summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-04-08Merge pull request #39 from azul/feature/keep-session-secretjessib
fetch secret token for signing cookies from config
2013-04-08Merge pull request #38 from azul/feature/meainingful_couch_errorjessib
catch Errno's and RestClient errors and throw a more meaningful error
2013-04-08Merge pull request #41 from azul/feature/allow-getting-saltjessib
Allow getting salt and proper error messages for invalid login attempts
2013-04-05Merge pull request #42 from azul/bugfix/fix-migration-requiring-active-recordazul
make sure only our own models are loaded
2013-04-05make sure only our own models are loadedAzul
This is just a quick hack. we should move all engines to a dir of their own.
2013-04-03make sure user tests also run when run from users subdirAzul
* The APP_CONFIG needs to be initialized in core so that is required from other engines * paths for load_views need to be relative to the model - not to rails root.
2013-04-03fixed tests to use setup and teardown blocksAzul
2013-04-02send more meaningful error message on completely failed login attemptAzul
2013-04-02send salt on Session#create without srp ephemeral AAzul
2013-03-15fetch secret token for signing cookies from configAzul
2013-03-14catch Errno's and RestClient errors and throw a more meaningful couchrest errorAzul
2013-03-14Merge pull request #37 from azul/feature/migration-flowazul
Migration flow for couch db
2013-03-06updated deploy documentationAzul
INSTALL is mostly for development and we do not include couch security advices in there
2013-03-06simulate couch migration workflow on travisAzul
* first setup couch similar to what we'll have on the platform * then run migrations as admin * then drop admin privileges * then proceed with the normal test script
2013-03-06setup user and restrict db accessAzul
2013-03-06create sessions db - it's not a CouchRest Model db.Azul
2013-03-06make sure couchrest actually finds our models in the enginesAzul
2013-03-06restrict couch access to adminAzul
2013-03-06no auto update - migrate the couch beforeAzul
2013-03-06certs - changed the logic of free/paid certs to be limited/unlimited.elijah
2013-03-05Merge pull request #36 from leapcode/feature/limit_user_leakjessib
When attempting to login, the error messages should not leak information...
2013-03-05Merge branch 'master' into feature/limit_user_leakAzul
Conflicts: users/lib/warden/strategies/secure_remote_password.rb
2013-03-05minor: fixed logout linkAzul
2013-03-04Update tests and documentation to reflect changed error messages with ↵jessib
incorrect username or password on login attempt.
2013-03-04make api test script work with bitmask and print logAzul
2013-03-01Merge pull request #32 from azul/feature/api-version-1-fixesazul
Feature: API version 1 fixes
2013-03-01Merge pull request #35 from azul/feature/update-install-instructionsazul
use binstubs to make sure we use the right rails version
2013-02-28When attempting to login, the error messages should not leak information ↵jessib
about whether a username is valid. This also means the error message is more appropriate if somebody tries to login with somebody else's username and their password.
2013-02-28Merge pull request #34 from leapcode/feature/limit_usernamesjessib
Feature/limit usernames to specific formats, and give specific error messages
2013-02-28Have specific error messages for usernames with incorrect formats.jessib
Signed-off-by: jessib <jessib@leap.se>
2013-02-28use binstubs to make sure we use the right rails versionAzul
2013-02-27change free cert postfix to be a prefix (this is required for how openvpn ↵elijah
does common name matching)
2013-02-27seperated troubleshoot from installAzul
2013-02-27use debugger for ruby 1.9 - not supporting 1.8.7 anymoreAzul
ruby-debug breaks with 1.9 debugger breaks with 1.8.7
2013-02-27added TL;DR - fixed some issues with documentationAzul
* using ruby 1.9.3 now * not using leap_ca anymore
2013-02-26Merge branch 'master' into feature/limit_usernamesjessib
2013-02-26Change to language for when updating username/password.jessib
2013-02-26Changes to valid format for usernames.jessib
2013-02-26Not using secure random, at least now, as using the couchrest ID as the code ↵jessib
for unauthenticated ticket access.
2013-02-26Merge pull request #28 from leapcode/feature/change_loginjessib
Feature/change login
2013-02-26Merge pull request #27 from leapcode/feature/free-certsazul
Enable free certs
2013-02-26minor: using ?: operator for cert postfixAzul
2013-02-26api for sessions fixedAzul
* now we return the user id on login * allow a destroy request for logging out * added test for api sessions controller
2013-02-26git ignore binstubsAzul
2013-02-25Admins cannot update a user. Eventually we will want to allow admins to ↵jessib
update some user fields.
2013-02-25Slight refactoring of partialsjessib
2013-02-25Add hint that password change is optionaljessib
2013-02-25tests refactored with with_config helperAzul
also added test for getting paid certs if free certs are disabled
2013-02-25added configuration setting for disabling free certsAzul
2013-02-25enable free certs with a common name postfixAzul