Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zulip/zerver/views/user_settings.py

270 lines
13 KiB
Python
Raw Normal View History

views: Change use of typing.Text to str. This is the first part of a general migration of our typing codebase to use the simpler `str` for strings.
2018-04-24 03:47:28 +02:00
from typing import Optional, Any, Dict
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
user settings: Inline call to validate_email. We are trying to elminate the version of `validate_email` that lives in `actions.py`. Inlining it barely increases the code size, and it removes some noise related the three-item tuple that `check_incoming_email` returns.
2020-03-04 14:40:30 +01:00
from django.core.exceptions import ValidationError
[i18n] Make error messages translatable. Make all strings passing through `json_error` and `JsonableError` translatable. Fixes #727
2016-05-25 15:02:02 +02:00
from django.utils.translation import ugettext as _
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
from django.conf import settings
Django 1.10: Update session hash when password is changed. Ref: https://docs.djangoproject.com/en/1.10/topics/auth/default/#session-invalidation-on-password-change for details.
2016-11-17 08:56:01 +01:00
from django.contrib.auth import authenticate, update_session_auth_hash
Annotate zerver/views/user_settings.
2016-06-05 02:15:26 +02:00
from django.http import HttpRequest, HttpResponse
views: Remove unused imports. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2019-02-02 23:53:22 +01:00
from django.shortcuts import render
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
decorator: Cut a bunch of dead imports of two view decorators. Saw these when grepping for these two decorators; they're actually more numerous than the surviving use sites are. Cut out the noise.
2017-11-04 00:59:22 +01:00
from zerver.decorator import has_request_variables, \
views: Remove unused imports. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2019-02-02 23:53:22 +01:00
REQ, human_users_only
settings: Remove autoscroll_forever setting. Fixes #6845
2017-12-27 13:17:58 +01:00
from zerver.lib.actions import do_change_password, do_change_notification_settings, \
settings: Remove obsolete default_desktop_notifications setting. This actually hasn't been hooked up to do anything in years. While we're at it, we remove the entire "Zulip Labs" settings page.
2018-04-28 22:35:18 +02:00
do_change_enter_sends, do_regenerate_api_key, do_change_avatar_fields, \
user settings: Inline call to validate_email. We are trying to elminate the version of `validate_email` that lives in `actions.py`. Inlining it barely increases the code size, and it removes some noise related the three-item tuple that `check_incoming_email` returns.
2020-03-04 14:40:30 +01:00
do_set_user_display_setting, do_change_user_delivery_email, \
views: Remove unused imports. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2019-02-02 23:53:22 +01:00
do_start_email_change_process, check_change_full_name, \
refactor: Move validate_email_not_already_in_realm. We move this to email_validation.py.
2020-03-05 16:56:08 +01:00
get_available_notification_sounds, validate_email_is_valid
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
from zerver.lib.avatar import avatar_url
refactor: Move validate_email_not_already_in_realm. We move this to email_validation.py.
2020-03-05 16:56:08 +01:00
from zerver.lib.email_validation import get_realm_email_validator, \
validate_email_not_already_in_realm
emails: Remove the display_email function. No longer needed, since this now only appears in build_email.
2017-07-11 06:13:23 +02:00
from zerver.lib.send_email import send_email, FromAddress
Move i18n functions from zerver/views/__init__.py to zerver/lib/i18n.py
2016-08-05 22:28:25 +02:00
from zerver.lib.i18n import get_available_language_codes
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
from zerver.lib.response import json_success, json_error
from zerver.lib.upload import upload_avatar_image
settings: Use cleaner validators for display settings. This simplifies the update_display_settings endpoint to use REQ for validation, rather than custom if/else statements. The test changes just take advantage of the now more consistent syntax.
2020-04-04 00:06:39 +02:00
from zerver.lib.validator import check_bool, check_string, check_int, check_int_in, \
check_string_in
rate_limiter: Put secs_to_freedom as message when raising RateLimited. That's the value that matters to the code that catches the exception, and this change allows simplifying the plumbing somewhat, and gets rid of the get_rate_limit_result_from_request function.
2020-04-01 13:13:06 +02:00
from zerver.lib.rate_limiter import RateLimited
Add validation and tests for default language setting.
2016-07-31 10:02:42 +02:00
from zerver.lib.request import JsonableError
Add timezone field in UserProfile. Implements backend of #1506.
2017-03-14 10:53:09 +01:00
from zerver.lib.timezone import get_all_timezones
realm: Add setting to disable avatar changes. This is useful when syncing avatars from an integrated LDAP/active directory. The upload avatar and delete avatar buttons are hidden if avatar changes are disabled and the user is a non-admin. If the user has a gravatar set, then the user will not be able to upload an image as their avatar if avatar changes are disabled. Part of #12132.
