summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-11-07Merge branch '8800-hand-out-configs-json-without-authentication' into 'master'azul
feat: allow unauthenticated access to list of configs Closes #8800 See merge request leap/webapp!45
2017-10-24Merge branch '8801-500-on-lynx' into 'master'azul
fix: sanity checks on user params Closes #8801 See merge request leap/webapp!50
2017-10-24fix: sanity checks on user paramsAzul
fixes #8801 Includes a test reproducing 500 on lynx We now make use of ActionController::Parameters require and permit methods.
2017-10-24Merge branch 'bugfix/8807-cleanup-tmp-invites' into 'master'azul
Bugfix/8807 cleanup tmp invites Closes #8807 See merge request leap/webapp!49
2017-10-24refactor: instance method create for Account.createAzul
This simplifies returning the user while still working on it a lot. Much cleaner than all these return user statements. There's a lot more to refactor here. For example delegating methods to user etc. ... but for now this should suffice. Don't want to break this in a bugfix release.
2017-10-24fix: also remove invite codes used for tmp usersAzul
fixes #8807
2017-10-21Version 0.9.2 - bugfixes and invite code tweaks0.9.2Azul
Bugfix release for 0.9: * pin to the newest psych gem * remove better_errors gem * fix login error message with non en locales Features: * destroy invites used to create test accounts * sort invite codes by last update
2017-10-21Merge branch 'feat/8806-sort-invite-codes' into 'master'azul
feat: sort invite codes by last update Closes #8806 See merge request leap/webapp!48
2017-10-17feat: sort invite codes by last updateAzul
They used to be sorted by the code which was not helpful fixes #8806 requires deploy of new design docs to the platform
2017-10-17Merge branch 'bugfix/8804-destroy-invites' into 'master'azul
fix: destroy invites used to create test accounts See merge request leap/webapp!47
2017-10-17fix: destroy invites used to create test accountsAzul
Production instances are getting cluttered with invites from test accounts. Instead of marking them as used we will now completely remove them. refers to #8804 refers to #8807\
2017-10-16Merge branch 'bugfix/8805-failed-login-with-locale' into 'master'azul
fix: login error message with locale set Closes #8805 See merge request leap/webapp!46
2017-10-16fix: login error message with locale setAzul
On a failed login the warden failure app gets called. Some of the params are changed accordingly but controller and action remain. set_locale would detect there was no locale in the path and thus attempt to redirect. However the params still belong to the previous request which was a POST to Api::SessionsController. This route does not respond to get requests and so it would trigger a 404 in production and a 500 in development. This commit prevents set_locale to act upon warden failure app controller calls by adding /new to the list of `NON_LOCALE_PATHS`. (The path is updated by warden to the name of the action called in the failure app). A test is included in this commit that tries to login with an invalid username, password combination and a german locale set. fixes #8805
2017-09-11feat: allow unauthenticated access to list of configsAzul
This should simplify client code significantly according to platform#8849
2017-09-08Merge remote-tracking branch 'origin/master' into masterAzul
2017-09-08Merge branch 'bugfix/psych' into 'master'azul
pin to the newest psych gem, so as to not hit bugs in older versions (required by faker) See merge request !44
2017-08-17bugfix: remove better_errors gemelijah
it is currently incompatible with haml
2017-08-15remove merge cruftelijah
2017-08-15use i18n for login testelijah
2017-08-14pin to the newest psych gem, so as to not hit bugs in older versions ↵elijah
(required by faker)
2017-08-07Version 0.9.1 - bugfixes0.9.1Azul
Plain bugfix release for 0.9: * prevent token conflicts * custom: fix stylesheet customization * fix: set token in forms correctly
2017-08-07cleanup: Revert accidental favicon changeAzul
2017-08-07Merge branch 'fix/token-conflict' into 'master'azul
prevent token conflicts Closes #8792 See merge request !42
2017-08-07prevent token conflictsAzul
2017-07-26Merge branch 'fix/sass-load-path' into 'master'azul
Fix/sass load path Closes #8794 See merge request !40
2017-07-26custom: fix stylesheet customizationAzul
fixes #8794 Reported the underlying issue here: https://github.com/rails/sass-rails/issues/406 Basically `@import` works like this: * look for the file relative to the current file * look for the file as an absolute path following the priorities in the * asset load_paths If the file can be imported as a relative path that will take precedence. So in order to pick up the head and tails inside customization rather than in app/assets there are three possibilities: 1) use an absolute path. This is not as easy as it seems. There is no way of indicating a path is meant to be absolute so we would have to ensure it does not resolve to a relative path. 2) have a application.scss file inside the customization folder. Since this is the main file it will be used instead of the app/assets one. In there relative paths will now also default to the customization folder rather than app/assets. Once we are in an app/assets file though it will not go back to picking up customization with relative paths 3) use //= require instead of import. rails-sass advices against this as each required file would be compiled on it's own and variables could not be shared. Going with option 1 here: ```scss // application.scss: @import "custom/head_import"; ``` ```scss // custom/head_import.scss: @import "head"; ``` As long as there is no custom/head.scss in app/assets it will import head as an absolute path and thus prefer config/custom over app/assets. This seems like the best option for now as it does not require changes to the deployments.
