Commit Graph

275 Commits

Author SHA1 Message Date
ephraimduncan f3f5903760 chore: merge main, resolve biome formatting conflicts
Merge origin/main into feat/document-file-conversion. Conflicts were
format-only (Tailwind class ordering, single-line vs multi-line) plus
two semantic merges:

- files.helpers.ts: combine main's pending-PDF download path with the
  branch's original-source-file (DOCX/PNG/JPEG) download path
- download-pdf.ts: combine main's versionToFilenameSuffix helper with
  the branch's server-provided Content-Disposition filename support
2026-05-12 11:28:47 +00:00
Lucas Smith 0b86ece1d5 feat: add custom branding for signing pages (#2785)
Platform-plan organisations and teams can now customise non-embed
signing pages with six brand colour tokens, a border-radius, and
a free-text custom CSS block (up to 256 KB).

- Stored on OrganisationGlobalSettings / TeamGlobalSettings;
  teams inherit from the org via brandingEnabled === null.
- CSS is sanitised on save (PostCSS) so we can inline it at SSR
  with no per-render parsing.
- Rendered via a nonce'd <style> scoped under .documenso-branded,
  using native CSS nesting so user selectors don't need scoping.
- Gated on the existing embedSigningWhiteLabel claim (or
  self-hosted) — reuses the embed white-label decision.
2026-05-11 13:03:02 +10:00
Ephraim Duncan a197bf113f feat: add granular signup disable flags (#2765) 2026-05-09 01:16:13 +00:00
David Nguyen 8671f269e8 fix: lint project (#2693) 2026-05-08 16:04:22 +10:00
David Nguyen 207135d6f3 feat: add new field overflow methods (#2715) 2026-05-08 15:14:27 +10:00
Lucas Smith f66751668a fix: paginate and search member/group pickers (#2768) 2026-05-07 15:03:38 +10:00
Ephraim Duncan 8c0e029b1b feat: add pending signed PDF downloads (#2730) 2026-05-05 17:25:24 +10:00
David Nguyen 6a6ef8d2ad feat: allow add myself feature for embeds (#2754) 2026-05-04 15:05:13 +10:00
Lucas Smith 690491c3b1 fix: prevent 2fa users from being flagged as bots (#2748) 2026-05-04 12:45:43 +10:00
David Nguyen e19b1d00d0 fix: improve embed error messages (#2752) 2026-05-01 14:24:42 +10:00
David Nguyen c428170b5c fix: allow users to download templates (#2746) 2026-04-30 16:50:07 +10:00
David Nguyen 5d92aaf20a feat: render signatures on pending envelopes (#2743) 2026-04-30 14:43:48 +10:00
Catalin Pit ae497092d7 fix: security improvements (#2593) 2026-04-30 14:43:20 +10:00
David Nguyen 2f4c3893a3 fix: remove envelope title cropping (#2739) 2026-04-28 16:01:19 +10:00
Catalin Pit e063af628f feat: allow admins to remove organisation and team members (#2705) 2026-04-22 23:08:16 +10:00
Catalin Pit d38d703fd3 fix: error message (update title) (#2691) 2026-04-22 15:42:07 +10:00
Lucas Smith 3249f855fb fix: show captcha on challenge for sign in (#2713) 2026-04-22 14:26:15 +10:00
ephraimduncan f9cb8d84ed Merge branch 'main' into feat/document-file-conversion
Resolved conflicts:
- create-document-data.ts: merged initialData + originalData/originalMimeType
- files.helpers.ts: kept both imports
- envelope-drop-zone-wrapper.tsx: adopted buildDropzoneRejectionDescription
- create-envelope-items.ts: adopted UNSAFE_createEnvelopeItems
- create-envelope.ts: integrated convertToPdfIfNeeded into createEnvelopeRouteCaller

Extended putPdfFileServerSide to accept { initialData, originalData,
originalMimeType } options; updated seal-document.handler call site.
2026-04-20 10:11:35 +00:00
Lucas Smith f54a8ed72f feat: add turnstile captcha to auth flow (#2703) 2026-04-16 14:29:07 +10:00
David Nguyen 5082226e08 fix: brand logo caching (#2699) 2026-04-14 21:18:17 +10:00
Ephraim Duncan 4935f387bf feat: signing reminders (#1749) 2026-04-14 21:01:53 +10:00
David Nguyen 6d7bd212bf fix: clean up duplicate dialogs (#2686) 2026-04-09 14:37:49 +10:00
David Nguyen 283334921b fix: update team member invitation ux (#2687) 2026-04-09 14:32:29 +10:00
David Nguyen 14b0b4805d feat: auto insert email and date fields (#2639) 2026-04-08 15:35:08 +10:00
Ephraim Duncan 9bfaa08d38 fix: documents table team email recipient lookup (#2578) 2026-04-07 20:10:38 +00:00
Swalih kolakkadan 6f650e1c2f feat: add document rename feature (#2542) (#2595) 2026-04-02 19:07:52 +11:00
David Nguyen b13ec8909c fix: resolve incorrect recipient comparision check (#2646)
## Description

Resolve issues with comparison checks.

