| Age | Commit message (Collapse) | Author |
|---|
|
|
|
closes #6550
|
|
tickets db might not yet be initialized.
|
|
https://github.com/azul/leap_web into develop
|
|
develop
|
|
|
|
from a stable url.
|
|
|
|
|
|
|
|
Also moved the location of the config files into a configuration setting.
|
|
There are some places where we only want to require login unless you can use EIP anonymously. So far we had an anonymous_certs_allowed? method in all these controllers. Now it's replaced with ApiController#anonymous_access_allowed?. The naming better reflects that there might be other services that allow anonymous use at some point.
This also fixed a typo name -> @filename that broke the ConfigsController.
|
|
|
|
includes test
|
|
They add very little value and clutter the production logs when bots scan.
|
|
is a reserved username that can't be registered.
|
|
We now allow admins to unblock handles of users who deleted their
accounts. The admin interface also received some bugfixes. On the API
side of things we support validation of SMTP certs and added an endpoint
that requires authentication for retrieving the configuration files.
Here's the list of changes:
Pull request #181 from azul/feature/allow_anonymous_config_access
* Allow fetching configs if anonymous EIP access is allowed
Pull request #180 from azul/feature/messages-api
* fix messages feature to match latest response format
* add translation and fix tests
* some cleanup of the messages api and cuke feature
Pull request #176 from azul/feature/api-authenticated-configs
* cuke: drop jsonpath, use simple keys instead
* make sure i18n key can be found (cascade)
* clean up error assertions in tests
* fix controller refactor and features
* move fetch_user into module so it can be mixed in
* send config files from ConfigsController
* ApiController with API style auth
* clean up and simplify error responses and test code
* move unauthenticated api endpoints into separate feature
* send static list of configs for now
* use cucumber; initial ConfigsController
* render valid json error if provider file not found
* SessionsController#unauthenticated for 401s
* separate login_required from access denied response
* rename warden extension to patch the original
Pull request #179 from fbernitt/issue_5217_addendum
* Moved check for allow_registration into filter.
Pull request #175 from azul/feature/view-for-valid-certs
* allow querying for the expiry of a particular fingerprint
* fix tests and simplify time calculations
* Identity view cert_fingerprints_by_expiry
* store expiry with cert fingerprints
Pull request #178 from fbernitt/issue_5217_allow_registration
* Added allow_registration toggle.
Pull request #174 from azul/bugfix/admin-navigates-all-tickets
* adopt ticket list test to new behaviour
* only use user ticket(s) path for real users
* stay on all tickets view when sorting (#5879)
Pull request #173 from azul/feature/unblock-handles
* list identities based on search only
* make link_to_navigation more generic and reuse it
* Enable unblocking handles in identities tab
* backport bootstraps 3.2s list-inline
* move braintree initilializer into core
* remove dummy app
* create client certificates with generous not_before (fixes #5884)
|
|
Allow fetching configs if anonymous EIP access is allowed
|
|
|
|
Feature/messages api
|
|
|
|
|
|
|
|
API: Authenticated access to config settings
|
|
Also fixed the test for login_required
|
|
Also reformated long haml lines some. You can add a linebreak after a comma.
|
|
We're not testing the redirects anymore. But the error messages should be pretty clear already. We can start testing redirects again once we redirect to different places for different actions.
|
|
|
|
the Warden::SessionSerializer was not getting loaded at all because we had a file by the same name. We want it to get loaded and be patched instead.
|
|
Also save debug log on failing features
|
|
meant to move id -> @id, also turned identity in the test titles into
@identity.
|
|
We have an ApiController that wants to call #fetch_user. Since we can only inherit from one class i moved fetch_user into an extension.
|
|
|
|
require_login is require_token for the api controller
It also skips the verify_authenticity_token before filter.
So all Subclasses of the ApiController will only support token auth.
Also made the V1::UsersController a bit more strict. Now way for admins to alter other users through the api. We don't support that yet so let's not allow it either.
|
|
we compare the cert that expires last to the one we just saved. So we need to make sure the one we saved is the one that expires last.
|
|
|
|
|
|
Also added authentication steps to cucumber
|
|
|
|
|
|
Warden will catch all 401 responses at the rack level and call the app for failures. By default that is SessionsController#unauthenticated.
I'm sticking with this. If we ever have other rack endpoints they can just send a 401 and the webapp will take care of the message.
Other options would have been to tell warden not to take care of 401 either during initialization or by calling custom_failure! in the login_required method.
We probably want a response that has a unique identifier for the error to process by the client and a translated message later on. For now i think the 401 suffices to identify the issue at hand.
|
|
They are very different. Let's handle them in different methods.
|
|
the Warden::SessionSerializer was not getting loaded at all because we had a file by the same name. We want it to get loaded and be patched instead.
|
|
Moved check for allow_registration into filter.
|
|
|
|
Feature/view for valid certs
|
|
|
|
It removed most of the reduce functions... really not what we wanted
|
|
|
|
Also move complex identity views into js designs.
Includes test.
Here's how you would query it from outside rails:
```
$ curl
'localhost:5984/identities/_design/Identity/_view/cert_fingerprints_by_expiry?startkey="2014-07-05"'
{"total_rows":4,"offset":1,"rows":[
{"id":"6c9091d4f13eaeaa6062c9d0528fd34d","key":"2014-07-05","value":"fingerprint"},
{"id":"6f3aa93828b4f6978d551f2623b9d103","key":"2014-07-05","value":"fingerprint"},
{"id":"b6cafacfa65042679691cd5065fb19e3","key":"2014-07-07","value":"fp"}
]}
```
Note that the expiry will be used as the key. So you should use the
current data (or yesterday) as the startkey to get all fingerprints that
have not expired yet.
The fingerprint itself is in the value. No need to include docs.
|
