Commit Graph

45 Commits

Author SHA1 Message Date
Mateusz Mandera 34a0139c2b rate_limit: Add interface to override rate limiting rules. 2022-11-08 08:56:42 -08:00
Anders Kaseorg 75525f5b53 docs: Convert .html#fragment links to .md#fragment.
This uses the myst_heading_anchors option to automatically generate
header anchors and make Sphinx aware of them.  See
https://myst-parser.readthedocs.io/en/latest/syntax/optional.html#auto-generated-header-anchors.

Note: to be compatible with GitHub, MyST-Parser uses a slightly
different convention for .md fragment links than .html fragment links
when punctuation is involved.  This does not affect the generated
fragment links in the HTML output.

Fixes #13264.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-28 16:28:31 -08:00
Anders Kaseorg c19d6fb3ef docs: Clean redundant relative links.
We previously had a convention of redundantly including the directory
in relative links to reduce mistakes when moving content from one file
to another.  However, these days we have a broken link checker in
test-documentation, and after #21237, MyST-Parser will check relative
links (including fragments) when you run build-docs.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-24 16:12:18 -08:00
Alex Vandiver be1c4c2bd8 docs: Mention Camo does not use a local Smokescreen in the proxies docs.
This documents the new behaviour in d328d3dd4d.
2022-01-21 15:57:27 -08:00
rht 42f46a78e9 docs: Fix grammar problems found by LanguageTool.
With tweaks to security-model.md by tabbott to expand the SSO acronym.

Ignored, but still needs discussion on whether we should exclude this
rule:

```
The word ‘install’ is not a noun.
  ✗ ...ble to connect to the client during the install process:  So you'll need to shut down a...
                                               ^^^^^^^
  ✓ ...ble to connect to the client during the installation process:  So you'll need to shut down a...
  A_INSTALL: a/the + install

The word ‘install’ is not a noun.
  ✗ ...detected at install time will cause the install to abort. If you already have PostgreSQ...
                                               ^^^^^^^
  ✓ ...detected at install time will cause the installation to abort. If you already have PostgreSQ...
  A_INSTALL: a/the + install
```
2022-01-21 14:02:14 -08:00
Eeshan Garg 3bab91079f external links: Migrate the rest of /developer-community links.
We recently changed /developer-community to /development-community.
Now that this change is in production, we can also migrate the
external links in our ReadTheDocs documentation.
2021-12-09 12:14:26 -08:00
Alex Vandiver b982222e03 camo: Replace with go-camo implementation.
The upstream of the `camo` repository[1] has been unmaintained for
several years, and is now archived by the owner.  Additionally, it has
a number of limitations:
 - It is installed as a sysinit service, which does not run under
   Docker
 - It does not prevent access to internal IPs, like 127.0.0.1
 - It does not respect standard `HTTP_proxy` environment variables,
   making it unable to use Smokescreen to prevent the prior flaw
 - It occasionally just crashes, and thus must have a cron job to
   restart it.

Swap camo out for the drop-in replacement go-camo[2], which has the
same external API, requiring not changes to Django code, but is more
maintained.  Additionally, it resolves all of the above complaints.

go-camo is not configured to use Smokescreen as a proxy, because its
own private-IP filtering prevents using a proxy which lies within that
IP space.  It is also unclear if the addition of Smokescreen would
provide any additional protection over the existing IP address
restrictions in go-camo.

go-camo has a subset of the security headers that our nginx reverse
proxy sets, and which camo set; provide the missing headers with `-H`
to ensure that go-camo, if exposed from behind some other non-nginx
load-balancer, still provides the necessary security headers.

Fixes #18351 by moving to supervisor.
Fixes zulip/docker-zulip#298 also by moving to supervisor.

[1] https://github.com/atmos/camo
[2] https://github.com/cactus/go-camo
2021-11-19 15:58:26 -08:00
Alex Vandiver c33562f0a8 puppet: Default to installing smokescreen on application frontends.
This is an additional security hardening step, to make Zulip default
to preventing SSRF attacks.  The overhead of running Smokescreen is
minimal, and there is no reason to force deployments to take
additional steps in order to secure themselves against SSRF attacks.

Deployments which already have a different external proxy configured
will not gain a local Smokescreen installation, and running without
Smokescreen is supported by explicitly unsetting the `host` or `port`
values in `/etc/zulip/zulip.conf`.
2021-11-19 15:29:28 -08:00
Anders Kaseorg a4dbc1edd4 docs: Format Markdown with Prettier.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-08 12:06:24 -07:00
Anders Kaseorg 35c1c8d41b docs: Apply sentence single-spacing from Prettier.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-08 12:06:24 -07:00
Anders Kaseorg 915884bff7 docs: Apply bullet style changes from Prettier.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-08 12:06:24 -07:00
Tim Abbott 454a900487 docs: Replace chat-zulip-org page with /developer-community/. 2021-07-25 22:17:57 -07:00
Anders Kaseorg e3c570401e docs: Document password hashing change from PBKDF2 to Argon2.
This changed in commit 483a351d44
(#3410).

