Kuan-Hsuan (Kevin) Shen
5be47230db
Extract URLs from text fields before rendering ( #1847 )
...
* Extract URLs from text fields before rendering
* Exclude links with http/https from concatenation
* Check match_obj before processing the link
2022-04-22 09:13:20 -07:00
Jason Robbins
d750a07f9f
Fix secure cookie header ( #1818 )
...
Co-authored-by: Jason Robbins <jrobbins@google.com>
2022-04-06 18:52:54 -07:00
Kyle Ju
6889efbb77
Tighten Flask session cookie headers ( #1808 )
2022-03-28 11:07:27 -07:00
Jason Robbins
a9960a0de1
Refresh user session when refreshing XSRF token. ( #1804 )
...
* Refresh user session when refreshing XSRF token.
* Refresh the user session on each page navigation, and fix a bug in XSRF refresh.
2022-03-25 16:46:40 -07:00
Jason Robbins
1871cdee22
Use new session contents ( #1773 )
...
* Use new session contents
* Added unit tests
2022-03-10 12:22:19 -08:00
Jason Robbins
cc182d544e
Set session cookie expiration to 10 days.
2022-03-09 21:11:24 -05:00
Jason Robbins
f29a2ff916
Avoid needing to run py2 on workstations. ( #1734 )
...
* Avoid needing to run py2 on workstations.
* Use gunicorn instead of dev_appserver
* Add comment to explain that dev-default.yaml is not currently used.
* Use venv pip to install py3 deps.
* Auto-activate and stop referencing lib/.
* Make gunicorn use libs in cs-env.
2022-02-15 13:31:27 -08:00
Jason Robbins
6aecdb1420
Resolve some more code scanning issues. ( #1700 )
...
* Resolve some more code scanning issues.
* Dont log secret prefix.
* Try to outsmart scanner
2022-01-25 16:40:00 -08:00
Jason Robbins
fe3f910336
In py3 code, replace the separate mock lib with unittest.mock. ( #1665 )
2022-01-11 08:20:40 -08:00
Jason Robbins
2c4162f388
Update call to create_task() to match updated GCT. ( #1654 )
...
* Update call to create_task() to match updated GCT.
* Make fake create_task()s match the real one
2022-01-05 08:30:08 -08:00
Jason Robbins
d224f557c7
Redirect from www.DOMAIN to bare domain. ( #1635 )
...
* Redirect from www.DOMAIN to bare domain.
* Test that query string is preserved
2021-12-07 14:03:25 -08:00
Jason Robbins
eb9e688b5a
Allow required int parameters to have zero value. ( #1592 )
2021-11-01 13:26:00 -07:00
Jason Robbins
a17119f915
Send smaller log lines ( #1575 )
...
* progress
* progress
2021-10-07 12:48:50 -07:00
Jason Robbins
a62bf4618a
Make the myfeatures page be one big webcomponent. ( #1564 )
...
* Make the myfeatures page be one big webcomponent.
* Update static/elements/chromedash-feature-table.js
Co-authored-by: Kyle Ju <kyleju@google.com>
* Addressed review comment
Co-authored-by: Kyle Ju <kyleju@google.com>
2021-09-30 09:30:48 -07:00
Jason Robbins
a450fd02a0
Get inbound email and route it to py3 code for processing ( #1561 )
...
* wrote code
* Simplify and add tests
* Revert unneeded file
* Revert unneeded file
* Addressed review comments
* Made code more robust during unit testing
* Mock the needed response code
2021-09-28 14:57:37 -07:00
Jason Robbins
e77396a8cc
Make app deployable with py3. ( #1559 )
...
* Make app deployable with py3.
* Handle empty API posts
2021-09-24 15:19:17 -07:00
Jason Robbins
527c49abed
Move routing configuration to main.py. ( #1552 )
...
* Move routing configuration to main.py.
* inline_file works so we dont need this directive
* rebased
* Removed __future__s
2021-09-23 13:01:43 -07:00
Jason Robbins
84e42f798a
Fix nonce type to be a string. ( #1556 )
2021-09-23 12:29:52 -07:00
Jason Robbins
548828aaa0
Some easy pylint fixes. ( #1557 )
2021-09-23 12:04:33 -07:00
Kyle Ju
b6bb10195a
Run 2to3 to detect py2 to py3 changes ( #1551 )
...
* Run 2to3 -w -n .
* Update internals/fetchmetrics.py
* Update internals/models.py
* Update internals/notifier.py
* Update pages/blink_handler.py
* Update internals/fetchmetrics.py
2021-09-22 18:23:14 -07:00
Jason Robbins
a6373d2add
Fix failing unit tests in internals/ and framework/.
2021-09-22 14:41:06 -04:00
Jason Robbins
940fa4440c
Fix tests in pages/ and internals/. ( #1550 )
2021-09-22 10:59:55 -07:00
Kyle Ju
06ce5bc8db
Run tests on py3 ( #1534 )
...
