Commit Graph

3178 Commits

Author SHA1 Message Date
Rhea Parekh d0bc8d0736 zcommands: Add zcommand module and separate test module.
Move the zcommands from '/views/messages.py' to
'/lib/zcommand'.

Also, move the zcommand tests from '/tests/test_messages.py'
to '/tests/test_zcommand'.
2018-06-16 10:32:42 -04:00
Shubham Dhama b0bfb6b153 streams: Hide create stream UI from guest users. 2018-06-16 06:33:14 -07:00
Shubham Dhama d40c2bb166 emoji: Make uploading new realm emoji inaccessible for guest users. 2018-06-16 06:33:14 -07:00
Shubham Dhama 596ce5b60f invite: Make inviting new users inaccessible for guest users. 2018-06-16 06:33:13 -07:00
Roman Godov 0b9d4fbb06 auth: Added time conversion in new login emails.
This commit adds code for date and time conversion in
"new login" emails according to user's timezone.

Fixes #9336.
2018-06-07 08:40:22 -07:00
Yashashvi Dave f7f039e772 custom fields: Add endpoint to delete value of custom profile data.
Add delete endpoint at `users/me/profile_data` to delete value of
custom profile data.

Fixes #9669
2018-06-07 08:35:04 -07:00
Tim Abbott 4481c74a71 GitHubAuthBackendTest: Remove token_data_dict argument.
This was always the same, and there's not much reason to customize it.
2018-06-06 15:22:52 -07:00
Vishnu Ks 53237d39aa registration: Allow users to import profile picture. 2018-06-06 13:29:42 -07:00
Tim Abbott 7d250cb2f9 attachment: Fix handling of stream history.
This fixes two issues:

* Our guest users feature gave guest users access to public stream
  attachments even if they couldn't access the public stream.

* After a user joins a private stream with our new shared history
  feature, they couldn't see images uploaded before they joined.

The tests need to check for a few types of issues:
* The actual access control permissions.
* How many database queries are used in the various
  cases for that second model, especially with multiple messages
  referencing an attachment.  This function gets called a lot, and we
  want to keep it fast.

Fixes #9372.
2018-06-06 09:40:22 -07:00
Tim Abbott 35c4a9f1d2 auth: Rewrite our social auth integration to use pipeline.
This new implementation model is a lot cleaner and should extend
better to the non-oauth backend supported by python-social-auth (since
we're not relying on monkey-patching `do_auth` in the OAuth backend
base class).
2018-06-05 23:24:48 -07:00
Yashashvi Dave 5145b24635 users: Replace duplication with generic func to validate user id.
This adds a common function `access_user_by_id` to access user id
within same realm, complete with a full suite of unit tests.

Tweaked by tabbott to make the test much more readable.
2018-06-05 11:13:13 -07:00
Tim Abbott 238ba2d486 auth: Move some simple GitHub tests to the long-term test class. 2018-06-04 23:57:09 -07:00
Tim Abbott 869d75b02f AuthBackendTest: Fix typos in error message checks.
Previously, these checks did nothing.
2018-06-04 23:45:13 -07:00
Shubham Dhama 01555e8772 streams: Handle guest user ids for stream settings changes' events. 2018-06-04 11:35:37 -07:00
Tim Abbott ec90322e5d bots: Fix behavior for bots mentioned in PMs.
We've for a long time had the behavior that a bot mentioned in a
stream message receives the notification, regardless of whether the
bot was actually subscribed to the stream.

Apparently, this behavior also triggered if you mentioned a bot in a
private message (i.e. the bot would be delievered the private message
and would probably respond unhelpfully in a new group private message
thread with the PMs original recipients plus the bot).

The fix for this bug is simple: To exclude this feature for private
messages.
2018-06-03 22:29:15 -07:00
Rishi Gupta 182215d125 portico: Update text of why-zulip.
With edits from tabbott.
2018-06-03 09:37:00 -07:00
Shubham Dhama 4483e33102 digest: Make newly registered users data inaccessible to guest users.
The new can_access_all_realm_members function is meant to act as a
base function for guest users and Zephyr realm users regarding the
accessibility of the information of other users in the realm.
2018-06-03 09:30:59 -07:00
Shubham Padia 8883107a7f streams: Allow cross-realm bots to post to announcement_only streams.
This fixes an issue where if you make #announce (the default
announcement stream) announce-only, then creating a new stream will
throw an exception (because notification-bot can't send there).

Fixes #9636.
2018-06-02 10:36:29 -07:00
Steve Howell 47b4dd6bdb slash commands: Refine /day and /night.
These two slash commands now use zcommand to talk to
the server, so we have no Message overhead, and if you're
on a stream, you no longer spam people by accident.

The commands now also give reasonable messages
if you are already in the mode you ask for.

It should be noted that by moving these commands out of
widget.py, they are no longer behind the ALLOW_SUB_MESSAGES
setting guard.
2018-06-02 09:40:12 -07:00
Steve Howell 4b2e8b83c4 slash commands: Add /ping command (via zcommand).
This adds a /ping command that will be useful for users
to see what the round trip to the Zulip server is (including
only a tiny bit of actual server time to basically give a
200).

It also introduce the "/zcommand" endpoint and zcommand.js
module.
2018-06-02 09:40:12 -07:00
Rhea Parekh f8e53511ea slack import: Add support for bold-italics formatting.
Fixes #8927
2018-06-02 09:01:55 -07:00
Shubham Dhama 8e2337509d streams: Hide public streams & subscribers from guest users.
The main change here is making can_access_public_streams
2018-06-02 08:39:39 -07:00
Shubham Dhama ca02143074 test_subs: Fix typos in test_previously_subscribed_private_streams. 2018-06-02 08:06:45 -07:00
Yago González 9f98002b76 tests: Allow testing our REST API against the OpenAPI docs. 2018-06-01 12:03:31 -07:00
Tim Abbott 0a0ae5e703 users: Move add_service to zerver.lib.users so it is reusable. 2018-06-01 08:48:17 -07:00
Sampriti Panda 46711a43f0 pgroonga: Upgrade to PGroonga 2 API. 2018-05-31 13:00:34 -07:00
Shubham Padia cd1233d3f7 upload: Add test jpg image with no exif data. 2018-05-31 08:08:59 -07:00
Tim Abbott 5967de9177 test_auth_backends: Move GitHub signup tests to new suite.
This eliminates a lot of duplicated, mocking-heavy code.
2018-05-30 18:24:27 -07:00
Tim Abbott 7d8d6f1978 test_auth_backends: Move GitHub deactivated test to new suite. 2018-05-30 18:24:27 -07:00
Tim Abbott 29492325a8 test_auth_backends: Move github_auth_enabled test to new suite.
This is step 1 of a migration to eventually delete the legacy test suite.
2018-05-30 18:24:27 -07:00
Steve Howell 554883e039 submessages: Add submessage_id to submessage event.
It's useful to have the submessage_id so that widgets
can in theory sort all the events (and not have to rely
on them arriving in sequence).
2018-05-30 14:47:36 -07:00
Shubham Padia bb8ad15fa9 streams: Set is_announcement_only when creating streams.
Adds is_announcement_only to create_stream_if_needed and
add_subscriptions_backend.
2018-05-30 14:17:33 -07:00
Steve Howell bfc13ecea4 submessages: Just send content for submessage events.
For some reason in my original version I was sending both
content and data to the client for submessage events,
where data === JSON.parse(content).  There's no reason
to not just let the client parse it, since the client
already does it for data that comes on the original
message, and since we might eventually have non-JSON
payloads.

The server still continues to validate that the payload
is JSON, and the client will blueslip if the server
regressses and sends bad JSON for some reason.
2018-05-30 13:53:11 -07:00
Rhea Parekh e2f2ea7248 test_export: Add tests for 'do_export_user'. 2018-05-30 10:28:10 -07:00
Rhea Parekh 74cc07bb2f test_export: Add tests for export of files.
Thanks @Zachary-Jackson for some preliminary work
on this.
2018-05-30 10:28:10 -07:00
Tim Abbott 99c6a82b7f i18n: Clean up logic for picking language in app.
We now have a simple algorithm: First, look at the URL path
(e.g. /de/, which is intended to be an override).  Second, look at the
language the user has specified in their settings.
2018-05-30 08:57:26 -07:00
Shubham Dhama 1d9afc7328 i18n: Pass translation data in page_params.
This is a preliminary step to make translation_data available as a
resource to `i18next.init()`.
2018-05-30 08:57:26 -07:00
Robert Hönig 647c63050f botserver: Add outgoing webhook tokens to botserverrc.
The tokens will be used to authorize the server when sending
messages to the Botserver.
2018-05-30 10:00:19 -04:00
Yashashvi Dave 47aaf4e20a users: Replace duplication with generic func to validate bot id.
This adds a common function `access_bot_by_id` to access bot id within
same realm.  It probably fixes some corner case bugs where we weren't
checking for deactivated bots when regenerating API keys.
2018-05-29 15:47:27 -07:00
Shubham Padia 8b8a9be377 upload: Rotate image according to exif data when resizing avatar and emojis.
Fixes the avatar/emoji part of #8177.

Does not address the issue with uploaded images, since we don't do
anything with them.

