199,7 @@ msgstr ""
msgid "Resend verification"
msgstr "Reenviar verificação"
-#: apps/remix/app/components/forms/organisation-update-form.tsx
#: apps/remix/app/components/forms/public-profile-form.tsx
-#: apps/remix/app/components/forms/team-update-form.tsx
#: apps/remix/app/components/general/organisation-usage-reset-button.tsx
msgid "Reset"
msgstr "Redefinir"
@@ -9370,6 +9384,7 @@ msgid "Save as Template"
msgstr ""
#: apps/remix/app/components/dialogs/email-transport-update-dialog.tsx
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
msgid "Save changes"
msgstr ""
@@ -10210,6 +10225,11 @@ msgstr "Configurações do Site"
msgid "Skip"
msgstr "Pular"
+#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx
+#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx
+msgid "Some fields are placed on top of each other. This may complicate the signing process or cause fields to not work as expected."
+msgstr ""
+
#: packages/ui/primitives/document-flow/missing-signature-field-dialog.tsx
msgid "Some signers have not been assigned a signature field. Please assign at least 1 signature field to each signer before proceeding."
msgstr "Alguns signatários não receberam um campo de assinatura. Por favor, atribua pelo menos 1 campo de assinatura a cada signatário antes de prosseguir."
@@ -11088,6 +11108,23 @@ msgstr ""
msgid "The document was created but could not be sent to recipients."
msgstr "O documento foi criado, mas não pôde ser enviado aos destinatários."
+#: packages/lib/utils/document-audit-logs.ts
+msgid "The document was rejected externally by {onBehalfOf} on behalf of {user}"
+msgstr ""
+
+#: packages/lib/utils/document-audit-logs.ts
+#: packages/lib/utils/document-audit-logs.ts
+msgid "The document was rejected externally by {onBehalfOf} on behalf of the recipient"
+msgstr ""
+
+#: packages/lib/utils/document-audit-logs.ts
+msgid "The document was rejected externally on behalf of {user}"
+msgstr ""
+
+#: packages/lib/utils/document-audit-logs.ts
+msgid "The document was rejected externally on behalf of the recipient"
+msgstr ""
+
#: apps/remix/app/components/dialogs/envelope-delete-dialog.tsx
msgid "The document will be hidden from your account"
msgstr "O documento será ocultado da sua conta"
@@ -12223,6 +12260,7 @@ msgstr "Não autorizado"
msgid "Uncompleted"
msgstr "Não concluído"
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
#: packages/ui/primitives/signature-pad/signature-pad-draw.tsx
msgid "Undo"
msgstr ""
@@ -12272,6 +12310,10 @@ msgstr "Desvincular"
msgid "Unpin"
msgstr "Desafixar"
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
+msgid "Unsaved changes"
+msgstr ""
+
#: apps/remix/app/routes/_authenticated+/admin+/_layout.tsx
#: apps/remix/app/routes/_authenticated+/admin+/unsealed-documents._index.tsx
msgid "Unsealed Documents"
@@ -12291,9 +12333,6 @@ msgstr "Grupo sem título"
#: apps/remix/app/components/dialogs/team-group-update-dialog.tsx
#: apps/remix/app/components/dialogs/team-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/webhook-edit-dialog.tsx
-#: apps/remix/app/components/forms/branding-preferences-form.tsx
-#: apps/remix/app/components/forms/document-preferences-form.tsx
-#: apps/remix/app/components/forms/email-preferences-form.tsx
#: apps/remix/app/components/forms/public-profile-form.tsx
#: apps/remix/app/components/general/envelope-editor/envelope-editor-settings-dialog.tsx
#: apps/remix/app/components/tables/admin-claims-table.tsx
@@ -12316,6 +12355,7 @@ msgstr "Atualizar Banner"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains._index.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Update Billing"
msgstr "Atualizar Faturamento"
@@ -12343,10 +12383,6 @@ msgstr "Atualizar e-mail"
msgid "Update Fields"
msgstr "Atualizar Campos"
-#: apps/remix/app/components/forms/organisation-update-form.tsx
-msgid "Update organisation"
-msgstr "Atualizar organização"
-
#: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx
@@ -12382,10 +12418,6 @@ msgstr "Atualizar função"
msgid "Update Subscription Claim"
msgstr "Atualizar Reivindicação de Assinatura"
-#: apps/remix/app/components/forms/team-update-form.tsx
-msgid "Update team"
-msgstr "Atualizar equipe"
-
#: apps/remix/app/components/dialogs/team-email-update-dialog.tsx
#: apps/remix/app/components/dialogs/team-email-update-dialog.tsx
msgid "Update team email"
@@ -12916,7 +12948,7 @@ msgstr "Aguardando"
msgid "Waiting for others"
msgstr "Aguardando outros"
-#: packages/lib/server-only/document/send-pending-email.ts
+#: packages/lib/jobs/definitions/emails/send-document-pending-email.handler.ts
msgid "Waiting for others to complete signing."
msgstr "Aguardando outros completarem a assinatura."
@@ -13890,8 +13922,7 @@ msgstr "Você foi convidado para participar de {0} no Documenso"
msgid "You have been invited to join the following organisation"
msgstr "Você foi convidado para participar da seguinte organização"
-#: packages/lib/server-only/recipient/delete-envelope-recipient.ts
-#: packages/lib/server-only/recipient/set-document-recipients.ts
+#: packages/lib/jobs/definitions/emails/send-recipient-removed-email.handler.ts
msgid "You have been removed from a document"
msgstr "Você foi removido de um documento"
@@ -14011,6 +14042,10 @@ msgstr "Você revogou o acesso com sucesso."
msgid "You have the right to withdraw your consent to use electronic signatures at any time before completing the signing process. To withdraw your consent, please contact the sender of the document. In failing to contact the sender you may reach out to <0>{SUPPORT_EMAIL}0> for assistance. Be aware that withdrawing consent may delay or halt the completion of the related transaction or service."
msgstr "Você tem o direito de retirar seu consentimento para usar assinaturas eletrônicas a qualquer momento antes de concluir o processo de assinatura. Para retirar seu consentimento, entre em contato com o remetente do documento. Se não conseguir entrar em contato com o remetente, você pode entrar em contato com <0>{SUPPORT_EMAIL}0> para obter assistência. Esteja ciente de que a retirada do consentimento pode atrasar ou interromper a conclusão da transação ou serviço relacionado."
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
+msgid "You have unsaved changes"
+msgstr ""
+
#: apps/remix/app/components/dialogs/team-member-update-dialog.tsx
msgid "You have updated {memberName}."
msgstr "Você atualizou {memberName}."
diff --git a/packages/lib/translations/zh/web.po b/packages/lib/translations/zh/web.po
index e107bc848..1f191746c 100644
--- a/packages/lib/translations/zh/web.po
+++ b/packages/lib/translations/zh/web.po
@@ -2441,6 +2441,7 @@ msgstr "品牌 Logo"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Branding Preferences"
msgstr "品牌偏好设置"
@@ -3572,6 +3573,7 @@ msgid "Currently all organisation members can access this team"
msgstr "目前所有组织成员都可以访问此团队"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Currently branding can only be configured for Teams and above plans."
msgstr "目前仅 Teams 及以上套餐可以配置品牌。"
@@ -4214,8 +4216,8 @@ msgstr "文档已被取消"
#: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx
#: apps/remix/app/routes/_recipient+/sign.$token+/_index.tsx
+#: packages/lib/jobs/definitions/emails/send-document-deleted-emails.handler.ts
#: packages/lib/server-only/admin/admin-super-delete-document.ts
-#: packages/lib/server-only/document/delete-document.ts
msgid "Document Cancelled"
msgstr "文档已取消"
@@ -7942,6 +7944,11 @@ msgstr "原始"
msgid "Otherwise, the document will be created as a draft."
msgstr "否则将把文档创建为草稿。"
+#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx
+#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx
+msgid "Overlapping fields detected"
+msgstr ""
+
#: apps/remix/app/components/forms/document-preferences-form.tsx
#: apps/remix/app/components/forms/email-preferences-form.tsx
msgid "Override organisation settings"
@@ -8917,6 +8924,11 @@ msgstr "重定向 URL"
msgid "Redirecting"
msgstr "正在重定向"
+#. placeholder {0}: oidcProviderLabel || 'OIDC'
+#: apps/remix/app/routes/_unauthenticated+/signin.tsx
+msgid "Redirecting to {0}..."
+msgstr ""
+
#: apps/remix/app/components/forms/signup.tsx
#: apps/remix/app/components/general/claim-account.tsx
msgid "Registration Successful"
@@ -9192,9 +9204,7 @@ msgstr "重新发送信封"
msgid "Resend verification"
msgstr "重新发送验证"
-#: apps/remix/app/components/forms/organisation-update-form.tsx
#: apps/remix/app/components/forms/public-profile-form.tsx
-#: apps/remix/app/components/forms/team-update-form.tsx
#: apps/remix/app/components/general/organisation-usage-reset-button.tsx
msgid "Reset"
msgstr "重置"
@@ -9379,6 +9389,7 @@ msgid "Save as Template"
msgstr "另存为模板"
#: apps/remix/app/components/dialogs/email-transport-update-dialog.tsx
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
msgid "Save changes"
msgstr "保存更改"
@@ -10219,6 +10230,11 @@ msgstr "站点设置"
msgid "Skip"
msgstr "跳过"
+#: apps/remix/app/components/dialogs/envelope-distribute-dialog.tsx
+#: apps/remix/app/components/general/envelope-editor/envelope-editor-fields-page.tsx
+msgid "Some fields are placed on top of each other. This may complicate the signing process or cause fields to not work as expected."
