Commit Graph

52 Commits

Author SHA1 Message Date
Tim Abbott 3ee53d5de3 auth: Don't offer password reset links when useless.
If an organization doesn't have the EmailAuthBackend (which allows
password auth) enabled, then our password reset form doesn't do
anything, so we should hide it in the UI.
2017-10-24 12:07:43 -07:00
Greg Price a116303604 passwords: Express the quality threshold as guesses required.
The original "quality score" was invented purely for populating
our password-strength progress bar, and isn't expressed in terms
that are particularly meaningful.  For configuration and the core
accept/reject logic, it's better to use units that are readily
understood.  Switch to those.

I considered using "bits of entropy", defined loosely as the log
of this number, but both the zxcvbn paper and the linked CACM
article (which I recommend!) are written in terms of the number
of guesses.  And reading (most of) those two papers made me
less happy about referring to "entropy" in our terminology.
I already knew that notion was a little fuzzy if looked at
too closely, and I gained a better appreciation of how it's
contributed to confusion in discussing password policies and
to adoption of perverse policies that favor "Password1!" over
"derived unusual ravioli raft".  So, "guesses" it is.

And although the log is handy for some analysis purposes
(certainly for a graph like those in the zxcvbn paper), it adds
a layer of abstraction, and I think makes it harder to think
clearly about attacks, especially in the online setting.  So
just use the actual number, and if someone wants to set a
gigantic value, they will have the pleasure of seeing just
how many digits are involved.

(Thanks to @YJDave for a prototype that the code changes in this
 commit are based on.)
2017-10-08 15:48:44 -07:00
Rishi Gupta 75337258a8 accounts-settings: Reassure user if they do not have a password for API key. 2017-08-28 20:39:53 -07:00
Brock Whittaker 25e5a10a5b unicode: Replace "×" with HTML and HEX entities.
This refactors and fixes unicode issues where entities don't display
properly due to being a special character that seems to be rendered
incorrectly in a non-deterministic way every time.
2017-08-22 16:31:53 -07:00
Tim Abbott 1e5aee054b settings: Migrate main settings-change code to API.
This was one of the few major remaining endpoints that were still on
the old-style legacy API.
2017-07-31 13:08:06 -07:00
Rishi Gupta ace67c6669 settings: Remove tooltip for user settings -> full name.
It's hinted in the registation process, and as long as one person in the
realm does it, everyone else will know. The tooltip also draws too much
visual attention.
2017-07-24 17:33:14 -07:00
Rishi Gupta 481c85fb48 settings: Update text in templates. 2017-07-24 17:33:14 -07:00
Brock Whittaker 0d3ea50379 settings: Change .btn => .button components.
This changes all of the old bootstrap .btn buttons in the settings UI
to the new .button classes that they should be.
2017-07-17 17:20:09 -07:00
Vaida Plankyte c9bc803118 frontend: Change inaccurate aria-hidden assignments on buttons.
This either removes aria-hidden=true assignments from buttons with
text, or adds a span to only hide the 'x' symbol rather than the
button for closing buttons.
2017-07-17 16:40:28 -07:00
Brock Whittaker e5e73f364b settings: Change [Change] button styles. 2017-07-17 16:18:46 -07:00
Brock Whittaker 563847e5fe settings: Redesign and responsively fix account settings.
This makes the avatar portion more responsive and efficient on many
screen settings and also fixes some of the design incongruences present
on the page.
2017-07-17 16:18:31 -07:00
Vaida Plankyte 1675867f30 frontend: Make ID assignments unique. 2017-07-14 14:45:09 -07:00
Vishnu Ks f2e6e16fe4 account-settings: Include password length and quality data attributes. 2017-07-07 14:48:06 -07:00
vaibhav d9bc3932ec settings: Move "download personal API key" from "your-bots" to "your account"
Fixes: #5355.
2017-06-20 15:46:23 -04:00
Brock Whittaker 5606435a90 components: Make button component styles sensible.
This removes the old base button style which was a blue button and
kills the unnecessary .white class which was essentially just acting as
the new button base.

This then removes all references throughout the settings/subscriptions
pages to those button styles.

This also fixes the strange button styles that changed the :hover and
:active opacity to 0.05 which led to unpredictable results on various
backgrounds.
2017-06-08 17:09:31 -07:00
Brock Whittaker ed767481f5 settings: Clean up organization and user settings pieces.
This cleans up the styling of the organization and the user settings
components to be more responsive and have more consistent styling with
the rest of the overlays.
2017-05-17 12:08:31 -07:00
Brock Whittaker 478011c0af Remove headers from templates. 2017-05-11 17:49:26 -07:00
fionabunny d3e7e6542a home.py: move user_profile full_name to register_ret.
Move the user_profile data section down into fetch_initial_state_data
so it entirely pulls from register_ret for #3853.
2017-04-28 23:31:28 -07:00
Tim Abbott c4eeb13353 account-settings: Always display the medium-size avatar. 2017-04-28 23:09:32 -07:00
fionabunny b7c6d46bf9 home.py: move password_auth_enabled as realm_password_auth_enabled.
Part of #3853.
2017-04-28 21:23:48 -07:00
Tim Abbott a0e276c54a settings: Fix autocomplete in email change form. 2017-04-28 14:39:18 -07:00
Aditya Bansal e961d6a834 Clean account-settings.handlebars to use 4 space indents. 2017-04-26 00:16:22 -07:00
digi0ps 8fb9d2bff3 settings: Redesign settings/administration panel buttons.
This redesigns all the ugly bold-colored buttons in the settings and
administration pages.
2017-04-25 16:33:59 -07:00
digi0ps a935325420 settings: Fix positioning of user upload spinner.
Previously the "Uploading" text was floating outside the upload
widget.

