Commit Graph

1015 Commits

Author SHA1 Message Date
Tim Abbott 305189956b update_message_flags: Log number of messages updated. 2016-07-12 19:12:49 -07:00
Steve Howell 3923f94a2b Remove unused code path in avatar() endpoint. 2016-07-12 17:37:02 -07:00
Tomasz Kolek d0066c37ff Add bitbucket2 integration.
Bitbucket changed the format of their API.  The old format is still
useful for BitBucket enterprise, but for the main cloud verison of
Bitbucket, we need a new BitBucket integration supporting the new API.
2016-07-12 17:34:34 -07:00
Tim Abbott 3647973069 update_message_backend: Reorganize validation checks.
The new organization more clearly does the permission check first.
2016-07-10 18:01:59 -07:00
Tim Abbott 05632b68e1 edit: Add validation for setting empty content. 2016-07-10 18:01:59 -07:00
Tim Abbott 211a166abc message edit: Move new topic non-empty check to view. 2016-07-10 18:01:59 -07:00
Rishi Gupta 43c2f35776 Add realm setting to disable message editing.
This is controlled through the admin tab and a new field in the Realms
table.  This mirrors the behavior of the old hardcoded setting
feature_flags.disable_message_editing.  Partially resolves #903.
2016-07-10 11:57:24 -07:00
Steve Howell c680c6a981 Removed unused to_non_negative_float() function. 2016-07-09 07:37:13 -07:00
Umair Khan 043ae8ad65 Upgrade to Django-Pipeline==1.6.8. 2016-07-09 07:09:55 -07:00
Taranjeet a8a4caf2c0 zerver: Fix lines with length greater than 120. 2016-07-08 11:41:43 -07:00
Eklavya Sharma 6c3f1bb967 beanstalk.py: Encode and decode strings correctly. 2016-07-07 12:42:51 -07:00
Eklavya Sharma 26b8e7357a zerver/views/messages.py: Operate on bytes in highlight_string. 2016-07-07 12:42:51 -07:00
Eklavya Sharma 63d55bdd86 zerver/views/__init__.py: decode b64encoded ccache.
Convert b64encoded ccache to `str` before passing to
subprocess.check_call.
2016-07-07 10:02:08 -07:00
Umair Khan 035fceb814 Add dynamically loaded language dropdown. 2016-07-04 11:56:02 -07:00
Eklavya Sharma 9772a512cb Use abstract types in annotations. 2016-07-04 03:01:32 +05:30
Kartik Maji f8bb7503e6 Add ability to pin streams to top of the streams sidebar list.
Based on work by Lauren Long, with some tweaks by tabbott.
2016-06-30 22:26:09 -07:00
Vishnu Ks 1cbd39b768 Unique link generator for realm creation. 2016-06-30 15:52:41 -07:00
Rishi Gupta 17b6d136d5 Add Semaphore webhook integration. 2016-06-29 16:36:19 -07:00
Tim Abbott abc2c03b0f Fix missing 'current_url' value in registration flow.
This fixes some tracebacks I got while testing the Zulip htpasswd SSO
functionality.

I think that this stopped working as a result of the Jinja2 migration.
2016-06-28 23:05:38 -07:00
acrefoot a36e5d4987 Add get_auth_backends endpoint to API.
We would like to know which kind of authentication backends the server
supports.

This is information you can get from /login, but not in a way easily
parseable by API apps (e.g. the Zulip mobile apps).
2016-06-27 18:30:34 -07:00
Tim Abbott e72f41cdec Remove old prototype data import/export tool.
This prototype from Dropbox Hack Week turned out to be too inefficient
to be used for realms with any significant amount of history, so we're
removing it.

It will be replaced by https://github.com/zulip/zulip/pull/673.
2016-06-27 13:47:08 -07:00
Tim Abbott b2a24e0306 Revert "Add authorization check before serving files."
This reverts commit e985b57259.

This commit will break production when we next do a release, because
we haven't done a migration to create Attachment objects for
previously uploaded files.
2016-06-27 12:09:56 -07:00
rahuldeve e985b57259 Add authorization check before serving files. 2016-06-27 11:24:35 -07:00
rahuldeve 674def30ee Add support for serving files using API authentication.
Also remove 'get_uploaded_file' view function and the corresponding
old '/user_upload/' url pattern.
2016-06-27 11:00:41 -07:00
Tim Abbott 79570f99c2 json_upload_file: Remove unnecessary has_request_variables. 2016-06-27 10:29:30 -07:00
Tim Abbott 8272fb4a94 zerver.views.upload: Move upload functions later in file. 2016-06-27 10:28:09 -07:00
Eklavya Sharma d7a83ed019 zerver/views/__init__.py: Type annotate a variable. 2016-06-27 17:52:37 +05:30
Eklavya Sharma 63a5323259 zerver/views/streams.py: Type annotate variables. 2016-06-27 17:52:22 +05:30
dhanus 1169329a71 Annotate zerver/views/webhooks/github.py. 2016-06-26 08:13:49 -07:00
Eklavya Sharma 85cb3e6103 zerver/views/webhooks/github.py: Make exception string str.
Passing a unicode string to Exception can sometimes fail.
Convert it to str to prevent that.
2016-06-26 08:13:49 -07:00
Eklavya Sharma a32f83b182 zerver/views/webhooks/github.py: Fix string literals.
Change some string literals to unicode.
2016-06-26 08:13:49 -07:00
Eklavya Sharma fa4adf0c62 zerver/views/webhooks/bitbucket.py: Fix an annotation. 2016-06-26 08:13:49 -07:00
Eklavya Sharma 36c2214d94 zerver/views/webhooks/bitbucket.py: Fix string literals.
Convert some strings literals to unicode.
2016-06-26 08:13:49 -07:00
Vishnu Ks 7d654a26c8 Casper test for realm creation. 2016-06-25 10:50:12 -07:00
Vishnu Ks 20adcbc64b Make send_registration_completion_email return the Confirmation object. 2016-06-24 17:47:56 -07:00
Vishnu Ks 8350b89798 Add support for custom error message in realm-creation-failed template. 2016-06-24 17:47:56 -07:00
Tim Abbott 6d71c25a0f accounts_register: Stop using _ as dummy variable.
This conflicts with internationalization.
2016-06-24 17:47:31 -07:00
acrefoot e4ed9195dc Remove rest_dispatch hack and optimize imports.
For a long time, rest_dispatch has had this hack where we have to
create a copy of it in each views file using it, in order to directly
access the globals list in that file.  This removes that hack, instead
making rest_dispatch just use Django's import_string to access the
target method to use.

[tweaked and reorganized from acrefoot's original branch in various
ways by tabbott]
2016-06-24 16:11:03 -07:00
Vishnu Ks 574a304b12 Mention invite emails are printed in console in dev.
This is part 2 of #1046.
2016-06-23 17:07:11 -07:00
Tim Abbott f39c9161fe Fix fetching user API keys via settings page when using LDAP backend.
Previously, json_fetch_api_key was hardcoding a check using Zulip's
built-in password functionality, rather than using authenticate().
2016-06-21 14:58:25 -07:00
Tomasz Kolek 9ae68ade8b Add is_webhook option to authentication decorats.
Modified:
authenticated_rest_api_view
authenticated_api_view and validate_api_key.
2016-06-21 11:47:38 -07:00
Tim Abbott 80d92c1651 Add comment documenting confusing list_to_streams code. 2016-06-21 11:45:35 -07:00
Vishnu Ks ad1c3894d9 Add interface for creating new realms.
This is controlled by settings.OPEN_REALM_CREATION; if that setting is
off, this feature doesn't do anything.
2016-06-17 16:15:28 -07:00
kunall17 007eee6061 Add route to fetch emails for mobile passwordless login.
[Tweaked by tabbott to rename API to explicitly support not just
Android]
2016-06-17 11:03:19 -07:00
kunall17 7ea0eaed1c Add passwordless login for mobile app development.
[Tweaked by tabbott to rename API to explicitly support not just
Android].
2016-06-17 10:58:33 -07:00
Vishnu Ks 01c9bb2d5e Make name_changes_disabled() work with no argument. 2016-06-16 17:13:59 -07:00
Tomasz Kolek 76cbe89613 Add IFTTT integration. 2016-06-16 15:30:45 -07:00
John Hergenroeder 16a19226f6 Add linter check for redundant REQ whence argument. 2016-06-16 13:53:39 -07:00
Tomasz Kolek 4e51a86ea4 Add updownio integration. 2016-06-14 12:14:07 -07:00
Tomasz Kolek 14d69348d3 Add Airbrake integration. 2016-06-13 20:36:40 -07:00
Eklavya Sharma 6f5ed6e7c9 Fix annotations clashing with Stream model fields. 2016-06-13 20:01:02 +05:30
Eklavya Sharma 9d7a2fdf9d zerver/views/streams.py: Fix annotations.
Mainly fix `str` to `text_type` and use abstract containers.
2016-06-13 20:01:01 +05:30
Eklavya Sharma 10f2ec043d Fix zerver.lib.utils.generate_random_token.
generate_random_token used to return a value of type six.binary_type
and its return type was annotated as `str`.  This commit fixes that
by making it return a value of type `six.text_type` and updating
the annotation accordingly.
Also fix clashing annnotations.
2016-06-12 09:30:53 -07:00
Babak ad895eb690 Annotate zerver/views/report.py. 2016-06-11 18:42:37 -07:00
Vishnu Ks 77ec6217eb Add validation for private message recipients.
The function will reject messages where recipients aren't either a
member of the realm or a member of cross_realm_user_emails.

Fixes: #930.
2016-06-11 11:24:45 -07:00
Eklavya Sharma 53084fe03c Use text_type as type of cache keys and update users.
This changes the type annotations for the cache keys in Zulip to be
consistently text_type, and updates the annotations for values that
are used as cache keys across the codebase.
2016-06-11 09:10:34 -07:00
Vishnu Ks b926826ea1 Remove default_stream addition and deletion from update_stream_backend.
Default stream addition/removal is done via the /default_stream REST
endpoints.
2016-06-10 16:59:15 -07:00
rahuldeve fa13582ffb Serve uploaded files through get_uploaded_file in development.
Previously, uploaded files were served:
* With S3UploadBackend, via get_uploaded_file (redirects to S3)
* With LocalUploadBackend in production, via nginx directly
* With LocalUploadBackend in development, via Django's static file server

This changes that last case to use get_uploaded_file in development,
which is a key step towards being able to do proper access control
authorization.

