Commit Graph

4528 Commits

Author SHA1 Message Date
Aman Agrawal 3423797efa compose: Remove drafts link.
Since we have the drafts button in top left corner and we need space
to insert formatting buttons in the bottom of compose box; removing
drafts link makes sense.
2021-11-22 18:29:45 -08:00
Aman Agrawal 9d0dded959 composebox_typeahead: Don't propagate after handling tab.
After we set focus manually to the send button, `tab` propagation
should be stopped.
2021-11-22 18:29:45 -08:00
Julia Bichler 32f206e1e5 popovers: Add sidebar menu to delete all drafts.
This provides a convenient interface to hide all drafts.

Fixes #19360.

However, we may want to continue to implement a button in the drafts
overlay as well for doing this operation.
2021-11-22 17:01:47 -08:00
Tim Abbott a7898ed305 stream_data: Rename id_is_subscribed to is_subscribed. 2021-11-22 15:44:30 -08:00
Tim Abbott 53d9797044 stream_data: Rename is_subscribed to is_subscribed_by_name.
Generally the stream_data module aims to do lookup by ID, not name,
wherever possible, so we should represent that in the function names.
2021-11-22 15:44:30 -08:00
Tim Abbott 043d83b434 unread: Lookup subscription status by ID.
We prefer to use IDs, not stream names, to do lookups wherever both
are available.
2021-11-22 15:39:58 -08:00
Tim Abbott 3f4d66109b stream_data: Rename get_invite_only helper method.
Since this library is intended to primarily work by user ID, we want
to name all methods that do lookups by stream name explicitly.
2021-11-22 15:32:14 -08:00
Aman Agrawal d9338a68d1 compose: Show globe icon for web public streams.
Fixes #20285.
2021-11-22 15:31:22 -08:00
Sahil Batra 1cdc7306c6 slash: Change description of /light command in typeahead. 2021-11-22 14:59:16 -08:00
YashRE42 717c4ae603 refactor: Remove duplication from reactions.add_clean_reaction.
In commit 3d86267041 we add logic to
`/shared/emoji.js` which duplicated some of the logic in this
function. Since this isn't desirable, we remove the duplicate logic
here and instead just call `emoji.get_emoji_details_for_rendering`.
2021-11-20 20:57:54 -08:00
YashRE42 71a4985ebc refactor: Remove duplication from reactions.view.insert_new_reaction.
In commit 3d86267041 we add logic to
`/shared/emoji.js` which duplicated some of the logic in this
function. Since this isn't desirable, we remove the duplicate logic
here and instead just call `emoji.get_emoji_details_for_rendering`.
2021-11-20 20:57:54 -08:00
YashRE42 bfc705be8f reactions_tests: Remove misleading emoji_params.realm_emoji.zulip obj.
Previously, this test file had an object that encouraged one to
believe that it is defining a realm_emoji with the name, id = "zulip"
and a custom source url, but this is false.
The "zulip" emoji is a special case that's added to our data
structures by the `/shared/emoji.js` code.
Notice how the test never asserts that the returned url is equal to
the source_url defined, it just asserts that the source url is equal
to "/static/generated/emoji/images/emoji/unicode/zulip.png" (which is
the value defined in `/share/emoji.js`).

Hence, we remove this object and replace any references to it with the
values defined in `/shared/emoji.js`.
2021-11-20 20:57:54 -08:00
YashRE42 263a79738f user_status: Fix status emoji handling of deactivated custom emoji.
Previously, if a user had a realm emoji set as their status emoji and
someone deleted the realm emoji, the app would fail to initialize,
because of the error we throw from `./shared/js/emoji.js`.

This commit fixes this by just displaying the deactivated emoji,
similar to how we do when realm_emoji used as reactions are deleted.

As part of the fix, we add a function get_emoji_details_for_rendering,
which duplicates some of the logic used in `reactions.js`, we can
refactor to remove the duplication in `reactions.js` in future
commits.

Note that the following behaviour is a part of our design:
If a user sets their emoji to a particular realm emoji, say for
example "octo-ninja", and "octo-ninja" was then deleted, and a new
emoji was added with the name "octo-ninja", the user's status emoji
would change to show the new emoji instead of the deleted emoji.

