Commit Graph

54 Commits

Author SHA1 Message Date
Mateusz Mandera 935702b6ec auth: Rename any_oauth_backend_enabled to any_social_backend_enabled.
any_oauth_backend_enabled is all about whether we will have extra
buttons on the login/register pages for logging in with some non-native
backends (like Github, Google etc.). And this isn't about specifically
oauth backends, but generally "social" backends - that may not rely
specifically rely on Oauth. This will have more concrete relevance when
SAML authentication is added - which will be a "social" backend,
requiring an additional button, but not Oauth-based.
2019-09-19 12:35:27 -07:00
Anders Kaseorg ed63042480 templates: Replace focusing scripts with autofocus attribute.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-16 17:23:20 -07:00
Harshit Bansal bf14a0af4d auth: Migrate google auth to python-social-auth.
This replaces the two custom Google authentication backends originally
written in 2012 with using the shared python-social-auth codebase that
we already use for the GitHub authentication backend.  These are:

* GoogleMobileOauth2Backend, the ancient code path for mobile
  authentication last used by the EOL original Zulip Android app.

* The `finish_google_oauth2` code path in zerver/views/auth.py, which
  was the webapp (and modern mobile app) Google authentication code
  path.

This change doesn't fix any known bugs; its main benefit is that we
get to remove hundreds of lines of security-sensitive semi-duplicated
code, replacing it with a widely trusted, high quality third-party
library.
2019-07-21 20:51:34 -07:00
Abhinav Singh 2a14fcf3e9 refactor: Remove inline javascript code from accounts_home.html.
This commit removes inline javascript code present in
accounts_home.html and moves it to signup.js. The accounts_home.html
page is rendered when the user visits "/register". An empty div
element is added in accounts_home.html with unique data-page-id
attribute to make it more easy to find in which page we are, while
working with the javascript code.
2019-03-25 15:14:24 -07:00
Harshit Bansal 0be410d3fe refactor: De-duplicate code in `accounts_home.html` for social auth. 2019-03-05 14:02:12 -08:00
Vishnu Ks 868a763cec auth2: Don't use session for passing multiuse invite key.
For Google auth, the multiuse invite key should be stored in the
csrf_state sent to google along with other values like is_signup,
mobile_flow_otp.

For social auth, the multiuse invite key should be passed as params to
the social-auth backend. The passing of the key is handled by
social_auth pipeline and made available to us when the auth is
completed.
2019-02-12 15:51:11 -08:00
Tim Abbott 792b08c3b8 auth: Remove unused CSS/HTML for social auth buttons.
The margin-left CSS was incorrect and overridden anyway, and after
removing that, login-github-button no longer appeared in the project.
2018-10-11 17:18:04 -07:00
Tim Abbott fd4c23e12d login: Clean up CSS/HTML for google/github login buttons.
This removes some unnecessary code duplication in the CSS classes for
Google and GitHub authentication social auth buttons.

This will, in turn, help us avoid extra work every time we add a new
authentication backend.
2018-10-11 16:52:41 -07:00
Anders Kaseorg f75c0e29f4 HTML validation: Remove obsolete attributes from <script>, <style>.
<script charset=…>, <script type=…>, and <style type=…> are “obsolete
but conforming” in HTML5.  They make the validator.nu output noisier
and real problems a little harder to find.

(type was required in HTML 4, which is not relevant to us.)

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-07-13 10:27:23 +05:30
Anders Kaseorg c28ab72124 HTML validation: Remove invalid attributes.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-07-13 10:27:23 +05:30
Tim Abbott b91de0e283 i18n: Pass the name of the single-sign on system into strings.
This should avoid us needing to add a new set of translated strings
every time we add a new authentication method.
2018-04-22 13:34:37 -07:00
Aditya Bansal b9f1acb300 linter: Enforce 2 space indents on tags spread over multiple lines.
We make some specific cases of tags use 2 space indents.
The case description:
* A tag with opening tag spread over multiple lines and closing tag
on the same line as of the closing angle bracket of the opening tag.
* A tag with opening tag spread over multiple lines and closing tag
not on the same line as of the closing angle bracket of the opening
tag.

Example:
Case 1:

Not linted:
<button type="button"
class="btn btn-primary btn-small">{{t "Yes" }}</button>

After linting:
<button type="button"
  class="btn btn-primary btn-small">{{t "Yes" }}</button>

Case 2:

Before linting:
<div class = "foo"
     id = "bar"
     role = "whatever">
     {{ bla }}
</div>

After linting:
<div class = "foo"
  id = "bar"
  role = "whatever">
    {{ bla }}
</div>
2018-04-07 20:08:44 -07:00
Cynthia Lin c5d5efa9be portico-signin: Remove fixed-width styling for OR lines.
Fixes #8977.
2018-04-05 15:25:36 -07:00
Yago González 044fb0a42b i18n: Fix handling of OR on login/register pages.
Closes #8860
2018-03-29 11:13:59 -07:00
Anupam-dagar 865480ec42 portico: Fix positioning of "disposable email address" errors.
Modified by tabbott to prevent losing the frontend errors, and make it
more clear which errors are from the frontend vs. backend.

