Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
15,013 Commits 28 Branches 143 Tags 605 MiB
Commit Graph

3714 Commits

Author SHA1 Message Date
Tomasz Kolek 3f1b21fe61 Add ping event handling to github webhook integration. 2017-02-01 00:38:16 +01:00
Tomasz Kolek 39bd685dd5 Update How to create jira webhook url in Jira doc. 2017-01-31 15:17:12 -08:00
Tomasz Kolek 11a1f1d72b Add support for old Jira API's version to Jira integration. 2017-01-31 15:17:12 -08:00
Harshit Bansal 59d22e7cb8 realm_emoji: Cleanup an unreachable try/except block. 
Fixes: #3515.
 2017-01-30 16:43:02 -08:00
Tomasz Kolek d598fae52e docs: Add missing configuration step to github webhook doc. 2017-01-30 13:02:48 -08:00
Tim Abbott d7dd158197 test_signup: Fix test failures due to emacs backup files. 2017-01-30 11:55:50 -08:00
Tim Abbott 87337e0d1f test_realm_aliases: Edit new realm alias test for subdomains. 2017-01-30 11:55:50 -08:00
Harshit Bansal 9bbe0efd77 realm_aliases: Add a test for adding an alias which is already claimed. 
Fixes: #3514.
 2017-01-30 11:55:50 -08:00
Tim Abbott 1bbf0f9a98 streams: Consider stream name validation logic. 2017-01-29 22:07:14 -08:00
Tim Abbott d14037c82e streams: Fix misplaced import. 2017-01-29 22:07:14 -08:00
Tim Abbott 884aa2b184 streams: Eliminate last use of get_stream in views. 2017-01-29 22:07:14 -08:00
Tim Abbott 4d3e97f304 actions: Remove unnecessary do_create_stream function. 2017-01-29 22:07:14 -08:00
Tim Abbott 700089f386 bugdown: Fix need for Internet in test_inline_dropbox_bad. 2017-01-29 22:07:14 -08:00
Tim Abbott 32f778636b streams: Add tests for do_rename_stream error paths. 2017-01-29 20:27:00 -08:00
Tim Abbott 01daa3e91a test_helpers: Move get_subscription out of actions.py. 
It's no longer used by anything other than test code.
 2017-01-29 20:27:00 -08:00
Tim Abbott 035e442b63 actions: Remove unused set_stream_color method. 2017-01-29 20:27:00 -08:00
Tim Abbott a3f3f5b7bc remove_default_stream: use access_stream_by_name. 2017-01-29 20:27:00 -08:00
Tim Abbott 19eaa92059 add_default_stream: use access_stream_by_name. 2017-01-29 20:27:00 -08:00
Tim Abbott de3f539f58 do_change_stream_description: Accept a stream as argument. 2017-01-29 20:27:00 -08:00
Tim Abbott 2dc90e8ebd rename_stream: Pass a stream object to do_rename_stream. 2017-01-29 20:27:00 -08:00
Tim Abbott 7be34357b2 rename_stream: Move stream name taken check to view. 2017-01-29 20:27:00 -08:00
Tim Abbott ccdf17f47e rename_stream: Move stream already has name check to view. 2017-01-29 20:27:00 -08:00
Tim Abbott d059a0a90a rename_stream: Move check_stream_name into view. 2017-01-29 20:26:59 -08:00
Tim Abbott ab1e9f2b97 rename_stream: Move stripping of whitespace to view. 2017-01-29 20:26:59 -08:00
Tim Abbott 4ad1fadab0 streams: Create and use do_change_stream_invite_only. 2017-01-29 20:26:59 -08:00
Tim Abbott c74ddb74e9 do_make_stream_private: Accept a stream object, not a name. 2017-01-29 20:26:59 -08:00
Tim Abbott 0a75480444 do_make_stream_public: Accept a stream object, not a name. 2017-01-29 20:26:59 -08:00
Tim Abbott 54bcc675f7 subscribe_to_stream: Return the stream object. 
