Commit Graph

206 Commits

Author SHA1 Message Date
Anders Kaseorg 61982d9d47 uploads: Revert "Url encoded name of the file should be an ascii."
This reverts commit fd9dd51d16 (#1815).

The issue described does not exist in Python 3, where urllib.parse now
_only_ accepts (Unicode) str and does the right thing with it.  The
workaround was not being triggered and would have failed if it were.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-04-22 22:28:39 -07:00
Ben Muschol d526ff00f2 settings: Rename "user avatar" to "profile picture"
This renames references to user avatars, bot avatars, or organization
icons to profile pictures. The string in the UI are updated,
in addition to the help files, comments, and documentation. Actual
variable/function names, changelog entries, routes, and s3 buckets are
left as-is in order to avoid introducing bugs.

Fixes #11824.
2019-03-15 13:29:56 -07:00
Vishnu Ks a288cfc43a uploads: Show used upload space in attachments UI. 2019-03-07 20:18:00 -08:00
Pragati Agrawal 095e24c515 realm_logo: Update `upload_logo` views to return nothing. 2019-03-07 12:12:00 -08:00
Pragati Agrawal 276020445d realm_logo: Make `delete_logo_backend` views return nothing. 2019-03-07 12:12:00 -08:00
Pragati Agrawal 78e9ad3128 test_upload: Use actions.py do-change functions to change property. 2019-03-07 12:12:00 -08:00
Pragati Agrawal 0192f80d2e org_settings: Remove print statements.
This commit deletes the redundant `print` statement from the
`test_upload.py` file.
2019-03-07 12:12:00 -08:00
Vishnu Ks 8356804bf1 api: Add endpoint for fetching used upload space info. 2019-03-04 18:46:13 -08:00
Vishnu Ks 94ae2dc24e models: Cache currently_used_upload_space_bytes function. 2019-03-04 18:46:13 -08:00
Vishnu Ks e522308507 models: Move currently_used_upload_space function to Realm model. 2019-03-04 18:46:13 -08:00
sahil839 7157edf4af settings: Add support for uploading logo for night mode.
This adds a new field named realm_night_logo which is used for
displaying the organization logo when the user is in night mode.

Fixes #11176.
2019-02-18 15:15:57 -08:00
Anders Kaseorg 3127fb4dbd zerver/tests: Remove unused imports.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2019-02-02 17:43:03 -08:00
Daniel Bradburn 1e65cdd072 emoji: Only resize custom emoji that need it.
This additional logic to prevent resizing is certain circumstances
(file size, dimensions) is necessary because the pillow gif handling
code seems to be rather flaky with regards to handling gif color
palletes, causing broken gifs after resizing.  The workaround is to
only resize when absolutely necessary (e.g. because the file is larger
than 128x128 or 128KB).

Fixes #10351.
2019-01-29 10:33:50 -08:00
Harshit Bansal 45d50715c5 uploads: Return a HTTP 400 error for a decompression bomb attack.
Fixes: #11215.
2019-01-13 08:17:24 +00:00
Tim Abbott 2adb0734d1 decorator: Set an error code for invalid API key errors.
This should make it easily for mobile/terminal apps to handle
situations like the user's API key changing.

Also fix the fact we were incorrectly using a 400, not 401, status
code for this case.
2019-01-05 11:29:34 -08:00
Joshua Pan ad1df0ebeb settings: Add support for customizing the top-left logo.
This adds a new realm_logo field, which is a horizontal-format logo to
be displayed in the top-left corner of the webapp, and any other
places where we might want a wide-format branding of the organization.

Tweaked significantly by tabbott to rebase, fix styling, etc.

Fixing the styling of this feature's loading indicator caused me to
notice the loading indicator for the realm_icon feature was also ugly,
so I fixed that too.

Fixes #7995.
2018-12-18 12:44:52 -08:00
rht a1ff44a230 refactor: Add a helper function to create s3 buckets.
This refactor makes upgrading boto to boto3 easier.
Based on 43d2f6286c
2018-12-07 13:58:11 -08:00
Tim Abbott 8cf104b643 avatar: Allow API authentication for /avatar/ routes.
This makes it feasibly for the mobile apps to correctly render user
avatars generated by the `!avatar()` syntax.
2018-10-11 15:52:29 -07:00
Vishnu Ks 5bdadc8061 upload: Create function to delete avatar image. 2018-10-11 15:30:26 -07:00
Yago González f6219745de users: Get all API keys via wrapper method.
Now reading API keys from a user is done with the get_api_key wrapper
method, rather than directly fetching it from the user object.

