gigi.git
5 years agoMerge "upd: more realistic content-type for cert-downloads from API"
Lucas Werkmeister [Sun, 16 Oct 2016 16:20:53 +0000 (18:20 +0200)]
Merge "upd: more realistic content-type for cert-downloads from API"

5 years agoupd: more realistic content-type for cert-downloads from API
Felix Dörre [Mon, 3 Oct 2016 12:03:27 +0000 (14:03 +0200)]
upd: more realistic content-type for cert-downloads from API

Change-Id: I4ad6ee5c27d680cbf4750fe9d8c3a754c9a58590

5 years agoMerge "upd: improve digest explanation and make SHA512 default"
Benny Baumann [Sun, 9 Oct 2016 16:20:16 +0000 (18:20 +0200)]
Merge "upd: improve digest explanation and make SHA512 default"

5 years agoupd: improve digest explanation and make SHA512 default
Lucas Werkmeister [Mon, 3 Oct 2016 16:15:22 +0000 (18:15 +0200)]
upd: improve digest explanation and make SHA512 default

See #119.

Change-Id: Ia481947c3dff9b6a9770462185c5a12f0f1d996b

5 years agoupd: use same-protocol-prefixes for static-links
Felix Dörre [Mon, 3 Oct 2016 12:02:01 +0000 (14:02 +0200)]
upd: use same-protocol-prefixes for static-links

Change-Id: I0e556b4dde914e0c8eeaccb9c6e5c703225a46ff

5 years agoupd: change mail footer so it is recognized by at least thunderbird.
Felix Dörre [Thu, 29 Sep 2016 21:05:51 +0000 (23:05 +0200)]
upd: change mail footer so it is recognized by at least thunderbird.

note: significant whitespace at the end of line 5. This whitespace is
required for thunderbird to recognize the footer.

Change-Id: I3eff5903146a5b11ef522f0cb4dba1696dca2c9e

5 years agoMerge "fix: #112 use term “country”, not “state”"
Felix Dörre [Tue, 4 Oct 2016 08:07:55 +0000 (10:07 +0200)]
Merge "fix: #112 use term “country”, not “state”"

5 years agofix: #112 use term “country”, not “state”
Lucas Werkmeister [Tue, 27 Sep 2016 10:09:28 +0000 (12:09 +0200)]
fix: #112 use term “country”, not “state”

Continuation of a1618d1.

CertificateOwner.getById() has to be updated because users.country and
organisations.country now clash.

The User constructor is updated for consistency with the Organisation
constructor.

Change-Id: I0aeaf47fa8627ba5c4a5b35f15804e283e4a55b3

5 years agoupd: add Also= directive to gigi-proxy.service
Lucas Werkmeister [Mon, 3 Oct 2016 12:35:15 +0000 (14:35 +0200)]
upd: add Also= directive to gigi-proxy.service

When the service is installed/deinstalled, install/deinstall the
accompanying socket as well. (But not the other way around: you can
install the socket alone, so that the service will only be started
on-demand.)

See systemd.unit(5).

Change-Id: I3fd4af0617e1191c96af82ae1c6491feb9dfc654

5 years agoupd: make output of Find-Agent-info JSON-formatted
Felix Dörre [Fri, 23 Sep 2016 16:57:16 +0000 (18:57 +0200)]
upd: make output of Find-Agent-info JSON-formatted

Change-Id: I773aaff596314e83b63e8555ff8e85fce1c2cf55

5 years agoMerge branch 'libs/json/local'
Felix Dörre [Tue, 27 Sep 2016 23:21:32 +0000 (01:21 +0200)]
Merge branch 'libs/json/local'

Change-Id: Ie68cd2871a8abba4386d089f25da628ba69335cc

5 years agoupd: remove json-pointer feature
Felix Dörre [Tue, 27 Sep 2016 23:15:10 +0000 (01:15 +0200)]
upd: remove json-pointer feature

Change-Id: I7c19cbfbf4de25ca7545ae93f574d597b7d723dd

5 years agoadd: import org.json
Felix Dörre [Tue, 27 Sep 2016 14:12:24 +0000 (16:12 +0200)]
add: import org.json

