Commit Graph

522 Commits

Author SHA1 Message Date
Keegan McAllister 161af7838f Prevent session expiry as long as the user has reloaded in the past two weeks
Fixes (?) #416.

(imported from commit 9d56fe4125f742e2cdccc41ebd385daacccf461f)
2012-11-20 21:49:11 -05:00
Luke Faraone ed691f0b6e Linewrap long line in views.py
(imported from commit 923ce6d87755e4827995d10f62b574d416246147)
2012-11-20 17:40:40 -05:00
Luke Faraone 48806b5548 Fix incorrect Recipient access, use create_stream_if_needed.
This solves 500s that were occurring when subbing to "signups" and related
actions.

(imported from commit 91a59cc23d144133565b2465896e0c5ba868a9bb)
2012-11-20 17:38:00 -05:00
Waseem Daher 12f1a29e07 Specify the stream in a way that includes the realm.
(imported from commit 4de319fe3600f7d434be5198fef214f059f4b668)
2012-11-20 17:18:32 -05:00
Luke Faraone b1ba5bf1b2 [manual] Send a message when a new user creates an account.
(imported from commit 2c69be9bfbbe947db41188cbdfc05cf887dc858f)
2012-11-20 16:41:55 -05:00
Jeff Arnold 9ce4c103c0 Implement full history search by creating a narrow for a search term
(imported from commit 3f2df6a6e590458ff774bbd658bbd1d95076a4db)
2012-11-19 17:12:59 -05:00
Tim Abbott 6026c80de6 API: Add unsubscribe function.
(imported from commit 6dc55e9030770500770ce3921a4e77499d64f2d6)
2012-11-16 17:06:01 -05:00
Tim Abbott d1239278c7 Rewrite remove_subscriptions to work like add_subscriptions.
In particular:
* Taking a list of streams as arguments.
* Using the _backend model so that we can have an API version.
* Considering "not subscribed" to be a non-fatal error.

And of course the corresponding changes to subs.js.

(imported from commit fdb300c6aa6921c2c6b09c22bd1e64405c368809)
2012-11-16 17:06:01 -05:00
Tim Abbott ff2b5c19de add_subscriptons_backend: Some minor code cleanup.
(imported from commit 14a8352b65859b5a8688a6823404f4a7982403ae)
2012-11-16 17:06:01 -05:00
Tim Abbott f1ccf44c99 add_subscriptions_backend: Check that the argument is a list.
(imported from commit c514dab9fb28dcdaa12b38e7ef028e177f4377fb)
2012-11-16 17:06:01 -05:00
Tim Abbott f5ccde78e3 [manual] Use "subscriptions" for {add,list}_subscriptions consistently.
This change requires a zephyr_mirror deployment when it is pushed to prod.

(imported from commit a31d6efd2db4d4617c7c6b00326be3f07c7263da)
2012-11-16 17:06:01 -05:00
Tim Abbott afc62a8e16 [manual] Uniformize the subscriptions API method names.
This requires a zephyr_mirror deployment when it is pushed to prod.

(imported from commit 6543441fb264b518f8705d7989d068a1d50ce5d6)
2012-11-16 17:06:01 -05:00
Waseem Daher 162c708bde Add the ability to get more messages by stream name.
(imported from commit 38a2847a9820585a458c651436e3a7ec9256c590)
2012-11-16 15:58:21 -05:00
Tim Abbott 50995dc6b7 Fix showing the subscribe-and-send dialogue when you're subscribed.
This doesn't fully fix the problems related to not syncing
subscriptions to browser clients, but it does fix the instance that
everyone experiences.

(imported from commit be2bc31a7c4443c1678321f1a938496e2632c0d3)
2012-11-15 17:15:59 -05:00
Jeff Arnold a68efd9ce2 Handle loading of older messages in narrowed view
(imported from commit 2fe1377736322a44e8682c69dd5e4312d5f46ca4)
2012-11-15 16:32:00 -05:00
Tim Abbott 2ed1917a10 api_get_old_messages: Use @has_request_variables.
(imported from commit 98862197e7b2f57e64ac4d906251cb81f582f5d1)
2012-11-15 15:39:14 -05:00
Tim Abbott 00cd30ff97 Use @has_request_variables in json_remove_subscription.
(imported from commit b08b7672959f8773db1ff7e40b53648926b47a09)
2012-11-15 15:39:14 -05:00
Tim Abbott 1c0832583c send_message_backend: Use POST() for the forged variable.
(imported from commit f2ca2a1adf1c71aa2e92e13a5f9396dfb091a8ef)
2012-11-15 15:39:14 -05:00
Tim Abbott 5467678a2e send_message_backend: Return error on messages with no recipients.
(imported from commit 4cf9bac8eb6e35dde0510afe4efb8ba70c86b566)
2012-11-15 15:39:14 -05:00
Tim Abbott 17f55441b5 Filter out empty string recipients in extract_recipients.
(imported from commit 0a4168e36ea2fe40bde281d2690adcf40bb15abe)
2012-11-15 15:39:08 -05:00
Tim Abbott 1ea1cdcdfd Call extract_recipients using a POST() decorator.
(imported from commit 135c465251a7af688b4354d0bd57763fd8ce282e)
2012-11-15 15:38:18 -05:00
Tim Abbott 03e52767ff Don't lower-case recipient email addresses in extract_recipients.
(imported from commit 7dd150dae659cc68aa6c8f1bad39f7be32384a95)
2012-11-15 15:36:23 -05:00
Tim Abbott 5230382e4d mirror: Check whether the user is a recipient by id.
(imported from commit e50f0b00d8e3cb00fdc7af3872b5adc38c432dcc)
2012-11-15 15:36:23 -05:00
Tim Abbott 4fe089e1ce Refactor arguments to create_mirrored_message_users.
(imported from commit 1a0954018585514c391dd0a6d5d2d382cb8e37ab)
2012-11-15 15:31:48 -05:00
Tim Abbott eddc516d5f send_message: Allow list-form "to" for sending to streams.
(imported from commit f1d8c694b5d89d09222d4f303f68841aede64385)
2012-11-15 15:31:48 -05:00
Tim Abbott 5faf18754e Decrease code duplication in create_mirrored_message_users.
(imported from commit d299124aa1eaa9afac62278c6b98208a14d2cdb1)
2012-11-15 15:30:09 -05:00
Tim Abbott 411a7f6b4f [manual] send_message: Rename recipient/stream fields to 'to'.
This commit changes APIs and requires and update of all zephyr
mirroring bots to deploy properly.

