diff options
author | Azul <azul@riseup.net> | 2017-08-04 11:06:20 +0200 |
---|---|---|
committer | Azul <azul@riseup.net> | 2017-08-04 11:06:20 +0200 |
commit | 36ef16fb01865552e3fcc14c81819cbbead49169 (patch) | |
tree | e9b2091b1c9933192648038893d08163294abf96 | |
parent | 38ce3a14652aca9b3b8d8ad42f9968cfbcc44478 (diff) |
feat: remove signup link from landing pagefeat/drop-signup
We are deprecating webapp based signup. It leads to an
inconsistent state for mail providers and offers no useful
interactions for vpn providers either.
Instead of trying to deal with the halve way signup through
the webapp we require signup through bitmask app which can
also create the pgp keys for email and download and use the
cert for vpn.
In addition this reduces the attack surface for js injection,
phishing and other browser based attacks.
For now we still keep the signup form in case providers link
to it directly. We also keep all the tests based on it. Cleanup
will happen right after 0.10.0 release.
-rw-r--r-- | app/views/common/_action_buttons.html.haml | 14 | ||||
-rw-r--r-- | app/views/common/_download_button.html.haml | 8 | ||||
-rw-r--r-- | app/views/common/_home_page_buttons.html.haml | 19 | ||||
-rw-r--r-- | config/locales/en/home.en.yml | 4 | ||||
-rw-r--r-- | test/integration/browser/account_livecycle_test.rb.orig | 153 |
5 files changed, 15 insertions, 183 deletions
diff --git a/app/views/common/_action_buttons.html.haml b/app/views/common/_action_buttons.html.haml deleted file mode 100644 index eb663c0..0000000 --- a/app/views/common/_action_buttons.html.haml +++ /dev/null @@ -1,14 +0,0 @@ -.home-buttons - .row.second - .login.col-md-4 - %span.link= btn icon('ok-sign') + t(:login), login_path - %span.info= t(:login_info, default: "") - - if APP_CONFIG[:allow_registration] - .signup.col-md-4 - %span.link= btn icon('user') + t(:signup), signup_path - %span.info= t(:signup_info, default: "") - - else - .signup.col-md-4 - .help.col-md-4 - %span.link= btn icon('question-sign') + t(:get_help), new_ticket_path - %span.info= t(:support_info, default: "") diff --git a/app/views/common/_download_button.html.haml b/app/views/common/_download_button.html.haml deleted file mode 100644 index 1278230..0000000 --- a/app/views/common/_download_button.html.haml +++ /dev/null @@ -1,8 +0,0 @@ -.home-buttons - .row.first - .col-md-2 - .download.col-md-8 - = btn client_download_url, type: [:large, :primary] do - = big_icon('download') - = t(:download_bitmask) - .col-md-2 diff --git a/app/views/common/_home_page_buttons.html.haml b/app/views/common/_home_page_buttons.html.haml index cfe3734..33cf796 100644 --- a/app/views/common/_home_page_buttons.html.haml +++ b/app/views/common/_home_page_buttons.html.haml @@ -1,6 +1,13 @@ -= render 'common/download_button' -- if local_assigns[:divider] - .row - .col-md-12 - = render local_assigns[:divider] -= render 'common/action_buttons' +.home-buttons + .row.first + .login.col-md-4 + %span.link= btn icon('ok-sign') + t(:login), login_path + %span.info= t(:login_info, default: "") + .download.col-md-4 + = btn client_download_url, type: [:large, :primary] do + = big_icon('download') + = t(:download_bitmask) + %span.info= t(:signup_info, default: "") + .help.col-md-4 + %span.link= btn icon('question-sign') + t(:get_help), new_ticket_path + %span.info= t(:support_info, default: "") diff --git a/config/locales/en/home.en.yml b/config/locales/en/home.en.yml index c77dc3f..6017509 100644 --- a/config/locales/en/home.en.yml +++ b/config/locales/en/home.en.yml @@ -5,6 +5,6 @@ en: download_bitmask: "Download Bitmask" login_info: "Log in to change your account settings, create support tickets, and manage payments." - signup_info: "Create a new user account. For higher security, we recommend you create your account via the Bitmask application instead." + signup_info: "Create a new user account via the Bitmask application and use it to access our services." support_info: "Can't login? Create a new support ticket anonymously." - get_help: "Get Help"
