No need for an 'if' if we're just returning a boolean. And using
QuerySet.exists() should be a little more efficient.
(imported from commit 69ec3cc9f2fe904ec40ea3b8a8687a06cd03f3f3)
login_required_api_view is misleadingly named. It accepts neither a Django
login session nor login credentials (username / password). The intent here is
authentication, whether stateful (login) or stateless (API key).
(imported from commit 7e9be552168396b399116737655bd7267fd5c1a3)
We've had multiple requests from MIT zephyr users to allow
non-alphanumeric stream names, and we haven't decided what we want to
allow, so for now allow everything.
Note that the web client and mirror script limit stream names to 30
characters, which is our database limit.
(imported from commit 2acb5ee04e5ee7c40031ac831e12d09d04bbb2e6)
This is what caused our server to hang when receiving certain messages
over the last couple days. It was introduced by me making in the
assumption that doing the same thing we did after validate_notify
failed was a correct way to immediately return from
notify_new_message, which it was not. The code of validate_notify
actually finished the handler in the event that validation failed,
which isn't "correct", but did not manifest in a visible problem.
The correct way to trigger an immediate response from a tornado view
is to just return the value, not call handler.finish() and then return
None.
Similarly, the correct way to trigger longpolling from a tornado view
is to either return None (or equivalently, / drop off the end of the
function) or return a generator.
(imported from commit 5b931248b4650fc88d5d68f5936a95f19e097af9)
Here we introduce a new manage.py command, activate_mit, which takes a
number of usernames and sends out emails to the users with instructions on
how to activate their accounts.
(imported from commit f14401b55f915698e83ff27b86434f53e64685f3)
If we have other pages that require login, we might want them to redirect to
the login form. But the root of the site should take you to /accounts/home --
but only after we launch the product.
(imported from commit b5d10e1c908f1ffe1ee68c2689691ca66c896786)
The get_profile API call now returns a client_id, which an API user
can pass to update_pointer and get_messages (note that clients still
need to pass a pointer argument to get pointer updates). This
client_id is currently the equivalent of the website's session key,
but the website might get client_ids in the future to distinguish
browser windows.
This commit differs from 88f6cf0033c849af88d1b99da3bdc2148dfbb6fe in
that it uses request.POST.get("foo") instead of request.POST["foo"].
For some reason the latter triggers CSRF errors.
(imported from commit b2a4a7322d16dbf241cd6eef146621c79d84cafc)
This reverts commit 88f6cf0033c849af88d1b99da3bdc2148dfbb6fe.
It seems to have broken API users.
(imported from commit 2f861ebc016076547092421f87dbcac00a65e2f6)
The get_profile API call now returns a client_id, which an API user
can pass to update_pointer and get_messages (note that clients still
need to pass a pointer argument to get pointer updates). This
client_id is currently the equivalent of the website's session key,
but the website might get client_ids in the future to distinguish
browser windows.
(imported from commit 88f6cf0033c849af88d1b99da3bdc2148dfbb6fe)
This is similar to the previous "reason_empty" variable, but captures
why we've returned from the call even when there are updates and all
the reasons if there are multiple. For now, it's useful for debugging.
(imported from commit fd8d9e859660e51b57178d066b184f831b71a0b6)
Keegan McAllister
Tim Abbott
Jessica McKellar
Zev Benjamin
Luke Faraone
Waseem Daher