This commit adds bottom margin to label elements of
settings inputs in personal, organization, stream
and group settings using the recently added
"settings-field-label" class.
Most of the settings are dropdown settings, so the
label for them already had a margin as they use
"dropdown-title" class.
There is no need to have hr element below the "Field choices"
heading in custom profile edit form and this also makes it
consistent with the new custom profile field form.
This commit removes classes like "title", "input-label"
and "emoji-theme" from label elements in settings and
modals as these are classes are neither used in JS
nor to apply any CSS.
The administrator fills out the API token field as e.g.
Bearer secret123
So let's write that as Bearer <token> to make it clear which part of
that expression is to be replaced.
These models should be one-to-one. Various bugs in the past have
leaked violations in both directions; we clean them up such that every
PreregistrationUser which is not a multi-use invite has exactly one
Confirmation object associated with it.
Fixes: #22025
The "invites" worker exists to do two things -- make a Confirmation
object, and send the outgoing email. Making the Confirmation object
in a background process from where the PreregistrationUser is created
temporarily leaves the PreregistrationUser in invalid state, and
results in 500's, and the user not immediately seeing the sent
invitation. That the "invites" worker also wants to create the
Confirmation object means that "resending" an invite invalidates the
URL in the previous email, which can be confusing to the user.
Moving the Confirmation creation to the same transaction solves both
of these issues, and leaves the "invites" worker with nothing to do
but send the email; as such, we remove it entirely, and use the
existing "email_senders" worker to send the invites. The volume of
invites is small enough that this will not affect other uses of that
worker.
Fixes: #21306Fixes: #24275
This prevents users from hammering the invitation endpoint, causing
races, and inviting more users than they should otherwise be allowed
to.
Doing this requires that we not raise InvitationError when we have
partially succeeded; that behaviour is left to the one callsite of
do_invite_users.
Reported by Lakshit Agarwal (@chiekosec).
Sahil Batra
Karl Stolley
N-Shar-ma
Alya Abbott
Anders Kaseorg
Aman Agrawal
Mateusz Mandera
Tim Abbott
Alex Vandiver