Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-08-08 | close srp vulnerability and report error in webapp | Azul | |
2013-08-07 | integration test exploiting srp vulnerability | Azul | |
2013-07-16 | adapt srp account_flow test for the api to new ruby_srp API | Azul | |
2013-07-16 | ensure the page has been reloaded before testing current_path | Azul | |
This test would fail sometimes on assert_equal '/', current_path I believe it was a timing issue. page.has_content? will wait for the content to show up. So afterwards the current_path should always be correct. | |||
2013-07-15 | require test_helper from account test so it can be run in isolation | Azul | |
2013-07-14 | make sure capybara runs the whole rack app | Azul | |
We use port 3003 for the integration test server. This test takes a few seconds (~8) now. Most of this is startup time of the server. A second run still takes 2 seconds like before. | |||
2013-07-14 | we do not expose M2 in srp.js anymore. | Azul | |
So there is no way to print it. This message used to be correct but there are also other things that can cause this to fail now. So let's just remove it. | |||
2013-07-14 | js integration test for signup, login, logout | Azul | |
2013-07-12 | remove test for duplicate login - we'll prevent that on the client side | Azul | |
SRP happens in two steps: * handshake * validation During the validation we delete the handshake data from the session. So a second validation does not really work. It could build upon the first one but it would not be able to send M2 to the client. So instead of trying to do sth. usefull when two validation requests are send we require the client to only send one. | |||
2013-07-11 | fix failing tests | elijah | |
2013-07-08 | Merge branch 'master' into feature/disable_account | jessib | |
Conflicts: users/app/controllers/users_controller.rb users/app/helpers/users_helper.rb users/app/views/users/edit.html.haml users/app/views/users/show.html.haml users/config/locales/en.yml | |||
2013-07-04 | Add tests for enabling/deactivating. | jessib | |
2013-07-04 | fix ticket tests, get :admin_user factory to work. | elijah | |
2013-07-04 | user tests -- user update has been moved entirely to api controller, so fix ↵ | elijah | |
tests to reflect this. | |||
2013-07-04 | test - we allow updating of username via api now | elijah | |
2013-07-01 | redirect to root_path after canceling account | Azul | |
login makes little sense. This change was applied already... just updated the test | |||
2013-04-25 | Merge pull request #40 from azul/feature/token-auth | jessib | |
Token auth with a database of it's own | |||
2013-04-24 | added test for pgp key view | Azul | |
2013-04-09 | adopting tests to new behavior | Azul | |
2013-04-09 | return token on successful login via api | Azul | |
2013-04-09 | let's use safe ids instead of the default couch ones | Azul | |
Couch uses partly random partly sequential ids by default. We could change that in couch config to be all random. But this is probably more safe. | |||
2013-04-09 | initial token model and unit test | Azul | |
2013-04-03 | make sure user tests also run when run from users subdir | Azul | |
* The APP_CONFIG needs to be initialized in core so that is required from other engines * paths for load_views need to be relative to the model - not to rails root. | |||
2013-04-03 | fixed tests to use setup and teardown blocks | Azul | |
2013-04-02 | send more meaningful error message on completely failed login attempt | Azul | |
2013-04-02 | send salt on Session#create without srp ephemeral A | Azul | |
2013-03-05 | Merge branch 'master' into feature/limit_user_leak | Azul | |
Conflicts: users/lib/warden/strategies/secure_remote_password.rb | |||
2013-03-04 | Update tests and documentation to reflect changed error messages with ↵ | jessib | |
incorrect username or password on login attempt. | |||
2013-03-04 | make api test script work with bitmask and print log | Azul | |
2013-03-01 | Merge pull request #32 from azul/feature/api-version-1-fixes | azul | |
Feature: API version 1 fixes | |||
2013-02-26 | api for sessions fixed | Azul | |
* now we return the user id on login * allow a destroy request for logging out * added test for api sessions controller | |||
2013-02-25 | Admins cannot update a user. Eventually we will want to allow admins to ↵ | jessib | |
update some user fields. | |||
2013-02-06 | we don't add srp stuff to user class anymore | Azul | |
warden srp strategy in lib has it all. | |||
2013-02-06 | using ruby-srp 0.1.5 SRP::Client to wrap user in session | Azul | |
2013-01-31 | Remove public key if the key is passed as nil, but not otherwise. | jessib | |
There was a weird case with reloading the user in the test if the public key had been unset. | |||
2013-01-29 | A user's public_key is the only attribute they should be able to update via API. | jessib | |
2013-01-29 | Allow PUT API to update user. | jessib | |
2013-01-24 | Removing aliases from webfinger as the link wouldn't work anyway, and don't ↵ | jessib | |
want to leak ID information. | |||
2013-01-23 | functional test for webfinger | Azul | |
2013-01-23 | added a small test for HostMetaPresenter and using links hash in xml view | Azul | |
2013-01-23 | added unit tests for user presenter | Azul | |
changed the way the presenter works. Will need functional testing | |||
2013-01-18 | Merge remote-tracking branch 'origin/master' into feature/fixed-email-address | Azul | |
Conflicts: users/app/views/emails/_email.html.haml | |||
2013-01-17 | Merge pull request #17 from leapcode/feature/tickets_controllers_simplification | azul | |
Refactoring of tickets controller to fetch the ticket in a before filter... | |||
2013-01-17 | Merge pull request #16 from leapcode/feature/fixing-routes-with-api | azul | |
Fixing routes with api | |||
2013-01-18 | minor: smalles fix ever - is_admin? has a questionmark | Azul | |
2013-01-17 | Should be able to create a user when not logged in. | jessib | |
This isn't ready to merge, as there is an issue with logging in as an admin in the test. | |||
2013-01-17 | unit tests passing | Azul | |
2013-01-16 | incomplete initial changes to make email address just login@domain.tld | Azul | |
This involves a number of other changes like making sure the comparison between aliases and emails still works. Will do that by removing the @domain.tld from aliases as well. | |||
2013-01-16 | using subdomain for api requests properly | Azul | |
2013-01-14 | Merge branch 'master' into feature/show_user. Added new tests. | jessib | |
Conflicts: users/test/functional/users_controller_test.rb |