Commit Graph

219 Commits

Author SHA1 Message Date
Waseem Daher e1e7978fae "Lead designer" job posting.
(imported from commit 1f9e00e45f69d47842524d715fe5e8a8a4a8b7df)
2013-03-19 13:28:53 -04:00
Zev Benjamin f3f1205522 Use verify-full when connecting to the database
Now that we can use our servers' DNS names internally, using
verify-full gives us a little bit of extra security.

(imported from commit 3a3715fa8a59851d4543112a55b5c6b24981442e)
2013-03-19 12:15:24 -04:00
Tim Abbott 34021ffc29 debugging: Add commented-out code in settings.py to log all queries.
This is often useful when working on a local development system and so
seems worth putting in the code, but is so verbose that it probably
doesn't make sense to have on by default in development.

(imported from commit ddb7ae4c83136f96d69368a245ed64e7daf66f34)
2013-03-18 16:15:11 -04:00
Keegan McAllister ff745e46ae Use Postgres on all Linux dev machines
(imported from commit fe4dcc186debe726ffc146881dd8c6022c192c8b)
2013-03-18 15:14:40 -04:00
Keegan McAllister 45eb9bcf47 tests: Disable tutorial through the server side variable needs_tutorial
This fixes a nondeterministic test failure for me.

The first message sent in the test suite appears to get dropped.  I don't know
why this is, and I'm pretty sure it was an existing bug.  This message used to
be the one disabling the tutorial, which might explain why that didn't always
work.

Regardless, this commit at least makes the test suite usable, and we can work
on fixing that bug later.

(imported from commit 063e40871b9883e3a6dab93a4e0a51c5b2dae4b7)
2013-03-18 13:46:46 -04:00
Waseem Daher 797b5ee63f Add page describing our Humbug apps.
(imported from commit 2e071782a13a497e57225b2a84c41d58f5e120b5)
2013-03-15 19:16:44 -04:00
Tim Abbott 9ae583b910 Use the User/UserProfile caches for Django requests too.
Previously we only used these caches for Tornado requests, because we
were not updating memcached when e.g. the user's pointer changed, and
so functions like update_pointer would not work correctly.

Now that we are updated memcached when the User and UserProfile
objects change, we can use these for all requests.

This saves 2 database queries on every Django request to the server.

(imported from commit aa5bffd885d14bde38b95e80a226bd5ab66f253d)
2013-03-15 18:09:34 -04:00
Tim Abbott 07b72c4901 settings: Add docs on how to properly test our email handler.
(imported from commit e6ad4f517169ca47a32bb853a30aab7a634e7979)
2013-03-15 14:53:17 -04:00
Tim Abbott c098520bbd Move the key functions for various caches to cache.py.
(imported from commit b04826533c32516cc2eef3b35263a40385ae7be4)
2013-03-14 15:07:41 -04:00
Leo Franchi 93a3f14c43 Add backend support for handling new 'read' message flag
(imported from commit 6194e9332caa2d279cbc304f0d6a69f969aa9a72)
2013-03-13 14:14:45 -04:00
Zev Benjamin 09cf339c2b blueslip: Handle exceptions from jQuery event handlers and $(document).ready functions
We treat these exceptions the same way we treat fatal errors: report
the error message to our server and then allow the exception to reach
the top level.

We could also override document.onerror, but don't.  There are a
couple of ramifications of this:
* Exceptions caused by event handlers directly attached to DOM
  elements aren't handled
* Exceptions caused by code at the top level that triggers an error
  (such as parse errors in our Javascript files) aren't handled

The reason we don't override document.onerror is because the
document.onerror handler has a limited interface and doesn't receive
the exception object.  It only gets the message, file, and line
number of the error.  Additionally, exceptions that we allow to
propogate out of blueslip trigger an onerror event when they're never
caught.  In order to avoid handling the error twice (once by blueslip
and once by the onerror handler), we'd have to encode the fact that
the error has already been handled in the error message, which is
pretty ugly.

