Commit Graph

34896 Commits

Author SHA1 Message Date
Mateusz Mandera 6e4dcc714e auth: Fix bug in backend configuration checks in start_social_login.
We shouldn't check if *every* backend in the backends list is
configured, but only the one the user is attempting to log in with.
2020-03-01 22:30:38 -08:00
Steve Howell 4fba227898 backend tests: Test include_all_active for streams.
We were only checking error handling before, not
the happy path.  The structure of the code
made it so that we effectively tested most of the
logic for this use case (since all the other flags
are sort of just filters on top of this), but
obviously we want explicit coverage here.  Also,
we weren't testing the is-admin-but-not-api-super-user
error checking until this commit.
2020-03-01 07:49:38 -05:00
Steve Howell d1d0b415f1 i18n: Rename translations.js to i18n.js.
The file populates `windows.i18n`, so now
the file name matches our convention.

Note that the module really just initializes
`i18next` and then does this:

    window.i18n = i18next;

It doesn't really add any functionality to
third party library.
2020-02-29 12:19:51 -08:00
Steve Howell e67be55152 node tests: Actually test `translations.js`.
Before this test, we were validating the behavior
of `i18next`, but we weren't validating our light
layer that sits on top of `i18next`, which currently
resides in the slightly misnamed `translations.js`
file.

The translations module is now so small that I'll
just quote it verbatim here:

    import i18next from 'i18next';

    i18next.init({
        lng: 'lang',
        resources: {
            lang: {
                translation: page_params.translation_data,
            },
        },
        nsSeparator: false,
        keySeparator: false,
        interpolation: {
            prefix: "__",
            suffix: "__",
        },
        returnEmptyString: false,  // Empty string is not a valid translation.
    });

    window.i18n = i18next;

We now just do `zrequire('translations')` to initialize
the `i18next` library, which allows us to have simpler
test setup and to actually exercise the above call to
`i18next.init`.

This change now gives us 100% line coverage of `translations.js`,
which of course isn't that hard to acheive (see above).
2020-02-29 12:19:51 -08:00
Steve Howell 1abd00eac2 i18n: Remove code to sweep local storage.
Before 2018, we used a feature of i18next where
we would cache translations in local storage
for up to two weeks:

    var cacheOptions = {
        // ...
        prefix: 'i18next:' + page_params.server_generation + ':',
        expirationTime: 2*7*24*60*60*1000,  // 2 weeks
    };

    i18next.init({
        /// ...
        cache: cacheOptions
    }

Because `server_generation` would change each time you
upgraded a server, a frequently upgraded server like
chat.zulip.org would cause its active users to start
to accumulate lots of obsolete key/value pairs in local
storage over the two weeks.

See #4443 for more details.

We eventually reduced the cache life to 2 days.  And then
on top of that, newer versions of the server would start
to clean up after themselves using this commit from
April 2017:

    e3f1d025ae

We then removed the caching option altogether a year
later in May 2018:

    cff40c557b

We kept around the code to remove all the old keys, though.
This was particularly important for users who may have
been hitting servers that did an upgrade to the new
version from some older version that didn't have the
key-fixing code.

But mostly the problem takes care of itself after
either two days or two weeks, even on really out-of-date
servers.

The original problem was most likely to affect server
admins that did a lot of upgrades (and possibly only really
affected chat.zulip.org), so as long as those server
admins continued their patterns, it's highly likely that
they've done several upgrades since May 2018 that would
have cleaned these keys out for good.

And, again, even if there is some strange straggler here,
they probably only have one set of keys that will expire
either two days or two weeks after an upgrade, depending
on how long ago the prior upgrade was.  (All of their
keys based on older versions of `server_generation` would
have long since expired.)

Finally, any upgrade certainly won't make the problem
worse for any users under this hypothetical situation,
since the new server won't be writing new keys.

