Commit Graph

186 Commits

Author SHA1 Message Date
Eklavya Sharma b76dc9bf4e zerver/lib/upload.py: Fix string types. 2016-06-29 20:43:28 +05:30
rahuldeve 8cecb37743 Modify Attachment model to track file access permissions. 2016-06-23 17:46:16 -07:00
Umair Khan a976ccefbf [third] Urlencode name of the uploaded file.
Update jquery-filedrop to send urlencoded filenames.

As discussed in https://github.com/zulip/zulip/pull/1023, this fix is
already in jquery-filedrop upstream.

Fixes #981.
2016-06-14 15:32:41 -07:00
Eklavya Sharma 7ec9cb7e93 Annotate model fields: Attachment.
Also fix clashing annotations.
2016-06-13 20:01:03 +05:30
Eklavya Sharma 71e613424b Fix annotations clashing with UserProfile's model fields. 2016-06-13 20:01:01 +05:30
Eklavya Sharma 2841aa642d Fix annotations related to make_safe_digest and hashes. 2016-06-12 09:30:53 -07:00
rahuldeve fa13582ffb Serve uploaded files through get_uploaded_file in development.
Previously, uploaded files were served:
* With S3UploadBackend, via get_uploaded_file (redirects to S3)
* With LocalUploadBackend in production, via nginx directly
* With LocalUploadBackend in development, via Django's static file server

This changes that last case to use get_uploaded_file in development,
which is a key step towards being able to do proper access control
authorization.

Does not affect production.
2016-06-09 22:58:25 -07:00
Tim Abbott 719e5487b9 upload: Use classes to define S3/Local upload backends.
This has no functional changes; we just replace the old hacky
assignment of functions with assignment of the upload backend to a
variable.

I'm not totally happy with this, because we end up having to copy the
type annotations of the three methods 4 times each, but this should
make it a lot easier to test the (non-default-in-tests) S3 backend
using end-to-end tests, which would have caught
13bac1cc2a.

I expect we'll iterate on the interface over time; ideally, I'd like
all the code that checks LOCAL_UPLOADS_DIR to be inside upload.py, and
primarily in these classes.
2016-06-09 22:45:03 -07:00
rahuldeve 3e3462da0d Refactor zerver.lib.upload.upload_message_image_through_web_client.
upload_message_image_through_web_client -> upload_message_image_from_request
2016-06-09 21:09:12 -07:00
rahuldeve 23ff717bee Fix annotations: zerver.lib.upload. 2016-06-08 09:49:14 -07:00
medullaskyline 47c3ec1283 Annotate zerver.lib.upload. 2016-06-04 19:13:03 -07:00
Umair Khan 08fbd57245 [i18n] Make error messages translatable.
Make all strings passing through `json_error` and `JsonableError`
translatable.

Fixes #727
2016-05-31 07:40:42 -07:00
Tim Abbott 572c69f3c2 Move REQ and friends to their own module. 2016-05-30 11:24:17 -07:00
Umair Khan 5359e6b0d4 Convert Zulip to use Jinja2 templates.
This results in a substantial performance improvement for all of
Zulip's backend templates.

Changes in templates:
- Change `block.super` to `super()`.
- Remove `load` tag because Jinja2 doesn't support it.
- Use `minified_js()|safe` instead of `{% minified_js %}`.
- Use `compressed_css()|safe` instead of `{% compressed_css %}`.
- `forloop.first` -> `loop.first`.
- Use `{{ csrf_input }}` instead of `{% csrf_token %}`.
- Use `{# ... #}` instead of `{% comment %}`.
- Use `url()` instead of `{% url %}`.
- Use `_()` instead of `{% trans %}` because in Jinja `trans` is a block tag.
- Use `{% trans %}` instead of `{% blocktrans %}`.
- Use `{% raw %}` instead of `{% verbatim %}`.

Changes in tools:
- Check for `trans` block in `check-templates` instead of `blocktrans`

Changes in backend:
- Create custom `render_to_response` function which takes `request` objects
  instead of `RequestContext` object. There are two reasons to do this:
    1. `RequestContext` is not compatible with Jinja2
    2. `RequestContext` in `render_to_response` is deprecated.
- Add Jinja2 related support files in zproject/jinja2 directory. It
  includes a custom backend and a template renderer, compressors for js
  and css and Jinja2 environment handler.
- Enable `slugify` and `pluralize` filters in Jinja2 environment.

Fixes #620.
2016-05-09 09:55:18 -07:00
rahuldeve dde832b158 Add Attachment model to keep track of uploads.
This commit adds the capability to keep track and remove uploaded
files.  Unclaimed attachments are files that have been uploaded to the
server but are not referred in any messages.  A management command to
remove old unclaimed files after a week is also included.

Tests for getting the file referred in messages are also included.
2016-05-02 22:14:47 -07:00
Eklavya Sharma 4e18d856e3 Prevent 500 error when user uploads invalid avatar.
When uploaded avatar image is not a valid image file, PIL raises
IOError. Catch the IOError raised by PIL and raise JsonableError.
This will return a response with status code 400.
2016-04-20 12:00:13 +05:30
Varshit e0ef1a991e Rewrite sanitize_name to better preserve filenames.
The previous version of sanitize_name dropped all unicode characters
and mangled filenames with multiple `.`s in the extension, leading to
confusing URLs for files uploaded to Zulip.

Fixes #321.

