Age | Commit message (Collapse) | Author |
|
We are deprecating webapp based signup. It leads to an
inconsistent state for mail providers and offers no useful
interactions for vpn providers either.
Instead of trying to deal with the halve way signup through
the webapp we require signup through bitmask app which can
also create the pgp keys for email and download and use the
cert for vpn.
In addition this reduces the attack surface for js injection,
phishing and other browser based attacks.
For now we still keep the signup form in case providers link
to it directly. We also keep all the tests based on it. Cleanup
will happen right after 0.10.0 release.
|
|
This reverts commit cc95bb27e873dc6140f9a909a57f075a0ef2f387.
|
|
Somehow sass did not follow the rails assets path order.
Therefore the default tail.scss would stay in effect even when
there was a different tail.scss in the customization folder.
Adding the customization stylesheet folder to the sass load_paths
works around this for now. Still need to check if it works in
production though.
|
|
|
|
|
|
* reran the simple form initializer.
* wrapped submit buttons are now broken and need a fix.
* disabled confirmation validation in client side validations as the
error message always is attached to the wrong field.
|
|
The Active::Model modules of client side validations only get included
in CouchRest::Model::Base if the gems are loaded in the right order:
* activemodel is required first so the modules to extend are present
* client_side_validations is required next so its modules get included
* couchrest_model is required last so it includes the enhanced modules.
\
|
|
our special error handler for json requests would turn all exceptions
into 500s - removed it. now the rescue_responses can do their thing
again.
|
|
This will get us encrypted cookies but also requires changes to the platform.
fixes #23
|
|
|
|
enable testing error responses on the full rack stack.
|
|
That's the only thing the controller handles meaningful.
Before the route would also catch anything that started with a . interpreting
it as a format string. This lead to lots of false positives in our security
scanner.
|
|
|
|
The Readme file in the folder already ensures that it is kept. The .gitkeep was causing diffs in production
|
|
error response messages; added 'config/customization/images' + link in 'config/initializer/customization.rb'
|
|
|
|
twitter feature is set enabled == true
|
|
in header; fixed erb escaping characters problem without letting evil code pass; setting customized image file 'Avatar_Pic.png' in config/custo../assets to get loaded instead of default twitter-logo
|
|
|
|
to use twitter secrets-file has to be created
|
|
- only bearer token is needed to access Twitter API
|
|
|
|
|
|
|
|
|
|
|
|
There was a lot of special case handling going on in the users_controller
for this. Lot simpler this way.
|
|
This way we do not need to specify it all the times.
In the functional tests defaults do not get added automatically.
Introduced api_{get,put,post,delete} to add format and version default.
One to two functional tests failing, everything else passes.
|
|
|
|
This avoids overwriting the PROVIDER_JSON constant in the
StaticConfigController and thus fixes test warnings.
Also moved away from using instance variables in the
ControllerExtension::JsonFile - instead querying the corresponding
functions now - less sideeffects and easier stubbing.
|
|
|
|
|
|
exists? is deprecated in ruby 2.1
|
|
using twitter/typeahead instead which seems to have similar properties
|
|
This way the changed flash hash still is recognized.
Also changed the generic 'no_such_thing' i18n key to more specific 'no_such_user'.
The former is very hard to translate as the gender of thing may affect the translation of the 'no such' part.
|
|
|
|
environment.rb
boot.rb
application.rb
-> adopted according to http://railsdiff.org/3.2.22.2/4.2.6
Also dropped quite_assets - not sure if this is still needed with
rails 4.2. If it is we can bring it back.
|
|
Changed according to http://railsdiff.org/3.2.22.2/4.2.6
Includes setting logging to debug. Not sure if we want this.
I agree that it's good to have all info available in case something breaks.
|
|
Changed according to http://railsdiff.org/3.2.22.2/4.2.6
Also separated settings we added from those that rails has by default.
|
|
Changed according to http://railsdiff.org/3.2.22.2/4.2.6
Should also get rid of some warnings.
|
|
|
|
CouchRest > 1.2 does not use RestClient anymore. So we should not try to
catch its errors.
|
|
|
|
|
|
|
|
configured auth token.
|
|
token, "tmp" users are users that exist only in tmp db, "test" users are either tmp users or users named "test_user_x"
|
|
are configured in the static config, to be used for infrastructure monitoring.
|
|
|
|
|