Commit Graph

90 Commits

Author SHA1 Message Date
Tim Abbott 858d0a984b Move API super users configuration into the database.
(imported from commit 3cc702f93e7252b42930dba4bde93a915b6dbf44)
2015-09-20 11:13:20 -07:00
Tim Abbott 36a9dc2cf7 Cleanup various minor Zanitization issues.
(imported from commit 5784eb5ac70706f72b05463354434a83a6e1beaa)
2015-09-20 00:25:38 -07:00
Tim Abbott 166192fb57 Add additional missing IP addresses to ALLOWED_HOSTS.
(imported from commit 4f81101a1df35074947228c259e944c4565061c6)
2015-09-19 15:51:27 -07:00
Tim Abbott cf1aff661c Add current production IP addresses to ALLOWED_HOSTS.
(imported from commit c255acb6ad7cd47d8a51509f4c24a05ac06ebd9a)
2015-09-19 15:13:02 -07:00
Tim Abbott 17fd248f23 Move postgres host configuration for zulip.com out of settings.py.
(imported from commit fe95011ae86ff7c5f20c789b459a763326da374d)
2015-08-22 13:49:43 -07:00
Tim Abbott 930c64df8a Move zulip.com-related statsd configuration out of main settings.py.
This also removes the convenient way to run statsd in the Dev VM,
because we don't anticipate anyone doing that.  It's just 2 lines of
config to configure it anyway:

STATSD_HOST = 'localhost'
STATSD_PREFIX = 'user'

(imported from commit 5b09422ee0e956bc7f336dd1e575634380b8bfa2)
2015-08-22 13:49:43 -07:00
Tim Abbott 83a653efce Change semantics of ZULIP_COM to include ZULIP_COM_STAGING machines.
(imported from commit 2e84c756b4ac41c13d619ab6ceb99e347d1f48cb)
2015-08-21 10:41:14 -07:00
David Roe edf7e732a2 ENTERPRISE => VOYAGER.
(imported from commit 4f8080b9f506a87ca40bef32e39de5218cba916a)
2015-08-21 10:33:35 -07:00
David Roe f79adf830f deployed => production
(imported from commit 2d7b0a7a73b0c84b32634a88af1e0d666139d4ff)
2015-08-21 10:33:35 -07:00
David Roe d702ddb3cf DEPLOYED => PRODUCTION
(imported from commit a7d365c07916c5103fc721c712db94f9af977640)
2015-08-21 10:33:35 -07:00
David Roe 63e576b811 STAGING_DEPLOYED => ZULIP_COM_STAGING
(imported from commit 25419979292218932c53cface59c1e8e2348a7c2)
2015-08-21 10:33:35 -07:00
David Roe 24f6743288 Eliminate TESTING_DEPLOYED.
(imported from commit 477d8b7a15f703df1e10ae5682e02fea5ce040e4)
2015-08-21 10:33:35 -07:00
David Roe 59b94a901c Moving ALLOWED_HOSTS to local_settings.
(imported from commit b89c6983fd87ede42954dd84706f999ed0de740d)
2015-08-21 10:33:35 -07:00
Tim Abbott 80651c99cd Stop using local_settings.py at all in the Dev VM.
(imported from commit d067bcfe9d71628d8f671c5bc7bb38f521f9a965)
2015-08-21 10:33:35 -07:00
Tim Abbott 90bfc39d55 Remove dead GoogleBackend from prod configuration.
(imported from commit 5fcf5c4bdb8d3564819005b624076878b59cd23b)
2015-08-21 01:42:22 -07:00
Yoyo Zhou 15abf9ed31 Move all remaining calls of get_secret from local_settings.py to settings.py.
(imported from commit 099a122121f8e06568cef3579f955cb73b20ee50)
2015-08-20 22:19:26 -07:00
Yoyo Zhou bd5fc484f0 Move GOOGLE_OAUTH2_CLIENT_SECRET to be read in settings.py.
(imported from commit 814dc32cd6099516486be76fa8baffbafda69596)
2015-08-20 22:19:17 -07:00
Yoyo Zhou 4b3874988f Move DROPBOX_APP_KEY to be read from get_secrets
(imported from commit 99acd66c4478a0826b0e0ec7bf26c9a59f7febca)
2015-08-20 21:58:59 -07:00
Yoyo Zhou ef320c6e95 Remove Redis remote authentication feature.
We can add it back later but for now we can just stick with localhost
since that's what most people will want.

