Commit Graph

50162 Commits

Author SHA1 Message Date
Alex Vandiver 36e97f8121 CVE-2023-22735: Set a Content-Security-Policy header on proxied S3 data.
This was missed in 04cf68b45ebb5c03247a0d6453e35ffc175d55da; as this
content is fundamentally untrusted, it must be served with
`Content-Security-Policy` headers in order to be safe.  These headers
were not provided previously for S3 content because it was served from
the S3 domain.

This mitigates content served from Zulip which could be a stored XSS,
but only in browsers which support Content-Security-Policy headers;
see subsequent commit for the complete solution.
2023-02-07 17:09:52 +00:00
Alex Vandiver d41a00b83b uploads: Extra-escape internal S3 paths.
In nginx, `location` blocks operate on the _decoded_ URI[^1]:

> The matching is performed against a normalized URI, after decoding
> the text encoded in the “%XX” form

This means that if a user-uploaded file contains characters that are
not URI-safe, the browser encodes them in UTF-8 and then URI-encodes
them -- and nginx decodes them and reassembles the original character
before running the `location ~ ^/...` match.  This means that the `$2`
_is not URI-encoded_ and _may contain non-ASCII characters.

When `proxy_pass` is passed a value containing one or more variables,
it does no encoding on that expanded value, assuming that the bytes
are exactly as they should be passed to the upstream.  This means that
directly calling `proxy_pass https://$1/$2` would result in sending
high-bit characters to the S3 upstream, which would rightly balk.

However, a longstanding bug in nginx's `set` directive[^2] means that
the following line:

```nginx
set $download_url https://$1/$2;
```

...results in nginx accidentally URI-encoding $1 and $2 when they are
inserted, resulting in a `$download_url` which is suitable to pass to
`proxy_pass`.  This bug is only present with numeric capture
variables, not named captures; this is particularly relevant because
numeric captures are easily overridden by additional regexes
elsewhere, as subsequent commits will add.

Fixing this is complicated; nginx does not supply any way to escape
values[^3], besides a third-party module[^4] which is an undue
complication to begin using.  The only variable which nginx exposes
which is _not_ un-escaped already is `$request_uri`, which contains
the very original URL sent by the browser -- and thus can't respect
any work done in Django to generate the `X-Accel-Redirect` (e.g., for
`/user_uploads/temporary/` URLs).  We also cannot pass these URLs to
nginx via query-parameters, since `$arg_foo` values are not
URI-decoded by nginx, there is no function to do so[^3], and the
values must be URI-encoded because they themselves are URLs with query
parameters.

Extra-URI-encode the path that we pass to the `X-Accel-Redirect`
location, for S3 redirects.  We rely on the `location` block
un-escaping that layer, leaving `$s3_hostname` and `$s3_path` as they
were intended in Django.

This works around the nginx bug, with no behaviour change.

[^1]: http://nginx.org/en/docs/http/ngx_http_core_module.html#location
[^2]: https://trac.nginx.org/nginx/ticket/348
[^3]: https://trac.nginx.org/nginx/ticket/52
[^4]: https://github.com/openresty/set-misc-nginx-module#set_escape_uri
2023-02-07 17:09:52 +00:00
Alex Vandiver a955f52904 uploads: Stop putting API headers on local-file upload responses.
These only need the usual response headers, not the
Access-Control-Origin headers that API endpoints need.
2023-02-07 17:09:52 +00:00
sayamsamal 059f64dcd9 tooltips: Fix tooltip content alignment for message inline images.
This commit fixes the issue where the "Click to view or download" comes
to the right of the image title. We add a parent division in this commit
that leads to the break tag being applied successfully, shifting the
secondary tooltip content ("Click to view or download") to next line.
2023-02-06 18:41:31 -08:00
sayamsamal e9d53b6bb4 tooltips: Fix line height for non-English characters.
Some non-English characters overflow when the line height is reduced
for the tooltip text. This commit increases the line height of the
tooltips to accommodate these non-English characters and fixes the
hotkey hint margins for the same.
2023-02-06 18:41:31 -08:00
sayamsamal c15c2157f7 tooltips: Set font-feature-settings to "ss01" for stylistic variant of "I".
This commit enables the stylistic set "ss01" in Source Sans 3
font family which contains stylistic variant of the upper-case
character "I", which contains two bars, one each on the top and
bottom of the letter. This provides a uniform look across all
the characters when used in the hotkey hints of the tooltips.
2023-02-06 18:41:31 -08:00
sayamsamal 9b1d4ca81e tooltips: Add italics styling to description of multi-line tooltips.
The second line of a multi-line tooltip generally desctribes the
additional information which helps the major text, i.e. the first
line of the multi-line tooltip, hence it would be a good idea to
add italics styling, to differentiate it from the main title. We
describe a simple ".italic" class for the same.

