Commit Graph

290 Commits

Author SHA1 Message Date
Keegan McAllister 1975d7aa16 Set PIPELINE in settings.py so urls.py can read it
(imported from commit 641ff07e83ffa4b5271da311c0660d59e73b3f8f)
2013-02-25 16:18:35 -05:00
Zev Benjamin 814e3d6385 Implement a message list structure for storing messages and related information
(imported from commit 171de93636a215d9357c7fc4ee8fb71696d23fb5)
2013-02-21 13:27:45 -05:00
Waseem Daher b51dc36667 Add a tutorial.js file.
(imported from commit 58b72d08c0cd7815c3c54bd37c4a8033f32cc7ad)
2013-02-20 23:04:49 +00:00
Waseem Daher 163c9c8d75 Add a JSON call that causes the tutorial bot to send you a message.
The idea here is: part of the onboarding tutorial is going to
be you talking to the tutorial bot and it talking to you, from
our Javascript.

The reason it's driven by Javascript is that then in principle we can
do nice stuff like making popovers appear in places to point things
out to you, whereas if we were to do it strictly server-side, doing so
would be a lot harder.

The downside to doing it in Javascript is that you don't get any of
the Markdown rendering, since that happens on the server. So instead
we add this call where you give it a message, and it responds by
having the tutorial bot send you that message.

I don't think there are any security concerns here because
(1) The bot only messages you -- so you can't use it to make someone
    else think that the system is telling them to do something
(2) If there were an issue associated with having the server parse
    arbitrary Markdown, you could just trigger the issue by sending
    a message yourself.

(imported from commit b34f594dab6be6bcb81899278ae1cbe447404468)
2013-02-20 23:04:49 +00:00
Reid Barton 59dab21fcd Render recent dates as weekdays, part 1.
This commit just moves time rendering logic to its own file, and does
not make any functionality changes.

(imported from commit d111d03c6abc8d9550fcf65e4f89eab8056d1ed4)
2013-02-19 15:58:25 -05:00
Keegan McAllister bb5f59d310 Use white text for recipient labels on streams set to dark colors
Fixes #577.

(imported from commit 0518e33b96bc0028fc80d533f6b8ec35fd5cdc04)
2013-02-19 15:33:35 -05:00
Tim Abbott 861cb405f6 Move MIT Zephyr setup instructions to humbughq.com/zephyr.
This makes it possible to point users back at the instructions they
followed originally in the event that their Zephyr mirroring bot has
died.

(imported from commit 24ab2dc0df3dc88f8155d58761a89fe44c111fd9)
2013-02-19 14:17:54 -05:00
Leo Franchi 83011f7f47 Show a user activity list in the sidebar
(imported from commit 95aaa55c7e4cc39f844518b5308866bedf2cd1c5)
2013-02-11 18:05:57 -05:00
Leo Franchi 31f87481d0 [manual][schema] Add an API for user presence (idle) information
Adds a new db table for storing presences, and an API for setting
an individual user's idleness as well as fetching all idle status
for all users in a realm

(imported from commit 5aad3510d4c90c49470c130d6dfa80f0d36b0057)
2013-02-11 18:05:57 -05:00
Jessica McKellar 3a39ac76c4 Add a new /get_members API query.
(imported from commit ced7c74212210a1fcee03c1c402dca9b42483d11)
2013-02-11 13:45:46 -05:00
Keegan McAllister d68674be83 Remove CUSTOMER30-specific account views
Reverts c4b6f744 (inexactly, since there are some other changes along the way).

(imported from commit 5c7294fb13cd0bc523ae55c137dc5254b7cb0121)
2013-02-08 13:33:28 -05:00
Waseem Daher d8b9151a31 Initial documentation page for integrations.
(imported from commit cd73c63306ab7ed8c886c30488d5ab928fac6c06)
2013-02-06 16:53:13 -05:00
Waseem Daher d9a06ba8fd Initial API documentation page.
(imported from commit 06a5e902edf03ab781b30dd80f5fbfbaa790bc0a)
2013-02-04 17:58:12 -05:00
Jacob Hurwitz 61acc58947 Add a notifications bar when there are additional messages out of view
(imported from commit 38fa78f63fd520d0b1f09921ba064cba010a6f99)
2013-02-02 01:16:25 -05:00
Keegan McAllister 638b8d29bc Enable testing minified files in dev
(imported from commit 257b8547849a85c447319d3d211f2c989616ce64)
2013-01-31 15:41:01 -05:00
Keegan McAllister 6990260b59 [manual] Minify JavaScript and CSS in production
Manual deployment steps: The same Nginx reload as for "Get rid of the
static-access-control mechanism".  If deploying both commits at once,
just do it once.

(imported from commit dd8dbbf14b95fce0a4b6f66f462fa0a6b50bfb8c)
2013-01-31 15:41:01 -05:00
Keegan McAllister 5e9b0ba79d [manual] Get rid of the static-access-control mechanism
We will minify our code, rather than trying to restrict who can see the
un-minified code.  Removing access control first simplifies things.

