2017-01-07 21:19:52 +01:00
|
|
|
from typing import Any, List, Dict, Optional, Text
|
|
|
|
|
|
|
|
from django.conf import settings
|
|
|
|
from django.core.urlresolvers import reverse
|
|
|
|
from django.http import HttpResponseRedirect, HttpResponse, HttpRequest
|
2017-03-16 14:14:31 +01:00
|
|
|
from django.shortcuts import redirect, render
|
2017-01-07 21:19:52 +01:00
|
|
|
from django.utils import translation
|
|
|
|
from django.utils.cache import patch_cache_control
|
|
|
|
from six.moves import zip_longest, zip, range
|
|
|
|
|
2017-02-17 23:38:31 +01:00
|
|
|
from zerver.decorator import zulip_login_required, process_client
|
2017-01-07 21:19:52 +01:00
|
|
|
from zerver.forms import ToSForm
|
2017-02-21 03:41:20 +01:00
|
|
|
from zerver.lib.realm_icon import realm_icon_url
|
2017-01-07 21:19:52 +01:00
|
|
|
from zerver.models import Message, UserProfile, Stream, Subscription, Huddle, \
|
2017-03-31 16:20:07 +02:00
|
|
|
Recipient, Realm, UserMessage, DefaultStream, RealmEmoji, RealmDomain, \
|
2017-02-18 00:35:38 +01:00
|
|
|
RealmFilter, PreregistrationUser, UserActivity, \
|
2017-01-30 03:12:50 +01:00
|
|
|
UserPresence, get_recipient, name_changes_disabled, email_to_username, \
|
2017-04-29 06:06:57 +02:00
|
|
|
get_realm_domains
|
2017-02-10 23:04:46 +01:00
|
|
|
from zerver.lib.events import do_events_register
|
2017-01-07 21:19:52 +01:00
|
|
|
from zerver.lib.actions import update_user_presence, do_change_tos_version, \
|
2017-05-17 05:23:13 +02:00
|
|
|
do_update_pointer, realm_user_count
|
2017-01-07 21:19:52 +01:00
|
|
|
from zerver.lib.avatar import avatar_url
|
|
|
|
from zerver.lib.i18n import get_language_list, get_language_name, \
|
|
|
|
get_language_list_for_templates
|
|
|
|
from zerver.lib.push_notifications import num_push_devices_for_user
|
2017-01-30 03:11:00 +01:00
|
|
|
from zerver.lib.streams import access_stream_by_name
|
2017-10-19 07:21:57 +02:00
|
|
|
from zerver.lib.subdomains import get_subdomain
|
|
|
|
from zerver.lib.utils import statsd
|
2017-01-07 21:19:52 +01:00
|
|
|
|
|
|
|
import calendar
|
|
|
|
import datetime
|
|
|
|
import logging
|
2017-02-28 05:42:19 +01:00
|
|
|
import os
|
2017-01-07 21:19:52 +01:00
|
|
|
import re
|
|
|
|
import simplejson
|
|
|
|
import time
|
|
|
|
|
|
|
|
@zulip_login_required
|
|
|
|
def accounts_accept_terms(request):
|
|
|
|
# type: (HttpRequest) -> HttpResponse
|
|
|
|
if request.method == "POST":
|
|
|
|
form = ToSForm(request.POST)
|
|
|
|
if form.is_valid():
|
|
|
|
do_change_tos_version(request.user, settings.TOS_VERSION)
|
|
|
|
return redirect(home)
|
|
|
|
else:
|
|
|
|
form = ToSForm()
|
|
|
|
|
|
|
|
email = request.user.email
|
|
|
|
special_message_template = None
|
|
|
|
if request.user.tos_version is None and settings.FIRST_TIME_TOS_TEMPLATE is not None:
|
|
|
|
special_message_template = 'zerver/' + settings.FIRST_TIME_TOS_TEMPLATE
|
2017-03-16 14:14:31 +01:00
|
|
|
return render(
|
|
|
|
request,
|
2017-01-07 21:19:52 +01:00
|
|
|
'zerver/accounts_accept_terms.html',
|
2017-03-16 14:14:31 +01:00
|
|
|
context={'form': form,
|
|
|
|
'email': email,
|
|
|
|
'special_message_template': special_message_template},
|
|
|
|
)
|
2017-01-07 21:19:52 +01:00
|
|
|
|
|
|
|
def sent_time_in_epoch_seconds(user_message):
|
2017-08-09 01:48:33 +02:00
|
|
|
# type: (Optional[UserMessage]) -> Optional[float]
|
|
|
|
if user_message is None:
|
2017-01-07 21:19:52 +01:00
|
|
|
return None
|
|
|
|
# We have USE_TZ = True, so our datetime objects are timezone-aware.
|
|
|
|
# Return the epoch seconds in UTC.
|
|
|
|
return calendar.timegm(user_message.message.pub_date.utctimetuple())
|
|
|
|
|
|
|
|
def home(request):
|
|
|
|
# type: (HttpRequest) -> HttpResponse
|
2017-02-28 05:42:19 +01:00
|
|
|
if settings.DEVELOPMENT and os.path.exists('var/handlebars-templates/compile.error'):
|
2017-03-16 14:14:31 +01:00
|
|
|
response = render(request, 'zerver/handlebars_compilation_failed.html')
|
2017-02-28 05:42:19 +01:00
|
|
|
response.status_code = 500
|
|
|
|
return response
|
2017-08-25 04:32:16 +02:00
|
|
|
if not settings.ROOT_DOMAIN_LANDING_PAGE:
|
2017-01-07 21:19:52 +01:00
|
|
|
return home_real(request)
|
|
|
|
|
2017-08-25 04:32:16 +02:00
|
|
|
# If settings.ROOT_DOMAIN_LANDING_PAGE, sends the user the landing
|
2017-01-07 21:19:52 +01:00
|
|
|
# page, not the login form, on the root domain
|
|
|
|
|
|
|
|
subdomain = get_subdomain(request)
|
2017-10-20 02:56:49 +02:00
|
|
|
if subdomain != Realm.SUBDOMAIN_FOR_ROOT_DOMAIN:
|
2017-01-07 21:19:52 +01:00
|
|
|
return home_real(request)
|
|
|
|
|
2017-03-16 14:14:31 +01:00
|
|
|
return render(request, 'zerver/hello.html')
|
2017-01-07 21:19:52 +01:00
|
|
|
|
|
|
|
@zulip_login_required
|
|
|
|
def home_real(request):
|
|
|
|
# type: (HttpRequest) -> HttpResponse
|
|
|
|
# We need to modify the session object every two weeks or it will expire.
|
|
|
|
# This line makes reloading the page a sufficient action to keep the
|
|
|
|
# session alive.
|
|
|
|
request.session.modified = True
|
|
|
|
|
|
|
|
user_profile = request.user
|
|
|
|
|
|
|
|
# If a user hasn't signed the current Terms of Service, send them there
|
|
|
|
if settings.TERMS_OF_SERVICE is not None and settings.TOS_VERSION is not None and \
|
|
|
|
int(settings.TOS_VERSION.split('.')[0]) > user_profile.major_tos_version():
|
|
|
|
return accounts_accept_terms(request)
|
|
|
|
|
2017-05-17 22:10:00 +02:00
|
|
|
narrow = [] # type: List[List[Text]]
|
2017-01-07 21:19:52 +01:00
|
|
|
narrow_stream = None
|
|
|
|
narrow_topic = request.GET.get("topic")
|
|
|
|
if request.GET.get("stream"):
|
|
|
|
try:
|
2017-01-30 03:11:00 +01:00
|
|
|
narrow_stream_name = request.GET.get("stream")
|
|
|
|
(narrow_stream, ignored_rec, ignored_sub) = access_stream_by_name(
|
|
|
|
user_profile, narrow_stream_name)
|
2017-01-07 21:19:52 +01:00
|
|
|
narrow = [["stream", narrow_stream.name]]
|
|
|
|
except Exception:
|
|
|
|
logging.exception("Narrow parsing")
|
2017-01-30 03:12:50 +01:00
