0.6.0

Reviewed-on: #131

.env.example

@@ -1,3 +1,5 @@
+AKKOUNTS_DOMAIN=accounts.example.com
+
 SMTP_SERVER=smtp.example.com
 SMTP_PORT=587
 SMTP_LOGIN=accounts
@@ -17,9 +19,12 @@ LDAP_SUFFIX='dc=kosmos,dc=org'
 WEBHOOKS_ALLOWED_IPS='10.1.1.163'
 
 DISCOURSE_PUBLIC_URL='https://community.kosmos.org'
+DISCOURSE_CONNECT_SECRET='discourse_connect_ftw'
+
 GITEA_PUBLIC_URL='https://gitea.kosmos.org'
 MASTODON_PUBLIC_URL='https://kosmos.social'
 MEDIAWIKI_PUBLIC_URL='https://wiki.kosmos.org'
+RS_STORAGE_URL='https://storage.kosmos.org'
 
 EJABBERD_ADMIN_URL='https://xmpp.kosmos.org/admin'
 EJABBERD_API_URL='https://xmpp.kosmos.org/api'

.env.test

@@ -1,3 +1,6 @@
+DISCOURSE_PUBLIC_URL='http://discourse.example.com'
+DISCOURSE_CONNECT_SECRET='discourse_connect_ftw'
+
 EJABBERD_API_URL='http://xmpp.example.com/api'
 
 BTCPAY_API_URL='http://btcpay.example.com/api/v1'
@@ -6,4 +9,6 @@ LNDHUB_API_URL='http://localhost:3026'
 LNDHUB_PUBLIC_URL='https://lndhub.kosmos.org'
 LNDHUB_PUBLIC_KEY='024cd3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946'
 
+RS_STORAGE_URL='https://storage.kosmos.org'
+
 WEBHOOKS_ALLOWED_IPS='10.1.1.23'

Gemfile

@@ -40,6 +40,9 @@ gem 'net-ldap'
 gem "rqrcode", "~> 2.0"
 gem 'rails-settings-cached', '~> 2.8.3'
 gem 'pagy', '~> 6.0', '>= 6.0.2'
+gem 'flipper'
+gem 'flipper-active_record'
+gem 'flipper-ui'
 
 # HTTP requests
 gem 'faraday'
@@ -48,6 +51,9 @@ gem 'faraday'
 gem 'sidekiq', '< 7'
 gem 'sidekiq-scheduler'
 
+# Service integrations
+gem 'discourse_api'
+
 # Monitoring
 gem "sentry-ruby"
 gem "sentry-rails"
@@ -66,6 +72,7 @@ group :development do
   gem 'letter_opener'
   gem 'letter_opener_web'
   gem 'faker'
+  gem 'solargraph'
 end
 
 group :test do

Gemfile.lock

@@ -68,7 +68,10 @@ GEM
       tzinfo (~> 2.0)
     addressable (2.8.1)
       public_suffix (>= 2.0.2, < 6.0)
+    ast (2.4.2)
+    backport (1.2.0)
     bcrypt (3.1.18)
+    benchmark (0.2.1)
     bindex (0.8.1)
     builder (3.2.4)
     byebug (11.1.3)
@@ -105,10 +108,16 @@ GEM
       devise (>= 3.4.1)
       net-ldap (>= 0.16.0)
     diff-lcs (1.5.0)
+    discourse_api (2.0.0)
+      faraday (~> 2.7)
+      faraday-follow_redirects
+      faraday-multipart
+      rack (>= 1.6)
     dotenv (2.8.1)
     dotenv-rails (2.8.1)
       dotenv (= 2.8.1)
       railties (>= 3.2)
+    e2mmap (0.1.0)
     erubi (1.11.0)
     et-orbi (1.2.7)
       tzinfo
@@ -122,8 +131,23 @@ GEM
     faraday (2.7.1)
       faraday-net_http (>= 2.0, < 3.1)
       ruby2_keywords (>= 0.0.4)
+    faraday-follow_redirects (0.3.0)
+      faraday (>= 1, < 3)
+    faraday-multipart (1.0.4)
+      multipart-post (~> 2)
     faraday-net_http (3.0.2)
     ffi (1.15.5)
+    flipper (0.28.0)
+      concurrent-ruby (< 2)
+    flipper-active_record (0.28.0)
+      activerecord (>= 4.2, < 8)
+      flipper (~> 0.28.0)
+    flipper-ui (0.28.0)
+      erubi (>= 1.0.0, < 2.0.0)
+      flipper (~> 0.28.0)
+      rack (>= 1.4, < 3)
+      rack-protection (>= 1.5.3, <= 4.0.0)
+      sanitize (< 7)
     fugit (1.7.2)
       et-orbi (~> 1, >= 1.2.7)
       raabro (~> 1.4)
@@ -135,9 +159,15 @@ GEM
     importmap-rails (1.1.5)
       actionpack (>= 6.0.0)
       railties (>= 6.0.0)
+    jaro_winkler (1.5.4)
     jbuilder (2.11.5)
       actionview (>= 5.0.0)
       activesupport (>= 5.0.0)
+    json (2.6.3)
+    kramdown (2.4.0)
+      rexml
+    kramdown-parser-gfm (1.1.0)
+      kramdown (~> 2.0)
     launchy (2.5.0)
       addressable (~> 2.7)
     letter_opener (1.8.1)
@@ -162,6 +192,7 @@ GEM
     mini_mime (1.1.2)
     mini_portile2 (2.8.0)
     minitest (5.16.3)
+    multipart-post (2.3.0)
     net-imap (0.3.1)
       net-protocol
     net-ldap (0.17.1)
@@ -179,6 +210,9 @@ GEM
       racc (~> 1.4)
     orm_adapter (0.5.0)
     pagy (6.0.2)
+    parallel (1.22.1)
+    parser (3.2.1.1)
+      ast (~> 2.4.1)
     pg (1.2.3)
     public_suffix (5.0.0)
     puma (4.3.12)
@@ -186,6 +220,8 @@ GEM
     raabro (1.4.0)
     racc (1.6.0)
     rack (2.2.4)
+    rack-protection (3.0.6)
+      rack
     rack-test (2.0.2)
       rack (>= 1.3)
     rails (7.0.4)
@@ -217,6 +253,7 @@ GEM
       rake (>= 12.2)
       thor (~> 1.0)
       zeitwerk (~> 2.5)
+    rainbow (3.1.1)
     rake (13.0.6)
     rb-fsevent (0.11.2)
     rb-inotify (0.10.1)
@@ -229,6 +266,8 @@ GEM
     responders (3.1.0)
       actionpack (>= 5.2)
       railties (>= 5.2)
+    reverse_markdown (2.1.1)
+      nokogiri
     rexml (3.2.5)
     rqrcode (2.1.2)
       chunky_png (~> 1.0)
@@ -251,9 +290,25 @@ GEM
       rspec-mocks (~> 3.11)
       rspec-support (~> 3.11)
     rspec-support (3.12.0)
+    rubocop (1.48.1)
+      json (~> 2.3)
+      parallel (~> 1.10)
+      parser (>= 3.2.0.0)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.26.0, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 2.4.0, < 3.0)
+    rubocop-ast (1.28.0)
+      parser (>= 3.2.1.0)
+    ruby-progressbar (1.13.0)
     ruby2_keywords (0.0.5)
     rufus-scheduler (3.8.2)
       fugit (~> 1.1, >= 1.1.6)
+    sanitize (6.0.1)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.12.0)
     sentry-rails (5.8.0)
       railties (>= 5.0)
       sentry-ruby (~> 5.8.0)
@@ -268,6 +323,21 @@ GEM
       rufus-scheduler (~> 3.2)
       sidekiq (>= 4, < 7)
       tilt (>= 1.4.0)
+    solargraph (0.48.0)
+      backport (~> 1.2)
+      benchmark
+      bundler (>= 1.17.2)
+      diff-lcs (~> 1.4)
+      e2mmap
+      jaro_winkler (~> 1.5)
+      kramdown (~> 2.3)
+      kramdown-parser-gfm (~> 1.1)
+      parser (~> 3.0)
+      reverse_markdown (>= 1.0.5, < 3)
+      rubocop (>= 0.52)
+      thor (~> 1.0)
+      tilt (~> 2.0)
+      yard (~> 0.9, >= 0.9.24)
     sprockets (4.1.1)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
@@ -289,6 +359,7 @@ GEM
       railties (>= 6.0.0)
     tzinfo (2.0.5)
       concurrent-ruby (~> 1.0)
+    unicode-display_width (2.4.2)
     view_component (2.78.0)
       activesupport (>= 5.0.0, < 8.0)
       concurrent-ruby (~> 1.0)
@@ -304,11 +375,14 @@ GEM
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
+    webrick (1.7.0)
     websocket-driver (0.7.5)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
     xpath (3.2.0)
       nokogiri (~> 1.8)
+    yard (0.9.28)
+      webrick (~> 1.7.0)
     zeitwerk (2.6.6)
 
 PLATFORMS
@@ -322,10 +396,14 @@ DEPENDENCIES
   database_cleaner
   devise (~> 4.9.0)
   devise_ldap_authenticatable
+  discourse_api
   dotenv-rails
   factory_bot_rails
   faker
   faraday
+  flipper
+  flipper-active_record
+  flipper-ui
   importmap-rails
   jbuilder (~> 2.7)
   letter_opener
@@ -344,6 +422,7 @@ DEPENDENCIES
   sentry-ruby
   sidekiq (< 7)
   sidekiq-scheduler
+  solargraph
   sprockets-rails
   sqlite3 (~> 1.4)
   stimulus-rails

README.md

@@ -23,9 +23,8 @@ so:
 
 After these steps, you should have a working Rails app with a handful of test
 users running on [http://localhost:3000](http://localhost:3000).
-
 Log in with username "admin" and password "admin is admin". All users listed on
-[http://localhost:3000/admin/ldap_users](http://localhost:3000/admin/ldap_users)
+[http://localhost:3000/admin/users](http://localhost:3000/admin/users)
 have the password "user is user".
 
 ### Rails app
@@ -79,6 +78,15 @@ The setup task will first delete any existing entries in the directory tree
 Note that all 389ds data is stored in `tmp/389ds`. So if you want to start over
 with a fresh installation, delete both that directory as well as the container.
 
+### Solargraph
+
+[Solargraph](https://solargraph.org/) is a Ruby language server, which you may
+use with your editor to add features like auto-completion and syntax
+validation. You can add inline documentation for bundled gems with this
+command:
+
+    bundle exec yard gems
+
 ## Documentation
 
 ### Rails
@@ -106,6 +114,10 @@ with a fresh installation, delete both that directory as well as the container.
 * [Sidekiq](https://github.com/mperham/sidekiq/wiki/)
 * [ActiveJob](https://github.com/mperham/sidekiq/wiki/Active-Job)
 
+### Feature Flags
+
+* [Flipper](https://www.flippercloud.io/docs/get-started/self-hosted)
+
 ## License
 
 [GNU Affero General Public License v3.0](https://choosealicense.com/licenses/agpl-3.0/)

app/assets/stylesheets/components/buttons.css

@@ -32,8 +32,4 @@
     @apply bg-red-600 hover:bg-red-700 text-white
            focus:ring-red-500 focus:ring-opacity-75;
   }
-
-  input[type=text]:disabled {
-    @apply text-gray-700;
-  }
 }

app/assets/stylesheets/components/forms.css

@@ -6,12 +6,13 @@
            focus:ring-blue-600 focus:ring-opacity-75;
   }
 
-  .field_with_errors {
-    @apply inline-block;
+  input[type=text]:disabled,
+  input[type=email]:disabled {
+    @apply text-gray-700;
   }
 
-  .field_with_errors input {
-    @apply w-full bg-red-100;
+  input.field_with_errors {
+    @apply border-b-red-600;
   }
 
