Commit Graph

60296 Commits

Author SHA1 Message Date
Mateusz Mandera 669e0a3e47 import: Fix export->import of emojis from Slack.
Ideally this would besplit up into two commits, but it's hard to split
into self-contained, atomic chunks now that this segment of the
import/export system is generally kind of broken after thumbnailing
system changes.

1. 3rd party export converters don't make .original image files.
Insteadthey provide a single file, which the import should treat as if
it's .original.

2. 3rd party converters create all the records with is_animated=False.
That's an issue, because without setting that correctly on the
RealmEmoji objects, Zulip doesn't know that it should use the "still"
thumbnail when the emoji is being used in a user's status. Which leads
to incorrectly displaying the user status with the distracting
animation.
2024-08-21 16:30:19 -07:00
Mateusz Mandera 5476340b52 import: Export and import .original emoji files correctly.
The export tool was only exporting the already-thumbnailed emoji file,
omitting the original one. Now we make sure to export the .original file
too, like we do for avatars, and make the import tool process it
directly, to thumbnail it directly and generate a still in the case of
animated emojis.

Otherwise, the imported realm wouldn't have the <emoji>.png.original
file that we generally expect to have accessible, and stills for
animated emojis were completely missing.
2024-08-21 16:30:19 -07:00
Mateusz Mandera 2a1da859ea auth: Update AzureADAuthBackend to use the newer Microsoft API.
As detailed in the comment in the code:

The upstream implementation uses the outdated /oauth2/authorize
API (instead of the v2.0 API), which doesn't allow us to authenticate
users with just a personal Microsoft account. v2.0 API is required.
This requires us to override the default URLs to use it as well
as adjust the requested scopes, to match this new API.

The backend in its previous state was only able to authenticate users
that were tied to an organizational directory, even if the application
settings in Azure were set up to also allow personal accounts. Users
trying to use a personal account would face an error from Microsoft:

AADSTS500200: User account 'xxxx@example.com' is a
personal Microsoft account. Personal Microsoft accounts are not
supported for this application unless explicitly invited to an
organization

https://github.com/python-social-auth/social-core/issues/723 is a
related upstream issue.
2024-08-21 16:16:30 -07:00
evykassirer 6ff793590f bootstrap_typeahead: Fix bug on select with no active item.
This bug was introduced in d9f25d01a1
It's possible that `find(".active")` returns `undefined` here.
2024-08-21 16:07:37 -07:00
Rahul Rajesh Kumar b6597896b0
footer: Open social links in a separate browser tab.
Fixes #31415.
2024-08-21 16:05:45 -07:00
Karl Stolley 562e6d6802 global_times: Allow global times to display inline. 2024-08-21 16:02:33 -07:00
Karl Stolley 02161582fd mentions: Allow mentions to display inline. 2024-08-21 16:02:33 -07:00
Aman Agrawal 580b9e9dae navbar: Remove signup button.
This allows log in button in navbar for spectators to have more space
to be displayed in different languages without being truncated.
Login page already has 2 buttons for user to sign up from.
2024-08-21 12:02:59 -07:00
Tim Abbott f1d828cb7d test_openapi: Remove now-unused blocks.
As we remove uses of the has_request_variables system in favor of
typed_endpoints, parts of this file have lost test coverage.
2024-08-21 11:33:42 -07:00
Tim Abbott 9348b87d73 topic: Remove now-unused REQ_topic. 2024-08-21 11:27:54 -07:00
Kenneth Rodrigues 2483e600a2 message_send: Convert to typed endpoint.
Convert `message_send.py` use `typed endpoint`.

Disable `message_send` endpoint `to` parameter in the `openapi`
`validate_json_schema` check, because it is a special case where the
content type of the parameter is application/json but the
parameter may or may not be JSON encoded since previously we also
accepted a raw string and some ad-hoc bot might still depend on sending
a raw string.

Remove unused validators from `validator.py`.
2024-08-21 11:13:00 -07:00
Prakhar Pratyush 8b3d5a9455 custom_profile_fields: Update transaction to be durable.
This commit updates the db transaction to be durable for
do_update_user_custom_profile_data_if_changed to avoid
addition of any outer atomic block.

While adding any outer atomic block this will raise a runtime error
and we can replace the durable argument with 'savepoint=False'
otherwise we'll have to manually track down the action functions
getting called in that outer atomic block and set the savepoint=False
otherwise it'll lead to creation of savepoints which we don't want.

We can't set savepoint=False before hand to the outermost action
function because it leads to rollback of transaction in tests when
an error is raised in action function.
2024-08-21 10:51:23 -07:00
Prakhar Pratyush e729c51485 custom_profile_fields: Update remove...value to send event on commit.
Earlier, we were using 'send_event' in
check_remove_custom_profile_field_value which can lead to a
situation where we enqueue events but the function fails at a
later stage.