Change-Id: Ia39786f4396e70551aac44ce99ebc664366b4b0a

5 years agoadd: import script for json.org
Felix Dörre [Tue, 27 Sep 2016 14:08:26 +0000 (16:08 +0200)]
add: import script for json.org

Change-Id: I2d67e7ce167e2ddc5a4a5d439835a0bc33861a30

5 years agoMerge "Fix error message"
Benny Baumann [Tue, 27 Sep 2016 18:21:21 +0000 (20:21 +0200)]
Merge "Fix error message"

5 years agoFix error message
Lucas Werkmeister [Tue, 27 Sep 2016 14:27:53 +0000 (16:27 +0200)]
Fix error message

Change-Id: Ice3d62d7f75165df86c6dce60dbc6d3e9c769918

5 years agoupd: make verification processes more consistent on failure
Felix Dörre [Thu, 22 Sep 2016 21:49:48 +0000 (23:49 +0200)]
upd: make verification processes more consistent on failure

Change-Id: I0a1dfd77fea5f9b365cc166196d0068607cc2b5d

5 years agofix: content of mail footer
Felix Dörre [Thu, 22 Sep 2016 21:47:58 +0000 (23:47 +0200)]
fix: content of mail footer

Change-Id: I866901be3862c3646ff7911ee698c1ad23f934a6

5 years agofix: S/MIME signature
Felix Dörre [Wed, 21 Sep 2016 11:22:21 +0000 (13:22 +0200)]
fix: S/MIME signature

See https://tools.ietf.org/html/rfc5751#section-3.1.1 for reference.

Change-Id: I9fcd558182395ec83cadb42c0d2bc5c785d49864

5 years agoMerge "add: support configuring SetUID behavior"
Benny Baumann [Tue, 20 Sep 2016 19:23:41 +0000 (21:23 +0200)]
Merge "add: support configuring SetUID behavior"

5 years agoadd: support configuring SetUID behavior
Lucas Werkmeister [Wed, 7 Sep 2016 13:03:47 +0000 (15:03 +0200)]
add: support configuring SetUID behavior

- It is now possible to skip the setuid step altogether by setting both
  UID and GID to the special value -1.
- The Java code now verifies that the values are in range for an
  unsigned 16-bit ID.
- The C code now verifies that the cast from jint to uid_t/gid_t does
  not overflow.
- The C code now skips setuid() or setgid() if the real and effective ID
  are already the desired ID.

The 16-bit limit is somewhat arbitrary. Some old UNIX systems, such as
PWB/UNIX, supported only 8-bit IDs (see for example
/usr/man/man2/getuid.2 in Henry Spencer’s tarball); Wikipedia claims
that some other UNIX systems used 15-bit values, but does not specify
which systems; Linux originally supported 16-bit IDs but then added
support for 32-bit IDs with new syscalls in Linux 2.4. On Debian
systems, the nobody user (default setuid target) is 65534, so we need to
allow at least 16-bit IDs, otherwise the default value is invalid.

Change-Id: I66600572016b18d5ff550560048cdf691dec85e8

5 years agoadd: javadoc to "Certificate"'s constructor
Felix Dörre [Sat, 17 Sep 2016 20:49:13 +0000 (22:49 +0200)]
add: javadoc to "Certificate"'s constructor

Change-Id: I7f35343fde31b7eb3edf41a133d3600dd56338d9

5 years agoupd: factor out default client certificate profile
Felix Dörre [Fri, 16 Sep 2016 12:58:05 +0000 (14:58 +0200)]
upd: factor out default client certificate profile

Change-Id: Ief1459b17cd820d0d635e89230904d2c46cd69b2

5 years agoadd: constant for "secure." server name
Felix Dörre [Fri, 16 Sep 2016 11:05:18 +0000 (13:05 +0200)]
add: constant for "secure." server name

Change-Id: I7cfac77e65cf965d9d7f04622e6c6322880b506e

5 years agoadd: test redirect after login
Felix Dörre [Thu, 15 Sep 2016 18:34:49 +0000 (20:34 +0200)]
add: test redirect after login