(imported from commit 2672d2d07269379f7a865644aaeb6796d54183e1)
2012-11-15 15:30:06 -05:00
Tim Abbott 6f10d27f3b send_message_backend: Eliminate unnecessary sender argument.
(imported from commit 64c1b9e2973e47a1d6af355cef0617c9abbff946)
2012-11-15 15:20:52 -05:00
Tim Abbott b219be06d3 Use @has_request_variables for client_name extraction.
(imported from commit b2ba8edaa680c69c82258bfc3f93a9e8028f2cfa)
2012-11-15 15:20:52 -05:00
Tim Abbott 2ab8af0b91 Clean up now-unnecessary extract_sender.
(imported from commit c504838bec7ec14be8fb660015445c9bc20a2a88)
2012-11-14 15:03:49 -05:00
Tim Abbott 7227cb32f8 zephyr_mirror: Compute zephyr mirror fullnames server-side.
(imported from commit 9e6f6f9fe49d60ed30753582480e592613feb3c8)
2012-11-14 15:03:46 -05:00
Tim Abbott 979560d2fe mirror: Make check for duplicate messages more exact.
This should fix the problem where only one of pairs of identical
messages sent to two different zephyr classes by bots will make it
over.

(imported from commit 37005417e2e1f737501c9524b95b044eefbfe235)
2012-11-14 14:33:31 -05:00
Zev Benjamin 150a800b95 Don't reject mirrored stream messages because they don't have a recipient field
(imported from commit 1677ad91dc2e470c02a01a553d9d07789199a8d9)
2012-11-13 20:22:37 -05:00
Keegan McAllister 42a5ea9d2e Specify requests.post data as a dict
These were lists of pairs because we were going to repeat keys, but that didn't
work anyway.

(imported from commit 687b3f7b8a2821d057719c725f1f39db3992ae5c)
2012-11-13 17:33:41 -05:00
Keegan McAllister f82e8fc4d1 Move Markdown rendering out of the Tornado server
(imported from commit fc726939aa1061c40b292899dbbc9ade3b29ea01)
2012-11-13 17:33:41 -05:00
Zev Benjamin 9c99e00228 Normalize the sender email while we're at it
(imported from commit 1c245156809da77b4bef7a4396e8c0bee5724490)
2012-11-13 17:25:13 -05:00
Zev Benjamin 57bc0e0b8d Normalize recipient list on the server-side send path
This was causing Zephyr mirroring to break because
create_mirrored_message_users was returning False due to the
same_realm_email check failing.

(imported from commit e6a63160f34ec056461038650b5f8027718e6c63)
2012-11-13 17:25:13 -05:00
Zev Benjamin f851d9437d Turn 2-person huddles between the sender and other user into a personal on the backend
(imported from commit 959e7ea8101dc1d469d62ea2c7c7a65854679833)
2012-11-13 15:40:53 -05:00
Zev Benjamin 195bdb07c9 Unify huddles and personals into private messages on the send path
Personals are now just private messages between two people (which
sometimes manifests as a private message with one recipient).  The
new message type on the send path is 'private'.  Note that the receive
path still has 'personal' and 'huddle' message types.

(imported from commit 97a438ef5c0b3db4eb3e6db674ea38a081265dd3)
2012-11-13 15:40:53 -05:00
Zev Benjamin 33c23c0113 Use a JSON array for recipients in send_message
(imported from commit e2184f92b708cc2e8ef3e9ae79ee4241c0aa12a1)
2012-11-13 15:40:53 -05:00
Zev Benjamin b948473a45 Simplify get_old_messages API
It now takes an anchor message id, a number of messages before, and a
number of messages after.  The result always contains the anchor
message.

(imported from commit 84d070dc8091161c86d4bbeafbdc299493890a2a)
2012-11-13 15:40:53 -05:00
Zev Benjamin 69598e2b0b Don't return server_generation in get_old_messages
(imported from commit de2b22fa51c645b7f1b92229bc15b1d0c4b4a8e4)
2012-11-13 15:40:53 -05:00
Keegan McAllister 31496e9189 Generalize Tornado-related settings
(imported from commit 76a1338a87e1a6663aa7602a499e2d769814bf08)
2012-11-13 10:59:02 -05:00
Tim Abbott 30b43ebee2 Uniformize /json/ and /api/ URLs to end with no trailing slash.
(imported from commit c35b30bcc43982db3a2f774ea69269e5424a6159)
2012-11-09 14:30:10 -05:00
Zev Benjamin 50b3cdd637 Make failures parameter in get_updates_backend optional
This was causing our tests to fail and would have also
affected API users not using our Python bindings

(imported from commit 2d81496892e9042e328279edea94be8ee4d21c1b)
2012-11-09 14:21:06 -05:00
Tim Abbott 85423bc010 Add a /activity page displaying data on user activity on the site.
(imported from commit 3877be49e4e0b89cadfead88b5c51f955759a996)
2012-11-09 12:28:38 -05:00
Zev Benjamin 472480a4b6 Move @has_request_variables decorator from return_messages_immediately to get_updates_backend
return_messages_immediately's return value is not returned, so the
argument validation in @has_request_variables didn't work correctly.
@has_request_variables would return a json_error, but
send_with_safety_check expects a dict.

(imported from commit 86b6bccb7861dbf523c06b606b87374e339059a4)
2012-11-09 12:27:40 -05:00
Zev Benjamin fd51cf343b Make client_id parameter in api_get_messages optional
(imported from commit a3221fe73f63c2cfa8f87b6059283a9aa0e8b8e4)
2012-11-09 12:27:40 -05:00
Tim Abbott 5ab0cccf41 Pass the user's user_profile to authenticated view functions.
This change substantially increases the number of view functions where
the API and JSON versions are actually identical code.

