Commit Graph

45160 Commits

Author SHA1 Message Date
Aman Agrawal 9d0dded959 composebox_typeahead: Don't propagate after handling tab.
After we set focus manually to the send button, `tab` propagation
should be stopped.
2021-11-22 18:29:45 -08:00
Julia Bichler 32f206e1e5 popovers: Add sidebar menu to delete all drafts.
This provides a convenient interface to hide all drafts.

Fixes #19360.

However, we may want to continue to implement a button in the drafts
overlay as well for doing this operation.
2021-11-22 17:01:47 -08:00
Johan Ehinger 4207f0a299 settings: Add UI setting option for controlling invite expiration time.
Add a UI for controlling invititation expiration time, supported
options are 1 day, 3 days, 10 days and 30 days.

Fixes #19680.
2021-11-22 16:40:14 -08:00
Tim Abbott a7898ed305 stream_data: Rename id_is_subscribed to is_subscribed. 2021-11-22 15:44:30 -08:00
Tim Abbott 53d9797044 stream_data: Rename is_subscribed to is_subscribed_by_name.
Generally the stream_data module aims to do lookup by ID, not name,
wherever possible, so we should represent that in the function names.
2021-11-22 15:44:30 -08:00
Tim Abbott 043d83b434 unread: Lookup subscription status by ID.
We prefer to use IDs, not stream names, to do lookups wherever both
are available.
2021-11-22 15:39:58 -08:00
Tim Abbott 3f4d66109b stream_data: Rename get_invite_only helper method.
Since this library is intended to primarily work by user ID, we want
to name all methods that do lookups by stream name explicitly.
2021-11-22 15:32:14 -08:00
Aman Agrawal d9338a68d1 compose: Show globe icon for web public streams.
Fixes #20285.
2021-11-22 15:31:22 -08:00
Aman Agrawal a7b2c7f7ea recipient_row: Show globe icon for web public streams. 2021-11-22 15:26:21 -08:00
Aman Agrawal e8ec42bf8a stream_bar: Rename update_lock_icon_for_stream. 2021-11-22 15:26:21 -08:00
Aman Agrawal 4e5e1a2542 recipient_row: Generalize class name for icon in recipient_row. 2021-11-22 15:26:21 -08:00
Aman Agrawal 883732a1d1 portico: Remove unused `moving-label` class.
This class is no longer used in these input fields.
2021-11-22 15:02:00 -08:00
Aman Agrawal a39d9ee4fd portico: Center align moving label text in input. 2021-11-22 15:02:00 -08:00
Ganesh Pawar 291aaf373f modal: Add support for modal event handlers. 2021-11-22 15:00:38 -08:00
Ganesh Pawar 8908ea99ec modal: Add support for linking the submit button to a form element. 2021-11-22 15:00:38 -08:00
Sahil Batra eef9dd963b zcommand: Replace "mode" with "theme" in the returned message.
This commit replaces "dark mode" and "light mode" with "dark theme"
and "light theme" in the message returned and shown in a little
popup in the UI, when color scheme settings are changed through
slash commands.
2021-11-22 14:59:16 -08:00
Sahil Batra 1cdc7306c6 slash: Change description of /light command in typeahead. 2021-11-22 14:59:16 -08:00
Lauryn Menard fee7b10db4 api_documentation: Fix `/update-subscription-settings` api doc.
Adds `wildcard_mentions_notify` as a property that can be updated
by the endpoint and removes mention of potential `null` value in
the return object because it is not possible.

Also cleans up the documentation of `in_home_view` legacy property
and updates the return object description to better reflect what
is actually returned.
2021-11-22 11:50:27 -08:00
Mateusz Mandera 8af7ffd9da rate_limit: Fix logging string when rate limiting email gateway.
realm.name is not the right "name" to log, we should use realm.subdomain
like everywhere else.
2021-11-22 10:28:56 -08:00
Aman Agrawal 2c4af0e111 integration: Fix overflowing display name on open collective page.
Removed extra text to stop display name from flowing out of logo
container.
2021-11-21 21:05:06 -08:00
Aman Agrawal 334f046842 events: Don't send data related to custom profile field to spectator.
Since spectators can't access personal profile settings and
can't view profile for other users. Hence, we don't send realm
custom profile field data and user's profile data to spectators.

