2013-04-23 18:51:17 +02:00
|
|
|
|
2019-02-02 23:53:55 +01:00
|
|
|
from typing import Any, Dict, Optional
|
2016-08-08 11:27:28 +02:00
|
|
|
from django.http import HttpRequest
|
2012-10-15 22:52:08 +02:00
|
|
|
from django.conf import settings
|
2019-03-05 18:30:10 +01:00
|
|
|
from django.urls import reverse
|
2016-11-08 10:00:31 +01:00
|
|
|
|
2017-10-02 08:01:26 +02:00
|
|
|
from zerver.models import UserProfile, get_realm, Realm
|
2017-04-20 21:02:56 +02:00
|
|
|
from zproject.backends import (
|
|
|
|
any_oauth_backend_enabled,
|
|
|
|
password_auth_enabled,
|
2017-09-10 20:42:07 +02:00
|
|
|
require_email_format_usernames,
|
2017-04-27 06:46:43 +02:00
|
|
|
auth_enabled_helper,
|
2018-12-19 01:02:22 +01:00
|
|
|
AUTH_BACKEND_NAME_MAP,
|
2019-03-05 18:30:10 +01:00
|
|
|
SOCIAL_AUTH_BACKENDS,
|
2017-04-20 21:02:56 +02:00
|
|
|
)
|
2019-03-12 15:32:33 +01:00
|
|
|
from zerver.decorator import get_client_name
|
2017-07-02 05:27:01 +02:00
|
|
|
from zerver.lib.send_email import FromAddress
|
2017-10-19 07:21:57 +02:00
|
|
|
from zerver.lib.subdomains import get_subdomain
|
2017-04-18 07:10:41 +02:00
|
|
|
from zerver.lib.realm_icon import get_realm_icon_url
|
2019-03-18 08:42:13 +01:00
|
|
|
from zerver.lib.realm_description import get_realm_rendered_description
|
2017-04-18 07:10:41 +02:00
|
|
|
|
2019-03-20 13:13:44 +01:00
|
|
|
from version import ZULIP_VERSION, LATEST_RELEASE_VERSION, LATEST_MAJOR_VERSION, \
|
|
|
|
LATEST_RELEASE_ANNOUNCEMENT
|
2016-11-08 10:00:31 +01:00
|
|
|
|
2017-11-27 07:33:05 +01:00
|
|
|
def common_context(user: UserProfile) -> Dict[str, Any]:
|
2017-05-02 00:45:12 +02:00
|
|
|
"""Common context used for things like outgoing emails that don't
|
|
|
|
have a request.
|
|
|
|
"""
|
2016-11-08 10:07:47 +01:00
|
|
|
return {
|
|
|
|
'realm_uri': user.realm.uri,
|
2018-12-19 20:53:14 +01:00
|
|
|
'realm_name': user.realm.name,
|
2017-08-28 23:01:18 +02:00
|
|
|
'root_domain_uri': settings.ROOT_DOMAIN_URI,
|
2016-11-08 10:07:47 +01:00
|
|
|
'external_uri_scheme': settings.EXTERNAL_URI_SCHEME,
|
|
|
|
'external_host': settings.EXTERNAL_HOST,
|
2018-12-19 19:08:12 +01:00
|
|
|
'user_name': user.full_name,
|
2016-11-08 10:07:47 +01:00
|
|
|
}
|
|
|
|
|
2017-11-27 07:33:05 +01:00
|
|
|
def get_realm_from_request(request: HttpRequest) -> Optional[Realm]:
|
2017-05-04 01:12:34 +02:00
|
|
|
if hasattr(request, "user") and hasattr(request.user, "realm"):
|
|
|
|
return request.user.realm
|
2019-03-17 22:08:53 +01:00
|
|
|
if not hasattr(request, "realm"):
|
|
|
|
# We cache the realm object from this function on the request,
|
|
|
|
# so that functions that call get_realm_from_request don't
|
|
|
|
# need to do duplicate queries on the same realm while
|
|
|
|
# processing a single request.
|
|
|
|
subdomain = get_subdomain(request)
|
|
|
|
request.realm = get_realm(subdomain)
|
|
|
|
return request.realm
|
2017-05-04 01:12:34 +02:00
|
|
|
|
2017-11-27 07:33:05 +01:00
|
|
|
def zulip_default_context(request: HttpRequest) -> Dict[str, Any]:
|
2017-05-02 00:45:12 +02:00
|
|
|
"""Context available to all Zulip Jinja2 templates that have a request
|
|
|
|
passed in. Designed to provide the long list of variables at the
|
|
|
|
bottom of this function in a wide range of situations: logged-in
|
|
|
|
or logged-out, subdomains or not, etc.
