If the database is down and the Handler crashes, we get an email with an
obnoxiously long subject line and without proper sanitization performed.
By wrapping internal_send_message in a try-except, we eliminate the most
common (read: to date, only) cause of crashes in our Handlers.
(imported from commit fd59e931ad0a4fff574d3cafa47348eacacb858f)
We also remove META here since it rarely contains anything useful, and
often contains sensitive environment vars.
(imported from commit 2909613f9f52684bef9175600961801104644c75)
This allows us to remove fetch_colors() entirely, and should speed up page
load a bit.
We also JSONEncoderForHTML instead of dumps so that the result is safe
to embed.
(imported from commit 013630911960e2ac1d0bae6f5df31ad342750594)
This will give us flexibility in the future to add new properties to the
list.
In order to support that, we now do a list comprehension rather than just
returning the gather_subscriptions list in get_stream_colors.
(imported from commit a3c0f749a3320f647440f800105942434da08111)
Previously we checked if property was false after doing .strip(). Since
you can't call string methods on a NoneType, we were 500ing.
The code now does a normal dictionary get via [] and catches the
KeyError.
(imported from commit da7f28febf0865f44e92bcac1791f817c3d370f3)
Returning json_error inside an inner function call will result in the error
getting lost.
(imported from commit fd7754b15f7b62fd6e4197fd72ae03d6996a93da)
Previously we made calls to the JSON api, which means that the API key
was being ignored.
(imported from commit 46d8d0e5ac7926e824f300fd846ec42bc939e2c0)
Autogenerated schema migration:
+ Added field in_home_view on zephyr.Subscription
To do this manual change, you need to run:
python manage.py migrate zephyr 0005
on staging. No action is required on prod since there is a shared database.
(imported from commit d554f17b25631482ec2d5605a42ac0b9d6df421e)
Previously we only got the user ID for /json requests, not /api
requests, and also only got the user ID, not the email address.
(imported from commit c3625f9c1a48430e35183be6c90a7855f3714948)
Introduced in d19991c7. //-style comments aren't supported in CSS.
This was causing update-prod-static to fail with a stack overflow.
(imported from commit 4cb11a7025e8fef32c852d691fccf18a5ad3b955)
This was removed in 63788aa3. It was the only non-symlink in
zephyr/static-access-control/.
(imported from commit c9ee043b07c5fd4050aeaafa40394a6b69915bfb)
This test case was supposed to be making requests as 2 different
users, but was not logging in as each of them and thus used the wrong
credentials.
(imported from commit 0dfdc86fcb385d3d2a721181b2f8075bc39ad723)
This came up when I tried to subscribe myself to an existing stream
name but with leading whitespace added; the get_subscribers request
failed with a 400.
(imported from commit 03fe370d1e80fd7e8c282f260e63b7e5ada05960)
Before, it let you subscribe only yourself or one other person to
possibly many streams.
This is used by the subscriptions page to specify the subscribers when
you create a stream.
(imported from commit c1055e98b0bb27799ac9e6dad80b9c9fd87deca2)
In preparation for re-using the /json/subscriptions/exists request on
the subscriptions page.
(imported from commit 76eca95b952c4b60e583a050be711023ee5fedac)
Make sure they still stand out against the grey background.
It's less clear that we should do this for private messages as well, but it
seems fine for now.
Fixes#658.
(imported from commit 4c750208b5f2697e91c1c4fa7365d2744260c6f2)
Prior to this commit, if you have the composebox open, pressing 'c' or
'C' clears its contents. This change makes it work more analogously to
pressing the 'New stream message'/'New private message' buttons.
(imported from commit 3de5bf83754d8ab86b1967ce2ba15f5846090667)
As it currently stands, after the introduction of operators, narrowing
to messages that contained X would also trigger a find-in-page.
This stops that from happening, and then also makes the default action
of the search-bar-invoked-without-a-typeahead be 'narrow to messages
containing x' rather than 'find in page'.
(imported from commit 1beffce426c6b00449e7c1c803687a129747ed63)
This is a tricky one because it's kind of hard to see locally, but
there's a bit of a delay between when you click "Invite" and when we
get back to you. So we give the button a "loading" state so you know
not to click again.
(imported from commit 9c3389a3d06def777427c846d6106f6d9b30cc8b)
Leo points out that if you type a stream name, we probably want
to offer to narrow you to that stream more than we should offer
to find that stream name in the page.
(imported from commit 803ac681ec2f759f4dabb68a40722a07b86a0cab)
On my laptop, this cuts search time from several seconds down to
a few hundred milliseconds.
If we want even more speed, we could store the ts_vector as a column
on the message database. The Postgres documentation says this will
make "searches [...] faster, since it will not be necessary to redo
the to_tsvector calls to verify index matches." Going this route
requires creating a trigger to automatically insert the appropriate
column when new rows are inserted.
