c13fca4f30
Use the same expire time in database and current_user dict
2016-03-31 11:17:21 +02:00
655a5b53d1
More debug logging of the auth flow.
2016-03-31 11:16:45 +02:00
91d6175472
When BlenderID is unreachable, log an error and handle as not logged in.
2016-03-31 11:16:27 +02:00
6e04fa072b
Always set g.current_user (to None when not logged in).
...
This allows us to use g.current_user, instead of
g.get('current_user', None), which in turn simply causes an AttributeError
exception when the token validation wasn't performed when it should have.
2016-03-31 11:15:55 +02:00
56bf30c722
Validate authentication token on every request.
2016-03-31 11:10:01 +02:00
9bdba2bc15
Fix for attachment processing
2016-03-25 21:05:33 +01:00
8b4e0c4578
Fixed imports for py.test
...
For some reason the 'from application import utils' worked fine when
running unittests from PyCharm, but breaks in py.test. Strange.
2016-03-25 18:27:27 +01:00
7c04e01cde
Some security fixes and other fixes for file storage.
...
Also added unittests for creating files.
2016-03-25 18:23:01 +01:00
fd5bcaec52
Some code simplifications & logging for Zencoder notifications.
2016-03-25 17:21:18 +01:00
d7ee2121d9
Renamed some test_xxx files to common_test_xxx.py
...
Those files contain stuff for tests, but don't contain tests themselves.
2016-03-25 16:05:36 +01:00
adb4f5b39e
Added unittests for caching of file links.
...
Also converted test_auth.py to use the new AbstractPillarTest class.
This class ensures that we test against the testing database, which
is dropped at every setUp()/tearDown().
2016-03-25 15:57:17 +01:00
cb4b0f1e4d
Check link expiry when GETting files.
...
Without this, the client would be allowed to keep using cached copies
when the Google Cloud Storage links were already expired.
2016-03-25 15:43:47 +01:00
26b081ccd8
Oops.
2016-03-25 12:40:51 +01:00
d4ed335273
Overriding app.config in unittest.
...
We may need something better structured in the future to handle
test configuration, but at least this gets the one test we have
running.
2016-03-25 12:22:31 +01:00
ebcb6bc5f8
Added setup.py to allow automated testing.
...
Also moved the tests directory to top-level, as they shouldn't be part
of the pillar directory.
2016-03-25 11:46:01 +01:00
1769f20620
Moved some file-specific code from app/__init__ to file_storage module.
2016-03-25 11:46:01 +01:00
84723eb8d3
Tweaks fo manage.py to allow default project creation
2016-03-24 16:05:39 +01:00
a33e4421a8
Introducing Project creation
...
Authorised users can now create projects. The before and after insert
projects hooks take care of stripping unwanted urls and attaching
default node_type and permissions, as well as initialising a storage
bucket per project. We are temporarily switching to the development
version of the gcloud library, since it allows the creation of EU-based
buckets.
2016-03-24 15:16:37 +01:00
90693595a6
Restored from modules.file_storage imports
...
A previous commit was causing functions not to be imported correctly
and would crash on runtime. For example file_storage.generate_link
would not be found.
2016-03-24 15:13:48 +01:00
caaa376a7d
PEP8 formatting
2016-03-24 15:12:06 +01:00
0e01c925bd
New node_type page
...
Mostly to be used to create static pages (about, ToS, etc).
2016-03-24 15:11:55 +01:00
79918c26b6
PEP8 formatting
2016-03-24 15:04:27 +01:00
618f02564f
Remove unused testing file
2016-03-24 15:03:43 +01:00
34202166e8
Added missing import
2016-03-22 18:00:10 +01:00
fc11502916
Sorted imports.
...
Personally I don't care much about this, but after certain refactor
operations PyCharm sorts the imports anyway, making the actual
refactoring harder to spot.
2016-03-21 15:18:41 +01:00
37037f3c2c
Store generated links in MongoDB, along with expiry datetime.
...
Links are only regenerated after they have expired. For backward
compatibility the links are also generated when there is no expiry
or link. Every file has only one expiry timestamp for all its links.
In the future we might want to inspect the used projection, to see
whether the client needs those links at all (prevents unnecessary
regeneration), and to force inclusion of the expiry timestamp when
links are requested.
2016-03-21 15:17:09 +01:00
8d9a23b7b9
PEP8 formatting for the entire project.
...
Conflicts:
pillar/application/modules/file_storage.py
2016-03-21 12:26:11 +01:00
9bb95ab054
Move actor_user parsing on the server side
...
This is done to prevent excessive load from clients requesting
additional info for the actor_user right after they query for a list of
notifications.
2016-03-18 18:48:14 +01:00
b495552ae4
PEP8 formatting
2016-03-18 18:48:14 +01:00
b8bcd0c5fe
made manage.py executable
2016-03-18 16:34:36 +01:00
3334761ea7
PEP8 formatting
2016-03-15 16:17:27 +01:00
e06a9fdf34
Strip trailing slash from BLENDER_ID_ENDPOINT and removed SystemUtility
...
The xxxUtility classes are silly, they should be removed or replaced
by Python modules.
2016-03-15 10:58:47 +01:00
8d15d0750c
Auto-detect Eve settings in manage.py
2016-03-15 10:52:46 +01:00
ab8b32af7f
Nicer logging configuration.
...
How the timestamp is logged, and the requests handled by werkzeug too.
2016-03-15 10:30:29 +01:00
43453ff666
Merge remote-tracking branch 'origin/master'
...
# Conflicts:
# pillar/config.py.example
2016-03-15 10:21:04 +01:00
1593e5c09d
Update to config.py.example
2016-03-15 10:20:28 +01:00
e73e8ccc31
Streamlined some GCloud credential configuration
2016-03-15 10:18:25 +01:00
5c6bda1ba3
Tweaks to init code
2016-03-14 17:02:12 +01:00
f90f25d373
Upgraded gcloud package to 0.11.0
2016-03-14 14:51:46 +01:00
086284b883
Code cleanup and improved formatting
2016-03-14 12:13:49 +01:00
ca52e432ff
Moved BLENDER_ID_ENDPOINT to config setting
2016-03-14 12:12:26 +01:00
ece5269558
Removing custom endpoint for file_storage.index
...
This was breaking links for storage backends different than gcs.
2016-03-10 11:51:25 +01:00
168eb848c3
Code cleanup for notifications
...
Also, moving most of the notification parsing on the pillar side, and
toggling it with the optional parse argument.
2016-03-09 16:55:59 +01:00
8cb3928531
Utility to subscribe node owners to notifications
2016-03-09 16:54:52 +01:00
1884f6148e
Removed debug print
2016-03-08 19:28:23 +01:00
4c4ec6c89b
Fixed authorization issue.
...
Authorization wasn't properly checked, allowing more than allowed.
2016-03-08 17:36:21 +01:00
d4ecf556ce
Reduced log level for non-Pillar modules
2016-03-08 15:27:12 +01:00
036116e2d3
Fixed security hole.
...
The file_storage.index() view function didn't sanitize its input. This made
is possible for an attacker to overwrite any file, including the files of
Pillar itself.
2016-03-08 09:29:32 +01:00
bf614e0d54
Configured logging module.
...
It's currently configured very simply, to log to stderr and at DEBUG level
when the app is in debug mode, and INFO otherwise.
2016-03-08 09:24:57 +01:00
65f8bdc6c0
Introducing notifications
2016-03-05 23:22:59 +01:00
