15 files changed, 104 insertions, 58 deletions

diff --git a/.gitignore b/.gitignore
index f65233f..ae80164 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,6 +6,7 @@
 
 # Ignore bundler config
 /.bundle
+bin
 
 # Ignore the default SQLite database.
 /db/*.sqlite3
@@ -17,18 +18,23 @@
 /pkg
 /*/pkg
 /log
+.*.swp
 */Gemfile.lock
 test/dummy/log/*
 test/dummy/tmp/*
+
+# ignore all deploy specific configuration
 config/couchdb.yml
 public/assets/*
 public/ca.crt
 public/config/*
 public/provider.json
 config/config.yml
-bin
-.*.swp
 public/1/*
 vendor/bundle/*
 public/img
 config/couchdb.yml.*
+config/provider/*
+config/customization/*
+!config/provider/.gitkeep
+!config/customization/.gitkeep
diff --git a/.travis.yml b/.travis.yml
index 232467c..3bd8ba1 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -8,3 +8,5 @@ before_script:
   - "bundle exec rake couchrest:migrate_with_proxies"
   - "bundle exec rake couchrest:migrate_with_proxies"  # looks like this needs to run twice
   - "mv test/config/couchdb.yml.user config/couchdb.yml"
+after_script:
+  - "cat tmp/*.test*.log" # printing logs from the failed integration tests
diff --git a/Gemfile.lock b/Gemfile.lock
index e8a9831..0c7486f 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -8,21 +8,21 @@ GIT
 PATH
   remote: billing
   specs:
-    leap_web_billing (0.5.0.rc)
+    leap_web_billing (0.5.0)
       braintree
-      leap_web_core (= 0.5.0.rc)
+      leap_web_core (= 0.5.0)
 
 PATH
   remote: certs
   specs:
-    leap_web_certs (0.5.0.rc)
+    leap_web_certs (0.5.0)
       certificate_authority (>= 0.2.0)
-      leap_web_core (= 0.5.0.rc)
+      leap_web_core (= 0.5.0)
 
 PATH
   remote: core
   specs:
-    leap_web_core (0.5.0.rc)
+    leap_web_core (0.5.0)
       couchrest (~> 1.1.3)
       couchrest_model (~> 2.0.0)
       couchrest_session_store (~> 0.2.4)
@@ -32,14 +32,14 @@ PATH
 PATH
   remote: help
   specs:
-    leap_web_help (0.5.0.rc)
-      leap_web_core (= 0.5.0.rc)
+    leap_web_help (0.5.0)
+      leap_web_core (= 0.5.0)
 
 PATH
   remote: users
   specs:
-    leap_web_users (0.5.0.rc)
-      leap_web_core (= 0.5.0.rc)
+    leap_web_users (0.5.0)
+      leap_web_core (= 0.5.0)
       rails_warden
       ruby-srp (~> 0.2.1)
 
diff --git a/app/assets/stylesheets/leap.scss b/app/assets/stylesheets/leap.scss
index 120b978..4c0dfe3 100644
--- a/app/assets/stylesheets/leap.scss
+++ b/app/assets/stylesheets/leap.scss
@@ -55,21 +55,26 @@ html.android .os-android {
   display: inherit !important;
 }
 
-.os-linux32 {
+.os-linux {
   display: none !important;
 }
 
-html.linux32 .os-linux32 {
+html.linux .os-linux {
   display: inherit !important;
 }
 
-.os-linux64 {
-  display: none !important;
-}
-
-html.linux64 .os-linux64 {
-  display: inherit !important;
-}
+// .os-linux32 {
+//   display: none !important;
+// }
+// html.linux32 .os-linux32 {
+//   display: inherit !important;
+// }
+// .os-linux64 {
+//   display: none !important;
+// }
+// html.linux64 .os-linux64 {
+//   display: inherit !important;
+// }
 
 .os-windows {
   display: none !important;
diff --git a/app/views/pages/privacy-policy.en.md b/app/views/pages/privacy-policy.en.md
index 857bcd6..84cb270 100644
--- a/app/views/pages/privacy-policy.en.md
+++ b/app/views/pages/privacy-policy.en.md
@@ -16,9 +16,9 @@ This document is our Privacy Policy, which describes what information we collect
 
 **Help tickets:** The content of any help ticket you create or comment on while authenticated will be associated with your user account. You can choose to fill out a help ticket anonymously by creating a ticket while not logged in. We periodically delete old help tickets that are closed.
 
