Commit graph

2481 commits

Author SHA1 Message Date
Sachi King
bafa4c9a2b Prepare to vendor 2017-05-27 21:02:24 +10:00
Sachi King
c1abf4717d Vendor registration 2017-05-27 20:59:35 +10:00
Sachi King
ed6c666cba Prepare to Vendor 2017-05-27 20:56:21 +10:00
Sachi King
0c73ad13f0 Add our vendor path to our path
I guess this is as good a method as any to get or vendored packages in.
2017-05-27 20:48:24 +10:00
Sachi King
3d3e01138a Update Requirements to reflect vendoring appropriately 2017-05-27 20:22:59 +10:00
Sachi King
2ad28ebf71 Pull in the vendorized Symposion
We're lock step with this, we're installing with master.
Upstream is dead.

We can't roll back.
It doesn't make since to pin to every commit and revision our apps
version and push it.

We're just going to pull this in to gain full lockstep and call it good.
2017-05-27 20:12:48 +10:00
Sachi King
d95d66dac8 Taking one out of PyCon's (US) book
We're lock-step with symposion, and upstream is dead.
Vendor it.
2017-05-27 20:11:39 +10:00
Sachi King
c68476583e Add populate_inventory to sqlite deploy script 2017-05-07 20:05:03 +10:00
Sachi King
4a5e4dc6ea Use a standard login handler
Is there any reason to not use the standard login decorator?
2017-05-07 19:19:53 +10:00
Sachi King
5d29f6c475 Autodeploy the new sqlite database 2017-05-07 18:40:55 +10:00
Sachi King
8cb7bcc021 Link to GCP storage for files
WARNING: We need to reflect in the webpage that these won't be behind a
login.

GitLab Issue #2
2017-05-07 16:17:29 +10:00
Sachi King
e61d87d37c Py3 fixes for guest hash generation 2017-05-07 16:17:06 +10:00
Sachi King
8cf348acb5 Make proposal-detail more friendly to read 2017-05-07 16:15:41 +10:00
Sachi King
3c5a14c97b require django-bootstrap-forms
While pinax-theme-bootstrap pulls this in, we use this directly too, so
we need to put this into our top level reqs too.
2017-05-07 14:18:52 +10:00
Sachi King
469ba7ccb6 Add missing space to required * ::after 2017-05-07 13:40:36 +10:00
Sachi King
a36ff64a82 Support monospace TextFields instead of Markdown
Drop markdown for monospace

With markdown, we're only allowing about 1/10 of what is possible.
This creates a false reality and expectation.  Lets not suggest this.
Nor do we have in-editor preview.  So the user has to save, look at it,
then go back and edit.  And seeing a bunch of sanitized HTML or just
missing sections isn't firendly.

Monospace, what you type, is what you're going to get.  It gives the
presenter enough power to build a readable abstract, but not so much
that they can break the page and it's CSS, nor the ability to confuse
onselve through not getting what you expect.

We keep bleach sanitation and we should probably run linkify on this in
the long term.  (Turn links into clickable links)
2017-05-07 13:22:28 +10:00
Sachi King
c73a7e3ff9 Use monospace font, hack, and not markdown.
Font should be made local and not remote loaded.
2017-05-07 13:18:42 +10:00
Sachi King
781921e022 Use app.css not inlined css
Simpler for us.
2017-05-07 13:11:33 +10:00
Sachi King
f8a9416600 Remove unused "hooks"
This isn't used, drop it.
2017-05-07 13:08:52 +10:00
Sachi King
bb573ebee4 settings - DEBUG hardening
DEBUG is something that should never be turned in on prod.  As such,
lets be extremely specific on what we expect to process.

As we'll be taking this in from the environment, it's ensured we will
get a string.  So we'll always get and only handle this in string
form.  If it's anything else, it's an operational error and we bail.

(Note: bool('0') is truthy, so we make sure we leverge our string -> int
-> bool every time, so corectness can be noticed if it is not)
2017-04-30 12:10:56 +10:00
Sachi King
46b85fa778 settings saml2_contact type is wrong.
We had List[Dict[str, str]], but this was passed without question from
djangosaml2 to pysaml2 no questions asked, which expects Dict[str, str].
2017-04-30 11:38:26 +10:00
Sachi King
b3ca520a7a Lets try to automate this build a bit
This doesn't rebuild on subproject changes... this is something that
will need fixed.
2017-04-29 20:21:25 +10:00
Sachi King
e23ffc48ae Add initial Dockerfile
This builds a working docker image for the application.
This is only an initial revision.  It needs testing.  MySQL, PIL, etc.