|
|
|
if narrow_stream is not None and narrow_topic is not None:
|
2017-01-07 21:19:52 +01:00
|
|
|
narrow.append(["topic", narrow_topic])
|
|
|
|
|
|
|
|
register_ret = do_events_register(user_profile, request.client,
|
|
|
|
apply_markdown=True, narrow=narrow)
|
|
|
|
user_has_messages = (register_ret['max_message_id'] != -1)
|
|
|
|
|
|
|
|
# Reset our don't-spam-users-with-email counter since the
|
|
|
|
# user has since logged in
|
2017-01-24 06:07:45 +01:00
|
|
|
if user_profile.last_reminder is not None:
|
2017-01-07 21:19:52 +01:00
|
|
|
user_profile.last_reminder = None
|
|
|
|
user_profile.save(update_fields=["last_reminder"])
|
|
|
|
|
2017-09-22 05:40:22 +02:00
|
|
|
# Brand new users get narrowed to PM with welcome-bot
|
|
|
|
needs_tutorial = user_profile.tutorial_status == UserProfile.TUTORIAL_WAITING
|
2017-01-07 21:19:52 +01:00
|
|
|
|
|
|
|
first_in_realm = realm_user_count(user_profile.realm) == 1
|
|
|
|
# If you are the only person in the realm and you didn't invite
|
|
|
|
# anyone, we'll continue to encourage you to do so on the frontend.
|
|
|
|
prompt_for_invites = first_in_realm and \
|
|
|
|
not PreregistrationUser.objects.filter(referred_by=user_profile).count()
|
|
|
|
|
|
|
|
if user_profile.pointer == -1 and user_has_messages:
|
|
|
|
# Put the new user's pointer at the bottom
|
|
|
|
#
|
|
|
|
# This improves performance, because we limit backfilling of messages
|
|
|
|
# before the pointer. It's also likely that someone joining an
|
|
|
|
# organization is interested in recent messages more than the very
|
|
|
|
# first messages on the system.
|
|
|
|
|
|
|
|
register_ret['pointer'] = register_ret['max_message_id']
|
|
|
|
user_profile.last_pointer_updater = request.session.session_key
|
|
|
|
|
|
|
|
if user_profile.pointer == -1:
|
|
|
|
latest_read = None
|
|
|
|
else:
|
|
|
|
try:
|
|
|
|
latest_read = UserMessage.objects.get(user_profile=user_profile,
|
|
|
|
message__id=user_profile.pointer)
|
|
|
|
except UserMessage.DoesNotExist:
|
|
|
|
# Don't completely fail if your saved pointer ID is invalid
|
|
|
|
logging.warning("%s has invalid pointer %s" % (user_profile.email, user_profile.pointer))
|
|
|
|
latest_read = None
|
|
|
|
|
|
|
|
# Set default language and make it persist
|
|
|
|
default_language = register_ret['default_language']
|
|
|
|
url_lang = '/{}'.format(request.LANGUAGE_CODE)
|
|
|
|
if not request.path.startswith(url_lang):
|
|
|
|
translation.activate(default_language)
|
2017-10-17 08:20:11 +02:00
|
|
|
request.session[translation.LANGUAGE_SESSION_KEY] = translation.get_language()
