We want to avoid infinite loops using workflows. Adding a throttler with
a limit of 10 executions / sec by default for each workflow.
We were not emitting events on workflow actions so loops could not
happen. Since throttler is there we can now and these.
Adding an error message so the user knows when it happens.
<img width="1284" alt="Capture d’écran 2024-12-27 à 17 05 20"
src="https://github.com/user-attachments/assets/dafa837b-5b4c-48be-8207-c90f5c71a236"
/>
Closes#8439
## Overview
This PR implements functionality to export notes/tasks to PDF and Word
formats.
https://github.com/user-attachments/assets/67eaf4eb-cabc-45ba-8727-13f22ba31067
## Testing
- [x] Verified that the export functionality works for both notes and
tasks, whether exporting immediately after opening the editor or after
editing.
- [x] Ensured the export button appears in the action menu only when the
object is a note/task.
- [x] Ensured the export button appears in the
RightDrawerActionMenuDropdown for a note/task.
## Notes
- The code already supports exporting to Word, but only PDF export is
currently available. To enable Word export, we just need a UI option
allowing users to choose between PDF and Word.
- After upgrading the Blocknote packages to the latest version,
dependency conflicts arose with tiptap and prosemirror-model. To address
this, all tiptap dependencies were consolidated in the root
package.json, and a resolution was added for prosemirror-model. Also,
some methods in CustomAddBlockItem.tsx were missing in the newer
version, so I updated the code to accommodate these changes.
- Exporting a note with an image works only if the image is embedded, as
Blocknote doesn’t support actual image uploads. Uploaded images are
omitted in the PDF export, while the text is retained.
---------
Co-authored-by: Félix Malfait <felix.malfait@gmail.com>
Co-authored-by: Félix Malfait <felix@twenty.com>
Console.logs are valuable in development so changed `invaluable` to
`valuable`
---------
Co-authored-by: ehconitin <nitinkoche03@gmail.com>
Co-authored-by: Félix Malfait <felix@twenty.com>
Closes#9187
This pull request introduces a new feature and several enhancements for
managing webhook security by adding a secret field and enabling HMAC
signature-based authentication. Below is a detailed breakdown of the
changes made:
## Frontend Updates
### Secret Field on Webhook Edit Page
- Added a new **Secret** section on the webhook edit page.
- Includes a text input field for entering a webhook secret.
- Added a descriptive note explaining the purpose of the secret for
webhook authentication.
### State Management and Persistence
- Integrated the secret field into the Webhook type definition and state
management.
- Connected the secret field UI to the data layer, ensuring seamless
persistence of the secret field.
### Validation Improvement
- Trims leading and trailing whitespace from webhook secret inputs to
avoid potential validation issues.
## Backend Updates
### Database and Entity Changes
- Introduced a nullable `secret` field to the `WebhookWorkspaceEntity`
for securely storing webhook signing secrets.
- Field uses a standard field ID:
`20202020-97ce-410f-bff9-e9ccb038fb67`.
### Signature Generation
- Implemented HMAC-SHA256 signature generation for webhook payloads when
a secret is present:
- Signatures are added as a custom `X-Twenty-Webhook-Signature` header.
- Secret is excluded from the payload to maintain security.
### Enhanced Security Measures
- Added additional headers for enhanced security:
- **Timestamp Header**: Prevents replay attacks.
- **Nonce Header**: Mitigates duplicate requests.
- Updated the OpenAPI specification to include documentation on these
security-related headers and signature verification.
## Documentation Updates
- Updated OpenAPI documentation for webhook endpoints:
- Described security-related headers (signature, timestamp, nonce).
- Included detailed instructions for verifying HMAC signatures to assist
consumers.
## Testing and Demonstration
- [Loom Video
Link](https://www.loom.com/share/bd827e4d045f46d99f3c8186e5e5676a?sid=a5e61904-0536-4e82-8055-3d05e4598393):
Demonstrating the functionality of the secret field and webhook security
features.
- [Script Example
Link](https://runkit.com/samyakpiya/676af044040c0400086d400a): A script
showing how consumers can verify webhook authenticity using the HMAC
signature.
- [Testing Site
Instance](https://webhook.site/#!/view/3472468b-ebcd-4b7f-a083-c4ba20825bb4/6885fdce-8843-4d3f-8fe0-1d8abdd53f68/1):
Contains the logged requests sent during testing and is available for
review.
## Steps for Review
1. Verify the secret field functionality on the webhook edit page,
including state persistence and UI updates.
2. Review the security enhancements, including header additions and HMAC
signature generation.
3. Validate OpenAPI documentation changes for completeness and clarity.
---------
Co-authored-by: Félix Malfait <felix@twenty.com>
This PR addresses issue #8993 by updating the `DropdownMenuSeparator` to
adjust its background color based on the current theme.
