Commit Graph

109 Commits

Author SHA1 Message Date
Tim Abbott 75e81253f2 mypy: Work around several new mypy bugs in 0.501. 2017-03-04 15:33:39 -08:00
Rishi Gupta 15d60fa7ed Change now() to timezone.now() throughout codebase.
Change `from django.utils.timezone import now` to
`from django.utils import timezone`.

This is both because now() is ambiguous (could be datetime.datetime.now),
and more importantly to make it easier to write a lint rule against
datetime.datetime.now().
2017-02-28 16:03:37 -08:00
Tim Abbott 20f9c04ab5 decorator: Add logging data to zulip_login_required.
This fixes an issue that many logged=in pages such as /stats did not
correctly report either the connecting client or the user in server
logs.
2017-02-20 21:15:44 -08:00
Tim Abbott c9126e772e decorator: Don't block ZulipElectron name in json views.
This fixes the logging of the ZulipElectron client in server logs.
Message sending is still logged as "website"; that will be fixed soon.
2017-02-17 15:19:10 -08:00
Tim Abbott 2bba7755e3 decorator: Improve user agent parsing. 2017-02-10 23:53:44 -08:00
Tim Abbott bc63407e6a decorator: Cleanup api_key_legacy code readability. 2017-02-10 23:53:44 -08:00
Tim Abbott bb5d81281c mypy: Upgrade to new package name and version 0.571.
Fixes #3448.
2017-02-10 23:53:44 -08:00
Tim Abbott 70af09539f Fix unnecessary traceback in authenticated_rest_api_view.
Apparently, we weren't returning the `json_error`, resulting in users
encountering this condition receiving a 500, rather than the proper
40x error.

This fixes a regresion introduced in 9ae68ade8b.
2017-01-29 12:48:10 -08:00
Tim Abbott 4e171ce787 lint: Clean up E126 PEP-8 rule. 2017-01-23 22:06:13 -08:00
Tim Abbott 22d1aa396b lint: Clean up W503 PEP-8 warning. 2017-01-23 20:50:04 -08:00
Tommy Ip 008663abd8 zerver: Fix bare except clause. 2017-01-09 00:38:31 +00:00
Tim Abbott 0847515203 Fix text_type->Type mypy merge conflict error. 2016-12-29 15:03:37 -08:00
Rishi Gupta 7b057392c6 decorator.py: Add to_utc_datetime converter function. 2016-12-29 14:20:13 -08:00
Juan Verhook cfa9c2eaf2 mypy: Update zerver directory to use Text 2016-12-29 09:12:15 -08:00
Tim Abbott 7e8f8551de decorator: Change /activity to be gated on is_staff.
Zulip doesn't previously make use of the standard Django is_staff flag
(in that the Django admin site is disabled), but since conceptually
the /activity page would be part of the Django admin site if we were
using it (i.e. for server-level administrators), it makes sense to key
off of that rather than the previous, fragile, check for the realm
domain name.
2016-12-13 21:06:27 -08:00
nikolay abc2ff4a06 pep8: Fix many rule E128 violations.
[Tweaked by tabbott to adjust some approaches used in wrapping]
2016-12-03 13:33:31 -08:00
bulat22101 adebc75740 pep8: Fix E502 violations 2016-12-03 10:56:36 -08:00
AZtheAsian c23f9e0df7 pep8: Fix E111 violations 2016-12-01 14:18:11 -08:00
Rafid Aslam c5316b4002 lint: Fix E127 pep8 violations.
Fix pep8: E127 continuation line over-indented for visual indent
style issue.
2016-12-01 10:23:55 -08:00
Rafid Aslam 7a2282986a pep8: Fix E225 pep8 violations. 2016-11-28 15:21:15 -08:00
Tomasz Kolek d8dee522b6 Fix trello integration by adding handling HEAD confirmation request.
Previously, we rejected the HEAD requests that the trello integration
uses to check if the server accepts the integration.

Add decorator for returning 200 status code if request is HEAD.

Fixes: #2311.
2016-11-18 16:27:16 -08:00
Umair Khan fe1ba6f3eb Django 1.10: Deprecate request.REQUEST. 2016-11-04 10:20:24 -07:00
Steve Howell 403490a95b annotations: Fix to_non_negative_int(). 2016-10-28 13:48:44 -07:00
Tim Abbott 4a4664d268 mypy: Remove a bunch of now-unnecessary type: ignore annotations.
Since mypy and typeshed have advanced a lot over the last several
months, we no longer need these `type: ignore` annotations.
2016-10-17 11:48:34 -07:00
Tim Abbott b5b00e3a36 subdomains: Enforce subdomain checks on every API endpoint.
This ensures that everything is using the correct subdomain for
requests.  While it probably wouldn't be a real security problem for
the wrong subdomain to work, this enforcement is essential to catching
bugs in the product and users' API scripts.
2016-09-27 23:25:07 -07:00
hackerkid ea39fb2556 Add option for hosting each realm on its own subdomain.
This adds support for running a Zulip production server with each
realm on its own unique subdomain, e.g. https://realm_name.example.com.

