Commit Graph

25469 Commits

Author SHA1 Message Date
Aditya Bansal 4898fe7ebc uploads: Change Content-Security-Policy to fix issue with pdf's.
Our recent addition of Content-Security-Policy to the file uploads
backend broke in-browser previews of PDFs.

The content-types change in the last commit fixed loading PDFs for
most users; but the result was ugly, because e.g. Chrome would put the
PDF previewer into a frame (so there were 2 left scrollbars).

There were two changes needed to fix this:
* Loading the style to use the plugin.  We corrected this by adding
  `style-src 'self' 'unsafe-inline';`
* Loading the plugin.  Our CSP blocked loading the PDf viewer plugin.
  To correct this, we add object-src 'self', and then limit the
  plugin-type to just the one for application/pdf.

We verified this new CSP using https://csp-evaluator.withgoogle.com/
in addition to manual testing.
2018-04-17 12:23:24 -07:00
Tim Abbott 568a12e254 nginx: Add PDF files to the content-types list.
Previously, user-uploaded PDF files were not properly rendered by
browsers with the local uploads backend, because we weren't setting
the correct content-type.
2018-04-17 11:50:10 -07:00
Cynthia Lin ad6fbbed62 night mode: Remove white borders in collapsible sidebars. 2018-04-17 11:18:09 -07:00
Cynthia Lin 45293a18c6 right-sidebar: Align group PM unread counts with user PM unread counts. 2018-04-17 11:06:33 -07:00
Cynthia Lin b4c977fc6b sidebars: Fix regressions in input fields.
Standardizes their width and margins, while moving an unrelated
selector to a different file.
2018-04-17 11:06:33 -07:00
Vishnu Ks cc93ac34a8 coverage: Add coverage to estimate_recent_messages.
With this message.py is fully covered and can be
removed from not_yet_fully_covered in test-backend.
2018-04-17 11:01:20 -07:00
Priyank 26d8d98319 frontend_tests: Add prefer-const rule.
This rule checks for use of const wherever needed, currently does
nothing since we don't use `let`, instead we use `var`. This rule
can be used to use refactor a file to use const easily by replaceing
var with let using a editor and then by running
`./node_modules/.bin/eslint frontend_tests --fix --cache`. And then revert
those `let`'s back to `var`.
2018-04-17 12:56:25 -04:00
Priyank 6faa6f96e9 node_test: Convert function to arrow function where needed. 2018-04-17 12:56:25 -04:00
Priyank 7490932e1b node_tests: Use const for constants. 2018-04-17 12:56:25 -04:00
Eeshan Garg 4fbdfef63b webhooks/stripe: Update docs to conform to new style guide. 2018-04-17 09:07:27 -07:00
Greg Price dace7cacc8 docs changelog: Mention there are security fixes since 1.7.
Can't hurt to make this clear right in the 1.8 notes.
2018-04-16 18:37:55 -07:00
Greg Price 8630eb43b3 docs: Sort changelog entries for 1.8 into categories.
These aren't perfect -- in particular "core chat experience" can
probably be broken up -- but I think they help in making a quick skim
work for getting some sense of what the changes are.

This change just reorders and adds headings, with virtually no wording
changes.
2018-04-16 18:37:38 -07:00
Puneeth Chaganti 26dfa3266b ci: Make cache keys depend on checksums of dependency manifests
Caches in Circle are immutable -- even if a path in a cache changes in builds
after the cache was created, the cache is not updated if it already exists. This
was making the zulip-venv-cache and zulip-npm-cache directories useless on
Circle.

This commit changes the cache keys to depend on the checksums of the dependency
manifests (requirements/{dev,thumbor}.txt, package.json and yarn.lock). This
would ensure that the caches are updated when the environments change. It may
result in the occasional build being "uncached" -- when a dependency manifest
changes -- but builds without such changes will be much faster, and such builds
are a majority.
2018-04-16 16:49:41 -07:00
Eeshan Garg da4ac38e37 css: Stop rendering code blocks as inline-blocks in webhook docs.
Previously, a code block with a small width would be displayed
inline with the previous paragraph's text.

To fix this, now every p inside an li element except the first is
a block instead of an inline-block. However, this only applies to
li elements for integration instructions.

