Commit Graph

1933 Commits

Author SHA1 Message Date
Steve Howell 89f9017686 Create new endpoints for marking streams/topics as read.
The new endpoints are:
    /json/mark_stream_as_read: takes stream name
    /json/mark_topic_as_read: takes stream name, topic name

The /json/flags endpoint no longer allows streams or topics
to be passed in as parameters.
2017-08-15 10:17:29 -07:00
Steve Howell 60cc8fd58a Extract do_mark_stream_messages_as_read.
This function optimizes marking streams and topics as read,
by using UserMessage.where_unread(), which uses a partial
index on the "read" flag.

This also simplifies the code path for ordinary message
flag updates.

In order to keep 100% line coverage, I simplified the
logging in update_message_flags, so now all requests
will show the "actually" format.

This is an interim step toward creating dedicated endpoints
for marking streams/topics as reads, so we do error checking
with asserts for flag/operation, so we don't introduce a
temporary translation string.
2017-08-15 10:09:10 -07:00
Steve Howell ffe4f09c88 Extract update_stream_topic_message_flags.
This is mostly a pure code extraction, except that we now
disregard the `messages` option for stream/topic updates,
since the web app always passes in an empty list (and this
commit is really just an incremental step toward creating
new endpoints.)
2017-08-15 10:09:10 -07:00
Tim Abbott a6a3915dd7 messages: Move is_public_stream out of views code.
The main purpose of this change is to minimize access to get_stream in
views code.
2017-08-15 10:06:26 -07:00
Steve Howell 274938bf5f Eliminate approximate_unread_count().
We use page_params.unread_msgs.count in the web
app instead.

Fixes #1300.
2017-08-14 12:39:00 -07:00
Jack Zhang fc6c2b321b portico: Reimplement /apps routes using pushState. 2017-08-10 10:21:53 -07:00
Jack Zhang 1e6570fa5d Update integrations doc context relative urls. 2017-08-10 10:21:53 -07:00
Tim Abbott 1d10941712 register: Don't display field to enter password unless needed.
This should significantly improve the user experience for new users
signing up with GitHub/Google auth.  It comes complete with tests for
the various cases.  Further work may be needed for LDAP to not prompt
for a password, however.

Fixes #886.
2017-08-09 13:44:57 -07:00
Umair Khan 4a3fde023f google: Respect is_signup argument.
This allows us to go to Registration form directly. This behaviour is
similar to what we follow in GitHub oAuth. Before this, in registration
flow if an account was not found, user was asked if they wanted to go to
registration flow. This confirmation behavior is followed for login
oauth path.
2017-08-09 13:44:57 -07:00
Umair Khan bb0eb76bf3 github: Don't ask for password in registration. 2017-08-09 13:44:57 -07:00
neiljp (Neil Pilgrim) 24cc14c10d mypy: Refer to default_stream in if statement, allowing type inference. 2017-08-07 21:27:50 -07:00
Rishi Gupta 251bd3e577 registration.py: Remove first_in_realm from accounts_register.
The parent commit implies first_in_realm == realm_creation.
2017-08-05 10:17:14 -07:00
Steve Howell 63f7b9a579 Remove "all" option for flag-updating endpoint.
The "all" option for 'message/flags' was dangerous, as it could
apply to any of our flags.  The only flag it made sense for, the
"read" flag, now has a dedicated endpoint.
2017-08-04 14:10:46 -07:00
Steve Howell 541156792e Add /mark_all_as_read endpoint.
This change simplifies how we mark all messages as read.  It also
speeds up the backend by taking advantage of our partial index
for unread messages.  We also use a new statsd indicator.
2017-08-04 14:10:46 -07:00
neiljp (Neil Pilgrim) b19e62b7ce mypy: Initialize search_term to {} rather than None & avoid Optional. 2017-08-03 11:09:50 -07:00
Rishi Gupta f995094441 registration: Split out onboarding messages to onboarding.py. 2017-08-01 22:47:53 -07:00
Rishi Gupta cec65d78da realm creation: Update text of initial PM. 2017-08-01 22:38:22 -07:00
Rishi Gupta a51d8d4251 realm creation: Change initial realm messages and streams. 2017-08-01 22:38:22 -07:00
Rishi Gupta 9c5765bcde registration: Split welcome message creation out of initial stream creation.
The welcome messages aren't a faithful reproduction of what was there
before, but they're about to be changed in the next few commits anyway.
2017-08-01 22:38:22 -07:00
Rishi Gupta 70d77c7251 realm creation: Move sending of initial notifications stream message.
Slowly collecting all initial realm messages into
send_initial_realm_messages, so that it is easy to control their order.
2017-08-01 22:38:22 -07:00
Rishi Gupta 377e32d77c realm creation: Add an initial private stream. 2017-08-01 22:38:22 -07:00
Rishi Gupta 139a2224fe realm creation: Move initial stream setup into its own function. 2017-08-01 22:38:22 -07:00
James Rowan db4a8227ee realm creation: Move DEFAULT_NEW_REALM_STREAMS out of settings. 2017-08-01 22:38:22 -07:00
Tim Abbott 1338c6fa0c report: Fix path to find webpack bundle source maps.
The previous code only worked for release tarballs, which has the
source maps in both places.
2017-08-01 08:55:45 -07:00
Tim Abbott a9fa1a5527 api: Migrate /json/messages_in_narrow off legacy API.
This completes the major endpoint migrations to eliminate legacy API
endpoints from Zulip.

There's a few other things that will happen naturally, so I believe
this fixes #611.
2017-07-31 13:08:06 -07:00
Tim Abbott ed10ce70d4 invites: Migrate to non-legacy API format.
This has the side effect of making it possible for a bot user to
invite users with its API key, which seems useful.
2017-07-31 13:08:06 -07:00
Tim Abbott 6a50e13156 uploads: Remove legacy /json/upload_file endpoint.
This migrates Zulip to use the equivalent API endpoint that has been
present for a while.
2017-07-31 13:08:06 -07:00
Tim Abbott 1e5aee054b settings: Migrate main settings-change code to API.
This was one of the few major remaining endpoints that were still on
the old-style legacy API.
2017-07-31 13:08:06 -07:00
Tim Abbott 9bf02fb913 custom_profile: Prevent bot users from accessing endpoint. 2017-07-31 13:08:06 -07:00
Tim Abbott 93261e14b7 hotspots: Prevent bot users from accessing endpoint. 2017-07-31 13:08:06 -07:00
Anna Liao 6a3c8ca2c5 push_notifications: Add human users only decorator.
This is part of #4517.
2017-07-31 13:08:06 -07:00
vaibhav 691aff55a3 bots: Add UI to select Slack compatible interface for webhooks.
interface_type select menu will be used to choose the interface
for outgoing webhooks. It will be displayed only when the selected
bot type is OUTGOING WEBHOOK type. The default value is GENERIC
interface type (1).
2017-07-28 16:22:55 -07:00
Pweaver (Paul Weaver) 5932896ebb Fix browser error reporting to find webpack source map files.
When we switched to using webpack, source map files weren't being
logged in the expected place.
2017-07-28 16:01:23 -07:00
Steve Howell 69fd967c5d topics history: Simplify data in /topics endpoint.
In anticipation of have all unread message ids available to the
web app in page_params (via a separate effort), we are simplifying
the /topics endpoint to no longer return unread counts.

Instead we have a list of tiny dictionaries with these fields:

    name - name of the topic
    max_id - max message id for the topic (aka most recent)

The items in the list are order by most-recent-topic-first.
2017-07-27 14:26:22 -07:00
Vishnu Ks 6551640c67 confirmation: Use ConfirmationKeyException in get_object_from_key.
Fixes #5739.
2017-07-25 18:44:30 -07:00
Greg Price 11a7a17087 streams: Remove a redundant field in the `json_stream_exists` result.
This route is called only in `js/compose.js`, to handle autosubscribe.
That code doesn't check this "exists" field, because there's no need
-- the same information is already carried in whether the result was
success or failure.  So just eliminate it.

This makes the logic here a little simpler.  It also eliminates
another usage of the `data` parameter to `json_error`.  I have half a
mind to eliminate that parameter, in favor of making `JsonableError`
subclasses whenever there's structured data to include, in particular
to get the benefits of typing.  There are a couple of places where
that change isn't locally a clear win, but this is not one of them.
2017-07-25 15:33:11 -07:00
Greg Price b2f770c1ee invite: Simplify error-handling with exceptions.
I especially like what happens to the return type of
`do_invite_users`.
2017-07-25 15:33:11 -07:00
Greg Price 28b4234227 admin: Make an error about auth settings not mimic auth errors.
This error isn't saying that any kind of authentication or
authorization failed -- it's just a validation error like
any other validation error in the values the user is asking to
set.  The thought of authentication comes into it only because
the setting happens to be *about* authentication.

Fix the error to look like the other validation errors around it,
rather than give a 403 HTTP status code and a "reason" field that
mimics the "reason" fields in `api_fetch_api_key`.
2017-07-25 15:33:11 -07:00
Greg Price 9faa44af60 JsonableError: Optionally carry error codes and structured data.
This provides the main infrastructure for fixing #5598.  From here,
it's a matter of on the one hand upgrading exception handlers -- the
many except-blocks in the codebase that look for JsonableError -- to
look beyond the string `msg` and pass on the machine-readable full
error information to their various downstream recipients, and on the
other hand adjusting places where we raise errors to take advantage
of this mechanism to give the errors structured details.

In an ideal future, I think all exception handlers that look (or
should look) for a JsonableError would use its contents in structured
form, never mentioning `msg`; but the majority of error sites might
continue to just instantiate JsonableError with a string message.  The
latter is the simplest thing to do, and probably most error types will
never have code looking for them specifically.

Because the new API refactors the `to_json_error_msg` method which was
designed for subclasses to override, update the 4 subclasses that did
so to take full advantage of the new API instead.
2017-07-24 16:41:22 -07:00
Greg Price 4837d4178d JsonableError: Make `http_status_code` a class attribute only.
This simplifies things for all codepaths not involving this feature.

Using this feature becomes slightly easier when you're already
defining a subclass, but now requires you to define a subclass.
Currently we use it just once out of >100 uses of JsonableError, and
that use already has a subclass, so this seems like a win.
2017-07-24 16:41:22 -07:00
Greg Price 6dfb46dc08 JsonableError: Rename `status_code` and rely more on its default.
With #5598 there will soon be an application-level error code
optionally associated with a `JsonableError`, so rename this
field to make clear that it specifically refers to an
HTTP status code.

Also take this opportunity to eliminate most of the places
that refer to it, which only do so to repeat the default value.
2017-07-24 16:41:22 -07:00
Greg Price e18baff32c JsonableError: Rename message from `error` to `msg`.
The whole thing is an error, so "message" is a more apt word for the
error message specifically.  We abbreviate that as `msg` in the actual
HTTP responses and in the signatures of `json_error` and friends, so
do the same here.
2017-07-24 16:41:22 -07:00
Jack Zhang e915321f89 registration: Remove organization type selection in realm creation. 2017-07-21 13:09:06 -07:00
Vishnu Ks fbf24624f8 views: Remove unused get_user_profile_by_email import from users. 2017-07-20 16:50:23 -07:00
Vishnu Ks 9e8de244e8 users: Use get_user in patch_bot_backend view. 2017-07-18 17:14:05 -07:00
Vishnu Ks 0d6e92d946 messages: Use get_user_including_cross_realm in create_mirrored_message_users. 2017-07-18 17:14:05 -07:00
Vishnu Ks 9ebf5090d2 messages: Use get_user_including_cross_realm in by_group_pm_with function. 2017-07-18 17:14:05 -07:00
Vishnu Ks fc8b6f69bd messages: Use get_user_including_cross_realm in by_pm_with function. 2017-07-18 17:14:05 -07:00
Vishnu Ks 7b78224c42 messages: Use get_user_including_cross_realm in by_sender function. 2017-07-18 17:14:05 -07:00
Vishnu Ks d99032e896 views: Add user_realm attribute to class NarrowBuilder. 2017-07-18 17:14:05 -07:00
Vishnu Ks 479945a1d5 views: Remove unused imports from messages.py. 2017-07-18 17:14:05 -07:00
Rishi Gupta 5d168c90f9 confirmation: Remove ConfirmationManager.
Also adds Confirmation.type, and cleans up the rest of Confirmation to look
more like the model definitions in zerver.

In the migration, all existing confirmations adopt the type
USER_REGISTRATION, to be conservative. In a few commits, different
confirmation types will have different validity periods, and
USER_REGISTRATION will have the shortest default.
2017-07-17 23:18:47 -07:00
Rishi Gupta 0f4b71b766 confirmation: Liberate get_link_for_object from ConfirmationManager. 2017-07-17 23:18:47 -07:00
Rishi Gupta 3b97262647 confirmation: Liberate confirm from ConfirmationManager. 2017-07-17 23:18:47 -07:00
Rishi Gupta 3bc74113ad utils: Cast generate_random_token to str.
Having this be Text is forcing various URLs, emails, etc to be type
annotated as Text.
2017-07-17 23:18:47 -07:00
Tim Abbott 1a51bcd2df actions: Record acting_user for subscriptions RealmAuditLog entries.
In most cases, we do have the data for which other user was
responsible for subscribing the target user to new streams.

The main case where we don't is when the user is created and gets the
default streams.
2017-07-17 17:23:41 -07:00
Rishi Gupta 36dbb76516 emails: Rename clear_followup_emails_queue. 2017-07-17 16:05:38 -07:00
Rishi Gupta 5b3e6af2e5 emails: Remove only emails of the correct type when clearing queue. 2017-07-17 16:05:38 -07:00
Rishi Gupta f51bd898dc notifications: Change clear_followup_emails_queue to take a user_id. 2017-07-17 16:05:38 -07:00
Vishnu Ks dd58406f03 users: Use get_user_including_cross_realm in avatar view. 2017-07-17 14:51:35 -07:00
Vishnu Ks d5c65a806b users: Decorate avatar view with zulip_login_required.
This will make it possible in the future to have multiple users on a
server witht he same email address.
2017-07-17 14:51:18 -07:00
Vishnu Ks f9245e26d9 Make user_id, realm_id mandatory in _get_unversioned_avatar_url. 2017-07-17 21:01:30 +00:00
Rishi Gupta f1aaf4cc33 emails: Remove the display_email function.
No longer needed, since this now only appears in build_email.
2017-07-16 16:56:39 -07:00
Rishi Gupta 154d37afd2 emails: Add to_user_id argument to send_email.
Both the queue processor and ScheduledJob emails need to sometimes pass a
to_user_id and sometimes pass a to_email, and it's more convenient to just
have one function that they can call that can handle either.

