Commit Graph

55765 Commits

Author SHA1 Message Date
Tim Abbott 8ea5e2156a puppet: Update rules for number of uwsgi processes.
The defaults for how many uwsgi processes to run no longer depend on
the queue processor mode, but instead the total memory on the system.

(cherry picked from commit 62dbe2298e)
2024-02-16 12:28:16 -08:00
Alex Vandiver 3048ff35d8 requirements: Revert orjson upgrade due to segfault.
Version 3.9.11 and 3.9.12 are susceptible to random segfaults:
- https://github.com/ijl/orjson/issues/452

(cherry picked from commit 437361de32)
2024-02-16 12:17:34 -08:00
Anders Kaseorg 2e4785f51c requirements: Upgrade Python requirements.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
(cherry picked from commit 93198a19ed)
2024-02-16 12:17:34 -08:00
Anders Kaseorg 893c10f869 ruff: Fix DJ012 Order of model's inner classes, methods, and fields.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
(cherry picked from commit e56863fa85)
2024-02-16 12:17:34 -08:00
Anders Kaseorg 7b604d3cde ruff: Fix SIM300 Yoda conditions are discouraged.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
(cherry picked from commit ab25ebd5ce)
2024-02-16 12:17:34 -08:00
Mateusz Mandera d977dfe6e9 push_notifs: Gracefully handle exception when server cant push.
The problem was that earlier this was just an uncaught JsonableError,
leading to a full traceback getting spammed to the admins.
The prior commit introduced a clear .code for this error on the bouncer
side, meaning the self-hosted server can now detect that and handle it
nicely, by just logging.error about it and also take the opportunity to
adjust the realm.push_notifications_... flags.

(cherry picked from commit e8018a7285)
2024-02-16 11:26:05 -08:00
Mateusz Mandera 0a1905ea8d zilencer: Improve json error when plan doesn't allow push notifs.
This allows the self-hosted server to explicitly test for that exception
and catch and log it nicely.

(cherry picked from commit 5b03932d5c)
2024-02-16 11:26:05 -08:00
Alex Vandiver 3d8b9af76d version: Update to point to 8.0 blog post. 2024-01-24 17:50:42 -08:00
Tim Abbott 9099355d11 version: Update version after 8.1 release. 2024-01-24 17:49:27 -08:00
Tim Abbott 93d74607ce Release Zulip Server 8.1. 2024-01-24 17:28:39 -08:00
Anders Kaseorg 6e09c01772 typeahead: Remove insecure default highlighter implementation.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-01-24 16:46:02 -08:00
Anders Kaseorg bc5d4b565a settings_playgrounds: Fix HTML injection in language typeahead.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-01-24 16:46:02 -08:00
Sahil Batra 0df7bd71f3 CVE-2024-21630: Check permission to subscribe others using invite link.
This commit updates the API to check the permission to subscribe other
users while creating multi-use invites. The API will raise error if
the user passes the "stream_ids" parameter (even when it contains only
default streams) and the calling user does not have permission to
subscribe others to streams.

We did not add this before as we only allowed admins to create
multiuse invites, but now we have added a setting which can be used
to allow users with other roles as well to create multiuse invites.
2024-01-24 16:46:02 -08:00
Mateusz Mandera bfcde65449 docs: Add documentation for the new custom auth wrapper setting.
(cherry picked from commit 5c8d588b52)
2024-01-24 16:38:46 -08:00
Sahil Batra 0ebe623b42 group_settings: Empty right panel based on the url hash.
This commit adds code to empty the right panel if hash is
changed to "#groups/your" or "#groups/all".

(cherry picked from commit fc8e6d2aa8)
2024-01-24 16:38:46 -08:00
Sahil Batra 8549e9b648 groups_settings: Fix browser back button for groups overlay.
There is no problem in behavior of browser back button if we open
the group settings overlay using "#groups/your", "#groups/all" or
"#groups/new" url hash, but someone can directly go to a link with
"#groups" and in this case we want to fix the browser back button.

