Commit Graph

6607 Commits

Author SHA1 Message Date
Anders Kaseorg 5e355abe2e queue: Add missing imports.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-08-02 22:31:46 -07:00
Anders Kaseorg 87799177b5 queue: Fix channel type for TornadoQueueClient.
The BlockingChannel annotations in TornadoQueueClient were flat-out
wrong.  BlockingChannel and Channel have no common base classes.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-08-02 22:31:46 -07:00
Anders Kaseorg 5751479932 queue: Switch TornadoQueueClient to the new base QueueClient.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-08-02 22:31:46 -07:00
Anders Kaseorg bd6a2b149c queue: Split common part of SimpleQueueClient into new base class.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-08-02 22:31:46 -07:00
Anders Kaseorg fae92f2e3f actions: Convert TypedDict declaration to Python 3.6 style.
Generated by pyupgrade, with manual indentation adjustment for
https://github.com/asottile/pyupgrade/issues/507.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-08-02 15:53:52 -07:00
Anders Kaseorg 5483ebae37 python: Convert "".format to Python 3.6 f-strings.
Generated automatically by pyupgrade.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-08-02 15:53:52 -07:00
Anders Kaseorg ad5f0c05b5 python: Remove default "utf8" argument for encode(), decode().
Partially generated by pyupgrade.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-08-02 15:53:52 -07:00
Anders Kaseorg 3665deb93a python: Remove unnecessary intermediate lists.
Generated automatically by pyupgrade.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-08-02 15:53:52 -07:00
rht 9441bca282 import_realm: Explain the usage of the relative_path var of attachment_path. 2021-08-02 13:13:19 -07:00
Tim Abbott 24b1439e93 email_notifications: Avoid trying to email to bot users.
This fixes a regression in de04f0ad67.

We'll do a proper test in a follow-up commit; this is a quick fix to
make sure master works.

The emails will bounce, but it'll create all sorts of infrastructure
headaches.
2021-08-02 13:13:01 -07:00
Sahil Batra 998d710275 frontend: Add new user_settings module for user's settings.
We add a new user_settings module similar to page_params
module in frontend and use it to access user's personal
settings instead of page_params.
2021-08-01 15:30:17 -07:00
Sahil Batra e6f828a8e2 register: Send user_settings in response based on client capabilities.
We added "user_settings" object containing all the user settings in
previous commit. This commit modifies the code to send the existing
setting fields in the top-level object only if user_settings_object
client_capabilities field is False.
2021-08-01 15:30:17 -07:00
Sahil Batra 84742a040e api: Add "user_settings" object to '/register' response.
We add a "user_settings" object, containing all the user
settings, in the '/register' endpoint response for
better readability.
2021-08-01 15:30:17 -07:00
Sahil Batra 0364d0c8ca events: Add "user_settings_object" to client_capabilities.
This commit adds "user_settings_object" field to
client_capabilities which will be used to determine
if the client needs 'update_display_settings' and
'update_global_notifications' event.
2021-08-01 15:30:17 -07:00
Sahil Batra 7959ae3fab events: Add new event type 'user_settings' for updating user settings.
We send a event with type 'user_settings' on updating user's display
and notification settings.

The old event types - 'update_global_notifications' and
'update_display_settings', are still supported for backwards
compatibility.
2021-08-01 15:30:17 -07:00
Gaurav Pandey d89b4dcd0b api: Return zulip_merge_base alongside zulip_version.
Return zulip_merge_base alongside zulip_version
in `/register`, `/event` and `/server_settings`
endpoint so that the value can be used by other
clients.
2021-07-30 12:03:41 -07:00
Hemanth V. Alluri 6fee946a43 drafts: Send events to clients when drafts change.
With this, the core of the new drafts system is complete.
2021-07-30 10:41:52 -07:00
Hemanth V. Alluri c00089ac28 drafts: Add support for toggling drafts synchronization.
With changes mostly to the API documentation by tabbott.
2021-07-30 10:00:27 -07:00
Hemanth V. Alluri f1f0a26c37 drafts: Extract all of the real work to lib functions.
The main reason why this is needed is because this seems to be
convention and because we can't easily test event creation without
doing this.

Signed-off-by: Hemanth V. Alluri <hdrive1999@gmail.com>
2021-07-28 16:33:01 -07:00
Abhijeet Prasad Bodas de04f0ad67 notifications: Calculate PMs/mentions settings like other settings.
Previously, we checked for the `enable_offline_email_notifications` and
`enable_offline_push_notifications` settings (which determine whether the
user will receive notifications for PMs and mentions) just before sending
notifications. This has a few problem:

1. We do not have access to all the user settings in the notification
handlers (`handle_missedmessage_emails` and `handle_push_notifications`),
and therefore, we cannot correctly determine whether the notification should
be sent. Checks like the following which existed previously, will, for
example, incorrectly not send notifications even when stream email
notifications are enabled-
```
if not receives_offline_email_notifications(user_profile):
    return
```
With this commit, we simply do not enqueue notifications if the "offline"
settings are disabled, which fixes that bug.

Additionally, this also fixes a bug with the "online push notifications"
feature, which was, if someone were to:
* turn off notifications for PMs and mentions (`enable_offline_push_notifications`)
* turn on stream push notifications (`enable_stream_push_notifications`)
* turn on "online push" (`enable_online_push_notifications`)

then, they would still receive notifications for PMs when online.
This isn't how the "online push enabled" feature is supposed to work;
it should only act as a wrapper around the other notification settings.

The buggy code was this in `handle_push_notifications`:
```
if not (
    receives_offline_push_notifications(user_profile)
    or receives_online_push_notifications(user_profile)
):
    return

    // send notifications
```

This commit removes that code, and extends our `notification_data.py` logic
to cover this case, along with tests.

2. The name for these settings is slightly misleading. They essentially
talk about "what to send notifications for" (PMs and mentions), and not
"when to send notifications" (offline). This commit improves this condition
by restricting the use of this term only to the database field, and using
clearer names everywhere else. This distinction will be important to have
non-confusing code when we implement multiple options for notifications
in the future as dropdown (never/when offline/when offline or online, etc).

3. We should ideally re-check all notification settings just before the
notifications are sent. This is especially important for email notifications,
which may be sent after a long time after the message was sent. We will
in the future add code to thoroughly re-check settings before sending
notifications in a clean manner, but temporarily not re-checking isn't
a terrible scenario either.
2021-07-28 13:55:25 -07:00
Abhijeet Prasad Bodas 683c8507e4 models: Remove MutedTopic alias for UserTopic.
Part of #19272
2021-07-28 10:25:54 -07:00
Riken Shah 9fadd43830 user_status: Add backend changes to support status emoji.
In this commit:

* We update the `UserStatus` model to accept
`AbstractReaction` as a base class so, we can get all the
fields related to store status emoji.

* We update the user status endpoint
(`users/me/status`) to accept status emoji fields.

* We update the user status event to add status emoji
fields.

