Make empty donations page prettier

Make invitation page prettier when it's empty
Add coming-soon note to disabled settings nav items
2023-01-10 14:09:15 +08:00 · 2023-01-10 14:09:15 +08:00 · 2023-01-10 14:09:15 +08:00 · 2023-01-10 14:09:14 +08:00 · 2023-01-10 14:09:14 +08:00 · 2023-01-10 14:09:14 +08:00
231 changed files with 1035 additions and 5279 deletions
--- a/.drone.yml
+++ b/.drone.yml
@@ -12,7 +12,7 @@ steps:
    settings:
      restore: true
      mount:
-      - ./vendor/cache
+      - ./vendor
    when:
      branch:
        - master
@@ -28,7 +28,7 @@ steps:
      - bundle install --jobs=3 --retry=3
      - yarn install
      - rake css:build
-      - bundle exec rspec
+      - rake spec
  - name: rebuild-cache
    image: drillster/drone-volume-cache
    volumes:
@@ -37,7 +37,7 @@ steps:
    settings:
      rebuild: true
      mount:
-      - ./vendor/cache
+      - ./vendor
    when:
      branch:
        - master
--- a/.env.example
+++ b/.env.example
@@ -1,43 +1,11 @@
 PRIMARY_DOMAIN=kosmos.org
 AKKOUNTS_DOMAIN=accounts.example.com
 SMTP_SERVER=smtp.example.com
 SMTP_PORT=587
 SMTP_LOGIN=accounts
 SMTP_PASSWORD=123abc
 SMTP_FROM_ADDRESS=accounts@example.com
 SMTP_DOMAIN=example.com
 SMTP_AUTH_METHOD=plain
 SMTP_ENABLE_STARTTLS=auto
 LDAP_HOST=localhost
 LDAP_PORT=389
 LDAP_ADMIN_PASSWORD=passthebutter
-LDAP_SUFFIX='dc=kosmos,dc=org'
+LDAP_SUFFIX="dc=kosmos,dc=org"
 REDIS_URL='redis://localhost:6379/1'
 WEBHOOKS_ALLOWED_IPS='10.1.1.163'
 DISCOURSE_PUBLIC_URL='https://community.kosmos.org'
 DISCOURSE_CONNECT_SECRET='discourse_connect_ftw'
 GITEA_PUBLIC_URL='https://gitea.kosmos.org'
 MASTODON_PUBLIC_URL='https://kosmos.social'
 MEDIAWIKI_PUBLIC_URL='https://wiki.kosmos.org'
 RS_STORAGE_URL='https://storage.kosmos.org'
 EJABBERD_ADMIN_URL='https://xmpp.kosmos.org/admin'
 EJABBERD_API_URL='https://xmpp.kosmos.org/api'
 BTCPAY_API_URL='http://localhost:23001/api/v1'
 LNDHUB_API_URL='http://localhost:3023'
 LNDHUB_PUBLIC_URL='https://lndhub.kosmos.org'
 LNDHUB_PUBLIC_KEY='0123d3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946'
 LNDHUB_ADMIN_UI=true
 LNDHUB_PG_HOST=localhost
 LNDHUB_PG_PORT=5432
 LNDHUB_PG_DATABASE=lndhub
 LNDHUB_PG_USERNAME=lndhub
 LNDHUB_PG_PASSWORD=''
--- a/.env.production
+++ b/.env.production
@@ -0,0 +1,4 @@
 EJABBERD_API_URL='https://xmpp.kosmos.org:5443/api'
 BTCPAY_API_URL='http://10.1.1.163:23001/api/v1'
 LNDHUB_API_URL='http://10.1.1.163:3023'
 LNDHUB_PUBLIC_URL='https://lndhub.kosmos.org'
--- a/.env.test
+++ b/.env.test
@@ -1,16 +1,4 @@
 PRIMARY_DOMAIN=kosmos.org
 DISCOURSE_PUBLIC_URL='http://discourse.example.com'
 DISCOURSE_CONNECT_SECRET='discourse_connect_ftw'
 EJABBERD_API_URL='http://xmpp.example.com/api'
 BTCPAY_API_URL='http://btcpay.example.com/api/v1'
-
+LNDHUB_API_URL='http://localhost:3023'
 LNDHUB_API_URL='http://localhost:3026'
 LNDHUB_PUBLIC_URL='https://lndhub.kosmos.org'
 LNDHUB_PUBLIC_KEY='024cd3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946'
 RS_STORAGE_URL='https://storage.kosmos.org'
 WEBHOOKS_ALLOWED_IPS='10.1.1.23'
--- a/.gitea/release-drafter.yml
+++ b/.gitea/release-drafter.yml
@@ -1,13 +0,0 @@
 name-template: 'v$RESOLVED_VERSION'
 tag-template: 'v$RESOLVED_VERSION'
 version-resolver:
  major:
    labels:
      - 'release/major'
  minor:
    labels:
      - 'release/minor'
  patch:
    labels:
      - 'release/patch'
  default: patch
--- a/.gitea/workflows/release_drafter.yml
+++ b/.gitea/workflows/release_drafter.yml
@@ -1,11 +0,0 @@
 name: Release Drafter
 on:
  pull_request:
    types: [closed]
 jobs:
  release_drafter_job:
    name: Update release notes draft
    runs-on: ubuntu-latest
    steps:
      - name: Release Drafter
        uses: https://github.com/raucao/gitea-release-drafter@dev
--- a/15
+++ b/15
@@ -1,13 +1,8 @@
 # syntax=docker/dockerfile:1
 FROM ruby:2.7.6
-
+RUN apt-get update -qq && apt-get install -y curl ldap-utils
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 RUN apt-get update -qq && apt-get install -y --no-install-recommends curl \
      ldap-utils tini
 RUN curl -fsSL https://deb.nodesource.com/setup_lts.x | bash -
 RUN apt-get update && apt-get install -y nodejs
 WORKDIR /akkounts
 COPY Gemfile /akkounts/Gemfile
 COPY Gemfile.lock /akkounts/Gemfile.lock
@@ -17,5 +12,11 @@ RUN gem install foreman
 RUN npm install -g yarn
 RUN yarn install
-ENTRYPOINT ["/usr/bin/tini", "--"]
+# Add a script to be executed every time the container starts.
 COPY docker/entrypoint.sh /usr/bin/
 RUN chmod +x /usr/bin/entrypoint.sh
 ENTRYPOINT ["entrypoint.sh"]
 EXPOSE 3000
 # Configure the main process to run when running the image
 CMD ["bin", "dev"]
--- a/17
+++ b/17
@@ -32,17 +32,12 @@ gem 'lockbox'
 # Authentication
 gem 'warden'
-gem 'devise', '~> 4.9.0'
+gem 'devise'
 gem 'devise_ldap_authenticatable'
 gem 'net-ldap'
 # Utilities
 gem "rqrcode", "~> 2.0"
 gem 'rails-settings-cached', '~> 2.8.3'
 gem 'pagy', '~> 6.0', '>= 6.0.2'
 gem 'flipper'
 gem 'flipper-active_record'
 gem 'flipper-ui'
 # HTTP requests
 gem 'faraday'
@@ -51,15 +46,6 @@ gem 'faraday'
 gem 'sidekiq', '< 7'
 gem 'sidekiq-scheduler'
 # Monitoring
 gem "sentry-ruby"
 gem "sentry-rails"
 # Services
 gem 'discourse_api'
 gem "lnurl"
 gem 'nostr', git: 'https://gitea.kosmos.org/kosmos/nostr-gem.git', branch: 'feature/ruby_2.7_compat'
 group :development, :test do
  # Use sqlite3 as the database for Active Record
  gem 'sqlite3', '~> 1.4'
@@ -74,7 +60,6 @@ group :development do
  gem 'letter_opener'
  gem 'letter_opener_web'
  gem 'faker'
  gem 'solargraph'
 end
 group :test do
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,98 +1,78 @@
 GIT
  remote: https://gitea.kosmos.org/kosmos/nostr-gem.git
  revision: 596529d9eb50d13b3f385245636698fccf37b442
  branch: feature/ruby_2.7_compat
  specs:
    nostr (0.4.0)
      bech32 (~> 1.3)
      bip-schnorr (~> 0.4)
      ecdsa (~> 1.2)
      event_emitter (~> 0.2)
      faye-websocket (~> 0.11)
      json (~> 2.6)
 GEM
  remote: https://rubygems.org/
  specs:
-    actioncable (7.0.5)
+    actioncable (7.0.4)
-      actionpack (= 7.0.5)
+      actionpack (= 7.0.4)
-      activesupport (= 7.0.5)
+      activesupport (= 7.0.4)
      nio4r (~> 2.0)
      websocket-driver (>= 0.6.1)
-    actionmailbox (7.0.5)
+    actionmailbox (7.0.4)
-      actionpack (= 7.0.5)
+      actionpack (= 7.0.4)
-      activejob (= 7.0.5)
+      activejob (= 7.0.4)
-      activerecord (= 7.0.5)
+      activerecord (= 7.0.4)
-      activestorage (= 7.0.5)
+      activestorage (= 7.0.4)
-      activesupport (= 7.0.5)
+      activesupport (= 7.0.4)
      mail (>= 2.7.1)
      net-imap
      net-pop
      net-smtp
-    actionmailer (7.0.5)
+    actionmailer (7.0.4)
-      actionpack (= 7.0.5)
+      actionpack (= 7.0.4)
-      actionview (= 7.0.5)
+      actionview (= 7.0.4)
-      activejob (= 7.0.5)
+      activejob (= 7.0.4)
-      activesupport (= 7.0.5)
+      activesupport (= 7.0.4)
      mail (~> 2.5, >= 2.5.4)
      net-imap
      net-pop
      net-smtp
      rails-dom-testing (~> 2.0)
-    actionpack (7.0.5)
+    actionpack (7.0.4)
-      actionview (= 7.0.5)
+      actionview (= 7.0.4)
-      activesupport (= 7.0.5)
+      activesupport (= 7.0.4)
-      rack (~> 2.0, >= 2.2.4)
+      rack (~> 2.0, >= 2.2.0)
      rack-test (>= 0.6.3)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (7.0.5)
+    actiontext (7.0.4)
-      actionpack (= 7.0.5)
+      actionpack (= 7.0.4)
-      activerecord (= 7.0.5)
+      activerecord (= 7.0.4)
-      activestorage (= 7.0.5)
+      activestorage (= 7.0.4)
-      activesupport (= 7.0.5)
+      activesupport (= 7.0.4)
      globalid (>= 0.6.0)
      nokogiri (>= 1.8.5)
-    actionview (7.0.5)
+    actionview (7.0.4)
-      activesupport (= 7.0.5)
+      activesupport (= 7.0.4)
      builder (~> 3.1)
      erubi (~> 1.4)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (7.0.5)
+    activejob (7.0.4)
-      activesupport (= 7.0.5)
+      activesupport (= 7.0.4)
      globalid (>= 0.3.6)
-    activemodel (7.0.5)
+    activemodel (7.0.4)
-      activesupport (= 7.0.5)
+      activesupport (= 7.0.4)
-    activerecord (7.0.5)
+    activerecord (7.0.4)
-      activemodel (= 7.0.5)
+      activemodel (= 7.0.4)
-      activesupport (= 7.0.5)
+      activesupport (= 7.0.4)
-    activestorage (7.0.5)
+    activestorage (7.0.4)
-      actionpack (= 7.0.5)
+      actionpack (= 7.0.4)
-      activejob (= 7.0.5)
+      activejob (= 7.0.4)
-      activerecord (= 7.0.5)
+      activerecord (= 7.0.4)
-      activesupport (= 7.0.5)
+      activesupport (= 7.0.4)
      marcel (~> 1.0)
      mini_mime (>= 1.1.0)
-    activesupport (7.0.5)
+    activesupport (7.0.4)
      concurrent-ruby (~> 1.0, >= 1.0.2)
      i18n (>= 1.6, < 2)
      minitest (>= 5.1)
      tzinfo (~> 2.0)
-    addressable (2.8.4)
+    addressable (2.8.1)
      public_suffix (>= 2.0.2, < 6.0)
    ast (2.4.2)
    backport (1.2.0)
    bcrypt (3.1.18)
    bech32 (1.3.0)
      thor (>= 1.1.0)
    benchmark (0.2.1)
    bindex (0.8.1)
    bip-schnorr (0.6.0)
      ecdsa_ext (~> 0.5.0)
    builder (3.2.4)
    byebug (11.1.3)
-    capybara (3.39.2)
+    capybara (3.38.0)
      addressable
      matrix
      mini_mime (>= 0.1.3)
@@ -102,21 +82,20 @@ GEM
      regexp_parser (>= 1.5, < 3.0)
      xpath (~> 3.2)
    chunky_png (1.4.0)
-    concurrent-ruby (1.2.2)
+    concurrent-ruby (1.1.10)
-    connection_pool (2.4.1)
+    connection_pool (2.3.0)
    crack (0.4.5)
      rexml
    crass (1.0.6)
-    cssbundling-rails (1.1.2)
+    cssbundling-rails (1.1.1)
      railties (>= 6.0.0)
-    database_cleaner (2.0.2)
+    database_cleaner (2.0.1)
-      database_cleaner-active_record (>= 2, < 3)
+      database_cleaner-active_record (~> 2.0.0)
-    database_cleaner-active_record (2.1.0)
+    database_cleaner-active_record (2.0.1)
      activerecord (>= 5.a)
      database_cleaner-core (~> 2.0.0)
    database_cleaner-core (2.0.1)
-    date (3.3.3)
+    devise (4.8.1)
    devise (4.9.2)
      bcrypt (~> 3.0)
      orm_adapter (~> 0.1)
      railties (>= 4.1.0)
@@ -126,76 +105,41 @@ GEM
      devise (>= 3.4.1)
      net-ldap (>= 0.16.0)
    diff-lcs (1.5.0)
    discourse_api (2.0.1)
      faraday (~> 2.7)
      faraday-follow_redirects
      faraday-multipart
      rack (>= 1.6)
    dotenv (2.8.1)
    dotenv-rails (2.8.1)
      dotenv (= 2.8.1)
      railties (>= 3.2)
-    e2mmap (0.1.0)
+    erubi (1.11.0)
    ecdsa (1.2.0)
    ecdsa_ext (0.5.0)
      ecdsa (~> 1.2.0)
    erubi (1.12.0)
    et-orbi (1.2.7)
      tzinfo
    event_emitter (0.2.6)
    eventmachine (1.2.7)
    factory_bot (6.2.1)
