Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zulip/zerver/views/user_settings.py

486 lines
20 KiB
Python
Raw Normal View History

css: Fix spilling out of long email on email change confirmation. In the email change confirmation page, now long emails break to multiple lines instead of spilling out. Fixes #23654.
2022-11-27 23:09:11 +01:00
from email.headerregistry import Address
user_settings: Migrate to typed_endpoint. Migrate `user_settings.py` to `typed_endpoint`. Fix the error messages for the tests. Migrate required validators.
2024-07-30 10:17:33 +02:00
from typing import Annotated, Any
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
from django.conf import settings
Django 1.10: Update session hash when password is changed. Ref: https://docs.djangoproject.com/en/1.10/topics/auth/default/#session-invalidation-on-password-change for details.
2016-11-17 08:56:01 +01:00
from django.contrib.auth import authenticate, update_session_auth_hash
demo-orgs: Add email and password process for demo organization owners. Creates process for demo organization owners to add an email address and password to their account. Uses the same flow as changing an email (via user settings) at the beginning, but then sends a different email template to the user for the email confirmation process. We also encourage users to set their full name field in the modal for adding an email in a demo organization. We disable the submit button on the form if either input is empty, email or full name. When the user clicks the 'confirm and set password' button in the email sent to confirm the email address sent via the form, their email is updated via confirm_email_change, but the user is redirected to the reset password page for their account (instead of the page for confirming an email change has happened). Once the user successfully sets a password, then they will be prompted to log in with their newly configured email and password.
2023-07-20 21:05:37 +02:00
from django.contrib.auth.tokens import default_token_generator
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
from django.core.exceptions import ValidationError
user_settings: Add assertions before attribute access. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-15 04:23:40 +02:00
from django.core.files.uploadedfile import UploadedFile
user_settings: Lock user row before changing email address.
2023-11-28 18:24:30 +01:00
from django.db import transaction
demo-orgs: Add email and password process for demo organization owners. Creates process for demo organization owners to add an email address and password to their account. Uses the same flow as changing an email (via user settings) at the beginning, but then sends a different email template to the user for the email confirmation process. We also encourage users to set their full name field in the modal for adding an email in a demo organization. We disable the submit button on the form if either input is empty, email or full name. When the user clicks the 'confirm and set password' button in the email sent to confirm the email address sent via the form, their email is updated via confirm_email_change, but the user is redirected to the reset password page for their account (instead of the page for confirming an email change has happened). Once the user successfully sets a password, then they will be prompted to log in with their newly configured email and password.
2023-07-20 21:05:37 +02:00
from django.http import HttpRequest, HttpResponse, HttpResponseRedirect
views: Remove unused imports. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2019-02-02 23:53:22 +01:00
from django.shortcuts import render
i18n: Don't include email tags in translation strings.
2020-09-16 19:30:05 +02:00
from django.utils.html import escape
from django.utils.safestring import SafeString
python: Convert deprecated Django ugettext alias to gettext. django.utils.translation.ugettext is a deprecated alias of django.utils.translation.gettext as of Django 3.0, and will be removed in Django 4.0. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-04-16 00:57:30 +02:00
from django.utils.translation import gettext as _
from django.utils.translation import gettext_lazy
user_settings: Migrate to typed_endpoint. Migrate `user_settings.py` to `typed_endpoint`. Fix the error messages for the tests. Migrate required validators.
2024-07-30 10:17:33 +02:00
from pydantic import Json
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
from confirmation.models import (
Confirmation,
ruff: Fix N818 exception name should be named with an Error suffix. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-17 09:30:48 +01:00
ConfirmationKeyError,
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
get_object_from_key,
render_confirmation_key_error,
)
actions: Split out zerver.actions.user_settings. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-14 23:49:26 +02:00
from zerver.actions.user_settings import (
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
check_change_full_name,
do_change_avatar_fields,
do_change_password,
do_change_user_delivery_email,
refactor: Rename do_set_user_display_setting to do_set_user_setting.
2021-08-13 16:18:53 +02:00
do_change_user_setting,
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
do_regenerate_api_key,
do_start_email_change_process,
)
users: Factor out do_send_password_reset_email.
2024-09-23 20:24:45 +02:00
from zerver.actions.users import generate_password_reset_url
actions: Split out zerver.actions.user_settings. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-14 23:49:26 +02:00
from zerver.decorator import human_users_only
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
from zerver.lib.avatar import avatar_url
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
from zerver.lib.email_validation import (
get_realm_email_validator,
python: Fix mypy no_implicit_reexport errors. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-16 22:11:10 +02:00
validate_email_is_valid,
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
validate_email_not_already_in_realm,
)
exceptions: Add new error class to be used for invalid parameter values. This would help us in avoiding adding translation everytime we use this error for a new pair of parameters.
2024-07-18 21:29:40 +02:00
from zerver.lib.exceptions import (
IncompatibleParameterValuesError,
JsonableError,
RateLimitedError,
UserDeactivatedError,
)
settings: Move check_settings_values to user_settings.py. This commit moves check_settings_values to user_settings.py from validator.py such that we can import the functions at the top without any issue of cyclic imports.
2021-09-09 20:19:08 +02:00
from zerver.lib.i18n import get_available_language_codes
settings: Add rate limiting for email address changes. Co-authored-by: Alex Vandiver <alexmv@zulip.com>
2021-11-03 23:20:55 +01:00
from zerver.lib.rate_limiter import RateLimitedUser
python: Migrate most json_error => JsonableError. JsonableError has two major benefits over json_error: * It can be raised from anywhere in the codebase, rather than being a return value, which is much more convenient for refactoring, as one doesn't potentially need to change error handling style when extracting a bit of view code to a function. * It is guaranteed to contain the `code` property, which is helpful for API consistency. Various stragglers are not updated because JsonableError requires subclassing in order to specify custom data or HTTP status codes.
2021-06-30 18:35:50 +02:00
from zerver.lib.response import json_success
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
from zerver.lib.send_email import FromAddress, send_email
actions: Split out zerver.lib.sounds. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-14 23:26:40 +02:00
from zerver.lib.sounds import get_available_notification_sounds
user_settings: Migrate to typed_endpoint. Migrate `user_settings.py` to `typed_endpoint`. Fix the error messages for the tests. Migrate required validators.
2024-07-30 10:17:33 +02:00
from zerver.lib.typed_endpoint import typed_endpoint, typed_endpoint_without_parameters
from zerver.lib.typed_endpoint_validators import (
check_int_in_validator,
check_string_in_validator,
timezone_validator,
requirements: Upgrade to Django 4.0. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-06-28 00:43:57 +02:00
)
user_settings: Migrate to typed_endpoint. Migrate `user_settings.py` to `typed_endpoint`. Fix the error messages for the tests. Migrate required validators.