We also add a shorter line height to this description using the
".tooltip-inner-content" class.
2023-02-06 18:41:31 -08:00
sayamsamal 0f213f13ff tooltips: Add support for modifier key conversion for mac-syle keyboards.
We scan a tooltip for any required windows-to-mac hotkey conversions
from the list of attributes supplied to the hotkey_hints helper.

If we find any, we add/modify the hotkyes in the hotkey hints list to
match the mac-style key combinations and then return back the modified
list of hotkey hints to be displayed in the tooltip.

We also rename the "adjust_mac_shortcuts" function, used for the
keyboard shortcuts menu and help center documnets, to
"adjust_mac_kbd_tags" to avoid any ambiguity with the
adjust_mac_tooltip_keys funtion which is used for tooltip hotkeys.
2023-02-06 18:41:31 -08:00
sayamsamal df04063bf4 tooltips: Add hotkey hints support to filter streams in sidebar. 2023-02-06 18:41:31 -08:00
sayamsamal 78ae5e9526 tooltips: Add hotkey hints support to search people filter in sidebar. 2023-02-06 18:41:31 -08:00
sayamsamal 59bc9715e3 tooltips: Add hotkey hints support to keyboard shortcuts button.
This commits adds hotkey hints to the keyboard shortcuts button
located in the right sidebar, bellow the user list view.
2023-02-06 18:41:31 -08:00
sayamsamal 26fc108e16 tooltips: Add hotkey hints support to compose related buttons.
This commit adds the hotkey hints support to "Cancel compose",
"Cancel compose and save draft", "Scroll to bottom" and "Drafts"
button.
2023-02-06 18:41:31 -08:00
sayamsamal 4a7ad5325a tooltips: Add hotkey hints support to narrow to compose option. 2023-02-06 18:41:31 -08:00
sayamsamal fc6b4775be tooltips: Add hotkey hints support to recipient row. 2023-02-06 18:41:31 -08:00
sayamsamal 4bf16ca9cc tooltips: Add hotkey hints support to message controls. 2023-02-06 18:41:31 -08:00
sayamsamal d66f2d900f tooltips: Add hotkey hints support for tooltips.
We add the support for hotkey hints for the tippyjs tooltips through
the hotkey_hints handlebar helper.

The hotkey_hints helper takes space seperated string arguments and
returns a span containing all the hotkeys with the required classes
for styling.

We also add a simple node test for the hotkey_hints handlebar helper.

Part of #21753
2023-02-06 18:41:31 -08:00
sayamsamal 8e1d537430 tooltips: Change tooltips arrow size to small.
We scale the tippy arrows to the same size as used by the tippyjs
documentation for the small arrow size example.

Part of #21753
2023-02-06 18:41:31 -08:00
sayamsamal 7d5d151b99 tooltips: Change tooltips styling to incorporate the redesign.
We use hsla(0, 0%, 20%, 1) for the light theme background color and
hsla(0, 0%, 0%, 1) for the dark theme. The text inside the tooltips
should be white in color, 14px in size and have a line height of 15px.

With one line of text, we want the height of the tooltips to be 25px,
i.e, line height (15px) + padding (5px + 5px = 10px).

Part of #21753
2023-02-06 18:41:31 -08:00
sayamsamal a93b95f158 tooltips: Move tooltips styling to a dedicated .css file.
We want to seperate the tooltips styling into a dedicated .css file for
general readability and decluttering of the zulip.css file.
2023-02-06 18:41:31 -08:00
evykassirer 0d373e574b compose: Remove remaining instances of compose-send-status.
All banners that used to be rendered here are now in #compose_banners.
2023-02-06 16:01:51 -08:00
Mateusz Mandera d23b0a1f08 docs: Document how LDAP email address changes work (manually).
We will hopefully be able to just this in #16208 to document what
users need to configure in order to do this manually, but the content
here will be useful for anyone who hasn't set that up regardless.
2023-02-06 15:57:44 -08:00
Alya Abbott c78218d88b docs: Update project ideas list for GSoC 2023.
Co-authored-by: Tim Abbott <tabbott@zulip.com>
2023-02-06 15:12:14 -08:00
David Rosa 2b8dfbfe1f help: Improve relative settings links for documentation on bots.
Fixes the documentation generated from the Markdown macros
{settings_tab|your-bots} and {settings_tab|bot-list-admin} to
match the text labels in the Zulip UI and improves the text of
relative links to explicitly say if we are referring to the Bots
tab of the Personal or Organization settings menu.

