Having wantMessagesSigned=True globally means that it's also applied by
python3-saml to regular authentication SAMLResponses - making it require
the response to be signed, which is an issue because a feasible
alternative way that some IdPs (e.g. AzureAD) take by default is to sign
specifically the assertions in the SAMLResponse. This is also secure,
and thus we generally want to accept it.
Without this, the setting of wantMessagesSigned=True globally
in 4105ccdb17 causes a
regression for deployments that have already set up SAML with providers
such as AzureAD, making Zulip stop accepting the SAMLResponses.
Testing that this new logic works is handled by
test_saml_idp_initiated_logout_invalid_signature, which verifies that a
LogoutRequest without signature will be rejected.
It is possible for user to change the width by using
screen rotation after the page has been loaded on mobile.
If only height has changed, it is most likely due to a
virtual keyboard, we don't hide popover in that case.
Fixes#20439
This commit adds code to check whether a user is allowed to use
wildcard mention in a large stream or not while editing a message
based on the realm settings.
Previously this was only checked while sending message, thus user
was easily able to use wildcard mention by first sending a normal
message and then using a wildcard mention by editing it.
In 4792af5682 I reformatted the template in such a way
that the div was no longer empty, and therefore
the :empty pseudoclass was not properly applied to
show the placeholder.
I remove some spurious whitespace and a stray period
in zephyr-mirror, and then for all three I try to
line-wrap/indent in a way that's nicer for humans
and parsers to read.
PostgreSQL 11 and below used a configuration file names
`recovery.conf` to manage replicas and standbys; support for this was
removed in PostgreSQL 12[1], and the configuration parameters were
moved into the main `postgresql.conf`.
Add `zulip.conf` settings for the primary server hostname and
replication username, so that the complete `postgresql.conf`
configuration on PostgreSQL 14 can continue to be managed, even when
replication is enabled. For consistency, also begin writing out the
`recovery.conf` for PostgreSQL 11 and below.
In PostgreSQL 12 configuration and later, the `wal_level =
hot_standby` setting is removed, as `hot_standby` is equivalent to
`replica`, which is the default value[2]. Similarly, the
`hot_standby = on` setting is also the default[3].
Documentation is added for these features, and the commentary on the
"Export and Import" page referencing files under `puppet/zulip_ops/`
is removed, as those files no longer have any replication-specific
configuration.
[1]: https://www.postgresql.org/docs/current/recovery-config.html
[2]: https://www.postgresql.org/docs/12/runtime-config-wal.html#GUC-WAL-LEVEL
[3]: https://www.postgresql.org/docs/12/runtime-config-replication.html#GUC-HOT-STANDBY
These are both unsupported by PostgreSQL itself, as well as by Zulip;
the removal of Ubuntu Xenial and Debian Stretch support in Zulip 3.0
removed the requirement for PostgreSQL 9.6, and the previous versions
date back yet farther.
If a user chooses to not broadcast their presence status to others, we
still show the user as available in their own user sidebar. Instead, one's
own availability should appear the same as it does for other users.
With tweaks from YashRE42: rebasing to use user_settings instead of
page_params, as introduced in the series of commits ending with
8755a76cf6, adding code comments and
moving the redraw call to `server_events_dispatch.js`.
Fixes part of #18846. Further work is required to display the user's own idle
status properly to complete #18846.
Co-authored-by: YashRE42 <33805964+YashRE42@users.noreply.github.com>
Co-authored-by: Ganeshprasad Biradar <biradarganesh25@gmail.com>
Changing realm-level notification batching period setting from UI
was broken after adding the "Custom" option in 4f63378e7f because it
handled only user-level setting code and not realm-level setting.
This commit fixes it.
This commit refactors the set_notification_batching_ui to
use settings_org.change_element_block_display_property function
for toggling the visibility of custom input.
We add id to the email_notification_batching_period_edit_minutes
element such that we can use change_element_block_display_property
function because it requires id of element as an argument.
This commit also removes the value attribute of the custom
input since its value was set undefined in the template
and then was set in set_notification_batching_ui, so there
is no use of keeping the value attribute in templates.
This is a prep commit for fixing the behavior of this element
in realm-level default settings.
Now that we pass in the UserProfile.id in the metadata to Stripe's
PaymentIntent objects, we no longer need to retrieve the user via
delivery_email. It makes more sense to just fetch the user by ID
and then get the latest delivery_email directly.
Note that an update to Stripe's fixtures is not necessary here
since a previous commit already modified the metadata passed to
both stripe.Session/PaymentIntent objects.
Previously, our Stripe webhook event handler code retrieved the
user's email from Stripe using the stripe.Customer.email attribute.
This led to situations such that whenever the email that Stripe had
did not correspond to a UserProfile in Zulip, the payment flow
failed since we couldn't find a UserProfile associated with the
given email.
Now, we pass in the UserProfile.id in the metadata to Stripe's
checkout Session object, so that we can fetch the correct email
in future Stripe requests.
The stream select dropdown's height was clipped by the modal
container which resulted in the dropdown only being displayed
partially. We could either move the dropdown to under `body` or use
`position: fixed` for it be able to show outside parent container.
We go for the later option.
I have looked at maybe ~100 errors in the last week as part
of fixing the tooling, and it's quite common to want to just
see what the improved file would look like. Now I show the
desired output with line numbers.
I also try to encourage devs to scroll up, since newbies
often don't do that for some reason when confronted with
error output.
Finally, I add some color. I try to repeat myself without
color for certain things in case colors on certain
backgrounds are hard to read.
A fast way to test this is to just break up a long tag
into two lines.
The GIF icon was taking more height than it was alloted to.
The height taken also varied slighly based on external factors.
This pushed other buttons out of their desired position.
Since we don't use video button in compose control buttons
popover, this will never be reached. We can add this code again
when we add video button to the popvoer.
Fixes#20431 by changing dark theme colors of upgrade tips to match
colors of other dark theme tips (with the same structure as the
existing .tip class).
When Zulip is run behind one or more reverse proxies, you must
configure `loadbalancer.ips` so that Zulip respects the client IP
addresses found in the `X-Forwarded-For` header. This is not
immediately clear from the documentation, so this commit makes it more
clear and augments the existing examples to showcase this need.
Fixes: #19073
Tim Abbott
Alex Vandiver
Mateusz Mandera
Aman Agrawal
Sahil Batra
Steve Howell
Alya Abbott
Yash Rathore
Eeshan Garg
Anders Kaseorg
My-Name-Is-Nabil
Emilio López