Commit Graph

2710 Commits

Author SHA1 Message Date
Rhea Parekh 30b9d35d5e slack importer: Add helper functions to get user avatars.
Here, we create the slack avatar url using the user data and
build the avatar object. Added Tests for the same.
2018-03-01 16:38:55 -08:00
Rhea Parekh 95df8452be slack importer: Remove function 'get_user_avatar_source'.
slack avatar urls have the format:
'https://ca.slack-edge.com/<team_id>-<user_id>-<avatar_hash>-<size>'
For any url of this form, if the user hasn't uploaded an image,
Slack uses default gravatar, but we don't have a way of knowing if Slack
has used the uploaded image or the custom gravatar
eg: https://ca.slack-edge.com/T5YFFM2QY-U6006P1CN-gd41c3c33cbe-512.
Hence, avatar_source should be mapped to 'U'.
2018-03-01 16:38:55 -08:00
rht 71ff8c370e django-2.0: Don't assign directly to Many-to-Many field.
The old pattern of setting the value and then using .save() here has
been deprecated.  set() also saves the record.
2018-03-01 08:49:35 -08:00
Robert Hönig 48b2e4eb66 backend: Add bot config data patching. 2018-03-01 08:25:43 -08:00
Robert Hönig ade077ff73 backend: Add bot config data to initial state data. 2018-03-01 08:25:43 -08:00
Vishnu Ks 8152532535 urls: Use /new endpoint for creating new realm.
This is just nicer-looking for potentially nontechnical users than
/create_realm.
2018-02-28 13:47:54 -08:00
Aastha Gupta d124597f4b org-settings: Add setting to turn off welcome emails.
This adds an organization-level setting to provide an option to turn
off the welcome emails.

Fixes #8000.
2018-02-28 12:39:01 -08:00
Robert Hönig 71829f3373 Test MessageSenderWorker with Electron as user agent.
This brings MessageSenderWorker coverage to 100%.
2018-02-28 12:31:38 -08:00
Robert Hönig f8338803d9 Add tests for SignupWorker error handling.
This brings SignupWorker coverage to 100%.
2018-02-28 12:31:38 -08:00
Robert Hönig 1ba1851664 QueueProcessingWorker: Test that problems get logged.
This brings QueueProcessingWorker coverage to 100%.
2018-02-28 12:31:38 -08:00
Robert Hönig 3294aa6ac4 embedded bots: Test that BotHandler.initialize is called.
This brings coverage for EmbeddedBotWorker to 100%.
2018-02-28 12:31:38 -08:00
Robert Hönig ae9952c763 backend tests: Repurpose test_invalid_embedded_bot_service.
Previously, this function executed the same test as
test_bots.py/test_create_embedded_bot_with_incorrect_service_name().
Now, instead of testing to add an embedded bot with an incorrect service
name, we test messaging an embedded bot with an incorrect service
name.
2018-02-27 12:20:08 -05:00
Robert Hönig b780b16f57 test_bots.py: Split up test_create_embedded_bot. 2018-02-27 12:20:08 -05:00
Robert Hönig a99cc6170f test_bots.py: Create test bots with create_test_bot(). 2018-02-27 12:20:08 -05:00
Tim Abbott 68664acf1f requirements: Update sqlalchemy to 1.2.4.
This requires updating one of the tests for the group_pm_with feature
in test_narrow to use the new style of tautology generated by SQLAlchemy.

Thanks to Sinwar for investigating this.

Fixes #8381.
2018-02-26 21:32:27 -08:00
Tim Abbott 227e5fdcc2 test_narrow: Improve group_with_with search test.
The previous test structure was weird, in that it didn't cover the
case where there was at least one group PM thread.
2018-02-26 21:32:27 -08:00
Rhea Parekh 3bb14a867b slack importer: Change 'invite_only' mapping in streams.
'invite_only' should always be true for the slack's
standard export plan as the private channels are not
supported in it.
2018-02-25 09:22:01 -08:00
Rhea Parekh a2f6f4ba1c slack importer: Handle case where messages have no users. 2018-02-25 09:20:55 -08:00
Rhea Parekh 15a6f62fe7 slack importer: Refactor defaultstream handling.
The check for the channel ('general' and 'random') must be added before
'build_defaultstream' function is called and then the id is incremented.
Otherwise, the id appended at the end of second defaultstream object, which would be
greater than the total number of defaultstream objects would crash at
'defaultstream_id_list[defaultstream_id]' which is a paramater of 'build_defaultstream'.
Added tests to prevent the same.
2018-02-25 09:20:55 -08:00
Tim Abbott 710f5f7c97 auth: Add support for mobile_flow_otp for RemoteUserBackend.
Because we have a pretty good framework for the existing
mobile_flow_otp system, this requires very little new code.

Fixes #8291.
2018-02-24 08:14:17 -08:00
Tim Abbott 34efab9157 auth: Report to mobile apps the availability of RemoteUserBackend.
This is necessary for mobile apps to do the right thing when only
RemoteUserBackend is enabled, namely, directly redirect to the
third-party SSO auth site as soon as the user enters the server URL
(no need to display a login form, since it'll be useless).
2018-02-24 08:14:17 -08:00
Umair Khan db1e090c6a django-auth-ldap: Bump version to 1.3.0.
The name of _get_user_attrs was changed to attrs in
152d40a2a0

Fixes #8380
2018-02-22 05:39:04 -08:00
Tim Abbott faa3c275de test_narrow: Use a better assert for easier debugging.
This should provide much better error messages.
2018-02-22 05:32:03 -08:00
Rhea Parekh aff9099c3b slack importer: Get domain name from settings.EXTERNAL_HOST. 2018-02-21 08:58:27 -08:00
Umair Khan d22639717c auth: Redirect to an error page instead of 500.
Previously, we used to raise an exception if the direct dev login code
path was attempted when:

* we were running under production environment.
* dev. login was not enabled.

Now we redirect to an error page and give an explanatory message to the
user.