   .error-msg {

app/components/form_elements/fieldset_component.html.erb

@@ -1,4 +1,5 @@
 <%= tag.public_send(@tag, class: "mb-6 last:mb-0") do %>
+  <% if @positioning == :vertical %>
   <label class="block">
     <p class="font-bold <%= @descripton.present? ? "mb-1" : "mb-2" %>">
       <%= @title %>
@@ -10,4 +11,19 @@
     <% end %>
     <%= content %>
   </label>
+  <% elsif @positioning == :horizontal %>
+  <label class="block flex items-center justify-between">
+    <div class="flex flex-col">
+      <label class="font-bold mb-1"><%= @title %></label>
+      <% if @descripton.present? %>
+      <p class="text-gray-500"><%= @descripton %></p>
+      <% end %>
+    </div>
+    <div class="relative ml-4 inline-flex flex-shrink-0">
+      <%= content %>
+    </div>
+  </label>
+  <% else %>
+  <p>Invalid <code>positioning<code> argument for <code>FieldsetComponent</code>.</p>
+  <% end %>
 <% end %>

app/components/form_elements/fieldset_component.rb

@@ -2,10 +2,11 @@
 
 module FormElements
   class FieldsetComponent < ViewComponent::Base
-    def initialize(tag: "li", title:, description: nil)
-      @tag = tag
-      @title = title
-      @descripton = description
+    def initialize(tag: "li", positioning: :vertical, title:, description: nil)
+      @tag         = tag
+      @positioning = positioning
+      @title       = title
+      @descripton  = description
     end
   end
 end

app/components/form_elements/fieldset_toggle_component.html.erb

@@ -1,5 +1,5 @@
 <%= tag.public_send @tag, class: "flex items-center justify-between mb-6 last:mb-0",
-      data: @form.present? ? {
+      data: @form_enabled ? {
         controller: "settings--toggle",
         :'settings--toggle-switch-enabled-value' => @enabled.to_s
       } : nil do %>
@@ -11,16 +11,23 @@
     <%= render FormElements::ToggleComponent.new(
           enabled: @enabled,
           input_enabled: @input_enabled,
-          class_names: @form.present? ? "hidden" : nil,
+          class_names: @form_enabled ? "hidden" : nil,
           data: {
             :'settings--toggle-target' => "button",
             action: "settings--toggle#toggleSwitch"
           }) %>
-    <% if @form.present? %>
-      <%= @form.check_box @attribute, {
-            checked: @enabled,
-            data: { :'settings--toggle-target' => "checkbox" }
-          }, "true", "false" %>
+    <% if @form_enabled %>
+      <% if @attribute.present? %>
+        <%= @form.check_box @attribute, {
+              checked: @enabled,
+              data: { :'settings--toggle-target' => "checkbox" }
+            }, "true", "false" %>
+      <% else %>
+        <input name="<%= @field_name %>" type="hidden" value="false" autocomplete="off">
+        <%= check_box_tag @field_name, "true", @enabled, {
+              data: { :'settings--toggle-target' => "checkbox" }
+            } %>
+      <% end %>
     <% end %>
   </div>
 <% end %>

app/components/form_elements/fieldset_toggle_component.rb

@@ -2,11 +2,13 @@
 
 module FormElements
   class FieldsetToggleComponent < ViewComponent::Base
-    def initialize(form: nil, attribute: nil, tag: "li", enabled: false,
-                   input_enabled: true, title:, description:)
+    def initialize(tag: "li", form: nil, attribute: nil, field_name: nil,
+                   enabled: false, input_enabled: true, title:, description:)
+      @tag = tag
       @form = form
       @attribute = attribute
-      @tag = tag
+      @field_name = field_name
+      @form_enabled = @form.present? || @field_name.present?
       @enabled = enabled
       @input_enabled = input_enabled
       @title = title

app/controllers/account_controller.rb

@@ -1,5 +1,5 @@
 class AccountController < ApplicationController
-  before_action :require_user_signed_in
+  before_action :authenticate_user!
 
   def index
     @current_section = :account

app/controllers/contributions/donations_controller.rb

@@ -1,5 +1,5 @@
 class Contributions::DonationsController < ApplicationController
-  before_action :require_user_signed_in
+  before_action :authenticate_user!
 
   # GET /donations
   # GET /donations.json

app/controllers/contributions/projects_controller.rb

@@ -1,5 +1,5 @@
 class Contributions::ProjectsController < ApplicationController
-  before_action :require_user_signed_in
+  before_action :authenticate_user!
 
   # GET /contributions
   def index

app/controllers/dashboard_controller.rb

@@ -1,7 +1,7 @@
 class DashboardController < ApplicationController
-  before_action :require_user_signed_in
+  before_action :authenticate_user!
 
   def index
-    @current_section = :dashboard
+    @current_section = :services
   end
 end

app/controllers/discourse/sso_controller.rb

@@ -0,0 +1,17 @@
+class Discourse::SsoController < ApplicationController
+  before_action :authenticate_user!
+
+  def connect
+    secret = Setting.discourse_connect_secret
+    sso = DiscourseApi::SingleSignOn.parse(request.query_string, secret)
+    sso.external_id = current_user.id
+    sso.email = current_user.email
+    sso.username = current_user.cn
+    sso.name = current_user.display_name
+    sso.admin = current_user.is_admin?
+    sso.sso_secret = secret
+
+    redirect_to sso.to_url("#{Setting.discourse_public_url}/session/sso_login"),
+                allow_other_host: true
+  end
+end

app/controllers/invitations_controller.rb

@@ -1,5 +1,5 @@
 class InvitationsController < ApplicationController
-  before_action :require_user_signed_in, except: ["show"]
+  before_action :authenticate_user!, except: ["show"]
   before_action :require_user_signed_out, only: ["show"]
 
   # GET /invitations

app/controllers/services/lightning_controller.rb

@@ -1,7 +1,7 @@
 require "rqrcode"
 
-class WalletController < ApplicationController
-  before_action :require_user_signed_in
+class Services::LightningController < ApplicationController
+  before_action :authenticate_user!
   before_action :authenticate_with_lndhub
   before_action :set_current_section
   before_action :fetch_balance
@@ -42,7 +42,7 @@ class WalletController < ApplicationController
   end
 
   def set_current_section
-    @current_section = :wallet
+    @current_section = :services
   end
 
   def fetch_balance
@@ -78,6 +78,7 @@ class WalletController < ApplicationController
         tx["received"] = true
       else
         tx["amount_sats"] = tx["value"] || tx["amt"]
+        tx["fee"] = tx["type"] == "paid_invoice" ? tx["fee"] : nil
         tx["datetime"] = Time.at(tx["timestamp"].to_i)
         tx["title"] = tx["type"] == "paid_invoice" ? "Sent" : "Received"
         tx["description"] = tx["memo"] || tx["description"]

app/controllers/services/remotestorage_controller.rb

@@ -0,0 +1,30 @@
+class Services::RemotestorageController < ApplicationController
+  before_action :require_user_signed_in
+  before_action :require_service_enabled
+  before_action :require_feature_enabled
+  before_action :set_current_section
+
+  def dashboard
+    # unless current_user.services_enabled.include?(:remotestorage)
+    #   redirect_to service_remotestorage_info_path
+    # end
+  end
+
+  private
+
+    def require_feature_enabled
+      unless Flipper.enabled?(:remotestorage, current_user)
+        http_status :forbidden
+      end
+    end
+
+    def require_service_enabled
+      unless Setting.remotestorage_enabled?
+        http_status :not_found
+      end
+    end
+
+    def set_current_section
+      @current_section = :services
+    end
+end

app/controllers/settings/account_controller.rb

@@ -1,13 +0,0 @@
-class Settings::AccountController < SettingsController
-
-  def index
-  end
-
-  def reset_password
-    current_user.send_reset_password_instructions
-    sign_out current_user
-    msg = "We have sent you an email with a link to reset your password."
-    redirect_to check_your_email_path, notice: msg
-  end
-
-end

app/controllers/settings/profile_controller.rb

@@ -1,11 +0,0 @@
-class Settings::ProfileController < SettingsController
-
-  def index
-    @user = current_user
-  end
-
-  def update
-
-  end
-
-end

app/controllers/settings_controller.rb

@@ -1,13 +1,85 @@
 class SettingsController < ApplicationController
-  before_action :require_user_signed_in
-  before_action :set_current_section
+  before_action :authenticate_user!
+  before_action :set_main_nav_section
+  before_action :set_settings_section, only: [:show, :update, :update_email]
+  before_action :set_user, only: [:show, :update, :update_email]
 
   def index
+    redirect_to setting_path(:profile)
+  end
+
+  def show
+  end
+
+  def update
+    @user.preferences.merge!(user_params[:preferences] || {})
+    @user.display_name = user_params[:display_name]
+
+    if @user.save
+      if @user.display_name && (@user.display_name != @user.ldap_entry[:display_name])
+        LdapManager::UpdateDisplayName.call(@user.dn, user_params[:display_name])
+      end
+
+      redirect_to setting_path(@settings_section), flash: {
+        success: 'Settings saved.'
+      }
+    else
+      @validation_errors = @user.errors
+      render :show, status: :unprocessable_entity
+    end
+  end
+
+  def update_email
+    if @user.valid_ldap_authentication?(email_params[:current_password])
+      if @user.update email: email_params[:email]
+        redirect_to setting_path(:account), flash: {
+          notice: 'Please confirm your new address using the confirmation link we just sent you.'
+        }
+      else
+        @validation_errors = @user.errors
+        render :show, status: :unprocessable_entity
+      end
+    else
+      redirect_to setting_path(:account), flash: {
+        error: 'Password did not match your current password. Try again.'
+      }
+    end
+  end
+
+  def reset_password
+    current_user.send_reset_password_instructions
+    sign_out current_user
+    msg = "We have sent you an email with a link to reset your password."
+    redirect_to check_your_email_path, notice: msg
   end
 
   private
 
-  def set_current_section
-    @current_section = :settings
-  end
+    def set_main_nav_section
+      @current_section = :settings
+    end
+
+    def set_settings_section
+      @settings_section = params[:section]
+      allowed_sections = [:profile, :account, :lightning, :xmpp]
+
+      unless allowed_sections.include?(@settings_section.to_sym)
+        redirect_to setting_path(:profile)
+      end
+    end
+
+    def set_user
+      @user = current_user
+    end
+
+    def user_params
+      params.require(:user).permit(:display_name, preferences: [
+        :lightning_notify_sats_received,
+        :xmpp_exchange_contacts_with_invitees
+      ])
+    end
+
+    def email_params
+      params.require(:user).permit(:email, :current_password)
+    end
 end

app/controllers/webfinger_controller.rb

@@ -0,0 +1,57 @@
+class WebfingerController < ApplicationController
+  before_action :allow_cross_origin_requests, only: [:show]
+
+  layout false
+
+  def show
+    resource = params[:resource]
+
+    if resource && resource.match(/acct:\w+/)
+      useraddress = resource.split(":").last
+      username, org = useraddress.split("@")
+      username.downcase!
+      unless User.where(cn: username, ou: org).any?
+        head 404 and return
+      end
+
+      render json: webfinger(useraddress).to_json,
+             content_type: "application/jrd+json"
+    else
+      head 422 and return
+    end
+  end
+
+  private
+
+  def webfinger(useraddress)
+    links = [];
+
+    links << remotestorage_link(useraddress) if Setting.remotestorage_enabled
+
+    { "links" => links }
+  end
+
+  def remotestorage_link(useraddress)
+    # TODO use when OAuth routes are available
+    # auth_url = new_rs_oauth_url(useraddress)
+    auth_url = "https://example.com/rs/oauth"
+    storage_url = "#{Setting.rs_storage_url}/#{useraddress}"
+
+    {
+      "rel" => "http://tools.ietf.org/id/draft-dejong-remotestorage",
+      "href" => storage_url,
+      "properties" => {
+        "http://remotestorage.io/spec/version" => "draft-dejong-remotestorage-13",
+        "http://tools.ietf.org/html/rfc6749#section-4.2" => auth_url,
+        "http://tools.ietf.org/html/rfc6750#section-2.3" => nil, # access token via a HTTP query parameter
+        "http://tools.ietf.org/html/rfc7233": "GET", # content range requests
+        "http://remotestorage.io/spec/web-authoring": nil
+      }
+    }
+  end
+
+  def allow_cross_origin_requests
+    headers['Access-Control-Allow-Origin'] = '*'
+    headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, OPTIONS'
+  end
+end

