As explained in 158287f998,
wantMessagesSigned can't be enabled globally (as it'll break setups with
IdPs that sign SAMLResponse assertions) - but is needed for
LogoutRequests, and will be for LogoutResponses in the SP-initiated SLO
flow in future commits.
We extract a function with the necessary hacky logic for re-use in the
SP-initiated SLO implementation.
This lets us provide a hook to where we've written some advice both on
what makes a good stream description, and also what Markdown formatting
is supported there.
Fixes#23376.
Zulip's unread messages design has an invariant that all unread stream
messages must be in streams the user is subscribed to. For example, We
do not include the unread messages from unsubscribed streams in the
"unread_msgs" data structure in "/register" response and we mark all
unread messages as read when unsubscribing a user from a stream.
Previously, the mark as unread endpoint allowed violating that
invariant, allowing you to mark messages in any stream as unread.
Doing so caused the "message_details" data structures sent with
"update_message_flags" events to not contain messages from
unsubscribed streams, even though those messages were present in the
set of message IDs. These malformed events, in turn, caused exceptions
in the frontend's processing of such an event.
This change is paired with a separate UI change to not offer the "Mark
as unread" feature in such streams; with just this commit, that will
silently fail.
With some additions to the tests by tabbott.
In the message actions popover menu, adds an additional check for
whether the mark as unread option should be displayed based on if
the message is a stream message and if the user is subscribed to
the message's stream.
The previous check looked at whether the settings overlay as a whole
was open, not whether the specific panel we're going to update was
rendered.
The other code paths calling from server_events_dispatch into this
module already correctly check meta.loaded.
We added this logging statement in
8d33a62eca, and we now have the data to
suggest this will happen in normal operation.
I left this as a blueslip.log, since it may be useful to see in the
leadup to another exception.
The message we are trying to remove from unread mentions might not
have been fetched locally.
Fortunately, the `unread_topic_counter` data structure is designed to
support exactly this kind of lookup.
This way, if the maintainer isn't able to update `main`,
the push doesn't add the shared-VERSION tag either.
That avoids ending up with a tag that potentially doesn't
get included in the history of the main branch.
The Git docs warn that servers might or might not support this
feature, but GitHub does -- indeed they boasted about it when it
first came out, in Git 2.4 back in 2015:
https://github.blog/2015-04-30-git-2-4-atomic-pushes-push-to-deploy-and-more/
A number of autossh connections are already left open for
port-forwarding Munin ports; autossh starts the connections and
ensures that they are automatically restarted if they are severed.
However, this represents a missed opportunity. Nagios's monitoring
uses a large number of SSH connections to the remote hosts to run
commands on them; each of these connections requires doing a complete
SSH handshake and authentication, which can have non-trivial network
latency, particularly for hosts which may be located far away, in a
network topology sense (up to 1s for a no-op command!).
Use OpenSSH's ability to multiplex multiple connections over a single
socket, to reuse the already-established connection. We leave an
explicit `ControlMaster no` in the general configuration, and not
`auto`, as we do not wish any of the short-lived Nagios connections to
get promoted to being a control socket if the autossh is not running
for some reason.
We enable protocol-level keepalives, to give a better chance of the
socket being kept open.
These hosts were excluded from `zulipconf_nagios_hosts` in
8cff27f67d, because it was replicating the previously hard-coded
behaviour exactly. That behaviour was an accident of history, in that
4fbe201187 and before had simply not monitored hosts of this class.
There is no reason to not add SSH tunnels and munin monitoring for
these hosts; stop skipping them.
The emoji matcher uses this property in is_unicode_emoji.
It doesn't quite make sense to be talking about "reaction types"
here -- we might use this for a message-reactions UI, but we might
just as reasonably use it for emoji UI in message composing. Ah,
well: I guess that's just a bit of messiness that we can deal with.
When "group-pm-with" is the first operator and setting an empty
narrow banner, check that the operand matches a user and set the
title based on whether the user exists or not.
Because "group-pm-with" is not a common search operator, instead of
setting a specialized title in the browser and tab, just use the
default title, "Search results".
This guarantees that the Realm is always non-None when we hit the
codepath is_static_or_current_realm_url via
do_change_stream_description, so that we can properly skip rewritting
some images.
Fixes#19405
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
Since this is being moved to admin-facing documentation, also adds a
paragraph about the main concern with enabling this on a server that's
not zulip.com.
The previous error page was inadequate for serving the two different
scenarios where we show errors in realm_creations, in particular
containing a misleading sentence about realm creation being disabled
(even in the case where it was actually enabled and the user simply had
an expired link).
This is still messy, in that it does the `chdir` using a different
library than the rest, but it's at least more consistent with the
codebase and it should be possible to bulk migrate the `ZULIP_PATH`
calculation, which we have in a dozen files, to pathlib later.