Commit Graph

599 Commits

Author SHA1 Message Date
Alex Vandiver 6110ac7339 emoji: Use a transaction, rather than create and delete-on-fail. 2024-07-12 13:26:47 -07:00
Alex Vandiver f6b99171ce emoji: Derive the file extension from a limited set of content-types.
We thumbnail and serve emoji with the same format as they were
uploaded.  However, we preserved the original extension, which might
mismatch with the provided content-type.

Limit the content-type to a subset which is both (a) an image format
we can thumbnail, and (b) a media format which is widely-enough
supported that we are willing to provide it to all browsers.  This
prevents uploading a `.tiff` emoji, for instance.

Based on this limited content-type, we then reverse to find the
reasonable extension to use when storing it.  This is particularly
important because the local file storage uses the file extension to
choose what content-type to re-serve the emoji as.

This does nothing for existing emoji, which may have odd or missing
file extensions.
2024-07-12 13:26:47 -07:00
Alex Vandiver 62a0611ddb emoji: Pass down content-type, rather than guessing from extension. 2024-07-12 13:26:47 -07:00
Vector73 6098c2cebe settings: Add two realm settings to restrict direct messages.
Fixes #24467.
2024-07-08 19:34:17 -07:00
Alex Vandiver e29a455b2d avatars: Encode version into the filename.
Hash the salt, user-id, and now avatar version into the filename.
This allows the URL contents to be immutable, and thus to be marked as
immutable and cacheable.  Since avatars are served unauthenticated,
hashing with a server-side salt makes the current and past avatars not
enumerable.

This requires plumbing the current (or future) avatar version through
various parts of the upload process.

Since this already requires a full migration of current avatars, also
take the opportunity to fix the missing `.png` on S3 uploads (#12852).

We switch from SHA-1 to SHA-256, but truncate it such that avatar URL
data does not substantially increase in size.

Fixes: #12852.
2024-07-07 14:40:07 -07:00
Pedro Almeida ddfc2d230f resolve_topic: Prevent incorrect notification during message move.
This commit fixes the bug where the "topic unresolved" notification
is wrongly triggered when moving a message between a resolved and
unresolved topic, except for when the topics have the same name.

To resolve this issue, the commit ensures that resolved/unresolved
notifications are not sent if a message has been moved to a new
topic. This is achieved by comparing the names of the old and new
topics without considering the "resolved prefix".

The commit also accounts for the scenario where `new_topic_name`
has been truncated, indicating that it was resolved and the name
had to change to accommodate the "resolved prefix".

This solution does not try to specially handle the possible case that
a stream has two topics with the same name, even if one is resolved
and another unresolved.

Fixes #29007.
2024-07-07 11:38:14 -07:00
Pedro Almeida f4ca8025da move_stream: Trigger only move notification.
This commit updates the code so that only the moved notification is
triggered when moving a message between a resolved and unresolved
topic in different streams or when moving a topic itself.

This change takes place even when both stream change and resolve
or unresolve a topic takes place in the same API request, as we
now consider it only a move operation.

This fixes a case where a message is moved between topics that
have the same name, but one resolved and another unresolved and
in different streams. Previously a resolved or unresolved
notification would also be sent. Now, this will not happen,
ensuring only the move operation is notified.

Fixes part of #29007.
2024-07-07 11:38:14 -07:00
Shashank Singh 4cce94b667 invites: Add option to receive notification on accepted invitations.
Previously, when a referrer's invitation to Zulip was accepted,
they got a notification from notification-bot indicating
their invitation has been accepted.

This commit adds an option for referrer to decide
whether he wants to receive the direct notification
from the notification-bot.

Fixes: #20398
2024-07-05 17:14:45 -07:00
Prakhar Pratyush ed605328fb onboarding: Mark a few onboarding messages as starred.
To improve onboarding experience following onboarding
messages are marked as starred:
* First message in each onboarding topic.
* Initial DM sent by Welcome bot

Note: The onboarding topic messages needs to be tracked
in 'OnboardingUserMessage' model to get starred.

Fixes #29298.
2024-07-05 15:39:32 -07:00
Prakhar Pratyush 3c5dc73f50 create_user: Mark only tracked onboarding topic messages as unread.
We give the user some messages in their feed, so that they can
learn how to use the home view in a realistic way.

For realms having older onboarding messages, we mark the very
most recent messages as unread.

This commit updates the logic to ONLY mark the tracked onboarding
messages (if present) i.e. messages tracked in 'OnboardingUserMessage'
as unread.

Fixes part of #29298.
2024-07-05 15:39:32 -07:00
Prakhar Pratyush ffc95204be create_user: Send initial realm messages before process_new_human_user.
This prep commit reorders code blocks in 'do_create_user'
to call the function 'send_initial_realm_messages' before
'process_new_human_user'.

