Because rate_limit_request_by_ip is the only caller of it, it is safe
for us to inline RateLimitedIpAddr and remove this helper. This ensures
that we have consistent internals for rate limiting functions, which all
have a should_rate_limit check.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
This allows us to use them with HttpResponse objects returned by
calling a view function directly.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
This change incorporate should_rate_limit into rate_limit_user and
rate_limit_request_by_ip. Note a slight behavior change to other callers
to rate_limit_request_by_ip is made as we now check if the client is
eligible to be exempted from rate limiting now, which was previously
only done as a part of zerver.lib.rate_limiter.rate_limit.
Now we mock zerver.lib.rate_limiter.RateLimitedUser instead of
zerver.decorator.rate_limit_user in
zerver.tests.test_decorators.RateLimitTestCase, because rate_limit_user
will always be called but rate limit only happens the should_rate_limit
check passes;
we can continue to mock zerver.lib.rate_limiter.rate_limit_ip, because the
decorated view functions call rate_limit_request_by_ip that calls
rate_limit_ip when the should_rate_limit check passes.
We need to mock zerver.decorator.rate_limit_user for SkipRateLimitingTest
now because rate_limit has been removed. We don't need to mock
RateLimitedUser in this case because we are only verifying that
the skip_rate_limiting flag works.
To ensure coverage in add_logging_data, a new test case is added to use
a web_public_view (which decorates the view function with
add_logging_data) with a new flag to check_rate_limit_public_or_user_views.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
This allows us to avoid importing from zilencer conditionally in
zerver.lib.rate_limiter, as we make rate limiting self-contained now.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
- RateLimitTestCase.get_ratelimited_view is replaced by a view
function directly decorated by public_json_view.
- the META dict is initialized with "PATH_INFO": "test" because now the
tests cover the process_client codepath;
- HostRequestMock is initialized with host="zulip.testserver" to pass
the validate_account_and_subdomain check;
- check_rate_limit_public_or_user_views replaces both
test_rate_limiting_happens_in_normal_case and
test_rate_limiting_happens_by_ip_if_unauthed.
Overall, we deduplicate the test cases in this change, and make sure
that they also cover the view function decorators for authentication.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
The test setup for some of the test cases are largely similar, so it
would be cleaner to be able to reuse them.
Note that we use "check" in the name of this helper because later we
will extend it to take a flag to set whether rate limiting is expected.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
This refactors the test case alongside, since normal views accessed by
remote server do not get rate limited by remote server anymore.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
The reason for the flake was we were not waiting enough
time for the deactivation row to render.
To fix this, We are relying on the input from the user
deactivation screen to focus.
The reason for the flake was we were not waiting for the
settings modal to open completely.
To fix this we now wait until the profile tab is focused to
detect if the settings modal is open completely (i.e ready
for the interaction).
This is not a feature intended to be used outside zulip.com, since it
just sets your server to have the zulip.com landing pages. I think
it's only been turned on by people who were confused by this text.
Updates `stream_events.js` to use the subscription update event that
is now being sent for the `is_muted` stream property, instead of the
event sent for the `in_home_view` property.
Because the server is still sending events for `in_home_view`, keeps
it as a property processed by `update_property` function, but does
nothing with the event. Adds temporary test for coverage.
In Zulip 2.1.0, the `is_muted` stream subscription property was
added and replaced the `in_home_view` property. But the server has
still only been sending subscription update events with the
`in_home_view` property.
Updates `do_change_subscription_property` to send a subscription
update event for both `is_muted` and `in_home_view`, so that
clients can fully migrate away from using `in_home_view` allowing
us to eventually remove it completely.
When the user chose to send the composebox message on pressing ctrl +
enter instead of just enter, it only worked in writing mode but not in
the preview mode.
This change makes ctrl + enter send the message even in preview mode,
when that setting is chosen.
Fixes: #21670.
I'm not sure whether the bug this fixes was a regression resulting
from d6d3683da0, or an old bug, but
focusing the compose box is not sufficient to end preview mode; we
should be calling the function that's explicitly for that.