Change-Id: I3caf0a1641a1673e13d68a5c8b9ec4885729811b

5 years agofix: redirect-back after login
Felix Dörre [Thu, 15 Sep 2016 18:34:36 +0000 (20:34 +0200)]
fix: redirect-back after login

Change-Id: Ib416aed3f5c64909593172dcaa378fbcbd59c183

5 years agoadd: testcase for successful certificate login
Felix Dörre [Thu, 15 Sep 2016 09:36:16 +0000 (11:36 +0200)]
add: testcase for successful certificate login

Change-Id: Ie6efe2d2a5ab6e14ca3eee95db9c5e99e498b2ce

5 years agofix: deadlock possibility in "DatabaseConnection"
Felix Dörre [Thu, 15 Sep 2016 07:50:53 +0000 (09:50 +0200)]
fix: deadlock possibility in "DatabaseConnection"

Change-Id: I987cd3d9a0940f1fe3cf9289ec7512b785eca5df

5 years agofix: certlogin. There was a "toLower" needed instead of an "toUpper"
Felix Dörre [Thu, 15 Sep 2016 07:50:37 +0000 (09:50 +0200)]
fix: certlogin. There was a "toLower" needed instead of an "toUpper"

Change-Id: Ie233b6e920ec486a7e59d100681e86856bc7485c

5 years agofix: broken hyperlink formatting
INOPIAE [Thu, 15 Sep 2016 05:53:19 +0000 (07:53 +0200)]
fix: broken hyperlink formatting

Change-Id: I8209324d6fc9dbb8d5e1f0098155a3b3f3e60591

5 years agoMerge "upd: native Makefile improvements"
Felix Dörre [Wed, 14 Sep 2016 19:45:01 +0000 (21:45 +0200)]
Merge "upd: native Makefile improvements"

5 years agoMerge "upd: modified text displayed during certificate creation process"
Felix Dörre [Wed, 14 Sep 2016 19:44:56 +0000 (21:44 +0200)]
Merge "upd: modified text displayed during certificate creation process"

5 years agoadd: js-managed default values for certificate-issue-form
Felix Dörre [Sat, 10 Sep 2016 14:18:48 +0000 (16:18 +0200)]
add: js-managed default values for certificate-issue-form

Change-Id: I73713d708f5fdbd505f408b6b19a7a0f7fab813b

5 years agoupd: modified text displayed during certificate creation process
INOPIAE [Sat, 10 Sep 2016 11:11:15 +0000 (13:11 +0200)]
upd: modified text displayed during certificate creation process

Change-Id: Ic3038b764e213e6d904ff25c115818d9b4496f7a

5 years agofix: translation strings in "VerificationAgentEntered.templ"
Felix Dörre [Sun, 11 Sep 2016 18:44:25 +0000 (20:44 +0200)]
fix: translation strings in "VerificationAgentEntered.templ"

no need to start a translation string when there is nothing
to translate

Change-Id: I2922810f617f1d9e3ec451574134dbb947c474a3

5 years agoupd: use serials lowercase-only
Felix Dörre [Sun, 11 Sep 2016 08:46:54 +0000 (10:46 +0200)]
upd: use serials lowercase-only

Change-Id: Ia30c803c25f6b593086df614ce1d711c1be84ebf

5 years agofix: postgres conditional expression in SimpleSigner error query.
Felix Dörre [Sat, 10 Sep 2016 14:22:37 +0000 (16:22 +0200)]
fix: postgres conditional expression in SimpleSigner error query.

