iron-cms 0.7.1 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 49a31d47d6e5647a8f1f49bd18dfea621555969018b677b602c2d838d2e0bece
-  data.tar.gz: 874b32467d3555cf4b2e0360f55f315536c6e10590aaf3f15af9dd707a27159e
+  metadata.gz: '0394a59fdfcd9e2552d9aea3fe48e8b95f7d01813841b0c91a0ba9fb2cc08220'
+  data.tar.gz: 6b1125a24a88c762fe24b73c6d50b0a0a35f76bc802d89f073c55fb58d4d063d
 SHA512:
-  metadata.gz: 7a0ab6d523de2863a24b10a1b84cfba423fe198840f7a2bd28b5c951f1067ccc264b92c4ffdc11585a30ea2ab94d0b49479cb6dea39f7f4e0172d80ebe70c364
-  data.tar.gz: 786d5f22ea259d34c1a4c733d8376cdc6048b071a762b28a34fab5b8759218542b618aeea91ef5973bf9630f0a86211b6c34c32bd34799355b2e08f4cb4ba59e
+  metadata.gz: dd37b2e6e68ccbb9993781cce2a0ccfbdf42ecd5247f36f010ff0ee1b97aed3228bc5cb4ac7961614617df8214985a950a8a67c86f904c83d341ce2a270449f0
+  data.tar.gz: cb47c4a18d861e37001015aeec7eff0f2d90ca7ba8fd7ca7daeb85e03387fbb39ea84e3104e5a4e86e99c1986f3ea6656398f63e4e516582f80b9260655b1dc0

data/app/assets/builds/iron.css

@@ -49,6 +49,7 @@
     --container-2xs: 18rem;
     --container-xs: 20rem;
     --container-sm: 24rem;
+    --container-md: 28rem;
     --container-2xl: 42rem;
     --container-4xl: 56rem;
     --text-xs: 0.75rem;
@@ -1839,6 +1840,9 @@
   .table {
     display: table;
   }
+  .aspect-square {
+    aspect-ratio: 1 / 1;
+  }
   .size-4 {
     width: calc(var(--spacing) * 4);
     height: calc(var(--spacing) * 4);
@@ -1855,6 +1859,10 @@
     width: calc(var(--spacing) * 8);
     height: calc(var(--spacing) * 8);
   }
+  .size-auto {
+    width: auto;
+    height: auto;
+  }
   .size-full {
     width: 100%;
     height: 100%;
@@ -1886,6 +1894,9 @@
   .max-h-60 {
     max-height: calc(var(--spacing) * 60);
   }
+  .max-h-none {
+    max-height: none;
+  }
   .min-h-56 {
     min-height: calc(var(--spacing) * 56);
   }
@@ -1940,6 +1951,9 @@
   .max-w-96 {
     max-width: calc(var(--spacing) * 96);
   }
+  .max-w-md {
+    max-width: var(--container-md);
+  }
   .max-w-none {
     max-width: none;
   }
@@ -2063,6 +2077,13 @@
       margin-block-end: calc(calc(var(--spacing) * 1) * calc(1 - var(--tw-space-y-reverse)));
     }
   }
+  .space-y-2 {
+    :where(& > :not(:last-child)) {
+      --tw-space-y-reverse: 0;
+      margin-block-start: calc(calc(var(--spacing) * 2) * var(--tw-space-y-reverse));
+      margin-block-end: calc(calc(var(--spacing) * 2) * calc(1 - var(--tw-space-y-reverse)));
+    }
+  }
   .space-y-4 {
     :where(& > :not(:last-child)) {
       --tw-space-y-reverse: 0;
@@ -2277,6 +2298,12 @@
       }
     }
   }
+  .bg-black\/50 {
+    background-color: color-mix(in srgb, #000 50%, transparent);
+    @supports (color: color-mix(in lab, red, red)) {
+      background-color: color-mix(in oklab, var(--color-black) 50%, transparent);
+    }
+  }
   .bg-gray-100 {
     background-color: var(--color-gray-100);
   }
@@ -2328,6 +2355,9 @@
       background-color: color-mix(in oklab, var(--color-stone-900) 80%, transparent);
     }
   }
+  .bg-transparent {
+    background-color: transparent;
+  }
   .bg-white {
     background-color: var(--color-white);
   }
@@ -2902,6 +2932,16 @@
       opacity: 0%;
     }
   }
+  .group-\[\.success\]\:hidden {
+    &:is(:where(.group):is(.success) *) {
+      display: none;
+    }
+  }
+  .group-\[\.success\]\:inline {
+    &:is(:where(.group):is(.success) *) {
+      display: inline;
+    }
+  }
   .peer-has-\[\:checked\]\:block {
     &:is(:where(.peer):has(*:is(:checked)) ~ *) {
       display: block;
@@ -2981,6 +3021,13 @@
       }
     }
   }
+  .hover\:opacity-75 {
+    &:hover {
+      @media (hover: hover) {
+        opacity: 75%;
+      }
+    }
+  }
   .focus\:bg-sky-100 {
     &:focus {
       background-color: var(--color-sky-100);
@@ -3100,6 +3147,12 @@
       transition-duration: 100ms;
     }
   }
+  .data-enter\:duration-300 {
+    &[data-enter] {
+      --tw-duration: 300ms;
+      transition-duration: 300ms;
+    }
+  }
   .data-enter\:ease-out {
     &[data-enter] {
       --tw-ease: var(--ease-out);
@@ -3130,6 +3183,12 @@
       transition-duration: 100ms;
     }
   }
+  .data-leave\:duration-200 {
+    &[data-leave] {
+      --tw-duration: 200ms;
+      transition-duration: 200ms;
+    }
+  }
   .data-leave\:ease-in {
     &[data-leave] {
       --tw-ease: var(--ease-in);

