Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zulip/zerver/views/user_settings.py

222 lines
11 KiB
Python
Raw Normal View History

views: Change use of typing.Text to str. This is the first part of a general migration of our typing codebase to use the simpler `str` for strings.
2018-04-24 03:47:28 +02:00
from typing import Optional, Any, Dict
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
[i18n] Make error messages translatable. Make all strings passing through `json_error` and `JsonableError` translatable. Fixes #727
2016-05-25 15:02:02 +02:00
from django.utils.translation import ugettext as _
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
from django.conf import settings
Django 1.10: Update session hash when password is changed. Ref: https://docs.djangoproject.com/en/1.10/topics/auth/default/#session-invalidation-on-password-change for details.
2016-11-17 08:56:01 +01:00
from django.contrib.auth import authenticate, update_session_auth_hash
Annotate zerver/views/user_settings.
2016-06-05 02:15:26 +02:00
from django.http import HttpRequest, HttpResponse
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
from django.shortcuts import redirect, render
from django.urls import reverse
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
decorator: Cut a bunch of dead imports of two view decorators. Saw these when grepping for these two decorators; they're actually more numerous than the surviving use sites are. Cut out the noise.
2017-11-04 00:59:22 +01:00
from zerver.decorator import has_request_variables, \
user_settings: Disable bot access to several endpoints. These settings have no effect on bots, so this change is mostly about just avoiding confusion.
2017-04-16 22:10:56 +02:00
zulip_login_required, REQ, human_users_only
settings: Remove autoscroll_forever setting. Fixes #6845
2017-12-27 13:17:58 +01:00
from zerver.lib.actions import do_change_password, do_change_notification_settings, \
settings: Remove obsolete default_desktop_notifications setting. This actually hasn't been hooked up to do anything in years. While we're at it, we remove the entire "Zulip Labs" settings page.
2018-04-28 22:35:18 +02:00
do_change_enter_sends, do_regenerate_api_key, do_change_avatar_fields, \
settings: Remove autoscroll_forever setting. Fixes #6845
2017-12-27 13:17:58 +01:00
do_set_user_display_setting, validate_email, do_change_user_email, \
do_start_email_change_process, check_change_full_name
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
from zerver.lib.avatar import avatar_url
emails: Remove the display_email function. No longer needed, since this now only appears in build_email.
2017-07-11 06:13:23 +02:00
from zerver.lib.send_email import send_email, FromAddress
Move i18n functions from zerver/views/__init__.py to zerver/lib/i18n.py
2016-08-05 22:28:25 +02:00
from zerver.lib.i18n import get_available_language_codes
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
from zerver.lib.response import json_success, json_error
from zerver.lib.upload import upload_avatar_image
Add dynamically loaded language dropdown.
2016-06-23 11:32:45 +02:00
from zerver.lib.validator import check_bool, check_string
Add validation and tests for default language setting.
2016-07-31 10:02:42 +02:00
from zerver.lib.request import JsonableError
Add timezone field in UserProfile. Implements backend of #1506.
2017-03-14 10:53:09 +01:00
from zerver.lib.timezone import get_all_timezones
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
from zerver.models import UserProfile, Realm, name_changes_disabled, \
EmailChangeStatus
confirmation: Use ConfirmationKeyException in get_object_from_key. Fixes #5739.
2017-07-22 00:27:45 +02:00
from confirmation.models import get_object_from_key, render_confirmation_key_error, \
confirmation: Add confirmation_type to get_object_from_key. This change: * Prevents weird potential attacks like taking a valid confirmation link (say an unsubscribe link), and putting it into the URL of a multiuse invite link. I don't know of any such attacks one could do right now, but reasoning about it is complicated. * Makes the code easier to read, and in the case of confirmation/views.py, exposes something that needed refactoring anyway (USER_REGISTRATION and INVITATION should have different endpoints, and both of those endpoints should be in zerver/views/registration, not this file).
2017-11-01 21:07:39 +01:00
ConfirmationKeyException, Confirmation
user_settings: Prevent LDAP users from setting a Zulip password. Previously, if both EmailAuthBackend and LDAPAuthBackend were enabled, LDAP users could set a password using EmailAuthBackend and continue to use that password, even if their LDAP account was later deactivated. That configuration wasn't supported at all before, so this doesn't fix a pre-existing security issue, but now that we're making that a valid configuration, we need to cover this case.
