Commit Graph

18011 Commits

Author SHA1 Message Date
Anders Kaseorg 7b1bb984b3 ruff: Fix RUF022 `__all__` is not sorted.
This is a preview rule, not yet enabled by default.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-03-01 09:30:04 -08:00
Anders Kaseorg dbb20d636d ruff: Fix E721 Use `is` and `is not` for type comparisons.
This is a preview rule, not yet enabled by default.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-03-01 09:30:04 -08:00
Anders Kaseorg 0e71f52e86 ruff: Fix E203 Whitespace before ','
This is a preview rule, not yet enabled by default.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-03-01 09:30:04 -08:00
Anders Kaseorg 869d9d9a79 ruff: Fix RUF025 Unnecessary dict comprehension for iterable.
This is a preview rule, not yet enabled by default.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-03-01 09:30:04 -08:00
Anders Kaseorg 3b114c516c ruff: Fix PLR2044 Line with empty comment.
This is a preview rule, not yet enabled by default.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-03-01 09:30:04 -08:00
Anders Kaseorg 87992b8b29 ruff: Fix PERF403 Use a dictionary comprehension instead of a for-loop.
This is a preview rule, not yet enabled by default.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-03-01 09:30:04 -08:00
Anders Kaseorg 82a9fd927b ruff: Fix E226 Missing whitespace around arithmetic operator.
This is a preview rule, not yet enabled by default.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-03-01 09:30:04 -08:00
Anders Kaseorg d748ec8d52 ruff: Fix PLW0108 Lambda may be unnecessary.
This is a preview rule, not yet enabled by default.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-03-01 09:30:04 -08:00
Anders Kaseorg 553f268b04 ruff: Fix RUF027 Possible f-string without an `f` prefix.
This is a preview rule, not yet enabled by default.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-03-01 09:30:04 -08:00
Anders Kaseorg 865febb307 ruff: Fix RUF021 Parenthesize when chaining `and` and `or` together.
This is a preview rule, not yet enabled by default.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-03-01 09:30:04 -08:00
Anders Kaseorg 2655fe7182 ruff: Fix TCH005 Found empty type-checking block.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-03-01 09:27:48 -08:00
Anders Kaseorg 570f3dd447 python: Reformat with Ruff formatter.
https://docs.astral.sh/ruff/formatter/

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-02-29 17:07:16 -08:00
Prakhar Pratyush d66b7ad853 zilencer: Notify when paid plan attached to now-deleted remote realm.
When a server doesn't submit a remote realm info which was
previously submitted, we mark it as locally deleted.

If such a realm has paid plan attached to it, we should investigate.

This commit adds logic to send an email to sales@zulip.com for
investigation.
2024-02-29 12:50:23 -08:00
Sahil Batra 0669e4f631 realm: Allow everyone to delete their own messages by default.
This commit updates default for delete_own_message_policy
setting to "Everyone" as it is helpful to allow everyone
to delete their own messages in a new organization where
users might be using Zulip for the first time.
2024-02-28 13:13:46 -08:00
Sahil Batra 4fbc137c2b realm: Allow members to move msgs between streams by default.
This commit updates default for move_messages_between_streams_policy
setting to "Members and above" as it is helpful to allow members
to move messages between streams in new organizations where users
might be using Zulip for first time.
2024-02-28 13:13:46 -08:00
Alex Vandiver a808c730bc deferred_work: Use an id high-water-mark instead of offsets.
This solves the problem listed in the now-removed comment.
2024-02-27 17:02:34 -08:00
Alya Abbott ad8bdfbe20 portico: Consistently describe Zulip as organized team chat. 2024-02-27 17:01:05 -08:00
Alex Vandiver 58f0669997 deferred_work: Re-queue remaining "mark all as read" work after 30s. 2024-02-27 10:21:04 -08:00
Alex Vandiver 75e9903be5 deferred_work: Move all queries into the transaction.
The presence of `len(messages)` outside the transaction caused the
full resultset to be fetched outside of the transaction.  This should
ideally be inside the transaction, and also only need be the count.

However, also note that the process of counting matching rows, and
then executing a second query which embeds the same query, is
susceptible to phantom reads, where a query with the same conditions
returns different resultsets, under PostgreSQL's default transaction
isolation of "read committed."  While this is possible to resolve by
pulling the returned IDs into a Python list, it would not address the
issue that concurrent updates which change the resultset would make
the overall algorithm still incorrect.

Add a comment clarifying the conditions under which the algorithm is
correct.  A more correct algorithm would walk the UserMessage rows
which are unread and in the stream, but this requires a
whole-UserMessage index which would be quite large for such an
infrequent use case.
2024-02-27 10:21:04 -08:00
Alex Vandiver 4712031528 email_validation: Merge two implementations of a disposable-email check.
Only one of them properly checked for improperly-formed email
addresses, thanks to #22723.
2024-02-27 10:19:23 -08:00
Alex Vandiver 4b512b3409 email_validation: Rename to validate_is_not_disposable.
This clarifies what we are asserting -- namely, that the email is
_not_ disposable.
2024-02-27 10:19:23 -08:00
Alex Vandiver c1aadbe52e events: Do nothing in apply_event for restart events.
These signal that the Tornado process restarted, which in itself is
not notable for apply_events.
2024-02-27 10:18:11 -08:00
Alex Vandiver be59ef9c02 runtornado: Swap deferred reload events to the default.
This makes no immediate reloads the default for runtornado, matching
the production configuration, and changes the development incantation
to be the one to specify the departure from the norm, with
--immediate-reloads.
2024-02-26 22:29:19 -08:00
Lauryn Menard cf82d3316b push-bouncer: Exclude LoggingCountStats with partial data.
LoggingCountStats with a daily duration and that are directly stored
on the RealmCount table (not via aggregation in process_count_stat),
can be in a state, after the hourly cron job to update analytics
counts, where the logged value will be live-updated later, because
the end time for the stat is still in the future.

