We'll probably eventually get fancier with this, suggesting various
default sets depending on the company or making it easy for one person
to create default subs for several people at once.
Until we know what we want, keep it simple.
(imported from commit 14319dd50c67fe33ac6f15288dba4916ce0a89ac)
The main problem with this code is that the error message doesn't go
away until you reload. To fix this, we need to add a noblock option
on get_updates.
(imported from commit dc45af397bcf06a218bda5dd224ebd5fdf3462db)
In particular:
* Taking a list of streams as arguments.
* Using the _backend model so that we can have an API version.
* Considering "not subscribed" to be a non-fatal error.
And of course the corresponding changes to subs.js.
(imported from commit fdb300c6aa6921c2c6b09c22bd1e64405c368809)
This doesn't fully fix the problems related to not syncing
subscriptions to browser clients, but it does fix the instance that
everyone experiences.
(imported from commit be2bc31a7c4443c1678321f1a938496e2632c0d3)
This commit changes APIs and requires and update of all zephyr
mirroring bots to deploy properly.
(imported from commit 2672d2d07269379f7a865644aaeb6796d54183e1)
This should fix the problem where only one of pairs of identical
messages sent to two different zephyr classes by bots will make it
over.
(imported from commit 37005417e2e1f737501c9524b95b044eefbfe235)
These were lists of pairs because we were going to repeat keys, but that didn't
work anyway.
(imported from commit 687b3f7b8a2821d057719c725f1f39db3992ae5c)
This was causing Zephyr mirroring to break because
create_mirrored_message_users was returning False due to the
same_realm_email check failing.
(imported from commit e6a63160f34ec056461038650b5f8027718e6c63)
Personals are now just private messages between two people (which
sometimes manifests as a private message with one recipient). The
new message type on the send path is 'private'. Note that the receive
path still has 'personal' and 'huddle' message types.
(imported from commit 97a438ef5c0b3db4eb3e6db674ea38a081265dd3)
It now takes an anchor message id, a number of messages before, and a
number of messages after. The result always contains the anchor
message.
(imported from commit 84d070dc8091161c86d4bbeafbdc299493890a2a)
This was causing our tests to fail and would have also
affected API users not using our Python bindings
(imported from commit 2d81496892e9042e328279edea94be8ee4d21c1b)
return_messages_immediately's return value is not returned, so the
argument validation in @has_request_variables didn't work correctly.
@has_request_variables would return a json_error, but
send_with_safety_check expects a dict.
(imported from commit 86b6bccb7861dbf523c06b606b87374e339059a4)
This change substantially increases the number of view functions where
the API and JSON versions are actually identical code.
(imported from commit 2eee55a8943cf9a684bec2ba1f6d7afcb2b91948)
Functions with the @has_request_variables decorator can have some of
their arguments extracted from the HTTP request. For each such
argument, its default value should be an instance of the POST class.
The arguments to the POST constructor control the request variable
name that the function parameter should be populated from (it
defaults to the same as the parameter name), whether the value should
be converted before being passed, and whether a default value should
be supplied if the parameter is missing from the request.
(imported from commit ba1c25d73ba3980e44abec1458e6496807fcdaa4)
No need for an 'if' if we're just returning a boolean. And using
QuerySet.exists() should be a little more efficient.
(imported from commit 69ec3cc9f2fe904ec40ea3b8a8687a06cd03f3f3)
login_required_api_view is misleadingly named. It accepts neither a Django
login session nor login credentials (username / password). The intent here is
authentication, whether stateful (login) or stateless (API key).
(imported from commit 7e9be552168396b399116737655bd7267fd5c1a3)
We've had multiple requests from MIT zephyr users to allow
non-alphanumeric stream names, and we haven't decided what we want to
allow, so for now allow everything.
Note that the web client and mirror script limit stream names to 30
characters, which is our database limit.