(imported from commit 2eee55a8943cf9a684bec2ba1f6d7afcb2b91948)
2012-11-08 17:59:31 -05:00
Zev Benjamin 95cd3f8ee6 Use the new @has_request_variables decorator
(imported from commit 2aa99140bf19e7e236f872960abd1b84b6a713be)
2012-11-08 16:40:07 -05:00
Zev Benjamin 27cf7e09d3 Add magic request variable extractor decorator
Functions with the @has_request_variables decorator can have some of
their arguments extracted from the HTTP request.  For each such
argument, its default value should be an instance of the POST class.
The arguments to the POST constructor control the request variable
name that the function parameter should be populated from (it
defaults to the same as the parameter name), whether the value should
be converted before being passed, and whether a default value should
be supplied if the parameter is missing from the request.

(imported from commit ba1c25d73ba3980e44abec1458e6496807fcdaa4)
2012-11-08 16:36:14 -05:00
Zev Benjamin dc8c54e6db Move view decorators into decorator.py
(imported from commit 737cff552b395493f44864ac06e901b0ba17fa29)
2012-11-08 16:35:31 -05:00
Zev Benjamin b278db110f Move json response functions into their own file
(imported from commit 91a786849bfa30dcacecef6b8339d8f1a9365156)
2012-11-08 16:30:57 -05:00
Zev Benjamin 7bbde14d78 Use functools.wraps on the functions returned by our decorators
This lets Django report the correct view name in errors

(imported from commit b21347e7af39cda439125355f99f4fc63fc3bd2f)
2012-11-08 16:30:57 -05:00
Zev Benjamin 0ca46d5abe Correctly construct tuple
(imported from commit f85ae7b0e4c335548cbe7254e5d820ced17a50a9)
2012-11-08 16:30:57 -05:00
Keegan McAllister c5035dade0 Remove unnecessary intermediate list
(imported from commit 037000d1c7c84d976866b9a8cef6eb3a69baecb9)
2012-11-08 15:13:20 -05:00
Keegan McAllister b0d395b0c1 Use generator expressions with sorted()
No need for an intermediate list.

(imported from commit c8ccdf2399155876b6cbf1f768ad3ec303730757)
2012-11-08 15:13:20 -05:00
Keegan McAllister ac1edd05fa parse_named_users: Rephrase odd for loop
(imported from commit daf77ceccb7eabf27946836841a34d5fa703b3ac)
2012-11-08 15:13:19 -05:00
Keegan McAllister 0fbb33c33f already_sent_mirrored_message: Clean up query
No need for an 'if' if we're just returning a boolean.  And using
QuerySet.exists() should be a little more efficient.

(imported from commit 69ec3cc9f2fe904ec40ea3b8a8687a06cd03f3f3)
2012-11-08 15:13:19 -05:00
Keegan McAllister e94c6fdf86 return_messages_immediately: Remove dead assignment
(imported from commit ef5583c292db3c3087af4949a0b0b255cf098cd1)
2012-11-08 15:13:19 -05:00
Keegan McAllister f2ac76aeac get_stream: Use try/except
For consistency with the rest of our code.

(imported from commit a2df17facad1a4e3b9e5e1dc4d33b64010cee939)
2012-11-08 15:13:19 -05:00
Keegan McAllister 8df247708c Rename login_required_*_view -> authenticated_*_view
login_required_api_view is misleadingly named.  It accepts neither a Django
login session nor login credentials (username / password).  The intent here is
authentication, whether stateful (login) or stateless (API key).

(imported from commit 7e9be552168396b399116737655bd7267fd5c1a3)
2012-11-08 15:13:19 -05:00
Tim Abbott 1ef33bc5ea Remove starnine@mit.edu from API super users.
(imported from commit 67019a1e2a298a56b0efe598d4492f4b0f8dee87)
2012-11-08 13:34:32 -05:00
Tim Abbott f74bf4da92 is_super_user_api_key: Make tabbott/extra@mit.edu a super user.
(imported from commit a8bb8356c3d3ca37eb8de9ab705f400942389429)
2012-11-08 13:04:47 -05:00
Keegan McAllister 3b8dbbc7d7 Use django.utils.timezone.now consistently
(imported from commit f223d9c1f6c77012db342b8be7aaed964b9f18c6)
2012-11-07 18:51:33 -05:00
Tim Abbott e7abe13cd6 The empty string shouldn't be a valid stream name.
(imported from commit 1fa878d7d51d3c3444ac75edf08b32f886683964)
2012-11-07 15:42:32 -05:00
Keegan McAllister a815a253f7 get_profile: Return max_message_id
(imported from commit 5b5c853e667e47ff46ff14558f1e27f619f77cd7)
2012-11-07 15:34:44 -05:00
Keegan McAllister d461453250 Remove max_message_id from updates response
(imported from commit 1d8ce12a4d32dfb761617b4c2aa8e9fbe3ad2994)
2012-11-07 15:34:44 -05:00
Jessica McKellar 9077d51d54 For now, allow all characters in stream names.
We've had multiple requests from MIT zephyr users to allow
non-alphanumeric stream names, and we haven't decided what we want to
allow, so for now allow everything.

Note that the web client and mirror script limit stream names to 30
characters, which is our database limit.

(imported from commit 2acb5ee04e5ee7c40031ac831e12d09d04bbb2e6)
2012-11-07 15:12:03 -05:00
Zev Benjamin b5cd40723f Start long-polling immediately in get_updates if the user has no messages
(imported from commit 02f883c58513f3bb705b248320cd9cfb7abd6417)
2012-11-06 16:40:52 -05:00
Zev Benjamin 8464e45507 Set the response status to 400 in send_with_safety_check if there was an error
(imported from commit 11fd082bb88be271b268d60cc797318386c9d778)
2012-11-06 16:40:52 -05:00
Jessica McKellar 15ca35e961 views: remove unused imports.
(imported from commit 1c44a1b23bb020b82bae99a75a12218c3e708e26)
2012-11-05 10:32:42 -05:00
Tim Abbott 1993ee403d Remove @asynchronous on notify_foo views.
(imported from commit 79e3f99450deb3efa0c4154465a692ef01306ce4)
2012-11-02 20:55:31 -04:00
Tim Abbott 517c8e298a Remove now-unnecessary check for 'time' in json_send_message.
(imported from commit aa177e13c16a43a5914227142a4e2589e2bd92bb)
2012-11-02 20:55:31 -04:00
Keegan McAllister 2b1ecd1ad8 Fix name of login_required_api_view in comment
(imported from commit e278256da19c3abd4ee05bd6c4318a482a25cee0)
2012-11-02 14:57:38 -04:00
Zev Benjamin 6178cd830a Return the error if return_messages_immediately returns an error response
We previously started long-polling.

