1. 14 Dec, 2018 1 commit
  2. 17 Nov, 2018 1 commit
    • ale's avatar
      Switch to really opaque ResourceIDs · 78d08eef
      ale authored
      The new ResourceID is really a database ID (in our case, a LDAP DN),
      and we have completely decoupled other request attributes like type
      and owner from it.
      
      Resource ownership checks are now delegated to the backend.
      
      Also change the backend CreateResource call to CreateResources, taking
      multiple resources at once, so we can perform user-level resource
      validation, and simplify the CreateUser code path.
      78d08eef
  3. 16 Nov, 2018 1 commit
    • ale's avatar
      Add shard and status to the User type · c5d3b1a5
      ale authored
      The shard is kept in sync with the email resource shard. CreateUser
      validation enforces a single email resource per account.
      c5d3b1a5
  4. 14 Nov, 2018 1 commit
  5. 12 Nov, 2018 2 commits
  6. 11 Nov, 2018 2 commits
  7. 09 Nov, 2018 2 commits
    • ale's avatar
      Rename PasswordRecovery to AccountRecovery · ec82ed43
      ale authored
      Referring to the account is clearer. Also add account recovery
      integration tests, and a test fixture with encryption keys.
      ec82ed43
    • ale's avatar
      First stage of refactor targeting simplicity · 4e34034b
      ale authored
      Structure flow around requests themselves and composition rather than
      handlers and wrappers, the results are likely more readable (and
      shorter).
      
      Move all the user auth management business logic to a smart RawUser
      object, to separate it from details of API handling. The result should
      be more understandable: all critical changes are contained within a
      single type.
      
      Also, with all the workflow driven by Requests, we can get rid of the
      boilerplate in the HTTP API server and replace it with a tiny tiny
      layer of reflection.
      4e34034b