Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zulip/zerver/views/user_settings.py

352 lines
15 KiB
Python
Raw Normal View History

python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
from typing import Any, Dict, Optional
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
timezone: Remove get_all_timezones wrapper. Both callers want a set, and pytz already provides all_timezones_set. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-27 00:56:50 +01:00
import pytz
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
from django.conf import settings
Django 1.10: Update session hash when password is changed. Ref: https://docs.djangoproject.com/en/1.10/topics/auth/default/#session-invalidation-on-password-change for details.
2016-11-17 08:56:01 +01:00
from django.contrib.auth import authenticate, update_session_auth_hash
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
from django.core.exceptions import ValidationError
Annotate zerver/views/user_settings.
2016-06-05 02:15:26 +02:00
from django.http import HttpRequest, HttpResponse
views: Remove unused imports. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2019-02-02 23:53:22 +01:00
from django.shortcuts import render
i18n: Don't include email tags in translation strings.
2020-09-16 19:30:05 +02:00
from django.utils.html import escape
from django.utils.safestring import SafeString
python: Convert deprecated Django ugettext alias to gettext. django.utils.translation.ugettext is a deprecated alias of django.utils.translation.gettext as of Django 3.0, and will be removed in Django 4.0. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-04-16 00:57:30 +02:00
from django.utils.translation import gettext as _
from django.utils.translation import gettext_lazy
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
from confirmation.models import (
Confirmation,
ConfirmationKeyException,
get_object_from_key,
render_confirmation_key_error,
)
python: Fix mypy no_implicit_reexport errors. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-16 22:11:10 +02:00
from zerver.decorator import human_users_only
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
from zerver.lib.actions import (
check_change_full_name,
do_change_avatar_fields,
do_change_password,
do_change_user_delivery_email,
refactor: Rename do_set_user_display_setting to do_set_user_setting.
2021-08-13 16:18:53 +02:00
do_change_user_setting,
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
do_regenerate_api_key,
do_start_email_change_process,
settings: Move check_settings_values to user_settings.py. This commit moves check_settings_values to user_settings.py from validator.py such that we can import the functions at the top without any issue of cyclic imports.
2021-09-09 20:19:08 +02:00
get_available_notification_sounds,
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
)
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
from zerver.lib.avatar import avatar_url
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
from zerver.lib.email_validation import (
get_realm_email_validator,
python: Fix mypy no_implicit_reexport errors. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-16 22:11:10 +02:00
validate_email_is_valid,
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
validate_email_not_already_in_realm,
)
python: Fix mypy no_implicit_reexport errors. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-16 22:11:10 +02:00
from zerver.lib.exceptions import JsonableError, RateLimited
settings: Move check_settings_values to user_settings.py. This commit moves check_settings_values to user_settings.py from validator.py such that we can import the functions at the top without any issue of cyclic imports.
2021-09-09 20:19:08 +02:00
from zerver.lib.i18n import get_available_language_codes
python: Fix mypy no_implicit_reexport errors. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-16 22:11:10 +02:00
from zerver.lib.request import REQ, has_request_variables
python: Migrate most json_error => JsonableError. JsonableError has two major benefits over json_error: * It can be raised from anywhere in the codebase, rather than being a return value, which is much more convenient for refactoring, as one doesn't potentially need to change error handling style when extracting a bit of view code to a function. * It is guaranteed to contain the `code` property, which is helpful for API consistency. Various stragglers are not updated because JsonableError requires subclassing in order to specify custom data or HTTP status codes.
2021-06-30 18:35:50 +02:00
from zerver.lib.response import json_success
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
from zerver.lib.send_email import FromAddress, send_email
from zerver.lib.upload import upload_avatar_image
settings: Move check_settings_values to user_settings.py. This commit moves check_settings_values to user_settings.py from validator.py such that we can import the functions at the top without any issue of cyclic imports.
2021-09-09 20:19:08 +02:00
from zerver.lib.validator import check_bool, check_int, check_int_in, check_string_in
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
from zerver.models import UserProfile, avatar_changes_disabled, name_changes_disabled
from zproject.backends import check_password_strength, email_belongs_to_ldap
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
python: Convert deprecated Django ugettext alias to gettext. django.utils.translation.ugettext is a deprecated alias of django.utils.translation.gettext as of Django 3.0, and will be removed in Django 4.0. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-04-16 00:57:30 +02:00
AVATAR_CHANGES_DISABLED_ERROR = gettext_lazy("Avatar changes are disabled in this organization.")
realm: Add setting to disable avatar changes. This is useful when syncing avatars from an integrated LDAP/active directory. The upload avatar and delete avatar buttons are hidden if avatar changes are disabled and the user is a non-admin. If the user has a gravatar set, then the user will not be able to upload an image as their avatar if avatar changes are disabled. Part of #12132.
2019-04-23 04:51:04 +02:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
zerver/views: Use Python 3 syntax for typing. Edited by tabbott to remove state.py and streams.py, because of problems with the original PR's changes, and wrap some long lines.
2017-11-27 09:28:57 +01:00
def confirm_email_change(request: HttpRequest, confirmation_key: str) -> HttpResponse:
confirmation: Use ConfirmationKeyException in get_object_from_key. Fixes #5739.
2017-07-22 00:27:45 +02:00
try:
email change: Refactor confirmation path for readability. Removes an assert, which at this point is there just for readability, since the second argument to get_object_from_key(confirmation_key, Confirmation.EMAIL_CHANGE) ensures that the returned object is of the correct type.
2017-11-07 20:45:11 +01:00
email_change_object = get_object_from_key(confirmation_key, Confirmation.EMAIL_CHANGE)
confirmation: Use ConfirmationKeyException in get_object_from_key. Fixes #5739.
2017-07-22 00:27:45 +02:00
except ConfirmationKeyException as exception:
return render_confirmation_key_error(request, exception)
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
email change: Refactor confirmation path for readability. Removes an assert, which at this point is there just for readability, since the second argument to get_object_from_key(confirmation_key, Confirmation.EMAIL_CHANGE) ensures that the returned object is of the correct type.