Fixes #8249.
2018-02-20 22:34:53 -08:00
Tim Abbott 4a92ed4332 test_signup: Remove accidentally merged print statements. 2018-02-19 11:46:39 -08:00
Steve Howell 61aaf06abe tests: Fix hard coded "Over 80 native integrations".
This is a quick fix to get the builds working again.  Our
code will say "Over <N> integrations", where N keeps growing over
time.
2018-02-19 14:18:03 -05:00
Vishnu Ks d34dd4cd02 signup: Show subdomain availability during signup.
This uses an actual query to the backend to check if the subdomain is
available, using the same logic we would use to check when the
subdomain is in fact created.
2018-02-19 10:45:17 -08:00
neiljp (Neil Pilgrim) 354d552a10 mypy: Add two mypy-pacifying asserts in upload & bugdown tests. 2018-02-19 09:24:50 -08:00
neiljp (Neil Pilgrim) 15b16c23a1 mypy: Add assertions to test_bots.py to satisfy mypy. 2018-02-19 09:24:50 -08:00
Steve Howell ffb7a371ed minor: Make relative link tests slightly more realistic.
The two tests changed here are exercising some URL rewrite
logic, and now the URL for stream narrows is slightly more
realistic.
2018-02-19 09:03:11 -08:00
Steve Howell 46a49777c4 Add stream ids to urls for stream-related narrows.
This commit prefixes stream names in urls with stream ids,
so that the urls don't break when we rename streams.

strean name: foo bar.com%
before: #narrow/stream/foo.20bar.2Ecom.25
after: #narrow/stream/20-foo-bar.2Ecom.25

For new realms, everything is simple under the new scheme, since
we just parse out the stream id every time to figure out where
to narrow.

For old realms, any old URLs will still work under the new scheme,
assuming the stream hasn't been renamed (and of course old urls
wouldn't have survived stream renaming in the first place).  The one
exception is the hopefully rare case of a stream name starting with
something like "99-" and colliding with another stream whose id is 99.

The way that we enocde the stream name portion of the URL is kind
of unimportant now, since we really only look at the stream id, but
we still want a safe encoding of the name that is mostly human
readable, so we now convert spaces to dashes in the stream name.  Also,
we try to ensure more code on both sides (frontend and backend) calls
common functions to do the encoding.

Fixes #4713
2018-02-19 09:03:11 -08:00
Rhea Parekh b702bbe5a1 slack importer: Allocate ids in a single db query.
We use the command
'select nextval('sequence') from generate_series(1, increment_number)'
which returns a list of allocated values for the ids.

This list is used to assign ids to the to be converted objects.
2018-02-19 08:55:50 -08:00
Rhea Parekh 5dfacfcfca slack importer: Change 'allocate_ids' to return a list of ids.
Update the callers of this function to process the list and add
tests for the same.
2018-02-18 20:47:45 -08:00
Shubham Dhama 9feae472f8 org settings: Add button to deactivate organization.
This adds button under "Organization profile" settings, which
deactivates the organization and sends an "event" to all the
active user and log out them.

Fixes: #8212.
2018-02-18 10:20:38 -08:00
Greg Price 693a9a5e70 push notifs: For group PMs, identify the users in the group. 2018-02-16 16:06:03 -08:00
Shubham Dhama a32e1eb913 markdown: Require double-asterisk around all mentions.
This enforces `**` around all the mentions including "at-all" and
"at-everyone" mentions. Hence this makes `@all` and `@everyone`
invalid mentions, resulting into proper syntax for these mentions as
`@**all**` and `@**everyone**` respectively.

Note from tabbott: This removes an old feature/syntax, which made
sense back when @Tim was also a way to mention a user with Tim as
their first name.  Given how nice typeahead is now, the user part of
the feature was removed a while ago; this should have gone at the same
time.

Fixes: #8143.
2018-02-16 11:45:08 -08:00
Shubham Padia a4b686297a api: Return anchor in get_messages when use_first_unread_anchor=True.
This may be helpful for some API clients, since it avoids them needed
to do somewhat messy post-processing on the results (the data was
always available via scanning for the first unread message in the result).

Fixes #6244.
2018-02-16 10:06:20 -08:00
Aditya Bansal efe8545303 local-uploads: Start running authentication checks on file requests.
From here on we start to authenticate uploaded file request before
serving this files in production. This involves allowing NGINX to
pass on these file requests to Django for authentication and then
serve these files by making use on internal redirect requests having
x-accel-redirect field. The redirection on requests and loading
of x-accel-redirect param is handled by django-sendfile.

NOTE: This commit starts to authenticate these requests for Zulip
servers running platforms either Ubuntu Xenial (16.04) or above.

Fixes: #320 and #291 partially.
2018-02-16 05:06:37 +05:30
Robert Hönig a19a69bfe3 embedded bots: Log warning when bot quit()s.
External bots may call bot_handler.quit() when
they wish to terminate, e.g. due to a misconfiguration.
Currently, embedded bots ignore calls to quit(), even
though they signal a problem. This commit does the first
step in handling quit() calls by logging a warning.
2018-02-13 14:56:37 -08:00
Shubham Dhama 03e4026c62 bots: Check bot owner for deactivated users and bots.
We should not allow deactivated users and bots as a
bot owner.
2018-02-13 09:24:42 -08:00
Shubham Dhama adfc905c3f bots: Handle exception on changing bot owner to invalid user.
It catches the `UserProfile.DoesNotExist` exception and
hence prevent internal server error.
Also remove option to select empty bot owner.
Fixes: #8334.
2018-02-13 09:23:13 -08:00
Greg Price ecbc72b857 push notifs: Add a diagnostic in API of whether push notifs enabled.
When the answer is False, this will allow the mobile app to show a
warning that push notifications will not work and the server admin
should set them up.

Based partly on Kunal's PR #7810.  Provides the necessary backend API
for zulip/zulip-mobile#1507.
2018-02-12 14:34:59 -08:00
Greg Price cc1d64edf8 tests: Dedupe a bit the test for server_settings.
We keep having to change the same thing in three places here; and also
the duplicates have accumulated unnecessary variation that makes it
hard to see what's actually supposed to be different and not different
in the three cases.
2018-02-12 14:34:28 -08:00
Greg Price 3fba90f6c3 billing: Make several small style fixes to new tests.
* Put imports in order.
* `import stripe`; that's the style upstream docs recommend, and it avoids
  confusion e.g. between our StripeError and the library's StripeError.
* Simplify loading JSON.
* Keep lines largely to 100 columns.
2018-02-12 12:46:01 -08:00
Vishnu Ks bed4ca642a stripe: Add backend tests for stripe. 2018-02-12 12:45:46 -08:00
Greg Price 8be2dfa81c APNs: Fix a case I broke while working out tests.
I got distracted, came back later to a successful test run in my
terminal, and thought I remembered finishing the change and just
kicking off a final test run to check.