|
|
|
|
|
2017-10-02 08:32:09 +02:00
|
|
|
The main variable in the below is whether we know what realm the
|
|
|
|
user is trying to interact with.
|
2017-05-02 00:45:12 +02:00
|
|
|
"""
|
2017-05-04 01:12:34 +02:00
|
|
|
realm = get_realm_from_request(request)
|
2016-11-08 10:00:31 +01:00
|
|
|
|
2017-08-04 07:53:19 +02:00
|
|
|
if realm is None:
|
2017-08-28 23:01:18 +02:00
|
|
|
realm_uri = settings.ROOT_DOMAIN_URI
|
2017-08-04 07:53:19 +02:00
|
|
|
realm_name = None
|
|
|
|
realm_icon = None
|
|
|
|
else:
|
2016-08-14 00:57:45 +02:00
|
|
|
realm_uri = realm.uri
|
2017-04-18 07:10:41 +02:00
|
|
|
realm_name = realm.name
|
|
|
|
realm_icon = get_realm_icon_url(realm)
|
2016-08-14 00:57:45 +02:00
|
|
|
|
2016-09-14 08:00:27 +02:00
|
|
|
register_link_disabled = settings.REGISTER_LINK_DISABLED
|
|
|
|
login_link_disabled = settings.LOGIN_LINK_DISABLED
|
|
|
|
find_team_link_disabled = settings.FIND_TEAM_LINK_DISABLED
|
2018-05-01 20:59:24 +02:00
|
|
|
allow_search_engine_indexing = False
|
2017-07-28 01:18:37 +02:00
|
|
|
|
2017-10-20 02:56:49 +02:00
|
|
|
if (settings.ROOT_DOMAIN_LANDING_PAGE
|
|
|
|
and get_subdomain(request) == Realm.SUBDOMAIN_FOR_ROOT_DOMAIN):
|
2016-09-14 08:00:27 +02:00
|
|
|
register_link_disabled = True
|
|
|
|
login_link_disabled = True
|
|
|
|
find_team_link_disabled = False
|
2018-05-01 20:59:24 +02:00
|
|
|
allow_search_engine_indexing = True
|
2016-09-14 08:00:27 +02:00
|
|
|
|
2017-06-06 02:06:52 +02:00
|
|
|
apps_page_url = 'https://zulipchat.com/apps/'
|
|
|
|
if settings.ZILENCER_ENABLED:
|
|
|
|
apps_page_url = '/apps/'
|
|
|
|
|
2017-08-04 03:59:52 +02:00
|
|
|
user_is_authenticated = False
|
|
|
|
if hasattr(request, 'user') and hasattr(request.user, 'is_authenticated'):
|
|
|
|
user_is_authenticated = request.user.is_authenticated.value
|
|
|
|
|
2017-08-07 17:38:25 +02:00
|
|
|
if settings.DEVELOPMENT:
|
|
|
|
secrets_path = "zproject/dev-secrets.conf"
|
|
|
|
settings_path = "zproject/dev_settings.py"
|
|
|
|
settings_comments_path = "zproject/prod_settings_template.py"
|
|
|
|
else:
|
|
|
|
secrets_path = "/etc/zulip/zulip-secrets.conf"
|
|
|
|
settings_path = "/etc/zulip/settings.py"
|
|
|
|
settings_comments_path = "/etc/zulip/settings.py"