2017-11-07 20:45:11 +01:00
new_email = email_change_object.new_email
old_email = email_change_object.old_email
user_profile = email_change_object.user_profile
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
settings: Allow admin to change email/name even if it is disabled in realm. Allow realm admin users to change their email or name even, changing name or email is disabled in realm.
2018-02-02 16:54:26 +01:00
if user_profile.realm.email_changes_disabled and not user_profile.is_realm_admin:
email change: Use confirmation object user to determine changeability. Seems like the more logical check. Also, the previous code makes it feel like there is a potential vulnerability where one could get an email change object in a realm where email changes are disabled, and then open that link while logged in to a different realm. While we're at it, remove the unnecessary check that the user is logged in when clicking the confirmation link; that creates unnecessary trouble for users who use multiple browsers.
2017-11-07 20:48:32 +01:00
raise JsonableError(_("Email address changes are disabled in this organization."))
email: Support delivery email in email change system.
2018-08-02 08:47:13 +02:00
do_change_user_delivery_email(user_profile, new_email)
confirmation: Use ConfirmationKeyException in get_object_from_key. Fixes #5739.
2017-07-22 00:27:45 +02:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
context = {"realm_name": user_profile.realm.name, "new_email": new_email}
emails: Translate from_name of account security emails.
2020-02-14 13:58:58 +01:00
language = user_profile.default_language
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
send_email(
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
"zerver/emails/notify_change_in_email",
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
to_emails=[old_email],
from_name=FromAddress.security_email_from_name(user_profile=user_profile),
from_address=FromAddress.SUPPORT,
language=language,
context=context,
realm=user_profile.realm,
)
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
ctx = {
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
"new_email_html_tag": SafeString(
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
f'<a href="mailto:{escape(new_email)}">{escape(new_email)}</a>'
),
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
"old_email_html_tag": SafeString(
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
f'<a href="mailto:{escape(old_email)}">{escape(old_email)}</a>'
),
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
}
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
return render(request, "confirmation/confirm_email_change.html", context=ctx)
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
settings: Merge settings API endpoints. This API change removes unnecessary complexity from a client that wants to change a user's personal settings, and also saves developers from needing to make decisions about what sort of setting something is at the API level. We preserve the old settings endpoints as mapping to the same function as the new one for backwards-compatibility. We delete the documentation for the old endpoints, though the documentation for the merged /settings endpoint mentions how to use the old endpoints when needed. We migrate all backend tests to the new endpoints, except for individual tests for each legacy endpoint to verify they still work. Co-authored-by: sahil839 <sahilbatra839@gmail.com>
2021-07-07 22:08:11 +02:00
emojiset_choices = {emojiset["key"] for emojiset in UserProfile.emojiset_choices()}
default_view_options = ["recent_topics", "all_messages"]
settings: Move check_settings_values to user_settings.py. This commit moves check_settings_values to user_settings.py from validator.py such that we can import the functions at the top without any issue of cyclic imports.
2021-09-09 20:19:08 +02:00
def check_settings_values(
notification_sound: Optional[str],
email_notifications_batching_period_seconds: Optional[int],
default_language: Optional[str] = None,
) -> None:
# We can't use REQ for this widget because
# get_available_language_codes requires provisioning to be
# complete.
if default_language is not None and default_language not in get_available_language_codes():
raise JsonableError(_("Invalid default_language"))
if (
notification_sound is not None
and notification_sound not in get_available_notification_sounds()
and notification_sound != "none"
):
raise JsonableError(_("Invalid notification sound '{}'").format(notification_sound))
if email_notifications_batching_period_seconds is not None and (
email_notifications_batching_period_seconds <= 0
or email_notifications_batching_period_seconds > 7 * 24 * 60 * 60
):
# We set a limit of one week for the batching period
raise JsonableError(
_("Invalid email batching period: {} seconds").format(
email_notifications_batching_period_seconds
)
)
settings: Migrate main settings-change code to API. This was one of the few major remaining endpoints that were still on the old-style legacy API.
2017-07-31 20:44:52 +02:00
@human_users_only
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
@has_request_variables
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
def json_change_settings(
request: HttpRequest,
user_profile: UserProfile,
full_name: str = REQ(default=""),
email: str = REQ(default=""),
old_password: str = REQ(default=""),
new_password: str = REQ(default=""),
settings: Merge settings API endpoints. This API change removes unnecessary complexity from a client that wants to change a user's personal settings, and also saves developers from needing to make decisions about what sort of setting something is at the API level. We preserve the old settings endpoints as mapping to the same function as the new one for backwards-compatibility. We delete the documentation for the old endpoints, though the documentation for the merged /settings endpoint mentions how to use the old endpoints when needed. We migrate all backend tests to the new endpoints, except for individual tests for each legacy endpoint to verify they still work. Co-authored-by: sahil839 <sahilbatra839@gmail.com>
2021-07-07 22:08:11 +02:00
twenty_four_hour_time: Optional[bool] = REQ(json_validator=check_bool, default=None),
dense_mode: Optional[bool] = REQ(json_validator=check_bool, default=None),
starred_message_counts: Optional[bool] = REQ(json_validator=check_bool, default=None),
fluid_layout_width: Optional[bool] = REQ(json_validator=check_bool, default=None),
high_contrast_mode: Optional[bool] = REQ(json_validator=check_bool, default=None),
color_scheme: Optional[int] = REQ(
json_validator=check_int_in(UserProfile.COLOR_SCHEME_CHOICES), default=None
),
translate_emoticons: Optional[bool] = REQ(json_validator=check_bool, default=None),
default_language: Optional[str] = REQ(default=None),
default_view: Optional[str] = REQ(
str_validator=check_string_in(default_view_options), default=None
),
left_side_userlist: Optional[bool] = REQ(json_validator=check_bool, default=None),
emojiset: Optional[str] = REQ(str_validator=check_string_in(emojiset_choices), default=None),
demote_inactive_streams: Optional[int] = REQ(
json_validator=check_int_in(UserProfile.DEMOTE_STREAMS_CHOICES), default=None
),
timezone: Optional[str] = REQ(
str_validator=check_string_in(pytz.all_timezones_set), default=None
),
api: Allow setting email_notifications_batching_period_seconds. We allow a maximum value of one week to make sure there aren't a huge number of rows in the table for any user (this could happen if stream notifications are enabled). This commit also fixes a small error in the user_settings test.
