leap_web.git/lib/leap_web, branch 0.5.3 [leap_web] Version 0.5.3 2014-07-01T07:21:25+00:00 Azul azul@leap.se 2014-07-01T07:21:25+00:00 470bc1e35f22c1fe5813a1754e52b3fbc2bb951b This release enables using custom gems in the leap platform customization. It also fixes cornercases during the account creation and documents debugging in production. * android app now supports signup, so change text that said otherwise. * added debugging note to DEVELOP.md * Account.create - do a User.new instead of User.create, so that we can report the errors on the object if not saved. Pull request #172 from elijh/feature/customgem * Gemfile: fix problem when config is missing environments * support for optional gems in Gemfile (engines/ and * config/customization/gems/) Pull request #171 from elijh/feature/identityfail * if identity fails to be created, destroy the user. also, pass through identity errors to user and add identity class hook. 
This release enables using custom gems in the leap platform
customization. It also fixes cornercases during the account creation and
documents debugging in production.

 * android app now supports signup, so change text that said otherwise.
 * added debugging note to DEVELOP.md
 * Account.create - do a User.new instead of User.create, so that we can
   report the errors on the object if not saved.

Pull request #172 from elijh/feature/customgem
 * Gemfile: fix problem when config is missing environments
 * support for optional gems in Gemfile (engines/ and
 * config/customization/gems/)

Pull request #171 from elijh/feature/identityfail
 * if identity fails to be created, destroy the user. also, pass through
   identity errors to user and add identity class hook.
Version 0.5.2 2014-06-09T08:16:22+00:00 Azul azul@leap.se 2014-06-09T08:16:22+00:00 9fa52ed80d71ec56ed5acf18dfd63bd03b201cc5 Hotfix since 0.5.2 release candiate: * tickets: fix bug that allow index of other users Pull request #167 from azul/feature/i18n-for-ticket-system: * fix flash for creating anonymous tickets * adopt tests to new translations * destroy_btn helper method * move users key into layouts scope so it does not conflict with users scope * add btn helper for link_to with .btn * remove icon_color variable - yagni * sorting translation keys some * navigation works with empty locale selected * tickets: structure i18n * flash_for with_errors option displays error messages * remove unused bold helper and instead sanitize flash * Controller#flash_for instead of FlashResponder * split up and refactor TicketController#update * separate tests for the ticket list from main controller test * splitting up long functional test case * move comment related tests out of TicketControllerTest * use i18n.missing_translations Pull request #168 from azul/bugfix/fix-login-validations: * clearify identity validations * ensure User#reload returns self * hand on errors from Email to Identity to User * catch corner cases of account creation * adopt tests to new error messages for identities * allow changing the user_id on an identity * ensure identity is cleared on user.reload - fixes test * use Identity for testing login availability Pull request #163 from azul/feature/3398-save-hashed-token * hash token with sha512 against timing attacs #3398 Pull request #165 from azul/feature/cert-fingerprints * change from GET to POST for certs * store fingerprints with timestamp * store cert fingerprint with main user identity * SmtpCertsController, routes and tests * fix Email so User.new.valid? does not crash * basic integration test for cert API * calculate cert fingerprints to store for leap_mx Pull request #166 from elijh/feature/footer * better detection if price link should be shown in the footer Pull request #162 from azul/feature/3295-custom-error-pages * little bit of documentation * i18n for error pages * custom error pages for 404 and 500 errors 
Hotfix since 0.5.2 release candiate:
 * tickets: fix bug that allow index of other users

Pull request #167 from azul/feature/i18n-for-ticket-system:
 * fix flash for creating anonymous tickets
 * adopt tests to new translations
 * destroy_btn helper method
 * move users key into layouts scope so it does not conflict with users
   scope
 * add btn helper for link_to with .btn
 * remove icon_color variable - yagni
 * sorting translation keys some
 * navigation works with empty locale selected
 * tickets: structure i18n
 * flash_for with_errors option displays error messages
 * remove unused bold helper and instead sanitize flash
 * Controller#flash_for instead of FlashResponder
 * split up and refactor TicketController#update
 * separate tests for the ticket list from main controller test
 * splitting up long functional test case
 * move comment related tests out of TicketControllerTest
 * use i18n.missing_translations

