leap_web.git/users/app/models, branch 0.2.7 [leap_web] Merge pull request #110 from azul/feature/cleanup-expired-tokens 2013-11-12T17:16:45+00:00 jessib jessib@riseup.net 2013-11-12T17:16:45+00:00 8295db1a8cf334ff8666e5ec29455c199c7ffc73 Feature/cleanup expired tokens 
Feature/cleanup expired tokens
 fix cornercase of non expiring tokens 2013-11-08T08:45:28+00:00 Azul azul@leap.se 2013-11-07T22:36:37+00:00 a7cd2ef0877e79302f27fb175384a0cf4ded52d9 






Token.destroy_all_expired to cleanup expired tokens (#4411)
2013-11-08T08:45:09+00:00

Azul
azul@leap.se

2013-11-07T22:27:27+00:00

e2c0962077cf759b23639276cca42606ea2135ec












destroy all tickets created by a user when account is destroyed
2013-11-06T10:30:33+00:00

Azul
azul@leap.se

2013-11-06T10:26:46+00:00

24598b5c5e4df20c423ec74ea8e9df1592483c6b

In order to keep the users engine independent of the tickets engine i added a generic load hook to the account model. The tickets engine then monkeypatches the account destruction and destroys all tickets before the user is destroyed.

The tickets are destroyed first so that even if things break there should never be tickets with an outdated user id.

I would have prefered to use super over using an alias_method_chain but I have not been able to figure out a way to make account a superclass of the account extension and still refer to Account from the users engine.





In order to keep the users engine independent of the tickets engine i added a generic load hook to the account model. The tickets engine then monkeypatches the account destruction and destroys all tickets before the user is destroyed.

The tickets are destroyed first so that even if things break there should never be tickets with an outdated user id.

I would have prefered to use super over using an alias_method_chain but I have not been able to figure out a way to make account a superclass of the account extension and still refer to Account from the users engine.







Identity.destroy_all_disabled will clean up disabled identities
2013-11-05T16:03:55+00:00

Azul
azul@leap.se

2013-11-05T16:03:55+00:00

4a2490cc5eac1803be80fade65bbe9d32fa0bd9b

This is mostly for cleaning up after tests so far. But we might expand this to destroy all identities disabled before a certain date.





This is mostly for cleaning up after tests so far. But we might expand this to destroy all identities disabled before a certain date.







disabled identities to block handles after a user was deleted
2013-11-05T11:15:08+00:00

Azul
azul@leap.se

2013-11-05T11:12:13+00:00

99ecdbf71632970d4c83f99beea325e5d213e4c6












refactor: Identity.disable_all_for(user) on user destruction
2013-11-05T10:40:25+00:00

Azul
azul@leap.se

2013-11-05T10:40:25+00:00

b4ca13257341792f5e6496264c421af1888bcdb8

This way the identity model defines how identities should be disabled. We currently still destroy them. But it will be easy and nicely isolated to change this next.





This way the identity model defines how identities should be disabled. We currently still destroy them. But it will be easy and nicely isolated to change this next.







blacklist system logins for aliases and logins
2013-10-17T10:05:26+00:00

Azul
azul@leap.se

2013-10-17T10:05:26+00:00

9f4b1bcf315f09fd6d302ad187281ec4ed443f04

We blacklist based on three things:
* blacklist in APP_CONFIG[:handle_blacklist]
* emails in RFC 2142
* usernames in /etc/passwd

The latter two can be allowed by explicitly whitelisting them in APP_CONFIG[:handle_whitelist].

We stick to blocking names that have been configured as both blacklisted and whitelisted - better be save than sorry.





We blacklist based on three things:
* blacklist in APP_CONFIG[:handle_blacklist]
* emails in RFC 2142
* usernames in /etc/passwd

The latter two can be allowed by explicitly whitelisting them in APP_CONFIG[:handle_whitelist].

We stick to blocking names that have been configured as both blacklisted and whitelisted - better be save than sorry.







Since local part of email is case sensitive, want to allow remote email addresses with uppercase letters in local part.
2013-09-26T19:06:25+00:00

jessib
jessib@riseup.net

2013-09-26T19:06:25+00:00

af9d843d646cf500306de0ad20896c05ecaccd78












This ensures that email addresses contain only lowercase letters, and that an identity's destination is a valid Email.
2013-09-23T19:23:08+00:00

jessib
jessib@riseup.net

2013-09-23T19:23:08+00:00

a9c68ba0bbba7a95e9b4a3ff24554d1b0af6cbc5