0c54fab1e2
Check for too-long stream/subject names.
...
(imported from commit 6d37dff9af7e471e1e6a1ba77a9500bf5bb4ba7d)
2012-10-25 16:04:47 -04:00
7c8bde5d90
Add log/restore for fullnames and passwords.
...
(imported from commit 048ca3c86b9f077fcbccd5df4a509191a545da4c)
2012-10-25 15:52:26 -04:00
cf1d35fd62
Remove unused variable
...
(imported from commit 0636d51527ea9cac8b1ba5490bf5836cd4e79269)
2012-10-25 15:45:14 -04:00
451a041919
Remove the ability to fetch old messages via get_updates
...
Clients should use get_old_messages, instead.
(imported from commit 67847ef67d8ad4bf4af3f6082f85f0c76a41944c)
2012-10-25 15:31:27 -04:00
eef027560a
Remove unused imports
...
(imported from commit eb576627ff72e57fee0e3a4c357f51ad74cd6c86)
2012-10-25 15:22:18 -04:00
9629e7111b
already_sent_mirrored_message: Reduce code duplication
...
and eliminate extremely long lines.
(imported from commit 29a08b1757c1bb3af1f82222fd7150db05f86034)
2012-10-25 15:22:18 -04:00
c4189d1029
Add get_old_messages json call
...
This new call only allows fetching of existing messages. The idea is
to remove this functionality from get_updates to simplify the backend
code.
(imported from commit 1345db2f1707e208e7c0bd08b7d444932c68b6a2)
2012-10-25 12:10:44 -04:00
07263f3a0e
Rearrange functions
...
(imported from commit 814f2acbf574bf1eeb32e23ab28e76fc94f877ce)
2012-10-25 11:26:53 -04:00
ab34200648
Make sure that Markdown rendering really happened, if requested.
...
This is a security issue because it's where we escape HTML.
(imported from commit 10dea1899eb6d7e0e40128ae1a4787abad38fa73)
2012-10-24 15:43:46 -04:00
734411369b
format_updates_response: Default to apply_markdown=True
...
It's the safer default to prevent introducing XSS holes. And in our current
code, we always provide this parameter.
(imported from commit 73897f5315ba54a5d3fa95dd19efb9d20c081a8a)
2012-10-24 15:32:12 -04:00
e8dfb41f70
Return messages from return_messages_immediately, rather than calling handler.finish
...
(imported from commit 0da3356c6712614cf1816d330b891e8f6d13bac7)
2012-10-24 15:32:10 -04:00
75d150efc7
Fix being unable to send messages with a trailing comma in recipients list.
...
(imported from commit 5c075c4aa1da8c2a153b33ed4d061fac88de48e7)
2012-10-24 14:25:55 -04:00
8a39292b5d
Fix bouncy pointer from pointer updates
...
The previous code path was buggy. We now do separate pointer update
checking for the cases where get_updates returns immediately vs. when
it returns from a callback.
(imported from commit f236a80cd0b94bc097dbd17f113d7a9d27368025)
2012-10-23 16:39:04 -04:00
5ee6982a7e
Use a different format function when we don't respond to a get_updates immediately
...
For now, the new function, format_delayed_updates_response, just
calls format_updates_response.
(imported from commit dd332125fe0d47cb3990373f74e85e64604f58a3)
2012-10-23 16:39:04 -04:00
c8dd5229ed
Rename updater_session to pointer_updater
...
(imported from commit 7646b8e636393d64ef07d0251f8c83beecf114aa)
2012-10-23 16:39:04 -04:00
6c4b56517f
Revert "Temporarily disable pointer sync"
...
This reverts commit 7d8f673559ca6359923aa0bdd48edebe0955e921.
(imported from commit 32f7ad925cc4df72220a191602487620a9970f43)
2012-10-23 16:39:04 -04:00
ce3ea9f019
Temporarily disable pointer sync
...
(imported from commit 74e6bb347e0b8c01b6450914a50448b78b9749c9)
2012-10-23 15:24:00 -04:00
a139f8b6b2
Fix incorrect references to userprofile in the API
...
(imported from commit 77c062b54c545185aee28189726f61a874a1fe77)
2012-10-23 12:05:56 -04:00
fdeab96b4c
Add a default client name for the API.
...
(imported from commit a14b2f8bd9ff604c5f522c85842d296be38d33e6)
2012-10-23 10:54:36 -04:00
846469c39c
[schema]: Rename userprofile to user_profile.
...
