When we switched to delegated event handling, the bound handler for
all of our events was #main_div, but the floating recipient bar lives
outside of #main_div. Additionally, the bar needs to inherit the zid
from the target recipient bar since it is used for the narrow.
(imported from commit 7c18e16f2e98436888a8edb81fbbdd4d17abfe2a)
The problem seems to be caused by a bug in Firefox. We work around
the issue by adding empty table rows to the top of the table and
removing them when the user is idle.
This resolves trac #413
(imported from commit 2b15a4a2241bd7e813800a42608d650e0d4fa4f0)
I'd like to think about how to polish aspects of this a bit more,
but would like us to be able to deploy master at some point today.
This is basically the philosophical equivalent of reverting the
user-visible UI changes introduced in
b7b6794ad635ec63269a2043cd48b02749fbffda
(imported from commit edfaadf26741c47120c3acf6c410d33025c0a260)
Previously, it was impossible to narrow to a completely empty narrow.
Now it is possible, and the code needs to be tweaked in a few ways
not to break in this case.
(imported from commit e4dd4159ad52d003fc11d0b8b6531322c12a3de8)
Fixes#396.
We could display an error message, but jumping right to the login page seems
smoother and conveys the same information.
This will discard any message being composed, but preserving it would have
security consequences that we should consider further before implementing that.
Hopefully, users only get logged out by an explicit action, so they can't
complain too much (but see #217).
(imported from commit aaa23ecf46c73e514117ae1010fc44e133f2ba07)
Previously, we were adding those narrowed messages to message_dict the
first time, and thus totally skipping those messages each additional
time you tried to "load old messages" on that narrow.
(imported from commit 77eef376e1165b86e3c599608a1b5089a09d51e0)
In get_display_recipient, the userprofile was selected incorrectly by
user_id instead of the userprofile_id. In production, this hasn't
resulted in a user-visible error because we use MySQL and user ids are
always equal to userprofile ids.
This does happen if you are using SQLite locally and run populate_db,
which adds a bunch of users in parallel in an insufficiently
transactional way.
(imported from commit c25a04b4919e3efdfc6996b03492f7714d9034e8)
This bug affected receiving messages while narrowed. When none of
the messages recieved matched the narrow predicate, we'd try to
render messages and then create a jQuery object out of a bunch of
newlines (the only thing that results from a render of 0 messages).
(imported from commit 81f5aa46fac06fe0e5a14a8757f245f90b5845cc)
This greatly reduces the number of events generated and prevents the
blue flashing on message arrival.
This also necessitated a change in how we looked up message rows to
add the 'next_is_same_sender' class, which led to a further
optimization where we don't have to do as many jQuery selections by
id.
(imported from commit 0bcd5688b483c560b6f3a29c6d36433da600e8ef)
And wire it up to our local copy of codehilite. This fixes highlighting in
fenced code blocks, e.g.
~~~~ .js
var x = function () {
return "hi";
};
~~~~
(imported from commit 0efb0c9b98a3acdf55e18bb1918af7960f3425be)
In particular:
* Taking a list of streams as arguments.
* Using the _backend model so that we can have an API version.
* Considering "not subscribed" to be a non-fatal error.
And of course the corresponding changes to subs.js.
(imported from commit fdb300c6aa6921c2c6b09c22bd1e64405c368809)
One way this can happen is if run-dev.py --test is already running. In that
case the one we launch will die with "Address already in use", and we should
alert the user that test results may not be accurate.
(imported from commit 078091cace2cff777b444668b03f96dc208f22fc)
This should address the catherio/tibbetts feedback of the name
breaking oddly across the middle of their name.
One notable change introduced by this commit is: If your name is very
long, e.g., "Waseemio Daherioian", it gets cut off. (On Firefox, it
gets rendered as "Waseemio Daherioia...", and on Chrome it gets no
ellipsis at all.)
The current behavior is that the long name actually overflows into
the main text area, which I think is worse.
