leap_web.git/app/models, branch version/0.8

allow monitor auth to create users even if invites are normally required.

2016-04-11T21:10:38+00:00

api: added get(:show) to identities and users, allow monitors to create/delete test & tmp users.

2016-03-28T23:03:54+00:00

api: added allow ability to limit what IPs can access api using a static configured auth token.

2016-03-28T23:03:54+00:00

api tokens - clarify terms: "monitors" are admins that authenticated via api token, "tmp" users are users that exist only in tmp db, "test" users are either tmp users or users named "test_user_x"

2016-03-28T23:03:54+00:00

api tokens: allow for special api tokens that work like session tokens but are configured in the static config, to be used for infrastructure monitoring.

2016-03-28T23:03:54+00:00

Handle conflict on token cleanup - fixes #7670

2016-03-19T13:59:54+00:00

the only race condition I can think of here is this...

    somebody tries to authenticate with a token that is almost expired.
    auth checks and notices it is not expired yet so starts to prolonge it.
    Before the polonged token is written to the db the cleanup script discovers that it has just expired.
    prolonged token is written to the db
    cleanup script fails to delete it from the db as it has been updated.

So what we want in this case is to keep the token alive as it was renewed in the last minute.

allow user accounts to be re-enabled, and for associated identities to also get re-enabled.

2016-02-10T18:56:57+00:00

remove cert fingerprints for disabled users, so that they cannot send email anymore. closes #7690

2016-01-31T23:10:10+00:00

added UI for invite codes

2016-01-15T00:14:39+00:00

Merge branch 'remove_couponcode' of https://github.com/Alster-Hamburgers/leap_web into remove_couponcode

2016-01-10T21:48:03+00:00

# Conflicts:
#	lib/tasks/invite_code.rake