Commits · 5e8f0a14272a34ee9a907cd686871091364ccca0 · Hexang 息壤平台 / persona

Nov 03, 2011
- in production (dev/beta/prod) use a more conventional logging format that... · 90e0ac89
  Lloyd Hilaiel authored 13 years ago
```
in production (dev/beta/prod) use a more conventional logging format that includes timestamps.  closes #234
```
  90e0ac89
Nov 02, 2011
- fix CSRF checking logic, once we identify a single problem with the CSRF... · c83a4a7a
  Lloyd Hilaiel authored 13 years ago
```
fix CSRF checking logic, once we identify a single problem with the CSRF token, don't fall through to further checks
```
  c83a4a7a
- implement keysigner as separate process. issue #460 · 39619836
  Lloyd Hilaiel authored 13 years ago
  
  39619836
Oct 28, 2011
- all process figure out what to bind to using HOST(or IP_ADDRESS)/PORT env vars · c21c34ad
  Lloyd Hilaiel authored 13 years ago
  
  c21c34ad
- improve repository organization - closes #503 closes #488 · 54918f1d
  Lloyd Hilaiel authored 13 years ago
  
  54918f1d
Oct 26, 2011
- improved messaging for unsupported browsers - closes #273, closes #484 · e50c2b1e
  Shane Tomlinson authored 13 years ago
  
  e50c2b1e
Oct 25, 2011
- add /__heartbeat__ endpoint for load balancers - remove ping.txt - closes #481 · 334721eb
  Pete Fritchman authored 13 years ago
  
  334721eb
Oct 14, 2011
- added redirects · 0f3eadd2
  Ben Adida authored 13 years ago
  
  0f3eadd2
Oct 11, 2011

WSAPI CHANGES: All server responses are now objects, makes some funky browsers... · 511b56ae

Lloyd Hilaiel authored 13 years ago

WSAPI CHANGES: All server responses are now objects, makes some funky browsers happy and prevents certain attacks.  closes #217 closes #325

  * /wsapi/have_email now returns { email_known: <boolean> }
  * /wsapi/stage_user now returns { success: <boolean> }
  * /wsapi/user_creation_status now returns { status: <string> }
  * /wsapi/complete_user_creation now returns { status: <boolean> }
  * /wsapi/stage_email now returns { success: <boolean> }
  * /wsapi/email_addition_status now returns { success: <boolean> }
  * /wsapi/complete_email_addition now returns { success: <boolean> }
  * /wsapi/authenticate_user now returns { success: <boolean> }
  * /wsapi/remove_email now returns { success: <boolean> }
  * /wsapi/account_cancel now returns { success: <boolean> }
  * /wsapi/logout now returns { success: <boolean> }

Finally, introduced middleware to ensure that resp.json() is not called with anything other than an object.

511b56ae

Sep 29, 2011

ensure users must authenticate every week (issue #309). Also, move all magic... · 1f7461e9

Lloyd Hilaiel authored 13 years ago

ensure users must authenticate every week (issue #309).  Also, move all magic numbers out of implementation and into the configuration abstraction.

1f7461e9

Sep 23, 2011
- fixed signup and forgot · 23e8de52
  Ben Adida authored 13 years ago
  
  23e8de52
- moved email loading to wsapi · 9aa60d48
  Ben Adida authored 13 years ago
  
  9aa60d48
- removed serving of URLs with .html suffixes, added site that user is logging into · 097d626c
  Ben Adida authored 13 years ago
  
  097d626c
Sep 27, 2011
- Renaming the verify links to be the same as in the email. · 1871e663
  Shane Tomlinson authored 13 years ago
```
This gives us end to end flow!  BOOOYA!
```
  1871e663
- Making the verification file names/urls easier to grok. · a1ace952
  Shane Tomlinson authored 13 years ago
```
prove.ejs -> verifyemail.ejs
verify.ejs -> verifyuser.ejs

urls are the same - verifyemail, verifyuser
```
  a1ace952
Sep 23, 2011
- explicitly disable caching for /wsapi calls. issue #294 · fc97e0a8
  Lloyd Hilaiel authored 13 years ago
  
  fc97e0a8
- explicitly disable caching for /wsapi calls. issue #294 · 33c6c738
  Lloyd Hilaiel authored 13 years ago
  
  33c6c738
Sep 20, 2011
- Starting to add the final verification page. · 390ef033
  Shane Tomlinson authored 13 years ago
  