Also adds 3 images with different orientation exif tags to
test-images.
2018-05-29 10:39:39 -07:00
Tim Abbott 91ec0aba09 auth: Improve interactions between LDAPAuthBackend and EmailAuthBackend.
Previously, if you had LDAPAuthBackend enabled, we basically blocked
any other auth backends from working at all, by requiring the user's
login flow include verifying the user's LDAP password.

We still want to enforce that in the case that the account email
matches LDAP_APPEND_DOMAIN, but there's a reasonable corner case:
Having effectively guest users from outside the LDAP domain.

We don't want to allow creating a Zulip-level password for a user
inside the LDAP domain, so we still verify the LDAP password in that
flow, but if the email is allowed to register (due to invite or
whatever) but is outside the LDAP domain for the organization, we
allow it to create an account and set a password.

For the moment, this solution only covers EmailAuthBackend.  It's
likely that just extending the list of other backends we check for in
the new conditional on `email_auth_backend` would be correct, but we
haven't done any testing for those cases, and with auth code paths,
it's better to disallow than allow untested code paths.

Fixes #9422.
2018-05-28 22:47:47 -07:00
Tim Abbott 3842404cc0 ldap: Don't allow password reset for users in LDAP domain.
This is the analog of the last commit, for the password reset flow.
For these users, they should be managing/changing their password in
the LDAP server.

The error message for users doing the wrong thing here is nonexistent
isn't great, but it should be a rare situation.
2018-05-28 22:47:47 -07:00
Tim Abbott 8119670da1 user_settings: Prevent LDAP users from setting a Zulip password.
Previously, if both EmailAuthBackend and LDAPAuthBackend were enabled,
LDAP users could set a password using EmailAuthBackend and continue to
use that password, even if their LDAP account was later deactivated.

That configuration wasn't supported at all before, so this doesn't fix
a pre-existing security issue, but now that we're making that a valid
configuration, we need to cover this case.
2018-05-28 22:47:47 -07:00
Sampriti Panda 250015a5d5 pgroonga: Fix issues with HTML escaping in queries. 2018-05-28 16:53:30 -07:00
Shubham Dhama b410aeb897 message: Limit message access for guest users.
Tweaked by tabbott to interact correctly with the
history_public_to_subscribers feature.
2018-05-28 12:20:32 -07:00
Robert Hönig 497cd4a1f9 outgoing webhooks: Change default URL in all tests.
This reflects the changes to the default URL publicly
displayed to the user. It also changes the default
URL of the default test server outgoing webhook, which
prevented the test server flaskbotrc from working out
of the box.
2018-05-28 10:40:44 -07:00
Yashashvi Dave e82c879b85 custom fields: Add user type of custom fields.
Fixes #8878
2018-05-27 23:01:21 -07:00
Yashashvi Dave 1e948ab405 zerver/lib/users.py: Add function to check given user id is valid.
This function check if given user id exists in realm.
It also check, if user is active and not a bot.
2018-05-27 22:57:55 -07:00
Vishnu Ks c90aac56ba registration: Copy user full_name when importing settings. 2018-05-27 22:39:21 -07:00
Rhea Parekh 468afe4840 export: Support export of Custom emojis.
Export of RealmEmoji should also include the image
file of those emojis.

Here, we export emojis both for local and S3 backend
in a method with is similar to attachments and avatars.

Added tests for the same.
2018-05-27 21:54:20 -07:00
Robert Hönig 7a8c1ec9dc outgoing webhooks: Send additional useful data.
This adds the fields `trigger` and `service_email`
to each message event dispatched by outgoing webhook bots.
`trigger` will be used by the Botserver to determine if
a bot is mentioned in the message.
`service_email` will be used by the Botserver to determine
by which outgoing webhook bot the message should be handled.
2018-05-25 10:33:40 -07:00
Eeshan Garg 0a1b429d04 settings: Remove PRIVATE_STREAM_HISTORY_FOR_SUBSCRIBERS.
Now that we have a UI for this feature, we don't need this setting
anymore.
2018-05-24 17:18:14 -07:00
Tim Abbott 6967b6519d settings: Add a development-only setting for less dense mode.
This should make it easier for us to iterate on a less-dense Zulip.

We create two classes on body, less_dense_mode and more_dense_mode, so
that it's easy as we refactor to separate the two concepts from things
like colors that are independent.
2018-05-24 12:31:37 -07:00
Vishnu Ks 54a002c2e2 requirements: Upgrade pyflakes to 2.0.0.
We fix a few errors that only the new version finds.
2018-05-24 11:31:36 -07:00
Steve Howell 69517f5ac5 Support zform-based widget content in the server.
API users, particularly bots, can now send a field
called "widget_content" that will be turned into
a submessage for the web app to look at.  (Other
clients can still rely on "content" to be there,
although it's up to the bot author to make the
experience good for those clients as well.)

Right now widget_content will be a JSON string that
encodes a "zform" widget with "choices."  Our first
example will be a trivia bot, where users will see
something like this:

    Which fruit is orange in color?

        [A] orange
        [B] blackberry
        [C] strawberry

The letters will be turned into buttons on the webapp
and have canned replies.

This commit has a few parts:
    - receive widget_content in the request (simply
        validating that it's a string)
    - parse the JSON in check_message and deeply
        validate its structure
    - turn it into a submessage in widget.py
2018-05-24 09:30:22 -07:00
Shubham Dhama fc3dcbfb5a messages: Allow "no topic" topics editable indefinitely.
Fixes: #9484.
2018-05-24 07:35:52 -07:00
Umair Khan adaeaccd20 2FA: Add link in settings to setup two-factor. 2018-05-23 15:49:41 -07:00
Umair Khan e063bb0d50 2FA: Add tests for two-factor auth. 2018-05-23 15:49:35 -07:00
Umair Khan bf740f9232 2FA: Add zulip_otp_required decorator.
We need to add this because otp_required doesn't play well with tests.
2018-05-23 15:46:57 -07:00
Tim Abbott 9c29592178 mypy: Fix rebase errors in create_user.py. 2018-05-23 11:36:28 -07:00
Vishnu Ks 8369e2b15e registration: Allow users to import settings from other realm.
This should significantly improve the user experience for creating
additional accounts on zulipchat.com.

Currently, disabled in production pending some work on visual styling.
2018-05-23 10:30:00 -07:00
Vishnu Ks 2a66818e2e registration: Add function to copy user settings.
This is intended to support our upcoming feature to support copying a
user's customization settings from an existing account that user owns
in another organization.
2018-05-23 10:12:14 -07:00
Aditya Bansal 8cfb437677 provision: Don't run create_realm_internal_bots management command.
We essentially stop running create_realm_internal_bots during
every provisioing and move its operations to run from populate db.
In fact to speed things up a bit we actually make populate db call the
funcs which create_realm_internal_bots calls behind the scenes.

Fixes: #9467.
2018-05-23 13:34:52 +05:30
Aditya Bansal d343f25cc6 create_realm_internal_bots: Refactor to extract main op as a function.
We extract the entire operations of the management command to a
function create_if_missing_realm_internal_bots in the
zerver/lib/onboarding.py. The logic for determining if there are any realm
internal bots which have not been created is extracted to a function
missing_any_realm_internal_bots in actions.py.
2018-05-23 11:53:22 +05:30
Tim Abbott 998e1048e8 test_bots: Add coverage for no-op changes to bot owner.
This isn't a complete long-term fix, in that ideally we'd be doing
this check at the view layer, but various structural things make that
annoying, and we'll want this test either way.
2018-05-22 15:04:27 -07:00
Umair Khan f38d6ac6fe ldap: Make Zulip compatible with django-auth-ldap==1.5.
In version 1.5, get_or_create_user method is not used. It exists just
for the compatibility. The main function to use now is
get_or_build_user.

See the changelog:
https://django-auth-ldap.readthedocs.io/en/latest/changes.html#id1

Fixes #9307
2018-05-22 08:13:41 -07:00
Michael J. Sullivan d5ee801d60 mypy: Set local_partial_types = True.
The daemon implicitly sets this flag, so set it explicitly and fix all
of the type errors.
2018-05-21 22:41:00 -07:00
Tim Abbott cec7686f3d push notifications: Clean up unregistered/bad APNS tokens.
We've had this sort of logic for GCM for a long time; it's worth
adding for APNS as well.

Writing this is a bit of a reminder that I'm not a fan of how our unit
tests for push notifications work.
2018-05-21 11:30:56 -07:00
Tim Abbott c6909fb99c migration_tests: Document the migration test framework. 2018-05-21 09:59:55 -07:00
Aditya Bansal b489eded17 migration_test: Add test for 0145 migration. 2018-05-21 09:46:52 -07:00
Aditya Bansal e41d32a15a reminders: Add various design improvements for the UI/reminder msg. 2018-05-21 09:07:37 -07:00
Tim Abbott 43ec7ed456 narrow: Add is_web_public_compatible check for narrows.
This will be used to limit which narrows will be allowed for
web-public browsing of Zulip.
2018-05-21 08:45:48 -07:00
Umair Khan 18defcc673 2FA: Fix check for context_data attr.
This attribute only makes sense for responses that are generated using a
template.
2018-05-21 07:50:05 -07:00
Tim Abbott 7dd275328b github: Add a complete end-to-end GitHub OAuth2 test.
This revised GitHub auth backend test is inspired by the end-to-end
flow model of the Google auth backend test.  My hope is that we will
be able to migrate the rest of the important cases in the GitHub auth
backend tests to this model and then delete what is now
GitHubAuthBackendLegacyTest.

