Commit Graph

1972 Commits

Author SHA1 Message Date
Tim Abbott 365fed531a docs: Remove nginx reverse proxy websockets documentation.
Zulip no longer uses websockets in production, so this code was
unnecessary.
2020-06-14 15:17:32 -07:00
qnxor 6399bccc07 docs: Add Apache2 reverse proxy instructions and example.
Tweaked by tabbott to disable older SSL and remove websockets logic,
which isn't relevant in master.
2020-06-14 15:15:23 -07:00
Tim Abbott a361646221 docs: Fix references to removed puppet rules. 2020-06-14 12:47:22 -07:00
SiddharthVarshney 60010449d2 icon: Import a font-awesome 5 third party icon.
This is a prep commit for replacement of chevron
from sidebars.

This commit will add ellipsis-v icon in svg format downloaded
from font-awesome 5. This has to be done because font-awesome 4.7
(the version we are using) does not have this icon with
circular dots.

And font-awesome 5 as a whole doesn't make sense to upgrade to because
it's intentionally semi-crippled as part of their business plan.

Also include entry in THIRDYPARTY and Licence details.
2020-06-11 17:15:55 -07:00
Anders Kaseorg 365fe0b3d5 python: Sort imports with isort.
Fixes #2665.

Regenerated by tabbott with `lint --fix` after a rebase and change in
parameters.

Note from tabbott: In a few cases, this converts technical debt in the
form of unsorted imports into different technical debt in the form of
our largest files having very long, ugly import sequences at the
start.  I expect this change will increase pressure for us to split
those files, which isn't a bad thing.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 16:45:32 -07:00
Anders Kaseorg 69730a78cc python: Use trailing commas consistently.
Automatically generated by the following script, based on the output
of lint with flake8-comma:

import re
import sys

last_filename = None
last_row = None
lines = []

for msg in sys.stdin:
    m = re.match(
        r"\x1b\[35mflake8    \|\x1b\[0m \x1b\[1;31m(.+):(\d+):(\d+): (\w+)", msg
    )
    if m:
        filename, row_str, col_str, err = m.groups()
        row, col = int(row_str), int(col_str)

        if filename == last_filename:
            assert last_row != row
        else:
            if last_filename is not None:
                with open(last_filename, "w") as f:
                    f.writelines(lines)

            with open(filename) as f:
                lines = f.readlines()
            last_filename = filename
        last_row = row

        line = lines[row - 1]
        if err in ["C812", "C815"]:
            lines[row - 1] = line[: col - 1] + "," + line[col - 1 :]
        elif err in ["C819"]:
            assert line[col - 2] == ","
            lines[row - 1] = line[: col - 2] + line[col - 1 :].lstrip(" ")

if last_filename is not None:
    with open(last_filename, "w") as f:
        f.writelines(lines)

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-06-11 16:04:12 -07:00
Alex Vandiver 4fe0444108 puppet: Install wal-g, not wal-e. 2020-06-11 15:52:43 -07:00
Tim Abbott f0d8f60b66 help: Add basic documentation of organization owners. 2020-06-10 14:07:46 -07:00
Anders Kaseorg 3a15e4b51d settings: Extract most of test_settings to test_extra_settings.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-09 22:29:50 -07:00
Anders Kaseorg 5546762bd9 settings: Extract computed settings to computed_settings.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-09 22:29:50 -07:00
Anders Kaseorg c45962785c settings: Group {default,prod,dev}_settings as configured_settings.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-09 22:20:42 -07:00
Anders Kaseorg 9cb6a75da5 docs: Fix location of default settings.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-09 22:15:34 -07:00
Anders Kaseorg a7a207d5d9 docs: Add missing code markers to settings.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-09 22:15:34 -07:00
Dinesh dc90d54b08 auth: Add Sign in with Apple support.
This implementation overrides some of PSA's internal backend
functions to handle `state` value with redis as the standard
way doesn't work because of apple sending required details
in the form of POST request.

Includes a mixin test class that'll be useful for testing
Native auth flow.

Thanks to Mateusz Mandera for the idea of using redis and
other important work on this.

Documentation rewritten by tabbott.

Co-authored-by: Mateusz Mandera <mateusz.mandera@zulip.com>
2020-06-09 17:29:35 -07:00
Tim Abbott 5deaae14b3 docs: Update changelog.
This now covers most features that will be in the Zulip 2.2 release.
2020-06-09 00:32:07 -07:00
Tim Abbott 5154ddafca docs: Update production supported releases.
Now that we have production support for Ubuntu Focal, we update the
documentation to state our support for it.

