Commit Graph

45874 Commits

Author SHA1 Message Date
Alex Vandiver a3adaf4aa3 puppet: Fix standalone certbot configurations.
This addresses the problems mentioned in the previous commit, but for
existing installations which have `authenticator = standalone` in
their configurations.

This reconfigures all hostnames in certbot to use the webroot
authenticator, and attempts to force-renew their certificates.
Force-renewal is necessary because certbot contains no way to merely
update the configuration.  Let's Encrypt allows for multiple extra
renewals per week, so this is a reasonable cost.

Because the certbot configuration is `configobj`, and not
`configparser`, we have no way to easily parse to determine if webroot
is in use; additionally, `certbot certificates` does not provide this
information.  We use `grep`, on the assumption that this will catch
nearly all cases.

It is possible that this will find `authenticator = standalone`
certificates which are managed by Certbot, but not Zulip certificates.
These certificates would also fail to renew while Zulip is running, so
switching them to use the Zulip webroot would still be an improvement.

Fixes #20593.
2022-01-24 12:13:44 -08:00
Alex Vandiver 76ce8631c0 setup: Install a temporary certificate, before certbot runs.
Installing certbot with --method=standalone means that the
configuration file will be written to assume that the standalone
method will be used going forward.  Since nginx will be running,
attempts to renew the certificate will fail.

Install a temporary self-signed certificate, just to allow nginx to
start, and then follow up (after applying puppet to start nginx) with
the call to setup-certbot, which will use the webroot authenticator.

The `setup-certbot --method=standalone` option is left intact, for use
in development environments.

Fixes part of #20593; it does not address installs which were
previously improperly configured with `authenticator = standalone`.
2022-01-24 12:13:44 -08:00
N-Shar-ma 6d2de28bf0 todo_widget: Fix bug where new todos sometimes replaced old todos.
Initialised `this.me` for the TaskData using a constructor to the
current user id.

The bug was caused due to `this.me` never being initialised, and hence
`idx` wasn't incremented on page reload, which resulted in duplicate
`data-key` attributes and hence new todos overwriting older todos with
the same `data-key`

Fixes: #20698
2022-01-24 11:25:32 -08:00
Lauryn Menard e479acc809 api_docs: Add line break before return value description text.
Adds a line break before the descriptive text for return
values and events in the api documentation in order to
help with readability of descriptions with multiple
paragraphs of descriptive text.

Adjustments made to the CSS of list items in unordered
lists to visually group the first paragraph of text
to any following paragraphs or unordered lists.
2022-01-24 10:02:02 -08:00
Anders Kaseorg c6b372b471 js: Simplify indexing arrays from the end with Array#at.
https://github.com/tc39/proposal-relative-indexing-method

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-24 09:58:54 -08:00
Anders Kaseorg 0b03628324 js: Shorten Object.prototype.hasOwnProperty.call to Object.hasOwn.
https://github.com/tc39/proposal-accessible-object-hasownproperty

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-24 09:57:09 -08:00
Anders Kaseorg 4922632601 mypy: Add types-beautifulsoup4.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-23 23:39:40 -08:00
Anders Kaseorg 8d9fe9cfb0 mypy: Add types-stripe.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-23 22:47:30 -08:00
Anders Kaseorg de1df81ef6 test_stripe: Convert "".format to Python 3.6 f-string.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-23 22:17:02 -08:00
Anders Kaseorg 2caeb38e9e python: Replace IOError with OSError.
IOError is an alias for OSError in Python ≥ 3.3.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-23 22:17:02 -08:00
Anders Kaseorg 3437e38612 string_validation: Use set comprehension syntax.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-23 22:17:02 -08:00
Anders Kaseorg 97e4e9886c python: Replace universal_newlines with text.
This is supported in Python ≥ 3.7.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-23 22:16:01 -08:00
Anders Kaseorg fd6d048efd mypy: Remove unused overrides.
soupsieve has types; sphinx_rtd_theme is no longer directly imported.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-23 22:15:03 -08:00
Anders Kaseorg b729f00fc2 test_upload: Uncomment subTest contexts.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-23 22:14:43 -08:00
Anders Kaseorg 5fb935bf60 python: Replace deprecated urllib3 BACKOFF_MAX.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-23 22:14:17 -08:00
Anders Kaseorg 2612f57d51 requirements: Upgrade Python requirements.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-23 22:14:17 -08:00
Anders Kaseorg ee71650908 python: Replace requests.packages.urllib3 alias with urllib3.
requests stopped vendoring urllib3 in 2.16.0 (2017-05-26).