2018-05-29 07:25:08 +02:00
from zproject.backends import email_belongs_to_ldap
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
zerver/views: Use Python 3 syntax for typing. Edited by tabbott to remove state.py and streams.py, because of problems with the original PR's changes, and wrap some long lines.
2017-11-27 09:28:57 +01:00
def confirm_email_change(request: HttpRequest, confirmation_key: str) -> HttpResponse:
confirmation: Use ConfirmationKeyException in get_object_from_key. Fixes #5739.
2017-07-22 00:27:45 +02:00
try:
email change: Refactor confirmation path for readability. Removes an assert, which at this point is there just for readability, since the second argument to get_object_from_key(confirmation_key, Confirmation.EMAIL_CHANGE) ensures that the returned object is of the correct type.
2017-11-07 20:45:11 +01:00
email_change_object = get_object_from_key(confirmation_key, Confirmation.EMAIL_CHANGE)
confirmation: Use ConfirmationKeyException in get_object_from_key. Fixes #5739.
2017-07-22 00:27:45 +02:00
except ConfirmationKeyException as exception:
return render_confirmation_key_error(request, exception)
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
email change: Refactor confirmation path for readability. Removes an assert, which at this point is there just for readability, since the second argument to get_object_from_key(confirmation_key, Confirmation.EMAIL_CHANGE) ensures that the returned object is of the correct type.
2017-11-07 20:45:11 +01:00
new_email = email_change_object.new_email
old_email = email_change_object.old_email
user_profile = email_change_object.user_profile
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
settings: Allow admin to change email/name even if it is disabled in realm. Allow realm admin users to change their email or name even, changing name or email is disabled in realm.
2018-02-02 16:54:26 +01:00
if user_profile.realm.email_changes_disabled and not user_profile.is_realm_admin:
email change: Use confirmation object user to determine changeability. Seems like the more logical check. Also, the previous code makes it feel like there is a potential vulnerability where one could get an email change object in a realm where email changes are disabled, and then open that link while logged in to a different realm. While we're at it, remove the unnecessary check that the user is logged in when clicking the confirmation link; that creates unnecessary trouble for users who use multiple browsers.
2017-11-07 20:48:32 +01:00
raise JsonableError(_("Email address changes are disabled in this organization."))
email change: Refactor confirmation path for readability. Removes an assert, which at this point is there just for readability, since the second argument to get_object_from_key(confirmation_key, Confirmation.EMAIL_CHANGE) ensures that the returned object is of the correct type.
2017-11-07 20:45:11 +01:00
do_change_user_email(user_profile, new_email)
confirmation: Use ConfirmationKeyException in get_object_from_key. Fixes #5739.
2017-07-22 00:27:45 +02:00
emails: Pass realm_name instead of realm in notify_change_in_email context.
2018-04-30 17:35:21 +02:00
context = {'realm_name': user_profile.realm.name, 'new_email': new_email}
confirmation: Use ConfirmationKeyException in get_object_from_key. Fixes #5739.
2017-07-22 00:27:45 +02:00
send_email('zerver/emails/notify_change_in_email', to_email=old_email,
from_name="Zulip Account Security", from_address=FromAddress.SUPPORT,
context=context)
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
ctx = {
'new_email': new_email,
'old_email': old_email,
}
return render(request, 'confirmation/confirm_email_change.html', context=ctx)
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
settings: Migrate main settings-change code to API. This was one of the few major remaining endpoints that were still on the old-style legacy API.
2017-07-31 20:44:52 +02:00
@human_users_only
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
@has_request_variables
mypy: Use Python 3 type syntax in user_settings.py
2017-12-04 09:56:07 +01:00
def json_change_settings(request: HttpRequest, user_profile: UserProfile,
views: Change use of typing.Text to str. This is the first part of a general migration of our typing codebase to use the simpler `str` for strings.
2018-04-24 03:47:28 +02:00
full_name: str=REQ(default=""),
email: str=REQ(default=""),
old_password: str=REQ(default=""),
new_password: str=REQ(default="")) -> HttpResponse:
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
if not (full_name or new_password or email):
settings: Change error for "no data" to something more friendly.
2018-01-11 20:28:44 +01:00
return json_error(_("Please fill out all fields."))
