Commit Graph

36 Commits

Author SHA1 Message Date
Guillim
4b5d096441
Fix of broken API Auth (#8338)
Fix done this morning with @FelixMalfait  from #8295

---------

Co-authored-by: guillim <guillaume@twenty.com>
Co-authored-by: Félix Malfait <felix@twenty.com>
2024-11-06 14:45:33 +01:00
ZiaCodes
57d9b8e8b4
feat: generate secret function and replaced few instances (#7810)
This PR fixes #4588

---------

Co-authored-by: Félix Malfait <felix@twenty.com>
Co-authored-by: Charles Bochet <charles@twenty.com>
2024-10-30 12:07:11 +01:00
Antoine Moreaux
0f0a7966b1
feat(sso): allow to use OIDC and SAML (#7246)
## What it does
### Backend
- [x] Add a mutation to create OIDC and SAML configuration
- [x] Add a mutation to delete an SSO config
- [x] Add a feature flag to toggle SSO
- [x] Add a mutation to activate/deactivate an SSO config
- [x] Add a mutation to delete an SSO config
- [x] Add strategy to use OIDC or SAML
- [ ] Improve error management

### Frontend
- [x] Add section "security" in settings
- [x] Add page to list SSO configurations
- [x] Add page and forms to create OIDC or SAML configuration
- [x] Add field to "connect with SSO" in the signin/signup process
- [x] Trigger auth when a user switch to a workspace with SSO enable
- [x] Add an option on the security page to activate/deactivate the
global invitation link
- [ ] Add new Icons for SSO Identity Providers (okta, Auth0, Azure,
Microsoft)

---------

Co-authored-by: Félix Malfait <felix@twenty.com>
Co-authored-by: Charles Bochet <charles@twenty.com>
2024-10-21 20:07:08 +02:00
Nabhag Motivaras
ac88840bf0
fix: redis url to not be optional anymore (#7850)
## Description

- `REDIS_URL` is required 

<img width="1903" alt="Redis Required"
src="https://github.com/user-attachments/assets/5b53a4a6-29f4-4473-b7e4-52489f75204e">

---- 

- Closes #7849

- Might be related #7768

--- 

- Wasn't gracefully reseting database

``` 
   npx nx database:reset twenty-server
```
2024-10-19 17:22:47 +02:00
Thomas Mol
ba2ee0da72
Refactor Redis connections to use Redis URL - closes #7421 (#7736)
Closes #7421

This pull request consolidates Redis connection parameters into a single
`REDIS_URL` environment variable across various configuration files and
code modules. The most important changes include updates to environment
variable files, Docker and Kubernetes configurations, and code modules
to utilize the new `REDIS_URL` format.

### Environment Variable Updates:
*
[`packages/twenty-docker/.env.example`](diffhunk://#diff-f4b5e7acc0dde630eafb2228390ca56bd56db0d183582be6433a9ee808088a4cL8-R8):
Replaced `REDIS_HOST` and `REDIS_PORT` with `REDIS_URL`.
*
[`packages/twenty-server/.env.example`](diffhunk://#diff-c06e244338b33286ea90221635809785352a971de53f647ea65650124ae74ad2L53-R53):
Replaced `REDIS_HOST`, `REDIS_PORT`, `REDIS_USERNAME`, and
`REDIS_PASSWORD` with `REDIS_URL`.
*
[`packages/twenty-server/.env.test`](diffhunk://#diff-def44a08e699c9deca2f72c9f87951de5d33d9ccf5621eab2f34978df8ad0954L16-R16):
Replaced `REDIS_HOST`, `REDIS_PORT`, `REDIS_USERNAME`, and
`REDIS_PASSWORD` with `REDIS_URL`.