Note that the full text index must be fully created before this
commit is deployed. Full text search without an index is actually
significantly slower than using the LIKE operator.
(imported from commit ae74083da20d33aa2425d3e44fcdc19b160002ba)
This schema migration is only for use in automated migrations. To
deploy on the production database (the migration only needs to be
done once for both of staging and prod because they share a
database), you should instead execute the following SQL manually:
$ ssh postgres.humbughq.com
$ psql
humbug=> CREATE INDEX CONCURRENTLY zephyr_message_full_text_idx ON zephyr_message USING gin(to_tsvector('english', subject || ' ' || content));
Note the addition of the "CONCURRENTLY" keyword. The problem is that
creating the index takes non-trivial time and requires a write lock
on the table while the index is being created. This would mean that
users would be unable to send messages while we were generating the
index, which isn't acceptable. We can't create the index
concurrently in the South migration because concurrent index
creations can't happen inside of a transaction and South forces a
transaction on migration functions.
Also note that this index must be created before Postgres full text
search is deployed to the app because full text search without an index
is actually much slower than plain search using the LIKE operator.
(imported from commit 8b9445c27d0e427278de997b22342bffe6d855b7)
This is for allowing us to do things more complex than returning a Q
expression, needed for doing Postgres full text search.
(imported from commit 669ec71417c04baaf8ed1774bee147079b05b03d)
We will minify our code, rather than trying to restrict who can see the
un-minified code. Removing access control first simplifies things.
Manual deployment steps:
scp servers/puppet/files/nginx/humbug-include/app root@staging.humbughq.com:/etc/nginx/humbug-include/
ssh root@staging.humbughq.com service nginx reload
and then the same for app.humbughq.com once deployed to prod.
(imported from commit 63788aa3fa7ba5fd97fcf85b05760abb5e7cae4b)
1) Make the search hotkey (/) no longer clear the search box
2) Vertically center the "Search..." placeholder
(imported from commit 02dee6b72c4457e160f57d8604164e15e62f5f28)
This fixes Trac #723 - Message view scrolls to top after reloading on another tab (e.g. settings)
(imported from commit d9134cec6879625d577c43a08d258af3f6dacc5f)
Supporting ``` as a code fence marker complicates the auto-fence
closing, and as per a discussion with Keegan on code-review@, it
is not worth the extra complexity.
(imported from commit 405afb95c4295a02f4677181456caf9d49913ac4)
We don't use the latter anywhere in our API, and this typo caused user
API keys to be emailed / humbugged places.
(imported from commit d0402e8e9fd587f6a9018c962d222fb5f9ceca48)
Under some unknown circumstances (it happens on Keegan's laptop) the
loading indicator text width calculation returns a result that's a
few pixels too small. We hack around this by setting 'white-space'
property on the container div to 'nowrap'. The container's div will
be slightly too small (and thus the text will stick out the right
side by a few pixels), but that's probably OK.
This fixes#698
(imported from commit 2e5b28fb3a1fca78c700af74a452bfafd09a2da9)
This is to make the loading_indicator_text height closer to
loading_indicidator_spinner's height.
(imported from commit 062973e9c09b005601c5c943ce65dc97eeee179f)
This should fix the weird positioning spinners had when they were
created while hidden.
(imported from commit 777d5c376a3f93b0b7b3b749877070b438b7c102)
This changes the sorting for autocomplete to:
* Properly prioritize case sensitive and insensitive prefix
* For recipients, prefix-search on email, then sort by most recently sent pm
(imported from commit 893c7a07d678644a418a69656180fadf0d6f374d)
The fact that the user sees a change (the button changes or a row
appears) makes it obvious that the operation was a success. The
success messages were only serving to make the page scroll
confusingly when you couldn't see the top.
(imported from commit 471b9304f71bb8533c98d208b855d4d75c04a886)
The query fails anyway, so this is not a safety check. This commit
makes it so that MIT users actually see their subscriptions instead
of an error.
(imported from commit ee635943728d7d9823e118d9fa51c402b1cd9bf2)
We now keep around the subscription information for streams that the
user unsubscribed from in stream_info and have a field that
indicates whether the user is currently subscribed.
(imported from commit 973e2f4bd4139157b03d7c1a372db93a1a5130f7)
Trying to add a user to an invite-only stream that already
exists will result in in error
(imported from commit 910750580a122cee92096d7e83457cb0b8cce616)
Previously it was just testing that sending a GET request to our
POST-only URLs returned a 400 error.
(imported from commit a510734271385046bbf29166b38c0ecbd104d2da)
If get_updates requests a message ID that is too old, Tornado will
return a 400, and currently the only way to start caring about newer
message IDs is to reload.
(imported from commit 1638d71868475ffd793162afc7a2731cab14bd75)
Longer-term this should be done in a more sustainable manner, i.e.
including Glyphicons like we currently include Halflings.
