- Some fixtures added by Erik Ordway broke tests
- message:// links had an edge case I broke with 68701ada
- One test had a hard-coded id that changed
Closes#1019
Coming from a rich message or API call, notes can contain HTML and it
will render to the browser. Coming from a normal todo creation, though,
all < and > characters will be replaced with the corresponding entities.
This preserves HTML emails, but prevents users from breaking the layout
by entering broken HTML for todo notes.
Closes#765
This is at least one issue with this
to logout of CAS you need session information but the logout method blows this away so I do the cas log out before the session is killed so the session persistest in rails. Because I needed to move the CAS before filters into login_cas and out of the application to make it work side by side. The user will still be logined into tracks even though their CAS session is closed as the session will still be there.
def logout
@user.forget_me if logged_in?
cookies.delete :auth_token
session['user_id'] = nil
if ( SITE_CONFIG['authentication_schemes'].include? 'cas') && session[:cas_user]
CASClient::Frameworks::Rails::Filter.logout(self)
else
reset_session
notify :notice, "You have been logged out of Tracks."
redirect_to_login
end
end
The other issue I have with this is that:
I could not find a use case for having mixed auth when using CAS. The reason to move to CAS is that all your users use CAS all the time. Even for admin accounts. Moodle is a good example of this in that when you activate CAS the default is that you can now only access moodle via CAS. By allowing mixed auth and self signup you end up with a anyone (the public) being able to sign up for accounts.
Implemented by deferring save of dependencies until after saving (and validating) the todo, as described by Andrew Timberlake on http://www.ruby-forum.com/topic/175552.
Still lacks error checking for circular dependencies and other validation.
Also, javascript for displaying the new item is broken.
Conflicts:
app/views/layouts/standard.html.erb
* added a "show always" radio to the recurring todo forms
* added a show_always flag to recurring todos
* created a migration to convert existing recurring todos where show_from_delta==0
* recurring todos where show_from_delta is 0 are now shown the same day they're due
Signed-off-by: Reinier Balt <lrbalt@gmail.com>
* the end date is prefilled with an incorrect formatted date
* if the radio for ends_on is not selected, but a date is entered, tracks incorrectly behaves as if ends_on was checked