(imported from commit adfb6152b7ec32557e3465d961695eb870506d5a)
2012-10-22 18:55:45 -04:00
93616039bc
Use the new client data model to deduplicate mirroring.
...
(imported from commit 6ac38534aea11b1e7f8f332e76251f9501f9ab3e)
2012-10-22 18:31:36 -04:00
1b1d5cb577
Fix all mirrored stream messages appearing to be from me.
...
(imported from commit 777f98a564d3f169d3c69fcda980ce5993910d88)
2012-10-22 17:59:21 -04:00
bce793005d
Fix mirroring of personals.
...
(imported from commit 91ae9e6bb20389a708bd6b1945c898b98b96ee4a)
2012-10-22 17:21:07 -04:00
f817bf6144
Pass the session that updated the pointer from Django to Tornado
...
This allows us to check whether the session that updated the pointer
is the same as a session that is doing a long poll to avoid sending
new pointer information when that information is coming from the same
session.
We still return from the long poll early, though, which is sub-optimal.
(imported from commit 7d4be0956f112eacefb7d198ea929957cd2b05e3)
2012-10-22 17:16:47 -04:00
d17db6687c
Improve validation of zephyr mirror data.
...
(imported from commit 9ebc43d17d1f4040da2deff271ba7e158908a29b)
2012-10-22 17:08:09 -04:00
732ca19729
Synchronize the pointer across sessions
...
The client may now optionally send its current pointer during
get_updates and the server will return the latest pointer if it
differs and was updated more recently by a different session.
(imported from commit e43b377d7dfb52f83cefb0b1003863d5407caf80)
2012-10-22 16:44:57 -04:00
66d7678423
Add UserProfile callback for pointer updates
...
(imported from commit bfa9c15d82f092a1810cfcee1a88e1e292bc4cb8)
2012-10-22 16:06:38 -04:00
2a4c3b5bff
Abstract the callbacks table in preparation for more kinds of callbacks
...
(imported from commit 695d5bceb4657ef25ba5983212082ee0c76b9d33)
2012-10-22 16:06:38 -04:00
7ac0625e39
Add model field indicating which session most recently modified the pointer
...
(imported from commit 819ab358d9fa6f22ad8ccee56fe723ea7711ebc5)
2012-10-22 16:06:38 -04:00
b353fd4abd
Use sending_client to check whether messages are mirrored.
...
(imported from commit 6202739e21dfb308ed551656a8a0cdf7311972f7)
2012-10-22 14:52:08 -04:00
7cf8f842f7
Allow in stream names any character classified by Unicode as alphanumeric
...
Also correct a comment.
(imported from commit 5c03032b90dbaf38d880651004733e4399b422ee)
2012-10-22 12:58:39 -04:00
f5f3ffc6a9
Expose an API method for updating the pointer.
...
(imported from commit 66d49c149e0bbc60e82a5967b77aff69629b09e7)
2012-10-21 13:33:14 -04:00
0fb836538d
Add an API request for getting profile (specifically pointer) data.
...
Mobile clients need it.
We are going to need to sit down and think about how much power we
want to give our API users, though. For example, should they even get
to know about your absolute pointer value (maybe they should only be
able to make requests relative to your pointer), or be able to request
very old ranges of messages?
(imported from commit 1680655f0d9a670bc0da0ddb92fbbd5cf851d3dd)
2012-10-20 21:59:59 -04:00
7b3b4362dd
[schema] Add a Client model keeping track of the sending client.
...
(imported from commit 31a430b1de14ce973addafd5d13ace049a8f8091)
2012-10-20 18:41:54 -04:00
1fcb4c0576
Fix error handling for removing subscriptions.
...
(imported from commit b95a706ed9499e96c4ff27ca583ed10dab674736)
2012-10-20 18:26:21 -04:00
56dab6cb26
Log changes to subscriptions and replay them in populate_db.
...
(imported from commit d3055eb44326bdc59a6bc96d00b5b0bc6da86059)
2012-10-20 18:26:21 -04:00
a8ee0ecc69
Fix bug allowing subscribing to a stream twice.
...
(imported from commit c49b7c8ec49fd71bb1e1f1226d9e126d4d0987df)
2012-10-20 10:15:12 -04:00
0d05557ffc
notify_new_message: Allow request to have come from IPv6 localhost
...
(imported from commit ef477ced6695f866f8d265d980f8401670b3c95c)
2012-10-19 22:34:46 -04:00
86b4da9d83
Put a new user's pointer at the bottom
...
(imported from commit 65ae2483d6bcfb96cc97bdb689d8174737bde5b0)
2012-10-19 20:44:09 -04:00
e434fa141e
Use .objects.create and .objects.get_or_create.
