Commit Graph

307 Commits

Author SHA1 Message Date
Tim Abbott e7abe13cd6 The empty string shouldn't be a valid stream name.
(imported from commit 1fa878d7d51d3c3444ac75edf08b32f886683964)
2012-11-07 15:42:32 -05:00
Keegan McAllister a815a253f7 get_profile: Return max_message_id
(imported from commit 5b5c853e667e47ff46ff14558f1e27f619f77cd7)
2012-11-07 15:34:44 -05:00
Keegan McAllister d461453250 Remove max_message_id from updates response
(imported from commit 1d8ce12a4d32dfb761617b4c2aa8e9fbe3ad2994)
2012-11-07 15:34:44 -05:00
Jessica McKellar 9077d51d54 For now, allow all characters in stream names.
We've had multiple requests from MIT zephyr users to allow
non-alphanumeric stream names, and we haven't decided what we want to
allow, so for now allow everything.

Note that the web client and mirror script limit stream names to 30
characters, which is our database limit.

(imported from commit 2acb5ee04e5ee7c40031ac831e12d09d04bbb2e6)
2012-11-07 15:12:03 -05:00
Zev Benjamin b5cd40723f Start long-polling immediately in get_updates if the user has no messages
(imported from commit 02f883c58513f3bb705b248320cd9cfb7abd6417)
2012-11-06 16:40:52 -05:00
Zev Benjamin 8464e45507 Set the response status to 400 in send_with_safety_check if there was an error
(imported from commit 11fd082bb88be271b268d60cc797318386c9d778)
2012-11-06 16:40:52 -05:00
Jessica McKellar 15ca35e961 views: remove unused imports.
(imported from commit 1c44a1b23bb020b82bae99a75a12218c3e708e26)
2012-11-05 10:32:42 -05:00
Tim Abbott 1993ee403d Remove @asynchronous on notify_foo views.
(imported from commit 79e3f99450deb3efa0c4154465a692ef01306ce4)
2012-11-02 20:55:31 -04:00
Tim Abbott 517c8e298a Remove now-unnecessary check for 'time' in json_send_message.
(imported from commit aa177e13c16a43a5914227142a4e2589e2bd92bb)
2012-11-02 20:55:31 -04:00
Keegan McAllister 2b1ecd1ad8 Fix name of login_required_api_view in comment
(imported from commit e278256da19c3abd4ee05bd6c4318a482a25cee0)
2012-11-02 14:57:38 -04:00
Zev Benjamin 6178cd830a Return the error if return_messages_immediately returns an error response
We previously started long-polling.

(imported from commit 5860e484c63088ed34226f39f5aeb74e3ed43f91)
2012-11-01 16:02:28 -04:00
Tim Abbott 7c3a189c03 Combine api_subscribe and json_add_subscriptions.
(imported from commit 1a5df7c88beb2c27a048b1880136b9c7cb4451b2)
2012-11-01 13:05:52 -04:00
Tim Abbott 7e0cbd1c8b Change json_add_subscription to use the same interface as api_subscribe.
(imported from commit 9b9eb0284ad262ce9701ef81162d954544435d52)
2012-11-01 13:05:52 -04:00
Tim Abbott 01bf0868a9 Rename new_subscription argument to streams.
(imported from commit 8024f47564fe580734d5e452f5092520870003a7)
2012-11-01 13:05:52 -04:00
Tim Abbott 22bb5a5830 Fix longpolling on messages to nobody.
This is what caused our server to hang when receiving certain messages
over the last couple days.  It was introduced by me making in the
assumption that doing the same thing we did after validate_notify
failed was a correct way to immediately return from
notify_new_message, which it was not.  The code of validate_notify
actually finished the handler in the event that validation failed,
which isn't "correct", but did not manifest in a visible problem.

The correct way to trigger an immediate response from a tornado view
is to just return the value, not call handler.finish() and then return
None.

Similarly, the correct way to trigger longpolling from a tornado view
is to either return None (or equivalently, / drop off the end of the
function) or return a generator.

