38df6e873b
Extracted function to generate authentication tokens for service accounts.
2017-05-19 12:02:00 +02:00
ef2d8d14a0
Added PillarServer.validator_for_resource()
...
This makes it possible to perform Cerberus validation on documents.
2017-05-18 16:32:05 +02:00
1f0a855510
Added pillar.current_app local proxy
...
This proxy is annotated as PillarServer instance, so using it in an IDE
will give you much better autocompletion.
2017-05-18 16:31:43 +02:00
50d62f17b8
Allow specification of full name when creating service account
2017-05-18 15:46:02 +02:00
c12b646b09
More logging in PATCH handler
2017-05-18 15:46:02 +02:00
cbe182a298
Gravatar: support None email addresses
2017-05-18 15:46:02 +02:00
59a95450e5
Updated Eve, Flask, and Werkzeug. Adjusted code to make Pillar work again.
...
Eve : 0.6.3 → 0.7.3
Flask : 0.10.1 → 0.12.2
Werkzeug: 0.11.10 → 0.11.15
Also updated some secondary requirements.
2017-05-18 15:46:02 +02:00
e4f221ab13
Take default crappy secret key from config.py
...
This forces anyone installing Pillar to actually generate a proper secret.
2017-05-18 15:46:02 +02:00
4ad82a1eb3
Updated algoliasearch requirement in setup.py
2017-05-18 15:46:02 +02:00
47b81055fd
PEP8 formatting
2017-05-18 15:46:02 +02:00
19d9684a67
Raise ConfigurationMissingError instead of SystemExit
2017-05-18 15:46:02 +02:00
091c70e735
Project homepage responsive tweak
...
Full width for latest cards
2017-05-15 11:56:13 +02:00
abcb0c27a0
Remove Agent 327 special content lock
2017-05-15 11:55:43 +02:00
71403e6f28
Tests: Allow specification of user's email address
2017-05-12 14:48:36 +02:00
9a10c86329
Added pillar.auth.current_web_user to easily get the current UserClass.
2017-05-12 13:55:55 +02:00
fdb9154b85
Allow login_user() to load the user from the database
...
This makes it easier to properly log someone in from a unit test.
2017-05-12 13:55:55 +02:00
2703617179
Added 'groups' property to UserClass
...
This property was created by _load_user(), but never had a default
value set in UserClass.__init__().
2017-05-12 13:55:55 +02:00
9f752e2584
Made AnonymousUser a subclass of UserClass
2017-05-12 13:55:55 +02:00
82437724cc
Added some type annotation
...
The web layer uses string IDs, whereas the API layer uses ObjectIDs.
Those annotations make it a bit more explicit what is used where.
2017-05-12 13:55:55 +02:00
080d98f57c
Removed unused imports
2017-05-12 13:55:55 +02:00
ad9a981cda
Added p.a.users.add_user_to_group() function
2017-05-12 13:55:55 +02:00
7c5aef033d
Some more checks on p.a.project.utils.get_admin_group_id()
2017-05-12 13:55:55 +02:00
d2f548faf9
Proper type annotations for PillarServer.db()
2017-05-12 13:55:55 +02:00
203c6418fd
Added pillar.flask_extra.vary_xhr() decorator
...
This produces a 'Vary: X-Requested-With' header on the response of
decorated view functions, which indicates to the browser (or intermediate
proxy servers) that the response may/will will be different for XHR and
non-XHR requests.
2017-05-12 13:55:55 +02:00
736686390f
Move activities styling to Pillar
...
Since activities is a core part of Pillar
2017-05-10 15:58:56 +02:00
c66a6e67c8
Added p.a.project.utils.user_rights_in_project()
...
This returns the allowed HTTP method for the current user in the given
project. This is used for access control on Flamenco, for example.
2017-05-10 12:09:48 +02:00
a139e8c41a
Added p.a.projects.utils.get_admin_group_id()
2017-05-10 12:09:09 +02:00
ee7af393a0
Use annotations to declare types (instead of docstring)
2017-05-10 12:08:45 +02:00
a6617cae68
Allow current_app.db('collections-name')
...