...
This eliminates a bunch of unnecessary code and also fixes a bunch of
places where we were improperly not using transactions.
(imported from commit f194ae9226f9229fc56a0b1b21615534f486ea0c)
2012-10-19 17:42:14 -04:00
5b13f9192f
Load more messages when the user presses the "Load more messages" button
...
(imported from commit 060e6f67b13fd67b56f80f913eb6b835860a8115)
2012-10-19 17:13:14 -04:00
7693695fc0
Tell the client why we are returning an empty list of messages
...
(imported from commit cc17ed2d8389f6be1170081e70c1d8a7f0556ac3)
2012-10-19 17:13:13 -04:00
c67e7035aa
Limit the number of old messages the client requests
...
(imported from commit 6bff6aa0b48d46b98aa68c6e29eb569cf41f4989)
2012-10-19 17:13:08 -04:00
ab382040c1
Make get_updates reload_pending request parameter an integer
...
This fixes a bug where the server wasn't returning from get_updates
immediately when the client needed a reload.
(imported from commit 1d854eb1c7061f468d091e103f10074f4c7231d8)
2012-10-19 15:53:05 -04:00
79fbb23356
Return a max_message_id when returning no messages.
...
This is needed for an API client to setup a nonblocking subscription.
(imported from commit d978c28994c5e3af4312ffba32c4040e8314c247)
2012-10-19 11:37:20 -04:00
d49d675128
Fix mit_sync_bots for personals only.
...
(imported from commit 9fd7ac87d2cdc32413edefbde8870bbe59b67380)
2012-10-18 11:14:03 -04:00
e303b7dcbd
Fix syncing messages from Humbug back to MIT.
...
(imported from commit ff32c8c0824afda0805bd5ec9ec87b7ce999bcca)
2012-10-18 10:57:18 -04:00
1d55c06ede
Move mit_sync_table code into the correct process.
...
(imported from commit bc40f865f94d7b39db5e49eba09370c3fa53dc6f)
2012-10-17 22:35:02 -04:00
b9e9938197
create_user_if_needed: Use proper initial passwords
...
(imported from commit 009208ac64548dd6f8773ccc7738ab0c391d816a)
2012-10-17 21:08:59 -04:00
4f56362e0f
Change formatting of notify_new_message request
...
The requests library doesn't encode repeated key form data reliably.
(imported from commit 3cc9f5379c299a57f69bb5b7ff3b85f0c066269f)
2012-10-17 18:24:15 -04:00
91209f9304
Get initial server generation from first get_updates result
...
Embedding this in index.html won't work anymore, because the Django FastCGI and
the Tornado servers might have been started at different times.
(imported from commit 187909d0593449cf2989857671f9ca526723e451)
2012-10-17 18:24:15 -04:00
a545876d56
Rename notify_waiting_clients -> notify_new_message
...
We might have other URLs for other notifications.
(imported from commit 4c1c5fe2f039816fef4c268f34692ca4f19d81e8)
2012-10-17 18:23:01 -04:00
5e70b5a291
Split off the Tornado code into a separate process
...
(imported from commit 95dbd0f438cdba06d6e6c6c539a2a3d49c577cfd)
2012-10-17 18:23:01 -04:00
2ade66bf3e
Remove stale comment
...
(imported from commit c880fc2f543e3f0cdfd531c968a1e77249c04f4c)
2012-10-17 18:17:43 -04:00
bff0046c51
Fix client continuously calling get_updates when a reload is pending.
...
(imported from commit 2c29c8b892e7843f4d75178cc683bf48f7a5cdf5)
2012-10-17 17:46:07 -04:00
49a8677517
Remove 'timezone' from the settings page.
...
We weren't doing anything with it anyway, so...
(imported from commit ad927f3d2ce5b9bd219d6f36a021542812486aef)
2012-10-17 17:26:55 -04:00
d9715825b1
Remove 'short_name' from the settings page (but not the db).
...
For now, we're not using this, so let's expunge the user-facing
references to it.
(imported from commit 90a8dcdc77d0a991bef3e319e6971327639d1f4e)
2012-10-17 17:26:06 -04:00
758bbe6fc9
Rename api_fetch_key to api_fetch_api_key to match json methods.
...
(imported from commit ed1c33f5017426dd38882c06ac38343451edb94b)
2012-10-17 17:13:33 -04:00
ae3e24458c
Add a UI for requesting your API key.
...