(imported from commit 668cb30bc2326c255b229f4f19f29be473bdc1e8)
The existing code shortens the searchbox each time it receives focus.
Unfortunately, this means that if it receives focus twice in a row, it
shrinks twice in a row. (For some reason, the '/' hotkey does this).
So, instead, make it idempotent -- if we're already shrunk, don't
shrink us again.
(imported from commit 8179963bbd00822d15d92609d89f572d2de7800c)
This is nearly perfect, modulo two things:
1. If you have a search active and you resize the window, the search
box resize doesn't take effect until you exit the search.
2. In super-narrow windows (<380px), the searchbox overshoots
the message area slightly.
I don't regard either as huge issues -- I'll probably fix#1
eventually.
(imported from commit 4900fb9783cc9f447315b0892bd3505f5c31ce15)
This doesn't fully fix the problems related to not syncing
subscriptions to browser clients, but it does fix the instance that
everyone experiences.
(imported from commit be2bc31a7c4443c1678321f1a938496e2632c0d3)
This commit changes APIs and requires and update of all zephyr
mirroring bots to deploy properly.
(imported from commit 2672d2d07269379f7a865644aaeb6796d54183e1)
These tests don't have the same coverage as the json test on the
theory that the backend is shared by the two views and that
differences are mostly on the way into the backend functions.
(imported from commit ddd21135565122dae8cbe90846d1aee7e4a2f56e)
Adding a positional argument caused a problem when
@authenticated_api_view started using @has_request_variables
internally. The 'handler' argument used to be passed through
positionally to the wrapped function, but when using
@has_request_variables, the wrapper inside @authenticated_api_view
had to take additional arguments. The handler argument was then
assigned to one of those parameters instead of being passed through.
(imported from commit 66240bd465c803ddcbf4a603509051fca7381468)
If we don't do this, we get all kinds of nasty shadowing where
references to 'search.whatever' seem to be references to the
HTML input element, rather than our search.js module.
(imported from commit 4e4b562ddf895baea9619316d9fab27ae5e9fc4e)
We have a lot of forged users that have bad fullnames due to
historical versions of our fullname computations; this function will
clean those up.
Also, we have a bunch of users with emails like foo|mit.edu@mit.edu
that were the result of a mirroring bug that we want to get rid of
from autocomplete -- putting them in a useless realm name will do.
(imported from commit 6e305093653ca9d327e9e28491636e99d16cfe1d)
This should fix the problem where only one of pairs of identical
messages sent to two different zephyr classes by bots will make it
over.
(imported from commit 37005417e2e1f737501c9524b95b044eefbfe235)
Fixes a message forgery bug (#335).
This works because Django will not generate a new CSRF token if a valid token
cookie is already present (see django/middleware/csrf.py).
(imported from commit 23222cb0bb62ae8a2f8ac7fb3f24bbc866103454)
These were lists of pairs because we were going to repeat keys, but that didn't
work anyway.
(imported from commit 687b3f7b8a2821d057719c725f1f39db3992ae5c)
This was causing Zephyr mirroring to break because
create_mirrored_message_users was returning False due to the
same_realm_email check failing.
(imported from commit e6a63160f34ec056461038650b5f8027718e6c63)
Previously we bypassed the big buttons on the left bar and clicked on
the anchor tag inside the compose box. This bypassed the
compose.start() call.
(imported from commit 2b627825596c8d3c21441e58db895b8e488e624b)
Personals are now just private messages between two people (which
sometimes manifests as a private message with one recipient). The
new message type on the send path is 'private'. Note that the receive
path still has 'personal' and 'huddle' message types.
(imported from commit 97a438ef5c0b3db4eb3e6db674ea38a081265dd3)
It now takes an anchor message id, a number of messages before, and a
number of messages after. The result always contains the anchor
message.
(imported from commit 84d070dc8091161c86d4bbeafbdc299493890a2a)
We need a deterministic order for the client test suite, and it seems like a
good idea generally.
