0.9.0

Reviewed-on: #180

.drone.yml

@@ -17,7 +17,7 @@ steps:
       branch:
         - master
   - name: rspec
-    image: gitea.kosmos.org/kosmos/akkounts-ci:0.1.0
+    image: gitea.kosmos.org/kosmos/akkounts-ci:0.9.1
     environment:
       RAILS_ENV: test
       REDIS_URL: redis://redis:6379/0
@@ -28,6 +28,8 @@ steps:
       - bundle config set cache_path 'vendor/cache'
       - bundle config set with 'development test'
       - bundle install --jobs=3 --retry=3
+      - bundle exec rails db:create
+      - bundle exec rails db:migrate
       - yarn install
       - rake css:build
       - bundle exec rspec

.env.example

@@ -1,64 +1,64 @@
-PRIMARY_DOMAIN=kosmos.org
+# PRIMARY_DOMAIN=kosmos.org
-AKKOUNTS_DOMAIN=accounts.example.com
+# AKKOUNTS_DOMAIN=accounts.example.com
 
-SMTP_SERVER=smtp.example.com
+# SMTP_SERVER=smtp.example.com
-SMTP_PORT=587
+# SMTP_PORT=587
-SMTP_LOGIN=accounts
+# SMTP_LOGIN=accounts
-SMTP_PASSWORD=123abc
+# SMTP_PASSWORD=123abc
-SMTP_FROM_ADDRESS=accounts@example.com
+# SMTP_FROM_ADDRESS=accounts@example.com
-SMTP_DOMAIN=example.com
+# SMTP_DOMAIN=example.com
-SMTP_AUTH_METHOD=plain
+# SMTP_AUTH_METHOD=plain
-SMTP_ENABLE_STARTTLS=auto
+# SMTP_ENABLE_STARTTLS=auto
 
 # S3_ENABLED=true
 # S3_ENDPOINT=https://s3.kosmos.org
 # S3_REGION=garage
 # S3_BUCKET=akkounts-production
-# S3_ALIAS_HOST=accounts.s3.kosmos.org
+# S3_ALIAS_HOST=https://accounts.web.s3.kosmos.org
 # S3_ACCESS_KEY=123456abcdefg
 # S3_SECRET_KEY=123456789123456789123456789
 
-LDAP_HOST=localhost
+# LDAP_HOST=localhost
-LDAP_PORT=389
+# LDAP_PORT=389
-LDAP_ADMIN_PASSWORD=passthebutter
+# LDAP_ADMIN_PASSWORD=passthebutter
-LDAP_SUFFIX='dc=kosmos,dc=org'
+# LDAP_SUFFIX='dc=kosmos,dc=org'
 
-REDIS_URL='redis://localhost:6379/1'
+# REDIS_URL='redis://localhost:6379/1'
 
-WEBHOOKS_ALLOWED_IPS='10.1.1.163'
+# WEBHOOKS_ALLOWED_IPS='10.1.1.163'
 
 #
 # Service Integrations
 #
 
-BTCPAY_API_URL='http://localhost:23001/api/v1'
+# BTCPAY_API_URL='http://localhost:23001/api/v1'
-BTCPAY_STORE_ID=''
+# BTCPAY_STORE_ID=''
-BTCPAY_AUTH_TOKEN=''
+# BTCPAY_AUTH_TOKEN=''
 
-DISCOURSE_PUBLIC_URL='https://community.kosmos.org'
+# DISCOURSE_PUBLIC_URL='https://community.kosmos.org'
-DISCOURSE_CONNECT_SECRET='discourse_connect_ftw'
+# DISCOURSE_CONNECT_SECRET='discourse_connect_ftw'
 
-DRONECI_PUBLIC_URL='https://drone.kosmos.org'
+# DRONECI_PUBLIC_URL='https://drone.kosmos.org'
 
-EJABBERD_ADMIN_URL='https://xmpp.kosmos.org/admin'
+# EJABBERD_ADMIN_URL='https://xmpp.kosmos.org/admin'
-EJABBERD_API_URL='https://xmpp.kosmos.org/api'
+# EJABBERD_API_URL='https://xmpp.kosmos.org/api'
 
-GITEA_PUBLIC_URL='https://gitea.kosmos.org'
+# GITEA_PUBLIC_URL='https://gitea.kosmos.org'
 
-LNDHUB_API_URL='http://localhost:3023'
+# LNDHUB_API_URL='http://localhost:3023'
-LNDHUB_PUBLIC_URL='https://lndhub.kosmos.org'
+# LNDHUB_PUBLIC_URL='https://lndhub.kosmos.org'
-LNDHUB_PUBLIC_KEY='0123d3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946'
+# LNDHUB_PUBLIC_KEY='0123d3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946'
-LNDHUB_ADMIN_UI=true
+# LNDHUB_ADMIN_UI=true
-LNDHUB_ADMIN_TOKEN=123456789
+# LNDHUB_ADMIN_TOKEN=123456789
-LNDHUB_PG_HOST=localhost
+# LNDHUB_PG_HOST=localhost
-LNDHUB_PG_PORT=5432
+# LNDHUB_PG_PORT=5432
-LNDHUB_PG_DATABASE=lndhub
+# LNDHUB_PG_DATABASE=lndhub
-LNDHUB_PG_USERNAME=lndhub
+# LNDHUB_PG_USERNAME=lndhub
-LNDHUB_PG_PASSWORD=''
+# LNDHUB_PG_PASSWORD=''
 
-MASTODON_PUBLIC_URL='https://kosmos.social'
+# MASTODON_PUBLIC_URL='https://kosmos.social'
 
-MEDIAWIKI_PUBLIC_URL='https://wiki.kosmos.org'
+# MEDIAWIKI_PUBLIC_URL='https://wiki.kosmos.org'
 
-RS_STORAGE_URL='https://storage.kosmos.org'
+# RS_STORAGE_URL='https://storage.kosmos.org'
-RS_REDIS_URL='redis://localhost:6379/2'
+# RS_REDIS_URL='redis://localhost:6379/2'

.ruby-version

@@ -1 +1 @@
-2.7.2
+3.3.0

Dockerfile

@@ -1,10 +1,18 @@
 # syntax=docker/dockerfile:1
-FROM ruby:2.7.6
+FROM debian:bullseye-slim as base
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
-RUN apt-get update -qq && apt-get install -y --no-install-recommends curl \
+# TODO Remove when upstream Ruby works properly on Apple silicon
-      ldap-utils tini libvips
+RUN apt update && apt install -y build-essential wget autoconf libpq-dev pkg-config
+RUN wget https://github.com/postmodern/ruby-install/releases/download/v0.9.3/ruby-install-0.9.3.tar.gz \
+  && tar -xzvf ruby-install-0.9.3.tar.gz \
+  && cd ruby-install-0.9.3/ \
+  && make install
+RUN ruby-install -p https://github.com/ruby/ruby/pull/9371.diff ruby 3.3.0
+ENV PATH="/opt/rubies/ruby-3.3.0/bin:${PATH}"
+
+RUN apt-get install -y --no-install-recommends curl ldap-utils tini libvips
 RUN curl -fsSL https://deb.nodesource.com/setup_lts.x | bash -
 RUN apt-get update && apt-get install -y nodejs
 

Gemfile

@@ -2,7 +2,7 @@ source 'https://rubygems.org'
 git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 
 # Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
-gem 'rails', '~> 7.0.2'
+gem 'rails', '~> 7.1'
 # Use Puma as the app server
 gem 'puma', '~> 4.1'
 # View components
@@ -22,7 +22,7 @@ gem 'jbuilder', '~> 2.7'
 # Use Redis adapter to run Action Cable in production
 # gem 'redis', '~> 4.0'
 # Use Active Model has_secure_password
-gem 'bcrypt', '~> 3.1.7'
+gem 'bcrypt', '~> 3.1'
 
 # Configuration
 gem 'dotenv-rails'
@@ -61,20 +61,19 @@ gem "sentry-rails"
 # Services
 gem 'discourse_api'
 gem "lnurl"
-gem 'manifique', git: 'https://gitea.kosmos.org/5apps/manifique.git', branch: 'master'
+gem 'manifique'
-gem 'nostr', git: 'https://gitea.kosmos.org/kosmos/nostr-gem.git', ref: 'd59f31a'
+gem 'nostr'
 
 group :development, :test do
   # Use sqlite3 as the database for Active Record
-  gem 'sqlite3', '~> 1.4'
+  gem 'sqlite3', '~> 1.7.2'
   gem 'rspec-rails'
   gem 'rails-controller-testing'
-  gem "byebug", "~> 11.1"
 end
 
 group :development do
   # Access an interactive console on exception pages or by calling 'console' anywhere in the code.
-  gem 'web-console', '>= 3.3.0'
+  gem 'web-console', '~> 4.2'
   gem 'listen', '~> 3.2'
   gem 'letter_opener'
   gem 'letter_opener_web'
@@ -90,8 +89,8 @@ group :test do
 end
 
 group :production do
-  # Use postgresql as the database for Active Record
+  gem 'pg', '~> 1.5'
-  gem 'pg', '~> 1.2.3'
 end
+
 # Windows does not include zoneinfo files, so bundle the tzinfo-data gem
 gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]

