Commit Graph

22222 Commits

Author SHA1 Message Date
Vishnu Ks e96611ad1d requirements: Upgrade google-api-python-client to 1.6.4. 2017-10-27 16:56:15 -07:00
Vishnu Ks cd064475a7 requirements: Upgrade django-auth-ldap to 1.2.16. 2017-10-27 16:56:15 -07:00
Vishnu Ks 0140a347dc requirements: Upgrade django to 1.11.6. 2017-10-27 16:56:15 -07:00
Vishnu Ks 00331ad84e requirements: Upgrade cryptography to 2.1.2. 2017-10-27 16:56:15 -07:00
Vishnu Ks 92f482a142 requirements: Upgrade cffi to 1.11.2. 2017-10-27 16:56:15 -07:00
Vishnu Ks af4185e1fe requirements: Add simplejson.
simplejson is still used in home.py
2017-10-27 16:56:15 -07:00
Tim Abbott 3abe92fc39 requirements: Update version of pyombed to fork with bs4 bug fixed.
This fixes an annoying warning message that was printed in our tests.
2017-10-27 16:55:27 -07:00
Tim Abbott 095a3ecbdd requirements: Fix missing simplejson dependency. 2017-10-27 16:54:01 -07:00
Tim Abbott 090563fb25 test_tornado: Fix IOLoop exceptions output spam.
We weren't quite following the proper protocol for Tornado tests.
2017-10-27 16:28:33 -07:00
Tim Abbott f790e667b3 test_tornado: Fix repeated autoreload configuration in tests.
Apparently, our previous efforts to disable AUTORELOAD in the tests
were incorrect.
2017-10-27 16:19:03 -07:00
Tim Abbott aacafd7a4d test_tornado: Fix incorrect tearDown method for IOLoops.
We appear to have 2 bugs of this form, so this just cuts half of the
exception/warning log output, but it's a start.
2017-10-27 16:13:42 -07:00
Tim Abbott 49d7d49038 test_narrow: Fix sqlalchemy warning spam. 2017-10-27 16:06:03 -07:00
Tim Abbott d80d15c08d GoogleSubdomainLoginTest: Suppress unnecessary logging output.
This helps make our test output nice and clean.
2017-10-27 16:06:03 -07:00
Tim Abbott e5df05fd35 tests: Suppress logging spam in email mirror tests. 2017-10-27 16:06:03 -07:00
Tim Abbott a1fa7a3c83 JWT: Filter out logging.warning output in tests. 2017-10-27 16:06:03 -07:00
Tim Abbott fca6df09b0 test_home: Mark a couple tests as explicitly slow. 2017-10-27 16:05:55 -07:00
Tim Abbott 28b25a66c2 test_events: Mark several slower tests as explicitly slow. 2017-10-27 15:46:59 -07:00
Tim Abbott ef9679667f test_docs: Fix unnecessary info-level logging in tests. 2017-10-27 15:44:45 -07:00
Tim Abbott e19312b394 Fix zerver.lib.digest log being printed in tests. 2017-10-27 15:44:15 -07:00
Tim Abbott 073c81bbe8 slow_tests: Increase limit for TOO slow notices. 2017-10-27 15:38:17 -07:00
Tim Abbott e8ab7cd1a9 logging: Fix zulip.send_email log being printed in tests.
Our set_loglevel tool didn't set propagate to False, so just using it
directly wouldn't work unless the logger is explcitly declared in
zproject/settings.py, which this one isn't.
2017-10-27 15:34:36 -07:00
Tim Abbott 80a9253f89 attachments: Remove unnecessary use of REQ.
It didn't do anything, because that third argument is actually a
positional argument coming from the URL parsing logic.
2017-10-27 15:18:44 -07:00
Tim Abbott 5467296f60 decorators: Use human_users_only more aggressively. 2017-10-27 15:16:13 -07:00
Tim Abbott 1cd017288d views: Fix imports of REQ/has_request_variables from the wrong place.
These were never in zerver/decorator.py, and so it makes sense to
import them zerver/lib/request.py, mostly for ease of finding things.
2017-10-27 15:07:31 -07:00
Brock Whittaker 25251e0216 /about/: Create a team partial.
This creates a template for the /team/ page that is currently just
embedded inside the /about/ page.  This includes the titles for core
team members with their pictures.
2017-10-27 14:50:48 -07:00
Greg Price 6d403ff255 tests: Simplify set_http_host to dedupe its logic.
This will make it easier to change this logic.
2017-10-27 14:42:24 -07:00
Greg Price e4b4f67b44 subdomains: Tighten search for EXTERNAL_HOST in get_subdomain.
If a Zulip install at example.org got a request at an HTTP `Host`
like foo.example.org.evil.com (or even foo.example.orgevil.com),
we would accept it as subdomain foo.  This isn't likely to happen
in practice because it shouldn't pass ALLOWED_HOSTS, and it's not
obvious to me that anything untoward could be done with it even
if ALLOWED_HOSTS were set wide open, but if nothing else it
multiplies the cases in analyzing this logic.