Also removes the now redundant send_email_to_user.
2017-07-16 16:56:39 -07:00
neiljp (Neil Pilgrim) 8611a2cafa tidying: Combine multiple 'import typing' lines onto one line. 2017-07-16 16:43:21 -07:00
Durga Akhil Mundroy 146dfa6f0b org-permissions: Add allow_edit_history organiztion setting.
This new setting controls whether or not users are allowed to see the
edit history in a Zulip organization.  It controls access through 2
key mechanisms:

* For long-ago edited messages, get_messages removes the edit history
  content from messages it sends to clients.

* For newly edited messages, clients are responsible for checking the
  setting and not saving the edit history data.  Since the webapp was
  the only client displaying it before this change, this just required
  some changes in message_events.js.

Significantly modified by tabbott to fix some logic bugs and add a
test.
2017-07-16 10:10:06 -07:00
Vaida Plankyte 28ea174ed9 backend: Implement high contrast mode display setting. 2017-07-14 14:53:24 -07:00
Steve Howell 475eb21a5e Revert commits related to client_message_id.
I pushed a bunch of commits that attempted to introduce
the concept of `client_message_id` into our server, as
part of cleaning up our codepaths related to messages you
sent (both for the locally echoed case and for the host
case).

When we deployed this, we had some strange failures involving
double-echoed messages and issues advancing the pointer that appeared
related to #5779.  We didn't get to the bottom of exactly why the PR
caused havoc, but I decided there was a cleaner approach, anyway.
2017-07-14 12:13:35 -07:00
Steve Howell 8fbb55df85 Introduce client_message_id on the server.
We are deprecating local_id/local_message_id on the Python server.
Instead of the server knowing about the client's implementation of
local id, with the message id = 9999.01 scheme, we just send the
server an opaque id to send back to us.

This commit changes the name from local_id -> client_message_id,
but it doesn't change the actual values passed yet.

The goal for client_key in future commits will be to:
    * Have it for all messages, not just locally rendered messages
    * Not have it overlap with server-side message ids.

The history behind local_id having numbers like 9999.01 is that
they are actually interim message ids and the numerical value is
used for rendering the message list when we do client-side rendering.
2017-07-13 23:42:27 -04:00
Jack Zhang 6e2f90c8c9 Improve /integrations page load time.
Prior to this commit, 7 megabytes of images (through 253 individual requests)
were heavily slowing down the initial load. With this commit, we load only the
logos (60 or so images).

Documentation and images for the individual integration sub-pages is requested
separately using the /integrations/doc/ endpoint, which returns HTML.
2017-07-13 20:37:09 -07:00
Rishi Gupta cca573421d test_emails: Add email_base_{default,message} to ignore list. 2017-07-13 19:17:53 -07:00
James Rowan 0369a9f3bf emails: Make change in email notification come from 'Zulip Account Security.' 2017-07-13 14:50:36 -07:00
neiljp (Neil Pilgrim) 07255d49d5 mypy: Add check for parse_user_agent returning None in compatibility.py. 2017-07-08 10:49:42 -07:00
Rishi Gupta 0f46fd86dd urls: Rename arguments to accounts/unsubscribe.
type -> email_type to match future work on ScheduledJob.

token -> confirmation_key to match what the other confirmation views urls
call this argument.
2017-07-07 18:56:14 -07:00
Rishi Gupta 11a4cffba0 confirmation: Add explicit host in call to get_link_for_object in auth.py. 2017-07-07 18:56:14 -07:00
Rishi Gupta 8fed9eeb75 confirmation: Make host a required argument in get_link_for_object.
Removes some lines of test from test_email_change.py. The relevant code path
was never utilized by the code itself, just by the tests.
2017-07-07 18:53:00 -07:00
Rishi Gupta c72a5f2efe confirmation: Call get_link_for_object with host=unused when host unused. 2017-07-07 18:53:00 -07:00
Vaida d5517bae36 Delete the old zulip.com "referrals" system.
This system hasn't been in active use for several years, and had some 
problems with it's design.  So it makes sense to just remove it to declutter
the codebase.

Fixes #5655.
2017-07-07 14:59:18 -07:00
Vishnu Ks 92e7255217 page_params: Include password min length and quality.
The change password form http://localhost:9991/#settings/your-account
don't have data-min-length and data-min-quality attributes. The
account_settings.handlebar which has the change password form is
rendered client side. So we have to pass the value of min length
and quality in page params to set the data-min-length and
data-min-quality attributes.
2017-07-07 14:48:06 -07:00
neiljp (Neil Pilgrim) f1a8148242 mypy: Set remote_username parameter to Optional[Text] based on a test. 2017-07-07 10:56:33 -07:00
Tim Abbott d6e0960ca2 push_notifications: Fix mypy annotation logic around push tokens.
I'm not 100% confident this is long-term correct, but at least it's
consistent.
2017-07-07 10:54:37 -07:00
Tim Abbott eaa33cce73 push_notifications: Validate format of APNS tokens.
This fixes a bug where we would previously not validate the format of
APNS tokens before writing them to the database, which could lead to
exceptions in the push notifications system if a buggy mobile app
submitted invalid format tokens.
2017-07-07 10:28:36 -07:00
Jack Zhang cb3e930159 integrations: Extend integrations classes with categories.
For now, all integrations are temporarily under the category
'analytics'. Real categorizations should be added prior to
deployment.
2017-07-06 13:04:43 -07:00
James Rowan 0951666cbb emails: Confirmation emails should come from the NOREPLY address.
This prevents users from accidentally sending a confirmation link
specific to their account to their Zulip administrator if they reply
to the invitation, invitation reminder, account confirmation, or new
email confirmation emails.
2017-07-05 15:18:33 -07:00
Vaida Plankyte c88530366e user_settings.py: Use the singular 'they' pronoun. 2017-07-05 09:27:44 -07:00
James Rowan d88e7308bf emails: Add a FromAddress class to control access to certain settings emails.
No change in behavior.

Also makes the first step towards converting all uses of
settings.ZULIP_ADMINISTRATOR and settings.NOREPLY_EMAIL_ADDRESS to
FromAddress.*.

Once everything is converted, it will be easier to ensure that future
development doesn't break backwards compatibility with the old style of
settings emails.
2017-07-04 14:25:01 -07:00
James Rowan 368bd66d8b emails: Refactor send_email functions to take both a sender name and address.
This will allow for customized senders for emails, e.g. 'Zulip Digest' for
digest emails and 'Zulip Missed Messages' for missed message emails.

Also:
* Converts the sender name to always be "Zulip", if the from_email used to
  be settings.NOREPLY_EMAIL_ADDRESS or settings.ZULIP_ADMINISTRATOR.

* Changes the default value of settings.NOREPLY_EMAIL_ADDRESS in the
  prod_setting_template to no longer have a display name. The only use of
  that display name was in the email pathway.
2017-07-04 14:25:01 -07:00
Franziska von der Goltz 98847937f4 realm: add mandatory topic setting on org level.
Lets organizations require users to specify a topic the discussion.

Fixes: #5164.
2017-07-04 14:09:21 -07:00
Greg Price 7b526b3946 narrow: Add comments explaining how we limit to legitimately-visible results.
Two wrinkles here:

* It's actually a little subtle why `ok_to_include_history` is
  correct; in particular, it's not true that a term `stream:foo` will
  always limit the query to the stream `foo`.  For this, add an
  explanatory comment backed up by an assert.

* The TODO comment in `messages_in_narrow_backend` about assuming this
  is a search, I'm pretty sure doesn't matter; it seems to only be
  saying that we return the set of fields we would for a search.
  They're harmless to send, and in any case it doesn't appear to be
  true anymore that the client only calls this for a search: the
  `can_apply_locally` function also causes narrows with `has:` to go
  to the server.  So just take that comment out.
2017-06-30 11:47:40 -04:00
Greg Price 7785a1046b narrow: Describe the key security invariant of NarrowBuilder.
(After writing the term "invariant" a few times in these comments and
now this commit message, my inner mathematician reminds me that this
property is properly termed a "monovariant" -- something does change,
but it changes only in one direction.  Pretty sure saying "invariant"
communicates better here, though.)
2017-06-30 11:47:40 -04:00
Rishi Gupta 577e201df0 emails: Replace DEFAULT_FROM_EMAIL with ZULIP_ADMINISTRATOR.
We're getting rid of DEFAULT_FROM_EMAIL from prod_settings_template, since
we only really need one of {DEFAULT_FROM_EMAIL, ZULIP_ADMINISTRATOR}.
2017-06-29 17:54:33 -07:00
Rishi Gupta bf996f91ba deactivated.html: Use support_email instead of custom context variable. 2017-06-29 11:20:32 -07:00
Umair Khan dc78a7888f login_or_register_remote_user: Send login emails for mobile.
Fixes #5389
2017-06-26 16:14:14 -07:00
Umair Khan 34a91be9a2 api_fetch_api_key: Send new login emails for mobile. 2017-06-26 16:14:14 -07:00
Vishnu Ks 00668c7bbd registration.py: Send pms from welcome-bot on user creation. 2017-06-25 11:23:45 -04:00
Vaida Plankyte 1fb8eb823a test_emails.py: Add referrer_realm_name to test values. 2017-06-22 14:19:33 -04:00
Sampriti Panda 5dc053d6fb bots: Add validation to add_bot_backend to prevent empty short names
Fixes #5487
2017-06-21 10:11:08 -04:00
Abhijeet Kaur 14fdc2aea6 bots: Add 'Bot type' column to bots list in organization settings. 2017-06-20 23:04:46 -04:00
Cory Lynch 00ebb4f4d4 messages.py: Ignore own email in group PMs. 2017-06-20 21:22:45 -04:00
vaibhav 33c0c00cd6 Outgoing webhook System: first Iteration of outgoing webhook UI. 2017-06-19 16:05:54 -04:00
Cory Lynch b4419528f7 Update narrow.py, messages.py to support is:unread. 2017-06-19 06:51:13 -04:00
Tim Abbott 57d26c1a66 auth: Add realm_creation parameter to RegistrationForm. 2017-06-15 11:04:25 -07:00
Harshit Bansal 0e25634934 views/alert_words.py: Use `do_add_alert_words()` in `add_alert_words()`.
Revert to the use of `do_add_alert_words()` in `add_alert_words()`
instead of `do_set_alert_words()` since it is used for serving a
PUT request. This change seems to be mistakenly done in commit
`d564a76f8e45b24cd2c66475ef7693582fb2f5fc'.
2017-06-13 16:36:11 -07:00
Umair Khan 1e9c87855c Django 1.11: is_authenticated is now a property. 2017-06-13 15:04:04 -07:00
Rishi Gupta 1f77a0cdee confirmation: Remove Confirmation.objects.send_confirmation.
I think it makes sense to wrest the email sending from confirmation, now
that we have a clean email-sending interface in send_email. A few other
reasons:
* send_confirmation is get_link_for_object followed by send_email, but those
  two functions have no arguments in common.
* Sending email through confirmation obfuscates the context dict, and is a
  relatively complicated piece of the codebase anyone trying to deal with
  the email system has to understand.
* The three emails previously being sent through confirmation don't have
  that much in common, other than that they happen to have a confirmation
  link in them.

The .split('/')[-1] in registration.py is a hack, but a hack used several
places in the codebase, so maybe one day get_link_for_object will also
return the confirmation_key.
2017-06-12 23:02:28 -07:00
Rishi Gupta e4d3ce953b registration.py: Refactor send_registration_completion_email.
We're about to make a change where we no longer deal with confirmation
objects in these email pathways.

The "if settings.DEVELOPMENT and realm_creation" is a bit of a hack, but no
worse a hack as was there before, I think. I think it's also less confusing
if the method signature matches what happens in production.
2017-06-12 23:02:28 -07:00
Rishi Gupta 9a02739008 emails: Remove invitation_mit. 2017-06-12 23:02:28 -07:00
Rishi Gupta 3332ebaf22 emails: Remove confirmation_registration_mit.
Not enough new Zephyr signups to justify the carrying cost :(.
2017-06-12 23:02:28 -07:00
Rishi Gupta 1d702d13a4 emails: Replace context variable zulip_support with support_email. 2017-06-10 01:35:03 -07:00
Rishi Gupta 15b967fc3e emails: Move support_email into a common context. 2017-06-10 01:25:44 -07:00
Rishi Gupta 056489c247 emails: Move verbose_support_offers into a common context.
Server settings should just be added to the context in build_email, so that
the individual email pathways (and later, the email testing framework)
doesn't have to worry about it.
2017-06-10 01:16:03 -07:00
Vaida Plankyte 114b080d01 emails: Add base template for html emails. 2017-06-09 23:34:24 -07:00
Rishi Gupta 2f1d678133 test_emails: Impose a specific order on the templates. 2017-06-09 23:34:24 -07:00
Rishi Gupta 69e7029663 test_emails: Use zerver.lib.send_email for rendering email.
Previously the rendering code in test_emails.py did not match the rendering
code in send_email.py. This commit removes the duplication to reduce the
chance they drift in the future.

This commit also changes test_emails.html to ensure that we always display
both the HTML and text versions of an email.
2017-06-09 23:34:24 -07:00
Rishi Gupta 7fae8fb53d test_emails: Make fixture values more helpful for visual review.
Also fixes the fact that we were pulling assets from chat.zulip.org.
2017-06-09 23:34:24 -07:00
Tim Abbott 14ff26bd67 test_emails: Don't require test coverage for failed template rendering. 2017-06-09 16:28:01 -07:00
Cory Lynch 6219128d87 dev: Add /emails/ URL for testing email templates.
Fixes #5270.
2017-06-09 16:21:49 -07:00
Akhil 4986027126 org-settings: Add backend for notifications stream.
Realm.notifications_stream is not a boolean, Text or integer field, and
thus doesn't fit into the do_set_realm_property framework. Added function
to update it in actions.py. Altered the view, realm.py, to accept
stream-id. Also, notifications stream can be disabled by sending a
negative id.
2017-06-09 16:03:52 -07:00
Abhijeet Kaur 60ff82ed7c bots: Add UI for creating different types of bot.
Add 'Type of bot' option for bots by adding dropdown option in
settings->"Your bots".  For now, this allows creating incoming webhook
bots in addition to default bots.

This will enable users to add a bot as an incoming webhook
(in addition to add full-featured bots).

With various minor tweaks and cleanups by tabbott.

Fixes #2186.
2017-06-06 21:11:22 -07:00
Greg Price 04b363f3a2 apps: Redirect /apps -> zulipchat.com/apps, except on upstream itself.
This page describes software the user will get from upstream for
their own devices, independent of what's on the server they're
using.  So it should live in a place maintained together with
that other software, rather than be distributed and versioned
with the server.

The use of ZILENCER_ENABLED to tell the difference is rather a hack
but is currently how we do this in the small handful of similar
spots; see #5245.

Fixes #5234.
2017-06-06 11:21:20 -07:00
Tim Abbott 1f48fa2767 invite: Fix invite_by_admins_only to be enforced in backend.
This is CVE-2017-0896.

Apparently, this setting never actually was wired up to anything other
than hiding the UI widget.