Change-Id: Ia55d3c3c5baf251c7f748153dc727a131502fe87

5 years agofix: simple signer correctly parse profile-EKUs
Felix Dörre [Sat, 10 Sep 2016 14:02:10 +0000 (16:02 +0200)]
fix: simple signer correctly parse profile-EKUs

Change-Id: Iec644be800d86fe687acccf779383e90a68bd780

5 years agoupd: enforce a more strict Form call pattern.
Felix Dörre [Fri, 9 Sep 2016 23:37:33 +0000 (01:37 +0200)]
upd: enforce a more strict Form call pattern.

form management is now split into:
- initial generation (typically in doGet)
- actual submitting (typically in beforePost) resulting in
 - an error (permament or non-permament)
 - a submission result
   - redirect
   - success message
   - custom
- re-emitting if needed (typically in doPost)

Change-Id: Ic226bb886a513b6dfbd844294d2092b653c5df5b

5 years agoupd: native Makefile improvements
Lucas Werkmeister [Fri, 9 Sep 2016 20:19:31 +0000 (22:19 +0200)]
upd: native Makefile improvements

- Remove optimization. We don't need it, and -O3 in particular can
  introduce bugs.
- Move -I directives to preprocessor flags.
- Add a separate goal for the header file instead of using shell &&.
- Use the special variable $(RM) to remove files, and ignore failures if
  some files don't exist.

Change-Id: Icb7bd684bae6bdb860712a4e24d880b265db292a

5 years agoupd: use a more strict pattern for handling forms
Felix Dörre [Mon, 5 Sep 2016 17:05:17 +0000 (19:05 +0200)]
upd: use a more strict pattern for handling forms

Change-Id: I55e1087868820e652fccc7454c9ae290b6947119

5 years agofix: make simple signer select CA certificate better.
Felix Dörre [Fri, 9 Sep 2016 12:07:05 +0000 (14:07 +0200)]
fix: make simple signer select CA certificate better.

Change-Id: I51d3a7849c1d5899a80c93c7222a2e97a3ff5dba

5 years agofix: add CAP_SETGID to gigi-standalone bounding set
Lucas Werkmeister [Fri, 9 Sep 2016 12:47:57 +0000 (14:47 +0200)]
fix: add CAP_SETGID to gigi-standalone bounding set

I thought CAP_SETUID included CAP_SETGID, but that’s not the case, and
we need both.

Change-Id: I83adef1bec4baea2a4bd28aafe8c1686f2932014

5 years agoadd: test case for user opt-in notification for RA Agents
INOPIAE [Mon, 22 Aug 2016 08:24:15 +0000 (10:24 +0200)]
add: test case for user opt-in notification for RA Agents

Change-Id: I896cb3d9f6c6f894001cb8d26f6a84f8b3fc8e6c

5 years agoadd: implement opt-in for notification of RA Agent
INOPIAE [Fri, 19 Aug 2016 13:22:27 +0000 (15:22 +0200)]
add: implement opt-in for notification of RA Agent

Sets the opt-in value for an RA Agent to receive a notification for
every Verification he enters and sends notification if value is given.

fixes issue #95

Change-Id: I4a544712831aa45b9b5ec252c79834c1f10fb179

5 years agoMerge changes Ia0c9d6da,I9e50cc2d
Felix Dörre [Wed, 7 Sep 2016 20:58:55 +0000 (22:58 +0200)]
Merge changes Ia0c9d6da,I9e50cc2d

* changes:
  add: tests for EditDistance
  add: improvement of template parsing

5 years agoadd: tests for EditDistance
Johannes Bechberger [Mon, 5 Sep 2016 20:38:18 +0000 (22:38 +0200)]
add: tests for EditDistance

Change-Id: Ia0c9d6da088cc4060ebd6b24d1d8a34eb99c4e6d

5 years agoadd: improvement of template parsing
Johannes Bechberger [Mon, 5 Sep 2016 18:01:39 +0000 (20:01 +0200)]
add: improvement of template parsing

Change-Id: I9e50cc2d8d30b7b795dedb9dee02ade4d090d891

5 years agochg: replace CAcert Wot User by SomeCA User when creating certificates
INOPIAE [Fri, 2 Sep 2016 03:52:39 +0000 (05:52 +0200)]
chg: replace CAcert Wot User by SomeCA User when creating certificates

Change-Id: I71bfb43f10ec7e4d39a4ccbb27305afb708df4e3

5 years agofix: print error messages for translation extraction to stderr
Felix Dörre [Sun, 4 Sep 2016 11:53:10 +0000 (13:53 +0200)]
fix: print error messages for translation extraction to stderr

Change-Id: I26c6294d93463575ce02a5a0752a37814eb47a0d

5 years agoadd: fail build when translation extraction has a problem.
Felix Dörre [Sat, 3 Sep 2016 13:05:30 +0000 (15:05 +0200)]
add: fail build when translation extraction has a problem.