(imported from commit 5b931248b4650fc88d5d68f5936a95f19e097af9)
2012-10-31 16:35:30 -04:00
Tim Abbott b33c0c4eee Send the stripped stream name to add_subscriptions_backend.
(imported from commit c3bbb9bd200629020fe7e60d42644beaab30bff5)
2012-10-31 14:06:35 -04:00
Tim Abbott e48bdfe847 Use json_success for api_fetch_api_key.
(imported from commit 395d992fa634f5304f8a44f38f0251109c1a0810)
2012-10-30 16:59:18 -04:00
Tim Abbott c00e37c106 Use json_error rather than HttpResponseBadRequest and friends.
(imported from commit a9f6df2e561218db46f4ade86bac1ecd87b6ca78)
2012-10-30 16:59:18 -04:00
Tim Abbott 9fa2f0d4f8 Use @require_post for login_required_json_view.
(imported from commit e7efea5f016b1b44a0a3deba024e3df828006cfa)
2012-10-30 16:59:18 -04:00
Tim Abbott 4e9df28c12 send_message: Don't create streams automatically on send.
(imported from commit 7be1b72c5fdf9a21167d2be3948cf1febf8da8ed)
2012-10-30 15:02:45 -04:00
Luke Faraone 1d6a5741e0 Previously conditionals used the wrong case to reference request.POST.
(imported from commit 2624def3745c3b26114ee1a1a9a20288e078b243)
2012-10-30 13:29:40 -04:00
Luke Faraone 9f61e27218 Fix broken conditionals in get_old_messages_backend.
(imported from commit 13b934cdd2805d45efff18f7ce485b3e17e11c1a)
2012-10-30 13:24:02 -04:00
Tim Abbott 0fcf1db00a Fix tracebacks sending messages nobody will receive.
(imported from commit afe3d7465f105015f7fa8247ab3cba7476b89fc2)
2012-10-29 19:17:26 -04:00
Tim Abbott af09279483 Check for empty stream/subject names.
(imported from commit 208be288f903e8a040ed9e1de243315df0d9adae)
2012-10-29 17:36:01 -04:00
Tim Abbott 44b332693e Fix the fact that new auto-created MIT users are active.
(imported from commit 577f1a0165a56fc3cc1ed6f0a54f6c5f31345cc7)
2012-10-29 17:30:06 -04:00
Luke Faraone 5dad59e864 Implement MIT signups.
Here we introduce a new manage.py command, activate_mit, which takes a
number of usernames and sends out emails to the users with instructions on
how to activate their accounts.

(imported from commit f14401b55f915698e83ff27b86434f53e64685f3)
2012-10-29 16:59:37 -04:00
Keegan McAllister 0e03a7acc8 views.home: Use @login_required
We can't use reverse() due to what amounts to a module import cycle.

(imported from commit 8a2904648173bc3e4ff2079d33320417b28518d3)
2012-10-29 15:41:28 -04:00
Keegan McAllister 5353f5b3b0 Rename NOT_LOGGED_IN_REDIRECT -> HOME_NOT_LOGGED_IN
If we have other pages that require login, we might want them to redirect to
the login form.  But the root of the site should take you to /accounts/home --
but only after we launch the product.

(imported from commit b5d10e1c908f1ffe1ee68c2689691ca66c896786)
2012-10-29 15:41:28 -04:00
Zev Benjamin 2723a54088 Disable pointer sync for alpha rollout
(imported from commit 50a41e49e9b4a7db0b07ee7705d51c3a2abdff35)
2012-10-29 14:18:08 -04:00
Zev Benjamin 5413f74a7e Allow API users to update the pointer and receive pointer updates
The get_profile API call now returns a client_id, which an API user
can pass to update_pointer and get_messages (note that clients still
need to pass a pointer argument to get pointer updates).  This
client_id is currently the equivalent of the website's session key,
but the website might get client_ids in the future to distinguish
browser windows.

This commit differs from 88f6cf0033c849af88d1b99da3bdc2148dfbb6fe in
that it uses request.POST.get("foo") instead of request.POST["foo"].
For some reason the latter triggers CSRF errors.

(imported from commit b2a4a7322d16dbf241cd6eef146621c79d84cafc)
2012-10-26 17:17:09 -04:00
Zev Benjamin b36f1702fc Revert "Allow API users to update the pointer and receive pointer updates"
This reverts commit 88f6cf0033c849af88d1b99da3bdc2148dfbb6fe.
It seems to have broken API users.

(imported from commit 2f861ebc016076547092421f87dbcac00a65e2f6)
2012-10-26 16:19:57 -04:00
Zev Benjamin a4fd478e3d Allow API users to update the pointer and receive pointer updates
The get_profile API call now returns a client_id, which an API user
can pass to update_pointer and get_messages (note that clients still
need to pass a pointer argument to get pointer updates).  This
client_id is currently the equivalent of the website's session key,
but the website might get client_ids in the future to distinguish
browser windows.

