Age | Commit message (Collapse) | Author |
|
We are deprecating webapp based signup. It leads to an
inconsistent state for mail providers and offers no useful
interactions for vpn providers either.
Instead of trying to deal with the halve way signup through
the webapp we require signup through bitmask app which can
also create the pgp keys for email and download and use the
cert for vpn.
In addition this reduces the attack surface for js injection,
phishing and other browser based attacks.
For now we still keep the signup form in case providers link
to it directly. We also keep all the tests based on it. Cleanup
will happen right after 0.10.0 release.
|
|
Fix/sass load path
Closes #8794
See merge request !40
|
|
fixes #8794
Reported the underlying issue here:
https://github.com/rails/sass-rails/issues/406
Basically `@import` works like this:
* look for the file relative to the current file
* look for the file as an absolute path following the priorities in the
* asset load_paths
If the file can be imported as a relative path that will take
precedence.
So in order to pick up the head and tails inside customization rather
than in app/assets there are three possibilities:
1) use an absolute path. This is not as easy as it seems. There is no
way of indicating a path is meant to be absolute so we would have to
ensure it does not resolve to a relative path.
2) have a application.scss file inside the customization folder. Since
this is the main file it will be used instead of the app/assets one. In
there relative paths will now also default to the customization folder
rather than app/assets. Once we are in an app/assets file though it will
not go back to picking up customization with relative paths
3) use //= require instead of import. rails-sass advices against this as
each required file would be compiled on it's own and variables could not
be shared.
Going with option 1 here:
```scss
// application.scss:
@import "custom/head_import";
```
```scss
// custom/head_import.scss:
@import "head";
```
As long as there is no custom/head.scss in app/assets it will import
head as an absolute path and thus prefer config/custom over app/assets.
This seems like the best option for now as it does not require changes
to the deployments.
|
|
This reverts commit cc95bb27e873dc6140f9a909a57f075a0ef2f387.
|
|
fix: make customization available to sass
Closes #8793
See merge request !39
|
|
Somehow sass did not follow the rails assets path order.
Therefore the default tail.scss would stay in effect even when
there was a different tail.scss in the customization folder.
Adding the customization stylesheet folder to the sass load_paths
works around this for now. Still need to check if it works in
production though.
|
|
ci: logs and debug files as artifacts
See merge request !38
|
|
|
|
fix: set token in forms correctly
Closes #8784
See merge request !37
|
|
We now use the hash of the token for comparison and as the id.
In order to use it you need the original token though. So forms and
thus the session should have token.to_s rather than token.id.
|
|
This release features a great contribution from the Rails Girls Summer of Code:
The landing page of the webapp can now include a twitter feed to display
news from the provider.
Other than that this is a maintainance and transition release.
* Twitter feed on main page (thanks theaamanda and lilaluca).
* upgrade to rails 4.2
* upgrade to bootstrap 3
Upgrading:
* We now use rails 4's `secret_key_base`. Please make sure to supply it
in config/config.yml for production environments. If you are using the
leap platform that will already take care of it.
Deprecations:
* We have not seen any active use of the **billing** functionality.
So we deprecate it and will probably drop it in one of the next releases.
* We will replace the user facing **help desk** functionality with a single
sign on mechanism to integrate with other help desk systems.
We will maintain the endpoint to submit tickets and the ticket management
in the admin interface. That way it should also be easy to create your own
ticket submission form.
* We deprecate the ability to **signup and login** directly through the webapp.
We will remove it in the future for security reasons. Signup and Login should
only happen through bitmask to prevent password phishing and js injections.
|
|
|
|
fix: icons that were using the bootstrap 2 syntax
Closes #27
See merge request !35
|
|
|
|
feature: delete user clearing username
Closes #26
See merge request !34
|
|
|
|
Fix error display
See merge request !33
|
|
only use the <pre> tag if the response was a text message i.e. during dev errors.
Use the alert-danger class of bootstrap 3 rather than alert-error.
|
|
|
|
fix: bootstrap 3 style of menus
Closes #24
See merge request !32
|
|
span10 now is .col-??-10.
ul.unstyled now is ul.list-unstyled
also leave out unnecessary li if billing is disabled.
|
|
Fix/bootstrap 3
See merge request !31
|
|
* reran the simple form initializer.
* wrapped submit buttons are now broken and need a fix.
* disabled confirmation validation in client side validations as the
error message always is attached to the wrong field.
|
|
|
|
The Active::Model modules of client side validations only get included
in CouchRest::Model::Base if the gems are loaded in the right order:
* activemodel is required first so the modules to extend are present
* client_side_validations is required next so its modules get included
* couchrest_model is required last so it includes the enhanced modules.
\
|
|
fix: display error js responses in dev environment
See merge request !30
github issue #231
|
|
Sometimes the dev environment will send back a plain text response.
This causes the json parser to raise an exception and used to cause
the browser not to display any error message.
Now we dumpt the whole server response - which happes to also include the
backtrace. A lot more useful than doing nothing.
In production this should never happen as 500s get handled by the
ExceptionApplication / our ErrorsController there.
|
|
cleanup: no more submodules
See merge request !29
|
|
|
|
Install/subrepos
See merge request !28
Fixes github issue #238
|
|
subrepo:
subdir: "app/assets/javascripts/srp"
merged: "9e1a417"
upstream:
origin: "https://leap.se/git/srp_js"
branch: "master"
commit: "9e1a417"
git-subrepo:
version: "0.3.1"
origin: "https://github.com/ingydotnet/git-subrepo"
commit: "a7ee886"
|
|
|
|
fix: keep ticket submit button clickable
See merge request !27
|
|
It was marked as submitted even when client side validations interfered.
fixes github issue #227
|
|
bugfix: handle couch 404s
See merge request !26
|
|
our special error handler for json requests would turn all exceptions
into 500s - removed it. now the rescue_responses can do their thing
again.
|
|
upgrade: use rails4s 'secret_key_base'
Closes #23
See merge request !24
|
|
test: also test ruby 2.3
Closes #21
See merge request !25
|
|
This will get us encrypted cookies but also requires changes to the platform.
fixes #23
|
|
|
|
bugfixing for generating token script
|
|
upgrade: bundle
Closes #13
See merge request !23
|
|
update all the dependencies.
minitest now wants assert_nil instead of assert_equal nil, ...
braintree now uses update_attributes rather than save.
|
|
upgrade: rails4.2 deprecated deliver -> deliver now
Closes #16
See merge request !22
|
|
fixes #16
|
|
test: admin user api always green
Closes #17
See merge request !21
|
|
Used to fail because the record already existed in the database
fixes #17
|
|
fix: 404 on key request with non html content-type
Closes #8
See merge request !20
|
|
|
|
fix: 404 for missing pages template - fixes #9
Closes #9
See merge request !19
|