Commit Graph

735 Commits

Author SHA1 Message Date
Zev Benjamin fca8f84c14 [schema] Return highlighted subject and content from get_old_messages() when doing a search
We HTML-escape the subject in Postgres to avoid a server round-trip.
Unlike the rendered_content, which is already escaped and cached on
zephyr_message, we normally escape subjects client-side.  Escaping in
Django would require fetching the messages that match the query,
escaping the subjects, and then making a second query to Postgres to
insert the markup.  We could instead fetch the messages with subjects
marked up using non-HTML (some unique string) that is later converted
into the correct markup either in Django or client-side, but then the
escaping problem would just be with some random string instead of
HTML.  Since the function is pretty simple, doing the escaping in
Postgres itself is the least painful option.

(imported from commit 004931d8e496697c18650aee97b1a74c55a04cb2)
2013-04-30 11:40:27 -04:00
Zev Benjamin 8f17f99de2 Construct ts_queries using the new Humbug search configuration
(imported from commit 813ae86e9ea5f8af3ec2abd7d506cd707e699cdf)
2013-04-27 20:06:26 -04:00
Zev Benjamin aeea631bd2 Add JSON query for checking which of a set of messages are in a narrow
(imported from commit b1320cf0e1404d6b0f3dbf3a5b32b29287c698d7)
2013-04-26 17:45:22 -04:00
Zev Benjamin 6cdc3f67df Only fetch an extra message in get_old_messages if a narrow isn't specified
In the case where we're getting old messages for a narrowed view, the
anchor message id might not actually be in the result set so there's
no reason to fetch an extra message.

(imported from commit e610d1f2cb95be3ff9fce6dc95e40c560bc5bf84)
2013-04-26 17:39:08 -04:00
Tim Abbott 7c001822f2 Use bulk requests for updating memcached in get_old_messages.
Otherwise we end up doing 1000 requests to memcached, which can be
quite expensive.

(imported from commit be247f63b5fb88c6f4a45326261b66ea67fe1028)
2013-04-25 14:43:37 -04:00
Luke Faraone 3bb3bbb1ee Redirect to /accounts/register relative to the current domain.
This ensures that we don't always send you to hhq.c when you use OpenID.

(imported from commit ab4c4cfa201740fbddcaa2e51bc15bfe977e221d)
2013-04-24 14:20:07 -07:00
Luke Faraone c48ff1784c Implement OpenID signups.
This allows users on signup-eligible domains to sign up for Humbug using
Google Apps.

As part of this, we wrap the openid done view in our own code in order to
handle the "Unknown user" error. Therein, we create a PreregistrationUser
and then shunt the user through the rest of the confirmation process, pre-
filling in their name.

(imported from commit 066d9a1021384a6da2662352e62a701451bd6f44)
2013-04-24 12:03:42 -07:00
Zev Benjamin 75bbda1dad Add lower message id bound when marking messages as read for the mobile unread count hack
Having a message ID range significantly improves the query
performance because the number of messages Postgres has to consider
is much smaller.

(imported from commit 9b007457712f1c1502d526abea1b6fd742bd911d)
2013-04-24 11:30:24 -04:00
Tim Abbott 9b8f0fab0f Retrieve message objects from memcached in a bulk request.
On my laptop, this saves about 80 milliseconds per 1000 messages
requested via get_old_messages queries.  Since we only have one
memcached process and it does not run with special priority, this
might have significant impact on load during server restarts.

(imported from commit 06ad13f32f4a6d87a0664c96297ef9843f410ac5)
2013-04-24 10:44:56 -04:00
Luke Faraone 71a91197fa Enable absolute imports.
See PEP 328[1] for details. This feature was introduced in Python 2.5 and
will become mandatory in Python 3.

[1]: http://www.python.org/dev/peps/pep-0328

(imported from commit 7444eeba8a08d5f91b94c7921848f2274979bd76)
2013-04-23 09:51:17 -07:00
Leo Franchi 3c993db1cd Tweak format of signup statsd log
(imported from commit eecc741f76894f2403b8302b8a6114fba0b06c5d)
2013-04-22 11:07:42 -04:00
Leo Franchi 14fd888a08 Handle mime-type if uploaded image specifies it
(imported from commit 716908a528fd21daedd4df4d7a71f7606acce671)
2013-04-19 18:04:49 -04:00
Leo Franchi 082ea8642e [manual] Add support for parsing Pivotal XML activity
This adds a dependency on the python package 'defusedxml'

(imported from commit bd5c7655e636ab1aa945e619e7a0063187bafb83)
2013-04-19 13:46:27 -04:00
Leo Franchi 652b821d64 Add a bunch of statsd logging
(imported from commit 8c17a76fed08c34abab3cc45d76a0fb30774d73a)
2013-04-18 18:05:52 -04:00
Tim Abbott 9e85e6e0b9 Fix ordering constraint on get_old_messages query to UserMessage table.
Amazingly, this saves about 250ms on every get_old_messages query in
my testing on postgres.humbughq.com (previously, we were scanning all
rows in the zephyr_usermessage table rather than using an index).

(imported from commit 566a5ef0bbf3c2198fa9e0b63d34e38ac9c57d18)
2013-04-18 17:15:29 -04:00
Luke Faraone 546a376d1c Move API endpoint docs onto their own page.
(imported from commit 0472c9051ba75e8c8ea4f80941ca9ef3b7ad949e)
2013-04-18 09:57:57 -07:00
Luke Faraone ea7965d9bb Rework API documentation to cover all supported calls.
We now generate our API documentation page based off of JSON source.

