leap_web.git/app/controllers/api, branch master [leap_web] keys: store type and rev in hash rather than serialized 2018-01-31T12:32:50+00:00 Azul azul@riseup.net 2018-01-31T11:27:55+00:00 a55cc3653de22d868ade5303918280a38e8e9fe8 Since the old keys used to be strings i started out by json serializing the new keys with type, value, rev. However storing serialized json in couch (json) does not really make sense. So now we do not serialize but instead have one json document. The lookup for a key of type pgp may still return a string but for everything that uses the new api it will return a hash with type and revision. This data structure is way easier to handle also on the nickserver side. 
Since the old keys used to be strings i started out by
json serializing the new keys with type, value, rev.

However storing serialized json in couch (json) does
not really make sense. So now we do not serialize but
instead have one json document. The lookup for a key of
type pgp may still return a string but for everything
that uses the new api it will return a hash with type
and revision.

This data structure is way easier to handle also on the
nickserver side.
API: implement deleting keys through new keys api 2018-01-19T13:11:24+00:00 Azul azul@riseup.net 2018-01-19T13:11:24+00:00 54653f75cf44890310a06c3a8a6be59625629d2a 






(WIP) first steps towards implementing keys API
2018-01-18T15:43:23+00:00

Azul
azul@riseup.net

2018-01-15T17:21:44+00:00

b8ba4f27a82868e0b3338b4af761f7c44226e729












fix: respond with error on invalid pgp key
2017-11-16T12:18:55+00:00

Azul
azul@riseup.net

2017-11-16T12:18:55+00:00

1ce9a3355ee59181df0359ebb455efa9ef323bb6

We used to just ignore the key.
Also separated the code for handling key updates from other
user updates. This should eventually be moved to a different
route. Mixing the two makes the implementation really hard.





We used to just ignore the key.
Also separated the code for handling key updates from other
user updates. This should eventually be moved to a different
route. Mixing the two makes the implementation really hard.







Merge branch '8800-hand-out-configs-json-without-authentication' into 'master'
2017-11-08T06:58:09+00:00

azul
azul@riseup.net

2017-11-08T06:58:09+00:00

e7dfe732599df8df4299c60d14f7c1e3e112b27d

feat: allow unauthenticated access to list of configs

Closes #8800

See merge request leap/webapp!45




feat: allow unauthenticated access to list of configs

Closes #8800

See merge request leap/webapp!45






fix: sanity checks on user params
2017-10-24T11:33:03+00:00

Azul
azul@riseup.net

2017-09-17T07:54:55+00:00

325bccc1649c928d512ce7c7b11e14566a8c9eeb

fixes #8801

Includes a test reproducing 500 on lynx

We now make use of ActionController::Parameters require and permit
methods.





fixes #8801

Includes a test reproducing 500 on lynx

We now make use of ActionController::Parameters require and permit
methods.







feat: allow unauthenticated access to list of configs
2017-09-11T12:55:14+00:00

Azul
azul@riseup.net

2017-09-11T12:55:14+00:00

ef91e8fe1fb5c1cf8f2f84fd25ef2b115f0ec8c8

This should simplify client code significantly according to
platform#8849





This should simplify client code significantly according to
platform#8849







fix: set token in forms correctly
2017-04-20T13:59:18+00:00

Azul
azul@riseup.net

2017-04-20T13:59:18+00:00

653f92e6ac5c0b61e8113665735d929426deb714

We now use the hash of the token for comparison and as the id.
In order to use it you need the original token though. So forms and
thus the session should have token.to_s rather than token.id.





We now use the hash of the token for comparison and as the id.
In order to use it you need the original token though. So forms and
thus the session should have token.to_s rather than token.id.







respond_to on a per controller basis
2016-08-19T09:15:31+00:00

Azul
azul@riseup.net

2016-08-18T09:00:16+00:00

fbad882075e745ab7afbe5f89c67544fb3c607c3

If you inherit respond to and call it again in your controller
it will not overwrite the previous but add to it.

Since we always have some exceptions from the rules it's probably
easiest to be explicit in the controllers that require it themselves.





If you inherit respond to and call it again in your controller
it will not overwrite the previous but add to it.

Since we always have some exceptions from the rules it's probably
easiest to be explicit in the controllers that require it themselves.







[feature] restrict is_admin in the user api, to only allow querying
2016-07-14T13:45:09+00:00

NavaL
ayoyo@thoughtworks.com

2016-07-14T13:06:20+00:00

ab1917c5fe0f03e7719863a5598ad575d9fef302

for him/herself

So that it we do not expose the is_admin property to anyone else
including other admins.





for him/herself

So that it we do not expose the is_admin property to anyone else
including other admins.