So I am removing the cleanup code.
2020-02-29 12:19:51 -08:00
Tim Abbott 6c74af4c06 docs: Document our stable release branches.
The experiment with the published 2.1.x tpye branches has been going
well, so we should document the feature.
2020-02-29 11:50:44 -08:00
Steve Howell 979dcfe85b refactor: Extract settings_data.py.
This extracts a new module with three
functions, which we will test with 100%
line coverage:

    - show_email
    - email_for_user_settings
    - get_time_preferences

The first two break several dependencies
in the codebase on `settings_org.js`.  The
`get_time_preferences` breaks an annoying
dependency on `page_params` within people.

The module is pretty cohesive, in terms that
all three functions are just light wrappers
around `page_params` and/or `settings_config`.

Now all the modules that want to call show_email()
only have to require `settings_data`, instead of
having a dependency on the much heavier
`settings_org.js` module.

I also make some of the unit tests here be more
full-stack, where instead of stubbing show_email,
I basically just toggle `page_params.is_admin`.
2020-02-28 17:11:24 -08:00
Steve Howell b994889315 node tests: Just set i18n every time.
Explicitly stubbing i18n in 48 different files
is mostly busy work at this point, and it doesn't
provide much signal, since often it's invoked
only to satisfy transitive dependencies.
2020-02-28 17:11:24 -08:00
Steve Howell 588fa9d150 node tests: Make i18next more explicit in i18n tests.
We are actually testing i18next somewhat directly in
this test, so we clean up some names in the file.

We'll address filenames in another commit.
2020-02-28 17:11:24 -08:00
Mateusz Mandera 2d55c7e0d5 home: Don't assume user agent header is set for insecure_desktop_app.
The header may not be set - this leads to CI failures on 2.1.x branch,
but in any case is a real bug.
2020-02-28 16:51:23 -08:00
Chris Bobbe 23ba2b63c5 push_notifications: In dev, make APNs or GCM config suffice. 2020-02-28 16:49:35 -08:00
Steve Howell 504ec9d489 typing: Remove recipient-related complexity.
For historical reasons we were creating Recipient
objects at some point in the typing-notifications
codepath.  Now we just work with UserProfiles.
This removes some queries, as indicated by
the change to `len(queries)` in a couple of the
tests.

The one subtle thing that changes here is huddles.
If user 10 sends a typing notification that they
are talking to users 20 and 30, there might not
actually be a huddle for users 10/20/30, but
we were actually creating huddles on the fly!
There is no need to create huddles just for
typing notifications, since we don't even
share huddle ids with our clients.  The clients
just infer the huddles.

Some of the code that gets killed off here as
somewhat "collateral damage" is some
defensive code related to formerly supporting streams
in typing indicators.  The support for streams
was killed off almost as soon as we released
the feature, and the codepath is pretty clearly
user-centric at this point.
2020-02-28 12:46:20 -08:00
Steve Howell f224f215c1 refactor: Simplify handling of emails for typing endpoint.
Instead of duplicating code for the email case, just
convert emails to user_ids and then run the same code.
2020-02-28 12:39:36 -08:00
Steve Howell bed6d5a789 typing: Inline check_typing_notification.
I actually like this pattern:

    def check_send_typing_notification(...):
        typing_notification = check_typing_notification(...)
        do_send_typing_notification(...)

It can help divide responsibilities nicely and make it easy
to write detailed unit tests against each of the two helpers.

Unfortunately, the good things didn't really happen here, and
instead we got the worst aspects of the pattern:

    - The responsibilities for validation leaked into
      the second function.

    - Both functions were doing sane things individually
      that became not-so-sane in the big picture (namely,
      we ended up making Recipient objects for no reason,
      but if you read each of the helpers, it was just one
      step that seemed reasonable).

    - Passing around dictionaries for results can be annoying.

Also, the pattern made a lot more sense when the validation
for typing was a lot more complicated.  My prior commit makes
it so that we only ever deal with a list of user_ids.

