Commit Graph

15160 Commits

Author SHA1 Message Date
Tim Abbott ab1e9f2b97 rename_stream: Move stripping of whitespace to view. 2017-01-29 20:26:59 -08:00
Tim Abbott 4ad1fadab0 streams: Create and use do_change_stream_invite_only. 2017-01-29 20:26:59 -08:00
Tim Abbott c74ddb74e9 do_make_stream_private: Accept a stream object, not a name. 2017-01-29 20:26:59 -08:00
Tim Abbott 0a75480444 do_make_stream_public: Accept a stream object, not a name. 2017-01-29 20:26:59 -08:00
Tim Abbott 54bcc675f7 subscribe_to_stream: Return the stream object.
This simplifies some code paths a bit.
2017-01-29 20:26:59 -08:00
Tim Abbott 3f83ea3879 lint: Ban use of get_stream in most views files. 2017-01-29 20:26:59 -08:00
Tim Abbott e137787d1a users: Use access_stream_by_name to access streams.
This simplifies the code somewhat and adds greater consistency of
error messages.
2017-01-29 20:26:59 -08:00
Tim Abbott ea72b97cd9 home: Cleanup narrow_topic logic. 2017-01-29 20:26:59 -08:00
Tim Abbott a7cb7dd695 home: Use access_stream_by_name to access streams. 2017-01-29 20:26:59 -08:00
Tim Abbott 6c512bdfd3 json_invite_users: Use access_stream_by_name. 2017-01-29 20:26:59 -08:00
Tim Abbott bc2f23383e streams: Move list_to_streams to lib. 2017-01-29 20:26:59 -08:00
Tim Abbott 02f5ef1d23 streams: Move filter_stream_authorization to lib. 2017-01-29 20:26:59 -08:00
Tim Abbott de68dd2860 lint: Ban use of Stream.objects.* in zerver/views. 2017-01-29 20:26:59 -08:00
Tim Abbott bb86bba20d stream_exists_backend: Use access_stream_by_name. 2017-01-29 20:26:59 -08:00
Tim Abbott eeeffa8704 urls: Review useless stream_exists_backend endpoints.
The actual function was overcomplicated and was designed to check
whether a stream existed by name, not by ID, so there was no value in
having it be used for checking if a stream existed by ID.
2017-01-29 20:26:59 -08:00
Tim Abbott 46e5b8a9cc streams: Remove unused json_remove_subscriptions. 2017-01-29 20:26:59 -08:00
Tim Abbott e57e2ee9f1 get_subscribers_backend: Use access_stream_by_id. 2017-01-29 20:26:59 -08:00
Tim Abbott 0d980b7cef json_get_stream_id: Use access_stream_by_name. 2017-01-29 20:26:59 -08:00
Tim Abbott 1ced8d3eb6 get_topics_backend: Use access_stream_by_id. 2017-01-29 20:26:58 -08:00
Tim Abbott 6685885741 deactivate_stream_backend: Use access_stream_by_id. 2017-01-29 20:26:58 -08:00
Tim Abbott 826cc80c9e update_stream_backend: Use access_stream_by_id. 2017-01-29 20:26:58 -08:00
Tim Abbott de38f3eb94 update_stream_backend: Clean up unnecessary stream_name variable. 2017-01-29 20:26:58 -08:00
Tim Abbott 2cf223470d streams: Eliminate get_subscription_or_die helper function. 2017-01-29 20:26:58 -08:00
Tim Abbott 0af34ee710 streams: Add zerver/lib/streams.py library for security checks.
The goal of this library is to make it a lot easier to prevent bugs
like CVE-2017-0881 by having all of our views logic for fetching a
stream go through a couple carefully tested code paths.
2017-01-29 20:26:58 -08:00
Tim Abbott de3e96162e middleware: Fix recursive DisallowedHost exceptions. 2017-01-29 20:26:58 -08:00
Tim Abbott 20f3705c00 logging_handlers: Add error handling for invalid hosts. 2017-01-29 19:57:09 -08:00
Tim Abbott 96d3bea6d5 Add changelog from Zulip 1.4.3 release. 2017-01-29 15:32:08 -08:00
Tim Abbott 7ecda1ac8e streams: Fix autosubscribe security bug (CVE-2017-0881).
A bug in Zulip's implementation of the "stream exists" endpoint meant
that any user of a Zulip server could subscribe to an invite-only
stream without needing to be invited by using the "autosubscribe"
argument.

