Age | Commit message (Collapse) | Author |
|
fix: sanity checks on user params
Closes #8801
See merge request leap/webapp!50
|
|
fixes #8801
Includes a test reproducing 500 on lynx
We now make use of ActionController::Parameters require and permit
methods.
|
|
Bugfix/8807 cleanup tmp invites
Closes #8807
See merge request leap/webapp!49
|
|
This simplifies returning the user while still working
on it a lot. Much cleaner than all these return user statements.
There's a lot more to refactor here. For example delegating methods
to user etc. ... but for now this should suffice. Don't want to
break this in a bugfix release.
|
|
fixes #8807
|
|
Bugfix release for 0.9:
* pin to the newest psych gem
* remove better_errors gem
* fix login error message with non en locales
Features:
* destroy invites used to create test accounts
* sort invite codes by last update
|
|
feat: sort invite codes by last update
Closes #8806
See merge request leap/webapp!48
|
|
They used to be sorted by the code which was not helpful
fixes #8806
requires deploy of new design docs to the platform
|
|
fix: destroy invites used to create test accounts
See merge request leap/webapp!47
|
|
Production instances are getting cluttered with invites from
test accounts. Instead of marking them as used we will now completely
remove them.
refers to #8804
refers to #8807\
|
|
fix: login error message with locale set
Closes #8805
See merge request leap/webapp!46
|
|
On a failed login the warden failure app gets called.
Some of the params are changed accordingly but controller
and action remain.
set_locale would detect there was no locale in the path
and thus attempt to redirect. However the params still
belong to the previous request which was a POST to
Api::SessionsController.
This route does not respond to get requests and so it
would trigger a 404 in production and a 500 in development.
This commit prevents set_locale to act upon warden failure
app controller calls by adding /new to the list of
`NON_LOCALE_PATHS`. (The path is updated by warden to the
name of the action called in the failure app).
A test is included in this commit that tries to login
with an invalid username, password combination and a german
locale set.
fixes #8805
|
|
|
|
pin to the newest psych gem, so as to not hit bugs in older versions (required by faker)
See merge request !44
|
|
it is currently incompatible with haml
|
|
|
|
|
|
(required by faker)
|
|
Plain bugfix release for 0.9:
* prevent token conflicts
* custom: fix stylesheet customization
* fix: set token in forms correctly
|
|
|
|
prevent token conflicts
Closes #8792
See merge request !42
|
|
|
|
Fix/sass load path
Closes #8794
See merge request !40
|
|
fixes #8794
Reported the underlying issue here:
https://github.com/rails/sass-rails/issues/406
Basically `@import` works like this:
* look for the file relative to the current file
* look for the file as an absolute path following the priorities in the
* asset load_paths
If the file can be imported as a relative path that will take
precedence.
So in order to pick up the head and tails inside customization rather
than in app/assets there are three possibilities:
1) use an absolute path. This is not as easy as it seems. There is no
way of indicating a path is meant to be absolute so we would have to
ensure it does not resolve to a relative path.
2) have a application.scss file inside the customization folder. Since
this is the main file it will be used instead of the app/assets one. In
there relative paths will now also default to the customization folder
rather than app/assets. Once we are in an app/assets file though it will
not go back to picking up customization with relative paths
3) use //= require instead of import. rails-sass advices against this as
each required file would be compiled on it's own and variables could not
be shared.
Going with option 1 here:
```scss
// application.scss:
@import "custom/head_import";
```
```scss
// custom/head_import.scss:
@import "head";
```
As long as there is no custom/head.scss in app/assets it will import
head as an absolute path and thus prefer config/custom over app/assets.
This seems like the best option for now as it does not require changes
to the deployments.
|
|
This reverts commit cc95bb27e873dc6140f9a909a57f075a0ef2f387.
|
|
fix: make customization available to sass
Closes #8793
See merge request !39
|
|
Somehow sass did not follow the rails assets path order.
Therefore the default tail.scss would stay in effect even when
there was a different tail.scss in the customization folder.
Adding the customization stylesheet folder to the sass load_paths
works around this for now. Still need to check if it works in
production though.
|
|
ci: logs and debug files as artifacts
See merge request !38
|
|
|
|
fix: set token in forms correctly
Closes #8784
See merge request !37
|
|
We now use the hash of the token for comparison and as the id.
In order to use it you need the original token though. So forms and
thus the session should have token.to_s rather than token.id.
|
|
This release features a great contribution from the Rails Girls Summer of Code:
The landing page of the webapp can now include a twitter feed to display
news from the provider.
Other than that this is a maintainance and transition release.
* Twitter feed on main page (thanks theaamanda and lilaluca).
* upgrade to rails 4.2
* upgrade to bootstrap 3
Upgrading:
* We now use rails 4's `secret_key_base`. Please make sure to supply it
in config/config.yml for production environments. If you are using the
leap platform that will already take care of it.
Deprecations:
* We have not seen any active use of the **billing** functionality.
So we deprecate it and will probably drop it in one of the next releases.
* We will replace the user facing **help desk** functionality with a single
sign on mechanism to integrate with other help desk systems.
We will maintain the endpoint to submit tickets and the ticket management
in the admin interface. That way it should also be easy to create your own
ticket submission form.
* We deprecate the ability to **signup and login** directly through the webapp.
We will remove it in the future for security reasons. Signup and Login should
only happen through bitmask to prevent password phishing and js injections.
|
|
|
|
fix: icons that were using the bootstrap 2 syntax
Closes #27
See merge request !35
|
|
|
|
feature: delete user clearing username
Closes #26
See merge request !34
|
|
|
|
Fix error display
See merge request !33
|
|
only use the <pre> tag if the response was a text message i.e. during dev errors.
Use the alert-danger class of bootstrap 3 rather than alert-error.
|
|
|
|
fix: bootstrap 3 style of menus
Closes #24
See merge request !32
|
|
span10 now is .col-??-10.
ul.unstyled now is ul.list-unstyled
also leave out unnecessary li if billing is disabled.
|
|
Fix/bootstrap 3
See merge request !31
|
|
* reran the simple form initializer.
* wrapped submit buttons are now broken and need a fix.
* disabled confirmation validation in client side validations as the
error message always is attached to the wrong field.
|
|
|
|
The Active::Model modules of client side validations only get included
in CouchRest::Model::Base if the gems are loaded in the right order:
* activemodel is required first so the modules to extend are present
* client_side_validations is required next so its modules get included
* couchrest_model is required last so it includes the enhanced modules.
\
|
|
fix: display error js responses in dev environment
See merge request !30
github issue #231
|
|
Sometimes the dev environment will send back a plain text response.
This causes the json parser to raise an exception and used to cause
the browser not to display any error message.
Now we dumpt the whole server response - which happes to also include the
backtrace. A lot more useful than doing nothing.
In production this should never happen as 500s get handled by the
ExceptionApplication / our ErrorsController there.
|
|
cleanup: no more submodules
See merge request !29
|
|
|