Commit Graph

9398 Commits

Author SHA1 Message Date
acrefoot f62b9a199c fix typo in rules.v4 for iptables
(imported from commit 198259fec740c9e025ed56fd6e0b5d42f8d4323c)
2014-06-10 23:29:10 -07:00
Allen Rabinovich 3cf0d40436 Fix the overflow issues on status messages
(imported from commit 1b204bd95d80f1752b7df889b1a7e436360f144a)
2014-06-10 14:35:05 -06:00
acrefoot 27217fddb3 make bootstrap inline-code preserve whitespace
(imported from commit be7d45663b3a9ecd40968cae5d0fb6c734a05212)
2014-06-10 13:18:02 -07:00
Luke Faraone 5507575b7e Switch install scripts to use apt.zulip.net for ops systems
(imported from commit 3ff243459237ac673c5e8ae23077e628fa07a6b9)
2014-06-10 13:16:27 -07:00
acrefoot 0b9884ce5b add issues traffic to the CUSTOMER17 stream
The default today is to not have issues traffic except on a whitelist. This is despite the fact that we have
an exclude_issues boolean on Github's Zulip-integration page, since if we changed the default, all realms
currently using this default would have to go make this change on every repo. That's something that would require
some work, in terms of communicating with them about this, and logging integrations settings for all realms, to
see which are correctly setting exclude issues. Unfortunately this probably isn't high priority today, but let's
try to get this whitelist change out to prod ASAP.

(imported from commit 256fe32bb6aaf7de18ff02d8d7e204a13bc02b7a)
2014-06-09 08:30:10 -07:00
Zev Benjamin 23c108a05c nagios: Check HTTPS instead of HTTP
(imported from commit ba0bb76d9bea6661e5396308eb431ff95ef51771)
2014-06-05 17:30:15 -07:00
Jason Michalski cb153967ec Fix notifications on chrome
Chrome has removed the webkitNotifications API and not only has the w3c
web notifications API. This adds a shim when webkitNotifications is
missing but Notification is present.

(imported from commit e21c476f9ae6570c297c88bd6ff90a97818688e6)
2014-05-28 20:11:16 -07:00
Jason Michalski 8c72eddb72 Add a warning when in the zulip.com realm on production
Display a red warning box to get users to direct users to staging for
the zulip.com (dropbox) realm.

(imported from commit 01ad4209d9247406bc82f5dedaf21371101a1d84)
2014-05-21 13:13:27 -07:00
Zev Benjamin 298e008cc2 [manual] Turn off GIN fast update for zephyr_message_search_tsvector
Apply this commit after hours!

To apply this commit, first run the migration and then run the following as the
zulip user on staging:

$ echo 'VACUUM zerver_message' | python manage.py dbshell

The above VACUUM is needed to clean out the existing fast update pending list.
It might take a long time and block new message inserts!

See discussion near Zulip message 18377486 for why we're turning off the fast
update mechanism for zephyr_message_search_tsvector.

The high level overview is:
As a consequence of the high work_mem setting on our postgres server, the
fastupdate pending list for zephyr_message_search_tsvector can grow very large.
This leads to the occasional INSERT or UPDATE taking inordinately long (many
minutes) as the pending list is flushed, blocking other inserts.

One other possible solution for preventing the list from growing too large is to
set the autovacuum storage parameters on the table such that the autovacuum
process will run after a reasonable number of INSERTs or UPDATEs.  However, the
table is mostly INSERT-only.  Therefore, only the autovacuum_analyze_*
parameters will actually do anything to affect when the autovacuumer will run,
but when it does, it will do a VACUUM ANALYZE instead of a plain VACUUM.  We
don't particularly need the table to be re-analyzed that often.

Turning off fast update will eventually cause the index to become less
efficient, but we can always rebuild it later if we notice it starting to get
too slow.

(imported from commit f280c193c3bc0a3f312960510c5a7dcf97f30c3d)
2014-05-20 22:38:48 -07:00
Zev Benjamin 8e9c019b35 Update user_root path for personal zmirrors
The location of the api directory moved.