(imported from commit 88f6cf0033c849af88d1b99da3bdc2148dfbb6fe)
2012-10-26 16:06:41 -04:00
Zev Benjamin ec389c5c83 Non-asynchronous API calls only take two arguments
(imported from commit 39f21892e38b0f8c2369d77ffcfb077f1006863e)
2012-10-26 11:53:01 -04:00
Zev Benjamin 8a66d52228 Expose get_old_messages to API
(imported from commit d3b86a049440c54b52d96c27f8925a73496eaffe)
2012-10-26 10:42:11 -04:00
Zev Benjamin ec9e0a4b9f Have get_updates include an "update_types" array in its response
This is similar to the previous "reason_empty" variable, but captures
why we've returned from the call even when there are updates and all
the reasons if there are multiple.  For now, it's useful for debugging.

(imported from commit fd8d9e859660e51b57178d066b184f831b71a0b6)
2012-10-25 18:12:11 -04:00
Zev Benjamin a9583f6889 Fix get_updates missing messages between calls
(imported from commit 2b84df2a35a9a006b8548904ebf145a351a2e92b)
2012-10-25 18:11:23 -04:00
Tim Abbott f2c6347471 Return to failing clients immediately the first time.
(imported from commit b29df3165030ffd95dfe89b6471aeb74c06b6126)
2012-10-25 17:53:30 -04:00
Waseem Daher 44547e4e36 Properly check stream/subject lengths.
(imported from commit 1432266d8db1122f561e9e2f997071a19fb0f190)
2012-10-25 17:07:32 -04:00
Waseem Daher c894bab738 Compute a user's realm from the verified email address, not a user-passed field.
(imported from commit 5c220a7b9e4b137b5c98b286e409004318565137)
2012-10-25 16:50:00 -04:00
Tim Abbott 0c54fab1e2 Check for too-long stream/subject names.
(imported from commit 6d37dff9af7e471e1e6a1ba77a9500bf5bb4ba7d)
2012-10-25 16:04:47 -04:00
Tim Abbott 7c8bde5d90 Add log/restore for fullnames and passwords.
(imported from commit 048ca3c86b9f077fcbccd5df4a509191a545da4c)
2012-10-25 15:52:26 -04:00
Zev Benjamin cf1d35fd62 Remove unused variable
(imported from commit 0636d51527ea9cac8b1ba5490bf5836cd4e79269)
2012-10-25 15:45:14 -04:00
Zev Benjamin 451a041919 Remove the ability to fetch old messages via get_updates
Clients should use get_old_messages, instead.

(imported from commit 67847ef67d8ad4bf4af3f6082f85f0c76a41944c)
2012-10-25 15:31:27 -04:00
Keegan McAllister eef027560a Remove unused imports
(imported from commit eb576627ff72e57fee0e3a4c357f51ad74cd6c86)
2012-10-25 15:22:18 -04:00
Keegan McAllister 9629e7111b already_sent_mirrored_message: Reduce code duplication
and eliminate extremely long lines.

(imported from commit 29a08b1757c1bb3af1f82222fd7150db05f86034)
2012-10-25 15:22:18 -04:00
Zev Benjamin c4189d1029 Add get_old_messages json call
This new call only allows fetching of existing messages.  The idea is
to remove this functionality from get_updates to simplify the backend
code.

(imported from commit 1345db2f1707e208e7c0bd08b7d444932c68b6a2)
2012-10-25 12:10:44 -04:00
Zev Benjamin 07263f3a0e Rearrange functions
(imported from commit 814f2acbf574bf1eeb32e23ab28e76fc94f877ce)
2012-10-25 11:26:53 -04:00
Keegan McAllister ab34200648 Make sure that Markdown rendering really happened, if requested.
This is a security issue because it's where we escape HTML.

(imported from commit 10dea1899eb6d7e0e40128ae1a4787abad38fa73)
2012-10-24 15:43:46 -04:00
Keegan McAllister 734411369b format_updates_response: Default to apply_markdown=True
It's the safer default to prevent introducing XSS holes.  And in our current
code, we always provide this parameter.

(imported from commit 73897f5315ba54a5d3fa95dd19efb9d20c081a8a)
2012-10-24 15:32:12 -04:00
Keegan McAllister e8dfb41f70 Return messages from return_messages_immediately, rather than calling handler.finish
(imported from commit 0da3356c6712614cf1816d330b891e8f6d13bac7)
2012-10-24 15:32:10 -04:00