(imported from commit cc8fc555611f2d2f1b21e63ce6860d446baa3410)
We had this problem where clicking a hyperlink bubbles up and causes a
click on the message, which causes the composebox to open.
We "fixed" this by setting cancelBubble (or, even better, calling
stopPropagation()).
Unfortunately, on Firefox, this fix breaks Ctrl-click and Shift-click,
because those are (apparently) implemented by adding an event listener
on link clicks, and stopPropagation prevents them from being called.
We instead work around this by handling this case in the click handler
of the parent element. (This allows the normal URL click AND Firefox's
bound event handlers for Ctrl and Shift to run.)
This resolves Trac #374.
(imported from commit 16fb3aa6fc582f1fba5009812e0b1178ce7c5bb7)
Mixing these two in this file is bound to lead to a world of hurt (and
has, historically). At some point I'd like to do this across the
entire codebase.
(imported from commit 9ff029597587f9c37a0bd9f32c25a769aa1a7a20)
This makes the "handle hotkeys" code path a lot simpler, and also
fixes the "copy not working" issue we were seeing on Firefox 17.
(imported from commit 8ab96d12895da2876f60da58f373372612f4ba32)
So, in Firefox, $(window).width() does not include the width of the
scrollbar. However, the CSS media-query max-width DOES include the
width of the scrollbar -- so the Bootstrap change and our change do
not happen at the same time.
window.innerWidth does take into account the width of the scrollbar,
though, and seems to have reasonable cross-browser support, so we use
that instead.
(If we wanted to be slicker, we could use a media query a la
https://developer.mozilla.org/en-US/docs/DOM/window.matchMedia ,
but that's not supported in IE <10.)
This resolves Trac #35.
(imported from commit ca35321c02d5e79e4f9c439a662805c016a333ed)
Old browsers might not have the global JSON object, so we may have to
include something like https://github.com/douglascrockford/JSON-js
for old browsers in the future.
(imported from commit e30a291d1212f2a00b543551b3a77082c7406eec)
This was causing our tests to fail and would have also
affected API users not using our Python bindings
(imported from commit 2d81496892e9042e328279edea94be8ee4d21c1b)
return_messages_immediately's return value is not returned, so the
argument validation in @has_request_variables didn't work correctly.
@has_request_variables would return a json_error, but
send_with_safety_check expects a dict.
(imported from commit 86b6bccb7861dbf523c06b606b87374e339059a4)
The original check has become too broad now that we have more buttons,
and specifically this lets you use the search hotkey to start a new
search after you've been searching up and down.
(imported from commit 0e691ff55ff9d4be8d406d1eb47fc2062758d28b)
This change substantially increases the number of view functions where
the API and JSON versions are actually identical code.
(imported from commit 2eee55a8943cf9a684bec2ba1f6d7afcb2b91948)
Functions with the @has_request_variables decorator can have some of
their arguments extracted from the HTTP request. For each such
argument, its default value should be an instance of the POST class.
The arguments to the POST constructor control the request variable
name that the function parameter should be populated from (it
defaults to the same as the parameter name), whether the value should
be converted before being passed, and whether a default value should
be supplied if the parameter is missing from the request.
(imported from commit ba1c25d73ba3980e44abec1458e6496807fcdaa4)
No need for an 'if' if we're just returning a boolean. And using
QuerySet.exists() should be a little more efficient.
(imported from commit 69ec3cc9f2fe904ec40ea3b8a8687a06cd03f3f3)
login_required_api_view is misleadingly named. It accepts neither a Django
login session nor login credentials (username / password). The intent here is
authentication, whether stateful (login) or stateless (API key).
(imported from commit 7e9be552168396b399116737655bd7267fd5c1a3)
Within 'except', 'raise' re-raises the current exception. But outside, it produces
TypeError: exceptions must be old-style classes or derived from BaseException, not NoneType
which is pretty confusing as a generic "something has gone wrong" exception.
(imported from commit 9fcd003a952b82df67726c26161dced079978a32)
We've had multiple requests from MIT zephyr users to allow
non-alphanumeric stream names, and we haven't decided what we want to
allow, so for now allow everything.