2021-07-22 10:05:04 +02:00
email_notifications_batching_period_seconds: Optional[int] = REQ(
json_validator=check_int, default=None
),
drafts: Add support for toggling drafts synchronization. With changes mostly to the API documentation by tabbott.
2021-07-24 06:56:56 +02:00
enable_drafts_synchronization: Optional[bool] = REQ(json_validator=check_bool, default=None),
settings: Merge settings API endpoints. This API change removes unnecessary complexity from a client that wants to change a user's personal settings, and also saves developers from needing to make decisions about what sort of setting something is at the API level. We preserve the old settings endpoints as mapping to the same function as the new one for backwards-compatibility. We delete the documentation for the old endpoints, though the documentation for the merged /settings endpoint mentions how to use the old endpoints when needed. We migrate all backend tests to the new endpoints, except for individual tests for each legacy endpoint to verify they still work. Co-authored-by: sahil839 <sahilbatra839@gmail.com>
2021-07-07 22:08:11 +02:00
enable_stream_desktop_notifications: Optional[bool] = REQ(
json_validator=check_bool, default=None
),
enable_stream_email_notifications: Optional[bool] = REQ(
json_validator=check_bool, default=None
),
enable_stream_push_notifications: Optional[bool] = REQ(json_validator=check_bool, default=None),
enable_stream_audible_notifications: Optional[bool] = REQ(
json_validator=check_bool, default=None
),
wildcard_mentions_notify: Optional[bool] = REQ(json_validator=check_bool, default=None),
notification_sound: Optional[str] = REQ(default=None),
enable_desktop_notifications: Optional[bool] = REQ(json_validator=check_bool, default=None),
enable_sounds: Optional[bool] = REQ(json_validator=check_bool, default=None),
enable_offline_email_notifications: Optional[bool] = REQ(
json_validator=check_bool, default=None
),
enable_offline_push_notifications: Optional[bool] = REQ(
json_validator=check_bool, default=None
),
enable_online_push_notifications: Optional[bool] = REQ(json_validator=check_bool, default=None),
enable_digest_emails: Optional[bool] = REQ(json_validator=check_bool, default=None),
enable_login_emails: Optional[bool] = REQ(json_validator=check_bool, default=None),
enable_marketing_emails: Optional[bool] = REQ(json_validator=check_bool, default=None),
message_content_in_email_notifications: Optional[bool] = REQ(
json_validator=check_bool, default=None
),
pm_content_in_desktop_notifications: Optional[bool] = REQ(
json_validator=check_bool, default=None
),
settings: Validate desktop_icon_display_count value in 'PATCH /settings'.
2021-09-08 16:27:19 +02:00
desktop_icon_count_display: Optional[int] = REQ(
json_validator=check_int_in(UserProfile.DESKTOP_ICON_COUNT_DISPLAY_CHOICES), default=None
),
settings: Merge settings API endpoints. This API change removes unnecessary complexity from a client that wants to change a user's personal settings, and also saves developers from needing to make decisions about what sort of setting something is at the API level. We preserve the old settings endpoints as mapping to the same function as the new one for backwards-compatibility. We delete the documentation for the old endpoints, though the documentation for the merged /settings endpoint mentions how to use the old endpoints when needed. We migrate all backend tests to the new endpoints, except for individual tests for each legacy endpoint to verify they still work. Co-authored-by: sahil839 <sahilbatra839@gmail.com>
2021-07-07 22:08:11 +02:00
realm_name_in_notifications: Optional[bool] = REQ(json_validator=check_bool, default=None),
presence_enabled: Optional[bool] = REQ(json_validator=check_bool, default=None),
api: Remove '/users/me/enter-sends' endpoint. We remove the '/users/me/enter-sends' endpoint and 'enter_sends' setting will now be edited using the '/settings' endpoint.
2021-07-22 18:14:28 +02:00
enter_sends: Optional[bool] = REQ(json_validator=check_bool, default=None),
user_settings: Add settings to configure sending typing notifications. Note: These are not functional in enabling/disabling sending of typing notifications with this commit. Refactored the privacy settings update to keep the code less duplicated along with making the addition of new settings easier.
2021-10-03 08:36:36 +02:00
send_private_typing_notifications: Optional[bool] = REQ(
json_validator=check_bool, default=None
),
send_stream_typing_notifications: Optional[bool] = REQ(json_validator=check_bool, default=None),
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
) -> HttpResponse:
settings: Merge settings API endpoints. This API change removes unnecessary complexity from a client that wants to change a user's personal settings, and also saves developers from needing to make decisions about what sort of setting something is at the API level. We preserve the old settings endpoints as mapping to the same function as the new one for backwards-compatibility. We delete the documentation for the old endpoints, though the documentation for the merged /settings endpoint mentions how to use the old endpoints when needed. We migrate all backend tests to the new endpoints, except for individual tests for each legacy endpoint to verify they still work. Co-authored-by: sahil839 <sahilbatra839@gmail.com>
2021-07-07 22:08:11 +02:00
if (
user_settings: Extract setting values checks to a function. We extract the checks for default_language, notification_sound, and email_notifications_batching_period_seconds setting values in json_change_settings to a new function check_settings_values.
