Commit Graph

52912 Commits

Author SHA1 Message Date
Prakhar Pratyush 46446d0e1d test_push_notifications: Add a test for FOLLOWED_TOPIC_PUSH trigger.
This commit adds a test to verify the payload
'get_message_payload_apns' returns when the notification trigger is
'NotificationTriggers.FOLLOWED_TOPIC_PUSH'.
2023-08-29 17:12:21 -07:00
Prakhar Pratyush 6dc3b1a052 push_notifications: Return a common subtitle for wildcard mentions.
This commit updates the 'get_apns_alert_subtitle' function to
return a common subtitle, i.e., "{full_name} mentioned everyone:"
for wildcard mentions.

The triggers for the stream or topic wildcard mentions include:
* NotificationTriggers.TOPIC_WILDCARD_MENTION_IN_FOLLOWED_TOPIC
* NotificationTriggers.STREAM_WILDCARD_MENTION_IN_FOLLOWED_TOPIC
* NotificationTriggers.TOPIC_WILDCARD_MENTION
* NotificationTriggers.STREAM_WILDCARD_MENTION
2023-08-29 17:12:21 -07:00
Prakhar Pratyush e2c9b283f3 get_apns_alert_subtitle: Remove the stale 'user_profile' parameter.
This commit removes the 'user_profile' parameter that wasn't
getting used.

This should have been removed in ce6f6a3.
2023-08-29 17:12:21 -07:00
Lauryn Menard 8230a21163 api-changelog: Update feature level 119 entry for clarity. 2023-08-29 17:11:13 -07:00
Danny Su 2414ddd2d4 compose: Verify request payload in Zoom meeting creation test
Verify that Zoom meeting creation logic sends the expected request payload for
configuring host_video and participant video.
2023-08-29 17:09:43 -07:00
Danny Su 66b9c06de6 compose: Add support for Zoom audio call
This PR implements the audio call feature for Zoom. This is done by explicitly
telling Zoom to create a meeting where the host's video and participants' video
are off by default.

Another key change is that when creating a video call, the host's and
participants' video will be on by default. The old code doesn't specify that
setting, so meetings actually start with video being off. This new behavior has
less work for users to do. They don't have to turn on video when joining a call
advertised as "video call". It still respects users' preferences because they
can still configure their own personal setting that overrides the meeting
defaults.

The Zoom API documentation can be found at
https://developers.zoom.us/docs/api/rest/reference/zoom-api/methods/#operation/meetingCreate

Fixes #26549.
2023-08-28 18:32:20 -07:00
David 75a654b9ab
help: Update links to "Edit a message" and "Delete a message".
The series including 0349152f0f split
this page into two smaller pages.
2023-08-28 18:09:41 -07:00
Lauryn Menard 965a25d91b api-docs: Clean up text in various parts of `unread_msgs` object.
Adds a Changes note for when `other_user_id` was added to the `pms`
object.

Changes a few uses of "you" to be "current user" instead.

Clarifies type of direct message (one-on-one or group) and that
messages are unread messages.
2023-08-28 12:33:02 -07:00
Lauryn Menard 0c9fef2444 api-docs: Fix incorrect documentation of subfield in `unread_msgs`.
Fixes the field in both the pms and huddles objects to be correctly
documented as `unread_message_ids`, instead of `message_ids`.

The documentation of the similar field in the stream object of
`unread_msgs` was corrected in commit 27ddb554fb.
2023-08-28 12:33:02 -07:00
Alex Vandiver e8c8544028 nginx: Do not forward X-amz-cf-id header to S3.
All `X-amz-*` headers must be included in the signed request to S3;
since Django did not take those headers into account (it constructed a
request from scratch, while nginx's request inherits them from the
end-user's request), the proxied request fails to be signed correctly.

Strip off the `X-amz-cf-id` header added by CloudFront.  While we
would ideally strip off all `X-amz-*` headers, this requires a
third-party module[^1].

