Commit Graph

838 Commits

Author SHA1 Message Date
Tim Abbott afaac85dc6 Move get_sqlalchemy_connection to its own file. 2016-07-19 15:28:41 -07:00
Kartik Maji 599b15cb84 Allow fetching subscribers for streams the user has never subscribed to.
This allows the frontend to fetch data on the subscribers list (etc.)
for streams where the user has never been subscribed, making it
possible to implement UI showing details like subscribe counts on the
subscriptions page.

This is likely a performance regression for very large teams with
large numbers of streams; we'll want to do some testing to determine
the impact (and thus whether we should make this feature only fully
enabled for larger realms).
2016-07-18 16:24:19 -07:00
Taranjeet Singh 5462341cb4 zerver/views/webhooks/github.py: Fix lines with length greater than 120. 2016-07-18 15:10:41 -07:00
Taranjeet Singh 3031214718 zerver/views/messages.py: Fix line with length greater than 120. 2016-07-18 15:05:52 -07:00
Taranjeet Singh 84660a5087 zerver/views/__init__.py: Fix lines with length greater than 120. 2016-07-18 14:51:06 -07:00
Taranjeet Singh 5499136bfd zerver/views/webhooks/teamcity.py: Fix line with length greater than 120. 2016-07-18 14:42:39 -07:00
Taranjeet Singh 7199ee8f08 zerver/views/webhooks/taiga.py: Fix line with length greater than 120. 2016-07-18 14:42:39 -07:00
Taranjeet Singh 3e17011f9c zerver/views/webhooks/pivotal.py: Fix line with length greater than 120. 2016-07-18 14:42:39 -07:00
Taranjeet Singh c437659cd9 zerver/views/webhooks/pingdom.py: Fix line with length greater than 120.
zerver/views/webhooks/pingdom.py: Fix indetation for function args.
2016-07-18 14:42:39 -07:00
Taranjeet Singh 7ddb254d2e zerver/views/webhooks/circleci.py: Fix line with length greater than 120.
zerver/views/webhooks/circleci.py: Fix indentation for function args.
2016-07-18 14:42:39 -07:00
Taranjeet Singh 1323685140 zerver/views/webhooks/beanstalk.py: Fix line with length greater than 120.
zerver/views/webhooks/beanstalk.py: Capture string in a temp variable.
2016-07-18 14:42:39 -07:00
Taranjeet Singh 569d14a826 zerver/views/webhooks/airbrake.py: Fix line with length greater than 120.
zerver/views/webhooks/airbrake.py: Fix Indentation.

zerver/views/webhooks/airbrake.py: Fix Indentation for args in function.
2016-07-18 14:42:39 -07:00
Taranjeet Singh 10afbc06f9 zerver/views/report.py: Fix line with length greater than 120.
zerver/views/report.py: Capture string in temporary variables.
2016-07-18 14:42:39 -07:00
Steve Howell 2bfa763c0b Use topic_name() in update_message_backend(). 2016-07-18 14:10:11 -07:00
Steve Howell 5fcbd0a178 Remove muting logic in approximate_unread_count().
The muting logic in approximate_unread_count() was confusing
stream/subject and only using the first of many stream/subject
pairs, so it was rarely excluding rows from the count, and when
it did exclude rows, they were the wrong rows.

This fixes part of #1300, but we may want to keep the issue open.
2016-07-18 11:21:51 -07:00
Steve Howell 60bd20da61 Remove zerver/lib/query.py (dead code). 2016-07-16 14:51:15 -07:00
Rishi Gupta 09754c9861 Remove JsonableErrors from actions.do_update_message.
There were a bunch of authorization and well-formedness checks in
zerver.lib.actions.do_update_message that I moved to
zerver.views.messages.update_message_backend.

Reason: by convention, functions in actions.py complete their actions;
error checking should be done outside the file when possible.

Fixes: #1150.
2016-07-15 13:55:49 -07:00
Rishi Gupta d529a94e4d Add realm setting to time-limit editing of message content.
This is controlled through the admin tab and a new field in the Realms table.
Notes:
* The admin tab setting takes a value in minutes, whereas the backend stores it
  in seconds.
* This setting is unused when allow_message_editing is false.
* There is some generosity in how the limit is enforced. For instance, if the
  user sees the hovering edit button, we ensure they have at least 5 seconds to
  click it, and if the user gets to the message edit form, we ensure they have
  at least 10 seconds to make the edit, by relaxing the limit.
* This commit also includes a countdown timer in the message edit form.

Resolves #903.
2016-07-15 13:55:49 -07:00
Tomasz Kolek f689fbfa4d Replace old Trello integration with a webhook integration.
Fixes: #709.

