Commit Graph

2376 Commits

Author SHA1 Message Date
Tim Abbott bc2961d3ac Refactor file upload routes to their own file. 2016-06-06 16:09:05 -07:00
Vishnu Ks f3a8962612 Replace make_dict() with stream.to_dict(). 2016-06-06 14:46:12 -07:00
Evan Palmer 8afeb7d8ce Annotate webhooks/transifex.py, webhooks/yo.py. 2016-06-05 17:01:53 -07:00
Daw-Ran Liou 7f0709b65c Annotate zerver.views.webhooks.freshdesk
Change the comments into docstrings.
Modified the return type of parse_freshdesk_event to always return a
list of str.
2016-06-05 15:56:27 -07:00
Dalek-Sec c457f551ea Annotate zerver/views/webhooks/crashlytics.py 2016-06-05 15:54:13 -07:00
medullaskyline 7e30de04ca Annotate zerver.views.webhooks.pingdom. 2016-06-05 15:52:53 -07:00
medullaskyline 4c1da236ad Annotate zerver.views.webhooks.pagerduty. 2016-06-05 15:47:33 -07:00
Daw-Ran Liou 4428287846 Annotate zerver.views.webhooks.stash. 2016-06-05 15:42:25 -07:00
Hyunchel Kim b79cad0404 Annotate zerver.views.webhooks.teamcity 2016-06-05 15:11:45 -07:00
Daw-Ran Liou 26d067fc97 Annotate zerver.views.webhooks.pivotal. 2016-06-05 14:57:53 -07:00
medullaskyline 2369d48a9b Annotate zerver.views.webhooks.newrelic. 2016-06-05 14:52:20 -07:00
Evan Palmer 4bf81b58b4 Annotate zerver/views/webhooks/zendesk.py. 2016-06-05 14:50:52 -07:00
Hyunchel Kim de34dd1187 Annotate travis webhoook function. 2016-06-05 14:46:26 -07:00
medullaskyline 158914aa98 Annotate zerver.views.webhooks.jira. 2016-06-05 14:36:39 -07:00
Hyunchel Kim bc87685ea6 bitbucket: Correct return type in annotation. 2016-06-05 14:33:31 -07:00
Daw-Ran Liou 70f44c00b0 check_send_message: Replace args/kwargs with explicit args.
This lets us actually type-checks the various views that are using
check_send_message.
2016-06-05 14:30:38 -07:00
Max 86fb6467e7 Add annotations to avatar.py, db.py, logging_util.py, unminify.py.
Also, fixed a a small type annotation in users.py because email must
be a string because emails don't support UTF-8 at this time (according
a comment in gravatar_hash in avatar.py).
2016-06-05 12:38:20 -07:00
medullaskyline 2855c285b4 Annotate zerver.forms. 2016-06-05 12:02:19 -07:00
Daw-Ran Liou 90a2dead46 Annotate zerver/views/webhooks/deskdotcom.py. 2016-06-05 11:53:44 -07:00
Deborah Hanus a261a6bbac Annotate zerver/views/__init__.py.
Also fix typing errors in a few related files.

