Commit Graph

46573 Commits

Author SHA1 Message Date
Mateusz Mandera 995cbc69b4 migrations: Add migration to revoke invites from old deactivated users.
This is a natural follow-up to
93e8740218 - invitations sent by users
deactivated before the commit still need to be revoked, via a
migration.

The logic for finding the Confirmations to deactivated is based on
get_valid_invite_confirmations_generated_by_user in actions.py.
2022-03-17 15:16:05 -07:00
Anders Kaseorg 6aec27e646 js: Fix no-jquery/no-parse-html-literal.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-17 13:16:34 -07:00
Anders Kaseorg e32ec3f7eb ui_report: Fix inappropriate $ prefix.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-17 13:16:34 -07:00
Anders Kaseorg 215791db1e eslint: Enable no-jquery/deprecated rules.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-17 13:10:23 -07:00
Anders Kaseorg eb7770565a js: Fix no-jquery/no-sizzle.
The :first and :last selectors were deprecated in jQuery 3.4.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-17 13:10:23 -07:00
Anders Kaseorg 8ef2c0a604 js: Fix no-jquery/no-ready-shorthand.
The ready method was deprecated in jQuery 3.0, because its behavior
has nothing to do with the selector; it always waits for the page to
become ready, not a specific element.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-17 13:10:23 -07:00
Anders Kaseorg da0658967c js: Fix no-jquery/no-event-shorthand.
The event shorthand methods were deprecated in jQuery 3.3.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-17 13:10:23 -07:00
Anders Kaseorg 5d77381667 node_tests: Add a few missing $ prefixes.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-17 13:10:23 -07:00
Anders Kaseorg 44844743cd settings_account: Fix password quality meter.
It was broken by commit f5fbf5f0e0
“change_password: Migrate modal to dialog_widget” (#20193), because
the new_password input didn’t exist when we tried to install an event
handler for it.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-17 13:08:20 -07:00
Anders Kaseorg a3d89e049a models: Add missing type annotations.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-17 13:07:09 -07:00
Anders Kaseorg 62e049b25a models: Type nullable message_content_delete_limit_seconds as Optional.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-17 13:07:09 -07:00
Alex Vandiver c35a783c35 docs: Minor wording fixes to warm standby replication docs. 2022-03-17 12:53:26 -07:00
Alex Vandiver 2c26ad3714 docs: Break out and clarify wal-g backup configuration. 2022-03-17 12:53:26 -07:00
Alex Vandiver 6489c832a3 puppet: Upgrade third-party package versions. 2022-03-17 11:44:05 -07:00
Alex Vandiver 6b0876063f bootstrap-awscli: Upgrade awscli version. 2022-03-17 11:44:05 -07:00
Steve Howell bffd73fe44 node tests: Add spectator test for search suggestions.
This is a prep commit to help us soon remove 44 months worth of
bit-rotted code.
2022-03-17 12:07:53 -04:00
Steve Howell 599a70d6f4 node tests: Add test for topic_suggestions.
This is a prep commit to help us soon remove 44 months worth of
bit-rotted code.
2022-03-17 12:07:53 -04:00
Steve Howell 097852bb06 node tests: Add coverage for clear_search_form.
This is a prep commit to help us soon remove 44 months worth of
bit-rotted code.
2022-03-17 12:07:53 -04:00
Steve Howell a9f83a5805 node tests: Add test for people suggestions.
This is a prep commit to help us soon remove 44 months worth of
bit-rotted code.
2022-03-17 12:07:53 -04:00
Steve Howell d162bd17a9 node tests: Use now/future naming scheme for search tests. 2022-03-17 12:07:53 -04:00
Anders Kaseorg 4b712b49ef eslint: Enable eslint-plugin-no-jquery.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-16 12:52:07 -07:00
Anders Kaseorg f84a2c08d5 js: Prefix jQuery object variable names with $.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-16 12:52:07 -07:00
Anders Kaseorg f21842e920 requirements: Upgrade Python requirements.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-16 10:43:23 -07:00
Steve Howell dfab993e7d node tests: Avoid narrow_state mocking in pm_list* tests.
We now use narrow_state directly in pm_list and pm_list_data
tests, rather than mocking it with our `override*` helpers.

In some places I use an actual Filter() object, but
in places where the only testing concern is that the
active is narrow, I use a stub value.

We will continue to mock narrow_state in most places.
In addition to avoiding test-setup complications, we want
to avoid incidental line coverage on narrow_state that
only indirectly validates its behavior. Part of the
trickiness in avoiding narrow_state mocking is that
you often would have to introduce "real" Filter objects,
and the API for Filter objects is somewhat less than
ideal, and its wordiness can distract from the main
point of the tests.

Hopefully the changes here reflect the correct tradeoffs.
2022-03-16 11:57:58 -04:00
Tim Abbott bcbba0b20d docs: Fix changelog typo. 2022-03-15 22:17:53 -07:00
Tim Abbott 63cac121ba docs: Update changelog for changes merged in recent months. 2022-03-15 22:12:59 -07:00
Tim Abbott 26501cbddc i18n: Update translation data from Transifex. 2022-03-15 18:05:47 -07:00
Suyash Vardhan Mathur 20a97bdb05 events: Add functionality to mark messages as unread.
Co-authored-by: Steve Howell <showell@zulip.com>
Co-authored-by: Tim Abbott <tabbott@zulip.com>

This commit adds the backend functionality to
mark messages as unread through update_message_flags
with `unread` flag and `remove` operation.

We also manage incoming events in the webapp.

Tweaked by tabbott to simplify the implementation and add an API
feature level update to the documentation.

