Commit Graph

89 Commits

Author SHA1 Message Date
Reid Barton 59dab21fcd Render recent dates as weekdays, part 1.
This commit just moves time rendering logic to its own file, and does
not make any functionality changes.

(imported from commit d111d03c6abc8d9550fcf65e4f89eab8056d1ed4)
2013-02-19 15:58:25 -05:00
Keegan McAllister bb5f59d310 Use white text for recipient labels on streams set to dark colors
Fixes #577.

(imported from commit 0518e33b96bc0028fc80d533f6b8ec35fd5cdc04)
2013-02-19 15:33:35 -05:00
Leo Franchi 83011f7f47 Show a user activity list in the sidebar
(imported from commit 95aaa55c7e4cc39f844518b5308866bedf2cd1c5)
2013-02-11 18:05:57 -05:00
Jacob Hurwitz 61acc58947 Add a notifications bar when there are additional messages out of view
(imported from commit 38fa78f63fd520d0b1f09921ba064cba010a6f99)
2013-02-02 01:16:25 -05:00
Keegan McAllister 638b8d29bc Enable testing minified files in dev
(imported from commit 257b8547849a85c447319d3d211f2c989616ce64)
2013-01-31 15:41:01 -05:00
Keegan McAllister 6990260b59 [manual] Minify JavaScript and CSS in production
Manual deployment steps: The same Nginx reload as for "Get rid of the
static-access-control mechanism".  If deploying both commits at once,
just do it once.

(imported from commit dd8dbbf14b95fce0a4b6f66f462fa0a6b50bfb8c)
2013-01-31 15:41:01 -05:00
Zev Benjamin 11d8cdef6f settings.py: Add 'schema' to database configuration
Django doesn't use this setting, but South consults it when
inspecting tables for their constraints.  The fact that we store our
tables in the 'humbug' schema was causing South to fail to find our
table constraints (it was looking in the 'public' schema) and
therefore throw an exception when we try to remove the unique
constraint in migration 0002.

(imported from commit 4230338a7b78329a759339b2f9fcd277137b7f32)
2013-01-29 12:16:32 -05:00
Zev Benjamin a3037ea91a Revert "Set a wildcard subdomain for the session and csrf cookie domains on staging"
This was to support get_updates sharding, which we never fully
implemented.  We can recommit this change later if we choose to bring
the feature back.

This reverts commit fda2d99d9e9a07951d11fcd9fc61cf229988f471.

(imported from commit aec8203c8d8a94dd6f30089aeee22814d1595fc5)
2013-01-28 13:11:58 -05:00
Zev Benjamin f6547dedb1 Set a wildcard subdomain for the session and csrf cookie domains on staging
(imported from commit fda2d99d9e9a07951d11fcd9fc61cf229988f471)
2013-01-17 21:40:46 -05:00
Jessica McKellar 8d1ccad29b Prominently display the user in Django 500 emails.
As a side-effect of customizing the e-mail, this also makes the host
on which the error happened a part of the subject line.

(imported from commit 7d5e9ad108b48fd34528512c5955567119935d4e)
2013-01-17 09:47:10 -05:00
Tim Abbott cb0de0fc60 Fix logging in with email addresses long than 30 characters.
(imported from commit 81d0c329d0c7403986e2379accbe2f1be3c731e3)
2013-01-16 17:02:06 -05:00
Keegan McAllister b5a0147e26 Log events to a file named after today's date
We need this so that we can safely expunge old events without interfering with
the running server.  See #414.

(imported from commit 4739e59e36ea69f877c158c13ee752bf6a2dacfe)
2013-01-15 14:37:36 -05:00
Tim Abbott e592e71515 [manual] Use rabbitmq queue to process UserActivity.
Before this is deployed, we need to install rabbitmq and pika on the
target server (see the puppet part of this commit for how).

When this is deployed, we need to start the new user activity bot:

./manage.py process_user_activity

in the screen session on the relevant server, or user_activity logs
won't be processed (which will eventually result in all users getting
notifications about how their mirrors are out of date).

(imported from commit 44d605aca0290bef2c94fb99267e15e26b21673b)
2013-01-14 13:28:23 -05:00
Tim Abbott 3b7d61e45f tornado: Get User and UserProfile objects from a memcached.
This commit has the effect of eliminating all of the non-UserActivity
database queries from the Tornado process -- at least in the uncached
case.

This is safe to do, if a bit fragile, since our Tornado code only
accesses these objects (as opposed to their IDs) in a few places that
are all fine with old data, and I don't expect us to add any new ones
soon:

* UserActivity logging, which I plan to move out of Tornado entirely

* Checking whether we're authenticated in our decorators (which could
  be simplified -- the actual security check is just whether the
  Django session object has a particular field)

* Checking the user realm for whether we should sync to the client
  notices about their Zephyr mirror being up to date, which is quite
  static and I think we can move out of this code path.

But implementation constraints around mapping the user_ids to
user_profile_ids mean that it makes sense to get the actual objects
for now.