Manual deployment steps:

    scp servers/puppet/files/nginx/humbug-include/app root@staging.humbughq.com:/etc/nginx/humbug-include/
    ssh root@staging.humbughq.com service nginx reload

and then the same for app.humbughq.com once deployed to prod.

(imported from commit 63788aa3fa7ba5fd97fcf85b05760abb5e7cae4b)
2013-01-31 15:34:12 -05:00
Jacob Hurwitz 4d361f8290 Change test_settings to use DummyCache
Previously, our database was cleared between tests but the cache wasn't,
so old database data would end up in the cache and cause unit test
failures. This replaces our cache with a dummy that doesn't actually
cache any data. In the future, if we decide that our tests require an
actual cache, we can return to LocMemCache and simply empty the cache in
the tearDown method of our tests.

(imported from commit 9f4603789a225673a8394614416f201919710261)
2013-01-29 15:56:16 -05:00
Zev Benjamin 11d8cdef6f settings.py: Add 'schema' to database configuration
Django doesn't use this setting, but South consults it when
inspecting tables for their constraints.  The fact that we store our
tables in the 'humbug' schema was causing South to fail to find our
table constraints (it was looking in the 'public' schema) and
therefore throw an exception when we try to remove the unique
constraint in migration 0002.

(imported from commit 4230338a7b78329a759339b2f9fcd277137b7f32)
2013-01-29 12:16:32 -05:00
Zev Benjamin a3037ea91a Revert "Set a wildcard subdomain for the session and csrf cookie domains on staging"
This was to support get_updates sharding, which we never fully
implemented.  We can recommit this change later if we choose to bring
the feature back.

This reverts commit fda2d99d9e9a07951d11fcd9fc61cf229988f471.

(imported from commit aec8203c8d8a94dd6f30089aeee22814d1595fc5)
2013-01-28 13:11:58 -05:00
Tim Abbott 72af050b32 tests: Don't log INFO level request log messages from test suite.
This ends up being really spammy and thus makes real warnings easy to
miss.

(imported from commit e95dbe69137cc962ed3dbcb60cf88757da2e8ea5)
2013-01-24 10:58:51 -05:00
Zev Benjamin f6547dedb1 Set a wildcard subdomain for the session and csrf cookie domains on staging
(imported from commit fda2d99d9e9a07951d11fcd9fc61cf229988f471)
2013-01-17 21:40:46 -05:00
Luke Faraone a3f412b193 Add functions for CUSTOMER30 registration.
(imported from commit c4b6f744ffa5b41df4170735f081bbe5655a54fe)
2013-01-17 10:49:10 -05:00
Jessica McKellar 8d1ccad29b Prominently display the user in Django 500 emails.
As a side-effect of customizing the e-mail, this also makes the host
on which the error happened a part of the subject line.

(imported from commit 7d5e9ad108b48fd34528512c5955567119935d4e)
2013-01-17 09:47:10 -05:00
Tim Abbott cb0de0fc60 Fix logging in with email addresses long than 30 characters.
(imported from commit 81d0c329d0c7403986e2379accbe2f1be3c731e3)
2013-01-16 17:02:06 -05:00
Zev Benjamin 76b1e4778d Expose get_public_streams to the JSON API
(imported from commit 2ef9e000e4cd9fcc075e66d3da9c4bce63d68a4d)
2013-01-15 17:02:39 -05:00
Zev Benjamin 45de8fd25b Add a query to fetch the subscribers of a stream
(imported from commit 286bb42980619a3f8e575a4e2984ad1c4b3fe099)
2013-01-15 17:02:38 -05:00
Keegan McAllister b5a0147e26 Log events to a file named after today's date
We need this so that we can safely expunge old events without interfering with
the running server.  See #414.

(imported from commit 4739e59e36ea69f877c158c13ee752bf6a2dacfe)
2013-01-15 14:37:36 -05:00
Tim Abbott e592e71515 [manual] Use rabbitmq queue to process UserActivity.
Before this is deployed, we need to install rabbitmq and pika on the
target server (see the puppet part of this commit for how).

When this is deployed, we need to start the new user activity bot:

./manage.py process_user_activity

in the screen session on the relevant server, or user_activity logs
won't be processed (which will eventually result in all users getting
notifications about how their mirrors are out of date).

(imported from commit 44d605aca0290bef2c94fb99267e15e26b21673b)
2013-01-14 13:28:23 -05:00
Luke Faraone 22a4b76290 [manual] [schema] Add backend function to invite users to the app.
(imported from commit 17ae27b22bdca33e63b96fa8c819759e4f4315fa)
2013-01-14 10:25:25 -05:00
Tim Abbott 3b7d61e45f tornado: Get User and UserProfile objects from a memcached.
This commit has the effect of eliminating all of the non-UserActivity
database queries from the Tornado process -- at least in the uncached
case.

This is safe to do, if a bit fragile, since our Tornado code only
accesses these objects (as opposed to their IDs) in a few places that
are all fine with old data, and I don't expect us to add any new ones
soon:

* UserActivity logging, which I plan to move out of Tornado entirely

* Checking whether we're authenticated in our decorators (which could
  be simplified -- the actual security check is just whether the
  Django session object has a particular field)

* Checking the user realm for whether we should sync to the client
  notices about their Zephyr mirror being up to date, which is quite
  static and I think we can move out of this code path.