The next step after that will be to merge the GitHub and Google auth
tests (since actually, the actual test functions are basically
identical between the two).
2018-05-20 23:44:20 -07:00
Tim Abbott 86ec78eaa9 test_auth_backends: Move ResponseMock earlier in the file.
We're going to be using this in the GitHub auth backend as well.
2018-05-20 22:02:43 -07:00
Tim Abbott 9b8331cf88 test_presence: Fix nondeterministic test failures.
Apparently, the bug here was that we were aliasing the user_profile
variable, so that the results depended on what the last iteration in
the loop landed on.
2018-05-20 22:02:43 -07:00
Tim Abbott 336ad0fbb1 password reset: Handle deactivated users and realms.
Since this is a logged-out view, need to actually write code for the
case of deactivated realms.

The change to get_active_user is more for clarity; the Django password
reset form already checks for whether the user is active earlier.
2018-05-20 20:02:27 -07:00
Tim Abbott e7fa77f120 validate_email_for_realm: Clarify errors for deactivated users.
If a user's account has been deactivated, we want to provide a special
error message that makes clear what's going on.

Future work is to provide some administrative controls on whether a
user should be able to re-activate their account.
2018-05-20 19:32:53 -07:00
Tim Abbott 2609274719 streams: Don't allow adding deactivated users to streams.
This query was incorreclty not checking whether a user was deactivated
before managing their subscriptions.

This isn't an important bug, but should prevent some weird corner
cases (like trying to send a notification PM to a deactivated user,
which fails).
2018-05-20 19:17:15 -07:00
Tim Abbott 451b12d0b2 test_home: Fix broken narrow parsing exception test. 2018-05-20 19:06:14 -07:00
Vishnu Ks 61e124a2ab models: Create get_source_profile function.
This will be used in our upcoming feature to import settings from
other Zulip realms.
2018-05-20 15:30:30 -07:00
Vishnu Ks 74e823f5fa models: Add function for getting membership realms. 2018-05-20 15:17:19 -07:00
Sampriti Panda d94202c662 notifications: Add consistent order for sending email notifications.
Notification emails are sent in increasing order of the max message-id
of the unread message thread.
2018-05-20 10:19:13 -07:00
Sampriti Panda 407aa99704 test_notifications: Fix confusing variable naming in test_unread_anchor. 2018-05-20 10:16:53 -07:00
Sampriti Panda 3f4200db3c tests: Disable slow query messages in test environment.
Slow queries during backend tests sends messages to Error Bot
which affects the database state causing the tests to fail.
This fixes the occasional flakes due to that.
2018-05-20 10:16:53 -07:00
Yashashvi Dave 38db31779b /json/bots: Return "No user" if access other realms bot.
Instead of returning warning "Insufficient Permission", return
"No such bot" warning if user tries to access other realms bot."
2018-05-18 15:20:43 -07:00
Yashashvi Dave 4162e61f33 /json/users: Replace email with user_id in API to reactivate user. 2018-05-18 15:20:43 -07:00
Yashashvi Dave 06e7e933cc /json/users: Replace email with user_id in API to update/remove users. 2018-05-18 15:20:43 -07:00
Tim Abbott b8e2339a65 test_presence: Update debugging print statements. 2018-05-18 15:20:15 -07:00
jkiely ca3ce90496 mypy: Enable strict optional in lib/avatar.py.
Add assert to function and modify tests in order to pass under
strict conditions.
2018-05-17 11:11:55 -07:00
Tim Abbott d782927b4c test_webhooks_common: Add logging for a test flake case.
This seems to happen occasionally in CI, and we don't know why.
2018-05-17 09:18:31 -07:00
Vishnu Ks 372e9740ac events: Add date_joined to user_dict. 2018-05-17 07:49:35 -07:00
Tim Abbott fc32fe16c6 test_presence: Add debugging output to help track down a flake.
This test has been failing nondeterministically, and the debug output
should help us figure out why.
2018-05-17 07:44:46 -07:00
Steve Howell de47eeb6f1 Add /submessage endpoint. 2018-05-16 15:13:33 -07:00
Steve Howell 4332fd64f7 Add submessages to message payloads. 2018-05-16 15:13:33 -07:00
Steve Howell ff097623fa Add SubMessage table. 2018-05-16 15:13:33 -07:00
Lyla Fischer 98c50f7041 user docs: Update time-format docs. 2018-05-16 16:17:39 -04:00
Tim Abbott 495104bd56 mypy: Clean test_subs.py of mypy strict-optional errors.
Most of this is just asserting that the sub_dict return value from
access_stream_by_id is not None in the cases where it shouldn't be,
but additionally, we also need to pass a function into
validate_user_access_to_subscribers_helper (in this case, just `lambda:
True` works fine)
2018-05-16 12:09:52 -07:00
Tim Abbott ee0f1992bf lint: Fix lint errors in recently merged tests. 2018-05-15 20:07:33 -07:00
Baron Chandler 1e4f54560a actions: Ensure validate_user_access_to_subscribers_helper raises on invalid params. 2018-05-15 19:14:43 -07:00
Baron Chandler 024e6fc704 actions: Make sure get_recipient_info asserts on invalid recipient type. 2018-05-15 19:14:42 -07:00
Baron Chandler 7251e978d5 actions: Make sure get_typing_user_profiles raises on invalid recipient types. 2018-05-15 19:14:42 -07:00
Tim Abbott aec57baef2 test_presence: Add tests for various analytics pages.
While maybe these don't all belong in this test file, the overall
effect is that we now have quite good test coverage on
analytics/views.py.

It'd be nice to add some more assert statements for specific values
being present in the pages, but since we're not really working on that
part of the product, it's not a priority yet.
2018-05-15 18:52:18 -07:00
Tim Abbott 00861b910d test_presence: Add tests for seconds_usage_between.
This isn't widely used, but is a nice way to verify the logic further.
2018-05-15 18:37:49 -07:00
Tim Abbott 930cbabbb7 test_queue: Add a test for register_json_consumer.
This expands the coverage of the SimpleQueueProcessor logic to be
mostly complete.  We still don't have real tests for
TornadoQueueProcessor.
2018-05-15 18:24:45 -07:00
Tim Abbott 962c64a1d4 test_queue: Add basic tests for SimpleQueueClient. 2018-05-15 17:56:30 -07:00
Yashashvi Dave b949d10592 /json/bots: Replace email with user_id in API to generate bot_api_key.
Fixes #3643.
2018-05-15 16:37:06 -07:00
Yashashvi Dave d6e2f9fc88 /json/bots: Replace email with user_id in API to update bots. 2018-05-15 16:34:17 -07:00
Yashashvi Dave 8909836815 zerver/tests/test_custom_profile_data.py: Refactor tests.
Refactor custom fields creation and deletion tests to assert
if created/deleted field exist or not, instead of asserting
total count of all realm fields.
2018-05-15 12:38:18 -07:00
Shubham Padia 3703013b4f models: Add `is_announcement_only` to Stream.to_dict(). 2018-05-15 12:05:52 -07:00
Baron Chandler f59adfa67c actions: Change do_change_is_admin Exception to an Assertion Error.
- do_change_is_admin now raises AssertionError when a non-admin
  permission is given.
- adds test to test_users to ensure admin asserts on invalid
  permission values.
2018-05-15 11:27:01 -07:00
RobbieClarken 17d6d4fed1 zerver/tests: Add test for get_emoji_url for local upload backend. 2018-05-15 10:50:39 -07:00
RobbieClarken fb42b58316 zerver/tests: Test emoji upload for local storage backend. 2018-05-15 10:50:39 -07:00
RobbieClarken 2dc13d6b50 zerver/tests: Test ensure_medium_avatar_url when the file exists. 2018-05-15 10:50:39 -07:00
RobbieClarken 398141268f zerver/tests: Test get_emoji_url for S3. 2018-05-15 10:50:39 -07:00
RobbieClarken dd19ed3972 zerver/tests: Test upload emoji to S3. 2018-05-15 10:50:39 -07:00
RobbieClarken ff95c67197 zerver/tests: Test upload realm icon for S3. 2018-05-15 10:50:39 -07:00
RobbieClarken 25e91b289d zerver/tests: Test delete message image from S3 when file is missing. 2018-05-15 10:50:39 -07:00
RobbieClarken b3a6c0a253 zerver/tests: Test currently_used_upload_space function. 2018-05-15 10:50:38 -07:00
RobbieClarken efc63d4ca0 zerver/tests: Test S3 file upload with undefined content type. 2018-05-15 10:42:10 -07:00
RobbieClarken b9fff04f39 zerver/tests: Add test for resize_emoji for images that need resizing. 2018-05-15 10:42:10 -07:00
RobbieClarken 69a5ce102f zerver/tests: Remove unecessary re-open on files in tests.
The get_test_image_file helper function returns a file handle so we can
call the read method on this directly.
2018-05-15 10:42:10 -07:00
RobbieClarken f34d9dc910 zerver/tests: Test get_realm_for_filename when filename doesn't exist. 2018-05-15 10:42:10 -07:00
Baron Chandler 52d53f4a81 test_subs: Ensure gather_subscriptions_helper excludes deleted streams. 2018-05-15 10:11:32 -07:00
Tim Abbott a2ed06314d send_test_email: Throw an error if email not configured.
This should help minimize confusion when folks try to use this before
properly configuring outgoing email.