Anyway, now I'm inlining it. :)

Subsequent commits will clean up the more substantive issue
here, which is that we are building Recipients for no reason.
2020-02-28 12:39:36 -08:00
Steve Howell b26f2dcd4b typing: Deprecate emails in typing endpoint.
The only clients that should use the typing
indicators endpoint are our internal clients,
and they should send a JSON-formatted list
of user_ids.

Unfortunately, we still have some older versions
of mobile that still send emails.

In this commit we fix non-user-facing things
like docs and tests to promote the user_ids
interface that has existed since about version
2.0 of the server.

One annoyance is that we documented the
typing endpoint with emails, instead of the
more modern user_ids, which may have delayed
mobile converting to user_ids (and which
certainly caused confusion).  It's trivial
to update the docs, but we need to short
circuit one assertion in the openapi tests.

We also clean up the test structure for the
typing tests:

    TypingHappyPathTest.test_start_to_another_user
    TypingHappyPathTest.test_start_to_multiple_recipients
    TypingHappyPathTest.test_start_to_self
    TypingHappyPathTest.test_start_to_single_recipient
    TypingHappyPathTest.test_stop_to_another_user
    TypingHappyPathTest.test_stop_to_self

    TypingValidateOperatorTest.test_invalid_parameter
    TypingValidateOperatorTest.test_missing_parameter

    TypingValidateUsersTest.test_argument_to_is_not_valid_json
    TypingValidateUsersTest.test_bogus_user_id
    TypingValidateUsersTest.test_empty_array
    TypingValidateUsersTest.test_missing_recipient

    TypingValidationHelpersTest.test_recipient_for_user_ids
    TypingValidationHelpersTest.test_recipient_for_user_ids_non_existent_id

    TypingLegacyMobileSupportTest.test_legacy_email_interface
2020-02-28 12:39:36 -08:00
Akash Nimare 97947bc381 desktop: Update desktop app to v4.0.3. 2020-02-28 12:04:18 -08:00
Tim Abbott d79a7a8c35 panels: Show a banner for users with legacy desktop apps.
Users who are using ZulipDesktop or haven't managed to auto-update to
ZulipElectron should be strongly encouraged to upgrade.

We'll likely want to move to something even stricter that blocks
loading the app at all, but this is a good start.
2020-02-28 01:54:46 -08:00
Mateusz Mandera 7db3d4560f do_delete_messages: Archive the messages in bulk.
The test added in this commit shows 37 queries - compared to 181 without
the change to the function. That seems very much worth it.
2020-02-27 23:12:32 -08:00
Mateusz Mandera b4186fb680 do_delete_messages: Remove unused message_ids list. 2020-02-27 23:12:32 -08:00
Wyatt Hoodes 6ed944c761 test_runner: Update database ids to be human readable.
Before the Django 2.x upgrade, the DatabaseCreation
argument took an integer value.  To deal with running
mulitple test instances, we created a random start
range that could count up 100 workers until the next
random id.  Arbitrarily limiting the number of workers
to 100.

