summaryrefslogtreecommitdiff
path: root/app
AgeCommit message (Collapse)Author
2017-11-16fix: respond with error on invalid pgp keyAzul
We used to just ignore the key. Also separated the code for handling key updates from other user updates. This should eventually be moved to a different route. Mixing the two makes the implementation really hard.
2017-11-13fix: alternate email dialogueAzul
fixes #8796 Cleaned up UserController#update earlier but missed that it was used to change fallback email addresses. Now it is back. This time including an integration test.
2017-11-08fix #8010 - publish public key in webfingerAzul
we were simply referring to the wrong key. includes test
2017-11-07Merge branch '8800-hand-out-configs-json-without-authentication' into 'master'azul
feat: allow unauthenticated access to list of configs Closes #8800 See merge request leap/webapp!45
2017-10-24fix: sanity checks on user paramsAzul
fixes #8801 Includes a test reproducing 500 on lynx We now make use of ActionController::Parameters require and permit methods.
2017-10-24refactor: instance method create for Account.createAzul
This simplifies returning the user while still working on it a lot. Much cleaner than all these return user statements. There's a lot more to refactor here. For example delegating methods to user etc. ... but for now this should suffice. Don't want to break this in a bugfix release.
2017-10-24fix: also remove invite codes used for tmp usersAzul
fixes #8807
2017-10-17feat: sort invite codes by last updateAzul
They used to be sorted by the code which was not helpful fixes #8806 requires deploy of new design docs to the platform
2017-10-17fix: destroy invites used to create test accountsAzul
Production instances are getting cluttered with invites from test accounts. Instead of marking them as used we will now completely remove them. refers to #8804 refers to #8807\
2017-10-16fix: login error message with locale setAzul
On a failed login the warden failure app gets called. Some of the params are changed accordingly but controller and action remain. set_locale would detect there was no locale in the path and thus attempt to redirect. However the params still belong to the previous request which was a POST to Api::SessionsController. This route does not respond to get requests and so it would trigger a 404 in production and a 500 in development. This commit prevents set_locale to act upon warden failure app controller calls by adding /new to the list of `NON_LOCALE_PATHS`. (The path is updated by warden to the name of the action called in the failure app). A test is included in this commit that tries to login with an invalid username, password combination and a german locale set. fixes #8805
2017-09-11feat: allow unauthenticated access to list of configsAzul
This should simplify client code significantly according to platform#8849
2017-08-07prevent token conflictsAzul
2017-07-26custom: fix stylesheet customizationAzul
fixes #8794 Reported the underlying issue here: https://github.com/rails/sass-rails/issues/406 Basically `@import` works like this: * look for the file relative to the current file * look for the file as an absolute path following the priorities in the * asset load_paths If the file can be imported as a relative path that will take precedence. So in order to pick up the head and tails inside customization rather than in app/assets there are three possibilities: 1) use an absolute path. This is not as easy as it seems. There is no way of indicating a path is meant to be absolute so we would have to ensure it does not resolve to a relative path. 2) have a application.scss file inside the customization folder. Since this is the main file it will be used instead of the app/assets one. In there relative paths will now also default to the customization folder rather than app/assets. Once we are in an app/assets file though it will not go back to picking up customization with relative paths 3) use //= require instead of import. rails-sass advices against this as each required file would be compiled on it's own and variables could not be shared. Going with option 1 here: ```scss // application.scss: @import "custom/head_import"; ``` ```scss // custom/head_import.scss: @import "head"; ``` As long as there is no custom/head.scss in app/assets it will import head as an absolute path and thus prefer config/custom over app/assets. This seems like the best option for now as it does not require changes to the deployments.
2017-04-20fix: set token in forms correctlyAzul
We now use the hash of the token for comparison and as the id. In order to use it you need the original token though. So forms and thus the session should have token.to_s rather than token.id.
2017-04-03fix: icons that were using the bootstrap 2 syntaxAzul
2017-04-03feature: delete user clearing usernameAzul
2017-04-03fix: error message display in productionAzul
only use the <pre> tag if the response was a text message i.e. during dev errors. Use the alert-danger class of bootstrap 3 rather than alert-error.
2017-03-29fix: bring back wrapped signup button with cancelAzul
2017-03-27fix: bootstrap 3 style of menusAzul
span10 now is .col-??-10. ul.unstyled now is ul.list-unstyled also leave out unnecessary li if billing is disabled.