(imported from commit 0e8a91ef4278684dbcad89cad39a1977672245fc)
2013-04-18 09:57:56 -07:00
Leo Franchi fb2b3ae21a Handle multiple preregistration user objects when choosing streams
(imported from commit 52faa0256a719bed8a8ccc120f8177cce20450e2)
2013-04-17 15:48:30 -04:00
Jessica McKellar a87e41d66c Make inviting users to your realm case-insensitive.
Before this commit, foo@Bar.com couldn't be invited to bar.com.

(imported from commit 04b16f66a6ec9e157bdc7523972b37432358f5cd)
2013-04-17 13:27:48 -04:00
Tim Abbott 34977a4017 Use a generator comprehension for history messages.
(imported from commit 1f3079cb33ea1feae0290e02778cb383726fd8c9)
2013-04-12 15:43:42 -04:00
Tim Abbott 5ab44f6993 Add note to invite notification on historical messages.
(imported from commit ea3da4bd5b3e461b37b1d5af685d96bf5ecdb847)
2013-04-12 15:43:42 -04:00
Tim Abbott 6f22fb706d get_old_messages: Drop old streams parameter from lurk mode.
Its functionality is now subsumed in what happens if you specify a
stream narrow.

(imported from commit 01fbd1de6ac20a35314511cd065ca36be766c2a1)
2013-04-12 15:43:42 -04:00
Tim Abbott 5e50ba09ff Backend support for historical messages.
(imported from commit d5e3674c66ae2fb54901ffb59baf72e7afcd1e68)
2013-04-12 15:43:41 -04:00
Tim Abbott f933d19826 get_old_messages: Add support for querying just Message table.
This works by rather than hardcoding e.g. "message__recipient",
using (prefix + "recipient") where prefix is either "message__" or "".

(imported from commit 3a27d6499bc869d6dd389b074cb7d7cf286760aa)
2013-04-12 15:43:41 -04:00
Leo Franchi 302cfcd48c Send client information for initial presence and process time differential
(imported from commit 99a51b7cc8b6c51c4e82757a984d07603b2980e3)
2013-04-12 09:11:40 -04:00
Leo Franchi 5d4b2305fe Send presence updates when a new user logs in for the first time, and when returning from inactive
This commit will incorrectly list past-online users as active, a shortcoming that is
addressed in the next commit

(imported from commit b018767df686f88c0ca939c067c573e4d7cea357)
2013-04-12 09:11:40 -04:00
Luke Faraone 1482966b41 Correctly set Content-Type for uploaded files.
Boto usually handles this for us, but can't do autodetection like it
normally would because the file path we tell Boto isn't the original name
of the file.

(imported from commit 1ad4b04baf39be8887c86f7238438580651874ff)
2013-04-11 13:52:10 -07:00
Jessica McKellar 560636e372 views: remove unused imports.
(imported from commit 68f66fe79dfb72671e6a7c79bb98646ec729c701)
2013-04-10 16:57:51 -04:00
Jessica McKellar 7175dc534a Send invitation e-mails asynchronously through RabbitMQ.
This avoids 10s of seconds of delay when you invite several people at
once through the web UI.

(imported from commit 75acdbdb04caf62bbb08affc7796330246d8a00e)
2013-04-10 16:57:49 -04:00
Zev Benjamin f6a6a6b220 Add per-stream desktop notifications
(imported from commit b4a0576847b3aec1495f017ca9805febe80c9275)
2013-04-10 16:11:27 -04:00
Zev Benjamin 7e532a02ad Simplify subscription property views
This also changes the API for GET /json/subscriptions/property to
only retrieve the property for a particular stream instead of
returning all streams and their properties.  We weren't using this
functionality anywhere and the change makes the API more consistent.

(imported from commit 2799aec2550fd0558e2282beb19734d60801bdb8)
2013-04-10 16:11:27 -04:00
Zev Benjamin a2010871e3 Make subscription properties less free-form
(imported from commit eda607c2abfa51d2dadddc7b9ecba3e2d0b5be4d)
2013-04-10 16:11:27 -04:00
Tim Abbott 1b11eeb2bc Simplify the default_subscriptions code path.
(imported from commit 62894a5949621465fcfd8d25372316d7ab495252)
2013-04-09 11:58:07 -04:00
Luke Faraone 28afd7126f Send test uploads to their own bucket.
(imported from commit b47628c410b7732b2b58af42b40369e01da8a250)
2013-04-05 13:07:18 -07:00
Luke Faraone f20f605376 [manual] Add file upload support.
This allows users to drag and drop content onto the compose box, storing
their data in Amazon S3.

New dependencies:
 - python-boto

(imported from commit 339874e483db5c36312c9ceae56db29da6ca0d99)
2013-04-05 13:07:13 -07:00
Luke Faraone f4d00b6af9 [manual] Push new users' data to MailChimp.
This creates a new management command, subscribe_new_users, which should be
run as a daemon process. When new users are created, an event is passed to
RabbitMQ including the following data:
 * Email
 * Full name
 * IP address of the person who confirmed registration
 * Time of registration confirmation

MailChimp strongly encourages the collection of the last two to enable
responses to abuse requests, and providing more data lowers the chance that
we could get banned from their service if complaints do occur.

To use this commit, you need to install the "postmonkey" module from
PyPI.