data/app/controllers/iron/passwords_controller.rb

@@ -2,6 +2,7 @@ module Iron
   class PasswordsController < ApplicationController
     layout "iron/authentication"
     allow_unauthenticated_access
+    before_action :require_email_configuration, only: %i[ new create ]
     before_action :set_user_by_token, only: %i[ edit update ]
 
     def new
@@ -9,7 +10,7 @@ module Iron
 
     def create
       if user = User.find_by(email_address: params[:email_address])
-        PasswordsMailer.reset(user).deliver_later
+        Iron::PasswordsMailer.reset(user).deliver_later
       end
 
       redirect_to new_session_url, notice: "Password reset instructions sent (if user with that email address exists)."
@@ -27,6 +28,12 @@ module Iron
     end
 
     private
+      def require_email_configuration
+        unless EmailConfiguration.available?
+          redirect_to sign_in_url, alert: "Email is not configured. Please contact an administrator for a transfer link."
+        end
+      end
+
       def set_user_by_token
         @user = User.find_by_password_reset_token!(params[:token])
       rescue ActiveSupport::MessageVerifier::InvalidSignature

data/app/controllers/iron/qr_codes_controller.rb

@@ -0,0 +1,15 @@
+module Iron
+  class QrCodesController < ApplicationController
+    allow_unauthenticated_access
+
+    def show
+      qr_code_link = QrCodeLink.from_signed(params[:id])
+      svg = RQRCode::QRCode.new(qr_code_link.url).as_svg(viewbox: true, fill: :white, color: :black)
+
+      expires_in 1.year, public: true
+      render plain: svg, content_type: "image/svg+xml"
+    rescue ActiveSupport::MessageVerifier::InvalidSignature
+      head :bad_request
+    end
+  end
+end

data/app/controllers/iron/sessions/transfers_controller.rb

@@ -0,0 +1,21 @@
+module Iron
+  module Sessions
+    class TransfersController < ApplicationController
+      layout "iron/authentication"
+      allow_unauthenticated_access
+      rate_limit to: 10, within: 3.minutes, only: :update, with: -> { redirect_to sign_in_url, alert: "Try again later." }
+
+      def show
+      end
+
+      def update
+        if user = User.find_by_transfer_id(params[:id])
+          start_new_session_for user
+          redirect_to after_authentication_url
+        else
+          redirect_to sign_in_url, alert: "Transfer link is invalid or has expired."
+        end
+      end
+    end
+  end
+end

data/app/controllers/iron/users_controller.rb

@@ -3,9 +3,10 @@ module Iron
     layout "iron/authentication", only: %i[ new create ]
     require_unauthenticated_access only: %i[ new create ]
 
-    before_action :set_user, only: %i[ show update destroy ]
+    before_action :set_user, only: %i[ show edit update destroy ]
     before_action :verify_join_code, only: %i[ new create ]
-    before_action :ensure_can_administer, except: %i[ new create ]
+    before_action :ensure_can_administer, only: %i[ index destroy ]
+    before_action :ensure_current_user, only: %i[ edit ]
 
     def index
       @users = User.all
@@ -18,7 +19,10 @@ module Iron
     def show
     end
 
-     def create
+    def edit
+    end
+
+    def create
       @user = User.new(join_params)
       if @user.save
         start_new_session_for @user
@@ -31,10 +35,10 @@ module Iron
     end
 
     def update
-      if @user.update(update_params)
-        redirect_back fallback_location: users_path, notice: "User was successfully updated.", status: :see_other
+      if @user.current?
+        update_own_profile
       else
-        redirect_back fallback_location: users_path, alert: @user.errors.full_messages.to_sentence, status: :see_other
+        update_user_role
       end
     end
 
@@ -55,12 +59,36 @@ module Iron
         params.expect(user: [ :email_address, :password, :password_confirmation ])
       end
 
