Commit Graph

48 Commits

Author SHA1 Message Date
Anders Kaseorg bf056c8990 js: Extract password_quality module; remove zxcvbn from globals.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-04-24 13:08:52 -07:00
Tim Abbott 78c7d749d9 passwords: Set title/aria-label attributes dynamically.
This allows us to use different "Show password" and "Hide password"
for these labels, which is more consistent with how other products
implement this.

It also lets us delete N duplicate copies of these strings in the HTML.
2021-04-23 15:01:37 -07:00
Gaurav Pandey e80ddfe4e6 settings: Add show password feature to forms in settings modal.
Fixes part of #17301.
2021-04-23 15:01:37 -07:00
Gaurav Pandey fa235e60ff login: Add show password feature to login page.
The show password feature is a functionality to
toggle the visibility of the password fields in forms
so that one can check if they have entered the correct
password or not. We implement this using an eye icon
toggling which converts input field type from password
to text and vice-versa.
Fixes part of #17301.
2021-04-23 15:01:37 -07:00
Anders Kaseorg 2004a85fb1 i18n: Automatically convert remaining JavaScript messages to FormatJS.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-04-13 17:41:10 -07:00
Anders Kaseorg bb1b2048bd js: Convert static/js/i18n.js to ES6 module.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-03-26 10:17:56 -07:00
Anders Kaseorg 9553f11387 eslint: Forbid CommonJS variables in ES6 modules.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-03-23 01:42:43 -07:00
Steve Howell fbd3669461 zjsunit: Do not run $(...) automatically.
We have generally gone away from using $(...)
initialization in modules that we test with
zjsunit, but there are a few remaining special
cases related to our billing and portico
codebases.
2021-03-13 11:48:50 -05:00
Anders Kaseorg ea9ca6b7d0 js: Use jQuery as a module.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-03-12 10:08:25 -08:00
Anders Kaseorg a3e6ebb04c js: Convert static/js/common.js to ES6 module.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-28 14:23:00 -08:00
Anders Kaseorg 0042cf51c1 eslint: Fix unicorn/better-regex.
https://github.com/sindresorhus/eslint-plugin-unicorn/blob/master/docs/rules/better-regex.md

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-07 16:00:33 -07:00
Anders Kaseorg d72423ef21 eslint: Replace empty-returns with consistent-return.
Instead of prohibiting ‘return undefined’ (#8669), we require that a
function must return an explicit value always or never.  This prevents
you from forgetting to return a value in some cases.  It will also be
important for TypeScript, which distinguishes between undefined and
void.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-09-25 15:17:59 -07:00
Anders Kaseorg 6ec808b8df js: Add "use strict" directive to CommonJS files.
ES and TypeScript modules are strict by default and don’t need this
directive.  ESLint will remind us to add it to new CommonJS files and
remove it from ES and TypeScript modules.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-07-31 22:09:46 -07:00
Anders Kaseorg a9ca5f603b js: Replace deprecated jQuery event trigger shorthand.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-07-21 12:01:26 -07:00
Anders Kaseorg b65d2e063d js: Reformat with Prettier.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-07-17 14:31:25 -07:00
Anders Kaseorg f3726db89a js: Normalize strings to double quotes.
Prettier would do this anyway, but it’s separated out for a more
reviewable diff.  Generated by ESLint.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-07-17 14:31:24 -07:00
Anders Kaseorg 569b38fe34 js: Fix no-useless-escape errors.
Generated manually, since ESLint doesn’t have a fixer for this.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-07-17 14:30:52 -07:00
Anders Kaseorg a79322bc94 eslint: Enable prefer-arrow-callback.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-07-03 16:55:50 -07:00
Anders Kaseorg 11bec3e6b5 common: Account for string.match returning null.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-02-13 16:37:52 -08:00
Anders Kaseorg 719546641f js: Convert a.indexOf(…) !== -1 to a.includes(…).
Babel polyfills this for us for Internet Explorer.

