Commit Graph

44823 Commits

Author SHA1 Message Date
RISHABH SIDANA 41b37dab42
typo: Fix models.py grammatical error. 2021-10-22 13:44:26 -07:00
Kartik Soneji 6705085e25 provision: Silently unset PIP_USER if set. 2021-10-22 13:43:40 -07:00
Anders Kaseorg 58920affd4 python: Remove re.UNICODE flag (redundant in Python 3).
https://docs.python.org/3/library/re.html#re.A

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-10-22 13:42:29 -07:00
Shlok Patel 0678e2610f webhooks: Add support for GitHub discussions messages.
We aim to use Zulip topics thoughtfully in displaying messages from
discussions, as well as linking to the discussion in every message so
that it's easy to view them.

Fixes #19938.
2021-10-22 13:40:05 -07:00
Alex Vandiver 9381a3bd45 linkifiers: Support URL percent-encoded bytes.
Supporting URL percent-encoded bytes is possible using `%%20`, but this
is not necessarily very understandable to end-users, even those that
understand percent encoding.

Allow `%20` in linkifier URL format strings, and transform them into
`%%20` in the pattern just before they are applied in markdown
translation.  Care must be taken here, such that already-escaped `%`s
are not escaped an extra time.

We do this before rendering, and not before storage, as
a simplification; the JS-side linkifier at present only understands
`%(foo)s` and thus needs no changes, and to avoid an un-escaping pass
before showing in the admin UI.
2021-10-22 13:00:20 -07:00
Alex Vandiver d6768814a1 linkifiers: Explicitly only check format strings after verifying as a URL.
This makes the errors less confusing -- they might otherwise be jammed
together in the frontend.
2021-10-22 13:00:20 -07:00
Alex Vandiver 8dd9b4e812 linkifiers: Loosen regex that validates URLs.
User-supplied custom realm filter has had some sort of regex-based
validation of the format URL since their introduction in
d7e1e4a2c0 -- and this has always been
in addition to the URLValidator.  The URLValidator is the one which
does the security-relevant work of validating that the schema is
reasonable, and that the overall shape of the URL is well-formed.  The
regex has served primarily to arbitrary limit the characters that can
appear in the URL, in the mistaken name of safety.

Adjust the regex, such that its only purpose is to verify that the
usages of `%` characters in the URL are reasonable, and leave the URL
validation to the URLValidator, which can do a far better job.  This
includes broadening the support to include `%%` as an escape
character; this is likely such a niche case as to be unnecessary, but
costs little.

Fixes #16013.
2021-10-22 13:00:20 -07:00
isakhagg adb612a0b4 settings: Rearrange display settings.
This provides a cleaner organization for our display settings, to make
browsing them more intuitive for new users.

We still need to update the /help/ documentation following this migration.

Fixes #19960.
2021-10-21 15:23:19 -07:00
Anders Kaseorg 4839b7ed27 url_preview: Interpret og:image relative to full page URL.
og:image is supposed to be an absolute URL, but some sites incorrectly
provide a relative URL.  In this case, it makes more sense to
interpret it relative to the full page URL after redirects, rather
than relative to just the domain part of the page URL before
redirects.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-10-21 12:20:37 -07:00
Mateusz Mandera 4dae22684a audit_log: Reserve a number for STREAM_REACTIVATED.
We don't yet have a do_reactivate_stream function, but we reserve a
number since:
1. It'll likely be added in the future.
2. For now, we can restore archived stream with some manual intervention
in the Django shell, and for that we'll want to create an appropriate
RealmAuditLog entry.
2021-10-21 11:13:55 -07:00
Jonny Tran ddf4053a73 composebox_typeahead: Remove redundant options from the `/` typeahead.
Removes the `/day` and `/night` options from the typeahead menu while
still allowing the commands to be used. Typing `/day` and `/night`
will now suggest `/light` and `/dark`, respectively. Also changes the
`Dark mode` and `Light mode` popups that appear after using the
corresponding command.

Fixes #18318.
2021-10-21 10:50:27 -07:00
Lauryn Menard 0d0b4eb9d4 documentation_api: Deduplicate ignored_parameters_unsupported.
Created a schema for the ignored_parameters_unsupported that is
returned by the /settings and /realm/user_settings_defaults endpoints
and removed the duplicated text in the api documentation.

Also cleaned up some small errors in the /realm/user_settings_default
definition and sidebar link /api/update-realm-user-settings-defaults.

Fixes #19674
2021-10-21 10:32:31 -07:00
Alex Vandiver 75f1070881 queue_processors: Disable timeouts with PushNotificationsWorker.
Since 3853285241, PushNotificationsWorker uses the aioapns library
to send Apple push notifications.  This introduces an asyncio event
loop into this worker process, which, if unlucky, can respond poorly
when a SIGALRM is introduced to it:

```
[asyncio] Task exception was never retrieved
future: <Task finished coro=<send_apple_push_notification.<locals>.attempt_send() done, defined at /path/to/zerver/lib/push_notifications.py:166> exception=WorkerTimeoutException(30, 1)>
Traceback (most recent call last):
  File "/path/to/zerver/lib/push_notifications.py", line 169, in attempt_send
    result = await apns_context.apns.send_notification(request)
  File "/path/to/zulip-py3-venv/lib/python3.6/site-packages/aioapns/client.py", line 57, in send_notification
    response = await self.pool.send_notification(request)
  File "/path/to/zulip-py3-venv/lib/python3.6/site-packages/aioapns/connection.py", line 407, in send_notification
    response = await connection.send_notification(request)
  File "/path/to/zulip-py3-venv/lib/python3.6/site-packages/aioapns/connection.py", line 189, in send_notification
    data = json.dumps(request.message, ensure_ascii=False).encode()
  File "/usr/lib/python3.6/json/__init__.py", line 238, in dumps
    **kw).encode(obj)
  File "/usr/lib/python3.6/json/encoder.py", line 199, in encode
    chunks = self.iterencode(o, _one_shot=True)
  File "/usr/lib/python3.6/json/encoder.py", line 257, in iterencode
    return _iterencode(o, 0)
  File "/path/to/zerver/worker/queue_processors.py", line 353, in timer_expired
    raise WorkerTimeoutException(limit, len(events))
zerver.worker.queue_processors.WorkerTimeoutException: Timed out after 30 seconds processing 1 events
```

...which subsequently leads to the worker failing to make any progress
on the queue.

Remove the timeout on the worker.  This may result in failing to make
forward progress if Apple/Google take overly long handling requests,
but is likely preferable to failing to make forward progress if _one_
request takes too long and gets unlucky with when the signal comes
through.
2021-10-21 08:59:56 -07:00
Alex Vandiver ab985c0066 queue_processors: Add a comment clarifying that timeouts only happen when single-threaded. 2021-10-21 08:59:56 -07:00
Alex Vandiver a1d22cc7fa ci: Run production tests when files mentioning zilencer are changed.
Production installs do not use the zilencer application, but the tests
do include it; as such, changes to any files which reference zilencer
are more likely to pass tests but fail production installs.

