Commit Graph

202 Commits

Author SHA1 Message Date
Eeshan Garg f839d528d8 decorators: Log custom HTTP headers in webhook requests.
This aids in debugging because many of our Git-based integrations
use custom HTTP headers to indicate the type of event/payload.
2018-03-30 13:37:35 -07:00
Tim Abbott 209c813424 decorator: Improve error message for a deactivated organization. 2018-03-16 16:59:02 -07:00
Tim Abbott 34e165c100 webhooks: Fix passing client string to authenticated webhook API views.
This fixes a regression in 93678e89cd
and a4979410f9, where the webhooks using
authenticated_rest_api_view were migrated to a new model that didn't
include setting a custom Client string for the webhook.

When restoring these webhooks' client strings, we also fix places
where the client string was not capitalized the same was as the
product's name.
2018-03-16 15:43:19 -07:00
neiljp (Neil Pilgrim) 88046f815a mypy: Rewrite zulip_login_required annotations in terms of ViewFuncT. 2018-03-15 14:33:56 -07:00
neiljp (Neil Pilgrim) 8edb47e212 mypy: Fully use ViewFuncT in decorators.py; remove WrappedViewFuncT.
Many declarations were previously annotated with
Callable[..., HttpResponse]; this is equivalent to ViewFuncT, so here we
switch to it.

To enable this migration, the WrappedViewFuncT alias is removed; this is
equivalent to the simple & legible Callable[[ViewFuncT], ViewFuncT], so
for relatively no space change, a clearer return type is possible.
2018-03-15 14:33:56 -07:00
neiljp (Neil Pilgrim) 80a7c16baf minor: Remove unused WrapperT from zerver/decorator.py. 2018-03-15 14:33:28 -07:00
neiljp (Neil Pilgrim) 3dbe772b50 mypy: Migrate some Callable[..., HttpResponse] to ViewFuncT in decorator.py. 2018-03-15 14:33:27 -07:00
neiljp (Neil Pilgrim) 17937175ac mypy: Centralize ViewFuncT definition into new file zerver/lib/types.py.
Originally was going to centralize this in zerver/lib/request.pyi, but this
file is not visible at run-time, being only a stub. The matching request.py
file seemed inappropriate, as it doesn't actually use ViewFuncT.
2018-03-15 14:16:40 -07:00
Tim Abbott e2a6541133 i18n: Fix use of 'realm administrator' in translated strings.
These are user-facing and thus should refer to being an "organization
administrator".
2018-03-07 17:15:29 -08:00
Eeshan Garg 75ce1261c1 webhooks/github: Log payloads that aren't handled properly.
Webhook functions wrapped by the decorator:

@authenticated_api_view(is_webhook=True)

now log payloads that cause exceptions to webhook-errors.log.

Note that authenticated_api_view is only used by webhooks/github
and not anywhere else.
2018-03-03 15:30:36 -08:00
Eeshan Garg 5069683cad decorators: Refactor the webhook_logger code.
Just to make the code a bit cleaner and to be able to reuse the
same logging code in other decorator functions.
2018-03-02 11:56:20 -08:00
Dennis Ludl 895a675f4c decorators: Fix email check in access_user_by_api_key case insensitive.
In Zulip, email addresses should always be treated as
case-insensitive; this code path incorrectly assumed the email input
by the user had the correct case.

Discussed in:

https://chat.zulip.org/#narrow/stream/issues/subject/Mobile.20Apps.3A.20Sometimes.20don't.20load.20data/near/461062

Commit message tweaked by tabbott.
2018-01-23 10:04:03 -08:00
Xavier Cooney 5b2819645e mypy: Use Python 3 type syntax in decorator.py. 2017-12-26 08:29:30 -05:00
Greg Price b830b446f1 logging: Reduce `create_logger` to new `log_to_file`.
The name `create_logger` suggests something much bigger than what this
function actually does -- the logger doesn't any more or less exist
after the function is called than before.  Its one real function is to
send logs to a specific file.

So, pull out that logic to an appropriately-named function just for
it.  We already use `logging.getLogger` in a number of places to
simply get a logger by name, and the old `create_logger` callsites can
do the same.
2017-12-12 17:17:08 -08:00
Greg Price b6491fd52a logging: Eliminate log_level from create_logger.
Because calls to `create_logger` generally run after settings are
configured, these would override what we have in `settings.LOGGING` --
which in particular defeated any attempt to set log levels in
`test_settings.py`.  Move all of these settings to the same place in
`settings.py`, so they can be overridden in a uniform way.
2017-12-12 17:17:08 -08:00
rht a1cc720860 zerver: Use Python 3 syntax for typing.
Tweaked by tabbott to fix some minor whitespace errors.
2017-11-28 16:49:36 -08:00
Steve Howell da2744812f Don't use force_bytes() in decorator.py.
In python3 base64.b64decode() can take an ASCII string, and any
legit data will be ASCII.  If you pass in non-ASCII data, the
function will properly throw a ValueError (verified in python3 shell).