This makes sense intuitively because if there are multiple p's
in a list element, not all of those should be inline-blocks. The
first one should be because it needs to be inline with the list
number. The rest should be treated (and displayed) as separate
paragraphs.

Another thing to keep in mind is that the way Markdown code
blocks get converted to HTML is such that every code block
becomes <p><code></code></p> when converted to HTML.
2018-04-16 16:42:07 -07:00
Eeshan Garg dde9bb448f webhooks/circleci: Add steps instead of linking to CircleCI docs.
We let Markdown increment the list step numbers, which is more
reliable than keeping track of numbered-steps manually.

Also, instead of linking to the CircleCI docs, we now have full
instructions for how to setup a webhook by modifying the circle.yml
file.
2018-04-16 16:39:23 -07:00
Tim Abbott 310b451dc2 Revert "requirements: Use pypi versions of zulip and zulip_bots."
This reverts commit 6b142b35e6.
2018-04-16 16:39:01 -07:00
Tim Abbott 6b142b35e6 requirements: Use pypi versions of zulip and zulip_bots. 2018-04-16 16:14:43 -07:00
Tim Abbott 5cc70675c6 webhooks: Suppress errors from very old GitLab versions.
Ancient GitLab from several years ago doesn't include the
HTTP_X_GITLAB_EVENT header (and seems to have a different format), so
we should ignore its requests.

Might be good to document the version threshhold, but it's very hard
to tell from Googling what it is.
2018-04-16 16:13:20 -07:00
Tim Abbott e2f8bc9eac /api: Fix tests for /api homepage. 2018-04-16 16:13:20 -07:00
Eeshan Garg 6782f2b76a pypi: Upgrade to release 0.4.4.
This is the latest release after pip 10 was launched.
2018-04-16 16:04:46 -07:00
Tim Abbott c224114287 /api: Clean up the API documentation homepage. 2018-04-16 15:54:39 -07:00
Tim Abbott d09071bbc9 /api: Add an overview doc for the REST API. 2018-04-16 15:51:13 -07:00
Tim Abbott 89704df167 /api: Move list of REST endpoints to a template. 2018-04-16 15:50:53 -07:00
Tim Abbott ea266f1b80 /api: Expand "common errors" page to more generally cover error handling. 2018-04-16 15:50:52 -07:00
Rhea Parekh a2070fb7e5 slack importer: Add comment on size information of avatars.
The size information of an avatar is not required during the import.
Check function 'import_uploads_local' and 'import_uploads_s3'
in 'export.py' for this.
2018-04-16 14:44:57 -07:00
Tim Abbott 636390104a css: Fix glitchy white line in recipient headers.
The intent had always been for this to be just a color change; a white
boundary didn't look good for either the day or night theme.
2018-04-16 13:37:21 -07:00
Tim Abbott f6709cc888 i18n: Update translations from transifex. 2018-04-16 13:25:06 -07:00
Nikhil Kumar Mishra 91412e5843 test_upload: Add test for `get_realm_for_filename`. 2018-04-16 11:52:44 -07:00
Nikhil Kumar Mishra c96dc1652e test_upload: Add tests for `resize_emoji`. 2018-04-16 11:52:44 -07:00
Tim Abbott 0c30a26d81 bulk_create: Remove some long-dead code.
We used to use these in populate_db, but haven't done so in a long
time, and it doesn't seem likely that will change anytime in the
future.
2018-04-16 11:41:42 -07:00
Greg Price 21045d8cf0 prod docs: Call out more the need for a chained cert bundle.
This is kind of easy to gloss over, especially with the framing
as a "format"; surely if things work at all, the file format
must have been right, right?  It's really a bit more substantive
than that; say so and also add a bit more description.
2018-04-16 11:34:23 -07:00
Ben Reeves fdfbd45208 soft_deactivation: Change `<` to `<=` in add_missing_messages.
We should still short-circuit the iteration in
`add_missing_messages` if the unsubscription was the last
thing to happen to the user before unsubscription and
soft deactivation.
2018-04-16 11:28:08 -07:00
Alyssa Wagenmaker d4e5777296 tests: Test user unsubscribing before soft deactivation.
Brings lib/soft_deactivation.py up to 100% test coverage.

