* GA integration settings
* trackingId -> measurementId
Hook up script
* Public page GA tracking
Correct layout of settings
* Remove multiple codepaths for loading GA measurementID, add missing db index
* Remove unneccessary changes, tsc
* test
* fix: server side error handling
* fix: push only unknown 500 errors to sentry
* fix: use in-house onerror in favor of errorHandling middleware
* fix: split error template into dev and prod envs
* fix: check Error instance
* fix: error routes in test env
* fix: review comments
* Remove koa-onerror
Co-authored-by: Tom Moor <tom.moor@gmail.com>
* Remove home link on desktop app
* Spellcheck, installation toasts, background styling, …
* Add email,slack, auth support
* More desktop style tweaks
* Move redirect to client
* cleanup
* Record desktop usage
* docs
* fix: Selection state in search input when double clicking header
* wip
* wip
* fix comments
* better separation of conerns
* fix up tests
* fix semantics
* fixup tsc
* fix some tests
* the old semantics were easier to use
* add db:reset to scripts
* explicitly throw for unauthorized external authorization
* fix minor bug
* add additional tests for user creator and team creator
* yank the email matching logic out of teamcreator
* renaming
* fix type and test errors
* adds test to ensure that accountProvisioner works with email matching
* remove only
* fix comments
* recreate changes to allow self hosted to make teams
* make the user lookup in user creator sensitive to team
* add team specific logic to oidc strat
* factor out slugifyDomain
* change type of req during auth to Koa.Context
* chore: Async user avatar upload processor
* chore: Async team avatar upload
* Refactor to task for retries
* Docs
Include avatarUrl in task props to prevent race condition
Remove transaction around upload fetch request
* feat: allow personal gmail accounts to be used to sign into teams with an existing invite
* address comments
* add comment for appDomain
* address comments
* chore: Store expiresAt on UserAuthentications. This represents the time that the accessToken is no longer valid and should be exchanged using the refreshToken
* feat: Check and expire Google SSO
* fix: Better handling of multiple auth methods
Added more docs
* fix: Retry access validation with network errors
* Small refactor, add Azure token validation support
* doc
* test
* lint
* OIDC refresh support
* CheckSSOAccessTask -> ValidateSSOAccessTask
Added lastValidatedAt column
Skip checks if validated within 5min
Some edge cases around encrypted columns
* change the api of domain parsing to just parseDomain and getCookieDomain
* adds getBaseDomain as the method to get the domain after any official subdomains
Fixes#3412
Previously the only way to restrict the domains for a Team were with the ALLOWED_DOMAINS environment variable for self hosted instances.
This PR migrates this to be a database backed setting on the Team object. This is done through the creation of a TeamDomain model that is associated with the Team and contains the domain name
This settings is updated on the Security Tab. Here domains can be added or removed from the Team.
On the server side, we take the code paths that previously were using ALLOWED_DOMAINS and switched them to use the Team allowed domains instead
* Refactor worker, all emails on task system
* fix
* lint
* fix: Remove a bunch of expect-error comments in related tests
* refactor: Move work from utils.gc into tasks
* test
* Add tracing to tasks and processors
fix: DebounceProcessor triggering on all events
Event.add -> Event.schedule