Change-Id: Ibeeb1f674ce09a131cac21fa6a5df3516b586e60

5 years agoupd: cleanup SQL statements to make them statically verifiable.
Felix Dörre [Sat, 3 Sep 2016 15:07:57 +0000 (17:07 +0200)]
upd: cleanup SQL statements to make them statically verifiable.

Change-Id: I4e7b773bf13a1c5a9b979a995bf72fe5ba45f9d0

5 years agoMerge "fix: language detection pattern for Group description"
Benny Baumann [Tue, 6 Sep 2016 06:55:10 +0000 (08:55 +0200)]
Merge "fix: language detection pattern for Group description"

5 years agofix: language detection pattern for Group description
Felix Dörre [Sun, 4 Sep 2016 11:47:56 +0000 (13:47 +0200)]
fix: language detection pattern for Group description

Change-Id: I15ead19d4a218b527eb25430659355d5e47029ad

5 years agofix: SQL query was wrong
Felix Dörre [Sat, 3 Sep 2016 14:12:57 +0000 (16:12 +0200)]
fix: SQL query was wrong

Change-Id: I3637c59944fdd5fc2e61a991b51781b3b9d746db

5 years agoMerge "Replace init scripts with systemd unit files"
Felix Dörre [Sat, 3 Sep 2016 15:24:24 +0000 (17:24 +0200)]
Merge "Replace init scripts with systemd unit files"

5 years agoReplace init scripts with systemd unit files
Lucas Werkmeister [Tue, 30 Aug 2016 12:35:05 +0000 (14:35 +0200)]
Replace init scripts with systemd unit files

The package installs four unit files. gigi-standalone.service works just
like the old cacert-gigi service: gigi will start as root, manage its
own ports, then drop privileges. gigi-proxy.service and .socket let
systemd manage the port and start gigi as its dedicated user. These
services need different configuration for gigi: for the proxy version,
the configuration must contain proxy=true and http.bindPort=stdin, while
for the standalone version the configuration must have proxy=false and
specify real ports. For this reason, we also disable Debian's policy to
automatically start services upon package installation.

(gigi-simple-signer.service is a direct conversion of
cacert-gigi-signer.init.)

Very simple init scripts for gigi-standalone and gigi-simple-signer are
provided, so that running /etc/init.d/gigi-standalone start will still
work. The scripts simply redirect to systemctl; the LSB header is not
included, since the scripts are useless on their own.

Change-Id: I53f0c825880d1b8c082496106a018957d6128392

5 years agoMerge changes I343e1e25,I8bf03317
Lucas Werkmeister [Tue, 30 Aug 2016 17:43:05 +0000 (19:43 +0200)]
Merge changes I343e1e25,I8bf03317

* changes:
  Support socket activation
  Support reading configuration from file

5 years agoSupport socket activation
Lucas Werkmeister [Mon, 29 Aug 2016 12:10:09 +0000 (14:10 +0200)]
Support socket activation

There are now separate properties for the port that is "displayed" (e.g.
when issuing redirects) and the port that is actually bound. The bind
ports may also be set to "stdin", in which case System.inheritedChannel
is used (expects a socket as file descriptor 0). This allows gigi to
inherit a socket from the system manager ((x)inetd, systemd), which in
turn allows one to run gigi as any user on root ports (e.g. port 80).

Change-Id: I343e1e25daae94aae67db1dd6f25fcfb6241d0fc

5 years agoSupport reading configuration from file
Lucas Werkmeister [Mon, 29 Aug 2016 14:00:47 +0000 (16:00 +0200)]
Support reading configuration from file

This is necessary to support socket activation (Java only supports a
single "inherited channel", which must be file descriptor 0), and also
makes it simpler to run gigi when the configuration is just a regular
file.

