Commit Graph

549 Commits

Author SHA1 Message Date
Tim Abbott ab04d6f403 check_send_message: Don't use json_success/error directly.
This is preparation for using it from internal_send_message as well.

(imported from commit 000784be7b40e0c93b38a5a916a4a915335ea821)
2013-03-18 16:15:11 -04:00
Tim Abbott fb77af8f10 Refactor send_message_backend to do checking in new function.
This is preparatory for using this new arguments checking function in
internal_send_message as well.

(imported from commit 578e09c50b8a700c019c7dd235b2d9527af34e39)
2013-03-18 16:15:11 -04:00
Tim Abbott 14efaea0bb send_message_backend: Reorganize subject argument checking.
(imported from commit 80daa46f47e7e5279f746db89b3632eeadb27325)
2013-03-18 16:15:11 -04:00
Tim Abbott c1d3a5b5e5 Use more caching of UserProfile objects in views.
(imported from commit 3abcceeb4fac1cfa5a9944a6455c60f6512dce6e)
2013-03-18 16:15:10 -04:00
Tim Abbott a23f6be28d Cache the results of Recipient queries in our memcached cache.
(imported from commit a6ba25a9c62d2738e4738b076370e4b2bc0ffaba)
2013-03-18 16:15:10 -04:00
Tim Abbott 9c2a9eb288 send_message: Avoid querying the stream object twice.
(imported from commit c23aab232a40195d92ae4b0e68af390c3b6b20ad)
2013-03-18 16:15:10 -04:00
Keegan McAllister 45eb9bcf47 tests: Disable tutorial through the server side variable needs_tutorial
This fixes a nondeterministic test failure for me.

The first message sent in the test suite appears to get dropped.  I don't know
why this is, and I'm pretty sure it was an existing bug.  This message used to
be the one disabling the tutorial, which might explain why that didn't always
work.

Regardless, this commit at least makes the test suite usable, and we can work
on fixing that bug later.

(imported from commit 063e40871b9883e3a6dab93a4e0a51c5b2dae4b7)
2013-03-18 13:46:46 -04:00
Zev Benjamin b08dbdfe48 blueslip: Send the user agent string back with the error report
(imported from commit ed77877465b1497cd3d78753c3398329302075ff)
2013-03-15 17:30:07 -04:00
Tim Abbott 7e456ddba7 Cache get_status_list output for up to a minute.
This should substantially decrease the amount of server load generated
by the userpresence system.

I tested that this indeed was indeed saving one query on
/json/update_active_status requests on my laptop with 2 users from the
humbughq.com realm logged in.

(imported from commit 03e9d4eb95b9f664d489862684ae162db2076e08)
2013-03-15 16:37:41 -04:00
Leo Franchi 4a23959b11 Remove pointer_updater param as it is no longer used
(imported from commit 80cc4a6d4c24660087981b1132ca2ed44c86a424)
2013-03-14 13:35:28 -04:00
Leo Franchi 7c7822601f Use request._client to detect a mobile pointer update
(imported from commit d06606ded33bc598e1bdb4b33279ce92b098ed02)
2013-03-14 13:35:28 -04:00
Tim Abbott 99d4bc114b Move Zephyr mirroring liveness check to the UserPresence queries.
It's closer to a presence query than an update, and more importantly
this moves this out of Tornado -- previously Tornado was spending at
least 3ms per recipient on messages sent to the MIT realm fetching all
this data to return back to users.  This should save around 100ms per
message sent to a popular stream the MIT realm -- but more
importantly, each such event is 100ms during which Tornado is not
processing other messages.