[With tweaks on the documentation by tabbott]
2016-07-13 21:00:27 -07:00
Eklavya Sharma a7d2dab28f Fix non-deterministic output from Taiga integration.
Taiga's webhook integration would give output events in a random
order which caused test failures on python 3 (seems like python
3 is more prone to non-deterministic failures).  Fix that by
sorting the outputs obtained from events before concatenating them.
2016-07-13 16:00:46 -07:00
Eklavya Sharma 5382aeb385 Render PagerDuty message using ujson.dumps.
Use ujson.dumps to render raw messages sent by the PagerDuty
integration instead of using pprint.pformat.  pprint.pformat
gives different results on python 2 and 3.
2016-07-13 16:00:46 -07:00
Eklavya Sharma e6502710b6 Change exception.message to str(exception).
The 'message' attribute in Exception has been deprecated.
It has been removed in python 3.
2016-07-13 16:00:46 -07:00
Tim Abbott c0a6672471 Update path to language_options.json in production.
The previous code didn't correctly transport language_options.json to
the production environment.
2016-07-13 12:30:45 -07:00
Tim Abbott 305189956b update_message_flags: Log number of messages updated. 2016-07-12 19:12:49 -07:00
Steve Howell 3923f94a2b Remove unused code path in avatar() endpoint. 2016-07-12 17:37:02 -07:00
Tomasz Kolek d0066c37ff Add bitbucket2 integration.
Bitbucket changed the format of their API.  The old format is still
useful for BitBucket enterprise, but for the main cloud verison of
Bitbucket, we need a new BitBucket integration supporting the new API.
2016-07-12 17:34:34 -07:00
Tim Abbott 3647973069 update_message_backend: Reorganize validation checks.
The new organization more clearly does the permission check first.
2016-07-10 18:01:59 -07:00
Tim Abbott 05632b68e1 edit: Add validation for setting empty content. 2016-07-10 18:01:59 -07:00
Tim Abbott 211a166abc message edit: Move new topic non-empty check to view. 2016-07-10 18:01:59 -07:00
Rishi Gupta 43c2f35776 Add realm setting to disable message editing.
This is controlled through the admin tab and a new field in the Realms
table.  This mirrors the behavior of the old hardcoded setting
feature_flags.disable_message_editing.  Partially resolves #903.
2016-07-10 11:57:24 -07:00
Steve Howell c680c6a981 Removed unused to_non_negative_float() function. 2016-07-09 07:37:13 -07:00
Umair Khan 043ae8ad65 Upgrade to Django-Pipeline==1.6.8. 2016-07-09 07:09:55 -07:00
Taranjeet a8a4caf2c0 zerver: Fix lines with length greater than 120. 2016-07-08 11:41:43 -07:00
Eklavya Sharma 6c3f1bb967 beanstalk.py: Encode and decode strings correctly. 2016-07-07 12:42:51 -07:00
Eklavya Sharma 26b8e7357a zerver/views/messages.py: Operate on bytes in highlight_string. 2016-07-07 12:42:51 -07:00
Eklavya Sharma 63d55bdd86 zerver/views/__init__.py: decode b64encoded ccache.
Convert b64encoded ccache to `str` before passing to
subprocess.check_call.
2016-07-07 10:02:08 -07:00
Umair Khan 035fceb814 Add dynamically loaded language dropdown. 2016-07-04 11:56:02 -07:00
Eklavya Sharma 9772a512cb Use abstract types in annotations. 2016-07-04 03:01:32 +05:30
Kartik Maji f8bb7503e6 Add ability to pin streams to top of the streams sidebar list.
Based on work by Lauren Long, with some tweaks by tabbott.
2016-06-30 22:26:09 -07:00
Vishnu Ks 1cbd39b768 Unique link generator for realm creation. 2016-06-30 15:52:41 -07:00
Rishi Gupta 17b6d136d5 Add Semaphore webhook integration. 2016-06-29 16:36:19 -07:00
Tim Abbott abc2c03b0f Fix missing 'current_url' value in registration flow.
This fixes some tracebacks I got while testing the Zulip htpasswd SSO
functionality.

I think that this stopped working as a result of the Jinja2 migration.
2016-06-28 23:05:38 -07:00
acrefoot a36e5d4987 Add get_auth_backends endpoint to API.
We would like to know which kind of authentication backends the server
supports.

This is information you can get from /login, but not in a way easily
parseable by API apps (e.g. the Zulip mobile apps).
2016-06-27 18:30:34 -07:00
Tim Abbott e72f41cdec Remove old prototype data import/export tool.
This prototype from Dropbox Hack Week turned out to be too inefficient
to be used for realms with any significant amount of history, so we're
removing it.

It will be replaced by https://github.com/zulip/zulip/pull/673.
2016-06-27 13:47:08 -07:00
Tim Abbott b2a24e0306 Revert "Add authorization check before serving files."
This reverts commit e985b57259.