(imported from commit 20c628c3fa8bb985aaead85a80ad3b38bf94b9dc)
2013-04-05 10:22:26 -07:00
Zev Benjamin d4acc3dd94 blueslip: Add mechanism for reporting additional information
(imported from commit 738bd3b8800e3b67497755580a2b7ccf66bb3829)
2013-04-04 17:42:09 -04:00
Leo Franchi 8fe82085c4 [schema][manual] Automatically subscribe users to default streams only after tutorial
(imported from commit 6511851c0aee2628bef597bf1310d6f96b0fd1d4)
2013-04-04 17:11:39 -04:00
Luke Faraone 86d794c3f8 Updating the pointer is logically a PUT, not a POST.
(imported from commit 191582008c15861639acd882742f22b3fd17445a)
2013-04-03 15:35:59 -07:00
Luke Faraone 50809ca219 Rename process_patch_as_post to process_as_post for generality
(imported from commit c920216176a8b6d4b0172a60b6e65df6a58fc79a)
2013-04-03 15:35:58 -07:00
Leo Franchi aef86a8d45 Use form POST data for beanstalk and add shim for incorrectly-encoded emails
(imported from commit b5debaa02a6a23c01aee1b2beb6fd83e70e50d65)
2013-04-03 10:21:06 -04:00
Zev Benjamin c8acdfb228 Make the default for API-users be apply_markdown=False
This fixes a regression that was introduced when rebasing the event
system branch.

(imported from commit da575e96ebdb4dbcca3a658a10a0f81628f9317c)
2013-04-02 17:04:26 -04:00
Keegan McAllister 5ebd281f38 Serve only the runtime part of Handlebars in prod
(imported from commit 8e55cb99deff680c832502396625b8cb1054e0cb)
2013-04-02 14:44:27 -04:00
Zev Benjamin 369d9ab9e7 Add additional URLs for get_updates activity
(imported from commit 820f0f48abbe99d0ab4a769f8c2f4cafa56dc050)
2013-04-02 14:18:33 -04:00
Zev Benjamin 649119ead5 Allow specifying multiple URLs for a given query name in ActivityTable
(imported from commit 1a3313d27168447025d0c98d72d2f6ab0c32587e)
2013-04-02 14:18:33 -04:00
Zev Benjamin 99f98f77b6 Refactor activity data-gathering a bit
(imported from commit 6d36bf19c5ba70cc4d29bf7340e4c6a7349f1083)
2013-04-02 14:18:33 -04:00
Leo Franchi a406aeadc8 Add beanstalk integration along with tests
Beanstalk integration uses webhooks that use http basic auth to authenticate
the sending user.

(imported from commit bd65f5b2d052a3c1eb04da64d055a3640a384892)
2013-04-02 13:35:42 -04:00
Tim Abbott 1cec86eb2d [manual] Remove now-unused User model.
I think all that one needs to do to deploy this commit is on developer
laptops, run `generate-fixtures --force`.

(imported from commit 34916341435fef0875b5a2c7f53c2f5606cd16cd)
2013-04-02 12:57:10 -04:00
Tim Abbott a8e89962d8 Remove remaining direct usage of the User model.
(imported from commit c494b4e32761e9ce57115da918a86a1d6a0b6971)
2013-04-02 12:07:08 -04:00
Tim Abbott 5dbe8b4c17 [manual] Authenticate using a user_profile as request.user.
When this is deployed to staging, we need to run

./manage.py logout_all_users --realm=humbughq.com

When this is deployed to prod, we need to run

./manage.py logout_all_users

(imported from commit d6c6ea4b1c347f3d9122742db23c7b67767a7349)
2013-04-02 12:07:08 -04:00
Tim Abbott 2fcbb31dcf Access the UserProfile's new is_active field rather than User's.
(imported from commit ed5bdaf3e3d6d20bfb741efdac48d30482ab9ef7)
2013-04-02 12:07:08 -04:00
Tim Abbott 1443edce00 Access the UserProfile's new email field rather than using User.
This is preparatory for stopping using the User model.

(imported from commit a1b0808c8cc2ddd19a25163f91c4f18620c9ce90)
2013-04-02 12:07:08 -04:00
Zev Benjamin 2c08fcca3a Send an event when a subscription is added or removed
We don't yet send events on property changes, though.

(imported from commit 741e6aff7c6ce8b6a1fa48e4d95317d345c6993d)
2013-04-01 13:07:48 -04:00
Zev Benjamin fe45b1c8ad Send an event when a user joins or leaves the realm
(imported from commit fcedba2d9a3e8968e93faa396113cddd5bf36a9d)
2013-04-01 13:07:48 -04:00
Tim Abbott 203e5e17ee Use prereg_user as local variable for PreregistrationUser objects.
(imported from commit 5beb09a8e589bee9e98d36059eb9e0b5ab3c4af3)
2013-03-29 16:18:38 -04:00
Tim Abbott 2223b60dc0 Switch functions like do_activate_user to accept UserProfiles.
Only a few of them took a User as an argument anyway.

This is preparatory work for merging the User and UserProfile models.

(imported from commit 65b2bd2453597531bcf135ccf24d2a4615cd0d2a)
2013-03-29 16:18:37 -04:00
Leo Franchi e546161e8d Handle web hooks from JIRA for integration support
(imported from commit d4db0b850becf42dee6f0a9df7b19c692fef41f1)
2013-03-29 16:14:39 -04:00
Jessica McKellar 07967e7257 Add the ability to narrow to starred messages with `is:starred`.
(imported from commit f1eb552ddd90a1822fa988b60dc13f88f04cfc79)
2013-03-28 16:59:59 -04:00
Zev Benjamin 00e5f904a3 Use do_events_register() in home() and pass the results to the initial page load
(imported from commit 532036c01bde1f5d49c43a96ce6aa496ca77cea9)
2013-03-28 16:57:48 -04:00
Zev Benjamin 3b5bcdf80e Move the guts of event_register_backend to actions.py so it can be called internally
(imported from commit 4747942b03406e8a92f319658fcecb9720226388)
2013-03-28 16:57:48 -04:00
Zev Benjamin 5b20dcf03c Add server-side event filtering based on type
Clients can now request to receive only certain kinds of events,
although they always receive restart events.

