Commit Graph

35284 Commits

Author SHA1 Message Date
Tim Abbott 3abb52476c confirmation: Add database indexes on confirmation fields.
Apparently, we didn't have any database indexes on Confirmation, which
meant that on servers with large numbers of users like zulipchat.com,
new account registration could spend a ton of time effectively doing a
table scan on this table.
2020-03-27 02:03:05 -07:00
Tim Abbott 737a36a9f8 portico: Use a backend variable to determine desktop version.
This makes it possible to change this parameter without rebuilding all
the server's static assets.
2020-03-27 01:37:56 -07:00
thoemie 7a48bec189 docs: Document EMAIL_USE_SSL for smtp providers on port 465.
I found the solution by simply trying out EMAIL_USE_SSL and it
worked. I had problems with sending emails (did not work at all, there
wasn't even a connection going on - I checked with tcpdump. Then I
found this: To use port 465, you need to call
smtplib.SMTP_SSL(). Currently, it looks like Django only uses
smtplib.SMTP() (source: https://code.djangoproject.com/ticket/9575).

Fixes #14350.
2020-03-27 00:25:49 -07:00
Ryan Rehman b4ade7b6d8 migrations: Refactor the enum type fields.
Accessing attributes is the preferred design
pattern, as it is more readable.
2020-03-27 00:21:21 -07:00
sahil839 a2efe3ab64 narrow: Show starred messages from muted topics in starred message view.
Starred messages from muted topics were not shown in the starred
messages view. Condition for muting_enabled is modified accordingly
such that the starred messages from muted topics is shown in the
starred messages narrowed view.

Node tests are updated accordingly.

Fixes #13548
2020-03-27 00:17:26 -07:00
Tim Abbott 06c97b5be2 api docs: Render example responses as with JSON codehilite.
This makes the example responses a lot prettier visually.
2020-03-27 00:03:36 -07:00
Tim Abbott 820f0e275e api docs: Redesign visuals for documenting arguments.
The previous system for documenting arguments was very ugly if any of
the examples or descriptions were wrong.  After thinking about this
for a while, I concluded the core problem was that a table was the
wrong design element to use for API parameters, and we'd be much
better off with individual card-type widgets instead.

This rewrites the API arguments documentation implementation to use a
basic sort of card-like system with some basic styling; I think the
result is a lot more readable, and it's a lot more clear how we would
add additional OpenAPI details (like parameter types) to the
documentation.
2020-03-27 00:03:36 -07:00
Anders Kaseorg 43996106d8 requirements: Get transifex-client from apt.
In the past it has blocked Python library security updates with overly
strict version bounds, and we don’t use it as a library, only as a
binary.

Skip the PROVISION_VERSION bump because we can use the tx binary from
either location.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-03-26 21:39:04 -07:00
Anders Kaseorg 006a69c912 ci: Disable test-run-dev.
This test doesn’t catch many bugs and is known to be flaky.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-03-26 21:38:19 -07:00
Anders Kaseorg a6624f04db Revert "run-dev: Run process_queue with DJANGO_AUTORELOAD_ENV."
This reverts commit 36a8e61e67 (#13934).

The Django 2.2 autoreloader works by forking into a child process that
exits with status 3 when a file changes, and a parent process that
restarts the child when it exits with status 3.  Setting this
environment variable had the effect of pretending we were already the
child process, without a parent process to restart it.  Therefore,
changing any code used by the queue processor caused it to exit rather
than restart.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-03-26 21:38:19 -07:00
Anders Kaseorg 7ff9b22500 docs: Convert many http URLs to https.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-03-26 21:35:32 -07:00
Anders Kaseorg 586f78cb32 install-node: Upgrade to Node.js 12.16.1, Yarn 1.22.4, nvm 0.35.3.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-03-26 21:34:47 -07:00
Anders Kaseorg 56aadf6503 tests: Fix CI apocalypse perpetrated by previous commit.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-03-26 21:25:25 -07:00
Tim Abbott 9b9efdfa0f docs: Update API documention to note changes in Zulip 2.1.0. 2020-03-26 20:06:39 -07:00
Tim Abbott b29213ef90 docs: Document changes in the API made since Zulip 2.1.x.
This is important documentation for anyone working on writing clients
for the Zulip APIs that wants to support older releases.
2020-03-26 17:45:03 -07:00
Tim Abbott 9b2d4561e6 api docs: Document that the `GET /users` endpoint is new in 2.2.
I verified there are no other endpoints we've added since Zulip 2.1,
so at least this part of our documentation is accurate.

