leap_web.git - [leap

Age	Commit message (Collapse)	Author
2013-08-22	Merge pull request #69 from azul/bugfix/update_user_password_through_api	jessib
	Test updating user password through api
2013-08-22	Merge pull request #70 from azul/bugfix/validate_login_like_signup	jessib
	use the same login validations on sessions and users
2013-08-21	Merge remote-tracking branch 'jessib/js_warning'	Azul

2013-08-21	return 204 NO CONTENT on API logout	Azul
	That's the only meaningful response.
2013-08-21	use the same login validations on sessions and users	Azul
	The session ones were outdated so valid usernames could not login if they contained a '.' Refactored so both models use the same module for this validation to ensure consistency.
2013-08-21	also test updating the user password in python against dev.bm	Azul

2013-08-21	integration test updating users password	Azul

2013-08-20	Tweak to parameters to fix wrong-number-of-arguments error blocking other work.	jessib

2013-08-19	Change JS warning message per https://leap.se/code/issues/3492	jessib
	Key must end in _html so the html doesn't get escaped.
2013-08-08	Merge pull request #64 from azul/feature/identity-rewrite	jessib
	Feature/identity rewrite
2013-08-08	close srp vulnerability and report error in webapp	Azul

2013-08-07	integration test exploiting srp vulnerability	Azul

2013-07-24	also destroy the identity for a test user during teardown	Azul

2013-07-24	keeping the pgp_key accessors for User so views still work	Azul

2013-07-24	separate signup and settings service objects for user	Azul

2013-07-24	removed email settings controller and views	Azul
	PGP setting has been moved into account settings. It's using the API now issueing an Ajax request without any visual feedback. This obviously is not what we want but it hopefully suffices for uploading gpg keys for testing purposes before the Identity UI is in place.
2013-07-24	setter for keys for dirty tracking, more robust tests	Azul
	Just altering identity.keys did not mark identities as changed. Also we now have a sane default for keys.
2013-07-24	test user validates uniqueness of login amongst aliases	Azul

2013-07-24	no need for a remote email class	Azul

2013-07-24	support deprecated API to set users main identity pgp key	Azul
	We'll want to get rid of the #public_key and #public_key= functions but they are still used from the users controller. We'll probably have an identity controller instead at some point.
2013-07-24	remove email aliases test - we'll move them to identities	Azul

2013-07-24	add keys to identity	Azul

2013-07-24	remove the remainders of email aliases and forward from user	Azul

2013-07-24	allow available and unique forwards only	Azul

2013-07-24	validations of email format and local domain moved over	Azul

2013-07-24	local email adds domain if needed	Azul

2013-07-24	testing all versions of emial identities, emails are now strings	Azul

2013-07-24	move identity creation into user class	Azul
	It's always based on a user and most default values are based on user properties.
2013-07-24	first take on identity model - still broken	Azul

2013-07-16	adapt srp account_flow test for the api to new ruby_srp API	Azul

2013-07-16	ensure the page has been reloaded before testing current_path	Azul
	This test would fail sometimes on assert_equal '/', current_path I believe it was a timing issue. page.has_content? will wait for the content to show up. So afterwards the current_path should always be correct.
2013-07-16	to move to the next iteration use continue in js.	Azul

2013-07-16	use ruby-srp 0.2.0 which has a hex based api	Azul

2013-07-16	prevent _ prefixes for couchDB document ids	Azul

2013-07-15	require test_helper from account test so it can be run in isolation	Azul

2013-07-14	make sure capybara runs the whole rack app	Azul
	We use port 3003 for the integration test server. This test takes a few seconds (~8) now. Most of this is startup time of the server. A second run still takes 2 seconds like before.
2013-07-14	we do not expose M2 in srp.js anymore.	Azul
	So there is no way to print it. This message used to be correct but there are also other things that can cause this to fail now. So let's just remove it.
2013-07-14	js integration test for signup, login, logout	Azul

2013-07-12	remove test for duplicate login - we'll prevent that on the client side	Azul
	SRP happens in two steps: * handshake * validation During the validation we delete the handshake data from the session. So a second validation does not really work. It could build upon the first one but it would not be able to send M2 to the client. So instead of trying to do sth. usefull when two validation requests are send we require the client to only send one.
2013-07-12	print debug info on failed login attempts	Azul

2013-07-11	fix failing tests	elijah

2013-07-11	Slight tweak in case we get back the default response to warden's fail!, ↵	jessib
	which is not an enumerable.
2013-07-11	Slight cleanup due to some emacs annoyances.	jessib

2013-07-11	Clear authentication errors before displaying new ones.	jessib

2013-07-11	Merge branch 'master' into feature/authentication_generic_error	jessib

2013-07-09	Merge branch 'master' into feature/authentication_generic_error	jessib
	Conflicts: app/views/layouts/_messages.html.haml app/views/layouts/application.html.haml users/app/assets/javascripts/users.js.coffee
2013-07-09	Cleanup to show enable/deactivate account functionality in new UI.	jessib

2013-07-08	Merge branch 'master' into feature/disable_account	jessib
	Conflicts: users/app/controllers/users_controller.rb users/app/helpers/users_helper.rb users/app/views/users/edit.html.haml users/app/views/users/show.html.haml users/config/locales/en.yml
2013-07-06	updated srp_js submodule	elijah

2013-07-05	remove unused user views	elijah