Also, every place where an action should be done for each API key is now
using get_all_api_keys. This method returns for the moment a single-item
list, containing the specified user's API key.

This commit is the first step towards allowing users have multiple API
keys.
2018-08-08 16:35:17 -07:00
Harshit Bansal 25fa9a25ff emoji: Add support for animated GIF images.
This commit adds 'resize_gif()' function which extracts each frame,
resize it and coalesces them again to form the resized GIF while
preserving the duration of the GIF. I read some stackoverflow
answers all of which were referring to BiggleZX's script
(https://gist.github.com/BigglesZX/4016539) for working with animated
GIF. I modified the script to fit to our usecase and did some manual
testing but the function was failing for some specific GIFs and was not
preserving the duration of animation. So I went ahead and read about
GIF format itself as well as PIL's `GifImagePlugin` code and came up
with this simple function which gets the worked done in a much cleaner
way. I tested this function on a number of GIF images from giphy.com
and it resized all of them correctly.

Fixes: #9945.
2018-08-04 11:46:58 -07:00
Anders Kaseorg 037f696d26 Enable pycodestyle W605 (invalid escape sequence).
The only changes visible at the AST level, checked using
https://github.com/asottile/astpretty, are

zerver/lib/test_fixtures.py:
'\x1b\\[(1|0)m' ↦ '\\x1b\\[(1|0)m'
'\\[[X| ]\\] (\\d+_.+)\n' ↦ '\\[[X| ]\\] (\\d+_.+)\\n'

which is fine because re treats '\\x1b' and '\\n' the same way as
'\x1b' and '\n'.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-07-03 16:54:46 +02:00
Vishnu Ks 53237d39aa registration: Allow users to import profile picture. 2018-06-06 13:29:42 -07:00
Tim Abbott 7d250cb2f9 attachment: Fix handling of stream history.
This fixes two issues:

* Our guest users feature gave guest users access to public stream
  attachments even if they couldn't access the public stream.

* After a user joins a private stream with our new shared history
  feature, they couldn't see images uploaded before they joined.

The tests need to check for a few types of issues:
* The actual access control permissions.
* How many database queries are used in the various
  cases for that second model, especially with multiple messages
  referencing an attachment.  This function gets called a lot, and we
  want to keep it fast.

Fixes #9372.
2018-06-06 09:40:22 -07:00
Shubham Padia cd1233d3f7 upload: Add test jpg image with no exif data. 2018-05-31 08:08:59 -07:00
Shubham Padia 8b8a9be377 upload: Rotate image according to exif data when resizing avatar and emojis.
Fixes the avatar/emoji part of #8177.

Does not address the issue with uploaded images, since we don't do
anything with them.

