Commit Graph

45010 Commits

Author SHA1 Message Date
Anders Kaseorg 8b2db48da5 dependencies: Downgrade webpack to avoid caching bug.
https://github.com/webpack/webpack/issues/14514

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-10-29 16:31:02 -07:00
Sahil Batra 9a03a78e3d test_users: Use delivery_email instead of email to generate gravatar url.
We always use delivery_email to generate gravatar_url, but in
test_admin_api_hide_emails we were passing email to get_gravatar_url
and matched with the avatar_url field of the fetched user object.

The tests were passing because the email_address_is_realm_public
was using old realm object and thus email field was incorrectly
set to delivery_email even when email_address_visibility was set
to EMAIL_ADDRESS_VISIBILITY_ADMINS.

This commit fixes the test to pass delivery_email to get_gravatar_url.
2021-10-29 16:19:55 -07:00
Sahil Batra 84cd68a5aa realm: Create RealmUserDefault object for internal realm.
We create RealmUserDefault object for internal realm just
for consistency. The code in migration does so but it
was missed to add the code when creating new internal realm.
2021-10-29 16:19:55 -07:00
Ganesh Pawar fce3261c30 deprecated_feature_notice: Migrate modal to dialog_widget. 2021-10-29 16:09:39 -07:00
Sahil Batra 9e9740ab65 settings: Add user-id readonly field in edit-user UI. 2021-10-29 16:08:35 -07:00
Sahil Batra 9f99dee687 user_profile: Show user_id in full user-profile modal. 2021-10-29 16:08:35 -07:00
Lauryn Menard 803f3cfac6 editor: Add `.vscode/extensions.json` file.
Create a file with recommended extensions for contributors using
VScode as their IDE.

Update `.gitignore` so that the json file is added to the project
repository, without changing how the rest of .vscode is handled.
2021-10-29 15:47:44 -07:00
Suyash Vardhan Mathur d2c5067839 openapi: Document remove-attachment endpoint. 2021-10-29 15:01:50 -07:00
Tim Abbott f8f8ee7d0e api docs: Remove print statement from get_subscribers example.
This was accidentally added by me in
95606a7347.
2021-10-29 15:01:50 -07:00
Sahil Batra fcc1548a74 settings: Fix css for custom profile fields in edit user form.
Previously the edit user modal element was appended inside the
settings overlay itself, so the styles for .custom_user_field
elements nested inside #settings_page were sufficient both for
edit user UI and profile section in personal settings.

e6e60107 changed the code to append edit user modal to body
element and thus existing css was no longer applied to custom
profile fields with custom_user_field class in edit user modal.

This commit fixes to have same styles for .custom_user_field
elements in #edit_user_form.
2021-10-29 14:44:31 -07:00
Ganesh Pawar d14312b18e modal: Remove focus ring from submit button. 2021-10-29 14:43:07 -07:00
Anders Kaseorg 8bb540fa31 run-codespell: Fix invocation with multiple arguments.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-10-28 09:59:27 -07:00
rht a3a71487b0 CI: Add Codespell linter.
This tool helps catch common typos in code and documentation, which is
particularly useful for our many contributors who are not native
English speakers.

The config is based on the codespell that I ran in
https://github.com/zulip/zulip/pull/18535.
2021-10-27 16:49:30 -07:00
Tim Abbott 5d5cf371d8 lint: Fix typo in test email address. 2021-10-27 16:49:30 -07:00
YashRE42 47f81f6974 minor: Fix typo in narrow.js activate - "heading" was "headig". 2021-10-27 14:22:10 -07:00
Mateusz Mandera 4105ccdb17 saml: Implement IdP-initated logout for Keycloak.
Fixes #13948.
2021-10-27 13:13:55 -07:00
Ganesh Pawar 14b07669cc dialog_widget: Add support for rendering a single footer button. 2021-10-26 18:20:17 -07:00
Ganesh Pawar c429c5d70e dialog_widget: Add support for having a custom id on the container element. 2021-10-26 18:20:17 -07:00
Ganesh Pawar 1e8bfa710e dialog_widget: Migrate modal to Micromodal.
Also removed the `danger_submit_button` config option
from the dialog_widget since it isn't needed in the new modals.
2021-10-26 18:20:17 -07:00
Ganesh Pawar 6a07a90499 dialog_widget: Remove the `fade` parameter.
A user wouldn't differentiate between a "normal" modal and a "settings"
modal. If one shows up instantly, one would expect all the others to do
the same. The difference between Bootstrap fade and non-fade is pretty
noticeable (300 ms for fading).

