summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-12-08upgrade: drop ruby 2.1 requirementdrop/ruby-2.1Azul
2017-12-08upgrade: bundle to latest that still supports ruby 2.1.5Azul
2017-12-04Version 0.9.3 - bugfixes0.9.3version/0.9Azul
* on invalid key upload respond with error and 422 response code * fix alternate email address dialogue * publish public key in webfinger * update translations from transifex * hand out config.json without auth * sanity checks on user params * cleanup temp invites from server tests so they do not clutter admin ui
2017-11-16Merge branch 'fix/8798-key-errors' into 'master'azul
Fix/8798 key errors Closes #8798 See merge request leap/webapp!54
2017-11-16fix: respond with error on invalid pgp keyAzul
We used to just ignore the key. Also separated the code for handling key updates from other user updates. This should eventually be moved to a different route. Mixing the two makes the implementation really hard.
2017-11-16minor: clean up account testAzul
also ensures that created user is cleaned up even if test fails
2017-11-13Merge branch 'fix/8796-alternate-email' into 'master'azul
fix: alternate email dialogue Closes #8796 See merge request leap/webapp!53
2017-11-13fix: alternate email dialogueAzul
fixes #8796 Cleaned up UserController#update earlier but missed that it was used to change fallback email addresses. Now it is back. This time including an integration test.
2017-11-08Merge branch 'fix/webfinger-key' into 'master'azul
fix #8010 - publish public key in webfinger Closes #8010 See merge request leap/webapp!52
2017-11-08fix #8010 - publish public key in webfingerAzul
we were simply referring to the wrong key. includes test
2017-11-08Merge branch 'i18n/update' into 'master'azul
i18n: update translations from transifex Closes #8797 See merge request leap/webapp!51
2017-11-08i18n: update translations from transifexAzul
2017-11-07Merge branch '8800-hand-out-configs-json-without-authentication' into 'master'azul
feat: allow unauthenticated access to list of configs Closes #8800 See merge request leap/webapp!45
2017-10-24Merge branch '8801-500-on-lynx' into 'master'azul
fix: sanity checks on user params Closes #8801 See merge request leap/webapp!50
2017-10-24fix: sanity checks on user paramsAzul
fixes #8801 Includes a test reproducing 500 on lynx We now make use of ActionController::Parameters require and permit methods.
2017-10-24Merge branch 'bugfix/8807-cleanup-tmp-invites' into 'master'azul
Bugfix/8807 cleanup tmp invites Closes #8807 See merge request leap/webapp!49
2017-10-24refactor: instance method create for Account.createAzul
This simplifies returning the user while still working on it a lot. Much cleaner than all these return user statements. There's a lot more to refactor here. For example delegating methods to user etc. ... but for now this should suffice. Don't want to break this in a bugfix release.
2017-10-24fix: also remove invite codes used for tmp usersAzul
fixes #8807
2017-10-21Version 0.9.2 - bugfixes and invite code tweaks0.9.2Azul
Bugfix release for 0.9: * pin to the newest psych gem * remove better_errors gem * fix login error message with non en locales Features: * destroy invites used to create test accounts * sort invite codes by last update
2017-10-21Merge branch 'feat/8806-sort-invite-codes' into 'master'azul
feat: sort invite codes by last update Closes #8806 See merge request leap/webapp!48
2017-10-17feat: sort invite codes by last updateAzul
They used to be sorted by the code which was not helpful fixes #8806 requires deploy of new design docs to the platform
2017-10-17Merge branch 'bugfix/8804-destroy-invites' into 'master'azul
fix: destroy invites used to create test accounts See merge request leap/webapp!47
2017-10-17fix: destroy invites used to create test accountsAzul
Production instances are getting cluttered with invites from test accounts. Instead of marking them as used we will now completely remove them. refers to #8804 refers to #8807\
2017-10-16Merge branch 'bugfix/8805-failed-login-with-locale' into 'master'azul
fix: login error message with locale set Closes #8805 See merge request leap/webapp!46
2017-10-16fix: login error message with locale setAzul
On a failed login the warden failure app gets called. Some of the params are changed accordingly but controller and action remain. set_locale would detect there was no locale in the path and thus attempt to redirect. However the params still belong to the previous request which was a POST to Api::SessionsController. This route does not respond to get requests and so it would trigger a 404 in production and a 500 in development. This commit prevents set_locale to act upon warden failure app controller calls by adding /new to the list of `NON_LOCALE_PATHS`. (The path is updated by warden to the name of the action called in the failure app). A test is included in this commit that tries to login with an invalid username, password combination and a german locale set. fixes #8805
2017-09-11feat: allow unauthenticated access to list of configsAzul
This should simplify client code significantly according to platform#8849
2017-09-08Merge remote-tracking branch 'origin/master' into masterAzul
2017-09-08Merge branch 'bugfix/psych' into 'master'azul
pin to the newest psych gem, so as to not hit bugs in older versions (required by faker) See merge request !44
