Commit Graph

41825 Commits

Author SHA1 Message Date
Anders Kaseorg 0868641ea4 Revert "static: Make alert-box available for portico pages."
This reverts commit a00f5dd90e (#17801).

That commit introduced a regression in the portico pages as described
in commit 85b3157b47.  Since that fix
introduced a regression of its own, we need to revert both commits for
now.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-04-01 15:25:23 -07:00
Anders Kaseorg 6a877890b8 Revert "css: Fix webapp alert styling incorrectly applying to portico."
This reverts commit 85b3157b47.

This broke the × button on Blueslip alert boxes, because @extend does
not work across different PostCSS compilation units.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-04-01 15:25:23 -07:00
Anders Kaseorg 2595fa88a0 setup: Use the number of completed password changes for race detection.
The start time of the last password change was the wrong time to use,
because we could start a password change, start another request,
finish the password change, and then observe that the other request
failed due to the password change.

We could use the end time, but a counter is more robust to
sub-millisecond race conditions.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-04-01 13:49:02 -07:00
Tim Abbott b8eb3d676a recent topics: Clarify label for filter box.
* We shouldn't use "Search" when we mean "Filter".  Filter is correct
  here, since we are just showing a subset of what's otherwise shown,
  and won't find anything that's older (or whatever).
* The stream/topic wording was unnecessary; the things we're filtering
  are topics (E.g. "Filter users" might look at name/email, and is the
  right label, not "Filter name/email").
2021-04-01 13:27:30 -07:00
Tim Abbott 68be06deda docs: Clean up installer troubleshooting help guide.
* Remove references to the defunct zulip-help Google Group.
* Mention how to create a code block.
* Use nicer markdown syntax for links.
2021-04-01 12:10:30 -07:00
Tim Abbott 80abc3f829 mailmap: Document Alya's old email address. 2021-04-01 11:24:03 -07:00
Tim Abbott 0723ba4cc4 sanity_check: Improve output for manual installation.
We should still display the `source` advice when not in Vagrant or a
Droplet, since that's an important hint for anyone using local
installation on Linux.

We move the "If you are using Vagrant..." text a bit after to
highlight things nicely for folks who are running tools outside
Vagrant.

Also tighten text to avoid line-wrapping on an 80 character console.
2021-04-01 10:54:56 -07:00
Tim Abbott c768f7ae63 docs: Clean up Git guide article on working copies.
* repo => repository for more standard language.
* Delete 3 repeats of explaining the origin/upstream/local.
* Add some links.
* Update `git pull` language for rebase changes.
2021-04-01 10:16:29 -07:00
Tim Abbott 08116a17b0 typing: Move to parameter validation to view code. 2021-04-01 08:30:47 -07:00
Tim Abbott 2a8e9db8f1 typing: Remove obsolete block comment.
The legacy feature described here was removed in
d5cc29755e.
2021-04-01 08:13:23 -07:00
Dinesh ddca602123 typing_notifications: Do op validation in view function.
Instead of validating `op` value later, this commit does that
in `REQ`.