In fact, there was an `assert False` right in the normal case for
production, and I just hadn't finished a test for that path. (m.-)
Definitely the most grateful I've been for our coverage checks,
which highlighted this for me.

Remove the `assert False`, and also finish writing the test it was
there to help me write.  Those lines are covered now.
2018-02-09 18:28:16 -08:00
Umair Khan 0eca2e102d cache: Add ignore_unhashable_lru_cache function.
This is a wrapper over lru_cache function. It adds following features on
top of lru_cache:

    * It will not cache result of functions with unhashable arguments.
    * It will clear cache whenever zerver.lib.cache.KEY_PREFIX changes.
2018-02-09 18:14:08 -08:00
Greg Price 7f6a1714aa APNs: Don't try to send anything when not configured. 2018-02-09 17:16:21 -08:00
Robert Hönig 0abb0315f3 test_events.py: Properly check the bot added event dict.
Previously, the 'services' entry in the bot added event dict,
did not get verified, because the test didn't include a service bot.
2018-02-09 12:30:24 -08:00
Robert Hönig 760cbcc98e test_events.py: Use create_test_bot(). 2018-02-09 12:30:24 -08:00
Robert Hönig 323284e0b6 backend: Call real endpoint in create_test_bot().
This allows tests to be more realistical and to
directly test payload added to add_bot_backend().
2018-02-09 12:30:24 -08:00
Rhea Parekh 6addf79edb slack importer: Test import in existing database with fixtures.
Check in sample slack dataset fixtures, test data conversion and import of
this converted data into an existing database.
2018-02-09 12:17:10 -08:00
Rhea Parekh be05bccb5b slack importer: optimize allocation of id range before import. 2018-02-09 12:17:10 -08:00
Rhea Parekh c0e30079f6 slack importer: Get user data from a get request to slack users api.
The fresh imported data shows that the users emails are not included
in the data. However, the data received from the older method of slack
(which is using legacy tokens) contains the email data of the users.
2018-02-09 12:17:10 -08:00
Tim Abbott 77addc5456 bugdown: Fix handling of ultra-long renderings.
If some bug in Bugdown results in a rendered message content that is
bigger than twice the message size, we now just throw an exception
from Bugdown.  This is considerably better than the old behavior,
which might result in an enormous message being placed in the database
(potentially, bigger than the 1MB limit to store in memcached), which
would in turn result in tragic consequences.

This fixes #8322, in that it prevents the super bad outcome seen there
(where basically Zulip became unusable for everyone on the stream
where the message is posted).  Now, the failure mode is just the
message failing to send.  Still not ideal (and requires further work
on the URL embed feature), but not a minor problem, not a major one.
2018-02-09 10:57:55 -08:00
Rhea Parekh 48640fd28f slack importer: Suppress logger output from the unit tests. 2018-02-08 16:21:35 -08:00
Greg Price ccb8c79edb test_docs: Fix a now-brittle test.
The count of integrations is automatically computed now, so this will
change every time we add 10 more.  Just stop asserting on the number.

Thanks to @hackerkid for spotting the issue.
2018-02-07 13:01:42 -08:00
Aditya Bansal 643074edb2 notifications: Add test for realm_name_in_notifications setting. 2018-02-07 05:09:46 +05:30
Rhea Parekh 83a7fd84ab slack importer: Import primary owner user first.
According to https://get.slack.help/hc/en-us/articles/201912948-Owners-and-Administrators,
only one Primary owner of a slack organsation exists. This allocates the first id
to the Primary owner and hence makes sure that the primary owner is imported first.
Added tests for the same.
2018-02-06 14:48:30 -08:00
Rhea Parekh 052e3e1540 slack importer: Change organization admin mappings.
Map 'Primary owner', 'owner' and 'admin' to 'organization admin'.
Added tests for the same.
2018-02-06 14:48:30 -08:00
Rhea Parekh b3b6023230 slack importer: Always map 'is_staff' to false in user data.
"staff" is only for server administrators, which doesn't exist in Slack.
Hence, this should always be false.
2018-02-06 14:48:29 -08:00
Robert Hönig 146b833454 marketing: Update integration count.
This also automizes the integrations count update for
the /integrations page.
2018-02-06 08:50:41 -08:00
Roman Godov b875fe07eb settings: Added setting to turn on and off realm name in email subject.
Users having only account in one realm will not be distracted by realm
name in subject lines of every email.  Users who have multiple
accounts in realms can turn this setting on and receive a
corresponding realm name in email's subject.

Tweaked by tabbott to rebase and address a few small issues.

Fixes #5489.
2018-02-05 18:01:54 -08:00
Aditya Bansal ecbb763e79 notifications: Handle an edge case in relative_to_full_url.
For messages where the entire rendered body is a message_inline_image
object, we actually don't display any text and just display the
image. These messages may have links to images which might or might
not be internal to Zulip but in both cases there is a chance of this
links being broken when accessed by an email server like Gmail that
doesn't possess the recipient user's cookies.

We don't want to have ugly looking broken images displayed in email
notifications.  So we patch this by inserting a replacement for the
`message_inline_image` block in which we essentially replace the
content with the textual link.

Edited for clarity by tabbott.
2018-02-05 17:30:55 -08:00
Greg Price ca1129dea3 Revert "Streams: Disallow certain markdown characters in stream names."
This reverts commit dd1b14378b.

Deleted a conflicted test entirely.
2018-02-05 16:55:21 -08:00
Shubham Dhama 9a75a10d48 tests: Test invalid "default stream group" name. 2018-02-05 16:33:42 -08:00
Shubham Dhama dffedeb053 tests: Test bots deactivation with owner deactivation.
This also cover the `zerver.lib.actions.do_deactivate_user` when
`_cascade=true`.
2018-02-05 16:33:42 -08:00
Brock Whittaker f485abf522 page_params: Pass through settings.WARN_NO_EMAIL, as `warn_no_email`.
[greg: fixed test]
2018-02-05 16:00:33 -08:00
Rhea Parekh 811294c6cc slack importer: Add test for checking link in message conversion. 2018-02-05 14:46:39 -08:00
Rhea Parekh eb7a9675a4 slack importer: Add unit tests. 2018-02-05 14:46:39 -08:00
Greg Price 12e08a4fa7 test_management_commands: Fix a few comments. 2018-02-05 12:59:12 -08:00
Greg Price 1d6b072626 test_management_commands: Dedent with override_settings. 2018-02-05 12:59:12 -08:00
Greg Price 48791b731e create_realm: Let server admin skip confirming email.
This will let us defer configuring outbound email to the end of the
install procedure, so we can greatly simplify it by consolidating
several scripted steps.