Thanks to Bruce Eckel for the report.
2018-05-14 12:02:36 -07:00
RobbieClarken 2cca5dc79f zerver/tests: Test upload when mimetype is supplied as a query param. 2018-05-14 10:58:24 -07:00
Joshua Pan 231b487bca tests: Cover check_config() in zerver/lib/management.py.
Add a comment to code to clarify what the config check does.
2018-05-14 10:46:21 -07:00
Darshan Markandaiah 607cab2a53 tests: Add 100% test coverage to zerver/apps.py.
Tweaked by tabbott to rename to test_cache.py and remove the
sender_name argument (Since it was kinda confusing).
2018-05-14 10:36:10 -07:00
Eeshan Garg 5c0d4660c1 models: Add history_public_to_subscribers to Stream.to_dict().
This commit also updates all the relevant parts where this attribute
could be useful, e.g. payloads for user subscriptions.
2018-05-13 09:15:07 -07:00
Shubham Padia 295fcb8536 models: Add `is_announcement_only` to stream_dict in `actions.py`.
Adds `is_announcement_only` to `stream_dict`s in order to access
the property in the frontend.
2018-05-13 09:11:51 -07:00
Shubham Padia 897ed17f0c api: Allow realm_admins to make a stream announcement_only. 2018-05-13 09:11:51 -07:00
Shubham Padia bb8577ba94 stream: Only realm admins can post to an announcement_only streams.
If a non-admin tries to post to an announcement_only stream, error
message will be shown.
2018-05-13 09:11:51 -07:00
Vishnu Ks 08d20dce23 docs: Cover the missing case in DocPageTest. 2018-05-13 08:56:04 -07:00
Vishnu Ks 99186952f6 integrations: Make integration_doc endpoint work only on ajax. 2018-05-13 08:56:04 -07:00
Aditya Bansal 5416d137d3 zerver/tests: Change use of typing.Text to str. 2018-05-12 15:22:39 -07:00
Aditya Bansal 2f3b2fbf59 zerver/tests: Change use of typing.Text to str. 2018-05-10 14:19:49 -07:00
Tim Abbott 81e17c7d47 test_i18n: Stop using six.moves for SimpleCookie.
This requires a 'type: ignore' because of a typeshed bug.
2018-05-09 20:45:45 -07:00
Tim Abbott 4c1777f146 tests: Add a good set of unit tests for UserActivityInterval.
This system was written years ago and has been working well the whole
time, but having unit tests for it will help future developers in
understanding what the intent is.
2018-05-09 20:45:02 -07:00
Tim Abbott fba45bb9d3 archive: Add functions for accessing web-public streams.
These will be helpful for variable upcoming projects to support the
web-public streams feature.
2018-05-08 12:12:15 -07:00
Tim Abbott f24630fd4a events: Include data for whether push notifications are enabled.
This is primarily useful for the mobile app, but could also be used to
control whether we display push-notifications related settings to
users in the web UI.
2018-05-08 11:45:13 -07:00
Eeshan Garg 34d1b0ebf1 webhooks: Add helper to extract and validate HTTP event headers.
This is a part of our efforts to close #6213.
2018-05-05 15:48:37 -07:00
Tim Abbott 956bd74905 attachments: Send events for attachment updates.
We send add events on upload, update events when sending a message
referencing it, and delete updates on removal.

This should make it possible to do real-time sync for the attachments
UI.

Based in part on work by Aastha Gupta.
2018-05-04 16:22:27 -07:00
Tim Abbott 69c4645bd2 attachments: Stop fetching attachments in / endpoint.
We only use this data in a rarely-used settings screen, and it can be
large after years of posting screenshots.

So optimize the performance of / by just loading these data when we
actually visit the page.

This saves about 300ms of runtime for loading the home view for my
user account on chat.zulip.org.
2018-05-04 16:22:26 -07:00
Tim Abbott 59d3fefc07 bots: Improve performance of fetching core bot data.
This eliminates the need to call user_ids_to_users inside the
get_service_dicts_for_bots code path, saving a database query.

This completes my refactor to fix backend performance issues in this
code path.  Previously, our messy layering of queries that resulted in
Zulip doing work even if none of the bots actually had Services or
config_data.
2018-05-04 13:44:43 -07:00
Vishnu Ks 733da0ac07 settings: Fix 500 when trying to change email to disposable email.
Fixes #9240
2018-05-04 10:52:38 -07:00
Tim Abbott 508dc5b6ed decorators: Add new decorators for guest users.
These decorators will be part of the process for disabling access to
various features for guest users.

Adding this decorator to the subscribe endpoint breaks the guest users
test we'd just added for the subscribe code path; we address this by
adding a more base-level test on filter_stream_authorization.
2018-05-04 10:25:52 -07:00
Tim Abbott 8b26f912af streams: Limit access to public streams for guest users.
With most of the tests tests written by Shubham Dhama.
2018-05-04 09:47:58 -07:00
Tim Abbott 7cbff8b521 push registration: Use standard error message for auth problems.
This avoids adding an unnecessary new translated string.
2018-05-04 09:04:39 -07:00
Tim Abbott 43098a6f7c zilencer: Add automated signup system for push notifications.
Based on an initial version by Rishi Gupta.

Fixes #7325.
2018-05-03 21:27:49 -07:00
Tim Abbott 51517fa188 request: Add new str_validator validator type.
This is helpful for cases where an argument is supposed to be a normal
string, and we want to use a Zulip validator function to do basic
things like check its length.
2018-05-03 21:11:02 -07:00
Tim Abbott f2e84f25a0 management: Refactor checkconfig code to live in library.
This makes it possible to call this from other management commands.
2018-05-03 21:11:02 -07:00
Tim Abbott ad0cfb3512 validators: Add check_string_fixed_length.
This will be useful in some upcoming work on zilencer.
2018-05-03 14:30:03 -07:00
Tim Abbott 594451707d check_capped_string: Clean up corner case.
We were rejecting strings of length equal to the max.

While we're at it, fix the unnecessary period in the error message,
which doesn't align with similar validators.
2018-05-03 14:30:03 -07:00
Armaan Ahluwalia 8fe54a533a test_home: Change requiring pygments.css to requiring app-styles.js.
This commit changes the tests based on the fact that pygments.css
will no longer be found in the template during testing. pygemnts.css
is being compiled by webpack under app-styles and so we look for the
stubentry for app-styles instead.

Tweaked by tabbott to do a cleaner test.
2018-05-02 17:18:11 -07:00
Aditya Bansal c38b70566c views/archive.py: Make 'StreamDoesNotExist' return a error msg page. 2018-05-02 15:23:33 -07:00
Aditya Bansal 5d7907b59f public_archives: Add basic infra for displaying topics.
We add very basic infra so that we can view any discussion which
happened under a topic of a global public stream without
authorization.
2018-05-02 15:23:33 -07:00
Umair Khan 29e3a1d576 two_factor: Add templates for 2-factor-auth setup.
Note from Tim: We'll likely need to do some work on the strings in
these before translating, so I removed some translation tags.
2018-05-02 15:20:49 -07:00
novokrest 036bc120c3 outgoing_webhook: Extend process_success() return value to tuple.
Change return value type of OutgoingWebhookServiceInterface.process_success
to 2-elements tuple as (success_message, failure_message)
2018-05-02 11:57:08 -07:00
Tim Abbott a0e8a37e7f topics: Fix get_topics_backend logic for zephyr realms.
This removes a check on invite_only, that should have been a check on
history_public_to_subscribers.  In addition to fixing a bug for zephyr
realms, it also makes "more topics" work correctly for realms using
the new settings for stream history being public to subscribers.
2018-05-02 09:02:57 -07:00
Rohitt Vashishtha 2f6da2661f push_notifications: Format blockquotes properly in text_output.
New output is of the format:

Hamlet said:
> Polonius said:
> > This is the.
> > Second layer of nesting.
> First layer of nesting.

Fixes #9251.
2018-05-02 08:57:17 -07:00
Vishnu Ks 8705ac1091 portico: Add noindex tags for non root realms.
There may be further work required for the /integrations pages.
2018-05-01 15:28:30 -07:00
Rohitt Vashishtha 6c96ba79e0 test_bugdown: Fix ignore-testcase feature for markdown_test_cases.
We accidentally were 'return'ing on encountering an ignored case, and thus
exiting the loop, not running further testcases.
2018-05-01 09:24:15 -07:00
Angelika Serwa f4f64243dd custom_profile_fields: Support changing the sort order of the fields.
Tweaked by tabbott for variable naming and the URL.

Closes #8879.
2018-04-30 18:17:41 -07:00
Tim Abbott de30474ddd test_custom_profile_data: Don't do a database query on import.
This is a general code cleanlyness improvement.