2021-09-09 16:18:00 +02:00
default_language is not None
or notification_sound is not None
or email_notifications_batching_period_seconds is not None
settings: Merge settings API endpoints. This API change removes unnecessary complexity from a client that wants to change a user's personal settings, and also saves developers from needing to make decisions about what sort of setting something is at the API level. We preserve the old settings endpoints as mapping to the same function as the new one for backwards-compatibility. We delete the documentation for the old endpoints, though the documentation for the merged /settings endpoint mentions how to use the old endpoints when needed. We migrate all backend tests to the new endpoints, except for individual tests for each legacy endpoint to verify they still work. Co-authored-by: sahil839 <sahilbatra839@gmail.com>
2021-07-07 22:08:11 +02:00
):
user_settings: Extract setting values checks to a function. We extract the checks for default_language, notification_sound, and email_notifications_batching_period_seconds setting values in json_change_settings to a new function check_settings_values.
2021-09-09 16:18:00 +02:00
check_settings_values(
notification_sound, email_notifications_batching_period_seconds, default_language
api: Allow setting email_notifications_batching_period_seconds. We allow a maximum value of one week to make sure there aren't a huge number of rows in the table for any user (this could happen if stream notifications are enabled). This commit also fixes a small error in the user_settings test.
2021-07-22 10:05:04 +02:00
)
settings: Remove password confirmation in modal. This removes the requirement to confirm your new password. It isn't necessary and can be fixed easily with an email reset if messed up.
2018-01-11 20:28:18 +01:00
if new_password != "":
python: Convert assignment type annotations to Python 3.6 style. This commit was split by tabbott; this piece covers the vast majority of files in Zulip, but excludes scripts/, tools/, and puppet/ to help ensure we at least show the right error messages for Xenial systems. We can likely further refine the remaining pieces with some testing. Generated by com2ann, with whitespace fixes and various manual fixes for runtime issues: - invoiced_through: Optional[LicenseLedger] = models.ForeignKey( + invoiced_through: Optional["LicenseLedger"] = models.ForeignKey( -_apns_client: Optional[APNsClient] = None +_apns_client: Optional["APNsClient"] = None - notifications_stream: Optional[Stream] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) - signup_notifications_stream: Optional[Stream] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) + notifications_stream: Optional["Stream"] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) + signup_notifications_stream: Optional["Stream"] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) - author: Optional[UserProfile] = models.ForeignKey('UserProfile', blank=True, null=True, on_delete=CASCADE) + author: Optional["UserProfile"] = models.ForeignKey('UserProfile', blank=True, null=True, on_delete=CASCADE) - bot_owner: Optional[UserProfile] = models.ForeignKey('self', null=True, on_delete=models.SET_NULL) + bot_owner: Optional["UserProfile"] = models.ForeignKey('self', null=True, on_delete=models.SET_NULL) - default_sending_stream: Optional[Stream] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) - default_events_register_stream: Optional[Stream] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) + default_sending_stream: Optional["Stream"] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) + default_events_register_stream: Optional["Stream"] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) -descriptors_by_handler_id: Dict[int, ClientDescriptor] = {} +descriptors_by_handler_id: Dict[int, "ClientDescriptor"] = {} -worker_classes: Dict[str, Type[QueueProcessingWorker]] = {} -queues: Dict[str, Dict[str, Type[QueueProcessingWorker]]] = {} +worker_classes: Dict[str, Type["QueueProcessingWorker"]] = {} +queues: Dict[str, Dict[str, Type["QueueProcessingWorker"]]] = {} -AUTH_LDAP_REVERSE_EMAIL_SEARCH: Optional[LDAPSearch] = None +AUTH_LDAP_REVERSE_EMAIL_SEARCH: Optional["LDAPSearch"] = None Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-22 01:09:50 +02:00
return_data: Dict[str, Any] = {}
email: Support delivery email in email change system.
2018-08-02 08:47:13 +02:00
if email_belongs_to_ldap(user_profile.realm, user_profile.delivery_email):
python: Migrate most json_error => JsonableError. JsonableError has two major benefits over json_error: * It can be raised from anywhere in the codebase, rather than being a return value, which is much more convenient for refactoring, as one doesn't potentially need to change error handling style when extracting a bit of view code to a function. * It is guaranteed to contain the `code` property, which is helpful for API consistency. Various stragglers are not updated because JsonableError requires subclassing in order to specify custom data or HTTP status codes.
2021-06-30 18:35:50 +02:00
raise JsonableError(_("Your Zulip password is managed in LDAP"))
auth: Handle rate limiting in OurAuthenticationForm and user_settings. These parts of the code should catch the RateLimited exception and generate their own, apprioprate user-facing error message.
2019-12-30 02:21:51 +01:00
try:
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
if not authenticate(
request,
username=user_profile.delivery_email,
password=old_password,
realm=user_profile.realm,
return_data=return_data,
):
python: Migrate most json_error => JsonableError. JsonableError has two major benefits over json_error: * It can be raised from anywhere in the codebase, rather than being a return value, which is much more convenient for refactoring, as one doesn't potentially need to change error handling style when extracting a bit of view code to a function. * It is guaranteed to contain the `code` property, which is helpful for API consistency. Various stragglers are not updated because JsonableError requires subclassing in order to specify custom data or HTTP status codes.
2021-06-30 18:35:50 +02:00
raise JsonableError(_("Wrong password!"))
auth: Handle rate limiting in OurAuthenticationForm and user_settings. These parts of the code should catch the RateLimited exception and generate their own, apprioprate user-facing error message.
2019-12-30 02:21:51 +01:00
except RateLimited as e:
exceptions: Make RateLimited into a subclass of JsonableError. This simplifies the code, as it allows using the mechanism of converting JsonableErrors into a response instead of having separate, but ultimately similar, logic in RateLimitMiddleware. We don't touch tests here because "rate limited" error responses are already verified in test_external.py.