Note that the web client and mirror script limit stream names to 30
characters, which is our database limit.
(imported from commit 2acb5ee04e5ee7c40031ac831e12d09d04bbb2e6)
From the Google JavaScript Style Guide:
If you need a map/hash use Object instead of Array in these cases because
the features that you want are actually features of Object and not of Array.
Array just happens to extend Object (like any other object in JS and
therefore you might as well have used Date, RegExp or String).
(imported from commit 048e7a640137f3919c0097a421b7b6c366b65cfe)
This clarifies that clicking on any of those three pieces of
information will pop up the user info tooltip.
(imported from commit 1e57550d66acbb2e8d5d244d2997bbd394c334c3)
This was causing us to log some requests twice, and might have more serious
consequences as well.
(imported from commit 0bb2d7207ee3e4e04679215a7f5ae637cd26aa19)
The zero-port case never actually worked, because addrport wasn't an optional
parameter in run_one. And multiple ports was implemented using the
multiprocessing library, which is just bad news. Since we have no need for
this, remove it before it can cause trouble.
(imported from commit 9d913924701f30d23ebe878b76c8f1f0da2800e2)
The comment on keydown_handler says that these functions should
"return a new handler, or 'false' to decline to handle the event."
(imported from commit 8cd23ee69ef900fcb7c7c211fe6ad36f54f02ba9)
This reverts commit 429e055d3eca65af8bc0fe58481a7becf9ced66a.
There is some inconsistency between the names 'huddle' and 'personal' that is
breaking things.
(imported from commit 4c81853fca9d88d13ce8f23e2d6884c33cdc57d2)
Also remove unused fields.
The registration tests should be revamped for our new multi-stage
signup, but for now just get the test suite passing completely.
(imported from commit 481f420cf99341e44e71942ae563e3f9a1270d3e)
This makes the Home link modal (when on the Home pane, it unnarrows
you; when on a different pane, it returns you to your feed in whatever
state you left it).
Fixes Trac #5.
(imported from commit 3181f17035d78a9916ab7a3ad336f34cb66d3cdf)
You're not necessariy getting the last email, you're getting
the last recipient the user typed in.
(imported from commit f7ab4153a5b2497bc31a42d3ac5aea0636daaf60)
This attempts to tackle the issue where Cordelia always gets
accidentally CCd, with the following as a reproducer:
wda [tab] [backspace] [tab or enter] sends a message to wdaher and cordelia
(imported from commit fbbd722173584e50c34878b7d6249b09564fb172)
The fact that we're inconsistent about this in our functions
is definitely going to lead to more bugs of this form
down the road.
(imported from commit 907badcb28c0834729e21436c621255fa6584d44)
These get automatically re-numbered, which will do the wrong thing when people
split their lists across multiple messages.
Fixes#241.
(imported from commit 7f6f2c36a6ab27cef0a34008f304fc0fe25c8bd0)
We currently disable hotkeys if the focus is on a textbox or
button. Hidden buttons can still be in focus, so blur the search
buttons before hiding them.
(imported from commit 5fdab34ad9931ea5ea2ad1827b36dfe4c02d8797)
Whenever we use a typeahead, we should use the escaping highlighter
unless we're explicitly going to put sanitized content in it.
(imported from commit 33086327fe56a7bcbbbf8a08fe3f39800b195e75)
This also cleans up the autocomplete source specifications,
making the three typeaheads all look fairly consistent.
(imported from commit e72655d715db74cfc9ab45b51e7e2ff9e8ea84c5)
This makes the diff a bit cleaner.
Revert "Interim measure: Escape fullnames as well."
This reverts commit a634e6ac39ea337be499889b3ff64b3c4f4fcccb.
Revert "Interim measure: Escape subject names before they go into the typeahead."
This reverts commit 806bc719ab296ec0fe299b33c7aa6767a0c71b9d.
