leap_web.git - [leap

Age	Commit message (Collapse)	Author
2013-08-08	Merge pull request #64 from azul/feature/identity-rewrite	jessib
	Feature/identity rewrite
2013-08-08	close srp vulnerability and report error in webapp	Azul

2013-08-07	integration test exploiting srp vulnerability	Azul

2013-07-24	also destroy the identity for a test user during teardown	Azul

2013-07-24	keeping the pgp_key accessors for User so views still work	Azul

2013-07-24	separate signup and settings service objects for user	Azul

2013-07-24	setter for keys for dirty tracking, more robust tests	Azul
	Just altering identity.keys did not mark identities as changed. Also we now have a sane default for keys.
2013-07-24	test user validates uniqueness of login amongst aliases	Azul

2013-07-24	support deprecated API to set users main identity pgp key	Azul
	We'll want to get rid of the #public_key and #public_key= functions but they are still used from the users controller. We'll probably have an identity controller instead at some point.
2013-07-24	remove email aliases test - we'll move them to identities	Azul

2013-07-24	add keys to identity	Azul

2013-07-24	allow available and unique forwards only	Azul

2013-07-24	validations of email format and local domain moved over	Azul

2013-07-24	local email adds domain if needed	Azul

2013-07-24	testing all versions of emial identities, emails are now strings	Azul

2013-07-24	move identity creation into user class	Azul
	It's always based on a user and most default values are based on user properties.
2013-07-24	first take on identity model - still broken	Azul

2013-07-16	adapt srp account_flow test for the api to new ruby_srp API	Azul

2013-07-16	ensure the page has been reloaded before testing current_path	Azul
	This test would fail sometimes on assert_equal '/', current_path I believe it was a timing issue. page.has_content? will wait for the content to show up. So afterwards the current_path should always be correct.
2013-07-15	require test_helper from account test so it can be run in isolation	Azul

2013-07-14	make sure capybara runs the whole rack app	Azul
	We use port 3003 for the integration test server. This test takes a few seconds (~8) now. Most of this is startup time of the server. A second run still takes 2 seconds like before.
2013-07-14	we do not expose M2 in srp.js anymore.	Azul
	So there is no way to print it. This message used to be correct but there are also other things that can cause this to fail now. So let's just remove it.
2013-07-14	js integration test for signup, login, logout	Azul

2013-07-12	remove test for duplicate login - we'll prevent that on the client side	Azul
	SRP happens in two steps: * handshake * validation During the validation we delete the handshake data from the session. So a second validation does not really work. It could build upon the first one but it would not be able to send M2 to the client. So instead of trying to do sth. usefull when two validation requests are send we require the client to only send one.
2013-07-11	fix failing tests	elijah

2013-07-08	Merge branch 'master' into feature/disable_account	jessib
	Conflicts: users/app/controllers/users_controller.rb users/app/helpers/users_helper.rb users/app/views/users/edit.html.haml users/app/views/users/show.html.haml users/config/locales/en.yml
2013-07-04	Add tests for enabling/deactivating.	jessib

2013-07-04	fix ticket tests, get :admin_user factory to work.	elijah

2013-07-04	user tests -- user update has been moved entirely to api controller, so fix ↵	elijah
	tests to reflect this.
2013-07-04	test - we allow updating of username via api now	elijah

2013-07-01	redirect to root_path after canceling account	Azul
	login makes little sense. This change was applied already... just updated the test
2013-04-25	Merge pull request #40 from azul/feature/token-auth	jessib
	Token auth with a database of it's own
2013-04-24	added test for pgp key view	Azul

2013-04-09	adopting tests to new behavior	Azul

2013-04-09	return token on successful login via api	Azul

2013-04-09	let's use safe ids instead of the default couch ones	Azul
	Couch uses partly random partly sequential ids by default. We could change that in couch config to be all random. But this is probably more safe.
2013-04-09	initial token model and unit test	Azul

2013-04-03	make sure user tests also run when run from users subdir	Azul
	* The APP_CONFIG needs to be initialized in core so that is required from other engines * paths for load_views need to be relative to the model - not to rails root.
2013-04-03	fixed tests to use setup and teardown blocks	Azul

2013-04-02	send more meaningful error message on completely failed login attempt	Azul

2013-04-02	send salt on Session#create without srp ephemeral A	Azul

2013-03-05	Merge branch 'master' into feature/limit_user_leak	Azul
	Conflicts: users/lib/warden/strategies/secure_remote_password.rb
2013-03-04	Update tests and documentation to reflect changed error messages with ↵	jessib
	incorrect username or password on login attempt.
2013-03-04	make api test script work with bitmask and print log	Azul

2013-03-01	Merge pull request #32 from azul/feature/api-version-1-fixes	azul
	Feature: API version 1 fixes
2013-02-26	api for sessions fixed	Azul
	* now we return the user id on login * allow a destroy request for logging out * added test for api sessions controller
2013-02-25	Admins cannot update a user. Eventually we will want to allow admins to ↵	jessib
	update some user fields.
2013-02-06	we don't add srp stuff to user class anymore	Azul
	warden srp strategy in lib has it all.
2013-02-06	using ruby-srp 0.1.5 SRP::Client to wrap user in session	Azul

2013-01-31	Remove public key if the key is passed as nil, but not otherwise.	jessib
	There was a weird case with reloading the user in the test if the public key had been unset.