Huge thanks to Ibram Marzouk from the HackerOne community for finding
this security bug.
2017-06-01 17:24:29 -07:00
K.Kanakhin 2434f2d96c messages: Add support for admins deleting messages.
This makes it possible for Zulip administrators to delete messages.
This is primarily intended for use in deleting early test messages,
but it can solve other problems as well.

Later we'll want to play with the permissions model for this, but for
now, the goal is just to integrate the feature.

Note that it saves the deleted messages for some time using the same
approach as Zulip's message retention policy feature.

Fixes #135.
2017-05-29 21:59:38 -07:00
Harshit Bansal 298e23b447 realm_emoji.py: Allow an user to delete an emoji uploaded by them.
If a realm is configured to allow any user to upload an emoji,
then, an emoji author must be allowed to delete an emoji uploaded
by them.
2017-05-29 20:21:25 -07:00
Maxim Averin 685fb16c39 Switch change_full_name to use RealmAuditLog.
This requires adding an `acting_user` parameter to the
`do_change_bot_owner` function.
2017-05-29 15:22:08 -07:00
Reid Barton ccb4c5c26f bots: Move zephyr-related files to api/integrations/zephyr/. 2017-05-26 15:07:02 -07:00
Ethan d4d689532d mypy: serve_local return type to FileResponse. 2017-05-25 15:41:52 -07:00
umkay 9ab0a8be6a mypy: Fix strict optional in zerver/views. 2017-05-25 09:30:41 -07:00
umkay ccc70445d6 mypy: Fix strict-optional errors for test files.
Fix mypy --strict-optional errors in zerver/tests
2017-05-24 12:43:28 -07:00
Yago González c0f2036435 api: Handle unregistered users in dev_fetch_api_key.
Fixes #4851.
2017-05-24 09:39:44 -07:00
Tim Abbott 109c5c677a mypy: Fix return value annotation for google_oauth2_csrf. 2017-05-23 17:47:03 -07:00
Tim Abbott 796cf8e5fd mypy: Fix a buggy annotation in create_mirrored_message_users. 2017-05-23 15:45:56 -07:00
Vishnu Ks 789ef217a8 send_email.py: Remove unused get_user_profile_by_email import. 2017-05-23 15:27:21 -07:00
Yago González 83f3959906 api: Remove unnecessary period for consistency. 2017-05-23 15:01:26 -07:00
Matt Long 19363b2b77 notification_settings: Refactor notification preference settings.
Previously, all notification preference setting had a dedicated test
and setter. Now, all are handled through a modular function using the
property_types framework.
2017-05-23 14:47:46 -07:00
Konstantin Gukov c40759562c streams: Refactor get_user_profile_by_email to get_user. 2017-05-23 10:32:53 -07:00
Konstantin Gukov dd76222a3f Fetch system bots using new get_system_bot function.
This eliminate a bunch of uninteresting calls to
get_user_profile_by_email.
2017-05-23 10:30:40 -07:00
JoshuaGoldin 0b88957d12 views: Use property_types for display settings.
This reduces semi-duplicated code here.
2017-05-22 18:11:08 -07:00
Tim Abbott accc7406da views/presence: Refactor get_user_profile_by_email -> get_user. 2017-05-22 16:43:08 -07:00
Lech Kaiel 7995dd2de6 views/users: Refactor get_user_profile_by_email to get_user. 2017-05-22 16:42:16 -07:00
Tim Abbott 040067b2a2 invite: Remove obsolete bulk_invite_users endpoint. 2017-05-17 17:30:15 -07:00
Aditya Bansal 092d670e85 pep8: Add compliance with rule E261 to zerver/views/user_settings.py. 2017-05-18 03:00:32 +05:30
Aditya Bansal cc2b334020 pep8: Add compliance with rule E261 to zerver/views/streams.py. 2017-05-18 03:00:32 +05:30
Aditya Bansal 11aeeec2ab pep8: Add compliance with rule E261 to zerver/views/registration.py. 2017-05-18 03:00:32 +05:30
Aditya Bansal 5cdfd899dc pep8: Add compliance with rule E261 to zerver/views/realm.py. 2017-05-18 03:00:32 +05:30
Aditya Bansal db3c05002a pep8: Add compliance with rule E261 to zerver/views/presence.py. 2017-05-18 03:00:32 +05:30
Aditya Bansal 634c08c3dd pep8: Add compliance with rule E261 to zerver/views/messages.py. 2017-05-18 03:00:32 +05:30
Aditya Bansal 35e3d57ed9 pep8: Add compliance with rule E261 to zerver/views/invite.py. 2017-05-18 03:00:32 +05:30
Aditya Bansal 1979476152 pep8: Add compliance with rule E261 to zerver/views/integrations.py. 2017-05-18 03:00:32 +05:30
Aditya Bansal fe3b42c8f8 pep8: Add compliance with rule E261 to zerver/views/home.py. 2017-05-18 03:00:32 +05:30
Aditya Bansal c504b013b1 pep8: Add compliance with rule E261 to views/auth.py. 2017-05-18 03:00:32 +05:30
Tim Abbott 850519b314 api: Move cross_realm_bots into the register_ret response.
This is probably not the right long-term solution to the cross-realm
bots problem (that solution is probably to eliminate cross-realm bots
and replace them with per-realm bots).  But in the short term, this
will at least make it possible for mobile apps to interact with these
cross-realm bots using the `realm_user` data set.
2017-05-16 20:23:13 -07:00
Tim Abbott cab908b664 api: Move notifications_stream into the register_ret API.
While we're at it, we at least fix the API to use a stream ID, not a
stream name, to refer to the notifications stream.
2017-05-16 18:57:14 -07:00
Steve Howell e6cc0ffcdd Eliminate PMs to non-subscribers when creating streams.
This should make stream creation relatively fast again, since we
will no longer send O(N) PMs out to tell folks the stream was
created.
2017-05-16 10:43:27 -07:00
Steve Howell c8dd056ac5 Extract you_were_just_subscribed_message(). 2017-05-16 09:01:00 -07:00
Steve Howell bbd8c1c49b Do not send PMs to subscribers when creating streams.
When we create a stream, we usually send a welcome message on the
stream itself as well as an announcement on the announcement stream,
but we no longer PM the individual users.  Hopefully this will be
more pleasant for users (less spammy), and it also will make creating a
stream a lot faster.

We still send notifications when we add subscribers to an existing
stream.
2017-05-16 08:58:17 -07:00
Steve Howell e2732dabf3 Send welcome messages as part of /create_realm flow.
We now pre-populate the streams in DEFAULT_NEW_REALM_STREAMS
(social/general/zulip, unless somebody changes settings.py) with
welcome messages.  This makes the streams appear to be active
right away, and it also gives the Zulip realm less of a
blank-slate feeling when you create it.

This change only affects the normal web-based create-realm flow.
It doesn't impact the management commands for creating realms
or setting default streams.
2017-05-15 20:38:08 -07:00
Tim Abbott 97abaae9af home: Remove now-unnecessary page_params_core_fields duplication.
Also, we update the documentation to make the overall system a bit
clearer.

Fixes #4628.
2017-05-13 22:58:18 -07:00
Tim Abbott 223624be25 settings: Add support for longer, markdown-powered realm descriptions.
This makes it possible to create much prettier login pages.

Further work on styling may be necessary.
2017-05-11 13:59:46 -07:00
Umair Khan dc2a9a4c5b github: Add sign up button on registration page. 2017-05-10 17:49:08 -07:00
Umair Khan d56db0a3b4 auth.py: Add confirmation handlers for signup.
These handlers will kick into action when is_signup is False. In case
the account exists, the user will be logged in, otherwise, user will
be asked if they want to proceed to registration.
2017-05-10 17:20:34 -07:00
Umair Khan 11426a2cec log_into_subdomain: User should be None in signup. 2017-05-10 17:20:34 -07:00
Tim Abbott 5019b53492 auth: Pass is_signup option around. 2017-05-10 17:20:34 -07:00
Tim Abbott ce3974b40e auth: add is_signup option to login_or_register_remote_user. 2017-05-10 17:20:34 -07:00
Tim Abbott e8eaec0a18 mypy: Fix various errors caught by removing cache_with_key. 2017-05-10 14:37:20 -07:00
Tim Abbott 2d97db3518 streams: Add endpoint for modifying properties of a single stream.
This is likely to be the more common endpoint for API clients like the
mobile apps to interact with when modifying streams.
2017-05-09 13:42:34 -07:00
kunall17 e087bc24f8 streams: Migrate stream property changes to new REST endpoint.
This is one of the last major endpoints that were still done in the
pre-REST style.

While we're at it, we change the endpoint to expect a stream ID, not a
stream name.
2017-05-09 13:39:23 -07:00
Rishi Gupta 925ee8c0f1 Add a send_email function that takes a template_prefix and context.
This commit replaces all uses of django.core.mail.send_mail with send_email,
other than in the password reset flow, since that code looks like it is just
a patch to Django's password reset code.

The send_email function is in a new file, since putting it in
zerver.lib.notifications would create an import loop with confirmation.models.

send_future_email will soon be moved into email.py as well.
2017-05-05 14:20:32 -07:00
Tim Abbott f4a1cea488 auth: Refactor conditionals in login_or_register_remote_user. 2017-05-05 10:19:02 -07:00
hackerkid 83eb161249 Set user timezone automatically during signup. 2017-05-04 16:36:51 -07:00
Tim Abbott 33ecfd7da4 auth: Remove require_GET for api_get_auth_backends.
Unfortunately, the Android app incorrectly uses POST with this
endpoint, so the recent change to add this needs to be reverted.
2017-05-04 14:39:02 -07:00
Rishi Gupta 21a6377204 email: Move and rename find_team_email templates. 2017-05-03 23:26:14 -07:00
Rishi Gupta 975d5bd8c0 email: Move and rename notify_change_in_email templates. 2017-05-03 20:54:40 -07:00
Rishi Gupta ed0c310aa3 email: Move and rename preregistrationuser_confirmation_email templates. 2017-05-03 20:54:40 -07:00
Rishi Gupta aa21012783 email: Move and rename mituser_confirmation_email templates. 2017-05-03 20:54:40 -07:00
Rishi Gupta 0a32d9efa3 email: Fix filenames of notify_change_in_email templates. 2017-05-03 20:54:40 -07:00
Rishi Gupta 326f9a8506 email: Fix zephyr mirror registration email not working with subdomains.
If a user is trying to register for a mit zephyr mirroring realm, we send
them a specific registration email with a link to a few more instructions.

There is only one server that we know about that has such a realm, and that
server uses subdomains. This commit changes the logic to work in the
subdomains case, rather than in the non-subdomains case (though see next
para).

Note that the current check is deceptive, and is not actually correct in the
non-subdomains case. The prereg user has a realm only in the atypical case
of someone registering via the special URL for completely-open realms.

To do this correctly in the non-subdomains case, we would need to copy a
bunch of the logic from the beginning of accounts_register to figure out
which realm the user is signing up for, so that we can check if that realm
is a zephyr mirroring realm. Given how complicated the registration code is
already, I think it is probably not worth it at the moment. This commit also
removes the partial (deceptive) check, since I think it does more harm than
good.
2017-05-03 20:52:24 -07:00
Rishi Gupta 6fd3426e92 confirmation: Replace *_template_path arguments with template_prefix.
Relies on the fact that all the email template names now follow the same
pattern.

Note that there was some template_prefix-like computation being done in
send_confirmation (conditioned on obj.realm.is_zephyr_mirror_realm); that
computation is now being done in the callers.
2017-05-03 20:44:57 -07:00
Rishi Gupta 4f20fdc572 user_settings: Update change-email confirmation message. 2017-05-03 19:34:58 -07:00
Tim Abbott 51260b7536 auth: Add new route to get server settings.
Specifically, this makes easily available to the desktop and mobile
apps data on the server's configuration, including important details
like the realm icon, name, and description.

It deprecates /api/v1/get_auth_backends.
2017-05-03 16:40:14 -07:00
Tim Abbott 5d5a314051 auth: Refactor api_get_auth_backends. 2017-05-03 16:40:07 -07:00
sinwar 5c3cb79747 streams: Ban null character from stream name.
This is a better solution to the problem of how _pg_re_escape should
handle the null character.  There's really no good reason to have a
null character in a stream name.
2017-05-01 23:43:01 -07:00
Steve Howell 711a50f1e8 Add internal_prep_private_message().
The new function takes a full UserProfile object for the sender,
which allows us to avoid O(N) calls when creating the stream to
find the user profile of the notification bot.  (The calls were
already cached, so this won't necessarily be a huge performance
win.)

We also don't have to worry about sending a blank subject any more.
2017-05-01 16:23:38 -07:00
Steve Howell 0f4de8e37d Add internal_prep_stream_message().
The new, more direct interface for prepping internal stream
messages circumvents the bug-prone extract_recipients() method,
which has the pitfall that it will try to parse a stream name
as JSON.  It also takes a UserProfile object for the sender, so
it's a bit more type-safe.
2017-05-01 16:23:38 -07:00
Steve Howell e3edc4d829 Send welcome messages for new streams. 2017-05-01 16:23:38 -07:00
K.Kanakhin f13d6a18eb realm-emoji: Add realm emoji uploading instead url providing.
- Add file_name field to `RealmEmoji` model and migration.
- Add emoji upload supporting to Upload backends.
- Add uploaded file processing to emoji views.
- Use emoji source url as based for display url.
- Change emoji form for image uploading.
- Fix back-end tests.
- Fix front-end tests.
- Add tests for emoji uploading.

Fixes #1134
2017-05-01 14:50:20 -07:00
fionabunny 78f2df5649 home.py: move initial_pointer as pointer to register_ret.
This is the last of the fields in page_params that could come from
register_ret but wasn't doing so.
2017-04-28 23:39:14 -07:00
fionabunny d3e7e6542a home.py: move user_profile full_name to register_ret.
Move the user_profile data section down into fetch_initial_state_data
so it entirely pulls from register_ret for #3853.
2017-04-28 23:31:28 -07:00
fionabunny d5421f25e1 home.py: move user_profile email to register_ret.
Move the user_profile data section down into fetch_initial_state_data so
it entirely pulls from register_ret for #3853
2017-04-28 23:27:34 -07:00
fionabunny 9daf9faa5c home.py: move enter_sends to register_ret.
Move the user_profile data section down into fetch_initial_state_data so
it entirely pulls from register_ret for #3853
2017-04-28 23:26:28 -07:00
fionabunny 6f770c2465 home.py: move user_id to register_ret.
Move the user_profile data section down into fetch_initial_state_data so
it entirely pulls from register_ret for #3853
2017-04-28 23:26:28 -07:00
fionabunny 6159b8e21a home.py: move is_admin to register_ret.
Move the user_profile data section down into fetch_initial_state_data so
it entirely pulls from register_ret for #3853
2017-04-28 23:26:27 -07:00
fionabunny d92da7d193 home.py: move can_create_streams to register_ret.
Move the user_profile data section down into fetch_initial_state_data
so it entirely pulls from register_ret for #3853.

