Commit Graph

868 Commits

Author SHA1 Message Date
Lauryn Menard 5d07666362 corporate: Move `update_sponsorship_status` to BillingSession class.
Moves `update_sponsorship_status` to BillingSession abstract class
as `update_customer_sponsorship_status`.

Updates the support views to have a helper for updating this on a
realm: `update_realm_sponsorship_status`.
2023-11-04 17:20:49 -07:00
Lauryn Menard d06062c179 corporate: Move `approve_sponsorship` to BillingSession class.
Makes `approve_sponshorship` an abstract method in BillingSession
abstract base class and moves the implementation for realms to the
RealmBillingSession child class.

Adds `approve_realm_sponsorship` helper function that's used in
the support view and initiates the billing session.
2023-11-04 17:20:49 -07:00
Lauryn Menard ee19a9c274 corporate: Move `attach_realm_discount` to BillingSession class.
This moves the logic for `attach_realm_discount`, which is used in
the support view, to be in the BillingSession class.

Updates the function name to be `attach_discount_to_customer` so
that the context is generalized vs realm specific.

Updates RealmBillingSession implementation to account for actions
that are initiated by a support admin user.

Also moves the helper function `get_discount_for_realm` that is
only used in support views to `corporate/lib/support.py`.
2023-11-04 17:20:49 -07:00
Mateusz Mandera 6819ecee92 zilencer: Add new LoggingCountStat mobile_pushes_forwarded.
This one counts actual successful deliveries.
2023-11-01 17:26:10 -07:00
Mateusz Mandera b7117d51b2 zilencer: Don't allow syncing mobile_pushes_received::day count. 2023-11-01 17:26:10 -07:00
Mateusz Mandera 183c775603 zilencer: Add new mobile_pushes_received::day LoggingCountStat. 2023-11-01 17:26:10 -07:00
Mateusz Mandera 2ecd7abc0d zilencer: Make BaseRemoteCount.remote_id field nullable. 2023-11-01 17:26:10 -07:00
Mateusz Mandera c4fbb6319b do_increment_logging_stat: Rename zerver_object argument.
We are about to add support for having RemoteZulipServer here, which is
a zilencer, not zerver, object. So let's rename this argument to
something more appropriately general.
2023-11-01 17:26:10 -07:00
Mateusz Mandera 21c94953c8 do_increment_logging_stat: Assert that .frequency is either DAY or HOUR.
An assert is appropriate here to ensure that some future additions of
other frequencies don't make this if/else logic wrong without explicitly
failing.
2023-11-01 17:26:10 -07:00
Lauryn Menard ae7e105ce9 analytics: Use realm_str to generate per realm URL.
Instead of making a database query for each realm, use realm_str
to generate the URL with Realm.host_for_subdomain static method.
2023-11-01 13:08:49 -07:00
Sahil Batra e458b73a01 user_groups: Move constants for system group names to a new class.
This commit moves constants for system group names to a new
"SystemGroups" class so that we can use these group names
in multiple classes in models.py without worrying about the
order of defining them.
2023-11-01 10:42:56 -07:00
Lauryn Menard 1112cbc822 analytics: Use activity_details_template.html for installation page. 2023-11-01 10:31:04 -07:00
Lauryn Menard c996bb3c19 corporate: Move functions for realm installation data to new file.
Moves two functions in corporate/lib/stripe.py that are used to
get data for the main installation activity analytics page to a
separate file: corporate/lib/analytics.py.

Also, updates these functions for the possibility of realm being
None for a Customer object.
2023-10-30 10:08:45 -07:00
Lauryn Menard b19a7a8b8a analytics: Remove Durations tab and hourly columns. 2023-10-27 12:19:13 -07:00
Alya Abbott f8f741c4a2 analytics: Replace get_realm_day_counts with a faster query.
Use analytics_realmcount to improve query runtime. There are two
known difference with previous query:
- Messages that are deleted after hourly stats are aggregated
are not decremented in new query.
- Messages sent since the hourly aggregation last ran are not counted.
2023-10-26 12:54:56 -07:00
Mateusz Mandera 986f2fd962 send_analytics_to_remote_server: Rename to ..._to_push_bouncer.
The former name is kind of misleading - this function is for the remote
server to send analytics to the push bouncer. Under our usual
terminology, a "remote server" is a self-hosted Zulip server. So data is
sent FROM not TO a remote server.
2023-10-25 11:09:49 -07:00
Mateusz Mandera 6116679a95 remote_support: Remote redundant remote_installation_stats_link context.
This function was used in the html template in an early version of
PR #27033 but then ended up unused and didn't get cleaned up.
2023-10-17 18:05:27 -07:00
Lakshay Mittal d94bdb3900 stats: Support fetching StreamCount based on stream_id.
As a preliminary step for including graphs of StreamCount data in our
analytics pages, add API support for fetching the chart data.

Care is taken to limit access to streams that the current user has
access to, which isn't necessary in similar views where the current
user is a server administrator by assumption.

Fixes part of #19653.

Co-authored-by: Tim Abbott <tabbott@zulip.com>
2023-10-16 15:10:14 -07:00
Anders Kaseorg a50eb2e809 mypy: Enable new error explicit-override.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-10-12 12:28:41 -07:00
Anders Kaseorg 84a196641a test_support_views: Move incorrectly class-scoped code inside method.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-10-12 11:22:23 -07:00
Lauryn Menard da4b54d414 analytics: Remove out of date tabs from main activity page.
Removes the various 'ad_hoc_queries' in the main activity page
that no longer have relevant data or information.
2023-10-05 12:31:57 -07:00
Lauryn Menard 40e6455579 analytics: Move integrations by client to separate activity page.
Moves the tab in the main installation activity page to be a
separate page: "/activity/integrations".
2023-10-05 12:31:57 -07:00
Lauryn Menard 0f009c439d analytics: Move remote server view to separate file.
Moves the view for "/activity/remove" from the main installation
activity view to a separate file.
2023-10-05 12:31:57 -07:00
Mateusz Mandera f71e2c8247 support: Add basic support endpoint for remote servers. 2023-10-04 16:55:47 -07:00
Lauryn Menard afc1d2a409 activity: Add separate page for remote server information/table.
Moves the "Remote Zulip servers" tab in the "/activity" page for
an installation to a separate page, "/activity/remote".