Require non-empty full_name or password in json_change_settings
2016-07-23 22:22:25 +02:00
settings: Remove password confirmation in modal. This removes the requirement to confirm your new password. It isn't necessary and can be fixed easily with an email reset if messed up.
2018-01-11 20:28:18 +01:00
if new_password != "":
user_settings: Prevent LDAP users from setting a Zulip password. Previously, if both EmailAuthBackend and LDAPAuthBackend were enabled, LDAP users could set a password using EmailAuthBackend and continue to use that password, even if their LDAP account was later deactivated. That configuration wasn't supported at all before, so this doesn't fix a pre-existing security issue, but now that we're making that a valid configuration, we need to cover this case.
2018-05-29 07:25:08 +02:00
return_data = {} # type: Dict[str, Any]
if email_belongs_to_ldap(user_profile.realm, user_profile.email):
return json_error(_("Your Zulip password is managed in LDAP"))
Convert EmailAuthBackend and LDAPAuthBackend to accept a realm.
2017-11-17 23:56:45 +01:00
if not authenticate(username=user_profile.email, password=old_password,
user_settings: Prevent LDAP users from setting a Zulip password. Previously, if both EmailAuthBackend and LDAPAuthBackend were enabled, LDAP users could set a password using EmailAuthBackend and continue to use that password, even if their LDAP account was later deactivated. That configuration wasn't supported at all before, so this doesn't fix a pre-existing security issue, but now that we're making that a valid configuration, we need to cover this case.
2018-05-29 07:25:08 +02:00
realm=user_profile.realm, return_data=return_data):
[i18n] Make error messages translatable. Make all strings passing through `json_error` and `JsonableError` translatable. Fixes #727
2016-05-25 15:02:02 +02:00
return json_error(_("Wrong password!"))
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
do_change_password(user_profile, new_password)
Django 1.10: Update session hash when password is changed. Ref: https://docs.djangoproject.com/en/1.10/topics/auth/default/#session-invalidation-on-password-change for details.
2016-11-17 08:56:01 +01:00
# In Django 1.10, password changes invalidates sessions, see
# https://docs.djangoproject.com/en/1.10/topics/auth/default/#session-invalidation-on-password-change
user_settings.py: Use the singular 'they' pronoun.
2017-07-05 11:47:21 +02:00
# for details. To avoid this logging the user out of their own
Django 1.10: Update session hash when password is changed. Ref: https://docs.djangoproject.com/en/1.10/topics/auth/default/#session-invalidation-on-password-change for details.
2016-11-17 08:56:01 +01:00
# session (which would provide a confusing UX at best), we
# update the session hash here.
update_session_auth_hash(request, user_profile)
Django 1.10: Immediately save session to mitigate race conditions.
2016-12-16 11:38:21 +01:00
# We also save the session to the DB immediately to mitigate
# race conditions. In theory, there is still a race condition
# and to completely avoid it we will have to use some kind of
# mutex lock in `django.contrib.auth.get_user` where session
# is verified. To make that lock work we will have to control
# the AuthenticationMiddleware which is currently controlled
# by Django,
request.session.save()
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
views: Use property_types for display settings. This reduces semi-duplicated code here.
2017-05-22 21:07:35 +02:00
result = {} # type: Dict[str, Any]
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
new_email = email.strip()
if user_profile.email != email and new_email != '':
settings: Allow admin to change email/name even if it is disabled in realm. Allow realm admin users to change their email or name even, changing name or email is disabled in realm.
2018-02-02 16:54:26 +01:00
if user_profile.realm.email_changes_disabled and not user_profile.is_realm_admin:
user_settings: Clean up error messages and tests for email change.
2017-03-05 02:18:42 +01:00
return json_error(_("Email address changes are disabled in this organization."))
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
error, skipped = validate_email(user_profile, new_email)
mypy: Split email validation error handling in json_change_settings.
2017-09-25 07:18:42 +02:00
if error:
return json_error(error)
if skipped:
return json_error(skipped)
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
do_start_email_change_process(user_profile, new_email)
settings: Mention about /emails after sending change email mail.
2017-10-02 23:27:22 +02:00
result['account_email'] = _("Check your email for a confirmation link. ")
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
if user_profile.full_name != full_name and full_name.strip() != "":
settings: Allow admin to change email/name even if it is disabled in realm. Allow realm admin users to change their email or name even, changing name or email is disabled in realm.
