zulip/zilencer/views.py


from typing import Any, Dict, Optional, Text, Union, cast

from django.http import HttpRequest, HttpResponse
from django.utils import timezone
from django.utils.translation import ugettext as _
from django.shortcuts import render
from django.conf import settings
from django.views.decorators.http import require_GET
from django.views.decorators.csrf import csrf_exempt

from zerver.decorator import require_post, zulip_login_required
from zerver.lib.exceptions import JsonableError
from zerver.lib.push_notifications import send_android_push_notification, \
    send_apple_push_notification
from zerver.lib.request import REQ, has_request_variables
from zerver.lib.response import json_error, json_success
from zerver.lib.validator import check_int
from zerver.models import UserProfile, Realm
from zerver.views.push_notifications import validate_token
from zilencer.lib.stripe import STRIPE_PUBLISHABLE_KEY, count_stripe_cards, \
    save_stripe_token, StripeError
from zilencer.models import RemotePushDeviceToken, RemoteZulipServer

def validate_entity(entity: Union[UserProfile, RemoteZulipServer]) -> None:
    if not isinstance(entity, RemoteZulipServer):
        raise JsonableError(_("Must validate with valid Zulip server API key"))

def validate_bouncer_token_request(entity: Union[UserProfile, RemoteZulipServer],
                                   token: bytes, kind: int) -> None:
    if kind not in [RemotePushDeviceToken.APNS, RemotePushDeviceToken.GCM]:
        raise JsonableError(_("Invalid token type"))
    validate_entity(entity)
    validate_token(token, kind)

@has_request_variables
def remote_server_register_push(request: HttpRequest, entity: Union[UserProfile, RemoteZulipServer],
                                user_id: int=REQ(), token: bytes=REQ(),
                                token_kind: int=REQ(validator=check_int),
                                ios_app_id: Optional[Text]=None) -> HttpResponse:
    validate_bouncer_token_request(entity, token, token_kind)
    server = cast(RemoteZulipServer, entity)

    # If a user logged out on a device and failed to unregister,
    # we should delete any other user associations for this token
    # & RemoteServer pair
    RemotePushDeviceToken.objects.filter(
        token=token, kind=token_kind, server=server).exclude(user_id=user_id).delete()

    # Save or update
    remote_token, created = RemotePushDeviceToken.objects.update_or_create(
        user_id=user_id,
        server=server,
        kind=token_kind,
        token=token,
        defaults=dict(
            ios_app_id=ios_app_id,
            last_updated=timezone.now()))

    return json_success()

@has_request_variables
def remote_server_unregister_push(request: HttpRequest, entity: Union[UserProfile, RemoteZulipServer],
                                  token: bytes=REQ(),
                                  token_kind: int=REQ(validator=check_int),
                                  ios_app_id: Optional[Text]=None) -> HttpResponse:
    validate_bouncer_token_request(entity, token, token_kind)
    server = cast(RemoteZulipServer, entity)
    deleted = RemotePushDeviceToken.objects.filter(token=token,
                                                   kind=token_kind,
                                                   server=server).delete()
    if deleted[0] == 0:
        return json_error(_("Token does not exist"))

    return json_success()

@has_request_variables
def remote_server_notify_push(request: HttpRequest, entity: Union[UserProfile, RemoteZulipServer],
                              payload: Dict[str, Any]=REQ(argument_type='body')) -> HttpResponse:
    validate_entity(entity)
    server = cast(RemoteZulipServer, entity)

    user_id = payload['user_id']
    gcm_payload = payload['gcm_payload']
    apns_payload = payload['apns_payload']

    android_devices = list(RemotePushDeviceToken.objects.filter(
        user_id=user_id,
        kind=RemotePushDeviceToken.GCM,
        server=server
    ))

    apple_devices = list(RemotePushDeviceToken.objects.filter(
        user_id=user_id,
        kind=RemotePushDeviceToken.APNS,
        server=server
    ))

    if android_devices:
        send_android_push_notification(android_devices, gcm_payload, remote=True)

    if apple_devices:
        send_apple_push_notification(user_id, apple_devices, apns_payload)

    return json_success()