Fixes #20301.
2021-11-20 21:01:38 -08:00
YashRE42 717c4ae603 refactor: Remove duplication from reactions.add_clean_reaction.
In commit 3d86267041 we add logic to
`/shared/emoji.js` which duplicated some of the logic in this
function. Since this isn't desirable, we remove the duplicate logic
here and instead just call `emoji.get_emoji_details_for_rendering`.
2021-11-20 20:57:54 -08:00
YashRE42 71a4985ebc refactor: Remove duplication from reactions.view.insert_new_reaction.
In commit 3d86267041 we add logic to
`/shared/emoji.js` which duplicated some of the logic in this
function. Since this isn't desirable, we remove the duplicate logic
here and instead just call `emoji.get_emoji_details_for_rendering`.
2021-11-20 20:57:54 -08:00
YashRE42 bfc705be8f reactions_tests: Remove misleading emoji_params.realm_emoji.zulip obj.
Previously, this test file had an object that encouraged one to
believe that it is defining a realm_emoji with the name, id = "zulip"
and a custom source url, but this is false.
The "zulip" emoji is a special case that's added to our data
structures by the `/shared/emoji.js` code.
Notice how the test never asserts that the returned url is equal to
the source_url defined, it just asserts that the source url is equal
to "/static/generated/emoji/images/emoji/unicode/zulip.png" (which is
the value defined in `/share/emoji.js`).

Hence, we remove this object and replace any references to it with the
values defined in `/shared/emoji.js`.
2021-11-20 20:57:54 -08:00
YashRE42 263a79738f user_status: Fix status emoji handling of deactivated custom emoji.
Previously, if a user had a realm emoji set as their status emoji and
someone deleted the realm emoji, the app would fail to initialize,
because of the error we throw from `./shared/js/emoji.js`.

This commit fixes this by just displaying the deactivated emoji,
similar to how we do when realm_emoji used as reactions are deleted.

As part of the fix, we add a function get_emoji_details_for_rendering,
which duplicates some of the logic used in `reactions.js`, we can
refactor to remove the duplication in `reactions.js` in future
commits.

Note that the following behaviour is a part of our design:
If a user sets their emoji to a particular realm emoji, say for
example "octo-ninja", and "octo-ninja" was then deleted, and a new
emoji was added with the name "octo-ninja", the user's status emoji
would change to show the new emoji instead of the deleted emoji.

Also note that in the `user_status.js` node test, we were able to
change the name for the 991 realm_emoji because it had not been
previously used anywhere in the test (possibly added as just a copy
paste artifact?).

Fixes: #20274.

emoji: Use reaction_type parameter to analyze emoji.
2021-11-20 20:57:54 -08:00
YashRE42 85a566aa80 emoji: Add code comment complaining about "zulip" emoji special case. 2021-11-20 20:57:54 -08:00
Alex Vandiver 3455fc137a upgrade-postgresql: Check for extension upgrade steps. 2021-11-20 07:13:50 -08:00
Alex Vandiver 73055255bb ci: Test pgroonga installation. 2021-11-20 07:13:50 -08:00
Alex Vandiver 86cf3be39f puppet: Fix pgroonga init for custom database names and users. 2021-11-20 07:13:50 -08:00
Alya Abbott 3d31bd79be
settings: Rename "public export" to "export of public data". 2021-11-19 17:36:29 -08:00
Alya Abbott 9b63f6eb5d
user docs: Add documentation page for web public streams.
As noted in the /help/ docs, this feature isn't fully implemented yet.
However, it's useful to merge this documentation, which explains how the
feature will work, to help make sure we've thought through all the details
around how this feature should work and be presented to users as we 
plan to final changes to implement it.

This commit does not edit other help pages to reflect the existence of
web public streams.

Co-authored-by: Tim Abbott <tabbott@zulip.com>
2021-11-19 16:10:59 -08:00
Alex Vandiver c514feaa22 puppet: Default go-camo to listening on localhost for standalone deploys.
The default in the previous commit, inherited from camo, was to bind
to 0.0.0.0:9292.  In standalone deployments, camo is deployed on the
same host as the nginx reverse proxy, and as such there is no need to
open it up to other IPs.

Make `zulip::camo` take an optional parameter, which allows overriding
it in puppet, but skips a `zulip.conf` setting for it, since it is
unlikely to be adjust by most users.
2021-11-19 15:58:26 -08:00
Alex Vandiver b982222e03 camo: Replace with go-camo implementation.
The upstream of the `camo` repository[1] has been unmaintained for
several years, and is now archived by the owner.  Additionally, it has
a number of limitations:
 - It is installed as a sysinit service, which does not run under
   Docker
 - It does not prevent access to internal IPs, like 127.0.0.1
 - It does not respect standard `HTTP_proxy` environment variables,
   making it unable to use Smokescreen to prevent the prior flaw
 - It occasionally just crashes, and thus must have a cron job to
   restart it.

