zulip/puppet
Tim Abbott 02ae71f27f api: Stop using API keys for Django->Tornado authentication.
As part of our effort to change the data model away from each user
having a single API key, we're eliminating the couple requests that
were made from Django to Tornado (as part of a /register or home
request) where we used the user's API key grabbed from the database
for authentication.

Instead, we use the (already existing) internal_notify_view
authentication mechanism, which uses the SHARED_SECRET setting for
security, for these requests, and just fetch the user object using
get_user_profile_by_id directly.

Tweaked by Yago to include the new /api/v1/events/internal endpoint in
the exempt_patterns list in test_helpers, since it's an endpoint we call
through Tornado. Also added a couple missing return type annotations.
2018-07-30 12:28:31 -07:00
..
apt puppet-apt: Fix buggy access to caller_module_name. 2018-05-24 09:52:16 -07:00
stdlib Remove some some duplicate words in copy. 2017-01-23 23:15:04 -08:00
zulip puppet/zulip/files/nagios_plugins/zulip_app_frontend/check_send_receive_time: Avoid shelling out for mv. 2018-07-19 10:43:37 -07:00
zulip_ops api: Stop using API keys for Django->Tornado authentication. 2018-07-30 12:28:31 -07:00