(imported from commit 5a579e3535846b2bc612cf03e43c562c83119812)
While we're at it, fix the fact that we're currently not adding
entries to the subscriptions_table at all when we do
subscribe-and-send.
(imported from commit 99bf574a4a296463e562a44186e2282654464542)
So that the 500 error view will render properly, even though no variables are
set. We keep the variable static_hidden, which by design is not used on the
500 page.
Fixes#240.
(imported from commit 3c7534f896479b7d7edbe5ef13958481e169a13c)
I'm sure this problem exists in a latent way with stream names and
email addresses as well. Once I figure out a general way to fix this,
I'd like to go back and handle these three cases in a cleaner,
symmetric way, but this'll do for now.
(imported from commit a634e6ac39ea337be499889b3ff64b3c4f4fcccb)
This is problematic because if your subject name is <b>hi</b>,
selecting it from the typeahead comes back with:
<b>hi</b>
which obviously isn't really OK.
(imported from commit 806bc719ab296ec0fe299b33c7aa6767a0c71b9d)
This is what caused our server to hang when receiving certain messages
over the last couple days. It was introduced by me making in the
assumption that doing the same thing we did after validate_notify
failed was a correct way to immediately return from
notify_new_message, which it was not. The code of validate_notify
actually finished the handler in the event that validation failed,
which isn't "correct", but did not manifest in a visible problem.
The correct way to trigger an immediate response from a tornado view
is to just return the value, not call handler.finish() and then return
None.
Similarly, the correct way to trigger longpolling from a tornado view
is to either return None (or equivalently, / drop off the end of the
function) or return a generator.
(imported from commit 5b931248b4650fc88d5d68f5936a95f19e097af9)
Validation was happening, but was not preventing sending. We now
just manually call the validation function in compose.finish()
instead of relying on jquery.form's beforeSubmit option.
(imported from commit e094832bf8948f4c6f58cc0d0923bf0fd09db4b1)
Here we introduce a new manage.py command, activate_mit, which takes a
number of usernames and sends out emails to the users with instructions on
how to activate their accounts.
(imported from commit f14401b55f915698e83ff27b86434f53e64685f3)
It's possible that the three places we can kill a popover
(body click, Esc, clicking on a new one) should be
refactored to use the same code.
(imported from commit ba7eab480fd2258abfb469c8f1155f29bc63f7f6)
If we have other pages that require login, we might want them to redirect to
the login form. But the root of the site should take you to /accounts/home --
but only after we launch the product.
(imported from commit b5d10e1c908f1ffe1ee68c2689691ca66c896786)
We weren't listing to compose finish events during reload previously,
which meant that finishing a message was not handled in the same way
as canceling a message.
(imported from commit 4f2576121a8b5354c94348bc2896a2db8c4be000)
This would only happen when you hit enter directly, instead of using
the search up / down buttons.
(imported from commit 90301f64b3f24e91c103342bd6a7f1b3e61f8928)
This is the behavior specified by Django. Since this was broken before,
our CSRF protection had no effect on Tornado views other than printing
a warning message :(
(imported from commit 7975d3c9b6c18915f917ac2da4592a55f6b6a658)
Per the docs, these are only meant to be used on arrays of DOM elements.
jQuery might one day assign a different meaning to arrays of strings,
and then we could have some security issues or weird breakage.
(imported from commit 545eee1e9c6955556d5c4bda30cd6db0dce19c60)
Instead we infer this from narrow.active(), with the ability to override during
the narrowing procedure.
(imported from commit fab9c6861f19aedf0ee8af094c1ef4e8a0a73d80)
The get_profile API call now returns a client_id, which an API user
can pass to update_pointer and get_messages (note that clients still
need to pass a pointer argument to get pointer updates). This
client_id is currently the equivalent of the website's session key,
but the website might get client_ids in the future to distinguish
browser windows.
This commit differs from 88f6cf0033c849af88d1b99da3bdc2148dfbb6fe in
that it uses request.POST.get("foo") instead of request.POST["foo"].
