Commit Graph

6031 Commits

Author SHA1 Message Date
Aman Agrawal 56ce1f9f63 portico: Add pricing widget from /plans to for-education page. 2021-07-21 12:13:25 -07:00
Aman Agrawal 3c024b2fba portico: Add /for/education, /for/events, /for/research pages.
These modern landing pages cover use cases previously not detailed on
our website. Technically, we had a /for/research page before, but it
wasn't finished or linked everywhere.

Removed "function-url-quotes" stylelint rule
since I need to use quotes in url to use an
svg as list bullet point. There are spacing issues
using it as an image. Also, using quotes in url
is actually the recommended way to do it otherwise
there could be issue with escaping.
2021-07-20 22:37:52 -07:00
Tim Abbott 256091dc15 settings: Merge settings API endpoints.
This API change removes unnecessary complexity from a client that
wants to change a user's personal settings, and also saves developers
from needing to make decisions about what sort of setting something is
at the API level.

We preserve the old settings endpoints as mapping to the same function
as the new one for backwards-compatibility. We delete the
documentation for the old endpoints, though the documentation for the
merged /settings endpoint mentions how to use the old endpoints when
needed.

We migrate all backend tests to the new endpoints, except for
individual tests for each legacy endpoint to verify they still work.

Co-authored-by: sahil839 <sahilbatra839@gmail.com>
2021-07-19 21:14:32 -07:00
Tim Abbott b73356e891 portico: Add UCSD case study. 2021-07-18 21:55:57 -07:00
Alya Abbott 844c62c64e portico: Create new "Zulip for communities" page. 2021-07-18 12:10:33 -07:00
Tim Abbott 95606a7347 api: Return user IDs, not display emails, in subscribers endpoints.
Sometime in the deep past, Zulip the GET /users/me/subscriptions
endpoint started returning subscribers.  We noticed this and made it
optional via the include_subscribers parameter in
1af72a2745, however, we didn't notice
that they were being returned as emails rather than user IDs.

We migrated the core /register code paths to use subscriber IDs years
ago; this change completes that for the endpoints we forgot about.

The documentation allowed this error because we apparently had no
tests for this code path that used the actual API.
2021-07-18 11:32:28 -07:00
sahil839 d5a0c1ede5 api: Remove "full_name" and "account_email" from response of '/settings'.
We remove the "full_name" and "account_email" fields from the response
of 'PATCH /settings' endpoint. These fields were part of the response
to make sure that we tell that the parameters not present in response
were ignored.

We can remove these fields as 'ignored_parameters_unsupported' now
specifies which parameters were ignored and not supported by the
endpoint.
2021-07-16 16:10:15 -07:00
sahil839 05aff3f271 api: Add "ignored_parameters_unsupported" to response of '/settings'.
We add "ignored_parameters_unsupported" field to the response object
of 'PATCH /settings' endpoint. This will contain the parameters
passed to the endpoint which are not changed by the endpoint and are
ignored.

This will help in removing the other fields like "full_name" from
response which was essentially present to specify that only these
fields were updated by the endpoint and rest were ignored.

We will also change other endpoints to follow this in future.
2021-07-16 16:10:15 -07:00
Mateusz Mandera 50e9169680 oidc: Add auto_signup configuration option. 2021-07-16 14:40:07 -07:00
Anders Kaseorg fb3ddf50d4 python: Fix mypy no_implicit_reexport errors.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-16 14:02:31 -07:00
Anders Kaseorg 1ae56e466b cache: Fix typing for post_save and post_delete flush handlers.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-16 13:14:04 -07:00
Abhijeet Prasad Bodas 9901b72690 tests: Purge queue before starting tests, not at tearDown.
This is more robust towards reruning failed tests (which ran
partially and added some events to a queue before failing).

The tearDown code was added in 571f8b8664.
2021-07-16 09:00:02 -07:00
Anders Kaseorg a0e3de302f test_reactions: Fix ineffective mock due to indentation mistake.
Introduced by commit 90b6fa7881.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-15 17:44:59 -07:00
akshatdalton 6b5812082e markdown: Fix shebang line eliminating behaviour of Codehilite.
See the block comment explaining the motivation for this change, but
basically, the shebang feature of Python-Markdown's Codehilite
extension could be really confusing and is not part of the CommonMark
standard.

1. https://python-markdown.github.io/extensions/code_hilite/#shebang-no-path
2. eacff473a2/markdown/extensions/codehilite.py (L164-L180)

Fixes: #18591.
2021-07-15 15:18:33 -07:00
Priyansh Garg a21a280054 data_import: Rename mattermost_user to user_handler.
This logic can be readily reused for new data import tools.
2021-07-15 14:28:36 -07:00
Eeshan Garg faa695e86d registration: Collect organization type on sign-up. 2021-07-15 09:58:27 -07:00
Tim Abbott 4fb6f089e5 api: Remove error for no settings changes requested.
While this error message was vaguely useful, it wasn't reachable via
the UI at all, and it prevents merging this endpoint with related
endpoints.
2021-07-14 15:54:05 -07:00
sahil839 61acf68aa4 emoji: Allow emoji authors to delete the emoji always.
Previously, non-admin emoji authors were allowed to
delete the emoji only if add_emoji_by_admins_only
was false. But, as add_emoji_by_admins_only setting
is for who can add emoji and not delete emojis, it
should not affect the behavior of deleting emojis
and users should always be allowed to delete the
emojis which. they added themselves
2021-07-14 14:57:08 -07:00
sahil839 50240ca71b models: Use COMMON_POLICY_TYPES for user_group_edit_policy.
This commit adds moderators and full members options for
user_group_edit_policy by using COMMON_POLICY_TYPES.

Moderators do not require to be a member of user group in
order to edit or remove the user group if they are allowed
to do so according to user_group_edit_policy.
But full members need to be a member of user group to edit
or remove the user group.
2021-07-14 14:38:44 -07:00
sahil839 93a1479286 user_group: Change error message to "Insufficient permission".
There is no need to have a error message which specifies the
roles having permission to edit user-groups, we can simply
have error message as "Insufficient permission" as we already
show the roles having permission clearly in UI.
2021-07-14 14:38:43 -07:00
PIG208 26875cdf0b tests: Migrate mocked Request to HostMockRequest.
This migrates some mocked Request class and mocked request achieved
with namedtuple in test_decorators and test_mirror_users to use the
refactored HostMockRequest.

Since weakref cannot be used with namedtuple, this old way of mocking a
request object should be migrated to using HostRequestMock. Only after
this change we can extract client from the request object and store it
via ZulipRequestNotes.
2021-07-14 12:01:07 -07:00
PIG208 5167a93229 request: Move tornado_handler to ZulipRequestNotes. 2021-07-14 12:01:07 -07:00
PIG208 5475334b16 request: Refactor to store requestor_for_logs in ZulipRequestNotes. 2021-07-14 12:01:07 -07:00
PIG208 75cde8ebcf request: Refactor HostRequestMock to subclass HttpRequest. 2021-07-14 11:52:43 -07:00
akshatdalton f5c4d51ed2 resolve topic: Add `is:resolved` search keyword/filtering support.
This commit adds the backend support for `is:resolved` search keyword.
In the next commit, I will add the frontend support for the same.
2021-07-13 23:18:41 -07:00
akshatdalton 7ec406f39d refactor: Extract `RESOLVED_TOPIC_PREFIX` in topic.py.
This is a prep commit for #18990.
2021-07-13 23:18:41 -07:00
Abhijeet Prasad Bodas ebb4eab0f9 worker: Rewrite MissedMessageWorker to not be lossy.
Previously, we stored up to 2 minutes worth of email events in memory
before processing them. So, if the server were to go down we would lose
those events.

To fix this, we store the events in the database.

This is a prep change for allowing users to set custom grace period for
email notifications, since the bug noted above will aggravate with
longer grace periods.
2021-07-13 17:21:38 -07:00
Abhijeet Prasad Bodas 1709428cff models: Create MissedMessageEmailEntry table.
This will be used to store the missedmessage events received
during the waiting time for email notifications (which is currently
2 minutes, hardcoded).

The change in `test_retention` is because we've set `on_delete=CASCADE`
for the message field this table.
The new query is like so:
```
DELETE FROM "zerver_missedmessageemailentry"
    WHERE "zerver_missedmessageemailentry"."message_id" IN (
        1545, 1546, 1547, 1548, 1549, 1550, 1551, 1552, 1553
        )
```
2021-07-13 17:21:37 -07:00
Abhijeet Prasad Bodas c3319a5231 notification_data: Create common source for trigger strings.
This reduces loose strings in the codebase, and allows us to not worry
about the exact naming (`stream_email_enabled` or `stream_emails_enabled`?)
and tense (`mentioned` or `mention`?).

Ideally this new class should have been in `lib/notification_data.py`,
which is our file for things like this. But, the next commit requires
using this data in `models.py`, and importing from `notification_data.py`
to `models.py` causes recursive imports.
2021-07-13 17:16:32 -07:00
akshatdalton 3ea1ff7665 refactor: Use `assertGreaterEqual` helper instead of `assertTrue`. 2021-07-13 13:03:38 -07:00
akshatdalton 0b469e9e4e refactor: Use `assertGreater` helper instead of `assertTrue`. 2021-07-13 13:03:38 -07:00
akshatdalton e203112fd4 refactor: Use `assert_length` helper instead of `assertTrue/assertEqual`. 2021-07-13 13:03:38 -07:00
Mateusz Mandera db7d2ee713 test_upload: Fix unnecessarily hard-coded user id. 2021-07-13 08:31:11 -07:00
Mateusz Mandera af29bd77a0 test_sessions: Fix unnecessarily hard-coded user id. 2021-07-13 08:31:11 -07:00
Mateusz Mandera 91b3ba6d66 test_queue_worker: Fix unnecessarily hard-coded user id. 2021-07-13 08:31:11 -07:00
Mateusz Mandera ccd961b797 test_reactions: Fix unnecessarily hard-coded user id. 2021-07-13 08:31:11 -07:00
Mateusz Mandera 6ec5a9698f test_markdown: Fix unnecessarily hard-coded user id. 2021-07-13 08:31:11 -07:00
Abhijeet Prasad Bodas e63e86dcb2 worker: Ensure complete coverage for PushNotificationsWorker.
The `# nocoverage` was unnecessary apart from for the compatibility code,
so add a test for that code and remove the `# nocoverage`.

The `message_id` -> `message_ids` conversion was done in
9869153ae8.
2021-07-13 08:30:31 -07:00
aryanshridhar 7dc56fdcf2 settings_emoji: Allow only admins to override existing emojis.
Previously, even non-admins had the option to override built-in
emojis in the `Settings Emoji` UI.

This commits essentially limits the functionality of overriding
custom and allows only realm administrators to
override built-in emojis with their custom emojis by adding an
authorization check in the backend.

