leap_web.git - [leap

Age	Commit message (Collapse)	Author
2013-09-19	Merge pull request #82 from azul/feature/sessions-expire	jessib
	Feature/sessions expire
2013-09-18	user.account shortcut to Account.new(user)	Azul

2013-09-17	integration tests for session expiry	Azul

2013-09-04	use /login instead of /sessions/new and test successful login	Azul

2013-09-04	fix login form - use api session url	Azul
	There's no non api sessions resource anymore.
2013-09-03	Merge pull request #73 from azul/bugfix/3623-teardown-test-data-properly	jessib
	Bugfix/3623 teardown test data properly
2013-09-03	Merge pull request #75 from azul/feature/token-expiry	jessib
	Token expiry
2013-09-03	Merge pull request #76 from azul/feature/3600-visual-feedback-on-failed-signup	jessib
	Ensure json requests get json error response on failure
2013-09-03	clearify usage of V1::UsersController#index for autocomplete	Azul
	[skip ci]
2013-09-03	use the login logout named route instead of sessions resource	Azul
	The main part of the sessions resource now lives in the API. the two named routes are just fine for what is left.
2013-09-03	remove email aliases controller - we don't use it anymore	Azul

2013-09-03	Cleanup sessions controller - webapp logs in through the api.	Azul
	So the #create and #update actions were not needed anymore. Also removed the tests
2013-09-03	Account: Composition to handle User and its identities	Azul
	We have a lot of things that act upon a user record and one or more of it's identities at the same time: * Sing up: Create a user and it's initial identity * Rename: Change the username and create a new identity, turn old into an alias * Cancel Account: Remove user and all their identities. In order to keep the User and Identity behaviour isolated but still have a this logic represented in a sinle place the Account model deals with all these things. We could have overwritten the User#create, User#update and User#destroy methods instead. But then we would always create identities, even if we only need a user (for example in tests).
2013-09-03	cleanup records after running user integration tests	Azul

2013-09-03	simplify users_controller_test	Azul

2013-09-03	don't leave id records behind when unit testing	Azul

2013-09-03	expire token according to config setting auth:token_expires_after	Azul

2013-09-03	use Token#authenticate for authentication	Azul
	This will return the user. But we can add timestamp validations and updates here.
2013-09-03	integration test for displaying internal server error during signup	Azul

2013-09-02	Remove references to email_settings controller, which has been removed. An ↵	jessib
	identities controller will replace it.
2013-08-30	there's no need for User#find_by_param. clean it up	Azul

2013-08-27	Not ideal way to do it, but was proving complicated to have a config file ↵	jessib
	specify which gems for which environments. Here, we have the billing gem included for the development and test environments only, hardcoded in the Gemfile. Then we show the links to billing based on a config file setting. The setting itself could be used to specify different types of billing, but isn't yet.
2013-08-27	Merge branch 'master' into billing_with_tests	jessib

2013-08-27	refactor: Changing the py test to use less globals and session only locally.	Azul

2013-08-27	use token to update user password	Azul

2013-08-27	separate different tests for showing non existant user	Azul
	This way the failed stubbing errors were more telling
2013-08-27	token.user will get you the right user	Azul
	This way we can stub the token to return the user directly. Stubbing User.find_by_param is not a good idea as it will make all calls to User#find_by_param with a different id fail.
2013-08-27	do not redirect if no token present	Azul
	So far we allow two mechanisms of authentication: * session based * token based If token fails session will be atempted in most cases. So we can't just redirect here or we get a double render error.
2013-08-27	make sure find_record still works with real records	Azul

2013-08-27	clear token on logout with test	Azul

2013-08-27	basic testing for token based auth in tests	Azul

2013-08-27	first steps towards enabling token based auth	Azul

2013-08-27	sort authentication controller extension	Azul

2013-08-27	minor: remove puts line	Azul

2013-08-22	Merge pull request #69 from azul/bugfix/update_user_password_through_api	jessib
	Test updating user password through api
2013-08-22	Merge pull request #70 from azul/bugfix/validate_login_like_signup	jessib
	use the same login validations on sessions and users
2013-08-21	Merge remote-tracking branch 'jessib/js_warning'	Azul

2013-08-21	return 204 NO CONTENT on API logout	Azul
	That's the only meaningful response.
2013-08-21	use the same login validations on sessions and users	Azul
	The session ones were outdated so valid usernames could not login if they contained a '.' Refactored so both models use the same module for this validation to ensure consistency.
2013-08-21	also test updating the user password in python against dev.bm	Azul

2013-08-21	integration test updating users password	Azul

2013-08-20	Tweak to parameters to fix wrong-number-of-arguments error blocking other work.	jessib

2013-08-19	Change JS warning message per https://leap.se/code/issues/3492	jessib
	Key must end in _html so the html doesn't get escaped.
2013-08-13	Option to disable billing engine and hide billing related links. To actual ↵	jessib
	disable, must remove billing engine from Gemfile (and re-bundle)
2013-08-08	Merge pull request #64 from azul/feature/identity-rewrite	jessib
	Feature/identity rewrite
2013-08-08	close srp vulnerability and report error in webapp	Azul

2013-08-07	integration test exploiting srp vulnerability	Azul

2013-07-25	Have navigation link to new customer form if user is not already a braintree ↵	jessib
	customer.
2013-07-24	also destroy the identity for a test user during teardown	Azul

2013-07-24	keeping the pgp_key accessors for User so views still work	Azul