Commit Graph

875 Commits

Author SHA1 Message Date
Tim Abbott 6264ff7039 Add new Zulip realm import/export tool.
The previous export tool would only work properly for small realms,
and was missing a number of important features:
* Export of avatars and uploads from S3
* Export of presence data, activity data, etc.
* Faithful export/import of timestamps
* Parallel export of messages
* Not OOM killing for large realms

The new tool runs as a pair of documented management commands, and
solves all of those problems.

Also we add a new management command for exporting the data of an
individual user.
2016-08-08 14:58:18 -07:00
Tim Abbott 54a6bdc3ad views: Fix mypy annotations in get_invitee_emails_set.
Apparently this buggy annotation slipped through into master.
2016-08-05 15:04:16 -07:00
Tomasz Kolek 64b5d0ce64 Add support for inviting emails in "name" <email> format.
Often, users will copy email addresses with a name (rather than pure
email addresses) into the Zulip "invite users" UI.  Previously, that
would throw an error.

This change also adds a get_invitee_emails_set function for parsing
emails content and a test suite for this new feature.

Fixes: #1419.
2016-08-05 14:48:04 -07:00
Tim Abbott 4ddc567c50 views/__init__: Add missing annotations. 2016-08-04 15:57:03 -07:00
Tim Abbott 2da6b6bfd8 views.messages: Add some more annotations. 2016-08-04 15:57:03 -07:00
Tim Abbott 2eb5baa024 zendesk: Add missing type annotation. 2016-08-04 15:57:03 -07:00
Tim Abbott a7086d3d8a trello: Fix accidentally commented type annotation. 2016-08-04 15:57:03 -07:00
Tim Abbott ef5b5bb45b views/streams: Add missing annotations. 2016-08-04 15:57:03 -07:00
Tim Abbott 0689485666 Add lint check for malformed type annotations missing :.
Also fix the 2 annotations that weren't being checked because of this.
2016-08-04 15:53:23 -07:00
Tim Abbott af823f7a76 Annotate circleci integration. 2016-08-04 15:53:23 -07:00
Tomasz Kolek 09d081d9bd Replace hardcoded integration-lozenges to generating ones. 2016-08-04 11:41:18 -07:00
Rag Sagar b9f2397073 Add validation and tests for default language setting. 2016-07-31 17:44:10 -07:00
Christie Koehler 31efecf03d Add HelloWorld webhook integration + Walkthough.
Improves webhook integration docs and Hello World webhook.  Includes
many suggested improvements from @timabbott and @tomaszkolek.
2016-07-29 21:38:40 -07:00
Umair Khan 7531d9679b Sort language dropdown list. 2016-07-29 11:58:41 -07:00
Umair Khan 0aa72cb347 Point registration to correct url.
While logging through GitHub if the realm of the user doesn't
exist then we are redirected to registration page but the action
points to the complete url of the GitHub oAuth overflow.
2016-07-28 15:27:22 -07:00
Tim Abbott 832951d2dd Fix IFTTT integration documention on 'content' field. 2016-07-28 14:05:45 -07:00
Tim Abbott df525ad1c5 Remove old MitUser model and related code.
The MitUser model caused a constant series of little problems for
users with mit.edu email addresses trying to sign up for different
Zulip servers.

The new implementation just uses conditionals on the realm object when
selecting the confirmation template to use.
2016-07-26 20:30:12 -07:00
Tim Abbott 375551aaa6 Clean up most hardcoding of mit.edu domain checks.
This moves all this code to be gated on a few virtual realm settings.
2016-07-26 20:30:12 -07:00
Tim Abbott c17676b00c Cleanup MIT hardcoding for disabling presence. 2016-07-26 20:30:12 -07:00
Steve Howell 3fa745ebe3 Remove untested code in is_public_stream().
We were calling valid_stream_name(), but more appropriate
validation checks for stream names happen elsewhere in the codepath.
2016-07-26 18:10:00 -07:00
Tim Abbott b2d1c18268 views: Move push token views to new push_notification.py. 2016-07-26 14:44:24 -07:00
Tim Abbott 6dc5681171 views: Move presence views to presence.py. 2016-07-26 14:29:32 -07:00
Tim Abbott 62affa53c9 views: Move update_realm to new realm.py views file. 2016-07-26 14:29:24 -07:00
Umair Khan 7c138c6e33 Import is_inactive from proper file. 2016-07-26 12:26:55 -07:00
Eklavya Sharma e0dbaf1031 Use universal_newlines=True in subprocess.check_output.
In python 3, subprocess uses bytes for input and output if
universal_newlines=False (the default).  It uses str for input and
output if universal_newlines=True.