As these logging counts are designed to be used on the self-hosted
installation for either debugging or rate limiting, sending these
partial/incomplete counts to the bouncer has low value.
2024-02-26 17:53:12 -08:00
Lauryn Menard 3a03e14938 integrations: Update Slack webhook to use check_send_webhook_message.
Due to the channel_map_to_topics URL parameter in the Slack webhook,
it was not migrated to use the check_send_webhook_message.

By using check_send_webhook_message, any topic parameter in the
webhook URL will be prioritized over mapping Slack channels to
topics, e.g. when channel_map_to_topics is true. This is because
the default behaviour for incoming webhooks is to send a default
topic as a parameter to check_send_webhook_message in case there
is no topic specified in the URL.

In contrast, we can override the stream passed in the URL when
channel_map_to_topics is false by passing the Slack channel name
to check_send_webhook_message. The default behaviour for incoming
webhooks is to send a direct message if there is no specified
stream in the URL, so a default stream is not generally passed
to check_send_webhook_message.

Fixes #27601.
2024-02-25 16:47:34 -08:00
Alex Vandiver 8e7ab57bf2 export_search: Support exporting DMs or huddles. 2024-02-25 09:34:17 -08:00
Prakhar Pratyush fe1a20ebb3 settings: Add realm-level setting 'zulip_update_announcements_stream'.
This commit adds a realm-level setting named
'zulip_update_announcements_stream' that configures the
stream to which zulip updates should be posted.

Fixes part of #28604.
2024-02-25 09:33:00 -08:00
Mateusz Mandera d7cf4336e4 zilencer: Flip realm_locally_deleted when realm re-appears during sync. 2024-02-24 08:52:11 -08:00
David Rosa 5215e3963c help: Clean up beta app installation instructions.
Converts the beta app installation instructions into our standard
tabbed instructions format.

Fixes #28885.
2024-02-24 08:12:34 -08:00
David Rosa 948b427de7 api-docs: Add instructions to download `zuliprc` files.
- Adds instructions for downloading a zuliprc file for a bot or for
  yourself.
- Updates the button label to "Download zuliprc", since that's the
  filename it downloads.

Fixes #28881.
2024-02-23 09:43:57 -08:00
Tim Abbott d0c276d863 corporate: Fix billing_session variable reuse confusion.
The previous logic incorrectly used the server-level number of users
even when a (presumably smaller) realm-level count was available.

Fixes a bug introduced in 2e1ed4431a.
2024-02-21 17:51:30 -08:00
Tim Abbott 6ee123be21 migrations: Renumber misnumbered migrations. 2024-02-21 09:19:34 -08:00
Prakhar Pratyush ee612dafac settings: Rename signup_notifications_stream realm setting.
This commit renames the realm-level setting
'signup_notifications_stream' to 'signup_announcements_stream'.

The new name reflects better what the setting does.
2024-02-21 09:04:23 -08:00
Prakhar Pratyush ab453fbe20 settings: Rename notifications_stream to new_stream_announce..._stream.
This commit renames the realm-level setting 'notifications_stream'
to 'new_stream_announcements_stream'.

The new name reflects better what the setting does.
2024-02-21 09:04:23 -08:00
Prakhar Pratyush 0c83bca81e events: Use 'get_notifications_stream' realm method.
This commit updates the code in 'fetch_initial_state_data'
function to use the 'get_notifications_stream' method
instead of re-writing the logic.
2024-02-21 09:04:23 -08:00
Alex Vandiver 7e9d8cd192 tornado: Fix GC of old queues. 2024-02-20 22:07:25 -08:00
Alex Vandiver b747ea285f topic: Fix history order for topic moves.
5c96f94206 mistakenly appended, rather than prepended, the edit to
the history.  This caused AssertionErrors when attempting to view the
history of moved messages, which check that the `last_edit_time`
matches the timestamp of the first edit in the list.

Fix the ordering, and update the `edit_history` for messages that were
affected.  We limit to only messages edited since the commit was
merged, since that helps bound the affected messages somewhat.
2024-02-20 21:30:32 -08:00
Mateusz Mandera be03dabf76 zilencer: Implement do_reactivate_remote_server utility function.
The inverse of do_deactivate_remote_server. It's just flipping the
.deactivated flag, but we also should have an AuditLog for these events.
2024-02-19 20:26:47 -08:00
Tim Abbott 2e1ed4431a corporate: Fix plan precedence issues with expired plans.
RemoteRealm customer takes precedence over RemoteServer
in general. But if an inactive plan is associated with
RemoteRealm and an active plan with RemoteServer, the
ACTIVE plan takes precendence.

Co-authored-by: Prakhar Pratyush <prakhar@zulip.com>
2024-02-19 17:58:49 -08:00
Anders Kaseorg e568064f4e page_params: Set and expect state_data = null for spectators.
Fix a ZodError when spectators load the app, introduced by commit
a4938d3760 (#28971).

