Commit Graph

1696 Commits

Author SHA1 Message Date
Tim Abbott 2d4c7b771a reactions: Move legacy endpoint code further down in file.
This helps ensure that new contributors working on the reactions code
read the stuff we use now first.
2017-11-20 15:27:21 -08:00
Tim Abbott 80a2a36dd1 reactions: Rename legacy reactions for greater clarity. 2017-11-20 15:27:21 -08:00
Tim Abbott 25ddba99f6 lint: Ban general use of user_profile.save().
This often can cause minor caching problems.

Obviously, it'd be better if we had access to the AST and thus could
do this rule for UserProfile objects in general.
2017-11-20 10:57:08 -08:00
Vishnu Ks 432c9d3449 email_log: Reset the value of email after email change process.
This commit actually needs only user_profile.save() line
but it's more readable with both the lines.
2017-11-20 10:45:16 -08:00
Tim Abbott c8edbae21c password reset: Fix error message for invalid realm.
This is a lot cleaner than the previous model.

Basically rewritten by Vishnu Ks to actually work :).
2017-11-20 10:34:55 -08:00
Eeshan Garg 9138d3b8d7 integrations: Move integration-specific context to integration_doc.
Instead of populating the context dict with integration-specific
information in render_markdown_path, we now do that in
zerver.views.integrations.integration_doc instead.

Fixes #7401.

Tweaked by tabbott to use cast to handle the typing issues here.
2017-11-19 20:48:46 -08:00
Tim Abbott 18369cb5ad JWT: Fetch the subdomain earlier in the auth code path. 2017-11-17 17:33:28 -08:00
Harshit Bansal d9c2f613e3 api: Add new endpoint for reactions.
This endpoint will allow us to add/delete emoji reactions whose emoji
got renamed during various emoji infra changes. This was also a
required change for realm emoji migration.

This commit was tweaked significantly by tabbott for greater clarity
(with no changes to the actual logic).
2017-11-16 20:52:15 -08:00
Sampriti Panda a696141a25 search: Add more extensive logging for Unicode errors in highlight_string.
Tweaked by tabbott to provide finer-grained logging.
2017-11-16 15:08:16 -08:00
Tim Abbott 054952a44a docs: Update links from codebase to point to ReadTheDocs. 2017-11-16 10:53:49 -08:00
Umair Khan cc76f7deac user-groups: Create check_delete_user_group. 2017-11-15 22:35:43 -08:00
Umair Khan 66179ea295 bulk_add_members_to_user_group: Pass user group.
Previously we passed user group id. If we pass user group, send event is
easier.
2017-11-15 22:35:23 -08:00
Tim Abbott c7a975e4df users: Move check_change_full_name to actions.py.
This avoids an import loop in the next commit, and better matches our
usual code structure.
2017-11-15 17:39:09 -08:00
Tim Abbott 03b4a0240c user_settings: Fix mypy annotations.
While we're at it, convert this to use the Python 3 style, which isn't
prone to this sort of bug.
2017-11-15 17:38:19 -08:00
Brock Whittaker f9f0f356be settings: Add backend storage and interface for night mode.
This allows the night mode setting to be stored in the backend.
2017-11-15 16:36:06 -08:00
Tim Abbott 85844107fd integrations: Remove code for legacy Hubot lozenges.
We no longer display the only model anyway.
2017-11-15 14:04:19 -08:00
rht bafba95eb7 Text-wrap the remaining long lines exceeding 110. 2017-11-15 10:58:03 -08:00
Tim Abbott 5aa6751e7a lint: Fix long lines in newly added features. 2017-11-15 10:58:03 -08:00
Vishnu Ks 36f29764cb emails: Add option to forward mails send in dev env to external email.
Fixes #7085.
2017-11-14 15:27:29 -08:00
Vishnu Ks d2555e8769 api: Add support to change name of default stream groups. 2017-11-14 14:41:42 -08:00
Vishnu Ks 2af249dd5d api: Add description attribute to default stream group. 2017-11-14 14:41:42 -08:00
Vishnu Ks f45ba7de93 api: Pass group id instead of name to default stream group api. 2017-11-14 14:41:42 -08:00
rht a93b7c40a7 zerver: Text-wrap long lines exceeding 110. 2017-11-10 16:29:32 -08:00
Vishnu Ks f44b60a150 Implement API for default stream groups. 2017-11-10 16:05:36 -08:00
Umair Khan b1603d289c user-groups: Add update members API endpoint.
Significantly modified by tabbott to fix some bugs.
2017-11-09 17:35:37 -08:00
Umair Khan a1b894a786 user-groups: Add delete API endpoint.
Significantly modified by tabbott to fix some bugs.
2017-11-09 17:35:30 -08:00
Umair Khan eeaf0f1742 user-groups: Add edit API endpoint.
Significantly modified by tabbott to fix some bugs.
2017-11-09 17:35:22 -08:00
Umair Khan 1bbe84af49 user-groups: Add create API endpoint.
Significantly modified by tabbott for better security structure.
2017-11-09 17:26:14 -08:00
Steve Howell c38996ddde Remove unused force_text import. 2017-11-09 10:32:14 -08:00
Steve Howell 786e90d774 Removed unused imports of force_bytes. 2017-11-09 10:32:14 -08:00
YJDave de67bf81fd org settings: Allow users to delete their message.
Fixes #7049.
2017-11-09 10:20:34 -08:00
rht 88a828dd0c Remove six.moves.urllib usage. 2017-11-09 10:00:00 -08:00
derAnfaenger 19bc55aa45 Fix various typos.
The typos and their corrections were found with the
aid of https://github.com/lucasdemarchi/codespell.
2017-11-09 16:26:38 +01:00
Tim Abbott a8c735e1d2 /api/: Fix some headings. 2017-11-08 13:08:23 -08:00
Eeshan Garg 7c113f0447 api-docs: Render api_url in /api docs.
In templates/zerver/api/main.html, since the current context isn't
passed to render_markdown_path when rendering an article,
render_markdown_path doesn't have the context to render values such
as api_url. This commit makes sure that it does by passing a dict
called api_uri_context to render_markdown_path when rendering an
article.
2017-11-08 01:29:49 -03:30
Steve Howell 4108797218 Eliminate the parse_usermessage_flags interface.
This commit puts the guts of parse_usermessage_flags into
UserMessage.flags_list_for_flags, since it was slightly faster
than the old implementation and produced the same results.
(Both algorithms were super fast, actually.)