### Docker and Kubernetes Configuration Updates:
*
[`packages/twenty-docker/docker-compose.yml`](diffhunk://#diff-545fb51ad66f93f727bb8f8b375dc6858b33348d91d5e51ad931fb0bbc1affeeL28-R28):
Replaced `REDIS_HOST` and `REDIS_PORT` with `REDIS_URL` in multiple
service definitions.
[[1]](diffhunk://#diff-545fb51ad66f93f727bb8f8b375dc6858b33348d91d5e51ad931fb0bbc1affeeL28-R28)
[[2]](diffhunk://#diff-545fb51ad66f93f727bb8f8b375dc6858b33348d91d5e51ad931fb0bbc1affeeL62-R61)
*
[`packages/twenty-docker/k8s/manifests/deployment-server.yaml`](diffhunk://#diff-91623ed4e8b2088947cfa9a5dad76b6013e8db0c150d84347a215fa9ad78bf04L44-R45):
Replaced `REDIS_HOST` and `REDIS_PORT` with `REDIS_URL`.
*
[`packages/twenty-docker/k8s/manifests/deployment-worker.yaml`](diffhunk://#diff-8532debd131ce168a2527fa6a9be6405792178576ee47e2eef0cd9f3ff4a8f8cL43-R44):
Replaced `REDIS_HOST` and `REDIS_PORT` with `REDIS_URL`.
*
[`packages/twenty-docker/k8s/terraform/deployment-server.tf`](diffhunk://#diff-b4c468660ab00bd03589d0d47502c477ca83f7d876ff196534880b02ba46dce0L64-R65):
Replaced `REDIS_HOST` and `REDIS_PORT` with `REDIS_URL`.
*
[`packages/twenty-docker/k8s/terraform/deployment-worker.tf`](diffhunk://#diff-e5d6a1f68d5391e2120aef6261f22f905aa1ce0a567e31b21a27d44f313eaecaL62-R63):
Replaced `REDIS_HOST` and `REDIS_PORT` with `REDIS_URL`.

### Code Module Updates:
*
[`packages/twenty-server/src/engine/core-modules/cache-storage/cache-storage.module-factory.ts`](diffhunk://#diff-06e787a7c8a48022d5909b5df9b8c6ca192521cf32f51d7f561cee937bed6678L23-R35):
Replaced `REDIS_HOST` and `REDIS_PORT` with `REDIS_URL`.
*
[`packages/twenty-server/src/engine/core-modules/environment/environment-variables.ts`](diffhunk://#diff-26ce615693b053eda02aa48aa2e30400381a2588dcb08d4a9dc3b0bf5bdd6fe7L378-R384):
Added validation for `REDIS_URL`.
*
[`packages/twenty-server/src/engine/core-modules/message-queue/message-queue.module-factory.ts`](diffhunk://#diff-7bd644d28bdd86c159c1d71242753df5d5acd91c73c6e60b2e35caa53ed3836bR6):
Replaced `REDIS_HOST`, `REDIS_PORT`, `REDIS_USERNAME`, and
`REDIS_PASSWORD` with `REDIS_URL`.
[[1]](diffhunk://#diff-7bd644d28bdd86c159c1d71242753df5d5acd91c73c6e60b2e35caa53ed3836bR6)
[[2]](diffhunk://#diff-7bd644d28bdd86c159c1d71242753df5d5acd91c73c6e60b2e35caa53ed3836bL35-R41)

### Documentation Updates:
*
[`packages/twenty-website/src/content/developers/self-hosting/self-hosting-var.mdx`](diffhunk://#diff-c4cc78a3ce18b6edb10f1aee8990271e1d2796a8c06c1c6ae3b68db8d52278a3L37-R37):
Updated documentation to reflect the change to `REDIS_URL`.
*
[`packages/twenty-website/src/content/developers/self-hosting/upgrade-guide.mdx`](diffhunk://#diff-c7d757829f6128e1f47aa1955bde561292dce558280511fab66281afa99042a5R102-R112):
Added upgrade instructions for the new `REDIS_URL` variable.