app/controllers/webhooks_controller.rb

@@ -12,22 +12,28 @@ class WebhooksController < ApplicationController
     end
 
     user = User.find_by!(ln_account: payload[:user_login])
-
-    # TODO make configurable
-    notify_xmpp(user.address, payload[:amount], payload[:memo])
+    notify = user.preferences[:lightning_notify_sats_received]
+    case notify
+    when "xmpp"
+      notify_xmpp(user.address, payload[:amount], payload[:memo])
+    when "email"
+      NotificationMailer.with(user: user, amount_sats: payload[:amount])
+                        .lightning_sats_received.deliver_later
+    end
 
     head :ok
   end
 
   private
 
+  # TODO refactor into mailer-like generic class/service
   def notify_xmpp(address, amt_sats, memo)
     payload = {
       type: "normal",
       from: "kosmos.org", # TODO domain config
       to: address,
       subject: "Sats received!",
-      body: "#{amt_sats} sats received in your Lightning wallet:\n> #{memo}"
+      body: "#{helpers.number_with_delimiter amt_sats} sats received in your Lightning wallet:\n> #{memo}"
     }
     XmppSendMessageJob.perform_later(payload)
   end

app/javascript/controllers/settings/account/email_controller.js

@@ -0,0 +1,27 @@
+import { Controller } from "@hotwired/stimulus"
+
+export default class extends Controller {
+  static targets = [ "emailField", "editEmailButton" ]
+  static values = { validationFailed: Boolean }
+
+  connect () {
+    if (this.validationFailedValue) return;
+
+    this.emailFieldTarget.disabled = true;
+    this.element.querySelectorAll(".initial-hidden").forEach(el => {
+      el.classList.add("hidden");
+    })
+    this.element.querySelectorAll(".initial-visible").forEach(el => {
+      el.classList.remove("hidden");
+    })
+  }
+
+  editEmail () {
+    this.emailFieldTarget.disabled = false;
+    this.emailFieldTarget.select();
+    this.editEmailButtonTarget.classList.add("hidden");
+    this.element.querySelectorAll(".initial-hidden").forEach(el => {
+      el.classList.remove("hidden");
+    })
+  }
+}

app/jobs/xmpp_exchange_contacts_job.rb

@@ -1,18 +1,22 @@
 class XmppExchangeContactsJob < ApplicationJob
   queue_as :default
 
-  def perform(inviter, username, domain)
+  def perform(inviter, invitee)
+    return unless inviter.services_enabled.include?("xmpp") &&
+                  invitee.services_enabled.include?("xmpp") &&
+                  inviter.preferences[:xmpp_exchange_contacts_with_invitees]
+
     ejabberd = EjabberdApiClient.new
 
     ejabberd.add_rosteritem({
-      "localuser": username, "localhost": domain,
+      "localuser": invitee.cn, "localhost": invitee.ou,
       "user": inviter.cn, "host": inviter.ou,
       "nick": inviter.cn, "group": Setting.ejabberd_buddy_roster, "subs": "both"
     })
     ejabberd.add_rosteritem({
       "localuser": inviter.cn, "localhost": inviter.ou,
-      "user": username, "host": domain,
-      "nick": username, "group": Setting.ejabberd_buddy_roster, "subs": "both"
+      "user": invitee.cn, "host": invitee.ou,
+      "nick": invitee.cn, "group": Setting.ejabberd_buddy_roster, "subs": "both"
     })
   end
 end

app/jobs/xmpp_set_default_bookmarks_job.rb

@@ -0,0 +1,26 @@
+class XmppSetDefaultBookmarksJob < ApplicationJob
+  queue_as :default
+
+  def perform(user)
+    return unless Setting.xmpp_default_rooms.any?
+    @user = user
+    ejabberd = EjabberdApiClient.new
+    ejabberd.private_set user, storage_content
+  end
+
+  def storage_content
+    bookmarks = ""
+    Setting.xmpp_default_rooms.each do |r|
+      bookmarks << conference_element(
+        jid: r[/<(.+)>/, 1], name: r[/^(.+)\s/, 1], nick: @user.cn,
+        autojoin: Setting.xmpp_autojoin_default_rooms
+      )
+    end
+
+    "<storage xmlns='storage:bookmarks'>#{bookmarks}</storage>"
+  end
+
+  def conference_element(jid:, name:, autojoin: false, nick:)
+    "<conference jid='#{jid}' name='#{name}' autojoin='#{autojoin.to_s}'><nick>#{nick}</nick></conference>"
+  end
+end

app/mailers/devise/mailer.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+if defined?(ActionMailer)
+  class Devise::Mailer < Devise.parent_mailer.constantize
+    include Devise::Mailers::Helpers
+
+    def confirmation_instructions(record, token, opts = {})
+      @token = token
+      if record.pending_reconfirmation?
+        devise_mail(record, :reconfirmation_instructions, opts)
+      else
+        devise_mail(record, :confirmation_instructions, opts)
+      end
+    end
+
+    def reset_password_instructions(record, token, opts = {})
+      @token = token
+      devise_mail(record, :reset_password_instructions, opts)
+    end
+
+    def unlock_instructions(record, token, opts = {})
+      @token = token
+      devise_mail(record, :unlock_instructions, opts)
+    end
+
+    def email_changed(record, opts = {})
+      devise_mail(record, :email_changed, opts)
+    end
+
+    def password_change(record, opts = {})
+      devise_mail(record, :password_change, opts)
+    end
+  end
+end

app/mailers/notification_mailer.rb

@@ -0,0 +1,8 @@
+class NotificationMailer < ApplicationMailer
+  def lightning_sats_received
+    @user = params[:user]
+    @amount_sats = params[:amount_sats]
+    @subject = "Sats received"
+    mail to: @user.email, subject: @subject
+  end
+end

app/models/setting.rb

@@ -2,6 +2,9 @@
 class Setting < RailsSettings::Base
   cache_prefix { "v1" }
 
+  field :accounts_domain, type: :string,
+    default: ENV["AKKOUNTS_DOMAIN"].presence
+
   #
   # Internal services
   #
@@ -17,6 +20,13 @@ class Setting < RailsSettings::Base
     account accounts donations mail webmaster support
   ]
 
+  #
+  # XMPP
+  #
+
+  field :xmpp_default_rooms, type: :array, default: []
+  field :xmpp_autojoin_default_rooms, type: :boolean, default: false
+
   #
   # Sentry
   #
@@ -34,6 +44,9 @@ class Setting < RailsSettings::Base
   field :discourse_enabled, type: :boolean,
     default: (ENV["DISCOURSE_PUBLIC_URL"].present?.to_s || false)
 
+  field :discourse_connect_secret, type: :string, readonly: true,
+    default: ENV["DISCOURSE_CONNECT_SECRET"].presence
+
   #
   # ejabberd
   #
@@ -104,4 +117,14 @@ class Setting < RailsSettings::Base
   #
 
   field :nostr_enabled, type: :boolean, default: true
+
+  #
+  # RemoteStorage
+  #
+
+  field :remotestorage_enabled, type: :boolean,
+    default: (ENV["RS_STORAGE_URL"].present?.to_s || false)
+
+  field :rs_storage_url, type: :string,
+    default: ENV["RS_STORAGE_URL"].presence
 end

app/models/user.rb

@@ -1,6 +1,10 @@
 class User < ApplicationRecord
   include EmailValidatable
 
+  attr_accessor :display_name
+
+  serialize :preferences, UserPreferences
+
   # Relations
   has_many :invitations, dependent: :destroy
   has_one  :invitation, inverse_of: :invitee, foreign_key: 'invited_user_id'
@@ -15,19 +19,23 @@ class User < ApplicationRecord
   has_many :accounts, through: :lndhub_user
 
   validates_uniqueness_of :cn
-  validates_length_of :cn, :minimum => 3
+  validates_length_of :cn, minimum: 3
   validates_format_of :cn, with: /\A([a-z0-9\-])*\z/,
                            if: Proc.new{ |u| u.cn.present? },
                            message: "is invalid. Please use only letters, numbers and -"
   validates_format_of :cn, without: /\A-/,
                            if: Proc.new{ |u| u.cn.present? },
                            message: "is invalid. Usernames need to start with a letter."
+  # FIXME This needs a server restart to apply values
   validates_format_of :cn, without: /\A(#{Setting.reserved_usernames.join('|')})\z/i,
                            message: "has already been taken"
 
   validates_uniqueness_of :email
   validates :email, email: true
 
+  validates_length_of :display_name, minimum: 3, maximum: 35, allow_blank: true,
+                                     if: -> { defined?(@display_name) }
+
   scope :confirmed, -> { where.not(confirmed_at: nil) }
   scope :pending,   -> { where(confirmed_at: nil) }
 
@@ -55,13 +63,18 @@ class User < ApplicationRecord
   end
 
   def devise_after_confirmation
-    enable_service %w[ discourse ejabberd gitea mediawiki ]
+    if ldap_entry[:mail] != self.email
+      # E-Mail update confirmed
+      LdapManager::UpdateEmail.call(self.dn, self.email)
+    else
+      # E-Mail from signup confirmed (i.e. account activation)
+      enable_service %w[ discourse gitea mediawiki xmpp ]
 
-    #TODO enable in development when we have easy setup of ejabberd etc.
-    return if Rails.env.development?
+      #TODO enable in development when we have easy setup of ejabberd etc.
+      return if Rails.env.development? || !Setting.ejabberd_enabled?
 
-    if inviter.present?
-      exchange_xmpp_contact_with_inviter if Setting.ejabberd_enabled?
+      XmppExchangeContactsJob.perform_later(inviter, self) if inviter.present?
+      XmppSetDefaultBookmarksJob.perform_later(self)
     end
   end
 
@@ -107,8 +120,13 @@ class User < ApplicationRecord
     @dn = Devise::LDAP::Adapter.get_dn(self.cn)
   end
 
-  def ldap_entry
-    ldap.fetch_users(uid: self.cn, ou: self.ou).first
+  def ldap_entry(reload: false)
+    return @ldap_entry if defined?(@ldap_entry) && !reload
+    @ldap_entry = ldap.fetch_users(uid: self.cn, ou: self.ou).first
+  end
+
+  def display_name
+    @display_name ||= ldap_entry[:display_name]
   end
 
   def services_enabled
@@ -133,12 +151,6 @@ class User < ApplicationRecord
     ldap.delete_attribute(dn,:service)
   end
 
-  def exchange_xmpp_contact_with_inviter
-    return unless inviter.services_enabled.include?("ejabberd") &&
-                  services_enabled.include?("ejabberd")
-    XmppExchangeContactsJob.perform_later(inviter, self.cn, self.ou)
-  end
-
   private
 
     def ldap

app/models/user_preferences.rb

@@ -0,0 +1,29 @@
+DEFAULT_PREFS = YAML.load_file("#{Rails.root}/config/default_preferences.yml")
+
+class UserPreferences
+  def self.dump(value)
+    process(value).to_yaml
+  end
+
+  def self.load(string)
+    stored_prefs = YAML.load(string || "{}")
+    DEFAULT_PREFS.merge(stored_prefs).with_indifferent_access
+  end
+
+  def self.is_integer?(value)
+    value.to_i.to_s == value
+  end
+
+  def self.process(hash)
+    hash.each do |key, value|
+      if value == "true"
+        hash[key] = true
+      elsif value == "false"
+        hash[key] = false
+      elsif value.is_a?(String) && is_integer?(value)
+        hash[key] = value.to_i
+      end
+    end
+    hash.stringify_keys!.to_h
+  end
+end

app/services/ejabberd_api_client.rb

@@ -1,6 +1,6 @@
 class EjabberdApiClient
   def initialize
-    @base_url = ENV["EJABBERD_API_URL"]
+    @base_url = Setting.ejabberd_api_url
   end
 
   def post(endpoint, payload)
@@ -10,7 +10,7 @@ class EjabberdApiClient
     if res.status != 200
       Rails.logger.error "[ejabberd] API request failed:"
       Rails.logger.error res.body
-      #TODO add some kind of exception tracking/notifications
+      #TODO Send custom event to Sentry
     end
   end
 