And then all callers use the model method now.
2017-11-07 17:48:27 -08:00
Steve Howell ae0b27a7ed Extract messages_for_ids. 2017-11-07 17:48:27 -08:00
Steve Howell 70f2cd2860 De-duplicate is_search logic in get_messages_backend().
The logic to set search_fields was essentially the same for both
sides of the include_history conditional.

Now we have just one code block that sets search_fields, and we
can quickly short-circuit the loop when is_search is False.
2017-11-07 17:48:27 -08:00
Steve Howell c62588c359 minor: Use dict comprehension in get_messages_backend(). 2017-11-07 17:48:27 -08:00
Tim Abbott a8a159c5d2 mypy: Fix variable reuse in streams.py. 2017-11-07 17:48:27 -08:00
rht 296835351d zerver/views: Text-wrap long lines exceeding 110.
Tweaked by tabbott to fix various minor issues.
2017-11-07 17:24:09 -08:00
Rishi Gupta 15b3a8e4ff email change: Use confirmation object user to determine changeability.
Seems like the more logical check. Also, the previous code makes it feel
like there is a potential vulnerability where one could get an email change
object in a realm where email changes are disabled, and then open that link
while logged in to a different realm.

While we're at it, remove the unnecessary check that the user is
logged in when clicking the confirmation link; that creates
unnecessary trouble for users who use multiple browsers.
2017-11-07 16:26:27 -08:00
Rishi Gupta 4fc8aa2b53 email change: Refactor confirmation path for readability.
Removes an assert, which at this point is there just for readability, since
the second argument to
get_object_from_key(confirmation_key, Confirmation.EMAIL_CHANGE)
ensures that the returned object is of the correct type.
2017-11-07 16:02:49 -08:00
Rishi Gupta 6fbb7e8046 email change: Remove confirmation_key.lower() from confirm_email_change.
Not sure why it is here, and it adds confusion.
2017-11-07 16:02:49 -08:00
Rishi Gupta 1823d46236 unsubscribe: Use a custom confirmation error page.
Reverts a bit of 6e02ce8.
2017-11-07 16:02:49 -08:00
rht 14671fc7b9 refactor: Remove six.moves.zip_longest import. 2017-11-07 10:51:44 -08:00
rht 80a8d4f9f3 refactor: Remove six.moves.map import. 2017-11-07 10:46:42 -08:00
rht 549a26860f refactor: Remove six.moves.range import. 2017-11-07 10:46:42 -08:00
rht ec5120e807 refactor: Remove six.moves.zip import. 2017-11-07 10:46:42 -08:00
rht 19bd335cbb Change urllib import to be Python 3-specific. 2017-11-07 10:46:42 -08:00
Steve Howell 8450f0ec69 Register client_gravar=True for the webapp. 2017-11-07 10:42:18 -08:00
Steve Howell 2bbfda041a Support client_gravatar field for event registration.
This commit allows clients to register client_gravatar=True, and
then we recognize that flag for message events.  If the flag is
True, we will not calculate gravatar URLs and let the clients do
it themselves.  (Clients can calculate gravatar URLs based on
emails with just a little bit of code.)
2017-11-07 10:42:17 -08:00
rht 8990b1046d zerver: Remove inheritance from object. 2017-11-06 08:53:48 -08:00
neiljp (Neil Pilgrim) 42f5eea61f mypy: Improve typing of request.pyi (REQ).
This expands request.pyi to type-check the arguments passed into REQ.

