Commit Graph

2427 Commits

Author SHA1 Message Date
Steve Howell 1fc6a5febc Add get_avatar_field() function.
This function is designed to replace avatar_url() and
avatar_url_from_dict() over time.

There are a few things new about it:

    * We make the parameters more explicit, rather than
      passing in an opaque dictionary or requiring a
      UserProfile object.  (A lot of our callers want
      to use `values()` for efficiency sake, since we
      are often doing bulk user operations.)

    * We start to support the client_gravatar option.
2017-10-12 14:00:41 -07:00
Steve Howell f0194f1821 Reset client descriptors at the start of event tests.
Fixes #6958
2017-10-12 10:27:16 -07:00
Steve Howell 941f718b08 Move tutorial code out of EventsRegisterTest.setUp.
Now we only run this code for the single test that needs
this setup.
2017-10-12 09:44:01 -07:00
Tim Abbott 66a3f514d4 zilencer: Remove long-obsolete Deployment model.
This was a precursor to RemoteZulipServer, which is no longer used for
anything, and was cluttering the codebase.
2017-10-11 23:48:01 -07:00
Robert Hönig e749deb136 onboarding: Add welcome-bot response to initial user message.
Fixes #6030.
2017-10-11 20:45:42 -07:00
derAnfaenger 5ddc336844 tests: Add welcome bot as user. 2017-10-11 20:45:42 -07:00
Greg Price 55426894cd errors: Force a super-simpler handler for 400 errors.
This works around a bug in Django in handling the error case of a
client sending an inappropriate HTTP `Host:` header.  Various
internal Django machinery expects to be able to casually call
`request.get_host()`, which will attempt to parse that header, so an
exception will be raised.  The exception-handling machinery attempts
to catch that exception and just turn it into a 400 response... but
in a certain case, that machinery itself ends up trying to call
`request.get_host()`, and we end up with an uncaught exception that
causes a 500 response, a chain of tracebacks in the logs, and an email
to the server admins.  See example below.

That `request.get_host` call comes in the midst of some CSRF-related
middleware, which doesn't even serve any function unless you have a
form in your 400 response page that you want CSRF protection for.
We use the default 400 response page, which is a 26-byte static
HTML error message.  So, just send that with no further ado.

Example exception from server logs (lightly edited):

  2017-10-08 09:51:50.835 ERR  [django.security.DisallowedHost] Invalid HTTP_HOST header: 'example.com'. You may need to add 'example.com' to ALLOWED_HOSTS.
  2017-10-08 09:51:50.835 ERR  [django.request] Internal Server Error: /loginWithSetCookie
  Traceback (most recent call last):
    File ".../django/core/handlers/exception.py", line 41, in inner
      response = get_response(request)
    File ".../django/utils/deprecation.py", line 138, in __call__
      response = self.process_request(request)
    File ".../django/middleware/common.py", line 57, in process_request
      host = request.get_host()
    File ".../django/http/request.py", line 113, in get_host
      raise DisallowedHost(msg)
  django.core.exceptions.DisallowedHost: Invalid HTTP_HOST header: 'example.com'. You may need to add 'example.com' to ALLOWED_HOSTS.

  During handling of the above exception, another exception occurred:

  Traceback (most recent call last):
    File ".../django/core/handlers/exception.py", line 109, in get_exception_response
      response = callback(request, **dict(param_dict, exception=exception))
    File ".../django/utils/decorators.py", line 145, in _wrapped_view
      result = middleware.process_view(request, view_func, args, kwargs)
    File ".../django/middleware/csrf.py", line 276, in process_view
      good_referer = request.get_host()
    File ".../django/http/request.py", line 113, in get_host
      raise DisallowedHost(msg)
  django.core.exceptions.DisallowedHost: Invalid HTTP_HOST header: 'example.com'. You may need to add 'example.com' to ALLOWED_HOSTS.
2017-10-11 20:43:36 -07:00
Tim Abbott 676a6af8cb push_notifications: Get back to 100% test coverage.
We didn't have tests for a few new code paths.
2017-10-11 20:17:27 -07:00
Tim Abbott 298c59f7fd push_notifications: Fix error message for unregistered bouncer.
Previously, we were just returning a JSON error to the client, when it
was a server problem.

Fixes #6639.
2017-10-11 19:09:24 -07:00
Tim Abbott 9e2e344937 report: Fix missing test coverage on draft sanitization. 2017-10-11 18:43:39 -07:00
Steve Howell 9ecf41980c Remove message.is_mentioned in message events.
This field would get overwritten with an improper value when
we looped over multiple clients, due to not making full copies
of the message dictionary.  This failure would be somewhat
random depending on how clients were ordered in the loop.

The only consumers of this field were the mobile app and the
apply-events-to-unread-counts logic.  Both of these will now
use `flags` instead.
2017-10-11 16:55:34 -07:00
Steve Howell fed972d1fb Fix bug with applying message events to unread counts.
The `is_mentioned` flag in message events was buggy.  We now
look directly at flags.

We will kill off `is_mentioned` in a subsequent commit.

We also remove some debugging code in the test that was failing
before this fix.  The test would only fail when `is_mentioned`
was wrong, which never happened when you ran a single test, and
which would happen randomly when you ran multiple tests.
2017-10-11 16:55:34 -07:00
Steve Howell a6ad9a6d7c Add is_zephyr to the Stream model.
Add this field to the Stream model will prevent us from having
to look at realm data for several types of stream operations, which
can be prone to either doing extra database lookups or making
our cached data bloated.

Going forward, we'll set stream.is_zephyr to True whenever the
realm's string id is "zephyr".
2017-10-11 16:15:56 -07:00
Steve Howell 7c726a5e77 Remove sender names from the message cache.
This removes sender names from the message cache, since
they aren't guaranteed to be valid, and they're inexpensive
to add.

This commit will make the message cache entries smaller
by removing sender___full_name and sender__short_name
fields.

Then we add in the sender fields to the message payloads
by doing a query against the unique sender ids of the
messages we are processing.

This change leads to 2 extra database hops for most of
our message-related codepaths.  The reason there are 2 hops
instead of 1 is that we basically re-calculate way too
much data to get a no-markdown dictionary.
2017-10-11 11:37:16 -07:00
Steve Howell 3910448b1d Extract MessageDict.post_process_dicts().
Introduce MessageDict.post_process_dicts() will allow us
the ability to do the following:

    * use less memory in the cache for repeated data
    * prevent cache invalidation
    * format data according to different client needs

The first use of this function is pretty inconsequential, but
it sets us up for more consequential changes.

In this commit we defer the MessageDict.hydrate_recipient_info
step until after we pull data out of the cache.  This impacts
cache size as follows:

    * streams - negligibly bigger
    * PMs/huddles - slimmer due to not needing to repeat
                    sender data like email/full_name

Again, the main point of this change is to start setting up
the infrastructure to do post-processing.
2017-10-11 11:37:16 -07:00
Steve Howell 6bf43e6332 refactor: Extract MessageDict.hydrate_recipient_info().
This is a first step to eventually slimming the message cache,
but there are still some moving parts there to be worked through.

The more immediate benefit of extracting this function is that
we can put tests on it.  Also, it isolates some functionality
that may go away as our clients gets smarter.
2017-10-11 11:37:16 -07:00
Alena Volkova 79560e21bf urls: Move the json/tutorial_status endpoint to be an API-style route. 2017-10-09 15:13:33 -07:00
Alena Volkova 0e653d198d test_decorators: Replace the json/tutorial_status endpoint in tests.
This endpoint is about to become an API-style route and have the legacy
decorator removed from its view. The json/fetch_api_key endpoint will be
used in tests instead of it.
2017-10-09 15:13:33 -07:00
Steve Howell 75db4f5187 Avoid O(N) query pitfall for /users endpoint.
We now use a `.values` query to get just the fields we need
in order to fulfill '/json/users' requests.

The main benefit is that we don't do O(N) queries for bot
owners, but we also have less data on UserProfile to process.
2017-10-09 14:08:07 -07:00
Steve Howell f87159ad98 Flush standard output in match_states(). 2017-10-09 12:23:49 -07:00
Harshit Bansal 3acaa79336 reactions.py: Don't check for valid emoji name while removing reaction.
On receiving a request for deleting a reaction, just check if such
a reaction exists or not. If it exists then just delete the reaction
otherwise send an error message that such a reaction doesn't exist.
It doesn't make sense to check whether an emoji name is valid or not.
2017-10-09 17:54:37 +00:00
Tim Abbott 9cf26db6db test_management_commands: Fix send_webhook_fixture_message test.
I unfortunately didn't remember this could have a test.
2017-10-08 21:20:35 -07:00
Steve Howell 12e65eb21c Use stream ids in various tests.
This commit prepares us to introduce a StreamLite class. For
these tests, we don't care about the actual contents of the
Stream, just the right stream is there.
2017-10-08 20:18:34 -07:00
Greg Price a116303604 passwords: Express the quality threshold as guesses required.
The original "quality score" was invented purely for populating
our password-strength progress bar, and isn't expressed in terms
that are particularly meaningful.  For configuration and the core
accept/reject logic, it's better to use units that are readily
understood.  Switch to those.

I considered using "bits of entropy", defined loosely as the log
of this number, but both the zxcvbn paper and the linked CACM
article (which I recommend!) are written in terms of the number
of guesses.  And reading (most of) those two papers made me
less happy about referring to "entropy" in our terminology.
I already knew that notion was a little fuzzy if looked at
too closely, and I gained a better appreciation of how it's
contributed to confusion in discussing password policies and
to adoption of perverse policies that favor "Password1!" over
"derived unusual ravioli raft".  So, "guesses" it is.

And although the log is handy for some analysis purposes
(certainly for a graph like those in the zxcvbn paper), it adds
a layer of abstraction, and I think makes it harder to think
clearly about attacks, especially in the online setting.  So
just use the actual number, and if someone wants to set a
gigantic value, they will have the pleasure of seeing just
how many digits are involved.

(Thanks to @YJDave for a prototype that the code changes in this
 commit are based on.)
2017-10-08 15:48:44 -07:00
Steve Howell 3e6bfe1b23 Use user_ids, not emails, for bulk stream operations.
We now return user_ids for subscribers to streams in add-stream
events.  This allows us to eliminate the UserLite class for
both bulk adds and bulk removes.  It also simplifies some JS
code that already wanted to use user_ids, not emails.

Fixes #6898
2017-10-08 12:31:12 -07:00
Steve Howell 10a30bece1 Rename presence_idle_userids -> presence_idle_user_ids. 2017-10-07 12:16:45 -07:00
Harshit Bansal 7b88e3eea7 tests: Add a test suite for verifying the mobile push notifs content.
This test suite works by using the expected_output and new text_output
fields in the bugdown test cases to verify that each syntax is
correctly translated by this new function.

Some of these translations, like strikethrough, are kinda poor; but
this framework should make it easy to iterate on the formatting.

Fixes: #6720.
2017-10-06 16:47:27 -07:00
Harshit Bansal 5a6584890d push_notifications: Start using `get_mobile_push_content()` function. 2017-10-06 16:47:25 -07:00
Tim Abbott 234f7960a1 tests: Add @slow decorator to various methods needing it.
Also, fix the test_message_editing test having way too many cases.