Prototype for moving other tabs in "/activity" to separate pages.
2023-10-04 12:48:39 -07:00
Alex Vandiver 71e297efb4 realm: Differentiate reserved realms from in-use realms.
Fixes: #23896.
2023-09-25 12:48:14 -07:00
Anders Kaseorg 2665a3ce2b python: Elide unnecessary list wrappers.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-09-13 12:41:23 -07:00
Anders Kaseorg 6988622fe8 ruff: Enable B023 Function definition does not bind loop variable.
Python’s loop scoping is misdesigned, resulting in a very common
gotcha for functions that close over loop variables [1].  The general
problem is so bad that even the Go developers plan to break
compatibility in order to fix the same design mistake in their
language [2].

Enable the Ruff rule function-uses-loop-variable (B023) [3], which
conservatively prohibits functions from binding loop variables at all.

[1] https://docs.python-guide.org/writing/gotchas/#late-binding-closures
[2] https://go.dev/s/loopvar-design
[3] https://beta.ruff.rs/docs/rules/function-uses-loop-variable/

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-09-11 18:03:45 -07:00
Alex Vandiver b94402152d models: Always search Messages with a realm_id or id limit.
Unless there is a limit on `id`, always provide a `realm_id` limit as
well.  We also notate which index is expected to be used in each
query.
2023-09-11 15:00:37 -07:00
Alex Vandiver 4d72f81257 analytics: Only join through messages once.
Using `COUNT(*) FILTER (WHERE ...)` allows getting counts of different
subsets with only one giant join.  This makes the query significantly
more performant.
2023-09-11 15:00:37 -07:00
Anders Kaseorg 0ce6dcb905 mypy: Upgrade mypy from 1.4.1 to 1.5.1.
_default_manager is the same as objects on most of our models. But
when a model class is stored in a variable, the type system doesn’t
know which model the variable is referring to, so it can’t know that
objects even exists (Django doesn’t add it if the user added a custom
manager of a different name). django-stubs used to incorrectly assume
it exists unconditionally, but it no longer does.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-09-07 17:51:42 -07:00
Anders Kaseorg 81bd63cb46 ruff: Fix PIE808 Unnecessary `start` argument in `range`.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-09-01 14:57:01 -07:00
Anders Kaseorg e32366638a requirements: Upgrade Python requirements.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-08-17 17:05:34 -07:00
Anders Kaseorg 710d1f7f51 analytics: Do not reseed the global random generator.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-08-15 17:57:16 -07:00
Steve Howell 751b8b5bb5 tests: Flush per-request caches automatically for query counts. 2023-08-11 11:09:34 -07:00
Anders Kaseorg ca40e60469 ruff: Enable PERF rules.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-08-07 17:23:55 -07:00
Anders Kaseorg 562a79ab76 ruff: Fix PERF401 Use a list comprehension to create a transformed list.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-08-07 17:23:55 -07:00
Anders Kaseorg c2c96eb0cf python: Annotate type aliases with TypeAlias.
This is not strictly necessary but it’s clearer and improves mypy’s
error messages.

https://docs.python.org/3/library/typing.html#typing.TypeAlias
https://mypy.readthedocs.io/en/stable/kinds_of_types.html#type-aliases

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-08-07 10:02:49 -07:00
Anders Kaseorg 2ae285af7c ruff: Fix PLR1714 Consider merging multiple comparisons.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-07-23 15:21:33 -07:00
Anders Kaseorg 3b09197fdf ruff: Fix RUF015 Prefer `next(...)` over single element slice.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-07-23 15:20:53 -07:00
Anders Kaseorg 143baa4243 python: Convert translated positional {} fields to {named} fields.
Translators benefit from the extra information in the field names, and
need the reordering freedom that isn’t available with multiple
positional fields.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-07-18 15:19:07 -07:00
Anders Kaseorg 7e707270f0 models: Convert deprecated index_together option to indexes.
index_together is slated for removal in Django 5.1:
https://docs.djangoproject.com/en/4.2/internals/deprecation/#deprecation-removed-in-5-1

We set the optional index names to match the previously generated
index names to avoid adding new migrations.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-07-12 07:12:43 -07:00
Alex Vandiver 6c3969f893 name_restrictions: Reject anything with zulip or kandra in it.
This is primarily to prevent impersonation, such as `zulipteam`.  We
only enable these protections for CORPORATE_ENABLED, since `zulip` is
a reasonable test name for self-hosters.
2023-06-23 10:45:40 -07:00
Lauryn Menard 47d0bb6b7d analytics: Replace "private message" with "direct message". 2023-06-19 13:40:08 -07:00
Mateusz Mandera 2b7877bcb4 support: Make user search by email case-insensitive.
It's pretty troublesome to fail to find a user in our database because
they used a different capitalization when signing up.
2023-05-16 12:38:12 -07:00
Mateusz Mandera 632e856240 support: Add option to delete user from /activity/support. 2023-05-16 12:38:12 -07:00
Alex Vandiver 505eec4bac analytics: Create a RealmAuditLog entry when subscribing test users. 2023-05-15 16:09:44 -07:00
Mateusz Mandera 24d9d3d90c support: Add option to upgrade an org to Plus plan on /activity/support.
This is so that we don't need ops to run the
manage.py switch_realm_from_standard_to_plus_plan command on the server
to handle these upgrades.
2023-04-10 17:32:45 -07:00
Mateusz Mandera 1a15449e16 support: Rename "downgrade plan" to "modify plan".
Just a naming change to facilitate adding more options to that <select>
- mainly, an option to upgrade the plan to Plus.
2023-04-10 17:32:45 -07:00
Sahil Batra f684d36710 test_classes: Add submit_realm_creation_form helper.
This commit adds a new helper submit_realm_creation_form,
similar to existing submit_reg_form_for_user, to avoid
duplicate code for creating realms in tests.
2023-03-27 15:44:42 -07:00
Sahil Batra 54771cfe94 registration: Create PreregistrationRealm object when creating realm.
This commit adds code to create PreregistrationRealm object when
creating realm and set it to the content_object field of
Confirmation object.
2023-03-27 15:44:42 -07:00
Alex Vandiver 0b80397cfd web: Save a 301 redirect from /support to /support/. 2023-03-24 14:51:01 -07:00
Anders Kaseorg afa218fa2a semgrep: Detect some unsafe uses of markupsafe.Markup.
Use the built-in HTML escaping of Markup("…{var}…").format(), in order
to allow Semgrep to detect mistakes like Markup("…{var}…".format())
and Markup(f"…{var}…").