[with tweaks from tabbott]
2016-06-05 11:34:19 -07:00
Daw-Ran Liou c9bb93b0d2 Annotate zerver/views/webhooks/beanstalk.py. 2016-06-05 10:54:23 -07:00
Tim Abbott 15b2dd085e Annotate zerver.lib.test_runner. 2016-06-04 23:23:31 -07:00
Tim Abbott 1ca7c3378b Annotate zerver.lib.testing_mocks.
Also fix some annotations in bugdown to match.
2016-06-04 22:54:49 -07:00
Tim Abbott 157a3efb78 Annotate zerver.exceptions, zerver.filters, zerver.logging_handlers. 2016-06-04 22:51:18 -07:00
Conrad Dean 33dee43179 Annotate zerver/lib/socket.py.
Currently this uses a Union type for connection_id; we need to figure
out what actually sets that and what its type is and fix that later
(see https://github.com/zulip/zulip/issues/896).
2016-06-04 22:36:03 -07:00
Dalek-Sec 2bcf313a85 Added MyPy types to zerver/views/webhooks/codeship.py 2016-06-04 22:03:41 -07:00
medullaskyline 47c3ec1283 Annotate zerver.lib.upload. 2016-06-04 19:13:03 -07:00
Umair Khan 1bfe566c8d [i18n] Make Json error messages translatable. 2016-06-04 18:48:36 -07:00
medullaskyline c5f0d5b40a Annotate zerver.middleware. 2016-06-04 18:32:06 -07:00
Tim Abbott 9c5f15e89b models: Fix use of non-lazy ugettext at import time.
Was introduced in 03debdf82f.
2016-06-04 17:46:03 -07:00
Daw-Ran Liou 0265968ea2 Annotate zerver/views/user_settings. 2016-06-04 17:41:59 -07:00
Reid Barton cf93c8bce0 Annotate zerver/views/webhooks/bitbucket.py. 2016-06-04 17:02:59 -07:00
Daw-Ran Liou 8bbd93011d Annotate zerver/views/users.py. 2016-06-04 17:00:53 -07:00
medullaskyline fcdcccb5df Annotate zerver.lib.digest. 2016-06-04 16:20:18 -07:00
Tim Abbott d9d0515d3b Add mypy bug number for check_redis type: ignore. 2016-06-04 16:11:18 -07:00
medullaskyline 7c2c7fb31c Annotate zerver/lib/bulk_create.py. 2016-06-04 15:51:05 -07:00
Tomasz Kolek 8411b2e574 Add Crashlytics integration. 2016-06-04 15:18:42 -07:00
Tomasz Kolek 093e5a96d4 Add Transifex integration.
Fixes: #810.
2016-06-04 14:52:57 -07:00
Max 04e2745136 Annotate debug.py, initial_password.py, narrow.py, response.py.
Also, fixed up the annotations for tornadoviews to better align with
how narrows was defined as `Iterable[Sequence[str]]` rather than
`List[Tuple[str, str]]`.
2016-06-04 12:56:36 -07:00
medullaskyline 7b2db95d02 Annotate zerver/lib/ccache.py. 2016-06-04 12:19:34 -07:00
Tim Abbott 6fba0879a4 Annotate much of the rest of zerver/tests. 2016-06-04 11:53:20 -07:00
Tim Abbott 27e9d3f06b Annotate test_external and test_signup. 2016-06-04 11:53:20 -07:00
Tim Abbott 966375d74c Annotate test_events, test_realm_emoji, test_uploads. 2016-06-04 11:53:20 -07:00
Tim Abbott f1d58e767b Annotate zerver/tests/test_subs.py.
This required a number of unique-related changes to test_helpers.
2016-06-04 11:53:10 -07:00
Tim Abbott 6f69053911 Annotate most of the rest of bugdown. 2016-06-04 11:35:29 -07:00
Max c8dc033c3c Annotate camo.py, mandrill_client.py, query.py, session_user.py 2016-06-04 11:28:42 -07:00
Tim Abbott a1a27b1789 Annotate most Zulip management commands. 2016-06-04 10:12:06 -07:00
Tim Abbott c2bea0fa08 zulip_finish: Remove useless return statement. 2016-06-04 10:06:31 -07:00
Tim Abbott ac3989c114 models: Add most missing type annotations. 2016-06-04 00:03:54 -07:00
David Adamec 9e8ea93d3d Add annotations for zerver/lib/validator. 2016-06-03 23:53:49 -07:00
David Adamec 4f3c85a20c Add type annotations to zerver/lib/rest. 2016-06-03 23:48:46 -07:00
Conrad Dean e7f0698884 Annotate zerver/lib/notifications.py. 2016-06-03 23:45:29 -07:00
Tim Abbott 7fd2956f29 clear_followup_emails_queue: Rename confusing local variable. 2016-06-03 23:45:29 -07:00
medullaskyline cb84f72f2d Annotate zerver/lib/html_diff.py. 2016-06-03 23:21:26 -07:00
Tim Abbott 2ec0114079 test_bugdown: Add tests for mentions. 2016-06-03 23:18:39 -07:00
Tim Abbott cfff4f1d49 test_bugdown: Add a bugdown test for alert_words functionality. 2016-06-03 23:18:39 -07:00
Tim Abbott 8c757292cf test_bugdown: Add test for nonmatching realm filters. 2016-06-03 23:18:39 -07:00
Tim Abbott 3a0eb01dda test_messages: Fix huddle test failing when not on Internet. 2016-06-03 23:18:39 -07:00
Tim Abbott e89730dc8f subject_links: Remove useless RealmFilter.DoesNotExist case. 2016-06-03 23:18:39 -07:00
Tim Abbott 68fba3579d test_bugdown: Add testing of subject_links feature. 2016-06-03 23:18:39 -07:00
gregmccoy d77e8df3fa Add tests for zerver/views/realm_emoji.py. 2016-06-03 23:12:53 -07:00
Tim Abbott 03debdf82f Fix malformed error message when creating invalid Realm Emoji.
Thanks to Greg McCoy for his help finding this bug.
2016-06-03 23:12:36 -07:00
David Adamec 8ad20e9775 mypy type annotations for zerver/lib/utils 2016-06-03 22:58:15 -07:00
Tim Abbott 1552b9308b Fix apnsclient import to match version 0.1.8 used in production.
Apparently, apnsclient moved Connection to a different module between
0.1.8 and 0.2.1.
2016-06-03 19:28:36 -07:00
Max 0f4673ae3b Add type annotation to mention.py, redis_utils.py, timestamp.py, user_agent.py
Some functions in models.py had input typed as int when they needed to be typed as datetime.datetime
2016-06-03 19:00:16 -07:00
Max 1148f6ff8a Rename timestamp kwarg in to_presence_dict to dt
It is not a timestamp, it is a datetime object. This is better ducktyping
2016-06-03 19:00:16 -07:00
Tim Abbott 654bd663aa bugdown: Add annotations for a few more functions.
This resolves the issue with Typeshed #244 by making `upload_re` start
with `ur`.
2016-06-03 18:11:53 -07:00
Tim Abbott f97b025a33 push_notifications: Fix incorrect Connection import. 2016-06-03 18:11:53 -07:00
medullaskyline 303bd21068 Annotate zserver.lib.push_notifications. 2016-06-03 17:45:54 -07:00
Oren Leaffer 2916fb30cb bugdown: add some type annotations.
Had to add some "type: ignore" because the pattern used in match
doesn't affect the type returned. A fix for this issue has been pushed
to typeshed - https://github.com/python/typeshed/pull/244
2016-06-03 17:03:52 -07:00
medullaskyline 2213a9f41f Annotate zerver/lib/cache_helpers.py 2016-06-03 16:34:30 -07:00
Conrad Dean 7f61a5e862 Add type annotations to zerver.lib.test_helpers. 2016-06-03 12:17:26 -07:00
Max a6e60419c4 Add types to confirmation/views.py and zerver/tornadoviews.py 2016-06-03 11:26:30 -07:00
Vishnu Ks 4fd569f910 Change add_default_stream method from PATCH to PUT.
This is more consistent with our other routes.
2016-06-03 09:52:51 -07:00
Nathan Florea 04c71fadc6 More removal of mutable default arguments.
I've left a few that clearly aren't being passed and aren't being mutated, but
I think I've gotten the rest of them.
2016-06-03 09:17:04 -07:00
Nathan Florea 5fe9076631 Remove some mutable default arguments.
These ones don't fix any bugs, because the mutable arg is never passed
outside of the callable or mutated.  But it's good practice to not use
them in case those invariants are changed in the future.
2016-06-03 09:16:56 -07:00
Ashish Kumar 9b990e3bd0 Type annotation of zerver/views/alert_words.
[Tweaked by tabbott to annotate the REQ variables the new way]
2016-06-03 08:07:58 -07:00
Ashish Kumar 31bf6b8259 Type annotation of zerver/models.py
[Substantially revised by tabbott]

