summaryrefslogtreecommitdiff
path: root/app
AgeCommit message (Collapse)Author
2015-10-02Update rake task to allow generation of multi-use invitesankonym
The rake task now takes a second (optional) argument that sets the number of uses per invite code. If this is omitted, the default number of uses is 1. (This commit also contains some minor code cleanup that removes some stuff that I'd commented out but not removed.)
2015-10-02Allow multi-use invite codesankonym
Introduce a invite_max_uses property to invite codes to allow admins to set a maximum number of uses for invite codes.
2015-09-28Add localization labels to signup form and user.en.ymlankonym
Added the necessary labels to allow the localization of the signup form and the labels to users.en.yml for localization
2015-09-28Make invite code configurableankonym
Through the config param 'invite_required', providers can decide whether users need to provide an invite code upon signup. The default setting is false.
2015-09-28Cleaned up code in invite_code_validator.rbankonym
2015-09-28Fixed the signup bug that wrongly consumes the invite code.Aya Jaff
2015-09-28Fixes for the invite code validatorankonym
Validation should only happen for new records User invite code was nil for invalid invite codes Adding missing tests
2015-09-28Make sure codes can only be used once, fix validationsankonym
We introduced a count on invite codes to make sure that (at the moment) codes can only be used once. (The code will also allow multi-use codes in the future.) Also, some of our validations weren't validating against the correct data, which is now fixed.
2015-09-28assign random invite code when creating new invite codesankonym
2015-09-28Changed invite code query to look for invite_code string instead of idankonym
2015-09-28Add validation of invite code in user object based on codes in couch dbankonym
2015-09-28Add invite code modelankonym
2015-09-28Update submodule srp to 9e1a41733kaeff
2015-09-28Move account form info from srp_js into leap_webkaeff
2015-09-28Adding invite code field to signup with validation for hardcoded invite codeankonym
2015-08-07do not include random cruft in the common name of smtp client certificateselijah
2015-08-04Made the default front-page welcome text translatable.elijah
2015-08-03make the footer less comically huge when there is only one language configuredelijah
2015-07-23make the default vanilla leap_web include a masthead on the home page.elijah
2015-07-14fix i18n testselijah
2015-07-14fix footer css when the locale links are visibleelijah
2015-06-15added CommonLanguages gemelijah
2015-04-30added support for email notifications of ticket changeselijah
2015-03-17Better error message when a database is missing (very useful for nagios tests)elijah
2015-03-17add support for rotating tokens and sessions databases, and for a special ↵elijah
tmp db for test users.
2015-01-28client certificates: allow for time units to be specified in ↵elijah
client_cert_lifespan config option.
2014-12-23bugfix: ensure both user and identity documents are destroyed if there is a ↵elijah
problem creating the account.
2014-12-17css - remove @extend .label-default (that class does not exist)elijah
2014-12-15bugfix: allow deletion of user's identities via api when user is deleted. ↵elijah
closes #6550
2014-11-11Merge branch 'test/feature-for-service-endpoint' of ↵elijah
https://github.com/azul/leap_web into develop
2014-11-11Merge branch 'feature/error-tweaks' of https://github.com/azul/leap_web into ↵elijah
develop
2014-11-10added destroy user to apielijah
2014-09-04fixed typo on configs_controller.rbelijah
2014-07-31features for anonymous use and service endpointAzul
Also moved the location of the config files into a configuration setting.
2014-07-31use ApiController#anonymous_access_allowed?Azul
There are some places where we only want to require login unless you can use EIP anonymously. So far we had an anonymous_certs_allowed? method in all these controllers. Now it's replaced with ApiController#anonymous_access_allowed?. The naming better reflects that there might be other services that allow anonymous use at some point. This also fixed a typo name -> @filename that broke the ConfigsController.
2014-07-31respond with 404 and 500 when rendering custom error pagesAzul
includes test
2014-07-18Allow fetching configs if anonymous EIP access is allowedAzul
2014-07-17some cleanup of the messages api and cuke featureAzul
2014-07-17clean up error assertions in testsAzul
We're not testing the redirects anymore. But the error messages should be pretty clear already. We can start testing redirects again once we redirect to different places for different actions.
2014-07-14fix controller refactor and featuresAzul
Also save debug log on failing features
2014-07-14move fetch_user into module so it can be mixed inAzul
We have an ApiController that wants to call #fetch_user. Since we can only inherit from one class i moved fetch_user into an extension.
2014-07-14send config files from ConfigsControllerAzul
2014-07-14ApiController with API style authAzul
require_login is require_token for the api controller It also skips the verify_authenticity_token before filter. So all Subclasses of the ApiController will only support token auth. Also made the V1::UsersController a bit more strict. Now way for admins to alter other users through the api. We don't support that yet so let's not allow it either.
2014-07-14clean up and simplify error responses and test codeAzul
2014-07-14send static list of configs for nowAzul
Also added authentication steps to cucumber
2014-07-14use cucumber; initial ConfigsControllerAzul
2014-07-14render valid json error if provider file not foundAzul
2014-07-14SessionsController#unauthenticated for 401sAzul
Warden will catch all 401 responses at the rack level and call the app for failures. By default that is SessionsController#unauthenticated. I'm sticking with this. If we ever have other rack endpoints they can just send a 401 and the webapp will take care of the message. Other options would have been to tell warden not to take care of 401 either during initialization or by calling custom_failure! in the login_required method. We probably want a response that has a unique identifier for the error to process by the client and a translated message later on. For now i think the 401 suffices to identify the issue at hand.
2014-07-14separate login_required from access denied responseAzul
They are very different. Let's handle them in different methods.
2014-07-14Moved check for allow_registration into filter.Folker Bernitt