-**Session identifiers:** While currently logged in, either via the client application or the web application, we keep a temporary session identifier on your computer that your software uses to proves your authentication state. In the web browser, this consists of a session "cookie". In the client, this consists of a similar session token. In both cases, these are erased immediately after the user logs out or the session expires. We do not use any third party cookies or tracking of any kind.
+**Session identifiers:** While currently logged in, either via the client application or the web application, we keep a temporary session identifier on your computer that your software uses to prove your authentication state. In the web browser, this consists of a session "cookie". In the client, this consists of a similar session token. In both cases, these are erased immediately after the user logs out or the session expires. We do not use any third party cookies or tracking of any kind.
 
-**Email transit logs:** In order to detect when our servers are under attack from a "spam bomb" or when a spammer is using our system, we keep a log of the "from" or "to" information for every message relayed. These logs are quickly purged on a daily basis.
+**Email transit logs:** In order to detect when our servers are under attack from a "spam bomb" or when a spammer is using our system, we keep a log of the "from" or "to" information for every message relayed. These logs are purged on a daily basis.
 
 **Month of last log in**: We keep a record of the current calendar month and year of your last successful authentication (in order to be able to disable dormant accounts). We do not record the time or day of the last log in.
 
@@ -30,23 +30,23 @@ This document is our Privacy Policy, which describes what information we collect
 
 **Credentials for encrypted internet service**: If you use the encrypted internet service, your client presents our servers with a certificate to confirm you are a valid user before a connection is established. These certificates regularly expire, and the user must log in every month or two in order to obtain a new certificate. However, we do not keep a record of which user account is associated with which authentication certificate.
 
-**Message metadata**: Even when using end-to-end OpenPGP encryption for email messages, the email "subject" and routing information regarding the message "from" and "to" are seen by our servers in the clear when the message initially arrives. Immediately upon reception, we encrypt the entire message, including the metadata, and store it so that only you can read anything about the message (other than the size of the encrypted blob).
+**Message metadata**: Even when using end-to-end OpenPGP encryption for email messages, the email "subject" and routing information regarding the message "from" and "to" are seen by our servers in the clear when the email initially arrives. This is due to inherent limitations in the email protocol and in OpenPGP. Immediately upon reception, we encrypt the entire message, including the metadata, and store it so that only you can read anything about it.
 
-**Cleartext messages**: Some messages that you send or receive will not be end-to-end encrypted (for example, when the other party does not support email encryption). In these cases, both when the message is received and sent, we do not retain anything about these messages other than what has been specified above.
+**Cleartext messages**: Some messages that you send or receive will not be end-to-end encrypted (for example, when the other party does not support email encryption). In these cases, when cleartext messages are received or sent, we do not retain anything about these messages other than what has been specified above. Immediately upon reception, we encrypt the entire message and store it so that only you can read anything about it.
 
 ## Information we cannot retain
 
-**Your password**: Unlike most services, your user password never travels to our servers. We have no access to your password at any time. An attacker might still guess your password or discover it by trying millions of combinations, but we have no special access in this regard. Note: this guarantee is only strong if you use the client application for authentication, but is less strong if you login directly through the website (mostly because browser security is weak and an attacker could modify the computer code in the web page that handles this secure authentication).
+**Your password**: Unlike most services, your user password never travels to our servers. We use a system called Secure Remote Password (SRP), a type of 'zero-knowledge proof' cryptography that ensures the server has no access to your password and that you can't be tricked into authenticating with an impostor server. However, there are two limitations: (1) An attacker might still guess your password or discover it by trying millions of combinations, but we have no special access in this regard (SRP makes this much more difficult, but not impossible); (2) The guarantees of SRP are only strong if you use the client application for authentication, but are less strong if you login directly through the website (this is because browser security is relatively weak and an attacker might find a way to modify the computer code in the web page that handles this secure authentication).
 
 **Your communication**: Once stored, we cannot read the content or metadata of your communication. It is entirely encrypted and decrypted on your device. We also cannot recover it if you lose your password.
 
-**Your secret keys**: For encryption to work, the client application manages numerous secret keys on your behalf. These keys are also backed up and stored on our servers, but they are saved anonymously, and encrypted so that someone needs to know both the username and password to be have to query and decrypt these keys.
+**Your secret keys**: For encryption to work, the client application manages numerous secret keys on your behalf. These keys are also backed up and stored on our servers, but they are saved anonymously, and encrypted so that someone needs to know both the username and password to query and decrypt these keys.
 