(imported from commit 7f049ae519dc198a9f7cfd41fd5dd18e584bd061)
2013-03-13 10:55:34 -04:00
Zev Benjamin 1109d20149 Send browser errors back to the server
(imported from commit 8c676017e8b3fc4f17552db15d32266099dba8f2)
2013-03-13 10:55:33 -04:00
Tim Abbott f160703f4a [django 1.5] Use new class-based views in urls.py.
These have been the recommended way to do generic views since Django
1.3, and the old-style views (previously deprecated) are gone in
Django 1.5.

(imported from commit 45938f452bd6aa363f7ccdbac9f2297d1b1b5e7b)
2013-03-12 14:45:45 -04:00
Tim Abbott 710358db8c Set the database cache's to essentially never timeout.
(imported from commit f6fdbfe52536c5458130db3a907b8b8f81163fa4)
2013-03-12 11:16:58 -04:00
Tim Abbott dd8759acc3 Increase the third_party_api_results cache size.
(imported from commit 2555dcb3913650d72e307017df721b7665ff2e4b)
2013-03-11 15:24:59 -04:00
Tim Abbott 967743ddab Fix database cache settings for !DEPLOYED systems.
(imported from commit 0805c17a6bc5d0f1438d6fd1b1ce739d1162d09e)
2013-03-11 15:24:59 -04:00
Zev Benjamin dc0913077a Add a new frontend error-reporting system
The new system, called blueslip, makes errors fatal when in debug
mode and only output a message when running in production.  In the
future, it could also send user errors back to us automatically.

(imported from commit 1232607c0311e885c8b5a5e8a45ffb28822426e0)
2013-03-11 13:22:12 -04:00
Tim Abbott d679a72952 [manual] Cache results of the Twitter API in the database.
This should substantially improve the repeat-rendering time for pages
with large numbers of tweets since we don't need to go all the way to
twitter.com, which can take like a second, to render tweets properly.

To deploy this commit properly, one needs to run

./manage.py createcachetable third_party_api_results

(imported from commit 01b528e61f9dde2ee718bdec0490088907b6017e)
2013-03-11 13:15:55 -04:00
Reid Barton 6bb9ad4e3c Avoid cross-site logout attacks
Require POST method for /accounts/logout. This has the side effect of
automatically enabling Django's CSRF protection.

(imported from commit 44b1b6ebaadc1c03006e21ae54ac768e31234801)
2013-03-06 19:10:04 -05:00
Tim Abbott e63033f8b1 settings: Decrease duplicated code in database configuration.
(imported from commit cb89fd7f986e0cf2a5598eedf799da8fa99131da)
2013-03-06 11:36:15 -05:00
Luke Faraone 9c1b2665c0 Rotate database password for local testing.
This does not affect any deployment.

(imported from commit 77d722d19cfe64169055e32a9bf5cd565772f03f)
2013-02-28 15:40:21 -05:00
Jessica McKellar ff62ac96e6 Extend get_profile to also be a JSON request.
(imported from commit 38e0d5a9aa2498ffcdfa65b07283a456257feafd)
2013-02-27 18:16:50 -05:00
Jeff Arnold fcd033e33e [schema] Save enter_sends on the server in the database.
(imported from commit 4d82f6aaf5918f155a930253c9cc334dbcc0d97a)
2013-02-27 17:25:29 -05:00
Luke Faraone 0fe0cf0ffb [manual] Implement backend support for authenticating a user via Google.
This code adds a dependency on python-django-auth-openid, installable as
django-openid-auth from PyPI.

On prod, one needs to run a syncdb in order to create the required
tables. A database *migration* is not required, as these are new tables
only.

(imported from commit c902a0df8d589d93743b27e480154a04402b2c41)
2013-02-27 10:16:54 -05:00
Keegan McAllister cc19afd0fe Re-enable desktop notifications in automated testing
After c1d98239 the function works in CasperJS as well.

Reverts some of 90f4d6ac3ddb387e74051b9af2c230698fa94479.