@zulip_login_required
def add_payment_method(request: HttpRequest) -> HttpResponse:
    user = request.user
    ctx = {
        "publishable_key": STRIPE_PUBLISHABLE_KEY,
        "email": user.email,
    }  # type: Dict[str, Any]

    if not user.is_realm_admin:
        ctx["error_message"] = (
            _("You should be an administrator of the organization %s to view this page.")
            % (user.realm.name,))
        return render(request, 'zilencer/billing.html', context=ctx)

    try:
        if request.method == "GET":
            ctx["num_cards"] = count_stripe_cards(user.realm)
            return render(request, 'zilencer/billing.html', context=ctx)
        if request.method == "POST":
            token = request.POST.get("stripeToken", "")
            ctx["num_cards"] = save_stripe_token(user, token)
            ctx["payment_method_added"] = True
            return render(request, 'zilencer/billing.html', context=ctx)
    except StripeError as e:
        ctx["error_message"] = e.msg
        return render(request, 'zilencer/billing.html', context=ctx)
[i18n] Make error messages translatable. Make all strings passing through `json_error` and `JsonableError` translatable. Fixes #727 2016-05-25 15:02:02 +02:00
python: Sort imports in smaller apps. 2017-11-16 00:55:49 +01:00			`from typing import Any, Dict, Optional, Text, Union, cast`
Send feedback to a queue to be forwarded to staging. (imported from commit 4a9a1bfc6c95763a816263a726cc61b3ca90bf15) 2013-10-17 22:55:09 +02:00
python: Sort imports in smaller apps. 2017-11-16 00:55:49 +01:00			`from django.http import HttpRequest, HttpResponse`
			`from django.utils import timezone`
			`from django.utils.translation import ugettext as _`
billing: Integrate Stripe, using Stripe Checkout. Stripe Checkout means using JS code provided by Stripe to handle almost all of the UI, which is great for us. There are more features we should add to this page and changes we should make, but this gives us an MVP. [greg: expanded commit message; fixed import ordering and some types.] 2018-01-13 19:38:13 +01:00			`from django.shortcuts import render`
			`from django.conf import settings`
			`from django.views.decorators.http import require_GET`
			`from django.views.decorators.csrf import csrf_exempt`

			`from zerver.decorator import require_post, zulip_login_required`
views: Fix imports of REQ/has_request_variables from the wrong place. These were never in zerver/decorator.py, and so it makes sense to import them zerver/lib/request.py, mostly for ease of finding things. 2017-10-28 00:07:31 +02:00			`from zerver.lib.exceptions import JsonableError`
Add support infrastructure for push notification bouncer service. This is an incomplete cleaned-up continuation of Lisa Neigut's push notification bouncer work. It supports registration and deregistration of individual push tokens with a central push notification bouncer server. It still is missing a few things before we can complete this effort: * A registration form for server admins to configure their server for this service, with tests. * Code (and tests) for actually bouncing the notifications. 2016-10-27 23:55:31 +02:00			`from zerver.lib.push_notifications import send_android_push_notification, \`
			`send_apple_push_notification`
python: Sort imports in smaller apps. 2017-11-16 00:55:49 +01:00			`from zerver.lib.request import REQ, has_request_variables`
Add support infrastructure for push notification bouncer service. This is an incomplete cleaned-up continuation of Lisa Neigut's push notification bouncer work. It supports registration and deregistration of individual push tokens with a central push notification bouncer server. It still is missing a few things before we can complete this effort: * A registration form for server admins to configure their server for this service, with tests. * Code (and tests) for actually bouncing the notifications. 2016-10-27 23:55:31 +02:00			`from zerver.lib.response import json_error, json_success`
zilencer: Remove unused imports (F401). 2017-11-02 12:39:10 +01:00			`from zerver.lib.validator import check_int`
billing: Start pulling apart the page from the logic. Pull the code that talks to Stripe out into its own functions. In a followup commit we'll move these to a separate file, as well as the error-handling logic that remains in the view function for now. Also fix the translation markings: the translated string must be a constant (e.g. a format string), or else translation is impossible. Viewing with `-b` shows the few changes that happen in the logic as it moves out of the view function; viewing without shows the few changes in the rest of the view function. 2018-01-30 02:02:32 +01:00			`from zerver.models import UserProfile, Realm`
push_notifications: Validate APNS token format in bouncer. This prevents a buggy old Zulip server from forwarding invalid-format push notification tokens to the push notification bouncer service. As part of this change, we switch the token from Text to str to match the rest of the code path. 2017-07-07 18:23:36 +02:00			`from zerver.views.push_notifications import validate_token`
billing: Move most Stripe code to its own file. We'll handle the error-handling in a separate commit, as it's still entangled with the view function. 2018-01-30 20:49:25 +01:00			`from zilencer.lib.stripe import STRIPE_PUBLISHABLE_KEY, count_stripe_cards, \`
stripe: Move error handling into stripe.py too. This completes the separation of our logic for managing Stripe customers from the view code for the billing page. As we add more features to our Customer model and to our Stripe integration, we might further separate those two things; but for now they're nearly synonymous and there's no problem in them being mixed together. 2018-01-30 21:03:59 +01:00			`save_stripe_token, StripeError`
billing: Move most Stripe code to its own file. We'll handle the error-handling in a separate commit, as it's still entangled with the view function. 2018-01-30 20:49:25 +01:00			`from zilencer.models import RemotePushDeviceToken, RemoteZulipServer`
billing: Send logs to a dedicated file. This will help make them easy to read through. Include messages to the logger name `stripe`, which Stripe's client library logs to. 2018-01-18 02:03:12 +01:00
zilencer: Use python 3 syntax for typing. 2017-10-27 12:57:54 +02:00			`def validate_entity(entity: Union[UserProfile, RemoteZulipServer]) -> None:`
views.py: Create validator for remote server. 2017-05-08 14:25:40 +02:00			`if not isinstance(entity, RemoteZulipServer):`
			`raise JsonableError(_("Must validate with valid Zulip server API key"))`

