| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2013-11-06 | integration test for blocking handles after account destroyed | Azul | |
| has not been run yet. | |||
| 2013-11-06 | refactor: extract method on account test | Azul | |
| also test one can't login anymore after destroying the account. | |||
| 2013-11-05 | Identity.destroy_all_disabled will clean up disabled identities | Azul | |
| This is mostly for cleaning up after tests so far. But we might expand this to destroy all identities disabled before a certain date. | |||
| 2013-11-05 | disabled identities to block handles after a user was deleted | Azul | |
| 2013-11-05 | refactor: Identity.disable_all_for(user) on user destruction | Azul | |
| This way the identity model defines how identities should be disabled. We currently still destroy them. But it will be easy and nicely isolated to change this next. | |||
| 2013-10-30 | test helper to expect_logout. | Azul | |
| Currently it expects both the session and the token to be cleared. This might change. But we'll always have a definition of what it means to logout we can test this way. | |||
| 2013-10-30 | notify user their account was successfully deleted (refs #4216) | Azul | |
| Also fixes a cornercase when admins deleted their own account. So far they would be redirected to the users list - which then refused access. Now they'll be redirected to the home landing page as well. | |||
| 2013-10-28 | Fix button to enable account: https://leap.se/code/issues/4246 | jessib | |
| 2013-10-28 | no need to create a user for testing failed login attempt | Azul | |
| 2013-10-28 | reset button loading... state on error (#4231) | Azul | |
| including test refactored error display some | |||
| 2013-10-28 | Merge branch 'feature/4109-https-sources' into develop | Azul | |
| 2013-10-18 | use https sources in Gemfiles and also in the documentation (#4109) | Azul | |
| 2013-10-18 | test logging in through the API using python with umlauts | Azul | |
| 2013-10-18 | Merge pull request #98 from jessib/feature/billing-past-due-subscriptions | azul | |
| Feature/billing past due subscriptions | |||
| 2013-10-17 | Merge pull request #102 from azul/feature/3602-email-blacklist | jessib | |
| blacklist system logins for aliases and logins | |||
| 2013-10-17 | blacklist system logins for aliases and logins | Azul | |
| We blacklist based on three things: * blacklist in APP_CONFIG[:handle_blacklist] * emails in RFC 2142 * usernames in /etc/passwd The latter two can be allowed by explicitly whitelisting them in APP_CONFIG[:handle_whitelist]. We stick to blocking names that have been configured as both blacklisted and whitelisted - better be save than sorry. | |||
| 2013-10-17 | use latest version of srp_js to fix #4002 | Azul | |
| We were not encoding the srp password properly before. So umlauts in the password would cause the login procedure to fail. | |||
| 2013-10-01 | Allow admins to view past-due subscriptions. | jessib | |
| 2013-09-26 | Since local part of email is case sensitive, want to allow remote email ↵ | jessib | |
| addresses with uppercase letters in local part. | |||
| 2013-09-25 | visual feedback when submitting forms (#3164) | Azul | |
| This also helps with the failing integration test. We needed a way to tell the ajax request was back. Observing the button state now works for that. | |||
| 2013-09-24 | use token auth when accessing the api from webapp | Azul | |
| One failing integration test still needs to be fixed | |||
| 2013-09-23 | This ensures that email addresses contain only lowercase letters, and that ↵ | jessib | |
| an identity's destination is a valid Email. | |||
| 2013-09-23 | Merge branch 'develop' into feature/only_lower_case_aliases | jessib | |
| 2013-09-23 | security fix: clear srp data from db asap (#3686) | Azul | |
| This is a quick fix for iSEC issue #13. | |||
| 2013-09-19 | Merge branch 'develop' into feature/only_lower_case_aliases | jessib | |
| 2013-09-19 | Merge pull request #82 from azul/feature/sessions-expire | jessib | |
| Feature/sessions expire | |||
| 2013-09-18 | user.account shortcut to Account.new(user) | Azul | |
| 2013-09-17 | integration tests for session expiry | Azul | |
| 2013-09-09 | Merge branch 'develop' into feature/only_lower_case_aliases | jessib | |
| 2013-09-05 | For moment, have identity's address handle aliased from login so we can use ↵ | jessib | |
| LoginFormatValidation. However, this is not how we will want it eventually. One issue is that the errors messages are set on login, rather than the appropriate field. | |||
| 2013-09-05 | Ensure that address in identity really is a LocalEmail. | jessib | |
| 2013-09-05 | Test of failing to add non-local email address as an identity's address. | jessib | |
| 2013-09-05 | Move handle method to Email model and have it work for local and non-local ↵ | jessib | |
| emails. | |||
| 2013-09-04 | use /login instead of /sessions/new and test successful login | Azul | |
| 2013-09-04 | fix login form - use api session url | Azul | |
| There's no non api sessions resource anymore. | |||
| 2013-09-03 | Merge pull request #73 from azul/bugfix/3623-teardown-test-data-properly | jessib | |
| Bugfix/3623 teardown test data properly | |||
| 2013-09-03 | Merge pull request #75 from azul/feature/token-expiry | jessib | |
| Token expiry | |||
| 2013-09-03 | Merge pull request #76 from azul/feature/3600-visual-feedback-on-failed-signup | jessib | |
| Ensure json requests get json error response on failure | |||
| 2013-09-03 | clearify usage of V1::UsersController#index for autocomplete | Azul | |
| [skip ci] | |||
| 2013-09-03 | use the login logout named route instead of sessions resource | Azul | |
| The main part of the sessions resource now lives in the API. the two named routes are just fine for what is left. | |||
| 2013-09-03 | remove email aliases controller - we don't use it anymore | Azul | |
| 2013-09-03 | Cleanup sessions controller - webapp logs in through the api. | Azul | |
| So the #create and #update actions were not needed anymore. Also removed the tests | |||
| 2013-09-03 | Account: Composition to handle User and its identities | Azul | |
| We have a lot of things that act upon a user record and one or more of it's identities at the same time: * Sing up: Create a user and it's initial identity * Rename: Change the username and create a new identity, turn old into an alias * Cancel Account: Remove user and all their identities. In order to keep the User and Identity behaviour isolated but still have a this logic represented in a sinle place the Account model deals with all these things. We could have overwritten the User#create, User#update and User#destroy methods instead. But then we would always create identities, even if we only need a user (for example in tests). | |||
| 2013-09-03 | cleanup records after running user integration tests | Azul | |
| 2013-09-03 | simplify users_controller_test | Azul | |
| 2013-09-03 | don't leave id records behind when unit testing | Azul | |
| 2013-09-03 | expire token according to config setting auth:token_expires_after | Azul | |
| 2013-09-03 | use Token#authenticate for authentication | Azul | |
| This will return the user. But we can add timestamp validations and updates here. | |||
| 2013-09-03 | integration test for displaying internal server error during signup | Azul | |
| 2013-09-02 | Remove references to email_settings controller, which has been removed. An ↵ | jessib | |
| identities controller will replace it. | |||
 |
index : leap_web.git | |
| [leap_web] | git repository hosting |
| summaryrefslogtreecommitdiff |