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-03-22 11:23:27 -07:00
Alex Vandiver 330141f55d invites: Switch new LIMITED-plan heuristic to enforcing. 2023-03-16 11:41:49 -07:00
Anders Kaseorg 2d9b2a2a05 models: Remove type prefixes from __str__ values.
The Django convention is for __repr__ to include the type and __str__
to omit it.  In fact its default __repr__ implementation for models
automatically adds a type prefix to __str__, which has resulted in the
type being duplicated:

    >>> UserProfile.objects.first()
    <UserProfile: <UserProfile: emailgateway@zulip.com <Realm: zulipinternal 1>>>

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-03-08 22:56:55 -08:00
Alex Vandiver 36da7783ce invites: _max_invites is currently never None.
dc1eeef30a made the column nullable, with the meaning for null of
"use the current `settings.INVITES_DEFAULT_REALM_DAILY_MAX`."
However, 8a95526ced switched to calling `do_change_plan_type` during
realm creation, which sets `realm.max_invites` based on the plan type,
thus ensuring that no new realms have their `_max_invites` set to
null.

Check `max_invites` instead of `_max_invites`.  This requires test
adjustments for the fact that `apply_invite_realm_heuristics` is now
run.
2023-03-07 15:04:39 -08:00
Anders Kaseorg d3efd4c095 python: Import F, Q, QuerySet from their canonical module.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-03-05 14:46:28 -08:00
Anders Kaseorg 0628c3cac8 migrations: Import BaseDatabaseSchemaEditor from its canonical module.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-03-05 14:46:28 -08:00
Alex Vandiver 04e7621668 upload: Rename upload_message_image_from_request.
The table is named Attachment, and not all of them are images.
2023-03-02 16:36:19 -08:00
Sahil Batra 3950a8e19d test_helpers: Rename reset_emails_in_zulip_realm.
This commit renames reset_emails_in_zulip_realm function to
reset_email_visibility_to_everyone_in_zulip_realm which makes
it more clear to understand what the function actually does.

This commit also adds a comment explaining what this function
does.
2023-03-01 12:17:11 -08:00
Lauryn Menard a0fd7b2afc private-messages: Update translated backend strings use "direct message".
Updates user-facing translated strings containing "private message" on
the backend to use "direct message" instead.
2023-02-24 11:47:26 -08:00
Sahil Batra 0ed5f76063 settings: Add backend code for using user email_address_visibility setting.
This commits update the code to use user-level email_address_visibility
setting instead of realm-level to set or update the value of UserProfile.email
field and to send the emails to clients.

Major changes are -

- UserProfile.email field is set while creating the user according to
RealmUserDefault.email_address_visbility.

- UserProfile.email field is updated according to change in the setting.

- 'email_address_visibility' is added to person objects in user add event
and in avatar change event.

- client_gravatar can be different for different users when computing
avatar_url for messages and user objects since email available to clients
is dependent on user-level setting.

- For bots, email_address_visibility is set to EVERYONE while creating
them irrespective of realm-default value.

- Test changes are basically setting user-level setting instead of realm
setting and modifying the checks accordingly.
2023-02-10 17:35:49 -08:00
Anders Kaseorg df001db1a9 black: Reformat with Black 23.
Black 23 enforces some slightly more specific rules about empty line
counts and redundant parenthesis removal, but the result is still
compatible with Black 22.

(This does not actually upgrade our Python environment to Black 23
yet.)

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-02-02 10:40:13 -08:00
Anders Kaseorg ff1971f5ad ruff: Fix SIM105 Use `contextlib.suppress` instead of try-except-pass.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-01-23 11:18:36 -08:00
Anders Kaseorg b0e569f07c ruff: Fix SIM102 nested `if` statements.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-01-23 11:18:36 -08:00
Anders Kaseorg 3025d9a63a ruff: Fix Q002 Single quote docstring found.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-01-04 16:25:07 -08:00
Alex Vandiver 0e10ccc137 analytics: Pass the right value for realm. 2022-12-08 12:42:41 -08:00
Lauryn Menard b686e6ce9e analytics-realm-activity: Add link to realm's stats page.
Adds the  pie chart icon stats page link to the realm_activity
page header.
2022-12-02 17:30:30 -08:00
Lauryn Menard c05c25e742 analytics-activity: Fix UTC timezone and adjust header type.
Fixes an error with how the `utctime` was being generated and makes
the header on the summary table the same type as the other tabs.
2022-12-02 17:30:30 -08:00
Lauryn Menard c75e5c8ba6 analytics-activity: Add links for realm's Zulip and support page. 2022-12-02 17:30:30 -08:00
Lauryn Menard 90d0531e20 analytics-activity: Remove link with realm owners emails.
Note that a link to copy these emails to the clipboard is still
availabe on the realm's support page.
2022-12-02 17:30:30 -08:00
Anders Kaseorg 73c4da7974 ruff: Fix N818 exception name should be named with an Error suffix.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-17 16:52:00 -08:00
Anders Kaseorg 924d530292 ruff: Fix N813 camelcase imported as lowercase.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-16 09:29:11 -08:00
Lauryn Menard a3f6220fe4 analytics: Add summary statistic for guest users in realm.
Adds the count of users with the role of guest to the stats view
`page_params` via a database query. This information is then added
to the summary statistics section of the analytics page after being
formatted by `stats.js`.

