Commit Graph

41011 Commits

Author SHA1 Message Date
aryanshridhar 04fb0552a6 analytics: escape HTML correctly when generating links.
Wrapped the html text within html.escape function to convert
special characters into HTML-safe string while generating link.
2021-03-18 15:08:31 -07:00
Anders Kaseorg fe28ecb71d hash_util: Convert object characterToBeReplaced object to map.
Computed indexing into an object, especially with a user-provided key,
can be dangerous in JavaScript because of nonsense features like
obj["__proto__"].  In this case there’s no vulnerability because the
possible keys are strictly limited by the regex, but it’s always
better practice to use a Map for computed indexing.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-03-18 15:07:17 -07:00
Adam Birds 7fd7a1917b integrations: Update Zabbix Documentation.
I have added a note about the fact these instructions are for Zabbix 5.2
and above and the workflow for other versions of Zabbix may be
different.
2021-03-18 15:00:10 -07:00
Signior-X e1c4c7b802 message view: Show message source button until message successfully sent.
This commit removes the unless msg/locally_echoed condition for the
edit content div, which has the consequence of making the "view
message source" widget always available for locally echoed
messages. This ensures that the message source can be seen if a very
long message has been drafted and it fails due to a server-side error
(See #17425 for the original report).

Fixes #17650.
2021-03-18 14:49:09 -07:00
Tim Abbott 88f351cdee outgoing_webhook: Simplify error handling logic.
Structurally, exception, failure_message, and status_code are mutually
exclusive in how this function is called, and it's best for the
function's flow to represent that.
2021-03-18 14:41:34 -07:00
Siddharth Asthana ec28a7555c outgoing_webhook: modify outgoing_webhook's 407 error message.
The message from the bot which triggered the 407 error message notifies
the bot owner about the exceptions as well in the error message. This
commit handles it more gracefully and shows a generic message.
2021-03-18 14:39:26 -07:00
Siddharth Asthana 5ec0860a2f outgoing_webhook: Add bot name when a outgoing_webhook is triggered.
The messages from the bot which were triggered by the outgoing_webhooks
didn't have the bot name in them. This commit adds the bot name to it
and makes the corresponding changes in the tests.
2021-03-18 14:39:26 -07:00
Steve Howell 728905d4bc node tests: Clean pm_conversations more simply. 2021-03-18 16:37:20 -04:00
Steve Howell b2be16c4d0 node tests: Use clean BuddyList instance in tests.
As part of this, we inline one function call rather
than changing it to have buddy_list be passed in.
2021-03-18 16:37:20 -04:00
Tim Abbott 0da1bd43e9 analytics: Remove buggy HttpResponseNotFound text.
Had this been in normal route, this would have been an XSS bug, as we
were passing what the developer clearly believed to be plain text into
an HTML 404 page.

The affected routes have @require_server_admin, a permission that we
do not expect any self-hosted users to have ever enabled (as it is
undocumented and doing so is only possible manually via a `manage.py
shell`, and we believe to only be useful for running a SaaS service
like zulip.com).  So the security impact is limited to a handful of
staff of zulip.com and this isn't a candidate for a CVE.

Thanks to GitHub's CodeQL for finding this.
2021-03-18 12:16:15 -07:00
Strifel 209c89be10 ldap: Add option to limit user access to certain realms.
This adds an option for restricting a ldap user
to only be allowed to login into certain realms.
This is done by configuring an attribute mapping of "org_membership"
to an ldap attribute that will contain the list of subdomains the ldap
user is allowed to access. This is analogous to how it's done in SAML.