Pull request #168 from azul/bugfix/fix-login-validations:
 * clearify identity validations
 * ensure User#reload returns self
 * hand on errors from Email to Identity to User
 * catch corner cases of account creation
 * adopt tests to new error messages for identities
 * allow changing the user_id on an identity
 * ensure identity is cleared on user.reload - fixes test
 * use Identity for testing login availability

Pull request #163 from azul/feature/3398-save-hashed-token
 * hash token with sha512 against timing attacs #3398

Pull request #165 from azul/feature/cert-fingerprints
 * change from GET to POST for certs
 * store fingerprints with timestamp
 * store cert fingerprint with main user identity
 * SmtpCertsController, routes and tests
 * fix Email so User.new.valid? does not crash
 * basic integration test for cert API
 * calculate cert fingerprints to store for leap_mx

Pull request #166 from elijh/feature/footer
 * better detection if price link should be shown in the footer

Pull request #162 from azul/feature/3295-custom-error-pages
 * little bit of documentation
 * i18n for error pages
 * custom error pages for 404 and 500 errors
Version 0.5.1 2014-05-16T06:48:33+00:00 Azul azul@leap.se 2014-05-16T06:48:33+00:00 c8ff161f60824daa0e8b0ac33694c9be01932207 Changes since 0.5.0 * Message API * Payment reminder messages * Messages to Warn after expiring trial period * cleanup and refactoring of messages code * require token authentication for API * rename security related functions to be clear * nagios test for webapp login * nagios test for soledad sync * prevent crash when destroying tokens (#5382) * redirect home when logged in visits /signup (#5446) * large refactoring of engine and directory layout * move users engine into main * move certs engine into main * update documentation for new engine layout * move remaining engines into engines directory * rename help engine to support * refactor nagios tests with support classes * nagios test for registering new users * enable nagios tests to work with older versions of requests lib * API endpoint for requesting the current service_level * null pattern refactoring for current_user as UnauthenticatedUser * rename UnauthenticatedUser to AnonymousUser * change service level configuration strategy * bringing back empty cert prefixes * adopt service_level config to platform settings * add signup and login info on the forms * cleanup homepage * unify wording for destroying accounts * recover from invalid tickets (#5552) * remove cert link in development * display notice that client signup is prefered (#5549) * capitalize Loading... indicator (#5542) * use simple_form for all forms * ensure buttons are properly loading and reset * open close toggle in ticket header * translate signup and login buttons * basic password validation (#5557) * reduce client_side_validations dependency (to be removed) * simplify download button * remove OS specific download buttons * adopt pricing view to current service_level format * upgrade debugger to work with latest ruby 1.9.3 patch release * hide srp forms when js is disabled (#5548) * allow for usernames with dots * fix ticket form submission and validation (#5657) * stop email autofil for ticket forms (#5664) * User#email returns email addresses only if service provided * move User Control Panel heading out of masthead (#5658) * open/close toggle and fields in different forms (#5659) * upgrade rails to 3.2.18 for security fixes 
Changes since 0.5.0

