From 0dcaf9ca3d4af9c1a3b8c5a66d6ac760ff24000b Mon Sep 17 00:00:00 2001
From: Waseem Daher <wdaher@zulip.com>
Date: Sun, 11 Aug 2013 14:14:59 -0400
Subject: [PATCH] Kiosk mode [unsafe].

"Kiosk mode" is a "read-only" Zulip suitable for embedding into
an iframe on another site. I say "read-only" in quotation marks,
because the account is still a fully-fledged active account on
the server, and we just tear out a bunch of stuff in Javascript
(that a malicious user could easily re-enable).

So in that sense, it's not actually safe in security-sensitive
environments -- malicious users logged in via kiosk mode
can do anything the kiosk-mode user can do.

(We need this functionality for the customer3 realm specifically;
 we'll possibly just tear this code back out once that experiment
 has run its course.)

(imported from commit deb035b4c702fcdb0e660ed549fe74c682abb6d9)
---
 static/js/feature_flags.js |  2 ++
 static/js/kiosk.js         | 60 ++++++++++++++++++++++++++++++++++++++
 static/js/message_list.js  |  1 +
 tools/jslint/check-all.js  |  1 +
 zproject/settings.py       |  3 +-
 5 files changed, 66 insertions(+), 1 deletion(-)
 create mode 100644 static/js/kiosk.js

diff --git a/static/js/feature_flags.js b/static/js/feature_flags.js
index c8510272bd..de2e1def1c 100644
--- a/static/js/feature_flags.js
+++ b/static/js/feature_flags.js
@@ -7,6 +7,8 @@ exports.mark_read_at_bottom = page_params.staging;
 exports.summarize_read_while_narrowed = page_params.staging;
 exports.twenty_four_hour_time = _.contains([],
                                   page_params.email);
+exports.kiosk_mode = _.contains(['role-user@customer3.invalid'],
+                                page_params.email);
 return exports;
 
 }());
diff --git a/static/js/kiosk.js b/static/js/kiosk.js
new file mode 100644
index 0000000000..a56b6376b7
--- /dev/null
+++ b/static/js/kiosk.js
@@ -0,0 +1,60 @@
+var kiosk = (function () {
+
+var exports = {};
+
+exports.enable = function () {
+    exports.kiosk_mode_enabled = true;
+
+    // Make layout look correct
+    $("body").css('padding', 5);
+    $(".container-fluid").css('padding', 0);
+    $(".message_area_padder").css('padding', 0);
+    $(".tab-content").removeClass("span8");
+
+    // Firefox seems to require this, otherwise it draws a scrollbar.
+    $("#home").css('overflow', 'hidden');
+
+    $(".hidden-phone").hide();
+    $(".navbar").hide();
+    $("#navbar-spacer").hide();
+
+    $("#compose").hide();
+    $("#bottom_whitespace").hide();
+    $("#tab_bar").parent().hide();
+
+    $("#floating_recipient_bar").css('top', 0);
+    $(".message_area_padder").css('margin', 0);
+    ui.resize_page_components();
+
+    // Disable message sending, narrowing, actions popover
+    compose.start = function () { return; };
+    narrow.activate = function () { return; };
+    popovers.show_actions_popover = function () { return; };
+    // Disable hotkeys? Seems like this is not necessary after the
+    // above, and keeping them around lets us scroll nicely.
+
+    // TODO: Is it going to prompt for notifications?
+    // My guess is that it probably won't if we disable notifications
+    // for the iframe user, but who knows.
+};
+
+exports.update_new_messages = function () {
+    if (exports.kiosk_mode_enabled !== true) {
+        return;
+    }
+    // Format messages properly & scroll to last message
+    $(".message_controls").hide();
+    $(".message_time").css('right', -65);
+    navigate.to_end();
+};
+
+exports.kiosk_mode_enabled = false;
+$(function () {
+    if (feature_flags.kiosk_mode) {
+        exports.enable();
+    }
+});
+
+return exports;
+
+}());
diff --git a/static/js/message_list.js b/static/js/message_list.js
index 90a810e28c..7138f88a4e 100644
--- a/static/js/message_list.js
+++ b/static/js/message_list.js
@@ -623,6 +623,7 @@ MessageList.prototype = {
 
         // Re-add the fading of messages that is lost when we re-render.
         compose.update_faded_messages();
+        kiosk.update_new_messages();
 
         if (this === current_msg_list && messages_are_new) {
             this._maybe_autoscroll(rendered_elems);
diff --git a/tools/jslint/check-all.js b/tools/jslint/check-all.js
index 92bc13a240..947be60996 100644
--- a/tools/jslint/check-all.js
+++ b/tools/jslint/check-all.js
@@ -26,6 +26,7 @@ var globals =
     + ' invite ui util activity timerender MessageList blueslip unread stream_list'
     + ' onboarding message_edit tab_bar emoji popovers navigate message_tour'
     + ' avatar feature_flags search_suggestion referral stream_color Dict'
+    + ' kiosk'
 
     // colorspace.js
     + ' colorspace'
diff --git a/zproject/settings.py b/zproject/settings.py
index ae22fa0e54..3e54e71dab 100644
--- a/zproject/settings.py
+++ b/zproject/settings.py
@@ -401,7 +401,8 @@ JS_SPECS = {
             'js/tab_bar.js',
             'js/metrics.js',
             'js/emoji.js',
-            'js/referral.js'
+            'js/referral.js',
+            'js/kiosk.js'
         ],
         'output_filename': 'min/app.js'
     },