(imported from commit 134169f0fdcd9f6640fda957edc4a28b07783d8e)
2013-03-13 17:41:29 -04:00
Leo Franchi e82b408be9 Add a shim for mobile clients to update new read flag
(imported from commit e8e269156ea671e590589f48f8494c25380a2dde)
2013-03-13 14:14:45 -04:00
Leo Franchi 93a3f14c43 Add backend support for handling new 'read' message flag
(imported from commit 6194e9332caa2d279cbc304f0d6a69f969aa9a72)
2013-03-13 14:14:45 -04:00
Leo Franchi 6a53d1c35d Add flags to dict in load_old_messages
(imported from commit 7f68ea97a424aa0b01983258dbf6e9a2a07a732a)
2013-03-13 14:14:45 -04:00
Zev Benjamin 1109d20149 Send browser errors back to the server
(imported from commit 8c676017e8b3fc4f17552db15d32266099dba8f2)
2013-03-13 10:55:33 -04:00
Waseem Daher 33dc3a2fb7 Properly start tutorial on first run, even if you have new messages.
We were previously having an issue where the tutorial could
be pre-empted if you got a few messages while you were first
logging in.

I have some reservations about this being slightly fragile, and a
better approach might be to just have a bit that we use to determine
whether or not you've already seen a tutorial. (Or potentially that
checks whether or not you've ever sent a message.)

(imported from commit f8858f64a36bcd25887b76314caff283929f340c)
2013-03-12 09:56:57 -04:00
Jessica McKellar a8d6bd3322 Remove some unused imports.
(imported from commit bb8311848ca24fbb1fb1b3df8f8b4403eb38ce1c)
2013-03-11 16:47:03 -04:00
Jessica McKellar 2314809d73 Auto-color streams.
(imported from commit b669f864b0574e9e9af282ccb8783ccfaa12adfd)
2013-03-11 16:47:03 -04:00
Leo Franchi 9466addbe2 Allow negative anchor param to get_old_message
When narrowing, we use the selected id in the home view as the anchor,
and if the user is new and hasn't selected any messages yet (or moved
the pointer since first using humbug), their home view selected message
will be -1. Rather than failing to get_old_messages for any narrows starting
from that point, return all matching messages.

(imported from commit 72cfe392d9ac01ed41abc8eadf0f47240e374665)
2013-03-11 15:11:24 -04:00
Tim Abbott 254bc9f361 Attempt to render messages before accepting them from the user.
This fixes trac #407.

(imported from commit e33647eec32266790f864d14ad377d51956d2a6f)
2013-03-08 17:24:33 -05:00
Waseem Daher 68fc8e161f github: Suppress pull request notifications for CUSTOMER18.
(imported from commit adacd7ef23b1762276888c9bda5c69fd6c89ede4)
2013-03-07 22:15:54 -05:00
Waseem Daher 68e7a052cb Remove the link to 'activity' from the gear menu.
I find that I never use it, and I don't totally like our
experience in the app to be different from our users'.
Admittedly, this is a small way in which that's the case :)

Finally, since we do usability studies in @humbughq.com,
the link appears there too, and I'd like it not to.

(imported from commit 1225c4ae79de52fa98b21ce00a6542df76b667ea)
2013-03-07 13:12:45 -05:00
Waseem Daher 4ea7ac102f Allow internal_send_message to send cross-realm stream messages.
Prior to this change, any stream message sent by internal_send_message
could only be in the realm of the sender.

This was a problem most notably for... the tutorial bot, with the
hilarious consequence that the tutorial worked fine in humbughq.com,
but failed to start anywhere else.

(imported from commit 33a904a28e3a57e1a2cf9172c2e2a75b50967a50)
2013-03-06 23:04:57 -05:00
Reid Barton 6bb9ad4e3c Avoid cross-site logout attacks
Require POST method for /accounts/logout. This has the side effect of
automatically enabling Django's CSRF protection.

(imported from commit 44b1b6ebaadc1c03006e21ae54ac768e31234801)
2013-03-06 19:10:04 -05:00
Waseem Daher f7d189feb8 Don't send GitHub notifications (for CUSTOMER18) if not to master.
People make throwaway branches all the time, and we don't
want to spam them.

(imported from commit 0e7b628573ad1a6a7f49d3c4b4135c7d3a911834)
2013-03-06 17:30:52 -05:00
Tim Abbott 27d91eb9ea Fix including debug.js when DEBUG=True.
Previously, it wasn't actually included in the index.html templates.

(imported from commit b9f9903e0daa808ec1f6ff966309cbc4eef9b9fd)
2013-03-06 11:36:15 -05:00
Waseem Daher ca127f8228 Allow tutorial bot to send messages to a stream.
But only allow them to send to tutorial-<<your username>>.