This commit will break production when we next do a release, because
we haven't done a migration to create Attachment objects for
previously uploaded files.
2016-06-27 12:09:56 -07:00
rahuldeve e985b57259 Add authorization check before serving files. 2016-06-27 11:24:35 -07:00
rahuldeve 674def30ee Add support for serving files using API authentication.
Also remove 'get_uploaded_file' view function and the corresponding
old '/user_upload/' url pattern.
2016-06-27 11:00:41 -07:00
Tim Abbott 79570f99c2 json_upload_file: Remove unnecessary has_request_variables. 2016-06-27 10:29:30 -07:00
Tim Abbott 8272fb4a94 zerver.views.upload: Move upload functions later in file. 2016-06-27 10:28:09 -07:00
Eklavya Sharma d7a83ed019 zerver/views/__init__.py: Type annotate a variable. 2016-06-27 17:52:37 +05:30
Eklavya Sharma 63a5323259 zerver/views/streams.py: Type annotate variables. 2016-06-27 17:52:22 +05:30
dhanus 1169329a71 Annotate zerver/views/webhooks/github.py. 2016-06-26 08:13:49 -07:00
Eklavya Sharma 85cb3e6103 zerver/views/webhooks/github.py: Make exception string str.
Passing a unicode string to Exception can sometimes fail.
Convert it to str to prevent that.
2016-06-26 08:13:49 -07:00
Eklavya Sharma a32f83b182 zerver/views/webhooks/github.py: Fix string literals.
Change some string literals to unicode.
2016-06-26 08:13:49 -07:00
Eklavya Sharma fa4adf0c62 zerver/views/webhooks/bitbucket.py: Fix an annotation. 2016-06-26 08:13:49 -07:00
Eklavya Sharma 36c2214d94 zerver/views/webhooks/bitbucket.py: Fix string literals.
Convert some strings literals to unicode.
2016-06-26 08:13:49 -07:00
Vishnu Ks 7d654a26c8 Casper test for realm creation. 2016-06-25 10:50:12 -07:00
Vishnu Ks 20adcbc64b Make send_registration_completion_email return the Confirmation object. 2016-06-24 17:47:56 -07:00
Vishnu Ks 8350b89798 Add support for custom error message in realm-creation-failed template. 2016-06-24 17:47:56 -07:00
Tim Abbott 6d71c25a0f accounts_register: Stop using _ as dummy variable.
This conflicts with internationalization.
2016-06-24 17:47:31 -07:00
acrefoot e4ed9195dc Remove rest_dispatch hack and optimize imports.
For a long time, rest_dispatch has had this hack where we have to
create a copy of it in each views file using it, in order to directly
access the globals list in that file.  This removes that hack, instead
making rest_dispatch just use Django's import_string to access the
target method to use.

[tweaked and reorganized from acrefoot's original branch in various
ways by tabbott]
2016-06-24 16:11:03 -07:00
Vishnu Ks 574a304b12 Mention invite emails are printed in console in dev.
This is part 2 of #1046.
2016-06-23 17:07:11 -07:00
Tim Abbott f39c9161fe Fix fetching user API keys via settings page when using LDAP backend.
Previously, json_fetch_api_key was hardcoding a check using Zulip's
built-in password functionality, rather than using authenticate().
2016-06-21 14:58:25 -07:00
Tomasz Kolek 9ae68ade8b Add is_webhook option to authentication decorats.
Modified:
authenticated_rest_api_view
authenticated_api_view and validate_api_key.
2016-06-21 11:47:38 -07:00
Tim Abbott 80d92c1651 Add comment documenting confusing list_to_streams code. 2016-06-21 11:45:35 -07:00
Vishnu Ks ad1c3894d9 Add interface for creating new realms.
This is controlled by settings.OPEN_REALM_CREATION; if that setting is
off, this feature doesn't do anything.
2016-06-17 16:15:28 -07:00
kunall17 007eee6061 Add route to fetch emails for mobile passwordless login.
[Tweaked by tabbott to rename API to explicitly support not just
Android]
2016-06-17 11:03:19 -07:00
kunall17 7ea0eaed1c Add passwordless login for mobile app development.
[Tweaked by tabbott to rename API to explicitly support not just
Android].
2016-06-17 10:58:33 -07:00
Vishnu Ks 01c9bb2d5e Make name_changes_disabled() work with no argument. 2016-06-16 17:13:59 -07:00
Tomasz Kolek 76cbe89613 Add IFTTT integration. 2016-06-16 15:30:45 -07:00
John Hergenroeder 16a19226f6 Add linter check for redundant REQ whence argument. 2016-06-16 13:53:39 -07:00
Tomasz Kolek 4e51a86ea4 Add updownio integration. 2016-06-14 12:14:07 -07:00
Tomasz Kolek 14d69348d3 Add Airbrake integration. 2016-06-13 20:36:40 -07:00
Eklavya Sharma 6f5ed6e7c9 Fix annotations clashing with Stream model fields. 2016-06-13 20:01:02 +05:30
Eklavya Sharma 9d7a2fdf9d zerver/views/streams.py: Fix annotations.
Mainly fix `str` to `text_type` and use abstract containers.
2016-06-13 20:01:01 +05:30
Eklavya Sharma 10f2ec043d Fix zerver.lib.utils.generate_random_token.
generate_random_token used to return a value of type six.binary_type
and its return type was annotated as `str`.  This commit fixes that
by making it return a value of type `six.text_type` and updating
the annotation accordingly.
Also fix clashing annnotations.
2016-06-12 09:30:53 -07:00
Babak ad895eb690 Annotate zerver/views/report.py. 2016-06-11 18:42:37 -07:00
Vishnu Ks 77ec6217eb Add validation for private message recipients.
The function will reject messages where recipients aren't either a
member of the realm or a member of cross_realm_user_emails.