It also adds relevant tests in `test_realm_emoji` which tests
for the cases where an admin and non admin tries to override
the built-in emoji.

Fixes #18860.
2021-07-13 08:28:28 -07:00
Tim Abbott eb8283c089 test_docs: Test the new case study page. 2021-07-09 13:19:05 -07:00
Tim Abbott c804ab27d5 actions: Rename do_activate_user to do_activate_mirror_dummy_user.
This function had a confusing name, which could result in someone
using it unintentionally when they meant do_reactivate_user.

We also add docstrings for both functions.
2021-07-08 17:33:17 -07:00
Mateusz Mandera 093ca7a574 zilencer: Log warning when a remote server hits rate limits.
We don't want this rate limit to affect legitimate users so it being hit
should be abnormal - thus worth logging so that we can spot if we're
rate limiting legitimate users and can know to increase the limit.
2021-07-08 15:55:03 -07:00
Mateusz Mandera 85cbdc8904 rate_limit: Add rate limiting of ZulipRemoteServer. 2021-07-08 15:55:02 -07:00
Mateusz Mandera b9056d193d rate_limit: Implement IP-based rate limiting.
If the user is logged in, we'll stick to rate limiting by the
UserProfile. In case of requests without authentication, we'll apply the
same limits but to the IP address.
2021-07-08 15:46:52 -07:00
Mateusz Mandera df96e02732 test_external: Extract common logic for "hit rate limits" tests. 2021-07-08 15:35:12 -07:00
Mateusz Mandera 3b4f8cc85b saml: Add setting to skip the "continue to registration" page.
It's a smoother Just-In-Time provisioning process to allow
creating the account and getting signed in on the first login by the
user.
2021-07-08 15:21:20 -07:00
sahil839 a535ec6262 settings: Remove timezone from UserProfile.property_types.
We remove timezone setting from UserProfile.property_types
so that we can directly use UserProfile.property_types for
implementation of realm-default values of various user
settings.
2021-07-08 12:52:29 -07:00
aryanshridhar 9049fb3bd4 users: Remove redundant compute_show_invites function.
This commits removes the redundant `compute_show_invites` function
which computes the `show_invites` page parameter in `lib/users.py`.

It is so because, commit 13399833b0 removed
the `show_invites` context variable passed in index.html.
Hence, the `show_invites` page_param key is no
longer required to compute in backend as it can be switched with
`settings_data.user_can_invite_others_to_realm()` in the frontend.

This commits also removes the `test_compute*` tests in
`test_home` that concerned with the `show_invites` page parameter
as they are no longer required.
2021-07-08 12:37:47 -07:00
Abhijeet Prasad Bodas bf15c0235a notifications: Remove unused fields in queue events.
* `stream_name`: This field is actually redundant. The email/push
  notifications handlers don't use that field from the dict, and they
  anyways query for the message, so we're safe in deleting this field,
  even if in the future we end up needing the stream name.

* `timestamp`: This is totally unused by the email/push notification
  handlers, and aren't sent to push clients either.

* `type` is used only for the push notifications handler, since only
  push notifications can be revoked, so we move them to only run there.
2021-07-08 11:22:45 -07:00
Tim Abbott af47fa705e exceptions: Use HTTP 401 code for authentication errors. 2021-07-08 10:33:08 -07:00
Abhijeet Prasad Bodas 4f9c7cae0a push_notifications: Send mentioned user group ID and name in payload. 2021-07-08 10:19:43 -07:00
Abhijeet Prasad Bodas 9bd8fe01fc android push notifications: Display mentioned user group name.
Followup to 83399e2e72.
2021-07-08 10:03:07 -07:00
Abhijeet Prasad Bodas 4d24499317 android notifications: Differentiate personal vs wildcard mentions.
The code to also notify for wildcard mentions was added in
0ed0bb6828.

But that showed the same text for both the cases. This commit fixes
that.

This is more of change for correctness. The mobile app currently does
not rely on this text for notifications, but constructs the text by
itself from the data in the payload.

This also fixes the "stream_push_notify" case to consistently show
a `#` before the stream name.
2021-07-08 10:03:07 -07:00
Abhijeet Prasad Bodas ce6f6a3829 push_notifications: Pre-calculate mentioned_user_group_name.
Prep change for showing the mentioned user group name in Android
notifications also. This will avoid doing the user group fetch twice.
2021-07-08 10:03:07 -07:00
Dinesh c4463ee34c test_example.py: Add a new example to demonstrate mocking.
Took the help of our mocking docs:
https://zulip.readthedocs.io/en/latest/testing/testing-with-django.html#testing-with-mocks
and rewrote a part of
test_message_edit.EditMessageTest.test_edit_message_content_limit
using mock.patch().
2021-07-08 10:04:20 -04:00
Ganesh Pawar d6711e3cd2 muting: Add support for muting deactivated users.
Fixes #19141
2021-07-07 10:44:18 -07:00
Anders Kaseorg 98194b9316 blueslip: Remove SAVE_FRONTEND_STACKTRACES setting.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-07 09:26:02 -07:00
Anders Kaseorg 07fef56c74 logging_handlers: Remove STAGING_ERROR_NOTIFICATIONS setting.
Running notify_server_error directly from the logging handler can lead
to database queries running in a random context.  Among the many
potential problems that could cause, one actual problem is a
SynchronousOnlyOperation exception when running in an asyncio event
loop.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-07 09:26:02 -07:00
Mateusz Mandera cee4da64fa saml: Don't raise AssertionError if no name is provided in SAMLResponse.
This is an acceptable edge case for SAML and shouldn't raise any errors.
2021-07-07 09:23:21 -07:00
Vishnu KS 4ad592ed4f populate_db: Use do_create_realm for creating zulip realm.
Since do_create_realm also creates general and core team streams,
we rename general to verona right after the realm is created. Mostly
because we dont really want two additional streams and this might
probably make it easy to review things.

There are puppeteer test changes because, we have a new "core team"
stream in tests as well as there is a new default notification stream
"Verona". Because of this tests in message-basics for example have
to be changed since the newly added core team affects the order in
which we navigate through the streams using arrow keys.

The extra await for selector was added in subscriptions test to make
the tests wait. Without the await the tests were passing ocassionally
and failing in some other times.

Fixes #6967
2021-07-06 17:37:43 -07:00
Vishnu KS acffc0ae0a populate_db: Use do_create_realm for creating zephyr realm. 2021-07-06 17:22:00 -07:00
PIG208 8b9011dff8 json_error: Completely remove json_error.
This completes the migration from `return json_error` to
`raise JsonableError`.
2021-07-06 15:34:33 -07:00
Tim Abbott 331f34cc1f auth: Use standard classes for API key fetch exceptions.
This lets us reuse a bunch of code and error handling logic, resulting
in a more sensible and consistent API.
2021-07-06 15:28:38 -07:00
Tim Abbott ac568d303c test_queue_worker: Fix order-dependent assertions. 2021-07-06 14:37:16 -07:00
Mateusz Mandera 95b46549e1 embed_links: Only log warning if worker times out.
Throwing an exception is excessive in case of this worker, as it's
expected for it to time out sometimes if the urls take too long to
process.

With a test added by tabbott.
2021-07-06 14:17:24 -07:00
sahil839 c13f0626e3 tests: Use the list in models.py directly in do_test_realm_update_api.
The list of possible values of all settings was re-defined in
do_test_realm_update_api and we can instead use the list defined
in models.py which is used to validate values in views/realm.py.

There is no problem in order of values as we always initialize the
first value of the list.

This has also added some more values to test for a couple of
settings as a result.
2021-07-06 13:45:01 -07:00
sahil839 b4a0a33f4c tests: Test all values in the list in do_test_realm_update_api.
This commit changes do_test_realm_update_api to test all values
in the list of a given setting instead of checking only two
values.
2021-07-06 13:45:01 -07:00
sahil839 8314620314 tests: Change test_change_realm_default_language to test invalid value.
We change the test_change_realm_default_language to test only invalid
value and rename it to test_invalid_realm_default_language, because
we already test whether the value is changed correctly or not in
do_test_realm_update_api.
2021-07-06 13:45:01 -07:00
sahil839 6a3a07a359 tests: Remove test_change_bot_creation_policy from test_realm.py.
This commit removes test_change_bot_creation_policy which is used
to test changing bot_creation_policy using 'PATCH /realm' endpoint
as we already do this in do_test_realm_update_api and invalid value
is also tested in test_invalid_integer_attribute_values.
2021-07-06 13:45:01 -07:00
sahil839 77471a5b44 tests: Remove test_change_email_address_visibility from test_realm.py.
This commit removes test_change_email_address_visibility which is used
to test changing email_address_visibility using 'PATCH /realm' endpoint
as we already do this in do_test_realm_update_api and invalid value is
also tested in test_invalid_integer_attribute_values.
2021-07-06 13:45:01 -07:00
sahil839 74023bfacf tests: Remove test_change_invite_to_stream_policy from test_realm.py.
This commit removes test_change_invite_to_stream_policy which is used
to test changing invite_to_stream_policy using 'PATCH /realm' endpoint
as we already do this in do_test_realm_update_api and invalid value
is also tested in test_invalid_integer_attribute_values.
2021-07-06 13:45:01 -07:00
sahil839 99e5058bd6 tests: Remove test_change_invite_to_realm_policy from test_realm.py.
This commit removes test_change_invite_to_realm_policy which is used
to test changing invite_to_realm_policy using 'PATCH /realm' endpoint
as we already do this in do_test_realm_update_api and invalid value
is also tested in test_invalid_integer_attribute_values.
2021-07-06 13:45:01 -07:00
sahil839 1c0e67e7c4 tests: Remove test_change_move_messages_between_streams_policy.
This commit removes test_change_move_messages_between_streams_policy
which is used to test changing move_messages_between_streams_policy
using 'PATCH /realm' endpoint as we already do this in
do_test_realm_update_api and invalid value is also tested in
test_invalid_integer_attribute_values.
2021-07-06 13:45:01 -07:00
sahil839 8831fb22b1 tests: Remove test_user_group_edit_policy from test_realm.py.
This commit removes test_user_group_edit_policy which is used
to test changing user_group_edit_policy using 'PATCH /realm'
endpoint as we already do this in do_test_realm_update_api and
invalid value is also tested in test_invalid_integer_attribute_values.
2021-07-06 13:45:01 -07:00
sahil839 a1e6cbdc80 tests: Remove test_private_message_policy from test_realm.py.
This commit removes test_private_message_policy which is used to
test changing private_message_policy using 'PATCH /realm' endpoint
as we already do this in do_test_realm_update_api and invalid
value is also tested in test_invalid_integer_attribute_values.
2021-07-06 13:45:01 -07:00
sahil839 f95faaf732 tests: Remove test_change_wildcard_mention_policy from test_realm.py.
This commit removes test_change_wildcard_mention_policy which is
used to test changing wildcard_mention_policy using 'PATCH /realm'
endpoint as we already do this in do_test_realm_update_api and
invalid value is also tested in test_invalid_integer_attribute_values.
2021-07-06 13:45:01 -07:00
sahil839 8e26f920ab tests: Remove test_change_stream_creation_policy from test_realm.py.
This commit removes test_change_stream_creation_policy which is
used to test changing create_stream_policy using 'PATCH /realm'
endpoint as we already do this in do_test_realm_update_api and
invalid value is also tested in test_invalid_integer_attribute_values.
2021-07-06 13:45:01 -07:00
Riken Shah a96c614420 message: Fix the edit topic bug by removing leading \n from msg content.
The reason for this bug is because of different striping
processes in the backend and frontend, i.e The frontend
checks if the message's `raw_content` has changed to
decide if the `content` of the message should be sent in
the request to the backend, or not. So, it removes the
leading new line ('\n') from the message `raw_content`
when checking it, which is causing the "Error saving edit:
You don't have permission to edit this message" error.

