Commit Graph

37003 Commits

Author SHA1 Message Date
Anders Kaseorg 333f7d16c9 logging: Pass more format arguments to logging.
Commit bdc365d0fe (#14852) missed this
because of https://github.com/returntocorp/semgrep/issues/831.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-05-26 11:42:23 -07:00
Anders Kaseorg 824d97987b process_fts_updates: Use cursor.execute correctly.
Commit b501d04f6a (#14841) missed this
because of https://github.com/returntocorp/semgrep/issues/831.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-05-26 11:42:23 -07:00
Anders Kaseorg 840cf4b885 requirements: Drop direct dependency on mock.
mock is just a backport of the standard library’s unittest.mock now.

The SAMLAuthBackendTest change is needed because
MagicMock.call_args.args wasn’t introduced until Python
3.8 (https://bugs.python.org/issue21269).

The PROVISION_VERSION bump is skipped because mock is still an
indirect dev requirement via moto.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-05-26 11:40:42 -07:00
YashRE42 7f1cafd108 navbar: Remove redundant .emoji styles from scss.
This commit fixes the alignment of emoji in the navbar by removing a
redundant style which was breaking the emoji alignment.

This block is probably just a remanent from WIP development of this
version of the navbar & its inclusion on master was as an oversight.
2020-05-26 12:49:06 -04:00
Steve Howell ea0810e13f search tests: Create users up front.
This creates a little bit of noise in some
tests where we don't care about users, but
it's worth avoiding confusion about which
users exist at which time.  Also the noisy
aspects here may actually catch regressions.

Finally, if the noise gets annoying, we can
do things like rename "Ted" not to collide
with the "Test" stream.
2020-05-26 10:47:59 -04:00
Steve Howell 0cc5a8e185 search tests: Add a "myself" user.
Using "bob" as the current user was a bad
choice, as our convention is to use "me" or
"myself" or "alice" for the current user.

It also particularly complicated the tests
around Group PMs.

Now we have both "bob" and "myself", which
makes the intentions of the tests a little
more clear.
2020-05-26 10:47:59 -04:00
Tim Abbott 117677d97e i18n: Translate Unmute in muted topics UI. 2020-05-25 18:26:36 -07:00
Tim Abbott 5a9e834571 settings: Fix missing Emoji settings translation tag.
Fixes part of #15044.
2020-05-25 18:24:16 -07:00
Tim Abbott 463f1503fc Revert "markdown: Process fenced code blocks in blockquotes."
This reverts commit 7002f98ea1.

This failed tests due to some sort of conflict with a recent
python-markdown upgrade.
2020-05-25 18:13:03 -07:00
Rohitt Vashishtha 7002f98ea1 markdown: Process fenced code blocks in blockquotes.
We handle fenced code blocks in a preprocessor, and > style blockquotes
are parsed in a blockprocessor. Pymarkdown doesn't run the preprocessors
again on any blocks that it is parsing, and is unlikely to accept our
solution upstream; they intend to convert fenced_code to a block parser.

We simply run all the preprocessors on the text again, with the exception
of NormalizeWhitespace which removed delimiters used by HtmlStash to mark
preprocessed html code. To counter this, we subclass NormalizeWhitespace
and use our customized version for when it is called from a blockparser.

Upstream issue: https://github.com/Python-Markdown/markdown/issues/53

Fixes #12800.
2020-05-25 17:35:10 -07:00
arpit551 439f0d3004 install: Ad production support for Zulip on Ubuntu Focal.
Install script now runs on Focal.  Python 2 is now installed via the
`python2` package in Focal.
2020-05-25 16:58:42 -07:00
arpit551 3971824d04 puppet: suppress puppet warnings with ruby 2.7.
Ubuntu Focal comes with ruby 2.7 and the latest puppet
has some issues with it so to suppress puppet
warnings with ruby 2.7 we added  RUBYOPT = "-W0" in
the environment.
2020-05-25 16:56:11 -07:00
YashRE42 669f482b0d icons: Switch from text-o to code-o for view source / edit topics.
This commit replaces fa-file-text-o with fa-file-code-o which is a
better signal for the "view source" action. It also deletes a single
line comment that had suggested the change once we moved into font
awesome 4, which Aditya Bansal <adi.bansal241996@gmail.com> helped
out in doing, first via
91962aa6ab and most recently via
75ae94e459 with several commits in
between.
2020-05-25 16:19:50 -07:00
sahil839 1aebf3cab9 actions: Merge do_change_is_admin and do_change_is_guest.
This commit merges do_change_is_admin and do_change_is_guest to a
single function do_change_user_role which will be used for changing
role of users.

