Age | Commit message (Collapse) | Author |
|
We have a lot of things that act upon a user record and one or more of it's identities at the same time:
* Sing up: Create a user and it's initial identity
* Rename: Change the username and create a new identity, turn old into an alias
* Cancel Account: Remove user and all their identities.
In order to keep the User and Identity behaviour isolated but still have a this logic represented in a sinle place the Account model deals with all these things.
We could have overwritten the User#create, User#update and User#destroy methods instead. But then we would always create identities, even if we only need a user (for example in tests).
|
|
|
|
That's the only meaningful response.
|
|
|
|
PGP setting has been moved into account settings. It's using the API now issueing an Ajax request without any visual feedback.
This obviously is not what we want but it hopefully suffices for uploading gpg keys for testing purposes before the Identity UI is in place.
|
|
not really sure what to do if the second step of srp auth is repeated.
|
|
tests to reflect this.
|
|
|
|
separate controller, make users_controller html only and v1/users_controller json only.
|
|
|
|
|
|
* now we return the user id on login
* allow a destroy request for logging out
* added test for api sessions controller
|
|
There was a weird case with reloading the user in the test if the public key had been unset.
|
|
|
|
|
|
|
|
Just a very simple start for now.
Do we want to use the api for the secure remote password auth from js?
|