(imported from commit 07c40caf73f3b6c1c502a6c8e18109532dd28cc3)
2012-10-17 17:09:46 -04:00
716badc2c6
Don't reference GET if we now require post.
...
(imported from commit b78b62e81b4064f53c1a83a68e0b7e67a08230b5)
2012-10-17 16:52:30 -04:00
6c3a328426
API key fetching should happen over POST, not GET.
...
(imported from commit 351d0035a55f49f00693081584d882c1aef7dd01)
2012-10-17 16:36:49 -04:00
12bad46740
Introduce API method to return a user's API key by logging in.
...
This makes it easier for mobile clients to use the API by enabling them to
present the user with a familiar username / password prompt, rather than
by asking them for their API key.
(imported from commit 6ed06cfe86f87e7aef54a4be7835fb7bf8d7f209)
2012-10-17 15:33:05 -04:00
7237b4a73e
Fix sending to a stream with a space in its name.
...
Previously if you tried to send to "a b", we actually ended up trying
to send to "a%20b", since we were url-encoding the stream name and
then not properly decoding it.
(imported from commit 307d2999bd309e47fc654ae4422ab4372edde064)
2012-10-17 14:06:00 -04:00
81f0d61c3b
Factor out Gravatar hash calculation
...
(imported from commit 29872722fb4856773d98fc987a1e2d6eb99ad8b2)
2012-10-17 01:09:16 -04:00
539c3abbab
@asynchronous needs to be the outer wrapper.
...
(imported from commit 24b8f157d600e69276178d609820d3f0dfb685a7)
2012-10-16 17:10:15 -04:00
6642a65269
Convert last few json views to use the json_success api.
...
(imported from commit 7a617ec7e7c8607e8ba87e7a9b8599a83b91666c)
2012-10-16 16:54:41 -04:00
8388353859
Clean up the decorators code for the API.
...
(imported from commit b3fd6cfa475f021e35043148ad9a38633d9bddfe)
2012-10-16 16:38:42 -04:00
a859c10017
Don't redirect to a login page when responding to json messages.
...
Also update tests to actually check all our URLs.
(imported from commit 86de2027d140da6118e2f2f60c1c86511b16c141)
2012-10-16 16:38:39 -04:00
3e994c16b7
Rename/reorganize our urls to be more consistent.
...
(imported from commit ca3cc7ccd5d7da83a9c60968527378ee1118648e)
2012-10-16 15:56:06 -04:00
103bf321b4
Have client and server exchange a server generation number
...
This will allow the client to detect when the server has restarted.
(imported from commit 89e75916719d967beb2520be6263f79f897d9ec1)
2012-10-16 15:30:09 -04:00
8819bdc0fc
Hide most of the navbar on the deployed app
...
(imported from commit 3b055588f7de805bf1b038f1bc6c03837eda010a)
2012-10-15 18:44:36 -04:00
5141cd7ab9
Make a setting for where we redirect home for not logged in users
...
(imported from commit 95bae4e52d8a8a34c001975e8d3547db5ba256a2)
2012-10-15 18:44:36 -04:00
bcc895b95b
Avoid expensive queries to check whether the user has any messages.
...
(imported from commit 035ec44db7a2f61b1c04e80feebe9af1a214505c)
2012-10-15 17:10:55 -04:00
ab9832092d
Remove an unnecessary @require_post
...
(imported from commit c8a43e696dbcfa4cdb494f286e6f0b989d328bd9)
2012-10-15 17:05:37 -04:00
917a06d5cf
Use select_related for the get_updates queries.
...
(imported from commit 403a5906f9619fb1d6dc10e57ebcaab7e8f00f16)
2012-10-15 11:54:12 -04:00
7ebc720347
performance: Use select_related when computing autocomplete lists.
...
(imported from commit fde08787998179451e6684a101c80aaafca917f6)
2012-10-15 11:39:10 -04:00
88009b4854
Auto-complete huddle names based on full name.
...
This also makes the people_list a list of objects containing the person's full name and email.
(imported from commit cff9b3de8cab0c9b2690ffa60d65d666302b989f)
2012-10-12 11:35:45 -04:00
7a305c1882
Add more information to error message
...
(imported from commit 0917d5c2ed1b156603ce53aaec88ecbe26f5f39c)
2012-10-12 11:34:42 -04:00
afee537a95
Don't allow users to subscribe to too-long stream names.
...
Also check for invalid characters when subscribing via the API.
(imported from commit c4730ecb360607c4da264cb1c4b2f9daa2cef293)
2012-10-12 10:48:41 -04:00
091bc48926
api_subscribe: Check for too-long stream names.
...