Fixes: #8784.
2018-03-22 14:38:57 -07:00
Umair Khan 06b57e8512 style: Merge css of social login/register buttons. 2017-11-17 11:44:13 -08:00
Tim Abbott 638eb7a8e4 docs: Update links to ReadTheDocs to always use https.
This is better security practice.

We also add a lint rule to enforce this for the future.
2017-11-16 10:59:24 -08:00
Tim Abbott 054952a44a docs: Update links from codebase to point to ReadTheDocs. 2017-11-16 10:53:49 -08:00
Vishnu Ks b4fedaa765 backend: Add support for multiuse user invite link. 2017-09-22 07:56:53 -07:00
Brock Whittaker cc8de243a5 Switch from #errors to new .alert.alert-error.
This switches to the newer style of displaying alerts.
2017-08-15 13:27:48 -07:00
Umair Khan 4a3fde023f google: Respect is_signup argument.
This allows us to go to Registration form directly. This behaviour is
similar to what we follow in GitHub oAuth. Before this, in registration
flow if an account was not found, user was asked if they wanted to go to
registration flow. This confirmation behavior is followed for login
oauth path.
2017-08-09 13:44:57 -07:00
Brock Whittaker 36f6da9ebf /register/: Hide sign up on invite-only realms.
This hides the right-hand sign up form for realms that are
invite-only, and shows some text that states the realm is invite-only.
2017-07-27 16:53:57 -07:00
Vaida Plankyte f9ec2b395e frontend: Modify google/github auth buttons to use forms.
Those buttons were contained in an anchor element. This isn't
valid HTML5 and caused the buttons to be focused on twice when
using tab-based navigation. Replacing the anchor with a form
element fixes this issue.
2017-07-25 18:12:19 -07:00
Vaida Plankyte 388acbbfcb frontend: Remove old required div & css from registration pages.
Removes class="required" divs that used to contain an asterisk
for valid/invalid input, and their associated css.
2017-07-25 13:39:34 -07:00
Jack Zhang c938c3be2d portico: Remove green checkboxes from forms.
More than half of these are buggy. Adding them back will be
separate project for the future.
2017-07-21 13:09:06 -07:00
Brock Whittaker bd664b0dd5 portico: Fix background color; remove need for bg-image classes. 2017-07-07 15:30:47 -07:00
Harshit Bansal 6615f2f2e8 common.js: Migrate `common.js` module to use IIFE module style.
This module was exposing its functions as globals. This PR fixes
it use the IIFE module style that we use in our other modules.
2017-06-22 19:06:32 -04:00
Aditya Bansal f9edf8bc0e Clean accounts_home.html to use 4 space and consistent indentation. 2017-06-06 22:04:32 -07:00
Jeremy Bowman 2137aadda0 portico: Make the realm icon an img element.
The realm avatar icon on the login and registration pages was
being set as a background image, which could vanish in high
contrast mode in many browsers.  Converted it to an img tag and
verified that it is still styled correctly.  I think the empty
alt attribute (to remove it from the audio description) is
appropriate in this context, since the realm name and description
are already provided immediately afterwards in the page content.

Fixes #4889.
2017-06-01 22:07:43 -07:00
Jeremy Bowman 5436f872f7 Provide alt text for validation check mark
The check mark which appears for valid input in assorted forms
(such as login and registration) didn't have alternative text
for better accessibility.  Added "Valid" as the alt text in all
places it's used.

Fixes #4876.
2017-05-25 16:06:47 -07:00
Jeremy Bowman 7053103896 Fix registration email field label association
The label element for the registration form's email field was
missing a "for" attribute to link it to the input field.  Added
the missing attribute.

Fixes #4896.
2017-05-25 13:36:27 -07:00
Brock Whittaker 07ecf971c6 Fix accounts_home and login to display no-password correctly.
This fixes the /register/ (accounts_home) and /login/ pages to not
display the login form if login isn’t allowed at the organization level.
2017-05-15 15:49:02 -07:00
Tim Abbott 223624be25 settings: Add support for longer, markdown-powered realm descriptions.
This makes it possible to create much prettier login pages.