* 8 exceptions and 3 test failures
2021-09-21 15:49:40 -07:00
Jason Robbins
180b65d66f
Outline code for /myfeatures page. ( #1481 )
...
* Outline code for /myfeatures page.
* Update templates/myfeatures.html
Co-authored-by: Kyle Ju <kyleju@google.com>
Co-authored-by: Kyle Ju <kyleju@google.com>
2021-08-27 18:19:00 -07:00
Jason Robbins
8ecbe89ed6
Start strictly enforcing CSP ( #1452 )
...
* Start strictly enforcing CSP
* Remove unused actionPath and onsubmit
2021-08-09 11:36:13 -07:00
Jason Robbins
737cf34ddd
Fix another XML feed defect and add tests. ( #1439 )
2021-07-28 13:42:18 -07:00
Shivam Agarwal
fd6018bd3d
20210618 gae ndb to cloud ndb ( #1365 )
...
* Added Cloud NDB to requirements
* google-cloud-core 1.7.0 requires google-auth<2.0dev,>=1.24.0, but you'll have google-auth 1.20.1 which is incompatible.
* Running DataStore Emulator on port 15606 and setting environment variable for the same
* Replaced GAE NDB imports with Cloud NDB imports
* Solved Error: No Context for Ramcache
* Solved No NDB Context Error for Cloud NDB
* Fixed Error No object QueryOptions
* Removed clear_datstore flag
* Fixed to_dict() method
* Added explicit call to method for stashing values while editing a feature
* Using Cloud NDB in testbed
* Updated README with JRE instructions and setting the DJANGO_SETTTINGS_MODULE environment variable for django.setup
* Added Env Variable for datastore emulator
* Migrated accounts_api_test.py
* Migrated approvals_api_test.py
* Migrated Comments.py and Cues_api_test.py
* Migrated Features.py
* Migrated metricsdata_test.py
* Migrated stars_api_test.py
* Fixed Deprecation warning for query options
* Migrated token_refresh_api_test.py
* Migrated basehandlers_test.py
* Migrated permissions_test.py
* Migrated ramcache_test.py
* Migrated secrets_test.py
* Migrated xsrf_test.py
* Migrated fetchmetrics_test.py
* Migrated models_test.py
* Migrated notifier_test.py
* Migrated processes_test.py
* Migrated featuredetail_test.py
* Migrated featurelist_test.py
* Migrated guide_test.py
* Migrated intentpreview_test.py
* Migrated samples_test.py
* Removed some unused stubs
* Set the consistency of datastore emulator to be 1
* Resetting the database emulator before running the tests
* Added npm targets for starting and stopping emulator
* Updated README and Developer Docs
* Removed unused imports
* Made NDB calls DRY
2021-06-28 19:05:04 -07:00
Jason Robbins
98a0d63084
Delete unused imports and commented-out code. ( #1362 )
2021-06-18 08:48:04 -07:00
Shivam Agarwal
299516574f
GAE DB Client to GAE NDB ( #1352 )
...
* Migrated models.py
* Migrated bulkloader_helpers.py
* Migrated accounts_api.py
* Migrated models.py
* Migrated ramcache.py
* Migrated secrets.py
* Migrated basehandlers.py
* Migrated metricsdata.py
* Migrated fetchmetrics.py
* Migrated notifiers
* blink_handler
* guide.py
* users.py
* fix_data.py
* appengine.py
* Migrated all order() function calls
* Fixed filterby[]
* Migrated all filter() queries
* Migrated some left out lines
* Fixed Bug: json_dump would result in TypeError
* Fixed bug - key() is not callable
* Bug Fix: Query Filters were not working
* Fixed Bug: JSON output of feature list would not contain feature id
* Removed unused ndb import
* Fixed Bug: old_val would have properties wrappped in _BaseValue
* Migrated Tests
* Fixed Test: capstone has no attribute delete()
* Fixed Bug: A filter won't work
* Fixed Bug: Index out of range if self.Blink_components length is 0
* Fixed Bug: Some order statements won't work
* Assigning default value to Feature_blink_components
* Fixed Bug: A filter won't work
* Fetching singleton using ancestor for strong consistency
* Moved the ancestor query for strong consistency to replace the correct original query
* Replaced _pre_put_hook with _from_pb
* Fix: NDB picked up old properties while looping over self.properties
* Fix: NDB would generate diffs if None is compared with empty strings
2021-06-17 13:47:02 -07:00
Jason Robbins
eab3d1babd
Only debug BadRequest in DEV, not PROD. ( #1353 )
2021-06-09 13:56:55 -07:00
Jason Robbins
0c11c6ca80
Reduce usage of GAE users. ( #1355 )
2021-06-09 10:35:55 -07:00
Jason Robbins
503e5122b4
Use an ancestor query in ramcache for strong consistency. ( #1356 )
2021-06-09 10:35:20 -07:00
Jason Robbins
960befa078
Enforce xsrf protections ( #1349 )
...
* Enforce XSRF protections.