(imported from commit 3579df33930bb34dc081908b84900905eee6d270)
2013-02-26 18:02:20 -05:00
Waseem Daher 3dfd2fa80f Add a "What is Humbug?" page.
(imported from commit 7197f6cd5f51eec155ccac10c45409bb1a2add58)
2013-02-25 17:23:47 -05:00
Keegan McAllister c5bab96587 Only use PipelineCachedStorage when not DEBUG
(imported from commit 6fea56b15122b9d54184f7c368f7e0113d581424)
2013-02-25 17:19:20 -05:00
Keegan McAllister 49e16b0ba6 Add portico and misc CSS and JS to Pipeline
Fixes #963.

(imported from commit 63ec313a41fd13350657c78356efc16422a5fff1)
2013-02-25 16:18:35 -05:00
Keegan McAllister d31eab9325 Include hash in minified filenames to avoid browsers using stale files
Fixes #853.

(imported from commit f85ebe52df754f488a29c2ad814d582b78aadd14)
2013-02-25 16:18:35 -05:00
Keegan McAllister 1975d7aa16 Set PIPELINE in settings.py so urls.py can read it
(imported from commit 641ff07e83ffa4b5271da311c0660d59e73b3f8f)
2013-02-25 16:18:35 -05:00
Zev Benjamin 814e3d6385 Implement a message list structure for storing messages and related information
(imported from commit 171de93636a215d9357c7fc4ee8fb71696d23fb5)
2013-02-21 13:27:45 -05:00
Waseem Daher b51dc36667 Add a tutorial.js file.
(imported from commit 58b72d08c0cd7815c3c54bd37c4a8033f32cc7ad)
2013-02-20 23:04:49 +00:00
Waseem Daher 163c9c8d75 Add a JSON call that causes the tutorial bot to send you a message.
The idea here is: part of the onboarding tutorial is going to
be you talking to the tutorial bot and it talking to you, from
our Javascript.

The reason it's driven by Javascript is that then in principle we can
do nice stuff like making popovers appear in places to point things
out to you, whereas if we were to do it strictly server-side, doing so
would be a lot harder.

The downside to doing it in Javascript is that you don't get any of
the Markdown rendering, since that happens on the server. So instead
we add this call where you give it a message, and it responds by
having the tutorial bot send you that message.

I don't think there are any security concerns here because
(1) The bot only messages you -- so you can't use it to make someone
    else think that the system is telling them to do something
(2) If there were an issue associated with having the server parse
    arbitrary Markdown, you could just trigger the issue by sending
    a message yourself.

(imported from commit b34f594dab6be6bcb81899278ae1cbe447404468)
2013-02-20 23:04:49 +00:00
Reid Barton 59dab21fcd Render recent dates as weekdays, part 1.
This commit just moves time rendering logic to its own file, and does
not make any functionality changes.

(imported from commit d111d03c6abc8d9550fcf65e4f89eab8056d1ed4)
2013-02-19 15:58:25 -05:00
Keegan McAllister bb5f59d310 Use white text for recipient labels on streams set to dark colors
Fixes #577.

(imported from commit 0518e33b96bc0028fc80d533f6b8ec35fd5cdc04)
2013-02-19 15:33:35 -05:00
Tim Abbott 861cb405f6 Move MIT Zephyr setup instructions to humbughq.com/zephyr.
This makes it possible to point users back at the instructions they
followed originally in the event that their Zephyr mirroring bot has
died.

(imported from commit 24ab2dc0df3dc88f8155d58761a89fe44c111fd9)
2013-02-19 14:17:54 -05:00
Leo Franchi 83011f7f47 Show a user activity list in the sidebar
(imported from commit 95aaa55c7e4cc39f844518b5308866bedf2cd1c5)
2013-02-11 18:05:57 -05:00
Leo Franchi 31f87481d0 [manual][schema] Add an API for user presence (idle) information
Adds a new db table for storing presences, and an API for setting
an individual user's idleness as well as fetching all idle status
for all users in a realm

(imported from commit 5aad3510d4c90c49470c130d6dfa80f0d36b0057)
2013-02-11 18:05:57 -05:00
Jessica McKellar 3a39ac76c4 Add a new /get_members API query.
(imported from commit ced7c74212210a1fcee03c1c402dca9b42483d11)
2013-02-11 13:45:46 -05:00
Keegan McAllister d68674be83 Remove CUSTOMER30-specific account views
Reverts c4b6f744 (inexactly, since there are some other changes along the way).

