summaryrefslogtreecommitdiff
path: root/service/pixelated/resources
AgeCommit message (Collapse)Author
2016-11-23Adds traceback to logs.Denis Costa
2016-11-02Fix logger variable nameTulio Casagrande
2016-10-28changed import, for snap-CI pep8NavaL
2016-10-28removing obsolete Leap_password_checker #795NavaL
2016-10-28authentication now returns AuthenticationNavaL
leap session creation is only done post-interstitial and that logic is also extracted into its own class #795
2016-10-19Adapted login to ignore anything after @ charBruno Wagner
2016-10-19Adapted logging in the UA to use twisted.loggerBruno Wagner
2016-10-11[#792] Move leap.bonafide to leap.bitmask.bonafideTulio Casagrande
2016-10-05remove `set_portal`, it's not neededRoald de Vries
2016-10-05remove pixelated realm's init parametersRoald de Vries
They weren't used. Currently, the PixelatedAuthSessionWrapper determines the resource to use for a user. It would be more idiomatic to have the realm determine that. Actually, it should return the avatar as an IResource. See http://twistedmatrix.com/documents/current/web/howto/web-in-60/http-auth.html
2016-10-05Revert "remove pixelated realm's init parameters"Roald de Vries
This reverts commit 8fa81ff3b2cf0422098395ec9918d5b547fbbca5.
2016-10-05remove pixelated realm's init parametersRoald de Vries
They weren't used. Currently, the PixelatedAuthSessionWrapper determines the resource to use for a user. It would be more idiomatic to have the realm determine that. Actually, it should return the avatar as an IResource. See http://twistedmatrix.com/documents/current/web/howto/web-in-60/http-auth.html
2016-09-28actually 404-ing valid requests but non-existing resourceNavaL
Issue #684
2016-09-26Ensuring 503 is thrown whenever the root_resource is not yet initialized, ↵NavaL
for all cases, not just when it is csrf valid. Issue #684
2016-09-23Replace SRPSession usages with bonafideTulio Casagrande
In order to replace leap_auth with bonafide, we created a class to hold the user credentials
2016-09-23Fixes typo.Denis Costa
2016-09-23Adds translation to welcome mail.Denis Costa
2016-09-13[#778] Renaming get_key to be consistent with keymanagerTulio Casagrande
2016-08-31Reading interstitial on class initBruno Wagner
The interstitial was being read at every login request, that was a blocking read on the main loop for every user. That file was also being opened and not closed at every request, that would aggravate the 'too many open files' problem
2016-08-19Normalizing single and multi user bootstrap #759Bruno Wagner
Consolidated authentication to always be done is a defer to thread and changed the authenticate_user method name to conform with what it actually does
2016-07-04Issue #738: Bypass cookie validation for sandboxFelix Hammerl
2016-06-28Normalize i18n keysTulio Casagrande
2016-06-27Csrf not being enforced on GETCaio Carrara
2016-06-27Fix xsrf-token verification in async callsCaio Carrara
The previous behaviour only checked xsrf-token in headers, but it can be informed in a token as well.
2016-06-24Issue #694 add an admin restricted resource for user statsNavaL
2016-06-23refactoring: renaming services factory methods to relate them to user ↵NavaL
services sessions
2016-06-14Empty FEEDBACK_URL env variable should also disable feedbackNavaL
This is needed as we need to provide empty FEEDBACK_URL, just to remind that it can be set if desired Issue #710
2016-06-02RootResource should return 503 during startup (#699)Blake Williams
Return 503 code while RootResource is in MODE_STARTUP
2016-05-26Updated calls to addRawHeader to use setRawHeadersshabbyrobe
2016-05-22accomodates the case where the email address is the data sent with the eventNavaL
- now username and user_id are mapped when the user logs in - Issue #686
2016-05-18Issue #692 re-added logout back in the feature toggleNavaL
2016-05-13Issue #691: Refactor to Twisted 16.1.1Felix Hammerl
2016-05-11Remove dispatcher references from serviceCaio Carrara
Since we're not using dispatcher anymore, it doesn't make sense to keep dispatcher references and program flows that depend on it. For example, it doesn't make sense keep the flag --organization-mode, so it was removed as well.
2016-04-13Issue #431: ReviewFelix Hammerl
* Remove GenericDeferredErrorHandler class * Convert static method generic_error_handling to function instead
2016-04-12Removed time logging from mails_resourceBruno Wagner
Removed the time logging, it can be put adhoc when we want to test a specific case
2016-04-11Removed general timings from methodsBruno Wagner
I kept the logging functions so we can log times for tests and to investigate issues, but I removed all usages of them until someone needs them
2016-04-08Issue #431: extractes the generic handling for error callbacks in init and ↵Zara Gebru
handles login, logout, mail and tags resources
2016-04-08Issue #431: add errback on logoutZara Gebru
2016-04-06Issue #292: add fingerprint to user settings resourceZara Gebru
2016-03-24Issue #656: Fix sandbox fontsFelix Hammerl
Add CORS headers to sandbox resource Add OpenSans in normal font weight (400) to the sandbox CSS
2016-03-24Work in progress: Fix loading webfonts in the sandbox.Tobias Adam
2016-03-09Issue #617: Serve content from Sandbox resourceFelix Hammerl
2016-03-04Fix: Logout calls session expireFolker Bernitt
- Deferred was not handled as required - Test did not assert call to expire
2016-03-01Fix tests after change on OpenPGPKey.get_json APIGiovane
- The main identifier of a key now is the fingerprint, not the id anymore - The address is not required anymore when creating the json
2016-02-25only adding feature resource in root_resource test -- fixing buildNavaL
Issue #612
2016-02-25changed logout to postNavaL
Issue #612
2016-02-25Backend and frontend protection against csrf attacks:NavaL
- root resources changes the csrf token cookie everytime it is loaded, in particular during the intestitial load during login - it will also add that cookie on single user mode - initialize will still load all resources - but they you cant access them if the csrf token do not match - all ajax calls needs to add the token to the header - non ajax get requests do not need xsrf token validation - non ajax post will have to send the token in as a form input or in the content Issue #612
2016-02-24Recreate session on soledad problemsFolker Bernitt
- Issue #615 - invalid token raised by soledad after timeout, if we see this, recreate the session on next login
2016-02-23Improve error message if send mail failsFolker Bernitt
- Issue #609
2016-02-22Removes stacktrace errors from appearing on the login page.NavaL
For the case of wrong file path or file not existing Issue #214