The new flow could be simplified further by giving the user the full
form in the first place, rather than first a form for just their
email address and then a form with the other details.  We'll leave
that improvement for a separate change.
2018-02-05 12:59:12 -08:00
Greg Price b21cc8103f confirmation: Presume email valid when admin creates realm.
A followup commit will actually act on this presumption.
2018-02-05 12:59:12 -08:00
Tim Abbott b84f2223a5 avatars: Always include a working URL for the user's own avatar.
This fixes an issue where the user's own avatar was being sent down
the wire as None.  We could have fixed it, as in #8265, by adding code
in the webapp and mobile apps to compute medium-size gravatar URLs as
well, but that would be messy, and there's little benefit to that
complexity (saving at most 2 URLs from the payload).

Fixes #8253.
2018-02-05 12:45:41 -08:00
Umair Khan 41a867ec45 tests: Fix non-deterministic behavior. 2018-01-31 12:07:36 -08:00
Tim Abbott c2ceb3c13b EmailSendingWorker: Fix retry for sending emails.
If an exception was thrown inside `send_email` resulting in a retry,
we would include the `failed_tries` data in the event, which turned
out to thrown an exception itself.

This fixes that flow, including deepening the test so that it would
fail if we didn't have the new logic.
2018-01-30 11:28:09 -08:00
rht 9a8d2244ca django-2.0: Shift to resolvers from urlresolvers.
The old name is deprecated.
2018-01-30 10:53:54 -08:00
Vishnu Ks 43a6439b3b upload: Enforce per-realm quota. 2018-01-29 16:06:11 -08:00
Greg Price 55cf54c087 upload: Remove old per-user quota feature.
We'll replace this primarily with per-realm quotas (plus the simple
per-file limit of settings.MAX_FILE_UPLOAD_SIZE, 25 MiB by default).

We do want per-user quotas too, but they'll need some more management
apparatus around them so an admin has a practical way to set them
differently for different users.  And the error handling in this
existing code is rather confused.  Just clear this feature out
entirely for now; then we'll build the per-realm version more cleanly,
and then we can later add back per-realm quotas modelled after that.

The migration to actually remove the field is in a subsequent commit.

Based in part on work by Vishnu Ks (hackerkid).
2018-01-29 16:06:11 -08:00
Greg Price 0f99610478 signup: Small refactor to isolate actually sending mail.
This is a little cleaner in that the try/except blocks for
SMTPException are a lot narrower; and it'll facilitate an upcoming
change to sometimes skip sending mail.
2018-01-29 10:27:11 -08:00
Aditya Bansal 0435e1d05d zerver/index.html: Clean up to use 4 space indentation.
In this commit we also fix a test which would fail as a result of
doing this cleanup since the test wasn't designed to take into
account the space chars which might occur in the beginning of a
html line.
2018-01-27 15:12:11 -08:00
Eeshan Garg 428134e54b test_docs: Test that settings.EMAIL_GATEWAY_EXAMPLE gets rendered.
In the email integration, previously, EMAIL_GATEWAY_EXAMPLE wasn't
rendered at all, which was recently fixed. So, now, we should make
sure that it gets rendered!
2018-01-25 15:08:02 -08:00
Shubham Dhama dbce49ac53 refactor: Move topic name checks to Addressee class.
In order to get test coverage on topic name checks, we
do them in Addressee, so that we don't hit an assertion
first. The assertion in question is in Addressee.topic(),
and it was added partly to appease mypy.
2018-01-25 06:21:01 -05:00
Vishnu Ks a11b742984 messages: Calculate value of first visible message ID using cron job.
[greg: Fixed buggy time conversion in estimate_recent_messages.]
2018-01-24 17:15:08 -08:00
YJDave 15dd94035c org settings: Handle NEW_USER_BOT not being set.
If NEW_USER_BOT is not configured in organization, then disable setting
for selecting stream for new user notification.
2018-01-23 15:23:25 -05:00
Brock Whittaker 849d63dd1c settings: Change error for "no data" to something more friendly. 2018-01-23 14:38:59 -05:00
Brock Whittaker ffe3a6c127 settings: Remove password confirmation in modal.
This removes the requirement to confirm your new password.
It isn't necessary and can be fixed easily with an email
reset if messed up.
2018-01-23 14:38:59 -05:00
Dennis Ludl 895a675f4c decorators: Fix email check in access_user_by_api_key case insensitive.
In Zulip, email addresses should always be treated as
case-insensitive; this code path incorrectly assumed the email input
by the user had the correct case.

Discussed in:

https://chat.zulip.org/#narrow/stream/issues/subject/Mobile.20Apps.3A.20Sometimes.20don't.20load.20data/near/461062

Commit message tweaked by tabbott.
2018-01-23 10:04:03 -08:00
Weronika Grzybowska 7ac7100a1d messages: Make checking for status message consistent with backend.
Adds a check for newline that was present on backend, but missing in the
frontend markdown implementation. Updating messages uses is_me_message flag
received from server instead of its own partial test. Similarly, rendering
previews uses markdown code.