|
2017-01-07 21:19:52 +01:00
|
|
|
|
|
|
|
# Pass parameters to the client-side JavaScript code.
|
|
|
|
# These end up in a global JavaScript Object named 'page_params'.
|
|
|
|
page_params = dict(
|
2017-02-28 23:41:41 +01:00
|
|
|
# Server settings.
|
2017-01-07 21:19:52 +01:00
|
|
|
development_environment = settings.DEVELOPMENT,
|
|
|
|
debug_mode = settings.DEBUG,
|
|
|
|
test_suite = settings.TEST_SUITE,
|
|
|
|
poll_timeout = settings.POLL_TIMEOUT,
|
|
|
|
login_page = settings.HOME_NOT_LOGGED_IN,
|
2017-08-28 23:01:18 +02:00
|
|
|
root_domain_uri = settings.ROOT_DOMAIN_URI,
|
2017-01-07 21:19:52 +01:00
|
|
|
maxfilesize = settings.MAX_FILE_UPLOAD_SIZE,
|
2017-03-06 06:22:28 +01:00
|
|
|
max_avatar_file_size = settings.MAX_AVATAR_FILE_SIZE,
|
2017-01-07 21:19:52 +01:00
|
|
|
server_generation = settings.SERVER_GENERATION,
|
2017-02-28 23:41:41 +01:00
|
|
|
use_websockets = settings.USE_WEBSOCKETS,
|
|
|
|
save_stacktraces = settings.SAVE_FRONTEND_STACKTRACES,
|
2017-03-13 14:42:03 +01:00
|
|
|
server_inline_image_preview = settings.INLINE_IMAGE_PREVIEW,
|
|
|
|
server_inline_url_embed_preview = settings.INLINE_URL_EMBED_PREVIEW,
|
2017-07-06 22:32:29 +02:00
|
|
|
password_min_length = settings.PASSWORD_MIN_LENGTH,
|
passwords: Express the quality threshold as guesses required.
The original "quality score" was invented purely for populating
our password-strength progress bar, and isn't expressed in terms
that are particularly meaningful. For configuration and the core
accept/reject logic, it's better to use units that are readily
understood. Switch to those.
I considered using "bits of entropy", defined loosely as the log
of this number, but both the zxcvbn paper and the linked CACM
article (which I recommend!) are written in terms of the number
of guesses. And reading (most of) those two papers made me
less happy about referring to "entropy" in our terminology.
I already knew that notion was a little fuzzy if looked at
too closely, and I gained a better appreciation of how it's
contributed to confusion in discussing password policies and
to adoption of perverse policies that favor "Password1!" over
"derived unusual ravioli raft". So, "guesses" it is.
And although the log is handy for some analysis purposes
(certainly for a graph like those in the zxcvbn paper), it adds
a layer of abstraction, and I think makes it harder to think
clearly about attacks, especially in the online setting. So
just use the actual number, and if someone wants to set a
gigantic value, they will have the pleasure of seeing just
how many digits are involved.
(Thanks to @YJDave for a prototype that the code changes in this
commit are based on.)
2017-10-03 19:48:06 +02:00
|
|
|
password_min_guesses = settings.PASSWORD_MIN_GUESSES,
|
2017-02-28 23:41:41 +01:00
|
|
|
|
|
|
|
# Misc. extra data.
|
|
|
|
have_initial_messages = user_has_messages,
|
2017-05-17 22:10:00 +02:00
|
|
|
initial_servertime = time.time(), # Used for calculating relative presence age
|
2017-02-28 23:41:41 +01:00
|
|
|
default_language_name = get_language_name(register_ret['default_language']),
|
|
|
|
language_list_dbl_col = get_language_list_for_templates(register_ret['default_language']),
|
|
|
|
language_list = get_language_list(),
|
|
|
|
needs_tutorial = needs_tutorial,
|
|
|
|
first_in_realm = first_in_realm,
|
|
|
|
prompt_for_invites = prompt_for_invites,
|
2017-01-07 21:19:52 +01:00
|
|
|
furthest_read_time = sent_time_in_epoch_seconds(latest_read),
|
|
|
|
has_mobile_devices = num_push_devices_for_user(user_profile) > 0,
|
|
|
|
)
|
|
|
|