(imported from commit 5860e484c63088ed34226f39f5aeb74e3ed43f91)
2012-11-01 16:02:28 -04:00
Tim Abbott 7c3a189c03 Combine api_subscribe and json_add_subscriptions.
(imported from commit 1a5df7c88beb2c27a048b1880136b9c7cb4451b2)
2012-11-01 13:05:52 -04:00
Tim Abbott 7e0cbd1c8b Change json_add_subscription to use the same interface as api_subscribe.
(imported from commit 9b9eb0284ad262ce9701ef81162d954544435d52)
2012-11-01 13:05:52 -04:00
Tim Abbott 01bf0868a9 Rename new_subscription argument to streams.
(imported from commit 8024f47564fe580734d5e452f5092520870003a7)
2012-11-01 13:05:52 -04:00
Tim Abbott 22bb5a5830 Fix longpolling on messages to nobody.
This is what caused our server to hang when receiving certain messages
over the last couple days.  It was introduced by me making in the
assumption that doing the same thing we did after validate_notify
failed was a correct way to immediately return from
notify_new_message, which it was not.  The code of validate_notify
actually finished the handler in the event that validation failed,
which isn't "correct", but did not manifest in a visible problem.

The correct way to trigger an immediate response from a tornado view
is to just return the value, not call handler.finish() and then return
None.

Similarly, the correct way to trigger longpolling from a tornado view
is to either return None (or equivalently, / drop off the end of the
function) or return a generator.

(imported from commit 5b931248b4650fc88d5d68f5936a95f19e097af9)
2012-10-31 16:35:30 -04:00
Tim Abbott b33c0c4eee Send the stripped stream name to add_subscriptions_backend.
(imported from commit c3bbb9bd200629020fe7e60d42644beaab30bff5)
2012-10-31 14:06:35 -04:00
Tim Abbott e48bdfe847 Use json_success for api_fetch_api_key.
(imported from commit 395d992fa634f5304f8a44f38f0251109c1a0810)
2012-10-30 16:59:18 -04:00
Tim Abbott c00e37c106 Use json_error rather than HttpResponseBadRequest and friends.
(imported from commit a9f6df2e561218db46f4ade86bac1ecd87b6ca78)
2012-10-30 16:59:18 -04:00
Tim Abbott 9fa2f0d4f8 Use @require_post for login_required_json_view.
(imported from commit e7efea5f016b1b44a0a3deba024e3df828006cfa)
2012-10-30 16:59:18 -04:00
Tim Abbott 4e9df28c12 send_message: Don't create streams automatically on send.
(imported from commit 7be1b72c5fdf9a21167d2be3948cf1febf8da8ed)
2012-10-30 15:02:45 -04:00
Luke Faraone 1d6a5741e0 Previously conditionals used the wrong case to reference request.POST.
(imported from commit 2624def3745c3b26114ee1a1a9a20288e078b243)
2012-10-30 13:29:40 -04:00
Luke Faraone 9f61e27218 Fix broken conditionals in get_old_messages_backend.
(imported from commit 13b934cdd2805d45efff18f7ce485b3e17e11c1a)
2012-10-30 13:24:02 -04:00
Tim Abbott 0fcf1db00a Fix tracebacks sending messages nobody will receive.
(imported from commit afe3d7465f105015f7fa8247ab3cba7476b89fc2)
2012-10-29 19:17:26 -04:00
Tim Abbott af09279483 Check for empty stream/subject names.
(imported from commit 208be288f903e8a040ed9e1de243315df0d9adae)
2012-10-29 17:36:01 -04:00
Tim Abbott 44b332693e Fix the fact that new auto-created MIT users are active.
(imported from commit 577f1a0165a56fc3cc1ed6f0a54f6c5f31345cc7)
2012-10-29 17:30:06 -04:00
Luke Faraone 5dad59e864 Implement MIT signups.
Here we introduce a new manage.py command, activate_mit, which takes a
number of usernames and sends out emails to the users with instructions on
how to activate their accounts.

(imported from commit f14401b55f915698e83ff27b86434f53e64685f3)
2012-10-29 16:59:37 -04:00
Keegan McAllister 0e03a7acc8 views.home: Use @login_required
We can't use reverse() due to what amounts to a module import cycle.

(imported from commit 8a2904648173bc3e4ff2079d33320417b28518d3)
2012-10-29 15:41:28 -04:00
Keegan McAllister 5353f5b3b0 Rename NOT_LOGGED_IN_REDIRECT -> HOME_NOT_LOGGED_IN
If we have other pages that require login, we might want them to redirect to
the login form.  But the root of the site should take you to /accounts/home --
but only after we launch the product.

(imported from commit b5d10e1c908f1ffe1ee68c2689691ca66c896786)
2012-10-29 15:41:28 -04:00
Zev Benjamin 2723a54088 Disable pointer sync for alpha rollout
(imported from commit 50a41e49e9b4a7db0b07ee7705d51c3a2abdff35)
2012-10-29 14:18:08 -04:00
Zev Benjamin 5413f74a7e Allow API users to update the pointer and receive pointer updates
The get_profile API call now returns a client_id, which an API user
can pass to update_pointer and get_messages (note that clients still
need to pass a pointer argument to get pointer updates).  This
client_id is currently the equivalent of the website's session key,
but the website might get client_ids in the future to distinguish
browser windows.

This commit differs from 88f6cf0033c849af88d1b99da3bdc2148dfbb6fe in
that it uses request.POST.get("foo") instead of request.POST["foo"].
For some reason the latter triggers CSRF errors.

(imported from commit b2a4a7322d16dbf241cd6eef146621c79d84cafc)
2012-10-26 17:17:09 -04:00
Zev Benjamin b36f1702fc Revert "Allow API users to update the pointer and receive pointer updates"
This reverts commit 88f6cf0033c849af88d1b99da3bdc2148dfbb6fe.
It seems to have broken API users.