(imported from commit 1e72981f8fe763829ab2abde1e35f94cad5c34e4)
2013-03-28 16:57:48 -04:00
Zev Benjamin f2b1de7940 Apply events in register()
(imported from commit 4e30e52d968ceec596ecbabe71d4d9378cc8f7d9)
2013-03-28 16:57:48 -04:00
Zev Benjamin 7248659c4c Return initial data in register()
(imported from commit 5b510ef072790b9e44652542372e3fc88735c356)
2013-03-28 16:57:48 -04:00
Zev Benjamin 6cc70d94f6 Add register() call to event system
(imported from commit 0c9fbfec1866591b2169ce2da2bc2af6003f8f31)
2013-03-28 16:57:47 -04:00
Keegan McAllister 5a58fb3c29 Don't try to use source map in the test suite either
(imported from commit c8392c1572a09128d8b31500b3e94bb9e8888122)
2013-03-28 16:47:11 -04:00
Keegan McAllister 28f9d51aa5 Don't try to use source map when DEBUG
(imported from commit e07fbe0e185df06c98cc38dfb943036f256cb877)
2013-03-28 15:28:58 -04:00
Keegan McAllister 7236c63008 Automatically decode JavaScript stack traces as we send them
(imported from commit 348c464102a43a44c91c79d498cd33e6405ed670)
2013-03-28 14:56:52 -04:00
Luke Faraone 85b4ffbf2e Change matching for client strings in /activity to use __startswith.
This way we can match prefixes, like "API: Foo".

(imported from commit 2acde88e31b4f2f4a418f3930975a5f3a4e9ef2d)
2013-03-28 08:11:37 -07:00
Luke Faraone 8bb944729d Switch get_old_messages to REQ and make the function signature uniform.
Previously user_profile was a kwarg, which was inconsistent with all other
_backend functions.

(imported from commit 6b857bcb2c3c978079af2f6edd367c1804d51988)
2013-03-28 07:53:39 -07:00
Luke Faraone 5d22ee9a76 Create update_subscriptions_backend to allow mass mutation of user subs.
This includes a process_patch_as_post decorator which enables this view
to be invoked as a PATCH on an object.

Hopefully this decorator can go away once POST values are correctly parsed
in Django for PATCH verb invocations.

(imported from commit 6cf9d69cfb9dea5354ea37408566146757b5be54)
2013-03-28 07:53:39 -07:00
Luke Faraone 08e379d23f Add method for retrieving the pointer only.
(imported from commit 2324d3c6cddca73dddca8a24dfa8d61d41236a54)
2013-03-28 07:53:38 -07:00
Luke Faraone a49c37917a Implement generic rest_dispatch method for new API.
(imported from commit 912ee803db03098f195d18648ab98401915fead6)
2013-03-28 07:53:38 -07:00
Luke Faraone 0c0f99ccc6 Split off json_stream_exists to the _backend pattern, rename paramater for consistency.
(imported from commit 61378e9abe716552f69cf11fc0f1fce61de0639c)
2013-03-28 07:53:37 -07:00
Luke Faraone 60075e596f stream_exists_backend now returns a 404 if the stream is not found.
Update tests and compose.js to handle the 404.

(imported from commit d9ba4fe59c34bd14d9198e3365a845888fa04f03)
2013-03-28 07:53:37 -07:00
Luke Faraone 825f59799a Switch foo_list_subscriptions to the backend pattern.
This slightly reduces code duplication and in the future the {api,json}_ methods
will hopefully go away, leaving only the _backend methods.

(imported from commit 82a6e4a2ff2ba5d272068e9ff043ea47a1a8d278)
2013-03-28 07:53:37 -07:00
Luke Faraone 2be8f80f47 Make request._client a public member, dropping the '_'.
(imported from commit 5fc7ab57157ceb40c8bca9b0c97a47d8fac6745b)
2013-03-28 07:53:36 -07:00
Luke Faraone b6ed350c55 Remove explicit "client" parameter from send_message_backend.
Instead we now rely on the request._client value, which we were previously
passing along to s_m_b in all but one case.

For that one case, we just modify the Request object to include the value
beforehand.

(imported from commit 542f38f94bc447149cd4d2efaa5e8f48f756725b)
2013-03-28 07:53:34 -07:00
Tim Abbott 78f5c2e877 Use the update_fields option to Django ORM .save().
This can result in a significant performance benefit because we only
need to update the columns that changed..

(imported from commit 42bef1fcc58ad79bd864f89263fe82e90743ee5b)
2013-03-28 07:36:11 -04:00
Zev Benjamin 304899cd8a blueslip: Indicate whether users saw an error in the error emails
(imported from commit dd31976a3279df5ea5de2a0433387c82c8f80d41)
2013-03-27 21:53:58 -04:00
Zev Benjamin 2da4c0a4bf Remove extraneous SERVER_GENERATION definition
It looks like this was supposed to be moved in e0d9182c but was
copied, instead.

