Commit Graph

166 Commits

Author SHA1 Message Date
Tim Abbott 5a27a4cf1c decorator: Improve wrong-subdomain logging output.
Often, it's helpful to see both values in errors.
2017-10-02 13:31:20 -07:00
rht 2949d1c1e8 zerver: Remove the rest of absolute_import. 2017-09-27 10:02:39 -07:00
Aditya Bansal d9c9bfe7f6 logger: Add new create_logger abstraction to simplify logging.
This deduplicates a ton of Python logger-creation code to use a single
standard implementation, so we can avoid copy-paste problems.
2017-08-27 18:31:53 -07:00
Tim Abbott 70e16da81c decorator: Fix request.user handling of remote servers.
The refactor in b46af40bd3 didn't
correctly translate the code for managing request.user and
request._email, resulting in requests for the push notification
bouncer being rejected with this exception:

AttributeError: 'AnonymousUser' object has no attribute 'rate_limits'
2017-08-27 16:35:17 -07:00
Tim Abbott eeabed9119 models: Add new get_user_profile_by_api_key helper.
This results in a slight performance increase.
2017-08-24 23:17:08 -07:00
Tim Abbott ffafa05bd5 decorator: Remove unnecesary import. 2017-08-24 23:16:31 -07:00
Tim Abbott 8b0c0c33b5 login: Fix logging for login/register actions.
Previously, Zulip's server logs would not show which user or client
was involved in login or user registration actions, which made
debugging more annoying than it needed to be.
2017-08-24 16:29:27 -07:00
Tim Abbott 5206dad373 decorator: Fix is_browser_view handling of e.g. mobile apps.
We may end up with some endpoints that could be the browser or the
mobile apps, and we want the right default to happen here.
2017-08-24 16:26:57 -07:00
Tim Abbott 7ffc107061 decorator: Rename is_json_view to is_browser_view.
This improves clarity, now that we're planning to start logging in the
login/registration pages, which aren't browser views.
2017-08-24 16:25:08 -07:00
Tim Abbott fd1b8c7a3c decorator: Fix SOCKET requests being broken with REALMS_HAVE_SUBDOMAINS.
This code path broken in a recent refactoring meant that sending
messages via websockets didn't work if REALMS_HAVE_SUBDOMAINS.
2017-08-15 19:22:17 -07:00
Tim Abbott 93aa28ed08 decorator: Clean up ugly validation comment. 2017-08-15 10:55:32 -07:00
Tim Abbott 5a63ea0170 decorator: Extract validate_account_and_subdomain and deduplicate.
This fixes the significant duplication of code between the
authenticate_log_and_execute_json code path and the `validate_api_key`
code path.

