Commit Graph

48368 Commits

Author SHA1 Message Date
Ganesh Pawar e758ec400b alert word: Convert inline form to modal. 2022-08-15 19:07:38 -07:00
Mateusz Mandera d48075de58 logout_all_users: Add --rotate-api-keys option to the command.
Fixes #19397.
2022-08-15 17:58:05 -07:00
Lauryn Menard 76859d4dc3 help-docs: Note automated PMs sent when subscribing users to streams.
Adds a shared note to both help center articles with sections on
subscribing users to streams, documenting that an automated private
message from the notification bot is sent to a user when subscribed
to a stream by another user.

Links to the article on the notification bot, and clarifies text in
that article regarding automated private messages.
2022-08-15 17:31:00 -07:00
Zixuan James Li fcba35036b rest: Add assertions for entries from supported methods.
Mypy considers that "Tuple[Any, ...]" is incompatible with
"Union[Tuple[Callable[..., HttpResponse], Set[str]], HttpResponse]".

handler, view_flags = entry is sufficient to suppress the error, but we
also add assertions for full measure.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-15 17:20:04 -07:00
Anders Kaseorg c0287473b9 forms: Fix 500 error on realm creation with invalid email.
Commit b945aa3443 (#22604) incorrectly
assumed that Django would run the extra EmailField validators if basic
email address validation passed.  Actually, it runs all validators
unconditionally and collects all failures.  So email_is_not_disposable
needs to catch email address parsing errors.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-08-15 17:19:37 -07:00
Adam Sah 800de1e682 search: Add test for pgroogna parts-of-URL search.
This test verifies that the PGroonga backend fixes the issues in
backend by default.
2022-08-15 17:14:17 -07:00
Tim Abbott 4a34b7d18e left-sidebar: Make Subscribe to more streams more informative.
The "Subscribe to more streams" widget has always had this tension
between "Subscribe" vs. "Create" in a way that felt like whatever we
wrote could be confusing. To address this, we enhance the component to
advertise whether additional existing streams that the user can
subscribe to actually exist or not.

- When the user has N>0 streams they can subscribe to, we display
"Browse N more streams".

- When the user has no streams they can subscribe to (i.e. they're
already susbcribed to all the ones they could join) but the user has
permission to create streams, we show a "Create a stream" link.

- If the user doesn't have permission to subscribe to or create any
streams, we don't show a link at all.

Fixes #21865.

Co-authored-by: Jai soni <jai_s@me.iitr.ac.in>
2022-08-15 12:32:43 -07:00
jai2201 d557933a76 dipatch: Remove a stale comment.
This stopped being true in 1d7d686.
2022-08-14 22:56:03 -07:00
Tim Abbott e083a4bf46 drafts: Fix draft controls being offscreen on mobile web.
This was caused by an interaction with the controls being positioned
absolutely -103px from the right edge of the element, which is clearly
a hack.

Replace that with a simple `float: right` construction, with the top
padding aligned.

Fixes #22512.
2022-08-14 09:07:11 -07:00
Tim Abbott b67ff652de css: Remove Bootstrap legend CSS.
We inline this into the CSS for the one element where we use it.
2022-08-13 17:36:08 -07:00
Tim Abbott 1e018f9c23 css: Remove legacy bootstrap control* CSS.
We've removed all use of these CSS classes from the codebase.
2022-08-13 17:18:32 -07:00
Tim Abbott 0b350f23af settings: Remove useless .controls CSS.
These settings widgets have not had an object with the .controls CSS
class at least since they were given independent template files.
2022-08-13 17:11:36 -07:00
Tim Abbott e30e8c0e6d settings: Fix settings inputs broken in mobile sizes.
In 84e307581f, we removed the HTML that
these CSS rules applied to. (We incorrectly only tested that commit in
desktop sizes).