Fixes: #930.
2016-06-11 11:24:45 -07:00
Eklavya Sharma 53084fe03c Use text_type as type of cache keys and update users.
This changes the type annotations for the cache keys in Zulip to be
consistently text_type, and updates the annotations for values that
are used as cache keys across the codebase.
2016-06-11 09:10:34 -07:00
Vishnu Ks b926826ea1 Remove default_stream addition and deletion from update_stream_backend.
Default stream addition/removal is done via the /default_stream REST
endpoints.
2016-06-10 16:59:15 -07:00
rahuldeve fa13582ffb Serve uploaded files through get_uploaded_file in development.
Previously, uploaded files were served:
* With S3UploadBackend, via get_uploaded_file (redirects to S3)
* With LocalUploadBackend in production, via nginx directly
* With LocalUploadBackend in development, via Django's static file server

This changes that last case to use get_uploaded_file in development,
which is a key step towards being able to do proper access control
authorization.

Does not affect production.
2016-06-09 22:58:25 -07:00
Tim Abbott 13bac1cc2a Fix serving files uploaded to S3.
This was broken by the refactoring to realm_id_str in:
a261a6bbac.
2016-06-09 21:55:50 -07:00
rahuldeve 3e3462da0d Refactor zerver.lib.upload.upload_message_image_through_web_client.
upload_message_image_through_web_client -> upload_message_image_from_request
2016-06-09 21:09:12 -07:00
medullaskyline 39eaf02b40 Annotate zerver.views.webhooks.taiga. 2016-06-09 17:08:55 -07:00
Vishnu Ks f9f31b79d0 Make default_streams web controllable.
Fixes: #665
2016-06-09 15:24:32 -07:00
rahuldeve ed83bb7f54 Refactor zerver.views.upload. 2016-06-08 09:49:14 -07:00
Hyunchel Kim b0702c62fc Annotate zerver.views.messages partially. 2016-06-07 21:09:30 -07:00
Tim Abbott bc2961d3ac Refactor file upload routes to their own file. 2016-06-06 16:09:05 -07:00
Evan Palmer 8afeb7d8ce Annotate webhooks/transifex.py, webhooks/yo.py. 2016-06-05 17:01:53 -07:00
Daw-Ran Liou 7f0709b65c Annotate zerver.views.webhooks.freshdesk
Change the comments into docstrings.
Modified the return type of parse_freshdesk_event to always return a
list of str.
2016-06-05 15:56:27 -07:00
Dalek-Sec c457f551ea Annotate zerver/views/webhooks/crashlytics.py 2016-06-05 15:54:13 -07:00
medullaskyline 7e30de04ca Annotate zerver.views.webhooks.pingdom. 2016-06-05 15:52:53 -07:00
medullaskyline 4c1da236ad Annotate zerver.views.webhooks.pagerduty. 2016-06-05 15:47:33 -07:00
Daw-Ran Liou 4428287846 Annotate zerver.views.webhooks.stash. 2016-06-05 15:42:25 -07:00
Hyunchel Kim b79cad0404 Annotate zerver.views.webhooks.teamcity 2016-06-05 15:11:45 -07:00
Daw-Ran Liou 26d067fc97 Annotate zerver.views.webhooks.pivotal. 2016-06-05 14:57:53 -07:00
medullaskyline 2369d48a9b Annotate zerver.views.webhooks.newrelic. 2016-06-05 14:52:20 -07:00
Evan Palmer 4bf81b58b4 Annotate zerver/views/webhooks/zendesk.py. 2016-06-05 14:50:52 -07:00
Hyunchel Kim de34dd1187 Annotate travis webhoook function. 2016-06-05 14:46:26 -07:00
medullaskyline 158914aa98 Annotate zerver.views.webhooks.jira. 2016-06-05 14:36:39 -07:00
Hyunchel Kim bc87685ea6 bitbucket: Correct return type in annotation. 2016-06-05 14:33:31 -07:00
Max 86fb6467e7 Add annotations to avatar.py, db.py, logging_util.py, unminify.py.
Also, fixed a a small type annotation in users.py because email must
be a string because emails don't support UTF-8 at this time (according
a comment in gravatar_hash in avatar.py).
2016-06-05 12:38:20 -07:00
Daw-Ran Liou 90a2dead46 Annotate zerver/views/webhooks/deskdotcom.py. 2016-06-05 11:53:44 -07:00
Deborah Hanus a261a6bbac Annotate zerver/views/__init__.py.
Also fix typing errors in a few related files.