It also simplifies the DevelLauncher a bit.

Change-Id: I8bf03317ea549bd17f5b61e50808f48314a06803

5 years agoadd: prevent supporters from modifying their own accounts via support
Felix Dörre [Fri, 26 Aug 2016 08:08:24 +0000 (10:08 +0200)]
add: prevent supporters from modifying their own accounts via support

Change-Id: Ie759b769074e5f7c25787cee7f5661fd8b1471a5

5 years agoMerge "fix: only run fetch-locales in postinst configure"
Felix Dörre [Mon, 29 Aug 2016 11:32:35 +0000 (13:32 +0200)]
Merge "fix: only run fetch-locales in postinst configure"

5 years agoadd: notify board if a support role is granted or removed
INOPIAE [Sun, 28 Aug 2016 06:05:10 +0000 (08:05 +0200)]
add: notify board if a support role is granted or removed

The board mailing address needs to be defined in the future to the email
address for the recipient defined.

Change-Id: Id19ac9023aa199981f91cdcb25a63d26f5af5173

5 years agofix: only run fetch-locales in postinst configure
Lucas Werkmeister [Sat, 27 Aug 2016 11:56:51 +0000 (13:56 +0200)]
fix: only run fetch-locales in postinst configure

I believe we’re not supposed to run that in other postinst phases.

Change-Id: I180aa9fe1b58a33e61b6e6e8b18e944a41d81c22

5 years agofix: stop checking CAA on public suffix (and report error better)
Felix Dörre [Fri, 26 Aug 2016 15:18:05 +0000 (17:18 +0200)]
fix: stop checking CAA on public suffix (and report error better)

Change-Id: Ifb7000db540e6e89c5b8e7c2bdccb6656c5ebe50

5 years agoadd: make inclusion of leaf certificate optional
Felix Dörre [Fri, 26 Aug 2016 19:31:31 +0000 (21:31 +0200)]
add: make inclusion of leaf certificate optional

Change-Id: Ie7c9b18bcb698fb4b9fd688e68f16d8ffb2157cb

5 years agofix: message to user on single-certificate-revoke
Felix Dörre [Thu, 25 Aug 2016 23:08:49 +0000 (01:08 +0200)]
fix: message to user on single-certificate-revoke

Change-Id: I0e49c575e7e421922ed3120572480ad263506893

5 years agofix: turn NPE in better error message.
Felix Dörre [Thu, 25 Aug 2016 22:01:15 +0000 (00:01 +0200)]
fix: turn NPE in better error message.

Change-Id: I2a45b7dd043d4a4d9c73a19ea4bcf1c4433b391d

5 years agoupd: constrain API around Supported User.
Felix Dörre [Thu, 25 Aug 2016 22:00:19 +0000 (00:00 +0200)]
upd: constrain API around Supported User.

Change-Id: I75c60ce9a3881d4ddf9153a8b7da9eb811045c96

5 years agoMerge "Fix typo and spelling"
Benny Baumann [Thu, 25 Aug 2016 19:41:08 +0000 (21:41 +0200)]
Merge "Fix typo and spelling"

5 years agoupd: make simple Signer more intelligent in choosing CA certificate
Felix Dörre [Thu, 25 Aug 2016 14:35:06 +0000 (16:35 +0200)]
upd: make simple Signer more intelligent in choosing CA certificate

Change-Id: I24420cc7a5cd78b460e26dfc58203b4bb0fc0adb

5 years agoFix typo and spelling
Lucas Werkmeister [Thu, 25 Aug 2016 08:41:54 +0000 (10:41 +0200)]
Fix typo and spelling

Change-Id: Ideaf2432c758a66c945b4510b34885b23fc22dc7

5 years agoadd: send notification to support and user after support actions
INOPIAE [Tue, 23 Aug 2016 16:43:31 +0000 (18:43 +0200)]
add: send notification to support and user after support actions

notifications will be send to support and the user after revoking
certificates, changing DoB and support groups