Since we mostly deal with strings, add universal_newlines=True to
subprocess.check_output.
2016-07-26 12:06:41 -07:00
Ashish Kumar 8398dac025 Fix 'Invalid stream' error message in get_subscription_or_die(). 2016-07-25 14:48:48 -07:00
Steve Howell 1da9325476 Require non-empty full_name or password in json_change_settings 2016-07-23 14:53:15 -07:00
Steve Howell 14717f414c Add default for full_name in json_change_settings. 2016-07-23 14:53:15 -07:00
Taranjeet Singh 9bea1f46c7 zerver/views/webhooks/bitbucket2.py: Fix line with length greater than 120. 2016-07-23 14:33:11 -07:00
Tim Abbott 4de203a23f Fix MIT users joining a Zulip realm. 2016-07-22 14:27:36 -07:00
Eklavya Sharma 09e4e5aea7 Add links after `type: ignore`s. 2016-07-22 13:59:31 -07:00
Eklavya Sharma 674f6999e1 Improve annotations of decorators. 2016-07-22 11:14:33 -07:00
Eklavya Sharma 4b7d94564a zerver/views/streams.py: Annotate variables to help mypy. 2016-07-22 11:14:33 -07:00
Umair Khan dce48d58b6 Cache translations.
Fixes: #1158
2016-07-21 10:23:31 -07:00
Tim Abbott 3ea4cbb5c3 settings: Extract settings.VERBOSE_SUPPORT_OFFERS. 2016-07-19 15:28:41 -07:00
Tim Abbott fb386da552 settings: Extract settings.SAVE_FRONTEND_STACKTRACES. 2016-07-19 15:28:41 -07:00
Tim Abbott 0aaa55fb8f settings: Extract settings.SHARE_THE_LOVE. 2016-07-19 15:28:41 -07:00
Tim Abbott afaac85dc6 Move get_sqlalchemy_connection to its own file. 2016-07-19 15:28:41 -07:00
Kartik Maji 599b15cb84 Allow fetching subscribers for streams the user has never subscribed to.
This allows the frontend to fetch data on the subscribers list (etc.)
for streams where the user has never been subscribed, making it
possible to implement UI showing details like subscribe counts on the
subscriptions page.

This is likely a performance regression for very large teams with
large numbers of streams; we'll want to do some testing to determine
the impact (and thus whether we should make this feature only fully
enabled for larger realms).
2016-07-18 16:24:19 -07:00
Taranjeet Singh 5462341cb4 zerver/views/webhooks/github.py: Fix lines with length greater than 120. 2016-07-18 15:10:41 -07:00
Taranjeet Singh 3031214718 zerver/views/messages.py: Fix line with length greater than 120. 2016-07-18 15:05:52 -07:00
Taranjeet Singh 84660a5087 zerver/views/__init__.py: Fix lines with length greater than 120. 2016-07-18 14:51:06 -07:00
Taranjeet Singh 5499136bfd zerver/views/webhooks/teamcity.py: Fix line with length greater than 120. 2016-07-18 14:42:39 -07:00
Taranjeet Singh 7199ee8f08 zerver/views/webhooks/taiga.py: Fix line with length greater than 120. 2016-07-18 14:42:39 -07:00
Taranjeet Singh 3e17011f9c zerver/views/webhooks/pivotal.py: Fix line with length greater than 120. 2016-07-18 14:42:39 -07:00
Taranjeet Singh c437659cd9 zerver/views/webhooks/pingdom.py: Fix line with length greater than 120.
zerver/views/webhooks/pingdom.py: Fix indetation for function args.
2016-07-18 14:42:39 -07:00
Taranjeet Singh 7ddb254d2e zerver/views/webhooks/circleci.py: Fix line with length greater than 120.
zerver/views/webhooks/circleci.py: Fix indentation for function args.
2016-07-18 14:42:39 -07:00
Taranjeet Singh 1323685140 zerver/views/webhooks/beanstalk.py: Fix line with length greater than 120.
zerver/views/webhooks/beanstalk.py: Capture string in a temp variable.
2016-07-18 14:42:39 -07:00
Taranjeet Singh 569d14a826 zerver/views/webhooks/airbrake.py: Fix line with length greater than 120.
zerver/views/webhooks/airbrake.py: Fix Indentation.

zerver/views/webhooks/airbrake.py: Fix Indentation for args in function.
2016-07-18 14:42:39 -07:00
Taranjeet Singh 10afbc06f9 zerver/views/report.py: Fix line with length greater than 120.
zerver/views/report.py: Capture string in temporary variables.
2016-07-18 14:42:39 -07:00
Steve Howell 2bfa763c0b Use topic_name() in update_message_backend(). 2016-07-18 14:10:11 -07:00
Steve Howell 5fcbd0a178 Remove muting logic in approximate_unread_count().
The muting logic in approximate_unread_count() was confusing
stream/subject and only using the first of many stream/subject
pairs, so it was rarely excluding rows from the count, and when
it did exclude rows, they were the wrong rows.

