Commit Graph

33813 Commits

Author SHA1 Message Date
Tim Abbott 7a66dfa133 auth: Tweak docs now that SAML supports multiple IdPs. 2019-10-28 15:22:29 -07:00
Mateusz Mandera 9d14b50186 auth: Support not using an icon when rendering social login buttons.
Since we were using a placeholder emote for SAML, we change the
defaults to no icon now that it's possible.
2019-10-28 15:14:57 -07:00
Mateusz Mandera b870816a75 saml: Sanity-check configuration in both login and signup codepaths. 2019-10-28 15:11:19 -07:00
Mateusz Mandera db29fcbbc4 auth: Add social_backends to /server_settings. 2019-10-28 15:11:19 -07:00
Mateusz Mandera 892d25faa1 auth: Change SAML login url scheme, enabling multiple IdP support.
The url scheme is now /accounts/login/social/saml/{idp_name} to initiate
login using the IdP configured under "idp_name" name.

display_name and display_logo (the name and icon to show on the "Log in
with" button) can be customized by adding the apprioprate settings in
the configured IdP dictionaries.
2019-10-28 15:09:42 -07:00
Mateusz Mandera 28dd1b34f2 auth: Refactor social login rendering.
login_context now gets the social_backends list through
get_social_backend_dicts and we  move display_logo customization
to backend class definition.

This prepares for easily adding multiple IdP support in SAML
authentication - there will be a social_backend dict for each configured
IdP, also allowing display_name and icon customization per IdP.
2019-10-28 15:06:26 -07:00
Mateusz Mandera 9532e99800 saml: Give SAMLAuthBackend highest sort_order. 2019-10-28 15:06:26 -07:00
David Rosa 3fb2339511 docs: Fix formatting of warnings.
Fixes warning formatting in testing.md and setup-advanced.md
with reStructured Text so that the warnings stand out.
2019-10-28 15:03:55 -07:00
Anders Kaseorg ed607bee2c emoji_picker: Clear search_results by assigning 0 to its length.
This will allow `search_results` to be `const`, which works around a
future ESLint complaint.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-10-28 15:02:43 -07:00
Anders Kaseorg 02004c9b0f js: Convert self-referential vars to const.
ESLint won’t convert these automatically because it can’t rule out a
behavior difference arising from an access to a self-referential var
before it’s initialized:

> var x = (f => f())(() => x);
undefined
> let y = (f => f())(() => y);
Thrown:
ReferenceError: Cannot access 'y' before initialization
    at repl:1:26
    at repl:1:15

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-10-28 15:02:43 -07:00
Anders Kaseorg 7ae84d5ce1 js: Break lines that become too long after converting var to const.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-10-28 15:02:43 -07:00
Anders Kaseorg 4d37dfcf85 js: Convert vars declared separately and assigned once to const.
Because of the separate declarations, ESLint would convert them to
`let` and then trigger the `prefer-const` error.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-10-28 15:02:43 -07:00
Anders Kaseorg c3b4c0a229 frontend_tests: Use let with explicit null in components test.
Even though this variable was only assigned once, it was accessed
before its initialization, so it couldn’t be converted directly to
`let` or `const`.  Use `let` with an explicit `null` to make it
clearer what’s going on and satisfy ESLint.  (Why not `undefined`?
There’s an ESLint rule against that too.)

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-10-28 15:02:43 -07:00
Anders Kaseorg a547413347 js: Add braces to case blocks declaring variables.
This helps to prepare for the migration of `var` to `let` and `const`.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-10-28 15:02:43 -07:00
Jan Koscisz 12bd3c04c0 integration: Fix missing taiga test action.
Previously testing webhook from taiga site would result in error.
This adds missing 'test' action to taiga webhooks.

Fixes #13317.
2019-10-28 14:58:24 -07:00
Anders Kaseorg d17b577d0c js: Purge useless IIFEs.
With webpack, variables declared in each file are already file-local
(Global variables need to be explicitly exported), so these IIFEs are
no longer needed.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2019-10-25 13:51:21 -07:00
Anders Kaseorg 5f590d3500 js: Remove /* eslint indent: "off" */ comments.
The time has come to dedent these files.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-10-25 13:21:43 -07:00
Mateusz Mandera 8c065d1fcd ldap: Ensure django_to_ldap_username returns username that is in ldap.
This changes the way django_to_ldap_username works to make sure the ldap
username it returns actually has a corresponding ldap entry and raise an
exception if that's not possible. It seems to be a more sound approach
than just having it return its best guess - which was the case so far.
Now there is a guarantee that what it returns is the username of an
actual ldap user.