The idea being that this helps reduce potential abuse from this JSON
call. (Because otherwise, anyone could call into this endpoint and
have the tutorial bot send random messages to random peoples's
streams.)

(imported from commit 471d4348d7ad43858b5df240e4f1dceba006aab6)
2013-03-05 23:46:10 -05:00
Tim Abbott 36bb39ede9 Fix improperly case-sensitive narrowing by subject.
(imported from commit 24403f0815e46f21000f7d5a5b59bfdfe3448ddf)
2013-02-28 17:49:57 -05:00
Tim Abbott 1e9a85ff05 Fix use of case-sensitive comparisons on email addresses.
(imported from commit d420169640a9f9c034b3d9ded207e583691f6652)
2013-02-28 17:49:57 -05:00
Tim Abbott 49af19aa71 Add support for narrowing by a message's sender.
Fixes #972.

(imported from commit 2514d14c94a071f2b3e6149a2bdaeaa00e0c847f)
2013-02-28 17:49:57 -05:00
Jessica McKellar 6a56ed0c94 Add a button on the Settings page to declare Humbug bankruptcy.
(imported from commit 6ca635e997ada54b816abe3425980102ad8f5d2c)
2013-02-27 18:16:51 -05:00
Jessica McKellar ff62ac96e6 Extend get_profile to also be a JSON request.
(imported from commit 38e0d5a9aa2498ffcdfa65b07283a456257feafd)
2013-02-27 18:16:50 -05:00
Jeff Arnold fcd033e33e [schema] Save enter_sends on the server in the database.
(imported from commit 4d82f6aaf5918f155a930253c9cc334dbcc0d97a)
2013-02-27 17:25:29 -05:00
Keegan McAllister cc19afd0fe Re-enable desktop notifications in automated testing
After c1d98239 the function works in CasperJS as well.

Reverts some of 90f4d6ac3ddb387e74051b9af2c230698fa94479.

(imported from commit 3579df33930bb34dc081908b84900905eee6d270)
2013-02-26 18:02:20 -05:00
Keegan McAllister 56d183ea06 Remove lurk mode from web client and API examples
See #796.

(imported from commit e238ce571c3f30d8312b630df7048ad1d9cad6d2)
2013-02-21 15:11:10 -05:00
Waseem Daher 163c9c8d75 Add a JSON call that causes the tutorial bot to send you a message.
The idea here is: part of the onboarding tutorial is going to
be you talking to the tutorial bot and it talking to you, from
our Javascript.

The reason it's driven by Javascript is that then in principle we can
do nice stuff like making popovers appear in places to point things
out to you, whereas if we were to do it strictly server-side, doing so
would be a lot harder.

The downside to doing it in Javascript is that you don't get any of
the Markdown rendering, since that happens on the server. So instead
we add this call where you give it a message, and it responds by
having the tutorial bot send you that message.

I don't think there are any security concerns here because
(1) The bot only messages you -- so you can't use it to make someone
    else think that the system is telling them to do something
(2) If there were an issue associated with having the server parse
    arbitrary Markdown, you could just trigger the issue by sending
    a message yourself.

(imported from commit b34f594dab6be6bcb81899278ae1cbe447404468)
2013-02-20 23:04:49 +00:00
Zev Benjamin 061aaea601 Use plainto_tsquery instead of to_tsquery
This will discard punctuation symbols in the Postgres search and also prevent
syntax errors when users try to submit queries with symbols that to_tsquery
interprets as special syntax (such as '|' and '&').

Fixes #906

(imported from commit 3e3a0d6ae3d4a516beb8a5846f06065294ca9457)
2013-02-15 16:18:02 -05:00
Tim Abbott 1612b5c045 Fix sending messages to numeric stream names.
json_to_foo will raise a ValueError if the JSON passed to it is just a
string containing a number, e.g. "1".