	>>> s = '안녕하세요'
	>>> import base64
	>>> base64.b64decode(s)
	Traceback (most recent call last):
	  File "/srv/zulip-py3-venv/lib/python3.4/base64.py", line 37, in _bytes_from_decode_data
		return s.encode('ascii')
	UnicodeEncodeError: 'ascii' codec can't encode characters in position 0-4: ordinal not in range(128)

	During handling of the above exception, another exception occurred:

	Traceback (most recent call last):
	  File "<stdin>", line 1, in <module>
	  File "/srv/zulip-py3-venv/lib/python3.4/base64.py", line 83, in b64decode
		s = _bytes_from_decode_data(s)
	  File "/srv/zulip-py3-venv/lib/python3.4/base64.py", line 39, in _bytes_from_decode_data
		raise ValueError('string argument should contain only ASCII characters')
	ValueError: string argument should contain only ASCII characters
2017-11-09 10:43:19 -08:00
neiljp (Neil Pilgrim) 790cd5e7c8 mypy: Specify generic type parameters in cachify decorator.
Use of the decorator in event_queue.py suggests concrete return type,
for application of copy() function.
2017-11-08 12:40:40 -08:00
rht ec5120e807 refactor: Remove six.moves.zip import. 2017-11-07 10:46:42 -08:00
rht 19bd335cbb Change urllib import to be Python 3-specific. 2017-11-07 10:46:42 -08:00
Steve Howell 5be13fb066 Add cachify decorator. 2017-11-07 10:36:02 -08:00
rht 8990b1046d zerver: Remove inheritance from object. 2017-11-06 08:53:48 -08:00
Greg Price 6b9d294873 auth: Set user_activity `query` nicely for several auth views.
This gets used when we call `process_client`, which we generally do at
some kind of login; and in particular, we do in the shared auth
codepath `login_or_register_remote_user`.  Add a decorator to make it
easy, and use it on the various views that wind up there.

In particular, this ensures that the `query` is some reasonable
constant corresponding to the view, as intended.  When not set, we
fall back in `update_user_activity` on the URL path, but in particular
for `log_into_subdomain` that can now contain a bunch of
request-specific data, which makes it (a) not aggregate properly, and
(b) not even fit in the `CHARACTER VARYING(50)` database field we've
allotted it.
2017-11-04 19:27:00 -07:00
Greg Price b2d35872ed decorator: Set the user_activity query in another case.
Now that this is a little less mysterious-looking to do,
let's do it in this spot too.
2017-11-04 19:27:00 -07:00
Greg Price 1a540241a9 require_server_admin: Cut a redundant bit of request-mutation.
The only place this attribute is used is in `update_user_activity`,
called only in `process_client`, which won't happen if we end up
returning a redirect just below.  If we don't, we go and call
`add_logging_data` just after, which takes care of this already.
2017-11-04 19:27:00 -07:00
Greg Price b871aa9622 user_activity: Allow passing the `query` more directly.
This won't work for all call paths without deeper refactoring,
but for at least some paths we can make this more direct -- function
arguments, rather than mutating a request attribute -- so it's easier
to see how the data is flowing.
2017-11-04 19:27:00 -07:00
neiljp (Neil Pilgrim) 63335fd8c5 mypy: Correct return_success_on_head_request typing.
Also switch to python3 type annotations.
2017-10-29 17:10:13 -07:00
neiljp (Neil Pilgrim) 0781237b1f mypy: Improve typing to profile.py & remove FuncT from decorator.py.
FuncT was unused in decorator.py, and only imported into profile.py.
The @profiled decorator is now more strongly typed on return-type.
Annotations were converted to python3 format.
2017-10-29 17:10:13 -07:00
neiljp (Neil Pilgrim) 1cc0a3cc67 mypy: Improve constraint on return types in statsd_increment decorator. 2017-10-29 17:10:13 -07:00
neiljp (Neil Pilgrim) 232bcd98b3 mypy: Improve return type of internal_notify_view decorator. 2017-10-28 08:57:49 -07:00
neiljp (Neil Pilgrim) 5c3af83229 mypy: Improve return type of api_key_only_webhook_view decorator. 2017-10-28 08:57:49 -07:00
Tim Abbott be619fe881 lint: Wrap many very long lines in the Python codebase.
This decreases the maximum line length in our Python codebase to 130.
2017-10-26 17:31:58 -07:00
Greg Price c9457d4af0 subdomains: Refactor check_subdomain to a clearer interface.
Now that every call site of check_subdomain produces its second
argument in exactly the same way, push that shared bit of logic
into a new wrapper for check_subdomain.