-      def update_params
-        params.expect(user: [ :email_address, :role ])
+      def profile_params
+        params.require(:user).permit(:email_address, :password, :password_confirmation)
+      end
+
+      def role_params
+        params.expect(user: [ :role ])
       end
 
       def verify_join_code
         head :not_found if Current.account.join_code != params[:join_code]
       end
+
+      def ensure_current_user
+        redirect_to @user, alert: "You can only edit your own profile." unless @user.current?
+      end
+
+      def update_own_profile
+        if @user.update(profile_params)
+          redirect_to @user, notice: "Profile updated."
+        else
+          render :edit, status: :unprocessable_entity
+        end
+      end
+
+      def update_user_role
+        if @user.update(role_params)
+          redirect_back fallback_location: users_path, notice: "User was successfully updated.", status: :see_other
+        else
+          redirect_back fallback_location: users_path, alert: @user.errors.full_messages.to_sentence, status: :see_other
+        end
+      end
   end
 end

data/app/helpers/iron/application_helper.rb

@@ -1,7 +1,7 @@
 require "tailwind_merge"
 module Iron
   module ApplicationHelper
-    include IconsHelper, AvatarHelper, UiHelper, EntriesHelper, ContentTypesHelper
+    include IconsHelper, AvatarHelper, UiHelper, EntriesHelper, ContentTypesHelper, TransfersHelper
 
     TAILWIND_MERGER = TailwindMerge::Merger.new.freeze
 
@@ -12,5 +12,9 @@ module Iron
     def unique_id
       rand(10000000..100000000)
     end
+
+    def email_configured?
+      EmailConfiguration.available?
+    end
   end
 end

data/app/helpers/iron/transfers_helper.rb

@@ -0,0 +1,27 @@
+module Iron
+  module TransfersHelper
+    def button_to_copy_to_clipboard(url, &block)
+      tag.button class: "button-secondary group", data: {
+        controller: "copy-to-clipboard",
+        action: "copy-to-clipboard#copy",
+        copy_to_clipboard_content_value: url,
+        copy_to_clipboard_success_class: "success"
+      }, &block
+    end
+
+    def web_share_button(url, title, text, &block)
+      tag.button class: "button-secondary", hidden: true, data: {
+        controller: "web-share",
+        action: "web-share#share",
+        web_share_url_value: url,
+        web_share_text_value: text,
+        web_share_title_value: title
+      }, &block
+    end
+
+    def qr_code_image(url)
+      qr_code_link = QrCodeLink.new(url)
+      image_tag qr_code_path(qr_code_link.signed), class: "aspect-square", alt: "QR Code"
+    end
+  end
+end

data/app/javascript/iron/controllers/copy_to_clipboard_controller.js

@@ -0,0 +1,29 @@
+import { Controller } from "@hotwired/stimulus"
+
+export default class extends Controller {
+  static values = {
+    content: String,
+    successDuration: { type: Number, default: 1500 }
+  }
+  static classes = ["success"]
+
+  async copy(event) {
+    event.preventDefault()
+    this.reset()
+
+    try {
+      await navigator.clipboard.writeText(this.contentValue)
+      this.element.classList.add(this.successClass)
+      setTimeout(() => this.reset(), this.successDurationValue)
+    } catch { }
+  }
+
+  reset() {
+    this.element.classList.remove(this.successClass)
+    this.#forceReflow()
+  }
+
+  #forceReflow() {
+    this.element.offsetWidth
+  }
+}

data/app/javascript/iron/controllers/web_share_controller.js

@@ -0,0 +1,17 @@
+import { Controller } from "@hotwired/stimulus"
+
+export default class extends Controller {
+  static values = { title: String, text: String, url: String }
+
+  connect() {
+    this.element.hidden = !navigator.canShare
+  }
+
+  async share() {
+    await navigator.share({
+      title: this.titleValue,
+      text: this.textValue,
+      url: this.urlValue
+    })
+  }
+}

data/app/mailers/iron/passwords_mailer.rb

@@ -0,0 +1,8 @@
+module Iron
+  class PasswordsMailer < ApplicationMailer
+    def reset(user)
+      @user = user
+      mail subject: "Reset your password", to: user.email_address
+    end
+  end
+end

data/app/models/iron/email_configuration.rb

@@ -0,0 +1,21 @@
+module Iron
+  class EmailConfiguration
+    def self.available?
+      delivery_method = ActionMailer::Base.delivery_method
+
+      case delivery_method
+      when :smtp
+        ActionMailer::Base.smtp_settings[:address].present?
+      when :sendmail, :file
+        true
+      when :test
+        Rails.env.test?
+      else
+        # Allow other delivery methods (postmark, sendgrid, etc.)
+        true
+      end
+    rescue
+      false
+    end
+  end
+end

data/app/models/iron/qr_code_link.rb

@@ -0,0 +1,28 @@
+module Iron
+  class QrCodeLink
+    attr_reader :url
+
+    def initialize(url)
+      @url = url
+    end
+
+    def signed
+      self.class.verifier.generate(@url, purpose: :qr_code)
+    end
+
+    def self.from_signed(signed)
+      new verifier.verify(signed, purpose: :qr_code)
+    end
+
+    private
+      class << self
+        def verifier
+          ActiveSupport::MessageVerifier.new(secret, url_safe: true)
+        end
+
+        def secret
+          Rails.application.key_generator.generate_key("iron_qr_codes")
+        end
+      end
+  end
+end

data/app/models/iron/user/transferable.rb

@@ -0,0 +1,15 @@
+module Iron::User::Transferable
+  extend ActiveSupport::Concern
+
+  TRANSFER_LINK_EXPIRY_DURATION = 4.hours
+
+  class_methods do
+    def find_by_transfer_id(id)
+      find_signed(id, purpose: :transfer)
+    end
+  end
+
+  def transfer_id
+    signed_id(purpose: :transfer, expires_in: TRANSFER_LINK_EXPIRY_DURATION)
+  end
+end

