Commit Graph

39060 Commits

Author SHA1 Message Date
Aryan Shridhar 4e8067aadc
message_edit: Add hide event for clipboard tooltip after copy.
The clipboard tooltip for the "copy and close" button was incorrectly staying visible after the
copy event.  Fix this by explicitly hiding tooltips in the click handler.

Fixes #16328.
2020-09-12 12:04:24 -07:00
Anders Kaseorg c21818e093 check-openapi: Disallow siblings of $ref.
The specification says “any sibling elements of a $ref are ignored”,
so their presence, although not invalid, indicates a mistake.  yamole
incorrectly merges these siblings into the referenced object, but we
should not rely on this nonstandard behavior.

https://swagger.io/docs/specification/using-ref/#sibling

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-09-12 11:57:13 -07:00
Anders Kaseorg 7c17bdb9c5 openapi: Remove ‘example’ $ref siblings.
$ref siblings are ignored according to the OpenAPI specification, and
the referenced definitions already have examples.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-09-12 11:57:13 -07:00
Anders Kaseorg caa08d76b5 openapi: Inline parameter references to avoid ‘required’ $ref siblings.
$ref siblings are ignored according to the OpenAPI specification.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-09-12 11:57:13 -07:00
Thomas Güttler c567661015
docs: Added PyCharm to the list of editors.
PyCharm is great for writing Python.
2020-09-12 11:42:22 -07:00
Thomas Güttler 740a4a1eff
docs: Spell "front end" as "frontend" consistently.
I think it makes sense avoid diversity here.
2020-09-12 11:41:35 -07:00
Tim Abbott 45cd979d46 tools: Fix webpack wrapper logic for finding config file to watch. 2020-09-12 11:31:44 -07:00
Thomas Güttler c5a7103b4d docs: Use zulip.com rather than zulip.org (which just redirects).
I guess it make sense to use zulip.com in the first place.
2020-09-12 11:22:08 -07:00
Anders Kaseorg b41165fd01 dev_urls: Give the user_avatars URLPattern a name.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-09-12 11:21:40 -07:00
Anders Kaseorg 1c80188648 urls: Elide str converter, which is the default.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-09-12 11:21:40 -07:00
palash 2632317b06 test_message_send: Refactor mock.patch to assertLogs.
Replaced mock.patch with assertLogs for testing log outputs
in file zerver/tests/test_message_send.py
2020-09-12 11:04:51 -07:00
palash f2f8034b76 test_markdown: Refactor mock.patch to assertLogs.
Replaced mock.patch with assertLogs for testing log outputs
in file zerver/tests/test_markdown.py
2020-09-12 11:04:51 -07:00
palash 588fff236d test_service_bot_system: Refactor mock.patch with assertLogs.
Replaced mock.patch with assertLogs for testing log outputs
in file zerver/tests/test_service_bot_system.py
2020-09-12 10:59:36 -07:00
palash 4e2769c31c test_decorators: Refactor mock.patch to assertLogs.
Replaced mock.patch with assertLogs for testing log outputs
in file zerver/tests/test_decorators.py
2020-09-12 10:59:36 -07:00
palash c3fee5059f test_email_mirror: Refactor mock.path to assertLogs.
Replaced mock.patch with assertLogs for testing log outputs
in file zerver/tests/test_email_mirror.py
2020-09-12 10:59:36 -07:00
palash 34003fc7f6 email_mirror: Change root logger to zerver.lib.email_mirror. 2020-09-12 10:53:56 -07:00
palash 60f9f87c5d test_external: Refactor mock.patch to assertLogs.
Replaced mock.patch with assertLogs for testing log outputs
in file zerver/tests/test_external.py
2020-09-12 10:53:56 -07:00
palash 485d740fe8 apple auth: Change logger to zulip.auth.apple from root logger.
Replace default root logger with zulip.auth.apple for apple auth
in file zproject/backends.py and update the test cases
accordingly in file zerver/tests/test_auth_backends.py
2020-09-12 10:53:56 -07:00
palash 04f08f45e7 test_auth_backends: Refactor mock.patch to assertLogs.
Replaced mock.patch with assertLogs for testing log outputs
in file test_auth_backends.py.

