summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2017-08-07Version 0.9.1 - bugfixes0.9.1Azul
Plain bugfix release for 0.9: * prevent token conflicts * custom: fix stylesheet customization * fix: set token in forms correctly
2017-04-03Version 0.9.0 - twitter, rails 4 and deprecations0.9.0Azul
This release features a great contribution from the Rails Girls Summer of Code: The landing page of the webapp can now include a twitter feed to display news from the provider. Other than that this is a maintainance and transition release. * Twitter feed on main page (thanks theaamanda and lilaluca). * upgrade to rails 4.2 * upgrade to bootstrap 3 Upgrading: * We now use rails 4's `secret_key_base`. Please make sure to supply it in config/config.yml for production environments. If you are using the leap platform that will already take care of it. Deprecations: * We have not seen any active use of the **billing** functionality. So we deprecate it and will probably drop it in one of the next releases. * We will replace the user facing **help desk** functionality with a single sign on mechanism to integrate with other help desk systems. We will maintain the endpoint to submit tickets and the ticket management in the admin interface. That way it should also be easy to create your own ticket submission form. * We deprecate the ability to **signup and login** directly through the webapp. We will remove it in the future for security reasons. Signup and Login should only happen through bitmask to prevent password phishing and js injections.
2017-03-23bugfix: handle couch 404sAzul
our special error handler for json requests would turn all exceptions into 500s - removed it. now the rescue_responses can do their thing again.
2016-10-20Merge remote-tracking branch 'origin/develop'Azul
We'll only use the master branch for development from now on.
2016-08-16Version 0.8.1Azul
* upgrade to rails 3.2.22.4 * fix ticket url issue
2016-08-15simple_form: fix enhancement to work with latest railsAzul
2016-08-12[db] def database on users instead of use_databaseAzul
use_database affects all uses of prepare_database - so also the one in tmp_database. In order to avoid that we do not use_database but just overwrite the database method itself.
2016-08-12[db] remove DatabaseMethod import from TemporaryUserAzul
It was causing 404s on initializing the database with db:migrate. DatabaseMethods rewrite of #database does not call prepare_database and thus does not create the database when needed. DatabaseMethod is also quite a bit too much for a model that has two databases that can be memoized easily. There's no way to have a separate database instance per record.
2016-08-12move temporary_user into lib - fix load issueAzul
We already did the same for other concerns. The way we load models for couchrest migrations does not work well with concerns in the model directory as they will be loaded twice.
2016-07-05Fix db:migrate and similar tasksAzul
We saw errors from duplicate loading of LocalEmail and LoginFormatValidation. The latter resulted in a crash. In an attempt to ensure all subclasses of Couchrest::Model::Base are loaded Couchrest::Model::Utils::Migrate requires all files in app/models. We have an extension that does the same for the engines. During this process LoginFormatValidation and LocalEmail were autoloaded when 'identity' was required. Afterwards they were required again. It looks like rails' autoload mechanism does not play nicely with require. So to make sure they are not autoloaded first move the concerns and helper classes into the lib directory and require them explicitly.
2016-05-20include engine tests in default testAzul
2016-05-02upgrade: {File,Dir}.exists? -> exist?Azul
exists? is deprecated in ruby 2.1
2016-05-02upgrade: remove references to RestClientAzul
CouchRest > 1.2 does not use RestClient anymore. So we should not try to catch its errors.