This patch includes a ton of important features:
* Configuring the Zulip sesion middleware to issue cookier correctly
  for the subdomains case.
* Throwing an error if the user tries to visit an invalid subdomain.
* Runs a portion of the Casper tests with REALMS_HAVE_SUBDOMAINS
  enabled to test the subdomain signup process.
* Updating our integrations documentation to refer to the current subdomain.
* Enforces that users can only login to the subdomain of their realm
  (but does not restrict the API; that will be tightened in a future commit).

Note that toggling settings.REALMS_HAVE_SUBDOMAINS on a live server is
not supported without manual intervention (the main problem will be
adding "subdomain" values for all the existing realms).

[substantially modified by tabbott as part of merging]
2016-09-27 23:24:14 -07:00
Tim Abbott 15f6cc7c84 validate_api_key: Accept the request as an argument.
This is a prerequisite for checking the subdomain of the request.
2016-09-27 21:18:29 -07:00
Tim Abbott 4840e493b2 decorator: Add missing annotation. 2016-08-04 15:57:03 -07:00
Tim Abbott 700e803840 settings: Add new DEBUG_RATE_LIMITING setting.
This exists primarily in order to allow us to mock settings.DEBUG for
the purposes of rate limiting, without actually mocking
settings.DEBUG, which I suspect Django never intended one to do, and
thus caused some very strange test failures (see
https://github.com/zulip/zulip/pull/776 for details).
2016-07-29 19:32:02 -07:00
Eklavya Sharma 09e4e5aea7 Add links after `type: ignore`s. 2016-07-22 13:59:31 -07:00
Eklavya Sharma 674f6999e1 Improve annotations of decorators. 2016-07-22 11:14:33 -07:00
hackerkid b6620cfa57 Replace UserProfile with HttpRequest in logged_in_and_active. 2016-07-20 20:08:00 -07:00
Tim Abbott 1f4c9eefe4 settings: Extract settings.ZILENCER_ENABLED. 2016-07-19 15:28:41 -07:00
Eklavya Sharma 8c0d7311ac zerver/decorator.py: Use BytesIO to read request.
Use BytesIO instead of StringIO to get a file-like object on the
request's body.
2016-07-15 11:13:33 -07:00
Steve Howell c671881713 decorators: Extract is_local_addr(). 2016-07-09 17:58:48 -07:00
Steve Howell 8e528569a7 Clean up rate_limit() for deployments that opt out.
If settings.RATE_LIMITING is False, short circuit rate
limiting earlier in rate_limit().  This change particularly
avoids inspect request.user and possibly spamming the error
log for sites that don't care about rate limiting.
2016-07-09 17:58:20 -07:00
Steve Howell 3d095beb63 Extracted client_is_exempt_from_rate_limiting(). 2016-07-09 07:37:13 -07:00
Steve Howell c680c6a981 Removed unused to_non_negative_float() function. 2016-07-09 07:37:13 -07:00
Eklavya Sharma 3e9349df4f zerver/decorator.py: Use force_bytes instead of encode.
The value type of request.META is str, not text type.
So use force_bytes on the data instead of encode('utf-8').
2016-07-08 01:24:30 +05:30
Eklavya Sharma 6a63870136 zerver/decorator.py: Correctly encode/decode strings. 2016-07-07 09:52:24 -07:00
Max 9b6205d0ed Annotate zerver/decorator.py. 2016-06-26 08:13:49 -07:00
Tomasz Kolek 9ae68ade8b Add is_webhook option to authentication decorats.
Modified:
authenticated_rest_api_view
authenticated_api_view and validate_api_key.
2016-06-21 11:47:38 -07:00
John Hergenroeder 16a19226f6 Add linter check for redundant REQ whence argument. 2016-06-16 13:53:39 -07:00
Tomasz Kolek 999093b227 Add new is_incoming_webhook bot type.
This type of bot is only able to send messages via webhook endpoints.
2016-06-07 21:23:35 -07:00
Umair Khan 1bfe566c8d [i18n] Make Json error messages translatable. 2016-06-04 18:48:36 -07:00
Umair Khan 08fbd57245 [i18n] Make error messages translatable.
Make all strings passing through `json_error` and `JsonableError`
translatable.

Fixes #727
2016-05-31 07:40:42 -07:00
Tim Abbott 960144a49e Desupport using uninstantiated REQ with has_request_variables.
This makes life difficult for doing static type annotations, and
didn't make the code look that much better anyway.
2016-05-31 07:31:15 -07:00
Tim Abbott 572c69f3c2 Move REQ and friends to their own module. 2016-05-30 11:24:17 -07:00
Tomasz Kolek db7ea8b484 Move getting client to api_key_only_webhook_view.
This decreases the amount of convention developers need to understand
in order to write a new webhook integration.
2016-05-13 12:22:38 -07:00
Tim Abbott 92bec8cfea Merge Zulip 1.3.12 security release. 2016-05-10 11:32:26 -07:00