This commit fixes it by removing the leading new line
when cleaning message content.

The bug was explained by @punchagan and its solution
by @timabbott.
2021-07-06 09:41:54 -07:00
Anders Kaseorg 08592c9731 requirements: Upgrade Python requirements.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-06 08:40:32 -07:00
Anders Kaseorg 3853285241 push_notifications: Replace PyAPNs2 with aioapns.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-05 20:16:50 -07:00
Anders Kaseorg 0bc002270c push_notifications: Use lru_cache decorator.
This does the same thing in a simpler way.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-05 20:16:50 -07:00
aryanshridhar 13399833b0 right_sidebar: Migrate to handlebars.
This commit migrates the `right_sidebar.html` Django template
to handlebars by creating a new file as `right_sidebar.hbs`
which is then rendered using `ui_init` module.

It also removes the tests in `test_home` due to the template
migration, since these elements aren't rendered on the backend
anymore.

We also remove `test_compute_show_invites_and_add_streams*`.

Fixes part of #18792.
2021-07-05 18:58:24 -07:00
aryanshridhar 8fb7ff7637 left_sidebar: Migrate to handlebars.
This commit migrates the `left_sidebar.html` Django template
to handlebars by creating a new file as `left_sidebar.hbs`
which is then rendered using `ui_init` module.

These are the minor changes introduced by virtue of template
migration -
 - The `compute_show_invites_and_add_streams` function now
   only concerns with the invite_to_realm_policy.
 - Renamed the `compute_show_invites_and_add_streams` function
   to `compute_show_invites` due to the above change.
 - Fixes relevant `test_home.py` tests due to the above
   changes.

Fixes part of #18792.
2021-07-05 18:49:43 -07:00
Anders Kaseorg ee8724e436 docs: Correct Big Blue Button to BigBlueButton.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-05 16:59:00 -07:00
Hashir Sarwar 87d90f47ee email_notifications: Show mentioned user group in email notifications.
Fixes #13080.
Cherry-picked from #15011 with edits.

Co-authored-by: Abhijeet Bodas <abhijeetbodas2001@gmail.com>
2021-07-05 14:23:59 -07:00
Hashir Sarwar 83399e2e72 push_notifications: Show mentioned user group in mobile notifications.
Part of #13080.
Cherry-picked from #15011 with edits.

Co-authored-by: Abhijeet Bodas <abhijeetbodas2001@gmail.com>
2021-07-05 14:23:59 -07:00
Abhijeet Prasad Bodas 167be7dbdc mentions: Send user group mention data to notification notices.
We will later use this data to include text like:
`<sender> mentioned @<user_group>` instead of the current
`<sender> mentioned you` when someone mentions a user group
the current user is a part of in email/push notification.

Part of #13080.
2021-07-05 14:23:59 -07:00
Abhijeet Prasad Bodas 07d6ab9753 notification_data: Add `get_user_group_mentions_data` function.
We will use this later to display which user group was mentioned
in push and email notifications.

`mentioned_user_group_ids` is kept as a List (not Set) to ensure proper
test coverage of the function, since it depends on the order of iteration,
and we cannot change the order of iteration for a set (which we'll need
to do for proper testing).

Part of #13080.
2021-07-05 14:23:59 -07:00
PIG208 6a04648fd7 exceptions: Add ResourceNotFoundError. 2021-07-05 11:02:12 -07:00
PIG208 a6e88a5a76 exceptions: Add AccessDeniedError. 2021-07-05 11:02:09 -07:00
Vishnu KS e0f5fadb79 billing: Downgrade small realms that are behind on payments.
An organization with at most 5 users that is behind on payments isn't
worth spending time on investigating the situation.

For larger organizations, we likely want somewhat different logic that
at least does not void invoices.
2021-07-02 13:19:12 -07:00
Priyansh Garg 5b2e21965c data_import: Add import attachments support for Mattermost.
Add support for importing message attachments from Mattermost.

Fixes: #18959
2021-07-02 11:19:45 -07:00
Tim Abbott 64aa8f80a0 events: Add heartbeat events to tests and documentation.
Heartbeat events are an important part of the API, even though they
are noops, so it's important to document them.
2021-07-01 17:14:32 -07:00
sahil839 0c80d23857 help: Update help pages according to profile page redesign.
This commit fixes the documentation of settings as we have
replaced "Your account" section into two new sections -
"Profile" and "Account & privacy".

This commit also fixes a comment in the test for settings
documentation in test_middleware.py.
2021-06-30 16:56:03 -07:00
PIG208 dcbb2a78ca python: Migrate most json_error => JsonableError.
JsonableError has two major benefits over json_error:
* It can be raised from anywhere in the codebase, rather than
  being a return value, which is much more convenient for refactoring,
  as one doesn't potentially need to change error handling style when
  extracting a bit of view code to a function.
* It is guaranteed to contain the `code` property, which is helpful
  for API consistency.

Various stragglers are not updated because JsonableError requires
subclassing in order to specify custom data or HTTP status codes.
2021-06-30 16:22:38 -07:00
Tim Abbott 0be35f530b push_notifications: Replace 'REDACTED' string.
The previous string was bold, potentially confusing, and doesn't
explain clearly what's happening. We replace this with a string that's
more or less copied from what we do in email notifications with the
similar setting enabled.
2021-06-30 15:15:22 -07:00
PIG208 0740c94517 webhooks: Support configuring destination stream by id. 2021-06-30 09:31:07 -07:00
sahil839 ce133dc762 models: Add can_edit_user_group helper.
This helper will be used to check whether
the user is allowed to edit user groups or
not. Currently it is not used, but will
be used in next commit where we will
refactor the user_group_edit_policy to use
COMMON_POLICY_TYPES.
2021-06-29 17:25:42 -07:00
sahil839 c8849f8fe3 logo: Compute realm-logo url in frontend only.
This commit fixes the bug of always showing
day-mode realm logo when color scheme display
setting is set to automatic but the OS setting
is dark theme. This is because we cannot check
the OS setting on backend and we need to set
the logo url accordingly in frontend only.
So, we remove the logo url computation from
backend completely and instead compute it in
the frontend only.

Fixes #18778.
2021-06-29 13:42:44 -07:00
Steve Howell 9e1d98a512 widgets: Add range checks on backend for indexes. 2021-06-29 13:40:33 -07:00
Steve Howell c25dbf7020 widgets: Validate todo data on the backend. 2021-06-29 13:40:33 -07:00
aryanshridhar 8140a1a6ee info_overlay: Render search operators using info_overlay.
This commits ports the `search_operators.html` file from
./templates to handlebars, essentially creating a new file
as `search_operators.hbs` within /static/templates which is
then rendered using info_overlays.js.

As part of this migration, we rewrote the way internationalization was
done, since the previous implementation incorrectly did not support
languages with a different word order than English.

We also not consistently use periods at the end of the descriptions.

Co-authored-by: Tim Abbott <tabbott@zulip.com>

Fixes #18504.
2021-06-28 09:14:09 -07:00
aryanshridhar 942f4372f0 info_overlay: Render keyboard shortcuts using info_overlay.
This commits ports the `keyboard_shortcuts.html` file from
using the Django template to handlebars, essentially creating
a new file as `keyboard_shortcuts.hbs` within /static/templates
which is then rendered using info_overlays.js.

Fixes part of #18792.
2021-06-27 18:29:52 -07:00
Abhijeet Prasad Bodas e196ea7e64 event_queue: Consistently user `user_notifications_data` as variable name.
This disambiguates this object from the those sent via the `send_event`
calls, which are also called "user_data".
2021-06-25 08:54:01 -07:00
Abhijeet Prasad Bodas 733e0ae75e notification_data: Rename `sender_id` -> `acting_user_id`.
This better shows the situation for message edits, where we use the same
class.
2021-06-25 08:54:00 -07:00
PIG208 75cea329b4 markdown: Refactor out additional properties added to Message.
This adds a new class called MessageRenderingResult to contain the
additional properties we added to the Message object (like alert_words)
as well as the rendered content to ensure typesafe reference. No
behavioral change is made except changes in typing.

This is a preparatory change for adding django-stubs to the backend.

Related: #18777
2021-06-24 18:14:53 -07:00
Vishnu KS 4e0dac9e6c actions: Update default streams state when user role is changed. 2021-06-24 17:02:05 -07:00
Tim Abbott d7df1f208a test_signup: Add temporary nocoverage marker.
This was introduced in 23530ac81e and
will be used soon, but isn't used yet.
2021-06-24 15:24:15 -07:00
Tim Abbott abf2571133 test_signup: Support passing no password in verify_signup. 2021-06-24 14:55:05 -07:00
Gilbert Bishop-White 23530ac81e test_signup: Refactor test_signup_existing_email to use verify_signup.
Add a new `verify_signup` helper function, which currently implements
enough functionality to be used by `test_signup_existing_email`.

This is the first step towards #7564.
2021-06-24 14:52:25 -07:00
Ganesh Pawar eca2e10c4a test_realm: Extract out test_change_stream_creation_policy.
This is a prep commit in preparation of splitting
create_stream_policy into create_private_stream_policy
and create_public_stream_policy.

This extracts it in a way to make it possible to easily test
different stream policies in the upcoming stream policy split.
2021-06-24 14:08:49 -07:00
Ganesh Pawar 113e27615d test_subs: Extract out test_user_settings_for_adding_streams.
This is a prep commit in preparation of splitting
create_stream_policy into create_private_stream_policy
and create_public_stream_policy.

This extracts it in a way to make it possible to easily test
different stream policies in the upcoming stream policy split.
2021-06-24 14:08:49 -07:00
Ganesh Pawar a1ab79992c test_subs: Extract out test_user_settings_for_creating_streams.
This is a prep commit in preparation of splitting
create_stream_policy into create_private_stream_policy
and create_public_stream_policy.