2019-04-23 04:51:04 +02:00
from zerver.models import UserProfile, name_changes_disabled, avatar_changes_disabled
confirmation: Use ConfirmationKeyException in get_object_from_key. Fixes #5739.
2017-07-22 00:27:45 +02:00
from confirmation.models import get_object_from_key, render_confirmation_key_error, \
confirmation: Add confirmation_type to get_object_from_key. This change: * Prevents weird potential attacks like taking a valid confirmation link (say an unsubscribe link), and putting it into the URL of a multiuse invite link. I don't know of any such attacks one could do right now, but reasoning about it is complicated. * Makes the code easier to read, and in the case of confirmation/views.py, exposes something that needed refactoring anyway (USER_REGISTRATION and INVITATION should have different endpoints, and both of those endpoints should be in zerver/views/registration, not this file).
2017-11-01 21:07:39 +01:00
ConfirmationKeyException, Confirmation
auth: Use zxcvbn to ensure password strength on server side. For a long time, we've been only doing the zxcvbn password strength checks on the browser, which is helpful, but means users could through hackery (or a bug in the frontend validation code) manage to set a too-weak password. We fix this by running our password strength validation on the backend as well, using python-zxcvbn. In theory, a bug in python-zxcvbn could result in it producing a different opinion than the frontend version; if so, it'd be a pretty bad bug in the library, and hopefully we'd hear about it from users, report upstream, and get it fixed that way. Alternatively, we can switch to shelling out to node like we do for KaTeX. Fixes #6880.
2019-11-18 08:11:03 +01:00
from zproject.backends import email_belongs_to_ldap, check_password_strength
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
realm: Add setting to disable avatar changes. This is useful when syncing avatars from an integrated LDAP/active directory. The upload avatar and delete avatar buttons are hidden if avatar changes are disabled and the user is a non-admin. If the user has a gravatar set, then the user will not be able to upload an image as their avatar if avatar changes are disabled. Part of #12132.
2019-04-23 04:51:04 +02:00
AVATAR_CHANGES_DISABLED_ERROR = _("Avatar changes are disabled in this organization.")
zerver/views: Use Python 3 syntax for typing. Edited by tabbott to remove state.py and streams.py, because of problems with the original PR's changes, and wrap some long lines.
2017-11-27 09:28:57 +01:00
def confirm_email_change(request: HttpRequest, confirmation_key: str) -> HttpResponse:
confirmation: Use ConfirmationKeyException in get_object_from_key. Fixes #5739.
2017-07-22 00:27:45 +02:00
try:
email change: Refactor confirmation path for readability. Removes an assert, which at this point is there just for readability, since the second argument to get_object_from_key(confirmation_key, Confirmation.EMAIL_CHANGE) ensures that the returned object is of the correct type.
2017-11-07 20:45:11 +01:00
email_change_object = get_object_from_key(confirmation_key, Confirmation.EMAIL_CHANGE)
confirmation: Use ConfirmationKeyException in get_object_from_key. Fixes #5739.
2017-07-22 00:27:45 +02:00
except ConfirmationKeyException as exception:
return render_confirmation_key_error(request, exception)
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
email change: Refactor confirmation path for readability. Removes an assert, which at this point is there just for readability, since the second argument to get_object_from_key(confirmation_key, Confirmation.EMAIL_CHANGE) ensures that the returned object is of the correct type.
2017-11-07 20:45:11 +01:00
new_email = email_change_object.new_email
old_email = email_change_object.old_email
user_profile = email_change_object.user_profile
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
settings: Allow admin to change email/name even if it is disabled in realm. Allow realm admin users to change their email or name even, changing name or email is disabled in realm.
2018-02-02 16:54:26 +01:00
if user_profile.realm.email_changes_disabled and not user_profile.is_realm_admin:
email change: Use confirmation object user to determine changeability. Seems like the more logical check. Also, the previous code makes it feel like there is a potential vulnerability where one could get an email change object in a realm where email changes are disabled, and then open that link while logged in to a different realm. While we're at it, remove the unnecessary check that the user is logged in when clicking the confirmation link; that creates unnecessary trouble for users who use multiple browsers.
2017-11-07 20:48:32 +01:00
raise JsonableError(_("Email address changes are disabled in this organization."))
email: Support delivery email in email change system.
2018-08-02 08:47:13 +02:00
do_change_user_delivery_email(user_profile, new_email)
confirmation: Use ConfirmationKeyException in get_object_from_key. Fixes #5739.
2017-07-22 00:27:45 +02:00
emails: Pass realm_name instead of realm in notify_change_in_email context.
2018-04-30 17:35:21 +02:00
context = {'realm_name': user_profile.realm.name, 'new_email': new_email}
emails: Translate from_name of account security emails.