\ No newline at end of file + get_help: "Get Help" diff --git a/test/integration/browser/account_livecycle_test.rb.orig b/test/integration/browser/account_livecycle_test.rb.orig deleted file mode 100644 index d1f800b..0000000 --- a/test/integration/browser/account_livecycle_test.rb.orig +++ /dev/null @@ -1,153 +0,0 @@ -require 'test_helper' - -class AccountLivecycleTest < BrowserIntegrationTest - - teardown do - Identity.destroy_all_orphaned - end - - test "signup successfully when invited" do - username, password = submit_signup - assert page.has_content?("Welcome #{username}") - click_on 'Log Out' - assert page.has_content?("Log In") - assert_equal '/', current_path - assert user = User.find_by_login(username) - user.account.destroy - end - - test "signup successfully without invitation" do - with_config invite_required: false do - - username ||= "test_#{SecureRandom.urlsafe_base64}".downcase - password ||= SecureRandom.base64 - - visit '/users/new' - fill_in 'Username', with: username - fill_in 'Password', with: password - fill_in 'Password confirmation', with: password - click_on 'Sign Up' - - assert page.has_content?("Welcome #{username}") - end - end - - test "signup with username ending in dot json" do - username = Faker::Internet.user_name + '.json' - submit_signup username - assert page.has_content?("Welcome #{username}") - end - - test "signup with reserved username" do - username = 'certmaster' - submit_signup username - assert page.has_content?("is reserved.") - end - - test "successful login" do - username, password = submit_signup - click_on 'Log Out' - attempt_login(username, password) - assert page.has_content?("Welcome #{username}") - within('.sidenav li.active') do - assert page.has_content?("Overview") - end - User.find_by_login(username).account.destroy - end - - test "failed login" do - visit '/' - attempt_login("username", "wrong password") - assert_invalid_login(page) - end - - test "account destruction" do - username, password = submit_signup - - click_on I18n.t('account_settings') - click_on I18n.t('destroy_my_account') - assert page.has_content?(I18n.t('account_destroyed')) - assert_equal 1, Identity.by_address.key("#{username}@test.me").count - attempt_login(username, password) - assert_invalid_login(page) - end - - test "handle blocked after account destruction" do - username, password = submit_signup - click_on I18n.t('account_settings') - click_on I18n.t('destroy_my_account') - submit_signup(username) - assert page.has_content?('has already been taken') - end - - test "change pgp key" do - with_config user_actions: ['change_pgp_key'] do - pgp_key = FactoryGirl.build :pgp_key - login - click_on "Account Settings" - within('#update_pgp_key') do - fill_in 'Public key', with: pgp_key - click_on 'Save' - end - page.assert_selector 'input[value="Saving..."]' - # at some point we're done: - page.assert_no_selector 'input[value="Saving..."]' - assert page.has_field? 'Public key', with: pgp_key.to_s - @user.reload - assert_equal pgp_key, @user.public_key - end - end - -<<<<<<< HEAD:test/integration/browser/account_livecycle_test.rb -======= - - # trying to seed an invalid A for srp login - test "detects attempt to circumvent SRP" do - InviteCodeValidator.any_instance.stubs(:validate) - - user = FactoryGirl.create :user - visit '/login' - fill_in 'Username', with: user.login - fill_in 'Password', with: "password" - inject_malicious_js - click_on 'Log In' - assert page.has_content?("Invalid random key") - assert page.has_no_content?("Welcome") - user.destroy - end - - test "reports internal server errors" do - Api::UsersController.any_instance.stubs(:create).raises - submit_signup - assert page.has_content?("server failed") - end - - test "does not render signup form without js" do - Capybara.current_driver = :rack_test # no js - visit '/signup' - assert page.has_no_content?("Username") - assert page.has_no_content?("Password") - end - - test "does not render login form without js" do - Capybara.current_driver = :rack_test # no js - visit '/login' - assert page.has_no_content?("Username") - assert page.has_no_content?("Password") - end - ->>>>>>> api: allow version bumping - bump to 2:test/integration/browser/account_test.rb - def attempt_login(username, password) - click_on 'Log In' - fill_in 'Username', with: username - fill_in 'Password', with: password - click_on 'Log In' - end - - def assert_invalid_login(page) - assert page.has_selector? '.btn-primary.disabled' - assert page.has_content? I18n.t(:invalid_user_pass) - assert page.has_no_selector? '.btn-primary.disabled' - end - -end |