For some reason the latter triggers CSRF errors.
(imported from commit b2a4a7322d16dbf241cd6eef146621c79d84cafc)
This reverts commit 88f6cf0033c849af88d1b99da3bdc2148dfbb6fe.
It seems to have broken API users.
(imported from commit 2f861ebc016076547092421f87dbcac00a65e2f6)
This simplifies the code, and lets us set the CSRF cookie as HttpOnly, which
adds a little bit of security.
(imported from commit 9d5923a1acf19bd27e6e1d55cf627049526de245)
The get_profile API call now returns a client_id, which an API user
can pass to update_pointer and get_messages (note that clients still
need to pass a pointer argument to get pointer updates). This
client_id is currently the equivalent of the website's session key,
but the website might get client_ids in the future to distinguish
browser windows.
(imported from commit 88f6cf0033c849af88d1b99da3bdc2148dfbb6fe)
This reverts commit 074011dfe7dfa4d3cb331b32fc6cf465f98d095f. For
some reason this introduces some buggy behavior, and if anything I
should debug it more locally first.
(imported from commit 182193e6bb466a5668c2bb64e41712a793fa7ca2)
This is similar to the previous "reason_empty" variable, but captures
why we've returned from the call even when there are updates and all
the reasons if there are multiple. For now, it's useful for debugging.
(imported from commit fd8d9e859660e51b57178d066b184f831b71a0b6)
This new call only allows fetching of existing messages. The idea is
to remove this functionality from get_updates to simplify the backend
code.
(imported from commit 1345db2f1707e208e7c0bd08b7d444932c68b6a2)
Our pages are declared as HTML5:
<!DOCTYPE html>
The markdown library only supports HTML4, but that's probably closer than XHTML.
(imported from commit c78be9ae9bccf029def8d94d3647b0ccce8b2252)
It's the safer default to prevent introducing XSS holes. And in our current
code, we always provide this parameter.
(imported from commit 73897f5315ba54a5d3fa95dd19efb9d20c081a8a)
...from 1200 to 1180 pixels.
The monitor I use for Humbug is exactly 1200px wide. With the scrollbar I come
in just under the original Bootstrap threshold, so I get a scrunched-up nav
sidebar next to a bunch of empty space.
It's annoying to do this in our own CSS because we basically have to duplicate
the whole @media block to make everything fit together.
I don't love editing third-party files like this, but if it gets reverted by a
later update, the consequences are minimal. If we have important hacks like
this (or just a lot of them), we should decide on a better way to manage them.
For now I have just tagged the commit subject with "[third]".
(imported from commit ef3022b7eb0fdfc8862083bdbb1fb805fbeba2c7)
When the scrollbar appears/disappears, it changes the window size for the
purpose of responsive layout. This made the nav sidebar jump around as you
switch tabs.
(imported from commit 8174a8571131ddf2b195cf9bfb5e427cd07b4378)
The previous code path was buggy. We now do separate pointer update
checking for the cases where get_updates returns immediately vs. when
it returns from a callback.
(imported from commit f236a80cd0b94bc097dbd17f113d7a9d27368025)
For now, the new function, format_delayed_updates_response, just
calls format_updates_response.
(imported from commit dd332125fe0d47cb3990373f74e85e64604f58a3)
This seems more likely to be what people want when e.g. viewing all huddles.
Later we can get more clever and select the nearest huddle, or something.
(imported from commit 8ec1aa02c050dd25eb868b1e317d114743525c7b)
Our old selector here was picking up the floating recipient label, or
something. This was breaking narrow-to-all-huddles when on a stream message --
you get no selection and the code is sad.
(imported from commit d25fab03bd6d745df6d787c0b1b6452c8c539e32)
- s for stream or huddle
- S for subject
- p for all personals (still buggy)
We've eliminated the 'g' prefix entirely. And the old 'g-a' un-narrow sequence
has no new equivalent, but you can still use Esc.
(imported from commit 6bdaacce9639e3f749418e06622a317937e7d014)