2016-05-01Version 0.8.00.8.0Azul
This version ships with improvements implemented during rails girls summer of code 2015 (in no particular order): * Providers now can require invite codes * Admins can disable and enable users * Payments and subscriptions are possible Thanks heaps to @ankonym, Aya, @claucece and @EvyW. Also thanks a lot to rails girls summer of code and thoughtworks for the organization and coaching. We also include a bunch of smaller bugfixes. For details see the list below: Bugfixes to prepare for 0.8.0 release: * upgrade: couchrest_session_store to 0.3.1 * remove outdated couchrest hack * allow monitor auth to create users even if invites are normally required. * disable per-user message tests (since this feature currently disabled) * api: added super simple motd, closes #7866 Add api support for admin authentication tokens: * api: return proper 404 for GET /1/identities/:id.json * api: added json error pages, allow "." in the :id param of all api routes * api: added get(:show) to identities and users, allow monitors to create/delete test & tmp users. * api: added allow ability to limit what IPs can access api using a static configured auth token. * api tokens - clarify terms: "monitors" are admins that authenticated via api token, "tmp" users are users that exist only in tmp db, "test" users are either tmp users or users named "test_user_x" * api tokens: allow for special api tokens that work like session tokens but are configured in the static config, to be used for infrastructure monitoring. Upgrade to latest rails 3.2: * upgrade: downgrade rake to 10.x * upgrade: use latest rails 3.2 version Smaller fixes: * Handle conflict on token cleanup - fixes #7670 * updated changes file * added travis build status to readme * allow user accounts to be re-enabled, and for associated identities to also get re-enabled. * use RUBY_VERSION instead of :platform for Gemfile (since jessie has a really old bundler) * disable failing cucumber test (leap_web is doing the right thing, the test is just weird). * internet says that bundler on travis might be what is causing test fail, so force install the lastest one. * remove cert fingerprints for disabled users, so that they cannot send email anymore. closes #7690 * vendor certificate_authority, because travis does not like pulling it from github. * travis ci does not support :platform => :ruby_22, so remove for now. * enable byebug for tests * change the default of config.assets.debug for development env. * fix ticket display bug * retain locale in URL when logging in and signing up, and ajax actions in general. Admin UI overhaul: * added UI for invite codes * added caution tape img. * highlight admin areas with caution tape (wip) * fix user list Generate Invite Codes without code_coupon gem: * Cleaned up last traces of the Great Git Mess * Remove Coupon Code gem and make invite code = id * Replace Coupon Code gem for invite code creation * Remove Coupon Code gem and make invite code = id * Remove Coupon Code gem from Gemfile * Replace Coupon Code gem for invite code creation * Fix the InviteCode initialize method so leap_web tests stay green * Adjust the rake task to make id = invite code * set rbenv pin to 2.1.5 Pull request #204 from pixelated/fix_payment_check * [bug] Only show donation if payment present Payment and Subscriptions (Pull request #198 from claucece/develop): * Reverting submodule update * updated version of fakebraintree * changed capybara time * fixed gem file * add test to payments and subscriptions * deleted comment * questions added * readme * updated readme * add a comment regarding home * update to haml, created translations, deleted files * add subscriptions * add subs_index and start show * changed routes and links * subscriptions, translation * subscriptions, haml and translations * added customers, recurring payment and payment_info * just played a little * correctly set up comments * added payment_info, _customer_form, sucess instances * Donation button * add donate button, bitcoin, payment_method * implemented the form and the generate Enable/Disable users as admin (Pull request #196 from EvyW/develop): * identing 2 * Identing first line * with out identing * Translation changes * changes style sheets * index changes * commit user haml * Update leap.scss * test users_controller_test * fixing translations * spanish translations for user actions * adding ability to disable/enable users by admin Allow invites for multiple people: (Pull request #201 from