summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-09-03remove email aliases controller - we don't use it anymoreAzul
2013-09-03Cleanup sessions controller - webapp logs in through the api.Azul
So the #create and #update actions were not needed anymore. Also removed the tests
2013-09-02Merge pull request #78 from jessib/finish_removing_email_settings_referencesazul
Remove references to email_settings controller, which has been removed. ...
2013-09-02Remove references to email_settings controller, which has been removed. An ↵jessib
identities controller will replace it.
2013-09-02Merge pull request #77 from azul/feature/3522-configurable-logfilejessib
add config setting for logfile
2013-09-02Merge pull request #74 from azul/refactor/finding-usersjessib
there's no need for User#find_by_param. clean it up
2013-09-02document the logfile option in the defaults.ymlAzul
2013-09-02add config setting for logfileAzul
This is the most simple thing that could possibly work. If you do not specify a :logfile in your environments config Rails will use the default.
2013-08-30also replace find_by_param in billing engineAzul
2013-08-30there's no need for User#find_by_param. clean it upAzul
2013-08-27Not ideal way to do it, but was proving complicated to have a config file ↵jessib
specify which gems for which environments. Here, we have the billing gem included for the development and test environments only, hardcoded in the Gemfile. Then we show the links to billing based on a config file setting. The setting itself could be used to specify different types of billing, but isn't yet.
2013-08-27Merge branch 'master' into billing_with_testsjessib
2013-08-27Merge pull request #72 from azul/feature/token-based-authjessib
Feature: Token based auth
2013-08-27refactor: Changing the py test to use less globals and session only locally.Azul
2013-08-27use token to update user passwordAzul
2013-08-27separate different tests for showing non existant userAzul
This way the failed stubbing errors were more telling
2013-08-27token.user will get you the right userAzul
This way we can stub the token to return the user directly. Stubbing User.find_by_param is not a good idea as it will make all calls to User#find_by_param with a different id fail.
2013-08-27do not redirect if no token presentAzul
So far we allow two mechanisms of authentication: * session based * token based If token fails session will be atempted in most cases. So we can't just redirect here or we get a double render error.
2013-08-27make sure find_record still works with real recordsAzul
2013-08-27clear token on logout with testAzul
2013-08-27basic testing for token based auth in testsAzul
2013-08-27first steps towards enabling token based authAzul
2013-08-27sort authentication controller extensionAzul
2013-08-27minor: remove puts lineAzul
2013-08-26add public/img and config/couchdb.yml.* to gitignoreAzul
[ci skip]
2013-08-22Disable billing for pull request.jessib
2013-08-22Some more billing cleanup.jessib
2013-08-22Merge pull request #69 from azul/bugfix/update_user_password_through_apijessib
Test updating user password through api
2013-08-22Merge pull request #70 from azul/bugfix/validate_login_like_signupjessib
use the same login validations on sessions and users
2013-08-21Merge remote-tracking branch 'jessib/js_warning'Azul
2013-08-21return 204 NO CONTENT on API logoutAzul
That's the only meaningful response.
2013-08-21use the same login validations on sessions and usersAzul
The session ones were outdated so valid usernames could not login if they contained a '.' Refactored so both models use the same module for this validation to ensure consistency.
2013-08-21also test updating the user password in python against dev.bmAzul
2013-08-21integration test updating users passwordAzul
2013-08-20Tweak to parameters to fix wrong-number-of-arguments error blocking other work.jessib
2013-08-19Change JS warning message per https://leap.se/code/issues/3492jessib
Key must end in _html so the html doesn't get escaped.
2013-08-15Some notes on tests that don't work. (Failing tests are skipped though.)jessib
2013-08-15Merge pull request #66 from jessib/feature/comment_creation_accessazul
Per ISEC informational issue, manually set the private property only in ...
2013-08-13Option to disable billing engine and hide billing related links. To actual ↵jessib
disable, must remove billing engine from Gemfile (and re-bundle)
2013-08-13Fix this, so the comment will get set to false in cases where the user isn't ↵jessib
an admin.
2013-08-12Remove broken test.jessib
2013-08-12Merge pull request #2 from azul/feature/billing-with-passing-testsjessib
fix billing tests to use user id with customer resources
2013-08-12Per ISEC informational issue, manually set the private property only in ↵jessib
cases where it is an admin who set it.
2013-08-12more integration tests for billingAzul
2013-08-09fix billing tests to use user id with customer resourcesAzul
I think this is very confusing and should be changed to: resource :users do |user| user.resource :customer end
2013-08-08Merge pull request #1 from azul/braintree_conf_from_filejessib
Read Braintree config from file
2013-08-08Merge pull request #64 from azul/feature/identity-rewritejessib
Feature/identity rewrite
2013-08-08Still a bit hacky, but catching some more corner cases as far as setting the ↵jessib
user variable, due to complication that an admin might be accessing data for another user.
2013-08-08read braintree configuration from config/config.ymlAzul
This can be set per environment and also is not tracked in git
2013-08-08Merge branch 'bugfix/3410-close-srp-vulnerablility'Azul