Tweaked by tabbott to fix the report.py annotations.
2017-11-04 20:26:03 -07:00
neiljp (Neil Pilgrim) 186181c2a0 mypy: Specify type parameters in convert_term in narrow_parameter. 2017-11-04 19:47:45 -07:00
neiljp (Neil Pilgrim) da97de3370 mypy: Use Dict[Any,Any] for update_realm parameter. 2017-11-04 19:47:45 -07:00
Greg Price 68b0a419ec decorator: Cut a bunch of dead imports of two view decorators.
Saw these when grepping for these two decorators; they're actually
more numerous than the surviving use sites are.  Cut out the noise.
2017-11-04 19:27:00 -07:00
Greg Price 6b9d294873 auth: Set user_activity `query` nicely for several auth views.
This gets used when we call `process_client`, which we generally do at
some kind of login; and in particular, we do in the shared auth
codepath `login_or_register_remote_user`.  Add a decorator to make it
easy, and use it on the various views that wind up there.

In particular, this ensures that the `query` is some reasonable
constant corresponding to the view, as intended.  When not set, we
fall back in `update_user_activity` on the URL path, but in particular
for `log_into_subdomain` that can now contain a bunch of
request-specific data, which makes it (a) not aggregate properly, and
(b) not even fit in the `CHARACTER VARYING(50)` database field we've
allotted it.
2017-11-04 19:27:00 -07:00
Rishi Gupta 5d04e29ac2 confirmation: Add comment for registration.confirmation_key.
I remember being really confused by this function in the past, and I finally
figured it out. It should be removed, and the dev_url added by
00-realm-creation should call a function that just gets the confirmation_key
from outbox like all of the backend tests, but until then this comment
should help.
2017-11-03 15:33:16 -07:00
Rishi Gupta 6e02ce8344 unsubscribe: Use get_object_from_key for confirmation.
This is the only one of the confirmation pathways that wasn't using this
idiom, I think.
2017-11-03 15:33:16 -07:00
Rishi Gupta fdbe36644e confirmation: Add confirmation_type to get_object_from_key.
This change:

* Prevents weird potential attacks like taking a valid confirmation link
  (say an unsubscribe link), and putting it into the URL of a multiuse
  invite link. I don't know of any such attacks one could do right now, but
  reasoning about it is complicated.

* Makes the code easier to read, and in the case of confirmation/views.py,
  exposes something that needed refactoring anyway (USER_REGISTRATION and
  INVITATION should have different endpoints, and both of those endpoints
  should be in zerver/views/registration, not this file).
2017-11-03 15:33:16 -07:00
Harshit Bansal 44bff43c86 actions.py: Rename `do_remove_reaction()` to `do_remove_reaction_legacy()`. 2017-10-31 15:42:35 -07:00
Harshit Bansal 233595b2f7 actions.py: Rename `do_add_reaction()` to `do_add_reaction_legacy()`. 2017-10-31 15:42:35 -07:00
Steve Howell 9689168bf6 Simplify highlight_string logic.
This change avoids some complicated byte arithmetic by
extracting some local variables and being more explicit
about using bytes vs. using strings.
2017-10-31 12:45:58 -07:00
Brock Whittaker 425738fa24 landing-page: Extract /team/ from /about/.
This extracts and creates a /team/ page using the existing
'team.html' template and applying the why-page styling to it.
2017-10-31 11:37:42 -07:00
Sampriti Panda ee61e1be2c search: Fix misaligned highlights due to unicode characters.
tsearch_extras returns search offsets in bytes but our highlight
function treated them as character offsets.  Added a check to subtract
extra bytes if the tsearch search backend is being used.