(imported from commit 094f43e9cfd4dde380a3d1ef79b1c273b54ce1a3)
2013-03-27 14:15:03 -04:00
Tim Abbott fde2243dbc [django 1.5] Update read flags handling to use new Django 1.5 syntax.
(imported from commit af1e2608b6d6d3677bf6266980d8dc77739aa4ba)
2013-03-27 08:19:26 -04:00
Keegan McAllister 7309d57067 Output page_params as a single JSON object
This is a lot cleaner, and also cuts about 50-70 ms off of page load time in
local testing (with lots of users), presumably because there's less work to be
done by the slow Django template engine.

(imported from commit 257b700238ee5d9a4ae00a53011ed5bce018124c)
2013-03-26 13:51:21 -04:00
Keegan McAllister 23b8833ec5 Handle Tornado callback notify in a more generic, less HTTP-centric way
(imported from commit 85a74d1b40461236c4c95ad688e9796ab50f0bbf)
2013-03-22 15:51:23 -04:00
Jessica McKellar 37e58b613d Truncate the tutorial stream name to fit the DB max stream name length.
(imported from commit e267656337f97d3ea14e14e957a405cf4fd2d06c)
2013-03-20 10:15:08 -04:00
Tim Abbott 97d7d31b68 Rewrite internal_send_message to use check_send_message.
This will automatically fix bugs such as one in which
internal_send_message didn't properly strip() the subject argument
before sending a message.

We change the recipient_type argument to internal_send_message to take
the recipient type name (e.g. 'stream') both to better fit the API and
also because the previous code incorrectly handled huddles.

(imported from commit 78c2596d328f6bb1ce2eaa3eed9a9e48146e3b6a)
2013-03-18 16:15:11 -04:00
Tim Abbott bb80d1c58c Move check_send_message and helpers to actions.py.
(imported from commit d74c90e25bd63931955d2ad9b3890be53d674a48)
2013-03-18 16:15:11 -04:00
Tim Abbott ab04d6f403 check_send_message: Don't use json_success/error directly.
This is preparation for using it from internal_send_message as well.

(imported from commit 000784be7b40e0c93b38a5a916a4a915335ea821)
2013-03-18 16:15:11 -04:00
Tim Abbott fb77af8f10 Refactor send_message_backend to do checking in new function.
This is preparatory for using this new arguments checking function in
internal_send_message as well.

(imported from commit 578e09c50b8a700c019c7dd235b2d9527af34e39)
2013-03-18 16:15:11 -04:00
Tim Abbott 14efaea0bb send_message_backend: Reorganize subject argument checking.
(imported from commit 80daa46f47e7e5279f746db89b3632eeadb27325)
2013-03-18 16:15:11 -04:00
Tim Abbott c1d3a5b5e5 Use more caching of UserProfile objects in views.
(imported from commit 3abcceeb4fac1cfa5a9944a6455c60f6512dce6e)
2013-03-18 16:15:10 -04:00
Tim Abbott a23f6be28d Cache the results of Recipient queries in our memcached cache.
(imported from commit a6ba25a9c62d2738e4738b076370e4b2bc0ffaba)
2013-03-18 16:15:10 -04:00
Tim Abbott 9c2a9eb288 send_message: Avoid querying the stream object twice.
(imported from commit c23aab232a40195d92ae4b0e68af390c3b6b20ad)
2013-03-18 16:15:10 -04:00
Keegan McAllister 45eb9bcf47 tests: Disable tutorial through the server side variable needs_tutorial
This fixes a nondeterministic test failure for me.

The first message sent in the test suite appears to get dropped.  I don't know
why this is, and I'm pretty sure it was an existing bug.  This message used to
be the one disabling the tutorial, which might explain why that didn't always
work.

Regardless, this commit at least makes the test suite usable, and we can work
on fixing that bug later.

(imported from commit 063e40871b9883e3a6dab93a4e0a51c5b2dae4b7)
2013-03-18 13:46:46 -04:00
Zev Benjamin b08dbdfe48 blueslip: Send the user agent string back with the error report
(imported from commit ed77877465b1497cd3d78753c3398329302075ff)
2013-03-15 17:30:07 -04:00
Tim Abbott 7e456ddba7 Cache get_status_list output for up to a minute.
This should substantially decrease the amount of server load generated
by the userpresence system.

I tested that this indeed was indeed saving one query on
/json/update_active_status requests on my laptop with 2 users from the
humbughq.com realm logged in.

(imported from commit 03e9d4eb95b9f664d489862684ae162db2076e08)
2013-03-15 16:37:41 -04:00
Leo Franchi 4a23959b11 Remove pointer_updater param as it is no longer used
(imported from commit 80cc4a6d4c24660087981b1132ca2ed44c86a424)
2013-03-14 13:35:28 -04:00
Leo Franchi 7c7822601f Use request._client to detect a mobile pointer update
(imported from commit d06606ded33bc598e1bdb4b33279ce92b098ed02)
2013-03-14 13:35:28 -04:00
Tim Abbott 99d4bc114b Move Zephyr mirroring liveness check to the UserPresence queries.
It's closer to a presence query than an update, and more importantly
this moves this out of Tornado -- previously Tornado was spending at
least 3ms per recipient on messages sent to the MIT realm fetching all
this data to return back to users.  This should save around 100ms per
message sent to a popular stream the MIT realm -- but more
importantly, each such event is 100ms during which Tornado is not
processing other messages.