Post upgrade, we can now use string values. Enabling
the database + worker numbers to be more readable, as
well as removing the cap on the worker count.
2020-02-27 23:01:29 -08:00
Anders Kaseorg 3d4bf0422f tests: Restore 100% coverage for server_events_dispatch.js.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-02-27 18:29:24 -08:00
Tim Abbott 82fa72f08a emoji_picker: Improve logging for invalid emoji names.
This should help us properly investigate a bug likely involving users
clicking on emoji reactions whose name->codepoint mapping has changed.
2020-02-27 17:41:45 -08:00
Tim Abbott 9810327aad channel: Ignore error responses when reloading too. 2020-02-27 17:41:45 -08:00
Tim Abbott 9b8240c436 server_events: Only rerender stream settings if open.
This follows the convention of other code calling into
add_sub_to_table of checking whether the stream settings overlay is
open (and thus in the DOM) before trying to rerender it.
2020-02-27 17:41:44 -08:00
Tim Abbott 8779fad281 popovers: Fix missing string-to-integer conversion.
Found looking at browser exceptions.
2020-02-27 17:40:40 -08:00
Mateusz Mandera bb01c17ead test_settings: Change SOCIAL_AUTH_SUBDOMAIN to 'auth' in tests.
That's a more realistic setting than using 'www.'.
2020-02-27 17:32:08 -08:00
Mateusz Mandera efb3065158 social_auth: Take user to find_account if invalid subdomain is given.
This allows to also clean up some code that's not really useful.
2020-02-27 17:27:55 -08:00
Mateusz Mandera 98a7cd85a2 auth: Fix return type annotations on social auth pipeline functions. 2020-02-27 17:27:55 -08:00
Rohitt Vashishtha 405c4ccc1d casper: Allow running tests interactively.
This allows rerunning tests without shutting down the test-server,
resulting in a faster feedback cycle for debugging casper tests.
2020-02-27 17:24:33 -08:00
Anders Kaseorg 71dd495214 js: Convert _.pluck(a, "key") to item => item.key.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-02-27 17:20:34 -08:00
Tim Abbott fb087c317b docs: Fix changelog typo. 2020-02-27 12:21:30 -08:00
Wyatt Hoodes a283d6e239 message_edit_form: Change topic editing default to `change_later`. 2020-02-27 11:30:11 -08:00
Steve Howell 8804c63f5d feature_flags: Remove clicking_notification_causes_narrow.
This is another one that's been set to true
since 2013.
2020-02-27 11:19:13 -08:00
Steve Howell 12ae53f11a feature_flags: Remove propagate_topic_edits.
This flag has been set to true since 2013.
2020-02-27 11:19:13 -08:00
Anders Kaseorg 7e5c82291f hashchange: Update state.old_hash before returning early.
This fixes a bug where you can’t open the same overlay twice in a row
in IE 11, which doesn’t support HashChangeEvent.oldURL; it was exposed
by commit 05be16e051 (late 2018).

While here, parse the hash from oldURL in a less ad-hoc way.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-02-27 11:14:02 -08:00
Steve Howell 1f156230b0 refactor: Clean up alert_words API.
We add these two functions to the API,
so that we no longer have `alert_words_ui`
using private data from `alert_word`:

    alert_words.has_alert_word()
    alert_words.get_word_list()

And to initialize the data, we have a proper
`initialize` method that is passed in only
the parameters that it needs from `ui_init`.

(We also move the step of deleting `alert_words`
from `page_params` to the `ui_init` module.)

Because it's a bit less cumbersome to initialize
`alert_words`, we now just it directly in the
node tests for `alert_words_ui`.
2020-02-27 11:10:13 -08:00
Steve Howell c32b4d098f ui_init: Pass params to pm_conversations.recent.
This is follow up to da79fd206a

I accidentally skipped over pm_conversations.  Same
ideas as the bigger previous commit--we pass in params
to the initialize function and do the delete cleanup
within ui_init.
2020-02-27 11:10:13 -08:00
Anders Kaseorg 56c03e1311 unread: Convert ids.push(...a) to a loop.
Calling a function with hundreds of thousands to millions of
arguments, depending on the browser, can throw a RangeError.  This was
true of both ids.push(...a) and the [].concat.apply construction that
it replaced in commit 59d55d1e06,
although the old one was less likely to overflow due to bucketing.
Use a loop instead.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-02-27 11:06:49 -08:00
Vaibhav Raj Singh 7822964f28 docs: Replace casperjs.org links.
As CasperJS is deprecated, their website has gone down. Replaced the
broken links with their Wayback Machine counterparts.
2020-02-27 11:03:31 -08:00
Steve Howell 216493aae8 zjsunit: Clear namespace more aggressively.
Let's say you have module hello.js like so:

    // hello.js
    const hello_world = i18n.t('Hello world');
    exports.get_greeting = () => hello_world;

And then two modules like this:

    // apple.js
    const hello = require('hello');

    exports.foo = () => {
        show_greeting(hello.get_greeting());
    };

    // banana.js
    const hello = require('hello');

    exports.foo = () => {
        display_greeting(hello.get_greeting());
    };

