Commit Graph

46553 Commits

Author SHA1 Message Date
Anders Kaseorg 4b712b49ef eslint: Enable eslint-plugin-no-jquery.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-16 12:52:07 -07:00
Anders Kaseorg f84a2c08d5 js: Prefix jQuery object variable names with $.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-16 12:52:07 -07:00
Anders Kaseorg f21842e920 requirements: Upgrade Python requirements.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-16 10:43:23 -07:00
Steve Howell dfab993e7d node tests: Avoid narrow_state mocking in pm_list* tests.
We now use narrow_state directly in pm_list and pm_list_data
tests, rather than mocking it with our `override*` helpers.

In some places I use an actual Filter() object, but
in places where the only testing concern is that the
active is narrow, I use a stub value.

We will continue to mock narrow_state in most places.
In addition to avoiding test-setup complications, we want
to avoid incidental line coverage on narrow_state that
only indirectly validates its behavior. Part of the
trickiness in avoiding narrow_state mocking is that
you often would have to introduce "real" Filter objects,
and the API for Filter objects is somewhat less than
ideal, and its wordiness can distract from the main
point of the tests.

Hopefully the changes here reflect the correct tradeoffs.
2022-03-16 11:57:58 -04:00
Tim Abbott bcbba0b20d docs: Fix changelog typo. 2022-03-15 22:17:53 -07:00
Tim Abbott 63cac121ba docs: Update changelog for changes merged in recent months. 2022-03-15 22:12:59 -07:00
Tim Abbott 26501cbddc i18n: Update translation data from Transifex. 2022-03-15 18:05:47 -07:00
Suyash Vardhan Mathur 20a97bdb05 events: Add functionality to mark messages as unread.
Co-authored-by: Steve Howell <showell@zulip.com>
Co-authored-by: Tim Abbott <tabbott@zulip.com>

This commit adds the backend functionality to
mark messages as unread through update_message_flags
with `unread` flag and `remove` operation.

We also manage incoming events in the webapp.

Tweaked by tabbott to simplify the implementation and add an API
feature level update to the documentation.

This commit was originally drafted by showell, and showell
also finalized the changes.  Many thanks to Suyash here for
the main work here, which was to get all the tests and
documentation work moving forward.
2022-03-15 18:00:35 -07:00
Tim Abbott bf890cf91a compose: Fix resolved topic warning after send.
Previously, we did not clear the resolved topic warning when reopening
the compose box after sending a emssage. This was a latent bug before
the previous commit, since the resolve topic was always displayed when
the compose box was pointed at a resolved topic before the previous
commit.
2022-03-15 17:59:15 -07:00
Tim Abbott 562f37b9af compose: Show topic resolve warning only when compose is nonempty.
The resolve topic warning can feel like clutter in the event that the
compose box is empty (which often occurs when the user has no intent
to send a message), so we configure the validation logic to only
display the notice when the compose box is non-empty.

We take some care to minimize work the function is doing, beacuse it
is called on every keystroke in the compose box.

Fixes: #21155.
2022-03-15 17:59:15 -07:00
Aman Agrawal ab7415105d hotkey: Fix enter key being handled both by browser and the app.
When we handle the enter key, we should return true.
2022-03-15 16:14:25 -07:00
Aman Agrawal bae5f016bf compose_control_menu: Allow to enter press to open the menu.
Make `compose_control_menu_wrapper` clickable and allow tab focus
on it. Disable tab focus on `compose_control_menu` icon. Fix outline
for `compose_control_menu_wrapper`.

Extend out custom outline property to all `[role="button"]` elements.
2022-03-15 16:14:25 -07:00
Tim Abbott a4d42392a6 settings: Avoid dropdown_list_widget on same line as labels.
The 3 instances of dropdown_list_widget using the `label` property had
different design than the rest of all of our dropdowns, in that the
label was on the same line as the dropdown.

Fix this by adjusting the `label` option to use our standard
`dropdown-title` CSS class.

Also remove the colons in the labels.

I confirmed that these were the only instances of this widget using
the label feature.

Fixes #20415.
2022-03-15 16:08:41 -07:00
Alex Vandiver d150236217 ci: Test upgrades from 4.11. 2022-03-15 16:00:02 -07:00
Sahil Batra 6f93f07844 types: Create a new TypedDict RealmPlaygroundDict for playground objects.
This commit creates a new TypedDict RealmPlaygroundDict for realm
playground objects. Now the list of playgrounds in the events sent
to clients and the "added_playground" field of RealmAuditLog entry
use RealmPlaygroundDict instead of Dict.
2022-03-15 15:58:36 -07:00
Sahil Batra 4bbb5f18e4 actions: Use transaction.atomic for do_remove_realm_playground. 2022-03-15 15:58:36 -07:00
Sahil Batra 578b752766 actions: Use transaction.atomic for do_add_realm_playground. 2022-03-15 15:58:36 -07:00
Sahil Batra b86b9bdc02 realm: Create RealmAuditLog entry when removing realm playgrounds.
This commit also adds 'acting_user' parameter to
do_remove_realm_playground function.