This change requires adjusting
test_log_into_subdomain_when_email_is_none to use an explicit token
since that appears in the log output.
2020-09-12 10:53:37 -07:00
Alex Vandiver 1c17583ad5 puppet: Restrict postfix incoming addresses to postmaster and zulip.
This removes the possibility of local user enumeration via RCPT TO.
2020-09-11 18:49:22 -07:00
Aman Agrawal ed8796f23f report: Allow anonymous queries to report (un)narrow times. 2020-09-11 16:57:27 -07:00
Alex Vandiver 3f6e4ff303 webhooks: Move the extra logging information into a formatter.
This clears it out of the data sent to Sentry, where it is duplicative
with the indexed metadata -- and potentially exposes PHI if Sentry's
"make this issue public" feature is used.
2020-09-11 16:43:29 -07:00
Alex Vandiver b8a2e6b5f8 webhooks: Configure webhook loggers in zproject/computed_settings.py.
This limits the webhook errors to only go to their respective log
files, and not to the general server logs.
2020-09-11 16:43:29 -07:00
Alex Vandiver 006875e7d0 sentry: Add additional context (client, fallback realm) to Sentry tags. 2020-09-11 16:43:29 -07:00
Alex Vandiver 6323218a0e request: Maintain a thread-local of the current request.
This allows logging (to Sentry, or disk) to be annotated with richer
data about the request.
2020-09-11 16:43:29 -07:00
Mateusz Mandera bb4567f57e queue: Extract get_remaining_queue_size method. 2020-09-11 15:51:07 -07:00
Mateusz Mandera aae84197e8 check-rabbitmq-queue: Use list_queues output for current backlog size.
The value in the stats file can get outdated if the queue hasn't done
enough iterations to update the stats file for a while. The queue size
output by rabbitmqctl list_queues is more up to date, and empirically
tends to agree with the value in the stats file (when the stats file is
fresh).
2020-09-11 15:51:07 -07:00
Mateusz Mandera 1d466a4fc5 queue: Make embed_link updates stats on every iteration. 2020-09-11 15:51:07 -07:00
Tim Abbott f0c2c640b6 api docs: Add changes for community_topic_editing_limit_seconds.
The previous commit fixed this in the changelog, but it should have
also been documented directly as well.
2020-09-11 15:50:06 -07:00
Kaustubh Nair acf31f8934 docs: Add community_topic_editing_limit_seconds value to docs.
This was added to the response in e242ddc. Specifying the value
makes sure that the user does not have to dig in the commit history.
2020-09-11 15:48:08 -07:00
Thomas Güttler 57ad171112
docs: Remove typo (two periods at end of sentence). 2020-09-11 15:47:09 -07:00
Alex Vandiver 4917391133 webhooks: Derive payload from request itself. 2020-09-10 17:47:22 -07:00
Alex Vandiver a1f5f6502c webhooks: In logger, pull user from request, rather than parameter.
request.user is set by validate_api_key, which is called by
webhook_view and authenticated_rest_api_view.
2020-09-10 17:47:22 -07:00
Alex Vandiver d04db7c5fe webhooks: Remove repetitive argument to UnsupportedWebhookEventType.
The name of the webhook can be added by the webhook decorator.
2020-09-10 17:47:21 -07:00
Alex Vandiver e2ab7b9e17 webhooks: Update API_KEY_ONLY_WEBHOOK_LOG_PATH to WEBHOOK_LOG_PATH.
The existence of "API_KEY" in this configuration variable is
confusing.  It is fundamentally about webhooks.
2020-09-10 17:47:21 -07:00
Alex Vandiver cf6ebb9c8d webhooks: Rename api_key_only_webhook_view to webhook_view.
There are no other types of webhook views; this is more concise.
2020-09-10 17:47:21 -07:00
Alex Vandiver 8cfacbf8aa webhooks: Update comment about typing the webhook decorator.
The previous link was to "extended callable" types, which are
deprecated in favor of callback protocols.  Unfortunately, defining a
protocol class can't express the typing -- we need some sort of
variadic generics[1].  Specifically, we wish to support hitting the
endpoint with additional parameters; thus, this protocol is
insufficient:

```
class WebhookHandler(Protocol):
    def __call__(request: HttpRequest, api_key: str) -> HttpResponse: ...
```
...since it prohibits additional parameters.  And allowing extra
arguments:
```
class WebhookHandler(Protocol):
    def __call__(request: HttpRequest, api_key: str,
                 *args: object, **kwargs: object) -> HttpResponse: ...
```
...is similarly problematic, since the view handlers do not support
_arbitrary_ keyword arguments.

[1] https://github.com/python/typing/issues/193
2020-09-10 17:47:21 -07:00
Alex Vandiver ea8823742b webhooks: Adjust the name of the unsupported logger.
`zulip.zerver.lib.webhooks.common` was very opaque previously,
especially since none of the logging was actually done from that
module.