---------

Co-authored-by: Weiko <corentin@twenty.com>
Co-authored-by: Charles Bochet <charles@twenty.com>
2024-10-16 17:17:44 +02:00
PB Borel
0c2657eea6
fix(6423): add username and password for redis connection (#6745)
Co-authored-by: pbb <pierre-bertrand.borel_ext@michelin.com>
2024-09-04 16:56:37 +02:00
martmull
47ddc7be83
6181 workflows create a custom code executor (#6235)
Closes #6181

## Testing
- download Altair graphql dev tool https://altairgraphql.dev/#download
- create a file locally `test.ts` containing:
```
export const handler = async (event: object, context: object) => {
  return { test: 'toto', data: event['data'] };
}
```
- play those requests in Altair:
mutation UpsertFunction($file: Upload!) {
  upsertFunction(name: "toto", file: $file)
}

mutation ExecFunction {
  executeFunction(name:"toto", payload: {data: "titi"})
}
- it will run the local driver, add those env variable to test with
lambda driver
```
CUSTOM_CODE_ENGINE_DRIVER_TYPE=lambda
LAMBDA_REGION=eu-west-2
LAMBDA_ROLE=<ASK_ME>
```
2024-07-17 17:53:01 +02:00
ad-elias
4c642a0bb8
Text-to-SQL proof of concept (#5788)
Added:
- An "Ask AI" command to the command menu.
- A simple GraphQL resolver that converts the user's question into a
relevant SQL query using an LLM, runs the query, and returns the result.

<img width="428" alt="Screenshot 2024-06-09 at 20 53 09"
src="https://github.com/twentyhq/twenty/assets/171685816/57127f37-d4a6-498d-b253-733ffa0d209f">

No security concerns have been addressed, this is only a
proof-of-concept and not intended to be enabled in production.

All changes are behind a feature flag called `IS_ASK_AI_ENABLED`.

---------

Co-authored-by: Félix Malfait <felix.malfait@gmail.com>
2024-07-04 08:57:26 +02:00
Weiko
1eb9c582f3
Rename mutation maximum affected records (#6042)
As per my last comment on https://github.com/twentyhq/twenty/pull/6039,
we decided to rename this var
2024-06-26 18:00:25 +02:00
martmull
e9d3ed99ca
5078 ability to invite team members (#5750)
## Added features
- update team member setting page
- add a section to send invitation by email
- add a new invitation email
- update email font to 'Trebuchet MS' as Google Inter font is not
working, we need to use a web safe font
https://templates.mailchimp.com/design/typography/

## Demo

https://github.com/twentyhq/twenty/assets/29927851/c731d883-1599-4281-87e3-0671f36994ae

## Invitation Email

![image](https://github.com/twentyhq/twenty/assets/29927851/d569fc64-fa0c-4769-a3dd-1193a12b495c)
2024-06-05 16:35:14 +02:00
Aditya Pimpalkar
a12c1aad5e
fix: user has to login every time chrome sidepanel is opened (#5544)
We can pass the auth tokens to our front app via post message, which
will also allow us to pass route names to navigate on it
2024-05-30 12:58:45 +02:00
Félix Malfait
4907ae5a74
Improve docs (#5492)
Fix #4382 and remove useless pages to make docs more readable
2024-05-21 09:09:19 +02:00
Deepak Kumar
dc576d0818
GH-3546 Recaptcha on login form (#4626)
## Description

This PR adds recaptcha on login form. One can add any one of three
recaptcha vendor -
1. Google Recaptcha -
https://developers.google.com/recaptcha/docs/v3#programmatically_invoke_the_challenge
2. HCaptcha -
https://docs.hcaptcha.com/invisible#programmatically-invoke-the-challenge
3. Turnstile -
https://developers.cloudflare.com/turnstile/get-started/client-side-rendering/#execution-modes

### Issue
- #3546 

### Environment variables - 
1. `CAPTCHA_DRIVER` - `google-recaptcha` | `hcaptcha` | `turnstile`
2. `CAPTCHA_SITE_KEY` - site key
3. `CAPTCHA_SECRET_KEY` - secret key

### Engineering choices
1. If some of the above env variable provided, then, backend generates
an error -
<img width="990" alt="image"
src="https://github.com/twentyhq/twenty/assets/60139930/9fb00fab-9261-4ff3-b23e-2c2e06f1bf89">
    Please note that login/signup form will keep working as expected.
2. I'm using a Captcha guard that intercepts the request. If
"captchaToken" is present in the body and all env is set, then, the
captcha token is verified by backend through the service.
3. One can use this guard on any resolver to protect it by the captcha.
4. On frontend, two hooks `useGenerateCaptchaToken` and
`useInsertCaptchaScript` is created. `useInsertCaptchaScript` adds the
respective captcha JS script on frontend. `useGenerateCaptchaToken`
returns a function that one can use to trigger captcha token generation
programatically. This allows one to generate token keeping recaptcha
invisible.