Co-authored-by: Yash Rathore <33805964+YashRE42@users.noreply.github.com>
2021-07-27 17:57:15 -07:00
Tim Abbott ed01ffadba tests: Fix leading slash in test exclusion as well. 2021-07-27 17:01:18 -07:00
sahil839 0d6f378ad7 help: Update documentation for add_custom_emoji_policy. 2021-07-27 16:41:23 -07:00
sahil839 1ce09d9db6 realm: Extend add_custom_emoji_policy to use COMMON_POLICY_TYPES.
This commit adds full members and moderators option for
add_custom_emoji_policy by using COMMON_POLICY_TYPES.
2021-07-27 16:41:23 -07:00
sahil839 4b1313a92b models: Replace add_emoji_by_admins_only with add_custom_emoji_policy.
This commit replaces boolean field add_emoji_by_admins_only with an
integer field add_custom_emoji_policy as we would also add full members
and moderators option for this setting in further commits.
2021-07-27 16:41:22 -07:00
Anders Kaseorg 17749cb608 archive: Remove non-functional archive code.
This removes a bunch of non-functional duplicate JavaScript, HTML, and
CSS that was interfering with maintenance on the functional originals,
because it was never clear how to update the duplicates or how to
check that you’d updated the duplicates correctly.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-27 16:25:24 -07:00
Sahil Batra 79b0ff5b23 events: Send enter_sends if update_display_settings in fetch_event_types.
We now send 'enter_sends' in response of '/register' endpoint if
'update_display_settings' is present in 'fetch_event_types' instead
of 'realm_user'.
2021-07-27 15:54:16 -07:00
Sahil Batra 355f6e9b53 settings: Move 'enter_sends' setting to property_types dict.
This commit moves "enter_sends" setting to property_types dict.
With this change, changing enter_sends setting also sends an
event of type "update_display_settings" and thus enables us
to live-update the UI.
2021-07-27 15:52:53 -07:00
Mateusz Mandera 013d6fa5e6 bots: Assume STAFF_SUBDOMAIN to be the realm where ERROR_BOT lives.
Now that get_system_bot requires a realm argument, a subdomain
needs to be made explicit to know in which organization to look up the
bot.
2021-07-27 15:51:59 -07:00
PIG208 e517f967b8 typing: Amend inaccurate type annotations.
This amend some type annotations that turn out to be inaccurate with
django-stubs.
2021-07-27 12:17:00 -07:00
Mateusz Mandera 8f588dcbab models: Pass realm to get_user_including_cross_realm calls. 2021-07-26 15:33:13 -07:00
Mateusz Mandera 43329b6a34 bots: Pass realm to get_system_bot calls in export/import. 2021-07-26 15:33:13 -07:00
Mateusz Mandera 7a36ac6eca bots: Pass realm to get_system_bot call in server_initialization.py. 2021-07-26 15:33:13 -07:00
Mateusz Mandera 0416f0385a bots: Pass realm to get_system_bot calls in onboarding.py. 2021-07-26 15:33:13 -07:00
Mateusz Mandera a124a4dfcf bots: Pass realm to get_system_bot calls in actions.py. 2021-07-26 15:33:13 -07:00
Mateusz Mandera 994ee70497 bots: Pass realm to self.notification_bot test helper. 2021-07-26 15:33:13 -07:00
Mateusz Mandera 104139657b bots: Pass realm to get_system_bot calls in email_mirror. 2021-07-26 15:33:13 -07:00
Mateusz Mandera d45f3eecaa models: Add optional realm_id argument to get_system_bot. 2021-07-26 15:31:10 -07:00
PIG208 d2af20eb2a typing: Do explicit type conversion when appropriate.
When calling some functions or assigning values to certain attributes,
the arguments/right operand do not match the exact type that the
functions/attributes expect, and thus we fix that by converting types
beforehand.
2021-07-26 15:09:07 -07:00
PIG208 7d1c475f69 typing: Use assertions for function arguments.
Utilize the assert_is_not_None helper to eliminate errors of
'Argument x to "Foo" has incompatible type "Optional[Bar]"...'
2021-07-26 14:48:45 -07:00
PIG208 2972e921b7 utils: Add a helper function for None-checks. 2021-07-26 14:46:45 -07:00
Dinesh 199f522808 test_classes.py: Replace markdown_logger mock with assertLogs.
Set level to 'ERROR' since exceptions create logs with that level.
2021-07-26 14:46:01 -07:00
Tim Abbott 09b5bb7930 export: Improve error message for missing registrations. 2021-07-24 17:36:15 -07:00
Mateusz Mandera 119f1da04a bots: Rename is_cross_realm_bot API field to is_system_bot.
Cross realm bots will soon stop being a thing. This param is responsible
for displaying "System Bot" in the user info popover - so this rename is the
right way to handle the situation.

We will likely want to rename the `cross_realm_bots` section as well,
but that is a more involved API migration.
2021-07-24 15:46:40 -07:00
PIG208 987f859681 webhooks: Detect view function with default naming convention. 2021-07-24 15:10:09 -07:00
PIG208 66b1a4e7ca backend: Add None-checks with assertions and if-elses.
This fixes a batch of mypy errors of the following format:
'Item "None" of "Optional[Something]" has no attribute "abc"'
2021-07-24 15:00:21 -07:00
Tim Abbott 01ce58319d mypy: Fix most AnonymousUser type errors.
This commit fixes several mypy errors with Django stubs, by telling
mypy that we know in a given code path that the user is authenticated.
2021-07-24 14:55:46 -07:00
Tim Abbott d603b0641e mypy: Extend type for post_data in send_to_push_bouncer. 2021-07-24 12:55:15 -07:00
Tim Abbott bd134019e4 mypy: Fix return type for num_push_devices_for_user. 2021-07-24 12:55:15 -07:00
Tim Abbott 4aba6c9833 mypy: Use Sequence in push notifications types.
This is important for variance reasons.
2021-07-24 12:55:15 -07:00
Tim Abbott 6e26c8912e actions: Fix stream_dict/sub_dict types and variable names. 2021-07-24 11:02:08 -07:00
Tim Abbott 3790146c75 actions: Fix typing for raw stream dictionaries. 2021-07-24 11:02:08 -07:00
PIG208 495a8476be tests: Use assertion to enforce None-checks in tests.
This fixes a batch of mypy errors of the following format:
'Item "None" of "Optional[Something]" has no attribute "abc"

Since we have already been recklessly using these attritbutes
in the tests, adding assertions beforehand is justified presuming
that they oughtn't to be None.
2021-07-24 09:54:21 -07:00
PIG208 442adfaff3 sessions: Use SessionBase instead of Session. 2021-07-24 09:54:21 -07:00
Anders Kaseorg 162e9d6c0b fenced_code: Optimize FENCE_RE to fix cubic worst-case complexity.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-22 16:40:44 -07:00
Anders Kaseorg dea935f26f fenced_code: Write FENCE_RE with a raw string.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-22 16:40:43 -07:00
akshatdalton 7d9e71be21 fenced_code: Add `process_contents` flag to de-duplicate code. 2021-07-22 10:57:23 -07:00
Anders Kaseorg f9430674d2 github: Update macOS dmg filename pattern.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-21 19:03:39 -07:00
PIG208 7cf859882d rate_limiter: Avoid strong reference to user.
This prevents a memory leak caused by the `SimpleLazyObject` instance of
`UserProfile` that create a reference loop with the request object
via `ZulipRequestNotes`.
2021-07-20 10:32:29 -07:00
Anders Kaseorg 6564b258f1 request: Weaken ZulipRequestNotes.tornado_handler reference.
This prevents a memory leak arising from Python’s inability to collect
a reference cycle from a WeakKeyDictionary value to its key
(https://bugs.python.org/issue44680).

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-19 16:48:23 -07:00
Anders Kaseorg 7c32134fb5 Revert "Revert "request: Refactor to record rate limit data using ZulipRequestNotes.""
This reverts commit 49eab4efef.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-19 16:48:23 -07:00
Alya Abbott 844c62c64e portico: Create new "Zulip for communities" page. 2021-07-18 12:10:33 -07:00
Tim Abbott 95606a7347 api: Return user IDs, not display emails, in subscribers endpoints.
Sometime in the deep past, Zulip the GET /users/me/subscriptions
endpoint started returning subscribers.  We noticed this and made it
optional via the include_subscribers parameter in
1af72a2745, however, we didn't notice
that they were being returned as emails rather than user IDs.

We migrated the core /register code paths to use subscriber IDs years
ago; this change completes that for the endpoints we forgot about.

The documentation allowed this error because we apparently had no
tests for this code path that used the actual API.
2021-07-18 11:32:28 -07:00
sahil839 05aff3f271 api: Add "ignored_parameters_unsupported" to response of '/settings'.
We add "ignored_parameters_unsupported" field to the response object
of 'PATCH /settings' endpoint. This will contain the parameters
passed to the endpoint which are not changed by the endpoint and are
ignored.

This will help in removing the other fields like "full_name" from
response which was essentially present to specify that only these
fields were updated by the endpoint and rest were ignored.

We will also change other endpoints to follow this in future.
2021-07-16 16:10:15 -07:00
Anders Kaseorg fb3ddf50d4 python: Fix mypy no_implicit_reexport errors.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-16 14:02:31 -07:00
Anders Kaseorg 1a985911ef test_classes: Use mock.patch in tornado_redirected_to_list.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-16 14:02:31 -07:00
Anders Kaseorg 1ae56e466b cache: Fix typing for post_save and post_delete flush handlers.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-16 13:14:04 -07:00
PIG208 49eab4efef Revert "request: Refactor to record rate limit data using ZulipRequestNotes."
This reverts commit 3f9a5e1e17.
2021-07-16 09:01:20 -07:00
Abhijeet Prasad Bodas 2545f00ad8 do_update_embedded_data: Remove unnecessary `transaction.atomic`.
There isn't any attachments code involved here.
This was added in c93f1d4eda, probably accidentally.
2021-07-16 09:00:02 -07:00
akshatdalton 6b5812082e markdown: Fix shebang line eliminating behaviour of Codehilite.
See the block comment explaining the motivation for this change, but
basically, the shebang feature of Python-Markdown's Codehilite
extension could be really confusing and is not part of the CommonMark
standard.

1. https://python-markdown.github.io/extensions/code_hilite/#shebang-no-path
2. eacff473a2/markdown/extensions/codehilite.py (L164-L180)

Fixes: #18591.
2021-07-15 15:18:33 -07:00
Anders Kaseorg 7ccefa5242 push_notifications: Fix APNs message generation.
This emulates the previous PyAPNs2 behavior of moving the contents of
the ‘custom’ key to top level.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-15 13:49:56 -07:00
Eeshan Garg faa695e86d registration: Collect organization type on sign-up. 2021-07-15 09:58:27 -07:00
sahil839 61acf68aa4 emoji: Allow emoji authors to delete the emoji always.
Previously, non-admin emoji authors were allowed to
delete the emoji only if add_emoji_by_admins_only
was false. But, as add_emoji_by_admins_only setting
is for who can add emoji and not delete emojis, it
should not affect the behavior of deleting emojis
and users should always be allowed to delete the
emojis which. they added themselves
2021-07-14 14:57:08 -07:00
sahil839 50240ca71b models: Use COMMON_POLICY_TYPES for user_group_edit_policy.
This commit adds moderators and full members options for
user_group_edit_policy by using COMMON_POLICY_TYPES.

