Age | Commit message (Collapse) | Author |
|
Fix login validations
|
|
Identity.new.valid? should not crash. So validate presence where needed and
skip the other validations if the value is absent.
|
|
|
|
errors.each iterates through all errors for all attrbibutes nicely.
|
|
Users now always check if their identity is valid. We need to make
sure this works if the user is a new record and once it has been
persisted.
While the user is a new record the identity will have no user_id.
Old identities that are left to block the login of a user who
canceled their account also have a blank user_id. They still should
render the new identity invalid so the user can't be saved with a
login that has been reserved.
Once the user has been persisted we set the user_id on the identity
and save it too when creating an Account. This allows us to create
a plain user and save it and it will still have an in memory identity
only. But the default is to create the user by means of creating an
account so an identity will be created as well.
|
|
|
|
we set it to nil when we disable it
|
|
|
|
|
|
|
|
We create an identity alongside each user. Make sure the identity
is valid when creating the user. This also ensures that the login
picked is available because otherwise the identities address would
not be available anymore.
|
|
hash token with sha512 against timing attacs #3398
|
|
Feature/cert fingerprints
|
|
|
|
|
|
We create them. let's reflect that in the verb.
|
|
better detection if price link should be shown in the footer
|
|
Feature/3295 custom error pages
|
|
|
|
Only storing the date as that should suffice for normal expiry and is less useful for identifying users by timestamps
|
|
|
|
|
|
|
|
Email.new(nil) now returns an invalid email rather than crashing.
|
|
|
|
stelfox.net/blog/2014/04/calculating-rsa-key-fingerprints-in-ruby/
|
|
|
|
|
|
|
|
|
|
|
|
Changes since 0.5.0
* Message API
* Payment reminder messages
* Messages to Warn after expiring trial period
* cleanup and refactoring of messages code
* require token authentication for API
* rename security related functions to be clear
* nagios test for webapp login
* nagios test for soledad sync
* prevent crash when destroying tokens (#5382)
* redirect home when logged in visits /signup (#5446)
* large refactoring of engine and directory layout
* move users engine into main
* move certs engine into main
* update documentation for new engine layout
* move remaining engines into engines directory
* rename help engine to support
* refactor nagios tests with support classes
* nagios test for registering new users
* enable nagios tests to work with older versions of requests lib
* API endpoint for requesting the current service_level
* null pattern refactoring for current_user as UnauthenticatedUser
* rename UnauthenticatedUser to AnonymousUser
* change service level configuration strategy
* bringing back empty cert prefixes
* adopt service_level config to platform settings
* add signup and login info on the forms
* cleanup homepage
* unify wording for destroying accounts
* recover from invalid tickets (#5552)
* remove cert link in development
* display notice that client signup is prefered (#5549)
* capitalize Loading... indicator (#5542)
* use simple_form for all forms
* ensure buttons are properly loading and reset
* open close toggle in ticket header
* translate signup and login buttons
* basic password validation (#5557)
* reduce client_side_validations dependency (to be removed)
* simplify download button
* remove OS specific download buttons
* adopt pricing view to current service_level format
* upgrade debugger to work with latest ruby 1.9.3 patch release
* hide srp forms when js is disabled (#5548)
* allow for usernames with dots
* fix ticket form submission and validation (#5657)
* stop email autofil for ticket forms (#5664)
* User#email returns email addresses only if service provided
* move User Control Panel heading out of masthead (#5658)
* open/close toggle and fields in different forms (#5659)
* upgrade rails to 3.2.18 for security fixes
|
|
Conflicts:
app/assets/javascripts/srp
test/nagios/soledad_sync.py
test/nagios/webapp_login.py
|
|
make download button wide enough for helvetica #5039
|
|
upgrade rails to 3.2.18 for security fixes
|
|
This way the pricing link will not be shown for an empty hash. Which is easier to get into the config file than nil. And we can later verify the configuration to have a hash as the service_levels.
|
|
|
|
|
|
open/close toggle and fields in different forms - fixes #5659
|
|
Bugfix/5664 stop email autofill
|
|
move User Control Panel heading out of masthead
|
|
Ticket.is_creator_vlidated? now actually fetches the user from the db and returns false if it does not exist.
|
|
|
|
the masthead can only handle content of a limited width.
Alternatively we could make the masthead title wider and add padding on the left so it still aligns nicely with the mask. However the wider we make it the worse it looks on small width displays.
Another option would be to make the masthead contain multiple lines. However vertical aligment to the middle of 1 OR 2 lines of text is a real pain.
So I went with a super simple masthead and the Caption goes below.
|
|
use the former if you want a working email account or nil, the
latter if you want the email address associated with a given
user no matter if the user actually has an email account or not.
|
|
email and regarding user fields can be set to defaults based on
created_by user.
If these fields are emptied by the submitting user they will be set to whereas they are nil if they have not been initialized. In that case we will use meaningful defaults from the user who created the ticket.
|
|
|
|
We should respect the users choice. We can still get their email from the user id if we really need to.
|
|
preparing for #5664 with some test improvements i ran into this issue
This commit includes a fix and the test improvements. In particular it
adds BrowserIntegrationTest#login - so there is no need to go through the signup procedure everytime you want a user to be logged in.
|
|
hide srp forms when no js is available
|