Also helps avoiding duplication of this validation when
stream typing notifications feature is added.
2021-04-01 07:50:02 -07:00
Dinesh 2d40224bb6 api docs: Fix incorrect comment in delete_stream documentation. 2021-04-01 07:49:42 -07:00
Riken Shah 7d64fc9bff puppeteer_tests: Display the number of tests completed after each run. 2021-04-01 07:47:26 -07:00
Riken Shah f6998d6fee puppeteer_tests: Remove sequential numbers from test files.
The only downside of this is that it makes it harder to control the
order of these tests; which isn't that important.  And the structure
of naming each with its test order fundamentally requires renaming
files when adding/deleting tests, so if we want to control the default
test order, we'd be better off doing that by just hardcoding a list in
the test runner code.
2021-04-01 07:46:13 -07:00
YashRE42 e05935a292 narrow_banner: Add test for empty_narrow_multi_private_message case.
This commit also marks narrow_banner.js as having 100% node test
coverage.
2021-04-01 07:38:39 -07:00
YashRE42 a15290429f narrow_banner: Add test for empty_narrow_self_private_message case. 2021-04-01 07:38:39 -07:00
YashRE42 89c89c76bf narrow_banner: Add test case for subbed stream empty narrow msg. 2021-04-01 07:38:39 -07:00
YashRE42 6fe67ef192 narrow_banner: Add test for empty stream operand, empty narrow msg. 2021-04-01 07:38:39 -07:00
YashRE42 df1d52ea15 narrow_banner: Add test case for unknown is: operand empty narrow msg. 2021-04-01 07:38:39 -07:00
YashRE42 01d7e69e41 narrow_banner: Add test for multi-operator empty narrow case. 2021-04-01 07:38:39 -07:00
YashRE42 f1808de5f6 narrow_banner: Add test for hide_empty_narrow_message. 2021-04-01 07:38:39 -07:00
YashRE42 836f39ecbb narrow_banner: Hide all empty narrow messages before each test.
Previously we were liable to have false positives in our tests here
because we did not reset the visible state for these selectors, this
commit adds a helper and relevant calls to it in order to prevent such
false positives.
2021-04-01 07:38:39 -07:00
YashRE42 b3274aa32e narrow_banner: Assert reply button disabled on show empty narrow msg. 2021-04-01 07:38:39 -07:00
YashRE42 dc02d4550f narrow_banner: Refactor first_operand conditionals to use switch/case. 2021-04-01 07:38:39 -07:00
YashRE42 f85f0c4b0b narrow_banner: Refactor empty banner is: operands to use switch/case. 2021-04-01 07:38:39 -07:00
aryanshridhar 00c493a75a dropdown_list_widget: Properly handle reset button text.
There can be several cases when we don't require a reset button
with the dropdown_list_widget.
Hence, Added an abstraction for dropdown_list_widget that
renders the button only if it's corresponding text is passed.
2021-03-31 17:57:56 -07:00
Riken Shah 08212ef74a puppeteer_tests: Remove login test.
This commit deletes the `01-login.ts` test because it was
redundant, We are already checking for log-in in all the
other tests.
2021-03-31 16:55:54 -07:00
Alex Vandiver 0023d561dd ci: Switch to hosting the CI images under Zulip on Dockerhub. 2021-03-31 16:54:34 -07:00
Alex Vandiver 21bafe1e1e tornado: Drop unused command-line flags.
These flags were put in place in the first commit that introduced
Tornado (9afd63692f) with unclear
utility.

Remove them, since they have never been documented, and do not have a
clear need.
2021-03-31 14:19:38 -07:00
Alex Vandiver de46edf966 docs: Remove unused X-Client-IP header from haproxy configuration.
This is unrelated to the X-Real-IP configuration that nginx will add,
and is unused by Zulip.  Remove it, to reduce confusion.
2021-03-31 14:19:38 -07:00
Alex Vandiver 07779ea879 middleware: Do not trust X-Forwarded-For; use X-Real-Ip, set from nginx.
The `X-Forwarded-For` header is a list of proxies' IP addresses; each
proxy appends the remote address of the host it received its request
from to the list, as it passes the request down.  A naïve parsing, as
SetRemoteAddrFromForwardedFor did, would thus interpret the first
address in the list as the client's IP.

However, clients can pass in arbitrary `X-Forwarded-For` headers,
which would allow them to spoof their IP address.  `nginx`'s behavior
is to treat the addresses as untrusted unless they match an allowlist
of known proxies.  By setting `real_ip_recursive on`, it also allows
this behavior to be applied repeatedly, moving from right to left down
the `X-Forwarded-For` list, stopping at the right-most that is
untrusted.

Rather than re-implement this logic in Django, pass the first
untrusted value that `nginx` computer down into Django via `X-Real-Ip`
header.  This allows consistent IP addresses in logs between `nginx`
and Django.

Proxied calls into Tornado (which don't use UWSGI) already passed this
header, as Tornado logging respects it.
2021-03-31 14:19:38 -07:00
Sundar Guntnur 5aefb5e656 webhook: Catch potential JsonableError when parsing widget_content.
The `widget_content` key is expected to contain a string which parses
as JSON; in the event that it does not, log the error and notify the
bot owner, instead of failing silently.

Fixes #16850.
2021-03-31 13:31:42 -07:00
Arun Sankar 954aced781 populate_db: Add non ascii and non bmp characters to Stream names.
Added non ascii and non bmp characters to stream names.

A Stream Name will now consist of a random stream name +
a number (to avoid name duplicates) + a 15% to contain
a emoji.
2021-03-31 13:00:56 -07:00
Arun Sankar b26b647b1d populate_db: Add non ASCII and non BMP characters to usernames.
Added non ASCII and non bmp characters to full name.

Created a new list for non_ascii_names and emojis
to store them explicitly.

A full name will now consist of first name +
(a non ASCII name or a plain middle name) + (a emoji
or a plain last name).