* Add XSRF headers to one page that was still missing them
2021-06-04 15:51:50 -07:00
Jason Robbins
60d30c4087
Refine our use of CSP. ( #1347 )
2021-06-02 15:08:20 -07:00
Jason Robbins
f8548b0d2f
Implement Comment API and storage. ( #1333 )
2021-05-24 13:50:40 -07:00
Jason Robbins
a79b26f595
Convert old UI-style user admin requests to JSON API. ( #1326 )
2021-05-19 15:21:18 -07:00
Jason Robbins
52a0fd1986
Add CSP headers, nonces, and report handler ( #1323 )
...
* Add CSP headers, nonces, and reporting handler.
* Add CSP headers, nonces, and report handler.
2021-05-19 15:20:08 -07:00
Jason Robbins
248c2c13fd
Fix tests as suggested by shivamag00. ( #1309 )
2021-05-06 17:29:03 -07:00
Shivam Agarwal
8fbebb7989
20210418 google sign in ( #1275 )
...
* Added Google Platform Library
* Added Meta Element for Client ID
* Added Google Sign-In Button
* Authenticating the id_token on our backend
* Saving id_token in flask session, using the id_token to fetch the current user and replaced the usages of AppEngine Users API (not from *_tests.py)
* Correct the flow on pressing SignIn and SignOut
* Code refactor
* Added Comment for is_current_user_admin
* Supporting GAE Users library for post request
* Made some fixes
* Changed Admin User condition
* Reloading only on 200 response code
* Do not require sign in and xsrf token while sending post request for login
* Sign Out using Google Sign In if cookie is not set after login
* Clearing the session if the id_token stored in the session variable becomes invalid or expires
* Replaced GAE Users from tests
* Replaced GAE users with framework users in tests.py
2021-05-06 16:37:30 -07:00
Jason Robbins
ca1d31b0ea
Implement site banner. Set banner for Google Sign-In. ( #1304 )
...
* Implement site banner. Set banner for Google Sign-In.
* Addressed review comments
2021-05-04 11:33:29 -07:00
Jason Robbins
1594fcd80c
Implement JS client class for our API. ( #1289 )
2021-04-28 11:18:26 -07:00
Jason Robbins
f4726b7455
Allow site admins to be specified via AppUser entities. ( #1288 )
2021-04-27 18:56:37 -07:00
Jason Robbins
7d48a9015c
Implement XSRF token refresh handler. ( #1287 )
...
* Implement XSRF token refresh handler.
* Add unit test for new API handler
2021-04-26 12:48:53 -07:00
Jason Robbins
8a073c711e
Refactor Secrets and add session_secret. ( #1285 )
...
* Refactor Secrets and add session_secret.
* Addressed review comments
2021-04-23 14:23:11 -07:00
Jason Robbins
dabcfb780f
Implement XSRF tokens for HTML forms (not enforced yet). ( #1266 )
...
* Implement XSRF tokens (but not enforced yet).
* Also add tokens to user list page.
2021-04-15 09:48:06 -07:00
Jason Robbins
3af60125fd
Give 404 or 400 instead of 500 for unexpected HTTP methods. ( #1264 )
...
* Give 404 or 400 instead of 500 for unexpected HTTP methods.
* GET should remain a 500 if subclasses dont override it.
* addressed review comments
2021-04-14 08:33:25 -07:00
Jason Robbins
9b18859808
Refactor code for accessing JSON parameters. ( #1260 )
2021-04-12 15:46:21 -07:00
Jason Robbins
8b7ab24536
Add entities, perms, and API handlers for approvals. ( #1259 )
...
* Add entities, perms, and API handlers for approvals.
* Add cacheing and more tests
* Addressed review comments
2021-04-09 15:43:11 -07:00
Jason Robbins
b0d973301e
Check perms in code rather than app.yaml. ( #1238 )
2021-03-24 15:11:00 -07:00
Jason Robbins
55c9cd2925
Refactor models.py into internals/. ( #1236 )
...
* Refactor models.py into internals/.
* Trivial change to re-trigger travis.
* Updated an import
2021-03-24 13:13:02 -07:00
Jason Robbins
52e38880b3
Flesh out permissions.py and simplify page logic. ( #1237 )
...
* Flesh out permissions.py and simplify page logic.
* Addressed review comments
2021-03-24 10:11:13 -07:00
Jason Robbins
288467837d
Delete code for the legacy feature editing UI. ( #1231 )
2021-03-23 09:28:46 -07:00
Jason Robbins
ba3a406394
Refactor server.py into more specific files under pages/. ( #1227 )
...
* progress
* Refactor server.py into more specific files under pages/.
* remove server_test.py since tests are in specific files.
* Fix flakey test (feature ID could match part of date)
2021-03-22 15:33:02 -07:00
Jason Robbins
62b755479d
Make test output quiet. ( #1230 )
2021-03-22 13:27:14 -07:00
Jason Robbins
3eb299e8dc
Reorganize framework-like code into a framework directory. ( #1216 )
...
* Reorganize framework-like code into a framework directory.
* Actually move API tests
2021-03-19 11:18:17 -07:00