* Message API
* Payment reminder messages
* Messages to Warn after expiring trial period
* cleanup and refactoring of messages code
* require token authentication for API
* rename security related functions to be clear
* nagios test for webapp login
* nagios test for soledad sync
* prevent crash when destroying tokens (#5382)
* redirect home when logged in visits /signup (#5446)
* large refactoring of engine and directory layout
* move users engine into main
* move certs engine into main
* update documentation for new engine layout
* move remaining engines into engines directory
* rename help engine to support
* refactor nagios tests with support classes
* nagios test for registering new users
* enable nagios tests to work with older versions of requests lib
* API endpoint for requesting the current service_level
* null pattern refactoring for current_user as UnauthenticatedUser
* rename UnauthenticatedUser to AnonymousUser
* change service level configuration strategy
* bringing back empty cert prefixes
* adopt service_level config to platform settings
* add signup and login info on the forms
* cleanup homepage
* unify wording for destroying accounts
* recover from invalid tickets (#5552)
* remove cert link in development
* display notice that client signup is prefered (#5549)
* capitalize Loading... indicator (#5542)
* use simple_form for all forms
* ensure buttons are properly loading and reset
* open close toggle in ticket header
* translate signup and login buttons
* basic password validation (#5557)
* reduce client_side_validations dependency (to be removed)
* simplify download button
* remove OS specific download buttons
* adopt pricing view to current service_level format
* upgrade debugger to work with latest ruby 1.9.3 patch release
* hide srp forms when js is disabled (#5548)
* allow for usernames with dots
* fix ticket form submission and validation (#5657)
* stop email autofil for ticket forms (#5664)
* User#email returns email addresses only if service provided
* move User Control Panel heading out of masthead (#5658)
* open/close toggle and fields in different forms (#5659)
* upgrade rails to 3.2.18 for security fixes
Version 0.5.0 2014-02-08T15:56:19+00:00 Azul azul@leap.se 2014-02-08T15:36:38+00:00 38474e94e3bfaeb40fb87bf2a9b8b1fbe546bc05 Changes since 0.5.0-rc: * locale prefix support * download client from user page * hotfix to make webapp work with rack again * ensure permissions are preserved when copying customization files. (#4623) * Return 'provider.json' via a controller, to better be able to control the response headers * document new way we deploy couch design docs * remove outdated views that cause errors * only emit pgp keys if they are actually set * ensure auto_update_design_docs is false * switch to using dl.bitmask.net * remove manual 'gem minitest' * default pricing, privacy policy and tos pages * default footer with links to privacy policy, tos, pricing, about us, contact * upgraded bootstrap to latest in 2.x series * move #masthead out of main templates * customizable 'bye' page for when a user leaves * fix js platform detection * applied mcnair's changes to privacy policy * untracked files in deploy are in gitignore - #4953 * gitkeep empty folders for config/provider and config/customizations * integration test with en-EN language * ensure record removal after tests * log failing integration tests with screenshot and serverlog * stop taking screenshots inside tests 
Changes since 0.5.0-rc:
* locale prefix support
* download client from user page
* hotfix to make webapp work with rack again
* ensure permissions are preserved when copying customization files. (#4623)
* Return 'provider.json' via a controller, to better be able to control the response headers
* document new way we deploy couch design docs
* remove outdated views that cause errors
* only emit pgp keys if they are actually set
* ensure auto_update_design_docs is false
* switch to using dl.bitmask.net
* remove manual 'gem minitest'
* default pricing, privacy policy and tos pages
* default footer with links to privacy policy, tos, pricing, about us, contact
* upgraded bootstrap to latest in 2.x series
* move #masthead out of main templates
* customizable 'bye' page for when a user leaves
* fix js platform detection
* applied mcnair's changes to privacy policy
* untracked files in deploy are in gitignore - #4953
* gitkeep empty folders for config/provider and config/customizations
* integration test with en-EN language
* ensure record removal after tests
* log failing integration tests with screenshot and serverlog
* stop taking screenshots inside tests
Version 0.5.0.rc 2013-12-20T20:00:24+00:00 Azul azul@leap.se 2013-12-20T20:00:20+00:00 741f82253d0c88ab68213f605f44f5f27dff3e55 Release candidate for the first syncronised leap release 0.5.0. * do not allow to clear pgp key * simple format validation for pgp keys * respond to /keys/:login with text * service levels introduced to the configuration * more robust session store * render landing page and basic forms without connection to couch * configurable set of actions for users and admins * refactoring: remove overview controller - use Users#show instead * prevent /login from crashing when logged in already * remove actions from ui that currently break the client * format ticket comments properly * enable billing engine by default * consolidate APP_CONFIG[:billing] * fix a regression where overview link was not active anymore 
Release candidate for the first syncronised leap release 0.5.0.