We added the `/realm/export` endpoints in Zulip 2.1, but those don't
have documentation yet, so we'll just need to remember to cover this
when they are added.
2020-03-26 17:22:30 -07:00
Eeshan Garg 1d5d0e649b pypi: Upgrade Zulip's PyPI packages to version 0.6.4. 2020-03-26 17:17:33 -07:00
Anders Kaseorg 58e9526586 tsconfig: Disable automatic inclusion of type packages.
Automatic inclusion is for files with global declarations, as opposed
to files declared as modules.  typeRoots already had the side effect
of disabling the default automatic inclusion for node_modules.  Since
we also don’t need it for static/js/types, we may as well disable it
completely.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-03-26 17:07:50 -07:00
Mateusz Mandera 1dd5392874 requirements: Bump python-social-auth to 3.3.2. 2020-03-27 00:00:24 +00:00
Siddharth Varshney 645b4ec1b3 portico: decrease too much extra space over the main title for small devices on /apps route 2020-03-26 16:42:53 -07:00
Tim Abbott 9d346673f1 webhooks: Fix handling of additional old-format Jira events.
This should hopefully get the Jira webhook working correctly again for
all event types we handle.
2020-03-26 16:39:03 -07:00
Tim Abbott d52a891858 jira: Fix handling of sprint_started events.
Now that we inspect more attributes of events in determining subjects,
we need to filter events like sprint_started before fetching the subject.
2020-03-26 16:34:02 -07:00
Tim Abbott 0308ded874 node tests: Fix coverage issues for recent panels.js changes. 2020-03-26 14:16:41 -07:00
Tim Abbott a97d19c8aa server_events_dispatch: Clean up can_create_streams logic.
The previous logic avoided updating the setting for
non-administrators, because their value was always true, but removing
those if statements results in better test coverage and is more likely
correct if we ever try to support live-update for whether the user is
an administrator.
2020-03-26 14:16:41 -07:00
arpit551 eb294238c9 circleci: Comment out focal backend-frontend job.
Comment out any Focal jobs in circleci config file.
This is due to a recent bug that is causing some trouble
while installing python-pip in Focal.
So we are pausing Focal tests until we get stability.
2020-03-26 13:11:48 -07:00
Jagan 5a1df798bc banner: Notify organization admins to change default description.
We've noticed that many production organizations don't set either an
organization description or profile picture, even large open source
organizations that could definitely take advantage of this feature.

This adds a top-of-page banner that bugs organization administrators
to add an organization description and profile picture, generally
starting on the second login (as we only do it on page load after
notifications are configured).

Significantly tweaked by tabbott to get the right user experience.

Fixes #14019.
2020-03-26 13:10:37 -07:00
Tim Abbott 900aea88a4 panels: Restructure to actually make sense.
The original implementation of panels.js was just for notifications,
and ended up running a bunch of notifications-specific code, including
registration click handlers and some localstorage-related
notifications logic, every time a panel was supposed to be opened.

This refactoring makes the panels library make sense -- we now
initialize all click handlers in the initialize() method, and do the
notifications check in a single, coherent place scoped to notifications.
2020-03-26 12:49:55 -07:00
Steve Howell 162396cfe3 casper: Improve `toggle_star_last_message`.
We now look for the actual message directly,
and we make assertions about things we are
clicking on.
2020-03-26 14:54:02 -04:00
Steve Howell d604814347 casper: Improve logic to confirm message sends.
We now use `wait_for_message_fully_processed`
to check that messages are fully rendered.