2017-07-26Revert "fix: make customization available to sass"Azul
This reverts commit cc95bb27e873dc6140f9a909a57f075a0ef2f387.
2017-07-25Merge branch 'fix/sass-load-path' into 'master'azul
fix: make customization available to sass Closes #8793 See merge request !39
2017-07-25fix: make customization available to sassAzul
Somehow sass did not follow the rails assets path order. Therefore the default tail.scss would stay in effect even when there was a different tail.scss in the customization folder. Adding the customization stylesheet folder to the sass load_paths works around this for now. Still need to check if it works in production though.
2017-04-21Merge branch 'test/gitlab-artifacts' into 'master' azul
ci: logs and debug files as artifacts See merge request !38
2017-04-21ci: logs and debug files as artifactsAzul
2017-04-20Merge branch 'bugfix/8784-import-pgp-key' into 'master' azul
fix: set token in forms correctly Closes #8784 See merge request !37
2017-04-20fix: set token in forms correctlyAzul
We now use the hash of the token for comparison and as the id. In order to use it you need the original token though. So forms and thus the session should have token.to_s rather than token.id.
2017-04-03Version 0.9.0 - twitter, rails 4 and deprecations0.9.0Azul
This release features a great contribution from the Rails Girls Summer of Code: The landing page of the webapp can now include a twitter feed to display news from the provider. Other than that this is a maintainance and transition release. * Twitter feed on main page (thanks theaamanda and lilaluca). * upgrade to rails 4.2 * upgrade to bootstrap 3 Upgrading: * We now use rails 4's `secret_key_base`. Please make sure to supply it in config/config.yml for production environments. If you are using the leap platform that will already take care of it. Deprecations: * We have not seen any active use of the **billing** functionality. So we deprecate it and will probably drop it in one of the next releases. * We will replace the user facing **help desk** functionality with a single sign on mechanism to integrate with other help desk systems. We will maintain the endpoint to submit tickets and the ticket management in the admin interface. That way it should also be easy to create your own ticket submission form. * We deprecate the ability to **signup and login** directly through the webapp. We will remove it in the future for security reasons. Signup and Login should only happen through bitmask to prevent password phishing and js injections.
2017-04-03:Changes: update changelog to reflect deprecationsAzul
2017-04-03Merge branch 'fix/icons' into 'master' azul
fix: icons that were using the bootstrap 2 syntax Closes #27 See merge request !35
2017-04-03fix: icons that were using the bootstrap 2 syntaxAzul
2017-04-03Merge branch 'feature/clear-user' into 'master' azul
feature: delete user clearing username Closes #26 See merge request !34
2017-04-03feature: delete user clearing usernameAzul
2017-04-03Merge branch 'fix/error-display' into 'master' azul
Fix error display See merge request !33
2017-04-03fix: error message display in productionAzul
only use the <pre> tag if the response was a text message i.e. during dev errors. Use the alert-danger class of bootstrap 3 rather than alert-error.
2017-03-29fix: bring back wrapped signup button with cancelAzul
2017-03-27Merge branch 'ui/menu' into 'master' azul
fix: bootstrap 3 style of menus Closes #24 See merge request !32
2017-03-27fix: bootstrap 3 style of menusAzul
span10 now is .col-??-10. ul.unstyled now is ul.list-unstyled also leave out unnecessary li if billing is disabled.
2017-03-27Merge branch 'fix/bootstrap-3' into 'master' azul
Fix/bootstrap 3 See merge request !31
2017-03-27upgrade: simple_form to bootstrap 3Azul
* reran the simple form initializer. * wrapped submit buttons are now broken and need a fix. * disabled confirmation validation in client side validations as the error message always is attached to the wrong field.
2017-03-24fix: make use of client_side_validations in jsAzul
2017-03-24bugfix: client_side_validation load orderAzul
The Active::Model modules of client side validations only get included in CouchRest::Model::Base if the gems are loaded in the right order: * activemodel is required first so the modules to extend are present * client_side_validations is required next so its modules get included * couchrest_model is required last so it includes the enhanced modules. \
2017-03-23Merge branch 'fix/display-js-error-responses' into 'master' azul
fix: display error js responses in dev environment See merge request !30 github issue #231
2017-03-23fix: display error js responses in dev environmentAzul
Sometimes the dev environment will send back a plain text response. This causes the json parser to raise an exception and used to cause the browser not to display any error message. Now we dumpt the whole server response - which happes to also include the backtrace. A lot more useful than doing nothing. In production this should never happen as 500s get handled by the ExceptionApplication / our ErrorsController there.