This allows communicating to the registration flow when the email being
registered doesn't belong to ldap, which then will proceed to register
it via the normal email backend flow - finally fixing the bug where you
couldn't register a non-ldap email even with the email backend enabled.

These changes to the behavior of django_to_ldap_username require small
refactorings in a couple of other functions that call it, as well as
adapting some tests to these changes. Finally, additional tests are
added for the above-mentioned registration flow behavior and some
related corner-cases.
2019-10-25 12:14:51 -07:00
Greg Price 3a74de2ade shared: Bump version to 0.0.2.
This will let us update mobile to use this version.
2019-10-24 14:56:56 -07:00
Greg Price 71596648c2 typing_status: Switch sentinel "recipient" value to `null`.
This feels a bit more semantically appropriate: it more clearly says
"here's some information: there is no (relevant) recipient", rather
than "no information available".  (Both `null` and `undefined` in JS
can have either meaning, but `undefined` especially commonly means
the latter.)

Concretely, it ensures a bit more explicitness where the value
originates: a bare `return;` becomes `return null;`, reflecting the
fact that it is returning a quite informative value.

Also make the implementation more explicit about what's expected here,
replacing truthiness tests with `!== null`.  (A bit more idiomatic
would be `!= null`, which is equivalent when the value is well-typed
and a bit more robust to ill-typing bugs.  But lint complains about
that version.)
2019-10-24 14:56:56 -07:00
Greg Price a191890213 typing_status: Fold `stop` into main method `update`.
It'd already been the case for some while that calling `stop` had the
same effect as calling `update` (previously `handle_text_input`) with
a falsy recipient.  With the API changes in the previous few commits,
this becomes quite natural to make explicit in the API.
2019-10-24 14:56:56 -07:00
Greg Price e639b0a6f8 typing_status: Write jsdoc for main entry point, and rename.
This was named after when it gets called from the UI, rather than
after what it can be expected to do.

Naming it after what it's meant to do -- and giving a summary line to
expand on that -- provides a more helpful semantic idea for reasoning
about the function.  Doubly so for using the function in a different
client with its own UI, like the mobile app.
2019-10-24 14:56:56 -07:00
Greg Price dcb5bb7914 typing_status: Combine two parameters into one, with a maybe-type.
The main motivation for this change is to simplify this interface
and make it easier to reason about.

The case where it affects the behavior is when
is_valid_conversation() returns false, while current_recipient
and get_recipient() agree on some truthy value.

This means the message-content textarea is empty -- in fact the
user just cleared it, because we got here from an input event on
it -- but the compose box is still open to some PM thread that we
have a typing notification still outstanding for.

The old behavior is that in this situation we would ignore the
fact that the content was empty, and go ahead and prolong the
typing notification, by updating our timer and possibly sending a
"still typing" notice.

This contrasts with the behavior (both old and new) in the case
where the content is empty and we *don't* already have an
outstanding typing notification, or we have one to some other
thread.  In that case, we cancel any existing notification and
don't start a new one, exactly as if `stop` were called
(e.g. because the user closed the compose box.)

The new behavior is that we always treat clearing the input as
"stopped typing": not only in those cases where we already did,
but also in the case where we still have the same recipients.
(Which seems like probably the common case.)

That seems like the preferable behavior; indeed it's hard to see
the point of the "compose_empty" logic if restricted to the other
cases.  It also makes the interface simpler.

Those two properties don't seem like a coincidence, either: the
complicated interface made it difficult to unpack exactly what
logic we actually had, which made it easy for surprising wrinkles
to hang out indefinitely.
2019-10-24 14:56:56 -07:00
Greg Price dcccef9b3a typing_status: Make some test cases slightly less artificial.
All these cases are meant to simulate having a user actually typing a
message to some actual recipients, so the `conversation_is_valid`
parameter would be true.

We make this change so that in an upcoming change that eliminates this
parameter, the adjustments to the test cases can be highly regular and
we don't have to introduce a new wrinkle to correspond to these values
being false.
2019-10-24 14:56:56 -07:00
Greg Price 3bdd741852 typing status: Cut unconverted_data conditional.
Returning true from this function means we go on to send, or extend
the lifetime of, a typing notification; returning false means we don't.

It's hard to see why having a partially-entered name in the recipient
box should mean we're *more* inclined to send a typing notification to
the set of recipients that are already entered; if anything, it seems
like it should make us *less* inclined to do so.  So we're better off
without this conditional.

