Commit Graph

26618 Commits

Author SHA1 Message Date
Robert Hönig 04d68d2570 code: Rename flaskbotrc to botserverrc. 2018-05-29 10:19:17 +02:00
Tim Abbott 91ec0aba09 auth: Improve interactions between LDAPAuthBackend and EmailAuthBackend.
Previously, if you had LDAPAuthBackend enabled, we basically blocked
any other auth backends from working at all, by requiring the user's
login flow include verifying the user's LDAP password.

We still want to enforce that in the case that the account email
matches LDAP_APPEND_DOMAIN, but there's a reasonable corner case:
Having effectively guest users from outside the LDAP domain.

We don't want to allow creating a Zulip-level password for a user
inside the LDAP domain, so we still verify the LDAP password in that
flow, but if the email is allowed to register (due to invite or
whatever) but is outside the LDAP domain for the organization, we
allow it to create an account and set a password.

For the moment, this solution only covers EmailAuthBackend.  It's
likely that just extending the list of other backends we check for in
the new conditional on `email_auth_backend` would be correct, but we
haven't done any testing for those cases, and with auth code paths,
it's better to disallow than allow untested code paths.

Fixes #9422.
2018-05-28 22:47:47 -07:00
Tim Abbott 3842404cc0 ldap: Don't allow password reset for users in LDAP domain.
This is the analog of the last commit, for the password reset flow.
For these users, they should be managing/changing their password in
the LDAP server.

The error message for users doing the wrong thing here is nonexistent
isn't great, but it should be a rare situation.
2018-05-28 22:47:47 -07:00
Tim Abbott 8119670da1 user_settings: Prevent LDAP users from setting a Zulip password.
Previously, if both EmailAuthBackend and LDAPAuthBackend were enabled,
LDAP users could set a password using EmailAuthBackend and continue to
use that password, even if their LDAP account was later deactivated.

That configuration wasn't supported at all before, so this doesn't fix
a pre-existing security issue, but now that we're making that a valid
configuration, we need to cover this case.
2018-05-28 22:47:47 -07:00
Sampriti Panda 250015a5d5 pgroonga: Fix issues with HTML escaping in queries. 2018-05-28 16:53:30 -07:00
Steve Howell 0bc272fc86 hotkeys: Fix very recent regression with down key.
In 1f72647a5a I accidentally
flipped a condition that made the down key "recenter" on
the "normal" case, not in the "is-at-end" case.

This commit undoes that regression, which probably only
affected czo for a weekend, and makes the logic a bit
more clear.
2018-05-28 16:49:57 -07:00
Steve Howell 26e1fca7ed Add message_list.is_at_end() helper. 2018-05-28 16:49:57 -07:00
Tim Abbott bf9012a559 message: Do future-proofing for public streams with private history.
This should have no effect for now, but it'll make things a bit
simpler in case we make future changes to support public streams
without history public to subscribers (and other organization
members).
2018-05-28 12:25:57 -07:00
Shubham Dhama b410aeb897 message: Limit message access for guest users.
Tweaked by tabbott to interact correctly with the
history_public_to_subscribers feature.
2018-05-28 12:20:32 -07:00
Rhea Parekh 66e3fc4042 import: Clean up the management command.
Significantly tweaked by tabbott because:
* Argparse was already handling the early checks
* Splitting the bottom loop into two loops means we validate all the
input before trying to run actual import code on anything.
* The argparse documentation was confusing about whether the paths
  should be files or directories.
2018-05-28 11:54:04 -07:00
Shubham Padia 88b4a9f2d7 pm_list: Do not expand pm_list for invalid emails in `pm-with`. 2018-05-28 11:29:54 -07:00
Shubham Padia d9b0ab2ae7 narrow: Show non-existing user message for invalid emails.
Also adds people.is_valid_bulk_emails_for_compose and refactors
narrow_state.set_compose_defaults to use it.
2018-05-28 10:45:42 -07:00
Shubham Padia 2ce7ef73e8 compose: Add tests for compose_actions.on_narrow. 2018-05-28 10:45:42 -07:00
Shubham Padia 6ea6f5e0af search: Do not open compose box if invalid recipient present in `pm-with`.
If atleast one of the private_message_recipients is invalid, compose
box will not be opened.
Thanks to Aastha Gupta <aastha.gupta4104@gmail.com> for some preliminary
work on this.
2018-05-28 10:45:42 -07:00
Robert Hönig 497cd4a1f9 outgoing webhooks: Change default URL in all tests.
This reflects the changes to the default URL publicly
displayed to the user. It also changes the default
URL of the default test server outgoing webhook, which
prevented the test server flaskbotrc from working out
of the box.
2018-05-28 10:40:44 -07:00
Yago González c25855f703 api docs: Fix broken link. 2018-05-28 10:39:25 -07:00
Vishnu Ks 97e143e987 requirements: Upgrade Django to 1.11.13. 2018-05-28 09:06:10 -07:00
Tim Abbott 2f571f9a45 webpack: Move font and pygments CSS to common.css.
First, it's silly that these weren't in common.css in the first place,
since that meant these were a bunch of duplicated code, but
additionally, that meant that these weren't available on the
`/activity` page (or other pages that don't include the portico styles).