Because the typeahead.js list items are currently just text, a user's
full name and avatar should be displayed in `input_pill`. To use
`input_pill`, a separate Handlebars partial view was created to
provide a mandatory container (`<div class="pill-container">`) for
`input_pill` and a flex container (`<div class="search_list_item">`)
for vertically aligning the text.
The description of each suggestion (i.e `description_html`) is
rendered as raw HTML, so every special character (e.g. whitespace)
should be HTML-escaped. This enables highlighting the substring in
each search suggestion that matches the query.
Fixes: #20267
Till now, switching back to writing mode after preview mode, needed
the user to first focus on the `Write` (unpreview) button by tabbing
to it (if using keyboard) and then select it.
To make things easier, especially when using keyboard, now the `Write`
button will be automatically focused on entering preview mode, so
going back to writing mode only needs one 'Enter` keystroke.
When switching back to writing mode after preview mode, the composebox
would be out of focus and so the the cursor would semingly get lost.
Now on clearing the preview mode, the composebox is focused and so the
cursor is seen blinking at it's original position.
This is a follow-up to #19274. We map the supported event types to a
more suitable format for events.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
The issue with the existing code is that we use the
`page.waitForSelector` function to detect if the element
is visible and interactable.
`page.waitForSelector` only ensures that the element is
visible and doesn't guarantees that the element is
interactable. Most of the time it is enough but sometimes
it is too fast and our test fails.
To fix this we change our approach to check the button
text on the stream settings page (`/#streams/stream_id`).
Either it could be `Subscribe` or `Unsubscribe`.
By replacing Any with object we enforce type narrowing before using the
kwargs when a more specific type is required.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
The only caller that passes the kwargs argument is the avatar rest_path.
The application of kwargs can be rewritten with a wrapper.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
We ensure that if message edit is disabled, then we don't send
content in request to the server.
Refactored by tabbott to match the existing pattern for how we do this
for topic/stream edits.
Adds a shared note to both help center articles with sections on
subscribing users to streams, documenting that an automated private
message from the notification bot is sent to a user when subscribed
to a stream by another user.
Links to the article on the notification bot, and clarifies text in
that article regarding automated private messages.
Mypy considers that "Tuple[Any, ...]" is incompatible with
"Union[Tuple[Callable[..., HttpResponse], Set[str]], HttpResponse]".
handler, view_flags = entry is sufficient to suppress the error, but we
also add assertions for full measure.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
Commit b945aa3443 (#22604) incorrectly
assumed that Django would run the extra EmailField validators if basic
email address validation passed. Actually, it runs all validators
unconditionally and collects all failures. So email_is_not_disposable
needs to catch email address parsing errors.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
The "Subscribe to more streams" widget has always had this tension
between "Subscribe" vs. "Create" in a way that felt like whatever we
wrote could be confusing. To address this, we enhance the component to
advertise whether additional existing streams that the user can
subscribe to actually exist or not.
- When the user has N>0 streams they can subscribe to, we display
"Browse N more streams".
- When the user has no streams they can subscribe to (i.e. they're
already susbcribed to all the ones they could join) but the user has
permission to create streams, we show a "Create a stream" link.
- If the user doesn't have permission to subscribe to or create any
streams, we don't show a link at all.
Fixes#21865.
Co-authored-by: Jai soni <jai_s@me.iitr.ac.in>
This was caused by an interaction with the controls being positioned
absolutely -103px from the right edge of the element, which is clearly
a hack.
Replace that with a simple `float: right` construction, with the top
padding aligned.
Fixes#22512.
In 84e307581f, we removed the HTML that
these CSS rules applied to. (We incorrectly only tested that commit in
desktop sizes).
Also, the width: 100% rule both did not have sufficient priority to
apply, and also exceeded the size of the input. Fix this with a hacky
!important, since there's a good chance we'll replace these inputs
with a modal or something.