Граф коммитов

105 Коммитов

Автор SHA1 Сообщение Дата
Kuan-Hsuan (Kevin) Shen 5be47230db
Extract URLs from text fields before rendering (#1847)
* Extract URLs from text fields before rendering

* Exclude links with http/https from concatenation

* Check match_obj before processing the link
2022-04-22 09:13:20 -07:00
Jason Robbins d750a07f9f
Fix secure cookie header (#1818)
Co-authored-by: Jason Robbins <jrobbins@google.com>
2022-04-06 18:52:54 -07:00
Kyle Ju 6889efbb77
Tighten Flask session cookie headers (#1808) 2022-03-28 11:07:27 -07:00
Jason Robbins a9960a0de1
Refresh user session when refreshing XSRF token. (#1804)
* Refresh user session when refreshing XSRF token.

* Refresh the user session on each page navigation, and fix a bug in XSRF refresh.
2022-03-25 16:46:40 -07:00
Jason Robbins 1871cdee22
Use new session contents (#1773)
* Use new session contents

* Added unit tests
2022-03-10 12:22:19 -08:00
Jason Robbins cc182d544e Set session cookie expiration to 10 days. 2022-03-09 21:11:24 -05:00
Jason Robbins f29a2ff916
Avoid needing to run py2 on workstations. (#1734)
* Avoid needing to run py2 on workstations.

* Use gunicorn instead of dev_appserver

* Add comment to explain that dev-default.yaml is not currently used.

* Use venv pip to install py3 deps.

* Auto-activate and stop referencing lib/.

* Make gunicorn use libs in cs-env.
2022-02-15 13:31:27 -08:00
Jason Robbins 6aecdb1420
Resolve some more code scanning issues. (#1700)
* Resolve some more code scanning issues.

* Dont log secret prefix.

* Try to outsmart scanner
2022-01-25 16:40:00 -08:00
Jason Robbins fe3f910336
In py3 code, replace the separate mock lib with unittest.mock. (#1665) 2022-01-11 08:20:40 -08:00
Jason Robbins 2c4162f388
Update call to create_task() to match updated GCT. (#1654)
* Update call to create_task() to match updated GCT.

* Make fake create_task()s match the real one
2022-01-05 08:30:08 -08:00
Jason Robbins d224f557c7
Redirect from www.DOMAIN to bare domain. (#1635)
* Redirect from www.DOMAIN to bare domain.

* Test that query string is preserved
2021-12-07 14:03:25 -08:00
Jason Robbins eb9e688b5a
Allow required int parameters to have zero value. (#1592) 2021-11-01 13:26:00 -07:00
Jason Robbins a17119f915
Send smaller log lines (#1575)
* progress

* progress
2021-10-07 12:48:50 -07:00
Jason Robbins a62bf4618a
Make the myfeatures page be one big webcomponent. (#1564)
* Make the myfeatures page be one big webcomponent.

* Update static/elements/chromedash-feature-table.js

Co-authored-by: Kyle Ju <kyleju@google.com>

* Addressed review comment

Co-authored-by: Kyle Ju <kyleju@google.com>
2021-09-30 09:30:48 -07:00
Jason Robbins a450fd02a0
Get inbound email and route it to py3 code for processing (#1561)
* wrote code

* Simplify and add tests

* Revert unneeded file

* Revert unneeded file

* Addressed review comments

* Made code more robust during unit testing

* Mock the needed response code
2021-09-28 14:57:37 -07:00
Jason Robbins e77396a8cc
Make app deployable with py3. (#1559)
* Make app deployable with py3.

* Handle empty API posts
2021-09-24 15:19:17 -07:00
Jason Robbins 527c49abed
Move routing configuration to main.py. (#1552)
* Move routing configuration to main.py.

* inline_file works so we dont need this directive

* rebased

* Removed __future__s
2021-09-23 13:01:43 -07:00
Jason Robbins 84e42f798a
Fix nonce type to be a string. (#1556) 2021-09-23 12:29:52 -07:00
Jason Robbins 548828aaa0
Some easy pylint fixes. (#1557) 2021-09-23 12:04:33 -07:00
Kyle Ju b6bb10195a
Run 2to3 to detect py2 to py3 changes (#1551)
* Run 2to3 -w -n .

* Update internals/fetchmetrics.py

* Update internals/models.py

* Update internals/notifier.py

* Update pages/blink_handler.py

* Update internals/fetchmetrics.py
2021-09-22 18:23:14 -07:00
Jason Robbins a6373d2add Fix failing unit tests in internals/ and framework/. 2021-09-22 14:41:06 -04:00
Jason Robbins 940fa4440c
Fix tests in pages/ and internals/. (#1550) 2021-09-22 10:59:55 -07:00
Kyle Ju 06ce5bc8db
Run tests on py3 (#1534)
* 8 exceptions and 3 test failures
2021-09-21 15:49:40 -07:00
Jason Robbins 180b65d66f
Outline code for /myfeatures page. (#1481)
* Outline code for /myfeatures page.

