mirror of https://github.com/zulip/zulip.git
02ae71f27f
As part of our effort to change the data model away from each user having a single API key, we're eliminating the couple requests that were made from Django to Tornado (as part of a /register or home request) where we used the user's API key grabbed from the database for authentication. Instead, we use the (already existing) internal_notify_view authentication mechanism, which uses the SHARED_SECRET setting for security, for these requests, and just fetch the user object using get_user_profile_by_id directly. Tweaked by Yago to include the new /api/v1/events/internal endpoint in the exempt_patterns list in test_helpers, since it's an endpoint we call through Tornado. Also added a couple missing return type annotations. |
||
|---|---|---|
| .. | ||
| jinja2 | ||
| __init__.py | ||
| backends.py | ||
| dev_settings.py | ||
| dev_urls.py | ||
| email_backends.py | ||
| legacy_urls.py | ||
| prod_settings_template.py | ||
| settings.py | ||
| slack_importer_test_settings.py | ||
| terms.md.template | ||
| test_settings.py | ||
| urls.py | ||
| wsgi.py | ||