2020-11-27 16:33:01 +01:00
assert e.secs_to_freedom is not None
secs_to_freedom = int(e.secs_to_freedom)
python: Migrate most json_error => JsonableError. JsonableError has two major benefits over json_error: * It can be raised from anywhere in the codebase, rather than being a return value, which is much more convenient for refactoring, as one doesn't potentially need to change error handling style when extracting a bit of view code to a function. * It is guaranteed to contain the `code` property, which is helpful for API consistency. Various stragglers are not updated because JsonableError requires subclassing in order to specify custom data or HTTP status codes.
2021-06-30 18:35:50 +02:00
raise JsonableError(
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
_("You're making too many attempts! Try again in {} seconds.").format(
secs_to_freedom
),
auth: Handle rate limiting in OurAuthenticationForm and user_settings. These parts of the code should catch the RateLimited exception and generate their own, apprioprate user-facing error message.
2019-12-30 02:21:51 +01:00
)
auth: Use zxcvbn to ensure password strength on server side. For a long time, we've been only doing the zxcvbn password strength checks on the browser, which is helpful, but means users could through hackery (or a bug in the frontend validation code) manage to set a too-weak password. We fix this by running our password strength validation on the backend as well, using python-zxcvbn. In theory, a bug in python-zxcvbn could result in it producing a different opinion than the frontend version; if so, it'd be a pretty bad bug in the library, and hopefully we'd hear about it from users, report upstream, and get it fixed that way. Alternatively, we can switch to shelling out to node like we do for KaTeX. Fixes #6880.
2019-11-18 08:11:03 +01:00
if not check_password_strength(new_password):
python: Migrate most json_error => JsonableError. JsonableError has two major benefits over json_error: * It can be raised from anywhere in the codebase, rather than being a return value, which is much more convenient for refactoring, as one doesn't potentially need to change error handling style when extracting a bit of view code to a function. * It is guaranteed to contain the `code` property, which is helpful for API consistency. Various stragglers are not updated because JsonableError requires subclassing in order to specify custom data or HTTP status codes.
2021-06-30 18:35:50 +02:00
raise JsonableError(_("New password is too weak!"))
auth: Handle rate limiting in OurAuthenticationForm and user_settings. These parts of the code should catch the RateLimited exception and generate their own, apprioprate user-facing error message.
2019-12-30 02:21:51 +01:00
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
do_change_password(user_profile, new_password)
Django 1.10: Update session hash when password is changed. Ref: https://docs.djangoproject.com/en/1.10/topics/auth/default/#session-invalidation-on-password-change for details.
2016-11-17 08:56:01 +01:00
# In Django 1.10, password changes invalidates sessions, see
# https://docs.djangoproject.com/en/1.10/topics/auth/default/#session-invalidation-on-password-change
user_settings.py: Use the singular 'they' pronoun.
2017-07-05 11:47:21 +02:00
# for details. To avoid this logging the user out of their own
Django 1.10: Update session hash when password is changed. Ref: https://docs.djangoproject.com/en/1.10/topics/auth/default/#session-invalidation-on-password-change for details.
2016-11-17 08:56:01 +01:00
# session (which would provide a confusing UX at best), we
# update the session hash here.
update_session_auth_hash(request, user_profile)
Django 1.10: Immediately save session to mitigate race conditions.
2016-12-16 11:38:21 +01:00
# We also save the session to the DB immediately to mitigate
# race conditions. In theory, there is still a race condition
# and to completely avoid it we will have to use some kind of
# mutex lock in `django.contrib.auth.get_user` where session
# is verified. To make that lock work we will have to control
# the AuthenticationMiddleware which is currently controlled
# by Django,
request.session.save()
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
python: Convert assignment type annotations to Python 3.6 style. This commit was split by tabbott; this piece covers the vast majority of files in Zulip, but excludes scripts/, tools/, and puppet/ to help ensure we at least show the right error messages for Xenial systems. We can likely further refine the remaining pieces with some testing. Generated by com2ann, with whitespace fixes and various manual fixes for runtime issues: - invoiced_through: Optional[LicenseLedger] = models.ForeignKey( + invoiced_through: Optional["LicenseLedger"] = models.ForeignKey( -_apns_client: Optional[APNsClient] = None +_apns_client: Optional["APNsClient"] = None - notifications_stream: Optional[Stream] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) - signup_notifications_stream: Optional[Stream] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) + notifications_stream: Optional["Stream"] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) + signup_notifications_stream: Optional["Stream"] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE) - author: Optional[UserProfile] = models.ForeignKey('UserProfile', blank=True, null=True, on_delete=CASCADE) + author: Optional["UserProfile"] = models.ForeignKey('UserProfile', blank=True, null=True, on_delete=CASCADE) - bot_owner: Optional[UserProfile] = models.ForeignKey('self', null=True, on_delete=models.SET_NULL) + bot_owner: Optional["UserProfile"] = models.ForeignKey('self', null=True, on_delete=models.SET_NULL) - default_sending_stream: Optional[Stream] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) - default_events_register_stream: Optional[Stream] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) + default_sending_stream: Optional["Stream"] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) + default_events_register_stream: Optional["Stream"] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE) -descriptors_by_handler_id: Dict[int, ClientDescriptor] = {} +descriptors_by_handler_id: Dict[int, "ClientDescriptor"] = {} -worker_classes: Dict[str, Type[QueueProcessingWorker]] = {} -queues: Dict[str, Dict[str, Type[QueueProcessingWorker]]] = {} +worker_classes: Dict[str, Type["QueueProcessingWorker"]] = {} +queues: Dict[str, Dict[str, Type["QueueProcessingWorker"]]] = {} -AUTH_LDAP_REVERSE_EMAIL_SEARCH: Optional[LDAPSearch] = None +AUTH_LDAP_REVERSE_EMAIL_SEARCH: Optional["LDAPSearch"] = None Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-22 01:09:50 +02:00
result: Dict[str, Any] = {}
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
new_email = email.strip()
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
if user_profile.delivery_email != new_email and new_email != "":
settings: Allow admin to change email/name even if it is disabled in realm. Allow realm admin users to change their email or name even, changing name or email is disabled in realm.