But implementation constraints around mapping the user_ids to
user_profile_ids mean that it makes sense to get the actual objects
for now.

This code is not what I want to do long-term.  I expect we'll be able
to clean up the dual User/UserProfile nonsense once we integrate the
upcoming Django 1.5 release, with its support for pluggable User
models, and after that I change, I expect it'll be fairly easy to make
the Tornado code only work with the user ID, not the actual objects.

(imported from commit 82e25b62fd0e3af7c86040600c63a4deec7bec06)
2013-01-11 16:11:07 -05:00
Tim Abbott e15c575977 Cache Django session objects using memcached.
(imported from commit 531ea34d5781b27401a7e2d90a0be99927d0bae5)
2013-01-10 16:59:36 -05:00
Tim Abbott 0a84d7ac62 Fix running test suite on a machine with caching enabled.
(imported from commit d5a18fd0af24b5c1602d027f1793eceba5a8f8a5)
2013-01-10 16:59:36 -05:00
Tim Abbott 77b7c1ead3 Explicitly error out when running tests improperly.
(imported from commit 8224aef3e327010f8ffdcf4dc966a1ccdbb8714c)
2013-01-10 16:59:36 -05:00
Tim Abbott 52589ca6fb Fix running "./manage.py test zephyr --settings=humbug.test_settings"
Previously it wouldn't work due to using the wrong port numbers.

This commit also has the side effect of fixing the fact that our
frontend tests would send real emails and log events to the real
message log.

(imported from commit f2cf400e6061c089627acba2759d588981ecf5bb)
2013-01-10 16:59:36 -05:00
Jessica McKellar 2c6ac969ff Temporarily increase get_updates polling timeout to deal with increased load.
(imported from commit 8477c829f1f69299ddb9c22dee722825dd673ee7)
2013-01-09 21:07:43 -05:00
Keegan McAllister 4a9d65c758 Disable desktop notifications in automated testing
CasperJS can't handle them; window.webkitNotifications.requestPermission()
throws a type error.  We can revisit this when we want to write tests for the
notification code.

(imported from commit 90f4d6ac3ddb387e74051b9af2c230698fa94479)
2013-01-09 14:03:40 -05:00
Luke Faraone 0646cd7e21 [manual] Convert Humbug to use Django South.
This was done using instructions provided by the South authors:
	<http://south.readthedocs.org/en/0.7.6/convertinganapp.html>

This adds a dependency on python-django-south >=0.7.5. Now when you are
reinitializing the database, you need to run "./manage.py migrate --all"
before running populate_db.

When deploying this commit onto existing servers, you need to run these
commands manually:

    ./manage.py syncdb
    ./manage.py migrate zephyr 0001 --fake
    ./manage.py migrate confirmation 0001 --fake

These do *not* need to be run on new databases, only on existing ones.

(imported from commit f24cff421a6be9ab9cf4c4342565c484ac336e2d)
2013-01-08 18:14:39 -05:00
Luke Faraone c327446537 Add alternative terms acceptance workflow.
This view lives at /accounts/accept_terms, and (after getting an acceptance
from the user) sends an email to all@ documenting the acceptance.

(imported from commit 8f64286ab02887fd6544fa274b2967f6499b6dbc)
2013-01-08 17:48:42 -05:00
Tim Abbott 83abc08315 Move tornado views to their own file.
(imported from commit e0d9182cbc89a16eedd2846fa17cfba482510565)
2013-01-08 16:53:53 -05:00
Tim Abbott 86862a8c0a Fix running Django against postgres on Tim's laptop.
I'm not sure why this wasn't set before, but it's needed for this to work.

(imported from commit fd77c975a234ccd6a972a6f2c9bfac21fcbb2d25)
2013-01-07 15:06:28 -05:00
Zev Benjamin c6929bbc9f Allow PBKDF2 password hashes in dev mode
This fixes a problem where if you were 1) running in development
mode, 2) had populated the database from production data, and 3)
tried to log in with an account that had changed its password, you
wouldn't be able to.  The problem was that the password change
created a password change record with a PBKDF2 hash, not a SHA1 hash.

This change lets the dev server accept PBKDF2 hashed passwords, but
still use SHA1 password hashes for creating test users for speed.

(imported from commit 2840d266f93add1edbba7f93a7f1491372fc8cf1)
2013-01-03 16:03:55 -05:00
Jessica McKellar c01a6ecb1e Remove unused django.contrib.messages middleware.
(imported from commit 224ff811c5c8c8b1205822c65a6d23993ac68e5e)
2013-01-02 17:41:50 -05:00
Zev Benjamin bf5ce4783d Move @has_request_variables error responses to middleware
This will now allow us to use @has_request_variables on helper
functions.

