summaryrefslogtreecommitdiff
path: root/users/app
AgeCommit message (Collapse)Author
2013-10-17Merge pull request #102 from azul/feature/3602-email-blacklistjessib
blacklist system logins for aliases and logins
2013-10-17blacklist system logins for aliases and loginsAzul
We blacklist based on three things: * blacklist in APP_CONFIG[:handle_blacklist] * emails in RFC 2142 * usernames in /etc/passwd The latter two can be allowed by explicitly whitelisting them in APP_CONFIG[:handle_whitelist]. We stick to blocking names that have been configured as both blacklisted and whitelisted - better be save than sorry.
2013-10-17use latest version of srp_js to fix #4002Azul
We were not encoding the srp password properly before. So umlauts in the password would cause the login procedure to fail.
2013-09-26Since local part of email is case sensitive, want to allow remote email ↵jessib
addresses with uppercase letters in local part.
2013-09-25visual feedback when submitting forms (#3164)Azul
This also helps with the failing integration test. We needed a way to tell the ajax request was back. Observing the button state now works for that.
2013-09-24use token auth when accessing the api from webappAzul
One failing integration test still needs to be fixed
2013-09-23This ensures that email addresses contain only lowercase letters, and that ↵jessib
an identity's destination is a valid Email.
2013-09-19Merge branch 'develop' into feature/only_lower_case_aliasesjessib
2013-09-18user.account shortcut to Account.new(user)Azul
2013-09-09Merge branch 'develop' into feature/only_lower_case_aliasesjessib
2013-09-05For moment, have identity's address handle aliased from login so we can use ↵jessib
LoginFormatValidation. However, this is not how we will want it eventually. One issue is that the errors messages are set on login, rather than the appropriate field.
2013-09-05Ensure that address in identity really is a LocalEmail.jessib
2013-09-05Move handle method to Email model and have it work for local and non-local ↵jessib
emails.
2013-09-04fix login form - use api session urlAzul
There's no non api sessions resource anymore.
2013-09-03Merge pull request #73 from azul/bugfix/3623-teardown-test-data-properlyjessib
Bugfix/3623 teardown test data properly
2013-09-03Merge pull request #75 from azul/feature/token-expiryjessib
Token expiry
2013-09-03clearify usage of V1::UsersController#index for autocompleteAzul
[skip ci]
2013-09-03remove email aliases controller - we don't use it anymoreAzul
2013-09-03Cleanup sessions controller - webapp logs in through the api.Azul
So the #create and #update actions were not needed anymore. Also removed the tests
2013-09-03Account: Composition to handle User and its identitiesAzul
We have a lot of things that act upon a user record and one or more of it's identities at the same time: * Sing up: Create a user and it's initial identity * Rename: Change the username and create a new identity, turn old into an alias * Cancel Account: Remove user and all their identities. In order to keep the User and Identity behaviour isolated but still have a this logic represented in a sinle place the Account model deals with all these things. We could have overwritten the User#create, User#update and User#destroy methods instead. But then we would always create identities, even if we only need a user (for example in tests).
2013-09-03expire token according to config setting auth:token_expires_afterAzul
2013-09-03use Token#authenticate for authenticationAzul
This will return the user. But we can add timestamp validations and updates here.
2013-09-02Remove references to email_settings controller, which has been removed. An ↵jessib
identities controller will replace it.
2013-08-30there's no need for User#find_by_param. clean it upAzul
2013-08-27Not ideal way to do it, but was proving complicated to have a config file ↵jessib
specify which gems for which environments. Here, we have the billing gem included for the development and test environments only, hardcoded in the Gemfile. Then we show the links to billing based on a config file setting. The setting itself could be used to specify different types of billing, but isn't yet.
2013-08-27Merge branch 'master' into billing_with_testsjessib
2013-08-27token.user will get you the right userAzul
This way we can stub the token to return the user directly. Stubbing User.find_by_param is not a good idea as it will make all calls to User#find_by_param with a different id fail.
2013-08-27do not redirect if no token presentAzul
So far we allow two mechanisms of authentication: * session based * token based If token fails session will be atempted in most cases. So we can't just redirect here or we get a double render error.
2013-08-27clear token on logout with testAzul
2013-08-27basic testing for token based auth in testsAzul
2013-08-27first steps towards enabling token based authAzul
2013-08-27sort authentication controller extensionAzul
2013-08-22Merge pull request #70 from azul/bugfix/validate_login_like_signupjessib
use the same login validations on sessions and users
2013-08-21Merge remote-tracking branch 'jessib/js_warning'Azul
2013-08-21return 204 NO CONTENT on API logoutAzul
That's the only meaningful response.
2013-08-21use the same login validations on sessions and usersAzul
The session ones were outdated so valid usernames could not login if they contained a '.' Refactored so both models use the same module for this validation to ensure consistency.
2013-08-20Tweak to parameters to fix wrong-number-of-arguments error blocking other work.jessib
2013-08-19Change JS warning message per https://leap.se/code/issues/3492jessib
Key must end in _html so the html doesn't get escaped.
2013-08-13Option to disable billing engine and hide billing related links. To actual ↵jessib
disable, must remove billing engine from Gemfile (and re-bundle)
2013-07-25Have navigation link to new customer form if user is not already a braintree ↵jessib
customer.
2013-07-24keeping the pgp_key accessors for User so views still workAzul
2013-07-24separate signup and settings service objects for userAzul
2013-07-24removed email settings controller and viewsAzul
PGP setting has been moved into account settings. It's using the API now issueing an Ajax request without any visual feedback. This obviously is not what we want but it hopefully suffices for uploading gpg keys for testing purposes before the Identity UI is in place.
2013-07-24setter for keys for dirty tracking, more robust testsAzul
Just altering identity.keys did not mark identities as changed. Also we now have a sane default for keys.
2013-07-24no need for a remote email classAzul
2013-07-24support deprecated API to set users main identity pgp keyAzul
We'll want to get rid of the #public_key and #public_key= functions but they are still used from the users controller. We'll probably have an identity controller instead at some point.
2013-07-24add keys to identityAzul
2013-07-24remove the remainders of email aliases and forward from userAzul
2013-07-24allow available and unique forwards onlyAzul
2013-07-24validations of email format and local domain moved overAzul