summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-08-13Fix this, so the comment will get set to false in cases where the user isn't ↵jessib
an admin.
2013-08-12Per ISEC informational issue, manually set the private property only in ↵jessib
cases where it is an admin who set it.
2013-08-08Merge pull request #64 from azul/feature/identity-rewritejessib
Feature/identity rewrite
2013-08-08Merge branch 'bugfix/3410-close-srp-vulnerablility'Azul
2013-08-08close srp vulnerability and report error in webappAzul
2013-08-07integration test exploiting srp vulnerabilityAzul
2013-07-31added empty 'home' layout and removed debugger from homecontrollerelijah
2013-07-24also destroy the identity for a test user during teardownAzul
2013-07-24keeping the pgp_key accessors for User so views still workAzul
2013-07-24separate signup and settings service objects for userAzul
2013-07-24removed email settings controller and viewsAzul
PGP setting has been moved into account settings. It's using the API now issueing an Ajax request without any visual feedback. This obviously is not what we want but it hopefully suffices for uploading gpg keys for testing purposes before the Identity UI is in place.
2013-07-24setter for keys for dirty tracking, more robust testsAzul
Just altering identity.keys did not mark identities as changed. Also we now have a sane default for keys.
2013-07-24test user validates uniqueness of login amongst aliasesAzul
2013-07-24no need for a remote email classAzul
2013-07-24support deprecated API to set users main identity pgp keyAzul
We'll want to get rid of the #public_key and #public_key= functions but they are still used from the users controller. We'll probably have an identity controller instead at some point.
2013-07-24remove email aliases test - we'll move them to identitiesAzul
2013-07-24add keys to identityAzul
2013-07-24remove the remainders of email aliases and forward from userAzul
2013-07-24allow available and unique forwards onlyAzul
2013-07-24validations of email format and local domain moved overAzul
2013-07-24local email adds domain if neededAzul
2013-07-24testing all versions of emial identities, emails are now stringsAzul
2013-07-24move identity creation into user classAzul
It's always based on a user and most default values are based on user properties.
2013-07-24first take on identity model - still brokenAzul
2013-07-17Merge pull request #63 from azul/bugfix/3201-fix-empty-config-errorazul
Fix breakage due to empty config file for a given env
2013-07-17Fix breakage due to empty config file for a given envAzul
2013-07-16Merge pull request #60 from azul/bugfix/srp-fix-for-zeroprefixed-hashesjessib
Bugfix/srp fix for zeroprefixed hashes
2013-07-16adapt srp account_flow test for the api to new ruby_srp APIAzul
2013-07-16ensure the page has been reloaded before testing current_pathAzul
This test would fail sometimes on assert_equal '/', current_path I believe it was a timing issue. page.has_content? will wait for the content to show up. So afterwards the current_path should always be correct.
2013-07-16to move to the next iteration use continue in js.Azul
2013-07-16use ruby-srp 0.2.0 which has a hex based apiAzul
2013-07-16prevent _ prefixes for couchDB document idsAzul
2013-07-15Merge pull request #58 from elijh/bugfix/securityjessib
fix misc security related bugs
2013-07-15require test_helper from account test so it can be run in isolationAzul
2013-07-14remove freeze on APP_CONFIG for nowelijah
2013-07-14make sure capybara runs the whole rack appAzul
We use port 3003 for the integration test server. This test takes a few seconds (~8) now. Most of this is startup time of the server. A second run still takes 2 seconds like before.
2013-07-14we do not expose M2 in srp.js anymore.Azul
So there is no way to print it. This message used to be correct but there are also other things that can cause this to fail now. So let's just remove it.
2013-07-14js integration test for signup, login, logoutAzul
2013-07-12remove test for duplicate login - we'll prevent that on the client sideAzul
SRP happens in two steps: * handshake * validation During the validation we delete the handshake data from the session. So a second validation does not really work. It could build upon the first one but it would not be able to send M2 to the client. So instead of trying to do sth. usefull when two validation requests are send we require the client to only send one.
2013-07-12print debug info on failed login attemptsAzul
2013-07-12Merge pull request #49 from azul/test/print-couchdb-version-on-travisazul
print couch version in test couch setup
2013-07-11add header to prevent iframeselijah
2013-07-11set no-cache headers in the responseelijah
2013-07-11config - add force_ssl to config, add configuration notes to README.mdelijah
2013-07-11fix incorrect calling of tickets_pathelijah
2013-07-11fix failing testselijah
2013-07-11Slight tweak in case we get back the default response to warden's fail!, ↵jessib
which is not an enumerable.
2013-07-11Slight cleanup due to some emacs annoyances.jessib
2013-07-11Clear authentication errors before displaying new ones.jessib
2013-07-11Merge branch 'master' into feature/authentication_generic_errorjessib