summaryrefslogtreecommitdiff
path: root/app/controllers
AgeCommit message (Collapse)Author
2017-04-20fix: set token in forms correctlyAzul
We now use the hash of the token for comparison and as the id. In order to use it you need the original token though. So forms and thus the session should have token.to_s rather than token.id.
2017-04-03feature: delete user clearing usernameAzul
2017-03-23bugfix: handle couch 404sAzul
our special error handler for json requests would turn all exceptions into 500s - removed it. now the rescue_responses can do their thing again.
2017-03-21fix: 404 on key request with non html content-typeAzul
2017-03-20fix: 404 for missing pages template - fixes #9Azul
2016-08-19respond_to on a per controller basisAzul
If you inherit respond to and call it again in your controller it will not overwrite the previous but add to it. Since we always have some exceptions from the rules it's probably easiest to be explicit in the controllers that require it themselves.
2016-08-17bugfix: send 406 if an unexpected format is asked forAzul
It used to run the action and then trigger a 500 because the template was not found. fixes !3 .
2016-07-14[feature] restrict is_admin in the user api, to only allow queryingNavaL
for him/herself So that it we do not expose the is_admin property to anyone else including other admins.
2016-05-23rename destroy_identity to release_handlesAzul
This expresses the intent rather than the implementation. Also replace temp with query refactoring.
2016-05-23move signup from users to account_controllerAzul
There was a lot of special case handling going on in the users_controller for this. Lot simpler this way.
2016-05-23cleanup: remove service level code from users_controllerAzul
There's no route to this right now and it also seems to be tested nowhere. Since i am about to split up the users_controller let's get rid of this and put it in the place we want it once we actually finish the implementation
2016-05-23restrict user_params in user_controllerAzul
Actually this should live in a service_level_controller. For now fix the security issue.
2016-05-18features for API version 2 - keep old onesAzul
Now we test both api versions. We want this for backwards compatibility.
2016-05-18api: allow version bumping - bump to 2Azul
2016-05-03use APP_CONFIG[config_file_paths] for provider.jsonAzul
This avoids overwriting the PROVIDER_JSON constant in the StaticConfigController and thus fixes test warnings. Also moved away from using instance variables in the ControllerExtension::JsonFile - instead querying the corresponding functions now - less sideeffects and easier stubbing.
2016-05-03fix failing unit and functional testsAzul
2016-05-02upgrade: {File,Dir}.exists? -> exist?Azul
exists? is deprecated in ruby 2.1
2016-05-02upgrade: remove references to RestClientAzul
CouchRest > 1.2 does not use RestClient anymore. So we should not try to catch its errors.
2016-04-11allow monitor auth to create users even if invites are normally required.elijah
2016-04-01api: added super simple motd, closes #7866elijah
2016-03-30api: return proper 404 for GET /1/identities/:id.jsonelijah
2016-03-28api: added get(:show) to identities and users, allow monitors to ↵elijah
create/delete test & tmp users.
2016-03-28api: added allow ability to limit what IPs can access api using a static ↵elijah
configured auth token.
2016-03-28api tokens - clarify terms: "monitors" are admins that authenticated via api ↵elijah
token, "tmp" users are users that exist only in tmp db, "test" users are either tmp users or users named "test_user_x"
2016-03-28api tokens: allow for special api tokens that work like session tokens but ↵elijah
are configured in the static config, to be used for infrastructure monitoring.
2016-02-10allow user accounts to be re-enabled, and for associated identities to also ↵elijah
get re-enabled.
2016-01-31remove cert fingerprints for disabled users, so that they cannot send email ↵elijah
anymore. closes #7690
2016-01-16retain locale in URL when logging in and signing up, and ajax actions in ↵elijah
general.
2016-01-14added UI for invite codeselijah
2015-09-20adding ability to disable/enable users by adminEvelyn
2015-08-07do not include random cruft in the common name of smtp client certificateselijah
2015-07-14fix i18n testselijah
2015-06-15added CommonLanguages gemelijah
2015-04-30added support for email notifications of ticket changeselijah
2015-03-17Better error message when a database is missing (very useful for nagios tests)elijah
2014-12-15bugfix: allow deletion of user's identities via api when user is deleted. ↵elijah
closes #6550
2014-11-11Merge branch 'test/feature-for-service-endpoint' of ↵elijah
https://github.com/azul/leap_web into develop
2014-11-11Merge branch 'feature/error-tweaks' of https://github.com/azul/leap_web into ↵elijah
develop
2014-11-10added destroy user to apielijah
2014-09-04fixed typo on configs_controller.rbelijah
2014-07-31features for anonymous use and service endpointAzul
Also moved the location of the config files into a configuration setting.
2014-07-31use ApiController#anonymous_access_allowed?Azul
There are some places where we only want to require login unless you can use EIP anonymously. So far we had an anonymous_certs_allowed? method in all these controllers. Now it's replaced with ApiController#anonymous_access_allowed?. The naming better reflects that there might be other services that allow anonymous use at some point. This also fixed a typo name -> @filename that broke the ConfigsController.
2014-07-31respond with 404 and 500 when rendering custom error pagesAzul
includes test
2014-07-18Allow fetching configs if anonymous EIP access is allowedAzul
2014-07-17some cleanup of the messages api and cuke featureAzul
2014-07-17clean up error assertions in testsAzul
We're not testing the redirects anymore. But the error messages should be pretty clear already. We can start testing redirects again once we redirect to different places for different actions.
2014-07-14fix controller refactor and featuresAzul
Also save debug log on failing features
2014-07-14move fetch_user into module so it can be mixed inAzul
We have an ApiController that wants to call #fetch_user. Since we can only inherit from one class i moved fetch_user into an extension.
2014-07-14send config files from ConfigsControllerAzul
2014-07-14ApiController with API style authAzul
require_login is require_token for the api controller It also skips the verify_authenticity_token before filter. So all Subclasses of the ApiController will only support token auth. Also made the V1::UsersController a bit more strict. Now way for admins to alter other users through the api. We don't support that yet so let's not allow it either.