Fixes #1478.
2017-10-06 15:45:04 -07:00
Tim Abbott 0d7617721c test_messages: Clean up some slow tests.
One isn't actually slow; the other was doing something wasteful.
2017-10-06 15:44:17 -07:00
Tim Abbott d5c2508858 tests: Remove unnecessary @slow decorators.
This is part of addressing #1478.
2017-10-06 15:17:34 -07:00
Steve Howell d2966ae5d4 minor: Fix missing "not" in comment. 2017-10-06 14:08:41 -07:00
Tim Abbott 73e1c26c15 test_events: Add missing nocoverage tag on debugging code. 2017-10-06 13:59:26 -07:00
Steve Howell ad521a0e07 minor: Add debugging statement to test.
This test is flaky for some unknown reason, so we print
out the loop index in case the test fails.
2017-10-06 13:56:37 -07:00
Steve Howell a99574ebf0 tests: Make apply-events tests easier to debug.
It's fairly difficult to debug tests that use
EventsRegisterTest.do_test, and when they fail on
Travis, it's particularly challengning.  Now we make
the main diff less noisy, and we also include
the events that were applied.
2017-10-06 13:56:36 -07:00
derAnfaenger 747c283180 lint: Replace `pk` with `id` where they are equivalent. 2017-10-06 12:52:12 -07:00
Tim Abbott 0c44310009 tests: Don't use caching session engine in tests.
Because we run tests in parallel, the caching session engine can lead
to nondeterministic failures.
2017-10-06 12:22:20 -07:00
Tim Abbott fe6a04cbdb Revert "locale: Fix incorrect locale name for zh-Hans."
This reverts commit ba8dc62132.

As best I can tell, the old configuration was correct for what Django
wanted.  Further testing is required, but this at least brings
.tx/config to match the actual filenames; I think our Chinese
translations have been broken until now.
2017-10-06 10:09:08 -07:00
Tim Abbott 1a9adbbe70 test_signup: Fix test for login page redirect.
I forgot to update this in 43bba27e5d.
2017-10-05 23:36:33 -07:00
Tim Abbott 313083484a test_i18n: Remove zh-hans tests for now. 2017-10-05 23:33:12 -07:00
Umair Khan 6fbf41bdbc queue: Add test for signups retry logic. 2017-10-05 23:14:19 -07:00
Umair Khan b464fd7643 makemessages: Change type of translation_strings to List.
In the code this variable is only used as a list, however, we
create it as dictionary which uses more memory.
2017-10-05 22:44:34 -07:00
Alena Volkova 21bc0e845c urls: Delete the json/tutorial_send_message endpoint.
This endpoint is part of the old tutorial, which we've removed, and
has some security downsides as well.

This includes a minor refactoring of the tests.
2017-10-05 15:41:57 -07:00
Tim Abbott e1eb91343b zephyr: Update path to process_cache for repository split.
This should have been done long ago, but better late than never.
2017-10-05 12:35:20 -07:00
Rishi Gupta 0596c4a810 analytics: Enforce various datetime arguments are in UTC.
Sort of a hacky hammer, but
* The original design of the analytics system mistakenly attempted to play
  nicely with non-UTC datetimes.
* Timezone errors are really hard to find and debug, and don't jump out that
  easily when reading code.

I don't know of any outstanding errors, but putting a few "assert this
timezone is in UTC" around will hopefully reduce the chance that there are
any current or future timezone errors.

Note that none of these functions are called outside of the analytics code
(and tests). This commit also doesn't change any current behavior, assuming
a database where all datetimes have been being stored in UTC.
2017-10-05 11:22:06 -07:00
Rishi Gupta 0c2b4d22a7 analytics: Convert datetimes coming from the API into UTC.
Previously, entering a non-UTC end time for a daily stat would give you
incorrect results. This is because:
* All daily stats are collected at and have end_times in the database in
  midnight UTC.
* For daily stats, time_range returns a list of datetimes at midnight in the
  timezone of its end argument. These datetimes are the only ones we look
  for when looking for rows corresponding to the stat in the database.
* Previously, we passed on the end argument from the API to time_range,
  without modification.
2017-10-05 11:22:06 -07:00
Steve Howell d6e21b5ca9 Collect sender_ids (by topic) in `unread_msgs`.
This will allow the mobile app to say "A, B, and C are
talking" in the topic views.
2017-10-05 10:37:15 -07:00
Steve Howell e56084fcf7 Simplify how we apply events for unread messages.
The logic to apply events to page_params['unread_msgs'] was
complicated due to the aggregated data structures that we pass
down to the client.

Now we defer the aggregation logic until after we apply the
events.  This leads to some simplifications in that codepath,
as well as some performance enhancements.

The intermediate data structure has sets and dictionaries that
generally are keyed by message_id, so most message-related
updates are O(1) in nature.

Also, by waiting to compute the counts until the end, it's a
bit less messy to try to keep track of increments/decrements.
Instead, we just update the dictionaries and sets during the
event-apply phase.

This change also fixes some corner cases:

    * We now respect mutes when updating counts.
    * For message updates, instead of bluntly updating
      the whole topic bucket, we update individual
      message ids.

Unfortunately, this change doesn't seem to address the pesky
test that fails sporadically on Travis, related to mention
updates.  It will change the symptom, slightly, though.
2017-10-05 09:42:20 -07:00
Steve Howell c567f105c9 Have topic_is_muted take a stream_id.
This function doesn't need a full Stream object to detect
whether a stream is muted, so we can save future callers
from doing unnecessary DB fetches.
2017-10-05 09:32:16 -07:00
Harshit Bansal ef35e6ac3f reactions: Switch to using `name_to_codepoint`.
Instead of using `unified_reactions` mapping start using
`name_to_codepoint` mapping for converting emoji name to
codepoints. We were using `unified_reactions` mapping
because prior to emoji web PR `name_to_codepoint` mapping
was generated using emoji_map.json which contained old
codepoints but for reactions new codepoints were required
to display them using sprite sheets.
2017-10-04 23:09:14 -07:00
Vishnu Ks eef72a98e4 backends: Create custom email backend EmailLogBackEnd.
Create a new custom email backend which would automatically
logs the emails that are send in the dev environment as
well as print a friendly message in console to visit /emails
for accessing all the emails that are sent in dev environment.
Since django.core.mail.backends.console.EmailBackend is no longer
userd emails would not be printed to the console anymore.
2017-10-04 08:20:29 -07:00
Vishnu Ks 4c2e787ffc emails: Redirect to /emails after generating emails. 2017-10-04 08:20:29 -07:00
kunall17 f091823fc8 push_notifications: Set APNS badge as 0 for now.
We don't yet have support for tracking the number of open APNS
notifications server-side, so setting this to 0 will at least avoid
confusing users.
2017-10-03 17:07:49 -07:00
Steve Howell aae0b2a826 Notify offline users about edited stream messages.
We now do push notifications and missed message emails
for offline users who are subscribed to the stream for
a message that has been edited, but we short circuit
the offline-notification logic for any user who presumably
would have already received a notification on the original
message.

This effectively boils down to sending notifications to newly
mentioned users.  The motivating use case here is that you
forget to mention somebody in a message, and then you edit
the message to mention the person.  If they are offline, they
will now get pushed notifications and missed message emails,
with some minor caveats.

We try to mostly use the same techniques here as the
send-message code path, and we share common code with the
send-message path once we get to the Tornado layer and call
maybe_enqueue_notifications.

The major places where we differ are in a function called
maybe_enqueue_notifications_for_message_update, and the top
of that function short circuits a bunch of cases where we
can mostly assume that the original message had an offline
notification.

We can expect a couple changes in the future:

    * Requirements may change here, and it might make sense
      to send offline notifications on the update side even
      in circumstances where the original message had a
      notification.

    * We may track more notifications in a DB model, which
      may simplify our short-circuit logic.

In the view/action layer, we already had two separate codepaths
for send-message and update-message, but this mostly echoes
what the send-message path does in terms of collecting data
about recipients.
2017-10-03 15:57:06 -07:00
Tim Abbott 654562b942 check_message: Reject null bytes in message content.
Postgres doesn't like them, we don't have an obvious way to escape
them, and they tend to be sent by buggy tools where it'd be better for
the user to get an error.

This fixes a 500 we were getting occasionally.
2017-10-03 15:32:04 -07:00
Cynthia Lin cfeb125624 zerver: Block access to subdirectories when visiting user docs articles.
Fixes #6770
2017-10-03 11:16:09 -07:00
Umair Khan d95d34a66a Retry email failures in missed-message emails queue.
Fixes #6518.
2017-10-03 10:35:07 -07:00
Tim Abbott 7581e0e1c5 settings: Remove remaining references to REALMS_HAVE_SUBDOMAINS. 2017-10-02 16:43:54 -07:00
Tim Abbott 1d72629dc4 subdomains: Hardcode REALMS_HAVE_SUBDOMAINS=True. 2017-10-02 16:42:43 -07:00
Tim Abbott 95a0a4a06f subdomains: Update AuthBackendTest for subdomains always on.
This is separate from the main subdomains commit mainly for
readability of the history.
2017-10-02 16:32:11 -07:00
Tim Abbott 26a5332828 subdomains: Update some tests to run with subdomains.
Specifically, our request middleware adds an extra database query for
these code paths, to verify whether the subdomain is valid.
2017-10-02 16:32:11 -07:00
Tim Abbott 13bb546ddd subdomains: Hardcode can_add_realm_domains=True.
It was already always True if REALMS_HAVE_SUBDOMAINS, and now that's
the only supported configuration.
2017-10-02 16:32:10 -07:00
Tim Abbott 66658bbf25 subdomains: Hardcode REALMS_HAVE_SUBDOMAINS in API docs. 2017-10-02 16:32:10 -07:00
Tim Abbott 262a0692ab subdomains: Delete completely_open helper function.
We no longer use this anyway.
2017-10-02 16:32:10 -07:00
Tim Abbott e6f8032972 subdomains: Remove get_unique_open_realm code paths.
Since we no longer support !REALMS_HAVE_SUBDOMAINS in production,
these no longer make sense.
2017-10-02 16:32:10 -07:00
Tim Abbott 99e4ceebd4 test_auth_backends: Extract REALMS_HAVE_SUBDOMAINS overrides.
This will make the diff a lot smaller when we hardcode
REALMS_HAVE_SUBDOMAINS=True.
2017-10-02 16:32:09 -07:00
Tim Abbott bd066fe0f1 test_subdomain_restrictions: Update to assume subdomains. 2017-10-02 15:32:39 -07:00
Steve Howell 2be713a7e4 Rename get_userids_for_missed_messages().
We rename this function to get_active_presence_idle_userids().
2017-10-02 15:19:28 -07:00
Steve Howell e660428c21 Rename missed_message_userids to presence_idle_userids. 2017-10-02 15:19:28 -07:00
Tim Abbott e5592fe89f test_signup: Remove REALMS_HAVE_SUBDOMAINS check.
This test actually is just as correct with
REALMS_HAVE_SUBDOMAINS=True.
2017-10-02 13:50:07 -07:00
Tim Abbott 9622da6b16 test_signup: De-inline REALMS_HAVE_SUBDOMAINS=True checks.
These are now just declarations at the top of functions.
2017-10-02 13:50:06 -07:00
Tim Abbott edc10e8f51 test_decorators: de-inline REALMS_HAVE_SUBDOMAINS with statements.
This will significantly shrink the diff when we toggle
REALMS_HAVE_SUBDOMAINS soon.
2017-10-02 13:49:53 -07:00
Tim Abbott 5a27a4cf1c decorator: Improve wrong-subdomain logging output.
Often, it's helpful to see both values in errors.
2017-10-02 13:31:20 -07:00
Vishnu Ks 6b9755c854 email_log: Make generate_email work with subdomains.
This fixes one of our last few test failures with
REALMS_HAVE_SUBDOMAINS.
2017-10-02 12:27:27 -07:00
Tim Abbott 6327f30c76 test_decorators: Remove test_login_deactivated_realm.
This test was a duplicate of test_login_deactivated in LoginTest.
2017-10-02 11:42:15 -07:00
derAnfaenger d1afab7199 Replace deprecated Logging.warn calls with Logging.warning. 2017-10-02 11:11:42 +02:00
Tim Abbott 7d63928fe1 test_signup: Update deactivate realm tests for subdomains.
We add a new test to make sure we cover the potential race condition
with the realm being deactivated after starting the registration
process.
2017-10-01 23:52:08 -07:00
Tim Abbott 651b1882e6 test_outgoing_webhook_system: Set REALMS_HAVE_SUBDOMAINS=True. 2017-10-01 22:47:15 -07:00
Umair Khan 69ccc8ce0e ldap: Show helpful message when realm is None. 2017-09-30 10:18:25 -07:00
Robert Hönig 9d4bffb59d outgoing webhook: Make exception handling more granular and verbose.
Fixes #6127.
2017-09-30 10:14:28 -07:00
Harshit Bansal 5b5bcce098 emoji: Migrate bugdown emoji to use sprite sheets.
This commit switches to use sprite sheets for rendering emojis
in all the remaining places, i.e., message bodies and composebox
typeahead. This commit also includes some changes to notifications.py
file so that the spans used for rendering emojis can be converted
to corresponding image tags so that we don't break the emoji rendering
in missed message emails since we can't use sprite sheets there.

