In password modal, submit button's data-dismiss property should be
removed, as on data-dismiss we flush all data of form fields,
which results in passing empty string to json request.
We already flush all data of fields after compeletion of request.
This makes this UI widget more consistent with its neighbors.
tabbott: This introduces a bug with how the `full_name_field` HTML is
managed; it should be done via the `server_events.js` handler.
- When password fields are cleared, update password strength bar.
- On data dismiss, clear password fields.
- Exclude forgot-password div from focus.
- On enter key, modal should be submitted not dismissed.
- Change password btn text from "Change password" to "*****"
We'll replace this primarily with per-realm quotas (plus the simple
per-file limit of settings.MAX_FILE_UPLOAD_SIZE, 25 MiB by default).
We do want per-user quotas too, but they'll need some more management
apparatus around them so an admin has a practical way to set them
differently for different users. And the error handling in this
existing code is rather confused. Just clear this feature out
entirely for now; then we'll build the per-realm version more cleanly,
and then we can later add back per-realm quotas modelled after that.
The migration to actually remove the field is in a subsequent commit.
Based in part on work by Vishnu Ks (hackerkid).
This is done by using a bot's ID instead of email in
the handler methods for bot_data.bots and bot_data.services,
and updating all code paths involved.
Previoulsy, we display "0 subscribers" if user can't access stream's
subscribers. Replace subscriber count with lock icon in case of
unsubscribed private stream, in "All stream" list.
Display warning, saying "You can not access private stream subscribers,
in which you aren't subscribed", if user can not access subscribers;
instead of showing zero subscriber to stream.
On the "Organization settings" page, we had two Save buttons
for admins that had identical markup. This was confusing for
people reading the code. Now the two buttons have different
markup and individual, targeted click handlers (albeit still
calling the same function to do most of the work).
The context of this fix is that I was debugging a
Casper flake where our Casper tests were essentially clicking
on the same button twice. Depending on the timing,
the second button click could cause a "No changes saved!"
behavior that confused the Casper test. It is unclear whether
Casper was clicking both buttons here (in which case this fix
is necessary) or the same button twice (in which case this fix
just removes a nasty red herring for debugging).
The code still has the flaw that both buttons basically submit
the same data to the server, despite the appearance on the page
that there are two forms. The best fix for that is probably
just to move the Language/Notifications stuff to another
panel. I wanted to avoid touching this code altogether, but
the minor modifications here were necessary to improve the
Capser testing situation.
This adds UI fields in the bot settings for specifying
configuration values like API keys for a bot. The names
and placeholder values for each bot's config fields are
fetched from the bot's <bot>.conf template file in the
zulip_bots package. This also adds giphy and followup
as embedded bots.
For public stream, always show subscription option.
For private stream, if user is subscribed display unsubscribe option.
If user is not subscribe, do not display subscription option.
Only show edit option for stream name and description if user is admin and
either stream is public or stream is private and admin is subscribed to
private stream.
As per backend restrictions for editing stream name/description.
This commit adds a setting to limit creation of generic bots
to admins for realms that want that restriction. (Generic
bots, apart from being considered spammy on some realms,
have less locked down permissions than webhook bots).
Fixes#7066.
We no longer have a special UI setting and model
field ("emoji_alt_code") for saying users want text-only
emojis. We now instead make "text" be a fifth choice
for "emojiset".
Fixes#7406
We now do all of the main logic for starring/unstarring
a message in `message_flags.toggle_starred`:
* mark the message as read (just in case)
* update the UI (i.e. the green star in the message)
* update the server
The calling code in both the click handler and the hotkey
handler remains simple--they just handle minor details like
finding the message and clearing popovers.
For updating the server, we now call the new
`send_flag_update` helper.
And we continue to delegate some of the logic to
`ui.update_starred`, but we remove some code there that's
now pushed up to `message_flags.toggle_starred`.
This change should be mostly transparent to users, but it
does remove some inconsistent behaviors between the click
handler and the hotkey handler. Before this change, the
click handler was more aggressive about updating the UI
and marking the message as read. For people using the "*"
key to star/unstar, they probably would only have noticed
different behavior on a slow connection or in an edge
case scenario where only half of the message was onscreen.
More importantly, by simplifying how we talk to the server,
this eliminated up to a one-second lag due to the debounce
logic in the batch_updater code. The complicated debounce
logic is only really needed for batch-updating "read"
messages, and it was overkill and sluggish for starring
messages.