[with tweaks from tabbott]
2016-06-05 11:34:19 -07:00
Daw-Ran Liou c9bb93b0d2 Annotate zerver/views/webhooks/beanstalk.py. 2016-06-05 10:54:23 -07:00
Dalek-Sec 2bcf313a85 Added MyPy types to zerver/views/webhooks/codeship.py 2016-06-04 22:03:41 -07:00
Daw-Ran Liou 0265968ea2 Annotate zerver/views/user_settings. 2016-06-04 17:41:59 -07:00
Reid Barton cf93c8bce0 Annotate zerver/views/webhooks/bitbucket.py. 2016-06-04 17:02:59 -07:00
Daw-Ran Liou 8bbd93011d Annotate zerver/views/users.py. 2016-06-04 17:00:53 -07:00
Tomasz Kolek 8411b2e574 Add Crashlytics integration. 2016-06-04 15:18:42 -07:00
Tomasz Kolek 093e5a96d4 Add Transifex integration.
Fixes: #810.
2016-06-04 14:52:57 -07:00
David Adamec 9e8ea93d3d Add annotations for zerver/lib/validator. 2016-06-03 23:53:49 -07:00
Tim Abbott 03debdf82f Fix malformed error message when creating invalid Realm Emoji.
Thanks to Greg McCoy for his help finding this bug.
2016-06-03 23:12:36 -07:00
Ashish Kumar 9b990e3bd0 Type annotation of zerver/views/alert_words.
[Tweaked by tabbott to annotate the REQ variables the new way]
2016-06-03 08:07:58 -07:00
Oren Leaffer c2ce5119c6 Annotate zerver.views.tutorial. 2016-06-02 18:49:27 -07:00
Pei-Wei Wu 8d2733ae8c Add mypy type annotations to zerver/views/streams.py. 2016-06-02 15:44:43 -07:00
Ashley Dunn 7826aa7e7f Type annotation of zerver/views/realm_emoji. 2016-06-02 14:01:28 -07:00
Umair Khan 08fbd57245 [i18n] Make error messages translatable.
Make all strings passing through `json_error` and `JsonableError`
translatable.

Fixes #727
2016-05-31 07:40:42 -07:00
Tim Abbott 960144a49e Desupport using uninstantiated REQ with has_request_variables.
This makes life difficult for doing static type annotations, and
didn't make the code look that much better anyway.
2016-05-31 07:31:15 -07:00
Tim Abbott baec0f12cf Add a proper annotation for REQ in streams.py. 2016-05-30 11:41:16 -07:00
Eklavya Sharma efab224bd1 zerver/lib/actions.py: Remove unneeded `return {}` statements. 2016-05-29 04:26:17 -07:00
Tomasz Kolek 8c18b8947f Add bot_type field to UserProfile.
This is intended to support creating different types of bots with
potentially limited permissions.
2016-05-19 22:37:37 -07:00
Aristeidis Fkiaras 3ee210d9e8 Add setting to only allow admins create new streams.
Fixes: #691.

Thanks to Preston Hansen for work on this feature!
2016-05-18 18:53:13 -07:00
Tim Abbott e781136132 Fix subscribing to existing streams when can_create_streams=False.
Previously, a user with can_create_streams=False would be incorrectly
unable to subscribe to streams, whether the streams previously existed
or not.
2016-05-18 18:47:24 -07:00
Eklavya Sharma 16067b7013 Make zerver/views/webhooks/jira.py pass mypy check. 2016-05-18 17:10:17 +05:30
Tim Abbott c3985520e5 webhooks: Remove unnecessary get_client imports. 2016-05-13 12:25:12 -07:00
Tomasz Kolek db7ea8b484 Move getting client to api_key_only_webhook_view.
This decreases the amount of convention developers need to understand
in order to write a new webhook integration.
2016-05-13 12:22:38 -07:00
Tomasz Kolek eeeb4d0c92 Add CircleCI integration.
Fixes: #617.
2016-05-11 21:17:37 -07:00
Tim Abbott 92bec8cfea Merge Zulip 1.3.12 security release. 2016-05-10 11:32:26 -07:00
Tim Abbott 620debc5fd Change PrincipalError to return status code 403 by default. 2016-05-10 09:50:57 -07:00
Tim Abbott be216506a9 Improve api_fetch_api_key error messages.
Previously, api_fetch_api_key would not give clear error messages if
password auth was disabled or the user's realm had been deactivated;
additionally, the account disabled error stopped triggering when we
moved the active account check into the auth decorators.
2016-05-10 09:50:57 -07:00
Tim Abbott b28b3cd65c CVE-2016-4427: Fix access by deactivated realms/users.
The security model for deactivated users (and users in deactivated
realms) being unable to access the service is intended to work via two
mechanisms:

* All active user sessions are deleted, and all login code paths
  (where a user could get a new session) check whether the user (or
  realm) is inactive before authorizing the request, preventing the
  user from accessing the website and AJAX endpoints.
* All API code paths (which don't require a session) check whether the
  user (and realm) are active.

