Commit Graph

23 Commits

Author SHA1 Message Date
Umair Khan 1e9c87855c Django 1.11: is_authenticated is now a property. 2017-06-13 15:04:04 -07:00
Aditya Bansal 94b7e4de9e pep8: Add compliance with rule E261 to rest.py. 2017-05-07 23:21:50 -07:00
Tim Abbott 2f8bb1b1cd coverage: Add test for REST requests to /json API unauthed. 2017-03-05 00:53:27 -08:00
Tim Abbott c8e38aaa55 coverage: Add coverage for OPTIONS HTTP method. 2017-03-05 00:53:26 -08:00
Tim Abbott 4e171ce787 lint: Clean up E126 PEP-8 rule. 2017-01-23 22:06:13 -08:00
Tim Abbott 22d1aa396b lint: Clean up W503 PEP-8 warning. 2017-01-23 20:50:04 -08:00
bulat22101 a6f91064a2 pep8: Fix E129 violations 2016-12-03 10:56:36 -08:00
rahuldeve 2bf15603f3 Modify rest_dispatch to support method specific flags.
[simplified substantially by tabbott]
2016-06-27 10:53:15 -07:00
acrefoot e4ed9195dc Remove rest_dispatch hack and optimize imports.
For a long time, rest_dispatch has had this hack where we have to
create a copy of it in each views file using it, in order to directly
access the globals list in that file.  This removes that hack, instead
making rest_dispatch just use Django's import_string to access the
target method to use.

[tweaked and reorganized from acrefoot's original branch in various
ways by tabbott]
2016-06-24 16:11:03 -07:00
acrefoot be484b25c6 Add comments on how rest_dispatch authenticates. 2016-06-24 14:52:22 -07:00
Tim Abbott 250781e843 Fix HTTP Basic Auth popups caused by auth failures.
If a user's session cookie expired, the next REST API request their
browser did would go into the json_unauthorized code path.  This
returned a response with a WWW-Authenticate tag for HTTP Basic Auth
(since that's what the REST API uses), even for /json requests which
should only be authenticated using session auth.

We fix this by explicitly passing the desired WWW-Authenticate state.

Fixes: #800.
2016-06-21 16:18:36 -07:00
Tomasz Kolek 9ae68ade8b Add is_webhook option to authentication decorats.
Modified:
authenticated_rest_api_view
authenticated_api_view and validate_api_key.
2016-06-21 11:47:38 -07:00
Umair Khan 1bfe566c8d [i18n] Make Json error messages translatable. 2016-06-04 18:48:36 -07:00
David Adamec 4f3c85a20c Add type annotations to zerver/lib/rest. 2016-06-03 23:48:46 -07:00
Tim Abbott 5bacda3662 python3: Fix usage of .keys()/.values() to handle iterators.
This fixes the places where we use the result of .keys(), .items(),
and .values() that wouldn't work with an iterator to wrap them with
list().
2016-01-26 21:11:25 -08:00
Tim Abbott 023f45190f rest_dispatch: Add support for using with websockets integration. 2015-12-12 18:14:08 -08:00
Luke Faraone 5147b52267 Return correct OPTIONS in rest_dispatch
(imported from commit 095175cad4df982d2bf5603f3b927a3aa6d7f41f)
2014-07-29 21:46:34 -07:00
Tim Abbott 2ca5f43f05 Report json format 500 errors from all json format views.
Previously, we only did this via rest_dispatch.

(imported from commit b0edfdccea294378292b64677a64d5b01f936b08)
2013-12-19 16:48:51 -05:00
Tim Abbott 7800a34d84 Fix json_unhandled_exception handling of JsonableError.
(imported from commit 16ed6c213cbda3b60a16a01af32c56d6802b7acc)
2013-12-13 18:13:43 -05:00
Steve Howell 44b738ab75 Have rest_dispatch return JSON when exceptions are thrown.
(imported from commit 587a8f46d406c6358480db9e0ebd5afb69e12abf)
2013-12-13 17:38:20 -05:00
Tim Abbott 46760e91cd rest_dispatch: Don't allow session auth on /api URLs.
This caused problems with our tests suite where we were using a logged
in browser session and actually acting as a different user.

(imported from commit 73b8cb39d5d669e682fbacf2f7e574c228885c2f)
2013-12-12 10:31:04 -05:00
Kevin Mehall a09c7e1e0c Make rest_dispatch errors cleaner for requests from browsers.
If you don't have a cookie or basic auth and the request looks like
a top-level page in the browser, redirect to the login page.

(imported from commit fc1bcb1080591522bd1b694664255f7049a5d443)
2013-10-31 14:36:34 -04:00
Luke Faraone 9d4ef27b97 Make rest_dispatch accept a list of globals and move it into its own file.
We're going to be using this from other views, so make it more generic.

(imported from commit c2c4f64b2a212f8a254f75c21dc93d8fc3f8351a)
2013-10-25 14:13:30 -04:00