2020-02-14 13:58:58 +01:00
language = user_profile.default_language
send_email: Add support for multiple recipients. This adds a function that sends provided email to all administrators of a realm, but in a single email. As a result, send_email now takes arguments to_user_ids and to_emails instead of to_user_id and to_email. We adjust other APIs to match, but note that send_future_email does not yet support the multiple recipients model for good reasons. Tweaked by tabbott to modify `manage.py deliver_email` to handle backwards-compatibily for any ScheduledEmail objects already in the database. Fixes #10896.
2018-12-03 23:26:51 +01:00
send_email('zerver/emails/notify_change_in_email', to_emails=[old_email],
emails: Translate from_name of account security emails.
2020-02-14 13:58:58 +01:00
from_name=FromAddress.security_email_from_name(user_profile=user_profile),
from_address=FromAddress.SUPPORT, language=language,
context=context)
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
ctx = {
'new_email': new_email,
'old_email': old_email,
}
return render(request, 'confirmation/confirm_email_change.html', context=ctx)
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
settings: Migrate main settings-change code to API. This was one of the few major remaining endpoints that were still on the old-style legacy API.
2017-07-31 20:44:52 +02:00
@human_users_only
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
@has_request_variables
mypy: Use Python 3 type syntax in user_settings.py
2017-12-04 09:56:07 +01:00
def json_change_settings(request: HttpRequest, user_profile: UserProfile,
views: Change use of typing.Text to str. This is the first part of a general migration of our typing codebase to use the simpler `str` for strings.
2018-04-24 03:47:28 +02:00
full_name: str=REQ(default=""),
email: str=REQ(default=""),
old_password: str=REQ(default=""),
new_password: str=REQ(default="")) -> HttpResponse:
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
if not (full_name or new_password or email):
settings: Change error for "no data" to something more friendly.
2018-01-11 20:28:44 +01:00
return json_error(_("Please fill out all fields."))
Require non-empty full_name or password in json_change_settings
2016-07-23 22:22:25 +02:00
settings: Remove password confirmation in modal. This removes the requirement to confirm your new password. It isn't necessary and can be fixed easily with an email reset if messed up.
2018-01-11 20:28:18 +01:00
if new_password != "":
user_settings: Prevent LDAP users from setting a Zulip password. Previously, if both EmailAuthBackend and LDAPAuthBackend were enabled, LDAP users could set a password using EmailAuthBackend and continue to use that password, even if their LDAP account was later deactivated. That configuration wasn't supported at all before, so this doesn't fix a pre-existing security issue, but now that we're making that a valid configuration, we need to cover this case.
2018-05-29 07:25:08 +02:00
return_data = {} # type: Dict[str, Any]
email: Support delivery email in email change system.
2018-08-02 08:47:13 +02:00
if email_belongs_to_ldap(user_profile.realm, user_profile.delivery_email):
user_settings: Prevent LDAP users from setting a Zulip password. Previously, if both EmailAuthBackend and LDAPAuthBackend were enabled, LDAP users could set a password using EmailAuthBackend and continue to use that password, even if their LDAP account was later deactivated. That configuration wasn't supported at all before, so this doesn't fix a pre-existing security issue, but now that we're making that a valid configuration, we need to cover this case.
2018-05-29 07:25:08 +02:00
return json_error(_("Your Zulip password is managed in LDAP"))
auth: Handle rate limiting in OurAuthenticationForm and user_settings. These parts of the code should catch the RateLimited exception and generate their own, apprioprate user-facing error message.
2019-12-30 02:21:51 +01:00
try:
if not authenticate(request, username=user_profile.delivery_email, password=old_password,
realm=user_profile.realm, return_data=return_data):
return json_error(_("Wrong password!"))
except RateLimited as e:
rate_limiter: Put secs_to_freedom as message when raising RateLimited. That's the value that matters to the code that catches the exception, and this change allows simplifying the plumbing somewhat, and gets rid of the get_rate_limit_result_from_request function.
2020-04-01 13:13:06 +02:00
secs_to_freedom = int(float(str(e)))
auth: Handle rate limiting in OurAuthenticationForm and user_settings. These parts of the code should catch the RateLimited exception and generate their own, apprioprate user-facing error message.
2019-12-30 02:21:51 +01:00
return json_error(
_("You're making too many attempts! Try again in %s seconds.") % (secs_to_freedom,)
)
auth: Use zxcvbn to ensure password strength on server side. For a long time, we've been only doing the zxcvbn password strength checks on the browser, which is helpful, but means users could through hackery (or a bug in the frontend validation code) manage to set a too-weak password. We fix this by running our password strength validation on the backend as well, using python-zxcvbn. In theory, a bug in python-zxcvbn could result in it producing a different opinion than the frontend version; if so, it'd be a pretty bad bug in the library, and hopefully we'd hear about it from users, report upstream, and get it fixed that way. Alternatively, we can switch to shelling out to node like we do for KaTeX. Fixes #6880.