This probably still has some bugs in it, but having mostly complete
annotations for models.py will help a lot for the annotations folks
are adding to other files.
2016-06-02 23:28:34 -07:00
Tim Abbott 37015fd7c5 Run mypy on zerver/lib/test_auth_backends.py. 2016-06-02 23:01:15 -07:00
Tim Abbott 8cef9675c8 Run mypy on zerver/lib/test_events.py. 2016-06-02 23:00:04 -07:00
Tim Abbott e6d2b0cdbc Run mypy on zerver/lib/test_unread.py. 2016-06-02 22:59:00 -07:00
Tim Abbott f3b07ee9aa Run mypy on zerver/lib/test_subs.py. 2016-06-02 22:57:07 -07:00
Oren Leaffer c2ce5119c6 Annotate zerver.views.tutorial. 2016-06-02 18:49:27 -07:00
Rachel Kelly df36216914 Change instances of 'coworkers' to 'users'.
In order to genericize use of Zulip outside companies,
    all instances of coworkers have been changed to users.
    NOTABLE EXCEPTION: When the Zulip instance is domain-
    locked, the reference to coworkers remains.  The reason
    for this is twofold: first, the majority of Zulip instances
    which require a particular domain will be locked to a
    company, and second, the template variable for the domain
    necessary should be added to the alert so it is clear
    to the user what the domain needs to be for access.

Fixes: #861.
2016-06-02 16:05:27 -07:00
Pei-Wei Wu 8d2733ae8c Add mypy type annotations to zerver/views/streams.py. 2016-06-02 15:44:43 -07:00
Ashley Dunn 7826aa7e7f Type annotation of zerver/views/realm_emoji. 2016-06-02 14:01:28 -07:00
Ashish Kumar cad342aff6 Correct annotation of generic_bulk_cached_fetch in zerver/lib/cache.py.
Previously, object_ids was tagged as an int, but it is called from
models.py with a string, so we make it an Any.
2016-06-01 14:00:49 -07:00
Umair Khan 08fbd57245 [i18n] Make error messages translatable.
Make all strings passing through `json_error` and `JsonableError`
translatable.

Fixes #727
2016-05-31 07:40:42 -07:00
Tim Abbott ab2d325a08 Update production default streams to be less engineering-centric. 2016-05-31 07:38:25 -07:00
Vishnu Ks 100d885f23 Change default announcement stream to announce.
Fixes #788.
2016-05-31 07:38:07 -07:00
Tim Abbott 960144a49e Desupport using uninstantiated REQ with has_request_variables.
This makes life difficult for doing static type annotations, and
didn't make the code look that much better anyway.
2016-05-31 07:31:15 -07:00
Tim Abbott 41336f3782 lint-all: Check for use of '== None'. 2016-05-31 07:02:04 -07:00
Umair Khan 9a57176ad6 Do shallow testing of backend templates.
Just render the templates without the actual workflow to see if they
don't return a 500 error; this lets us catch various classes of
template bugs automatically.

Fixes #784.
2016-05-31 05:42:17 -07:00
Umair Khan c884559ec6 Show templates rendered report.
Add two options to the `test-backend` script:

1. verbose
    If given the `test-backend` script will give detailed output.
2. no-shallow
    Default value is False. If given the `test-backend` script will
    fail if it finds a template which is shallow tested.
2016-05-31 16:46:11 +05:00
Tomasz Kolek 8e144a1f57 Add zip and absoulte_import to pass py3k test. 2016-05-30 22:28:05 +02:00
Tim Abbott baec0f12cf Add a proper annotation for REQ in streams.py. 2016-05-30 11:41:16 -07:00
Reid Barton 8c6afac7cd Add a stub file for request.py.
This stub file allows us to annotate view functions using the actual
types present in the bodies of the functions, rather than everything
having the type REQ.
2016-05-30 11:28:53 -07:00
Tim Abbott 572c69f3c2 Move REQ and friends to their own module. 2016-05-30 11:24:17 -07:00
Eklavya Sharma 48e7e1a2a1 zerver/lib/actions.py: Rename stream_name to stream.
In function bulk_add_subscriptions, some variables were named
`stream_name` but their type is Stream, not a string.  Rename
those variables to `stream`.
2016-05-30 09:52:59 -07:00
Eklavya Sharma 94e4b39112 Replace python2.7 by python everywhere. 2016-05-29 05:03:08 -07:00
Eklavya Sharma 149938d468 Change shebangs from python2.7 to python. 2016-05-29 05:03:08 -07:00
Eklavya Sharma 1bb6a0db4c Annotate zerver/lib/actions.py. 2016-05-29 04:26:17 -07:00
Eklavya Sharma 2308107805 zerver/lib/actions.py: Use unicode literals.
Convert some strings literals to unicode strings by prefixing with `u`.
2016-05-29 04:26:17 -07:00
Eklavya Sharma b74f603682 zerver/lib/actions.py: Rename variables and add/edit comments. 2016-05-29 04:26:17 -07:00
Eklavya Sharma efab224bd1 zerver/lib/actions.py: Remove unneeded `return {}` statements. 2016-05-29 04:26:17 -07:00
Eklavya Sharma a2b48f05e5 zerver/lib/actions.py: Fix return values. 2016-05-29 04:26:17 -07:00
Eklavya Sharma 1ea6171179 Fix an annotation in zerver/lib/cache.py.
This is done to make annotations in zerver/lib/actions.py work correctly.
2016-05-25 15:11:48 -07:00
Eklavya Sharma 30892b2f99 Make makemessages.py pass mypy check. 2016-05-25 15:04:39 -07:00
Eklavya Sharma 1c04560def Re-enable pyflakes in linter and remove python 3 pyflakes errors. 2016-05-25 19:25:13 +05:30
Eklavya Sharma 459c6640bf Fix type annotations in zerver/lib/alert_words.py. 2016-05-24 14:12:11 -07:00
Eklavya Sharma 95d059bfb3 Fix typo in zerver/lib/actions.py. 2016-05-24 14:12:11 -07:00
Eklavya Sharma 508a080e08 do_change_bot_type: Add update_fields to user_profile.save(). 2016-05-24 13:21:44 -07:00
Umair Khan 82b5d9304b [third] Integrate i18next with Handlebars 2016-05-19 22:58:25 -07:00
Tomasz Kolek 8c18b8947f Add bot_type field to UserProfile.
This is intended to support creating different types of bots with
potentially limited permissions.
2016-05-19 22:37:37 -07:00
Umair Khan f9bbc5d6ff Enable i18n support in URL configuration.
This supports i18n using all of the following:
- I18N urls
- Session
- Cookie
- HTTP header
2016-05-19 08:33:30 -07:00
Tim Abbott b01196db86 to_log_dict: Add sender_id to logged fields. 2016-05-18 23:02:43 -07:00
Aristeidis Fkiaras 3ee210d9e8 Add setting to only allow admins create new streams.
Fixes: #691.

