summaryrefslogtreecommitdiff
path: root/users/app/controllers
AgeCommit message (Collapse)Author
2013-11-25Give 404 error if one goes to /key/user for non-existing user.jessib
2013-11-21Refactoring of code, and tests.jessib
2013-11-18Need to cleanup some, but start to show public key for /key/usernamejessib
2013-11-06use the account lifecycle from UsersController#destroyAzul
2013-10-30notify user their account was successfully deleted (refs #4216)Azul
Also fixes a cornercase when admins deleted their own account. So far they would be redirected to the users list - which then refused access. Now they'll be redirected to the home landing page as well.
2013-09-24use token auth when accessing the api from webappAzul
One failing integration test still needs to be fixed
2013-09-18user.account shortcut to Account.new(user)Azul
2013-09-03Merge pull request #73 from azul/bugfix/3623-teardown-test-data-properlyjessib
Bugfix/3623 teardown test data properly
2013-09-03Merge pull request #75 from azul/feature/token-expiryjessib
Token expiry
2013-09-03clearify usage of V1::UsersController#index for autocompleteAzul
[skip ci]
2013-09-03remove email aliases controller - we don't use it anymoreAzul
2013-09-03Cleanup sessions controller - webapp logs in through the api.Azul
So the #create and #update actions were not needed anymore. Also removed the tests
2013-09-03Account: Composition to handle User and its identitiesAzul
We have a lot of things that act upon a user record and one or more of it's identities at the same time: * Sing up: Create a user and it's initial identity * Rename: Change the username and create a new identity, turn old into an alias * Cancel Account: Remove user and all their identities. In order to keep the User and Identity behaviour isolated but still have a this logic represented in a sinle place the Account model deals with all these things. We could have overwritten the User#create, User#update and User#destroy methods instead. But then we would always create identities, even if we only need a user (for example in tests).
2013-09-03use Token#authenticate for authenticationAzul
This will return the user. But we can add timestamp validations and updates here.
2013-09-02Remove references to email_settings controller, which has been removed. An ↵jessib
identities controller will replace it.
2013-08-30there's no need for User#find_by_param. clean it upAzul
2013-08-27Merge branch 'master' into billing_with_testsjessib
2013-08-27token.user will get you the right userAzul
This way we can stub the token to return the user directly. Stubbing User.find_by_param is not a good idea as it will make all calls to User#find_by_param with a different id fail.
2013-08-27do not redirect if no token presentAzul
So far we allow two mechanisms of authentication: * session based * token based If token fails session will be atempted in most cases. So we can't just redirect here or we get a double render error.
2013-08-27clear token on logout with testAzul
2013-08-27basic testing for token based auth in testsAzul
2013-08-27first steps towards enabling token based authAzul
2013-08-27sort authentication controller extensionAzul
2013-08-21return 204 NO CONTENT on API logoutAzul
That's the only meaningful response.
2013-07-24separate signup and settings service objects for userAzul
2013-07-24removed email settings controller and viewsAzul
PGP setting has been moved into account settings. It's using the API now issueing an Ajax request without any visual feedback. This obviously is not what we want but it hopefully suffices for uploading gpg keys for testing purposes before the Identity UI is in place.
2013-07-17fix account flow integration testAzul
not really sure what to do if the second step of srp auth is repeated.
2013-07-11Slight tweak in case we get back the default response to warden's fail!, ↵jessib
which is not an enumerable.
2013-07-11Merge branch 'master' into feature/authentication_generic_errorjessib
2013-07-09Merge branch 'master' into feature/authentication_generic_errorjessib
Conflicts: app/views/layouts/_messages.html.haml app/views/layouts/application.html.haml users/app/assets/javascripts/users.js.coffee
2013-07-08Merge branch 'master' into feature/disable_accountjessib
Conflicts: users/app/controllers/users_controller.rb users/app/helpers/users_helper.rb users/app/views/users/edit.html.haml users/app/views/users/show.html.haml users/config/locales/en.yml
2013-07-04redirect to root after user destroyelijah
2013-07-04user tests -- user update has been moved entirely to api controller, so fix ↵elijah
tests to reflect this.
2013-07-04allow forms with blank email forward.elijah
2013-07-04users - make a nice overview page (well, nice enough) and better users ↵elijah
index/search.
2013-07-04fix user typeaheadelijah
2013-07-04users engine changes - rewrite of the views, separate email settings to a ↵elijah
separate controller, make users_controller html only and v1/users_controller json only.
2013-07-04add js to report all errors to the user, not just ones related to field ↵elijah
validation.
2013-07-04add commented out code of how redirect should work with Warden, although I ↵elijah
can't get it working.
2013-07-04new ui - initial user changeselijah
2013-07-03Accounts can be enabled or not. Admins can edit this property.jessib
2013-06-27Want to tweak some, but start to displaying base generic message via javascript.jessib
2013-06-20For removing account, redirect to root path, and ask confirmation message:jessib
https://leap.se/code/issues/2923
2013-04-09return token on successful login via apiAzul
2013-04-02send more meaningful error message on completely failed login attemptAzul
2013-04-02send salt on Session#create without srp ephemeral AAzul
2013-03-01Merge pull request #32 from azul/feature/api-version-1-fixesazul
Feature: API version 1 fixes
2013-02-26api for sessions fixedAzul
* now we return the user id on login * allow a destroy request for logging out * added test for api sessions controller
2013-02-25Admins cannot update a user. Eventually we will want to allow admins to ↵jessib
update some user fields.
2013-02-19Only check if last email alias is valid if the user has a last email alias.jessib