Run production tests when those files are changed.
2021-10-20 16:53:11 -07:00
RISHABH SIDANA 97b62f16c2
typo: Fix duplicated word in comment. 2021-10-20 12:53:50 -07:00
Anders Kaseorg 2c27a87bcd provision: Refuse to run outside an existing Vagrant environment.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-10-20 10:35:46 -07:00
Eeshan Garg 0485aece4e pypi: Upgrade python-zulip-api packages to version 0.8.1. 2021-10-20 10:25:19 -07:00
Anders Kaseorg d1c05467ec push_notifications: Fix RemoteZulipServer annotation to work at runtime.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-10-20 00:48:55 -07:00
Alex Vandiver c0b557fb2e push_notifications: Move zilencer import inside ZILENCER_ENABLED check. 2021-10-20 06:16:10 +00:00
Alex Vandiver 111ee64e36 push_notifications: Pass down the remote server and user-id for logs.
This makes logging more consistent between FCM and APNs codepaths, and
makes clear which user-ids are for local users, and which are opaque
integers namespaced from some remote zulip server.
2021-10-19 22:04:24 -07:00
Alex Vandiver 5bcd3c01cb push_notifications: Add log line with user-id, UUID, and devices.
Being able to determine how many distinct users are getting push
notifications per remote host is useful, as is the distribution of
device counts.  This parallels the log line in
handle_push_notification for push notifications from local realms,
handled via the event queue.
2021-10-19 22:04:24 -07:00
Sahil Batra 2285338b11 tests: Use more selective query in user group tests.
We should use more selective query for UserGroupMembership
objects in tests for checking adding and removing members.
This is done by checking the membership counts for the
particular user group only.

This will help in keeping the tests more understandable
after we add members to the role-based system groups,
since that would create a lot of membership objects.
2021-10-19 17:02:10 -07:00
Sahil Batra 828f0e1847 populate_db: Use do_change_user_role to set polonius as guest.
This commit changes populate_db code to set role of polonius
as guest using do_change_user_role. This will make it consistent
with other users also.
2021-10-19 17:02:10 -07:00
Sahil Batra 599b3cc58e test_user_groups: Make UserGroup queries more selective.
We make the UserGroup queries in user group creation and
deletion tests more selective by fitering the user groups
which belong to the realm and not the one included in
lear realm, etc.

This will help us to keep the tests more understandable
when the counts of UserGroup increases due to addition of
system groups. There is no need to consider system groups
of other realms in these tests.
2021-10-19 17:02:10 -07:00
Sahil Batra 8b2213a43e test_user_groups: Fix comment in test_user_group_create. 2021-10-19 17:02:10 -07:00
Mateusz Mandera 068dd6bdae docs: Tweak Keycloak SAML instructions.
Keycloak docs say:

https://www.keycloak.org/getting-started/getting-started-docker
```
By default there is a single realm in Keycloak called master. This is
dedicated to manage Keycloak and should not be used for your own
applications.
```

Thus we should change what we assume the Keycloak realm to be to avoid
assuming as a default a practice
that Keycloak disourages.
2021-10-19 17:00:10 -07:00
rht bb8504d925 lint: Fix typos found by codespell. 2021-10-19 16:51:13 -07:00
iampranavdhar 5b7bb5142f compose: Fix alignment of close button in warning banner.
A bug in the compose.css code resulted in showing the close button in
the banner in a wrong way.  The previous logic to center the button
vertically didn't actually achieve our goals, since in cases where the
text line-wraps to two lines, it'd look oddly out of place.

Fixes #19770.
2021-10-19 12:22:45 -07:00
Soumyajyoti Dey 140c0fd599
popovers: Position status emoji to left of label.
This matches the design present in the right sidebar, where statuses
are primarily displayed to users.

Fixes #19998.
2021-10-19 12:21:45 -07:00
Eeshan Garg b325a4f1be realm: Rename plan type constants to be more descriptive.
It is confusing to have the plan type constants not be namespaced
by the thing they represent. We already have a namespacing
convention in place for constants, so we should use it for
Realm.plan_type as well.
2021-10-19 12:20:39 -07:00
Alex Vandiver cbbd4b128d push_notifications: Provide a hint when the server is not registered. 2021-10-19 12:17:30 -07:00
Gaurav Pandey 1c1a1e2cad api: Remove encoding of string in update_user endpoint.
* Remove unnecessary json_validator for full_name parameter.
* Update frontend to pass the right parameter.
* Update documentation and note the change.