Thanks to Preston Hansen for work on this feature!
2016-05-18 18:53:13 -07:00
Tim Abbott e781136132 Fix subscribing to existing streams when can_create_streams=False.
Previously, a user with can_create_streams=False would be incorrectly
unable to subscribe to streams, whether the streams previously existed
or not.
2016-05-18 18:47:24 -07:00
Tomasz Kolek c4254497b2 Add WebhookTestCase abstract class for writing webhook tests.
This cuts a ton of code duplication and semi-duplication between the
webhook tests, and thus should make it a lot easier to write new ones.
2016-05-18 14:37:31 -07:00
Eklavya Sharma 98afe000ee Make zerver/lib/statistics.py pass mypy check. 2016-05-18 17:10:18 +05:30
Eklavya Sharma 0dcd8b387d Make zerver/lib/bugdown/fenced_code.py pass mypy check. 2016-05-18 17:10:17 +05:30
Eklavya Sharma 46757f07bf Make zerver/lib/actions.py pass mypy check. 2016-05-18 17:10:17 +05:30
Eklavya Sharma 16067b7013 Make zerver/views/webhooks/jira.py pass mypy check. 2016-05-18 17:10:17 +05:30
Tim Abbott c3985520e5 webhooks: Remove unnecessary get_client imports. 2016-05-13 12:25:12 -07:00
Tomasz Kolek db7ea8b484 Move getting client to api_key_only_webhook_view.
This decreases the amount of convention developers need to understand
in order to write a new webhook integration.
2016-05-13 12:22:38 -07:00
Umair Khan dfc58b0ed0 Upgrade digest email templates to Jinja2.
Fixes: #780
2016-05-13 01:01:28 +05:00
Tomasz Kolek eeeb4d0c92 Add CircleCI integration.
Fixes: #617.
2016-05-11 21:17:37 -07:00
Tim Abbott 2409ac9b2f cache: Add type annotations to active_*_dict_fields. 2016-05-10 11:48:03 -07:00
Tim Abbott f2aee961e1 test_auth_backends: Fix unused variables. 2016-05-10 11:46:39 -07:00
Tim Abbott 92bec8cfea Merge Zulip 1.3.12 security release. 2016-05-10 11:32:26 -07:00
Tim Abbott 9b65464b6b logout_all_users: Add option to logout deactivated users. 2016-05-10 09:50:57 -07:00
Tim Abbott 393159bbd8 queue: Disable RabbitMQ heartbeat in BlockingConnection.
Fixes #741.
2016-05-10 09:50:57 -07:00
Tim Abbott d82e44ecd0 queue: Refactor Pika credentials code to be a bit cleaner. 2016-05-10 09:50:57 -07:00
Tim Abbott 620debc5fd Change PrincipalError to return status code 403 by default. 2016-05-10 09:50:57 -07:00
Tim Abbott 85c64c9f93 zulip_login_required: Add checks for active users and realms.
Like the recent change blocking JSON endpoints for deactivated users
and users in deactivated realms, this change is a hardening
improvement.  Those users should be unable to get an active session
anyway, but if somehow one is leaked, this means they won't be able to
access any user data.
2016-05-10 09:50:57 -07:00
Tim Abbott be216506a9 Improve api_fetch_api_key error messages.
Previously, api_fetch_api_key would not give clear error messages if
password auth was disabled or the user's realm had been deactivated;
additionally, the account disabled error stopped triggering when we
moved the active account check into the auth decorators.
2016-05-10 09:50:57 -07:00
Tim Abbott 52ddd500f0 Add tests for authentication backends. 2016-05-10 09:50:57 -07:00
Tim Abbott 38c82083de Add test suite for deactivated users. 2016-05-10 09:50:57 -07:00
Tim Abbott df7466e893 Add test suite for deactivate realms. 2016-05-10 09:50:57 -07:00
Tim Abbott 76814f37a3 decorators: Block access to JSON endpoints for deactivated users.
While in theory users should be unable to get a valid session in order
to access these endpoints in the first place, this provides an extra
layer of hardering to prevent a deactivated user with a session from
accessing data via the old-style JSON API.
2016-05-10 09:50:57 -07:00
Tim Abbott b28b3cd65c CVE-2016-4427: Fix access by deactivated realms/users.
The security model for deactivated users (and users in deactivated
realms) being unable to access the service is intended to work via two
mechanisms:

* All active user sessions are deleted, and all login code paths
  (where a user could get a new session) check whether the user (or
  realm) is inactive before authorizing the request, preventing the
  user from accessing the website and AJAX endpoints.
* All API code paths (which don't require a session) check whether the
  user (and realm) are active.

