Commit Graph

42133 Commits

Author SHA1 Message Date
Dinesh 00e0b63c6c auth: Handle user_profile.check_password raising PasswordTooWeakError.
user_profile.check_password(password) in authenticate of
EmailAuthBackend can raise PasswordTooWeakError; this happens when the
user's password is weaker than the current required policies and needs
to be rehashed (E.g. because, as in Django 3.2, the minimum salt
entropy increased).

This is a very rare case, but still needs a good user-facing error
message. We raise a json error to handle this with a user-facing error
message.

See this comment by Mateusz Mandera for a detailed explanation
about this case along with a traceback it generates.
https://github.com/zulip/zulip/pull/15449#discussion_r448308614
2021-05-07 09:10:45 -07:00
Dinesh c5ab01656d auth: Remove Optional for request param of authenticate().
The authenticate function of EmailAuthBackend had request param
type set Optional[HttpRequest] had `None` as default. This
function is never called without a request. So this changes it to
require an HttpRequest parameter.

It was made `Optional` in bc062e1c4d,
because this parameter was new in Django at the time.

We're safe to make it a required argument as everything worked well
before that recent commit and Mateusz Mandera and I checked if it gets
`None` anywhere and found only authenticate of non EmailAuthBackend
gets `None` in some places like `dev_direct_login`.

All the places in tests where this function got `None` as request
were fixed in previous commit.
2021-05-07 09:10:45 -07:00
Anders Kaseorg 9d57fa9759 puppet: Use pgrep -x to avoid accidental matches.
Matching the full process name (-x without -f) or full command
line (-xf) is less prone to mistakes like matching a random substring
of some other command line or pgrep matching itself.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-05-07 08:54:41 -07:00
Anders Kaseorg 9e243c74ed shell: Replace ‘which’ utility with ‘command -v’ shell builtin.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-05-07 08:54:41 -07:00
Ryan Rehman e48c24872f message send: Do not retry failed message if already in progress.
The `.refresh-failed-message button` was registering clicks even
while the button was spinning (has already been clicked once).
Thus a network request was sent for every subsequent click which
raises an exception that the local id is not found in the message
store as it had already been reifyed by the first request.

Fixes #18375.
2021-05-07 08:47:11 -07:00
Riken Shah 089ca2bdcf node_tests: Add remaining tests for `panels.js`.
In this commit, we add the node tests for `panels.js`, which started
in 2f36c5aefc commit (it added tests for
the server upgrade alert).
2021-05-07 08:41:41 -07:00
Alex Vandiver 8df82f50e4 outgoing_http: Provide a convenient way to set default headers. 2021-05-07 08:39:36 -07:00
Alex Vandiver 6339e7fd47 outgoing_http: Put the X-Smokescreen-Role in the proxy headers. 2021-05-07 08:39:36 -07:00
Alex Vandiver b88d7a741e outgoing_http: Factor out outgoing HTTP session with timeout. 2021-05-07 08:39:36 -07:00
Alex Vandiver 2dc6df33ae tests: Switch outgoing_webhook_system to use responses. 2021-05-07 08:39:36 -07:00
Alex Vandiver af26849554 outgoing_webhook: Set a default timeout of 10s.
Support for the timeouts, and tests for them, was added in
53a8b2ac87 -- though no code could have set them after 31597cf33e.

Add a 10-second default timeout.  Observationally, p99 is just about
5s, with everything else being previously being destined to meet the
30s worker timeout; 10s provides a sizable buffer between them.

Fixes #17742.
2021-05-07 08:39:36 -07:00
Riken Shah babe24fa02 node_tests: Update alert words tests to handle a corner case.
This corner case was reported in #17320, basically, the
issue was when two or more alert words were used
consecutively with a single space between them, it didn't
detect the even number word as `alert word`.
2021-05-07 08:36:43 -07:00
Tim Abbott 18595fac58 models: Fix incorrect on_delete=CASCADE values for deleted streams.
In theory, we never delete streams, but if we did delete the
notifications stream for a realm, we certainly shouldn't delete the
realm.
2021-05-06 20:41:49 -07:00
Riken Shah 37b265495b alert_words: Revert back `before_punctuation` regex to stable one.
In this 009b7bca24 commit `before_punctuation`
regex was updated to use lookbehind feature of regex.

This caused a regex error in some browsers (reported in
Safari) because lookbehind feature is not yet supported
on all the browsers (https://caniuse.com/js-regexp-lookbehind).

This commit fixes that error by reverting to stable regex which
works on all the browsers.
2021-05-06 20:36:52 -07:00
Anders Kaseorg 405bc8dabf requirements: Remove Thumbor.
Thumbor and tc-aws have been dragging their feet on Python 3 support
for years, and even the alphas and unofficial forks we’ve been running
don’t seem to be maintained anymore.  Depending on these projects is
no longer viable for us.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-05-06 20:07:32 -07:00
Anders Kaseorg 779353b44e apps: Link to macOS Apple silicon native build.
Leave the Intel build as the prominent default, since it will run on
both platforms.  (I would have liked to detect the appropriate
platform, but Apple seems to have put significant effort into making
that impossible for anti-fingerprinting reasons, which is probably an
overall good.)