Moderators do not require to be a member of user group in
order to edit or remove the user group if they are allowed
to do so according to user_group_edit_policy.
But full members need to be a member of user group to edit
or remove the user group.
2021-07-14 14:38:44 -07:00
sahil839 93a1479286 user_group: Change error message to "Insufficient permission".
There is no need to have a error message which specifies the
roles having permission to edit user-groups, we can simply
have error message as "Insufficient permission" as we already
show the roles having permission clearly in UI.
2021-07-14 14:38:43 -07:00
sahil839 d7dfe80454 models: Add RealmUserDefault table for realm-level default of settings.
This table will be used to store the realm-level default of display
and notification settings for new users.
2021-07-14 14:35:04 -07:00
PIG208 c03b9c95ad request: Store client information using ZulipRequestNotes.
This concludes the HttpRequest migration to eliminate arbitrary
attributes (except private ones that are belong to django) attached
to the request object during runtime and migrated them to a
separate data structure dedicated for the purpose of adding
information (so called notes) to a HttpRequest.
2021-07-14 12:01:07 -07:00
PIG208 26875cdf0b tests: Migrate mocked Request to HostMockRequest.
This migrates some mocked Request class and mocked request achieved
with namedtuple in test_decorators and test_mirror_users to use the
refactored HostMockRequest.

Since weakref cannot be used with namedtuple, this old way of mocking a
request object should be migrated to using HostRequestMock. Only after
this change we can extract client from the request object and store it
via ZulipRequestNotes.
2021-07-14 12:01:07 -07:00
PIG208 5167a93229 request: Move tornado_handler to ZulipRequestNotes. 2021-07-14 12:01:07 -07:00
PIG208 742c17399e request: Move miscellaneous attributes to ZulipRequestNotes.
This includes the migration of fields that require trivial changes
to be migrated to be stored with ZulipRequestNotes.

Specifically _requestor_for_logs, _set_language, _query, error_format,
placeholder_open_graph_description, saveed_response, which were all
previously set on the HttpRequest object at some point. This migration
allows them to be typed.
2021-07-14 12:01:07 -07:00
PIG208 3f9a5e1e17 request: Refactor to record rate limit data using ZulipRequestNotes.
We will no longer use the HttpRequest to store the rate limit data.
Using ZulipRequestNotes, we can access rate_limit and ratelimits_applied
with type hints support. We also save the process of initializing
ratelimits_applied by giving it a default value.
2021-07-14 12:01:07 -07:00
PIG208 da6e5ddcae request: Move log_data from HttpRequest to ZulipRequestNotes. 2021-07-14 12:01:05 -07:00
PIG208 75cde8ebcf request: Refactor HostRequestMock to subclass HttpRequest. 2021-07-14 11:52:43 -07:00
PIG208 03693cd27e request: Map HttpRequest to ZulipRequestNotes for typing.
We create a class called ZulipRequestNotes as a new home to all the
additional attributes that we add to the Django HttpRequest object.
This allows mypy to do the typecheck and also enforces type safety.

Most of the attributes are added in the middleware, and thus it is
generally safe to assert that they are not None in a code path that
goes through the middleware. The caller is obligated to do manual
the type check otherwise.

This also resolves some cyclic dependencies that zerver.lib.request
have with zerver.lib.rate_limiter and zerver.tornado.handlers.
2021-07-14 11:52:42 -07:00
akshatdalton f5c4d51ed2 resolve topic: Add `is:resolved` search keyword/filtering support.
This commit adds the backend support for `is:resolved` search keyword.
In the next commit, I will add the frontend support for the same.
2021-07-13 23:18:41 -07:00
akshatdalton 7ec406f39d refactor: Extract `RESOLVED_TOPIC_PREFIX` in topic.py.
This is a prep commit for #18990.
2021-07-13 23:18:41 -07:00
Abhijeet Prasad Bodas 1709428cff models: Create MissedMessageEmailEntry table.
This will be used to store the missedmessage events received
during the waiting time for email notifications (which is currently
2 minutes, hardcoded).

The change in `test_retention` is because we've set `on_delete=CASCADE`
for the message field this table.
The new query is like so:
```
DELETE FROM "zerver_missedmessageemailentry"
    WHERE "zerver_missedmessageemailentry"."message_id" IN (
        1545, 1546, 1547, 1548, 1549, 1550, 1551, 1552, 1553
        )
```
2021-07-13 17:21:37 -07:00
Abhijeet Prasad Bodas c3319a5231 notification_data: Create common source for trigger strings.
This reduces loose strings in the codebase, and allows us to not worry
about the exact naming (`stream_email_enabled` or `stream_emails_enabled`?)
and tense (`mentioned` or `mention`?).

Ideally this new class should have been in `lib/notification_data.py`,
which is our file for things like this. But, the next commit requires
using this data in `models.py`, and importing from `notification_data.py`
to `models.py` causes recursive imports.
2021-07-13 17:16:32 -07:00
Alex Vandiver 0b7cff2f22 push_notifications: Hide "error" level messages from aioapns.
Work around Fatal1ty/aioapns#15, by silencing error-level logging from
the aioapns logger.  We deal with the results of failed
send_notification calls by examining the `result.description` and
handling them; the extra logging message merely clutters the Sentry
logs.
2021-07-13 09:28:05 -07:00
Anders Kaseorg 8486499314 fenced_code: Fix processor type annotation.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-09 17:10:31 -07:00
Tim Abbott bc42ba87d4 message: Add types for RawUnreadMessagesResult keys.
This improves the readability for this important piece of code.
2021-07-09 11:34:07 -07:00
m-e-l-u-h-a-n 781179c56a subs: Rename subs.js to stream_settings_ui.js.
We use subs as a common variable name for a collection of stream
data structure used in settings, in lot of modules. So this
rename clears a bunch of related shadowed variables.
2021-07-09 09:38:58 -07:00
Tim Abbott c804ab27d5 actions: Rename do_activate_user to do_activate_mirror_dummy_user.
This function had a confusing name, which could result in someone
using it unintentionally when they meant do_reactivate_user.

We also add docstrings for both functions.
2021-07-08 17:33:17 -07:00
Mateusz Mandera b9056d193d rate_limit: Implement IP-based rate limiting.
If the user is logged in, we'll stick to rate limiting by the
UserProfile. In case of requests without authentication, we'll apply the
same limits but to the IP address.
2021-07-08 15:46:52 -07:00
Gaurav Pandey d2074fc10c events: Remove `sender_id` from `delete_message` event.
Remove `sender_id` as part of responses from `/events`
api for `delete_message` event when `message_type` is
`private`.
2021-07-08 13:40:32 -07:00
Gaurav Pandey bc131c1636 events: Remove `recipient_id` from `delete_message` event.
Remove `recipient_id` from `delete_message` event response
when `message_type` is `private`. API changelog updated in
next commit.
2021-07-08 13:36:45 -07:00
sahil839 a535ec6262 settings: Remove timezone from UserProfile.property_types.
We remove timezone setting from UserProfile.property_types
so that we can directly use UserProfile.property_types for
implementation of realm-default values of various user
settings.
2021-07-08 12:52:29 -07:00
aryanshridhar 9049fb3bd4 users: Remove redundant compute_show_invites function.
This commits removes the redundant `compute_show_invites` function
which computes the `show_invites` page parameter in `lib/users.py`.

It is so because, commit 13399833b0 removed
the `show_invites` context variable passed in index.html.
Hence, the `show_invites` page_param key is no
longer required to compute in backend as it can be switched with
`settings_data.user_can_invite_others_to_realm()` in the frontend.

This commits also removes the `test_compute*` tests in
`test_home` that concerned with the `show_invites` page parameter
as they are no longer required.
2021-07-08 12:37:47 -07:00
Abhijeet Prasad Bodas bf15c0235a notifications: Remove unused fields in queue events.
* `stream_name`: This field is actually redundant. The email/push
  notifications handlers don't use that field from the dict, and they
  anyways query for the message, so we're safe in deleting this field,
  even if in the future we end up needing the stream name.

* `timestamp`: This is totally unused by the email/push notification
  handlers, and aren't sent to push clients either.

* `type` is used only for the push notifications handler, since only
  push notifications can be revoked, so we move them to only run there.
2021-07-08 11:22:45 -07:00
Abhijeet Prasad Bodas 76dc504f7e push_notifications: Remove outdated comments.
We solely rely on the logic here for filtering with the `read` flag
since 10dd5f784b.
2021-07-08 11:14:08 -07:00
Tim Abbott af47fa705e exceptions: Use HTTP 401 code for authentication errors. 2021-07-08 10:33:08 -07:00
Abhijeet Prasad Bodas 4f9c7cae0a push_notifications: Send mentioned user group ID and name in payload. 2021-07-08 10:19:43 -07:00
Abhijeet Prasad Bodas 9bd8fe01fc android push notifications: Display mentioned user group name.
Followup to 83399e2e72.
2021-07-08 10:03:07 -07:00
Abhijeet Prasad Bodas 4d24499317 android notifications: Differentiate personal vs wildcard mentions.
The code to also notify for wildcard mentions was added in
0ed0bb6828.

But that showed the same text for both the cases. This commit fixes
that.

This is more of change for correctness. The mobile app currently does
not rely on this text for notifications, but constructs the text by
itself from the data in the payload.

