Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
13,829 Commits 28 Branches 142 Tags 698 MiB
Commit Graph

36 Commits

Author SHA1 Message Date
Tim Abbott 7e8f8551de decorator: Change /activity to be gated on is_staff. 
Zulip doesn't previously make use of the standard Django is_staff flag
(in that the Django admin site is disabled), but since conceptually
the /activity page would be part of the Django admin site if we were
using it (i.e. for server-level administrators), it makes sense to key
off of that rather than the previous, fragile, check for the realm
domain name.
 2016-12-13 21:06:27 -08:00
Sidhant Bhavnani 8c0c12c1d9 pep8: Fix E303 violations. 2016-12-02 15:34:11 -08:00
Rafid Aslam 41bd88d5ed pep8: Fix E301 pep8 violations. 
Fix "E301: expected (1 or 2) blank line" pep8 violations.
 2016-11-29 08:51:44 -08:00
Tomasz Kolek d8dee522b6 Fix trello integration by adding handling HEAD confirmation request. 
Previously, we rejected the HEAD requests that the trello integration
uses to check if the server accepts the integration.

Add decorator for returning 200 status code if request is HEAD.

Fixes: #2311.
 2016-11-18 16:27:16 -08:00
reyha 9f8630fed8 tests: Access realms by string_id. 
Replaces get_realm() function by get_realm_by_string_id() function
in zerver/tests.

Fixes #2226.
 2016-11-15 13:32:20 -08:00
sinwar 4582a98c09 tests: Split out ZulipTestCase and WebhookTestCase to a separate file. 
Fixes #1671.
 2016-11-10 19:29:43 -08:00
Umair Khan dd174b537f Django 1.10: Update code according to new get_user function. 
`django.contrib.auth.get_user` function is updated in Django 1.10, due to
which everytime we update the password of the user the password hash changes.
This causes authentication failure. Previously, our code worked correctly
because we use our own session middleware and the `get_user` code had a
conditional statement which allowed our code to bypass the authentication
code.
 2016-11-09 15:26:07 -08:00
Umair Khan fe1ba6f3eb Django 1.10: Deprecate request.REQUEST. 2016-11-04 10:20:24 -07:00
Umair Khan 8ade9e2408 Add tests to check subdomains with auth decorators. 
Fixes: #1870
 2016-10-21 12:21:47 +05:00
Tim Abbott 15f6cc7c84 validate_api_key: Accept the request as an argument. 
This is a prerequisite for checking the subdomain of the request.
 2016-09-27 21:18:29 -07:00
Tomasz Kolek 9197c82d8f Move WebhookTestCase class from test_hooks.py to test_helpers.py. 2016-09-23 10:02:16 -07:00
Steve Howell fd6ee7117f tests: Renamed AuthedTestCase to ZulipTestCase. 2016-08-22 19:07:44 -07:00
Tim Abbott 700e803840 settings: Add new DEBUG_RATE_LIMITING setting. 
This exists primarily in order to allow us to mock settings.DEBUG for
the purposes of rate limiting, without actually mocking
settings.DEBUG, which I suspect Django never intended one to do, and
thus caused some very strange test failures (see
https://github.com/zulip/zulip/pull/776 for details).
 2016-07-29 19:32:02 -07:00
Steve Howell 6937f63fd5 Add client_get() test helper. 2016-07-27 20:49:33 -07:00
Steve Howell 38f2a2f475 Add client_post() test helper. 
This makes us more consistent, since we have other wrappers
like client_patch, client_put, and client_delete.

Wrapping also will facilitate instrumentation of our posting code.
 2016-07-27 20:49:32 -07:00
Eklavya Sharma e28b038f1d Use assert_in_response by fixing line-wrapping in templates. 2016-07-12 17:52:47 -07:00
Eklavya Sharma c98c3d5f8d Re-enable some backend tests on python 3. 2016-07-12 14:06:29 -07:00
Eklavya Sharma d740a87d04 zerver/tests: Use unicode strings. 
* Use unicode strings for strings containing non-ASCII characters.
* Decode response content when text output is expected.
 2016-07-12 14:06:29 -07:00
Eklavya Sharma 73a3c9fa47 On python 3, skip expected failures in backend tests. 2016-07-12 09:27:55 -07:00
Steve Howell c671881713 decorators: Extract is_local_addr(). 2016-07-09 17:58:48 -07:00
Steve Howell 89105e41d7 Added TestInternalNotifyView. 2016-07-09 07:47:12 -07:00
Steve Howell ce14a3551d Added test_get_client_name(). 2016-07-09 07:37:13 -07:00
Steve Howell 69f18c26fc Improve test_api_key_only_webhook_view(). 
This test now covers all lines of api_key_only_webhook_view(),
including the error logic and rate limiting logic.
 2016-07-09 07:37:13 -07:00
Steve Howell 49543b9ec4 Added RateLimitTestCase tests. 2016-07-09 07:37:13 -07:00
Tim Abbott 4cac7bbb32 test_helpers: Refactor login test helpers. 
We now have a separate login helper for the case where the return
value is desired.
 2016-06-27 11:50:43 -07:00
Tim Abbott 45beac7d6c test_decorators: Add test for /json/fetch_api_key. 2016-06-21 16:14:22 -07:00
Tomasz Kolek f8c368c07f Add default-bot during populate_db. 2016-06-21 11:47:38 -07:00
Tomasz Kolek 9ae68ade8b Add is_webhook option to authentication decorats. 
Modified:
authenticated_rest_api_view
authenticated_api_view and validate_api_key.
 2016-06-21 11:47:38 -07:00
Umair Khan 08fbd57245 [i18n] Make error messages translatable. 
Make all strings passing through `json_error` and `JsonableError`
translatable.

Fixes #727
 2016-05-31 07:40:42 -07:00
Tim Abbott 572c69f3c2 Move REQ and friends to their own module. 2016-05-30 11:24:17 -07:00
Tim Abbott 92bec8cfea Merge Zulip 1.3.12 security release. 2016-05-10 11:32:26 -07:00
Tim Abbott 85c64c9f93 zulip_login_required: Add checks for active users and realms. 
Like the recent change blocking JSON endpoints for deactivated users
and users in deactivated realms, this change is a hardening
improvement.  Those users should be unable to get an active session
anyway, but if somehow one is leaked, this means they won't be able to
access any user data.
 2016-05-10 09:50:57 -07:00
Tim Abbott 38c82083de Add test suite for deactivated users. 2016-05-10 09:50:57 -07:00
Tim Abbott df7466e893 Add test suite for deactivate realms. 2016-05-10 09:50:57 -07:00
Tomasz Kolek c2de38239e Add payload validation to has_request_variables and REQ tasks. 
[with tweaks by tabbott]
 2016-05-07 11:54:09 -07:00
Tim Abbott be96cf809d Move Zulip backend tests to zerver.tests. 2016-04-11 22:16:09 -07:00