This is a prep commit for the Micromodal migration which will have 120ms
as the animation time which wouldn't feel slow.
2021-10-26 18:20:17 -07:00
Ganesh Pawar e6e601077f dialog_widget: Append dialog_widget to the body element.
We attach the DOM for the modal to the body element
to avoid style interference from other elements and having to choose
a separate parent element for every single dialog_widget.
2021-10-26 18:20:17 -07:00
Alex Vandiver 6a40c17ccf markdown: CSS-escape preview links.
This adds `soupsieve` as an explicit dependency, but intentionally
does not adjust the provision version, as it was already an indirect
dependency.
2021-10-26 18:17:23 -07:00
Alex Vandiver 52f74bbd9b markdown: Run URL preview links through camo.
Not proxying these requests through camo is a security concern.
Furthermore, on the desktop client, any embed image which is hosted on
a server with an expired or otherwise invalid certificate will trigger
a blocking modal window with no clear source and a confusing error
message; see zulip/zulip-desktop#1119.

Rewrite all `message_embed_image` URLs through camo, if it is enabled.
2021-10-26 18:17:23 -07:00
YashRE42 0ddf319709 click_handlers: Do not close compose box when clicking inputs.
Previously, there existed a bug where clicking an open message edit
box when the compose box was open would not focus the message edit
contents, but would instead:

- focus the message edit content,
- close the compose box,
- and unfocus the message edit content.

That first bug was fixed in 4e1525d7c4
which eliminated the unfocus part of that problem, but closing the
compose box is undesirable here anyway, since often it can be useful
to have compose open while interacting with the sidebar filter widgets
or working on editing a message.
2021-10-26 18:15:30 -07:00
Tim Abbott c60f83120b css: Fix missing whitespace in poll CSS.
a8b529b3ed hadn't been rebased since we
added the relevant linter rule.
2021-10-26 18:09:40 -07:00
YashRE42 bf4945a1e2 click_handlers: Correct line reference made by comment.
Click_handler.js was created in commit
e5467d3268 by moving code from ui.js.

While making this change, some handlers were rearranged, but the part
of this comment saying "... code above" was never changed. This commit
changes that part of the comment to refer to the correct handler
(which is labeled by a comment as MAIN CLICK HANDLER).
2021-10-26 17:54:56 -07:00
Tim Abbott 4e1525d7c4 compose: Fix buggy refocusing of compose box on close.
The `make_compose_box_original_size` function is designed in such a
way that it should only be called when it actually needs to resize the
compose box. In 3 of the 4 places that called it, we checked whether
the compose was already the original size; this fixes the 4th to do
the same.
2021-10-26 17:54:56 -07:00
Shlok Patel 033e61a055 webhooks/github: Include discussion ID in messages.
We add discussion id and url in the comments and highlighted title to
the body of disscussion message to make it more meaningful and accessible.

Fixes #19938.
2021-10-26 17:52:57 -07:00
Ganesh Pawar 8730bd8b94 delete avatar: Improve accessibility by converting <span> to <button>.
Since it's a button, it doesn't need the "keydown" event. So,
removed it. This fixes the bug where pressing any key while the
avatar's delete_button was in focus would pop up the modal.
It was introduced in e5d0448505.
2021-10-26 17:51:38 -07:00
Aryaman 9d045d7470
streams: Increase margin in the hint for adding streams.
This prevents this hint from looking wrong in languages where the
string ends up longer.