This is required because for the first user (who creates realm)
we need to send the onboarding messages before adding message
history (performed by process_new_human_user) otherwise messages
won't be starred as required.

This commit also takes care of NOT marking the onboarding
messages as 'historical' for the realm creator.
2024-07-05 15:39:32 -07:00
Prakhar Pratyush 485a8a1421 add_new_user_history: Add missing historical flags.
This commit adds the missing historical flag to recent
messages added in a new user's feed.

Reason:
* User didn't receive when they were sent, so semantically
the 'historical' flag should be present.
* It helps to avoid the "You (un)subscribed to.." bookend
while reading older messages.
The bookend appears whenever the historical flag flips
between adjacent messages. Earlier, the bookend was visible
between 'recent messages' and 'older messages'. This makes
sure that the bookend is visible only at the moment new
message is sent by the user after account creation.
2024-07-05 15:39:32 -07:00
Prakhar Pratyush f5a0755f16 create_user: Rename constants used in 'add_new_user_history'.
This commit renames the constants:
MAX_NUM_ONBOARDING_MESSAGES to MAX_NUM_RECENT_MESSAGES
MAX_NUM_ONBOARDING_UNREAD_MESSAGES to MAX_NUM_RECENT_UNREAD_MESSAGES
ONBOARDING_RECENT_TIMEDELTA to RECENT_MESSAGES_TIMEDELTA

The term 'onboarding' is preffered to be used for the
new messages sent during realm creation or new user creation.
These constants are related to already present recent messages.
2024-07-05 15:39:32 -07:00
roanster007 52692a6448 refactor: Rename `huddle` to `direct_message_group` in non API.
This commit performs a sweep on the first batch of non API
files to rename "huddle" to "direct_message_group`.

It also renames variables and methods of type -
"huddle_message" to "group_direct_message".

This is a part of #28640
2024-07-04 07:56:31 -07:00
Prakhar Pratyush fb5b721421 onboarding_step: Don't show 'visibility_policy_banner' to new users.
Earlier, a one-time 'visibility_policy_banner' was displayed to
existing as well as new users to inform them about the new
"follow/unmute topics" feature.

It makes sense to educate only the existing Zulip users about
the new feature using this banner. New users don't need to know
about following topics right away.

This commit makes changes to NOT show the banner to new users.

This will also help to avoid banner overload in the new user
experience.

Fixes #30615.
2024-06-28 10:41:48 -07:00
Anders Kaseorg b115d44b6a requirements: Upgrade Python requirements.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-06-27 15:31:43 -07:00
Lauryn Menard 673a01ea0c realm-deactivation: Send email to owners as part of deactivation.
Creates a new "realm_deactivated" email that can be sent to realm
owners as part of `do_deactivate_realm`, via a boolean flag,
`email_owners`.

This flag is set to `False` when `do_deactivate_realm` is used for
realm exports or changing a realm's subdomain, so that the active
organization owners are not emailed in those cases.

This flag is optional for the `deactivate_realm` management command,
but as there is no active user passed in that case, then the email
is sent without referencing who deactivated the realm.

It is passed as `True` for the support analytics view, but the email
that is generated does not include information about the support
admin user who completed the request for organization deactivation.

When an active organization owner deactivates the organization, then
the flag is `True` and an email is sent to them as well as any other
active organization owners, with a slight variation in the email text
for those two cases.

Adds specific tests for when `email_owners` is passed as `True`. All
existing tests for other functionality of `do_deactivate_user` pass
the flag as `False`.

Adds `localize` from django.util.formats as a jinja env filter so
that the dates in these emails are internationlized for the owner's
default language setting in the "realm_deactivated" email templates.

Fixes #24685.
2024-06-26 16:48:18 -07:00
Alex Vandiver b14a33c659 thumbnailing: Switch to libvips, from PIL/pillow.
This is done in as much of a drop-in fashion as possible.  Note that
libvips does not support animated PNGs[^1], and as such this
conversion removes support for them as emoji; however, libvips
includes support for webp images, which future commits will take
advantage of.

This removes the MAX_EMOJI_GIF_SIZE limit, since that existed to work
around bugs in Pillow.  MAX_EMOJI_GIF_FILE_SIZE_BYTES is fixed to
actually be 128KiB (not 128MiB, as it actually was), and is counted
_after_ resizing, since the point is to limit the amount of data
transfer to clients.

[^1]: https://github.com/libvips/libvips/discussions/2000
2024-06-26 16:42:57 -07:00
Alex Vandiver 35f8c3c455 avatar: Clean up one callsite of deprecated avatar_url_from_dict. 2024-06-20 23:06:08 -04:00
Mateusz Mandera 7ff1227984 presence: Improve INSERT conflict handling in do_update_user_presence.
This was discussed in the review of #29999:
https://github.com/zulip/zulip/pull/29999#discussion_r1620818568

The previous way of handling wasn't entirely correct, as unnecessary
events were omitted, with a bad guarantee of even being in the correct
order.

