This allows this component to follow existing design patterns, rather
than being its own unusual element with various quirks.
The implementation is approximately the same as before I just migrated
"Edit custom profile field" form into modal, like "Add new custom
profile field" form modal.
Fixes: #21634
This lets us remove this fairly ugly user interface widget, which was
inconsistent with the rest of the settings UI.
The implementation is approximately the same as before I just migrated
"Add new custom profile field" form into a modal, status update
notifications about these forms will be displayed inside their modal,
and made some little design changes as discussed on CZO.
Fixes part of: #21634
Change submit button text of both bot and user deactivation confirm
modal from "Confirm" to "Deactivate".
Calling `launch()` function from `dialog_widget.js` because
`confirm_dialog.js` set submit button text to "Confirm".
Set the default_language as cookie and reload the page so that
the spectator can immediately see the language change in effect.
We can reload the page forcefully for spectators since there is
no chance of any work being lost. It is possible that the spectator
may lose the selected message on doing so.
This requires a new dependency, to be able to set cookies from
frontend JavaScript.
Fixes#21961
In settings, clicking on deactivate bot button will lead to open
confirmation modal, and displaying all status update notifications
inside this confirmation modal.
This commit is a follow-up of zulip#21490.
The changes in the last few commits changed the semantics of the
organization default language to no longer be the primary source of
information for a user's language when creating a new account.
Here, we change the settings UI and /help/ documentation to reflect
this.
The implementation closely follows `handle_deactivation()`.
Using the same existing reactivate confirmation modal.
Also, this commit will also lead to open confirmation modal
to reactivate bots in settings > bots, and currently there is no
existing confirmation modal for deactivating bots.
This commit is a follow-up of #21436.
Doing these in a loop may help us figure out whether the
flakes are somehow related to the initial conditions when
we run the test vs. some race that can happen later in the
loop.
I add the console statements mostly to facilitate debugging,
but they appear to actually reduce the problem, as the code
comments indicate.
We have a flake related to verifying that the app
prevents us from creating stream with duplicate names,
and my hypothesis is that it has to do with us not
waiting for the stream creation UI to fully appear. This flake
is probably a consequence of us recently making the stream
creation UI more like the stream editing UI, and thus
waiting for Desdemona to appear was giving us false
confidence that the page actually loaded.
I could be completely wrong about this solving the
flake, but the code change here is sensible regardless.
The most notable change here is that when you are adding
subscribers to a stream as part of creating the stream,
you can now use the same essential pill-based UI for
adding users as we do when you edit subscribers for an
existing stream.
We don't try to exactly mimic the edit-stream UI or
implementation, since when you are adding subscribers
during create-stream, we are just updating a list in
memory, whereas in the edit-stream UI, we immediately
send info to the server.
Fixes#20499
353d0f9 removed this test as it was causing alert words test
fail non-deterministically. See 353d0f9's commit message for
some more details.
Rearranging the order to make this test run in the end can
eliminate the non-deterministic failures due to this test.
Because we reset the test database in between test files, we don't
expect there to be any issues with test files running after this.
Changing the password seems to randomly cause one of
our calls to /json/events to return a 401.
The symptom of this is that when you update alert words,
we don't get the event, and the alert words list does
not get updated.
More context here:
https://chat.zulip.org/#narrow/stream/43-automated-testing/topic/alert.20word.20flakes/near/1334824
It is possible that this reflects an actual problem in
our system when you update passwords.
For now, though, the goal is simply to make this test
reliable, so that we don't have to chase down this flake
any more. It was a particularly tricky flake to debug,
since the alert words test really wasn't at fault here.
It's plausible that we don't want to have the app declare
success when the server acks an alert word POST, and the
app should instead wait for the event to come back before
giving any confirmation to the user.
Since we do not allow to remove owners from bots, it is better
to keep owners for the bots in development environment as well.
We need to change puppeteer tests here because now desdemona
already has bots in dev server and thus "Active bots" section
is opened by default in the settings instead of "Add a new bot"
section.
Added a property `mouse_moved_since_typeahead` to the typeahead class
which tracks whether the mouse has been moved since the typeahead
menu appeared.