Fixes #6493.
2018-01-23 09:26:41 -05:00
Robert Hönig 9a15c4e3ff Add bot services to page_params.
This is the first step for allowing users
to edit a bot's service entries, name the
outgoing webhook configuration entries. The
chosen data structures allow for a future
with multiple services per bot; right now,
only one service per bot is supported.
2018-01-23 07:29:00 -05:00
Vishnu Ks 036dc53d20 messages: Rename last_visible_message_id to first_visible_message_id. 2018-01-22 19:53:44 -08:00
YJDave 8905744bb1 stream settings: Add period at the end of error messages. 2018-01-19 13:05:43 -05:00
Aditya Bansal f272ea9087 scheduledmessages: Start using/expecting delivery_type as a param. 2018-01-19 11:33:11 -05:00
Aditya Bansal f46d098558 schedulemessages: Add handle_deferred_message() to handle requests.
This is responsible for:
1.) Handling all the incoming requests at the
messages endpoint which have defer param set. This is similar to
send_message_backend apart from the fact that instead of really
sending a message it schedules one to be sent later on.
2.) Does some preliminary checks such as validating timestamp for
scheduling a message, prevent scheduling a message in past, ensure
correct format of message to be scheduled.
3.) Extracts time of scheduled delivery from message.
4.) Add tests for the newly introduced function.
5.) timezone: Add get_timezone() to obtain tz object from string.
This helps in obtaining a timezone (tz) object from a timezone
specified as a string. This string needs to be a pytz lib defined
timezone string which we use to specify local timezones of the
users.
2018-01-19 11:33:11 -05:00
rht ee06da9350 bugdown: Linkify Bitcoin URI. 2018-01-19 06:07:43 -05:00
Shubham Dhama 797fa62fde test auth.py: Add tests for json_fetch_api_key function. 2018-01-17 15:15:51 -05:00
Rhea Parekh 138aba3d89 slack importer: Add unit tests for slack message conversions. 2018-01-17 09:38:53 -05:00
Shreyansh Dwivedi b0fb7aa6b2 bugdown: Add preview for vimeo videos.
This also amends a commit from Brock Whittaker <brock@zulipchat.com>
that merges two separate functions for YouTube videos and Vimeo videos
into a generic video recall function.

Fixes #7550.
2018-01-17 09:11:43 -05:00
Xavier Cooney 8c5e74afe9 test_messages.py: Remove unecessary imports. 2018-01-16 08:16:43 -05:00
Eeshan Garg a14b52ef1d api docs: Document the `DELETE /users/me/subscriptions` endpoint.
Note that there is currently no JavaScript method in zulip-js
to call this endpoint.
2018-01-12 07:30:38 -05:00
Eeshan Garg 8c723e8c27 api docs: Document the POST /api/v1/users endpoint.
Note that there is no JavaScript equivalent for requesting this
endpoint in zulip-js yet.
2018-01-12 07:30:38 -05:00
Andy Perez c209069fcd bugdown: Improve image inlining logic.
Fix #7537
2018-01-09 16:43:22 -05:00
Robert Hönig d1d8365a6b embedded bots: Add config data UI.
This adds UI fields in the bot settings for specifying
configuration values like API keys for a bot. The names
and placeholder values for each bot's config fields are
fetched from the bot's <bot>.conf template file in the
zulip_bots package. This also adds giphy and followup
as embedded bots.
2018-01-09 11:50:54 -05:00
Alena Volkova 7c22045158 test_decorators: Replace the json/fetch_api_key endpoint in tests.
This endpoint is about to become an API-style route and have the legacy
decorator removed from its view. Other endpoints will be used in tests
instead of it.
2018-01-08 13:15:52 -05:00
Robert Hönig 3420ed1fcc validator.py: Cover missing lines in check_dict(). 2018-01-07 15:23:17 -05:00
Eeshan Garg a01f8c088a api docs: Document the POST /api/v1/users/me/subscriptions endpoint.
There is a JavaScript equivalent for this endpoint but the npm
package has not yet been released.
2018-01-07 15:19:51 -05:00
Eeshan Garg ae59b08316 api docs: Document the GET /api/v1/users/me endpoint.
Note that there is no JavaScript equivalent for requesting this
endpoint in zulip-js yet.
2018-01-07 15:19:51 -05:00
Eeshan Garg 045aacbc67 api docs: Document the PATCH /api/v1/messages/<msg_id> endpoint.
Note that there is no JavaScript equivalent for requesting this
endpoint in zulip-js yet.
2018-01-07 15:19:51 -05:00
Eeshan Garg 6f01b042a1 api docs: Document the DELETE /api/v1/events endpoint.
Note that there is no JavaScript equivalent for requesting this
endpoint in zulip-js yet.
2018-01-07 15:19:51 -05:00
Robert Hönig c745d1901c bot_config.py: Add function for loading config file templates.
load_bot_config_template(bot) parses the <bot>.conf
template file, which can be found in the zulip_bots
package for each bot. It then returns the INI content
of that file as a dict.
2018-01-07 20:05:52 +01:00
Robert Hönig ed7208fd6e Make EmbeddedBotHandler.get_config_info comply with ExternalBotHandler. 2018-01-07 20:05:52 +01:00
Robert Hönig 9cc059f4aa bot_config.py: Raise exception when getting config data from bot without config entries. 2018-01-07 20:05:52 +01:00
Eeshan Garg 479bc41ca5 api docs: Remove old and outdated endpoint docs. 2018-01-04 10:17:29 -05:00
Eeshan Garg 1fd71287d6 api docs: Document the GET /api/v1/events endpoint. 2018-01-04 10:17:29 -05:00
Vishnu Ks e6d3f8895f messages: Create function to calculate first visible message id. 2018-01-04 08:52:40 -05:00
Eeshan Garg f620525373 api docs: Document the POST /api/v1/register endpoint. 2018-01-03 12:23:30 -05:00
Alena Volkova 45f0c76c44 settings: Limit the creation of generic bots.
This commit adds a setting to limit creation of generic bots
to admins for realms that want that restriction.  (Generic
bots, apart from being considered spammy on some realms,
have less locked down permissions than webhook bots).

Fixes #7066.
2018-01-02 18:12:22 -05:00
Aastha Gupta daf86eb664 settings: Add "text" option to emoji_set model.
We no longer have a special UI setting and model
field ("emoji_alt_code") for saying users want text-only
emojis.  We now instead make "text" be a fifth choice
for "emojiset".