2024-07-30 10:17:33 +02:00
from zerver.lib.upload import upload_avatar_image
settings: Require clients to pass dense_mode value when needed. Previously, if someone changed the font-size or line height settings to some value other than the legacy values, we set dense_mode to False if it was True. This commit changes the code to require clients to pass dense_mode as False in such cases and raise an error otherwise.
2024-07-18 11:05:37 +02:00
from zerver.models import EmailChangeStatus, RealmUserDefault, UserBaseSettings, UserProfile
models: Extract zerver.models.realms. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-12-15 02:14:24 +01:00
from zerver.models.realms import avatar_changes_disabled, name_changes_disabled
email_change: Show deactivated page if realm is now deactivated. We also catch if the user is now deactivated.
2021-11-04 00:18:32 +01:00
from zerver.views.auth import redirect_to_deactivation_notice
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
from zproject.backends import check_password_strength, email_belongs_to_ldap
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
python: Convert deprecated Django ugettext alias to gettext. django.utils.translation.ugettext is a deprecated alias of django.utils.translation.gettext as of Django 3.0, and will be removed in Django 4.0. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-04-16 00:57:30 +02:00
AVATAR_CHANGES_DISABLED_ERROR = gettext_lazy("Avatar changes are disabled in this organization.")
realm: Add setting to disable avatar changes. This is useful when syncing avatars from an integrated LDAP/active directory. The upload avatar and delete avatar buttons are hidden if avatar changes are disabled and the user is a non-admin. If the user has a gravatar set, then the user will not be able to upload an image as their avatar if avatar changes are disabled. Part of #12132.
2019-04-23 04:51:04 +02:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
user_settings: Re-verify email addresses when enacting them.
2023-11-28 18:25:28 +01:00
def validate_email_change_request(user_profile: UserProfile, new_email: str) -> None:
if not user_profile.is_active:
# TODO: Make this into a user-facing error, not JSON
raise UserDeactivatedError
if user_profile.realm.email_changes_disabled and not user_profile.is_realm_admin:
raise JsonableError(_("Email address changes are disabled in this organization."))
error = validate_email_is_valid(
new_email,
get_realm_email_validator(user_profile.realm),
)
if error:
raise JsonableError(error)
try:
validate_email_not_already_in_realm(
user_profile.realm,
new_email,
verbose=False,
)
except ValidationError as e:
raise JsonableError(e.message)
zerver/views: Use Python 3 syntax for typing. Edited by tabbott to remove state.py and streams.py, because of problems with the original PR's changes, and wrap some long lines.
2017-11-27 09:28:57 +01:00
def confirm_email_change(request: HttpRequest, confirmation_key: str) -> HttpResponse:
confirmation: Use ConfirmationKeyException in get_object_from_key. Fixes #5739.
2017-07-22 00:27:45 +02:00
try:
get_object_from_key: Make mark_object_used an obligatory kwarg.
2022-07-21 15:26:09 +02:00
email_change_object = get_object_from_key(
confirmation_key, [Confirmation.EMAIL_CHANGE], mark_object_used=True
)
ruff: Fix N818 exception name should be named with an Error suffix. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-17 09:30:48 +01:00
except ConfirmationKeyError as exception:
confirmation: Use ConfirmationKeyException in get_object_from_key. Fixes #5739.
2017-07-22 00:27:45 +02:00
return render_confirmation_key_error(request, exception)
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
user_settings: Add assertions before attribute access. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-15 04:23:40 +02:00
assert isinstance(email_change_object, EmailChangeStatus)
email change: Refactor confirmation path for readability. Removes an assert, which at this point is there just for readability, since the second argument to get_object_from_key(confirmation_key, Confirmation.EMAIL_CHANGE) ensures that the returned object is of the correct type.
2017-11-07 20:45:11 +01:00
new_email = email_change_object.new_email
old_email = email_change_object.old_email
user_settings: Lock user row before changing email address.
2023-11-28 18:24:30 +01:00
with transaction.atomic():
user_profile = UserProfile.objects.select_for_update().get(
id=email_change_object.user_profile_id
)
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
user_settings: Revoke previous email changes on new one.
2023-11-28 18:25:06 +01:00
if user_profile.delivery_email != old_email:
# This is not expected to be possible, since we deactivate
# any previous email changes when we create a new one, but
# double-check.
return render_confirmation_key_error(
request, ConfirmationKeyError(ConfirmationKeyError.EXPIRED)
) # nocoverage
user_settings: Lock user row before changing email address.
2023-11-28 18:24:30 +01:00
if user_profile.realm.deactivated:
return redirect_to_deactivation_notice()
email_change: Show deactivated page if realm is now deactivated. We also catch if the user is now deactivated.
2021-11-04 00:18:32 +01:00
user_settings: Re-verify email addresses when enacting them.
2023-11-28 18:25:28 +01:00
validate_email_change_request(user_profile, new_email)
do_change_user_delivery_email: Add acting_user kwarg. This is standard for our do_change_... functions.
2024-08-11 22:38:04 +02:00
do_change_user_delivery_email(user_profile, new_email, acting_user=user_profile)
confirmation: Use ConfirmationKeyException in get_object_from_key. Fixes #5739.
2017-07-22 00:27:45 +02:00
user_settings: Lock user row before changing email address.
2023-11-28 18:24:30 +01:00
user_profile = UserProfile.objects.get(id=email_change_object.user_profile_id)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
context = {"realm_name": user_profile.realm.name, "new_email": new_email}
emails: Translate from_name of account security emails.
2020-02-14 13:58:58 +01:00
language = user_profile.default_language
demo-orgs: Add email and password process for demo organization owners. Creates process for demo organization owners to add an email address and password to their account. Uses the same flow as changing an email (via user settings) at the beginning, but then sends a different email template to the user for the email confirmation process. We also encourage users to set their full name field in the modal for adding an email in a demo organization. We disable the submit button on the form if either input is empty, email or full name. When the user clicks the 'confirm and set password' button in the email sent to confirm the email address sent via the form, their email is updated via confirm_email_change, but the user is redirected to the reset password page for their account (instead of the page for confirming an email change has happened). Once the user successfully sets a password, then they will be prompted to log in with their newly configured email and password.
2023-07-20 21:05:37 +02:00
if old_email == "":
# The assertions here are to help document the only circumstance under which
# this condition should be possible.
assert (
user_profile.realm.demo_organization_scheduled_deletion_date is not None
and user_profile.is_realm_owner
)
# Because demo organizations are created without setting an email and password
# we want to redirect to setting a password after configuring and confirming
# an email for the owner's account.
reset_password_url = generate_password_reset_url(user_profile, default_token_generator)
return HttpResponseRedirect(reset_password_url)
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
send_email(
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
"zerver/emails/notify_change_in_email",
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
to_emails=[old_email],
from_name=FromAddress.security_email_from_name(user_profile=user_profile),
from_address=FromAddress.SUPPORT,
language=language,
context=context,
realm=user_profile.realm,
)
css: Fix spilling out of long email on email change confirmation. In the email change confirmation page, now long emails break to multiple lines instead of spilling out. Fixes #23654.