(imported from commit 134169f0fdcd9f6640fda957edc4a28b07783d8e)
2013-03-13 17:41:29 -04:00
Leo Franchi e82b408be9 Add a shim for mobile clients to update new read flag
(imported from commit e8e269156ea671e590589f48f8494c25380a2dde)
2013-03-13 14:14:45 -04:00
Leo Franchi 93a3f14c43 Add backend support for handling new 'read' message flag
(imported from commit 6194e9332caa2d279cbc304f0d6a69f969aa9a72)
2013-03-13 14:14:45 -04:00
Leo Franchi 6a53d1c35d Add flags to dict in load_old_messages
(imported from commit 7f68ea97a424aa0b01983258dbf6e9a2a07a732a)
2013-03-13 14:14:45 -04:00
Zev Benjamin 1109d20149 Send browser errors back to the server
(imported from commit 8c676017e8b3fc4f17552db15d32266099dba8f2)
2013-03-13 10:55:33 -04:00
Waseem Daher 33dc3a2fb7 Properly start tutorial on first run, even if you have new messages.
We were previously having an issue where the tutorial could
be pre-empted if you got a few messages while you were first
logging in.

I have some reservations about this being slightly fragile, and a
better approach might be to just have a bit that we use to determine
whether or not you've already seen a tutorial. (Or potentially that
checks whether or not you've ever sent a message.)

(imported from commit f8858f64a36bcd25887b76314caff283929f340c)
2013-03-12 09:56:57 -04:00
Jessica McKellar a8d6bd3322 Remove some unused imports.
(imported from commit bb8311848ca24fbb1fb1b3df8f8b4403eb38ce1c)
2013-03-11 16:47:03 -04:00
Jessica McKellar 2314809d73 Auto-color streams.
(imported from commit b669f864b0574e9e9af282ccb8783ccfaa12adfd)
2013-03-11 16:47:03 -04:00
Leo Franchi 9466addbe2 Allow negative anchor param to get_old_message
When narrowing, we use the selected id in the home view as the anchor,
and if the user is new and hasn't selected any messages yet (or moved
the pointer since first using humbug), their home view selected message
will be -1. Rather than failing to get_old_messages for any narrows starting
from that point, return all matching messages.

(imported from commit 72cfe392d9ac01ed41abc8eadf0f47240e374665)
2013-03-11 15:11:24 -04:00
Tim Abbott 254bc9f361 Attempt to render messages before accepting them from the user.
This fixes trac #407.

(imported from commit e33647eec32266790f864d14ad377d51956d2a6f)
2013-03-08 17:24:33 -05:00
Waseem Daher 68fc8e161f github: Suppress pull request notifications for CUSTOMER18.
(imported from commit adacd7ef23b1762276888c9bda5c69fd6c89ede4)
2013-03-07 22:15:54 -05:00
Waseem Daher 68e7a052cb Remove the link to 'activity' from the gear menu.
I find that I never use it, and I don't totally like our
experience in the app to be different from our users'.
Admittedly, this is a small way in which that's the case :)

Finally, since we do usability studies in @humbughq.com,
the link appears there too, and I'd like it not to.

(imported from commit 1225c4ae79de52fa98b21ce00a6542df76b667ea)
2013-03-07 13:12:45 -05:00
Waseem Daher 4ea7ac102f Allow internal_send_message to send cross-realm stream messages.
Prior to this change, any stream message sent by internal_send_message
could only be in the realm of the sender.

This was a problem most notably for... the tutorial bot, with the
hilarious consequence that the tutorial worked fine in humbughq.com,
but failed to start anywhere else.

(imported from commit 33a904a28e3a57e1a2cf9172c2e2a75b50967a50)
2013-03-06 23:04:57 -05:00
Reid Barton 6bb9ad4e3c Avoid cross-site logout attacks
Require POST method for /accounts/logout. This has the side effect of
automatically enabling Django's CSRF protection.

(imported from commit 44b1b6ebaadc1c03006e21ae54ac768e31234801)
2013-03-06 19:10:04 -05:00
Waseem Daher f7d189feb8 Don't send GitHub notifications (for CUSTOMER18) if not to master.
People make throwaway branches all the time, and we don't
want to spam them.

(imported from commit 0e7b628573ad1a6a7f49d3c4b4135c7d3a911834)
2013-03-06 17:30:52 -05:00
Tim Abbott 27d91eb9ea Fix including debug.js when DEBUG=True.
Previously, it wasn't actually included in the index.html templates.

(imported from commit b9f9903e0daa808ec1f6ff966309cbc4eef9b9fd)
2013-03-06 11:36:15 -05:00
Waseem Daher ca127f8228 Allow tutorial bot to send messages to a stream.
But only allow them to send to tutorial-<<your username>>.

The idea being that this helps reduce potential abuse from this JSON
call. (Because otherwise, anyone could call into this endpoint and
have the tutorial bot send random messages to random peoples's
streams.)

(imported from commit 471d4348d7ad43858b5df240e4f1dceba006aab6)
2013-03-05 23:46:10 -05:00
Tim Abbott 36bb39ede9 Fix improperly case-sensitive narrowing by subject.
(imported from commit 24403f0815e46f21000f7d5a5b59bfdfe3448ddf)
2013-02-28 17:49:57 -05:00
Tim Abbott 1e9a85ff05 Fix use of case-sensitive comparisons on email addresses.
(imported from commit d420169640a9f9c034b3d9ded207e583691f6652)
2013-02-28 17:49:57 -05:00
Tim Abbott 49af19aa71 Add support for narrowing by a message's sender.
Fixes #972.