Does not affect production.
2016-06-09 22:58:25 -07:00
Tim Abbott 13bac1cc2a Fix serving files uploaded to S3.
This was broken by the refactoring to realm_id_str in:
a261a6bbac.
2016-06-09 21:55:50 -07:00
rahuldeve 3e3462da0d Refactor zerver.lib.upload.upload_message_image_through_web_client.
upload_message_image_through_web_client -> upload_message_image_from_request
2016-06-09 21:09:12 -07:00
medullaskyline 39eaf02b40 Annotate zerver.views.webhooks.taiga. 2016-06-09 17:08:55 -07:00
Vishnu Ks f9f31b79d0 Make default_streams web controllable.
Fixes: #665
2016-06-09 15:24:32 -07:00
rahuldeve ed83bb7f54 Refactor zerver.views.upload. 2016-06-08 09:49:14 -07:00
Hyunchel Kim b0702c62fc Annotate zerver.views.messages partially. 2016-06-07 21:09:30 -07:00
Tim Abbott bc2961d3ac Refactor file upload routes to their own file. 2016-06-06 16:09:05 -07:00
Evan Palmer 8afeb7d8ce Annotate webhooks/transifex.py, webhooks/yo.py. 2016-06-05 17:01:53 -07:00
Daw-Ran Liou 7f0709b65c Annotate zerver.views.webhooks.freshdesk
Change the comments into docstrings.
Modified the return type of parse_freshdesk_event to always return a
list of str.
2016-06-05 15:56:27 -07:00
Dalek-Sec c457f551ea Annotate zerver/views/webhooks/crashlytics.py 2016-06-05 15:54:13 -07:00
medullaskyline 7e30de04ca Annotate zerver.views.webhooks.pingdom. 2016-06-05 15:52:53 -07:00
medullaskyline 4c1da236ad Annotate zerver.views.webhooks.pagerduty. 2016-06-05 15:47:33 -07:00
Daw-Ran Liou 4428287846 Annotate zerver.views.webhooks.stash. 2016-06-05 15:42:25 -07:00
Hyunchel Kim b79cad0404 Annotate zerver.views.webhooks.teamcity 2016-06-05 15:11:45 -07:00
Daw-Ran Liou 26d067fc97 Annotate zerver.views.webhooks.pivotal. 2016-06-05 14:57:53 -07:00
medullaskyline 2369d48a9b Annotate zerver.views.webhooks.newrelic. 2016-06-05 14:52:20 -07:00
Evan Palmer 4bf81b58b4 Annotate zerver/views/webhooks/zendesk.py. 2016-06-05 14:50:52 -07:00
Hyunchel Kim de34dd1187 Annotate travis webhoook function. 2016-06-05 14:46:26 -07:00
medullaskyline 158914aa98 Annotate zerver.views.webhooks.jira. 2016-06-05 14:36:39 -07:00
Hyunchel Kim bc87685ea6 bitbucket: Correct return type in annotation. 2016-06-05 14:33:31 -07:00
Max 86fb6467e7 Add annotations to avatar.py, db.py, logging_util.py, unminify.py.
Also, fixed a a small type annotation in users.py because email must
be a string because emails don't support UTF-8 at this time (according
a comment in gravatar_hash in avatar.py).
2016-06-05 12:38:20 -07:00
Daw-Ran Liou 90a2dead46 Annotate zerver/views/webhooks/deskdotcom.py. 2016-06-05 11:53:44 -07:00
Deborah Hanus a261a6bbac Annotate zerver/views/__init__.py.
Also fix typing errors in a few related files.

[with tweaks from tabbott]
2016-06-05 11:34:19 -07:00
Daw-Ran Liou c9bb93b0d2 Annotate zerver/views/webhooks/beanstalk.py. 2016-06-05 10:54:23 -07:00
Dalek-Sec 2bcf313a85 Added MyPy types to zerver/views/webhooks/codeship.py 2016-06-04 22:03:41 -07:00
Daw-Ran Liou 0265968ea2 Annotate zerver/views/user_settings. 2016-06-04 17:41:59 -07:00
Reid Barton cf93c8bce0 Annotate zerver/views/webhooks/bitbucket.py. 2016-06-04 17:02:59 -07:00
Daw-Ran Liou 8bbd93011d Annotate zerver/views/users.py. 2016-06-04 17:00:53 -07:00
Tomasz Kolek 8411b2e574 Add Crashlytics integration. 2016-06-04 15:18:42 -07:00
Tomasz Kolek 093e5a96d4 Add Transifex integration.
Fixes: #810.
2016-06-04 14:52:57 -07:00
David Adamec 9e8ea93d3d Add annotations for zerver/lib/validator. 2016-06-03 23:53:49 -07:00
Tim Abbott 03debdf82f Fix malformed error message when creating invalid Realm Emoji.
Thanks to Greg McCoy for his help finding this bug.
2016-06-03 23:12:36 -07:00
Ashish Kumar 9b990e3bd0 Type annotation of zerver/views/alert_words.
[Tweaked by tabbott to annotate the REQ variables the new way]
2016-06-03 08:07:58 -07:00
Oren Leaffer c2ce5119c6 Annotate zerver.views.tutorial. 2016-06-02 18:49:27 -07:00
Pei-Wei Wu 8d2733ae8c Add mypy type annotations to zerver/views/streams.py. 2016-06-02 15:44:43 -07:00
Ashley Dunn 7826aa7e7f Type annotation of zerver/views/realm_emoji. 2016-06-02 14:01:28 -07:00
Umair Khan 08fbd57245 [i18n] Make error messages translatable.
Make all strings passing through `json_error` and `JsonableError`
translatable.

Fixes #727
2016-05-31 07:40:42 -07:00
Tim Abbott 960144a49e Desupport using uninstantiated REQ with has_request_variables.
This makes life difficult for doing static type annotations, and
didn't make the code look that much better anyway.
2016-05-31 07:31:15 -07:00
Tim Abbott baec0f12cf Add a proper annotation for REQ in streams.py. 2016-05-30 11:41:16 -07:00
Eklavya Sharma efab224bd1 zerver/lib/actions.py: Remove unneeded `return {}` statements. 2016-05-29 04:26:17 -07:00
Tomasz Kolek 8c18b8947f Add bot_type field to UserProfile.
This is intended to support creating different types of bots with
potentially limited permissions.
2016-05-19 22:37:37 -07:00
Aristeidis Fkiaras 3ee210d9e8 Add setting to only allow admins create new streams.
Fixes: #691.

Thanks to Preston Hansen for work on this feature!
2016-05-18 18:53:13 -07:00
Tim Abbott e781136132 Fix subscribing to existing streams when can_create_streams=False.
Previously, a user with can_create_streams=False would be incorrectly
unable to subscribe to streams, whether the streams previously existed
or not.
2016-05-18 18:47:24 -07:00
Eklavya Sharma 16067b7013 Make zerver/views/webhooks/jira.py pass mypy check. 2016-05-18 17:10:17 +05:30
Tim Abbott c3985520e5 webhooks: Remove unnecessary get_client imports. 2016-05-13 12:25:12 -07:00
Tomasz Kolek db7ea8b484 Move getting client to api_key_only_webhook_view.
This decreases the amount of convention developers need to understand
in order to write a new webhook integration.
2016-05-13 12:22:38 -07:00
Tomasz Kolek eeeb4d0c92 Add CircleCI integration.
Fixes: #617.
2016-05-11 21:17:37 -07:00
Tim Abbott 92bec8cfea Merge Zulip 1.3.12 security release. 2016-05-10 11:32:26 -07:00
Tim Abbott 620debc5fd Change PrincipalError to return status code 403 by default. 2016-05-10 09:50:57 -07:00
Tim Abbott be216506a9 Improve api_fetch_api_key error messages.
Previously, api_fetch_api_key would not give clear error messages if
password auth was disabled or the user's realm had been deactivated;
additionally, the account disabled error stopped triggering when we
moved the active account check into the auth decorators.
2016-05-10 09:50:57 -07:00
Tim Abbott b28b3cd65c CVE-2016-4427: Fix access by deactivated realms/users.
The security model for deactivated users (and users in deactivated
realms) being unable to access the service is intended to work via two
mechanisms:

* All active user sessions are deleted, and all login code paths
  (where a user could get a new session) check whether the user (or
  realm) is inactive before authorizing the request, preventing the
  user from accessing the website and AJAX endpoints.
* All API code paths (which don't require a session) check whether the
  user (and realm) are active.

However, this security model was not implemented correctly.  In
particular, the check for whether a user has an active account in the
login process was done inside the login form's validators, which meant
that authentication mechanisms that did not use the login form
(e.g. Google and REMOTE_USER auth) could succeed in granting a session
even with an inactive account.  The Zulip homepage would still fail to
load because the code for / includes an API call to Tornado authorized
by the user's token that would fail, but this mechanism could allow an
inactive user to access realm data or users to access data in a
deactivated realm.

This fixes the issue by adding explicit checks for inactive users and
inactive realms in all authentication backends (even those that were
already protected by the login form validator).

Mirror dummy users are already inactive, so we can remove the explicit
code around mirror dummy users.

The following commits add a complete set of tests for Zulip's inactive
user and realm security model.
2016-05-10 09:50:48 -07:00
Tim Abbott 3cde06ea33 Add support for setting HTTP status codes in JsonableError. 2016-05-10 09:50:48 -07:00
Tim Abbott b869be9301 style: Use 'not in' consistently rather than `not foo in`. 2016-05-09 17:00:10 -07:00
Umair Khan 5359e6b0d4 Convert Zulip to use Jinja2 templates.
This results in a substantial performance improvement for all of
Zulip's backend templates.

Changes in templates:
- Change `block.super` to `super()`.
- Remove `load` tag because Jinja2 doesn't support it.
- Use `minified_js()|safe` instead of `{% minified_js %}`.
- Use `compressed_css()|safe` instead of `{% compressed_css %}`.
- `forloop.first` -> `loop.first`.
- Use `{{ csrf_input }}` instead of `{% csrf_token %}`.
- Use `{# ... #}` instead of `{% comment %}`.
- Use `url()` instead of `{% url %}`.
- Use `_()` instead of `{% trans %}` because in Jinja `trans` is a block tag.
- Use `{% trans %}` instead of `{% blocktrans %}`.
- Use `{% raw %}` instead of `{% verbatim %}`.

Changes in tools:
- Check for `trans` block in `check-templates` instead of `blocktrans`

Changes in backend:
- Create custom `render_to_response` function which takes `request` objects
  instead of `RequestContext` object. There are two reasons to do this:
    1. `RequestContext` is not compatible with Jinja2
    2. `RequestContext` in `render_to_response` is deprecated.
- Add Jinja2 related support files in zproject/jinja2 directory. It
  includes a custom backend and a template renderer, compressors for js
  and css and Jinja2 environment handler.
- Enable `slugify` and `pluralize` filters in Jinja2 environment.

Fixes #620.
2016-05-09 09:55:18 -07:00
Preston Hansen 635828069f Add feature to mark all in stream/topic as read with mouse.
Fixes #736.
2016-05-08 09:02:46 -07:00
Tim Abbott 6139e8948a travis: User REQ framework for extracting JSON payload. 2016-05-07 11:54:14 -07:00
Tim Abbott 678adc2048 webhooks: Use REQ more consistently in stream name parsing.
To avoid the potential for introducing regressions here, we carefully
pass a default to REQ or not based on how the existing webhook's
parsing code worked.  In the longer term, we'll want to make the
behavior consistent.
2016-05-07 11:54:14 -07:00
Tomasz Kolek c2de38239e Add payload validation to has_request_variables and REQ tasks.
[with tweaks by tabbott]
2016-05-07 11:54:09 -07:00
Tim Abbott 54022ac204 Fix unnecessary whitespace between , and ). 2016-05-04 14:16:53 -07:00
Ashish Kumar 48be2e33f8 Delete old route for /json/get_public_streams. 2016-04-29 12:57:57 -07:00
Antek Grzanka 646ea3214a Add Taiga integration. 2016-04-28 13:44:53 -07:00
Vladislav Manchev f5e6176aea Add custom realm emoji UI to administration page. 2016-04-26 13:15:54 -07:00
Tomasz Kolek 5fbda3a9c1 Add codeship integration. 2016-04-26 09:54:01 -07:00
David Payne 8c62a27769 Add teamcity webhook integration.
This integration relies on the Teamcity "tcWebHooks" plugin which is
available at
https://netwolfuk.wordpress.com/category/teamcity/tcplugins/tcwebhooks/

It posts build fail and success notifications to a stream specified in
the webhook URL.

