leap_web.git/test/integration, branch feat/drop-signup [leap_web] feat: remove signup link from landing page 2017-08-04T09:06:20+00:00 Azul azul@riseup.net 2017-08-04T09:06:20+00:00 36ef16fb01865552e3fcc14c81819cbbead49169 We are deprecating webapp based signup. It leads to an inconsistent state for mail providers and offers no useful interactions for vpn providers either. Instead of trying to deal with the halve way signup through the webapp we require signup through bitmask app which can also create the pgp keys for email and download and use the cert for vpn. In addition this reduces the attack surface for js injection, phishing and other browser based attacks. For now we still keep the signup form in case providers link to it directly. We also keep all the tests based on it. Cleanup will happen right after 0.10.0 release. 
We are deprecating webapp based signup. It leads to an
inconsistent state for mail providers and offers no useful
interactions for vpn providers either.

Instead of trying to deal with the halve way signup through
the webapp we require signup through bitmask app which can
also create the pgp keys for email and download and use the
cert for vpn.

In addition this reduces the attack surface for js injection,
phishing and other browser based attacks.

For now we still keep the signup form in case providers link
to it directly. We also keep all the tests based on it. Cleanup
will happen right after 0.10.0 release.
fix: set token in forms correctly 2017-04-20T13:59:18+00:00 Azul azul@riseup.net 2017-04-20T13:59:18+00:00 653f92e6ac5c0b61e8113665735d929426deb714 We now use the hash of the token for comparison and as the id. In order to use it you need the original token though. So forms and thus the session should have token.to_s rather than token.id. 
We now use the hash of the token for comparison and as the id.
In order to use it you need the original token though. So forms and
thus the session should have token.to_s rather than token.id.
feature: delete user clearing username 2017-04-03T08:43:42+00:00 Azul azul@riseup.net 2017-04-03T08:43:42+00:00 e9bdd2aa5a0662a9fc6d5ce730e26cfd560210ba 






upgrade: simple_form to bootstrap 3
2017-03-27T08:39:26+00:00

Azul
azul@riseup.net

2017-03-24T11:08:50+00:00

b1b523f08a9ce7ea5fe0d50dc8b86995e00b48d6

* reran the simple form initializer.
* wrapped submit buttons are now broken and need a fix.
* disabled confirmation validation in client side validations as the
  error message always is attached to the wrong field.





* reran the simple form initializer.
* wrapped submit buttons are now broken and need a fix.
* disabled confirmation validation in client side validations as the
  error message always is attached to the wrong field.







bugfix: handle couch 404s
2017-03-23T08:49:17+00:00

Azul
azul@riseup.net

2016-11-21T15:14:38+00:00

1e672227a23afbb9f319a0aefa0b0ca3495fa1c6

our special error handler for json requests would turn all exceptions
into 500s - removed it. now the rescue_responses can do their thing
again.





our special error handler for json requests would turn all exceptions
into 500s - removed it. now the rescue_responses can do their thing
again.







fix: 404 for missing pages template - fixes #9
2017-03-20T10:16:21+00:00

Azul
azul@riseup.net

2017-03-20T10:16:21+00:00

a741152e33f6a681113818418ad0f898f2d04697












test: 404 response for missing key
2017-03-20T10:04:44+00:00

Azul
azul@riseup.net

2017-03-20T10:00:28+00:00

32b07d8c98719f3c52a3c5315da1f61c6e35cbd6

enable testing error responses on the full rack stack.





enable testing error responses on the full rack stack.







bugfix: format: html for home roots
2017-03-20T08:01:14+00:00

Azul
azul@riseup.net

2017-03-17T15:33:32+00:00

74eb83587dd9c2e566e053cc0d33bb7aff517f01

That's the only thing the controller handles meaningful.
Before the route would also catch anything that started with a . interpreting
it as a format string. This lead to lots of false positives in our security
scanner.





That's the only thing the controller handles meaningful.
Before the route would also catch anything that started with a . interpreting
it as a format string. This lead to lots of false positives in our security
scanner.







Adds recovery code to user account
2017-03-10T14:28:39+00:00

Thais Siqueira
thais.siqueira@gmail.com

2017-03-10T14:28:39+00:00

417818997fca057635793cdf60a3e1bfa6716e35

Related with https://github.com/pixelated/pixelated-user-agent/issues/924
With @aarni





Related with https://github.com/pixelated/pixelated-user-agent/issues/924
With @aarni







respond_to on a per controller basis
2016-08-19T09:15:31+00:00

Azul
azul@riseup.net

2016-08-18T09:00:16+00:00

fbad882075e745ab7afbe5f89c67544fb3c607c3

If you inherit respond to and call it again in your controller
it will not overwrite the previous but add to it.

Since we always have some exceptions from the rules it's probably
easiest to be explicit in the controllers that require it themselves.





If you inherit respond to and call it again in your controller
it will not overwrite the previous but add to it.

Since we always have some exceptions from the rules it's probably
easiest to be explicit in the controllers that require it themselves.