+msgstr ""
+
#: packages/ui/primitives/document-flow/missing-signature-field-dialog.tsx
msgid "Some signers have not been assigned a signature field. Please assign at least 1 signature field to each signer before proceeding."
msgstr "部分签署人尚未被分配签名字段。请在继续前为每位签署人至少分配 1 个签名字段。"
@@ -12249,6 +12265,7 @@ msgstr "未授权"
msgid "Uncompleted"
msgstr "未完成"
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
#: packages/ui/primitives/signature-pad/signature-pad-draw.tsx
msgid "Undo"
msgstr "撤销"
@@ -12298,6 +12315,10 @@ msgstr "取消关联"
msgid "Unpin"
msgstr "取消固定"
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
+msgid "Unsaved changes"
+msgstr ""
+
#: apps/remix/app/routes/_authenticated+/admin+/_layout.tsx
#: apps/remix/app/routes/_authenticated+/admin+/unsealed-documents._index.tsx
msgid "Unsealed Documents"
@@ -12317,9 +12338,6 @@ msgstr "未命名组"
#: apps/remix/app/components/dialogs/team-group-update-dialog.tsx
#: apps/remix/app/components/dialogs/team-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/webhook-edit-dialog.tsx
-#: apps/remix/app/components/forms/branding-preferences-form.tsx
-#: apps/remix/app/components/forms/document-preferences-form.tsx
-#: apps/remix/app/components/forms/email-preferences-form.tsx
#: apps/remix/app/components/forms/public-profile-form.tsx
#: apps/remix/app/components/general/envelope-editor/envelope-editor-settings-dialog.tsx
#: apps/remix/app/components/tables/admin-claims-table.tsx
@@ -12342,6 +12360,7 @@ msgstr "更新横幅"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.branding.tsx
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.email-domains._index.tsx
+#: apps/remix/app/routes/_authenticated+/t.$teamUrl+/settings.branding.tsx
msgid "Update Billing"
msgstr "更新计费"
@@ -12369,10 +12388,6 @@ msgstr "更新邮箱"
msgid "Update Fields"
msgstr "更新字段"
-#: apps/remix/app/components/forms/organisation-update-form.tsx
-msgid "Update organisation"
-msgstr "更新组织"
-
#: apps/remix/app/components/dialogs/admin-organisation-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx
#: apps/remix/app/components/dialogs/organisation-member-update-dialog.tsx
@@ -12408,10 +12423,6 @@ msgstr "更新角色"
msgid "Update Subscription Claim"
msgstr "更新订阅声明"
-#: apps/remix/app/components/forms/team-update-form.tsx
-msgid "Update team"
-msgstr "更新团队"
-
#: apps/remix/app/components/dialogs/team-email-update-dialog.tsx
#: apps/remix/app/components/dialogs/team-email-update-dialog.tsx
msgid "Update team email"
@@ -12942,7 +12953,7 @@ msgstr "等待中"
msgid "Waiting for others"
msgstr "等待其他人"
-#: packages/lib/server-only/document/send-pending-email.ts
+#: packages/lib/jobs/definitions/emails/send-document-pending-email.handler.ts
msgid "Waiting for others to complete signing."
msgstr "正在等待其他人完成签署。"
@@ -13916,8 +13927,7 @@ msgstr "您已被邀请加入 Documenso 上的 {0}"
msgid "You have been invited to join the following organisation"
msgstr "您已被邀请加入以下组织"
-#: packages/lib/server-only/recipient/delete-envelope-recipient.ts
-#: packages/lib/server-only/recipient/set-document-recipients.ts
+#: packages/lib/jobs/definitions/emails/send-recipient-removed-email.handler.ts
msgid "You have been removed from a document"
msgstr "您已被从某个文档中移除"
@@ -14037,6 +14047,10 @@ msgstr "你已成功撤销访问权限。"
msgid "You have the right to withdraw your consent to use electronic signatures at any time before completing the signing process. To withdraw your consent, please contact the sender of the document. In failing to contact the sender you may reach out to <0>{SUPPORT_EMAIL}0> for assistance. Be aware that withdrawing consent may delay or halt the completion of the related transaction or service."
msgstr "在完成签署流程之前,你有权随时撤回对使用电子签名的同意。要撤回同意,请联系文档的发送方。如果无法联系发送方,你可以通过 <0>{SUPPORT_EMAIL}0> 与我们联系以获得协助。请注意,撤回同意可能会延迟或中止相关交易或服务的完成。"
+#: apps/remix/app/components/forms/form-sticky-save-bar.tsx
+msgid "You have unsaved changes"
+msgstr ""
+
#: apps/remix/app/components/dialogs/team-member-update-dialog.tsx
msgid "You have updated {memberName}."
msgstr "您已更新 {memberName}。"
@@ -14716,4 +14730,3 @@ msgstr "您的验证码:"
#: apps/remix/app/routes/_authenticated+/o.$orgUrl.settings.sso.tsx
msgid "your-domain.com another-domain.com"
msgstr "your-domain.com another-domain.com"
-
diff --git a/packages/lib/types/name.test.ts b/packages/lib/types/name.test.ts
new file mode 100644
index 000000000..376831883
--- /dev/null
+++ b/packages/lib/types/name.test.ts
@@ -0,0 +1,145 @@
+import { describe, expect, it } from 'vitest';
+
+import { ZNameSchema } from './name';
+
+describe('ZNameSchema', () => {
+ describe('valid names', () => {
+ it('accepts a normal name', () => {
+ expect(ZNameSchema.safeParse('Example User')).toEqual({
+ success: true,
+ data: 'Example User',
+ });
+ });
+
+ it('accepts international characters', () => {
+ expect(ZNameSchema.safeParse('Døcumensø Üser')).toEqual({
+ success: true,
+ data: 'Døcumensø Üser',
+ });
+ });
+
+ it('trims surrounding whitespace', () => {
+ expect(ZNameSchema.safeParse(' Documenso User ')).toEqual({
+ success: true,
+ data: 'Documenso User',
+ });
+ });
+
+ it('accepts names at the minimum length', () => {
+ expect(ZNameSchema.safeParse('DU')).toEqual({
+ success: true,
+ data: 'DU',
+ });
+ });
+
+ it('accepts names at the maximum length', () => {
+ const name =
+ 'DocumensoUser DocumensoUser DocumensoUser DocumensoUser DocumensoUser DocumensoUser DocumensoUser Do';
+
+ expect(name.length).toBe(100);
+ expect(ZNameSchema.safeParse(name)).toEqual({
+ success: true,
+ data: name,
+ });
+ });
+ });
+
+ describe('length validation', () => {
+ it('rejects names shorter than 2 characters', () => {
+ expect(ZNameSchema.safeParse('D')).toMatchObject({
+ success: false,
+ error: {
+ issues: [{ message: 'Please enter a valid name.' }],
+ },
+ });
+ });
+
+ it('rejects names longer than 100 characters', () => {
+ const name =
+ 'DocumensoUser DocumensoUser DocumensoUser DocumensoUser DocumensoUser DocumensoUser DocumensoUser Doc';
+
+ expect(name.length).toBe(101);
+ expect(ZNameSchema.safeParse(name)).toMatchObject({
+ success: false,
+ error: {
+ issues: [{ message: 'Name cannot be more than 100 characters.' }],
+ },
+ });
+ });
+
+ it('rejects whitespace-only input after trim', () => {
+ expect(ZNameSchema.safeParse(' ')).toMatchObject({
+ success: false,
+ });
+ });
+ });
+
+ describe('URL validation', () => {
+ it.each([
+ 'https://example.com',
+ 'http://example.com',
+ 'HTTPS://EXAMPLE.COM',
+ 'Northwind www.example.com',
+ 'www.example.com',
+ ])('rejects URLs in names: %s', (value) => {
+ expect(ZNameSchema.safeParse(value)).toMatchObject({
+ success: false,
+ error: {
+ issues: expect.arrayContaining([expect.objectContaining({ message: 'Name cannot contain URLs.' })]),
+ },
+ });
+ });
+ });
+
+ describe('invalid character validation', () => {
+ it.each([
+ ['NUL character', 'Acme\u0000Corp'],
+ ['zero-width space', 'Acme\u200bCorp'],
+ ['bidi override', 'Acme\u202eCorp'],
+ ['byte order mark', 'Acme\ufeffCorp'],
+ ['lone surrogate', 'Acme\ud800Corp'],
+ ['tag character', `Acme${String.fromCodePoint(0xe0041)}Corp`],
+ ['noncharacter', 'Acme\ufffeCorp'],
+ ['private use character', 'Acme\ue000Corp'],
+ ['Hangul filler', 'Acme\u3164Corp'],
+ ['braille blank', 'Acme\u2800Corp'],
+ ['combining grapheme joiner', 'Acme\u034fCorp'],
+ ])('rejects names containing a %s', (_label, value) => {
+ expect(ZNameSchema.safeParse(value)).toMatchObject({
+ success: false,
+ error: {
+ issues: expect.arrayContaining([expect.objectContaining({ message: 'Name contains invalid characters.' })]),
+ },
+ });
+ });
+
+ it.each([
+ ['fixed form', String.raw`Acme\u200bCorp`],
+ ['uppercase U', String.raw`Acme\U200BCorp`],
+ ['braced form', String.raw`Acme\u{200b}Corp`],
+ ['braced form with leading zeros', String.raw`Acme\u{0000200b}Corp`],
+ ['lone surrogate', String.raw`Acme\ud800Corp`],
+ ])('rejects literal \\u escape sequences stored as text (%s)', (_label, value) => {
+ expect(ZNameSchema.safeParse(value)).toMatchObject({
+ success: false,
+ error: {
+ issues: expect.arrayContaining([expect.objectContaining({ message: 'Name contains invalid characters.' })]),
+ },
+ });
+ });
+
+ it.each([
+ ['escape of a valid code point', String.raw`Acme\u0041Corp`],
+ ['braced escape of a valid astral code point', String.raw`Acme\u{1F600}Corp`],
+ ['braced escape beyond the Unicode range', String.raw`Acme\u{FFFFFFF}Corp`],
+ ['incomplete escape sequence', String.raw`Acme\u00 Corp`],
+ ['unterminated braced escape', String.raw`Acme\u{200bCorp`],
+ ['astral characters such as emoji', 'Acme 😀 Corp'],
+ ['emoji with a variation selector', 'I ❤️ Docs'],
+ ])('accepts %s', (_label, value) => {
+ expect(ZNameSchema.safeParse(value)).toMatchObject({
+ success: true,
+ });
+ });
+ });
+});
diff --git a/packages/lib/types/name.ts b/packages/lib/types/name.ts
new file mode 100644
index 000000000..14f0f4b7d
--- /dev/null
+++ b/packages/lib/types/name.ts
@@ -0,0 +1,68 @@
+import { z } from 'zod';
+
+export const URL_PATTERN = /https?:\/\/|www\./i;
+
+/**
+ * Characters that render as empty/invisible or break text layout:
+ *
+ * - `\p{C}` - control, format, lone surrogate, private use and
+ * unassigned code points (NUL, zero-width spaces, bidi
+ * overrides, BOM, tag characters, noncharacters).