This commit was originally drafted by showell, and showell
also finalized the changes.  Many thanks to Suyash here for
the main work here, which was to get all the tests and
documentation work moving forward.
2022-03-15 18:00:35 -07:00
Tim Abbott bf890cf91a compose: Fix resolved topic warning after send.
Previously, we did not clear the resolved topic warning when reopening
the compose box after sending a emssage. This was a latent bug before
the previous commit, since the resolve topic was always displayed when
the compose box was pointed at a resolved topic before the previous
commit.
2022-03-15 17:59:15 -07:00
Tim Abbott 562f37b9af compose: Show topic resolve warning only when compose is nonempty.
The resolve topic warning can feel like clutter in the event that the
compose box is empty (which often occurs when the user has no intent
to send a message), so we configure the validation logic to only
display the notice when the compose box is non-empty.

We take some care to minimize work the function is doing, beacuse it
is called on every keystroke in the compose box.

Fixes: #21155.
2022-03-15 17:59:15 -07:00
Aman Agrawal ab7415105d hotkey: Fix enter key being handled both by browser and the app.
When we handle the enter key, we should return true.
2022-03-15 16:14:25 -07:00
Aman Agrawal bae5f016bf compose_control_menu: Allow to enter press to open the menu.
Make `compose_control_menu_wrapper` clickable and allow tab focus
on it. Disable tab focus on `compose_control_menu` icon. Fix outline
for `compose_control_menu_wrapper`.

Extend out custom outline property to all `[role="button"]` elements.
2022-03-15 16:14:25 -07:00
Tim Abbott a4d42392a6 settings: Avoid dropdown_list_widget on same line as labels.
The 3 instances of dropdown_list_widget using the `label` property had
different design than the rest of all of our dropdowns, in that the
label was on the same line as the dropdown.

Fix this by adjusting the `label` option to use our standard
`dropdown-title` CSS class.

Also remove the colons in the labels.

I confirmed that these were the only instances of this widget using
the label feature.

Fixes #20415.
2022-03-15 16:08:41 -07:00
Alex Vandiver d150236217 ci: Test upgrades from 4.11. 2022-03-15 16:00:02 -07:00
Sahil Batra 6f93f07844 types: Create a new TypedDict RealmPlaygroundDict for playground objects.
This commit creates a new TypedDict RealmPlaygroundDict for realm
playground objects. Now the list of playgrounds in the events sent
to clients and the "added_playground" field of RealmAuditLog entry
use RealmPlaygroundDict instead of Dict.
2022-03-15 15:58:36 -07:00
Sahil Batra 4bbb5f18e4 actions: Use transaction.atomic for do_remove_realm_playground. 2022-03-15 15:58:36 -07:00
Sahil Batra 578b752766 actions: Use transaction.atomic for do_add_realm_playground. 2022-03-15 15:58:36 -07:00
Sahil Batra b86b9bdc02 realm: Create RealmAuditLog entry when removing realm playgrounds.
This commit also adds 'acting_user' parameter to
do_remove_realm_playground function.

Fixes a part of #21268.
2022-03-15 15:58:36 -07:00
Sahil Batra dea3389045 realm: Create RealmAuditLog entry when adding realm playgrounds.
This commit also adds 'acting_user' parameter to
do_add_realm_playground function.

Fixes a part of #21268.
2022-03-15 15:58:36 -07:00
Sahil Batra 9fd9c5f1d2 actions: Pass realm_playgrounds as argument to notify_realm_playgrounds.
This commit modifies the notify_realm_playgrounds function to accept
realm_playgrounds as argument from the caller instead of computing it
in the function to avoid duplicate queries since the realm playgrounds
list will be required in its caller functions as well in further commits.
2022-03-15 15:58:36 -07:00
Alex Vandiver f77204be14 version: Update version and changelog after 4.11 release. 2022-03-15 14:24:53 -07:00
Alex Vandiver 62ba8e455d CVE-2022-24751: Clear sessions outside of the transaction.
Clearing the sessions inside the transaction makes Zulip vulnerable to
a narrow window where the deleted session has not yet been committed,
but has been removed from the memcached cache.  During this window, a
request with the session-id which has just been deleted can
successfully re-fill the memcached cache, as the in-database delete is
not yet committed, and thus not yet visible.  After the delete
transaction commits, the cache will be left with a cached session,
which allows further site access until it expires (after
SESSION_COOKIE_AGE seconds), is ejected from the cache due to memory
pressure, or the server is upgraded.

Move the session deletion outside of the transaction.

Because the testsuite runs inside of a transaction, it is impossible
to test this is CI; the testsuite uses the non-caching
`django.contrib.sessions.backends.db` backend, regardless.  The test
added in this commit thus does not fail before this commit; it is
merely a base expression that the session should be deleted somehow,
and does not exercise the assert added in the previous commit.
2022-03-15 13:52:15 -07:00
Alex Vandiver 7650b5a972 session: Enforce that changes cannot happen in a transaction. 2022-03-15 13:52:15 -07:00
Anders Kaseorg b70a071124 report: Strengthen report_csp_violations type using WildValue.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg 2a0bc2d1c9 crashlytics: Strengthen types using WildValue.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg be781f19e6 codeship: Strengthen types using WildValue.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg d5a8e040da clubhouse: Strengthen types using WildValue.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg 573d264759 circleci: Strengthen types using WildValue.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg 02393ecad7 canarytoken: Strengthen types using WildValue.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00
Anders Kaseorg d86fb95ce6 buildbot: Strengthen types using WildValue.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-15 13:02:02 -07:00