Fixes a part of #21268.
2022-03-15 15:58:36 -07:00
Sahil Batra dea3389045 realm: Create RealmAuditLog entry when adding realm playgrounds.
This commit also adds 'acting_user' parameter to
do_add_realm_playground function.

Fixes a part of #21268.
2022-03-15 15:58:36 -07:00
Sahil Batra 9fd9c5f1d2 actions: Pass realm_playgrounds as argument to notify_realm_playgrounds.
This commit modifies the notify_realm_playgrounds function to accept
realm_playgrounds as argument from the caller instead of computing it
in the function to avoid duplicate queries since the realm playgrounds
list will be required in its caller functions as well in further commits.
2022-03-15 15:58:36 -07:00
Alex Vandiver f77204be14 version: Update version and changelog after 4.11 release. 2022-03-15 14:24:53 -07:00
Alex Vandiver 62ba8e455d CVE-2022-24751: Clear sessions outside of the transaction.
Clearing the sessions inside the transaction makes Zulip vulnerable to
a narrow window where the deleted session has not yet been committed,
but has been removed from the memcached cache.  During this window, a
request with the session-id which has just been deleted can
successfully re-fill the memcached cache, as the in-database delete is
not yet committed, and thus not yet visible.  After the delete
transaction commits, the cache will be left with a cached session,
which allows further site access until it expires (after
SESSION_COOKIE_AGE seconds), is ejected from the cache due to memory
pressure, or the server is upgraded.

Move the session deletion outside of the transaction.

Because the testsuite runs inside of a transaction, it is impossible
to test this is CI; the testsuite uses the non-caching
`django.contrib.sessions.backends.db` backend, regardless.  The test
added in this commit thus does not fail before this commit; it is
merely a base expression that the session should be deleted somehow,
and does not exercise the assert added in the previous commit.
2022-03-15 13:52:15 -07:00
Alex Vandiver 7650b5a972 session: Enforce that changes cannot happen in a transaction. 2022-03-15 13:52:15 -07:00
Anders Kaseorg b70a071124 report: Strengthen report_csp_violations type using WildValue.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg 2a0bc2d1c9 crashlytics: Strengthen types using WildValue.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg be781f19e6 codeship: Strengthen types using WildValue.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg d5a8e040da clubhouse: Strengthen types using WildValue.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg 573d264759 circleci: Strengthen types using WildValue.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg 02393ecad7 canarytoken: Strengthen types using WildValue.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg d86fb95ce6 buildbot: Strengthen types using WildValue.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg 42662f22c8 bitbucket3: Strengthen types using WildValue.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg 6528538188 bitbucket2: Strengthen types using WildValue.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg b637ba5f0f bitbucket: Strengthen types using WildValue.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg af565ef32f beeminder: Strengthen types using WildValue.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg 950e3cfcaf beanstalk: Strengthen types using WildValue.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg 2551320a3b beanstalk: Remove pointless payload mutation.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg 4689678546 basecamp: Strengthen types using WildValue.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg ff187411c0 appveyor: Strengthen types using WildValue.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg 04e09d21a3 appfollow: Strengthen types using WildValue.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg 07ae5f54ee ansibletower: Strengthen types using WildValue.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg d436f8098e alertmanager: Strengthen types using WildValue.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg ac9a5ba894 airbrake: Strengthen types using WildValue.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg af67eee3ea bitbucket2: Cast append_punctuation argument to str.
Commit ab8aae6d0c (#12161) incorrectly
assumed that ‘new’ is a string.  In the case of change == "links",
it’s a dict.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg 82081ddb95 bitbucket3: Remove function signature inspection nonsense.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg a34e09215d bitbucket2: Remove function signature inspection nonsense.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg cd2fc198a9 bitbucket2: Untangle totally different control flow for push events.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg 29ecf415fc validator: Add WildValue class for enforcing JSON type checking.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg 04d772b582 request: Support converter or json_validator with argument_type="body".
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg 970f22380a request: Replace default_assigned flag with continue.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg 5f92078d07 request: Add a var_name parameter to converter.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00