Commit Graph

45437 Commits

Author SHA1 Message Date
Alex Vandiver 54d037f24a version: Update version and changelog after 4.8 release. 2021-12-01 23:42:11 +00:00
Mateusz Mandera a014ef75a3 CVE-2021-43791: Validate confirmation keys in /accounts/register/ codepath.
A confirmation link takes a user to the check_prereg_key_and_redirect
endpoint, before getting redirected to POST to /accounts/register/. The
problem was that validation was happening in the check_prereg_key_and_redirect
part and not in /accounts/register/ - meaning that one could submit an
expired confirmation key and be able to register.

We fix this by moving validation into /accouts/register/.
2021-12-01 23:14:04 +00:00
Mateusz Mandera a1cd660147 confirmation: Use error status codes for confirmation link error pages. 2021-12-01 23:14:04 +00:00
Tim Abbott 9875c9be1b stream_data: Fix web_public option defintion being development only.
The availability of this option is now controlled by fancier logic in
stream_settings_ui.js, but we neglected to remove this
development_environment guard when doing so, resulting in stream
creation being broken in production environments (because the
JavaScript code depended on this value being available).
2021-12-01 14:08:16 -08:00
Eeshan Garg f976bf723e links: Rename developer-community -> development-community. 2021-12-01 13:41:46 -08:00
Arch0125 7c4382bb06 dropdown_list_widget: Replaced pencil icon with chevron-down.
This is the standard way to indicate that something is a dropdown
menu, and in particular avoids confusion some folks had with the
pencil icon.

Tweaked by tabbott to unify CSS with all of our other dropdown list
widget instances.

Fixes #19888.
2021-12-01 13:35:15 -08:00
Alya Abbott 5f2ea69b9f jobs: Update designer job description. 2021-12-01 13:12:21 -08:00
Sahil Batra 988e9d2abc stream_create: Select the first enabled choice by default.
We select the first enabled radio button by default instead
of selecting "Public" because there can be case when a user
is allowed to create a private-stream only and the other
options are disabled in that case after some recent changes.
2021-12-01 13:01:19 -08:00
Sahil Batra 969bb2bf76 events: Live update stream-privacy choices on changing enable_spectator_access. 2021-12-01 13:01:19 -08:00
Sahil Batra a2ebb92649 settings: Add live-update code for updating stream privacy choices.
This commit adds code for live-updaing the stream-privacy choices
in stream creation form and privacy change modal on changing
"create_public_stream_policy", "create_private_stream_policy"
and "create_web_public_stream_policy".
2021-12-01 13:01:19 -08:00
Sahil Batra 17a955bf1e server_events_dispatch: Add create_web_public_stream_policy to realm_settings object. 2021-12-01 13:01:19 -08:00
Sahil Batra 0986141a5e stream_settings: Refactor code to disable private stream privacy option.
This commit renames disable_private_stream_privacy_option to
update_private_stream_privacy_option_state and also refactors
the code such that it can also be used to enable the option along
with disabling the option in further commit.
2021-12-01 13:01:19 -08:00
Sahil Batra 8778e5039b stream_settings: Refactor code to disable public stream privacy option.
This commit renames disable_public_stream_privacy_option to
update_public_stream_privacy_option_state and also refactors
the code such that it can also be used to enable the option along
with disabling the option in further commit.
2021-12-01 13:01:19 -08:00
Sahil Batra 8a3a5f9c19 stream_settings: Refactor code to hide or disable the web-public privacy option.
This commit renames hide_or_disable_web_public_stream_privacy_option to
update_web_public_stream_privacy_option_state and also refactors the code
such that it can also be used to enable or show the option along with disabling
and hiding the option in further commit.
2021-12-01 13:01:19 -08:00
Sahil Batra 15cf972a8e stream_settings: Split code for disabling the stream-privacy choices.
This commit splits the hide_or_disable_stream_privacy_options_if_required
function into three separate functions for public, private and web-public
streams. This is a prep commit for live-updating the stream-privacy choices
on changing the realm setting.
2021-12-01 13:01:19 -08:00
Sahil Batra 4eeee7296e dialog_widget: Use simplebar for the modals using dialog_widget. 2021-12-01 12:13:06 -08:00
Sahil Batra b23df8dc9b popovers: Add "Manage this user" option to user info popover.
This commit adds "Manage this user" option in the user-info popover
which simply opens the administrative user-info modal.

We show a spinner on submit button in this case as modal
is not closed immediately and thus we need some indicator
to show that the task is in progress. There is no spinner
on submit button in the modal opened from "Users" section
of organization settings.

Error handling for this case is different than when the
modal is opened from "Users" section of organization
settings because there is no overlay in the background
of modal in this case.

In this case, we show error inside the modal and do not
close it and in case the change is completed successfully
we just close the modal without showing any message.