This also fixes the "stream_push_notify" case to consistently show
a `#` before the stream name.
2021-07-08 10:03:07 -07:00
Abhijeet Prasad Bodas ce6f6a3829 push_notifications: Pre-calculate mentioned_user_group_name.
Prep change for showing the mentioned user group name in Android
notifications also. This will avoid doing the user group fetch twice.
2021-07-08 10:03:07 -07:00
akshatdalton db1cf3b521 refactor: Add class `ZulipBaseHandler` to de-duplicate code. 2021-07-07 17:53:22 -07:00
Anders Kaseorg 98194b9316 blueslip: Remove SAVE_FRONTEND_STACKTRACES setting.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-07 09:26:02 -07:00
Anders Kaseorg 07fef56c74 logging_handlers: Remove STAGING_ERROR_NOTIFICATIONS setting.
Running notify_server_error directly from the logging handler can lead
to database queries running in a random context.  Among the many
potential problems that could cause, one actual problem is a
SynchronousOnlyOperation exception when running in an asyncio event
loop.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-07 09:26:02 -07:00
Vishnu KS acffc0ae0a populate_db: Use do_create_realm for creating zephyr realm. 2021-07-06 17:22:00 -07:00
Vishnu KS b9066886d9 cache: Properly flush stream from cache after the stream is deleted.
The previous logic was incorrect and was not flushing the stream from
cache after deletion.

```

stream = get_realm_stream("Verona", realm.id)
stream.delete()
get_realm_stream("Verona", realm.id)
```

In the above example, the last line of code would have returned
the stream from cache instead of throwing a Stream.DoesNotExist
error. This is fixed in the commit.

I have verified that this commit indeed fix the issue by verifying
that calling get_realm_stream again after deleting the stream
results in Stream.DoesNotExist error.
2021-07-06 17:21:59 -07:00
PIG208 8b9011dff8 json_error: Completely remove json_error.
This completes the migration from `return json_error` to
`raise JsonableError`.
2021-07-06 15:34:33 -07:00
Tim Abbott dbf886dfce exceptions: Deduplicate common authentication errors. 2021-07-06 15:28:38 -07:00
Tim Abbott 331f34cc1f auth: Use standard classes for API key fetch exceptions.
This lets us reuse a bunch of code and error handling logic, resulting
in a more sensible and consistent API.
2021-07-06 15:28:38 -07:00
PIG208 43cca07b4b exceptions: Add ValidationFailureError. 2021-07-06 09:44:45 -07:00
Riken Shah a96c614420 message: Fix the edit topic bug by removing leading \n from msg content.
The reason for this bug is because of different striping
processes in the backend and frontend, i.e The frontend
checks if the message's `raw_content` has changed to
decide if the `content` of the message should be sent in
the request to the backend, or not. So, it removes the
leading new line ('\n') from the message `raw_content`
when checking it, which is causing the "Error saving edit:
You don't have permission to edit this message" error.

This commit fixes it by removing the leading new line
when cleaning message content.

The bug was explained by @punchagan and its solution
by @timabbott.
2021-07-06 09:41:54 -07:00
Anders Kaseorg 3853285241 push_notifications: Replace PyAPNs2 with aioapns.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-05 20:16:50 -07:00
Anders Kaseorg 0bc002270c push_notifications: Use lru_cache decorator.
This does the same thing in a simpler way.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-05 20:16:50 -07:00
PIG208 83ea6c37c5 webhook: Add expect_noop option for check_webhook.
This change allow check_webhook to raise an error when a message is
sent and vice versa. This is useful when one payload is not expecting
any output messages.
2021-07-05 19:17:11 -07:00
PIG208 2f9c586af5 webhooks: Allow event registration using webhook_view decorator.
In addition to event filtering, we add support for registering supported
events for a webhook integration using the webhook_view decorator.

The event types are stored in the view function directly as a function
attribute, and can be later accessed via the module path and the view
function name are given (which is already specified the integrations.py)

Note that the WebhookTestCase doesn't know the name of the view function
and the module of the webhook. WEBHOOK_DIR_NAME needs to be overridden
if we want exceptions to raised when one of our test functions triggered
a unspecified event, but this practice is not enforced.

all_event_type does not need to be given even if event filters are used
in the webhook. But if a list of event types is given, it will be possible
for us to include it in the documentation while ensuring that all the
tested events are included (but not vice versa at the current stage, as
we yet not required all the events included in the list to be tested)

This guarantees that we can always access the list of all the tested
events of a webhook. This feature will be later plumbed to marcos to
display all event types dynamically in doc.md.
2021-07-05 19:10:31 -07:00
aryanshridhar 8fb7ff7637 left_sidebar: Migrate to handlebars.
This commit migrates the `left_sidebar.html` Django template
to handlebars by creating a new file as `left_sidebar.hbs`
which is then rendered using `ui_init` module.

These are the minor changes introduced by virtue of template
migration -
 - The `compute_show_invites_and_add_streams` function now
   only concerns with the invite_to_realm_policy.
 - Renamed the `compute_show_invites_and_add_streams` function
   to `compute_show_invites` due to the above change.
 - Fixes relevant `test_home.py` tests due to the above
   changes.

Fixes part of #18792.
2021-07-05 18:49:43 -07:00
Anders Kaseorg ee8724e436 docs: Correct Big Blue Button to BigBlueButton.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-05 16:59:00 -07:00
Hashir Sarwar 87d90f47ee email_notifications: Show mentioned user group in email notifications.
Fixes #13080.
Cherry-picked from #15011 with edits.

Co-authored-by: Abhijeet Bodas <abhijeetbodas2001@gmail.com>
2021-07-05 14:23:59 -07:00
Hashir Sarwar 83399e2e72 push_notifications: Show mentioned user group in mobile notifications.
Part of #13080.
Cherry-picked from #15011 with edits.

Co-authored-by: Abhijeet Bodas <abhijeetbodas2001@gmail.com>
2021-07-05 14:23:59 -07:00
Abhijeet Prasad Bodas 167be7dbdc mentions: Send user group mention data to notification notices.
We will later use this data to include text like:
`<sender> mentioned @<user_group>` instead of the current
`<sender> mentioned you` when someone mentions a user group
the current user is a part of in email/push notification.

Part of #13080.
2021-07-05 14:23:59 -07:00
Abhijeet Prasad Bodas 07d6ab9753 notification_data: Add `get_user_group_mentions_data` function.
We will use this later to display which user group was mentioned
in push and email notifications.

`mentioned_user_group_ids` is kept as a List (not Set) to ensure proper
test coverage of the function, since it depends on the order of iteration,
and we cannot change the order of iteration for a set (which we'll need
to do for proper testing).

Part of #13080.
2021-07-05 14:23:59 -07:00
Abhijeet Prasad Bodas ee424c1f76 push_notifications: Assert observation written in comment.
This will ensure the comment does not go out of date.
2021-07-05 14:23:59 -07:00
Anders Kaseorg c56440ded0 requirements: Upgrade Python requirements.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-05 12:23:06 -07:00
Anders Kaseorg 24c239d991 openapi: Add missing __init__.py; fix type errors hidden by its absence.
The absence of __init__.py was preventing mypy from following any of
the zerver.openapi imports.  These errors were being silenced by
ignore_missing_imports.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-05 12:20:39 -07:00
PIG208 6a04648fd7 exceptions: Add ResourceNotFoundError. 2021-07-05 11:02:12 -07:00
PIG208 a6e88a5a76 exceptions: Add AccessDeniedError. 2021-07-05 11:02:09 -07:00
Vishnu KS e0f5fadb79 billing: Downgrade small realms that are behind on payments.
An organization with at most 5 users that is behind on payments isn't
worth spending time on investigating the situation.

For larger organizations, we likely want somewhat different logic that
at least does not void invoices.
2021-07-02 13:19:12 -07:00
Priyansh Garg 94a2be06f3 markdown: Use a shared variable for IMAGE_EXTENSION. 2021-07-02 11:22:55 -07:00
Mateusz Mandera b9a8fb4453 upload: Deduplicate logic for public upload url creation.
get_public_upload_root_url and construct_public_upload_url_base were
both doing basically the same thing in the same. We deduplicate this,
making them share the same code, using the approach from
get_public_upload_root_url of using urljoin.

Using a format string is not a great idea, as it doesn't handle the case
of the URL already having parts that will be interpreted as format
string metacharacters. On the downside, this approach negatively affects
performance:

```
...: s = time.time()
...: for i in range(0, 250):
...:     r = u.get_public_upload_url("foo")
...: print(time.time()-s)
0.020366191864013672
```

up from 0.001 before this change.
2021-07-02 08:05:53 -07:00
Tim Abbott 64aa8f80a0 events: Add heartbeat events to tests and documentation.
Heartbeat events are an important part of the API, even though they
are noops, so it's important to document them.
2021-07-01 17:14:32 -07:00
sahil839 437f4c2288 settings: Rename 'Your bots' to 'Bots' in settings sidebar.
As we have changed the tab selector above from "Settings" to "Personal
settings", we can simply change "Your bots" to "Bots" as "Bots" is
clear enough given the personal settings context.