Creates Bassanio as a guest user in the database for the analytics
realm.

Fixes #20162.
2022-10-17 11:53:59 -07:00
Zixuan James Li 46329a2710 test_classes: Create a dedicate helper for query count check.
This adds a helper based on testing patterns of using the "queries_captured"
context manager with "assert_length" to check the number of queries
executed for preventing performance regression.

It explains the rationale of checking the query count through an
"AssertionError" and prints the queries captured as assert_length does,
but with a format optimized for displaying the queries in a more
readable manner.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-10-17 11:32:52 -07:00
Mateusz Mandera 00b3546c9f models: Add denormalized .realm column to Message.
This commit adds the OPTIONAL .realm attribute to Message
(and ArchivedMessage), with the server changes for making new Messages
have this set. Old Messages still have to be migrated to backfill this,
before it can be non-nullable.

Appropriate test changes to correctly set .realm for Messages the tests
manually create are included here as well.
2022-10-07 10:09:38 -07:00
Lauryn Menard df7a1cec93 analytics: Add summary statistic for upload/storage space in use.
Adds the realm's used storage space for attachments to the stats
view `page_params`. This information is then added to the summary
statistics section of the analytics page after being formatted by
`stats.js`.

Uses the emoji test image to create an `Attachment` in the database
for the analytics realm. Even though it doesn't create a message
to claim the attachment, it still is sent as storage space used
data for the analytics `/stats/` page.
2022-10-07 10:08:09 -07:00
Zixuan James Li 4c3c976174 models: Implicitly type model fields with django-stubs.
Previously, we type the model fields with explicit type annotations
manually with the approximate types. This was because the lack of types
for Django.

django-stubs provides more specific types for all these fields that
incompatible with our previous approximate annotations. So now we can
remove the inline type annotations and rely on the types defined in the
stubs. This allows mypy to infer the types of the model fields for us.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-10-05 16:15:56 -07:00
Sahil Batra b0de5c0f36 streams: Set can_remove_subscribers_group while creating streams.
This commit sets can_remove_subscribers_group to admins system
group while creating streams as it will be the default value
of this setting. In further we would provide an option to set
value of this setting to any user group while creating streams
using API or UI.
2022-09-14 16:03:11 -07:00
Anders Kaseorg 868e130b5f populate_analytics_db: Remove unnecessary mock.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-14 09:36:56 -07:00
Zixuan James Li ca0d2f6854 decorator: Refactor decorators expecting UserProfile with ParamSpec.
Decorators like `require_server_admin_api` turns user_profile into a
positional-only parameter, requiring the callers to stop passing it as a
keyword argument.

Functions like `get_chart_data` that gets decorated by both
`require_non_guest_user` and `has_request_variables` now have accurate
type annotation during type checking, with the first two parameters
turned into positional-only, and thus the change in
`analytics.views.stats`.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-06 16:19:48 -07:00
Zixuan James Li adae8b6d42 request: Refactor has_request_variables with ParamSpec.
This makes `has_request_variables` more generic, in the sense of the return
value, and also makes it more accurate, in the sense of requiring the
first parameter of the decorated function to be `HttpRequest`, and
preserving the function signature without using `cast`.

This affects some callers of `has_request_variables` or the callers of its
decoratedfunctions in the following manners:

- Decorated non-view functions called directly in other functions cannot
use `request` as a keyword argument. Becasue `Concatenate` turns the
concatenated parameters (`request: HttpRequest` in this case) into
positional-only parameters. Callers of `get_chart_data` are thus
refactored.

- Functions to be decorated that accept variadic keyword arguments must
define `request: HttpRequest` as positional-only. Mypy in strict mode
rejects such functions otherwise because it is possible for the caller to
pass a keyword argument that has the same name as `request` for `**kwargs`.
No defining `request: HttpRequest` as positional-only breaks type safety
because function with positional-or-keyword parameters cannot be considered
a subtype of a function with the same parameters in which some of them are
positional-only.

Consider `f(x: int, /, **kwargs: object) -> int` and `g(x: int,
**kwargs: object) -> int`. `f(12, x="asd")` is valid but `g(12, x="asd")`
is not.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-06 16:19:48 -07:00
Zixuan James Li 95394de186 decorator: Refactor require_server_admin_api with ParamSpec.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-07-30 18:15:33 -07:00
Anders Kaseorg 73374996a5 analytics: Add Composable type annotations.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-07-30 06:46:34 -07:00
Mateusz Mandera 30c26b9510 support: Correctly show Unspecified org type at /activity/support.
Because the org type is marked as "hidden" the HTML was being generated
for orgs with Unspecified .org_type with no <option> selected, meaning
it was displayed on the page using the first <option> in the list
(Business). The /support endpoint should ignore the "hidden" property,
since there's no reason not to - we only want to hide this org type from
regular users during Org registration.
2022-07-29 14:56:34 -07:00
Mateusz Mandera cf74d7d140 realm_reactivation: Prevent realm reactivation link reuse.
This uses the approach analogical to EmailChangeStatus for email change
confirmation links.
2022-07-26 17:14:26 -07:00
Mateusz Mandera fa7700df11 confirmation: Rename STATUS_ACTIVE to STATUS_USED.
That's much more descriptive of what that value actually means about the
Confirmation objects.
2022-07-21 15:17:37 -07:00
Mateusz Mandera 0ffdc96301 support: Adjust "has been clicked" phrasing about confirmation links.
The "clicked" phrasing is not accurate, because e.g. if a user did click
their invitation link but didn't submit the registration form, the
support page will still claim about the link "has never been clicked".