2018-02-02 16:54:26 +01:00
if name_changes_disabled(user_profile.realm) and not user_profile.is_realm_admin:
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
# Failingly silently is fine -- they can't do it through the UI, so
# they'd have to be trying to break the rules.
pass
else:
users: Consolidate name change enforcement logic. This has the side effect of fixing an issue where one could edit a bot to have an invalid name.
2017-02-08 04:39:55 +01:00
# Note that check_change_full_name strips the passed name automatically
Switch change_full_name to use RealmAuditLog. This requires adding an `acting_user` parameter to the `do_change_bot_owner` function.
2017-04-07 07:28:28 +02:00
result['full_name'] = check_change_full_name(user_profile, full_name, user_profile)
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
return json_success(result)
user_settings: Disable bot access to several endpoints. These settings have no effect on bots, so this change is mostly about just avoiding confusion.
2017-04-16 22:10:56 +02:00
@human_users_only
Add dynamically loaded language dropdown.
2016-06-23 11:32:45 +02:00
@has_request_variables
user_settings: Fix mypy annotations. While we're at it, convert this to use the Python 3 style, which isn't prone to this sort of bug.
2017-11-16 02:37:54 +01:00
def update_display_settings_backend(
request: HttpRequest, user_profile: UserProfile,
twenty_four_hour_time: Optional[bool]=REQ(validator=check_bool, default=None),
settings: Add a development-only setting for less dense mode. This should make it easier for us to iterate on a less-dense Zulip. We create two classes on body, less_dense_mode and more_dense_mode, so that it's easy as we refactor to separate the two concepts from things like colors that are independent.
2018-05-24 20:53:26 +02:00
dense_mode: Optional[bool]=REQ(validator=check_bool, default=None),
models: Create starred_message_counts boolean field.
2018-08-17 08:09:07 +02:00
starred_message_counts: Optional[bool]=REQ(validator=check_bool, default=None),
user_settings: Fix mypy annotations. While we're at it, convert this to use the Python 3 style, which isn't prone to this sort of bug.
2017-11-16 02:37:54 +01:00
high_contrast_mode: Optional[bool]=REQ(validator=check_bool, default=None),
night_mode: Optional[bool]=REQ(validator=check_bool, default=None),
emoji: Add support for translating emoticons. Add `translate_emoticons` to `prop_types` and `expected_keys`. Furthermore, create a emoji-translating Markdown inline pattern. Also use a JavaScript version of `translate_emoticons` and then use this function during Markdown previews and as a preprocessor. This is only needed for previews, because usually emoticon translation happens on the backend after sending. Add tests for emoticon translation, a settings UI, and a /help/ page as well. Tweaked by tabbott to fix various test failurse as well as how this handles whitespace, requiring emoticons to not have adjacent characters. Fixes #1768.
2018-01-15 19:36:32 +01:00
translate_emoticons: Optional[bool]=REQ(validator=check_bool, default=None),
user_settings: Fix mypy annotations. While we're at it, convert this to use the Python 3 style, which isn't prone to this sort of bug.
2017-11-16 02:37:54 +01:00
default_language: Optional[bool]=REQ(validator=check_string, default=None),
left_side_userlist: Optional[bool]=REQ(validator=check_bool, default=None),
emojiset: Optional[str]=REQ(validator=check_string, default=None),
timezone: Optional[str]=REQ(validator=check_string, default=None)) -> HttpResponse:
update_display_settings: Move validation to beginning. This makes the function more friendly for adding additional functionality to.
2016-12-22 15:58:18 +01:00
if (default_language is not None and
default_language not in get_available_language_codes()):
raise JsonableError(_("Invalid language '%s'" % (default_language,)))
Add timezone field in UserProfile. Implements backend of #1506.
2017-03-14 10:53:09 +01:00
if (timezone is not None and
timezone not in get_all_timezones()):
raise JsonableError(_("Invalid timezone '%s'" % (timezone,)))
backend: Allow to change UserProfile's `emojiset` field via api.
2017-04-02 21:05:33 +02:00
if (emojiset is not None and
emojiset not in UserProfile.emojiset_choices()):
raise JsonableError(_("Invalid emojiset '%s'" % (emojiset,)))
views: Use property_types for display settings. This reduces semi-duplicated code here.