(imported from commit 408ef7d47e729a0ad2454a5326cfaddcfff9855f)
2014-05-20 17:29:29 -07:00
Zev Benjamin 4e1d86f775 Handle platform.system() throwing an IOError
This can happen if the calling process is handling SIGCHLD.  See
http://bugs.python.org/issue9127

We ran into this in the zephyr_mirror.

(imported from commit 80fade2274714b7c2c4b9fe38c66a1db8cc63234)
2014-05-20 17:29:29 -07:00
Zev Benjamin b5f7ed037c zephyr_mirror: Specify a z_charset of utf-8
andersk reports that we are "incorrectly sending outgoing zephyrs with z_charset
= ZCHARSET_ISO_8859_1, which breaks zwgc (other clients tend to ignore
z_charset). I'm assuming you're shelling out to zwrite; you need to use zwrite
-x UTF-8, or export LC_ALL=en_US.UTF-8."

(imported from commit 8abb28bf8acbe0b5aa99ca13faab24e1e554a031)
2014-05-20 17:29:29 -07:00
Luke Faraone b383884019 Change expected autossh processes to 10
(imported from commit 41b06ce3f7cded7a29101a6de2d471bdffab5bcc)
2014-05-15 10:49:54 -07:00
Leo Franchi e4dbe57c10 Fix Google OAuth login by checking True as well as true in oauth response
(imported from commit c80620eca4dbd9b5b0122e8e564bc7257a2bd4f5)
2014-05-14 10:00:03 -07:00
Waseem Daher ffc75cb074 A script to export an entire stream.
(imported from commit 7c8bc0c0c1f9c987bda9503ca53051d2e4ad27dd)
2014-05-13 22:42:42 -07:00
Tolga Tezel 667a3a06cd gitignore *.DS_Store instead of .DS_Store
(imported from commit c22b8c9d786c5e35bc10f6db8cf6e8ffa4d357ad)
2014-05-07 14:06:59 -07:00
Tolga Tezel 410e557bad fix old messages tests to use dynamic sql queries - ids were hardcoded.
(imported from commit 533872f5bebc1068925591c9381463a7c9317482)
2014-05-07 14:06:59 -07:00
Tolga Tezel 8b1199ee35 Add support for creating users with a specific ID.
(imported from commit 9a3438924cab8477a9c2494af1b5c2d32783e71c)
2014-05-07 14:06:59 -07:00
acrefoot 148959f1b7 Rewrite humbug-user-uploads.s3.amazonaws.com urls
add_messages is a good entrypoint for this, since it gets called by:
1) get_old_messages
2) get_events_success (for new messages, via insert_new_messages)

which is all the places that rewrites should happen, but nowhere
where extra work is being done.

(imported from commit 844c33bc32d35aa39c9cdacf42eb7e8ddf5ae63c)
2014-05-05 22:21:19 -07:00
Luke Faraone 8f8b2519ea Redirect legacy URLs to their new secure location.
URLs with a realm of "unk" will be queried against the new bucket to
determine the relevant realm of the uploading user.

(imported from commit 5d39801951face3cc33c46a61246ba434862a808)
2014-05-05 20:26:29 -07:00
Luke Faraone ef8b6e5a42 New certificates from Dropbox.
Thanks Tom Cook for getting these through Digicert!

We no longer need separate wildcard certificates, etc, because we have SAN star
certs.

(imported from commit 40a8961da51b6a0ae90c68b40b2af6d59cb5cf9f)
2014-05-05 18:24:14 -07:00
Tim Abbott 8b74a3e052 Remove unauthenticated file upload support from Zulip.
(imported from commit 97262590ac5ad56c18f415fa1c777510aed2baeb)
2014-05-05 16:14:09 -07:00
Tim Abbott f7535a0a1b Fix traceback sending bot messages to invite-only stream.
(imported from commit b9af67e87d8b7d52bddb8fa576af8fe9326ba13c)
2014-05-02 15:49:50 -07:00
Jason Michalski d2d9d9cb01 Fix references to local_id and failed_request
Both missed in the refactoring that split global messages and
message_list_view message_containers.