Also adds 3 images with different orientation exif tags to
test-images.
2018-05-29 10:39:39 -07:00
jkiely ca3ce90496 mypy: Enable strict optional in lib/avatar.py.
Add assert to function and modify tests in order to pass under
strict conditions.
2018-05-17 11:11:55 -07:00
RobbieClarken 17d6d4fed1 zerver/tests: Add test for get_emoji_url for local upload backend. 2018-05-15 10:50:39 -07:00
RobbieClarken fb42b58316 zerver/tests: Test emoji upload for local storage backend. 2018-05-15 10:50:39 -07:00
RobbieClarken 2dc13d6b50 zerver/tests: Test ensure_medium_avatar_url when the file exists. 2018-05-15 10:50:39 -07:00
RobbieClarken 398141268f zerver/tests: Test get_emoji_url for S3. 2018-05-15 10:50:39 -07:00
RobbieClarken dd19ed3972 zerver/tests: Test upload emoji to S3. 2018-05-15 10:50:39 -07:00
RobbieClarken ff95c67197 zerver/tests: Test upload realm icon for S3. 2018-05-15 10:50:39 -07:00
RobbieClarken 25e91b289d zerver/tests: Test delete message image from S3 when file is missing. 2018-05-15 10:50:39 -07:00
RobbieClarken b3a6c0a253 zerver/tests: Test currently_used_upload_space function. 2018-05-15 10:50:38 -07:00
RobbieClarken efc63d4ca0 zerver/tests: Test S3 file upload with undefined content type. 2018-05-15 10:42:10 -07:00
RobbieClarken b9fff04f39 zerver/tests: Add test for resize_emoji for images that need resizing. 2018-05-15 10:42:10 -07:00
RobbieClarken 69a5ce102f zerver/tests: Remove unecessary re-open on files in tests.
The get_test_image_file helper function returns a file handle so we can
call the read method on this directly.
2018-05-15 10:42:10 -07:00
RobbieClarken f34d9dc910 zerver/tests: Test get_realm_for_filename when filename doesn't exist. 2018-05-15 10:42:10 -07:00
RobbieClarken 2cca5dc79f zerver/tests: Test upload when mimetype is supplied as a query param. 2018-05-14 10:58:24 -07:00
Aditya Bansal 5416d137d3 zerver/tests: Change use of typing.Text to str. 2018-05-12 15:22:39 -07:00
Tim Abbott aa4b067e68 avatars: Fix 500 with the /avatar/ URL to be a 404.
Apparently, we had a somewhat sloppy regular expression for the URL
for this endpoint.
2018-04-18 12:43:57 -07:00
Nikhil Kumar Mishra 91412e5843 test_upload: Add test for `get_realm_for_filename`. 2018-04-16 11:52:44 -07:00
Nikhil Kumar Mishra c96dc1652e test_upload: Add tests for `resize_emoji`. 2018-04-16 11:52:44 -07:00
Tim Abbott 5ddf2614f0 uploads: Add new way of querying for mobile uploads endpoint.
This extends the /user_uploads API endpoint to support passing the
authentication credentials via the URL, not the HTTP_AUTHORIZATION
headers.  This is an important workaround for the fact that React
Native's Webview system doesn't support setting HTTP_AUTHORIZATION;
the app will be responsible for rewriting URLs for uploaded files
directly to add this parameter.
2018-04-13 17:51:45 -07:00
Puneeth Chaganti 4ce8f2aaa2 upload: Rename upload_message_image to upload_message_file.
Tweaked by tabbott to also fix a Slack import comment.
2018-03-30 13:38:31 -07:00
Aditya Bansal d4360e2287 uploads: Make django-sendfile to force downloading attachments.
We start to force downloads for the attachment files. We do this
for all files except images or pdf's. We would like images or pdf's
to open up in browser itself.

Tweaked by tabbott for comment clarity and correctness.
2018-03-14 11:22:10 -07:00
Tim Abbott e2a6541133 i18n: Fix use of 'realm administrator' in translated strings.
These are user-facing and thus should refer to being an "organization
administrator".
2018-03-07 17:15:29 -08:00
Shubham Padia 13664f1289 uploads: Convert CMYK to RGB when saving avatar/realm icon as png.
Fixes #8546.
PNG does not support CMYK mode. CMYK file is converted to RGB and
then saved as PNG.
2018-03-02 12:57:22 -08:00
neiljp (Neil Pilgrim) 354d552a10 mypy: Add two mypy-pacifying asserts in upload & bugdown tests. 2018-02-19 09:24:50 -08:00
Aditya Bansal efe8545303 local-uploads: Start running authentication checks on file requests.
From here on we start to authenticate uploaded file request before
serving this files in production. This involves allowing NGINX to
pass on these file requests to Django for authentication and then
serve these files by making use on internal redirect requests having
x-accel-redirect field. The redirection on requests and loading
of x-accel-redirect param is handled by django-sendfile.

NOTE: This commit starts to authenticate these requests for Zulip
servers running platforms either Ubuntu Xenial (16.04) or above.

Fixes: #320 and #291 partially.
2018-02-16 05:06:37 +05:30
Vishnu Ks 43a6439b3b upload: Enforce per-realm quota. 2018-01-29 16:06:11 -08:00
Greg Price 55cf54c087 upload: Remove old per-user quota feature.
We'll replace this primarily with per-realm quotas (plus the simple
per-file limit of settings.MAX_FILE_UPLOAD_SIZE, 25 MiB by default).

We do want per-user quotas too, but they'll need some more management
apparatus around them so an admin has a practical way to set them
differently for different users.  And the error handling in this
existing code is rather confused.  Just clear this feature out
entirely for now; then we'll build the per-realm version more cleanly,
and then we can later add back per-realm quotas modelled after that.

The migration to actually remove the field is in a subsequent commit.