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-05-06 17:52:00 -07:00
Anders Kaseorg fa8532d9b7 apps: Move id="download-android-apk" from span to a.
Due to spaghetti CSS that should be fixed but isn’t fixed here, the
<span> wrapper is still needed so the hover effect is applied.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-05-06 17:52:00 -07:00
Tim Abbott 17d2b28085 docs: Add two new paragraphs to testing philosophy. 2021-05-06 17:46:44 -07:00
Riken Shah 2f36c5aefc navbar_alerts: Add button to hide "Server Upgrade" alert for 7 days.
This button will allow users to avoid a distracting red banner across
their screen, while they wait for their sysadmin to do the upgrade
work.

Fixes: #18359
2021-05-06 15:55:40 -07:00
Anders Kaseorg fc9481a24e js: Remove some pointless IIFEs.
Some of these were there because they predate block-scoped const/let.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-05-06 14:38:57 -07:00
Aman Agrawal 707d23d1e8 recent_topics: Don't rerender when topic_data is unchanged.
Since we don't process private messages yet, we don't
need to re-render when we receive a new private message
as it doesn't change any data related to recent_topics.
2021-05-06 12:06:22 -07:00
Nikhil Maske 88c0f68bd9 docs: Remove the outdated docs related to Group PMs.
As we change the icon for Group PMs in #18160, the docs related
to it is now outdated. This commit removes the documentation part
that is outdated from status-and-availability section.
2021-05-06 11:22:04 -07:00
Adam Birds a3ba8b9efd integrations: Add Freshping webhook integration.
I have added a webhook integration for Freshping.
2021-05-06 11:18:35 -07:00
Adam Birds c72ef7be12 integrations: Move `get_setup_webhook_message` to `common.py`.
Move `get_setup_webhook_message` to
`zerver/lib/webhooks/common.py` so multiple integrations can use this
rather than just those which import `zerver/lib/webhooks/git.py`. Also
added the documentation for this.
2021-05-06 11:18:35 -07:00
Tim Abbott c598a84dd6 ldap: Check for deactivating owner role precisely.
Since the invariant we're trying to protect is that every realm has an
active owner, we should check precisely that.

The root bug here, which the parent commit failed to fix properly, is
that we were doing a "greater than" check when we clearly originally
meant a "less than" check -- lower role numbers have more permissions.
2021-05-06 10:13:29 -07:00
Tim Abbott 5db8e43d5c ldap: Fix incorrect check for deactivating all owners.
We apparently failed to update this when we did the migration from the
administrator role to the owner role as the top role in Zulip.
2021-05-06 09:45:52 -07:00
LoopThrough-i-j adc646adb8 lint: Set repository variable in tools/commit-message-lint. 2021-05-06 08:13:41 -07:00
Alex Vandiver 0663094920 docs: Document Sentry in logging docs. 2021-05-05 23:04:12 -07:00
Alex Vandiver b26ef55d38 Remove old "conversion" documentation. 2021-05-05 23:03:26 -07:00
Alex Vandiver bf1a6d18ef docs: Remove out-of-date "users" documentation. 2021-05-05 23:03:26 -07:00
Alex Vandiver 045e8aa2f0 docs: Remove old "custom apps" documentation.
This is significantly out of date; https://chat.zulip.org/api/ serves
as documentation of the current state of affairs.
2021-05-05 23:03:26 -07:00
pletinckxc cc4cc9d14f test_send_email: Shorten tests about build_email.
Commit b7fa41601d introduced some tests
to verify the implemented changes. These tests were longer than necessary.
See https://github.com/zulip/zulip/pull/17799 for the whole discussion.
2021-05-05 20:16:11 -07:00
Cyril Pletinckx e4ff372fc3 emails: Transform SMTPException into EmailNotDeliveredException.
Django's default SMTP implementation can raise various exceptions
when trying to send an email. In order to allow Zulip calling code
to catch fewer exceptions to handle any cause of "email not
sent", we translate most of them into EmailNotDeliveredException.
The non-translated exceptions concern the connection with the
SMTP server. They were not merged with the rest to keep some
details about the nature of these.

