leap_web.git - [leap

Age	Commit message (Collapse)	Author
2017-03-23	bugfix: handle couch 404s	Azul
	our special error handler for json requests would turn all exceptions into 500s - removed it. now the rescue_responses can do their thing again.
2017-03-20	fix: 404 for missing pages template - fixes #9	Azul

2017-03-20	test: 404 response for missing key	Azul
	enable testing error responses on the full rack stack.
2017-03-20	bugfix: format: html for home roots	Azul
	That's the only thing the controller handles meaningful. Before the route would also catch anything that started with a . interpreting it as a format string. This lead to lots of false positives in our security scanner.
2017-03-10	Adds recovery code to user account	Thais Siqueira
	Related with https://github.com/pixelated/pixelated-user-agent/issues/924 With @aarni
2016-08-19	respond_to on a per controller basis	Azul
	If you inherit respond to and call it again in your controller it will not overwrite the previous but add to it. Since we always have some exceptions from the rules it's probably easiest to be explicit in the controllers that require it themselves.
2016-07-14	[feature] restrict is_admin in the user api, to only allow querying	NavaL
	for him/herself So that it we do not expose the is_admin property to anyone else including other admins.
2016-07-14	Merge branch 'develop' of https://github.com/leapcode/leap_web into ↵	NavaL
	feature/expose_admin_in_api
2016-06-22	[feature] expose is_admin in the user api	NavaL
	So that whoever consumes the API can use this attribute to determine if admin functionalities should be made available to the current user.
2016-05-23	move signup from users to account_controller	Azul
	There was a lot of special case handling going on in the users_controller for this. Lot simpler this way.
2016-05-21	tests: reset I18n.locale after locale_path_test	Azul
	Otherwise this will mess up other tests.
2016-05-20	include engine tests in default test	Azul

2016-05-18	api: allow version bumping - bump to 2	Azul

2016-05-02	upgrade: unique test names	Azul
	Rails 4.2 runs all tests mixed together. So unit tests and integration tests may not have conflicting names.
2016-05-02	split up integration account test	Azul
	AccountLivecycleTest -> CRUD accounts SecurityTest -> security specific tests AdminTest -> admin specific tests
2016-03-28	api: added get(:show) to identities and users, allow monitors to ↵	elijah
	create/delete test & tmp users.
2016-03-28	api tokens - clarify terms: "monitors" are admins that authenticated via api ↵	elijah
	token, "tmp" users are users that exist only in tmp db, "test" users are either tmp users or users named "test_user_x"
2016-03-28	api tokens: allow for special api tokens that work like session tokens but ↵	elijah
	are configured in the static config, to be used for infrastructure monitoring.
2016-02-10	allow user accounts to be re-enabled, and for associated identities to also ↵	elijah
	get re-enabled.
2015-09-28	Make invite code configurable	ankonym
	Through the config param 'invite_required', providers can decide whether users need to provide an invite code upon signup. The default setting is false.
2015-09-28	Fix the remaining failures/errors in our tests	ankonym
	Handing freshly generated invite codes to Factory Girl to make the tests pass
2015-09-28	Fix several test failures by stubbing invite code validation	ankonym

2015-09-28	Remove change password browser test	ankonym
	Remove the change password test because the change password functionality is currently unused - however, it breaks with the new invite code field in the signup form.
2015-09-28	Added an 'invite code' to all the tests for the sign-up form so we have a ↵	Aya Jaff
	valid user for the tests again
2015-07-14	fix i18n tests	elijah

2015-03-17	Better error message when a database is missing (very useful for nagios tests)	elijah

2015-03-17	add support for rotating tokens and sessions databases, and for a special ↵	elijah
	tmp db for test users.
2015-01-28	client certificates: allow for time units to be specified in ↵	elijah
	client_cert_lifespan config option.
2014-07-17	clean up error assertions in tests	Azul
	We're not testing the redirects anymore. But the error messages should be pretty clear already. We can start testing redirects again once we redirect to different places for different actions.
2014-07-14	clean up and simplify error responses and test code	Azul

2014-07-12	fix tests and simplify time calculations	Azul

2014-07-09	list identities based on search only	Azul

2014-07-05	Enable unblocking handles in identities tab	Azul
	There's an identities tab now for admins that will allow unblocking blocked handles. It should be easy to expand for aliases and forwards and other types of actions such as editing.
2014-05-30	Merge pull request #167 from azul/feature/i18n-for-ticket-system0.5.2-rc	azul
	Feature/i18n for ticket system
2014-05-29	clearify identity validations	Azul
	Identity.new.valid? should not crash. So validate presence where needed and skip the other validations if the value is absent.
2014-05-28	ensure identity is cleared on user.reload - fixes test	Azul

2014-05-28	use Identity for testing login availability	Azul
	We create an identity alongside each user. Make sure the identity is valid when creating the user. This also ensures that the login picked is available because otherwise the identities address would not be available anymore.
2014-05-26	sorting translation keys some	Azul

2014-05-26	Merge pull request #163 from azul/feature/3398-save-hashed-token	azul
	hash token with sha512 against timing attacs #3398
2014-05-26	hash token with sha512 against timing attacs #3398	Azul

2014-05-26	change from GET to POST for certs	Azul
	We create them. let's reflect that in the verb.
2014-05-19	store fingerprints with timestamp	Azul
	Only storing the date as that should suffice for normal expiry and is less useful for identifying users by timestamps
2014-05-19	store cert fingerprint with main user identity	Azul

2014-05-19	SmtpCertsController, routes and tests	Azul

2014-05-19	basic integration test for cert API	Azul

2014-05-13	allow for usernames with dots	Azul
	preparing for #5664 with some test improvements i ran into this issue This commit includes a fix and the test improvements. In particular it adds BrowserIntegrationTest#login - so there is no need to go through the signup procedure everytime you want a user to be logged in.
2014-05-06	hide srp forms when no js is available	Azul
	Hiding them using two mechanisms in case one fails: .hidden class - bootstrap hides them then style='display:none' - so they are hidden even if css load fails
2014-04-30	remove outdated os detection test	Azul

2014-04-25	basic password validation without client side gem	Azul
	The client_side_validations gem is not maintained anymore and the validations were not working lately. So instead of trying to fix it I started working on independent validations for the password as it can't be validated on the server due to SRP. So far these validations are very primitive. They require 8 characters length and a matching confirmation.
2014-04-25	make test independent of button tag	Azul
	input or button can be used