"Used" is a better general phrase. If we want to track whether links
have been specifically *clicked*, we'll need to implement that
separately.
2022-07-21 15:17:37 -07:00
Anders Kaseorg 81892df176 requirements: Upgrade to Django 4.0.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-07-13 16:07:17 -07:00
Anders Kaseorg 59174694af support: Skip corporate import unless BILLING_ENABLED.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-07-13 15:24:10 -07:00
Zixuan James Li a76c7d374b support: Display plan data for users and confirmations.
Users and confirmation objects with the type
`Confirmation.USER_REGISTRATION` or `Confirmation.INVITATION` may have
plan data associated with them but not displayed previously due to a
bug.

This fixes this issue and adds test cases to verify that the realm
details correctly displays the plan data.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-07-13 15:03:26 -07:00
Zixuan James Li e836aa31ad test_support_views: Extract lear_realm.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-07-13 15:03:26 -07:00
Zixuan James Li aa5d540845 test_support_views: Add create_invitation helper.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-07-13 15:03:26 -07:00
Zixuan James Li c727f1f65d test_support_views: Add get_check_query_result helper.
This is a prep commit for a refactoring that fixes an issue with plan
data not being displayed when the realm is displayed by the query result
of users or confirmation objects.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-07-13 15:03:26 -07:00
Zixuan James Li 0d93257111 support: Extract PlanData as a dataclass.
This avoids monkey-patching `CustomerPlan` and other related information
onto the `Realm` object by having a separate dictionary with the realm
id as the key, each corresponds to a `PlandData` dataclass.

This is a part of the django-stubs refactorings.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-07-13 15:03:26 -07:00
Zixuan James Li eeaeb5a821 confirmation: Refactor get_confirmations to accept confirmation ids.
Two of the callers of `get_confirmations` uses a `QuerySet` of confirmation
objects instead of their ids to filter the confirmations. This refactors
`get_confirmations` so that it is typed to accept `Iterable[int]` that
is a list of ids.

It's worth noting that this might be less performant than the previous
approach since it requires more queries when we force the ids into lists
without having django creating a nested query. But the performance
is not a concern here compared to clarity.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-07-13 14:46:51 -07:00
Zixuan James Li 0528935b82 stats: Tighten function signatures with generic QuerySet.
Luckily `QuerySet` supports type variables. This allows us
to type table_filtered_to_id more accurately.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-07-07 11:28:06 -07:00
Zixuan James Li 81ab0b3615 user_activity: Tighten function signatures with generic QuerySet.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-07-07 11:27:43 -07:00
Zixuan James Li 32ad110af2 analytics: Tighten function signatures with generic QuerySet.
Note that the `list` conversion before assignment to `all_records`
is not necessary for its usage in `realm_user_summary_table` from
a typing perspective.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-07-07 11:27:43 -07:00
Zixuan James Li ab1bbdda65 typing: Broaden type annotations for QuerySet compatibility.
To explain the rationale of this change, for example, there is
`get_user_activity_summary` which accepts either a `Collection[UserActivity]`,
where `QuerySet[T]` is not strictly `Sequence[T]` because its slicing behavior
is different from the `Protocol`, making `Collection` necessary.

Similarily, we should have `Iterable[T]` instead of `List[T]` so that
`QuerySet[T]` will also be an acceptable subtype, or `Sequence[T]` when we
also expect it to be indexed.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-07-07 11:27:42 -07:00
Zixuan James Li fd9a0f4274 typing: Apply trivial none-checks with assertions as necessary.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-23 19:25:48 -07:00
Zixuan James Li 426f8ce385 tests: Replace `HttpResponse` with `TestHttpResponse.`
Since `HttpResponse` is an inaccurate representation of the
monkey-patched response object returned by the Django test client, we
replace it with `_MonkeyPatchedWSGIResponse` as `TestHttpResponse`.

This replaces `HttpResponse` in zerver/tests, analytics/tests, coporate/tests,
zerver/lib/test_classes.py, and zerver/lib/test_helpers.py with
`TestHttpResponse`. Several files in zerver/tests are excluded
from this substitution.

This commit is auto-generated by a script, with manual adjustments on certain
files squashed into it.

This is a part of the django-stubs refactorings.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-08 11:25:03 -07:00
Zixuan James Li a142fbff85 tests: Refactor away result.json() calls with helpers.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-06 23:06:00 -07:00
Anders Kaseorg dede49ad78 test_counts: Rename confusing assertCountEquals helper.
It looks too much like the standard TestCase.assertCountEqual method.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-06-03 12:24:57 -07:00
Zixuan James Li d5517932cd typing: Use BaseDatabaseSchemaEditor in place of DatabaseSchemaEditor.
This is a part of #18777.

Signed-off-by: Zixuan James Li <359101898@qq.com>
2022-05-30 14:18:53 -07:00
Anders Kaseorg fd16f97d6b python: Excise None from pointlessly nullable booleans.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-27 12:40:14 -07:00
Sahil Batra 61365fbe21 invites: Use expiration time in minutes instead of days.
This commit changes the invite API to accept invitation
expiration time in minutes since we are going to add a
custom option in further commits which would allow a user
to set expiration time in minutes, hours and weeks as well.
2022-04-20 13:31:37 -07:00
Anders Kaseorg cc30ed8ec7 actions: Delete zerver.lib.actions.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-14 17:14:38 -07:00
Anders Kaseorg e01faebd7e actions: Split out zerver.actions.create_realm.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-14 17:14:37 -07:00
Anders Kaseorg 59f6b090c7 actions: Split out zerver.actions.realm_settings.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-14 17:14:37 -07:00
Anders Kaseorg eb4e9fe1e7 actions: Split out zerver.actions.message_flags.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-14 17:14:36 -07:00
Anders Kaseorg cbad5739ab actions: Split out zerver.actions.create_user.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-14 17:14:35 -07:00
Anders Kaseorg d7981dad62 actions: Split out zerver.actions.users.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-14 17:14:34 -07:00
Anders Kaseorg 6168c0110a actions: Split out zerver.actions.user_activity.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-14 17:14:32 -07:00
Anders Kaseorg ca8d374e21 actions: Split out zerver.actions.invites.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-14 17:14:31 -07:00
neiljp (Neil Pilgrim) c3317ebff8 stats: Adjust Website mapping to Web app for consistency. 2022-04-14 11:59:36 -07:00
neiljp (Neil Pilgrim) 08477ed5e9 stats: Add mapping for ZulipTerminal id to Terminal app. 2022-04-14 11:59:36 -07:00
Steve Howell 8f99894302 streams: Extract stream_color library.
This is a pure code move.
2022-03-14 18:01:36 -07:00
Steve Howell a90d9ef536 unread: Remove unused client parameter. 2022-03-10 10:04:51 -05:00
Sahil Batra 392b17da5f invite: Add backend support for "Never expires" option.
The database value for expiry_date is None for the invite
that will never expire and the clients send -1 as value
in the API similar to the message retention setting.