Last but not least, we add defensive code for the local
echo case. (Users have to wait till the message gets acked
to star it.)
Wait until the server acks a message before we enable
the message popover menu. This prevents a whole class
of bugs related to re-drawing the message and changing
the message id, and it also makes room for a little
spinner in the future.
Users with decent internet connections will generally
get server responses before they can click on the
chevron or hit esc/i, anyway.
Trying to collapse a locally echoed message is a rare
thing to do, and it was buggy before this due to races
between the server acking the original message and the
user flipping the collapsed flag.
We now calculate `should_display_collapse` and
`should_display_uncollapse` in the JS code and simplify
the template by eliminating all the inline if/else
logic.
(Note that we are about to disable the message menu
altogether for locally echoed messages, so this change
is partly future-proofing for when we put the menu
back for more innocuous commands.)
Adds type "embedded bot" to bot creation menu. Lets
users select a bot to run from a list of bots.
Currently, this list is hard-coded into the backend.
Currently, users are warned when mentioning @all and @everyone, but not
when posting on the #announce stream. Confirm with users that they want
to send their message on #announce if over 60 people are going to be
notified.
Fixes#6928.
Audible notifications is a confusing term, especially since it could
plausibly mean audible notifications on your phone.
Mobile push notifications is also not great, since most people don't know
what push notifications are.
I removed "receive" from stream settings strings since I think it isn't
necessary, and so that the strings (and translations) would be the same as
what's on the settings pages.
We made this change because users often unnecessarily click "Home"
first in their use of Zulip, because it seems appealing. While "All
messages" isn't quite precise (it doesn't include muted streams), it
does describe relatively simply the interleaved view that this
represents.
This commit leaves everything as "home" in the code, and only changes
user-visible strings and docs. Changing the code will be a big project;
there are hundreds of relevant occurrences in variable names, etc.
Further, we'll probably want to convert those various variable names
in different ways.
Tweaked by tabbott to extend the commit message and update a few comments.
This resulted in problems with the desktop app, where clicking these
links would leave the user in a situation where they needed the "back"
button in order to get back to the webapp.
Fixeszulip/zulip-electron#342.
The first part of this change is to have the "Your bots"
tooltip not lie about creating `.zuliprc`, because it
doesn't put a dot in front of the file.
And then the more significant change here is to make
the "Running a bot" documentation use realistic filepaths,
both in terms of where the download typically puts the file,
and where you want to move it to.
This restyles and rewords some of the emoji style section to look
better and fit it more with the current style guide.
Tweaked by tabbott to modify the historical migration rather than
adding a new one. This is OK because the emojiset choices text change
doesn't touch the database; it's just a Django Python code thing.
Also removed translation tags, since we don't need them for a set of
brand names.
Add a spinner for when a stream is being created to show that
an operation is being performed, while also disallowing users to
modify the form in the meanwhile.
Commit modified by Brock Whittaker <brock@zulipchat.com>.
Fixes: #5268.
Lets administrators view a list of open(unconfirmed) invitations and
resend or revoke a chosen invitation.
There are a few changes that we can expect for the future:
* It is currently possible to invite an email that you have already
invited, it might make sense to change this behavior.
* Resend currently sends an invite reminder instead of resending the
original invite, this is because 'custom_body' was not stored when
the first invite was sent.
Tweaked in various minor ways, primarily in the backend, by tabbott,
mostly for style consistency with the rest of the codebase.
Fixes: #1180.
If an organization doesn't have the EmailAuthBackend (which allows
password auth) enabled, then our password reset form doesn't do
anything, so we should hide it in the UI.
The original "quality score" was invented purely for populating
our password-strength progress bar, and isn't expressed in terms
that are particularly meaningful. For configuration and the core
accept/reject logic, it's better to use units that are readily
understood. Switch to those.
I considered using "bits of entropy", defined loosely as the log
of this number, but both the zxcvbn paper and the linked CACM
article (which I recommend!) are written in terms of the number
of guesses. And reading (most of) those two papers made me
less happy about referring to "entropy" in our terminology.
I already knew that notion was a little fuzzy if looked at
too closely, and I gained a better appreciation of how it's
contributed to confusion in discussing password policies and
to adoption of perverse policies that favor "Password1!" over
"derived unusual ravioli raft". So, "guesses" it is.