(imported from commit 2514d14c94a071f2b3e6149a2bdaeaa00e0c847f)
2013-02-28 17:49:57 -05:00
Jessica McKellar 6a56ed0c94 Add a button on the Settings page to declare Humbug bankruptcy.
(imported from commit 6ca635e997ada54b816abe3425980102ad8f5d2c)
2013-02-27 18:16:51 -05:00
Jessica McKellar ff62ac96e6 Extend get_profile to also be a JSON request.
(imported from commit 38e0d5a9aa2498ffcdfa65b07283a456257feafd)
2013-02-27 18:16:50 -05:00
Jeff Arnold fcd033e33e [schema] Save enter_sends on the server in the database.
(imported from commit 4d82f6aaf5918f155a930253c9cc334dbcc0d97a)
2013-02-27 17:25:29 -05:00
Keegan McAllister cc19afd0fe Re-enable desktop notifications in automated testing
After c1d98239 the function works in CasperJS as well.

Reverts some of 90f4d6ac3ddb387e74051b9af2c230698fa94479.

(imported from commit 3579df33930bb34dc081908b84900905eee6d270)
2013-02-26 18:02:20 -05:00
Keegan McAllister 56d183ea06 Remove lurk mode from web client and API examples
See #796.

(imported from commit e238ce571c3f30d8312b630df7048ad1d9cad6d2)
2013-02-21 15:11:10 -05:00
Waseem Daher 163c9c8d75 Add a JSON call that causes the tutorial bot to send you a message.
The idea here is: part of the onboarding tutorial is going to
be you talking to the tutorial bot and it talking to you, from
our Javascript.

The reason it's driven by Javascript is that then in principle we can
do nice stuff like making popovers appear in places to point things
out to you, whereas if we were to do it strictly server-side, doing so
would be a lot harder.

The downside to doing it in Javascript is that you don't get any of
the Markdown rendering, since that happens on the server. So instead
we add this call where you give it a message, and it responds by
having the tutorial bot send you that message.

I don't think there are any security concerns here because
(1) The bot only messages you -- so you can't use it to make someone
    else think that the system is telling them to do something
(2) If there were an issue associated with having the server parse
    arbitrary Markdown, you could just trigger the issue by sending
    a message yourself.

(imported from commit b34f594dab6be6bcb81899278ae1cbe447404468)
2013-02-20 23:04:49 +00:00
Zev Benjamin 061aaea601 Use plainto_tsquery instead of to_tsquery
This will discard punctuation symbols in the Postgres search and also prevent
syntax errors when users try to submit queries with symbols that to_tsquery
interprets as special syntax (such as '|' and '&').

Fixes #906

(imported from commit 3e3a0d6ae3d4a516beb8a5846f06065294ca9457)
2013-02-15 16:18:02 -05:00
Tim Abbott 1612b5c045 Fix sending messages to numeric stream names.
json_to_foo will raise a ValueError if the JSON passed to it is just a
string containing a number, e.g. "1".

Traceback (most recent call last):
  File "/home/tabbott/humbug/zephyr/views.py", line 711, in extract_recipients
    recipients = json_to_list(raw_recipients)
  File "/home/tabbott/humbug/zephyr/decorator.py", line 289, in json_to_list
    return json_to_foo(json, list)
  File "/home/tabbott/humbug/zephyr/decorator.py", line 282, in json_to_foo
    raise ValueError("argument is not a %s" % (type().__class__.__name__))
ValueError: argument is not a list

Fixes #776.

(imported from commit 0c123a610c009eda9004cf0b0b53d60695c4e8d5)
2013-02-13 13:08:40 -05:00
Luke Faraone ea7005e8e3 Rename is_active to is_inactive.
The purpose of the validator is to ensure the user isn't active, so
let's correctly test for that here.

(imported from commit 772ddb901098f78750efab274405a10f36c49232)
2013-02-12 16:15:29 -05:00
Luke Faraone 54a19e9091 Check whether users are active, not whether they are nonunique.
Previously we checked and bailed when there was a user registered with
an email address, regardless of active status.

This meant that MIT users who had inactive accounts autocreated had
issues where they would be confusingly told they were signed up even
though they had never taken any action on our site directly.

Now we instead check whether there are any current *active* user
accounts with that email address, and proceed with generating an
activation link if the user lacks a corresponding active account.

Security implications of this commit come into play if we start
implementing removing users ability to sign in as deactivation. Since we
lack a user removal story here, this isn't terribly concerning yet and
we'll revist this code when we decide to add such functionality in the
future.

This resolves trac #581 and #631.

(imported from commit c3fb93ce065e63e19b41f63c1f27891b93b75f86)
2013-02-12 15:31:06 -05:00
Tim Abbott 62c632ceef presence: Fix loop making database queries.
The previous select_related didn't properly get the User object,
containing the email address, and thus would make one query per user
with presernce information.

(imported from commit 3341bc5a65387030fa8737b03ca43f79089ef56b)
2013-02-12 14:52:59 -05:00
Keegan McAllister 6fba03a0a4 activity: Use select_related when querying UserActivity records
On my dev machine this cuts /activity load time with lots of users by more than
2/3.  I expect the gains will be even greater in production due to the greater
relative cost of database queries.