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-23 22:14:17 -08:00
Anders Kaseorg 18aa4f4df4 tornado: Replace deprecated urllib3 method_whitelist.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-23 22:14:17 -08:00
Sahil Batra fd1d4e101b overlay: Fix bug of information overlay not closing when text is selected.
There was a bug where information overlay was not closing on clicking
"x" when some text was selected. This was due to document.getSelection().type
returning "Range" and we do not close the modal in that case as per the code
added in 081d74141b.

As the "x" icon was button, the document.getSelection().type was
still returning "Range" for the text selected, but when the "x"
icon is inside a span, as in settings overlay, clicking on "x"
deselects the already selected text and selection type is not
"Range" and thus modal is closed.

This commit also improves the vertical alignment of "x".

Fixes #20645.
2022-01-21 17:39:01 -08:00
Anders Kaseorg a58a71ef43 Remove Ubuntu 18.04 support.
As a consequence:

• Bump minimum supported Python version to 3.7.
• Move Vagrant environment to Debian 10, which has Python 3.7.
• Move CI frontend tests to Debian 10.
• Move production build test to Debian 10.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-21 17:26:14 -08:00
Anders Kaseorg d035efd467 ci: Test upgrade-postgresql on Ubuntu 20.04.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-21 17:26:14 -08:00
Alex Vandiver 3bbe5c1110 puppet: Put comments on iptables lines.
In addition to documenting the rules.v4 and rules.v6 files slightly,
these comments show up in `iptables -L`:

```
root@hostname:~# iptables -L INPUT
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
LOGDROP    all  --  anywhere             localhost/8
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh /* ssh */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:3000 /* grafana */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9100 /* node_exporter */
LOGDROP    all  --  anywhere             anywhere
```
2022-01-21 16:46:14 -08:00
Aman Agrawal c4efc97d5a compose: Extend empty compose navigation logic to recipient boxes.
Navigation key presses like `Up` and `PageUp` with an empty recipient
boxes will now close the compose and propagate the keypress to the message
list or recent topics, depending upon the active view.

This extends behavior we've had for a long time with focus in the
compose box itself.
2022-01-21 16:40:13 -08:00
Ganesh Pawar 49e9cf10de user_status: Migrate modal to dialog_widget. 2022-01-21 16:17:25 -08:00
Ganesh Pawar f43d3b9986 change_email: Migrate modal to dialog_widget. 2022-01-21 16:12:34 -08:00
Ganesh Pawar 84ed22d59a api_key_modal: Place the error element at the top of the modal.
This is consistent with other modal behaviour.
2022-01-21 16:12:34 -08:00
Ganesh Pawar 79bdd8bdb6 api_key_modal: Update the modal config for `on_show`.
This is needed since 291aaf373f changed
the interface for modal event handlers.
2022-01-21 16:12:34 -08:00
Alex Vandiver be1c4c2bd8 docs: Mention Camo does not use a local Smokescreen in the proxies docs.
This documents the new behaviour in d328d3dd4d.
2022-01-21 15:57:27 -08:00
Tim Abbott a020d7a80d user_profile: Fix unsubscribing other users from streams.
This fixes a bug introduced with the Micromodal migration in
7a505e3857, where the data-user-id
declaration for this modal was lost.
2022-01-21 15:45:11 -08:00
Eeshan Garg 93329c2d70 send_custom_email: Only send emails to active remote servers. 2022-01-21 15:03:08 -08:00
Tim Abbott 367fed89f2 register_server: Improve HTTP error reporting. 2022-01-21 15:02:30 -08:00
Eeshan Garg fb09c18462 management/commands: Refactor error handling in register_server. 2022-01-21 14:57:09 -08:00
Eeshan Garg bd197886fe management/commands: Refactor logging code in register_server. 2022-01-21 14:57:09 -08:00
Eeshan Garg 3bc0f8c6f9 zilencer: Add endpoint for deactivating remote server registration. 2022-01-21 14:57:04 -08:00
Eeshan Garg 94d00ca942 zilencer: Stop serving requests from deactivated remote servers. 2022-01-21 14:56:04 -08:00
Eeshan Garg 9e1fd26125 docs: Make general improvements to our billing docs.
With a few wording tweaks from tabbott to the "Upgrading a Zulip
organization" section.
2022-01-21 14:21:02 -08:00
Tim Abbott afd8d5ef0c openapi: Improve stream description details. 2022-01-21 14:10:48 -08:00
Palash 61e87b0ac8 api_documentation: Update subscriptions parameter in OpenAPI doc.
regarding -
POST https://yourZulipDomain.zulipchat.com/api/v1/users/me/subscriptions

The definition of the "subscription" parameter didn't include full
information about the parameter. It only said that an array of objects
is passed as a parameter, and relied on description of the parameter
to explain what the object contained. I edited the definition to contain
the full information about the object.