While we're at it, we combine together two test classes that didn't
have a particularly good reason for existing.
2018-04-30 10:57:23 -07:00
Yashashvi Dave 0a9fbe2ce6 zerver/tests/test_custom_profile_data.py: Refactor tests.
Refactor tests to include generic function for invalid
assertion and remove repetitive assertion code.
2018-04-30 10:53:23 -07:00
Yashashvi Dave a97a00a4c6 custom fields: Replace field id with field name in error message. 2018-04-30 10:53:23 -07:00
Yashashvi Dave 0d7d94d0db custom fields: Add support for custom URL field type. 2018-04-30 10:53:23 -07:00
Yashashvi Dave 4033f210af custom fields: Add support for custom date field type. 2018-04-30 23:04:25 +05:30
Yashashvi Dave 94d787aa2e zerver/test/test_custom_profile_data.py: Remove hard-coded field no's. 2018-04-30 23:04:25 +05:30
Yashashvi Dave 66759358e2 create stream: Add maxlength restriction on name and description. 2018-04-30 10:11:25 -07:00
Yashashvi Dave 7e9ccead2e stream settings: Fix server error on long stream description.
Add backend validations to check stream description length.
2018-04-30 10:11:23 -07:00
Tim Abbott 976e61d687 validators: Improve error messages for check_capped_string. 2018-04-30 10:07:06 -07:00
Eeshan Garg 057ff9c91e models: Add Stream.history_public_to_subscribers.
This commit adds a new field history_public_to_subscribers to the
Stream model, which serves a similar function to the old
settings.PRIVATE_STREAM_HISTORY_FOR_SUBSCRIBERS; we still use that
setting as the default value for new streams to avoid breaking
backwards-compatibility for those users before we are ready with an
actual UI for users to choose directly.

This also comes with a migration to set the value of the new field for
existing streams with an algorithm matching that used at runtime.

With significant changes by Tim Abbott.

This is an initial part of our efforts on #9232.
2018-04-28 22:54:04 -07:00
Tim Abbott e087be6630 home: Ignore handlebars errors in the test suite.
The handlebars error message is just for the manual development
environment; this prevents the state of compiling handlebars templates
from run-dev.py from potentially causing the unit tests to fail.
2018-04-28 13:49:24 -07:00
Tim Abbott 7d6bb3dcb4 settings: Remove obsolete default_desktop_notifications setting.
This actually hasn't been hooked up to do anything in years.

While we're at it, we remove the entire "Zulip Labs" settings page.
2018-04-28 13:46:07 -07:00
Tim Abbott 127ac0df54 auth: Remove unnecessary case from validate_email_for_realm.
The removed code path was only needed due to buggy setup code in the
test_cross_realm_scenarios test.  We address that with a less buggy
workaround, and which lets us remove unnecessary complexity from this
important validation function.

Thanks for Umair Waheed for some preliminary work on this.

Fixes #7561.
2018-04-28 11:03:03 -07:00
Tim Abbott a3fc7d1371 message_edit: Fix spelling of "has passed". 2018-04-27 19:24:14 -07:00
YJDave 6bef44a9fa org setting: Add time limits for message deleting.
Add realm setting to set time limit for message deleitng.
Set default value of message_content_delete_limit_seconds
to 600 seconds(10 min).

Thanks to Shubham Dhama for rebasing and reworking this.  Some final
edits also done by Tim Abbott.

Fixes #7344.
2018-04-27 19:22:28 -07:00
Tim Abbott 224acb8256 email_mirror: Add a test for sending to a private stream.
This verifies an important case.  We still have an open bug for why in
some production environments, the email_gateway_bot seems to not be
tagged as an API super user (resulting in this code path not working).
2018-04-27 13:56:06 -07:00
Tim Abbott 2cdd367d49 email_mirror: Fix handling of empty topic.
Also fixs some corner cases around pure-whitespace topics, and
migrates from the years-obsolete "no subject".

Fixes #9207.
2018-04-26 10:21:29 -07:00
Umair Khan cf2f6b38dd profile: Add choice field.
Fixes part of #8878
2018-04-26 00:35:51 -07:00
Tim Abbott 18e7ef23fc decorator: Add a test to more fully cover require_post.
We also add a nocoverage for what is currently an impossible code
path.
2018-04-25 22:37:09 -07:00
Tim Abbott dfb946d84b decorator: Test error cases for authenticated_rest_api_view.
We now have 100% coverage on this important function.
2018-04-25 22:36:48 -07:00
Tim Abbott 6f87091120 test_push_notifications: Cover the last lines of validate_api_key.
This push notification bouncer error case wasn't previously tested.
2018-04-25 22:36:48 -07:00
Tim Abbott c6b062f26e test_decorators: Add coverage to to_not_negative_int_or_none. 2018-04-25 21:59:48 -07:00
Tim Abbott 2217285ac0 test_push_notifications: Add a better test for auth code path.
This is mostly to prevent an issue similar to the one fixed in the
last commit.
2018-04-25 21:51:24 -07:00
Tim Abbott 2fa58fe9ad decorator: Fix exception format for invalid API key.
This exception class was clearly missing the part where `role` gets
stored, which was intended to be inherited from
InvalidZulipServerError.

This fixes an unnecessary 500 error in the push notifications bouncer.
2018-04-25 21:44:31 -07:00
Lyla Fischer b24659b005 bugdown: Add {settings|my-setting} macro.
Tweaked by tabbott to add a test and fix a super subtle issue with the
relative_settings_link variable having been set once the first time a
/help article was rendered.
2018-04-25 13:41:24 -07:00
Tim Abbott ff9371d63c slack import: Fix issues with Slack empty files.
Fixes #9217.
2018-04-25 10:20:55 -07:00
Rishi Gupta d57e10158c portico: Update text on confirm_continue_registration.
A common path is a new user goes to realm_uri, which redirects to
realm_uri/login, and clicks the google auth button thinking it is a
registration button.

This commit just changes the wording on the page they land on to be
friendlier for that use case.
2018-04-25 08:50:24 -07:00
Tim Abbott c4b886d8ae import: Split out import.py into its own module.
This should make it a bit easier to find the code.
2018-04-23 15:21:12 -07:00
Eeshan Garg 8158342ad3 decorators: Log webhook error payloads in authenticated_rest_api_view.
This completes the effort to ensure that all of our webhooks that do
parsing of the third-party message format log something that we can
use to debug cases where we're not parsing the payloads correctly.
2018-04-23 14:14:42 -07:00
Preston Hansen 0258d7db0d slack import: Be less strict in `check_subdomain_available`.
If the sysadmin is doing something explicit in a management command,
it's OK to take a reserved or short subdomain.

Fixes #9166.
2018-04-23 11:48:12 -07:00
Vishnu Ks c9e932a7ce settings: Add support for Hangouts as the video chat provider.
The only thing that's annoying about this feature is that you need to
be a paying G Suite customer to use it.
2018-04-23 09:39:47 -07:00
Tim Abbott 01be6b01b1 validate_domain: Add verification of domain length. 2018-04-23 09:29:03 -07:00
Tim Abbott a9fb02b712 test_auth_backends: Add a test for GitHub auth mobile_flow_otp. 2018-04-22 19:55:05 -07:00
Tim Abbott c88163eea8 auth: Make "Continue to registration" actually register you.
The main change here is to send a proper confirmation link to the
frontend in the `confirm_continue_registration` code path even if the
user didn't request signup, so that we don't need to re-authenticate
the user's control over their email address in that flow.

This also lets us delete some now-unnecessary code: The
`invalid_email` case is now handled by HomepageForm.is_valid(), which
has nice error handling, so we no longer need logic in the context
computation or template for `confirm_continue_registration` for the
corner case where the user somehow has an invalid email address
authenticated.

We split one GitHub auth backend test to now cover both corner cases
(invalid email for realm, and valid email for realm), and rewrite the
Google auth test for this code path as well.

Fixes #5895.
2018-04-22 19:55:05 -07:00
Tim Abbott c65a4e8f0b test_signup: Remove unnecessary LoginOrAskForRegistrationTestCase.
This test class is basically a poor version of the end-to-end tests
that we have in `test_auth_backends.py`, and didn't really add any
value other than making it difficult to refactor.
2018-04-22 19:41:18 -07:00
Tim Abbott 8026b4f9db auth: Refactor login_or_register_remote_user interface.
By moving all of the logic related to the is_signup flag into
maybe_send_to_registration, we make the login_or_register_remote_user
function quite clean and readable.

The next step is to make maybe_send_to_registration less of a
disaster.
2018-04-22 16:24:43 -07:00
Tim Abbott 64023fc563 auth: Fix incorrect use of get_realm_from_request.
The code in maybe_send_to_registration incorrectly used the
`get_realm_from_request` function to fetch the subdomain.  This usage
was incorrect in a way that should have been irrelevant, because that
function only differs if there's a logged-in user, and in this code
path, a user is never logged in (it's the code path for logged-out
users trying to sign up).

This this bug could confuse unit tests that might run with a logged-in
client session.  This made it possible for several of our GitHub auth
tests to have a totally invalid subdomain value (the root domain).