This code is not what I want to do long-term.  I expect we'll be able
to clean up the dual User/UserProfile nonsense once we integrate the
upcoming Django 1.5 release, with its support for pluggable User
models, and after that I change, I expect it'll be fairly easy to make
the Tornado code only work with the user ID, not the actual objects.

(imported from commit 82e25b62fd0e3af7c86040600c63a4deec7bec06)
2013-01-11 16:11:07 -05:00
Tim Abbott e15c575977 Cache Django session objects using memcached.
(imported from commit 531ea34d5781b27401a7e2d90a0be99927d0bae5)
2013-01-10 16:59:36 -05:00
Jessica McKellar 2c6ac969ff Temporarily increase get_updates polling timeout to deal with increased load.
(imported from commit 8477c829f1f69299ddb9c22dee722825dd673ee7)
2013-01-09 21:07:43 -05:00
Luke Faraone 0646cd7e21 [manual] Convert Humbug to use Django South.
This was done using instructions provided by the South authors:
	<http://south.readthedocs.org/en/0.7.6/convertinganapp.html>

This adds a dependency on python-django-south >=0.7.5. Now when you are
reinitializing the database, you need to run "./manage.py migrate --all"
before running populate_db.

When deploying this commit onto existing servers, you need to run these
commands manually:

    ./manage.py syncdb
    ./manage.py migrate zephyr 0001 --fake
    ./manage.py migrate confirmation 0001 --fake

These do *not* need to be run on new databases, only on existing ones.

(imported from commit f24cff421a6be9ab9cf4c4342565c484ac336e2d)
2013-01-08 18:14:39 -05:00
Tim Abbott 86862a8c0a Fix running Django against postgres on Tim's laptop.
I'm not sure why this wasn't set before, but it's needed for this to work.

(imported from commit fd77c975a234ccd6a972a6f2c9bfac21fcbb2d25)
2013-01-07 15:06:28 -05:00
Zev Benjamin c6929bbc9f Allow PBKDF2 password hashes in dev mode
This fixes a problem where if you were 1) running in development
mode, 2) had populated the database from production data, and 3)
tried to log in with an account that had changed its password, you
wouldn't be able to.  The problem was that the password change
created a password change record with a PBKDF2 hash, not a SHA1 hash.

This change lets the dev server accept PBKDF2 hashed passwords, but
still use SHA1 password hashes for creating test users for speed.

(imported from commit 2840d266f93add1edbba7f93a7f1491372fc8cf1)
2013-01-03 16:03:55 -05:00
Jessica McKellar c01a6ecb1e Remove unused django.contrib.messages middleware.
(imported from commit 224ff811c5c8c8b1205822c65a6d23993ac68e5e)
2013-01-02 17:41:50 -05:00
Zev Benjamin bf5ce4783d Move @has_request_variables error responses to middleware
This will now allow us to use @has_request_variables on helper
functions.

(imported from commit 799d71477654eac7fd8192cfc5bb88b78053532d)
2012-12-20 14:26:36 -05:00
Tim Abbott 35226c352d Enable postgres on prod server.
(imported from commit 4cf25c4ffe685dcfeb8d6c87ade3fcca7a92a807)
2012-12-15 08:42:12 -05:00
Tim Abbott aa0924f36b Switch Tim's laptop to use postgres.
(imported from commit e7f9d359843d23986ba25576531f0935f99f4c12)
2012-12-14 17:15:32 -05:00
Keegan McAllister 44b9925bfc Configure get_updates timeout in settings.py
(imported from commit 2a647bdd73c43ca5fed704925808efafc70da044)
2012-12-14 16:22:42 -05:00
Zev Benjamin 103eb5130d Authenticate to Postgres with client certificates and check the server's certificate
(imported from commit a3be2178d7675d409d81b9119815ac1f680d1388)
2012-12-14 11:38:18 -05:00
Zev Benjamin 4788443e60 Switch staging to use postgres
(imported from commit fde5bf54a42c6be95fe2436094d7ac1626c29683)
2012-12-12 18:24:22 -05:00
Tim Abbott c09f2d534e Fix using DEBUG=False on development machines.
This is useful for debugging our error Humbug code, for example.

(imported from commit ea244b03eaf74349ade53d15ee20312732b4e083)
2012-12-11 17:15:59 -05:00
Luke Faraone 6ff666b9d7 Filter out "content" and "secret" from exceptions.
(imported from commit 31206f528fc93746133ebe2d9234b6ce0b88cf3b)
2012-12-07 17:32:16 -05:00
Luke Faraone a604183c5b Log errors to Humbug, too.
(imported from commit 2547625135568f3ea004bf4287471a82bc0a4f38)
2012-12-07 17:32:15 -05:00
Luke Faraone adf289c9df Implement basic email error reporting.
Here we send an email for each unique error every ten minutes.