First name will not have any non ASCII or non bmp text
as it is also being used as email.
2021-03-31 13:00:56 -07:00
Riken Shah bfc1e45a91 password_change: Avoid unnecessary redirect to the login page.
This commits adds on to 9884226f, which was added to
handle a rare race condition that occurs when the
session hash is not updated by the backend during the
password change process.

It handles a variant race situation where the request was initiated
before/during the password change event and completed after it was
completed. Hence, forcing the page to redirect to the login page.
2021-03-31 11:03:09 -07:00
Tim Abbott 85b3157b47 css: Fix webapp alert styling incorrectly applying to portico.
In a00f5dd90e, we needed to move the
`alert-box` styles from alerts.css to be visible in portico pages.
However, when doing so, we incorrectly moved all of alerts.css, which
also has styles for `alert` and` alert-error` designed to make it
convenient to include hidden elements for potential errors in the
webapp settings UIs directly in the HTML template (and then use
show/hide to manage them).

We fix this by moving just the alert-box scope to the common
components.css module, which is designed as the place for styles
shared between the webapp and portico pages.

This fixes an issue where the error messages for wrong password and
the like were invisible :(.
2021-03-31 10:06:40 -07:00
m-e-l-u-h-a-n aea31eb31f api: Add REALM_DEACTIVATED error code.
In `validate_account_and_subdomain` we check
if user's realm is not deactivated. In case
of failure of this check, we raise our standard
JsonableError. While this works well in most
cases but it creates difficulties in handling
of users with deactivated realms for non-browser
clients.

So we register a new REALM_DEACTIVATED error
code so that clients can distinguish if error
is because of deactivated account. Following
these changes `validate_account_and_subdomain`
raises RealmDeactivatedError if user's realm
is deactivated.

This error is also documented in
`/api/rest-error-handling`.

Testing: I have mostly relied on automated
backend tests to test this.

Fixes #17763.
2021-03-31 08:46:13 -07:00
m-e-l-u-h-a-n 2eeb82edba api: Add USER_DEACTIVATED error code.
In validate_account_and_subdomain we check if
user's account is not deactivated. In case of
failure of this check we raise our standard
JsonableError. While this works well in most
cases but it creates difficulties in handling
of deactivated accounts for non-browser clients.

So we register a new USER_DEACTIVATED error
code so that clients can distinguish if error
is because of deactivated account. Following
these changes `validate_account_and_subdomain`
raises UserDeactivatedError if user's account
is deactivated.

This error is also documented in
`/api/rest-error-handling`.

Testing: I have mostly relied on automated
backend tests to test this.

Partially addresses issue #17763.
2021-03-31 08:46:13 -07:00
Signior-X 66d7e711b2 refractor: Replace manual autosize of textarea with compose_ui autosize.
This commit make compose_ui.autosize_textarea handle most of the autosize
logic of the textarea. It audits for any logic that is trying to do
autosize manually and replace it with compose_ui.autosize_textarea.
This allows to have better check for when the textarea is autosized.

Mainly done this so that we can have a check on #compose-textarea when
to autosize and when not to, thus helping to have all the logic in only
one function.
2021-03-31 07:49:47 -07:00
Riken Shah a527d196d7 puppeteer_tests: Use more stable selectors.
This commit changes some fragile selectors (like
`a[href=#link]`) to more stable selectors because they
are more prone to break from doing something normal
like adding another link in the app.

It also solves an inconsistency in `07-navigation.ts`,
where the subscription overlay was opened by clicking
on the header stream instead of the menu list.

It also fixes a rare flake (in `07-navigation.ts`), where
the close button of subscription overlay was not clicked
due to a delay in the opening. The delay was caused by
clicking the header stream to open subscription overlay
which caused unnecessary loading of the stream
setting(Verona).
2021-03-31 09:00:51 -04:00
Riken Shah c5f0806308 puppeteer_tests: Rename navigate_to func to navigate_using_left_sidebar.
As we are using the 'navigate_to' function to navigate
the links on the left sidebar, It'd be more clear to rename
the function to 'navigate_using_left_sidebar'.

Also adding '#left-sidebar' when selecting the element,
to be sure it will select the element from the left sidebar.
2021-03-31 09:00:51 -04:00
Riken Shah e61f73c239 refactor: Lift out log-out call from individual tests to `common.ts`.
We recently added the commit to add the log-out call
after each test (52706908b).