### Note
This PR contains some changes in unrelated files like indentation,
spacing, inverted comma etc. I ran "yarn nx fmt:fix twenty-front" and
"yarn nx lint twenty-front -- --fix".

### Screenshots

<img width="869" alt="image"
src="https://github.com/twentyhq/twenty/assets/60139930/a75f5677-9b66-47f7-9730-4ec916073f8c">

---------

Co-authored-by: Félix Malfait <felix.malfait@gmail.com>
Co-authored-by: Charles Bochet <charles@twenty.com>
2024-04-25 23:52:28 +02:00
Quentin G
806666d909
feat: allow self signed certificates with postgres connections (#5143) 2024-04-25 15:29:07 +02:00
martmull
87a9ecee28
D gamer007/add microsoft oauth (#5103)
Need to create a new branch because original branch name is `main` and
we cannot push additional commits
Linked to https://github.com/twentyhq/twenty/pull/4718


![image](https://github.com/twentyhq/twenty/assets/29927851/52b220e7-770a-4ffe-b6e9-468605c2b8fa)

![image](https://github.com/twentyhq/twenty/assets/29927851/7a7a4737-f09f-4d9b-8962-5a9b8c71edc1)

---------

Co-authored-by: DGamer007 <prajapatidhruv266@gmail.com>
2024-04-24 14:56:02 +02:00
Aditya Pimpalkar
c63ee519ea
feat: oauth for chrome extension (#4870)
Previously we had to create a separate API key to give access to chrome
extension so we can make calls to the DB. This PR includes logic to
initiate a oauth flow with PKCE method which redirects to the
`Authorise` screen to give access to server tokens.

Implemented in this PR- 
1. make `redirectUrl` a non-nullable parameter 
2. Add `NODE_ENV` to environment variable service
3. new env variable `CHROME_EXTENSION_REDIRECT_URL` on server side
4. strict checks for redirectUrl
5. try catch blocks on utils db query methods
6. refactor Apollo Client to handle `unauthorized` condition
7. input field to enter server url (for self-hosting)
8. state to show user if its already connected
9. show error if oauth flow is cancelled by user

Follow up PR -
Renew token logic

---------

Co-authored-by: Félix Malfait <felix@twenty.com>
2024-04-24 11:45:16 +02:00
Quentin G
a6b38d76ce
fix: sentry init is using the wrong environment (#4940)
In the previous PR #4912 it seems that I forgot to pass the environment
on the backend.
Here is a quick fix!

I also added some "doc" in the the .env.example
2024-04-12 12:27:35 +02:00
bosiraphael
018b9efc2c
4743 use auth google apis callback url instead of messaging provider gmail callback url (#4838)
Closes #4743
2024-04-08 14:56:12 +02:00
Aditya Pimpalkar
0391bf65f2
feat: Oauth with PKCE (#4648)
* authorizeApp and exchangeAuthcode methods

* module rename

* import fix

* lint fix

* fix import
2024-03-27 21:18:07 +01:00
Darek Desu
22d17d855c
File token chores (#4664)
* Missing file token chores

* Make whole idea folder ignored
2024-03-26 13:42:09 +01:00
Jérémy M
e5c1309e8c
feat: wip server folder structure (#4573)
* feat: wip server folder structure

* fix: merge

* fix: wrong merge

* fix: remove unused file

* fix: comment

* fix: lint

* fix: merge

* fix: remove console.log

* fix: metadata graphql arguments broken
2024-03-20 16:23:46 +01:00
martmull
35d41e38c8
Set optional checkout.session.url (#4569)
* Set optional checkout.session.url

* Lint

* Edit .env.example

* Vale CI

---------

Co-authored-by: Félix Malfait <felix.malfait@gmail.com>
2024-03-20 07:04:07 +01:00
bosiraphael
3caf860848
4285 timebox create google calendar full sync (#4442)
* calendar module