      activesupport (>= 5.0.0)
    factory_bot_rails (6.2.0)
      factory_bot (~> 6.2.0)
      railties (>= 5.0.0)
-    faker (3.2.0)
+    faker (3.0.0)
      i18n (>= 1.8.11, < 2)
-    faraday (2.7.6)
+    faraday (2.7.1)
      faraday-net_http (>= 2.0, < 3.1)
      ruby2_keywords (>= 0.0.4)
    faraday-follow_redirects (0.3.0)
      faraday (>= 1, < 3)
    faraday-multipart (1.0.4)
      multipart-post (~> 2)
    faraday-net_http (3.0.2)
    faye-websocket (0.11.2)
      eventmachine (>= 0.12.0)
      websocket-driver (>= 0.5.1)
    ffi (1.15.5)
-    flipper (0.28.0)
+    fugit (1.7.2)
      concurrent-ruby (< 2)
    flipper-active_record (0.28.0)
      activerecord (>= 4.2, < 8)
      flipper (~> 0.28.0)
    flipper-ui (0.28.0)
      erubi (>= 1.0.0, < 2.0.0)
      flipper (~> 0.28.0)
      rack (>= 1.4, < 3)
      rack-protection (>= 1.5.3, <= 4.0.0)
      sanitize (< 7)
    fugit (1.8.1)
      et-orbi (~> 1, >= 1.2.7)
      raabro (~> 1.4)
-    globalid (1.1.0)
+    globalid (1.0.0)
      activesupport (>= 5.0)
    hashdiff (1.0.1)
-    i18n (1.14.1)
+    i18n (1.12.0)
      concurrent-ruby (~> 1.0)
-    importmap-rails (1.1.6)
+    importmap-rails (1.1.5)
      actionpack (>= 6.0.0)
      railties (>= 6.0.0)
    jaro_winkler (1.5.6)
    jbuilder (2.11.5)
      actionview (>= 5.0.0)
      activesupport (>= 5.0.0)
-    json (2.6.3)
+    launchy (2.5.0)
-    kramdown (2.4.0)
+      addressable (~> 2.7)
      rexml
    kramdown-parser-gfm (1.1.0)
      kramdown (~> 2.0)
    launchy (2.5.2)
      addressable (~> 2.8)
    letter_opener (1.8.1)
      launchy (>= 2.2, < 3)
    letter_opener_web (2.0.0)
@@ -203,191 +147,141 @@ GEM
      letter_opener (~> 1.7)
      railties (>= 5.2)
      rexml
-    listen (3.8.0)
+    listen (3.7.1)
      rb-fsevent (~> 0.10, >= 0.10.3)
      rb-inotify (~> 0.9, >= 0.9.10)
-    lnurl (1.0.1)
+    lockbox (1.1.0)
-      bech32 (~> 1.1)
+    loofah (2.19.0)
    lockbox (1.2.0)
    loofah (2.21.3)
      crass (~> 1.0.2)
-      nokogiri (>= 1.12.0)
+      nokogiri (>= 1.5.9)
-    mail (2.8.1)
+    mail (2.7.1)
      mini_mime (>= 0.1.1)
      net-imap
      net-pop
      net-smtp
    marcel (1.0.2)
    matrix (0.4.2)
    method_source (1.0.0)
    mini_mime (1.1.2)
-    minitest (5.18.0)
+    mini_portile2 (2.8.0)
-    multipart-post (2.3.0)
+    minitest (5.16.3)
-    net-imap (0.3.6)
+    net-imap (0.3.1)
      date
      net-protocol
-    net-ldap (0.18.0)
+    net-ldap (0.17.1)
    net-pop (0.1.2)
      net-protocol
-    net-protocol (0.2.1)
+    net-protocol (0.1.3)
      timeout
    net-smtp (0.3.3)
      net-protocol
-    nio4r (2.5.9)
+    nio4r (2.5.8)
-    nokogiri (1.15.2-x86_64-linux)
+    nokogiri (1.13.9)
      mini_portile2 (~> 2.8.0)
      racc (~> 1.4)
    nokogiri (1.13.9-x86_64-linux)
      racc (~> 1.4)
    orm_adapter (0.5.0)
    pagy (6.0.4)
    parallel (1.23.0)
    parser (3.2.2.3)
      ast (~> 2.4.1)
      racc
    pg (1.2.3)
-    public_suffix (5.0.1)
+    public_suffix (5.0.0)
    puma (4.3.12)
      nio4r (~> 2.0)
    raabro (1.4.0)
-    racc (1.7.1)
+    racc (1.6.0)
-    rack (2.2.7)
+    rack (2.2.4)
-    rack-protection (3.0.6)
+    rack-test (2.0.2)
      rack
    rack-test (2.1.0)
      rack (>= 1.3)
-    rails (7.0.5)
+    rails (7.0.4)
-      actioncable (= 7.0.5)
+      actioncable (= 7.0.4)
-      actionmailbox (= 7.0.5)
+      actionmailbox (= 7.0.4)
-      actionmailer (= 7.0.5)
+      actionmailer (= 7.0.4)
-      actionpack (= 7.0.5)
+      actionpack (= 7.0.4)
-      actiontext (= 7.0.5)
+      actiontext (= 7.0.4)
-      actionview (= 7.0.5)
+      actionview (= 7.0.4)
-      activejob (= 7.0.5)
+      activejob (= 7.0.4)
-      activemodel (= 7.0.5)
+      activemodel (= 7.0.4)
-      activerecord (= 7.0.5)
+      activerecord (= 7.0.4)
-      activestorage (= 7.0.5)
+      activestorage (= 7.0.4)
-      activesupport (= 7.0.5)
+      activesupport (= 7.0.4)
      bundler (>= 1.15.0)
-      railties (= 7.0.5)
+      railties (= 7.0.4)
    rails-dom-testing (2.0.3)
      activesupport (>= 4.2.0)
      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.6.0)
+    rails-html-sanitizer (1.4.3)
-      loofah (~> 2.21)
+      loofah (~> 2.3)
-      nokogiri (~> 1.14)
+    railties (7.0.4)
-    rails-settings-cached (2.8.3)
+      actionpack (= 7.0.4)
-      activerecord (>= 5.0.0)
+      activesupport (= 7.0.4)
      railties (>= 5.0.0)
    railties (7.0.5)
      actionpack (= 7.0.5)
      activesupport (= 7.0.5)
      method_source
      rake (>= 12.2)
      thor (~> 1.0)
      zeitwerk (~> 2.5)
    rainbow (3.1.1)
    rake (13.0.6)
    rb-fsevent (0.11.2)
    rb-inotify (0.10.1)
      ffi (~> 1.0)
-    rbs (2.8.4)
+    redis (5.0.5)
-    redis (4.8.1)
+      redis-client (>= 0.9.0)
-    regexp_parser (2.8.1)
+    redis-client (0.11.2)
-    responders (3.1.0)
+      connection_pool
-      actionpack (>= 5.2)
+    regexp_parser (2.6.1)
-      railties (>= 5.2)
+    responders (3.0.1)
-    reverse_markdown (2.1.1)
+      actionpack (>= 5.0)
-      nokogiri
+      railties (>= 5.0)
    rexml (3.2.5)
-    rqrcode (2.2.0)
+    rqrcode (2.1.2)
      chunky_png (~> 1.0)
      rqrcode_core (~> 1.0)
    rqrcode_core (1.2.0)
-    rspec-core (3.12.2)
+    rspec-core (3.12.0)
      rspec-support (~> 3.12.0)
-    rspec-expectations (3.12.3)
+    rspec-expectations (3.12.0)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.12.0)
-    rspec-mocks (3.12.5)
+    rspec-mocks (3.12.0)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.12.0)
-    rspec-rails (6.0.3)
+    rspec-rails (6.0.1)
      actionpack (>= 6.1)
      activesupport (>= 6.1)
      railties (>= 6.1)
-      rspec-core (~> 3.12)
+      rspec-core (~> 3.11)
-      rspec-expectations (~> 3.12)
+      rspec-expectations (~> 3.11)
-      rspec-mocks (~> 3.12)
+      rspec-mocks (~> 3.11)
-      rspec-support (~> 3.12)
+      rspec-support (~> 3.11)
    rspec-support (3.12.0)
    rubocop (1.52.1)
      json (~> 2.3)
      parallel (~> 1.10)
      parser (>= 3.2.2.3)
      rainbow (>= 2.2.2, < 4.0)
      regexp_parser (>= 1.8, < 3.0)
      rexml (>= 3.2.5, < 4.0)
      rubocop-ast (>= 1.28.0, < 2.0)
      ruby-progressbar (~> 1.7)
      unicode-display_width (>= 2.4.0, < 3.0)
    rubocop-ast (1.29.0)
      parser (>= 3.2.1.0)
    ruby-progressbar (1.13.0)
    ruby2_keywords (0.0.5)
-    rufus-scheduler (3.9.1)
+    rufus-scheduler (3.8.2)
      fugit (~> 1.1, >= 1.1.6)
-    sanitize (6.0.1)
+    sidekiq (6.5.5)
-      crass (~> 1.0.2)
+      connection_pool (>= 2.2.2)
      nokogiri (>= 1.12.0)
    sentry-rails (5.9.0)
      railties (>= 5.0)
      sentry-ruby (~> 5.9.0)
    sentry-ruby (5.9.0)
      concurrent-ruby (~> 1.0, >= 1.0.2)
    sidekiq (6.5.9)
      connection_pool (>= 2.2.5, < 3)
      rack (~> 2.0)
-      redis (>= 4.5.0, < 5)
+      redis (>= 4.5.0)
-    sidekiq-scheduler (5.0.3)
+    sidekiq-scheduler (4.0.3)
      redis (>= 4.2.0)
      rufus-scheduler (~> 3.2)
-      sidekiq (>= 6, < 8)
+      sidekiq (>= 4, < 7)
      tilt (>= 1.4.0)
-    solargraph (0.49.0)
+    sprockets (4.1.1)
      backport (~> 1.2)
      benchmark
      bundler (~> 2.0)
      diff-lcs (~> 1.4)
      e2mmap
      jaro_winkler (~> 1.5)
      kramdown (~> 2.3)
      kramdown-parser-gfm (~> 1.1)
      parser (~> 3.0)
      rbs (~> 2.0)
      reverse_markdown (~> 2.0)
      rubocop (~> 1.38)
      thor (~> 1.0)
      tilt (~> 2.0)
      yard (~> 0.9, >= 0.9.24)
    sprockets (4.2.0)
      concurrent-ruby (~> 1.0)
-      rack (>= 2.2.4, < 4)
+      rack (> 1, < 3)
    sprockets-rails (3.4.2)
      actionpack (>= 5.2)
      activesupport (>= 5.2)
      sprockets (>= 3.0.0)
-    sqlite3 (1.6.3-x86_64-linux)
+    sqlite3 (1.5.4)
      mini_portile2 (~> 2.8.0)
    sqlite3 (1.5.4-x86_64-linux)
    stimulus-rails (1.2.1)
      railties (>= 6.0.0)
-    thor (1.2.2)
+    thor (1.2.1)
-    tilt (2.2.0)
+    tilt (2.0.11)
-    timeout (0.3.2)
+    timeout (0.3.0)
-    turbo-rails (1.4.0)
+    turbo-rails (1.3.2)
      actionpack (>= 6.0.0)
      activejob (>= 6.0.0)
      railties (>= 6.0.0)
-    tzinfo (2.0.6)
+    tzinfo (2.0.5)
      concurrent-ruby (~> 1.0)
-    unicode-display_width (2.4.2)
+    view_component (2.78.0)
-    view_component (3.2.0)
+      activesupport (>= 5.0.0, < 8.0)
      activesupport (>= 5.2.0, < 8.0)
      concurrent-ruby (~> 1.0)
      method_source (~> 1.0)
    warden (1.2.9)
@@ -406,10 +300,10 @@ GEM
    websocket-extensions (0.1.5)
    xpath (3.2.0)
      nokogiri (~> 1.8)
-    yard (0.9.34)
+    zeitwerk (2.6.6)
    zeitwerk (2.6.8)
 PLATFORMS
  ruby
  x86_64-linux
 DEPENDENCIES
@@ -417,37 +311,26 @@ DEPENDENCIES
  capybara
  cssbundling-rails
  database_cleaner
-  devise (~> 4.9.0)
+  devise
  devise_ldap_authenticatable
  discourse_api
  dotenv-rails
  factory_bot_rails
  faker
  faraday
  flipper
  flipper-active_record
  flipper-ui
  importmap-rails
  jbuilder (~> 2.7)
  letter_opener
  letter_opener_web
  listen (~> 3.2)
  lnurl
  lockbox
  net-ldap
  nostr!
  pagy (~> 6.0, >= 6.0.2)
  pg (~> 1.2.3)
  puma (~> 4.1)
  rails (~> 7.0.2)
  rails-settings-cached (~> 2.8.3)
  rqrcode (~> 2.0)
  rspec-rails
  sentry-rails
  sentry-ruby
  sidekiq (< 7)
  sidekiq-scheduler
  solargraph
  sprockets-rails
  sqlite3 (~> 1.4)
  stimulus-rails
--- a/README.md
+++ b/README.md
@@ -14,17 +14,18 @@ so:
 1. Make sure [Docker Compose is installed][1] and Docker is running (included in
   Docker Desktop)
-2. Uncomment the `redis`, `web`, and `sidekiq` sections in `docker-compose.yml`
+2. Uncomment the `web` section in `docker-compose.yml`
 3. Run `docker compose up` and wait until 389ds announces its successful start
   in the log output
 4. `docker-compose exec ldap dsconf localhost backend create --suffix="dc=kosmos,dc=org" --be-name="dev"`
 5. `docker compose run web rails ldap:setup`
-6. `docker compose run web rails db:setup`
+5. `docker compose run web rails db:setup`
 After these steps, you should have a working Rails app with a handful of test
 users running on [http://localhost:3000](http://localhost:3000).
 Log in with username "admin" and password "admin is admin". All users listed on
-[http://localhost:3000/admin/users](http://localhost:3000/admin/users)
+[http://localhost:3000/admin/ldap_users](http://localhost:3000/admin/ldap_users)
 have the password "user is user".
 ### Rails app
@@ -78,34 +79,14 @@ The setup task will first delete any existing entries in the directory tree
 Note that all 389ds data is stored in `tmp/389ds`. So if you want to start over
 with a fresh installation, delete both that directory as well as the container.