Fixes #7406
2018-01-02 14:55:01 -05:00
Vishnu Ks 277d463d23 messages: Add option to limit users message history. 2018-01-02 13:45:01 -05:00
YJDave fa44d2ea69 settings: Remove autoscroll_forever setting.
Fixes #6845
2018-01-02 10:35:49 -05:00
Eeshan Garg 80405747ce test_docs: Test new API docs (templates/zerver/api/*). 2017-12-30 11:03:23 -05:00
Eeshan Garg 94bc9d52d1 api docs: Split usage.md into two separate docs.
This commit splits usage.md into two separate docs,
stream-message.md and private-message.md. The arguments and return
values for sending a stream message are somewhat different from
those of sending a private message, so it made sense to split the
two up for clarity.
2017-12-29 17:03:36 -05:00
Rhea Parekh 3d4ee3b862 zerver/tests/test_email_mirror: Sweep force_str. 2017-12-26 09:09:31 -05:00
Rhea Parekh 092472f42d tests: Add test coverage for uploading avatars to S3UploadBackend.
Add test coverage for the function upload_avatar_image and
ensure_medium_avatar_image in S3UploadBackend.
2017-12-26 09:09:31 -05:00
Viraat Chandra 553711e671 mypy: Use Python 3 syntax for typing in `zerver/tests/test_home.py`. 2017-12-26 08:31:43 -05:00
Xavier Cooney 06b462ba19 mypy: Use Python 3 type syntax in tests/test_auth_backends.py. 2017-12-26 08:29:30 -05:00
Greg Price ac6f3373b6 errors tests: Deduplicate and isolate the magical part.
This makes the tests look a lot more boring and straightforward, in
addition to being a bit shorter.
2017-12-22 11:52:13 -05:00
Greg Price de5c944980 errors tests: De-indent a bunch of code.
This diff is nothing but dedentation -- it's empty under
`git diff -b`.  These with-statements are only needed for
a pretty narrow scope of code, so make that clear in the
source.
2017-12-22 11:52:13 -05:00
Greg Price ca5c991994 errors: Simplify manual testing of error emails.
There are two different things you need to patch in order to get error
emails (at `/emails`) in dev.  Flip one of them in dev all the time,
and make the comment on the other a bit more explicit.
2017-12-22 11:52:13 -05:00
Greg Price 68fa29c3ec errors: Make Zulip and email paths more parallel.
This helps prevent them from diverging and getting different sets of
features and fixes.  As a bonus, the email path gets a nice tweak that
the Zulip path has had for years, since f7f2ec0ac, which makes the
emails clearer and less broken-looking when logging a message with no
stack trace.
2017-12-22 11:52:13 -05:00
Greg Price b15231dfc2 logging: Rename AdminZulipHandler to AdminNotifyHandler.
This name hasn't been right since f7f2ec0ac back in 2013; this handler
sends the log record to a queue, whose consumer will not only maybe
send a Zulip message but definitely send an email.  I found this
pretty confusing when I first worked on this logging code and was
looking for how exception emails got sent; so now that I see exactly
what's actually happening here, fix it.
2017-12-22 11:52:13 -05:00
Tommy Ip 9ea7b05cfe bugdown: Rewrite markdown link to relative link conditionally. 2017-12-22 08:10:42 -05:00
Umair Khan 68513952fb email-worker: Create EmailSendingWorker.
This commit just copies all the code from MissedMessageSendingWorker
class to a new EmailSendingWorker class. All the logic to send an email
through a queue was already there. This commit only makes the logic
generic. It does so by creating a special purpose queue called
'email_senders' to send any type of email. To make
MissedMessageSendingWorker still work we derive it from
EmailSendingWorker. All the tests that were testing
MissedMessageSendingWorker now run against EmailSendingWorker.
2017-12-20 19:36:27 -08:00
Rishi Gupta 869b4d41ef models: Add ScheduledEmail.realm.
The two extra queries in the test are due to the assert in
send_future_email.
2017-12-19 17:46:36 -08:00
Rishi Gupta 87e164043f portico: Rename plans at /plans. 2017-12-19 15:36:13 -08:00
Andy Perez 44e6d9b54b testing: Add nice diffs to markdown python tests. 2017-12-18 19:03:38 -05:00
Greg Price 014900c2e5 push notifs: Include same stream and sender info on GCM as on APNs.
This takes the information added to APNs payloads by #7080, and adds
to our GCM payloads the parts that it didn't already have.
2017-12-18 15:32:56 -08:00
civilnewsnetwork 0ce8b69fd6 Renamed 'Register' to 'Sign up' including translations 2017-12-18 10:02:15 -05:00
Alena Volkova 39915d9835 tests: Replace all get_auth usages with auth methods and delete it. 2017-12-18 09:24:09 -05:00
Alena Volkova 26eb23afc7 tests: Replace api_auth usages with auth methods in zerver/tests. 2017-12-18 09:24:09 -05:00
Umair Khan 07961611b2 test_create_update_and_remove_default_stream_group: Fix flake. 2017-12-14 05:35:54 -05:00
Umair Khan b98c5c6d45 test_multi_user_subscription: Fix flake. 2017-12-14 05:35:54 -05:00
Rhea Parekh dd1b14378b Streams: Disallow certain markdown characters in stream names. 2017-12-12 10:04:31 -06:00
Rhea Parekh 8ed7f73199 IRC mirror: No longer require IRC stream names to start with #. 2017-12-12 10:04:31 -06:00
kunall17 98943a8333 Include data of stream/private sender details in apns push notifications 2017-12-11 20:51:09 -08:00
Shreyansh Dwivedi 47fcb27e39 invitations: Remove custom_body.
Fixes #7672
2017-12-11 19:23:54 -08:00
Rishi Gupta dbe3576706 registration: Enforce realm is None only if realm_creation.
Commit d4ee3023 and its parent have the history behind this code.

Since d4ee3023^, all new PreregistrationUser objects, except those for
realm creation, have a non-None `realm`.  Since d4ee3023, any legacy
PreregistrationUsers, with a `realm` of None despite not being for
realm creation, are treated as expired.  Now, we ignore them
completely, and remove any that exist from the database.

The user-visible effect is to change the error message for
registration (or invitation) links created before d4ee3023^ to be
"link does not exist", rather than "link expired".

This change will at most affect users upgrading straight from 1.7 or
earlier to 1.8 (rather than from 1.7.1), but I think that's not much
of a concern (such installations are probably long-running
installations, without many live registration or invitation links).

[greg: tweaked commit message]
2017-12-11 18:36:14 -08:00
Steve Howell 738c73f08e lint: Prevent `self: Any` annotations.
We should omit these for mypy.  For most class definitions,
mypy doesn't need `Any`, and it provides no real useful info.