It uses the name of the build configuration as the topic.

For personal builds, it tries to map the Teamcity username to a Zulip
username, and sends a private message to that person.
2016-04-26 09:45:26 -07:00
Tomasz Kolek c74483e69e github_webhook: change double quotes to single quotes for consistency. 2016-04-21 17:04:25 -07:00
Tomasz Kolek 09e40b27c2 github_webhook: throw an exception on unhandled events types. 2016-04-21 17:03:58 -07:00
Tomasz Kolek fafc9cb742 github_webhook: remove redundant parenthesis. 2016-04-21 17:02:49 -07:00
Tomasz Kolek 43b0cfaebc github_webhook: Use more one-line pythonic assignments. 2016-04-21 17:00:47 -07:00
Tomasz Kolek decb686255 github_webhook: factor out is_test_repository function. 2016-04-21 16:57:19 -07:00
Tomasz Kolek e1079d8475 github_webhook: extract the constants to the top of the file. 2016-04-21 16:56:44 -07:00
Tim Abbott 8a278cbe3a Switch to using a Zulip version of @login_required.
Currently the code is the unmodified Django upstream implementation;
this commit is preparation for modifying it.
2016-04-21 14:59:39 -07:00
Tim Abbott 49799440a4 Replace use of django-guardian with fields on UserProfile.
As documented in https://github.com/zulip/zulip/issues/441, Guardian
has quite poor performance, and in fact almost 50% of the time spent
running the Zulip backend test suite on my laptop was inside Guardian.

As part of this migration, we also clean up the old API_SUPER_USERS
variable used to mark EMAIL_GATEWAY_BOT as an API super user; now that
permission is managed entirely via the database.

When rebasing past this commit, developers will need to do a
`manage.py migrate` in order to apply the migration changes before the
server will run again.

We can't yet remove Guardian from INSTALLED_APPS, requirements.txt,
etc. in this release, because otherwise the reverse migration won't
work.

Fixes #441.
2016-04-20 21:51:52 -07:00
David Payne ece96ef3fe Jira's "issue created" message should @-notify the assignee. 2016-04-20 10:54:30 -07:00
Ashish 1bf644369f Delete old route for json/update_active_status. 2016-04-11 21:38:23 -07:00
Ashish 78b9f45bf7 Delete old route for json/update_pointer. 2016-04-11 21:38:23 -07:00
Ashish 9429358795 Delete old route for /json/get_profile. 2016-04-11 21:38:23 -07:00
Ashish 42fe918138 Delete old route for json/get_old_messages. 2016-04-11 21:38:23 -07:00
Ashish cfefc94200 Delete old route for json/set_alert_words. 2016-04-11 21:38:23 -07:00
Ashish c0a218edfc Delete old route for /json/update_message_flags. 2016-04-11 21:38:23 -07:00
Ashish dac4e58b91 Changes REST API backend route for /json/change_enter_sends. 2016-04-11 21:11:51 -07:00
Anindya Chakravarti f3d03d89b4 Add integration for Yo App.
[includes some small tweaks by tabbott]
2016-04-08 11:02:10 -07:00
Tomasz Kolek 44ed9da7f0 Add pingdom integration. 2016-04-08 10:36:29 -07:00
Varshit 4e1060076d Purge 'from typing import *' from zerver/.
This is a partial implementation of #636.
2016-04-07 14:07:07 -07:00
Eklavya Sharma 5f03c1444e Remove duplicate module zerver/views/webhooks.py.
Also move type annotations from zerver/views/webhooks.py to
appropriate files in zerver/views/webhooks.py.
2016-04-07 12:37:22 +05:30
Tim Abbott ec7bb0b011 Add PEP-484 type annotations to zerver/views/. 2016-04-03 15:40:23 -07:00
Ryan Moore 2fe0700f55 Update memcache -> remote cache in inline documentation. 2016-03-31 12:56:42 -07:00
Eklavya Sharma 9e3c3e14f5 Partially apply Python 3 libmodernize.fixes.fix_dict_six.
Refer to #256
2016-03-19 15:52:58 -07:00
Tomasz Kolek 3e3a224607 Moved pagerduty webhook into its own file pagerduty.py 2016-03-14 20:44:50 -07:00
Tomasz Kolek 05dce01cee Moved travis webhook into its own file travis.py 2016-03-14 20:44:45 -07:00
Tomasz Kolek f640470fa4 Moved zendesk webhook into its own file zendesk.py 2016-03-14 20:44:42 -07:00
Tomasz Kolek b3e5a256f5 Moved freshdesk webhook into its own file freshdesk.py 2016-03-14 20:44:41 -07:00
Tomasz Kolek 021c66fd9a Moved stash webhook into its own file stash.py 2016-03-14 20:44:41 -07:00
Tomasz Kolek 7a4c9d243f Moved deskdotcom webhook into its own file deskdotcom.py 2016-03-14 20:44:41 -07:00
Tomasz Kolek 087bd72814 Moved bitbucket webhook into its own file bitbucket.py 2016-03-14 20:44:41 -07:00
Tomasz Kolek 93b52f6f8e Moved newrelic webhook into its own file newrelic.py 2016-03-14 20:44:41 -07:00
Tomasz Kolek a2b31da045 Moved pivotal webhook into its own file pivotal.py 2016-03-14 20:44:41 -07:00
Tomasz Kolek 5ade895936 Moved jira webhook into its own file jira.py 2016-03-14 20:44:41 -07:00
Tomasz Kolek a0512244b3 Moved beanstalk webhook into its own file beanstalk.py 2016-03-14 20:44:41 -07:00
Tomasz Kolek 6a3ab0605d Moved github webhook into its own file github.py 2016-03-14 20:44:41 -07:00
Tomasz Kolek 8a0ed47751 moved webhooks to python package 2016-03-14 20:44:41 -07:00
Reid Barton 6c6dc1d81d Allow create user API to create any user in an open realm. 2016-02-07 19:19:19 -08:00
Reid Barton 9735025167 Refactor logic around restricted_to_domain.
Add a function email_allowed_for_realm that checks whether a user with
given email is allowed to join a given realm (either because the email
has the right domain, or because the realm is open), and use it
whenever deciding whether to allow adding a user to a realm.

This commit is not intended to change any behavior, except in one case
where the Zulip realm's domain was not being converted to lowercase.
2016-02-07 10:54:52 -05:00
Reid Barton 0755b51c2e Move create_user_backend into zerver.views.users.
Commit aa33a0da moved users views into their own file, but missed this one.
2016-02-07 10:54:48 -05:00
Reid Barton 4e5f18407d Add comment in create_user_backend about not needing to invite users first. 2016-02-07 10:52:50 -05:00
Tim Abbott 620411c0ea Fix type mismatches in streams.py. 2016-02-03 19:25:19 -08:00
Tim Abbott 6c5cee2400 Cleanup 500s due to Google oauth2 errors.
These are user errors, albeit somewhat interesting ones, so they
should be logged (and return a user error response), not throw an
exception.
2016-02-02 23:08:20 -08:00
Tim Abbott aad3bff193 Harden style rule for % comprehensions and fix existing errors. 2016-02-02 23:08:19 -08:00
Tim Abbott 5bacda3662 python3: Fix usage of .keys()/.values() to handle iterators.
This fixes the places where we use the result of .keys(), .items(),
and .values() that wouldn't work with an iterator to wrap them with
list().
2016-01-26 21:11:25 -08:00
Tim Abbott 6528b18ad3 Switch all urllib/urlparse usage to six.moves.urllib.
This provides Python 2+3 compatibility for our use of urllib.

Also add a test to avoid future regressions.
2016-01-26 21:09:43 -08:00
Reid Barton ed412281d0 Fix typo in Google OAuth error message. 2016-01-12 09:32:09 -05:00
Tim Abbott c661bc17fb Fix support for having a unique, open realm.
The previous implementation didn't work because HomepageForm rejected
the email as not having a domain.  Additionally, the logic in
accounts_register didn't work with Google auth because that code path
doesn't pass through accounts_home.  Since whether there's a unique
open realm for the server is effectively a configuration property, we
can fix the bug and make the logic clearer by moving it into the
"figure out the user's realm" function.
2016-01-09 22:52:34 -08:00
Tim Abbott 85a8a742e2 Remove unused json_events_register route.
The browser registers for events via loading the home view, not this
interface, and this functionality is available via the API-format
register route anyway.
2016-01-09 20:01:38 -08:00
Tim Abbott 01f613751a Limit DevAuthBackend user list display to 100 users.
This makes it possible to use DevAuthBackend when doing
performance/scalability testing on Zulip with many thousands of users.

It's unlikely that anyone testing this backend will find it valuable
to have more than 100 login buttons on the same page, and if they do,
they can always just change this limit.

Thanks to @dbiollo for the suggestion!
2016-01-09 20:01:37 -08:00
Tim Abbott be9939b2ad Fix tracebacks if HTTP_USER_AGENT is not specified.
Previously, we handled this correctly in some places (like the
decorators) but not in the website flows (accepting ToS, loading /).
2015-12-25 16:23:11 -08:00
Tim Abbott e95739961f Remove now obsolete /json/send_message route. 2015-12-12 18:14:08 -08:00
Tim Abbott 9cec758854 Remove now obsolete /json/subscriptions/add endpoint. 2015-12-12 18:14:08 -08:00
Tim Abbott a79e89b28f Cleanup remaining usage of % comprehensions without explicit tuples. 2015-12-05 15:29:42 -08:00
Josh Mandel 716e2d9184 Add integration for Travis CI. 2015-11-30 20:41:33 -08:00
Chris Chapman 44a9e1dff5 Fix for setting file upload size through settings file.
(Slightly tweaked by Tim Abbott to change the variable name, docs, and
default values).