This fixes part of #1300, but we may want to keep the issue open.
2016-07-18 11:21:51 -07:00
Steve Howell 60bd20da61 Remove zerver/lib/query.py (dead code). 2016-07-16 14:51:15 -07:00
Rishi Gupta 09754c9861 Remove JsonableErrors from actions.do_update_message.
There were a bunch of authorization and well-formedness checks in
zerver.lib.actions.do_update_message that I moved to
zerver.views.messages.update_message_backend.

Reason: by convention, functions in actions.py complete their actions;
error checking should be done outside the file when possible.

Fixes: #1150.
2016-07-15 13:55:49 -07:00
Rishi Gupta d529a94e4d Add realm setting to time-limit editing of message content.
This is controlled through the admin tab and a new field in the Realms table.
Notes:
* The admin tab setting takes a value in minutes, whereas the backend stores it
  in seconds.
* This setting is unused when allow_message_editing is false.
* There is some generosity in how the limit is enforced. For instance, if the
  user sees the hovering edit button, we ensure they have at least 5 seconds to
  click it, and if the user gets to the message edit form, we ensure they have
  at least 10 seconds to make the edit, by relaxing the limit.
* This commit also includes a countdown timer in the message edit form.

Resolves #903.
2016-07-15 13:55:49 -07:00
Tomasz Kolek f689fbfa4d Replace old Trello integration with a webhook integration.
Fixes: #709.

[With tweaks on the documentation by tabbott]
2016-07-13 21:00:27 -07:00
Eklavya Sharma a7d2dab28f Fix non-deterministic output from Taiga integration.
Taiga's webhook integration would give output events in a random
order which caused test failures on python 3 (seems like python
3 is more prone to non-deterministic failures).  Fix that by
sorting the outputs obtained from events before concatenating them.
2016-07-13 16:00:46 -07:00
Eklavya Sharma 5382aeb385 Render PagerDuty message using ujson.dumps.
Use ujson.dumps to render raw messages sent by the PagerDuty
integration instead of using pprint.pformat.  pprint.pformat
gives different results on python 2 and 3.
2016-07-13 16:00:46 -07:00
Eklavya Sharma e6502710b6 Change exception.message to str(exception).
The 'message' attribute in Exception has been deprecated.
It has been removed in python 3.
2016-07-13 16:00:46 -07:00
Tim Abbott c0a6672471 Update path to language_options.json in production.
The previous code didn't correctly transport language_options.json to
the production environment.
2016-07-13 12:30:45 -07:00
Tim Abbott 305189956b update_message_flags: Log number of messages updated. 2016-07-12 19:12:49 -07:00
Steve Howell 3923f94a2b Remove unused code path in avatar() endpoint. 2016-07-12 17:37:02 -07:00
Tomasz Kolek d0066c37ff Add bitbucket2 integration.
Bitbucket changed the format of their API.  The old format is still
useful for BitBucket enterprise, but for the main cloud verison of
Bitbucket, we need a new BitBucket integration supporting the new API.
2016-07-12 17:34:34 -07:00
Tim Abbott 3647973069 update_message_backend: Reorganize validation checks.
The new organization more clearly does the permission check first.
2016-07-10 18:01:59 -07:00
Tim Abbott 05632b68e1 edit: Add validation for setting empty content. 2016-07-10 18:01:59 -07:00
Tim Abbott 211a166abc message edit: Move new topic non-empty check to view. 2016-07-10 18:01:59 -07:00
Rishi Gupta 43c2f35776 Add realm setting to disable message editing.
This is controlled through the admin tab and a new field in the Realms
table.  This mirrors the behavior of the old hardcoded setting
feature_flags.disable_message_editing.  Partially resolves #903.
2016-07-10 11:57:24 -07:00
Steve Howell c680c6a981 Removed unused to_non_negative_float() function. 2016-07-09 07:37:13 -07:00
Umair Khan 043ae8ad65 Upgrade to Django-Pipeline==1.6.8. 2016-07-09 07:09:55 -07:00
Taranjeet a8a4caf2c0 zerver: Fix lines with length greater than 120. 2016-07-08 11:41:43 -07:00
Eklavya Sharma 6c3f1bb967 beanstalk.py: Encode and decode strings correctly. 2016-07-07 12:42:51 -07:00
Eklavya Sharma 26b8e7357a zerver/views/messages.py: Operate on bytes in highlight_string. 2016-07-07 12:42:51 -07:00
Eklavya Sharma 63d55bdd86 zerver/views/__init__.py: decode b64encoded ccache.
Convert b64encoded ccache to `str` before passing to
subprocess.check_call.
2016-07-07 10:02:08 -07:00
Umair Khan 035fceb814 Add dynamically loaded language dropdown. 2016-07-04 11:56:02 -07:00
Eklavya Sharma 9772a512cb Use abstract types in annotations. 2016-07-04 03:01:32 +05:30
Kartik Maji f8bb7503e6 Add ability to pin streams to top of the streams sidebar list.
Based on work by Lauren Long, with some tweaks by tabbott.
2016-06-30 22:26:09 -07:00
Vishnu Ks 1cbd39b768 Unique link generator for realm creation. 2016-06-30 15:52:41 -07:00
Rishi Gupta 17b6d136d5 Add Semaphore webhook integration. 2016-06-29 16:36:19 -07:00
Tim Abbott abc2c03b0f Fix missing 'current_url' value in registration flow.
This fixes some tracebacks I got while testing the Zulip htpasswd SSO
functionality.