data/app/models/iron/user.rb

@@ -1,6 +1,7 @@
 module Iron
   class User < ApplicationRecord
     include Role
+    include Transferable
 
     before_destroy :ensure_not_current_user
 

data/app/views/iron/sessions/new.html.erb

@@ -18,9 +18,11 @@
     <div>
       <div class="flex items-center justify-between">
         <%= form.label :password, "Password", class: "block text-sm/6 font-medium text-stone-900 dark:text-stone-100" %>
-        <div class="text-sm">
-          <%= link_to "Forgot password?", new_password_path, class: "font-semibold text-stone-600 hover:text-stone-500 dark:text-stone-400 dark:hover:text-stone-300" %>
-        </div>
+        <% if email_configured? %>
+          <div class="text-sm">
+            <%= link_to "Forgot password?", new_password_path, class: "font-semibold text-stone-600 hover:text-stone-500 dark:text-stone-400 dark:hover:text-stone-300" %>
+          </div>
+        <% end %>
       </div>
       <div class="mt-2">
         <%= form.password_field :password,

data/app/views/iron/sessions/transfers/show.html.erb

@@ -0,0 +1,16 @@
+<div class="sm:mx-auto sm:w-full sm:max-w-sm">
+  <h2 class="mt-10 text-center text-2xl/9 font-bold tracking-tight text-stone-900 dark:text-white">Confirm sign in</h2>
+  <p class="mt-2 text-center text-sm/6 text-stone-500 dark:text-stone-400">You're about to sign in using a transfer link</p>
+</div>
+
+<div class="mt-10 sm:mx-auto sm:w-full sm:max-w-sm">
+  <%= form_with url: session_transfer_path(params[:id]), method: :put, class: "space-y-6" do |form| %>
+    <div>
+      <%= form.submit "Sign in", class: "button-primary w-full" %>
+    </div>
+  <% end %>
+
+  <p class="mt-10 text-center text-sm/6 text-stone-500 dark:text-stone-400">
+    <%= link_to "Back to sign in", sign_in_path, class: "font-semibold text-stone-600 hover:text-stone-500 dark:text-stone-400 dark:hover:text-stone-300" %>
+  </p>
+</div>

data/app/views/iron/users/_invite.html.erb

@@ -0,0 +1,56 @@
+<% url = join_url(Iron::Current.account.join_code) %>
+
+<div class="max-w-md">
+  <div class="bg-white dark:bg-stone-800/50 rounded-lg shadow-sm p-6 space-y-4">
+    <div class="space-y-2">
+      <h3 class="text-sm font-medium text-stone-900 dark:text-white">Invite Users</h3>
+      <p class="text-sm text-stone-500 dark:text-stone-400">Share this link to invite people to join</p>
+    </div>
+
+    <div class="field">
+      <label for="join-url" class="sr-only">Invitation URL</label>
+      <input type="text" id="join-url" class="input" value="<%= url %>" readonly>
+    </div>
+
+    <div class="flex items-center gap-2">
+      <div>
+        <button command="show-modal" commandfor="invite-qr-code-dialog" class="button-secondary">
+          <%= icon "qr-code", class: "size-4" %>
+          <span>Show QR code</span>
+        </button>
+
+        <el-dialog>
+          <dialog id="invite-qr-code-dialog" class="fixed inset-0 size-auto max-h-none max-w-none overflow-y-auto bg-transparent backdrop:bg-transparent">
+            <el-dialog-backdrop class="fixed inset-0 bg-black/50 transition-opacity data-closed:opacity-0 data-enter:duration-300 data-enter:ease-out data-leave:duration-200 data-leave:ease-in"></el-dialog-backdrop>
+
+            <div tabindex="0" class="flex min-h-full items-center justify-center p-4 focus:outline-none">
+              <el-dialog-panel class="relative transform overflow-hidden rounded-lg bg-white p-6 shadow-xl transition-all data-closed:scale-95 data-closed:opacity-0 data-enter:duration-300 data-enter:ease-out data-leave:duration-200 data-leave:ease-in dark:bg-stone-800">
+                <div class="flex flex-col items-center gap-4">
+                  <div class="w-64">
+                    <%= qr_code_image(url) %>
+                  </div>
+                  <button type="button" command="close" commandfor="invite-qr-code-dialog" class="button-secondary">
+                    <%= icon "x", class: "size-4" %>
+                    <span>Close</span>
+                  </button>
+                </div>
+              </el-dialog-panel>
+            </div>
+          </dialog>
+        </el-dialog>
+      </div>
+
+      <%= button_to_copy_to_clipboard(url) do %>
+        <%= icon "copy", class: "size-4 group-[.success]:hidden" %>
+        <%= icon "check", class: "size-4 hidden group-[.success]:inline" %>
+        <span class="group-[.success]:hidden">Copy</span>
+        <span class="hidden group-[.success]:inline">Copied</span>
+      <% end %>
+
+      <%= web_share_button(url, "Join invitation", "Use this link to join as a new user.") do %>
+        <%= icon "share", class: "size-4" %>
+        <span>Share</span>
+      <% end %>
+    </div>
+  </div>
+</div>

