Commit Graph

46518 Commits

Author SHA1 Message Date
Aman Agrawal e0aba4c639 recent_topics: Center align globe icon. 2022-03-01 21:00:36 -08:00
Austin Riba b22578f975 hash_util: Rename _uri functions to _url.
It's 2022 and the WHATWG no longer recognizes the term URI. Everything
is now a URL or a type of URL. Which is great because it's way less
confusing. Details here:
https://url.spec.whatwg.org/
2022-03-01 18:14:31 -08:00
Austin Riba b39d47995d hash_util: Move stream uri functions to shared.
Moves hash_util.by_stream_uri and hash_util.by_stream_topic_uri to
internal_url so they can be used by external codebases. Due to these
functions being called in many places in the web codebase, wrappers
for both functions are left in hash_util in order to keep these
calls simple.

Also adds test for explicitly testing each function.
2022-03-01 18:14:31 -08:00
Austin Riba 9f1c184311 hash_util: Move encode_stream_id to shared.
Move hash_util.encode_stream_id to internal_url, so it can be shared
with external codebases. Also add a test that explicitly tests escaping
special characters in stream names.
2022-03-01 18:14:31 -08:00
Austin Riba 403310a9e2 hash_util: Move stream_id_to_slug to shared.
Move stream_data.id_to_slug to internal_url, making it shareable. The
function has been renamed to stream_id_to_slug to reflect that it
operates on a stream id.
2022-03-01 18:14:31 -08:00
Austin Riba c0828f118b hash_util: Move enc/decodeHashComponent to shared.
Moves the encodeHashComponent and decodeHashComponent functions out of
hash_util and into internal_url which belongs to shared. This is to
accommodate sharing of this code with mobile or any other codebases that
do not wish to duplicate logic.
2022-03-01 18:14:31 -08:00
Austin Riba f6d9a0b5a4 hash_util: Pass up decoding exception.
In order to accommodate the sharing of hash_util with other codebases
including mobile, UI and web specific code should be removed. In this
commit, we remove exception handling for the decodeHashComponent
function and instead add the UI handling of it further up the call
stack.
2022-03-01 18:14:31 -08:00
Austin Riba 980fd2f976 streams: Fix malformed stream name slugs.
The stream_data.id_to_slug and stream_data.name_to_slug
functions mistakenly used Javascript's String.replace method,
this commit changes it to use String.replaceAll, the result
being slugs generated from streams with names greater than
2 words are now properly formatted.
2022-03-01 18:14:31 -08:00
Anders Kaseorg 8ed7dcf4c0 rendered_markdown: Appease zjquery.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-01 15:19:15 -08:00
Anders Kaseorg e24036565b node_tests: Adjust for other_sender_names rename.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-01 15:02:20 -08:00
Anders Kaseorg d22fca7a78 timerender: Fix object-shorthand ESLint error.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-01 14:37:48 -08:00
Anders Kaseorg e090027adc CVE-2022-23656: Fix cross-site scripting vulnerability in tooltips.
An attacker could maliciously craft a full name for their account and
send messages to a topic with several participants; a victim who then
opens an overflow tooltip including this full name on the recent
topics page could trigger execution of JavaScript code controlled by
the attacker.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-01 14:26:42 -08:00
Tim Abbott 05a17e5854 spectator: Use display: revert for only-visible-to-spectators.
Inherit uses the settings of the parent element; we actually want to
just undo the `display: none` we'd set for this CSS property, which is
what revert is for.
2022-03-01 11:55:24 -08:00
Tim Abbott 7cc553b75d spectators: Add divider before sidebar login/signup buttons.
This slightly improves the visuals of this component.
2022-03-01 11:51:46 -08:00
Tim Abbott c710d18ec5 spectators: Use display: inherit for only-visible-to-spectators.
The previous `display: unset` logic didn't work with dividers in the
gear menu. This new version should be correct -- what we want to do
here is just override the `display: none` default for this class, not
revert to the default browser styling for that element type.
2022-03-01 11:45:54 -08:00
Aman Agrawal 7e365f7ee3 icons: Replace fa-globe icon with a custom globe icon. 2022-03-01 11:36:38 -08:00
Anders Kaseorg de1fb2b8d0 check-database-compatibility: Ignore guardian, django.contrib.sites.
We can safely ignore the presence of the extra tables that could be
left behind in the database from when we had these installed (before
Zulip 1.7.0 and 2.0.0, respectively).

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-01 10:30:23 -08:00
yogesh sirsat 1a15d60de4 settings: Fix external account profile field initialization order.
In open_edit_form, we had an initialization order bug where we called
set_up_external_account_field_edit_form, which clears the field name
field if the external account is of the "custom" type, after
populating the initial values for edit form.

