mirror of https://github.com/zulip/zulip.git
02ae71f27f
As part of our effort to change the data model away from each user having a single API key, we're eliminating the couple requests that were made from Django to Tornado (as part of a /register or home request) where we used the user's API key grabbed from the database for authentication. Instead, we use the (already existing) internal_notify_view authentication mechanism, which uses the SHARED_SECRET setting for security, for these requests, and just fetch the user object using get_user_profile_by_id directly. Tweaked by Yago to include the new /api/v1/events/internal endpoint in the exempt_patterns list in test_helpers, since it's an endpoint we call through Tornado. Also added a couple missing return type annotations. |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| application.py | ||
| autoreload.py | ||
| descriptors.py | ||
| event_queue.py | ||
| exceptions.py | ||
| handlers.py | ||
| ioloop_logging.py | ||
| socket.py | ||
| views.py | ||
| websocket_client.py | ||