Further work on styling may be necessary.
2017-05-11 13:59:46 -07:00
Umair Khan dc2a9a4c5b github: Add sign up button on registration page. 2017-05-10 17:49:08 -07:00
Brock Whittaker 48ac49385e Fix lack of uniformity with box content layout.
The various portico pages had various styling differences that made
them less consistent when responsive.
2017-05-04 16:09:12 -07:00
Brock Whittaker 89242da269 Remove .footer_padder in favor of proper screen tolerances.
This removes the .footer_padder element in favor of just having correct
min/max heights and margins on the footers.
2017-05-04 16:09:12 -07:00
Brock Whittaker 58d00af6c3 portico-pages: Fix flex height issues with content.
This fixes the existing issue where the titles of content is chopped
off when the screen height is too small.
2017-05-04 16:09:12 -07:00
Tim Abbott 07db233ffd register: Remove long-unused company-email HTML/CSS. 2017-05-01 17:18:03 -07:00
Rohitt Vashishtha 47eb19331d ux: Display error on login/registration if no auth backends are enabled.
Also makes a small tweak to CSS to ensure the styling is consistent on
the two pages.

Fixes #4525.
2017-05-01 17:17:37 -07:00
Brock Whittaker 7afbc9ddd6 Redesign login and registration pages.
This completes a major redesign of the Zulip login and registration
pages, making them look much more slick and modern.

Major features include:
* Display of the realm name, description and icon on the login page
  and registration pages in the subdomains case.
* Much slicker looking buttons and input fields.
* A new overall style for the exterior of these portico pages.
2017-04-26 18:04:05 -07:00
Umair Khan b228cca377 linter: Fix periods in translatable strings. 2017-03-09 21:57:24 -08:00
adnrs96 9320fbd1a0 Clean accounts_home.html to use 4 space indents. 2017-02-26 19:32:21 -08:00
Tim Abbott 67d9e19ccf views: Split views/auth.py out of core views file. 2016-10-11 21:27:06 -07:00
Brock Whittaker b8a1dcdf0d Restyle registration pages.
The registration pages — both the landing page and the follow through
page after receiving an email have been restyled to be more linear in
nature and centered using flex box.
2016-08-25 20:55:55 -07:00
Umair Khan 5359e6b0d4 Convert Zulip to use Jinja2 templates.
This results in a substantial performance improvement for all of
Zulip's backend templates.

Changes in templates:
- Change `block.super` to `super()`.
- Remove `load` tag because Jinja2 doesn't support it.
- Use `minified_js()|safe` instead of `{% minified_js %}`.
- Use `compressed_css()|safe` instead of `{% compressed_css %}`.
- `forloop.first` -> `loop.first`.
- Use `{{ csrf_input }}` instead of `{% csrf_token %}`.
- Use `{# ... #}` instead of `{% comment %}`.
- Use `url()` instead of `{% url %}`.
- Use `_()` instead of `{% trans %}` because in Jinja `trans` is a block tag.
- Use `{% trans %}` instead of `{% blocktrans %}`.
- Use `{% raw %}` instead of `{% verbatim %}`.

Changes in tools:
- Check for `trans` block in `check-templates` instead of `blocktrans`

Changes in backend:
- Create custom `render_to_response` function which takes `request` objects
  instead of `RequestContext` object. There are two reasons to do this:
    1. `RequestContext` is not compatible with Jinja2
    2. `RequestContext` in `render_to_response` is deprecated.
- Add Jinja2 related support files in zproject/jinja2 directory. It
  includes a custom backend and a template renderer, compressors for js
  and css and Jinja2 environment handler.
- Enable `slugify` and `pluralize` filters in Jinja2 environment.

Fixes #620.
2016-05-09 09:55:18 -07:00
Josh Mandel 15dae10383 Only show "Sign up with google" when enabled 2015-11-24 06:13:09 +00:00
Ahmed Shibani 4f29cfee9e Mark strings for translation in templates/zerver
In order to enable internationalization support in Zulip, and to use
Django internationalization tools, all strings in Zulip frontend needs
to be marked for translation.
2015-11-03 23:06:31 -08:00
Anders Kaseorg 3043859700 Remove CUSTOMER3 advertisements
(imported from commit c48b478cbb7b682f1c76af027b487af73893c2be)
2015-08-20 11:10:39 -07:00
Jason Michalski 439b86fe3b Migrate the google SSO from openid to oauth2
(imported from commit 6938c1cc5d245cc5642043279470365ff04df903)
2015-02-05 21:54:28 -05:00
Waseem Daher da81bcae0e customer3: EVENT2 -> conference
Keith is going to try to use Zulip again during the next conference;
CoNEXT, so we need to rebrand. We use generic language here so that
we don't need to do this every time.

(imported from commit c97f7d4bb84f2dfd4c6db265884ba17be0fd5677)
2013-12-06 13:09:04 -05:00