Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Sep 6, 2011
  1. @lrbalt

    Merge pull request #26 from jstepien/bcrypt

    lrbalt authored
    Hash passwords with BCrypt instead of SHA1
Commits on Sep 5, 2011
  1. @jstepien

    Password-rehashing "down" for migration 20110727073510

    jstepien authored
    Reinier Balt wrote:
    > One problem I see is when people want to downgrade. You chop the
    > password field back to 40 chars, but it will cause all users incapable
    > of logging in. Perhaps we can put a default password in the password on
    > migration.down? like sha1('secret123') so we leave Tracks operable on
    > downgrade?
    
    #26 (comment)
  2. @jstepien
  3. @jstepien
  4. @jstepien
  5. @jstepien

    Prevent redefinition of factories

    jstepien authored
    This commit catches Factory::DuplicateDefinitionErrors raised by
    factory_girl 2.1.0. See the following thread for some background.
    
    http://groups.google.com/group/factory_girl/browse_thread/thread/4df21d9240c20198
  6. @jstepien

    Fixed User specs broken in commit 096a378

    jstepien authored
    Expressions '...should == @user' caused specs to fail because of
    
      ArgumentError in 'User authentication resets password'
      wrong number of arguments (0 for 1)
    
    Replacing expectations declared for User objects with expectations declared
    for their id fields solves the problem and doesn't change specs' logic.
  7. @jstepien
  8. @jstepien
  9. @jstepien
Commits on Sep 4, 2011
  1. @jstepien
Commits on Jul 27, 2011
  1. @jstepien
Commits on Jul 23, 2011
  1. @jstepien

    Hash passwords with BCrypt instead of SHA1

    jstepien authored
    BCrypt is regarded as a more secure alternative to hashing using message
    digest algorithms, such as MD5 and SHA families [0, 1, 2]. Apart from
    built-in salting it is adaptable to the increasing power of modern
    processing units, which makes it more secure against brute-force cracking.
    
    This commit makes all passwords hashed using BCrypt. The session tokens
    remain generated using SHA1. Tests were updated, `rake test:units` and
    `rake test:functionals` didn't report any regressions.
    
    [0] http://bcrypt.sourceforge.net/
    [1] http://en.wikipedia.org/w/index.php?title=Bcrypt&oldid=439692871
    [2] https://github.com/codahale/bcrypt-ruby/blob/eab1c72/README.md
Commits on Jul 16, 2011
Commits on Jul 10, 2011
  1. @lrbalt

    fix #999 by adding a menu to the mobile interface where you can choos…

    lrbalt authored
    …e the action you want to take on a todo, including deferring
Commits on Jul 9, 2011
  1. @lrbalt
  2. @lrbalt
  3. @lrbalt
  4. @lrbalt
  5. @lrbalt
  6. @lrbalt

    make sure toggle_check and deleting of todos, recurring_todos and pro…

    lrbalt authored
    …jects work in the new done views
  7. @lrbalt
  8. @lrbalt
  9. @lrbalt
  10. @lrbalt
  11. @lrbalt
  12. @lrbalt
  13. @lrbalt
  14. @lrbalt

    restore stats route

    lrbalt authored
  15. @lrbalt
  16. @lrbalt

    start on done overview page

    lrbalt authored
  17. @lrbalt
Commits on Jun 14, 2011
  1. @lrbalt
Commits on Jun 12, 2011
  1. @lrbalt

    fix cucumber scenarios where show_from was set too early

    lrbalt authored
    need to figure out how to restore this...
Something went wrong with that request. Please try again.