(We also drop deprecated Xenial and Stretch from supported platforms).
2020-06-08 22:11:28 -07:00
Tim Abbott 7b8ba5ebd9 docs: Update most remaining references to zulipchat.com.
In some cases, the cleanest tweak is to replace references to the
domain with Zulip Cloud, the product.
2020-06-08 18:10:45 -07:00
Tim Abbott 71078adc50 docs: Update URLs to use https://zulip.com.
We're migrating to using the cleaner zulip.com domain, which involves
changing all of our links from ReadTheDocs and other places to point
to the cleaner URL.
2020-06-08 18:10:45 -07:00
Anders Kaseorg 08ddeca8a5 docs: Fix an incorrect use of i.e.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-08 16:28:05 -07:00
Anders Kaseorg 8e4f22c184 auth: Require algorithms setting for JWT auth.
Calling jwt.decode without an algorithms list raises a
DeprecationWarning.  This is for protecting against
symmetric/asymmetric key confusion attacks.

This is a backwards-incompatible configuration change.

Fixes #15207.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-08 16:22:25 -07:00
Sharif Naas 29ef37d03b docs: Fix broken wording in testing/philosophy.md. 2020-06-08 11:13:32 -07:00
Sharif Naas 3b120220a7 docs: Reword sentence to be more concise while fixing broken wording.
The previous wording was slightly broken, but this commit changes the
wording beyond just fixing that issue, to be more concise.
2020-06-08 11:13:32 -07:00
Sharif Naas 37be21cebe docs: Improve readability of a sentence in testing/philosophy.md.
Previously, it was unnecessarily difficult to parse the sentence to
determine that "HTTP response" and "internal state of the server
following the request" are the coherent ideas. Even if length wasn't
an issue, e.g. "... and checking both the A and B are correct", the
sentence still feels a bit fragile without a "that".

Since the second phrase is indeed relatively long, and "internal state
of the server" is a reasonable guess for the second coherent idea, the
"the" helps to reset the reader's expectation about where the next
coherent idea starts, and ends.

Lastly, having "both" in front of the two phrases encourages an
assumption that they're shorter (which is especially problematic for
the second phrase), while having it at the end of the sentence helps
to anchor the end of the second phrase; this is especially true since
the absence of "both" before that point encourages an assumption that
you haven't finished reading yet, given that two things have been
mentioned.
2020-06-08 11:13:32 -07:00
Sharif Naas fb969de765 docs: Fix typos in testing/philosophy.md. 2020-06-08 11:13:32 -07:00
Sharif Naas 17afd460bc docs: Fix typos in contributing/code-style.md. 2020-06-08 11:13:32 -07:00
Anders Kaseorg ad24eef6ee circleci: Drop -python3.X suffixes from job names.
The workflow names should be sufficient.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-08 11:04:40 -07:00
Anders Kaseorg 1f565a9f41 timezone: Use standard library datetime.timezone.utc consistently.
datetime.timezone is available in Python ≥ 3.2.  This also lets us
remove a pytz dependency from the PostgreSQL scripts.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-05 09:34:17 -07:00
Anders Kaseorg c618b3ae30 docs: Avoid deprecated app.add_stylesheet alias.
Fixes this warning:

/srv/zulip/docs/conf.py:337: RemovedInSphinx40Warning: The app.add_stylesheet() is deprecated. Please use app.add_css_file() instead.
  app.add_stylesheet('theme_overrides.css')  # path relative to _static

https://www.sphinx-doc.org/en/3.x/extdev/deprecated.html

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-04 14:15:30 -07:00
Anders Kaseorg 4d04fa3118 compose: Rewrite Zoom video call integration to use OAuth.
This reimplements our Zoom video call integration to use an OAuth
application.  In addition to providing a cleaner setup experience,
especially on zulipchat.com where the server administrators can have
done the app registration already, it also fixes the limitation of the
previous integration that it could only have one call active at a time
when set up with typical Zoom API keys.

Fixes #11672.