I think that this stopped working as a result of the Jinja2 migration.
2016-06-28 23:05:38 -07:00
acrefoot a36e5d4987 Add get_auth_backends endpoint to API.
We would like to know which kind of authentication backends the server
supports.

This is information you can get from /login, but not in a way easily
parseable by API apps (e.g. the Zulip mobile apps).
2016-06-27 18:30:34 -07:00
Tim Abbott e72f41cdec Remove old prototype data import/export tool.
This prototype from Dropbox Hack Week turned out to be too inefficient
to be used for realms with any significant amount of history, so we're
removing it.

It will be replaced by https://github.com/zulip/zulip/pull/673.
2016-06-27 13:47:08 -07:00
Tim Abbott b2a24e0306 Revert "Add authorization check before serving files."
This reverts commit e985b57259.

This commit will break production when we next do a release, because
we haven't done a migration to create Attachment objects for
previously uploaded files.
2016-06-27 12:09:56 -07:00
rahuldeve e985b57259 Add authorization check before serving files. 2016-06-27 11:24:35 -07:00
rahuldeve 674def30ee Add support for serving files using API authentication.
Also remove 'get_uploaded_file' view function and the corresponding
old '/user_upload/' url pattern.
2016-06-27 11:00:41 -07:00
Tim Abbott 79570f99c2 json_upload_file: Remove unnecessary has_request_variables. 2016-06-27 10:29:30 -07:00
Tim Abbott 8272fb4a94 zerver.views.upload: Move upload functions later in file. 2016-06-27 10:28:09 -07:00
Eklavya Sharma d7a83ed019 zerver/views/__init__.py: Type annotate a variable. 2016-06-27 17:52:37 +05:30
Eklavya Sharma 63a5323259 zerver/views/streams.py: Type annotate variables. 2016-06-27 17:52:22 +05:30
dhanus 1169329a71 Annotate zerver/views/webhooks/github.py. 2016-06-26 08:13:49 -07:00
Eklavya Sharma 85cb3e6103 zerver/views/webhooks/github.py: Make exception string str.
Passing a unicode string to Exception can sometimes fail.
Convert it to str to prevent that.
2016-06-26 08:13:49 -07:00
Eklavya Sharma a32f83b182 zerver/views/webhooks/github.py: Fix string literals.
Change some string literals to unicode.
2016-06-26 08:13:49 -07:00
Eklavya Sharma fa4adf0c62 zerver/views/webhooks/bitbucket.py: Fix an annotation. 2016-06-26 08:13:49 -07:00
Eklavya Sharma 36c2214d94 zerver/views/webhooks/bitbucket.py: Fix string literals.
Convert some strings literals to unicode.
2016-06-26 08:13:49 -07:00
Vishnu Ks 7d654a26c8 Casper test for realm creation. 2016-06-25 10:50:12 -07:00
Vishnu Ks 20adcbc64b Make send_registration_completion_email return the Confirmation object. 2016-06-24 17:47:56 -07:00
Vishnu Ks 8350b89798 Add support for custom error message in realm-creation-failed template. 2016-06-24 17:47:56 -07:00
Tim Abbott 6d71c25a0f accounts_register: Stop using _ as dummy variable.
This conflicts with internationalization.
2016-06-24 17:47:31 -07:00
acrefoot e4ed9195dc Remove rest_dispatch hack and optimize imports.
For a long time, rest_dispatch has had this hack where we have to
create a copy of it in each views file using it, in order to directly
access the globals list in that file.  This removes that hack, instead
making rest_dispatch just use Django's import_string to access the
target method to use.