However, this security model was not implemented correctly.  In
particular, the check for whether a user has an active account in the
login process was done inside the login form's validators, which meant
that authentication mechanisms that did not use the login form
(e.g. Google and REMOTE_USER auth) could succeed in granting a session
even with an inactive account.  The Zulip homepage would still fail to
load because the code for / includes an API call to Tornado authorized
by the user's token that would fail, but this mechanism could allow an
inactive user to access realm data or users to access data in a
deactivated realm.

This fixes the issue by adding explicit checks for inactive users and
inactive realms in all authentication backends (even those that were
already protected by the login form validator).

Mirror dummy users are already inactive, so we can remove the explicit
code around mirror dummy users.

The following commits add a complete set of tests for Zulip's inactive
user and realm security model.
2016-05-10 09:50:48 -07:00
Tim Abbott b31ac1eca9 Fix users in deactivated realms sending webhook messages.
In a deactivated realm, webhooks would still successfully send
messages, since there was no check for whether the realm was active in
api_key_only_webhook_view.
2016-05-10 09:50:48 -07:00
Tim Abbott 9da73b22d3 assert_json_error_contains: Support passing a status code.
Previously this test helper function hardcoded 400.
2016-05-10 09:50:48 -07:00
Tim Abbott 3cde06ea33 Add support for setting HTTP status codes in JsonableError. 2016-05-10 09:50:48 -07:00
Tim Abbott b4ccca300b Add tests for whether API keys appear in initial state data. 2016-05-10 09:50:47 -07:00
Tim Abbott 07fc47f953 CVE-2016-4426: Fix non-admin users having access to all bot API keys.
Long ago, there was work on an experimental integration model where
every user in a realm would have administrative control over all bots,
with the goal of simplifying the process of setting up communally
administered bots for smaller teams.  While that new model was never
fully implemented (and thus never setup as an option), an error in
that original implementation meant that the data on all bots in a
realm, including their API keys, was sent to the browsers of users via
the `realm_bots` variable in `page_params`.  The data wasn't displayed
in the UI for non-admin users, but was available via e.g. the
javascript console.

This commit updates this behavior to only send sensitive bot data like
API keys to the owner of the bot (and realm admins).

We may in the future implement a model simplifying communally
administered integrations, but if we do that, those bots should be
limited in their capabilities (e.g. only able to send webhook
messages).

This bug has been present since Zulip was released as open source.
2016-05-10 09:50:02 -07:00
Tim Abbott b869be9301 style: Use 'not in' consistently rather than `not foo in`. 2016-05-09 17:00:10 -07:00
Tim Abbott 43f167849b queue: Disable RabbitMQ heartbeat in BlockingConnection.
Fixes #741.
2016-05-09 10:23:28 -07:00
Tim Abbott 0c42fc2f8f queue: Refactor Pika credentials code to be a bit cleaner. 2016-05-09 10:23:28 -07:00
Tim Abbott 0161d2fddd Cleanup guardian-based complexity in get_realm_user_dicts.
The old code for this lookup was unnecessarily complicated because we
were working around Guardian, where the `is_realm_admin` check was
extremely expensive.
2016-05-09 10:12:35 -07:00
Tim Abbott 2a2cbd60c3 cache: Fix fragile active_bot_dicts_in_realm caching model.
The issue here is similar to that in the previous commit.
2016-05-09 10:12:35 -07:00
Tim Abbott fbc7e977ac cache: Fix fragile active_user_dicts_in_realm caching model.
Previously we relied on having two matching list of fields for the
get_active_user_dicts_in_realm, one in the actual code and the other
in the caching system.  By unifying these lists to have a single
source, we eliminate a class of caching bugs we might otherwise
regularly introduce.
2016-05-09 10:12:35 -07:00
Tim Abbott f02571202a EventsRegisterTest: display full error diffs. 2016-05-09 10:12:35 -07:00
Umair Khan 5359e6b0d4 Convert Zulip to use Jinja2 templates.
This results in a substantial performance improvement for all of
Zulip's backend templates.

Changes in templates:
- Change `block.super` to `super()`.
- Remove `load` tag because Jinja2 doesn't support it.
- Use `minified_js()|safe` instead of `{% minified_js %}`.
- Use `compressed_css()|safe` instead of `{% compressed_css %}`.
- `forloop.first` -> `loop.first`.
- Use `{{ csrf_input }}` instead of `{% csrf_token %}`.
- Use `{# ... #}` instead of `{% comment %}`.
- Use `url()` instead of `{% url %}`.
- Use `_()` instead of `{% trans %}` because in Jinja `trans` is a block tag.
- Use `{% trans %}` instead of `{% blocktrans %}`.
- Use `{% raw %}` instead of `{% verbatim %}`.

Changes in tools:
- Check for `trans` block in `check-templates` instead of `blocktrans`

Changes in backend:
- Create custom `render_to_response` function which takes `request` objects
  instead of `RequestContext` object. There are two reasons to do this:
    1. `RequestContext` is not compatible with Jinja2
    2. `RequestContext` in `render_to_response` is deprecated.
- Add Jinja2 related support files in zproject/jinja2 directory. It
  includes a custom backend and a template renderer, compressors for js
  and css and Jinja2 environment handler.
- Enable `slugify` and `pluralize` filters in Jinja2 environment.