Events should not be sent until we know we're not rolling back.

Fixes part of #30489.
2024-08-21 10:51:23 -07:00
Prakhar Pratyush bfe7eb6b2c do_change_full_name: Noop if value isn't really changing.
In do_change_full_name, we shouldn't create RealmAuditLog
entry and sends events if the value isn't changing.
2024-08-21 10:51:23 -07:00
Sahil Batra 6718ff5166 user_groups: Make bottom margin for setting consistent with streams.
This commit increases the gap between group setting elements to make
it same with what we have for stream settings.
2024-08-21 10:30:25 -07:00
Sahil Batra 688def19ab user_groups: Fix showing tooltip for disabled settings.
Preivously, the tooltip was shown only for first element
since initialize_disable_btn_hint_popover only added the
tooltip to first element. And then after d9f25d01a1, there
was an error shown as initialize_disable_btn_hint_popover
asserted that only single element list was passed.

This commit fixes it by calling initialize_disable_btn_hint_popover
for each setting element. Similarly the code to destroy the
tooltip on enabling the setting elements is called for each
element.
2024-08-21 10:30:25 -07:00
afeefuddin be9d879682 settings_bots: Convert module to TypeScript. 2024-08-21 08:28:40 -07:00
afeefuddin 4b89d0ff06 state_data: Add realm_bot_creation_policy type. 2024-08-21 08:28:40 -07:00
afeefuddin 5579700920 list_widget: Make filter_value optional in render_empty_list_message_if_needed. 2024-08-21 08:28:40 -07:00
Alya Abbott 3227a9f35a help: Add a tip to turn off read receipts with invisible mode. 2024-08-21 08:25:44 -07:00
Alex Vandiver 6cc480e2b5 kandra: Ensure that we do not error out creating standby.signal.
Force us to have restored the `/var/lib/postgresql/14/main` directory
before we try to create `standby.signal` in it.
2024-08-20 14:03:51 -07:00
Alex Vandiver 49e5722a9f kandra: Match the logic in zulip::profile::postgresql. 2024-08-20 14:03:51 -07:00
Alex Vandiver 9e58780d46 puppet: Fix indentation. 2024-08-20 14:03:51 -07:00
Mateusz Mandera 7e1f468f04 saml: Fix exception when syncing missing value to custom profile field.
There was a bug here that would trigger an exception inside
`sync_user_profile_custom_fields`, causing it to get logged with
logging.warning, when an attribute configured for SAML custom profile
field sync was missing from a SAMLResponse or had an empty value.
`sync_user_profile_custom_fields` expects valid values, and None is not
valid.

We could consider a slightly different behavior here instead - when an
attribute is sent with no value in the SAMLResponse, that means the attr
has no value in the IdP's user directory - so perhaps a better behavior
would be to also remove the custom profile field value in Zulip. However
there are two issues with that:

1. It's not necessarily the best behavior, because an organization might
want the "user doesn't have this attribute set at the IdP level" state
to just mean that the user should be free to set the value manually in
Zulip if they wish. And having that value get reset on every login would
then be an issue. The implementation in this commit is consistent with
this philosophy.

2. There's some implementation difficulty - upstream
`self.get_attr(...)`, which we use for reading the attr value from the
SAMLResponse, doesn't distinguish between an attribute being sent with
no value and the attribute not being sent at all - in both cases it
returns None. So we'd need some extra work here with parsing the
SAMLResponse properly, to be able to know when the custom profile field
should get cleared.
2024-08-20 13:57:30 -07:00
Aman Agrawal 2a158cb8d9 test_stripe: Normalize fixtures for test_stripe_billing_portal_urls. 2024-08-20 13:54:48 -07:00
Tim Abbott aaea645a49 docs: Clean up discussion of very old versions. 2024-08-20 11:53:24 -07:00
Mateusz Mandera cde83e8818 saml: Add documentation about user role/custom profile fields sync.
With substantial rewriting by tabbott, including moving mostly
irrelevant references to very old Zulip versions.
2024-08-20 11:53:24 -07:00
Mateusz Mandera 833dce8a13 saml: Add support for syncing user role.
Replace the SOCIAL_AUTH_SYNC_CUSTOM_ATTRS_DICT with
SOCIAL_AUTH_SYNC_ATTRS_DICT, designed to support also regular user attrs
like role or full name (in the future).

Custom attributes can stay configured as they were and will get merged
into SOCIAL_AUTH_SYNC_ATTRS_DICT in computed_settings, or can be
specified in SOCIAL_AUTH_SYNC_ATTRS_DICT directly with "custom__"
prefix.