Co-authored-by: Marco Burstein <marco@marco.how>
Co-authored-by: Tim Abbott <tabbott@zulipchat.com>
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2020-06-03 16:39:12 -07:00
Anders Kaseorg 7a53da7526 capitalization: Fix OAuth capitalization.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-06-03 16:39:12 -07:00
Sharif Naas 7e681c934c docs: Fix anchor link written in reference link syntax.
This has been broken since it was added in a rewrite in July 2019 in
c931e76cf2. An incomplete fix was
made a few days later in 871fd57f5e.
2020-06-01 18:31:05 -07:00
Sharif Naas 267c427677 docs: Fix broken and missing link references in Git guide.
These references broke in November 2017, when git-guide.md was split
into multiple files in fa3602b61f.
2020-06-01 18:31:05 -07:00
arpit551 d4958484a1 travis: Removed screen cast of Travis setup. 2020-06-01 14:12:11 -07:00
arpit551 8972bf6b7a doc: Updated CircleCI setup documentation.
Fixes #15095
2020-06-01 14:12:11 -07:00
Mateusz Mandera 96f466f635 docs: Fix typo in testing-with-node.md. 2020-05-28 18:55:40 +00:00
Tim Abbott 4d2b1673f8 docs: Replace support@zulipchat.com with support@zulip.com.
The new address is cleaner and shorter.
2020-05-28 08:14:30 +00:00
Mateusz Mandera 501e7c44dc docs: Add instructions for SAML with Okta/OneLogin in /help/.
Tweaked by tabbott to shift how this is organized.
2020-05-28 08:14:30 +00:00
sahil839 1db0775e6e tests: Use do_change_user_role in lint rules and test docs.
This commit changes test docs and lint rules to use do_change_user_role
instead of do_change_is_admin and do_change_is_guest.
2020-05-27 15:38:25 -07:00
Tim Abbott 86d4861c2d docs: Improve documentation for calling i18n functions. 2020-05-27 13:56:05 -07:00
YashRE42 669f482b0d icons: Switch from text-o to code-o for view source / edit topics.
This commit replaces fa-file-text-o with fa-file-code-o which is a
better signal for the "view source" action. It also deletes a single
line comment that had suggested the change once we moved into font
awesome 4, which Aditya Bansal <adi.bansal241996@gmail.com> helped
out in doing, first via
91962aa6ab and most recently via
75ae94e459 with several commits in
between.
2020-05-25 16:19:50 -07:00
Mateusz Mandera b66dc9de50 saml: Support IdP-initiated SSO. 2020-05-25 16:09:30 -07:00
Tim Abbott c192461c1b docs: Fix setup-advanced git clone instructions.
This should help ensure everyone uses the SSH key approach for Git
authentication; the HTTPS one is basically unusable as one has to
provide one's GitHub password after every command.
2020-05-21 13:05:59 -07:00
Tim Abbott 196d5b8c59 docs: Add a few introductory paragraphs to our code style doc. 2020-05-19 14:22:15 -07:00
Tim Abbott ccd306d3f4 docs: Improve code style commentary on testing. 2020-05-19 14:11:53 -07:00
Alex Vandiver 031260573f docs: Link to section on migrating local -> S3 storage.
This section at the top was clearly written before the documentation
at the bottom existed, and hasn't been updated to point to the
now-existent docs below.

Add the link, rather than directing to #production-help.
2020-05-19 14:08:44 -07:00
Alex Vandiver fb3f6bb68e docs: Reword `zulip_path` suggestion.
"declare the path with `zulip_path`" is opaque; be more explicit about
what should be done.
2020-05-19 14:07:12 -07:00
Alex Vandiver 310487c868 docs: Reformat timezone advice into bullet form. 2020-05-19 14:07:12 -07:00
Alex Vandiver 001334ed2d docs: Provide "right" example of using ids in sets. 2020-05-19 14:05:20 -07:00
Alex Vandiver d17baaf2af docs: Stop suggesting get_stream, which is anti-suggested.
Use of `get_stream` itself is explicitly suggested against by a
linter, in preference to the `access_stream_by_` methods; suggest
those here instead.
2020-05-19 14:05:20 -07:00
Alex Vandiver 9800392beb docs: Be more explicit about good prefetching patterns.
The problem is not the list comprehension, as the previous wording
implied, but rather the fact that data is needed from the linked
table.