data/app/views/iron/users/_transfer.html.erb

@@ -0,0 +1,65 @@
+<%# locals: (user:) -%>
+<% url = session_transfer_url(user.transfer_id) %>
+
+<div class="space-y-4">
+  <div class="space-y-2">
+    <% if Iron::Current.user != user %>
+      <h3 class="text-sm font-medium text-stone-900 dark:text-white">Account Recovery Link</h3>
+      <p class="text-sm text-stone-500 dark:text-stone-400">Share this link to help them sign in on another device</p>
+    <% else %>
+      <h3 class="text-sm font-medium text-stone-900 dark:text-white">Transfer Session</h3>
+      <p class="text-sm text-stone-500 dark:text-stone-400">Use this link to automatically sign in on another device</p>
+    <% end %>
+  </div>
+
+  <div class="field">
+    <label for="session_transfer_url" class="sr-only">Auto-login URL</label>
+    <input type="text" id="session_transfer_url" value="<%= url %>" readonly class="input">
+    <p class="text-xs text-stone-400 dark:text-stone-500 mt-2">
+      This link expires in 4 hours.
+    </p>
+  </div>
+
+
+  <div class="flex items-center gap-2">
+    <div>
+      <button command="show-modal" commandfor="qr-code-dialog" class="button-secondary">
+        <%= icon "qr-code", class: "size-4" %>
+        <span class="">Show QR code</span>
+      </button>
+
+      <el-dialog>
+        <dialog id="qr-code-dialog" class="fixed inset-0 size-auto max-h-none max-w-none overflow-y-auto bg-transparent backdrop:bg-transparent">
+          <el-dialog-backdrop class="fixed inset-0 bg-black/50 transition-opacity data-closed:opacity-0 data-enter:duration-300 data-enter:ease-out data-leave:duration-200 data-leave:ease-in"></el-dialog-backdrop>
+
+          <div tabindex="0" class="flex min-h-full items-center justify-center p-4 focus:outline-none">
+            <el-dialog-panel class="relative transform overflow-hidden rounded-lg bg-white p-6 shadow-xl transition-all data-closed:scale-95 data-closed:opacity-0 data-enter:duration-300 data-enter:ease-out data-leave:duration-200 data-leave:ease-in dark:bg-stone-800">
+              <div class="flex flex-col items-center gap-4">
+                <div class="w-64">
+                  <%= qr_code_image(url) %>
+                </div>
+                <button type="button" command="close" commandfor="qr-code-dialog" class="button-secondary">
+                  <%= icon "x", class: "size-4" %>
+                  <span>Close</span>
+                </button>
+              </div>
+            </el-dialog-panel>
+          </div>
+        </dialog>
+      </el-dialog>
+    </div>
+
+    <%= button_to_copy_to_clipboard(url) do %>
+      <%= icon "copy", class: "size-4 group-[.success]:hidden" %>
+      <%= icon "check", class: "size-4 hidden group-[.success]:inline" %>
+      <span class="group-[.success]:hidden">Copy</span>
+      <span class="hidden group-[.success]:inline">Copied</span>
+    <% end %>
+
+    <%= web_share_button(url, "Your sign-in link", "This is your private sign-in URL. Use it to sign in on another device.") do %>
+      <%= icon "share", class: "size-4" %>
+      <span class="">Share link</span>
+    <% end %>
+  </div>
+
+</div>

data/app/views/iron/users/_user.html.erb

@@ -2,12 +2,12 @@
   <div class="block px-6 py-3">
     <div class="flex items-center justify-between gap-4">
       <div class="flex flex-col sm:flex-row sm:items-center sm:gap-8 min-w-0 flex-1">
-        <div class="flex items-center gap-3 shrink-0">
+        <%= link_to user_path(user), class: "flex items-center gap-3 shrink-0 hover:opacity-75 transition-opacity" do %>
           <h3 class="text-base font-semibold text-stone-900 dark:text-white truncate"><%= user.name %></h3>
           <span class="text-sm text-stone-400"><%= user.email_address %></span>
-        </div>
+        <% end %>
       </div>
-      <div>
+      <div class="flex items-center gap-2">
         <% if user.current? %>
           <%= badge user.role, class: ("badge-blue" if user.administrator?) %>
         <% else %>
@@ -20,6 +20,10 @@
               </div>
             </div>
           <% end %>
+          <%= button_to user_path(user), method: :delete, class: "button-destructive-icon", data: { turbo_confirm: "Are you sure you want to remove #{user.name}?" } do %>
+            <%= icon "trash-2", class: "size-4" %>
+            <span class="sr-only">Remove <%= user.name %></span>
+          <% end %>
         <% end %>
       </div>
     </div>

data/app/views/iron/users/edit.html.erb

@@ -1,12 +1,49 @@
-<% content_for :title, "Editing user" %>
+<% content_for :title, "Edit Profile" %>
 
-<h1>Editing user</h1>
+<div class="space-y-8">
+  <%= back_button_to "My Account", user_path(@user) %>
 