Gemfile.lock

@@ -1,141 +1,127 @@
-GIT
-  remote: https://gitea.kosmos.org/5apps/manifique.git
-  revision: 8d79113438ee7c3e4288f840a135622519cffd5c
-  branch: master
-  specs:
-    manifique (0.1.0)
-      faraday (~> 2.7.11)
-      faraday-follow_redirects (= 0.3.0)
-      nokogiri (~> 1.15.4)
-
-GIT
-  remote: https://gitea.kosmos.org/kosmos/nostr-gem.git
-  revision: d59f31a3c63c7642fe2d3eb50b785da54fdabfab
-  ref: d59f31a
-  specs:
-    nostr (0.5.0)
-      bech32 (~> 1.4)
-      bip-schnorr (~> 0.6)
-      ecdsa (~> 1.2)
-      event_emitter (~> 0.2)
-      faye-websocket (~> 0.11)
-      json (~> 2.6)
-
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (7.0.8)
+    actioncable (7.1.3)
-      actionpack (= 7.0.8)
+      actionpack (= 7.1.3)
-      activesupport (= 7.0.8)
+      activesupport (= 7.1.3)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (7.0.8)
+      zeitwerk (~> 2.6)
-      actionpack (= 7.0.8)
+    actionmailbox (7.1.3)
-      activejob (= 7.0.8)
+      actionpack (= 7.1.3)
-      activerecord (= 7.0.8)
+      activejob (= 7.1.3)
-      activestorage (= 7.0.8)
+      activerecord (= 7.1.3)
-      activesupport (= 7.0.8)
+      activestorage (= 7.1.3)
+      activesupport (= 7.1.3)
       mail (>= 2.7.1)
       net-imap
       net-pop
       net-smtp
-    actionmailer (7.0.8)
+    actionmailer (7.1.3)
-      actionpack (= 7.0.8)
+      actionpack (= 7.1.3)
-      actionview (= 7.0.8)
+      actionview (= 7.1.3)
-      activejob (= 7.0.8)
+      activejob (= 7.1.3)
-      activesupport (= 7.0.8)
+      activesupport (= 7.1.3)
       mail (~> 2.5, >= 2.5.4)
       net-imap
       net-pop
       net-smtp
-      rails-dom-testing (~> 2.0)
+      rails-dom-testing (~> 2.2)
-    actionpack (7.0.8)
+    actionpack (7.1.3)
-      actionview (= 7.0.8)
+      actionview (= 7.1.3)
-      activesupport (= 7.0.8)
+      activesupport (= 7.1.3)
-      rack (~> 2.0, >= 2.2.4)
+      nokogiri (>= 1.8.5)
+      racc
+      rack (>= 2.2.4)
+      rack-session (>= 1.0.1)
       rack-test (>= 0.6.3)
-      rails-dom-testing (~> 2.0)
+      rails-dom-testing (~> 2.2)
-      rails-html-sanitizer (~> 1.0, >= 1.2.0)
+      rails-html-sanitizer (~> 1.6)
-    actiontext (7.0.8)
+    actiontext (7.1.3)
-      actionpack (= 7.0.8)
+      actionpack (= 7.1.3)
-      activerecord (= 7.0.8)
+      activerecord (= 7.1.3)
-      activestorage (= 7.0.8)
+      activestorage (= 7.1.3)
-      activesupport (= 7.0.8)
+      activesupport (= 7.1.3)
       globalid (>= 0.6.0)
       nokogiri (>= 1.8.5)
-    actionview (7.0.8)
+    actionview (7.1.3)
-      activesupport (= 7.0.8)
+      activesupport (= 7.1.3)
       builder (~> 3.1)
-      erubi (~> 1.4)
+      erubi (~> 1.11)
-      rails-dom-testing (~> 2.0)
+      rails-dom-testing (~> 2.2)
-      rails-html-sanitizer (~> 1.1, >= 1.2.0)
+      rails-html-sanitizer (~> 1.6)
-    activejob (7.0.8)
+    activejob (7.1.3)
-      activesupport (= 7.0.8)
+      activesupport (= 7.1.3)
       globalid (>= 0.3.6)
-    activemodel (7.0.8)
+    activemodel (7.1.3)
-      activesupport (= 7.0.8)
+      activesupport (= 7.1.3)
-    activerecord (7.0.8)
+    activerecord (7.1.3)
-      activemodel (= 7.0.8)
+      activemodel (= 7.1.3)
-      activesupport (= 7.0.8)
+      activesupport (= 7.1.3)
-    activestorage (7.0.8)
+      timeout (>= 0.4.0)
-      actionpack (= 7.0.8)
+    activestorage (7.1.3)
-      activejob (= 7.0.8)
+      actionpack (= 7.1.3)
-      activerecord (= 7.0.8)
+      activejob (= 7.1.3)
-      activesupport (= 7.0.8)
+      activerecord (= 7.1.3)
+      activesupport (= 7.1.3)
       marcel (~> 1.0)
-      mini_mime (>= 1.1.0)
+    activesupport (7.1.3)
-    activesupport (7.0.8)
+      base64
+      bigdecimal
       concurrent-ruby (~> 1.0, >= 1.0.2)
+      connection_pool (>= 2.2.5)
+      drb
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
+      mutex_m
       tzinfo (~> 2.0)
-    addressable (2.8.5)
+    addressable (2.8.6)
       public_suffix (>= 2.0.2, < 6.0)
     ast (2.4.2)
-    aws-eventstream (1.2.0)
+    aws-eventstream (1.3.0)
-    aws-partitions (1.839.0)
+    aws-partitions (1.886.0)
-    aws-sdk-core (3.185.1)
+    aws-sdk-core (3.191.0)
-      aws-eventstream (~> 1, >= 1.0.2)
+      aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.651.0)
-      aws-sigv4 (~> 1.5)
+      aws-sigv4 (~> 1.8)
       jmespath (~> 1, >= 1.6.1)
-    aws-sdk-kms (1.72.0)
+    aws-sdk-kms (1.77.0)
-      aws-sdk-core (~> 3, >= 3.184.0)
+      aws-sdk-core (~> 3, >= 3.191.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.136.0)
+    aws-sdk-s3 (1.143.0)
-      aws-sdk-core (~> 3, >= 3.181.0)
+      aws-sdk-core (~> 3, >= 3.191.0)
       aws-sdk-kms (~> 1)
-      aws-sigv4 (~> 1.6)
+      aws-sigv4 (~> 1.8)
-    aws-sigv4 (1.6.0)
+    aws-sigv4 (1.8.0)
       aws-eventstream (~> 1, >= 1.0.2)
     backport (1.2.0)
-    base64 (0.1.1)
+    base64 (0.2.0)
-    bcrypt (3.1.19)
+    bcrypt (3.1.20)
     bech32 (1.4.2)
       thor (>= 1.1.0)
-    benchmark (0.2.1)
+    benchmark (0.3.0)
+    bigdecimal (3.1.6)
     bindex (0.8.1)
     bip-schnorr (0.7.0)
       ecdsa_ext (~> 0.5.0)
-    brow (0.4.1)
     builder (3.2.4)
-    byebug (11.1.3)
+    capybara (3.40.0)
-    capybara (3.39.2)
       addressable
       matrix
       mini_mime (>= 0.1.3)
-      nokogiri (~> 1.8)
+      nokogiri (~> 1.11)
       rack (>= 1.6.0)
       rack-test (>= 0.6.3)
       regexp_parser (>= 1.5, < 3.0)
       xpath (~> 3.2)
     chunky_png (1.4.0)
-    concurrent-ruby (1.2.2)
+    concurrent-ruby (1.2.3)
     connection_pool (2.4.1)
-    crack (0.4.5)
+    crack (0.4.6)
+      bigdecimal
       rexml
     crass (1.0.6)
-    cssbundling-rails (1.3.3)
+    cssbundling-rails (1.4.0)
       railties (>= 6.0.0)
     database_cleaner (2.0.2)
       database_cleaner-active_record (>= 2, < 3)
@@ -143,7 +129,7 @@ GEM
       activerecord (>= 5.a)
       database_cleaner-core (~> 2.0.0)
     database_cleaner-core (2.0.1)
-    date (3.3.3)
+    date (3.3.4)
     devise (4.9.3)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
@@ -153,7 +139,7 @@ GEM
     devise_ldap_authenticatable (0.8.7)
       devise (>= 3.4.1)
       net-ldap (>= 0.16.0)
-    diff-lcs (1.5.0)
+    diff-lcs (1.5.1)
     discourse_api (2.0.1)
       faraday (~> 2.7)
       faraday-follow_redirects
@@ -165,6 +151,8 @@ GEM
       railties (>= 3.2)
     down (5.4.1)
       addressable (~> 2.8)
+    drb (2.2.0)
+      ruby2_keywords
     e2mmap (0.1.0)
     ecdsa (1.2.0)
     ecdsa_ext (0.5.0)
@@ -174,58 +162,61 @@ GEM
       tzinfo
     event_emitter (0.2.6)
     eventmachine (1.2.7)
-    factory_bot (6.2.1)
+    factory_bot (6.4.6)
       activesupport (>= 5.0.0)
-    factory_bot_rails (6.2.0)
+    factory_bot_rails (6.4.3)
-      factory_bot (~> 6.2.0)
+      factory_bot (~> 6.4)
       railties (>= 5.0.0)
-    faker (3.2.1)
+    faker (3.2.3)
       i18n (>= 1.8.11, < 2)
-    faraday (2.7.11)
+    faraday (2.9.0)
-      base64
+      faraday-net_http (>= 2.0, < 3.2)
-      faraday-net_http (>= 2.0, < 3.1)
-      ruby2_keywords (>= 0.0.4)
     faraday-follow_redirects (0.3.0)
       faraday (>= 1, < 3)
     faraday-multipart (1.0.4)
       multipart-post (~> 2)
-    faraday-net_http (3.0.2)
+    faraday-net_http (3.1.0)
+      net-http
     faye-websocket (0.11.3)
       eventmachine (>= 0.12.0)
       websocket-driver (>= 0.5.1)
     ffi (1.16.3)
-    flipper (1.0.0)
+    flipper (1.2.2)
-      brow (~> 0.4.1)
       concurrent-ruby (< 2)
-    flipper-active_record (1.0.0)
+    flipper-active_record (1.2.2)
       activerecord (>= 4.2, < 8)
-      flipper (~> 1.0.0)
+      flipper (~> 1.2.2)
-    flipper-ui (1.0.0)
+    flipper-ui (1.2.2)
       erubi (>= 1.0.0, < 2.0.0)
-      flipper (~> 1.0.0)
+      flipper (~> 1.2.2)
       rack (>= 1.4, < 4)
       rack-protection (>= 1.5.3, <= 4.0.0)
       sanitize (< 7)
-    fugit (1.8.1)
+    fugit (1.9.0)
       et-orbi (~> 1, >= 1.2.7)
       raabro (~> 1.4)
     globalid (1.2.1)
       activesupport (>= 6.1)
-    hashdiff (1.0.1)
+    hashdiff (1.1.0)
     i18n (1.14.1)
       concurrent-ruby (~> 1.0)
     image_processing (1.12.2)
       mini_magick (>= 4.9.5, < 5)
       ruby-vips (>= 2.0.17, < 3)
-    importmap-rails (1.2.1)
+    importmap-rails (2.0.1)
       actionpack (>= 6.0.0)
+      activesupport (>= 6.0.0)
       railties (>= 6.0.0)
+    io-console (0.7.2)
+    irb (1.11.1)
+      rdoc
+      reline (>= 0.4.2)
     jaro_winkler (1.5.6)
     jbuilder (2.11.5)
       actionview (>= 5.0.0)
       activesupport (>= 5.0.0)
     jmespath (1.6.2)
-    json (2.6.3)
+    json (2.7.1)
     kramdown (2.4.0)
       rexml
     kramdown-parser-gfm (1.1.0)
@@ -245,8 +236,8 @@ GEM
       rb-inotify (~> 0.9, >= 0.9.10)
     lnurl (1.1.0)
       bech32 (~> 1.1)
-    lockbox (1.3.0)
+    lockbox (1.3.2)
-    loofah (2.21.4)
+    loofah (2.22.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
     mail (2.8.1)
@@ -254,63 +245,85 @@ GEM
       net-imap
       net-pop
       net-smtp
+    manifique (1.0.1)
+      faraday (~> 2.9.0)
+      faraday-follow_redirects (= 0.3.0)
+      nokogiri (~> 1.16.0)
     marcel (1.0.2)
     matrix (0.4.2)
     method_source (1.0.0)
     mini_magick (4.12.0)
     mini_mime (1.1.5)
     mini_portile2 (2.8.5)
-    minitest (5.20.0)
+    minitest (5.21.2)
     multipart-post (2.3.0)
-    net-imap (0.3.7)
+    mutex_m (0.2.0)
+    net-http (0.4.1)
+      uri
+    net-imap (0.4.9.1)
       date
       net-protocol
-    net-ldap (0.18.0)
+    net-ldap (0.19.0)
     net-pop (0.1.2)
       net-protocol
-    net-protocol (0.2.1)
+    net-protocol (0.2.2)
       timeout
-    net-smtp (0.4.0)
+    net-smtp (0.4.0.1)
       net-protocol
-    nio4r (2.5.9)
+    nio4r (2.7.0)
-    nokogiri (1.15.4)
+    nokogiri (1.16.0)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
-    nokogiri (1.15.4-arm64-darwin)
+    nokogiri (1.16.0-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.15.4-x86_64-linux)
+    nokogiri (1.16.0-x86_64-linux)
       racc (~> 1.4)
+    nostr (0.5.0)
+      bech32 (~> 1.4)
+      bip-schnorr (~> 0.6)
+      ecdsa (~> 1.2)
+      event_emitter (~> 0.2)
+      faye-websocket (~> 0.11)
+      json (~> 2.6)
     orm_adapter (0.5.0)
-    pagy (6.1.0)
+    pagy (6.4.3)
-    parallel (1.23.0)
+    parallel (1.24.0)
-    parser (3.2.2.4)
+    parser (3.3.0.5)
       ast (~> 2.4.1)
       racc
-    pg (1.2.3)
+    pg (1.5.4)
-    public_suffix (5.0.3)
+    psych (5.1.2)
+      stringio
+    public_suffix (5.0.4)
     puma (4.3.12)
       nio4r (~> 2.0)
     raabro (1.4.0)
-    racc (1.7.1)
+    racc (1.7.3)
     rack (2.2.8)
-    rack-protection (3.1.0)
+    rack-protection (3.2.0)
+      base64 (>= 0.1.0)
       rack (~> 2.2, >= 2.2.4)
+    rack-session (1.0.2)
+      rack (< 3)
     rack-test (2.1.0)
       rack (>= 1.3)
-    rails (7.0.8)
+    rackup (1.0.0)
-      actioncable (= 7.0.8)
+      rack (< 3)
-      actionmailbox (= 7.0.8)
+      webrick
-      actionmailer (= 7.0.8)
+    rails (7.1.3)
-      actionpack (= 7.0.8)
+      actioncable (= 7.1.3)
-      actiontext (= 7.0.8)
+      actionmailbox (= 7.1.3)
-      actionview (= 7.0.8)
+      actionmailer (= 7.1.3)
-      activejob (= 7.0.8)
+      actionpack (= 7.1.3)
-      activemodel (= 7.0.8)
+      actiontext (= 7.1.3)
-      activerecord (= 7.0.8)
+      actionview (= 7.1.3)
-      activestorage (= 7.0.8)
+      activejob (= 7.1.3)
-      activesupport (= 7.0.8)
+      activemodel (= 7.1.3)
+      activerecord (= 7.1.3)
+      activestorage (= 7.1.3)
+      activesupport (= 7.1.3)
       bundler (>= 1.15.0)
-      railties (= 7.0.8)
+      railties (= 7.1.3)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
       actionview (>= 5.0.1.rc1)
@@ -325,21 +338,26 @@ GEM
     rails-settings-cached (2.8.3)
       activerecord (>= 5.0.0)
       railties (>= 5.0.0)
-    railties (7.0.8)
+    railties (7.1.3)
-      actionpack (= 7.0.8)
+      actionpack (= 7.1.3)
-      activesupport (= 7.0.8)
+      activesupport (= 7.1.3)
-      method_source
+      irb
+      rackup (>= 1.0.0)
       rake (>= 12.2)
-      thor (~> 1.0)
+      thor (~> 1.0, >= 1.2.2)
-      zeitwerk (~> 2.5)
+      zeitwerk (~> 2.6)
     rainbow (3.1.1)
-    rake (13.0.6)
+    rake (13.1.0)
     rb-fsevent (0.11.2)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
     rbs (2.8.4)
+    rdoc (6.6.2)
+      psych (>= 4.0.0)
     redis (4.8.1)
-    regexp_parser (2.8.2)
+    regexp_parser (2.9.0)
+    reline (0.4.2)
+      io-console (~> 0.5)
     responders (3.1.1)
       actionpack (>= 5.2)
       railties (>= 5.2)
@@ -358,7 +376,7 @@ GEM
     rspec-mocks (3.12.6)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.12.0)
-    rspec-rails (6.0.3)
+    rspec-rails (6.1.1)
       actionpack (>= 6.1)
       activesupport (>= 6.1)
       railties (>= 6.1)
@@ -367,19 +385,18 @@ GEM
       rspec-mocks (~> 3.12)
       rspec-support (~> 3.12)
     rspec-support (3.12.1)
-    rubocop (1.57.1)
+    rubocop (1.60.2)
-      base64 (~> 0.1.1)
       json (~> 2.3)
       language_server-protocol (>= 3.17.0)
       parallel (~> 1.10)
-      parser (>= 3.2.2.4)
+      parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.28.1, < 2.0)
+      rubocop-ast (>= 1.30.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 3.0)
-    rubocop-ast (1.29.0)
+    rubocop-ast (1.30.0)
       parser (>= 3.2.1.0)
     ruby-progressbar (1.13.0)
     ruby-vips (2.2.0)
@@ -390,10 +407,10 @@ GEM
     sanitize (6.1.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
-    sentry-rails (5.12.0)
+    sentry-rails (5.16.1)
       railties (>= 5.0)
-      sentry-ruby (~> 5.12.0)
+      sentry-ruby (~> 5.16.1)
-    sentry-ruby (5.12.0)
+    sentry-ruby (5.16.1)
       concurrent-ruby (~> 1.0, >= 1.0.2)
     sidekiq (6.5.12)
       connection_pool (>= 2.2.5, < 3)
@@ -403,7 +420,7 @@ GEM
       rufus-scheduler (~> 3.2)
       sidekiq (>= 6, < 8)
       tilt (>= 1.4.0)
-    solargraph (0.49.0)
+    solargraph (0.50.0)
       backport (~> 1.2)
       benchmark
       bundler (~> 2.0)
@@ -426,15 +443,16 @@ GEM
       actionpack (>= 5.2)
       activesupport (>= 5.2)
       sprockets (>= 3.0.0)
-    sqlite3 (1.6.7)
+    sqlite3 (1.7.2)
       mini_portile2 (~> 2.8.0)
-    sqlite3 (1.6.7-arm64-darwin)
+    sqlite3 (1.7.2-arm64-darwin)
-    sqlite3 (1.6.7-x86_64-linux)
+    sqlite3 (1.7.2-x86_64-linux)
-    stimulus-rails (1.3.0)
+    stimulus-rails (1.3.3)
       railties (>= 6.0.0)
+    stringio (3.1.0)
     thor (1.3.0)
     tilt (2.3.0)
-    timeout (0.4.0)
+    timeout (0.4.1)
     turbo-rails (1.5.0)
       actionpack (>= 6.0.0)
       activejob (>= 6.0.0)
@@ -442,7 +460,8 @@ GEM
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
     unicode-display_width (2.5.0)
-    view_component (3.6.0)
+    uri (0.13.0)
+    view_component (3.10.0)
       activesupport (>= 5.2.0, < 8.0)
       concurrent-ruby (~> 1.0)
       method_source (~> 1.0)
@@ -457,6 +476,7 @@ GEM
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
+    webrick (1.8.1)
     websocket-driver (0.7.6)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
@@ -472,8 +492,7 @@ PLATFORMS
 
