Commit Graph

21723 Commits

Author SHA1 Message Date
Tim Abbott 539ff20ec2 socket: Add logging for CSRF issue in logging code.
This should help make it possible to debug #6961.
2017-10-11 22:39:14 -07:00
Tim Abbott cbbdd539f4 populate_db: Fix creating welcome-bot at the wrong place.
While it might be useful to have created welcome-bot earlier in a
certain sense, it's definitely not a good idea in this populate_db
implementation, because doing so threw off the random initial
assignment of users to streams and thus broke the casper tests.
2017-10-11 22:17:09 -07:00
Tim Abbott bfaf0fb3b2 build-release-tarball: Stop using .gitattributes.
Unfortunately, GitHub's web UI for generating release tarballs uses
`.gitattributes` to control what files to download, and thus if you
downloaded a source tarball for older Zulip versions using the GitHub
web UI, you'd be missing important files.

We fix this for future releases by moving the blacklist out of
.gitattributes.

Fixes #129.
2017-10-11 21:51:42 -07:00
Robert Hönig e749deb136 onboarding: Add welcome-bot response to initial user message.
Fixes #6030.
2017-10-11 20:45:42 -07:00
derAnfaenger 5ddc336844 tests: Add welcome bot as user. 2017-10-11 20:45:42 -07:00
Greg Price 55426894cd errors: Force a super-simpler handler for 400 errors.
This works around a bug in Django in handling the error case of a
client sending an inappropriate HTTP `Host:` header.  Various
internal Django machinery expects to be able to casually call
`request.get_host()`, which will attempt to parse that header, so an
exception will be raised.  The exception-handling machinery attempts
to catch that exception and just turn it into a 400 response... but
in a certain case, that machinery itself ends up trying to call
`request.get_host()`, and we end up with an uncaught exception that
causes a 500 response, a chain of tracebacks in the logs, and an email
to the server admins.  See example below.

That `request.get_host` call comes in the midst of some CSRF-related
middleware, which doesn't even serve any function unless you have a
form in your 400 response page that you want CSRF protection for.
We use the default 400 response page, which is a 26-byte static
HTML error message.  So, just send that with no further ado.

Example exception from server logs (lightly edited):

  2017-10-08 09:51:50.835 ERR  [django.security.DisallowedHost] Invalid HTTP_HOST header: 'example.com'. You may need to add 'example.com' to ALLOWED_HOSTS.
  2017-10-08 09:51:50.835 ERR  [django.request] Internal Server Error: /loginWithSetCookie
  Traceback (most recent call last):
    File ".../django/core/handlers/exception.py", line 41, in inner
      response = get_response(request)
    File ".../django/utils/deprecation.py", line 138, in __call__
      response = self.process_request(request)
    File ".../django/middleware/common.py", line 57, in process_request
      host = request.get_host()
    File ".../django/http/request.py", line 113, in get_host
      raise DisallowedHost(msg)
  django.core.exceptions.DisallowedHost: Invalid HTTP_HOST header: 'example.com'. You may need to add 'example.com' to ALLOWED_HOSTS.

  During handling of the above exception, another exception occurred:

  Traceback (most recent call last):
    File ".../django/core/handlers/exception.py", line 109, in get_exception_response
      response = callback(request, **dict(param_dict, exception=exception))
    File ".../django/utils/decorators.py", line 145, in _wrapped_view
      result = middleware.process_view(request, view_func, args, kwargs)
    File ".../django/middleware/csrf.py", line 276, in process_view
      good_referer = request.get_host()
    File ".../django/http/request.py", line 113, in get_host
      raise DisallowedHost(msg)
  django.core.exceptions.DisallowedHost: Invalid HTTP_HOST header: 'example.com'. You may need to add 'example.com' to ALLOWED_HOSTS.
2017-10-11 20:43:36 -07:00
Tim Abbott 8828e96b87 presence: Avoid checking activity when reloading.
We sometimes get blueslip errors from browsers that are clearly still
attempting to reload long after they should have.  These browsers can
produce a lot of unnecessary presence update exceptions.

To solve that, we start checking reload_in_progress in the presence
code path.

While we're at it, we also add some blueslip logging for the reload
code path, in case it becomes useful when debugging future issues.
2017-10-11 20:39:28 -07:00
Brock Whittaker f8a2f06a84 reload: Continually attempt to reload page when reloading.
We've had a few reports of users using modern Chrome having problems
where reload.is_in_progress() was true, but the browser was just
sitting there, not having reloaded.

