Commit Graph

16733 Commits

Author SHA1 Message Date
Zixuan James Li 71ab77db9a zilencer: Use more realistic audit log extra_data.
This prepares for the audit log migration which requires us to populate
a JSONField from the extra_data field. "data" is not representative of
the actual extra_data field for RealmAuditLog entries of event types
in SYNC_BILLING_EVENTS.

We intentionally leave the test cases unchanged without bothering to
verify if the extra_data arrives as-is to keep this change minimal.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2023-06-05 17:38:10 -07:00
Mateusz Mandera 06143943d8 migrations: Handle duplicate fk constraint in 0443.
It turns out that for some some deployments, there exists a second,
duplicate, foreign key constraint for user_profile_id. The logic below
would try to rename both to the same name, which would fail on the
second:

```
psycopg2.errors.DuplicateObject: constraint "zerver_userpresenceo_user_profile_id_d75366d6_fk_zerver_us" for relation "zerver_userpresence" already exists
```

Eliminate the duplicate constraint, rather than attempting to rename
it.  Also add a block, in case of future reuse of this pattern, which
caveats that this approach will not work in the presence of
explicitly-named indexes.  UserPresence happens to not have any, so
this technique is safe in this instance.

Co-authored-by: Alex Vandiver <alexmv@zulip.com>
2023-06-05 17:34:17 -07:00
Zixuan James Li a5cc3c5d45 users: Use a less generic response for unauthorized user creation.
This reduces confusion when an admin user tries to create users.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2023-06-05 17:33:26 -07:00
Lalit 0ced086821 docs: Fix data type for `submessages` field on `message` type.
Before this commit our docs mentioned `string[]` data type for
`submessages` field on the `message` object. This commit changes the
type to `object[]` and correctly mentions all fields of the `submessage`
object.
2023-06-05 16:21:01 -07:00
dhruv302003 34e16c1553 integrations: Refactor Github Integration to use get_sender_name. 2023-06-05 12:01:27 -07:00
dhruv302003 67125acaa6 integrations: Add user url for star event in Github Integration.
Fixes #25672.
2023-06-05 12:01:27 -07:00
Mateusz Mandera a55901aa67 migrations: Fix bug in migration 0439.
This code clearly meant to return host and returning realm.host is a
mistake. realm.host is not accessible in a migration due to being a
@property-decorated method. The code constructs the host var value just
above this line.
2023-06-05 12:16:41 -04:00
Anders Kaseorg b5e5728112 coverage: Clean up coverage configuration.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-05-31 13:53:04 -07:00
Anders Kaseorg 2db9c0bc21 openapi: Remove unused prune_schema_by_type function.
It’s unused since commit a881918a05
(#24979).

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-05-31 13:53:04 -07:00
Anders Kaseorg 0eff862459 openapi: Remove unused get_event_type function.
It’s unused since commit 8108acbdfd
(#16000).

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-05-31 13:53:04 -07:00
Lauryn Menard bca7683f58 api-docs: Revisions for feature level 161 changes.
Revises the API changelog entry for feature level 161 to document
the changes to `DELETE /users/me/subscriptions` and to explain
more clearly what the new `can_remove_subscribers_group_id`
parameter does.

Updates the feature level 161 changes notes and related descriptions
to include links and also more clearly explain the updates.

Also, updates the `GET /user_groups` example to better reflect what
is returned for system groups since this is now referenced in the
`can_remove_subscribers_group_id` parameter description.

The original API feature level 161 API documentation changes were
made in commit c3759814be and commit 73f11853ec.
2023-05-31 08:16:22 -07:00
Lauryn Menard b0b3230917 scheduled-messages: Update scheduled_message_id parameter for DELETE.
Updates the scheduled_message_id parameter for deleting scheduled
messages to use the to_non_negative_int converter function for
validation, which is used in other endpoints/views with an ID in
the request path.
2023-05-31 08:15:03 -07:00
rht 1c84f02f57 slack import: Convert threads to nicely named Zulip topics.
Fixes #9006.
2023-05-30 16:35:19 -07:00
sbansal1999 2d6e6369f3 integrations: Add Linear webhook integration.
Fixes part of #23118.
2023-05-30 10:48:19 -07:00
Prakhar Pratyush dcb163bbe3 user_topics: Update API documentation.
This commit adds the missing 'UNMUTED' visibility policy
to the documentation for 'api/get-events' and 'api/register-queue'.

It replaces INHERIT with NONE for a clearer name
in the 'api/update-user-topic' documentation.