For clever monkeypatches, you should provide a more specific
type than `Any`.
2017-12-08 19:00:18 -08:00
Vishnu Ks ff43443ac7 models: Create is_cross_realm_bot_email function. 2017-12-07 14:55:06 -08:00
Rohitt Vashishtha 9c2a28b6df invitations: Fix lint errors in test_queue_workers. 2017-12-06 22:15:25 -08:00
Rishi Gupta 100167fcf8 invitations: Change error messages for resend/revoke views.
We don't have a concept of invitation ID on the frontend (or backend).
2017-12-06 20:35:50 -08:00
Rishi Gupta cb5eb47470 invitations: Move resend/revoke error handling out of actions.py. 2017-12-06 20:35:50 -08:00
Rishi Gupta 968aae167b invitations: Remove get_prereg_user_by_email.
The original logic is buggy now that emails can belong to (and be
invited to) multiple realms.

The new logic in the `invites` queue worker also avoids the bug where
when the PreregistrationUser was gone by the time the queue worker got
to the invite (e.g., because it'd been revoked), we threw an exception.

[greg: fix upgrade-compatibility logic; add test; explain
revoked-invite race above]
2017-12-06 20:35:50 -08:00
Greg Price cab5c418f1 invitations: Add tests for queue worker. 2017-12-06 20:30:42 -08:00
Rishi Gupta 8baadc6b15 invitations: Add check for invite limit to resend invite pathway. 2017-12-06 20:30:42 -08:00
Rishi Gupta e48bc9136a invites: Change resend invitation pathway to use existing code.
This code changes frequently enough that errors are bound to creep in.  The
main change is that this sends the original invitation email instead of the
reminder email, but I think that's fine.
2017-12-06 20:30:42 -08:00
Alena Volkova 3be8e95d13 settings: Send bot types from the backend instead of hardcoding them. 2017-11-30 15:28:53 -08:00
Rishi Gupta 7d1c88f0fb invitations: Limit realms to 100 invites per day.
To guard against using zulip invites as a vector for spam. Stopgap measure
until we figure out something better.
2017-11-29 22:18:05 -08:00
Tim Abbott 6e8f4ffc77 test_signup: Expand tests for invalid confirmation links.
We'll need the expanded test coverage when we move
check_prereg_key_and_redirect to zerver/views/registration.py to avoid
test failures, and these are also tests we should really have anyway.
2017-11-29 22:18:05 -08:00
Tim Abbott be832387c5 user_groups: Fix reporting of empty user groups.
Previously, we weren't doing a proper left join in
user_groups_in_realm_serialized, resulting in empty user groups being
excluded from the query.  We want to leave decisions about excluding
empty user groups to the UI layer, so we include these here.
2017-11-29 16:13:55 -08:00
Tim Abbott b2cb443d24 subs: Fix clearing unread counts when leaving private streams.
Because we use access_stream_by_id here, and that checks for an active
subscription to interact with a private stream, this didn't work.

The correct fix to add an option to active_stream_by_id to accept an
argument indicating whether we need an active subscription; for this
use case, we definitely do not.
2017-11-29 14:40:08 -08:00
Tim Abbott 6bc1a682de notifications: Separate push and email notifications checks.
This is an early step in a larger refactor to properly decouple the
email and push notification code paths.
2017-11-28 17:51:18 -08:00
Sarah ba70b542d3 notification settings: Add stream email notifications setting.
Adds a field to UserProfile for enabling emails about stream
messages and a field to Subscriptions about email
notification preferences.
2017-11-28 17:51:18 -08:00
Greg Price 0ec2a9d259 auth: Try switching to register even if user exists on another realm.
For example, this means that if a user already has an account on one
realm and they try to make an account on another by hitting "Sign in
with Google" (rather than following the little "Register" link to a
"Sign up with Google" button instead), they'll get to make an account
instead of getting an error.

Until very recently, if the user existed on another realm, any attempt
to register with that email address had to fail in the end, so this
logic gave the user a useful error message early.  We introduced it in
c23aaa178 "GitHub: Show error on login page for wrong subdomain"
back in 2016-10 for that purpose.  No longer!  We now support reusing
an email on multiple realms, so we let the user proceed instead.

This function's interface is kind of confusing, but I believe when its
callers use it properly, `invalid_subdomain` should only ever be true
when `user_profile` is None -- in which case the revised
`invalid_subdomain` condition in this commit can never actually fire,
and the `invalid_subdomain` parameter no longer has any effect.  (At
least some unit tests call this function improperly in that respect.)
I've kept this commit to a minimal change, but it would be a good
followup to go through the call sites, verify that, eliminate the use
of `invalid_subdomain`, then remove it from the function entirely.
2017-11-28 16:38:41 -08:00
Vishnu Ks d329636079 tests: Add test for user signup with already-used email.
[Test simplified a bit by greg.]
2017-11-28 16:23:10 -08:00
Greg Price 50e451cd7b populate_db: Create an email-reusing Cordelia in the "lear" realm. 2017-11-28 16:23:10 -08:00
Tim Abbott 586e18b237 auth: Allow accounts with the same email in different realms.
[Modified by greg to (1) keep `USERNAME_FIELD = 'email'`,
(2) silence the corresponding system check, and (3) ban
reusing a system bot's email address, just like we do in
realm creation.]
2017-11-28 16:23:10 -08:00
Tim Abbott e6f460f511 auth: Replace user_email_is_unique validator.
As we migrate to allow reuse of the same email with multiple realms,
we need to replace the old "no email reuse" validators.  Because
stealing the email for a system bot would be problematic, we still ban
doing so.

This commit only affects the realm creation logic, not registering an
account in an existing realm.
2017-11-28 16:23:10 -08:00
Greg Price d6cfa56bc1 test_signup: Test that cloning a system bot's email is not allowed.
Just now this is largely redundant with `test_signup_already_active`;
but very soon when we allow reusing an email across realms, the logic
will diverge.
2017-11-28 16:23:10 -08:00
Greg Price eb8b05b2b5 test_email_mirror: Remove a brittle bit of logic.
This code appears to exist to cover a few extra lines in
zerver/lib/digest.py.  But it's rather brittle, tucked as it is into
the middle of a different test's loop, and with the upcoming
introduction of the `lear` realm in testing, this test code itself
loses coverage.