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-05-14 13:07:51 -07:00
Alex Vandiver 653c67a2b6 docs: Explicitly list possible outgoing HTTP connections. 2021-05-13 11:06:30 -07:00
Alex Vandiver a9ced1d228 smokescreen: Capitalize Smokescreen in documentation. 2021-05-12 12:32:39 -07:00
Wesley Aptekar-Cassels 6b7a3fb74a markdown: Rewrite all external images to use Camo.
Requesting external images is a privacy risk, so route all external
images through Camo.

Tweaked by tabbott for better test coverage, more comments, and to fix
bugs.
2021-04-30 10:36:16 -07:00
Alex Vandiver 7264d44dd4 docs: Minor grammar tweak. 2021-04-16 14:05:42 -07:00
Alex Vandiver e683ae2d24 docs: Add a missing word. 2021-04-16 14:05:42 -07:00
Tim Abbott d58931e2b5 docs: Document situations where one needs smokescreen. 2021-04-16 14:05:42 -07:00
Mateusz Mandera 82b43a8cfe streams: Use "archive stream" phrasing instead of "delete stream".
The previous phrasing was misleading in relation to what the action
actually does.
2021-04-02 22:06:48 -07:00
Mateusz Mandera d0dc04a093 models: Rename is_api_super_user to can_forge_sender, 2020-12-21 13:15:39 -08:00
sahil839 a96811ab58 management: Replace knight command with change_user_role command.
We replace knight command with change_user_role command which
allows us to change role of a user to owner, admins, member and
guest. We can also give/revoke api_super_user permission using
this command.

Tweaked by tabbott to improve the logging output and update documentation.

Fixes #16586.
2020-10-25 14:55:08 -07:00
Anders Kaseorg 72d6ff3c3b docs: Fix more capitalization issues.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-23 11:46:55 -07:00
Anders Kaseorg 6dea085187 docs: Correct “login” as a verb to “log in”.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-08-11 10:25:53 -07:00
Anders Kaseorg c155403884 docs: Fix various capitalization errors.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-08-11 10:25:52 -07:00
Tim Abbott f0d8f60b66 help: Add basic documentation of organization owners. 2020-06-10 14:07:46 -07:00
Tim Abbott 7b8ba5ebd9 docs: Update most remaining references to zulipchat.com.
In some cases, the cleanest tweak is to replace references to the
domain with Zulip Cloud, the product.
2020-06-08 18:10:45 -07:00
Tim Abbott 71078adc50 docs: Update URLs to use https://zulip.com.
We're migrating to using the cleaner zulip.com domain, which involves
changing all of our links from ReadTheDocs and other places to point
to the cleaner URL.
2020-06-08 18:10:45 -07:00
Tim Abbott b775becc68 docs: Change our security contact to security@.
This has for a while been our only active Google Groups mailing list,
and given that folks will guess security@ as our security contact, we
might as well just standardize on that.

Also tweak some ambiguous text; it wouldn't be appropriate for us to
issue a CVE for e.g. an operational issue only affecting us.
2020-02-26 16:35:29 -08:00
David Rosa bdbc384de5 docs: Reduce the number of apparently broken links on github.
- Updated 260+ links from ".html" to ".md" to reduce the number of issues
reported about hyperlinks not working when viewing docs on Github.
- Removed temporary workaround that suppressed all warnings reported
by sphinx build for every link ending in ".html".

Details:
The recent upgrade to recommonmark==0.5.0 supports auto-converting
".md" links to ".html" so that the resulting HTML output is correct.

Notice that links pointing to a heading i.e. "../filename.html#heading",
were not updated because recommonmark does not auto-convert them.
These links do not generate build warnings and do not cause any issues.
However, there are about ~100 such links that might still get misreported
as broken links.  This will be a follow-up issue.

Background:
docs: pip upgrade recommonmark and CommonMark #13013
docs: Allow .md links between doc pages #11719

Fixes #11087.
2019-10-07 12:08:27 -07:00
Anders Kaseorg 33c941407b puppet: Remove legacy unauthenticated local uploads backend.
This was only used in Ubuntu 14.04 Trusty.

