Commit Graph

121 Commits

Author SHA1 Message Date
Keegan McAllister 31496e9189 Generalize Tornado-related settings
(imported from commit 76a1338a87e1a6663aa7602a499e2d769814bf08)
2012-11-13 10:59:02 -05:00
Tim Abbott 30b43ebee2 Uniformize /json/ and /api/ URLs to end with no trailing slash.
(imported from commit c35b30bcc43982db3a2f774ea69269e5424a6159)
2012-11-09 14:30:10 -05:00
Tim Abbott 16c8baf99b Fix running tests when the default database is MySQL.
(imported from commit b692b64219fb67792cdfd3bd208df2c6103d23ad)
2012-11-09 14:16:52 -05:00
Tim Abbott 85423bc010 Add a /activity page displaying data on user activity on the site.
(imported from commit 3877be49e4e0b89cadfead88b5c51f955759a996)
2012-11-09 12:28:38 -05:00
Keegan McAllister 513d19cc67 urls: Line things up
Whitespace-only change.

(imported from commit 2616e9e208d77a1a2c0b9973bcc19dbbf607b134)
2012-11-07 17:46:46 -05:00
Keegan McAllister 0c9122e3f9 urls: Remove name=...
Per Django docs, these are used to set an alias for use by reverse().  We
mostly don't use these, and they clutter up the file.  We do use
reverse('send_confirm') so it stays.

(imported from commit 7789e588e187fae71638bd77a553801c48fa8818)
2012-11-07 17:46:46 -05:00
Luke Faraone 87b3d0c581 Enable basic password reset functionality.
(imported from commit 5ac0d15912173067d946b31be1c1251bc12a940a)
2012-11-06 16:33:21 -05:00
Tim Abbott a6cd21a1b8 Log events to a file named after the current server.
Merging these log files together is future work.

(imported from commit 54abf1ed41c2d8ba220fd3af0d997256c2718db0)
2012-11-06 14:12:19 -05:00
Jessica McKellar 204f3b35db settings: give a real ADMIN address.
(imported from commit f6171d5d3a702ae180cd27895ed76bef8890f6fa)
2012-11-02 15:45:51 -04:00
Keegan McAllister 3acc407512 settings: Remove commented-out template loader
(imported from commit 79273487532746f99bdbfac62bb9f34e844639a8)
2012-11-02 14:57:38 -04:00
Keegan McAllister 87bbbd6484 settings: Add a comment about SITE_ID
(imported from commit 2bc8964c32ac8b54a701d52bf64dd7c738d9a5a2)
2012-11-02 14:57:38 -04:00
Tim Abbott 7e0cbd1c8b Change json_add_subscription to use the same interface as api_subscribe.
(imported from commit 9b9eb0284ad262ce9701ef81162d954544435d52)
2012-11-01 13:05:52 -04:00
Tim Abbott e48bdfe847 Use json_success for api_fetch_api_key.
(imported from commit 395d992fa634f5304f8a44f38f0251109c1a0810)
2012-10-30 16:59:18 -04:00
Keegan McAllister 044b08b409 Remove more commented out example code
(imported from commit 83f7c8763d96af5341fe630d1d8be11eef1f33aa)
2012-10-29 23:21:00 -04:00
Keegan McAllister 45387a8e63 Fix logout view
Previously if you hit /accounts/logout with no ?next=... parameter, you would
see a broken version of index.html missing dynamic content.

(imported from commit d9bca92d1c3c82893524ba69b132d59c48aa34c9)
2012-10-29 18:30:01 -04:00
Luke Faraone ee31a1b1a6 Allow people with confirmation IDs to register even under ALLOW_REGISTER
External people won't be able to register unless we initiate the action
and send them an email, because the confirmation token generation code
is in the still-protected accounts_home view.

(imported from commit 8985257576d3dff5b0cad9d4b0ae213f18528865)
2012-10-29 17:16:22 -04:00
Keegan McAllister 50e40d3f47 Remove comment about XFrameOptionsMiddleware
We already set X-Frame-Options in nginx.