* wip

* creating a folder for common files between calendar and messages

* wip

* wip

* wip

* wip

* update calendar search filter

* wip

* working on full sync service

* reorganizing folders

* adding repositories

* fix typo

* working on full-sync service

* Add calendarQueue to MessageQueue enum and update dependencies

* start transaction

* wip

* add save and update functions for event

* wip

* save events

* improving step by step

* add calendar scope

* fix nest modules imports

* renaming

* create calendar channel

* create job for google calendar full-sync

* call GoogleCalendarFullSyncJob after connected account creation

* ask for scope conditionnally

* fixes

* create channels conditionnally

* fix

* fixes

* fix FK bug

* filter out canceled events

* create save and update functions for calendarEventAttendee repository

* saving messageParticipants is working

* save calendarEventAttendees is working

* add calendarEvent cleaner

* calendar event cleaner is working

* working on updating attendees

* wip

* reintroducing google-gmail endpoint to ensure smooth deploy

* modify callbackURL

* modify front url

* changes to be able to merge

* put back feature flag

* fixes after PR comments

* add feature flag check

* remove unused modules

* separate delete connected account associated job data in two jobs

* fix error

* rename calendar_v3 as calendarV3

* Update packages/twenty-server/src/workspace/calendar-and-messaging/utils/valueStringForBatchRawQuery.util.ts

Co-authored-by: Jérémy M <jeremy.magrin@gmail.com>

* improve readability

* renaming to remove plural

* renaming to remove plural

* don't throw if no connected account is found

* use calendar queue

* modify usage of HttpService in fetch-by-batch

* modify valuesStringForBatchRawQuery to improve api and return flattened values

* fix auth module feature flag import

* fix getFlattenedValuesAndValuesStringForBatchRawQuery

---------

Co-authored-by: Jérémy M <jeremy.magrin@gmail.com>
2024-03-14 11:23:31 +01:00
AutoComput
aa7fa3acfa
Update .env.example (#4177)
* Update .env.example

this .env file will now work with the docker-compose example provided.

* Update .env.example

* Update doc and reset env example

---------

Co-authored-by: Thomas Trompette <thomast@twenty.com>
2024-03-04 17:17:40 +01:00
Jérémy M
44ac16c82e
fix: impact too many records (#3993)
* fix: impact too many records

* fix: change env name

* fix: remove env name from error
2024-02-16 11:17:37 +01:00
Brody Over
52bb33b566
Disable buffered logs (#3892)
* Update main.ts

* Update command.ts

* Update queue-worker.ts

* Enable users to disable log buffering

---------

Co-authored-by: Charles Bochet <charles@twenty.com>
2024-02-13 14:50:25 +01:00
Joe S
850eab8f8f
Add rate limiting in the server using built in Nest.js capability (#3566)
* Add rate limiting in the server using built in Nest.js capability

* Generatekey based on ip address when an http request is sent

* Update env var types to number for ttl and limit

* Remove unused env variables

* Use getRequest utility function

* fix: remove dist from path

* fix: adding .env variables

* fix: remove unused functions

* feat: throttler plugin

* Fix according to review

---------

Co-authored-by: Jérémy Magrin <jeremy.magrin@gmail.com>
Co-authored-by: Charles Bochet <charles@twenty.com>
2024-02-07 18:11:32 +01:00
Deepak Kumar
46f0eb522f
GH-3245 Change password from settings page (#3538)
* GH-3245 add passwordResetToken and passwordResetTokenExpiresAt column on user entity

* Add password reset token expiry delay env variable

* Add generatePasswordResetToken mutation resolver

* Update .env.sample file on server

* Add password reset token and expiry migration script

* Add validate password reset token query and a dummy password update (WIP) resolver