(imported from commit adf5ee4bf52c9aef253a94b1c3647515d9b3e495)
2012-12-07 17:32:15 -05:00
Keegan McAllister 545c1494f0 Configure the app to use memcached
Fixes #54.

(imported from commit c94f5b133143510289d410252340b9a4ab26709c)
2012-11-26 11:59:48 -05:00
Keegan McAllister a2750943e3 Use a custom Django test suite runner
This allows us to define new command-line arguments for 'manage.py test'.

(imported from commit 11cf24694a54a3b717256903b7582ddec9a85587)
2012-11-16 15:33:38 -05:00
Tim Abbott 7ae73fabd4 Log how long requests take to process.
(imported from commit 89915f859e4493ff04a34d198ac6df5541b743cc)
2012-11-14 15:52:57 -05:00
Keegan McAllister ed490c672f Allow running the dev server with the test database, on different ports
For use by frontend tests.

(imported from commit c8f81b862963f00e5b5517ba05b2d1adcab6d78a)
2012-11-13 10:59:02 -05:00
Keegan McAllister 31496e9189 Generalize Tornado-related settings
(imported from commit 76a1338a87e1a6663aa7602a499e2d769814bf08)
2012-11-13 10:59:02 -05:00
Tim Abbott a6cd21a1b8 Log events to a file named after the current server.
Merging these log files together is future work.

(imported from commit 54abf1ed41c2d8ba220fd3af0d997256c2718db0)
2012-11-06 14:12:19 -05:00
Jessica McKellar 204f3b35db settings: give a real ADMIN address.
(imported from commit f6171d5d3a702ae180cd27895ed76bef8890f6fa)
2012-11-02 15:45:51 -04:00
Keegan McAllister 3acc407512 settings: Remove commented-out template loader
(imported from commit 79273487532746f99bdbfac62bb9f34e844639a8)
2012-11-02 14:57:38 -04:00
Keegan McAllister 87bbbd6484 settings: Add a comment about SITE_ID
(imported from commit 2bc8964c32ac8b54a701d52bf64dd7c738d9a5a2)
2012-11-02 14:57:38 -04:00
Keegan McAllister 50e40d3f47 Remove comment about XFrameOptionsMiddleware
We already set X-Frame-Options in nginx.

(imported from commit db2b51340e974f6775001f317dcbdda84be88e38)
2012-10-29 16:14:40 -04:00
Keegan McAllister 0e03a7acc8 views.home: Use @login_required
We can't use reverse() due to what amounts to a module import cycle.

(imported from commit 8a2904648173bc3e4ff2079d33320417b28518d3)
2012-10-29 15:41:28 -04:00
Keegan McAllister 5353f5b3b0 Rename NOT_LOGGED_IN_REDIRECT -> HOME_NOT_LOGGED_IN
If we have other pages that require login, we might want them to redirect to
the login form.  But the root of the site should take you to /accounts/home --
but only after we launch the product.

(imported from commit b5d10e1c908f1ffe1ee68c2689691ca66c896786)
2012-10-29 15:41:28 -04:00
Keegan McAllister 5ed13e9079 Remove inactive Django admin code
These can only cause trouble.

(imported from commit 1def3234675c12461e9fc8b71c6b9e1b107edd1d)
2012-10-29 13:56:09 -04:00
Keegan McAllister 92b10e3bc2 settings.py: Change deployed check
This is security-critical so we have two checks.

(imported from commit adaa1cefe2d08526cdaac2fb0d8cc02773390224)
2012-10-27 11:18:51 -04:00
Keegan McAllister 3e86da67f9 Set the CSRF token cookie as HttpOnly
(imported from commit 0bf4239db085edcfc311efeb61da3ef409cc6206)
2012-10-26 16:08:18 -04:00
Zev Benjamin 732ca19729 Synchronize the pointer across sessions
The client may now optionally send its current pointer during
get_updates and the server will return the latest pointer if it
differs and was updated more recently by a different session.

(imported from commit e43b377d7dfb52f83cefb0b1003863d5407caf80)
2012-10-22 16:44:57 -04:00
Tim Abbott afd141a03e Use fast password hashing when replying old messages locally.
Without this change, one can only create a few users per second(!),
which really puts a damper on quickly importing old messages.

(imported from commit 26daf61b57154daa067db3daf8254c12d23da353)
2012-10-20 17:46:12 -04:00
Keegan McAllister 94f107e281 Log all requests
runserver already prints them to the console, but runfcgi doesn't.

(imported from commit 3450e3fd65ef3990729c94e80dad4fc3c89f0e64)
2012-10-17 18:23:02 -04:00
Keegan McAllister 122edf6a8c Tweak logging config
(imported from commit 686a843c6ccbc2f514669bb7901daacbe639697c)
2012-10-17 18:23:02 -04:00
Keegan McAllister ea916951f4 Disable notify_new_message calls in testing and populate_db
(imported from commit 07a0fea4173e2e27a90ac5f111927f0000377764)
2012-10-17 18:23:01 -04:00