Commit Graph

28863 Commits

Author SHA1 Message Date
Vishnu Ks 6e15d4efc7 requirements: Upgrade Markupsafe to 1.1.0. 2018-11-09 10:17:55 -08:00
Vishnu Ks 90491692b7 requirements: Upgrade imagesize to 1.1.0. 2018-11-09 10:17:55 -08:00
Vishnu Ks c73eb25c83 requirements: Upgrade httpretty to 0.9.6. 2018-11-09 10:17:55 -08:00
Vishnu Ks ed973ebc71 requirements: Upgrade django-two-factor-auth to 1.8.0. 2018-11-09 10:17:55 -08:00
Vishnu Ks d039ef871b requirements: Upgrade disposable-email-domains to 0.0.37. 2018-11-09 10:17:55 -08:00
Vishnu Ks 5ec9eb819b requirements: Upgrade certifi to 2018.10.15. 2018-11-09 10:17:55 -08:00
Vishnu Ks 1789cbea30 requirements: Upgrade beautifulsoup4 to 4.6.3. 2018-11-09 10:17:55 -08:00
Vishnu Ks 70a426c7ce requirements: Upgrade argon2-cffi to 18.3.0. 2018-11-09 10:17:55 -08:00
Vishnu Ks 1d11fc578e requirements: Upgrade albaster to 0.7.12. 2018-11-09 10:17:55 -08:00
Shubham Dhama d5e1e8e5e3 settings: Move deactivate account button under "User settings".
This moves the deactivate account which was previously placed under
"SETTINGS / YOUR ACCOUNT" -> "Deactivate account" to "SETTINGS / YOUR
ACCOUNT" -> "User settings" for making it more visible.
2018-11-08 22:27:22 -08:00
Roman Godov aa3682f9fc api: Add GET /user_groups documentation.
This documents our GET endpoint for interacting with Zulip's user
groups feature.

Fixes #10298.
2018-11-08 22:19:30 -08:00
Tim Abbott 8c8cb725bf api: Clarify slack-format outgoing webhook docs.
The previous discussion was confused about the fact that Slack sends
the outgoing webhook requests, not receives them.
2018-11-08 22:13:15 -08:00
Eeshan Garg 5c8b774628 outgoing-webhooks.md: Document example endpoint responses. 2018-11-08 22:07:56 -08:00
Eeshan Garg 10570d508f tools/lint: Fix JSON lint pattern for spaces after ':'.
Previously, a string ending in "... 😄" was reported as an
error and the linter complained that there should be a space
after the last ':'. This commit changes the pattern so that the
linter only checks for colons that are preceded by an opening
double-quote (").
2018-11-08 22:07:56 -08:00
Tim Abbott 106e5c3ed9 docs: Further document tokenized noreply email addresses.
We should still extend email.html to explain the security issue a bit
more clearly, since the article we link to is super long.
2018-11-08 15:26:21 -08:00
Tim Abbott e88998e6d4 import: Fix buggy handling of avatars in Slack conversion.
This was a pretty nasty error, where we were accidentally accessing
the parent list in this inner loop function.

This appears to have been introduced as a refactoring bug in
7822ef38c2.
2018-11-08 15:03:39 -08:00
Roger Souza 6179bba2bd emails: Add one-click unsubscribe link to new login emails.
Fixes: #10547.
2018-11-08 14:39:33 -08:00
Tim Abbott 17be6e9165 confirmation: Move one_click_unsubscribe_link out of notifications.py.
This helps prevent a problematic import sequence when we start using
it from signals.py.
2018-11-08 14:39:33 -08:00
Nolan Darilek 33c2bbf0f1 accessibility: Make another reactions button semi-accessible. 2018-11-08 14:10:48 -08:00
Nolan Darilek 95781c913d accessibility: Hide non-actionable profile image from screen readers. 2018-11-08 14:10:11 -08:00
Nolan Darilek bec0336092 accessibility: Add navigation roles for sidebars. 2018-11-08 14:04:51 -08:00
Steve Howell cd4d447d90 Minor: change message.subject -> message.topic_name().
This also allows us to lock down
push_notifications.py from using "subject"
in the future.
2018-11-08 16:34:30 +00:00
Steve Howell ff9a6c5ced minor: Rename subject -> topic_name in bugdown. 2018-11-08 16:21:14 +00:00
Steve Howell 70c16ddbcc lint: Prevent "subject" more aggressively.
We now prevent adding "subject" to any code in
zerver/lib, unless you specifically exempt it.

The new set called `FILES_WITH_LEGACY_SUJECT`
is also has comments that give a roadmap of what
to fix.
2018-11-08 15:33:36 +00:00
Steve Howell e802be0fde Remove "subject" in notifications.py.
These last few are all pretty safe.
2018-11-08 15:12:10 +00:00
Steve Howell 39dc5f2691 Rename recipient_subject to bucket.
The various vars here that had recipient_subject
in the name now have either bucket or bucket_tup
there.

The shorter names are a bit easier to read, and the
original names were misleading for the PM case.