@@ -21,4 +21,9 @@ class EjabberdApiClient
   def send_message(payload)
     post "send_message", payload
   end
+
+  def private_set(user, content)
+    payload = { user: user.cn, host: user.ou, element: content }
+    post "private_set", payload
+  end
 end

app/services/ldap_manager/update_display_name.rb

@@ -0,0 +1,12 @@
+module LdapManager
+  class UpdateDisplayName < LdapManagerService
+    def initialize(dn, display_name)
+      @dn = dn
+      @display_name = display_name
+    end
+
+    def call
+      replace_attribute @dn, :displayName, @display_name
+    end
+  end
+end

app/services/ldap_manager/update_email.rb

@@ -0,0 +1,12 @@
+module LdapManager
+  class UpdateEmail < LdapManagerService
+    def initialize(dn, address)
+      @dn = dn
+      @address = address
+    end
+
+    def call
+      replace_attribute @dn, :mail, @address
+    end
+  end
+end

app/services/ldap_manager_service.rb

@@ -0,0 +1,2 @@
+class LdapManagerService < LdapService
+end

app/services/ldap_service.rb

@@ -50,7 +50,7 @@ class LdapService < ApplicationService
       treebase = ldap_config["base"]
     end
 
-    attributes = %w{dn cn uid mail admin service}
+    attributes = %w{dn cn uid mail displayName admin service}
     filter     = Net::LDAP::Filter.eq("uid", args[:uid] || "*")
 
     entries = ldap_client.search(base: treebase, filter: filter, attributes: attributes)
@@ -59,6 +59,7 @@ class LdapService < ApplicationService
       {
         uid: e.uid.first,
         mail: e.try(:mail) ? e.mail.first : nil,
+        display_name: e.try(:displayName) ? e.displayName.first : nil,
         admin: e.try(:admin) ? 'admin' : nil,
         service: e.try(:service)
       }

app/views/admin/settings/services/_discourse.html.erb

@@ -7,11 +7,46 @@
     title: "Enable Discourse integration",
     description: "Discourse configuration present and features enabled"
   ) %>
-  <% if Setting.discourse_enabled? %>
-    <%= render FormElements::FieldsetComponent.new(title: "Public URL") do %>
-      <%= f.text_field :discourse_public_url,
-        value: Setting.discourse_public_url,
-        class: "w-full", disabled: true %>
-    <% end %>
+<% if Setting.discourse_enabled? %>
+  <%= render FormElements::FieldsetComponent.new(title: "Public URL") do %>
+    <%= f.text_field :discourse_public_url,
+      value: Setting.discourse_public_url,
+      class: "w-full", disabled: true %>
   <% end %>
+  <%= render FormElements::FieldsetComponent.new(title: "Connect secret") do %>
+    <%= f.password_field :discourse_connect_secret,
+      value: Setting.discourse_connect_secret,
+      class: "w-full", disabled: true %>
+  <% end %>
+<% end %>
 </ul>
+<% if Setting.discourse_enabled? %>
+  <% content_for :documentation do %>
+    <h3 class="mt-8">How to configure Discourse</h3>
+    <ol class="list-decimal list-inside">
+    <li class="mb-6">
+      Set the <strong>Discourse Connect URL</strong> to the following URL:
+    </li>
+    <li data-controller="clipboard" class="mb-6 flex gap-1">
+      <input type="text" class="grow" disabled="disabled"
+             value="https://<%= Setting.accounts_domain %>/discourse/connect"
+             data-clipboard-target="source" />
+      <button class="btn-md btn-icon btn-blue shrink-0"
+              data-clipboard-target="trigger" data-action="clipboard#copy"
+              title="Copy to clipboard">
+        <span class="content-initial">
+          <%= render partial: "icons/copy", locals: { custom_class: "text-white h-4 w-4 inline" } %>
+        </span>
+        <span class="content-active hidden">
+          <%= render partial: "icons/check", locals: { custom_class: "text-white h-4 w-4 inline" } %>
+        </span>
+      </button>
+    </li>
+    <li class="mb-6">
+      Set the <strong>Discourse Connect Secret</strong> to the value above.
+    </li>
+    <li>
+      Enable Discourse Connect.
+    </li>
+  <% end %>
+<% end %>

app/views/admin/settings/services/_ejabberd.html.erb

@@ -7,24 +7,43 @@
     title: "Enable ejabberd integration",
     description: "ejabberd configuration present and features enabled"
   ) %>
-  <% if Setting.ejabberd_enabled? %>
-    <%= render FormElements::FieldsetComponent.new(title: "API URL") do %>
-      <%= f.text_field :ejabberd_api_url,
-        value: Setting.ejabberd_api_url,
-        class: "w-full", disabled: true %>
-    <% end %>
-    <%= render FormElements::FieldsetComponent.new(title: "Admin URL") do %>
-      <%= f.text_field :ejabberd_admin_url,
-        value: Setting.ejabberd_admin_url,
-        class: "w-full", disabled: true %>
-    <% end %>
-    <%= render FormElements::FieldsetComponent.new(
-          title: "Contact roster name",
-          description: "Used when exchanging contacts after signup from invitation"
-        ) do %>
-      <%= f.text_field :ejabberd_buddy_roster,
-        value: Setting.ejabberd_buddy_roster,
-        class: "w-full" %>
-    <% end %>
+<% if Setting.ejabberd_enabled? %>
+  <%= render FormElements::FieldsetComponent.new(title: "API URL") do %>
+    <%= f.text_field :ejabberd_api_url,
+      value: Setting.ejabberd_api_url,
+      class: "w-full", disabled: true %>
+  <% end %>
+  <%= render FormElements::FieldsetComponent.new(title: "Admin URL") do %>
+    <%= f.text_field :ejabberd_admin_url,
+      value: Setting.ejabberd_admin_url,
+      class: "w-full", disabled: true %>
   <% end %>
 </ul>
+<h3 class="mt-10">User default settings</h3>
+<ul role="list">
+  <%= render FormElements::FieldsetComponent.new(
+        title: "Default rooms",
+        description: "Add these default rooms to new users' bookmarks"
+      ) do %>
+    <%= f.text_area :xmpp_default_rooms,
+          value: Setting.xmpp_default_rooms.join("\n"),
+          placeholder: "Welcome <welcome@kosmos.chat>\nKosmos <kosmos@kosmos.chat>",
+          class: "h-24 w-full" %>
+  <% end %>
+  <%= render FormElements::FieldsetToggleComponent.new(
+    form: f,
+    attribute: :xmpp_autojoin_default_rooms,
+    enabled: Setting.xmpp_autojoin_default_rooms?,
+    title: "Auto-join default rooms",
+    description: "Automatically join above default rooms in chat clients"
+  ) %>
+  <%= render FormElements::FieldsetComponent.new(
+        title: "Contact roster name",
+        description: "Used when exchanging contacts after signup from invitation"
+      ) do %>
+    <%= f.text_field :ejabberd_buddy_roster,
+      value: Setting.ejabberd_buddy_roster,
+      class: "w-full" %>
+  <% end %>
+<% end %>
+</ul>

app/views/admin/settings/services/_remotestorage.html.erb

@@ -0,0 +1,17 @@
+<h3>RemoteStorage</h3>
+<ul role="list">
+  <%= render FormElements::FieldsetToggleComponent.new(
+    form: f,
+    attribute: :remotestorage_enabled,
+    enabled: Setting.remotestorage_enabled?,
+    title: "Enable RemoteStorage integration",
+    description: "RemoteStorage configuration present and features enabled"
+  ) %>
+  <% if Setting.remotestorage_enabled? %>
+    <%= render FormElements::FieldsetComponent.new(title: "Storage URL") do %>
+      <%= f.text_field :rs_storage_url,
+        value: Setting.rs_storage_url,
+        class: "w-full", disabled: true %>
+    <% end %>
+  <% end %>
+</ul>

app/views/admin/settings/services/index.html.erb

@@ -20,4 +20,10 @@
       </p>
     </section>
   <% end %>
+
+  <% if content_for?(:documentation) %>
+  <section>
+    <%= yield :documentation %>
+  </section>
+  <% end %>
 <% end %>

app/views/admin/users/show.html.erb

@@ -6,6 +6,10 @@
       <h3>Account</h3>
       <table class="divided">
         <tbody>
+          <tr>
+            <th>ID</th>
+            <td><%= @user.id %></td>
+          </tr>
           <tr>
             <th>Created at</th>
             <td><%= @user.created_at.strftime("%Y-%m-%d (%H:%M UTC)") %></td>
@@ -135,7 +139,7 @@
           <td>XMPP (ejabberd)</td>
           <td>
             <%= render FormElements::ToggleComponent.new(
-              enabled: @services_enabled.include?("ejabberd"),
+              enabled: @services_enabled.include?("xmpp"),
               input_enabled: false
             ) %>
           </td>

app/views/dashboard/index.html.erb

@@ -43,9 +43,9 @@
       <div class="border border-gray-300 rounded-md hover:border-gray-400
                   bg-cover bg-center sm:bg-[center_top_-140px] bg-no-repeat
                   bg-[url(/img/logos/icon_lightning.svg)]">
-        <%= link_to wallet_path,
+        <%= link_to services_lightning_index_path,
               class: "block h-full px-6 py-6 rounded-md" do %>
-          <h3 class="mb-3.5">Wallet</h3>
+          <h3 class="mb-3.5">Lightning Network</h3>
           <p class="text-gray-600">
             Send and receive sats over the Bitcoin Lightning Network
           </p>
@@ -73,6 +73,17 @@
           </p>
         <% end %>
       </div>
+      <% if Setting.remotestorage_enabled? && Flipper.enabled?(:remotestorage, current_user) %>
+        <div class="border border-gray-300 rounded-md hover:border-gray-400">
+          <%= link_to services_storage_path,
+                class: "block h-full px-6 py-6 rounded-md" do %>
+            <h3 class="mb-3.5">Storage</h3>
+            <p class="text-gray-600">
+              Sync your data between apps and devices
+            </p>
+          <% end %>
+        </div>
+      <% end %>
       <!-- <div class="border border&#45;gray&#45;300 rounded&#45;md hover:border&#45;gray&#45;400 -->
       <!--             bg&#45;[length:80%] bg&#45;[right_top_&#45;30px] bg&#45;no&#45;repeat -->
       <!--             bg&#45;[url(/img/logos/icon_mastodon.svg)]"> -->

app/views/devise/mailer/confirmation_instructions.html.erb

@@ -1,5 +1,5 @@
-<p>Welcome <%= @email %>!</p>
+<p>Welcome <%= @resource.cn %>!</p>
 
-<p>You can confirm your account email through the link below:</p>
+<p>Please confirm your email address through the link below:</p>
 
 <p><%= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token) %></p>

app/views/devise/mailer/email_changed.html.erb

@@ -1,4 +1,4 @@
-<p>Hello <%= @email %>!</p>
+<p>Hello <%= @resource.cn %>!</p>
 
 <% if @resource.try(:unconfirmed_email?) %>
   <p>We're contacting you to notify you that your email is being changed to <%= @resource.unconfirmed_email %>.</p>

app/views/devise/mailer/password_change.html.erb

@@ -1,3 +1,3 @@
-<p>Hello <%= @resource.email %>!</p>
+<p>Hello <%= @resource.cn %>!</p>
 
 <p>We're contacting you to notify you that your password has been changed.</p>

app/views/devise/mailer/reconfirmation_instructions.html.erb

@@ -0,0 +1,5 @@
+<p>Hello <%= @resource.cn %>,</p>
+
+<p>Please confirm your new email address through the link below:</p>
+
+<p><%= link_to 'Confirm my address', confirmation_url(@resource, confirmation_token: @token) %></p>

app/views/devise/mailer/reset_password_instructions.html.erb

@@ -1,4 +1,4 @@
-<p>Hello <%= @resource.email %>!</p>
+<p>Hello <%= @resource.cn %>!</p>
 
 <p>Someone has requested a link to change your password. You can do this through the link below.</p>
 

app/views/devise/mailer/unlock_instructions.html.erb

@@ -1,4 +1,4 @@
-<p>Hello <%= @resource.email %>!</p>
+<p>Hello <%= @resource.cn %>!</p>
 