This extracts it in a way to make it possible to easily test
different stream policies in the upcoming stream policy split.
2021-06-24 14:08:49 -07:00
Ganesh Pawar e74ad23091 test_subs: Remove test_create_stream_policy_setting.
test_create_stream_policy_setting (in class StreamAdminTest) and
test_user_settings_for_creating_streams (in class SubscriptionAPITest)
test essentially the same thing.

So, remove one of them.

Removing test_create_stream_policy_setting makes sense,
since class StreamAdminTest tests things admins can do, whereas
non-admin users can create streams.
2021-06-24 14:08:49 -07:00
Ganesh Pawar aec493a8d3 test_subs: Remove test_invite_to_stream_by_invite_period_threshold.
test_invite_to_stream_by_invite_period_threshold (in class StreamAdminTest)
and test_user_settings_for_subscribing_other_users
(in class SubscriptionAPITest) test essentially the same thing.

So, remove one of them.

Removing test_invite_to_stream_by_invite_period_threshold makes sense,
since class StreamAdminTest tests things admins can do, whereas
non-admin users can invite other users.
2021-06-24 14:08:49 -07:00
Ganesh Pawar d45e7274f9 test_subs: Avoid direct usage of list_to_streams.
This was used to test can_create_stream property of a guest user.
There are better ways to test it, which are already implemented in
test_can_create_streams.
2021-06-24 14:08:48 -07:00
Suyash Vardhan Mathur fe07f67360 apidocs: Standardize parameters text for get-own-user.
We use the "does not accept any parameters" language in the common
template that we'll be migrating to shortly, so we remove this
variance (And adjust its test).
2021-06-24 10:37:56 -07:00
Abhijeet Prasad Bodas 1cf1d147aa event_queue: Move notification trigger logic to notification_data.
This removes some complexity from the event_queue module.
To avoid code duplication, we reduce the `is_notifiable` methods to
internally just call the `trigger` methods and check their return value.
2021-06-24 09:35:18 -07:00
Abhijeet Prasad Bodas 66192825c0 maybe_enqueue_notifications: Take in notification_data dataclass.
* Modify `maybe_enqueue_notifications` to take in an instance of the
dataclass introduced in 951b49c048.

* The `check_notify` tests tested the "when to notify" logic in a way
which involved `maybe_enqueue_notifications`. To simplify things, we've
earlier extracted this logic in 8182632d7e.
So, we just kill off the `check_notify` test, and keep only those parts
which verify the queueing and return value behavior of that funtion.

* We retain the the missedmessage_hook and message
message_edit_notifications since they are more integration-style.

* There's a slightly subtle change with the missedmessage_hook tests.
Before this commit, we short-circuited the hook if the sender was muted
(5a642cea11).
With this commit, we delegate the check to our dataclass methods.
So, `maybe_enqueue_notifications` will be called even if the sender was
muted, and the test needs to be updated.

* In our test helper `get_maybe_enqueue_notifications_parameters` which
generates default values for testing `maybe_enqueue_notifications` calls,
we keep `message_id`, `sender_id`, and `user_id` as required arguments,
so that the tests are super-clear and avoid accidental false positives.

* Because `do_update_embedded_data` also sends `update_message` events,
we deal with that case with some hacky code for now. See the comment
there.

This mostly completes the extraction of the "when to notify" logic into
our new `notification_data` module.
2021-06-24 09:35:17 -07:00
Abhijeet Prasad Bodas dedc39f139 notifications_data: Rename `id` -> `user_id`.
We also make this a mandatory named argument for our test helper
for clarity.
2021-06-24 17:34:50 +05:30
Abhijeet Prasad Bodas f6e705d477 maybe_enqueue_notifications: Require all keyword arguments.
This is a more readable way to call the function.
2021-06-24 17:34:50 +05:30
sahil839 37bf160298 queue_processor: Add langauge to the events added to invites queue.
This is a prep commit for adding realm-level default for various
user settings. We add the language, in which the invite email will
be sent, to the dict added to queue itself to avoid making queries
in a loop when sending multiple emails from queue.

We also handle the case for old events in the queue.
2021-06-22 16:55:32 -07:00
sahil839 6a191a7bf0 queue_processor: Remove email_body from the invite email events.
We removed the use of email_body field in 47fcb27e39, but was
still passed in events from do_resend_user_invite_email and
in tests. So this commit removes the email_body field from
these places.
2021-06-22 16:55:32 -07:00
Abhijeet Prasad Bodas c3fb413119 message edit: Don't send mentioned user_ids in event dict.
We already have this data in the `flags` for each user, so no need to
send this set/list in the event dictionary.

The `flags` in the event dict represent the after-message-update state,
so we can't avoid sending `prior_mention_user_ids`.
2021-06-22 10:27:55 -07:00
Tim Abbott e231a03eff message_edit: Fix non-alternating resolve topic notifications.
Previously, it was possible for an unusual series of topic-edit
actions to result in Notification Bot reporting that a topic was
marked as resolved that had already been marked as resolved, etc.
2021-06-21 12:45:19 -07:00
Tim Abbott b2dd15fd86 message_edit: Reject buggy noop topic edit requests.
A buggy client might send a message_edit request to change the topic
field, sending the current topic as the new value. Previously, we
would treat that as a normal request to edit the topic; now we act as
though the API request had not requested a topic change.  In the
common case that only the topic was in the edit request, this now
results in an error that should help client implementations identify
their bug.

This fixes a bad interaction with the "unresolve topic" logic, which
assumed that upstream logic had verified that the topic was actually
changing.
2021-06-21 12:16:00 -07:00
Abhijeet Prasad Bodas 5c483e3b58 get_active_presence_idle_user_ids: Check notifiability more thoroughly.
* Have the `get_active_presence_idle_user_ids` function look at all the
user data, not just `private_message` and `mentioned`.
* Fix a couple of incorrect `missedmessage_hook` tests, which did not
catch the earlier behaviour.
* Add some comments to the tests for this function for clarity.
* Add a helper to create `UserMessageNotificationsData` objects from the
user ID lists. This will later help us deduplicate code in the event_queue
logic.

This fixes a bug which earlier existed, that if a user turned on stream
notifications, and received a message in that stream which did not mention
them, they wouldn't be in the `presence_idle_users` list, and hence would
never get notifications for that message.

Note that, after this commit, users might still not get notifications in
the above scenarios in some cases, because the downstream logic in the
notification queue consumers sometimes erroneously skips sending
notifications for stream messages.
2021-06-21 10:52:59 -07:00
Abhijeet Prasad Bodas 8182632d7e notification_data: Add methods to determine notifiability.
We will later consistently use these functions to check for notifiable
messages in the message send and event_queue code.

We have these functions accept the `sender_id` so that we can avoid the
`private_message = message["type"] == "private" and user_id != sender_id`
wizardy.
2021-06-21 10:52:59 -07:00
Abhijeet Prasad Bodas 6167c36adc event_queue: Translation code for user data migration.
This is separate from the next commit for ease of testing.
To verify that the compatibility code works correctly, all message send
and event_queue tests from our test suite should pass on just this commit.
2021-06-21 10:52:59 -07:00
Dinesh a71ee405e4 test_example: Add a few more common testing methods.
Adds an example to illustrate the use of:
* self.settings()
* self.assertLogs()
* self.assert_in_success_response()
2021-06-20 07:16:35 -04:00
Tim Abbott 696236b6fc left sidebar: Implement basic resolve topic option.
Fixes part of #18751.
2021-06-18 09:24:48 -07:00
Gaurav Pandey 8fc3715ea8 settings: Remove language_list_dbl_col from page_params.
The language_list_dbl_col parameter in the page_params
is used by only the web client frontend. The value is
calculated in the backend and then passed as a page_param
which is unnecessary considering that the whole process
is beneficial for the front_end only. Hence move the entire
calculation code to the frontend.

Fixes part of #18673.
2021-06-17 17:02:27 -07:00
Gaurav Pandey 56d85fb833 settings: Remove default_language_name from page_params.
default_language_name was a part of page_params which is actually
redundant considering that we already have language_list and
default_language available to frontend which can be used to
get the default_language_name and hence prevents the backend
from sending an additional parameter.

Fixes part of #18673.
2021-06-17 16:56:21 -07:00
Carlos Bederian 1b51792459 email_mirror: Improve filter_footer delimiter detection 2021-06-17 09:11:28 -07:00
Rohitt Vashishtha 98f8d94b25 linkifiers: Add joint validation for linkifier urls and patterns.
We now validate the linkifier urls and patterns together, and add
the following additional checks:

1. All groups in the pattern must be used in the URL format string.
2. All groups in the URL format string must be declared in the pattern.

Linkifier pattern is now validated inside the `clean` method.
`filter_pattern_validator` is moved from `clean_fields` to `clean`
method as a safe check. As a result of this, a Puppeteer test case
is updated.

NOTE: The changes here are IN ADDITION to the existing validations.

Fixes #16482.

Co-authored-by: akshatdalton <akshat.dak@students.iiit.ac.in>
2021-06-16 17:51:33 -07:00
sahil839 38fac6c359 settings: Add moderators and members options in edit_topic_policy.
This commit adds moderators, full members and members options for
edit_topic_policy in both the backend and frontend.
2021-06-16 15:04:29 -07:00
sahil839 02db407398 tests: Pass acting user name to helper functions in topic edit tests.
This is a prep commit for adding members, full members and moderator
options to edit_topic_policy. As we will be adding tests for these
options, we will need to add a login statment repeatedly and this
helps us in avoiding that.
2021-06-16 14:59:47 -07:00
sahil839 611de0faa9 tests: Login as iago in set_message_editing_params.
This is a prep commit for adding moderators, full
members and member roles in edit_topic_policy.

As we add these new options, we will add tests with
user with all these roles and thus we would need to
login as iago repeatedly when changing parameters.
So, to avoid this we instead login as Iago in
set_message_editing_params itself.
2021-06-16 14:59:47 -07:00
sahil839 828759d2ba models: Replace allow_community_topic_editing with edit_topic_policy.
This commit replaces the allow_community_topic_editing boolean with
integer field edit_topic_policy and includes both frontend and
backend changes.

We also update settings_ui.disable_sub_settings_onchange to not
change the color of label as we did previously when the setting
was a checkbox. But now as the setting is dropdown we keep the
label as it is and we don't do anything with label when disabling
dropdowns. Also, this function was used only here so we can safely
change this.
2021-06-16 14:59:36 -07:00
Tim Abbott 9aca1dffcd test_auth_backends: Add types for subclass fields of SocialAuthBase.
These are used in the tests on this base class, so they need to be
defined for mypy to be happy.  Discovered when we enabled Django
stubs.
2021-06-16 08:28:10 -07:00
Riken Shah e91054ef19 context_processors: Add test for `get_apps_page_url`.
This is a follow-up commit to 61b30e61ad.
2021-06-16 07:49:03 -07:00
Aman Agrawal 64f04e9913 web_public_view: Replace `web_public_visitor` with `spectator`.
We use `spectator` term instead of `web_public_visitor` as it is
more concise and better represents this type of users.
2021-06-16 07:46:34 -07:00
Eeshan Garg 512229cf7d plans_page: Fix broken redirection to /accounts/login/.
When an unauthenticated user tries to access the /plans page, we
redirect to /accounts/login/?next=plans (note the missing slash
before "plans"). After the user is authenticated, they are then
redirected to /accounts/login/plans, which is an invalid URL. The
correct URL should be just /plans.

