Commit Graph

37 Commits

Author SHA1 Message Date
Tim Abbott a3a0880266 middleware: Improve logging of users causing 40x errors.
Previously we only got the user ID for /json requests, not /api
requests, and also only got the user ID, not the email address.

(imported from commit c3625f9c1a48430e35183be6c90a7855f3714948)
2013-02-05 14:36:48 -05:00
Jessica McKellar 85080f7ca5 decorator: deduplicate json_to_* logic.
(imported from commit d2470ebe38c391a8bb2e389a508f8b50d2e11fec)
2013-02-05 10:01:45 -05:00
Tim Abbott e592e71515 [manual] Use rabbitmq queue to process UserActivity.
Before this is deployed, we need to install rabbitmq and pika on the
target server (see the puppet part of this commit for how).

When this is deployed, we need to start the new user activity bot:

./manage.py process_user_activity

in the screen session on the relevant server, or user_activity logs
won't be processed (which will eventually result in all users getting
notifications about how their mirrors are out of date).

(imported from commit 44d605aca0290bef2c94fb99267e15e26b21673b)
2013-01-14 13:28:23 -05:00
Tim Abbott 6a2bf7c4f3 Move update_user_activity to actions.py.
(imported from commit a81669d01e699fbf809a02f91e6007b7f61e5518)
2013-01-14 13:28:23 -05:00
Zev Benjamin 7e62ef5a03 Add a common base class for the RequestVariable*Error classes.
Tweaked by tabbott to make it easier to use for one-off applications.

(imported from commit 6c8e3e6da87c431d9a21e6186fa8952bbaa9e5f6)
2013-01-11 16:11:07 -05:00
Tim Abbott 3b7d61e45f tornado: Get User and UserProfile objects from a memcached.
This commit has the effect of eliminating all of the non-UserActivity
database queries from the Tornado process -- at least in the uncached
case.

This is safe to do, if a bit fragile, since our Tornado code only
accesses these objects (as opposed to their IDs) in a few places that
are all fine with old data, and I don't expect us to add any new ones
soon:

* UserActivity logging, which I plan to move out of Tornado entirely

* Checking whether we're authenticated in our decorators (which could
  be simplified -- the actual security check is just whether the
  Django session object has a particular field)

* Checking the user realm for whether we should sync to the client
  notices about their Zephyr mirror being up to date, which is quite
  static and I think we can move out of this code path.

But implementation constraints around mapping the user_ids to
user_profile_ids mean that it makes sense to get the actual objects
for now.

This code is not what I want to do long-term.  I expect we'll be able
to clean up the dual User/UserProfile nonsense once we integrate the
upcoming Django 1.5 release, with its support for pluggable User
models, and after that I change, I expect it'll be fairly easy to make
the Tornado code only work with the user ID, not the actual objects.

(imported from commit 82e25b62fd0e3af7c86040600c63a4deec7bec06)
2013-01-11 16:11:07 -05:00
Tim Abbott 536027aa66 decorators: Use select_related() when getting the UserProfile objects.
This should save a database query when we later need to access fields
such as the user's realm name in format_updates_response.

(imported from commit ceef726db9e917cfb0b47061130d7299ee64890d)
2013-01-10 16:59:36 -05:00
Tim Abbott 83abc08315 Move tornado views to their own file.
(imported from commit e0d9182cbc89a16eedd2846fa17cfba482510565)
2013-01-08 16:53:53 -05:00
Reid Barton c5d37572a7 Document ordering constraint on has_request_variables
(imported from commit efb42cc8478f968ac0dcd390d73bd3d161274fe1)
2013-01-07 16:09:23 -05:00
Zev Benjamin bf5ce4783d Move @has_request_variables error responses to middleware
This will now allow us to use @has_request_variables on helper
functions.

(imported from commit 799d71477654eac7fd8192cfc5bb88b78053532d)
2012-12-20 14:26:36 -05:00
Jessica McKellar 1dbb2c6ed5 decorators: split authenticated_json_view into POST and non-POST versions.
(imported from commit cdcfdb51c379c07e94ebc763cf925e6a73747fc0)
2012-12-03 12:46:27 -05:00
Tim Abbott 988b0ce7ba Fix missing transaction decorator in get_user_activity.
The transaction.commit() line inside the except IntegrityError clause
doesn't work unless we've entered transaction management.

(imported from commit 2ae520e05c9a19ec35af7c244631b01d4b9598d6)
2012-12-03 12:30:13 -05:00
Tim Abbott 16b1f63800 decorators: Use @has_request_variables to extract client.
(imported from commit 8407a556fcc1922d69e593edee3897957742f3fb)
2012-11-28 17:41:39 -05:00
Tim Abbott a6841c7f12 decorators: Pass the parsed client to view functions as request._client.
(imported from commit e297cfc9c2c1c4d07f083a28ab3d85d32a8bc85b)
2012-11-28 17:41:38 -05:00
Keegan McAllister b5dccbfa87 Return a special value to initiate longpolling
Fixes #261.

(imported from commit dd0312c3574c9ca924ab76edcb2fb6c03085be32)
2012-11-28 15:28:14 -05:00
Keegan McAllister ca1b1b2974 Remove some unused @asynchronous-related code
(imported from commit aa332263777f26a29539ba55bec8853df59bbc07)
2012-11-28 15:28:14 -05:00
Keegan McAllister 1081a96062 Assert that internal notify views are invoked via Tornado
An extra check against issue #239.