As part of switching the bugdown system to use sprite sheets, we need
to switch the name_to_codepoint mappings to match the new sprite
sheets.  This has the side effect of fixing a bunch of emoji like
numbers and flag emoji in the emoji pickers.

Fixes: #3895.
Fixes: #3972.
2017-09-29 11:14:34 -07:00
Greg Price e0a5e6fade logging: Explain quirks of Python logging config, and apply a style.
This should make it a little easier to understand our logging config
and make changes to it with confidence.

Many of these items that are now redundant used to be required when we
were setting disable_existing_loggers to True (before 500d81bf2), in
order to exempt those loggers from being cleared out.  Now they're not.

One bit of test code needed a tweak to how it got its hands on the
AdminZulipHandler instance; it can do it from the list on the root
logger just as well as on the `django` logger.
2017-09-28 18:26:39 -07:00
Greg Price f129dc4f72 LDAP: Restore an except clause and add test to cover it.
Most of the paths leading through this except clause were cut in
73e8bba37 "ldap auth: Reassure django_auth_ldap".  The remaining one
had no test coverage -- the case that leads to it had a narrow unit
test, but no test had the exception actually propagate here.  As a
result, the clause was mistakenly cut, in commit
8d7f961a6 "LDAP: Remove now-impossible except clause.", which could
lead to an uncaught exception in production.

Restore the except clause, and add a test for it.
2017-09-28 18:26:39 -07:00
Greg Price 7b8f725707 APNs: Accept 1.6-format payloads in bouncer.
This is just enough of a quick fix to work with a stock Zulip 1.6
server.  We should really also make this robust to arbitrary input
from the remote Zulip server, even though it'll be a little tedious.
2017-09-28 10:01:16 -07:00
rht 26f5d9a32c zerver/tests: Remove print_function. 2017-09-27 18:05:45 -07:00
Vishnu Ks 17cc32f168 settings: Show error or success message when deleting uploaded files.
Fixes #6519
2017-09-27 17:50:22 -07:00
Vishnu Ks 94e099eaab auth: Make multiuse invite link work with oAuth2.
This works by attaching to the user's session the multi-use invitation
key, allowing that to be used in the Google/GitHub auth flows.
2017-09-27 17:47:40 -07:00
Steve Howell de0b47fd4e Always notify service bots about stream mentions.
Before this change, we were only triggering service bots
for stream mentions when the bot was subscribed to the
stream.
2017-09-27 17:22:12 -07:00
rht daef6a7dbc zerver/tests: Remove `import six`. 2017-09-27 17:07:40 -07:00
Vishnu Ks dfaa939af2 emails: Store the compiled emails in separate directory. 2017-09-27 16:48:18 -07:00
Steve Howell 1b518f1983 Return mentioned users in get_user_info_for_message_updates().
The dictionary result for get_user_info_for_message_updates()
now has a `mention_user_ids` field that is a set of user ids
who were mentioned in a message.
2017-09-27 16:01:50 -07:00
Steve Howell 646abb57b7 refactor: Extract get_user_info_for_message_updates.
We'll want to expand this to get users that were mentioned in
the prior message, but this commit is just a refactoring.
2017-09-27 16:01:50 -07:00
Tim Abbott 06e6b3abe1 event_queue: Fixed stream_push_notify code path in missedmessage_hook.
This finishes implementing the stream_push_notify feature, which
previously didn't work if you were not idle when the message was sent.
2017-09-27 15:57:48 -07:00
Tim Abbott 2b1ea1555c event_queue: Simplify API of maybe_enqueue_notifications. 2017-09-27 15:57:47 -07:00
Tim Abbott d6732d0781 event_queue: Fix handling of private messages in missedmessage_hook.
Previously, we didn't correctly trigger email/push notifications for
PMs in these cases.
2017-09-27 15:57:47 -07:00
Tim Abbott bfa8f0efdb tests: Add an end-to-end test for missedmessage_hook.
This checks what arguments it passes into the enqueuing function.

Note, however, that the arguments are wrong for various cases, we'll
update the tests as we fix those bugs.
2017-09-27 15:57:47 -07:00
Tim Abbott 71fc8363b4 tests: Add a test suite for maybe_enqueue_notifications.
This ensures that as we expand the logic for under what circumstances
email and push notifications should be sent, we can be confident about
this code path always doing the right thing.
2017-09-27 15:55:29 -07:00
rht 1e87a4b68c zerver/tests: Remove absolute_import. 2017-09-27 10:00:39 -07:00
Tim Abbott f0f0176517 test_auth_backends: Clean up Google auth subdomains handling.
This makes GoogleSubdomainLoginTest consistently access subdomains the
standard way, replacing the original hacky approach it had that
predated the library.
2017-09-26 22:20:07 -07:00
Steve Howell b340b28055 Extract get_service_bot_events().
There are several reasons to extract this function:

    * It's easy to unit test without extensive mocking.
    * It will show up when we profile code.
    * It is something that you can mostly ignore for
      most messages.

The main reason to extract this, though, is that we are about
to do some fairly complex splicing of data for the use case
of mentioning service bots on streams they are not subscribed to,
and we want to localize the complexity.
2017-09-26 18:49:03 -07:00
Robert Hönig 43422fa6f2 outgoing webhook: Notify bot owner on failure response. 2017-09-26 16:11:27 -07:00
Vishnu Ks 7fd4a71b7f test_emails: Generate emails instead of hardcoding.
Tweaked by tabbott to use require_GET.

Fixes #6344.
2017-09-26 15:02:47 -07:00
Vishnu Ks f58c87917e emails: Log emails that are queued or sent in dev environment.
Tweaked by tabbott to add some comments and clarify the code.
2017-09-26 15:02:47 -07:00
Alena Volkova abe4196232 urls: Change the method for adding alert words from PUT to POST. 2017-09-26 14:00:51 -07:00
Alena Volkova ca687e01d7 urls: Remove the old POST endpoint for alert words. 2017-09-26 14:00:51 -07:00
Tim Abbott e5ea598fe3 test_email_change: Cover the case of email already existing.
This fixes master failing tests.
2017-09-26 11:16:12 -07:00
Tim Abbott 0d2d9fc30d test_signup: Add checks for messages sent on invited user signup.
Previously, we didn't have a test that verified that these notices
were sent.
2017-09-25 13:58:41 -07:00
Tim Abbott f010ed117b Migrate several Google auth tests to subdomains test class.
The plan is to have everything expect subdomains, so it makes sense to
move these tests to the subdomains-only test class and style.

Most of the remaining GoogleLoginTest tests are now either duplicates
or basic API-level tests where subdomains are irrelevant.
2017-09-25 07:29:18 -07:00
Tim Abbott c62befe655 test_messages: Fix invalid subdomain in mirrored message test. 2017-09-25 07:20:58 -07:00
Tim Abbott 4674af0894 outgoing_webhook: Fix broken way of accessing realm.uri.
Previously, this accessed realm.uri via trying to use
zulip_default_context.  That doesn't make any sense, because
zulip_default_context expects an HttpRequest object, and those are
nowhere in sight in the code path.  We do, however, have the outgoing
webhook bot user involved in the event, and that's the object to
access realm.uri from here.
2017-09-25 07:05:02 -07:00
Tim Abbott 5159151e5f test_signup: Remove unnecessary realm_name/realm_subdomain arguments.
These arguments are only intended to be used for realm creation, and
they make the code more confusing.

We need to make a few changes after doing this, because some tests
were relying on these extra arguments causing the form to not submit
for their error handling.

We don't apply these changes to the LDAP tests, since fixing those
seems complicated.
2017-09-25 06:45:56 -07:00
Tim Abbott 163da73d2d test_signup: Hardcode REALMS_HAVE_SUBDOMAINS for mirror dummy tests.
This also fixes the fact that this code path was randomly setting a
bunch of fields only used in realm creation in the registration form.
2017-09-25 06:14:38 -07:00
Robert Hönig 15a1bf2b58 outgoing webhook: Log all non-200 responses. 2017-09-25 06:00:42 -07:00
Eeshan Garg 11b7d219bd integrations: Render bots' docs alongside integration docs.
This commit implements support for rendering static files in
under static/generated/bots/ in the same manner as we render
our webhooks/integration documentation. Said static files are
generated by tools/setup/generate_zulip_bots_static_files.py
during provisioning.
2017-09-22 15:19:20 -07:00
Eeshan Garg 390a1fec92 zulip_bots: Generate static files during provisioning.
This commit implements support for copying over static files
for all bots in the zulip_bots package to
static/generated/bots/ during provisioning. This directory
isn't tracked by Git. This allows us to have access to files
stored in an arbitrary zulip_bots package directory somewhere
on the system. For now, logo.* and doc.md files are copied over.

This commit should act as a starting point for extending our
macro-based Markdown framework to our bots/API packages'
documentation and eventually rendering these static files
alongside our webhooks' documentation.
2017-09-22 15:14:42 -07:00
Tim Abbott de9f00208d test_notifications: Fix unnecessary use of dirname. 2017-09-22 10:17:54 -07:00
Tim Abbott 3d63f981a1 test_notifications: Clarify code for new MissedMessages test. 2017-09-22 10:16:24 -07:00
Harshit Bansal e4c1aa37f3 notifications: Add tests for `relative_to_full_url()` function.
Fixes: #6544.
2017-09-22 10:04:33 -07:00
Vishnu Ks b4fedaa765 backend: Add support for multiuse user invite link. 2017-09-22 07:56:53 -07:00
Tim Abbott dc843efd56 RealmAuditLog: Add support for stringifying entries. 2017-09-22 07:09:37 -07:00
Rishi Gupta 6ec3595b77 emails: Change enqueue_welcome_emails to take a user rather than user_id. 2017-09-22 06:20:33 -07:00
Rishi Gupta a7c8770f97 emails: Move enqueue_welcome_emails outside of signups queue.
The only thing this queue should do is sign you up for the newsletter, since
it is only populated if newsletter_data is not None.
2017-09-22 06:20:33 -07:00
julianasobreira df2d448f7b python: Add lint rule banning 'from os.path import'.
This enforces our use of a consistent style in how we access Python
modules; "from os.path import dirname" is a particularly popular
abbreviation inconsistent with our style, and so it deserves a lint
rule.

Commit message and error text tweaked by tabbott.

Fixes #6543.
2017-09-22 04:55:38 -07:00
Tim Abbott 7554958316 test_signup: Add a test for invite emails being cleared. 2017-09-21 06:15:11 -07:00
Tim Abbott f706f657c0 signup: Fix invitation emails not being cleared properly.
Previously, invitation reminder emails were only being cleared after a
successful signup if newsletter_data was available, since that was the
circumstance in which we were calling the relevant queue processor
code.  Now, we (1) clear them when a human user finishes signing up
and (2) correctly clear them using the 'address' field of
ScheduleEmail, not user_id.
2017-09-21 06:15:11 -07:00
Steve Howell 9110ff935e tests: Restore 100% coverage to views/messages.py.
A recent change moved some untested code into messages.py, which
requires 100% coverage.  Now we test bogus stream names in
exclude_muting_conditions.
2017-09-20 13:02:22 -07:00
Steve Howell 428d3027c2 Only require ids for finding DefaultStream objects.
We don't need full Realm objects to find DefaultStream
objects for a realm.  So now a few functions related to
adding/removing default streams use realm_id for lookups.