We also need to update the API documentation for bots accordingly.
2021-07-01 12:14:48 -07:00
sahil839 37620ffef0 gear_menu: Rename "Settings" option to "Personal settings".
Also includes change in markdown used in docs.
2021-07-01 11:47:14 -07:00
sahil839 706ec9714c events: Set state["emojiset_choices"] only once.
There was a minor typo where state["emojiset_choices"]
was part of the loop for UserProfile.property_types.
2021-06-30 17:03:44 -07:00
sahil839 0c80d23857 help: Update help pages according to profile page redesign.
This commit fixes the documentation of settings as we have
replaced "Your account" section into two new sections -
"Profile" and "Account & privacy".

This commit also fixes a comment in the test for settings
documentation in test_middleware.py.
2021-06-30 16:56:03 -07:00
PIG208 dcbb2a78ca python: Migrate most json_error => JsonableError.
JsonableError has two major benefits over json_error:
* It can be raised from anywhere in the codebase, rather than
  being a return value, which is much more convenient for refactoring,
  as one doesn't potentially need to change error handling style when
  extracting a bit of view code to a function.
* It is guaranteed to contain the `code` property, which is helpful
  for API consistency.

Various stragglers are not updated because JsonableError requires
subclassing in order to specify custom data or HTTP status codes.
2021-06-30 16:22:38 -07:00
Tim Abbott 0be35f530b push_notifications: Replace 'REDACTED' string.
The previous string was bold, potentially confusing, and doesn't
explain clearly what's happening. We replace this with a string that's
more or less copied from what we do in email notifications with the
similar setting enabled.
2021-06-30 15:15:22 -07:00
Shelly c958a023fe i18n: Add i18n to 'REDACTED' message in push notifications.
When a user has disabled message content in mobile push notifications,
we send a fixed string (currently "REDACTED") as the content of the
notification. Previously, this string was not tagged for translation;
we fix that here.

Additionally, because mobile push notifications are generated in a
queue worker, they do not have the user's language set by the Django
middleware. Our email notifications solve that problem using
`override_language`; we do the same here.

We choose to do override_language in get_message_payload_apns and
get_message_payload_gcm, rather than the caller, in order to be
consistent with tests.

Tested end-to-end by tabbott by setting a translation for "REDACTED"
manually in German.

Fixes #18713.
2021-06-30 15:15:13 -07:00
PIG208 0740c94517 webhooks: Support configuring destination stream by id. 2021-06-30 09:31:07 -07:00
PIG208 542516b07b integrations: Support params for events filtering.
We modify check_send_webhook_message to make it accept three new
parameters: only_events and exclude_events that are retrieved using REQ,
and complete_event_type, which is passed by the incoming webhook view
that is filtered according to the former two parameters.

Part of #18525.
2021-06-29 17:07:46 -07:00
PIG208 5ecbfecd77 webhook: Rename FIXTURE_DIR_NAME to WEBHOOK_DIR_NAME.
Since FIXTURE_DIR_NAME is the name of the folder that contains the view
and tests modules of the webhook and another folder called "fixtures" that
store the fixtures, it is more appropriate to call it WEBHOOK_DIR_NAME,
especially when we want to refer to the view module using this variable.
2021-06-29 17:01:54 -07:00
Damian Parrino caea7f167d help: Reorganize articles on editing topics.
* Move content on moving topics between streams to a dedicated
  article. We advertise it as "move content" to hint that one can move
  messages or split topics, and link to it.

* This deletes change-the-topic-of-a-message, because the same content
  is already covered in rename-a-topic.

* This commit mostly just moves content between articles. Most of that
  content was redundant with the first few paragraphs of the surviving
  "rename a topic" article. The former "This is useful for" se ntence
  was adapted to the remaining article.

* This commit also adds a redirect for the removed article, and
  updates related links.
2021-06-29 13:52:06 -07:00
Steve Howell 9e1d98a512 widgets: Add range checks on backend for indexes. 2021-06-29 13:40:33 -07:00
Steve Howell c25dbf7020 widgets: Validate todo data on the backend. 2021-06-29 13:40:33 -07:00
akshatdalton 44a298b671 minor: Use `OUTER_CAPTURE_GROUP` variable instead of string value. 2021-06-25 17:43:27 -07:00
akshatdalton 490f6b6880 markdown: Extract regex in local variables. 2021-06-25 17:43:01 -07:00
Abhijeet Prasad Bodas e196ea7e64 event_queue: Consistently user `user_notifications_data` as variable name.
This disambiguates this object from the those sent via the `send_event`
calls, which are also called "user_data".
2021-06-25 08:54:01 -07:00
Abhijeet Prasad Bodas 733e0ae75e notification_data: Rename `sender_id` -> `acting_user_id`.
This better shows the situation for message edits, where we use the same
class.
2021-06-25 08:54:00 -07:00
PIG208 87fc2bbe50 markdown: Remove do_render_markdown.
The function becomes unnecessary as we start to use a dataclass to
store the extra fields that it used to patch into the Messasge object.
2021-06-24 18:14:53 -07:00
PIG208 75cea329b4 markdown: Refactor out additional properties added to Message.
This adds a new class called MessageRenderingResult to contain the
additional properties we added to the Message object (like alert_words)
as well as the rendered content to ensure typesafe reference. No
behavioral change is made except changes in typing.

This is a preparatory change for adding django-stubs to the backend.

Related: #18777
2021-06-24 18:14:53 -07:00
PIG208 c5e5814242 message_edit: Refactor do_update_mobile_push_notification for clarity.
This is a prep commit of #18917.
2021-06-24 18:14:53 -07:00
Vishnu KS 4e0dac9e6c actions: Update default streams state when user role is changed. 2021-06-24 17:02:05 -07:00
Tim Abbott abf2571133 test_signup: Support passing no password in verify_signup. 2021-06-24 14:55:05 -07:00
Suyash Vardhan Mathur 23b991a801 api docs: Replace most markdown files with a common template.
This PR adds a basic .md template that is followed by lot of /api
pages. Since we have recently done the migration work to ensure that
our REST API documentation pages for individual endpoints are almost
all identical files following a common pattern, we can now get the
payoff of deleting them all in favor of a shared template.

This removes 2000 lines of somewhat finicky configuration from the
codebase, and thus should save significant effort when documenting new
API endpoints in the future.

The markdown files for endpoints or other pages which deviate from the
standard template remain, and the docs are instead generated from
those files using the existing system.
2021-06-24 10:42:08 -07:00
Suyash Vardhan Mathur fab6a5192c openapi: Fix 'no parameters found' with x-parameter-description.
Currently, the message that no parameters are accepted by
the endpoint is displayed if there are no parameters in
OpenAPI data, but it is possible that information is
encoded in x-parameter-description (example in upload-file
endpoint), and we want to display that information rather
than the message.

Added an if condition to check the same.
2021-06-24 10:38:33 -07:00
Suyash Vardhan Mathur ad9d1c0f80 openapi: Fix return values in delete-queue endpoint.
The check for whether to do the special GET /events logic was
incorrectly also covering DELETE /events.
2021-06-24 10:37:56 -07:00
Abhijeet Prasad Bodas 1cf1d147aa event_queue: Move notification trigger logic to notification_data.
This removes some complexity from the event_queue module.
To avoid code duplication, we reduce the `is_notifiable` methods to
internally just call the `trigger` methods and check their return value.
2021-06-24 09:35:18 -07:00
Abhijeet Prasad Bodas 66192825c0 maybe_enqueue_notifications: Take in notification_data dataclass.
* Modify `maybe_enqueue_notifications` to take in an instance of the
dataclass introduced in 951b49c048.

* The `check_notify` tests tested the "when to notify" logic in a way
which involved `maybe_enqueue_notifications`. To simplify things, we've
earlier extracted this logic in 8182632d7e.
So, we just kill off the `check_notify` test, and keep only those parts
which verify the queueing and return value behavior of that funtion.

* We retain the the missedmessage_hook and message
message_edit_notifications since they are more integration-style.

* There's a slightly subtle change with the missedmessage_hook tests.
Before this commit, we short-circuited the hook if the sender was muted
(5a642cea11).
With this commit, we delegate the check to our dataclass methods.
So, `maybe_enqueue_notifications` will be called even if the sender was
muted, and the test needs to be updated.

* In our test helper `get_maybe_enqueue_notifications_parameters` which
generates default values for testing `maybe_enqueue_notifications` calls,
we keep `message_id`, `sender_id`, and `user_id` as required arguments,
so that the tests are super-clear and avoid accidental false positives.

* Because `do_update_embedded_data` also sends `update_message` events,
we deal with that case with some hacky code for now. See the comment
there.

This mostly completes the extraction of the "when to notify" logic into
our new `notification_data` module.
2021-06-24 09:35:17 -07:00
Abhijeet Prasad Bodas dedc39f139 notifications_data: Rename `id` -> `user_id`.
We also make this a mandatory named argument for our test helper
for clarity.
2021-06-24 17:34:50 +05:30
Priyansh Garg 6d39dd9d01 import_realm: Fix stream `rendered_description` not being set.
While importing a realm, the stream dictionaries in data['zerver_stream']
already contains the field named `rendered_description`, which is set to
`""`. This lead the code to assume that the stream rendered_description
was already set, due to which, it was not setting the rendered_description
field for any stream.
2021-06-23 08:03:43 -07:00
sahil839 37bf160298 queue_processor: Add langauge to the events added to invites queue.
This is a prep commit for adding realm-level default for various
user settings. We add the language, in which the invite email will
be sent, to the dict added to queue itself to avoid making queries
in a loop when sending multiple emails from queue.