Fixes #4223.
2017-04-05 12:22:15 -07:00
Brock Whittaker 5501dafd2f settings: Fix avatar settings 'float' property.
This fixes the float of the avatar box so it does not visually
extend past the .settings-section container.
2017-04-04 17:53:40 -07:00
Yago González 2f5addc174 i18n: Add missed strings. 2017-03-27 14:30:28 -07:00
Amala Deshmukh e1624fae0b settings: Explain that users can spell their name how they like.
Fixes #2944.
2017-03-17 14:53:20 -07:00
Raghav Jajodia b0e2c4ffee settings: refactor code to hide "Email Change" button.
Previously, the code to hide "Change email" button on page load when
email changes are disabled was present in settings.js using jquery to
hide the button. Now, the show/hide is handled in the account-settings handlebars.
2017-03-14 14:43:35 -07:00
Raghav Jajodia ef7e15ee00 admin: Add realm option to prevent users from changing their name.
A realm option to prevent users from changing their name is added.
Fixes #3950.
2017-03-14 14:10:08 -07:00
Tim Abbott 900891b072 settings: Rename settings-status to account-settings-status. 2017-03-10 10:53:06 -08:00
Raghav Jajodia 05f0d1953b account-settings: Removed 'Updated settings' message from admin.
The 'Updated Settings' message we get at the bottom
of admin-page when we change the name is removed.
Fixes #3815.
2017-03-10 10:53:06 -08:00
Umair Khan 523f8ecd79 capitalization: Fix Upload New Avatar. 2017-03-08 12:33:37 -08:00
Umair Khan 1863ce41f1 capitalization: Fix Delete Avatar. 2017-03-08 12:29:07 -08:00
Umair Khan 780e3d8d12 capitalization: Fix Deactivate Account. 2017-03-08 12:29:07 -08:00
Umair Khan 33325d94ab capitalization: Fix Change Password. 2017-03-08 12:29:07 -08:00
Raghav Jajodia cd2d798498 admin: Added realm option to prevent users from changing their email.
A realm option to prevent users from changing their email address is added.
Fixes #3777.
2017-03-04 17:32:48 -08:00
Umair Khan 5bf83f9e0a change-email: Implement confirmation flow.
This adds to Zulip support for a user changing their own email
address.

It's backed by a huge amount of work by Steve Howell on making email
changes actually work from a UI perspective.

Fixes #734.
2017-02-23 03:15:17 -08:00
Tim Abbott e15a661720 accounts: Remove unhelpful avatar size advice. 2017-02-22 22:50:16 -08:00
Brock Whittaker c7349178f0 Re-add "Delete Avatar" button to "Your account".
This re-adds the deleted "Delete Avatar" button back to the
settings/your-account tab view in the overlay, which only appears
if you do not currently have a gravitar.
2017-02-22 22:50:16 -08:00
Tim Abbott 7a76f3dcc8 settings: Redesign the account settings template.
This is technically part of the settings page redesign in the next
commit, but it's probably useful to keep separate, since it touches
totally different code.
2017-02-09 23:33:28 -08:00
Steve Howell ee00d848b9 refactor: Eliminate use of page_params.fullname.
We now use people.my_full_name().
2017-01-21 21:45:12 -08:00
Tim Abbott 86ddd2277e Fix capitalization in 'Deactivate your account'. 2017-01-16 18:00:10 -08:00
Tim Abbott 9921f3279f Fix capitalization in 'Deactivate account'. 2017-01-16 18:00:10 -08:00
Tim Abbott 8dc96166fd Fix capitalization in 'Your account'. 2017-01-16 18:00:10 -08:00
Tim Abbott ab75b41a6f Fix capitalization in 'Save changes'. 2017-01-16 18:00:10 -08:00
Tim Abbott 0667ae5d26 Fix capitalization in 'Change password'. 2017-01-16 18:00:10 -08:00
Brock Whittaker 71dd9387f8 Removing #full_name IDs.
There was a duplicate #full_name ID being added many times in tables.
They should be removed because they are not being called anywhere and
should not exist in multiples.
2016-12-29 16:15:14 -08:00
Brock Whittaker a9e49338de Change #name_change_container to class.
This changes the selector #name_change_container to a class because
there should never be more than one of an ID.
2016-12-29 16:15:14 -08:00
Sampriti Panda 425a55e568 settings: Implement delete avatar functionality 2016-12-21 13:35:22 -08:00
Amy Liu 3ee777a11a Add UI for deactivating your own Zulip account.
Fixes #1009.
2016-10-20 22:29:30 -07:00