Alster-Hamburgers/multi-invite) * Adjusted the rake task with comments by @azul * Small code cleanup in the rake task * Cleaned up invite code output for platform tests * Adjust rake task with renamed max_uses * Integrated feedback on multi-invite codes * Update rake task to allow generation of multi-use invites * Allow multi-use invite codes Pull request #200 from Alster-Hamburgers/localization * Add the localization keys for invite_code and password confirmation Require invite codes for signup based on config setting: (Pull request #194 from Alster-Hamburgers/feature/invite_code) * Add localization labels to signup form and user.en.yml * Make invite code configurable * Cleaned up code in invite_code_validator.rb * Removed the view_by__id from invite code test * Fixed the signup bug that wrongly consumes the invite code. * Fix cucumber tests by passing valid invite code * Fix the remaining failures/errors in our tests * Fix three unit tests by passing Factory Girl a valid invite code * Fix several test failures by stubbing invite code validation * Separate user and invite code validator tests * Fixes for the invite code validator * Make sure codes can only be used once, fix validations * Add rake task for invite code batch generation * assign random invite code when creating new invite codes * Remove change password browser test * Fix test based on actual invite code validation * Changed invite code query to look for invite_code string instead of id * Add validation of invite code in user object based on codes in couch db * Add invite code model * Added an 'invite code' to all the tests for the sign-up form so we have a valid user for the tests again * Update submodule srp to 9e1a41733 * Move account form info from srp_js into leap_web * Adding invite code field to signup with validation for hardcoded invite code * Disable CSRF token verification on ticket creation. Fix issues found during start of rails girls summer of code: * couchrest_model 2.0.1 fixes find_by_sth(nil) * Update README with docs from website & instructions on local DB * Bump therubyracer to 0.12.2 * improved README.md * do not include random cruft in the common name of smtp client certificates
2016-04-26remove outdated couchrest hackAzul
We had rewritten use_database so it would not crash the entire app if couch was not available at the time of initialization. couchrest now moved on and only sets the database name on use_database. The database will only be queried once it is really needed. So pretty much exactly what we want. Our hack instead caused quite a bit of problems as it would still initialize the database during start. This way the app would remain in an invalid state even when couch came back.
2015-10-13Merge pull request #201 from Alster-Hamburgers/multi-inviteazul
Allow multi-use invite codes
2015-10-12Adjusted the rake task with comments by @azulankonym
Basically made the code a bit prettier :)
2015-10-06Small code cleanup in the rake taskankonym
2015-10-06Cleaned up invite code output for platform testsankonym
This still had some test output that gets in the way of easy printing and a LEAP platform test
2015-10-06Adjust rake task with renamed max_usesankonym
2015-10-02Update rake task to allow generation of multi-use invitesankonym
The rake task now takes a second (optional) argument that sets the number of uses per invite code. If this is omitted, the default number of uses is 1. (This commit also contains some minor code cleanup that removes some stuff that I'd commented out but not removed.)
2015-10-01Add the localization keys for invite_code and password confirmationankonym
2015-09-28Add rake task for invite code batch generationankonym
2015-08-05updated locale files0.7.1version/0.7.1elijah
2015-08-04Made the default front-page welcome text translatable.elijah
2015-08-03updated en_US.ymlelijah
2015-08-03fix missing translations: get help and cancel.elijah
2015-07-14a couple minor fixes for l10nelijah
2015-06-30updated locale fileselijah
2015-06-15imported new locales from transifexelijah
2015-04-30added support for email notifications of ticket changeselijah
2015-04-20fixed warnings that gems are defined multiple times in Gemfileelijah
2015-03-31fix travis: use couchdb.admin.yml and pin travis ruby version to one that is ↵elijah
installed on travis-ci.org
2015-03-17add support for rotating tokens and sessions databases, and for a special ↵elijah
tmp db for test users.
2014-10-20updated i18n:bundle task so that transifex can pull in strings automatically ↵elijah
from a stable url.