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-02-19 03:03:58 -05:00
Anders Kaseorg a4938d3760 page_params: Parse page_params and state_data with Zod.
This establishes a runtime check that their types continue to reflect
reality going forward.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-02-17 00:02:38 -08:00
Alya Abbott 4f1659fe8f billing: Make push notifications error message more clear. 2024-02-16 16:01:53 -08:00
sayyedarib 5c993f0479 direct_message: Allow DMs to bots and self regardless of policy.
Previously, in DM disabled org messaging to bot was not working when
starting new conversation and adding bot as recipient because of not
updating on recipient change. And secondly, self messaging was not
allowed.
This commit ensures that the DM to bot and self are allowed irrespective
of dm restrictions.

tests: Verify DMs adhere to DM restriction policy.

Fixes #28412

Signed-off-by: sayyedarib <sayyedaribhussain4321@gmail.com>
2024-02-15 16:13:36 -08:00
Alex Vandiver 0079688c49 tornado: Drop WebReloadClientError logic.
The widening of the time between when a process is marked for
reload (at Tornado startup) and when it sends reload events makes it
unlikely-to-impossible that a single `/` request will span both of
them, and thus hit the WebReloadClientError corner case.

Remove it, as it is not worth the complication.  The bad behaviour it
is attempting to prevent (of a reload right after opening `/`) was
always still possible  -- if the `/` request completed right before
Tornado restarted -- so it is not clear that it was ever worth the
complication.
2024-02-15 15:42:50 -08:00
Alex Vandiver da6b0b1cc6 tornado: Add a web_reload_clients endpoint to notify web clients. 2024-02-15 15:42:50 -08:00
Alex Vandiver b25d966352 tornado: Add a --no-immediate-reloads flag to leave web clients alone. 2024-02-15 15:42:50 -08:00
Alex Vandiver 1d3813ec4f tornado: Track which queues were inherited from old Tornado instances. 2024-02-15 15:42:50 -08:00
Alex Vandiver fc41d6085b tornado: Split server restart events from web client reload events. 2024-02-15 15:42:50 -08:00
Alex Vandiver a6287faea4 tornado: Stop collapsing "restart" events via virtual events.
Collapsing was done incorrectly, as 65c400e06d added `zulip_version`
and `zulip_feature_level`, but did not update the virtual event logic
to copy those new values into the virtual event.

However, it is unlikely that a server will be upgraded multiple times
in quick enough succession for this to ever be relevant.  Remove the
logic, which is additional complication for little or no gain.
2024-02-15 15:42:50 -08:00
Alex Vandiver 52a80e1d78 tornado: Switch to time.perf_counter for timing data. 2024-02-15 15:42:50 -08:00
Alex Vandiver ab683fac29 decorator: Rename internal_notify_view.
As noted in the previous commit, this decorator is not just used for
"notify" endpoints anymore.
2024-02-15 15:42:50 -08:00
Alex Vandiver be75736a95 decorator: Rename authenticate_notify.
This was originally used for more Django -> Tornado communication than
it now does; it is primarily not used to "notify" Tornado anymore.
2024-02-15 15:42:50 -08:00
Alex Vandiver e6fa1f5436 email_mirror_message: Move endpoint under /api/internal/.
This also has the side effect that it saves the endpint from being
improperly redirected by the HostDomainMiddleware's canonicalization
code.
2024-02-15 15:42:50 -08:00
Alex Vandiver 84fa9be73a tornado: Move the /notify-tornado endpoint, and document it better. 2024-02-15 15:42:50 -08:00
Alya Abbott 8bebabab8f api docs: Clarify Zulip Cloud requirements for user creation endpoint. 2024-02-15 15:08:53 -08:00
Anders Kaseorg 823e8d8716 state_data: Fix custom_profile_fields type for CHOICE → SELECT rename.
Commit bd6471f0e3 (#28691) added this
reference to the old name, even though it had already been renamed in
commit b220d29fed (#17775), presumably
because that had failed to update the OpenAPI description.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-02-15 16:00:25 -05:00
Anders Kaseorg bf6978185d home: Send state_data in a separate object.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-02-15 10:22:52 -08:00
Alex Vandiver 23baabba86 message: Merge unnecessary cache_transformer step.
Having a non-identity `cache_transformer` is no different from running
it on every row of the query_function.  Simplify understanding of the
codepath used in caching by merging the pieces of code.
2024-02-14 12:27:03 -08:00
Alex Vandiver 6597c560cb message_cache: Rename "to_dict" functions which deal with bytes. 2024-02-14 12:27:03 -08:00
Alex Vandiver b3e8878252 message_cache: Rename update_to_dict_cache to update_message_cache.
This better describes what it does.
2024-02-14 12:27:03 -08:00
Alex Vandiver 737a751f5c message: Split MessageDict and friends into its own file. 2024-02-14 12:27:03 -08:00
Alex Vandiver 0f9b7f112b message: Move render_markdown into zerver.lib.markdown. 2024-02-14 12:27:03 -08:00
Alex Vandiver 22837fc1b4 message_edit: Carry the QuerySet through as much as possible.
Rather than pass around a list of message objects in-memory, we
instead keep the same constructed QuerySet which includes the later
propagated messages (if any), and use that same query to pick out
affected Attachment objects, rather than limiting to the set of ids.
This is not necessarily a win -- the list of message-ids *may* be very
long, and thus the query may be more concise, easier to send to
PostgreSQL, and faster for PostgreSQL to parse.  However, the list of
ids is almost certainly better-indexed.

