Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-04-09 | let's use safe ids instead of the default couch ones | Azul | |
Couch uses partly random partly sequential ids by default. We could change that in couch config to be all random. But this is probably more safe. | |||
2013-04-09 | initial token model and unit test | Azul | |
2013-04-09 | added vim tempfiles to gitignore | Azul | |
2013-04-08 | Merge pull request #39 from azul/feature/keep-session-secret | jessib | |
fetch secret token for signing cookies from config | |||
2013-04-08 | Merge pull request #38 from azul/feature/meainingful_couch_error | jessib | |
catch Errno's and RestClient errors and throw a more meaningful error | |||
2013-04-08 | Merge pull request #41 from azul/feature/allow-getting-salt | jessib | |
Allow getting salt and proper error messages for invalid login attempts | |||
2013-04-05 | Merge pull request #42 from azul/bugfix/fix-migration-requiring-active-record | azul | |
make sure only our own models are loaded | |||
2013-04-05 | make sure only our own models are loaded | Azul | |
This is just a quick hack. we should move all engines to a dir of their own. | |||
2013-04-03 | make sure user tests also run when run from users subdir | Azul | |
* The APP_CONFIG needs to be initialized in core so that is required from other engines * paths for load_views need to be relative to the model - not to rails root. | |||
2013-04-03 | fixed tests to use setup and teardown blocks | Azul | |
2013-04-02 | send more meaningful error message on completely failed login attempt | Azul | |
2013-04-02 | send salt on Session#create without srp ephemeral A | Azul | |
2013-03-15 | fetch secret token for signing cookies from config | Azul | |
2013-03-14 | catch Errno's and RestClient errors and throw a more meaningful couchrest error | Azul | |
2013-03-14 | Merge pull request #37 from azul/feature/migration-flow | azul | |
Migration flow for couch db | |||
2013-03-06 | updated deploy documentation | Azul | |
INSTALL is mostly for development and we do not include couch security advices in there | |||
2013-03-06 | simulate couch migration workflow on travis | Azul | |
* first setup couch similar to what we'll have on the platform * then run migrations as admin * then drop admin privileges * then proceed with the normal test script | |||
2013-03-06 | setup user and restrict db access | Azul | |
2013-03-06 | create sessions db - it's not a CouchRest Model db. | Azul | |
2013-03-06 | make sure couchrest actually finds our models in the engines | Azul | |
2013-03-06 | restrict couch access to admin | Azul | |
2013-03-06 | no auto update - migrate the couch before | Azul | |
2013-03-06 | certs - changed the logic of free/paid certs to be limited/unlimited. | elijah | |
2013-03-05 | Merge pull request #36 from leapcode/feature/limit_user_leak | jessib | |
When attempting to login, the error messages should not leak information... | |||
2013-03-05 | Merge branch 'master' into feature/limit_user_leak | Azul | |
Conflicts: users/lib/warden/strategies/secure_remote_password.rb | |||
2013-03-05 | minor: fixed logout link | Azul | |
2013-03-04 | Update tests and documentation to reflect changed error messages with ↵ | jessib | |
incorrect username or password on login attempt. | |||
2013-03-04 | make api test script work with bitmask and print log | Azul | |
2013-03-01 | Merge pull request #32 from azul/feature/api-version-1-fixes | azul | |
Feature: API version 1 fixes | |||
2013-03-01 | Merge pull request #35 from azul/feature/update-install-instructions | azul | |
use binstubs to make sure we use the right rails version | |||
2013-02-28 | When attempting to login, the error messages should not leak information ↵ | jessib | |
about whether a username is valid. This also means the error message is more appropriate if somebody tries to login with somebody else's username and their password. | |||
2013-02-28 | Merge pull request #34 from leapcode/feature/limit_usernames | jessib | |
Feature/limit usernames to specific formats, and give specific error messages | |||
2013-02-28 | Have specific error messages for usernames with incorrect formats. | jessib | |
Signed-off-by: jessib <jessib@leap.se> | |||
2013-02-28 | use binstubs to make sure we use the right rails version | Azul | |
2013-02-27 | change free cert postfix to be a prefix (this is required for how openvpn ↵ | elijah | |
does common name matching) | |||
2013-02-27 | seperated troubleshoot from install | Azul | |
2013-02-27 | use debugger for ruby 1.9 - not supporting 1.8.7 anymore | Azul | |
ruby-debug breaks with 1.9 debugger breaks with 1.8.7 | |||
2013-02-27 | added TL;DR - fixed some issues with documentation | Azul | |
* using ruby 1.9.3 now * not using leap_ca anymore | |||
2013-02-26 | Merge branch 'master' into feature/limit_usernames | jessib | |
2013-02-26 | Change to language for when updating username/password. | jessib | |
2013-02-26 | Changes to valid format for usernames. | jessib | |
2013-02-26 | Not using secure random, at least now, as using the couchrest ID as the code ↵ | jessib | |
for unauthenticated ticket access. | |||
2013-02-26 | Merge pull request #28 from leapcode/feature/change_login | jessib | |
Feature/change login | |||
2013-02-26 | Merge pull request #27 from leapcode/feature/free-certs | azul | |
Enable free certs | |||
2013-02-26 | minor: using ?: operator for cert postfix | Azul | |
2013-02-26 | api for sessions fixed | Azul | |
* now we return the user id on login * allow a destroy request for logging out * added test for api sessions controller | |||
2013-02-26 | git ignore binstubs | Azul | |
2013-02-25 | Admins cannot update a user. Eventually we will want to allow admins to ↵ | jessib | |
update some user fields. | |||
2013-02-25 | Slight refactoring of partials | jessib | |
2013-02-25 | Add hint that password change is optional | jessib | |