Commit Graph

763 Commits

Author SHA1 Message Date
Aman Agrawal b4e4ca14d5 models: Store `is_system_bot_realm` information for `RemoteRealm`.
This will help us filter out system bot realm and control
feature access to it.
2023-12-11 13:23:49 -08:00
Aman Agrawal df23701475 stripe: Rename add_server_to_legacy_plan.
This function will not also be used to migrate remote realms
to legacy plan.
2023-12-11 13:23:49 -08:00
Mateusz Mandera c800951966 remote_billing: Add some useful fields to Remote...User models.
These are useful for auditing and follow what we have for UserProfile.
And is_active will be used in the future when we add user deactivation.
2023-12-11 09:39:24 -08:00
Aman Agrawal ac8d5a5f0b remote_billing_page: Show error page for registration mismatch.
When a self-hosted Zulip server does a data export and then import
process into a different hosting environment (i.e. not sharing the
RemoteZulipServer with the original, we'll have various things that
fail where we look up the RemoteRealm by UUID and find it but the
RemoteZulipServer it is associated with is the wrong one.

Right now, we ask user to contact support via an error page but
might develop UI to help user do the migration directly.
2023-12-10 19:33:48 -08:00
Mateusz Mandera 423aebf98e remote_billing: Implement confirmation flow for RemoteRealm auth.
The way the flow goes now is this:
1. The user initiaties login via "Billing" in the gear menu.
2. That takes them to `/self-hosted-billing/` (possibly with a
   `next_page` param if we use that for some gear menu options).
3. The server queries the bouncer to give the user a link with a signed
   access token.
4. The user is redirected to that link (on `selfhosting.zulipchat.com`).
Now we have two cases, either the user is logging in for the first time
and already did in the past.
If this is the first time, we have:
5. The user is asked to fill in their email in a form that's shown,
   pre-filled with the value provided inside the signed access token.
   They POST this to the next endpoint.
6. The next endpoint sends a confirmation email to that address and asks
   the user to go check their email.
7. The user clicks the link in their email is taken to the
   from_confirmation endpoint.
8. Their initial RemoteBillingUser is created, a new signed link like in
   (3) is generated and they're transparently taken back to (4),
   where now that they have a RemoteBillingUser, they're handled
   just like a user who already logged in before:
If the user already logged in before, they go straight here:
9. "Confirm login" page - they're shown their information (email and
   full_name), can update
   their full name in the form if they want. They also accept ToS here
   if necessary. They POST this form back to
   the endpoint and finally have a logged in session.
10. They're redirected to billing (or `next_page`) now that they have
    access.
2023-12-10 16:15:28 -08:00
Aman Agrawal a1fa969693 populate_billing_realms: Add temporary fix for MissingDataError.
We need to add proper logs here, which can probably be copied from
test_current_count_for_billed_licenses.
2023-12-09 12:50:05 -08:00
Anders Kaseorg f86becfc94 remote_server: Send API feature level along with Zulip version.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-12-09 12:01:22 -08:00
Anders Kaseorg 0400614a48 remote_server: Serialize analytics requests with Pydantic.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-12-09 12:01:22 -08:00
Mateusz Mandera abdfdeffe4 remote_billing: Implement confirmation flow for legacy servers.
For the last form (with Full Name and ToS consent field), this pretty
shamelessly re-uses and directly renders the
corporate/remote_realm_billing_finalize_login_confirmation.html
template. That's probably good in terms of re-use, but calls for a
clean-up commit that will generalize the name of this template and the
classes/ids in the HTML.
2023-12-08 23:49:10 -08:00
Tim Abbott f355b76024 zilencer: Only accept SYNCED_BILLING_EVENTS.
I expect we would ignore extra events anyway, but this just makes it
easier to reason about how the system works.
2023-12-08 23:12:29 -08:00
Prakhar Pratyush bf4fdbff12 stripe: Update LicenseLedger for remote realms.
When a remote server uploads statistics, we update the
LicenseLedger using the audit logs uploaded.

We iterate over the RemoteRealmAuditlog data for the concerned
realm starting from the event_time of the last LicenseLedger
created for that customer and update the ledger based on each event.
2023-12-08 12:58:21 -08:00
Prakhar Pratyush ed9b0d330d stripe: Raise 'MissingDataError' while fetching license count.
If the RemoteRealmAuditLog has stale data, it means the server
stopped or never uploaded data. We raise MissingDataError in such
cases when a user action led to calculating licenses count from
stale data.
2023-12-08 12:58:21 -08:00
Prakhar Pratyush 40621478cb zilencer: Add `get_remote_realm_guest_and_non_guest_count`.
We add a 'get_remote_realm_guest_and_non_guest_count'
function that queries 'RemoteRealmAuditLog' to get
the guest and non_guest count for that remote_realm.

