summaryrefslogtreecommitdiff
path: root/users
AgeCommit message (Collapse)Author
2013-04-02send salt on Session#create without srp ephemeral AAzul
2013-03-05Merge branch 'master' into feature/limit_user_leakAzul
Conflicts: users/lib/warden/strategies/secure_remote_password.rb
2013-03-05minor: fixed logout linkAzul
2013-03-04Update tests and documentation to reflect changed error messages with ↵jessib
incorrect username or password on login attempt.
2013-03-04make api test script work with bitmask and print logAzul
2013-03-01Merge pull request #32 from azul/feature/api-version-1-fixesazul
Feature: API version 1 fixes
2013-02-28When attempting to login, the error messages should not leak information ↵jessib
about whether a username is valid. This also means the error message is more appropriate if somebody tries to login with somebody else's username and their password.
2013-02-28Have specific error messages for usernames with incorrect formats.jessib
Signed-off-by: jessib <jessib@leap.se>
2013-02-26Merge branch 'master' into feature/limit_usernamesjessib
2013-02-26Change to language for when updating username/password.jessib
2013-02-26Changes to valid format for usernames.jessib
2013-02-26api for sessions fixedAzul
* now we return the user id on login * allow a destroy request for logging out * added test for api sessions controller
2013-02-25Admins cannot update a user. Eventually we will want to allow admins to ↵jessib
update some user fields.
2013-02-25Slight refactoring of partialsjessib
2013-02-25Add hint that password change is optionaljessib
2013-02-19Needs some cleanup, but this has one form where user can change username and ↵jessib
password (they can leave either the same if they just want to change one, but we should make this clearer.)
2013-02-19Only check if last email alias is valid if the user has a last email alias.jessib
2013-02-06we don't add srp stuff to user class anymoreAzul
warden srp strategy in lib has it all.
2013-02-06using ruby-srp 0.1.5 SRP::Client to wrap user in sessionAzul
2013-01-31Remove public key if the key is passed as nil, but not otherwise.jessib
There was a weird case with reloading the user in the test if the public key had been unset.
2013-01-29A user's public_key is the only attribute they should be able to update via API.jessib
2013-01-29Allow PUT API to update user.jessib
2013-01-25Merge branch 'feature/webfinger' of https://github.com/leapcode/leap_webAzul
Conflicts: users/app/views/users/edit.html.haml
2013-01-24Removing aliases from webfinger as the link wouldn't work anyway, and don't ↵jessib
want to leak ID information.
2013-01-23functional test for webfingerAzul
2013-01-23added a small test for HostMetaPresenter and using links hash in xml viewAzul
2013-01-23added unit tests for user presenterAzul
changed the way the presenter works. Will need functional testing
2013-01-23not inluding link to key if there is noneAzul
2013-01-23make raising not found error less confusingAzul
2013-01-22Rough way to allow user to paste in their key, but certainly we will want ↵jessib
different display.
2013-01-22Edit form should show email address for the currently displayed user.jessib
2013-01-22Users now have an email_address, not an email.jessib
2013-01-22fixing xml and adding json representation for host_metaAzul
2013-01-22removed accidentaily commited filesAzul
2013-01-22adding json jrd responses to webfingerAzul
2013-01-22render 404 if neededAzul
2013-01-22some basic webfinger routes, controller, presenters, viewsAzul
2013-01-18more flexible email partialAzul
2013-01-18Merge remote-tracking branch 'origin/master' into feature/fixed-email-addressAzul
Conflicts: users/app/views/emails/_email.html.haml
2013-01-17Merge pull request #17 from leapcode/feature/tickets_controllers_simplificationazul
Refactoring of tickets controller to fetch the ticket in a before filter...
2013-01-17Merge pull request #16 from leapcode/feature/fixing-routes-with-apiazul
Fixing routes with api
2013-01-18minor: smalles fix ever - is_admin? has a questionmarkAzul
2013-01-17Should be able to create a user when not logged in.jessib
This isn't ready to merge, as there is an issue with logging in as an admin in the test.
2013-01-17Merge branch 'master' into feature/tickets_controllers_simplificationjessib
Conflicts: users/app/controllers/users_controller.rb
2013-01-17Deal with corner case where we don't have authenticated user. Will write a ↵jessib
test after merging in show view for users.
2013-01-17minor fixes to validation workflowAzul
2013-01-17unit tests passingAzul
2013-01-16incomplete initial changes to make email address just login@domain.tldAzul
This involves a number of other changes like making sure the comparison between aliases and emails still works. Will do that by removing the @domain.tld from aliases as well.
2013-01-16using subdomain for api requests properlyAzul
2013-01-15For both users and tickets, if the object is not found and the current user ↵jessib
is an admin, they should see an alert that the object wasn't found, and be redirected to the current controller. If the object isn't found and the current user is not an admin, then we will continue to give an error about no access, so as not to leak information about what IDs do and don't exist.