After processing the move, the QuerySet must be re-defined as a search
of ids (and possibly a very long list of such), since there is no
other way which is guaranteed to correctly single out the moved
messages.  At this point, it is mostly equivalent to the list of
Message objects, and certainly takes no less memory.
2024-02-14 12:27:03 -08:00
Alex Vandiver 5c96f94206 topic: Use a single SQL statement to propagate message moves.
Rather than use `bulk_update()` to batch-move chunks of messages, use
a single SQL query to move the messages.  This is much more efficient
for large topic moves.  Since the `edit_history` field is not yet
JSON (see #26496) this requires that PostgreSQL cast the current data
into `jsonb`, append the new data (also cast to `jsonb`), and then
re-cast that as text.

For single-message moves, this _increases_ the SQL query count by one,
since we have to re-query for the updated data from the database after
the bulk update.  However, this is overall still a performance
improvement, which improves to 2x or 3x for larger topic moves.  Below
is a table of duration in seconds to run `do_update_message` to move a
topic to a new stream, based on messages in the topic, for before and
after this change:

| Topic size |  Before  |  After  |
| ---------- | -------- | ------- |
| 1          |   0.1036 |  0.0868 |
| 2          |   0.1108 |  0.0925 |
| 5          |   0.1139 |  0.0959 |
| 10         |   0.1218 |  0.0972 |
| 20         |   0.1310 |  0.1098 |
| 50         |   0.1759 |  0.1366 |
| 100        |   0.2307 |  0.1662 |
| 200        |   0.3880 |  0.2229 |
| 500        |   0.7676 |  0.4052 |
| 1000       |   1.3990 |  0.6848 |
| 2000       |   2.9706 |  1.3370 |
| 5000       |   7.5218 |  3.2882 |
| 10000      |  14.0272 |  5.4434 |
2024-02-14 12:27:03 -08:00
Alex Vandiver 822131fef4 message: Add a bulk_access_stream_messages_query method.
This applies access restrictions in SQL, so that individual messages
do not need to be walked one-by-one.  It only functions for stream
messages.

Use of this method significantly speeds up checks if we moved "all
visible messages" in a topic, since we no longer need to walk every
remaining message in the old topic to determine that at least one was
visible to the user.  Similarly, it significantly speeds up merging
into existing topics, since it no longer must walk every message in
the new topic to determine if the user could see at least one.

Finally, it unlocks the ability to bulk-update only messages the user
has access to, in a single query (see subsequent commit).
2024-02-14 12:27:03 -08:00
Alex Vandiver 628be8d433 streams: Remove a lie from the docstring. 2024-02-14 12:27:03 -08:00
Alex Vandiver e04891779f message_edit: len(changed_messages) is always > 0.
It is only ever added to, and starts as a one-element list.
2024-02-14 12:27:03 -08:00
Tim Abbott 79ddfa1e6f message_edit: Ensure gaining_usermessage_user_ids is set.
This makes this code path a bit easier to follow.
2024-02-14 12:27:03 -08:00
Tim Abbott 4a049299ee message_edit: Clarify unmodified_user_messages logic. 2024-02-14 12:27:03 -08:00
Alex Vandiver 06710631ff tests: Reserve "Internal" client, used by email gateway and topic moves. 2024-02-14 12:27:03 -08:00
Alex Vandiver 7f46773ef1 tests: Clear in-memory Client caches before testing query counts.
This makes counts more apples-to-apples comparable when run
back-to-back.
2024-02-14 12:27:03 -08:00
Karl Stolley f5fb9d76d0 features: Add rewritten heading content. 2024-02-13 15:11:02 -08:00
Lauryn Menard 831381f160 email-log: Update CSS styles for dev environment email log.
Removes reliance on bootstrap alert and label rules/styles that
were used or expected for this email log page.
2024-02-12 11:35:36 -08:00
roanster007 6ab63874f2 message_edit: Refactor check_update_message method.
This is a preparatory commit that refactors the check_update_message
method to extract the checks containing whether a user can edit the
message or not into a separate method -validate_message_content_edit,
so that it can be re used later.
2024-02-12 10:51:12 -08:00
Tim Abbott 9efce0b16c create_user: Fix initial unreads ignoring private streams.
This logic was apparently missed when we implemented private streams
with shared history; the correct check is to look at whether the user
can access message history in the stream, which used to be equivalent
to whether it's a private stream.
2024-02-09 12:49:30 -08:00
Anders Kaseorg e79572d0d5 page_params: Remove unused first_in_realm.
It’s unused since commit e1843dd1b9
(#5819).

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-02-08 10:08:15 -08:00
Anders Kaseorg b59faf540f page_params: Remove unused prompt_for_invites.
It’s unused since commit ebe959f2b0.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-02-08 10:08:15 -08:00
Alya Abbott e9b0c7f2c0 name_restrictions: Reserve additional subdomains. 2024-02-07 12:10:00 -08:00
Mateusz Mandera 5672595c2a push_notifs: Gracefully handle exception when server cant push.
The problem was that earlier this was just an uncaught JsonableError,
leading to a full traceback getting spammed to the admins.
The prior commit introduced a clear .code for this error on the bouncer
side, meaning the self-hosted server can now detect that and handle it
nicely, by just logging.error about it and also take the opportunity to
adjust the realm.push_notifications_... flags.
2024-02-07 10:36:33 -08:00
Mateusz Mandera 3bda31c48c zilencer: Improve json error when plan doesn't allow push notifs.
This allows the self-hosted server to explicitly test for that exception
and catch and log it nicely.
2024-02-07 10:36:33 -08:00
David Rosa d29cd04387 integrations: Create incoming webhook for GitHub Sponsors.
Creates an incoming webhook integration for Github Sponsors. The
main use case is getting notifications when new sponsors sign up.