Similarly, we don't need a full Stream object to find
out if a stream exists in DefaultStream, so we do id
lookups there as well.

This sets us up to use thinner objects in callers.
2017-09-20 10:31:33 -07:00
Steve Howell 8ad7133351 Cache active_user_ids() more directly.
We now have a dedicated cache for active_user_ids() that only
stores a list of user_ids.

Before this commit, active_user_ids() used a cache of UserProfile
dictionaries, so it incurred unnecessary deserialization costs for
all the user fields that it sliced away in a list comprehension.

Because the cache is skinnier here, we also need to invalidate it
less frequently.  Basically, all we care about is new users, realm
deactivations, and user deactivations.

It's hard to measure how much this will improve performance, because
the speedup for any operation here is pretty minor, but we use this
function a lot, so hopefully it will make the overall system more
healthy.
2017-09-20 10:31:33 -07:00
Steve Howell cad3a35b6a Only require realm_id for active_user_ids().
This is mostly a preparatory commit for an upcoming optimization
related to stream data, but it probably does save us an
occasional DB hop to the realm table.
2017-09-20 10:31:33 -07:00
Steve Howell 0966bf1a48 Simplify get_stream_cache_key().
Before this commit, we could pass in either a Realm object
or a realm_id to get_stream_cache_key().  Now we consistently
pass it a realm_id.
2017-09-20 10:31:33 -07:00
Steve Howell 0e24e6bdfa Add test_num_queries_with_streams() for home page. 2017-09-20 10:31:33 -07:00
Steve Howell 9773750375 tests: Count queries for home page. 2017-09-20 10:31:33 -07:00
Harshit Bansal 122167148a notifications: Fix the misalignment of emojis with the message text.
Fixes: #6579.
2017-09-20 10:30:35 -07:00
kunall17 1436d558a3 APNs: Add message body to notification payload.
(Edited by greg to leave the badge logic as is for now.)
2017-09-18 16:37:02 -07:00
invinciblycool 5475c5cedb tests: Replace test_user_agent_parsing with a normal test.
Previously, this was its own separate test script; now it's a normal
part of the test suite.

Tweaked by tabbott to use a proper test method.

Fixes #6327.
2017-09-16 03:56:18 -07:00
Tim Abbott a1ddd934b4 bots: Fix calculation of bot domain with REALMS_HAVE_SUBDOMAINS.
Previously, the bot domain was calculated correctly in most
circumstances, but if you were using the root domain, it would be
e.g. ".chat.zulip.org", not "chat.zulip.org".  We fix this, with
perhaps more use of setting REALMS_HAVE_SUBDOMAINS than would be ideal
if we weren't about to set that True unconditionally.
2017-09-16 02:49:15 -07:00
Tim Abbott 0d5badb71a urls: Remove robots.txt blocking Zulip serves from search engines.
This was added back in 2012 and seems to have been accidentally not
updated since then.
2017-09-16 01:59:40 -07:00
Tim Abbott e1498988d9 test_choose_realm: Hardcode REALMS_HAVE_SUBDOMAINS.
This is the only case that'll be important in the future, and this
is a nice checkpoint on the path to making REALMS_HAVE_SUBDMAINS=True.
2017-09-15 13:11:12 -07:00
Tim Abbott 064c8e39d6 backends: convert GitHub auth tests to consistently use zulip subdomain. 2017-09-15 13:09:02 -07:00
Tim Abbott f1133ab53e test_notifications: Fix HTML tests to assume REALMS_HAVE_SUBDOMAINS.
This is a step towards making REALMS_HAVE_SUBDOMAINS the default.
2017-09-15 12:28:38 -07:00
Steve Howell 1553dc00e0 Introduce StreamRecipient class.
This class encapsulates the mapping of stream ids to
recipient ids, and it is optimized for bulk use and
repeated use (i.e. it remembers values it already fetched).

This particular commit barely improves the performance
of gather_subscriptions_helper, but it sets us up for
further optimizations.

Long term, we may try to denormalize stream_id on to the
Subscriber table or otherwise modify the database so we
don't have to jump through hoops to do this kind of mapping.
This commit will help enable those changes, because we
isolate the mapping to this one new class.
2017-09-15 10:44:32 -07:00
Tim Abbott 15781dbc83 server_settings: Add email auth related features to data sent to clients.
This should make it possible for the mobile app to correctly allow
non-email addresses as usernames exactly when it makes sense to do so.
2017-09-15 10:30:20 -07:00
Supermanu 5f41f3c3cb backends.py: Expose backends that require email usernames 2017-09-15 10:29:02 -07:00
Supermanu 28beddfd76 backends.py: Enable auth with any ldap attributes as username.
This commit enables user to authenticate with any attribute set in
AUTH_LDAP_USER_SEARCH given that LDAP_EMAIL_ATTR is set to an email
attributes in the ldap server. Thus email and username can be
completely unrelated.

With some tweaks by tabbott to squash in the documentation and make it
work on older servers.
2017-09-15 10:28:41 -07:00
Rishi Gupta b9c8747bd0 hotspots: Use tutorial_status to manage whether we show hotspots. 2017-09-15 04:14:52 -07:00
Rishi Gupta ac48772732 hotspots.js: Fix timeout millisecond conversion. 2017-09-15 04:14:52 -07:00
Rishi Gupta a8deedbbb6 hotspots: Replace stream_settings with intro_streams and intro_topics. 2017-09-15 04:14:52 -07:00
Rishi Gupta 0677bd2a6d hotspots: Rename and update new_topic_button. 2017-09-15 04:14:52 -07:00
Rishi Gupta 4a383544af hotspots: Rename and update click_to_reply. 2017-09-15 04:14:52 -07:00
Vishnu Ks 22bab1c7ec events: Add upload_quota to initial state data. 2017-09-15 01:27:27 -07:00
Vishnu Ks 0ce62cd3e1 events: Add total_uploads_size to initial state data. 2017-09-15 01:27:20 -07:00
Steve Howell 7159f34bed Avoid getting realm emoji unless there is emoji syntax. 2017-09-15 01:09:08 -07:00
Steve Howell 8a941d03ae Avoid querying streams unless there are stream links. 2017-09-15 01:09:08 -07:00
Steve Howell c3032a7fe8 Avoid looking up emails when rendering messages.
We now fetch email -> id mappings for messages ONLY if
it potentially uses the !avatar(foo@example.com) syntax.
2017-09-15 01:09:08 -07:00
Steve Howell 4e7fce60ee Add possible_mentions() to speed up rendering.
We now triage message content for possible mentions before
going to the cache/DB to get name info.  This will create an
extra data hop for messages with mentions, but it will save
a fairly expensive cache lookup for most messages.  (This will
be especially helpful for large realms.)

[Note that we need a subsequent commit to actually make the speedup
happen here, since avatars also cause us to look up all users in
the realm.]
2017-09-15 01:09:08 -07:00
Tim Abbott 5722237f59 push: Rename received_pm to private_message.
This is a clearer name for this now more broadly used interface.
2017-09-14 05:41:37 -07:00
Sarah 97571a203d push: Add new formatting for stream message push and add tests.
This should make the push notifications for messages to streams with
the new stream push notifications setting enabled make sense.
2017-09-14 05:41:37 -07:00
Sarah c3a8138f74 user_settings: Add push notifications for all stream messages.
Add setting to enable push notifications for all stream messages.
2017-09-14 05:41:37 -07:00
Steve Howell d723be125a Optimize get_recipient_info() for sending messages.
This commit makes get_recipient_info() faster by never creating
Django ORM objects.  We use the ORM to create a values query
instead, and then we iterate over the rows to create various
collections of ids.

In order to avoid lots of code duplication, this commit unifies
how we query UserProfile for PMs and streams.  Prior to this
commit we were getting "wide" UserProfile objects out of
our memcached cache.  Now we just go to the database with our
list of userids.  The new approach at worst adds one hop to the
database for PMs, which aren't really a performance bottleneck
(compared to streams).  And the new approach actually saves a
hop when both partners aren't in cache (plus we don't pay the
penalty of hitting the cache itself).

The performance improvement here is easy to measure for messages
to streams with many users, even with all the other activity
that goes on inside do_send_messages().  I took test_performance()
in test_messages.py, set num_extra_users to 3000, and consistently
measured a ~20% speedup in do_send_messages().

This commit also eliminates fetching of emails.  We probably
could have done that in a prior commit, but in this commit it
is very explicit that we don't need it.  While removing email
from the query is a no-brainer, it actually had a negigible
impact on performance.  Almost all the savings here comes from
not create UserProfile objects.
2017-09-12 04:22:55 -07:00
Steve Howell 82b2bd8b65 Take user_ids in get_userids_for_missed_messages().
This helps us phase out the need for getting lots of UserProfile
objects.
2017-09-12 04:22:55 -07:00
Steve Howell ba397b5109 Use user_ids, not full objects, in render path.
There is no reason for either render_incoming_message() or
render_markdown() to require full UserProfile objects just to
triage alert words.

By only asking for user_ids, we save extra queries in two
callpaths and we make it easier to start using user_ids in
do_send_messages().
2017-09-12 04:22:55 -07:00
Steve Howell 262abe41ab Add a performance test for do_send_messages(). 2017-09-12 04:22:55 -07:00
Steve Howell b6bb7f2b1e Fix bug where we hard code realm for PushDeviceToken.
This had no test coverage, which is part of the reason it went
undetected, plus many instances probably only have one realm
with realm_id=1.
2017-09-08 12:32:17 -07:00
Steve Howell 69203c1c81 fix_unreads: Remove commit() call in fix().
The commit() call in fix() breaks migrations and tests (unless you
mock) due to outer transactions.

We now explicitly call commit() from the management command.
2017-09-07 07:06:03 -07:00
Steve Howell a2fe4178be Extract zerver/lib/fix_unreads.py.
This is a pure code move.
2017-09-07 07:06:03 -07:00
Steve Howell 848c0803bd Exclude muted topics from unread count. 2017-09-07 07:06:03 -07:00
Steve Howell f5edeb01ae Calculate idle users more efficiently when sending messages.
Usually a small minority of users are eligible to receive missed
message emails or mobile notifications.

We now filter users first before hitting UserPresence to find idle
users.  We also simply check for the existence of recent activity
rather than borrowing the more complicated data structures that we
use for the buddy list.
2017-09-07 06:59:44 -07:00
Steve Howell 4ac6bc46c7 Add MutedTopic model.
This commit completely switches us over to using a
dedicated model called MutedTopic to track which topics
a user has muted.

This includes the necessary migrations to create the
table and populate it from legacy data in UserProfile.