 DEPENDENCIES
   aws-sdk-s3
-  bcrypt (~> 3.1.7)
+  bcrypt (~> 3.1)
-  byebug (~> 11.1)
   capybara
   cssbundling-rails
   database_cleaner
@@ -496,13 +515,13 @@ DEPENDENCIES
   listen (~> 3.2)
   lnurl
   lockbox
-  manifique!
+  manifique
   net-ldap
-  nostr!
+  nostr
   pagy (~> 6.0, >= 6.0.2)
-  pg (~> 1.2.3)
+  pg (~> 1.5)
   puma (~> 4.1)
-  rails (~> 7.0.2)
+  rails (~> 7.1)
   rails-controller-testing
   rails-settings-cached (~> 2.8.3)
   rqrcode (~> 2.0)
@@ -513,14 +532,14 @@ DEPENDENCIES
   sidekiq-scheduler
   solargraph
   sprockets-rails
-  sqlite3 (~> 1.4)
+  sqlite3 (~> 1.7.2)
   stimulus-rails
   turbo-rails
   tzinfo-data
   view_component
   warden
-  web-console (>= 3.3.0)
+  web-console (~> 4.2)
   webmock
 
 BUNDLED WITH
-   2.3.7
+   2.5.5

README.md

@@ -14,8 +14,10 @@ so:
 
 1. Make sure [Docker Compose is installed][1] and Docker is running (included in
    Docker Desktop)
-3. Run `docker compose up` and wait until 389ds announces its successful start
+3. Run `docker compose up --build` and wait until all services have started
-   in the log output
+   (389ds might take an extra minute to be ready). This will take a while when
+   running for the first time, so you might want to do something else in the
+   meantime.
 4. `docker-compose exec ldap dsconf localhost backend create --suffix="dc=kosmos,dc=org" --be-name="dev"`
 5. `docker compose run web rails ldap:setup`
 6. `docker compose run web rails db:setup`
@@ -28,38 +30,44 @@ have the password "user is user".
 
 ### Rails app
 
+_Note: when using Docker Compose, prefix the following commands with `docker-compose
+run web`._
+
 Installing dependencies:
 
     bundle install
     yarn install
 
-Setting up local database (SQLite):
+Migrating the local database (after schema changes):
 
-    bundle exec rails db:create
     bundle exec rails db:migrate
 
-Running the dev server and auto-building CSS files on change:
+Running the dev server, and auto-building CSS files on change _(automatic with Docker Compose)_:
 
     bin/dev
 
-Running the background workers (requires Redis):
+Running the background workers (requires Redis) _(automatic with Docker Compose)_:
 
     bundle exec sidekiq -C config/sidekiq.yml
 
-Running all specs:
+Running the test suite:
 
     bundle exec rspec
 
-### Docker (Compose)
+Running the test suite with Docker Compose requires overriding the Rails
+environment:
 
-There is a working Docker Compose config file, which define a number of services including
+    docker-compose run -e "RAILS_ENV=test" web rspec
-an app server for Rails as well as a local 389ds (LDAP) server.
 
-For Rails developers, you probably just want to start the LDAP server: `docker-compose up ldap`, 
+### Docker Compose
-listening on port 389 on your machine. 
 
-You can pick and choose your services adding them by name (listed in `docker-compose.yml`) at 
+Services/containers are configured in `docker-compose.yml`.
-the end of the docker compose command. eg. `docker compose up ldap redis`
+
+You can run services selectively, for example if you want to run the Rails app
+and test suite on the host machine. Just add the service names of the
+containers you want to run to the `up` command, like so:
+
+    docker-compose up ldap redis
 
 #### LDAP server
 
@@ -76,13 +84,15 @@ Now you can seed the back-end with data using this Rails task:
 The setup task will first delete any existing entries in the directory tree
 ("dc=kosmos,dc=org"), and then create our development entries.
 
-Note that all 389ds data is stored in `tmp/389ds`. So if you want to start over
+Note that all 389ds data is stored in the `389ds-data` volume. So if you want
-with a fresh installation, delete both that directory as well as the container.
+to start over with a fresh installation, delete both that volume as well as the
+container.
 