(imported from commit 2acb5ee04e5ee7c40031ac831e12d09d04bbb2e6)
This is what caused our server to hang when receiving certain messages
over the last couple days. It was introduced by me making in the
assumption that doing the same thing we did after validate_notify
failed was a correct way to immediately return from
notify_new_message, which it was not. The code of validate_notify
actually finished the handler in the event that validation failed,
which isn't "correct", but did not manifest in a visible problem.
The correct way to trigger an immediate response from a tornado view
is to just return the value, not call handler.finish() and then return
None.
Similarly, the correct way to trigger longpolling from a tornado view
is to either return None (or equivalently, / drop off the end of the
function) or return a generator.
(imported from commit 5b931248b4650fc88d5d68f5936a95f19e097af9)
Here we introduce a new manage.py command, activate_mit, which takes a
number of usernames and sends out emails to the users with instructions on
how to activate their accounts.
(imported from commit f14401b55f915698e83ff27b86434f53e64685f3)
If we have other pages that require login, we might want them to redirect to
the login form. But the root of the site should take you to /accounts/home --
but only after we launch the product.
(imported from commit b5d10e1c908f1ffe1ee68c2689691ca66c896786)
The get_profile API call now returns a client_id, which an API user
can pass to update_pointer and get_messages (note that clients still
need to pass a pointer argument to get pointer updates). This
client_id is currently the equivalent of the website's session key,
but the website might get client_ids in the future to distinguish
browser windows.
This commit differs from 88f6cf0033c849af88d1b99da3bdc2148dfbb6fe in
that it uses request.POST.get("foo") instead of request.POST["foo"].
For some reason the latter triggers CSRF errors.
(imported from commit b2a4a7322d16dbf241cd6eef146621c79d84cafc)
This reverts commit 88f6cf0033c849af88d1b99da3bdc2148dfbb6fe.
It seems to have broken API users.
(imported from commit 2f861ebc016076547092421f87dbcac00a65e2f6)
The get_profile API call now returns a client_id, which an API user
can pass to update_pointer and get_messages (note that clients still
need to pass a pointer argument to get pointer updates). This
client_id is currently the equivalent of the website's session key,
but the website might get client_ids in the future to distinguish
browser windows.
(imported from commit 88f6cf0033c849af88d1b99da3bdc2148dfbb6fe)
This is similar to the previous "reason_empty" variable, but captures
why we've returned from the call even when there are updates and all
the reasons if there are multiple. For now, it's useful for debugging.
(imported from commit fd8d9e859660e51b57178d066b184f831b71a0b6)
This new call only allows fetching of existing messages. The idea is
to remove this functionality from get_updates to simplify the backend
code.
(imported from commit 1345db2f1707e208e7c0bd08b7d444932c68b6a2)
It's the safer default to prevent introducing XSS holes. And in our current
code, we always provide this parameter.
(imported from commit 73897f5315ba54a5d3fa95dd19efb9d20c081a8a)
The previous code path was buggy. We now do separate pointer update
checking for the cases where get_updates returns immediately vs. when
it returns from a callback.
(imported from commit f236a80cd0b94bc097dbd17f113d7a9d27368025)
For now, the new function, format_delayed_updates_response, just
calls format_updates_response.
(imported from commit dd332125fe0d47cb3990373f74e85e64604f58a3)
This allows us to check whether the session that updated the pointer
is the same as a session that is doing a long poll to avoid sending
new pointer information when that information is coming from the same
session.
We still return from the long poll early, though, which is sub-optimal.
(imported from commit 7d4be0956f112eacefb7d198ea929957cd2b05e3)
The client may now optionally send its current pointer during
get_updates and the server will return the latest pointer if it
differs and was updated more recently by a different session.
(imported from commit e43b377d7dfb52f83cefb0b1003863d5407caf80)
Mobile clients need it.
We are going to need to sit down and think about how much power we
want to give our API users, though. For example, should they even get
to know about your absolute pointer value (maybe they should only be
able to make requests relative to your pointer), or be able to request
very old ranges of messages?
(imported from commit 1680655f0d9a670bc0da0ddb92fbbd5cf851d3dd)