This field requires some changes to the events race handling.
2017-04-28 23:23:21 -07:00
fionabunny 379a8afaae home.py: move autoscroll_forever to register_ret.
Move the user_profile data section down into fetch_initial_state_data so
it entirely pulls from register_ret for #3853
2017-04-28 23:16:32 -07:00
fionabunny 22be291d96 home.py: move default_desktop_notifications to register_ret.
Move the user_profile data section down into fetch_initial_state_data so
it entirely pulls from register_ret for #3853
2017-04-28 23:16:32 -07:00
Tim Abbott df8f4a837c home: Get page_params.enable_desktop_notifications from register_ret. 2017-04-28 23:15:35 -07:00
fionabunny 4696819629 Restructure format of avatar events and push into register_ret.
This moves the avatar_ fields in page_params to come from
register_ret.  Unlike many fields, changing this had a bit of
complexity, because the avatar update events didn't actually contain
some of the details required for moving these into register_ret to
work correctly without races.

We fix that as part of this change.

Modified significantly by tabbott.
2017-04-28 23:04:01 -07:00
Tim Abbott c63466cae3 home: Get pm_content_in_desktop_notifications from register_ret. 2017-04-28 22:06:32 -07:00
Tim Abbott 2a16cc1d24 home: Get enable_stream_desktop_notifications from register_ret. 2017-04-28 22:01:46 -07:00
Tim Abbott 2a8a101fe2 home: Get page_params.enable_stream_sounds from register_ret. 2017-04-28 21:56:58 -07:00
Tim Abbott 30db811167 home: Get page_params.enable_sounds from register_ret. 2017-04-28 21:54:05 -07:00
Tim Abbott a0ef1210eb home: Get enable_offline_email_notifications from register_ret. 2017-04-28 21:51:41 -07:00
Tim Abbott 1141111b74 home: Get enable_online_push_notifications from register_ret. 2017-04-28 21:51:07 -07:00
Tim Abbott 68cdbdd478 home: Get enable_offline_push_notifications from register_ret. 2017-04-28 21:50:41 -07:00
Tim Abbott ba384240b0 home: Get enable_digest_emails from register_ret. 2017-04-28 21:50:12 -07:00
fionabunny 83191cfadf home.py: move timezone to register_ret.
Moving the user_profile data section down into fetch_initial_state_data
so it entirely pulls from register_ret in #3853
2017-04-28 21:40:37 -07:00
fionabunny 16a0327c33 home.py: move emojiset to register_ret.
Moving the user_profile data section down into fetch_initial_state_data
so it entirely pulls from register_ret for #3853
2017-04-28 21:40:36 -07:00
fionabunny 2bdb6a00a7 home.py: move emojiset_choices to register_ret.
Moving user_profile data to fetch_initial_state_data from #3853
2017-04-28 21:40:26 -07:00
fionabunny 78bcbc79d6 home.py: move people_list as realm_users to register_ret.
Simplify the page_params generation logic #3853
2017-04-28 21:33:33 -07:00
fionabunny 7db8c61aac home.py: move event_queue_id as queue_id to register_ret.
Simplify the page_params generation logic #3853
2017-04-28 21:33:17 -07:00
fionabunny 453fc06686 home.py: move initial_presences as presenses to register_ret.
Simplify the page_params generation logic #3853.
2017-04-28 21:30:29 -07:00
fionabunny 84c4d67916 home.py: move bot_list as realm_bots to register_ret.
Simplify the page_params generation logic #3853
2017-04-28 21:24:44 -07:00
fionabunny a7192f4334 home.py: move neversubbed_info as never_subscribed to register_ret.
Simplify the page_params generation logic #3853
2017-04-28 21:24:44 -07:00
fionabunny 5676eaab50 home.py: move unsubbed_info as unsubscribed to register_ret.
Simplify the page_params generation logic #3853
2017-04-28 21:24:43 -07:00
fionabunny 26d080cf64 home.py: rename subbed_info and move to register_ret. 2017-04-28 21:24:43 -07:00
fionabunny b7c6d46bf9 home.py: move password_auth_enabled as realm_password_auth_enabled.
Part of #3853.
2017-04-28 21:23:48 -07:00
fionabunny 635a05fe80 home.py: move name_changes_disabled as realm_name_changes_disabled.
This appears to have been partially completed prior.  Part of #3853.
2017-04-28 21:12:23 -07:00
fionabunny 70fe2eab60 home.py: move is_zephyr_mirror_realm as realm_is_zephyr_mirror_realm.
Part of #3853.
2017-04-28 21:12:16 -07:00
fionabunny 935ddf3b17 home.py: move show_digest_email as realm_show_digest_email.
Part of #3853.
2017-04-28 21:12:10 -07:00
fionabunny 64041e0da1 home.py: move mandatory_topics as realm_mandatory_topics to register_ret.
Part of #3853.
2017-04-28 21:12:05 -07:00
fionabunny 79c989916d home.py: move realm_presence_disabled to register_ret.
Part of #3853.
2017-04-28 21:12:00 -07:00
fionabunny 6d2785c853 home.py: move domains as realm_domains to register_ret.
Part of #3853.
2017-04-28 21:11:56 -07:00
Tim Abbott 4a67ba241e realm_domains: Restructure library for getting realm domains.
* Remove duplicate list_of_domains_for_realm of get_realm_domains.
* Move get_realm_domains from actions.py.
2017-04-28 21:11:56 -07:00
fionabunny 504de6abc2 home.py: move realm_uri to register_ret.
Part of #3853.
2017-04-28 21:11:50 -07:00
Neeraj Wahi 90a154e451 Add mobile auth redirect to custom URI scheme (zulip://).
This makes it possible for the Zulip mobile apps to use the normal web
authentication/Oauth flows, so that they can support GitHub, Google,
and other authentication methods we support on the backend, without
needing to write significant custom mobile-app-side code for each
authentication backend.

This PR only provides support for Google auth; a bit more refactoring
would be needed to support this for the GitHub/Social backends.

Modified by tabbott to use the mobile_auth_otp library to protect the
API key.
2017-04-28 11:47:35 -07:00
Tim Abbott 0566b8dd73 auth: Fix prams typo in Google auth code path. 2017-04-28 11:47:35 -07:00
Tim Abbott 83fe8d4420 auth: Simplify code for Google CSRF state.
This will make it much easier to avoid adding new things that aren't
actually included in the CSRF hash of the other parameters.
2017-04-28 11:47:35 -07:00
Tim Abbott 54b899860d auth: Add GitHub to list of reported backends. 2017-04-28 11:47:35 -07:00
Tim Abbott 2708062181 events: Add support for fetch_event_types option to events_register.
This new feature makes it possible to request a different set of
initial data from the event_types an API client is subscribing to.

Primarily useful for mobile apps, where bandwidth constraints might
mean one wants to subscribe to events for a broader set of data than
is initially fetched, and plan to fetch the current state in future
requests.
2017-04-26 16:02:40 -07:00
Maxim Averin 15170b5423 Switch regenerate_api_key to use RealmAuditLog. 2017-04-25 10:23:33 -07:00
Harshit Bansal 07081196f4 backend: Allow to change UserProfile's `emojiset` field via api. 2017-04-24 22:30:07 -07:00
Tim Abbott 1f0c4e5fb3 email mirror: Fix mypy annotation error. 2017-04-24 22:01:48 -07:00
K.Kanakhin e3e52e7284 email-mirror: Move postfix email mirror integration to separate script.
This fixes a performance problem where we were previously starting up
a full Django process (~0.7s even on a fast machine) every time a new
email came in, potentially allowing users to accidentally DoS a Zulip
server.  Now, we just post over HTTPS, allowing the existing thread
pool support to do its job.

- Add script wrapper to communicate postfix pipe with django web server
  over HTTP(S). It uses shared_secret authentication mode.
- Add django view to process messages from email mirror server.
- Clean management command `email-mirror`. Left just functional
  for cron email processing.
- Add routes for new tornado view.
- Change pipe script in master process postfix config template
  based on updated script.
- Add tests.

Tweaked by tabbott to adjust the directory and set better defaults.

Fixes #2421.
2017-04-24 21:24:23 -07:00
Umair Khan dbbc73837d redirect_to_main_site: Handle is_signup parameter.
Passes on the is_signup parameter passed in a querystring.
2017-04-20 11:14:28 -07:00
Umair Khan 8b88cfc84b redirect_and_log_into_subdomain: Handle is_signup. 2017-04-20 11:11:54 -07:00
Sarah 81f76ff13b Realm.py: Removing 'exclude' variable.
The exclude variable was superfluous. The realm properties
listed in the exclude variable are not in the
realm.property_types dict, so they do not need to
be explicitly excluded.
2017-04-19 22:08:36 -07:00
Tim Abbott cddee49e75 Add support infrastructure for push notification bouncer service.
This is an incomplete cleaned-up continuation of Lisa Neigut's push
notification bouncer work.  It supports registration and
deregistration of individual push tokens with a central push
notification bouncer server.

It still is missing a few things before we can complete this effort:
* A registration form for server admins to configure their server for
  this service, with tests.
* Code (and tests) for actually bouncing the notifications.
2017-04-18 23:03:06 -07:00
Jacob Hurwitz 8343d80873 Fix mobile home view returning messages older than the pointer.
In cases where old unread messages in the home view might have been
leaked (either due to bugs or unusual muting interactions), it's
theoretically possible for the first unread message in the home view
to be far older than the pointer.

Since the Zulip mobile app is loading messages following the
use_first_unread logic, we need to plug this gap.

Probably a longer-term solution will involve changing how
update_message_flags works to automatically advance the pointer, but
this change should make it possible for the mobile apps to
consistently use the `use_first_unread` mechanism for fetching the
latest home view messages.

With tweaks to the tests by tabbott.

Fixes zulip/zulip-mobile#422.
2017-04-18 21:39:24 -07:00
Abhijeet Kaur 5e55fe992d backend: Add ability to search by group private message thread.
This doesn't yet contain the frontend or documentation for this
feature.

Modified by tabbott to rename the parameter and line-wrap the query
code.
2017-04-18 15:50:27 -07:00
Umair Khan cf3b6c6ca9 profile: Support custom profile data.
Implements backend for #1760.
2017-04-18 15:20:59 -07:00
Kouhei Sutou 2f09866364 message: Support highlight in link tag.
textsearch based full text search doesn't match text in link tag but
PGroonga based full text search can match text in link tag.

Without this change, highlighting text in link tag generates broken
HTML.
2017-04-18 13:15:48 -07:00
Umair Khan d699172d06 authenticate_remote_user: Properly handle None email. 2017-04-18 09:33:03 -07:00
Sarah 1a7f487260 Realm.py: Refactor and remove duplicate code.
Moved error handling to the beginning of the update_realm
function. Removed several if statements and replaced them with
a block of code that loops through realm properties and updates
them if an update has been sent through the request. Also
created an 'exclude' list for realm properties that do not fit
into the general pattern that most other realm properties
follow for updating. Those properties are handled separately.

Some comments added by tabbott.

Addresses part of issue #3854.
2017-04-17 21:30:11 -07:00
Tim Abbott 0c8575e2dc user_settings: Disable bot access to several endpoints.
These settings have no effect on bots, so this change is mostly about
just avoiding confusion.
2017-04-16 13:14:59 -07:00
Rishi Gupta e14c940ecc decorator: Add human_users_only decorator.
Applies it to presence.update_active_status_backend as an example of usage.
2017-04-16 12:51:23 -07:00
Tim Abbott 9400689f86 presence: Remove use of timezone.now(). 2017-04-16 12:32:57 -07:00
hackerkid b2504084ab Replace timezone.now with timezone_now. 2017-04-16 12:28:56 -07:00
Rishi Gupta b5482d51b1 presence.py: Change bot-related error messages to match each other. 2017-04-14 14:34:17 -07:00
Rishi Gupta bbddbdeb25 presence.py: Enforce bots cannot use update_active_status_backend.
We need to keep the UserActivity table clean now that we're using it to
compute 15day actives in analytics.
2017-04-14 14:34:17 -07:00
Umair Khan 519dcdb750 api_dev_fetch_api_key: Improve invalid email message.
Show a user friendly message to the user if email is invalid.
Currently we show a generic message:
"Your username or password is incorrect."
2017-04-13 12:48:13 -07:00
Umair Khan 80b019629c remote_user_sso: Improve invalid email message.
Show a user friendly message to the user if email is invalid.
Currently we show a generic message:
"Your username or password is incorrect."
2017-04-13 12:48:13 -07:00
Umair Khan 93aa478efb api_fetch_api_key: Improve invalid email message.
Show a user friendly message to the user if email is invalid.
Currently we show a generic message:
"Your username or password is incorrect."

The only backend which can accept a non-email username is LDAP.
So we check if it is enabled before showing the custom message.
2017-04-13 12:48:13 -07:00
rahuldeve 60803137f2 uploads: Add authorization check before serving files.
This is a remerge of e985b57259 (after
resolving merge conflicts, updating the tests, adding mypy annotations
etc.), which should now be correct, because we've done the necessary
database migration.

The rebase/remerge work was done by Tim Abbott and Aditya Bansal.

This is an important part of #320.
2017-04-07 16:35:28 -07:00
Umair Khan 21f5c5cbf4 integrations: Pass context to integration objects. 2017-04-07 15:52:15 -07:00
Umair Khan a45f8b463a app_filters.py: Use Django to load template.
This commit allows us to load template using Django in
render_markdown_path.
2017-04-07 15:52:15 -07:00
Tim Abbott 06a814f6d5 actions: Deduplicate backend display_settings code. 2017-04-06 15:33:41 -07:00
Tomasz Kolek 5b17622589 docs: Move integrations.html to integrations/index.html.
Add omiting rule for all of integrations docs in test_templates.
2017-04-05 13:19:58 -07:00
Maxim Averin 02900ff54a Switch do_change_bot_owner to use RealmAuditLog.
This requires adding an `acting_user` parameter to the
`do_change_bot_owner` function.
2017-04-05 12:50:55 -07:00
Steve Howell 205f2c1562 Add ping_only flag for presence updates.
The web app doesn't need any presence data for its first ping to
the server, because it already has up-to-date presence info in
page_params.  So now we can tell the server not to send us a big
payload that we were already ignoring.
2017-04-04 15:57:10 -07:00
Harshit Bansal b40a8ea20b views/realm_aliases.py: `realm_alias` migration.
* Rename `views/realm_aliases.py` to `views/realm_domains.py`.

