| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2013-11-12 | Merge pull request #110 from azul/feature/cleanup-expired-tokens | jessib | |
| Feature/cleanup expired tokens | |||
| 2013-11-08 | fix cornercase of non expiring tokens | Azul | |
| 2013-11-08 | Token.destroy_all_expired to cleanup expired tokens (#4411) | Azul | |
| 2013-11-07 | only check number of disabled identities to make test more robust | Azul | |
| 2013-11-06 | use the account lifecycle from UsersController#destroy | Azul | |
| 2013-11-06 | destroy all tickets created by a user when account is destroyed | Azul | |
| In order to keep the users engine independent of the tickets engine i added a generic load hook to the account model. The tickets engine then monkeypatches the account destruction and destroys all tickets before the user is destroyed. The tickets are destroyed first so that even if things break there should never be tickets with an outdated user id. I would have prefered to use super over using an alias_method_chain but I have not been able to figure out a way to make account a superclass of the account extension and still refer to Account from the users engine. | |||
| 2013-11-06 | integration test for blocking handles after account destroyed | Azul | |
| has not been run yet. | |||
| 2013-11-06 | refactor: extract method on account test | Azul | |
| also test one can't login anymore after destroying the account. | |||
| 2013-11-05 | Identity.destroy_all_disabled will clean up disabled identities | Azul | |
| This is mostly for cleaning up after tests so far. But we might expand this to destroy all identities disabled before a certain date. | |||
| 2013-11-05 | disabled identities to block handles after a user was deleted | Azul | |
| 2013-11-05 | refactor: Identity.disable_all_for(user) on user destruction | Azul | |
| This way the identity model defines how identities should be disabled. We currently still destroy them. But it will be easy and nicely isolated to change this next. | |||
| 2013-10-30 | test helper to expect_logout. | Azul | |
| Currently it expects both the session and the token to be cleared. This might change. But we'll always have a definition of what it means to logout we can test this way. | |||
| 2013-10-30 | notify user their account was successfully deleted (refs #4216) | Azul | |
| Also fixes a cornercase when admins deleted their own account. So far they would be redirected to the users list - which then refused access. Now they'll be redirected to the home landing page as well. | |||
| 2013-10-28 | Fix button to enable account: https://leap.se/code/issues/4246 | jessib | |
| 2013-10-28 | no need to create a user for testing failed login attempt | Azul | |
| 2013-10-28 | reset button loading... state on error (#4231) | Azul | |
| including test refactored error display some | |||
| 2013-10-28 | Merge branch 'feature/4109-https-sources' into develop | Azul | |
| 2013-10-18 | use https sources in Gemfiles and also in the documentation (#4109) | Azul | |
| 2013-10-18 | test logging in through the API using python with umlauts | Azul | |
| 2013-10-18 | Merge pull request #98 from jessib/feature/billing-past-due-subscriptions | azul | |
| Feature/billing past due subscriptions | |||
| 2013-10-17 | Merge pull request #102 from azul/feature/3602-email-blacklist | jessib | |
| blacklist system logins for aliases and logins | |||
| 2013-10-17 | blacklist system logins for aliases and logins | Azul | |
| We blacklist based on three things: * blacklist in APP_CONFIG[:handle_blacklist] * emails in RFC 2142 * usernames in /etc/passwd The latter two can be allowed by explicitly whitelisting them in APP_CONFIG[:handle_whitelist]. We stick to blocking names that have been configured as both blacklisted and whitelisted - better be save than sorry. | |||
| 2013-10-17 | use latest version of srp_js to fix #4002 | Azul | |
| We were not encoding the srp password properly before. So umlauts in the password would cause the login procedure to fail. | |||
| 2013-10-01 | Allow admins to view past-due subscriptions. | jessib | |
| 2013-09-26 | Since local part of email is case sensitive, want to allow remote email ↵ | jessib | |
| addresses with uppercase letters in local part. | |||
| 2013-09-25 | visual feedback when submitting forms (#3164) | Azul | |
| This also helps with the failing integration test. We needed a way to tell the ajax request was back. Observing the button state now works for that. | |||
| 2013-09-24 | use token auth when accessing the api from webapp | Azul | |
| One failing integration test still needs to be fixed | |||
| 2013-09-23 | This ensures that email addresses contain only lowercase letters, and that ↵ | jessib | |
| an identity's destination is a valid Email. | |||
| 2013-09-23 | Merge branch 'develop' into feature/only_lower_case_aliases | jessib | |
| 2013-09-23 | security fix: clear srp data from db asap (#3686) | Azul | |
| This is a quick fix for iSEC issue #13. | |||
| 2013-09-19 | Merge branch 'develop' into feature/only_lower_case_aliases | jessib | |
| 2013-09-19 | Merge pull request #82 from azul/feature/sessions-expire | jessib | |
| Feature/sessions expire | |||
| 2013-09-18 | user.account shortcut to Account.new(user) | Azul | |
| 2013-09-17 | integration tests for session expiry | Azul | |
| 2013-09-09 | Merge branch 'develop' into feature/only_lower_case_aliases | jessib | |
| 2013-09-05 | For moment, have identity's address handle aliased from login so we can use ↵ | jessib | |
| LoginFormatValidation. However, this is not how we will want it eventually. One issue is that the errors messages are set on login, rather than the appropriate field. | |||
| 2013-09-05 | Ensure that address in identity really is a LocalEmail. | jessib | |
| 2013-09-05 | Test of failing to add non-local email address as an identity's address. | jessib | |
| 2013-09-05 | Move handle method to Email model and have it work for local and non-local ↵ | jessib | |
| emails. | |||
| 2013-09-04 | use /login instead of /sessions/new and test successful login | Azul | |
| 2013-09-04 | fix login form - use api session url | Azul | |
| There's no non api sessions resource anymore. | |||
| 2013-09-03 | Merge pull request #73 from azul/bugfix/3623-teardown-test-data-properly | jessib | |
| Bugfix/3623 teardown test data properly | |||
| 2013-09-03 | Merge pull request #75 from azul/feature/token-expiry | jessib | |
| Token expiry | |||
| 2013-09-03 | Merge pull request #76 from azul/feature/3600-visual-feedback-on-failed-signup | jessib | |
| Ensure json requests get json error response on failure | |||
| 2013-09-03 | clearify usage of V1::UsersController#index for autocomplete | Azul | |
| [skip ci] | |||
| 2013-09-03 | use the login logout named route instead of sessions resource | Azul | |
| The main part of the sessions resource now lives in the API. the two named routes are just fine for what is left. | |||
| 2013-09-03 | remove email aliases controller - we don't use it anymore | Azul | |
| 2013-09-03 | Cleanup sessions controller - webapp logs in through the api. | Azul | |
| So the #create and #update actions were not needed anymore. Also removed the tests | |||
| 2013-09-03 | Account: Composition to handle User and its identities | Azul | |
| We have a lot of things that act upon a user record and one or more of it's identities at the same time: * Sing up: Create a user and it's initial identity * Rename: Change the username and create a new identity, turn old into an alias * Cancel Account: Remove user and all their identities. In order to keep the User and Identity behaviour isolated but still have a this logic represented in a sinle place the Account model deals with all these things. We could have overwritten the User#create, User#update and User#destroy methods instead. But then we would always create identities, even if we only need a user (for example in tests). | |||
| 2013-09-03 | cleanup records after running user integration tests | Azul | |
 |
index : leap_web.git | |
| [leap_web] | git repository hosting |
| summaryrefslogtreecommitdiff |