zilencer: Use python 3 syntax for typing. 2017-10-27 12:57:54 +02:00			`def validate_bouncer_token_request(entity: Union[UserProfile, RemoteZulipServer],`
			`token: bytes, kind: int) -> None:`
push_notifications: Verify that token types are valid. We only have two types of push notification tokens, so we should validate that in the bouncer code path. 2017-07-07 18:29:45 +02:00			`if kind not in [RemotePushDeviceToken.APNS, RemotePushDeviceToken.GCM]:`
			`raise JsonableError(_("Invalid token type"))`
views.py: Create validator for remote server. 2017-05-08 14:25:40 +02:00			`validate_entity(entity)`
push_notifications: Validate APNS token format in bouncer. This prevents a buggy old Zulip server from forwarding invalid-format push notification tokens to the push notification bouncer service. As part of this change, we switch the token from Text to str to match the rest of the code path. 2017-07-07 18:23:36 +02:00			`validate_token(token, kind)`
views.py: Create validator for remote server. 2017-05-08 14:25:40 +02:00
Add support infrastructure for push notification bouncer service. This is an incomplete cleaned-up continuation of Lisa Neigut's push notification bouncer work. It supports registration and deregistration of individual push tokens with a central push notification bouncer server. It still is missing a few things before we can complete this effort: * A registration form for server admins to configure their server for this service, with tests. * Code (and tests) for actually bouncing the notifications. 2016-10-27 23:55:31 +02:00			`@has_request_variables`
mypy: Use Python 3 syntax for typing in `zilencer/views.py`. 2017-12-20 20:56:11 +01:00			`def remote_server_register_push(request: HttpRequest, entity: Union[UserProfile, RemoteZulipServer],`
			`user_id: int=REQ(), token: bytes=REQ(),`
			`token_kind: int=REQ(validator=check_int),`
			`ios_app_id: Optional[Text]=None) -> HttpResponse:`
push_notifications: Validate APNS token format in bouncer. This prevents a buggy old Zulip server from forwarding invalid-format push notification tokens to the push notification bouncer service. As part of this change, we switch the token from Text to str to match the rest of the code path. 2017-07-07 18:23:36 +02:00			`validate_bouncer_token_request(entity, token, token_kind)`
Add support infrastructure for push notification bouncer service. This is an incomplete cleaned-up continuation of Lisa Neigut's push notification bouncer work. It supports registration and deregistration of individual push tokens with a central push notification bouncer server. It still is missing a few things before we can complete this effort: * A registration form for server admins to configure their server for this service, with tests. * Code (and tests) for actually bouncing the notifications. 2016-10-27 23:55:31 +02:00			`server = cast(RemoteZulipServer, entity)`

			`# If a user logged out on a device and failed to unregister,`
			`# we should delete any other user associations for this token`
			`# & RemoteServer pair`
			`RemotePushDeviceToken.objects.filter(`
			`token=token, kind=token_kind, server=server).exclude(user_id=user_id).delete()`

			`# Save or update`
			`remote_token, created = RemotePushDeviceToken.objects.update_or_create(`
			`user_id=user_id,`
			`server=server,`
			`kind=token_kind,`
			`token=token,`
			`defaults=dict(`
			`ios_app_id=ios_app_id,`
			`last_updated=timezone.now()))`