Fixes part of #18944.
2021-12-01 12:13:06 -08:00
Sahil Batra 2836879767 settings: Extract code for opening user-info edit modal into a function. 2021-12-01 12:13:06 -08:00
Sahil Batra 2c70302e19 settings: Change heading of modal used to edit user info.
This commit changes the heading of modal used by admins to
edit user info to "Manage user".
2021-12-01 12:13:06 -08:00
Anders Kaseorg a030aa5252 drafts: Reformat with Prettier.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-12-01 12:12:29 -08:00
YashRE42 be76d7592a reload: Manually save draft and preserve id when triggering reload.
We received a complaint about the generation of multiple duplicate
drafts for a single message. It was discovered that the likely cause
of this was how we were handling clients that were frequently
suspending/unsuspending, we would initiate a reload when we discovered
this, and expect the `beforeunload` handler to save the draft. This
behaved correctly, however, we would also save the compose state and
fill it in via `preserve_state` in reload.js. The important detail
here is that `preserve_state` would not encode and preserve the
`draft_id` for the current message, partly because it had no way of
knowing the `draft_id` of the draft... since we have not saved it yet,
the `beforeunload` event happens after `preserve_state`. As such,
performing any action that would trigger a draft to be saved, eg
pressing Esc to close the compose box, would save a duplicate draft of
the same message.

To resolve the above bug, we (1) ensure that we call
`drafts.update_draft()` in `preserve_state`, this returns a draft_id
to us, which we (2) ensure that we encode as part of the url and (3)
set on the `#composebox-textarea` as a `draft-id` data attribute,
which we check the next time we try to save the draft, post reload.

Note that this causes us to save the draft twice, once from
preserve_state and then again from the `beforeunload` handler, but we
do not add two drafts since the second update_draft call just edits
the timestamp because it finds the `draft-id` data attribute on the
`#composebox-textarea` set by the first call.
2021-12-01 12:03:20 -08:00
YashRE42 3e853d6f8f drafts: Don't notify if contents of draft have not been changed.
Previously, opening a draft and closing it without changing the
content would cause us to show the "saved as draft" tooltip. This was
annoying and would cause annoying UX after fixing a bug related to
saving drafts when reloading, as such, this commit removes the above
behaviour by introducing a simple check on whether the draft contents
are edited.
2021-12-01 12:03:17 -08:00
YashRE42 6dd0daede0 drafts_tests: Add node test coverage to drafts.update_draft().
This adds complete coverage for the update_draft function.
2021-12-01 11:54:33 -08:00
YashRE42 c8f18f8ae7 drafts: Extract maybe_notify function in update_draft.
This is a prep commit for adding node test coverage to
drafts.update_draft().
2021-12-01 11:54:33 -08:00
YashRE42 555f80c34b compose_actions: Add comment about spread syntax overwrite behavior. 2021-12-01 11:29:37 -08:00
Eeshan Garg a3095331eb corporate/models: Modify Customer to accommodate self-hosted customers.
This is a part of our efforts to introduce billing for our on-premise
customers.
2021-11-30 15:20:33 -08:00
Ganesh Pawar f760850993 login_to_access_modal: Migrate modal to Micromodal. 2021-11-30 14:39:46 -08:00
AEsping f6c4f17900 dev docs: Update Jinja translation tag link.
Updates the link to Jinja i18n extension for auto-translation.
2021-11-30 14:36:29 -08:00
AEsping 828313b54a dev docs: Update Jinja translation tag link.
Updates the link to Jinja i18n extension for auto-translation.
2021-11-30 14:36:29 -08:00
AEsping 704c9609ee dev docs: Update Tig link.
Updates the link to the Tig git visualizer.
2021-11-30 14:36:29 -08:00
AEsping 11f2575c31 dev docs: Update "Solo" link.
Fixes the link to "El adveribo <<solo>> y los pronombres
demonstrativos, sin tilde."
2021-11-30 14:36:29 -08:00
AEsping 510b8867a6 dev docs: Update Neil Green link in the reading list.
Fixes the link to the Neil Green presentation on TypeScript
vs Coffee Script vs ES6.

This is a change from slides to a video becasue the slides are
no longer available.
2021-11-30 14:36:29 -08:00
AEsping 55f9178506 dev docs: Update Black link.
Updates the link to the editior integration for Black.
2021-11-30 14:36:29 -08:00
AEsping 3e07ac5521 prod docs: Update BBB customization link.
Updates the Big Blue Button link for customizing secrets
extraction.
2021-11-30 14:36:29 -08:00
AEsping 5410009a88 prod docs: Update BBB configuration link.
Updates the Big Blue Button customization link for
extracting shared secrets.
2021-11-30 14:36:29 -08:00
Aman Agrawal 8a0c3aeadd landing_page: Force white background colour.
A page can have either `white` (from `landing_page.css`) or `gray`
(from `portico.css`) background color depending on
webpack chunking order.  So, this fixes that bug.
2021-11-30 13:08:17 -08:00
akshatdalton 76afb31196 filter: Show typeahead suggestions if search query has search filters.
In message header search bar, users didn't use to get any typeahead
suggestions if a normal filter follows search filter.