(imported from commit 0391cb29f66b618b4b99902d9fb9ab0a6cff0cb3)
2013-02-12 13:46:16 -05:00
Leo Franchi 78ffe36c2d Hide users list for MIT
(imported from commit 4e9dcef483e0c0d85ba2e7511f1abfa4da06be9e)
2013-02-12 12:30:52 -05:00
Leo Franchi 0a0c4bb9a0 [manual] Use rabbitmq for asynchronous presence updating
Note: When deploying, restarting the process-user-activity-commandline script is needed

(imported from commit 63ee795c9c7a7db4a40170cff5636dc1dd0b46a8)
2013-02-11 18:05:57 -05:00
Leo Franchi 31f87481d0 [manual][schema] Add an API for user presence (idle) information
Adds a new db table for storing presences, and an API for setting
an individual user's idleness as well as fetching all idle status
for all users in a realm

(imported from commit 5aad3510d4c90c49470c130d6dfa80f0d36b0057)
2013-02-11 18:05:57 -05:00
Jessica McKellar 3a39ac76c4 Add a new /get_members API query.
(imported from commit ced7c74212210a1fcee03c1c402dca9b42483d11)
2013-02-11 13:45:46 -05:00
Luke Faraone 8dbda2cd64 Use full emails rather than just usernames in /activity.
(imported from commit c0397d6429fe85f0bd6e57731dd2132ed1e11b85)
2013-02-11 10:33:16 -05:00
Keegan McAllister c5644cff12 notify_new_user: Remove code specific to customer29.invalid
(imported from commit 4ac29251ccbfafb4a7c2dd9d7b200474d68505d9)
2013-02-08 13:33:28 -05:00
Keegan McAllister d68674be83 Remove CUSTOMER30-specific account views
Reverts c4b6f744 (inexactly, since there are some other changes along the way).

(imported from commit 5c7294fb13cd0bc523ae55c137dc5254b7cb0121)
2013-02-08 13:33:28 -05:00
Jessica McKellar ad8e9598f6 Log domain in do_activate_user.
(imported from commit 0e39b5ddc395ff245f8e3b0252ea3b33a90860f1)
2013-02-08 13:20:19 -05:00
Jessica McKellar 18db4bc823 views: remove unused imports.
(imported from commit 38a4981637f1b3bfd9135d459a17a3ba142c86a7)
2013-02-08 13:20:19 -05:00
Jessica McKellar 1fcf43c289 When someone invites you to Humbug, infer your domain from their referral.
Regardless of your e-mail address, as the realm might be open.

(imported from commit 5f9cdbdef52f8c8ae61035e71f12a9b7e4ed4a5e)
2013-02-08 13:20:18 -05:00
Jessica McKellar 256fa0e485 Fix invite bug in which we'd falsely say you'd invited folks with existing accounts.
(imported from commit 9114836d084937dcc1a707338dd916e28f97a87d)
2013-02-08 13:20:18 -05:00
Jessica McKellar a332bee2b7 When inviting users, check if the invitee is in-domain or the realm is open.
(imported from commit 42e072d9717f38cc6d0c7010d37bbabd81aa3ae7)
2013-02-08 13:20:18 -05:00
Jessica McKellar aeba3beb55 Validate and document checking the domain of the recipient of an MIT Zephyr Humbug.
(imported from commit 35b8675171bcdf0c27655723bc76bced8b53a431)
2013-02-08 13:20:18 -05:00
Zev Benjamin 526995316f Use the new tsvector cache column for full text search
Note that the tsvector cache column should be fully populated before
commit is deployed.  Otherwise, full text search will be broken until
it's populated.

(imported from commit 23c36fb7d146c289148e8243c3d6a9a6494cfc62)
2013-02-06 12:09:49 -05:00
Luke Faraone 3de93f2b2b Pass stream information in initial template.
This allows us to remove fetch_colors() entirely, and should speed up page
load a bit.

We also JSONEncoderForHTML instead of dumps so that the result is safe
to embed.

(imported from commit 013630911960e2ac1d0bae6f5df31ad342750594)
2013-02-05 15:34:37 -05:00
Luke Faraone e8afaa8b8e Return a dictionary in subscriptions/list instead of a tuple.
This will give us flexibility in the future to add new properties to the
list.

In order to support that, we now do a list comprehension rather than just
returning the gather_subscriptions list in get_stream_colors.

(imported from commit a3c0f749a3320f647440f800105942434da08111)
2013-02-05 15:34:37 -05:00
Luke Faraone 1c3c3cc33f Add call to toggle whether a view is in the home view.
(imported from commit 5ece7b74a5ac4929a46d3d66ae5d838e1f418b44)
2013-02-05 15:34:37 -05:00
Luke Faraone 2a01b355a4 Correctly return a JSON error if property value is not passed.
Previously we checked if property was false after doing .strip(). Since
you can't call string methods on a NoneType, we were 500ing.

The code now does a normal dictionary get via [] and catches the
KeyError.

(imported from commit da7f28febf0865f44e92bcac1791f817c3d370f3)
2013-02-05 15:34:37 -05:00
Luke Faraone b78d154370 Factor out subscription retrieval code into another function.
(imported from commit 6a66a4feb03990e11c98cd8666d1a7bb97299987)
2013-02-05 15:34:36 -05:00
Luke Faraone 3d25fbce49 Replace calls to json_error to raise JsonableError.
Returning json_error inside an inner function call will result in the error
getting lost.

(imported from commit fd7754b15f7b62fd6e4197fd72ae03d6996a93da)
2013-02-05 15:34:36 -05:00
Luke Faraone 2d4ef59f68 Fix InviteOnlyStreamTest to call public API
Previously we made calls to the JSON api, which means that the API key
was being ignored.

(imported from commit 46d8d0e5ac7926e824f300fd846ec42bc939e2c0)
2013-02-05 15:34:36 -05:00