From db58c113aafe68c131e496d3b8a8cbec490c09e2 Mon Sep 17 00:00:00 2001
From: David Taylor <david@taylorhq.com>
Date: Sat, 28 May 2016 14:52:48 +0100
Subject: [PATCH 1/5] Changed font to load over https - #236

---
 templates/base.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/base.html b/templates/base.html
index c27231bd..3cde5acd 100644
--- a/templates/base.html
+++ b/templates/base.html
@@ -14,7 +14,7 @@
 
     <link rel="icon" type="image/png" href="{% static "imgs/pyrigs-avatar.png" %}">
     <link rel="apple-touch-icon" href="{% static "imgs/pyrigs-avatar.png" %}">
-    <link href='http://fonts.googleapis.com/css?family=Open+Sans:400italic,700,300,400' rel='stylesheet'
+    <link href='https://fonts.googleapis.com/css?family=Open+Sans:400italic,700,300,400' rel='stylesheet'
           type='text/css'>
 
 

From 000351d884b441485ab0ff65ca31c8c9bd0a7ee1 Mon Sep 17 00:00:00 2001
From: David Taylor <david@taylorhq.com>
Date: Sat, 28 May 2016 15:20:15 +0100
Subject: [PATCH 2/5] Redirect all requests to https

---
 PyRIGS/settings.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/PyRIGS/settings.py b/PyRIGS/settings.py
index d85ff887..bb9ba676 100644
--- a/PyRIGS/settings.py
+++ b/PyRIGS/settings.py
@@ -13,6 +13,7 @@ import os
 BASE_DIR = os.path.dirname(os.path.dirname(__file__))
 
 SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+SECURE_SSL_REDIRECT = True # Redirect all http requests to https
 
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/
@@ -55,6 +56,7 @@ INSTALLED_APPS = (
 
 MIDDLEWARE_CLASSES = (
     'raven.contrib.django.raven_compat.middleware.SentryResponseErrorIdMiddleware',
+    'django.middleware.security.SecurityMiddleware',
     'reversion.middleware.RevisionMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.common.CommonMiddleware',

From aa79f3628e157854764eb26248b026a9c3c0898a Mon Sep 17 00:00:00 2001
From: David Taylor <david@taylorhq.com>
Date: Sat, 28 May 2016 15:27:38 +0100
Subject: [PATCH 3/5] Only redirect to HTTPS in production

---
 PyRIGS/settings.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/PyRIGS/settings.py b/PyRIGS/settings.py
index bb9ba676..3098c3fb 100644
--- a/PyRIGS/settings.py
+++ b/PyRIGS/settings.py
@@ -12,9 +12,6 @@ https://docs.djangoproject.com/en/1.7/ref/settings/
 import os
 BASE_DIR = os.path.dirname(os.path.dirname(__file__))
 
-SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
-SECURE_SSL_REDIRECT = True # Redirect all http requests to https
-
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/
 
@@ -28,6 +25,10 @@ TEMPLATE_DEBUG = True
 
 ALLOWED_HOSTS = ['pyrigs.nottinghamtec.co.uk', 'rigs.nottinghamtec.co.uk', 'pyrigs.herokuapp.com']
 
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+if not DEBUG:
+    SECURE_SSL_REDIRECT = True # Redirect all http requests to https
+
 INTERNAL_IPS = ['127.0.0.1']
 
 ADMINS = (

From a725ef5caf4fb6e1e3beaa4302a2a12e461d6608 Mon Sep 17 00:00:00 2001
From: David Taylor <david@taylorhq.com>
Date: Sun, 29 May 2016 17:09:52 +0100
Subject: [PATCH 4/5] Removed add to google calendar link, closes #237

---
 RIGS/templates/RIGS/profile_detail.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/RIGS/templates/RIGS/profile_detail.html b/RIGS/templates/RIGS/profile_detail.html
index 8fce1e60..e69e7bf0 100644
--- a/RIGS/templates/RIGS/profile_detail.html
+++ b/RIGS/templates/RIGS/profile_detail.html
@@ -126,7 +126,7 @@
 				<dd>
 					{% if user.api_key %}
 						<pre id="cal-url" data-url="http{{ request.is_secure|yesno:"s,"}}://{{ request.get_host }}{% url 'ics_calendar' api_pk=user.pk api_key=user.api_key %}"></pre>
-						<small><a id="gcal-link" data-url="http://www.google.com/calendar/render?cid=http{{ request.is_secure|yesno:"s,"}}://{{ request.get_host }}{% url 'ics_calendar' api_pk=user.pk api_key=user.api_key %}" href="">Click here</a> to add to google calendar.<br/>
+						<small><a id="gcal-link" data-url="https://support.google.com/calendar/answer/37100" href="">Click here</a> for instructions on adding to google calendar.<br/>
 						To sync from google calendar to mobile device, visit <a href="https://www.google.com/calendar/syncselect" target="_blank">this page</a> on your device and tick "RIGS Calendar".</small>
 					{% else %}
 						<pre>No API Key Generated</pre>

From eaf5c9687edd82269202f64798ebbc664ba88cac Mon Sep 17 00:00:00 2001
From: David Taylor <david@taylorhq.com>
Date: Sun, 29 May 2016 20:21:23 +0100
Subject: [PATCH 5/5] Fixed typo, closes #174

---
 PyRIGS/decorators.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/PyRIGS/decorators.py b/PyRIGS/decorators.py
index a7c1db90..67d8964c 100644
--- a/PyRIGS/decorators.py
+++ b/PyRIGS/decorators.py
@@ -58,7 +58,7 @@ def api_key_required(function):
 
         try:
             user_object = models.Profile.objects.get(pk=userid)
-        except Profile.DoesNotExist:
+        except models.Profile.DoesNotExist:
             return error_resp
 
         if user_object.api_key != key: