synicalsyntax
7ea84aa0af
docs: Conform *Send a private message* to style guide.
2017-01-29 22:36:48 -08:00
synicalsyntax
8932d46657
docs: Conform *Send a stream message* to style guide.
2017-01-29 22:35:24 -08:00
Tim Abbott
1bbf0f9a98
streams: Consider stream name validation logic.
2017-01-29 22:07:14 -08:00
Tim Abbott
d14037c82e
streams: Fix misplaced import.
2017-01-29 22:07:14 -08:00
Tim Abbott
884aa2b184
streams: Eliminate last use of get_stream in views.
2017-01-29 22:07:14 -08:00
Tim Abbott
4d3e97f304
actions: Remove unnecessary do_create_stream function.
2017-01-29 22:07:14 -08:00
Tim Abbott
700089f386
bugdown: Fix need for Internet in test_inline_dropbox_bad.
2017-01-29 22:07:14 -08:00
Tim Abbott
32f778636b
streams: Add tests for do_rename_stream error paths.
2017-01-29 20:27:00 -08:00
Tim Abbott
b1c2ff9d05
lint: Ban most use of get_stream from zerver/lib/actions.py.
2017-01-29 20:27:00 -08:00
Tim Abbott
01daa3e91a
test_helpers: Move get_subscription out of actions.py.
...
It's no longer used by anything other than test code.
2017-01-29 20:27:00 -08:00
Tim Abbott
035e442b63
actions: Remove unused set_stream_color method.
2017-01-29 20:27:00 -08:00
Tim Abbott
a3f3f5b7bc
remove_default_stream: use access_stream_by_name.
2017-01-29 20:27:00 -08:00
Tim Abbott
19eaa92059
add_default_stream: use access_stream_by_name.
2017-01-29 20:27:00 -08:00
Tim Abbott
de3f539f58
do_change_stream_description: Accept a stream as argument.
2017-01-29 20:27:00 -08:00
Tim Abbott
2dc90e8ebd
rename_stream: Pass a stream object to do_rename_stream.
2017-01-29 20:27:00 -08:00
Tim Abbott
7be34357b2
rename_stream: Move stream name taken check to view.
2017-01-29 20:27:00 -08:00
Tim Abbott
ccdf17f47e
rename_stream: Move stream already has name check to view.
2017-01-29 20:27:00 -08:00
Tim Abbott
d059a0a90a
rename_stream: Move check_stream_name into view.
2017-01-29 20:26:59 -08:00
Tim Abbott
ab1e9f2b97
rename_stream: Move stripping of whitespace to view.
2017-01-29 20:26:59 -08:00
Tim Abbott
4ad1fadab0
streams: Create and use do_change_stream_invite_only.
2017-01-29 20:26:59 -08:00
Tim Abbott
c74ddb74e9
do_make_stream_private: Accept a stream object, not a name.
2017-01-29 20:26:59 -08:00
Tim Abbott
0a75480444
do_make_stream_public: Accept a stream object, not a name.
2017-01-29 20:26:59 -08:00
Tim Abbott
54bcc675f7
subscribe_to_stream: Return the stream object.
...
This simplifies some code paths a bit.
2017-01-29 20:26:59 -08:00
Tim Abbott
3f83ea3879
lint: Ban use of get_stream in most views files.
2017-01-29 20:26:59 -08:00
Tim Abbott
e137787d1a
users: Use access_stream_by_name to access streams.
...
This simplifies the code somewhat and adds greater consistency of
error messages.
2017-01-29 20:26:59 -08:00
Tim Abbott
ea72b97cd9
home: Cleanup narrow_topic logic.
2017-01-29 20:26:59 -08:00
Tim Abbott
a7cb7dd695
home: Use access_stream_by_name to access streams.
2017-01-29 20:26:59 -08:00
Tim Abbott
6c512bdfd3
json_invite_users: Use access_stream_by_name.
