Commit Graph

44489 Commits

Author SHA1 Message Date
Sahil Batra 6bae097bf1 settings: Refactor settings_display.js code.
This commit refactors the code in settings_display.js
by modifying the functions to receive the container
element and settings object as parameter such that
we can use the same functions for realm-level
settings by passing appropriate container element
and settings object.

This change is needed as settings_display will be
used as a common module for user settings and realm
level settings.

We also rename the default_language_name variable in
settings_display to user_default_language_name as we
would add a separate variable for realm-level setting
in future.
2021-09-15 09:50:31 -07:00
Sahil Batra e127cde3c1 settings: Make separate object for display settings labels.
This object will also be used for labels of realm-level
default of display settings.
2021-09-15 09:50:31 -07:00
Tim Abbott 39c897a2b0 help: Rename about-streams-and-topics to streams-and-topics.
This better matches the title of the page and more generally our
conventions around naming /help/ articles.  We include a redirect
because this is referenced from Welcome Bot messages, and we
definitely don't want those links to break.
2021-09-15 09:48:36 -07:00
Sahil Batra 6e169be933 settings: Fix the sticky behavior of saving indicator.
We want the saving indicator to be sticky in the cases
where we ask user to reload after changing settings.
This used to work correctly before 9e08c6db93, as
'if(remove_after)' returned false if remove_after was
null, but the condition was changed in 9e08c6db93
to 'if(remove_after !== undefined)' and thus the
condition returned true when remove_after was null.
This commit change the remove_after value to undefined
for sticky cases.
2021-09-15 09:47:08 -07:00
Alex Vandiver 8c72959951 push_notifications: Handle empty rendered_messages.
This parallels fe25517295, but for mobile notifications.  It also
adds a test, which verifies that such content does not crash either
mobile or email notifications.
2021-09-15 09:45:38 -07:00
Alex Vandiver 039b869ca5 email_notifications: Fix inline-ing of image-URL-only messages.
fe25517295 adjusted the email_notifications codepath to use
`lxml.html.fragment_fromstring` method when parsing
`rendered_content`, but left the tests using a helper which called
`fromstring`.

Switching the tests to match the code as run reveals a bug -- using
`drop_tree` on all `message_inline_image` classes now _does_ remove
all of a top-level image-URL-only message.  Previously, such messages
were "safe" from the block that calls `drop_tree` only by dint of
`drop_tree` being a silent no-op for the root element.  When parsed
using `fragment_fromstring`, they are no longer the root, and as such
an empty message results.

Reorder relative_to_full_url to check for only one `message_inline_image`
within the top `<div>`, and only run the `drop_tree` path in the
alternate case.  Tests must be adjusted for their output now including
one more layer of `<div>`.
2021-09-15 09:45:38 -07:00
Mateusz Mandera 0e8735aeea saml: Link to python3-saml docs above the security config dict. 2021-09-15 09:44:16 -07:00
Mateusz Mandera 4c9792b6a3 saml: Set requestedAuthnContext to False in prod_settings_template.
AuthnContextClassRef tells the IdP what forms of authentication the user
should use on the IdP's server for us to be okay with it. I don't think
there's a reason for us to enforce anything here and it should be up to
the IdP's configuration to handle authentication how it wants.