Fixes #276.
2015-11-24 06:06:46 -08:00
Tim Abbott 123d51e3aa Add string validators to tutorial routes. 2015-11-24 05:20:37 -08:00
Tim Abbott aa33a0daec Move users views into their own file. 2015-11-24 05:20:37 -08:00
Tim Abbott 4d79083cf5 Move tutorial views into their own file. 2015-11-24 05:20:37 -08:00
Tim Abbott f77b0bdb43 Move alert_words views into their own file. 2015-11-24 05:20:37 -08:00
Tim Abbott e64a3d0fae Move reporting views to their own file. 2015-11-24 05:20:37 -08:00
Tim Abbott 8526d02370 Move settings views into their own file. 2015-11-24 05:20:37 -08:00
Tim Abbott 37d4a11610 Move streams views into their own file. 2015-11-24 05:20:37 -08:00
Allie Jones 85809e6140 Add webpack build process. 2015-11-06 09:13:25 -08:00
Tim Abbott 33295180a9 Apply Python 3 futurize transform libmodernize.fixes.fix_unicode_type. 2015-11-01 09:35:06 -08:00
Tim Abbott cd6f8e9191 Apply Python 3 futurize transform libmodernize.fixes.fix_map. 2015-11-01 09:35:05 -08:00
Tim Abbott 43abd83d1c Apply Python 3 futurize transform lib2to3.fixes.fix_ws_comma. 2015-11-01 09:26:14 -08:00
Tim Abbott 8c34c40924 Apply Python 3 futurize transform lib2to3.fixes.fix_except. 2015-11-01 08:08:33 -08:00
Tim Abbott 90e61d3b61 Call process_new_human_user consistently when creating new users.
Previously we only did this when new human users were created via the
login process, which meant the management command to create a user did
not add the user to default streams (for example) and any future code
that might want to register a new Zulip user (such as the LDAP
integration) would need to import views/__init__.py in order to
properly set this up.
2015-10-15 09:16:58 -04:00
Tim Abbott 355e1bbd94 Move process_new_human_user and helpers from views to actions.py. 2015-10-15 09:16:58 -04:00
Darren Worrall 77fad7a16e Add an api endpoint to fetch GOOGLE_CLIENT_ID
Further to #102, this provides an endpoint suitable for mobile apps to
consume the GOOGLE_CLIENT_ID if configured.
2015-10-06 23:28:08 +00:00
Tim Abbott a65656dd9d Fix backwards-compatibility for old python-requests .json property.
In b59b5cac35, we upgraded our Google
Oauth code to support new python-requests, but because Ubuntu precise
still has old python-requests, this broke the codepath for older
systems.
2015-10-01 18:54:17 -07:00
Jason Michalski dafe69761e Use stock emoji in the pagerduty integration
The pagerduty integration was using realm emoji. Use stock replacements
in the open source release.
2015-09-30 09:23:59 -07:00
Tim Abbott bda9d78092 Use settings.ZULIP_ADMINISTRATOR as contact list for deactivated users. 2015-09-29 17:59:47 -07:00
Yuvi Panda b59b5cac35 Fix TypeError in Google OAuth authenticator.
requests 1.0 changed response.json attribute to response.json()
instancemethod. The code wasn't updated to match that change,
causing a TypeError when attempting to use the Google OAuth
Authenticator backend.

This is fixed simply by using response.json() instead of response.json.
2015-09-26 13:51:27 -07:00
Tim Abbott 8967029729 Clean up GitHub API hook v1 comment.
(imported from commit 3777f2c9305bb8000e5ea4142bd2974805fa3c90)
2015-09-25 03:18:00 -07:00
Tim Abbott f31816072d Remove last customer-specific hack from github hook.
(imported from commit 897d9fd91e4f6c558d687f5ae6c360fad80574d9)
2015-09-25 00:47:15 -07:00
Tim Abbott da5fe944e1 Set limits for export tool.
(imported from commit 0c582223f5b3ac4caf7685217719d4c32c5d2fae)
2015-09-24 19:34:28 -07:00
Tim Abbott 38ca08b18f Add support for emphasize_branch_in_topic feature.
(imported from commit 35a447ee7b94b83bd1c9425c678167003a398ae3)
2015-09-20 15:21:12 -07:00
Tim Abbott 4a858d7d1b Clean up api_github_v1 logic around issues stream.
(imported from commit d40997de594834d2ec6f8f190ad04b20bfd45a4c)
2015-09-20 13:21:15 -07:00
Tim Abbott c5b44dc921 Simplify logic for the GitHub API hook.
(imported from commit 95dd8e16930f512b13a0413cf18b25694bd6ba66)
2015-09-20 13:21:15 -07:00
Tim Abbott 32878e8343 Enable GitHub issues messages for all realms.
(imported from commit 108fddc0b1f8b2d1ae74c09d1e96cff40d8c2ab1)
2015-09-20 11:49:03 -07:00
Tim Abbott ade363f3af Remove some GitHub hook hacks for old customers.
These features are in most cases possible to setup directly via our
GitHub services integration UI, and the customers aren't using Zulip
anymore, so this is worth doing to clean up the code.

(imported from commit 1e6f4ec523d85b6233a8e5b4eaa13eacfbe6e5f4)
2015-09-20 11:46:26 -07:00
Tim Abbott b68d116e3a Remove old is_super_user helper functions.
(imported from commit 85655ea9369f5dc309f6f687bac578924571c9ee)
2015-09-20 11:13:20 -07:00
David Roe 3ac95ddc1a Add UserProfile flag to control whether we have a left side userlist.
Previously this was hardcoded for a single customer.

(imported from commit a6b7095050aa10cef976541505d9b09a35453f48)
2015-09-19 23:22:59 -07:00
Tim Abbott 21ac93ae9c Remove the send_to_prod hack.
(imported from commit ba2a4d5e7d83769add979cc05996dbd8b014e8a2)
2015-09-19 21:54:51 -07:00
Tim Abbott fcec80461b Remove the SSO-only realm integration.
It's messy code, only one customer ever used it, and it's not in use
today.

(imported from commit af3f512ac6af74af66c588c7d40d699e98514d0a)
2015-09-19 21:54:51 -07:00
Neeraj Wahi 9f0a6272fa Removed dbx_branding flag and Dropbox corner logo
(imported from commit d205898671643985e2de7c0d6d300bdca32cae21)
2015-09-19 15:16:42 -07:00
David Roe 3f7cb34b00 enterprise => voyager
(imported from commit 04be792bb480d5e5db1c91d296d1000cf1682571)
2015-08-21 10:33:35 -07:00
David Roe edf7e732a2 ENTERPRISE => VOYAGER.
(imported from commit 4f8080b9f506a87ca40bef32e39de5218cba916a)
2015-08-21 10:33:35 -07:00
David Roe d702ddb3cf DEPLOYED => PRODUCTION
(imported from commit a7d365c07916c5103fc721c712db94f9af977640)
2015-08-21 10:33:35 -07:00
David Roe 63e576b811 STAGING_DEPLOYED => ZULIP_COM_STAGING
(imported from commit 25419979292218932c53cface59c1e8e2348a7c2)
2015-08-21 10:33:35 -07:00
David Roe 8778c4726a Add settings.DEVELOPMENT as a complement of settings.DEPLOYED.
(imported from commit 0437140d9fee7eec7b28abe583cfe8cde3e07c21)
2015-08-21 10:33:35 -07:00
Reid Barton ab9539cffe Remove OpenID authentication
(imported from commit 70a859041a851ed10dc40cfc068330e472d2ed09)
2015-08-20 23:52:48 -07:00
Reid Barton d88efef74b Fix field name in get_bots_backend
Django 1.8 noticed that it was wrong.

(imported from commit d9578719e7713c1fd6756b80aac13f4d93f12fa7)
2015-08-20 23:15:45 -07:00
Reid Barton 0aab583bb1 Django 1.8 compatibility: transactions
- autocommit is now the default
- commit_on_success is now atomic

(imported from commit b6166ca666ff23d34f2871ca365ce3ec66b0fa86)
2015-08-20 23:15:45 -07:00
Anders Kaseorg bded0d9d54 Remove corporate beta signup form
(imported from commit 1b3a0cd8a59a124905fa4cbd3121a78d23aeb3a2)
2015-08-20 18:40:34 -07:00
David Roe 3515a69e43 Remove public_streams_disabled.
(imported from commit 1d0c8db92bf8e4c44bd1c96063acfd6eea74925c)
2015-08-20 18:12:53 -07:00
Kate Buckner 4d0f7c7ea4 Add a user-visible setting for 24-hour time display.
(imported from commit d934824fd6b72e64a455aac9ff4585b262145f02)
2015-08-20 17:33:16 -07:00
David Roe bfa70675cb Remove notify_for_streams_by_default.
(imported from commit 9963c97ffec82fe7cf2921bd51422545c29a8915)
2015-08-20 17:33:16 -07:00
David Roe 086d8eee22 Add name_changes_disabled realm field.
(imported from commit 6b04ba2f7ad64c44f2ef18302f0fbd819259d632)
2015-08-20 15:29:46 -07:00
David Roe 5b7f3466ba Add feature where only admins can invite new users.
This is controlled through the admin tab and a new field in the Realms table.

(imported from commit e78a6f48160e2a1bbc68d278beb726fe31515266)
2015-08-20 15:29:46 -07:00
David Roe 809efc4f2b Add realm option to show or not show digest e-mail.
(imported from commit e9cfe519aa9f2857a1dcc7c75f5e1889834fcb86)
2015-08-20 15:29:45 -07:00
David Roe e5cb2a468f Enable Lab features for all users
(imported from commit 4e2658d28a5e02067ad472fec76c66f46592d520)
2015-08-20 15:29:45 -07:00
David Roe 90e2f5053f Add mandatory topics as a realm option.
(imported from commit 929a884b8610669aa24a167367b899683e33a045)
2015-08-20 15:29:45 -07:00
David Roe 472898cfc6 Allow adding users to realms more easily in Dev VM.
Include new field on Realm to control whether e-mail invitations are required
separately from whether the e-mail domain must match.
Allow control of these fields from admin panel.
Update logic in registration page to use these fields.

(imported from commit edc7f0a4c43b57361d9349e258ad4f217b426f88)
2015-08-19 22:24:53 -07:00
David Roe 32783ebbfb Admin users in red, at beginning, in dev login view
(imported from commit 530f0a5d26d5c2b637834281e45adb399852ae0a)
2015-08-19 22:24:53 -07:00
Jonathan Dahan 6f77e68622 Add GET /export endpoint, which dumps important tables in json.
Meant to be used in tandem with the manage.py import command.
The following sensitive data is scrubbed:

  * user api keys
  * user password hashes
  * stream email keys
  * invite-only streams
  * messages from invite-only streams
  * messages from users from other domains

(imported from commit 8e58dcdcb80ef1c7127d3ab15accf40c6187633f)
2015-08-19 15:31:08 -07:00
Tim Abbott f792b67098 Fix send_to_prod redirect to not run on the Dev VM.
(imported from commit 6006c71348706d39740b0d6302df0a548e65b65e)
2015-08-18 20:17:47 -07:00
David Roe 46e224997e Add a new dev login page for logging in without a password on the dev VM.
(imported from commit ac8f2504771c9907b7e92dc91cec5f7220ce951b)
2015-08-18 20:17:47 -07:00
Zev Benjamin 4d3f0cdc74 Encode unicode strings using UTF-8 before applying search highlighting
(imported from commit 45ded691fb89ccff12e76d5ca3b593ce3ff3f2e0)
2015-03-19 15:25:42 -07:00
acrefoot 0b7ef24a34 Add option to explicitly add pagerduty topic
(imported from commit 39ee1b37a807b19570d494f56bf7557228813ed5)
2015-02-10 23:56:03 -08:00
Leo Franchi d865732e0d Maintain two APNS connections and send correct notifications to each
Now we have 2 different Zulip apps out there, and they are signed with
two certs: Zulip and Dropbox. The Dropbox-signed apps are going to need
to be sent APNS notifications from the appropriate APNS connection

(imported from commit 6db50c5811847db4f08e5c997c7bbb4b46cfc462)
2015-02-11 06:57:25 +00:00
Leo Franchi 64a0b86917 pagerdudy -> pagerduty
(imported from commit 7cd25db67a8b20875edceafe881c872061a48fab)
2015-02-10 07:25:46 +00:00
Jason Michalski 3ad140e5a7 Convert all template strings to unicode
(imported from commit ddf60d53d30a02e1bb87fac35bb45768d17e378c)
2015-02-08 22:12:33 -08:00
Jason Michalski 179bf06940 The subject is an optional field in the pagerduty API
Pages from MP are using the description field not the subject field.
Include both in the page if given and don't fail if the key is missing.