 ### Adding npm modules to use with Stimulus controllers
 The following command downloads the specified npm module to `vendor/javascript`
 and adds an entry for it to `config/importmap.rb`.
    bin/importmap pin bech32 --download
 ### Solargraph
 [Solargraph](https://solargraph.org/) is a Ruby language server, which you may
 use with your editor to add features like auto-completion and syntax
 validation. You can add inline documentation for bundled gems with this
 command:
    bundle exec yard gems
 ## Documentation
 ### Rails
 * [Ruby on Rails](https://guides.rubyonrails.org/)
-* [Pagination](https://ddnexus.github.io/pagy/)
+* [Sass](https://sass-lang.com/documentation)
 ### Front-end
 * [Tailwind CSS](https://tailwindcss.com/)
 * [Sass](https://sass-lang.com/documentation)
 * [Stimulus](https://stimulus.hotwired.dev/handbook/)
 ### Testing
@@ -122,10 +103,6 @@ command:
 * [Sidekiq](https://github.com/mperham/sidekiq/wiki/)
 * [ActiveJob](https://github.com/mperham/sidekiq/wiki/Active-Job)
 ### Feature Flags
 * [Flipper](https://www.flippercloud.io/docs/get-started/self-hosted)
 ## License
 [GNU Affero General Public License v3.0](https://choosealicense.com/licenses/agpl-3.0/)
--- a/app/assets/config/manifest.js
+++ b/app/assets/config/manifest.js
@@ -1,4 +1,3 @@
 //= link_tree ../images
 //= link_tree ../../javascript .js
 //= link_tree ../builds
 //= link_tree ../../../vendor/javascript .js
--- a/app/assets/stylesheets/application.tailwind.css
+++ b/app/assets/stylesheets/application.tailwind.css
@@ -4,9 +4,7 @@
@import "components/base";
@import "components/buttons";
@import "components/dashboard_services";
@import "components/forms";
@import "components/links";
@import "components/notifications";
@import "components/pagination";
@import "components/tables";
--- a/app/assets/stylesheets/components/base.css
+++ b/app/assets/stylesheets/components/base.css
@@ -24,10 +24,6 @@
    @apply text-xl mb-6;
  }
  h4 {
    @apply font-bold mb-4 leading-6;
  }
  main section {
    @apply pt-8 sm:pt-12;
  }
@@ -40,18 +36,10 @@
    @apply mb-4 leading-6;
  }
  main p:last-child {
    @apply mb-0;
  }
  main ul {
    @apply mb-6;
  }
  main ul:last-child {
    @apply mb-0;
  }
  main ul li {
    @apply leading-6;
  }
--- a/app/assets/stylesheets/components/buttons.css
+++ b/app/assets/stylesheets/components/buttons.css
@@ -1,6 +1,6 @@
@layer components {
  .btn {
-    @apply inline-block font-semibold rounded-md leading-none cursor-pointer text-center
+    @apply font-semibold rounded-md leading-none cursor-pointer text-center
           transition-colors duration-75 focus:outline-none focus:ring-4;
  }
@@ -14,10 +14,6 @@
    @apply py-1 px-2 text-sm;
  }
  .btn-outline {
    @apply border-2 border-gray-100 hover:bg-gray-100;
  }
  .btn-icon {
    @apply px-3;
  }
@@ -37,8 +33,7 @@
           focus:ring-red-500 focus:ring-opacity-75;
  }
-  .btn:disabled {
+  input[type=text]:disabled {
-    @apply bg-gray-100 hover:bg-gray-200 text-gray-400
+    @apply text-gray-700;
           focus:ring-gray-300 focus:ring-opacity-75;
  }
 }
--- a/app/assets/stylesheets/components/dashboard_services.css
+++ b/app/assets/stylesheets/components/dashboard_services.css
@@ -1,5 +0,0 @@
@layer components {
  .services > div > a {
    background-image: linear-gradient(110deg, rgba(255,255,255,0.99) 0, rgba(255,255,255,0.88) 100%);
  }
 }
--- a/app/assets/stylesheets/components/forms.css
+++ b/app/assets/stylesheets/components/forms.css
@@ -1,20 +1,11 @@
@layer components {
  input[type=text], input[type=email], input[type=password],
-  input[type=number], select, textarea {
+  input[type=number], select {
-    @apply rounded-md bg-gray-100 focus:bg-white
+    @apply mt-1 rounded-md bg-gray-100 focus:bg-white
           border-transparent focus:border-transparent focus:ring-2
           focus:ring-blue-600 focus:ring-opacity-75;
  }
  input[type=text]:disabled,
  input[type=email]:disabled {
    @apply text-gray-700;
  }
  input.field_with_errors {
    @apply border-b-red-600;
  }
  .field_with_errors {
    @apply inline-block;
  }
--- a/app/assets/stylesheets/components/links.css
+++ b/app/assets/stylesheets/components/links.css
@@ -5,4 +5,10 @@
    &:visited { @apply text-indigo-600; }
    &:active  { @apply text-red-600; }
  }
  .devise-links {
    a {
      @apply ks-text-link;
    }
  }
 }
--- a/app/assets/stylesheets/components/pagination.css
+++ b/app/assets/stylesheets/components/pagination.css
@@ -1,45 +0,0 @@
@layer components {
  .pagy-nav.pagination {
    @apply isolate inline-flex -space-x-px rounded-md shadow-sm;
  }
  .pagy-nav .page:not(.prev):not(.next) {
    @apply hidden sm:inline-block;
  }
  .pagy-nav .page.next a {
    @apply relative inline-flex items-center rounded-r-md border
           border-gray-300 bg-white px-3 py-2 text-sm font-medium
           text-gray-500 hover:bg-gray-100 focus:z-20;
  }
  .pagy-nav .page.prev a {
    @apply relative inline-flex items-center rounded-l-md border
           border-gray-300 bg-white px-3 py-2 text-sm font-medium
           text-gray-500 hover:bg-gray-100 focus:z-20;
  }
  .pagy-nav .page.next.disabled {
    @apply relative inline-flex items-center rounded-r-md border
           border-gray-300 bg-gray-100 px-3 py-2 text-sm font-medium
           text-gray-400 focus:z-20;
  }
  .pagy-nav .page.prev.disabled {
    @apply relative inline-flex items-center rounded-l-md border
           border-gray-300 bg-gray-100 px-3 py-2 text-sm font-medium
           text-gray-400 focus:z-20;
  }
  .pagy-nav .page a, .page.gap {
    @apply bg-white border-gray-300 text-gray-500 hover:bg-gray-100 relative
           inline-flex items-center border px-4 py-2 text-sm font-medium
           focus:z-20;
  }
  .pagy-nav .page.active {
    @apply z-10 border-indigo-500 bg-indigo-50 text-indigo-600 relative
           inline-flex items-center border px-4 py-2 text-sm font-medium
           focus:z-20;
  }
 }
--- a/app/assets/stylesheets/components/tables.css
+++ b/app/assets/stylesheets/components/tables.css
@@ -7,30 +7,16 @@
    @apply text-left;
  }
-  table thead th {
+  table th {
    @apply pb-3.5 text-sm font-normal uppercase text-gray-500;
  }
  table tbody th {
    @apply text-left font-normal text-gray-500;
  }
  table th:not(:last-of-type),
  table td:not(:last-of-type) {
    @apply pr-2;
  }
-  table td, tbody th {
+  table td {
    @apply py-2;
  }
  table.divided {
    @apply divide-y divide-gray-300;
  }
  table.divided tbody {
    @apply divide-y divide-gray-200;
  }
  table.divided td, table.divided tbody th {
    @apply py-3;
  }
 }
--- a/app/components/form_elements/fieldset_component.html.erb
+++ b/app/components/form_elements/fieldset_component.html.erb
@@ -1,29 +0,0 @@
 <%= tag.public_send(@tag, class: "mb-6 last:mb-0") do %>
  <% if @positioning == :vertical %>
  <label class="block">
    <p class="font-bold <%= @descripton.present? ? "mb-1" : "mb-2" %>">
      <%= @title %>
    </p>
    <% if @descripton.present? %>
    <p class="text-gray-500">
      <%= @descripton %>
    </p>
    <% end %>
    <%= content %>
  </label>
  <% elsif @positioning == :horizontal %>
  <label class="block flex items-center justify-between">
    <div class="flex flex-col">
      <label class="font-bold mb-1"><%= @title %></label>
      <% if @descripton.present? %>
      <p class="text-gray-500"><%= @descripton %></p>
      <% end %>
    </div>
    <div class="relative ml-4 inline-flex flex-shrink-0">
      <%= content %>
    </div>
  </label>
  <% else %>
  <p>Invalid <code>positioning<code> argument for <code>FieldsetComponent</code>.</p>
  <% end %>
 <% end %>
--- a/app/components/form_elements/fieldset_component.rb
+++ b/app/components/form_elements/fieldset_component.rb
@@ -1,12 +0,0 @@
 # frozen_string_literal: true
 module FormElements
  class FieldsetComponent < ViewComponent::Base
    def initialize(tag: "li", positioning: :vertical, title:, description: nil)
      @tag         = tag
      @positioning = positioning
      @title       = title
      @descripton  = description
    end
  end
 end
--- a/app/components/form_elements/fieldset_toggle_component.html.erb
+++ b/app/components/form_elements/fieldset_toggle_component.html.erb
@@ -1,33 +0,0 @@
 <%= tag.public_send @tag, class: "flex items-center justify-between mb-6 last:mb-0",
      data: @form_enabled ? {
        controller: "settings--toggle",
        :'settings--toggle-switch-enabled-value' => @enabled.to_s
      } : nil do %>
  <div class="flex flex-col">
    <label class="font-bold mb-1"><%= @title %></label>
    <p class="text-gray-500"><%= @descripton %></p>
  </div>
  <div class="relative ml-4 inline-flex flex-shrink-0">
    <%= render FormElements::ToggleComponent.new(
          enabled: @enabled,
          input_enabled: @input_enabled,
          class_names: @form_enabled ? "hidden" : nil,
          data: {
            :'settings--toggle-target' => "button",
            action: "settings--toggle#toggleSwitch"
          }) %>
    <% if @form_enabled %>
      <% if @attribute.present? %>
        <%= @form.check_box @attribute, {
              checked: @enabled,
              data: { :'settings--toggle-target' => "checkbox" }
            }, "true", "false" %>
      <% else %>
        <input name="<%= @field_name %>" type="hidden" value="false" autocomplete="off">
        <%= check_box_tag @field_name, "true", @enabled, {
              data: { :'settings--toggle-target' => "checkbox" }
            } %>
      <% end %>
    <% end %>
  </div>
 <% end %>
--- a/app/components/form_elements/fieldset_toggle_component.rb
+++ b/app/components/form_elements/fieldset_toggle_component.rb
@@ -1,19 +0,0 @@
 # frozen_string_literal: true
 module FormElements
  class FieldsetToggleComponent < ViewComponent::Base
    def initialize(tag: "li", form: nil, attribute: nil, field_name: nil,
                   enabled: false, input_enabled: true, title:, description:)
      @tag = tag
      @form = form
      @attribute = attribute
      @field_name = field_name
      @form_enabled = @form.present? || @field_name.present?
      @enabled = enabled
      @input_enabled = input_enabled
      @title = title
      @descripton = description
      @button_text = @enabled ? "Switch off" : "Switch on"
    end
  end
 end
--- a/app/components/form_elements/toggle_component.html.erb
+++ b/app/components/form_elements/toggle_component.html.erb
@@ -1,15 +0,0 @@
 <%= button_tag type: "button", name: "toggle", data: @data,
      role: "switch", aria: { checked: @enabled.to_s },
      tabindex: @tabindex, disabled: !@input_enabled,
      class: "#{ @enabled ? 'bg-blue-600' : 'bg-gray-200' }
              #{ @class_names.present? ? @class_names : '' }
              relative inline-flex h-6 w-11 flex-shrink-0 cursor-pointer
              rounded-full border-2 border-transparent transition-colors
              duration-200 ease-in-out focus:outline-none focus:ring-2
              focus:ring-blue-600 focus:ring-offset-2" do %>
  <span class="sr-only"><%= @button_text %></span>
  <span aria-hidden="true" data-settings--toggle-target="switch"
        class="<%= @enabled ? 'translate-x-5' : 'translate-x-0' %>
               pointer-events-none inline-block h-5 w-5 transform rounded-full
               bg-white shadow ring-0 transition duration-200 ease-in-out"></span>
 <% end %>
--- a/app/components/form_elements/toggle_component.rb
+++ b/app/components/form_elements/toggle_component.rb
@@ -1,13 +0,0 @@
 # frozen_string_literal: true
 module FormElements
  class ToggleComponent < ViewComponent::Base
    def initialize(enabled:, input_enabled: true, data: nil, class_names: nil, tabindex: nil)
      @enabled = !!enabled
      @input_enabled = input_enabled
      @data = data
      @class_names = class_names
      @tabindex = tabindex
    end
  end
 end
--- a/app/components/quickstats_container_component.html.erb
+++ b/app/components/quickstats_container_component.html.erb
@@ -1,3 +0,0 @@
 <dl class="grid grid-cols-2 lg:grid-cols-4 gap-6 sm:gap-12">
  <%= content %>
 </dl>
--- a/app/components/quickstats_container_component.rb
+++ b/app/components/quickstats_container_component.rb
@@ -1,4 +0,0 @@
 # frozen_string_literal: true
 class QuickstatsContainerComponent < ViewComponent::Base
 end
--- a/app/components/quickstats_item_component.html.erb
+++ b/app/components/quickstats_item_component.html.erb
@@ -1,18 +0,0 @@
 <div class="">
  <dt class="mb-2 text-gray-500">
    <%= @title %>
  </dt>
  <dd>
    <% if @type == :number %>
      <span class="text-2xl"><%= number_with_delimiter @value %></span>
    <% else %>
      <span class="text-2xl"><%= @value %></span>
    <% end %>
    <% if @unit %>
      <span><%= @unit %></span>
    <% end %>
    <% if @meta %>
      <span class="text-gray-500"><%= @meta %></span>
    <% end %>
  </dd>
 </div>
--- a/app/components/quickstats_item_component.rb
+++ b/app/components/quickstats_item_component.rb
@@ -1,13 +0,0 @@
 # frozen_string_literal: true
 class QuickstatsItemComponent < ViewComponent::Base
  def initialize(type:, title:, value:, unit: nil, meta: nil, icon_name: nil, icon_color_class: nil)
    @type = type
    @title = title
    @value = value
    @unit = unit
    @meta = meta
    @icon_name = icon_name
    @icon_color_class = icon_color_class
  end
 end
--- a/app/components/sidenav_link_component.rb
+++ b/app/components/sidenav_link_component.rb
@@ -1,9 +1,8 @@
 # frozen_string_literal: true
 class SidenavLinkComponent < ViewComponent::Base
-  def initialize(name:, level: 1, path:, icon:, active: false, disabled: false)
+  def initialize(name:, path:, icon:, active: false, disabled: false)
    @name = name
    @level = level
    @path = path
    @icon = icon
    @active = active
@@ -13,15 +12,12 @@ class SidenavLinkComponent < ViewComponent::Base
  end
  def class_names_link(path)
    px = @level == 1 ? "px-4" : "pl-8 pr-4"
    base = "#{px} py-2 group border-l-4 flex items-center text-base font-medium"
    if @active
-      "#{base} bg-teal-50 border-teal-500 text-teal-700 hover:bg-teal-50 hover:text-teal-700"
+      "bg-teal-50 border-teal-500 text-teal-700 hover:bg-teal-50 hover:text-teal-700 group border-l-4 px-4 py-2 flex items-center text-base font-medium" 
    elsif @disabled
-      "#{base} border-transparent text-gray-400 hover:bg-gray-50"
+      "border-transparent text-gray-400 hover:bg-gray-50 group border-l-4 px-4 py-2 flex items-center text-base font-medium"
    else
-      "#{base} border-transparent text-gray-900 hover:bg-gray-50 hover:text-gray-900"
+      "border-transparent text-gray-900 hover:bg-gray-50 hover:text-gray-900 group border-l-4 px-4 py-2 flex items-center text-base font-medium"
    end
  end
--- a/app/components/wallet_summary_component.html.erb
+++ b/app/components/wallet_summary_component.html.erb
@@ -7,14 +7,10 @@
  <div class="md:col-span-4 mt-4 md:mt-0">
    <p class="font-mono md:text-right mb-0 p-4 border border-gray-300 rounded-lg overflow-hidden">
    <% if @balance %>
-      <span class="text-2xl"><%= number_with_delimiter @balance %></span>
+      <span class="text-xl"><%= number_with_delimiter @balance %> sats</span><br>
      <span class="text-xl">sats</span>
      <br>
      <span class="text-sm text-gray-500">Available balance</span>
    <% else %>
-      <span class="text-2xl">n/a</span>
+      <span class="text-xl">n/a sats</span><br>
      <span class="text-xl">sats</span>
      <br>
      <span class="text-sm text-gray-500">Balance unavailable</span>
    <% end %>
    </p>
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -1,5 +1,5 @@
 class AccountController < ApplicationController
-  before_action :authenticate_user!
