| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2013-09-23 | security fix: clear srp data from db asap (#3686) | Azul | |
| This is a quick fix for iSEC issue #13. | |||
| 2013-08-08 | close srp vulnerability and report error in webapp | Azul | |
| 2013-07-16 | use ruby-srp 0.2.0 which has a hex based api | Azul | |
| 2013-07-12 | print debug info on failed login attempts | Azul | |
| 2013-06-27 | Want to tweak some, but start to displaying base generic message via javascript. | jessib | |
| 2013-03-05 | Merge branch 'master' into feature/limit_user_leak | Azul | |
| Conflicts: users/lib/warden/strategies/secure_remote_password.rb | |||
| 2013-02-28 | When attempting to login, the error messages should not leak information ↵ | jessib | |
| about whether a username is valid. This also means the error message is more appropriate if somebody tries to login with somebody else's username and their password. | |||
| 2013-02-26 | api for sessions fixed | Azul | |
| * now we return the user id on login * allow a destroy request for logging out * added test for api sessions controller | |||
| 2013-02-06 | using ruby-srp 0.1.5 SRP::Client to wrap user in session | Azul | |
| 2012-11-26 | fixed login error message on wrong username | Azul | |
| 2012-11-23 | identify user by id so rerendering the form does not use new invalid login | Azul | |
| 2012-11-22 | beautify login workflow | Azul | |
| * translating error messages * not caching login and password in js anymore * catching non responses | |||
| 2012-11-09 | seperated the warden classes from the initializer | Azul | |
| also commented the sessions controller test a bit and fixed it | |||
 |
index : leap_web.git | |
| [leap_web] | git repository hosting |
| summaryrefslogtreecommitdiff |