summaryrefslogtreecommitdiff
path: root/app/controllers/api
AgeCommit message (Collapse)Author
2017-11-16fix: respond with error on invalid pgp keyAzul
We used to just ignore the key. Also separated the code for handling key updates from other user updates. This should eventually be moved to a different route. Mixing the two makes the implementation really hard.
2017-11-07Merge branch '8800-hand-out-configs-json-without-authentication' into 'master'azul
feat: allow unauthenticated access to list of configs Closes #8800 See merge request leap/webapp!45
2017-10-24fix: sanity checks on user paramsAzul
fixes #8801 Includes a test reproducing 500 on lynx We now make use of ActionController::Parameters require and permit methods.
2017-09-11feat: allow unauthenticated access to list of configsAzul
This should simplify client code significantly according to platform#8849
2017-04-20fix: set token in forms correctlyAzul
We now use the hash of the token for comparison and as the id. In order to use it you need the original token though. So forms and thus the session should have token.to_s rather than token.id.
2016-08-19respond_to on a per controller basisAzul
If you inherit respond to and call it again in your controller it will not overwrite the previous but add to it. Since we always have some exceptions from the rules it's probably easiest to be explicit in the controllers that require it themselves.
2016-07-14[feature] restrict is_admin in the user api, to only allow queryingNavaL
for him/herself So that it we do not expose the is_admin property to anyone else including other admins.
2016-05-23rename destroy_identity to release_handlesAzul
This expresses the intent rather than the implementation. Also replace temp with query refactoring.
2016-05-18features for API version 2 - keep old onesAzul
Now we test both api versions. We want this for backwards compatibility.
2016-05-18api: allow version bumping - bump to 2Azul