Age | Commit message (Collapse) | Author |
|
|
|
authorize_admin -> require_admin
also add require_token which will ensure token has been used for auth.
|
|
|
|
|
|
Bugfix/3623 teardown test data properly
|
|
[skip ci]
|
|
We have a lot of things that act upon a user record and one or more of it's identities at the same time:
* Sing up: Create a user and it's initial identity
* Rename: Change the username and create a new identity, turn old into an alias
* Cancel Account: Remove user and all their identities.
In order to keep the User and Identity behaviour isolated but still have a this logic represented in a sinle place the Account model deals with all these things.
We could have overwritten the User#create, User#update and User#destroy methods instead. But then we would always create identities, even if we only need a user (for example in tests).
|
|
|
|
PGP setting has been moved into account settings. It's using the API now issueing an Ajax request without any visual feedback.
This obviously is not what we want but it hopefully suffices for uploading gpg keys for testing purposes before the Identity UI is in place.
|
|
tests to reflect this.
|
|
|
|
separate controller, make users_controller html only and v1/users_controller json only.
|
|
There was a weird case with reloading the user in the test if the public key had been unset.
|
|
|
|
|
|
Just a very simple start for now.
Do we want to use the api for the secure remote password auth from js?
|