Before this, we had loopholes where messages
sent outside the view were effectively ignored.
Now we explicitly ignore the check for the
one place we do that.

The more important behavior is for messages
that get sent to the current view.

Before this change, the older version of this
function declared victory as soon as we put the
server version of a locally echoed message into
the current message list's data.

This fixes flaky behavior with 07-stars in
particular, since we need the star icon
on our last message to be there before
we click on it.

Because this function is more robust now, we
can remove some redundant checks in 08-edit.js.
2020-03-26 14:54:02 -04:00
Steve Howell 41f0069a08 casper: Remove left-arrow message-edit tests.
These tests have been notoriously brittle over time.
I think the problem here was knowing whether the
compose box was open or not.
2020-03-26 14:54:02 -04:00
Tim Abbott 19b806d6c2 settings: Fix notification settings update notifications.
This fixes the "Saving..." widget being on the wrong line.

Thanks to Shubham Dhama for the fix.
2020-03-26 11:45:07 -07:00
Puneeth Chaganti ca6cf9aeeb
stream settings: Allow tabbing to the input to add new subscribers.
Commit 68335d9124 removed the ability to tab
into this field, since it was a hidden field. This field is no longer
hidden, and this commit restores the ability to tab into it.
2020-03-26 11:31:15 -07:00
Tim Abbott 35c5e00f9d node: Fix i18n node tests following string replacement.
I think we could write this test better, but it's not a big deal for
this to break in the rare even that we change/remove one of the 2
strings it interacts with.
2020-03-25 19:36:43 -07:00
Vaibhav Raj Singh ee9678a2bd stream settings: Fix issues with viewing/editing long stream names.
In continuation to #13250

CHANGES:
-the stream name edit button is now visible for long names too.
-ellipsis are removed when you click on edit name option.
-added border while editing name to give a text-box feel.

REASONS:
-added border while editing the name to give a textbox-esque feel.
-text overflow was changed from ellipsis to clip (while editing) as
ellipsis prevented editing the entire name (clip provides better
functionality).

The last two changes are reverted back to original (i.e. ellipsis and
no border) once you finish editing the stream name.

P.S.- clicking on anywhere else updates the new name perfectly
2020-03-25 17:56:32 -07:00
Pragati Agrawal dd13136371 settings: Migrate notification checkboxes to table format.
Here we have migrated checkboxes of all general notifications to the table.
By general notifications we mean, Mobile, Email, Desktop audio, and visual
notifications.

This is a part of a bigger migration to simply our notifications setting
changing infrastructure for all streams and individual streams. Later we
will add more row to this for different categories of notifications in
addition to the current ones ("Streams" and "PMs, mentions, alerts").

Fixes: #12182.
2020-03-25 17:45:59 -07:00
Tom Daff 2f213f7c8e
monitoring: Fix check-rabbitmq-consumers.
Missing commas in the definition of all the queues to check meant that it would be looking for queues with concatenated names, rather than the correct ones. Added the commas.
2020-03-25 17:19:16 -07:00
Steve Howell 1826bac1b1 default streams: Fix overly aggressive typeahead.
When you select a typeahead, it shouldn't
immediately do the action for you; you should
have to hit enter first.  Even though 99% of
the time you're gonna confirm the typeahead,
it's jarring when you don't expect it.

You can still add a bunch of default streams
quickly, using only the keyboard, because
we have always had support for the enter
key saving.  (and tab and enter also works)
2020-03-25 17:11:25 -07:00
Steve Howell 697b00dd6e default streams: Change remove api to use stream_id.
This is a full-stack change:

    - server
    - JS code
    - templates

It's all pretty simple--just use stream_id instead
of stream_name.