(imported from commit c5fe524282219dc62a0670f569c0cb6af04be339)
2015-08-20 21:58:59 -07:00
Yoyo Zhou e41c00107d Move twitter secret keys to use get_secrets in settings.py
(imported from commit cc21265ae64a49be20bec74386314d60ee822746)
2015-08-20 21:58:59 -07:00
Yoyo Zhou 32f6d1055d Get s3_key and s3_secret_key from secrets in settings.py.
(imported from commit 2c2574988486bbb6f0f769250664a5a2a4c9e6c9)
2015-08-20 21:58:51 -07:00
Yoyo Zhou d34d44e1d4 Read ANDROID_GCM_API_KEY from secrets; move to settings.py
(imported from commit 0d0d59116065956b9cbbe895eb09f0433b752cf1)
2015-08-20 21:54:55 -07:00
Yoyo Zhou ec5ed87ca0 Make get_secret return None instead of an exception if the secret isn't defined.
Remove empty key generation from generate_enterprise_secrets, since get_secret ignores missing keys now.

(imported from commit 32d61e3058f0d41bfb4b17775e581a3c84540fe7)
2015-08-20 21:54:38 -07:00
Yoyo Zhou 2cab113035 Rename getsecret -> get_secret and remove duplicate secret-reading code in settings.py
(imported from commit 097d6b4fad1fcf8b6f09dc212056fdb313efe5e4)
2015-08-20 21:52:26 -07:00
Cat Miller 0a20f168a7 Auto-generate dev-secrets file.
Source LOCAL_DATABASE_PASSWORD and INITIAL_PASSWORD_SALT from the secrets file.
Fix the creation of pgpass file.

Tim's note: This will definitely break the original purpose of the
tool but it should be pretty easy to add that back as an option.

(imported from commit 8ab31ea2b7cbc80a4ad2e843a2529313fad8f5cf)
2015-08-20 00:20:44 -07:00
Tim Abbott 2de3e2ebdd Move several secrets to using the get_secret function in settings.py.
(imported from commit 08fb828265c4a9e35294a51c0901bd5ad3990344)
2015-08-18 20:17:48 -07:00
Tim Abbott 8c88746912 Move iOS App IDs to settings.py since it's needed to run the app.
(imported from commit 891e32ffa82430487fc333fa549ee465f0d018c0)
2015-08-18 20:17:48 -07:00
David Roe 2ffd022a5f Include defaults for AUTHENTICATION_BACKENDS
(imported from commit cdfffacc45f30e6959085ba8bc5aed72ae3527cf)
2015-08-18 20:17:47 -07:00
David Roe 46e224997e Add a new dev login page for logging in without a password on the dev VM.
(imported from commit ac8f2504771c9907b7e92dc91cec5f7220ce951b)
2015-08-18 20:17:47 -07:00
Luke Faraone f5089e535d Add dummy secrets for use in development.
We also reference these secrets from zproject/local_settings.py, keying
off IS_DEPLOYED.

(imported from commit eb83310e219616ed1c6c253f0d6893134bbe3517)
2015-08-16 21:35:34 -07:00
Luke Faraone 48f1a84d6e Additional defaults for dev.
(imported from commit 1b4bd71ff4ed27a83a24e58e797d900a7869c72d)
2015-08-16 16:46:08 -07:00
Luke Faraone 8ea139c772 Fix bugdown fixture for dummy camo key
(imported from commit 698b261918457117a01ce51f69d49f54f35b3297)
2015-08-16 16:45:15 -07:00
Leo Franchi d865732e0d Maintain two APNS connections and send correct notifications to each
Now we have 2 different Zulip apps out there, and they are signed with
two certs: Zulip and Dropbox. The Dropbox-signed apps are going to need
to be sent APNS notifications from the appropriate APNS connection

(imported from commit 6db50c5811847db4f08e5c997c7bbb4b46cfc462)
2015-02-11 06:57:25 +00:00
Luke Faraone 910429f365 Move secrets to their own file
(imported from commit 4e46f217e8a1df9b7cc03db9dc9fc41a6c273365)
2015-02-10 17:31:26 -08:00
Zev Benjamin 2c760ae735 Remove mixpanel
(imported from commit 9b6cc58ee9be483db8bf2d2eaaaecabc14f821e4)
2015-02-06 13:59:30 -08:00
Jason Michalski 7e9c121ad3 Use the full_name if available
We were trying to default the users first name when using google auth,
but it was getting lost when rendering the form.

(imported from commit 710e0c2ce591488920458dca74209c75e7031abd)
2015-02-05 21:54:28 -05:00
Jason Michalski 439b86fe3b Migrate the google SSO from openid to oauth2
(imported from commit 6938c1cc5d245cc5642043279470365ff04df903)
2015-02-05 21:54:28 -05:00
Jason Michalski 2a5826242d Add the hipchat bot to the list of API_SUPER_USERS
This is a public mirroring bot that needs to be able to send forged
messages to a stream.

(imported from commit 3fa691b1f1d06bf68a8cbc2c31ed5e3e5efef177)
2014-10-06 15:27:55 -07:00
Zev Benjamin 2f7af69091 Add customizations for CUSTOMER16 employees' realm
CUSTOMER16 wants their employee realm to:
* only use JWT logins
* have name changes be disabled (they want users' full names to be the
  their CUSTOMER16 user name).
* not show the suggestion that users download the desktop app

(imported from commit cb5f72c993ddc26132ce50165bb68c3000276de0)
2014-04-04 16:51:32 -07:00
Zev Benjamin bd3f1c6a9e Add JSON web token (JWT) authentication
We currently expect the use of HMAC SHA-256, although there shouldn't be
anything preventing us from using other algorithms.