Also note that in the `user_status.js` node test, we were able to
change the name for the 991 realm_emoji because it had not been
previously used anywhere in the test (possibly added as just a copy
paste artifact?).

Fixes: #20274.

emoji: Use reaction_type parameter to analyze emoji.
2021-11-20 20:57:54 -08:00
Sahil Batra b72035abfe misc: Replace "Light mode" with "Light theme". 2021-11-19 11:49:59 -08:00
Sahil Batra 89720c5d5a slash: Change description of /dark command in typeahead.
Fixes part of #20228.
2021-11-18 16:57:11 -08:00
Sahil Batra 5024ba98cd misc: Rename "dark mode" to "dark theme".
Fixes part of #20228.
2021-11-18 16:57:11 -08:00
Sahil Batra 16d35f5b4e streams: Hide fake emails in stream creation form.
We hide fake emails in "People to add" section of
stream creation form and instead show user id
along with specifying that email is hidden.
2021-11-18 12:49:10 -08:00
Ganesh Pawar e7b9173ef5 default_language: Migrate modal to dialog_widget. 2021-11-16 17:02:29 -08:00
Wesley Aptekar-Cassels fe89dee284 compose: Remove "Drafts" button.
Now that this is in the left sidebar, we can remove the now-redundant
compose area button for it.  This also changes where the "Saved as
draft" tooltip appears.
2021-11-10 12:53:44 -08:00
Wesley Aptekar-Cassels df8f0b2afe left_sidebar: Add "Drafts" item.
This currently shows the drafts as a popup. Eventually, we'll want to
migrate it to be a view in the center pane, as we did with Recent
Topics.

This uses the same style as starred messages in order to show the number
of drafts.

See CZO for more context:
https://chat.zulip.org/#narrow/stream/101-design/topic/drafts.20in.20sidebar
2021-11-10 12:53:44 -08:00
YashRE42 f21cee7caa upload: Return single elem for get_item(drag_drop_container) w/ edit.
Previously, opening multiple message_edits and then drag-dropping a
file into any one of them would cause all of them to upload ie you'd
get one uploaded file in each message_edit.

This bug was caused by returning multiple elements from
upload.get_item("drag_drop_container", config) when config.mode =
"edit".

This commit changes the selector to use the row provided (config.row),
and so ensures that the above bug doesn't happen.
2021-11-10 12:06:15 -08:00
Sahil Batra 4a1153b06c settings: Fix bug in "Default user settings" section.
There was no heading for "Time format" setting in the
"Default user settings" section and thus no save-discard
widget to update the setting. This commit fixes the bug
and changes the heading to be only "Time" since there is
no realm-level default of language setting.

This bug was introduced in adb612a0b4.
2021-11-09 10:03:23 -08:00
YashRE42 d8ddfdb127 recent_topics: Explicitly override is_visible & is_in_focus in tests.
Previously, the tests relied on `recent_topics_util.is_visible`
returning false unless we used override to return true, this is
because `recent_topics_util.is_viible` would return
`$("#recent_topics_view").is(":visible");` which would always be false
since we don't create a stub for `$("#recent_topics_view")`.

This would cause the tests to fail if we changed how `is_visible`
found it's return value, which we want to do for performance reasons,
and as such, this commit adds explicit overrides where needed.