+ * - `\p{Zl}\p{Zp}` - line and paragraph separators.
+ * - `\u{034F}` - combining grapheme joiner (invisible). Kept outside the
+ * character class because it is a combining mark, which
+ * lint rules reject inside classes.
+ * - remaining - letters that render as blank (Hangul fillers, braille blank).
+ *
+ * The `\p{...}` classes are maintained by the Unicode database, so newly
+ * assigned characters in these categories are covered automatically.
+ */
+const INVALID_CHARACTER_REGEX = /[\p{C}\p{Zl}\p{Zp}\u{115F}\u{1160}\u{2800}\u{3164}\u{FFA0}]|\u{034F}/u;
+
+const hasInvalidCharacter = (value: string) => INVALID_CHARACTER_REGEX.test(value);
+
+/**
+ * Matches literal `\uXXXX` and `\u{XXXX}` escape sequences stored verbatim as
+ * text (e.g. the 6 characters `\`, `u`, `2`, `0`, `0`, `b`), which can still
+ * break rendering downstream if anything decodes them.
+ */
+const ESCAPE_SEQUENCE_PATTERN = /\\u(?:([0-9a-f]{4})|\{([0-9a-f]+)\})/gi;
+
+const hasInvalidEscapeSequence = (value: string) => {
+ for (const [, fixedHex, bracedHex] of value.matchAll(ESCAPE_SEQUENCE_PATTERN)) {
+ const codePoint = parseInt(fixedHex ?? bracedHex, 16);
+
+ if (codePoint > 0x10ffff) {
+ continue;
+ }
+
+ // Decode the escape and run it through the same character policy as the
+ // unescaped check, so the two can never drift apart.
+ if (hasInvalidCharacter(String.fromCodePoint(codePoint))) {
+ return true;
+ }
+ }
+
+ return false;
+};
+
+export const hasInvalidTextCharacters = (value: string) =>
+ hasInvalidCharacter(value) || hasInvalidEscapeSequence(value);
+
+/**
+ * Shared name schema that disallows URLs to prevent phishing via email rendering,
+ * and invisible/control characters that render as empty or break the UI.
+ */
+export const ZNameSchema = z
+ .string()
+ .trim()
+ .min(2, { message: 'Please enter a valid name.' })
+ .max(100, { message: 'Name cannot be more than 100 characters.' })
+ .refine((value) => !URL_PATTERN.test(value), {
+ message: 'Name cannot contain URLs.',
+ })
+ .refine((value) => !hasInvalidTextCharacters(value), {
+ message: 'Name contains invalid characters.',
+ });
+
+export type TName = z.infer;
diff --git a/packages/lib/types/subscription.ts b/packages/lib/types/subscription.ts
index d25028e10..48daddbcb 100644
--- a/packages/lib/types/subscription.ts
+++ b/packages/lib/types/subscription.ts
@@ -6,14 +6,39 @@ import { z } from 'zod';
*
* Example: "5m", "1h", "1d"
*/
-export const ZRateLimitWindowSchema = z.string().regex(/^\d+[smhd]$/);
+export const RATE_LIMIT_WINDOW_REGEX = /^\d+[smhd]$/;
-export const ZRateLimitArraySchema = z.array(
- z.object({
- window: ZRateLimitWindowSchema,
- max: z.number().int().positive(),
- }),
-);
+const RATE_LIMIT_WINDOW_ERROR_MESSAGE = 'Use a duration with a unit, e.g. 5m, 1h, or 24h';
+const RATE_LIMIT_DUPLICATE_WINDOW_ERROR_MESSAGE = 'Use a unique window for each rate limit';
+
+export const ZRateLimitWindowSchema = z.string().trim().regex(RATE_LIMIT_WINDOW_REGEX, {
+ message: RATE_LIMIT_WINDOW_ERROR_MESSAGE,
+});
+
+export const ZRateLimitArraySchema = z
+ .array(
+ z.object({
+ window: ZRateLimitWindowSchema,
+ max: z.number().int().positive(),
+ }),
+ )
+ .superRefine((entries, ctx) => {
+ const windows = new Set();
+
+ entries.forEach((entry, index) => {
+ const window = entry.window.trim();
+
+ if (windows.has(window)) {
+ ctx.addIssue({
+ code: z.ZodIssueCode.custom,
+ message: RATE_LIMIT_DUPLICATE_WINDOW_ERROR_MESSAGE,
+ path: [index, 'window'],
+ });
+ }
+
+ windows.add(window);
+ });
+ });
export type TRateLimitArray = z.infer;
@@ -52,7 +77,7 @@ export const ZClaimFlagsSchema = z.object({
signingReminders: z.boolean().optional(),
cscQesSigning: z.boolean().optional(),
-
+
/**
* Controls whether an organisation is prevented from sending emails.
*
diff --git a/packages/lib/universal/quota-usage.test.ts b/packages/lib/universal/quota-usage.test.ts
new file mode 100644
index 000000000..4a992bbdb
--- /dev/null
+++ b/packages/lib/universal/quota-usage.test.ts
@@ -0,0 +1,99 @@
+import { describe, expect, it } from 'vitest';
+
+import {
+ getQuotaUsagePercent,
+ getQuotaWarningCount,
+ isQuotaExceeded,
+ isQuotaNearing,
+ normalizeCapacityLimit,
+} from './quota-usage';
+
+describe('isQuotaExceeded', () => {
+ it('treats null quota as unlimited (never exceeded)', () => {
+ expect(isQuotaExceeded(null, 0)).toBe(false);
+ expect(isQuotaExceeded(null, 1_000_000)).toBe(false);
+ });
+
+ it('treats a zero quota as blocked (always exceeded)', () => {
+ expect(isQuotaExceeded(0, 0)).toBe(true);
+ expect(isQuotaExceeded(0, 5)).toBe(true);
+ });
+
+ it('is exceeded once usage reaches the quota (>= boundary)', () => {
+ expect(isQuotaExceeded(10, 9)).toBe(false);
+ expect(isQuotaExceeded(10, 10)).toBe(true);
+ expect(isQuotaExceeded(10, 11)).toBe(true);
+ });
+});
+
+describe('getQuotaWarningCount', () => {
+ it('rounds the 80% threshold up', () => {
+ expect(getQuotaWarningCount(10)).toBe(8);
+ expect(getQuotaWarningCount(100)).toBe(80);
+ // 5 * 0.8 = 4 exactly.
+ expect(getQuotaWarningCount(5)).toBe(4);
+ // 3 * 0.8 = 2.4 -> 3, so the warning count equals the quota itself.
+ expect(getQuotaWarningCount(3)).toBe(3);
+ });
+});
+
+describe('isQuotaNearing', () => {
+ it('is never nearing for unlimited or blocked quotas', () => {
+ expect(isQuotaNearing(null, 5)).toBe(false);
+ expect(isQuotaNearing(0, 5)).toBe(false);
+ });
+
+ it('is nearing from the warning threshold up to (but not including) the quota', () => {
+ expect(isQuotaNearing(10, 7)).toBe(false);
+ expect(isQuotaNearing(10, 8)).toBe(true);
+ expect(isQuotaNearing(10, 9)).toBe(true);
+ });
+
+ it('is not nearing once exceeded (nearing and exceeded are mutually exclusive)', () => {
+ expect(isQuotaNearing(10, 10)).toBe(false);
+ expect(isQuotaNearing(10, 11)).toBe(false);
+ });
+
+ it('can never fire for tiny quotas where the warning count equals the quota', () => {
+ // getQuotaWarningCount(3) === 3, so usage >= 3 is already exceeded.