-#### Minio / RS
+#### Minio / remoteStorage
 
 If you want to run remoteStorage accounts locally, you will have to create the
-respective bucket first:
+respective bucket first. With the `minio` container running (run by default
+when using Docker Compose), follow these steps:
 
 * `docker compose up web redis minio liquor-cabinet`
 * Head to http://localhost:9001 and log in with user `minioadmin`, password

app/components/app_catalog/web_app_icon_component.html.erb

@@ -0,0 +1,5 @@
+<% if @image_url %>
+  <%= image_tag @image_url, class: "h-full w-full" %>
+<% else %>
+  <%= render partial: "icons/remotestorage", locals: { custom_class: "h-full w-full p-0.5 text-gray-200" } %>
+<% end %>

app/components/app_catalog/web_app_icon_component.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module AppCatalog
+  class WebAppIconComponent < ViewComponent::Base
+    def initialize(web_app:)
+      if web_app&.icon&.attached?
+        @image_url = image_url_for(web_app.icon)
+      elsif web_app&.apple_touch_icon&.attached?
+        @image_url = image_url_for(web_app.apple_touch_icon)
+      end
+    end
+
+    def image_url_for(attachment)
+      if Setting.s3_enabled?
+        s3_image_url(attachment)
+      else
+        Rails.application.routes.url_helpers.rails_blob_path(attachment, only_path: true)
+      end
+    end
+  end
+end

app/components/dropdown_component.html.erb

@@ -2,13 +2,21 @@
   <div class="relative inline-block">
     <div role="button" tabindex="0" data-dropdown-target="button"
          class="inline-block select-none">
+      <% if @size == :large %>
       <span class="appearance-none flex items-center inline-block">
         <span class="p-2 bg-gray-50 hover:bg-gray-100 rounded-full">
-          <%= render partial: "icons/kebab-menu", locals: {
+          <%= render partial: "icons/#{@icon_name}",
-                     custom_class: "inline text-gray-500 h-6 w-6"
+                     locals: { custom_class: "inline text-gray-500 h-6 w-6" } %>
-          } %>
         </span>
       </span>
+      <% elsif @size == :small %>
+      <span class="appearance-none flex items-center inline-block">
+        <span class="text-gray-500 hover:text-blue-600">
+          <%= render partial: "icons/#{@icon_name}",
+                     locals: { custom_class: "inline h-4 w-4" } %>
+        </span>
+      </span>
+      <% end %>
     </div>
     <div data-dropdown-target="menu"
          data-transition-enter="transition ease-out duration-200"

app/components/dropdown_component.rb

@@ -1,5 +1,8 @@
 # frozen_string_literal: true
 
 class DropdownComponent < ViewComponent::Base
-
+  def initialize(size: :large, icon_name: "kebap-menu")
+    @size = size.to_sym
+    @icon_name = icon_name
+  end
 end

app/components/form_elements/fieldset_toggle_component.html.erb

@@ -5,7 +5,9 @@
       } : nil do %>
   <div class="flex flex-col">
     <label class="font-bold mb-1"><%= @title %></label>
+    <% if @description.present? %>
     <p class="text-gray-500"><%= @descripton %></p>
+    <% end %>
   </div>
   <div class="relative ml-4 inline-flex flex-shrink-0">
     <%= render FormElements::ToggleComponent.new(

app/components/form_elements/fieldset_toggle_component.rb

@@ -3,7 +3,7 @@
 module FormElements
   class FieldsetToggleComponent < ViewComponent::Base
     def initialize(tag: "li", form: nil, attribute: nil, field_name: nil,
-                   enabled: false, input_enabled: true, title:, description:)
+                   enabled: false, input_enabled: true, title:, description: nil)
       @tag = tag
       @form = form
       @attribute = attribute

app/components/modal_component.html.erb

@@ -18,9 +18,11 @@
       <div class="m-1 bg-white rounded shadow">
         <div class="p-8">
           <%= content %>
+          <% if @show_close_button %>
           <div class="flex justify-end items-center flex-wrap mt-6">
             <button class="btn-md btn-blue" data-action="click->modal#close:prevent">Close</button>
           </div>
+          <% end %>
         </div>
       </div>
     </div>

app/components/modal_component.rb

@@ -1,2 +1,5 @@
 class ModalComponent < ViewComponent::Base
+  def initialize(show_close_button: true)
+    @show_close_button = show_close_button
+  end
 end

app/components/rs_auth_component.html.erb

@@ -1,10 +1,10 @@
 <div class="flex items-center gap-4">
   <div class="h-16 w-16 flex-none">
-    <%= image_tag s3_image_url(@web_app.icon), class: "h-full w-full" %>
+    <%= render AppCatalog::WebAppIconComponent.new(web_app: @web_app) %>
   </div>
   <div class="flex-grow">
     <h4 class="mb-1 text-lg font-bold">
-      <%= @web_app.name %>
+      <%= @web_app&.name || @auth.app_name %>
     </h4>
     <p class="text-sm text-gray-500">
       <%= @auth.client_id %>

app/controllers/admin/settings/registrations_controller.rb

@@ -1,8 +1,8 @@
 class Admin::Settings::RegistrationsController < Admin::SettingsController
-  def index
+  def show
   end
 
-  def create
+  def update
     update_settings
 
     redirect_to admin_settings_registrations_path, flash: {

app/controllers/admin/settings/services_controller.rb

@@ -1,19 +1,32 @@
 class Admin::Settings::ServicesController < Admin::SettingsController
-  def index
+  before_action :set_service, only: [:show, :update]
-    @service = params[:s]
 
-    if @service.blank?
+  def index
-      redirect_to admin_settings_services_path(params: { s: "btcpay" })
+    redirect_to admin_settings_service_path("btcpay")
-    end
   end
 
-  def create
+  def show
-    service = params.require(:service)
+  end
 
+  def update
     update_settings
 
-    redirect_to admin_settings_services_path(params: { s: service }), flash: {
+    redirect_to admin_settings_service_path(@service), flash: {
       success: "Settings saved"
     }
   end
+
+  private
+
+    def set_subsection
+      @subsection = "services"
+    end
+
+    def set_service
+      @service = params[:service]
+
+      if @service.blank?
+        redirect_to admin_settings_services_path and return
+      end
+    end
 end

app/controllers/admin/settings_controller.rb

@@ -20,7 +20,7 @@ class Admin::SettingsController < Admin::BaseController
     end
 
     if @errors.any?
-      render :index and return
+      render :show and return
     end
 
     changed_keys.each do |key|

app/controllers/admin/users_controller.rb

@@ -1,11 +1,11 @@
 class Admin::UsersController < Admin::BaseController
-  before_action :set_user, only: [:show]
+  before_action :set_user, except: [:index]
   before_action :set_current_section
 
+  # GET /admin/users
   def index
     ldap   = LdapService.new
-    @ou    = params[:ou] || Setting.primary_domain
+    @ou    = Setting.primary_domain
-    @orgs  = ldap.fetch_organizations
     @pagy, @users = pagy(User.where(ou: @ou).order(cn: :asc))
 
     @stats = {
@@ -14,6 +14,7 @@ class Admin::UsersController < Admin::BaseController
     }
   end
 
+  # GET /admin/users/:username
   def show
     if Setting.lndhub_admin_enabled?
       @lndhub_user = @user.lndhub_user
@@ -21,14 +22,38 @@ class Admin::UsersController < Admin::BaseController
 
     @services_enabled = @user.services_enabled
 
-    @avatar = LdapManager::FetchAvatar.call(cn: @user.cn, ou: @user.ou)
+    @avatar = LdapManager::FetchAvatar.call(cn: @user.cn)
+  end
+
+  # POST /admin/users/:username/invitations
+  def create_invitations
+    amount = params[:amount].to_i
+    notify_user = ActiveRecord::Type::Boolean.new.cast(params[:notify_user])
+
+    CreateInvitations.call(user: @user, amount: amount, notify: notify_user)
+
+    redirect_to admin_user_path(@user.cn), flash: {
+      success: "Added #{amount} invitations to #{@user.cn}'s account"
+    }
+  end
+
+  # DELETE /admin/users/:username/invitations
+  def delete_invitations
+    invitations = @user.invitations.unused
+    amount = invitations.count
+
+    invitations.destroy_all
+
+    redirect_to admin_user_path(@user.cn), flash: {
+      success: "Removed #{amount} invitations from #{@user.cn}'s account"
+    }
   end
 
   private
 
   def set_user
-    address = params[:address].split("@")
+    @user = User.find_by(cn: params[:username], ou: Setting.primary_domain)
-    @user = User.where(cn: address.first, ou: address.last).first
+    http_status :not_found unless @user
   end
 
   def set_current_section

app/controllers/lnurlpay_controller.rb

@@ -34,8 +34,8 @@ class LnurlpayController < ApplicationController
 
   def invoice
     amount = params[:amount].to_i / 1000 # msats
-    address = params[:address]
     comment = params[:comment] || ""
+    address = @user.address
 
     if !valid_amount?(amount)
       render json: { status: "ERROR", reason: "Invalid amount" }

app/controllers/settings_controller.rb

@@ -24,11 +24,11 @@ class SettingsController < ApplicationController
 
     if @user.save
       if @user.display_name && (@user.display_name != @user.ldap_entry[:display_name])
-        LdapManager::UpdateDisplayName.call(@user.dn, @user.display_name)
+        LdapManager::UpdateDisplayName.call(dn: @user.dn, display_name: @user.display_name)
       end
 
       if @user.avatar_new.present?
-        LdapManager::UpdateAvatar.call(@user.dn, @user.avatar_new)
+        LdapManager::UpdateAvatar.call(dn: @user.dn, file: @user.avatar_new)
       end
 
       redirect_to setting_path(@settings_section), flash: {
@@ -64,10 +64,10 @@ class SettingsController < ApplicationController
       @user.current_password = nil
       session[:new_email_password] = generate_email_password
       hashed_password = hash_email_password(session[:new_email_password])
-      LdapManager::UpdateEmailPassword.call(@user.dn, hashed_password)
+      LdapManager::UpdateEmailPassword.call(dn: @user.dn, password_hash: hashed_password)
 
       if @user.ldap_entry[:email_maildrop] != @user.address
-        LdapManager::UpdateEmailMaildrop.call(@user.dn, @user.address)
+        LdapManager::UpdateEmailMaildrop.call(dn: @user.dn, address: @user.address)
       end
 
       redirect_to new_password_services_email_path
@@ -88,8 +88,8 @@ class SettingsController < ApplicationController
 
   def set_nostr_pubkey
     signed_event = nostr_event_params[:signed_event].to_h.symbolize_keys
-    is_valid_id  = NostrManager::ValidateId.call(signed_event)
+    is_valid_id  = NostrManager::ValidateId.call(event: signed_event)
-    is_valid_sig = NostrManager::VerifySignature.call(signed_event)
+    is_valid_sig = NostrManager::VerifySignature.call(event: signed_event)
     is_correct_content = signed_event[:content] == "Connect my public key to #{current_user.address} (confirmation #{session[:shared_secret]})"
 
     unless is_valid_id && is_valid_sig && is_correct_content

app/controllers/signup_controller.rb

@@ -96,13 +96,13 @@ class SignupController < ApplicationController
     session[:new_user] = nil
     session[:validation_error] = nil
 
-    CreateAccount.call(
+    CreateAccount.call(account: {
       username: @user.cn,
       domain: Setting.primary_domain,
       email: @user.email,
       password: @user.password,
       invitation: @invitation
-    )
+    })
   end
 
   def set_context

app/mailers/notification_mailer.rb

@@ -17,4 +17,10 @@ class NotificationMailer < ApplicationMailer
     @subject = "New app connected to your storage"
     mail to: @user.email, subject: @subject
   end
+
+  def new_invitations_available
+    @user = params[:user]
+    @subject = "New invitations added to your account"
+    mail to: @user.email, subject: @subject
+  end
 end

app/models/app_catalog/web_app.rb

@@ -1,7 +1,7 @@
 class AppCatalog::WebApp < ApplicationRecord
   store :metadata, coder: JSON
 