This mimics the use in Flamenco (current_flamenco.db('collection_name')),
and makes calling code a bit nicer (db('coll') instead of db()['coll'])
2017-05-10 12:08:11 +02:00
319f815985
Some more logging in pillar.api.blender_cloud.subscription.update_subscription
2017-05-10 12:04:34 +02:00
c77a6b9d21
More logging in pillar.api.service.do_badger()
2017-05-10 11:15:29 +02:00
c854ccbb4b
Generic PATCH handler class.
...
A class-based approach is easier to extend than the function-based approach
used in the nodes. That one is still there, though -- might look at it
at a later time. This handler is primarily for Flamenco.
2017-05-09 14:08:35 +02:00
fdaf4af31a
Modernised some unit tests
2017-05-05 14:40:37 +02:00
69d7c5c5ce
Allow service accounts to be email-less
...
This removes the ability of updating service accounts through the CLI
(something we never used anyway), now that service accounts cannot be
uniquely identified by their email address.
2017-05-05 14:34:18 +02:00
095f1cda0c
Added "Switch user" functionality.
...
The user isn't logged out until the new user logs in. This allows you to
click on "Log in as different user", hit the back button, and still be
logged in.
2017-05-05 12:56:19 +02:00
c3eb97e24c
Log redirect URL for users after logging in with Blender ID.
2017-05-05 12:55:29 +02:00
b1b91a7b29
Timeout (10s) on store API calls + better exception handling
...
We now log connection errors, timeouts, and other Requests errors, and
return None so that the login flow of the user can continue.
2017-05-05 12:55:05 +02:00
870800e8d2
Stop flashing 'Please log in to access this page.'
...
This message was "flashed" (http://flask.pocoo.org/docs/0.12/patterns/flashing/ )
by Flask-Login. This happens on every unauthorised request, so also on
AJAX requests (like for the notifications). As a result, a user could be
spammed by a screen full of these messages if they left their window open
and their session timed out.
2017-05-05 10:40:08 +02:00
379d40837b
Fixed issues logging in.
...
The API call to /api/bcloud/update-subscription is now performed via the
SDK, to ensure proper authentication. Also streamlined some other code.
2017-05-05 10:29:16 +02:00
10a40ddabd
Make Blender ID URL work with live URL too
2017-05-04 18:29:11 +02:00
118de12712
Always return a HTTP response
2017-05-04 18:24:08 +02:00
cfa31ab542
JS mistake
2017-05-04 18:23:55 +02:00
47ba5e18a3
Give users a "Re-check my subscription" button.
2017-05-04 18:15:35 +02:00
1a54b723aa
Reworked subscription/demo role management from web to API level.
...
In the old situation, users had to be able to change their own roles. This
is inherently insecure.
2017-05-04 17:49:18 +02:00
d0557445cd
Fix privilege escalation leak
...
A PUT request on /api/user/{user-id} by the user themselves would allow
too much, and would allow self-granting of roles (including admin),
group membership (so join any arbitrary project) and pretend to be
service accounts.
2017-05-04 12:48:30 +02:00
1ad3e7910c
Upgrade algoliasearch
2017-04-11 12:08:57 +02:00
49895805e3
Display project description in instead of summary
2017-04-07 09:02:08 +02:00
bd3f8d597a
Allow upload of videos > 1080p
...
Videos that are larger than 1920x1080 pixels are scaled down so that they
fit that size. Care is taken to keep the width a multiple of 16 pixels and
the height a multiple of 8.
2017-03-31 14:52:58 +02:00
c711a04e6c
Added some type annotations (no functional differences)
2017-03-31 13:14:07 +02:00
1cb7a92e40
Removed old mock-EncoderJob and replaced it with a dict
...
The real value is a dict too, anyway.
2017-03-31 13:12:08 +02:00