2019-11-18 08:11:03 +01:00
if not check_password_strength(new_password):
return json_error(_("New password is too weak!"))
auth: Handle rate limiting in OurAuthenticationForm and user_settings. These parts of the code should catch the RateLimited exception and generate their own, apprioprate user-facing error message.
2019-12-30 02:21:51 +01:00
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
do_change_password(user_profile, new_password)
Django 1.10: Update session hash when password is changed. Ref: https://docs.djangoproject.com/en/1.10/topics/auth/default/#session-invalidation-on-password-change for details.
2016-11-17 08:56:01 +01:00
# In Django 1.10, password changes invalidates sessions, see
# https://docs.djangoproject.com/en/1.10/topics/auth/default/#session-invalidation-on-password-change
user_settings.py: Use the singular 'they' pronoun.
2017-07-05 11:47:21 +02:00
# for details. To avoid this logging the user out of their own
Django 1.10: Update session hash when password is changed. Ref: https://docs.djangoproject.com/en/1.10/topics/auth/default/#session-invalidation-on-password-change for details.
2016-11-17 08:56:01 +01:00
# session (which would provide a confusing UX at best), we
# update the session hash here.
update_session_auth_hash(request, user_profile)
Django 1.10: Immediately save session to mitigate race conditions.
2016-12-16 11:38:21 +01:00
# We also save the session to the DB immediately to mitigate
# race conditions. In theory, there is still a race condition
# and to completely avoid it we will have to use some kind of
# mutex lock in `django.contrib.auth.get_user` where session
# is verified. To make that lock work we will have to control
# the AuthenticationMiddleware which is currently controlled
# by Django,
request.session.save()
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
views: Use property_types for display settings. This reduces semi-duplicated code here.
2017-05-22 21:07:35 +02:00
result = {} # type: Dict[str, Any]
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
new_email = email.strip()
email: Support delivery email in email change system.
2018-08-02 08:47:13 +02:00
if user_profile.delivery_email != new_email and new_email != '':
settings: Allow admin to change email/name even if it is disabled in realm. Allow realm admin users to change their email or name even, changing name or email is disabled in realm.
2018-02-02 16:54:26 +01:00
if user_profile.realm.email_changes_disabled and not user_profile.is_realm_admin:
user_settings: Clean up error messages and tests for email change.
2017-03-05 02:18:42 +01:00
return json_error(_("Email address changes are disabled in this organization."))
user settings: Inline call to validate_email. We are trying to elminate the version of `validate_email` that lives in `actions.py`. Inlining it barely increases the code size, and it removes some noise related the three-item tuple that `check_incoming_email` returns.
2020-03-04 14:40:30 +01:00
error = validate_email_is_valid(
new_email,
get_realm_email_validator(user_profile.realm),
)
mypy: Split email validation error handling in json_change_settings.
2017-09-25 07:18:42 +02:00
if error:
return json_error(error)
user settings: Inline call to validate_email. We are trying to elminate the version of `validate_email` that lives in `actions.py`. Inlining it barely increases the code size, and it removes some noise related the three-item tuple that `check_incoming_email` returns.
2020-03-04 14:40:30 +01:00
try:
validate_email_not_already_in_realm(
user_profile.realm,
new_email,
refactor: Avoid hacky use of ValidationError.code. We were using `code` to pass around messages. The `code` field is designed to be a code, not a human-readable message. It's possible that we don't actually need two flavors of messages for these type of validations, but I didn't want to change that yet. We **definitely** don't need to put two types of message in the exception, so I fix that. Instead, I just have the caller ask what level of detail it needs. I added a non-verbose message for the case of system bots. I removed the non-translated version of the message for deactivated accounts, which didn't have test coverage and is slightly more prone to leaking email info that we don't want to leak.
2020-03-05 17:24:47 +01:00
verbose=False,
user settings: Inline call to validate_email. We are trying to elminate the version of `validate_email` that lives in `actions.py`. Inlining it barely increases the code size, and it removes some noise related the three-item tuple that `check_incoming_email` returns.
2020-03-04 14:40:30 +01:00
)
except ValidationError as e:
refactor: Avoid hacky use of ValidationError.code. We were using `code` to pass around messages. The `code` field is designed to be a code, not a human-readable message. It's possible that we don't actually need two flavors of messages for these type of validations, but I didn't want to change that yet. We **definitely** don't need to put two types of message in the exception, so I fix that. Instead, I just have the caller ask what level of detail it needs. I added a non-verbose message for the case of system bots. I removed the non-translated version of the message for deactivated accounts, which didn't have test coverage and is slightly more prone to leaking email info that we don't want to leak.
2020-03-05 17:24:47 +01:00
return json_error(e.message)
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
do_start_email_change_process(user_profile, new_email)
settings: Mention about /emails after sending change email mail.