Other smaller changes in wording to improve readability.
2023-05-30 10:46:05 -07:00
Sahil Batra a143d6b62c message_edit: Add period to error message raised due to time limit. 2023-05-29 14:49:32 -07:00
Satyam Bansal caf6506811 integrations: Simplify regex checks in GitHub Integration.
The regex check is replaced with a simpler "startswith" function.
2023-05-29 10:55:31 -07:00
Tim Abbott dce4a3c98e markdown: Remove most of Twitter integration.
Twitter removed their v1 API. We take care to keep the existing cached
results around for now, and to not poison that cache, since we might
be able replace this with something that can still use the existing
cache.
2023-05-29 10:43:35 -07:00
Alya Abbott 3ca20e3ea8 help: Document quick way to check Zulip version.
Version number was added to top section of gear menu in
4df8c6610f.

Version number was added to "About Zulip" in
668b5137b0.
2023-05-29 08:39:01 -07:00
Mateusz Mandera db7a7d589c actions: Handle cross-realm messages in do_scrub_realm.
This is necessary to properly scrub all data from the realm.
2023-05-28 15:24:31 -07:00
Anders Kaseorg 66501a8eae requirements: Upgrade Python requirements.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-05-26 22:09:18 -07:00
Anders Kaseorg 9797de52a0 ruff: Fix RUF010 Use conversion in f-string.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-05-26 22:09:18 -07:00
Lauryn Menard 0c09a4fffe scheduled-messages: Add API documentation for new endpoint.
Part of splitting creating and editing scheduled messages.
Final commit. Should be merged with previous commits in series.

Updates the API documentation for the new endpoint for editing
scheduled messages.
2023-05-26 18:05:55 -07:00
Lauryn Menard 957382253a scheduled-messages: Split out edit scheduled message endpoint.
Part of splitting creating and editing scheduled messages.
Should be merged with final commit in series. Breaks tests.

Splits out editing an existing scheduled message into a new
view function and updated `edit_scheduled_message` function.
2023-05-26 18:05:55 -07:00
Lauryn Menard 154af5bb6b scheduled-messages: Remove ID from create scheduled message.
Part of splitting creating and editing scheduled messages.
Should be merged with final commit in series. Breaks tests.

Removes `scheduled_message_id` parameter from the create scheduled
message path.
2023-05-26 18:05:55 -07:00
Lauryn Menard 7af5ceb1c5 scheduled-messages: Add direct scheduled message to populate_db.
Prep commit for splitting create/edit endpoint for scheduled
messages.

Because of `test-api` runs the tests in alphabetical order based on
the `operationId`, we need two scheduled messages in the test database.
The first for the curl example delete (delete-scheduled-message) and
the second for the curl example update (update-scheduled-message).
2023-05-26 18:05:55 -07:00
Lauryn Menard 2f196bff19 api-docs: Add when moving messages fields/parameters were added.
Adds API changelog feature level 1 and associated Changes notes
for when the `stream_id` parameter in the `PATCH /messages/message_id`
was added, and for when the `prev_stream` field was added to edit
history information for messages.

We're adding these to the Zulip 3.0 feature level 1 because
commit 843345dfee that introduced this field and this parameter
to the server / backend code was merged before the commit that added
the API feature level tracking, commit e3b90a5ec8, at level 1.
2023-05-26 11:57:08 -07:00
Lauryn Menard bb735460e5 api-docs: Update avatar_url descriptions for feature level 163 change.
Updates the descriptions of the `avatar_url` field in message and
user objects to be clear that the current user must have access
to the other user's real email address in order for the value to
ever be `null`.

Also adds a bullet point to the API changelog feature level 163
entry about this change.
2023-05-26 11:51:05 -07:00
Lauryn Menard 389e45625a api-docs: Clarify if "email" is the "Zulip API email".
Clarifies additional areas of the API documentation where a user's
email is mentioned / used where it could be useful to clarify
that the email in question is the "Zulip API email".
2023-05-26 11:51:05 -07:00
Lauryn Menard 8c7e18fd75 api-docs: Use reference link in `/register-queue` main description. 2023-05-26 11:51:05 -07:00
Lauryn Menard ee58910f1a api-docs: Update `/get-own-user` to consistently use "requesting user". 2023-05-26 11:51:05 -07:00
Lauryn Menard 7a4565e833 api-changelog: Update feature level 163 entry and changes notes.
Original commits for this feature level's changes were part
of #22994.
2023-05-26 11:51:05 -07:00
Lauryn Menard 526fd7f24b api-docs: Add "delivery_email" field to example responses. 2023-05-26 11:51:05 -07:00
Lauryn Menard 58a64b33c9 api-docs: Revise main description for /get-user-by-email endpoint. 2023-05-26 11:51:05 -07:00
Lauryn Menard 87e9482672 api-docs: Update "Zulip display email" to "Zulip API email".
In some instances, the email was not clearly defined as
Zulip display email, but the Zulip API email is what is being
returned.
2023-05-26 11:51:05 -07:00
Sahil Batra 48e99657ad events: Remove realm_community_topic_editing_limit_seconds.
This commit removes realm_community_topic_editing_limit_seconds
field from register response since topic edit limit is now
controlled by move_messages_within_streams_limit_seconds
setting.
We also remove DEFAULT_COMMUNITY_TOPIC_EDITING_LIMIT_SECONDS
constant since it is no longer used.
2023-05-25 17:26:21 -07:00
Lauryn Menard e41c235657 api-docs: Link client_capabilities parameter in property descriptions.
In the register response properties deprecated at feature level 89,
update the descriptions to link to the client_capabilities parameter
when referenced.

