summaryrefslogtreecommitdiff
path: root/app/controllers
AgeCommit message (Collapse)Author
2017-11-07Merge branch '8800-hand-out-configs-json-without-authentication' into 'master'azul
feat: allow unauthenticated access to list of configs Closes #8800 See merge request leap/webapp!45
2017-10-24fix: sanity checks on user paramsAzul
fixes #8801 Includes a test reproducing 500 on lynx We now make use of ActionController::Parameters require and permit methods.
2017-10-17feat: sort invite codes by last updateAzul
They used to be sorted by the code which was not helpful fixes #8806 requires deploy of new design docs to the platform
2017-10-16fix: login error message with locale setAzul
On a failed login the warden failure app gets called. Some of the params are changed accordingly but controller and action remain. set_locale would detect there was no locale in the path and thus attempt to redirect. However the params still belong to the previous request which was a POST to Api::SessionsController. This route does not respond to get requests and so it would trigger a 404 in production and a 500 in development. This commit prevents set_locale to act upon warden failure app controller calls by adding /new to the list of `NON_LOCALE_PATHS`. (The path is updated by warden to the name of the action called in the failure app). A test is included in this commit that tries to login with an invalid username, password combination and a german locale set. fixes #8805
2017-09-11feat: allow unauthenticated access to list of configsAzul
This should simplify client code significantly according to platform#8849
2017-04-20fix: set token in forms correctlyAzul
We now use the hash of the token for comparison and as the id. In order to use it you need the original token though. So forms and thus the session should have token.to_s rather than token.id.
2017-04-03feature: delete user clearing usernameAzul
2017-03-23bugfix: handle couch 404sAzul
our special error handler for json requests would turn all exceptions into 500s - removed it. now the rescue_responses can do their thing again.
2017-03-21fix: 404 on key request with non html content-typeAzul
2017-03-20fix: 404 for missing pages template - fixes #9Azul
2016-08-19respond_to on a per controller basisAzul
If you inherit respond to and call it again in your controller it will not overwrite the previous but add to it. Since we always have some exceptions from the rules it's probably easiest to be explicit in the controllers that require it themselves.
2016-08-17bugfix: send 406 if an unexpected format is asked forAzul
It used to run the action and then trigger a 500 because the template was not found. fixes !3 .
2016-07-14[feature] restrict is_admin in the user api, to only allow queryingNavaL
for him/herself So that it we do not expose the is_admin property to anyone else including other admins.
2016-05-23rename destroy_identity to release_handlesAzul
This expresses the intent rather than the implementation. Also replace temp with query refactoring.
2016-05-23move signup from users to account_controllerAzul
There was a lot of special case handling going on in the users_controller for this. Lot simpler this way.
2016-05-23cleanup: remove service level code from users_controllerAzul
There's no route to this right now and it also seems to be tested nowhere. Since i am about to split up the users_controller let's get rid of this and put it in the place we want it once we actually finish the implementation
2016-05-23restrict user_params in user_controllerAzul
Actually this should live in a service_level_controller. For now fix the security issue.
2016-05-18features for API version 2 - keep old onesAzul
Now we test both api versions. We want this for backwards compatibility.
2016-05-18api: allow version bumping - bump to 2Azul
2016-05-03use APP_CONFIG[config_file_paths] for provider.jsonAzul
This avoids overwriting the PROVIDER_JSON constant in the StaticConfigController and thus fixes test warnings. Also moved away from using instance variables in the ControllerExtension::JsonFile - instead querying the corresponding functions now - less sideeffects and easier stubbing.
2016-05-03fix failing unit and functional testsAzul
2016-05-02upgrade: {File,Dir}.exists? -> exist?Azul
exists? is deprecated in ruby 2.1
2016-05-02upgrade: remove references to RestClientAzul
CouchRest > 1.2 does not use RestClient anymore. So we should not try to catch its errors.
2016-04-11allow monitor auth to create users even if invites are normally required.elijah
2016-04-01api: added super simple motd, closes #7866elijah
2016-03-30api: return proper 404 for GET /1/identities/:id.jsonelijah
2016-03-28api: added get(:show) to identities and users, allow monitors to ↵elijah
create/delete test & tmp users.
2016-03-28api: added allow ability to limit what IPs can access api using a static ↵elijah
configured auth token.
2016-03-28api tokens - clarify terms: "monitors" are admins that authenticated via api ↵elijah
token, "tmp" users are users that exist only in tmp db, "test" users are either tmp users or users named "test_user_x"
2016-03-28api tokens: allow for special api tokens that work like session tokens but ↵elijah
are configured in the static config, to be used for infrastructure monitoring.
2016-02-10allow user accounts to be re-enabled, and for associated identities to also ↵elijah
get re-enabled.
2016-01-31remove cert fingerprints for disabled users, so that they cannot send email ↵elijah
anymore. closes #7690
2016-01-16retain locale in URL when logging in and signing up, and ajax actions in ↵elijah
general.
2016-01-14added UI for invite codeselijah
2015-09-20adding ability to disable/enable users by adminEvelyn
2015-08-07do not include random cruft in the common name of smtp client certificateselijah
2015-07-14fix i18n testselijah
2015-06-15added CommonLanguages gemelijah
2015-04-30added support for email notifications of ticket changeselijah
2015-03-17Better error message when a database is missing (very useful for nagios tests)elijah
2014-12-15bugfix: allow deletion of user's identities via api when user is deleted. ↵elijah
closes #6550
2014-11-11Merge branch 'test/feature-for-service-endpoint' of ↵elijah
https://github.com/azul/leap_web into develop
2014-11-11Merge branch 'feature/error-tweaks' of https://github.com/azul/leap_web into ↵elijah
develop
2014-11-10added destroy user to apielijah
2014-09-04fixed typo on configs_controller.rbelijah
2014-07-31features for anonymous use and service endpointAzul
Also moved the location of the config files into a configuration setting.
2014-07-31use ApiController#anonymous_access_allowed?Azul
There are some places where we only want to require login unless you can use EIP anonymously. So far we had an anonymous_certs_allowed? method in all these controllers. Now it's replaced with ApiController#anonymous_access_allowed?. The naming better reflects that there might be other services that allow anonymous use at some point. This also fixed a typo name -> @filename that broke the ConfigsController.
2014-07-31respond with 404 and 500 when rendering custom error pagesAzul
includes test
2014-07-18Allow fetching configs if anonymous EIP access is allowedAzul
2014-07-17some cleanup of the messages api and cuke featureAzul