(imported from commit 3f405c969352481626614a0d61874bd77f0388b7)
This commit both causes the settings button not to be drawn as
pressed, but also fixes the issue we were experiencing where,
e.g. changing from "Home" to "Settings" and back to "Home" would cause
you to lose your place.
(imported from commit 5084b280a202f6bf8f811834bf9d2734a034c8c1)
This is really the first step of implementing the "Oppa Gmail Style!"
redesign, and is largely an HTML/CSS-based change, with some
slight JS tweaks to deal with things being renamed or being no
longer necessary.
(imported from commit e05adc283ea066f0f90009cf712c4f3657c2485a)
Prior to this commit, at <979px, the .container in a .navbar has
`width: auto`, but a normal .container has width 724px, which causes
the two to drift out of sync.
This fixes that.
(Arguably, it's weird for us to waste ~200px scrunching
this down to 724px at this ratio, but we can solve that
as a separate issue later.)
(imported from commit 1f431ca1e2168db75821ea0be43941d29fd3e6b8)
We always want the navbar to stick at the top, no matter what
the screen size, and we want it to consistently look the same
height, etc. regardless of our page width.
This is possibly also accomplished via position: absolute !important
and other overrides in our own CSS, but this actually seems
slightly cleaner in a way.
(imported from commit 340fafb49bcbc1088a816897d320e252c4615d19)
Some time between the 2.0.4 and the 2.1.0 upgrade, Bootstrap broke in
a way such that clicking on a dropdown did not cause it to close.
Here's the bug thread about it:
https://github.com/twitter/bootstrap/issues/4497
I've implemented this workaround discussed there, though the bug is
fixed in 2.1.1, so when we upgrade this will go away (which is why I
only reluctantly tag it 'third', since the diff will not need to be
carried forward.)
(imported from commit f8d9cf65b33306a426d864c9b503bb3446614111)
Apparently short_name is not consistently the person's username
in our system -- for many MIT people, it's their full name.
(imported from commit d975300a59c7afe5ee20b4a0db1bd51110c3df33)
As of this writing, short_name is the part before the @-sign,
and we already display the realm, so no need to display it
twice.
(imported from commit f5f9b29bff99b36b0c23176348c2869193467c38)
This should fix the issues we saw where users who hadn't received a
message in the cache would not be able to receive new messages.
(imported from commit 3834dd5bd5a10c7a603194b540d78afd8a966017)
When not in lurk mode, lurk_stream is undefined which caused
lurk_stream.toLowerCase() to fail.
(imported from commit 63ce79083b55a37cb0455871237a76d724fbbbea)
Eventually there should be a database table or something where we can
configure this for each realm.
(imported from commit 5f3e6823f420e113da8ff8c521cc706175299fa4)
This is needed for the next commit so that the loading indicator is
created while its associated div is visible.
(imported from commit 72d6ccc14158b49e0ea640ab818114869aa548bf)
This is a hack to work around the fact that the query here takes far
longer than it should.
(imported from commit e6ee00c0636fe85cd946e4e3f2bbb2bda2da1f26)
The stream message cache query was grabbing an overly broad set of
columns and related models (e.g. the sender's user_profile), so that
Tornado would spend too long doing the query.
(imported from commit 6a692bc0e31957d4b9d9528d348c4b07a09eb15c)
As a side-effect of customizing the e-mail, this also makes the host
on which the error happened a part of the subject line.
(imported from commit 7d5e9ad108b48fd34528512c5955567119935d4e)
Prior to this commit, they weren't able to subscribe or unsubscribe
from streams or change stream colors.
(imported from commit 7f690c724bec3e7e6ba3b45ac7b41d1f7296b6f1)
If you create a spinner in a hidden element and then show the
element, the spinner is placed differently than if you had created
the spinner while the element was visible. This commit makes it so
that we never create spinners while their parent is hidden.
(imported from commit a21e68976d70fcceece30ee35f5e7cf6f9490497)
This allows us to use a uniform style across all our spinners. It
also cuts down on boilerplate HTML.
(imported from commit 9879f38e0f1ca8edd40a937753811e329447262d)
/?lurk=foo will show all messages to the stream "foo", regardless of
whether you're subscribed.
(imported from commit 049d98b3ee8df19ef0a9dc392ae941dd463f8dd5)
A public stream is one for which any user can view all messages sent
to the stream, regardless of whether the user was subscribed when
those messages were sent.
For now, to avoid a database schema change and to facilitate testing,
public streams are all streams on the customer29.invalid or
humbughq.com realms.
(imported from commit 7a71fd788d585a6f5b3e494e771ec85b632bb36e)
Before, a whitespace-only search would "highlight" the pointer and all kinds of
other interstitial space, which totally broke the page layout.
Fixes#408.
(imported from commit e7e0e251551a9da5a2ea53e36b9cce16e3e30634)