 ## How we use or disclose collected information
 
 **We do not disclose user information**: We retain only the bare minimum of information about each user that is required to make the service work. We do not disclose, sell, or share any of it.
 
-**Academic research**: Anonymous, aggregated information that cannot be linked back to an individual user may be made available to third parties for the sole purpose of researching better systems for anonymous and privacy communication. For example, we may aggregate information on how many messages a typical user sends and receives, and with what frequency.
+**Academic research**: Anonymous, aggregated information that cannot be linked back to an individual user may be made available to third parties for the sole purpose of researching better systems for anonymous and secure communication. For example, we may aggregate information on how many messages a typical user sends and receives, and with what frequency.
 
 **Account deletion**: You may choose to delete your <%=APP_CONFIG[:domain]%> account at any time. Doing so will destroy all the data we retain that is associated with your account. The one exception is that your public key may still be available, although we will revoke our endorsement of this key. The usernames associated with deleted accounts remain unavailable for others to use for at least two years, possibly longer.
 
diff --git a/billing/test/integration/subscription_test.rb b/billing/test/integration/subscription_test.rb
index b95bfac..1473eb0 100644
--- a/billing/test/integration/subscription_test.rb
+++ b/billing/test/integration/subscription_test.rb
@@ -2,9 +2,8 @@ require 'test_helper'
 require 'fake_braintree'
 require 'capybara/rails'
 
-class SubscriptionTest < ActionDispatch::IntegrationTest
+class SubscriptionTest < BrowserIntegrationTest
   include Warden::Test::Helpers
-  include Capybara::DSL
   include CustomerTestHelper
   include StubRecordHelper
 
@@ -17,7 +16,6 @@ class SubscriptionTest < ActionDispatch::IntegrationTest
       payment_method_token: @braintree_customer.credit_cards.first.token,
       price: '10'
     @subscription = response.subscription
-    Capybara.current_driver = Capybara.javascript_driver
   end
 
   teardown do
@@ -32,7 +30,6 @@ class SubscriptionTest < ActionDispatch::IntegrationTest
     visit user_subscriptions_path(@customer.user_id, :locale => nil)
     assert page.has_content?("Subscriptions")
     assert page.has_content?("Status: Active")
-    page.save_screenshot('/tmp/subscriptions.png')
   end
 
   # test "user cannot see all subscriptions for other user" do
diff --git a/config/customization/.gitkeep b/config/customization/.gitkeep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/config/customization/.gitkeep
diff --git a/config/provider/.gitkeep b/config/provider/.gitkeep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/config/provider/.gitkeep
diff --git a/core/app/assets/javascripts/platform.js b/core/app/assets/javascripts/platform.js
index 3ab77d7..108c162 100644
--- a/core/app/assets/javascripts/platform.js
+++ b/core/app/assets/javascripts/platform.js
@@ -46,11 +46,12 @@
        return 'android';
      }
      if (pf.indexOf("Linux") !== -1) {
-       if (pf.indexOf("64") !== -1) {
-         return 'linux64';
-       } else {
-         return 'linux32';
-       }
+       return 'linux';
+       //if (pf.indexOf("64") !== -1) {
+       //  return 'linux64';
+       //} else {
+       //  return 'linux32';
+       //}
      }
      if (pf.indexOf("MacPPC") !== -1) {
        return 'oldmac';
diff --git a/help/test/functional/tickets_controller_test.rb b/help/test/functional/tickets_controller_test.rb
index 2b30f66..2530ba1 100644
--- a/help/test/functional/tickets_controller_test.rb
+++ b/help/test/functional/tickets_controller_test.rb
@@ -158,19 +158,23 @@ class TicketsControllerTest < ActionController::TestCase
   end
 
   test "tickets by admin" do
-    other_user = find_record :user
-    ticket = FactoryGirl.create :ticket, :created_by => other_user.id
+    begin
+      other_user = find_record :user
+      ticket = FactoryGirl.create :ticket, :created_by => other_user.id
 
