Age | Commit message (Collapse) | Author |
|
We have an ApiController that wants to call #fetch_user. Since we can only inherit from one class i moved fetch_user into an extension.
|
|
|
|
require_login is require_token for the api controller
It also skips the verify_authenticity_token before filter.
So all Subclasses of the ApiController will only support token auth.
Also made the V1::UsersController a bit more strict. Now way for admins to alter other users through the api. We don't support that yet so let's not allow it either.
|
|
|
|
Also added authentication steps to cucumber
|
|
|
|
|
|
Warden will catch all 401 responses at the rack level and call the app for failures. By default that is SessionsController#unauthenticated.
I'm sticking with this. If we ever have other rack endpoints they can just send a 401 and the webapp will take care of the message.
Other options would have been to tell warden not to take care of 401 either during initialization or by calling custom_failure! in the login_required method.
We probably want a response that has a unique identifier for the error to process by the client and a translated message later on. For now i think the 401 suffices to identify the issue at hand.
|
|
They are very different. Let's handle them in different methods.
|
|
|
|
|
|
|
|
Also move complex identity views into js designs.
Includes test.
Here's how you would query it from outside rails:
```
$ curl
'localhost:5984/identities/_design/Identity/_view/cert_fingerprints_by_expiry?startkey="2014-07-05"'
{"total_rows":4,"offset":1,"rows":[
{"id":"6c9091d4f13eaeaa6062c9d0528fd34d","key":"2014-07-05","value":"fingerprint"},
{"id":"6f3aa93828b4f6978d551f2623b9d103","key":"2014-07-05","value":"fingerprint"},
{"id":"b6cafacfa65042679691cd5065fb19e3","key":"2014-07-07","value":"fp"}
]}
```
Note that the expiry will be used as the key. So you should use the
current data (or yesterday) as the startkey to get all fingerprints that
have not expired yet.
The fingerprint itself is in the value. No need to include docs.
|
|
We used to store the creation date but this way it's easier to query for non expired certs
|
|
- default is true
- See issue #5217
- See companion change in leap_platform.
|
|
only submit the params that differ from the defaults
|
|
Allow admins to unblock handles
|
|
|
|
|
|
Use link_to_navigation for all important navigation items. It creates a link in a list item for use with bootstrap. It supports an :active flag and an :icon option in the html_options now. It also translates the label. This way it can be used in a lot of places as the generic navigation link.
|
|
There's an identities tab now for admins that will allow unblocking blocked handles. It should be easy to expand for aliases and forwards and other types of actions such as editing.
|
|
list-unstyled comes for free
|
|
the errors on the object if not saved.
|
|
identity errors to user and add identity class hook.
|
|
Feature/i18n for ticket system
|
|
|
|
Identity.new.valid? should not crash. So validate presence where needed and
skip the other validations if the value is absent.
|
|
|
|
errors.each iterates through all errors for all attrbibutes nicely.
|
|
Users now always check if their identity is valid. We need to make
sure this works if the user is a new record and once it has been
persisted.
While the user is a new record the identity will have no user_id.
Old identities that are left to block the login of a user who
canceled their account also have a blank user_id. They still should
render the new identity invalid so the user can't be saved with a
login that has been reserved.
Once the user has been persisted we set the user_id on the identity
and save it too when creating an Account. This allows us to create
a plain user and save it and it will still have an in memory identity
only. But the default is to create the user by means of creating an
account so an identity will be created as well.
|
|
we set it to nil when we disable it
|
|
|
|
|
|
|
|
We create an identity alongside each user. Make sure the identity
is valid when creating the user. This also ensures that the login
picked is available because otherwise the identities address would
not be available anymore.
|
|
|
|
|
|
Also translates the first arg if it's a symbol and adds more btn- classes if given as html_options[:type]
|
|
|
|
|
|
Just in case some translation keys are not present things should still work and make sense.
So translation keys should be picked in a meaningful way and scoped rather than prefixed.
For example overview.account will turn into "Account" if no translation is present while "overview_account" will turn into "Overview Account". We usually want the former.
|
|
|
|
|
|
|
|
FlashResponder added a flash before responding. However at the point of responding objects have already been saved. So there is no way to test if they were changed.
Now instead we can call
flash_for resource
before
resource.save
and it will add the flash messages only if the resource was actually changed.
|
|
|
|
hash token with sha512 against timing attacs #3398
|
|
Feature/cert fingerprints
|
|
|
|
We create them. let's reflect that in the verb.
|