+  before_action :require_user_signed_in
  def index
    @current_section = :account
--- a/app/controllers/admin/base_controller.rb
+++ b/app/controllers/admin/base_controller.rb
@@ -1,5 +1,4 @@
 class Admin::BaseController < ApplicationController
  include Pagy::Backend
  before_action :authenticate_user!
  before_action :authorize_admin
@@ -8,4 +7,5 @@ class Admin::BaseController < ApplicationController
  def set_context
    @context = :admin
  end
 end
--- a/app/controllers/admin/donations_controller.rb
+++ b/app/controllers/admin/donations_controller.rb
@@ -5,12 +5,7 @@ class Admin::DonationsController < Admin::BaseController
  # GET /donations
  # GET /donations.json
  def index
-    @pagy, @donations = pagy(Donation.all.order('created_at desc'))
+    @donations = Donation.all
    @stats = {
      overall_sats: @donations.all.sum("amount_sats"),
      donor_count: Donation.distinct.count(:user_id)
    }
  end
  # GET /donations/1
@@ -34,14 +29,10 @@ class Admin::DonationsController < Admin::BaseController
    respond_to do |format|
      if @donation.save
-        format.html do
+        format.html { redirect_to admin_donation_url(@donation), notice: 'Donation was successfully created.' }
          redirect_to admin_donation_url(@donation), flash: {
            success: 'Donation was successfully created.'
          }
        end
        format.json { render :show, status: :created, location: @donation }
      else
-        format.html { render :new, status: :unprocessable_entity }
+        format.html { render :new }
        format.json { render json: @donation.errors, status: :unprocessable_entity }
      end
    end
@@ -52,14 +43,10 @@ class Admin::DonationsController < Admin::BaseController
  def update
    respond_to do |format|
      if @donation.update(donation_params)
-        format.html do
+        format.html { redirect_to admin_donation_url(@donation), notice: 'Donation was successfully updated.' }
          redirect_to admin_donation_url(@donation), flash: {
            success: 'Donation was successfully updated.'
          }
        end
        format.json { render :show, status: :ok, location: @donation }
      else
-        format.html { render :edit, status: :unprocessable_entity }
+        format.html { render :edit }
        format.json { render json: @donation.errors, status: :unprocessable_entity }
      end
    end
@@ -70,10 +57,7 @@ class Admin::DonationsController < Admin::BaseController
  def destroy
    @donation.destroy
    respond_to do |format|
-      format.html do redirect_to admin_donations_url, flash: {
+      format.html { redirect_to admin_donations_url, notice: 'Donation was successfully destroyed.' }
        success: 'Donation was successfully destroyed.'
      }
      end
      format.json { head :no_content }
    end
  end
--- a/app/controllers/admin/invitations_controller.rb
+++ b/app/controllers/admin/invitations_controller.rb
@@ -1,12 +1,8 @@
 class Admin::InvitationsController < Admin::BaseController
  def index
    @current_section = :invitations
-    @pagy, @invitations_used = pagy(Invitation.used.order('used_at desc'))
+    @invitations_unused_count = Invitation.unused.count
-
+    @users_with_referrals_count = Invitation.used.distinct.count(:user_id)
-    @stats = {
+    @invitations_used = Invitation.used.order('used_at desc')
      available: Invitation.unused.count,
      accepted: @invitations_used.length,
      users_with_referrals: Invitation.used.distinct.count(:user_id)
    }
  end
 end
--- a/app/controllers/admin/ldap_users_controller.rb
+++ b/app/controllers/admin/ldap_users_controller.rb
@@ -0,0 +1,45 @@
 class Admin::LdapUsersController < Admin::BaseController
  before_action :set_current_section
  def index
    attributes = %w{dn cn uid mail admin}
    filter = Net::LDAP::Filter.eq("uid", "*")
    @ou = params[:ou] || "kosmos.org"
    treebase = "ou=#{@ou},cn=users,dc=kosmos,dc=org"
    entries = ldap_client.search(base: treebase, filter: filter, attributes: attributes)
    entries.sort_by! { |e| e.cn[0] }
    @entries = entries.collect do |e|
      {
        uid: e.uid.first,
        mail: e.try(:mail) ? e.mail.first : nil,
        admin: e.try(:admin) ? 'admin' : nil
        # password: e.userpassword.first
      }
    end
    # ldap_client.get_operation_result
  end
  private
  def ldap_client
    ldap_client ||= Net::LDAP.new host: ldap_config['host'],
      port: ldap_config['port'],
      # encryption: ldap_config['ssl'],
      auth: {
        method: :simple,
        username: ldap_config['admin_user'],
        password: ldap_config['admin_password']
      }
  end
  def ldap_config
    ldap_config ||= YAML.load(ERB.new(File.read("#{Rails.root}/config/ldap.yml")).result)[Rails.env]
  end
  def set_current_section
    @current_section = :ldap_users
  end
 end
--- a/app/controllers/admin/lightning_controller.rb
+++ b/app/controllers/admin/lightning_controller.rb
@@ -1,21 +0,0 @@
 class Admin::LightningController < Admin::BaseController
  before_action :check_feature_enabled
  def index
    @current_section = :lightning
    @users = User.pluck(:cn, :ou, :ln_account)
    @accounts = LndhubAccount.with_balances.order(balance: :desc).to_a
    @ln = {}
    @ln[:current_balance] = LndhubAccount.current.joins(:ledgers).sum("account_ledgers.amount")
    @ln[:users_with_sats] = @accounts.length
  end
  def check_feature_enabled
    if !Setting.lndhub_admin_enabled?
      flash[:alert] = "Lightning Admin UI not enabled"
      redirect_to admin_root_path and return
    end
  end
 end
--- a/app/controllers/admin/settings/registrations_controller.rb
+++ b/app/controllers/admin/settings/registrations_controller.rb
@@ -1,12 +0,0 @@
 class Admin::Settings::RegistrationsController < Admin::SettingsController
  def index
  end
  def create
    update_settings
    redirect_to admin_settings_registrations_path, flash: {
      success: "Settings saved"
    }
  end
 end
--- a/app/controllers/admin/settings/services_controller.rb
+++ b/app/controllers/admin/settings/services_controller.rb
@@ -1,19 +0,0 @@
 class Admin::Settings::ServicesController < Admin::SettingsController
  def index
    @service = params[:s]
    if @service.blank?
      redirect_to admin_settings_services_path(params: { s: "discourse" })
    end
  end
  def create
    service = params.require(:service)
    update_settings
    redirect_to admin_settings_services_path(params: { s: service }), flash: {
      success: "Settings saved"
    }
  end
 end
--- a/app/controllers/admin/settings_controller.rb
+++ b/app/controllers/admin/settings_controller.rb
@@ -1,40 +0,0 @@
 class Admin::SettingsController < Admin::BaseController
  before_action :set_current_section
  def index
  end
  def update_settings
    @errors = ActiveModel::Errors.new(Setting.new)
    changed_keys = []
    setting_params.keys.each do |key|
      next if setting_params[key].nil? ||
              (Setting.send(key).to_s == setting_params[key].strip)
      changed_keys.push(key)
      setting = Setting.new(var: key)
      setting.value = setting_params[key].strip
      unless setting.valid?
        @errors.merge!(setting.errors)
      end
    end
    if @errors.any?
      render :index and return
    end
    changed_keys.each do |key|
      Setting.send("#{key}=", setting_params[key].strip)
    end
  end
  private
    def set_current_section
      @current_section = :settings
    end
    def setting_params
      params.require(:setting).permit(Setting.editable_keys.map(&:to_sym))
    end
 end
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -1,35 +0,0 @@
 class Admin::UsersController < Admin::BaseController
  before_action :set_user, only: [:show]
  before_action :set_current_section
  def index
    ldap   = LdapService.new
    @ou    = params[:ou] || Setting.primary_domain
    @orgs  = ldap.fetch_organizations
    @pagy, @users = pagy(User.where(ou: @ou).order(cn: :asc))
    @stats = {
      users_confirmed: User.where(ou: @ou).confirmed.count,
      users_pending: User.where(ou: @ou).pending.count
    }
  end
  def show
    if Setting.lndhub_admin_enabled?
      @lndhub_user = @user.lndhub_user
    end
    @services_enabled = @user.services_enabled
  end
  private
  def set_user
    address = params[:address].split("@")
    @user = User.where(cn: address.first, ou: address.last).first
  end
  def set_current_section
    @current_section = :users
  end
 end
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -3,18 +3,6 @@ class ApplicationController < ActionController::Base
    render :text => exception, :status => 500
  end
  before_action :sentry_set_user
  def sentry_set_user
    return unless Setting.sentry_enabled
    if user_signed_in?
      Sentry.set_user(id: current_user.id, username: current_user.cn)
    else
      Sentry.set_user({})
    end
  end
  def require_user_signed_in
    unless user_signed_in?
      redirect_to welcome_path and return
--- a/app/controllers/contributions/donations_controller.rb
+++ b/app/controllers/contributions/donations_controller.rb
@@ -1,5 +1,5 @@
 class Contributions::DonationsController < ApplicationController
-  before_action :authenticate_user!
+  before_action :require_user_signed_in
  # GET /donations
  # GET /donations.json
--- a/app/controllers/contributions/projects_controller.rb
+++ b/app/controllers/contributions/projects_controller.rb
@@ -1,5 +1,5 @@
 class Contributions::ProjectsController < ApplicationController
-  before_action :authenticate_user!
+  before_action :require_user_signed_in
  # GET /contributions
  def index
--- a/app/controllers/dashboard_controller.rb
+++ b/app/controllers/dashboard_controller.rb
@@ -2,6 +2,6 @@ class DashboardController < ApplicationController
  before_action :require_user_signed_in
  def index
-    @current_section = :services
+    @current_section = :dashboard
  end
 end
--- a/app/controllers/discourse/sso_controller.rb
+++ b/app/controllers/discourse/sso_controller.rb
@@ -1,17 +0,0 @@
 class Discourse::SsoController < ApplicationController
  before_action :authenticate_user!
  def connect
    secret = Setting.discourse_connect_secret
    sso = DiscourseApi::SingleSignOn.parse(request.query_string, secret)
    sso.external_id = current_user.id
    sso.email = current_user.email
    sso.username = current_user.cn
    sso.name = current_user.display_name
    sso.admin = current_user.is_admin?
    sso.sso_secret = secret
    redirect_to sso.to_url("#{Setting.discourse_public_url}/session/sso_login"),
                allow_other_host: true
  end
 end
--- a/app/controllers/invitations_controller.rb
+++ b/app/controllers/invitations_controller.rb
@@ -1,11 +1,11 @@
 class InvitationsController < ApplicationController
-  before_action :authenticate_user!, except: ["show"]
+  before_action :require_user_signed_in, except: ["show"]
  before_action :require_user_signed_out, only: ["show"]
  # GET /invitations
  def index
    @invitations_unused = current_user.invitations.unused
-    @invitations_used   = current_user.invitations.used.order('used_at desc')
+    @invitations_used   = current_user.invitations.used
    @current_section = :invitations
  end
@@ -27,10 +27,7 @@ class InvitationsController < ApplicationController
    respond_to do |format|
      if @invitation.save
-        format.html do redirect_to @invitation, flash: {
+        format.html { redirect_to @invitation, notice: 'Invitation was successfully created.' }
          success: 'Invitation was successfully created.'
        }
        end
        format.json { render :show, status: :created, location: @invitation }
      else
        format.html { render :new }
--- a/app/controllers/lnurlpay_controller.rb
+++ b/app/controllers/lnurlpay_controller.rb
@@ -1,5 +1,4 @@
 class LnurlpayController < ApplicationController
  before_action :check_feature_enabled
  before_action :find_user_by_address
  MIN_SATS = 10
@@ -18,20 +17,6 @@ class LnurlpayController < ApplicationController
    }
  end
  def keysend
    http_status :not_found and return unless Setting.lndhub_keysend_enabled?
    render json: {
      status: "OK",
      tag: "keysend",
      pubkey: Setting.lndhub_public_key,
      customData: [{
        customKey: "696969",
        customValue: @user.ln_account
      }]
    }
  end
  def invoice
    amount = params[:amount].to_i / 1000 # msats
    address = params[:address]
@@ -47,7 +32,7 @@ class LnurlpayController < ApplicationController
      return
    end
-    memo = "To #{address}"
+    memo = "Sats for #{address}"
    memo = "#{memo}: \"#{comment}\"" if comment.present?
    payment_request = @user.ln_create_invoice({
@@ -87,9 +72,4 @@ class LnurlpayController < ApplicationController
    comment.length <= MAX_COMMENT_CHARS
  end
  private
  def check_feature_enabled
    http_status :not_found unless Setting.lndhub_enabled?
  end
 end
--- a/app/controllers/services/lightning_controller.rb
+++ b/app/controllers/services/lightning_controller.rb
@@ -1,137 +0,0 @@
 require "rqrcode"
 require "lnurl"
 class Services::LightningController < ApplicationController
  before_action :authenticate_user!