2022-11-27 23:09:11 +01:00
old_email_address = Address(addr_spec=old_email)
new_email_address = Address(addr_spec=new_email)
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
ctx = {
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
"new_email_html_tag": SafeString(
css: Fix spilling out of long email on email change confirmation. In the email change confirmation page, now long emails break to multiple lines instead of spilling out. Fixes #23654.
2022-11-27 23:09:11 +01:00
f'<a href="mailto:{escape(new_email)}">{escape(new_email_address.username)}@<wbr>{escape(new_email_address.domain)}</wbr></a>'
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
),
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
"old_email_html_tag": SafeString(
css: Fix spilling out of long email on email change confirmation. In the email change confirmation page, now long emails break to multiple lines instead of spilling out. Fixes #23654.
2022-11-27 23:09:11 +01:00
f'<a href="mailto:{escape(old_email)}">{escape(old_email_address.username)}@<wbr>{escape(old_email_address.domain)}</wbr></a>'
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
),
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
}
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
return render(request, "confirmation/confirm_email_change.html", context=ctx)
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
settings: Merge settings API endpoints. This API change removes unnecessary complexity from a client that wants to change a user's personal settings, and also saves developers from needing to make decisions about what sort of setting something is at the API level. We preserve the old settings endpoints as mapping to the same function as the new one for backwards-compatibility. We delete the documentation for the old endpoints, though the documentation for the merged /settings endpoint mentions how to use the old endpoints when needed. We migrate all backend tests to the new endpoints, except for individual tests for each legacy endpoint to verify they still work. Co-authored-by: sahil839 <sahilbatra839@gmail.com>
2021-07-07 22:08:11 +02:00
emojiset_choices = {emojiset["key"] for emojiset in UserProfile.emojiset_choices()}
settings: Rename default_view and escape_navigates_to_default_view. This commit renames default_view and escape_navigates_to_default_view settings to web_home_view and web_escape_navigates_to_home_view in database and API to match with our recent renaming of user facing strings related to this. We also rename the variables, functions, comments in code and class names and IDs for elements related to this.
2023-10-23 09:02:57 +02:00
web_home_view_options = ["recent_topics", "inbox", "all_messages"]
settings: Add setting to control how animated images are played. Previously animated images were automatically played in the message feed of the web app. Now that we have still thumbnails available for them, we can add a new personal setting, "web_animate_image_previews", which controls how the animated images would be played in the web app message feed -- always played, on hover, or only in the image viewer. Fixes #31016.
2024-07-21 15:23:56 +02:00
web_animate_image_previews_options = ["always", "on_hover", "never"]
settings: Merge settings API endpoints. This API change removes unnecessary complexity from a client that wants to change a user's personal settings, and also saves developers from needing to make decisions about what sort of setting something is at the API level. We preserve the old settings endpoints as mapping to the same function as the new one for backwards-compatibility. We delete the documentation for the old endpoints, though the documentation for the merged /settings endpoint mentions how to use the old endpoints when needed. We migrate all backend tests to the new endpoints, except for individual tests for each legacy endpoint to verify they still work. Co-authored-by: sahil839 <sahilbatra839@gmail.com>
2021-07-07 22:08:11 +02:00
settings: Move check_settings_values to user_settings.py. This commit moves check_settings_values to user_settings.py from validator.py such that we can import the functions at the top without any issue of cyclic imports.
2021-09-09 20:19:08 +02:00
def check_settings_values(
ruff: Fix UP007 Use `X | Y` for type annotations. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-07-12 02:30:23 +02:00
notification_sound: str | None,
email_notifications_batching_period_seconds: int | None,
default_language: str | None = None,
settings: Move check_settings_values to user_settings.py. This commit moves check_settings_values to user_settings.py from validator.py such that we can import the functions at the top without any issue of cyclic imports.
2021-09-09 20:19:08 +02:00
) -> None:
endpoints: Modify comments mentioning has_request_variables and REQ.
2024-09-03 18:08:36 +02:00
# We can't use typed_endpoint for this widget because
settings: Move check_settings_values to user_settings.py. This commit moves check_settings_values to user_settings.py from validator.py such that we can import the functions at the top without any issue of cyclic imports.
2021-09-09 20:19:08 +02:00
# get_available_language_codes requires provisioning to be
# complete.
if default_language is not None and default_language not in get_available_language_codes():
raise JsonableError(_("Invalid default_language"))
if (
notification_sound is not None
and notification_sound not in get_available_notification_sounds()
and notification_sound != "none"
):
python: Convert translated positional {} fields to {named} fields. Translators benefit from the extra information in the field names, and need the reordering freedom that isn’t available with multiple positional fields. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-07-17 22:40:33 +02:00
raise JsonableError(
_("Invalid notification sound '{notification_sound}'").format(
notification_sound=notification_sound
)
)
settings: Move check_settings_values to user_settings.py. This commit moves check_settings_values to user_settings.py from validator.py such that we can import the functions at the top without any issue of cyclic imports.
2021-09-09 20:19:08 +02:00
if email_notifications_batching_period_seconds is not None and (
email_notifications_batching_period_seconds <= 0
or email_notifications_batching_period_seconds > 7 * 24 * 60 * 60
):
# We set a limit of one week for the batching period
raise JsonableError(
python: Convert translated positional {} fields to {named} fields. Translators benefit from the extra information in the field names, and need the reordering freedom that isn’t available with multiple positional fields. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-07-17 22:40:33 +02:00
_("Invalid email batching period: {seconds} seconds").format(
seconds=email_notifications_batching_period_seconds
settings: Move check_settings_values to user_settings.py. This commit moves check_settings_values to user_settings.py from validator.py such that we can import the functions at the top without any issue of cyclic imports.
2021-09-09 20:19:08 +02:00
)
)
settings: Require clients to pass dense_mode value when needed. Previously, if someone changed the font-size or line height settings to some value other than the legacy values, we set dense_mode to False if it was True. This commit changes the code to require clients to pass dense_mode as False in such cases and raise an error otherwise.
2024-07-18 11:05:37 +02:00
def check_information_density_setting_values(
setting_object: UserProfile | RealmUserDefault,
dense_mode: bool | None,
web_font_size_px: int | None,
web_line_height_percent: int | None,
) -> None:
dense_mode = dense_mode if dense_mode is not None else setting_object.dense_mode
web_font_size_px = (
web_font_size_px if web_font_size_px is not None else setting_object.web_font_size_px
)
web_line_height_percent = (
web_line_height_percent
if web_line_height_percent is not None
else setting_object.web_line_height_percent
)
if dense_mode:
models: Switch font size default to non-compact. This is the intended longer-term default, and it's polished enough for testing.
