Commit Graph

2059 Commits

Author SHA1 Message Date
Steve Howell 75db4f5187 Avoid O(N) query pitfall for /users endpoint.
We now use a `.values` query to get just the fields we need
in order to fulfill '/json/users' requests.

The main benefit is that we don't do O(N) queries for bot
owners, but we also have less data on UserProfile to process.
2017-10-09 14:08:07 -07:00
Steve Howell f87159ad98 Flush standard output in match_states(). 2017-10-09 12:23:49 -07:00
Harshit Bansal 3acaa79336 reactions.py: Don't check for valid emoji name while removing reaction.
On receiving a request for deleting a reaction, just check if such
a reaction exists or not. If it exists then just delete the reaction
otherwise send an error message that such a reaction doesn't exist.
It doesn't make sense to check whether an emoji name is valid or not.
2017-10-09 17:54:37 +00:00
Tim Abbott 9cf26db6db test_management_commands: Fix send_webhook_fixture_message test.
I unfortunately didn't remember this could have a test.
2017-10-08 21:20:35 -07:00
Steve Howell 12e65eb21c Use stream ids in various tests.
This commit prepares us to introduce a StreamLite class. For
these tests, we don't care about the actual contents of the
Stream, just the right stream is there.
2017-10-08 20:18:34 -07:00
Greg Price a116303604 passwords: Express the quality threshold as guesses required.
The original "quality score" was invented purely for populating
our password-strength progress bar, and isn't expressed in terms
that are particularly meaningful.  For configuration and the core
accept/reject logic, it's better to use units that are readily
understood.  Switch to those.

I considered using "bits of entropy", defined loosely as the log
of this number, but both the zxcvbn paper and the linked CACM
article (which I recommend!) are written in terms of the number
of guesses.  And reading (most of) those two papers made me
less happy about referring to "entropy" in our terminology.
I already knew that notion was a little fuzzy if looked at
too closely, and I gained a better appreciation of how it's
contributed to confusion in discussing password policies and
to adoption of perverse policies that favor "Password1!" over
"derived unusual ravioli raft".  So, "guesses" it is.

And although the log is handy for some analysis purposes
(certainly for a graph like those in the zxcvbn paper), it adds
a layer of abstraction, and I think makes it harder to think
clearly about attacks, especially in the online setting.  So
just use the actual number, and if someone wants to set a
gigantic value, they will have the pleasure of seeing just
how many digits are involved.

(Thanks to @YJDave for a prototype that the code changes in this
 commit are based on.)
2017-10-08 15:48:44 -07:00
Steve Howell 3e6bfe1b23 Use user_ids, not emails, for bulk stream operations.
We now return user_ids for subscribers to streams in add-stream
events.  This allows us to eliminate the UserLite class for
both bulk adds and bulk removes.  It also simplifies some JS
code that already wanted to use user_ids, not emails.

Fixes #6898
2017-10-08 12:31:12 -07:00
Steve Howell 10a30bece1 Rename presence_idle_userids -> presence_idle_user_ids. 2017-10-07 12:16:45 -07:00
Harshit Bansal 7b88e3eea7 tests: Add a test suite for verifying the mobile push notifs content.
This test suite works by using the expected_output and new text_output
fields in the bugdown test cases to verify that each syntax is
correctly translated by this new function.

Some of these translations, like strikethrough, are kinda poor; but
this framework should make it easy to iterate on the formatting.

Fixes: #6720.
2017-10-06 16:47:27 -07:00
Harshit Bansal 5a6584890d push_notifications: Start using `get_mobile_push_content()` function. 2017-10-06 16:47:25 -07:00
Tim Abbott 234f7960a1 tests: Add @slow decorator to various methods needing it.
Also, fix the test_message_editing test having way too many cases.

Fixes #1478.
2017-10-06 15:45:04 -07:00
Tim Abbott 0d7617721c test_messages: Clean up some slow tests.
One isn't actually slow; the other was doing something wasteful.
2017-10-06 15:44:17 -07:00
Tim Abbott d5c2508858 tests: Remove unnecessary @slow decorators.
This is part of addressing #1478.
2017-10-06 15:17:34 -07:00
Steve Howell d2966ae5d4 minor: Fix missing "not" in comment. 2017-10-06 14:08:41 -07:00
Tim Abbott 73e1c26c15 test_events: Add missing nocoverage tag on debugging code. 2017-10-06 13:59:26 -07:00
Steve Howell ad521a0e07 minor: Add debugging statement to test.
This test is flaky for some unknown reason, so we print
out the loop index in case the test fails.
2017-10-06 13:56:37 -07:00
Steve Howell a99574ebf0 tests: Make apply-events tests easier to debug.
It's fairly difficult to debug tests that use
EventsRegisterTest.do_test, and when they fail on
Travis, it's particularly challengning.  Now we make
the main diff less noisy, and we also include
the events that were applied.
2017-10-06 13:56:36 -07:00
derAnfaenger 747c283180 lint: Replace `pk` with `id` where they are equivalent. 2017-10-06 12:52:12 -07:00
Tim Abbott 0c44310009 tests: Don't use caching session engine in tests.
Because we run tests in parallel, the caching session engine can lead
to nondeterministic failures.
2017-10-06 12:22:20 -07:00
Tim Abbott fe6a04cbdb Revert "locale: Fix incorrect locale name for zh-Hans."
This reverts commit ba8dc62132.