-<%= render "form", user: @user %>
+  <div class="flex justify-between items-center">
+    <h1 class="page-title">Edit Profile</h1>
+  </div>
 
-<br>
+  <div class="max-w-md">
+    <%= form_with(model: @user, class: "space-y-6") do |form| %>
+      <div class="bg-white dark:bg-stone-800/50 rounded-lg shadow-sm p-6 space-y-4">
+        <div class="field">
+          <%= form.label :email_address, "Email" %>
+          <div>
+            <%= form.email_field :email_address, autocomplete: "email" %>
+            <%= form.error_for :email_address %>
+          </div>
+        </div>
+      </div>
 
-<div>
-  <%= link_to "Show this user", @user %> |
-  <%= link_to "Back to users", users_path %>
+      <div class="bg-white dark:bg-stone-800/50 rounded-lg shadow-sm p-6 space-y-4">
+        <h2 class="text-sm font-medium text-stone-900 dark:text-white">Change Password</h2>
+        <p class="text-sm text-stone-500 dark:text-stone-400">Leave blank to keep your current password</p>
+
+        <div class="field">
+          <%= form.label :password, "New password" %>
+          <div>
+            <%= form.password_field :password, autocomplete: "new-password", maxlength: 72 %>
+            <%= form.error_for :password %>
+          </div>
+        </div>
+
+        <div class="field">
+          <%= form.label :password_confirmation, "Confirm new password" %>
+          <div>
+            <%= form.password_field :password_confirmation, autocomplete: "new-password", maxlength: 72 %>
+            <%= form.error_for :password_confirmation %>
+          </div>
+        </div>
+      </div>
+
+      <div class="flex gap-3">
+        <%= form.submit "Save changes", class: "button-primary" %>
+        <%= link_to "Cancel", user_path(@user), class: "button-secondary" %>
+      </div>
+    <% end %>
+  </div>
 </div>

data/app/views/iron/users/index.html.erb

@@ -1,19 +1,11 @@
 <% content_for :title, "Users" %>
 
-<% url = join_url(Iron::Current.account.join_code) %>
-
 <div class="space-y-8">
   <div class="flex justify-between items-center">
     <h1 class="page-title">Users</h1>
   </div>
 
-  <div>
-    <h2>Invite users</h2>
-    <div class="field">
-      <label for="join-url">Share to invite people to join</label>
-      <input type="text" id="join-url" class="input" value="<%= url %>" readonly>
-    </div>
-  </div>
+  <%= render "iron/users/invite" %>
 
   <div id="users" class="bg-white dark:bg-stone-800/50 rounded-lg shadow-sm divide-y divide-stone-200 dark:divide-stone-700/20 overflow-hidden">
     <%= render @users %>

data/app/views/iron/users/new.html.erb

@@ -1,29 +1,37 @@
 <% content_for :title, "Join #{Iron::Current.account.name}" %>
 
-<div>
-  <div class="mb-8 text-center">
-    <h1 class="text-2xl font-semibold tracking-tight">Join <%= Iron::Current.account.name %></h1>
-  </div>
+<div class="sm:mx-auto sm:w-full sm:max-w-sm">
+  <h2 class="mt-10 text-center text-2xl/9 font-bold tracking-tight text-stone-900 dark:text-white">Join <%= Iron::Current.account.name %></h2>
+</div>
 
-  <%= form_with(model: @user, url: join_path(params[:join_code]), class: "space-y-4") do |form| %>
+<div class="mt-10 sm:mx-auto sm:w-full sm:max-w-sm">
+  <%= form_with(model: @user, url: join_path(params[:join_code]), class: "space-y-6") do |form| %>
     <div>
-      <%= form.label :email_address %>
-      <%= form.email_field :email_address, required: true, autofocus: true, autocomplete: "email" %>
+      <%= form.label :email_address, "Email address", class: "block text-sm/6 font-medium text-stone-900 dark:text-stone-100" %>
+      <div class="mt-2">
+        <%= form.email_field :email_address, required: true, autofocus: true, autocomplete: "email" %>
+      </div>
       <%= form.error_for :email_address %>
     </div>
 
     <div>
-      <%= form.label :password %>
-      <%= form.password_field :password, required: true, autocomplete: "new-password" %>
+      <%= form.label :password, "Password", class: "block text-sm/6 font-medium text-stone-900 dark:text-stone-100" %>
+      <div class="mt-2">
+        <%= form.password_field :password, required: true, autocomplete: "new-password" %>
+      </div>
       <%= form.error_for :password %>
     </div>
 
     <div>
-      <%= form.label :password_confirmation %>
-      <%= form.password_field :password_confirmation, required: true, autocomplete: "new-password" %>
+      <%= form.label :password_confirmation, "Password confirmation", class: "block text-sm/6 font-medium text-stone-900 dark:text-stone-100" %>
+      <div class="mt-2">
+        <%= form.password_field :password_confirmation, required: true, autocomplete: "new-password" %>
+      </div>
       <%= form.error_for :password_confirmation %>
     </div>
 