(imported from commit 2f861ebc016076547092421f87dbcac00a65e2f6)
2012-10-26 16:19:57 -04:00
Zev Benjamin a4fd478e3d Allow API users to update the pointer and receive pointer updates
The get_profile API call now returns a client_id, which an API user
can pass to update_pointer and get_messages (note that clients still
need to pass a pointer argument to get pointer updates).  This
client_id is currently the equivalent of the website's session key,
but the website might get client_ids in the future to distinguish
browser windows.

(imported from commit 88f6cf0033c849af88d1b99da3bdc2148dfbb6fe)
2012-10-26 16:06:41 -04:00
Zev Benjamin ec389c5c83 Non-asynchronous API calls only take two arguments
(imported from commit 39f21892e38b0f8c2369d77ffcfb077f1006863e)
2012-10-26 11:53:01 -04:00
Zev Benjamin 8a66d52228 Expose get_old_messages to API
(imported from commit d3b86a049440c54b52d96c27f8925a73496eaffe)
2012-10-26 10:42:11 -04:00
Zev Benjamin ec9e0a4b9f Have get_updates include an "update_types" array in its response
This is similar to the previous "reason_empty" variable, but captures
why we've returned from the call even when there are updates and all
the reasons if there are multiple.  For now, it's useful for debugging.

(imported from commit fd8d9e859660e51b57178d066b184f831b71a0b6)
2012-10-25 18:12:11 -04:00
Zev Benjamin a9583f6889 Fix get_updates missing messages between calls
(imported from commit 2b84df2a35a9a006b8548904ebf145a351a2e92b)
2012-10-25 18:11:23 -04:00
Tim Abbott f2c6347471 Return to failing clients immediately the first time.
(imported from commit b29df3165030ffd95dfe89b6471aeb74c06b6126)
2012-10-25 17:53:30 -04:00
Waseem Daher 44547e4e36 Properly check stream/subject lengths.
(imported from commit 1432266d8db1122f561e9e2f997071a19fb0f190)
2012-10-25 17:07:32 -04:00
Waseem Daher c894bab738 Compute a user's realm from the verified email address, not a user-passed field.
(imported from commit 5c220a7b9e4b137b5c98b286e409004318565137)
2012-10-25 16:50:00 -04:00
Tim Abbott 0c54fab1e2 Check for too-long stream/subject names.
(imported from commit 6d37dff9af7e471e1e6a1ba77a9500bf5bb4ba7d)
2012-10-25 16:04:47 -04:00
Tim Abbott 7c8bde5d90 Add log/restore for fullnames and passwords.
(imported from commit 048ca3c86b9f077fcbccd5df4a509191a545da4c)
2012-10-25 15:52:26 -04:00
Zev Benjamin cf1d35fd62 Remove unused variable
(imported from commit 0636d51527ea9cac8b1ba5490bf5836cd4e79269)
2012-10-25 15:45:14 -04:00
Zev Benjamin 451a041919 Remove the ability to fetch old messages via get_updates
Clients should use get_old_messages, instead.

(imported from commit 67847ef67d8ad4bf4af3f6082f85f0c76a41944c)
2012-10-25 15:31:27 -04:00
Keegan McAllister eef027560a Remove unused imports
(imported from commit eb576627ff72e57fee0e3a4c357f51ad74cd6c86)
2012-10-25 15:22:18 -04:00
Keegan McAllister 9629e7111b already_sent_mirrored_message: Reduce code duplication
and eliminate extremely long lines.

(imported from commit 29a08b1757c1bb3af1f82222fd7150db05f86034)
2012-10-25 15:22:18 -04:00
Zev Benjamin c4189d1029 Add get_old_messages json call
This new call only allows fetching of existing messages.  The idea is
to remove this functionality from get_updates to simplify the backend
code.

(imported from commit 1345db2f1707e208e7c0bd08b7d444932c68b6a2)
2012-10-25 12:10:44 -04:00
Zev Benjamin 07263f3a0e Rearrange functions
(imported from commit 814f2acbf574bf1eeb32e23ab28e76fc94f877ce)
2012-10-25 11:26:53 -04:00
Keegan McAllister ab34200648 Make sure that Markdown rendering really happened, if requested.
This is a security issue because it's where we escape HTML.

(imported from commit 10dea1899eb6d7e0e40128ae1a4787abad38fa73)
2012-10-24 15:43:46 -04:00
Keegan McAllister 734411369b format_updates_response: Default to apply_markdown=True
It's the safer default to prevent introducing XSS holes.  And in our current
code, we always provide this parameter.

(imported from commit 73897f5315ba54a5d3fa95dd19efb9d20c081a8a)
2012-10-24 15:32:12 -04:00
Keegan McAllister e8dfb41f70 Return messages from return_messages_immediately, rather than calling handler.finish
(imported from commit 0da3356c6712614cf1816d330b891e8f6d13bac7)
2012-10-24 15:32:10 -04:00
Tim Abbott 75d150efc7 Fix being unable to send messages with a trailing comma in recipients list.
(imported from commit 5c075c4aa1da8c2a153b33ed4d061fac88de48e7)
2012-10-24 14:25:55 -04:00
Zev Benjamin 8a39292b5d Fix bouncy pointer from pointer updates
The previous code path was buggy.  We now do separate pointer update
checking for the cases where get_updates returns immediately vs. when
it returns from a callback.

(imported from commit f236a80cd0b94bc097dbd17f113d7a9d27368025)
2012-10-23 16:39:04 -04:00
Zev Benjamin 5ee6982a7e Use a different format function when we don't respond to a get_updates immediately
For now, the new function, format_delayed_updates_response, just
calls format_updates_response.

(imported from commit dd332125fe0d47cb3990373f74e85e64604f58a3)
2012-10-23 16:39:04 -04:00
Zev Benjamin c8dd5229ed Rename updater_session to pointer_updater
(imported from commit 7646b8e636393d64ef07d0251f8c83beecf114aa)
2012-10-23 16:39:04 -04:00
Zev Benjamin 6c4b56517f Revert "Temporarily disable pointer sync"
This reverts commit 7d8f673559ca6359923aa0bdd48edebe0955e921.

