summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-06-22[feature] expose is_admin in the user apiNavaL
So that whoever consumes the API can use this attribute to determine if admin functionalities should be made available to the current user.
2016-05-01Version 0.8.00.8.0Azul
This version ships with improvements implemented during rails girls summer of code 2015 (in no particular order): * Providers now can require invite codes * Admins can disable and enable users * Payments and subscriptions are possible Thanks heaps to @ankonym, Aya, @claucece and @EvyW. Also thanks a lot to rails girls summer of code and thoughtworks for the organization and coaching. We also include a bunch of smaller bugfixes. For details see the list below: Bugfixes to prepare for 0.8.0 release: * upgrade: couchrest_session_store to 0.3.1 * remove outdated couchrest hack * allow monitor auth to create users even if invites are normally required. * disable per-user message tests (since this feature currently disabled) * api: added super simple motd, closes #7866 Add api support for admin authentication tokens: * api: return proper 404 for GET /1/identities/:id.json * api: added json error pages, allow "." in the :id param of all api routes * api: added get(:show) to identities and users, allow monitors to create/delete test & tmp users. * api: added allow ability to limit what IPs can access api using a static configured auth token. * api tokens - clarify terms: "monitors" are admins that authenticated via api token, "tmp" users are users that exist only in tmp db, "test" users are either tmp users or users named "test_user_x" * api tokens: allow for special api tokens that work like session tokens but are configured in the static config, to be used for infrastructure monitoring. Upgrade to latest rails 3.2: * upgrade: downgrade rake to 10.x * upgrade: use latest rails 3.2 version Smaller fixes: * Handle conflict on token cleanup - fixes #7670 * updated changes file * added travis build status to readme * allow user accounts to be re-enabled, and for associated identities to also get re-enabled. * use RUBY_VERSION instead of :platform for Gemfile (since jessie has a really old bundler) * disable failing cucumber test (leap_web is doing the right thing, the test is just weird). * internet says that bundler on travis might be what is causing test fail, so force install the lastest one. * remove cert fingerprints for disabled users, so that they cannot send email anymore. closes #7690 * vendor certificate_authority, because travis does not like pulling it from github. * travis ci does not support :platform => :ruby_22, so remove for now. * enable byebug for tests * change the default of config.assets.debug for development env. * fix ticket display bug * retain locale in URL when logging in and signing up, and ajax actions in general. Admin UI overhaul: * added UI for invite codes * added caution tape img. * highlight admin areas with caution tape (wip) * fix user list Generate Invite Codes without code_coupon gem: * Cleaned up last traces of the Great Git Mess * Remove Coupon Code gem and make invite code = id * Replace Coupon Code gem for invite code creation * Remove Coupon Code gem and make invite code = id * Remove Coupon Code gem from Gemfile * Replace Coupon Code gem for invite code creation * Fix the InviteCode initialize method so leap_web tests stay green * Adjust the rake task to make id = invite code * set rbenv pin to 2.1.5 Pull request #204 from pixelated/fix_payment_check * [bug] Only show donation if payment present Payment and Subscriptions (Pull request #198 from claucece/develop): * Reverting submodule update * updated version of fakebraintree * changed capybara time * fixed gem file * add test to payments and subscriptions * deleted comment * questions added * readme * updated readme * add a comment regarding home * update to haml, created translations, deleted files * add subscriptions * add subs_index and start show * changed routes and links * subscriptions, translation * subscriptions, haml and translations * added customers, recurring payment and payment_info * just played a little * correctly set up comments * added payment_info, _customer_form, sucess instances * Donation button * add donate button, bitcoin, payment_method * implemented the form and the generate Enable/Disable users as admin (Pull request #196 from EvyW/develop): * identing 2 * Identing first line * with out identing * Translation changes * changes style sheets * index changes * commit user haml * Update leap.scss * test users_controller_test * fixing translations * spanish translations for user actions * adding ability to disable/enable users by admin Allow invites for multiple people: (Pull request #201 from Alster-Hamburgers/multi-invite) * Adjusted the rake task with comments by @azul * Small code cleanup in the rake task * Cleaned up invite code output for platform tests * Adjust rake task with renamed max_uses * Integrated feedback on multi-invite codes * Update rake task to allow generation of multi-use invites * Allow multi-use invite codes Pull request #200 from Alster-Hamburgers/localization * Add the localization keys for invite_code and password confirmation Require invite codes for signup based on config setting: (Pull request #194 from Alster-Hamburgers/feature/invite_code) * Add localization labels to signup form and user.en.yml * Make invite code configurable * Cleaned up code in invite_code_validator.rb * Removed the view_by__id from invite code test * Fixed the signup bug that wrongly consumes the invite code. * Fix cucumber tests by passing valid invite code * Fix the remaining failures/errors in our tests * Fix three unit tests by passing Factory Girl a valid invite code * Fix several test failures by stubbing invite code validation * Separate user and invite code validator tests * Fixes for the invite code validator * Make sure codes can only be used once, fix validations * Add rake task for invite code batch generation * assign random invite code when creating new invite codes * Remove change password browser test * Fix test based on actual invite code validation * Changed invite code query to look for invite_code string instead of id * Add validation of invite code in user object based on codes in couch db * Add invite code model * Added an 'invite code' to all the tests for the sign-up form so we have a valid user for the tests again * Update submodule srp to 9e1a41733 * Move account form info from srp_js into leap_web * Adding invite code field to signup with validation for hardcoded invite code * Disable CSRF token verification on ticket creation. Fix issues found during start of rails girls summer of code: * couchrest_model 2.0.1 fixes find_by_sth(nil) * Update README with docs from website & instructions on local DB * Bump therubyracer to 0.12.2 * improved README.md * do not include random cruft in the common name of smtp client certificates
2016-04-27upgrade: couchrest_session_store to 0.3.1Azul
Display home even if couch is down.