Also, moves the enter_send property to be in the same section of the
register response as other properties deprecated at this feature level.

These descriptions were originally added to these properties in
commit e6f828a8e2.
2023-05-25 12:04:03 -07:00
Satyam Bansal cae02dbca4 integrations: Ignore merge queue push events for GitHub Integration.
Previosuly, the server would send a 500 whenever a merge queue push
event was encountered.

Fixes #25629.
2023-05-24 15:33:50 -07:00
Lauryn Menard 1beebb9fa1 api-changelog: Update feature level 168 entry and changes notes.
Original API changelog entry from commit ae72777c77.
2023-05-24 11:38:00 -07:00
Mateusz Mandera dcbcb05655 saml: Make SP-initiated SLO work after signup. 2023-05-23 13:01:15 -07:00
Mateusz Mandera 04f5358a76 tests: Flush session in verify_desktop_flow_end_page in social auth.
As the relevant comment elaborates - what happens next in the test in
simulating the step that happens in the desktop app. Thus a new session
needs to be used. Otherwise, the old session created normally in the
browser pollutes the state and can give falsely passing tests.

This should be happening for all social auth tests using this, not just
in that one SAML test, thus moving it inside the helper method.
2023-05-23 13:01:15 -07:00
Mateusz Mandera 8fb0fe96c6 saml: Save SessionIndex in session and use when making a LogoutRequest.
This is a useful improvement in general for making correct
LogoutRequests to Idps and a necessary one to make SP-initiated logout
fully work properly in the desktop application. During desktop auth
flow, the user goes through the browser, where they log in through their
IdP. This gives them a logged in  browser session at the IdP. However,
SAML SP-initiated logout is fully conducted within the desktop
application. This means that proper information needs to be given to the
the IdP in the LogoutRequest to let it associate the LogoutRequest with
that logged in session that was established in the browser. SessionIndex
is exactly the tool for that in the SAML spec.
2023-05-23 13:01:15 -07:00
Mateusz Mandera 5dd4dcdebb saml: Make SP-initiated SLO work in the desktop application. 2023-05-23 13:01:15 -07:00
Mateusz Mandera 3f55c10685 saml: Rework SP-initiated logout config to support IdP-level config.
This gives more flexibility on a server with multiple organizations and
SAML IdPs. Such a server can have some organizations handled by IdPs
with SLO set up, and some without it set up. In such a scenario, having
a generic True/False server-wide setting is insufficient and instead
being able to specify the IdPs/orgs for SLO is needed.
2023-05-23 13:01:15 -07:00
Mateusz Mandera 0bb0220ebb saml: Implement SP-initiated Logout.
Closes #20084

This is the flow that this implements:
1. A logged-in user clicks "Logout".
2. If they didn't auth via SAML, just do normal logout. Otherwise:
3. Form a LogoutRequest and redirect the user to
https://idp.example.com/slo-endpoint?SAMLRequest=<LogoutRequest here>
4. The IdP validates the LogoutRequest, terminates its own user session
and redirects the user to
https://thezuliporg.example.com/complete/saml/?SAMLRequest=<LogoutResponse>
with the appropriate LogoutResponse. In case of failure, the
LogoutResponse is expected to express that.
5. Zulip validates the LogoutResponse and if the response is a success
response, it executes the regular Zulip logout and the full flow is
finished.
2023-05-23 13:01:15 -07:00
Mateusz Mandera dda4603f94 auth: Extract EXPIRABLE_SESSION_VAR_DEFAULT_EXPIRY_SECS. 2023-05-23 13:01:15 -07:00
Lauryn Menard eba83b9d87 api-docs: Expand `/update-message` main description for realm settings.
Expands the main description for the `/update-message` documentation
to include a list of the realm settings in the API that are relevant
to when users can update a message's content, topic or stream.
2023-05-23 11:11:20 -07:00
Lauryn Menard 8ec9abe00d api-changelog: Clarify feature level 159 descriptive text.
Original API changelog entries: commit 02eee3a04f and
commit 815bf609fa.
2023-05-23 11:11:20 -07:00
Lauryn Menard e4ae8b79c3 api-changelog: Clarify feature level 162 descriptive text.
Original API changelog entries: commit 73f0eae394 and
commit 2c4e076fef and commit 891f83601d.
2023-05-23 11:11:20 -07:00
Lauryn Menard 0e9c34a975 api-changelog: Clarify feature level 172 descriptive text.
Original API feature level entries: commit 440f9e397a and
commit bd7f728796.
2023-05-23 11:11:20 -07:00