Age | Commit message (Collapse) | Author |
|
There are some places where we only want to require login unless you can use EIP anonymously. So far we had an anonymous_certs_allowed? method in all these controllers. Now it's replaced with ApiController#anonymous_access_allowed?. The naming better reflects that there might be other services that allow anonymous use at some point.
This also fixed a typo name -> @filename that broke the ConfigsController.
|
|
Allow fetching configs if anonymous EIP access is allowed
|
|
|
|
Feature/messages api
|
|
|
|
|
|
|
|
API: Authenticated access to config settings
|
|
Also fixed the test for login_required
|
|
Also reformated long haml lines some. You can add a linebreak after a comma.
|
|
We're not testing the redirects anymore. But the error messages should be pretty clear already. We can start testing redirects again once we redirect to different places for different actions.
|
|
|
|
the Warden::SessionSerializer was not getting loaded at all because we had a file by the same name. We want it to get loaded and be patched instead.
|
|
Also save debug log on failing features
|
|
meant to move id -> @id, also turned identity in the test titles into
@identity.
|
|
We have an ApiController that wants to call #fetch_user. Since we can only inherit from one class i moved fetch_user into an extension.
|
|
|
|
require_login is require_token for the api controller
It also skips the verify_authenticity_token before filter.
So all Subclasses of the ApiController will only support token auth.
Also made the V1::UsersController a bit more strict. Now way for admins to alter other users through the api. We don't support that yet so let's not allow it either.
|
|
we compare the cert that expires last to the one we just saved. So we need to make sure the one we saved is the one that expires last.
|
|
|
|
|
|
Also added authentication steps to cucumber
|
|
|
|
|
|
Warden will catch all 401 responses at the rack level and call the app for failures. By default that is SessionsController#unauthenticated.
I'm sticking with this. If we ever have other rack endpoints they can just send a 401 and the webapp will take care of the message.
Other options would have been to tell warden not to take care of 401 either during initialization or by calling custom_failure! in the login_required method.
We probably want a response that has a unique identifier for the error to process by the client and a translated message later on. For now i think the 401 suffices to identify the issue at hand.
|
|
They are very different. Let's handle them in different methods.
|
|
the Warden::SessionSerializer was not getting loaded at all because we had a file by the same name. We want it to get loaded and be patched instead.
|
|
Moved check for allow_registration into filter.
|
|
|
|
Feature/view for valid certs
|
|
|
|
It removed most of the reduce functions... really not what we wanted
|
|
|
|
Also move complex identity views into js designs.
Includes test.
Here's how you would query it from outside rails:
```
$ curl
'localhost:5984/identities/_design/Identity/_view/cert_fingerprints_by_expiry?startkey="2014-07-05"'
{"total_rows":4,"offset":1,"rows":[
{"id":"6c9091d4f13eaeaa6062c9d0528fd34d","key":"2014-07-05","value":"fingerprint"},
{"id":"6f3aa93828b4f6978d551f2623b9d103","key":"2014-07-05","value":"fingerprint"},
{"id":"b6cafacfa65042679691cd5065fb19e3","key":"2014-07-07","value":"fp"}
]}
```
Note that the expiry will be used as the key. So you should use the
current data (or yesterday) as the startkey to get all fingerprints that
have not expired yet.
The fingerprint itself is in the value. No need to include docs.
|
|
We used to store the creation date but this way it's easier to query for non expired certs
|
|
Added allow_registration toggle.
|
|
- default is true
- See issue #5217
- See companion change in leap_platform.
|
|
Admin navigates all tickets - fixes #5879
|
|
We completely ingnore the user_id param for non admins now. So if someone tries to show somebody elses tickets they will see their own instead.
|
|
|
|
only submit the params that differ from the defaults
|
|
When an admin sorted the tickets view in a different order it would take them to their own tickets list before
|
|
This was causing problems with zeus
|
|
Allow admins to unblock handles
|
|
|
|
|
|
Use link_to_navigation for all important navigation items. It creates a link in a list item for use with bootstrap. It supports an :active flag and an :icon option in the html_options now. It also translates the label. This way it can be used in a lot of places as the generic navigation link.
|
|
There's an identities tab now for admins that will allow unblocking blocked handles. It should be easy to expand for aliases and forwards and other types of actions such as editing.
|
|
list-unstyled comes for free
|
|
it needs APP_CONFIG to be loaded and was failing due to that.
Also this sets up some configuration options. They might only be needed if the billing engine is used but they should not be nested in there never the less.
|