-  has_many :remote_storage_authorizations
+  has_many :remote_storage_authorizations, dependent: :destroy
 
   has_one_attached :icon
   has_one_attached :apple_touch_icon
@@ -11,6 +11,6 @@ class AppCatalog::WebApp < ApplicationRecord
                   if: Proc.new { |a| a.url.present? }
 
   def update_metadata
-    AppCatalogManager::UpdateMetadata.call(self)
+    AppCatalogManager::UpdateMetadata.call(app: self)
   end
 end

app/models/setting.rb

@@ -15,6 +15,9 @@ class Setting < RailsSettings::Base
   field :redis_url, type: :string,
     default: ENV["REDIS_URL"] || "redis://localhost:6379/0"
 
+  field :s3_enabled, type: :boolean,
+    default: ENV["S3_ENABLED"] && ENV["S3_ENABLED"].to_s != "false"
+
   #
   # Registrations
   #

app/models/user.rb

@@ -7,7 +7,7 @@ class User < ApplicationRecord
   attr_accessor :avatar_new
   attr_accessor :current_password
 
-  serialize :preferences, UserPreferences
+  serialize :preferences, coder: UserPreferences
 
   #
   # Relations
@@ -92,7 +92,7 @@ class User < ApplicationRecord
   def devise_after_confirmation
     if ldap_entry[:mail] != self.email
       # E-Mail update confirmed
-      LdapManager::UpdateEmail.call(self.dn, self.email)
+      LdapManager::UpdateEmail.call(dn: self.dn, address: self.email)
     else
       # E-Mail from signup confirmed (i.e. account activation)
 
@@ -164,7 +164,7 @@ class User < ApplicationRecord
   end
 
   def avatar
-    @avatar_base64 ||= LdapManager::FetchAvatar.call(cn: cn, ou: ou)
+    @avatar_base64 ||= LdapManager::FetchAvatar.call(cn: cn)
   end
 
   def services_enabled

app/services/app_catalog_manager/update_metadata.rb

@@ -3,7 +3,7 @@ require "down"
 
 module AppCatalogManager
   class UpdateMetadata < AppCatalogManagerService
-    def initialize(app)
+    def initialize(app:)
       @app = app
     end
 
@@ -18,6 +18,10 @@ module AppCatalogManager
         @app.metadata[prop] = metadata.send(prop) if prop
       end
 
+      @app.save!
+
+      # TODO move icon downloads to separate, async job
+
       if icon = metadata.select_icon(sizes: "256x256") ||
          icon = metadata.select_icon(sizes: "192x192")
         attach_remote_image(:icon, icon)
@@ -27,8 +31,6 @@ module AppCatalogManager
       if apple_touch_icon = metadata.select_icon(purpose: "apple-touch-icon")
         attach_remote_image(:apple_touch_icon, apple_touch_icon)
       end
-
-      @app.save!
     rescue Manifique::Error => e
       msg = "Fetching web app manifest failed for #{e.url}: #{e.type}"
       Rails.logger.warn(msg)
@@ -42,11 +44,20 @@ module AppCatalogManager
       else
         download_url = "#{@app.url}/#{icon["src"].gsub(/^\//,'')}"
       end
-      filename = "#{attachment_name}.png"
+      filename = "#{attachment_name}-#{Time.now.to_i}.png"
-      key = "web_apps/#{@app.id}/icons/#{attachment_name}.png"
+      key = "web_apps/#{@app.id}/icons/#{filename}"
 
-      tempfile = Down.download(download_url)
+      begin
-      @app.send(attachment_name).attach(key: key, io: tempfile, filename: filename)
+        tempfile = Down.download(download_url)
+        @app.send(attachment_name).attach(key: key, io: tempfile, filename: filename)
+      rescue Down::NotFound
+        msg = "Download of \"#{attachment_name}\" failed: NotFound error for #{download_url}"
+        Rails.logger.warn(msg)
+        Sentry.capture_message(msg)
+      rescue => e
+        Rails.logger.warn "Saving attachment \"#{attachment_name}\" failed: \"#{e.message}\""
+        Sentry.capture_exception(e) if Setting.sentry_enabled?
+      end
     end
   end
 end

app/services/application_service.rb

@@ -1,7 +1,7 @@
 class ApplicationService
   # This enables executing a service's `#call` method directly via
   # `MyService.call(args)`, without creating a class instance it first.
-  def self.call(*args, &block)
+  def self.call(**args, &block)
-    new(*args, &block).call
+    new(**args, &block).call
   end
 end

app/services/create_account.rb

@@ -1,11 +1,11 @@
 class CreateAccount < ApplicationService
-  def initialize(args)
+  def initialize(account:)
-    @username   = args[:username]
+    @username   = account[:username]
-    @domain     = args[:ou] || Setting.primary_domain
+    @domain     = account[:ou] || Setting.primary_domain
-    @email      = args[:email]
+    @email      = account[:email]
-    @password   = args[:password]
+    @password   = account[:password]
-    @invitation = args[:invitation]
+    @invitation = account[:invitation]
-    @confirmed  = args[:confirmed]
+    @confirmed  = account[:confirmed]
   end
 
   def call

app/services/create_invitations.rb

@@ -0,0 +1,17 @@
+class CreateInvitations < ApplicationService
+  def initialize(user:, amount:, notify: true)
+    @user = user
+    @amount = amount
+    @notify = notify
+  end
+
+  def call
+    @amount.times do
+      Invitation.create(user: @user)
+    end
+
+    if @notify
+      NotificationMailer.with(user: @user).new_invitations_available.deliver_later
+    end
+  end
+end

app/services/ldap_manager/fetch_avatar.rb

@@ -1,12 +1,11 @@
 module LdapManager
   class FetchAvatar < LdapManagerService
-    def initialize(cn:, ou: nil)
+    def initialize(cn:)
       @cn = cn
-      @ou = ou
     end
 
     def call
-      treebase   = @ou ? "ou=#{@ou},cn=users,#{suffix}" : ldap_config["base"]
+      treebase   = ldap_config["base"]
       attributes = %w{ jpegPhoto }
       filter     = Net::LDAP::Filter.eq("cn", @cn)
 

app/services/ldap_manager/update_avatar.rb

@@ -2,7 +2,7 @@ require "image_processing/vips"
 
 module LdapManager
   class UpdateAvatar < LdapManagerService
-    def initialize(dn, file)
+    def initialize(dn:, file:)
       @dn = dn
       @img_data = process(file)
     end

app/services/ldap_manager/update_display_name.rb

@@ -1,6 +1,6 @@
 module LdapManager
   class UpdateDisplayName < LdapManagerService
-    def initialize(dn, display_name)
+    def initialize(dn:, display_name:)
       @dn = dn
       @display_name = display_name
     end

app/services/ldap_manager/update_email.rb

@@ -1,6 +1,6 @@
 module LdapManager
   class UpdateEmail < LdapManagerService
-    def initialize(dn, address)
+    def initialize(dn:, address:)
       @dn = dn
       @address = address
     end

app/services/ldap_manager/update_email_maildrop.rb

@@ -1,6 +1,6 @@
 module LdapManager
   class UpdateEmailMaildrop < LdapManagerService
-    def initialize(dn, address)
+    def initialize(dn:, address:)
       @dn = dn
       @address = address
     end

app/services/ldap_manager/update_email_password.rb

@@ -1,6 +1,6 @@
 module LdapManager
   class UpdateEmailPassword < LdapManagerService
-    def initialize(dn, password_hash)
+    def initialize(dn:, password_hash:)
       @dn = dn
       @password_hash = password_hash
     end

app/services/nostr_manager/validate_id.rb

@@ -1,6 +1,6 @@
 module NostrManager
   class ValidateId < NostrManagerService
-    def initialize(event)
+    def initialize(event:)
       @event = Nostr::Event.new(**event)
     end
 

app/services/nostr_manager/verify_signature.rb

@@ -1,6 +1,6 @@
 module NostrManager
   class VerifySignature < NostrManagerService
-    def initialize(event)
+    def initialize(event:)
       @event = Nostr::Event.new(**event)
     end
 

app/views/admin/settings/registrations/show.html.erb

@@ -1,7 +1,7 @@
 <%= render HeaderComponent.new(title: "Settings") %>
 
 <%= render MainWithSidenavComponent.new(sidenav_partial: 'shared/admin_sidenav_settings') do %>
-  <%= form_for(Setting.new, url: admin_settings_registrations_path) do |f| %>
+  <%= form_for(Setting.new, url: admin_settings_registrations_path, method: :put) do |f| %>
     <section>
       <h3>Registrations</h3>
 

app/views/admin/settings/services/show.html.erb

@@ -1,9 +1,7 @@
 <%= render HeaderComponent.new(title: "Settings") %>
 
 <%= render MainWithSidenavComponent.new(sidenav_partial: 'shared/admin_sidenav_settings') do %>
-  <%= form_for(Setting.new, url: admin_settings_services_path) do |f| %>
+  <%= form_for(Setting.new, url: admin_settings_service_path(@service), method: :put) do |f| %>
-    <%= hidden_field_tag :service, @service %>
-
     <% if @errors && @errors.any? %>
       <section>
         <%= render partial: "admin/settings/errors", locals: { errors: @errors } %>

app/views/admin/users/_create_invitations.html.erb

@@ -0,0 +1,21 @@
+<h3>Add new invitations to <%= @user.cn %>'s account</h3>
+<%= form_with(url: invitations_admin_user_path, method: :post) do |form| %>
+  <ul role="list">
+    <%= render FormElements::FieldsetComponent.new(
+      positioning: :horizontal,
+      title: "Amount"
+    ) do %>
+      <%= form.select :amount, options_for_select([
+        ["3", "3"], ["5", "5"], ["10", "10"], ["20", "20"]
+      ]) %>
+    <% end %>
+    <%= render FormElements::FieldsetToggleComponent.new(
+      field_name: "notify_user",
+      enabled: true,
+      title: "Notify user via email"
+    ) %>
+  </ul>
+  <p class="pt-6 border-t border-gray-200 text-right">
+    <%= form.submit 'Add', class: "btn-md btn-blue w-full" %>
+  </p>
+<% end %>

app/views/admin/users/index.html.erb

@@ -1,4 +1,4 @@
-<%= render HeaderComponent.new(title: "Users: #{@ou}") %>
+<%= render HeaderComponent.new(title: "Users") %>
 
 <%= render MainSimpleComponent.new do %>
   <section>
@@ -16,19 +16,6 @@
     <% end %>
   </section>
 
-  <% if @orgs.length > 1 %>
-    <section>
-      <h3 class="hidden">Domains</h3>
-      <ul>
-        <% @orgs.each do |org| %>
-          <li class="inline-block">
-            <%= link_to org[:ou], admin_users_path(ou: org[:ou]), class: "ks-text-link" %>
-          </li>
-        <% end %>
-      </ul>
-    </section>
-  <% end %>
-
   <section>
     <table class="divided mb-8">
       <thead>
@@ -36,13 +23,12 @@
           <th>UID</th>
           <th>Status</th>
           <th>Roles</th>
-          <!-- <th>Password</th> -->
         </tr>
       </thead>
       <tbody>
         <% @users.each do |user| %>
         <tr>
-          <td><%= link_to(user.cn, admin_user_path(user.address), class: 'ks-text-link') %></td>
+          <td><%= link_to(user.cn, admin_user_path(user.cn), class: 'ks-text-link') %></td>
           <td><%= user.confirmed_at.nil? ? badge("pending", :yellow) : "" %></td>
           <td><%= user.is_admin? ? badge("admin", :red) : "" %></td>
         </tr>

app/views/admin/users/show.html.erb

@@ -1,4 +1,4 @@
-<%= render HeaderComponent.new(title: "User: #{@user.address}") %>
+<%= render HeaderComponent.new(title: "User: #{@user.cn}") %>
 
