Commit Graph

246 Commits

Author SHA1 Message Date
Luke Faraone f20f605376 [manual] Add file upload support.
This allows users to drag and drop content onto the compose box, storing
their data in Amazon S3.

New dependencies:
 - python-boto

(imported from commit 339874e483db5c36312c9ceae56db29da6ca0d99)
2013-04-05 13:07:13 -07:00
Luke Faraone f4d00b6af9 [manual] Push new users' data to MailChimp.
This creates a new management command, subscribe_new_users, which should be
run as a daemon process. When new users are created, an event is passed to
RabbitMQ including the following data:
 * Email
 * Full name
 * IP address of the person who confirmed registration
 * Time of registration confirmation

MailChimp strongly encourages the collection of the last two to enable
responses to abuse requests, and providing more data lowers the chance that
we could get banned from their service if complaints do occur.

To use this commit, you need to install the "postmonkey" module from
PyPI.

(imported from commit 20c628c3fa8bb985aaead85a80ad3b38bf94b9dc)
2013-04-05 10:22:26 -07:00
Tim Abbott c65f37c910 do-destroy-rebuild-database: Fix migration with AUTH_USER_MODEL.
Django's South migrations support for setting up a new database
doesn't properly handle AUTH_USER_MODEL changing over time.  Fix this
by having the initial migration be run with AUTH_USER_MODEL set to the
default value.

(imported from commit c373db9edc61f26527c486c741f8e870614600e3)
2013-04-04 17:39:01 -04:00
Leo Franchi 8fe82085c4 [schema][manual] Automatically subscribe users to default streams only after tutorial
(imported from commit 6511851c0aee2628bef597bf1310d6f96b0fd1d4)
2013-04-04 17:11:39 -04:00
Tim Abbott 7ce6154464 Set UserProfile to be the AUTH_USER_MODEL.
(imported from commit 92bf66b3e6a8ed06054bd491bcc96ef422a1fbe1)
2013-04-04 15:45:44 -04:00
Luke Faraone 86d794c3f8 Updating the pointer is logically a PUT, not a POST.
(imported from commit 191582008c15861639acd882742f22b3fd17445a)
2013-04-03 15:35:59 -07:00
Tim Abbott 24a464cee1 Add IP addresses for app frontends to ALLOWED_HOSTS.
(imported from commit f5cc75f0ac3851bfe9a554d08875dcb5a19a9dc5)
2013-04-03 11:18:12 -04:00
Zev Benjamin c8acdfb228 Make the default for API-users be apply_markdown=False
This fixes a regression that was introduced when rebasing the event
system branch.

(imported from commit da575e96ebdb4dbcca3a658a10a0f81628f9317c)
2013-04-02 17:04:26 -04:00
Keegan McAllister 9dd987be7e Precompile Handlebars templates in production
Fixes #908.

(imported from commit 30458e9bea8117d1fa15dc962bb1a495f22672cc)
2013-04-02 14:43:59 -04:00
Keegan McAllister 17d5406b55 [manual] Fetch Handlebars templates using Ajax
...rather than embedding them into index.html.

This is only acceptable for dev, but the next commit adds an alternative
mechanism for prod.

There isn't actually a manual deployment step here.  However, this commit won't
work on staging / prod without the next one (since we don't serve
zephyr/static/templates in prod).

(imported from commit dce7ddfe89e07afc3a96699bb972fd124335aa05)
2013-04-02 14:43:58 -04:00
Leo Franchi a406aeadc8 Add beanstalk integration along with tests
Beanstalk integration uses webhooks that use http basic auth to authenticate
the sending user.