2024-07-18 02:07:12 +02:00
if web_font_size_px != UserBaseSettings.WEB_FONT_SIZE_PX_COMPACT:
exceptions: Add new error class to be used for invalid parameter values. This would help us in avoiding adding translation everytime we use this error for a new pair of parameters.
2024-07-18 21:29:40 +02:00
raise IncompatibleParameterValuesError("dense_mode", "web_font_size_px")
settings: Require clients to pass dense_mode value when needed. Previously, if someone changed the font-size or line height settings to some value other than the legacy values, we set dense_mode to False if it was True. This commit changes the code to require clients to pass dense_mode as False in such cases and raise an error otherwise.
2024-07-18 11:05:37 +02:00
models: Switch font size default to non-compact. This is the intended longer-term default, and it's polished enough for testing.
2024-07-18 02:07:12 +02:00
if web_line_height_percent != UserBaseSettings.WEB_LINE_HEIGHT_PERCENT_COMPACT:
exceptions: Add new error class to be used for invalid parameter values. This would help us in avoiding adding translation everytime we use this error for a new pair of parameters.
2024-07-18 21:29:40 +02:00
raise IncompatibleParameterValuesError("dense_mode", "web_line_height_percent")
settings: Require clients to pass dense_mode value when needed. Previously, if someone changed the font-size or line height settings to some value other than the legacy values, we set dense_mode to False if it was True. This commit changes the code to require clients to pass dense_mode as False in such cases and raise an error otherwise.
2024-07-18 11:05:37 +02:00
settings: Migrate main settings-change code to API. This was one of the few major remaining endpoints that were still on the old-style legacy API.
2017-07-31 20:44:52 +02:00
@human_users_only
user_settings: Migrate to typed_endpoint. Migrate `user_settings.py` to `typed_endpoint`. Fix the error messages for the tests. Migrate required validators.
2024-07-30 10:17:33 +02:00
@typed_endpoint
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
def json_change_settings(
request: HttpRequest,
user_profile: UserProfile,
user_settings: Migrate to typed_endpoint. Migrate `user_settings.py` to `typed_endpoint`. Fix the error messages for the tests. Migrate required validators.
2024-07-30 10:17:33 +02:00
*,
full_name: str | None = None,
email: str | None = None,
old_password: str | None = None,
new_password: str | None = None,
twenty_four_hour_time: Json[bool] | None = None,
dense_mode: Json[bool] | None = None,
web_mark_read_on_scroll_policy: Annotated[
Json[int], check_int_in_validator(UserProfile.WEB_MARK_READ_ON_SCROLL_POLICY_CHOICES)
]
| None = None,
web_channel_default_view: Annotated[
Json[int], check_int_in_validator(UserProfile.WEB_CHANNEL_DEFAULT_VIEW_CHOICES)
]
| None = None,
starred_message_counts: Json[bool] | None = None,
receives_typing_notifications: Json[bool] | None = None,
fluid_layout_width: Json[bool] | None = None,
high_contrast_mode: Json[bool] | None = None,
color_scheme: Annotated[Json[int], check_int_in_validator(UserProfile.COLOR_SCHEME_CHOICES)]
| None = None,
web_font_size_px: Json[int] | None = None,
web_line_height_percent: Json[int] | None = None,
translate_emoticons: Json[bool] | None = None,
display_emoji_reaction_users: Json[bool] | None = None,
default_language: str | None = None,
web_home_view: Annotated[str, check_string_in_validator(web_home_view_options)] | None = None,
web_escape_navigates_to_home_view: Json[bool] | None = None,
left_side_userlist: Json[bool] | None = None,
emojiset: Annotated[str, check_string_in_validator(emojiset_choices)] | None = None,
demote_inactive_streams: Annotated[
Json[int], check_int_in_validator(UserProfile.DEMOTE_STREAMS_CHOICES)
]
| None = None,
web_stream_unreads_count_display_policy: Annotated[
Json[int],
check_int_in_validator(UserProfile.WEB_STREAM_UNREADS_COUNT_DISPLAY_POLICY_CHOICES),
]
| None = None,
timezone: Annotated[str, timezone_validator()] | None = None,
email_notifications_batching_period_seconds: Json[int] | None = None,
enable_drafts_synchronization: Json[bool] | None = None,
enable_stream_desktop_notifications: Json[bool] | None = None,
enable_stream_email_notifications: Json[bool] | None = None,
enable_stream_push_notifications: Json[bool] | None = None,
enable_stream_audible_notifications: Json[bool] | None = None,
wildcard_mentions_notify: Json[bool] | None = None,
enable_followed_topic_desktop_notifications: Json[bool] | None = None,
enable_followed_topic_email_notifications: Json[bool] | None = None,
enable_followed_topic_push_notifications: Json[bool] | None = None,
enable_followed_topic_audible_notifications: Json[bool] | None = None,
enable_followed_topic_wildcard_mentions_notify: Json[bool] | None = None,
notification_sound: str | None = None,
enable_desktop_notifications: Json[bool] | None = None,
enable_sounds: Json[bool] | None = None,
enable_offline_email_notifications: Json[bool] | None = None,
enable_offline_push_notifications: Json[bool] | None = None,
enable_online_push_notifications: Json[bool] | None = None,
enable_digest_emails: Json[bool] | None = None,
enable_login_emails: Json[bool] | None = None,
enable_marketing_emails: Json[bool] | None = None,
message_content_in_email_notifications: Json[bool] | None = None,
pm_content_in_desktop_notifications: Json[bool] | None = None,
desktop_icon_count_display: Annotated[
Json[int], check_int_in_validator(UserProfile.DESKTOP_ICON_COUNT_DISPLAY_CHOICES)
]
| None = None,
realm_name_in_email_notifications_policy: Annotated[
Json[int],
check_int_in_validator(UserProfile.REALM_NAME_IN_EMAIL_NOTIFICATIONS_POLICY_CHOICES),
]
| None = None,
automatically_follow_topics_policy: Annotated[
Json[int],
check_int_in_validator(UserProfile.AUTOMATICALLY_CHANGE_VISIBILITY_POLICY_CHOICES),
]
| None = None,
automatically_unmute_topics_in_muted_streams_policy: Annotated[
Json[int],
check_int_in_validator(UserProfile.AUTOMATICALLY_CHANGE_VISIBILITY_POLICY_CHOICES),
]
| None = None,
automatically_follow_topics_where_mentioned: Json[bool] | None = None,
presence_enabled: Json[bool] | None = None,
enter_sends: Json[bool] | None = None,
send_private_typing_notifications: Json[bool] | None = None,
send_stream_typing_notifications: Json[bool] | None = None,
send_read_receipts: Json[bool] | None = None,
settings: Add 'allow_private_data_export' user setting. This commit adds a user-setting to allow users to decide whether to let administrators export their private data. Fixes part of #31201.