For now, rather than fix this test code up just delete it; we don't
have 100% coverage on `zerver/lib/digest.py`, while we do on this test
file, so that avoids breaking coverage in CI.  As a followup, we
should add back some logic like this but in a more robust way,
probably as its own separate test method.
2017-11-28 16:23:10 -08:00
Greg Price 453585abb1 test_messages: Clean up some error spew by updating a test.
This test would produce a bunch of log messages with tracebacks,
complaining that `welcome-bot@zulip.com` tried to send cross-realm PMs
and can't.  The issue is that the test overrides
`settings.CROSS_REALM_BOT_EMAILS`, and hasn't kept up with additions
to the normal value for that setting.  Update it so that welcome-bot
is permitted as usual.
2017-11-28 16:23:10 -08:00
Robert Hönig 1e66bd1c02 tests: Add newlines to test_service_bot_system.test_internal_endpoint(). 2017-11-27 21:05:34 -08:00
derAnfaenger c8a5ae753c embedded bots: Consistently use 'storage' instead of 'state.' 2017-11-27 21:05:34 -08:00
Vishnu Ks d4ee3023b2 registration: Require an explicit realm on PreregistrationUser.
This completes the last commit's work to fix CVE-2017-0910, applying
to any invite links already created before the fix was deployed.  With
this change, all new-user registrations must match an explicit realm
in the PreregistrationUser row, except when creating a new realm.

[greg: rewrote commit message]
2017-11-27 14:59:34 -08:00
Vishnu Ks 985768b2fd registration: Check realm against PreregistrationUser realm.
We would allow a user with a valid invitation for one realm to use it
on a different realm instead.  On a server with multiple realms, an
authorized user of one realm could use this (by sending invites to
other email addresses they control) to create accounts on other
realms. (CVE-2017-0910)

With this commit, when sending an invitation, we record the inviting
user's realm on the PreregistrationUser row; and when registering a
user, we check that the PregistrationUser realm matches the realm the
user is trying to register on.  This resolves CVE-2017-0910 for
newly-sent invitations; the next commit completes the fix.

[greg: rewrote commit message]
2017-11-27 14:58:26 -08:00
Rohitt Vashishtha 6734b00c0b markdown: Hide URL if message is only an image.
Hides URL if the message content == image url so that sending gifs or
images feels less cluttered. Uses the url_to_a() function to generate
the expected url string for matching.

Fixes #7324.
2017-11-27 13:30:18 -08:00
Rohitt Vashishtha 3550467899 markdown: Insert text in link-only inline image preview tests.
Appends "Test: " text to some tests to make changes to the image preview
rendering. In the future, if the message is only a link to an image,
the link will be hidden.
2017-11-27 13:30:18 -08:00
Tim Abbott 2210f627a5 signup: Switch active mirror-dummy users to an AssertionError.
Previously, this was a ValidationError, but that doesn't really make
sense, since this condition reflects an actual bug in the code.

Because this happened to be our only test coverage the ValidationError
catch on line 84 of registration.py, we add nocoverage there for now.
2017-11-26 16:13:45 -08:00
Vishnu Ks b9bc1c2b33 Eliminate get_user_profile_by_email from test_classes. 2017-11-26 15:47:56 -08:00
Vishnu Ks 610eb557b8 backend: Make password reset form support multi realm membership. 2017-11-26 15:35:25 -08:00
Vishnu Ks 9f225360dc register: Make /register redirect to find accounts in root domain without realm.
If there is no realm in the root domain don't show
registration form. Instead just redirect to find
accounts page.
2017-11-26 15:32:17 -08:00
Vishnu Ks bab0b913ee test_signup: Extract logic for realm-creation test to a function. 2017-11-26 15:29:16 -08:00
Vishnu Ks 1b5753d021 test_signup: Fix assertIsNone check for realm in RealmCreationTest. 2017-11-26 15:27:33 -08:00
Robert Hönig 0e0a8a2b14 queue processor tests: Call consume by default.
This significantly improves the API for queue_json_publish to not be
overly focused on what the behavior of this function should be in our
unit tests.
2017-11-26 11:45:34 -08:00
Tim Abbott 6968b540c8 mypy: Remove type: ignores that are unnecessary with new mypy.
Mostly these can be removed because the broken LXML stubs were removed
from typeshed in https://github.com/python/typeshed/issues/525.
2017-11-25 10:06:28 -08:00
Tommy Ip e44b8809b2 /team: Render contributors list in tabs client side. 2017-11-22 11:33:24 -08:00
Harshit Bansal 2e7d0cb4cb digests: Fix new stream links.
Fixes: #7479.
2017-11-22 10:07:36 -08:00
rht 3ec90f8b33 zerver/tests: Use python 3 syntax for typing (final). 2017-11-21 22:01:19 -08:00
rht 0260ba82ca zerver/tests: Use python 3 syntax for typing (part 4). 2017-11-21 22:01:19 -08:00
rht 3bf9cd0656 zerver/tests: Use python 3 syntax for typing (part 3). 2017-11-21 22:01:19 -08:00
rht e3daa09b05 zerver/tests: Use python 3 syntax for typing. 2017-11-21 22:01:19 -08:00
rht e169bb0954 zerver: Remove simplejson dependency.
Modified by tabbott to put the third-party code in a new file.

Fixes #6970.
2017-11-21 21:51:48 -08:00
derAnfaenger e526d0c144 embedded bots: Add views to access state. 2017-11-21 21:10:39 -08:00
derAnfaenger cbadd3d430 embedded bots: Simplify StateError exception messages. 2017-11-21 21:10:12 -08:00
Tim Abbott 665fc594db auth: Set valid_attestation more unconditionally in social auth. 2017-11-21 20:14:12 -08:00
Tim Abbott ade5b4ea69 auth: Convert SocialAuthMixin to accept a realm object. 2017-11-21 20:14:12 -08:00
Tim Abbott 0377288f68 auth: Fix GitHub test for invalid user account. 2017-11-21 20:14:12 -08:00
Tim Abbott 251a537e0d auth: Set the subdomain in more GitHub auth tests.
This should have been set in basically all of these tests to set them
up properly, and this issue will matter after upcoming changes.
2017-11-21 20:14:12 -08:00