+ expect(isQuotaNearing(3, 2)).toBe(false);
+ expect(isQuotaNearing(3, 3)).toBe(false);
+ });
+
+ it('agrees with the warning-count helper at the boundary', () => {
+ const quota = 250;
+ const warningCount = getQuotaWarningCount(quota);
+
+ expect(isQuotaNearing(quota, warningCount - 1)).toBe(false);
+ expect(isQuotaNearing(quota, warningCount)).toBe(true);
+ });
+});
+
+describe('getQuotaUsagePercent', () => {
+ it('returns 0 for unlimited or non-positive quotas', () => {
+ expect(getQuotaUsagePercent(5, null)).toBe(0);
+ expect(getQuotaUsagePercent(5, 0)).toBe(0);
+ expect(getQuotaUsagePercent(5, -10)).toBe(0);
+ });
+
+ it('rounds the percentage to the nearest integer', () => {
+ expect(getQuotaUsagePercent(1, 3)).toBe(33);
+ expect(getQuotaUsagePercent(2, 3)).toBe(67);
+ expect(getQuotaUsagePercent(50, 100)).toBe(50);
+ });
+
+ it('clamps the percentage to 100 when usage exceeds the quota', () => {
+ expect(getQuotaUsagePercent(150, 100)).toBe(100);
+ });
+});
+
+describe('normalizeCapacityLimit', () => {
+ it('maps 0 (unlimited for capacity limits) to null', () => {
+ expect(normalizeCapacityLimit(0)).toBeNull();
+ });
+
+ it('passes positive limits through unchanged', () => {
+ expect(normalizeCapacityLimit(1)).toBe(1);
+ expect(normalizeCapacityLimit(25)).toBe(25);
+ });
+});
diff --git a/packages/lib/universal/quota-usage.ts b/packages/lib/universal/quota-usage.ts
new file mode 100644
index 000000000..fc2c23449
--- /dev/null
+++ b/packages/lib/universal/quota-usage.ts
@@ -0,0 +1,57 @@
+export const QUOTA_WARNING_THRESHOLD = 0.8;
+
+/**
+ * Monthly quotas: `null` = unlimited, `0` = blocked. Usage `>=` quota is exceeded.
+ */
+export const isQuotaExceeded = (quota: number | null, usage: number): boolean => {
+ if (quota === null) {
+ return false;
+ }
+
+ if (quota === 0) {
+ return true;
+ }
+
+ return usage >= quota;
+};
+
+/**
+ * The usage count at which a positive quota starts "nearing" (80% rounded up).
+ * The single source for the warning threshold math so the UI panel, quota flags,
+ * and the per-request alert path can't drift apart.
+ */
+export const getQuotaWarningCount = (quota: number): number => {
+ return Math.ceil(quota * QUOTA_WARNING_THRESHOLD);
+};
+
+/**
+ * Nearing once usage reaches the warning threshold (80% rounded up) but is not exceeded.
+ */
+export const isQuotaNearing = (quota: number | null, usage: number): boolean => {
+ if (quota === null || quota === 0) {
+ return false;
+ }
+
+ if (isQuotaExceeded(quota, usage)) {
+ return false;
+ }
+
+ return usage >= getQuotaWarningCount(quota);
+};
+
+export const getQuotaUsagePercent = (usage: number, quota: number | null): number => {
+ if (quota === null || quota <= 0) {
+ return 0;
+ }
+
+ return Math.min(100, Math.round((usage / quota) * 100));
+};
+
+/** Member/team capacity limits use `0` for unlimited. */
+export const normalizeCapacityLimit = (limit: number): number | null => {
+ if (limit === 0) {
+ return null;
+ }
+
+ return limit;
+};
diff --git a/packages/lib/universal/upload/put-file.ts b/packages/lib/universal/upload/put-file.ts
index 5a7eeecc0..46b53a861 100644
--- a/packages/lib/universal/upload/put-file.ts
+++ b/packages/lib/universal/upload/put-file.ts
@@ -1,10 +1,5 @@
-import { env } from '@documenso/lib/utils/env';
-import type { TGetPresignedPostUrlResponse, TUploadPdfResponse } from '@documenso/remix/server/api/files/files.types';
-import { DocumentDataType } from '@prisma/client';
-import { base64 } from '@scure/base';
-import { match } from 'ts-pattern';
+import type { TUploadPdfResponse } from '@documenso/remix/server/api/files/files.types';
-import { NEXT_PUBLIC_WEBAPP_URL } from '../../constants/app';
import { AppError } from '../../errors/app-error';
type File = {
@@ -58,68 +53,3 @@ export const putPdfFile = async (file: File, options?: PutFileOptions) => {
return result;
};
-
-/**
- * Uploads a file to the appropriate storage location.
- */
-export const putFile = async (file: File, options?: PutFileOptions) => {
- const NEXT_PUBLIC_UPLOAD_TRANSPORT = env('NEXT_PUBLIC_UPLOAD_TRANSPORT');
-
- return await match(NEXT_PUBLIC_UPLOAD_TRANSPORT)
- .with('s3', async () => putFileInObjectStorage(file, {}, options))
- .with('azure-blob', async () => putFileInObjectStorage(file, { 'x-ms-blob-type': 'BlockBlob' }, options))
- .otherwise(async () => putFileInDatabase(file));
-};
-
-const putFileInDatabase = async (file: File) => {
- const contents = await file.arrayBuffer();
-
- const binaryData = new Uint8Array(contents);
-
- const asciiData = base64.encode(binaryData);
-
- return {
- type: DocumentDataType.BYTES_64,
- data: asciiData,
- };
-};
-
-const putFileInObjectStorage = async (file: File, extraHeaders: Record, options?: PutFileOptions) => {
- const getPresignedUrlResponse = await fetch(`${NEXT_PUBLIC_WEBAPP_URL()}/api/files/presigned-post-url`, {
- method: 'POST',
- headers: {
- 'Content-Type': 'application/json',
- ...buildUploadAuthHeaders(options),
- },
- body: JSON.stringify({
- fileName: file.name,
- contentType: file.type,
- }),
- });
-
- if (!getPresignedUrlResponse.ok) {
- throw new Error(`Failed to get presigned post url, failed with status code ${getPresignedUrlResponse.status}`);
- }
-
- const { url, key }: TGetPresignedPostUrlResponse = await getPresignedUrlResponse.json();
-
- const body = await file.arrayBuffer();
-
- const response = await fetch(url, {
- method: 'PUT',
- headers: {
- 'Content-Type': 'application/octet-stream',
- ...extraHeaders,
- },
- body,
- });
-
- if (!response.ok) {
- throw new Error(`Failed to upload file "${file.name}", failed with status code ${response.status}`);
- }
-
- return {
- type: DocumentDataType.S3_PATH,
- data: key,
- };
-};
diff --git a/packages/lib/utils/images/logo.ts b/packages/lib/utils/images/logo.ts
index b81f7c012..98b2edebb 100644
--- a/packages/lib/utils/images/logo.ts
+++ b/packages/lib/utils/images/logo.ts
@@ -8,3 +8,15 @@ export const loadLogo = async (file: Uint8Array) => {
content,
};
};
+
+/**
+ * Validate and sanitise an uploaded branding logo. Re-encoding through `sharp`
+ * proves the bytes are a real raster image and strips any embedded payloads.
+ * Throws if the input cannot be parsed as an image.