 <%= render MainSimpleComponent.new do %>
   <div class="mb-12 sm:flex sm:flex-row sm:gap-x-8">
@@ -42,8 +42,34 @@
           </tr>
           <tr>
             <th>Invitations available</th>
-            <td>
+            <td data-controller="modal" data-action="keydown.esc->modal#close">
-              <%= @user.invitations.count %>
+              <div class="flex justify-between">
+                <span>
+                  <%= @user.invitations.count %>
+                </span>
+                <span>
+                  <button id="add-invitations" data-action="click->modal#open">
+                    <%= render partial: "icons/plus-circle", locals: {
+                      custom_class: "text-green-600 hover:text-green-500 -mt-2 -mb-1 h-6 w-6 inline-block"
+                    } %>
+                  </button>
+                  <% if @user.invitations.unused.count > 0 %>
+                    <%= link_to invitations_admin_user_path(@user.cn),
+                      id: "remove-invitations", data: {
+                      turbo_method: :delete,
+                      turbo_confirm: "Delete all of #{@user.cn}'s available invitations?"
+                    } do %>
+                      <%= render partial: "icons/x-circle", locals: {
+                        custom_class: "text-red-600 hover:text-red-500 -mt-2 -mb-1 h-6 w-6 inline-block"
+                      } %>
+                    <% end %>
+                  <% end %>
+                </span>
+              </div>
+              <%= render ModalComponent.new(show_close_button: false) do %>
+                <%= render partial: "admin/users/create_invitations",
+                           locals: { user: @user } %>
+              <% end %>
             </td>
           </tr>
           <tr>

app/views/devise/sessions/new.html.erb

@@ -1,6 +1,7 @@
 <%
   # TODO remove when https://github.com/hotwired/turbo/issues/203 is fixed
-  enable_turbo = !session[:user_return_to] || !session[:user_return_to].match?('/discourse/connect')
+  enable_turbo = session[:user_return_to].blank? ||
+    ['/discourse/connect', '/rs/oauth'].none? { |s| session[:user_return_to].match(s) }
 %>
 
 <%= render HeaderCompactComponent.new(title: "Log in") %>

app/views/icons/_plus-circle.html.erb

@@ -1 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-plus-circle"><circle cx="12" cy="12" r="10"></circle><line x1="12" y1="8" x2="12" y2="16"></line><line x1="8" y1="12" x2="16" y2="12"></line></svg>
+<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-plus-circle <%= custom_class %>"><circle cx="12" cy="12" r="10"></circle><line x1="12" y1="8" x2="12" y2="16"></line><line x1="8" y1="12" x2="16" y2="12"></line></svg>

app/views/icons/_remotestorage.html.erb

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<svg width="24" height="24" class="<%= custom_class %>" clip-rule="evenodd" fill-rule="evenodd" image-rendering="optimizeQuality" shape-rendering="geometricPrecision" text-rendering="geometricPrecision" version="1.1" viewBox="0 0 250 249.9" xml:space="preserve" xmlns="http://www.w3.org/2000/svg">
+<svg width="24" height="24" class="icon-remotestorage <%= custom_class %>" clip-rule="evenodd" fill-rule="evenodd" image-rendering="optimizeQuality" shape-rendering="geometricPrecision" text-rendering="geometricPrecision" version="1.1" viewBox="0 0 250 249.9" xml:space="preserve" xmlns="http://www.w3.org/2000/svg">
  <g transform="translate(-66.822 -.16484)">
   <polygon id="polygon1" fill="currentColor" transform="matrix(.29308 0 0 .29308 83.528 -.028385)" points="228 181 370 100 511 181 652 263 370 425 87 263 87 263 0 213 0 213 0 311 0 378 0 427 0 476 86 525 185 582 370 689 554 582 653 525 653 590 653 592 370 754 0 542 0 640 185 747 370 853 554 747 739 640 739 525 739 476 739 427 739 378 653 427 370 589 86 427 86 361 185 418 370 524 554 418 653 361 739 311 739 213 554 107 370 0 185 107 58 180 144 230"/>
  </g>

app/views/icons/_x-circle.html.erb

@@ -1 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-x-circle"><circle cx="12" cy="12" r="10"></circle><line x1="15" y1="9" x2="9" y2="15"></line><line x1="9" y1="9" x2="15" y2="15"></line></svg>
+<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-x-circle <%= custom_class %>"><circle cx="12" cy="12" r="10"></circle><line x1="15" y1="9" x2="9" y2="15"></line><line x1="9" y1="9" x2="15" y2="15"></line></svg>

app/views/layouts/application.html.erb

@@ -77,7 +77,7 @@
             </div>
             <div class="pt-4 pb-3 border-t border-gray-200/10">
               <div class="px-5 text-base font-normal text-white">
-                <%= current_user.address %></strong>
+                <%= current_user.address %>
               </div>
               <div class="mt-3 px-2 space-y-1">
                 <%= link_to "Log out", destroy_user_session_path,

app/views/notification_mailer/new_invitations_available.text.erb

@@ -0,0 +1,11 @@
+Hi <%= @user.display_name.presence || @user.cn %>,
+
+New invitations have just been added to your Kosmos account, so you can invite more people to our cooperative services:
+
+<%= invitations_url %>
+
+Have a nice day!
+
+---
+
+Tip: if you want to invite someone you're meeting in person, log into your account panel on a mobile device and let people scan the invitation QR code from theirs.

app/views/settings/_profile.html.erb

@@ -31,6 +31,7 @@
       <% end %>
     <% end %>
 
+    <% if Flipper.enabled?(:avatar_upload, current_user) %>
     <label class="block">
       <p class="font-bold mb-1">
         Avatar
@@ -56,6 +57,7 @@
         </div>
       </div>
     </label>
+    <% end %>
 
     <p class="mt-8 pt-6 border-t border-gray-200 text-right">
       <%= f.submit 'Save', class: "btn-md btn-blue w-full md:w-auto" %>

app/views/shared/_admin_sidenav_settings.html.erb

@@ -4,9 +4,9 @@
 ) %>
 <%= render SidenavLinkComponent.new(
   name: "Services", path: admin_settings_services_path, icon: "grid",
-  active: current_page?(admin_settings_services_path)
+  active: controller_name == "services"
 ) %>
-<% if current_page?(admin_settings_services_path) %>
+<% if controller_name == "services" %>
   <%= render partial: "shared/admin_sidenav_settings_services"  %>
 <% end %>
 <%= render SidenavLinkComponent.new(

app/views/shared/_admin_sidenav_settings_services.html.erb

@@ -1,77 +1,77 @@
 <%= render SidenavLinkComponent.new(
   level: 2,
   name: "BTCPay",
-  path: admin_settings_services_path(params: { s: "btcpay" }),
+  path: admin_settings_service_path("btcpay"),
   text_icon: Setting.btcpay_enabled? ? "◉" : "○",
-  active: current_page?(admin_settings_services_path(params: { s: "btcpay" })),
+  active: current_page?(admin_settings_service_path("btcpay")),
 ) %>
 <%= render SidenavLinkComponent.new(
   level: 2,
   name: "Discourse",
-  path: admin_settings_services_path(params: { s: "discourse" }),
+  path: admin_settings_service_path("discourse"),
   text_icon: Setting.discourse_enabled? ? "◉" : "○",
-  active: current_page?(admin_settings_services_path(params: { s: "discourse" })),
+  active: current_page?(admin_settings_service_path("discourse")),
 ) %>
 <%= render SidenavLinkComponent.new(
   level: 2,
   name: "Drone CI",
-  path: admin_settings_services_path(params: { s: "droneci" }),
+  path: admin_settings_service_path("droneci"),
   text_icon: Setting.droneci_enabled? ? "◉" : "○",
-  active: current_page?(admin_settings_services_path(params: { s: "droneci" })),
+  active: current_page?(admin_settings_service_path("droneci")),
 ) %>
 <%= render SidenavLinkComponent.new(
   level: 2,
   name: "E-Mail",
-  path: admin_settings_services_path(params: { s: "email" }),
+  path: admin_settings_service_path("email"),
   text_icon: Setting.email_enabled? ? "◉" : "○",
   active: current_page?(admin_settings_services_path(params: { s: "email" })),
 ) %>
 <%= render SidenavLinkComponent.new(
   level: 2,
   name: "ejabberd",
-  path: admin_settings_services_path(params: { s: "ejabberd" }),
+  path: admin_settings_service_path("ejabberd"),
   text_icon: Setting.ejabberd_enabled? ? "◉" : "○",
-  active: current_page?(admin_settings_services_path(params: { s: "ejabberd" })),
+  active: current_page?(admin_settings_service_path("ejabberd")),
 ) %>
 <%= render SidenavLinkComponent.new(
   level: 2,
   name: "Gitea",
-  path: admin_settings_services_path(params: { s: "gitea" }),
+  path: admin_settings_service_path("gitea"),
   text_icon: Setting.gitea_enabled? ? "◉" : "○",
-  active: current_page?(admin_settings_services_path(params: { s: "gitea" })),
+  active: current_page?(admin_settings_service_path("gitea")),
 ) %>
 <%= render SidenavLinkComponent.new(
   level: 2,
   name: "LNDHub",
-  path: admin_settings_services_path(params: { s: "lndhub" }),
+  path: admin_settings_service_path("lndhub"),
   text_icon: Setting.lndhub_enabled? ? "◉" : "○",
-  active: current_page?(admin_settings_services_path(params: { s: "lndhub" })),
+  active: current_page?(admin_settings_service_path("lndhub")),
 ) %>
 <%= render SidenavLinkComponent.new(
   level: 2,
   name: "Mastodon",
-  path: admin_settings_services_path(params: { s: "mastodon" }),
+  path: admin_settings_service_path("mastodon"),
   text_icon: Setting.mastodon_enabled? ? "◉" : "○",
-  active: current_page?(admin_settings_services_path(params: { s: "mastodon" })),
+  active: current_page?(admin_settings_service_path("mastodon")),
 ) %>
 <%= render SidenavLinkComponent.new(
   level: 2,
   name: "MediaWiki",
-  path: admin_settings_services_path(params: { s: "mediawiki" }),
+  path: admin_settings_service_path("mediawiki"),
   text_icon: Setting.mediawiki_enabled? ? "◉" : "○",
-  active: current_page?(admin_settings_services_path(params: { s: "mediawiki" })),
+  active: current_page?(admin_settings_service_path("mediawiki")),
 ) %>
 <%= render SidenavLinkComponent.new(
   level: 2,
   name: "Nostr",
-  path: admin_settings_services_path(params: { s: "nostr" }),
+  path: admin_settings_service_path("nostr"),
   text_icon: Setting.nostr_enabled? ? "◉" : "○",
-  active: current_page?(admin_settings_services_path(params: { s: "nostr" })),
+  active: current_page?(admin_settings_service_path("nostr")),
 ) %>
 <%= render SidenavLinkComponent.new(
   level: 2,
   name: "RemoteStorage",
-  path: admin_settings_services_path(params: { s: "remotestorage" }),
+  path: admin_settings_service_path("remotestorage"),
   text_icon: Setting.remotestorage_enabled? ? "◉" : "○",
-  active: current_page?(admin_settings_services_path(params: { s: "remotestorage" })),
+  active: current_page?(admin_settings_service_path("remotestorage")),
 ) %>

ci/Dockerfile

@@ -1,4 +1,10 @@
 # syntax=docker/dockerfile:1
-FROM guildeducation/rails:2.7.2-14.20.0
+FROM ruby:3.3.0
 