* Fix bug in password reset token generate

* add update password mutation

* Update name and add email password reset link

* Add change password UI on settings page

* Add reset password route on frontend

* Add reset password form UI

* sign in user on password reset

* format code

* make PASSWORD_RESET_TOKEN_EXPIRES_IN optional

* add email template for password reset

* Improve error message

* Rename methods and DTO to improve naming

* fix formatting of backend code

* Update change password component

* Update password reset via token component

* update graphql files

* spelling fix

* Make password-reset route authless on frontend

* show token generation wait time

* remove constant from .env.example

* Add PASSWORD_RESET_TOKEN_EXPIRES_IN in docs

* refactor emails module in reset password

* update Graphql generated file

* update email template of password reset

* add space between date and text

* update method name

* fix lint issues

* remove unused code, fix indentation, and email link color

* update test file for auth and token service

* Fix ci: build twenty-emails when running tests

---------

Co-authored-by: martmull <martmull@hotmail.fr>
2024-01-25 10:28:48 +01:00
martmull
b991790f62
Update clean inactive workspaces (#3600)
* Fix typo

* Add dry-run option in clean inactive workspaces

* Add logs

* Chunk workspace metadata

* Add BCC to clean workspace notification email

* Send workspace to delete ids in one email

* Update example

* Update function naming
2024-01-24 12:51:42 +01:00
martmull
49a9a2c2be
2252 build a script to cleanup inactive workspaces (#3307)
* Add cron to message queue interfaces

* Add command to launch cron job

* Add command to stop cron job

* Update clean inactive workspaces job

* Add react-email

* WIP

* Fix import error

* Rename services

* Update logging

* Update email template

* Update email template

* Add Base Email template

* Move to proper place

* Remove test files

* Update logo

* Add email theme

* Revert "Remove test files"

This reverts commit fe062dd051.

* Add email theme 2

* Revert "Revert "Remove test files""

This reverts commit 6c6471273a.

* Revert "Revert "Revert "Remove test files"""

This reverts commit f851333c24.

* Revert "Revert "Revert "Revert "Remove test files""""

This reverts commit 7838e19e88.

* Fix theme

* Reorganize files

* Update clean inactive workspaces job

* Use env variable to define inactive days

* Remove FROM variable

* Use feature flag

* Fix cron command

* Remove useless variable

* Reorganize files

* Refactor some code

* Update email template

* Update email object

* Remove verbose log

* Code review returns

* Code review returns

* Simplify handle

* Code review returns

* Review

---------

Co-authored-by: Charles Bochet <charles@twenty.com>
2024-01-13 12:03:41 +01:00
Arthur EICHELBERGER
c6ae480856
feat(signup): allow to block signup (#3209)
* feat(signup): allow to block signup

* feat(signup): update environment variable documentation

* test: update auth service tests

* feat(signup): prevent user from reaching out the sign up page

* Fix lint

* Fixes

---------

Co-authored-by: Charles Bochet <charles@twenty.com>
2024-01-11 11:48:14 +01:00
martmull
d2e8df52cf
Add doc link in env file (#3277) 2024-01-08 10:42:03 +01:00
martmull
ae5558d8b5
Add mail driver (#3205)
* Add node mailer packages

* Init mailer module

* Add logger transport

* Use env variable to get transport

* Revert "Add node mailer packages"

This reverts commit 3fb954f0ca.

* Add nodemailer

* Use driver pattern

* Use logger

* Fix yarn install

* Code review returns

* Add configuration examples for smtp

* Fix merge conflict

* Add missing packages

* Fix ci
2024-01-05 16:08:19 +01:00
Thaïs
a10f353a4c
feat: redirect to Plan Required page if subscription status is not active (#2981)
* feat: redirect to Plan Required page if subscription status is not active

Closes #2934

* feat: navigate to Plan Required in PageChangeEffect

* feat: add Twenty logo to Plan Required modal

* test: add Storybook story

* Fix lint

---------

Co-authored-by: Charles Bochet <charles@twenty.com>
2023-12-14 12:39:22 +01:00
Charles Bochet
8d53c63801
Fix docker install (#2925)
* Fix docker install

* Move back twenty-eslint-plugin to eslint-plugin-twenty

* fix: add bundled yarn

* Improve makeifle structure

* Update commands and doc

* Add pg_graphql binaries

* Fix

---------

Co-authored-by: Jérémy Magrin <jeremy.magrin@gmail.com>
2023-12-11 13:36:24 +01:00
Charles Bochet
5bdca9de6c
Migrate to a monorepo structure (#2909) 2023-12-10 18:10:54 +01:00