Further more, even when we do override `is_visible` as override(rt,
"is_in_focus", ...) we do not override the `is_visible` used in
`recent_topics_uttil.is_in_focus`, and so our tests stil rely on that
`is_visible` always returning false. This commit address that by also
adding explicit overrides for `is_in_focus` where needed.
2021-11-08 18:22:43 -08:00
Ganesh Pawar edf7c0fb5a edit_bot: Migrate modal to dialog_widget. 2021-11-08 17:34:42 -08:00
Ganesh Pawar 8c7d320422 message_edit_history: Migrate modal to dialog_widget. 2021-11-08 17:24:31 -08:00
Anders Kaseorg 8e8dda8813 frontend_tests: Skip broken event_status test.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-11-05 21:04:47 -07:00
Anders Kaseorg c732a63b2f upload_widget: Convert $e.get(0) to $e[0].
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-11-05 17:34:13 -07:00
Vishnu KS 6c06858e02 billing: Migrate to Stripe hosted checkout page. 2021-11-05 17:23:10 -07:00
Aman Agrawal a40a5c0bdb user_info_popover: Show relevant info for spectators and hide buttons.
We add the date joined info to the popover and hide all the buttons
since none are relevant for a spectator.
2021-11-02 11:26:19 -07:00
Aman Agrawal eb396b6190 popovers: Don't try to fetch small avatar using email.
It's always better to use the user ID than the email for fetching data
about an object whose unique ID we have, which should be all of them.
And it's also cleaner code to use the standard people.js method; tabbott
checked that indeed all callers get their `user` objects from `people.js`.

Since we restrict spectators from having access to avatars using
email to avoid someone brute forcing a user's email, this removes
a 401 response from the server in spectator view when trying
to open user info popover.

Additionally, this fixes the cached-fetching behavior documented in
the comments we add about the way we construct URLs.
2021-11-02 11:26:19 -07:00
YashRE42 937d398f4e minor: Fix typo in zjquery_element.js - "zjquery" was "zjuery". 2021-11-02 10:27:15 -07:00
Lauryn Menard 73710e1cf0 user_settings: Add option to disable escape key navigation to default view.
Add `escape_navigates_to_default_view` as a bool setting in
UserBaseSettings model and implement it as a checkbox that toggles
the hotkey implementation of escape to the default view in the
advanced user display settings.

With /help/ documentation edits from Alya Abbott.

Fixes #20043.
2021-10-29 18:15:30 -07:00
Ganesh Pawar fce3261c30 deprecated_feature_notice: Migrate modal to dialog_widget. 2021-10-29 16:09:39 -07:00
Ganesh Pawar 1e8bfa710e dialog_widget: Migrate modal to Micromodal.
Also removed the `danger_submit_button` config option
from the dialog_widget since it isn't needed in the new modals.
2021-10-26 18:20:17 -07:00
Alex Vandiver 8dd9b4e812 linkifiers: Loosen regex that validates URLs.
User-supplied custom realm filter has had some sort of regex-based
validation of the format URL since their introduction in
d7e1e4a2c0 -- and this has always been
in addition to the URLValidator.  The URLValidator is the one which
does the security-relevant work of validating that the schema is
reasonable, and that the overall shape of the URL is well-formed.  The
regex has served primarily to arbitrary limit the characters that can
appear in the URL, in the mistaken name of safety.

Adjust the regex, such that its only purpose is to verify that the
usages of `%` characters in the URL are reasonable, and leave the URL
validation to the URLValidator, which can do a far better job.  This
includes broadening the support to include `%%` as an escape
character; this is likely such a niche case as to be unnecessary, but
costs little.

Fixes #16013.
2021-10-22 13:00:20 -07:00
Jonny Tran ddf4053a73 composebox_typeahead: Remove redundant options from the `/` typeahead.
Removes the `/day` and `/night` options from the typeahead menu while
still allowing the commands to be used. Typing `/day` and `/night`
will now suggest `/light` and `/dark`, respectively. Also changes the
`Dark mode` and `Light mode` popups that appear after using the
corresponding command.

Fixes #18318.
2021-10-21 10:50:27 -07:00
rht bb8504d925 lint: Fix typos found by codespell. 2021-10-19 16:51:13 -07:00
Anders Kaseorg cab0f9c219 people: Fix small avatar URL generation.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-10-14 12:47:43 -07:00
Anders Kaseorg afa47b9ae3 node_tests: Mock window.location with JSDOM.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-10-14 12:47:43 -07:00
Dinesh 40470b938b node_tests: Import templates.js only once for all tests.
Reverts 55b2b1c with a better fix.