2017-03-27upgrade: simple_form to bootstrap 3Azul
* reran the simple form initializer. * wrapped submit buttons are now broken and need a fix. * disabled confirmation validation in client side validations as the error message always is attached to the wrong field.
2017-03-24fix: make use of client_side_validations in jsAzul
2017-03-23fix: display error js responses in dev environmentAzul
Sometimes the dev environment will send back a plain text response. This causes the json parser to raise an exception and used to cause the browser not to display any error message. Now we dumpt the whole server response - which happes to also include the backtrace. A lot more useful than doing nothing. In production this should never happen as 500s get handled by the ExceptionApplication / our ErrorsController there.
2017-03-23git subrepo clone https://leap.se/git/srp_js app/assets/javascripts/srpAzul
subrepo: subdir: "app/assets/javascripts/srp" merged: "9e1a417" upstream: origin: "https://leap.se/git/srp_js" branch: "master" commit: "9e1a417" git-subrepo: version: "0.3.1" origin: "https://github.com/ingydotnet/git-subrepo" commit: "a7ee886"
2017-03-23Merge branch 'bugfix/ticket-validations' into 'master' azul
fix: keep ticket submit button clickable See merge request !27
2017-03-23fix: keep ticket submit button clickableAzul
It was marked as submitted even when client side validations interfered. fixes github issue #227
2017-03-23bugfix: handle couch 404sAzul
our special error handler for json requests would turn all exceptions into 500s - removed it. now the rescue_responses can do their thing again.
2017-03-21fix: 404 on key request with non html content-typeAzul
2017-03-20fix: 404 for missing pages template - fixes #9Azul
2017-03-20Merge branch 'debug/rescue-more-specifically' into 'master' azul
make the rescue in account creation less broad See merge request !15
2017-03-10Validates recovery code as hexadecimal data.Thais Siqueira
Related with https://github.com/pixelated/pixelated-user-agent/issues/924 With @aarni
2017-03-10Adds recovery code to user accountThais Siqueira
Related with https://github.com/pixelated/pixelated-user-agent/issues/924 With @aarni
2017-03-07make the rescue in account creation less broadAzul
It was catching errors that should have led to 500s
2016-11-17bugfix: only send login errors onceAzul
If a login was invalid as a username but also for the identity we used to have duplicate error messages. Let's avoid that. Also added a test to make sure invite_code errors are properly displayed no matter what other fields are set or missing. Pixelated will rely on this to test invite codes
2016-10-20Merge remote-tracking branch 'origin/develop'Azul
We'll only use the master branch for development from now on.
2016-10-08Merge remote-tracking branch 'pr/241' into developAzul
2016-09-30changed number 2 to 3 to have three tweets shownthea
2016-09-30added 'show more tweets'-link when more tweets are existing than displayed, ↵thea
method included to set number of tweets which should be displayed
2016-09-26Display provider message next to tweets aswellAzul
The content.html.haml was modified to pick the layout based on wether tweets are enabled or not. We need to display the provider message in both cases.
2016-09-26Merge remote-tracking branch 'pr/239' into developAzul
2016-09-23Fixed typo in helperluca-marie
2016-09-23merging develop and mariethea
2016-09-23increase number of fetched tweets to make sure 3 most recent tweets without ↵luca-marie
RTs and @ are displayed
2016-09-23Doc updated on how to customize avatar picture in twitter feature; update ↵luca-marie
error response messages; added 'config/customization/images' + link in 'config/initializer/customization.rb'
2016-09-22same same but slightly differentluca-marie
2016-09-22Modified error messagesluca-marie
2016-09-22initializer/twitter.rb file unnecessary; added change in main view only if ↵luca-marie
twitter feature is set enabled == true
2016-09-22included Theas work on error-handling \o/; changed link to twitter-account ↵luca-marie
in header; fixed erb escaping characters problem without letting evil code pass; setting customized image file 'Avatar_Pic.png' in config/custo../assets to get loaded instead of default twitter-logo
2016-09-22customize: provider message more fine grainedAzul
We used to replace all of home/content - so we missed the twitter feed on the providers. Instead one should now customize home/provider_message only.
2016-09-21finished error-handling with different error-messages for different errors. ↵theaamanda
added info that the account has to be public in Twitter-Doc
2016-09-21included error-handling: twitter-helper includes rescue and error message ↵thea
for fourth value in array. there will always be an empty array that view (text and each - method) does not break. if empty array in view the error-message is shown. (its WIP)