(imported from commit 127d09204a9e363b78eccfe3d72212e78beb2600)
2014-04-30 16:03:38 -04:00
Tim Abbott ddbb3a37fb Allow committing with dropbox.com email addresses.
Later we can remove the ability to commit with older emails.

(imported from commit fe44cc1ffcc79f3c393e3a84c15741130605d3ec)
2014-04-29 10:55:12 -07:00
Jason Michalski 672603d6cd Add missing logger
(imported from commit e27d78f04fb8cb60b0cbdf4a544a047265abf9d5)
2014-04-28 19:51:04 -04:00
Jason Michalski 1a47683d32 Change data to attr in inline subscribe buttons
(imported from commit 72fef9dd3cb58ff15e74709b0470033a7f8796b4)
2014-04-28 19:43:47 -04:00
Tim Abbott 0494e40c39 Merge zerver/tornado_callbacks.py into zerver/lib/event_queue.py.
It had stopped being a coherently distinct component a while ago.

(imported from commit 0617957bcfe8dcaf69143c88a96ddd51ecb31a98)
2014-04-23 17:22:31 -07:00
Zev Benjamin 5219851de4 zephyr_mirror: Use timeout_success_equivalent in front-end script
(imported from commit 2263a371edda74c1c38a377e0fef5372999888b4)
2014-04-23 11:31:04 -07:00
Zev Benjamin 6d43b22ebe jabber_mirror: Use timeout_success_equivalent in front-end script
(imported from commit 6ca8ec5a2c31d20e4e437804c65650c5a98c69f9)
2014-04-23 11:31:04 -07:00
Zev Benjamin 1e7994d97d api: Add an option to backoff classes for making the passage of time count as a success
The idea here is that for usages like in the zephyr mirror bot:

  backoff = RandomExponentialBackoff()
  while backoff.keep_going():
      print "Starting zephyr mirroring bot"
      try:
          subprocess.call(args)
      except:
          traceback.print_exc()
      backoff.fail()

we want it to be the case that the mirror bot running for a while counts as a
success so that the bot doesn't have a finite number of crashes over its entire
lifetime.  We only want the mirror bot to stop retrying if it fails too many
times in a row.

(imported from commit 7b10704d3ce9a5ffb3472cbb4dfa168c9c05ae7a)
2014-04-23 11:31:04 -07:00
Zev Benjamin a9e439d9e0 jabber_mirror: Explicitly exit when we encounter an error in the main loop
(imported from commit 19b0f29bfd8c01fa300bdb9db2011bba0b55ddd4)
2014-04-23 11:31:04 -07:00
Zev Benjamin 0224fe2db6 jabber_mirror: Don't try to restart on errors caused by initial configuration
(imported from commit 5d9e6c88e1a159fe6e5e46c21c483b5c79444223)
2014-04-23 11:31:03 -07:00
Zev Benjamin 7053fd2a24 jabber_mirror: Split out into front-end and back-end processes
This adds auto-restarting capability.

(imported from commit 74a01a0272025706f2eb902eeedd9c05ee054272)
2014-04-23 11:31:03 -07:00
Zev Benjamin 7ed182c08f Move backoff classes to the Zulip API
(imported from commit 76c5d499874f0397c505ab3fcda631a1a46847b6)
2014-04-23 11:31:03 -07:00
Jason Michalski 768b3b5011 [notify customer Z899] Collapse messages in the home view when narrowed
Collapsing a message in a narrow should also collapse that message in the
home view. Previously this would only happed with the message was
rerendered.