 <p>Your account has been locked due to an excessive number of unsuccessful sign in attempts.</p>
 

app/views/devise/sessions/new.html.erb

@@ -1,7 +1,13 @@
+<%
+  # TODO remove when https://github.com/hotwired/turbo/issues/203 is fixed
+  enable_turbo = !session[:user_return_to].match?('/discourse/connect')
+%>
+
 <%= render HeaderCompactComponent.new(title: "Log in") %>
 
 <%= render MainCompactComponent.new do %>
-  <%= form_for(resource, as: resource_name, url: session_path(resource_name)) do |f| %>
+  <%= form_for(resource, as: resource_name, url: session_path(resource_name),
+                         data: { turbo: enable_turbo.to_s }) do |f| %>
     <%= render "devise/shared/error_messages", resource: resource %>
     <div class="mb-6">
       <%= f.label :cn, 'User', class: 'block mb-2 font-bold' %>

app/views/icons/_bell.html.erb

@@ -1 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-bell"><path d="M18 8A6 6 0 0 0 6 8c0 7-3 9-3 9h18s-3-2-3-9"></path><path d="M13.73 21a2 2 0 0 1-3.46 0"></path></svg>
+<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-bell <%= custom_class %>"><path d="M18 8A6 6 0 0 0 6 8c0 7-3 9-3 9h18s-3-2-3-9"></path><path d="M13.73 21a2 2 0 0 1-3.46 0"></path></svg>

app/views/icons/_edit-2.html.erb

@@ -1 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-edit-2"><path d="M17 3a2.828 2.828 0 1 1 4 4L7.5 20.5 2 22l1.5-5.5L17 3z"></path></svg>
+<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-edit-2 <%= custom_class %>"><path d="M17 3a2.828 2.828 0 1 1 4 4L7.5 20.5 2 22l1.5-5.5L17 3z"></path></svg>

app/views/icons/_edit-3.html.erb

@@ -1 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-edit-3"><path d="M12 20h9"></path><path d="M16.5 3.5a2.121 2.121 0 0 1 3 3L7 19l-4 1 1-4L16.5 3.5z"></path></svg>
+<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-edit-3 <%= custom_class %>"><path d="M12 20h9"></path><path d="M16.5 3.5a2.121 2.121 0 0 1 3 3L7 19l-4 1 1-4L16.5 3.5z"></path></svg>

app/views/icons/_edit.html.erb

@@ -1 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-edit"><path d="M11 4H4a2 2 0 0 0-2 2v14a2 2 0 0 0 2 2h14a2 2 0 0 0 2-2v-7"></path><path d="M18.5 2.5a2.121 2.121 0 0 1 3 3L12 15l-4 1 1-4 9.5-9.5z"></path></svg>
+<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-edit <%= custom_class %>"><path d="M11 4H4a2 2 0 0 0-2 2v14a2 2 0 0 0 2 2h14a2 2 0 0 0 2-2v-7"></path><path d="M18.5 2.5a2.121 2.121 0 0 1 3 3L12 15l-4 1 1-4 9.5-9.5z"></path></svg>

app/views/icons/_message-circle.html.erb

@@ -1 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-message-circle"><path d="M21 11.5a8.38 8.38 0 0 1-.9 3.8 8.5 8.5 0 0 1-7.6 4.7 8.38 8.38 0 0 1-3.8-.9L3 21l1.9-5.7a8.38 8.38 0 0 1-.9-3.8 8.5 8.5 0 0 1 4.7-7.6 8.38 8.38 0 0 1 3.8-.9h.5a8.48 8.48 0 0 1 8 8v.5z"></path></svg>
+<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-message-circle <%= custom_class %>"><path d="M21 11.5a8.38 8.38 0 0 1-.9 3.8 8.5 8.5 0 0 1-7.6 4.7 8.38 8.38 0 0 1-3.8-.9L3 21l1.9-5.7a8.38 8.38 0 0 1-.9-3.8 8.5 8.5 0 0 1 4.7-7.6 8.38 8.38 0 0 1 3.8-.9h.5a8.48 8.48 0 0 1 8 8v.5z"></path></svg>

app/views/notification_mailer/lightning_sats_received.text.erb

@@ -0,0 +1,3 @@
+You just received <%= number_with_delimiter @amount_sats %> sats in your Lightning account (<%= @user.address %>). Check your wallet app, or open the account page for details:
+
+<%= transactions_services_lightning_index_url %>

app/views/services/lightning/index.html.erb

@@ -1,9 +1,9 @@
-<%= render HeaderComponent.new(title: "Wallet") %>
+<%= render HeaderComponent.new(title: "Lightning Network") %>
 
 <%= render MainSimpleComponent.new do %>
   <%= render WalletSummaryComponent.new(balance: @balance) %>
 
-  <%= render partial: "shared/tabnav_wallet" %>
+  <%= render partial: "shared/tabnav_lightning" %>
 
   <section>
     <h3>Lightning Address</h3>

app/views/services/lightning/transactions.html.erb

@@ -1,9 +1,9 @@
-<%= render HeaderComponent.new(title: "Wallet") %>
+<%= render HeaderComponent.new(title: "Lightning Network") %>
 
 <%= render MainSimpleComponent.new do %>
   <%= render WalletSummaryComponent.new(balance: @balance) %>
 
-  <%= render partial: "shared/tabnav_wallet" %>
+  <%= render partial: "shared/tabnav_lightning" %>
 
   <section>
     <h3 class="hidden">Transactions</h3>
@@ -27,7 +27,7 @@
             <p class="col-span-2 md:col-span-1 mb-0 text-right">
               <span class="text-xl font-mono <%= tx["received"] ? "text-emerald-600" : "" %>">
                 <%= tx["received"] ? "+" : "" %><%= number_with_delimiter tx["amount_sats"]  %>
-                <span class="hidden md:inline">sats</span>
+                <span class="text-base md:text-lg">sats</span>
               </span>
             </p>
             <p class="col-span-4 md:col-span-3 mb-0 text-gray-500">
@@ -35,7 +35,10 @@
             </p>
             <p class="col-span-4 md:col-span-1 md:text-right mb-0">
               <span class="col-span-2 md:col-span-1 text-sm text-gray-500">
-                <%= tx["datetime"].strftime("%B %e, %H:%M") %>
+                <%= tx["datetime"].strftime("%B %e, %H:%M") -%>
+                <% if tx["fee"] && (tx["fee"] > 0) %>
+                  ~ Fee: <%= pluralize tx["fee"], "sat" %>
+                <% end %>
               </span>
             </p>
           </li>

app/views/services/remotestorage/dashboard.html.erb

@@ -0,0 +1,7 @@
+<%= render HeaderComponent.new(title: "Storage") %>
+
+<%= render MainSimpleComponent.new do %>
+  <section>
+    <h3>Feature enabled</h3>
+  </section>
+<% end %>

app/views/settings/_account.html.erb

@@ -0,0 +1,50 @@
+<%= tag.section data: {
+      controller: "settings--account--email",
+      "settings--account--email-validation-failed-value": @validation_errors.present?
+    } do %>
+  <h3>E-Mail</h3>
+  <%= form_for(@user, url: update_email_settings_path, method: "post") do |f| %>
+    <%= hidden_field_tag :section, "account" %>
+    <p class="mb-2">
+      <%= f.label :email, 'Address', class: 'font-bold' %>
+    </p>
+    <p class="mb-2 flex gap-1 sm:w-3/5">
+      <%= f.email_field :email, class: "grow", data: {
+            'settings--account--email-target': 'emailField'
+          }, required: true %>
+      <button type="button" id="edit-email"
+              class="btn-md btn-icon btn-blue shrink-0 hidden initial-visible"
+              data-settings--account--email-target="editEmailButton"
+              data-action="settings--account--email#editEmail"
+              title="Edit email address">
+        <span class="">
+          <%= render partial: "icons/edit-3", locals: {
+                custom_class: "text-white h-4 w-4 inline" } %>
+        </span>
+      </button>
+    </p>
+    <% if @validation_errors.present? && @validation_errors[:email].present? %>
+      <p class="error-msg"><%= @validation_errors[:email].first %></p>
+    <% end %>
+    <div class="initial-hidden">
+      <p class="mt-4 mb-2">
+        <%= f.label :current_password, 'Current password', class: 'font-bold' %>
+      </p>
+      <p class="sm:w-3/5">
+        <%= f.password_field :current_password, class: "w-full", required: true %>
+      </p>
+      <p class="mt-6">
+        <%= f.submit "Update", class: "btn-md btn-blue w-full md:w-auto" %>
+      </p>
+    </div>
+  <% end %>
+<% end %>
+<section>
+  <h3>Password</h3>
+  <p class="mb-8">Use the following button to request an email with a password reset link:</p>
+  <%= form_with(url: reset_password_settings_path, method: :post) do %>
+    <p>
+      <%= submit_tag("Send me a password reset link", class: 'btn-md btn-gray w-full sm:w-auto') %>
+    </p>
+  <% end %>
+</section>

app/views/settings/_lightning.html.erb

@@ -0,0 +1,25 @@
+<%= form_for @user, url: setting_path(:lightning), html: { :method => :put } do |f| %>
+<section>
+  <h3>Notifications</h3>
+  <ul role="list">
+    <%= render FormElements::FieldsetComponent.new(
+      positioning: :horizontal,
+      title: "Sats received",
+      description: "Notify me when sats are sent to my Lightning Address"
+    ) do %>
+      <% f.fields_for :preferences do |p| %>
+        <%= p.select :lightning_notify_sats_received, options_for_select([
+          ["off", "disabled"],
+          ["Chat (Jabber)", "xmpp"],
+          ["E-Mail", "email"]
+        ], selected: @user.preferences[:lightning_notify_sats_received]) %>
+      <% end %>
+    <% end %>
+  </ul>
+</section>
+<section>
+  <p class="pt-6 border-t border-gray-200 text-right">
+    <%= f.submit 'Save', class: "btn-md btn-blue w-full md:w-auto" %>
+  </p>
+</section>
+<% end %>

app/views/settings/_notifications.html.erb

@@ -0,0 +1,16 @@
+<section>
+  <h3>Lightning Wallet</h3>
+
+  <ul role="list">
+    <%= render FormElements::FieldsetComponent.new(
+      positioning: :horizontal,
+      title: "Sats received",
+      description: "Notify when sats are sent to my Lightning Address"
+    ) do %>
+    <%= select_tag :sats_received, options_for_select([
+      ["off", "off"],
+      ["Chat (Jabber)", "xmpp"]
+    ]) %>
+    <% end %>
+  </ul>
+</section>

app/views/settings/_profile.html.erb

@@ -0,0 +1,35 @@
+<section>
+  <h3>Profile</h3>
+  <p class="mb-2">
+    <%= label :user_address, 'User address', class: 'font-bold' %>
+  </p>
+  <p data-controller="clipboard" class="flex gap-1 mb-2 sm:w-3/5">
+    <input type="text" id="user_address" class="grow"
+           value=<%= @user.address %> disabled="disabled"
+           data-clipboard-target="source" />
+    <button id="copy-user-address" class="btn-md btn-icon btn-blue shrink-0"
+            data-clipboard-target="trigger" data-action="clipboard#copy"
+            title="Copy to clipboard">
+      <span class="content-initial">
+        <%= render partial: "icons/copy", locals: { custom_class: "text-white h-4 w-4 inline" } %>
+      </span>
+      <span class="content-active hidden">
+        <%= render partial: "icons/check", locals: { custom_class: "text-white h-4 w-4 inline" } %>
+      </span>
+    </button>
+  </p>
+  <p class="text-sm text-gray-500">
+    Your user address for Chat and Lightning Network.
+  </p>
+  <%= form_for(@user, url: setting_path(:profile), html: { :method => :put }) do |f| %>
+    <%= render FormElements::FieldsetComponent.new(tag: "div", title: "Display name") do %>
+      <%= f.text_field :display_name, class: "w-full sm:w-3/5 mb-2" %>
+      <% if @validation_errors.present? && @validation_errors[:display_name].present? %>
+        <p class="error-msg"><%= @validation_errors[:display_name].first %></p>
+      <% end %>
+    <% end %>
+    <p class="mt-8 pt-6 border-t border-gray-200 text-right">
+      <%= f.submit 'Save', class: "btn-md btn-blue w-full md:w-auto" %>
+    </p>
+  <% end %>
+</section>