Fixes #620.
2016-05-09 09:55:18 -07:00
Preston Hansen 635828069f Add feature to mark all in stream/topic as read with mouse.
Fixes #736.
2016-05-08 09:02:46 -07:00
Tim Abbott 6139e8948a travis: User REQ framework for extracting JSON payload. 2016-05-07 11:54:14 -07:00
Tim Abbott 678adc2048 webhooks: Use REQ more consistently in stream name parsing.
To avoid the potential for introducing regressions here, we carefully
pass a default to REQ or not based on how the existing webhook's
parsing code worked.  In the longer term, we'll want to make the
behavior consistent.
2016-05-07 11:54:14 -07:00
Tomasz Kolek c2de38239e Add payload validation to has_request_variables and REQ tasks.
[with tweaks by tabbott]
2016-05-07 11:54:09 -07:00
Tim Abbott c1a680e2a9 rate_limiter: Fix misplaced type annotation and cleanup code.
You don't put type annotations on return values.
2016-05-06 13:38:12 -07:00
Tim Abbott 4219a6779f socket: Initialize client_id to None by default.
This fixes an exception where client_id was never set in an error code
path.  It shouldn't be needed, but I think this makes the code clearer
and this will help in debugging the actual problem.

Related to #753.
2016-05-05 14:49:26 -07:00
Tim Abbott 191201bd10 Fix unnecessary whitespace between % and (. 2016-05-04 14:22:52 -07:00
Tim Abbott 54022ac204 Fix unnecessary whitespace between , and ). 2016-05-04 14:16:53 -07:00
Tim Abbott ae6037668a test_runner: Add debugging tips for missing test modules. 2016-05-03 12:33:47 -07:00
Tim Abbott bab267f332 test_runner: Improve error handling when importing test files.
The error message for a test file that doesn't import properly was
previously pretty difficult to understand and it wasn't clear how to
debug the issue.
2016-05-03 12:17:10 -07:00
rahuldeve 899bfb97ee Add tests for managing uploads in S3. 2016-05-02 22:14:47 -07:00
rahuldeve 01fb6c77a2 Add test for managing files in Local Storage. 2016-05-02 22:14:47 -07:00
rahuldeve dde832b158 Add Attachment model to keep track of uploads.
This commit adds the capability to keep track and remove uploaded
files.  Unclaimed attachments are files that have been uploaded to the
server but are not referred in any messages.  A management command to
remove old unclaimed files after a week is also included.

Tests for getting the file referred in messages are also included.
2016-05-02 22:14:47 -07:00
Tim Abbott 762a3188ee Fix missing whitespace after # in comments. 2016-05-02 22:10:47 -07:00
Tim Abbott d9e4968d6f Increase maximum URL length for RealmEmoji to 1000.
The default of 200 was shorter than the Camo URLs use by Zulip.
2016-05-02 19:02:56 -07:00
Tim Abbott 5bd94c15c7 Use camo to avoid mixed content warnings when displaying emoji. 2016-05-02 17:21:31 -07:00
Tim Abbott 65207477c4 bugdown: Annotate emoji handleMatch function. 2016-05-02 17:01:09 -07:00
Tim Abbott f06c8c7cc2 Update *.readthedocs.org => *.readthedocs.io.
ReadTheDocs has moved their hosting of user project websites to the
new readthedocs.io domain.
2016-04-29 16:00:08 -07:00
Tim Abbott 4644967afc dropbox preview: Remove preview_fail.png error condition.
Since we don't have a stable way to get the Dropbox preview failure
image (and it was sorta a weird setup anyway), it seems best to just
remove the condition.
2016-04-29 15:40:52 -07:00
Tim Abbott 4be3c4afd6 Use mocks so we can re-enable Dropbox integration tests. 2016-04-29 15:27:43 -07:00
Ashish Kumar 31408d639e Type annotation of zerver/lib/cache.py. 2016-04-29 14:43:48 -07:00
Ashish Kumar 48be2e33f8 Delete old route for /json/get_public_streams. 2016-04-29 12:57:57 -07:00
Ashish Kumar b5ab4d45f9 Replace /json/get_public_streams with REST style route. 2016-04-29 12:57:57 -07:00
Tim Abbott af4203b41b Stop using initial password for newly activated users.
Previously we needed to use a specified password when activating a
formerly mirror dummy user, in order for that user to be able to
(re)set their password and login.  Now that we have our own password
reset form, this is no longer required.
2016-04-28 14:28:09 -07:00
Tim Abbott 89d9060aab Add logging for failures in password reset form.
This may be useful for monitoring abuse issues.
2016-04-28 14:28:09 -07:00
Tim Abbott a0430c02ce Allow users who haven't set a password to set one.
Previously, if a user had only authenticated via Google auth, they
would be unable to reset their password in order to set one (which is
needed to setup the mobile apps, for example).
2016-04-28 14:27:43 -07:00
Antek Grzanka 646ea3214a Add Taiga integration. 2016-04-28 13:44:53 -07:00
Tim Abbott 755695d3c0 bugdown: Add type: ignore for fenced_code import.
This is a workaround to allow us to type-check files that depend on
this.  Ideally in the future we'll fix the type errors in
fenced_code.py.
2016-04-28 12:50:47 -07:00
Tim Abbott 7a81524c97 event_queue: Fix import from wrong file. 2016-04-28 12:46:21 -07:00
Tim Abbott 3e5ad69ffc Extract camo encoding to a library. 2016-04-27 22:23:40 -07:00
Tim Abbott aebe7334a4 style: Fix missing :s between dict keys and values. 2016-04-27 22:23:40 -07:00
Tim Abbott 02ab03ec7a MITNameTest: Mock network access from Hesiod lookups.
The purpose of these tests is to check the logic, not that DNS is
working on the relevant machine.
2016-04-27 22:23:40 -07:00
Tim Abbott c9359bd75a test_hooks: Fix missing assert_json_success checks.
Several recently merged webhooks were incorrectly not checking that
the actual webhook result didn't return an error.  While they would
usually still fail in most cases when checking whether the message
came back correctly, this hid the root cause errors and thus made it
much harder to debug.
2016-04-27 13:25:21 -07:00
Tim Abbott e6cfd917a5 Fix settings.RATE_LIMITING=False for webhooks.
We were incorrectly applying the rate limiting rules to webhooks even
if rate limiting was disabled (as in the test suite), causing test
failures when the total number of webhook tests in Zulip got too high.
2016-04-27 13:17:28 -07:00
Vladislav Manchev f5e6176aea Add custom realm emoji UI to administration page. 2016-04-26 13:15:54 -07:00
Tomasz Kolek 12fc4f047c test_helpers: Create get_last_message helper. 2016-04-26 09:54:02 -07:00
Tomasz Kolek 5fbda3a9c1 Add codeship integration. 2016-04-26 09:54:01 -07:00
David Payne 8c62a27769 Add teamcity webhook integration.
This integration relies on the Teamcity "tcWebHooks" plugin which is
available at
https://netwolfuk.wordpress.com/category/teamcity/tcplugins/tcwebhooks/