This commit solves this by prefixing the "plans" in the query
parameter with a forward slash, which results in the correct
redirect URL, i.e., /plans.
2021-06-15 16:49:01 -07:00
Abhijeet Prasad Bodas 5a642cea11 missedmessage_hook: Don't enqueue notificationss if sender is muted.
This is a follow up to 71742dce24 to handle
muted senders in the missedmessage_hook too.
2021-06-15 12:30:31 -07:00
Riken Shah b2ab448b71 gear_menu: Extract the gear menu as a handlebars template.
For this extraction, we need to move some context
parameter (from home_real in `views/home.py`) to extra
page_params parameter (of
build_page_params_for_home_page_load in
`lib/home.py`) so handlebars template can access them.

While moving I confirmed that these parameters are not
used elsewhere if some parameter is used elsewhere
(like `apps_page_url`) then I didn't remove it from the
context list, I just added it to the page_params list.

Fixes: #18795.
2021-06-15 12:17:45 -07:00
Ganesh Pawar 1d4b6c1320 about_zulip: Migrate to handlebars.
This results in moving the `zulip_merge_base` parameter to
page_params, so that it's available to JavaScript.

Since this is technically a tiny overlay, it needs to be initialized
before hashchange.js.
2021-06-15 11:55:20 -07:00
Steve Howell e739bee00a poll widget: Add server validation. 2021-06-14 17:46:16 -07:00
Steve Howell 24ed5a2bb4 submessages: Add verify_submessage_sender.
Before this change a rogue actor could try to
widgetize another person's message. (The
rogue actor would already have access to read
the message.)
2021-06-14 17:46:16 -07:00
Vishnu KS 5da3a69505 plans: Mention whether realm is on free trial. 2021-06-14 16:49:53 -07:00
akshatdalton c507931ac8 refactor: Export non-markdown logic in mention.py. 2021-06-14 13:26:30 -07:00
akshatdalton 1a76d06add test_push_notifications: Use responses module to mock HTTP responses. 2021-06-12 07:31:12 -07:00
Mateusz Mandera b1da5d9d76 ldap: Prevent creation of users with malformed email value. 2021-06-11 17:30:46 -07:00
Mateusz Mandera 18dab5619c ldap: Fix ldap access control tests.
These tests didn't configure ldap settings correctly and as a result,
the user involved in these tests wasn't actually hamlet@zulip.com, but a
new, malformed user with email "hamlet" that was being created by the
ldap auto-registration codepath. This wasn't caught because the codepath
didn't validate the email address and thus created such a malformed user
silently.
2021-06-11 17:30:46 -07:00
Abhijeet Prasad Bodas 10dd5f784b event_queue: Don't check for "read" flag when processing events.
* In `event_queue.py`, only the sender and recipient users who have muted
the sender will have the "read" flag set.

* We already skip enqueueing notifications for users who've muted the sender
after 58da384da3.

* The queue consume functions for email and push notifications already
check filter messages which have been read before sending notifications.

* So, the "read" logic in `event_queue.py` is unnecessary, and the
processing power saved from not enqueueing notifications for a single
user should be insignificant, so we remove these checks all toghether.
2021-06-11 08:07:37 -07:00
Abhijeet Prasad Bodas 3fd53d6f48 test_email_notifications: Add test for "read" flag return.
This logic was peviously untested. This is a prep change for us
to completely depend on the logic here for the "read" flag, and
not on the `event_queue` code.
2021-06-11 08:07:36 -07:00
Abhijeet Prasad Bodas 2b438fd7ce test_push_notifications: Fix incorrect "read" flag test.
It was unclear what the original test was testing, and more
importantly, the test passed even if one removed the `read` flag
check in the `handle_push_notifications` function, so we fix it
to be more comprehensive.
2021-06-11 08:05:27 -07:00
Abhijeet Prasad Bodas c6a31dcd9f event_queue: Extract local variables. 2021-06-11 08:05:27 -07:00
Vishnu KS 4e26746b98 tests: Move tests of /activity pages from zerver to analytics module.
This module deals with the testing of /activity, /realm_activity
and /user_activity. All these pages reside in analytics module.
Keeping these tests in zerver/tests is kind is not appropriate
since person who makes changes to /activity pages would not think
it is necessary to run tests in zerver. So better to keep them
in the analytics module.
2021-06-11 07:41:02 -07:00
Vishnu KS 46c902686d tests: Specify the update_fields in test_activity.
This is a prep commit. Else the lint will complain during the
refactoring of this function to a new location that update_fields
is not specified.
2021-06-11 07:41:02 -07:00
Vishnu KS 40ab415005 activity: Show effective rate of realms in /activity page. 2021-06-11 07:41:02 -07:00
Eeshan Garg 50a6887d94 plans_page: Compute sponsorship link for subdomain pages correctly.
Currently, in the FAQ on our /plans page, when the user clicks on
the sponsorship link in the answer for the first question, they
are always taken to /accounts/go, causing them to have to input
their organization URL even if they are on a subdomain page.

This commit makes it so that when the user is on a subdomain page,
they are taken to /upgrade#sponsorship directly. On the other
hand, when they are on a root domain (/) page, they have to go
through /accounts/go and specify their organization's name.
2021-06-10 09:10:38 -07:00
Vishnu KS 1938076f67 billing: Enforce license limit for plans on manual license management. 2021-06-09 17:42:38 -07:00
Anders Kaseorg 342834ee9c python: Simplify stdio flushing using print(…, flush=True).
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-06-09 14:05:31 -07:00
Anders Kaseorg d8adeb66ca docs: Deemphasize Hubot as an integration bridge.
The Hubot project looks to be abandoned; it hasn’t been updated in
years and its own installation instructions don’t work anymore.
Remove our special placement of Hubot alongside Zapier and IFTTT.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-06-09 14:04:01 -07:00
akshatdalton 3cc6ff57db test_link_embed: Use responses module to mock HTTP responses. 2021-06-09 12:17:26 -07:00
akshatdalton bef7120390 test_slack_importer: Use responses module to mock HTTP responses. 2021-06-09 12:17:26 -07:00
Alex Vandiver 721546dfc0 subdomains: Extend "static" to include resources hosted on S3.
This causes avatars and emoji which are hosted by Zulip in S3 (or
compatible) servers to no longer go through camo.  Routing these
requests through camo does not add any privacy benefit (as the request
logs there go to the Zulip admins regardless), and may break emoji
imported from Slack before 1bf385e35f,
which have `application/octet-stream` as their stored Content-Type.
2021-06-08 15:28:10 -07:00
Abhijeet Prasad Bodas 58da384da3 muting: Don't enqueue notifications for messages from muted senders.
Earlier, the notification-blocking for messages from muted senders
was a side-effect of we never sending notifications for messages
with the "read" flag.

This commit decouples these two things, as a prep for having new
settings which will allow users to **always** receive email
notifications, including when/if they read the message during the
time the notifications is in the queue.

We still mark muted-sender messages as "read" when they are sent,
because that's desirable anyways.
2021-06-08 14:58:14 -07:00
Abhijeet Prasad Bodas 006b92ed6d message send: Plumb sender muters through `get_recipient_info`.
This will make it possible to share this code with the message
update codepath.
2021-06-08 14:58:14 -07:00
Mateusz Mandera c54b48452d saml: Support syncing custom profile fields with SAML attributes.
Fixes #17277.

The main limitation of this implementation is that the sync happens if
the user authing already exists. This means that a new user going
through the sign up flow will not have their custom fields synced upon
finishing it. The fields will get synced on their consecutive log in via
SAML in the future. This can be addressed in the future by moving the
syncing code further down the codepaths to login_or_register_remote_user
and plumbing the data through to the user creation process.

We detail that limitation in the documentation.
2021-06-08 14:47:33 -07:00
Abhijeet Prasad Bodas 30c993451d test_message_edit_notifications: Cleanup irrelevant parameters.
This is in the same spirit as the previous commit.
2021-06-08 11:10:18 -07:00
Abhijeet Prasad Bodas 2bbdd42e1a test_event_queue: Fill-up default data in missedmessage_hook tests.
This allows us to skip sending parameters which are irrelevant
to what we are testing, and only send the specific changed data.
2021-06-08 11:10:18 -07:00
Abhijeet Prasad Bodas d9395e7b52 test_event_queue: Introduce helper to fill-up default values.
This allows us to only mention the values that are relevant
to the behavior being tested by the `check_notify` function
in the current assertion.
2021-06-08 11:10:18 -07:00
Abhijeet Prasad Bodas 8eec7b4718 test_event_queue: Extract common data setup in `check_will_notify`.
The `message_id` and `user_profile_id` values don't really matter for
our testing here, so we might as well set these dummy values in the
main function.
2021-06-08 11:10:18 -07:00
Tim Abbott 3eee7c067c test_example: Add discussion of other common pitfalls.
The new test_example file is great; here I document more pitfalls that
I've seen very often with tests contributed by folks new to the
project.
2021-06-07 16:02:12 -07:00
Steve Howell 47da28429b tests: Add test_example.py.
The idea here is to quickly learn basic testing
idioms with code that's executed (unlike docs
which are prone to bitrot).
2021-06-07 15:29:49 -07:00
Abhijeet Prasad Bodas b7fcb0275c cache: Use `id`s instead of `UserProfile`s for get_muting_users.
This will make it easier to call this function in the message
send codepath.
2021-06-07 13:41:37 -07:00
Gaurav Pandey 9b696cf212 api: Expose event_queue_longpoll_timeout_seconds in /register.
Rename poll_timeout to event_queue_longpoll_timeout_seconds
and change its value from 90000 ms to 90 sec. Expose its
value in register api response when realm data is fetched.
Bump API_FEATURE_LEVEL to 74.
2021-06-05 07:37:19 -07:00
Gaurav Pandey f82aba5a3d compatibility: Shift functions to new module.
Shift functions used for compatibility from
zerver.lib.home (is_outdated_server) and
zerver.view.compatibility (pop_numerals,
version_lt, find_mobile_os,
is_outdated_desktop_app, is_unsupported_browser)
to zerver.lib.compatibility module.
2021-06-05 07:33:25 -07:00
Abhijeet Prasad Bodas 90b6fa7881 reactions: Select Message FOR UPDATE when adding/removing.
This locks the message row while a reaction is being added/removed,
which will handle race conditions caused by deleting the message
at the same time.