(imported from commit bd65f5b2d052a3c1eb04da64d055a3640a384892)
2013-04-02 13:35:42 -04:00
Tim Abbott 5dbe8b4c17 [manual] Authenticate using a user_profile as request.user.
When this is deployed to staging, we need to run

./manage.py logout_all_users --realm=humbughq.com

When this is deployed to prod, we need to run

./manage.py logout_all_users

(imported from commit d6c6ea4b1c347f3d9122742db23c7b67767a7349)
2013-04-02 12:07:08 -04:00
Leo Franchi e546161e8d Handle web hooks from JIRA for integration support
(imported from commit d4db0b850becf42dee6f0a9df7b19c692fef41f1)
2013-03-29 16:14:39 -04:00
Zev Benjamin 68904bef00 Lower the client-side polling timeout for get_events now that we have a server-side timeout
(imported from commit b3b3a2d4083f22b0fdb876f2d4e97b2be4bda79a)
2013-03-29 11:11:34 -04:00
Zev Benjamin 6cc70d94f6 Add register() call to event system
(imported from commit 0c9fbfec1866591b2169ce2da2bc2af6003f8f31)
2013-03-28 16:57:47 -04:00
Zev Benjamin 401fa6063e [manual] Add get_events URL routing
The new nginx configuration file needs to be copied to
/etc/nginx/humbug-include and nginx needs to be restarted when this
commit is deployed.

(imported from commit 6c43f3c2c7a6acee6a852c672c96a38bda01dd0d)
2013-03-28 16:48:52 -04:00
Keegan McAllister aa3c446665 Generate source maps from Closure Compiler
(imported from commit 0e4de860b1dba85aa43b60a2c819ac44403186c5)
2013-03-28 12:11:23 -04:00
Keegan McAllister f76984b4ef Switch to Closure Compiler for minifying JS
I've already confirmed that java is installed on both staging and prod.

(imported from commit a6354e60d529a72583e1e1bc14468d04697960b9)
2013-03-28 12:11:23 -04:00
Luke Faraone 0d51e59fd5 Implement URLs for API redesign.
(imported from commit 2020491a737ec4c1e99a63f84eb6cfc594a2dd56)
2013-03-28 07:57:38 -07:00
Tim Abbott e8aa77c9b4 Set timeouts for our memcached caches.
The policy this implements is:
* 1 week for most persistent data (Clients, etc.)
* 1 day for messages

(imported from commit d57bb2c6b9626ffa2155c6d0ef9b60827d1f2381)
2013-03-28 07:36:10 -04:00
Tim Abbott 3d39341fc2 Fix logging configuration for Django 1.5.
Apparently, something in Django 1.5's changes to their default logging
setup resulted in the logger 500 errors (logged in
django.core.handlers.base.handle_uncaught_exception) from reaching the
root logger -- they stopped at propagating at the 'django' logger.  We
deal with this by making our logging system handle those events in the
'django' logger ourselves (and making the related changes needed to
ensure that we still log to server.log and the console everything
logged by our own humbug.requests logger and anything that falls
through to the root logger).

This requires updating the mechanism we use in test_settings.py to
silence our request logging, since now the 'humbug.requests' logger is
being re-initialized by the Django logging setup, which runs after
test_settings.py.

While we're at it, set propagate=False in the commented-out
'django.db' logging configuration (previously, queries would be logged
twice).

(imported from commit 32af29084e52be1ba6f92a7952c3a3946925b46b)
2013-03-28 07:36:10 -04:00
Zev Benjamin d1b9ab9fd8 Move SERVER_GENERATION definition to settings.py
(imported from commit 4be2b912a63f49f525c66f46db0bc5c466ad364f)
2013-03-27 14:15:03 -04:00
Tim Abbott 2aae6190d2 [django 1.5] Set ALLOWED_HOSTS variable in settings.py.
This only does something if DEBUG=False, but it's now required that
you set this on Django 1.5 or the server will silently serve up 500s
for every request (not the best failure mode).

(imported from commit fa226c644770c468d73143c8a49d5d29d282df27)
2013-03-27 08:19:26 -04:00
Tim Abbott e89f3e0296 Reduce repetition in urls.py through pattern prefixes.
(imported from commit 3af55ae4e2bd9f19db78b97ec7b6ea3b39906b9d)
2013-03-25 11:36:48 -04:00
Tim Abbott 7d94d1a82a urls: Reorganize the URLs a little bit.
This is preparatory for using patterns to reduce code duplication.