(imported from commit 4351e5656d4ea025a03c07c8bb3bb5d406ef2d3d)
2015-02-08 21:30:19 -08:00
Jason Michalski f4239d60ca Add pagerduty webhook
(imported from commit 06219066b423f53d08094f3f97a98016e145b2a7)
2015-02-07 18:16:11 -08:00
Luke Faraone a901677be1 Use a unicode string when grabbing SSO unames
(imported from commit 5742147003928e2207d9eac8704aa6090fb8cb8a)
2015-02-06 09:56:39 -08:00
Jason Michalski 6ba5271824 Fix the SSO path to support mirror dummies
The SSO flow which was never used on a realm with mirror dummies before.
Also change the redirect to stay on the same doain.

(imported from commit 0f1b8a8fcef82ae6eaa5a264686f98d62a683fac)
2015-01-30 20:07:13 -08:00
Jason Michalski bb9ced6e57 Redirect users on the dropbox realm from stage to prod
This commit should only be pushed to stage after c290b630e has been
pushed to prod otherwise it will create a redirect loop.

(imported from commit 408407b845ded596705b1abd8ad13c0aedf6d732)
2015-02-06 00:07:06 -05:00
Jason Michalski 7b82db214c Update the last SSO redirect to use the host header as well
(imported from commit 4392543d5ea4fd4c29c221338e8c5f7919e40b7c)
2015-02-05 23:49:33 -05:00
Jason Michalski 01d018ba31 Change the other use of EXTERNAL_HOST in the oauth2 flow
(imported from commit ff92fcbb43ee19bb2b1520e68c5f6768649246f5)
2015-02-05 23:32:59 -05:00
Jason Michalski 35d22949ed Build the oauth redirect url with the host from the request
(imported from commit 972fed686b556bc8845cf7ae5bca555dc9cbeb13)
2015-02-05 23:14:04 -05:00
Jason Michalski 7e9c121ad3 Use the full_name if available
We were trying to default the users first name when using google auth,
but it was getting lost when rendering the form.

(imported from commit 710e0c2ce591488920458dca74209c75e7031abd)
2015-02-05 21:54:28 -05:00
Jason Michalski 439b86fe3b Migrate the google SSO from openid to oauth2
(imported from commit 6938c1cc5d245cc5642043279470365ff04df903)
2015-02-05 21:54:28 -05:00
Jason Michalski 693857a1f8 Flip the prod to stage redirect for the armooo@dropbox.com
This change will redirect armooo@dropbox.com from stage to prod. It also
removes the prod to stage redirect for all users. This will be rolled
out in two commits to prevent a redirect loop.

(imported from commit c290b630e746f757429b8bbdadbe7768367a5e33)
2015-02-05 17:19:14 -05:00
Zev Benjamin f63ee86730 Fix login popup on cross-realm authenticated content previews
We were serving 401s on /user_uploads when the user wasn't authenticated (due to
it being a REST endpoint).  This was causing a login popup to display instead of
just a broken image preview.

(imported from commit 62640f5bd59eb3b86ab5aae5923ccfa742459805)
2014-10-29 17:53:05 -07:00
Zev Benjamin 7411ce9092 Fix Github webhook exclude_* options.
We were expecting Github to send us the string "true" when the exclude_* options
were set.  However, we were actually getting "1" when an option was set and the
empty string when unset.  So we were always setting the options to False.

(imported from commit 067ba60b0b0404aebc6eda9487b1201fc2764243)
2014-10-06 15:27:53 -07:00
Jason Michalski 748fb9afe5 Add avatar_url to v1/users
(imported from commit c89b85e1826dc3fbfdd65ec0529dd364b5e463d5)
2014-07-29 21:46:35 -07:00
Waseem Daher 307d367346 Initial support for white-labeling Zulip as "Dropbox Chat" or otherwise.
Known issues:
* No support for whitelabeling in the email
* No whitelabeling for any externally-visible branding

(imported from commit 9eab7b0744e56a87007b8621a8bb18bbb1080256)
2014-07-29 21:46:33 -07:00
Tim Abbott 6ac6fd5e56 Remove requirement that local_id by a float in local echo.
(imported from commit c3de78760c1c7e11c6791719420b59df604d5319)
2014-06-25 11:44:16 -07:00
acrefoot 0b9884ce5b add issues traffic to the CUSTOMER17 stream
The default today is to not have issues traffic except on a whitelist. This is despite the fact that we have
an exclude_issues boolean on Github's Zulip-integration page, since if we changed the default, all realms
currently using this default would have to go make this change on every repo. That's something that would require
some work, in terms of communicating with them about this, and logging integrations settings for all realms, to
see which are correctly setting exclude issues. Unfortunately this probably isn't high priority today, but let's
try to get this whitelist change out to prod ASAP.

(imported from commit 256fe32bb6aaf7de18ff02d8d7e204a13bc02b7a)
2014-06-09 08:30:10 -07:00
Jason Michalski 8c72eddb72 Add a warning when in the zulip.com realm on production
Display a red warning box to get users to direct users to staging for
the zulip.com (dropbox) realm.

(imported from commit 01ad4209d9247406bc82f5dedaf21371101a1d84)
2014-05-21 13:13:27 -07:00
Luke Faraone 8f8b2519ea Redirect legacy URLs to their new secure location.
URLs with a realm of "unk" will be queried against the new bucket to
determine the relevant realm of the uploading user.

(imported from commit 5d39801951face3cc33c46a61246ba434862a808)
2014-05-05 20:26:29 -07:00
Tim Abbott 8b74a3e052 Remove unauthenticated file upload support from Zulip.
(imported from commit 97262590ac5ad56c18f415fa1c777510aed2baeb)
2014-05-05 16:14:09 -07:00
Tim Abbott 0494e40c39 Merge zerver/tornado_callbacks.py into zerver/lib/event_queue.py.
It had stopped being a coherently distinct component a while ago.

(imported from commit 0617957bcfe8dcaf69143c88a96ddd51ecb31a98)
2014-04-23 17:22:31 -07:00
Zev Benjamin 3498a04613 Call authenticate() when logging users in via JWT
Otherwise the user_profile.backend attribute doesn't get set.  I didn't notice
this previously because on first register authenticate() gets called, and then
the UserProfile object gets cached.  This means that subsequent logins work just
fine as long as the UserProfile object is in memcached.

(imported from commit 834d95c46aa07724ea84802f09b7249de99b5ca8)
2014-04-07 11:01:38 -07:00
Zev Benjamin 5b080bd0cf Fix one name_changes_disabled check
(imported from commit f1bf125949bd282c8a9054d3e3b2e92c7bd5ab4e)
2014-04-06 17:00:28 -07:00
Zev Benjamin 2f7af69091 Add customizations for CUSTOMER16 employees' realm
CUSTOMER16 wants their employee realm to:
* only use JWT logins
* have name changes be disabled (they want users' full names to be the
  their CUSTOMER16 user name).
* not show the suggestion that users download the desktop app

(imported from commit cb5f72c993ddc26132ce50165bb68c3000276de0)
2014-04-04 16:51:32 -07:00
Zev Benjamin bd3f1c6a9e Add JSON web token (JWT) authentication
We currently expect the use of HMAC SHA-256, although there shouldn't be
anything preventing us from using other algorithms.

(imported from commit 354510a0b7e9e273d062a1ab5b2b03d4a749d6a3)
2014-04-04 16:51:32 -07:00
Zev Benjamin 04f211bbff Refactor some of the remote user handling
(imported from commit 13facd7afddfb018af39b39ee48c644d355d8ec3)
2014-04-04 16:51:32 -07:00
Zev Benjamin 2e1d5ffd1c Make password_auth_enabled() take a realm object
This will actually be used in an upcoming commit.

(imported from commit 5d3db685a245899b2523440398f2ed2f0cfec4f4)
2014-04-04 16:51:32 -07:00
Zev Benjamin 6759a78d07 Remove extraneous (and incorrect) realm lookup
(imported from commit 9c618c50b0f27795c91da172d5bc63dd5d5f2e61)
2014-04-04 16:51:31 -07:00
Zev Benjamin 3fc779278b Use EXTERNAL_URI_SCHEME instead of hard-coding 'https'
(imported from commit 3a4d2e0591debd7d5e4b5650b050a1eb1d86aa55)
2014-04-04 16:51:31 -07:00
Zev Benjamin 9114715030 Factor out the check for whether name changes are disabled
(imported from commit 56ddd9cf53ec49e2e096abe82ed44f758912272e)
2014-04-04 16:51:31 -07:00
Tim Abbott 5bb4a74ec0 Don't log warnings about various known-unsupported Pivotal event types.
(imported from commit e2044e06c02bc745608fe637ce44d683c5badcd8)
2014-03-14 20:48:57 -04:00
Tim Abbott 6850835273 Improve handling of unknown JIRA event types.
(imported from commit d9f823dc80b26a71f7b3a891559d2360d76a258f)
2014-03-14 20:48:56 -04:00
Tim Abbott 9aa3de0664 Fix GitHub tracebacks from issue['pull_request'] not existing.
(imported from commit f124a8e30e25d9321e9abe2fe04a5bd35ce24445)
2014-03-14 20:48:56 -04:00
acrefoot c3543b06f0 Honor exclude_commits for github integration
We weren't before :(

(imported from commit 3691066a50f1b67c227dbfc056dc8cdf2c06eea8)
2014-03-11 13:06:18 -04:00
Zev Benjamin 27aaa3b1bf Rename mit_to_mit -> same_realm_zephyr_user for uniformity and clarity
(imported from commit 74063d6c8bb9e9fbf62c24dcd8a18294b8f7b51f)
2014-03-06 21:59:55 -05:00
Zev Benjamin cc9fe19a9f Special case Jabber mirroring same-realm check for ist.mit.edu
We can't just check that the realms are the same because ist.mit.edu is an open
realm and uses @mit.edu email addresses.

(imported from commit 7dbaa81cea6e4f82563dfc0cfe67a61fe9378911)
2014-03-06 21:59:55 -05:00
Steve Howell e7769d9004 Add back end support for in-home/in-all narrows.
(imported from commit bfa54fbb8c7eaced19e354514536d75c30a24b15)
2014-03-05 14:56:34 -05:00
Jason Michalski 280575aff0 Refactor json_set_avatar and patch_bot_backend to use do_change_avatar_source
(imported from commit eba0ff8a5c4409ac01c710455fe200b28f953b56)
2014-03-05 14:16:20 -05:00
Jason Michalski 64ba85aa19 Refactor regenerate_api_key and regenerate_bot_api_key to use do_regenerate_api_key
(imported from commit 5c54e4771b6730a8ebe304f6b6e86722d28eca8d)
2014-03-05 14:16:20 -05:00
Jason Michalski c17ed8dc8c Add bots to page_params and send events on bot creation
(imported from commit ce418b4f056576d57f82d26af621473c730c12d8)
2014-03-05 14:16:19 -05:00
Jason Michalski 846dfd5105 Update patch bot API to support setting stream defaults
Adds APIs edit a bot's default_to_stream, default_events_register_stream
and default_all_public_streams.

(imported from commit c848a94b7932311143dad770c901d6688c936b6d)
2014-03-05 14:16:18 -05:00
Jason Michalski 50db83508b Add API support for setting defaults in the add bot API
Support setting default_to_stream, default_events_register_stream, and
default_all_public_streams during in the bot creation API.

