leap_web.git - [leap

Age	Commit message (Collapse)	Author
2017-11-13	fix: alternate email dialogue	Azul
	fixes #8796 Cleaned up UserController#update earlier but missed that it was used to change fallback email addresses. Now it is back. This time including an integration test.
2017-11-07	Merge branch '8800-hand-out-configs-json-without-authentication' into 'master'	azul
	feat: allow unauthenticated access to list of configs Closes #8800 See merge request leap/webapp!45
2017-10-24	fix: sanity checks on user params	Azul
	fixes #8801 Includes a test reproducing 500 on lynx We now make use of ActionController::Parameters require and permit methods.
2017-10-17	feat: sort invite codes by last update	Azul
	They used to be sorted by the code which was not helpful fixes #8806 requires deploy of new design docs to the platform
2017-10-16	fix: login error message with locale set	Azul
	On a failed login the warden failure app gets called. Some of the params are changed accordingly but controller and action remain. set_locale would detect there was no locale in the path and thus attempt to redirect. However the params still belong to the previous request which was a POST to Api::SessionsController. This route does not respond to get requests and so it would trigger a 404 in production and a 500 in development. This commit prevents set_locale to act upon warden failure app controller calls by adding /new to the list of `NON_LOCALE_PATHS`. (The path is updated by warden to the name of the action called in the failure app). A test is included in this commit that tries to login with an invalid username, password combination and a german locale set. fixes #8805
2017-09-11	feat: allow unauthenticated access to list of configs	Azul
	This should simplify client code significantly according to platform#8849
2017-04-20	fix: set token in forms correctly	Azul
	We now use the hash of the token for comparison and as the id. In order to use it you need the original token though. So forms and thus the session should have token.to_s rather than token.id.
2017-04-03	feature: delete user clearing username	Azul

2017-03-23	bugfix: handle couch 404s	Azul
	our special error handler for json requests would turn all exceptions into 500s - removed it. now the rescue_responses can do their thing again.
2017-03-21	fix: 404 on key request with non html content-type	Azul

2017-03-20	fix: 404 for missing pages template - fixes #9	Azul

2016-08-19	respond_to on a per controller basis	Azul
	If you inherit respond to and call it again in your controller it will not overwrite the previous but add to it. Since we always have some exceptions from the rules it's probably easiest to be explicit in the controllers that require it themselves.
2016-08-17	bugfix: send 406 if an unexpected format is asked for	Azul
	It used to run the action and then trigger a 500 because the template was not found. fixes !3 .
2016-07-14	[feature] restrict is_admin in the user api, to only allow querying	NavaL
	for him/herself So that it we do not expose the is_admin property to anyone else including other admins.
2016-05-23	rename destroy_identity to release_handles	Azul
	This expresses the intent rather than the implementation. Also replace temp with query refactoring.
2016-05-23	move signup from users to account_controller	Azul
	There was a lot of special case handling going on in the users_controller for this. Lot simpler this way.
2016-05-23	cleanup: remove service level code from users_controller	Azul
	There's no route to this right now and it also seems to be tested nowhere. Since i am about to split up the users_controller let's get rid of this and put it in the place we want it once we actually finish the implementation
2016-05-23	restrict user_params in user_controller	Azul
	Actually this should live in a service_level_controller. For now fix the security issue.
2016-05-18	features for API version 2 - keep old ones	Azul
	Now we test both api versions. We want this for backwards compatibility.
2016-05-18	api: allow version bumping - bump to 2	Azul

2016-05-03	use APP_CONFIG[config_file_paths] for provider.json	Azul
	This avoids overwriting the PROVIDER_JSON constant in the StaticConfigController and thus fixes test warnings. Also moved away from using instance variables in the ControllerExtension::JsonFile - instead querying the corresponding functions now - less sideeffects and easier stubbing.
2016-05-03	fix failing unit and functional tests	Azul

2016-05-02	upgrade: {File,Dir}.exists? -> exist?	Azul
	exists? is deprecated in ruby 2.1
2016-05-02	upgrade: remove references to RestClient	Azul
	CouchRest > 1.2 does not use RestClient anymore. So we should not try to catch its errors.
2016-04-11	allow monitor auth to create users even if invites are normally required.	elijah

2016-04-01	api: added super simple motd, closes #7866	elijah

2016-03-30	api: return proper 404 for GET /1/identities/:id.json	elijah

2016-03-28	api: added get(:show) to identities and users, allow monitors to ↵	elijah
	create/delete test & tmp users.
2016-03-28	api: added allow ability to limit what IPs can access api using a static ↵	elijah
	configured auth token.
2016-03-28	api tokens - clarify terms: "monitors" are admins that authenticated via api ↵	elijah
	token, "tmp" users are users that exist only in tmp db, "test" users are either tmp users or users named "test_user_x"
2016-03-28	api tokens: allow for special api tokens that work like session tokens but ↵	elijah
	are configured in the static config, to be used for infrastructure monitoring.
2016-02-10	allow user accounts to be re-enabled, and for associated identities to also ↵	elijah
	get re-enabled.
2016-01-31	remove cert fingerprints for disabled users, so that they cannot send email ↵	elijah
	anymore. closes #7690
2016-01-16	retain locale in URL when logging in and signing up, and ajax actions in ↵	elijah
	general.
2016-01-14	added UI for invite codes	elijah

2015-09-20	adding ability to disable/enable users by admin	Evelyn

2015-08-07	do not include random cruft in the common name of smtp client certificates	elijah

2015-07-14	fix i18n tests	elijah

2015-06-15	added CommonLanguages gem	elijah

2015-04-30	added support for email notifications of ticket changes	elijah

2015-03-17	Better error message when a database is missing (very useful for nagios tests)	elijah

2014-12-15	bugfix: allow deletion of user's identities via api when user is deleted. ↵	elijah
	closes #6550
2014-11-11	Merge branch 'test/feature-for-service-endpoint' of ↵	elijah
	https://github.com/azul/leap_web into develop
2014-11-11	Merge branch 'feature/error-tweaks' of https://github.com/azul/leap_web into ↵	elijah
	develop
2014-11-10	added destroy user to api	elijah

2014-09-04	fixed typo on configs_controller.rb	elijah

2014-07-31	features for anonymous use and service endpoint	Azul
	Also moved the location of the config files into a configuration setting.
2014-07-31	use ApiController#anonymous_access_allowed?	Azul
	There are some places where we only want to require login unless you can use EIP anonymously. So far we had an anonymous_certs_allowed? method in all these controllers. Now it's replaced with ApiController#anonymous_access_allowed?. The naming better reflects that there might be other services that allow anonymous use at some point. This also fixed a typo name -> @filename that broke the ConfigsController.
2014-07-31	respond with 404 and 500 when rendering custom error pages	Azul
	includes test
2014-07-18	Allow fetching configs if anonymous EIP access is allowed	Azul