Fixes #19848.
2021-10-26 15:50:56 -07:00
nooblag a8b529b3ed widgets: Improve visual style for Polls. 2021-10-26 15:14:46 -07:00
Tim Abbott 5dd8fbdf19 help: Clarify descriptions of public/private streams.
Most important is adding the icons to help users understand the
recipients of the stream, but we also use clearer language that better
matches that present in the user interface.
2021-10-26 15:12:38 -07:00
Tim Abbott e6a3f49ba8 portico: Remove obsolete content: none markdown CSS.
This made it impossible to e.g. use Font Awesome icons inside a `<ul>`
list item (they worked correctly inside `<ol>` list items).

This line was apparently added in
17ad591eb4.  The original thinking
behind this line is not clear in the original PR, but is likely a
forgotten relic from experiments with a custom unordered list bullet
styling.
2021-10-26 15:12:38 -07:00
Ganesh Pawar fe7a1c0722 dialog_widget: Extract out `close_modal()`. 2021-10-22 16:08:26 -07:00
Ganesh Pawar e1070fe3d0 dialog_widget: Pass the event object to the `on_click` function. 2021-10-22 16:08:25 -07:00
Ganesh Pawar 3051b1afa3 dialog_widget: Use $t_html for html_heading. 2021-10-22 16:08:25 -07:00
Alya Abbott 7494115b2a user docs: Update documentation following up on #20039. 2021-10-22 13:45:45 -07:00
RISHABH SIDANA 41b37dab42
typo: Fix models.py grammatical error. 2021-10-22 13:44:26 -07:00
Kartik Soneji 6705085e25 provision: Silently unset PIP_USER if set. 2021-10-22 13:43:40 -07:00
Anders Kaseorg 58920affd4 python: Remove re.UNICODE flag (redundant in Python 3).
https://docs.python.org/3/library/re.html#re.A

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-10-22 13:42:29 -07:00
Shlok Patel 0678e2610f webhooks: Add support for GitHub discussions messages.
We aim to use Zulip topics thoughtfully in displaying messages from
discussions, as well as linking to the discussion in every message so
that it's easy to view them.

Fixes #19938.
2021-10-22 13:40:05 -07:00
Alex Vandiver 9381a3bd45 linkifiers: Support URL percent-encoded bytes.
Supporting URL percent-encoded bytes is possible using `%%20`, but this
is not necessarily very understandable to end-users, even those that
understand percent encoding.

Allow `%20` in linkifier URL format strings, and transform them into
`%%20` in the pattern just before they are applied in markdown
translation.  Care must be taken here, such that already-escaped `%`s
are not escaped an extra time.

We do this before rendering, and not before storage, as
a simplification; the JS-side linkifier at present only understands
`%(foo)s` and thus needs no changes, and to avoid an un-escaping pass
before showing in the admin UI.
2021-10-22 13:00:20 -07:00
Alex Vandiver d6768814a1 linkifiers: Explicitly only check format strings after verifying as a URL.
This makes the errors less confusing -- they might otherwise be jammed
together in the frontend.
2021-10-22 13:00:20 -07:00
Alex Vandiver 8dd9b4e812 linkifiers: Loosen regex that validates URLs.
User-supplied custom realm filter has had some sort of regex-based
validation of the format URL since their introduction in
d7e1e4a2c0 -- and this has always been
in addition to the URLValidator.  The URLValidator is the one which
does the security-relevant work of validating that the schema is
reasonable, and that the overall shape of the URL is well-formed.  The
regex has served primarily to arbitrary limit the characters that can
appear in the URL, in the mistaken name of safety.

Adjust the regex, such that its only purpose is to verify that the
usages of `%` characters in the URL are reasonable, and leave the URL
validation to the URLValidator, which can do a far better job.  This
includes broadening the support to include `%%` as an escape
character; this is likely such a niche case as to be unnecessary, but
costs little.

Fixes #16013.
2021-10-22 13:00:20 -07:00
isakhagg adb612a0b4 settings: Rearrange display settings.
This provides a cleaner organization for our display settings, to make
browsing them more intuitive for new users.