2018-02-02 16:54:26 +01:00
if user_profile.realm.email_changes_disabled and not user_profile.is_realm_admin:
python: Migrate most json_error => JsonableError. JsonableError has two major benefits over json_error: * It can be raised from anywhere in the codebase, rather than being a return value, which is much more convenient for refactoring, as one doesn't potentially need to change error handling style when extracting a bit of view code to a function. * It is guaranteed to contain the `code` property, which is helpful for API consistency. Various stragglers are not updated because JsonableError requires subclassing in order to specify custom data or HTTP status codes.
2021-06-30 18:35:50 +02:00
raise JsonableError(_("Email address changes are disabled in this organization."))
user settings: Inline call to validate_email. We are trying to elminate the version of `validate_email` that lives in `actions.py`. Inlining it barely increases the code size, and it removes some noise related the three-item tuple that `check_incoming_email` returns.
2020-03-04 14:40:30 +01:00
error = validate_email_is_valid(
new_email,
get_realm_email_validator(user_profile.realm),
)
mypy: Split email validation error handling in json_change_settings.
2017-09-25 07:18:42 +02:00
if error:
python: Migrate most json_error => JsonableError. JsonableError has two major benefits over json_error: * It can be raised from anywhere in the codebase, rather than being a return value, which is much more convenient for refactoring, as one doesn't potentially need to change error handling style when extracting a bit of view code to a function. * It is guaranteed to contain the `code` property, which is helpful for API consistency. Various stragglers are not updated because JsonableError requires subclassing in order to specify custom data or HTTP status codes.
2021-06-30 18:35:50 +02:00
raise JsonableError(error)
user settings: Inline call to validate_email. We are trying to elminate the version of `validate_email` that lives in `actions.py`. Inlining it barely increases the code size, and it removes some noise related the three-item tuple that `check_incoming_email` returns.
2020-03-04 14:40:30 +01:00
try:
validate_email_not_already_in_realm(
user_profile.realm,
new_email,
refactor: Avoid hacky use of ValidationError.code. We were using `code` to pass around messages. The `code` field is designed to be a code, not a human-readable message. It's possible that we don't actually need two flavors of messages for these type of validations, but I didn't want to change that yet. We **definitely** don't need to put two types of message in the exception, so I fix that. Instead, I just have the caller ask what level of detail it needs. I added a non-verbose message for the case of system bots. I removed the non-translated version of the message for deactivated accounts, which didn't have test coverage and is slightly more prone to leaking email info that we don't want to leak.
2020-03-05 17:24:47 +01:00
verbose=False,
user settings: Inline call to validate_email. We are trying to elminate the version of `validate_email` that lives in `actions.py`. Inlining it barely increases the code size, and it removes some noise related the three-item tuple that `check_incoming_email` returns.
2020-03-04 14:40:30 +01:00
)
except ValidationError as e:
python: Migrate most json_error => JsonableError. JsonableError has two major benefits over json_error: * It can be raised from anywhere in the codebase, rather than being a return value, which is much more convenient for refactoring, as one doesn't potentially need to change error handling style when extracting a bit of view code to a function. * It is guaranteed to contain the `code` property, which is helpful for API consistency. Various stragglers are not updated because JsonableError requires subclassing in order to specify custom data or HTTP status codes.
2021-06-30 18:35:50 +02:00
raise JsonableError(e.message)
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
do_start_email_change_process(user_profile, new_email)
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
if user_profile.full_name != full_name and full_name.strip() != "":
settings: Allow admin to change email/name even if it is disabled in realm. Allow realm admin users to change their email or name even, changing name or email is disabled in realm.
2018-02-02 16:54:26 +01:00
if name_changes_disabled(user_profile.realm) and not user_profile.is_realm_admin:
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
# Failingly silently is fine -- they can't do it through the UI, so
# they'd have to be trying to break the rules.
pass
else:
users: Consolidate name change enforcement logic. This has the side effect of fixing an issue where one could edit a bot to have an invalid name.
2017-02-08 04:39:55 +01:00
# Note that check_change_full_name strips the passed name automatically
api: Remove "full_name" and "account_email" from response of '/settings'. We remove the "full_name" and "account_email" fields from the response of 'PATCH /settings' endpoint. These fields were part of the response to make sure that we tell that the parameters not present in response were ignored. We can remove these fields as 'ignored_parameters_unsupported' now specifies which parameters were ignored and not supported by the endpoint.
2021-07-15 18:31:34 +02:00
check_change_full_name(user_profile, full_name, user_profile)
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
settings: Merge settings API endpoints. This API change removes unnecessary complexity from a client that wants to change a user's personal settings, and also saves developers from needing to make decisions about what sort of setting something is at the API level. We preserve the old settings endpoints as mapping to the same function as the new one for backwards-compatibility. We delete the documentation for the old endpoints, though the documentation for the merged /settings endpoint mentions how to use the old endpoints when needed. We migrate all backend tests to the new endpoints, except for individual tests for each legacy endpoint to verify they still work. Co-authored-by: sahil839 <sahilbatra839@gmail.com>
2021-07-07 22:08:11 +02:00
# Loop over user_profile.property_types
settings: Remove do_change_notification_settings function. This commit removes the do_change_notification_settings function and we use do_change_user_setting directly to change all the user settings now.
2021-09-08 15:36:08 +02:00
request_settings = {k: v for k, v in list(locals().items()) if k in user_profile.property_types}
views: Use property_types for display settings. This reduces semi-duplicated code here.
2017-05-22 21:07:35 +02:00
for k, v in list(request_settings.items()):
if v is not None and getattr(user_profile, k) != v:
settings: Refactor callers of do_change_user_setting to pass acting_user.