2024-09-09 12:51:38 +02:00
allow_private_data_export: Json[bool] | None = None,
user_settings: Migrate to typed_endpoint. Migrate `user_settings.py` to `typed_endpoint`. Fix the error messages for the tests. Migrate required validators.
2024-07-30 10:17:33 +02:00
user_list_style: Annotated[
Json[int], check_int_in_validator(UserProfile.USER_LIST_STYLE_CHOICES)
]
| None = None,
web_animate_image_previews: Annotated[
str, check_string_in_validator(web_animate_image_previews_options)
]
| None = None,
email_address_visibility: Annotated[
Json[int], check_int_in_validator(UserProfile.EMAIL_ADDRESS_VISIBILITY_TYPES)
]
| None = None,
web_navigate_to_sent_message: Json[bool] | None = None,
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
) -> HttpResponse:
settings: Refetch realm and user profile objects. This is a temporary solution to make sure stale objects from cache are not used when previous request updated multiple settings.
2024-07-16 21:00:59 +02:00
# UserProfile object is being refetched here to make sure that we
# do not use stale object from cache which can happen when a
# previous request tried updating multiple settings in a single
# request.
#
# TODO: Change the cache flushing strategy to make sure cache
# does not contain stale objects.
user_profile = UserProfile.objects.get(id=user_profile.id)
settings: Merge settings API endpoints. This API change removes unnecessary complexity from a client that wants to change a user's personal settings, and also saves developers from needing to make decisions about what sort of setting something is at the API level. We preserve the old settings endpoints as mapping to the same function as the new one for backwards-compatibility. We delete the documentation for the old endpoints, though the documentation for the merged /settings endpoint mentions how to use the old endpoints when needed. We migrate all backend tests to the new endpoints, except for individual tests for each legacy endpoint to verify they still work. Co-authored-by: sahil839 <sahilbatra839@gmail.com>
2021-07-07 22:08:11 +02:00
if (
user_settings: Extract setting values checks to a function. We extract the checks for default_language, notification_sound, and email_notifications_batching_period_seconds setting values in json_change_settings to a new function check_settings_values.
2021-09-09 16:18:00 +02:00
default_language is not None
or notification_sound is not None
or email_notifications_batching_period_seconds is not None
settings: Merge settings API endpoints. This API change removes unnecessary complexity from a client that wants to change a user's personal settings, and also saves developers from needing to make decisions about what sort of setting something is at the API level. We preserve the old settings endpoints as mapping to the same function as the new one for backwards-compatibility. We delete the documentation for the old endpoints, though the documentation for the merged /settings endpoint mentions how to use the old endpoints when needed. We migrate all backend tests to the new endpoints, except for individual tests for each legacy endpoint to verify they still work. Co-authored-by: sahil839 <sahilbatra839@gmail.com>
2021-07-07 22:08:11 +02:00
):
user_settings: Extract setting values checks to a function. We extract the checks for default_language, notification_sound, and email_notifications_batching_period_seconds setting values in json_change_settings to a new function check_settings_values.
2021-09-09 16:18:00 +02:00
check_settings_values(
notification_sound, email_notifications_batching_period_seconds, default_language
api: Allow setting email_notifications_batching_period_seconds. We allow a maximum value of one week to make sure there aren't a huge number of rows in the table for any user (this could happen if stream notifications are enabled). This commit also fixes a small error in the user_settings test.
2021-07-22 10:05:04 +02:00
)
user-settings: Make default `None` for name, email and password changes. Updates `json_change_settings` so that the default value for the `email`, `full_name`, `new_password` and `old_password` parameters is `None` instead of an empty string, which also makes the type annotation `Optional[str]`. Also, updates tests for email and full name changes to include an empty string as one of the tested invalid values.
2022-08-08 01:39:32 +02:00
if new_password is not None:
ruff: Fix UP006 Use `list` instead of `List` for type annotation. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-07-12 02:30:17 +02:00
return_data: dict[str, Any] = {}
email: Support delivery email in email change system.
2018-08-02 08:47:13 +02:00
if email_belongs_to_ldap(user_profile.realm, user_profile.delivery_email):
python: Migrate most json_error => JsonableError. JsonableError has two major benefits over json_error: * It can be raised from anywhere in the codebase, rather than being a return value, which is much more convenient for refactoring, as one doesn't potentially need to change error handling style when extracting a bit of view code to a function. * It is guaranteed to contain the `code` property, which is helpful for API consistency. Various stragglers are not updated because JsonableError requires subclassing in order to specify custom data or HTTP status codes.
2021-06-30 18:35:50 +02:00
raise JsonableError(_("Your Zulip password is managed in LDAP"))
auth: Handle rate limiting in OurAuthenticationForm and user_settings. These parts of the code should catch the RateLimited exception and generate their own, apprioprate user-facing error message.
2019-12-30 02:21:51 +01:00
try:
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
if not authenticate(
request,
username=user_profile.delivery_email,
password=old_password,
realm=user_profile.realm,
return_data=return_data,
):
python: Migrate most json_error => JsonableError. JsonableError has two major benefits over json_error: * It can be raised from anywhere in the codebase, rather than being a return value, which is much more convenient for refactoring, as one doesn't potentially need to change error handling style when extracting a bit of view code to a function. * It is guaranteed to contain the `code` property, which is helpful for API consistency. Various stragglers are not updated because JsonableError requires subclassing in order to specify custom data or HTTP status codes.
2021-06-30 18:35:50 +02:00
raise JsonableError(_("Wrong password!"))
ruff: Fix N818 exception name should be named with an Error suffix. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-17 09:30:48 +01:00
except RateLimitedError as e:
exceptions: Make RateLimited into a subclass of JsonableError. This simplifies the code, as it allows using the mechanism of converting JsonableErrors into a response instead of having separate, but ultimately similar, logic in RateLimitMiddleware. We don't touch tests here because "rate limited" error responses are already verified in test_external.py.
2020-11-27 16:33:01 +01:00
assert e.secs_to_freedom is not None
secs_to_freedom = int(e.secs_to_freedom)
python: Migrate most json_error => JsonableError. JsonableError has two major benefits over json_error: * It can be raised from anywhere in the codebase, rather than being a return value, which is much more convenient for refactoring, as one doesn't potentially need to change error handling style when extracting a bit of view code to a function. * It is guaranteed to contain the `code` property, which is helpful for API consistency. Various stragglers are not updated because JsonableError requires subclassing in order to specify custom data or HTTP status codes.
2021-06-30 18:35:50 +02:00
raise JsonableError(
python: Convert translated positional {} fields to {named} fields. Translators benefit from the extra information in the field names, and need the reordering freedom that isn’t available with multiple positional fields. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-07-17 22:40:33 +02:00
_("You're making too many attempts! Try again in {seconds} seconds.").format(
seconds=secs_to_freedom
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
),
auth: Handle rate limiting in OurAuthenticationForm and user_settings. These parts of the code should catch the RateLimited exception and generate their own, apprioprate user-facing error message.