This commit replaces "#groups" entry with "#groups/your" which is the
default section opened, such that pressing back when on "#groups/your"
does not go to "#groups", which will then a form a cycle and instead
go back actually.

(cherry picked from commit c6be850fb9)
2024-01-24 16:38:46 -08:00
Sahil Batra 9a04f5b0c4 gear_menu: Open group settings overlay with "#groups/your" hash.
This commit fixes the bug in browser back button behavior when
opening the groups overlay from gear menu. The bug was caused
due to browser history containing both "#groups" and "#groups/your"
entries, which essentially resulted in a "#groups/your" -> "#groups"
-> "#groups/your" cycle and thus nothing happend on clicking
browser back button.

The case for a user manually typing "#groups" url would be handled
in next commit.

(cherry picked from commit eced3d9d6a)
2024-01-24 16:38:46 -08:00
Sahil Batra c8fe3d941c groups_settings: Make "Cancel" button work in group creation form.
(cherry picked from commit 3549164827)
2024-01-24 16:38:46 -08:00
Alex Vandiver fcef73fbbf import: Rewrite "delivered_message" column of scheduled messages.
This also requires shuffling the message import to before the
scheduled messages.

Fixes: #28690.
(cherry picked from commit c974b421e3)
2024-01-24 16:38:46 -08:00
Tim Abbott 5b98636e1e i18n: Update translation data from Transifex. 2024-01-24 11:47:18 -08:00
Alex Vandiver eac2fe6b81 import: Merge duplicate slack email addresses.
It is possible to have multiple users with the same email address --
for instance, when two users are guests in shared channels via two
different other Slack instances.

Combine those Slack user-ids into one Zulip user, by their user-id;
otherwise, we run into problems during import due to duplicate keys.

(cherry picked from commit 937e41bac8)
2024-01-22 18:19:09 -08:00
Alex Vandiver 4d465cb698 import: Show slack user-ids.
(cherry picked from commit e41810c0b3)
2024-01-22 18:19:09 -08:00
Alex Vandiver 57800e85c7 import: Support shared users in huddles/DMs.
1e5c49ad82 added support for shared channels -- but some users may
only currently exist in DMs or MPIMs, and not in channel membership.

Walk the list of MPIM subscriptions and messages, as well as DM users,
and add any such users to the set of mirror dummy users.

(cherry picked from commit 516d1083db)
2024-01-22 18:19:09 -08:00
Tim Abbott ddc88d2a45 compose: Simplify convert_mentions_to_silent_in_direct_messages.
The behavior to replace existing message content was leftover code
from a previous version of the mechanism, and not intended.

(cherry picked from commit 85ee5255bc)
2024-01-22 18:19:09 -08:00
Tim Abbott e332f4f4f2 compose: Don't convert bot mentions to silent mentions.
This fixes an unintended consequence of the silent mention conversion
logic added in 4d1ade1f88, where bots
that looked for personal mentions would not process mentions in 1:1
DMs.

(cherry picked from commit 60afdc45eb)
2024-01-22 18:19:09 -08:00
N-Shar-ma dfb4fc4261 compose: Revamp and improve test suite for compose formatting buttons.
Earlier, the tests for compose formatting were verbose, hard to read as
well as extend, and overly granular, without even having the ability to
test the final text selection or the cursor position.

Now, new test helpers, `init_textarea_state` and `get_textarea_state`,
have been added, enabling the tests to be more concise and readable,
while also being more powerful. A representative string alone now
describes the textarea state (the text and the selection / cursor),
making each test case as easy as defining the initial state as a string
and comparing the expected state post formatting with another string.

These new tests helped surface a couple bugs which have been fixed in
preceding commits.