2014-10-09added a rake task i18n:bundle in order to support uploading strings to transifexelijah
2014-07-21Version 0.6.00.6.0Azul
We now allow admins to unblock handles of users who deleted their accounts. The admin interface also received some bugfixes. On the API side of things we support validation of SMTP certs and added an endpoint that requires authentication for retrieving the configuration files. Here's the list of changes: Pull request #181 from azul/feature/allow_anonymous_config_access * Allow fetching configs if anonymous EIP access is allowed Pull request #180 from azul/feature/messages-api * fix messages feature to match latest response format * add translation and fix tests * some cleanup of the messages api and cuke feature Pull request #176 from azul/feature/api-authenticated-configs * cuke: drop jsonpath, use simple keys instead * make sure i18n key can be found (cascade) * clean up error assertions in tests * fix controller refactor and features * move fetch_user into module so it can be mixed in * send config files from ConfigsController * ApiController with API style auth * clean up and simplify error responses and test code * move unauthenticated api endpoints into separate feature * send static list of configs for now * use cucumber; initial ConfigsController * render valid json error if provider file not found * SessionsController#unauthenticated for 401s * separate login_required from access denied response * rename warden extension to patch the original Pull request #179 from fbernitt/issue_5217_addendum * Moved check for allow_registration into filter. Pull request #175 from azul/feature/view-for-valid-certs * allow querying for the expiry of a particular fingerprint * fix tests and simplify time calculations * Identity view cert_fingerprints_by_expiry * store expiry with cert fingerprints Pull request #178 from fbernitt/issue_5217_allow_registration * Added allow_registration toggle. Pull request #174 from azul/bugfix/admin-navigates-all-tickets * adopt ticket list test to new behaviour * only use user ticket(s) path for real users * stay on all tickets view when sorting (#5879) Pull request #173 from azul/feature/unblock-handles * list identities based on search only * make link_to_navigation more generic and reuse it * Enable unblocking handles in identities tab * backport bootstraps 3.2s list-inline * move braintree initilializer into core * remove dummy app * create client certificates with generous not_before (fixes #5884)
2014-07-14use cucumber; initial ConfigsControllerAzul
2014-07-14rename warden extension to patch the originalAzul
the Warden::SessionSerializer was not getting loaded at all because we had a file by the same name. We want it to get loaded and be patched instead.
2014-07-12minor: fix typo in load_viewsAzul
It removed most of the reduce functions... really not what we wanted
2014-07-12Identity view cert_fingerprints_by_expiryAzul
Also move complex identity views into js designs. Includes test. Here's how you would query it from outside rails: ``` $ curl 'localhost:5984/identities/_design/Identity/_view/cert_fingerprints_by_expiry?startkey="2014-07-05"' {"total_rows":4,"offset":1,"rows":[ {"id":"6c9091d4f13eaeaa6062c9d0528fd34d","key":"2014-07-05","value":"fingerprint"}, {"id":"6f3aa93828b4f6978d551f2623b9d103","key":"2014-07-05","value":"fingerprint"}, {"id":"b6cafacfa65042679691cd5065fb19e3","key":"2014-07-07","value":"fp"} ]} ``` Note that the expiry will be used as the key. So you should use the current data (or yesterday) as the startkey to get all fingerprints that have not expired yet. The fingerprint itself is in the value. No need to include docs.
2014-07-01Version 0.5.30.5.3Azul
This release enables using custom gems in the leap platform customization. It also fixes cornercases during the account creation and documents debugging in production. * android app now supports signup, so change text that said otherwise. * added debugging note to DEVELOP.md * Account.create - do a User.new instead of User.create, so that we can report the errors on the object if not saved. Pull request #172 from elijh/feature/customgem * Gemfile: fix problem when config is missing environments * support for optional gems in Gemfile (engines/ and * config/customization/gems/) Pull request #171 from elijh/feature/identityfail * if identity fails to be created, destroy the user. also, pass through identity errors to user and add identity class hook.