Be explicit about _what_ in the QuerySet API is helpful for addressing
this -- namely, use of `select_related`.
2020-05-19 14:05:20 -07:00
Tim Abbott 9b9aa23f6a docs: Fix path for API code markdown extension. 2020-05-19 11:11:41 -07:00
Steve Howell ca0b8fd4b3 docs: Downplay actions.py a bit. 2020-05-17 21:32:38 -07:00
Steve Howell 2da81d9ab5 docs: Explain we don't use nginx in dev. 2020-05-17 21:29:28 -07:00
Steve Howell c8ce12bdd0 docs: Add missing comma. 2020-05-17 21:27:31 -07:00
Steve Howell c4208bf39b docs: Use modern stream narrow urls. 2020-05-17 21:27:31 -07:00
Steve Howell 86c3ba26ff docs: Update tornado line count. 2020-05-17 21:27:30 -07:00
Steve Howell 3cda5b61b1 docs: List four types of emojis. 2020-05-17 21:26:56 -07:00
Steve Howell 792e28056e docs: Use 5 seconds as our bar for null provisions. 2020-05-17 21:25:53 -07:00
Steve Howell c1dc7b99ea docs: Put backticks around `SourceMap`. 2020-05-17 21:25:53 -07:00
Steve Howell cdeeffb44b docs: Replace "fancy" with longstanding. 2020-05-17 21:25:53 -07:00
Steve Howell 6c4a471cc2 docs: Word cautioning advice more directly. 2020-05-17 21:25:53 -07:00
Steve Howell 23c2198da3 docs: Use string_id in header. 2020-05-17 21:25:53 -07:00
Steve Howell 35df5f35d8 docs: Keep manual-restore steps sequential. 2020-05-17 21:25:53 -07:00
Steve Howell 0267e5b145 docs: Mention zilencer in context.
We mention zilencer later in the docs, but I think it's
important to mention it specifically in the context of
management commands, too.
2020-05-17 21:25:53 -07:00
Steve Howell f8606eb68a docs: Alphabetize glossary. 2020-05-17 21:25:53 -07:00
Steve Howell 0b3d14a408 docs: Remove alpha status for ZulipTerminal. 2020-05-17 07:56:38 -04:00
Steve Howell b3c9676baf docs: Use full path for zulip.yaml.
Note that this section may actually be obsolete.
2020-05-17 07:56:38 -04:00
Steve Howell cc9e6a54c0 doc: Fix tense for "Include". 2020-05-17 07:56:38 -04:00
Puneeth Chaganti 614d4a3da8 docs: Add note about generating integrations bot avatar image. 2020-05-11 14:49:11 -07:00
Anders Kaseorg 8cdf2801f7 python: Convert more variable type annotations to Python 3.6 style.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-05-08 16:42:43 -07:00
Alex Vandiver 3a7a032ee2
docs: Remove unnecessary double-backticks in indented line.
These came in during the conversion from rST in 337155f280.
2020-05-05 21:28:00 -07:00
Tim Abbott 1c1c47b94a docs: Delete discussion of legacy push notifications signup.
This hasn't been used in months; it was only there in case of problems
with the rollout of the automated workflow, so it makes sense to
delete it now.
2020-05-05 15:59:35 -07:00
Vishnu Ks 9a8d0ca9fe docs: Recommend contact page over email wherever possible.
With a few tweaks from tabbott to preserve the enthusiasm for feedback
and de-emphasize twitter as a channel (we give better support
elsewhere).
2020-05-05 15:57:54 -07:00
Anders Kaseorg b094534319 THIRDPARTY: Add missing license texts for CC-BY-3.0, CC-BY-SA-4.0.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-05-02 10:07:55 -07:00
Anders Kaseorg 587ab554f7 THIRDPARTY: Use standard CC0 short name.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-05-02 10:07:55 -07:00
Anders Kaseorg dbee6b5622 THIRDPARTY: Fix short name references for Apache-2.0, BSD-2-Clause.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-05-02 10:07:55 -07:00
Anders Kaseorg e11f709054 THIRDPARTY: Update Format URL to https.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-05-02 10:07:55 -07:00
arpit551 a6df0b94dd doc: Updated docs for the job xenial-legacy. 2020-04-28 11:28:07 -07:00
Tim Abbott 28cb0aa81a docs: Use consistent spelling of CircleCI. 2020-04-28 11:26:58 -07:00
arpit551 16d41e59b5 doc: Update documentation replacing travis with CircleCI. 2020-04-28 11:24:54 -07:00
Tim Abbott 9566905b81 docs: Clarify nginx reverse proxy documentation.
Fixes #14740.
2020-04-26 10:51:39 -07:00
Anders Kaseorg 257a026f13 docs: Bump copyright year.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-23 16:04:54 -07:00
Rohitt Vashishtha 2825e6ad48 i18n: Support subexpressions of type (t "text") in Handlebars. 2020-04-22 17:57:16 -07:00
Anders Kaseorg fead14951c python: Convert assignment type annotations to Python 3.6 style.
This commit was split by tabbott; this piece covers the vast majority
of files in Zulip, but excludes scripts/, tools/, and puppet/ to help
ensure we at least show the right error messages for Xenial systems.