A subsequent commit will actually remove the old field
in UserProfile.
2017-09-02 09:19:51 -07:00
Steve Howell 06ca364049 minor: Test round-trip behavior for mutes.
Instead of peeking directly at the DB to verify our mutes are
set correctly, we now use the library function.  This prepares
us to modify the DB internals while preserving the tests.
2017-08-30 09:14:41 -07:00
Brock Whittaker 2140a4aa01 landing: Add /plans/ describing ways to use Zulip.
Note from tabbott: This isn't yet linked to and will need to go
through significantly more iteration, but it's a start.
2017-08-30 07:56:22 -07:00
Greg Price a4bcf1a64b APNs: Handle HTTP connection errors, and retry.
Should help with #6321 as at least a band-aid.
2017-08-29 15:27:41 -07:00
Greg Price 780e1ac5b2 push notifs: Add a simple test for the new APNs provider. 2017-08-29 15:27:41 -07:00
Steve Howell 0501570cd1 Remove POST-based API for setting topic mutes. 2017-08-29 16:53:38 -04:00
Steve Howell 0959c978c3 Fix lint error from recent subdomains commit.
We did a code sweep recently for subdomains (see
60be89d0).
2017-08-29 08:35:37 -07:00
Tim Abbott 60be89d00e test_push_notifications: Declare subdomains explicitly. 2017-08-28 23:19:07 -07:00
Tim Abbott 4a22316d90 test_decorator: Add explicit subdomains in tests. 2017-08-28 22:51:57 -07:00
Rishi Gupta c1997e759c password_reset: Change email to be appropriate for obtaining first password.
The situation if, for instance, the user signed up via google auth, and now
needs a password to get their API key.
2017-08-28 20:39:53 -07:00
Tim Abbott 50f5560bd1 accounts: Standardize URL for find_account.
This changes it to match the /accounts/ URL style for all of our other
auth code path endpoints.
2017-08-28 14:36:59 -07:00
Tim Abbott ac0d90e533 portico: Rename 'find_my_team' to 'find_account'. 2017-08-28 14:29:29 -07:00
Tim Abbott a0a1fe1512 settings: Rename SERVER_URI to ROOT_DOMAIN_URI.
This should be a lot less confusing.

See #6013 for discussion.
2017-08-28 14:09:28 -07:00
Umair Khan ecfafc05c0 registration: Use already_registered to show error.
Use this new variable to determine if the user already exists while
doing registration. While doing login through GitHub if we press
*Go back to login*, we pass email using email variable. As a result,
the login page starts showing the "User already exists error" if we
don't change the variable.
2017-08-28 07:02:11 -07:00
Steve Howell 73c30774cb admins: Add private streams to never_subscribed.
Admins need to know about private streams to delete them, even
if they are not subscribed.  We send the minimal info possible
to the client to allow them to have a UI for that.
2017-08-27 19:08:04 -07:00
Steve Howell 8ea9b80a8c Clean up test_never_subscribed_streams().
This basically extracts a few helper methods and makes the data
setup a bit more explicit.
2017-08-27 19:08:04 -07:00
Steve Howell 313f73258d Allow admins to delete private streams (backend only).
This is the backend piece.  Getting the UI right here is a bit
more complicated here, but this allows admins to use the API
to delete streams.
2017-08-27 19:08:04 -07:00
Preston Hansen 5a501784f2 digest emails: Add unit tests for digest email management.
Fixes #6266.
2017-08-27 13:10:14 -07:00
Vishnu Ks dc63f838d7 backend-tests: Add tests for get_users with all-users argument enabled. 2017-08-27 12:34:23 -07:00
Aditya Bansal 9d7e23c100 softdeactivation/management: Make specifying realm an optional arg. 2017-08-27 11:33:06 -07:00
Tim Abbott 1c8c5cc36f test_messages: Fix deactivation tests for new /me behavior. 2017-08-27 09:58:02 -07:00
Tim Abbott 92efe94a27 tests: Remove unnecessary apns mock. 2017-08-26 15:00:08 -07:00
Tim Abbott f0637cb01a push_notifications: Fix one last lint error. 2017-08-26 14:34:17 -07:00
Greg Price 613d093d7d push notifs: Implement APNs with new API.
And it works!

A couple of things still to do:

 * When a device token is no longer active, we'll get HTTP status 410.
   We should then remove the token from the database so we don't keep
   trying to push to it.  This is fairly urgent.

 * The library we're using has a nice asynchronous API, but this
   version doesn't use it.  This is OK now, but async will be
   essential at scale.
2017-08-26 14:16:05 -07:00
Greg Price d02101a401 APNs: Rip out the existing, broken implementation.
This code empirically doesn't work.  It's not entirely clear why, even
having done quite a bit of debugging; partly because the code is quite
convoluted, and because it shows the symptoms of people making changes
over time without really understanding how it was supposed to work.

Moreover, this code targets an old version of the APNs provider API.
Apple deprecated that in 2015, in favor of a shiny new one which uses
HTTP/2 to meet the same needs for concurrency and scale that the old
one had to do a bunch of ad-hoc protocol design for.

So, rip this code out.  We'll build a pathway to the new API from
scratch; it's not that complicated.
2017-08-26 14:16:05 -07:00
Tim Abbott f51f89a86e test_upload: Explicitly declare subdomains. 2017-08-26 13:45:27 -07:00
Tim Abbott d18f389bb5 test_messages: Set subdomain explicitly in most tests. 2017-08-26 13:45:27 -07:00
Tim Abbott f48bad2734 test_signup: Remove now-unnecessary mocking of subdomain. 2017-08-26 13:45:27 -07:00
Tim Abbott 9c85ccf70f test_signup: Use HostRequestMock.
PostRequestMock is less useful and going to break soon.
2017-08-26 13:45:27 -07:00
rht 437b2a3146 Update "MacOS" text to "macOS" 2017-08-26 09:00:42 -07:00
Tim Abbott 20c0d27317 test_narrow: Specify subdomains explicitly. 2017-08-25 16:09:52 -07:00
Tim Abbott edc095db6d test_subs: Explicitly declare subdomains. 2017-08-25 16:09:51 -07:00
Tim Abbott 6caca80ab7 test_presence: Specify subdomains for Zephyr tests. 2017-08-25 16:08:37 -07:00
Tim Abbott 7a5eb9dd9f tornado: Add support for testing with subdomains. 2017-08-25 15:42:58 -07:00
Tim Abbott acdeaca2a8 test_zephyr: Explictly declare subdomain in requests. 2017-08-25 15:42:50 -07:00
Tim Abbott 43cfe73908 tests: Make requests use the "zulip" subdomain by default.
Previously, we didn't pass customized HTTP_HOST headers when making
network requests.  As we move towards a world where everything is on a
subdomain, we'll want to start doing that.

The vast majority of our test code is written to interact with the
default "zulip" realm, which has a subdomain of "zulip".  While
probably longer-term, we'll wish this was the root domain, for now, we
need to make our HTTP requests match what is expected by the test
code.

This commit almost certainly introduces some weird bugs where code was
expecting a different subdomain but the tests doesn't fail yet.  It's
not clear how to find all of these, but I've done some grepping.
2017-08-25 15:42:49 -07:00
Tim Abbott ba64d4ee29 server_settings: Add additional subdomains test case.
This will help preserve 100% test coverage as we refactor to set
REALMS_HAVE_SUBDOMAINS=True unconditonally.
2017-08-25 15:42:43 -07:00
Tim Abbott 64e895533b test_docs: Add tests for different subdomain states.
This helps maintain 100% test coverage on the new test_classes code.
2017-08-25 15:42:43 -07:00
Tim Abbott 4229faf36e tests: Remove old six.PY2 code paths. 2017-08-25 11:05:16 -07:00
Tim Abbott b8e7369dee mypy: Remove type: ignores not needed in Python 3. 2017-08-25 11:04:20 -07:00
Umair Khan 9720d3a986 accounts_register: Use redirect_to_deactivation_notice. 2017-08-25 00:09:06 -07:00
Umair Khan 43c40f6144 Add tests for deactivation notice. 2017-08-25 00:09:06 -07:00
Tim Abbott 7d08ff69f0 tests: Remove most references to get_api_key.
This test helper doesn't really have value.
2017-08-24 23:30:46 -07:00
Tim Abbott e2ae096035 test_signup: Fix coverage of remaining find_my_team code. 2017-08-24 23:30:46 -07:00
Tim Abbott 59aae22f99 registration: Fix find_my_team handling of unusual users. 2017-08-24 23:17:08 -07:00
Tim Abbott ca7075a0a8 test_signup: Clean up find_my_team test suite. 2017-08-24 23:17:08 -07:00
Tim Abbott eeabed9119 models: Add new get_user_profile_by_api_key helper.
This results in a slight performance increase.
2017-08-24 23:17:08 -07:00
Tim Abbott 2aab6e0f49 forms: Replace is_inactive with more comprehensive check.
While we're at it, we clean up the old confusing error messages.
2017-08-24 23:16:31 -07:00
Tim Abbott 5fa7c3e0b2 test_classes: Clean up API for unsubscribing.
The old API required test authors to unnecessarily repeat themselves.
2017-08-24 21:37:57 -07:00
Tim Abbott eb720485c5 tests: Add and use new self.subscribe.
This new method cleans up the API for subscribing to something from a
test case.
2017-08-24 21:37:57 -07:00
Tim Abbott 60105fe38a registration: Remove accounts_home_with_realm_str.
This was the old mechanism for logging into a specific realm on a
server with more than one not using REALMS_HAVE_SUBDOMAINS.
2017-08-24 20:44:52 -07:00
Tim Abbott 80458945c7 tests: Remove unnecessary use of get_realm_by_email_domain.
That function was primarily intended for some limited registration
code paths, not the generic usage it was getting.
2017-08-24 20:22:56 -07:00
Aditya Bansal 6a2c83f051 notifications: Group messages by (recipient, sender) for PM's.
This fixes a issue with multiple PM's being clubbed into a single
missed message email.

Fixes #6224.
2017-08-24 19:58:55 -07:00
Tim Abbott 3d4893d906 settings: Rename SUBDOMAINS_HOMEPAGE to ROOT_DOMAIN_LANDING_PAGE.
This new setting name is a lot more readable.
2017-08-24 19:32:16 -07:00
Tim Abbott ab61fe5922 auth: Fix Google auth to not assume SUBDOMAINS_HOMEPAGE.
Previously, Google auth would redirect you back to the login page on
this code path.
2017-08-24 19:03:42 -07:00
Tim Abbott 8b0c0c33b5 login: Fix logging for login/register actions.
Previously, Zulip's server logs would not show which user or client
was involved in login or user registration actions, which made
debugging more annoying than it needed to be.
2017-08-24 16:29:27 -07:00
Tim Abbott 5206dad373 decorator: Fix is_browser_view handling of e.g. mobile apps.
We may end up with some endpoints that could be the browser or the
mobile apps, and we want the right default to happen here.
2017-08-24 16:26:57 -07:00
Tim Abbott 7ffc107061 decorator: Rename is_json_view to is_browser_view.
This improves clarity, now that we're planning to start logging in the
login/registration pages, which aren't browser views.
2017-08-24 16:25:08 -07:00
Vishnu Ks f9a6dffe1a management: Add add_user_list_args function to ZulipBaseCommand. 2017-08-24 14:29:32 -07:00
Steve Howell 87c4961597 Add zerver/lib/topic_mutes.py
This is mostly pure code extraction.

It also removes some dead code in update_muted_topic, where
were updating muted_topics spuriously before calling
do_update_muted_topic.
2017-08-24 14:20:35 -07:00
Tim Abbott f46f3871b4 integrations: Add support for using root subdomain.
This fixes up the URL/link construction to make the root subdomain work.
2017-08-23 23:18:36 -07:00
Tim Abbott d44ac5c320 auth: Clean up google_oauth2_test arguments. 2017-08-23 20:50:03 -07:00
Tim Abbott d3e3c704d4 do_create_realm: Remove unnecessary second return value.
Unlike creating a stream, there's really no reason one would want to
call the function to create a realm while uncertain whether that realm
already existed.
2017-08-23 20:07:17 -07:00
Tim Abbott 8a65fdce49 subdomains: Fix over-aggressive redirect to find_my_team.
If the root domain is a valid subdomain, we don't want to redirect
everyone away from it.
2017-08-23 20:07:17 -07:00
Tim Abbott 397340b454 test_events: Fix a missing mypy import. 2017-08-23 20:04:20 -07:00
Vishnu Ks 8418f0d30e dev_login: List realms and show only users in the selected realm. 2017-08-23 19:27:32 -07:00
Tim Abbott 225debdbc5 test_events: Fix a misplaced type annotation. 2017-08-23 19:19:14 -07:00
Steve Howell f797604e66 Add test coverage for unreads count (stream muting). 2017-08-23 18:00:59 -07:00
Vishnu Ks 59790f37fc models: Create get_notifications_stream method in class Realm. 2017-08-23 17:50:34 -07:00
Steve Howell 2b4faaa847 Support non-search queries in /json/messages/matches_narrow.
For filters like has:link, where the web app doesn't necessarily
want to guess whether incoming messages meet the criteria of the
filter, the server is asked to query rows that match the query.