The conditional was introduced in commit 72295e94b, as part of a
conversion from user emails to user IDs; there, it seems to replace a
condition that went in the opposite direction, returning *false* if
there were any invalid emails in the recipient box.  So perhaps it's
just inverted.

Moreover, the (re-)inverted version would also be wrong: if the user
is typing a PM addressed to some users, and they hit send, the message
will go to those users whether or not they have any unconverted text
in the recipients box.  So the typing notifications should too.
2019-10-24 14:56:56 -07:00
Greg Price e42c3f7418 typing status: Cut redundant is-this-PMs condition.
When this condition is true, user_ids_array will always be `undefined`
and so we won't reach this conditional anyway.
2019-10-24 14:56:56 -07:00
Greg Price 5c220ed11a typing_status: Use parameters for data rather than callbacks.
The real purpose these two callbacks serve is exactly what an ordinary
parameter is perfect for:
 * Each has just one call site, at the top of the function.
 * They're not done for side effects; the point is what they return.
 * The function doesn't pass them any arguments of its own, or
   otherwise express any internal knowledge that doesn't just as
   properly belong to its caller.

So, push the calls to these callbacks up into the function's caller,
and pass in the data they return instead.

This greatly simplifies the interface of `handle_text_input` and of
`typing_status` in general.
2019-10-24 14:56:56 -07:00
Greg Price 07322d78a0 typing_status: Pull is_valid_conversation call up to top.
This is intended as a pure refactor, making the data flow clearer in
preparation for further changes.  In particular, this makes it
manifest that the calls to `get_recipient` and `is_valid_conversation`
don't depend on anything else that has happened during the call to
`handle_text_input`.

This is indeed a pure refactor because
 * is_valid_conversation itself has no side effects, either in the
   implementation in typing.js or in any reasonable implementation,
   so calling it sooner doesn't affect anything else;
 * if we do reach it, the only potentially-side-effecting code it's
   moving before is a call to `stop_last_notification`, and that in
   turn (with the existing, or any reasonable, implementation of
   `notify_server_stop`) has no effect on the data consulted by
   the implementation of `is_valid_conversation`.
2019-10-24 14:56:56 -07:00
Anders Kaseorg 453919bbc7 version: Only let `git describe` match tags beginning with a digit.
This will let us use other tags for things like `@zulip/shared`
versions.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-10-24 14:54:45 -07:00
Anders Kaseorg 99d34e6ade hello: Fix carousel indicator buttons.
Apparently deferring our own Bootstrap (commit
f1ecd3c18b, #13164) means that this
surprise copy of Bootstrap 2.3.2 also needs to be deferred.  What is
this even doing here.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-10-24 13:43:16 -07:00
Tim Abbott 4be355053d search help: Fix buggy rendering of stream search example.
Due to a typo, we've had the example email address as the search
operator for some time :(.
2019-10-24 13:06:58 -07:00
Tim Abbott f84c037225 puppet: Tune check_postgres_locks parameters.
This has been a spurious alert for a long time.

It's unclear that this check is useful at all, but if it spikes
dramatically above what's normal, there's perhaps still utility in
being alerted.
2019-10-23 15:04:38 -07:00
Hemanth V. Alluri 1946692f9a users: Refactor get_members_backend endpoint to use get_raw_user_data.
Modify the get_raw_user_data method for use by the /users API endpoint
and then modify the /users endpoint to use it.
2019-10-23 14:50:26 -07:00
Hemanth V. Alluri dca990d60a events: Extract custom profile field logic from get_raw_user_data.
This is a simple refactor to move the code which gets custom profile
field values in the get_raw_user method to a separate function.
2019-10-23 14:36:07 -07:00
Hemanth V. Alluri 34849d7355 test_events: Fix a small typo for test_realm_bots_admin. 2019-10-23 14:35:32 -07:00
David Rosa bd3a8f1e96 docs: Merge front-end-build-process with html-css.
This merges the "Static asset pipeline" article as a new section
at the bottom of the "HTML and CSS" article.
2019-10-23 13:08:36 -07:00
Tim Abbott 03af3d2eb6 docs: Fix old-style markdown link in authentication-methods.
This was introduced recently due to a rebase of an older branch.
2019-10-23 13:04:30 -07:00
Mateusz Mandera 869b57b7f7 ldap tests: Change TestQueryLDAP tests to use the test ldap directory.
Instead of mocking the _LDAPUser class, these tests can now take
advantage of the test directory that other ldap are using. After these
changes, test_query_email_attr also verifies that query_ldap can
successfully be used to query by user email, if email search is
configured.
2019-10-22 16:03:58 -07:00
Mateusz Mandera 1be2779515 tests: Add ldap_username() and ldap_password() method. 2019-10-22 16:03:58 -07:00
Mateusz Mandera 68f4cd1e94 ldap: Extract ldap user -> django username mapping logic to a function.
Fixes #11878