app/views/settings/_xmpp.html.erb

@@ -0,0 +1,18 @@
+<%= form_for @user, url: setting_path(:xmpp), html: { :method => :put } do |f| %>
+<section>
+  <h3>Contacts</h3>
+  <ul role="list">
+    <%= render FormElements::FieldsetToggleComponent.new(
+      field_name: "user[preferences][xmpp_exchange_contacts_with_invitees]",
+      enabled: @user.preferences[:xmpp_exchange_contacts_with_invitees],
+      title: "Exchange contacts when invited user signs up",
+      description: "Add each others contacts, so you can chat with them immediately"
+    ) %>
+  </ul>
+</section>
+<section>
+  <p class="pt-6 border-t border-gray-200 text-right">
+    <%= f.submit 'Save', class: "btn-md btn-blue w-full md:w-auto" %>
+  </p>
+</section>
+<% end %>

app/views/settings/account/index.html.erb

@@ -1,23 +0,0 @@
-<%= render HeaderComponent.new(title: "Settings") %>
-
-<%= render MainWithSidenavComponent.new(sidenav_partial: 'shared/sidenav_settings') do %>
-  <section>
-    <h3>E-Mail</h3>
-    <p class="mb-2">
-      <%= label :email, 'Address', class: 'font-bold' %>
-    </p>
-    <p class="flex gap-1 mb-2 sm:w-3/5">
-      <input type="text" id="email" class="grow"
-             value=<%= current_user.email %> disabled="disabled" />
-    </p>
-  </section>
-  <section>
-    <h3>Password</h3>
-    <p class="mb-8">Use the following button to request an email with a password reset link:</p>
-    <%= form_with(url: settings_reset_password_path, method: :post) do %>
-      <p>
-        <%= submit_tag("Send me a password reset link", class: 'btn-md btn-gray w-full sm:w-auto') %>
-      </p>
-    <% end %>
-  </section>
-<% end %>

app/views/settings/profile/index.html.erb

@@ -1,34 +0,0 @@
-<%= render HeaderComponent.new(title: "Settings") %>
-
-<%= render MainWithSidenavComponent.new(sidenav_partial: 'shared/sidenav_settings') do %>
-  <section>
-    <h3>Profile</h3>
-    <p class="mb-2">
-      <%= label :user_address, 'User address', class: 'font-bold' %>
-    </p>
-    <p data-controller="clipboard" class="flex gap-1 mb-2 sm:w-3/5">
-      <input type="text" id="user_address" class="grow"
-             value=<%= @user.address %> disabled="disabled"
-             data-clipboard-target="source" />
-      <button id="copy-user-address" class="btn-md btn-icon btn-blue shrink-0"
-              data-clipboard-target="trigger" data-action="clipboard#copy"
-              title="Copy to clipboard">
-        <span class="content-initial">
-          <%= render partial: "icons/copy", locals: { custom_class: "text-white h-4 w-4 inline" } %>
-        </span>
-        <span class="content-active hidden">
-          <%= render partial: "icons/check", locals: { custom_class: "text-white h-4 w-4 inline" } %>
-        </span>
-      </button>
-    </p>
-    <p class="text-sm text-gray-500">
-      Your user address for Chat and Lightning Network.
-    </p>
-
-    <%# <%= form_for(@user, as: "profile", url: settings_profile_path) do |f| %>
-    <%#   <p class="mt-8">
-    <%#     <%= f.submit "Save changes", class: 'btn-md btn-blue w-full sm:w-auto' %>
-    <%#   </p>
-    <%# <% end %>
-  </section>
-<% end %>

app/views/settings/show.html.erb

@@ -0,0 +1,5 @@
+<%= render HeaderComponent.new(title: "Settings") %>
+
+<%= render MainWithSidenavComponent.new(sidenav_partial: 'shared/sidenav_settings') do %>
+  <%= render partial: @settings_section %>
+<% end %>

app/views/shared/_admin_sidenav_settings_services.html.erb

@@ -47,3 +47,10 @@
   icon: Setting.nostr_enabled? ? "check" : "x",
   active: current_page?(admin_settings_services_path(params: { s: "nostr" })),
 ) %>
+<%= render SidenavLinkComponent.new(
+  level: 2,
+  name: "RemoteStorage",
+  path: admin_settings_services_path(params: { s: "remotestorage" }),
+  icon: Setting.remotestorage_enabled? ? "check" : "x",
+  active: current_page?(admin_settings_services_path(params: { s: "remotestorage" })),
+) %>

app/views/shared/_main_nav.html.erb

@@ -1,10 +1,8 @@
 <%= link_to "Services", root_path,
-      class: main_nav_class(@current_section, :dashboard) %>
-<%= link_to "Contributions", contributions_donations_path,
-      class: main_nav_class(@current_section, :contributions) %>
+      class: main_nav_class(@current_section, :services) %>
 <%= link_to "Invitations", invitations_path,
       class: main_nav_class(@current_section, :invitations) %>
-<%= link_to "Wallet", wallet_path,
-      class: main_nav_class(@current_section, :wallet) %>
-<%= link_to "Settings", settings_profile_path,
+<%= link_to "Contributions", contributions_donations_path,
+      class: main_nav_class(@current_section, :contributions) %>
+<%= link_to "Settings", settings_path,
       class: main_nav_class(@current_section, :settings) %>

app/views/shared/_sidenav_settings.html.erb

@@ -1,11 +1,20 @@
 <%= render SidenavLinkComponent.new(
-  name: "Profile", path: settings_profile_path, icon: "user",
-  active: current_page?(settings_profile_path)
+  name: "Profile", path: setting_path(:profile), icon: "user",
+  active: @settings_section.to_s == "profile"
 ) %>
 <%= render SidenavLinkComponent.new(
-  name: "Account", path: settings_account_path, icon: "key",
-  active: current_page?(settings_account_path)
+  name: "Account", path: setting_path(:account), icon: "key",
+  active: @settings_section.to_s == "account"
 ) %>
+<% if Setting.ejabberd_enabled %>
 <%= render SidenavLinkComponent.new(
-  name: "Security", path: "#", icon: "shield", disabled: true
+  name: "Chat", path: setting_path(:xmpp), icon: "message-circle",
+  active: @settings_section.to_s == "xmpp"
 ) %>
+<% end %>
+<% if Setting.lndhub_enabled %>
+<%= render SidenavLinkComponent.new(
+  name: "Lightning", path: setting_path(:lightning), icon: "zap",
+  active: @settings_section.to_s == "lightning"
+) %>
+<% end %>

app/views/shared/_tabnav_lightning.html.erb

@@ -0,0 +1,14 @@
+<section>
+  <div class="border-b border-gray-200">
+    <nav class="-mb-px flex" aria-label="Tabs">
+      <%= render TabnavLinkComponent.new(
+        name: "Info", path: services_lightning_index_path,
+        active: current_page?(services_lightning_index_path)
+      ) %>
+      <%= render TabnavLinkComponent.new(
+        name: "Transactions", path: transactions_services_lightning_index_path,
+        active: current_page?(transactions_services_lightning_index_path)
+      ) %>
+    </nav>
+  </div>
+</section>

app/views/shared/_tabnav_wallet.html.erb

@@ -1,14 +0,0 @@
-<section>
-  <div class="border-b border-gray-200">
-    <nav class="-mb-px flex" aria-label="Tabs">
-      <%= render TabnavLinkComponent.new(
-        name: "Info", path: wallet_path,
-        active: current_page?(wallet_path)
-      ) %>
-      <%= render TabnavLinkComponent.new(
-        name: "Transactions", path: wallet_transactions_path,
-        active: current_page?(wallet_transactions_path)
-      ) %>
-    </nav>
-  </div>
-</section>

config/default_preferences.yml

@@ -0,0 +1,2 @@
+lightning_notify_sats_received: disabled # or xmpp, email
+xmpp_exchange_contacts_with_invitees: true

config/environments/production.rb

@@ -62,6 +62,11 @@ Rails.application.configure do
   outgoing_email_address = ENV.fetch('SMTP_FROM_ADDRESS', 'accounts@localhost')
   outgoing_email_domain  = Mail::Address.new(outgoing_email_address).domain
 
+  config.action_mailer.default_url_options = {
+    host: ENV['AKKOUNTS_DOMAIN'],
+    protocol: "https",
+  }
+
   config.action_mailer.default_options = {
     from: outgoing_email_address,
     message_id: -> { "<#{Mail.random_tag}@#{outgoing_email_domain}>" },

config/initializers/field_with_errors.rb

@@ -0,0 +1,9 @@
+ActionView::Base.field_error_proc = Proc.new do |html_tag, instance|
+  if html_tag.match('class')
+    html_tag.gsub(/class="(.*?)"/, 'class="\1 field_with_errors"').html_safe
+  else
+    parts = html_tag.split('>', 2)
+    parts[0] += ' class="field_with_errors">'
+    (parts[0] + parts[1]).html_safe
+  end
+end

config/locales/devise.en.yml

@@ -3,7 +3,7 @@
 en:
   devise:
     confirmations:
-      confirmed: "Thanks for confirming your email address! Your account has been activated."
+      confirmed: "Thanks for confirming your email address."
       send_instructions: "You will receive an email with instructions for how to confirm your email address in a moment."
       send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions for how to confirm your email address in a few minutes."
     failure:

config/routes.rb

@@ -1,7 +1,7 @@
 require 'sidekiq/web'
 
 Rails.application.routes.draw do
-  devise_for :users, controllers: { confirmations: "users/confirmations" }
+  devise_for :users, controllers: { confirmations: 'users/confirmations' }
 
   get 'welcome', to: 'welcome#index'
   get 'check_your_email', to: 'welcome#check_your_email'
@@ -10,13 +10,6 @@ Rails.application.routes.draw do
   match 'signup/:step', to: 'signup#steps', as: :signup_steps, via: [:get, :post]
   post 'signup_validate', to: 'signup#validate'
 
-  namespace :settings do
-    get 'profile', to: 'profile#index'
-    post 'profile', to: 'profile#update'
-    get 'account', to: 'account#index'
-    post 'reset_password', to: 'account#reset_password'
-  end
-
   namespace :contributions do
     root to: 'donations#index'
     get 'projects', to: 'projects#index'
@@ -25,8 +18,22 @@ Rails.application.routes.draw do
 
   resources :invitations, only: ['index', 'show', 'create', 'destroy']
 
-  get 'wallet', to: 'wallet#index'
-  get 'wallet/transactions', to: 'wallet#transactions'
+  namespace :services do
+    get 'storage', to: 'remotestorage#dashboard'
+
+    resources :lightning, only: [:index] do
+      collection do
+        get 'transactions'
+      end
+    end
+  end
+
+  resources :settings, param: 'section', only: ['index', 'show', 'update'] do
+    collection do
+      post 'update_email'
+      post 'reset_password'
+    end
+  end
 
   get 'lnurlpay/:address', to: 'lnurlpay#index',
     as: 'lightning_address', constraints: { address: /[^\/]+/}
@@ -54,13 +61,20 @@ Rails.application.routes.draw do
     end
   end
 
+  get ".well-known/webfinger", to: 'webfinger#show'
+
+  namespace :discourse do
+    get "connect", to: 'sso#connect'
+  end
+
   authenticate :user, ->(user) { user.is_admin? } do
-    mount Sidekiq::Web => '/sidekiq'
+    mount Sidekiq::Web, at: '/sidekiq'
+    mount Flipper::UI.app(Flipper), at: '/flipper'
   end
 
   # Letter Opener (open "sent" emails in dev and staging)
   if Rails.env.match(/staging|development/)
-    mount LetterOpenerWeb::Engine, at: "letter_opener"
+    mount LetterOpenerWeb::Engine, at: '/letter_opener'
   end
 
   root to: 'dashboard#index'

db/migrate/20230403135149_add_preferences_to_users.rb

@@ -0,0 +1,5 @@
+class AddPreferencesToUsers < ActiveRecord::Migration[7.0]
+  def change
+    add_column :users, :preferences, :text
+  end
+end

db/migrate/20230523120753_create_flipper_tables.rb

@@ -0,0 +1,22 @@
+class CreateFlipperTables < ActiveRecord::Migration[7.0]
+  def self.up
+    create_table :flipper_features do |t|
+      t.string :key, null: false
+      t.timestamps null: false
+    end
+    add_index :flipper_features, :key, unique: true
+
+    create_table :flipper_gates do |t|
+      t.string :feature_key, null: false
+      t.string :key, null: false
+      t.string :value
+      t.timestamps null: false
+    end
+    add_index :flipper_gates, [:feature_key, :key, :value], unique: true
+  end
+
+  def self.down
+    drop_table :flipper_gates
+    drop_table :flipper_features
+  end
+end