Based in part on work by Vishnu Ks (hackerkid).
2018-01-29 16:06:11 -08:00
Rhea Parekh 092472f42d tests: Add test coverage for uploading avatars to S3UploadBackend.
Add test coverage for the function upload_avatar_image and
ensure_medium_avatar_image in S3UploadBackend.
2017-12-26 09:09:31 -05:00
Alena Volkova 26eb23afc7 tests: Replace api_auth usages with auth methods in zerver/tests. 2017-12-18 09:24:09 -05:00
Tim Abbott 1ed50ee858 tests: Pass a realm option to login for non-zulip realms.
This better matches the model of how having multiple realms should
work: you need to specify which realm you're logging into.
2017-11-17 15:32:42 -08:00
rht 4f5b1c0a5a zerver/tests: Use python 3 syntax for typing in most files. 2017-11-16 21:52:01 -08:00
derAnfaenger 19bc55aa45 Fix various typos.
The typos and their corrections were found with the
aid of https://github.com/lucasdemarchi/codespell.
2017-11-09 16:26:38 +01:00
rht de319b4558 refactor: Remove six.moves.StringIO import. 2017-11-07 10:51:44 -08:00
rht 19bd335cbb Change urllib import to be Python 3-specific. 2017-11-07 10:46:42 -08:00
Aditya Bansal 31ea495842 test_uploads: Extract 'use_s3_backend' to test helpers. 2017-10-30 21:56:31 -07:00
Aditya Bansal 269cd3b8bf tests: Remove work around for non-writeable name property of StringIO. 2017-10-30 21:56:31 -07:00
Steve Howell 9c90c40c08 tests: Fix send_message calls in test_upload.py. 2017-10-28 10:20:59 -07:00
Steve Howell 1fc6a5febc Add get_avatar_field() function.
This function is designed to replace avatar_url() and
avatar_url_from_dict() over time.

There are a few things new about it:

    * We make the parameters more explicit, rather than
      passing in an opaque dictionary or requiring a
      UserProfile object.  (A lot of our callers want
      to use `values()` for efficiency sake, since we
      are often doing bulk user operations.)

    * We start to support the client_gravatar option.
2017-10-12 14:00:41 -07:00
Tim Abbott 66a3f514d4 zilencer: Remove long-obsolete Deployment model.
This was a precursor to RemoteZulipServer, which is no longer used for
anything, and was cluttering the codebase.
2017-10-11 23:48:01 -07:00
rht 1e87a4b68c zerver/tests: Remove absolute_import. 2017-09-27 10:00:39 -07:00
Tim Abbott f51f89a86e test_upload: Explicitly declare subdomains. 2017-08-26 13:45:27 -07:00
Tim Abbott eb720485c5 tests: Add and use new self.subscribe.
This new method cleans up the API for subscribing to something from a
test case.
2017-08-24 21:37:57 -07:00
Steve Howell 81e3f489f2 Use sender realm in user_profiles_from_unvalidated_emails.
This change is mostly based on a similar commit from hackerkid
in a feature branch.  It borrows both code and ideas.  Some of
it's my own stuff, as I was working on a newer branch.

We now call get_user_including_cross_realm_email() inside of
user_profiles_from_unvalidated_emails(), instead of using
get_user_profile_by_email.

This requires a few of our callers to pass down sender into us.

