Some evil people are using the toolbar URLs to spam their links and then framebusting to ditch the toolbar. This patch makes it so that if the framed URL is on a shame-banned domain, the framing will abort and return a 404.
This will allow us to collect information about how users found subreddits that they subscribe to. We can use this information to test the effectiveness of new ways of discovering and subscribing to subreddits. Specifically, when the subscribe button is clicked, for the current page and previous page: the URL, referrer URL, and the type of UI element clicked are sent. We'll use this to answer questions like: * "did clicking on gizmo A lead to users subscribing to subreddit B?" * "why did we see a spike in subscriptions to subreddit X today?"
If the user doesn't have an OTP secret and an OTP isn't required for turning on admin mode, we'll just hide the prompt to avoid confusion.
Subreddit discovery links are basically sponsored links, so they shouldn't appear if gold users have sponsored links turned off
The "Read from PromoCampaign things" change broke the code that causes the traffic display to show the past month by default if a promoted link has no campaigns. This change fixes a bug where clicking on "traffic" on one of the subreddit discovery spotlight links caused a 500 error. See: 273c548
Aggressively catches and logs exceptions inside the campaign loop in get_scheduled. This change will allow make_daily_promotions to skip over campaigns with corrupt data and still launch the others. Note: We might want to consider passing the list of errored campaigns back up to the calling function so they can be handled more noisily there.
In memcached there is a chance of the keys being evicted before their time runs out. We can mitigate this by adding more memcaches, but that has other downsides (such as increased risk of failure).
The OAuth2 Cassandra models are a perfect fit for other places in the app that need randomly generated tokens.
Pycassa will do its own marshalling when columns have validators specified in the C* metadata. We need to disable our own marshalling when we know Pycassa will take care of it. This is already taken care of in the general case, but timestamps are handled somewhat uniquely.
This feature can be disabled with the new ini setting `disable_admin_otp`.
This provides a system for two-factor authentication, using a compliant OTP-generator such as Google Authenticator. The framework includes a validator for use on API calls needing authentication as well as a UI for provisioning/resetting your secret key. A secure cookie may be generated to effectively turn the user's browser into a temporary authentication factor. This feature is currently limited to admins only until full-site SSL is available.
If the config variable profile_directory is set, ProfilingMiddleware will be added to the WSGI stack. The middleware will generate a file in the specified directory on each request containing the contents of that request's profile.