Age | Commit message (Collapse) | Author |
|
Warden will catch all 401 responses at the rack level and call the app for failures. By default that is SessionsController#unauthenticated.
I'm sticking with this. If we ever have other rack endpoints they can just send a 401 and the webapp will take care of the message.
Other options would have been to tell warden not to take care of 401 either during initialization or by calling custom_failure! in the login_required method.
We probably want a response that has a unique identifier for the error to process by the client and a translated message later on. For now i think the 401 suffices to identify the issue at hand.
|
|
They are very different. Let's handle them in different methods.
|
|
|
|
|
|
|
|
Also move complex identity views into js designs.
Includes test.
Here's how you would query it from outside rails:
```
$ curl
'localhost:5984/identities/_design/Identity/_view/cert_fingerprints_by_expiry?startkey="2014-07-05"'
{"total_rows":4,"offset":1,"rows":[
{"id":"6c9091d4f13eaeaa6062c9d0528fd34d","key":"2014-07-05","value":"fingerprint"},
{"id":"6f3aa93828b4f6978d551f2623b9d103","key":"2014-07-05","value":"fingerprint"},
{"id":"b6cafacfa65042679691cd5065fb19e3","key":"2014-07-07","value":"fp"}
]}
```
Note that the expiry will be used as the key. So you should use the
current data (or yesterday) as the startkey to get all fingerprints that
have not expired yet.
The fingerprint itself is in the value. No need to include docs.
|
|
We used to store the creation date but this way it's easier to query for non expired certs
|
|
- default is true
- See issue #5217
- See companion change in leap_platform.
|
|
only submit the params that differ from the defaults
|
|
Allow admins to unblock handles
|
|
|
|
|
|
Use link_to_navigation for all important navigation items. It creates a link in a list item for use with bootstrap. It supports an :active flag and an :icon option in the html_options now. It also translates the label. This way it can be used in a lot of places as the generic navigation link.
|
|
There's an identities tab now for admins that will allow unblocking blocked handles. It should be easy to expand for aliases and forwards and other types of actions such as editing.
|
|
list-unstyled comes for free
|
|
the errors on the object if not saved.
|
|
identity errors to user and add identity class hook.
|
|
Feature/i18n for ticket system
|
|
|
|
Identity.new.valid? should not crash. So validate presence where needed and
skip the other validations if the value is absent.
|
|
|
|
errors.each iterates through all errors for all attrbibutes nicely.
|
|
Users now always check if their identity is valid. We need to make
sure this works if the user is a new record and once it has been
persisted.
While the user is a new record the identity will have no user_id.
Old identities that are left to block the login of a user who
canceled their account also have a blank user_id. They still should
render the new identity invalid so the user can't be saved with a
login that has been reserved.
Once the user has been persisted we set the user_id on the identity
and save it too when creating an Account. This allows us to create
a plain user and save it and it will still have an in memory identity
only. But the default is to create the user by means of creating an
account so an identity will be created as well.
|
|
we set it to nil when we disable it
|
|
|
|
|
|
|
|
We create an identity alongside each user. Make sure the identity
is valid when creating the user. This also ensures that the login
picked is available because otherwise the identities address would
not be available anymore.
|
|
|
|
|
|
Also translates the first arg if it's a symbol and adds more btn- classes if given as html_options[:type]
|
|
|
|
|
|
Just in case some translation keys are not present things should still work and make sense.
So translation keys should be picked in a meaningful way and scoped rather than prefixed.
For example overview.account will turn into "Account" if no translation is present while "overview_account" will turn into "Overview Account". We usually want the former.
|
|
|
|
|
|
|
|
FlashResponder added a flash before responding. However at the point of responding objects have already been saved. So there is no way to test if they were changed.
Now instead we can call
flash_for resource
before
resource.save
and it will add the flash messages only if the resource was actually changed.
|
|
|
|
hash token with sha512 against timing attacs #3398
|
|
Feature/cert fingerprints
|
|
|
|
We create them. let's reflect that in the verb.
|
|
better detection if price link should be shown in the footer
|
|
|
|
Only storing the date as that should suffice for normal expiry and is less useful for identifying users by timestamps
|
|
|
|
|
|
|
|
Email.new(nil) now returns an invalid email rather than crashing.
|