We can likely further refine the remaining pieces with some testing.

Generated by com2ann, with whitespace fixes and various manual fixes
for runtime issues:

-    invoiced_through: Optional[LicenseLedger] = models.ForeignKey(
+    invoiced_through: Optional["LicenseLedger"] = models.ForeignKey(

-_apns_client: Optional[APNsClient] = None
+_apns_client: Optional["APNsClient"] = None

-    notifications_stream: Optional[Stream] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE)
-    signup_notifications_stream: Optional[Stream] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE)
+    notifications_stream: Optional["Stream"] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE)
+    signup_notifications_stream: Optional["Stream"] = models.ForeignKey('Stream', related_name='+', null=True, blank=True, on_delete=CASCADE)

-    author: Optional[UserProfile] = models.ForeignKey('UserProfile', blank=True, null=True, on_delete=CASCADE)
+    author: Optional["UserProfile"] = models.ForeignKey('UserProfile', blank=True, null=True, on_delete=CASCADE)

-    bot_owner: Optional[UserProfile] = models.ForeignKey('self', null=True, on_delete=models.SET_NULL)
+    bot_owner: Optional["UserProfile"] = models.ForeignKey('self', null=True, on_delete=models.SET_NULL)

-    default_sending_stream: Optional[Stream] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE)
-    default_events_register_stream: Optional[Stream] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE)
+    default_sending_stream: Optional["Stream"] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE)
+    default_events_register_stream: Optional["Stream"] = models.ForeignKey('zerver.Stream', null=True, related_name='+', on_delete=CASCADE)

-descriptors_by_handler_id: Dict[int, ClientDescriptor] = {}
+descriptors_by_handler_id: Dict[int, "ClientDescriptor"] = {}

-worker_classes: Dict[str, Type[QueueProcessingWorker]] = {}
-queues: Dict[str, Dict[str, Type[QueueProcessingWorker]]] = {}
+worker_classes: Dict[str, Type["QueueProcessingWorker"]] = {}
+queues: Dict[str, Dict[str, Type["QueueProcessingWorker"]]] = {}

-AUTH_LDAP_REVERSE_EMAIL_SEARCH: Optional[LDAPSearch] = None
+AUTH_LDAP_REVERSE_EMAIL_SEARCH: Optional["LDAPSearch"] = None

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-22 11:02:32 -07:00
Anders Kaseorg f8c95cda51 mypy: Add specific codes to type: ignore annotations.
https://mypy.readthedocs.io/en/stable/error_codes.html

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-22 10:46:33 -07:00
Steve Howell 54151bb548 db tools: Rename do-destroy-*database.
The new tools now have more concise, more parallel names:

    - rebuild-dev-database
    - rebuild-test-database

The actual implementations are still pretty different:

rebuild-dev-database:
    mostly delegates to 5 management scripts

rebuild-test-database:
    is a very thin wrapper for generate-fixtures

We'll try to clean that up a bit soon.
2020-04-22 09:24:42 -07:00
Aman Agrawal 59c2b6dcc7 release-checklist: Replace Xenial with Focal. 2020-04-21 15:03:14 -07:00
Aman Agrawal 79acd5ae40 docs: Remove development Xenial and Stretch support. 2020-04-21 15:01:31 -07:00
Aman Agrawal c87d58bb4f docs/wsl: Add recommendations for developing using wsl. 2020-04-20 23:21:45 -07:00
Aman Agrawal b13beb5ea8 circleci: Remove Xenial build as we are deprecating Xenial.
Docs updated to reflect the change.
2020-04-19 11:38:49 -07:00
Anders Kaseorg f506b05667 docs: Remove obsolete claims about Blueslip wrapping things.
These are obsolete since e0a18d3394
(#12737).