  before_action :authenticate_with_lndhub
  before_action :set_current_section
  before_action :fetch_balance
  def index
    @wallet_url = "lndhub://#{current_user.ln_account}:#{current_user.ln_password}@#{ENV['LNDHUB_PUBLIC_URL']}"
    initialize_lndhub_qr_code
  end
  def transactions
    @transactions = fetch_transactions
  end
  def qr_lnurlp
    lnurlp_url = "https://kosmos.org/.well-known/lnurlp/#{current_user.cn}"
    lnurlp_bech32 = Lnurl.new(lnurlp_url).to_bech32
    qr_code = RQRCode::QRCode.new("lightning:" + lnurlp_bech32)
    respond_to do |format|
      format.svg do
        qr_svg = qr_code.as_svg(
          color: "000",
          shape_rendering: "crispEdges",
          module_size: 6,
          standalone: true,
          use_path: true,
          svg_attributes: {
            class: 'inline-block'
          }
        )
        send_data(
          qr_svg,
          filename: "bitcoin-lightning-#{current_user.address}.svg",
          type: "image/svg+xml"
        )
      end
      format.png do
        qr_png = qr_code.as_png(
          fill: "white",
          color: "black",
          size: 1024,
        )
        send_data(
          qr_png,
          filename: "bitcoin-lightning-#{current_user.address}.png",
          type: "image/png"
        )
      end
    end
  end
  private
  def initialize_lndhub_qr_code
    qr_code = RQRCode::QRCode.new(@wallet_url)
    @lndhub_qr_svg = qr_code.as_svg(
      color: "000",
      shape_rendering: "crispEdges",
      module_size: 6,
      standalone: true,
      use_path: true,
      svg_attributes: {
        class: 'inline-block'
      }
    )
  end
  def authenticate_with_lndhub(options={})
    if session[:ln_auth_token].present? && !options[:force_reauth]
      @ln_auth_token = session[:ln_auth_token]
    else
      lndhub = Lndhub.new
      auth_token = lndhub.authenticate(current_user)
      session[:ln_auth_token] = auth_token
      @ln_auth_token = auth_token
    end
  rescue => e
    Sentry.capture_exception(e) if Setting.sentry_enabled?
  end
  def set_current_section
    @current_section = :services
  end
  def fetch_balance
    lndhub = Lndhub.new
    data = lndhub.balance @ln_auth_token
    @balance = data["BTC"]["AvailableBalance"] rescue nil
  rescue AuthError
    authenticate_with_lndhub(force_reauth: true)
    raise if @fetch_balance_retried
    @fetch_balance_retried = true
    fetch_balance
  end
  def fetch_transactions
    lndhub = Lndhub.new
    txs = lndhub.gettxs @ln_auth_token
    invoices = lndhub.getuserinvoices(@ln_auth_token).select{|i| i["ispaid"]}
    process_transactions(txs + invoices)
  rescue AuthError
    authenticate_with_lndhub(force_reauth: true)
    raise if @fetch_transactions_retried
    @fetch_transactions_retried = true
    fetch_transactions
  end
  def process_transactions(txs)
    txs.collect do |tx|
      if tx["type"] == "bitcoind_tx"
        tx["amount_sats"] = (tx["amount"] * 100000000).to_i
        tx["datetime"] = Time.at(tx["time"].to_i)
        tx["title"] = "Received"
        tx["description"] = "On-chain topup"
        tx["received"] = true
      else
        tx["amount_sats"] = tx["value"] || tx["amt"]
        tx["fee"] = tx["type"] == "paid_invoice" ? tx["fee"] : nil
        tx["datetime"] = Time.at(tx["timestamp"].to_i)
        tx["title"] = tx["type"] == "paid_invoice" ? "Sent" : "Received"
        tx["description"] = tx["memo"] || tx["description"]
        tx["received"] = tx["type"] == "user_invoice"
      end
    end
    # Handle an edge case where lndhub.go includes a failed payment in the
    # list, which wasn't actually booked
    txs.reject!{ |tx| tx["type"] == "paid_invoice" && tx["payment_preimage"].blank? }
    txs.sort{ |a,b| b["datetime"] <=> a["datetime"] }
  end
 end
--- a/app/controllers/services/remotestorage_controller.rb
+++ b/app/controllers/services/remotestorage_controller.rb
@@ -1,30 +0,0 @@
 class Services::RemotestorageController < ApplicationController
  before_action :require_user_signed_in
  before_action :require_service_enabled
  before_action :require_feature_enabled
  before_action :set_current_section
  def dashboard
    # unless current_user.services_enabled.include?(:remotestorage)
    #   redirect_to service_remotestorage_info_path
    # end
  end
  private
    def require_feature_enabled
      unless Flipper.enabled?(:remotestorage, current_user)
        http_status :forbidden
      end
    end
    def require_service_enabled
      unless Setting.remotestorage_enabled?
        http_status :not_found
      end
    end
    def set_current_section
      @current_section = :services
    end
 end
--- a/app/controllers/settings/account_controller.rb
+++ b/app/controllers/settings/account_controller.rb
@@ -0,0 +1,13 @@
 class Settings::AccountController < SettingsController
  def index
  end
  def reset_password
    current_user.send_reset_password_instructions
    sign_out current_user
    msg = "We have sent you an email with a link to reset your password."
    redirect_to check_your_email_path, notice: msg
  end
 end
--- a/app/controllers/settings/profile_controller.rb
+++ b/app/controllers/settings/profile_controller.rb
@@ -0,0 +1,11 @@
 class Settings::ProfileController < SettingsController
  def index
    @user = current_user
  end
  def update
  end
 end
--- a/app/controllers/settings_controller.rb
+++ b/app/controllers/settings_controller.rb
@@ -1,135 +1,13 @@
 require 'securerandom'
 class SettingsController < ApplicationController
-  before_action :authenticate_user!
+  before_action :require_user_signed_in
-  before_action :set_main_nav_section
+  before_action :set_current_section
  before_action :set_settings_section, only: [:show, :update, :update_email]
  before_action :set_user, only: [:show, :update, :update_email]
  def index
    redirect_to setting_path(:profile)
  end
  def show
    if @settings_section == "experiments"
      session[:shared_secret] ||= SecureRandom.base64(12)
    end
  end
  def update
    @user.preferences.merge!(user_params[:preferences] || {})
    @user.display_name = user_params[:display_name]
    if @user.save
      if @user.display_name && (@user.display_name != @user.ldap_entry[:display_name])
        LdapManager::UpdateDisplayName.call(@user.dn, user_params[:display_name])
      end
      redirect_to setting_path(@settings_section), flash: {
        success: 'Settings saved.'
      }
    else
      @validation_errors = @user.errors
      render :show, status: :unprocessable_entity
    end
  end
  def update_email
    if @user.valid_ldap_authentication?(email_params[:current_password])
      if @user.update email: email_params[:email]
        redirect_to setting_path(:account), flash: {
          notice: 'Please confirm your new address using the confirmation link we just sent you.'
        }
      else
        @validation_errors = @user.errors
        render :show, status: :unprocessable_entity
      end
    else
      redirect_to setting_path(:account), flash: {
        error: 'Password did not match your current password. Try again.'
      }
    end
  end
  def reset_password
    current_user.send_reset_password_instructions
    sign_out current_user
    msg = "We have sent you an email with a link to reset your password."
    redirect_to check_your_email_path, notice: msg
  end
  def set_nostr_pubkey
    signed_event = nostr_event_params[:signed_event].to_h.symbolize_keys
    is_valid_id  = NostrManager::ValidateId.call(signed_event)
    is_valid_sig = NostrManager::VerifySignature.call(signed_event)
    is_correct_content = signed_event[:content] == "Connect my public key to #{current_user.address} (confirmation #{session[:shared_secret]})"
    unless is_valid_id && is_valid_sig && is_correct_content
      flash[:alert] = "Public key could not be verified"
      http_status :unprocessable_entity and return
    end
    pubkey_taken = User.all_except(current_user).where(
      ou: current_user.ou, nostr_pubkey: signed_event[:pubkey]
    ).any?
    if pubkey_taken
      flash[:alert] = "Public key already in use for a different account"
      http_status :unprocessable_entity and return
    end
    current_user.update! nostr_pubkey: signed_event[:pubkey]
    session[:shared_secret] = nil
    flash[:success] = "Public key verification successful"
    http_status :ok
  rescue
    flash[:alert] = "Public key could not be verified"
    http_status :unprocessable_entity and return
  end
  # DELETE /settings/nostr_pubkey
  def remove_nostr_pubkey
    current_user.update! nostr_pubkey: nil
    redirect_to setting_path(:experiments), flash: {
      success: 'Public key removed from account'
    }
  end
  private
-    def set_main_nav_section
+  def set_current_section
-      @current_section = :settings
+    @current_section = :settings
-    end
+  end
    def set_settings_section
      @settings_section = params[:section]
      allowed_sections = [:profile, :account, :lightning, :xmpp, :experiments]
      unless allowed_sections.include?(@settings_section.to_sym)
        redirect_to setting_path(:profile)
      end
    end
    def set_user
      @user = current_user
    end
    def user_params
      params.require(:user).permit(:display_name, preferences: [
        :lightning_notify_sats_received,
        :xmpp_exchange_contacts_with_invitees
      ])
    end
    def email_params
      params.require(:user).permit(:email, :current_password)
    end
    def nostr_event_params
      params.permit(signed_event: [
        :id, :pubkey, :created_at, :kind, :tags, :content, :sig
      ])
    end
 end
--- a/app/controllers/signup_controller.rb
+++ b/app/controllers/signup_controller.rb
@@ -88,7 +88,7 @@ class SignupController < ApplicationController
    if session[:new_user].present?
      @user = User.new(session[:new_user])
    else
-      @user = User.new(ou: Setting.primary_domain)
+      @user = User.new(ou: "kosmos.org")
    end
  end
@@ -98,7 +98,7 @@ class SignupController < ApplicationController
    CreateAccount.call(
      username: @user.cn,
-      domain: Setting.primary_domain,
+      domain: "kosmos.org",
      email: @user.email,
      password: @user.password,
      invitation: @invitation
--- a/app/controllers/users/confirmations_controller.rb
+++ b/app/controllers/users/confirmations_controller.rb
@@ -1,17 +0,0 @@
 # frozen_string_literal: true
 class Users::ConfirmationsController < Devise::ConfirmationsController
  # GET /resource/confirmation?confirmation_token=abcdef
  def show
    self.resource = resource_class.confirm_by_token(params[:confirmation_token])
    yield resource if block_given?
    if resource.errors.empty?
      set_flash_message!(:success, :confirmed)
      resource.devise_after_confirmation
      respond_with_navigational(resource){ redirect_to after_confirmation_path_for(resource_name, resource) }
    else
      respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new }
    end
  end
 end
--- a/app/controllers/wallet_controller.rb
+++ b/app/controllers/wallet_controller.rb
@@ -0,0 +1,81 @@
 require "rqrcode"
 class WalletController < ApplicationController
  before_action :require_user_signed_in
  before_action :authenticate_with_lndhub
  before_action :set_current_section
  before_action :fetch_balance
  def index
    @wallet_url = "lndhub://#{current_user.ln_login}:#{current_user.ln_password}@#{ENV['LNDHUB_PUBLIC_URL']}"
    qrcode = RQRCode::QRCode.new(@wallet_url)
    @svg = qrcode.as_svg(
      color: "000",
      shape_rendering: "crispEdges",
      module_size: 6,
      standalone: true,
      use_path: true,
      svg_attributes: {
        class: 'inline-block'
      }
    )
  end
  def transactions
    @transactions = fetch_transactions
  end
  private
  def authenticate_with_lndhub
    if session["ln_auth_token"].present?
      @ln_auth_token = session["ln_auth_token"]
    else
      lndhub = Lndhub.new
      auth_token = lndhub.authenticate(current_user)
      session["ln_auth_token"] = auth_token
      @ln_auth_token = auth_token
    end
  rescue
    # TODO add exception tracking
  end
  def set_current_section
    @current_section = :wallet
  end
  def fetch_balance
    lndhub = Lndhub.new
    data = lndhub.balance @ln_auth_token
    @balance = data["BTC"]["AvailableBalance"] rescue nil
  end
  def fetch_transactions
    lndhub = Lndhub.new
    txs = lndhub.gettxs @ln_auth_token
    invoices = lndhub.getuserinvoices(@ln_auth_token).select{|i| i["ispaid"]}
    process_transactions(txs + invoices)
  end
  def process_transactions(txs)
    txs.collect do |tx|
      if tx["type"] == "bitcoind_tx"
        tx["amount_sats"] = (tx["amount"] * 100000000).to_i
        tx["datetime"] = Time.at(tx["time"].to_i)
        tx["title"] = "Received"
        tx["description"] = "On-chain topup"
        tx["received"] = true
      else
        tx["amount_sats"] = tx["value"] || tx["amt"]
        tx["datetime"] = Time.at(tx["timestamp"].to_i)
        tx["title"] = tx["type"] == "paid_invoice" ? "Sent" : "Received"
        tx["description"] = tx["memo"] || tx["description"]
        tx["received"] = tx["type"] == "user_invoice"
      end
    end
    txs.sort{ |a,b| b["datetime"] <=> a["datetime"] }
  end
 end
--- a/app/controllers/webfinger_controller.rb
+++ b/app/controllers/webfinger_controller.rb
@@ -1,57 +0,0 @@
 class WebfingerController < ApplicationController
  before_action :allow_cross_origin_requests, only: [:show]
  layout false
  def show
    resource = params[:resource]
    if resource && resource.match(/acct:\w+/)
      useraddress = resource.split(":").last
      username, org = useraddress.split("@")
      username.downcase!
      unless User.where(cn: username, ou: org).any?
        head 404 and return
      end
      render json: webfinger(useraddress).to_json,
             content_type: "application/jrd+json"
    else
      head 422 and return
    end
  end
  private
  def webfinger(useraddress)
    links = [];
    links << remotestorage_link(useraddress) if Setting.remotestorage_enabled
    { "links" => links }
  end
  def remotestorage_link(useraddress)
    # TODO use when OAuth routes are available
    # auth_url = new_rs_oauth_url(useraddress)
    auth_url = "https://example.com/rs/oauth"
    storage_url = "#{Setting.rs_storage_url}/#{useraddress}"
    {
      "rel" => "http://tools.ietf.org/id/draft-dejong-remotestorage",
      "href" => storage_url,
      "properties" => {
        "http://remotestorage.io/spec/version" => "draft-dejong-remotestorage-13",
        "http://tools.ietf.org/html/rfc6749#section-4.2" => auth_url,
        "http://tools.ietf.org/html/rfc6750#section-2.3" => nil, # access token via a HTTP query parameter
        "http://tools.ietf.org/html/rfc7233": "GET", # content range requests
        "http://remotestorage.io/spec/web-authoring": nil
      }
    }
  end
  def allow_cross_origin_requests
    headers['Access-Control-Allow-Origin'] = '*'
    headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, OPTIONS'
  end
 end
--- a/app/controllers/webhooks_controller.rb
+++ b/app/controllers/webhooks_controller.rb
@@ -1,46 +0,0 @@
 class WebhooksController < ApplicationController
  skip_forgery_protection
  before_action :authorize_request
  def lndhub
    begin
      payload = JSON.parse(request.body.read, symbolize_names: true)
      head :no_content and return unless payload[:type] == "incoming"
    rescue
      head :unprocessable_entity and return
    end
    user = User.find_by!(ln_account: payload[:user_login])
    notify = user.preferences[:lightning_notify_sats_received]
    case notify
    when "xmpp"
      notify_xmpp(user.address, payload[:amount], payload[:memo])
    when "email"
      NotificationMailer.with(user: user, amount_sats: payload[:amount])
                        .lightning_sats_received.deliver_later
    end
    head :ok
  end
  private
  # TODO refactor into mailer-like generic class/service
  def notify_xmpp(address, amt_sats, memo)
    payload = {
      type: "normal",
      from: Setting.primary_domain,
      to: address,
      subject: "Sats received!",
      body: "#{helpers.number_with_delimiter amt_sats} sats received in your Lightning wallet:\n> #{memo}"
    }
    XmppSendMessageJob.perform_later(payload)
  end
  def authorize_request
    if !ENV['WEBHOOKS_ALLOWED_IPS'].split(',').include?(request.remote_ip)
      head :forbidden and return
    end
  end
 end
--- a/app/controllers/well_known_controller.rb
+++ b/app/controllers/well_known_controller.rb
@@ -1,16 +0,0 @@
 class WellKnownController < ApplicationController
  def nostr
    http_status :unprocessable_entity and return if params[:name].blank?