Instead of a confusing mix of django_auth_backed applying
ldap_to_django_username in its internals for one part of the
translation, and then custom logic for grabbing it from the email
attribute of the ldapuser in ZulipLDAPAuthBackend.get_or_build_user
for the second part of the translation,
we put all the logic in a single function user_email_from_ldapuser
which will be used by get_or_build of both ZulipLDAPUserPopulator and
ZulipLDAPAuthBackend.

This, building on the previous commits with the email search feature,
fixes the ldap sync bug from issue #11878.

If we can get upstream django-auth-ldap to merge
https://github.com/django-auth-ldap/django-auth-ldap/pull/154, we'll
be able to go back to using the version of ldap_to_django_username
that accepts a _LDAPUser object.
2019-10-22 16:02:23 -07:00
Mateusz Mandera 3699fe28f8 ldap: Use email search in django_to_ldap_username.
With this, django_to_ldap_username can take an email and find the ldap
username of the ldap user who has this email - if email search is
configured.

This allows successful authenticate() with ldap email and ldap password,
instead of ldap username. This is especially useful because when
a user wants to fetch their api key, the server attempts authenticate
with user_profile.email - and this used to fail if the user was an ldap
user (because the ldap username was required to authenticate
succesfully). See issue #9277.
2019-10-22 15:57:52 -07:00
Mateusz Mandera fea4d0b2be ldap: Do a proper search for email in email_belongs_to_ldap.
This fixes a collection of bugs surrounding LDAP configurations A and
C (i.e. LDAP_APPEND_DOMAIN=None) with EmailAuthBackend also enabled.

The core problem was that our desired security model in that setting
of requiring LDAP authentication for accounts managed by LDAP was not
implementable without a way to

Now admins can configure an LDAPSearch query that will find if there
are users in LDAP that have the email address and
email_belongs_to_ldap() will take advantage of that - no longer
returning True in response to all requests and thus blocking email
backend authentication.

In the documentation, we describe this as mandatory configuration for
users (and likely will make it so soon in the code) because the
failure modes for this not being configured are confusing.

But making that change is pending work to improve the relevant error
messages.

Fixes #11715.
2019-10-22 15:53:39 -07:00
Rohitt Vashishtha 8d172d8bf6 tests/message_store: Assert both flag modifying code paths are consistent. 2019-10-21 22:25:25 -07:00
Rohitt Vashishtha 4cfb209dc5 unread: Don't count wildcard mentions in muted streams/topics.
Users generally don't expect wildcard mentions in muted streams and
topics to be treated as a mention, either for the purposes of desktop
notifications or the unread mention counts.

This fixes the unread mention counts part of the issue.

Fixes part of #13073.
2019-10-21 22:23:29 -07:00
Tim Abbott 87b43fdac0 tests: Fix whitespace around INVALID_STREAM_ID. 2019-10-21 22:14:46 -07:00
Vishnu KS ec955f8f78 support: Show confirmation links in search.
Fixes #13060 #12784
2019-10-21 16:56:50 -07:00
Vishnu KS e080b42fe5 tests: Move get_stream_id function to ZulipTestCase. 2019-10-21 16:56:48 -07:00
Vishnu KS 23036a9f40 confirmation: Set confirmation object realm attribute in realm reactivation.
The value of realm attribute in confirmation object used to be empty
before. We are not currently using the realm attribute of reactivation
links anywhere. The value of realm stored in content_object is currently
used.
2019-10-21 16:52:46 -07:00
Vishnu KS 139ebf387b support: Pass various realm functions as template context.
We currently have code to calculate the value of realm_icon_url,
admin_emails and default_discount in two diffrent places. With
the addition of showing confirmation links it would become three.
The easiest way to deduplicate the code and make the view cleaner
is by doing the calculations in template. Alternatively one can
write a function that takes users, realms and confirmations as
arguments and sets the value of realm_icon_url, admin_emails and
default_discount appropriately in realm object according to the
type of the confirmation. But that seems more messy than passing
the functions directly to template approach.
2019-10-21 16:52:46 -07:00
Vishnu KS 62a8e378a6 support: Refactor realm details into a seperate template. 2019-10-21 16:52:46 -07:00