The default AuthnContextClassRef only allows PasswordProtectedTransport,
causing the IdP to e.g. reject authentication with Yubikey in AzureAD
SAML - which can be confusing for folks setting up SAML and is just not
necessary.
2021-09-15 09:44:16 -07:00
Anders Kaseorg 79b88b79bb webpack: Upgrade to Webpack 5.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-14 17:02:03 -07:00
Mateusz Mandera c460351898 auth: Add logging of successful attempts to social codepath.
The previous commit introduced logging of attempts for username+password
backends. For completeness, we should log, in the same format,
successful attempts via social auth backends.
2021-09-14 15:39:41 -07:00
Mateusz Mandera a4e77d514b auth: Log details of authentication attempts.
These details are useful to log. This only makes sense for some auth
backends, namely email and ldap backends, because other backends are
"external" in the sense that they happen at some external provider's
server (Google, SAML IdP etc.) so the failure also happens there and we
don't get useful information about what happened.
2021-09-14 15:39:41 -07:00
Mateusz Mandera 5d54cd1041 tests: Use a HttpRequest object in assert_login_failure.
Our convention is to always have authenticate() called with a request
object. We need to be consistent with that in tests too, to avoid test
failures resulting from breaking that assumption.
We modify assert_login_failure to call client.login() in the same way as
the other similar helpers - with a properly initialized HttpRequest
instance.
2021-09-14 15:39:41 -07:00
Tim Abbott e7c62c4190 stream_data: Rephrase descriptions of stream permissons.
The previous phrasing used incorrect terminology (E.g. "stream
members", not "stream subscribers", which is really confusing given
that we have a "member" role which is also relevant in this text).
2021-09-14 11:29:32 -07:00
Aman Agrawal 7c8e19758a stream_data: Add web_public as a stream privacy mode.
Show web_public descriptions for web public streams.

(Temporarily limited to development environments, since this feature
is not available yet).
2021-09-14 11:12:47 -07:00
Aman Agrawal 354491d037 models: Add is_web_public property to Realm model.
This will allow us easily know if a realm has web_public
enabled or not.
2021-09-14 10:33:53 -07:00
Aman Agrawal 5a2a787b76 user_passes_test: Extract zulip_redirect_to_login from it.
This function will be re-used to
setup redirect logic in home view.
2021-09-14 10:33:53 -07:00
Aman Agrawal dff4ab0daf spectators: Add comments and assertions on security model.
These tweaks help make reasoning about the spectators security model
easier to understand.
2021-09-14 10:33:14 -07:00
Mateusz Mandera d1d0e484ea docs: Fix Entity ID values in instructions in saml-authentication.md.
The Entity ID for zulipchat.com is `https://zulipchat.com` currently.
Some of these errors happened in the big zulipchat->zulip rename commit
71078adc50, then it was repeated in
10d356d2de and there was also some
confusion when coming up with the instructions for Keycloack in
10d356d2de. Client-ID value in Keycloack
is the expected Issuer for SAMLRequests and thus needs to match our
Entity ID.
2021-09-14 10:23:32 -07:00
Anders Kaseorg 18891a84c3 Vagrantfile: Move inline provision script to a separate file.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-14 10:22:48 -07:00
Anders Kaseorg 19a7e24f1f Vagrantfile: Remove workarounds for ancient Vagrant bugs.
Vagrant 2.2.6 is the earliest version with the Docker usability test
fix, and is also conveniently the version in the Ubuntu 20.04
repository.  Users with older versions will get a friendly error
message from ‘Vagrant.require_version’ (and can install an updated
Vagrant from upstream).

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-14 10:15:06 -07:00
Sahil Batra cc65ed103c settings: Use correct object in notification settings template.
In commit 40f4316, we changed the code to pass user settings
with settings_object variable, but this change was missed
during rebasing.
2021-09-14 10:13:44 -07:00
Jonny Tran 87cd743f99
settings_overlay: Change privacy icon to a lock.
This avoids duplication with the `fa-user` for the user's profile, and is also just
more intuitive for account/security settings.

Fixes #19737.
2021-09-14 10:13:16 -07:00
Rohitt Vashishtha 9299ad7843 styles: Remove incorrect css block for datepicker input.
This block didn't work consistently across .night-mode and
.color-scheme-automatic classes, and the default style for
this field already works for the day and night themes both.
2021-09-13 17:12:49 -07:00
Rohitt Vashishtha ddcea9c64b postcss: Cleanly import flatpickr dark theme.
We add postcss-import for night_mode.css only. This plugin inlines
the imports of external files, instead of letting the file go via
our usual webpack toolchain.