(cherry picked from commit 179e9374b4)
2024-01-22 18:19:09 -08:00
N-Shar-ma c4d567c792 compose: Fix bug where toggling off link formatting left extra spaces.
In cases where either the description or the URL, or both were empty,
there would be an unneeded space, originally intended to space out the
description and URL, lingering even when the description and/or URL was
missing. The resulting highlight would also be off at times.

Now we only add in a space if both the description and URL are present,
and the highlight too is as intended.

(cherry picked from commit a5889bc3af)
2024-01-22 18:19:09 -08:00
N-Shar-ma b1fcbfd89a compose: Fix bug where spoiler would not always start on a new line.
Earlier, when a selection not starting at the beginning of a line was
formatted as a spoiler, the spoiler would not start on a new line, and
so would not be rendered as a spoiler. The `Header` highlighting too
was off by one character.

Now, the spoiler starts on a new line, and the `Header` highlighting
works as expected too.

(cherry picked from commit c46375f6fc)
2024-01-22 18:19:09 -08:00
sayyedarib 7a474e4cbf status_emoji_selector: Replace fa-smile with custom zulip-smile-icon.
Signed-off-by: sayyedarib <sayyedaribhussain4321@gmail.com>
(cherry picked from commit ff4d4dd31b)
2024-01-22 18:19:09 -08:00
sayyedarib 8b00c9a9dd user_status: Fix alignment of select-emoji icon of user-status modal.
use flex display justify-content for vertical alignment
instead of using offsets like "top". for horizontal
alignment of smiley-icon use text-align center.

Signed-off-by: sayyedarib <sayyedaribhussain4321@gmail.com>
(cherry picked from commit c1b8e45216)
2024-01-22 18:19:09 -08:00
Alex Vandiver d0e796751e i18n: Update translation data from Transifex. 2024-01-19 19:15:08 +00:00
Mateusz Mandera a96c821651 desktop_app: Close popover when clicking on "Plan management".
(cherry picked from commit e916ae754a)
2024-01-18 15:58:02 -08:00
Mateusz Mandera 4df748d151 auth: Add a configurable wrapper around authenticate calls.
(cherry picked from commit 3c29a68cd1)
2024-01-18 15:58:02 -08:00
Mateusz Mandera fc85d7d613 auth: Add hardening authenticate(use_dummy_backend=True) in do_login.
As explained in the comment, this is to prevent bugs where some strange
combination of codepaths could end up calling do_login without basic
validation of e.g. the subdomain. The usefulness of this will be
extended with the upcoming commit to add the ability to configure custom
code to wrap authenticate() calls in. This will help ensure that some
codepaths don't slip by the mechanism, ending up logging in a user
without the chance for the custom wrapper to run its code.

(cherry picked from commit 72bea3433e)
2024-01-18 15:58:02 -08:00
Mateusz Mandera 5782caed97 tests: Delete test_social_auth_backends.
This test is ancient and patches so much that it's almost unreadable,
while being redundant considering we have comprehensive tests via the
SocialAuthBase subclasses. The one missing case was the one with the
backend we disabled. We replace that with a proper
test_social_auth_backend_disabled test in SocialAuthBase.

(cherry picked from commit e09c4d4d4b)
2024-01-18 15:58:02 -08:00
Tim Abbott 1c47715ed1 tools: Add a tool for backporting PRs.
(cherry picked from commit ef3f990324)
2024-01-18 15:58:02 -08:00
Mateusz Mandera 7cca077fe6 templates: Move remote_realm_server_mismatch_error.html to zerver.
This is rendered by regular self-hosted servers, so doesn't belong in
zilencer.
2024-01-15 21:32:00 -08:00
Mateusz Mandera ba50faced4 remote_billing: Fix /self-hosted-billing/ handling for desktop app.
When you click "Plan management", the desktop app opens
/self-hosted-billing/ in your browser immediately. So that works badly
if you're already logged into another account in the browser, since that
session will be used and it may be for a different user account than in
the desktop app, causing unintended behavior.