E.g.: query => foo bar stream:D

In the above case, users didn't use to get any typeahead suggestions.
This was because we had set that the callers of 'parse' function can
assume that the 'search' operator is present in the last in the query.
Because of which `get_search_result` function (in search_suggestion.js)
didn't use to show any typeahead suggestions as it used to assume that
the latest typed query is for search filters.

Fixes part of #19435.
2021-11-29 16:20:29 -08:00
akshatdalton 275171b592 filter: Add `maybe_add_search_terms` function to add search_term.
This function adds search_term to the operators list.
This logic is extracted as a prep commit for the
changes related to #19435.
2021-11-29 16:20:29 -08:00
Anders Kaseorg d3dab39b87 Revert "settings: Silence CryptographyDeprecationWarning spam from a dependency."
The warning was fixed in python-jose 3.3.0, which we pulled in with
commit 61e1e38a00 (#18705).

This reverts commit 1df725e6f1 (#18567).

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-11-29 16:04:53 -08:00
Mateusz Mandera 8c1a6f4bba docs: Suggest updating settings.py in OIDC instructions.
OIDC config features a get_secret call (so it requires adding an import)
as well as having a bunch of its instructions in the form of comments on
the various keys of the config dict - thus users should really update
settings.py to fetch all of that.
2021-11-29 15:52:52 -08:00
Anders Kaseorg 513848a9d2 requirements: Install Gitlint from PyPI again.
In https://github.com/jorisroovers/gitlint/pull/246 I split the
gitlint package into gitlint and gitlint-core, where the latter avoids
pinning exact versions of its requirements so we can use it again.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-11-29 13:35:58 -08:00
Aman Agrawal 0fece515f2 hash_util: Remove dependency on narrow_state module.
We directly pass operators to remove dependency on narrow_state
module. This avoids a circular dependency of `filter` module
which is evident on the `/devtools/integrations/` page.
2021-11-29 13:30:18 -08:00
Sahil Batra c20f5a9866 dialog_widget: Add a new optional parameter validate_input.
This commit extends dialog_widget class by adding a new
optional paramter validate_input which will be a function
to validate the inputs in the dialog and will be called
before showing the spinner and calling the on_click function.

Currently, the password change modal uses this paramter to
validate that the old and new password inputs must not be
empty. Since the spinner will not be initiated in the case
where form is invalid, we need not hide the spinner after
showing the error and thus we can simplify the code to use
ui_report.error to show the error messages of empty fields.
2021-11-29 13:28:52 -08:00
Tim Abbott 35f9ed6ebe help: Remind users changing subdomains to update SSL certs. 2021-11-28 11:59:44 -08:00
Tim Abbott 223d769680 api docs: Clean up description of legacy reaction events.
* Remove `is_mirror_dummy` copy-paste error.
* Clarify explanation of the user dictionary.
2021-11-28 11:52:51 -08:00
Manan Rathi b40bd21691 data_exports: Fix the heading cutoff in Settings.
Removed the unnecessary margin from the admin_exports_table
class.

Fixes #20311
2021-11-28 07:15:28 -08:00
Tim Abbott 23558ebd39 compose: Add missing translation tag to quoting placeholder. 2021-11-28 07:00:46 -08:00
Tim Abbott 8d1013acdb compose: Rewrite quote-and-reply cursor positioning logic.
This fixes unexpected cursor repositioning behavior when the cursor was
positioned before or inside the "Quoting..." element.

The comments document the new logic, but roughly we aim to just
preserve the logical position of your cursor after replacing the
placeholder.

We also factor out a shared variable for the "Quoting..." string which
will allow us to tag it for translation in a future commit.
2021-11-28 07:00:46 -08:00
Tim Abbott 25c9b05bd0 compose: Fix cursor position loss in quote-and-reply.
If you used "Quote and reply" to start composing a message, and
started typing before receiving the original message body from the
server, we ended up resetting your cursor to the start of the line
after the quote for two reasons:

* We were incorrectly fetching the pre_cursor for our replacement
  operation before doing the server fetch, which meant we ignored any
  editing done while waiting for the server to respond.

* Worse, we actually fetched the original cursor position before
  inserting the "[Quoting...]" placeholder text. So we were guaranteed
  to have at least some amount of error in the cursor position.

Fixes #20379.
2021-11-28 07:00:46 -08:00
YashRE42 089fdc4d94 narrow: Call reset_ui_state at start of narrowing process.
Continuing the efforts to reduce dom trashing from the previous
commits, here we remove the third forced reflow by reordering the call
to $(".top-messages-logo").show() via narrow.reset_ui_state(), such
that it happens before the other DOM writes in
recent_topics_ui.hide().

Tweaked by tabbott to avoid adding an unnecessary if/else statement
around recent_topics_ui.hide.
2021-11-27 20:18:32 -08:00