Also, when passing invite_expire_in_days as an argument
in various functions, invite_expire_in_days is passed as
-1 for "Never expires" option since invite_expire_in_days
is an optional argument in some functions and thus we cannot
pass "None" value.
2022-02-24 16:32:19 -08:00
Anders Kaseorg 21cd1c10b3 docs: Add missing space in “time zone”.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-24 14:05:12 -08:00
Anders Kaseorg 1629d6bfb3 python: Reformat with Black 22 (stable).
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-18 18:03:13 -08:00
Aman Agrawal 7614f2203a pricing: Replace "Zulip Standard" with "Zulip Cloud Standard".
Case sensitive replace.
2022-02-09 11:00:24 -08:00
Lauryn Menard 3be622ffa7 backend: Add request as parameter to json_success.
Adds request as a parameter to json_success as a refactor towards
making `ignored_parameters_unsupported` functionality available
for all API endpoints.

Also, removes any data parameters that are an empty dict or
a dict with the generic success response values.
2022-02-04 15:16:56 -08:00
Anders Kaseorg 78e54a0d7a python: Replace deprecated jinja2.utils.Markup with markupsafe.Markup.
Fixes “DeprecationWarning: 'jinja2.Markup' is deprecated and will be
removed in Jinja 3.1. Import 'markupsafe.Markup' instead.”

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-13 14:22:48 -08:00
Anders Kaseorg 1696144df7 docs: Consistently hyphenate “self-host” and “self-service”.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-05 16:21:35 -08:00
Eeshan Garg 2cdaae681d actions: Rename do_change_plan_type -> do change_realm_plan_type.
We will soon be adding an equivalent function for RemoteZulipServer,
so it makes sense to rename this function to be more descriptive.
2021-12-06 16:18:53 -08:00
Eeshan Garg b325a4f1be realm: Rename plan type constants to be more descriptive.
It is confusing to have the plan type constants not be namespaced
by the thing they represent. We already have a namespacing
convention in place for constants, so we should use it for
Realm.plan_type as well.
2021-10-19 12:20:39 -07:00
Vishnu KS aff52722a7 billing: Add PLUS as a plan_type to Realm. 2021-10-15 17:27:50 -07:00
Eeshan Garg 1dec97c925 analytics: Use user IDs to get user activity summaries.
Using user IDs instead of emails is more reliable since users can
have arbitrarily complex emails that are hard to encode in a URL.
This has led to NoReverseMatch exceptions in the past.
2021-10-13 15:30:27 -07:00
Eeshan Garg f25230c7d4 analytics/support: Add ability to edit realm org type. 2021-10-07 14:08:11 -07:00
Mateusz Mandera 3205f680c1 do_invite_users: Turn some args into kwargs-only. 2021-09-10 16:53:03 -07:00
shanukun 8c1ea78d7d invite: Extend invite api for handling expiration duration.
This extends the invite api endpoints to handle an extra
argument, expiration duration, which states the number of
days before the invitation link expires.

For prereg users, expiration info is attached to event
object to pass it to invite queue processor in order to
create and send confirmation link.
In case of multiuse invites, confirmation links are
created directly inside do_create_multiuse_invite_link(),

For filtering valid user invites, expiration info stored in
Confirmation object is used, which is accessed by a prereg
user using reverse generic relations.