This resulted in these fields being displayed as empty in the UI for
this field type. Fix the issue by reordering the initialization.

Fixes: #21262.
2022-02-28 16:30:49 -08:00
Anders Kaseorg 3ba444096b Revert "docs: Temporarily disable parallel building."
This reverts commit b7561049b765946d612069b52330695e8489bc7f.

The bug it worked around was fixed with the previous commit’s
upgrade.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-28 16:28:31 -08:00
Anders Kaseorg 75c182cb2a requirements: Upgrade MyST-Parser.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-28 16:28:31 -08:00
Anders Kaseorg 75525f5b53 docs: Convert .html#fragment links to .md#fragment.
This uses the myst_heading_anchors option to automatically generate
header anchors and make Sphinx aware of them.  See
https://myst-parser.readthedocs.io/en/latest/syntax/optional.html#auto-generated-header-anchors.

Note: to be compatible with GitHub, MyST-Parser uses a slightly
different convention for .md fragment links than .html fragment links
when punctuation is involved.  This does not affect the generated
fragment links in the HTML output.

Fixes #13264.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-28 16:28:31 -08:00
Anders Kaseorg dacf136f21 docs: Temporarily disable parallel building.
Work around https://github.com/executablebooks/MyST-Parser/issues/411.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-28 16:28:31 -08:00
Anders Kaseorg 17574f3689 docs: Replace manual fragment with automatic heading fragment.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-28 16:28:31 -08:00
Jai soni cfa9d50901
docs: Fix a typo in GSoC project ideas. 2022-02-28 16:25:13 -08:00
Anders Kaseorg 503127c2e9 docs: Fix Git capitalization.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-28 16:04:35 -08:00
Anders Kaseorg f244c2eca4 Revert "drafts: Use simplebar for scrollbar."
This reverts commit f3964673e7.

It broke drafts_scroll by confusing jQuery object APIs with DOM
element APIs.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-28 15:26:47 -08:00
Julia Bichler f3964673e7 drafts: Use simplebar for scrollbar.
This was originally merged in #21082 in a different variation.
2022-02-28 15:06:19 -08:00
Sahil Batra 9f89d7e069 left_sidebar: Move "Recent topics" higher in the sidebar.
This should increase its visual priority in the UI. We plan to move
"Private messages" to a different component more similar to STREAMS
soon.

Fixes #20869.
2022-02-28 12:09:24 -08:00
Tim Abbott 98a05257ea scripts: Print names of missing migrations in compatibility check.
This will make it much easier to debug any situations where this
happens.
2022-02-28 11:09:52 -08:00
Tim Abbott cc5ac302ab docs: Add more metadata to GSoC project ideas and add ideas. 2022-02-25 22:05:01 -08:00
Tim Abbott 7ddefc68cc settings: render_alert_words_ui -> rerender_alert_words_ui.
Correctly specifying that this is a rerender function makes starting
with a `loaded` conditional make much more sense.
2022-02-25 17:33:11 -08:00
jai2201 d6c00521b3 settings: Clean up muted_topics/users rendering logic.
This commit removes the unnecessary `data-list-widget` attribute
present in the <div> and <tbody> tag for muted_topics and muted_users table.

It became unnecessary/useless in 19cf6d0e04 and
then was renamed while still useless.

Also uses the correct variable name `muted_topic` and `muted_user`
instead of `muted_topics` and `muted_users` to render a item of their list
in DOM through Listwidget.
2022-02-25 17:33:11 -08:00
jai2201 5e49ddf4e1 settings: Add sorting feature for list of alert words.
This changes the method of rendering list of alert words in DOM,
earlier it was rendered using 'for' loop over the array of alert_words
which is now changed to render using ListWidget, which gets a array
of objects from get_word_list() in alert_words.js.

The use of ListWidget helps to define a parent_container and $container
in table-body of alert-words-table using which we can now apply sorting over
alert words with the help of handle_sort() function in list_widget.js

Changed the method of adding alert_word_settings_item row in table body
through {{#with}} loop because of rendering through ListWidget, which was done
earlier using for loop over each alert-word in while rendering the list.

this commit also mocks template of render_alert_word_item
while mocking ListWidget.create() function in render_alert_words_ui().
and checks that ListWidget.create() is not called when variable `loaded`
is set as false.

Fixes #21142.
2022-02-25 17:33:11 -08:00
Aman Agrawal 27b985e868 recent_topics: Standardize format of last message time.
We follow how other apps present older messages, e.g. Gmail,
Facebook Messenger, etc. display it.

