This parallels fe25517295, but for mobile notifications. It also
adds a test, which verifies that such content does not crash either
mobile or email notifications.
fe25517295 adjusted the email_notifications codepath to use
`lxml.html.fragment_fromstring` method when parsing
`rendered_content`, but left the tests using a helper which called
`fromstring`.
Switching the tests to match the code as run reveals a bug -- using
`drop_tree` on all `message_inline_image` classes now _does_ remove
all of a top-level image-URL-only message. Previously, such messages
were "safe" from the block that calls `drop_tree` only by dint of
`drop_tree` being a silent no-op for the root element. When parsed
using `fragment_fromstring`, they are no longer the root, and as such
an empty message results.
Reorder relative_to_full_url to check for only one `message_inline_image`
within the top `<div>`, and only run the `drop_tree` path in the
alternate case. Tests must be adjusted for their output now including
one more layer of `<div>`.
AuthnContextClassRef tells the IdP what forms of authentication the user
should use on the IdP's server for us to be okay with it. I don't think
there's a reason for us to enforce anything here and it should be up to
the IdP's configuration to handle authentication how it wants.
The default AuthnContextClassRef only allows PasswordProtectedTransport,
causing the IdP to e.g. reject authentication with Yubikey in AzureAD
SAML - which can be confusing for folks setting up SAML and is just not
necessary.
The previous commit introduced logging of attempts for username+password
backends. For completeness, we should log, in the same format,
successful attempts via social auth backends.
These details are useful to log. This only makes sense for some auth
backends, namely email and ldap backends, because other backends are
"external" in the sense that they happen at some external provider's
server (Google, SAML IdP etc.) so the failure also happens there and we
don't get useful information about what happened.
Our convention is to always have authenticate() called with a request
object. We need to be consistent with that in tests too, to avoid test
failures resulting from breaking that assumption.
We modify assert_login_failure to call client.login() in the same way as
the other similar helpers - with a properly initialized HttpRequest
instance.
The previous phrasing used incorrect terminology (E.g. "stream
members", not "stream subscribers", which is really confusing given
that we have a "member" role which is also relevant in this text).
The Entity ID for zulipchat.com is `https://zulipchat.com` currently.
Some of these errors happened in the big zulipchat->zulip rename commit
71078adc50, then it was repeated in
10d356d2de and there was also some
confusion when coming up with the instructions for Keycloack in
10d356d2de. Client-ID value in Keycloack
is the expected Issuer for SAMLRequests and thus needs to match our
Entity ID.
Vagrant 2.2.6 is the earliest version with the Docker usability test
fix, and is also conveniently the version in the Ubuntu 20.04
repository. Users with older versions will get a friendly error
message from ‘Vagrant.require_version’ (and can install an updated
Vagrant from upstream).
Signed-off-by: Anders Kaseorg <anders@zulip.com>
This block didn't work consistently across .night-mode and
.color-scheme-automatic classes, and the default style for
this field already works for the day and night themes both.
We add postcss-import for night_mode.css only. This plugin inlines
the imports of external files, instead of letting the file go via
our usual webpack toolchain.
We do this so that we can use the postcss-prefixwrap plugin to scope
the third-party CSS properly and use it inside our night-mode class.
Fixes#10607.
[anders@zulip.com: Replace postcss-wrap with postcss-prefixwrap.]
Co-authored-by: Anders Kaseorg <anders@zulip.com>
Signed-off-by: Anders Kaseorg <anders@zulip.com>
Since order matters for plugins, its better to use the Array syntax
to pass plugins to the PostCSS instead of Object.
This also allows us to reliably add more plugins programatically if
we so choose.
[anders@zulip.com: Adjust to work with postcss-cli.]
Co-authored-by: Anders Kaseorg <anders@zulip.com>
Signed-off-by: Anders Kaseorg <anders@zulip.com>
When the upstream provides a chunked response, proxying this header
causes a protocol-level miscommunication.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
This environment variable is not a thing and has never been a thing,
while the path it purportedly pointed to does not exist and has never
existed. It appears to have been inexplicably both cargo-culted and
renamed from test-js-with-casper.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
This commit changes the settings_display.js code to reference the
user_setings object using settings_object variable. This will help
to easily use the same code for realm-level defaults where instead
of user_settings realm_user_settings_defaults object will be used.
Instead of passing user settings directly as user_settings
variable to the settings templates, we pass them using
settings_object variable.
This change is important so that we can use the exisiting
display_settings and notification_settings template for
realm-level default settings by passing realm-level
settings using settings_source variable.
We would have the UI for default language and time settign only for
user settings for now and not for realm-level settings because we
still need to migrate the backend to support the new model and will
be done in further commits.
We need to show the stream-specific notification settings only in
user notification settings and not for realm-level default settings.
This commit is a prep commit and adds a condition to make sure that
stream-specific settings are shown only for user-settings.
This commit splites email notification settings in two
parts - one with heading "Email message notifications"
containing batchning period, message-content and
organization-name settings and the other with heading
"Other emails" containing login, digest and marketing
emails settings.
Fixes#19717.
We remove the 'Other notification settings' heading and increase the
font size of 'Desktop message notifications' and 'Mobile message
notifications' headings as these are now on the same level with
'Notification triggers' heading.
We also add status elements to show saving indicator along the mobile,
desktop and email headings which was previously shown with the
"Other notification settings" heading.
This commit renames 'desktop' and 'mobile' headings in
notification settings UI to 'desktop message notifications'
and 'mobile message notifications' respectively.
This commit changes the behavior of how we show
animated emojis in the buddy list. We now show still
image of animated emoji and when hovered show the
animated emoji.
Fixes#19521
Now, when we add a custom animated emoji to the realm
we also save a still image of it (1st frame of the gif). So
we can avoid showing an animated emoji every time.
Fixes these warnings from populate_db:
/srv/zulip-py3-venv/lib/python3.6/site-packages/django/db/models/fields/__init__.py:1419: RuntimeWarning: DateTimeField Draft.last_edit_time received a naive datetime (2021-09-10 23:33:15.063608) while time zone support is active.
RuntimeWarning)
/srv/zulip-py3-venv/lib/python3.6/site-packages/django/db/models/fields/__init__.py:1419: RuntimeWarning: DateTimeField Draft.last_edit_time received a naive datetime (2021-09-10 23:33:15.065517) while time zone support is active.
RuntimeWarning)
Signed-off-by: Anders Kaseorg <anders@zulip.com>
create_confirmation_link has validity time as an optional argument,
because it has reasonable defaults. Thus it's a better API for
do_send_confirmation_email to make this optional as well, allowing
relying on create_confirmation_link's defaults.
This extends the invite api endpoints to handle an extra
argument, expiration duration, which states the number of
days before the invitation link expires.
For prereg users, expiration info is attached to event
object to pass it to invite queue processor in order to
create and send confirmation link.
In case of multiuse invites, confirmation links are
created directly inside do_create_multiuse_invite_link(),
For filtering valid user invites, expiration info stored in
Confirmation object is used, which is accessed by a prereg
user using reverse generic relations.
Fixes#16359.
With the previous steps, all Confirmation objects should have been
migrated and the expiry_date field is being used for checking
confirmation validity - so all that's left is to set the NOT NULL
constraint on the column.
This commit displays a banner at the top for demo orgs letting the
user know that the org will be automatically deleted in the
specified number of days. The alerts are prioritized as follows:
- If there are <=7 days left till deletion, the alert is prioritized
above desktop notification queries and is colored red.
- If there are more then 7 days left till deletion, the alert is
prioritized below desktop notification queries.
This is a part of #19523.