We still need to update the /help/ documentation following this migration.

Fixes #19960.
2021-10-21 15:23:19 -07:00
Anders Kaseorg 4839b7ed27 url_preview: Interpret og:image relative to full page URL.
og:image is supposed to be an absolute URL, but some sites incorrectly
provide a relative URL.  In this case, it makes more sense to
interpret it relative to the full page URL after redirects, rather
than relative to just the domain part of the page URL before
redirects.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-10-21 12:20:37 -07:00
Mateusz Mandera 4dae22684a audit_log: Reserve a number for STREAM_REACTIVATED.
We don't yet have a do_reactivate_stream function, but we reserve a
number since:
1. It'll likely be added in the future.
2. For now, we can restore archived stream with some manual intervention
in the Django shell, and for that we'll want to create an appropriate
RealmAuditLog entry.
2021-10-21 11:13:55 -07:00
Jonny Tran ddf4053a73 composebox_typeahead: Remove redundant options from the `/` typeahead.
Removes the `/day` and `/night` options from the typeahead menu while
still allowing the commands to be used. Typing `/day` and `/night`
will now suggest `/light` and `/dark`, respectively. Also changes the
`Dark mode` and `Light mode` popups that appear after using the
corresponding command.

Fixes #18318.
2021-10-21 10:50:27 -07:00
Lauryn Menard 0d0b4eb9d4 documentation_api: Deduplicate ignored_parameters_unsupported.
Created a schema for the ignored_parameters_unsupported that is
returned by the /settings and /realm/user_settings_defaults endpoints
and removed the duplicated text in the api documentation.

Also cleaned up some small errors in the /realm/user_settings_default
definition and sidebar link /api/update-realm-user-settings-defaults.

Fixes #19674
2021-10-21 10:32:31 -07:00
Alex Vandiver 75f1070881 queue_processors: Disable timeouts with PushNotificationsWorker.
Since 3853285241, PushNotificationsWorker uses the aioapns library
to send Apple push notifications.  This introduces an asyncio event
loop into this worker process, which, if unlucky, can respond poorly
when a SIGALRM is introduced to it:

```
[asyncio] Task exception was never retrieved
future: <Task finished coro=<send_apple_push_notification.<locals>.attempt_send() done, defined at /path/to/zerver/lib/push_notifications.py:166> exception=WorkerTimeoutException(30, 1)>
Traceback (most recent call last):
  File "/path/to/zerver/lib/push_notifications.py", line 169, in attempt_send
    result = await apns_context.apns.send_notification(request)
  File "/path/to/zulip-py3-venv/lib/python3.6/site-packages/aioapns/client.py", line 57, in send_notification
    response = await self.pool.send_notification(request)
  File "/path/to/zulip-py3-venv/lib/python3.6/site-packages/aioapns/connection.py", line 407, in send_notification
    response = await connection.send_notification(request)
  File "/path/to/zulip-py3-venv/lib/python3.6/site-packages/aioapns/connection.py", line 189, in send_notification
    data = json.dumps(request.message, ensure_ascii=False).encode()
  File "/usr/lib/python3.6/json/__init__.py", line 238, in dumps
    **kw).encode(obj)
  File "/usr/lib/python3.6/json/encoder.py", line 199, in encode
    chunks = self.iterencode(o, _one_shot=True)
  File "/usr/lib/python3.6/json/encoder.py", line 257, in iterencode
    return _iterencode(o, 0)
  File "/path/to/zerver/worker/queue_processors.py", line 353, in timer_expired
    raise WorkerTimeoutException(limit, len(events))
zerver.worker.queue_processors.WorkerTimeoutException: Timed out after 30 seconds processing 1 events
```

...which subsequently leads to the worker failing to make any progress
on the queue.

Remove the timeout on the worker.  This may result in failing to make
forward progress if Apple/Google take overly long handling requests,
but is likely preferable to failing to make forward progress if _one_
request takes too long and gets unlucky with when the signal comes
through.
2021-10-21 08:59:56 -07:00