Commit Graph

184 Commits

Author SHA1 Message Date
Keegan McAllister c06aa1a3da Don't escape user metadata as it enters the system
We believe that our output escaping is sufficient.

(imported from commit 4c9d4d79682ef5689bc1eec12a3bbcc34de013a4)
2012-10-11 15:01:54 -04:00
Keegan McAllister 7137787984 Escape variables interpolated into <script> within index.html
Django's escapejs prevents breaking out with an embedded </script> tag.

It only works on bare string contents, not JSON-ish lists and such.  So we
generate stream_list and people_list with template loops now.

(imported from commit 07fe4bebaa3fa11bc479b4378b8989560ce77f6f)
2012-10-11 15:01:54 -04:00
Tim Abbott 83f494b1a4 Add API queries to show public streams and the user's subscriptions.
(imported from commit 5f24e35a9bdd1e40406e2acb0c3713a6517d139b)
2012-10-11 14:43:23 -04:00
Keegan McAllister 9811bd5f8a Get UserProfile by email with a join, not two queries
(imported from commit 0698ebb88615cea54196181aeabe869ec466dbc1)
2012-10-11 14:05:53 -04:00
Tim Abbott 676e650a08 Fix mit_sync_bot bug causing constant API requests.
(imported from commit dfa845b98a7e22ee69a9589b8b98ac5a49077793)
2012-10-11 13:00:50 -04:00
Keegan McAllister 5a7ff70c11 Remove obsolete views
This functionality is part of the home view now.

(imported from commit 5f0327eb62840bf98af49566e6f3c0b86ca43b8d)
2012-10-11 11:23:22 -04:00
Keegan McAllister 48ec15c46d Don't duplicate realm query when registering
(imported from commit b1e3b7144f564c5b2fc23fbf548bf0672deb2932)
2012-10-11 11:08:52 -04:00
Tim Abbott ac3f4393ff Rename instance to subject.
(imported from commit 6b4693da03f106448c137cf81cf9801cac44f2b8)
2012-10-10 18:01:39 -04:00
Tim Abbott 08e832e093 Change send_message to accept a stream, not a class.
(imported from commit 0f58de2502bec227f5f33e44692d03f2f28d6f63)
2012-10-10 17:48:17 -04:00
Tim Abbott 6dc913766d Rename 'classes' to 'streams'.
(imported from commit 8ad6791f39d49e90a2828b6af86d039ba5ca5abc)
2012-10-10 17:47:13 -04:00
Tim Abbott 493a428cb2 Rename zephyr_class=>stream for local variables in views.py.
(imported from commit 9ea782e0c132f4ab3ca86cd37ff584d0a2308dea)
2012-10-10 17:47:13 -04:00
Tim Abbott 003efb84b4 Rename get_class to get_stream.
(imported from commit 4d393f9fcd46847c54c7e0b6b7add219e8e07fe6)
2012-10-10 17:47:13 -04:00
Tim Abbott 4006e4b1ea Rename class_exists to stream_exists.
(imported from commit 416bd1f4c513216d45913e306f6c8eaa542f3539)
2012-10-10 17:47:13 -04:00
Tim Abbott 39cde772eb Rename valid_class_name to valid_stream_name.
(imported from commit 980135772f5050514b41130b0f1948aee3a3a4e5)
2012-10-10 17:47:13 -04:00
Tim Abbott 44e9e4cebf Rename Recipient.CLASS to Recipient.STREAM.
(imported from commit a530194163f7260c73921137fa1ff671f14516f6)
2012-10-10 17:47:13 -04:00
Tim Abbott 1fc4780a81 Rename create_class_if_needed to create_stream_if_needed.
(imported from commit 1bbc792332981723d3d29b24ad03811d62ced5f1)
2012-10-10 17:47:13 -04:00
Tim Abbott 8daff2e05e Rename ZephyrClass to Stream.
(imported from commit ae51b7a9e03f322dfe2dfccd250cbfc23adfe32e)
2012-10-10 17:47:12 -04:00
Keegan McAllister 8aa4e8c5f1 URLencode email in URL instead of HTML escaping it
HTML escaping makes absolutely no sense here.  The other occurrence was already
removed in 55fff703924ef28060f0b91af3a6f06a1a636197 .

