zulip/puppet/zulip_ops/files/nginx/sites-available
Tim Abbott 02ae71f27f api: Stop using API keys for Django->Tornado authentication.
As part of our effort to change the data model away from each user
having a single API key, we're eliminating the couple requests that
were made from Django to Tornado (as part of a /register or home
request) where we used the user's API key grabbed from the database
for authentication.

Instead, we use the (already existing) internal_notify_view
authentication mechanism, which uses the SHARED_SECRET setting for
security, for these requests, and just fetch the user object using
get_user_profile_by_id directly.

Tweaked by Yago to include the new /api/v1/events/internal endpoint in
the exempt_patterns list in test_helpers, since it's an endpoint we call
through Tornado. Also added a couple missing return type annotations.
2018-07-30 12:28:31 -07:00
..
loadbalancer api: Stop using API keys for Django->Tornado authentication. 2018-07-30 12:28:31 -07:00
zulip puppet: Simplify zulip_ops nginx configuration. 2017-10-05 21:17:57 -07:00
zulip-staging puppet: Rename zulip_internal to zulip_ops. 2016-10-16 19:23:27 -07:00