[^1]: https://github.com/openresty/headers-more-nginx-module#more_clear_input_headers
2023-08-28 12:30:14 -07:00
neiljp (Neil Pilgrim) 4fc1bac473 api-docs: Fix formatting on realm_user in enter_sends from register. 2023-08-28 10:46:53 -07:00
neiljp (Neil Pilgrim) 15cc63174a api-docs: Mark giphy_rating_options requires realm in fetch_event_types.
Noted absent by Chris Bobbe at:
https://chat.zulip.org/#narrow/stream/378-api-design/topic/.60giphy_rating_options.60.20in.20.2Fregister.20response/near/1282161

Confirmed by Tim Abbott in the same topic, and reconciled with zerver/lib/events.py.
2023-08-28 10:46:53 -07:00
neiljp (Neil Pilgrim) 942d702830 api-changelog: Fix formatting of feature level 201 entry. 2023-08-28 10:46:53 -07:00
neiljp (Neil Pilgrim) 53da9ef072 api-changelog: Clarify change in behavior at feature level 152.
The change in behavior suggesting the need for this clarification is
summarized below, as discussed in the following topic:
https://chat.zulip.org/#narrow/stream/378-api-design/topic/update_message.20default.20notifications
The new text is as suggested by Greg Price.

The change at feature level 152 made the moving of topics within and
between streams more consistent, by applying the optional parameters
introduced for the latter to both cases (`send_notification_to_[new|old]_thread`).

The default for the `old` notification value was changed to `false` at
this point, but the equivalent `new` value was not. This introduced a
change in behavior for existing clients of the API when moving topics
within streams, which now always produce a notification message by
default.

The improved consistency and default behavior for new API clients were
considered primary factors at the time of this change, overriding
concerns over backwards compatbility.
2023-08-28 10:46:53 -07:00
neiljp (Neil Pilgrim) f259e85924 api-changelog: Add missing register change to feature level 48 entry.
This corrects the entry with the addition of the `muted_users` field at
level 48, originally added in 3bfcaa3968.
2023-08-28 10:46:53 -07:00
Lalit Kumar Singh 4f3a971e64 ts: Migrate `channel.js` module to TypeScript. 2023-08-28 09:19:07 -07:00
Yogesh Sirsat f3830a3e1e settings_streams: Delete redundant uses of "update_choice_delete_btn".
It is unnecessory to make use of `update_choice_delete_btn` since
we disable the dialog submit button in case no default streams
selected in Org settings > Default streams > Add stream.

This commit is a follow-up to PR: #22903
2023-08-28 08:52:43 -07:00
Yogesh Sirsat a729c95ada custom_profile_fields: Fix empty field choices issue of select field.
While editing select type profile field, if we submit empty or zero
choices it fails silently, current implementation for this issue does
not work for some cases, and this commit will fix that.

This will disable dialog submit button in case of empty field choices.

Also removing code of all calls making to `update_choice_delete_btn`
as that function have no more use-case for empty field choices, still
keeping the function because it gets used in `settings_streams.js`.

Co-authored-by: Palash Baderia <palash.baderia@outlook.com>
2023-08-28 08:52:43 -07:00
David Rosa 54044a1045 help: Document keyboard shortcut for starring messages.
Fixes: #26573.
2023-08-28 08:49:49 -07:00
David Rosa 7b2d5df3dd help: Document keyboard shortcut for viewing message edit history.
Fixes: #26573.
2023-08-28 08:49:49 -07:00
Sahil Batra ada2991f1c users: Send stream creation/deletion events on role change.
We now send stream creation and stream deletion events on
changing a user's role because a user can gain or lose
access to some streams on changing their role.
2023-08-25 12:56:36 -07:00
Sahil Batra 5e3c39ea4f streams: Extract some code out of do_get_streams in a new function.
This commit extracts the code which queries the required streams
to a new function "get_user_streams". The new functions returns
the list of "Stream" object and not dictionaries and then
do_get_streams function converts it into list of dictionaries.

This change is important because we would use the new function
in further commit where we want list of "Stream" objects and
not list of dictionaries.
2023-08-25 12:56:36 -07:00
Sahil Batra 5e1eb3cd44 events: Fix applying stream creation events in apply_event.
There was a bug in apply_event code where only a stream which
is not private is added to the "never_subscribed" data after
a stream creation event. Instead, it should be added to the
"never_subscribed" data irrespective of permission policy of
the stream as we already send stream creation events only to
those users who can access the stream. Due to the current
bug, private streams were not being added to "never_subscribed"
data in apply_event for admins as well. This commit fixes it
and also makes sure the "never_subscribed" list is sorted
which was not done before and was also a bug.

The bugs mentioned above were unnoticed as the tests did not
cover these cases and this commit also adds tests for those
cases.
2023-08-25 12:56:36 -07:00
Sahil Batra b92af18928 register: Include web-public streams in "streams" field of response.
The "streams" field in "/register" response did not include web-public
streams for non-admin users but the data for those are eventually
included in the subscriptions data sent using "subscriptions",
"unsubscribed" and "never_subscribed" fields.

