Keegan McAllister
c06aa1a3da
Don't escape user metadata as it enters the system
...
We believe that our output escaping is sufficient.
(imported from commit 4c9d4d79682ef5689bc1eec12a3bbcc34de013a4)
2012-10-11 15:01:54 -04:00
Keegan McAllister
7137787984
Escape variables interpolated into <script> within index.html
...
Django's escapejs prevents breaking out with an embedded </script> tag.
It only works on bare string contents, not JSON-ish lists and such. So we
generate stream_list and people_list with template loops now.
(imported from commit 07fe4bebaa3fa11bc479b4378b8989560ce77f6f)
2012-10-11 15:01:54 -04:00
Tim Abbott
83f494b1a4
Add API queries to show public streams and the user's subscriptions.
...
(imported from commit 5f24e35a9bdd1e40406e2acb0c3713a6517d139b)
2012-10-11 14:43:23 -04:00
Keegan McAllister
9811bd5f8a
Get UserProfile by email with a join, not two queries
...
(imported from commit 0698ebb88615cea54196181aeabe869ec466dbc1)
2012-10-11 14:05:53 -04:00
Tim Abbott
676e650a08
Fix mit_sync_bot bug causing constant API requests.
...
(imported from commit dfa845b98a7e22ee69a9589b8b98ac5a49077793)
2012-10-11 13:00:50 -04:00
Keegan McAllister
5a7ff70c11
Remove obsolete views
...
This functionality is part of the home view now.
(imported from commit 5f0327eb62840bf98af49566e6f3c0b86ca43b8d)
2012-10-11 11:23:22 -04:00
Keegan McAllister
48ec15c46d
Don't duplicate realm query when registering
...
(imported from commit b1e3b7144f564c5b2fc23fbf548bf0672deb2932)
2012-10-11 11:08:52 -04:00
Tim Abbott
ac3f4393ff
Rename instance to subject.
...
(imported from commit 6b4693da03f106448c137cf81cf9801cac44f2b8)
2012-10-10 18:01:39 -04:00
Tim Abbott
08e832e093
Change send_message to accept a stream, not a class.
...
(imported from commit 0f58de2502bec227f5f33e44692d03f2f28d6f63)
2012-10-10 17:48:17 -04:00
Tim Abbott
6dc913766d
Rename 'classes' to 'streams'.
...
(imported from commit 8ad6791f39d49e90a2828b6af86d039ba5ca5abc)
2012-10-10 17:47:13 -04:00
Tim Abbott
493a428cb2
Rename zephyr_class=>stream for local variables in views.py.
...
(imported from commit 9ea782e0c132f4ab3ca86cd37ff584d0a2308dea)
2012-10-10 17:47:13 -04:00
Tim Abbott
003efb84b4
Rename get_class to get_stream.
...
(imported from commit 4d393f9fcd46847c54c7e0b6b7add219e8e07fe6)
2012-10-10 17:47:13 -04:00
Tim Abbott
4006e4b1ea
Rename class_exists to stream_exists.
...
(imported from commit 416bd1f4c513216d45913e306f6c8eaa542f3539)
2012-10-10 17:47:13 -04:00
Tim Abbott
39cde772eb
Rename valid_class_name to valid_stream_name.
...
(imported from commit 980135772f5050514b41130b0f1948aee3a3a4e5)
2012-10-10 17:47:13 -04:00
Tim Abbott
44e9e4cebf
Rename Recipient.CLASS to Recipient.STREAM.
...
(imported from commit a530194163f7260c73921137fa1ff671f14516f6)
2012-10-10 17:47:13 -04:00
Tim Abbott
1fc4780a81
Rename create_class_if_needed to create_stream_if_needed.
...
(imported from commit 1bbc792332981723d3d29b24ad03811d62ced5f1)
2012-10-10 17:47:13 -04:00
Tim Abbott
8daff2e05e
Rename ZephyrClass to Stream.
...
(imported from commit ae51b7a9e03f322dfe2dfccd250cbfc23adfe32e)
2012-10-10 17:47:12 -04:00
Keegan McAllister
8aa4e8c5f1
URLencode email in URL instead of HTML escaping it
...
