Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-10-17 | blacklist system logins for aliases and logins | Azul | |
We blacklist based on three things: * blacklist in APP_CONFIG[:handle_blacklist] * emails in RFC 2142 * usernames in /etc/passwd The latter two can be allowed by explicitly whitelisting them in APP_CONFIG[:handle_whitelist]. We stick to blocking names that have been configured as both blacklisted and whitelisted - better be save than sorry. | |||
2013-09-26 | Since local part of email is case sensitive, want to allow remote email ↵ | jessib | |
addresses with uppercase letters in local part. | |||
2013-09-25 | visual feedback when submitting forms (#3164) | Azul | |
This also helps with the failing integration test. We needed a way to tell the ajax request was back. Observing the button state now works for that. | |||
2013-09-24 | use token auth when accessing the api from webapp | Azul | |
One failing integration test still needs to be fixed | |||
2013-09-23 | This ensures that email addresses contain only lowercase letters, and that ↵ | jessib | |
an identity's destination is a valid Email. | |||
2013-09-19 | Merge branch 'develop' into feature/only_lower_case_aliases | jessib | |
2013-09-18 | user.account shortcut to Account.new(user) | Azul | |
2013-09-09 | Merge branch 'develop' into feature/only_lower_case_aliases | jessib | |
2013-09-05 | For moment, have identity's address handle aliased from login so we can use ↵ | jessib | |
LoginFormatValidation. However, this is not how we will want it eventually. One issue is that the errors messages are set on login, rather than the appropriate field. | |||
2013-09-05 | Ensure that address in identity really is a LocalEmail. | jessib | |
2013-09-05 | Move handle method to Email model and have it work for local and non-local ↵ | jessib | |
emails. | |||
2013-09-04 | fix login form - use api session url | Azul | |
There's no non api sessions resource anymore. | |||
2013-09-03 | Merge pull request #73 from azul/bugfix/3623-teardown-test-data-properly | jessib | |
Bugfix/3623 teardown test data properly | |||
2013-09-03 | Merge pull request #75 from azul/feature/token-expiry | jessib | |
Token expiry | |||
2013-09-03 | clearify usage of V1::UsersController#index for autocomplete | Azul | |
[skip ci] | |||
2013-09-03 | remove email aliases controller - we don't use it anymore | Azul | |
2013-09-03 | Cleanup sessions controller - webapp logs in through the api. | Azul | |
So the #create and #update actions were not needed anymore. Also removed the tests | |||
2013-09-03 | Account: Composition to handle User and its identities | Azul | |
We have a lot of things that act upon a user record and one or more of it's identities at the same time: * Sing up: Create a user and it's initial identity * Rename: Change the username and create a new identity, turn old into an alias * Cancel Account: Remove user and all their identities. In order to keep the User and Identity behaviour isolated but still have a this logic represented in a sinle place the Account model deals with all these things. We could have overwritten the User#create, User#update and User#destroy methods instead. But then we would always create identities, even if we only need a user (for example in tests). | |||
2013-09-03 | expire token according to config setting auth:token_expires_after | Azul | |
2013-09-03 | use Token#authenticate for authentication | Azul | |
This will return the user. But we can add timestamp validations and updates here. | |||
2013-09-02 | Remove references to email_settings controller, which has been removed. An ↵ | jessib | |
identities controller will replace it. | |||
2013-08-30 | there's no need for User#find_by_param. clean it up | Azul | |
2013-08-27 | Not ideal way to do it, but was proving complicated to have a config file ↵ | jessib | |
specify which gems for which environments. Here, we have the billing gem included for the development and test environments only, hardcoded in the Gemfile. Then we show the links to billing based on a config file setting. The setting itself could be used to specify different types of billing, but isn't yet. | |||
2013-08-27 | Merge branch 'master' into billing_with_tests | jessib | |
2013-08-27 | token.user will get you the right user | Azul | |
This way we can stub the token to return the user directly. Stubbing User.find_by_param is not a good idea as it will make all calls to User#find_by_param with a different id fail. | |||
2013-08-27 | do not redirect if no token present | Azul | |
So far we allow two mechanisms of authentication: * session based * token based If token fails session will be atempted in most cases. So we can't just redirect here or we get a double render error. | |||
2013-08-27 | clear token on logout with test | Azul | |
2013-08-27 | basic testing for token based auth in tests | Azul | |
2013-08-27 | first steps towards enabling token based auth | Azul | |
2013-08-27 | sort authentication controller extension | Azul | |
2013-08-22 | Merge pull request #70 from azul/bugfix/validate_login_like_signup | jessib | |
use the same login validations on sessions and users | |||
2013-08-21 | Merge remote-tracking branch 'jessib/js_warning' | Azul | |
2013-08-21 | return 204 NO CONTENT on API logout | Azul | |
That's the only meaningful response. | |||
2013-08-21 | use the same login validations on sessions and users | Azul | |
The session ones were outdated so valid usernames could not login if they contained a '.' Refactored so both models use the same module for this validation to ensure consistency. | |||
2013-08-20 | Tweak to parameters to fix wrong-number-of-arguments error blocking other work. | jessib | |
2013-08-19 | Change JS warning message per https://leap.se/code/issues/3492 | jessib | |
Key must end in _html so the html doesn't get escaped. | |||
2013-08-13 | Option to disable billing engine and hide billing related links. To actual ↵ | jessib | |
disable, must remove billing engine from Gemfile (and re-bundle) | |||
2013-07-25 | Have navigation link to new customer form if user is not already a braintree ↵ | jessib | |
customer. | |||
2013-07-24 | keeping the pgp_key accessors for User so views still work | Azul | |
2013-07-24 | separate signup and settings service objects for user | Azul | |
2013-07-24 | removed email settings controller and views | Azul | |
PGP setting has been moved into account settings. It's using the API now issueing an Ajax request without any visual feedback. This obviously is not what we want but it hopefully suffices for uploading gpg keys for testing purposes before the Identity UI is in place. | |||
2013-07-24 | setter for keys for dirty tracking, more robust tests | Azul | |
Just altering identity.keys did not mark identities as changed. Also we now have a sane default for keys. | |||
2013-07-24 | no need for a remote email class | Azul | |
2013-07-24 | support deprecated API to set users main identity pgp key | Azul | |
We'll want to get rid of the #public_key and #public_key= functions but they are still used from the users controller. We'll probably have an identity controller instead at some point. | |||
2013-07-24 | add keys to identity | Azul | |
2013-07-24 | remove the remainders of email aliases and forward from user | Azul | |
2013-07-24 | allow available and unique forwards only | Azul | |
2013-07-24 | validations of email format and local domain moved over | Azul | |
2013-07-24 | local email adds domain if needed | Azul | |
2013-07-24 | testing all versions of emial identities, emails are now strings | Azul | |