Fixes #18409.
2021-10-18 19:03:43 -07:00
Tim Abbott 37d977f8f1 dependencies: Upgrade python-zulip-api. 2021-10-18 19:03:43 -07:00
Alex Vandiver b02754adec html_diff: Handle empty differences between empty strings.
`rendered_content` in historical messages may be empty; examining the
history of them may thus require diff'ing two empty strings, which
itself produces an empty string.

Use `lxml.html.fragment_fromstring` to be able to successfully parse
these, rather than 500.

Part of #19559.
2021-10-18 18:27:40 -07:00
YashRE42 f6c78a35a4 docs: Remove AWS Cloud9 setup instructions.
Due to the fact that it's not possible to run the development
environment on a t2.micro (1 GiB RAM + 1 vCPU), which is what is
available from the free tier, the fact that signing up require a
credit/debit card and can take up to 24 hours, and that it is quite
easy to unintentionally exceed the free tier resources when expanding
or upgrading, it is no longer feasible to develop on cloud9. As such,
we should not recommend it in out setup docs.
2021-10-18 10:38:00 -07:00
YashRE42 c8353a1820 minor: Add missing word to "sending messages" doc. 2021-10-18 10:38:00 -07:00
YashRE42 94167c6db9 docs: Update wsl install guide link.
The previous link "/wsl/wsl2-install" leads to a 404 page which
recommends "/wsl/install". This commit updates the link to
"/wsl/install".

The previous link has been giving a redirect since at least May 23,
2020.
2021-10-18 10:38:00 -07:00
Mateusz Mandera f5a65846a8 scim: Override django-scim2 logic of exception handling in views.
As detailed in the comments, the default behavior is undesirable for us
because we can't really predict all possibilities of exceptions that may
be raised - and thus putting str(e) in the http response is potentially
insecure as it may leak some unexpected sensitive information that was
in the exception.

As a hypothetical example - KeyError resulting from some buggy
some_dict[secret_string] call would leak information. Though of course
we aim to never write code like that.
2021-10-17 21:33:03 -07:00
Mateusz Mandera 9b5a27813a scim: Test the /scim/v2/Users/.search endpoint.
This endpoint has some basic support in our and django-scim2
implementation and we should be testing it.

https://datatracker.ietf.org/doc/html/rfc7644#section-3.4.3
for details on what this endpoint is.
2021-10-17 21:33:03 -07:00
Anders Kaseorg 57ab2f8abc dependencies: Move eslint-plugin-formatjs to devDependencies.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-10-17 07:15:09 -07:00
Anders Kaseorg 2bb4410698 dependencies: Upgrade JavaScript dependencies.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-10-17 07:15:09 -07:00
Anders Kaseorg b36cecf33b fold_dict: Fix @typescript-eslint/member-ordering.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-10-17 07:15:09 -07:00
Anders Kaseorg 51971a48f3 debug-require-webpack-plugin: Handle missing chunkGraph.
This seems to be triggered by mini-css-extract-plugin@2.4.0.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-10-17 07:15:09 -07:00
Anders Kaseorg ea88ec9e06 styles: Fix stylelint rule-empty-line-before.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-10-17 07:15:09 -07:00
Anders Kaseorg 291087d70c install-yarn: Upgrade Yarn from 1.22.11 to 1.22.17.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-10-17 07:15:09 -07:00
Anders Kaseorg 7df96b78c6 install-node: Upgrade Node.js from 14.17.6 to 14.18.1.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-10-17 07:15:09 -07:00
Anders Kaseorg 7c1ee9310e webpack: Remove LoaderOptionsPlugin.
This seemed to exist for compatibility with webpack 1.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-10-17 07:13:57 -07:00
Anders Kaseorg 79681135cb requirements: Upgrade Python requirements.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-10-16 12:25:43 -07:00
Anders Kaseorg 2d45ae58f4 gdpr-compliance: Use real company names.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-10-15 17:31:42 -07:00