Thanks to Rafid Aslam for discovering this issue.
2017-01-29 15:30:59 -08:00
Tim Abbott 7e0ce22808 errors: Remove build_request_repr logic.
This interface is no longer supported in Django 1.10.
2017-01-29 14:18:22 -08:00
Tim Abbott dea281557d events: Handle reactions events in apply_events.
Previously, this race condition just threw an exception.
2017-01-29 14:18:16 -08:00
Tim Abbott 70af09539f Fix unnecessary traceback in authenticated_rest_api_view.
Apparently, we weren't returning the `json_error`, resulting in users
encountering this condition receiving a 500, rather than the proper
40x error.

This fixes a regresion introduced in 9ae68ade8b.
2017-01-29 12:48:10 -08:00
Tim Abbott 234eb7a723 emoji: Add a bunch of documentation in comments for emoji rules. 2017-01-29 12:33:44 -08:00
Rishi Gupta e19f3d5534 emoji: Make minor adjustments to emoji names list. 2017-01-29 12:19:54 -08:00
Tim Abbott d38b552b02 docs: Add initial documentation on the emoji system. 2017-01-29 12:15:29 -08:00
Tim Abbott 0f75c8d4ed docs: Simplify integration guide discussion of writing docs.
You don't need to know about the div structure of /integrations
anymore, so we shouldn't get into it.
2017-01-29 11:53:09 -08:00
Tomasz Kolek 3b48f21f5a Add improvements to integration-guide.md.
Fix some typos, add a few sentences that might clear it a little.
2017-01-29 11:49:13 -08:00
Jackson db1d6933de docs: Add user guide for Using Zulip on Windows. 2017-01-29 11:38:12 -08:00
Tim Abbott e8fd780413 docs: Fix missing wget when downloading tsearch_extra.
Fixes #3509.
2017-01-29 11:23:34 -08:00
Cynthia Lin 522ac3ea4a frontend: Add #search-operators link to search icon; Fixes #1369. 2017-01-29 07:20:15 -08:00
Rishi Gupta 6f307ffd08 emoji: Switch the order of thumbs_up and thumbs_down in autocomplete. 2017-01-28 23:38:03 -08:00
Rishi Gupta 8ef5197d5c emoji: Remove problematic color emoji from autocomplete and picker. 2017-01-28 23:38:03 -08:00
Rishi Gupta a2890f7d7a emoji: Remove duplicates from autocomplete and emoji picker.
Previously, if you searched for ':offi..' you would see both 🏢 and
:office_building: as possible completions, both of which are shortcodes for
the same unicode codepoint (and hence which have the same image). Also, we
sort the emoji in our emoji pickers alphabetically by shortcode, and so the
images for 🏢 and :office_building: show up next to each other, which
looks like a bug. This removes :office_building: as a shortcode, along with
several hundred other duplicates. It leaves some duplicates in that won't
give autocomplete or alphabetical ordering a problem, like (🚗,
:automobile:).
2017-01-28 23:38:03 -08:00
Cynthia Lin d8c648ac05 docs: Update *Verify that you message has been successfully sent* doc.
Change wording for better clarification.
2017-01-28 22:56:09 -08:00
synicalsyntax 21534930b1 docs: Update *Searching for messages* doc. 2017-01-28 22:49:11 -08:00
synicalsyntax f6fc218ba3 docs: Fix *Join Zulip Chat button* doc.
With tweaks from tabbott to clean it up and better explain it.
2017-01-28 22:47:18 -08:00
Tim Abbott 5f4ddb9079 glossary: Add more clarity to private message discussions. 2017-01-28 22:39:35 -08:00
Tim Abbott 2fb51ff876 puppet: Use SIGINT to restart uwsgi.
This results in a brief service interruption (not a graceful restart),
but fixes a bug where on a `supervisorctl restart zulip-django`, we'd
end up leaking a bunch of uwsgi processes.

The mechanism was that sending SIGHUP to uwsgi was a command for it to
gracefully restart, so it'd start doing that (whereas supervisor
expected it to be dying)... and then supervisor would start up the new
uwsgi process group, resulting in 2 uwsgi process groups running.

This, in turn, led to a memory leak that could eventually result in
OOM kills.
2017-01-28 22:26:12 -08:00
synicalsyntax 4504818e5e docs: Add user guide for *Send someone a private message* 2017-01-28 19:16:56 -08:00
Cynthia Lin 30b7eee3ef docs: Add user guide for *Configure email notifications* 2017-01-28 19:09:03 -08:00
Yago González d0d0e6956a docs: Improve Spanish style guide. 2017-01-28 19:08:14 -08:00