(imported from commit b6f19892e4d3b45df1c13352d6561fb9e30d86fd)
2012-11-28 15:28:14 -05:00
Keegan McAllister cb7e726d77 Create and use @internal_notify_view
Resolves #288.

(imported from commit 982bf5651a34fa66cd81c882ed0351829eaadf86)
2012-11-28 15:28:14 -05:00
Zev Benjamin 0a2b8c3f55 @has_request_variables: allow caller to override the POST variable with a kwarg
(imported from commit 643bce62712b144da369aeabe37c12584b1a5761)
2012-11-27 13:55:57 -05:00
Tim Abbott efc5530909 update_user_activity: Fix get_or_create race.
(imported from commit 38bf62a85154db5df18f1416fa3e29be868fc735)
2012-11-27 12:09:57 -05:00
Zev Benjamin da2c079503 Use Django's built-in @require_POST decorator
Theirs returns an actual 405

(imported from commit 31be790b0f53d7b63d7d3cd85972b16add3d8c74)
2012-11-26 11:52:50 -05:00
Keegan McAllister 33d1b77344 Return HTTP 401 Unauthorized from JSON views when not logged in
(imported from commit c1f4989c8d1132e10b2e61e9ef08000823994b35)
2012-11-20 21:49:10 -05:00
Zev Benjamin 3bc47bc44a Make @asynchronous's added 'handler' argument be keyword instead of positional
Adding a positional argument caused a problem when
@authenticated_api_view started using @has_request_variables
internally.  The 'handler' argument used to be passed through
positionally to the wrapped function, but when using
@has_request_variables, the wrapper inside @authenticated_api_view
had to take additional arguments.  The handler argument was then
assigned to one of those parameters instead of being passed through.

(imported from commit 66240bd465c803ddcbf4a603509051fca7381468)
2012-11-15 12:52:46 -05:00
Zev Benjamin 720d04a98b Use request variable decorator in @authenticated_api_view
(imported from commit ec46ec307cfb34275ebc33e429663172d3f2d169)
2012-11-14 17:35:38 -05:00
Zev Benjamin 012840108f Give more informative error messages for API authentication failures
(imported from commit e86495853c615915ca39be48128bd8f9bc312e5b)
2012-11-14 17:35:38 -05:00
Zev Benjamin 1e91310ee6 @has_request_variables: tell users what their bad value was in the error message
(imported from commit 0e5e576da74c6492c2f9189bcf725c336cd9b2d7)
2012-11-09 12:27:40 -05:00
Zev Benjamin 8a0bef6c42 @has_request_variables: don't apply the converter to default values
(imported from commit 44fecac26268c4c1b7f69b4d5013cfbff2010744)
2012-11-09 12:27:40 -05:00
Tim Abbott 9e9438153c [schema] Store analytics on usage of our product.
(imported from commit 4fbf8215225fc8f505b9c749ccf80c556af13e87)
2012-11-08 18:00:57 -05:00
Tim Abbott 5ab0cccf41 Pass the user's user_profile to authenticated view functions.
This change substantially increases the number of view functions where
the API and JSON versions are actually identical code.

(imported from commit 2eee55a8943cf9a684bec2ba1f6d7afcb2b91948)
2012-11-08 17:59:31 -05:00
Zev Benjamin 506a5b729b Add note to @has_request_variables about when it is inappropriate to use
(imported from commit 952341aad07e07d762ea3ec66a5b167bcb40ecea)
2012-11-08 16:40:07 -05:00
Zev Benjamin 27cf7e09d3 Add magic request variable extractor decorator
Functions with the @has_request_variables decorator can have some of
their arguments extracted from the HTTP request.  For each such
argument, its default value should be an instance of the POST class.
The arguments to the POST constructor control the request variable
name that the function parameter should be populated from (it
defaults to the same as the parameter name), whether the value should
be converted before being passed, and whether a default value should
be supplied if the parameter is missing from the request.

(imported from commit ba1c25d73ba3980e44abec1458e6496807fcdaa4)
2012-11-08 16:36:14 -05:00
Zev Benjamin dc8c54e6db Move view decorators into decorator.py
(imported from commit 737cff552b395493f44864ac06e901b0ba17fa29)
2012-11-08 16:35:31 -05:00
Zev Benjamin 7bbde14d78 Use functools.wraps on the functions returned by our decorators
This lets Django report the correct view name in errors

(imported from commit b21347e7af39cda439125355f99f4fc63fc3bd2f)
2012-11-08 16:30:57 -05:00
Keegan McAllister 9689887cbd Copy the csrf_exempt attribute in @asynchronous
Needed for @csrf_exempt to work.

(imported from commit 563ab11b0d26262511e9a6d9cc2735b0b835a391)
2012-10-27 17:56:18 -04:00
Keegan McAllister 80c6d09197 Remove unused imports
(imported from commit 9f5c226708e44935e8d32c18ea7dd1ad2615d8d5)
2012-09-07 13:57:32 -04:00
Tim Abbott 20215eef86 Remove a bunch more trailing whitespace.
(imported from commit 5d1cc8dcb0b26eaf95ddca26574b361b6948cdb8)
2012-09-05 11:23:58 -04:00
Tim Abbott 9afd63692f Implement long polling using Tornado.
(imported from commit 4385304b27d7fe55a57a23133cd214fe8fc33482)
2012-08-30 14:29:34 -04:00