2016-04-26remove outdated couchrest hackAzul
We had rewritten use_database so it would not crash the entire app if couch was not available at the time of initialization. couchrest now moved on and only sets the database name on use_database. The database will only be queried once it is really needed. So pretty much exactly what we want. Our hack instead caused quite a bit of problems as it would still initialize the database during start. This way the app would remain in an invalid state even when couch came back.
2016-04-11allow monitor auth to create users even if invites are normally required.elijah
2016-04-02disable per-user message tests (since this feature currently disabled)elijah
2016-04-01api: added super simple motd, closes #7866elijah
2016-03-31Merge remote-tracking branch 'github/211' into developAzul
2016-03-30api: return proper 404 for GET /1/identities/:id.jsonelijah
2016-03-30api: added json error pages, allow "." in the :id param of all api routeselijah
2016-03-28api: added get(:show) to identities and users, allow monitors to ↵elijah
create/delete test & tmp users.
2016-03-28api: added allow ability to limit what IPs can access api using a static ↵elijah
configured auth token.
2016-03-28api tokens - clarify terms: "monitors" are admins that authenticated via api ↵elijah
token, "tmp" users are users that exist only in tmp db, "test" users are either tmp users or users named "test_user_x"
2016-03-28api tokens: allow for special api tokens that work like session tokens but ↵elijah
are configured in the static config, to be used for infrastructure monitoring.
2016-03-28Merge branch 'azul-upgrade/rails' into developelijah
2016-03-28upgrade: downgrade rake to 10.xAzul
11.x will complain a lot about rails 3.2 code. We can upgrade when we upgrade rails itself.
2016-03-28upgrade: use latest rails 3.2 versionAzul
It includes a bunch of security fixes
2016-03-23Merge remote-tracking branch 'github/209' into developAzul
2016-03-20upgrade: downgrade rake to 10.xAzul
11.x will complain a lot about rails 3.2 code. We can upgrade when we upgrade rails itself.
2016-03-19Handle conflict on token cleanup - fixes #7670Azul
the only race condition I can think of here is this... somebody tries to authenticate with a token that is almost expired. auth checks and notices it is not expired yet so starts to prolonge it. Before the polonged token is written to the db the cleanup script discovers that it has just expired. prolonged token is written to the db cleanup script fails to delete it from the db as it has been updated. So what we want in this case is to keep the token alive as it was renewed in the last minute.
2016-03-19upgrade: use latest rails 3.2 versionAzul
It includes a bunch of security fixes
2016-02-15updated changes fileelijah
2016-02-10added travis build status to readmeelijah
2016-02-10allow user accounts to be re-enabled, and for associated identities to also ↵elijah
get re-enabled.
2016-02-02use RUBY_VERSION instead of :platform for Gemfile (since jessie has a really ↵elijah
old bundler)
2016-02-01disable failing cucumber test (leap_web is doing the right thing, the test ↵elijah
is just weird).
2016-02-01internet says that bundler on travis might be what is causing test fail, so ↵elijah
force install the lastest one.
2016-01-31remove cert fingerprints for disabled users, so that they cannot send email ↵elijah
anymore. closes #7690
2016-01-31vendor certificate_authority, because travis does not like pulling it from ↵elijah
github.
2016-01-31travis ci does not support :platform => :ruby_22, so remove for now.elijah
2016-01-31enable byebug for testselijah
2016-01-16change the default of config.assets.debug for development env.elijah
2016-01-16fix ticket display bugelijah
2016-01-16retain locale in URL when logging in and signing up, and ajax actions in ↵elijah
general.
2016-01-14added UI for invite codeselijah
2016-01-10added caution tape img.elijah
2016-01-10highlight admin areas with caution tape (wip)elijah
2016-01-10fix user listelijah
2016-01-10minor update to docselijah
2016-01-10Merge branch 'remove_couponcode' into developelijah
2016-01-10Merge branch 'remove_couponcode' of ↵elijah
https://github.com/Alster-Hamburgers/leap_web into remove_couponcode # Conflicts: # lib/tasks/invite_code.rake
2015-11-05set rbenv pin to 2.1.5elijah
2015-10-19Merge pull request #204 from pixelated/fix_payment_checkazul
[bug] Only show donation if payment present
2015-10-19[bug] Only show donation if payment presentFolker Bernitt
2015-10-19Merge pull request #198 from claucece/developazul
Braintree_implementation
2015-10-19Merge pull request #196 from EvyW/developazul
Admin - Ability to enable/disable user
2015-10-14Reverting submodule updateclaucece
2015-10-13Merge pull request #201 from Alster-Hamburgers/multi-inviteazul
Allow multi-use invite codes
2015-10-13Cleaned up last traces of the Great Git Messankonym
Removed the parts related to multi-use invite codes (those are in a separate pull request) - I hope this is all correct now! Sorry for the confusion.
2015-10-13Remove Coupon Code gem and make invite code = idankonym
Id is set = invite code to make it easier to delete the invite codes that get created during the leap platform tests (because this avoids having to look up ttheir id each time).