Specifically, the logic we use is:

If the time is <24hr ago, show an absolute time, like "21:30" (or "9:30pm").
Otherwise, show what day it was, and not a time
  If the day was yesterday, say "Yesterday".
  Otherwise, if it was <7 days ago, say the day of week, like "Friday".
  Otherwise, if it was <1 year ago, say the month and day, like "Sep 6".
  Otherwise, say the year, month, and day, like "Sep 9, 2020".

With some tweaks from Tim Abbott to better handle the future case.

Fixes #19775
2022-02-25 16:33:47 -08:00
Aman Agrawal c2a117c623 timerender_test: Directly use date object instead of timestamp.
Use date strings to next to variable names so that they are easy
to decipher.
2022-02-25 16:33:47 -08:00
Aman Agrawal 5ae178b39c recent_topics: Show loading indicator before fetching initial messages.
Hide the loading indicator after initial fetch for recent topics.
2022-02-25 16:29:43 -08:00
Aman Agrawal 98c2038718 recent_topics: Position empty topic text independent of columns.
This avoids a column width change after initial loading of
messages finishes and "No topics match your current filter"
text is displayed.
2022-02-25 16:29:43 -08:00
Alex Vandiver 62f4f3435f ci: Test upgrades from 4.10. 2022-02-25 16:28:33 -08:00
Aman Agrawal bab9e50581 scroll_to_bottom_button: Use unicode icon for right arrow. 2022-02-25 14:57:22 -08:00
Sahil Batra 75d54206e6 buddy_list: Remove user from buddy_list immediately on deactivation. 2022-02-25 14:55:44 -08:00
Sahil Batra dc478ee091 settings_users: Remove unused code from update_user_data.
Previously, update_user_data was called when deactivating
bots, but it was removed in 58b612a4f0.

Now, update_user_data is only called for 'type="realm", op="update"'
events, but these events are not sent when deactivating or
reactivating a user or bot, so this code is not used.
2022-02-25 14:55:44 -08:00
Sahil Batra 6a64e1c442 settings_users: Call update_view_on_deactivate from server_events_dispatch.
This commit changes the code to call update_view_on_deactivate function
from server_events_dispatch.js on receiving the user/bot remove event
instead of having it repeatedly in the success_continuation method
of click handlers.

We also add check to make sure we return early if the relevant settings
page is not opened yet.
2022-02-25 14:55:44 -08:00
Sahil Batra 9b7dcd11ae settings_users: Pass user_id instead of row to update_view_on_deactivate. 2022-02-25 14:55:44 -08:00
Anders Kaseorg 894a50b5c9 install: Support Ubuntu 22.04.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-25 14:49:07 -08:00
Anders Kaseorg f9997e311c generate-self-signed-cert: Remove RANDFILE.
This was not needed for OpenSSL ≥ 1.1.1 (all our supported platforms),
and breaks with OpenSSL ≥ 3.0.0 (Ubuntu 22.04).  It was removed from
the upstream configuration file too: https://bugs.debian.org/990228.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-25 14:49:07 -08:00
Anders Kaseorg f852af0709 upgrade-zulip-stage-2: Set default PostgreSQL version for Debian 11.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-25 14:49:07 -08:00
Alex Vandiver 2e435d2e9a version: Update version and changelog after 4.10 release. 2022-02-25 14:10:20 -08:00
Alex Vandiver 538287261d Revert "docs: Suggest running reindex-textual-data in the venv manually."
This reverts commit be7108ebca.
2022-02-25 14:04:27 -08:00
Mateusz Mandera 3c5ea830a9 create_preregistration_user: Add additional hardening assertion.
TestMaybeSendToRegistration needs tweaking here, because it wasn't
setting the subdomain for the dummy request, so
maybe_send_to_registration was actually running with realm=None, which
is not right for these tests.

Also, test_sso_only_when_preregistration_user_exists was creating
PreregistrationUser without setting the realm, which was also incorrect.
2022-02-25 14:02:24 -08:00
Mateusz Mandera 7b795b6338 registration: Change create_preregistration_user to take realm as arg.
create_preregistration_user is a footgun, because it takes the realm
from the request. The calling code is supposed to validate that
registration for the realm is allowed
first, but can sometimes do that on "realm" taken from something else
than the request - and later on calls create_preregistration_user, thus
leading to prereg user creation on unvalidated request.realm.

It's safer, and makes more sense, for this function to take the intended
realm as argument, instead of taking the entire request. It follows that
the same should be done for prepare_activation_url.
2022-02-25 14:02:24 -08:00