Also, the width: 100% rule both did not have sufficient priority to
apply, and also exceeded the size of the input. Fix this with a hacky
!important, since there's a good chance we'll replace these inputs
with a modal or something.
2022-08-13 17:11:36 -07:00
Ganesh Pawar d9410f37c1 signup: Remove stale highlighting function.
This function was introduced in
447dc0029a74c8ff47d13fa40ce97dc10f20b522; but we haven't been using
this highlighting feature; and the last control-group was removed from
the signl page in dc2bdb2aad.
2022-08-13 17:09:10 -07:00
Ganesh Pawar f6f85f98a7 portico: Remove usage of `control-group` and `control-label` class. 2022-08-13 14:59:37 -07:00
Zixuan James Li eae3e1c3cc zilencer: Tighten type annotations of views.
`remote_server_path` allows us to get rid of all the `validate_entity`
calls in `zilencer.views` and remove all the `Union` type annotations
in the signatures of the authenticated view functions.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-13 14:53:52 -07:00
Zixuan James Li 5c49e4ba06 rest: Extract remote_server_path from rest_path.
This allows us to separate the zilencer paths from other JSON paths,
with explicit type annotation expecting `RemoteZulipServer` as the
second parameter of the handler using
authenticated_remote_server_view.

The test case is also updated to remove a test for a situation that no
longer occurs anymore, since we don't perform subdomain checks on
remote servers.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-13 14:53:52 -07:00
Zixuan James Li dd2fd8edda rest: Implement get_target_view_function_or_response.
As noted in the docstring, this is a temporary helper function that
separates routing for paths that support multiple HTTP methods from
`rest_dispatch` itself. We will need to replace this helper with
class-based views in the future. The helper will also be handy to
reduce duplication when splitting up `rest_dispatch` by authentication
methods.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-13 14:53:51 -07:00
Zixuan James Li af88417847 decorator: Extract validate_remote_server.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-13 14:33:59 -07:00
Zixuan James Li ac2185a2e8 decorator: Extract get_basic_credentials.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-13 14:33:59 -07:00
Sahil Batra d3468e3f78 streams: Extract code for sending events in bulk_remove_subscriptions.
This is a prep commit such that we can avoid duplicate code when we
unsubscribe bots for inaccessible private streams when changing owner
or reactivating them.
2022-08-13 14:28:30 -07:00
Sahil Batra 44266987ec settings: Disable the save button if custom time limit input is invalid.
We disable the "Save changes" button if the custom time input for
edit and delete time limit is 0, -ve values or empty.
2022-08-12 18:09:53 -07:00
Sahil Batra b5ff903ddc settings: Make custom input empty for "Anytime" case.
We set the custom input box empty for "Anytime" case for
message edit and delete limit settings. We also keep the
"Save changes" button disabled when changing from "Anytime"
to "Custom" since the input box is still empty.
2022-08-12 18:09:53 -07:00
Sahil Batra 3c1fbeb3c7 settings: Enable or disable delete limit setting before saving.
We enable or disable the delete limit setting immediately on
changing the "Who can delete their own message" dropdown
before saving the changes.
2022-08-12 18:09:53 -07:00
Sahil Batra f52e4ee602 settings_config: Use time_limit_dropdown_value for delete limit values.
Since, we removed the "never" option for edit-limit setting in
previous commits, we can now use same list for both edit-limit
and delete-limit setting values.
2022-08-12 18:09:53 -07:00
Sahil Batra 577abbd434 node_tests: Remove duplicated code in settings_org tests. 2022-08-12 18:09:53 -07:00
Sahil Batra 0c67c7d269 settings: Add checkbox for whether message editing is allowed or not.
This commit adds a checkbox for allow_message_editing setting and
thus we also remove the "Never" option from the time limit dropdown
as unchecking the newly added checkbox will mean the same.

We also disable the time limit input if message editing is not
allowed.

This commit also changes the label for time limit dropdown.

Fixes part of #21739.
2022-08-12 18:09:53 -07:00
Sahil Batra a1f40ccda5 message_edit: Make zero invalid value for message_content_edit_time_limit_seconds.
This commit changes the code to consider zero as an invalid value for
message_content_edit_time_limit_seconds. Now to represent the setting that
user can edit the message anytime, the setting value will be "None" in
database and "unlimited" will be passed to API from clients.
2022-08-12 18:09:53 -07:00
Sahil Batra 1747ab8482 realm: Set setting value only if value has changed.
We sent the "message_content_delete_limit_seconds"
value to API when we change any setting in that
subsection and thus "do_set_realm_property" is
called even when we do not change that setting
since we handle it separately from most of the
other settings for which we use loop to call
"do_set_realm_property".

This commit changes the code to handle only
the case when the setting value is "None"
separately and rest all the values will be
changed from the "do_set_realm_property"
called in the loop as for other settings.
2022-08-12 18:09:53 -07:00
Sahil Batra 864fe7befb settings: Rename "Message editing" to "message and topic editing".
Fixes part of #21739.
2022-08-12 18:09:53 -07:00
Zixuan James Li 92c4e5b75c models: Add type annotation for CTEManager.
mypy_django_plugin cannot resolve the type of the custom manager. We add
a type annotation explicitly to skip the type inferrence.