Usually these queries are search queries, which have fields for
content_matches and subject_matches.  Our logic was handling those
correctly.

Non-search queries were throwing an exception related to tuple
unpacking.  Now we recognize when those fields are absent and
do the proper thing.

There are probably situations where the web app should stop hitting
this endpoint and just use its own filters.  We are making the most
defensive fix first.

Fixes #6118
2017-08-23 01:07:57 -07:00
Tim Abbott 06f8fd529d realm: Add clear error message for too-long realm name.
This fixes an exception we saw in production, as well as fixing the
form to not offer ultra-long names that we don't allow.
2017-08-22 22:04:52 -07:00
Tim Abbott 7c37fc8909 auth: Improve robustness of not sending duplicate login emails.
Previously, we had a very not-robust check on the URL, which might
have caused cases like Google auth registration to not do the right
thing.
2017-08-22 16:26:30 -07:00
Umair Khan a5c05f9812 push_notification: Retry event in case of error.
Fixes #5301
2017-08-22 11:16:48 -07:00
Steve Howell 81e3f489f2 Use sender realm in user_profiles_from_unvalidated_emails.
This change is mostly based on a similar commit from hackerkid
in a feature branch.  It borrows both code and ideas.  Some of
it's my own stuff, as I was working on a newer branch.

We now call get_user_including_cross_realm_email() inside of
user_profiles_from_unvalidated_emails(), instead of using
get_user_profile_by_email.

This requires a few of our callers to pass down sender into us.

One consequence of this change is that we change the symptoms
for trying to send to emails outside of your realm.  In some
cases, we simply raise an error that an email is invalid to us
instead of getting into the deeper validate_recipient_user_profiles
check.
2017-08-22 10:42:15 -07:00
Steve Howell 54edecd510 Replace adddressee.for_email() with for_user_profile().
This requires us to change not just the immediate caller, but
also some of their callers, to pass user_profile objects around
instead of emails.
2017-08-22 10:42:15 -07:00
Steve Howell 30d37d1270 Add Addressee class.
This class simplifies the calling sequence to methods like
check_message and _internal_prep_message, and it's also more
type safe.

Checking for message types is encapsulated with calls to is_stream()
and is_private().  There are also shortcut constructors when you
know that the type of the address (stream vs. private), which is often.
2017-08-22 10:42:15 -07:00
Tim Abbott 58edf75962 api: Allow incoming webhook bots to use the send_message API. 2017-08-22 10:06:34 -07:00
Steve Howell e12da79732 create_realm: Redirect to a nice error page for SMTP errors.
Fixes #3850
2017-08-21 15:39:26 -07:00
Steve Howell 99e08fe49a accounts_home: Redirect to nice error page for SMTP errors. 2017-08-21 15:39:26 -07:00
Steve Howell ac80d1df0a Add /config-error/smtp endpoint for SMTP errors. 2017-08-21 15:39:26 -07:00
Aditya Bansal 7a2667ce53 soft_deactivation: Fix flaky tests by seeding message for users.
In this we basically seed a single message for the user which will
be soft deactivated by sending a stream message / group PM to
ensure that is has at least one UserMessage row, since in real
world every human user will always have at least one User Message
row.
2017-08-18 07:02:11 -04:00
Tim Abbott ef722c5688 tests: Remove unused ujson imports. 2017-08-17 09:05:52 -07:00
Umair Khan 6e87108d46 result.json: Upgrade test_users. 2017-08-17 09:03:35 -07:00
Umair Khan 212571ab86 result.json: Upgrade test_subs. 2017-08-17 09:03:35 -07:00
Umair Khan eb04fc006e result.json: Upgrade test_settings. 2017-08-17 09:03:35 -07:00
Umair Khan d44c1e7070 result.json: Upgrade test_realm_emoji. 2017-08-17 09:03:35 -07:00
Umair Khan 7b85e40ef5 result.json: Upgrade test_realm_domains. 2017-08-17 09:03:35 -07:00
Umair Khan 90099ffeb2 result.json: Upgrade test_reactions. 2017-08-17 09:03:35 -07:00
Umair Khan 351426df8b result.json: Upgrade test_presence. 2017-08-17 09:03:35 -07:00
Umair Khan 4c8933b844 result.json: Upgrade test_narrow. 2017-08-17 09:03:35 -07:00
Umair Khan 7bb9ac0014 result.json: Upgrade test_messages. 2017-08-17 09:03:35 -07:00
Umair Khan 025f7247cf result.json: Upgrade test_external. 2017-08-17 09:03:35 -07:00
Umair Khan 2b7bb6e965 result.json: Upgrade test_events. 2017-08-17 09:03:35 -07:00
Umair Khan de5f43ea47 result.json: Upgrade test_bots. 2017-08-17 09:03:35 -07:00
Umair Khan 1c09f95e0e result.json: Upgrade test_auth_backends. 2017-08-17 09:03:35 -07:00
Steve Howell 47bcedbc1b Fix server searches for is:mentioned and is:alerted.
Before this change, server searches for both
`is:mentioned` and `is:alerted` would return all messages
where the user is specifically mentioned (but not
at-all mentions).

Now we follow the JS semantics:

    is:mentioned -- all mentions, including wildcards
    is:alerted  -- has an alert word

Here is one relevant JS snippet:

        } else if (operand === 'mentioned') {
            return message.mentioned;
        } else if (operand === 'alerted') {
            return message.alerted;

And here you see that `mentioned` is OR'ed over both mention flags:

    message.mentioned = convert_flag('mentioned') || convert_flag('wildcard_mentioned');

The `alerted` flag on the JS side is a simple mapping:

    message.alerted = convert_flag('has_alert_word');

Fixes #5020
2017-08-16 11:29:12 -07:00
Tim Abbott 8600efcf36 test_bugdown: Fix duplicated test name. 2017-08-16 11:29:12 -07:00
Tim Abbott d2288154f6 bugdown: Fully remove mentions matching @name.
Given typeahed and the fact that this only worked if the person had a
full name that didn't contain whitespace, this side effect of the
original @shortname mentionfeature that we removed was experienced by
users as a bug.

Fixes #6142.
2017-08-16 11:18:09 -07:00
Vaida Plankyte 52046d537a auth.py: Add config_error page for misconfigured github/google auth.
Significantly modified by tabbott to use a better system, pass tests,
and clean up the content.
2017-08-16 10:05:19 -07:00
Tim Abbott 46b5c942aa test_narrow: Fix remaining case of search tests flaking with "lunch".
We apparently were using the default of num_before=1, not
num_before=0, which meant that if the very last randomly generated
message was one by cordelia mentioning lunch,
test_get_messages_with_search would fail because there were actually 3
matches.
2017-08-16 07:37:06 -07:00
Umair Khan 3afa8ad6a6 test_users: Upgrade to HttpResponse.json(). 2017-08-16 07:06:58 -07:00
Umair Khan d051bfbcb4 test_urls: Upgrade to HttpResponse.json(). 2017-08-16 07:06:58 -07:00
Umair Khan d3ced34152 test_uploads: Upgrade to HttpResponse.json(). 2017-08-16 07:06:58 -07:00
Umair Khan b9785cd4d6 test_subs: Upgrade to HttpResponse.json(). 2017-08-16 07:06:58 -07:00
Umair Khan b14603249f test_realm_filters: Upgrade to HttpResponse.json(). 2017-08-16 07:06:58 -07:00
Umair Khan bab6893dbb test_realm_emoji: Upgrade to HttpResponse.json(). 2017-08-16 07:06:58 -07:00
Umair Khan ed12419061 test_reactions: Upgrade to HttpResponse.json(). 2017-08-16 07:06:58 -07:00
Umair Khan 02aab6a43f test_presence: Upgrade to HttpResponse.json(). 2017-08-16 07:06:58 -07:00
Umair Khan 70996de415 test_messages: Upgrade to HttpResponse.json(). 2017-08-16 07:06:58 -07:00
Umair Khan 0e119c0ec2 test_bugdown: Upgrade to HttpResponse.json(). 2017-08-16 07:06:58 -07:00
Umair Khan 2b6c6d823d test_bots: Upgrade to HttpResponse.json(). 2017-08-16 07:06:58 -07:00
Umair Khan 366d2927c3 test_attachments: Upgrade to HttpResponse.json(). 2017-08-16 07:06:58 -07:00
Umair Khan 64c961f5de test_alert_words: Upgrade to HttpResponse.json(). 2017-08-16 07:06:58 -07:00
Tim Abbott 7c4eb43f34 test_notifications: Fix reply-to email for test suite.
It turns out that moving NOREPLY_EMAIL_ADDRESS DEFAULT_SETTINGS
unexpectedly changed its value in the test suite.
2017-08-15 18:33:15 -07:00
Brock Whittaker 83184d5c60 /about/: Merge with /authors, redesign page.
This adds the authors to the Zulip repository on GitHub from
/authors/ along with re-styling the page to fit the same
aesthetic as /for/open-source/ and other product-pages.
2017-08-15 16:09:01 -07:00
Tim Abbott 353a61b1d8 test_signup: Clean up re-fetching of user objects. 2017-08-15 12:52:23 -07:00
Jack Zhang 182570d5f3 Deduplicate header markup for portico and portico-help templates. 2017-08-15 12:15:21 -07:00
Tim Abbott 5a63ea0170 decorator: Extract validate_account_and_subdomain and deduplicate.
This fixes the significant duplication of code between the
authenticate_log_and_execute_json code path and the `validate_api_key`
code path.

These's till a bit of duplication, in the form of `process_client` and
`request._email` interactions, but it is very minor at this point.
2017-08-15 10:54:23 -07:00
Tim Abbott 25ec30dcf1 decorator: Deduplicate validate_api_key by using new helper function.
This should eliminate a bunch of duplicated code between these two
code paths.
2017-08-15 10:54:23 -07:00
Tim Abbott 3c37795675 decorator: Add localhost/Tornado hack to access_user_by_api_key.
This should make it possible to share that code with other code paths.
2017-08-15 10:54:23 -07:00
Tim Abbott 842bf77efb unread: Convert mark_topic_as_read to use stream IDs.
This is safer in its handling of potentially renamed streams.
2017-08-15 10:40:02 -07:00
Tim Abbott f3a41ac796 unread: Convert mark_stream_as_read to use stream IDs.
The logic is simpler and more robust.
2017-08-15 10:40:02 -07:00
Steve Howell 89f9017686 Create new endpoints for marking streams/topics as read.
The new endpoints are:
    /json/mark_stream_as_read: takes stream name
    /json/mark_topic_as_read: takes stream name, topic name

The /json/flags endpoint no longer allows streams or topics
to be passed in as parameters.
2017-08-15 10:17:29 -07:00
Steve Howell 60cc8fd58a Extract do_mark_stream_messages_as_read.
This function optimizes marking streams and topics as read,
by using UserMessage.where_unread(), which uses a partial
index on the "read" flag.

This also simplifies the code path for ordinary message
flag updates.

In order to keep 100% line coverage, I simplified the
logging in update_message_flags, so now all requests
will show the "actually" format.