One consequence of this change is that we change the symptoms
for trying to send to emails outside of your realm.  In some
cases, we simply raise an error that an email is invalid to us
instead of getting into the deeper validate_recipient_user_profiles
check.
2017-08-22 10:42:15 -07:00
Tim Abbott ef722c5688 tests: Remove unused ujson imports. 2017-08-17 09:05:52 -07:00
Umair Khan d3ced34152 test_uploads: Upgrade to HttpResponse.json(). 2017-08-16 07:06:58 -07:00
neiljp (Neil Pilgrim) b782db48e1 mypy: Remove superfluous older 'type: ignore' annotations. 2017-08-08 11:27:51 -07:00
Tim Abbott 6a50e13156 uploads: Remove legacy /json/upload_file endpoint.
This migrates Zulip to use the equivalent API endpoint that has been
present for a while.
2017-07-31 13:08:06 -07:00
Vishnu Ks f9245e26d9 Make user_id, realm_id mandatory in _get_unversioned_avatar_url. 2017-07-17 21:01:30 +00:00
Aditya Bansal 84e53f960d pep8: Add compliance with rule E261 to tests/test_upload.py. 2017-07-11 15:17:32 -07:00
neiljp (Neil Pilgrim) 0958298d88 mypy: Add missing type parameter in test_upload.py:create_user. 2017-07-07 10:56:33 -07:00
Vishnu Ks 9067890120 urls: Use POST for zerver.views.user_settings.set_avatar_backend.
The set_avatar_backend is changed from PUT to POST becuase this
is not idempotent.
2017-07-07 10:31:43 -07:00
Vishnu Ks cf2dec539f urls: Use POST for zerver.views.realm_icon.upload_icon.
This upload_icon endpoint is changed from PUT to POST becuase
this endpoint is not idempotent.
2017-07-07 10:31:43 -07:00
sinwar 8ff2e5a22b requirements: Upgrade moto to latest version.
Fixes #5454
2017-06-21 19:05:50 -04:00
Vishnu Ks bb98e35aa0 Replace othello@zulip.com with example_email('othello'). 2017-05-24 19:37:36 -07:00
Vishnu Ks 52d2d6c4fa Replace prospero@zulip.com with example_email('prospero'). 2017-05-24 19:37:36 -07:00
Vishnu Ks c4db3b7d1c Replace cordelia@zulip.com with example_email('cordelia'). 2017-05-24 19:37:36 -07:00
Vishnu Ks 961b35d52e Replace iago@zulip.com with example_email('iago'). 2017-05-24 19:37:36 -07:00
Vishnu Ks 5230eaef1c Replace hamlet@zulip.com with example_email('hamlet'). 2017-05-24 19:37:36 -07:00
Rick Chern e53d1c3885 tests: Remove get_user_profile_by_email from most tests. 2017-05-24 13:05:19 -07:00
Steve Howell 036f66aba3 Add test_get_avatar_url_with_user_profile_lookup test. 2017-05-23 18:35:45 -07:00
Rick Chern 70d68f7e71 Refactoring: Replace get_user_profile_by_email() in lib/upload.py 2017-05-23 12:37:49 -07:00
Tim Abbott e8eaec0a18 mypy: Fix various errors caught by removing cache_with_key. 2017-05-10 14:37:20 -07:00
Steve Howell 7f9057ba99 tests: Use example_user() in more places. 2017-05-08 11:57:38 -07:00
Steve Howell 942db9b6c5 tests: Added ZulipTestCase.example_user() function.
The example_user() function is specifically designed for
AARON, hamlet, cordelia, and friends, and it allows a concise
way of using their built-in user profiles. Eventually, the
widespread use of example_user() should help us with refactorings
such as moving the tests users out of the "zulip.com" realm
and deprecating get_user_profile_by_email.
2017-05-08 11:57:38 -07:00
Aditya Bansal bdcddd35d0 tests: Add wrapper for client.logout in ZulipTestCase.
In this commit we add a logout wrapper so as to enable developers
to just do self.logout instead of doing a post request at API
endpoint for logout. This is achieved by adding a wrapper function
for the Django's client.logout contained in TestCase. We add this
by extending ZulipTestCase to have a logout function.
2017-04-21 21:45:55 -07:00
Tim Abbott a543b3cacd attachment: Clarify and test logic for invalid uploads. 2017-04-18 21:27:29 -07:00
Tim Abbott 568b59291b attachment: Improve rules for managing attachment ownership.
The previous logic was that anyone with a link to a file could send it
to other users, but only the owner could make a file realm-public.
This had some confusing corner cases.

The new logic is much simpler:
* Only the file's owner/uploader can include a file in a message for
  the first time.
* Anyone with access to read a file can share it with others by
  including it in messages they send.
* Once a file has been sent to a public stream, any user in the realm
  can access it.
2017-04-18 21:27:29 -07:00
Aditya Bansal 08e4a67fa5 tests: Fix occasionally breaking tests.
In this commit we fix the occasionally breaking tests for
test_home.HomeTest.test_bad_narrow which were the result of
us patching global settings in test_upload to add some new emails
to CROSS_REALM_BOT_EMAILS and not rolling back.
2017-04-18 19:44:12 -07:00
hackerkid b2504084ab Replace timezone.now with timezone_now. 2017-04-16 12:28:56 -07:00
rahuldeve 60803137f2 uploads: Add authorization check before serving files.
This is a remerge of e985b57259 (after
resolving merge conflicts, updating the tests, adding mypy annotations
etc.), which should now be correct, because we've done the necessary
database migration.

The rebase/remerge work was done by Tim Abbott and Aditya Bansal.

This is an important part of #320.
2017-04-07 16:35:28 -07:00
Tim Abbott 993276b882 test_upload: Add tests for realm icon URL scheme. 2017-03-21 16:12:04 -07:00
Tim Abbott 8775a22663 avatar: Fix buggy avatar URL scheme with S3 backend.
Also adds tests for the avatar URL scheme.
2017-03-21 16:12:04 -07:00
Rishi Gupta 3aae6cd421 Change if(realm.domain == zulip.com) checks to use Realm.string_id. 2017-03-13 14:17:14 -07:00
Elliott Jin 8d936601d3 test-backend: Raise zerver/views/test_upload.py test coverage to 100%. 2017-03-08 11:42:25 -08:00