Fixes #9561.
2018-05-27 23:19:40 -07:00
Yashashvi Dave 40029a0753 user profile: Improve format of date type of custom fields in popover.
In user profile popover, date type of custom fields values are
not showing in correct format as "date_joined" value.
Fix this using moment.js to render date type of fields
in correct format.
2018-05-27 23:01:22 -07:00
Yashashvi Dave a68ff22aed custom fields: Improve date picker popover for date type fields. 2018-05-27 23:01:22 -07:00
Yashashvi Dave b5cf73ae0c custom fields: Add UI for user type of custom fields. 2018-05-27 23:01:22 -07:00
Yashashvi Dave e82c879b85 custom fields: Add user type of custom fields.
Fixes #8878
2018-05-27 23:01:21 -07:00
Yashashvi Dave 1e948ab405 zerver/lib/users.py: Add function to check given user id is valid.
This function check if given user id exists in realm.
It also check, if user is active and not a bot.
2018-05-27 22:57:55 -07:00
Yashashvi Dave ba72780678 js/settings_account.js: Add generic func to update custom profile fields. 2018-05-27 22:57:05 -07:00
Steve Howell 1f72647a5a navigate: Use msg_list.prev/next for up/down methods.
We've had rare and hard-to-track-down glitches with our
old implementation for going up and down in the message
list, which was using jQuery selectors.

We now just use MessageListData under the hood to find
our next id.
2018-05-27 22:41:19 -07:00
Steve Howell a074056127 Add prev/next helpers for MessageList. 2018-05-27 22:41:19 -07:00
Vishnu Ks c90aac56ba registration: Copy user full_name when importing settings. 2018-05-27 22:39:21 -07:00
Vishnu Ks 8a294bd880 registration: Keep settings export select after email.
Also rename the label.
2018-05-27 22:39:21 -07:00
Vishnu Ks 2ada226008 registration: Use select instead of radio in import settings. 2018-05-27 22:37:11 -07:00
Vishnu Ks 13fe5582d5 registration: Move organization section to top. 2018-05-27 22:37:11 -07:00
Sampriti Panda 018a33ff7c send_test_email: Send email from NOREPLY address as well.
Tweaked by tabbott to also set different subject lines, to make it
easier to see that one got 2 emails.
2018-05-27 22:18:44 -07:00
Rishi Gupta 08d7e113db activity: Add link to installation stats. 2018-05-27 22:07:07 -07:00
Rhea Parekh 468afe4840 export: Support export of Custom emojis.
Export of RealmEmoji should also include the image
file of those emojis.

Here, we export emojis both for local and S3 backend
in a method with is similar to attachments and avatars.

Added tests for the same.
2018-05-27 21:54:20 -07:00
Rhea Parekh 7198cc3899 import: Fix RealmEmoji import bug.
RealmEmoji should be imported after UserProfile,
as the new user_profile ids are not allocated
if we import it before.
2018-05-27 21:54:20 -07:00
Rhea Parekh 1b7b9a7164 import: Fix reaction import bug.
In 'zerver_reaction', the emoji_code should be updated
with the RealmEmoji allocated id when the 'reaction_type'
is 'realm_emoji'. Hence we add an extra field 'reaction_field'
in 're_map_foreign_keys', to process the above mentioned
condition.
2018-05-27 21:54:20 -07:00
Rhea Parekh 7a8b853708 Export: Support export of reactions.
We get the reactions from the messages exported.
2018-05-27 21:54:20 -07:00
Rhea Parekh c79d7f1070 Import: Move zerver_reaction from 'messages-000001.json' to 'realm.json'.
Also change the existing slack conversion script structure, to
include 'zerver_realm' in 'realm.json'.
2018-05-27 21:54:20 -07:00
Yago González f84c9b919b api docs: Read parameters and response fixtures from OpenAPI files. 2018-05-26 22:49:55 +02:00
Yago González 30682241c7 api docs: Move OpenAPI files to zerver/openapi. 2018-05-26 21:48:17 +02:00
Rishi Gupta d28a4d1f86 stats: Remove hour from on-hover date for Number of users. 2018-05-26 12:08:05 -07:00
Rishi Gupta 2b97a9488f stats: Fix on-hover behavior of number of users.
Fixes regression introduced in fa9d79e.
2018-05-26 12:08:05 -07:00
Tim Abbott 445932cc86 bugdown: Increase limit for number of digits in tweet IDs.
Apprently, they just reached 19 digits.  We set the limit to 30 to
give plenty of headroom for the future.
2018-05-26 10:12:15 -07:00
Lyla Fischer b446bf3cae user docs: Add doc for stream privacy settings. 2018-05-26 10:04:46 -07:00
Tim Abbott c3a81157de help: Fix ordering of code sections work and scrollbar update.
Conceptually, the scrollbar update should be after we've rendered the
code blocks.
2018-05-26 10:04:46 -07:00
Tim Abbott b7f9139ffc help: Render all HTML tables with the bootstrap striped theme. 2018-05-26 10:04:46 -07:00
Tim Abbott 7d57e2554f emails: Fix awkward "Zulip Team" invitations signature block.
These should have had the "The" at the start.
2018-05-26 07:38:14 -07:00
Tim Abbott 29ed55b253 followup_day1: Emphasize the Organization URL more strongly. 2018-05-26 07:35:26 -07:00
Yago González 2daf6c92f0 i18n: Tag followup_day1 templates for translation. 2018-05-26 07:32:33 -07:00
Yago González b4084d30d2 emails: Move user role logic for followup_day1 to notifications.py. 2018-05-26 07:29:58 -07:00
Yago González 5b0b9feb7d i18n: Atomize translation tags.
Makes the i18n strings in this file much easier to translate by splitting
them into smaller chunks (which avoids having a lot of code in the tagged
strings), and adds a string that was missing as well.
2018-05-26 07:06:43 -07:00