    domain = request.headers["X-Forwarded-Host"].presence || Setting.primary_domain
    @user = User.where(cn: params[:name], ou: domain).first
    http_status :not_found and return if @user.nil? || @user.nostr_pubkey.blank?
    respond_to do |format|
      format.json do
        render json: {
          names: { "#{@user.cn}": @user.nostr_pubkey }
        }.to_json
      end
    end
  end
 end
--- a/app/errors/auth_error.rb
+++ b/app/errors/auth_error.rb
@@ -1 +0,0 @@
 class AuthError < StandardError; end
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -1,6 +1,4 @@
 module ApplicationHelper
  include Pagy::Frontend
  def sats_to_btc(sats)
    sats.to_f / 100000000
  end
@@ -12,10 +10,5 @@ module ApplicationHelper
      "text-gray-300 hover:bg-gray-900/30 hover:text-white active:bg-gray-900/30 active:text-white px-3 py-2 rounded-md font-medium text-base md:text-sm block md:inline-block"
    end
  end
  # Colors available: gray, red, yellow, green, blue, purple, pink
  # (Add more colors by adding classes to the safelist in tailwind.config.js)
  def badge(text, color)
    tag.span text, class: "inline-flex items-center rounded-full bg-#{color}-100 px-2.5 py-0.5 text-xs font-medium text-#{color}-800"
  end
 end
--- a/app/helpers/ldap_users_helper.rb
+++ b/app/helpers/ldap_users_helper.rb
@@ -0,0 +1,2 @@
 module LdapUsersHelper
 end
--- a/app/helpers/users_helper.rb
+++ b/app/helpers/users_helper.rb
@@ -1,2 +0,0 @@
 module UsersHelper
 end
--- a/app/javascript/controllers/notification_controller.js
+++ b/app/javascript/controllers/notification_controller.js
@@ -4,10 +4,6 @@ export default class extends Controller {
  static targets = ["buttons", "countdown"]
  connect() {
    // Devise timeoutable ends up adding a second flash message without content
    // TODO investigate bug
    if (this.element.textContent.trim() == "true") return;
    const timeoutSeconds = parseInt(this.data.get("timeout"));
    setTimeout(() => {
--- a/app/javascript/controllers/settings/account/email_controller.js
+++ b/app/javascript/controllers/settings/account/email_controller.js
@@ -1,27 +0,0 @@
 import { Controller } from "@hotwired/stimulus"
 export default class extends Controller {
  static targets = [ "emailField", "editEmailButton" ]
  static values = { validationFailed: Boolean }
  connect () {
    if (this.validationFailedValue) return;
    this.emailFieldTarget.disabled = true;
    this.element.querySelectorAll(".initial-hidden").forEach(el => {
      el.classList.add("hidden");
    })
    this.element.querySelectorAll(".initial-visible").forEach(el => {
      el.classList.remove("hidden");
    })
  }
  editEmail () {
    this.emailFieldTarget.disabled = false;
    this.emailFieldTarget.select();
    this.editEmailButtonTarget.classList.add("hidden");
    this.element.querySelectorAll(".initial-hidden").forEach(el => {
      el.classList.remove("hidden");
    })
  }
 }
--- a/app/javascript/controllers/settings/nostr_pubkey_controller.js
+++ b/app/javascript/controllers/settings/nostr_pubkey_controller.js
@@ -1,65 +0,0 @@
 import { Controller } from "@hotwired/stimulus"
 import { bech32 } from "bech32"
 function hexToBytes (hex) {
  let bytes = []
  for (let c = 0; c < hex.length; c += 2) {
    bytes.push(parseInt(hex.substr(c, 2), 16))
  }
  return bytes
 }
 // Connects to data-controller="settings--nostr-pubkey"
 export default class extends Controller {
  static targets = [ "noExtension", "setPubkey", "pubkeyBech32Input" ]
  static values  = { userAddress: String, pubkeyHex: String, sharedSecret: String }
  connect () {
    if (this.hasPubkeyHexValue && this.pubkeyHexValue.length > 0) {
      this.pubkeyBech32InputTarget.value = this.pubkeyBech32
    }
    if (window.nostr) {
      if (this.hasSetPubkeyTarget) {
        this.setPubkeyTarget.disabled = false
      }
    } else {
      this.noExtensionTarget.classList.remove("hidden")
    }
  }
  async setPubkey () {
    this.setPubkeyTarget.disabled = true
    try {
      const signedEvent = await window.nostr.signEvent({
        created_at: Math.floor(Date.now() / 1000),
        kind: 1,
        tags: [],
        content: `Connect my public key to ${this.userAddressValue} (confirmation ${this.sharedSecretValue})`
      })
      const res = await fetch("/settings/set_nostr_pubkey", {
        method: "POST", credentials: "include", headers: {
          "Accept": "application/json", 'Content-Type': 'application/json',
          "X-CSRF-Token": this.csrfToken
        }, body: JSON.stringify({ signed_event: signedEvent })
      });
      window.location.reload()
    } catch (error) {
      console.warn('Unable to verify pubkey:', error.message)
      this.setPubkeyTarget.disabled = false
    }
  }
  get pubkeyBech32 () {
    const words = bech32.toWords(hexToBytes(this.pubkeyHexValue))
    return bech32.encode('npub', words)
  }
  get csrfToken () {
    const element = document.head.querySelector('meta[name="csrf-token"]')
    return element.getAttribute("content")
  }
 }
--- a/app/javascript/controllers/settings/toggle_controller.js
+++ b/app/javascript/controllers/settings/toggle_controller.js
@@ -1,30 +0,0 @@
 import { Controller } from "@hotwired/stimulus"
 export default class extends Controller {
  static targets = [ "button", "switch", "checkbox" ]
  static values = { switchEnabled: Boolean }
  connect () {
    this.buttonTarget.classList.remove("hidden")
    this.checkboxTarget.classList.add("hidden")
  }
  toggleSwitch () {
    this.switchEnabledValue = !this.switchEnabledValue
    this.checkboxTarget.checked = this.switchEnabledValue
    if (this.switchEnabledValue) {
      this.buttonTarget.setAttribute("aria-checked", "true");
      this.buttonTarget.classList.remove("bg-gray-200")
      this.buttonTarget.classList.add("bg-blue-600")
      this.switchTarget.classList.remove("translate-x-0")
      this.switchTarget.classList.add("translate-x-5")
    } else {
      this.buttonTarget.setAttribute("aria-checked", "false");
      this.buttonTarget.classList.remove("bg-blue-600")
      this.buttonTarget.classList.add("bg-gray-200")
      this.switchTarget.classList.remove("translate-x-5")
      this.switchTarget.classList.add("translate-x-0")
    }
  }
 }
--- a/app/jobs/create_lndhub_account_job.rb
+++ b/app/jobs/create_lndhub_account_job.rb
@@ -1,13 +0,0 @@
 class CreateLndhubAccountJob < ApplicationJob
  queue_as :default
  def perform(user)
    return if user.ln_account.present? && user.ln_password.present?
    lndhub = LndhubV2.new
    credentials = lndhub.create_account
    user.update! ln_account: credentials["login"],
                 ln_password: credentials["password"]
  end
 end
--- a/app/jobs/create_lndhub_wallet_job.rb
+++ b/app/jobs/create_lndhub_wallet_job.rb
@@ -0,0 +1,13 @@
 class CreateLndhubWalletJob < ApplicationJob
  queue_as :default
  def perform(user)
    return if user.ln_login.present? && user.ln_password.present?
    lndhub = Lndhub.new
    credentials = lndhub.create({ partnerid: user.ou, accounttype: "user" })
    user.update! ln_login: credentials["login"],
                 ln_password: credentials["password"]
  end
 end
--- a/app/jobs/exchange_xmpp_contacts_job.rb
+++ b/app/jobs/exchange_xmpp_contacts_job.rb
@@ -0,0 +1,18 @@
 class ExchangeXmppContactsJob < ApplicationJob
  queue_as :default
  def perform(inviter, username, domain)
    ejabberd = EjabberdApiClient.new
    ejabberd.add_rosteritem({
      "localuser": username, "localhost": domain,
      "user": inviter.cn, "host": inviter.ou,
      "nick": inviter.cn, "group": "Friends", "subs": "both"
    })
    ejabberd.add_rosteritem({
      "localuser": inviter.cn, "localhost": inviter.ou,
      "user": username, "host": domain,
      "nick": username, "group": "Friends", "subs": "both"
    })
  end
 end
--- a/app/jobs/xmpp_exchange_contacts_job.rb
+++ b/app/jobs/xmpp_exchange_contacts_job.rb
@@ -1,22 +0,0 @@
 class XmppExchangeContactsJob < ApplicationJob
  queue_as :default
  def perform(inviter, invitee)
    return unless inviter.services_enabled.include?("xmpp") &&
                  invitee.services_enabled.include?("xmpp") &&
                  inviter.preferences[:xmpp_exchange_contacts_with_invitees]
    ejabberd = EjabberdApiClient.new
    ejabberd.add_rosteritem({
      "localuser": invitee.cn, "localhost": invitee.ou,
      "user": inviter.cn, "host": inviter.ou,
      "nick": inviter.cn, "group": Setting.ejabberd_buddy_roster, "subs": "both"
    })
    ejabberd.add_rosteritem({
      "localuser": inviter.cn, "localhost": inviter.ou,
      "user": invitee.cn, "host": invitee.ou,
      "nick": invitee.cn, "group": Setting.ejabberd_buddy_roster, "subs": "both"
    })
  end
 end
--- a/app/jobs/xmpp_send_message_job.rb
+++ b/app/jobs/xmpp_send_message_job.rb
@@ -1,8 +0,0 @@
 class XmppSendMessageJob < ApplicationJob
  queue_as :default
  def perform(payload)
    ejabberd = EjabberdApiClient.new
    ejabberd.send_message payload
  end
 end
--- a/app/jobs/xmpp_set_default_bookmarks_job.rb
+++ b/app/jobs/xmpp_set_default_bookmarks_job.rb
@@ -1,26 +0,0 @@
 class XmppSetDefaultBookmarksJob < ApplicationJob
  queue_as :default
  def perform(user)
    return unless Setting.xmpp_default_rooms.any?
    @user = user
    ejabberd = EjabberdApiClient.new
    ejabberd.private_set user, storage_content
  end
  def storage_content
    bookmarks = ""
    Setting.xmpp_default_rooms.each do |r|
      bookmarks << conference_element(
        jid: r[/<(.+)>/, 1], name: r[/^(.+)\s/, 1], nick: @user.cn,
        autojoin: Setting.xmpp_autojoin_default_rooms
      )
    end
    "<storage xmlns='storage:bookmarks'>#{bookmarks}</storage>"
  end
  def conference_element(jid:, name:, autojoin: false, nick:)
    "<conference jid='#{jid}' name='#{name}' autojoin='#{autojoin.to_s}'><nick>#{nick}</nick></conference>"
  end
 end
--- a/app/mailers/application_mailer.rb
+++ b/app/mailers/application_mailer.rb
@@ -1,3 +1,4 @@
 class ApplicationMailer < ActionMailer::Base
  default from: 'from@example.com'
  layout 'mailer'
 end
--- a/app/mailers/custom_mailer.rb
+++ b/app/mailers/custom_mailer.rb
@@ -1,23 +0,0 @@
 # A custom mailer that can be used from the Rails console for one-off emails
 # today, and later connected from an admin panel mailing page.
 #
 # Assign any template variables you want to use:
 #
 #     user = User.first
 #
 # Create the email body from a custom email template file:
 #
 #     body = ERB.new(File.read('./tmp/mailer-1.txt.erb')).result binding
 #
 # Send email via Sidekiq:
 #
 #     CustomMailer.with(user: user, subject: "Important announcement", body: body).custom_message.deliver_later
 #
 class CustomMailer < ApplicationMailer
  def custom_message
    @user = params[:user]
    @subject = params[:subject]
    @body = params[:body]
    mail(to: @user.email, subject: @subject)
  end
 end
--- a/app/mailers/devise/mailer.rb
+++ b/app/mailers/devise/mailer.rb
@@ -1,34 +0,0 @@
 # frozen_string_literal: true
 if defined?(ActionMailer)
  class Devise::Mailer < Devise.parent_mailer.constantize
    include Devise::Mailers::Helpers
    def confirmation_instructions(record, token, opts = {})
      @token = token
      if record.pending_reconfirmation?