Closes: #19934
2021-10-13 09:49:32 -07:00
Dinesh 55512a4247 node_tests: Rewrite example8.js.
The previous code has a lot of code unrelated to mock_template.
So, this commit replaces it with a better example which also
demonstrates how to test conditionals in templates.
2021-10-07 16:32:08 -07:00
Dinesh efe5fcde51 typing_events.js: Add test for render_notifications_for_narrow(). 2021-10-07 16:32:08 -07:00
Dinesh 55b2b1c25d node_tests: Refresh templates.js import for every test.
Translation handlebars helpers were not getting changed when we
mock static/js/i18n.ts and then unmock it in a different test.

We mock i18n.ts for every test except node_tests/i18n.js.
So, running any code that calls the registered handlebar
helpers related to translations before running i18n test
will run the helper functions registered with mocked i18n module.
The subsequent tests too would use those functions registered
with mocked i18n module.

This causes the i18n test to fail as we expect the registered
helpers to use actual i18n.ts instead of a mock if we have
code that would call the registered translation helpers in
tests that run before i18n.
2021-10-07 16:32:07 -07:00
Sahil Batra 8528914131 settings: Fix live update code for realm-level user defaults section.
Previously, on receiving udpate event of realm-level default setting,
we updated the whole page, but this might be problematic now in case
where user has edited settings in two subsections with save/discard
button still present and if user clicks on save button of one
subsection then the setting in other subsection also resets to its
original value as whole page is updated.

So, this commit changes the behavior to only update the changed
setting and not affecting other settings similar to what we do
in 'Organization settings' and 'Organization permissions' sections.

We also do not call 'settings_display.report_emojiset_change' when
realm-level default of emojiset setting is updated because we now
uses save/discard widget.
2021-10-07 10:16:28 -07:00
Sahil Batra a7b14756ec settings_org: Use admin-realm-form class in save-discard click handlers.
We use 'admin-realm-form' class as selector in save-discard click
handlers instead of 'organization' which includes all the organization
settings sections, but save/discard widget is used only for some
sections and all of them are inside the form with class 'admin-realm-form'.

This will also help us to avoid code duplication when changing the realm
level defaults section to use save-discard widget.
2021-10-07 10:12:10 -07:00
Aman Agrawal cc8cb5432e channel: Simplify password change tracking.
Move the password tracking variables from setup to channel module.
Track password_change requests in channel.
Directly use xhr object to store `password_changes` information.
Tests modified to accomodote this change by converting strings to
objects.
2021-10-05 10:23:43 -07:00
Aman Agrawal 8433ce90dc channel: Ask spectator to login for unauthenticated requests.
Get complete coverage for channel.
2021-10-05 10:23:43 -07:00
Alex Vandiver db934be064 CVE-2021-41115: Use re2 for user-supplied linkifier patterns.
Zulip attempts to validate that the regular expressions that admins
enter for linkifiers are well-formatted, and only contain a specific
subset of regex grammar.  The process of checking these
properties (via a regex!) can cause denial-of-service via
backtracking.

Furthermore, this validation itself does not prevent the creation of
linkifiers which themselves cause denial-of-service when they are
executed.  As the validator accepts literally anything inside of a
`(?P<word>...)` block, any quadratic backtracking expression can be
hidden therein.

Switch user-provided linkifier patterns to be matched in the Markdown
processor by the `re2` library, which is guaranteed constant-time.
This somewhat limits the possible features of the regular
expression (notably, look-head and -behind, and back-references);
however, these features had never been advertised as working in the
context of linkifiers.

A migration removes any existing linkifiers which would not function
under re2, after printing them for posterity during the upgrade; they
are unlikely to be common, and are impossible to fix automatically.

The denial-of-service in the linkifier validator was discovered by
@erik-krogh and @yoff, as GHSL-2021-118.
2021-10-04 21:26:24 +00:00
Dinesh 206168ed28 puppeteer: Remove waitFors on deletion spinners.
Also added a waitFor for the modal to disappear and removed
waitFor for the spinner to hide which would obviously be hidden
with modal and it also doesn't add much value.
2021-10-03 18:47:42 -07:00
Aman Agrawal 58172fe21a compose: Allow user to undo formatting.
For text that already has the formatting that the user is
trying to apply, we undo the formatting. This gives a nice
experience of applying and removing the formatting from text
on the same button press.
2021-10-01 16:45:50 -07:00