+ */
+export const optimiseBrandingLogo = async (input: Buffer | Uint8Array): Promise => {
+ return await sharp(input)
+ .resize(512, 512, { fit: 'inside', withoutEnlargement: true })
+ .png({ quality: 80 })
+ .toBuffer();
+};
diff --git a/packages/trpc/server/admin-router/create-admin-organisation.types.ts b/packages/trpc/server/admin-router/create-admin-organisation.types.ts
index 7c142bba6..a86750ab3 100644
--- a/packages/trpc/server/admin-router/create-admin-organisation.types.ts
+++ b/packages/trpc/server/admin-router/create-admin-organisation.types.ts
@@ -1,11 +1,10 @@
+import { ZNameSchema } from '@documenso/lib/types/name';
import { z } from 'zod';
-import { ZOrganisationNameSchema } from '../organisation-router/create-organisation.types';
-
export const ZCreateAdminOrganisationRequestSchema = z.object({
ownerUserId: z.number(),
data: z.object({
- name: ZOrganisationNameSchema,
+ name: ZNameSchema,
}),
});
diff --git a/packages/trpc/server/admin-router/create-subscription-claim.types.ts b/packages/trpc/server/admin-router/create-subscription-claim.types.ts
index f1cfbad60..9cb1da986 100644
--- a/packages/trpc/server/admin-router/create-subscription-claim.types.ts
+++ b/packages/trpc/server/admin-router/create-subscription-claim.types.ts
@@ -1,8 +1,9 @@
+import { ZNameSchema } from '@documenso/lib/types/name';
import { ZClaimFlagsSchema, ZRateLimitArraySchema } from '@documenso/lib/types/subscription';
import { z } from 'zod';
export const ZCreateSubscriptionClaimRequestSchema = z.object({
- name: z.string().min(1),
+ name: ZNameSchema,
teamCount: z.number().int().min(0),
memberCount: z.number().int().min(0),
envelopeItemCount: z.number().int().min(1),
diff --git a/packages/trpc/server/admin-router/create-user.types.ts b/packages/trpc/server/admin-router/create-user.types.ts
index 6e1b65438..6c629a291 100644
--- a/packages/trpc/server/admin-router/create-user.types.ts
+++ b/packages/trpc/server/admin-router/create-user.types.ts
@@ -1,4 +1,4 @@
-import { ZNameSchema } from '@documenso/lib/constants/auth';
+import { ZNameSchema } from '@documenso/lib/types/name';
import { z } from 'zod';
export const ZCreateUserRequestSchema = z.object({
diff --git a/packages/trpc/server/admin-router/email-transport/create-email-transport.types.ts b/packages/trpc/server/admin-router/email-transport/create-email-transport.types.ts
index 26a47c12c..ecfa77bd4 100644
--- a/packages/trpc/server/admin-router/email-transport/create-email-transport.types.ts
+++ b/packages/trpc/server/admin-router/email-transport/create-email-transport.types.ts
@@ -1,9 +1,10 @@
import { ZEmailTransportConfigSchema } from '@documenso/lib/server-only/email/email-transport-config';
+import { ZNameSchema } from '@documenso/lib/types/name';
import { z } from 'zod';
export const ZCreateEmailTransportRequestSchema = z.object({
- name: z.string().min(1),
- fromName: z.string().min(1),
+ name: ZNameSchema,
+ fromName: ZNameSchema,
fromAddress: z.string().email(),
config: ZEmailTransportConfigSchema,
});
diff --git a/packages/trpc/server/admin-router/email-transport/update-email-transport.types.ts b/packages/trpc/server/admin-router/email-transport/update-email-transport.types.ts
index d007c7e19..c8924c175 100644
--- a/packages/trpc/server/admin-router/email-transport/update-email-transport.types.ts
+++ b/packages/trpc/server/admin-router/email-transport/update-email-transport.types.ts
@@ -4,6 +4,7 @@ import {
ZSmtpApiConfigSchema,
ZSmtpAuthConfigSchema,
} from '@documenso/lib/server-only/email/email-transport-config';
+import { ZNameSchema } from '@documenso/lib/types/name';
import { z } from 'zod';
// Reuses the canonical transport config schemas, but relaxes the secret field so
@@ -21,8 +22,8 @@ const ZUpdateConfigSchema = z.discriminatedUnion('type', [
export const ZUpdateEmailTransportRequestSchema = z.object({
id: z.string(),
data: z.object({
- name: z.string().min(1),
- fromName: z.string().min(1),
+ name: ZNameSchema,
+ fromName: ZNameSchema,
fromAddress: z.string().email(),
config: ZUpdateConfigSchema,
}),
diff --git a/packages/trpc/server/admin-router/get-admin-team.ts b/packages/trpc/server/admin-router/get-admin-team.ts
index f56deb526..2213c2caf 100644
--- a/packages/trpc/server/admin-router/get-admin-team.ts
+++ b/packages/trpc/server/admin-router/get-admin-team.ts
@@ -30,6 +30,7 @@ export const getAdminTeamRoute = adminProcedure
name: true,
url: true,
ownerUserId: true,
+ organisationGlobalSettings: true,
},
},
teamEmail: true,
diff --git a/packages/trpc/server/admin-router/get-admin-team.types.ts b/packages/trpc/server/admin-router/get-admin-team.types.ts
index 14952b760..013bebdd5 100644
--- a/packages/trpc/server/admin-router/get-admin-team.types.ts
+++ b/packages/trpc/server/admin-router/get-admin-team.types.ts
@@ -1,5 +1,6 @@
import { OrganisationMemberRoleSchema } from '@documenso/prisma/generated/zod/inputTypeSchemas/OrganisationMemberRoleSchema';
import { TeamMemberRoleSchema } from '@documenso/prisma/generated/zod/inputTypeSchemas/TeamMemberRoleSchema';
+import OrganisationGlobalSettingsSchema from '@documenso/prisma/generated/zod/modelSchema/OrganisationGlobalSettingsSchema';
import OrganisationMemberInviteSchema from '@documenso/prisma/generated/zod/modelSchema/OrganisationMemberInviteSchema';
import OrganisationMemberSchema from '@documenso/prisma/generated/zod/modelSchema/OrganisationMemberSchema';
import OrganisationSchema from '@documenso/prisma/generated/zod/modelSchema/OrganisationSchema';
@@ -19,6 +20,8 @@ export const ZGetAdminTeamResponseSchema = TeamSchema.extend({
name: true,
url: true,
ownerUserId: true,
+ }).extend({
+ organisationGlobalSettings: OrganisationGlobalSettingsSchema,
}),
teamEmail: TeamEmailSchema.nullable(),
teamGlobalSettings: TeamGlobalSettingsSchema.nullable(),
diff --git a/packages/trpc/server/admin-router/update-admin-organisation.types.ts b/packages/trpc/server/admin-router/update-admin-organisation.types.ts
index 5f5d4a17a..47e9927cc 100644
--- a/packages/trpc/server/admin-router/update-admin-organisation.types.ts
+++ b/packages/trpc/server/admin-router/update-admin-organisation.types.ts
@@ -1,13 +1,13 @@
+import { ZNameSchema } from '@documenso/lib/types/name';
import { z } from 'zod';
-import { ZOrganisationNameSchema } from '../organisation-router/create-organisation.types';
import { ZTeamUrlSchema } from '../team-router/schema';
import { ZCreateSubscriptionClaimRequestSchema } from './create-subscription-claim.types';
export const ZUpdateAdminOrganisationRequestSchema = z.object({
organisationId: z.string(),
data: z.object({
- name: ZOrganisationNameSchema.optional(),
+ name: ZNameSchema.optional(),
url: ZTeamUrlSchema.optional(),
claims: ZCreateSubscriptionClaimRequestSchema.pick({
teamCount: true,
diff --git a/packages/trpc/server/admin-router/update-user.types.ts b/packages/trpc/server/admin-router/update-user.types.ts
index 153b5a785..300db6fa7 100644
--- a/packages/trpc/server/admin-router/update-user.types.ts
+++ b/packages/trpc/server/admin-router/update-user.types.ts
@@ -1,10 +1,11 @@
+import { ZNameSchema } from '@documenso/lib/types/name';
import { zEmail } from '@documenso/lib/utils/zod';
import { Role } from '@prisma/client';
import { z } from 'zod';
export const ZUpdateUserRequestSchema = z.object({
id: z.number().min(1),
- name: z.string().nullish(),
+ name: ZNameSchema.nullish(),
email: zEmail().optional(),
roles: z.array(z.nativeEnum(Role)).optional(),
});
diff --git a/packages/trpc/server/api-token-router/create-api-token.types.ts b/packages/trpc/server/api-token-router/create-api-token.types.ts
index c73c65833..c362bdf50 100644
--- a/packages/trpc/server/api-token-router/create-api-token.types.ts
+++ b/packages/trpc/server/api-token-router/create-api-token.types.ts
@@ -1,8 +1,9 @@
+import { ZNameSchema } from '@documenso/lib/types/name';
import { z } from 'zod';
export const ZCreateApiTokenRequestSchema = z.object({
teamId: z.number(),
- tokenName: z.string().min(3, { message: 'The token name should be 3 characters or longer' }),
+ tokenName: ZNameSchema,
expirationDate: z.string().nullable(),
});
diff --git a/packages/trpc/server/auth-router/create-passkey.types.ts b/packages/trpc/server/auth-router/create-passkey.types.ts
index d5d2483a4..b6ff4a163 100644
--- a/packages/trpc/server/auth-router/create-passkey.types.ts
+++ b/packages/trpc/server/auth-router/create-passkey.types.ts
@@ -1,8 +1,9 @@
+import { ZNameSchema } from '@documenso/lib/types/name';
import { ZRegistrationResponseJSONSchema } from '@documenso/lib/types/webauthn';
import { z } from 'zod';
export const ZCreatePasskeyRequestSchema = z.object({
- passkeyName: z.string().trim().min(1),
+ passkeyName: ZNameSchema,
verificationResponse: ZRegistrationResponseJSONSchema,
});
diff --git a/packages/trpc/server/auth-router/update-passkey.types.ts b/packages/trpc/server/auth-router/update-passkey.types.ts
index e898234da..310389396 100644
--- a/packages/trpc/server/auth-router/update-passkey.types.ts
+++ b/packages/trpc/server/auth-router/update-passkey.types.ts
@@ -1,8 +1,9 @@
+import { ZNameSchema } from '@documenso/lib/types/name';
import { z } from 'zod';
export const ZUpdatePasskeyRequestSchema = z.object({
passkeyId: z.string().trim().min(1),
- name: z.string().trim().min(1),
+ name: ZNameSchema,
});
export const ZUpdatePasskeyResponseSchema = z.void();
diff --git a/packages/trpc/server/enterprise-router/create-organisation-email.types.ts b/packages/trpc/server/enterprise-router/create-organisation-email.types.ts
index 22ff2779c..0a3830c53 100644
--- a/packages/trpc/server/enterprise-router/create-organisation-email.types.ts
+++ b/packages/trpc/server/enterprise-router/create-organisation-email.types.ts
@@ -1,9 +1,10 @@
+import { ZNameSchema } from '@documenso/lib/types/name';
import { zEmail } from '@documenso/lib/utils/zod';
import { z } from 'zod';
export const ZCreateOrganisationEmailRequestSchema = z.object({
emailDomainId: z.string(),
- emailName: z.string().min(1).max(100),
+ emailName: ZNameSchema,
email: zEmail().toLowerCase(),
// This does not need to be validated to be part of the domain.