(imported from commit 354510a0b7e9e273d062a1ab5b2b03d4a749d6a3)
2014-04-04 16:51:32 -07:00
Zev Benjamin f999440cc6 Add bot1@customer36.invalid to the list of API super users
(imported from commit 07767022db0f894d398d0031053f93439258ea0d)
2014-03-04 23:02:27 -05:00
Zev Benjamin 631783f3cd [manual] Use dedicated Redis server for staging
Before we deploy this commit, we must migrate the data from the staging redis
server to the new, dedicated redis server.  The steps for doing so are the
following:

* Remove the zulip::redis puppet class from staging's zulip.conf
* ssh once from staging to redis-staging.zulip.net so that the host key is known
* Create a tunnel from redis0.zulip.net to staging.zulip.net
  * zulip@redis0:~$ ssh -N -L 127.0.0.1:6380:127.0.0.1:6379 -o ServerAliveInterval=30 -o ServerAliveCountMax=3 staging.zulip.net
* Set the redis instance on redis0.zulip.net to replicate the one on staging.zulip.net
  * redis 127.0.0.1:6379> slaveof 127.0.0.1 6380
* Stop the app on staging
* Stop redis-server on staging
* Promote the redis server on redis0.zulip.net to a master
  * redis 127.0.0.1:6379> slaveof no one
* Do a puppet apply at this commit on staging (this will bring up the tunnel to redis0)
* Deploy this commit to staging (start the app on staging)
* Kill the tunnel from redis0.zulip.net to staging.zulip.net
* Uninstall redis-server on staging

The steps for migrating prod will be the same modulo s/staging/prod0/.

(imported from commit 546d258883ac299d65e896710edd0974b6bd60f8)
2014-02-10 13:23:28 -05:00
Luke Faraone ffdc254e2d Restore EMAIL_GATEWAY_BOT parameter
(imported from commit bda6b39c60b4e5b642db47fd3ba1be2ac8c19650)
2014-02-06 10:43:06 -05:00
Luke Faraone 24f8492236 [manual] Enable local email mirror on all frontends.
This removed the cronjob from all app_frontend servers and enables the
local Postfix mail server on the same.

This is a no-op on staging if the parent commit has already been
applied.

To deploy this commit, run a puppet-apply on prod.

(imported from commit 6d3977fd12088abcd33418279e9fa28f9b2a2006)
2014-02-06 10:26:56 -05:00
Luke Faraone 30a6fd3bd7 [manual] Enable postfix email mirror on staging
This will cause us to recieve messages sent to streams.staging.zulip.com
via the local Postfix daemon running on staging.

This commit does not impact prod. To deploy, a puppet-apply is needed on
staging.

(imported from commit 9eaedc28359f55a65b672a2e078c57362897c0de)
2014-02-04 10:38:17 -05:00
Leo Franchi 4b7d061bbf Simplify conditional for APNS sandbox and feedback service
(imported from commit f7c15cd3eec93eda7152ea133e8008bc072d67d8)
2014-01-22 13:22:20 -05:00
Leo Franchi de1ec7ae43 Always use the apns-dist.pem cert for staging/prod
(imported from commit 9f01f971f1c3cbd500771c074e9dc7e8bc327b69)
2014-01-22 13:17:53 -05:00
Luke Faraone 3948e1673d [manual] Accept OAuth2 tokens for API login via Google Apps
This is used by the Android app to authenticate without prompting for a
password.

To do so, we implement a custom authentication backend that validates
the ID token provided by Google and then tries to see if we have a
corresponding UserProfile on file for them.

If the attestation is valid but the user is unregistered, we return that
fact by modifying a dictionary passed in as a parameter. We then return
the appropriate error message via the API.

This commit adds a dependency on the "googleapi" module. On Debian-based
systems with the Zulip APT repository:
    sudo apt-get install python-googleapi

For OS X and other platforms:
    pip install googleapi

(imported from commit dbda4e657e5228f081c39af95f956bd32dd20139)
2014-01-13 13:30:55 -05:00
Luke Faraone 2627f229c4 Clarifying comment for local_settings.py
(imported from commit 64c0f4d032515dbeee4565de8581ea68edd7cd1f)
2014-01-13 13:09:12 -05:00
Tim Abbott 411b0a8777 Fix EXTERNAL_API_PATH and friends for prod and localhost.
We were incorrectly manually setting EXTERNAL_API_PATH for localhost
in local_settings.py, but the exception case we should be setting it
manually for is prod.

(imported from commit cbdf75c87ffccdeb306407a59c6594880f4461eb)
2013-12-18 16:01:19 -05:00