(imported from commit f7aa3221d0ad3d86ea1381f8df264a447038432f)
2013-03-25 11:28:20 -04:00
Keegan McAllister 7f3e8923a8 Add a comment in urls.py about other pieces of code which route URLs
(imported from commit 03bf31f6906ac30d6575d62a43c4a0f34f07175a)
2013-03-22 17:53:06 -04:00
Keegan McAllister 23b8833ec5 Handle Tornado callback notify in a more generic, less HTTP-centric way
(imported from commit 85a74d1b40461236c4c95ad688e9796ab50f0bbf)
2013-03-22 15:51:23 -04:00
Waseem Daher e1e7978fae "Lead designer" job posting.
(imported from commit 1f9e00e45f69d47842524d715fe5e8a8a4a8b7df)
2013-03-19 13:28:53 -04:00
Zev Benjamin f3f1205522 Use verify-full when connecting to the database
Now that we can use our servers' DNS names internally, using
verify-full gives us a little bit of extra security.

(imported from commit 3a3715fa8a59851d4543112a55b5c6b24981442e)
2013-03-19 12:15:24 -04:00
Tim Abbott 34021ffc29 debugging: Add commented-out code in settings.py to log all queries.
This is often useful when working on a local development system and so
seems worth putting in the code, but is so verbose that it probably
doesn't make sense to have on by default in development.

(imported from commit ddb7ae4c83136f96d69368a245ed64e7daf66f34)
2013-03-18 16:15:11 -04:00
Keegan McAllister ff745e46ae Use Postgres on all Linux dev machines
(imported from commit fe4dcc186debe726ffc146881dd8c6022c192c8b)
2013-03-18 15:14:40 -04:00
Keegan McAllister 45eb9bcf47 tests: Disable tutorial through the server side variable needs_tutorial
This fixes a nondeterministic test failure for me.

The first message sent in the test suite appears to get dropped.  I don't know
why this is, and I'm pretty sure it was an existing bug.  This message used to
be the one disabling the tutorial, which might explain why that didn't always
work.

Regardless, this commit at least makes the test suite usable, and we can work
on fixing that bug later.

(imported from commit 063e40871b9883e3a6dab93a4e0a51c5b2dae4b7)
2013-03-18 13:46:46 -04:00
Waseem Daher 797b5ee63f Add page describing our Humbug apps.
(imported from commit 2e071782a13a497e57225b2a84c41d58f5e120b5)
2013-03-15 19:16:44 -04:00
Tim Abbott 9ae583b910 Use the User/UserProfile caches for Django requests too.
Previously we only used these caches for Tornado requests, because we
were not updating memcached when e.g. the user's pointer changed, and
so functions like update_pointer would not work correctly.

Now that we are updated memcached when the User and UserProfile
objects change, we can use these for all requests.

This saves 2 database queries on every Django request to the server.

(imported from commit aa5bffd885d14bde38b95e80a226bd5ab66f253d)
2013-03-15 18:09:34 -04:00
Tim Abbott 07b72c4901 settings: Add docs on how to properly test our email handler.
(imported from commit e6ad4f517169ca47a32bb853a30aab7a634e7979)
2013-03-15 14:53:17 -04:00
Tim Abbott c098520bbd Move the key functions for various caches to cache.py.
(imported from commit b04826533c32516cc2eef3b35263a40385ae7be4)
2013-03-14 15:07:41 -04:00
Leo Franchi 93a3f14c43 Add backend support for handling new 'read' message flag
(imported from commit 6194e9332caa2d279cbc304f0d6a69f969aa9a72)
2013-03-13 14:14:45 -04:00
Zev Benjamin 09cf339c2b blueslip: Handle exceptions from jQuery event handlers and $(document).ready functions
We treat these exceptions the same way we treat fatal errors: report
the error message to our server and then allow the exception to reach
the top level.