[tweaked and reorganized from acrefoot's original branch in various
ways by tabbott]
2016-06-24 16:11:03 -07:00
Vishnu Ks 574a304b12 Mention invite emails are printed in console in dev.
This is part 2 of #1046.
2016-06-23 17:07:11 -07:00
Tim Abbott f39c9161fe Fix fetching user API keys via settings page when using LDAP backend.
Previously, json_fetch_api_key was hardcoding a check using Zulip's
built-in password functionality, rather than using authenticate().
2016-06-21 14:58:25 -07:00
Tomasz Kolek 9ae68ade8b Add is_webhook option to authentication decorats.
Modified:
authenticated_rest_api_view
authenticated_api_view and validate_api_key.
2016-06-21 11:47:38 -07:00
Tim Abbott 80d92c1651 Add comment documenting confusing list_to_streams code. 2016-06-21 11:45:35 -07:00
Vishnu Ks ad1c3894d9 Add interface for creating new realms.
This is controlled by settings.OPEN_REALM_CREATION; if that setting is
off, this feature doesn't do anything.
2016-06-17 16:15:28 -07:00
kunall17 007eee6061 Add route to fetch emails for mobile passwordless login.
[Tweaked by tabbott to rename API to explicitly support not just
Android]
2016-06-17 11:03:19 -07:00
kunall17 7ea0eaed1c Add passwordless login for mobile app development.
[Tweaked by tabbott to rename API to explicitly support not just
Android].
2016-06-17 10:58:33 -07:00
Vishnu Ks 01c9bb2d5e Make name_changes_disabled() work with no argument. 2016-06-16 17:13:59 -07:00
Tomasz Kolek 76cbe89613 Add IFTTT integration. 2016-06-16 15:30:45 -07:00
John Hergenroeder 16a19226f6 Add linter check for redundant REQ whence argument. 2016-06-16 13:53:39 -07:00
Tomasz Kolek 4e51a86ea4 Add updownio integration. 2016-06-14 12:14:07 -07:00
Tomasz Kolek 14d69348d3 Add Airbrake integration. 2016-06-13 20:36:40 -07:00
Eklavya Sharma 6f5ed6e7c9 Fix annotations clashing with Stream model fields. 2016-06-13 20:01:02 +05:30
Eklavya Sharma 9d7a2fdf9d zerver/views/streams.py: Fix annotations.
Mainly fix `str` to `text_type` and use abstract containers.
2016-06-13 20:01:01 +05:30
Eklavya Sharma 10f2ec043d Fix zerver.lib.utils.generate_random_token.
generate_random_token used to return a value of type six.binary_type
and its return type was annotated as `str`.  This commit fixes that
by making it return a value of type `six.text_type` and updating
the annotation accordingly.
Also fix clashing annnotations.
2016-06-12 09:30:53 -07:00
Babak ad895eb690 Annotate zerver/views/report.py. 2016-06-11 18:42:37 -07:00
Vishnu Ks 77ec6217eb Add validation for private message recipients.
The function will reject messages where recipients aren't either a
member of the realm or a member of cross_realm_user_emails.

Fixes: #930.
2016-06-11 11:24:45 -07:00
Eklavya Sharma 53084fe03c Use text_type as type of cache keys and update users.
This changes the type annotations for the cache keys in Zulip to be
consistently text_type, and updates the annotations for values that
are used as cache keys across the codebase.
2016-06-11 09:10:34 -07:00
Vishnu Ks b926826ea1 Remove default_stream addition and deletion from update_stream_backend.
Default stream addition/removal is done via the /default_stream REST
endpoints.
2016-06-10 16:59:15 -07:00
rahuldeve fa13582ffb Serve uploaded files through get_uploaded_file in development.
Previously, uploaded files were served:
* With S3UploadBackend, via get_uploaded_file (redirects to S3)
* With LocalUploadBackend in production, via nginx directly
* With LocalUploadBackend in development, via Django's static file server

This changes that last case to use get_uploaded_file in development,
which is a key step towards being able to do proper access control
authorization.

