Commit Graph

52 Commits

Author SHA1 Message Date
Steve Howell 19ca41c5e1 casper: Extract manage_organization helper. 2020-04-10 07:51:25 -04:00
Anders Kaseorg 68cfcd6446 CVE-2020-9444: Prevent reverse tabnabbing attacks.
While we could fix this issue by changing the markdown processor,
doing so is not a robust solution, because even a momentary bug in the
markdown processor could allow cached messages that do not follow our
security policy.

This change ensures that even if our markdown processor has bugs that
result in rendered content that does not properly follow our policy of
using rel="noopener noreferrer" on links, we'll still do something
reasonable.

Co-authored-by: Tim Abbott <tabbott@zulipchat.com>
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-04-01 14:01:45 -07:00
Steve Howell dd8958e0cd minor: Move then_log_in next to then_log_out. 2020-03-31 10:57:08 -04:00
Steve Howell 3dde4a70d2 capser: Extract wait_for_text().
Before this we were monkey-patching in the
function `waitForSelectorText` into the
`casper` namespace, but only if you called
`common.initialize_casper`.

This would cause confusion if you expected
that function to be documented by Casper.

Now we just add the helper to `common` in
the `common` namespace.

We also avoid having to reason about what
`this` means by just using `casper` inside
the implementation of `wait_for_text` now.
And we don't bother with a return code that
none of our callers were using, anyway.
2020-03-31 10:57:08 -04:00
Steve Howell 05f52f0de6 casper: Remove unused args/params in helpers.
We remove `credentials` or `viewport` as either
arguments or parameters in several places, based
on their callee or caller not using them.
2020-03-31 10:57:08 -04:00
Steve Howell 35d12c55d1 casper: Remove phantom_page_loaded code.
We removed the phantom_page_loaded logic in
b13265d135
(July 2017).

Now we just say that the page is loaded
to the console, which can possibly help
us debug glitches where the tests are
executing too early.
2020-03-31 10:57:08 -04:00
Steve Howell 6b946e4d05 casper: Clean up message helpers.
We now trim the headers inside of
`get_rendered_messages`, since any
sane caller of that function just
wants nicely trimmed headers.

(Note that we're now doing the
string manipulation inside of
Zulip code, not Casper code, which
is why I didn't reuse normalize_spaces.)
2020-03-31 10:57:08 -04:00
Anders Kaseorg 7ff9b22500 docs: Convert many http URLs to https.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-03-26 21:35:32 -07:00
Steve Howell d604814347 casper: Improve logic to confirm message sends.
We now use `wait_for_message_fully_processed`
to check that messages are fully rendered.

Before this, we had loopholes where messages
sent outside the view were effectively ignored.
Now we explicitly ignore the check for the
one place we do that.

The more important behavior is for messages
that get sent to the current view.

Before this change, the older version of this
function declared victory as soon as we put the
server version of a locally echoed message into
the current message list's data.

This fixes flaky behavior with 07-stars in
particular, since we need the star icon
on our last message to be there before
we click on it.

Because this function is more robust now, we
can remove some redundant checks in 08-edit.js.
2020-03-26 14:54:02 -04:00
Steve Howell f1cfcd2f55 casper: Use data-stream-id to find checkboxes. 2020-01-28 14:49:57 -08:00
Steve Howell 8e7ad57131 casper: Add get_user_id() helper. 2020-01-27 18:16:39 +00:00
Tim Abbott ea7c6d395f compose_state: Rename compost_state.recipient to be about PMs only.
The compose_state.recipient field was only actually the recipient for
the message if it was a private_message_recipient (in the sense of
other code); we store the stream in compose_state.stream instead.

As a result, the name was quite confusing, resulting in the
possibility of problematic correctness bugs where code assumes this
field has a valid value for stream messages.  Fix this by changing it
to compose_state.private_message_recipient for clarity.
2019-12-02 08:53:55 -08:00
Anders Kaseorg d17b577d0c js: Purge useless IIFEs.
With webpack, variables declared in each file are already file-local
(Global variables need to be explicitly exported), so these IIFEs are
no longer needed.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2019-10-25 13:51:21 -07:00
Tim Abbott bdb3da4504 eslint: Add key-spacing linter rule.
Apparently, we didn't have one of these, and thus had a moderate
number of generally very old violations in the codebase.  Fix this and
clear the ones that exist..
2018-12-18 10:41:06 -08:00
Steve Howell d7c2577ffb subject -> topic: Rename compose fields.
The stream/topic edit areas now have these ids:

        #stream_message_recipient_stream
        #stream_message_recipient_topic

They are pretty verbose, but being able to grep
for these without noise does have some value.
2018-12-09 21:28:45 -08:00
Anders Kaseorg 9ba860b4f2 Avoid double redirects to /login and then to /login/.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-12-04 16:12:58 -08:00
Shubham Dhama 80a2d5bc59 eslint: Enable `conditionalAssign` config of no-trailing-spaces rule. 2018-06-11 07:51:24 -04:00
Shubham Dhama dcb6254a4e eslint: Enable `no-extra-parens` rule.
Following sub-configuration is disabled:
                "nestedBinaryExpressions": false,
2018-06-11 07:51:24 -04:00
Shubham Dhama cc03f9fb8f eslint: Enable space-infix-ops rule.
More about rule at  https://eslint.org/docs/rules/space-infix-ops
2018-06-05 00:47:35 +05:30
Anurag Sharma 1227857de6 hotkeys: Replace C with x for composing PM.
Pressing the 'x' key can now be used to compose a PM.
Pressing the 'C' key displays a modal that shows a deprecation notice.

Fixes #6548.
2018-04-01 16:13:05 -07:00
Steve Howell 3a1bf04a56 compose: Add pills for typing in PM recipients.
@brockwhittaker wrote the original prototype for having
pills in the recipient box when users compose PMs (either
1:1 or huddle).  The prototype was test deloyed on our
main realm for several weeks.

This commit includes all the original CSS and HTML from
the prototype.

After some things changed with the codebase after the initial
test deployment, I made the following changes:

    * In prior commits I refactored out a module called
      `user_pill.js` that implemented some common functions
      against a more streamlined version of `input_pill.js`,
      and this commit largely integrates with that.

    * I made changes in a prior commit to handle Zephyr
      semantics (emails don't get validated) and tested
      this commit with zephyr.

    * I fixed a reload bug by extracting code out to
      `compose_pm_pill.js` and re-ordering some
      calls to `initialize`.

There are still two flaws related to un-pill-ified text in the
input:

    * We could be more aggressive about trying to pill-ify
      emails when you blur or tab away.

    * We only look at the pills when you send the message,
      instead of complaining about the un-pill-ified text.
      (Some folks may consider that a feature, but it's
      probably surprising to others.)
2018-03-07 15:53:11 -08:00
Steve Howell fa0ac8b6b5 casper tests: Always show console output from the app.
We now always show JS console output when running Casper tests.
The app is not spammy for the "happy path", so there's no real
reason to quiet it down, and it's never been well documented
how to turn on the option, so we've subjected developers to
needless head scratching in the past.
2018-01-16 13:25:19 -05:00
Steve Howell aae69702fe casper: Try to fix clicking flakes for message editing.
The new `common.then_click` should prevent some races and remove
some duplicate code.
2017-12-27 18:33:32 -05:00
Tommy Ip 6e22847548 refactor: new message content -> compose textarea. 2017-11-28 12:53:40 -08:00
Tim Abbott 0148338a05 casper: Always use REALMS_HAVE_SUBDOMAINS.
This is preparation for setting REALMS_HAVE_SUBDOMAINS to be
permanently True.
2017-08-24 20:44:37 -07:00
Vaida Plankyte b165784264 frontend: Remove purposeless title attributes from gear menu. 2017-08-16 10:19:02 -07:00
Steve Howell 0e25055c1d Add explicit message field for locally_echoed.
We now set locally_echoed to true for messages that are
locally echoed, and we change some of our code to look
for this flag.
2017-07-21 11:38:25 -07:00
Umair Khan e4f6f53e74 casper: Add waitForSelectorText.
Fixes #1110
2017-06-07 13:41:59 -07:00
Brock Whittaker 7afbc9ddd6 Redesign login and registration pages.
This completes a major redesign of the Zulip login and registration
pages, making them look much more slick and modern.

