Commit Graph

48255 Commits

Author SHA1 Message Date
Zixuan James Li 1e8cb0e7b1 decorator: Rename profile to user_profile.
This is more consistent with how we name UserProfile objects.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-17 12:05:38 -07:00
Zixuan James Li de22b72670 rate_limit: Remove rate_limit_ip.
Because rate_limit_request_by_ip is the only caller of it, it is safe
for us to inline RateLimitedIpAddr and remove this helper. This ensures
that we have consistent internals for rate limiting functions, which all
have a should_rate_limit check.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-17 12:05:38 -07:00
Zixuan James Li 730d3ec929 typing: Fix type annotation of assert_(not_)in_success_response.
This allows us to use them with HttpResponse objects returned by
calling a view function directly.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-17 12:05:38 -07:00
Zixuan James Li db3fd6947f test_decorators: Remove errors_disallowed helper.
The said hack was removed in c00aab8ede,
and rate_limit itself has also been removed.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-17 12:05:38 -07:00
Zixuan James Li 26a518267a rate_limit: Replace rate_limit with inlined rate limit checks.
This change incorporate should_rate_limit into rate_limit_user and
rate_limit_request_by_ip. Note a slight behavior change to other callers
to rate_limit_request_by_ip is made as we now check if the client is
eligible to be exempted from rate limiting now, which was previously
only done as a part of zerver.lib.rate_limiter.rate_limit.

Now we mock zerver.lib.rate_limiter.RateLimitedUser instead of
zerver.decorator.rate_limit_user in
zerver.tests.test_decorators.RateLimitTestCase, because rate_limit_user
will always be called but rate limit only happens the should_rate_limit
check passes;

we can continue to mock zerver.lib.rate_limiter.rate_limit_ip, because the
decorated view functions call rate_limit_request_by_ip that calls
rate_limit_ip when the should_rate_limit check passes.

We need to mock zerver.decorator.rate_limit_user for SkipRateLimitingTest
now because rate_limit has been removed. We don't need to mock
RateLimitedUser in this case because we are only verifying that
the skip_rate_limiting flag works.

To ensure coverage in add_logging_data, a new test case is added to use
a web_public_view (which decorates the view function with
add_logging_data) with a new flag to check_rate_limit_public_or_user_views.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-17 12:05:38 -07:00
Zixuan James Li 2aac1dc40a rate_limit: Move rate_limit_remote_server to zilencer.auth.
This allows us to avoid importing from zilencer conditionally in
zerver.lib.rate_limiter, as we make rate limiting self-contained now.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-17 12:05:38 -07:00
Zixuan James Li f158c86ae1 test_decorators: Rework RateLimitTestCase.
- RateLimitTestCase.get_ratelimited_view is replaced by a view
function directly decorated by public_json_view.

- the META dict is initialized with "PATH_INFO": "test" because now the
tests cover the process_client codepath;

- HostRequestMock is initialized with host="zulip.testserver" to pass
the validate_account_and_subdomain check;

- check_rate_limit_public_or_user_views replaces both
test_rate_limiting_happens_in_normal_case and
test_rate_limiting_happens_by_ip_if_unauthed.

Overall, we deduplicate the test cases in this change, and make sure
that they also cover the view function decorators for authentication.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-17 12:05:38 -07:00
Zixuan James Li 0916f9eca2 test_decorators: Extract check_rate_limit_public_or_user_views.
The test setup for some of the test cases are largely similar, so it
would be cleaner to be able to reuse them.

Note that we use "check" in the name of this helper because later we
will extend it to take a flag to set whether rate limiting is expected.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-17 12:05:38 -07:00
Zixuan James Li 29bad25f83 zilencer: Only apply rate limit to remote server.
This refactors the test case alongside, since normal views accessed by
remote server do not get rate limited by remote server anymore.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-17 12:05:38 -07:00
Zixuan James Li 79e86471e7 rate_limit: Extract should_rate_limit from rate_limit.
This allows us to reapply this check for other rate limiting functions.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-17 12:05:38 -07:00
Riken Shah 6e725fb3c3 puppeteer: Fix flake in `user-deactivation.ts`.
The reason for the flake was we were not waiting enough
time for the deactivation row to render.