Does not affect production.
2016-06-09 22:58:25 -07:00
Tim Abbott 13bac1cc2a Fix serving files uploaded to S3.
This was broken by the refactoring to realm_id_str in:
a261a6bbac.
2016-06-09 21:55:50 -07:00
rahuldeve 3e3462da0d Refactor zerver.lib.upload.upload_message_image_through_web_client.
upload_message_image_through_web_client -> upload_message_image_from_request
2016-06-09 21:09:12 -07:00
medullaskyline 39eaf02b40 Annotate zerver.views.webhooks.taiga. 2016-06-09 17:08:55 -07:00
Vishnu Ks f9f31b79d0 Make default_streams web controllable.
Fixes: #665
2016-06-09 15:24:32 -07:00
rahuldeve ed83bb7f54 Refactor zerver.views.upload. 2016-06-08 09:49:14 -07:00
Hyunchel Kim b0702c62fc Annotate zerver.views.messages partially. 2016-06-07 21:09:30 -07:00
Tim Abbott bc2961d3ac Refactor file upload routes to their own file. 2016-06-06 16:09:05 -07:00
Evan Palmer 8afeb7d8ce Annotate webhooks/transifex.py, webhooks/yo.py. 2016-06-05 17:01:53 -07:00
Daw-Ran Liou 7f0709b65c Annotate zerver.views.webhooks.freshdesk
Change the comments into docstrings.
Modified the return type of parse_freshdesk_event to always return a
list of str.
2016-06-05 15:56:27 -07:00
Dalek-Sec c457f551ea Annotate zerver/views/webhooks/crashlytics.py 2016-06-05 15:54:13 -07:00
medullaskyline 7e30de04ca Annotate zerver.views.webhooks.pingdom. 2016-06-05 15:52:53 -07:00
medullaskyline 4c1da236ad Annotate zerver.views.webhooks.pagerduty. 2016-06-05 15:47:33 -07:00
Daw-Ran Liou 4428287846 Annotate zerver.views.webhooks.stash. 2016-06-05 15:42:25 -07:00
Hyunchel Kim b79cad0404 Annotate zerver.views.webhooks.teamcity 2016-06-05 15:11:45 -07:00
Daw-Ran Liou 26d067fc97 Annotate zerver.views.webhooks.pivotal. 2016-06-05 14:57:53 -07:00
medullaskyline 2369d48a9b Annotate zerver.views.webhooks.newrelic. 2016-06-05 14:52:20 -07:00
Evan Palmer 4bf81b58b4 Annotate zerver/views/webhooks/zendesk.py. 2016-06-05 14:50:52 -07:00
Hyunchel Kim de34dd1187 Annotate travis webhoook function. 2016-06-05 14:46:26 -07:00
medullaskyline 158914aa98 Annotate zerver.views.webhooks.jira. 2016-06-05 14:36:39 -07:00
Hyunchel Kim bc87685ea6 bitbucket: Correct return type in annotation. 2016-06-05 14:33:31 -07:00
Max 86fb6467e7 Add annotations to avatar.py, db.py, logging_util.py, unminify.py.
Also, fixed a a small type annotation in users.py because email must
be a string because emails don't support UTF-8 at this time (according
a comment in gravatar_hash in avatar.py).
2016-06-05 12:38:20 -07:00
Daw-Ran Liou 90a2dead46 Annotate zerver/views/webhooks/deskdotcom.py. 2016-06-05 11:53:44 -07:00
Deborah Hanus a261a6bbac Annotate zerver/views/__init__.py.
Also fix typing errors in a few related files.

[with tweaks from tabbott]
2016-06-05 11:34:19 -07:00
Daw-Ran Liou c9bb93b0d2 Annotate zerver/views/webhooks/beanstalk.py. 2016-06-05 10:54:23 -07:00
Dalek-Sec 2bcf313a85 Added MyPy types to zerver/views/webhooks/codeship.py 2016-06-04 22:03:41 -07:00
Daw-Ran Liou 0265968ea2 Annotate zerver/views/user_settings. 2016-06-04 17:41:59 -07:00
Reid Barton cf93c8bce0 Annotate zerver/views/webhooks/bitbucket.py. 2016-06-04 17:02:59 -07:00
Daw-Ran Liou 8bbd93011d Annotate zerver/views/users.py. 2016-06-04 17:00:53 -07:00
Tomasz Kolek 8411b2e574 Add Crashlytics integration. 2016-06-04 15:18:42 -07:00
Tomasz Kolek 093e5a96d4 Add Transifex integration.
Fixes: #810.
2016-06-04 14:52:57 -07:00
David Adamec 9e8ea93d3d Add annotations for zerver/lib/validator. 2016-06-03 23:53:49 -07:00
Tim Abbott 03debdf82f Fix malformed error message when creating invalid Realm Emoji.
Thanks to Greg McCoy for his help finding this bug.
2016-06-03 23:12:36 -07:00
Ashish Kumar 9b990e3bd0 Type annotation of zerver/views/alert_words.
[Tweaked by tabbott to annotate the REQ variables the new way]
2016-06-03 08:07:58 -07:00
Oren Leaffer c2ce5119c6 Annotate zerver.views.tutorial. 2016-06-02 18:49:27 -07:00
Pei-Wei Wu 8d2733ae8c Add mypy type annotations to zerver/views/streams.py. 2016-06-02 15:44:43 -07:00
Ashley Dunn 7826aa7e7f Type annotation of zerver/views/realm_emoji. 2016-06-02 14:01:28 -07:00
Umair Khan 08fbd57245 [i18n] Make error messages translatable.
Make all strings passing through `json_error` and `JsonableError`
translatable.

Fixes #727
2016-05-31 07:40:42 -07:00
Tim Abbott 960144a49e Desupport using uninstantiated REQ with has_request_variables.
This makes life difficult for doing static type annotations, and
didn't make the code look that much better anyway.
2016-05-31 07:31:15 -07:00
Tim Abbott baec0f12cf Add a proper annotation for REQ in streams.py. 2016-05-30 11:41:16 -07:00
Eklavya Sharma efab224bd1 zerver/lib/actions.py: Remove unneeded `return {}` statements. 2016-05-29 04:26:17 -07:00
Tomasz Kolek 8c18b8947f Add bot_type field to UserProfile.
This is intended to support creating different types of bots with
potentially limited permissions.
2016-05-19 22:37:37 -07:00
Aristeidis Fkiaras 3ee210d9e8 Add setting to only allow admins create new streams.
Fixes: #691.