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.0].define(version: 2023_03_19_101128) do
+ActiveRecord::Schema[7.0].define(version: 2023_05_23_120753) do
   create_table "donations", force: :cascade do |t|
     t.integer "user_id"
     t.integer "amount_sats"
@@ -23,6 +23,22 @@ ActiveRecord::Schema[7.0].define(version: 2023_03_19_101128) do
     t.index ["user_id"], name: "index_donations_on_user_id"
   end
 
+  create_table "flipper_features", force: :cascade do |t|
+    t.string "key", null: false
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["key"], name: "index_flipper_features_on_key", unique: true
+  end
+
+  create_table "flipper_gates", force: :cascade do |t|
+    t.string "feature_key", null: false
+    t.string "key", null: false
+    t.string "value"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["feature_key", "key", "value"], name: "index_flipper_gates_on_feature_key_and_key_and_value", unique: true
+  end
+
   create_table "invitations", force: :cascade do |t|
     t.string "token"
     t.integer "user_id"
@@ -57,8 +73,10 @@ ActiveRecord::Schema[7.0].define(version: 2023_03_19_101128) do
     t.text "ln_login_ciphertext"
     t.text "ln_password_ciphertext"
     t.string "ln_account"
+    t.string "nostr_pubkey"
     t.datetime "remember_created_at"
     t.string "remember_token"
+    t.text "preferences"
     t.index ["email"], name: "index_users_on_email", unique: true
     t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
   end

package.json

@@ -11,7 +11,7 @@
     "postcss-preset-env": "^7.8.3",
     "tailwindcss": "^3.2.4"
   },
-  "version": "0.5.0",
+  "version": "0.6.0",
   "scripts": {
     "build:css:tailwind": "tailwindcss --postcss -i ./app/assets/stylesheets/application.tailwind.css -o ./app/assets/builds/application.css",
     "build:css": "yarn run build:css:tailwind"

spec/features/admin/settings_spec.rb

@@ -46,5 +46,26 @@ RSpec.describe 'Admin/global settings', type: :feature do
       expect(page).to_not have_checked_field("setting[ejabberd_enabled]")
       expect(page).to_not have_field("API URL", disabled: true)
     end
+
+    scenario "View remoteStorage settings" do
+      visit admin_settings_services_path(params: { s: "remotestorage" })
+
+      expect(page).to have_content("Enable RemoteStorage integration")
+      expect(page).to have_field("Storage URL",
+        with: "https://storage.kosmos.org",
+        disabled: true)
+    end
+
+    scenario "Disable remoteStorage integration" do
+      visit admin_settings_services_path(params: { s: "remotestorage" })
+      expect(page).to have_checked_field("setting[remotestorage_enabled]")
+
+      uncheck "setting[remotestorage_enabled]"
+      click_button "Save"
+
+      expect(current_url).to eq(admin_settings_services_url(params: { s: "remotestorage" }))
+      expect(page).to_not have_checked_field("setting[remotestorage_enabled]")
+      expect(page).to_not have_field("Storage URL", disabled: true)
+    end
   end
 end

spec/features/settings/account_spec.rb

@@ -0,0 +1,58 @@
+require 'rails_helper'
+
+RSpec.describe 'Account settings', type: :feature do
+  let(:user) { create :user }
+
+  feature "Update email address" do
+    let(:geraint) { create :user, id: 2, cn: 'geraint', email: "lamagliarosa@example.com" }
+
+    before do
+      login_as user, :scope => :user
+      geraint.save!
+
+      allow_any_instance_of(User).to receive(:valid_ldap_authentication?)
+        .with("invalid password").and_return(false)
+      allow_any_instance_of(User).to receive(:valid_ldap_authentication?)
+        .with("valid password").and_return(true)
+    end
+
+    scenario 'fails with invalid password' do
+      visit setting_path(:account)
+      fill_in 'Address', with: "lamagliarosa@example.com"
+      fill_in 'Current password', with: "invalid password"
+      click_button "Update"
+
+      expect(current_url).to eq(setting_url(:account))
+      expect(user.reload.unconfirmed_email).to be_nil
+      within ".flash-msg" do
+        expect(page).to have_content("did not match your current password")
+      end
+    end
+
+    scenario 'fails when new address already taken' do
+      visit setting_path(:account)
+      fill_in 'Address', with: "lamagliarosa@example.com"
+      fill_in 'Current password', with: "valid password"
+      click_button "Update"
+
+      expect(current_url).to eq(setting_url(:update_email))
+      expect(user.reload.unconfirmed_email).to be_nil
+      within ".error-msg" do
+        expect(page).to have_content("has already been taken")
+      end
+    end
+
+    scenario 'works with valid password and address' do
+      visit setting_path(:account)
+      fill_in 'Address', with: "lamagliabianca@example.com"
+      fill_in 'Current password', with: "valid password"
+      click_button "Update"
+
+      expect(current_url).to eq(setting_url(:account))
+      expect(user.reload.unconfirmed_email).to eq("lamagliabianca@example.com")
+      within ".flash-msg" do
+        expect(page).to have_content("Please confirm your new address")
+      end
+    end
+  end
+end

spec/features/settings/profile_spec.rb

@@ -0,0 +1,45 @@
+require 'rails_helper'
+
+RSpec.describe 'Profile settings', type: :feature do
+  let(:user) { create :user, cn: "mwahlberg" }
+
+  before do
+    login_as user, :scope => :user
+  end
+
+  feature "Update display name" do
+    before do
+      allow(user).to receive(:display_name).and_return("Mark")
+      allow_any_instance_of(User).to receive(:dn).and_return("cn=mwahlberg,ou=kosmos.org,cn=users,dc=kosmos,dc=org")
+      allow_any_instance_of(User).to receive(:ldap_entry).and_return({
+        uid: user.cn, ou: user.ou, display_name: "Mark"
+      })
+    end
+
+    scenario 'fails with validation error' do
+      visit setting_path(:profile)
+      fill_in 'Display name', with: "M"
+      click_button "Save"
+
+      expect(current_url).to eq(setting_url(:profile))
+      expect(page).to have_field('Display name', with: 'M')
+      within ".error-msg" do
+        expect(page).to have_content("is too short")
+      end
+    end
+
+    scenario 'works with valid input' do
+      expect(LdapManager::UpdateDisplayName).to receive(:call)
+        .with(user.dn, "Marky Mark").and_return(true)
+
+      visit setting_path(:profile)
+      fill_in 'Display name', with: "Marky Mark"
+      click_button "Save"
+
+      expect(current_url).to eq(setting_url(:profile))
+      within ".flash-msg" do
+        expect(page).to have_content("Settings saved")
+      end
+    end
+  end
+end

spec/features/signup_spec.rb

@@ -53,11 +53,11 @@ RSpec.describe "Signup", type: :feature do
       expect(page).to have_content("Choose a password")
 
       expect(CreateAccount).to receive(:call)
-        .with(
+        .with({
           username: "tony", domain: "kosmos.org",
           email: "tony@example.com", password: "a-valid-password",
           invitation: Invitation.last
-        ).and_return(true)
+        }).and_return(true)
 
       fill_in "user_password", with: "a-valid-password"
       click_button "Create account"
@@ -97,11 +97,11 @@ RSpec.describe "Signup", type: :feature do
       expect(page).to have_content("Password is too short")
 
       expect(CreateAccount).to receive(:call)
-        .with(
+        .with({
           username: "tony", domain: "kosmos.org",
           email: "tony@example.com", password: "a-valid-password",
           invitation: Invitation.last
-        ).and_return(true)
+        }).and_return(true)
 
       fill_in "user_password", with: "a-valid-password"
       click_button "Create account"

spec/jobs/xmpp_exchange_contacts_job_spec.rb

@@ -2,15 +2,18 @@ require 'rails_helper'
 require 'webmock/rspec'
 
 RSpec.describe XmppExchangeContactsJob, type: :job do
-  let(:user) { create :user, cn: "willherschel", ou: "kosmos.org" }
+  let(:user)  { create :user, cn: "willherschel", ou: "kosmos.org" }
+  let(:guest) { create :user, cn: "isaacnewton", ou: "kosmos.org",
+                              id: 2, email: "hotapple42@eol.com" }
 
   subject(:job) {
-    described_class.perform_later(user, 'isaacnewton', 'kosmos.org')
+    described_class.perform_later(user, guest)
   }
 
   before do
     stub_request(:post, "http://xmpp.example.com/api/add_rosteritem")
       .to_return(status: 200, body: "", headers: {})
+    allow_any_instance_of(User).to receive(:services_enabled).and_return(["xmpp"])
   end
 
   it "posts add_rosteritem commands to the ejabberd API" do

spec/jobs/xmpp_set_default_bookmarks_job_spec.rb

@@ -0,0 +1,34 @@
+require 'rails_helper'
+require 'webmock/rspec'
+
+RSpec.describe XmppSetDefaultBookmarksJob, type: :job do
+  let(:user) { create :user, cn: "willherschel", ou: "kosmos.org" }
+
+  before do
+    Setting.xmpp_default_rooms = [
+      "Welcome <welcome@kosmos.chat>",
+      "Kosmos Dev <kosmos-dev@kosmos.chat>"
+    ]
+  end
+
+  subject(:job) {
+    described_class.perform_later(user)
+  }
+
+  before do
+    stub_request(:post, "http://xmpp.example.com/api/private_set")
+      .to_return(status: 200, body: "", headers: {})
+  end
+
+  it "posts a private_set command to the ejabberd API" do
+    perform_enqueued_jobs { job }
+
+    expect(WebMock).to have_requested(:post, "http://xmpp.example.com/api/private_set")
+      .with { |req| req.body == '{"user":"willherschel","host":"kosmos.org","element":"\u003cstorage xmlns=\'storage:bookmarks\'\u003e\u003cconference jid=\'welcome@kosmos.chat\' name=\'Welcome\' autojoin=\'false\'\u003e\u003cnick\u003ewillherschel\u003c/nick\u003e\u003c/conference\u003e\u003cconference jid=\'kosmos-dev@kosmos.chat\' name=\'Kosmos Dev\' autojoin=\'false\'\u003e\u003cnick\u003ewillherschel\u003c/nick\u003e\u003c/conference\u003e\u003c/storage\u003e"}' }
+  end
+
+  after do
+    clear_enqueued_jobs
+    clear_performed_jobs
+  end
+end

spec/models/user_preferences_spec.rb

@@ -0,0 +1,41 @@
+require 'rails_helper'
+
+RSpec.describe UserPreferences, type: :model do
+  let(:default_prefs) { YAML.load_file("#{Rails.root}/config/default_preferences.yml") }
+
+  describe ".load" do
+    it "provides default values when no preferences are stored yet" do
+      expect(UserPreferences.load(nil)).to eq(default_prefs)
+    end
+
+    it "provides default values for unset preferences" do
+      prefs = UserPreferences.load("lightning_notify_sats_received: xmpp")
+      expect(prefs[:lightning_notify_sats_received]).to eq("xmpp")
+      expect(prefs[:xmpp_exchange_contacts_with_invitees]).to eq(true)
+    end
+  end
+
+  describe ".process" do
+    it "turns all keys into strings" do
+      res = UserPreferences.process({ foo: "bar" })
+      expect(res[:foo]).to be(nil)
+      expect(res['foo']).to eq("bar")
+    end
+
+    it "converts value 'true' to boolean" do
+      res = UserPreferences.process({ lightning_notify_sats_received: "true" })
+      expect(res['lightning_notify_sats_received']).to be(true)
+    end
+
+    it "converts value 'false' to boolean" do
+      res = UserPreferences.process({ lightning_notify_sats_received: "false" })
+      expect(res['lightning_notify_sats_received']).to be(false)
+    end
+
+    it "converts value string with integer into integer" do
+      res = UserPreferences.process({ lightning_notify_sats_received_threshold: 1000 })
+      expect(res['lightning_notify_sats_received_threshold']).to be_a(Integer)
+      expect(res['lightning_notify_sats_received_threshold']).to eq(1000)
+    end
+  end
+end

spec/models/user_spec.rb

@@ -101,51 +101,75 @@ RSpec.describe User, type: :model do
     end
   end
 
-  describe "#exchange_xmpp_contact_with_inviter" do
+  describe "#devise_after_confirmation" do
     include ActiveJob::TestHelper
 
