summaryrefslogtreecommitdiff
path: root/users/lib/warden
AgeCommit message (Collapse)Author
2013-09-23security fix: clear srp data from db asap (#3686)Azul
This is a quick fix for iSEC issue #13.
2013-08-08close srp vulnerability and report error in webappAzul
2013-07-16use ruby-srp 0.2.0 which has a hex based apiAzul
2013-07-12print debug info on failed login attemptsAzul
2013-06-27Want to tweak some, but start to displaying base generic message via javascript.jessib
2013-03-05Merge branch 'master' into feature/limit_user_leakAzul
Conflicts: users/lib/warden/strategies/secure_remote_password.rb
2013-02-28When attempting to login, the error messages should not leak information ↵jessib
about whether a username is valid. This also means the error message is more appropriate if somebody tries to login with somebody else's username and their password.
2013-02-26api for sessions fixedAzul
* now we return the user id on login * allow a destroy request for logging out * added test for api sessions controller
2013-02-06using ruby-srp 0.1.5 SRP::Client to wrap user in sessionAzul
2012-11-26fixed login error message on wrong usernameAzul
2012-11-23identify user by id so rerendering the form does not use new invalid loginAzul
2012-11-22beautify login workflowAzul
* translating error messages * not caching login and password in js anymore * catching non responses
2012-11-09seperated the warden classes from the initializerAzul
also commented the sessions controller test a bit and fixed it