We make sure that events work happens outside the transaction,
so that in case there's some problem with the queue processor, the
locks aren't held for too long.

As a nice side-effect, we also handle race conditions from double
adding reactions, because once the message is locked, a duplicate
request will wait till the earlier transaction commits, and hence
will not throw `IntegrityErrors`s (rather, will be handled in our
safety check in the /views code itself), which earlier had to be
handled explicitly.
2021-06-04 08:18:17 -07:00
Abhijeet Prasad Bodas efc2f49e3c submessage: Select Message FOR UPDATE when creating.
This locks the message while creating a submessage, which
will handle race conditions caused by deleting the message
simultaneously.

We make sure that events work happens outside the transaction,
so that in case there's a problem with the queue processor,
the locks aren't held for too long.
2021-06-04 08:18:17 -07:00
Abhijeet Prasad Bodas 5f4113cf60 message delete: Select Message FOR UPDATE when archiving.
Further commits will start locking the message rows while
adding related fields like reactions or submessages,
to handle races caused by deleting the message itself at the
same time.

The message locking implemented then will create a possibility
of deadlocks, where the related field transaction holds a lock
on the message row, and the message-delete transaction holds a
lock on the database row of the related field (which will also
need to be deleted when the message is deleted), and both
transactions wait for each other.

To prevent such a deadlock, we lock the message itself while
it is being deleted, so that the message-delete transaction
will have to wait till the other transaction (which is about
to delete the related field, and also holds a lock on the
message row) commits.

https://chat.zulip.org/#narrow/near/1185943 has more details.
2021-06-04 08:18:17 -07:00
Abhijeet Prasad Bodas 51f5bbcd57 test_events: Run on_commit send_event hooks immediately.
Further commits will hook some `send_event` calls to `on_commit`.
With those changes, these will never be executed in tests, because
transactions never get commited with `TestCase`, which the
`ZulipTestCase` is a subclass of.

We want to make sure that these events are actually sent for testing
purposes, hence this change.

There's no need to actually capture the callbacks, because the
events are already thoroughly tested.
2021-06-04 18:12:39 +05:30
Tim Abbott b920929182 lint: Fix line-wrapping for a recently merged test change. 2021-06-03 18:52:39 -07:00
sahil839 bf9c17e8a8 message: Fix moving messages between streams for non-admins.
This commit fixes a bug where moving messages between streams was
not allowed for non-admins when allow_community_topic_editing was
set to false and move_messages_between_streams_policy was set to
Realm.POLICY_MEMBERS_ONLY.

The bug is fixed by calling can_edit_content_or_topic only when
topic or content edit is there and not in the case where only
message is moved from one stream to another.
2021-06-03 17:53:59 -07:00
sahil839 e2835d3f4f message_edit: Modify the error message for topic edit deadline.
This commit modifies the error message shown when topic edit
deadline is passed to make it more clear that the limit is for
editing message's topic.
2021-06-03 17:13:32 -07:00
Suyash Vardhan Mathur 94a22f9323 apidocs: Modify tests to reflect new templates.
Soon, each endpoint won't necessarily have a .md
file, but would generate API doc directly from
OpenAPI data using a template.

So, the lists of endpoints to be tested should not
be taken from the .md files, but from the REST
endpoints available in the sidebar.

This commit also adds a missing test for an invalid
article being accessed in the URL of an API page.
2021-06-03 10:52:22 -07:00
Vishnu KS 5db53029a5 api: Include is_billing_admin as an attribute in user response.
This is sufficiently useful that it should be made available to clients.
2021-06-03 10:27:07 -07:00
Wesley Aptekar-Cassels d5ba94082a markdown: Increase max rendered message length to 1MB.
This should help with #17425, where messages with lots of LaTeX are
lost, due to the large expansion factor.

This isn't a total fix for this - large messages with lots of LaTeX
can still end up larger than 1MB, and rendering could timeout, but
this fix should help significantly.

1MB is still small enough that I don't expect we'll run into any DOS
problems - my testing didn't show any problems rendering messages that
contain ~1MB of LaTeX.
2021-06-03 10:10:35 -07:00
seiwailai b584790541 validator: Add generic check_or.
Fixes part of #17914. Added generic check_or function and tests.
2021-06-03 09:49:50 -07:00
akshatdalton 7df62ebbaf settings: Make `MAX_MESSAGE_LENGTH` a server-level setting.
This will offer users who are self-hosting to adjust
this value. Moreover, this will help to reduce the
overall time taken to test `test_markdown.py` (since
this can be now overridden with `override_settings`
Django decorator).

This is done as a prep commit for #18641.
2021-06-03 09:26:28 -07:00
akshatdalton 6143cb6e73 test_markdown: Use assertTrue/assertFalse instead of assertEqual. 2021-06-02 17:20:45 -07:00
Gilbert Bishop-White e4d9e58c7d emails: Make it obvious when registering creates new realm.
Checked the email looked OK in `/emails` for both creating realm and
registering within an existing one.

Not sure zerver/tests/test_i18n.py test has been suppressed correctly.

Fixes #17786.
2021-06-02 15:18:03 -07:00
Gaurav Pandey f67fc37f7d settings: Rename MAX_EMOJI_FILE_SIZE.
Rename MAX_EMOJI_FILE_SIZE to
MAX_EMOJI_FILE_SIZE_MIB reflecting
the size in mebibytes.
2021-06-02 13:55:15 -07:00
Gaurav Pandey 73059dd0c7 settings: Rename MAX_LOGO_FILE_SIZE.
Rename MAX_LOGO_FILE_SIZE to
MAX_LOGO_FILE_SIZE_MIB reflecting
the size in mebibytes.
2021-06-02 13:55:15 -07:00
Gaurav Pandey 2ddc62e9b3 settings: Rename MAX_ICON_FILE_SIZE.
Rename MAX_ICON_FILE_SIZE to
MAX_ICON_FILE_SIZE_MIB reflecting
size in mebibytes.
2021-06-02 13:55:15 -07:00
Gaurav Pandey 0f6bb210a6 settings: Rename MAX_AVATAR_FILE_SIZE.
Rename MAX_AVATAR_FILE_SIZE to
MAX_AVATAR_FILE_SIZE_MIB reflecting
size in mebibytes.
2021-06-02 13:55:15 -07:00
Abhijeet Prasad Bodas 2489a1bb4c test_event_queue: Don't use lists for call_args assertions.
This is a bit hacky, but will make these tests more readable,
in that the reader would not have to remember the order or parameter
names.

Python 3.8 introduced `mock.call_args.kwargs`, and once we upgrade,
we can use those to assert actual dictionaries instead of this hack.
2021-06-01 15:26:49 -07:00
Abhijeet Prasad Bodas 44534ca47e refactor: Move receives_email_notifications tests to designated file. 2021-06-01 15:26:49 -07:00
Abhijeet Prasad Bodas 3990b183ce models: Remove unused `receives_stream_notifications` function.
This was introduced in c3a8138f74, but
doesn't have any callers, apart from it's own tests.
2021-06-01 15:26:49 -07:00
Abhijeet Prasad Bodas 518deb7b9e models: Rename `receives_online_notifications` function.
Prep for later when we will have a similar setting for
online email notifications.
2021-06-01 15:26:49 -07:00
Mateusz Mandera 932c846454 custom_fields: Fix confusing comments for do_update_..._if_changed.
d66cbd2832 added these mentioning
"always_notify" for some reason, but always_notify clearly isn't a real
thing in this context so the comments need to be fixed to eliminate this
potential source of confusion.
2021-05-28 15:51:28 -07:00
Mateusz Mandera e17758f8ad auth: Implement a generic OpenID Connect backend.
Fixes #11939.
2021-05-28 09:43:06 -07:00
Abhijeet Prasad Bodas 7a4c212dff test_subs: Add comments about num_events.
This is a bit complex, because many events not directly related
to what we are testing are also sent during these operations, hence
these comments.
2021-05-28 09:42:14 -07:00
Abhijeet Prasad Bodas aa2fd1593e tornado_redirected_to_list: Fix event list leaks in tests.
Ideally this should have been part of
481a890ec5.
2021-05-28 09:42:14 -07:00
Abhijeet Prasad Bodas 3039a01b31 tornado_redirected_to_list: Make expected_num_events required argument.
Follow up to 481a890ec5.
This will make this more explicit and readable.
2021-05-28 09:42:14 -07:00
Abhijeet Prasad Bodas 15f78abd68 message edit: Handle topic edit tries for private messages.
Fixes #18604.
2021-05-27 23:09:33 -07:00
Abhijeet Prasad Bodas 4b30fc01e4 message edit: Extract data validity checks from check_update_message.
These checks are more related to the API than the editability
or permissions logic, so it makes sense to handle them first
before further processing the request.
Also split the main test class to separate out the tests for
this logic.

This also simplifies some tests by reducing the data setup
required to reach failure.

Tweaked by tabbott to avoid losing the topic_name.strip().
2021-05-27 23:07:59 -07:00
Abhijeet Prasad Bodas 10be798a3c message edit: Extract test helpers in their own class.
This is mostly a direct code move and a prep for splitting the
main MessageEdit test class into smaller chunks.
2021-05-27 22:52:55 -07:00
Alex Vandiver b9948994d7 send_email: Increase loglevel of stuck ScheduledEmail messages to error.
Since these stay in the queue indefinitely, they deserve to be raised
at a higher error than just warning.
2021-05-27 22:49:28 -07:00
Abhijeet Prasad Bodas c19b7b4db3 tests: Use tornado_redirected_to_list instead of mocking send_event. 2021-05-27 13:16:22 -07:00
Abhijeet Prasad Bodas 090f2d6664 test_helpers: Remove capture_event helper.
We now consistently use the `tornado_redirected_to_list`
helper, which asserts the number of events sent too.
2021-05-27 13:16:22 -07:00
Abhijeet Prasad Bodas d2bc93f6dd tests: Extract helper in test_user_status.
This deduplicates some common code for all these scenarios.
2021-05-27 13:16:22 -07:00
Abhijeet Prasad Bodas 481a890ec5 tests: Assert num_events in tornado_redirected_to_list. 2021-05-27 13:16:22 -07:00
Abhijeet Prasad Bodas f236a0d10d message send: Rename `always_push_notify` -> `online_push_enabled`.
This is a better name, since it clearly denotes a user
configured setting.
2021-05-26 15:19:32 -07:00
Abhijeet Prasad Bodas ddd123f133 message send: Rename `push_notify_user_ids` -> `online_push_user_ids`.
The old name `push_notify_user_ids` was misleading, because
it does not contain user ids which should be notified for
the current message, but rather user ids who have the online
push notifications setting enabled.