-RUN apt-get update -qq && apt-get install -y --no-install-recommends ldap-utils libvips
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+RUN apt-get update -qq && apt-get install -y --no-install-recommends curl \
+      ldap-utils tini libvips
+RUN curl -fsSL https://deb.nodesource.com/setup_lts.x | bash -
+RUN apt-get update && apt-get install -y nodejs
+RUN npm install -g yarn

config/application.rb

@@ -42,7 +42,5 @@ module Akkounts
 
     config.active_job.queue_adapter = :sidekiq
     config.action_mailer.deliver_later_queue_name = nil # use "default" queue
-
-    config.active_record.legacy_connection_handling = false
   end
 end

config/environments/development.rb

@@ -69,9 +69,9 @@ Rails.application.configure do
   config.action_mailer.default_url_options = { host: "localhost:3000", protocol: "http" }
 
   # Allow requests from any IP
-  config.web_console.whiny_requests = false
+  config.web_console.permissions = '0.0.0.0/0'
 
-  if ENV["S3_ENABLED"]
+  if ENV["S3_ENABLED"] && ENV["S3_ENABLED"].to_s != "false"
     config.active_storage.service = :s3
   else
     config.active_storage.service = :local

config/environments/production.rb

@@ -110,7 +110,7 @@ Rails.application.configure do
   # Set this to true and configure the email server for immediate delivery to raise delivery errors.
   config.action_mailer.raise_delivery_errors = true
 
-  if ENV["S3_ENABLED"]
+  if ENV["S3_ENABLED"] && ENV["S3_ENABLED"].to_s != "false"
     config.active_storage.service = :s3
   else
     config.active_storage.service = :local

config/environments/test.rb

@@ -26,7 +26,7 @@ Rails.application.configure do
   config.cache_store = :null_store
 
   # Raise exceptions instead of rendering exception templates.
-  config.action_dispatch.show_exceptions = false
+  config.action_dispatch.show_exceptions = :none
 
   # Disable request forgery protection in test environment.
   config.action_controller.allow_forgery_protection = false
@@ -52,10 +52,9 @@ Rails.application.configure do
 
   config.active_job.queue_adapter = :test
 
-  if ENV["S3_ENABLED"]
+  if ENV["S3_ENABLED"] && ENV["S3_ENABLED"].to_s != "false"
     config.active_storage.service = :s3
   else
-    # Store attachments on the local disk (in ./tmp)
+    config.active_storage.service = :local
-    config.active_storage.service = :test
   end
 end

config/initializers/devise.rb

@@ -325,3 +325,10 @@ Devise.setup do |config|
   # changed. Defaults to true, so a user is signed in automatically after changing a password.
   # config.sign_in_after_change_password = true
 end
+
+# https://github.com/heartcombo/devise/issues/5644
+class Devise::SecretKeyFinder
+  def find
+    @application.secret_key_base
+  end
+end

config/routes.rb

@@ -58,7 +58,7 @@ Rails.application.routes.draw do
 
   get '.well-known/webfinger', to: 'webfinger#show'
   get '.well-known/nostr', to: 'well_known#nostr'
-  get '.well-known/lnurlpay/:username', to: 'lnurlpay#index', as: 'lightning_address'
+  get '.well-known/lnurlp/:username', to: 'lnurlpay#index', as: 'lightning_address'
   get '.well-known/keysend/:username', to: 'lnurlpay#keysend', as: 'lightning_address_keysend'
 
   get 'lnurlpay/:username/invoice', to: 'lnurlpay#invoice', as: 'lnurlpay_invoice'
@@ -73,9 +73,19 @@ Rails.application.routes.draw do
   namespace :admin do
     root to: 'dashboard#index'
 
-    resources 'users', param: 'address', only: ['index', 'show'], constraints: { address: /.*/ }
+    resources 'users', param: 'username', only: ['index', 'show'] do
+      member do
+        post 'invitations', to: 'users#create_invitations'
+        delete 'invitations', to: 'users#delete_invitations'
+      end
+    end
+
+    # post 'users/:username/invitations', to: 'users#create_invitations'
+
     get 'invitations', to: 'invitations#index'
+
     resources :donations
+
     get 'lightning', to: 'lightning#index'
 
     namespace :app_catalog do
@@ -83,8 +93,8 @@ Rails.application.routes.draw do
     end
 
     namespace :settings do
-      resources 'registrations', only: ['index', 'create']
+      resource 'registrations', only: ['show', 'update']
-      resources 'services', only: ['index', 'create']
+      resources 'services', param: 'service', only: ['index', 'show', 'update']
     end
   end
 

config/storage.yml

@@ -1,12 +1,12 @@
 local:
   service: Disk
-  root: <%= Rails.root.join("storage") %>
+  root: <%= ENV["ACTIVE_STORAGE_PATH"] || Rails.root.join("storage") %>
 
 test:
   service: Disk
   root: <%= Rails.root.join("tmp/storage") %>
 
-<% if ENV["S3_ENABLED"] %>
+<% if ENV["S3_ENABLED"] && ENV["S3_ENABLED"].to_s != "false" %>
 s3:
   service: S3
   endpoint: <%= ENV["S3_ENDPOINT"] %>

db/migrate/20240207080515_change_flipper_gates_value_to_text.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+class ChangeFlipperGatesValueToText < ActiveRecord::Migration[7.1]
+  def up
+    # Ensure this incremental update migration is idempotent
+    return unless connection.column_exists? :flipper_gates, :value, :string
+
+    if index_exists? :flipper_gates, [:feature_key, :key, :value]
+      remove_index :flipper_gates, [:feature_key, :key, :value]
+    end
+    change_column :flipper_gates, :value, :text
+    add_index :flipper_gates, [:feature_key, :key, :value], unique: true, length: { value: 255 }
+  end
+
+  def down
+    change_column :flipper_gates, :value, :string
+  end
+end

db/schema.rb

@@ -10,12 +10,12 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.0].define(version: 2023_10_24_104909) do
+ActiveRecord::Schema[7.1].define(version: 2024_02_16_124640) do
   create_table "active_storage_attachments", force: :cascade do |t|
     t.string "name", null: false
     t.string "record_type", null: false
-    t.bigint "record_id", null: false
+    t.integer "record_id", null: false
-    t.bigint "blob_id", null: false
+    t.integer "blob_id", null: false
     t.datetime "created_at", null: false
     t.index ["blob_id"], name: "index_active_storage_attachments_on_blob_id"
     t.index ["record_type", "record_id", "name", "blob_id"], name: "index_active_storage_attachments_uniqueness", unique: true
@@ -34,7 +34,7 @@ ActiveRecord::Schema[7.0].define(version: 2023_10_24_104909) do
   end
 
   create_table "active_storage_variant_records", force: :cascade do |t|
-    t.bigint "blob_id", null: false
+    t.integer "blob_id", null: false
     t.string "variation_digest", null: false
     t.index ["blob_id", "variation_digest"], name: "index_active_storage_variant_records_uniqueness", unique: true
   end
@@ -50,12 +50,17 @@ ActiveRecord::Schema[7.0].define(version: 2023_10_24_104909) do
   create_table "donations", force: :cascade do |t|
     t.integer "user_id"
     t.integer "amount_sats"
-    t.integer "amount_eur"
+    t.integer "fiat_amount"
-    t.integer "amount_usd"
     t.string "public_name"
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
     t.datetime "paid_at", precision: nil
+    t.string "fiat_currency", default: "USD"
+    t.string "donation_method"
+    t.string "payment_method"
+    t.string "btcpay_invoice_id"
+    t.string "payment_status"
+    t.index ["payment_status"], name: "index_donations_on_payment_status"
     t.index ["user_id"], name: "index_donations_on_user_id"
   end
 
@@ -69,7 +74,7 @@ ActiveRecord::Schema[7.0].define(version: 2023_10_24_104909) do
   create_table "flipper_gates", force: :cascade do |t|
     t.string "feature_key", null: false
     t.string "key", null: false
-    t.string "value"
+    t.text "value"
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
     t.index ["feature_key", "key", "value"], name: "index_flipper_gates_on_feature_key_and_key_and_value", unique: true

db/seeds.rb

@@ -3,10 +3,10 @@ require 'sidekiq/testing'
 ldap = LdapService.new
 
 Sidekiq::Testing.inline! do
-  CreateAccount.call(
+  CreateAccount.call(account: {
     username: "admin", domain: "kosmos.org", email: "admin@example.com",
     password: "admin is admin", confirmed: true
-  )
+  })
 
   ldap.add_attribute "cn=admin,ou=kosmos.org,cn=users,dc=kosmos,dc=org", :admin, "true"
 
@@ -15,9 +15,9 @@ Sidekiq::Testing.inline! do
     email = Faker::Internet.unique.email
     next if username.length < 3
 
-    CreateAccount.call(
+    CreateAccount.call(account: {
       username: username, domain: "kosmos.org", email: email,
       password: "user is user", confirmed: true
-    )
+    })
   end
 end

docker-compose.yml

@@ -2,7 +2,7 @@ services:
   ldap:
     image: 4teamwork/389ds:latest
     volumes:
-      - ./tmp/389ds:/data
+      - 389ds-data:/data
     networks:
       - external_network
       - internal_network
@@ -16,11 +16,12 @@ services:
     restart: always
     image: redis:7-alpine
     networks:
+      - external_network
       - internal_network
     healthcheck:
       test: ['CMD', 'redis-cli', 'ping']
     volumes:
-      - ./tmp/redis:/data
+      - redis-data:/data
 
   web:
     build: .
@@ -42,8 +43,10 @@ services:
       LDAP_ADMIN_PASSWORD: passthebutter
       LDAP_USE_TLS: "false"
       REDIS_URL: redis://redis:6379/0
+      ACTIVE_STORAGE_PATH: "/akkounts/tmp/attachments"
       RS_REDIS_URL: redis://redis:6379/1
       RS_STORAGE_URL: "http://localhost:4567"
+      S3_ENABLED: false
     depends_on:
       - ldap
       - redis
@@ -67,6 +70,7 @@ services:
       REDIS_URL: redis://redis:6379/0
       RS_REDIS_URL: redis://redis:6379/1
       RS_STORAGE_URL: "http://localhost:4567"
+      S3_ENABLED: false
     depends_on:
       - ldap
       - redis
@@ -81,10 +85,10 @@ services:
       - "9000:9000"
       - "9001:9001"
     volumes:
-      - ./tmp/minio:/data
+      - minio-data:/data
 
   liquor-cabinet:
-    image: gitea.kosmos.org/5apps/liquor-cabinet:2.0.0-beta.2
+    image: gitea.kosmos.org/5apps/liquor-cabinet:2.0.0-rc.1
     networks:
       - external_network
       - internal_network
@@ -116,3 +120,11 @@ networks:
   external_network:
   internal_network:
     internal: true
+
+volumes:
+  389ds-data:
+    driver: local
+  minio-data:
+    driver: local
+  redis-data:
+    driver: local

package.json

@@ -11,7 +11,7 @@
     "postcss-preset-env": "^7.8.3",
     "tailwindcss": "^3.2.4"
   },
-  "version": "0.8.1",
+  "version": "0.9.0",
   "scripts": {
     "build:css:tailwind": "tailwindcss --postcss -i ./app/assets/stylesheets/application.tailwind.css -o ./app/assets/builds/application.css",
     "build:css": "yarn run build:css:tailwind"

spec/components/app_catalog/web_app_icon_component_spec.rb

@@ -0,0 +1,11 @@
+require "rails_helper"
+
+RSpec.describe AppCatalog::WebAppIconComponent, type: :component do
+  describe "No web app given" do
+    it "renders the default icon" do
+      expect(
+        render_inline(described_class.new(web_app: nil)) {}.to_html
+      ).to include("icon-remotestorage")
+    end
+  end
+end

spec/features/admin/settings_spec.rb

@@ -23,35 +23,35 @@ RSpec.describe 'Admin/global settings', type: :feature do
     scenario "Opening service settings shows page for first service" do
       visit admin_settings_services_path
 