do_change_is_api_super_user is added as a separate function for
changing is_api_super_user field of UserProfile.
2020-05-25 16:17:10 -07:00
Mateusz Mandera b66dc9de50 saml: Support IdP-initiated SSO. 2020-05-25 16:09:30 -07:00
Mateusz Mandera f2d052bff8 tests: Flush session before a simulated cross-domain POST in saml tests.
This is important, because lack of this meant that the POST request in
our tests still had the old session, with various params stored in it.
This mechanism doesn't work in reality in SAML, so the backend uses
redis to store and recover the params from redis. Without flushing the
session, these tests would fail to catch some breakages in the
redis-based mechanism.
2020-05-25 15:53:15 -07:00
sahil839 2af4ef6c6d message_events: Fix live update of message edit history.
This commit adds code to live update the message edit history.
Message edit history is fetched and rendered again if the edit
history modal is open.

This also adds 'data-message-id' attribute to 'message-history'
when opening history modal element which is used for checking
whether the history modal opened is of the message which is
edited.

Fixes #15051.
2020-05-25 15:51:01 -07:00
Sanskar Bajpai 3aa74b67a0 stream_color: Rename the color picker button to confirm.
Tweaked by tabbott to add i18n tags.

Fixes part of #15039.
2020-05-25 15:42:34 -07:00
Mateusz Mandera 13c3eaf086 rate_limit: Restrict tornado backend to explicitly specified domains.
This will protect us in case of some kinds of bugs that could allow
making requests such as password authentication attempts to tornado.
Without restricting the domains to which the in-memory backend can
be applied, such bugs would lead to attackers having multiple times
larger rate limits for these sensitive requests.
2020-05-25 15:40:00 -07:00
Vishnu KS ad99bba121 billing: Add emojis to /upgrade page. 2020-05-24 17:35:17 -07:00
Vishnu KS 8b3eb9a846 landing: Add option to show custom navbar message. 2020-05-24 17:34:03 -07:00
Siddharth Varshney 89539d6fb5 stream-popover: Change design of stream popover.
Extracts the stream name from the list items and display
it in the popover title.
2020-05-24 17:28:51 -07:00
Siddharth Varshney 309ab0eb6f topic-popover: Change design of topic popover.
Extracts the topic name from the list items and display
it in the popover title.

Add a seperator between normal user and admin only options.
2020-05-24 17:28:50 -07:00
Dinesh 288921d425 auth: Log when a user tries to login with deactivated account.
Helps to see if users are often trying to login with deactived
accounts.
A use case: Trackdown whether any deactivated bot users are still
trying to access the API.

This implementation adds a new key `inactive_user_id`
to `return_data` in the function `is_user_active` which
check if a `user_profile` is active. This reduces the effort
of getting `user_id` just before logging.

Modified tests for line coverage.
2020-05-24 17:27:19 -07:00
Aman Agrawal 91c7ea2275 test_reactions: Cache stores reactions data after formatting.
Reactions data should always be formatted before it saved in cache,
otherwise clients receive malformed data.

This is followup on a53daa6f8c
2020-05-24 17:03:30 -07:00
Mateusz Mandera dac4a7a70b saml: Figure out the idp from SAMLResponse.
Instead of plumbing the idp to /complete/saml/ through redis, it's much
more natural to just figure it out from the SAMLResponse, because the
information is there.
This is also a preparatory step for adding IdP-initiated sign in, for
which it is important for /complete/saml/ to be able to figure out which
IdP the request is coming from.
2020-05-24 16:40:28 -07:00
Mateusz Mandera c74f8363e2 saml: Gracefully handle bad SAMLResponses. 2020-05-24 16:40:28 -07:00
Pragati Agrawal d333d82693 stream settings: Move the "Saving" widget to "Personal settings" block.
Rather than showing the "Saving" widget beside stream name, it's more
intuitive to have it in personal settings section because it's the only
section which uses `settings_ui.do_settings_change` function and we follow
having a separate "Saving" widget for each section everywhere.
2020-05-24 16:32:36 -07:00
Pragati Agrawal 55db6ed1e3 stream settings: Fix "Saving" widget for Muted streams.
"Saving" widget was working for all personal stream settings but "Mute
notifications". This was because the change to the "Mute" property follows
a slightly different path.
2020-05-24 16:32:36 -07:00
Pragati Agrawal f7a886d821 stream settings: Add label for `regular_subscription_settings`.
Added the label for `regular_subscription_settings` as "Personal settings".
2020-05-24 16:32:36 -07:00
Pragati Agrawal ce23892aec stream settings: Move stream-email-box from regular_subscription_settings.
`stream-email-box` doesn't fit into `regular_subscription_settings` div,
therefore moved `stream-email-box` out of it.
2020-05-24 16:32:36 -07:00
Pragati Agrawal 441f9f43e7 templates: Extract help link widget.
This block of html is used at many places so it's a good idea to create a
template for it.
2020-05-24 16:32:36 -07:00
Tim Abbott a53daa6f8c message: Fix malformed reaction data.
After a message was reset in our caches cache via message editing or
adding/removing a reaction, we were sending corrupt data to the cache
because build_message_dict (and thus build_dict_from_raw_db_row) was
improperly being called before sewing in the reaction data.