2019-12-30 02:21:51 +01:00
)
auth: Use zxcvbn to ensure password strength on server side. For a long time, we've been only doing the zxcvbn password strength checks on the browser, which is helpful, but means users could through hackery (or a bug in the frontend validation code) manage to set a too-weak password. We fix this by running our password strength validation on the backend as well, using python-zxcvbn. In theory, a bug in python-zxcvbn could result in it producing a different opinion than the frontend version; if so, it'd be a pretty bad bug in the library, and hopefully we'd hear about it from users, report upstream, and get it fixed that way. Alternatively, we can switch to shelling out to node like we do for KaTeX. Fixes #6880.
2019-11-18 08:11:03 +01:00
if not check_password_strength(new_password):
python: Migrate most json_error => JsonableError. JsonableError has two major benefits over json_error: * It can be raised from anywhere in the codebase, rather than being a return value, which is much more convenient for refactoring, as one doesn't potentially need to change error handling style when extracting a bit of view code to a function. * It is guaranteed to contain the `code` property, which is helpful for API consistency. Various stragglers are not updated because JsonableError requires subclassing in order to specify custom data or HTTP status codes.
2021-06-30 18:35:50 +02:00
raise JsonableError(_("New password is too weak!"))
auth: Handle rate limiting in OurAuthenticationForm and user_settings. These parts of the code should catch the RateLimited exception and generate their own, apprioprate user-facing error message.
2019-12-30 02:21:51 +01:00
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
do_change_password(user_profile, new_password)
links: Replace all references to Django docs to link to /3.2/ version. Previously, our codebase contained links to various versions of the Django docs, eg https://docs.djangoproject.com/en/1.8/ref/ request-response/#django.http.HttpRequest and https:// docs.djangoproject.com/en/2.2/ref/settings/#std:setting-SERVER_EMAIL opening a link to a doc with an outdated Django version would show a warning "This document is for an insecure version of Django that is no longer supported. Please upgrade to a newer release!". Most of these links are inside comments. Following the replacement of these links in our docs, this commit uses a search with the regex "docs.djangoproject.com/en/([0-9].[0-9]*)/" and replaces all matches with "docs.djangoproject.com/en/3.2/". All the new links in this commit have been generated by the above replace and each link has then been manually checked to ensure that (1) the page still exists and has not been moved to a new location (and it has been found that no page has been moved like this), (2) that the anchor that we're linking to has not been changed (and it has been found that no anchor has been changed like this). One comment where we mentioned a Django version in text before linking to a page for that version has also been changed, the comment mentioned the specific version when a change happened, and the history is no longer relevant to us.
2021-11-05 20:26:37 +01:00
# Password changes invalidates sessions, see
docs: Update Django links to our current version.
2024-05-24 16:57:31 +02:00
# https://docs.djangoproject.com/en/5.0/topics/auth/default/#session-invalidation-on-password-change
user_settings.py: Use the singular 'they' pronoun.
2017-07-05 11:47:21 +02:00
# for details. To avoid this logging the user out of their own
Django 1.10: Update session hash when password is changed. Ref: https://docs.djangoproject.com/en/1.10/topics/auth/default/#session-invalidation-on-password-change for details.
2016-11-17 08:56:01 +01:00
# session (which would provide a confusing UX at best), we
# update the session hash here.
update_session_auth_hash(request, user_profile)
Django 1.10: Immediately save session to mitigate race conditions.
2016-12-16 11:38:21 +01:00
# We also save the session to the DB immediately to mitigate
# race conditions. In theory, there is still a race condition
# and to completely avoid it we will have to use some kind of
# mutex lock in `django.contrib.auth.get_user` where session
# is verified. To make that lock work we will have to control
# the AuthenticationMiddleware which is currently controlled
# by Django,
request.session.save()
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
ruff: Fix UP006 Use `list` instead of `List` for type annotation. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-07-12 02:30:17 +02:00
result: dict[str, Any] = {}
user settings: Inline call to validate_email. We are trying to elminate the version of `validate_email` that lives in `actions.py`. Inlining it barely increases the code size, and it removes some noise related the three-item tuple that `check_incoming_email` returns.
2020-03-04 14:40:30 +01:00
user-settings: Make default `None` for name, email and password changes. Updates `json_change_settings` so that the default value for the `email`, `full_name`, `new_password` and `old_password` parameters is `None` instead of an empty string, which also makes the type annotation `Optional[str]`. Also, updates tests for email and full name changes to include an empty string as one of the tested invalid values.
2022-08-08 01:39:32 +02:00
if email is not None:
new_email = email.strip()
if user_profile.delivery_email != new_email:
user_settings: Re-verify email addresses when enacting them.
2023-11-28 18:25:28 +01:00
validate_email_change_request(user_profile, new_email)
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
user-settings: Make default `None` for name, email and password changes. Updates `json_change_settings` so that the default value for the `email`, `full_name`, `new_password` and `old_password` parameters is `None` instead of an empty string, which also makes the type annotation `Optional[str]`. Also, updates tests for email and full name changes to include an empty string as one of the tested invalid values.
2022-08-08 01:39:32 +02:00
ratelimited, time_until_free = RateLimitedUser(
user_profile, domain="email_change_by_user"
).rate_limit()
if ratelimited:
ruff: Fix N818 exception name should be named with an Error suffix. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-17 09:30:48 +01:00
raise RateLimitedError(time_until_free)
settings: Add rate limiting for email address changes. Co-authored-by: Alex Vandiver <alexmv@zulip.com>
2021-11-03 23:20:55 +01:00
user-settings: Make default `None` for name, email and password changes. Updates `json_change_settings` so that the default value for the `email`, `full_name`, `new_password` and `old_password` parameters is `None` instead of an empty string, which also makes the type annotation `Optional[str]`. Also, updates tests for email and full name changes to include an empty string as one of the tested invalid values.
2022-08-08 01:39:32 +02:00
do_start_email_change_process(user_profile, new_email)
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
user-settings: Make default `None` for name, email and password changes. Updates `json_change_settings` so that the default value for the `email`, `full_name`, `new_password` and `old_password` parameters is `None` instead of an empty string, which also makes the type annotation `Optional[str]`. Also, updates tests for email and full name changes to include an empty string as one of the tested invalid values.
2022-08-08 01:39:32 +02:00
if full_name is not None and user_profile.full_name != full_name:
settings: Allow admin to change email/name even if it is disabled in realm. Allow realm admin users to change their email or name even, changing name or email is disabled in realm.
