Commit Graph

43094 Commits

Author SHA1 Message Date
Steve Howell e739bee00a poll widget: Add server validation. 2021-06-14 17:46:16 -07:00
Steve Howell ab9c17ed3d minor: Use warn instead of error for widgets. 2021-06-14 17:46:16 -07:00
Steve Howell e98e4b5b02 todo widget: Check types for inbound events. 2021-06-14 17:46:16 -07:00
Steve Howell 50362a8c39 poll widget: Check types for inbound events. 2021-06-14 17:46:16 -07:00
Steve Howell 99cdfbcbe5 widgets: Clean up index handling.
We only need to bump up indexes if inbound
events suggest that we have incremented our
personal index from another device.

We don't want somebody else's runaway index
to affect our index.

(For both widgets the sender_id is part of
the key, so uniqueness across all senders is
not required for the integer part.)
2021-06-14 17:46:16 -07:00
Steve Howell 91b8049ecf minor: Add permission-related comments to widgets. 2021-06-14 17:46:16 -07:00
Steve Howell 24ed5a2bb4 submessages: Add verify_submessage_sender.
Before this change a rogue actor could try to
widgetize another person's message. (The
rogue actor would already have access to read
the message.)
2021-06-14 17:46:16 -07:00
Steve Howell 5f73164210 poll widget: Prevent question updates from non-authors.
We now ignore question edits if the sender of the submessage
is not the message author.

The webapp UI prevents folks from editing the question for
somebody else's poll, but a determined person could use our
low level API to do it.  We will add safeguards on the server
side for this, but this change is sufficient to protect the
webapp (and mobile when they upgrade the library).
2021-06-14 17:46:16 -07:00
Steve Howell b62d71cf23 widgets: Check sender of submessage before widgetizing.
We refuse to activate a widget if the first submessage
event doesn't have the same sender as the message's
sender.
2021-06-14 17:46:16 -07:00
Sean Yuan 33793a3a07 docs: Add translation policy on API error messages.
Record Zulip's translation policy on API error messages.
2021-06-14 17:22:41 -07:00
Alex Vandiver 108e7ee8af docs: Update example supervisorctl status. 2021-06-14 17:12:59 -07:00
Alex Vandiver d51272cc3d puppet: Remove zulip_deliver_scheduled_* from zulip-workers:*.
Staging and other hosts that are `zulip::app_frontend_base` but not
`zulip::app_frontend_once` do not have a
/etc/supervisor/conf.d/zulip/zulip-once.conf and as such do not have
`zulip_deliver_scheduled_emails` or `zulip_deliver_scheduled_messages`
and thus supervisor will fail to reload.

Making the contents of `zulip-workers` contingent on if the server is
_also_ a `-once` server is complicated, and would involve using Concat
fragments, which severely limit readability.

Instead, expel those two from `zulip-workers`; this is somewhat
reasonable, since they are use an entirely different codepath from
zulip_events_*, using the database rather than RabbitMQ for their
queuing.
2021-06-14 17:12:59 -07:00
Alex Vandiver 6c72698df2 puppet: Move zulip_ops supervisor config into /etc/supervisor/conf.d/zulip/.
This is similar cleanup to 3ab9b31d2f, but only affects zulip_ops
services; it serves to ensure that any of these services which are no
longer enabled are automatically removed from supervisor.

Note that this will cause a supervisor restart on all affected hosts,
which will restart all supervisor services.
2021-06-14 17:12:59 -07:00
Alex Vandiver df09607202 puppet: Switch to $zulip::common::supervisor_conf_dir variable. 2021-06-14 17:12:59 -07:00
Alex Vandiver 391f78a9c1 puppet: Move supervisor-not-in-/etc/supervisor/conf.d/ to common place. 2021-06-14 17:12:59 -07:00
Vishnu KS 203ddfc546 billing: Create cents_to_dollar_string helper function. 2021-06-14 16:56:18 -07:00
Vishnu KS 876af17dd8 models: Change return type of get_human_admin_users to QuerySet.
I would be accessing some methods of QuerySet in the subsequent
commits. So marking this as Sequence results in mypy errors.
2021-06-14 16:55:43 -07:00
Vishnu KS 1eb83cbadc billing: Create is_sponsored_realm function. 2021-06-14 16:49:53 -07:00
Vishnu KS cdf683e36f billing: Create customer_has_credit_card_as_default_source function. 2021-06-14 16:49:53 -07:00
Vishnu KS 6e3d4e7e75 billing: Create is_free_trial_offer_enabled function. 2021-06-14 16:49:53 -07:00
Vishnu KS 5da3a69505 plans: Mention whether realm is on free trial. 2021-06-14 16:49:53 -07:00
Vishnu KS f55dbe33bb billing: Create is_realm_on_free_trial helper function. 2021-06-14 16:49:53 -07:00
Vishnu KS 06b5f9feae billing: Create is_free_trial function in CustomerPlan model. 2021-06-14 16:49:53 -07:00
Vishnu KS 44d8368003 plans: Don't hardcode plan_type values in template. 2021-06-14 16:49:53 -07:00
Signior-X c1833b74f0 login: Remove browser show password in IE, edge.
The Microsoft browsers such as IE and Edge has their own
show password that is a bit bugy and also conflicts with
the show password in Zulip that was added in #17305.
This fixes the issue by making the display none for the
ms-reveal that comes in the input.