Thanks to Preston Hansen for work on this feature!
2016-05-18 18:53:13 -07:00
Tim Abbott e781136132 Fix subscribing to existing streams when can_create_streams=False.
Previously, a user with can_create_streams=False would be incorrectly
unable to subscribe to streams, whether the streams previously existed
or not.
2016-05-18 18:47:24 -07:00
Eklavya Sharma 16067b7013 Make zerver/views/webhooks/jira.py pass mypy check. 2016-05-18 17:10:17 +05:30
Tim Abbott c3985520e5 webhooks: Remove unnecessary get_client imports. 2016-05-13 12:25:12 -07:00
Tomasz Kolek db7ea8b484 Move getting client to api_key_only_webhook_view.
This decreases the amount of convention developers need to understand
in order to write a new webhook integration.
2016-05-13 12:22:38 -07:00
Tomasz Kolek eeeb4d0c92 Add CircleCI integration.
Fixes: #617.
2016-05-11 21:17:37 -07:00
Tim Abbott 92bec8cfea Merge Zulip 1.3.12 security release. 2016-05-10 11:32:26 -07:00
Tim Abbott 620debc5fd Change PrincipalError to return status code 403 by default. 2016-05-10 09:50:57 -07:00
Tim Abbott be216506a9 Improve api_fetch_api_key error messages.
Previously, api_fetch_api_key would not give clear error messages if
password auth was disabled or the user's realm had been deactivated;
additionally, the account disabled error stopped triggering when we
moved the active account check into the auth decorators.
2016-05-10 09:50:57 -07:00
Tim Abbott b28b3cd65c CVE-2016-4427: Fix access by deactivated realms/users.
The security model for deactivated users (and users in deactivated
realms) being unable to access the service is intended to work via two
mechanisms:

* All active user sessions are deleted, and all login code paths
  (where a user could get a new session) check whether the user (or
  realm) is inactive before authorizing the request, preventing the
  user from accessing the website and AJAX endpoints.
* All API code paths (which don't require a session) check whether the
  user (and realm) are active.

However, this security model was not implemented correctly.  In
particular, the check for whether a user has an active account in the
login process was done inside the login form's validators, which meant
that authentication mechanisms that did not use the login form
(e.g. Google and REMOTE_USER auth) could succeed in granting a session
even with an inactive account.  The Zulip homepage would still fail to
load because the code for / includes an API call to Tornado authorized
by the user's token that would fail, but this mechanism could allow an
inactive user to access realm data or users to access data in a
deactivated realm.

This fixes the issue by adding explicit checks for inactive users and
inactive realms in all authentication backends (even those that were
already protected by the login form validator).

Mirror dummy users are already inactive, so we can remove the explicit
code around mirror dummy users.

The following commits add a complete set of tests for Zulip's inactive
user and realm security model.
2016-05-10 09:50:48 -07:00
Tim Abbott 3cde06ea33 Add support for setting HTTP status codes in JsonableError. 2016-05-10 09:50:48 -07:00
Tim Abbott b869be9301 style: Use 'not in' consistently rather than `not foo in`. 2016-05-09 17:00:10 -07:00
Umair Khan 5359e6b0d4 Convert Zulip to use Jinja2 templates.
This results in a substantial performance improvement for all of
Zulip's backend templates.

Changes in templates:
- Change `block.super` to `super()`.
- Remove `load` tag because Jinja2 doesn't support it.
- Use `minified_js()|safe` instead of `{% minified_js %}`.
- Use `compressed_css()|safe` instead of `{% compressed_css %}`.
- `forloop.first` -> `loop.first`.
- Use `{{ csrf_input }}` instead of `{% csrf_token %}`.
- Use `{# ... #}` instead of `{% comment %}`.
- Use `url()` instead of `{% url %}`.
- Use `_()` instead of `{% trans %}` because in Jinja `trans` is a block tag.
- Use `{% trans %}` instead of `{% blocktrans %}`.
- Use `{% raw %}` instead of `{% verbatim %}`.

Changes in tools:
- Check for `trans` block in `check-templates` instead of `blocktrans`

Changes in backend:
- Create custom `render_to_response` function which takes `request` objects
  instead of `RequestContext` object. There are two reasons to do this:
    1. `RequestContext` is not compatible with Jinja2
    2. `RequestContext` in `render_to_response` is deprecated.
- Add Jinja2 related support files in zproject/jinja2 directory. It
  includes a custom backend and a template renderer, compressors for js
  and css and Jinja2 environment handler.
- Enable `slugify` and `pluralize` filters in Jinja2 environment.