Was going to use Alpine, however, python3.6 segfaulted on docker
starting up, and I couldn't find the core files...
2017-04-29 20:17:41 +10:00
Sachi King
55cc3e43a4 Exit with error if we don't have xmlsec1. This is a critical tool 2017-04-29 20:04:32 +10:00
Sachi King
e6f1b232b0 Update constrainted repos 2017-04-29 20:04:00 +10:00
Sachi King
fb5eaea880 Add a CSS class on required fields labels
This makes it possible to add a ' *' required notifier to labels without
needing a bunch of custom form code in templates.
2017-04-29 15:47:19 +10:00
Sachi King
997380152e Silence MARKDOWN debug 2017-04-29 15:47:19 +10:00
Sachi King
21b2a01a84 Py2 compatability has been broke elsewhere drop it
This is all noop in Py3, and Py2 is broke now in various places.
Dropping Py2 code as it will not be a thing going forward.

Django 2 is the next release, Py2 support will be dropped, as such,
dropping this is forward looking.
2017-04-29 15:47:19 +10:00
Sachi King
0652471164 Sanitize user input on markdown fields
This is an XSS vulnribilitiy.

This also blocks a number of MD attributes that a user might attempt to
use.

The following are the allowed attributes.

['a', 'abbr', 'acronym', 'b', 'blockquote', 'code', 'em', 'i', 'li',
'ol', 'p', 'pre', 'strong', 'ul']

I belive this to be acceptable, as honeslty, a speaker using H1 is going
to stomp all over the page and make it harder for the reviewer to parse.

UX wise, it's less than great.  A user can do # title and be left with
<h1> in the sanitized output.
2017-04-29 15:47:08 +10:00
Sachi King
85ee108a1f Use full imports not .
And tox to py3.6
2017-04-29 14:28:48 +10:00
Sachi King
c6c76e98d3 Remove excess CSS and fonts
print wont work for us now.  Will need to be recreated.

Fonts, I don't even know where they came from, so I can't keep them
2017-04-26 22:14:11 +10:00
Sachi King
e562b61521 Template cleanup of base dir templates 2017-04-25 15:59:35 +10:00
Sachi King
8e8f46276f _styles.html is not loaded anywhere
Not in use, remove it.

Hym, might be able to remove this CSS now too.
2017-04-25 15:39:10 +10:00
Sachi King
3ffbc9855f cleanup sym/sched/base.html 2017-04-25 15:38:24 +10:00
Sachi King
61d1416b06 Convert to bootstrap tab configuration
This was broken due to being something not bootstrap for tabs.

Convert to tab layout, just like reviewers page already is.
2017-04-25 15:32:02 +10:00
Sachi King
a0d0750b88 Reformat proposal_detail.html 2017-04-25 15:13:47 +10:00
Sachi King
4adbf0ee46 This script isn't loaded - remove it
This isn't loaded, doesn't seem to be for 2017 or PyCon, so I'll chuck
it.
2017-04-25 14:54:37 +10:00
Sachi King
9babbd0c43 We don't run modernizer.js
Remove the "no-js" class, that could be expected to change to "js" if
one doesn't know we don't have javascript that does that running.
2017-04-25 10:24:29 +10:00
Sachi King
8c60dd206d We don't maintain this manifest, drop it
We don't use this currently.  Removal.
2017-04-25 10:24:28 +10:00
Sachi King
1de0cab8b3 Those aren't ASCII 2017-04-25 10:24:22 +10:00
Sachi King
b18c102982 While we'll likely put gulp or like back in, drop it
This was put in place a long while ago and lacks the usage documentaiton
for use with this repo.  For now, I will remove it from the repo.

We obviously need to bring this or something similar back.  But there's
no reason to keep this when it is not being used.
2017-04-25 01:31:08 +10:00
Sachi King
10cc96b726 Remove metron
Not used - old/depricated name
2017-04-25 01:31:08 +10:00
Sachi King
db4a56f7b2 Removing stale package - Raven 2017-04-25 01:31:08 +10:00
Sachi King
f0e7a58226 Asset cleanup
Remove in-app stale resources and their branching of different cons.
Remove dist and move everyting into static/src.
Remove unused stale resouces such as less and hbs, etc.
2017-04-25 01:31:01 +10:00
Sachi King
f5d8900c90 This isn't and wasn't used. 2017-04-25 01:27:04 +10:00
Sachi King
8d77023aec Remove AceEditor
I cannot find the benifit to this over the base editor.

Tabs work, but that's pretty minimal.  And tabs don't work on GitLab or
GitHub, so I don't feel not having that is substantual to functionality.
2017-04-25 01:27:04 +10:00
Sachi King
8fa8fc4012 Add ' *' required markers back
The bootstrap renderer did not do anything to signify required rows.  We
can do this by adding a class for CSS to work on, and add this field in
a more simplified manner.

label-required == append ' *'
2017-04-25 01:27:04 +10:00
Sachi King
b3ac11a66b Simplify django form rendering
Remove my hack to get bootstrap forms.

Remove the insane render-row-at-a-time forms that then only render
default django forms.
2017-04-25 01:26:59 +10:00
Sachi King
7b74d3829f Disable SAML debug
We don't need this and it prints a lot of information.
2017-04-25 01:25:54 +10:00
Sachi King
b0b9ea89f7 Environtment the settings
And finally, dev settings converge with commited settings.
2017-04-25 01:25:54 +10:00