More details can be found at
https://chat.zulip.org/#narrow/stream/101-design/topic/Show.20password/near/1173890
2021-06-14 16:35:25 -07:00
sahil839 aa5d2199b1 invite: Use handlebar template for invite-user overlay.
Fixes a part of #18794.
2021-06-14 13:46:57 -07:00
Ganesh Pawar f5f5943ee0 lightbox_overlay: Migrate to handlebars. 2021-06-14 13:41:36 -07:00
akshatdalton c507931ac8 refactor: Export non-markdown logic in mention.py. 2021-06-14 13:26:30 -07:00
Anders Kaseorg a9320accdc zjsunit: Remove unnecessary Handlebars wrapper function.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-06-14 12:20:56 -07:00
Steve Howell 398cdbd922 zjsunit: Remove stub_templates helper.
We now use mock_template everywhere.
2021-06-14 12:05:10 -04:00
Steve Howell 1e58e145ab node tests: Use mock_template in stream_list. 2021-06-14 12:05:10 -04:00
Steve Howell 1991218f6c node tests: Use mock_template in rendered_markdown. 2021-06-14 12:05:10 -04:00
Steve Howell 75f196b932 node tests: Use mock_template in recent_topics. 2021-06-14 12:05:10 -04:00
Steve Howell 107c0d480a zjsunit: Improve errors for non-invoked templates. 2021-06-14 12:05:10 -04:00
Abhijeet Prasad Bodas 5a36496ce5 node tests: Use mock_template in typeahead_helper. 2021-06-14 09:17:50 -04:00
Abhijeet Prasad Bodas 3c2dbf1537 node tests: Use mock_template in subs. 2021-06-14 09:17:50 -04:00
Abhijeet Prasad Bodas 9f857e5fc5 node tests: Use mock_template in stream_edit. 2021-06-14 09:17:50 -04:00
Abhijeet Prasad Bodas 1586907371 node tests: Use mock_template in settings_user_groups. 2021-06-14 09:17:50 -04:00
Abhijeet Prasad Bodas de6988b16d node tests: Use mock_template in settings_profile_fields. 2021-06-14 09:17:50 -04:00
Abhijeet Prasad Bodas 30023d4b76 node tests: Use mock_template in settings_org. 2021-06-14 09:17:50 -04:00
Abhijeet Prasad Bodas 9e324c0338 node tests: Use mock_template in popovers. 2021-06-14 09:17:50 -04:00
Abhijeet Prasad Bodas 8a214c9d63 node tests: Use mock_template in drafts. 2021-06-14 09:17:50 -04:00
Abhijeet Prasad Bodas 177eafb72b node tests: Use mock_template in compose_video. 2021-06-14 09:17:50 -04:00
Abhijeet Prasad Bodas b564d5c2f1 node tests: Use mock_template in compose_validate. 2021-06-14 09:17:50 -04:00
Abhijeet Prasad Bodas 09f8a8ec2b zjsunit: Clear require cache also for templates.
This is necessary for the new `mock_template` helper added in
97ad6b6b62 to work correctly without
leaks, since it uses `mock_cjs` under the hood.

This logic was added in 216493aae8.
2021-06-14 09:17:50 -04:00
Alex Vandiver dd90083ed7 puppet: Provide FQDN of self as URI, so the certificate validates.
Failure to do this results in:
```
psql: error: failed to connect to `host=localhost user=zulip database=zulip`: failed to write startup message (x509: certificate is valid for [redacted], not localhost)
```
2021-06-14 00:14:48 -07:00
Anders Kaseorg a9f6764d8c eslint: Add eslint-plugin-formatjs.
This guards against various mistakes, such as setting defaultMessage
to a computed expression that can’t be extracted.

https://formatjs.io/docs/tooling/linter/

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-06-13 22:32:40 -07:00
Dinesh cde8d095bb tippyjs: Fix blueslip error on popover add emoji reaction hover.
This tippyjs event listener was active on 'add emoji reaction'
option in sender's popover menu of a message but it was only
intended for the add reaction button in message reactions bar
at bottom of a message.

Both of those having common selector `.reaction_button` caused
errors in tippyjs near `observer.observe` having wrong args.

Edited the css selector to be more specific to only target
add reaction button in reactions row of message.

This was introduced in 99e6f25.
2021-06-13 22:31:57 -07:00
Steve Howell 103c4c3995 zjquery: Split out zjquery_element.js.
The new file is an easier place to point developers
for the most typical questions about zjquery's
capabilities.
2021-06-12 12:21:44 -04:00
m-e-l-u-h-a-n 82394308fd stream-settings: Use util.strcmp instead of localeCompare for sorting. 2021-06-12 08:16:19 -07:00