This commit cleans that approach by using
just one log-out call after the test is executed at
`common.ts`
2021-03-31 08:57:18 -04:00
sahil839 f73d101854 stream: Use 'hidden.bs.modal' event for enabling mouse background events.
We now unconditionally enable backgroung events when 'hidden.bs.modal'
event is triggered on closing of modal. We do not need to handle them
separateley for closing modal by close_modal, data-dismiss or escape.
We handle this by single handler for modals in settings and subscription
overlay.

Fixes #16688.
2021-03-30 17:02:46 -07:00
sahil839 46db1da9a9 puppeteer: Wait till background mouse events are enabled in settings test.
This commit adds waitForFunction to wait till the background mouse events
are enabled after closing the modal in the settings test.

This change is needed to avoid the failure that will be caused after we
change the code to handle re-enabling of mouse events only at one place
using 'hidden.bs.modal' event of bootstrap, as this event is fired only
after the modal is completely hidden, and we would want the mouse events
to be enabled before using clicks in further tests.
2021-03-30 17:02:46 -07:00
sahil839 7489213768 modals: Do not remove modal element from DOM after closing the modal.
This commit changes the code to not remove the modal element from DOM
after closing the modal for the deactivation stream modal and stream
privacy modal.

This is a prep commit for enabling background mouse events
unconditionally using 'hidden.bs.modal', because removing element
using '.remove' remove all events attached to it and this will also
remove the 'hidden.bs.modal' event which we do not want.

This remove behavior is inconsistent as we remove some of the modals
but do not remove some, so for now we are not removing the modal
after closing but it is anyway removed before opening a modal to handle
case of having two elements of same id and avoids any bugs.
This behavior of when to remove the element from DOM and when to not
remove needs to be discussed and may be modified in future.
2021-03-30 17:02:46 -07:00
sahil839 677ba4bc25 streams: Show warning when unsubscribing a private stream.
We show a modal as a warning when unsubscribing a private stream
because it is a irreversible action and one cannot re-subscribe
tovit until added by other member of stream.

Fixes #9254.
2021-03-30 17:02:44 -07:00
sahil839 60f486d941 confirm_dialog: Add close-modal-btn class to cancel buttons.
This commit adds "close-modal-btn" class to cancel button in
the modal and cross icon.

We do this change because we would add a modal for unsubscribing
from private stream in further commit using confirm_dialog module.
We would need to avoid the unexpected closing of stream settings
on closing the modal which can be done by calling 'e.stopPropagation'
to prevent propagating of events in other elements.
Thus, adding this class will mean that the handler used for stream
privacy modal for this same task will be used for unsubscribe modal
also.
2021-03-30 16:51:42 -07:00
sahil839 208f3d7f1b confirm_dialog: Focus on the yes_button after opening the modal.
This commit adds the code to focus the confirmation/yes button
after opening the modal such that the user can just confirm by
pressing Enter.
2021-03-30 16:51:42 -07:00
sahil839 2e6723f337 stream: Add close-modal-btn class to cancel btn in deactivate stream modal.
This commit adds 'close-modal-btn' class to cancel button and cross icon
in the deactivation stream modal.

This change is a prep commit for enabling background events on
'hidden.bs.modal' event. As we would enable background events in furhter
commit using the 'hidden.bs.modal' event, we would need to remove the
'hide.bs.modal' event of deactivation_stream_modal which removes the
element from DOM.
When we remove this event we would need a e.stopPropagation call to avoid
unexpected closing of stream settings which was not a problem previously
because the element was being removed from DOM before actual closing of
modal.
So instead of adding a different handler, we can use the handler used
for stream privacy modal here by adding this new class.
2021-03-30 16:51:42 -07:00
sahil839 4d3a2c10fb stream_edit: Rename class of cancel btn in stream-privacy modal.
This commit renames the class of both cancel button and the cross
icon to close-modal-btn.

This change is a prep commit for enabling background events on
'hidden.bs.modal' event. As we would enable background events in
furhter commit using the 'hidden.bs.modal' event, we would need to
remove the 'hide.bs.modal' event of deactivation_stream_modal which
removes the modal element from DOM.
When we remove this we would need a e.stopPropagation call to avoid
unexpected closing of subscription settings, which was not a problem
before as the element was removed from DOM before the actual closing
of modal.
So instead of adding a separate `e.stopPropagation' call, we can use
the same handler that is being used for stream privacy modal and this
is the reason the class name of cancel button of privacy modal is
being changed.
2021-03-30 16:51:42 -07:00