1. 12 Aug, 2014 4 commits
  2. 11 Aug, 2014 1 commit
    • Randall Leeds's avatar
      Restore reloadOnSearch: false for viewer · cd65ac8c
      Randall Leeds authored
      There seems to be some combination of conditions which cause Firefox
      to infinite loop on the $location service's watchers. Bisecting pointed
      to the commit where I removed this. For now, let's slap this bandaid
      on. The proper fix probably has to do with making the parameters we
      pass to the iframe in its src actually do something (like validating
      the origin of frames that connect to the sidebar) and then clearing the
      parameters from the URL so they don't cause a reload after the initial
      redirection to /viewer.
      cd65ac8c
  3. 10 Aug, 2014 1 commit
  4. 09 Aug, 2014 10 commits
  5. 08 Aug, 2014 1 commit
  6. 06 Aug, 2014 4 commits
  7. 05 Aug, 2014 7 commits
  8. 04 Aug, 2014 4 commits
    • Randall Leeds's avatar
      Merge pull request #1357 from hypothesis/identity-refactor · 805e9dfa
      Randall Leeds authored
      Refactoring identity and auth
      805e9dfa
    • Randall Leeds's avatar
      Refactor and isolate identity, auth, and session · 4cf39590
      Randall Leeds authored
      Introduce a new module on the frontend called `h.identity` which
      abstracts the interaction between the main application and the
      authentication system using the `navigator.id` API introduced by
      Mozilla as part of Persona / BrowserID. In our case, the we submit
      the authentication assertion as a query parameter in our token
      URL. This is designed to flexibly accommodate different auth needs
      by intepreting the assertion differently and using a different
      identity module to return whatever type of grant is needed depending
      on the authentication mechanisms in place on the back end.
      
      On the back end:
      
      - Introduce a dependency on a brand new library, pyramid-oauthlib, to
        make this code cleaner and more modular.
      - Simplify our session by removing multiple signin code that was not
        ever fully realized; personas are no longer explicitly maintained in
        the session by application code.
      - The Pyramid SessionAuthenticationPolicy is put into place as part of
        h.auth.local. A SessionGrant is configured as the default grant type
        for integration via pyramid-oauthlib. This is what interprets the
        assertion sent in our token request. For other use cases, this might
        be a real BrowserID assertion or a session or refresh token of some
        other kind. This assertion is just the CSRF token our forms have been
        returning already.
      - `h#includeme` and `h#create_app` got some superficial simplification.
      - `h.api#authorize` handler for annotator-store authorizations now uses
        `request.effective_principals` instead of the session, so it doesn't
        care how the user is authenticated
        - Headers are now passed through on `Store` sub-requests so that both
        the annotator auth token and the session work for store authorizations
        which gets us close to cookie-less API auth!
        - `Consumer` class is moved into `h.auth.local`, removing the SQL
        requirement for core `h` and replacing it with just the requirement to
        register an `IConsumer` implementer.
      
      On the front end:
      
      - Break hypothesis.js into hypothesis.js and hypothesis-auth.js
      - Move session and auth modules into this auth package
      - Clean up the module dependency imports
      - Add an identity module to the auth package with `navigator.id` API
      - Significantly refactor `AppController`
        - Use the `identity.watch()` API to listen to login/logout from the
        active identity module
        - Clean up the login/logout state management a bit
          - Resolve a promise when the API service discovery happens
          - Stop using 'session', which becomes a detail of hypothesis-auth
        - Put much less on the scope from the controller
          - `scope.initUpdater` -> `initUpdater`
          - `scope.reloadAnnotations` -> `initStore`
          - `scope.session` -> replaced by `id`
          - Sorts and views are set in the markup
          - `AuthController` no longers needs to know about `model`, `sheet`,
          `sorts` or `views`
        - Isolate the form models
          - The auth directive now creates an isolate scope so that we're not
          leaking the form models all over the place
          - Stop using the inherited `$scope.model` means prevents submitting
          `persona` as a form parameter by accident
      - blocks.pt#auth-tabs becomes auth.html
        - Easy to override with `config.override_asset()` in Pyramid
        - Keeps the forms inside the isolate scope of the auth directive
      - The content of the sheet moves inside blocks.pt#auth
        - Nothing outside this knows or cares anymore that the sheet has tabs
        - Places where we want to request login use `identity.request()`
        rather than having to get at the root scope. The `authorize` event
        that this broadcasts is an internal detail of the auth pacakage.
      4cf39590
    • Randall Leeds's avatar
      Merge pull request #1372 from hypothesis/site-report-potpourri · 9f30f2e0
      Randall Leeds authored
      Site report potpourri
      9f30f2e0
    • Randall Leeds's avatar
      Improve guard in form validate · 37ff8175
      Randall Leeds authored
      I missed this in b67b2964b7a1fd1271be650ea02cf967fd0e17a3
      37ff8175
  9. 02 Aug, 2014 3 commits
    • Randall Leeds's avatar
      Merge pull request #1373 from hypothesis/1360-scrolling · d3dbfb25
      Randall Leeds authored
      Clean up scrolling and infinite stream
      d3dbfb25
    • gergely-ujvari's avatar
      b2bb7ca8
    • Randall Leeds's avatar
      Clean up scrolling and infinite stream · d2761210
      Randall Leeds authored
      Simplify our efforts around scrolling and fix the scrollbars on the
      stream.
      
      - Scrollbar had crept inside the content on a previous change such
        that scroll bars for the stream were not all the way to the edge
        of the screen. Refactoring the duties of #wrapper and .content.
      - Drop the mousewheel trapping. I tried and looked and researched
        and we can't do this reliably on touch or anything else. It didn't
        seem necessary or worth the dependency on jquery.mousewheel or
        even obviously a good experience. Not worth the code.
      - Fix infinite scroll to use its directive element rather than the
        $window, make its code less jquery, and give it a buffer to smooth
        the experience a bit more.
      
      Fix #1360
      d2761210
  10. 01 Aug, 2014 5 commits
    • Randall Leeds's avatar
      Better inject reset handling · b21c9df7
      Randall Leeds authored
      This change pulls the nested-reset mixin into the annotator-frame class
      and then increases the specificity of the rest of the styles underneath
      the frame by giving them descendent selectors of the annotator-frame.
      
      Additionally, to avoid interfering with site styles, our stylesheet of
      resets (reset.scss) is no longer included in common.scss, but imported
      directly under the annotator-frame class.
      
      Fix #1366
      b21c9df7
    • Randall Leeds's avatar
      Add some specificity on adder styles · bf9e3f88
      Randall Leeds authored
      Close #934
      Close #1031
      bf9e3f88
    • Randall Leeds's avatar
      Improve guard in form-validate error handler · d9e66201
      Randall Leeds authored
      Fix #1370
      d9e66201
    • Randall Leeds's avatar
      Merge pull request #1359 from hypothesis/button-indicator · 35c73197
      Randall Leeds authored
      Add directive for providing saving updates to buttons 
      35c73197
    • Randall Leeds's avatar
      Use transclusion for status-button directive · 755cdd3d
      Randall Leeds authored
      Using transclusion allows for the directive to be set on an element
      with non-trivial content and have that content nested inside the
      status-button wrapper spans, but pre-bound to its lexical markup
      scope.
      
      Not sure we'll need it here, but I also wanted to see how one might
      approximate 'replace' now that it's deprecated. The answer is by
      not replacing but just adding the template you want after the passed
      placeholder comment node.
      755cdd3d