Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-11-26 | simple validation for pgp key format | Azul | |
2013-11-26 | ignore attempts to empty public_key, refactor | Azul | |
refactor: prepare validations of the uploaded pgp keys | |||
2013-11-06 | integration test for blocking handles after account destroyed | Azul | |
has not been run yet. | |||
2013-11-06 | refactor: extract method on account test | Azul | |
also test one can't login anymore after destroying the account. | |||
2013-10-30 | notify user their account was successfully deleted (refs #4216) | Azul | |
Also fixes a cornercase when admins deleted their own account. So far they would be redirected to the users list - which then refused access. Now they'll be redirected to the home landing page as well. | |||
2013-10-28 | no need to create a user for testing failed login attempt | Azul | |
2013-10-28 | reset button loading... state on error (#4231) | Azul | |
including test refactored error display some | |||
2013-10-18 | test logging in through the API using python with umlauts | Azul | |
2013-09-25 | visual feedback when submitting forms (#3164) | Azul | |
This also helps with the failing integration test. We needed a way to tell the ajax request was back. Observing the button state now works for that. | |||
2013-09-24 | use token auth when accessing the api from webapp | Azul | |
One failing integration test still needs to be fixed | |||
2013-09-19 | Merge pull request #82 from azul/feature/sessions-expire | jessib | |
Feature/sessions expire | |||
2013-09-18 | user.account shortcut to Account.new(user) | Azul | |
2013-09-17 | integration tests for session expiry | Azul | |
2013-09-04 | use /login instead of /sessions/new and test successful login | Azul | |
2013-09-03 | Merge pull request #73 from azul/bugfix/3623-teardown-test-data-properly | jessib | |
Bugfix/3623 teardown test data properly | |||
2013-09-03 | cleanup records after running user integration tests | Azul | |
2013-09-03 | integration test for displaying internal server error during signup | Azul | |
2013-08-27 | refactor: Changing the py test to use less globals and session only locally. | Azul | |
2013-08-27 | use token to update user password | Azul | |
2013-08-27 | minor: remove puts line | Azul | |
2013-08-22 | Merge pull request #69 from azul/bugfix/update_user_password_through_api | jessib | |
Test updating user password through api | |||
2013-08-21 | use the same login validations on sessions and users | Azul | |
The session ones were outdated so valid usernames could not login if they contained a '.' Refactored so both models use the same module for this validation to ensure consistency. | |||
2013-08-21 | also test updating the user password in python against dev.bm | Azul | |
2013-08-21 | integration test updating users password | Azul | |
2013-08-08 | Merge pull request #64 from azul/feature/identity-rewrite | jessib | |
Feature/identity rewrite | |||
2013-08-08 | close srp vulnerability and report error in webapp | Azul | |
2013-08-07 | integration test exploiting srp vulnerability | Azul | |
2013-07-24 | also destroy the identity for a test user during teardown | Azul | |
2013-07-24 | separate signup and settings service objects for user | Azul | |
2013-07-24 | setter for keys for dirty tracking, more robust tests | Azul | |
Just altering identity.keys did not mark identities as changed. Also we now have a sane default for keys. | |||
2013-07-16 | adapt srp account_flow test for the api to new ruby_srp API | Azul | |
2013-07-16 | ensure the page has been reloaded before testing current_path | Azul | |
This test would fail sometimes on assert_equal '/', current_path I believe it was a timing issue. page.has_content? will wait for the content to show up. So afterwards the current_path should always be correct. | |||
2013-07-15 | require test_helper from account test so it can be run in isolation | Azul | |
2013-07-14 | make sure capybara runs the whole rack app | Azul | |
We use port 3003 for the integration test server. This test takes a few seconds (~8) now. Most of this is startup time of the server. A second run still takes 2 seconds like before. | |||
2013-07-14 | we do not expose M2 in srp.js anymore. | Azul | |
So there is no way to print it. This message used to be correct but there are also other things that can cause this to fail now. So let's just remove it. | |||
2013-07-14 | js integration test for signup, login, logout | Azul | |
2013-07-12 | remove test for duplicate login - we'll prevent that on the client side | Azul | |
SRP happens in two steps: * handshake * validation During the validation we delete the handshake data from the session. So a second validation does not really work. It could build upon the first one but it would not be able to send M2 to the client. So instead of trying to do sth. usefull when two validation requests are send we require the client to only send one. | |||
2013-07-11 | fix failing tests | elijah | |
2013-07-04 | test - we allow updating of username via api now | elijah | |
2013-04-03 | make sure user tests also run when run from users subdir | Azul | |
* The APP_CONFIG needs to be initialized in core so that is required from other engines * paths for load_views need to be relative to the model - not to rails root. | |||
2013-04-03 | fixed tests to use setup and teardown blocks | Azul | |
2013-04-02 | send more meaningful error message on completely failed login attempt | Azul | |
2013-03-05 | Merge branch 'master' into feature/limit_user_leak | Azul | |
Conflicts: users/lib/warden/strategies/secure_remote_password.rb | |||
2013-03-04 | Update tests and documentation to reflect changed error messages with ↵ | jessib | |
incorrect username or password on login attempt. | |||
2013-03-04 | make api test script work with bitmask and print log | Azul | |
2013-02-06 | using ruby-srp 0.1.5 SRP::Client to wrap user in session | Azul | |
2013-01-31 | Remove public key if the key is passed as nil, but not otherwise. | jessib | |
There was a weird case with reloading the user in the test if the public key had been unset. | |||
2013-01-29 | A user's public_key is the only attribute they should be able to update via API. | jessib | |
2013-01-29 | Allow PUT API to update user. | jessib | |
2013-01-16 | using subdomain for api requests properly | Azul | |