This function is used in 'RemoteRealmBillingSession'
to calculate the current count of billed licenses.
2023-12-08 12:58:21 -08:00
Aman Agrawal c49fc8c6fe populate_billing_realms: Delete existing remote realms.
Running script multiple times created multiple `RemoteRealm`
objects resulting in processing error.
2023-12-08 11:24:15 -08:00
Aman Agrawal 9594e635cd populate_billing_realms: Simulate 2 months free trial.
Makes the billing page for realms on free trial more realistic.
2023-12-08 09:21:18 -08:00
Aman Agrawal 1a60697bd5 populate_billing_realms: Use correct plan tier for sponsored realms.
In cloud:

Sponsored organizations have plan_type=STANDARD_FREE, don't have
a CustomerPlan object and thus no tier value.

With self-hosting:
Sponsored organizations have a CustomerPlan object with tier
TIER_SELF_HOSTED_COMMUNITY and a plan_type of PLAN_TYPE_COMMUNITY.
2023-12-06 12:04:10 -08:00
Aman Agrawal 9f1f292462 populate_billing_realms: Add some helpful comments for testing. 2023-12-06 12:04:10 -08:00
Aman Agrawal 771f8a3542 populate_db: Add contact email for `RemoteZulipServer`.
We need it `get_email` for remote billing sessions.
2023-12-06 10:55:50 -08:00
Mateusz Mandera 24d6ae83c2 populate_db: Clean up existing RemoteRealm, RemoteZulipServer objects.
As of c9b0602320 and
8b55d60f9e we create a default
registration for the dev env "RemoteZulipServer" (and also RemoteRealms
for the dev realms) in populate_db. However these models weren't listed
in clear_database, meaning the state wasn't properly cleaned up at the
start of the command.

Most important, this would manifest in getting:
```
django.db.utils.IntegrityError: duplicate key value violates unique
constraint "zilencer_remotezulipserver_uuid_key"
DETAIL:  Key (uuid)=(......) already exists
```

if you re-run populate_db.
2023-12-06 10:55:50 -08:00
Tim Abbott 731799b726 zilencer: Fix audit log handling of missing 0s. 2023-12-06 00:00:27 -08:00
Aman Agrawal 2c7afa19ba populate_billing_realms: Add method to populate remote realms.
We also avoid deleting all RemoteZulipServer at start so that
we don't delete the registered server for remote realms.
2023-12-05 23:44:29 -08:00
Aman Agrawal cfb62e7ffa populate_billing_realms: Extract method to create customer plan. 2023-12-05 23:44:29 -08:00
Aman Agrawal 8165f718d6 populate_billing_realms: Add different remote servers for testing. 2023-12-05 23:44:29 -08:00
Aman Agrawal 750f5c07b7 populate_billing_realms: Extract method to add card to customer. 2023-12-05 23:44:29 -08:00
Tim Abbott 5e721f4605 migrations: Add recently added indexes concurrently. 2023-12-05 18:22:23 -08:00
Mateusz Mandera d631c76747 zilencer: Add some indexes on Remote* models.
These are for making fix_remote_realm_foreign_keys more efficient.
2023-12-05 16:49:00 -08:00
Mateusz Mandera 39b0628f09 zilencer: Automatically migrate Remote* objects to link to RemoteRealm.
1. When we get data and it includes realm info, we should automatically
   link the new records with the appropriate RemoteRealm.
2. For old records, when we receive realm data, we have an opportunity
   to update those old record to link them to the right RemoteRealm.
   This logic doesn't need to always run, just after a remote server
   upgrade, since that's when this shift in remote server behavior will
   occur.
2023-12-05 16:49:00 -08:00
Anders Kaseorg 8a7916f21a python: Consistently use from…import for datetime.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-12-05 12:01:18 -08:00
Mateusz Mandera 250b52e3dc remote_billing: Add a "confirm login" page in RemoteRealm auth flow. 2023-12-05 11:34:57 -08:00
Mateusz Mandera 8b55d60f9e populate_db: Create RemoteZulipServer with proper details from settings.
This creates a valid registration, for two reasons:
1. Avoid the need to run "manage.py register_server" in dev env to
   register, when wanting to to test stuff with
   `PUSH_NOTIFICATION_BOUNCER_URL = "http://localhost:9991"`.
2. Avoid breaking RemoteRealm syncing, due to duplicate registrations
   (first set of registrations that gets set up with the dummy
   RemoteZulipServer in populate_db, and the second that gets set up via
   the regular syncing mechanism with the new RemoteZulipServer created
   during register_server).
2023-12-05 11:34:57 -08:00
Mateusz Mandera c23339f295 remote_billing: Rename the _billing_entry and _finalize_login functions.
These names were picked when I still thought these endpoints would serve
both the RemoteRealm and RemoteZulipServer based flows. Now that it's
known these are RemoteRealm-only endpoints, the _server in the names no
longer makes sense.
2023-12-05 11:34:57 -08:00
Anders Kaseorg ebee57813c populate_billing_realms: Fix PLW0127 Self-assignment of variable.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-12-05 11:13:49 -08:00
Prakhar Pratyush 14b1539647 remote_activity: Add 'guest users' and 'non guest users' count column.
This commit adds two columns named 'Guest users' and
'Non guest users' to respresent count of such users.