2017-05-22 21:07:35 +02:00
request_settings = {k: v for k, v in list(locals().items()) if k in user_profile.property_types}
pep8: Add compliance with rule E261 to zerver/views/user_settings.py.
2017-05-17 22:16:38 +02:00
result = {} # type: Dict[str, Any]
views: Use property_types for display settings. This reduces semi-duplicated code here.
2017-05-22 21:07:35 +02:00
for k, v in list(request_settings.items()):
if v is not None and getattr(user_profile, k) != v:
do_set_user_display_setting(user_profile, k, v)
result[k] = v
Add timezone field in UserProfile. Implements backend of #1506.
2017-03-14 10:53:09 +01:00
Add dynamically loaded language dropdown.
2016-06-23 11:32:45 +02:00
return json_success(result)
user_settings: Disable bot access to several endpoints. These settings have no effect on bots, so this change is mostly about just avoiding confusion.
2017-04-16 22:10:56 +02:00
@human_users_only
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
@has_request_variables
mypy: Use Python 3 type syntax in user_settings.py
2017-12-04 09:56:07 +01:00
def json_change_notify_settings(
request: HttpRequest, user_profile: UserProfile,
enable_stream_desktop_notifications: Optional[bool]=REQ(validator=check_bool, default=None),
enable_stream_email_notifications: Optional[bool]=REQ(validator=check_bool, default=None),
enable_stream_push_notifications: Optional[bool]=REQ(validator=check_bool, default=None),
enable_stream_sounds: Optional[bool]=REQ(validator=check_bool, default=None),
enable_desktop_notifications: Optional[bool]=REQ(validator=check_bool, default=None),
enable_sounds: Optional[bool]=REQ(validator=check_bool, default=None),
enable_offline_email_notifications: Optional[bool]=REQ(validator=check_bool, default=None),
enable_offline_push_notifications: Optional[bool]=REQ(validator=check_bool, default=None),
enable_online_push_notifications: Optional[bool]=REQ(validator=check_bool, default=None),
enable_digest_emails: Optional[bool]=REQ(validator=check_bool, default=None),
settings: Add setting to disable message content in missed message emails. Fixes #6938.
2017-11-29 13:42:39 +01:00
message_content_in_email_notifications: Optional[bool]=REQ(validator=check_bool, default=None),
settings: Added setting to turn on and off realm name in email subject. Users having only account in one realm will not be distracted by realm name in subject lines of every email. Users who have multiple accounts in realms can turn this setting on and receive a corresponding realm name in email's subject. Tweaked by tabbott to rebase and address a few small issues. Fixes #5489.
2018-01-06 23:30:43 +01:00
pm_content_in_desktop_notifications: Optional[bool]=REQ(validator=check_bool, default=None),
settings: Add setting to disable message content in missed message emails. Fixes #6938.
2017-11-29 13:42:39 +01:00
realm_name_in_notifications: Optional[bool]=REQ(validator=check_bool, default=None)
) -> HttpResponse:
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
result = {}
# Stream notification settings.
notification_settings: Refactor notification preference settings. Previously, all notification preference setting had a dedicated test and setter. Now, all are handled through a modular function using the property_types framework.
2017-05-23 03:19:21 +02:00
req_vars = {k: v for k, v in list(locals().items()) if k in user_profile.notification_setting_types}
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
notification_settings: Refactor notification preference settings. Previously, all notification preference setting had a dedicated test and setter. Now, all are handled through a modular function using the property_types framework.
2017-05-23 03:19:21 +02:00
for k, v in list(req_vars.items()):
if v is not None and getattr(user_profile, k) != v:
do_change_notification_settings(user_profile, k, v)
result[k] = v
Add setting hiding private message content in desktop notifications. Tweaked by tabbott to fix a refactoring bug, set the default to True, fix the real-time sync, and add tests for this. Fixes #2355.
2016-12-07 17:29:12 +01:00
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
return json_success(result)
zerver/views: Use Python 3 syntax for typing. Edited by tabbott to remove state.py and streams.py, because of problems with the original PR's changes, and wrap some long lines.