To fix this, We are relying on the input from the user
deactivation screen to focus.
2022-08-17 11:58:16 -07:00
Riken Shah 6f2f3504b5 puppeteer: Fix flake in`navigation.ts`.
The reason for the flake was we were not waiting for the
settings modal to open completely.

To fix this we now wait until the profile tab is focused to
detect if the settings modal is open completely (i.e ready
for the interaction).
2022-08-17 11:38:21 -07:00
Tim Abbott b1435d1afd docs: Document changing subdomains on multiple organizations page. 2022-08-17 11:36:15 -07:00
Tim Abbott faf02b5c5e docs: Remove documentation for ROOT_DOMAIN_LANDING_PAGE.
This is not a feature intended to be used outside zulip.com, since it
just sets your server to have the zulip.com landing pages. I think
it's only been turned on by people who were confused by this text.
2022-08-17 11:36:15 -07:00
Tim Abbott 94e798fe55 docs: Clean up documentation for multiple hostnames.
The previous documentation did not spell out what to enter in the
realm creation form.
2022-08-17 11:36:15 -07:00
Lauryn Menard a85d589254 stream_events: Use `is_muted` event instead of `in_home_view` event.
Updates `stream_events.js` to use the subscription update event that
is now being sent for the `is_muted` stream property, instead of the
event sent for the `in_home_view` property.

Because the server is still sending events for `in_home_view`, keeps
it as a property processed by `update_property` function, but does
nothing with the event. Adds temporary test for coverage.
2022-08-16 16:52:15 -07:00
Lauryn Menard 885c3d6593 subscriptions: Send update events for `is_muted` property.
In Zulip 2.1.0, the `is_muted` stream subscription property was
added and replaced the `in_home_view` property. But the server has
still only been sending subscription update events with the
`in_home_view` property.

Updates `do_change_subscription_property` to send a subscription
update event for both `is_muted` and `in_home_view`, so that
clients can fully migrate away from using `in_home_view` allowing
us to eventually remove it completely.
2022-08-16 16:50:51 -07:00
Kartik Srivastava 47e5ccf086 user_topics: Rename muted_topics.js to user_topics.js. 2022-08-16 14:39:24 -07:00
N-Shar-ma 87a6c3924b compose: Allow ctrl + enter to send in preview mode as well.
When the user chose to send the composebox message on pressing ctrl +
enter instead of just enter, it only worked in writing mode but not in
the preview mode.

This change makes ctrl + enter send the message even in preview mode,
when that setting is chosen.

Fixes: #21670.
2022-08-16 14:35:47 -07:00
Tim Abbott 745b96ea46 compose: Fix enter returning user to preview mode.
I'm not sure whether the bug this fixes was a regression resulting
from d6d3683da0, or an old bug, but
focusing the compose box is not sufficient to end preview mode; we
should be calling the function that's explicitly for that.
2022-08-16 14:34:11 -07:00
Oliver Pham 2ed650f596 search_suggestion: Show profile pictures in autocomplete suggestions.
Because the typeahead.js list items are currently just text, a user's
full name and avatar should be displayed in `input_pill`. To use
`input_pill`, a separate Handlebars partial view was created to
provide a mandatory container (`<div class="pill-container">`) for
`input_pill` and a flex container (`<div class="search_list_item">`)
for vertically aligning the text.

The description of each suggestion (i.e `description_html`) is
rendered as raw HTML, so every special character (e.g. whitespace)
should be HTML-escaped. This enables highlighting the substring in
each search suggestion that matches the query.