HTML escaping makes absolutely no sense here. The other occurrence was already
removed in 55fff703924ef28060f0b91af3a6f06a1a636197 .
(imported from commit 3b7569dee381f6db290fc1527553802883e89ed7)
2012-10-10 17:24:49 -04:00
Luke Faraone
c2117a58e1
Don't use strip_html on passwords.
...
(imported from commit 2ecea072f545b5902b33bdc8e621871919cbbed6)
2012-10-10 15:16:23 -04:00
Keegan McAllister
26906777c1
Use 'reverse' when redirecting from home, for consistency
...
(imported from commit badd2a78cbe9d0007c7c8f515613761e68f01096)
2012-10-09 17:15:35 -04:00
Tim Abbott
6a7ce4cfe8
Comment out instance validation until we figure out what we want.
...
(imported from commit a1c22f9744f28635c67602a682bdb00cba0037ae)
2012-10-04 18:11:12 -04:00
Tim Abbott
12ea2895ea
Add a json_success style result to updates responses.
...
(imported from commit 6492f98f1e1f5b7622caa2f3427ae60bdfd3df0e)
2012-10-04 16:38:44 -04:00
Tim Abbott
27fdb10cbd
Return clean invalid user errors using the API.
...
(imported from commit 2f1687cbe8797ce42e66b340e87400720acd4054)
2012-10-04 16:38:44 -04:00
Tim Abbott
615e520c00
Add '.' to the list of valid class name characters.
...
(imported from commit 1d6c000434776b0b63f47bb514345746ed18bab9)
2012-10-04 15:17:12 -04:00
Tim Abbott
251177e8cf
Add a server-side check that class/instance names are valid.
...
(imported from commit 4534239e57b08b4d01d2caa68134e205ce6c225a)
2012-10-04 14:48:01 -04:00
Tim Abbott
2a79ff0cc8
Rename 'zephyrs' => 'messages' when formatting a message list to send to clients.
...
(imported from commit bfbb556f2444aca8277f54c363eccb678b6bf2dc)
2012-10-04 14:42:38 -04:00
Tim Abbott
8c11aeb7ee
Rename zephyr_backend => send_message_backend.
...
(imported from commit 78eb5884777a6631dd6a6a82c21295ee8ee49c11)
2012-10-04 14:38:07 -04:00
Tim Abbott
7991e6e281
Replace 'zephyr' => 'message' in code internal to views.py.
...
(imported from commit 92d7bc82bd8f6edae1e59cab3e0bd8b7d035775e)
2012-10-04 14:38:07 -04:00
Luke Faraone
d8b678c75d
Emails with plus signs no longer are rendered with spaces in /accounts/login
...
(imported from commit 55fff703924ef28060f0b91af3a6f06a1a636197)
2012-10-04 14:27:49 -04:00
Tim Abbott
1ab81cff92
[schema] Rename Zephyr => Message in the schema.
...
(imported from commit 4f402f150c45d2097d6b16943935e6e370b4f8d8)
2012-10-03 18:14:15 -04:00
Tim Abbott
ed8042da73
Fix bug where starnine@mit.edu always gets added to zephyr-forwarded huddles.
...
(imported from commit 3ab930ed8ad6ce917b33483bd5af3cf27452f6da)
2012-10-03 17:55:14 -04:00
Tim Abbott
83ceba0a2d
Remove old /api/get_updates view.
...
(imported from commit 5a33a61bfb4b3aa40e28c356f5b4048db775b901)
2012-10-03 16:58:31 -04:00
Tim Abbott
9223f7932c
Convert zephyr_mirror humbug sending to use the API.
...
(imported from commit 948a12a1dca903c47b7427248688f2079c7eecdb)
2012-10-03 16:50:29 -04:00
Tim Abbott
40ae6080ee
Wide the deduplication windows for catching huddles to 10 seconds.
...
(imported from commit 0d05ef03a08d285bc4d9967553c25448104586a7)
2012-10-03 13:51:38 -04:00
Tim Abbott
01bc4aaf28
Remove 'zephyr' from invalid message type error.