[tweaked significantly by tabbott]
2016-04-03 16:26:12 -07:00
Tim Abbott 757e89260e Migrate use of StringIO to Python 2+3 compatible six.moves.cStringIO.
And add a check for additional usage of the original StringIO module.
2016-01-26 21:09:43 -08:00
Luke Faraone 8f8b2519ea Redirect legacy URLs to their new secure location.
URLs with a realm of "unk" will be queried against the new bucket to
determine the relevant realm of the uploading user.

(imported from commit 5d39801951face3cc33c46a61246ba434862a808)
2014-05-05 20:26:29 -07:00
Tim Abbott 8b74a3e052 Remove unauthenticated file upload support from Zulip.
(imported from commit 97262590ac5ad56c18f415fa1c777510aed2baeb)
2014-05-05 16:14:09 -07:00
Waseem Daher ef23a4efe4 Disable authed uploads for zulip.com.
(imported from commit 3c432e730005e4c8404245c974b53c5a49fd4c9d)
2014-03-11 13:06:19 -04:00
Jessica McKellar 25a9eae74b Enabled authed uploads for Bargain Bit.
(imported from commit f793b7ac41341384b914168a3fc5ed637d63a645)
2014-03-05 11:55:02 -05:00
Luke Faraone fe55127eee Override realm of uploading user when invoked via the email mirror
Here, we don't want to check the uploading users' realm when determining
message privacy, because that'll prevent non-Zulip users from having
email-mirror-uploaded images. Instead, we just pass along the target
realm for the message explicitly to upload_message_image()

(imported from commit 6891261552135b1f41ff9da55ffe963ee5000556)
2014-02-07 09:45:57 -08:00
Luke Faraone 1e87e7c5c1 Switch authed_upload_enabled to check for a realm, instead of a UP
This is always a realm setting anyway, and it'll make reuse easier.

(imported from commit c64e1901b60051608cee3cf9a6b3aef8630ae237)
2014-02-07 09:45:57 -08:00
Steve Howell da858afacf Save on S3 bills by passing validate=False into conn.get_bucket().
(See the comments in the code for details.)

(imported from commit e518b9d89aca8a6358c826bf7e7f03381e0560f4)
2014-02-06 12:14:14 -05:00
Tim Abbott 68dcc760c3 Clean up some unused imports.
(imported from commit 0c5d8e2a55ba1b8909ba807fee3afe863dcdc226)
2013-11-04 11:51:17 -05:00
Kevin Mehall 06590f4332 Upload to local filesystem on local server.
(imported from commit 6c38a8cae721b2e7a0863470692cc56425006ecb)
2013-10-29 16:19:04 -04:00
Kevin Mehall f9af7ad1cf Resize uploaded avatar images
(imported from commit 47ff86fcd47871916631baa34f99bbddb67f87d0)
2013-10-29 11:42:33 -04:00
Kevin Mehall 19b9b6e2ec Reduce the length of public upload URLs.
(imported from commit dc4d51da39b218068012ebad57e1f92cb50137c3)
2013-10-24 17:01:06 -04:00
Kevin Mehall 0a271f149b Enable authed file uploads for squarespace
(imported from commit c72e76d27f99cd7610eb6c93b57b8ff727b461a9)
2013-10-24 17:01:06 -04:00
Kevin Mehall 0a3a22cb3d Support authenticated upload URLs.
Trac #1734

This is implemented by bouncing uploaded file links through a view
that checks authentication and redirects to an expiring S3 URL.

This makes file uploads return a domain-relative URI. The client converts
this to an absolute URI when it's in the composebox, then back to relative
when it's submitted to the server.

We need the relative URI because the same message may be viewed across
{staging,www,zephyr}.zulip.com, which have different cookies.

(imported from commit 33acb2abaa3002325f389d5198fb20ee1b30f5fa)
2013-10-24 17:01:06 -04:00
Kevin Mehall 473a98d0a4 Split out common code for existing and authenticated upload systems.
(imported from commit bf513eaff90ae7c4a0be825317690058f9f54621)
2013-10-24 17:01:06 -04:00
Kevin Mehall fb4eae9e2b Include realm ID in S3 metadata on uploaded files.
(imported from commit 7d41ec94991bd257485116791a0d1ef2c22d9b37)
2013-10-24 17:01:05 -04:00
Jessica McKellar 97e6709d49 uploads: have upload_image_to_s3 take file data instead of a file object.
We have to read the data anyway, and we don't have a convenient file
handle for uploads from attachments sent through the e-mail gateway.

(imported from commit 86260a4eaceef85c82707929a80558e11dc54ef6)
2013-09-17 10:00:01 -04:00
Jessica McKellar 8a40fb346c Be able to upload images to S3 from outside the web client.
We'll need this to upload attachments sent through the email gateway.

(imported from commit b2f5eb736b65f1478189c3aebd4cb37f1ad540fb)
2013-09-17 10:00:01 -04:00
Tim Abbott e111a2f9a5 [manual] Rename Django app from zephyr to zerver.
This needs to be deployed to both staging and prod at the same
off-peak time (and the schema migration run).

At the time it is deployed, we need to make a few changes directly in
the database:

(1) UPDATE django_content_type set app_label='zerver' where app_label='zephyr';
(2) UPDATE south_migrationhistory set app_name='zerver' where app_name='zephyr';

(imported from commit eb3fd719571740189514ef0b884738cb30df1320)
2013-08-06 07:39:36 -04:00