Co-authored-by: Mateusz Mandera <mateusz.mandera@zulip.com>
2021-03-18 11:19:59 -07:00
Megamind e6ee1b0760
recent typos: Fix incorrect aria-label of mute (should be unmute). 2021-03-18 10:13:25 -07:00
100RABHpy 62676e5a3d encoding: Reduce the number of replace calls while encoding URL.
We are making two calls to replace function while encoding
URL. But we can optimize it to make only one.
2021-03-18 10:12:08 -07:00
Alex Vandiver 9ea86c861b puppet: Add a nagios alert configuration for smokescreen.
This verifies that the proxy is working by accessing a
highly-available website through it.  Since failure of this equates to
failures of Sentry notifications and Android mobile push
notifications, this is a paging service.
2021-03-18 10:11:15 -07:00
YashRE42 2b03a74d97 channel: Add while_reloading test cases for 100% coverage.
The branches that depended on reload_state were introduced after a
refactor in 'presence' and never had relevant test cases added.
2021-03-18 10:09:22 -07:00
YashRE42 e268debdc6 minor: Fix mention of success handler in error wrapper. 2021-03-18 10:09:22 -07:00
Anders Kaseorg 23088b5d78 markdown: Fix some Any annotations.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-03-17 18:41:46 -07:00
Anders Kaseorg 9864907985 mypy: Correct typing.re imports to typing.
Although typing.re exists in the standard library, mypy has never
recognized it.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-03-17 18:41:46 -07:00
Anders Kaseorg afbcdc38f4 test-js-with-puppeteer: Propagate --skip-provision-check to test server.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-03-17 18:26:15 -07:00
Anders Kaseorg 129ea6dd11 nginx: Consistently listen on IPv6 and with HTTP/2.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-03-17 17:46:32 -07:00
Megamind ec43f5418d
right sidebar: Improve icon for "Invite more users".
This replaces the `+` with a version that has a user head next to it.
2021-03-17 17:33:25 -07:00
Signior-X 10e6ccc3a1 refractor: Created set_calculated_message_container_variables function.
This commit takes the blocks of code from "build_message_groups" that are the
same as "_rerender_message", and move those into a function called
"set_calculated_message_container_variables". This helps to avoid bugs in
future as in #17663. Like timestr was being updated in one of them, but needed
in both. So, it takes care that message variables are correctly set.

Part of #17663
2021-03-17 17:21:42 -07:00
Signior-X 0487503cc4 message view: Fix the wrong time shown for message locally echoed.
This commit updates the _rerender_message to update the message_time
string with the current timestamp on the message rerender.

When we locally echo a message, we store a local timestamp that will
generally not be used as it is replaced by the server time in
echo.process_from_server when we confirm receipt of the message.

echo.process_from_server correctly updates the .timestamp field on
the message and triggers a rerender but that rerender reuses
the message_container object without recomputing the
message_container.timestr due to which wrong older timestr was shown
on the message box.

This commit fix this by calling set_timestr in the rerender code path,
alongside calls to update similar data structures like
this._maybe_format_me_message.

Fixes #17655
2021-03-17 17:21:42 -07:00
yasiruRathnayaka97 2d414fa897
left-sidebar: Fix 3-points-menu responsive bug.
In responsive narrow windows where the left sidebar is an overlay, clicking the \vdots menus for  
'All messages' and 'Starred messages' would result in the navigation closing and the menu appearing
somewhere weird.

We fix this the same way that we address this issue with the similar stream/topic menus, by calling
the function to show this sidebar after closing all popovers.

Fixes: #17537.
2021-03-17 15:11:23 -07:00
Gaurav Pandey 44ff6da107 email-integration: Notify user on failure to send message via email.
On replying to an email notifcation from a stream where the user
does not come under the stream_post_policy will subsequently result
in a failure. In such a case, the user does not receive feedback
regarding the failure.

Notify the user via notification bot if their email
message failed to send.
Fixes #16642.
2021-03-17 14:56:17 -07:00
Nikhil Maske d9776159f1 account_settings: Change the position of the custom-profile-fields-form.
The custom-profile-fields-form element custom_user_field contains
the textarea for Biography that expands. The textarea treats the
user-avatar-section as an disturbing obstacle when expanded beyond
the certain width. To fix this, the custom-profile-fields-form
is placed out from the account-settings-form.

Fixes #17617.
2021-03-17 12:25:12 -07:00
Anders Kaseorg 3ef6f6e2e2 js: Convert static/js/blueslip.js to ES6 module.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-03-17 08:47:15 -04:00
Anders Kaseorg b0ceaa1ea0 node_tests: Replace override(blueslip) with blueslip.expect.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-03-17 08:47:15 -04:00
100RABHpy 039dd256a1 markdown: Fix a bug in query_and_reply.
Fixes #17466
This commit will change encoding logic. Initial logic
was not encoding parenthesis, and this creates conflicts
with the markdown link format. To resolve this while encoding,
we're now replacing parenthesis with ".28" and ".29."

There is no need to change decoding logic because before
decoding any URL, we first convert all the “.” to “%.”

optimization: No need to replace parenthesis in popovers.js.
2021-03-16 16:40:37 -07:00
Tim Abbott a025726b62 docs: Remove reference to old length of GSoC projects. 2021-03-16 15:40:41 -07:00
Tim Abbott a14cd23bdb integration docs: Fix organization of Google calendar doc. 2021-03-16 15:35:15 -07:00
Adam Birds 3649da27bf integrations: Update Yo Documentation.
I have updated the documentation for the Yp integration to include
number for ease of readability.