However, this security model was not implemented correctly.  In
particular, the check for whether a user has an active account in the
login process was done inside the login form's validators, which meant
that authentication mechanisms that did not use the login form
(e.g. Google and REMOTE_USER auth) could succeed in granting a session
even with an inactive account.  The Zulip homepage would still fail to
load because the code for / includes an API call to Tornado authorized
by the user's token that would fail, but this mechanism could allow an
inactive user to access realm data or users to access data in a
deactivated realm.

This fixes the issue by adding explicit checks for inactive users and
inactive realms in all authentication backends (even those that were
already protected by the login form validator).

Mirror dummy users are already inactive, so we can remove the explicit
code around mirror dummy users.

The following commits add a complete set of tests for Zulip's inactive
user and realm security model.
2016-05-10 09:50:48 -07:00
Tim Abbott 3cde06ea33 Add support for setting HTTP status codes in JsonableError. 2016-05-10 09:50:48 -07:00
Tim Abbott b869be9301 style: Use 'not in' consistently rather than `not foo in`. 2016-05-09 17:00:10 -07:00
Umair Khan 5359e6b0d4 Convert Zulip to use Jinja2 templates.
This results in a substantial performance improvement for all of
Zulip's backend templates.

Changes in templates:
- Change `block.super` to `super()`.
- Remove `load` tag because Jinja2 doesn't support it.
- Use `minified_js()|safe` instead of `{% minified_js %}`.
- Use `compressed_css()|safe` instead of `{% compressed_css %}`.
- `forloop.first` -> `loop.first`.
- Use `{{ csrf_input }}` instead of `{% csrf_token %}`.
- Use `{# ... #}` instead of `{% comment %}`.
- Use `url()` instead of `{% url %}`.
- Use `_()` instead of `{% trans %}` because in Jinja `trans` is a block tag.
- Use `{% trans %}` instead of `{% blocktrans %}`.
- Use `{% raw %}` instead of `{% verbatim %}`.

Changes in tools:
- Check for `trans` block in `check-templates` instead of `blocktrans`

Changes in backend:
- Create custom `render_to_response` function which takes `request` objects
  instead of `RequestContext` object. There are two reasons to do this:
    1. `RequestContext` is not compatible with Jinja2
    2. `RequestContext` in `render_to_response` is deprecated.
- Add Jinja2 related support files in zproject/jinja2 directory. It
  includes a custom backend and a template renderer, compressors for js
  and css and Jinja2 environment handler.
- Enable `slugify` and `pluralize` filters in Jinja2 environment.

Fixes #620.
2016-05-09 09:55:18 -07:00
Preston Hansen 635828069f Add feature to mark all in stream/topic as read with mouse.
Fixes #736.
2016-05-08 09:02:46 -07:00
Tim Abbott 6139e8948a travis: User REQ framework for extracting JSON payload. 2016-05-07 11:54:14 -07:00
Tim Abbott 678adc2048 webhooks: Use REQ more consistently in stream name parsing.
To avoid the potential for introducing regressions here, we carefully
pass a default to REQ or not based on how the existing webhook's
parsing code worked.  In the longer term, we'll want to make the
behavior consistent.
2016-05-07 11:54:14 -07:00
Tomasz Kolek c2de38239e Add payload validation to has_request_variables and REQ tasks.
[with tweaks by tabbott]
2016-05-07 11:54:09 -07:00
Tim Abbott 54022ac204 Fix unnecessary whitespace between , and ). 2016-05-04 14:16:53 -07:00
Ashish Kumar 48be2e33f8 Delete old route for /json/get_public_streams. 2016-04-29 12:57:57 -07:00
Antek Grzanka 646ea3214a Add Taiga integration. 2016-04-28 13:44:53 -07:00
Vladislav Manchev f5e6176aea Add custom realm emoji UI to administration page. 2016-04-26 13:15:54 -07:00
Tomasz Kolek 5fbda3a9c1 Add codeship integration. 2016-04-26 09:54:01 -07:00
David Payne 8c62a27769 Add teamcity webhook integration.
This integration relies on the Teamcity "tcWebHooks" plugin which is
available at
https://netwolfuk.wordpress.com/category/teamcity/tcplugins/tcwebhooks/

It posts build fail and success notifications to a stream specified in
the webhook URL.

It uses the name of the build configuration as the topic.