import * as babelParser from "recast/parsers/babel";
import * as recast from "recast";
import * as tsParser from "recast/parsers/typescript";
import { builders as b, namedTypes as n } from "ast-types";
import K from "ast-types/gen/kinds";
import fs from "fs";
import path from "path";
import process from "process";

const checkExpression = (node: n.Node): node is K.ExpressionKind =>
  n.Expression.check(node);

for (const file of process.argv.slice(2)) {
  console.log("Parsing", file);
  const ast = recast.parse(fs.readFileSync(file, { encoding: "utf8" }), {
    parser: path.extname(file) === ".ts" ? tsParser : babelParser,
  });
  let changed = false;

  recast.visit(ast, {
    visitBinaryExpression(path) {
      const { operator, left, right } = path.node;
      if (
        n.CallExpression.check(left) &&
        n.MemberExpression.check(left.callee) &&
        !left.callee.computed &&
        n.Identifier.check(left.callee.property) &&
        left.callee.property.name === "indexOf" &&
        left.arguments.length === 1 &&
        checkExpression(left.arguments[0]) &&
        ((["===", "!==", "==", "!=", ">", "<="].includes(operator) &&
          n.UnaryExpression.check(right) &&
          right.operator == "-" &&
          n.Literal.check(right.argument) &&
          right.argument.value === 1) ||
          ([">=", "<"].includes(operator) &&
            n.Literal.check(right) &&
            right.value === 0))
      ) {
        const test = b.callExpression(
          b.memberExpression(left.callee.object, b.identifier("includes")),
          [left.arguments[0]]
        );
        path.replace(
          ["!==", "!=", ">", ">="].includes(operator)
            ? test
            : b.unaryExpression("!", test)
        );
        changed = true;
      }
      this.traverse(path);
    },
  });

  if (changed) {
    console.log("Writing", file);
    fs.writeFileSync(file, recast.print(ast).code, { encoding: "utf8" });
  }
}

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-02-10 14:08:12 -08:00
Anders Kaseorg 02511bff1c js: Automatically convert _.each to for…of.
This commit was automatically generated by the following script,
followed by lint --fix and a few small manual lint-related cleanups.

import * as babelParser from "recast/parsers/babel";
import * as recast from "recast";
import * as tsParser from "recast/parsers/typescript";
import { builders as b, namedTypes as n } from "ast-types";
import { Context } from "ast-types/lib/path-visitor";
import K from "ast-types/gen/kinds";
import { NodePath } from "ast-types/lib/node-path";
import assert from "assert";
import fs from "fs";
import path from "path";
import process from "process";

const checkExpression = (node: n.Node): node is K.ExpressionKind =>
  n.Expression.check(node);
const checkStatement = (node: n.Node): node is K.StatementKind =>
  n.Statement.check(node);

for (const file of process.argv.slice(2)) {
  console.log("Parsing", file);
  const ast = recast.parse(fs.readFileSync(file, { encoding: "utf8" }), {
    parser: path.extname(file) === ".ts" ? tsParser : babelParser,
  });
  let changed = false;
  let inLoop = false;
  let replaceReturn = false;

  const visitLoop = (...args: string[]) =>
    function(this: Context, path: NodePath) {
      for (const arg of args) {
        this.visit(path.get(arg));
      }
      const old = { inLoop };
      inLoop = true;
      this.visit(path.get("body"));
      inLoop = old.inLoop;
      return false;
    };

  recast.visit(ast, {
    visitDoWhileStatement: visitLoop("test"),

    visitExpressionStatement(path) {
      const { expression, comments } = path.node;
      let valueOnly;
      if (
        n.CallExpression.check(expression) &&
        n.MemberExpression.check(expression.callee) &&
        !expression.callee.computed &&
        n.Identifier.check(expression.callee.object) &&
        expression.callee.object.name === "_" &&
        n.Identifier.check(expression.callee.property) &&
        ["each", "forEach"].includes(expression.callee.property.name) &&
        [2, 3].includes(expression.arguments.length) &&
        checkExpression(expression.arguments[0]) &&
        (n.FunctionExpression.check(expression.arguments[1]) ||
          n.ArrowFunctionExpression.check(expression.arguments[1])) &&
        [1, 2].includes(expression.arguments[1].params.length) &&
        n.Identifier.check(expression.arguments[1].params[0]) &&
        ((valueOnly = expression.arguments[1].params[1] === undefined) ||
          n.Identifier.check(expression.arguments[1].params[1])) &&
        (expression.arguments[2] === undefined ||
          n.ThisExpression.check(expression.arguments[2]))
      ) {
        const old = { inLoop, replaceReturn };
        inLoop = false;
        replaceReturn = true;
        this.visit(
          path
            .get("expression")
            .get("arguments")
            .get(1)
            .get("body")
        );
        inLoop = old.inLoop;
        replaceReturn = old.replaceReturn;

        const [right, { body, params }] = expression.arguments;
        const loop = b.forOfStatement(
          b.variableDeclaration("let", [
            b.variableDeclarator(
              valueOnly ? params[0] : b.arrayPattern([params[1], params[0]])
            ),
          ]),
          valueOnly
            ? right
            : b.callExpression(
                b.memberExpression(right, b.identifier("entries")),
                []
              ),
          checkStatement(body) ? body : b.expressionStatement(body)
        );
        loop.comments = comments;
        path.replace(loop);
        changed = true;
      }
      this.traverse(path);
    },