Fixing that bug in the tests, in turn, let us delete a code path in
the GitHub auth backend logic in `backends.py` that is impossible in
production, and had just been left around for these broken tests.
2018-04-22 16:24:43 -07:00
Tim Abbott 00c9f45821 auth: Remove dead invalid_subdomain code path.
This code path has actually been dead for a while (since
`invalid_subdomain` gets set to True only when `user_profile` is
`None`).  We might want to re-introduce it later, but for now, we
eliminate it and the artificial test that provided it with test
coverage.
2018-04-22 14:44:06 -07:00
Tim Abbott 6df821a40f tests: Replace messy direct test of login_or_register_remote_user.
This code path is much more naturally tested with the existing
end-to-end test for the function that we have for the RemoteUser auth
backend.
2018-04-22 14:44:06 -07:00
Shubham Dhama 26d2ffa821 populate_db: Add new user of "guest" type.
The purpose of this user is to act as a guest.
(This is a preliminary step in adding the guest type of user
and is a part of #8385.)
2018-04-20 16:20:00 -07:00
Roman Godov d99758129e subs: Notify organization admins when private streams are renamed.
This commit sends the event for renaming of a private stream to
organization admins of the realm, in addition to the obvious list of
subscribers of the private stream.

Normally, admins can manage a private stream (e.g. unsubscribing a
user).  But when the admin tried to unsubscribes a user from a
previously renamed stream, we previously were throwing a JS error, as
the webapp hadn't been notified about the new stream name.

Fixes #9034.
2018-04-19 22:00:18 -07:00
Preston Hansen e168f9938c tests: Refactor use of test and webhook data fixtures. 2018-04-19 21:50:29 -07:00
Preston Hansen 76d6c71595 tests: Move zerver/fixtures to zerver/tests/fixtures for clarity.
Fixes #9153.
2018-04-19 21:50:17 -07:00
Umair Khan 0420b89468 profile: Add hint attribute to custom profile fields.
This is the model for #8876.
2018-04-19 11:32:35 -07:00
Tim Abbott aa4b067e68 avatars: Fix 500 with the /avatar/ URL to be a 404.
Apparently, we had a somewhat sloppy regular expression for the URL
for this endpoint.
2018-04-18 12:43:57 -07:00
Tim Abbott 1410a1e460 slack import: Remove unnecessary zerver_realm_skeleton.json.
This was stored as a fixture file under zerver/fixtures, which caused
problems, since we don't show that directory under production (as its
part of the test system).

The simplest emergency fix here would be to just move the file, but
when looking at it, it's clear that we don't need or want a fixture
file here; we want a Python object, so we just do that.

A valuable follow-up improvement to this block would be to create an
actual new Realm object (not saved to the database), and dump it the
same code we use in the export tool; that should handle the vast
majority of these correctly.

Fixes #9123.
2018-04-18 10:33:53 -07:00
Vishnu Ks cc93ac34a8 coverage: Add coverage to estimate_recent_messages.
With this message.py is fully covered and can be
removed from not_yet_fully_covered in test-backend.
2018-04-17 11:01:20 -07:00
Tim Abbott e2f8bc9eac /api: Fix tests for /api homepage. 2018-04-16 16:13:20 -07:00
Nikhil Kumar Mishra 91412e5843 test_upload: Add test for `get_realm_for_filename`. 2018-04-16 11:52:44 -07:00
Nikhil Kumar Mishra c96dc1652e test_upload: Add tests for `resize_emoji`. 2018-04-16 11:52:44 -07:00
Ben Reeves fdfbd45208 soft_deactivation: Change `<` to `<=` in add_missing_messages.
We should still short-circuit the iteration in
`add_missing_messages` if the unsubscription was the last
thing to happen to the user before unsubscription and
soft deactivation.
2018-04-16 11:28:08 -07:00
Alyssa Wagenmaker d4e5777296 tests: Test user unsubscribing before soft deactivation.
Brings lib/soft_deactivation.py up to 100% test coverage.

Improves: #7089.
2018-04-16 11:28:08 -07:00
Rhea Parekh 7c0c3930a8 slack importer: Thread avatar downloads. 2018-04-15 19:53:01 +05:30
Tim Abbott 5ddf2614f0 uploads: Add new way of querying for mobile uploads endpoint.
This extends the /user_uploads API endpoint to support passing the
authentication credentials via the URL, not the HTTP_AUTHORIZATION
headers.  This is an important workaround for the fact that React
Native's Webview system doesn't support setting HTTP_AUTHORIZATION;
the app will be responsible for rewriting URLs for uploaded files
directly to add this parameter.
2018-04-13 17:51:45 -07:00
Rohitt Vashishtha 9e7929417d markdown: Increase rendered_content length limit.
This commit increases the rendered_content limit from 2x to 10x of the
original message length.

Earlier, we had placed a limit of MAX_MESSAGE_LENGTH * 2 for the
rendered content (explained in commit
77addc5456).  That limit was based on
the assumption that in most cases, the rendered content wouldn't cause
a large increase in message length. However, quite prominently in
syntax highlighted codeblocks, that wasn't true and this caused the
limit condition to be hit for long messages composed primarily of code
blocks.

Example: The following message would render close to 10x it's original size.

```py
if:
def:
print("x", var)
x = y
```

Because the syntax highlighted logic is extremely compressible, having
rendered_content reach up to 100KB doesn't create a network
performance problem.
2018-04-13 08:39:51 -07:00
Aditya Bansal 6c1a50da76 csp_reports: Add endpoint to handle logging of reports sent by clients. 2018-04-11 23:01:13 +05:30
Vishwesh Jainkuniya 383c62fb03 dev_login: Identify each user's realm when listing them.
This is a mobile-specific endpoint used for logging into a dev server.
On mobile without this realm_uri it's impossible to send a login request
to the corresponding realm on the dev server and proceed further; we can
only guess, which doesn't work for using multiple realms.

Also rename the endpoint to reflect the additional data.

Testing Plan:
Sent a request to the endpoint, and inspected the result.

[greg: renamed function to match, squashed renames with data change,
 and adjusted commit message.]
2018-04-10 17:03:36 -07:00
Rhea Parekh f7398cbb09 slack import: Implement custom profile fields.
Add custom profile fields in the slack converted
data 'realm' file.
Added tests for the custom profile fields.

Fixes #8928
2018-04-10 13:28:53 -07:00
Rhea Parekh 852e8516b4 slack import: Add custom profile fields.
Build CustomProfileField and CustomProfileFieldValue
for every user and process the field type after getting an
entire list of the custom fields.
2018-04-10 13:28:53 -07:00
Shubham Dhama b650b6b38c markdown: Add @stream as an alias for @all.
Fixes: #8930.
2018-04-09 16:35:14 -07:00
rht 7a8655cc50 Slack importer: Add test for Slack channel mention to Zulip stream mention. 2018-04-09 10:47:39 -07:00
Vishnu Ks e92838a31f registration: Catch email validation error and show error message. 2018-04-06 15:18:32 -07:00
Rhea Parekh 2baa9bc16e Import: Add subdomain in the import script.
Also remove user input of subdomain in the slack data
conversion script.
2018-04-06 09:12:56 -07:00
Tim Abbott b0b134cb4c help: Clean up settings_html and subscriptions_html.
After some thinking, I don't think there's any actual value to doing
the ../ style relative links here, whereas there is actual harm from
the links being slightly broken in the current model.  We fix this by
just using /#settings as the URL.

Fixes #8978.
2018-04-05 14:48:26 -07:00
Steve Howell 36844418e9 bug fix: Respect include_history for certain queries.
For certain queries where both include_history and
use_first_unread_anchor are set to True, we were excluding
historical rows.  Now we only use the use_first_unread_anchor
flag to filter rows that we use to find the anchor, without
having it filter the actual search results.

The bug went unreported for a long time, because it only
affected mobile users who had newly subscribed to streams.

Note that we make a small change to the test called
test_use_first_unread_anchor_with_muted_topics, which has
a very scary comment about being "arcane" and "be
absolutely sure you know what you're doing."  I think it's
fine.

Also, the new test code would fail before this fix, so it
should help prevent future regressions.

Fixes #8958
2018-04-05 17:16:41 -04:00
Steve Howell b64117d872 refactor: Build query in find_first_unread_anchor().
This is a bit more than a pure refactor, because we duplicate a
chunk of code to calculate a query inside of
find_first_unread_anchor(), so we're doing a bit more work
than before.

We need this refactoring to start decoupling find_first_unread_anchor
from get_messages_backend for the case where include_history is
True.  This will happen in a subsequent commit.

The only test that changes here is a direct test on
find_first_unread_anchor().  All other tests pass without
modification, and we have decent coverage on get_messages_backend.
2018-04-05 17:16:41 -04:00
Tim Abbott d7658bbec5 test_docs: Add an end-to-end test for HTML settings links.
This would have caught the issue fixed in the last few commits.
2018-04-05 12:22:41 -07:00
Tim Abbott 98889608a2 help: Fix structure of markdown context logic.
Refactoring in this file had resulted in the logic for
html_settings_link being duplicated and extra logic being needed to
ensure these variables were set where they were needed.

This fixes subscriptions_html not being rendered properly in the /help
and /api pages, in addition to removing duplicate code.
2018-04-05 12:22:41 -07:00
Nikhil Kumar Mishra 2cf32bda12 embed link: Add test for link_embed_data_from_cache. 2018-04-05 10:48:40 -07:00
Steve Howell a0aa8d4b11 Add test for find_first_unread_anchor(). 2018-04-05 09:55:54 -07:00
Tim Abbott c06565d909 users: Improve testing for user_ids_to_users. 2018-04-04 16:31:30 -07:00
Tim Abbott 53e47e6991 messages: Modify access_message for is_history_public_to_subscribers.
This completes the Message side of #2745.
2018-04-04 16:18:47 -07:00
Tim Abbott bec71d7a50 messages: Add a server-level setting to control private stream history.
We don't indend for this server-level setting to exist in the long
term; the purpose of this is just to make it easy to test this code
path for development purposes.

This implements much of the Message side part of #2745.
2018-04-04 16:18:46 -07:00
Tim Abbott 5e82d750c5 get_messages: Refactor ok_to_include_history to accept a UserProfile.
If we make history accessible to some stream subscribers of private
streams, we'll need the UserProfile to be available here.
2018-04-04 15:06:53 -07:00
novokrest a613f3c0a1 get_owned_bot_dicts: Optimize admin's bot dicts loading from database.
Implement few optimizations for reading admin's bot dicts from database
for a constants number of requests:
- add models.get_user_profiles_by_ids() for reading bots profiles
  by single query from database
- add models.get_services_for_bots() for reading services for bots
  by single query from database
- add bot_config.get_bot_configs() for reading config data for bots
  by single query from database

Fixes #8838
2018-04-03 09:10:32 -07:00
Tim Abbott 758d7b9146 bots: Clean up editing bots impacting non-bot users.
This fixes a bug where the endpoint for editing bot users would allow
an organization administrator to edit the full name of a bot user.

A combination of this an another recently fixed bug made it possible
for this process to set a `bot_owner` for a non-bot user; so we also
include a migration to fix that for any users that might have had our
model invariants corrupted in that way.
2018-04-02 18:58:26 -07:00
Tim Abbott 938c4cee08 settings: Add option to control Jitsi video chat integration.
Fixes #8922.
2018-04-02 16:55:16 -07:00
Greg Price e792fc6c07 spelling: Correctly write "cannot".
None of these errors were user-facing; mainly in comments, plus
one bit of internal docs and a developer tool.
2018-04-02 15:36:31 -07:00
Tim Abbott 7d4234b167 bugdown: Only open #narrow hash links inside the app. 2018-04-02 10:34:48 -07:00
Umair Khan 1d4b74482c check_short_string: Change max_length to 50. 2018-04-02 09:51:09 -07:00
Umair Khan c30a282dd9 profile: Remove integer and float fields. 2018-04-02 09:46:21 -07:00
Rhea Parekh 1bba6cc4ce slack importer: Support custom emoji reactions. 2018-04-01 23:24:35 -07:00
Rhea Parekh c650b8fa3e slack importer: Add zerver_realmemoji. 2018-04-01 23:24:35 -07:00
Rhea Parekh b133d175a7 slack importer: Change 'get_user_data' function implementation.
Change 'get_user_data' function to a more general function
to get data from the slack api using legacy tokens.

Also, change the error handling as upon invalid token,
the response is 200, but the response has an error
field in it.

For eg. Go to the following link with invalid token:
https://slack.com/api/emoji.list?token=xoxp-249056023425
2018-04-01 23:24:35 -07:00
Rhea Parekh 220ad6a386 slack importer: Map standard reactions.
As mentioned in
https://get.slack.help/hc/en-us/articles/202931348-Use-emoji-and-emoticons,
slack supports the standard emoji codes
(https://www.webpagefx.com/tools/emoji-cheat-sheet/)
and majority of them are already supported in Zulip.
2018-04-01 23:24:35 -07:00
Rhea Parekh 8a028142d8 slack importer: Remove id allocation function and its implementation.
Remove allocation ID function from slack import script. All the IDs
count will start from 0. Hence the ID List returned
by the allocation function is of no use, and we remove its implementation.
(example: get_total_messages_and_attachments function is of no use anymore,
hence we remove it)
2018-04-01 23:10:55 -07:00
Rhea Parekh d147bd25d0 import script: Change file path of the upload in the import script.
In importing avatars, we use the implementation where the 'avatar_path'
is seperately calculated using realm and user ID and then the content
of the path provided in the avatar's 'records.json' are copied to this
'avatar_path'.

Similary, here for the uploads, 's3_file_name' is seperately calculated
using the realm ID and uploaded file name and then the content of the
path provided in upload's 'records.json' are copied to this 's3_file_name'.
2018-04-01 23:04:14 -07:00
Shubham Padia 10115491a3 real-time sync: Server sends recipent data with delete_message event.
Fixes #8853.
In certain cases, the browser is not able to look up the message.
Include the recipient data for the message in the delete_message event,
so look up of those attributes by the browser isn't required.
2018-04-01 22:19:08 -07:00
Anurag Sharma 1227857de6 hotkeys: Replace C with x for composing PM.
Pressing the 'x' key can now be used to compose a PM.
Pressing the 'C' key displays a modal that shows a deprecation notice.

Fixes #6548.
2018-04-01 16:13:05 -07:00
Shubham Dhama b7aae89029 org settings: Add realm level default time format setting. 2018-03-31 16:23:26 -07:00
Tim Abbott 072bd306ce tests: Add another test for the can_admin_user code path.
This is just a clear version of our validation of this part of Zulip's
security model.
2018-03-31 16:06:56 -07:00
Puneeth Chaganti 4ce8f2aaa2 upload: Rename upload_message_image to upload_message_file.
Tweaked by tabbott to also fix a Slack import comment.
2018-03-30 13:38:31 -07:00
Eeshan Garg f839d528d8 decorators: Log custom HTTP headers in webhook requests.
This aids in debugging because many of our Git-based integrations
use custom HTTP headers to indicate the type of event/payload.
2018-03-30 13:37:35 -07:00
Umair Khan 7885dd4408 profile: Send field types to client side. 2018-03-29 13:09:12 -07:00
Umair Khan f6fb88549f profile: Send operation in the event.
This allows us to show a useful message in the handler when the
event is received.
2018-03-29 13:09:11 -07:00
Tim Abbott 656f882a44 bots: Eliminate NEW_USER_BOT.
This bot was basically a duplicate of NOTIFICATION_BOT for some
specific corner cases, and didn't add much value.  It's better to just
eliminate it, which also removes some ugly corner cases around what
happens if the user account doesn't exist.
2018-03-29 12:01:21 -07:00
Rohitt Vashishtha 115b633551 markdown-tests: Allow ignoring certain fixtures while developing.
Usually, to debug a small change, you have to remove some tests from JSON
because of lack of support for comments in JSON. This commit allows to
ignore some tests by setting `"ignore" : true` in the bugdown fixtures.

Also, since this is only for while developing, the complete test suite will
throw an error if we leave an 'ignored' test in a commit.
2018-03-28 17:35:47 -07:00
Steve Howell 431ede77c6 minor: Clean up how we set flags in events.
This is basically a simple fix, where we consistently set
`flags` to an empty array when we pass it around.  The history
here is that we had kind of a nasty bug from setting it to
`None`, which only showed up in the somewhat obscure circumstance
of somebody subscribing to all stream events in our API.

Fixes #7921
2018-03-28 15:56:03 -07:00
neiljp (Neil Pilgrim) 090b47ed19 mypy: Add explicit Optional for default=None parameters in various files. 2018-03-28 12:31:51 -07:00
Tim Abbott c94deff920 mypy: Remove some now-unnecessary type: ignores. 2018-03-28 10:39:05 -07:00
Rohitt Vashishtha 3c96b04763 emoji: Add translate_emoticons flag in bugdown testcases.
Also switches the default behaviour of the code to not translate the
emoticons. Earlier, the code was testing-aware, and used to translate
when there was no user profile data available(assuming that as a testing
environment).
2018-03-27 17:16:55 -07:00
Tim Abbott 5404edaf03 tests: Verify database queries for realm administrators.
This number is way too high, because of a recent regression.  Adding a
test here lets us prevent similar regressions in the future and
provides an easy way to be sure if we've fixed the issue.
2018-03-27 11:56:13 -07:00
Steve Howell 4f05cefb32 Remove obsolete code for stream subscribe buttons.
In 18e43895ff we replaced
stream subscribe buttons with stream links.  The new feature
has been well tested and well received for over a year now,
so it's safe to remove the older feature at this point.

Older sites will have super old messages that still have the
rendered markup; this commit does not attempt to address those
situations.  Most likely, clicking on an old button in the old
message will either do nothing or look like a message reply.
2018-03-24 12:31:36 -04:00
Aayush Agrawal d32d7a9b4d test_logging_handlers: Mock out `git describe` because can be slow.
This cuts out about 11 calls to `git describe`.  In a nice fast LXC
container following our instructions for development on a Linux host,
this might save "only" about 1.5s; in a dev environment on a Windows
host, the savings have been clocked at 49s, presumably due to an
extremely slow filesystem in the VM.

The tests weren't doing much with this codepath as they were, and
there isn't a lot of value to be gained by testing it anyway; it's
totally non-critical and rarely changes.