2018-02-02 16:54:26 +01:00
if name_changes_disabled(user_profile.realm) and not user_profile.is_realm_admin:
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
# Failingly silently is fine -- they can't do it through the UI, so
# they'd have to be trying to break the rules.
pass
else:
users: Consolidate name change enforcement logic. This has the side effect of fixing an issue where one could edit a bot to have an invalid name.
2017-02-08 04:39:55 +01:00
# Note that check_change_full_name strips the passed name automatically
api: Remove "full_name" and "account_email" from response of '/settings'. We remove the "full_name" and "account_email" fields from the response of 'PATCH /settings' endpoint. These fields were part of the response to make sure that we tell that the parameters not present in response were ignored. We can remove these fields as 'ignored_parameters_unsupported' now specifies which parameters were ignored and not supported by the endpoint.
2021-07-15 18:31:34 +02:00
check_change_full_name(user_profile, full_name, user_profile)
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
settings: Do not allow invalid combinations for information density settings.
2024-07-15 12:12:17 +02:00
if (
settings: Require clients to pass dense_mode value when needed. Previously, if someone changed the font-size or line height settings to some value other than the legacy values, we set dense_mode to False if it was True. This commit changes the code to require clients to pass dense_mode as False in such cases and raise an error otherwise.
2024-07-18 11:05:37 +02:00
dense_mode is not None
or web_font_size_px is not None
or web_line_height_percent is not None
settings: Do not allow invalid combinations for information density settings.
2024-07-15 12:12:17 +02:00
):
settings: Require clients to pass dense_mode value when needed. Previously, if someone changed the font-size or line height settings to some value other than the legacy values, we set dense_mode to False if it was True. This commit changes the code to require clients to pass dense_mode as False in such cases and raise an error otherwise.
2024-07-18 11:05:37 +02:00
check_information_density_setting_values(
user_profile, dense_mode, web_font_size_px, web_line_height_percent
settings: Do not allow invalid combinations for information density settings.
2024-07-15 12:12:17 +02:00
)
settings: Merge settings API endpoints. This API change removes unnecessary complexity from a client that wants to change a user's personal settings, and also saves developers from needing to make decisions about what sort of setting something is at the API level. We preserve the old settings endpoints as mapping to the same function as the new one for backwards-compatibility. We delete the documentation for the old endpoints, though the documentation for the merged /settings endpoint mentions how to use the old endpoints when needed. We migrate all backend tests to the new endpoints, except for individual tests for each legacy endpoint to verify they still work. Co-authored-by: sahil839 <sahilbatra839@gmail.com>
2021-07-07 22:08:11 +02:00
# Loop over user_profile.property_types
python: Elide unnecessary list wrappers. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-09-12 23:19:57 +02:00
request_settings = {k: v for k, v in locals().items() if k in user_profile.property_types}
for k, v in request_settings.items():
views: Use property_types for display settings. This reduces semi-duplicated code here.
2017-05-22 21:07:35 +02:00
if v is not None and getattr(user_profile, k) != v:
settings: Refactor callers of do_change_user_setting to pass acting_user.
2021-09-08 13:25:50 +02:00
do_change_user_setting(user_profile, k, v, acting_user=user_profile)
notifications: Add a setting for changing the notification sound. Also, add a new notification sound, "ding". It comes from https://freesound.org, where the original Zulip notification sound comes from as well. In the future, new sounds can be added by adding audio files to the `static/audio/notification_sounds` directory. Tweaked significantly by tabbott: * Avoided removing static/audio/zulip.ogg, because that file is checked for by old versions of the desktop app. * Added a views check for the sound being valid + tests. * Added additional tests. * Restructured the test_events test to be cleaner. * Removed check_bool_or_string. * Increased max length of notification_sound. * Provide available_notification_sounds in events data set if global notifications settings are requested. Fixes #8051.
2018-01-11 21:36:11 +01:00
settings: Merge settings API endpoints. This API change removes unnecessary complexity from a client that wants to change a user's personal settings, and also saves developers from needing to make decisions about what sort of setting something is at the API level. We preserve the old settings endpoints as mapping to the same function as the new one for backwards-compatibility. We delete the documentation for the old endpoints, though the documentation for the merged /settings endpoint mentions how to use the old endpoints when needed. We migrate all backend tests to the new endpoints, except for individual tests for each legacy endpoint to verify they still work. Co-authored-by: sahil839 <sahilbatra839@gmail.com>
2021-07-07 22:08:11 +02:00
if timezone is not None and user_profile.timezone != timezone:
settings: Refactor callers of do_change_user_setting to pass acting_user.
2021-09-08 13:25:50 +02:00
do_change_user_setting(user_profile, "timezone", timezone, acting_user=user_profile)
settings: Merge settings API endpoints. This API change removes unnecessary complexity from a client that wants to change a user's personal settings, and also saves developers from needing to make decisions about what sort of setting something is at the API level. We preserve the old settings endpoints as mapping to the same function as the new one for backwards-compatibility. We delete the documentation for the old endpoints, though the documentation for the merged /settings endpoint mentions how to use the old endpoints when needed. We migrate all backend tests to the new endpoints, except for individual tests for each legacy endpoint to verify they still work. Co-authored-by: sahil839 <sahilbatra839@gmail.com>
2021-07-07 22:08:11 +02:00
backend: Add request as parameter to json_success. Adds request as a parameter to json_success as a refactor towards making `ignored_parameters_unsupported` functionality available for all API endpoints. Also, removes any data parameters that are an empty dict or a dict with the generic success response values.
2022-01-31 13:44:02 +01:00
return json_success(request, data=result)
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
zerver/views: Use Python 3 syntax for typing. Edited by tabbott to remove state.py and streams.py, because of problems with the original PR's changes, and wrap some long lines.
2017-11-27 09:28:57 +01:00
def set_avatar_backend(request: HttpRequest, user_profile: UserProfile) -> HttpResponse:
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
if len(request.FILES) != 1:
python: Migrate most json_error => JsonableError. JsonableError has two major benefits over json_error: * It can be raised from anywhere in the codebase, rather than being a return value, which is much more convenient for refactoring, as one doesn't potentially need to change error handling style when extracting a bit of view code to a function. * It is guaranteed to contain the `code` property, which is helpful for API consistency. Various stragglers are not updated because JsonableError requires subclassing in order to specify custom data or HTTP status codes.
2021-06-30 18:35:50 +02:00
raise JsonableError(_("You must upload exactly one avatar."))
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
realm: Add setting to disable avatar changes. This is useful when syncing avatars from an integrated LDAP/active directory. The upload avatar and delete avatar buttons are hidden if avatar changes are disabled and the user is a non-admin. If the user has a gravatar set, then the user will not be able to upload an image as their avatar if avatar changes are disabled. Part of #12132.
