summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-04-09adding initial viewAzul
2013-04-09return token on successful login via apiAzul
2013-04-09let's use safe ids instead of the default couch onesAzul
Couch uses partly random partly sequential ids by default. We could change that in couch config to be all random. But this is probably more safe.
2013-04-09initial token model and unit testAzul
2013-04-09added vim tempfiles to gitignoreAzul
2013-04-08Merge pull request #39 from azul/feature/keep-session-secretjessib
fetch secret token for signing cookies from config
2013-04-08Merge pull request #38 from azul/feature/meainingful_couch_errorjessib
catch Errno's and RestClient errors and throw a more meaningful error
2013-04-08Merge pull request #41 from azul/feature/allow-getting-saltjessib
Allow getting salt and proper error messages for invalid login attempts
2013-04-05Merge pull request #42 from azul/bugfix/fix-migration-requiring-active-recordazul
make sure only our own models are loaded
2013-04-05make sure only our own models are loadedAzul
This is just a quick hack. we should move all engines to a dir of their own.
2013-04-03make sure user tests also run when run from users subdirAzul
* The APP_CONFIG needs to be initialized in core so that is required from other engines * paths for load_views need to be relative to the model - not to rails root.
2013-04-03fixed tests to use setup and teardown blocksAzul
2013-04-02send more meaningful error message on completely failed login attemptAzul
2013-04-02send salt on Session#create without srp ephemeral AAzul
2013-03-15fetch secret token for signing cookies from configAzul
2013-03-14catch Errno's and RestClient errors and throw a more meaningful couchrest errorAzul
2013-03-14Merge pull request #37 from azul/feature/migration-flowazul
Migration flow for couch db
2013-03-06updated deploy documentationAzul
INSTALL is mostly for development and we do not include couch security advices in there
2013-03-06simulate couch migration workflow on travisAzul
* first setup couch similar to what we'll have on the platform * then run migrations as admin * then drop admin privileges * then proceed with the normal test script
2013-03-06setup user and restrict db accessAzul
2013-03-06create sessions db - it's not a CouchRest Model db.Azul
2013-03-06make sure couchrest actually finds our models in the enginesAzul
2013-03-06restrict couch access to adminAzul
2013-03-06no auto update - migrate the couch beforeAzul
2013-03-06certs - changed the logic of free/paid certs to be limited/unlimited.elijah
2013-03-05Merge pull request #36 from leapcode/feature/limit_user_leakjessib
When attempting to login, the error messages should not leak information...
2013-03-05Merge branch 'master' into feature/limit_user_leakAzul
Conflicts: users/lib/warden/strategies/secure_remote_password.rb
2013-03-05minor: fixed logout linkAzul
2013-03-04Update tests and documentation to reflect changed error messages with ↵jessib
incorrect username or password on login attempt.
2013-03-04make api test script work with bitmask and print logAzul
2013-03-01Merge pull request #32 from azul/feature/api-version-1-fixesazul
Feature: API version 1 fixes
2013-03-01Merge pull request #35 from azul/feature/update-install-instructionsazul
use binstubs to make sure we use the right rails version
2013-02-28When attempting to login, the error messages should not leak information ↵jessib
about whether a username is valid. This also means the error message is more appropriate if somebody tries to login with somebody else's username and their password.
2013-02-28Merge pull request #34 from leapcode/feature/limit_usernamesjessib
Feature/limit usernames to specific formats, and give specific error messages
2013-02-28Have specific error messages for usernames with incorrect formats.jessib
Signed-off-by: jessib <jessib@leap.se>
2013-02-28use binstubs to make sure we use the right rails versionAzul
2013-02-27change free cert postfix to be a prefix (this is required for how openvpn ↵elijah
does common name matching)
2013-02-27seperated troubleshoot from installAzul
2013-02-27use debugger for ruby 1.9 - not supporting 1.8.7 anymoreAzul
ruby-debug breaks with 1.9 debugger breaks with 1.8.7
2013-02-27added TL;DR - fixed some issues with documentationAzul
* using ruby 1.9.3 now * not using leap_ca anymore
2013-02-26Merge branch 'master' into feature/limit_usernamesjessib
2013-02-26Change to language for when updating username/password.jessib
2013-02-26Changes to valid format for usernames.jessib
2013-02-26Not using secure random, at least now, as using the couchrest ID as the code ↵jessib
for unauthenticated ticket access.
2013-02-26Merge pull request #28 from leapcode/feature/change_loginjessib
Feature/change login
2013-02-26Merge pull request #27 from leapcode/feature/free-certsazul
Enable free certs
2013-02-26minor: using ?: operator for cert postfixAzul
2013-02-26api for sessions fixedAzul
* now we return the user id on login * allow a destroy request for logging out * added test for api sessions controller
2013-02-26git ignore binstubsAzul
2013-02-25Admins cannot update a user. Eventually we will want to allow admins to ↵jessib
update some user fields.