* do not allow to clear pgp key
* simple format validation for pgp keys
* respond to /keys/:login with text
* service levels introduced to the configuration
* more robust session store
* render landing page and basic forms without connection to couch
* configurable set of actions for users and admins
* refactoring: remove overview controller - use Users#show instead
* prevent /login from crashing when logged in already
* remove actions from ui that currently break the client
* format ticket comments properly
* enable billing engine by default
* consolidate APP_CONFIG[:billing]
* fix a regression where overview link was not active anymore
Version 0.2.8 2013-12-06T14:04:54+00:00 Azul azul@leap.se 2013-12-06T14:04:54+00:00 015ad90c98c55a078fdfe723d470ad732e807737 * Return public key on /key/:login * rake tasks clean up expired tokens and sessions (#4568) * rake task to dump design docs to files * add dump_design_docs to CouchRest::Model::Utils:Migrate * rename ticket title to subject 
* Return public key on /key/:login
* rake tasks clean up expired tokens and sessions (#4568)
* rake task to dump design docs to files
* add dump_design_docs to CouchRest::Model::Utils:Migrate
* rename ticket title to subject
Version 0.2.8 - release candidate 2013-12-02T14:48:13+00:00 Azul azul@leap.se 2013-12-02T14:23:40+00:00 b75f8781bb55557f13a9a4ae48fc45e5d6f1ee86 * Return public key on /key/:login * rake tasks clean up expired tokens and sessions (#4568) * rake task to dump design docs to files * add dump_design_docs to CouchRest::Model::Utils:Migrate * rename ticket title to subject 
* Return public key on /key/:login
* rake tasks clean up expired tokens and sessions (#4568)
* rake task to dump design docs to files
* add dump_design_docs to CouchRest::Model::Utils:Migrate
* rename ticket title to subject
Version 0.2.7 2013-11-15T11:00:31+00:00 Azul azul@leap.se 2013-11-15T11:00:31+00:00 6c6c3d01233cb095b3855bbdf1c33dbb90267771 * ensure that we only copy files for customization when restarting the app (#1300) not every time a rake task is run (especially since some rake tasks get run as root!) * improvements to the download button (proper localization, better image, better hooks for customization) * added support for easier customizations via "config/customization" directory (#1300) * log json request errors and their backtraces * show Ticket with the appropriate error messages. (*4453) * update readme to require ruby 1.9.3 instead of 1.8 * Token.destroy_all_expired to cleanup expired tokens (#4411) * use the account lifecycle from UsersController#destroy (#4216) * destroy all tickets created by a user when account is destroyed (#4216) * integration test for blocking handles after account destroyed (#4216) * disable identities to block handles after a user was deleted (#4216) * notify user their account was successfully deleted (#4216) * Fix button to enable account (#4246) 
* ensure that we only copy files for customization when restarting the app (#1300)
  not every time a rake task is run (especially since some rake tasks get run
  as root!)
* improvements to the download button
  (proper localization, better image, better hooks for customization)
* added support for easier customizations via "config/customization" directory (#1300)
* log json request errors and their backtraces
* show Ticket with the appropriate error messages. (*4453)
* update readme to require ruby 1.9.3 instead of 1.8
* Token.destroy_all_expired to cleanup expired tokens (#4411)
* use the account lifecycle from UsersController#destroy (#4216)
* destroy all tickets created by a user when account is destroyed (#4216)
* integration test for blocking handles after account destroyed (#4216)
* disable identities to block handles after a user was deleted (#4216)
* notify user their account was successfully deleted (#4216)
* Fix button to enable account (#4246)
Version 0.2.6 2013-11-04T11:20:13+00:00 Azul azul@leap.se 2013-11-04T11:20:07+00:00 7e93258f552d6fd1114626561e6393aa483228fe * reset button state from 'loading...' after failed login attempt (#4231) * use https sources in Gemfiles and documentation(#4109) * include Gemfile.lock to prevent unintended updates (#4174) * fixed download urls to get latest versions for mac, android and windows * test api login with umlauts in password 
* reset button state from 'loading...' after failed login attempt
  (#4231)
* use https sources in Gemfiles and documentation(#4109)
* include Gemfile.lock to prevent unintended updates (#4174)
* fixed download urls to get latest versions for mac, android and
  windows
* test api login with umlauts in password
Version 0.2.5 2013-10-18T08:24:06+00:00 Azul azul@leap.se 2013-10-18T08:24:02+00:00 ed3b83e31a16732f309eb470358bf06c1190b4f8 * detect os in browser and show proper download link (#4173) * billing: admin can see past due subscriptions * passwords with umlauts work when logging in after signing up with the * client (#4002) * blacklisting common system email addresses listed in RFC 2142 (#3602) * blacklisting all usernames on the server (#3602) * configurable blocking of logins in the configuration (#3602) * require aliases to be all lower-case * Only allow braintree one-off payments when unauthenticated, & call them 'donations'. (#3796) 
* detect os in browser and show proper download link (#4173)
* billing: admin can see past due subscriptions
* passwords with umlauts work when logging in after signing up with the
* client (#4002)
* blacklisting common system email addresses listed in RFC 2142 (#3602)
* blacklisting all usernames on the server (#3602)
* configurable blocking of logins in the configuration (#3602)
* require aliases to be all lower-case
* Only allow braintree one-off payments when unauthenticated, & call them 'donations'.
  (#3796)