Fixes #18320.
2024-02-07 09:52:03 -08:00
shashank-23002 3bf04ffab5 messages: Update new user signup notification.
Fixes: #28834.
2024-02-06 18:41:05 -08:00
David Rosa 8e92b54df1 help: Update external links to "Bots overview" help center page.
The page was renamed and thus this will avoid an unnecessary redirect.
2024-02-06 18:22:57 -08:00
Prakhar Pratyush c54fa91f1a do_send_messages: Remove the stale 'email_gateway' parameter.
This commit removes the stale 'email_gateway' parameter
from 'do_send_messages' function.

This should have been removed in 6c473ed75f,
when the call to 'build_message_send_dict' was removed
from 'do_send_messages'.
2024-02-05 23:19:13 -08:00
Anders Kaseorg 029e765e20 openapi: Validate real requests and responses, not fictional mocks.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-02-05 19:57:21 -05:00
Anders Kaseorg 5cac872e4b openapi: Get parameters from requestBody too.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-02-05 19:57:21 -05:00
Anders Kaseorg a67d1b57b9 openapi: Use Parameter class for generating curl examples.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-02-05 19:57:21 -05:00
Anders Kaseorg 131b230e2b openapi: Represent OpenAPI parameters with a Parameter class.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-02-05 19:57:21 -05:00
Anders Kaseorg 0cee3bee00 openapi: Remove confusing check for 200 responses.
This error message didn’t make sense for the check as written, and our
OpenAPI document already provides the expected format for our 200
responses.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-02-05 19:57:21 -05:00
Anders Kaseorg bb699f7ee3 test_openapi: Provide missing defs_mapping argument.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-02-05 19:57:21 -05:00
Anders Kaseorg 0514f92bdb openapi: Loosen anchor parameter specification to string.
Real requests would not validate against the previous version.  There
seems to be no consistent way to determine whether a string parameter
should be coerced to an integer for validation against an allOf
schema (which works at the level of JSON objects, not strings).

See also https://github.com/python-openapi/openapi-core/issues/698.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-02-05 19:57:21 -05:00
Anders Kaseorg 0dd92d2116 test_classes: Add Content-Type header to empty DELETE/POST bodies.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-02-05 19:57:21 -05:00
Anders Kaseorg a356ec7011 test_classes: Default client_post to application/x-www-form-urlencoded.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-02-05 19:57:21 -05:00
Anders Kaseorg d9f2f23c6a requirements: Upgrade to openapi-core pre-release.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-02-05 19:57:21 -05:00
Anders Kaseorg 41f253774d Revert "zproject: Prevent having exactly 17/18 middlewares, for Python 3.11 bug."
This reverts commit cf0b803d50.
2024-02-05 19:57:21 -05:00
Mateusz Mandera 6dd6fc045f realm_settings: Improve authentication_methods param validation.
The endpoint was lacking validation that the authentication_methods dict
submitted by the user made sense. So e.g. it allowed submitting a
nonsense key like NoSuchBackend or modifying the realm's configured
authentication methods for a backend that's not enabled on the server,
which should not be allowed.

Both were ultimately harmless, because:
1. Submitting NoSuchBackend would luckily just trigger a KeyError inside
   the transaction.atomic() block in do_set_realm_authentication_methods
   so it would actually roll back the database changes it was trying to
   make. So this couldn't actually create some weird
   RealmAuthenticationMethod entries.
2. Silently enabling or disabling e.g. GitHub for a realm when GitHub
   isn't enabled on the server doesn't really change anything. And this
   action is only available to the realm's admins to begin with, so
   there's no attack vector here.

test_supported_backends_only_updated wasn't actually testing anything,
because the state it was asserting:
```
        self.assertFalse(github_auth_enabled(realm))
        self.assertTrue(dev_auth_enabled(realm))
        self.assertFalse(password_auth_enabled(realm))
```

matched the desired state submitted to the API...
```
        result = self.client_patch(
            "/json/realm",
            {
                "authentication_methods": orjson.dumps(
                    {"Email": False, "Dev": True, "GitHub": False}
                ).decode()
            },
        )
```

so we just replace it with a new test that tests the param validation.
2024-02-02 17:26:32 -08:00
Anders Kaseorg 53e80c41ea ruff: Fix SIM113 Use `enumerate()` for index variable in `for` loop.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-02-02 10:30:45 -08:00
Anders Kaseorg f165ba0fb3 ruff: Fix SIM910 Use `d.get(…)` instead of `d.get(…, None)`.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-02-02 10:30:45 -08:00
Anders Kaseorg 712917b2c9 ruff: Fix RUF019 Unnecessary key check before dictionary access.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-02-02 10:30:45 -08:00
David Rosa fe0d4db153 help: Improve integrations documentation.
- Renames "Bots and integrations" to "Bots overview" everywhere
  (sidebar, page title, page URL).
- Adds a copy of /api/integrations-overview (symbolic link) as the
  second page in the Bots & integrations section, titled
  "Integrations overview".

Fixes #28758.
2024-02-01 09:45:56 -08:00
Artur Szcześniak 706be812b9
integrations: Fix confusing wording in alertmanager integration.
We use Alertmanager as an aggregation place for example for failing CI pipelines, 
and `graph` does not always reflect the source of the alert. It's called `source` originally 
and I think it should stay this way.
2024-01-30 14:32:41 -08:00
David Rosa 1e4f5c6433 integrations: Create incoming webhook for Patreon.
Creates an incoming webhook integration for Patreon. The main
use case is getting notifications when new patrons sign up.

