There were still some traces of beaker around:
- docs: replaced by reference to itsdangerous.
- paste configs: Wiped away.
- config_spec.ini: wiped.
- test_mgoblin_app.ini: also wiped.
* brett/itsdangerous:
Call is_updated instead of testing it boolean.
Harden It's Dangerous key management.
First tests for the Session class.
Set a starting value for session.send_new_cookie.
Remove beaker stuff from the code.
Delete the session cookie on an empty session.
Back sessions with It's Dangerous.
Improve fs security for itsdangerous secret.
Docs for get_timed_signer_url.
Basic itsdangerous infrastructure.
Conflicts:
mediagoblin/tests/test_cache.py
When using tempfile.* in testing, those files get created
in the system tempdir. The docs say, we should try to
remove them.
Yes, the next reboot will clean them up also.
And in the workbench case, check after each test, that the
global workbench dir is empty (so the sub-workbcnhes have
been destroyed).
* cwebber/254_delete_queue_directories:
Removing docstring bit about delete_file possibly deleting directories in the future
Convert media processing backends to delete the queue directory (#254)
Implement delete_dir in the FileStorage
Conflicts:
mediagoblin/media_types/image/processing.py
mediagoblin/media_types/video/processing.py
Conflicts, because those media_types already use the newer
proc_state.delete_queue_file() method (which needs
updating.
If you give "-n 8" to runtests, it thinks, it got
"-n" -- a nice option, ignored.
"8" -- Oh! a single test named "8" to run, so no need to
run all the GMG tests.
Well, that's not what we want. So runtests now knows about
-n taking an arg.
By doing this, we can take advantage of py.test's ability to create
temporary directories that are then cleaned up later during testing.
This helps for sandboxing things.
This also involves a ton of changes:
- Changing the get_app stuff appropriately, getting rid of the
setup_fresh_app decorator
- Making said fixture
- Switching over a billion tests to use it
* JDShu/649_use_form_data_field:
Use WTForms data field in user_pages/views.py
Use WTForms data field in auth/views.py
auth: whitespace cleanup in views.py
Use WTForms data field in plugins/oauth/views.py
Use WTForms data field in submit/views.py
Use WTForms data field in edit/views.py
The previous code was theoretically subject to timing attacks, where
an attacker could read the key in between the time it was saved to the
file and when the chmod happened. This version prevents that by using
umasks to ensure the files always have the right permissions.
This version also avoids using a key that cannot be saved due to some
system setup bug.
This makes session.__init__ slightly more complicated but probably
simplifies everything else, especially if we make the class smarter
later by having it track changes itself.
Removed the old VideoThumbnailer since it's not used anymore.
VideoThumbnailerMarkII:
Changed the state switching in on_thumbnail_message to only set the
state to "processing thumbnail" if the seek was succesful.
I'm not sure what I'm doing here, but I know at least some of it is
good, and as a whole, it seems to work, so far :)