2017-08-17bugfix: remove better_errors gemelijah
it is currently incompatible with haml
2017-08-15remove merge cruftelijah
2017-08-15use i18n for login testelijah
2017-08-14pin to the newest psych gem, so as to not hit bugs in older versions ↵elijah
(required by faker)
2017-08-07Version 0.9.1 - bugfixes0.9.1Azul
Plain bugfix release for 0.9: * prevent token conflicts * custom: fix stylesheet customization * fix: set token in forms correctly
2017-08-07cleanup: Revert accidental favicon changeAzul
2017-08-07Merge branch 'fix/token-conflict' into 'master'azul
prevent token conflicts Closes #8792 See merge request !42
2017-08-07prevent token conflictsAzul
2017-07-26Merge branch 'fix/sass-load-path' into 'master'azul
Fix/sass load path Closes #8794 See merge request !40
2017-07-26custom: fix stylesheet customizationAzul
fixes #8794 Reported the underlying issue here: https://github.com/rails/sass-rails/issues/406 Basically `@import` works like this: * look for the file relative to the current file * look for the file as an absolute path following the priorities in the * asset load_paths If the file can be imported as a relative path that will take precedence. So in order to pick up the head and tails inside customization rather than in app/assets there are three possibilities: 1) use an absolute path. This is not as easy as it seems. There is no way of indicating a path is meant to be absolute so we would have to ensure it does not resolve to a relative path. 2) have a application.scss file inside the customization folder. Since this is the main file it will be used instead of the app/assets one. In there relative paths will now also default to the customization folder rather than app/assets. Once we are in an app/assets file though it will not go back to picking up customization with relative paths 3) use //= require instead of import. rails-sass advices against this as each required file would be compiled on it's own and variables could not be shared. Going with option 1 here: ```scss // application.scss: @import "custom/head_import"; ``` ```scss // custom/head_import.scss: @import "head"; ``` As long as there is no custom/head.scss in app/assets it will import head as an absolute path and thus prefer config/custom over app/assets. This seems like the best option for now as it does not require changes to the deployments.
2017-07-26Revert "fix: make customization available to sass"Azul
This reverts commit cc95bb27e873dc6140f9a909a57f075a0ef2f387.
2017-07-25Merge branch 'fix/sass-load-path' into 'master'azul
fix: make customization available to sass Closes #8793 See merge request !39
2017-07-25fix: make customization available to sassAzul
Somehow sass did not follow the rails assets path order. Therefore the default tail.scss would stay in effect even when there was a different tail.scss in the customization folder. Adding the customization stylesheet folder to the sass load_paths works around this for now. Still need to check if it works in production though.
2017-04-21Merge branch 'test/gitlab-artifacts' into 'master' azul
ci: logs and debug files as artifacts See merge request !38
2017-04-21ci: logs and debug files as artifactsAzul
2017-04-20Merge branch 'bugfix/8784-import-pgp-key' into 'master' azul
fix: set token in forms correctly Closes #8784 See merge request !37
2017-04-20fix: set token in forms correctlyAzul
We now use the hash of the token for comparison and as the id. In order to use it you need the original token though. So forms and thus the session should have token.to_s rather than token.id.
2017-04-03Version 0.9.0 - twitter, rails 4 and deprecations0.9.0Azul
This release features a great contribution from the Rails Girls Summer of Code: The landing page of the webapp can now include a twitter feed to display news from the provider. Other than that this is a maintainance and transition release. * Twitter feed on main page (thanks theaamanda and lilaluca). * upgrade to rails 4.2 * upgrade to bootstrap 3 Upgrading: * We now use rails 4's `secret_key_base`. Please make sure to supply it in config/config.yml for production environments. If you are using the leap platform that will already take care of it. Deprecations: * We have not seen any active use of the **billing** functionality. So we deprecate it and will probably drop it in one of the next releases. * We will replace the user facing **help desk** functionality with a single sign on mechanism to integrate with other help desk systems. We will maintain the endpoint to submit tickets and the ticket management in the admin interface. That way it should also be easy to create your own ticket submission form. * We deprecate the ability to **signup and login** directly through the webapp. We will remove it in the future for security reasons. Signup and Login should only happen through bitmask to prevent password phishing and js injections.
2017-04-03:Changes: update changelog to reflect deprecationsAzul
2017-04-03Merge branch 'fix/icons' into 'master' azul
fix: icons that were using the bootstrap 2 syntax Closes #27 See merge request !35
2017-04-03fix: icons that were using the bootstrap 2 syntaxAzul
2017-04-03Merge branch 'feature/clear-user' into 'master' azul
feature: delete user clearing username Closes #26 See merge request !34