| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2017-04-20 | fix: set token in forms correctly | Azul | |
| We now use the hash of the token for comparison and as the id. In order to use it you need the original token though. So forms and thus the session should have token.to_s rather than token.id. | |||
| 2017-04-03 | feature: delete user clearing username | Azul | |
| 2017-03-23 | bugfix: handle couch 404s | Azul | |
| our special error handler for json requests would turn all exceptions into 500s - removed it. now the rescue_responses can do their thing again. | |||
| 2017-03-21 | fix: 404 on key request with non html content-type | Azul | |
| 2017-03-20 | fix: 404 for missing pages template - fixes #9 | Azul | |
| 2016-08-19 | respond_to on a per controller basis | Azul | |
| If you inherit respond to and call it again in your controller it will not overwrite the previous but add to it. Since we always have some exceptions from the rules it's probably easiest to be explicit in the controllers that require it themselves. | |||
| 2016-08-17 | bugfix: send 406 if an unexpected format is asked for | Azul | |
| It used to run the action and then trigger a 500 because the template was not found. fixes !3 . | |||
| 2016-07-14 | [feature] restrict is_admin in the user api, to only allow querying | NavaL | |
| for him/herself So that it we do not expose the is_admin property to anyone else including other admins. | |||
| 2016-05-23 | rename destroy_identity to release_handles | Azul | |
| This expresses the intent rather than the implementation. Also replace temp with query refactoring. | |||
| 2016-05-23 | move signup from users to account_controller | Azul | |
| There was a lot of special case handling going on in the users_controller for this. Lot simpler this way. | |||
| 2016-05-23 | cleanup: remove service level code from users_controller | Azul | |
| There's no route to this right now and it also seems to be tested nowhere. Since i am about to split up the users_controller let's get rid of this and put it in the place we want it once we actually finish the implementation | |||
| 2016-05-23 | restrict user_params in user_controller | Azul | |
| Actually this should live in a service_level_controller. For now fix the security issue. | |||
| 2016-05-18 | features for API version 2 - keep old ones | Azul | |
| Now we test both api versions. We want this for backwards compatibility. | |||
| 2016-05-18 | api: allow version bumping - bump to 2 | Azul | |
| 2016-05-03 | use APP_CONFIG[config_file_paths] for provider.json | Azul | |
| This avoids overwriting the PROVIDER_JSON constant in the StaticConfigController and thus fixes test warnings. Also moved away from using instance variables in the ControllerExtension::JsonFile - instead querying the corresponding functions now - less sideeffects and easier stubbing. | |||
| 2016-05-03 | fix failing unit and functional tests | Azul | |
| 2016-05-02 | upgrade: {File,Dir}.exists? -> exist? | Azul | |
| exists? is deprecated in ruby 2.1 | |||
| 2016-05-02 | upgrade: remove references to RestClient | Azul | |
| CouchRest > 1.2 does not use RestClient anymore. So we should not try to catch its errors. | |||
| 2016-04-11 | allow monitor auth to create users even if invites are normally required. | elijah | |
| 2016-04-01 | api: added super simple motd, closes #7866 | elijah | |
| 2016-03-30 | api: return proper 404 for GET /1/identities/:id.json | elijah | |
| 2016-03-28 | api: added get(:show) to identities and users, allow monitors to ↵ | elijah | |
| create/delete test & tmp users. | |||
| 2016-03-28 | api: added allow ability to limit what IPs can access api using a static ↵ | elijah | |
| configured auth token. | |||
| 2016-03-28 | api tokens - clarify terms: "monitors" are admins that authenticated via api ↵ | elijah | |
| token, "tmp" users are users that exist only in tmp db, "test" users are either tmp users or users named "test_user_x" | |||
| 2016-03-28 | api tokens: allow for special api tokens that work like session tokens but ↵ | elijah | |
| are configured in the static config, to be used for infrastructure monitoring. | |||
| 2016-02-10 | allow user accounts to be re-enabled, and for associated identities to also ↵ | elijah | |
| get re-enabled. | |||
| 2016-01-31 | remove cert fingerprints for disabled users, so that they cannot send email ↵ | elijah | |
| anymore. closes #7690 | |||
| 2016-01-16 | retain locale in URL when logging in and signing up, and ajax actions in ↵ | elijah | |
| general. | |||
| 2016-01-14 | added UI for invite codes | elijah | |
| 2015-09-20 | adding ability to disable/enable users by admin | Evelyn | |
| 2015-08-07 | do not include random cruft in the common name of smtp client certificates | elijah | |
| 2015-07-14 | fix i18n tests | elijah | |
| 2015-06-15 | added CommonLanguages gem | elijah | |
| 2015-04-30 | added support for email notifications of ticket changes | elijah | |
| 2015-03-17 | Better error message when a database is missing (very useful for nagios tests) | elijah | |
| 2014-12-15 | bugfix: allow deletion of user's identities via api when user is deleted. ↵ | elijah | |
| closes #6550 | |||
| 2014-11-11 | Merge branch 'test/feature-for-service-endpoint' of ↵ | elijah | |
| https://github.com/azul/leap_web into develop | |||
| 2014-11-11 | Merge branch 'feature/error-tweaks' of https://github.com/azul/leap_web into ↵ | elijah | |
| develop | |||
| 2014-11-10 | added destroy user to api | elijah | |
| 2014-09-04 | fixed typo on configs_controller.rb | elijah | |
| 2014-07-31 | features for anonymous use and service endpoint | Azul | |
| Also moved the location of the config files into a configuration setting. | |||
| 2014-07-31 | use ApiController#anonymous_access_allowed? | Azul | |
| There are some places where we only want to require login unless you can use EIP anonymously. So far we had an anonymous_certs_allowed? method in all these controllers. Now it's replaced with ApiController#anonymous_access_allowed?. The naming better reflects that there might be other services that allow anonymous use at some point. This also fixed a typo name -> @filename that broke the ConfigsController. | |||
| 2014-07-31 | respond with 404 and 500 when rendering custom error pages | Azul | |
| includes test | |||
| 2014-07-18 | Allow fetching configs if anonymous EIP access is allowed | Azul | |
| 2014-07-17 | some cleanup of the messages api and cuke feature | Azul | |
| 2014-07-17 | clean up error assertions in tests | Azul | |
| We're not testing the redirects anymore. But the error messages should be pretty clear already. We can start testing redirects again once we redirect to different places for different actions. | |||
| 2014-07-14 | fix controller refactor and features | Azul | |
| Also save debug log on failing features | |||
| 2014-07-14 | move fetch_user into module so it can be mixed in | Azul | |
| We have an ApiController that wants to call #fetch_user. Since we can only inherit from one class i moved fetch_user into an extension. | |||
| 2014-07-14 | send config files from ConfigsController | Azul | |
| 2014-07-14 | ApiController with API style auth | Azul | |
| require_login is require_token for the api controller It also skips the verify_authenticity_token before filter. So all Subclasses of the ApiController will only support token auth. Also made the V1::UsersController a bit more strict. Now way for admins to alter other users through the api. We don't support that yet so let's not allow it either. | |||
 |
index : leap_web.git | |
| [leap_web] | git repository hosting |
| summaryrefslogtreecommitdiff |