Fix VCF download feature

[armish]

See #738 for more context.

When clicked on the download, we were getting this error logged:

----------------------------------------
Exception happened during processing of request from ('127.0.0.1', 59979)
Traceback (most recent call last):
  File "/usr/local/Cellar/python/2.7.10/Frameworks/Python.framework/Versions/2.7/lib/python2.7/SocketServer.py", line 295, in _handle_request_noblock
    self.process_request(request, client_address)
  File "/usr/local/Cellar/python/2.7.10/Frameworks/Python.framework/Versions/2.7/lib/python2.7/SocketServer.py", line 321, in process_request
    self.finish_request(request, client_address)
  File "/usr/local/Cellar/python/2.7.10/Frameworks/Python.framework/Versions/2.7/lib/python2.7/SocketServer.py", line 334, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/usr/local/Cellar/python/2.7.10/Frameworks/Python.framework/Versions/2.7/lib/python2.7/SocketServer.py", line 657, in __init__
    self.finish()
  File "/usr/local/Cellar/python/2.7.10/Frameworks/Python.framework/Versions/2.7/lib/python2.7/SocketServer.py", line 716, in finish
    self.wfile.close()
  File "/usr/local/Cellar/python/2.7.10/Frameworks/Python.framework/Versions/2.7/lib/python2.7/socket.py", line 283, in close
    self.flush()
  File "/usr/local/Cellar/python/2.7.10/Frameworks/Python.framework/Versions/2.7/lib/python2.7/socket.py", line 307, in flush
    self._sock.sendall(view[write_offset:write_offset+buffer_size])
error: [Errno 32] Broken pipe
----------------------------------------

which was stemming from a simple coding mistake.

[hammer]

is there a test you could add that would have caught this mistake?

[armish]

yeah, it should do be doable using one of the test files we have. Let me add that and update the PR.

[armish]

Adding a download test was much harder than I expected (due to some magic happening with authentication), but this is done now. On the bright side: we now have support for basic authentication for all pages within Cycledash.

[ihodes]

Mind dropping support for this? It's not the most secure (namely because URLs are stored in logs), and I'm not sure it buys us anything?

[ihodes]

Not a strong opinion, though, and if we need it in the future for some reason, then just go for it.

[armish]

@ihodes: without this one, my requests within helpers.ResourceTest were not being authorized and being forwarded to the login page automatically. I realized that all the api pages work fine with ResourceTest's get and post requests, but none of our pages with @login_required decorator.

I implemented this out of my ignorance about a better way; happy to hear your thoughts on this.

[ihodes]

Ah I just meant the url param version of this; keeping the BasicAuth version is 👍

Also, I'm confused a bit: I don't see an api_key urlparam in the download URL--how are you passing authorization though?

[ihodes]

Looks great! One minor comment.

[ihodes]

This might be clearer if you write the query-string as JSON and then URL encode it in code--must easier to edit that way, too.

[ihodes]

Looks good!

[armish]

Thanks!