* Remove any occurrences of `alias`.
2017-04-04 15:48:03 -07:00
Harshit Bansal c226c651f7 actions.py: Rename `do_remove_realm_alias()` to `do_remove_realm_domain()`. 2017-04-04 15:48:03 -07:00
Harshit Bansal a08155b09e actions.py: Rename `do_change_realm_alias()` to `do_change_realm_domain()`. 2017-04-04 15:48:03 -07:00
Harshit Bansal 2da4fc0dc4 actions.py: Rename `do_add_realm_alias()` to `do_add_realm_domain()`. 2017-04-04 15:48:03 -07:00
Harshit Bansal 983225612d actions.py: Rename `get_realm_aliases()` to `get_realm_domains()`. 2017-04-04 15:48:03 -07:00
Harshit Bansal 92c512d679 zerver/models.py: Rename can_add_alias() to can_add_realm_domain(). 2017-04-04 15:48:03 -07:00
Harshit Bansal ac2172e233 models: Rename RealmAlias model to RealmDomain.
Includes a migration.
2017-04-04 15:48:03 -07:00
Kouhei Sutou 7c43aa1372 message: Use pgroonga.match_positions_character.
We can remove byte version text highlight method with this change.

pgroonga.match_positions_character was added in PGroonga 1.1.1:
http://pgroonga.github.io/reference/functions/pgroonga-match-positions-character.html

PGroonga 1.1.1 was released at 2016-08-31. So we can use it.
2017-04-04 14:05:45 -07:00
Amy Liu 6f061beb46 hotspots: Add backend support for tutorial hotspots.
This commit adds the backend support for a new style of tutorial which
allows for highlighting of multiple areas of the page with hotspots that
disappear when clicked by the user.
2017-03-29 11:34:32 -07:00
Bao Chau 9b6e648acb registration: Fetch length limits from the backend's actual sizes.
This makes these more likely to remain accurate over time.

Fixes #4211.
2017-03-25 20:10:12 -07:00
Elliott Jin 1c0d58f897 test-backend: Raise zerver/views/auth.py test coverage to 100%. 2017-03-25 18:16:16 -07:00
K.Kanakhin 234a1f8e61 retention-period: Add retention period to front-end admin organization settings.
- Add message retention period field to organization settings form.
- Add css for retention period field.
- Add convertor to not negative int or to None.
- Add retention period setting processing to back-end.
- Fix tests.

Modified by tabbott to hide the setting, since it doesn't work yet.
The goal of merging this setting code now is to avoid unnecessary
merge conflicts in the future.

Part of #106.
2017-03-25 17:57:18 -07:00
Tim Abbott 3617ebfd41 api: Rename get_old_messages to get_messages in the backend.
Fixes #1315.
2017-03-23 23:52:44 -07:00
Sarah Stringer 09f66b5c6d actions: Add do_set_realm_property function and migrate to it.
zerver/lib/actions: removed do_set_realm_* functions and added
do_set_realm_property, which takes in a realm object and the name and
value of an attribute to update on that realm.

zerver/tests/test_events.py: refactored realm tests with
do_set_realm_property.

Kept the do_set_realm_authentication_methods and
do_set_realm_message_editing functions because their function
signatures are different.

Addresses part of issue #3854.
2017-03-23 17:52:45 -07:00
Akash Kothawale 4c2bfae83e get_stream: Throw DoesNotExist if stream is not found.
This makes get_stream match get_realm, get_user_profile_by_email,
etc., in interface, and is more convenient for mypy annotations
because `get_stream` now doesn't return an Optional[Stream].
2017-03-23 15:42:00 -07:00
Tim Abbott f3af0fe635 reactions: Fix reacting to messages on streams you're not subscribed to.
We use the same strategy Zulip already uses for starred messages,
namely, creating a new UserMessage row with the "historical" flag set
(which basically means Zulip can ignore this row for most purposes
that use UserMessage rows).  The historical flag is ignored, however,
in determining which users' browsers to notify about new reactions,
and thus the user will get to see the reaction appear when they click
a message (and any reactions other users later add, as well!).

There's still something of a race here, in that if some users react to
a message while the user is looking at the unsubscribed stream but
before the user reacts to that message, those reactions will not be
displayed to that user (so counts will be a bit lower, or something).
This race feels small enough to ignore for now.

Fixes #3345.
2017-03-22 20:22:13 -07:00
Ayush Jain bddcfb1c96 Add realm-level settings to control inline image and url preview.
This gives users more control in case they don't want previews,
especially for the "previews of linked websites" feature.

Fixes: #2640.
2017-03-21 15:46:17 -07:00
Tim Abbott aa7e4fec35 messages: Require join with zerver_message if use_first_unread_anchor.
This fixes a 500 bug where the RN mobile app would simply fail to load
old messages if use_first_unread_anchor was not set.
2017-03-21 00:02:46 -07:00
Tim Abbott 5b0ff2a69a mypy: Fix some strict-optional related issues. 2017-03-19 22:26:25 -07:00
Sarah Stringer aa880b0419 Add organization description field to realm settings.
This adds an organization description field to the Realm model, as well as
an input field to the organization settings template. Added three tests.
Set the max length of the field to 100 characters.

Fixes #3962.
2017-03-19 14:05:01 -07:00
Jacob Hurwitz 0a76a609ec Fix bugs with handling of the empty narrow.
An empty narrow (ie, the home view) can be represented in code as either
`None` or `[]` but we had incorrect handling that failed to fully
properly deal with either case.

(1) In `get_stream_name_from_narrow`, we failed to deal with `None` by
trying to always iterate over `narrow`.
(2) In several other places, we failed to deal with `[]` by explicitly
checking `if narrow is None` or `if narrow is not None`. Changing these
to truthiness checks should work for both the `None` and `[]` cases.
2017-03-19 11:47:03 -07:00
Elliott Jin 25d9aac016 registration.py: Don't catch exception that can't be thrown.
A previous commit changed a `get` (which can throw `DoesNotExist`) to use an
existing object, but kept the `try` / `except` block:

4bf3ace444

Removing this unused code path allows us to achieve 100% test coverage.
2017-03-18 18:11:59 -07:00
Jacob Hurwitz 8ab88f5aad Remove hack for old mobile clients
This FIXME was added in 50d229fe11.
Considering it's been more than 4 years, we can probably safely remove
it now.
2017-03-18 18:11:17 -07:00
Umair Khan 4442703011 jinja2: No need for custom render_to_response.
Django 1.10 has changed the implementation of this function to
match our custom implementation; in addition to this, we prefer
render().

Fixes #1914 via #4093.
2017-03-17 13:57:34 -07:00
Umair Khan d4ee102a95 users: Change render_to_response to render.
Related to #4093
2017-03-17 13:52:59 -07:00
Umair Khan 62a580a37f unsubscribe: Change render_to_response to render.
Related to #4093
2017-03-17 13:52:59 -07:00
Umair Khan 446c06bbf4 registration: Change render_to_response to render.
Related to #4093
2017-03-17 13:52:59 -07:00
Umair Khan 58b407e2ff integrations: Change render_to_response to render.
Related to #4093
2017-03-17 13:52:59 -07:00
Umair Khan 097b0e3979 home: Change render_to_response to render.
Related to #4093
2017-03-17 13:52:59 -07:00
Umair Khan 4e2311544f auth: Change render_to_response to render.
Related to #4093
2017-03-17 13:52:59 -07:00
Umair Khan 14c2b40acc unsubscribe.py: Pass request to process_subscribe.
We are changing render_to_respone to render; render takes
request as an argument.
2017-03-17 13:52:59 -07:00
kunall17 a908bb1898 Implemented API routes for muting/unmuting a topic 2017-03-15 16:19:00 -07:00
Umair Khan 242d3ffaf4 Add timezone field in UserProfile.
Implements backend of #1506.
2017-03-15 11:18:24 -07:00
Raghav Jajodia ef7e15ee00 admin: Add realm option to prevent users from changing their name.
A realm option to prevent users from changing their name is added.
Fixes #3950.
2017-03-14 14:10:08 -07:00
Raghav Jajodia dc48b87765 home.py: Fix bug associated with email_changes_disabled.
On reloading the page after disabling email changes does not check
the "Prevent users from changing their email address".
Adding realm_email_changes_disabled to page_params_core_fields fixes the problem.
2017-03-14 14:10:08 -07:00
Rishi Gupta 098797cd36 Remove page_params.domain. 2017-03-13 14:42:55 -07:00
Rishi Gupta 3aae6cd421 Change if(realm.domain == zulip.com) checks to use Realm.string_id. 2017-03-13 14:17:14 -07:00
Rishi Gupta 727fac75c7 signups: Use topic string_id for internal messages from new user signups.
Previously we used the topic "Realm.domain" for new user signups, but topic
"Realm.string_id" for the realm creation. This changes the user signup
messages to be on the same topic thread as the realm creation.
2017-03-13 10:00:41 -07:00
Rishi Gupta ef532bbbb1 statsd: Change keys to use Realm.string_id instead of domain. 2017-03-13 09:51:02 -07:00
Rishi Gupta 00f49d4121 views/users.py: Change error message to use Realm.string_id instead of domain. 2017-03-13 09:37:06 -07:00
Raghav Jajodia c17e574211 Remove product_name setting and return to harcoding 'Zulip'.
This removes some confusion in grep for frontend strings with Zulip in
them and also cleans up the code in some places.

Fixes #1602.
2017-03-09 21:48:15 -08:00
Tim Abbott c2bee5a89b auth: Fix fetch_auth_backends to properly report supported methods.
This fixes 2 related issues:
* We incorrectly would report authentication methods that are
  supported by a server (but have been disabled for a given
  realm/subdomain) as supported.
* We did not return an error with an invalid subdomain on a valid
  Zulip server.
* We did not return an error when requesting auth backends for the
  homepage if SUBDOMAINS_HOMEPAGE is set.

Comes with complete tests.
2017-03-09 21:37:00 -08:00
Amy Liu e5ab3123af Migrate json/set_muted_topics to muting/topics. 2017-03-09 20:52:29 -08:00
Amy Liu 9500c88e32 Migrate legacy url json/bulk_invite_users to invite/bulk_invite. 2017-03-09 20:51:03 -08:00
Tim Abbott 3b59e6c3cc subs: Rename /#subscriptions to /#streams.
Fixes #3653.
2017-03-08 16:57:58 -08:00
Rishi Gupta 3797fa657e Change bot domains to string_id.EXTERNAL_HOST.
Change applies to both subdomains and non-subdomains case, though we use
just the EXTERNAL_HOST in the non-subdomains case if there is only 1 realm.

Fixes #3903.
2017-03-08 16:26:13 -08:00
K.Kanakhin 1cb0f8dc41 Add size limit for uploading user avatars and realm icons.
- Add settings parameter for max realm icon size.
- Add settings parameter for max user avatar size.
- Add checking file size to avatar and icon
  uploading views.
- Transfer file size limit parameter to frontend.
- Add tests.
2017-03-07 22:13:01 -08:00
Tim Abbott 01129c1ab9 home: Simplify logic for realm_icon_source/url. 2017-03-07 22:09:58 -08:00
K.Kanakhin 72424f3a9f realm-icon: Fix variable name for realm icon source. 2017-03-07 22:09:58 -08:00
K.Kanakhin 173f34b7aa user-presence: Add `offline` status to aggregated info.
- Add `OFFLINE_THRESHOLD_SECS` settings parameter
  to handle offline period.
- Set aggregated status to offline if user's status
  haven't changed for `OFFLINE_THRESHOLD_SECS` period.
- Add test for offline aggregated status.
2017-03-07 20:09:53 -08:00
K.Kanakhin 2f251dedaf user-presence: Add aggregated status to user presence info.
- Add aggregated status to user presence status dict.
- Add tests for aggregated presence status.
- Fix removing unused keys from status dict
  with aggregated data for user.

Fixes #3692
2017-03-07 20:09:53 -08:00
Tim Abbott 89eb7636ba remove_push_device_token: Remove unused request argument. 2017-03-05 22:01:28 -08:00
Tim Abbott 657dfcbddc push: Move remove_push_device_token to library. 2017-03-05 19:15:17 -08:00
Tim Abbott c0ad9c02fd push: Extract validate_token helper function. 2017-03-05 19:15:17 -08:00
Tim Abbott 271bd5a282 push: Move add_push_device_token to library. 2017-03-05 19:15:16 -08:00
Tim Abbott 08e1759ad0 bots: Replace bare excepts with targeted exceptions. 2017-03-05 16:17:04 -08:00
Steve Howell 0bb1af0fd9 Send stream_id in subscription updates. 2017-03-05 15:26:00 -08:00
Philip Skomorokhov 866a7b06b2 upload: Limit total size of files uploaded by a user to 1GB.
Fixes #3884.
2017-03-04 18:08:30 -08:00
Tim Abbott 80232425f4 user_settings: Clean up error messages and tests for email change. 2017-03-04 17:32:48 -08:00
Raghav Jajodia cd2d798498 admin: Added realm option to prevent users from changing their email.
A realm option to prevent users from changing their email address is added.
Fixes #3777.
2017-03-04 17:32:48 -08:00
Raghav Jajodia ec77aa0dfb user_settings: Add auth check before confirm_email_change.
This isn't strictly necessary, but adds a little bit of extra security
to the overall email change flow.
2017-03-04 17:05:25 -08:00
Raghav Jajodia a3a03bd6a5 mypy: Added Dict, List and Set imports.
Fixed mypy errors associated with the upgrade.
2017-03-04 14:33:44 -08:00
adnrs96 9eb47f108c Refactor: Change upload_avatar_image to accept two user profiles.
In this commit we just change the upload_avatar_image function to accept
two user_profiles acting_user_profile and target_user_profile. Basically
email param is dropped for a target_user_profile so that avatar's could
be moved lateron to user id based storage.
2017-03-03 18:15:15 -08:00
Sourav Badami 4616ee7762 Enable display of emoji as their alt codes in reactions.
This currently only supports this in emoji reactions, not in actual
emoji in message bodies, but it's a great start for people who want a
text-only view.

Tweaked to update the text by tabbott.

Fixes #3169.
2017-03-03 15:19:34 -08:00
Tim Abbott d90f7c72a3 zephyr: Fix broken postgres regular expression logic and add tests.
Like many rare-case code with new tests, it turns out that the logic
for handling null characters in our Zephyr postgres query escaping
never worked, in multiple ways.  First, it always changed the second
character in s, not the current one being inspected, and second, the
value it replaced it with was no the correct postgres escape of the
null byte.  We fix this and add tests.

This completes the effort to get zerver/views/messages.py to 100%
test coverage.

Fixes #1006.
2017-03-01 10:38:48 -08:00
Tim Abbott bc38870136 preview: Fix adding links in message editing.
When you edit a message to contain links, and URL previews are
enabled, previously we'd throw an exception, because the realm ID
wasn't included in the event.

Also adds a test so that we can have effective test coverage on this
codepath, though this history is actually that I found the bug through
writing this test :).
2017-03-01 10:38:47 -08:00
hackerkid b7a6826fda Add support for getting medium size profile images. 2017-03-01 09:57:30 -08:00
Igor Tokarev 31dff09efa Support email changes for !avatar syntax.
Significantly modified by tabbott to avoid calling
get_user_profile_by_email in bugdown, and have 100% test coverage of
the views code.

