Age | Commit message (Collapse) | Author |
|
|
|
has not been run yet.
|
|
also test one can't login anymore after destroying the account.
|
|
This is mostly for cleaning up after tests so far. But we might expand this to destroy all identities disabled before a certain date.
|
|
|
|
This way the identity model defines how identities should be disabled. We currently still destroy them. But it will be easy and nicely isolated to change this next.
|
|
notify user their account was successfully deleted (refs #4216)
|
|
* reset button state from 'loading...' after failed login attempt
(#4231)
* use https sources in Gemfiles and documentation(#4109)
* include Gemfile.lock to prevent unintended updates (#4174)
* fixed download urls to get latest versions for mac, android and
windows
* test api login with umlauts in password
|
|
Currently it expects both the session and the token to be cleared. This might change. But we'll always have a definition of what it means to logout we can test this way.
|
|
Also fixes a cornercase when admins deleted their own account. So far they would be redirected to the users list - which then refused access. Now they'll be redirected to the home landing page as well.
|
|
|
|
reset button loading... state on error (#4231)
|
|
|
|
including test
refactored error display some
|
|
|
|
|
|
|
|
test login through the API using python with umlauts
|
|
|
|
|
|
I don't think we need to list the sources again in common_dependencies.rb
|
|
They did not point directly to the download.
|
|
We had a broken production server lately because it had upgraded the couchrest model dependency to one that had a different naming scheme for a function we overwrite. So that broke production.
Let's prevent that by including the Gemfile.lock in our repositories.
|
|
|
|
|
|
* detect os in browser and show proper download link (#4173)
* billing: admin can see past due subscriptions
* passwords with umlauts work when logging in after signing up with the
* client (#4002)
* blacklisting common system email addresses listed in RFC 2142 (#3602)
* blacklisting all usernames on the server (#3602)
* configurable blocking of logins in the configuration (#3602)
* require aliases to be all lower-case
* Only allow braintree one-off payments when unauthenticated, & call them 'donations'.
(#3796)
|
|
Make download links configurable
|
|
This way we won't have to redeploy once the new links to the windows and the android version are there.
Also this obviously offers more flexibility for providers.
|
|
Feature/billing past due subscriptions
|
|
|
|
blacklist system logins for aliases and logins
|
|
use latest version of srp_js to fix #4002
|
|
remove leftover from testing os specific sections
|
|
We blacklist based on three things:
* blacklist in APP_CONFIG[:handle_blacklist]
* emails in RFC 2142
* usernames in /etc/passwd
The latter two can be allowed by explicitly whitelisting them in APP_CONFIG[:handle_whitelist].
We stick to blocking names that have been configured as both blacklisted and whitelisted - better be save than sorry.
|
|
We were not encoding the srp password properly before. So umlauts in the password would cause the login procedure to fail.
|
|
|
|
subscription's balance.
|
|
detect os in browser and show proper download link
|
|
We add a class to the html element based on the detected os and use that to pick which download link should be visible.
If we detect an os that is not supported we display a deactivated download link instead with all alternatives.
|
|
pastdue subscription, as then admins won't be able to search for them.
|
|
|
|
|
|
Release/0.2.4
|
|
|
|
|
|
Fix couchrest model migrations to work with latest version
|
|
Also we now depend upon couchrest model ~> 2.0.0. The beta2 still has the old naming scheme for CouchRest::Model::Utils::Migrate
|
|
should prevent one from adding a new subscription.
|
|
customer in any way.
|
|
|