We also handle the case for old events in the queue.
2021-06-22 16:55:32 -07:00
sahil839 6a191a7bf0 queue_processor: Remove email_body from the invite email events.
We removed the use of email_body field in 47fcb27e39, but was
still passed in events from do_resend_user_invite_email and
in tests. So this commit removes the email_body field from
these places.
2021-06-22 16:55:32 -07:00
Abhijeet Prasad Bodas c3fb413119 message edit: Don't send mentioned user_ids in event dict.
We already have this data in the `flags` for each user, so no need to
send this set/list in the event dictionary.

The `flags` in the event dict represent the after-message-update state,
so we can't avoid sending `prior_mention_user_ids`.
2021-06-22 10:27:55 -07:00
Mateusz Mandera 85e19b2bde upload: Use URL manipulation for get_public_upload_url logic.
This is much faster than calling generate_presigned_url each time.

```
In [3]: t = time.time()
   ...: for i in range(250):
   ...:     x = u.get_public_upload_url("foo")
   ...: print(time.time()-t)
0.0010945796966552734
```
2021-06-22 09:35:56 -07:00
Mateusz Mandera e883ab057f upload: Cache the boto client to improve performance.
Fixes #18915

This was very slow, causing performance issues. After investigating,
generate_presigned_url is the cheap part of this, but the
session.client() call is expensive - so that's what we should cache.

Before the change:
```
In [4]: t = time.time()
   ...: for i in range(250):
   ...:     x = u.get_public_upload_url("foo")
   ...: print(time.time()-t)
6.408717393875122
```

After:
```
In [4]: t = time.time()
   ...: for i in range(250):
   ...:     x = u.get_public_upload_url("foo")
   ...: print(time.time()-t)
0.48990607261657715
```

This is not good enough to avoid doing something ugly like replacing
generate_presigned_url with some manual URL manipulation, but it's a
helpful structure that we may find useful with further refactoring.
2021-06-22 09:35:19 -07:00
Tim Abbott e231a03eff message_edit: Fix non-alternating resolve topic notifications.
Previously, it was possible for an unusual series of topic-edit
actions to result in Notification Bot reporting that a topic was
marked as resolved that had already been marked as resolved, etc.
2021-06-21 12:45:19 -07:00
Tim Abbott b2dd15fd86 message_edit: Reject buggy noop topic edit requests.
A buggy client might send a message_edit request to change the topic
field, sending the current topic as the new value. Previously, we
would treat that as a normal request to edit the topic; now we act as
though the API request had not requested a topic change.  In the
common case that only the topic was in the edit request, this now
results in an error that should help client implementations identify
their bug.

This fixes a bad interaction with the "unresolve topic" logic, which
assumed that upstream logic had verified that the topic was actually
changing.
2021-06-21 12:16:00 -07:00
sahil839 c42031bc05 signup: Do not translate signup messages sent to "Zulip internal" realm. 2021-06-21 11:30:56 -07:00
Abhijeet Prasad Bodas 5c483e3b58 get_active_presence_idle_user_ids: Check notifiability more thoroughly.
* Have the `get_active_presence_idle_user_ids` function look at all the
user data, not just `private_message` and `mentioned`.
* Fix a couple of incorrect `missedmessage_hook` tests, which did not
catch the earlier behaviour.
* Add some comments to the tests for this function for clarity.
* Add a helper to create `UserMessageNotificationsData` objects from the
user ID lists. This will later help us deduplicate code in the event_queue
logic.

This fixes a bug which earlier existed, that if a user turned on stream
notifications, and received a message in that stream which did not mention
them, they wouldn't be in the `presence_idle_users` list, and hence would
never get notifications for that message.

Note that, after this commit, users might still not get notifications in
the above scenarios in some cases, because the downstream logic in the
notification queue consumers sometimes erroneously skips sending
notifications for stream messages.
2021-06-21 10:52:59 -07:00
Abhijeet Prasad Bodas aeb2ad5f46 notification_data: Annotate `flags` with `Collection`.
Since `flags` here could be iterated through multiple times
(to check for push/email notifiability), we use `Collection`.
Inspired by 871e73ab8f.

The other change here in the `event_queue` code is prep for using
the `UserMessageNotificationsData` class there.
2021-06-21 10:52:59 -07:00
Abhijeet Prasad Bodas 8182632d7e notification_data: Add methods to determine notifiability.
We will later consistently use these functions to check for notifiable
messages in the message send and event_queue code.

We have these functions accept the `sender_id` so that we can avoid the
`private_message = message["type"] == "private" and user_id != sender_id`
wizardy.
2021-06-21 10:52:59 -07:00
Abhijeet Prasad Bodas ed58393079 message send: Optimize how user data is sent to Tornado.
Before this commit, we used to pre-calculate flags for user data and send
it to Tornado, like so:
```
{
    "id": 10,
    "flags": ["mentioned"],
    "mentioned": true,
    "online_push_enabled": false,
    "stream_push_notify": false,
    "stream_email_notify": false,
    "wildcard_mention_notify": false,
    "sender_is_muted": false,
}
```

This has the benefit of simplifying the logic in the event_queue code a bit.

However, because we sent such an object for each user receiving the event,
the string keys (like "stream_email_notify") get duplicated in the JSON
blob that is sent to Tornado.

For 1000 users, this data may take up upto ~190KB of space, which can
cause performance degradation in large organisations.

Hence, as an alternative, we send just the list of user_ids fitting
each notification criteria, and then calculate the flags in Tornado.
This brings down the space to ~60KB for 1000 users.

This commit reverts parts of following commits:
- 2179275
- 40cd6b5

We will in the future, add helpers to create `UserMessageNotificationsData`
objects from these lists, so as to avoid code duplication.
2021-06-21 10:52:59 -07:00
Tim Abbott bfb6ff44d1 message_edit: Fix unicode encoding of resolve topic check.
We now encode resolved topics with just:

U+2714 HEAVY CHECK MARK, SPACE

Previously, the encoding was unintentionally this:

U+2714 HEAVY CHECK MARK, U+FE0F VARIATION SELECTOR-16, SPACE
2021-06-18 17:46:28 -07:00
Tim Abbott 696236b6fc left sidebar: Implement basic resolve topic option.
Fixes part of #18751.
2021-06-18 09:24:48 -07:00
Gaurav Pandey 8fc3715ea8 settings: Remove language_list_dbl_col from page_params.
The language_list_dbl_col parameter in the page_params
is used by only the web client frontend. The value is
calculated in the backend and then passed as a page_param
which is unnecessary considering that the whole process
is beneficial for the front_end only. Hence move the entire
calculation code to the frontend.

Fixes part of #18673.
2021-06-17 17:02:27 -07:00
Gaurav Pandey 56d85fb833 settings: Remove default_language_name from page_params.
default_language_name was a part of page_params which is actually
redundant considering that we already have language_list and
default_language available to frontend which can be used to
get the default_language_name and hence prevents the backend
from sending an additional parameter.

Fixes part of #18673.
2021-06-17 16:56:21 -07:00
Carlos Bederian 1b51792459 email_mirror: Improve filter_footer delimiter detection 2021-06-17 09:11:28 -07:00
Tim Abbott b345b492db tests: Exclude another redirect from URL testing. 2021-06-16 16:25:49 -07:00
sahil839 38fac6c359 settings: Add moderators and members options in edit_topic_policy.
This commit adds moderators, full members and members options for
edit_topic_policy in both the backend and frontend.
2021-06-16 15:04:29 -07:00
sahil839 828759d2ba models: Replace allow_community_topic_editing with edit_topic_policy.
This commit replaces the allow_community_topic_editing boolean with
integer field edit_topic_policy and includes both frontend and
backend changes.

We also update settings_ui.disable_sub_settings_onchange to not
change the color of label as we did previously when the setting
was a checkbox. But now as the setting is dropdown we keep the
label as it is and we don't do anything with label when disabling
dropdowns. Also, this function was used only here so we can safely
change this.
2021-06-16 14:59:36 -07:00
sahil839 283a3a5c28 actions: Remove 'topic_name is None' check from can_edit_content_or_topic.
We do not need the 'topic_name is None' check in this function as this is
called only when atleast one of the content and topic_name is not None,
and this condition cannot be true as there is 'content is not None'
check just before it.