---------
Co-authored-by: guillim <guigloo@msn.com>
Co-authored-by: Lucas Bordeau <bordeau.lucas@gmail.com>
Fixes#9245 - CSV import column selection dropdown was missing
background styles, making it difficult to read the options.
## Changes
- Add styled component for DropdownMenu with background color
- Include border and box shadow styles
## Screenshots
## Testing
- [x] Verify column selection dropdown has proper background color
- [x] Confirm dropdown options are clearly visible
- [x] Check that dropdown appears above other elements correctly
- Added all usable composite field types on pet custom object
- Fixed missing createdBy on people and company seeds
- DEFAULT_SUBDOMAIN is now used for login (could be improved for multi
workspace)
- Refactored ObjectMetadataStandardIdToIdMap to disambiguate from
ObjectMetadataMap
- Refactored seedCustomObjects
Delete all workflow sub objects when workflow is deleted. Other sub
objects cannot be deleted otherwise.
We do not listen to deletion events so I am not adding them. Those post
hooks should be deleted Q1 once we properly handle cascade for soft
deletion
Fixes: #7216
The issue was caused by the ```min-width``` property of
```StyledEditableCellEditModeContainer```. So, I removed it.
Co-authored-by: Lucas Bordeau <bordeau.lucas@gmail.com>
Restoring https://github.com/twentyhq/twenty/pull/9185
Also fixing sync-metadata with test values in jsonb
## Test
sync-metadata on existing workspaces should replace colorSchema in both
metadata and workspaceMember tables
- Added a new Seeder service to help with custom object seeds
- Added RichTextFieldInput to edit a rich text field directly on the
table, but deactivated it for now.
Removed unused `LoginTokenService` imports and dependencies for better
code clarity. Enhanced error handling in
`getPublicWorkspaceDataBySubdomain` with a try-catch block, ensuring
consistent exception handling. This improves maintainability and
robustness of the resolver.
In documentation, there's mention to make a backup of database before
upgrading Twenty but there are no commands how to do it, so this PR
solves this problem by providing commands
## Summary
- [x] Remove defaultWorkspace in user
- [x] Remove all occurrence of defaultWorkspace and defaultWorkspaceId
- [x] Improve activate workspace flow
- [x] Improve security on social login
- [x] Add `ImpersonateGuard`
- [x] Allow to use impersonation with couple `User/Workspace`
- [x] Prevent unexpected reload on activate workspace
- [x] Scope login token with workspaceId
Fix https://github.com/twentyhq/twenty/issues/9033#event-15714863042
Closes: #8647Closes: #8649
**Changes & Why**
1. Added a Search Input to `SettingsDataModelFieldAddressForm` &
`SettingsDataModelFieldCurrencyForm` as `Select` component already
accepts it as a prop.
2. Gave a fixed width to the dropdown of both the above components to
ensure it doesn't shrink on search for the menu items with low word
count.
3. Added countries Flag to `SettingsDataModelFieldAddressForm`.
4. Replaced `MenuItem` with `MenuItemSelect` to get the desired
highlighted background for the selected item with `IconCheck` to
differentiate the current selected item. This is useful across all the
select components throughout the app.
5. I realized that in some components we might not need IconCheck and
only need a highlighted background for the selected item. For ex:
`SettingsDataModelFieldBooleanForm` . Therefore, I created a prop
`needIconCheck` with default as true so it doesn't break the existing
`MenuItemSelect` and we can pass that prop as false wherever needed.
[Screencast from 2024-12-21
12-08-08.webm](https://github.com/user-attachments/assets/4f8070a8-f339-4556-a137-bbbad58b171c)
fix 9206
In the future, we should have a look at the column naming
"positionInViewFilterGroup"
because it breaks the SQL queries in `record-position-query.factory.ts`
for viewFilter tablenames
Introduced a trigger to automatically set `canImpersonate` to true for
the first user inserted into the `core.user` table. The trigger is
removed after the first user is added to ensure this behavior only
applies to the initial user. Includes both the creation and rollback
logic for the migration.
Close https://github.com/twentyhq/twenty/issues/9173
Created a resizable container tied to dragging state to create suitable
droppable zone when there's no orphan favorites.
Co-authored-by: Weiko <corentin@twenty.com>
Fixes total count bug that was -1 the total count
Fixes a bug when trying to go from first to last or the other way around
Fixes a React array key bug
Follow-up issue (non critical) :
https://github.com/twentyhq/twenty/issues/9197
Streamlined workspace selection by defaulting to the first available
workspace. Adjusted conditional rendering for a separator between
authentication providers, improving clarity and reducing redundancy.
Minor formatting changes were also applied for consistency.
Close#9094
Update the button variant to dynamically switch between 'secondary' and
'primary' based on the current step in the sign-in-up flow. Ensures the
UI reflects the correct state, improving user experience and
consistency.