This fixes the following error:
error: Could not resolve manager type for "zerver.models.UserGroup.objects"  [django-manager-missing]

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-12 17:08:04 -07:00
Zixuan James Li 95d12749c0 import_realm: Check for recipient instead of recipient_id.
Technically recipient_id cannot be None when recipient exists. We
actually just want to check if the recipient exists.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-12 17:08:04 -07:00
Zixuan James Li 5bdf49c005 decorator: Add an isinstance check for otp auth test function.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-12 17:08:04 -07:00
Zixuan James Li c1f5609e59 streams: Add None check for stream.recipient_id.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-12 17:08:04 -07:00
Zixuan James Li 5d65ca33a8 types: Make value optional for ProfileData.
`UserProfile.profile_data` allows each element's value to be `None`.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-12 17:08:04 -07:00
Zixuan James Li 2382f1925d export: Add an isinstance check for orig_dt.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-12 17:08:04 -07:00
Zixuan James Li 35e0fe8347 models: Duplicate __str__ in subclasses of AbstractUserMessage.
The `message` attirbute doesn't get defined in the class where it is used.
The cleanest solution will be using the `Self` type introduced in PEP
673 and type it as something like `ForeignKey[Union[Self, Combinable],
Self]`.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-12 17:08:04 -07:00
Zixuan James Li 929311642b legacy_urls: Add type annotation to legacy_urls.
Mypy previously infers this to be `List[URLPattern]` which is
incompatible with other urls lists that we concatenate this with.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-12 17:08:04 -07:00
Zixuan James Li 8fae87e2df zephyr: Check PERSONAL_ZMIRROR_SERVER before updating cache.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-12 17:08:04 -07:00
Zixuan James Li d7746c9e6c logging_util: Ensure that the logged user is authenticated.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-12 17:08:04 -07:00
Zixuan James Li 7acf43f475 bots: Allow changing bot owner without an acting_user.
This applies to the usecase in
zerver.tests.test_bots.BotTest.test_patch_bot_role.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-12 17:08:04 -07:00
Zixuan James Li e382cec015 topic: Add a None check with an assertion.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-12 17:08:04 -07:00
Zixuan James Li 14dd7f1692 auth: Make QueryDict immutable before assignment.
This modifies the QueryDict when it is mutable, and assign it to `.POST`
after it is turned immutable, as required by django-stubs for this
attribute.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-12 17:08:04 -07:00
Zixuan James Li a0ccc7b872 test_signup: Replace MagicMock with HostRequestMock.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-12 17:08:04 -07:00
Zixuan James Li a3ec420074 auth: Add type annotation for contexts.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-12 17:08:04 -07:00
Zixuan James Li 87921315be migrations: Remove noop migration operations.
Since validators do not affect the database, this migration is a noop.
Removing the migration fails check-database-compatibility. We might
eventually delete it when Django supports a cleaner method for deletion.

TODO:
Remove the type annotation when django-stubs is integrated.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-12 16:53:54 -07:00
Tim Abbott 9bf383dcae decorator: Reorder authenticated_json_view.
Checking authentication before rate limiting is easier to reason
about, especially since rate_limit() would check authentication
anyway.
2022-08-12 16:51:55 -07:00
Tim Abbott 60a2de21a9 decorator: Reorder public_json_view.
Doing the dispatch to authenticated_json_view first lets us avoid
messing around with the skip_rate_limiting parameter.

Since rate_limit itself checks user.is_authenticated, there's no
potential downside to doing that check first here.
2022-08-12 16:51:55 -07:00
Zixuan James Li f54ecad6cd decorator: Extract public_json_view.
This refactoring is necessary to separate the expected type annotation
for view functions with different authentication methods. Currently the
signature aren't actually check against view functions because
`rest_path` does not support type checking parameter types, but it will
become useful once we do.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-12 16:51:55 -07:00
Zixuan James Li 299f3442ff decorator: Refactor view decorators with ParamSpec.
`authenticated_rest_api_view` and `authenticated_json_view` essentially
remove `UserProfile` from the decorated function.

Note that `authenticated_log_and_execute_json` is removed to avoid
duplicating `ParamT` unnecessarily in the helper.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-12 16:51:55 -07:00