|
|
|
|
|
2019-03-12 15:32:33 +01:00
|
|
|
# We can't use request.client here because we might not be using
|
|
|
|
# an auth decorator that sets it, but we can call its helper to
|
|
|
|
# get the same result.
|
|
|
|
platform = get_client_name(request, True)
|
2017-10-04 21:18:53 +02:00
|
|
|
|
2018-12-19 01:02:22 +01:00
|
|
|
context = {
|
2017-08-24 05:09:02 +02:00
|
|
|
'root_domain_landing_page': settings.ROOT_DOMAIN_LANDING_PAGE,
|
2017-01-24 06:21:14 +01:00
|
|
|
'custom_logo_url': settings.CUSTOM_LOGO_URL,
|
2016-09-14 08:00:27 +02:00
|
|
|
'register_link_disabled': register_link_disabled,
|
|
|
|
'login_link_disabled': login_link_disabled,
|
2017-01-24 06:21:14 +01:00
|
|
|
'terms_of_service': settings.TERMS_OF_SERVICE,
|
2017-04-10 12:55:43 +02:00
|
|
|
'privacy_policy': settings.PRIVACY_POLICY,
|
2017-01-24 06:21:14 +01:00
|
|
|
'login_url': settings.HOME_NOT_LOGGED_IN,
|
|
|
|
'only_sso': settings.ONLY_SSO,
|
|
|
|
'external_host': settings.EXTERNAL_HOST,
|
|
|
|
'external_uri_scheme': settings.EXTERNAL_URI_SCHEME,
|
|
|
|
'realm_uri': realm_uri,
|
2017-04-18 07:10:41 +02:00
|
|
|
'realm_name': realm_name,
|
|
|
|
'realm_icon': realm_icon,
|
2017-08-28 23:01:18 +02:00
|
|
|
'root_domain_uri': settings.ROOT_DOMAIN_URI,
|
2017-06-06 02:06:52 +02:00
|
|
|
'apps_page_url': apps_page_url,
|
2017-01-24 06:21:14 +01:00
|
|
|
'open_realm_creation': settings.OPEN_REALM_CREATION,
|
|
|
|
'development_environment': settings.DEVELOPMENT,
|
2017-07-02 05:27:01 +02:00
|
|
|
'support_email': FromAddress.SUPPORT,
|
2016-09-14 08:00:27 +02:00
|
|
|
'find_team_link_disabled': find_team_link_disabled,
|
2017-01-24 06:21:14 +01:00
|
|
|
'password_min_length': settings.PASSWORD_MIN_LENGTH,
|
passwords: Express the quality threshold as guesses required.
The original "quality score" was invented purely for populating
our password-strength progress bar, and isn't expressed in terms
that are particularly meaningful. For configuration and the core
accept/reject logic, it's better to use units that are readily
understood. Switch to those.
I considered using "bits of entropy", defined loosely as the log
of this number, but both the zxcvbn paper and the linked CACM
article (which I recommend!) are written in terms of the number
of guesses. And reading (most of) those two papers made me
less happy about referring to "entropy" in our terminology.
I already knew that notion was a little fuzzy if looked at
too closely, and I gained a better appreciation of how it's
contributed to confusion in discussing password policies and
to adoption of perverse policies that favor "Password1!" over
"derived unusual ravioli raft". So, "guesses" it is.
And although the log is handy for some analysis purposes
(certainly for a graph like those in the zxcvbn paper), it adds
a layer of abstraction, and I think makes it harder to think
clearly about attacks, especially in the online setting. So
just use the actual number, and if someone wants to set a
gigantic value, they will have the pleasure of seeing just
how many digits are involved.
(Thanks to @YJDave for a prototype that the code changes in this
commit are based on.)
