summaryrefslogtreecommitdiff
path: root/service/pixelated/resources/root_resource.py
AgeCommit message (Collapse)Author
2017-03-30[#932] Makes account recovery resource publicAnike Arni
2017-03-27[#932] Creates account recovery resourceAnike Arni
2017-03-14[#924] Implements update recovery code through bitmaskThais Siqueira
with @anikarni
2017-02-16[#907] Bundles login static files separatelyAnike Arni
Due to conflicts with public and protected urls, login and interstitial files have to be on a different public url from inbox and resources that require login. Therefore, here, we delegate that logic to webpack. Now we have a '/public' url and a '/assets' url for those static assets.
2017-02-16[#907] Adapt login status to work with single userTulio Casagrande
with @anikarni
2017-02-16[#907] Remove duplicate assets child resourceAnike Arni
with @tuliocasagrande
2017-02-16[#907] Simplify static folderAnike Arni
with @tuliocasagrande
2017-02-16[#907] Convert login page to reactTulio Casagrande
with @anikarni
2017-02-09[#922] Rename backup account flowTayane Fernandes
To differentiate between the account recovery flow and the set backup email flow, we renamed all resources and url to reflect this. with @anikarni
2017-02-01[#922] Create route for account recoveryAnike Arni
with @tayanefernandes
2017-01-25Extract duplicated methods to a common parentTulio Casagrande
2017-01-03Simplifies the get_static_folder on RootResourceBruno Wagner
There are only two possibilities currently: - The static files are at web-ui/dist - The static files are installed by the debian package at /usr/share/pixelated-user-agent This change removed the third non-existent possibility that was causing errors sometimes in a new environment (service/web-ui/dist)
2016-12-29Use only dist folder for serving applicationAnike Arni
2016-12-08Revert "[#801] Merge branch 'signup'"Roald de Vries
This reverts commit d10f607a4d40587510b0dc31b31fe4750bf4a3a3, reversing changes made to c28abba2f5b1186c671ebef508d40ffaae6d5bc5.
2016-12-08Revert "[#801] add signup resource + tests"Roald de Vries
This reverts commit db1cf22ca3a86027828aba30417e79363a380350.
2016-12-07[#801] add signup resource + testsZara Gebru
2016-12-05remove templates folder from root resource parametersRoald de Vries
2016-12-05use static instead of {startup,public}-assetsRoald de Vries
2016-12-05get templates from pkg_resourcesRoald de Vries
2016-12-02[refactor] move app dir into public dirZara Gebru
2016-12-01WIP: add csrf token to every requestRoald de Vries
2016-11-30log a warnin when root child is not explicitly public/protectedRoald de Vries
2016-11-30remove PublicRootResource and use a flag on RootResource insteadRoald de Vries
2016-11-30redirect to login from root url when not logged inRoald de Vries
2016-11-29make login resource part of the public root resourceRoald de Vries
2016-11-29root resource inherits from public rootRoald de Vries
2016-11-29move adding csrf to base resourceRoald de Vries
2016-11-28split inbox resource out of root resourceRoald de Vries
2016-11-24add login resource as child of public root resourceRoald de Vries
2016-11-24add public root resource to serve static filesRoald de Vries
2016-11-18serve signup page through twistedRoald de Vries
2016-10-28changed import, for snap-CI pep8NavaL
2016-10-28authentication now returns AuthenticationNavaL
leap session creation is only done post-interstitial and that logic is also extracted into its own class #795
2016-09-28actually 404-ing valid requests but non-existing resourceNavaL
Issue #684
2016-09-26Ensuring 503 is thrown whenever the root_resource is not yet initialized, ↵NavaL
for all cases, not just when it is csrf valid. Issue #684
2016-08-31Reading interstitial on class initBruno Wagner
The interstitial was being read at every login request, that was a blocking read on the main loop for every user. That file was also being opened and not closed at every request, that would aggravate the 'too many open files' problem
2016-06-27Csrf not being enforced on GETCaio Carrara
2016-06-27Fix xsrf-token verification in async callsCaio Carrara
The previous behaviour only checked xsrf-token in headers, but it can be informed in a token as well.
2016-06-24Issue #694 add an admin restricted resource for user statsNavaL
2016-06-02RootResource should return 503 during startup (#699)Blake Williams
Return 503 code while RootResource is in MODE_STARTUP
2016-03-09Issue #617: Serve content from Sandbox resourceFelix Hammerl
2016-02-25only adding feature resource in root_resource test -- fixing buildNavaL
Issue #612
2016-02-25Backend and frontend protection against csrf attacks:NavaL
- root resources changes the csrf token cookie everytime it is loaded, in particular during the intestitial load during login - it will also add that cookie on single user mode - initialize will still load all resources - but they you cant access them if the csrf token do not match - all ajax calls needs to add the token to the header - non ajax get requests do not need xsrf token validation - non ajax post will have to send the token in as a form input or in the content Issue #612
2016-02-11adds argument to supply custom disclaimer/banner on login screenNavaL
Issue #598
2016-02-03reverting unnecessary steps to not re-load leap-sessions on re-login, as ↵NavaL
they are already cached from leap side - fixing build Issue #590
2016-02-03move leap session creation to be done after interstitial is loadedNavaL
Issue #590
2016-01-22re-introduced logout functionality for multi-userNavaL
Issue #576
2016-01-22Add mutli-user mode to user-agentFolker Bernitt
- Issue #576 - To start in multi user, run with --multi-user --provider provider-name.tld
2016-01-19Make RootResource read account email from mail serviceFolker Bernitt
- Issue #576
2016-01-18root resource now depends on the services factory -- and mail service, for ↵NavaL
now -- Issue #576