Age | Commit message (Collapse) | Author | |
---|---|---|---|
2016-12-05 | no difference between dev and prod static files | Roald de Vries | |
2016-12-05 | remove templates folder from root resource parameters | Roald de Vries | |
2016-12-05 | use static instead of {startup,public}-assets | Roald de Vries | |
2016-12-05 | get templates from pkg_resources | Roald de Vries | |
2016-12-02 | [#625, #851] fixing log typo and adding test making sure encryption error ↵ | NavaL | |
does propagate to mails resources | |||
2016-12-02 | [refactor] move app dir into public dir | Zara Gebru | |
2016-12-01 | [#849] Change unauthorized message | Tulio Casagrande | |
2016-12-01 | use the right inbox template | Roald de Vries | |
2016-12-01 | WIP: add csrf token to every request | Roald de Vries | |
2016-11-30 | add csrf token to login form | Roald de Vries | |
2016-11-30 | log a warnin when root child is not explicitly public/protected | Roald de Vries | |
2016-11-30 | remove PublicRootResource and use a flag on RootResource instead | Roald de Vries | |
2016-11-30 | redirect to login from root url when not logged in | Roald de Vries | |
2016-11-29 | make login resource part of the public root resource | Roald de Vries | |
2016-11-29 | add inbox resource | Roald de Vries | |
2016-11-29 | Merge branch 'master' into signup | Roald de Vries | |
2016-11-29 | root resource inherits from public root | Roald de Vries | |
2016-11-29 | move adding csrf to base resource | Roald de Vries | |
2016-11-29 | return resource instead of username/avatarId as avatar | Roald de Vries | |
2016-11-28 | split inbox resource out of root resource | Roald de Vries | |
2016-11-25 | make credentialsFactories parameter to auth session wrapper optional | Roald de Vries | |
2016-11-24 | add login resource as child of public root resource | Roald de Vries | |
2016-11-24 | add public root resource to serve static files | Roald de Vries | |
2016-11-23 | Adds traceback to logs. | Denis Costa | |
2016-11-18 | serve signup page through twisted | Roald de Vries | |
2016-11-02 | Fix logger variable name | Tulio Casagrande | |
2016-10-28 | changed import, for snap-CI pep8 | NavaL | |
2016-10-28 | removing obsolete Leap_password_checker #795 | NavaL | |
2016-10-28 | authentication now returns Authentication | NavaL | |
leap session creation is only done post-interstitial and that logic is also extracted into its own class #795 | |||
2016-10-19 | Adapted login to ignore anything after @ char | Bruno Wagner | |
2016-10-19 | Adapted logging in the UA to use twisted.logger | Bruno Wagner | |
2016-10-11 | [#792] Move leap.bonafide to leap.bitmask.bonafide | Tulio Casagrande | |
2016-10-05 | remove `set_portal`, it's not needed | Roald de Vries | |
2016-10-05 | remove pixelated realm's init parameters | Roald de Vries | |
They weren't used. Currently, the PixelatedAuthSessionWrapper determines the resource to use for a user. It would be more idiomatic to have the realm determine that. Actually, it should return the avatar as an IResource. See http://twistedmatrix.com/documents/current/web/howto/web-in-60/http-auth.html | |||
2016-10-05 | Revert "remove pixelated realm's init parameters" | Roald de Vries | |
This reverts commit 8fa81ff3b2cf0422098395ec9918d5b547fbbca5. | |||
2016-10-05 | remove pixelated realm's init parameters | Roald de Vries | |
They weren't used. Currently, the PixelatedAuthSessionWrapper determines the resource to use for a user. It would be more idiomatic to have the realm determine that. Actually, it should return the avatar as an IResource. See http://twistedmatrix.com/documents/current/web/howto/web-in-60/http-auth.html | |||
2016-09-28 | actually 404-ing valid requests but non-existing resource | NavaL | |
Issue #684 | |||
2016-09-26 | Ensuring 503 is thrown whenever the root_resource is not yet initialized, ↵ | NavaL | |
for all cases, not just when it is csrf valid. Issue #684 | |||
2016-09-23 | Replace SRPSession usages with bonafide | Tulio Casagrande | |
In order to replace leap_auth with bonafide, we created a class to hold the user credentials | |||
2016-09-23 | Fixes typo. | Denis Costa | |
2016-09-23 | Adds translation to welcome mail. | Denis Costa | |
2016-09-13 | [#778] Renaming get_key to be consistent with keymanager | Tulio Casagrande | |
2016-08-31 | Reading interstitial on class init | Bruno Wagner | |
The interstitial was being read at every login request, that was a blocking read on the main loop for every user. That file was also being opened and not closed at every request, that would aggravate the 'too many open files' problem | |||
2016-08-19 | Normalizing single and multi user bootstrap #759 | Bruno Wagner | |
Consolidated authentication to always be done is a defer to thread and changed the authenticate_user method name to conform with what it actually does | |||
2016-07-04 | Issue #738: Bypass cookie validation for sandbox | Felix Hammerl | |
2016-06-28 | Normalize i18n keys | Tulio Casagrande | |
2016-06-27 | Csrf not being enforced on GET | Caio Carrara | |
2016-06-27 | Fix xsrf-token verification in async calls | Caio Carrara | |
The previous behaviour only checked xsrf-token in headers, but it can be informed in a token as well. | |||
2016-06-24 | Issue #694 add an admin restricted resource for user stats | NavaL | |
2016-06-23 | refactoring: renaming services factory methods to relate them to user ↵ | NavaL | |
services sessions |