We do this so that we can use the postcss-prefixwrap plugin to scope
the third-party CSS properly and use it inside our night-mode class.

Fixes #10607.

[anders@zulip.com: Replace postcss-wrap with postcss-prefixwrap.]

Co-authored-by: Anders Kaseorg <anders@zulip.com>
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-13 17:12:49 -07:00
Rohitt Vashishtha 62188e8036 postcss: Convert plugins object to an array.
Since order matters for plugins, its better to use the Array syntax
to pass plugins to the PostCSS instead of Object.

This also allows us to reliably add more plugins programatically if
we so choose.

[anders@zulip.com: Adjust to work with postcss-cli.]

Co-authored-by: Anders Kaseorg <anders@zulip.com>
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-13 17:12:49 -07:00
Anders Kaseorg 9bed17e0ab install-node: Upgrade Node.js from 14.17.5 to 14.17.6.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-13 10:12:43 -07:00
Anders Kaseorg dadacc38a8 dependencies: Upgrade JavaScript dependencies.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-13 10:12:43 -07:00
Anders Kaseorg 04075201a0 dependencies: Upgrade webpack-dev-server to 4.2.0.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-13 10:12:43 -07:00
Anders Kaseorg 2fe1ece3a6 run-dev: Discard Transfer-Encoding header from upstream response.
When the upstream provides a chunked response, proxying this header
causes a protocol-level miscommunication.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-13 10:12:43 -07:00
Anders Kaseorg d840d80ed4 tsconfig: Enable noImplicitOverride.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-13 10:10:34 -07:00
Anders Kaseorg cf6515c774 test-js-with-puppeteer: Remove bogus CHROMIUM_EXECUTABLE variable.
This environment variable is not a thing and has never been a thing,
while the path it purportedly pointed to does not exist and has never
existed.  It appears to have been inexplicably both cargo-culted and
renamed from test-js-with-casper.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-13 10:10:13 -07:00
Sahil Batra 2bbbcf0f15 help: Update notification related help pages as per new UI.
This commit updates the headings used in notification
related pages as per the updated headings after 14e383ad7a,
60112405ba, and 6651842dc.
2021-09-13 10:07:36 -07:00
Sahil Batra 0c11ced0a0 settings: Refactor settings_display.js to use settings_object variable.
This commit changes the settings_display.js code to reference the
user_setings object using settings_object variable. This will help
to easily use the same code for realm-level defaults where instead
of user_settings realm_user_settings_defaults object will be used.
2021-09-13 08:32:31 -07:00
Sahil Batra 40f4316972 settings: Pass user settings using settings_object variable.
Instead of passing user settings directly as user_settings
variable to the settings templates, we pass them using
settings_object variable.

This change is important so that we can use the exisiting
display_settings and notification_settings template for
realm-level default settings by passing realm-level
settings using settings_source variable.
2021-09-13 08:32:31 -07:00
Sahil Batra afeb4b2113 settings: Add condition for time and default language settings UI.
We would have the UI for default language and time settign only for
user settings for now and not for realm-level settings because we
still need to migrate the backend to support the new model and will
be done in further commits.
2021-09-13 08:32:31 -07:00
Sahil Batra cb9109dccf templates: Add condition for showing stream notification settings.
We need to show the stream-specific notification settings only in
user notification settings and not for realm-level default settings.
This commit is a prep commit and adds a condition to make sure that
stream-specific settings are shown only for user-settings.
2021-09-13 08:32:31 -07:00
Jonny Tran e682152e98 lightbox: Fix alignment of x button in image view menu.
Fixes #19711.
2021-09-13 08:31:11 -07:00
Sahil Batra 6651842dc6 settings: Split email notification settings.
This commit splites email notification settings in two
parts - one with heading "Email message notifications"
containing batchning period, message-content and
organization-name settings and the other with heading
"Other emails" containing login, digest and marketing
emails settings.