It posts build fail and success notifications to a stream specified in
the webhook URL.

It uses the name of the build configuration as the topic.

For personal builds, it tries to map the Teamcity username to a Zulip
username, and sends a private message to that person.
2016-04-26 09:45:26 -07:00
Tomasz Kolek c74483e69e github_webhook: change double quotes to single quotes for consistency. 2016-04-21 17:04:25 -07:00
Tomasz Kolek 09e40b27c2 github_webhook: throw an exception on unhandled events types. 2016-04-21 17:03:58 -07:00
Tomasz Kolek fafc9cb742 github_webhook: remove redundant parenthesis. 2016-04-21 17:02:49 -07:00
Tomasz Kolek 43b0cfaebc github_webhook: Use more one-line pythonic assignments. 2016-04-21 17:00:47 -07:00
Tomasz Kolek decb686255 github_webhook: factor out is_test_repository function. 2016-04-21 16:57:19 -07:00
Tomasz Kolek e1079d8475 github_webhook: extract the constants to the top of the file. 2016-04-21 16:56:44 -07:00
Tim Abbott ae047f8551 Fix slightly ugly login page URL of /login?next=/. 2016-04-21 14:59:39 -07:00
Tim Abbott 8a278cbe3a Switch to using a Zulip version of @login_required.
Currently the code is the unmodified Django upstream implementation;
this commit is preparation for modifying it.
2016-04-21 14:59:39 -07:00
Tim Abbott d9dba5d2c2 deactivate_realm: Improve error handling for unknown realm. 2016-04-21 09:02:00 -07:00
Tim Abbott c2237c60c0 deactivate_realm: Fix help string. 2016-04-21 09:02:00 -07:00
Tim Abbott d890011442 Add a script to reactivated deactivated realms. 2016-04-21 09:02:00 -07:00
Tim Abbott 79297898f1 Remove obsolete AppleDeviceToken model. 2016-04-20 21:51:52 -07:00
Tim Abbott 49799440a4 Replace use of django-guardian with fields on UserProfile.
As documented in https://github.com/zulip/zulip/issues/441, Guardian
has quite poor performance, and in fact almost 50% of the time spent
running the Zulip backend test suite on my laptop was inside Guardian.

As part of this migration, we also clean up the old API_SUPER_USERS
variable used to mark EMAIL_GATEWAY_BOT as an API super user; now that
permission is managed entirely via the database.

When rebasing past this commit, developers will need to do a
`manage.py migrate` in order to apply the migration changes before the
server will run again.

We can't yet remove Guardian from INSTALLED_APPS, requirements.txt,
etc. in this release, because otherwise the reverse migration won't
work.

Fixes #441.
2016-04-20 21:51:52 -07:00
Tim Abbott 28d1a3105c models: Add a __repr__ for Client. 2016-04-20 15:26:51 -07:00
Tim Abbott 552caf661a Caching: Fix 'update_fields' not being present in .delete() 2016-04-20 15:12:53 -07:00
Tim Abbott a72385246e Fix missing whitespace after '=' in python/js code. 2016-04-20 11:36:14 -07:00
David Payne ece96ef3fe Jira's "issue created" message should @-notify the assignee. 2016-04-20 10:54:30 -07:00
Tomasz Kolek 82f1cdb085 Add send_webhook_fixture_message command.
This tool simplifies the process of producing nice screenshots for
documenting webhook integrations.