        devise_mail(record, :reconfirmation_instructions, opts)
      else
        devise_mail(record, :confirmation_instructions, opts)
      end
    end
    def reset_password_instructions(record, token, opts = {})
      @token = token
      devise_mail(record, :reset_password_instructions, opts)
    end
    def unlock_instructions(record, token, opts = {})
      @token = token
      devise_mail(record, :unlock_instructions, opts)
    end
    def email_changed(record, opts = {})
      devise_mail(record, :email_changed, opts)
    end
    def password_change(record, opts = {})
      devise_mail(record, :password_change, opts)
    end
  end
 end
--- a/app/mailers/notification_mailer.rb
+++ b/app/mailers/notification_mailer.rb
@@ -1,8 +0,0 @@
 class NotificationMailer < ApplicationMailer
  def lightning_sats_received
    @user = params[:user]
    @amount_sats = params[:amount_sats]
    @subject = "Sats received"
    mail to: @user.email, subject: @subject
  end
 end
--- a/app/models/donation.rb
+++ b/app/models/donation.rb
@@ -3,9 +3,7 @@ class Donation < ApplicationRecord
  belongs_to :user
  # Validations
  validates_presence_of :user
  validates_presence_of :amount_sats
  validates_presence_of :paid_at
  # Hooks
  # TODO before_create :store_fiat_value
--- a/app/models/invitation.rb
+++ b/app/models/invitation.rb
@@ -1,7 +1,6 @@
 class Invitation < ApplicationRecord
  # Relations
  belongs_to :user
  belongs_to :invitee, class_name: "User", foreign_key: 'invited_user_id', optional: true
  # Validations
  validates_presence_of :user
--- a/app/models/lndhub_account.rb
+++ b/app/models/lndhub_account.rb
@@ -1,21 +0,0 @@
 class LndhubAccount < LndhubBase
  self.table_name = "accounts"
  self.inheritance_column = :_type_disabled
  has_many :ledgers, class_name: "LndhubAccountLedger",
                     foreign_key: "account_id"
  belongs_to :user, class_name: "LndhubUser",
                    foreign_key: "user_id"
  scope :current,  -> { where(type: "current") }
  scope :outgoing, -> { where(type: "outgoing") }
  scope :incoming, -> { where(type: "incoming") }
  scope :fees,     -> { where(type: "fees") }
  scope :with_balances, -> {
    current.joins(:user).joins(:ledgers)
      .group("accounts.id", "users.login")
      .select("accounts.id, users.login, SUM(account_ledgers.amount) AS balance")
  }
 end
--- a/app/models/lndhub_account_ledger.rb
+++ b/app/models/lndhub_account_ledger.rb
@@ -1,3 +0,0 @@
 class LndhubAccountLedger < LndhubBase
  self.table_name = "account_ledgers"
 end
--- a/app/models/lndhub_base.rb
+++ b/app/models/lndhub_base.rb
@@ -1,4 +0,0 @@
 class LndhubBase < ActiveRecord::Base
  self.abstract_class = true
  establish_connection :lndhub
 end
--- a/app/models/lndhub_user.rb
+++ b/app/models/lndhub_user.rb
@@ -1,27 +0,0 @@
 class LndhubUser < LndhubBase
  self.table_name = "users"
  self.inheritance_column = :_type_disabled
  has_many :accounts, class_name: "LndhubAccount",
                      foreign_key: "user_id"
  belongs_to :user, class_name: "User",
                    primary_key: "ln_account",
                    foreign_key: "login"
  def balance
    accounts.current.first.ledgers.sum("account_ledgers.amount").to_i.abs
  end
  def sum_outgoing
    accounts.outgoing.first.ledgers.sum("account_ledgers.amount").to_i.abs
  end
  def sum_incoming
    accounts.incoming.first.ledgers.sum("account_ledgers.amount").to_i.abs
  end
  def sum_fees
    accounts.fees.first.ledgers.sum("account_ledgers.amount").to_i.abs
  end
 end
--- a/app/models/setting.rb
+++ b/app/models/setting.rb
@@ -1,133 +0,0 @@
 # RailsSettings Model
 class Setting < RailsSettings::Base
  cache_prefix { "v1" }
  field :primary_domain, type: :string,
    default: ENV["PRIMARY_DOMAIN"].presence
  field :accounts_domain, type: :string,
    default: ENV["AKKOUNTS_DOMAIN"].presence
  #
  # Internal services
  #
  field :redis_url, type: :string, readonly: true,
    default: ENV["REDIS_URL"] || "redis://localhost:6379/0"
  #
  # Registrations
  #
  field :reserved_usernames, type: :array, default: %w[
    account accounts donations mail webmaster support
  ]
  #
  # XMPP
  #
  field :xmpp_default_rooms, type: :array, default: []
  field :xmpp_autojoin_default_rooms, type: :boolean, default: false
  #
  # Sentry
  #
  field :sentry_enabled, type: :boolean, readonly: true,
    default: (ENV["SENTRY_DSN"].present?.to_s || false)
  #
  # Discourse
  #
  field :discourse_public_url, type: :string, readonly: true,
    default: ENV["DISCOURSE_PUBLIC_URL"].presence
  field :discourse_enabled, type: :boolean,
    default: (ENV["DISCOURSE_PUBLIC_URL"].present?.to_s || false)
  field :discourse_connect_secret, type: :string, readonly: true,
    default: ENV["DISCOURSE_CONNECT_SECRET"].presence
  #
  # ejabberd
  #
  field :ejabberd_enabled, type: :boolean,
    default: (ENV["EJABBERD_API_URL"].present?.to_s || false)
  field :ejabberd_api_url, type: :string, readonly: true,
    default: ENV["EJABBERD_API_URL"].presence
  field :ejabberd_admin_url, type: :string, readonly: true,
    default: ENV["EJABBERD_ADMIN_URL"].presence
  field :ejabberd_buddy_roster, type: :string,
    default: "Buddies"
  #
  # Gitea
  #
  field :gitea_public_url, type: :string, readonly: true,
    default: ENV["GITEA_PUBLIC_URL"].presence
  field :gitea_enabled, type: :boolean,
    default: (ENV["GITEA_PUBLIC_URL"].present?.to_s || false)
  #
  # Lightning Network
  #
  field :lndhub_api_url, type: :string, readonly: true,
    default: ENV["LNDHUB_API_URL"].presence
  field :lndhub_enabled, type: :boolean,
    default: (ENV["LNDHUB_API_URL"].present?.to_s || false)
  field :lndhub_admin_enabled, type: :boolean,
    default: (ENV["LNDHUB_ADMIN_UI"] || false)
  field :lndhub_public_key, type: :string, readonly: true,
    default: (ENV["LNDHUB_PUBLIC_KEY"] || "")
  field :lndhub_keysend_enabled, type: :boolean,
    default: -> { self.lndhub_public_key.present?.to_s || false }
  #
  # Mastodon
  #
  field :mastodon_public_url, type: :string, readonly: true,
    default: ENV["MASTODON_PUBLIC_URL"].presence
  field :mastodon_enabled, type: :boolean,
    default: (ENV["MASTODON_PUBLIC_URL"].present?.to_s || false)
  #
  # MediaWiki
  #
  field :mediawiki_public_url, type: :string, readonly: true,
    default: ENV["MEDIAWIKI_PUBLIC_URL"].presence
  field :mediawiki_enabled, type: :boolean,
    default: (ENV["MEDIAWIKI_PUBLIC_URL"].present?.to_s || false)
  #
  # Nostr
  #
  field :nostr_enabled, type: :boolean, default: true
  #
  # RemoteStorage
  #
  field :remotestorage_enabled, type: :boolean,
    default: (ENV["RS_STORAGE_URL"].present?.to_s || false)
  field :rs_storage_url, type: :string,
    default: ENV["RS_STORAGE_URL"].presence
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1,63 +1,30 @@
 class User < ApplicationRecord
  include EmailValidatable
  attr_accessor :display_name
  serialize :preferences, UserPreferences
  # Relations
  has_many :invitations, dependent: :destroy
  has_one  :invitation, inverse_of: :invitee, foreign_key: 'invited_user_id'
  has_one  :inviter, through: :invitation, source: :user
  has_many :invitees, through: :invitations
  has_many :donations, dependent: :nullify
-  has_one  :lndhub_user, class_name: "LndhubUser", inverse_of: "user",
+  validates_uniqueness_of :cn
-                         primary_key: "ln_account", foreign_key: "login"
+  validates_length_of :cn, :minimum => 3
  has_many :accounts, through: :lndhub_user
  validates_uniqueness_of :cn, scope: :ou
  validates_length_of :cn, minimum: 3
  validates_format_of :cn, with: /\A([a-z0-9\-])*\z/,
                           if: Proc.new{ |u| u.cn.present? },
                           message: "is invalid. Please use only letters, numbers and -"
  validates_format_of :cn, without: /\A-/,
                           if: Proc.new{ |u| u.cn.present? },
                           message: "is invalid. Usernames need to start with a letter."
  # FIXME This needs a server restart to apply values
  validates_format_of :cn, without: /\A(#{Setting.reserved_usernames.join('|')})\z/i,
                           message: "has already been taken"
  validates_uniqueness_of :email
  validates :email, email: true
-  validates_length_of :display_name, minimum: 3, maximum: 35, allow_blank: true,
+  lockbox_encrypts :ln_login
-                                     if: -> { defined?(@display_name) }
+  lockbox_encrypts :ln_password
  validates_uniqueness_of :nostr_pubkey, allow_blank: true
  scope :confirmed,  -> { where.not(confirmed_at: nil) }
  scope :pending,    -> { where(confirmed_at: nil) }
  scope :all_except, -> (user) { where.not(id: user) }
  has_encrypted :ln_login, :ln_password
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
  devise :ldap_authenticatable,
         :confirmable,
         :recoverable,
-         :validatable,
+         :validatable
         :timeoutable,
         :rememberable
  def ldap_before_save
    self.email = Devise::LDAP::Adapter.get_ldap_param(self.cn, "mail").first
-    self.ou    = dn.split(',')
+
-                   .select{|e| e[0..1] == "ou"}.first
+    dn = Devise::LDAP::Adapter.get_ldap_param(self.cn, "dn")
-                   .delete_prefix("ou=")
+    self.ou = dn.split(',').select{|e| e[0..1] == "ou"}.first.delete_prefix("ou=")
    if self.confirmed_at.blank? && self.confirmation_token.blank?
      # User had an account with a trusted email address before akkounts was a thing
@@ -65,33 +32,11 @@ class User < ApplicationRecord
    end
  end
  def devise_after_confirmation
    if ldap_entry[:mail] != self.email
      # E-Mail update confirmed
      LdapManager::UpdateEmail.call(self.dn, self.email)
    else
      # E-Mail from signup confirmed (i.e. account activation)
      enable_service %w[ discourse gitea mediawiki xmpp ]
      #TODO enable in development when we have easy setup of ejabberd etc.
      return if Rails.env.development? || !Setting.ejabberd_enabled?
      XmppExchangeContactsJob.perform_later(inviter, self) if inviter.present?
      XmppSetDefaultBookmarksJob.perform_later(self)
    end
  end
  def send_devise_notification(notification, *args)
    devise_mailer.send(notification, self, *args).deliver_later
  end
  def reset_password(new_password, new_password_confirmation)
-    self.password = new_password
+    if new_password == new_password_confirmation && ::Devise.ldap_update_password
-    self.password_confirmation = new_password_confirmation
+      Devise::LDAP::Adapter.update_password(login_with, new_password)
-    return false unless valid?
+    end
-
+    clear_reset_password_token if valid?
    Devise::LDAP::Adapter.update_password(login_with, new_password)
    clear_reset_password_token
    save
  end
@@ -117,47 +62,4 @@ class User < ApplicationRecord
    lndhub.authenticate self
    lndhub.addinvoice payload
  end
  def dn
    return @dn if defined?(@dn)
    @dn = Devise::LDAP::Adapter.get_dn(self.cn)
  end
  def ldap_entry(reload: false)
    return @ldap_entry if defined?(@ldap_entry) && !reload
    @ldap_entry = ldap.fetch_users(uid: self.cn, ou: self.ou).first
  end
  def display_name
    @display_name ||= ldap_entry[:display_name]
  end
  def services_enabled
    ldap_entry[:service] || []
  end
  def enable_service(service)
    current_services = services_enabled
    new_services = Array(service).map(&:to_s)
    services = (current_services + new_services).uniq
    ldap.replace_attribute(dn, :service, services)
  end
  def disable_service(service)
    current_services = services_enabled
    disabled_services = Array(service).map(&:to_s)
    services = (current_services - disabled_services).uniq
    ldap.replace_attribute(dn, :service, services)
  end
  def disable_all_services
    ldap.delete_attribute(dn,:service)
  end
  private
    def ldap
      return @ldap_service if defined?(@ldap_service)
      @ldap_service = LdapService.new
    end
 end
--- a/app/models/user_preferences.rb
+++ b/app/models/user_preferences.rb
@@ -1,29 +0,0 @@
 DEFAULT_PREFS = YAML.load_file("#{Rails.root}/config/default_preferences.yml")
 class UserPreferences
  def self.dump(value)
    process(value).to_yaml
  end
  def self.load(string)
    stored_prefs = YAML.load(string || "{}")
    DEFAULT_PREFS.merge(stored_prefs).with_indifferent_access
  end
  def self.is_integer?(value)
    value.to_i.to_s == value
  end
  def self.process(hash)
    hash.each do |key, value|
      if value == "true"
        hash[key] = true
      elsif value == "false"
        hash[key] = false
      elsif value.is_a?(String) && is_integer?(value)
        hash[key] = value.to_i
      end
    end
    hash.stringify_keys!.to_h
  end
 end
--- a/app/services/create_account.rb
+++ b/app/services/create_account.rb
@@ -1,7 +1,7 @@
 class CreateAccount < ApplicationService
  def initialize(args)
    @username   = args[:username]
-    @domain     = args[:ou] || Setting.primary_domain
+    @domain     = args[:ou] || "kosmos.org"
    @email      = args[:email]
    @password   = args[:password]
    @invitation = args[:invitation]
@@ -11,10 +11,11 @@ class CreateAccount < ApplicationService
  def call
    user = create_user_in_database
    add_ldap_document
-    create_lndhub_account(user) if Setting.lndhub_enabled
+    create_lndhub_wallet(user)
    if @invitation.present?
      update_invitation(user.id)
      exchange_xmpp_contacts
    end
  end
@@ -42,9 +43,15 @@ class CreateAccount < ApplicationService
    CreateLdapUserJob.perform_later(@username, @domain, @email, hashed_pw)
  end
-  def create_lndhub_account(user)
+  def exchange_xmpp_contacts
    #TODO enable in development when we have easy setup of ejabberd etc.
    return if Rails.env.development?
    ExchangeXmppContactsJob.perform_later(@invitation.user, @username, @domain)
  end
  def create_lndhub_wallet(user)
    #TODO enable in development when we have a local lndhub (mock?) API
    return if Rails.env.development?
