leap_web.git - [leap

Age	Commit message (Collapse)	Author
2013-11-12	Merge pull request #110 from azul/feature/cleanup-expired-tokens	jessib
	Feature/cleanup expired tokens
2013-11-08	fix cornercase of non expiring tokens	Azul

2013-11-08	Token.destroy_all_expired to cleanup expired tokens (#4411)	Azul

2013-11-06	use the account lifecycle from UsersController#destroy	Azul

2013-11-06	destroy all tickets created by a user when account is destroyed	Azul
	In order to keep the users engine independent of the tickets engine i added a generic load hook to the account model. The tickets engine then monkeypatches the account destruction and destroys all tickets before the user is destroyed. The tickets are destroyed first so that even if things break there should never be tickets with an outdated user id. I would have prefered to use super over using an alias_method_chain but I have not been able to figure out a way to make account a superclass of the account extension and still refer to Account from the users engine.
2013-11-05	Identity.destroy_all_disabled will clean up disabled identities	Azul
	This is mostly for cleaning up after tests so far. But we might expand this to destroy all identities disabled before a certain date.
2013-11-05	disabled identities to block handles after a user was deleted	Azul

2013-11-05	refactor: Identity.disable_all_for(user) on user destruction	Azul
	This way the identity model defines how identities should be disabled. We currently still destroy them. But it will be easy and nicely isolated to change this next.
2013-10-30	notify user their account was successfully deleted (refs #4216)	Azul
	Also fixes a cornercase when admins deleted their own account. So far they would be redirected to the users list - which then refused access. Now they'll be redirected to the home landing page as well.
2013-10-28	Fix button to enable account: https://leap.se/code/issues/4246	jessib

2013-10-28	reset button loading... state on error (#4231)	Azul
	including test refactored error display some
2013-10-18	Merge pull request #98 from jessib/feature/billing-past-due-subscriptions	azul
	Feature/billing past due subscriptions
2013-10-17	Merge pull request #102 from azul/feature/3602-email-blacklist	jessib
	blacklist system logins for aliases and logins
2013-10-17	blacklist system logins for aliases and logins	Azul
	We blacklist based on three things: * blacklist in APP_CONFIG[:handle_blacklist] * emails in RFC 2142 * usernames in /etc/passwd The latter two can be allowed by explicitly whitelisting them in APP_CONFIG[:handle_whitelist]. We stick to blocking names that have been configured as both blacklisted and whitelisted - better be save than sorry.
2013-10-17	use latest version of srp_js to fix #4002	Azul
	We were not encoding the srp password properly before. So umlauts in the password would cause the login procedure to fail.
2013-10-01	Allow admins to view past-due subscriptions.	jessib

2013-09-26	Since local part of email is case sensitive, want to allow remote email ↵	jessib
	addresses with uppercase letters in local part.
2013-09-25	visual feedback when submitting forms (#3164)	Azul
	This also helps with the failing integration test. We needed a way to tell the ajax request was back. Observing the button state now works for that.
2013-09-24	use token auth when accessing the api from webapp	Azul
	One failing integration test still needs to be fixed
2013-09-23	This ensures that email addresses contain only lowercase letters, and that ↵	jessib
	an identity's destination is a valid Email.
2013-09-19	Merge branch 'develop' into feature/only_lower_case_aliases	jessib

2013-09-18	user.account shortcut to Account.new(user)	Azul

2013-09-09	Merge branch 'develop' into feature/only_lower_case_aliases	jessib

2013-09-05	For moment, have identity's address handle aliased from login so we can use ↵	jessib
	LoginFormatValidation. However, this is not how we will want it eventually. One issue is that the errors messages are set on login, rather than the appropriate field.
2013-09-05	Ensure that address in identity really is a LocalEmail.	jessib

2013-09-05	Move handle method to Email model and have it work for local and non-local ↵	jessib
	emails.
2013-09-04	fix login form - use api session url	Azul
	There's no non api sessions resource anymore.
2013-09-03	Merge pull request #73 from azul/bugfix/3623-teardown-test-data-properly	jessib
	Bugfix/3623 teardown test data properly
2013-09-03	Merge pull request #75 from azul/feature/token-expiry	jessib
	Token expiry
2013-09-03	clearify usage of V1::UsersController#index for autocomplete	Azul
	[skip ci]
2013-09-03	remove email aliases controller - we don't use it anymore	Azul

2013-09-03	Cleanup sessions controller - webapp logs in through the api.	Azul
	So the #create and #update actions were not needed anymore. Also removed the tests
2013-09-03	Account: Composition to handle User and its identities	Azul
	We have a lot of things that act upon a user record and one or more of it's identities at the same time: * Sing up: Create a user and it's initial identity * Rename: Change the username and create a new identity, turn old into an alias * Cancel Account: Remove user and all their identities. In order to keep the User and Identity behaviour isolated but still have a this logic represented in a sinle place the Account model deals with all these things. We could have overwritten the User#create, User#update and User#destroy methods instead. But then we would always create identities, even if we only need a user (for example in tests).
2013-09-03	expire token according to config setting auth:token_expires_after	Azul

2013-09-03	use Token#authenticate for authentication	Azul
	This will return the user. But we can add timestamp validations and updates here.
2013-09-02	Remove references to email_settings controller, which has been removed. An ↵	jessib
	identities controller will replace it.
2013-08-30	there's no need for User#find_by_param. clean it up	Azul

2013-08-27	Not ideal way to do it, but was proving complicated to have a config file ↵	jessib
	specify which gems for which environments. Here, we have the billing gem included for the development and test environments only, hardcoded in the Gemfile. Then we show the links to billing based on a config file setting. The setting itself could be used to specify different types of billing, but isn't yet.
2013-08-27	Merge branch 'master' into billing_with_tests	jessib

2013-08-27	token.user will get you the right user	Azul
	This way we can stub the token to return the user directly. Stubbing User.find_by_param is not a good idea as it will make all calls to User#find_by_param with a different id fail.
2013-08-27	do not redirect if no token present	Azul
	So far we allow two mechanisms of authentication: * session based * token based If token fails session will be atempted in most cases. So we can't just redirect here or we get a double render error.
2013-08-27	clear token on logout with test	Azul

2013-08-27	basic testing for token based auth in tests	Azul

2013-08-27	first steps towards enabling token based auth	Azul

2013-08-27	sort authentication controller extension	Azul

2013-08-22	Merge pull request #70 from azul/bugfix/validate_login_like_signup	jessib
	use the same login validations on sessions and users
2013-08-21	Merge remote-tracking branch 'jessib/js_warning'	Azul

2013-08-21	return 204 NO CONTENT on API logout	Azul
	That's the only meaningful response.
2013-08-21	use the same login validations on sessions and users	Azul
	The session ones were outdated so valid usernames could not login if they contained a '.' Refactored so both models use the same module for this validation to ensure consistency.
2013-08-20	Tweak to parameters to fix wrong-number-of-arguments error blocking other work.	jessib