summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-08-27basic testing for token based auth in testsAzul
2013-08-27first steps towards enabling token based authAzul
2013-08-27sort authentication controller extensionAzul
2013-08-27minor: remove puts lineAzul
2013-08-26add public/img and config/couchdb.yml.* to gitignoreAzul
[ci skip]
2013-08-22Disable billing for pull request.jessib
2013-08-22Some more billing cleanup.jessib
2013-08-22Merge pull request #69 from azul/bugfix/update_user_password_through_apijessib
Test updating user password through api
2013-08-22Merge pull request #70 from azul/bugfix/validate_login_like_signupjessib
use the same login validations on sessions and users
2013-08-21Merge remote-tracking branch 'jessib/js_warning'Azul
2013-08-21return 204 NO CONTENT on API logoutAzul
That's the only meaningful response.
2013-08-21use the same login validations on sessions and usersAzul
The session ones were outdated so valid usernames could not login if they contained a '.' Refactored so both models use the same module for this validation to ensure consistency.
2013-08-21also test updating the user password in python against dev.bmAzul
2013-08-21integration test updating users passwordAzul
2013-08-20Tweak to parameters to fix wrong-number-of-arguments error blocking other work.jessib
2013-08-19Change JS warning message per https://leap.se/code/issues/3492jessib
Key must end in _html so the html doesn't get escaped.
2013-08-15Some notes on tests that don't work. (Failing tests are skipped though.)jessib
2013-08-15Merge pull request #66 from jessib/feature/comment_creation_accessazul
Per ISEC informational issue, manually set the private property only in ...
2013-08-13Option to disable billing engine and hide billing related links. To actual ↵jessib
disable, must remove billing engine from Gemfile (and re-bundle)
2013-08-13Fix this, so the comment will get set to false in cases where the user isn't ↵jessib
an admin.
2013-08-12Remove broken test.jessib
2013-08-12Merge pull request #2 from azul/feature/billing-with-passing-testsjessib
fix billing tests to use user id with customer resources
2013-08-12Per ISEC informational issue, manually set the private property only in ↵jessib
cases where it is an admin who set it.
2013-08-12more integration tests for billingAzul
2013-08-09fix billing tests to use user id with customer resourcesAzul
I think this is very confusing and should be changed to: resource :users do |user| user.resource :customer end
2013-08-08Merge pull request #1 from azul/braintree_conf_from_filejessib
Read Braintree config from file
2013-08-08Merge pull request #64 from azul/feature/identity-rewritejessib
Feature/identity rewrite
2013-08-08Still a bit hacky, but catching some more corner cases as far as setting the ↵jessib
user variable, due to complication that an admin might be accessing data for another user.
2013-08-08read braintree configuration from config/config.ymlAzul
This can be set per environment and also is not tracked in git
2013-08-08Merge branch 'bugfix/3410-close-srp-vulnerablility'Azul
2013-08-08close srp vulnerability and report error in webappAzul
2013-08-07integration test exploiting srp vulnerabilityAzul
2013-08-06Some more tweaks to have billing code work, and allow admins to view but not ↵jessib
edit for other users.
2013-08-06Fix stupid typo.jessib
2013-08-01Start to functionality for admins viewing billing of other users.jessib
2013-08-01Merge branch 'master' into billing_with_testsjessib
Conflicts: app/views/home/index.html.haml
2013-07-31added empty 'home' layout and removed debugger from homecontrollerelijah
2013-07-25Have navigation link to new customer form if user is not already a braintree ↵jessib
customer.
2013-07-24also destroy the identity for a test user during teardownAzul
2013-07-24keeping the pgp_key accessors for User so views still workAzul
2013-07-24separate signup and settings service objects for userAzul
2013-07-24removed email settings controller and viewsAzul
PGP setting has been moved into account settings. It's using the API now issueing an Ajax request without any visual feedback. This obviously is not what we want but it hopefully suffices for uploading gpg keys for testing purposes before the Identity UI is in place.
2013-07-24setter for keys for dirty tracking, more robust testsAzul
Just altering identity.keys did not mark identities as changed. Also we now have a sane default for keys.
2013-07-24test user validates uniqueness of login amongst aliasesAzul
2013-07-24no need for a remote email classAzul
2013-07-24support deprecated API to set users main identity pgp keyAzul
We'll want to get rid of the #public_key and #public_key= functions but they are still used from the users controller. We'll probably have an identity controller instead at some point.
2013-07-24remove email aliases test - we'll move them to identitiesAzul
2013-07-24add keys to identityAzul
2013-07-24remove the remainders of email aliases and forward from userAzul
2013-07-24allow available and unique forwards onlyAzul