2014-06-17Gemfile: fix problem when config is missing environmentselijah
2014-06-17support for optional gems in Gemfile (engines/ and config/customization/gems/)elijah
2014-06-09Version 0.5.20.5.2Azul
Hotfix since 0.5.2 release candiate: * tickets: fix bug that allow index of other users Pull request #167 from azul/feature/i18n-for-ticket-system: * fix flash for creating anonymous tickets * adopt tests to new translations * destroy_btn helper method * move users key into layouts scope so it does not conflict with users scope * add btn helper for link_to with .btn * remove icon_color variable - yagni * sorting translation keys some * navigation works with empty locale selected * tickets: structure i18n * flash_for with_errors option displays error messages * remove unused bold helper and instead sanitize flash * Controller#flash_for instead of FlashResponder * split up and refactor TicketController#update * separate tests for the ticket list from main controller test * splitting up long functional test case * move comment related tests out of TicketControllerTest * use i18n.missing_translations Pull request #168 from azul/bugfix/fix-login-validations: * clearify identity validations * ensure User#reload returns self * hand on errors from Email to Identity to User * catch corner cases of account creation * adopt tests to new error messages for identities * allow changing the user_id on an identity * ensure identity is cleared on user.reload - fixes test * use Identity for testing login availability Pull request #163 from azul/feature/3398-save-hashed-token * hash token with sha512 against timing attacs #3398 Pull request #165 from azul/feature/cert-fingerprints * change from GET to POST for certs * store fingerprints with timestamp * store cert fingerprint with main user identity * SmtpCertsController, routes and tests * fix Email so User.new.valid? does not crash * basic integration test for cert API * calculate cert fingerprints to store for leap_mx Pull request #166 from elijh/feature/footer * better detection if price link should be shown in the footer Pull request #162 from azul/feature/3295-custom-error-pages * little bit of documentation * i18n for error pages * custom error pages for 404 and 500 errors
2014-05-26tickets: structure i18nAzul
2014-05-26FlashResponder will automagically add flash messagesAzul
2014-05-16Version 0.5.10.5.1Azul
Changes since 0.5.0 * Message API * Payment reminder messages * Messages to Warn after expiring trial period * cleanup and refactoring of messages code * require token authentication for API * rename security related functions to be clear * nagios test for webapp login * nagios test for soledad sync * prevent crash when destroying tokens (#5382) * redirect home when logged in visits /signup (#5446) * large refactoring of engine and directory layout * move users engine into main * move certs engine into main * update documentation for new engine layout * move remaining engines into engines directory * rename help engine to support * refactor nagios tests with support classes * nagios test for registering new users * enable nagios tests to work with older versions of requests lib * API endpoint for requesting the current service_level * null pattern refactoring for current_user as UnauthenticatedUser * rename UnauthenticatedUser to AnonymousUser * change service level configuration strategy * bringing back empty cert prefixes * adopt service_level config to platform settings * add signup and login info on the forms * cleanup homepage * unify wording for destroying accounts * recover from invalid tickets (#5552) * remove cert link in development * display notice that client signup is prefered (#5549) * capitalize Loading... indicator (#5542) * use simple_form for all forms * ensure buttons are properly loading and reset * open close toggle in ticket header * translate signup and login buttons * basic password validation (#5557) * reduce client_side_validations dependency (to be removed) * simplify download button * remove OS specific download buttons * adopt pricing view to current service_level format * upgrade debugger to work with latest ruby 1.9.3 patch release * hide srp forms when js is disabled (#5548) * allow for usernames with dots * fix ticket form submission and validation (#5657) * stop email autofil for ticket forms (#5664) * User#email returns email addresses only if service provided * move User Control Panel heading out of masthead (#5658) * open/close toggle and fields in different forms (#5659) * upgrade rails to 3.2.18 for security fixes
2014-04-25simple form: add wrapped and loading... buttons #5542Azul
the loading... text on the buttons was not capitalized before. So in order to change this in a (more or less) single place i added new button types to simple_form: button :wrapped - normal button, with loading and an optional cancel button wrapped in the classical bootstrap action div. cancel option contains the url to go to when canceling. button :loading - simple button with loading text capitalized by using i18n (simple_form.buttons.loading) Conflicts: engines/support/app/views/tickets/new.html.haml
2014-04-11move engines into engines directoryAzul
Also renamed help to support so it's harder to confuse it with documentation