* Update templates/myfeatures.html

Co-authored-by: Kyle Ju <kyleju@google.com>

Co-authored-by: Kyle Ju <kyleju@google.com>
2021-08-27 18:19:00 -07:00
Jason Robbins 8ecbe89ed6
Start strictly enforcing CSP (#1452)
* Start strictly enforcing CSP

* Remove unused actionPath and onsubmit
2021-08-09 11:36:13 -07:00
Jason Robbins 737cf34ddd
Fix another XML feed defect and add tests. (#1439) 2021-07-28 13:42:18 -07:00
Shivam Agarwal fd6018bd3d
20210618 gae ndb to cloud ndb (#1365)
* Added Cloud NDB to requirements

* google-cloud-core 1.7.0 requires google-auth<2.0dev,>=1.24.0, but you'll have google-auth 1.20.1 which is incompatible.

* Running DataStore Emulator on port 15606 and setting environment variable for the same

* Replaced GAE NDB imports with Cloud NDB imports

* Solved Error: No Context for Ramcache

* Solved No NDB Context Error for Cloud NDB

* Fixed Error No object QueryOptions

* Removed clear_datstore flag

* Fixed to_dict() method

* Added explicit call to method for stashing values while editing a feature

* Using Cloud NDB in testbed

* Updated README with JRE instructions and setting the DJANGO_SETTTINGS_MODULE environment variable for django.setup

* Added Env Variable for datastore emulator

* Migrated accounts_api_test.py

* Migrated approvals_api_test.py

* Migrated Comments.py and Cues_api_test.py

* Migrated Features.py

* Migrated metricsdata_test.py

* Migrated stars_api_test.py

* Fixed Deprecation warning for query options

* Migrated token_refresh_api_test.py

* Migrated basehandlers_test.py

* Migrated permissions_test.py

* Migrated ramcache_test.py

* Migrated secrets_test.py

* Migrated xsrf_test.py

* Migrated fetchmetrics_test.py

* Migrated models_test.py

* Migrated notifier_test.py

* Migrated processes_test.py

* Migrated featuredetail_test.py

* Migrated featurelist_test.py

* Migrated guide_test.py

* Migrated intentpreview_test.py

* Migrated samples_test.py

* Removed some unused stubs

* Set the consistency of datastore emulator to be 1

* Resetting the database emulator before running the tests

* Added npm targets for starting and stopping emulator

* Updated README and Developer Docs

* Removed unused imports

* Made NDB calls DRY
2021-06-28 19:05:04 -07:00
Jason Robbins 98a0d63084
Delete unused imports and commented-out code. (#1362) 2021-06-18 08:48:04 -07:00
Shivam Agarwal 299516574f
GAE DB Client to GAE NDB (#1352)
* Migrated models.py

* Migrated bulkloader_helpers.py

* Migrated accounts_api.py

* Migrated models.py

* Migrated ramcache.py

* Migrated secrets.py

* Migrated basehandlers.py

* Migrated metricsdata.py

* Migrated fetchmetrics.py

* Migrated notifiers

* blink_handler

* guide.py

* users.py

* fix_data.py

* appengine.py

* Migrated all order() function calls

* Fixed filterby[]

* Migrated all filter() queries

* Migrated some left out lines

* Fixed Bug: json_dump would result in TypeError

* Fixed bug - key() is not callable

* Bug Fix: Query Filters were not working

* Fixed Bug: JSON output of feature list would not contain feature id

* Removed unused ndb import

* Fixed Bug: old_val would have properties wrappped in _BaseValue

* Migrated Tests

* Fixed Test: capstone has no attribute delete()

* Fixed Bug: A filter won't work

* Fixed Bug: Index out of range if self.Blink_components length is 0

* Fixed Bug: Some order statements won't work

* Assigning default value to Feature_blink_components

* Fixed Bug: A filter won't work

* Fetching singleton using ancestor for strong consistency

* Moved the ancestor query for strong consistency to replace the correct original query

* Replaced _pre_put_hook with _from_pb

* Fix: NDB picked up old properties while looping over self.properties

* Fix: NDB would generate diffs if None is compared with empty strings
2021-06-17 13:47:02 -07:00
Jason Robbins eab3d1babd
Only debug BadRequest in DEV, not PROD. (#1353) 2021-06-09 13:56:55 -07:00
Jason Robbins 0c11c6ca80
Reduce usage of GAE users. (#1355) 2021-06-09 10:35:55 -07:00
Jason Robbins 503e5122b4
Use an ancestor query in ramcache for strong consistency. (#1356) 2021-06-09 10:35:20 -07:00
Jason Robbins 960befa078
Enforce xsrf protections (#1349)
* Enforce XSRF protections.