...
(imported from commit 360ffc5bfbb12f65af83093ee5a83ac7caa5c464)
2012-10-03 12:30:39 -04:00
Tim Abbott
7acfb5c71c
Rename /zephyr/ to /send_message/.
...
(imported from commit 41c2ff67cfc514e53aff8648c36f545526e324ed)
2012-10-03 12:30:37 -04:00
Tim Abbott
828e0d4afb
Rename forge_zephyr to forge_message.
...
(imported from commit aa2dc6e24a9c1bd6be09bfa26241663ae143cef9)
2012-10-03 12:27:34 -04:00
Tim Abbott
cca5f7b76a
Rename do_send_zephyr to do_send_message.
...
(imported from commit df4dc741bf00a197ca5ab39373bc9a3eda379684)
2012-10-03 12:27:34 -04:00
Tim Abbott
d2884ba456
Make connection errors disappear more efficiently.
...
Previously, connection errors would stick around after a problem with
the server until (1) the server was fixed and (2) we later received a
message. This code change eliminates condition (2) by having the
server return immediately with no messages in the event that the
client has accumulated a large number of errors.
(imported from commit 6a9b08e534db6daea0041a71556ef5b708e935ed)
2012-10-02 17:46:06 -04:00
Tim Abbott
e79805847b
Rename the 'new_zephyr' argument to the more descriptive 'content'.
...
(imported from commit b47e2c4823bbfbf2f94cbafb24ed5d78dfbe841b)
2012-10-02 17:29:55 -04:00
Jessica McKellar
f54d1d16cc
views: remove unused variables and imports.
...
(imported from commit 9f421867caac561556e47ce79528432fe1b3b2dc)
2012-10-02 17:17:27 -04:00
Tim Abbott
5a5b5de650
Rename /api/v1/get_updates to /api/v1/get_messages.
...
(imported from commit f856637158cf9fda64ba333b532a5941de8fcbab)
2012-10-02 16:29:34 -04:00
Tim Abbott
18a3888373
[schema] Add an API for sending/receiving messages.
...
(imported from commit 209d525dc5892fc4c392a8ced1588c838cbb17c4)
2012-10-02 15:49:25 -04:00
Jessica McKellar
33ad7817a4
Require that the first character of a class be a number or letter.
...
(imported from commit a4d1c23f784107198045aee7cec1f53ab5114762)
2012-10-02 15:16:26 -04:00
Jessica McKellar
ec36170511
Fix buggy class name validation regex.
...
A-z != A-Z. The former permits problematic characters like "\".
(imported from commit 2bcda8683e630eaa6cbc3a2b9d0bda7a8448a8fa)
2012-10-02 15:16:26 -04:00
Jessica McKellar
588db5b4c5
Make class names case-insensitive.
...
(imported from commit e76e50156ca8dab1f7b3124351997e75ef08e521)
2012-10-02 15:16:26 -04:00
Luke Faraone
0c47459733
Also escape &s.
...
(imported from commit 8a76089492b0e7f7ff2635e7091485db2d7292c4)
2012-10-02 15:11:55 -04:00
Jessica McKellar
8727b1667c
Check if a class name is valid when checking for existence.
...
(imported from commit f4de50b52c851058b736033d447ea7fa6777a3d4)
2012-10-01 15:36:10 -04:00
Luke Faraone
aca5cef3eb
Redirect to login when attempting to resignup with a used email address.
...
(imported from commit d58a5dda9a0af409a6ee57cfcd30be45020352d2)
2012-10-01 10:45:58 -04:00
Luke Faraone
50dfbf7a1b
Implement confirmation for new user signups.
...
We add a few templates for django-confirmation. We define a
"PreregistrationForm" which is validated by accounts_home, which then
generates a confirmation object and emails the user. This required creating
a new table for a PreregistrationUser with an email and status (confirmed)
field.
The register function now no longer accepts a "email" field in the form
and deals only with confirmation IDs to determine the email used to sign
up a user.
(imported from commit 4fcde04530aa7ad4de84579668daee7290b424ac)
2012-10-01 10:45:58 -04:00