We could also override document.onerror, but don't.  There are a
couple of ramifications of this:
* Exceptions caused by event handlers directly attached to DOM
  elements aren't handled
* Exceptions caused by code at the top level that triggers an error
  (such as parse errors in our Javascript files) aren't handled

The reason we don't override document.onerror is because the
document.onerror handler has a limited interface and doesn't receive
the exception object.  It only gets the message, file, and line
number of the error.  Additionally, exceptions that we allow to
propogate out of blueslip trigger an onerror event when they're never
caught.  In order to avoid handling the error twice (once by blueslip
and once by the onerror handler), we'd have to encode the fact that
the error has already been handled in the error message, which is
pretty ugly.

(imported from commit 7f049ae519dc198a9f7cfd41fd5dd18e584bd061)
2013-03-13 10:55:34 -04:00
Zev Benjamin 1109d20149 Send browser errors back to the server
(imported from commit 8c676017e8b3fc4f17552db15d32266099dba8f2)
2013-03-13 10:55:33 -04:00
Tim Abbott f160703f4a [django 1.5] Use new class-based views in urls.py.
These have been the recommended way to do generic views since Django
1.3, and the old-style views (previously deprecated) are gone in
Django 1.5.

(imported from commit 45938f452bd6aa363f7ccdbac9f2297d1b1b5e7b)
2013-03-12 14:45:45 -04:00
Tim Abbott 710358db8c Set the database cache's to essentially never timeout.
(imported from commit f6fdbfe52536c5458130db3a907b8b8f81163fa4)
2013-03-12 11:16:58 -04:00
Tim Abbott dd8759acc3 Increase the third_party_api_results cache size.
(imported from commit 2555dcb3913650d72e307017df721b7665ff2e4b)
2013-03-11 15:24:59 -04:00
Tim Abbott 967743ddab Fix database cache settings for !DEPLOYED systems.
(imported from commit 0805c17a6bc5d0f1438d6fd1b1ce739d1162d09e)
2013-03-11 15:24:59 -04:00
Zev Benjamin dc0913077a Add a new frontend error-reporting system
The new system, called blueslip, makes errors fatal when in debug
mode and only output a message when running in production.  In the
future, it could also send user errors back to us automatically.

(imported from commit 1232607c0311e885c8b5a5e8a45ffb28822426e0)
2013-03-11 13:22:12 -04:00
Tim Abbott d679a72952 [manual] Cache results of the Twitter API in the database.
This should substantially improve the repeat-rendering time for pages
with large numbers of tweets since we don't need to go all the way to
twitter.com, which can take like a second, to render tweets properly.

To deploy this commit properly, one needs to run

./manage.py createcachetable third_party_api_results

(imported from commit 01b528e61f9dde2ee718bdec0490088907b6017e)
2013-03-11 13:15:55 -04:00
Reid Barton 6bb9ad4e3c Avoid cross-site logout attacks
Require POST method for /accounts/logout. This has the side effect of
automatically enabling Django's CSRF protection.

(imported from commit 44b1b6ebaadc1c03006e21ae54ac768e31234801)
2013-03-06 19:10:04 -05:00
Tim Abbott e63033f8b1 settings: Decrease duplicated code in database configuration.
(imported from commit cb89fd7f986e0cf2a5598eedf799da8fa99131da)
2013-03-06 11:36:15 -05:00
Luke Faraone 9c1b2665c0 Rotate database password for local testing.
This does not affect any deployment.

(imported from commit 77d722d19cfe64169055e32a9bf5cd565772f03f)
2013-02-28 15:40:21 -05:00
Jessica McKellar ff62ac96e6 Extend get_profile to also be a JSON request.
(imported from commit 38e0d5a9aa2498ffcdfa65b07283a456257feafd)
2013-02-27 18:16:50 -05:00
Jeff Arnold fcd033e33e [schema] Save enter_sends on the server in the database.
(imported from commit 4d82f6aaf5918f155a930253c9cc334dbcc0d97a)
2013-02-27 17:25:29 -05:00