-    CreateLndhubAccountJob.perform_later(user)
+    CreateLndhubWalletJob.perform_later(user)
  end
 end
--- a/app/services/ejabberd_api_client.rb
+++ b/app/services/ejabberd_api_client.rb
@@ -1,6 +1,6 @@
 class EjabberdApiClient
  def initialize
-    @base_url = Setting.ejabberd_api_url
+    @base_url = ENV["EJABBERD_API_URL"]
  end
  def post(endpoint, payload)
@@ -10,20 +10,11 @@ class EjabberdApiClient
    if res.status != 200
      Rails.logger.error "[ejabberd] API request failed:"
      Rails.logger.error res.body
-      #TODO Send custom event to Sentry
+      #TODO add some kind of exception tracking/notifications
    end
  end
  def add_rosteritem(payload)
    post "add_rosteritem", payload
  end
  def send_message(payload)
    post "send_message", payload
  end
  def private_set(user, content)
    payload = { user: user.cn, host: user.ou, element: content }
    post "private_set", payload
  end
 end
--- a/app/services/ldap_manager/update_display_name.rb
+++ b/app/services/ldap_manager/update_display_name.rb
@@ -1,12 +0,0 @@
 module LdapManager
  class UpdateDisplayName < LdapManagerService
    def initialize(dn, display_name)
      @dn = dn
      @display_name = display_name
    end
    def call
      replace_attribute @dn, :displayName, @display_name
    end
  end
 end
--- a/app/services/ldap_manager/update_email.rb
+++ b/app/services/ldap_manager/update_email.rb
@@ -1,12 +0,0 @@
 module LdapManager
  class UpdateEmail < LdapManagerService
    def initialize(dn, address)
      @dn = dn
      @address = address
    end
    def call
      replace_attribute @dn, :mail, @address
    end
  end
 end
--- a/app/services/ldap_manager_service.rb
+++ b/app/services/ldap_manager_service.rb
@@ -1,2 +0,0 @@
 class LdapManagerService < LdapService
 end
--- a/app/services/ldap_service.rb
+++ b/app/services/ldap_service.rb
@@ -3,18 +3,6 @@ class LdapService < ApplicationService
    @suffix = ENV["LDAP_SUFFIX"] || "dc=kosmos,dc=org"
  end
  def add_attribute(dn, attr, values)
    ldap_client.add_attribute dn, attr, values
  end
  def replace_attribute(dn, attr, values)
    ldap_client.replace_attribute dn, attr, values
  end
  def delete_attribute(dn, attr)
    ldap_client.delete_attribute dn, attr
  end
  def add_entry(dn, attrs, interactive=false)
    puts "Adding entry: #{dn}" if interactive
    res = ldap_client.add dn: dn, attributes: attrs
@@ -22,6 +10,10 @@ class LdapService < ApplicationService
    res
  end
  def add_attribute(dn, attr, value)
    ldap_client.add_attribute dn, attr, value
  end
  def delete_entry(dn, interactive=false)
    puts "Deleting entry: #{dn}" if interactive
    res = ldap_client.delete dn: dn
@@ -50,18 +42,18 @@ class LdapService < ApplicationService
      treebase = ldap_config["base"]
    end
-    attributes = %w{dn cn uid mail displayName admin service}
+    attributes = %w{dn cn uid mail admin}
-    filter     = Net::LDAP::Filter.eq("uid", args[:uid] || "*")
+    filter     = Net::LDAP::Filter.eq("uid", "*")
    entries = ldap_client.search(base: treebase, filter: filter, attributes: attributes)
    entries.sort_by! { |e| e.cn[0] }
    entries = entries.collect do |e|
      {
        uid: e.uid.first,
        mail: e.try(:mail) ? e.mail.first : nil,
-        display_name: e.try(:displayName) ? e.displayName.first : nil,
+        admin: e.try(:admin) ? 'admin' : nil
-        admin: e.try(:admin) ? 'admin' : nil,
+        # password: e.userpassword.first
        service: e.try(:service)
      }
    end
  end
@@ -139,4 +131,5 @@ class LdapService < ApplicationService
  def ldap_config
    ldap_config ||= YAML.load(ERB.new(File.read("#{Rails.root}/config/ldap.yml")).result)[Rails.env]
  end
 end
--- a/app/services/lndhub.rb
+++ b/app/services/lndhub.rb
@@ -12,7 +12,12 @@ class Lndhub
    end
    res = Faraday.post "#{@base_url}/#{endpoint}", payload.to_json, headers
-    log_error(res) if res.status != 200
+
    if res.status != 200
      Rails.logger.error "[lndhub] API request failed:"
      Rails.logger.error res.body
      #TODO add some kind of exception tracking/notifications
    end
    JSON.parse(res.body)
  end
@@ -23,13 +28,8 @@ class Lndhub
      "Accept" => "application/json",
      "Authorization" => "Bearer #{auth_token}"
    })
    data = JSON.parse(res.body)
-    if data.is_a?(Hash) && data["error"] && data["message"] == "bad auth"
+    JSON.parse(res.body)
      raise AuthError
    else
      data
    end
  end
  def create(payload)
@@ -37,20 +37,20 @@ class Lndhub
  end
  def authenticate(user)
-    credentials = post "auth?type=auth", { login: user.ln_account, password: user.ln_password }
+    credentials = post "auth?type=auth", { login: user.ln_login, password: user.ln_password }
    self.auth_token = credentials["access_token"]
    self.auth_token
  end
-  def balance(user_token=nil)
+  def balance(user_token)
    get "balance", user_token || auth_token
  end
-  def gettxs(user_token=nil)
+  def gettxs(user_token)
    get "gettxs", user_token || auth_token
  end
-  def getuserinvoices(user_token=nil)
+  def getuserinvoices(user_token)
    get "getuserinvoices", user_token || auth_token
  end
@@ -63,13 +63,4 @@ class Lndhub
    invoice["payment_request"]
  end
  def log_error(res)
    Rails.logger.error "[lndhub] API request failed:"
    Rails.logger.error res.body
    if Setting.sentry_enabled?
      Sentry.capture_message("Lndhub API request failed: #{res.body}")
    end
  end
 end
--- a/app/services/lndhub_v2.rb
+++ b/app/services/lndhub_v2.rb
@@ -1,25 +0,0 @@
 class LndhubV2 < Lndhub
  def post(endpoint, payload, options={})
    headers = { "Content-Type" => "application/json" }
    if auth_token
      headers.merge!({ "Authorization" => "Bearer #{auth_token}" })
    elsif options[:admin_token]
      headers.merge!({ "Authorization" => "Bearer #{options[:admin_token]}" })
    end
    res = Faraday.post "#{@base_url}/#{endpoint}", payload.to_json, headers
    log_error(res) if res.status != 200
    JSON.parse(res.body)
  end
  def create_account(payload={})
    post "v2/users", payload, admin_token: Rails.application.credentials.lndhub[:admin_token]
  end
  def create_invoice(payload)
    # Payload: { amount: 1000, description: "", description_hash: "" }
    post "v2/invoices", payload
  end
 end
--- a/app/services/nostr_manager/validate_id.rb
+++ b/app/services/nostr_manager/validate_id.rb
@@ -1,11 +0,0 @@
 module NostrManager
  class ValidateId < NostrManagerService
    def initialize(event)
      @event = Nostr::Event.new(**event)
    end
    def call
      @event.id == Digest::SHA256.hexdigest(JSON.generate(@event.serialize))
    end
  end
 end
--- a/app/services/nostr_manager/verify_signature.rb
+++ b/app/services/nostr_manager/verify_signature.rb
@@ -1,17 +0,0 @@
 module NostrManager
  class VerifySignature < NostrManagerService
    def initialize(event)
      @event = Nostr::Event.new(**event)
    end
    def call
      Schnorr.check_sig!(
        [@event.id].pack('H*'),
        [@event.pubkey].pack('H*'),
        [@event.sig].pack('H*')
      )
    rescue Schnorr::InvalidSignatureError
      false
    end
  end
 end
--- a/app/services/nostr_manager_service.rb
+++ b/app/services/nostr_manager_service.rb
@@ -1,4 +0,0 @@
 require "nostr"
 class NostrManagerService < ApplicationService
 end
--- a/app/views/admin/dashboard/index.html.erb
+++ b/app/views/admin/dashboard/index.html.erb
@@ -1,12 +1,7 @@
 <%= render HeaderComponent.new(title: "Admin Panel") %>
 <%= render MainSimpleComponent.new do %>
-  <div class="text-center">
+  <p class="text-center">
-    <p class="my-12 inline-flex align-center items-center">
+    With great power comes great responsibility.
-      <%= image_tag("/img/illustrations/undraw_vault_re_s4my.svg", class: 'h-48') %>
+  </p>
    </p>
    <p class="text-gray-500">
      With great power comes great responsibility.
    </p>
  </div>
 <% end %>
--- a/app/views/admin/donations/_form.html.erb
+++ b/app/views/admin/donations/_form.html.erb
@@ -1,41 +1,58 @@
 <%= form_with(url: url, model: donation, local: true) do |form| %>
  <% if donation.errors.any? %>
-    <section id="error_explanation">
+    <div id="error_explanation">
      <h3><%= pluralize(donation.errors.count, "error") %> prohibited this donation from being saved:</h3>
-      <ul class="list-disc list-inside">
+      <ul>
        <% donation.errors.full_messages.each do |message| %>
          <li><%= message %></li>
        <% end %>
      </ul>
-    </section>
+    </div>
  <% end %>
-  <section class="sm:w-1/2 grid grid-cols-2 items-center gap-y-2">
+  <div class="field">
-    <%= form.label :user_id %>
+    <p>
-    <%= form.collection_select :user_id, User.where(ou: Setting.primary_domain).order(:cn), :id, :cn, {} %>
+      <%= form.label :user_id %>
-
+      <%= form.collection_select :user_id, User.where(ou: "kosmos.org").order(:cn), :id, :cn %>
    <%= form.label :amount_sats, "Amount BTC (sats)" %>
    <%= form.number_field :amount_sats %>
    <%= form.label :amount_eur, "Amount EUR (cents)" %>
    <%= form.number_field :amount_eur %>
    <%= form.label :amount_usd, "Amount USD (cents)"%>
    <%= form.number_field :amount_usd %>
    <%= form.label :public_name %>
    <%= form.text_field :public_name %>
    <%= form.label :paid_at %>
    <%= form.text_field :paid_at %>
  </section>
  <section>
    <p class="pt-6 border-t border-gray-200 text-right">
      <%= link_to 'Cancel',
            @donation.id.present? ? admin_donation_path(@donation) : admin_donations_path,
            class: 'btn-md btn-gray' %>
      <%= form.submit class: 'ml-2 btn-md btn-blue' %>
    </p>
-  </section>
+  </div>
  <div class="field">
    <p>
      <%= form.label :amount_sats, "Amount BTC (sats)" %>
      <%= form.number_field :amount_sats %>
    </p>
  </div>
  <div class="field">
    <p>
      <%= form.label :amount_eur, "Amount EUR (cents)" %>
      <%= form.number_field :amount_eur %>
    </p>
  </div>
  <div class="field">
    <p>
      <%= form.label :amount_usd, "Amount USD (cents)"%>
      <%= form.number_field :amount_usd %>
    </p>
  </div>
  <div class="field">
    <p>
      <%= form.label :public_name %>
      <%= form.text_field :public_name %>
    </p>
  </div>
  <div class="field">
    <p>
      <%= form.label :paid_at %>
      <%= form.text_field :paid_at %>
    </p>
  </div>
  <p class="mt-8">
    <%= form.submit class: 'btn-md btn-blue' %>
  </p>
 <% end %>
--- a/app/views/admin/donations/edit.html.erb
+++ b/app/views/admin/donations/edit.html.erb
@@ -1,5 +1,12 @@
-<%= render HeaderComponent.new(title: "Donation ##{@donation.id}") %>
+<%= render HeaderComponent.new(title: "Donations") %>
 <%= render MainSimpleComponent.new do %>
  <h2>Editing Donation</h2>
  <%= render 'form', donation: @donation, url: admin_donation_path(@donation) %>
  <p class="mt-8">
    <%= link_to 'Show', admin_donation_path(@donation), class: 'ks-text-link' %> |
    <%= link_to 'Back', admin_donations_path, class: 'ks-text-link' %>
  <p>
 <% end %>
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Râu Cao	7f5b8c22b7	Make empty donations page prettier Some checks failed continuous-integration/drone/pr Build is failing Details continuous-integration/drone/push Build is passing Details	2023-01-10 14:09:15 +08:00
Râu Cao	44ec856091	Make invitation page prettier when it's empty	2023-01-10 14:09:15 +08:00
Râu Cao	6ac9f68566	Add coming-soon note to disabled settings nav items	2023-01-10 14:09:15 +08:00
Râu Cao	69bd9dcf78	Allow to copy invitation URLs via button	2023-01-10 14:09:14 +08:00
Râu Cao	2c6e6caab6	Add more info about project contributions	2023-01-10 14:09:14 +08:00
Râu Cao	a551e8d2ef	Add Zeus to recommended wallet apps	2023-01-10 14:09:14 +08:00
Râu Cao	9166d887c4	Replace vanilla JS with new clipboard code	2023-01-10 14:09:14 +08:00
Râu Cao	d3313a202b	Add a clipboard controller and wire up the copy button	2023-01-10 14:09:13 +08:00
Râu Cao	029e6b011d	WIP Profile settings page Show the user's user address, and provide a button for copying it to the clipboard	2023-01-10 14:09:13 +08:00
Râu Cao	f1ef257c97	Rename settings page	2023-01-10 14:09:13 +08:00
Râu Cao	3f1c4f17a7	Add inviter and time to admin invitations list	2023-01-10 14:09:12 +08:00
Râu Cao	8c5852fefe	Fix devise not rendering errors as flash messages https://github.com/heartcombo/devise/issues/5446 closes #63	2023-01-10 14:09:12 +08:00
Râu Cao	317dba0b2d	Set a minimum height for content with sidenav	2023-01-10 14:09:12 +08:00
Râu Cao	ab08c9ecf5	Improve button style	2023-01-10 14:09:12 +08:00
Râu Cao	49dd7bd96d	Refactor settings routes and menu Use sub controllers/routes for the sections	2023-01-10 14:09:11 +08:00
Râu Cao	c650b73ff9	Fix web container start when offline	2023-01-10 14:09:11 +08:00
Râu Cao	ea6173c60f	Use tabnav component for wallet view	2023-01-10 14:09:11 +08:00
Râu Cao	cd46daa6ba	Wording	2023-01-10 14:09:11 +08:00
Râu Cao	df3f91e2d0	Change donations to contrbutions, add tabbed nav Introduces components for tabbed navigation and adds a tab menu and item for non-financial contributions to the donations/contributions page.	2023-01-10 14:09:11 +08:00
Râu Cao	7c4106d7a2	Use more appropriate icon in sidenav	2023-01-10 14:09:10 +08:00
Râu Cao	cb79884c53	Improve README, add quick start instructions	2023-01-10 14:09:10 +08:00
Râu Cao	9266fdcfc2	Remove pid dir from git	2023-01-10 14:09:10 +08:00
Râu Cao	b04d822586	Comment encryption option in admin ldap users controller Refactor to use the service later	2023-01-10 14:09:10 +08:00
Râu Cao	ba7b10fbc8	Add db/user seeds	2023-01-10 14:09:09 +08:00
Râu Cao	3b51670850	Rename ldap seed task to setup	2023-01-10 14:09:09 +08:00
Râu Cao	5b2a9e8c0c	Don't start phpldapadmin by default	2023-01-10 14:09:09 +08:00
Râu Cao	ae239d584f	Remove obsolete method	2023-01-10 14:09:09 +08:00
Râu Cao	e6d65ee582	Add flag for creating pre-confirmed users	2023-01-10 14:09:08 +08:00
Râu Cao	08b3ec499e	Define patch version for Ruby base image No need to re-download new images for every patch version	2023-01-10 14:09:08 +08:00
Râu Cao	6c17fbbbeb	Delete admin role manually on reset	2023-01-10 14:09:08 +08:00
Râu Cao	76877645ce	Add missing ACI and role to LDAP seeds	2023-01-10 14:09:08 +08:00
Râu Cao	7d143fabb8	Add note about resetting LDAP server	2023-01-10 14:09:07 +08:00
		`@@ -1,2 +0,0 @@`
			`class LdapManagerService < LdapService`
			`end`