As best I can tell, the old configuration was correct for what Django
wanted.  Further testing is required, but this at least brings
.tx/config to match the actual filenames; I think our Chinese
translations have been broken until now.
2017-10-06 10:09:08 -07:00
Tim Abbott 1a9adbbe70 test_signup: Fix test for login page redirect.
I forgot to update this in 43bba27e5d.
2017-10-05 23:36:33 -07:00
Tim Abbott 313083484a test_i18n: Remove zh-hans tests for now. 2017-10-05 23:33:12 -07:00
Umair Khan 6fbf41bdbc queue: Add test for signups retry logic. 2017-10-05 23:14:19 -07:00
Umair Khan b464fd7643 makemessages: Change type of translation_strings to List.
In the code this variable is only used as a list, however, we
create it as dictionary which uses more memory.
2017-10-05 22:44:34 -07:00
Alena Volkova 21bc0e845c urls: Delete the json/tutorial_send_message endpoint.
This endpoint is part of the old tutorial, which we've removed, and
has some security downsides as well.

This includes a minor refactoring of the tests.
2017-10-05 15:41:57 -07:00
Tim Abbott e1eb91343b zephyr: Update path to process_cache for repository split.
This should have been done long ago, but better late than never.
2017-10-05 12:35:20 -07:00
Rishi Gupta 0596c4a810 analytics: Enforce various datetime arguments are in UTC.
Sort of a hacky hammer, but
* The original design of the analytics system mistakenly attempted to play
  nicely with non-UTC datetimes.
* Timezone errors are really hard to find and debug, and don't jump out that
  easily when reading code.

I don't know of any outstanding errors, but putting a few "assert this
timezone is in UTC" around will hopefully reduce the chance that there are
any current or future timezone errors.

Note that none of these functions are called outside of the analytics code
(and tests). This commit also doesn't change any current behavior, assuming
a database where all datetimes have been being stored in UTC.
2017-10-05 11:22:06 -07:00
Rishi Gupta 0c2b4d22a7 analytics: Convert datetimes coming from the API into UTC.
Previously, entering a non-UTC end time for a daily stat would give you
incorrect results. This is because:
* All daily stats are collected at and have end_times in the database in
  midnight UTC.
* For daily stats, time_range returns a list of datetimes at midnight in the
  timezone of its end argument. These datetimes are the only ones we look
  for when looking for rows corresponding to the stat in the database.
* Previously, we passed on the end argument from the API to time_range,
  without modification.
2017-10-05 11:22:06 -07:00
Steve Howell d6e21b5ca9 Collect sender_ids (by topic) in `unread_msgs`.
This will allow the mobile app to say "A, B, and C are
talking" in the topic views.
2017-10-05 10:37:15 -07:00
Steve Howell e56084fcf7 Simplify how we apply events for unread messages.
The logic to apply events to page_params['unread_msgs'] was
complicated due to the aggregated data structures that we pass
down to the client.

Now we defer the aggregation logic until after we apply the
events.  This leads to some simplifications in that codepath,
as well as some performance enhancements.

The intermediate data structure has sets and dictionaries that
generally are keyed by message_id, so most message-related
updates are O(1) in nature.

Also, by waiting to compute the counts until the end, it's a
bit less messy to try to keep track of increments/decrements.
Instead, we just update the dictionaries and sets during the
event-apply phase.

This change also fixes some corner cases:

    * We now respect mutes when updating counts.
    * For message updates, instead of bluntly updating
      the whole topic bucket, we update individual
      message ids.