When the Tornado server is restarted during an upgrade, if
server has old events with the `push_notify_user_ids` fields,
the server will throw error after this rename. Hence, we need
to explicitly handle such cases while processing the event.
2021-05-26 15:13:08 -07:00
sahil839 8ec9987999 emails: Remove referrer name from 'From' header in invitation emails.
We should only show the referrer name in subject of invitation emails,
and show only 'Zulip' in the 'From' header. This helps in preventing
the email from being marked as suspicious by the detection systems
when they see an employee's name as sender of an email sent from an
unrelated domain.

The behavior is already the same for reminder invitation emails where
we do not show name and only 'Zulip' in the 'From' header.

Fixes #18256.
2021-05-26 11:41:13 -07:00
Gaurav Pandey 64bd461bad register api: Rename realm_upload_quota.
Rename `realm_upload_quota` to `realm_upload_quota_mib`
reflecting file size in mebibytes. Update frontend and bump
API_FEATURE_LEVEL.
2021-05-26 11:38:24 -07:00
Gaurav Pandey 1da818f848 register api: Rename max_logo_file_size.
Renaming `max_logo_file_size` to `max_logo_file_size_mib`
reflecting the file size in mebibyte and update the frontend.
2021-05-26 11:38:24 -07:00
Gaurav Pandey 531cf041f1 register api: Rename max_icon_file_size.
Renaming `max_icon_file_size` to `max_icon_file_size_mib`
reflecting the file size in mebibyte and update the frontend.
2021-05-26 11:38:24 -07:00
Mateusz Mandera 0e42a3f117 tests: Rename helper method to generate_access_token_url_payload.
generate_access_url_payload was not a good name - there's no such thing
as "access_url" in this context - access_token_url is what was meant.
2021-05-25 14:22:46 -07:00
Mateusz Mandera 2e2bcd9619 apple: Rewrite comment in tests in generate_access_url_payload.
The original comment is worded rather unclearly, we should explain these
details better.
2021-05-25 14:22:46 -07:00
Anders Kaseorg bac96cae80 markdown: Fix Dropbox image previews.
?dl=1 causes Dropbox to send Content-Type: application/binary, which
can’t be interpreted by Camo.  Use ?raw=1 instead.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-05-25 13:42:29 -07:00
Sumanth V Rao 98253f261e models: Fix bug in unique_together condition on RealmPlayground.
We don't need to worry about breaking already configured playgrounds
since this tweak makes the condition less strict.
2021-05-24 23:11:41 -07:00
Abhijeet Prasad Bodas 8bcdbc720e tests: Move tornado_redirected_list to ZulipTestCase.
This is will make it easier to systematically use Django's
`capturOnCommitCallbacks` in tests outside of the main
`test_events` file which involve assertions on events.
2021-05-24 17:45:13 -07:00
sahil839 8424a82dec setting: Add moderator option in email visibility setting in backend. 2021-05-23 14:20:20 -07:00
sahil839 43cdbdbf9d tests: Move a part of email_address_visibility tests to test_users.py.
We should only keep tests for changing email_address_visibility in
test_realm.py. The tests for checking the value of delivery_email
and email in the user dicts returned by 'GET users/{user_id}'
endpoint according to email_address_visibility should be in
test_users.py and not test_realm.py.

The tests of other realm settings are also arranged in the same way.

This commit makes the test more robust by checking for all
possible values of email_address_visibility and checking
emails and delivery emails values received by different
user roles.
2021-05-23 14:20:20 -07:00
Mateusz Mandera cd88a6e6fb tests: Rename APPLE_JWK to a generic name for re-use in other tests.
This can be re-used for the JWK in OIDC implementation in the follow-up
commits.
2021-05-23 13:30:17 -07:00
Mateusz Mandera d17a4f64d6 registration: Return status code 404 if invalid confirmation key passed.
We were returning 200 before - 404 is more appropriate.
2021-05-20 17:29:09 -07:00
Mateusz Mandera 40169353ad auth: Validate multiuse invite link confirmation key in social auth. 2021-05-20 17:29:09 -07:00
Aman Agrawal cba766f66f do_make_stream_web_public: Update all affected fields.
Convert this function that absolutely makes a stream web public.
We already have do_change_stream_invite_only to convert
streams to public and private streams.

We also update all the fields that should be set when a stream
is made web public.
2021-05-20 15:23:19 -07:00
Tim Abbott af2b1ef3a1 page_params: Remove duplicate debug_mode field.
This had the same value as development_environment, I believe in a way
likely to persist long term, and was less clear about its meaning.
2021-05-20 14:57:34 -07:00
Tim Abbott 2e67b879ed api: Add server_timestamp to register response.
Since this is currently only useful to interpret presence data, we
send this only if presence is requested.

I'm not sure that server_timestamp is the right name for this field,
but ultimately it should match the main presence API format.
2021-05-20 14:57:34 -07:00
Abhijeet Prasad Bodas ec8a931761 message send: Pass individual parameters instead of single Dict.
This will allow for stronger type checking and better readability.
2021-05-20 11:06:19 -07:00
Abhijeet Prasad Bodas 352634a851 tests: Consistently use assert_length helper.
This helper does some nice things like printing out
the data structure incase of failure.
2021-05-19 11:55:56 -07:00
Tim Abbott 80a30c83e5 home: Remove unused root_domain_uri parameter. 2021-05-18 17:36:55 -07:00
Tim Abbott e1c885aeb9 home: Remove unused has_mobile_devices parameter.
This parameter has never been used, and causes an unnecessary database
query.

We keep the num_push_devices_for_user function, since we may have uses
for it down the line.

Fixes part of #14166.
2021-05-18 17:36:55 -07:00
akshatdalton 18203d8af3 markdown: Silence user group mention inside blockquotes. 2021-05-18 17:31:25 -07:00
akshatdalton 0245b590e9 markdown: Add support for user group silent mention.
Prior to this, we only supported direct mention to
the user groups. This commit extends that support
to silent mention for the user groups.
A related test case is also added.

Fixes: #11711.
2021-05-18 17:31:25 -07:00
Anders Kaseorg e015f3ed7d docs: Correct “webapp” to “web app”.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-05-14 13:15:38 -07:00
Tim Abbott 6e9683fe6f test_compatibility: Mock desktop minimum versions.
This fixes the tests failing since
454eced466, in a way that won't require
us to change these tests for future version bumps.
2021-05-13 13:03:42 -07:00
Anders Kaseorg 668b5137b0 version: Display Zulip version in About Zulip dialog.
We record Git details about the merge-base with upstream branches in
the zulip-git-version file, if the upstream repository is available.

Note that the first Git upgrade after merging the parent commit will
not include the merge-base details, since the upstream repository will
not have been available.

Co-authored-by: Tim Abbott <tabbott@zulip.com>
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-05-13 11:36:12 -07:00
sahil839 213eda1f32 message: Check stream_post_policy when moving messages between streams.
Previously only admins were allowed to move messages between streams
and admins are allowed to post in any stream irresepctive of stream
post policy, so there was no need to check for stream post policy.

But as we now allow other members to also move messages, we need
to check whether the user who is moving the message is allowed
to post to the target stream (i.e. stream to which the messages
are being moved) and thus we allow moving messages only if the
user is allowed to post in target stream.
2021-05-13 08:42:24 -07:00
Mateusz Mandera f1cf9f740d tests: Add test for bulk_access_messages scenarios in message moving. 2021-05-13 08:42:24 -07:00
sahil839 b52ad3e536 message_edit: Allow moving message to stream based on setting value.
We allow the users to move message between streams according to the
value of 'move_messages_between_streams_policy'.
2021-05-13 08:40:57 -07:00
Mateusz Mandera de6bd22ee9 outgoing_webhook: Treat "" json in response as response_not_required.
b7b1ec0aeb made our checks of the response
format stronger, to enforce that the json translates to a valid dict.
However, old client code (zulip_botserver) was using "" as equivalent to
response_not_required - so we need to keep backward-compatibility to not
break things built on it.
2021-05-13 08:07:38 -07:00
Tim Abbott 41d499d44c message_edit: Require access to messages to move between streams.
Currently, moving messages between streams is an action limited to
organization administrators. A big part of the motivation for that
restriction was to prevent users from moving messages from a private
stream without shared history as a way to access messages they should
not have access to.

Organization administrators can already just make the stream have
shared history if they want to access its messages, but allowing
non-administrators to move messages between would have
introduced a security bug without this change.
2021-05-12 16:23:22 -07:00
Tim Abbott 0bfef96543 bulk_access_messages: Bulk fetch Subscription details.
This completes the effort to make it possible to use
bulk_access_message in contexts where there are more than a handful of
messages without creating performance issues.
2021-05-12 16:23:22 -07:00
Tim Abbott c6e1702335 bulk_access_messages: Support passing in a stream for all messages.
This lets us avoid fetching the Stream in a loop.
2021-05-12 16:23:22 -07:00
Tim Abbott 4a8dcf14ef bulk_access_messages: Use a bulk UserMessage query.
This removes one of the three queries that runs in a loop with this
bulk access function.
2021-05-12 16:23:22 -07:00
Tim Abbott ee780e1f08 message: Test queries used by bulk_access_messages. 2021-05-12 16:23:22 -07:00
Tim Abbott c84ea01869 message: Refactor has_message_access parameters. 2021-05-12 16:23:22 -07:00
Gaurav Pandey dada7bb4bb tests: Clean up tests for realm_domain and update_streams endpoint.
Cleaning up test_realm_domains.RealmDomainTest.test_list_realm_domains,
test_subs.StreamAdminTest.test_private_stream_live_updates,
test_subs.StreamAdminTest.test_realm_admin_can_update_unsub_private_stream
and test_subs.StreamAdminTest.test_non_admin_cannot_access_unsub_private_stream.
2021-05-12 12:38:16 -07:00
Vishnu KS bbcf396303 tests: Create assertNotInHomePage helper function. 2021-05-12 10:34:12 -07:00
Vishnu KS 75a3059b57 tests: Create assertInHomePage helper function. 2021-05-12 10:34:12 -07:00
Tim Abbott 06f1ea657e navbar: Adjust label for usage statistics. 2021-05-12 10:34:12 -07:00
Vishnu KS 051dab58ea navbar: Add gear menu advertisement for sponsoring zulip. 2021-05-12 10:21:48 -07:00
Steve Howell b4470ac8e1 performance: Add get_subscriptions_for_send_message.
This new function optimizes how we fetch subscriptions
for streams.  Basically, it excludes most long-term-idle
users from the query.

With 8k users, of which all but 400 are long term idle,
this speeds up get_recipient_info from about 150ms
to 50ms.

Overall this change appears to save a factor of 2-3 in the backend
processing time for sending or editing a message in large, public
streams in chat.zulip.org (at 18K users today).
2021-05-12 08:10:57 -07:00
Tim Abbott b15941610d message: Support avoiding database queries in has_message_access.
If the caller has already fetched the Stream or subscription details
for the user, those can be passed to has_message_access to avoid extra
database queries.
2021-05-11 20:46:49 -07:00
Alex Vandiver 237efdee6c send_email: Show more information about messages which failed to send. 2021-05-11 14:27:45 -10:00
Mateusz Mandera c95cac2dd7 outgoing_webhook: Send response payload to bot owner if it was invalid.
When the format of the response received from the outgoing webhook
server is invalid (unparsable json, or just wrong format that doesn't
translate into a dictionary etc.), a message with the error is sent to
the bot owner. We should include the actual payload to make reasonable
debugging possible.