-    let(:user) { create :user, cn: "willherschel", ou: "kosmos.org" }
-    let(:guest) { create :user, id: 2, cn: "isaacnewton", ou: "kosmos.org", email: "newt@example.com" }
+    let(:user) { create :user, cn: "willherschel", ou: "kosmos.org", email: "will@hrsch.el" }
 
     before do
-      Invitation.create! user: user, invited_user_id: guest.id, used_at: DateTime.now
-      allow_any_instance_of(User).to receive(:services_enabled).and_return(%w[ ejabberd ])
+      allow(user).to receive(:ldap_entry).and_return({
+        uid: "willherschel", ou: "kosmos.org", mail: "will@hrsch.el"
+      })
     end
 
-    it "enqueues a job to exchange XMPP contacts between inviter and invitee" do
-      guest.send(:exchange_xmpp_contact_with_inviter)
-
-      expect(enqueued_jobs.size).to eq(1)
-      args = enqueued_jobs.first['arguments']
-      expect(args[0]['_aj_globalid']).to match('gid://akkounts/User')
-      expect(args[1]).to eq('isaacnewton')
-      expect(args[2]).to eq('kosmos.org')
-    end
-
-    after do
-      clear_enqueued_jobs
-    end
-  end
-
-  describe "#devise_after_confirmation" do
-    let(:user) { create :user, cn: "willherschel", ou: "kosmos.org" }
+    after { clear_enqueued_jobs }
 
     it "enables default services" do
-      expect(user).to receive(:enable_service).with(%w[ discourse ejabberd gitea mediawiki ])
-      user.send(:devise_after_confirmation)
+      expect(user).to receive(:enable_service).with(%w[ discourse gitea mediawiki xmpp ])
+      user.send :devise_after_confirmation
     end
 
-    context "for invited user with ejabberd enabled" do
+    it "enqueues a job to set default chatroom bookmarks for XMPP" do
+      allow(user).to receive(:enable_service).and_return(true)
+      user.send :devise_after_confirmation
+
+      job = enqueued_jobs.select{|j| j['job_class'] == "XmppSetDefaultBookmarksJob"}.first
+      expect(job['arguments'][0]['_aj_globalid']).to eq('gid://akkounts/User/1')
+    end
+
+    context "for invited user with xmpp enabled" do
       let(:guest) { create :user, id: 2, cn: "isaacnewton", ou: "kosmos.org", email: "newt@example.com" }
 
       before do
         Invitation.create! user: user, invited_user_id: guest.id, used_at: DateTime.now
-        allow_any_instance_of(User).to receive(:enable_service).and_return(true)
+        allow_any_instance_of(User).to receive(:enable_service)
+        allow(guest).to receive(:ldap_entry).and_return({
+          uid: "isaacnewton", ou: "kosmos.org", mail: "newt@example.com"
+        })
       end
 
-      it "exchanges XMPP contacts with the inviter" do
-        expect(guest).to receive(:exchange_xmpp_contact_with_inviter)
-        guest.send(:devise_after_confirmation)
+      it "enqueues jobs to exchange XMPP contacts between inviter and invitee" do
+        guest.send :devise_after_confirmation
+
+        job = enqueued_jobs.select{|j| j['job_class'] == "XmppExchangeContactsJob"}.first
+        expect(job["arguments"][0]['_aj_globalid']).to eq('gid://akkounts/User/1')
+        expect(job["arguments"][1]['_aj_globalid']).to eq('gid://akkounts/User/2')
+      end
+    end
+
+    context "for email address update of existing account" do
+      before do
+        allow(user).to receive(:ldap_entry)
+          .and_return({ uid: "willherschel", ou: "kosmos.org", mail: "willyboy@aol.com" })
+        allow(user).to receive(:dn)
+          .and_return("cn=willherschel,ou=kosmos.org,cn=users,dc=kosmos,dc=org")
+        allow(LdapManager::UpdateEmail).to receive(:call)
+      end
+
+      it "updates the LDAP 'mail' attribute" do
+        expect(LdapManager::UpdateEmail).to receive(:call)
+          .with("cn=willherschel,ou=kosmos.org,cn=users,dc=kosmos,dc=org", "will@hrsch.el")
+        user.send :devise_after_confirmation
+      end
+
+      it "does not re-enable default services" do
+        expect(user).not_to receive(:enable_service)
+        user.send :devise_after_confirmation
+      end
+
+      it "does not enqueue any delayed jobs" do
+        user.send :devise_after_confirmation
+        expect(enqueued_jobs).to be_empty
       end
     end
   end

spec/requests/discourse/sso_spec.rb

@@ -0,0 +1,41 @@
+require 'rails_helper'
+require 'webmock/rspec'
+
+RSpec.describe "Discourse SSO", type: :request do
+
+  describe "GET /discourse/connect" do
+    let(:user) { create :user, cn: 'jimmy', ou: 'kosmos.org' }
+
+    before do
+      Warden.test_mode!
+      login_as user, scope: :user
+      allow(user).to receive(:display_name).and_return('Jimbo')
+      allow(user).to receive(:is_admin?).and_return(false)
+    end
+
+    after do
+      Warden.test_reset!
+    end
+
+    context "with invalid SSO credentials" do
+      it "results in a failed signature check" do
+        expect {
+          get discourse_connect_path(
+            sso: "bm9uY2U9ODk2N2NiMmFlZTdlMjdjNzZiZTNkZWQ5ODIwYzMzN2QmcmV0dXJuX3Nzb191cmw9aHR0cCUzQSUyRiUyRmxvY2FsaG9zdCUzQTMwMDAlMkZzZXNzaW9uJTJGc3NvX2xvZ2lu",
+            sig: "01fc008ff7b51855217e879b6f14aaddefbbd4df2d128951f7bb70cfde834c2a"
+          )
+        }.to raise_error(DiscourseApi::SingleSignOn::ParseError)
+      end
+    end
+
+    context "valid SSO credentials" do
+      it "redirects to the Discourse SSO endpoint" do
+        get discourse_connect_path(
+          sso: "bm9uY2U9YjQwYWZmYzg0YWQ2NWE1ZTk5MjdlZWU1NWEzMjdhMTQmcmV0dXJuX3Nzb191cmw9aHR0cCUzQSUyRiUyRmxvY2FsaG9zdCUzQTMwMDAlMkZzZXNzaW9uJTJGc3NvX2xvZ2lu",
+          sig: "b7905c5db612391293249ad5272dac493681efcd255133f6c2aff91ba654a319"
+        )
+        expect(response).to redirect_to('http://discourse.example.com/session/sso_login?sso=YWRtaW49ZmFsc2UmZW1haWw9amltbXklNDBleGFtcGxlLmNvbSZleHRlcm5hbF9pZD0xJm5hbWU9SmltYm8mbm9uY2U9YjQwYWZmYzg0YWQ2NWE1ZTk5MjdlZWU1NWEzMjdhMTQmcmV0dXJuX3Nzb191cmw9aHR0cCUzQSUyRiUyRmxvY2FsaG9zdCUzQTMwMDAlMkZzZXNzaW9uJTJGc3NvX2xvZ2luJnVzZXJuYW1lPWppbW15&sig=d5f8b1d6db66569bef789fda4a3216119c2d42b84725d043c9a57dde1e528842')
+      end
+    end
+  end
+end

spec/requests/webfinger_spec.rb

@@ -0,0 +1,49 @@
+require 'rails_helper'
+
+RSpec.describe "WebFinger", type: :request do
+  describe "remoteStorage link relation" do
+    context "user exists" do
+      before do
+        create :user, cn: 'tony', ou: 'kosmos.org'
+      end
+
+      context "remoteStorage enabled globally" do
+        it "includes the remoteStorage link for the user" do
+          get "/.well-known/webfinger?resource=acct%3Atony%40kosmos.org"
+          expect(response).to have_http_status(:ok)
+
+          res = JSON.parse(response.body)
+          rs_link = res["links"].find {|l| l["rel"] == "http://tools.ietf.org/id/draft-dejong-remotestorage"}
+
+          expect(rs_link["href"]).to eql("https://storage.kosmos.org/tony@kosmos.org")
+
+          oauth_url = rs_link["properties"]["http://tools.ietf.org/html/rfc6749#section-4.2"]
+          expect(oauth_url).to eql("https://example.com/rs/oauth")
+        end
+      end
+
+      context "remoteStorage not available" do
+        before do
+          Setting.remotestorage_enabled = false
+        end
+
+        it "does not include the remoteStorage link" do
+          get "/.well-known/webfinger?resource=acct%3Atony%40kosmos.org"
+          expect(response).to have_http_status(:ok)
+
+          res = JSON.parse(response.body)
+          rs_link = res["links"].find {|l| l["rel"] == "http://tools.ietf.org/id/draft-dejong-remotestorage"}
+
+          expect(rs_link).to be_nil
+        end
+      end
+    end
+
+    context "user does not exist" do
+      it "does return a 404 status" do
+        get "/.well-known/webfinger?resource=acct%3Ajane.doe%40kosmos.org"
+        expect(response).to have_http_status(:not_found)
+      end
+    end
+  end
+end

spec/requests/webhooks_spec.rb

@@ -55,22 +55,51 @@ RSpec.describe "Webhooks", type: :request do
 
       before do
         user.save! #FIXME this should not be necessary
-        post "/webhooks/lndhub", params: payload.to_json
       end
 
       it "returns a 200 status" do
+        post "/webhooks/lndhub", params: payload.to_json
         expect(response).to have_http_status(:ok)
       end
 
-      it "sends an XMPP message to the account owner's JID" do
-        expect(enqueued_jobs.size).to eq(1)
+      it "does not send notifications by default" do
+        expect(enqueued_jobs.size).to eq(0)
+      end
 
-        msg = enqueued_jobs.first['arguments'].first
-        expect(msg["type"]).to eq('normal')
-        expect(msg["from"]).to eq('kosmos.org')
-        expect(msg["to"]).to eq(user.address)
-        expect(msg["subject"]).to eq('Sats received!')
-        expect(msg["body"]).to match(/^12300 sats received/)
+      context "notification preference set to 'xmpp'" do
+        before do
+          user.update! preferences: { lightning_notify_sats_received: "xmpp" }
+          post "/webhooks/lndhub", params: payload.to_json
+        end
+
+        it "sends an XMPP message to the account owner's JID" do
+          expect(enqueued_jobs.size).to eq(1)
+          expect(enqueued_jobs.first["job_class"]).to eq("XmppSendMessageJob")
+
+          msg = enqueued_jobs.first["arguments"].first
+          expect(msg["type"]).to eq("normal")
+          expect(msg["from"]).to eq("kosmos.org")
+          expect(msg["to"]).to eq(user.address)
+          expect(msg["subject"]).to eq("Sats received!")
+          expect(msg["body"]).to match(/^12,300 sats received/)
+        end
+      end
+
+      context "notification preference set to 'email'" do
+        before do
+          user.update! preferences: { lightning_notify_sats_received: "email" }
+          post "/webhooks/lndhub", params: payload.to_json
+        end
+
+        it "sends an email notification to the account owner" do
+          expect(enqueued_jobs.size).to eq(1)
+          expect(enqueued_jobs.first["job_class"]).to eq("ActionMailer::MailDeliveryJob")
+          args = enqueued_jobs.first['arguments']
+          expect(args[0]).to eq("NotificationMailer")
+          expect(args[1]).to eq("lightning_sats_received")
+          expect(args[3]["params"]["user"]["_aj_globalid"]).to eq("gid://akkounts/User/1")
+          expect(args[3]["params"]["amount_sats"]).to eq(12300)
+        end
       end
     end
   end