2017-10-02 23:27:22 +02:00
result['account_email'] = _("Check your email for a confirmation link. ")
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
if user_profile.full_name != full_name and full_name.strip() != "":
settings: Allow admin to change email/name even if it is disabled in realm. Allow realm admin users to change their email or name even, changing name or email is disabled in realm.
2018-02-02 16:54:26 +01:00
if name_changes_disabled(user_profile.realm) and not user_profile.is_realm_admin:
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
# Failingly silently is fine -- they can't do it through the UI, so
# they'd have to be trying to break the rules.
pass
else:
users: Consolidate name change enforcement logic. This has the side effect of fixing an issue where one could edit a bot to have an invalid name.
2017-02-08 04:39:55 +01:00
# Note that check_change_full_name strips the passed name automatically
Switch change_full_name to use RealmAuditLog. This requires adding an `acting_user` parameter to the `do_change_bot_owner` function.
2017-04-07 07:28:28 +02:00
result['full_name'] = check_change_full_name(user_profile, full_name, user_profile)
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
return json_success(result)
settings: Use cleaner validators for display settings. This simplifies the update_display_settings endpoint to use REQ for validation, rather than custom if/else statements. The test changes just take advantage of the now more consistent syntax.
2020-04-04 00:06:39 +02:00
all_timezones = set(get_all_timezones())
python: Modernize legacy Python 2 syntax with pyupgrade. Generated by `pyupgrade --py3-plus --keep-percent-format` on all our Python code except `zthumbor` and `zulip-ec2-configure-interfaces`, followed by manual indentation fixes. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-09 21:51:58 +02:00
emojiset_choices = {emojiset['key'] for emojiset in UserProfile.emojiset_choices()}
settings: Use cleaner validators for display settings. This simplifies the update_display_settings endpoint to use REQ for validation, rather than custom if/else statements. The test changes just take advantage of the now more consistent syntax.
2020-04-04 00:06:39 +02:00
user_settings: Disable bot access to several endpoints. These settings have no effect on bots, so this change is mostly about just avoiding confusion.
2017-04-16 22:10:56 +02:00
@human_users_only
Add dynamically loaded language dropdown.
2016-06-23 11:32:45 +02:00
@has_request_variables
user_settings: Fix mypy annotations. While we're at it, convert this to use the Python 3 style, which isn't prone to this sort of bug.
2017-11-16 02:37:54 +01:00
def update_display_settings_backend(
request: HttpRequest, user_profile: UserProfile,
twenty_four_hour_time: Optional[bool]=REQ(validator=check_bool, default=None),
settings: Add a development-only setting for less dense mode. This should make it easier for us to iterate on a less-dense Zulip. We create two classes on body, less_dense_mode and more_dense_mode, so that it's easy as we refactor to separate the two concepts from things like colors that are independent.
2018-05-24 20:53:26 +02:00
dense_mode: Optional[bool]=REQ(validator=check_bool, default=None),
models: Create starred_message_counts boolean field.
2018-08-17 08:09:07 +02:00
starred_message_counts: Optional[bool]=REQ(validator=check_bool, default=None),
settings: Add option for fixed/fluid width. This adds a new option for "fluid width" under `Display settings` section of SETTINGS/DISPLAY SETTINGS tab. Fixes: #11844.
2019-04-16 18:46:17 +02:00
fluid_layout_width: Optional[bool]=REQ(validator=check_bool, default=None),
user_settings: Fix mypy annotations. While we're at it, convert this to use the Python 3 style, which isn't prone to this sort of bug.
2017-11-16 02:37:54 +01:00
high_contrast_mode: Optional[bool]=REQ(validator=check_bool, default=None),
night_mode: Optional[bool]=REQ(validator=check_bool, default=None),
emoji: Add support for translating emoticons. Add `translate_emoticons` to `prop_types` and `expected_keys`. Furthermore, create a emoji-translating Markdown inline pattern. Also use a JavaScript version of `translate_emoticons` and then use this function during Markdown previews and as a preprocessor. This is only needed for previews, because usually emoticon translation happens on the backend after sending. Add tests for emoticon translation, a settings UI, and a /help/ page as well. Tweaked by tabbott to fix various test failurse as well as how this handles whitespace, requiring emoticons to not have adjacent characters. Fixes #1768.
2018-01-15 19:36:32 +01:00
translate_emoticons: Optional[bool]=REQ(validator=check_bool, default=None),
settings: Don't use nice REQ syntax for language_codes. This breaks provisioning because running this as import time would require language_name_map.json to be generated by `manage.py compilemessages` before we can run any management commands :(. We could potentially fix this in the future by changing the generate language files to be things we commit to the project.
