For users who are not authenticated, we don't need to 2fa them,
we only need it once they are trying to login.
Tweaked by tabbott to be much more readable; the new style might
require new test coverage.
We set wildcard_mention_policy in the test database so that we can
avoid future changes in mention puppeteer tests, as the default
membership of streams in the Zulip development organization is large
enough to prevent random users from using wildcard mentions.
We add a new wildcard_mention_policy setting to handle wildcard
mentions in large streams, with a wide range of policies available to
organizations.
We set the default to the safe option for preventing accidental spam:
only stream administrators being able to use wildcard mentions in
large streams.
We rename all_everyone_warn_threshold to
wildcard_mention_large_stream_threshold as we would
be adding wildcard_mention_policy and this
constant will also be used to show error
in case when wildcard_mention_policy is set
to admins only.
This prevents the memcached connection from being shared across
multiple processes, and hopefully addresses unexpected behavior from
cached functions like get_user_profile_by_id invoked inside the worker
processes.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
For dropdown elements, use bootstrap styling. The styling
was not applied by default from bootstrap since we
use a combination of dropdown + simplebar for this element.
This doesn't match the expected structure of elements by
bootstrap since simplebar inserts elements of its own.
The style is same as in bootstrap v2.3.2 for
.dropdown-menu > li > a.
This reverts commit 5275d49f05
(effectively), which created more problems than it solves. #8484 is
not a bug: a newline can be included literally with no escaping within
POSIX quotes. Meanwhile, $"" is a bashism, and not even the correct
bashism: it translates strings using the LC_MESSAGES catalog. If the
user wants to do something complicated, they can consult the
documentation for their shell.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
The rabbitmq cron jobs exist in order to call rabbitmqctl as root and
write the output to files that nagios can consume, since nagios is not
allowed to run rabbitmqctl.
In systems which do not have nagios configured, these every-minute
cron jobs add non-insignificant load, to no effect. Move their
installation into `zulip_ops`. In doing so, also combine the cron.d
files into a single file; this allows us to `ensure => absent` the old
filenames, removing them from existing systems. Leave the resulting
combined cron.d file in `zulip`, since it is still of general utility
and note.
We call build_message_send_dict from check_message instead of
do_send_messages.
This is a prep commit for adding a new setting for handling
wildcard mentions in large streams.
We extract the loop for building message dict in
do_send_messages in a separate function named
build_message_send_dict.
This is a prep commit for moving the code for building
of message dict in check_message.
There is a bug where we send event for even
those messages which do not have embedded links
as we are using single set 'links_for_embed' to
check whether we have to send event for
embedded links or not.
This commit fixes the bug by adding 'links_for_embed'
in message dict itself and send the event only
if that message has embedded links.
There is a bug in invite flow, where the button text resets
to incorrect text after the invitation process is completed.
This bug is because we are using $().button("reset") to
reset the button text, but the data-reset-text attribute of
button is not changed when toggling between multi-use link
invite and email invites.
This bug can be fixed by setting data-reset-text attribute
in a way similar to the way we set data-loading-text attribute
on toggling between multiuse and normal invites.
But according to the bootstrap docs,"reset" method was removed
in v4.0 (https://getbootstrap.com/docs/4.0/migration/#buttons).
Though we are not using Bootstrap v4.0 as of now, but it is
good to remove such methods as it will help in future when we
would upgrade to later bootstrap versions.
So instead of fixing this by above mentioned patch, we are
fixing this by removing "reset" method and instead using simple
jquery to reset the text and enable the button after the invite
process is completed.
As explained in the previous commit, yamole preprocessed allOf with an
algorithm that is not standards compliant. We replicate that
algorithm, but importantly, we only use it for our own code and not
for building the openapi_core RequestValidator.
This improves the time taken by OpenAPISpec().check_reload() from
1.69s to 0.53s, nearly all of which is inside
openapi_core.create_spec.
Closes#10484. Significantly improves #16068.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
yamole preprocesses our schema by naïvely merging all the objects in
an allOf array together, but this fails to capture the meaning of
allOf according to the OpenAPI specification. allOf is supposed to be
a strict logical intersection of each subschema interpreted
independently. It does not combine their properties maps before
interpreting additionalProperties. So according to the old definition
of JsonSuccess, every response is invalid:
allOf:
- additionalProperties: false
properties:
result:
type: string
- required:
- result
- msg
properties:
msg:
type: string
because the first subschema disallowed msg and the second subschema
required msg.
To fix this, whenever we use allOf for schema “inheritence”, the base
schema must not specify additionalProperties, and the child schema
must explicitly list all properties recursively inherited from the
base schema in any subschema that uses additionalProperties.
Fixes#16109.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
This commit introduces the UI model for the 'view in playground' feature.
The option is a 1-click UX if only one playground link has been configured
for the programming language in the code block. If multiple such playgounds
have been configured, we display a popover with the different playground
options.
The actual code extraction logic occurs here and we set the target href
combining the url_prefix and the extracted code for both these scenarios.
Fixes: #11618
In case of previews, we tweak the positioning a bit more
to the right.
The previous styling also had the focus-within action
which isn't needed here as hovering over the codeblock
is enough to display both the icons.
The Pygments language used is extracted from the data-attribute attached
to the outer `div` element. This option is displayed if the playground
mapping for that language can be found.
The UI model which does the actual code extraction and displaying the
popover is done in a future commit.
This is being hardcoded just for the prototype, post which we should add
support for realm admins to configure their own choices. The structure
here is similar to what we eventually want in the configuration API.
In c563cdba61 we imported the generated
pygments data from outside `/shared` folder. This had a couple of
problems:
* Using `require` was the wrong way to do the import in ES6 modules.
* Since we get the data from outside `/shared`, clients like
zulip-mobile would not receive it - this case had to be handeled.
Here, we fix the above problems by receiving the data when initializing
through fenced_code.initialize, and when the pygments data structure is
empty (for zulip-mobile) we fallback to the old header structure without
the data-code-language tag.
Also, this commit does a small refactor to improve the way we fetch
canonicalized_alias from pygments_data.
Tests amended.