Unfortunately, this change doesn't seem to address the pesky
test that fails sporadically on Travis, related to mention
updates.  It will change the symptom, slightly, though.
2017-10-05 09:42:20 -07:00
Steve Howell c567f105c9 Have topic_is_muted take a stream_id.
This function doesn't need a full Stream object to detect
whether a stream is muted, so we can save future callers
from doing unnecessary DB fetches.
2017-10-05 09:32:16 -07:00
Harshit Bansal ef35e6ac3f reactions: Switch to using `name_to_codepoint`.
Instead of using `unified_reactions` mapping start using
`name_to_codepoint` mapping for converting emoji name to
codepoints. We were using `unified_reactions` mapping
because prior to emoji web PR `name_to_codepoint` mapping
was generated using emoji_map.json which contained old
codepoints but for reactions new codepoints were required
to display them using sprite sheets.
2017-10-04 23:09:14 -07:00
Vishnu Ks eef72a98e4 backends: Create custom email backend EmailLogBackEnd.
Create a new custom email backend which would automatically
logs the emails that are send in the dev environment as
well as print a friendly message in console to visit /emails
for accessing all the emails that are sent in dev environment.
Since django.core.mail.backends.console.EmailBackend is no longer
userd emails would not be printed to the console anymore.
2017-10-04 08:20:29 -07:00
Vishnu Ks 4c2e787ffc emails: Redirect to /emails after generating emails. 2017-10-04 08:20:29 -07:00
kunall17 f091823fc8 push_notifications: Set APNS badge as 0 for now.
We don't yet have support for tracking the number of open APNS
notifications server-side, so setting this to 0 will at least avoid
confusing users.
2017-10-03 17:07:49 -07:00
Steve Howell aae0b2a826 Notify offline users about edited stream messages.
We now do push notifications and missed message emails
for offline users who are subscribed to the stream for
a message that has been edited, but we short circuit
the offline-notification logic for any user who presumably
would have already received a notification on the original
message.

This effectively boils down to sending notifications to newly
mentioned users.  The motivating use case here is that you
forget to mention somebody in a message, and then you edit
the message to mention the person.  If they are offline, they
will now get pushed notifications and missed message emails,
with some minor caveats.

We try to mostly use the same techniques here as the
send-message code path, and we share common code with the
send-message path once we get to the Tornado layer and call
maybe_enqueue_notifications.

The major places where we differ are in a function called
maybe_enqueue_notifications_for_message_update, and the top
of that function short circuits a bunch of cases where we
can mostly assume that the original message had an offline
notification.

We can expect a couple changes in the future:

    * Requirements may change here, and it might make sense
      to send offline notifications on the update side even
      in circumstances where the original message had a
      notification.

    * We may track more notifications in a DB model, which
      may simplify our short-circuit logic.

In the view/action layer, we already had two separate codepaths
for send-message and update-message, but this mostly echoes
what the send-message path does in terms of collecting data
about recipients.
2017-10-03 15:57:06 -07:00
Tim Abbott 654562b942 check_message: Reject null bytes in message content.
Postgres doesn't like them, we don't have an obvious way to escape
them, and they tend to be sent by buggy tools where it'd be better for
the user to get an error.

This fixes a 500 we were getting occasionally.
2017-10-03 15:32:04 -07:00
Cynthia Lin cfeb125624 zerver: Block access to subdirectories when visiting user docs articles.
Fixes #6770
2017-10-03 11:16:09 -07:00
Umair Khan d95d34a66a Retry email failures in missed-message emails queue.
Fixes #6518.
2017-10-03 10:35:07 -07:00
Tim Abbott 7581e0e1c5 settings: Remove remaining references to REALMS_HAVE_SUBDOMAINS. 2017-10-02 16:43:54 -07:00
Tim Abbott 1d72629dc4 subdomains: Hardcode REALMS_HAVE_SUBDOMAINS=True. 2017-10-02 16:42:43 -07:00
Tim Abbott 95a0a4a06f subdomains: Update AuthBackendTest for subdomains always on.
This is separate from the main subdomains commit mainly for
readability of the history.
2017-10-02 16:32:11 -07:00
Tim Abbott 26a5332828 subdomains: Update some tests to run with subdomains.
Specifically, our request middleware adds an extra database query for
these code paths, to verify whether the subdomain is valid.
2017-10-02 16:32:11 -07:00
Tim Abbott 13bb546ddd subdomains: Hardcode can_add_realm_domains=True.
It was already always True if REALMS_HAVE_SUBDOMAINS, and now that's
the only supported configuration.
2017-10-02 16:32:10 -07:00
Tim Abbott 66658bbf25 subdomains: Hardcode REALMS_HAVE_SUBDOMAINS in API docs. 2017-10-02 16:32:10 -07:00
Tim Abbott 262a0692ab subdomains: Delete completely_open helper function.
We no longer use this anyway.
2017-10-02 16:32:10 -07:00
Tim Abbott e6f8032972 subdomains: Remove get_unique_open_realm code paths.
Since we no longer support !REALMS_HAVE_SUBDOMAINS in production,
these no longer make sense.
2017-10-02 16:32:10 -07:00
Tim Abbott 99e4ceebd4 test_auth_backends: Extract REALMS_HAVE_SUBDOMAINS overrides.
This will make the diff a lot smaller when we hardcode
REALMS_HAVE_SUBDOMAINS=True.
2017-10-02 16:32:09 -07:00
Tim Abbott bd066fe0f1 test_subdomain_restrictions: Update to assume subdomains. 2017-10-02 15:32:39 -07:00
Steve Howell 2be713a7e4 Rename get_userids_for_missed_messages().
We rename this function to get_active_presence_idle_userids().
2017-10-02 15:19:28 -07:00