Fixes #18321.

Co-authored-by: Hari Prashant Bhimaraju <haripb01@gmail.com>
Co-authored-by: Sudipto Mondal <sudipto.mondal1997@gmail.com>
2024-01-30 13:13:19 -08:00
Anders Kaseorg 93198a19ed requirements: Upgrade Python requirements.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-01-29 10:41:54 -08:00
Anders Kaseorg e56863fa85 ruff: Fix DJ012 Order of model's inner classes, methods, and fields.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-01-29 10:41:54 -08:00
Anders Kaseorg ab25ebd5ce ruff: Fix SIM300 Yoda conditions are discouraged.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-01-29 10:41:54 -08:00
Tim Abbott 3dfc24a908 test_push_notifications: Fix sort order assumption. 2024-01-29 10:22:55 -08:00
Mateusz Mandera 4a245a3f62 register_remote_server: Add more validation of contact_email. 2024-01-26 09:09:31 -08:00
Mateusz Mandera 25f47bd749 register_remote_server: Don't allow duplicate hostnames.
This requires a bit of restructuring of the existing code to handle all
the cases correctly.
2024-01-26 09:09:31 -08:00
Alya Abbott 10d8d4578e help: Change "All older versions" tab to "All versions".
The instructions actually work on 8.0+ as well, not just older versions.
2024-01-25 18:18:04 -08:00
Sahil Batra ae0aba064f CVE-2024-21630: Check permission to subscribe others using invite link.
This commit updates the API to check the permission to subscribe other
users while creating multi-use invites. The API will raise error if
the user passes the "stream_ids" parameter (even when it contains only
default streams) and the calling user does not have permission to
subscribe others to streams.

We did not add this before as we only allowed admins to create
multiuse invites, but now we have added a setting which can be used
to allow users with other roles as well to create multiuse invites.
2024-01-24 17:41:10 -08:00
Alex Vandiver d80b063b61 import: Rewrite "delivered_message" column of scheduled messages.
This also requires shuffling the message import to before the
scheduled messages.

Fixes: #28690.
2024-01-24 13:29:47 -08:00
Chris Bobbe 3707999f79 api-docs: Revise authentication_methods realm setting description.
Extends the description of the authentication_methods realm setting
in the /api/get-events and /api/register-queue endpoints to clarify
the recommended use of the object is for implementing server settings
UI, and to note the data returned by the /api/server-settings
endpoint should be used for implementing authentication UI.
2024-01-24 09:23:55 -08:00
Alex Vandiver fad3510767 test_queue_worker: Use integer epoch values.
These values have to round-trip through the database, and microsecond
precision is not guaranteed to do so.
2024-01-22 18:42:55 -08:00
Alex Vandiver 1517601e9d import: Merge duplicate slack email addresses.
It is possible to have multiple users with the same email address --
for instance, when two users are guests in shared channels via two
different other Slack instances.

Combine those Slack user-ids into one Zulip user, by their user-id;
otherwise, we run into problems during import due to duplicate keys.
2024-01-22 16:34:59 -08:00
Alex Vandiver 09146b1b8f import: Show slack user-ids. 2024-01-22 16:34:59 -08:00
Alex Vandiver 7cc4b023f2 import: Support shared users in huddles/DMs.
1e5c49ad82 added support for shared channels -- but some users may
only currently exist in DMs or MPIMs, and not in channel membership.

Walk the list of MPIM subscriptions and messages, as well as DM users,
and add any such users to the set of mirror dummy users.
2024-01-22 16:34:59 -08:00
Alex Vandiver 37fa181e5f queue_processors: Process user_activity in one query.
This leads to significant speedups.  In a test, with 100 random unique
event classes, the old code processed a batch of 100 rows (on average
66-ish unique in the batch) in 0.45 seconds.  Doing this in a single
query processes the same batch in 0.0076 seconds.
2024-01-22 16:25:13 -08:00
ColeBurch 60225591dc settings: Reorder custom profile field types.
This commit alphabetizes the custom profile field types in the
settings UI.

Fixes #28511.
2024-01-21 12:51:53 -08:00
ColeBurch 9917ffa220 settings: Rename four custom profile fields types.
This commit renames four custom profile fields types.

Fixes part of #28511.
2024-01-21 12:51:53 -08:00
swayam0322 684101353f find_account: Add button to send another email.
The result page didn't have any resend button a button was
added to redirect to the form where the user can find their
account

Fixes part of #3128
2024-01-19 09:02:03 -08:00
Alex Vandiver 07c4291749 message: Rewrite personals query to be more performant and accurate.
The previous query suffered from bad corner cases when the user had
received a large number of direct messages but sent very few,
comparatively.  This mean that the first half of the UNION would
retrieve a very large number of UserMessage rows, requiring fetching a
large number of Message rows, merely to throw them away upon
determining that the recipient was the current user.

Instead of merging two queries of "last 1k received" + "last 1k sent",
we instead make better use of the UserMessage rows to find "last 1k
sent or received."  This may change the list of recipients, as large
disparities in sent/received messages may result in pushing the
most-recently-sent users off of the list.  These are likely uncommon
edge cases, however -- and the disparity is the whole reason for the
performance problem.

This also provides more correct answers.  In the case where a user's
1001'th message sent was to person A today, but my most recent message
received was from them yesterday, the previous plan would show the
message I received yesterday message-id as the max, and not the more
recent message I sent today.

