summaryrefslogtreecommitdiff
path: root/users/lib
AgeCommit message (Collapse)Author
2014-04-08moving all of core into toplevel, tests fail.Azul
2014-01-07Some refactoring, to simplify user model, optimize, and allow messages to be ↵jessib
sorted by date (although are not now.) Also, rather than use whenever gem, will have cron job created to call task.
2013-12-26Very very rough start to having messages for payment automatically created.jessib
2013-09-23security fix: clear srp data from db asap (#3686)Azul
This is a quick fix for iSEC issue #13.
2013-08-08close srp vulnerability and report error in webappAzul
2013-07-16use ruby-srp 0.2.0 which has a hex based apiAzul
2013-07-12print debug info on failed login attemptsAzul
2013-06-27Want to tweak some, but start to displaying base generic message via javascript.jessib
2013-03-05Merge branch 'master' into feature/limit_user_leakAzul
Conflicts: users/lib/warden/strategies/secure_remote_password.rb
2013-02-28When attempting to login, the error messages should not leak information ↵jessib
about whether a username is valid. This also means the error message is more appropriate if somebody tries to login with somebody else's username and their password.
2013-02-26api for sessions fixedAzul
* now we return the user id on login * allow a destroy request for logging out * added test for api sessions controller
2013-02-06using ruby-srp 0.1.5 SRP::Client to wrap user in sessionAzul
2013-01-24Removing aliases from webfinger as the link wouldn't work anyway, and don't ↵jessib
want to leak ID information.
2013-01-23added a small test for HostMetaPresenter and using links hash in xml viewAzul
2013-01-23added unit tests for user presenterAzul
changed the way the presenter works. Will need functional testing
2013-01-23not inluding link to key if there is noneAzul
2013-01-22fixing xml and adding json representation for host_metaAzul
2013-01-22adding json jrd responses to webfingerAzul
2013-01-22some basic webfinger routes, controller, presenters, viewsAzul
2012-11-26fixed login error message on wrong usernameAzul
2012-11-23identify user by id so rerendering the form does not use new invalid loginAzul
2012-11-22beautify login workflowAzul
* translating error messages * not caching login and password in js anymore * catching non responses
2012-11-09seperated the warden classes from the initializerAzul
also commented the sessions controller test a bit and fixed it
2012-10-30using rails_warden bit of refactoringAzul
without rails_warden the failure app action was not getting set properly.
2012-10-30adding in warden with a basic strategyAzul
currently failing because we are not setting the content-type header.
2012-10-11moved core dependency into */Gemfile with :pathAzul
In order to get the rails generators and the like to work properly in engines we need to require all the dependencies in the engine.rb file. Since I want to keep that list of engines in a centralized place we still need core and we need to require it from the other engines. We don't want to require the core gem to be installed so I added it with :path option to the Gemfile.
2012-10-11first steps at reducing coreAzul
2012-09-27added in leap web users - one repo to rule them allAzul