The `envelope-editor-provider.tsx` should be low impact since it's embed
only which will only cause the non relevant attributes (such as sent at)
to be incorrectly mapped

The `auth-provider.tsx` one should have no impact
2026-04-01 16:04:14 +11:00
David Nguyen e3b7a9e7cb feat: add ability to save documents as template (#2661) 2026-04-01 16:03:26 +11:00
Catalin Pit a71c44570b feat: admin panel org improvements (#2548)
## Description

- Add a new team page showing team details, global settings, members,
and pending invites
- Update the organisation page to display organisation usage and global
settings
- Show the role and ID of each organisation member, with navigation to
their teams

## Checklist

<!--- Please check the boxes that apply to this pull request. -->
<!--- You can add or remove items as needed. -->

- [ ] I have tested these changes locally and they work as expected.
- [ ] I have added/updated tests that prove the effectiveness of these
changes.
- [ ] I have updated the documentation to reflect these changes, if
applicable.
- [ ] I have followed the project's coding style guidelines.
- [ ] I have addressed the code review feedback from the previous
submission, if applicable.
2026-03-27 11:55:33 +02:00
Catalin Pit f5b3babcbb feat: display the field id in dev mode (#2658) 2026-03-27 00:40:29 +11:00
Lucas Smith 2346de83a6 fix: replace z.string().email() with RFC 5322 compliant zEmail() (#2656) 2026-03-26 16:31:21 +11:00
Lucas Smith 814f6e62de fix: replace z.string().email() with RFC 5322 compliant ZEmail/zEmail (#2655) 2026-03-26 13:31:26 +11:00
David Nguyen 53b6078fa9 fix: missing embed direct template email validation (#2635) 2026-03-23 15:12:42 +11:00
Catalin Pit 5be71cca21 feat: add option to disable Document created from template (#2609) 2026-03-23 15:11:42 +11:00
David Nguyen ace472c294 fix: prevent managers from deleting admin invitations (#2636) 2026-03-20 22:26:59 +11:00
David Nguyen 9cf8ed1d00 fix: resolve envelope editor settings ccer logic (#2628)
## Description

Fix issue where having a CCer for a draft document would prevent
changing the date/timezone and some other settings.
2026-03-19 14:21:28 +11:00
David Nguyen 48fb066b9a feat: allow editing pending envelope titles (#2604) 2026-03-19 14:03:30 +11:00
David Nguyen 0b605d61c6 feat: add envelope pdf replacement (#2602) 2026-03-18 22:53:28 +11:00
Ted Liang 5dcdac7ecd feat: support language in embedding (#2364) 2026-03-18 16:17:23 +11:00
Catalin Pit 455fef70bd fix: folder view all page nested navigation and search filtering (#2450)
Add parentId query param support to documents/templates folder index
pages so View All correctly shows subfolders. Fix search not filtering
unpinned folders on documents page and broken mt- Tailwind class on
templates page.
2026-03-17 12:02:32 +02:00
Ephraim Duncan 36bbd97514 feat: add organisation template type (#2611) 2026-03-17 01:29:34 +11:00
Ephraim Duncan 66e357c9b3 feat: add email domain restriction for signups (#2266)
Co-authored-by: Lucas Smith <me@lucasjamessmith.me>
2026-03-14 16:32:34 +11:00
Catalin Pit 32c54e1245 fix: hide name/email in embed signing when provided via prop (#2600)
## Description

When signing via embed, recipient name and email provided through the
embed context were ignored if the DB recipient record had empty values.

This fix adds:
- the signing context's fullName and email as fallbacks in the recipient
payload
- keeps the form in sync with values instead of defaultValues
- ensures the override payload is sent even when the form is hidden
2026-03-13 21:59:10 +11:00
Ted Liang 83fbc70a1c refactor: avoid recipient color duplication (#2355) 2026-03-13 15:52:15 +11:00
Lucas Smith 6b1b1d0417 fix: improve webhook execution (#2608)
Webhook URLs were being fetched without validating whether they
resolved to private/loopback addresses, exposing the server to SSRF.

Current SSRF is best effort and fail open, you should never host
services that
you cant risk exposure of.

This extracts webhook execution into a shared module that validates
URLs against private IP ranges (including DNS resolution), enforces
timeouts, and disables redirect following. The resend route now
queues through the job system instead of calling fetch inline.
2026-03-13 15:02:09 +11:00
David Nguyen 8d97f1dcfa fix: resolve error flash on page refresh (#2606) 2026-03-13 12:37:30 +11:00
David Nguyen e67e19358a fix: add hipaa flag (#2603) 2026-03-13 12:06:10 +11:00
Joshua Sharp 4751c9cecc fix: template description overflow (#2605) 2026-03-12 18:15:21 +11:00
Lucas Smith af346b179c feat: add recipient role editing and audit log PDF download in admin (#2594)
- Allow admins to update recipient role from document detail page
- Add download button to export audit logs as PDF
- Display recipient status details in accordion
- Add LocalTime component with hover popover for timestamps
2026-03-10 21:41:46 +11:00
Lucas Smith cc71c7d9ba fix: add cmaps (#2588) 2026-03-09 14:07:13 +11:00