| Age | Commit message (Collapse) | Author |
|---|
|
We are deprecating webapp based signup. It leads to an
inconsistent state for mail providers and offers no useful
interactions for vpn providers either.
Instead of trying to deal with the halve way signup through
the webapp we require signup through bitmask app which can
also create the pgp keys for email and download and use the
cert for vpn.
In addition this reduces the attack surface for js injection,
phishing and other browser based attacks.
For now we still keep the signup form in case providers link
to it directly. We also keep all the tests based on it. Cleanup
will happen right after 0.10.0 release.
|
|
We now use the hash of the token for comparison and as the id.
In order to use it you need the original token though. So forms and
thus the session should have token.to_s rather than token.id.
|
|
|
|
* reran the simple form initializer.
* wrapped submit buttons are now broken and need a fix.
* disabled confirmation validation in client side validations as the
error message always is attached to the wrong field.
|
|
There was a lot of special case handling going on in the users_controller
for this. Lot simpler this way.
|
|
|
|
AccountLivecycleTest -> CRUD accounts
SecurityTest -> security specific tests
AdminTest -> admin specific tests
|
|
get re-enabled.
|
|
Through the config param 'invite_required', providers can decide whether users need to provide an invite code upon signup.
The default setting is false.
|
|
|
|
Remove the change password test because the change password functionality is currently unused - however, it breaks with the new invite code field in the signup form.
|
|
|
|
There's an identities tab now for admins that will allow unblocking blocked handles. It should be easy to expand for aliases and forwards and other types of actions such as editing.
|
|
Feature/i18n for ticket system
|
|
|
|
We create an identity alongside each user. Make sure the identity
is valid when creating the user. This also ensures that the login
picked is available because otherwise the identities address would
not be available anymore.
|
|
|
|
preparing for #5664 with some test improvements i ran into this issue
This commit includes a fix and the test improvements. In particular it
adds BrowserIntegrationTest#login - so there is no need to go through the signup procedure everytime you want a user to be logged in.
|
|
Hiding them using two mechanisms in case one fails:
.hidden class - bootstrap hides them then
style='display:none' - so they are hidden even if css load fails
|
|
The client_side_validations gem is not maintained anymore and the validations
were not working lately. So instead of trying to fix it I started working on
independent validations for the password as it can't be validated on the
server due to SRP.
So far these validations are very primitive. They require 8 characters length
and a matching confirmation.
|
|
input or button can be used
|
|
|