Fixes part of #17633.
2021-03-16 15:29:47 -07:00
Adam Birds bd79428a19 integrations: Update SVN Documentation.
I have updated the docs for the SVN integration to properly indent the
code block etc as well as using 1. for the numbers rather than 1. 2. and
so on.

Fixes part of #17633.
2021-03-16 15:29:47 -07:00
Adam Birds d74f608147 integrations: Update RSS Documentation.
I have updated the docs for the RSS integration to include numbers to
increase its readability.

Fixes part of #17633.
2021-03-16 15:29:47 -07:00
Adam Birds 795e41f317 integrations: Update Pingdom Documentation.
I have updated the Pingdom documentation to include numbers to increase
ease of readability.

Fixes part of #17633.
2021-03-16 15:29:47 -07:00
Adam Birds eca9cfd7d7 integrations: Update Perforce Documentation.
I have updated the docs for the Perforce integration to include numbers
to increase readability.

Fixes part of #17633.
2021-03-16 15:29:47 -07:00
Adam Birds 26916bdf85 integrations: Update Jenkins Documentation.
I have updated the docs for the Jenkins integration to include number
for ease of read as well as switching over to the new
{create-a-bot-indenmted.md} template to allow the continuation of
numbers.

Fixes part of #17633.
2021-03-16 15:29:47 -07:00
Adam Birds 8337dce913 integrations: Update HomeAssistant Documentation.
I have updated the docs for the homeassistant integration to include
numbers to increase visibility.

Fixies part of #17633.
2021-03-16 15:29:47 -07:00
Adam Birds eaf0212f6a integrations: Update Google Calendar Docs.
I have updated the docs for the Google Celndar integration to include
numbers to increase its readbility.

Fixes part of #17633.
2021-03-16 15:29:47 -07:00
Adam Birds c14dd92c2c integrations: Update Discourse Documentation.
I have updated the docs for the Discourse integration to include numbers
for better readability.

Fixes part of #17633.
2021-03-16 15:29:47 -07:00
Adam Birds d03f75fd79 integrations: Update Docs for Hubot integrations.
I have updated the documentation for all the integrations that use Hubot
to include numbers for ease of readability.

Fixes part of #17633.
2021-03-16 15:29:47 -07:00
Adam Birds 8f4983a093 integrations: Update Asana Documentation.
I have updated the documentatsion for the Asana integration to include
numbered steps to increase its readability.

Fixes part of #17633.
2021-03-16 15:29:47 -07:00
Vishnu KS cda64b6204 navbar: Tag organization profile update message properly for translation. 2021-03-16 15:15:09 -07:00
Vishnu KS c463ccc4e4 navbar: Tag desktop app security alert message properly for translation. 2021-03-16 15:15:09 -07:00
Vishnu KS 1c6f223d06 navbar: Tag unread alert message properly for translation. 2021-03-16 15:15:09 -07:00
Aman Agrawal e0ed9cc605 ci: Remove CircleCI workaround for buggy CPU count allocation.
GitHub Actions gives us 2 cpus (probably shared) to run the
jobs. Specifying 6 processes here doesn't make a difference
since both jobs run in around 5 minutes right now.
2021-03-16 15:11:26 -07:00
Aman Agrawal f2a137f863 github_actions: Remove Codecov workaround.
Codecov has released the new version which fixes the find error.
Followup from 6a357ea114
2021-03-16 15:11:21 -07:00
Aman Agrawal 76c69b943c github_actions: Explode backend and frontend tests.
We basically move all the tests from backend and frontend test
files to zulip-ci workflow. This results in GitHub Actions
nicely displaying all the tests separately.
2021-03-16 15:11:21 -07:00
Aman Agrawal dd3cdd6ec5 github_actions: Stop logging timestamp.
Timestamps are logged automatically by GitHub Actions and can be
made visible using log settings easily. Hence we remove the
unnecessary timestamps here to make the logs look much cleaner.
2021-03-16 15:11:21 -07:00
Aman Agrawal 2b23609f9a ci: Remove unused circleci config file and update codebase.
We have disabled CircleCI and are using GitHub Actions for automated
testing.

docs: Changed context from CircleCI to Github Actions and wrote
some documentation specific to GH Actions.

tools: Replaced env checks for CIRCLECI with GITHUB_ACTION.

README: Use GitHub Actions build status badge.
2021-03-16 15:11:21 -07:00