For personal builds, it tries to map the Teamcity username to a Zulip
username, and sends a private message to that person.
2016-04-26 09:45:26 -07:00
Tomasz Kolek c74483e69e github_webhook: change double quotes to single quotes for consistency. 2016-04-21 17:04:25 -07:00
Tomasz Kolek 09e40b27c2 github_webhook: throw an exception on unhandled events types. 2016-04-21 17:03:58 -07:00
Tomasz Kolek fafc9cb742 github_webhook: remove redundant parenthesis. 2016-04-21 17:02:49 -07:00
Tomasz Kolek 43b0cfaebc github_webhook: Use more one-line pythonic assignments. 2016-04-21 17:00:47 -07:00
Tomasz Kolek decb686255 github_webhook: factor out is_test_repository function. 2016-04-21 16:57:19 -07:00
Tomasz Kolek e1079d8475 github_webhook: extract the constants to the top of the file. 2016-04-21 16:56:44 -07:00
Tim Abbott 8a278cbe3a Switch to using a Zulip version of @login_required.
Currently the code is the unmodified Django upstream implementation;
this commit is preparation for modifying it.
2016-04-21 14:59:39 -07:00
Tim Abbott 49799440a4 Replace use of django-guardian with fields on UserProfile.
As documented in https://github.com/zulip/zulip/issues/441, Guardian
has quite poor performance, and in fact almost 50% of the time spent
running the Zulip backend test suite on my laptop was inside Guardian.

As part of this migration, we also clean up the old API_SUPER_USERS
variable used to mark EMAIL_GATEWAY_BOT as an API super user; now that
permission is managed entirely via the database.

When rebasing past this commit, developers will need to do a
`manage.py migrate` in order to apply the migration changes before the
server will run again.

We can't yet remove Guardian from INSTALLED_APPS, requirements.txt,
etc. in this release, because otherwise the reverse migration won't
work.

Fixes #441.
2016-04-20 21:51:52 -07:00
David Payne ece96ef3fe Jira's "issue created" message should @-notify the assignee. 2016-04-20 10:54:30 -07:00
Ashish 1bf644369f Delete old route for json/update_active_status. 2016-04-11 21:38:23 -07:00
Ashish 78b9f45bf7 Delete old route for json/update_pointer. 2016-04-11 21:38:23 -07:00
Ashish 9429358795 Delete old route for /json/get_profile. 2016-04-11 21:38:23 -07:00
Ashish 42fe918138 Delete old route for json/get_old_messages. 2016-04-11 21:38:23 -07:00
Ashish cfefc94200 Delete old route for json/set_alert_words. 2016-04-11 21:38:23 -07:00
Ashish c0a218edfc Delete old route for /json/update_message_flags. 2016-04-11 21:38:23 -07:00
Ashish dac4e58b91 Changes REST API backend route for /json/change_enter_sends. 2016-04-11 21:11:51 -07:00
Anindya Chakravarti f3d03d89b4 Add integration for Yo App.
[includes some small tweaks by tabbott]
2016-04-08 11:02:10 -07:00
Tomasz Kolek 44ed9da7f0 Add pingdom integration. 2016-04-08 10:36:29 -07:00
Varshit 4e1060076d Purge 'from typing import *' from zerver/.
This is a partial implementation of #636.
2016-04-07 14:07:07 -07:00
Eklavya Sharma 5f03c1444e Remove duplicate module zerver/views/webhooks.py.
Also move type annotations from zerver/views/webhooks.py to
appropriate files in zerver/views/webhooks.py.
2016-04-07 12:37:22 +05:30
Tim Abbott ec7bb0b011 Add PEP-484 type annotations to zerver/views/. 2016-04-03 15:40:23 -07:00
Ryan Moore 2fe0700f55 Update memcache -> remote cache in inline documentation. 2016-03-31 12:56:42 -07:00
Eklavya Sharma 9e3c3e14f5 Partially apply Python 3 libmodernize.fixes.fix_dict_six.
Refer to #256
2016-03-19 15:52:58 -07:00
Tomasz Kolek 3e3a224607 Moved pagerduty webhook into its own file pagerduty.py 2016-03-14 20:44:50 -07:00
Tomasz Kolek 05dce01cee Moved travis webhook into its own file travis.py 2016-03-14 20:44:45 -07:00
Tomasz Kolek f640470fa4 Moved zendesk webhook into its own file zendesk.py 2016-03-14 20:44:42 -07:00
Tomasz Kolek b3e5a256f5 Moved freshdesk webhook into its own file freshdesk.py 2016-03-14 20:44:41 -07:00
Tomasz Kolek 021c66fd9a Moved stash webhook into its own file stash.py 2016-03-14 20:44:41 -07:00
Tomasz Kolek 7a4c9d243f Moved deskdotcom webhook into its own file deskdotcom.py 2016-03-14 20:44:41 -07:00
Tomasz Kolek 087bd72814 Moved bitbucket webhook into its own file bitbucket.py 2016-03-14 20:44:41 -07:00
Tomasz Kolek 93b52f6f8e Moved newrelic webhook into its own file newrelic.py 2016-03-14 20:44:41 -07:00
Tomasz Kolek a2b31da045 Moved pivotal webhook into its own file pivotal.py 2016-03-14 20:44:41 -07:00
Tomasz Kolek 5ade895936 Moved jira webhook into its own file jira.py 2016-03-14 20:44:41 -07:00
Tomasz Kolek a0512244b3 Moved beanstalk webhook into its own file beanstalk.py 2016-03-14 20:44:41 -07:00
Tomasz Kolek 6a3ab0605d Moved github webhook into its own file github.py 2016-03-14 20:44:41 -07:00
Tomasz Kolek 8a0ed47751 moved webhooks to python package 2016-03-14 20:44:41 -07:00
Reid Barton 6c6dc1d81d Allow create user API to create any user in an open realm. 2016-02-07 19:19:19 -08:00
Reid Barton 9735025167 Refactor logic around restricted_to_domain.
Add a function email_allowed_for_realm that checks whether a user with
given email is allowed to join a given realm (either because the email
has the right domain, or because the realm is open), and use it
whenever deciding whether to allow adding a user to a realm.