Fixes #4084.
Fixes #7021.
2017-10-31 09:06:46 -07:00
Greg Price 22e5110789 subdomains: Dedupe out the last copy of Realm.host_for_subdomain.
This makes the affected code somewhat easier to read, and paves the
way for changing this logic to add support for alias domains.
2017-10-30 18:29:29 -07:00
Greg Price eb55a3a1ba template context: Give better names to the URLs for the API.
The "subdomain" label is redundant, to the extent it's even
accurate -- this is really just the URL we want to display,
which may or may not involve a subdomain.  Similarly "external".

The former `external_api_path_subdomain` was never a path -- it's a
host, followed by a path, which together form a scheme-relative URL.
I'm not quite convinced that value is actually the right thing in
2 of the 3 places we use it, but fixing that can start by giving an
accurate name to the thing we have.
2017-10-30 18:29:29 -07:00
Greg Price 7366a4ca7a settings: Eliminate the disused EXTERNAL_API_PATH.
This setting isn't documented at all, and I believe nobody has used it
since the end of api.zulip.com in 2016.  So we get to complete the
cleanup of this logic.
2017-10-30 18:29:29 -07:00
rht c4fcff7178 refactor: Replace super(.*self) with Python 3-specific super().
We change all the instances except for the `test_helpers.py`
TimeTrackingCursor monkey-patching, which actually needs to specify
the base class.
2017-10-30 14:30:25 -07:00
Brock Whittaker 6933d51c0f views/integrations: Change non-generic HelpView to MarkdownDirectoryView.
The HelpView class will render a directory as markdown with an index HTML
page. This however can also be used for other generics and applied to
the API pages as well, so change the class to a generic class and
specify the path templates and names.

Tweaked by tabbott and Eeshan Garg.
2017-10-29 18:15:36 -07:00
Steve Howell 8b012c6210 Extract get_personal_recipient(). 2017-10-28 17:57:39 -07:00
Steve Howell a28841e8aa Extract get_stream_recipient().
Do you call get_recipient(Recipient.STREAM, stream_id) or
get_recipient(stream_id, Recipient.STREAM)?  I could never
remember, and it was not very type safe, since both parameters
are integers.
2017-10-28 17:57:39 -07:00
Steve Howell d132c30c24 Remove `active` parameter from `do_create_user()`.
Almost all callers to do_create_user were trying to
create active users, except for one test.  The
active=False codepath was kind of broken (things
like sending welcome messages had sort of undefined
behavior there), so instead of trying to maintain it,
we just update the one test (`test_people`) to flip the
`is_active` flag manually.

Fixes #7197
2017-10-28 10:32:01 -07:00
Tim Abbott 5b5dffebe7 get_messages_backend: Tweak how search fields are added.
This is a no-op, but makes mypy happier, since previously it wanted to
know the type of the {} we were passing to `.update()`.
2017-10-28 09:58:51 -07:00
Tim Abbott 80a9253f89 attachments: Remove unnecessary use of REQ.
It didn't do anything, because that third argument is actually a
positional argument coming from the URL parsing logic.
2017-10-27 15:18:44 -07:00
Tim Abbott 5467296f60 decorators: Use human_users_only more aggressively. 2017-10-27 15:16:13 -07:00
Tim Abbott 1cd017288d views: Fix imports of REQ/has_request_variables from the wrong place.
These were never in zerver/decorator.py, and so it makes sense to
import them zerver/lib/request.py, mostly for ease of finding things.
2017-10-27 15:07:31 -07:00
Greg Price d9cb606804 oauth: Find a better name for redirect_to_main_site.
This name was way too broad for the rather specific logic
in the actual function.
2017-10-27 14:42:24 -07:00
Greg Price ad551427ed auth: Factor out some uses of EXTERNAL_HOST with ROOT_DOMAIN_URI.
Apart from being less verbose, this makes it more manifest (on e.g. grep)
that we aren't using EXTERNAL_HOST here to construct subdomains.
2017-10-27 14:42:24 -07:00
Greg Price 318682fd52 auth: Use URL rather than cookie to pass signed data cross-domain.
The cookie mechanism only works when passing the login token to a
subdomain.  URLs work across domains, which is why they're the
standard transport for SSO on the web.  Switch to URLs.

Tweaked by tabbott to add a test for an expired token.
2017-10-27 14:42:04 -07:00
Greg Price fad3d56810 views: Move some login code from `registration` to `auth`.
Most of these have more to do with authentication in general than with
registering a new account.  `create_preregistration_user` could go
either way; we move it to `auth` so we can make the imports go only in
one direction.
2017-10-27 14:28:38 -07:00
Henrik Pettersson 09cd47c6ad Add UI for viewing and cancelling open Zulip invitations.
Lets administrators view a list of open(unconfirmed) invitations and
resend or revoke a chosen invitation.

There are a few changes that we can expect for the future:

  * It is currently possible to invite an email that you have already
    invited, it might make sense to change this behavior.