-      expect(current_url).to eq(admin_settings_services_url(params: { s: "btcpay" }))
+      expect(current_url).to eq(admin_settings_service_url("btcpay"))
     end
 
     scenario "View service settings" do
-      visit admin_settings_services_path(params: { s: "ejabberd" })
+      visit admin_settings_service_path("ejabberd")
 
       expect(page).to have_content("Enable ejabberd integration")
       expect(page).to have_field("API URL", with: "http://xmpp.example.com/api")
     end
 
     scenario "Disable a service integration" do
-      visit admin_settings_services_path(params: { s: "ejabberd" })
+      visit admin_settings_service_path("ejabberd")
       expect(page).to have_checked_field("setting[ejabberd_enabled]")
 
       uncheck "setting[ejabberd_enabled]"
       click_button "Save"
 
-      expect(current_url).to eq(admin_settings_services_url(params: { s: "ejabberd" }))
+      expect(current_url).to eq(admin_settings_service_url("ejabberd"))
       expect(page).to_not have_checked_field("setting[ejabberd_enabled]")
       expect(page).to_not have_field("API URL", disabled: true)
     end
 
     scenario "Resettable fields" do
-      visit admin_settings_services_path(params: { s: "ejabberd" })
+      visit admin_settings_service_path("ejabberd")
       expect(page).to have_field("API URL", with: "http://xmpp.example.com/api")
       expect(page).to_not have_css('input#setting_ejabberd_api_url+button')
 
       Setting.ejabberd_api_url = "http://example.com/foo"
-      visit admin_settings_services_path(params: { s: "ejabberd" })
+      visit admin_settings_service_path("ejabberd")
       expect(page).to have_field("API URL", with: "http://example.com/foo")
       expect(page).to have_css('input#setting_ejabberd_api_url+button')
     end

spec/features/admin/users_spec.rb

@@ -0,0 +1,55 @@
+require "rails_helper"
+
+RSpec.describe "Admin: User management", type: :feature do
+  let(:admin) { create :user }
+  let(:user) { create :user, id: 2, cn: "alfred", email: "alfred@example.com" }
+
+  before do
+    user.save!
+
+    allow(Devise::LDAP::Adapter).to receive(:get_ldap_param)
+      .with(admin.cn, :admin).and_return(["true"])
+    allow(Devise::LDAP::Adapter).to receive(:get_ldap_param)
+      .with(user.cn, :admin).and_return(nil)
+    allow_any_instance_of(User).to receive(:ldap_entry)
+      .and_return({ uid: user.cn, mail: user.email, display_name: "Freddy" })
+    allow_any_instance_of(LdapManager::FetchAvatar).to receive(:call)
+      .and_return(nil)
+
+    login_as admin, :scope => :user
+  end
+
+  describe "User details page" do
+    before do
+      visit admin_user_path("alfred")
+    end
+
+    it "shows the user info" do
+      within "h1" do
+        expect(page).to have_content("User: alfred")
+      end
+      expect(page).to have_content("alfred@example.com")
+    end
+  end
+
+  scenario 'Add invitations to account' do
+    visit admin_user_path("alfred")
+    find("#add-invitations").click
+
+    select "5", :from => "amount"
+    uncheck "notify_user"
+    click_button "Add"
+
+    expect(user.invitations.count).to eq(5)
+  end
+
+  scenario 'Remove invitations from account' do
+    3.times { Invitation.create(user: user) }
+    expect(user.invitations.count).to eq(3)
+
+    visit admin_user_path("alfred")
+    find("#remove-invitations").click
+
+    expect(user.invitations.count).to eq(0)
+  end
+end

spec/features/settings/email_spec.rb

@@ -50,7 +50,7 @@ RSpec.describe 'E-Mail settings', type: :feature do
 
       expect(LdapManager::UpdateEmailPassword).to receive(:call).and_return(true)
       expect(LdapManager::UpdateEmailMaildrop).to receive(:call)
-        .with(user.dn, user.address).and_return(true)
+        .with(dn: user.dn, address: user.address).and_return(true)
 
       visit setting_path(:email)
       fill_in 'Current account password', with: "valid password"

spec/features/settings/profile_spec.rb

@@ -12,6 +12,8 @@ RSpec.describe 'Profile settings', type: :feature do
       uid: user.cn, ou: user.ou, display_name: "Mark"
     })
     allow_any_instance_of(User).to receive(:avatar).and_return(avatar_base64)
+
+    Flipper.enable "avatar_upload"
   end
 
   feature "Update display name" do
@@ -29,7 +31,7 @@ RSpec.describe 'Profile settings', type: :feature do
 
     scenario 'works with valid input' do
       expect(LdapManager::UpdateDisplayName).to receive(:call)
-        .with(user.dn, "Marky Mark").and_return(true)
+        .with(dn: user.dn, display_name: "Marky Mark").and_return(true)
 
       visit setting_path(:profile)
       fill_in 'Display name', with: "Marky Mark"

spec/features/signup_spec.rb

@@ -53,7 +53,7 @@ RSpec.describe "Signup", type: :feature do
       expect(page).to have_content("Choose a password")
 
       expect(CreateAccount).to receive(:call)
-        .with({
+        .with(account: {
           username: "tony", domain: "kosmos.org",
           email: "tony@example.com", password: "a-valid-password",
           invitation: Invitation.last
@@ -97,7 +97,7 @@ RSpec.describe "Signup", type: :feature do
       expect(page).to have_content("Password is too short")
 
       expect(CreateAccount).to receive(:call)
-        .with({
+        .with(account: {
           username: "tony", domain: "kosmos.org",
           email: "tony@example.com", password: "a-valid-password",
           invitation: Invitation.last

spec/models/user_spec.rb

@@ -190,7 +190,7 @@ RSpec.describe User, type: :model do
 
       it "updates the LDAP 'mail' attribute" do
         expect(LdapManager::UpdateEmail).to receive(:call)
-          .with("cn=willherschel,ou=kosmos.org,cn=users,dc=kosmos,dc=org", "will@hrsch.el")
+          .with(dn: "cn=willherschel,ou=kosmos.org,cn=users,dc=kosmos,dc=org", address: "will@hrsch.el")
         user.send :devise_after_confirmation
       end
 

spec/rails_helper.rb

@@ -39,7 +39,7 @@ rescue ActiveRecord::PendingMigrationError => e
 end
 RSpec.configure do |config|
   # Remove this line if you're not using ActiveRecord or ActiveRecord fixtures
-  config.fixture_path = "#{::Rails.root}/spec/fixtures"
+  config.fixture_paths = ["#{::Rails.root}/spec/fixtures"]
 
   # If you're not using ActiveRecord, or you'd prefer not to run each of your
   # examples within a transaction, remove the following line or assign false

spec/requests/webfinger_spec.rb

@@ -15,7 +15,7 @@ RSpec.describe "WebFinger", type: :request do
           res = JSON.parse(response.body)
           rs_link = res["links"].find {|l| l["rel"] == "http://tools.ietf.org/id/draft-dejong-remotestorage"}
 
-          expect(rs_link["href"]).to eql("https://storage.kosmos.org/tony")
+          expect(rs_link["href"]).to eql("#{Setting.rs_storage_url}/tony")
 
           oauth_url = rs_link["properties"]["http://tools.ietf.org/html/rfc6749#section-4.2"]
           expect(oauth_url).to eql("http://www.example.com/rs/oauth/tony")

spec/services/create_account_spec.rb

@@ -2,11 +2,11 @@ require 'rails_helper'
 
 RSpec.describe CreateAccount, type: :model do
   describe "#create_user_in_database" do
-    let(:service) { CreateAccount.new(
+    let(:service) { CreateAccount.new(account: {
       username: 'isaacnewton',
       email: 'isaacnewton@example.com',
       password: 'bright-ideas-in-autumn'
-    )}
+    })}
 
     it "creates a new user record in the akkounts database" do
       expect(User.count).to eq(0)
@@ -19,12 +19,12 @@ RSpec.describe CreateAccount, type: :model do
 
   describe "#update_invitation" do
     let(:invitation) { create :invitation }
-    let(:service) { CreateAccount.new(
+    let(:service) { CreateAccount.new(account: {
       username: 'isaacnewton',
       email: 'isaacnewton@example.com',
       password: 'bright-ideas-in-autumn',
       invitation: invitation
-    )}
+    })}
 
     before(:each) do
       service.send(:update_invitation, 23)
@@ -42,11 +42,11 @@ RSpec.describe CreateAccount, type: :model do
   describe "#add_ldap_document" do
     include ActiveJob::TestHelper
 
-    let(:service) { CreateAccount.new(
+    let(:service) { CreateAccount.new(account: {
       username: 'halfinney',
       email: 'halfinney@example.com',
       password: 'remember-remember-the-5th-of-november'
-    )}
+    })}
 
     it "enqueues a job to create the LDAP user document" do
       service.send(:add_ldap_document)
@@ -68,10 +68,10 @@ RSpec.describe CreateAccount, type: :model do
   describe "#create_lndhub_account" do
     include ActiveJob::TestHelper
 
-    let(:service) { CreateAccount.new(
+    let(:service) { CreateAccount.new(account: {
       username: 'halfinney', email: 'halfinney@example.com',
       password: 'bright-ideas-in-winter'
-    )}
+    })}
     let(:new_user) { create :user, cn: "halfinney", ou: "kosmos.org" }
 
     it "enqueues a job to create an LndHub account" do

spec/services/create_invitations_spec.rb

@@ -0,0 +1,40 @@
+require 'rails_helper'
+
+RSpec.describe CreateInvitations, type: :model do
+  include ActiveJob::TestHelper
+
+  let(:user) { create :user }
+
+  describe "#call" do
+    before do
+      CreateInvitations.call(user: user, amount: 5)
+    end
+
+    after(:each) { clear_enqueued_jobs }
+
+    it "creates the right amount of invitations for the given user" do
+      expect(user.invitations.count).to eq(5)
+    end
+
+    it "sends an email notification to the user" do
+      expect(enqueued_jobs.size).to eq(1)
+      expect(enqueued_jobs.first["job_class"]).to eq("ActionMailer::MailDeliveryJob")
+      args = enqueued_jobs.first['arguments']
+      expect(args[0]).to eq("NotificationMailer")
+      expect(args[1]).to eq("new_invitations_available")
+      expect(args[3]["params"]["user"]["_aj_globalid"]).to eq("gid://akkounts/User/1")
+    end
+  end
+
+  describe "#call with notification disabled" do
+    before do
+      CreateInvitations.call(user: user, amount: 3, notify: false)
+    end
+
+    after(:each) { clear_enqueued_jobs }
+
+    it "does not send an email notification to the user" do
+      expect(enqueued_jobs.size).to eq(0)
+    end
+  end
+end