2020-04-04 00:59:04 +02:00
default_language: Optional[bool]=REQ(validator=check_string, default=None),
user_settings: Fix mypy annotations. While we're at it, convert this to use the Python 3 style, which isn't prone to this sort of bug.
2017-11-16 02:37:54 +01:00
left_side_userlist: Optional[bool]=REQ(validator=check_bool, default=None),
settings: Use cleaner validators for display settings. This simplifies the update_display_settings endpoint to use REQ for validation, rather than custom if/else statements. The test changes just take advantage of the now more consistent syntax.
2020-04-04 00:06:39 +02:00
emojiset: Optional[str]=REQ(validator=check_string_in(
emojiset_choices), default=None),
demote_inactive_streams: Optional[int]=REQ(validator=check_int_in(
UserProfile.DEMOTE_STREAMS_CHOICES), default=None),
timezone: Optional[str]=REQ(validator=check_string_in(all_timezones),
default=None)) -> HttpResponse:
settings: Don't use nice REQ syntax for language_codes. This breaks provisioning because running this as import time would require language_name_map.json to be generated by `manage.py compilemessages` before we can run any management commands :(. We could potentially fix this in the future by changing the generate language files to be things we commit to the project.
2020-04-04 00:59:04 +02:00
# We can't use REQ for this widget because
# get_available_language_codes requires provisioning to be
# complete.
if (default_language is not None and
default_language not in get_available_language_codes()):
raise JsonableError(_("Invalid default_language"))
views: Use property_types for display settings. This reduces semi-duplicated code here.
2017-05-22 21:07:35 +02:00
request_settings = {k: v for k, v in list(locals().items()) if k in user_profile.property_types}
pep8: Add compliance with rule E261 to zerver/views/user_settings.py.
2017-05-17 22:16:38 +02:00
result = {} # type: Dict[str, Any]
views: Use property_types for display settings. This reduces semi-duplicated code here.
2017-05-22 21:07:35 +02:00
for k, v in list(request_settings.items()):
if v is not None and getattr(user_profile, k) != v:
do_set_user_display_setting(user_profile, k, v)
result[k] = v
Add timezone field in UserProfile. Implements backend of #1506.
2017-03-14 10:53:09 +01:00
Add dynamically loaded language dropdown.
2016-06-23 11:32:45 +02:00
return json_success(result)
user_settings: Disable bot access to several endpoints. These settings have no effect on bots, so this change is mostly about just avoiding confusion.
2017-04-16 22:10:56 +02:00
@human_users_only
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
@has_request_variables
mypy: Use Python 3 type syntax in user_settings.py
2017-12-04 09:56:07 +01:00
def json_change_notify_settings(
request: HttpRequest, user_profile: UserProfile,
enable_stream_desktop_notifications: Optional[bool]=REQ(validator=check_bool, default=None),
enable_stream_email_notifications: Optional[bool]=REQ(validator=check_bool, default=None),
enable_stream_push_notifications: Optional[bool]=REQ(validator=check_bool, default=None),
models: Rename notification to `enable_stream_audible_notifications`. Rename notification property `enable_stream_sounds` to `enable_stream_audible_notifications` to match with other notification property patterns. Fixes part of #12304
2019-06-11 08:47:49 +02:00
enable_stream_audible_notifications: Optional[bool]=REQ(validator=check_bool, default=None),
settings: Add notification settings checkboxes for wildcard mentions. This change makes it possible for users to control the notification settings for wildcard mentions as a separate control from PMs and direct @-mentions.
2019-09-03 23:27:45 +02:00
wildcard_mentions_notify: Optional[bool]=REQ(validator=check_bool, default=None),
notifications: Add a setting for changing the notification sound. Also, add a new notification sound, "ding". It comes from https://freesound.org, where the original Zulip notification sound comes from as well. In the future, new sounds can be added by adding audio files to the `static/audio/notification_sounds` directory. Tweaked significantly by tabbott: * Avoided removing static/audio/zulip.ogg, because that file is checked for by old versions of the desktop app. * Added a views check for the sound being valid + tests. * Added additional tests. * Restructured the test_events test to be cleaner. * Removed check_bool_or_string. * Increased max length of notification_sound. * Provide available_notification_sounds in events data set if global notifications settings are requested. Fixes #8051.
2018-01-11 21:36:11 +01:00
notification_sound: Optional[str]=REQ(validator=check_string, default=None),
mypy: Use Python 3 type syntax in user_settings.py
2017-12-04 09:56:07 +01:00
enable_desktop_notifications: Optional[bool]=REQ(validator=check_bool, default=None),
enable_sounds: Optional[bool]=REQ(validator=check_bool, default=None),
enable_offline_email_notifications: Optional[bool]=REQ(validator=check_bool, default=None),
enable_offline_push_notifications: Optional[bool]=REQ(validator=check_bool, default=None),
enable_online_push_notifications: Optional[bool]=REQ(validator=check_bool, default=None),
enable_digest_emails: Optional[bool]=REQ(validator=check_bool, default=None),
user settings: Add setting to make login notifications optional. This adds a feature in the "Notification" section of "Settings" tab, which lets user enable or disable login emails notification. Tweaked by tabbott to simplify the test. Fixes: #5795, progress towards #5854.