The hovered over menu item is highlighted on `mouseenter` only if
`mouseMoved` is true. Otherwise, the cursor is hidden temporarily.
Code substantially reorganized by tabbott.
Fixes: #21018.
We want to avoid submit handlers here, because we may
have embedded widgets that have their own forms or
buttons.
We use "finalize" here to distinguish the two Create
buttons related to streams. You hit one button to
start the UI and then the second button to finalize
the process.
I also fix the bad test idiom of clicking on the
sea-green button.
We use Venice instead of Verona, just in case some other
test is mutating Desdemona's subscription to Verona. (That's
unlikely, but it at least reduces some grep noise for any
future person with that hypothesis.)
And then we try to make sure that Venice is even in the
list of streams.
We show user name in heading of the deactivation confirmation
modal instead of email, since there can be a case when admin
does not have access to real email and we already show email,
if accessible, in the content of the modal.
The old name was confusing, since the contents
of the div aren't just a table, and we have
smaller elements that actually do list a bunch
of subscriptions in tabular format.
This test was verifying if an error was displayed on trying
to rename a bot with an existing name and then close the edit
modal with 'cancel' button.
I think the cause for flake is that the 'cancel' was clicked when
it is disabled while the request was being made. The existing waits
should've also worked for this but I presume there's some race.
Removed existing empty narrow divs from app/home.html and created
a new javascript module to dynamically load empty narrow messages
using handlebar template.
Fixes#18797
Since we have the drafts button in top left corner and we need space
to insert formatting buttons in the bottom of compose box; removing
drafts link makes sense.
Now that this is in the left sidebar, we can remove the now-redundant
compose area button for it. This also changes where the "Saved as
draft" tooltip appears.
There was no heading for "Time format" setting in the
"Default user settings" section and thus no save-discard
widget to update the setting. This commit fixes the bug
and changes the heading to be only "Time" since there is
no realm-level default of language setting.
This bug was introduced in adb612a0b4.
User-supplied custom realm filter has had some sort of regex-based
validation of the format URL since their introduction in
d7e1e4a2c0 -- and this has always been
in addition to the URLValidator. The URLValidator is the one which
does the security-relevant work of validating that the schema is
reasonable, and that the overall shape of the URL is well-formed. The
regex has served primarily to arbitrary limit the characters that can
appear in the URL, in the mistaken name of safety.
Adjust the regex, such that its only purpose is to verify that the
usages of `%` characters in the URL are reasonable, and leave the URL
validation to the URLValidator, which can do a far better job. This
includes broadening the support to include `%%` as an escape
character; this is likely such a niche case as to be unnecessary, but
costs little.
Fixes#16013.
Zulip attempts to validate that the regular expressions that admins
enter for linkifiers are well-formatted, and only contain a specific
subset of regex grammar. The process of checking these
properties (via a regex!) can cause denial-of-service via
backtracking.
Furthermore, this validation itself does not prevent the creation of
linkifiers which themselves cause denial-of-service when they are
executed. As the validator accepts literally anything inside of a
`(?P<word>...)` block, any quadratic backtracking expression can be
hidden therein.
Switch user-provided linkifier patterns to be matched in the Markdown
processor by the `re2` library, which is guaranteed constant-time.
This somewhat limits the possible features of the regular
expression (notably, look-head and -behind, and back-references);
however, these features had never been advertised as working in the
context of linkifiers.
A migration removes any existing linkifiers which would not function
under re2, after printing them for posterity during the upgrade; they
are unlikely to be common, and are impossible to fix automatically.
The denial-of-service in the linkifier validator was discovered by
@erik-krogh and @yoff, as GHSL-2021-118.
Also added a waitFor for the modal to disappear and removed
waitFor for the spinner to hide which would obviously be hidden
with modal and it also doesn't add much value.
Users wanted a feature where they could specify
which users can create public streams and which users can
create private streams.
This splits stream creation code into two parts,
public and private stream creation.
Fixes#17009.
yogesh sirsat
Anders Kaseorg
Sahil Batra
Aman Agrawal
Tim Abbott
Steve Howell
Dinesh
NerdyLucifer
N-Shar-ma
Ganesh Pawar
S-Abhishek
Wesley Aptekar-Cassels
Alex Vandiver
rht