    visitForStatement: visitLoop("init", "test", "update"),

    visitForInStatement: visitLoop("left", "right"),

    visitForOfStatement: visitLoop("left", "right"),

    visitFunction(path) {
      this.visit(path.get("params"));
      const old = { replaceReturn };
      replaceReturn = false;
      this.visit(path.get("body"));
      replaceReturn = old.replaceReturn;
      return false;
    },

    visitReturnStatement(path) {
      if (replaceReturn) {
        assert(!inLoop); // could use labeled continue if this ever fires
        const { argument, comments } = path.node;
        if (argument === null) {
          const s = b.continueStatement();
          s.comments = comments;
          path.replace(s);
        } else {
          const s = b.expressionStatement(argument);
          s.comments = comments;
          path.replace(s, b.continueStatement());
        }
        return false;
      }
      this.traverse(path);
    },

    visitWhileStatement: visitLoop("test"),
  });

  if (changed) {
    console.log("Writing", file);
    fs.writeFileSync(file, recast.print(ast).code, { encoding: "utf8" });
  }
}

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-02-07 14:09:47 -08:00
Steve Howell d0453dc8f4 performance: Use startsWith in many places.
Using startsWith is faster than indexOf, especially for long strings
and short prefixes.  It's also a lot more readable.  The only reason
we weren't using it was when a lot of the code was originally written,
it wasn't available.
2020-01-28 12:47:37 -08:00
Anders Kaseorg 28f3dfa284 js: Automatically convert var to let and const in most files.
This commit was originally automatically generated using `tools/lint
--only=eslint --fix`.  It was then modified by tabbott to contain only
changes to a set of files that are unlikely to result in significant
merge conflicts with any open pull request, excluding about 20 files.
His plan is to merge the remaining changes with more precise care,
potentially involving merging parts of conflicting pull requests
before running the `eslint --fix` operation.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-11-03 12:42:39 -08:00
Anders Kaseorg d17b577d0c js: Purge useless IIFEs.
With webpack, variables declared in each file are already file-local
(Global variables need to be explicitly exported), so these IIFEs are
no longer needed.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2019-10-25 13:51:21 -07:00
Yashashvi Dave d3e83483c8 static/js/common: Add `Ctrl` key mapping to `Cmd` for MacOS. 2019-07-08 20:07:49 -07:00
Yashashvi Dave fed64cc59d static/js/common: Extract function `adjust_mac_shortcuts`. 2019-06-24 14:04:42 -07:00
Yashashvi Dave 251ed94bfc static/js/common: Use `platform` navigator to detect MacOS.
Replace `userAgent` navigator with `platform` navigator
to detect user's OS.
2019-06-24 14:04:42 -07:00
Yashashvi Dave 371343709b static/js/common: Extract function `has_mac_keyboard`. 2019-06-24 14:04:42 -07:00
Vishnu Ks 14e582fb59 support: Add functionality to copy admin emails.
Also renamed a bunch of functions in test_views for better
readability.
2019-06-14 10:19:50 -07:00
Shubham Dhama 9e3423129b invite: Clean error handling and use ui_report.
This also fixes few unusual UI issues like an invitation got failed when
certain emails can't be invited then the error box is left with "warning"
even when next request got succeed and another case when invitation got
succeed after failing it's still reported with "alert-error" class alert
banner.
2019-01-17 10:28:59 -08:00
Armaan Ahluwalia 6d255efe4c app: Prepare JS files for consumption by webpack.
This commit prepares the frontend code to be consumed by webpack.

It is a hack: In theory, modules should be declaring and importing the
modules they depend on and the globals they expose directly.

However, that requires significant per-module work, which we don't
really want to block moving our toolchain to webpack on.

So we expose the modules by setting window.varName = varName; as
needed in the js files.
2018-07-05 10:53:36 +02:00
Shubham Padia 1364971a17 search: Extract phrase_match to common.js.
Extracts phrase_match to common.js so it can be used by other
components like integrations search.
2018-06-26 20:38:47 -04:00
Shubham Dhama 80a2d5bc59 eslint: Enable `conditionalAssign` config of no-trailing-spaces rule. 2018-06-11 07:51:24 -04:00
Shubham Dhama dcb6254a4e eslint: Enable `no-extra-parens` rule.
Following sub-configuration is disabled:
                "nestedBinaryExpressions": false,
2018-06-11 07:51:24 -04:00
Tim Abbott 7ab8a8e820 js: Fix a bunch of indentation issues found by eslint.
This is preparation for enabling an eslint indentation configuration.
90% of these changes are just fixes for indentation errors that have
snuck into the codebase over the years; the others are more
significant reformatting to make eslint happy (that are not otherwise
actually improvements).