(imported from commit bef484dd8be9f8aacd65a959594075aea8bdf271)
2014-03-05 14:16:18 -05:00
Jason Michalski f3180b774b [schema] Add default user_profile options for register events
Allow bot owners to set which streams their will receive events for
without needing to change a configuration file.

(imported from commit 2b69e519dbc12ffbdba072031a7f7196c9e50e33)
2014-03-05 14:16:18 -05:00
Jason Michalski de545d5fa0 [schema] Add a default to stream option to user profile
This allows bot owners to configure which streams messages are delivered
to without needing to change webhook URLs or configuration files.

(imported from commit 32a0c26657c145b001cd8cb3ce0a0364d48902ce)
2014-03-05 14:16:18 -05:00
Steve Howell 82a935080d Support has:* searches on the back end.
(imported from commit a6a6f465ce0343d4a5313ee54f6ff427940a03ab)
2014-03-05 13:58:53 -05:00
acrefoot eabd9341b6 Fixup 'force pushed' message when creating branches in Github
Github flags pushes as either `forced` or not. However, it always marks new branches as
forced pushes--but we don't necessarily agree with them. This commit checks for the `created`
flag as well.

This resolves Trac #2346

(imported from commit 960bd3ad707a4d1ad431e21dcd79389e8d4b297b)
2014-03-04 16:42:34 -05:00
Zev Benjamin 5c44fa9a29 Move bulk of get_streams_backend to actions.py
(imported from commit 3601444a2aabd1c613db61d71e6bc9fd6b4984d5)
2014-03-03 17:30:57 -05:00
Zev Benjamin 406e3025fb Recognize new-style client name for Jabber mirror
(imported from commit 3c1f8120f4daa809e0844602bc8bea659837d84e)
2014-03-03 17:29:53 -05:00
Jessica McKellar fae92685ae Convert /json/subscriptions/property to supporting bulk property updates.
This includes removing GET support for the endpoint, which is unused
and doesn't map well to this being a bulk endpoint.

(imported from commit 348ff9dfa84be1661368c6d7d35aebf2ae2a9ae0)
2014-03-03 16:08:33 -05:00
Jessica McKellar 87635b9e32 Convert settings from static HTML to a template.
This will make life much easier for handling update events.

(imported from commit 66b101eb5fae89b4eec6fc797fee8be26ac99bfb)
2014-03-03 16:08:32 -05:00
Jessica McKellar e0bd15669a Don't post checkbox data directly to /json/notify_settings/change.
They have weird properties like not sending anything for unchecked
boxes, which makes it hard to wrap a client-agnostic API around.

(imported from commit fef73a57a55b218b55dab6be3453dd6eac73c789)
2014-03-03 16:08:32 -05:00
Jessica McKellar 53021bf7d3 Pass per-stream notification settings between frontend and backend.
(imported from commit 42e9b80a4c55e0911d457991d53ce71ca31625bb)
2014-03-03 16:08:31 -05:00
Jessica McKellar c673b3b0b1 Pass global stream notification settings between frontend and backend.
(imported from commit 28ec021e8e5166d3b270c81c5a4ad543d2185aa5)
2014-03-03 16:08:30 -05:00
Steve Howell 4bc50c3560 Rename NarrowBuilder.__call__ to add_term().
We also call the objects "builder" instead of "build."

(imported from commit aa3fcedc8eb97c21f29aa651cf1f6852ff311e7d)
2014-02-27 20:25:38 -05:00
Steve Howell c9140a6def Exclude muted streams in exclude_muting_conditions().
If we call exclude_muting_conditions() with a non-stream
narrow, it will now include a condition to exclude streams
that are not in your home view.  As of now, this code only
executes during testing, but it sets the stage for doing
better in:home queries on the back end.

(imported from commit bbd764bd0e9588a50e4a82c915e82a2c1b99d73e)
2014-02-27 20:25:37 -05:00
Steve Howell b822c83b02 Avoid redundant query clauses for muted topics.
If we are already narrowing to a stream, then we can disregard
muted topics in all the other streams and create a simpler query
for the DB to execute.

(imported from commit 35a074a76eec99922034a381741355da3fdd5b39)
2014-02-27 20:25:36 -05:00
Steve Howell fab6b0f7ae Handle non-existent streams in exclude_muting_conditions().
Due to the way we store muted topics, it is possible that a
muted topic stream name may no longer exist, and we need to
handle that case gracefully.

(imported from commit 4d18ec55e45213657a67e160848229678f212765)
2014-02-27 20:25:36 -05:00
Steve Howell 9d21787cd7 Extract exclude_muting_conditions() in messages.py
(imported from commit 97144097406377eb40383c7d1314c74dd713719c)
2014-02-27 20:25:35 -05:00
Leo Franchi b80293c80d JIRA: Show all updated fields as long as one is not truthy
(imported from commit 543204b84a0b5625c4185b9ae32d5a3725cd9f9e)
2014-02-27 20:25:35 -05:00
acrefoot 7390b6ec53 Use 'forced' when available to determine if it's a force-push
(imported from commit afbd1ed2efe2ce86ebd9639d514837211b7517b4)
2014-02-27 20:25:28 -05:00
Zev Benjamin 1a6929d9ae Handle get_old_messages case where num_before = 0 and num_after = 0 and a narrow is specified
Previously, we assumed that num_before or num_after would be always be non-zero
after adjustment for the anchor.  However, we don't adjust num_before or
num_after when a narrow is specified.

(imported from commit 9239fef140e109b11bdfbeef42e9fbed78660ad1)
2014-02-19 12:24:17 -05:00
Jason Michalski 0244b50f0b Split bot deactivation from user deactivation
(imported from commit 153a870b244e040e3b5976f639866dbace5563f6)
2014-02-18 15:09:22 -05:00
Jason Michalski d177f49a96 Change the create bot API to use rest_dispatch
(imported from commit 0fac290be2ed04178c4df866f5bc958441b2d320)
2014-02-18 15:09:20 -05:00
Jason Michalski 9d973ff106 Change get_bots API to use rest_dispatch
(imported from commit 921895dd636ba118a0f57e60a7bcb9dca1c7c605)
2014-02-18 15:09:19 -05:00
Steve Howell ebce82b136 Eliminate json_to_dict and use check_dict instead.
All usages of json_to_dict were replaced with the check_dict
validator.  The check_dict validations can eventually be
extended to validate the keys and values of incoming data,
but now we just use check_dict([]) in all the places where
we had json_to_dict, which means we aren't checking for any
specific keys; we are just making sure it's a dictionary.

(imported from commit fc5add9a7ef149dfac2a9a6d9a153799c4c0c24d)
2014-02-18 13:02:08 -05:00
Steve Howell 3d04f5f738 Use check_list instead of json_to_list.
(imported from commit 9ead12bc2a4744b94a747ca27054124aacde7ae4)
2014-02-18 13:02:08 -05:00
Steve Howell 8b58d8574b Use check_bool instead of json_to_bool.
(imported from commit 52eb892a92e293d6ecb854c51bd7bd32355206c9)
2014-02-18 13:02:08 -05:00
Steve Howell 0b0b9b9379 Remove custom code for customer14.invalid
(imported from commit efdc02e02c0dbdd29a09002897a294b5e820530f)
2014-02-14 11:15:50 -05:00
Leo Franchi acec697fe7 Report unnarrow times as well as narrow times
(imported from commit b3a889aa11dc112508c5a1d213f68e5223a879fc)
2014-02-13 14:45:22 -05:00
Steve Howell 91445035bc Add NarrowBuilder support for negated search conditions.
(imported from commit cdc426e342a6d735d321d78b6753ca5ad7c79c6f)
2014-02-13 14:14:25 -05:00
Steve Howell fb27cbcd01 Handle negated streams in ok_to_include_history.
(imported from commit 0a049364e1d14f45db9f8e9aa5392039a01231eb)
2014-02-13 14:14:25 -05:00
Steve Howell 11ba6a17ab Extract ok_to_include_history() method in messages.py.
(imported from commit a88f5455bf658a8c52c92e7f0bedc301a605020b)
2014-02-13 14:14:25 -05:00
Steve Howell 2fb7c0059d Support negated searches on staging.
Behind a feature flag you can now do searches like this:

    -pm-with:othello@example.com is:private

The "-" in front of "pm-with" tells us to exclude messages
with Othello from our search.  We support "-" in front of
all operators, although the behavior for "-search:" and
and "-near:" doesn't really change in this commit.

Note that the filtering out of "negated" predicates only
happens on the client side in this commit.  On the server
side we ignore negated predicates and send back a superset
of the results.

(imported from commit 6cdeaf32f2d493fbbb838630f0da3da880b1ca18)
2014-02-13 14:14:24 -05:00
Steve Howell 90bb689e13 Extract "cond" local var in NarrowBuilder methods.
This commit doesn't change any functionality, and it is
designed to make diffs for upcoming changes related to
negated conditions a bit easier to read.  This diff
looks a bit noiser than it really is due to some
reindentation of continuation lines.

(imported from commit 64c1cba98faa4bad4eaad122dd3de119caa880c0)
2014-02-12 16:58:07 -05:00
Zev Benjamin 25d461c8f5 Exclude messages on muted topics when finding the first unread message in a narrow
(imported from commit 3151c401f689cc77e53cf34ffc49c7fd7d0a771a)
2014-02-12 16:23:34 -05:00
Steve Howell ea8d9efa00 Support dictionary-style narrows in back end API.
(We continue to support tuple-style narrows as well.)

(imported from commit 0154c1cba7503471b112ce22f280b619133e0211)
2014-02-11 13:15:42 -05:00
Steve Howell a2acce2905 Phase out search tuple data structure in messages.py.
The narrow_parameter convert now converts tuples of
(operator, operand) into dictionaries so that downstream
functions/classes deal in dictionaries.  This
affects get_old_messages_backend, messages_in_narrow_backend,
and NarrowBuilder.

(imported from commit 7e8cb887f7872ec687acd8c4857d1d5222ab0d5f)
2014-02-11 11:52:31 -05:00
Steve Howell 2ad006aac9 Make page_params.narrow be a list of dictionaries, not tuples.
This is part of deprecating the old tuple syntax.

(imported from commit f57fe08e0042792b1381c69d1a7f10f92369e838)
2014-02-11 11:45:44 -05:00
Steve Howell 0366659bee Return stream_id in /json/get_public_streams.
(imported from commit 985d4e01bd3b589d10e57886d159cfdabe594dd4)
2014-02-06 12:09:52 -05:00
Tim Abbott d595714a1c Send Zulip notifications when users fill out our interest form.
(imported from commit 2db4b29df8ac2c4cf1929a3df3015809f3faf895)
2014-02-06 10:25:35 -05:00
Tim Abbott f26af47fb6 Center on-page-load narrows on first unread message.
This implementation is somewhat hackish in large part because I think
we're going to be wanting to redo the get_old_messages API somewhat
soon, and this may naturally become a lot cleaner as a result, but
this isn't a lot of code and fixes #2235 part (A) and substantially
mitigates #1510.