Swap camo out for the drop-in replacement go-camo[2], which has the
same external API, requiring not changes to Django code, but is more
maintained.  Additionally, it resolves all of the above complaints.

go-camo is not configured to use Smokescreen as a proxy, because its
own private-IP filtering prevents using a proxy which lies within that
IP space.  It is also unclear if the addition of Smokescreen would
provide any additional protection over the existing IP address
restrictions in go-camo.

go-camo has a subset of the security headers that our nginx reverse
proxy sets, and which camo set; provide the missing headers with `-H`
to ensure that go-camo, if exposed from behind some other non-nginx
load-balancer, still provides the necessary security headers.

Fixes #18351 by moving to supervisor.
Fixes zulip/docker-zulip#298 also by moving to supervisor.

[1] https://github.com/atmos/camo
[2] https://github.com/cactus/go-camo
2021-11-19 15:58:26 -08:00
Alex Vandiver c33562f0a8 puppet: Default to installing smokescreen on application frontends.
This is an additional security hardening step, to make Zulip default
to preventing SSRF attacks.  The overhead of running Smokescreen is
minimal, and there is no reason to force deployments to take
additional steps in order to secure themselves against SSRF attacks.

Deployments which already have a different external proxy configured
will not gain a local Smokescreen installation, and running without
Smokescreen is supported by explicitly unsetting the `host` or `port`
values in `/etc/zulip/zulip.conf`.
2021-11-19 15:29:28 -08:00
Alex Vandiver 44f1ea6bae puppet: Split smokescreen into a non-profile version.
In a subsequent commit, we intend to include it from
`zulip::app_frontend_base`, which is a layering violation if it only
exists in the form of a profile.
2021-11-19 15:29:28 -08:00
Alex Vandiver c2ed3c22b5 puppet: Remove unused smokescreen symlink. 2021-11-19 15:29:28 -08:00
Alex Vandiver 47e16a5d41 puppet: Tidy old smokescreen binaries. 2021-11-19 15:29:28 -08:00
Alex Vandiver 239ac8413e puppet: Embed golang version into binary path, to rebuild on new golang.
This will cause the output binary path to be sensitive to golang
version, causing it to be rebuilt on new golang, and an updated
supervisor config file written out, and thus supervisor also
restarted.
2021-11-19 15:29:28 -08:00
Alex Vandiver 216eeba2dd puppet: Factor out smokescreen binary path. 2021-11-19 15:29:28 -08:00
Alex Vandiver 3a7cef6582 puppet: Switch smokescreen to using zulip::external_dep, so it tidies. 2021-11-19 15:29:28 -08:00
Alex Vandiver ea08111d60 puppet: Move /srv/smokescreen-src to /srv/zulip-smokescreen-src.
As with the previous commit for `/srv/golang`, we have the custom of
namespacing things under `/srv` with `zulip-` to help ensure that we
play nice with anything else that happens to be on the host.
2021-11-19 15:29:28 -08:00
Anders Kaseorg c64e1adb19 puppet: Upgrade Smokescreen v0.0.2-59-gbfca45c to v0.0.2-63-gdc40301.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-11-19 15:29:28 -08:00
Alex Vandiver bb9d2df1ae puppet: Extract an external-tarball-dependency manifest. 2021-11-19 15:29:28 -08:00
Alex Vandiver 3c8d7e2598 puppet: Tidy old golang directories.
This relies on behavior which is only in Puppet 5.5.1 and above, which
means it must be skipped on Ubuntu 18.04.
2021-11-19 15:29:28 -08:00
Alex Vandiver 2fc4acdf81 puppet: Move /srv/golang to /srv/zulip-golang.
We have the custom of namespacing things under `/srv` with `zulip-`
to help ensure that we play nice with anything else that happens
to be on the host.
2021-11-19 15:29:28 -08:00
Alex Vandiver 00a4abb642 puppet: Switch dependency to the golang binary we need. 2021-11-19 15:29:28 -08:00
Alex Vandiver 2d5f813094 puppet: Stop making a /srv/golang symlink.
Nothing needs this extra directory.
2021-11-19 15:29:28 -08:00
Alex Vandiver 93af6c7f06 puppet: Factor out golang variables. 2021-11-19 15:29:28 -08:00
Alex Vandiver 21be36f15f puppet: Shorten golang version variable name. 2021-11-19 15:29:28 -08:00
Alex Vandiver 6b9e74adee puppet: Upgrade golang from 1.16.4 to 1.17.3. 2021-11-19 15:29:28 -08:00