(imported from commit fa82888eba51eb2f4f2b93521d4b7daee852898d)
2014-04-18 18:51:14 -04:00
Zev Benjamin b190a24f40 puppet: Convert zmirror2 to use apt module for debathena sources
(imported from commit 67c71e15b5e5cbdffaa12953eaa7c0c72e7b107a)
2014-04-17 17:12:36 -07:00
Zev Benjamin 08a6969f48 puppet: Fix zmirror apt source resource
The resource is called "apt::source", not "apt::sources_list"

(imported from commit 5ace3d9a62e361b3c7f0b54bf69ac91c1136bb6d)
2014-04-17 17:12:36 -07:00
Zev Benjamin 50b763b12b puppet: Make iptables rules a puppet template
This allows us to specify different rules for the zmirror machines, which need
ports open for Zephyr.

(imported from commit f3c061e9492cbb99783f156debccf03161347e47)
2014-04-17 17:12:36 -07:00
Allen Rabinovich 0b44b7eb4c Switch to a Zulip+Dropbox logo in the header
(imported from commit bbd36b362f4480c83455981fce1c05faca5acabe)
2014-04-16 22:24:35 -07:00
Allen Rabinovich 2fbb13be0a Switch from hiding overflow-y to hiding overflow
(imported from commit 5d595c030b1098165965dd3c693371f7521cf26f)
2014-04-15 12:18:31 -06:00
Tim Abbott 52424cd67a Improve Zephyr personal mirror Nagios check.
(imported from commit 713f8f1ff1463537b46d493ac3571c2727d85379)
2014-04-11 16:44:13 -07:00
Zev Benjamin caef3f8bf3 [puppet] Allow Zulip to be loaded in an iframe on all domains
This removes "X-Frame-Options DENY" from our nginx config.  We need to be able
to load Zulip in an iframe for embedding and we decided that it doesn't actually
provide much protection.

(imported from commit 5bc363693db949010f6163cb3000c12229618a83)
2014-04-07 14:42:02 -07:00
Zev Benjamin 3498a04613 Call authenticate() when logging users in via JWT
Otherwise the user_profile.backend attribute doesn't get set.  I didn't notice
this previously because on first register authenticate() gets called, and then
the UserProfile object gets cached.  This means that subsequent logins work just
fine as long as the UserProfile object is in memcached.

(imported from commit 834d95c46aa07724ea84802f09b7249de99b5ca8)
2014-04-07 11:01:38 -07:00
Zev Benjamin 5b080bd0cf Fix one name_changes_disabled check
(imported from commit f1bf125949bd282c8a9054d3e3b2e92c7bd5ab4e)
2014-04-06 17:00:28 -07:00
Zev Benjamin 2f7af69091 Add customizations for CUSTOMER16 employees' realm
CUSTOMER16 wants their employee realm to:
* only use JWT logins
* have name changes be disabled (they want users' full names to be the
  their CUSTOMER16 user name).
* not show the suggestion that users download the desktop app

(imported from commit cb5f72c993ddc26132ce50165bb68c3000276de0)
2014-04-04 16:51:32 -07:00
Zev Benjamin bd3f1c6a9e Add JSON web token (JWT) authentication
We currently expect the use of HMAC SHA-256, although there shouldn't be
anything preventing us from using other algorithms.

(imported from commit 354510a0b7e9e273d062a1ab5b2b03d4a749d6a3)
2014-04-04 16:51:32 -07:00
Zev Benjamin bd20b295e1 [manual] Add python-pyjwt dependency
This will be used in the next commit.

(imported from commit 559fedd41fb731575ba7201dfbcef45d03461ef2)
2014-04-04 16:51:32 -07:00
Zev Benjamin 04f211bbff Refactor some of the remote user handling
(imported from commit 13facd7afddfb018af39b39ee48c644d355d8ec3)
2014-04-04 16:51:32 -07:00
Zev Benjamin 2e1d5ffd1c Make password_auth_enabled() take a realm object
This will actually be used in an upcoming commit.

(imported from commit 5d3db685a245899b2523440398f2ed2f0cfec4f4)
2014-04-04 16:51:32 -07:00