This is an improvement as now the function detects that it ended up
doing nothing and can skip sending an event.

The race condition is hard to make up in an automated test, but we can
hackily simulate it by injecting a side_effect which will create a
conflicting UserPresence row when the function requests a cursor. Aside
of that, the actual race was simulated in manual testing to verify the
expected behavior.
2024-06-16 11:57:47 -07:00
Gaurav Pandey 1c5007461a topic: Add resolve topic undo grace period.
Currently we send a notification to the topic if it has been resolved
or unresolved even if there is an immediate event of resolving and
then unresolving or vice-versa. This adds a setting of
RESOLVE_TOPIC_UNDO_GRACE_PERIOD_SECONDS under which if a topic has
been unresolved after being resolved immediately and the last message
was the notification of resolving, then delete the last message and
don't send a new notification and vice-versa.

We use the new message.type field to precisely identify relevant
messages.

Fixes #19181.

Co-authored-by: Mateusz Mandera <mateusz.mandera@zulip.com>
2024-06-10 13:34:23 -07:00
Tim Abbott 0232d97ae9 actions: Tag resolve topic messages with a message type.
This makes it possible for the server to distinguish these from other
messages.
2024-06-10 13:34:23 -07:00
Sahil Batra 222995b1be settings: Remove create_public_stream_policy.
This commit removes create_public_stream_policy setting
since public channel creation permissions are now handled
by group-based setting.

We still pass "realm_create_public_stream_policy" in
"/register" response though for older clients with its
value being set depending on the value of group based
setting. If we cannot set its value to an appropriate
enum corresponding to the group setting, then we set
it to "Members only" considering that server will not
allow the users without permissions to create public
channels but the client can make sure that UI is
available to the users who have permission.
2024-06-10 12:24:45 -07:00
Sahil Batra 7655c69d89 realm: Set default for can_create_public_channel_group based on org type. 2024-06-10 12:24:45 -07:00
Sahil Batra 3bda17949e realm: Add new group setting for who can create public streams. 2024-06-10 12:24:44 -07:00
Sahil Batra aac6d6cddb user_groups: Move get_group_setting_value_for_audit_log_data.
This commit moves get_group_setting_value_for_audit_log_data
to zerver.lib.user_groups.
2024-06-04 09:55:27 -07:00
Alex Vandiver 09e9c75ec6 analytics: Remove `active_users` and `active_users_log` metrics.
Both of these are inaccurate, not currently used anywhere, and have
been superseded by the `active_users_audit` metric.
2024-06-03 12:35:35 -07:00
Sahil Batra 6711f0af09 message_delete: Fix event sent for updating first_message_id.
This commit fixes the event sent for updating first_message_id
when a message is deleted, to include the name field as it is
required for all "stream/update" events.

This commit also adds a test in test_events for the case when
first_message_id of a stream is updated on deleting a message.
2024-06-03 08:52:11 -07:00
Mateusz Mandera 016880f54d presence: Core last_update_id mechanism without API changes.
This commit has the mechanism for setting the .last_update_id on the
backend for UserPresence objects, without introducing any API changes.
Therefore this should invisible to clients and able to be deployed
safely without impact to users.
2024-06-02 22:08:28 -07:00
Mateusz Mandera 0dca8f2a38 models: New PresenceSequence model and UserPresence.last_update_id col.
Migration plan:
1. Add NULLable .last_update_id column to UserPresence with default 0
   for new objects.
2. Backfill the value to 0 for old UserPresences, can be done in the
   background while server is running.
3. Make the column non-NULL.
4. Add new model PresenceSequence and create its rows for old realms.
2024-06-02 22:08:28 -07:00
Anders Kaseorg e53e3af0f6 codespell: Fix spelling mistakes caught by codespell.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-05-31 14:32:33 -07:00
Sahil Batra 81765a1e83 user_groups: Fix audit log data when changing group settings.
This commit fixes the code store correct old value in audit
log data when changing can_mention_group setting from a
anonymous group to another anonymous group. The bug was
because the old value was being computed after updating
the UserGroup object with new members and subgroups and
is fixed by computing the old value for all the cases
and passing it to do_change_user_group_permission_setting.
2024-05-28 07:24:07 -07:00
Vector73 93262e03ad emails: Replace occurrences of uri with url in email templates.
This commit replaces occurrences of realm_uri with realm_url in email templates
and other related backend files.

Co-authored-by: Junyao Chen <junyao.chen@socitydao.org>
2024-05-24 11:18:35 -07:00
Prakhar Pratyush 0ce79c8c50 message_edit: Update do_update_message codepath to send event on commit.
Earlier, we were using 'send_event' in 'do_update_message'
which can lead to a situation where we enqueue events but
the transaction fails at a later stage.