  390ef033
Sep 19, 2011
- Starting to add the final verification page. · 5f5b7bbc
  Shane Tomlinson authored 13 years ago
  
  5f5b7bbc
Sep 15, 2011
- remove webfinger logic and tons of dead code from the verifier · 410712ab
  Lloyd Hilaiel authored 13 years ago
  
  410712ab
Sep 14, 2011
- now that jwcrypto is a node module, we shall change the way that we include it... · d3bae657
  Lloyd Hilaiel authored 13 years ago
```
now that jwcrypto is a node module, we shall change the way that we include it (ie jwcrypto/vep rather than by relative path)
```
  d3bae657
Sep 08, 2011
- added early primary support · 982741ce
  Ben Adida authored 13 years ago
  
  982741ce
Sep 07, 2011
- began rework of dialog for certs, not working yet · 8f7ae0c5
  Ben Adida authored 13 years ago
  
  8f7ae0c5
- added /pk and corresponding tests · e67416d8
  Ben Adida authored 13 years ago
  
  e67416d8
- added verifier of certs · 62be2214
  Ben Adida authored 13 years ago
  
  62be2214
Sep 01, 2011
- Adding the ability to put .html on the end of the "relay" call. · 717cc91c
  Shane Tomlinson authored 13 years ago
  
  717cc91c
- Removal of experiment of x-frames-header. · 8c98ecb9
  Shane Tomlinson authored 13 years ago
  
  train-2011.09.01-DERAILED
  
  8c98ecb9
Aug 31, 2011
- Removing the experiment with the xframe header. · 33452fa2
  Shane Tomlinson authored 13 years ago
  
  33452fa2
- Experiment to see if IE allows our IFRAME to open. · f47dd9e9
  Shane Tomlinson authored 13 years ago
  
  f47dd9e9
- Experiment to see if ie allows us to include the proxy iframe now. · d0635c70
  Shane Tomlinson authored 13 years ago
  
  d0635c70
- initial push toward the new design. this is only for the site and does not... · c5aaf921
  Bryan Clark authored 13 years ago
```
initial push toward the new design.  this is only for the site and does not include the popup.  serveral places are broken and marked with a XXX for fixing.

Conflicts:

	browserid/static/css/style.css
```
  c5aaf921
Aug 30, 2011
- Only allow relay to be opened in an iframe. · 4d6293ba
  Shane Tomlinson authored 13 years ago
  
  4d6293ba
- initial push toward the new design. this is only for the site and does not... · f731b84e
  Bryan Clark authored 13 years ago
```
initial push toward the new design.  this is only for the site and does not include the popup.  serveral places are broken and marked with a XXX for fixing.
```
  f731b84e
- Starting to set up a relay frame. · 0f1f8e5c
  Shane Tomlinson authored 13 years ago
  
  0f1f8e5c
Aug 23, 2011
- test harness now tries to shut down gracefully. this allows cleanup to occur... · 01119aba
  Lloyd Hilaiel authored 13 years ago
```
test harness now tries to shut down gracefully.  this allows cleanup to occur (i.e. of database when running in a test mode)
```
  01119aba
Aug 19, 2011

move secrets.js up to the libs/ dir. it's useful that all code that uses... · d3a46eb2

Lloyd Hilaiel authored 13 years ago

move secrets.js up to the libs/ dir.  it's useful that all code that uses random strings routes through the same abstraction so that we can later improve a single function.  a central location makes this (more) obvious.

d3a46eb2

Aug 18, 2011
- more verbose debug logging on CSRF token verification failure (explain why) · de489f22
  Lloyd Hilaiel authored 13 years ago
  
  de489f22
- be a bit more strinigent in our CSRF token checking per @benadida's recommendation · 04aafe83
  Lloyd Hilaiel authored 13 years ago
  
  04aafe83
- move /csrf to /wsapi/csrf. add /wsapi path to cookies, as all other requests... · 1c387edd
  Lloyd Hilaiel authored 13 years ago
```
move /csrf to /wsapi/csrf.  add /wsapi path to cookies, as all other requests should have aggressive cache headers.  Only create a csrf token when the client asks for it.  issue #173
```
  1c387edd
- add logging to CSRF token generation, and rather than throwing an exception... · 4534ddc9
  Lloyd Hilaiel authored 13 years ago
```
add logging to CSRF token generation, and rather than throwing an exception when a mismatch is detected, log an error and return a bad request to the client (seems like a better fit than 'not authorized'). issue #173
```
  4534ddc9