2019-04-23 04:51:04 +02:00
if avatar_changes_disabled(user_profile.realm) and not user_profile.is_realm_admin:
python: Migrate most json_error => JsonableError. JsonableError has two major benefits over json_error: * It can be raised from anywhere in the codebase, rather than being a return value, which is much more convenient for refactoring, as one doesn't potentially need to change error handling style when extracting a bit of view code to a function. * It is guaranteed to contain the `code` property, which is helpful for API consistency. Various stragglers are not updated because JsonableError requires subclassing in order to specify custom data or HTTP status codes.
2021-06-30 18:35:50 +02:00
raise JsonableError(str(AVATAR_CHANGES_DISABLED_ERROR))
realm: Add setting to disable avatar changes. This is useful when syncing avatars from an integrated LDAP/active directory. The upload avatar and delete avatar buttons are hidden if avatar changes are disabled and the user is a non-admin. If the user has a gravatar set, then the user will not be able to upload an image as their avatar if avatar changes are disabled. Part of #12132.
2019-04-23 04:51:04 +02:00
ruff: Fix RUF015 Prefer `next(...)` over single element slice. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-07-22 00:34:11 +02:00
[user_file] = request.FILES.values()
user_settings: Add assertions before attribute access. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-15 04:23:40 +02:00
assert isinstance(user_file, UploadedFile)
assert user_file.size is not None
ruff: Fix SIM300 Yoda conditions are discouraged. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-01-29 00:52:43 +01:00
if user_file.size > settings.MAX_AVATAR_FILE_SIZE_MIB * 1024 * 1024:
python: Migrate most json_error => JsonableError. JsonableError has two major benefits over json_error: * It can be raised from anywhere in the codebase, rather than being a return value, which is much more convenient for refactoring, as one doesn't potentially need to change error handling style when extracting a bit of view code to a function. * It is guaranteed to contain the `code` property, which is helpful for API consistency. Various stragglers are not updated because JsonableError requires subclassing in order to specify custom data or HTTP status codes.
2021-06-30 18:35:50 +02:00
raise JsonableError(
python: Convert translated positional {} fields to {named} fields. Translators benefit from the extra information in the field names, and need the reordering freedom that isn’t available with multiple positional fields. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-07-17 22:40:33 +02:00
_("Uploaded file is larger than the allowed limit of {max_size} MiB").format(
max_size=settings.MAX_AVATAR_FILE_SIZE_MIB,
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
)
)
upload: Remove redundant acting_user_profile argument. This argument, effectively added in 9eb47f108c8e, was never actually used.
2024-06-25 23:27:26 +02:00
upload_avatar_image(user_file, user_profile)
audit_log: Log acting_user in do_change_avatar_fields.
2020-06-29 12:47:44 +02:00
do_change_avatar_fields(user_profile, UserProfile.AVATAR_FROM_USER, acting_user=user_profile)
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
user_avatar_url = avatar_url(user_profile)
json_result = dict(
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
avatar_url=user_avatar_url,
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
)
backend: Add request as parameter to json_success. Adds request as a parameter to json_success as a refactor towards making `ignored_parameters_unsupported` functionality available for all API endpoints. Also, removes any data parameters that are an empty dict or a dict with the generic success response values.
2022-01-31 13:44:02 +01:00
return json_success(request, data=json_result)
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
zerver/views: Use Python 3 syntax for typing. Edited by tabbott to remove state.py and streams.py, because of problems with the original PR's changes, and wrap some long lines.
2017-11-27 09:28:57 +01:00
def delete_avatar_backend(request: HttpRequest, user_profile: UserProfile) -> HttpResponse:
realm: Add setting to disable avatar changes. This is useful when syncing avatars from an integrated LDAP/active directory. The upload avatar and delete avatar buttons are hidden if avatar changes are disabled and the user is a non-admin. If the user has a gravatar set, then the user will not be able to upload an image as their avatar if avatar changes are disabled. Part of #12132.
2019-04-23 04:51:04 +02:00
if avatar_changes_disabled(user_profile.realm) and not user_profile.is_realm_admin:
python: Migrate most json_error => JsonableError. JsonableError has two major benefits over json_error: * It can be raised from anywhere in the codebase, rather than being a return value, which is much more convenient for refactoring, as one doesn't potentially need to change error handling style when extracting a bit of view code to a function. * It is guaranteed to contain the `code` property, which is helpful for API consistency. Various stragglers are not updated because JsonableError requires subclassing in order to specify custom data or HTTP status codes.
2021-06-30 18:35:50 +02:00
raise JsonableError(str(AVATAR_CHANGES_DISABLED_ERROR))
realm: Add setting to disable avatar changes. This is useful when syncing avatars from an integrated LDAP/active directory. The upload avatar and delete avatar buttons are hidden if avatar changes are disabled and the user is a non-admin. If the user has a gravatar set, then the user will not be able to upload an image as their avatar if avatar changes are disabled. Part of #12132.
2019-04-23 04:51:04 +02:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
do_change_avatar_fields(
user_profile, UserProfile.AVATAR_FROM_GRAVATAR, acting_user=user_profile
)
settings: Implement delete avatar functionality
2016-12-21 18:34:03 +01:00
gravatar_url = avatar_url(user_profile)
json_result = dict(
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
avatar_url=gravatar_url,
settings: Implement delete avatar functionality
2016-12-21 18:34:03 +01:00
)
backend: Add request as parameter to json_success. Adds request as a parameter to json_success as a refactor towards making `ignored_parameters_unsupported` functionality available for all API endpoints. Also, removes any data parameters that are an empty dict or a dict with the generic success response values.
2022-01-31 13:44:02 +01:00
return json_success(request, data=json_result)
settings: Implement delete avatar functionality
2016-12-21 18:34:03 +01:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
decorators: Use human_users_only more aggressively.
2017-10-28 00:16:13 +02:00
# We don't use @human_users_only here, because there are use cases for
# a bot regenerating its own API key.
user_settings: Migrate to typed_endpoint. Migrate `user_settings.py` to `typed_endpoint`. Fix the error messages for the tests. Migrate required validators.
2024-07-30 10:17:33 +02:00
@typed_endpoint_without_parameters
zerver/views: Use Python 3 syntax for typing. Edited by tabbott to remove state.py and streams.py, because of problems with the original PR's changes, and wrap some long lines.
2017-11-27 09:28:57 +01:00
def regenerate_api_key(request: HttpRequest, user_profile: UserProfile) -> HttpResponse:
actions: Make do_regenerate_api_key return the new key. This way, the new API key can be fetched without needing to read it from the UserProfile object.
2018-08-10 21:03:32 +02:00
new_api_key = do_regenerate_api_key(user_profile, user_profile)
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
json_result = dict(
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
api_key=new_api_key,
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
)
backend: Add request as parameter to json_success. Adds request as a parameter to json_success as a refactor towards making `ignored_parameters_unsupported` functionality available for all API endpoints. Also, removes any data parameters that are an empty dict or a dict with the generic success response values.
2022-01-31 13:44:02 +01:00
return json_success(request, data=json_result)