(imported from commit 47a2160a44befa9d83190c5cc95b90e92cc5b4cc)
2014-02-03 13:32:02 -05:00
Jessica McKellar 1c5110dbad Send you a registration email if you try to sign up for an existing realm.
(imported from commit 9104096b424f31a22ee7c8b72378f05309bb978b)
2014-01-31 16:40:19 -05:00
acrefoot 171005a9de Make realm-specific lines in api_github_landing shorter
(imported from commit 0b205256de1b6ad30d42a0aa59bf1fe62ab88847)
2014-01-31 15:51:50 -05:00
acrefoot 425b2df4b4 Filter out synchronize messages on github pull requests for CUSTOMER23
(imported from commit 7032edd79738eba6119eedf15acdb77ef04a8a3c)
2014-01-31 15:35:06 -05:00
Luke Faraone 9a1159fb09 Include email in response to API key retrieval
This helps our iOS app when authenticating via Google Apps, since we
don't get the users' email address when we get the ID token from Google.

(imported from commit 066639958c1e8f7845505ebdabc37282defca5c5)
2014-01-31 13:50:19 -05:00
Jessica McKellar db4cbcd438 Make /json/subscriptions/remove support principals.
Admins will use this to unsubscribe other people from streams.

(imported from commit 5b42d5852ddcfa2c8776482c45471828c4daf453)
2014-01-31 11:23:13 -05:00
Tim Abbott 7ef68f19da Log operation and flag in update_message_flags.
(imported from commit c720224b0b3bf2f8ac1fd686acac143ea3f64994)
2014-01-30 12:48:36 -05:00
Jessica McKellar 82fc7a0a39 Show autoscroll forever option for all of CUSTOMER31.
(imported from commit 6c8826894daa2fc3777da0e9affe49d7a6d77296)
2014-01-30 11:15:56 -05:00
Steve Howell 233ce4360f Handle realm_name in fetch_initial_state_data/apply_events.
Instead of having home() set page_params.realm_name directly from
the user_profile object, have fetch_initial_state_data() set it.
This is more consistent with how we treat other data, and it protects
us against a race condition where realm name updates arrive during
the DB fetching.

(imported from commit 545e3bd73f150438126e3f941e9bebc7aa1d0614)
2014-01-29 13:37:58 -05:00
Jessica McKellar ac3f93d760 Don't let deleting a non-existent stream 500.
(imported from commit f112cde743eb33608f30ae5448ce2db2a34b8e62)
2014-01-29 12:41:22 -05:00
Jessica McKellar c0bc7abbc5 Allow admins to delete private streams they are on.
(imported from commit fe27ba760abf7375242502bff694667bf34bccdf)
2014-01-29 12:41:21 -05:00
Jessica McKellar 20f2baa614 admin: Show a lock icon next to private streams.
(imported from commit 26829016cf219b55aef0ef45187667b0a9bd86fd)
2014-01-29 12:41:21 -05:00
Jessica McKellar eeb8464f4d Don't expose deactivated streams to users through clients or API.
(imported from commit c32715255b3286f52fb313d35659f9357082603a)
2014-01-29 12:41:21 -05:00
Steve Howell 1b987b0803 Add API for changing realm names.
(imported from commit 4bc117ae2ca4acb8896b45cd7058556317287ef8)
2014-01-29 10:16:57 -05:00
acrefoot 4562e43aee enable show_autoscroll_forever_option for Chris Aurelio
(imported from commit c0ae45fd5f6696d18383ea7451d25397a8102302)
2014-01-28 17:57:02 -05:00
Steve Howell 8aaf1cf8c2 Add API for removing default streams from a realm.
(imported from commit 06433126e31b372dff8a23eb8bbea14515138c85)
2014-01-28 14:30:37 -05:00
Steve Howell af9a1e967f Add API for adding default streams to a realm.
(imported from commit 0f48f722dd618c0d054aafdf3d931ef014a5c3ee)
2014-01-28 14:30:02 -05:00
acrefoot a126292431 Add github issues tracking to CMU's realm
(imported from commit 5f4f00888687d14ddf6977e6b2de188294e8e44f)
2014-01-28 13:56:14 -05:00
Tim Abbott 0507b1bb06 Split out do_update_pointer from update_pointer_backend.
(imported from commit 25da1b324a9170677b0f6fc2e29841d6f2af9dec)
2014-01-28 11:01:29 -05:00
Jessica McKellar fd3fc095b5 freshdesk: allow subject field to be empty.
The field should still be present, but Freshdesk now lets it be empty.

(imported from commit a317043947ecb6e234efabaaf6967ebe35e154a8)
2014-01-27 21:50:00 -05:00
acrefoot 07344bb283 Fix github hook when receiving commit_comments
Apparently (according to our error logs) it's possible for there to be a "position" but no "line" [number]
on a commit comment. According to the docs, line numbers are deprecated, although they're probably
more useful than diff line number (aka 'position').

(imported from commit d48f9efbe42293c9585442bd521b1843042eca65)
2014-01-27 16:39:40 -05:00
Tim Abbott da90d63046 Split out zerver/lib/notifications.py from actions.py.
(imported from commit 784b82834ee4fcb4431e77f8fb1c526f8eec82ad)
2014-01-24 17:33:56 -05:00
Jason Michalski 1f98c4f4ce Add support for updating the stream description
The stream description can now be updated, but the UI is not yet updated
on success.

(imported from commit f45e0a9d5138d828ae98d6d49645ab3ddc966704)
2014-01-24 14:47:44 -05:00
Jason Michalski 4104f00229 [schema] Add description to streams and display it
A description was added to the streams and it is now displayed on the
subscriptions page. It can not be set in the UI yet.

(imported from commit 81d08b65eee42dba87cd99dd5bd30106c4eb6c6a)
2014-01-24 14:47:44 -05:00
Steve Howell b82ed52e7b Rename page_params.stream_list to page_params.subbed_info.
This matches page_params.unsubbed_info, plus it sets up to
add something like page_params.stream_dict without being confusing.

(imported from commit 2d40deb779e5c7a488d6952560b4119094bbc0d8)
2014-01-24 12:23:41 -05:00
Jessica McKellar 117c98796e Send some messages to warm up the first user in a realm.
(imported from commit b4d92d474b27c9a0eabf99576a0f441a7d919106)
2014-01-23 17:06:28 -05:00
Jessica McKellar a62c720e0e [manual] Add back json_tutorial_send_message endpoint.
Before deploying to staging, create the tutorial bot:

email: welcome-bot@zulip.com
name: Zulip Welcome Bot

(imported from commit 2f337a00ffac888b121975bdb95a89cf2f8ab3a7)
2014-01-23 17:06:27 -05:00
Jessica McKellar 7702461700 Unconditionally subscribe new users to the notification stream if it is public.
(imported from commit 7d7f14eb6fee43ca6f18adddda741665ce22d24a)
2014-01-23 17:06:26 -05:00
Leo Franchi e24dcb3952 Report proper displayed/receive time and local echo data
(imported from commit 63aba6ef05b1a55d61e975831ebbaa074f8ea74f)
2014-01-23 16:28:58 -05:00
acrefoot d8b15f4202 Improve Backend for Github integration
Refactor github webhook to handle multiple payload verions
split github fixtures into v1 and v2 versions

Group together all realm-specific logic. When v2 becomes available, we can
ask someone in each org to make the changes via the Github Hook configuration, and
slowly remove the special cases.

TODO: when our pull request for github-services gets merged, the integrations page
should say to look for Zulip instead of Humbug

(imported from commit 4790a730010b37186640f9996291afa6e8f96c2b)
2014-01-22 16:44:34 -05:00
Steve Howell 551e7513b3 Use do_change_is_admin() when realm's first user registers.
(imported from commit 64b4db2c03a519ced9cd3bf5b17c0657c21d6cb2)
2014-01-22 14:43:29 -05:00
Steve Howell 3b12e63d8d Send notifications for is_admin changes.
(The client doesn't do anything with them yet.)

(imported from commit df2f406644fe271af53e32a6b3521752b6a1ac41)
2014-01-22 14:43:28 -05:00
Jason Michalski f05d817fb4 Fix building subscribe buttons for realms with a notification stream
Add a test sending new stream notifications to realms with a
notification stream and fix a bug in building the subscribe button
markdown.

(imported from commit 37985d8c0603ae206bef34b9522231c00bc8c572)
2014-01-22 13:08:41 -05:00
Jason Michalski c30a411c10 Add custom markdown tag to render a stream subscribe button
When new streams are created we now send a message with a custom
markdown tag that renders a subscribe button.

(imported from commit 9dfba280b3b4ff4f32f6431ef9227867c8bf4b40)
2014-01-22 11:28:31 -05:00
Steve Howell 6c6d1ee474 Use "synchronized" (past tense) in github webhook.
Normally github gives us a past tense version of the action, but
not for "synchronize," so we fix up the tense.

This also adds zerver.GithubHookTests.test_pull_request_synchronize

(imported from commit ef69467ed4a02dbfa94c8215fb9043b668d1dec9)
2014-01-21 18:18:24 -05:00
Steve Howell 3dbc7d3524 Fix "closers" of github issues/PRs in our webhook.
When folks closed issues or pull requests on github, we were
using the wrong field from the github payload.  Now we
correctly use the "sender" as the person doing the action.

(imported from commit 82989ab19b32f8e3f0bbff9b305a7cb2673d99e9)
2014-01-17 17:48:13 -05:00
Jason Michalski 4c90392261 [schema] Add an per-user option to disable notification on new streams
Added a default_desktop_notifications boolean to userprofile with a UI
in Zulip Labs. This flag is used to default the notification flag on new
subscriptions.

(imported from commit a25223cc5ecf09980cf877991e25034bb3fd4046)
2014-01-16 20:13:34 -05:00
Leo Franchi 607274c0ba Show who updated a ticket in pivotal integration
(imported from commit 005f71222d23f424b57fb84c9f20778836157a51)
2014-01-17 10:32:35 -05:00
Tim Abbott 907e9688fe Change embedded narrow keywords to more clearly specify stream.
(imported from commit 63293f6601503094724711dc335d2f7e67e710f7)
2014-01-16 18:06:30 -05:00
Tim Abbott bc22b1eb16 Add support for topic narrows in our embedded narrow widget.
(imported from commit d3ef2db8e0903e445d9ecc2c28d9f249a0042bd9)
2014-01-16 18:05:35 -05:00
Steve Howell ec91ece6ed Remove "Create new stream" UI for restricted users.
If a user is not allowed to create new streams, then do not
show the "Create new stream" UI at the top of the settings page.

(imported from commit b97626938d8b612317c2189f7eca0d4bd27fc274)
2014-01-16 14:43:57 -05:00
Steve Howell 8bf9068d0b Add back end support to restrict creation of streams.
Note that this doesn't actually restrict anybody yet, but it
makes it so that UserProfile.can_create_streams must return True
for a user to create a stream.  We can modify that in the future
to have special behavior for realms that want more restrictions.

(imported from commit 432e85b1ca86aaee4a6bd1d4a6d0b2c78ecb0863)
2014-01-16 14:43:56 -05:00
Steve Howell fd5fd7e61b Have /json/users return is_admin flag.
(imported from commit 49b5c621510c47656f92c38bc5b9b1b6381d5c21)
2014-01-16 13:41:53 -05:00
Steve Howell e837f8bf8b Add back end for admins to assign/remove admin.
Add back end for admins to assign/remove admin permissions for other users.
The /json/users/<email> endpoint allows you to PATCH is_admin.