(imported from commit 20d94eafeb333a9bc09b6b20093e13fd1b241ea8)
2012-10-12 10:45:53 -04:00
fc99d2983a
Add an API call to subscribe to a list of streams.
...
(imported from commit 0a5d46d5f54fb4c8ebfad8c9adb777c0b4938dfa)
2012-10-11 16:20:45 -04:00
0a0bd31407
Remove unused strip_html
...
(imported from commit 21747b9b5cbbe7b1935905fc9254f4de64db20aa)
2012-10-11 15:01:54 -04:00
2c3d7d6116
HTML-escape messages on output
...
(imported from commit f199fddf887ffbd22ebac76448accb4c48b64a24)
2012-10-11 15:01:54 -04:00
3fadaae574
Don't escape message metadata as it enters the system
...
(imported from commit b98deb3dcdc389b079055a06ffafaf138bc79c70)
2012-10-11 15:01:54 -04:00
c06aa1a3da
Don't escape user metadata as it enters the system
...
We believe that our output escaping is sufficient.
(imported from commit 4c9d4d79682ef5689bc1eec12a3bbcc34de013a4)
2012-10-11 15:01:54 -04:00
7137787984
Escape variables interpolated into <script> within index.html
...
Django's escapejs prevents breaking out with an embedded </script> tag.
It only works on bare string contents, not JSON-ish lists and such. So we
generate stream_list and people_list with template loops now.
(imported from commit 07fe4bebaa3fa11bc479b4378b8989560ce77f6f)
2012-10-11 15:01:54 -04:00
83f494b1a4
Add API queries to show public streams and the user's subscriptions.
...
(imported from commit 5f24e35a9bdd1e40406e2acb0c3713a6517d139b)
2012-10-11 14:43:23 -04:00
9811bd5f8a
Get UserProfile by email with a join, not two queries
...
(imported from commit 0698ebb88615cea54196181aeabe869ec466dbc1)
2012-10-11 14:05:53 -04:00
676e650a08
Fix mit_sync_bot bug causing constant API requests.
...
(imported from commit dfa845b98a7e22ee69a9589b8b98ac5a49077793)
2012-10-11 13:00:50 -04:00
5a7ff70c11
Remove obsolete views
...
This functionality is part of the home view now.
(imported from commit 5f0327eb62840bf98af49566e6f3c0b86ca43b8d)
2012-10-11 11:23:22 -04:00
48ec15c46d
Don't duplicate realm query when registering
...
(imported from commit b1e3b7144f564c5b2fc23fbf548bf0672deb2932)
2012-10-11 11:08:52 -04:00
ac3f4393ff
Rename instance to subject.
...
(imported from commit 6b4693da03f106448c137cf81cf9801cac44f2b8)
2012-10-10 18:01:39 -04:00
08e832e093
Change send_message to accept a stream, not a class.
...
(imported from commit 0f58de2502bec227f5f33e44692d03f2f28d6f63)
2012-10-10 17:48:17 -04:00
6dc913766d
Rename 'classes' to 'streams'.
...
(imported from commit 8ad6791f39d49e90a2828b6af86d039ba5ca5abc)
2012-10-10 17:47:13 -04:00
493a428cb2
Rename zephyr_class=>stream for local variables in views.py.
...
(imported from commit 9ea782e0c132f4ab3ca86cd37ff584d0a2308dea)
2012-10-10 17:47:13 -04:00
003efb84b4
Rename get_class to get_stream.
...
(imported from commit 4d393f9fcd46847c54c7e0b6b7add219e8e07fe6)
2012-10-10 17:47:13 -04:00
4006e4b1ea
Rename class_exists to stream_exists.
...
(imported from commit 416bd1f4c513216d45913e306f6c8eaa542f3539)
2012-10-10 17:47:13 -04:00
39cde772eb
Rename valid_class_name to valid_stream_name.
...
(imported from commit 980135772f5050514b41130b0f1948aee3a3a4e5)
2012-10-10 17:47:13 -04:00
44e9e4cebf
Rename Recipient.CLASS to Recipient.STREAM.
...
(imported from commit a530194163f7260c73921137fa1ff671f14516f6)
2012-10-10 17:47:13 -04:00
1fc4780a81
Rename create_class_if_needed to create_stream_if_needed.
...
(imported from commit 1bbc792332981723d3d29b24ad03811d62ced5f1)
2012-10-10 17:47:13 -04:00
Tim Abbott
Zev Benjamin
Keegan McAllister
Luke Faraone
Jessica McKellar
Waseem Daher
Zev Benjamin