2017-10-03 19:48:06 +02:00
|
|
|
'password_min_guesses': settings.PASSWORD_MIN_GUESSES,
|
2018-04-03 01:46:55 +02:00
|
|
|
'jitsi_server_url': settings.JITSI_SERVER_URL,
|
2017-03-09 08:40:03 +01:00
|
|
|
'zulip_version': ZULIP_VERSION,
|
2017-08-04 03:59:52 +02:00
|
|
|
'user_is_authenticated': user_is_authenticated,
|
2017-08-07 17:38:25 +02:00
|
|
|
'settings_path': settings_path,
|
|
|
|
'secrets_path': secrets_path,
|
|
|
|
'settings_comments_path': settings_comments_path,
|
2017-10-04 21:18:53 +02:00
|
|
|
'platform': platform,
|
2018-05-01 20:59:24 +02:00
|
|
|
'allow_search_engine_indexing': allow_search_engine_indexing,
|
2012-10-17 20:34:38 +02:00
|
|
|
}
|
2018-12-19 01:02:22 +01:00
|
|
|
|
2019-03-20 13:13:44 +01:00
|
|
|
return context
|
|
|
|
|
|
|
|
def login_context(request: HttpRequest) -> Dict[str, Any]:
|
|
|
|
realm = get_realm_from_request(request)
|
|
|
|
|
|
|
|
if realm is None:
|
|
|
|
realm_description = None
|
|
|
|
realm_invite_required = False
|
|
|
|
else:
|
|
|
|
realm_description = get_realm_rendered_description(realm)
|
|
|
|
realm_invite_required = realm.invite_required
|
|
|
|
|
|
|
|
context = {
|
|
|
|
'realm_invite_required': realm_invite_required,
|
|
|
|
'realm_description': realm_description,
|
|
|
|
'require_email_format_usernames': require_email_format_usernames(realm),
|
|
|
|
'password_auth_enabled': password_auth_enabled(realm),
|
|
|
|
'any_oauth_backend_enabled': any_oauth_backend_enabled(realm),
|
|
|
|
'two_factor_authentication_enabled': settings.TWO_FACTOR_AUTHENTICATION_ENABLED,
|
|
|
|
} # type: Dict[str, Any]
|
|
|
|
|
2018-12-19 01:02:22 +01:00
|
|
|
# Add the keys for our standard authentication backends.
|
2019-03-17 22:29:42 +01:00
|
|
|
no_auth_enabled = True
|
2019-03-17 23:20:36 +01:00
|
|
|
social_backends = []
|
2018-12-19 01:02:22 +01:00
|
|
|
for auth_backend_name in AUTH_BACKEND_NAME_MAP:
|
|
|
|
name_lower = auth_backend_name.lower()
|
|
|
|
key = "%s_auth_enabled" % (name_lower,)
|
2019-03-17 22:29:42 +01:00
|
|
|
is_enabled = auth_enabled_helper([auth_backend_name], realm)
|
|
|
|
context[key] = is_enabled
|
|
|
|
if is_enabled:
|
|
|
|
no_auth_enabled = False
|
2019-03-05 18:30:10 +01:00
|
|
|
|
2019-03-17 23:20:36 +01:00
|
|
|
# Now add the enabled social backends to the social_backends
|
|
|
|
# list used to generate buttons for login/register pages.
|
|
|
|
backend = AUTH_BACKEND_NAME_MAP[auth_backend_name]
|
|
|
|
if not is_enabled or backend not in SOCIAL_AUTH_BACKENDS:
|
2019-03-05 18:30:10 +01:00
|
|
|
continue
|
|
|
|
social_backends.append({
|
|
|
|
'name': backend.name,
|
|
|
|
'display_name': backend.auth_backend_name,
|
|
|
|
'login_url': reverse('login-social', args=(backend.name,)),
|
2019-03-05 18:39:17 +01:00
|
|
|
'signup_url': reverse('signup-social', args=(backend.name,)),
|
2019-03-05 18:30:10 +01:00
|
|
|
'sort_order': backend.sort_order,
|
|
|
|
})
|
2019-03-10 09:38:20 +01:00
|
|
|
context['social_backends'] = sorted(social_backends, key=lambda x: x['sort_order'], reverse=True)
|
2019-03-20 13:13:44 +01:00
|
|
|
context['no_auth_enabled'] = no_auth_enabled
|
2019-03-05 18:30:10 +01:00
|
|
|
|
2018-12-19 01:02:22 +01:00
|
|
|
return context
|
2019-03-20 13:13:44 +01:00
|
|
|
|
|
|
|
def latest_info_context() -> Dict[str, str]:
|
|
|
|
context = {
|
|
|
|
'latest_release_version': LATEST_RELEASE_VERSION,
|
|
|
|
'latest_major_version': LATEST_MAJOR_VERSION,
|
|
|
|
'latest_release_announcement': LATEST_RELEASE_ANNOUNCEMENT,
|
|
|
|
}
|
|
|
|
return context
|