Also give that new function a name that says more specifically what
it's checking -- which I think is easier to articulate for this
interface than for that of check_subdomain.
2017-10-26 10:29:17 -07:00
Greg Price 7bec0a29c4 subdomains: Simplify out check_subdomain from an uncommon use.
This also replaces an implicit use of "" for
Realm.SUBDOMAIN_FOR_ROOT_DOMAIN.
2017-10-26 10:29:17 -07:00
Tim Abbott 1ab2ca5986 subdomains: Extract zerver.lib.subdomains library.
These never really belonged with the rest of zerver.lib.utils.py, and
having a separate library makes it easier to enforce full test
coverage.
2017-10-18 22:27:48 -07:00
Tim Abbott 298c59f7fd push_notifications: Fix error message for unregistered bouncer.
Previously, we were just returning a JSON error to the client, when it
was a server problem.

Fixes #6639.
2017-10-11 19:09:24 -07:00
Tim Abbott 5a27a4cf1c decorator: Improve wrong-subdomain logging output.
Often, it's helpful to see both values in errors.
2017-10-02 13:31:20 -07:00
rht 2949d1c1e8 zerver: Remove the rest of absolute_import. 2017-09-27 10:02:39 -07:00
Aditya Bansal d9c9bfe7f6 logger: Add new create_logger abstraction to simplify logging.
This deduplicates a ton of Python logger-creation code to use a single
standard implementation, so we can avoid copy-paste problems.
2017-08-27 18:31:53 -07:00
Tim Abbott 70e16da81c decorator: Fix request.user handling of remote servers.
The refactor in b46af40bd3 didn't
correctly translate the code for managing request.user and
request._email, resulting in requests for the push notification
bouncer being rejected with this exception:

AttributeError: 'AnonymousUser' object has no attribute 'rate_limits'
2017-08-27 16:35:17 -07:00
Tim Abbott eeabed9119 models: Add new get_user_profile_by_api_key helper.
This results in a slight performance increase.
2017-08-24 23:17:08 -07:00
Tim Abbott ffafa05bd5 decorator: Remove unnecesary import. 2017-08-24 23:16:31 -07:00
Tim Abbott 8b0c0c33b5 login: Fix logging for login/register actions.
Previously, Zulip's server logs would not show which user or client
was involved in login or user registration actions, which made
debugging more annoying than it needed to be.
2017-08-24 16:29:27 -07:00
Tim Abbott 5206dad373 decorator: Fix is_browser_view handling of e.g. mobile apps.
We may end up with some endpoints that could be the browser or the
mobile apps, and we want the right default to happen here.
2017-08-24 16:26:57 -07:00
Tim Abbott 7ffc107061 decorator: Rename is_json_view to is_browser_view.
This improves clarity, now that we're planning to start logging in the
login/registration pages, which aren't browser views.
2017-08-24 16:25:08 -07:00
Tim Abbott fd1b8c7a3c decorator: Fix SOCKET requests being broken with REALMS_HAVE_SUBDOMAINS.
This code path broken in a recent refactoring meant that sending
messages via websockets didn't work if REALMS_HAVE_SUBDOMAINS.
2017-08-15 19:22:17 -07:00
Tim Abbott 93aa28ed08 decorator: Clean up ugly validation comment. 2017-08-15 10:55:32 -07:00
Tim Abbott 5a63ea0170 decorator: Extract validate_account_and_subdomain and deduplicate.
This fixes the significant duplication of code between the
authenticate_log_and_execute_json code path and the `validate_api_key`
code path.

These's till a bit of duplication, in the form of `process_client` and
`request._email` interactions, but it is very minor at this point.
2017-08-15 10:54:23 -07:00
Tim Abbott 127222e7e5 decorator: Clean up process_client call with positional argument. 2017-08-15 10:54:23 -07:00
Tim Abbott 0262609c3d decorator: Use validate_api_key in api_key_only_webhook_view code path.
This completes the effort to deduplicate the main code of our
authentication decorators.
2017-08-15 10:54:23 -07:00