(imported from commit 799d71477654eac7fd8192cfc5bb88b78053532d)
2012-12-20 14:26:36 -05:00
Tim Abbott 35226c352d Enable postgres on prod server.
(imported from commit 4cf25c4ffe685dcfeb8d6c87ade3fcca7a92a807)
2012-12-15 08:42:12 -05:00
Tim Abbott aa0924f36b Switch Tim's laptop to use postgres.
(imported from commit e7f9d359843d23986ba25576531f0935f99f4c12)
2012-12-14 17:15:32 -05:00
Keegan McAllister 7c74017bc0 Decrease get_updates timeout for client test suite
Fixes #475.

(imported from commit d8f908c55f2e519541e5383a742edbf23183539c)
2012-12-14 16:22:42 -05:00
Keegan McAllister 44b9925bfc Configure get_updates timeout in settings.py
(imported from commit 2a647bdd73c43ca5fed704925808efafc70da044)
2012-12-14 16:22:42 -05:00
Zev Benjamin 103eb5130d Authenticate to Postgres with client certificates and check the server's certificate
(imported from commit a3be2178d7675d409d81b9119815ac1f680d1388)
2012-12-14 11:38:18 -05:00
Tim Abbott e7b74060d2 Log password change events via the password reset feature.
(imported from commit bbec7074229e8779c81d439d4eef373b5dac9fa7)
2012-12-13 15:22:35 -05:00
Zev Benjamin 4788443e60 Switch staging to use postgres
(imported from commit fde5bf54a42c6be95fe2436094d7ac1626c29683)
2012-12-12 18:24:22 -05:00
Tim Abbott c09f2d534e Fix using DEBUG=False on development machines.
This is useful for debugging our error Humbug code, for example.

(imported from commit ea244b03eaf74349ade53d15ee20312732b4e083)
2012-12-11 17:15:59 -05:00
Luke Faraone 8d5d45f3a0 Use datetime.min for initial last_error rather than int 0.
Otherwise, code may break when it encounters a comparison against
last_error.

(imported from commit 301f256fba065ae9704b1d7f6e91e69ec54f1aa1)
2012-12-11 15:59:08 -05:00
Luke Faraone 6ff666b9d7 Filter out "content" and "secret" from exceptions.
(imported from commit 31206f528fc93746133ebe2d9234b6ce0b88cf3b)
2012-12-07 17:32:16 -05:00
Luke Faraone a604183c5b Log errors to Humbug, too.
(imported from commit 2547625135568f3ea004bf4287471a82bc0a4f38)
2012-12-07 17:32:15 -05:00
Luke Faraone adf289c9df Implement basic email error reporting.
Here we send an email for each unique error every ten minutes.

(imported from commit adf5ee4bf52c9aef253a94b1c3647515d9b3e495)
2012-12-07 17:32:15 -05:00
Zev Benjamin 02df4f76b6 Allow case-insensitive email addresses when doing authentication
(imported from commit b52e39c7f706a2107b5d86e8e18293a46ed9e6ff)
2012-12-04 16:37:55 -05:00
Waseem Daher 3867cc3fe2 Add a "tutorial" page at /new-user
This is an interim strategy for user education that'll be a stopgap
until we build something in the app itself.

(imported from commit 9022d4ceffca98e127f7045f73c012857fe6fc54)
2012-12-04 12:05:56 -05:00
Jessica McKellar 2fd3eb521c Refactor colorizing requests into a subscription properties model.
(imported from commit da4bfee4a12e941d4ec4c9f140973bb138c82c93)
2012-12-03 12:46:27 -05:00
Jessica McKellar 505d35ac9b Add backend support for colorizing streams.
This includes JSON requests to fetch and set stream colors.

(imported from commit 92e19c9a3b72e9012df0178348068ea033b5f060)
2012-12-03 12:46:26 -05:00
Zev Benjamin fb0b4b23c3 Preliminary GitHub integration for pull requests and pushes
(imported from commit 5f91cfd39552294e2c1f1412044d5c8e738d68e3)
2012-11-27 13:55:57 -05:00
Keegan McAllister 545c1494f0 Configure the app to use memcached
Fixes #54.

(imported from commit c94f5b133143510289d410252340b9a4ab26709c)
2012-11-26 11:59:48 -05:00
Luke Faraone 724dce78e4 Always allow registration if attempting to register for a non-MIT realm.
(imported from commit 00489ab74c376a4ffb23ad661699ef31c6c06818)
2012-11-21 16:42:15 -05:00
Tim Abbott 6026c80de6 API: Add unsubscribe function.
(imported from commit 6dc55e9030770500770ce3921a4e77499d64f2d6)
2012-11-16 17:06:01 -05:00
Tim Abbott 312db82f2b urls: Reindent our API views.
Otherwise the upcoming /api/v1/subscriptions/remove is too long.

(imported from commit 47da45a84b986fea238bac17b317dbb1aa506b4b)
2012-11-16 17:06:01 -05:00
Tim Abbott afc62a8e16 [manual] Uniformize the subscriptions API method names.
This requires a zephyr_mirror deployment when it is pushed to prod.

(imported from commit 6543441fb264b518f8705d7989d068a1d50ce5d6)
2012-11-16 17:06:01 -05:00
Keegan McAllister a2750943e3 Use a custom Django test suite runner
This allows us to define new command-line arguments for 'manage.py test'.