2017-11-27 09:28:57 +01:00
def set_avatar_backend(request: HttpRequest, user_profile: UserProfile) -> HttpResponse:
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
if len(request.FILES) != 1:
[i18n] Make error messages translatable. Make all strings passing through `json_error` and `JsonableError` translatable. Fixes #727
2016-05-25 15:02:02 +02:00
return json_error(_("You must upload exactly one avatar."))
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
python3: Fix usage of .keys()/.values() to handle iterators. This fixes the places where we use the result of .keys(), .items(), and .values() that wouldn't work with an iterator to wrap them with list().
2016-01-25 01:27:18 +01:00
user_file = list(request.FILES.values())[0]
Add size limit for uploading user avatars and realm icons. - Add settings parameter for max realm icon size. - Add settings parameter for max user avatar size. - Add checking file size to avatar and icon uploading views. - Transfer file size limit parameter to frontend. - Add tests.
2017-03-06 06:22:28 +01:00
if ((settings.MAX_AVATAR_FILE_SIZE * 1024 * 1024) < user_file.size):
return json_error(_("Uploaded file is larger than the allowed limit of %s MB") % (
settings.MAX_AVATAR_FILE_SIZE))
Refactor: Change upload_avatar_image to accept two user profiles. In this commit we just change the upload_avatar_image function to accept two user_profiles acting_user_profile and target_user_profile. Basically email param is dropped for a target_user_profile so that avatar's could be moved lateron to user id based storage.
2017-03-02 16:21:46 +01:00
upload_avatar_image(user_file, user_profile, user_profile)
Bump user_profile.avatar_version when we change avatars. We have a field called user_profile.avatar_version that will track avatar versions and be used tactically in avatar urls to get browsers to refresh their caches (in future commits). This commit bumps the avatar version when we update avatars. We do this in do_change_avatar_fields(), which was do_change_avatar_source() before this change. Adarsh did the initial work here, and Steve Howell (showell) also made changes.
2017-01-28 19:05:20 +01:00
do_change_avatar_fields(user_profile, UserProfile.AVATAR_FROM_USER)
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
user_avatar_url = avatar_url(user_profile)
json_result = dict(
avatar_url = user_avatar_url
)
return json_success(json_result)
zerver/views: Use Python 3 syntax for typing. Edited by tabbott to remove state.py and streams.py, because of problems with the original PR's changes, and wrap some long lines.
2017-11-27 09:28:57 +01:00
def delete_avatar_backend(request: HttpRequest, user_profile: UserProfile) -> HttpResponse:
Bump user_profile.avatar_version when we change avatars. We have a field called user_profile.avatar_version that will track avatar versions and be used tactically in avatar urls to get browsers to refresh their caches (in future commits). This commit bumps the avatar version when we update avatars. We do this in do_change_avatar_fields(), which was do_change_avatar_source() before this change. Adarsh did the initial work here, and Steve Howell (showell) also made changes.
2017-01-28 19:05:20 +01:00
do_change_avatar_fields(user_profile, UserProfile.AVATAR_FROM_GRAVATAR)
settings: Implement delete avatar functionality
2016-12-21 18:34:03 +01:00
gravatar_url = avatar_url(user_profile)
json_result = dict(
avatar_url = gravatar_url
)
return json_success(json_result)
decorators: Use human_users_only more aggressively.
2017-10-28 00:16:13 +02:00
# We don't use @human_users_only here, because there are use cases for
# a bot regenerating its own API key.
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
@has_request_variables
zerver/views: Use Python 3 syntax for typing. Edited by tabbott to remove state.py and streams.py, because of problems with the original PR's changes, and wrap some long lines.
2017-11-27 09:28:57 +01:00
def regenerate_api_key(request: HttpRequest, user_profile: UserProfile) -> HttpResponse:
Switch regenerate_api_key to use RealmAuditLog.
2017-04-06 12:27:58 +02:00
do_regenerate_api_key(user_profile, user_profile)
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
json_result = dict(
api_key = user_profile.api_key
)
return json_success(json_result)
decorators: Use human_users_only more aggressively.
2017-10-28 00:16:13 +02:00
@human_users_only
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
@has_request_variables
mypy: Use Python 3 type syntax in user_settings.py
2017-12-04 09:56:07 +01:00
def change_enter_sends(request: HttpRequest, user_profile: UserProfile,
enter_sends: bool=REQ(validator=check_bool)) -> HttpResponse:
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
do_change_enter_sends(user_profile, enter_sends)
return json_success()