2021-09-08 13:25:50 +02:00
do_change_user_setting(user_profile, k, v, acting_user=user_profile)
notifications: Add a setting for changing the notification sound. Also, add a new notification sound, "ding". It comes from https://freesound.org, where the original Zulip notification sound comes from as well. In the future, new sounds can be added by adding audio files to the `static/audio/notification_sounds` directory. Tweaked significantly by tabbott: * Avoided removing static/audio/zulip.ogg, because that file is checked for by old versions of the desktop app. * Added a views check for the sound being valid + tests. * Added additional tests. * Restructured the test_events test to be cleaner. * Removed check_bool_or_string. * Increased max length of notification_sound. * Provide available_notification_sounds in events data set if global notifications settings are requested. Fixes #8051.
2018-01-11 21:36:11 +01:00
settings: Merge settings API endpoints. This API change removes unnecessary complexity from a client that wants to change a user's personal settings, and also saves developers from needing to make decisions about what sort of setting something is at the API level. We preserve the old settings endpoints as mapping to the same function as the new one for backwards-compatibility. We delete the documentation for the old endpoints, though the documentation for the merged /settings endpoint mentions how to use the old endpoints when needed. We migrate all backend tests to the new endpoints, except for individual tests for each legacy endpoint to verify they still work. Co-authored-by: sahil839 <sahilbatra839@gmail.com>
2021-07-07 22:08:11 +02:00
if timezone is not None and user_profile.timezone != timezone:
settings: Refactor callers of do_change_user_setting to pass acting_user.
2021-09-08 13:25:50 +02:00
do_change_user_setting(user_profile, "timezone", timezone, acting_user=user_profile)
settings: Merge settings API endpoints. This API change removes unnecessary complexity from a client that wants to change a user's personal settings, and also saves developers from needing to make decisions about what sort of setting something is at the API level. We preserve the old settings endpoints as mapping to the same function as the new one for backwards-compatibility. We delete the documentation for the old endpoints, though the documentation for the merged /settings endpoint mentions how to use the old endpoints when needed. We migrate all backend tests to the new endpoints, except for individual tests for each legacy endpoint to verify they still work. Co-authored-by: sahil839 <sahilbatra839@gmail.com>
2021-07-07 22:08:11 +02:00
# TODO: Do this more generally.
request: Refactor ZulipRequestNotes to RequestNotes. This utilizes the generic `BaseNotes` we added for multipurpose patching. With this migration as an example, we can further support more types of notes to replace the monkey-patching approach we have used throughout the codebase for type safety.
2021-08-21 19:24:20 +02:00
from zerver.lib.request import RequestNotes
settings: Merge settings API endpoints. This API change removes unnecessary complexity from a client that wants to change a user's personal settings, and also saves developers from needing to make decisions about what sort of setting something is at the API level. We preserve the old settings endpoints as mapping to the same function as the new one for backwards-compatibility. We delete the documentation for the old endpoints, though the documentation for the merged /settings endpoint mentions how to use the old endpoints when needed. We migrate all backend tests to the new endpoints, except for individual tests for each legacy endpoint to verify they still work. Co-authored-by: sahil839 <sahilbatra839@gmail.com>
2021-07-07 22:08:11 +02:00
request: Refactor ZulipRequestNotes to RequestNotes. This utilizes the generic `BaseNotes` we added for multipurpose patching. With this migration as an example, we can further support more types of notes to replace the monkey-patching approach we have used throughout the codebase for type safety.
2021-08-21 19:24:20 +02:00
request_notes = RequestNotes.get_notes(request)
settings: Merge settings API endpoints. This API change removes unnecessary complexity from a client that wants to change a user's personal settings, and also saves developers from needing to make decisions about what sort of setting something is at the API level. We preserve the old settings endpoints as mapping to the same function as the new one for backwards-compatibility. We delete the documentation for the old endpoints, though the documentation for the merged /settings endpoint mentions how to use the old endpoints when needed. We migrate all backend tests to the new endpoints, except for individual tests for each legacy endpoint to verify they still work. Co-authored-by: sahil839 <sahilbatra839@gmail.com>
2021-07-07 22:08:11 +02:00
for req_var in request.POST:
if req_var not in request_notes.processed_parameters:
request_notes.ignored_parameters.add(req_var)
if len(request_notes.ignored_parameters) > 0:
result["ignored_parameters_unsupported"] = list(request_notes.ignored_parameters)
Add setting hiding private message content in desktop notifications. Tweaked by tabbott to fix a refactoring bug, set the default to True, fix the real-time sync, and add tests for this. Fixes #2355.
2016-12-07 17:29:12 +01:00
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
return json_success(result)
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
zerver/views: Use Python 3 syntax for typing. Edited by tabbott to remove state.py and streams.py, because of problems with the original PR's changes, and wrap some long lines.
2017-11-27 09:28:57 +01:00
def set_avatar_backend(request: HttpRequest, user_profile: UserProfile) -> HttpResponse:
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
if len(request.FILES) != 1:
python: Migrate most json_error => JsonableError. JsonableError has two major benefits over json_error: * It can be raised from anywhere in the codebase, rather than being a return value, which is much more convenient for refactoring, as one doesn't potentially need to change error handling style when extracting a bit of view code to a function. * It is guaranteed to contain the `code` property, which is helpful for API consistency. Various stragglers are not updated because JsonableError requires subclassing in order to specify custom data or HTTP status codes.
2021-06-30 18:35:50 +02:00
raise JsonableError(_("You must upload exactly one avatar."))
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
realm: Add setting to disable avatar changes. This is useful when syncing avatars from an integrated LDAP/active directory. The upload avatar and delete avatar buttons are hidden if avatar changes are disabled and the user is a non-admin. If the user has a gravatar set, then the user will not be able to upload an image as their avatar if avatar changes are disabled. Part of #12132.
2019-04-23 04:51:04 +02:00
if avatar_changes_disabled(user_profile.realm) and not user_profile.is_realm_admin:
python: Migrate most json_error => JsonableError. JsonableError has two major benefits over json_error: * It can be raised from anywhere in the codebase, rather than being a return value, which is much more convenient for refactoring, as one doesn't potentially need to change error handling style when extracting a bit of view code to a function. * It is guaranteed to contain the `code` property, which is helpful for API consistency. Various stragglers are not updated because JsonableError requires subclassing in order to specify custom data or HTTP status codes.