(imported from commit 11cf24694a54a3b717256903b7582ddec9a85587)
2012-11-16 15:33:38 -05:00
Tim Abbott 7ae73fabd4 Log how long requests take to process.
(imported from commit 89915f859e4493ff04a34d198ac6df5541b743cc)
2012-11-14 15:52:57 -05:00
Keegan McAllister ed490c672f Allow running the dev server with the test database, on different ports
For use by frontend tests.

(imported from commit c8f81b862963f00e5b5517ba05b2d1adcab6d78a)
2012-11-13 10:59:02 -05:00
Keegan McAllister 31496e9189 Generalize Tornado-related settings
(imported from commit 76a1338a87e1a6663aa7602a499e2d769814bf08)
2012-11-13 10:59:02 -05:00
Tim Abbott 30b43ebee2 Uniformize /json/ and /api/ URLs to end with no trailing slash.
(imported from commit c35b30bcc43982db3a2f774ea69269e5424a6159)
2012-11-09 14:30:10 -05:00
Tim Abbott 16c8baf99b Fix running tests when the default database is MySQL.
(imported from commit b692b64219fb67792cdfd3bd208df2c6103d23ad)
2012-11-09 14:16:52 -05:00
Tim Abbott 85423bc010 Add a /activity page displaying data on user activity on the site.
(imported from commit 3877be49e4e0b89cadfead88b5c51f955759a996)
2012-11-09 12:28:38 -05:00
Keegan McAllister 513d19cc67 urls: Line things up
Whitespace-only change.

(imported from commit 2616e9e208d77a1a2c0b9973bcc19dbbf607b134)
2012-11-07 17:46:46 -05:00
Keegan McAllister 0c9122e3f9 urls: Remove name=...
Per Django docs, these are used to set an alias for use by reverse().  We
mostly don't use these, and they clutter up the file.  We do use
reverse('send_confirm') so it stays.

(imported from commit 7789e588e187fae71638bd77a553801c48fa8818)
2012-11-07 17:46:46 -05:00
Luke Faraone 87b3d0c581 Enable basic password reset functionality.
(imported from commit 5ac0d15912173067d946b31be1c1251bc12a940a)
2012-11-06 16:33:21 -05:00
Tim Abbott a6cd21a1b8 Log events to a file named after the current server.
Merging these log files together is future work.

(imported from commit 54abf1ed41c2d8ba220fd3af0d997256c2718db0)
2012-11-06 14:12:19 -05:00
Jessica McKellar 204f3b35db settings: give a real ADMIN address.
(imported from commit f6171d5d3a702ae180cd27895ed76bef8890f6fa)
2012-11-02 15:45:51 -04:00
Keegan McAllister 3acc407512 settings: Remove commented-out template loader
(imported from commit 79273487532746f99bdbfac62bb9f34e844639a8)
2012-11-02 14:57:38 -04:00
Keegan McAllister 87bbbd6484 settings: Add a comment about SITE_ID
(imported from commit 2bc8964c32ac8b54a701d52bf64dd7c738d9a5a2)
2012-11-02 14:57:38 -04:00
Tim Abbott 7e0cbd1c8b Change json_add_subscription to use the same interface as api_subscribe.
(imported from commit 9b9eb0284ad262ce9701ef81162d954544435d52)
2012-11-01 13:05:52 -04:00
Tim Abbott e48bdfe847 Use json_success for api_fetch_api_key.
(imported from commit 395d992fa634f5304f8a44f38f0251109c1a0810)
2012-10-30 16:59:18 -04:00
Keegan McAllister 044b08b409 Remove more commented out example code
(imported from commit 83f7c8763d96af5341fe630d1d8be11eef1f33aa)
2012-10-29 23:21:00 -04:00
Keegan McAllister 45387a8e63 Fix logout view
Previously if you hit /accounts/logout with no ?next=... parameter, you would
see a broken version of index.html missing dynamic content.

(imported from commit d9bca92d1c3c82893524ba69b132d59c48aa34c9)
2012-10-29 18:30:01 -04:00
Luke Faraone ee31a1b1a6 Allow people with confirmation IDs to register even under ALLOW_REGISTER
External people won't be able to register unless we initiate the action
and send them an email, because the confirmation token generation code
is in the still-protected accounts_home view.

(imported from commit 8985257576d3dff5b0cad9d4b0ae213f18528865)
2012-10-29 17:16:22 -04:00
Keegan McAllister 50e40d3f47 Remove comment about XFrameOptionsMiddleware
We already set X-Frame-Options in nginx.

(imported from commit db2b51340e974f6775001f317dcbdda84be88e38)
2012-10-29 16:14:40 -04:00
Keegan McAllister 0e03a7acc8 views.home: Use @login_required
We can't use reverse() due to what amounts to a module import cycle.

(imported from commit 8a2904648173bc3e4ff2079d33320417b28518d3)
2012-10-29 15:41:28 -04:00
Keegan McAllister 5353f5b3b0 Rename NOT_LOGGED_IN_REDIRECT -> HOME_NOT_LOGGED_IN
If we have other pages that require login, we might want them to redirect to
the login form.  But the root of the site should take you to /accounts/home --
but only after we launch the product.