This was basically two search/replaces, and we have
good test coverage here, so it's pretty low risk
despite the messy diff.
2018-11-08 14:59:09 +00:00
Steve Howell 226a2826b5 Remove "subject" from zerver/lib/message.py.
We also lock this down file in the linter, so
that you can no longer introduce "subject"
to `message.py`.
2018-11-08 14:45:16 +00:00
Steve Howell 592dd290b2 Avoid "subject" in MessageDict. 2018-11-08 14:33:44 +00:00
Steve Howell 881e046c37 minor: Use TOPIC_NAME constant for "subject" event. 2018-11-08 14:01:45 +00:00
Rishi Gupta 2e89ffb0e2 billing: Make it easier to access /billing in tests. 2018-11-07 22:18:54 -05:00
Rishi Gupta 9b6b842f00 billing: Merge test_billing_home into test_initial_upgrade. 2018-11-07 22:18:54 -05:00
Tim Abbott 0e2f360177 security: Remove discussion of how other SaaS providers work.
While from my anecdotal experience, it is accurate that at many SaaS
providers, dozens or even hundreds of engineers have access to
production infrastructure, the "essentially all" statement isn't true
(not sure how that got added), and in any case, there aren't great
public sources we can cite to educate folks who might think Silicon
Valley startup practices are better than they actually are.
2018-11-07 16:14:29 -08:00
Steve Howell d05f731c1c Eliminate the use of arguments.db_data.
We now attach zulip_db_data to the markdown engines
for classes that need it.  This was the last remaining
global we had, so we remove `arguments.py` here.
2018-11-07 10:44:49 -08:00
Steve Howell b66304e167 refactor: Pass db_data down to helpers.
This mostly preps for the next commit.
2018-11-07 10:44:49 -08:00
Steve Howell fa6f642c9c refactor: Remove global argument.current_realm. 2018-11-07 10:44:48 -08:00
Steve Howell e1113c7011 refactor: Remove the global arguments.current_message.
The Markdown processor makes it fairly simple for
the helper classes to access the `md` engine.  We
now write `_md_engine.zulip_message` to avoid having
the current message in the global namespace.

Note that we do reuse engines for multiple messages,
but each engine is specific to a realm.  And we therefore
avoid even the theoretical possibility of leaking message
data between realms.
2018-11-07 10:44:48 -08:00
Steve Howell ab24cc2535 minor: Pass in arguments.current_message to helpers. 2018-11-07 10:44:48 -08:00
Steve Howell c26768ea63 bugdown: Import nl2br and tables extensions "normally".
This makes us consistent with how we import codehilite.

Using Python's normal import mechanism avoids some overhead
with Markdown having to parse dotted notation.

These modules are tiny, so they shouldn't impact startup
too much.  Also, by explicitly importing them, we avoid
the pitfall of having a sucessful startup and a broken
renderer.
2018-11-07 10:44:48 -08:00
Steve Howell c8a2081526 bugdown: Break out helper functions for extending bugdown.
These will make profiling a lot easier, and you
can also quickly disable features.  The overhead
of these function calls is dwarfed by other concerns.
2018-11-07 10:44:47 -08:00
Steve Howell ffa4daf936 bugdown: Reduce overhead of building link regexes.
We were building the same link regex every time
we build a Markdown engine, which happens twice
per realm.  It's an expensive operation due to
the complexity of the regex and us reading a file.
2018-11-07 10:33:11 -08:00
Steve Howell 18a76c54de bugdown: Extract build_engine.
This separates out the main job of building
an instance of Markdown from the fairly orthogonal
task of maintaining a list of engines.
2018-11-07 10:33:11 -08:00
Steve Howell eb2269c614 fenced_code: Refactor to avoid nested classes.
Nested classes are kind of expensive in Python,
particularly when you throw in mypy annotations.

Also, flatter is arguably better, although it is
kind of a pain here not to have closures.
2018-11-07 10:33:11 -08:00
Steve Howell dfadbcd3bc bugdown: Avoid ORM when there are no group names.
This change avoids hitting the Django ORM when
we don't find any possible group mentions in
the message content.

Django doesn't necessarily actually hit the database,
but it's still slow and shows up in profiles.
2018-11-07 10:33:11 -08:00
Steve Howell 88f50b97fd import: Render content before inserting messages.
By rendering content before bulk importing messages,
we avoid O(N) database hops.
2018-11-07 10:33:11 -08:00
Steve Howell bf3f7d93d0 Simplify params for fix_message_rendered_content. 2018-11-07 10:33:11 -08:00
Steve Howell 0878d86706 import: Avoid unnecessary Message lookups.
We now no longer go the DB to get a Message object
during render.
2018-11-07 10:33:11 -08:00
Steve Howell 1e12b13a56 import: Avoid unnecessary sender lookups.
This commit speeds up the import by avoiding
sender lookups and instead using the data
for users that we already have in memory.

This avoids a few DB hops, many hops to memcached,
plus some object construction.

We now call do_render_markdown() directly.  This
also makes it more explicit that the import has
never rendered alert words.
2018-11-07 10:33:10 -08:00
Steve Howell 06f8d0af7e refactor: Extract do_render_markdown().
For the import-data codepath, we will call
the extracted function directly in a
subsequent commit.

The do_render_markdown() function has more
required parameters, which allows for more
explicit code and also allows us to flatten
out some logic related to alert words.  (We
just pass in empty sets/dicts as needed).
2018-11-07 10:20:14 -08:00
Steve Howell 35e9e5928f render: Upstream calculation of translate_emoticons. 2018-11-07 10:20:14 -08:00
Tim Abbott b4f2e09b3a node: Fix a compose_actions test.
This was apparently wrong in 207d7a8ee6.
2018-11-07 10:17:43 -08:00