2021-06-30 18:35:50 +02:00
raise JsonableError(str(AVATAR_CHANGES_DISABLED_ERROR))
realm: Add setting to disable avatar changes. This is useful when syncing avatars from an integrated LDAP/active directory. The upload avatar and delete avatar buttons are hidden if avatar changes are disabled and the user is a non-admin. If the user has a gravatar set, then the user will not be able to upload an image as their avatar if avatar changes are disabled. Part of #12132.
2019-04-23 04:51:04 +02:00
python3: Fix usage of .keys()/.values() to handle iterators. This fixes the places where we use the result of .keys(), .items(), and .values() that wouldn't work with an iterator to wrap them with list().
2016-01-25 01:27:18 +01:00
user_file = list(request.FILES.values())[0]
settings: Rename MAX_AVATAR_FILE_SIZE. Rename MAX_AVATAR_FILE_SIZE to MAX_AVATAR_FILE_SIZE_MIB reflecting size in mebibytes.
2021-05-29 08:51:07 +02:00
if (settings.MAX_AVATAR_FILE_SIZE_MIB * 1024 * 1024) < user_file.size:
python: Migrate most json_error => JsonableError. JsonableError has two major benefits over json_error: * It can be raised from anywhere in the codebase, rather than being a return value, which is much more convenient for refactoring, as one doesn't potentially need to change error handling style when extracting a bit of view code to a function. * It is guaranteed to contain the `code` property, which is helpful for API consistency. Various stragglers are not updated because JsonableError requires subclassing in order to specify custom data or HTTP status codes.
2021-06-30 18:35:50 +02:00
raise JsonableError(
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
_("Uploaded file is larger than the allowed limit of {} MiB").format(
settings: Rename MAX_AVATAR_FILE_SIZE. Rename MAX_AVATAR_FILE_SIZE to MAX_AVATAR_FILE_SIZE_MIB reflecting size in mebibytes.
2021-05-29 08:51:07 +02:00
settings.MAX_AVATAR_FILE_SIZE_MIB,
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
)
)
Refactor: Change upload_avatar_image to accept two user profiles. In this commit we just change the upload_avatar_image function to accept two user_profiles acting_user_profile and target_user_profile. Basically email param is dropped for a target_user_profile so that avatar's could be moved lateron to user id based storage.
2017-03-02 16:21:46 +01:00
upload_avatar_image(user_file, user_profile, user_profile)
audit_log: Log acting_user in do_change_avatar_fields.
2020-06-29 12:47:44 +02:00
do_change_avatar_fields(user_profile, UserProfile.AVATAR_FROM_USER, acting_user=user_profile)
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
user_avatar_url = avatar_url(user_profile)
json_result = dict(
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
avatar_url=user_avatar_url,
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
)
return json_success(json_result)
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
zerver/views: Use Python 3 syntax for typing. Edited by tabbott to remove state.py and streams.py, because of problems with the original PR's changes, and wrap some long lines.
2017-11-27 09:28:57 +01:00
def delete_avatar_backend(request: HttpRequest, user_profile: UserProfile) -> HttpResponse:
realm: Add setting to disable avatar changes. This is useful when syncing avatars from an integrated LDAP/active directory. The upload avatar and delete avatar buttons are hidden if avatar changes are disabled and the user is a non-admin. If the user has a gravatar set, then the user will not be able to upload an image as their avatar if avatar changes are disabled. Part of #12132.
2019-04-23 04:51:04 +02:00
if avatar_changes_disabled(user_profile.realm) and not user_profile.is_realm_admin:
python: Migrate most json_error => JsonableError. JsonableError has two major benefits over json_error: * It can be raised from anywhere in the codebase, rather than being a return value, which is much more convenient for refactoring, as one doesn't potentially need to change error handling style when extracting a bit of view code to a function. * It is guaranteed to contain the `code` property, which is helpful for API consistency. Various stragglers are not updated because JsonableError requires subclassing in order to specify custom data or HTTP status codes.
2021-06-30 18:35:50 +02:00
raise JsonableError(str(AVATAR_CHANGES_DISABLED_ERROR))
realm: Add setting to disable avatar changes. This is useful when syncing avatars from an integrated LDAP/active directory. The upload avatar and delete avatar buttons are hidden if avatar changes are disabled and the user is a non-admin. If the user has a gravatar set, then the user will not be able to upload an image as their avatar if avatar changes are disabled. Part of #12132.
2019-04-23 04:51:04 +02:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
do_change_avatar_fields(
user_profile, UserProfile.AVATAR_FROM_GRAVATAR, acting_user=user_profile
)
settings: Implement delete avatar functionality
2016-12-21 18:34:03 +01:00
gravatar_url = avatar_url(user_profile)
json_result = dict(
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
avatar_url=gravatar_url,
settings: Implement delete avatar functionality
2016-12-21 18:34:03 +01:00
)
return json_success(json_result)
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
decorators: Use human_users_only more aggressively.
2017-10-28 00:16:13 +02:00
# We don't use @human_users_only here, because there are use cases for
# a bot regenerating its own API key.
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
@has_request_variables
zerver/views: Use Python 3 syntax for typing. Edited by tabbott to remove state.py and streams.py, because of problems with the original PR's changes, and wrap some long lines.
2017-11-27 09:28:57 +01:00
def regenerate_api_key(request: HttpRequest, user_profile: UserProfile) -> HttpResponse:
actions: Make do_regenerate_api_key return the new key. This way, the new API key can be fetched without needing to read it from the UserProfile object.
2018-08-10 21:03:32 +02:00
new_api_key = do_regenerate_api_key(user_profile, user_profile)
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
json_result = dict(
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
api_key=new_api_key,
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
)
return json_success(json_result)