Fixes #620.
2016-05-09 09:55:18 -07:00
Preston Hansen 635828069f Add feature to mark all in stream/topic as read with mouse.
Fixes #736.
2016-05-08 09:02:46 -07:00
Tim Abbott 6139e8948a travis: User REQ framework for extracting JSON payload. 2016-05-07 11:54:14 -07:00
Tim Abbott 678adc2048 webhooks: Use REQ more consistently in stream name parsing.
To avoid the potential for introducing regressions here, we carefully
pass a default to REQ or not based on how the existing webhook's
parsing code worked.  In the longer term, we'll want to make the
behavior consistent.
2016-05-07 11:54:14 -07:00
Tomasz Kolek c2de38239e Add payload validation to has_request_variables and REQ tasks.
[with tweaks by tabbott]
2016-05-07 11:54:09 -07:00
Tim Abbott 54022ac204 Fix unnecessary whitespace between , and ). 2016-05-04 14:16:53 -07:00
Ashish Kumar 48be2e33f8 Delete old route for /json/get_public_streams. 2016-04-29 12:57:57 -07:00
Antek Grzanka 646ea3214a Add Taiga integration. 2016-04-28 13:44:53 -07:00
Vladislav Manchev f5e6176aea Add custom realm emoji UI to administration page. 2016-04-26 13:15:54 -07:00
Tomasz Kolek 5fbda3a9c1 Add codeship integration. 2016-04-26 09:54:01 -07:00
David Payne 8c62a27769 Add teamcity webhook integration.
This integration relies on the Teamcity "tcWebHooks" plugin which is
available at
https://netwolfuk.wordpress.com/category/teamcity/tcplugins/tcwebhooks/

It posts build fail and success notifications to a stream specified in
the webhook URL.

It uses the name of the build configuration as the topic.

For personal builds, it tries to map the Teamcity username to a Zulip
username, and sends a private message to that person.
2016-04-26 09:45:26 -07:00
Tomasz Kolek c74483e69e github_webhook: change double quotes to single quotes for consistency. 2016-04-21 17:04:25 -07:00
Tomasz Kolek 09e40b27c2 github_webhook: throw an exception on unhandled events types. 2016-04-21 17:03:58 -07:00
Tomasz Kolek fafc9cb742 github_webhook: remove redundant parenthesis. 2016-04-21 17:02:49 -07:00
Tomasz Kolek 43b0cfaebc github_webhook: Use more one-line pythonic assignments. 2016-04-21 17:00:47 -07:00
Tomasz Kolek decb686255 github_webhook: factor out is_test_repository function. 2016-04-21 16:57:19 -07:00
Tomasz Kolek e1079d8475 github_webhook: extract the constants to the top of the file. 2016-04-21 16:56:44 -07:00
Tim Abbott 8a278cbe3a Switch to using a Zulip version of @login_required.
Currently the code is the unmodified Django upstream implementation;
this commit is preparation for modifying it.
2016-04-21 14:59:39 -07:00
Tim Abbott 49799440a4 Replace use of django-guardian with fields on UserProfile.
As documented in https://github.com/zulip/zulip/issues/441, Guardian
has quite poor performance, and in fact almost 50% of the time spent
running the Zulip backend test suite on my laptop was inside Guardian.

As part of this migration, we also clean up the old API_SUPER_USERS
variable used to mark EMAIL_GATEWAY_BOT as an API super user; now that
permission is managed entirely via the database.

When rebasing past this commit, developers will need to do a
`manage.py migrate` in order to apply the migration changes before the
server will run again.

We can't yet remove Guardian from INSTALLED_APPS, requirements.txt,
etc. in this release, because otherwise the reverse migration won't
work.

Fixes #441.
2016-04-20 21:51:52 -07:00
David Payne ece96ef3fe Jira's "issue created" message should @-notify the assignee. 2016-04-20 10:54:30 -07:00
Ashish 1bf644369f Delete old route for json/update_active_status. 2016-04-11 21:38:23 -07:00
Ashish 78b9f45bf7 Delete old route for json/update_pointer. 2016-04-11 21:38:23 -07:00
Ashish 9429358795 Delete old route for /json/get_profile. 2016-04-11 21:38:23 -07:00
Ashish 42fe918138 Delete old route for json/get_old_messages. 2016-04-11 21:38:23 -07:00
Ashish cfefc94200 Delete old route for json/set_alert_words. 2016-04-11 21:38:23 -07:00
Ashish c0a218edfc Delete old route for /json/update_message_flags. 2016-04-11 21:38:23 -07:00
Ashish dac4e58b91 Changes REST API backend route for /json/change_enter_sends. 2016-04-11 21:11:51 -07:00
Anindya Chakravarti f3d03d89b4 Add integration for Yo App.
[includes some small tweaks by tabbott]
2016-04-08 11:02:10 -07:00
Tomasz Kolek 44ed9da7f0 Add pingdom integration. 2016-04-08 10:36:29 -07:00