This commit adds code to include the web-public streams in "streams"
field as well as everyone can access those and will make the "streams"
data complete.
2023-08-25 12:56:36 -07:00
Daniil Fadeev 53e081ae29 popover_menus: Create an API to render popovers as a centered overlay.
This commit lets us render popovers centered on the screen with a
background overlay. It's the same thing we did with Bootstrap
popovers, but optimized for use with Tippy.
2023-08-25 12:29:36 -07:00
Daniil Fadeev 32d8ae16d2 popover_menus: Extract toggle_popover_menu. 2023-08-25 12:29:36 -07:00
Daniil Fadeev f3641b8369 popovers: Move color style declaration to a better place. 2023-08-25 12:29:36 -07:00
Alex Vandiver 5ca15a36ba version: Update version and changelog after 7.3 release. 2023-08-25 18:21:10 +00:00
Mateusz Mandera f3a3047484 bulk_access_messages_expect_usermessage: Fix function name and comments.
The name and docstring were just wrong, having a UserMessage row isn't
sufficient for having message access and is actually only relevant in a
private stream with private history. The function is only used in a
single place anyway, in bulk_access_messages.

The comment mentioning this function in handle_remove_push_notification
can be tweaked to just not mention any function specifically and just
say why we're not checking message access.
2023-08-25 14:10:27 -04:00
Mateusz Mandera 91eef4d77f delete_in_topic: Add comment explaining the access logic. 2023-08-25 14:10:27 -04:00
Mateusz Mandera c908b518ef CVE-2023-32678: Prevent unauthorized editing/deletion in priv streams.
Users who used to be subscribed to a private stream and have been
removed from it since retain the ability to edit messages/topics, and
delete messages that they used to have access to, if other relevant
organization permissions allow these actions. For example, a user may be
able to edit or delete their old messages they posted in such a private
stream. An administrator will be able to delete old messages (that they
had access to) from the private stream.

We fix this by fixing the logic in has_message_access (which lies at the
core of our message access checks - access_message() and
bulk_access_messages())
to not rely on only a UserMessage row for checking access but also
verify stream type and subscription status.
2023-08-25 14:10:27 -04:00
Karl Stolley 51e3ed0262 compose: Render Mac-specific Cmd, Return at compose bottom. 2023-08-25 10:52:05 -07:00
Daniil Fadeev 54c01ac46e emoji: Remove unnecessary style declaration.
The `.emoji-popover` element is a div and thus has display: block by
default.
2023-08-24 17:54:13 -07:00
Daniil Fadeev 190b25878e emoji: Remove parameter from the emoji popover template.
Only one value was ever used.
2023-08-24 17:54:13 -07:00
Zixuan James Li a081428ad2 user_groups: Make locks required for updating user group memberships.
**Background**

User groups are expected to comply with the DAG constraint for the
many-to-many inter-group membership. The check for this constraint has
to be performed recursively so that we can find all direct and indirect
subgroups of the user group to be added.

This kind of check is vulnerable to phantom reads which is possible at
the default read committed isolation level because we cannot guarantee
that the check is still valid when we are adding the subgroups to the
user group.

**Solution**

To avoid having another transaction concurrently update one of the
to-be-subgroup after the recursive check is done, and before the subgroup
is added, we use SELECT FOR UPDATE to lock the user group rows.

The lock needs to be acquired before a group membership change is about
to occur before any check has been conducted.

Suppose that we are adding subgroup B to supergroup A, the locking protocol
is specified as follows:

1. Acquire a lock for B and all its direct and indirect subgroups.
2. Acquire a lock for A.

For the removal of user groups, we acquire a lock for the user group to
be removed with all its direct and indirect subgroups. This is the special
case A=B, which is still complaint with the protocol.

**Error handling**

We currently rely on Postgres' deadlock detection to abort transactions
and show an error for the users. In the future, we might need some
recovery mechanism or at least better error handling.

**Notes**

An important note is that we need to reuse the recursive CTE query that
finds the direct and indirect subgroups when applying the lock on the
rows. And the lock needs to be acquired the same way for the addition and
removal of direct subgroups.

User membership change (as opposed to user group membership) is not
affected. Read-only queries aren't either. The locks only protect
critical regions where the user group dependency graph might violate
the DAG constraint, where users are not participating.