|
2017-05-14 07:49:35 +02:00
|
|
|
undesired_register_ret_fields = [
|
|
|
|
'streams',
|
2017-02-28 23:31:10 +01:00
|
|
|
]
|
2017-05-14 07:49:35 +02:00
|
|
|
for field_name in set(register_ret.keys()) - set(undesired_register_ret_fields):
|
2017-02-28 23:31:10 +01:00
|
|
|
page_params[field_name] = register_ret[field_name]
|
|
|
|
|
2017-01-07 21:19:52 +01:00
|
|
|
if narrow_stream is not None:
|
|
|
|
# In narrow_stream context, initial pointer is just latest message
|
|
|
|
recipient = get_recipient(Recipient.STREAM, narrow_stream.id)
|
|
|
|
try:
|
|
|
|
initial_pointer = Message.objects.filter(recipient=recipient).order_by('id').reverse()[0].id
|
|
|
|
except IndexError:
|
|
|
|
initial_pointer = -1
|
|
|
|
page_params["narrow_stream"] = narrow_stream.name
|
|
|
|
if narrow_topic is not None:
|
|
|
|
page_params["narrow_topic"] = narrow_topic
|
|
|
|
page_params["narrow"] = [dict(operator=term[0], operand=term[1]) for term in narrow]
|
|
|
|
page_params["max_message_id"] = initial_pointer
|
2017-04-24 21:33:48 +02:00
|
|
|
page_params["pointer"] = initial_pointer
|
2017-01-07 21:19:52 +01:00
|
|
|
page_params["have_initial_messages"] = (initial_pointer != -1)
|
2017-04-29 08:13:47 +02:00
|
|
|
page_params["enable_desktop_notifications"] = False
|
2017-01-07 21:19:52 +01:00
|
|
|
|
|
|
|
statsd.incr('views.home')
|
|
|
|
show_invites = True
|
|
|
|
|
|
|
|
# Some realms only allow admins to invite users
|
|
|
|
if user_profile.realm.invite_by_admins_only and not user_profile.is_realm_admin:
|
|
|
|
show_invites = False
|
|
|
|
|
|
|
|
request._log_data['extra'] = "[%s]" % (register_ret["queue_id"],)
|
2017-03-16 14:14:31 +01:00
|
|
|
response = render(request, 'zerver/index.html',
|
|
|
|
context={'user_profile': user_profile,
|
|
|
|
'page_params': simplejson.encoder.JSONEncoderForHTML().encode(page_params),
|
|
|
|
'nofontface': is_buggy_ua(request.META.get("HTTP_USER_AGENT", "Unspecified")),
|
|
|
|
'avatar_url': avatar_url(user_profile),
|
|
|
|
'show_debug':
|
|
|
|
settings.DEBUG and ('show_debug' in request.GET),
|
|
|
|
'pipeline': settings.PIPELINE_ENABLED,
|
|
|
|
'show_invites': show_invites,
|
|
|
|
'is_admin': user_profile.is_realm_admin,
|
|
|
|
'show_webathena': user_profile.realm.webathena_enabled,
|
|
|
|
'enable_feedback': settings.ENABLE_FEEDBACK,
|
|
|
|
'embedded': narrow_stream is not None,
|
|
|
|
},)
|
2017-01-07 21:19:52 +01:00
|
|
|
patch_cache_control(response, no_cache=True, no_store=True, must_revalidate=True)
|
|
|
|
return response
|
|
|
|
|
|
|
|
@zulip_login_required
|
|
|
|
def desktop_home(request):
|
|
|
|
# type: (HttpRequest) -> HttpResponse
|
|
|
|
return HttpResponseRedirect(reverse('zerver.views.home.home'))
|
|
|
|
|
2017-07-28 04:29:37 +02:00
|
|
|
def apps_view(request, _):
|
|
|
|
# type: (HttpRequest, Text) -> HttpResponse
|
2017-06-06 03:01:56 +02:00
|
|
|
if settings.ZILENCER_ENABLED:
|
|
|
|
return render(request, 'zerver/apps.html')
|
|
|
|
return HttpResponseRedirect('https://zulipchat.com/apps/', status=301)
|
|
|
|
|
2017-01-07 21:19:52 +01:00
|
|
|
def is_buggy_ua(agent):
|
|
|
|
# type: (str) -> bool
|
|
|
|
"""Discrimiate CSS served to clients based on User Agent
|
|
|
|
|
|
|
|
Due to QTBUG-3467, @font-face is not supported in QtWebKit.
|
|
|
|
This may get fixed in the future, but for right now we can
|
|
|
|
just serve the more conservative CSS to all our desktop apps.
|
|
|
|
"""
|
2017-08-29 01:11:38 +02:00
|
|
|
return ("Zulip Desktop/" in agent or "ZulipDesktop/" in agent) and \
|
2017-01-07 21:19:52 +01:00
|
|
|
"Mac" not in agent
|