Commit Graph

36032 Commits

Author SHA1 Message Date
Tim Abbott a920544bc3
invite emails: Ensure user-controlled input is always in links.
Popular email clients like Gmail will automatically linkify link-like
content present in an HTML email they receive, even if it doesn't have
links in it.  This made it possible to include what in Gmail will be a
user-controlled link in invitation emails that Zulip sends, which a
spammer/phisher could try to take advantage of to send really bad spam
(the limitation of having the rest of the invitation email HTML there
makes it hard to do something compelling here).

We close this opportunity by structuring our emails to always show the
user's name inside an existing link, so that Gmail won't do new
linkification, and add a test to help ensure we don't remove this
structure in a future design change.

Co-authored-by: Anders Kaseorg <andersk@mit.edu>
2020-05-08 14:02:41 -07:00
Hashir Sarwar 6364d27ed5 topic: Remove 7 days restriction for editing & moving topics.
Previously, we had a restriction that we could only
edit and move the topics of 7 days old messages.
This buggy behaviour is now removed as in this
commit.

Fixes #14492.
Part of #13912.
2020-05-08 12:57:50 -07:00
Tim Abbott a702894e0e middleware: Stop using X_REAL_IP.
The comment was wrong, in that REMOTE_ADDR is where the real external
IP was; X_REAL_IP was the loadbalancer's IP.
2020-05-08 11:40:54 -07:00
Tim Abbott e2e0039ffe settings: Expose UI for limiting optional invitations to admins.
This option case is important both for cleaning the UI when
invitations as not required, as well as for some policy situations.

Partially fixes #14859.
2020-05-08 11:09:21 -07:00
Steve Howell ac2d7fef56 docs: Fix recent regression with server-settings.
We just needed a blank line after the "Changes"
paragraph.  Otherwise, the list formatting gets
all messed up.
2020-05-08 06:49:32 -04:00
Vishnu KS 060e54e814 droplets: Add instruction to create a new base image. 2020-05-07 17:09:05 -07:00
Vishnu Ks 2bd0e59462 droplets: Disable SSH password authentication.
We cannot disable this in base droplet as DigitalOcean overrides
the file and enable password authentication during droplet creation.
2020-05-07 17:09:05 -07:00
Vishnu KS 4796206629 droplets: Use bash script instead of cloud-config as user data.
We use cloud-config for setting up the SSH keys and executing
some commands. When cloud-config sets the SSH key it doesn't override
the existing keys. So we need to set the SSH keys manually using a command
instead. This means we no longer require cloud config. We can instead
pass a bash script as the user data instead of cloud-config.

I also included a command to set the SSH key of the root.
2020-05-07 17:09:05 -07:00
Vishnu KS c07fb47aab droplets: Set template_id to the id of the new image on 18.04.
size_slug represents the plan the droplet should be created on.
Since the new base droplet is created on the cheaper but more
feature rich new plan we have to update the slug_size as well
to take advantage of the cheaper plan.
2020-05-07 17:09:05 -07:00
Vishnu KS 87ff8ada6d droplets: Move git clean to setup_repo string. 2020-05-07 17:09:05 -07:00
Vishnu KS 6079c19304 droplets: Set the hostname correctly using cloud-init. 2020-05-07 17:09:05 -07:00
wowol 0e835c6381 urls: Migrate legacy urls to use modern django pattern. 2020-05-07 16:33:03 -07:00
wowol 049288eaeb urls: Migrate zilencer urls to use modern django pattern. 2020-05-07 16:28:58 -07:00
wowol ffed6b87dd urls: Migrate urls to use modern django pattern.
New path() function changed the way a regex pattern
is created from urls - it adds escape backslashes,
so for testing purposes we need to take care of them
and remove them, to check if urls were tested.

Additionaly, regex patterns from urls can have
[^/]+ instead of [^/]*, so we need to take care
of it too.
2020-05-07 16:28:58 -07:00
Mateusz Mandera 812ac4714f retention: Optimize fetching of realms and streams with retention policy. 2020-05-07 16:28:05 -07:00
Tim Abbott 50d8d61d3c puppet: Remove unnecssary/broken ;.
This breaks the Xenial build, which we're removing soon, but it's
unnecessary in any case.
2020-05-07 16:23:37 -07:00
Tim Abbott f9a61aa645 i18n: Update translation data from Transifex.
With a fix for a test.
2020-05-07 16:09:16 -07:00
Tim Abbott e29d1fc776 settings: Clean up pika logging.
It appears that a recent pika release started logging spammy INFO
output on the pika.connection and pika.channel channels, in addition
to the existing pika.adapters channel.