Fixes #658.
2016-04-20 10:45:27 -07:00
Eklavya Sharma c7a93cba22 Add tests for checking image validity in SetAvatarTest. 2016-04-20 12:27:23 +05:30
Eklavya Sharma af7c3de5f5 Add SetAvatarTest to test_upload.py.
Test multiple file uploads for /json/set_avatar.
Test no file upload for /json/set_avatar.
Add test images for SetAvatarTest.
2016-04-20 12:23:22 +05:30
Eklavya Sharma 126273b1e7 Add a test for local file uploads. 2016-04-20 12:00:13 +05:30
Eklavya Sharma 4e18d856e3 Prevent 500 error when user uploads invalid avatar.
When uploaded avatar image is not a valid image file, PIL raises
IOError. Catch the IOError raised by PIL and raise JsonableError.
This will return a response with status code 400.
2016-04-20 12:00:13 +05:30
Eklavya Sharma 2d60a1d0f3 Move upload-related tests to test_upload.py.
Move S3Test, FileUploadTest and SanitizeNameTests from
test_external.py to test_upload.py.
2016-04-19 16:48:30 -07:00
Tim Abbott 78febc3abb Fix missing newlines at end of .txt files. 2016-04-14 14:36:29 -07:00
Tim Abbott 5195d1ecb7 Fix missing newlines at ends of JSON files. 2016-04-14 10:48:52 -07:00
Tim Abbott 1bf11f6b7f Split FileUploadTest out of S3Test.
S3Test is now only the S3-specific test (which isn't even run), so we
can now invest in making FileUploadTest have good coverage of the
(local) file upload code paths.
2016-04-14 10:35:10 -07:00
Tim Abbott 26463bb34d Fix nondeterministic subscriptions for default test users.
Previously, the UserProfile objects were created in the order
generated by a Set, which meant tests would randomly start failing if
the code that runs before this part of populate_db changed (and thus
caused the Set object used to pass users into bulk_create_users to
have a different order when enumerated).

This fixes the issue in two ways -- one by sorting the users inside
bulk_create_users, and second by attaching subscriptions to users
based on a deterministic ordering.
2016-04-13 13:19:02 -07:00
Tim Abbott f6edc21981 Change stream used in test_get_old_messages_with_only_searching_anchor.
This prevents this test from breaking when in a few commits we fix a
nondeterminism issue in the populate_db test fixtures.
2016-04-13 13:19:02 -07:00
Tim Abbott ffccb572f0 Don't autoreload Tornado when running inside test suite.
The restarted Tornado processes seemed to escape the process group and
thus continue running after run-dev.py finished.

While we're at it, we don't need to dump/reload event queues in the
test suite either.
2016-04-13 13:19:01 -07:00
Tim Abbott 47879c5e00 Fix nondeterminism in test_successful_subscriptions_add.
Previously this test would fail if the streams list generated by
populate_db contained more than 2 streams.
2016-04-13 13:18:24 -07:00
Tim Abbott fb55fcef1e Fix missing zerver/tests/__init__.py. 2016-04-11 22:34:22 -07:00
Tim Abbott be96cf809d Move Zulip backend tests to zerver.tests. 2016-04-11 22:16:09 -07:00
Ashish 1bf644369f Delete old route for json/update_active_status. 2016-04-11 21:38:23 -07:00
Ashish 78b9f45bf7 Delete old route for json/update_pointer. 2016-04-11 21:38:23 -07:00
Ashish 9429358795 Delete old route for /json/get_profile. 2016-04-11 21:38:23 -07:00
Ashish 42fe918138 Delete old route for json/get_old_messages. 2016-04-11 21:38:23 -07:00
Ashish cfefc94200 Delete old route for json/set_alert_words. 2016-04-11 21:38:23 -07:00
Ashish c0a218edfc Delete old route for /json/update_message_flags. 2016-04-11 21:38:23 -07:00
Ashish a12006d86f Replace /json/update_active_status with REST style route. 2016-04-11 21:38:23 -07:00
Ashish 6356584f84 Replace /json/update_pointer with REST style route. 2016-04-11 21:38:23 -07:00
Ashish b8ec8f5ef0 Replace /json/get_profile with REST style route. 2016-04-11 21:38:23 -07:00
Ashish cb8da46bbf Replace /json/get_old_messages with REST style route. 2016-04-11 21:38:23 -07:00
Ashish 8fc8717409 Replace json/set_alert_words with REST style route. 2016-04-11 21:38:22 -07:00
Ashish 41993ef2f5 Replace /json/update_message_flags with REST style route. 2016-04-11 21:38:22 -07:00
Ashish dac4e58b91 Changes REST API backend route for /json/change_enter_sends. 2016-04-11 21:11:51 -07:00
Tim Abbott b61d73fc93 Delete unused old StreamColor model. 2016-04-08 13:06:04 -07:00
Ashish 9cfa7d5765 Annotation of zerver/lib/handlers.py. 2016-04-08 11:18:36 -07:00
Ashish 86a8d3d0f5 Annotation of zerver/lib/rate_limiter.py 2016-04-08 11:18:36 -07:00
Ashish 2f8c717e52 List to tuple conversion for consistency in user rules zerver/lib/rate_limiter.py. 2016-04-08 11:18:35 -07:00
Ashish 8abca4f319 Annotation of zerver/lib/migrate.py 2016-04-08 11:18:35 -07:00
Ashish 038af80889 Annotation of zerver/lib/statistics.py 2016-04-08 11:11:58 -07:00
Ashish 2cf8731444 Annotation of zerver/lib/alert_words.py 2016-04-08 11:11:58 -07:00
Anindya Chakravarti f3d03d89b4 Add integration for Yo App.
[includes some small tweaks by tabbott]
2016-04-08 11:02:10 -07:00
Tomasz Kolek 44ed9da7f0 Add pingdom integration. 2016-04-08 10:36:29 -07:00
Varshit 4e1060076d Purge 'from typing import *' from zerver/.
This is a partial implementation of #636.
2016-04-07 14:07:07 -07:00
Eklavya Sharma 5f03c1444e Remove duplicate module zerver/views/webhooks.py.
Also move type annotations from zerver/views/webhooks.py to
appropriate files in zerver/views/webhooks.py.
2016-04-07 12:37:22 +05:30
Tim Abbott 75d134a9b2 Import tornado.autoreload explicitly.
Fixes #623.
2016-04-03 16:52:23 -07:00
Ashish 909b0635c8 Add management command to test sending email.
Fixes: #622.

[With cleanups/doc tweaks by tabbott]
2016-04-03 16:50:16 -07:00