(imported from commit 32f7ad925cc4df72220a191602487620a9970f43)
2012-10-23 16:39:04 -04:00
Zev Benjamin ce3ea9f019 Temporarily disable pointer sync
(imported from commit 74e6bb347e0b8c01b6450914a50448b78b9749c9)
2012-10-23 15:24:00 -04:00
Luke Faraone a139f8b6b2 Fix incorrect references to userprofile in the API
(imported from commit 77c062b54c545185aee28189726f61a874a1fe77)
2012-10-23 12:05:56 -04:00
Tim Abbott fdeab96b4c Add a default client name for the API.
(imported from commit a14b2f8bd9ff604c5f522c85842d296be38d33e6)
2012-10-23 10:54:36 -04:00
Tim Abbott 846469c39c [schema]: Rename userprofile to user_profile.
(imported from commit adfb6152b7ec32557e3465d961695eb870506d5a)
2012-10-22 18:55:45 -04:00
Tim Abbott 93616039bc Use the new client data model to deduplicate mirroring.
(imported from commit 6ac38534aea11b1e7f8f332e76251f9501f9ab3e)
2012-10-22 18:31:36 -04:00
Tim Abbott 1b1d5cb577 Fix all mirrored stream messages appearing to be from me.
(imported from commit 777f98a564d3f169d3c69fcda980ce5993910d88)
2012-10-22 17:59:21 -04:00
Tim Abbott bce793005d Fix mirroring of personals.
(imported from commit 91ae9e6bb20389a708bd6b1945c898b98b96ee4a)
2012-10-22 17:21:07 -04:00
Zev Benjamin f817bf6144 Pass the session that updated the pointer from Django to Tornado
This allows us to check whether the session that updated the pointer
is the same as a session that is doing a long poll to avoid sending
new pointer information when that information is coming from the same
session.

We still return from the long poll early, though, which is sub-optimal.

(imported from commit 7d4be0956f112eacefb7d198ea929957cd2b05e3)
2012-10-22 17:16:47 -04:00
Tim Abbott d17db6687c Improve validation of zephyr mirror data.
(imported from commit 9ebc43d17d1f4040da2deff271ba7e158908a29b)
2012-10-22 17:08:09 -04:00
Zev Benjamin 732ca19729 Synchronize the pointer across sessions
The client may now optionally send its current pointer during
get_updates and the server will return the latest pointer if it
differs and was updated more recently by a different session.

(imported from commit e43b377d7dfb52f83cefb0b1003863d5407caf80)
2012-10-22 16:44:57 -04:00
Zev Benjamin 66d7678423 Add UserProfile callback for pointer updates
(imported from commit bfa9c15d82f092a1810cfcee1a88e1e292bc4cb8)
2012-10-22 16:06:38 -04:00
Zev Benjamin 2a4c3b5bff Abstract the callbacks table in preparation for more kinds of callbacks
(imported from commit 695d5bceb4657ef25ba5983212082ee0c76b9d33)
2012-10-22 16:06:38 -04:00
Zev Benjamin 7ac0625e39 Add model field indicating which session most recently modified the pointer
(imported from commit 819ab358d9fa6f22ad8ccee56fe723ea7711ebc5)
2012-10-22 16:06:38 -04:00
Tim Abbott b353fd4abd Use sending_client to check whether messages are mirrored.
(imported from commit 6202739e21dfb308ed551656a8a0cdf7311972f7)
2012-10-22 14:52:08 -04:00
Keegan McAllister 7cf8f842f7 Allow in stream names any character classified by Unicode as alphanumeric
Also correct a comment.

(imported from commit 5c03032b90dbaf38d880651004733e4399b422ee)
2012-10-22 12:58:39 -04:00
Jessica McKellar f5f3ffc6a9 Expose an API method for updating the pointer.
(imported from commit 66d49c149e0bbc60e82a5967b77aff69629b09e7)
2012-10-21 13:33:14 -04:00
Jessica McKellar 0fb836538d Add an API request for getting profile (specifically pointer) data.
Mobile clients need it.

We are going to need to sit down and think about how much power we
want to give our API users, though. For example, should they even get
to know about your absolute pointer value (maybe they should only be
able to make requests relative to your pointer), or be able to request
very old ranges of messages?

(imported from commit 1680655f0d9a670bc0da0ddb92fbbd5cf851d3dd)
2012-10-20 21:59:59 -04:00
Tim Abbott 7b3b4362dd [schema] Add a Client model keeping track of the sending client.
(imported from commit 31a430b1de14ce973addafd5d13ace049a8f8091)
2012-10-20 18:41:54 -04:00
Tim Abbott 1fcb4c0576 Fix error handling for removing subscriptions.
(imported from commit b95a706ed9499e96c4ff27ca583ed10dab674736)
2012-10-20 18:26:21 -04:00
Tim Abbott 56dab6cb26 Log changes to subscriptions and replay them in populate_db.
(imported from commit d3055eb44326bdc59a6bc96d00b5b0bc6da86059)
2012-10-20 18:26:21 -04:00
Tim Abbott a8ee0ecc69 Fix bug allowing subscribing to a stream twice.
(imported from commit c49b7c8ec49fd71bb1e1f1226d9e126d4d0987df)
2012-10-20 10:15:12 -04:00
Keegan McAllister 0d05557ffc notify_new_message: Allow request to have come from IPv6 localhost
(imported from commit ef477ced6695f866f8d265d980f8401670b3c95c)
2012-10-19 22:34:46 -04:00
Keegan McAllister 86b4da9d83 Put a new user's pointer at the bottom
(imported from commit 65ae2483d6bcfb96cc97bdb689d8174737bde5b0)
2012-10-19 20:44:09 -04:00
Tim Abbott e434fa141e Use .objects.create and .objects.get_or_create.
This eliminates a bunch of unnecessary code and also fixes a bunch of
places where we were improperly not using transactions.

(imported from commit f194ae9226f9229fc56a0b1b21615534f486ea0c)
2012-10-19 17:42:14 -04:00
Keegan McAllister 5b13f9192f Load more messages when the user presses the "Load more messages" button
(imported from commit 060e6f67b13fd67b56f80f913eb6b835860a8115)
2012-10-19 17:13:14 -04:00
Keegan McAllister 7693695fc0 Tell the client why we are returning an empty list of messages
(imported from commit cc17ed2d8389f6be1170081e70c1d8a7f0556ac3)
2012-10-19 17:13:13 -04:00
Keegan McAllister c67e7035aa Limit the number of old messages the client requests
(imported from commit 6bff6aa0b48d46b98aa68c6e29eb569cf41f4989)
2012-10-19 17:13:08 -04:00
Zev Benjamin ab382040c1 Make get_updates reload_pending request parameter an integer
This fixes a bug where the server wasn't returning from get_updates
immediately when the client needed a reload.

