summaryrefslogtreecommitdiff
path: root/test
AgeCommit message (Collapse)Author
2017-11-16fix: respond with error on invalid pgp keyAzul
We used to just ignore the key. Also separated the code for handling key updates from other user updates. This should eventually be moved to a different route. Mixing the two makes the implementation really hard.
2017-11-16minor: clean up account testAzul
also ensures that created user is cleaned up even if test fails
2017-11-13fix: alternate email dialogueAzul
fixes #8796 Cleaned up UserController#update earlier but missed that it was used to change fallback email addresses. Now it is back. This time including an integration test.
2017-11-08fix #8010 - publish public key in webfingerAzul
we were simply referring to the wrong key. includes test
2017-11-07Merge branch '8800-hand-out-configs-json-without-authentication' into 'master'azul
feat: allow unauthenticated access to list of configs Closes #8800 See merge request leap/webapp!45
2017-10-24fix: sanity checks on user paramsAzul
fixes #8801 Includes a test reproducing 500 on lynx We now make use of ActionController::Parameters require and permit methods.
2017-10-24fix: also remove invite codes used for tmp usersAzul
fixes #8807
2017-10-17fix: destroy invites used to create test accountsAzul
Production instances are getting cluttered with invites from test accounts. Instead of marking them as used we will now completely remove them. refers to #8804 refers to #8807\
2017-10-16fix: login error message with locale setAzul
On a failed login the warden failure app gets called. Some of the params are changed accordingly but controller and action remain. set_locale would detect there was no locale in the path and thus attempt to redirect. However the params still belong to the previous request which was a POST to Api::SessionsController. This route does not respond to get requests and so it would trigger a 404 in production and a 500 in development. This commit prevents set_locale to act upon warden failure app controller calls by adding /new to the list of `NON_LOCALE_PATHS`. (The path is updated by warden to the name of the action called in the failure app). A test is included in this commit that tries to login with an invalid username, password combination and a german locale set. fixes #8805
2017-09-11feat: allow unauthenticated access to list of configsAzul
This should simplify client code significantly according to platform#8849
2017-08-15remove merge cruftelijah
2017-08-15use i18n for login testelijah
2017-08-07prevent token conflictsAzul
2017-04-20fix: set token in forms correctlyAzul
We now use the hash of the token for comparison and as the id. In order to use it you need the original token though. So forms and thus the session should have token.to_s rather than token.id.
2017-04-03feature: delete user clearing usernameAzul
2017-03-27upgrade: simple_form to bootstrap 3Azul
* reran the simple form initializer. * wrapped submit buttons are now broken and need a fix. * disabled confirmation validation in client side validations as the error message always is attached to the wrong field.
2017-03-23bugfix: handle couch 404sAzul
our special error handler for json requests would turn all exceptions into 500s - removed it. now the rescue_responses can do their thing again.
2017-03-22upgrade: bundleAzul
update all the dependencies. minitest now wants assert_nil instead of assert_equal nil, ... braintree now uses update_attributes rather than save.
2017-03-21test: admin user api always greenAzul
Used to fail because the record already existed in the database fixes #17
2017-03-21fix: 404 on key request with non html content-typeAzul
2017-03-20fix: 404 for missing pages template - fixes #9Azul
2017-03-20test: 404 response for missing keyAzul
enable testing error responses on the full rack stack.
2017-03-20bugfix: format: html for home rootsAzul
That's the only thing the controller handles meaningful. Before the route would also catch anything that started with a . interpreting it as a format string. This lead to lots of false positives in our security scanner.
2017-03-10Validates recovery code as hexadecimal data.Thais Siqueira
Related with https://github.com/pixelated/pixelated-user-agent/issues/924 With @aarni
2017-03-10Adds recovery code to user accountThais Siqueira
Related with https://github.com/pixelated/pixelated-user-agent/issues/924 With @aarni
2017-03-02Fix keys route to accept usernames with dotsTulio Casagrande
2016-11-17bugfix: only send login errors onceAzul
If a login was invalid as a username but also for the identity we used to have duplicate error messages. Let's avoid that. Also added a test to make sure invite_code errors are properly displayed no matter what other fields are set or missing. Pixelated will rely on this to test invite codes
2016-08-19respond_to on a per controller basisAzul
If you inherit respond to and call it again in your controller it will not overwrite the previous but add to it. Since we always have some exceptions from the rules it's probably easiest to be explicit in the controllers that require it themselves.
2016-08-17bugfix: send 406 if an unexpected format is asked forAzul
It used to run the action and then trigger a 500 because the template was not found. fixes !3 .
2016-08-15[ci] move configs into config dirAzul
2016-08-15[ci] use default db prefix on gitlab and travisAzul
This makes writing the tests for database names easier as they should be the same strings on gitlab, travis and locally.
2016-08-12[db] def database on users instead of use_databaseAzul
use_database affects all uses of prepare_database - so also the one in tmp_database. In order to avoid that we do not use_database but just overwrite the database method itself.
2016-08-08[ci] setup couch for gitlabAzul
Couch docker image will be available on the host called couchdb. So we use curl to check for it and display the version string. And then we move a couchdb.yml config file into place so the right host will be used.
2016-07-14[feature] restrict is_admin in the user api, to only allow queryingNavaL
for him/herself So that it we do not expose the is_admin property to anyone else including other admins.
2016-07-14Merge branch 'develop' of https://github.com/leapcode/leap_web into ↵NavaL
feature/expose_admin_in_api
2016-07-05fix email unit test - need to require nowAzul
2016-06-22[feature] expose is_admin in the user apiNavaL
So that whoever consumes the API can use this attribute to determine if admin functionalities should be made available to the current user.
2016-05-23fix config check in submit_signupAzul
with_config is not mean to test the current config. It will set the config. So instead we need to look into APP_CONFIG.
2016-05-23move signup from users to account_controllerAzul
There was a lot of special case handling going on in the users_controller for this. Lot simpler this way.
2016-05-21tests: reset I18n.locale after locale_path_testAzul
Otherwise this will mess up other tests.
2016-05-20include engine tests in default testAzul
2016-05-20api: set defaults for version in routesAzul
This way we do not need to specify it all the times. In the functional tests defaults do not get added automatically. Introduced api_{get,put,post,delete} to add format and version default. One to two functional tests failing, everything else passes.
2016-05-18api: allow version bumping - bump to 2Azul
2016-05-09test: make identity test locale independentAzul
It somehow managed to fail for a certain test order. Seems rather rare though - have not been able to reproduce it in 5 runs. Failed with --seed 60219.
2016-05-09minor: cleanup debug message in testAzul
2016-05-03use APP_CONFIG[config_file_paths] for provider.jsonAzul
This avoids overwriting the PROVIDER_JSON constant in the StaticConfigController and thus fixes test warnings. Also moved away from using instance variables in the ControllerExtension::JsonFile - instead querying the corresponding functions now - less sideeffects and easier stubbing.
2016-05-03fix type mismatch TokenAuthTestAzul
rails 4 mixes model, controller and integration tests. So lets give this one a better name
2016-05-02tests: Validator.new has optional options hashAzul
but you may not hand it a nil
2016-05-02test: use assert_error_response in functional testAzul
This way the changed flash hash still is recognized. Also changed the generic 'no_such_thing' i18n key to more specific 'no_such_user'. The former is very hard to translate as the gender of thing may affect the translation of the 'no such' part.
2016-05-02upgrade: use bootstrap3 variable names in leap.scssAzul