Thus, 'if topic_name is None' condition being true means that both content
and topic_name are None which is not possible as this function itself will
not be called in such case. An assert statement is added to check that
topic_name is not None to make sure that it is handled when the function
is called in some other way later.
2021-06-16 14:37:44 -07:00
Aman Agrawal 64f04e9913 web_public_view: Replace `web_public_visitor` with `spectator`.
We use `spectator` term instead of `web_public_visitor` as it is
more concise and better represents this type of users.
2021-06-16 07:46:34 -07:00
Abhijeet Prasad Bodas b6806fbf9d message send: Calculate `presence_idle_user_ids` after building user data.
This is a direct code move and a prep change for having this function look
at all the user data variables, not just `private_message` and `mentioned`.
2021-06-15 12:30:31 -07:00
Abhijeet Prasad Bodas 42e4fa7952 message send: Refactor how user data is sent for the event.
This is a prep change for calling `get_active_presence_idle_user_ids`
after we have collected all user data variables, so that that function
does not erroneously skip some user IDs from not having the complete
data.
2021-06-15 12:30:31 -07:00
Abhijeet Prasad Bodas 951b49c048 message send: Introduce dataclass to wrap user-notifications variables.
We will in later commits, extend this class to contain methods
to determine if a message is notifiable or not, but for now
we only turn it into a dict and pass it on.
2021-06-15 12:30:31 -07:00
Abhijeet Prasad Bodas 2179275020 event_queue: Deduplicate `mentioned` flag calculation.
This gives us a single place where all user data for the message
send event is calculated, and is a prep change for introducing
a TypedDict or dataclass to keep this data toghether.
2021-06-15 12:30:31 -07:00
Abhijeet Prasad Bodas 40cd6b5440 message send: Calculate `wildcard_mention_notify` pre-send_event.
This deduplicates some logic, and makes it so that
`wildcard_mention_notify` always contains what its name says it does.
2021-06-15 12:30:31 -07:00
Abhijeet Prasad Bodas 919f0a5964 message send: Extract local variables for user event data. 2021-06-15 12:30:31 -07:00
Abhijeet Prasad Bodas 56f6656d8b message send: Don't create user data list with inline `for`.
This will make the code more readable, and will allow creating local
variables within the loop for reuse.
2021-06-15 12:30:31 -07:00
Riken Shah b2ab448b71 gear_menu: Extract the gear menu as a handlebars template.
For this extraction, we need to move some context
parameter (from home_real in `views/home.py`) to extra
page_params parameter (of
build_page_params_for_home_page_load in
`lib/home.py`) so handlebars template can access them.

While moving I confirmed that these parameters are not
used elsewhere if some parameter is used elsewhere
(like `apps_page_url`) then I didn't remove it from the
context list, I just added it to the page_params list.

Fixes: #18795.
2021-06-15 12:17:45 -07:00
Riken Shah d2f7aaf6f6 refactor: Rename `enable_marketing_emails_enabled` param of page_params.
This is a prep commit to extract the gear menu as a
handlebars template.

We are renaming `enable_marketing_emails_enabled` to
`corporate_enabled` as it will be also used in the
handlebars template of the gear menu.
2021-06-15 12:05:37 -07:00
Riken Shah 5fe21ae08f refactor: Make `UserProfile` field optional for `get_billing_info`.
This is preparatory work for extracting the gear menu
as a handlebars template.
2021-06-15 12:05:37 -07:00
Ganesh Pawar 1d4b6c1320 about_zulip: Migrate to handlebars.
This results in moving the `zulip_merge_base` parameter to
page_params, so that it's available to JavaScript.

Since this is technically a tiny overlay, it needs to be initialized
before hashchange.js.
2021-06-15 11:55:20 -07:00
Steve Howell e739bee00a poll widget: Add server validation. 2021-06-14 17:46:16 -07:00
Steve Howell 24ed5a2bb4 submessages: Add verify_submessage_sender.
Before this change a rogue actor could try to
widgetize another person's message. (The
rogue actor would already have access to read
the message.)
2021-06-14 17:46:16 -07:00
akshatdalton c507931ac8 refactor: Export non-markdown logic in mention.py. 2021-06-14 13:26:30 -07:00
akshatdalton 1a76d06add test_push_notifications: Use responses module to mock HTTP responses. 2021-06-12 07:31:12 -07:00
Suyash Vardhan Mathur 001435a297 refactor: Rename and move app_filters.py.
Moved the code in zerver/templatetags/app_filters.py
to more intuitive location and name at
zerver/lib/templates.py.
2021-06-11 07:43:22 -07:00
Suyash Vardhan Mathur 5be92ad30d openapi: Auto-render heading with return values.
The headings for return values were currently hardcoded
in cases where they occur, but they can be rendered directly
in the markdown extension if the return values exist.
2021-06-10 11:25:13 -07:00
Vishnu KS 1938076f67 billing: Enforce license limit for plans on manual license management. 2021-06-09 17:42:38 -07:00
Vishnu KS 8c055107d9 exceptions: Move InvitationError to zerver/lib/exceptions. 2021-06-09 17:42:38 -07:00
Vishnu KS 7197c8ae89 test_classes: Create helper function for subscribing realm to manual plan. 2021-06-09 17:42:38 -07:00
akshatdalton 3cc6ff57db test_link_embed: Use responses module to mock HTTP responses. 2021-06-09 12:17:26 -07:00
akshatdalton 1259f5a70e minor: Properly unpack `kwargs`. 2021-06-09 12:17:26 -07:00
Alex Vandiver 721546dfc0 subdomains: Extend "static" to include resources hosted on S3.
This causes avatars and emoji which are hosted by Zulip in S3 (or
compatible) servers to no longer go through camo.  Routing these
requests through camo does not add any privacy benefit (as the request
logs there go to the Zulip admins regardless), and may break emoji
imported from Slack before 1bf385e35f,
which have `application/octet-stream` as their stored Content-Type.
2021-06-08 15:28:10 -07:00
Abhijeet Prasad Bodas 58da384da3 muting: Don't enqueue notifications for messages from muted senders.
Earlier, the notification-blocking for messages from muted senders
was a side-effect of we never sending notifications for messages
with the "read" flag.

This commit decouples these two things, as a prep for having new
settings which will allow users to **always** receive email
notifications, including when/if they read the message during the
time the notifications is in the queue.

We still mark muted-sender messages as "read" when they are sent,
because that's desirable anyways.
2021-06-08 14:58:14 -07:00
Abhijeet Prasad Bodas 006b92ed6d message send: Plumb sender muters through `get_recipient_info`.
This will make it possible to share this code with the message
update codepath.
2021-06-08 14:58:14 -07:00
Mateusz Mandera c54b48452d saml: Support syncing custom profile fields with SAML attributes.
Fixes #17277.

The main limitation of this implementation is that the sync happens if
the user authing already exists. This means that a new user going
through the sign up flow will not have their custom fields synced upon
finishing it. The fields will get synced on their consecutive log in via
SAML in the future. This can be addressed in the future by moving the
syncing code further down the codepaths to login_or_register_remote_user
and plumbing the data through to the user creation process.

We detail that limitation in the documentation.
2021-06-08 14:47:33 -07:00
Mateusz Mandera 00c7ac15df saml: Define a TypedDict for the type of IdP settings dict.
The old type in default_settings wasn't right - limit_to_subdomains is a
List[str]. We define a TypeDict for capturing the typing of the settings
dict more correctly and to allow future addition of configurable
attributes of other non-str types.
2021-06-08 14:30:21 -07:00
Abhijeet Prasad Bodas d9395e7b52 test_event_queue: Introduce helper to fill-up default values.
This allows us to only mention the values that are relevant
to the behavior being tested by the `check_notify` function
in the current assertion.
2021-06-08 11:10:18 -07:00
Abhijeet Prasad Bodas b7fcb0275c cache: Use `id`s instead of `UserProfile`s for get_muting_users.
This will make it easier to call this function in the message
send codepath.
2021-06-07 13:41:37 -07:00
Abhijeet Prasad Bodas 99b181629d actions: Create dataclass for message read events.
This allows us to deduplicate the common fields.
2021-06-07 19:51:45 +05:30
Abhijeet Prasad Bodas e33c4105b4 actions: Use `custom_profile_field` as variable name, not `field`.
This is a prep change for importing (and using) `dataclasses.field`
elsewhere in the same file, because pyflakes would throw "Import
module shodowed" errors otherwise.
2021-06-07 19:50:36 +05:30
Gaurav Pandey 9b696cf212 api: Expose event_queue_longpoll_timeout_seconds in /register.
Rename poll_timeout to event_queue_longpoll_timeout_seconds
and change its value from 90000 ms to 90 sec. Expose its
value in register api response when realm data is fetched.
Bump API_FEATURE_LEVEL to 74.
2021-06-05 07:37:19 -07:00
Gaurav Pandey 18ef0c3bc1 api: Expose server_needs_upgrade in register response.
Expose the boolean value server_needs_upgrade in the
responses for register api so that it can be used
by mobile and terminal clients as well.
Highlighted in api changelog as part of
feature level 74 in commit fb93c96
(next commit).
2021-06-05 07:33:25 -07:00
Gaurav Pandey f82aba5a3d compatibility: Shift functions to new module.
Shift functions used for compatibility from
zerver.lib.home (is_outdated_server) and
zerver.view.compatibility (pop_numerals,
version_lt, find_mobile_os,
is_outdated_desktop_app, is_unsupported_browser)
to zerver.lib.compatibility module.
2021-06-05 07:33:25 -07:00
Abhijeet Prasad Bodas 86d6872a80 onboarding: Select Message FOR UPDATE when adding reaction.
Although race conditions are super-unlikely for these onboarding
messages, it's better to write correct code since it might be copied.
2021-06-04 08:18:17 -07:00
Abhijeet Prasad Bodas 90b6fa7881 reactions: Select Message FOR UPDATE when adding/removing.
This locks the message row while a reaction is being added/removed,
which will handle race conditions caused by deleting the message
at the same time.

