This makes it so that URLs for pages like the hello page and
API page can optionally end in a trailing slash (/hello/, /api/).
In places where we don't want to be pedantic, we should get
into the habit of ending Django URL regexes with /$.
(imported from commit 82757db684c8f1d8d2040af993ece49b20e036fb)
The only known outstanding bug with this is that it doesn't properly
handle the updating of a message's highlighting/presence in a narrowed
view (e.g. in theory, a message should disappear if it is edited such
that its subject doesn't match your narrow or it no longer matches
your search). I think I'll just open a trac ticket about that once
this is merged, since it's a little hairy to deal with and kinda a
marginal use case.
Also it's not pretty, but that should be easy to tweak once we get the
framework merged.
Conflicts:
tools/jslint/check-all.js
(imported from commit 2d0e3a440bcd885546bd8e28aff97bf379649950)
Currently the interface for editing messages is limited to a
command-line API tool; it's great for testing with e.g.:
./api/examples/edit-message --message=348135 --content="test $(date +%s)" --site=http://localhost:9991 --subject="test"
The next commit will add a user interface for actually doing the editing.
(imported from commit bdd408cec2946f31c2292e44f724f96ed5938791)
For beanstalk we need to provide a decorator that converts %40 to @ in the
http basic auth part of the URL. However, if we put our own wrapper around
rest_dispatch, the Django CSRF protection jumps in. This requires us to put
@csrf_exempt on our extra dispatch function, at which point we might as well
have avoided rest_dispatch in the first place and put a @csrf_exempt decorator
on our api_beanstalk_webhook.
(imported from commit b1f459aad26a5b80cce93f6c859240a53c11cc22)
Nicer URLs:
/login to login
/register to register
/signup to signup
(Step two is to remove, e.g. /accounts/home/)
Also make /login the default page when you're not logged in.
(Prior to this commit, it was annoyingly different on deployed
vs. not.)
(imported from commit 21adb7a94f03256098d15b2e608d793d3ddb5b23)
Windows, Mac, iPhone, Browser icons from http://www.endlessicons.com/ and modified
Macbook Air image from http://psdsonar.com/macbook-air-free-psd/ and modified
Linux icon from Wikimedia Commons and modified
Android icon from Wikimedia Commons and modified
(imported from commit 3cf8617cf49a833b706a2ff78b986e28c21e26cc)
This allows users on signup-eligible domains to sign up for Humbug using
Google Apps.
As part of this, we wrap the openid done view in our own code in order to
handle the "Unknown user" error. Therein, we create a PreregistrationUser
and then shunt the user through the rest of the confirmation process, pre-
filling in their name.
(imported from commit 066d9a1021384a6da2662352e62a701451bd6f44)
This allows users to drag and drop content onto the compose box, storing
their data in Amazon S3.
New dependencies:
- python-boto
(imported from commit 339874e483db5c36312c9ceae56db29da6ca0d99)
Beanstalk integration uses webhooks that use http basic auth to authenticate
the sending user.
(imported from commit bd65f5b2d052a3c1eb04da64d055a3640a384892)
The new nginx configuration file needs to be copied to
/etc/nginx/humbug-include and nginx needs to be restarted when this
commit is deployed.
(imported from commit 6c43f3c2c7a6acee6a852c672c96a38bda01dd0d)
These have been the recommended way to do generic views since Django
1.3, and the old-style views (previously deprecated) are gone in
Django 1.5.
(imported from commit 45938f452bd6aa363f7ccdbac9f2297d1b1b5e7b)
Require POST method for /accounts/logout. This has the side effect of
automatically enabling Django's CSRF protection.
(imported from commit 44b1b6ebaadc1c03006e21ae54ac768e31234801)
This code adds a dependency on python-django-auth-openid, installable as
django-openid-auth from PyPI.
On prod, one needs to run a syncdb in order to create the required
tables. A database *migration* is not required, as these are new tables
only.
(imported from commit c902a0df8d589d93743b27e480154a04402b2c41)
The idea here is: part of the onboarding tutorial is going to
be you talking to the tutorial bot and it talking to you, from
our Javascript.
The reason it's driven by Javascript is that then in principle we can
do nice stuff like making popovers appear in places to point things
out to you, whereas if we were to do it strictly server-side, doing so
would be a lot harder.
The downside to doing it in Javascript is that you don't get any of
the Markdown rendering, since that happens on the server. So instead
we add this call where you give it a message, and it responds by
having the tutorial bot send you that message.
I don't think there are any security concerns here because
(1) The bot only messages you -- so you can't use it to make someone
else think that the system is telling them to do something
(2) If there were an issue associated with having the server parse
arbitrary Markdown, you could just trigger the issue by sending
a message yourself.
(imported from commit b34f594dab6be6bcb81899278ae1cbe447404468)
This makes it possible to point users back at the instructions they
followed originally in the event that their Zephyr mirroring bot has
died.
(imported from commit 24ab2dc0df3dc88f8155d58761a89fe44c111fd9)
Adds a new db table for storing presences, and an API for setting
an individual user's idleness as well as fetching all idle status
for all users in a realm
(imported from commit 5aad3510d4c90c49470c130d6dfa80f0d36b0057)