This provides a system for two-factor authentication, using a compliant
OTP-generator such as Google Authenticator. The framework includes a
validator for use on API calls needing authentication as well as a UI
for provisioning/resetting your secret key. A secure cookie may be
generated to effectively turn the user's browser into a temporary
authentication factor.
This feature is currently limited to admins only until full-site SSL is
available.
If the config variable profile_directory is set, ProfilingMiddleware
will be added to the WSGI stack. The middleware will generate a file in
the specified directory on each request containing the contents of that
request's profile.
Note: some CFs are explicitly marked for the "main" connection
pool and others are not. This is an artifact of the current
state of reddit.com's cassandra setup and is intentional. While
cassandra_default_pool remains "main", this will not cause an issue
for you.
It was used directly in two places in pages.py, I've
replaced those uses with safemarkdown calls. In the case
of the search fail page, I just removed the javascript
try-again link since it wouldn't be doable through safemarkdown
and that page isn't hit very frequently any more anyway.
Had to convert the three special thumbnail images
to 32-bit PNGs rather than PNG8 with indexed alpha
since PIL does not support the latter. ImageMagick was
awesome for this.
Login UI code has been simplified and moved into the client side. CORS
is used for the cross-domain POST if available, otherwise an iframe and
cookie polling technique is used. Start fleshing out the new JS tree. :)
We need onload to be able to get a client-IP based
tracking validation hash, but it doesn't actually need
to do any database work to make those hashes. It also
fails a huge number of times per day. This moves the hash
calculation out to an external app with no db dependencies.
Flair is a new relation between subreddits and accounts (stored in a manner
similar to but distinct from subreddit membership). This relation can have
a text field and a CSS class name associated with it (this data is actually
stored under the account). The flair data is then incorporated into any
mention of the account within the context of the subreddit (namely, on links
and comments submitted by the user).