[Commit message rewritten by greg.]
2018-03-23 18:24:51 -07:00
Tarun Kumar 86eaa553a6 user-groups: Add backend enforcing for new modification settings.
Add function in user-groups.py for getting member ids
for a group.
Update view to enforce checks for modifying user-groups.
Only admins and user group members can modify user-groups.
2018-03-23 14:44:47 -07:00
Greg Price b42a7b1701 digest: Add a server setting, and disable by default.
This feature isn't really ready yet -- the relevance isn't good, so
the emails aren't a great experience.  More work needed; pending that,
just don't send them.

There's already a per-realm setting, which doesn't have a control in
the org settings UI but does suppress it in the per-user settings UI.
Piggyback on that to suppress that UI control when the feature is
disabled at the server level too.

Also cut a comment that hasn't really made sense since the logic was
changed months ago -- the comment originally explained why we sent
digests on Tuesday, Wednesday, and Thursday, and doesn't correspond to
why we dialled back to weekly on Tuesdays.
2018-03-23 14:12:01 -07:00
Greg Price 42a641421f digest: Split out tests into their own file.
The digest emails have little in common with the email mirror, beyond
that they both involve email.  Give their tests their own file, with a
corresponding name, so it's easy to find this code's tests.
2018-03-23 14:12:01 -07:00
Sarah 91197fa4f1 org settings: Add logic for applying allow_community_topic_editing.
Applies the logic to allow community members to edit topics
of others' messages if this setting is True. Otherwise,
only administrators can update the topic of others' messages.

This logic includes a 24-hour time limit for community topic editing.
2018-03-22 16:13:36 -07:00
Sarah f5c2fb8438 org settings: Create backend api for allow_community_topic_editing.
Adds the code for updating the allow_community_topic_editing
setting.
2018-03-22 16:02:27 -07:00
Jack Weatherilt 8535625341 parse_user_agent: Assert user agent is not None.
This commit asserts that parse_user_agent never returns None. The
RegEx will match any string, so that `match` is never None. This
brings test coverage of lib/user_agent.py to 100%. Changes were also
made in test/test_decorators.py and views/compatibility.py to reflect
that parse_user_agent cannot return None.

Improves: #7089.
Fixes: #8779.
2018-03-22 14:29:29 -07:00
Greg Price fe0f1edddb settings: Fix double negative in LOGGING_NOT_DISABLED.
Saying "not disabled" just makes it more work to read than it needs to
be -- instead say ENABLED.
2018-03-21 18:03:05 -07:00
Jack Weatherilt d857f26cd3 refactoring: Remove unused assignment on ensure_stream.
There were two instances of `ensure_stream` being called and assigned to
a variable with the variable not being used elsewhere. pyflakes picked
up on this (where it didn't in the previous version likely due to tuple
unpacking), so the the variable assignment has been replaced with a call
to `ensure_stream`.
2018-03-21 16:47:52 -07:00
Jack Weatherilt 3396cfc2ef refactoring: Replaced occurences of create_stream_if_needed.
Issue #2088 asked for a wrapper to be created for
`create_stream_if_needed` (called `ensure_stream`) for the 25 times that
`create_stream_if_needed` is called and ignores whether the stream was
created. This commit replaces relevant occurences of
`create_stream_if_needed` with `ensure_stream`, including imports.

The changes weren't significant enough to add any tests or do any
additional manual testing.

The refactoring intended to make the API easier to use in most cases.
The majority of uses of `create_stream_if_needed` ignored the second
parameter.

Fixes: #2088.
2018-03-21 16:47:36 -07:00
YJDave 6f1955a78a zerver/tests/test_events: Fix `test_custom_profile_fields_events` tests. 2018-03-21 16:05:31 -07:00
YJDave 6ac687790c populate_db: Remove the `test_suite` check for custom profile fields.
To ensure that we have some basic data for custom profile settings,
in the `populate_db` data set, remove `options['test_suite']` check
for adding intial custom profile data.
2018-03-21 16:05:31 -07:00
Aditya Bansal 2a2df0ef5e auth: Make redirects to next work for REMOTE_USER based Apache SSO.
It's possible that this won't work with some versions of the
third-party backend, but tabbott has tested carefully that it does
work correctly with the Apache basic auth backend in our test
environment.
2018-03-21 14:01:05 -07:00
Aditya Bansal b62bdde303 login_redirects: Make redirects to narrows from login page work. 2018-03-21 13:35:44 -07:00
Aditya Bansal 1e48dac8f3 auth.py: Make redirects to 'next' url work for google and github.
In this commit we start to support redirects to urls supplied as a
'next' param for the following two backends:
* GoogleOAuth2 based backend.
* GitHubAuthBackend.
2018-03-21 13:35:44 -07:00
Aditya Bansal 9a100b1f55 auth.py: Make redirects to 'next' url work for dev environment.
This makes these redirects work for the local authentication
backend.
2018-03-21 13:35:44 -07:00
Aditya Bansal 1d4e4d0411 test_auth_backends: Add next='' in data dicts for subdomain login tests. 2018-03-21 13:35:44 -07:00
Harshit Bansal 64372690f9 emoji: Fix the filtering condition in `check_emoji_admin()`.
This commit fixes an unreported bug which if hadn't been fixed would
have caused errors while deactivating realm emojis in some corner
cases.
2018-03-20 22:24:44 -07:00
Harshit Bansal a49655e0d4 emoji: Migrate realm emoji to be addressed by `id` rather than `name`.
This commit migrates realm emoji to be addressed by their `id` rather
than their name. This fixes a long standing issue which was causing
an error on uploading an emoji with same name as a deactivated realm
emoji.

Fixes: #6977.
2018-03-20 22:24:44 -07:00
Greg Price 3b3154527f queue: Don't blow up when a connection closes quickly. 2018-03-20 16:49:05 -07:00
Nikhil Kumar Mishra f29a1918f3 hotspots: Add ALWAYS_SEND_ALL_HOTSPOTS in dev_settings.
Replace the local variable SEND_ALL from get_next_hotspots.
Add unit test for the same.
2018-03-19 10:39:43 -07:00
Nikhil Kumar Mishra a5472ddee7 initial_password: Add unit test for INITIAL_PASSWORD_SALT = None. 2018-03-19 10:36:26 -07:00
Nikhil Kumar Mishra 9e17692d94 markdown: Add unit test for render_tex.
Test for invalid path of Katex.
2018-03-19 10:36:26 -07:00
Nikhil Kumar Mishra 1579f8cb4b messages: Add unit test for get_raw_unread_data.
Add test with 2 messages to the same group PM thread.
2018-03-19 10:36:26 -07:00
Nikhil Kumar Mishra 70ccc30465 management command: Add unit test for MultipleObjectsReturned case.
Verify error on using get_user if server has multiple users with that email.
2018-03-18 22:50:03 -07:00
Eeshan Garg a4bdd5b98c tests: Add unit test for get_user_profile_by_email.
This lost test coverage once beeminder was migrated to use
check_send_webhook_message.
2018-03-18 10:44:09 -07:00
neiljp (Neil Pilgrim) e58534022e mypy: Re-annotate capture_and_throw in terms of ViewFuncT.
Requires addition of a type ignore.
2018-03-17 23:25:05 +00:00
Greg Price dc1eeef30a antispam: Make a setting for default Realm.max_invites.
This makes this value much easier for a server admin to change than it
was when embedded directly in the code.  (Note this entire mechanism
already only applies on a server open for anyone to create a realm.)

Doing this also means getting the default out of the database.
Instead, we make the column nullable, and when it's NULL in the
database, treat that as whatever the current default is.  This better
matches anyway the likely model where there are a few realms with
specially-set values, and everything else should be treated uniformly.

The migration contains a `RenameField` step, which sounds scary
operationally -- but it really does mean just the *field*, in
the model within the Python code.  The underlying column's name
doesn't change.
2018-03-16 18:00:11 -07:00
Tim Abbott 209c813424 decorator: Improve error message for a deactivated organization. 2018-03-16 16:59:02 -07:00
Tim Abbott 0e5c954393 users: Fix error string for disposable email addresses.
This should not use the term "realm", and doesn't need to name the
organization, either.
2018-03-16 16:59:01 -07:00
Tim Abbott 149f3efe5a realm: Clean up use of "Realm" in more user-facing strings.
We should be talking about organization names.
2018-03-16 16:59:01 -07:00
Tim Abbott c147d2e140 notifications: Fix missed-message emails for presence-idle users.
This fixes an unpleasant regression in
f5edeb01ae, where we stopped correctly
filtering users who have an open browser session that's idle.  These
users are tagged as "UserPresence.IDLE" with an current timestamp in
the database, and should be treated as idle for presence purposes.

As a result, if you had an open Zulip browser session, you incorrectly
wouldn't get missed-message emails for PMs and mentions before this fix.
2018-03-16 16:30:23 -07:00
Shubham Dhama 610f2cbacf notification email: Send followup_day2 email two days later.
This changes the followup_day2 emails delay from one day later to two days
later if it is getting delivered on any working days(i.e. Mon - Fri).
For Thursday it is compromised to next day as it would be too late to
postponed to Monday and for Friday it should be Monday.
At last actually, emails should send one hour before the above calculated so
that user can catch them when they are dealing with these kinds of stuff.
Fixes: #7078.
2018-03-16 13:35:57 -07:00
neiljp (Neil Pilgrim) 5f7f2d6e76 mypy: Remove type: ignore from check_url test, as is now true Validator. 2018-03-16 13:30:32 -07:00