Commit Graph

78 Commits

Author SHA1 Message Date
Tim Abbott 5ddf2614f0 uploads: Add new way of querying for mobile uploads endpoint.
This extends the /user_uploads API endpoint to support passing the
authentication credentials via the URL, not the HTTP_AUTHORIZATION
headers.  This is an important workaround for the fact that React
Native's Webview system doesn't support setting HTTP_AUTHORIZATION;
the app will be responsible for rewriting URLs for uploaded files
directly to add this parameter.
2018-04-13 17:51:45 -07:00
Tim Abbott 34e165c100 webhooks: Fix passing client string to authenticated webhook API views.
This fixes a regression in 93678e89cd
and a4979410f9, where the webhooks using
authenticated_rest_api_view were migrated to a new model that didn't
include setting a custom Client string for the webhook.

When restoring these webhooks' client strings, we also fix places
where the client string was not capitalized the same was as the
product's name.
2018-03-16 15:43:19 -07:00
rht 3f4bf2d22f zerver/lib: Use python 3 syntax for typing.
Extracted from a larger commit by tabbott because these changes will
not create significant merge conflicts.
2017-11-21 20:56:40 -08:00
rht f43e54d352 zerver/lib: Remove absolute_import. 2017-09-27 10:00:39 -07:00
Tim Abbott 58edf75962 api: Allow incoming webhook bots to use the send_message API. 2017-08-22 10:06:34 -07:00
Umair Khan 1e9c87855c Django 1.11: is_authenticated is now a property. 2017-06-13 15:04:04 -07:00
Aditya Bansal 94b7e4de9e pep8: Add compliance with rule E261 to rest.py. 2017-05-07 23:21:50 -07:00
Tim Abbott 2f8bb1b1cd coverage: Add test for REST requests to /json API unauthed. 2017-03-05 00:53:27 -08:00
Tim Abbott c8e38aaa55 coverage: Add coverage for OPTIONS HTTP method. 2017-03-05 00:53:26 -08:00
Tim Abbott 4e171ce787 lint: Clean up E126 PEP-8 rule. 2017-01-23 22:06:13 -08:00
Tim Abbott 22d1aa396b lint: Clean up W503 PEP-8 warning. 2017-01-23 20:50:04 -08:00
bulat22101 a6f91064a2 pep8: Fix E129 violations 2016-12-03 10:56:36 -08:00
rahuldeve 2bf15603f3 Modify rest_dispatch to support method specific flags.
[simplified substantially by tabbott]
2016-06-27 10:53:15 -07:00
acrefoot e4ed9195dc Remove rest_dispatch hack and optimize imports.
For a long time, rest_dispatch has had this hack where we have to
create a copy of it in each views file using it, in order to directly
access the globals list in that file.  This removes that hack, instead
making rest_dispatch just use Django's import_string to access the
target method to use.

[tweaked and reorganized from acrefoot's original branch in various
ways by tabbott]
2016-06-24 16:11:03 -07:00
acrefoot be484b25c6 Add comments on how rest_dispatch authenticates. 2016-06-24 14:52:22 -07:00
Tim Abbott 250781e843 Fix HTTP Basic Auth popups caused by auth failures.
If a user's session cookie expired, the next REST API request their
browser did would go into the json_unauthorized code path.  This
returned a response with a WWW-Authenticate tag for HTTP Basic Auth
(since that's what the REST API uses), even for /json requests which
should only be authenticated using session auth.

We fix this by explicitly passing the desired WWW-Authenticate state.

Fixes: #800.
2016-06-21 16:18:36 -07:00
Tomasz Kolek 9ae68ade8b Add is_webhook option to authentication decorats.
Modified:
authenticated_rest_api_view
authenticated_api_view and validate_api_key.
2016-06-21 11:47:38 -07:00
Umair Khan 1bfe566c8d [i18n] Make Json error messages translatable. 2016-06-04 18:48:36 -07:00
David Adamec 4f3c85a20c Add type annotations to zerver/lib/rest. 2016-06-03 23:48:46 -07:00
Tim Abbott 5bacda3662 python3: Fix usage of .keys()/.values() to handle iterators.
This fixes the places where we use the result of .keys(), .items(),
and .values() that wouldn't work with an iterator to wrap them with
list().
2016-01-26 21:11:25 -08:00
Tim Abbott 023f45190f rest_dispatch: Add support for using with websockets integration. 2015-12-12 18:14:08 -08:00
Luke Faraone 5147b52267 Return correct OPTIONS in rest_dispatch
(imported from commit 095175cad4df982d2bf5603f3b927a3aa6d7f41f)
2014-07-29 21:46:34 -07:00
Tim Abbott 2ca5f43f05 Report json format 500 errors from all json format views.
Previously, we only did this via rest_dispatch.

(imported from commit b0edfdccea294378292b64677a64d5b01f936b08)
2013-12-19 16:48:51 -05:00
Tim Abbott 7800a34d84 Fix json_unhandled_exception handling of JsonableError.
(imported from commit 16ed6c213cbda3b60a16a01af32c56d6802b7acc)
2013-12-13 18:13:43 -05:00
Steve Howell 44b738ab75 Have rest_dispatch return JSON when exceptions are thrown.
(imported from commit 587a8f46d406c6358480db9e0ebd5afb69e12abf)
2013-12-13 17:38:20 -05:00
Tim Abbott 46760e91cd rest_dispatch: Don't allow session auth on /api URLs.
This caused problems with our tests suite where we were using a logged
in browser session and actually acting as a different user.

(imported from commit 73b8cb39d5d669e682fbacf2f7e574c228885c2f)
2013-12-12 10:31:04 -05:00
Kevin Mehall a09c7e1e0c Make rest_dispatch errors cleaner for requests from browsers.
If you don't have a cookie or basic auth and the request looks like
a top-level page in the browser, redirect to the login page.

(imported from commit fc1bcb1080591522bd1b694664255f7049a5d443)
2013-10-31 14:36:34 -04:00
Luke Faraone 9d4ef27b97 Make rest_dispatch accept a list of globals and move it into its own file.
We're going to be using this from other views, so make it more generic.

(imported from commit c2c4f64b2a212f8a254f75c21dc93d8fc3f8351a)
2013-10-25 14:13:30 -04:00