Adjust to a more explicit logger name.
2020-09-10 17:47:21 -07:00
Alex Vandiver 482c964dd3 puppet: Logrotate for webhook exceptions. 2020-09-10 17:47:21 -07:00
Alex Vandiver e38051736d puppet: Wrap and sort logrotate config. 2020-09-10 17:47:21 -07:00
Alex Vandiver 9ea9752e0e webhooks: Rename UnexpectedWebhookEventType to UnsupportedWebhookEventType.
Any exception is an "unexpected event", which means talking about
having an "unexpected event logger" or "unexpected event exception" is
confusing.  As the error message in `exceptions.py` already explains,
this is about an _unsupported_ event type.

This also switches the path that these exceptions are written to,
accordingly.
2020-09-10 17:47:21 -07:00
Alex Vandiver 8016769613 webhooks: Move UnexpectedWebhookEventType into zerver.lib.exceptions.
8e10ab282a moved UnexpectedWebhookEventType into
`zerver.lib.exceptions`, but left the import into
`zserver.lib.webhooks.common` so that webhooks could continue to
import the exception from there.

This clutters things and adds complexity; there is no compelling
reason that the exception's source of truth should not move alongside
all other exceptions.
2020-09-10 17:47:21 -07:00
Mateusz Mandera f95dd628bd email: Fix race conditions with concurrent ScheduledEmail handling.
The main race conditions, which actually happened in production was with
concurrent execution of deliver_email and clear_scheduled_emails.
clear_scheduled_emails could delete all email.users in the middle of
deliver_email execution, causing it to pass empty to_user_ids list to
send_email. We mitigate this by getting the list of user ids in a single
query and moving forward with that snapshot, not having to worry about
database data being mutated anymore.

clear_scheduled_emails had potential race conditions with concurrent
execution of itself due to not locking the appropriate rows upon
selecting them for the purpose of potentially deleting them. FOR UPDATE
locks need to be acquired to prevent simultaneous mutation.

Tested manually with some print+sleep debugging to make some races
happen.

fixes #zulip-2k (sentry)
2020-09-09 15:59:01 -07:00
Anders Kaseorg b7b7475672 python: Use standard secrets module to generate random tokens.
There are three functional side effects:

• Correct an insignificant but mathematically offensive bias toward
repeated characters in generate_api_key introduced in commit
47b4283c4b4c70ecde4d3c8de871c90ee2506d87; its entropy is increased
from 190.52864 bits to 190.53428 bits.

• Use the base32 alphabet in confirmation.models.generate_key; its
entropy is reduced from 124.07820 bits to the documented 120 bits, but
now it uses 1 syscall instead of 24.

• Use the base32 alphabet in get_bigbluebutton_url; its entropy is
reduced from 51.69925 bits to 50 bits, but now it uses 1 syscall
instead of 10.

(The base32 alphabet is A-Z 2-7.  We could probably replace all of
these with plain secrets.token_urlsafe, since I expect most callers
can handle the full urlsafe_b64 alphabet A-Z a-z 0-9 - _ without
problems.)

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-09-09 15:52:57 -07:00
Dinesh 56546170cf puppeteer: Save pid of `run-dev.py --test` in var/puppeteer.
Also replaces a reference to casper in a comment related to --test.
2020-09-09 13:38:39 -04:00
Dinesh ad0f0564b1 puppeteer: Rename build_for_prod_or_casper to build_for_prod_or_puppeteer. 2020-09-09 13:38:39 -04:00
Dinesh c64888048f puppeteer: Rename CASPER_TESTS env variable to PUPPETEER_TESTS.
Also modified few comments to match with the changes.
2020-09-09 13:38:39 -04:00
Dinesh f2b3afcd56 puppeteer: Mention about docs and screeshots on failure. 2020-09-09 13:38:39 -04:00
aryanshridhar 42b1ed23a9 reactions_tooltip : Improved responsiveness of tooltip for reactions.
Improved responsiveness of message reactions tooltip .
Added css property for the reaction tooltip in ./static/js/click_handlers.js so that the tooltip doesn't exceed the sidebar .

Adressed a comment in #15364 .
2020-09-09 13:24:04 -04:00
Dinesh cc4f35bfa8 puppeteer: Wait for save button before checking the text.
Found a flake that this caused with runs for the previous fix.
The waitForSelector was in a wrong order.
2020-09-09 13:14:16 -04:00