**Testing**

We implement a transaction test case targeting some typical scenarios
when an internal server error is expected to happen (this means that the
user group view makes the correct decision to abort the transaction when
something goes wrong with locks).

To achieve this, we add a development view intended only for unit tests.
It has a global BARRIER that can be shared across threads, so that we
can synchronize them to consistently reproduce certain potential race
conditions prevented by the database locks.

The transaction test case lanuches pairs of threads initiating possibly
conflicting requests at the same time. The tests are set up such that exactly N
of them are expected to succeed with a certain error message (while we don't
know each one).

**Security notes**

get_recursive_subgroups_for_groups will no longer fetch user groups from
other realms. As a result, trying to add/remove a subgroup from another
realm results in a UserGroup not found error response.

We also implement subgroup-specific checks in has_user_group_access to
keep permission managing in a single place. Do note that the API
currently don't have a way to violate that check because we are only
checking the realm ID now.
2023-08-24 17:21:08 -07:00
Zixuan James Li 9f7fab4213 user_groups: Extract has_user_group_access helper.
Similar to has_message, we can maintain a helper dedicated to managing
access to user groups. Future permission related changes should be added
here.
2023-08-24 17:21:08 -07:00
Zixuan James Li 006b2acd5d user_groups: Make acting user requried for deletion.
When doing a checked deletion, the acting user is always required.
It is effectively the user_profile parameter we had been previously
requiring.
2023-08-24 17:21:08 -07:00
Zixuan James Li 8792cfbadf user_groups: Return a QuerySet for recursive subgroups query.
This makes it more consistent with other recursive queries and allow
better composability.
2023-08-24 17:21:08 -07:00
Zixuan James Li a3f4341934 user_groups: Make for_read required.
We want to make the callers be more explicit about the use of the
user group being accessed, so that the later implemented database lock
can be benefited from the visibility.
2023-08-24 17:21:08 -07:00
Zixuan James Li 37b3507b86 user_groups: Reduce necessary nesting inside try-block.
The error only occurs when we do the get call.
2023-08-24 17:21:08 -07:00
Zixuan James Li 2b2a3b41be settings: Remove lock icon when the user can add bots.
Being able to add bots at the admin bot settings page, the lock icon is
unintuitive.

Fixes #24154

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2023-08-24 16:57:17 -07:00
Zixuan James Li a4963df6ad settings: Remove "add a new bot button" from admin page.
Instead, we show a message with links that either opens a modal for
creating a new bot or navigates to the bot settings page. The
"add a new bot" link only show up when the user has enough permission
to create new bots, and the "manage your bots" link only shows up when
the user has at least one bot if they don't have the permission to
create one. Otherwise, the message does not show up at all.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2023-08-24 16:57:17 -07:00
palashb01 5df5f6c125 help: Update message edit history documentation.
Co-authored-by: Tim Abbott <tabbott@zulip.com>
2023-08-24 16:28:06 -07:00
palashb01 ad70838cff keyboard_shortcuts: Add Shift+H to open message edit history dialog.
This commit introduces a new keyboard shortcut to open the message
edit history dialog for the selected message by using Shift+H.
2023-08-24 16:28:06 -07:00
Palash Baderia 92d1c6e390 message_feed: Remove the view edit history from the three-dot menu.
This commit removes the 'View Edit History' option from the three-dot
menu since we have already implemented this feature through the
edited/moved label in the message. Therefore, we no longer need this
option in the three-dot menu. This commit aims to simplify the
three-dot message menu.

Fixes: #23077
2023-08-24 16:28:06 -07:00
Karl Stolley c7adc5ee74 actions: Show an arrow and render a tooltip on @ indicator. 2023-08-24 14:30:46 -07:00
Karl Stolley 9709e1b4ed actions: Show pointer on bell icon. 2023-08-24 14:30:46 -07:00
Satyam Bansal cc8c159e0a compose: Add support for Jitsi audio calls.
Fixes #12207.
2023-08-24 10:52:34 -07:00
Satyam Bansal 4c501e4321 compose: Extract video call link creation logic to a generic function.
This extraction has been done to make sure that creation of audio call
links can happen in the same function only.

A change in test was also required as the whole logic of finding the
textarea where the link should be inserted happens a bit later now.
2023-08-24 10:52:34 -07:00
David Rosa 5b898ef216 help: Document "Browse and subscribe to streams" mobile feature. 2023-08-24 10:46:28 -07:00