(imported from commit b5d10e1c908f1ffe1ee68c2689691ca66c896786)
2012-10-29 15:41:28 -04:00
Keegan McAllister 7c790357a1 authenticate: Reject None for username or password, without a DB query
(imported from commit dd76b174a806f9bf4a47f07f124321a025561183)
2012-10-29 15:41:28 -04:00
Keegan McAllister 5ed13e9079 Remove inactive Django admin code
These can only cause trouble.

(imported from commit 1def3234675c12461e9fc8b71c6b9e1b107edd1d)
2012-10-29 13:56:09 -04:00
Keegan McAllister 92b10e3bc2 settings.py: Change deployed check
This is security-critical so we have two checks.

(imported from commit adaa1cefe2d08526cdaac2fb0d8cc02773390224)
2012-10-27 11:18:51 -04:00
Keegan McAllister 3e86da67f9 Set the CSRF token cookie as HttpOnly
(imported from commit 0bf4239db085edcfc311efeb61da3ef409cc6206)
2012-10-26 16:08:18 -04:00
Keegan McAllister 6f3b9ef00d Enable /terms and /privacy on the live site
At Jeff's request.

(imported from commit 2cc25252e3183f858fcd63dddcc97573a5ac6082)
2012-10-26 13:00:01 -04:00
Zev Benjamin 8a66d52228 Expose get_old_messages to API
(imported from commit d3b86a049440c54b52d96c27f8925a73496eaffe)
2012-10-26 10:42:11 -04:00
Keegan McAllister 2afa9894ce Add a draft privacy policy
(imported from commit 4095e3bb72a5975b4353bf0eace9da48c0eec200)
2012-10-25 19:11:28 -04:00
Jeff Arnold 5316fc9863 Rename tos -> terms in urls.py
(imported from commit 5cb47202f62b500b2fdaa49b093830df279828b3)
2012-10-25 16:07:18 -04:00
Keegan McAllister eef027560a Remove unused imports
(imported from commit eb576627ff72e57fee0e3a4c357f51ad74cd6c86)
2012-10-25 15:22:18 -04:00
Keegan McAllister f8540dcdae Wrap some other extremely long lines
(imported from commit e7d55f318c8865ca953bf4520d1b07f7e84a4aeb)
2012-10-25 15:22:18 -04:00
Zev Benjamin c4189d1029 Add get_old_messages json call
This new call only allows fetching of existing messages.  The idea is
to remove this functionality from get_updates to simplify the backend
code.

(imported from commit 1345db2f1707e208e7c0bd08b7d444932c68b6a2)
2012-10-25 12:10:44 -04:00
Keegan McAllister 6172f42b6b Add terms of service at /tos
Based on Jeff's "Terms of Service.rtf"

(imported from commit 0ac24148cd963c65252c349556cb04aa4a1d79b2)
2012-10-24 19:31:56 -04:00
Zev Benjamin 732ca19729 Synchronize the pointer across sessions
The client may now optionally send its current pointer during
get_updates and the server will return the latest pointer if it
differs and was updated more recently by a different session.

(imported from commit e43b377d7dfb52f83cefb0b1003863d5407caf80)
2012-10-22 16:44:57 -04:00
Jessica McKellar f5f3ffc6a9 Expose an API method for updating the pointer.
(imported from commit 66d49c149e0bbc60e82a5967b77aff69629b09e7)
2012-10-21 13:33:14 -04:00
Jessica McKellar 0fb836538d Add an API request for getting profile (specifically pointer) data.
Mobile clients need it.

We are going to need to sit down and think about how much power we
want to give our API users, though. For example, should they even get
to know about your absolute pointer value (maybe they should only be
able to make requests relative to your pointer), or be able to request
very old ranges of messages?

(imported from commit 1680655f0d9a670bc0da0ddb92fbbd5cf851d3dd)
2012-10-20 21:59:59 -04:00
Tim Abbott afd141a03e Use fast password hashing when replying old messages locally.
Without this change, one can only create a few users per second(!),
which really puts a damper on quickly importing old messages.

(imported from commit 26daf61b57154daa067db3daf8254c12d23da353)
2012-10-20 17:46:12 -04:00
Keegan McAllister f5d4471993 Only serve static files from Django if DEBUG = True
(imported from commit 5028f9caf637e95aa83a0736bf11930357fc725e)
2012-10-17 18:24:15 -04:00
Keegan McAllister 94f107e281 Log all requests
runserver already prints them to the console, but runfcgi doesn't.

(imported from commit 3450e3fd65ef3990729c94e80dad4fc3c89f0e64)
2012-10-17 18:23:02 -04:00
Keegan McAllister 122edf6a8c Tweak logging config
(imported from commit 686a843c6ccbc2f514669bb7901daacbe639697c)
2012-10-17 18:23:02 -04:00
Keegan McAllister ea916951f4 Disable notify_new_message calls in testing and populate_db
(imported from commit 07a0fea4173e2e27a90ac5f111927f0000377764)
2012-10-17 18:23:01 -04:00
Keegan McAllister a545876d56 Rename notify_waiting_clients -> notify_new_message
We might have other URLs for other notifications.

