Permalink
Commits on Sep 6, 2011
  1. @lrbalt

    Merge pull request #26 from jstepien/bcrypt

    Hash passwords with BCrypt instead of SHA1
    lrbalt committed Sep 6, 2011
Commits on Sep 5, 2011
  1. @jstepien

    Password-rehashing "down" for migration 20110727073510

    Reinier Balt wrote:
    > One problem I see is when people want to downgrade. You chop the
    > password field back to 40 chars, but it will cause all users incapable
    > of logging in. Perhaps we can put a default password in the password on
    > migration.down? like sha1('secret123') so we leave Tracks operable on
    > downgrade?
    
    #26 (comment)
    jstepien committed Sep 5, 2011
  2. @jstepien
  3. @jstepien
  4. @jstepien
  5. @jstepien

    Prevent redefinition of factories

    This commit catches Factory::DuplicateDefinitionErrors raised by
    factory_girl 2.1.0. See the following thread for some background.
    
    http://groups.google.com/group/factory_girl/browse_thread/thread/4df21d9240c20198
    jstepien committed Sep 5, 2011
  6. @jstepien

    Fixed User specs broken in commit 096a378

    Expressions '...should == @user' caused specs to fail because of
    
      ArgumentError in 'User authentication resets password'
      wrong number of arguments (0 for 1)
    
    Replacing expectations declared for User objects with expectations declared
    for their id fields solves the problem and doesn't change specs' logic.
    jstepien committed Sep 5, 2011
  7. @jstepien
  8. @jstepien
  9. @jstepien
Commits on Sep 4, 2011
  1. @jstepien
Commits on Jul 27, 2011
  1. @jstepien
Commits on Jul 23, 2011
  1. @jstepien

    Hash passwords with BCrypt instead of SHA1

    BCrypt is regarded as a more secure alternative to hashing using message
    digest algorithms, such as MD5 and SHA families [0, 1, 2]. Apart from
    built-in salting it is adaptable to the increasing power of modern
    processing units, which makes it more secure against brute-force cracking.
    
    This commit makes all passwords hashed using BCrypt. The session tokens
    remain generated using SHA1. Tests were updated, `rake test:units` and
    `rake test:functionals` didn't report any regressions.
    
    [0] http://bcrypt.sourceforge.net/
    [1] http://en.wikipedia.org/w/index.php?title=Bcrypt&oldid=439692871
    [2] https://github.com/codahale/bcrypt-ruby/blob/eab1c72/README.md
    jstepien committed Jul 23, 2011
Commits on Jul 16, 2011
Commits on Jul 10, 2011
  1. @lrbalt

    fix #999 by adding a menu to the mobile interface where you can choos…

    …e the action you want to take on a todo, including deferring
    lrbalt committed Jul 10, 2011
Commits on Jul 9, 2011
  1. @lrbalt
  2. @lrbalt
  3. @lrbalt
  4. @lrbalt
  5. @lrbalt
  6. @lrbalt

    make sure toggle_check and deleting of todos, recurring_todos and pro…

    …jects work in the new done views
    lrbalt committed Jun 21, 2011
  7. @lrbalt
  8. @lrbalt
  9. @lrbalt
  10. @lrbalt
  11. @lrbalt
  12. @lrbalt
  13. @lrbalt
  14. @lrbalt

    restore stats route

    lrbalt committed Jun 12, 2011
  15. @lrbalt
  16. @lrbalt

    start on done overview page

    lrbalt committed May 3, 2011
  17. @lrbalt
Commits on Jun 14, 2011
  1. @lrbalt
Commits on Jun 12, 2011
  1. @lrbalt

    fix cucumber scenarios where show_from was set too early

    need to figure out how to restore this...
    lrbalt committed Jun 12, 2011