This will continually attempt to reload the page periodically try and
compensate for the behavior in Chrome where it appears that the tab
has to be active or semi-active for `location.reload` to be respected
when Chrome is trying to save power, which means that it should just
continually try until the page is active again, in which case the
`location.reload` func will work and reload the page.

See https://developers.google.com/web/updates/2017/03/background_tabs
for the Chrome featureset that we believe may be involved with this
issue.

Tweaked by tabbott to reload earlier and add the on-focus handler.

Fixes: #6821.
2017-10-11 20:38:33 -07:00
Tim Abbott 80e50f4b57 test-backend: Add goal of full coverage on zerver/*.py.
Like the zerver/lib changes, this should help make the backend
coverage TODO list a bit more explicit.
2017-10-11 20:17:37 -07:00
Tim Abbott ce579d5896 test-backend: Make test coverage gaps in zerver/lib more explicit.
This will make it much less likely that we'll have more regressions of
files losing 100% test coverage like push_notifications.py had
recently.
2017-10-11 20:17:37 -07:00
Tim Abbott 676a6af8cb push_notifications: Get back to 100% test coverage.
We didn't have tests for a few new code paths.
2017-10-11 20:17:27 -07:00
Tim Abbott 298c59f7fd push_notifications: Fix error message for unregistered bouncer.
Previously, we were just returning a JSON error to the client, when it
was a server problem.

Fixes #6639.
2017-10-11 19:09:24 -07:00
Tim Abbott 9e2e344937 report: Fix missing test coverage on draft sanitization. 2017-10-11 18:43:39 -07:00
Tim Abbott b3b5d5b7cd report: Avoid sending raw message content in error reporting.
This fixes a violation of Zulip's privacy policies (that error
reporting never contain message content) in the previous commit.
2017-10-11 17:44:05 -07:00
Harshit Bansal eedcbe2d47 drafts: Automatically delete misbehaving drafts while formatting.
While applying formatting to drafts if any draft contains some syntax
which our markdown processor is unable to process delete the draft so
that drafts overlay can be opened without any error. Also report the
exception to the server so that error can be fixed.
2017-10-11 17:44:03 -07:00
Steve Howell 9ecf41980c Remove message.is_mentioned in message events.
This field would get overwritten with an improper value when
we looped over multiple clients, due to not making full copies
of the message dictionary.  This failure would be somewhat
random depending on how clients were ordered in the loop.

The only consumers of this field were the mobile app and the
apply-events-to-unread-counts logic.  Both of these will now
use `flags` instead.
2017-10-11 16:55:34 -07:00
Steve Howell fed972d1fb Fix bug with applying message events to unread counts.
The `is_mentioned` flag in message events was buggy.  We now
look directly at flags.

We will kill off `is_mentioned` in a subsequent commit.

We also remove some debugging code in the test that was failing
before this fix.  The test would only fail when `is_mentioned`
was wrong, which never happened when you ran a single test, and
which would happen randomly when you ran multiple tests.
2017-10-11 16:55:34 -07:00
Tim Abbott 9426ee024b logging: Filter tornado.general logging for being spammy.
Apparently, this sockjs.tornado logging code resulted in a lot of
buggy error emails whenever a Zulip browser tried to reconnect on a
new IP.  I don't see an obvious way to suppress them from within
sockjs, but that might be a good follow-up issue.

Fixes #6959.
2017-10-11 16:53:52 -07:00
Brock Whittaker 36c2a6d8c9 streams: Change copy for stream creation suggestion.
This changes the copy and reverses the order of the button and text.
2017-10-11 16:17:36 -07:00
Brock Whittaker 71d61f93d5 streams: Change button styles on new stream creation form.
This changes the button styles from the old bootstrap buttons to
the new button styles on the stream creation form.
2017-10-11 16:17:36 -07:00
Brock Whittaker 6039687ecd streams: Add "Create Stream" button to right side.
This adds a button to allow a user to more easily discover the
stream creation functionality to the right side of the streams
overlay.
2017-10-11 16:17:36 -07:00
Steve Howell a6ad9a6d7c Add is_zephyr to the Stream model.
Add this field to the Stream model will prevent us from having
to look at realm data for several types of stream operations, which
can be prone to either doing extra database lookups or making
our cached data bloated.