-    <%= form.submit "Join", class: "button-primary mt-4 w-full" %>
+    <div>
+      <%= form.submit "Join", class: "button-primary w-full" %>
+    </div>
   <% end %>
 </div>

data/app/views/iron/users/show.html.erb

@@ -1,18 +1,39 @@
-<% content_for :title, "#{@user.name}" %>
+<% content_for :title, @user.current? ? "My Account" : @user.name %>
 
-<div id="<%= dom_id @user %>">
-  <%= back_button_to "Users", users_path %>
-  <div class="flex justify-between">
-    <h1 class="page-title"><%= @user.name %></h1>
-    <div>
-      <%= unless @user.current?
-        button_to "Destroy",
-        @user,
-        method: :delete,
-        class: "button-destructive"
-      end %>
-    </div>
+<div class="space-y-8">
+  <% unless @user.current? %>
+    <%= back_button_to "Users", users_path %>
+  <% end %>
+
+  <div class="flex justify-between items-center">
+    <h1 class="page-title"><%= @user.current? ? "My Account" : @user.name %></h1>
+    <% if @user.current? %>
+      <%= link_to "Edit", edit_user_path(@user), class: "button-secondary" %>
+    <% end %>
   </div>
 
-  <%= render "form", user: @user %>
+  <div class="max-w-md space-y-6">
+    <div class="bg-white dark:bg-stone-800/50 rounded-lg shadow-sm p-6">
+      <div class="space-y-4">
+        <div class="field">
+          <label class="label">Email</label>
+          <p class="text-stone-900 dark:text-white"><%= @user.email_address %></p>
+        </div>
+        <div class="field">
+          <label class="label">Role</label>
+          <p class="text-stone-900 dark:text-white"><%= @user.role.titleize %></p>
+        </div>
+      </div>
+    </div>
+
+    <div class="bg-white dark:bg-stone-800/50 rounded-lg shadow-sm p-6">
+      <%= render "iron/users/transfer", user: @user %>
+    </div>
+
+    <% if @user.current? %>
+      <div class="bg-white dark:bg-stone-800/50 rounded-lg shadow-sm p-6">
+        <%= button_to "Sign out", session_path, method: :delete, class: "button-outline w-full" %>
+      </div>
+    <% end %>
+  </div>
 </div>

data/app/views/layouts/iron/_user_menu.html.erb

@@ -11,10 +11,10 @@
 
   <el-menu anchor="<%= anchor %>" popover class="<%= anchor.include?('top') ? 'mx-2' : '' %> w-56 origin-bottom-right divide-y divide-stone-100 rounded-md bg-white shadow-lg outline-1 outline-black/5 transition transition-discrete [--anchor-gap:--spacing(2)] data-closed:scale-95 data-closed:transform data-closed:opacity-0 data-enter:duration-100 data-enter:ease-out data-leave:duration-75 data-leave:ease-in dark:divide-white/10 dark:bg-stone-800 dark:shadow-none dark:-outline-offset-1 dark:outline-white/10">
     <div class="py-1">
-      <a href="#" class="group/item flex items-center px-4 py-2 text-sm text-stone-700 focus:bg-stone-100 focus:text-stone-900 focus:outline-hidden dark:text-stone-300 dark:focus:bg-white/5 dark:focus:text-white">
+      <%= link_to user_path(Iron::Current.user), class: "group/item flex items-center px-4 py-2 text-sm text-stone-700 focus:bg-stone-100 focus:text-stone-900 focus:outline-hidden dark:text-stone-300 dark:focus:bg-white/5 dark:focus:text-white" do %>
         <%= icon "circle-user", class: "mr-3 size-5 text-stone-400 group-focus/item:text-stone-500 dark:text-stone-500 dark:group-focus/item:text-white" %>
         My account
-      </a>
+      <% end %>
     </div>
     <div class="py-1">
       <%= button_to session_path, method: :delete, class: "group/item w-full flex items-center px-4 py-2 text-sm text-stone-700 focus:bg-stone-100 focus:text-stone-900 focus:outline-hidden dark:text-stone-300 dark:focus:bg-white/5 dark:focus:text-white" do %>

data/config/routes.rb

@@ -27,13 +27,18 @@ Iron::Engine.routes.draw do
   resources :locales, except: %i[ show ]
 
   resource :settings, only: %i[ show update ]
-  resources :users, only: %i[ index show update destroy ]
+  resources :users, only: %i[ index show edit update destroy ]
 
   # Authentication
   get "join/:join_code", to: "users#new", as: :join
   post "join/:join_code", to: "users#create"
   get "sign_in", to: "sessions#new"
   post "sign_in", to: "sessions#create"
-  resource :session, only: %i[ destroy ]
+  resource :session, only: %i[ destroy ] do
+    scope module: "sessions" do
+      resources :transfers, only: %i[ show update ]
+    end
+  end
   resources :passwords, param: :token
+  resources :qr_codes, only: :show
 end

data/lib/iron/engine.rb

@@ -6,6 +6,7 @@ require "action_text/engine"
 require "lexxy"
 require "bcrypt"
 require "ostruct"
+require "rqrcode"
 require "iron/lexorank"
 require "iron/sdk"
 require "iron/routing"