Change-Id: Iccdcb2799fa617a98b140bbfe9531a882e61b1ae

5 years agoupd: move update button to DoB as it only updates the DoB
INOPIAE [Wed, 24 Aug 2016 08:48:25 +0000 (10:48 +0200)]
upd: move update button to DoB as it only updates the DoB

Change-Id: I4716c3a39ed5f4f229281a058814c578cbdf636f

5 years agoupd: remove footer, as it is added automatically
Felix Dörre [Thu, 25 Aug 2016 08:10:46 +0000 (10:10 +0200)]
upd: remove footer, as it is added automatically

Change-Id: I989cd7e317f6a7a89c33db4bed3b969878143556

5 years agoupd: remove linear search in GroupSelector
Felix Dörre [Tue, 23 Aug 2016 22:20:31 +0000 (00:20 +0200)]
upd: remove linear search in GroupSelector

Change-Id: I8f25674d4c9f953cf049c9ab86210450c7f232fb

5 years agoadd: test cases for add/remove user group
INOPIAE [Mon, 22 Aug 2016 08:13:10 +0000 (10:13 +0200)]
add: test cases for add/remove user group

Change-Id: I4fc0b1c5f1c4492bdc9b65318a61431c9872ab1e

5 years agofix: use Group.getByString only when necessary
Felix Dörre [Tue, 23 Aug 2016 21:39:52 +0000 (23:39 +0200)]
fix: use Group.getByString only when necessary

Change-Id: I0dd8d6c234cbf62e8a684ab6682003a16a5d017c

5 years agofix: better error messages when invalid group value is supplied
Felix Dörre [Tue, 23 Aug 2016 19:27:28 +0000 (21:27 +0200)]
fix: better error messages when invalid group value is supplied

Change-Id: I61f593252370de14e3c049ca15ec6fe46315bd96

5 years agoadd: defense-in-depth mechanism to prevent unauthorized adding of groups
Felix Dörre [Mon, 22 Aug 2016 09:23:02 +0000 (11:23 +0200)]
add: defense-in-depth mechanism to prevent unauthorized adding of groups

enforce that users must not add anyone to support-managed groups

Change-Id: I284842efba231ed7733837226626d80877e10cd7

5 years agofix: broken link to support cert page
INOPIAE [Tue, 23 Aug 2016 14:12:41 +0000 (16:12 +0200)]
fix: broken link to support cert page

Change-Id: Ia7ef71c90b928cfd4ad71191f3fe803181943f49

5 years agofix: correctly output subject and ticket-number in support-inform mails
Felix Dörre [Tue, 23 Aug 2016 15:58:41 +0000 (17:58 +0200)]
fix: correctly output subject and ticket-number in support-inform mails

Change-Id: I3a0aae3635db0435013e9c55c98702f9534c736e

5 years agofix: user could add supporter-handled groups
Felix Dörre [Mon, 22 Aug 2016 09:21:26 +0000 (11:21 +0200)]
fix: user could add supporter-handled groups

By changing the values of the drop-down menu a user could assign himself
groups that should only be managed by a supporter.

Change-Id: I8f38a0b02f6b71dc0088fea2ddb6b5a4b2bf778b

5 years agofix: whitespace
INOPIAE [Sun, 21 Aug 2016 12:00:51 +0000 (14:00 +0200)]
fix: whitespace

Change-Id: I2ae1c516c796bc2c1b3bcedc823d4d16a5238fb0

5 years agoadd: management of groups by user
INOPIAE [Fri, 19 Aug 2016 11:19:17 +0000 (13:19 +0200)]
add: management of groups by user

Change-Id: Ie64d48e7bafdde77338b2fc816a328dde8764164

5 years agofix: rename buttons grant / deny to add / remove
INOPIAE [Sun, 21 Aug 2016 15:31:50 +0000 (17:31 +0200)]
fix: rename buttons grant / deny to add / remove