(imported from commit 4c1c5fe2f039816fef4c268f34692ca4f19d81e8)
2012-10-17 18:23:01 -04:00
Keegan McAllister c851bc4632 Generate initial API keys in the same manner as passwords
(imported from commit 754fa391b441c520082650a0cf3bacf050bf81b3)
2012-10-17 18:23:01 -04:00
Keegan McAllister cc8a14fcf8 Create accounts with passwords which are deterministic but hard to guess (from the outside)
(imported from commit 964610fec6c4690c1e881f2bab252296663c819a)
2012-10-17 18:23:01 -04:00
Keegan McAllister 1fded25025 Make redirects work properly behind a reverse proxy
(imported from commit 7ffb0b10e796ab27a8a4d028195637c9dca74aa7)
2012-10-17 18:23:01 -04:00
Keegan McAllister 5e70b5a291 Split off the Tornado code into a separate process
(imported from commit 95dbd0f438cdba06d6e6c6c539a2a3d49c577cfd)
2012-10-17 18:23:01 -04:00
Tim Abbott 758bbe6fc9 Rename api_fetch_key to api_fetch_api_key to match json methods.
(imported from commit ed1c33f5017426dd38882c06ac38343451edb94b)
2012-10-17 17:13:33 -04:00
Tim Abbott ae3e24458c Add a UI for requesting your API key.
(imported from commit 07c40caf73f3b6c1c502a6c8e18109532dd28cc3)
2012-10-17 17:09:46 -04:00
Keegan McAllister 8070680184 Set the 'secure' flag on Django cookies
(imported from commit b563f62e2b185a8195daf212574c30f6e252900e)
2012-10-17 16:53:26 -04:00
Luke Faraone 12bad46740 Introduce API method to return a user's API key by logging in.
This makes it easier for mobile clients to use the API by enabling them to
present the user with a familiar username / password prompt, rather than
by asking them for their API key.

(imported from commit 6ed06cfe86f87e7aef54a4be7835fb7bf8d7f209)
2012-10-17 15:33:05 -04:00
Keegan McAllister 62fad52ad6 Remove unused Django staticfiles app
(imported from commit 275db1a8a752fe307d2b94aa83937ea96fab8a28)
2012-10-17 15:27:29 -04:00
Keegan McAllister 8d4fefbe95 Remove Django staticfiles config
We're not really using it, and it's misleading.

(imported from commit 4244934cdcc957b4e12184b935953830ac443280)
2012-10-17 15:04:33 -04:00
Keegan McAllister 235ce960b8 Use the obfuscated URLs
The key property is that we never reveal the non-public directory name
4nrjx8cwce2bka8r to a not-logged-in user.  This makes it less likely that
random people from the Internet will download all our client code while we're
still in private beta.

(imported from commit 7428e847e0a1a34152cb6dc2b677c1b47290c202)
2012-10-17 15:04:33 -04:00
Keegan McAllister cfb72a7337 Add robots.txt
For now, disallow everything.

(imported from commit fad7ba7ec28c86342a5c11bc721cdf45507c7c4f)
2012-10-17 15:04:33 -04:00
Keegan McAllister b59e895bbf Remove favicon
Browsers tend to cache these forever, and it's not our final logo.

(imported from commit 48e607c9e7ff95ee523dd339b3fcc9a1b189fa7f)
2012-10-17 15:04:33 -04:00
Tim Abbott 7237b4a73e Fix sending to a stream with a space in its name.
Previously if you tried to send to "a b", we actually ended up trying
to send to "a%20b", since we were url-encoding the stream name and
then not properly decoding it.

(imported from commit 307d2999bd309e47fc654ae4422ab4372edde064)
2012-10-17 14:06:00 -04:00
Tim Abbott 3e994c16b7 Rename/reorganize our urls to be more consistent.
(imported from commit ca3cc7ccd5d7da83a9c60968527378ee1118648e)
2012-10-16 15:56:06 -04:00
Keegan McAllister 8819bdc0fc Hide most of the navbar on the deployed app
(imported from commit 3b055588f7de805bf1b038f1bc6c03837eda010a)
2012-10-15 18:44:36 -04:00
Keegan McAllister 489fd58e43 Hide register, confirm, etc. on the deployed app
(imported from commit 8bcf84383d4ea4c24dfadaee330517bfc9801bbd)
2012-10-15 18:44:36 -04:00
Keegan McAllister 1876995abb Redirect home to login on deployed server
(imported from commit 9642a3c6b7b0b55cf5731cc2e241aed51431c8ae)
2012-10-15 18:44:36 -04:00
Keegan McAllister 5141cd7ab9 Make a setting for where we redirect home for not logged in users
(imported from commit 95bae4e52d8a8a34c001975e8d3547db5ba256a2)
2012-10-15 18:44:36 -04:00
Keegan McAllister db0cf88cc0 Log additionally to a file server.log
(imported from commit eabf9473ae04d4ff95652d4f8c8ab76f70157519)
2012-10-12 18:01:51 -04:00
Tim Abbott fc99d2983a Add an API call to subscribe to a list of streams.
(imported from commit 0a5d46d5f54fb4c8ebfad8c9adb777c0b4938dfa)
2012-10-11 16:20:45 -04:00
Tim Abbott 83f494b1a4 Add API queries to show public streams and the user's subscriptions.
(imported from commit 5f24e35a9bdd1e40406e2acb0c3713a6517d139b)
2012-10-11 14:43:23 -04:00
Keegan McAllister 5a7ff70c11 Remove obsolete views
This functionality is part of the home view now.