(imported from commit 5c7294fb13cd0bc523ae55c137dc5254b7cb0121)
2013-02-08 13:33:28 -05:00
Waseem Daher d8b9151a31 Initial documentation page for integrations.
(imported from commit cd73c63306ab7ed8c886c30488d5ab928fac6c06)
2013-02-06 16:53:13 -05:00
Waseem Daher d9a06ba8fd Initial API documentation page.
(imported from commit 06a5e902edf03ab781b30dd80f5fbfbaa790bc0a)
2013-02-04 17:58:12 -05:00
Jacob Hurwitz 61acc58947 Add a notifications bar when there are additional messages out of view
(imported from commit 38fa78f63fd520d0b1f09921ba064cba010a6f99)
2013-02-02 01:16:25 -05:00
Keegan McAllister 638b8d29bc Enable testing minified files in dev
(imported from commit 257b8547849a85c447319d3d211f2c989616ce64)
2013-01-31 15:41:01 -05:00
Keegan McAllister 6990260b59 [manual] Minify JavaScript and CSS in production
Manual deployment steps: The same Nginx reload as for "Get rid of the
static-access-control mechanism".  If deploying both commits at once,
just do it once.

(imported from commit dd8dbbf14b95fce0a4b6f66f462fa0a6b50bfb8c)
2013-01-31 15:41:01 -05:00
Keegan McAllister 5e9b0ba79d [manual] Get rid of the static-access-control mechanism
We will minify our code, rather than trying to restrict who can see the
un-minified code.  Removing access control first simplifies things.

Manual deployment steps:

    scp servers/puppet/files/nginx/humbug-include/app root@staging.humbughq.com:/etc/nginx/humbug-include/
    ssh root@staging.humbughq.com service nginx reload

and then the same for app.humbughq.com once deployed to prod.

(imported from commit 63788aa3fa7ba5fd97fcf85b05760abb5e7cae4b)
2013-01-31 15:34:12 -05:00
Jacob Hurwitz 4d361f8290 Change test_settings to use DummyCache
Previously, our database was cleared between tests but the cache wasn't,
so old database data would end up in the cache and cause unit test
failures. This replaces our cache with a dummy that doesn't actually
cache any data. In the future, if we decide that our tests require an
actual cache, we can return to LocMemCache and simply empty the cache in
the tearDown method of our tests.

(imported from commit 9f4603789a225673a8394614416f201919710261)
2013-01-29 15:56:16 -05:00
Zev Benjamin 11d8cdef6f settings.py: Add 'schema' to database configuration
Django doesn't use this setting, but South consults it when
inspecting tables for their constraints.  The fact that we store our
tables in the 'humbug' schema was causing South to fail to find our
table constraints (it was looking in the 'public' schema) and
therefore throw an exception when we try to remove the unique
constraint in migration 0002.

(imported from commit 4230338a7b78329a759339b2f9fcd277137b7f32)
2013-01-29 12:16:32 -05:00
Zev Benjamin a3037ea91a Revert "Set a wildcard subdomain for the session and csrf cookie domains on staging"
This was to support get_updates sharding, which we never fully
implemented.  We can recommit this change later if we choose to bring
the feature back.

This reverts commit fda2d99d9e9a07951d11fcd9fc61cf229988f471.

(imported from commit aec8203c8d8a94dd6f30089aeee22814d1595fc5)
2013-01-28 13:11:58 -05:00
Tim Abbott 72af050b32 tests: Don't log INFO level request log messages from test suite.
This ends up being really spammy and thus makes real warnings easy to
miss.

(imported from commit e95dbe69137cc962ed3dbcb60cf88757da2e8ea5)
2013-01-24 10:58:51 -05:00