(imported from commit db2b51340e974f6775001f317dcbdda84be88e38)
2012-10-29 16:14:40 -04:00
Keegan McAllister 0e03a7acc8 views.home: Use @login_required
We can't use reverse() due to what amounts to a module import cycle.

(imported from commit 8a2904648173bc3e4ff2079d33320417b28518d3)
2012-10-29 15:41:28 -04:00
Keegan McAllister 5353f5b3b0 Rename NOT_LOGGED_IN_REDIRECT -> HOME_NOT_LOGGED_IN
If we have other pages that require login, we might want them to redirect to
the login form.  But the root of the site should take you to /accounts/home --
but only after we launch the product.

(imported from commit b5d10e1c908f1ffe1ee68c2689691ca66c896786)
2012-10-29 15:41:28 -04:00
Keegan McAllister 7c790357a1 authenticate: Reject None for username or password, without a DB query
(imported from commit dd76b174a806f9bf4a47f07f124321a025561183)
2012-10-29 15:41:28 -04:00
Keegan McAllister 5ed13e9079 Remove inactive Django admin code
These can only cause trouble.

(imported from commit 1def3234675c12461e9fc8b71c6b9e1b107edd1d)
2012-10-29 13:56:09 -04:00
Keegan McAllister 92b10e3bc2 settings.py: Change deployed check
This is security-critical so we have two checks.

(imported from commit adaa1cefe2d08526cdaac2fb0d8cc02773390224)
2012-10-27 11:18:51 -04:00
Keegan McAllister 3e86da67f9 Set the CSRF token cookie as HttpOnly
(imported from commit 0bf4239db085edcfc311efeb61da3ef409cc6206)
2012-10-26 16:08:18 -04:00
Keegan McAllister 6f3b9ef00d Enable /terms and /privacy on the live site
At Jeff's request.

(imported from commit 2cc25252e3183f858fcd63dddcc97573a5ac6082)
2012-10-26 13:00:01 -04:00
Zev Benjamin 8a66d52228 Expose get_old_messages to API
(imported from commit d3b86a049440c54b52d96c27f8925a73496eaffe)
2012-10-26 10:42:11 -04:00
Keegan McAllister 2afa9894ce Add a draft privacy policy
(imported from commit 4095e3bb72a5975b4353bf0eace9da48c0eec200)
2012-10-25 19:11:28 -04:00
Jeff Arnold 5316fc9863 Rename tos -> terms in urls.py
(imported from commit 5cb47202f62b500b2fdaa49b093830df279828b3)
2012-10-25 16:07:18 -04:00
Keegan McAllister eef027560a Remove unused imports
(imported from commit eb576627ff72e57fee0e3a4c357f51ad74cd6c86)
2012-10-25 15:22:18 -04:00
Keegan McAllister f8540dcdae Wrap some other extremely long lines
(imported from commit e7d55f318c8865ca953bf4520d1b07f7e84a4aeb)
2012-10-25 15:22:18 -04:00
Zev Benjamin c4189d1029 Add get_old_messages json call
This new call only allows fetching of existing messages.  The idea is
to remove this functionality from get_updates to simplify the backend
code.

(imported from commit 1345db2f1707e208e7c0bd08b7d444932c68b6a2)
2012-10-25 12:10:44 -04:00
Keegan McAllister 6172f42b6b Add terms of service at /tos
Based on Jeff's "Terms of Service.rtf"

(imported from commit 0ac24148cd963c65252c349556cb04aa4a1d79b2)
2012-10-24 19:31:56 -04:00
Zev Benjamin 732ca19729 Synchronize the pointer across sessions
The client may now optionally send its current pointer during
get_updates and the server will return the latest pointer if it
differs and was updated more recently by a different session.

(imported from commit e43b377d7dfb52f83cefb0b1003863d5407caf80)
2012-10-22 16:44:57 -04:00
Jessica McKellar f5f3ffc6a9 Expose an API method for updating the pointer.
(imported from commit 66d49c149e0bbc60e82a5967b77aff69629b09e7)
2012-10-21 13:33:14 -04:00
Jessica McKellar 0fb836538d Add an API request for getting profile (specifically pointer) data.
Mobile clients need it.

