GitLab

The original fix to the PostgreSQL issue with south migration 0022 did correctly change the field type, but did not add the Foreign Key constraint.

Improve the workaround 9a2924d5 by also adding the foreign key constraint.

For databases created with the original workaround, the foreign key constraint can be added manually with:

    ALTER TABLE edumanage_instrealmmon ADD CONSTRAINT "edumanage_i_realm_id_24cc89d4be4145e5_fk_edumanage_instrealm_id" FOREIGN KEY (realm_id) REFERENCES edumanage_instrealm(id) DEFERRABLE INITIALLY DEFERRED;

Note that not having the constraint in does not directly break anything, but
could lead to corrupt databases and the database structure is reported
differently with:

    ./manage.py inspectdb

Two minor security fixes: construct secure URLs (for uwsgi, with examples) and
mark cookies as secure

Actually remove the X-Forwarded-SSL header from the Apache mod_wsgi snippet.

As per discussion in in #8 (primary mode of deployment is with mod_wsgi):

* Comment out the header setting at Django side and also move it from
  settings.py to local_settings.py (because it's now a customizable item).
* Change the header name to ````X-Forwarded-Protocol: https````
* Change the Apache recommendation to use the header name and take it out of
  the mod_uwsgi snippet - and instead add a new section describing
  mod_proxy_http as an option.

Django would be default use insecure cookies - that would be sent by the
browser also over plain http.  And administrative work requiring authenticated
sessions should be done over https - and therefore, the cookie should be marked
as secure.

This can be achived by setting:

    settings.SESSION_COOKIE_SECURE = True

As this is an essential security setting that shouldn't need additional tweaks,
adding the setting to settings.py (and not local_settings.py).

Django constructs redirect URLs as https only if request.is_secure() is true.

And that evaluates to true if either uwsgi sets wsgi.url_scheme to https, or
if the request header contains a key + value configured as a tuple in
settings.SECURE_PROXY_SSL_HEADER

As some parts might be accessed over plain http and some over https (if Apache
exposes both ports), the easiest is to:

* Use the conventional header:

        X-Forwarded-SSL: on

* Set this header from Apache SSL VirtualHost

* Configure Django to check for this header with:

        SECURE_PROXY_SSL_HEADER = ('X-Forwarded-SSL', 'on')

As this is an essential security setting that shouldn't need additional tweaks,
adding the setting to settings.py (and not local_settings.py).

Without this fix, the login form at /admin/ would upon successful login
redirect to plain http, even when accessed over https.

Allow AltLogin to redirect to target URLs

First step in the direction of allowing local login as a login method (besides SSO).

Fixes a logical issue that could be caused by editing InstServer properties

When a "next" parameter exists in the context, reuse it for the redirect
(instead of forcing redirect to /overview)

Conflicts:
	djnro/templates/partial/footer.html
	edumanage/templatetags/template_maybe.py

Conflicts:
	djnro/templates/partial/footer.html
	edumanage/templatetags/include_maybe.py

institutions" use case.

scrolling and dragging

MapEscape[1].
* Set up a js callback to automatically move Google maps controls
out of the scroll area (LEFT_CENTER, opposite of scroll helper).
* Use a simple jquery plugin to auto-limit map height to usable viewport
height upon load/resize/rotation (perhaps use CSS3 in the future).

[1] http://labs.codecomputerlove.com/MapEscape/

page and elsewhere).

This was just too complicated and presented a number of quirks for non fixed-
height overlayed elements.

A few fixes for parse_institution_xml management command