- 05 Aug, 2014 7 commits
-
-
Randall Leeds authored
-
gergely-ujvari authored
Fix server errors in login form Fix #1375
-
Aron Carroll authored
In the formValidate directive, previously the error would only be reset once the form was resubmitted, this caused confusing behaviour. Fixes #1375.
-
Aron Carroll authored
This seems to be the correct way to interact with Angular views.
-
Randall Leeds authored
This reverts commit 783d4eaee408662c620ad33b5519c3022f7a7774.
-
Randall Leeds authored
-
Randall Leeds authored
Fix the accidental introduction of a discrepancy between the auth sheet appearance and the other card appearances. This change also slightly narrows the stream but it comes out looking solid so here's hoping nobody minds.
-
- 04 Aug, 2014 4 commits
-
-
Randall Leeds authored
Refactoring identity and auth
-
Randall Leeds authored
Introduce a new module on the frontend called `h.identity` which abstracts the interaction between the main application and the authentication system using the `navigator.id` API introduced by Mozilla as part of Persona / BrowserID. In our case, the we submit the authentication assertion as a query parameter in our token URL. This is designed to flexibly accommodate different auth needs by intepreting the assertion differently and using a different identity module to return whatever type of grant is needed depending on the authentication mechanisms in place on the back end. On the back end: - Introduce a dependency on a brand new library, pyramid-oauthlib, to make this code cleaner and more modular. - Simplify our session by removing multiple signin code that was not ever fully realized; personas are no longer explicitly maintained in the session by application code. - The Pyramid SessionAuthenticationPolicy is put into place as part of h.auth.local. A SessionGrant is configured as the default grant type for integration via pyramid-oauthlib. This is what interprets the assertion sent in our token request. For other use cases, this might be a real BrowserID assertion or a session or refresh token of some other kind. This assertion is just the CSRF token our forms have been returning already. - `h#includeme` and `h#create_app` got some superficial simplification. - `h.api#authorize` handler for annotator-store authorizations now uses `request.effective_principals` instead of the session, so it doesn't care how the user is authenticated - Headers are now passed through on `Store` sub-requests so that both the annotator auth token and the session work for store authorizations which gets us close to cookie-less API auth! - `Consumer` class is moved into `h.auth.local`, removing the SQL requirement for core `h` and replacing it with just the requirement to register an `IConsumer` implementer. On the front end: - Break hypothesis.js into hypothesis.js and hypothesis-auth.js - Move session and auth modules into this auth package - Clean up the module dependency imports - Add an identity module to the auth package with `navigator.id` API - Significantly refactor `AppController` - Use the `identity.watch()` API to listen to login/logout from the active identity module - Clean up the login/logout state management a bit - Resolve a promise when the API service discovery happens - Stop using 'session', which becomes a detail of hypothesis-auth - Put much less on the scope from the controller - `scope.initUpdater` -> `initUpdater` - `scope.reloadAnnotations` -> `initStore` - `scope.session` -> replaced by `id` - Sorts and views are set in the markup - `AuthController` no longers needs to know about `model`, `sheet`, `sorts` or `views` - Isolate the form models - The auth directive now creates an isolate scope so that we're not leaking the form models all over the place - Stop using the inherited `$scope.model` means prevents submitting `persona` as a form parameter by accident - blocks.pt#auth-tabs becomes auth.html - Easy to override with `config.override_asset()` in Pyramid - Keeps the forms inside the isolate scope of the auth directive - The content of the sheet moves inside blocks.pt#auth - Nothing outside this knows or cares anymore that the sheet has tabs - Places where we want to request login use `identity.request()` rather than having to get at the root scope. The `authorize` event that this broadcasts is an internal detail of the auth pacakage.
-
Randall Leeds authored
Site report potpourri
-
Randall Leeds authored
I missed this in b67b2964b7a1fd1271be650ea02cf967fd0e17a3
-
- 02 Aug, 2014 3 commits
-
-
Randall Leeds authored
Clean up scrolling and infinite stream
-
gergely-ujvari authored
-
Randall Leeds authored
Simplify our efforts around scrolling and fix the scrollbars on the stream. - Scrollbar had crept inside the content on a previous change such that scroll bars for the stream were not all the way to the edge of the screen. Refactoring the duties of #wrapper and .content. - Drop the mousewheel trapping. I tried and looked and researched and we can't do this reliably on touch or anything else. It didn't seem necessary or worth the dependency on jquery.mousewheel or even obviously a good experience. Not worth the code. - Fix infinite scroll to use its directive element rather than the $window, make its code less jquery, and give it a buffer to smooth the experience a bit more. Fix #1360
-
- 01 Aug, 2014 21 commits
-
-
Randall Leeds authored
This change pulls the nested-reset mixin into the annotator-frame class and then increases the specificity of the rest of the styles underneath the frame by giving them descendent selectors of the annotator-frame. Additionally, to avoid interfering with site styles, our stylesheet of resets (reset.scss) is no longer included in common.scss, but imported directly under the annotator-frame class. Fix #1366
-
Randall Leeds authored
Close #934 Close #1031
-
Randall Leeds authored
Fix #1370
-
Randall Leeds authored
Add directive for providing saving updates to buttons
-
Randall Leeds authored
Using transclusion allows for the directive to be set on an element with non-trivial content and have that content nested inside the status-button wrapper spans, but pre-bound to its lexical markup scope. Not sure we'll need it here, but I also wanted to see how one might approximate 'replace' now that it's deprecated. The answer is by not replacing but just adding the template you want after the passed placeholder comment node.
-
Aron Carroll authored
-
Aron Carroll authored
-
Aron Carroll authored
-
Aron Carroll authored
-
Aron Carroll authored
This adds loading/success messages to a button for use with async actions such as changing account information.
-
gergely-ujvari authored
Search callback routing cleanup
-
gergely-ujvari authored
The filtered copy list was not assigned back to the variable and accidently we were comparing the value.length instead of the filter.terms.length to check whether all tags have matched or not.
-
Randall Leeds authored
Improve usability of sheet tabs
-
gergely-ujvari authored
-
gergely-ujvari authored
-
Randall Leeds authored
This unifies the stream and page_search query parameter usage. Both now use the 'q' parameter. Additionally, the search string is passed to `simpleSearch` directive and the `QueryParser` instead of an object with a "query" or "q" key. The clump of conditionals in the route update event handler is removed. Instead, the viewer and page search redirect to one another and the stream can be totally ignorant of the involvement of the location. The views are updated to use ?q= for /u and /t shortcuts.
-
Randall Leeds authored
-
Randall Leeds authored
Remove the drop shadow from the highlight states
-
Aron Carroll authored
-
Aron Carroll authored
Previously the active tab would be red, which could be confused with our red anchor text and make the other tab look disabled. The new design makes all text gray but adds an "active" border below the button.
-
Aron Carroll authored
-
- 31 Jul, 2014 5 commits
-
-
Aron Carroll authored
-
Aron Carroll authored
-
Randall Leeds authored
Simplified search
-
Randall Leeds authored
Update from error styles based on feedback
-
Aron Carroll authored
Based on feedback from Dan that the plain red text is hard to distinguish from hyper-links.
-