(imported from commit 3b7569dee381f6db290fc1527553802883e89ed7)
2012-10-10 17:24:49 -04:00
Luke Faraone c2117a58e1 Don't use strip_html on passwords.
(imported from commit 2ecea072f545b5902b33bdc8e621871919cbbed6)
2012-10-10 15:16:23 -04:00
Keegan McAllister 26906777c1 Use 'reverse' when redirecting from home, for consistency
(imported from commit badd2a78cbe9d0007c7c8f515613761e68f01096)
2012-10-09 17:15:35 -04:00
Tim Abbott 6a7ce4cfe8 Comment out instance validation until we figure out what we want.
(imported from commit a1c22f9744f28635c67602a682bdb00cba0037ae)
2012-10-04 18:11:12 -04:00
Tim Abbott 12ea2895ea Add a json_success style result to updates responses.
(imported from commit 6492f98f1e1f5b7622caa2f3427ae60bdfd3df0e)
2012-10-04 16:38:44 -04:00
Tim Abbott 27fdb10cbd Return clean invalid user errors using the API.
(imported from commit 2f1687cbe8797ce42e66b340e87400720acd4054)
2012-10-04 16:38:44 -04:00
Tim Abbott 615e520c00 Add '.' to the list of valid class name characters.
(imported from commit 1d6c000434776b0b63f47bb514345746ed18bab9)
2012-10-04 15:17:12 -04:00
Tim Abbott 251177e8cf Add a server-side check that class/instance names are valid.
(imported from commit 4534239e57b08b4d01d2caa68134e205ce6c225a)
2012-10-04 14:48:01 -04:00
Tim Abbott 2a79ff0cc8 Rename 'zephyrs' => 'messages' when formatting a message list to send to clients.
(imported from commit bfbb556f2444aca8277f54c363eccb678b6bf2dc)
2012-10-04 14:42:38 -04:00
Tim Abbott 8c11aeb7ee Rename zephyr_backend => send_message_backend.
(imported from commit 78eb5884777a6631dd6a6a82c21295ee8ee49c11)
2012-10-04 14:38:07 -04:00
Tim Abbott 7991e6e281 Replace 'zephyr' => 'message' in code internal to views.py.
(imported from commit 92d7bc82bd8f6edae1e59cab3e0bd8b7d035775e)
2012-10-04 14:38:07 -04:00
Luke Faraone d8b678c75d Emails with plus signs no longer are rendered with spaces in /accounts/login
(imported from commit 55fff703924ef28060f0b91af3a6f06a1a636197)
2012-10-04 14:27:49 -04:00
Tim Abbott 1ab81cff92 [schema] Rename Zephyr => Message in the schema.
(imported from commit 4f402f150c45d2097d6b16943935e6e370b4f8d8)
2012-10-03 18:14:15 -04:00
Tim Abbott ed8042da73 Fix bug where starnine@mit.edu always gets added to zephyr-forwarded huddles.
(imported from commit 3ab930ed8ad6ce917b33483bd5af3cf27452f6da)
2012-10-03 17:55:14 -04:00
Tim Abbott 83ceba0a2d Remove old /api/get_updates view.
(imported from commit 5a33a61bfb4b3aa40e28c356f5b4048db775b901)
2012-10-03 16:58:31 -04:00
Tim Abbott 9223f7932c Convert zephyr_mirror humbug sending to use the API.
(imported from commit 948a12a1dca903c47b7427248688f2079c7eecdb)
2012-10-03 16:50:29 -04:00
Tim Abbott 40ae6080ee Wide the deduplication windows for catching huddles to 10 seconds.
(imported from commit 0d05ef03a08d285bc4d9967553c25448104586a7)
2012-10-03 13:51:38 -04:00
Tim Abbott 01bc4aaf28 Remove 'zephyr' from invalid message type error.
(imported from commit 360ffc5bfbb12f65af83093ee5a83ac7caa5c464)
2012-10-03 12:30:39 -04:00
Tim Abbott 7acfb5c71c Rename /zephyr/ to /send_message/.
(imported from commit 41c2ff67cfc514e53aff8648c36f545526e324ed)
2012-10-03 12:30:37 -04:00
Tim Abbott 828e0d4afb Rename forge_zephyr to forge_message.
(imported from commit aa2dc6e24a9c1bd6be09bfa26241663ae143cef9)
2012-10-03 12:27:34 -04:00
Tim Abbott cca5f7b76a Rename do_send_zephyr to do_send_message.
(imported from commit df4dc741bf00a197ca5ab39373bc9a3eda379684)
2012-10-03 12:27:34 -04:00
Tim Abbott d2884ba456 Make connection errors disappear more efficiently.
Previously, connection errors would stick around after a problem with
the server until (1) the server was fixed and (2) we later received a
message.  This code change eliminates condition (2) by having the
server return immediately with no messages in the event that the
client has accumulated a large number of errors.