While we could theoretically raise the `RECENT_CONVERSATIONS_LIMIT` to
more frequently match the same recipient list as previously, this
increases the cost of the most common cases unreasonably.  With a
1000-message limit, the common cases are slightly faster, and the tail
latencies are very much improved; raising `RECENT_CONVERSATIONS_LIMIT`
would increase the result similarity to the old algorithm, at the cost
of the p50 and p75.

|        |   Old   |   New   |
| ------ | ------- | ------- |
| Mean   | 0.05287 | 0.02520 |
| p50    | 0.00695 | 0.00556 |
| p75    | 0.05592 | 0.03351 |
| p90    | 0.14645 | 0.08026 |
| p95    | 0.20181 | 0.10906 |
| p99    | 0.30691 | 0.16014 |
| p99.9  | 0.57894 | 0.19521 |
| max    | 22.0610 | 0.22184 |

On the whole, however, the much more bounded worst case are worth the
small changes to the resultset.
2024-01-18 09:30:20 -08:00
Prakhar Pratyush 3afc8ed7ae webhooks: Rename *topic local variables to *topic_name.
This is preparatory work towards adding a Topic model.
We plan to use the local variable name as 'topic' for
the Topic model objects.

Currently, we use *topic as the local variable name for
topic names.

We rename local variables of the form *topic to *topic_name
so that we don't need to think about type collisions in
individual code paths where we might want to talk about both
Topic objects and strings for the topic name.
2024-01-17 08:35:29 -08:00
swayam0322 16988a5188 find_account: Remove emails as URL parameters.
Earlier, after a successful POST request on find accounts page
users were redirected to a URL with the emails (submitted via form)
as URL parameters. Those raw emails in the URL were used to
display on a template.

We no longer redirect to such a URL; instead, we directly render
a template with emails passed as a context variable.

Fixes part of #3128
2024-01-16 09:39:00 -08:00
Alex Vandiver b10c611840 home: Redirect https://selfhosting.zuliphostname/ to /serverlogin/.
This is a reasonable default page to render for that hostname, and
less confusing than "Organization does not exist."
2024-01-15 17:55:42 -08:00
Alex Vandiver adf9e8de3d home: Redirect https://auth.zuliphostname/ to https://zuliphostname/.
It is confusing for folks directing accessing the page to get a
"Organization does not exist" message.
2024-01-15 17:55:42 -08:00
Mateusz Mandera 100cef9186 templates: Move remote_realm_server_mismatch_error.html to zerver.
This is rendered by regular self-hosted servers, so doesn't belong in
zilencer.
2024-01-15 16:50:48 -08:00
Mateusz Mandera fc247cba3f remote_billing: Fix /self-hosted-billing/ handling for desktop app.
When you click "Plan management", the desktop app opens
/self-hosted-billing/ in your browser immediately. So that works badly
if you're already logged into another account in the browser, since that
session will be used and it may be for a different user account than in
the desktop app, causing unintended behavior.

The solution is to replace the on click behavior for "Plan management"
in the desktop app case, to instead make a request to a new endpoint
/json/self-hosted-billing, which provides the billing access url in a
json response. The desktop app takes that URL and window.open()s it (in
the browser). And so a remote billing session for the intended user will
be obtained.
2024-01-15 16:50:48 -08:00
Mateusz Mandera 80f5963bbc auth: Add a configurable wrapper around authenticate calls. 2024-01-15 12:18:48 -08:00
Mateusz Mandera d3b4cbd182 auth: Add hardening authenticate(use_dummy_backend=True) in do_login.
As explained in the comment, this is to prevent bugs where some strange
combination of codepaths could end up calling do_login without basic
validation of e.g. the subdomain. The usefulness of this will be
extended with the upcoming commit to add the ability to configure custom
code to wrap authenticate() calls in. This will help ensure that some
codepaths don't slip by the mechanism, ending up logging in a user
without the chance for the custom wrapper to run its code.
2024-01-15 12:18:48 -08:00
Mateusz Mandera 56ca307bc1 tests: Delete test_social_auth_backends.
This test is ancient and patches so much that it's almost unreadable,
while being redundant considering we have comprehensive tests via the
SocialAuthBase subclasses. The one missing case was the one with the
backend we disabled. We replace that with a proper
test_social_auth_backend_disabled test in SocialAuthBase.
2024-01-15 12:18:48 -08:00
Prakhar Pratyush 676c07be5b tests: Rename *topic local variables to *topic_name.
This is preparatory work towards adding a Topic model.
We plan to use the local variable name as 'topic' for
the Topic model objects.

Currently, we use *topic as the local variable name for
topic names.

We rename local variables of the form *topic to *topic_name
so that we don't need to think about type collisions in
individual code paths where we might want to talk about both
Topic objects and strings for the topic name.
2024-01-15 09:40:43 -08:00
Prakhar Pratyush b7e56ccbdc lib: Rename *topic local variables to *topic_name.
This is preparatory work towards adding a Topic model.
We plan to use the local variable name as 'topic' for
the Topic model objects.

Currently, we use *topic as the local variable name for
topic names.

We rename local variables of the form *topic to *topic_name
so that we don't need to think about type collisions in
individual code paths where we might want to talk about both
Topic objects and strings for the topic name.
2024-01-15 09:40:43 -08:00
Prakhar Pratyush bc66eaee7d views: Rename *topic local variables to *topic_name.
This is preparatory work towards adding a Topic model.
We plan to use the local variable name as 'topic' for
the Topic model objects.

Currently, we use *topic as the local variable name for
topic names.