			`return json_success()`

			`@has_request_variables`
mypy: Use Python 3 syntax for typing in `zilencer/views.py`. 2017-12-20 20:56:11 +01:00			`def remote_server_unregister_push(request: HttpRequest, entity: Union[UserProfile, RemoteZulipServer],`
			`token: bytes=REQ(),`
			`token_kind: int=REQ(validator=check_int),`
			`ios_app_id: Optional[Text]=None) -> HttpResponse:`
push_notifications: Validate APNS token format in bouncer. This prevents a buggy old Zulip server from forwarding invalid-format push notification tokens to the push notification bouncer service. As part of this change, we switch the token from Text to str to match the rest of the code path. 2017-07-07 18:23:36 +02:00			`validate_bouncer_token_request(entity, token, token_kind)`
Add support infrastructure for push notification bouncer service. This is an incomplete cleaned-up continuation of Lisa Neigut's push notification bouncer work. It supports registration and deregistration of individual push tokens with a central push notification bouncer server. It still is missing a few things before we can complete this effort: * A registration form for server admins to configure their server for this service, with tests. * Code (and tests) for actually bouncing the notifications. 2016-10-27 23:55:31 +02:00			`server = cast(RemoteZulipServer, entity)`
			`deleted = RemotePushDeviceToken.objects.filter(token=token,`
			`kind=token_kind,`
			`server=server).delete()`
			`if deleted[0] == 0:`
			`return json_error(_("Token does not exist"))`

			`return json_success()`
push_notification: Send data to notification bouncer. 2017-05-08 13:48:16 +02:00
			`@has_request_variables`
mypy: Use Python 3 syntax for typing in `zilencer/views.py`. 2017-12-20 20:56:11 +01:00			`def remote_server_notify_push(request: HttpRequest, entity: Union[UserProfile, RemoteZulipServer],`
			`payload: Dict[str, Any]=REQ(argument_type='body')) -> HttpResponse:`
push_notification: Send data to notification bouncer. 2017-05-08 13:48:16 +02:00			`validate_entity(entity)`
push_notification: Push data from Zilencer. 2017-05-09 10:31:47 +02:00			`server = cast(RemoteZulipServer, entity)`

			`user_id = payload['user_id']`
			`gcm_payload = payload['gcm_payload']`
			`apns_payload = payload['apns_payload']`

			`android_devices = list(RemotePushDeviceToken.objects.filter(`
			`user_id=user_id,`
			`kind=RemotePushDeviceToken.GCM,`
			`server=server`
			`))`

			`apple_devices = list(RemotePushDeviceToken.objects.filter(`
			`user_id=user_id,`
			`kind=RemotePushDeviceToken.APNS,`
			`server=server`
			`))`