The role sync is plumbed through to user creation, so users can
immediately be created with their intended role as provided by the IdP
when they're creating their account, even when doing this flow without
an invitiation.
2024-08-20 11:53:24 -07:00
Mateusz Mandera 9841bb9522 docs: Add note to SOCIAL_AUTH_SYNC_CUSTOM_ATTRS_DICT in settings.py. 2024-08-20 11:53:24 -07:00
Mateusz Mandera 8c1a1ea8db scim: Extract ROLE_TYPE_TO_NAME dict to UserProfile.
This allows these mappings to used in other APIs. Specifically, we want
to use this for syncing role during SAML auth.
2024-08-20 11:53:24 -07:00
Mateusz Mandera 76b41e433a maybe_send_to_registration: Enforce kwargs.
Most of these should be kwargs, to make sure we're not accidentally
getting the order wrong when calling it.
2024-08-20 11:53:24 -07:00
Kenneth Rodrigues 86bf0d3ea3 decorators: Migrate to typed_endpoint.
Modify `semgrep-py.yml` to treat arguments after `*args` as
keyword-only arguments.
2024-08-20 10:15:30 -07:00
Alex Vandiver 47ebef057e puppet: Switch to an included limits.d file. 2024-08-20 10:04:40 -07:00
Alex Vandiver 64516ab9f4 install-aws-server: Output tsh ssh command, not ssh. 2024-08-20 10:04:40 -07:00
Alex Vandiver c0237e3d58 kandra: Correct group ownership and permissions to match package's.
This reverts b000328ba5 and re-applies
a759d26a32.  It is likely that the
upstream packages are simply inconsistent.
2024-08-20 10:04:40 -07:00
Alex Vandiver a5a898ba21 install-aws-server: Switch to 24.04. 2024-08-20 10:04:37 -07:00
Alex Vandiver 3adedc9545 install-aws-server: Set the name of the root EBS volume. 2024-08-20 10:03:59 -07:00
Alex Vandiver fe0a7b3b77 kandra: Drop support for 20.04 hosts. 2024-08-20 10:03:59 -07:00
Kenneth Rodrigues 50712bfa81 scheduled_messages: Migrate to typed_endpoint.
Migrate `scheduled_message.py` to typed_endpoint.

Perform Json parsing in the endpoint itself instead of
in `recipient_parsing.py`.
2024-08-20 10:03:22 -07:00
Aman Agrawal 7f38c95384 dropdown_widget: Fix click event being triggered multiple times.
Reset event handlers attached to the dropdown widget and by removing
it from DOM.

User is unlikely to use the same dropdown multiple times, even if
they do, the operation is fast.
2024-08-20 09:56:59 -07:00
Aman Agrawal 82d3058b53 dropdown_widget: Remove unused instance property. 2024-08-20 09:56:59 -07:00
Lauryn Menard 3cb14ba7db api-docs: Clarify the behavior of the near operator.
On the server-side, the implementation of the "near" operator is a
noop. Clients should instead use the "anchor" parameter to express
the "near" operator in a search box or URL fragment.
2024-08-20 09:56:00 -07:00
evykassirer d9f25d01a1 web: Use util.the for accessing element of single-item lists. 2024-08-20 09:48:15 -07:00
evykassirer 113de14547 message_edit: Remove TODOs to parse more data that we don't need.
I'd thought maybe we want to make sure they were in sync, but we don't
need to parse the full data structure.
2024-08-20 09:48:15 -07:00
Lauryn Menard 31c32bcba7 support: Remove abbreviation for "Organization type". 2024-08-20 09:45:49 -07:00
Lauryn Menard b52b1bcca8 support: Consolidate sponsorship forms for remote and Zulip Cloud views.
In the Zulip Cloud support view, adds a "Realm management" section
for support actions that are specific to that view, (e.g., changing
an organization's type or deactivating an organization).

Moves the note about emailing organization owners when a full
sponsorship is approved for Zulip Cloud Standard to the success
message for that action, which mirrors the remote server/realm
support view.
2024-08-20 09:45:49 -07:00
Lauryn Menard 85e5494507 support: Remove unused class names on support forms. 2024-08-20 09:45:49 -07:00
Lauryn Menard c152061ef2 support: Consolidate margin bottom CSS rule for forms. 2024-08-20 09:45:49 -07:00
Karl Stolley 485428db86 rendered_markdown: Approximate non-alpha dark mode table border color. 2024-08-20 09:34:07 -07:00
Ujjawal Modi 2e67d88a20 user_groups: Update code to check whether user can edit a user group.
Earlier there was only a realm level setting for configuring
who can edit user groups. A new group level setting is also added
for configuring who can manage that particular group.
Now, a user group can be edited by a user if it is allowed from
realm level setting or group level setting.

This commit make changes in frontend to also use group level setting
in determining whether a group can be edited by user or not and disables
changing the group settings when group cannot be edited by user.
2024-08-20 09:28:05 -07:00