(imported from commit 1d854eb1c7061f468d091e103f10074f4c7231d8)
2012-10-19 15:53:05 -04:00
Tim Abbott 79fbb23356 Return a max_message_id when returning no messages.
This is needed for an API client to setup a nonblocking subscription.

(imported from commit d978c28994c5e3af4312ffba32c4040e8314c247)
2012-10-19 11:37:20 -04:00
Tim Abbott d49d675128 Fix mit_sync_bots for personals only.
(imported from commit 9fd7ac87d2cdc32413edefbde8870bbe59b67380)
2012-10-18 11:14:03 -04:00
Tim Abbott e303b7dcbd Fix syncing messages from Humbug back to MIT.
(imported from commit ff32c8c0824afda0805bd5ec9ec87b7ce999bcca)
2012-10-18 10:57:18 -04:00
Tim Abbott 1d55c06ede Move mit_sync_table code into the correct process.
(imported from commit bc40f865f94d7b39db5e49eba09370c3fa53dc6f)
2012-10-17 22:35:02 -04:00
Keegan McAllister b9e9938197 create_user_if_needed: Use proper initial passwords
(imported from commit 009208ac64548dd6f8773ccc7738ab0c391d816a)
2012-10-17 21:08:59 -04:00
Keegan McAllister 4f56362e0f Change formatting of notify_new_message request
The requests library doesn't encode repeated key form data reliably.

(imported from commit 3cc9f5379c299a57f69bb5b7ff3b85f0c066269f)
2012-10-17 18:24:15 -04:00
Keegan McAllister 91209f9304 Get initial server generation from first get_updates result
Embedding this in index.html won't work anymore, because the Django FastCGI and
the Tornado servers might have been started at different times.

(imported from commit 187909d0593449cf2989857671f9ca526723e451)
2012-10-17 18:24:15 -04:00
Keegan McAllister a545876d56 Rename notify_waiting_clients -> notify_new_message
We might have other URLs for other notifications.

(imported from commit 4c1c5fe2f039816fef4c268f34692ca4f19d81e8)
2012-10-17 18:23:01 -04:00
Keegan McAllister 5e70b5a291 Split off the Tornado code into a separate process
(imported from commit 95dbd0f438cdba06d6e6c6c539a2a3d49c577cfd)
2012-10-17 18:23:01 -04:00
Zev Benjamin 2ade66bf3e Remove stale comment
(imported from commit c880fc2f543e3f0cdfd531c968a1e77249c04f4c)
2012-10-17 18:17:43 -04:00
Tim Abbott bff0046c51 Fix client continuously calling get_updates when a reload is pending.
(imported from commit 2c29c8b892e7843f4d75178cc683bf48f7a5cdf5)
2012-10-17 17:46:07 -04:00
Waseem Daher 49a8677517 Remove 'timezone' from the settings page.
We weren't doing anything with it anyway, so...

(imported from commit ad927f3d2ce5b9bd219d6f36a021542812486aef)
2012-10-17 17:26:55 -04:00
Waseem Daher d9715825b1 Remove 'short_name' from the settings page (but not the db).
For now, we're not using this, so let's expunge the user-facing
references to it.

(imported from commit 90a8dcdc77d0a991bef3e319e6971327639d1f4e)
2012-10-17 17:26:06 -04:00
Tim Abbott 758bbe6fc9 Rename api_fetch_key to api_fetch_api_key to match json methods.
(imported from commit ed1c33f5017426dd38882c06ac38343451edb94b)
2012-10-17 17:13:33 -04:00
Tim Abbott ae3e24458c Add a UI for requesting your API key.
(imported from commit 07c40caf73f3b6c1c502a6c8e18109532dd28cc3)
2012-10-17 17:09:46 -04:00
Luke Faraone 716badc2c6 Don't reference GET if we now require post.
(imported from commit b78b62e81b4064f53c1a83a68e0b7e67a08230b5)
2012-10-17 16:52:30 -04:00
Luke Faraone 6c3a328426 API key fetching should happen over POST, not GET.
(imported from commit 351d0035a55f49f00693081584d882c1aef7dd01)
2012-10-17 16:36:49 -04:00
Luke Faraone 12bad46740 Introduce API method to return a user's API key by logging in.
This makes it easier for mobile clients to use the API by enabling them to
present the user with a familiar username / password prompt, rather than
by asking them for their API key.

(imported from commit 6ed06cfe86f87e7aef54a4be7835fb7bf8d7f209)
2012-10-17 15:33:05 -04:00
Tim Abbott 7237b4a73e Fix sending to a stream with a space in its name.
Previously if you tried to send to "a b", we actually ended up trying
to send to "a%20b", since we were url-encoding the stream name and
then not properly decoding it.

(imported from commit 307d2999bd309e47fc654ae4422ab4372edde064)
2012-10-17 14:06:00 -04:00
Keegan McAllister 81f0d61c3b Factor out Gravatar hash calculation
(imported from commit 29872722fb4856773d98fc987a1e2d6eb99ad8b2)
2012-10-17 01:09:16 -04:00
Tim Abbott 539c3abbab @asynchronous needs to be the outer wrapper.
(imported from commit 24b8f157d600e69276178d609820d3f0dfb685a7)
2012-10-16 17:10:15 -04:00
Tim Abbott 6642a65269 Convert last few json views to use the json_success api.
(imported from commit 7a617ec7e7c8607e8ba87e7a9b8599a83b91666c)
2012-10-16 16:54:41 -04:00
Tim Abbott 8388353859 Clean up the decorators code for the API.
(imported from commit b3fd6cfa475f021e35043148ad9a38633d9bddfe)
2012-10-16 16:38:42 -04:00
Tim Abbott a859c10017 Don't redirect to a login page when responding to json messages.
Also update tests to actually check all our URLs.