Fixes #16359.
2021-09-10 16:53:03 -07:00
PIG208 7386918539 typing: Use accurate type hints for dictionaries.
This fixes the mypy errors related to dictionaries with django-stubs.
2021-08-20 06:02:28 -07:00
PIG208 c99c423c81 support: Remove `is True` in comparisons.
This is a followup for #19432 that fixes a remaining issue of the
original PR.
2021-08-10 12:08:13 -07:00
Anders Kaseorg 09564e95ac mypy: Add types-psycopg2.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-08-09 20:32:19 -07:00
PIG208 94685e1afb analytics: Refactor the support view to use REQ. 2021-08-08 17:11:18 -07:00
Tim Abbott 65557c458d stats: Avoid referencing remote tables outside conditional. 2021-08-03 11:15:39 -07:00
PIG208 ec99c1b58d analytics: Correctly type aggregate_table with Union.
Since mypy doesn't accept redefinition of the same variable within the
same scope, we need to use type annotations with Union to correctly
type aggregate_table. Note that the type cast is necessary for mypy to
narrow the type of aggregate_table.
2021-07-27 12:17:01 -07:00
PIG208 6ab42b7663 analytics: Use type alias for `fixture_data`.
This saves us from repeating the lengthy type annotation for
`fixture_data`.
2021-07-27 12:17:01 -07:00
PIG208 e517f967b8 typing: Amend inaccurate type annotations.
This amend some type annotations that turn out to be inaccurate with
django-stubs.
2021-07-27 12:17:00 -07:00
PIG208 caaa424ef5 typing: Use assertions for broader types.
For types like `Union[Realm, UserProfile, Stream]` and
`Union[AnonymousUser, AbstractBaseUser]`, we need assertions to
tell mypy which type we would be expecting.
2021-07-27 11:44:54 -07:00
PIG208 8121d2d58d typing: Fix misuse of HttpResponse.
Amend usage of HttpResponse when appropriate.
2021-07-27 14:31:19 +08:00
PIG208 d2af20eb2a typing: Do explicit type conversion when appropriate.
When calling some functions or assigning values to certain attributes,
the arguments/right operand do not match the exact type that the
functions/attributes expect, and thus we fix that by converting types
beforehand.
2021-07-26 15:09:07 -07:00
PIG208 cd678232bd analytics: Extract request.user for typecheck. 2021-07-26 14:48:45 -07:00
PIG208 7d1c475f69 typing: Use assertions for function arguments.
Utilize the assert_is_not_None helper to eliminate errors of
'Argument x to "Foo" has incompatible type "Optional[Bar]"...'
2021-07-26 14:48:45 -07:00
PIG208 8a91d1c2b1 analytics: Fix type annotation for keys.
realm_data, user_data, stream_data and installation_data allow the key to
be int, str, or None.
This fix the type annotation for these dictionaries.
2021-07-26 14:48:45 -07:00
PIG208 df1bf9e352 analytics: Fix type annotation for sql_data_collector. 2021-07-26 14:46:45 -07:00
PIG208 66b1a4e7ca backend: Add None-checks with assertions and if-elses.
This fixes a batch of mypy errors of the following format:
'Item "None" of "Optional[Something]" has no attribute "abc"'
2021-07-24 15:00:21 -07:00
PIG208 495a8476be tests: Use assertion to enforce None-checks in tests.
This fixes a batch of mypy errors of the following format:
'Item "None" of "Optional[Something]" has no attribute "abc"

Since we have already been recklessly using these attritbutes
in the tests, adding assertions beforehand is justified presuming
that they oughtn't to be None.
2021-07-24 09:54:21 -07:00
Anders Kaseorg fb3ddf50d4 python: Fix mypy no_implicit_reexport errors.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-07-16 14:02:31 -07:00
Tim Abbott 4d0611c363 support: Add test for get_org_type_display_name.
This apparently lost coverage while I was integrating
faa695e86d.
2021-07-15 11:11:23 -07:00
Eeshan Garg 366b7fe2f5 analytics: Display org_type in /activity/support results. 2021-07-15 10:14:39 -07:00
Eeshan Garg 434c262365 analytics: Display org_type on /activity.
Moving forward we are hoping to collect data on org types from our
users, so it makes sense to display the org type on the "Counts"
tab of our /activity page.
2021-07-15 10:14:38 -07:00
akshatdalton e203112fd4 refactor: Use `assert_length` helper instead of `assertTrue/assertEqual`. 2021-07-13 13:03:38 -07:00
Tim Abbott c804ab27d5 actions: Rename do_activate_user to do_activate_mirror_dummy_user.
This function had a confusing name, which could result in someone
using it unintentionally when they meant do_reactivate_user.

We also add docstrings for both functions.
2021-07-08 17:33:17 -07:00
PIG208 dcbb2a78ca python: Migrate most json_error => JsonableError.
JsonableError has two major benefits over json_error:
* It can be raised from anywhere in the codebase, rather than
  being a return value, which is much more convenient for refactoring,
  as one doesn't potentially need to change error handling style when
  extracting a bit of view code to a function.
* It is guaranteed to contain the `code` property, which is helpful
  for API consistency.