The one area that we do not attempt to work on here is the
"switch/case" indentation.
2018-05-06 16:25:02 -07:00
Rohitt Vashishtha b22e8dc2b7 lint: Replace 'return undefined;' with 'return;'.
Also adds a custom rule to eslint. Since the recommended way of extending
eslint is to create plugins as standalone npm packages, the separate rule
is published as 'eslint-plugins-empty-returns'.

Fixes #8669.
2018-03-13 08:22:42 -04:00
Greg Price a116303604 passwords: Express the quality threshold as guesses required.
The original "quality score" was invented purely for populating
our password-strength progress bar, and isn't expressed in terms
that are particularly meaningful.  For configuration and the core
accept/reject logic, it's better to use units that are readily
understood.  Switch to those.

I considered using "bits of entropy", defined loosely as the log
of this number, but both the zxcvbn paper and the linked CACM
article (which I recommend!) are written in terms of the number
of guesses.  And reading (most of) those two papers made me
less happy about referring to "entropy" in our terminology.
I already knew that notion was a little fuzzy if looked at
too closely, and I gained a better appreciation of how it's
contributed to confusion in discussing password policies and
to adoption of perverse policies that favor "Password1!" over
"derived unusual ravioli raft".  So, "guesses" it is.

And although the log is handy for some analysis purposes
(certainly for a graph like those in the zxcvbn paper), it adds
a layer of abstraction, and I think makes it harder to think
clearly about attacks, especially in the online setting.  So
just use the actual number, and if someone wants to set a
gigantic value, they will have the pleasure of seeing just
how many digits are involved.

(Thanks to @YJDave for a prototype that the code changes in this
 commit are based on.)
2017-10-08 15:48:44 -07:00
Greg Price 11e767f5b1 passwords: Revise our password-quality logic for clarity.
This should be a pure refactor: we're just removing or tightening
some obsolete comments, and rearranging some logic to make it
easier to follow.
2017-10-08 15:48:44 -07:00
Pweaver (Paul Weaver) d3ffc81726 Enable Hot Module Replacement in webpack.
This allow the webbpack dev server to properly reload JavaScript modules
while running in dev without restarting the server. We need to connect
to webpack-dev-server directly because SockJS doesn't support more than
one connection on the same host/port.
2017-07-18 11:02:05 -07:00
Steve Howell ff80ba4f99 autofocus: Remove unneeded `$(...)[0]` idiom.
Using the first element of a jQuery collection is either
unnecessary or extremely brittle.
2017-07-09 08:31:22 -04:00
Vishnu Ks fcd944447e common.js: Don't set default password quality/length in frontend.
The min quality/length values are always available via data
attributes. So there is no point of specefying a default value
in common.js.
2017-07-07 14:48:06 -07:00
Vishnu Ks f273e83a85 portico: Explain why password is weak to user. 2017-07-07 14:48:06 -07:00
Harshit Bansal 6615f2f2e8 common.js: Migrate `common.js` module to use IIFE module style.
This module was exposing its functions as globals. This PR fixes
it use the IIFE module style that we use in our other modules.
2017-06-22 19:06:32 -04:00
Bojidar Marinov 786dd0fca4 auth: Make min password length and strength configurable.
This adds some configuration options to settings.py, namely
PASSWORD_MIN_LENGTH and PASSWORD_MIN_QUALITY, which control
when the frontend validator invalidates the password.

Closes #2628
2017-01-10 04:55:41 -08:00
Rafid Aslam 7856217a63 Migrate JS modules to CommonJS style.
Closes #1488.
2016-12-07 16:11:52 -08:00
Rafid Aslam 0951b838ca deps: Update zxcvbn to 4.4.1
Update zxcvbn to 4.4.1, and change `crack_time` to
`crack_times_seconds` because `crack_time` has been changed to
`crack_times_seconds` in 4.4.1.
2016-12-06 17:51:33 -08:00
Tim Abbott 5a320db3c1 Add curly braces for all javascript if statements lacking them.
(imported from commit 32c7643d1a6ecdfaf634424d217938c8a368dade)
2013-08-01 11:47:54 -04:00
Tim Abbott 3bba0cc927 Move zephyr/static to just static.
It's not really a part of the server (aka the rest of zephyr/).

(imported from commit 27f6b6b064938ad927075a68d873e4b68710d279)
2013-07-29 12:11:26 -04:00