Fixes: #20267
2022-08-16 14:17:42 -07:00
N-Shar-ma 9cc8a2bc80 refactor: Change hilite to highlight_query in search_suggestion.
This is a prep commit for #20494.
2022-08-16 13:56:33 -07:00
N-Shar-ma d63e127f5c refactor: Change highlight_person to person_highlighter in search.
This is a prep commit for #20494.
2022-08-16 13:56:33 -07:00
N-Shar-ma 865023802e refactor: Change description to description_html in search suggestions.
This is a prep commit for #20494.
2022-08-16 13:56:33 -07:00
N-Shar-ma e52268aeee documentation (user): Document `/poll` in `?` help widget.
To make it easier for users to make polls, their syntax is documented
using an example along with its (non dynamic) rendered version.

Fixes: #18588.
2022-08-16 13:55:56 -07:00
N-Shar-ma 7115895bbc documentation (user): Remove redundant 2nd line from /me documentation. 2022-08-16 13:55:56 -07:00
N-Shar-ma d6d3683da0 compose: Focus 'Write` button on entering preview mode.
Till now, switching back to writing mode after preview mode, needed
the user to first focus on the `Write` (unpreview) button by tabbing
to it (if using keyboard) and then select it.

To make things easier, especially when using keyboard, now the `Write`
button will be automatically focused on entering preview mode, so
going back to writing mode only needs one 'Enter` keystroke.
2022-08-16 13:46:32 -07:00
N-Shar-ma 08e111501d compose: Refocus composebox when clearing prevew mode.
When switching back to writing mode after preview mode, the composebox
would be out of focus and so the the cursor would semingly get lost.

Now on clearing the preview mode, the composebox is focused and so the
cursor is seen blinking at it's original position.
2022-08-16 13:46:32 -07:00
Zixuan James Li d6c3f6626a freshping: Create a mapping for event types.
This is a follow-up to #19274. We map the supported event types to a
more suitable format for events.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-16 13:43:10 -07:00
Anders Kaseorg e8a30060ee js: Enable no-jquery/no-constructor-attributes.
https://github.com/wikimedia/eslint-plugin-no-jquery/blob/master/docs/rules/no-constructor-attributes.md

The motivation for this rule is a subtle caveat buried in the
documentation:

https://api.jquery.com/jquery/#jQuery-html-attributes

“While the second argument is convenient, its flexibility can lead to
unintended consequences (e.g. $( "<input>", {size: "4"} ) calling the
.size() method instead of setting the size attribute).”

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-08-16 13:42:28 -07:00
Kartik Srivastava 098effe0a6 api: Modify "alert_words" response description in GET /events doc. 2022-08-16 13:38:41 -07:00
Kartik Srivastava 342fd72a10 api: Document /users/me/alert_words API endpoint. 2022-08-16 13:37:52 -07:00
Riken Shah 6242602276 puppeteer: Fix `subscribe_toogle.ts` long pending flake.
The issue with the existing code is that we use the
`page.waitForSelector` function to detect if the element
is visible and interactable.

`page.waitForSelector` only ensures that the element is
visible and doesn't guarantees that the element is
interactable. Most of the time it is enough but sometimes
it is too fast and our test fails.

To fix this we change our approach to check the button
text on the stream settings page (`/#streams/stream_id`).
Either it could be `Subscribe` or `Unsubscribe`.
2022-08-16 13:01:31 -07:00
Zixuan James Li d4b6d36740 typing: Tighten type annotation of zerver.lib.rest.
By replacing Any with object we enforce type narrowing before using the
kwargs when a more specific type is required.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-15 19:51:08 -07:00
Zixuan James Li eb88fee745 rest: Remove kwargs from rest_path.
The only caller that passes the kwargs argument is the avatar rest_path.
The application of kwargs can be rewritten with a wrapper.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-15 19:51:08 -07:00
Tim Abbott b05e70899d message_edit: Don't send topic/stream changes if inputs readonly.
This makes the logic for whether to send content, topic, and stream
changes obviously parallel.
2022-08-15 19:13:34 -07:00
Aman Agrawal c5489c9d2b message_edit: Don't send content to server if msg edit is disabled.
We ensure that if message edit is disabled, then we don't send
content in request to the server.