2018-08-24 07:28:51 +02:00
enable_login_emails: Optional[bool]=REQ(validator=check_bool, default=None),
settings: Add setting to disable message content in missed message emails. Fixes #6938.
2017-11-29 13:42:39 +01:00
message_content_in_email_notifications: Optional[bool]=REQ(validator=check_bool, default=None),
settings: Added setting to turn on and off realm name in email subject. Users having only account in one realm will not be distracted by realm name in subject lines of every email. Users who have multiple accounts in realms can turn this setting on and receive a corresponding realm name in email's subject. Tweaked by tabbott to rebase and address a few small issues. Fixes #5489.
2018-01-06 23:30:43 +01:00
pm_content_in_desktop_notifications: Optional[bool]=REQ(validator=check_bool, default=None),
notifications: Allow only notifiable in unread count. This commit adds a new setting to the user's notification settings that will change the behaviour of the unread count in the title bar and desktop application. When enabled, the title bar will show the count of unread private messages and mentions. When disabled, the title bar will act as before, showing the total number of unread messages. Fixes #1736.
2019-06-29 22:00:44 +02:00
desktop_icon_count_display: Optional[int]=REQ(validator=check_int, default=None),
settings: Add setting to disable message content in missed message emails. Fixes #6938.
2017-11-29 13:42:39 +01:00
realm_name_in_notifications: Optional[bool]=REQ(validator=check_bool, default=None)
) -> HttpResponse:
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
result = {}
# Stream notification settings.
notifications: Add a setting for changing the notification sound. Also, add a new notification sound, "ding". It comes from https://freesound.org, where the original Zulip notification sound comes from as well. In the future, new sounds can be added by adding audio files to the `static/audio/notification_sounds` directory. Tweaked significantly by tabbott: * Avoided removing static/audio/zulip.ogg, because that file is checked for by old versions of the desktop app. * Added a views check for the sound being valid + tests. * Added additional tests. * Restructured the test_events test to be cleaner. * Removed check_bool_or_string. * Increased max length of notification_sound. * Provide available_notification_sounds in events data set if global notifications settings are requested. Fixes #8051.
2018-01-11 21:36:11 +01:00
if (notification_sound is not None and
notification_sound not in get_available_notification_sounds()):
raise JsonableError(_("Invalid notification sound '%s'") % (notification_sound,))
notification_settings: Refactor notification preference settings. Previously, all notification preference setting had a dedicated test and setter. Now, all are handled through a modular function using the property_types framework.
2017-05-23 03:19:21 +02:00
req_vars = {k: v for k, v in list(locals().items()) if k in user_profile.notification_setting_types}
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
notification_settings: Refactor notification preference settings. Previously, all notification preference setting had a dedicated test and setter. Now, all are handled through a modular function using the property_types framework.
2017-05-23 03:19:21 +02:00
for k, v in list(req_vars.items()):
if v is not None and getattr(user_profile, k) != v:
do_change_notification_settings(user_profile, k, v)
result[k] = v
Add setting hiding private message content in desktop notifications. Tweaked by tabbott to fix a refactoring bug, set the default to True, fix the real-time sync, and add tests for this. Fixes #2355.
2016-12-07 17:29:12 +01:00
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
return json_success(result)
zerver/views: Use Python 3 syntax for typing. Edited by tabbott to remove state.py and streams.py, because of problems with the original PR's changes, and wrap some long lines.
2017-11-27 09:28:57 +01:00
def set_avatar_backend(request: HttpRequest, user_profile: UserProfile) -> HttpResponse:
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
if len(request.FILES) != 1:
[i18n] Make error messages translatable. Make all strings passing through `json_error` and `JsonableError` translatable. Fixes #727
2016-05-25 15:02:02 +02:00
return json_error(_("You must upload exactly one avatar."))
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
realm: Add setting to disable avatar changes. This is useful when syncing avatars from an integrated LDAP/active directory. The upload avatar and delete avatar buttons are hidden if avatar changes are disabled and the user is a non-admin. If the user has a gravatar set, then the user will not be able to upload an image as their avatar if avatar changes are disabled. Part of #12132.
2019-04-23 04:51:04 +02:00
if avatar_changes_disabled(user_profile.realm) and not user_profile.is_realm_admin:
return json_error(AVATAR_CHANGES_DISABLED_ERROR)
python3: Fix usage of .keys()/.values() to handle iterators. This fixes the places where we use the result of .keys(), .items(), and .values() that wouldn't work with an iterator to wrap them with list().