2017-01-29 20:26:59 -08:00
Tim Abbott
bc2f23383e
streams: Move list_to_streams to lib.
2017-01-29 20:26:59 -08:00
Tim Abbott
02f5ef1d23
streams: Move filter_stream_authorization to lib.
2017-01-29 20:26:59 -08:00
Tim Abbott
de68dd2860
lint: Ban use of Stream.objects.* in zerver/views.
2017-01-29 20:26:59 -08:00
Tim Abbott
bb86bba20d
stream_exists_backend: Use access_stream_by_name.
2017-01-29 20:26:59 -08:00
Tim Abbott
eeeffa8704
urls: Review useless stream_exists_backend endpoints.
...
The actual function was overcomplicated and was designed to check
whether a stream existed by name, not by ID, so there was no value in
having it be used for checking if a stream existed by ID.
2017-01-29 20:26:59 -08:00
Tim Abbott
46e5b8a9cc
streams: Remove unused json_remove_subscriptions.
2017-01-29 20:26:59 -08:00
Tim Abbott
e57e2ee9f1
get_subscribers_backend: Use access_stream_by_id.
2017-01-29 20:26:59 -08:00
Tim Abbott
0d980b7cef
json_get_stream_id: Use access_stream_by_name.
2017-01-29 20:26:59 -08:00
Tim Abbott
1ced8d3eb6
get_topics_backend: Use access_stream_by_id.
2017-01-29 20:26:58 -08:00
Tim Abbott
6685885741
deactivate_stream_backend: Use access_stream_by_id.
2017-01-29 20:26:58 -08:00
Tim Abbott
826cc80c9e
update_stream_backend: Use access_stream_by_id.
2017-01-29 20:26:58 -08:00
Tim Abbott
de38f3eb94
update_stream_backend: Clean up unnecessary stream_name variable.
2017-01-29 20:26:58 -08:00
Tim Abbott
2cf223470d
streams: Eliminate get_subscription_or_die helper function.
2017-01-29 20:26:58 -08:00
Tim Abbott
0af34ee710
streams: Add zerver/lib/streams.py library for security checks.
...
The goal of this library is to make it a lot easier to prevent bugs
like CVE-2017-0881 by having all of our views logic for fetching a
stream go through a couple carefully tested code paths.
2017-01-29 20:26:58 -08:00
Tim Abbott
de3e96162e
middleware: Fix recursive DisallowedHost exceptions.
2017-01-29 20:26:58 -08:00
Tim Abbott
20f3705c00
logging_handlers: Add error handling for invalid hosts.
2017-01-29 19:57:09 -08:00
Tim Abbott
96d3bea6d5
Add changelog from Zulip 1.4.3 release.
2017-01-29 15:32:08 -08:00
Tim Abbott
7ecda1ac8e
streams: Fix autosubscribe security bug (CVE-2017-0881).
...
A bug in Zulip's implementation of the "stream exists" endpoint meant
that any user of a Zulip server could subscribe to an invite-only
stream without needing to be invited by using the "autosubscribe"
argument.
Thanks to Rafid Aslam for discovering this issue.
2017-01-29 15:30:59 -08:00
Tim Abbott
7e0ce22808
errors: Remove build_request_repr logic.
...
This interface is no longer supported in Django 1.10.
2017-01-29 14:18:22 -08:00
Tim Abbott
dea281557d
events: Handle reactions events in apply_events.
...
Previously, this race condition just threw an exception.
2017-01-29 14:18:16 -08:00
Tim Abbott
70af09539f
Fix unnecessary traceback in authenticated_rest_api_view.
...
Apparently, we weren't returning the `json_error`, resulting in users
encountering this condition receiving a 500, rather than the proper
40x error.
This fixes a regresion introduced in 9ae68ade8b
.
2017-01-29 12:48:10 -08:00
Tim Abbott
234eb7a723
emoji: Add a bunch of documentation in comments for emoji rules.
2017-01-29 12:33:44 -08:00