summaryrefslogtreecommitdiff
path: root/app/models/token.rb
AgeCommit message (Collapse)Author
2016-03-19Handle conflict on token cleanup - fixes #7670Azul
the only race condition I can think of here is this... somebody tries to authenticate with a token that is almost expired. auth checks and notices it is not expired yet so starts to prolonge it. Before the polonged token is written to the db the cleanup script discovers that it has just expired. prolonged token is written to the db cleanup script fails to delete it from the db as it has been updated. So what we want in this case is to keep the token alive as it was renewed in the last minute.
2015-03-17add support for rotating tokens and sessions databases, and for a special ↵elijah
tmp db for test users.
2014-05-26hash token with sha512 against timing attacs #3398Azul
2014-05-13allow for usernames with dotsAzul
preparing for #5664 with some test improvements i ran into this issue This commit includes a fix and the test improvements. In particular it adds BrowserIntegrationTest#login - so there is no need to go through the signup procedure everytime you want a user to be logged in.
2014-04-08moving users: app and test filesAzul