We query 'RemoteRealmAuditLog' to get the data.
2023-12-05 10:04:41 -08:00
Aman Agrawal 7d83508235 commands: Add script to create servers on legacy plan.
Also adds `SWITCH_PLAN_TIER_AT_PLAN_END` for `CustomerPlan`
which will be used to mark status of remote server legacy
plans which are scheduled for an upgrade.
2023-12-04 12:36:24 -08:00
Prakhar Pratyush 6aa911a9b2 remote_server_post_analytics: Return remote realms data in response.
This is a prep commit to return, for each remote realm, the 'uuid',
'can_push', and 'expected_end_timestamp'.

This data will be used in 'initialize_push_notifications'.
2023-12-04 07:08:39 -08:00
Aman Agrawal ff368e3240 populate_billing_realms: Extract function to populate realms. 2023-12-03 15:15:04 -08:00
Mateusz Mandera 7f33d6f0ea zilencer: Tie RemotePushDeviceToken to RemoteRealm at registration.
This consists of the following pieces:
1. Makes servers using the bouncer send realm_uuid in requests for token
   registration. (Sidenote: realm_uuid is already sent in the "send
   notification" codepath as of
   48db4bf854)
2. This allows the bouncer to tie RemotePushDeviceToken to the
   RemoteRealm with matching realm_uuid at registration time.
3. Introduce handling of some potential weird edge cases around the
   realm_uuid and RemoteRealm objects in get_remote_realm_helper.
2023-12-03 09:51:45 -08:00
Mateusz Mandera c9b0602320 tests: Create default RemoteRealms in populate_db.
This default setup will be more realistic, matching the ordinary
conditions for a modern server.
Especially needed as we add bouncer code that will expect to have
RemoteRealm entries for realm_uuid values for which it receives
requests.
2023-12-03 09:51:45 -08:00
Aman Agrawal 4d60c3a96c models: Allow realm_id to be blank.
We cannot provide realm_id for some remote session logs.
2023-11-30 11:22:19 -08:00
Tim Abbott 610338d192 billing: Add BILLING_SCHEDULE_ prefix to values. 2023-11-29 23:32:56 -08:00
Tim Abbott 5d6b635efe billing: Use better variable names for plan tiers.
The existing values didn't have our standard type-prefixing naming
scheme.

Add some extra unused placeholder values while we're at it.
2023-11-29 23:32:56 -08:00
Aman Agrawal 2795f11e3f models: Add org_type to RemoteZulipServer.
This is required to save sponsorship data for remote servers.
2023-11-29 19:04:32 -08:00
Mateusz Mandera 63618e93f0 zilencer: Sync new RemoteRealm fields also for existing registrations. 2023-11-29 15:54:38 -08:00
Mateusz Mandera 9b1a495e2c zilencer: Sync name and authentication_methods on RemoteRealm. 2023-11-29 15:54:38 -08:00
Alex Vandiver 98b68d7034 zilencer: Remove duplicates before adding unique indexes.
The recent #27818 naïvely added unique indexes, despite there being a
large number of existing violations.  This makes the migration
impossible to deploy.

Update the migration to de-duplicate rows, dropping all but the
first-by-id of each unique set.  This is equivalent to what
dd954749be does with `ignore_conflicts`.  We update the migration,
rather than making a new one, as any server which has somehow
successfully applied the migration apparently did not need to
de-duplicate anything.
2023-11-28 15:01:10 -08:00
Mateusz Mandera 02d5740f0f remote_realm: Add syncing of org_type. 2023-11-28 14:41:16 -08:00
Mateusz Mandera 6f2d4f1af2 zilencer: Use proper typing for update_remote_realm_data_for_server.
This is an obvious improvement to the typing and more natural than the
forced dict() conversion.
2023-11-28 14:41:16 -08:00
Alex Vandiver 150c64ddd0 zilencer: Enforce uniqueness of server_id + remote_id.
This was previously just an index (not a unique one).  Enforce this
data constraint.
2023-11-28 09:46:48 -08:00
Lauryn Menard b167eeff08 corporate: Create change plan tier function for BillingSession.
Moves and generalizes `switch_realm_from_standard_to_plus_plan`
in stripe.py to be a more general function for changing a
CustomerPlan to a new and valid tier, `do_change_plan_to_new_tier`.

Adds a helper function with the previous function name to be used
for the support view and management command for changing a realm
from the Standard plan tier to the Plus plan tier.
2023-11-26 19:39:52 -08:00
Mateusz Mandera 3958743b33 corporate: Add prototype authentication system for self-hosters.
This makes it possible for a self-hosted realm administrator to
directly access a logged-page on the push notifications bouncer
service, enabling billing, support contacts, and other administrator
for enterprise customers to be managed without manual setup.
2023-11-22 17:03:47 -08:00