We are going to need to sit down and think about how much power we
want to give our API users, though. For example, should they even get
to know about your absolute pointer value (maybe they should only be
able to make requests relative to your pointer), or be able to request
very old ranges of messages?

(imported from commit 1680655f0d9a670bc0da0ddb92fbbd5cf851d3dd)
2012-10-20 21:59:59 -04:00
Tim Abbott afd141a03e Use fast password hashing when replying old messages locally.
Without this change, one can only create a few users per second(!),
which really puts a damper on quickly importing old messages.

(imported from commit 26daf61b57154daa067db3daf8254c12d23da353)
2012-10-20 17:46:12 -04:00
Keegan McAllister f5d4471993 Only serve static files from Django if DEBUG = True
(imported from commit 5028f9caf637e95aa83a0736bf11930357fc725e)
2012-10-17 18:24:15 -04:00
Keegan McAllister 94f107e281 Log all requests
runserver already prints them to the console, but runfcgi doesn't.

(imported from commit 3450e3fd65ef3990729c94e80dad4fc3c89f0e64)
2012-10-17 18:23:02 -04:00
Keegan McAllister 122edf6a8c Tweak logging config
(imported from commit 686a843c6ccbc2f514669bb7901daacbe639697c)
2012-10-17 18:23:02 -04:00
Keegan McAllister ea916951f4 Disable notify_new_message calls in testing and populate_db
(imported from commit 07a0fea4173e2e27a90ac5f111927f0000377764)
2012-10-17 18:23:01 -04:00
Keegan McAllister a545876d56 Rename notify_waiting_clients -> notify_new_message
We might have other URLs for other notifications.

(imported from commit 4c1c5fe2f039816fef4c268f34692ca4f19d81e8)
2012-10-17 18:23:01 -04:00
Keegan McAllister c851bc4632 Generate initial API keys in the same manner as passwords
(imported from commit 754fa391b441c520082650a0cf3bacf050bf81b3)
2012-10-17 18:23:01 -04:00
Keegan McAllister cc8a14fcf8 Create accounts with passwords which are deterministic but hard to guess (from the outside)
(imported from commit 964610fec6c4690c1e881f2bab252296663c819a)
2012-10-17 18:23:01 -04:00
Keegan McAllister 1fded25025 Make redirects work properly behind a reverse proxy
(imported from commit 7ffb0b10e796ab27a8a4d028195637c9dca74aa7)
2012-10-17 18:23:01 -04:00
Keegan McAllister 5e70b5a291 Split off the Tornado code into a separate process
(imported from commit 95dbd0f438cdba06d6e6c6c539a2a3d49c577cfd)
2012-10-17 18:23:01 -04:00
Tim Abbott 758bbe6fc9 Rename api_fetch_key to api_fetch_api_key to match json methods.
(imported from commit ed1c33f5017426dd38882c06ac38343451edb94b)
2012-10-17 17:13:33 -04:00
Tim Abbott ae3e24458c Add a UI for requesting your API key.
(imported from commit 07c40caf73f3b6c1c502a6c8e18109532dd28cc3)
2012-10-17 17:09:46 -04:00
Keegan McAllister 8070680184 Set the 'secure' flag on Django cookies
(imported from commit b563f62e2b185a8195daf212574c30f6e252900e)
2012-10-17 16:53:26 -04:00
Luke Faraone 12bad46740 Introduce API method to return a user's API key by logging in.
This makes it easier for mobile clients to use the API by enabling them to
present the user with a familiar username / password prompt, rather than
by asking them for their API key.

(imported from commit 6ed06cfe86f87e7aef54a4be7835fb7bf8d7f209)
2012-10-17 15:33:05 -04:00
Keegan McAllister 62fad52ad6 Remove unused Django staticfiles app
(imported from commit 275db1a8a752fe307d2b94aa83937ea96fab8a28)
2012-10-17 15:27:29 -04:00
Keegan McAllister 8d4fefbe95 Remove Django staticfiles config
We're not really using it, and it's misleading.

(imported from commit 4244934cdcc957b4e12184b935953830ac443280)
2012-10-17 15:04:33 -04:00