2016-01-25 01:27:18 +01:00
user_file = list(request.FILES.values())[0]
Add size limit for uploading user avatars and realm icons. - Add settings parameter for max realm icon size. - Add settings parameter for max user avatar size. - Add checking file size to avatar and icon uploading views. - Transfer file size limit parameter to frontend. - Add tests.
2017-03-06 06:22:28 +01:00
if ((settings.MAX_AVATAR_FILE_SIZE * 1024 * 1024) < user_file.size):
return json_error(_("Uploaded file is larger than the allowed limit of %s MB") % (
settings.MAX_AVATAR_FILE_SIZE))
Refactor: Change upload_avatar_image to accept two user profiles. In this commit we just change the upload_avatar_image function to accept two user_profiles acting_user_profile and target_user_profile. Basically email param is dropped for a target_user_profile so that avatar's could be moved lateron to user id based storage.
2017-03-02 16:21:46 +01:00
upload_avatar_image(user_file, user_profile, user_profile)
Bump user_profile.avatar_version when we change avatars. We have a field called user_profile.avatar_version that will track avatar versions and be used tactically in avatar urls to get browsers to refresh their caches (in future commits). This commit bumps the avatar version when we update avatars. We do this in do_change_avatar_fields(), which was do_change_avatar_source() before this change. Adarsh did the initial work here, and Steve Howell (showell) also made changes.
2017-01-28 19:05:20 +01:00
do_change_avatar_fields(user_profile, UserProfile.AVATAR_FROM_USER)
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
user_avatar_url = avatar_url(user_profile)
json_result = dict(
avatar_url = user_avatar_url
)
return json_success(json_result)
zerver/views: Use Python 3 syntax for typing. Edited by tabbott to remove state.py and streams.py, because of problems with the original PR's changes, and wrap some long lines.
2017-11-27 09:28:57 +01:00
def delete_avatar_backend(request: HttpRequest, user_profile: UserProfile) -> HttpResponse:
realm: Add setting to disable avatar changes. This is useful when syncing avatars from an integrated LDAP/active directory. The upload avatar and delete avatar buttons are hidden if avatar changes are disabled and the user is a non-admin. If the user has a gravatar set, then the user will not be able to upload an image as their avatar if avatar changes are disabled. Part of #12132.
2019-04-23 04:51:04 +02:00
if avatar_changes_disabled(user_profile.realm) and not user_profile.is_realm_admin:
return json_error(AVATAR_CHANGES_DISABLED_ERROR)
Bump user_profile.avatar_version when we change avatars. We have a field called user_profile.avatar_version that will track avatar versions and be used tactically in avatar urls to get browsers to refresh their caches (in future commits). This commit bumps the avatar version when we update avatars. We do this in do_change_avatar_fields(), which was do_change_avatar_source() before this change. Adarsh did the initial work here, and Steve Howell (showell) also made changes.
2017-01-28 19:05:20 +01:00
do_change_avatar_fields(user_profile, UserProfile.AVATAR_FROM_GRAVATAR)
settings: Implement delete avatar functionality
2016-12-21 18:34:03 +01:00
gravatar_url = avatar_url(user_profile)
json_result = dict(
avatar_url = gravatar_url
)
return json_success(json_result)
decorators: Use human_users_only more aggressively.
2017-10-28 00:16:13 +02:00
# We don't use @human_users_only here, because there are use cases for
# a bot regenerating its own API key.
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
@has_request_variables
zerver/views: Use Python 3 syntax for typing. Edited by tabbott to remove state.py and streams.py, because of problems with the original PR's changes, and wrap some long lines.
2017-11-27 09:28:57 +01:00
def regenerate_api_key(request: HttpRequest, user_profile: UserProfile) -> HttpResponse:
actions: Make do_regenerate_api_key return the new key. This way, the new API key can be fetched without needing to read it from the UserProfile object.
2018-08-10 21:03:32 +02:00
new_api_key = do_regenerate_api_key(user_profile, user_profile)
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
json_result = dict(
actions: Make do_regenerate_api_key return the new key. This way, the new API key can be fetched without needing to read it from the UserProfile object.
2018-08-10 21:03:32 +02:00
api_key = new_api_key
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
)
return json_success(json_result)
decorators: Use human_users_only more aggressively.
2017-10-28 00:16:13 +02:00
@human_users_only
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
@has_request_variables
mypy: Use Python 3 type syntax in user_settings.py
2017-12-04 09:56:07 +01:00
def change_enter_sends(request: HttpRequest, user_profile: UserProfile,
enter_sends: bool=REQ(validator=check_bool)) -> HttpResponse:
Move settings views into their own file.
2015-11-23 17:09:21 +01:00
do_change_enter_sends(user_profile, enter_sends)
return json_success()