Major features include:
* Display of the realm name, description and icon on the login page
  and registration pages in the subdomains case.
* Much slicker looking buttons and input fields.
* A new overall style for the exterior of these portico pages.
2017-04-26 18:04:05 -07:00
Steve Howell 58aedf985f capser: Close the compose box in un_narrow(). 2017-04-17 22:54:36 -07:00
Rafid Aslam 45f39be37f lint: Fix many no-unused-vars eslint rule violations.
These have been carefully audited by tabbott to ensure they are
unlikely to cause regressions.
2016-12-14 21:34:51 -08:00
Brock Whittaker a460fcddef Add Date Headers to Floating Bar and Message Headers.
This adds the date of a block of messages to the floating recipient
bar along with message headers of blocks that are the first of a
particular day.
2016-12-13 20:36:39 -08:00
lonerz 025fe9980b Switch no-empty eslint rule from warning to error (in .eslintrc) 2016-12-05 01:35:14 +00:00
Tim Abbott 1a161c6e33 eslint: Fix comma-dangle rules in JS support files.
This was done via eslint --fix.
2016-12-03 15:00:24 -08:00
kevv87 e6369fc29b eslint: change no-plusplus from warning to 2 and fix violations. 2016-12-01 14:27:17 -08:00
Steve Howell a845b15a54 casper: Remove then_log_out flakiness and sleep.
We were getting flakes from then_log_out() due to it
making an assert too early.  With this race condition removed,
I can run without the 0.3 sleep.
2016-10-12 22:03:55 -07:00
Tim Abbott d5f28abac7 casper: Use zulipdev.com rather than localhost consistently.
This fixes a problem where any absolute redirects in the routes
visited by the Casper tests will cause failures due to switching the
users to a "different" server where the cookies they'd received are no
longer valid.

Now, we at least consistently use the same hostname in the Casper
tests as EXTERNAL_HOST.
2016-10-11 15:54:05 -07:00
Steve Howell 69694b77fb casper: Improve common.js.
These changes prepare us for the casperjs upgrade:

    Extract init_viewport().
    Have then_log_out() do more explicit waiting.
    Add turn_off_press_enter_to_send().
2016-10-07 13:30:11 -07:00
Umair Khan 06b8c76bda casper: Use local_id check to ensure messages are actually sent.
Previously, we only used this approach of waiting until the local echo
ID was cleared in the message edit tests.
2016-10-03 09:27:22 -07:00
Umair Khan 4fa9a786fc casper: Wait for logouts to complete. 2016-10-03 09:27:02 -07:00
Umair Khan de905457ac Remove race condition while sending messages in casper.
Fixes: #1455
2016-09-30 16:49:29 +05:00
hackerkid ea39fb2556 Add option for hosting each realm on its own subdomain.
This adds support for running a Zulip production server with each
realm on its own unique subdomain, e.g. https://realm_name.example.com.

This patch includes a ton of important features:
* Configuring the Zulip sesion middleware to issue cookier correctly
  for the subdomains case.
* Throwing an error if the user tries to visit an invalid subdomain.
* Runs a portion of the Casper tests with REALMS_HAVE_SUBDOMAINS
  enabled to test the subdomain signup process.
* Updating our integrations documentation to refer to the current subdomain.
* Enforces that users can only login to the subdomain of their realm
  (but does not restrict the API; that will be tightened in a future commit).

Note that toggling settings.REALMS_HAVE_SUBDOMAINS on a live server is
not supported without manual intervention (the main problem will be
adding "subdomain" values for all the existing realms).

[substantially modified by tabbott as part of merging]
2016-09-27 23:24:14 -07:00
Umair Khan 0f01aeaec9 Create failure images for casper in var/casper. 2016-09-27 09:30:18 -07:00
Umair Khan 94e0bb5abb Fix race conditions in 03-narrow casper tests.
Re-arranges code so that two waitFor functions that can have
a race condition are separated by a then function.

Fixes: #1455
2016-09-21 17:54:42 +05:00
Tim Abbott 97e0306795 Replace localhost with 127.0.0.1 in casper tests. 2016-07-27 13:47:26 -07:00
Taranjeet Singh b143d6ca6e Move test_credentials.js to var/casper. 2016-07-25 14:39:23 -07:00
Rishi Gupta a3aebb63b7 casper tests: Increase default viewport size.
Changed from 1280x768 to 1280x1024 (from 5:3 to 5:4 aspect ratio) to make
failure screenshots more useful.
2016-07-12 19:26:54 -07:00
Caroline Liu 0c322403a6 Create common test function for select_item_via_typeahead. 2016-06-09 14:55:31 -07:00
Tim Abbott c35781d505 lint: Require folding of } on same line as else statements. 2016-06-09 14:02:49 -07:00
Tim Abbott 0c1b5006f7 lint: Check for space after if in javascript. 2016-06-09 13:47:12 -07:00