Traceback (most recent call last):
  File "/home/tabbott/humbug/zephyr/views.py", line 711, in extract_recipients
    recipients = json_to_list(raw_recipients)
  File "/home/tabbott/humbug/zephyr/decorator.py", line 289, in json_to_list
    return json_to_foo(json, list)
  File "/home/tabbott/humbug/zephyr/decorator.py", line 282, in json_to_foo
    raise ValueError("argument is not a %s" % (type().__class__.__name__))
ValueError: argument is not a list

Fixes #776.

(imported from commit 0c123a610c009eda9004cf0b0b53d60695c4e8d5)
2013-02-13 13:08:40 -05:00
Luke Faraone ea7005e8e3 Rename is_active to is_inactive.
The purpose of the validator is to ensure the user isn't active, so
let's correctly test for that here.

(imported from commit 772ddb901098f78750efab274405a10f36c49232)
2013-02-12 16:15:29 -05:00
Luke Faraone 54a19e9091 Check whether users are active, not whether they are nonunique.
Previously we checked and bailed when there was a user registered with
an email address, regardless of active status.

This meant that MIT users who had inactive accounts autocreated had
issues where they would be confusingly told they were signed up even
though they had never taken any action on our site directly.

Now we instead check whether there are any current *active* user
accounts with that email address, and proceed with generating an
activation link if the user lacks a corresponding active account.

Security implications of this commit come into play if we start
implementing removing users ability to sign in as deactivation. Since we
lack a user removal story here, this isn't terribly concerning yet and
we'll revist this code when we decide to add such functionality in the
future.

This resolves trac #581 and #631.

(imported from commit c3fb93ce065e63e19b41f63c1f27891b93b75f86)
2013-02-12 15:31:06 -05:00
Tim Abbott 62c632ceef presence: Fix loop making database queries.
The previous select_related didn't properly get the User object,
containing the email address, and thus would make one query per user
with presernce information.

(imported from commit 3341bc5a65387030fa8737b03ca43f79089ef56b)
2013-02-12 14:52:59 -05:00
Keegan McAllister 6fba03a0a4 activity: Use select_related when querying UserActivity records
On my dev machine this cuts /activity load time with lots of users by more than
2/3.  I expect the gains will be even greater in production due to the greater
relative cost of database queries.

(imported from commit 0391cb29f66b618b4b99902d9fb9ab0a6cff0cb3)
2013-02-12 13:46:16 -05:00
Leo Franchi 78ffe36c2d Hide users list for MIT
(imported from commit 4e9dcef483e0c0d85ba2e7511f1abfa4da06be9e)
2013-02-12 12:30:52 -05:00
Leo Franchi 0a0c4bb9a0 [manual] Use rabbitmq for asynchronous presence updating
Note: When deploying, restarting the process-user-activity-commandline script is needed

(imported from commit 63ee795c9c7a7db4a40170cff5636dc1dd0b46a8)
2013-02-11 18:05:57 -05:00
Leo Franchi 31f87481d0 [manual][schema] Add an API for user presence (idle) information
Adds a new db table for storing presences, and an API for setting
an individual user's idleness as well as fetching all idle status
for all users in a realm

(imported from commit 5aad3510d4c90c49470c130d6dfa80f0d36b0057)
2013-02-11 18:05:57 -05:00
Jessica McKellar 3a39ac76c4 Add a new /get_members API query.
(imported from commit ced7c74212210a1fcee03c1c402dca9b42483d11)
2013-02-11 13:45:46 -05:00
Luke Faraone 8dbda2cd64 Use full emails rather than just usernames in /activity.
(imported from commit c0397d6429fe85f0bd6e57731dd2132ed1e11b85)
2013-02-11 10:33:16 -05:00
Keegan McAllister c5644cff12 notify_new_user: Remove code specific to customer29.invalid
(imported from commit 4ac29251ccbfafb4a7c2dd9d7b200474d68505d9)
2013-02-08 13:33:28 -05:00
Keegan McAllister d68674be83 Remove CUSTOMER30-specific account views
Reverts c4b6f744 (inexactly, since there are some other changes along the way).

(imported from commit 5c7294fb13cd0bc523ae55c137dc5254b7cb0121)
2013-02-08 13:33:28 -05:00