(imported from commit 6a9b08e534db6daea0041a71556ef5b708e935ed)
2012-10-02 17:46:06 -04:00
Tim Abbott e79805847b Rename the 'new_zephyr' argument to the more descriptive 'content'.
(imported from commit b47e2c4823bbfbf2f94cbafb24ed5d78dfbe841b)
2012-10-02 17:29:55 -04:00
Jessica McKellar f54d1d16cc views: remove unused variables and imports.
(imported from commit 9f421867caac561556e47ce79528432fe1b3b2dc)
2012-10-02 17:17:27 -04:00
Tim Abbott 5a5b5de650 Rename /api/v1/get_updates to /api/v1/get_messages.
(imported from commit f856637158cf9fda64ba333b532a5941de8fcbab)
2012-10-02 16:29:34 -04:00
Tim Abbott 18a3888373 [schema] Add an API for sending/receiving messages.
(imported from commit 209d525dc5892fc4c392a8ced1588c838cbb17c4)
2012-10-02 15:49:25 -04:00
Jessica McKellar 33ad7817a4 Require that the first character of a class be a number or letter.
(imported from commit a4d1c23f784107198045aee7cec1f53ab5114762)
2012-10-02 15:16:26 -04:00
Jessica McKellar ec36170511 Fix buggy class name validation regex.
A-z != A-Z. The former permits problematic characters like "\".

(imported from commit 2bcda8683e630eaa6cbc3a2b9d0bda7a8448a8fa)
2012-10-02 15:16:26 -04:00
Jessica McKellar 588db5b4c5 Make class names case-insensitive.
(imported from commit e76e50156ca8dab1f7b3124351997e75ef08e521)
2012-10-02 15:16:26 -04:00
Luke Faraone 0c47459733 Also escape &s.
(imported from commit 8a76089492b0e7f7ff2635e7091485db2d7292c4)
2012-10-02 15:11:55 -04:00
Jessica McKellar 8727b1667c Check if a class name is valid when checking for existence.
(imported from commit f4de50b52c851058b736033d447ea7fa6777a3d4)
2012-10-01 15:36:10 -04:00
Luke Faraone aca5cef3eb Redirect to login when attempting to resignup with a used email address.
(imported from commit d58a5dda9a0af409a6ee57cfcd30be45020352d2)
2012-10-01 10:45:58 -04:00
Luke Faraone 50dfbf7a1b Implement confirmation for new user signups.
We add a few templates for django-confirmation. We define a
"PreregistrationForm" which is validated by accounts_home, which then
generates a confirmation object and emails the user. This required creating
a new table for a PreregistrationUser with an email and status (confirmed)
field.

The register function now no longer accepts a "email" field in the form
and deals only with confirmation IDs to determine the email used to sign
up a user.

(imported from commit 4fcde04530aa7ad4de84579668daee7290b424ac)
2012-10-01 10:45:58 -04:00