Tests are implemented in the test_send_email.py module.
2021-05-05 20:16:11 -07:00
Tim Abbott 35a5cd1e65 docs: Add new summary section to the release lifecycle page. 2021-05-05 18:24:17 -07:00
Tim Abbott 07a2e91688 docs: Update changelog heading for new release lifecycle page.
Also update the release checklist to make sure we don't forget to
update the top-heading section when we publish a new major release.
2021-05-05 17:45:11 -07:00
Tim Abbott d002035856 docs: Clarify how changelog is updated.
This should help avoid anyone being confused that Zulip may not be
actively developed when viewing our ReadTheDocs.
2021-05-05 17:20:19 -07:00
Tim Abbott f3dc9a5548 features: Fix duplicate code blocks sections.
I'm not convinced I've resolved the problem optimally, but we can't
have two CODE BLOCKS items almost adjacent to each other.
2021-05-05 16:22:08 -07:00
Alya Abbott 279f7b1c8d user docs: Create separate "Code blocks" user documentation page.
* Move the extended documentation of code blocks to a separate page.
* Merge "code playgrounds" documentation to be a section of that page.
* Document copy widget on code blocks.
* This commit changes how we refer to "```python" type syntax for code
  blocks. Instead of being called a syntax highlighting label, this is
  now referred to as a "language tag", since it serves both syntax
  highlighting and playgrounds.
* Remap all the links.
* Advertise this new page in various places that previously did not have a link.
2021-05-05 16:11:21 -07:00
Tim Abbott c60609efeb css: Fix hover effect for status list messages in night theme.
Fixes #17944.
2021-05-05 15:37:30 -07:00
Tim Abbott 318dd8b408 css: Remove grey styling for day theme compose buttons.
This day theme styling was added in
74dbcdf2a8, and some users interpreted
this buttons styling as suggesting that these buttons were disabled.
2021-05-05 11:51:56 -07:00
SaikaIslam c5bf92ea7d hello: Add labels for arrows on landing page.
This replaces the incorrect use of aria-hidden with aria-label.

Fixes #17467.
2021-05-05 11:12:49 -07:00
Flávio Prado 0c78131139 settings: Import LDAP settings in prod_settings_template.
Currently users that try to deploy Zulip through docker has errors
because LDAP group search configuration can't be automated.

Reverts a hunk of f5197518a9.
2021-05-05 10:55:27 -07:00
Abhijeet Prasad Bodas 65249d90e9 compose_typeahead: Exclude muted users from results.
Hides muted users from PM recipients and compose box
mention typeaheads.
2021-05-05 09:42:30 -07:00
Abhijeet Prasad Bodas 04c355c248 typing notifications: Exclude muted typists. 2021-05-05 09:35:27 -07:00
Abhijeet Prasad Bodas 47764ded76 user muting: Add helpers to filter out muted users.
This will allow us to avoid duplication of array filtering
logic of the form-
`Array.filter((user_id) => !muting.is_user_muted(user_id))` and
`Array.filter((person) => !muting.is_user_muted(person.user_id))`
2021-05-05 09:34:39 -07:00
Abhijeet Prasad Bodas 615e1f9e05 node tests: Clean up user_pill.js tests.
* Add a `test` wrapper for clearing data before each test.
* Simplify dummy `pill_widget` object creation.
2021-05-05 09:34:39 -07:00
Abhijeet Prasad Bodas 80ccfc79df docs: Fix outdated pre-ES6 function examples. 2021-05-05 09:34:39 -07:00
Abhijeet Prasad Bodas e4d5114c3c filter: Add new is_non_huddle_pm method.
We want to exclude 1:1 PMs from muted users everywhere
except in `pm-with/<muted_user>`.
This method will help us determine whether we are in such
a narrow.
2021-05-05 09:29:51 -07:00
Abhijeet Prasad Bodas 9f6ad779e4 message view: Allow revealing hidden message from muted sender.
* We show a "Click here to reveal." hyperlink in the hidden
message dialog for user to click on and read a hidden message.

* The "reveal" action is temporary, in the sense that a revealed
message will again be hidden once the broswer tab reloads or
if the user renarrows.

* When a message is revealed, we make sure to show the sender
of that message, even if it isn't the first message of it's group.
This is because the first message of that message group (which
would have otherwise shown the sender) can still be hidden.

* Reactions and background color after revealing a message are
the same as if the message hadn'e been hidden at all in the
first place.
2021-05-05 09:15:45 -07:00
Abhijeet Prasad Bodas 5d796987f2 message view: Hide messages sent by muted users.
* We hide the sender and reactions on messages sent by muted
users, and replace the content with a "This message was hidden"
dialog.

* Ideally, we should collapse a series of consequetive
messages sent by muted users into one such dialog, but
that could break the cursor behaviour and `near/<message_id`
links, so we as of now show one dialog per muted message.

* Because we hide the sender, there is a chance of the first
hidden message in a group looking like it was sent by the
author of the message above it. To tackle this, we intentionally
make the hidden message dialog float-left, so that it is clear
that this is a special type of message.

* For context, we still show the timestamp of the message.

* Starring, editing, deleting etc a message still work just like
before.

A further commit will add the ability to reveal a
hidden message.
2021-05-05 09:15:45 -07:00