Fixes #19717.
2021-09-12 16:43:55 -07:00
Sahil Batra 60112405ba settings: Restructure 'Personal settings > Notifications' section.
We remove the 'Other notification settings' heading and increase the
font size of 'Desktop message notifications' and 'Mobile message
notifications' headings as these are now on the same level with
'Notification triggers' heading.

We also add status elements to show saving indicator along the mobile,
desktop and email headings which was previously shown with the
"Other notification settings" heading.
2021-09-12 16:43:55 -07:00
Sahil Batra 14e383ad7a settings: Rename headings in notification settings UI.
This commit renames 'desktop' and 'mobile' headings in
notification settings UI to 'desktop message notifications'
and 'mobile message notifications' respectively.
2021-09-12 16:43:55 -07:00
Riken Shah fbf5c41a56 buddy_list: Show still image for animated emojis.
This commit changes the behavior of how we show
animated emojis in the buddy list. We now show still
image of animated emoji and when hovered show the
animated emoji.

Fixes #19521
2021-09-12 16:24:29 -07:00
Riken Shah 8c31e6f96e emoji: Add backend changes to support still image for animated emojis.
Now, when we add a custom animated emoji to the realm
we also save a still image of it (1st frame of the gif). So
we can avoid showing an animated emoji every time.
2021-09-12 07:13:04 +00:00
Anders Kaseorg 729f70142f populate_db: Fix naive datetime RuntimeWarning.
Fixes these warnings from populate_db:

/srv/zulip-py3-venv/lib/python3.6/site-packages/django/db/models/fields/__init__.py:1419: RuntimeWarning: DateTimeField Draft.last_edit_time received a naive datetime (2021-09-10 23:33:15.063608) while time zone support is active.
  RuntimeWarning)
/srv/zulip-py3-venv/lib/python3.6/site-packages/django/db/models/fields/__init__.py:1419: RuntimeWarning: DateTimeField Draft.last_edit_time received a naive datetime (2021-09-10 23:33:15.065517) while time zone support is active.
  RuntimeWarning)

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-10 17:02:50 -07:00
Tim Abbott e5c1b8e614 confirmation: Avoid fetching time twice creating confirmation link.
This avoids a quirk where the expiry date would be a few microseconds
before the time that would be expected from the creation timestamp.
2021-09-10 16:55:32 -07:00
Mateusz Mandera ad188130ba do_send_confirmation_email: Make invite_expires_in_days optional.
create_confirmation_link has validity time as an optional argument,
because it has reasonable defaults. Thus it's a better API for
do_send_confirmation_email to make this optional as well, allowing
relying on create_confirmation_link's defaults.
2021-09-10 16:53:03 -07:00
Mateusz Mandera bea9205c4a create_confirmation_link: Turn some args into kwargs-only. 2021-09-10 16:53:03 -07:00
Mateusz Mandera 3205f680c1 do_invite_users: Turn some args into kwargs-only. 2021-09-10 16:53:03 -07:00
shanukun 8c1ea78d7d invite: Extend invite api for handling expiration duration.
This extends the invite api endpoints to handle an extra
argument, expiration duration, which states the number of
days before the invitation link expires.

For prereg users, expiration info is attached to event
object to pass it to invite queue processor in order to
create and send confirmation link.
In case of multiuse invites, confirmation links are
created directly inside do_create_multiuse_invite_link(),

For filtering valid user invites, expiration info stored in
Confirmation object is used, which is accessed by a prereg
user using reverse generic relations.

Fixes #16359.
2021-09-10 16:53:03 -07:00
Mateusz Mandera 9caa71c7fd confirmation: Migration to add expiry_date - last step.
With the previous steps, all Confirmation objects should have been
migrated and the expiry_date field is being used for checking
confirmation validity - so all that's left is to set the NOT NULL
constraint on the column.
2021-09-10 16:53:03 -07:00
Mateusz Mandera de5fc7826b confirmation: Use expiry_date to verify validity. 2021-09-10 16:53:03 -07:00