Improves: #7089.
2018-04-16 11:28:08 -07:00
Shubham Dhama 03f95ba993 upload: Rename `uploadStarted` to `drop` to match original convention.
We used uploadStarted for drop callback which is kind of confusing
for new contributors as there is a big difference between uploadStarted
and drop like uploadStarted is called for each file in an upload whereas
the drop is called once when the file(s) are uploaded.
2018-04-16 11:16:42 -07:00
Shubham Dhama 0d0f971ae1 upload: Fix stacking of progress bar on canceling the upload.
This fixes stacking of upload progress bar when upload is canceled
and later made another upload.
2018-04-16 23:00:21 +05:30
Tim Abbott 593201a107 css: Cleanup CSS for sidebars.
This fixes a handful of minor issues:

* Non-uniform padding for the right sidebar unread count bubbles.
* Weird vertical positioning of unread counts in the right sidebar due
  to a slightly off line height.
* Missing padding between long stream names and the unread count for the stream.
* Removes a duplicate border-radius command in the left sidebar CSS.
2018-04-16 10:04:37 -07:00
Cynthia Lin d0f5ae38cc right-sidebar: Properly align unread counts with topic names. 2018-04-16 09:48:04 -07:00
Cynthia Lin 47d50c6b86 left-sidebar: Properly align unread counts with topic names.
Fixes #7492.
2018-04-16 09:48:01 -07:00
Cynthia Lin 7cbc9f40bf compose: Change styling of upload progress bar.
Related to #9095.
2018-04-16 09:46:35 -07:00
Cynthia Lin 983deff5da compose: Align recipient bar icons properly.
Fixes #9094.
2018-04-16 09:45:30 -07:00
Cynthia Lin 02d122bed5 input-pill: Wrap input pills when they overflow pill container.
Fixes #9096.
2018-04-16 09:44:22 -07:00
Rhea Parekh f6b6aa1e75 slack import: Implement threading as a management command. 2018-04-15 19:53:02 +05:30
Rhea Parekh 7c0c3930a8 slack importer: Thread avatar downloads. 2018-04-15 19:53:01 +05:30
Rhea Parekh ebc2ee28e9 slack importer: Thread emoji downloads. 2018-04-15 19:52:59 +05:30
Rhea Parekh 8a291d0232 slack importer: Thread attachment downloads.
Use Zulip's run_parallel method to run thread downloads.
2018-04-15 19:51:58 +05:30
Steve Howell 7666e9c7a9 stream settings: Simplify how we select streams tabs.
This commit introduces a helper function called
maybe_select_tab() that goes to the correct tab in the
toggler widget.

It avoids the "lookup" mechanism, which I am hoping to
deprecate, and it handles hypothetical startup issues
by warning instead of crashing.
2018-04-14 11:40:03 -07:00
Steve Howell 9319da8e1d stream settings: Fix bug with Subscribed/All.
Before this commit, this sequence would lead to errors:

        * Open streams page via the gear menu.
        * Go to "All" tab.
        * Leave streams settings.
        * Re-open stream settings via the gear menu.

After doing this, the tab would show "Subscribed" but the list
would be of all messages.

Now we explicitly goto the first tab.

I added a long comment explaining how subs.js contributed
to this bug--in short, we re-build the widget instead of just
re-opening this.

We may also want the toggle component to simply default the
initial tab to the first tab.
2018-04-14 11:40:03 -07:00
Steve Howell a2354ce699 Prevent traceback with info overlays.
We now make sure our toggler exists before invoking its `goto`
method.  Usually a toggler exists pretty early during app
startup, but _setup_info_overlay is wrapped in i18n.ensure_i18n,
which asynchronously fetches translation data.

This commit also simplifies how we find the toggler, by just
storing it in the module where it gets created and consumed.

Fixes #9085.
2018-04-14 11:40:03 -07:00
Eeshan Garg 6d86c83966 webhooks/solano: Update docs to conform to style guide. 2018-04-14 09:38:22 -07:00
Eeshan Garg eec7e17e70 webhook/raygun: Update docs to conform to style guide. 2018-04-14 09:38:22 -07:00