Removing this also finally lets us simplify our security model
discussion of uploaded files.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-06-26 11:31:46 -07:00
Tim Abbott abc7a00d35 Revert "docs: Update .html links to .md."
This doesn't work without the CommonMark upgrade.

This reverts commit c87893feea.
2019-04-05 17:58:54 -07:00
Samuel Searles-Bryant c87893feea docs: Update .html links to .md.
Sphinx/ReadTheDocs supports automatically translating links written as
to `.md` files to point to the corresponding `.html` files, so this
migration does not change the resulting HTML output in ReadTheDocs.
But it does fix apparent broken links on GitHub.

This doesn't prevent people from reading the documentation on GitHub
(so doesn't mitigate the fact that some rtd-specific syntax does not
render properly on GH), but it will prevent us from getting erroneous
issues reported about the hyperlinks not working.

Fixes: #11087.
2019-04-05 17:16:25 -07:00
Tim Abbott a4a25c3e14 docs: Expand security model documentation to cover guests.
This is a pretty minor update, just clarifying the discussion of what
types of users exist.
2018-12-05 17:25:12 -08:00
Tim Abbott 5f3c8be6d1 docs: Fix some broken links in security model doc.
Apparently, we haven't been running test-documentation in production
of late.
2018-11-28 09:49:39 -08:00
Rishi Gupta 39c56b3ba9 docs: Update security-model.md.
Tweaked by tabbott to fix a few typos and purge use of "realm".
2018-10-19 15:40:36 -07:00
Eeshan Garg 0a43e5e257 Replace all user-facing references to "invite-only" with "private".
Fixes #9611.
2018-06-12 13:37:45 -04:00
Tim Abbott 40635beb23 docs: Document production support for Debian Stretch and Ubuntu Bionic.
Fixes #9197.
2018-06-05 08:09:29 -07:00
Tim Abbott f8fcbbb672 docs: Update security model docs for new stream history feature. 2018-05-20 14:38:51 -07:00
YJDave 93ee0aace7 stream settings: Allow realm admins to remove others from any stream.
This will allow realm admins to remove others from private stream to
which the realm administrator is not subscribed; this is important for
managing those streams, because previously nobody could remove users
from private streams that didn't have any realm administrators
subscribed.
2018-03-13 14:59:09 -07:00
YJDave 2031118545 stream settings: Allow realm admins to access all private stream subs.
This will allow realm admins to access subscribers of unsubscribed
private stream.  This is a preparatory commit for letting realm admins
remove those users.
2018-03-13 14:59:09 -07:00
YJDave 37f9d5c193 stream settings: Allow realm admins to update any stream name & description.
This will allow realm admins to update the names and descriptions of
private streams even if they are not subscribed, which fixes the buggy
behavior that previously nobody could(!).
2018-03-13 14:59:09 -07:00
Aditya Bansal efe8545303 local-uploads: Start running authentication checks on file requests.
From here on we start to authenticate uploaded file request before
serving this files in production. This involves allowing NGINX to
pass on these file requests to Django for authentication and then
serve these files by making use on internal redirect requests having
x-accel-redirect field. The redirection on requests and loading
of x-accel-redirect param is handled by django-sendfile.

NOTE: This commit starts to authenticate these requests for Zulip
servers running platforms either Ubuntu Xenial (16.04) or above.

Fixes: #320 and #291 partially.
2018-02-16 05:06:37 +05:30
David Rosa Tamsen 84384196f2 docs: Exclude files from TOC warnings and navigation sidebar.
Sphinx was displaying "WARNING: document isn't included in any toctree"
for files we just don't want in the TOC. We can hide them from the index,
but the rtd theme defaults to display hidden index entries in the nav bar.

This commit excludes these files from such warnings, and patches layout.html
so that hidden index entries stay hidden from the navigation sidebar.

This commit also moves password-strength.md under docs/production and
adds it as a hidden entry in production/index.rst.

Fixes #7417.
2017-11-22 10:59:14 -08:00
David Rosa Tamsen 7072fa5b37 docs: Reorganize developer docs to improve navigation.
This commit helps reduce clutter on the navigation sidebar.
Creates new directories and moves relevant files into them.
Modifies index.rst, symlinks, and image paths accordingly.

This commit also enables expandable/collapsible navigation items,
renames files in docs/development and docs/production,
modifies /tools/test-documentation so that it overrides a theme setting,
Also updates links to other docs, file paths in the codebase that point
to developer documents, and files that should be excluded from lint tests.

Note that this commit does not update direct links to
zulip.readthedocs.io in the codebase; those will be resolved in an
upcoming follow-up commit (it'll be easier to verify all the links
once this is merged and ReadTheDocs is updated).

Fixes #5265.
2017-11-16 09:45:08 -08:00