(imported from commit 5f0327eb62840bf98af49566e6f3c0b86ca43b8d)
2012-10-11 11:23:22 -04:00
Tim Abbott b5bb6b9921 Rename test-settings.py to test_settings.py
(imported from commit c9ad55821bc66a7c11668ac0b40ca13c2e05986e)
2012-10-10 18:13:45 -04:00
Tim Abbott 4006e4b1ea Rename class_exists to stream_exists.
(imported from commit 416bd1f4c513216d45913e306f6c8eaa542f3539)
2012-10-10 17:47:13 -04:00
Tim Abbott 8daff2e05e Rename ZephyrClass to Stream.
(imported from commit ae51b7a9e03f322dfe2dfccd250cbfc23adfe32e)
2012-10-10 17:47:12 -04:00
Keegan McAllister 1fc80f40ff Log to console even when DEBUG = False
(imported from commit e9812f295ad4e861901092ad1e9f3f14b22371fa)
2012-10-09 11:41:28 -04:00
Keegan McAllister 70482d032d Put the 'import *' back into test-settings.py
This broke the test suite, which expects all settings to exist in this file.  Whoops.

This reverts commit e4108333c53afb0caf55348837b739cb7e5510dd.

(imported from commit e6b58004059e834d4e30ea9c63463eb84179cc1e)
2012-10-04 16:49:26 -04:00
Keegan McAllister b9153b4f80 Remove an 'import *'
(imported from commit e4108333c53afb0caf55348837b739cb7e5510dd)
2012-10-04 15:43:41 -04:00
Tim Abbott e59d7cae48 Rename the Zephyr log to the Message log.
(imported from commit 7dedfb76b6b78ea90a2bfd20788e251c9c29ef47)
2012-10-03 18:14:15 -04:00
Tim Abbott 83ceba0a2d Remove old /api/get_updates view.
(imported from commit 5a33a61bfb4b3aa40e28c356f5b4048db775b901)
2012-10-03 16:58:31 -04:00
Tim Abbott 9223f7932c Convert zephyr_mirror humbug sending to use the API.
(imported from commit 948a12a1dca903c47b7427248688f2079c7eecdb)
2012-10-03 16:50:29 -04:00
Tim Abbott 7acfb5c71c Rename /zephyr/ to /send_message/.
(imported from commit 41c2ff67cfc514e53aff8648c36f545526e324ed)
2012-10-03 12:30:37 -04:00
Tim Abbott 828e0d4afb Rename forge_zephyr to forge_message.
(imported from commit aa2dc6e24a9c1bd6be09bfa26241663ae143cef9)
2012-10-03 12:27:34 -04:00
Tim Abbott 5a5b5de650 Rename /api/v1/get_updates to /api/v1/get_messages.
(imported from commit f856637158cf9fda64ba333b532a5941de8fcbab)
2012-10-02 16:29:34 -04:00
Tim Abbott 18a3888373 [schema] Add an API for sending/receiving messages.
(imported from commit 209d525dc5892fc4c392a8ced1588c838cbb17c4)
2012-10-02 15:49:25 -04:00
Tim Abbott 339489a81e Add missing test-settings.py.
(imported from commit 85aeb41471dfe63cd6d6093b3388f949e30d72a3)
2012-10-02 11:58:31 -04:00
Waseem Daher 2873e45b3f Tweak signup email text slightly.
(imported from commit 4f8427a731376d7e9d5eb387673324bb25141743)
2012-10-01 18:05:01 -04:00
Luke Faraone 036d25b6bd Configure email through Gmail
(imported from commit 45fdfa4310f94c9e04dc1710dcb291003c1cc0f5)
2012-10-01 15:03:59 -04:00
Luke Faraone aca5cef3eb Redirect to login when attempting to resignup with a used email address.
(imported from commit d58a5dda9a0af409a6ee57cfcd30be45020352d2)
2012-10-01 10:45:58 -04:00
Luke Faraone 50dfbf7a1b Implement confirmation for new user signups.
We add a few templates for django-confirmation. We define a
"PreregistrationForm" which is validated by accounts_home, which then
generates a confirmation object and emails the user. This required creating
a new table for a PreregistrationUser with an email and status (confirmed)
field.

The register function now no longer accepts a "email" field in the form
and deals only with confirmation IDs to determine the email used to sign
up a user.

(imported from commit 4fcde04530aa7ad4de84579668daee7290b424ac)
2012-10-01 10:45:58 -04:00