We rename local variables of the form *topic to *topic_name
so that we don't need to think about type collisions in
individual code paths where we might want to talk about both
Topic objects and strings for the topic name.
2024-01-15 09:40:43 -08:00
Prakhar Pratyush 1eef052bd1 actions: Rename *topic local variables to *topic_name.
This is preparatory work towards adding a Topic model.
We plan to use the local variable name as 'topic' for
the Topic model objects.

Currently, we use *topic as the local variable name for
topic names.

We rename local variables of the form *topic to *topic_name
so that we don't need to think about type collisions in
individual code paths where we might want to talk about both
Topic objects and strings for the topic name.
2024-01-15 09:40:43 -08:00
Lauryn Menard f27b6d896a audit-logs: Add generic property changed for Customer and CustomerPlan.
Change audit logs for changing a Customer or CustomerPlan property
to use a generic event type and specify the property name in the
extra data.
2024-01-15 03:10:04 -08:00
Tim Abbott bafa476fd3 presence: Avoid having incomplete missing test coverage.
Rename and restructure these comparison variables such that we don't
have a possibly impossible case for presence.last_connected_time being
None.

Fixes #25498.
2024-01-14 18:32:01 -08:00
Alex Vandiver e6a0284275 queue_processors: Defer initial email connection creation.
We previously created the connection to the outgoing email server when
the EmailSendingWorker was first created.  Since creating the
connection can fail (e.g. because of firewalls or typos in the
hostname), this can cause the `QueueProcessingWorker` creation to
raise an exception.  In multi-threaded mode, exceptions in the worker
threads which are _not_ during the handling of a specific event
percolate out to `log_and_exit_if_exception` and trigger the
termination of the entire process -- stopping all worker threads from
making forward progress.

Contain the blast radius of misconfigured email servers by deferring
the opening of the connection until it is first needed.  This will not
cause any overall performance change, since it only affects the
latency of the very first email after startup.
2024-01-12 08:38:46 -08:00
Alex Vandiver e1acd7b974 process_queue: For threaded workers, create them when they start.
Creating the QueueProcessingWorker objects when the ThreadedWorker is
created can lead to a race which caused confusing error messages:

1. A thread tries to call `self.worker = get_worker()`
2. This call raises an exception, which is caught by
   `log_and_exit_if_exception`
3. `log_and_exit_if_exception` sends our process a SIGUSR1, _but
    otherwise swallows the error_.
4. The thread's `.run()` is called, which tries to access
   `self.worker`, which was never set, and throws another exception.
5. The process handles the SIGUSR1, restarting.

Move the creation of the worker to when it is started, so the worker
object does not need to be stored, and possibly have a decoupled
failure.
2024-01-12 08:38:46 -08:00
Alex Vandiver e0bd169c77 docs: Fix other help pages that were renamed or moved, to save a redirect. 2024-01-11 13:52:12 -08:00
Alex Vandiver c217280c23 docs: Fix help links for pm -> dm rename, to save a redirect. 2024-01-11 13:52:12 -08:00
Prakhar Pratyush f7d4d04130 api_docs: Update doc for realm_push_notification_enabled_end_timestamp.
This commit updates the doc to explicitly mention that
'realm_push_notifications_enabled_end_timestamp' is a UNIX timestamp.
2024-01-11 12:32:16 -08:00
Sahil Batra c0c9623ae4 message: Allow system bots to mention group if everyone else can.
We now allow system bots to mention a group if can_mention_group
setting is set to "role:everyone" group and not when it is set
to some other group.
2024-01-10 14:57:21 -08:00
sanchi-t 0a626f5e3c csrf_failure: Update error page.
Switches from Django's default error page to Zulip standard error
template.  Also updates template for 405 error code to not use the 404
art.

Fixes #25626.
2024-01-10 09:49:24 -08:00
Alex Vandiver 7720d362ba messages: Only lock UserMessage rows, not other joined tables.
By default, `SELECT FOR UPDATE` will also lock any rows which are
`JOIN`ed into the selected rows; in the case of UserMessage rows, this
can mean arbitrary Message rows.

Since the messages themselves are not being changed, it is not
necessary to lock them -- and doing so may lead to deadlocks, in the
case that the UserMessage row is locked for update before the Message,
and some other request has already taken a read lock on the Message
and is blocked on the UserMessage write lock.

Change `select_for_update_query` to explicitly only lock UserMessage.
2024-01-09 13:13:59 -08:00
Evgenii 3f06596cf0
dev_ldap_directory: Use f-strings for better readability. 2024-01-09 12:09:09 -08:00
Lauryn Menard 2994685399 support: Add admin support for updating end date of active plan.
This currently will only apply to tier.SELF_HOSTED_LEGACY plans.
2024-01-09 10:13:21 -08:00
Alex Vandiver 9c336e4374 documentation: Support having no sidebar for policies docs.
We document the sidebar as being optional, so make it so.
2024-01-07 19:11:16 -08:00
Alex Vandiver 5b1387c9ba send_password_reset_email: Add a flag to only email users who need it.
Emailing the password reset email to users who have already logged in
is not as useful.
2024-01-07 16:43:31 -08:00
Alex Vandiver 6635f3ea12 send_password_reset_email: Narrow type of users.
5a32ea52ae changed the return type of `get_users`, enabling this.
2024-01-07 16:43:31 -08:00
Lauryn Menard d8044a1b07 api-docs: Revise text of /api/test-notify endpoint.
Updates title and main description to follow the general style
of the API endpoint documentation.

Updates `token` description to clarify suggested mobile client
behavior.
2024-01-05 17:07:28 -08:00