In notify_bot_owner we have to move the `if response_content` block to
append the payload to the message whenever it was specified as an
argument to the function. It shouldn't be nested inside
`elif status_code` as before.
2021-05-11 14:27:00 -07:00
Alex Vandiver 0f1611286d management: Rename the deliver_email command to deliver_scheduled_email.
This makes it parallel with deliver_scheduled_messages, and clarifies
that it is not used for simply sending outgoing emails (e.g. the
`email_senders` queue).

This also renames the supervisor job to match.
2021-05-11 13:07:29 -07:00
Steve Howell 1e63282cc2 tests: Test email/push more thoroughly for idle users. 2021-05-11 14:33:12 +00:00
Steve Howell 3161b5d892 tests: Simplify test_user_message_filter. 2021-05-11 13:53:55 +00:00
Ganesh Pawar 529f72fa3f markdown: Add support for sms and tel links.
Fixes #18390
2021-05-10 15:15:34 -07:00
Dinesh 7413966255 tests: Remove duplicate verify_backend() calls. 2021-05-10 13:56:06 -07:00
akshatdalton 55f4996f16 markdown: Fix silent wildcard mentions bug.
A message containing wildcard mention when quoted (which
is turned into a silent mention) or message with silent
wildcard mention notifies the users by sending desktop,
sound, and missed message email notifications. This
is clearly a bug which is fixed by this commit.

Fixes: #18354.
2021-05-10 12:19:40 -07:00
Tim Abbott 70244896e5 test_subs: Remove now invalid JSON encoding of parameters.
All of these were missed in the previous commit.
2021-05-10 10:42:11 -07:00
Gaurav Pandey 96e035a2f0 api: Fix encoding of strings in streams endpoint.
* Remove unnecessary json_validator for string parameters.
* Update frontend to pass right parameter.

Bump api feature level and highlight the fix for `emojiset`
parameter of `settings/display` endpoint in zulip.yaml file.

Fixes part of #18035.
2021-05-10 10:29:22 -07:00
Gaurav Pandey 9abe1cafbe api: Fix encoding of strings in display settings endpoint.
* Remove unnecessary json validator for string validator.
* Update frontend to pass right validator.
* Update zulip.yaml to pass right parameter for curl request
  in openapi.
* Update python_examples to pass right paramater.

Fixes part of #18035.
2021-05-10 10:03:32 -07:00
Anders Kaseorg 544bbd5398 docs: Fix capitalization mistakes.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-05-10 09:57:26 -07:00
Tim Abbott 8b75b6f14f message_edit: Use target_message as local variable name.
This name helps emphasize the fact that there's a single targeted
message, even though multiple messages may be affected by the edit.
2021-05-09 21:10:32 -07:00
PIG208 7150fe5dc5 backend: Extract check_update_message from update_message_backend. 2021-05-09 20:44:04 -07:00
Anders Kaseorg d0c6f4f400 python: Strip leading and trailing spaces from docstrings.
This is enforced by Black ≥ 21.4b0.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-05-07 22:42:39 -07:00
Gaurav Pandey 00647b6fa7 api: Fix encoding of strings in video calls endpoint.
This removes unnecessary json_validator for string parameters in the
BigBlueButton video calls endpoints.  Note that this breaks links to
video meetings sent before the upgrade; there's not much we can do
about that.

Since this is the last commit in this series, we update the
ZULIP_FEATURE_LEVEL for this batch of changes.

Fixes part of #18035.
2021-05-07 14:11:48 -07:00
Gaurav Pandey 36ad9b7d0e api: Fix encoding of strings in user settings endpoints.
* Remove unnecessary json_validator for string parameters.
* Remove unnecessary JSON encoding in frontend calls.  Structurally,
  JavaScript does correct encoding without explicit JSON encoding.

Fixes part of #18035.
2021-05-07 14:10:45 -07:00
Gaurav Pandey 232c7107eb api: Fix encoding of strings in tutorial endpoint.
* Remove unnecessary json validator for string parameter.
* Update frontend to pass right parameter.

Fixes part of #18035.
2021-05-07 14:06:54 -07:00
Gaurav Pandey d4219da254 api: Fix encoding of strings in realm domain endpoint.
* Remove unnecessary json_validator for string parameters.
* Update frontend to pass right parameters.

Fixes part of #18035.
2021-05-07 14:06:54 -07:00
Gaurav Pandey b2111f5753 api: Fix encoding of strings in default stream groups.
Remove unnecessary json_validator for string parameters.  This change
does not modify JavaScript because we don't have a frontend for these
API endpoints yet.

Fixes part of #18035.
2021-05-07 14:06:37 -07:00
Gaurav Pandey d6cf1ef27b api: Fix encoding of strings in hotspot endpoint.
* Remove unnecessary json_validator for string parameter.
* Update frontend to pass right parameters.

Fixes part of #18035.
2021-05-07 11:45:25 -07:00
Vishnu KS 772500d1c6 validators: Make to_positive_or_allowed_int an optional argument. 2021-05-07 09:37:41 -07:00
Mateusz Mandera 98ec84eae2 tests: Change password hashers used in tests that set them.
The previous hashers mirrored the ones used in production, but that was
non-ideal because those are slow. Replacing them with quick hashers is a
performance improvement for those tests.
2021-05-07 09:10:45 -07:00
Mateusz Mandera 4006bb5153 auth: Improve display of errors when user needs to reset password.
Raising jsonableError in the authentication form was non-ideal because
it took the user to an ugly page with the returned json.

We also add logging of this rare occurence of the scenario being
handled here.
2021-05-07 09:10:45 -07:00
Dinesh 00e0b63c6c auth: Handle user_profile.check_password raising PasswordTooWeakError.
user_profile.check_password(password) in authenticate of
EmailAuthBackend can raise PasswordTooWeakError; this happens when the
user's password is weaker than the current required policies and needs
to be rehashed (E.g. because, as in Django 3.2, the minimum salt
entropy increased).

This is a very rare case, but still needs a good user-facing error
message. We raise a json error to handle this with a user-facing error
message.

See this comment by Mateusz Mandera for a detailed explanation
about this case along with a traceback it generates.
https://github.com/zulip/zulip/pull/15449#discussion_r448308614
2021-05-07 09:10:45 -07:00
Alex Vandiver 8df82f50e4 outgoing_http: Provide a convenient way to set default headers. 2021-05-07 08:39:36 -07:00
Alex Vandiver 6339e7fd47 outgoing_http: Put the X-Smokescreen-Role in the proxy headers. 2021-05-07 08:39:36 -07:00
Alex Vandiver b88d7a741e outgoing_http: Factor out outgoing HTTP session with timeout. 2021-05-07 08:39:36 -07:00
Alex Vandiver 2dc6df33ae tests: Switch outgoing_webhook_system to use responses. 2021-05-07 08:39:36 -07:00
Alex Vandiver af26849554 outgoing_webhook: Set a default timeout of 10s.
Support for the timeouts, and tests for them, was added in
53a8b2ac87 -- though no code could have set them after 31597cf33e.

Add a 10-second default timeout.  Observationally, p99 is just about
5s, with everything else being previously being destined to meet the
30s worker timeout; 10s provides a sizable buffer between them.

Fixes #17742.
2021-05-07 08:39:36 -07:00
Anders Kaseorg 405bc8dabf requirements: Remove Thumbor.
Thumbor and tc-aws have been dragging their feet on Python 3 support
for years, and even the alphas and unofficial forks we’ve been running
don’t seem to be maintained anymore.  Depending on these projects is
no longer viable for us.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-05-06 20:07:32 -07:00
pletinckxc cc4cc9d14f test_send_email: Shorten tests about build_email.
Commit b7fa41601d introduced some tests
to verify the implemented changes. These tests were longer than necessary.
See https://github.com/zulip/zulip/pull/17799 for the whole discussion.
2021-05-05 20:16:11 -07:00
Cyril Pletinckx e4ff372fc3 emails: Transform SMTPException into EmailNotDeliveredException.
Django's default SMTP implementation can raise various exceptions
when trying to send an email. In order to allow Zulip calling code
to catch fewer exceptions to handle any cause of "email not
sent", we translate most of them into EmailNotDeliveredException.
The non-translated exceptions concern the connection with the
SMTP server. They were not merged with the rest to keep some
details about the nature of these.

Tests are implemented in the test_send_email.py module.
2021-05-05 20:16:11 -07:00
Mateusz Mandera cc96f02947 presence: Disable live presence updates in larger realms.
As discussed in the comment, this is a critical scalability
optimization for organizations with thousands of users.

With substantial comment updates by tabbott.
2021-05-05 08:50:42 -07:00
shanukun 5cee9dee12 test_email_change: User create_confirmation_link for url.
This is a prep refactor, instead of creating Confirmation
object and using `confirmation_url` for generating confirmation
link/url, using `create_confirmation_link` would be a cleaner
approach, also this can help us avoid failing test in case
Confirmation model is changed.

Part of #16359.
2021-05-04 10:48:51 -07:00
sahil839 6e672ebbee settings: Add moderators option for wildcard_mention_policy. 2021-05-03 12:12:01 -07:00
sahil839 141232749b test_message_send: Modify test_wildcard_mention_restrictions.
This commit modifies the test_wildcard_mention_restrictions test
for checking that moderators are not allowed to send messages
with wildcard mention if wildcard_mention_policy is set to
WILDCARD_MENTION_POLICY_ADMINS. Previously, we were checking
for members, but it is better to check for moderators.
2021-05-03 12:12:01 -07:00
Tim Abbott 1489c24860 test_decorators: Don't try to mutate is_staff.
Apparently, after upgrading to Django 3.2, mutating is_staff and then
saving can result in a user's session being destroyed.

In any case, this test is probably better written using two different
users with the different roles, which we have in our initial database
anyway.
2021-05-03 09:26:00 -07:00
Tim Abbott 935a7b18cb test_signup: For test overly sensitive to whitespace.
This test started failing after a rebase from a branch 2 weeks ago
where it passed.
2021-05-02 11:35:32 -07:00
Tim Abbott 97b08b77df registration: Improve error handling for source_realm_id.
This restores the previous behavior that we store None rather than
throwing an exception in the presence of invalid input.
2021-05-02 11:12:49 -07:00
Siddharth Asthana 55da3329ef registration: Rename source_realm field to source_realm_id.
Now that we are passing source realm's id instead of string_id in
source realm selector, it makes sense to rename the "source_realm" field
to "source_realm_id".
2021-05-02 11:12:49 -07:00