* Add XSRF headers to one page that was still missing them
2021-06-04 15:51:50 -07:00
Jason Robbins 60d30c4087
Refine our use of CSP. (#1347) 2021-06-02 15:08:20 -07:00
Jason Robbins f8548b0d2f
Implement Comment API and storage. (#1333) 2021-05-24 13:50:40 -07:00
Jason Robbins a79b26f595
Convert old UI-style user admin requests to JSON API. (#1326) 2021-05-19 15:21:18 -07:00
Jason Robbins 52a0fd1986
Add CSP headers, nonces, and report handler (#1323)
* Add CSP headers, nonces, and reporting handler.

* Add CSP headers, nonces, and report handler.
2021-05-19 15:20:08 -07:00
Jason Robbins 248c2c13fd
Fix tests as suggested by shivamag00. (#1309) 2021-05-06 17:29:03 -07:00
Shivam Agarwal 8fbebb7989
20210418 google sign in (#1275)
* Added Google Platform Library

* Added Meta Element for Client ID

* Added Google Sign-In Button

* Authenticating the id_token on our backend

* Saving id_token in flask session, using the id_token to fetch the current user and replaced the usages of AppEngine Users API (not from *_tests.py)

* Correct the flow on pressing SignIn and SignOut

* Code refactor

* Added Comment for is_current_user_admin

* Supporting GAE Users library for post request

* Made some fixes

* Changed Admin User condition

* Reloading only on 200 response code

* Do not require sign in and xsrf token while sending post request for login

* Sign Out using Google Sign In if cookie is not set after login

* Clearing the session if the id_token stored in the session variable becomes invalid or expires

* Replaced GAE Users from tests

* Replaced GAE users with framework users in tests.py
2021-05-06 16:37:30 -07:00
Jason Robbins ca1d31b0ea
Implement site banner. Set banner for Google Sign-In. (#1304)
* Implement site banner.  Set banner for Google Sign-In.

* Addressed review comments
2021-05-04 11:33:29 -07:00
Jason Robbins 1594fcd80c
Implement JS client class for our API. (#1289) 2021-04-28 11:18:26 -07:00
Jason Robbins f4726b7455
Allow site admins to be specified via AppUser entities. (#1288) 2021-04-27 18:56:37 -07:00
Jason Robbins 7d48a9015c
Implement XSRF token refresh handler. (#1287)
* Implement XSRF token refresh handler.

* Add unit test for new API handler
2021-04-26 12:48:53 -07:00
Jason Robbins 8a073c711e
Refactor Secrets and add session_secret. (#1285)
* Refactor Secrets and add session_secret.

* Addressed review comments
2021-04-23 14:23:11 -07:00
Jason Robbins dabcfb780f
Implement XSRF tokens for HTML forms (not enforced yet). (#1266)
* Implement XSRF tokens (but not enforced yet).

* Also add tokens to user list page.
2021-04-15 09:48:06 -07:00
Jason Robbins 3af60125fd
Give 404 or 400 instead of 500 for unexpected HTTP methods. (#1264)
* Give 404 or 400 instead of 500 for unexpected HTTP methods.

* GET should remain a 500 if subclasses dont override it.

* addressed review comments
2021-04-14 08:33:25 -07:00
Jason Robbins 9b18859808
Refactor code for accessing JSON parameters. (#1260) 2021-04-12 15:46:21 -07:00
Jason Robbins 8b7ab24536
Add entities, perms, and API handlers for approvals. (#1259)
* Add entities, perms, and API handlers for approvals.

* Add cacheing and more tests

* Addressed review comments
2021-04-09 15:43:11 -07:00
Jason Robbins b0d973301e
Check perms in code rather than app.yaml. (#1238) 2021-03-24 15:11:00 -07:00
Jason Robbins 55c9cd2925
Refactor models.py into internals/. (#1236)
* Refactor models.py into internals/.

* Trivial change to re-trigger travis.

* Updated an import
2021-03-24 13:13:02 -07:00
Jason Robbins 52e38880b3
Flesh out permissions.py and simplify page logic. (#1237)
* Flesh out permissions.py and simplify page logic.

* Addressed review comments
2021-03-24 10:11:13 -07:00
Jason Robbins 288467837d
Delete code for the legacy feature editing UI. (#1231) 2021-03-23 09:28:46 -07:00
Jason Robbins ba3a406394
Refactor server.py into more specific files under pages/. (#1227)
* progress

* Refactor server.py into more specific files under pages/.

* remove server_test.py since tests are in specific files.

* Fix flakey test (feature ID could match part of date)
2021-03-22 15:33:02 -07:00
Jason Robbins 62b755479d
Make test output quiet. (#1230) 2021-03-22 13:27:14 -07:00
Jason Robbins 3eb299e8dc
Reorganize framework-like code into a framework directory. (#1216)
* Reorganize framework-like code into a framework directory.

* Actually move API tests
2021-03-19 11:18:17 -07:00