This is an interim step toward creating dedicated endpoints
for marking streams/topics as reads, so we do error checking
with asserts for flag/operation, so we don't introduce a
temporary translation string.
2017-08-15 10:09:10 -07:00
Tim Abbott 9081f2cf44 reactions: Store the emoji codepoint in the database.
This is the first part of a larger migration to convert Zulip's
reactions storage to something based on the codepoint, not the emoji
name that the user typed in, so that we don't need to worry about
changes in the names we're using breaking the emoji storage.
2017-08-15 09:29:27 -07:00
Tim Abbott 3409806b88 test_narrow: Fix nondeterministic test failures with "lunch".
We recently changed the populate_db data set to include more variable
message content, which happened to include the possibility of the word
"lunch" appearing in the test messages.  This caused occasional
failures of the search tests that looked for messages containing
"lunch" starting at the beginning of time, not the beginning of the
test.
2017-08-15 09:20:45 -07:00
Aditya Bansal 25d9c7eea1 soft_deactivation: Add helper functions.
This commits adds new helper functions which are:
* get_users_for_soft_deactivation(): This function can be used to
fetch a list of human users which pass the criteria of minimum
inactivity period (in days) passed as a parameter to the function.
* do_soft_activate_users(): Given a list of users this function
reactivates them and help them catch up with the missing message
rows for them in the UserMessage table.
2017-08-15 08:33:16 -07:00
Aditya Bansal 0cb909b978 events: Fill in missing messages for a returing soft_deactivated user. 2017-08-15 08:33:16 -07:00
Aditya Bansal 658a14d0bb soft_deactivation: Stop creating UserMessage rows when soft deactivated. 2017-08-15 08:33:16 -07:00
Aditya Bansal 57858596ab soft_deactivation: Add new function 'add_missing_messages'.
This function will help us in creating undisturbed experience for
returning soft deactivated users.

Tweaked by tabbott to fix minor performance and clarity issues.
2017-08-15 08:29:51 -07:00
Aditya Bansal dc5510ce44 soft_deactivation: Add helper functions for deactivating users. 2017-08-15 08:29:28 -07:00
Steve Howell 274938bf5f Eliminate approximate_unread_count().
We use page_params.unread_msgs.count in the web
app instead.

Fixes #1300.
2017-08-14 12:39:00 -07:00
Jack Zhang 1e6570fa5d Update integrations doc context relative urls. 2017-08-10 10:21:53 -07:00
Jack Zhang 63ad7b6769 Rename /integrations/doc API endpoint as /integrations/doc-html. 2017-08-10 10:21:53 -07:00
Steve Howell c7b9044ee5 Fix apply_unread_message_event() for mentions.
We were exiting this function in certain cases before updating
mentions. This bug was always there, but it was flaky in terms
of database setup whether the tests would fail, so now the
relevant test sends three consecutive messages.

We also avoid putting duplicate message ids in mentions.
2017-08-10 05:09:04 -04:00
neiljp (Neil Pilgrim) 357c9ed016 mypy: Pass empty dict to makeRecord for args, instead of None. 2017-08-09 18:04:21 -07:00
Tim Abbott 1d10941712 register: Don't display field to enter password unless needed.
This should significantly improve the user experience for new users
signing up with GitHub/Google auth.  It comes complete with tests for
the various cases.  Further work may be needed for LDAP to not prompt
for a password, however.

Fixes #886.
2017-08-09 13:44:57 -07:00
Umair Khan 2c9a57161a registration: Add test for password less remote reg. 2017-08-09 13:44:57 -07:00
Umair Khan 4a3fde023f google: Respect is_signup argument.
This allows us to go to Registration form directly. This behaviour is
similar to what we follow in GitHub oAuth. Before this, in registration
flow if an account was not found, user was asked if they wanted to go to
registration flow. This confirmation behavior is followed for login
oauth path.
2017-08-09 13:44:57 -07:00
Umair Khan bb0eb76bf3 github: Don't ask for password in registration. 2017-08-09 13:44:57 -07:00
Vishnu Ks 6b46762384 management: Fix typo in get_realm CommandError message. 2017-08-08 14:13:19 -07:00
neiljp (Neil Pilgrim) b782db48e1 mypy: Remove superfluous older 'type: ignore' annotations. 2017-08-08 11:27:51 -07:00
neiljp (Neil Pilgrim) 67f1a72aae mypy: Ensure events test fails only due to settings absence. 2017-08-07 21:27:50 -07:00
neiljp (Neil Pilgrim) 334348cbca mypy: Use namedtuples for request objects in test_messages.py. 2017-08-05 17:53:18 -07:00
Tim Abbott fc0144f6e4 test_decorators: Annotate fake Request as HttpRequest. 2017-08-05 17:53:18 -07:00
neiljp (Neil Pilgrim) 6717f361ec mypy: Amend tornado_redirected_to_list calls to use Mapping. 2017-08-05 12:08:59 -07:00
Tim Abbott dd49bec93c Fix changing email addresses back after email change.
We apparently were not correctly clearing the user_profile's email
address from caches when changing email addresses, which meant that
trying to look up the old email in the user_profile caches would still
work.

Fixes #6035.
2017-08-05 10:49:44 -07:00
Rishi Gupta 251bd3e577 registration.py: Remove first_in_realm from accounts_register.
The parent commit implies first_in_realm == realm_creation.
2017-08-05 10:17:14 -07:00
Steve Howell 63f7b9a579 Remove "all" option for flag-updating endpoint.
The "all" option for 'message/flags' was dangerous, as it could
apply to any of our flags.  The only flag it made sense for, the
"read" flag, now has a dedicated endpoint.
2017-08-04 14:10:46 -07:00
Steve Howell 541156792e Add /mark_all_as_read endpoint.
This change simplifies how we mark all messages as read.  It also
speeds up the backend by taking advantage of our partial index
for unread messages.  We also use a new statsd indicator.
2017-08-04 14:10:46 -07:00
Umair Khan b2a2664715 rate_limiter: Upgrade clear_user_history to generic API.
Changes the name of the function to change_history as well.
2017-08-02 18:01:39 -07:00
Vaida Plankyte 02d65a67af frontend: Edit confirm_continue_registration.html to be clearer.
Fixes #5707.
2017-08-02 08:51:25 -07:00
Rishi Gupta 082c3a3c93 portico: Add for-working-groups-and-communities.md. 2017-08-02 00:19:34 -07:00
Rishi Gupta 94f7a5704f portico: Add for/companies. 2017-08-02 00:19:34 -07:00
Tim Abbott 32a5a54ba5 test_docs: Fix test for the redesigned /features page. 2017-08-02 00:09:32 -07:00
Rishi Gupta 852bbfa16a tutorial: Remove tutorial_finale.
Was already orphaned, since skip is always true. This is just removing the
code.
2017-08-01 22:38:22 -07:00
Rishi Gupta a51d8d4251 realm creation: Change initial realm messages and streams. 2017-08-01 22:38:22 -07:00
Tim Abbott a9fa1a5527 api: Migrate /json/messages_in_narrow off legacy API.
This completes the major endpoint migrations to eliminate legacy API
endpoints from Zulip.

There's a few other things that will happen naturally, so I believe
this fixes #611.
2017-07-31 13:08:06 -07:00
Tim Abbott ed10ce70d4 invites: Migrate to non-legacy API format.
This has the side effect of making it possible for a bot user to
invite users with its API key, which seems useful.
2017-07-31 13:08:06 -07:00
Tim Abbott 6a50e13156 uploads: Remove legacy /json/upload_file endpoint.
This migrates Zulip to use the equivalent API endpoint that has been
present for a while.
2017-07-31 13:08:06 -07:00
Tim Abbott 1e5aee054b settings: Migrate main settings-change code to API.
This was one of the few major remaining endpoints that were still on
the old-style legacy API.
2017-07-31 13:08:06 -07:00
Tim Abbott 9bf02fb913 custom_profile: Prevent bot users from accessing endpoint. 2017-07-31 13:08:06 -07:00
Tim Abbott 93261e14b7 hotspots: Prevent bot users from accessing endpoint. 2017-07-31 13:08:06 -07:00
Anna Liao 6a3c8ca2c5 push_notifications: Add human users only decorator.
This is part of #4517.
2017-07-31 13:08:06 -07:00
Tim Abbott 47eb7ee003 push_notifications: Fix incorrect URL being used in bouncer test.
This was actually testing the validation in the direct push
notifications code path, not the push notification boucner code path.
2017-07-31 13:08:06 -07:00
Tim Abbott 4b7c23f133 markdown: Rename bugdown-data.json to a more reasonable name. 2017-07-28 17:54:01 -07:00
Jack Zhang 11c27015f0 hotspots: Refactor backend for hotspots v2. 2017-07-28 16:34:13 -07:00
vaibhav 691aff55a3 bots: Add UI to select Slack compatible interface for webhooks.
interface_type select menu will be used to choose the interface
for outgoing webhooks. It will be displayed only when the selected
bot type is OUTGOING WEBHOOK type. The default value is GENERIC
interface type (1).
2017-07-28 16:22:55 -07:00
Tim Abbott 7778a66171 test_messages: Add a test for unauthorized mirroring of PMs. 2017-07-28 15:55:34 -07:00
Tim Abbott 8d0b743a6f test_messages: Add a test for PMs to deactivated users. 2017-07-28 15:53:33 -07:00
Tim Abbott a9e987f31d test_messages: Add a test for private messages copying self. 2017-07-28 15:49:27 -07:00
Aditya Bansal 452bbd9104 test_helpers: Extract stub for request_event_queue & get_user_events. 2017-07-28 14:50:55 -07:00
Steve Howell e6e3bbb780 Add a "mentions" section to unread message ids. 2017-07-27 16:14:26 -07:00
Jason Michalski 4f0110e081 Add unread_msgs to the initial state data.
We are adding a new list of unread message ids grouped by
conversation to the queue registration result. This will allow
clients to show accurate unread badges without needing to load an
unbound number of historic messages.

Jason started this commit, and then Steve Howell finished it.

We only identify conversations using stream_id/user_id info;
we may need a subsequent version that includes things like
stream names and user emails/names for API clients that don't
have data structures to map ids -> attributes.
2017-07-27 16:14:25 -07:00
Abhijeet Kaur 1deb58b178 bots: Add complete test-coverage for bot_lib.py file.
Also, add error handling for get_bot_handler instead of
throwing an assertion error.
2017-07-27 15:50:29 -07:00
Steve Howell 69fd967c5d topics history: Simplify data in /topics endpoint.
In anticipation of have all unread message ids available to the
web app in page_params (via a separate effort), we are simplifying
the /topics endpoint to no longer return unread counts.

Instead we have a list of tiny dictionaries with these fields:

    name - name of the topic
    max_id - max message id for the topic (aka most recent)

The items in the list are order by most-recent-topic-first.
2017-07-27 14:26:22 -07:00
Harshit Bansal 10265dbbd9 test_reactions: Migrate tests to use default test realm emoji. 2017-07-27 18:59:02 +00:00
Harshit Bansal 543cb11d17 test_realm_emoji: Migrate tests to use default test realm emoji. 2017-07-27 18:59:02 +00:00
Harshit Bansal 8fa861a020 test_realm_emoji: Add test.
Add a test for checking that non-admins can upload a custom emoji when
`add_emoji_by_admins_only` is set to False.
2017-07-27 18:59:02 +00:00
Harshit Bansal b683af2cbb test_realm_emoji: Fix some typos. 2017-07-27 18:59:02 +00:00
Harshit Bansal 4737363f0c test_bugdown: Migrate tests to use the default test realm emoji. 2017-07-27 18:59:02 +00:00
Harshit Bansal f34d4e8f19 test_notifications: Migrate tests to use the default test realm emoji. 2017-07-27 18:59:02 +00:00
Harshit Bansal eeb25b6b4b populate_db: Add a test realm emoji while populating databases.
Add `green_tick` realm emoji which can be used while performing tests.
2017-07-27 18:57:06 +00:00
Tim Abbott 3ff199c613 test_home: Fix test for /apps/ page. 2017-07-26 10:37:54 -07:00
Tim Abbott c9b2ef82c9 test_bugdown: Fix test for Twitter emoji.
Our work on the Twitter emoji added a new instance of our emoji syntax
between when we wrote 2d92f9dc0b and
rebase+merged it.
2017-07-26 10:20:25 -07:00
Tim Abbott 2e74dbf2d9 apps: Fix the documentation tests for /apps/. 2017-07-26 10:08:16 -07:00
digi0ps 2d92f9dc0b emoji: Change emoji image titles to use spaces instead of underscores.
Previously, the emoji images title display `🍼`.
This commit changes the title to display `baby bottle`.
2017-07-26 09:27:17 -07:00
Vishnu Ks 6551640c67 confirmation: Use ConfirmationKeyException in get_object_from_key.
Fixes #5739.
2017-07-25 18:44:30 -07:00
Rishi Gupta 817e574d86 emails: Change Zulip Missed Messages to sentence case. 2017-07-25 17:42:33 -07:00
Greg Price 11a7a17087 streams: Remove a redundant field in the `json_stream_exists` result.
This route is called only in `js/compose.js`, to handle autosubscribe.
That code doesn't check this "exists" field, because there's no need
-- the same information is already carried in whether the result was
success or failure.  So just eliminate it.