diff --git a/packages/trpc/server/folder-router/schema.ts b/packages/trpc/server/folder-router/schema.ts
index a3c18b78d..396e121c1 100644
--- a/packages/trpc/server/folder-router/schema.ts
+++ b/packages/trpc/server/folder-router/schema.ts
@@ -1,4 +1,5 @@
import { ZFolderTypeSchema } from '@documenso/lib/types/folder-type';
+import { ZNameSchema } from '@documenso/lib/types/name';
import { ZFindResultResponse, ZFindSearchParamsSchema } from '@documenso/lib/types/search-params';
import { DocumentVisibility } from '@documenso/prisma/generated/types';
import FolderSchema from '@documenso/prisma/generated/zod/modelSchema/FolderSchema';
@@ -42,7 +43,7 @@ const ZFolderParentIdSchema = z
.describe('The folder ID to place this folder within. Leave empty to place folder at the root level.');
export const ZCreateFolderRequestSchema = z.object({
- name: z.string(),
+ name: ZNameSchema,
parentId: ZFolderParentIdSchema.optional(),
type: ZFolderTypeSchema.optional(),
});
@@ -52,7 +53,7 @@ export const ZCreateFolderResponseSchema = ZFolderSchema;
export const ZUpdateFolderRequestSchema = z.object({
folderId: z.string().describe('The ID of the folder to update'),
data: z.object({
- name: z.string().optional().describe('The name of the folder'),
+ name: ZNameSchema.optional().describe('The name of the folder'),
parentId: ZFolderParentIdSchema.optional().nullable(),
visibility: z.nativeEnum(DocumentVisibility).optional().describe('The visibility of the folder'),
pinned: z.boolean().optional().describe('Whether the folder should be pinned'),
diff --git a/packages/trpc/server/organisation-router/create-organisation-group.types.ts b/packages/trpc/server/organisation-router/create-organisation-group.types.ts
index af824d426..3588f8015 100644
--- a/packages/trpc/server/organisation-router/create-organisation-group.types.ts
+++ b/packages/trpc/server/organisation-router/create-organisation-group.types.ts
@@ -1,3 +1,4 @@
+import { ZNameSchema } from '@documenso/lib/types/name';
import { OrganisationMemberRole } from '@prisma/client';
import { z } from 'zod';
@@ -14,7 +15,7 @@ import { z } from 'zod';
export const ZCreateOrganisationGroupRequestSchema = z.object({
organisationId: z.string(),
organisationRole: z.nativeEnum(OrganisationMemberRole),
- name: z.string().max(100),
+ name: ZNameSchema,
memberIds: z.array(z.string()),
});
diff --git a/packages/trpc/server/organisation-router/create-organisation.types.ts b/packages/trpc/server/organisation-router/create-organisation.types.ts
index e18846120..97bb6ee86 100644
--- a/packages/trpc/server/organisation-router/create-organisation.types.ts
+++ b/packages/trpc/server/organisation-router/create-organisation.types.ts
@@ -1,3 +1,4 @@
+import { ZNameSchema } from '@documenso/lib/types/name';
import { z } from 'zod';
// export const createOrganisationMeta: TrpcOpenApiMeta = {
@@ -10,13 +11,8 @@ import { z } from 'zod';
// },
// };
-export const ZOrganisationNameSchema = z
- .string()
- .min(3, { message: 'Minimum 3 characters' })
- .max(50, { message: 'Maximum 50 characters' });
-
export const ZCreateOrganisationRequestSchema = z.object({
- name: ZOrganisationNameSchema,
+ name: ZNameSchema,
priceId: z.string().optional(),
});
diff --git a/packages/trpc/server/organisation-router/router.ts b/packages/trpc/server/organisation-router/router.ts
index 3a66faab0..e0c1bbba4 100644
--- a/packages/trpc/server/organisation-router/router.ts
+++ b/packages/trpc/server/organisation-router/router.ts
@@ -20,6 +20,7 @@ import { getOrganisationsRoute } from './get-organisations';
import { leaveOrganisationRoute } from './leave-organisation';
import { resendOrganisationMemberInviteRoute } from './resend-organisation-member-invite';
import { updateOrganisationRoute } from './update-organisation';
+import { updateOrganisationBrandingLogoRoute } from './update-organisation-branding-logo';
import { updateOrganisationGroupRoute } from './update-organisation-group';
import { updateOrganisationMemberRoute } from './update-organisation-members';
import { updateOrganisationSettingsRoute } from './update-organisation-settings';
@@ -55,6 +56,7 @@ export const organisationRouter = router({
},
settings: {
update: updateOrganisationSettingsRoute,
+ updateBrandingLogo: updateOrganisationBrandingLogoRoute,
},
internal: {
getOrganisationSession: getOrganisationSessionRoute,
diff --git a/packages/trpc/server/organisation-router/update-organisation-branding-logo.ts b/packages/trpc/server/organisation-router/update-organisation-branding-logo.ts
new file mode 100644
index 000000000..a4ee8ffcd
--- /dev/null
+++ b/packages/trpc/server/organisation-router/update-organisation-branding-logo.ts
@@ -0,0 +1,69 @@
+import { IS_BILLING_ENABLED } from '@documenso/lib/constants/app';
+import { ORGANISATION_MEMBER_ROLE_PERMISSIONS_MAP } from '@documenso/lib/constants/organisations';
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { buildBrandingLogoData } from '@documenso/lib/server-only/branding/store-branding-logo';
+import { getOrganisationClaim } from '@documenso/lib/server-only/organisation/get-organisation-claims';
+import { buildOrganisationWhereQuery } from '@documenso/lib/utils/organisations';
+import { prisma } from '@documenso/prisma';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+ ZUpdateOrganisationBrandingLogoRequestSchema,
+ ZUpdateOrganisationBrandingLogoResponseSchema,
+} from './update-organisation-branding-logo.types';
+
+export const updateOrganisationBrandingLogoRoute = authenticatedProcedure
+ .input(ZUpdateOrganisationBrandingLogoRequestSchema)
+ .output(ZUpdateOrganisationBrandingLogoResponseSchema)
+ .mutation(async ({ ctx, input }) => {
+ const { user } = ctx;
+ const { payload, brandingLogo } = input;
+ const { organisationId } = payload;
+
+ ctx.logger.info({
+ input: {
+ organisationId,
+ },
+ });
+
+ const organisation = await prisma.organisation.findFirst({
+ where: buildOrganisationWhereQuery({
+ organisationId,
+ userId: user.id,
+ roles: ORGANISATION_MEMBER_ROLE_PERMISSIONS_MAP['MANAGE_ORGANISATION'],
+ }),
+ });
+
+ if (!organisation) {
+ throw new AppError(AppErrorCode.UNAUTHORIZED, {
+ message: 'You do not have permission to update this organisation.',
+ });
+ }
+
+ // Setting a logo requires the custom-branding entitlement; clearing it is
+ // always allowed so a downgraded organisation can still remove its logo.
+ if (brandingLogo && IS_BILLING_ENABLED()) {
+ const claim = await getOrganisationClaim({ organisationId });
+
+ if (claim.flags?.allowCustomBranding !== true) {
+ throw new AppError(AppErrorCode.UNAUTHORIZED, {
+ message: 'Your plan does not allow custom branding.',
+ });
+ }
+ }
+
+ const brandingLogoValue = brandingLogo ? await buildBrandingLogoData(brandingLogo) : '';
+
+ await prisma.organisation.update({
+ where: {
+ id: organisation.id,
+ },
+ data: {
+ organisationGlobalSettings: {
+ update: {
+ brandingLogo: brandingLogoValue,
+ },
+ },
+ },
+ });
+ });
diff --git a/packages/trpc/server/organisation-router/update-organisation-branding-logo.types.ts b/packages/trpc/server/organisation-router/update-organisation-branding-logo.types.ts
new file mode 100644
index 000000000..059902921
--- /dev/null
+++ b/packages/trpc/server/organisation-router/update-organisation-branding-logo.types.ts
@@ -0,0 +1,17 @@
+import { z } from 'zod';
+import { zfd } from 'zod-form-data';
+
+import { zfdBrandingImageFile, zodFormData } from '../../utils/zod-form-data';
+
+export const ZUpdateOrganisationBrandingLogoRequestSchema = zodFormData({
+ payload: zfd.json(
+ z.object({
+ organisationId: z.string(),
+ }),
+ ),
+ brandingLogo: zfdBrandingImageFile().optional(),
+});
+
+export const ZUpdateOrganisationBrandingLogoResponseSchema = z.void();
+
+export type TUpdateOrganisationBrandingLogoRequest = z.infer;
diff --git a/packages/trpc/server/organisation-router/update-organisation-group.types.ts b/packages/trpc/server/organisation-router/update-organisation-group.types.ts
index a32187edc..e6f4eb03f 100644
--- a/packages/trpc/server/organisation-router/update-organisation-group.types.ts
+++ b/packages/trpc/server/organisation-router/update-organisation-group.types.ts
@@ -1,3 +1,4 @@
+import { ZNameSchema } from '@documenso/lib/types/name';
import { OrganisationMemberRole } from '@prisma/client';
import { z } from 'zod';
@@ -14,7 +15,7 @@ import { z } from 'zod';
export const ZUpdateOrganisationGroupRequestSchema = z.object({
id: z.string(),
- name: z.string().nullable().optional(),
+ name: ZNameSchema.nullable().optional(),
organisationRole: z.nativeEnum(OrganisationMemberRole).optional(),
memberIds: z.array(z.string()).optional(),
});
diff --git a/packages/trpc/server/organisation-router/update-organisation-settings.ts b/packages/trpc/server/organisation-router/update-organisation-settings.ts
index 625f79114..156e40e69 100644
--- a/packages/trpc/server/organisation-router/update-organisation-settings.ts
+++ b/packages/trpc/server/organisation-router/update-organisation-settings.ts
@@ -44,7 +44,6 @@ export const updateOrganisationSettingsRoute = authenticatedProcedure
// Branding related settings.
brandingEnabled,
- brandingLogo,
brandingUrl,
brandingCompanyDetails,
brandingColors,
@@ -174,7 +173,6 @@ export const updateOrganisationSettingsRoute = authenticatedProcedure
// Branding related settings.