(imported from commit bb5e6d44d759274cc2a7cb27e479ae96b2f271b5)
2014-01-16 13:41:53 -05:00
Zev Benjamin f015d27d31 Disable historical search whenever the 'is' operator is present
Previously we only disabled it for 'is:starred'.  This caused a backtrace when
someone searched for, say 'stream:test is:mentioned', because we weren't joining
on zerver_usermessage, which meant the flag wasn't available to filter on.

(imported from commit ba19f8a74b21d60b89dfc8dbe9c8458ed86b423b)
2014-01-15 16:07:20 -05:00
Zev Benjamin d8d1d6ea40 Fix narrowing to PMs with yourself
(imported from commit 1326fa7ae779ba6476165e8838e46ce1323e3ecb)
2014-01-15 16:07:19 -05:00
Tim Abbott dfcb7529ed Disable desktop notifications in embedded narrow windows.
(imported from commit 327f64eb1c7119ccf6e595b9f9748293a06b5b0b)
2014-01-14 12:09:14 -05:00
Jason Michalski 4b86ef59f1 Added Zendesk webhook
Zendesk works a lot like desk.com, it has triggers which use targets.
The triggers have a user defined template. Targets can also have place
holders that are posted, we add the ticket id and title here so we can
always construct the message subject.

(imported from commit 04e8e5c7c0fc5568201f252546f6ed42f282fd00)
2014-01-14 12:01:54 -05:00
Zev Benjamin 3679889be2 Remove extraneous function argument
(imported from commit 4f90f98632077c771ac3123051a6d1a2804fb168)
2014-01-14 11:47:12 -05:00
Zev Benjamin 45ab625616 Add tests for get_old_messages DB queries
(imported from commit 1d6c871e6ac56324a129567e1ba447d44197a0aa)
2014-01-14 11:47:12 -05:00
Zev Benjamin df4d4beb6c Add TODO comment to messages_in_narrow_backend
(imported from commit 7e80a84fdd8f6ba347bb4ecb0f9238923b825871)
2014-01-14 11:47:12 -05:00
Zev Benjamin 81010c6c3d Clean up imports
(imported from commit f80891c6ae3c00daeafed3b504d24a6722f03a82)
2014-01-14 11:47:12 -05:00
Zev Benjamin 64c6bfecac Remove use_raw_query special case in get_old_messages_backend
The normal code will now generate SQL that is basically identically to the raw
SQL we were using before.

(imported from commit 84a3971d6137d05ef3f71252278afdd59041e86a)
2014-01-14 11:47:12 -05:00
Zev Benjamin fe6dc2ef81 Port get_old_messages to use SQLAlchemy
This commit also includes a few changes in the way we do some queries that
should speed searches up:

* Messages before and after the anchor are fetched in a single query by doing a
  UNION ALL on the server.  This incurs the cost of an extra sort because UNION
  ALL does not guarantee the order that the results are appended, but it saves a
  server round-trip.
* Searches involving flags now use a straight froward WHERE clause, which is
  much faster than the one that django-bitfield generates (due to limitations of
  the Django ORM)

(imported from commit a0db811a9073363cfabcf4b035d02d20dc8fc8a4)
2014-01-14 11:47:12 -05:00
Zev Benjamin 8142646938 Remove non-Postgres search codepath
(imported from commit ebc71defce2f075ee224f17a40088ccda9fab931)
2014-01-14 11:47:12 -05:00
Zev Benjamin 6c96561624 [manual] Do search highlighting in Python rather than in the database
This requires the tsearch_extras Postgres extension.  To install the extension,
first install postgresql-9.1-tsearch-extras on both postgres-primary and
postgres-secondary (this would normally be done in a puppet apply, but there are
currently some changes that can't be applied on Postgres machines).  Then run
the following as the postgres user on postgres-primary:

$ psql -d zulip -c 'CREATE EXTENSION tsearch_extras SCHEMA zulip;'

In dev environments, you must also run:

$ psql -d zulip_test_template -c 'CREATE EXTENSION tsearch_extras SCHEMA zulip;'

(imported from commit ad0a57c455b3b86002191ac5fb705d8f716f3296)
2014-01-14 11:47:12 -05:00
Luke Faraone 0a574eeefa Return machine-readable error codes along with 403 responses.
(imported from commit f60e9fa587a41d643cb817cae3ef06938a59f68c)
2014-01-13 13:31:52 -05:00
Luke Faraone 3948e1673d [manual] Accept OAuth2 tokens for API login via Google Apps
This is used by the Android app to authenticate without prompting for a
password.

To do so, we implement a custom authentication backend that validates
the ID token provided by Google and then tries to see if we have a
corresponding UserProfile on file for them.

If the attestation is valid but the user is unregistered, we return that
fact by modifying a dictionary passed in as a parameter. We then return
the appropriate error message via the API.

This commit adds a dependency on the "googleapi" module. On Debian-based
systems with the Zulip APT repository:
    sudo apt-get install python-googleapi

For OS X and other platforms:
    pip install googleapi

(imported from commit dbda4e657e5228f081c39af95f956bd32dd20139)
2014-01-13 13:30:55 -05:00
Jessica McKellar 33bcd1977a Show the first person in the realm an invite banner if they are alone.
Previously we unconditionally showed the "get the desktop app"
banner. Now, if the first user declines to invite people as part of
their onboarding workflow, show the invite banner instead.

(imported from commit f7892fef17c923154a700149b8f5be99e9c03fa0)
2014-01-13 10:36:48 -05:00
Jessica McKellar 2543aea3b8 Send us a Zulip on bulk invites.
We currently only do bulk invites when the first user in the realm
goes through the signup process, so this will help us know if that
step is effective for getting more early users into the app.

(imported from commit c846086185ed28b13d3d4b695a9c8cad913d3bc9)
2014-01-13 10:36:48 -05:00
Leo Franchi 45d3bb4f04 Update our pivotal integration to handle v5 of their API
(imported from commit 2deba4ed2f72c7d7ccedafbb8fc4370b2faa5490)
2014-01-10 21:39:00 -05:00
Tim Abbott 4bf3ace444 [manual] Allow signups for emails held by non-MIT mirror dummy accounts.
Before this is deployed to prod, we need to manually frob our database
to set the is_mirror_dummy=True bit for all existing mirror users.

(imported from commit 39f1938cef091cf1d7d97307f76b137fe1d92b6c)
2014-01-10 21:38:59 -05:00
Jason Michalski 75d1366ae1 Fixes how user input is escaped in stream and topic regexes
NarrowBuilder.by_stream and NarrowBuilder.by_topic for mit users uses a
regex to search by stream and topic. Python's re.escape escapes unicode
in a format that postgres can not parse. We escape unicode as '\uXXXX'
for postgres.

(imported from commit d2c27d4514c31fdc6ef1fea898fe721a6f0ab069)
2014-01-10 21:38:59 -05:00
Zev Benjamin 3720cb1c33 Move message-related views into their own file
(imported from commit 2c71cc1b5d3f0210c98767888c461d5c6d046b49)
2014-01-10 21:38:59 -05:00
Jessica McKellar 0e120c9bbf Show users in deactivated realms an error page when they try to log in.
(imported from commit 6de839ae944b8c76715361c2211cd759d78f4f1a)
2014-01-07 20:24:21 -05:00
Jessica McKellar 32549ec135 Show new users an error page when they try to sign up for a deactivated realm.
(imported from commit 1696a6a5d26ec92b881cd3fda43e6b262e2fbfa5)
2014-01-07 20:24:21 -05:00
Leo Franchi c7836626ea Accept a pass-through local_id option in send_message
(imported from commit 3f7b8e862a92d8a11b68da9ff23f711b6b25b5e2)
2014-01-07 17:33:34 -05:00
Leo Franchi 76892c52aa Send realm filters to clients
(imported from commit a3ba31701baa4d515ea3bf36c39d7255f1dd20d6)
2014-01-07 17:33:33 -05:00
Leo Franchi 4a15f9a2cc Add avatar_url to page_params
(imported from commit e78eeb83ffa0928a624ea54b590cbd42c32b1bc4)
2014-01-07 17:33:33 -05:00
Steve Howell 654ce3e0c7 Add make_stream_private endpoint.
(imported from commit b504c24fd651ecf8814e64725a9f303dc085b14e)
2014-01-06 11:59:47 -05:00
Steve Howell e0c62c5eda Add make_stream_public endpoint.
(imported from commit 03d4cff5587d0aa149997f2f6ae28ec4ede95d7a)
2014-01-06 11:59:47 -05:00
Steve Howell 12b921c9a3 [verify after deploy] Fix API endpoint docs.
After deploying to both staging and prod, double check the docs
are correct here.  This fixes the API docs on prod, which had
"POST /api/v1/messages", despite "/api" not being part of the
prod path.  Prod docs are here:

https://zulip.com/api/endpoints/

(imported from commit a2c4d316128f88171f4a76074314be64d9bc9728)
2014-01-03 19:10:01 -05:00
Jessica McKellar 692ad53941 freshdesk: log payload on webhook errors.
(imported from commit 42bdf56248cbfa1d0b2d39151dd99bdd8a807734)
2014-01-02 10:58:42 -05:00
Leo Franchi 72bfc12f18 Expose a users/me/presence API endpoint
(imported from commit 770310284e91ae20d766cd9a52dd1005b5e47e6b)
2014-01-01 17:02:01 -06:00
Jessica McKellar 7b3d9255bc GitHub integrations: use the branch in the topic for Via Delivers.
(imported from commit 65d009eeba82c24f20eb4241575515e217cb4603)
2013-12-23 11:02:25 -05:00
Leo Franchi 9918b8f039 Whitelist mac clients with Mac UAs
(imported from commit a602dba099e1651996c1fb2ad1f01edf4a82dab8)
2013-12-19 17:23:38 -05:00
Tim Abbott 2264a07c03 Update server-side app checks to handle the new app names.
(imported from commit da7b2c06b413add1881b2d80a89794d0db9c810f)
2013-12-19 17:21:26 -05:00
Tim Abbott 453a05996e Update client strings for webhooks to match UserAgent style.
(imported from commit 0bbed9b0f37e7d57fd7a1607d6fd0e938349e586)
2013-12-19 17:20:43 -05:00
Leo Franchi 0e8fc2a26a Match new User-Agent format for the desktop app in discrimination
(imported from commit 51c296570f506f2280556956b3bf9c26e95cc2f8)
2013-12-19 16:53:45 -05:00
Steve Howell ab9f6b301f Validate msg_ids in messages_in_narrow_backend.
(imported from commit fde39d8766b2de9e41dee52e3372ce4aa27c353b)
2013-12-18 16:00:16 -05:00
Steve Howell ea42d0bb16 Validate narrow in events_register_backend.
(imported from commit 5b873846fece98f7fbf0b6cb6ed5c098e72ac7f4)
2013-12-18 16:00:16 -05:00
Steve Howell f7ec8cccc7 Validate subscriptions in add_subscriptions_backend.
(imported from commit 3d4b669ade135dfa85c01238db110a5e4c1362b2)
2013-12-18 16:00:16 -05:00
Steve Howell 48319f9763 Validate subscriptions in remove_subscriptions_backend.
(imported from commit 9cbbaf35791b204c78a56d7598cff9775901c5ed)
2013-12-18 16:00:16 -05:00
Steve Howell 28b5b175a3 Validate messages in update_message_flags.
(imported from commit e4905fb0f56f56e5486828eb177493c42a0792f2)
2013-12-18 16:00:16 -05:00