This makes the logic here a little simpler.  It also eliminates
another usage of the `data` parameter to `json_error`.  I have half a
mind to eliminate that parameter, in favor of making `JsonableError`
subclasses whenever there's structured data to include, in particular
to get the benefits of typing.  There are a couple of places where
that change isn't locally a clear win, but this is not one of them.
2017-07-25 15:33:11 -07:00
Greg Price 28b4234227 admin: Make an error about auth settings not mimic auth errors.
This error isn't saying that any kind of authentication or
authorization failed -- it's just a validation error like
any other validation error in the values the user is asking to
set.  The thought of authentication comes into it only because
the setting happens to be *about* authentication.

Fix the error to look like the other validation errors around it,
rather than give a 403 HTTP status code and a "reason" field that
mimics the "reason" fields in `api_fetch_api_key`.
2017-07-25 15:33:11 -07:00
Harshit Bansal a03ce01688 bugdown: Fix the rendering of emojis in twitter link previews.
Process the unicode emojis in twitter link previews and render them
properly. Before this we were not processing the unicode emojis in
twitter link previews and hence on the systems which don't have
fonts for displaying them they were rendered as blank boxes.

Fixes: #5427.
2017-07-24 17:32:05 -07:00
Harshit Bansal 127d1f995d test_bugdown.py: Add test for `url_to_a()`. 2017-07-24 17:31:08 -07:00
Harshit Bansal f2c04576bd models: Fix the URL validation code in `RealmFilter` model. 2017-07-24 17:31:08 -07:00
Abhijeet Kaur 6f60c65a65 embedded bots: Add tests for verification of embedded bot services.
Add test to check if the embedded bot service being used is in the
registry or not.
Add test to check if the bot being added to the registry has a valid
bot corresponding to it.
Move 'get_bot_handler' to 'zerver/lib/bot_lib.py' as it is an independent
function, not related to the 'EmbeddedBotWorker' class that it was
previously a part of.
2017-07-24 17:14:14 -07:00
Greg Price 9faa44af60 JsonableError: Optionally carry error codes and structured data.
This provides the main infrastructure for fixing #5598.  From here,
it's a matter of on the one hand upgrading exception handlers -- the
many except-blocks in the codebase that look for JsonableError -- to
look beyond the string `msg` and pass on the machine-readable full
error information to their various downstream recipients, and on the
other hand adjusting places where we raise errors to take advantage
of this mechanism to give the errors structured details.

In an ideal future, I think all exception handlers that look (or
should look) for a JsonableError would use its contents in structured
form, never mentioning `msg`; but the majority of error sites might
continue to just instantiate JsonableError with a string message.  The
latter is the simplest thing to do, and probably most error types will
never have code looking for them specifically.

Because the new API refactors the `to_json_error_msg` method which was
designed for subclasses to override, update the 4 subclasses that did
so to take full advantage of the new API instead.
2017-07-24 16:41:22 -07:00
Greg Price e18baff32c JsonableError: Rename message from `error` to `msg`.
The whole thing is an error, so "message" is a more apt word for the
error message specifically.  We abbreviate that as `msg` in the actual
HTTP responses and in the signatures of `json_error` and friends, so
do the same here.
2017-07-24 16:41:22 -07:00
Elliott Jin fcb889c5c0 outgoing webhooks: Remove process_failure interface method. 2017-07-24 14:10:14 -07:00
Elliott Jin fdc9294a6e outgoing webhooks: Don't call *_with_message if message is None. 2017-07-24 14:10:14 -07:00
Elliott Jin 3d815bcea9 outgoing webhooks: Return None instead of "" in process_success. 2017-07-24 14:10:14 -07:00
Elliott Jin a7713840d4 outgoing webhooks: Remove underscore from test class names. 2017-07-24 14:10:14 -07:00
Elliott Jin 6a61a8a431 outgoing webhooks: Consolidate interfaces into lib/outgoing_webhook.py 2017-07-24 14:10:14 -07:00
vaibhav 4c50c4fc76 Add outgoing webhook interface for Slack. 2017-07-24 14:10:14 -07:00
vaibhav e5be29bc3c Add tests for Generic Interface. 2017-07-24 14:10:14 -07:00
vaibhav ff63f0b1d3 Return response string instead of dict() from process_success, process_failure. 2017-07-24 14:10:14 -07:00
James Rowan bba90c5096 emails: Make missed message email come from 'Zulip Missed Messages.' 2017-07-21 14:24:03 -07:00
Jack Zhang e915321f89 registration: Remove organization type selection in realm creation. 2017-07-21 13:09:06 -07:00
Eeshan Garg 6fe3748826 decorator: Remove redundant tests for api_key_only_webhook_view.
We do not need to test the exception message being logged in every
test case where an exception is raised by a webhook function.
Testing it once should be enough; this makes the tests less
verbose.
2017-07-20 10:30:03 -07:00
Rishi Gupta 9782911aca portico: Add initial why zulip page. 2017-07-19 11:53:06 -07:00
Eeshan Garg a24ea56c53 decorator: Handle invalid JSON in api_key_only_webhook_view.
Exception logging within api_key_only_webhook_view fails when
ValueError is raised if the request.body passed to ujson.loads
isn't valid JSON. In this case, we now just convert the payload
to a string and log that. This allows us to inspect JSON payloads
that aren't being decoded properly.
2017-07-19 10:42:35 -07:00
Sarah eef9f15910 test_settings: Refactor to use UserProfile property_types framework. 2017-07-18 15:49:20 -07:00
Rishi Gupta 394f85eb76 confirmation: Change confirmation keys to have length 24. 2017-07-17 23:18:47 -07:00
Rishi Gupta 5d168c90f9 confirmation: Remove ConfirmationManager.
Also adds Confirmation.type, and cleans up the rest of Confirmation to look
more like the model definitions in zerver.

In the migration, all existing confirmations adopt the type
USER_REGISTRATION, to be conservative. In a few commits, different
confirmation types will have different validity periods, and
USER_REGISTRATION will have the shortest default.
2017-07-17 23:18:47 -07:00
Rishi Gupta 0f4b71b766 confirmation: Liberate get_link_for_object from ConfirmationManager. 2017-07-17 23:18:47 -07:00
Aditya Bansal f2d6194ae1 actions: Start logging subscription activities in RealmAuditLog. 2017-07-17 17:23:41 -07:00
Brock Whittaker 38440d6ba4 Change product page nav and hero styling. 2017-07-17 16:12:36 -07:00
Rishi Gupta ea8c1c3cad emails: Use ScheduledEmail.user in send_future_email. 2017-07-17 16:05:38 -07:00
Rishi Gupta aa845e7f60 models: Replace ScheduledJob with ScheduledEmail.
ScheduledJob was written for much more generality than it ended up being
used for. Currently it is used by send_future_email, and nothing
else. Tailoring the model to emails in particular will make it easier to do
things like selectively clear emails when people unsubscribe from particular
email types, or seamlessly handle using the same email on multiple realms.
2017-07-17 16:05:38 -07:00
Vishnu Ks f9245e26d9 Make user_id, realm_id mandatory in _get_unversioned_avatar_url. 2017-07-17 21:01:30 +00:00
Rishi Gupta 898269bbac email: Change send_email to raise exception on failure.
More in line with how we do error handling in the rest of Zulip.
2017-07-16 16:56:39 -07:00
Rishi Gupta f1aaf4cc33 emails: Remove the display_email function.
No longer needed, since this now only appears in build_email.
2017-07-16 16:56:39 -07:00
Rishi Gupta eacdb0b302 emails: Change welcome emails to use to_user_id. 2017-07-16 16:56:39 -07:00
Rishi Gupta b0d325b8c5 emails: Change send_future_email to accept a to_user_id.
Also changes digest emails to use a to_user_id instead of a to_email.
2017-07-16 16:56:39 -07:00
neiljp (Neil Pilgrim) 8611a2cafa tidying: Combine multiple 'import typing' lines onto one line. 2017-07-16 16:43:21 -07:00
Harshit Bansal 45bc220796 notifications: Fix relative stream links in missed message emails.
Fixes: #5310.
2017-07-16 20:51:08 +00:00
Durga Akhil Mundroy 146dfa6f0b org-permissions: Add allow_edit_history organiztion setting.
This new setting controls whether or not users are allowed to see the
edit history in a Zulip organization.  It controls access through 2
key mechanisms:

* For long-ago edited messages, get_messages removes the edit history
  content from messages it sends to clients.

* For newly edited messages, clients are responsible for checking the
  setting and not saving the edit history data.  Since the webapp was
  the only client displaying it before this change, this just required
  some changes in message_events.js.

Significantly modified by tabbott to fix some logic bugs and add a
test.
2017-07-16 10:10:06 -07:00
James Rowan 21b5536353 emails: Update subject lines of emails. 2017-07-14 15:20:04 -07:00
Vaida Plankyte 28ea174ed9 backend: Implement high contrast mode display setting. 2017-07-14 14:53:24 -07:00
Steve Howell 475eb21a5e Revert commits related to client_message_id.
I pushed a bunch of commits that attempted to introduce
the concept of `client_message_id` into our server, as
part of cleaning up our codepaths related to messages you
sent (both for the locally echoed case and for the host
case).

When we deployed this, we had some strange failures involving
double-echoed messages and issues advancing the pointer that appeared
related to #5779.  We didn't get to the bottom of exactly why the PR
caused havoc, but I decided there was a cleaner approach, anyway.
2017-07-14 12:13:35 -07:00
Steve Howell 8fbb55df85 Introduce client_message_id on the server.
We are deprecating local_id/local_message_id on the Python server.
Instead of the server knowing about the client's implementation of
local id, with the message id = 9999.01 scheme, we just send the
server an opaque id to send back to us.

This commit changes the name from local_id -> client_message_id,
but it doesn't change the actual values passed yet.

The goal for client_key in future commits will be to:
    * Have it for all messages, not just locally rendered messages
    * Not have it overlap with server-side message ids.

The history behind local_id having numbers like 9999.01 is that
they are actually interim message ids and the numerical value is
used for rendering the message list when we do client-side rendering.
2017-07-13 23:42:27 -04:00
Jack Zhang 6e2f90c8c9 Improve /integrations page load time.
Prior to this commit, 7 megabytes of images (through 253 individual requests)
were heavily slowing down the initial load. With this commit, we load only the
logos (60 or so images).

Documentation and images for the individual integration sub-pages is requested
separately using the /integrations/doc/ endpoint, which returns HTML.
2017-07-13 20:37:09 -07:00
James Rowan 71bc40d829 emails: Update subject for invitation emails. 2017-07-13 18:47:21 -07:00
James Rowan 88b8d98d34 emails: Update subject for missed message emails. 2017-07-13 18:47:17 -07:00