Refactored by tabbott to match the existing pattern for how we do this
for topic/stream edits.
2022-08-15 19:13:34 -07:00
Ganesh Pawar e758ec400b alert word: Convert inline form to modal. 2022-08-15 19:07:38 -07:00
Mateusz Mandera d48075de58 logout_all_users: Add --rotate-api-keys option to the command.
Fixes #19397.
2022-08-15 17:58:05 -07:00
Lauryn Menard 76859d4dc3 help-docs: Note automated PMs sent when subscribing users to streams.
Adds a shared note to both help center articles with sections on
subscribing users to streams, documenting that an automated private
message from the notification bot is sent to a user when subscribed
to a stream by another user.

Links to the article on the notification bot, and clarifies text in
that article regarding automated private messages.
2022-08-15 17:31:00 -07:00
Zixuan James Li fcba35036b rest: Add assertions for entries from supported methods.
Mypy considers that "Tuple[Any, ...]" is incompatible with
"Union[Tuple[Callable[..., HttpResponse], Set[str]], HttpResponse]".

handler, view_flags = entry is sufficient to suppress the error, but we
also add assertions for full measure.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-15 17:20:04 -07:00
Anders Kaseorg c0287473b9 forms: Fix 500 error on realm creation with invalid email.
Commit b945aa3443 (#22604) incorrectly
assumed that Django would run the extra EmailField validators if basic
email address validation passed.  Actually, it runs all validators
unconditionally and collects all failures.  So email_is_not_disposable
needs to catch email address parsing errors.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-08-15 17:19:37 -07:00
Adam Sah 800de1e682 search: Add test for pgroogna parts-of-URL search.
This test verifies that the PGroonga backend fixes the issues in
backend by default.
2022-08-15 17:14:17 -07:00
Tim Abbott 4a34b7d18e left-sidebar: Make Subscribe to more streams more informative.
The "Subscribe to more streams" widget has always had this tension
between "Subscribe" vs. "Create" in a way that felt like whatever we
wrote could be confusing. To address this, we enhance the component to
advertise whether additional existing streams that the user can
subscribe to actually exist or not.

- When the user has N>0 streams they can subscribe to, we display
"Browse N more streams".

- When the user has no streams they can subscribe to (i.e. they're
already susbcribed to all the ones they could join) but the user has
permission to create streams, we show a "Create a stream" link.

- If the user doesn't have permission to subscribe to or create any
streams, we don't show a link at all.

Fixes #21865.

Co-authored-by: Jai soni <jai_s@me.iitr.ac.in>
2022-08-15 12:32:43 -07:00
jai2201 d557933a76 dipatch: Remove a stale comment.
This stopped being true in 1d7d686.
2022-08-14 22:56:03 -07:00
Tim Abbott e083a4bf46 drafts: Fix draft controls being offscreen on mobile web.
This was caused by an interaction with the controls being positioned
absolutely -103px from the right edge of the element, which is clearly
a hack.

Replace that with a simple `float: right` construction, with the top
padding aligned.

Fixes #22512.
2022-08-14 09:07:11 -07:00
Tim Abbott b67ff652de css: Remove Bootstrap legend CSS.
We inline this into the CSS for the one element where we use it.
2022-08-13 17:36:08 -07:00
Tim Abbott 1e018f9c23 css: Remove legacy bootstrap control* CSS.
We've removed all use of these CSS classes from the codebase.
2022-08-13 17:18:32 -07:00
Tim Abbott 0b350f23af settings: Remove useless .controls CSS.
These settings widgets have not had an object with the .controls CSS
class at least since they were given independent template files.
2022-08-13 17:11:36 -07:00
Tim Abbott e30e8c0e6d settings: Fix settings inputs broken in mobile sizes.
In 84e307581f, we removed the HTML that
these CSS rules applied to. (We incorrectly only tested that commit in
desktop sizes).

Also, the width: 100% rule both did not have sufficient priority to
apply, and also exceeded the size of the input. Fix this with a hacky
!important, since there's a good chance we'll replace these inputs
with a modal or something.
2022-08-13 17:11:36 -07:00