Follow-up to #23256.
2023-02-06 15:06:15 -08:00
David Rosa df7e409cd9 help_settings_links: Refactor handleMatch function.
This code needs to be more flexible to improve the documentation
of items in the Personal and Organization settings menu when
using the `{settings_tab|[setting-name]}` Markdownm macro that
provides relative links or step-by-step instructions.

This commit moves the Markdown formatting code to a new function that
receives tuples from `link_mapping` as input. This is a preliminary
step to offer more flexibility than the current approach.
2023-02-06 15:06:15 -08:00
Ujjawal Modi 836b9e483e settings: Improve permissions banners on Invitations panel.
Fixes #24158
2023-02-06 15:04:56 -08:00
Aman Agrawal e0f9332280 recent_topics_ui: Adjust filter classes once they are displayed.
Updating filters before rendering recent conversations leads to
bugs if the filters changed or recent topics was not the first
view that was loaded.
2023-02-06 14:57:18 -08:00
Aman Agrawal a9befc207b recent_conversations: Only load filters during page load.
Instead of using localstorage to set the filters every time we
render recent topics, we only do it during initial page load and
then use the locally present `filters` variable to set the
filters.

This avoids multiple Zulip tabs of having a live impact on the
filters used in recent conversations.
2023-02-06 14:50:16 -08:00
Prakhar Pratyush 906ff9243a user_mutes: Rename 'muting.py' to 'user_mutes.py'.
Rename 'muting.py' to 'user_mutes.py' because it, now
, contains only user-mute related functions.

Includes minor refactoring needed after renaming the file.
2023-02-07 00:23:47 +05:30
Prakhar Pratyush 49577bbdcd user_topics: Move topic muting functions to user_topics.py.
This commit moves topic related stuff i.e. topic muting functions
to a separate file 'views/user_topics.py'.

'views/muting.py' contains functions related to user-mutes only.
2023-02-07 00:23:47 +05:30
Kartik Srivastava 48883f1580 tests: Rename test_muting_topics to test_topic_visibility_policies.
As we'll be adding support for more visibility policies for topics,
this renamed file will contain the necessary tests.
2023-02-07 00:23:47 +05:30
Tim Abbott b36b04e385 user profile: Use stream_data.can_unsubscribe_others.
This is necessary to offer the "Unsubscribe" button in full user
profiles when the current user has the necessary permissions for a
given stream.

We remove settings_data.user_can_unsubscribe_other_users, since we've
changed its only caller and it is no longer a useful abstraction.
2023-02-05 14:46:36 -08:00
Sahil Batra 89f39a8aed stream: Add UI to set can_remove_subscribers_group when creating stream.
This commit adds dropdown-list-widget element in create stream UI
to set can_remove_subscribers_group setting when creating stream.
For now only role-based system groups are shown as options.
2023-02-05 14:46:36 -08:00
Sahil Batra 255dc759b1 stream_settings: Add live update code for can-remove-subscribers-group.
This commit adds code to live update the UI element for
can_remove_subscribers_group setting.
2023-02-05 14:46:36 -08:00
Sahil Batra b9801073bd stream_settings: Add UI element for can-remove-subscribers-group setting.
This commit adds dropdown-list-widget element in "General" section of
stream settings for can-remove-subscribers-group setting. For now we
only show role-based system groups as the options.
2023-02-05 14:46:36 -08:00
Sahil Batra 37964b1ccc user_groups: Add helper functions to get options for group-based setting.
This commit adds get_realm_user_groups_for_dropdown_list_widget function
which returns the list of objects containing the display name and id
of system user groups and adds tests for this function.
2023-02-05 14:46:36 -08:00
Sahil Batra 73a378d23f stream_settings: Use can_remove_subscribers_group setting in webapp.
This commit updates the frontend to show or hide the "Unsubscribe"
button in subscribers list in stream settings as per the
can_remove_subscribers_group setting for the stream.
2023-02-05 14:46:36 -08:00
Sahil Batra 73f11853ec streams: Allow setting can_remove_subscribers_group_id while creating streams.
This commit adds API support to set can_remove_subscribers_group setting
when creating streams.
2023-02-05 14:46:36 -08:00
Sahil Batra c3759814be streams: Allow changing can_remove_subscribers_group through API.
This commit adds API support to change can_remove_subscribers_group
setting for a stream.
2023-02-05 14:46:36 -08:00
Tim Abbott 6fa0a83d6b user profile: Fix height issues with remove-subscription-button.
Previously, subscription rows with a remove-subscription-button were
much taller than those without. This will be problematic when the new
permissions setting makes it possible for the current user to have
permission to unsubscribe the target user from some streams but not
others.