The solution is to replace the on click behavior for "Plan management"
in the desktop app case, to instead make a request to a new endpoint
/json/self-hosted-billing, which provides the billing access url in a
json response. The desktop app takes that URL and window.open()s it (in
the browser). And so a remote billing session for the intended user will
be obtained.
2024-01-15 21:32:00 -08:00
Mateusz Mandera aea290a278 remote_billing: Improve nocoverage tagging on self_hosting_auth_redirect. 2024-01-15 21:32:00 -08:00
Anders Kaseorg 49d2727e6e test_remote_billing: Use unordered comparison for deactivation test.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-01-15 16:51:09 -08:00
Mateusz Mandera 0cbbb98cc2 zilencer: Have server send realm_uuid to remaining bouncer endpoints.
Requests to these endpoint are about a specified user, and therefore
also have a notion of the RemoteRealm for these requests. Until now
these endpoints weren't getting the realm_uuid value, because it wasn't
used - but now it is needed for updating .last_request_datetime on the
RemoteRealm.

(cherry picked from commit e2291b7656)
2024-01-15 16:51:09 -08:00
Mateusz Mandera 3a4d45022f zilencer: Add last_request_datetime to RemoteRealm + RemoteZulipServer.
For the RemoteRealm case, we can only set this in endpoints where the
remote server sends us the realm_uuid. So we're missing that for the
endpoints:

- remotes/push/unregister and remotes/push/unregister/all
- remotes/push/test_notification

This should be added in a follow-up commit.

(cherry picked from commit 3dca333b8d)
2024-01-15 16:51:09 -08:00
Tim Abbott 81b42e3c41 zilencer: Fix community plan push notifications.
(cherry picked from commit 5dc1d36f73)
2024-01-15 16:51:09 -08:00
Mateusz Mandera 6478cb53f4 test_push_notifications: Use self.server instead of .get expression.
It makes no sense to do RemoteZulipServer.objects.get with
self.server_uuid, when there simply is self.server.

(cherry picked from commit d3e8ddd6ce)
2024-01-15 16:51:09 -08:00
Mateusz Mandera 7a4a8f55c0 zilencer: Set .remote_realm for existing RemotePushDeviceToken.
Old RemotePushDeviceTokens were created without this attribute. But when
processing a notification, if we have remote_realm, we can take the
opportunity to to set this for all the registrations for this user.

(cherry picked from commit 82ee93d967)
2024-01-15 16:51:09 -08:00
afeefuddin 5841813ac4 portico-header: Dropped find accounts link for smaller windows.
Fixes #27477

(cherry picked from commit 76d79701a2)
2024-01-15 12:02:53 -08:00
Alex Vandiver 495312b86a logrotate: smokescreen has its own config file.
149bea8309 added a separate config file
for smokescreen (which is necessary because it can be installed
separately) but failed ot notice that `zulip.template.erb` already had
a config line for it.  This leads to failures starting the logrotate
service:

```
logrotate[4158688]: error: zulip:1 duplicate log entry for /var/log/zulip/smokescreen.log
logrotate[4158688]: error: found error in file zulip, skipping
```

Remove the duplicate line.

(cherry picked from commit 725affcb5a)
2024-01-15 12:02:53 -08:00
Anders Kaseorg ea862aa29f notification_settings: Open push notification docs link in new tab.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
(cherry picked from commit f93fbd34c7)
2024-01-15 12:02:53 -08:00
Vector73 e2cb2da864 settings: Fix setting label click functionality.
This commit fixes "Automatically follow topics where I'm mentioned"
setting label click functionality so that the setting is toggled
on clicking the label .

(cherry picked from commit 1c286a6835)
2024-01-15 12:02:53 -08:00
Sahil Batra 363d98a203 message: Allow system bots to mention group if everyone else can.
We now allow system bots to mention a group if can_mention_group
setting is set to "role:everyone" group and not when it is set
to some other group.

(cherry picked from commit 76b2e6de0b)
2024-01-15 12:02:53 -08:00