Change-Id: Ia5e8cbbdaa1a958f47fd14985dd762bba0065d5d

5 years agoadd: add permission view
INOPIAE [Wed, 17 Aug 2016 10:14:03 +0000 (12:14 +0200)]
add: add permission view

support is able to see all members of a support group, group members of
function roles (e.g. Arbitrator, TTP Agent, Nucleus Agent, Locate-Agent)
are able to see all members of their role, all others only the number of
accounts assigned to a group.

fixes issue #64

Change-Id: If9dfffae9d147eb2c92c84c3ad2a8173b8f84c83

5 years agoMerge "Generalize Debian package dependencies"
Felix Dörre [Sun, 21 Aug 2016 08:42:42 +0000 (10:42 +0200)]
Merge "Generalize Debian package dependencies"

5 years agofix: output booleans as yes/no directly using the template system
Felix Dörre [Sat, 20 Aug 2016 20:44:17 +0000 (22:44 +0200)]
fix: output booleans as yes/no directly using the template system

Change-Id: I14e5839917457e77c949395a395aadef61ff317f

5 years agoadd: show assigned groups to an account in My Detail
INOPIAE [Thu, 18 Aug 2016 09:47:30 +0000 (11:47 +0200)]
add: show assigned groups to an account in My Detail

fixes issue #114

Change-Id: I2072080316247b6fca283cf548c4418da63ab8fc

5 years agoadd: add boolean to separate groups for user and support
INOPIAE [Fri, 19 Aug 2016 08:43:07 +0000 (10:43 +0200)]
add: add boolean to separate groups for user and support

Change-Id: I1482a77d8549178ad8413bab6ad29dac30c50b31

5 years agoGeneralize Debian package dependencies
Lucas Werkmeister [Fri, 19 Aug 2016 15:36:20 +0000 (17:36 +0200)]
Generalize Debian package dependencies

We can build with any JDK, and run on any JVM, as long as it’s at least
Java 7.

Change-Id: Ic16afe94e648686c5cf3532ed12c120a4843c9a8

5 years agoMerge "Fix debian build"
Lucas Werkmeister [Fri, 19 Aug 2016 18:35:16 +0000 (20:35 +0200)]
Merge "Fix debian build"

5 years agoupd: replace the word state by country when used in country context
INOPIAE [Wed, 17 Aug 2016 09:25:30 +0000 (11:25 +0200)]
upd: replace the word state by country when used in country context

Change-Id: I6dd378bfc7964810751a325e62bed7b502e51f2a

5 years agoFix debian build
Lucas Werkmeister [Fri, 19 Aug 2016 15:35:23 +0000 (17:35 +0200)]
Fix debian build

In order to assemble the testing package, we need to, well, build it.

Change-Id: Ia1d8de6c569ef219be7d6557f86048d07a591dcd

5 years agofix: name Domain.searchDomain correctly
Felix Dörre [Thu, 18 Aug 2016 17:55:08 +0000 (19:55 +0200)]
fix: name Domain.searchDomain correctly

Change-Id: I5e96477e8e0b9f0f576552066ad431f2e839262c

5 years agoadd: test case for domain deletion
Felix Dörre [Thu, 18 Aug 2016 17:54:46 +0000 (19:54 +0200)]
add: test case for domain deletion

Change-Id: I91c89833a8ac736065a4a093e284db725f8dee95

5 years agofix: allow searchUserIdByDomain to find re-added domains
Felix Dörre [Thu, 18 Aug 2016 17:53:25 +0000 (19:53 +0200)]
fix: allow searchUserIdByDomain to find re-added domains

Change-Id: I23e433c32161aac2548855b25b3eda811740b415

5 years agofix: remove deleted domains from cache
Felix Dörre [Thu, 18 Aug 2016 17:52:43 +0000 (19:52 +0200)]
fix: remove deleted domains from cache

Change-Id: Ied20e293ef3eb47a017a7efac39e681301e7579d

5 years agofix: make domain initialization pattern compliant to other dbObject
Felix Dörre [Thu, 18 Aug 2016 17:52:14 +0000 (19:52 +0200)]
fix: make domain initialization pattern compliant to other dbObject

Change-Id: I07ee56f1b63e6da3c5dc11e65be4ccdcbad0aca5