  * Resend currently sends an invite reminder instead of resending the
    original invite, this is because 'custom_body' was not stored when
    the first invite was sent.

Tweaked in various minor ways, primarily in the backend, by tabbott,
mostly for style consistency with the rest of the codebase.

Fixes: #1180.
2017-10-27 13:07:43 -07:00
Tim Abbott 237e3cdca1 registration: Clarify comment on do_activate_user code path. 2017-10-27 11:22:19 -07:00
Vishnu Ks 8c68a167fe backend: Allow Administrators to invite new users as admins.
Tweaked by tabbott to have the field before the invitation is
completed be called invite_as_admins, not invited_as_admins, for
readability.

Fixes #6834.
2017-10-27 11:19:38 -07:00
Steve Howell 65b6676844 minor: Remove unused import (internal_send_message). 2017-10-27 10:48:11 -07:00
Steve Howell 655f37a34b Rename subject_name in send_message_backend(). 2017-10-27 10:48:11 -07:00
rht 45e8ce559d zerver/views: Use python 3 syntax for typing. 2017-10-26 21:58:22 -07:00
Tim Abbott 8e2cdedf9a lint: Fix lines in Python codebase longer than 120 characters. 2017-10-26 17:47:30 -07:00
Tim Abbott b936e8c24b lint: Fix lines in Python codebase longer than 125 characters. 2017-10-26 17:36:54 -07:00
Steve Howell df93a99b50 Cache only one row per message.
Before this change, we populated two cache entries for each
message that we sent.  The entries were largely redundant,
with the only difference being whether we sent the content
as raw markdown or as the rendered HTML.

This commit makes it so we only have one cache entry per
message, and it includes both content and rendered_content.

One legacy source on confusion here is that `content`
changes meaning when you're on the front end.  Here is the
situation going forward:

    database:
        content = raw
        rendered_contented = rendered

    cache entry:
        content = raw
        rendered_contented = rendered

    payload for the frontend:
        content = raw (for apply_markdown=False)
        content = rendered (for apply_markdown=True)
2017-10-26 16:35:28 -07:00
derAnfaenger 1792dcbd09 tests: Call real consume method of queue processors.
This switches to more real tests for a first batch of
queue_json_publish() calls that don't cause trouble when
used with call_consume_tests=True.
2017-10-26 14:58:03 -07:00
Tim Abbott b8658c6901 default stream groups: Use cleaner system for error handling.
Wherever possible, we always want to move checking for error
conditions to the views code, so that we don't need to worry about
handling failures with (in this case) a user that's half-created
because a DefaultStreamGroup doesn't exist.
2017-10-26 11:38:27 -07:00
Vishnu Ks eecdc5bb61 registration: Add option to choose default stream groups.
This effectively implements the feature of default stream groups,
except for a UI, nice styling, etc.

Note that we're careful to not have this do anything in an
organization that doesn't have any default stream groups.
2017-10-26 11:34:06 -07:00
Greg Price 093bae4bc5 subdomains: Fix some implicit uses of "" for the root subdomain.
These are just instances that jumped out at me while working on the
subdomains code, mostly while grepping for get_subdomain call sites.
I haven't attempted a comprehensive search, and there are likely
still others left.
2017-10-26 10:29:17 -07:00
Abhijeet Kaur a88178afaf Embedded bots: Add support for creating embedded bots via the API.
Adds support to add "Embedded bot" Service objects. This service
handles every embedded bot.

Extracted from "Embedded bots: Add support to add embedded bots from
UI" by Robert Honig.

Tweaked by tabbott to be disabled by default.
2017-10-25 16:13:29 -07:00
derAnfaenger d0c0b148b3 bot services: Rename add_outgoing_webhook_service to add_service. 2017-10-25 15:46:07 -07:00
darshanime a14ec17473 dev_login: Don't redirect to realm if it doesn't exist.
Fixes #7132.
2017-10-25 15:13:20 -07:00
Vishnu Ks 1d94119d31 actions: Call send_initial_pms from process_new_human_user. 2017-10-25 14:14:59 -07:00
Tim Abbott 4439dbf781 log_into_subdomain: Fix realm creation on servers using an IP address.
While it's totally fine to put a leading '.' before the cookie domain
for normal hostnames and browsers will just strip them, if you're
using an IP address, it doesn't work, because .127.0.0.1 (for example)
is just invalid, and the cookie won't be set.

This fixes an issue where after installing with an IP address, realm
creation would end with being stuck at a blank page for
/accounts/login/subdomain/.
2017-10-24 14:13:31 -07:00