The reason we had a loose match like this, I assume, is to allow
the user to come from arbitrary ports -- especially in development.
So tighten the pattern to allow just that, and add some tests for
that behavior and a comment explaining why this complication is
needed.
2017-10-27 14:42:24 -07:00
Greg Price 1b19af2612 subdomains: Write some tests for get_subdomain.
This logic is a bit subtle, and we're about to make changes to it.
So let's have some tests.
2017-10-27 14:42:24 -07:00
Greg Price d9cb606804 oauth: Find a better name for redirect_to_main_site.
This name was way too broad for the rather specific logic
in the actual function.
2017-10-27 14:42:24 -07:00
Greg Price ad551427ed auth: Factor out some uses of EXTERNAL_HOST with ROOT_DOMAIN_URI.
Apart from being less verbose, this makes it more manifest (on e.g. grep)
that we aren't using EXTERNAL_HOST here to construct subdomains.
2017-10-27 14:42:24 -07:00
Greg Price 318682fd52 auth: Use URL rather than cookie to pass signed data cross-domain.
The cookie mechanism only works when passing the login token to a
subdomain.  URLs work across domains, which is why they're the
standard transport for SSO on the web.  Switch to URLs.

Tweaked by tabbott to add a test for an expired token.
2017-10-27 14:42:04 -07:00
Greg Price 6efcce9374 oauth login: Refactor tests to dedupe a bit of recurring logic.
This makes the tests a little cleaner in itself, and also prepares
them to adjust with less churn when we change how
redirect_and_log_into_subdomain passes the signed token.
2017-10-27 14:28:38 -07:00
Greg Price fad3d56810 views: Move some login code from `registration` to `auth`.
Most of these have more to do with authentication in general than with
registering a new account.  `create_preregistration_user` could go
either way; we move it to `auth` so we can make the imports go only in
one direction.
2017-10-27 14:28:38 -07:00
Henrik Pettersson 09cd47c6ad Add UI for viewing and cancelling open Zulip invitations.
Lets administrators view a list of open(unconfirmed) invitations and
resend or revoke a chosen invitation.

There are a few changes that we can expect for the future:

  * It is currently possible to invite an email that you have already
    invited, it might make sense to change this behavior.

  * Resend currently sends an invite reminder instead of resending the
    original invite, this is because 'custom_body' was not stored when
    the first invite was sent.

Tweaked in various minor ways, primarily in the backend, by tabbott,
mostly for style consistency with the rest of the codebase.

Fixes: #1180.
2017-10-27 13:07:43 -07:00
Tim Abbott b831df8f7f Vagrantfile: Do "set +x" a bit before the end.
This helps avoid the confusing situation we'd had where the very last
line of the Vagrant output would be something in red.
2017-10-27 11:59:33 -07:00
Tim Abbott a9d1042718 Vagrantfile: Fix some incorrect indentation in shell script. 2017-10-27 11:58:25 -07:00
Tim Abbott 8d00111a27 vagrant: Skip the shell virtualenv warning on provision. 2017-10-27 11:44:47 -07:00
Tim Abbott 237e3cdca1 registration: Clarify comment on do_activate_user code path. 2017-10-27 11:22:19 -07:00
Vishnu Ks 8c68a167fe backend: Allow Administrators to invite new users as admins.
Tweaked by tabbott to have the field before the invitation is
completed be called invite_as_admins, not invited_as_admins, for
readability.

Fixes #6834.
2017-10-27 11:19:38 -07:00
Steve Howell 4b78f69a87 tests: Introduce send_huddle_message().
The tighter interface here makes for shorter lines (or
fewer multi-line calls) and it leads to stricter type
checking.
2017-10-27 11:00:23 -07:00
Steve Howell 9707767b21 tests: Introduce send_personal_message().
The tighter interface prevents the need to specify
Recipient.PERSONAL (which can often be inaccurate in the
huddle case, anyway), and it prevents tests from confusingly
specifying a "subject" field for PMs.
2017-10-27 11:00:23 -07:00
Steve Howell 25a6fbd05d tests: Introduce send_stream_message().
Having send_stream_message() avoids the need to supply
Recipient.STREAM as a parameter, and it also uses the more
modern name of `topic_name` for topics.  Under the hood, it
avoids some annoying steps for re-formatting the recipients,
since we just have a single stream name.
2017-10-27 11:00:23 -07:00
Steve Howell 9576d25f92 Use check_send_stream_message in test_not_too_many_queries.
When possible, we want to use direct APIs for sending
stream messages.

This changes the codepath slightly, by not using
forwarded_user_profile, but it doesn't impact the number
of queries, and it's a simple check.

We also remove a couple "subject" references here.
2017-10-27 11:00:23 -07:00
Steve Howell abf16a96d1 Rename subject -> topic_name in assert_stream_message(). 2017-10-27 11:00:23 -07:00
Steve Howell c4404ed078 tests: Change some test topic names to not use "subject". 2017-10-27 11:00:23 -07:00
Steve Howell 65b6676844 minor: Remove unused import (internal_send_message). 2017-10-27 10:48:11 -07:00
Steve Howell 655f37a34b Rename subject_name in send_message_backend(). 2017-10-27 10:48:11 -07:00
Steve Howell e5c5d10375 Rename subject vars in do_update_message(). 2017-10-27 10:48:11 -07:00
Steve Howell fbe5f93141 Rename subject -> topic_name in internal_send_message. 2017-10-27 10:48:11 -07:00
Steve Howell 973ee97612 Rename subject -> topic_name in internal_prep_message(). 2017-10-27 10:48:11 -07:00