It's probably best to just move to WARNING-level logging for all of these.

This significantly cleans up the output when run-dev.py restarts
services due to a code change in the development environment.
2020-05-07 11:55:14 -07:00
Tim Abbott 73b2fcd618 runtornado: Remove some unnecessary startup logging.
This significantly cleans up the run-dev.py output.
2020-05-07 11:54:58 -07:00
Tim Abbott 3b20c951cf settings: Disable INFO level autoreload logging.
This removes some logging spam starting the development environment.
2020-05-07 11:43:15 -07:00
Hemanth V. Alluri fb757e91c1 webhooks/sentry: Add back support for the legacy integrations.
When the integration was originally rewritten, support for the
deprecated webhook payloads was removed. We later noticed that some
people using Zulip were still using versions of Sentry that required
the older integration code.

Thus this commit adds back the older integration code and whenever the
Sentry webhook payload does not have a "data" field (which must be
present in all modern payloads as per the documentation at
https://docs.sentry.io/workflow/integrations/integration-platform/webhooks)
we will use the older Sentry integration code.

Signed-off-by: Hemanth V. Alluri <hdrive1999@gmail.com>
2020-05-07 11:26:19 -07:00
Anders Kaseorg 8411f7f884 version: Update for Zulip Desktop v5.2.0.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-05-07 11:25:15 -07:00
Mateusz Mandera afaecd4d60 retention: Add explanation of values of Stream.message_retention_days. 2020-05-07 09:39:56 -07:00
Tim Abbott 03991d098a puppet: Add optional postgres version override.
This makes it convenient to run an alternative postgres version.
2020-05-07 09:33:24 -07:00
Steve Howell ac84ba19f1 error logging: Inline add_deployment_metadata. 2020-05-06 16:29:53 -07:00
Steve Howell ebb16e7a68 error logging: Simplify deployment data.
We no longer have intermediate constants of
`git_described` and `zulip_version_const`.

Instead, we make a `deployment_data` dictionary
that is grep-friendly, and we just let
`deployment_repr` do simple formatting
without translating string constants.

This is pretty easy to test:

    - set DEBUG_ERROR_REPORTING = True
    - modify some code to throw an exception
    - see error output in #errors
    - use "/emails" with text-only option to view
      errors
2020-05-06 16:29:53 -07:00
Steve Howell 710e3144e7 error logging: Remove `zulip_version_file` code.
This code was bitrotted--we no longer have a file
called `version`.

The info that was probably reported when that feature
was originally written probably lives now
in `zulip-git-version`, although I didn't research
all the history here.  Here is the relevant
excerpt from `version.py`:

    zulip_git_version_file = os.path.join(
        os.path.dirname(os.path.abspath(__file__)),
        'zulip-git-version')

    if os.path.exists(zulip_git_version_file):
        with open(zulip_git_version_file) as f:
            version = f.read().strip()
            if version:
                ZULIP_VERSION = version

The file gets written as follows:

    $ cat tools/cache-zulip-git-version
    #!/usr/bin/env bash
    set -e

    cd "$(dirname "$0")/.."
    git describe --tags --match='[0-9]*' > zulip-git-version || true

Here is what that might look like:

    2.2-dev-2102-gf256ea39eb

Here is an excerpt from one of our recent error reports,
which demonstrates that the code I eliminated here was not
functioning (the third field is missing):

    Deployed code:
    - git: 2.2-dev-2028-g99ce96d49b-dirty
    - ZULIP_VERSION: 2.2-dev-2028-g99ce96d49b

This fixes the main problem reported on #7868.  I think
we may just want to close the issue, since the other
`nocoverage` stuff seems harmless to me.
2020-05-06 16:29:53 -07:00
Anders Kaseorg 7f52329256 check-openapi: Improve error handling.
Previously a YAML syntax error resulted in an
UnhandledPromiseRejectionWarning and a successful exit code; now it
gives a clear message and a failing exit code.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-05-06 16:28:55 -07:00
Tim Abbott d1694564b4 help: Clarify only server administrators can restore deletions. 2020-05-06 15:54:42 -07:00
Anders Kaseorg b079ba97ff desktop-login: Fix window.open invocation.
window.open expects a string, not a URL object.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-05-06 13:57:07 -07:00
Johannes Hochreiter c20fdb0d8b gitlab: Add pipeline and job URLs to pipeline event body. 2020-05-06 13:36:39 -07:00
pemontto 1688863be0 gitlab: Add support for unapproved merge request. 2020-05-06 13:34:47 -07:00
pemontto 740e01e456 gitlab: Add support for Gitlab system hooks.
Fixes #13960.
2020-05-06 13:34:47 -07:00
pemontto 46a6eb7cf8 gitlab: Add project name and url to custom topic messages. 2020-05-06 13:34:43 -07:00
Steve Howell b46c8d1dc3 typeahead: Avoid tracebacks due to navbar changes.
In our recent navbar changes, we made it so that the
Esc key auto-closed the navbar. Unfortunately,
that code would break other typeaheads with a traceback.

