Age | Commit message (Collapse) | Author |
|
We now use the hash of the token for comparison and as the id.
In order to use it you need the original token though. So forms and
thus the session should have token.to_s rather than token.id.
|
|
|
|
* reran the simple form initializer.
* wrapped submit buttons are now broken and need a fix.
* disabled confirmation validation in client side validations as the
error message always is attached to the wrong field.
|
|
our special error handler for json requests would turn all exceptions
into 500s - removed it. now the rescue_responses can do their thing
again.
|
|
|
|
enable testing error responses on the full rack stack.
|
|
That's the only thing the controller handles meaningful.
Before the route would also catch anything that started with a . interpreting
it as a format string. This lead to lots of false positives in our security
scanner.
|
|
Related with https://github.com/pixelated/pixelated-user-agent/issues/924
With @aarni
|
|
If you inherit respond to and call it again in your controller
it will not overwrite the previous but add to it.
Since we always have some exceptions from the rules it's probably
easiest to be explicit in the controllers that require it themselves.
|
|
for him/herself
So that it we do not expose the is_admin property to anyone else
including other admins.
|
|
feature/expose_admin_in_api
|
|
So that whoever consumes the API can use this attribute to
determine if admin functionalities should be made available to
the current user.
|
|
There was a lot of special case handling going on in the users_controller
for this. Lot simpler this way.
|
|
Otherwise this will mess up other tests.
|
|
|
|
|
|
Rails 4.2 runs all tests mixed together. So unit tests and integration tests
may not have conflicting names.
|
|
AccountLivecycleTest -> CRUD accounts
SecurityTest -> security specific tests
AdminTest -> admin specific tests
|
|
create/delete test & tmp users.
|
|
token, "tmp" users are users that exist only in tmp db, "test" users are either tmp users or users named "test_user_x"
|
|
are configured in the static config, to be used for infrastructure monitoring.
|
|
get re-enabled.
|
|
Through the config param 'invite_required', providers can decide whether users need to provide an invite code upon signup.
The default setting is false.
|
|
Handing freshly generated invite codes to Factory Girl to make the tests pass
|
|
|
|
Remove the change password test because the change password functionality is currently unused - however, it breaks with the new invite code field in the signup form.
|
|
valid user for the tests again
|
|
|
|
|
|
tmp db for test users.
|
|
client_cert_lifespan config option.
|
|
We're not testing the redirects anymore. But the error messages should be pretty clear already. We can start testing redirects again once we redirect to different places for different actions.
|
|
|
|
|
|
|
|
There's an identities tab now for admins that will allow unblocking blocked handles. It should be easy to expand for aliases and forwards and other types of actions such as editing.
|
|
Feature/i18n for ticket system
|
|
Identity.new.valid? should not crash. So validate presence where needed and
skip the other validations if the value is absent.
|
|
|
|
We create an identity alongside each user. Make sure the identity
is valid when creating the user. This also ensures that the login
picked is available because otherwise the identities address would
not be available anymore.
|
|
|
|
hash token with sha512 against timing attacs #3398
|
|
|
|
We create them. let's reflect that in the verb.
|
|
Only storing the date as that should suffice for normal expiry and is less useful for identifying users by timestamps
|
|
|
|
|
|
|
|
preparing for #5664 with some test improvements i ran into this issue
This commit includes a fix and the test improvements. In particular it
adds BrowserIntegrationTest#login - so there is no need to go through the signup procedure everytime you want a user to be logged in.
|
|
Hiding them using two mechanisms in case one fails:
.hidden class - bootstrap hides them then
style='display:none' - so they are hidden even if css load fails
|