The test for apple.js could look like this,
and it won't crash due to the stub:

    set_global('i18n', {t: () => {}});
    zrequire('hello');
    zrequire('apple');

Now let's say your write this broken version
of a test for banana.js:

    zrequire('hello');
    zrequire('banana');

If you run `./tools/test-js-with-node`, the
"banana" test will pass, because while it
does require "hello", it won't actually
*execute* the code that happens at require
time for "hello", because it's already in
the cache.  Here is the code that gets
skipped:

    const hello_world = i18n.t('Hello world');

But then if you try to run the banana test
individually, the above line of code will
cause the test to crash.  And it will crash
even before you actually try to test the
meaningful code here:

    exports.foo = () => {
        display_greeting(hello.get_greeting());
    };

This commit fixes this leak scenario by just
aggressively clearing out things from the
require cache.

This slows tests down by about 10%, which I think
is worth the extra safety here.
2020-02-27 10:21:36 -05:00
Anders Kaseorg 6696fda5b7 styles: Transition closed overlays to visibility: hidden.
This fixes some buggy pointer-events behavior on IE 11, and is
presumably better for performance.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-02-27 07:53:12 -05:00
Tim Abbott b775becc68 docs: Change our security contact to security@.
This has for a while been our only active Google Groups mailing list,
and given that folks will guess security@ as our security contact, we
might as well just standardize on that.

Also tweak some ambiguous text; it wouldn't be appropriate for us to
issue a CVE for e.g. an operational issue only affecting us.
2020-02-26 16:35:29 -08:00
Tim Abbott 2fb967b735 do_update_message: Remove sender field from update_message events.
This field wasn't accessed by any clients and was a less robust
version of the user_id field.  Any client hoping to be interested in
who did message edits should be able to handle working with user IDs
rather than email addresses.
2020-02-26 16:16:01 -08:00
Tim Abbott 588bcb37cf do_update_message: Avoid using a direct query to fetch a Stream.
We have a helper designed for the purpose, and it fixes potentially
misbehavior where the previous code did not do `.select_related()`.
2020-02-26 16:14:34 -08:00
Tim Abbott 49ca7cf717 topic: Add recipient_id to fields for message edit saves.
This is preparation for supporting moving messages between streams in
some cases.

It doesn't actually have any functional effect, since flush_message
clears the message unconditionally anyway.
2020-02-26 16:12:07 -08:00
Steve Howell da79fd206a ui_init: Handle page_params more cleanly.
This cleans up the handoff of page_params
data between ui_init and modules that
take over ownership of page_params-derived
data.

Read the long comment in ui_init for a bit
more context.

Most of this diff is actually test cleanup.
And a lot of the diff to "real" code is
just glorified `s/page_params/params/`
in the `initialize` functions.

One little oddity is that we don't actually
surrender ownership of `page_params.user_id`
to `people.js`.  We could plausibly sweep
the rest of the codebase to just use
`people.my_user_id()` consistently, but it's
not a super high priority thing to fix,
since the value never changes.

The stream_data situation is a bit messy,
since we consume `page_params` data in the
initialize() function in addition to the
`params` data we "own".  I added a comment
there and intend to follow up.  I tried
to mostly avoid the "word soup" by extracting
three locals at the top.

Finally, I don't touch `alert_words` yet,
despite it also doing the delete-page-params-data
dance.  The problem is that `alert_words`
doesn't have a proper `initialize()`.  We
should clean that up and have it use a
`Map` internally, too.
2020-02-26 13:14:09 -08:00
Steve Howell 6d211e359a node tests: Rename voting_widget.js. 2020-02-26 07:19:00 -05:00
Steve Howell e3c9642ca3 node tests: Remove dead code in ui_init. 2020-02-26 07:19:00 -05:00
Steve Howell 5d59e8db49 node tests: Remove dead code for transmit. 2020-02-26 07:19:00 -05:00
Steve Howell c5f0ff1c41 node tests: Remove dead code for stream_events. 2020-02-26 07:19:00 -05:00