One user-facing symptom was that if you drafted a PM
and started a typeahead on a recipient, then hitting
the Esc key wouldn't close the typeahead.

Now we use an `on_escape` mechanism that is specific
to the navbar typeahead, so that it's both generic and
harder to break for widgets that don't opt in to it.

See bbdc66a214 for
more details on the commit that introduced this
regression.

Note that I only call `tab_bar.exit_search` now.
I don't check the class name of the input element,
since I know that the Esc key is happening in the
context of search.  And I don't blur the input,
since it's going to be hidden.
2020-05-06 13:25:49 -07:00
Mateusz Mandera 8da8b7da41 docs: Fix typo in message-retention-policy.md. 2020-05-06 13:21:00 -07:00
Tim Abbott 50b74f7101 casper: Fix invalid check in 00-realm-creation.
We shouldn't be checking for #zfilt here, since we haven't done
anything that should cause #zfilt to load.  Instead, we verify whether
messages have loaded into the DOM (the condition we actually want) by
checking whether at least one message row is in the DOM.
2020-05-06 10:54:48 -07:00
Tim Abbott 1c5aa10147 soft_deactivation: Fix buggy error handling.
There is no such thing as `max()` on the manager object.  We meant
.last().

Introduced in 37189e1f9d, so my bug, in
a rare untested code path.
2020-05-06 10:46:54 -07:00
Rohitt Vashishtha dafc21ed7e widgets: Style buttons properly in night-mode. 2020-05-06 09:57:36 -04:00
Steve Howell 026474921a todo widget: Downgrade error to warning.
We were creating errors for task keys that were
from older versions of the widget.  We don't migrate
data for the widgets yet (they're all still considered
to be somewhat beta); instead, we just drop bad data
on the floor.

Rohitt and I re-tested the widget on czo pretty
extensively to verify that these errors don't show
up for newly created widgets.
2020-05-06 09:35:04 -04:00
sahil839 435e231567 click_handlers: Remove click handler for closing stream settings.
The click handler for closing stream settings in click_handlers.js
is removed as overlays.js contains common logic for closing all
overlays.

'exports.close' in subs.js is removed and 'hashchange.exit_overlay'
is used in 'overlays.open_overlay' call.
2020-05-05 21:44:09 -07:00
orientor 3ffc9466c9 openapi: Combine two similar openapi markdown extensions.
Previously api_description and api_code_examples were two independent
markdown extensions for displaying OpenAPI content used in the same
places.  We combine them into a single markdown extension (with two
processors) and move them to the openapi folder to make the codebase
more readable and better group the openapi code in the same place.
2020-05-05 21:42:31 -07:00
Cyril Cohen 0d6f80059b
gitter import: Subscribe every user to every stream. 2020-05-05 21:31:35 -07:00
Alex Vandiver 3a7a032ee2
docs: Remove unnecessary double-backticks in indented line.
These came in during the conversion from rST in 337155f280.
2020-05-05 21:28:00 -07:00
Tim Abbott 50ed031f8e test_docs: Update a string for verifying docs. 2020-05-05 17:26:22 -07:00
Tim Abbott 5ea942caff api docs: Improve a few common OpenAPI descriptions.
This fixes a few regressions of documentation introduced earlier in
this branch.
2020-05-05 17:11:14 -07:00
shubhamgupta2956 57c38f1c79 api_docs: Add "EmojiCode" common component.
To facilitate re-use of the same parameters in other paths, this commit
store the content of the parameter "emoji_code" in components.
2020-05-05 17:02:56 -07:00
shubhamgupta2956 08314e3bf4 api_docs: Add "ReactionType" common component.
To facilitate re-use of the same parameters in other paths, this commit
store the content of the parameter "reaction_type" in components.
2020-05-05 17:02:56 -07:00
shubhamgupta2956 db3d95fd16 api_docs: Add "Principals" component.
To facilitate re-use of the same parameters in other paths, this commit
store the content of the parameter "principals" in components.
2020-05-05 17:02:56 -07:00
shubhamgupta2956 c4ebe98bba api_docs: Add IncludeCustomProfileFields component.
To facilitate re-use of the same parameters in other paths, this commit
store the content of the parameter "include_custom_profile_fields" in
components.
2020-05-05 17:02:53 -07:00