This simplifies some code paths a bit.
 2017-01-29 20:26:59 -08:00
Tim Abbott e137787d1a users: Use access_stream_by_name to access streams. 
This simplifies the code somewhat and adds greater consistency of
error messages.
 2017-01-29 20:26:59 -08:00
Tim Abbott ea72b97cd9 home: Cleanup narrow_topic logic. 2017-01-29 20:26:59 -08:00
Tim Abbott a7cb7dd695 home: Use access_stream_by_name to access streams. 2017-01-29 20:26:59 -08:00
Tim Abbott 6c512bdfd3 json_invite_users: Use access_stream_by_name. 2017-01-29 20:26:59 -08:00
Tim Abbott bc2f23383e streams: Move list_to_streams to lib. 2017-01-29 20:26:59 -08:00
Tim Abbott 02f5ef1d23 streams: Move filter_stream_authorization to lib. 2017-01-29 20:26:59 -08:00
Tim Abbott bb86bba20d stream_exists_backend: Use access_stream_by_name. 2017-01-29 20:26:59 -08:00
Tim Abbott 46e5b8a9cc streams: Remove unused json_remove_subscriptions. 2017-01-29 20:26:59 -08:00
Tim Abbott e57e2ee9f1 get_subscribers_backend: Use access_stream_by_id. 2017-01-29 20:26:59 -08:00
Tim Abbott 0d980b7cef json_get_stream_id: Use access_stream_by_name. 2017-01-29 20:26:59 -08:00
Tim Abbott 1ced8d3eb6 get_topics_backend: Use access_stream_by_id. 2017-01-29 20:26:58 -08:00
Tim Abbott 6685885741 deactivate_stream_backend: Use access_stream_by_id. 2017-01-29 20:26:58 -08:00
Tim Abbott 826cc80c9e update_stream_backend: Use access_stream_by_id. 2017-01-29 20:26:58 -08:00
Tim Abbott de38f3eb94 update_stream_backend: Clean up unnecessary stream_name variable. 2017-01-29 20:26:58 -08:00
Tim Abbott 2cf223470d streams: Eliminate get_subscription_or_die helper function. 2017-01-29 20:26:58 -08:00
Tim Abbott 0af34ee710 streams: Add zerver/lib/streams.py library for security checks. 
The goal of this library is to make it a lot easier to prevent bugs
like CVE-2017-0881 by having all of our views logic for fetching a
stream go through a couple carefully tested code paths.
 2017-01-29 20:26:58 -08:00
Tim Abbott de3e96162e middleware: Fix recursive DisallowedHost exceptions. 2017-01-29 20:26:58 -08:00
Tim Abbott 20f3705c00 logging_handlers: Add error handling for invalid hosts. 2017-01-29 19:57:09 -08:00
Tim Abbott 7ecda1ac8e streams: Fix autosubscribe security bug (CVE-2017-0881). 
A bug in Zulip's implementation of the "stream exists" endpoint meant
that any user of a Zulip server could subscribe to an invite-only
stream without needing to be invited by using the "autosubscribe"
argument.

Thanks to Rafid Aslam for discovering this issue.
 2017-01-29 15:30:59 -08:00
Tim Abbott 7e0ce22808 errors: Remove build_request_repr logic. 
This interface is no longer supported in Django 1.10.
 2017-01-29 14:18:22 -08:00
Tim Abbott dea281557d events: Handle reactions events in apply_events. 
Previously, this race condition just threw an exception.
 2017-01-29 14:18:16 -08:00
Tim Abbott 70af09539f Fix unnecessary traceback in authenticated_rest_api_view. 
Apparently, we weren't returning the `json_error`, resulting in users
encountering this condition receiving a 500, rather than the proper
40x error.

This fixes a regresion introduced in 9ae68ade8b.
 2017-01-29 12:48:10 -08:00