data/lib/iron/version.rb

@@ -1,3 +1,3 @@
 module Iron
-  VERSION = "0.7.1"
+  VERSION = "0.8.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: iron-cms
 version: !ruby/object:Gem::Version
-  version: 0.7.1
+  version: 0.8.0
 platform: ruby
 authors:
 - Massimo De Marchi
@@ -191,6 +191,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.3'
+- !ruby/object:Gem::Dependency
+  name: rqrcode
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
 description: A Rails engine for managing and publishing content with a flexible schema.
 email:
 - massimo@inkofpixel.com
@@ -236,7 +250,9 @@ files:
 - app/controllers/iron/icons_controller.rb
 - app/controllers/iron/locales_controller.rb
 - app/controllers/iron/passwords_controller.rb
+- app/controllers/iron/qr_codes_controller.rb
 - app/controllers/iron/references_controller.rb
+- app/controllers/iron/sessions/transfers_controller.rb
 - app/controllers/iron/sessions_controller.rb
 - app/controllers/iron/settings_controller.rb
 - app/controllers/iron/users_controller.rb
@@ -248,9 +264,11 @@ files:
 - app/helpers/iron/form_builder.rb
 - app/helpers/iron/icons_helper.rb
 - app/helpers/iron/image_helper.rb
+- app/helpers/iron/transfers_helper.rb
 - app/helpers/iron/ui_helper.rb
 - app/javascript/iron/application.js
 - app/javascript/iron/controllers/application.js
+- app/javascript/iron/controllers/copy_to_clipboard_controller.js
 - app/javascript/iron/controllers/element_controller.js
 - app/javascript/iron/controllers/file_upload_controller.js
 - app/javascript/iron/controllers/form_controller.js
@@ -260,13 +278,14 @@ files:
 - app/javascript/iron/controllers/local_preference_controller.js
 - app/javascript/iron/controllers/sortable_list_controller.js
 - app/javascript/iron/controllers/toggle_controller.js
+- app/javascript/iron/controllers/web_share_controller.js
 - app/javascript/iron/lib/lexorank.js
 - app/jobs/iron/application_job.rb
 - app/jobs/iron/export_job.rb
 - app/jobs/iron/generate_entry_routes_job.rb
 - app/jobs/iron/import_job.rb
 - app/mailers/iron/application_mailer.rb
-- app/mailers/passwords_mailer.rb
+- app/mailers/iron/passwords_mailer.rb
 - app/models/concerns/iron/broadcastable.rb
 - app/models/concerns/iron/instance_scoped.rb
 - app/models/concerns/iron/processable.rb
@@ -287,6 +306,7 @@ files:
 - app/models/iron/content_types/collection.rb
 - app/models/iron/content_types/single.rb
 - app/models/iron/current.rb
+- app/models/iron/email_configuration.rb
 - app/models/iron/entry.rb
 - app/models/iron/entry/deep_validation.rb
 - app/models/iron/entry/exportable.rb
@@ -325,10 +345,12 @@ files:
 - app/models/iron/first_run.rb
 - app/models/iron/icon_catalog.rb
 - app/models/iron/locale.rb
+- app/models/iron/qr_code_link.rb
 - app/models/iron/reference.rb
 - app/models/iron/session.rb
 - app/models/iron/user.rb
 - app/models/iron/user/role.rb
+- app/models/iron/user/transferable.rb
 - app/views/active_storage/blobs/_blob.html.erb
 - app/views/iron/account/exports/index.html.erb
 - app/views/iron/account/exports/new.html.erb
@@ -400,10 +422,12 @@ files:
 - app/views/iron/published_pages/show.html.erb
 - app/views/iron/references/new.turbo_stream.erb
 - app/views/iron/sessions/new.html.erb
+- app/views/iron/sessions/transfers/show.html.erb
 - app/views/iron/settings/show.html.erb
 - app/views/iron/shared/_icon_picker.html.erb
 - app/views/iron/shared/_select.html.erb
-- app/views/iron/users/_form.html.erb
+- app/views/iron/users/_invite.html.erb
+- app/views/iron/users/_transfer.html.erb
 - app/views/iron/users/_user.html.erb
 - app/views/iron/users/edit.html.erb
 - app/views/iron/users/index.html.erb

data/app/mailers/passwords_mailer.rb

@@ -1,6 +0,0 @@
-class PasswordsMailer < ApplicationMailer
-  def reset(user)
-    @user = user
-    mail subject: "Reset your password", to: user.email_address
-  end
-end

data/app/views/iron/users/_form.html.erb

@@ -1,21 +0,0 @@
-<%= form_with(model: user, class: "mt-4 max-w-96") do |form| %>
-  <div class="flex flex-col gap-3">
-    <div class="field">
-      <%= form.label :email_address, "Email" %>
-      <div>
-        <%= form.text_field :email_address %>
-        <%= form.error_for :email_address %>
-      </div>
-    </div>
-
-    <div class="field">
-      <%= form.label :role, "User role" %>
-      <div>
-        <%= form.collection_select :role, Iron::User.roles.keys, :to_s, :titleize %>
-        <%= form.error_for :role %>
-      </div>
-    </div>
-  </div>
-
-  <%= form.submit class: "button-primary mt-4" %>
-<% end %>