			`if android_devices:`
push_notifications: Remove DeviceTokenType logic. The syntax wasn't valid on Python 3.5, and the new code is somewhat more readable anyway. 2017-05-16 21:15:45 +02:00			`send_android_push_notification(android_devices, gcm_payload, remote=True)`
push_notification: Push data from Zilencer. 2017-05-09 10:31:47 +02:00
			`if apple_devices:`
push notifs: Implement APNs with new API. And it works! A couple of things still to do: * When a device token is no longer active, we'll get HTTP status 410. We should then remove the token from the database so we don't keep trying to push to it. This is fairly urgent. * The library we're using has a nice asynchronous API, but this version doesn't use it. This is OK now, but async will be essential at scale. 2017-08-19 01:38:11 +02:00			`send_apple_push_notification(user_id, apple_devices, apns_payload)`
push_notification: Push data from Zilencer. 2017-05-09 10:31:47 +02:00
push_notification: Send data to notification bouncer. 2017-05-08 13:48:16 +02:00			`return json_success()`
billing: Integrate Stripe, using Stripe Checkout. Stripe Checkout means using JS code provided by Stripe to handle almost all of the UI, which is great for us. There are more features we should add to this page and changes we should make, but this gives us an MVP. [greg: expanded commit message; fixed import ordering and some types.] 2018-01-13 19:38:13 +01:00
			`@zulip_login_required`
			`def add_payment_method(request: HttpRequest) -> HttpResponse:`
			`user = request.user`
			`ctx = {`
			`"publishable_key": STRIPE_PUBLISHABLE_KEY,`
			`"email": user.email,`
			`} # type: Dict[str, Any]`
billing: Start pulling apart the page from the logic. Pull the code that talks to Stripe out into its own functions. In a followup commit we'll move these to a separate file, as well as the error-handling logic that remains in the view function for now. Also fix the translation markings: the translated string must be a constant (e.g. a format string), or else translation is impossible. Viewing with `-b` shows the few changes that happen in the logic as it moves out of the view function; viewing without shows the few changes in the rest of the view function. 2018-01-30 02:02:32 +01:00
			`if not user.is_realm_admin:`
stripe: Move error handling into stripe.py too. This completes the separation of our logic for managing Stripe customers from the view code for the billing page. As we add more features to our Customer model and to our Stripe integration, we might further separate those two things; but for now they're nearly synonymous and there's no problem in them being mixed together. 2018-01-30 21:03:59 +01:00			`ctx["error_message"] = (`
			`_("You should be an administrator of the organization %s to view this page.")`
			`% (user.realm.name,))`
			`return render(request, 'zilencer/billing.html', context=ctx)`
billing: Integrate Stripe, using Stripe Checkout. Stripe Checkout means using JS code provided by Stripe to handle almost all of the UI, which is great for us. There are more features we should add to this page and changes we should make, but this gives us an MVP. [greg: expanded commit message; fixed import ordering and some types.] 2018-01-13 19:38:13 +01:00
			`try:`
			`if request.method == "GET":`
billing: Start pulling apart the page from the logic. Pull the code that talks to Stripe out into its own functions. In a followup commit we'll move these to a separate file, as well as the error-handling logic that remains in the view function for now. Also fix the translation markings: the translated string must be a constant (e.g. a format string), or else translation is impossible. Viewing with `-b` shows the few changes that happen in the logic as it moves out of the view function; viewing without shows the few changes in the rest of the view function. 2018-01-30 02:02:32 +01:00			`ctx["num_cards"] = count_stripe_cards(user.realm)`
/billing/: Rename "payment.html" => "billing.html". This matches the URL path /billing/ to the filename "billing.html". 2018-01-30 01:30:02 +01:00			`return render(request, 'zilencer/billing.html', context=ctx)`
billing: Integrate Stripe, using Stripe Checkout. Stripe Checkout means using JS code provided by Stripe to handle almost all of the UI, which is great for us. There are more features we should add to this page and changes we should make, but this gives us an MVP. [greg: expanded commit message; fixed import ordering and some types.] 2018-01-13 19:38:13 +01:00			`if request.method == "POST":`
			`token = request.POST.get("stripeToken", "")`
billing: Start pulling apart the page from the logic. Pull the code that talks to Stripe out into its own functions. In a followup commit we'll move these to a separate file, as well as the error-handling logic that remains in the view function for now. Also fix the translation markings: the translated string must be a constant (e.g. a format string), or else translation is impossible. Viewing with `-b` shows the few changes that happen in the logic as it moves out of the view function; viewing without shows the few changes in the rest of the view function. 2018-01-30 02:02:32 +01:00			`ctx["num_cards"] = save_stripe_token(user, token)`
billing: Integrate Stripe, using Stripe Checkout. Stripe Checkout means using JS code provided by Stripe to handle almost all of the UI, which is great for us. There are more features we should add to this page and changes we should make, but this gives us an MVP. [greg: expanded commit message; fixed import ordering and some types.] 2018-01-13 19:38:13 +01:00			`ctx["payment_method_added"] = True`
/billing/: Rename "payment.html" => "billing.html". This matches the URL path /billing/ to the filename "billing.html". 2018-01-30 01:30:02 +01:00			`return render(request, 'zilencer/billing.html', context=ctx)`
billing: Simplify logging of Stripe errors. Several changes: * De-duplicate code for different error types. * No need to list lots of error subtypes where we aren't treating them differently; StripeError is the base class of them all. * Unexpected, non-Stripe-related, exceptions we can handle in the normal way. Just make them show up in the billing-specific log too. * The Stripe client library already logs type, code, param, and message before raising an error, so we don't need to repeat those; just add the HTTP status code (because it's not there already and sure why not), and the Python exception type the client library chose to raise in case that makes things a bit easier to interpret. 2018-01-18 03:05:27 +01:00			`except StripeError as e:`
stripe: Move error handling into stripe.py too. This completes the separation of our logic for managing Stripe customers from the view code for the billing page. As we add more features to our Customer model and to our Stripe integration, we might further separate those two things; but for now they're nearly synonymous and there's no problem in them being mixed together. 2018-01-30 21:03:59 +01:00			`ctx["error_message"] = e.msg`
			`return render(request, 'zilencer/billing.html', context=ctx)`