These's till a bit of duplication, in the form of `process_client` and
`request._email` interactions, but it is very minor at this point.
2017-08-15 10:54:23 -07:00
Tim Abbott 127222e7e5 decorator: Clean up process_client call with positional argument. 2017-08-15 10:54:23 -07:00
Tim Abbott 0262609c3d decorator: Use validate_api_key in api_key_only_webhook_view code path.
This completes the effort to deduplicate the main code of our
authentication decorators.
2017-08-15 10:54:23 -07:00
Tim Abbott 319ea62cd9 decorator: Extract zerver/lib/profile.py.
This lets us remove this debugging function from our core
authentication codebase.
2017-08-15 10:54:23 -07:00
Tim Abbott 077c05fc78 decorator: Remove ancient client_name hack for iOS.
The old iOS app has been gone from the app store for 8 months, never
had a huge userbase, and its latest version didn't need this hack.  So
this code is unlikely to do anything in the future; remove it to
declutter our authentication decorators codebase.
2017-08-15 10:54:23 -07:00
Tim Abbott b46af40bd3 decorator: Refactor more code into validate_api_key. 2017-08-15 10:54:23 -07:00
Tim Abbott 5d2d939310 validate_api_key: Stop using 'profile' local variable. 2017-08-15 10:54:23 -07:00
Tim Abbott 25ec30dcf1 decorator: Deduplicate validate_api_key by using new helper function.
This should eliminate a bunch of duplicated code between these two
code paths.
2017-08-15 10:54:23 -07:00
Tim Abbott 5b8d04e18f decorator: Remove now-unnecessary cast. 2017-08-15 10:54:23 -07:00
Tim Abbott 5ebe507c9b decorator: Fix check for incoming webhook bots and move later
The check itself was correct, but the error message was in fact the
opposite of what this check is for.  In other words, the only things
these users can do is post messages, and the error message when you
tried to do something else was to tell you that the user can't post
messages.
2017-08-15 10:54:23 -07:00
Tim Abbott 3c37795675 decorator: Add localhost/Tornado hack to access_user_by_api_key.
This should make it possible to share that code with other code paths.
2017-08-15 10:54:23 -07:00
Tim Abbott 1144eed48b decorator: Clean up 'profile' variable reuse. 2017-08-15 10:54:23 -07:00
Tim Abbott a2011b5a48 decorator: Simplify control flow in validate_api_key.
This technically changes the behavior in the case that
!settings.ZILENCER_ENABLED but is_remote_zulip_server(role).
Fortunately, that case is mostly irrelevant (in that remote zulip
servers is a Zilencer feature).  The old behavior was also probably
slightly wrong, in that you'd get a zilencer-specific error message in
that case.
2017-08-15 10:52:46 -07:00
Tim Abbott a6647f335f decorator: Reorganize remote Zulip server code into one block. 2017-08-15 10:51:29 -07:00
Tim Abbott 052e173aae decorator: Simplify invalid API key error messages. 2017-08-15 10:51:29 -07:00
Tim Abbott 928a93bb9a decorator: Swap order of remote server if statements. 2017-08-15 10:51:29 -07:00
Tim Abbott 3157618b80 decorators: Extract access_user_by_api_key. 2017-08-15 10:51:29 -07:00
Umair Khan ef1b880082 rate_limiter: Upgrade api_calls_left to generic API. 2017-08-02 18:01:39 -07:00
Umair Khan 81e2128774 rate_limiter: Upgrade incr_ratelimit to generic API. 2017-08-02 18:01:39 -07:00
Umair Khan dd281367ae rate_limited: Upgrade is_ratelimited to generic API. 2017-08-02 18:01:39 -07:00
Tim Abbott 04729a0e79 mypy: Remove some now-unused type: ignores. 2017-07-27 16:12:26 -07:00
Greg Price a5597e91a1 exceptions: Move zerver/exceptions.py under zerver/lib/.
Seems like a more appropriate place for it.  Preparation for
moving a bit more into that file.
2017-07-24 16:41:22 -07:00
Greg Price e18baff32c JsonableError: Rename message from `error` to `msg`.
The whole thing is an error, so "message" is a more apt word for the
error message specifically.  We abbreviate that as `msg` in the actual
HTTP responses and in the signatures of `json_error` and friends, so
do the same here.
2017-07-24 16:41:22 -07:00
Eeshan Garg a24ea56c53 decorator: Handle invalid JSON in api_key_only_webhook_view.
Exception logging within api_key_only_webhook_view fails when
ValueError is raised if the request.body passed to ujson.loads
isn't valid JSON. In this case, we now just convert the payload
to a string and log that. This allows us to inspect JSON payloads
that aren't being decoded properly.
2017-07-19 10:42:35 -07:00
Vaida Plankyte 8c4ee83980 decorator.py: Use the singular 'they' pronoun. 2017-07-05 09:27:43 -07:00
Umair Khan 1e9c87855c Django 1.11: is_authenticated is now a property. 2017-06-13 15:04:04 -07:00
Aditya Bansal 4679da87c4 pep8: Add compliance with rule E261 decorator.py. 2017-06-04 09:18:22 -07:00
Ethan d1bd19a1b8 mypy: correct user_passes_test first argument. 2017-05-25 15:41:48 -07:00
Ethan c284d913cc mypy: request.body is bytes, should be str. 2017-05-25 15:41:46 -07:00
Umair Khan 4e2a6834d8 authenticated_rest_api_view: Use is_remote_server.
Using is_remote_server is more readable and future-proof since
it provides a level of abstraction.
2017-05-16 12:26:55 -07:00
Tim Abbott 0b46be2fed Avoid UserActivity logging for RemoteZulipServer requests.
We had a somewhat messy bug where we were sending invalid entries to
the UserActivity queue when using the push notification bouncer.
2017-05-15 17:15:01 -07:00
Eeshan Garg 10dcc99983 zerver/decorators: Log all exceptions raised in api_key_only_webhook_view.
Fixes #4742.
2017-05-13 14:53:47 -07:00
Umair Khan faf190ff34 validate_api_key: Use is_remote_server. 2017-05-11 12:02:26 -07:00
Rishi Gupta e46cbaffa2 email: Remove Mandrill pathways and dependency.
Everything it was doing (send_future_email) can now be done using
ScheduledJob.
2017-05-05 14:38:23 -07:00
Eeshan Garg e87e246fcb zerver/decorator: Set request.client in api_key_only_webhook_view.
Previously, api_key_only_webhook_view passed 3 positional arguments
(request, user_profile, and client) into a function. However, most
of our other auth decorators only pass 2 positional arguments. For
the sake of consistency, we now make api_key_only_webhook_view set
request.client and pass only request and user_profile as positional
arguments.
2017-05-01 23:44:07 -07:00
Maxim Averin 73a1dd63d5 analytics: Refactor legacy 'zulip_internal' decorator.
Rename 'zulip_internal' decorator to 'require_server_admin', add
documentation for 'server_admin', explaining how to give permission
for ./activity page.

Fixes: #1463.
2017-04-22 11:42:02 -07:00
Tim Abbott cddee49e75 Add support infrastructure for push notification bouncer service.
This is an incomplete cleaned-up continuation of Lisa Neigut's push
notification bouncer work.  It supports registration and
deregistration of individual push tokens with a central push
notification bouncer server.

It still is missing a few things before we can complete this effort:
* A registration form for server admins to configure their server for
  this service, with tests.
* Code (and tests) for actually bouncing the notifications.
2017-04-18 23:03:06 -07:00
Tim Abbott ae788b2e98 zilencer: Remove decorators Deployment code. 2017-04-18 23:00:10 -07:00
Tim Abbott cbc731963f decorator: Add support for Django internal_notify_view. 2017-04-18 09:59:07 -07:00