Fix this by both making the button a bit less tall and setting a
minimum height for the rows. Probably a nicer CSS solution is
possible, but this is enough to unblock merging a much larger project.
2023-02-05 14:46:36 -08:00
Tim Abbott 8bd881c83f message_list: Reorder and document properties of key classes.
This should help considerably in the readability of this part of the
codebase; meanwhile, I also took the opportunity to note various TODOs
where we might have something simple we can do to simplify these data
structures or improve their interfaces.
2023-02-05 10:58:07 -08:00
Aman Agrawal 9965ad2ea3 registration: Track create organization page in GA.
This will help us track if users actually clicked on the
email confirmation link while creating a new organization.

Replaced all the `reder` calls in `accounts_register` with
`TemplateResponse` to comply with `add_google_analytics`
decorator.
2023-02-05 10:24:32 -08:00
Tim Abbott 0f155b597f Revert "click_handlers: Don't treat dropdown menuitem clicks the same as links."
This reverts commit 202c04988f.

See https://github.com/zulip/zulip/pull/24133#issuecomment-1416921919.
2023-02-05 10:03:38 -08:00
evykassirer 9881760796 upload: Rename upload.js get_item keys to reflect upload banner.
Previously the banner was displayed through send_status, but
that is no longer an accurate name for identifying parts of
the upload HTML.
2023-02-04 19:50:52 -08:00
evykassirer 97d355fa72 compose: Migrate upload banner to new banner styling.
Fixes #22524.

This affects both the banner in the main compose box and the banner
in the message edit compose box. The use of ProgressBar has been
replaced with a more simple CSS (with light Javascript) solution.

The classnames are changing because the upload banner is now a
template rendered and remove()-ed from a banner container
(#compose_banners in the composebox, and a new div for banners in the
message edit view). It used to be in the send_status container so
there are a lot of class renames across the codebase.
2023-02-04 19:50:52 -08:00
evykassirer b01ac3623f upload: Remove and reduce timeouts for closing upload bar.
This timeout was introduced in this commit: 02c3223985

The UI should close immediately when the user clicks cancel,
and the rest of the canceling code can run behind the scenes.

We want to keep a short timeout for upload completion
so that the user sees the 100% complete upload bar.
2023-02-04 19:50:52 -08:00
evykassirer beef7611da upload tests: Move compose_ui out of mock_esm. 2023-02-04 19:50:52 -08:00
evykassirer d54618fb4b node tests: Exclude zjquery_element.js and upload.js.
CZO discussion
[here](https://chat.zulip.org/#narrow/stream/6-frontend/topic/code.20coverage/near/1487773).

This allows `zjquery_element.js` to have test utils that aren't always being used.
`upload.js` is mostly UI focused and has upcoming commits that are hard
to write unit tests for (and for which unit tests wouldn't make much sense).
2023-02-04 19:50:52 -08:00
evykassirer 202c04988f click_handlers: Don't treat dropdown menuitem clicks the same as links.
This is a prep commit for adding a new dropdown for stream selection.
2023-02-04 19:08:13 -08:00
evykassirer 5f59ea0036 compose banner: Consolidate two functions that clear success banners.
Previously notifications.clear_compose_notifications was used accross
the codebase. Since introducing the new
compose_banner.clear_message_sent_banners function, the two functions
are similar enough that we can just use clear_message_sent_banners
everywhere. This commit also moves scroll_to_message_banner_message_id
to compose_banner.
2023-02-04 18:53:35 -08:00
evykassirer ea9c4682a8 compose: Migrate out-of-view-notification to new banner style. 2023-02-04 18:53:35 -08:00