brandingEnabled,
- brandingLogo,
brandingUrl,
brandingCompanyDetails,
brandingColors: normalizedBrandingColors === null ? Prisma.DbNull : normalizedBrandingColors,
diff --git a/packages/trpc/server/organisation-router/update-organisation-settings.types.ts b/packages/trpc/server/organisation-router/update-organisation-settings.types.ts
index d7b7d1c0d..62caa07fc 100644
--- a/packages/trpc/server/organisation-router/update-organisation-settings.types.ts
+++ b/packages/trpc/server/organisation-router/update-organisation-settings.types.ts
@@ -32,7 +32,6 @@ export const ZUpdateOrganisationSettingsRequestSchema = z.object({
// Branding related settings.
brandingEnabled: z.boolean().optional(),
- brandingLogo: z.string().optional(),
brandingUrl: z.string().optional(),
brandingCompanyDetails: z.string().optional(),
brandingColors: ZCssVarsSchema.nullish(),
diff --git a/packages/trpc/server/profile-router/schema.ts b/packages/trpc/server/profile-router/schema.ts
index 4f1873096..5bcf2fe4e 100644
--- a/packages/trpc/server/profile-router/schema.ts
+++ b/packages/trpc/server/profile-router/schema.ts
@@ -1,4 +1,4 @@
-import { ZNameSchema } from '@documenso/lib/constants/auth';
+import { ZNameSchema } from '@documenso/lib/types/name';
import { z } from 'zod';
export const ZFindUserSecurityAuditLogsSchema = z.object({
diff --git a/packages/trpc/server/team-router/create-team.types.ts b/packages/trpc/server/team-router/create-team.types.ts
index efbedccfe..b4bc56679 100644
--- a/packages/trpc/server/team-router/create-team.types.ts
+++ b/packages/trpc/server/team-router/create-team.types.ts
@@ -1,5 +1,6 @@
+import { ZNameSchema } from '@documenso/lib/types/name';
import { z } from 'zod';
-import { ZTeamNameSchema, ZTeamUrlSchema } from './schema';
+import { ZTeamUrlSchema } from './schema';
// export const createTeamMeta: TrpcOpenApiMeta = {
// openapi: {
@@ -13,7 +14,7 @@ import { ZTeamNameSchema, ZTeamUrlSchema } from './schema';
export const ZCreateTeamRequestSchema = z.object({
organisationId: z.string(),
- teamName: ZTeamNameSchema,
+ teamName: ZNameSchema,
teamUrl: ZTeamUrlSchema,
inheritMembers: z
.boolean()
diff --git a/packages/trpc/server/team-router/delete-team-group.ts b/packages/trpc/server/team-router/delete-team-group.ts
index a3953f4c1..50a3cc68b 100644
--- a/packages/trpc/server/team-router/delete-team-group.ts
+++ b/packages/trpc/server/team-router/delete-team-group.ts
@@ -53,6 +53,15 @@ export const deleteTeamGroupRoute = authenticatedProcedure
});
}
+ // You cannot delete internal team groups. These are the system-managed
+ // admin/manager/member groups that back the team's role-based access, and
+ // deleting them would silently strip team members of their access.
+ if (group.organisationGroup.type === OrganisationGroupType.INTERNAL_TEAM) {
+ throw new AppError(AppErrorCode.UNAUTHORIZED, {
+ message: 'You are not allowed to delete internal team groups',
+ });
+ }
+
// You cannot delete internal organisation groups.
// The only exception is deleting the "member" organisation group which is used to allow
// all organisation members to access a team.
diff --git a/packages/trpc/server/team-router/router.ts b/packages/trpc/server/team-router/router.ts
index 26a1d9913..d05e2af13 100644
--- a/packages/trpc/server/team-router/router.ts
+++ b/packages/trpc/server/team-router/router.ts
@@ -25,6 +25,7 @@ import {
ZUpdateTeamEmailMutationSchema,
} from './schema';
import { updateTeamRoute } from './update-team';
+import { updateTeamBrandingLogoRoute } from './update-team-branding-logo';
import { updateTeamGroupRoute } from './update-team-group';
import { updateTeamMemberRoute } from './update-team-member';
import { updateTeamSettingsRoute } from './update-team-settings';
@@ -50,6 +51,7 @@ export const teamRouter = router({
},
settings: {
update: updateTeamSettingsRoute,
+ updateBrandingLogo: updateTeamBrandingLogoRoute,
},
// Old routes (to be migrated)
diff --git a/packages/trpc/server/team-router/schema.ts b/packages/trpc/server/team-router/schema.ts
index 35ee0b59a..620ad1cb4 100644
--- a/packages/trpc/server/team-router/schema.ts
+++ b/packages/trpc/server/team-router/schema.ts
@@ -1,5 +1,5 @@
-import { URL_PATTERN, ZNameSchema } from '@documenso/lib/constants/auth';
import { PROTECTED_TEAM_URLS } from '@documenso/lib/constants/teams';
+import { ZNameSchema } from '@documenso/lib/types/name';
import { zEmail } from '@documenso/lib/utils/zod';
import { TeamMemberRole } from '@prisma/client';
import { z } from 'zod';
@@ -32,15 +32,6 @@ export const ZTeamUrlSchema = z
message: 'This URL is already in use.',
});
-export const ZTeamNameSchema = z
- .string()
- .trim()
- .min(3, { message: 'Team name must be at least 3 characters long.' })
- .max(30, { message: 'Team name must not exceed 30 characters.' })
- .refine((value) => !URL_PATTERN.test(value), {
- message: 'Team name cannot contain URLs.',
- });
-
export const ZCreateTeamEmailVerificationMutationSchema = z.object({
teamId: z.number(),
name: ZNameSchema,
diff --git a/packages/trpc/server/team-router/update-team-branding-logo.ts b/packages/trpc/server/team-router/update-team-branding-logo.ts
new file mode 100644
index 000000000..2196bb068
--- /dev/null
+++ b/packages/trpc/server/team-router/update-team-branding-logo.ts
@@ -0,0 +1,69 @@
+import { IS_BILLING_ENABLED } from '@documenso/lib/constants/app';
+import { TEAM_MEMBER_ROLE_PERMISSIONS_MAP } from '@documenso/lib/constants/teams';
+import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
+import { buildBrandingLogoData } from '@documenso/lib/server-only/branding/store-branding-logo';
+import { getOrganisationClaimByTeamId } from '@documenso/lib/server-only/organisation/get-organisation-claims';
+import { buildTeamWhereQuery } from '@documenso/lib/utils/teams';
+import { prisma } from '@documenso/prisma';
+
+import { authenticatedProcedure } from '../trpc';
+import {
+ ZUpdateTeamBrandingLogoRequestSchema,
+ ZUpdateTeamBrandingLogoResponseSchema,
+} from './update-team-branding-logo.types';
+
+export const updateTeamBrandingLogoRoute = authenticatedProcedure
+ .input(ZUpdateTeamBrandingLogoRequestSchema)
+ .output(ZUpdateTeamBrandingLogoResponseSchema)
+ .mutation(async ({ ctx, input }) => {
+ const { user } = ctx;
+ const { payload, brandingLogo } = input;
+ const { teamId } = payload;
+
+ ctx.logger.info({
+ input: {
+ teamId,
+ },
+ });
+
+ const team = await prisma.team.findFirst({
+ where: buildTeamWhereQuery({
+ teamId,
+ userId: user.id,
+ roles: TEAM_MEMBER_ROLE_PERMISSIONS_MAP['MANAGE_TEAM'],
+ }),
+ });
+
+ if (!team) {
+ throw new AppError(AppErrorCode.UNAUTHORIZED, {
+ message: 'You do not have permission to update this team.',
+ });
+ }
+
+ // Setting a logo requires the custom-branding entitlement; clearing it is
+ // always allowed so a downgraded team can still remove its logo.
+ if (brandingLogo && IS_BILLING_ENABLED()) {
+ const claim = await getOrganisationClaimByTeamId({ teamId });
+
+ if (claim.flags?.allowCustomBranding !== true) {
+ throw new AppError(AppErrorCode.UNAUTHORIZED, {
+ message: 'Your plan does not allow custom branding.',
+ });
+ }
+ }
+
+ const brandingLogoValue = brandingLogo ? await buildBrandingLogoData(brandingLogo) : '';
+
+ await prisma.team.update({
+ where: {
+ id: team.id,
+ },
+ data: {
+ teamGlobalSettings: {
+ update: {
+ brandingLogo: brandingLogoValue,
+ },
+ },
+ },
+ });
+ });
diff --git a/packages/trpc/server/team-router/update-team-branding-logo.types.ts b/packages/trpc/server/team-router/update-team-branding-logo.types.ts
new file mode 100644
index 000000000..171537eaa
--- /dev/null
+++ b/packages/trpc/server/team-router/update-team-branding-logo.types.ts
@@ -0,0 +1,17 @@
+import { z } from 'zod';
+import { zfd } from 'zod-form-data';
+
+import { zfdBrandingImageFile, zodFormData } from '../../utils/zod-form-data';
+
+export const ZUpdateTeamBrandingLogoRequestSchema = zodFormData({
+ payload: zfd.json(
+ z.object({
+ teamId: z.number(),
+ }),
+ ),
+ brandingLogo: zfdBrandingImageFile().optional(),
+});
+
+export const ZUpdateTeamBrandingLogoResponseSchema = z.void();
+
+export type TUpdateTeamBrandingLogoRequest = z.infer;
diff --git a/packages/trpc/server/team-router/update-team-group.ts b/packages/trpc/server/team-router/update-team-group.ts
index f348d49fb..cd11f92d2 100644
--- a/packages/trpc/server/team-router/update-team-group.ts
+++ b/packages/trpc/server/team-router/update-team-group.ts
@@ -45,9 +45,12 @@ export const updateTeamGroupRoute = authenticatedProcedure
});
}
- if (teamGroup.organisationGroup.type === OrganisationGroupType.INTERNAL_ORGANISATION) {
+ if (
+ teamGroup.organisationGroup.type === OrganisationGroupType.INTERNAL_ORGANISATION ||
+ teamGroup.organisationGroup.type === OrganisationGroupType.INTERNAL_TEAM
+ ) {
throw new AppError(AppErrorCode.UNAUTHORIZED, {
- message: 'You are not allowed to update internal organisation groups',
+ message: 'You are not allowed to update internal groups',
});
}
diff --git a/packages/trpc/server/team-router/update-team-settings.ts b/packages/trpc/server/team-router/update-team-settings.ts
index c5db1d12a..c8a81b4b8 100644
--- a/packages/trpc/server/team-router/update-team-settings.ts
+++ b/packages/trpc/server/team-router/update-team-settings.ts
@@ -42,7 +42,6 @@ export const updateTeamSettingsRoute = authenticatedProcedure
// Branding related settings.
