discourse/spec/controllers
Sam ff49f72ad9 FEATURE: per client user tokens
Revamped system for managing authentication tokens.

- Every user has 1 token per client (web browser)
- Tokens are rotated every 10 minutes

New system migrates the old tokens to "legacy" tokens,
so users still remain logged on.

Also introduces weekly job to expire old auth tokens.
2017-02-07 09:22:16 -05:00
..
admin SECURITY: correctly validate input when admin searches for screened ips 2017-02-06 16:11:16 -05:00
application_controller_spec.rb Second review fixes 2016-09-26 20:46:55 -03:00
badges_controller_spec.rb Prepare for separation of RSpec helper files 2015-12-01 20:39:42 +00:00
categories_controller_spec.rb Revert "FIX: don't overwrite category's logo & background URLs" 2016-09-22 11:30:19 +08:00
category_hashtags_controller_spec.rb FIX: Clashing category slug. 2016-01-13 15:32:29 +08:00
clicks_controller_spec.rb Prepare for separation of RSpec helper files 2015-12-01 20:39:42 +00:00
composer_messages_controller_spec.rb FEATURE: Prompt users when they are entering duplicate links 2016-06-07 14:47:22 -04:00
directory_items_controller_spec.rb Upgrade rspec to 3.4.0. 2016-05-30 11:38:38 +08:00
draft_controller_spec.rb Prepare for separation of RSpec helper files 2015-12-01 20:39:42 +00:00
email_controller_spec.rb User interface for watching first post 2016-07-07 11:21:50 -04:00
embed_controller_spec.rb update embed_controller_spec 2016-12-13 16:29:51 -05:00
export_csv_controller_spec.rb Prepare for separation of RSpec helper files 2015-12-01 20:39:42 +00:00
extra_locales_controller_spec.rb Skip randomly failing test first. 2016-10-01 05:14:35 +08:00
finish_installation_controller_spec.rb Allow step 0 to resend the confirmation email 2016-10-21 11:34:19 -04:00
groups_controller_spec.rb FEATURE: Public groups. 2016-12-12 17:00:30 +08:00
invites_controller_spec.rb FEATURE: add explicit confirmation button to accept the invite 2017-01-25 15:50:30 +05:30
list_controller_spec.rb added a test for safe mode 2016-11-23 13:31:05 +11:00
metadata_controller_spec.rb FEATURE: Add /search discovery 2016-03-28 15:07:59 -07:00
notifications_controller_spec.rb FEATURE: clean API method for reading a single notification 2016-09-16 16:14:15 +10:00
omniauth_callbacks_controller_spec.rb Upgrade rspec to 3.4.0. 2016-05-30 11:38:38 +08:00
onebox_controller_spec.rb FIX: prevent DDoS with lots of _oneboxable_ links 2016-12-20 00:31:10 +01:00
permalinks_controller_spec.rb Prepare for separation of RSpec helper files 2015-12-01 20:39:42 +00:00
post_action_users_controller_spec.rb Prepare for separation of RSpec helper files 2015-12-01 20:39:42 +00:00
post_actions_controller_spec.rb FIX: Return 404 if id is not valid. 2017-01-06 10:39:44 +08:00
posts_controller_spec.rb FIX: Toggling a post's wiki status should not skip revision. 2017-01-25 13:34:55 +08:00
queued_posts_controller_spec.rb Prepare for separation of RSpec helper files 2015-12-01 20:39:42 +00:00
robots_txt_controller_spec.rb Prepare for separation of RSpec helper files 2015-12-01 20:39:42 +00:00
search_controller_spec.rb Remove SearchObserver, aim is to remove all observers 2016-12-22 13:13:14 +11:00
session_controller_spec.rb FEATURE: per client user tokens 2017-02-07 09:22:16 -05:00
similar_topics_controller_spec.rb Prepare for separation of RSpec helper files 2015-12-01 20:39:42 +00:00
site_controller_spec.rb FEATURE: basic info route for all sites, even ones that require login 2016-08-12 17:10:35 +10:00
site_customizations_controller_spec.rb Prepare for separation of RSpec helper files 2015-12-01 20:39:42 +00:00
static_controller_spec.rb FIX: on 404 from brotli asset path return a correctly encoded doc 2016-12-15 16:05:20 +11:00
steps_controller_spec.rb FIX: You should be an admin to do the wizard 2016-09-22 11:12:51 -04:00
stylesheets_controller_spec.rb Prepare for separation of RSpec helper files 2015-12-01 20:39:42 +00:00
tags_controller_spec.rb FIX: topic list filters for bookmarked, posted, and read now work with tag filter 2016-12-02 15:58:14 -05:00
topics_controller_spec.rb SECURITY: Users can only bookmark posts which they can see. 2016-12-21 12:01:26 +08:00
uploads_controller_spec.rb add test case for handling uploads without extension 2016-12-20 00:46:47 +05:30
user_actions_controller_spec.rb remove rails-observers 2016-12-22 16:46:53 +11:00
user_api_keys_controller_spec.rb FEATURE: user API now contains scopes so permission is granular 2016-10-14 16:05:42 +11:00
user_avatars_controller_spec.rb FIX: properly specify default on no cache on all resources 2016-11-15 17:00:44 +11:00
user_badges_controller_spec.rb FEATURE: Webhook for user creation and approval 2016-09-19 10:12:55 +08:00
users_controller_spec.rb FEATURE: per client user tokens 2017-02-07 09:22:16 -05:00
users_email_controller_spec.rb SECURITY: Support for confirm old as well as new email accounts 2016-03-08 14:52:22 -05:00
webhooks_controller_spec.rb FIX: bounce webhooks should also use recipient address 2017-02-05 19:06:35 +01:00
wizard_controller_spec.rb FIX: You should be an admin to do the wizard 2016-09-22 11:12:51 -04:00