I am 99% sure we don't document this API nor use it
in mobile, so it should be a safe change.
2020-03-25 17:11:25 -07:00
Steve Howell 2cd9c77979 refactor: Stop using page_params.realm_default_streams.
We now only use `page_params.realm_default_streams` during
initialization, and then after that we use `stream_data`
APIs to get default stream ids and related info.  (And
for the event that replace the data, we just update our
internal data structures as well.)

Long term we should have the server just send us ids here,
since we are now hydrating info from stream data in all places.
2020-03-25 17:11:25 -07:00
Steve Howell ba495e57eb refactor: Simplify get_invite_stream_data().
This code is a bit simpler.

The previous code was concatenating two lists
and then removing duplicates by calling filter().

Now we just have two loops that append to a single
list, and the second loop detects duplicates
before inserting into the list.

We also now use `default_stream_ids` instead of
`page_params` data, which is convenient for two
reasons:

    - working with sets of ids is convenient
    - we don't need to maintain `page_params`
      data any more
2020-03-25 17:11:25 -07:00
Steve Howell 6313917143 stream_data: Remove invite_streams().
This function was made obsolete in
b4e2313cbc.

It was replaced by get_invite_stream_data(),
which has plenty of coverage.
2020-03-25 17:11:25 -07:00
Steve Howell 4610ef3169 refactor: Remove stream_data.get_default_status().
There was no reason to have this when it's more
robust to look up streams by id than name.
2020-03-25 17:11:25 -07:00
Steve Howell abc0c4d48c default streams: Make filters case-insensitive. 2020-03-25 17:11:25 -07:00
Steve Howell a81fd786f5 refactor: Use get_default_stream_ids() in settings.
We now use the up-to-date info from stream_data
to hydrate the default stream ids.  All we need
here in the template is `invite_only` and `name`.

Since we are no longer using data from `page_params`,
we can remove `maybe_update_realm_default_stream_name`.
(If you are wondering if we still get live updates,
we get that via a more upstream call to
update_default_streams_table in the event
dispatching codepath.)
2020-03-25 17:11:25 -07:00
Steve Howell 8d8226117c refactor: Extract get_default_stream_ids().
We only used get_default_stream_names() in a
test, so now it's being replaced with a function
that just gets ids.

We'll have use for get_default_streams_ids()
in an upcoming commit.
2020-03-25 17:11:25 -07:00
Steve Howell c86ccd8c6e tests: Remove obsolete page_params test setup.
This test code has basically been dead since
we started passing in `params` to
`stream_data.initialize()`, and now it's
more confusing than helpful.
2020-03-25 17:11:25 -07:00
Steve Howell f8913dc321 default streams: Remove complicated remove logic.
Now if a default stream gets deleted, we just
redraw the table.  We always have a small number
of default streams, and the way that we were removing
rows without the actual consent of `list_render` was
really janky (and just a vestige of pre-list-render
code that never got fully ported).

This also makes us consistent with how we handle
added streams (i.e. just call
`update_default_streams_table`).

ASIDE:

Ideally we will update `list_render` at some point to
have an API for adding and removing elements.  It does
allow you now to call `data()` to reset its data, but
for now we just build a new `list_render` object every
time.
2020-03-25 17:11:25 -07:00
Graham Bleaney fd5ee9a831 bots: Decouple user input from imported module.
This commit modifies 'zerver/lib/bot_lib.py' to decouple the
user-controllable 'service_name' parameter from the value that is
passed in to 'import_module'. This is done as a precautionary
hardening.
2020-03-25 16:39:17 -07:00
Graham Bleaney 2fe9d85a5f redirects: Refactor redirect code to use central helper function.
This commit introduces two new functions in 'url_encoding.py' which
centralize two common patterns for constructing redirect URLs. It
also migrates the files using those patterns to use the new
functions.
2020-03-25 16:39:17 -07:00
Graham Bleaney 5dca599481 export: Harden s3 export against directory traversal.
This commit modifies 'zerver/lib/export.py' to raise an exception
in the presence of a suspected attempt at directory traversal.
2020-03-25 16:39:17 -07:00