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-18 22:37:37 -07:00
Ray Kraesig 8b72de1d4d version control: Add note about paragraph formatting.
We've been getting a number of submissions lately that haven't used
blank lines in between paragraphs, so add that to our style guide.
2020-04-18 13:37:33 -07:00
Aman Agrawal 09d6beecbe docs/wsl: Clone in ~/zulip to avoid permission issues. 2020-04-18 12:25:27 -07:00
Aman Agrawal bf2aec3ff3 docs/wsl: Correct name for rabbitmq conf file. 2020-04-18 12:25:27 -07:00
Steve Howell 7eb6d32d59 provision: Let build_emoji build its own cache.
We no longer need to maintain duplicate code
related to where we set up the emoji
cache directory.

And we no longer need two extra steps for
people doing advanced (i.e. manual) setup.

There was no clear benefit to having provision
build the cache directory for `build_emoji`,
when it was easy to make `build_emoji` more
self-sufficient.  The `build_emoji` tool
was already importing the library that has
`run_as_root`, and it was already responsible
for 99% of the create-directory kind of tasks.

(We always call `build_emoji` unconditionally from
`provision`, so there's no rationale in terms
of avoiding startup time or something.)

ASIDE:

Its not completely clear to me why we need
to put this directory in "/srv", instead of
somewhere more local (like we already do for
Travis), but maybe it's just to be like
its siblings in "/srv":

    node_modules
    yarn.lock
    zulip-emoji-cache
    zulip-npm-cache
    zulip-py3-venv
    zulip-thumbor-venv
    zulip-venv-cache
    zulip-yarn

I guess the caches that we keep in var are
dev-only, although I think some of what's under
`zulip-emoji-cache` is also dev-only in nature?

    ./var/webpack-cache
    ./var/mypy-cache

In `docs/subsystems/emoji.md` we say this:

```
The `build_emoji` tool generates the set of files under
`static/generated/emoji` (or really, it generates the
`/srv/zulip-emoji-cache/<sha1>/emoji` tree, and
`static/generated/emoji` is a symlink to that tree;we do this in
order to cache old versions to make provisioning and production
deployments super fast in the common case that we haven't changed the
emoji tooling). [...]
```

I don't really understand that rationale for the development
case, since `static/generated` is as much ignored by `git` as
'/srv' is, without the complications of needing `sudo` to create it.

And in production, I'm not sure how much time we're really saving,
as it takes me about 1.4s to fully rebuild the cache in dev, not to
mention we're taking on upgrade risk by sharing files between versions.
2020-04-17 09:53:26 -07:00
Puneeth Chaganti 05101b4f5a docs: Add a note on manually generating integration screenshots. 2020-04-17 09:41:55 -07:00
Puneeth Chaganti d2eaf799e6 docs: Recommend using generate-integration-docs-screenshot. 2020-04-17 09:41:55 -07:00
Tim Abbott 20ac4e1fba docs: Update changelog for Zulip 2.1.4 release. 2020-04-16 16:20:58 -07:00
Tim Abbott 1219a2e854 docs: Deprecate support for Xenial and Stretch.
Also make sure our documentation for upgrading is reasonable for
Stretch => Buster.

Our reasoning for deprecating support for these releases is as follows:

* Ubuntu 16.04 Xenial reached desktop EOL last year; and will reach
  EOL on the server in about a year.

* Debian Stretch will each EOL in 2020 (the precise date is unclear in
  Debian's documentation, but based on past precedent it's in the next
  few months, perhaps July 2020).
  https://wiki.debian.org/DebianReleases#Production_Releases

* Both Ubuntu 16.04 and Debian Stretch use Python 3.5 as the system
  Python, which will reach EOL in September 2020 (and we're already
  seeing various third-party dependencies that we use drop support for
  them).

* While there is LTS support for these older releases, it's not clear it's
  going to be worth the added engineering effort for us to maintain EOL
  releases of the base OSes that we support.

* We (now) have clear upgrade instructions for moving to Debian Buster
  and Ubuntu 18.04.
2020-04-16 15:36:18 -07:00
Anders Kaseorg b1e7d8b51d settings: Harden session and CSRF cookies with __Host- prefix.
This defends against cross-origin session fixation attacks.  Renaming
the cookies means this one-time upgrade will have the unfortunate side
effect of logging everyone out, but they’ll get more secure sessions
in return.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-12 11:55:55 -07:00