(imported from commit 86de2027d140da6118e2f2f60c1c86511b16c141)
2012-10-16 16:38:39 -04:00
Tim Abbott 3e994c16b7 Rename/reorganize our urls to be more consistent.
(imported from commit ca3cc7ccd5d7da83a9c60968527378ee1118648e)
2012-10-16 15:56:06 -04:00
Zev Benjamin 103bf321b4 Have client and server exchange a server generation number
This will allow the client to detect when the server has restarted.

(imported from commit 89e75916719d967beb2520be6263f79f897d9ec1)
2012-10-16 15:30:09 -04:00
Keegan McAllister 8819bdc0fc Hide most of the navbar on the deployed app
(imported from commit 3b055588f7de805bf1b038f1bc6c03837eda010a)
2012-10-15 18:44:36 -04:00
Keegan McAllister 5141cd7ab9 Make a setting for where we redirect home for not logged in users
(imported from commit 95bae4e52d8a8a34c001975e8d3547db5ba256a2)
2012-10-15 18:44:36 -04:00
Tim Abbott bcc895b95b Avoid expensive queries to check whether the user has any messages.
(imported from commit 035ec44db7a2f61b1c04e80feebe9af1a214505c)
2012-10-15 17:10:55 -04:00
Keegan McAllister ab9832092d Remove an unnecessary @require_post
(imported from commit c8a43e696dbcfa4cdb494f286e6f0b989d328bd9)
2012-10-15 17:05:37 -04:00
Tim Abbott 917a06d5cf Use select_related for the get_updates queries.
(imported from commit 403a5906f9619fb1d6dc10e57ebcaab7e8f00f16)
2012-10-15 11:54:12 -04:00
Tim Abbott 7ebc720347 performance: Use select_related when computing autocomplete lists.
(imported from commit fde08787998179451e6684a101c80aaafca917f6)
2012-10-15 11:39:10 -04:00
Zev Benjamin 88009b4854 Auto-complete huddle names based on full name.
This also makes the people_list a list of objects containing the person's full name and email.

(imported from commit cff9b3de8cab0c9b2690ffa60d65d666302b989f)
2012-10-12 11:35:45 -04:00
Zev Benjamin 7a305c1882 Add more information to error message
(imported from commit 0917d5c2ed1b156603ce53aaec88ecbe26f5f39c)
2012-10-12 11:34:42 -04:00
Tim Abbott afee537a95 Don't allow users to subscribe to too-long stream names.
Also check for invalid characters when subscribing via the API.

(imported from commit c4730ecb360607c4da264cb1c4b2f9daa2cef293)
2012-10-12 10:48:41 -04:00
Tim Abbott 091bc48926 api_subscribe: Check for too-long stream names.
(imported from commit 20d94eafeb333a9bc09b6b20093e13fd1b241ea8)
2012-10-12 10:45:53 -04:00
Tim Abbott fc99d2983a Add an API call to subscribe to a list of streams.
(imported from commit 0a5d46d5f54fb4c8ebfad8c9adb777c0b4938dfa)
2012-10-11 16:20:45 -04:00
Keegan McAllister 0a0bd31407 Remove unused strip_html
(imported from commit 21747b9b5cbbe7b1935905fc9254f4de64db20aa)
2012-10-11 15:01:54 -04:00
Keegan McAllister 2c3d7d6116 HTML-escape messages on output
(imported from commit f199fddf887ffbd22ebac76448accb4c48b64a24)
2012-10-11 15:01:54 -04:00
Keegan McAllister 3fadaae574 Don't escape message metadata as it enters the system
(imported from commit b98deb3dcdc389b079055a06ffafaf138bc79c70)
2012-10-11 15:01:54 -04:00
Keegan McAllister c06aa1a3da Don't escape user metadata as it enters the system
We believe that our output escaping is sufficient.

(imported from commit 4c9d4d79682ef5689bc1eec12a3bbcc34de013a4)
2012-10-11 15:01:54 -04:00
Keegan McAllister 7137787984 Escape variables interpolated into <script> within index.html
Django's escapejs prevents breaking out with an embedded </script> tag.

It only works on bare string contents, not JSON-ish lists and such.  So we
generate stream_list and people_list with template loops now.

(imported from commit 07fe4bebaa3fa11bc479b4378b8989560ce77f6f)
2012-10-11 15:01:54 -04:00
Tim Abbott 83f494b1a4 Add API queries to show public streams and the user's subscriptions.
(imported from commit 5f24e35a9bdd1e40406e2acb0c3713a6517d139b)
2012-10-11 14:43:23 -04:00
Keegan McAllister 9811bd5f8a Get UserProfile by email with a join, not two queries
(imported from commit 0698ebb88615cea54196181aeabe869ec466dbc1)
2012-10-11 14:05:53 -04:00
Tim Abbott 676e650a08 Fix mit_sync_bot bug causing constant API requests.
(imported from commit dfa845b98a7e22ee69a9589b8b98ac5a49077793)
2012-10-11 13:00:50 -04:00
Keegan McAllister 5a7ff70c11 Remove obsolete views
This functionality is part of the home view now.

(imported from commit 5f0327eb62840bf98af49566e6f3c0b86ca43b8d)
2012-10-11 11:23:22 -04:00
Keegan McAllister 48ec15c46d Don't duplicate realm query when registering
(imported from commit b1e3b7144f564c5b2fc23fbf548bf0672deb2932)
2012-10-11 11:08:52 -04:00
Tim Abbott ac3f4393ff Rename instance to subject.
(imported from commit 6b4693da03f106448c137cf81cf9801cac44f2b8)
2012-10-10 18:01:39 -04:00
Tim Abbott 08e832e093 Change send_message to accept a stream, not a class.
(imported from commit 0f58de2502bec227f5f33e44692d03f2f28d6f63)
2012-10-10 17:48:17 -04:00
Tim Abbott 6dc913766d Rename 'classes' to 'streams'.
(imported from commit 8ad6791f39d49e90a2828b6af86d039ba5ca5abc)
2012-10-10 17:47:13 -04:00
Tim Abbott 493a428cb2 Rename zephyr_class=>stream for local variables in views.py.
(imported from commit 9ea782e0c132f4ab3ca86cd37ff584d0a2308dea)
2012-10-10 17:47:13 -04:00
Tim Abbott 003efb84b4 Rename get_class to get_stream.
(imported from commit 4d393f9fcd46847c54c7e0b6b7add219e8e07fe6)
2012-10-10 17:47:13 -04:00