As a result, we were sending raw database data in the reaction
dictionaries, rather than the reformatted version expected by the API.

Bug introduced in 2a4c62a326.

Fixing this correctly required moving the rendering_realm_id logic one
step higher in the call chain, which is a useful refactoring anyway
(since we're no longer passing a `Message` object down)
2020-05-21 14:09:53 -07:00
Tim Abbott c192461c1b docs: Fix setup-advanced git clone instructions.
This should help ensure everyone uses the SSH key approach for Git
authentication; the HTTPS one is basically unusable as one has to
provide one's GitHub password after every command.
2020-05-21 13:05:59 -07:00
Tim Abbott 1058c08623 narrow: Fix a typo in the then_select_id comment. 2020-05-21 12:41:55 -07:00
Rohitt Vashishtha 648307ef33 rendered_markdown: Add rendering functions for timestamps.
This code generates the timestamp string to be shown to the user
from the given timestamp in unix format using moment.js.

We also render the timestamp in a pill.
2020-05-21 12:37:37 -07:00
Rohitt Vashishtha 44afcb8d64 rendered_markdown: Add comment explaining the use of this module. 2020-05-21 12:37:34 -07:00
Rohitt Vashishtha 2efe9f7942 rendered_markdown: Add tests for emoji.
This brings test coverage for rendered_markdown to 100%.
2020-05-21 12:37:32 -07:00
Rohitt Vashishtha 0cbb05c5bc rendered_markdown: Add tests for stream-links. 2020-05-21 12:37:30 -07:00
Rohitt Vashishtha 0c260e014a rendered_markdown: Add tests for user-group-mention. 2020-05-21 12:37:26 -07:00
Rohitt Vashishtha 1a454e2137 rendered_markdown: Add tests for user-mention.
We also add a hacky jquery array creator because zjquery doesn't
support $().each() yet.
2020-05-21 12:37:23 -07:00
Rohitt Vashishtha 84b2952606 zjquery: Support empty find results. 2020-05-21 12:32:52 -07:00
Rohitt Vashishtha bb579742a2 markdown: Move helper function to rendered_markdown.js. 2020-05-21 12:32:52 -07:00
Rohitt Vashishtha fa9431c0a4 markdown: Extract rendered_markdown.js to update dynamic elements.
Previously, we handled this code only in message_list_view.js.
Now we support rendering stream descriptions and some dynamic
elements can be rendered in them, so we extract this new module
and use it in both the places.
2020-05-21 12:32:52 -07:00
Hemanth V. Alluri ab03659095 webhooks/github: Provide more detailed info for unexpected events.
Signed-off-by: Hemanth V. Alluri <hdrive1999@gmail.com>
2020-05-21 12:31:43 -07:00
Rohitt Vashishtha 88367a129c markdown: Disable tex and latex for math rendering.
We now parse tex and latex as regular languages, highlighting them
with pygments. We only allow 'math' to trigger latex rendering,
which is in line with the documentation.
2020-05-21 12:30:27 -07:00
Mateusz Mandera e2262b0b64 queue_processors: Log time spent getting data for url in embed_links. 2020-05-21 12:13:46 -07:00
Tim Abbott e59a2a23c3 portico: Fix a few issues with /for/research. 2020-05-20 17:57:22 -07:00
Tim Abbott ef1cdf87ce portico: Add first a quote to /for/research.
We'll add more later, at which point we'll need to add the carousel
widget, but this is the first one that came in.
2020-05-20 17:47:01 -07:00
Tim Abbott 39be75e06d portico: Add draft /for/research page.
Currently unlinked as this is pretty rough and needs feedback.
2020-05-20 17:20:27 -07:00