brandingEnabled,
- brandingLogo,
brandingUrl,
brandingCompanyDetails,
brandingColors,
@@ -176,7 +175,6 @@ export const updateTeamSettingsRoute = authenticatedProcedure
// Branding related settings.
brandingEnabled,
- brandingLogo,
brandingUrl,
brandingCompanyDetails,
brandingColors: normalizedBrandingColors === null ? Prisma.DbNull : normalizedBrandingColors,
diff --git a/packages/trpc/server/team-router/update-team-settings.types.ts b/packages/trpc/server/team-router/update-team-settings.types.ts
index 31ec4c5b0..72990ce77 100644
--- a/packages/trpc/server/team-router/update-team-settings.types.ts
+++ b/packages/trpc/server/team-router/update-team-settings.types.ts
@@ -35,7 +35,6 @@ export const ZUpdateTeamSettingsRequestSchema = z.object({
// Branding related settings.
brandingEnabled: z.boolean().nullish(),
- brandingLogo: z.string().nullish(),
brandingUrl: z.string().nullish(),
brandingCompanyDetails: z.string().nullish(),
brandingColors: ZCssVarsSchema.nullish(),
diff --git a/packages/trpc/server/team-router/update-team.types.ts b/packages/trpc/server/team-router/update-team.types.ts
index c75abdf30..f28675b1b 100644
--- a/packages/trpc/server/team-router/update-team.types.ts
+++ b/packages/trpc/server/team-router/update-team.types.ts
@@ -1,6 +1,7 @@
+import { ZNameSchema } from '@documenso/lib/types/name';
import { z } from 'zod';
-import { ZTeamNameSchema, ZTeamUrlSchema } from './schema';
+import { ZTeamUrlSchema } from './schema';
export const MAX_PROFILE_BIO_LENGTH = 256;
@@ -19,7 +20,7 @@ export const MAX_PROFILE_BIO_LENGTH = 256;
export const ZUpdateTeamRequestSchema = z.object({
teamId: z.number(),
data: z.object({
- name: ZTeamNameSchema.optional(),
+ name: ZNameSchema.optional(),
url: ZTeamUrlSchema.optional(),
profileBio: z
.string()
diff --git a/packages/trpc/server/webhook-router/schema.ts b/packages/trpc/server/webhook-router/schema.ts
index 1abd126a4..87ebf53d2 100644
--- a/packages/trpc/server/webhook-router/schema.ts
+++ b/packages/trpc/server/webhook-router/schema.ts
@@ -1,4 +1,5 @@
import { isPrivateUrl } from '@documenso/lib/server-only/webhooks/is-private-url';
+import { URL_PATTERN } from '@documenso/lib/types/name';
import { WebhookTriggerEvents } from '@prisma/client';
import { z } from 'zod';
@@ -7,6 +8,13 @@ export const ZWebhookUrlSchema = z
.url()
.refine((url) => !isPrivateUrl(url), {
message: 'Webhook URL cannot point to a private or loopback address',
+ })
+ /*
+ * Without this, values like "foo: bar" would be valid URLs.
+ * Keep the same error message as the zod url() validator.
+ */
+ .refine((value) => URL_PATTERN.test(value), {
+ message: 'Invalid url',
});
export const ZCreateWebhookRequestSchema = z.object({
diff --git a/packages/trpc/utils/zod-form-data.ts b/packages/trpc/utils/zod-form-data.ts
index d62c50635..82f3b39d2 100644
--- a/packages/trpc/utils/zod-form-data.ts
+++ b/packages/trpc/utils/zod-form-data.ts
@@ -1,4 +1,9 @@
import { APP_DOCUMENT_UPLOAD_SIZE_LIMIT } from '@documenso/lib/constants/app';
+import {
+ BRANDING_LOGO_ALLOWED_TYPES,
+ BRANDING_LOGO_MAX_SIZE_BYTES,
+ BRANDING_LOGO_MAX_SIZE_MB,
+} from '@documenso/lib/constants/branding';
import { megabytesToBytes } from '@documenso/lib/universal/unit-convertions';
import type { ZodRawShape } from 'zod';
import z from 'zod';
@@ -17,6 +22,21 @@ export const zfdFile = () => {
});
};
+/**
+ * A `zfd.file()` schema constrained to branding-logo images: size-limited and
+ * restricted to a MIME allowlist. Use for server-side branding logo uploads.
+ */
+export const zfdBrandingImageFile = () => {
+ return zfd
+ .file()
+ .refine((file) => file.size <= BRANDING_LOGO_MAX_SIZE_BYTES, {
+ message: `File cannot be larger than ${BRANDING_LOGO_MAX_SIZE_MB}MB`,
+ })
+ .refine((file) => BRANDING_LOGO_ALLOWED_TYPES.includes(file.type), {
+ message: 'File must be a JPG, PNG, or WebP image',
+ });
+};
+
/**
* This helper takes the place of the `z.object` at the root of your schema.
* It wraps your schema in a `z.preprocess` that extracts all the data out of a `FormData`
diff --git a/packages/tsconfig/process-env.d.ts b/packages/tsconfig/process-env.d.ts
index 6757ed47c..d02df2be0 100644
--- a/packages/tsconfig/process-env.d.ts
+++ b/packages/tsconfig/process-env.d.ts
@@ -93,6 +93,13 @@ declare namespace NodeJS {
NEXT_PUBLIC_DISABLE_OIDC_SIGNUP?: string;
NEXT_PRIVATE_ALLOWED_SIGNUP_DOMAINS?: string;
+ NEXT_PUBLIC_DISABLE_SIGNIN?: string;
+ NEXT_PUBLIC_DISABLE_EMAIL_PASSWORD_SIGNIN?: string;
+ NEXT_PUBLIC_DISABLE_GOOGLE_SIGNIN?: string;
+ NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNIN?: string;
+ NEXT_PUBLIC_DISABLE_OIDC_SIGNIN?: string;
+ NEXT_PUBLIC_DISABLE_OIDC_AUTO_REDIRECT?: string;
+
NEXT_PRIVATE_BROWSERLESS_URL?: string;
NEXT_PRIVATE_JOBS_PROVIDER?: 'inngest' | 'local' | 'bullmq';
diff --git a/render.yaml b/render.yaml
index 9a29fae4d..2b82e7f14 100644
--- a/render.yaml
+++ b/render.yaml
@@ -163,6 +163,18 @@ services:
sync: false
- key: NEXT_PUBLIC_DISABLE_OIDC_SIGNUP
sync: false
+ - key: NEXT_PUBLIC_DISABLE_SIGNIN
+ sync: false
+ - key: NEXT_PUBLIC_DISABLE_EMAIL_PASSWORD_SIGNIN
+ sync: false
+ - key: NEXT_PUBLIC_DISABLE_GOOGLE_SIGNIN
+ sync: false
+ - key: NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNIN
+ sync: false
+ - key: NEXT_PUBLIC_DISABLE_OIDC_SIGNIN
+ sync: false
+ - key: NEXT_PUBLIC_DISABLE_OIDC_AUTO_REDIRECT
+ sync: false
- key: NEXT_PUBLIC_USE_INTERNAL_URL_BROWSERLESS
sync: false
diff --git a/turbo.json b/turbo.json
index c5c0db0f7..b417941fa 100644
--- a/turbo.json
+++ b/turbo.json
@@ -53,6 +53,12 @@
"NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNUP",
"NEXT_PUBLIC_DISABLE_OIDC_SIGNUP",
"NEXT_PRIVATE_ALLOWED_SIGNUP_DOMAINS",
+ "NEXT_PUBLIC_DISABLE_SIGNIN",
+ "NEXT_PUBLIC_DISABLE_EMAIL_PASSWORD_SIGNIN",
+ "NEXT_PUBLIC_DISABLE_GOOGLE_SIGNIN",
+ "NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNIN",
+ "NEXT_PUBLIC_DISABLE_OIDC_SIGNIN",
+ "NEXT_PUBLIC_DISABLE_OIDC_AUTO_REDIRECT",
"NEXT_PRIVATE_PLAIN_API_KEY",
"NEXT_PUBLIC_DOCUMENT_SIZE_UPLOAD_LIMIT",
"NEXT_PRIVATE_DOCUMENSO_LICENSE_KEY",