leap_web.git, branch 0.2.5 [leap_web] Version 0.2.5 2013-10-18T08:24:06+00:00 Azul azul@leap.se 2013-10-18T08:24:02+00:00 ed3b83e31a16732f309eb470358bf06c1190b4f8 * detect os in browser and show proper download link (#4173) * billing: admin can see past due subscriptions * passwords with umlauts work when logging in after signing up with the * client (#4002) * blacklisting common system email addresses listed in RFC 2142 (#3602) * blacklisting all usernames on the server (#3602) * configurable blocking of logins in the configuration (#3602) * require aliases to be all lower-case * Only allow braintree one-off payments when unauthenticated, & call them 'donations'. (#3796) 
* detect os in browser and show proper download link (#4173)
* billing: admin can see past due subscriptions
* passwords with umlauts work when logging in after signing up with the
* client (#4002)
* blacklisting common system email addresses listed in RFC 2142 (#3602)
* blacklisting all usernames on the server (#3602)
* configurable blocking of logins in the configuration (#3602)
* require aliases to be all lower-case
* Only allow braintree one-off payments when unauthenticated, & call them 'donations'.
  (#3796)
Merge pull request #103 from azul/feature/configurable-download-urls 2013-10-18T08:02:34+00:00 azul azul@riseup.net 2013-10-18T08:02:34+00:00 8cb227a4e5e7b63e5e7d7d9af5a9162e0582e0cd Make download links configurable 
Make download links configurable
 Make download links configurable 2013-10-18T07:53:41+00:00 Azul azul@leap.se 2013-10-18T07:50:37+00:00 1384f6c43dde6a19f270416e34e39130a3d0a53d This way we won't have to redeploy once the new links to the windows and the android version are there. Also this obviously offers more flexibility for providers. 
This way we won't have to redeploy once the new links to the windows and the android version are there.

Also this obviously offers more flexibility for providers.
Merge pull request #98 from jessib/feature/billing-past-due-subscriptions 2013-10-18T07:18:03+00:00 azul azul@riseup.net 2013-10-18T07:18:03+00:00 221532448ba4c435427ad2b5b3eca729b352c354 Feature/billing past due subscriptions 
Feature/billing past due subscriptions
 Some cleanup of code to deal with past due subscriptions. 2013-10-17T20:58:54+00:00 jessib jessib@riseup.net 2013-10-17T20:58:54+00:00 92cb054d53aaac6864a6a805d9cdd3919f4a38bc 






Merge pull request #102 from azul/feature/3602-email-blacklist
2013-10-17T17:51:47+00:00

jessib
jessib@riseup.net

2013-10-17T17:51:47+00:00

bf3b59e6807c8e4789b97232c7416093b07cccdf

blacklist system logins for aliases and logins




blacklist system logins for aliases and logins






Merge pull request #101 from azul/bugfix/4002-utf8-encode-srp-password
2013-10-17T17:29:12+00:00

jessib
jessib@riseup.net

2013-10-17T17:29:12+00:00

4302dcbf6215b863fa5e5389d89c449da300bd47

use latest version of srp_js to fix #4002




use latest version of srp_js to fix #4002






Merge pull request #100 from azul/feature/os-detection
2013-10-17T16:58:22+00:00

jessib
jessib@riseup.net

2013-10-17T16:58:22+00:00

586d0cc7e49a416601b971f9aad2c8a9486332f6

remove leftover from testing os specific sections




remove leftover from testing os specific sections






blacklist system logins for aliases and logins
2013-10-17T10:05:26+00:00

Azul
azul@leap.se

2013-10-17T10:05:26+00:00

9f4b1bcf315f09fd6d302ad187281ec4ed443f04

We blacklist based on three things:
* blacklist in APP_CONFIG[:handle_blacklist]
* emails in RFC 2142
* usernames in /etc/passwd

The latter two can be allowed by explicitly whitelisting them in APP_CONFIG[:handle_whitelist].

We stick to blocking names that have been configured as both blacklisted and whitelisted - better be save than sorry.





We blacklist based on three things:
* blacklist in APP_CONFIG[:handle_blacklist]
* emails in RFC 2142
* usernames in /etc/passwd

The latter two can be allowed by explicitly whitelisting them in APP_CONFIG[:handle_whitelist].

We stick to blocking names that have been configured as both blacklisted and whitelisted - better be save than sorry.







use latest version of srp_js to fix #4002
2013-10-17T08:13:44+00:00

Azul
azul@leap.se

2013-10-17T08:13:44+00:00

155c2d25395a02916543131348a703cd13573d4c

We were not encoding the srp password properly before. So umlauts in the password would cause the login procedure to fail.





We were not encoding the srp password properly before. So umlauts in the password would cause the login procedure to fail.