Fixes #20824.
2022-01-21 14:04:46 -08:00
rht 42f46a78e9 docs: Fix grammar problems found by LanguageTool.
With tweaks to security-model.md by tabbott to expand the SSO acronym.

Ignored, but still needs discussion on whether we should exclude this
rule:

```
The word ‘install’ is not a noun.
  ✗ ...ble to connect to the client during the install process:  So you'll need to shut down a...
                                               ^^^^^^^
  ✓ ...ble to connect to the client during the installation process:  So you'll need to shut down a...
  A_INSTALL: a/the + install

The word ‘install’ is not a noun.
  ✗ ...detected at install time will cause the install to abort. If you already have PostgreSQ...
                                               ^^^^^^^
  ✓ ...detected at install time will cause the installation to abort. If you already have PostgreSQ...
  A_INSTALL: a/the + install
```
2022-01-21 14:02:14 -08:00
Eeshan Garg aa8b3f9729 streams: Add RealmAuditLog entries for permission changes. 2022-01-21 13:59:35 -08:00
Eeshan Garg 0d99809fd3 streams: Add notifications for permission policy changes.
The change to curl_param_value_generators.py warrants a brief
explanation. Stream permission changes now generate a notification
message. Our curl example test for removing a reaction comes after
the two tests for updating the stream permission changes, thus the
hardcoded message ID in that test needs to be incremented by 2 to
account for the two notification messages that now come before it.

This is a part of #20289.
2022-01-21 13:59:34 -08:00
Eeshan Garg fab1b7f5d5 actions: Refactor functions for stream permission changes.
do_make_stream_web_public and do_change_stream_invite_only seem
to contain very similar logic that could just live inside the
do_change_stream_permission function that handles all permission
changes in one place.
2022-01-21 13:59:34 -08:00
Eeshan Garg f0ee065292 streams: Use bulleted format for description change notifications.
We want the format for our description change notifications to be
consistent with the format of our stream posting policy change
notifications.
2022-01-21 13:59:34 -08:00
Alya Abbott ca311e83c8 docs: Fix typos in GSoC guide. 2022-01-21 13:38:30 -08:00
Anders Kaseorg 1f3e87b2a3 test_queue_error_json: Acknowledge the received message.
Otherwise it stays in the queue.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-21 13:38:13 -08:00
Anders Kaseorg 773c909d7f test_queue: Ensure the test_suite queue exists in setUp.
queue_client.queues does not list all the queues that exist on the
server (you can’t do that over AMQP); the condition "test_suite" in
queue_client.queues was always false.  So the test_suite queue could
accumulate extra messages that broke test_queue_error_json.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-21 13:38:13 -08:00
Anders Kaseorg db24eca832 test_auth_backends: Verify the avatar contents.
Consuming response.streaming_content fixes this warning from
TestLDAP.test_login_success_when_user_does_not_exist_with_valid_subdomain:
“ResourceWarning: unclosed file <_io.FileIO
name='/srv/zulip/var/…/3cc4b5a15b6f4f06b3f9a6ecb179b08702329716.png'
mode='rb' closefd=True>”.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-21 13:37:26 -08:00
Anders Kaseorg ba7ea7cc80 test_classes: Extract assert_streaming_content helper.
This also fixes a warning from
RealmExportTest.test_endpoint_local_uploads: “ResourceWarning:
unclosed file <_io.BufferedReader
name='/srv/zulip/var/…/test-export.tar.gz'>”.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-21 13:37:26 -08:00
Alya Abbott 1bd83c33ab policies: Rename "Terms of Use" to "Terms of Service" in DPA. 2022-01-20 13:15:00 -08:00
Eeshan Garg f2e7b92b02 team_page: Display count of contributors with >=100 commits. 2022-01-19 17:37:09 -08:00