Age | Commit message (Collapse) | Author |
|
fixes #8801
Includes a test reproducing 500 on lynx
We now make use of ActionController::Parameters require and permit
methods.
|
|
fixes #8807
|
|
Production instances are getting cluttered with invites from
test accounts. Instead of marking them as used we will now completely
remove them.
refers to #8804
refers to #8807\
|
|
On a failed login the warden failure app gets called.
Some of the params are changed accordingly but controller
and action remain.
set_locale would detect there was no locale in the path
and thus attempt to redirect. However the params still
belong to the previous request which was a POST to
Api::SessionsController.
This route does not respond to get requests and so it
would trigger a 404 in production and a 500 in development.
This commit prevents set_locale to act upon warden failure
app controller calls by adding /new to the list of
`NON_LOCALE_PATHS`. (The path is updated by warden to the
name of the action called in the failure app).
A test is included in this commit that tries to login
with an invalid username, password combination and a german
locale set.
fixes #8805
|
|
|
|
|
|
|
|
We now use the hash of the token for comparison and as the id.
In order to use it you need the original token though. So forms and
thus the session should have token.to_s rather than token.id.
|
|
|
|
* reran the simple form initializer.
* wrapped submit buttons are now broken and need a fix.
* disabled confirmation validation in client side validations as the
error message always is attached to the wrong field.
|
|
our special error handler for json requests would turn all exceptions
into 500s - removed it. now the rescue_responses can do their thing
again.
|
|
update all the dependencies.
minitest now wants assert_nil instead of assert_equal nil, ...
braintree now uses update_attributes rather than save.
|
|
Used to fail because the record already existed in the database
fixes #17
|
|
|
|
|
|
enable testing error responses on the full rack stack.
|
|
That's the only thing the controller handles meaningful.
Before the route would also catch anything that started with a . interpreting
it as a format string. This lead to lots of false positives in our security
scanner.
|
|
Related with https://github.com/pixelated/pixelated-user-agent/issues/924
With @aarni
|
|
Related with https://github.com/pixelated/pixelated-user-agent/issues/924
With @aarni
|
|
|
|
If a login was invalid as a username but also for the identity we used to have duplicate error messages. Let's avoid that.
Also added a test to make sure invite_code errors are properly displayed no matter what other fields are set or missing. Pixelated will rely on this to test invite codes
|
|
If you inherit respond to and call it again in your controller
it will not overwrite the previous but add to it.
Since we always have some exceptions from the rules it's probably
easiest to be explicit in the controllers that require it themselves.
|
|
It used to run the action and then trigger a 500 because the
template was not found.
fixes !3 .
|
|
|
|
This makes writing the tests for database names easier as they should
be the same strings on gitlab, travis and locally.
|
|
use_database affects all uses of prepare_database - so also the one
in tmp_database. In order to avoid that we do not use_database but
just overwrite the database method itself.
|
|
Couch docker image will be available on the host called couchdb.
So we use curl to check for it and display the version string.
And then we move a couchdb.yml config file into place so the right host
will be used.
|
|
for him/herself
So that it we do not expose the is_admin property to anyone else
including other admins.
|
|
feature/expose_admin_in_api
|
|
|
|
So that whoever consumes the API can use this attribute to
determine if admin functionalities should be made available to
the current user.
|
|
with_config is not mean to test the current config. It will
set the config. So instead we need to look into APP_CONFIG.
|
|
There was a lot of special case handling going on in the users_controller
for this. Lot simpler this way.
|
|
Otherwise this will mess up other tests.
|
|
|
|
This way we do not need to specify it all the times.
In the functional tests defaults do not get added automatically.
Introduced api_{get,put,post,delete} to add format and version default.
One to two functional tests failing, everything else passes.
|
|
|
|
It somehow managed to fail for a certain test order. Seems rather
rare though - have not been able to reproduce it in 5 runs.
Failed with --seed 60219.
|
|
|
|
This avoids overwriting the PROVIDER_JSON constant in the
StaticConfigController and thus fixes test warnings.
Also moved away from using instance variables in the
ControllerExtension::JsonFile - instead querying the corresponding
functions now - less sideeffects and easier stubbing.
|
|
rails 4 mixes model, controller and integration tests. So lets
give this one a better name
|
|
but you may not hand it a nil
|
|
This way the changed flash hash still is recognized.
Also changed the generic 'no_such_thing' i18n key to more specific 'no_such_user'.
The former is very hard to translate as the gender of thing may affect the translation of the 'no such' part.
|
|
|
|
|
|
|
|
|
|
|
|
Rails 4.2 runs all tests mixed together. So unit tests and integration tests
may not have conflicting names.
|
|
AccountLivecycleTest -> CRUD accounts
SecurityTest -> security specific tests
AdminTest -> admin specific tests
|