Fixes #2041.
2017-02-28 21:56:04 -08:00
Tim Abbott a1d296b802 report: Use DEVELOPMENT instead of DEBUG setting.
This fixes a weird issue where the following sequences of tests would fail:

test-backend
 zerver.tests.test_messages.PersonalMessagesTest.test_personal_to_self
 zerver.tests.test_report.TestReport.test_report_error
 zerver.tests.test_templates.TemplateTestCase.test_custom_tos_template

It appears that all 3 tests are required for the failure.

While it's not entirely clear what the cause is, a very likely factor
is that settings.DEBUG is special, and so changing it at runtime is
likely to cause weird problems like this.

We fix this by replacing it with settings.DEVELOPMENT, which has the
same value in all environments, but doesn't have this problem of being
a special Django thing.
2017-02-28 21:44:41 -08:00
Elliott Jin 7ed10da4ad test-backend: Raise zerver/views/report.py test coverage to 100%. 2017-02-28 20:06:00 -08:00
Rishi Gupta 15d60fa7ed Change now() to timezone.now() throughout codebase.
Change `from django.utils.timezone import now` to
`from django.utils import timezone`.

This is both because now() is ambiguous (could be datetime.datetime.now),
and more importantly to make it easier to write a lint rule against
datetime.datetime.now().
2017-02-28 16:03:37 -08:00
Tim Abbott de604d7759 page_params: Reorganize page_params dict with plans.
page_params is kinda a monster object.  Ideally, we'd make it be
constructed in a much less haphazard fashion, and make sure that all
the useful data in it is available via the `/register` endpoint for
mobile/API.  This change reorganizes page_params to be sorted by data
source, which is an important prerequisite for doing that.
2017-02-28 14:58:54 -08:00
Tim Abbott e86ed89986 page_params: scope presence_disabled in realm. 2017-02-28 14:58:53 -08:00
Tim Abbott dfb7a57bec home: Refactor register_ret->page_params logic. 2017-02-28 14:45:03 -08:00
K.Kanakhin d9b10727fa server-version: Add server version to api endpoints.
- Add server version to `fetch_initial_state_data`.
- Add server version to register event queue api endpoint.
- Add server version to `get_auth_backends` api endpoint.
- Change source for server version in `home` endpoint.
- Fix tests.

Fixes #3663
2017-02-28 14:22:01 -08:00
Vivek Anand 620d75afc5 alert_words: Avoid redundant .lstrip().
We are applying .strip() on a string and thus we don't
need .lstrip() since .strip() already strips the left
side of the string.
2017-02-28 10:13:03 -08:00
K.Kanakhin 23706a3c9e Add server error response for failed handlebars template compilation.
- Add stamp file creation for the failed templates compilation.
- Add error response to `home` route if stamp file exists. It appears
  just for the development environment.
- Add jinja2 template for failed handlebars templates compilation error.

Fixes #3650.
2017-02-28 09:44:08 -08:00
Elliott Jin 11ba94f11a test-backend: Raise zerver/views/integrations.py test coverage to 100%. 2017-02-28 09:31:06 -08:00
Harshit Bansal 8b11deedb3 views/users.py: Allow changing bot's owner.
Modify the `patch_bot_backend()` route to support
changing the bot owner.
2017-02-26 21:39:22 -08:00
Elliott Jin 6bdefb92e9 test-backend: Raise zerver/views/zephyr.py test coverage to 100%. 2017-02-26 20:54:25 -08:00
Tim Abbott 4ea997493b events: Normalize realm_icon events to be standard.
This lets us save on semi-duplicate code, both in server_events.js and
in zerver/lib/events.py, and makes our event structure a bit more
predictable.
2017-02-26 12:16:07 -08:00
K.Kanakhin 257bb40698 realm-icon: Add realm icon feature.
- Add realm icon fields to realm model.
- Add migration for new realm model's field.
- Add views for icon uploading and deleting.
- Add routes for realm icons views.
- Add JS widget for realm icon upload setting.
- Add realm icon upload to administration
  organization setting.
- Add tests for realm icons.

Fixes #3660.
2017-02-26 12:16:07 -08:00
Umair Khan 5bf83f9e0a change-email: Implement confirmation flow.
This adds to Zulip support for a user changing their own email
address.

It's backed by a huge amount of work by Steve Howell on making email
changes actually work from a UI perspective.

Fixes #734.
2017-02-23 03:15:17 -08:00
Tim Abbott 8dba310bee messages: Remove some unnecessary zephyr code paths.
The comments explain why this change is correct.  This change is
useful because it's better to not have dead code paths, both because
it makes our life easier for coverage analysis, and because the else
statement provided the illusion that it could actually happen.

If the analysis in that comment is wrong, we'd rather have a 500 error
so we fix the bug than things silently sorta working.
2017-02-22 20:51:25 -08:00
Tim Abbott 948e1bbd0a update_message_backend: Use access_message.
This continues our campaign of removing direct queries on the Message
and UserMessage tables that could not follow our security policy.
2017-02-22 20:51:25 -08:00
Tim Abbott 442066da12 messages: Remove unused json_update_message. 2017-02-22 20:51:25 -08:00
Tim Abbott 64434e04a1 messages: Fix empty condition for muted streams.
This fixes a sqlalchemy warning (that caused unnecessary complexity in
this query).
2017-02-22 20:51:23 -08:00
Tim Abbott a079bcdce1 get_old_messages: Add LARGER_THAN_MAX_MESSAGE_ID constant. 2017-02-22 20:50:15 -08:00
Tim Abbott ff65b6b842 get_old_messages: Remove unnecessary >= max_message_id query. 2017-02-22 20:47:48 -08:00
Tim Abbott 6f0410774c sqlalchemy: Fix most sqlalchemy deprecation warnings.
Fixes #2732.
2017-02-22 20:47:48 -08:00
Tim Abbott 66f016edbb zephyr: Fix zerver_message tables scans due to regex in queries.
This arguably regresses the Zephyr experience, in that we no longer
consider 'foo.d.d.d.d.d' to be something that gets narrowed in with
the rest, but that's a pretty rare use case anyway.

In practice, using that many '.d's anyway only happens a few times a
year.
2017-02-22 20:47:46 -08:00
Ayush Jain 455c1919fc Add customizable invite-new-user text.
This makes life a lot easier for people inviting users to a new Zulip
organization, since they can give some form of context now.

Modified by tabbott to clean up CSS, backend code flow, and improve
the formatting of the emails.

Fixes: #1409.
2017-02-21 22:35:01 -08:00
Tim Abbott 20f9c04ab5 decorator: Add logging data to zulip_login_required.
This fixes an issue that many logged=in pages such as /stats did not
correctly report either the connecting client or the user in server
logs.
2017-02-20 21:15:44 -08:00
Tim Abbott 7a930afa07 events_register: Don't include subscribers in API data by default.
There's a new option, `include_subscribers`, that controls whether the
API sends down subscriber data for the various streams you are
subscribed to.

This has significant performance savings for large realms with naive
clients, and saves a bunch of bandwidth as well.
2017-02-20 11:07:09 -08:00
Tim Abbott 1cbc86499e events_register: Eliminate unnecessary api_events_register wrapper. 2017-02-20 11:07:09 -08:00
Tim Abbott 98894eb759 edit_history: Reverse the order of edit history list. 2017-02-19 16:47:07 -08:00
Tim Abbott eadd6fb3c6 message_edit: Include an initial entry in view output.
This makes it super easy for frontend code using this view code to
produce a nice display of the history.

This also fixes an off-by-one error with the timestamps.
2017-02-19 16:46:47 -08:00
Tim Abbott 515340ed00 Add message edit history backend with tests.
Based on work by Kartik Maji in #1204.

This has a few significant changes from the original version:
* We correctly handle filling in data for topic edits
* Has a complete test suite verifying correctness of the logic
* Currently, it doesn't include a special "start" entry

Things we may want to further change include:
* Adding a special "start" entry.
* Reversing the order of the history data returned for clarity.
2017-02-19 16:13:35 -08:00
Tim Abbott 32bfebeb7a mypy: Fix inconsistencies in use of *args/**kwargs. 2017-02-18 18:39:44 -08:00
Tim Abbott 473c0ee1fe mypy: Remove now-unused type: ignores. 2017-02-18 17:01:01 -08:00
Tim Abbott b63a8a7880 integrations: Fix mypy error. 2017-02-18 15:29:43 -08:00
Tim Abbott bbecd41376 help: Fix link to index page being present on index page.
Fixes #3613.
2017-02-18 14:59:43 -08:00
Tim Abbott c61d0a78f4 home: Remove unused get_client import. 2017-02-17 15:35:38 -08:00
Tim Abbott 7a5065da62 views: Stop hardcoding the 'website' client for the / endpoint.
We were apparently incorrectly harcdoding the client for the main
logged-in site loading to website, rather than using the existing
logic that could sort out the desktop apps.
2017-02-17 15:20:42 -08:00
Steve Howell ad24133b94 Have functions in lib/avatar.py use avatar versions.
In some cases here we simplify things by calling avatar_url()
instead of get_avatar_url(), when we have a user_profile record
handy.  For other cases we pass in an extra avatar_version
parameter to get_avatar_url(), including from avatar_url().
2017-02-17 10:19:56 -08:00
Adarsh S 3c2c0c67b9 Bump user_profile.avatar_version when we change avatars.
We have a field called user_profile.avatar_version that will
track avatar versions and be used tactically in avatar urls
to get browsers to refresh their caches (in future commits).

This commit bumps the avatar version when we update avatars.

We do this in do_change_avatar_fields(), which was
do_change_avatar_source() before this change.

Adarsh did the initial work here, and Steve Howell (showell) also
made changes.
2017-02-17 10:19:56 -08:00
paxapy 9a5179c460 Add support for managing and deleting attachments.
Modified substantially by tabbott to fix tons of issues.

Fixes #454.
2017-02-16 23:44:44 -08:00
Tim Abbott d564a76f8e alert_words: Consistently clean whitespace for alert words.
This fixes some gaps in handling of whitespace in alert words.
2017-02-16 21:06:18 -08:00
Raghav Jajodia c1dfa348a1 alert_words: Trim whitespace around alert words.
"Add a new alert word" box now displays an alert when filled with only spaces.
Fixes #3369
2017-02-16 21:06:18 -08:00
Steve Howell d406d34fe0 Use user_id in admin_user_list.handlebars.
For our user administration, we now primarily work with user ids
that get put into data-user-id attributes.  We still put emails in the
tags to make our Casper tests easy to maintain.

This requires a minor change to the back end to pass down user ids
for the /users endpoint (in get_members_backend).
2017-02-14 23:07:44 -08:00
Tim Abbott 46226bad21 presence: Fix mypy errors in new feature. 2017-02-10 23:57:28 -08:00
Tim Abbott eeca69cb4b mypy: Clean up more optional types. 2017-02-10 23:53:44 -08:00
Tim Abbott aee81b702c add_subscriptions_backend: Cleanup type of principals. 2017-02-10 23:53:44 -08:00
Tim Abbott c9a782ff75 Simplify zerver/views/users.py:get_stream_name. 2017-02-10 23:53:44 -08:00
Tim Abbott b81fd407e8 mypy: Fix several Optional typing errors. 2017-02-10 23:53:44 -08:00
Tim Abbott 71af0f7e2e Add endpoint to fetch presence data for a single user.
This is an experimental API subject to its data format being changed.

Fixes #3638.
2017-02-10 23:52:56 -08:00
saisrivathsa b867ac3496 Extract zerver/lib/events.py from actions.py with event registration.
This moves do_events_register, fetch_initial_state_data and friends to
a new file.

Modified significantly by tabbott for correctness and to remove unused
imports.

Fixes #3635.
2017-02-10 16:50:43 -08:00
Harshit Bansal 7d10cbc32b Add RealmAlias.allow_subdomains to model, frontend, and API.
Includes a database migration.

Fixes #1868.
2017-02-08 22:03:27 -08:00
Rishi Gupta a16c48f0c4 actions.py: Change do_remove_realm_alias to take a RealmAlias.
Ensures that this function doesn't throw an error / prevents putting in an
incorrect realm or domain argument.
2017-02-08 21:15:28 -08:00
Tim Abbott 56cecc4891 users: Verify full names explicitly in user creation.
This fixes an issue where users could be created with an invalid name
(introduced only a couple commits ago when we added character set
restrictions).
2017-02-07 19:54:30 -08:00
Tim Abbott 2283b5fc91 users: Consolidate name change enforcement logic.
This has the side effect of fixing an issue where one could edit a
bot to have an invalid name.
2017-02-07 19:45:21 -08:00
Ritwik Srinivas 74b68f6bbc Adds banned characters in name function
Disallows you from putting the characters @, *, `, and > and " in
your name. Added test cases similar to the MAX_NAME_LENGTH check

Copied initial code from:
https://github.com/zulip/zulip/pull/2473
2017-02-07 19:31:14 -08:00
Harshit Bansal 9f67f1ada7 DevAuthBackend: Improve the query for dev users.
This changes the query for DevAuthBackend so that the shakespearian
users are not omitted while limiting the number of extra users to be
rendered to something reasonable.