Events should not be sent until we know we're not rolling back.
2024-05-24 10:17:35 -07:00
Prakhar Pratyush bca8338ee1 do_update_embedded_data: Change send_event to send_event_on_commit.
Earlier, we were using 'send_event' which can lead to a situation
where we enqueue events but the transaction fails at a later stage.

Events should not be sent until we know we're not rolling back.
2024-05-24 10:17:35 -07:00
Sahil Batra d1bcac0822 realm: Use enums for accessing setting values.
This commit updates code, majorly in tests, to use
setting values from enums instead of directly using
the constants defined in Realm.

We still have those constants defined Realm as they
are used in a couple of places where the same code
is used for different settings. These will be
handled later.
2024-05-22 17:20:37 -07:00
Sahil Batra 5737d4c483 create_user: Fix comment in set_up_streams_for_new_human_user.
This commit fixes comment about subscribing to default streams
in set_up_streams_for_new_human_user to explain the current
logic after changes in 69ba580a54.
2024-05-22 11:34:27 -07:00
Prakhar Pratyush 23c2ce1671 create_realm: Fix channel name and description not being translated. 2024-05-21 09:24:43 -07:00
Prakhar Pratyush 508c5611d1 claim_attachment: Remove the stale 'user_profile' parameter.
This commit removes the unused 'user_profile' parameter
of the 'claim_attachement' function.
2024-05-21 09:24:43 -07:00
Anders Kaseorg b545abe1e2 typos: Fix typos caught by mwic.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-05-20 13:55:00 -07:00
Anders Kaseorg 38cae070ed typos: Fix typos caught by typos.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-05-20 13:55:00 -07:00
Prakhar Pratyush c798d192dc message_send: Update do_send_messages codepath to send event on commit.
Earlier, we were using 'send_event' & 'queue_json_publish' in
'do_send_messages' which can lead to a situation where we enqueue
events but the transaction fails at a later stage.

Events should not be sent until we know we're not rolling back.
2024-05-19 23:18:43 -07:00
Mateusz Mandera 27c4e46b30 do_deactivate_realm: Add deactivation_reason kwarg.
It's going to be helpful in the future to record the reason for realm
deactivation.
- For information tracking
- For making a distinction between cases where we can allow realm owners
  to reactivate their realm via a self-serve flow (e.g.
  "owner_request") vs where we can't (ToS abuse).
2024-05-19 23:07:28 -07:00
roanster007 80634eb32b message_send: Add forged_timestamp to internal_prep_stream_message.
This commit adds the "forged_timestamp" parameter to the
"internal_prep_stream_message" method of "actions/message_send".

This is a preparatory commit, that can be used for sending messages
at a forged time in scripts for generating screenshots of messages.
2024-05-14 16:17:44 -07:00
Sahil Batra 7b42c802b1 invites: Add include_realm_default_subscriptions parameter.
This commit adds include_realm_default_subscriptions parameter
to the invite endpoints and the corresponding field in
PreregistrationUser and MultiuseInvite objects. This field will
be used to subscribe the new users to the default streams at the
time of account creation and not to the streams that were default
when sending the invite.
2024-05-14 14:20:07 -07:00
Prakhar Pratyush 0cddc8a6a6 onboarding: Fix topic names not being translated correctly.
In 'send_initial_realm_messages', the topics names were not
being translated properly as they were computed outside the
with `override_language` block.

Now, we use 'send_initial_realm_messages' inside a with
'override_language' block in the caller. This fixes the bug.

Note: We are using 'override_language' block in the caller
and not within the function as it helps to avoid indenting
everything inside the function.
2024-05-13 16:06:10 -07:00
Prakhar Pratyush 643998fcfa onboarding_steps: Rename 'hotspots' files to 'onboarding_steps'. 2024-05-10 12:30:22 -07:00
Prakhar Pratyush ac2152fdfd onboarding: Replace channel messages in new organizations.
As a part of improving onboarding experience, this
commit updates the channels and messages initially
available in new orgs.

Fixes #29297.
2024-05-09 14:05:35 -07:00
Prakhar Pratyush 7ea66dbec5 onboarding: Mark channel name for translation.
Mark the channel name of the initial channel created during
realm creation for translation.

It doesn't mark the topic names and description for translation
because we are planning to remove these topics and update the
description as a part of improving the onboarding experience.
2024-05-09 14:05:35 -07:00
Prakhar Pratyush 61e606f656 onboarding: Remove 'core team' private channel.
We no longer create the 'core team' private channel when
a realm is created.

Earlier, "New user announcements" channel was set to the
"core team" channel. Now it is disabled by default.

populate_db still creates the 'core team' channel to
represent a private channel.
2024-05-09 14:05:35 -07:00