Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-04-08 | moving all of core into toplevel, tests fail. | Azul | |
2014-01-07 | Some refactoring, to simplify user model, optimize, and allow messages to be ↵ | jessib | |
sorted by date (although are not now.) Also, rather than use whenever gem, will have cron job created to call task. | |||
2013-12-26 | Very very rough start to having messages for payment automatically created. | jessib | |
2013-09-23 | security fix: clear srp data from db asap (#3686) | Azul | |
This is a quick fix for iSEC issue #13. | |||
2013-08-08 | close srp vulnerability and report error in webapp | Azul | |
2013-07-16 | use ruby-srp 0.2.0 which has a hex based api | Azul | |
2013-07-12 | print debug info on failed login attempts | Azul | |
2013-06-27 | Want to tweak some, but start to displaying base generic message via javascript. | jessib | |
2013-03-05 | Merge branch 'master' into feature/limit_user_leak | Azul | |
Conflicts: users/lib/warden/strategies/secure_remote_password.rb | |||
2013-02-28 | When attempting to login, the error messages should not leak information ↵ | jessib | |
about whether a username is valid. This also means the error message is more appropriate if somebody tries to login with somebody else's username and their password. | |||
2013-02-26 | api for sessions fixed | Azul | |
* now we return the user id on login * allow a destroy request for logging out * added test for api sessions controller | |||
2013-02-06 | using ruby-srp 0.1.5 SRP::Client to wrap user in session | Azul | |
2013-01-24 | Removing aliases from webfinger as the link wouldn't work anyway, and don't ↵ | jessib | |
want to leak ID information. | |||
2013-01-23 | added a small test for HostMetaPresenter and using links hash in xml view | Azul | |
2013-01-23 | added unit tests for user presenter | Azul | |
changed the way the presenter works. Will need functional testing | |||
2013-01-23 | not inluding link to key if there is none | Azul | |
2013-01-22 | fixing xml and adding json representation for host_meta | Azul | |
2013-01-22 | adding json jrd responses to webfinger | Azul | |
2013-01-22 | some basic webfinger routes, controller, presenters, views | Azul | |
2012-11-26 | fixed login error message on wrong username | Azul | |
2012-11-23 | identify user by id so rerendering the form does not use new invalid login | Azul | |
2012-11-22 | beautify login workflow | Azul | |
* translating error messages * not caching login and password in js anymore * catching non responses | |||
2012-11-09 | seperated the warden classes from the initializer | Azul | |
also commented the sessions controller test a bit and fixed it | |||
2012-10-30 | using rails_warden bit of refactoring | Azul | |
without rails_warden the failure app action was not getting set properly. | |||
2012-10-30 | adding in warden with a basic strategy | Azul | |
currently failing because we are not setting the content-type header. | |||
2012-10-11 | moved core dependency into */Gemfile with :path | Azul | |
In order to get the rails generators and the like to work properly in engines we need to require all the dependencies in the engine.rb file. Since I want to keep that list of engines in a centralized place we still need core and we need to require it from the other engines. We don't want to require the core gem to be installed so I added it with :path option to the Gemfile. | |||
2012-10-11 | first steps at reducing core | Azul | |
2012-09-27 | added in leap web users - one repo to rule them all | Azul | |