The show password feature is a functionality to
toggle the visibility of the password fields in forms
so that one can check if they have entered the correct
password or not. We implement this using an eye icon
toggling which converts input field type from password
to text and vice-versa.
Fixes part of #17301.
Replaced methods/functions of moment.js with date-fns library.
The motive was to replace it with a smaller frontend timezone library.
Date-fns ~ 11.51 kb
moment.js ~ 217.87 kb
Some of the format strings change because date-fns encodes them
differently from how moment did.
Fixes#16373.
Improves the display of error messages on registration page fixing
mis-positioning of error messages and overlapping with other text
in some cases.
Part of: #15750.
ES and TypeScript modules are strict by default and don’t need this
directive. ESLint will remind us to add it to new CommonJS files and
remove it from ES and TypeScript modules.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
Note that require("moment") and require("moment-timezone") resolve to
the same thing, but the latter adds timezone support as a side effect.
So I went with the latter in every file where .tz is used.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
Prettier would do this anyway, but it’s separated out for a more
reviewable diff. Generated by ESLint.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
We register ZulipRemoteUserBackend as an external_authentication_method
to make it show up in the corresponding field in the /server_settings
endpoint.
This also allows rendering its login button together with
Google/Github/etc. leading to us being able to get rid of some of the
code that was handling it as a special case - the js code for plumbing
the "next" value and the special {% if only_sso %} block in login.html.
An additional consequence of the login.html change is that now the
backend will have it button rendered even if it isn't the only backend
enabled on the server.
This commit was originally automatically generated using `tools/lint
--only=eslint --fix`. It was then modified by tabbott to contain only
changes to a set of files that are unlikely to result in significant
merge conflicts with any open pull request, excluding about 20 files.
His plan is to merge the remaining changes with more precise care,
potentially involving merging parts of conflicting pull requests
before running the `eslint --fix` operation.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
I added the `white-box` as it was in the other similar pages
(`/accounts/go`).
In order to be able to style it better, I removed the buttons and added
`div`s instead, then added click handler for submitting the form.
If the email is associated to a Zulip account, the avatar of the account
is displayed and the text `Log in`, otherwize a `+` sign is
displayed and the text `Create new account`.
This replaces the two custom Google authentication backends originally
written in 2012 with using the shared python-social-auth codebase that
we already use for the GitHub authentication backend. These are:
* GoogleMobileOauth2Backend, the ancient code path for mobile
authentication last used by the EOL original Zulip Android app.
* The `finish_google_oauth2` code path in zerver/views/auth.py, which
was the webapp (and modern mobile app) Google authentication code
path.
This change doesn't fix any known bugs; its main benefit is that we
get to remove hundreds of lines of security-sensitive semi-duplicated
code, replacing it with a widely trusted, high quality third-party
library.
Pasting a generated password into the password box triggers neither a
change event (until the password box is unfocused) nor a keyup event.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
This commit removes inline javascript code present in
accounts_send_confirm.html and moves it to signup.js. This page is
rendered when the "/accounts/send_confirm" endpoint is visited. An
empty div element is added in accounts_send_confirm.html with
unique data-page-id attribute to make it more easy to find in which
page we are, while working with the javascript code.
This commit removes inline javascript code present in reset_confirm.html
and moves it to signup.js. The reset_confirm.html page is rendered when
the user visits "/accounts/password/reset" confirmation page. An empty
div element is added in reset_confirm.html with unique data-page-id
attribute to make it more easy to find in which page we are, while
working with the javascript code.
This commit removes inline javascript code present in reset.html and
moves it to signup.js. The reset.html page is rendered when the user
visits "/accounts/password/reset". An empty div element is added in
reset.html with unique data-page-id attribute to make it more easy
to find in which page we are, while working with the javascript code.
This commit removes inline javascript code present in create_realm.html
and moves it to signup.js. The create_realm.html page is rendered when
the user visits "/new". An empty div element is added in
create_realm.html with unique data-page-id attribute to make it more easy
to find in which page we are, while working with the javascript code.
This commit removes inline javascript code present in
accounts_home.html and moves it to signup.js. The accounts_home.html
page is rendered when the user visits "/register". An empty div
element is added in accounts_home.html with unique data-page-id
attribute to make it more easy to find in which page we are, while
working with the javascript code.
This commit removes inline javascript code present in login.html and
moves it to signup.js. An empty div element is added in login.html
with unique data-page-id attribute to make it more easy to find in
which page we are, while working with the javascript code.
This commit fixes a bug that caused:
1: A valid full name on an onboarding form to be cleared after an
invalid submission.
2: Incorrectly cleared name populated from LDAP which was janky from
UX perspective.
Ideally we should disable name change for LDAP as next login
will overwrite any changes but I think that can be done in a
separate PR.
Fixes: #10867.
If branch for showing the profile details would
not have executed if the subdomain was root ("").
The check was changed to check for select input
instead of checking for subdomain.
Apparently, we didn't have one of these, and thus had a moderate
number of generally very old violations in the codebase. Fix this and
clear the ones that exist..
Now, we correctly avoid calling various password quality/strength
functions in the registration flow in the event that there isn't a
password form on the current page.
Before, some code wasn't inside a block at all, while other code was
using an incorrect check (an empty jQuery object is not falsey).
The overall result was that this would often crash on certain
pages/flows, stopping JS execution and causing various secondary
problems.
This code brings the focus to the first input field with errors rather
than just the first input field present in the form after the sign up
form is rendered again after invalid data is submitted.
Note from tabbott: This still doesn't handle the ToS checkbox being
the source of the error, but that's an independent issue.
Fixes#10869.
This code prevents the password bar from being incorrectly clear after
the sign up form is rendered again after invalid data is submitted
(generally due to forgetting to agree to ToS).
Fixes#10868.
This uses an actual query to the backend to check if the subdomain is
available, using the same logic we would use to check when the
subdomain is in fact created.
The issue is that the server wants to display an error when you make a
request and fail, but the jQuery form validator also wants to display
errors at the same time. This removes the server errors to display the
jQuery.
Fixes: #8239.
Anders Kaseorg
Gaurav Pandey
aryanshridhar
Priyansh Garg
Mateusz Mandera
Anders Kaseorg
Alexandra Ciobica
Harshit Bansal
Thomas Ip
Abhinav Singh
Vaibhav
Vishnu Ks
Tim Abbott
Anupam-dagar
Brock Whittaker
VishalCR7
YJDave