-    login :is_admin? => true
+      login :is_admin? => true
 
-    get :index, {:admin_status => "all", :open_status => "open"}
-    assert assigns(:all_tickets).count > 1
-
-    # if we close one ticket, the admin should have 1 less open ticket
-    assert_difference('assigns[:all_tickets].count', -1) do
-      assigns(:tickets).first.close
-      assigns(:tickets).first.save
       get :index, {:admin_status => "all", :open_status => "open"}
+      assert assigns(:all_tickets).count > 0
+
+      # if we close one ticket, the admin should have 1 less open ticket
+      assert_difference('assigns[:all_tickets].count', -1) do
+        assigns(:tickets).first.close
+        assigns(:tickets).first.save
+        get :index, {:admin_status => "all", :open_status => "open"}
+      end
+    ensure
+      ticket.reload.destroy if ticket
     end
   end
 
diff --git a/lib/leap_web/version.rb b/lib/leap_web/version.rb
index 6915930..16a014b 100644
--- a/lib/leap_web/version.rb
+++ b/lib/leap_web/version.rb
@@ -1,3 +1,3 @@
 module LeapWeb
-  VERSION = "0.5.0.rc" unless defined?(LeapWeb::VERSION)
+  VERSION = "0.5.0" unless defined?(LeapWeb::VERSION)
 end
diff --git a/test/integration/os_detection_test.rb b/test/integration/os_detection_test.rb
index cb254aa..6d9a648 100644
--- a/test/integration/os_detection_test.rb
+++ b/test/integration/os_detection_test.rb
@@ -2,19 +2,15 @@ require 'test_helper'
 
 class OsDetectionTest < BrowserIntegrationTest
 
-  setup do
-    Capybara.current_driver = Capybara.javascript_driver
-  end
-
   test "old windows shows deactivated download" do
-    page.driver.headers = { "User-Agent" => "Win98" }
+    page.driver.add_headers "User-Agent" => "Win98"
     visit '/'
     assert_selector "html.oldwin"
     assert has_text? "not available"
   end
 
   test "android shows android download" do
-    page.driver.headers = { "User-Agent" => "Android" }
+    page.driver.add_headers "User-Agent" => "Android"
     visit '/'
     assert_selector "html.android"
     assert has_no_text? "not available"
diff --git a/test/test_helper.rb b/test/test_helper.rb
index 3e301e7..3fb2716 100644
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -43,8 +43,48 @@ class BrowserIntegrationTest < ActionDispatch::IntegrationTest
   include Capybara::DSL
   include IntegrationTestHelper
 
+  setup do
+    Capybara.current_driver = Capybara.javascript_driver
+    page.driver.add_headers 'ACCEPT-LANGUAGE' => 'en-EN'
+  end
+
   teardown do
     Capybara.reset_sessions!    # Forget the (simulated) browser state
     Capybara.use_default_driver # Revert Capybara.current_driver to Capybara.default_driver
   end
+
+  add_teardown_hook do |testcase|
+    unless testcase.passed?
+      testcase.save_state
+    end
+  end
+
+  def save_state
+    page.save_screenshot screenshot_path
+    File.open(logfile_path, 'w') do |test_log|
+      test_log.puts self.class.name
+      test_log.puts "========================="
+      test_log.puts __name__
+      test_log.puts Time.now
+      test_log.puts current_path
+      test_log.puts page.status_code
+      test_log.puts page.response_headers
+      test_log.puts "page.html"
+      test_log.puts "------------------------"
+      test_log.puts page.html
+      test_log.puts "server log"
+      test_log.puts "------------------------"
+      test_log.puts `tail log/test.log -n 200`
+    end
+  end
+
+  protected
+
+  def logfile_path
+    Rails.root + 'tmp' + "#{self.class.name.underscore}.#{__name__}.log"
+  end
+
+  def screenshot_path
+    Rails.root + 'tmp' + "#{self.class.name.underscore}.#{__name__}.png"
+  end
 end
diff --git a/users/test/integration/browser/account_test.rb b/users/test/integration/browser/account_test.rb
index 3785b72..a5677ad 100644
--- a/users/test/integration/browser/account_test.rb
+++ b/users/test/integration/browser/account_test.rb
@@ -2,10 +2,6 @@ require 'test_helper'
 
 class AccountTest < BrowserIntegrationTest
 
-  setup do
-    Capybara.current_driver = Capybara.javascript_driver
-  end
-
   teardown do
     Identity.destroy_all_disabled
   end
diff --git a/users/test/integration/browser/session_test.rb b/users/test/integration/browser/session_test.rb
index bb4e8c9..3a41b3a 100644
--- a/users/test/integration/browser/session_test.rb
+++ b/users/test/integration/browser/session_test.rb
@@ -3,7 +3,6 @@ require 'test_helper'
 class SessionTest < BrowserIntegrationTest
 
   setup do
-    Capybara.current_driver = Capybara.javascript_driver
     @username, password = submit_signup
   end