Fixes: #3578.
2017-02-06 21:59:31 -08:00
Tim Abbott fa02dfdff4 mobile: Add an endpoint for checking compatibility. 2017-02-03 09:55:34 -08:00
Rishi Gupta 92e8cad42a dev login page: Add all non-zulip users as community users.
We create a new realm and user when running populate_analytics_db.py, in a
realm that is neither 'zulip' nor 'simple'.
2017-02-01 16:10:11 -08:00
Steve Howell 5ec4ed0d5c bug fix: Allow renaming streams to different cases.
Before this change, you could not rename a stream
from "denmark" to "Denmark".
2017-02-01 14:20:46 -08:00
Harshit Bansal 59d22e7cb8 realm_emoji: Cleanup an unreachable try/except block.
Fixes: #3515.
2017-01-30 16:43:02 -08:00
Tim Abbott 1bbf0f9a98 streams: Consider stream name validation logic. 2017-01-29 22:07:14 -08:00
Tim Abbott 884aa2b184 streams: Eliminate last use of get_stream in views. 2017-01-29 22:07:14 -08:00
Tim Abbott 32f778636b streams: Add tests for do_rename_stream error paths. 2017-01-29 20:27:00 -08:00
Tim Abbott a3f3f5b7bc remove_default_stream: use access_stream_by_name. 2017-01-29 20:27:00 -08:00
Tim Abbott 19eaa92059 add_default_stream: use access_stream_by_name. 2017-01-29 20:27:00 -08:00
Tim Abbott de3f539f58 do_change_stream_description: Accept a stream as argument. 2017-01-29 20:27:00 -08:00
Tim Abbott 2dc90e8ebd rename_stream: Pass a stream object to do_rename_stream. 2017-01-29 20:27:00 -08:00
Tim Abbott 7be34357b2 rename_stream: Move stream name taken check to view. 2017-01-29 20:27:00 -08:00
Tim Abbott ccdf17f47e rename_stream: Move stream already has name check to view. 2017-01-29 20:27:00 -08:00
Tim Abbott d059a0a90a rename_stream: Move check_stream_name into view. 2017-01-29 20:26:59 -08:00
Tim Abbott ab1e9f2b97 rename_stream: Move stripping of whitespace to view. 2017-01-29 20:26:59 -08:00
Tim Abbott 4ad1fadab0 streams: Create and use do_change_stream_invite_only. 2017-01-29 20:26:59 -08:00
Tim Abbott c74ddb74e9 do_make_stream_private: Accept a stream object, not a name. 2017-01-29 20:26:59 -08:00
Tim Abbott 0a75480444 do_make_stream_public: Accept a stream object, not a name. 2017-01-29 20:26:59 -08:00
Tim Abbott e137787d1a users: Use access_stream_by_name to access streams.
This simplifies the code somewhat and adds greater consistency of
error messages.
2017-01-29 20:26:59 -08:00
Tim Abbott ea72b97cd9 home: Cleanup narrow_topic logic. 2017-01-29 20:26:59 -08:00
Tim Abbott a7cb7dd695 home: Use access_stream_by_name to access streams. 2017-01-29 20:26:59 -08:00
Tim Abbott 6c512bdfd3 json_invite_users: Use access_stream_by_name. 2017-01-29 20:26:59 -08:00
Tim Abbott bc2f23383e streams: Move list_to_streams to lib. 2017-01-29 20:26:59 -08:00
Tim Abbott 02f5ef1d23 streams: Move filter_stream_authorization to lib. 2017-01-29 20:26:59 -08:00
Tim Abbott bb86bba20d stream_exists_backend: Use access_stream_by_name. 2017-01-29 20:26:59 -08:00
Tim Abbott 46e5b8a9cc streams: Remove unused json_remove_subscriptions. 2017-01-29 20:26:59 -08:00
Tim Abbott e57e2ee9f1 get_subscribers_backend: Use access_stream_by_id. 2017-01-29 20:26:59 -08:00
Tim Abbott 0d980b7cef json_get_stream_id: Use access_stream_by_name. 2017-01-29 20:26:59 -08:00
Tim Abbott 1ced8d3eb6 get_topics_backend: Use access_stream_by_id. 2017-01-29 20:26:58 -08:00
Tim Abbott 6685885741 deactivate_stream_backend: Use access_stream_by_id. 2017-01-29 20:26:58 -08:00
Tim Abbott 826cc80c9e update_stream_backend: Use access_stream_by_id. 2017-01-29 20:26:58 -08:00
Tim Abbott de38f3eb94 update_stream_backend: Clean up unnecessary stream_name variable. 2017-01-29 20:26:58 -08:00
Tim Abbott 2cf223470d streams: Eliminate get_subscription_or_die helper function. 2017-01-29 20:26:58 -08:00
Tim Abbott 7ecda1ac8e streams: Fix autosubscribe security bug (CVE-2017-0881).
A bug in Zulip's implementation of the "stream exists" endpoint meant
that any user of a Zulip server could subscribe to an invite-only
stream without needing to be invited by using the "autosubscribe"
argument.

Thanks to Rafid Aslam for discovering this issue.
2017-01-29 15:30:59 -08:00
Yago González 7fe090f902 translations: Improve some poorly-worded strings. 2017-01-28 18:04:17 -08:00
avisrivastava254084 762b84710e auth: Redirect users to home from /login if already logged in.
This makes various links in Zulip work a bit more reasonably for
already-logged-in users.

Fixes #3316.
2017-01-28 16:10:19 -08:00
Tim Abbott e69c4458c6 errors: Use hostname to report deployment. 2017-01-28 13:07:09 -08:00
Tim Abbott 0dd5d6cea0 errors: Separate browser error reporting from backend. 2017-01-27 10:27:41 -08:00
Steve Howell 4be2d6577d Add a new community realm to our test databases.
The realm with string_id of "simple" just has three users
named alice, bob, and cindy for now.  It is useful for testing
scenarios where realms don't have special zulip.com exception
handling.
2017-01-26 19:25:34 -08:00
Harshit Bansal b4186fdfdd views/realm_aliases.py: Use domain instead of id as handle for RealmAlias.
We need to make the change for the API, and the next commit introduces a
unique_together constraint on (realm, domain) anyway.
2017-01-26 17:24:25 -08:00
Harshit Bansal 06cc306d00 Add stricter domain validation and improve error messages. 2017-01-26 17:24:25 -08:00
Harshit Bansal 5b01694e00 actions.py: Rename do_get_realm_aliases to get_realm_aliases. 2017-01-26 17:24:25 -08:00
Tomasz Kolek 7de45951e2 Make webhooks as separate modules with view and tests.
Create python packege for every webhook with view.py and tests.py
2017-01-25 23:14:19 -08:00
Tim Abbott dd9e0b8463 errors: Move do_report_error into zerver/lib/. 2017-01-23 23:18:28 -08:00
Tim Abbott 4e171ce787 lint: Clean up E126 PEP-8 rule. 2017-01-23 22:06:13 -08:00
Tim Abbott d6e38e2a5c lint: Clean up E123 PEP-8 rule. 2017-01-23 21:34:26 -08:00
Tim Abbott 9640a9e864 lint: Clean up E712 PEP-8 rule. 2017-01-23 21:11:18 -08:00
Tim Abbott a088cdaa04 lint: Clean up E714 PEP-8 rule. 2017-01-23 21:07:45 -08:00
Tim Abbott e9158dd520 lint: Clean up E121 PEP-8 rule. 2017-01-23 21:02:39 -08:00
Tim Abbott df3d6aee5d lint: Clean up E114 PEP-8 lint rule. 2017-01-23 20:52:58 -08:00
Tim Abbott 22d1aa396b lint: Clean up W503 PEP-8 warning. 2017-01-23 20:50:04 -08:00
Tim Abbott bde2da7dfd lint: clean up PEP-8 W391 rule. 2017-01-23 20:39:02 -08:00
Tim Abbott 46ab7762e7 edit: Eliminate unnecessary json_update_message wrapper. 2017-01-23 17:22:42 -08:00
Tim Abbott 33b02a02dd update_message_backend: Fix memcached queries in loop.
This fixes a bug where update_message_backend would do one memcached
query per user receiving a given message.  Right now we just do a
single bulk database query, but in principle we could use
generic_bulk_cached_fetch to use the cache as well.
2017-01-23 17:22:42 -08:00
Tim Abbott 0f7f9dc0fb update_message_backend: Log number of changed messages.
This will be helpful for debugging potential performance problems.
2017-01-23 17:22:40 -08:00
Tim Abbott e7c9a5087c auth methods: Fix buggy check for changes.
Apparently, we were comparing the full list of enabled authentication
methods (whether or not supported by the server) against the user's
selections among those supported by the server, which resulted in
authentication methods being always reported as different.
2017-01-22 17:12:58 -08:00
Tim Abbott 5d52f1ec17 bugdown: Move realm_filters_key logic out of callers.
This gets rid of the confusing duplicate realm_filters_key and
message_realm arguments that previously were passed to bugdown.
2017-01-21 21:37:57 -08:00
Sampriti Panda 34a4a1378d bugdown: Use specified realm, not sender realm, for rendering.
This changes bugdown to use the realm passed in by the caller (if any)
for rendering, fixing a problem where bots such as the notification
bot would have their messages rendering using the admin realm's
settings, not the settings of the realm their messages are being sent
into.

Also adds a test for the notification bot case.

Fixes #3215.
2017-01-21 21:37:57 -08:00
Tim Abbott 01e0acb282 render_incoming_message: Require a realm object. 2017-01-21 21:37:57 -08:00
Tim Abbott 99c5563bc6 internal_send_message: Make realm argument mandatory.
A lot of care has been taken to ensure we're using the realm that the
message is being sent into, not the realm of the sender, to correctly
handle the logic for cross-realm bot users such as the notifications
bot.
2017-01-21 21:37:30 -08:00
Tim Abbott 8ba7d2080c internal_prep_message: Make realm argument mandatory.
In order to correctly handle messages sent by cross-realm bots, we
need to specify the realm that the messages are being sent into in the
send message code path.  The commit and its successors convert that
code path to include the realm the message is being sent to explicitly.
2017-01-21 21:16:18 -08:00
Tomasz Kolek cc13104780 Add Zapier integration. 2017-01-20 10:43:18 -08:00
Rohith Asrk a1b0e35792 Remove use of mailer.send_mail from all files.
This was just copied from some third-party projects.

Fixes #3153.
2017-01-19 16:28:29 -08:00
Umair Khan 9fecbcecf5 subdomains: Don't show login page on root aliases. 2017-01-17 15:29:24 -08:00
Tommy Ip c407919db3 Add /authors page.
Contributor visualization showing the avatar, user name and number
of commits for each contributors. The JSON data would be updated
upon deployment, triggered by the `update-prod-static` script.
2017-01-17 13:35:55 -08:00
Tim Abbott 121b926962 emoji: Fix 500 trying to remove nonexisting realm emoji. 2017-01-16 23:48:07 -08:00
Tim Abbott 19cb5013d3 emoji: Extract zerver.lib.emoji. 2017-01-16 23:45:28 -08:00
Tim Abbott f3b9abee14 Convert realm emoji upload to use PUT properly. 2017-01-16 23:45:12 -08:00
Tim Abbott 19b89eb050 bugdown: Rename realm_id to realm_filters_key.
This should substantially improve the clarity of the code, since
inside bugdown, this is only being used as a hash key that happens to
usually be a realm ID, not used as a Realm ID.
2017-01-16 21:48:55 -08:00
Bojidar Marinov df00ad3e84 search: Prevent crashes with multiple search operators.
Fixes #3071.
2017-01-16 19:42:49 -08:00
Rafid Aslam d3ee53bdef Move endpoints to use stream_id instead of stream_name in their URLs
- Change `stream_name` into `stream_id` on some API endpoints that use
`stream_name` in their URLs to prevent confusion of `views` selection.

For example:
If the stream name is "foo/members", the URL would be trigger
"^streams/(?P<stream_name>.*)/members$" and it would be confusing because
we intend to use the endpoint with "^streams/(?P<stream_name>.*)$" regex.

All stream-related endpoints now use stream id instead of stream name,
except for a single endpoint that lets you convert stream names to stream ids.

See https://github.com/zulip/zulip/issues/2930#issuecomment-269576231

- Add `get_stream_id()` method to Zulip API client, and change
`get_subscribers()` method to comply with the new stream API
(replace `stream_name` with `stream_id`).

Fixes #2930.
2017-01-12 15:23:31 -08:00
Rafid Aslam 156eefacc2 API: Add `json/get_stream_id` endpoint
Add `json/get_stream_id` endpoint, used to convert `stream_name`
into `stream_id`.
2017-01-12 15:23:31 -08:00
Tomasz Kolek 053feb947c Change way of handling comments event in jira integration. 2017-01-12 14:54:32 -08:00
Tomasz Kolek 9a60220c37 Refactor jira integration.
Remove events that don't exist.
Move handling issue events to separate function.
Make formatting strings using format function.
Change camelCase variable name convetion to using underscores.
Make unknown events error more clear.
Add issue_event_type_name param to all fixtures.
2017-01-12 14:54:32 -08:00
Tomasz Kolek e6ab93a4c4 Fix Bitbucket2 integration fulfilled event type.
The "merged" event type was apparently renamed to "fulfilled".
2017-01-11 14:18:07 -08:00
Tomasz Kolek f0cc6d8029 Adjust Taiga integration to new payloads format.
Update all payloads.
Remove move task between User stories events.
Update code to handle new payload format.

Fixes: #2318.
2017-01-11 14:17:44 -08:00
Tim Abbott 3f8d4193da lint: Fix % comprehensions being used without a tuple. 2017-01-09 11:45:11 -08:00
Tim Abbott f3b5683e77 views: Rename __init__.py to zerver.views.registration.
This completes the cleanup process of eliminating functions in the
root zerver/views/__init__.py module.
2017-01-08 16:21:15 -08:00
Tim Abbott 48f1b4e1ab views: Extract zerver.views.muting. 2017-01-08 16:21:15 -08:00
Tim Abbott 7beff88f5f views: Extract zerver/views/home.py.
This is a significant piece of the remaining effort required to
eliminate the catch-all zerver/views/__init__.py.
2017-01-08 16:21:15 -08:00
Harshit Bansal ceb636dbd9 Manage allowed domains from admin settings.
Fixes: #1867.
2017-01-06 12:03:31 -08:00
Rishi Gupta fdb47fc5ee find my team: Canonicalize URL route.
Change URL endpoint to use underscores, not dashes, and change name to use
the full path to the view function. See e.g. /create_realm.
2017-01-06 10:42:28 -08:00
Rishi Gupta 757297b72f Move find_my_team functions out of views/auth.py
The general __init__ file is a more natural home, and where other endpoints
(e.g. create_realm, etc) live.

Also changes forms.ValidationError to django.core.exceptions.ValidationError
to match the rest of the file/codebase.
2017-01-06 10:42:28 -08:00
Rishi Gupta e481fef9e1 Move find_team_email subject to a templates/ file. 2017-01-06 10:42:28 -08:00
Rishi Gupta 7cb5d26999 Rename find_team_email_html.txt to find_team_email.html. 2017-01-06 10:42:28 -08:00
Jackson 032b5e9db9 integrations: Add webhook code, API endpoint, and tests for Delighted. 2017-01-05 10:47:30 -08:00
Vamshi Balanaga 1b2472b5cb integrations: Modify solano labs integration.
This adds support for the "running" status and adds a test fixture.
2017-01-05 10:19:32 -08:00
Tomasz Kolek 6d1cb44bd4 bitbucket2: Add additional debugging info about unsupported keys. 2017-01-04 17:29:49 -08:00
Rishi Gupta 2b0a7fd0ba Rename models.get_realm_by_string_id to get_realm.
Finishes the refactoring started in c1bbd8d. The goal of the refactoring is
to change the argument to get_realm from a Realm.domain to a
Realm.string_id. The steps were

* Add a new function, get_realm_by_string_id.

* Change all calls to get_realm to use get_realm_by_string_id instead.

* Remove get_realm.

* (This commit) Rename get_realm_by_string_id to get_realm.