We make sure that events work happens outside the transaction,
so that in case there's some problem with the queue processor, the
locks aren't held for too long.

As a nice side-effect, we also handle race conditions from double
adding reactions, because once the message is locked, a duplicate
request will wait till the earlier transaction commits, and hence
will not throw `IntegrityErrors`s (rather, will be handled in our
safety check in the /views code itself), which earlier had to be
handled explicitly.
2021-06-04 08:18:17 -07:00
Abhijeet Prasad Bodas efc2f49e3c submessage: Select Message FOR UPDATE when creating.
This locks the message while creating a submessage, which
will handle race conditions caused by deleting the message
simultaneously.

We make sure that events work happens outside the transaction,
so that in case there's a problem with the queue processor,
the locks aren't held for too long.
2021-06-04 08:18:17 -07:00
Abhijeet Prasad Bodas 5f4113cf60 message delete: Select Message FOR UPDATE when archiving.
Further commits will start locking the message rows while
adding related fields like reactions or submessages,
to handle races caused by deleting the message itself at the
same time.

The message locking implemented then will create a possibility
of deadlocks, where the related field transaction holds a lock
on the message row, and the message-delete transaction holds a
lock on the database row of the related field (which will also
need to be deleted when the message is deleted), and both
transactions wait for each other.

To prevent such a deadlock, we lock the message itself while
it is being deleted, so that the message-delete transaction
will have to wait till the other transaction (which is about
to delete the related field, and also holds a lock on the
message row) commits.

https://chat.zulip.org/#narrow/near/1185943 has more details.
2021-06-04 08:18:17 -07:00
Abhijeet Prasad Bodas 1a9f385e17 access_message: Allow selecting message row FOR UPDATE.
This is a prep change to start using `SELECT FOR UPDATE` queries
when there is a chance of race conditions.
2021-06-04 08:18:16 -07:00
Abhijeet Prasad Bodas 60464a4cea tests: Run on_commit hooks immediately in tornado_redirected_to_list.
Further commits will hook `send_event` calls to `on_commit`
in some cases. This change will make it easier to test such
situations.

We don't need to actually capture the callbacks, because the
events sent are already tested via the list in which they are
captured by `tornado_redirected_to_list`.
2021-06-04 18:12:39 +05:30
Abhijeet Prasad Bodas 8b14704d35 test_classes: Fix misplaced `tornado_redirected_to_list` comment. 2021-06-04 18:12:21 +05:30
sahil839 bf9c17e8a8 message: Fix moving messages between streams for non-admins.
This commit fixes a bug where moving messages between streams was
not allowed for non-admins when allow_community_topic_editing was
set to false and move_messages_between_streams_policy was set to
Realm.POLICY_MEMBERS_ONLY.

The bug is fixed by calling can_edit_content_or_topic only when
topic or content edit is there and not in the case where only
message is moved from one stream to another.
2021-06-03 17:53:59 -07:00
sahil839 db294cb386 message: Extract logic to check message edit permissions in a function.
This commit extracts the logic of checking the message edit permissions,
like whether the sender is same as user, whether it is a (no topic)
message or whether community topic editing is allowed, into a separate
function.

This is a prep commit for fixing a bug where permission to move messages
between streams is affected by permission of editing topics.
2021-06-03 17:53:55 -07:00
sahil839 6be232aa42 message_edit: Check 'topic_name is not None' and not 'content is None'.
Previously when enforcing the check to do not allow editing topics
after a certain time, we were checking whether 'content is None' and
considering it as that if content is None then there must be topic
edit.

But after adding support for moving messages between streams it can be
the case that we are neither changing topic nor content and just moving
streams, and the original code raises error if this is done after the
time limit of editing topics, which is wrong.

This commit fixes this by actually checking 'topic_name is not None'.
2021-06-03 17:13:32 -07:00
sahil839 e2835d3f4f message_edit: Modify the error message for topic edit deadline.
This commit modifies the error message shown when topic edit
deadline is passed to make it more clear that the limit is for
editing message's topic.
2021-06-03 17:13:32 -07:00
Vishnu KS 5db53029a5 api: Include is_billing_admin as an attribute in user response.
This is sufficiently useful that it should be made available to clients.
2021-06-03 10:27:07 -07:00
Vishnu KS 3d5ee69b21 stripe: Create make_user_billing_admin helper function. 2021-06-03 10:13:59 -07:00
Wesley Aptekar-Cassels d5ba94082a markdown: Increase max rendered message length to 1MB.
This should help with #17425, where messages with lots of LaTeX are
lost, due to the large expansion factor.

This isn't a total fix for this - large messages with lots of LaTeX
can still end up larger than 1MB, and rendering could timeout, but
this fix should help significantly.

1MB is still small enough that I don't expect we'll run into any DOS
problems - my testing didn't show any problems rendering messages that
contain ~1MB of LaTeX.
2021-06-03 10:10:35 -07:00
seiwailai b584790541 validator: Add generic check_or.
Fixes part of #17914. Added generic check_or function and tests.
2021-06-03 09:49:50 -07:00
akshatdalton 7df62ebbaf settings: Make `MAX_MESSAGE_LENGTH` a server-level setting.
This will offer users who are self-hosting to adjust
this value. Moreover, this will help to reduce the
overall time taken to test `test_markdown.py` (since
this can be now overridden with `override_settings`
Django decorator).

This is done as a prep commit for #18641.
2021-06-03 09:26:28 -07:00
Gilbert Bishop-White e4d9e58c7d emails: Make it obvious when registering creates new realm.
Checked the email looked OK in `/emails` for both creating realm and
registering within an existing one.

Not sure zerver/tests/test_i18n.py test has been suppressed correctly.

Fixes #17786.
2021-06-02 15:18:03 -07:00
Gaurav Pandey 73059dd0c7 settings: Rename MAX_LOGO_FILE_SIZE.
Rename MAX_LOGO_FILE_SIZE to
MAX_LOGO_FILE_SIZE_MIB reflecting
the size in mebibytes.
2021-06-02 13:55:15 -07:00
Gaurav Pandey 2ddc62e9b3 settings: Rename MAX_ICON_FILE_SIZE.
Rename MAX_ICON_FILE_SIZE to
MAX_ICON_FILE_SIZE_MIB reflecting
size in mebibytes.
2021-06-02 13:55:15 -07:00
Gaurav Pandey 0f6bb210a6 settings: Rename MAX_AVATAR_FILE_SIZE.
Rename MAX_AVATAR_FILE_SIZE to
MAX_AVATAR_FILE_SIZE_MIB reflecting
size in mebibytes.
2021-06-02 13:55:15 -07:00
Abhijeet Prasad Bodas f88b943ff4 email_notifications: Remove unnecessary `online_emails` check.
We already check this in `handle_missedmessage_emails` through
`receives_offline_email_notifications`.
2021-06-01 15:26:49 -07:00
Abhijeet Prasad Bodas 518deb7b9e models: Rename `receives_online_notifications` function.
Prep for later when we will have a similar setting for
online email notifications.
2021-06-01 15:26:49 -07:00
Mateusz Mandera 932c846454 custom_fields: Fix confusing comments for do_update_..._if_changed.
d66cbd2832 added these mentioning
"always_notify" for some reason, but always_notify clearly isn't a real
thing in this context so the comments need to be fixed to eliminate this
potential source of confusion.
2021-05-28 15:51:28 -07:00
Abhijeet Prasad Bodas aa2fd1593e tornado_redirected_to_list: Fix event list leaks in tests.
Ideally this should have been part of
481a890ec5.
2021-05-28 09:42:14 -07:00
Abhijeet Prasad Bodas 3039a01b31 tornado_redirected_to_list: Make expected_num_events required argument.
Follow up to 481a890ec5.
This will make this more explicit and readable.
2021-05-28 09:42:14 -07:00
Adam Birds ee375e2999 integrations: Add Freshstatus webhook integration. 2021-05-27 23:38:11 -07:00
Tim Abbott 9f2daeee45 upload: Use get_public_upload_url for export tarballs too.
This deduplicates the code so that we now just have one function for
constructing S3 URLs.
2021-05-27 23:26:45 -07:00
ryanreh99 5a4aecfc40 s3 uploads: Refactor to access objects via `get_public_upload_url`.
Our current logic only allows S3 block storage providers whose
upload URL matches with the format used by AWS. This also allows
other styles such as the "virtual host" format used by Oracle cloud.

Fixes #17762.
2021-05-27 23:26:42 -07:00
Abhijeet Prasad Bodas 15f78abd68 message edit: Handle topic edit tries for private messages.
Fixes #18604.
2021-05-27 23:09:33 -07:00
Abhijeet Prasad Bodas 4b30fc01e4 message edit: Extract data validity checks from check_update_message.
These checks are more related to the API than the editability
or permissions logic, so it makes sense to handle them first
before further processing the request.
Also split the main test class to separate out the tests for
this logic.

This also simplifies some tests by reducing the data setup
required to reach failure.

Tweaked by tabbott to avoid losing the topic_name.strip().
2021-05-27 23:07:59 -07:00