Various stragglers are not updated because JsonableError requires
subclassing in order to specify custom data or HTTP status codes.
2021-06-30 16:22:38 -07:00
Tim Abbott e0c7581168 analytics: Rename get_activity to get_installation_activity. 2021-06-17 17:39:28 -07:00
Tim Abbott 0e358e4cc2 analytics: Rename analytics/views/legacy.py. 2021-06-17 17:39:28 -07:00
Tim Abbott e083134764 analytics: Extract analytics/views/user_activity.py. 2021-06-17 17:39:28 -07:00
Tim Abbott 0d2e5cc390 analytics: Extract analytics/views/realm_activity.py. 2021-06-17 17:39:28 -07:00
Tim Abbott 7099dff91a analytics: Extract common /activity views functions.
This will be helpful for further splitting the giant files here.
2021-06-17 17:39:28 -07:00
Tim Abbott d22acb23bc analytics: Extract analytics/views/support.py. 2021-06-17 17:39:28 -07:00
Tim Abbott 5d8613a02c analytics: Extract analytics/views/stats.py.
This is much higher quality code than some of the older /activity
code, and it's nice to give it its own home.
2021-06-17 17:39:28 -07:00
Tim Abbott ee54ecfccf analytics: Split test_views.py.
This will aligns the test organization with an upcoming reorganization
of the code itself.
2021-06-17 17:39:28 -07:00
Tim Abbott 5891849b0d analytics: Extract test_stats_views.
This will help make the analytics views codebase more readable.
2021-06-17 17:39:28 -07:00
Tim Abbott 9c8ddef5f2 analytics: Create analytics/views/ directory. 2021-06-17 17:39:28 -07:00
Tim Abbott c36b55e418 analytics: Remove stream_stats management command.
We will eventually provide features like this in the /stats UI, and in
any case this doesn't work and hasn't been maintained in years.
2021-06-17 11:30:42 -07:00
Vishnu KS 4e26746b98 tests: Move tests of /activity pages from zerver to analytics module.
This module deals with the testing of /activity, /realm_activity
and /user_activity. All these pages reside in analytics module.
Keeping these tests in zerver/tests is kind is not appropriate
since person who makes changes to /activity pages would not think
it is necessary to run tests in zerver. So better to keep them
in the analytics module.
2021-06-11 07:41:02 -07:00
Vishnu KS d32de76c23 activity: Rename amount variables to arr. 2021-06-11 07:41:02 -07:00
Vishnu KS cfbea80f08 activity: Don't show plan, ARR and discount when billing is disabled. 2021-06-11 07:41:02 -07:00
Vishnu KS 40ab415005 activity: Show effective rate of realms in /activity page. 2021-06-11 07:41:02 -07:00
Vishnu KS 8c055107d9 exceptions: Move InvitationError to zerver/lib/exceptions. 2021-06-09 17:42:38 -07:00
Abhijeet Prasad Bodas 352634a851 tests: Consistently use assert_length helper.
This helper does some nice things like printing out
the data structure incase of failure.
2021-05-19 11:55:56 -07:00
Anders Kaseorg dd3fa4ac52 templates: Mark all void tags as self-closing.
This reverses the policy that was set, but incompletely enforced, by
commit 951514dd7d.  The self-closing tag
syntax is clearer, more consistent, simpler to parse, compatible with
XML, preferred by Prettier, and (most importantly now) required by
FormatJS.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-04-21 09:49:34 -07:00
Vishnu KS ab771e4b19 support: Show the first human user in realm search result. 2021-04-16 13:22:02 -07:00
Vishnu KS 8139896e3d support: Show realm owners in realm search results. 2021-04-16 13:18:46 -07:00
Vishnu KS 97765798d7 support: Rename realm_admin_emails to get_realm_admin_emails_as_string. 2021-04-16 13:18:46 -07:00
Anders Kaseorg e7ed907cf6 python: Convert deprecated Django ugettext alias to gettext.
django.utils.translation.ugettext is a deprecated alias of
django.utils.translation.gettext as of Django 3.0, and will be removed
in Django 4.0.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-04-15 18:01:34 -07:00
Tim Abbott 6b1ca15ba7 activity: Use realm owners, not realm administrators.
The analytics system was not properly updated when we replaced realm
owners with realm administrators.
2021-04-08 17:47:23 -07:00
Siddharth Asthana 47e478945b support: Create RealmAuditLog when updating realm_subdomain. 2021-04-03 08:01:46 -07:00
Siddharth Asthana 80c9243c6a support: Create RealmAuditLog when updating sponsorship status. 2021-04-03 08:01:46 -07:00
Siddharth Asthana ddbc6d7662 support: Create RealmAuditLog when realm reactivation email is sent. 2021-04-03 08:01:46 -07:00
Siddharth Asthana 233c4d520c support: Create RealmAuditLog when updating billing_method.
This commit also makes acting_user as a mandantory argument and fixes
the tests accordingly.
2021-04-03 08:01:46 -07:00
Siddharth Asthana 6945ed3587 support: Pass acting_user to attach_discount_to_realm. 2021-04-03 08:01:46 -07:00
Siddharth Asthana c3f37c2a64 support: Pass acting_user to do_change_plan_type.
acting_user is now a mandatory field, so wherever this function is used,
we are passing acting_user as well.
2021-04-03 08:01:46 -07:00
shanukun 88262a484c support: Fix arguments of timesince for expires_in.
`expires_in` (remaining time before the invite expires) should
be calculated from the time at present, not from the time when
confirmation link was sent.
2021-04-02 22:01:57 -07:00
shanukun 4b00e5da72 refactor: Make acting_user a mandatory kwarg for do_deactivate_realm. 2021-04-02 14:44:41 -07:00
Mateusz Mandera f329878376 migrations: Subscription.is_user_active denormalization - step one.
This adds the is_user_active with the appropriate code for setting the
value correctly in the future. In the following commit a migration to
backfill the value for existing Subscriptions will be added.

To ensure correct user_profile.is_active handling also in tests, we
replace all direct .is_active mutation with calls to appropriate
functions.
2021-03-30 09:19:03 -07:00
shanukun c95061e9b9 refactor: Make acting_user a mandatory kwarg for do_deactivate_user. 2021-03-29 15:51:45 -07:00
shanukun 8f3ae715c0 refactor: Make acting_user a mandatory kwarg for do_reactivate_user. 2021-03-29 15:51:45 -07:00
shanukun 459710a897 refactor: Make acting_user a mandatory kwarg for do_set_realm_property. 2021-03-29 15:51:45 -07:00
Tim Abbott 4bdaec7a8d analytics: Stop overriding debug_mode.
This had the same value as the default in default_page_params, and
appears to have been present since this page was introduced in
b26c38bc47.
2021-03-26 09:41:12 -07:00
Vishnu KS 1a126f8bf2 tests: Don't harcode email addresses in analytics.tests.test_views. 2021-03-22 18:10:03 -07:00
Vishnu KS 79c4a25d20 tests: Create assert_user_details_in_html_response helper function. 2021-03-22 18:10:03 -07:00
Vishnu KS a404711740 support: Show the actual user email in /support. 2021-03-22 18:10:03 -07:00
Vishnu KS 38e7903425 support: Show role of the user in search result. 2021-03-22 18:10:03 -07:00
aryanshridhar 04fb0552a6 analytics: escape HTML correctly when generating links.
Wrapped the html text within html.escape function to convert
special characters into HTML-safe string while generating link.
2021-03-18 15:08:31 -07:00
Tim Abbott 0da1bd43e9 analytics: Remove buggy HttpResponseNotFound text.
Had this been in normal route, this would have been an XSS bug, as we
were passing what the developer clearly believed to be plain text into
an HTML 404 page.

The affected routes have @require_server_admin, a permission that we
do not expect any self-hosted users to have ever enabled (as it is
undocumented and doing so is only possible manually via a `manage.py
shell`, and we believe to only be useful for running a SaaS service
like zulip.com).  So the security impact is limited to a handful of
staff of zulip.com and this isn't a candidate for a CVE.

Thanks to GitHub's CodeQL for finding this.
2021-03-18 12:16:15 -07:00
Mateusz Mandera d91d3a05b9 tests: Use do_create_realm where possible.
Using do_create_realm should be preferred over manual creation where
possible, as it creates more realistic data.
2021-03-14 08:50:02 -07:00