mirror of https://github.com/zulip/zulip.git
02ae71f27f
As part of our effort to change the data model away from each user having a single API key, we're eliminating the couple requests that were made from Django to Tornado (as part of a /register or home request) where we used the user's API key grabbed from the database for authentication. Instead, we use the (already existing) internal_notify_view authentication mechanism, which uses the SHARED_SECRET setting for security, for these requests, and just fetch the user object using get_user_profile_by_id directly. Tweaked by Yago to include the new /api/v1/events/internal endpoint in the exempt_patterns list in test_helpers, since it's an endpoint we call through Tornado. Also added a couple missing return type annotations. |
||
|---|---|---|
| .. | ||
| apache | ||
| apt/apt.conf.d | ||
| builder | ||
| certs | ||
| cron.d | ||
| munin | ||
| munin-plugins | ||
| nagios3 | ||
| nagios_plugins/zulip_zephyr_mirror | ||
| nginx/sites-available | ||
| postgresql | ||
| supervisor/conf.d | ||
| common-session | ||
| dot_emacs.el | ||
| log2zulip.conf | ||
| log2zulip.zuliprc | ||
| motd.lb0 | ||
| sshd_config | ||
| zephyr-clients.debathena | ||
| zulip-ec2-configure-interfaces | ||
| zulip-ec2-configure-interfaces_if-up.d.sh | ||