Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-04-04 | 5382 - prevent crash when destroying tokens | Azul | |
An expired token was removed (probably by automatic cleanup) while processing it. So the webapp crashed due to a couch 404. We're preventing that by rescueing from a 404 on Token.delete by default. | |||
2014-02-10 | rename authorize to require_login | Azul | |
authorize_admin -> require_admin also add require_token which will ensure token has been used for auth. | |||
2014-01-14 | ensure auto_update_design_docs is false | Azul | |
2013-11-12 | Merge pull request #110 from azul/feature/cleanup-expired-tokens | jessib | |
Feature/cleanup expired tokens | |||
2013-11-08 | fix cornercase of non expiring tokens | Azul | |
2013-11-08 | Token.destroy_all_expired to cleanup expired tokens (#4411) | Azul | |
2013-11-07 | only check number of disabled identities to make test more robust | Azul | |
2013-11-05 | Identity.destroy_all_disabled will clean up disabled identities | Azul | |
This is mostly for cleaning up after tests so far. But we might expand this to destroy all identities disabled before a certain date. | |||
2013-11-05 | disabled identities to block handles after a user was deleted | Azul | |
2013-10-17 | blacklist system logins for aliases and logins | Azul | |
We blacklist based on three things: * blacklist in APP_CONFIG[:handle_blacklist] * emails in RFC 2142 * usernames in /etc/passwd The latter two can be allowed by explicitly whitelisting them in APP_CONFIG[:handle_whitelist]. We stick to blocking names that have been configured as both blacklisted and whitelisted - better be save than sorry. | |||
2013-09-26 | Since local part of email is case sensitive, want to allow remote email ↵ | jessib | |
addresses with uppercase letters in local part. | |||
2013-09-23 | This ensures that email addresses contain only lowercase letters, and that ↵ | jessib | |
an identity's destination is a valid Email. | |||
2013-09-19 | Merge branch 'develop' into feature/only_lower_case_aliases | jessib | |
2013-09-18 | user.account shortcut to Account.new(user) | Azul | |
2013-09-05 | For moment, have identity's address handle aliased from login so we can use ↵ | jessib | |
LoginFormatValidation. However, this is not how we will want it eventually. One issue is that the errors messages are set on login, rather than the appropriate field. | |||
2013-09-05 | Test of failing to add non-local email address as an identity's address. | jessib | |
2013-09-03 | Merge pull request #73 from azul/bugfix/3623-teardown-test-data-properly | jessib | |
Bugfix/3623 teardown test data properly | |||
2013-09-03 | Account: Composition to handle User and its identities | Azul | |
We have a lot of things that act upon a user record and one or more of it's identities at the same time: * Sing up: Create a user and it's initial identity * Rename: Change the username and create a new identity, turn old into an alias * Cancel Account: Remove user and all their identities. In order to keep the User and Identity behaviour isolated but still have a this logic represented in a sinle place the Account model deals with all these things. We could have overwritten the User#create, User#update and User#destroy methods instead. But then we would always create identities, even if we only need a user (for example in tests). | |||
2013-09-03 | don't leave id records behind when unit testing | Azul | |
2013-09-03 | expire token according to config setting auth:token_expires_after | Azul | |
2013-08-30 | there's no need for User#find_by_param. clean it up | Azul | |
2013-07-24 | keeping the pgp_key accessors for User so views still work | Azul | |
2013-07-24 | separate signup and settings service objects for user | Azul | |
2013-07-24 | setter for keys for dirty tracking, more robust tests | Azul | |
Just altering identity.keys did not mark identities as changed. Also we now have a sane default for keys. | |||
2013-07-24 | test user validates uniqueness of login amongst aliases | Azul | |
2013-07-24 | support deprecated API to set users main identity pgp key | Azul | |
We'll want to get rid of the #public_key and #public_key= functions but they are still used from the users controller. We'll probably have an identity controller instead at some point. | |||
2013-07-24 | remove email aliases test - we'll move them to identities | Azul | |
2013-07-24 | add keys to identity | Azul | |
2013-07-24 | allow available and unique forwards only | Azul | |
2013-07-24 | validations of email format and local domain moved over | Azul | |
2013-07-24 | local email adds domain if needed | Azul | |
2013-07-24 | testing all versions of emial identities, emails are now strings | Azul | |
2013-07-24 | move identity creation into user class | Azul | |
It's always based on a user and most default values are based on user properties. | |||
2013-07-24 | first take on identity model - still broken | Azul | |
2013-04-25 | Merge pull request #40 from azul/feature/token-auth | jessib | |
Token auth with a database of it's own | |||
2013-04-24 | added test for pgp key view | Azul | |
2013-04-09 | let's use safe ids instead of the default couch ones | Azul | |
Couch uses partly random partly sequential ids by default. We could change that in couch config to be all random. But this is probably more safe. | |||
2013-04-09 | initial token model and unit test | Azul | |
2013-02-06 | we don't add srp stuff to user class anymore | Azul | |
warden srp strategy in lib has it all. | |||
2013-01-24 | Removing aliases from webfinger as the link wouldn't work anyway, and don't ↵ | jessib | |
want to leak ID information. | |||
2013-01-23 | added a small test for HostMetaPresenter and using links hash in xml view | Azul | |
2013-01-23 | added unit tests for user presenter | Azul | |
changed the way the presenter works. Will need functional testing | |||
2013-01-17 | unit tests passing | Azul | |
2013-01-14 | got users controller test to pass - tickets controller test next. | Azul | |
2012-12-20 | fixed tests, testing corner cases, fixed these | Azul | |
2012-12-18 | only destroy user that has been persisted in teardown | Azul | |
2012-12-18 | refactored email_alias creation and validation | Azul | |
using CouchRests user.email_aliases.build so the casted_by method is set in the alias Used this to move the validations into the alias itself. This is where they belong and allows us to render the errors inline along the email field they belong to. | |||
2012-12-13 | Merge branch 'master' into develop | Azul | |
Conflicts: users/test/unit/user_test.rb | |||
2012-12-13 | refactor: changed add_email to add_email_alias | Azul | |
that's what it does. Changed all tests to use it instead of the attributes method | |||
2012-12-13 | refactor: allow adding email aliases directly | Azul | |