This commit is not intended to change any behavior, except in one case
where the Zulip realm's domain was not being converted to lowercase.
2016-02-07 10:54:52 -05:00
Reid Barton 0755b51c2e Move create_user_backend into zerver.views.users.
Commit aa33a0da moved users views into their own file, but missed this one.
2016-02-07 10:54:48 -05:00
Reid Barton 4e5f18407d Add comment in create_user_backend about not needing to invite users first. 2016-02-07 10:52:50 -05:00
Tim Abbott 620411c0ea Fix type mismatches in streams.py. 2016-02-03 19:25:19 -08:00
Tim Abbott 6c5cee2400 Cleanup 500s due to Google oauth2 errors.
These are user errors, albeit somewhat interesting ones, so they
should be logged (and return a user error response), not throw an
exception.
2016-02-02 23:08:20 -08:00
Tim Abbott aad3bff193 Harden style rule for % comprehensions and fix existing errors. 2016-02-02 23:08:19 -08:00
Tim Abbott 5bacda3662 python3: Fix usage of .keys()/.values() to handle iterators.
This fixes the places where we use the result of .keys(), .items(),
and .values() that wouldn't work with an iterator to wrap them with
list().
2016-01-26 21:11:25 -08:00
Tim Abbott 6528b18ad3 Switch all urllib/urlparse usage to six.moves.urllib.
This provides Python 2+3 compatibility for our use of urllib.

Also add a test to avoid future regressions.
2016-01-26 21:09:43 -08:00
Reid Barton ed412281d0 Fix typo in Google OAuth error message. 2016-01-12 09:32:09 -05:00
Tim Abbott c661bc17fb Fix support for having a unique, open realm.
The previous implementation didn't work because HomepageForm rejected
the email as not having a domain.  Additionally, the logic in
accounts_register didn't work with Google auth because that code path
doesn't pass through accounts_home.  Since whether there's a unique
open realm for the server is effectively a configuration property, we
can fix the bug and make the logic clearer by moving it into the
"figure out the user's realm" function.
2016-01-09 22:52:34 -08:00
Tim Abbott 85a8a742e2 Remove unused json_events_register route.
The browser registers for events via loading the home view, not this
interface, and this functionality is available via the API-format
register route anyway.
2016-01-09 20:01:38 -08:00
Tim Abbott 01f613751a Limit DevAuthBackend user list display to 100 users.
This makes it possible to use DevAuthBackend when doing
performance/scalability testing on Zulip with many thousands of users.

It's unlikely that anyone testing this backend will find it valuable
to have more than 100 login buttons on the same page, and if they do,
they can always just change this limit.

Thanks to @dbiollo for the suggestion!
2016-01-09 20:01:37 -08:00
Tim Abbott be9939b2ad Fix tracebacks if HTTP_USER_AGENT is not specified.
Previously, we handled this correctly in some places (like the
decorators) but not in the website flows (accepting ToS, loading /).
2015-12-25 16:23:11 -08:00
Tim Abbott e95739961f Remove now obsolete /json/send_message route. 2015-12-12 18:14:08 -08:00
Tim Abbott 9cec758854 Remove now obsolete /json/subscriptions/add endpoint. 2015-12-12 18:14:08 -08:00
Tim Abbott a79e89b28f Cleanup remaining usage of % comprehensions without explicit tuples. 2015-12-05 15:29:42 -08:00
Josh Mandel 716e2d9184 Add integration for Travis CI. 2015-11-30 20:41:33 -08:00
Chris Chapman 44a9e1dff5 Fix for setting file upload size through settings file.
(Slightly tweaked by Tim Abbott to change the variable name, docs, and
default values).

Fixes #276.
2015-11-24 06:06:46 -08:00