Part of a larger migration to remove the Realm.domain field entirely.
2017-01-04 17:12:23 -08:00
Umair Khan f208813ea3 Add Find My Team feature. 2017-01-03 21:33:42 -08:00
Vamshi Balanaga 234310bfd1 integrations: Add webhook code, API endpoint, and tests for solano labs. 2017-01-03 20:18:34 -08:00
Rishi Gupta cf762eaf84 Change X.realm.id to X.realm_id across codebase.
This makes it more clearly the pattern in the Zulip codebase, and thus
decreases the risk of accidentally doing database queries.
2017-01-03 16:46:26 -08:00
Rishi Gupta 130f981901 messages.send_message_backend: Take a realm_str instead of a domain. 2017-01-03 16:46:15 -08:00
Rishi Gupta b206d6f251 message.py: Change domain to realm_id in render_markdown args. 2017-01-03 16:46:14 -08:00
Rishi Gupta c6e12e74be Change domain to realm_id in bugdown and realm filter dicts and caches. 2017-01-03 16:25:20 -08:00
Tim Abbott a61386cbbc github: Fix GitHub integration CSRF issue.
The new GitHub dispatcher integration was apparently totally broken,
because we hadn't tagged the new dispatcher endpoint as exempt from
CSRF checking.  I'm not sure why the test suite didn't catch this.
2016-12-30 20:31:08 -08:00
Tim Abbott 5c0730d7ca reactions: Fix check for valid emoji.
The previous logic did not correctly handle the case where there were
realm emoji (non-realm emoji would be inaccessible).
2016-12-30 17:51:31 -08:00
Tim Abbott 0ddaa13eeb lint: Fix indentation error in user_settings.py. 2016-12-30 14:31:04 -08:00
Jackson aeac3848c8 integrations: Add webhook code, API endpoint, and tests for HelloSign. 2016-12-30 14:19:31 -08:00
Prabod Rathnayaka 6f087e468e Add setting hiding private message content in desktop notifications.
Tweaked by tabbott to fix a refactoring bug, set the default to True,
fix the real-time sync, and add tests for this.

Fixes #2355.
2016-12-30 14:10:34 -08:00
Tomasz Kolek 56f530331d Add default topics mechanism to stripe integration.
Fixes: #2586.
2016-12-27 16:27:54 -08:00
Tomasz Kolek 02bf4646fc Refactor transfer part of stripe integration. 2016-12-27 16:27:54 -08:00
Tomasz Kolek 6dca1ecc40 Refactor order part of stripe integration. 2016-12-27 16:27:54 -08:00
Tomasz Kolek a75d94d3cf Refactor invoice part of stripe integration. 2016-12-27 16:27:54 -08:00
Tomasz Kolek e843af5d27 Refactor customer part of stripe integration. 2016-12-27 16:27:54 -08:00
Tomasz Kolek d1c486b8e9 Refactor charge part of stripe integration. 2016-12-27 16:27:54 -08:00
paxapy 8e7fa6b2de emoji: Add add_emoji_by_admins_only realm setting.
This setting controls whether normal users can add realm emoji.

Fixes #978.
2016-12-27 15:46:14 -08:00
Igor Tokarev ffa724f8fc emoji: Add author field to RealmEmoji table and track. 2016-12-27 15:42:04 -08:00
Rishi Gupta 717afcb408 Remove calls to get_realm in preparation for its deprecation.
Also removes two calls to email_to_domain.
2016-12-26 17:53:32 -08:00
Rishi Gupta e9a6bd1986 Change register/<domain>/ URL route to register/<realm_str>/. 2016-12-26 17:51:00 -08:00
Rishi Gupta ea64b18f91 zerver.views: Be confident that request.session['domain'] is valid.
We only write domain to the session variable in one place,
accounts_home_with_domain, where we check that the domain is valid, that the
domain corresponds to an open realm, and that we are in the non-subdomains
case.

Previously, we were confusingly checking only a subset of the conditions
on reading back the domain in create_preregistration_user, and not checking
any of them when reading back the domain in get_realm_from_request.
2016-12-26 17:50:46 -08:00
Rishi Gupta d6e7014f06 Refactor views.create_homepage_form into its callers.
The indirection is no longer that useful, and obscures Django's conventional
style for calling a form.
2016-12-26 17:50:23 -08:00
Rishi Gupta 146f2ca482 Refactor get_realm_from_request out of views.create_homepage_form. 2016-12-26 17:49:58 -08:00
Rishi Gupta 1ce9a8a458 Remove confusing comments in HomepageForm and RealmCreationForm. 2016-12-26 17:49:58 -08:00
Rishi Gupta ddf480136c Remove unused domain argument from RealmCreationForm. 2016-12-26 17:49:58 -08:00
Rishi Gupta ec658d038d Refactor HomepageForm to use a Realm instead of a string_id. 2016-12-26 17:49:58 -08:00
Rishi Gupta a87e653c32 Refactor models.completely_open to take a Realm instead of a domain. 2016-12-26 17:49:58 -08:00
Juan Verhook 535ce90272 mypy: Convert zerver/views to use typing.Text. 2016-12-26 13:43:09 -08:00
Rafid Aslam d0502537ab API: Migrate POST `/ui_settings/change` to PATCH `/settings/ui` 2016-12-24 11:02:02 -08:00
Juanvulcano 2fd1316d70 Removed json/update_message
Update test_alert_words.py

Update test_messages.py

Update messages.py
2016-12-24 10:08:22 -08:00
Jackson 3a109a56df Migrate notify_settings to settings/notifications
Remove notify_settings from legacy_url.py
2016-12-24 09:24:23 -08:00
anirudhjain75 8acdbef8aa Eliminate legacy json/make_stream_public and json/make_stream_private URL
Migrate from POST to PATCH
2016-12-24 08:54:49 -08:00
Sampriti Panda 87e7dc6799 urls: Remove legacy URL for left_side_userlist and move over to REST PATCH endpoint 2016-12-24 08:38:33 -08:00
Jackson 333cf0f015 Migrate legacy /json/time_setting to new REST style endpoint. 2016-12-23 08:08:27 -08:00
Tommy Ip 1e0de94293 API: convert get_subscribers from legacy URL to REST endpoint. 2016-12-22 09:25:12 -08:00
Tim Abbott 7d99380488 update_display_settings: Move validation to beginning.
This makes the function more friendly for adding additional
functionality to.
2016-12-22 06:58:53 -08:00
Tim Abbott 0299f41c80 settings: Extract update_display_settings_backend. 2016-12-22 06:57:06 -08:00
anirudhjain75 c9db6b6658 Clean up legacy language_settings endpoint. 2016-12-22 06:54:04 -08:00
Sampriti Panda 425a55e568 settings: Implement delete avatar functionality 2016-12-21 13:35:22 -08:00
Sampriti Panda e72cd0b1cc urls: convert set_avatar from legacy URL to REST endpoint 2016-12-21 13:35:22 -08:00
Rafid Aslam bfe84a10f0 API: Migrate POST `json/fetch_raw_message` to GET `json/messages/<id>` 2016-12-21 13:08:40 -08:00
Jackson 59eb7a54e2 integrations: Add documentation for GoSquared. 2016-12-20 16:59:36 -08:00
Jackson 4ff4f12aea integrations: Add webhook code, API endpoint, and tests for GoSquared. 2016-12-20 16:59:36 -08:00
Umair Khan 7f3fdb2663 Django 1.10: Immediately save session to mitigate race conditions. 2016-12-16 16:24:12 +05:00
paxapy 18e43895ff streams.py: replace stream_subscribe_button with new #stream syntax.
Previously, we included a special subscribe button in new stream
notifications, but that had 2 problems:

(1) The subscribe button would render badly if the stream was renamed.
(2) There wasn't an easy way to look at the stream when deciding
whether to subscribe.

This fixes the second problem, but not really the first.
2016-12-15 22:43:14 -08:00
Tomasz Kolek bb6d189fa8 Add github dispatcher to have one elegant url for both github integrations.
Dispatcher avoids to create new URL for github_webhook.
2016-12-15 17:42:28 -08:00
vaibhav 75bf501553 Add optional waiting period for users to create streams.
This adds support for only allowing normal users with account age
equal or greater than a "waiting period" threshold to create streams;
this is useful for open organizations that want new members to
understand the community before creating streams.

If create_stream_by_admins_only setting is set to True, only admin users
were able to create streams. Now normal users with account age greater
or equal than waiting period threshold can also create streams.

Account age is defined as number of days passed since the user had
created his account.

Fixes: #2308.

Tweaked by tabbott to clean up the actual can_create_streams logic and
the tests.
2016-12-15 16:54:30 -08:00
Tomasz Kolek 6fdc026f64 Move get_profile_backend to views/users.py.
Fixes: #2710.
2016-12-15 16:04:23 -08:00
Sampriti Panda 91780180f6 integrations: Add webhook code, API endpoint, and tests for AppFollow 2016-12-15 11:13:27 -08:00
Umair Khan 8e30530cc5 subdomains: Make GitHub login work with subdomains.
Fixes #2501.
2016-12-14 11:09:39 -08:00
Rafid Aslam 63c157a22b API: Expose more information in `get_profile_backend()`
Adding more additional information about user profile to
`zerver.views.pointer.get_profile_backend`, like `user_id`,
`full_name`, `email`, `is_bot`, `is_admin`, and `short_name` of the
user.
2016-12-14 10:51:39 -08:00
Umair Khan c7ec5a14ee Create redirect_to_main_site function.
This function is used in OAuth logins so that we can redirect first to
the root domain (e.g. zulipdev.com if subdomains are *.zulipdev.com).
2016-12-13 21:06:52 -08:00
reallyly 94b28e0afb pep8: Fix E128 violations.
With some line-wrapping tweaks by tabbott.
2016-12-13 10:50:14 -08:00
Arpith Siromoney 226e3cbf02 Reactions backend: make endpoints more REST-ful.
Adding a reaction is now a PUT request to
/messages/<message_id>/emoji_reactions/<emoji_name>

Similarly, removing a reaction is now a DELETE request to
/messages/<message_id>/emoji_reactions/<emoji_name>

This commit changes the url and updates the views and tests.

This commit also adds a test for invalid emoji when removing reaction.
2016-12-07 22:28:02 -08:00
Tomonori Murakami a9e409a50f admin: Do not allow removing or deactivating the last org admin.
Modified by tabbott to cover and test some additional cases.

Fixes #2396.
2016-12-07 21:59:33 -08:00
Igor Tokarev c93f1d4eda Add oembed/Open Graph/Meta tags data retrieval from inline links.
This change adds support for displaying inline open graph previews for
links posted into Zulip.

It is designed to interact correctly with message editing.

This adds the new settings.INLINE_URL_EMBED_PREVIEW setting to control
whether this feature is enabled.

By default, this setting is currently disabled, so that we can burn it
in for a bit before it impacts users more broadly.

Eventually, we may want to make this manageable via a (set of?)
per-realm settings.  E.g. I can imagine a realm wanting to be able to
enable/disable it for certain URLs.
2016-12-07 17:40:18 -08:00
Sampriti Panda 7c3aff92d9 integrations: Add webhook payloads, webhook code, API endpoint, and tests for heroku 2016-12-06 11:05:00 -08:00
Zac Pullar-Strecker e6e11aefb3 settings: Add option to disable websockets.
This can be useful in scenarios where the network doesn't support
websockets.  We don't include it in prod_settings_template.py since
it's a very rare setting to need.

Fixes #1528.
2016-12-05 21:55:22 -08:00
Bickio 84765e48a9 integrations: Add webhook code, API endpoint, and tests for papertrail 2016-12-05 21:48:11 -08:00
Vamshi Balanaga f89e732d9e integrations: Add webhook code, API endpoint, and tests for mention. 2016-12-05 16:46:32 -08:00
Noel Tautges 07a74a8d9c mypy: Convert zerver/views/webhooks/ to use typing.Text. 2016-12-04 11:45:46 -06:00
AZtheAsian 441743cb89 integrations: Add webhook code, API endpoint, and tests for stripe.
This integration still needs documentation.
2016-12-03 20:42:43 -08:00
nikolay abc2ff4a06 pep8: Fix many rule E128 violations.
[Tweaked by tabbott to adjust some approaches used in wrapping]
2016-12-03 13:33:31 -08:00
bulat22101 a6f91064a2 pep8: Fix E129 violations 2016-12-03 10:56:36 -08:00
bulat22101 adebc75740 pep8: Fix E502 violations 2016-12-03 10:56:36 -08:00
Arpith Siromoney 4491ea8d6b reactions: Add support for removing emoji reactions.
This commit adds support for removing reactions via DELETE requests to
the /reactions endpoint with parameters emoji_name and message_id.

The reaction is deleted from the database and a reaction event is sent
out with 'op' set to 'remove'.

Tests are added to check:
1. Removing a reaction that does not exist fails
2. When removing a reaction, the event payload and users are correct
2016-12-02 16:39:53 -08:00
Sidhant Bhavnani 8c0c12c1d9 pep8: Fix E303 violations. 2016-12-02 15:34:11 -08:00
Alex Huang 007b693cc7 pep8: Fix E131. 2016-12-01 23:16:47 -08:00
Alex Huang c8ddea16c3 pep8: Fix E122. 2016-12-01 23:16:35 -08:00
AZtheAsian 1ba150fa85 pep8: Fix E203 violations 2016-12-01 20:37:57 -08:00
AZtheAsian c23f9e0df7 pep8: Fix E111 violations 2016-12-01 14:18:11 -08:00
AZtheAsian f7582f0050 pep8: Fix E124 violations 2016-12-01 14:18:11 -08:00
Rafid Aslam c5316b4002 lint: Fix E127 pep8 violations.
Fix pep8: E127 continuation line over-indented for visual indent
style issue.
2016-12-01 10:23:55 -08:00
Bickio 6b0df43463 pep8: Fix E125. 2016-11-30 20:03:29 -08:00
Bickio e009383460 pep8: Fix E231. 2016-11-30 19:59:25 -08:00
Tommy Ip e4091c6413 pep8: Fix E222 violations. 2016-11-30 21:49:02 +00:00
Tommy Ip 46b7d54b3e pep8: Fix E701 violations. 2016-11-30 20:45:09 +00:00
Arpith Siromoney 001847ac5b Add backend support for emoji reactions.
This commit adds the following:

1. A reaction model that consists of a user, a message and an emoji that
are unique together (a user cannot react to a particular message more
than once with the same emoji)
2. A reaction event that looks like:
    {
        'type': 'reaction',
	'op': 'add',
	'message_id': 3,
	'emoji_name': 'doge',
	'user': {
	    'user_id': 1,
            'email': 'hamlet@zulip.com',
            'full_name': 'King Hamlet'
	}
    }
3. A new API endpoint, /reactions, that accepts POST requests to add a
reaction to a message
4. A migration to add the new model to the database
5. Tests that check that
   (a) Invalid requests cannot be made
   (b) The reaction event body contains all the info
   (c) The reaction event is sent to the appropriate users
   (d) Reacting more than once fails

It is still missing important features like removing emoji and
fetching them alongside messages.
2016-11-26 18:10:21 -08:00
Calvin Lee b8d7f8008a streams: move the invite_only field into the stream_dict argument.
Refactor list_to_streams and create_streams_if_needed.  The
stream_dict now has a "invite_only" key, which is mapped to
a boolean.
2016-11-26 16:52:40 -08:00