And although the log is handy for some analysis purposes
(certainly for a graph like those in the zxcvbn paper), it adds
a layer of abstraction, and I think makes it harder to think
clearly about attacks, especially in the online setting. So
just use the actual number, and if someone wants to set a
gigantic value, they will have the pleasure of seeing just
how many digits are involved.
(Thanks to @YJDave for a prototype that the code changes in this
commit are based on.)
This sets the column width of the upload table actions and size
columns to always be 75 so that the buttons are always in the same
line and take up the least amount of space possible with that
constraint.
"Mobile push notifications always" is now indented and a
sub-setting of "Mobile push notifications when offline".
It can be selected only when the outer setting is
selected, otherwise it is greyed out.
Fixes#6570.
Now that we display the name and aliases of the currently focused
emoji at the bottom of the emoji picker, we don't need to display
the title text for emojis separately.
Fixes: #6111.
Emoji showcase refers to the space at the bottom of the emoji
picker we use for showing name as well as aliases of the currently
focused emoji.
Fixes: #6110.
This commit switches to use sprite sheets for rendering emojis
in all the remaining places, i.e., message bodies and composebox
typeahead. This commit also includes some changes to notifications.py
file so that the spans used for rendering emojis can be converted
to corresponding image tags so that we don't break the emoji rendering
in missed message emails since we can't use sprite sheets there.
As part of switching the bugdown system to use sprite sheets, we need
to switch the name_to_codepoint mappings to match the new sprite
sheets. This has the side effect of fixing a bunch of emoji like
numbers and flag emoji in the emoji pickers.
Fixes: #3895.
Fixes: #3972.
This moves the stuff that should not scroll with the table such as the
search box and tips so it is moved out to be above the
`.progressive-table-wrapper` element.
The "View file" option will open the file in a new window if it
is a filetype that can open in the browser and if not, it will just
trigger a download or whatever the browser's settings are.
The popovers for the message down chevron and left sidebar had
strange side padding and non-uniform padding between the top and
bottom. This changes them to all have the same padding as the
nav `#gear_menu`; none on the sides and 5px on the top and bottom.
We were having an anchor tag inside a button which is incorrect HTML.
Chrome and safari handle this case but firefox doesn't and hence the
dropup menu wasn't opening on firefox.
This commit is a bit complicated, because we do full redraws of
the topic list frequently, and we don't want to randomly obliterate
our "No more topics found" message, so we need to keep a bit of
extra state around.
We now use a template to render the "more topics" link.
We also remove an unnecessary conditional and an unnecessary
attribute.
Finally, our unit tests are a bit more granular now.
Change the reaction popover to be based off the container elements
for the various message control icons. This will enable us to easily
control the visibility of the base element when the popover is opened
or closed. Also removes redundant `reactions_hover` class.
Bootstrap's `fixTitle()` function removes the base element's original
title attribute. This commit fixes some weird behaviors by restoring
the original title of the element on which the popover is based off.
This restructures organization settings and permissions to be
more accurately grouped and for the permissions page to not be too
long.
CHANGES:
PROFILE:
(this was split out)
organization-profile-admin.handlebars:
form #1:
name
description
(SUBMIT)
avatar:
(UPLOAD)
(DELETE)
SETTINGS:
organization-settings-admin.handlebars:
language (mostly untouched)
message editing:
time limit/history/retention
message feed:
mandatory-topics
preview images
preview websites
PERMISSIONS:
organization-permissions-admin.handlebars
(mostly stuff was removed)
Joining:
restrict domains
require invite
User Identity:
name changes
email changes
Streams/Emoji:
creating streams:
waiting period (ADDED)
adding emojis
(SUBMIT) for whole panel
The profile group (name, description, avatar) were split into a new
page that did not previously exist, and the permissions was stripped
of message settings (message editing, message feed), but keeping the
"waiting period" input and putting it in the "Streams & custom emoji"
section.
Fixes: #5844.
Brock Whittaker
YJDave
Tim Abbott
Greg Price
Vishwesh Jainkuniya
Aditya Bansal
Robert Hönig
Cynthia Lin
Steve Howell
Alena Volkova
Aastha Gupta
Balaji2198
Abhijeet Kaur
Marco Burstein
Utkarsh Patil
Vishnu Ks
cPhost
Rishi Gupta
Rhea Parekh
Harshit Bansal
Angelika Serwa
Henrik Pettersson
Shubham Dhama
Garvit
Anupam-dagar
Ali Rizwi
Sarah