Going forward, we'll set stream.is_zephyr to True whenever the
realm's string id is "zephyr".
2017-10-11 16:15:56 -07:00
Tim Abbott c1f12e3f8a scrolling: Fix out-of-order bug in the message list.
The issue has a lot of extra details, but in short, if several
messages were sent at very close to the same time, it's possible that
the event queues will receive the "new message" events out-of-order.
This, in turn, could cause `get_events` to return an incorrectly
sorted block of messages.  These would then be passed into
`message_list.add_messages`, which doesn't handle that sort of
unsorted situation correctly (in short, the `self.first.id()`
comparison checks are not accurate for that situation, since we don't
update the boundaries after the first messages is processed).

The end result of this bug was that it was possible for the message
list to be out-of-order, which in turn would cause exceptions when
scrolling with the mouse.

Fixes #6948.
2017-10-11 15:57:11 -07:00
Tim Abbott 9378489367 context_processors: Don't require coverage for ZulipElectron block.
This mostly makes sense because that code path doesn't do anything but
impact how a CSS class is handled.
2017-10-11 14:52:38 -07:00
amanharitsh123 39c0771800 portico: Add back to login page link on reset page.
This adds a link that goes back to the login page only for the
Zulip Electron application.

Fixes: #6763.
2017-10-11 14:02:49 -07:00
Brock Whittaker 5b3bd49061 portico: Enable content discrimination by platform.
This allows CSS to discriminate by platform and show particular
content; in this case showing things with the attribute
[if-zulip-desktop] content only on “ZulipElectron”.
2017-10-11 14:02:49 -07:00
Brock Whittaker 07e5f7ea1e context_processors: Enable platform detection in templates.
This enables the ability to detect the platform in a template.
2017-10-11 14:02:48 -07:00
Brock Whittaker d17db446cf Fix up the hostpot styling.
This changes the box shadow to be less bold than currently,
makes the button target larger, the text larger, and the hotspots
anti-aliased.
2017-10-11 13:53:59 -07:00
Brock Whittaker 3379be9b46 components: Switch checkboxes to be natively grayscale.
This switches the checkboxes to be natively grayscale by
referencing the `checkbox.png` file rather than `checkbox-gree.png`
which means that we no longer need to apply the -webkit-filter
setting for grayscale.
2017-10-11 13:15:44 -07:00
Brock Whittaker 835b6c7059 components: Make checkboxes darker.
This makes the standard checkboxes 7% darker and makes the disabled
ones about 12% darker + 7% darker than they were before, to
increase visibility.

Fixes: #6331.
2017-10-11 13:15:44 -07:00
Brock Whittaker c2b7cd0f7e color-picker: Fix input height to display correct on FF.
This fixes the input to not be too short on FF and to have proper
padding on Chrome.

Fixes: #6361.
2017-10-11 12:59:28 -07:00
derAnfaenger f6834bb60e tools: Remove `.pl` extension from user script. 2017-10-11 12:52:36 -07:00
derAnfaenger d556f677b2 tools: Consistently use hyphen in user script names. 2017-10-11 12:52:36 -07:00
derAnfaenger 61aebd036f tools: Remove `.py` extensions from user scripts. 2017-10-11 12:52:36 -07:00
derAnfaenger df948c7ea5 Remove useless shebang lines. 2017-10-11 12:52:36 -07:00
Brock Whittaker 1096bd11c9 streams: Rename settings hide/show functions.
The stream settings hide/show functions were "collapse" and
"show_sub", and this changes them to be "hide_sub_settings" and
"show_sub_settings".
2017-10-11 12:44:10 -07:00
Brock Whittaker 20af49b2bb streams: Call `actually_filter_streams` on stream events update.
Previously it was called before the event was processed by the server
and the subscription was updated to have the user subscribed to a
stream, so there was a race condition that would make it iso that
sometimes the stream line would disappear on the next render pass due
to the event not having completed yet.

This makes it so that the re-render happens after the event is
processed in `stream_events.js`.

Fixes: #6797.
2017-10-11 12:44:10 -07:00
Brock Whittaker 2ae2727c8b streams: Refactor `actually_filter_streams` to be public.
This refactors the function to be publicly accessible so we can call
the filter streams function from other modules.
2017-10-11 12:44:10 -07:00
Brock Whittaker 59cfed16ed streams: Hide and show settings properly for subscribed streams.
This now will show the settings properly when one unsubscribes and
resubscribes to a particular stream.

Fixes: #6798.
2017-10-11 12:44:10 -07:00
Brock Whittaker 9e9927d1d0 streams: Refactor `setup_subscriptions_stream_hash` arguments.
This refactors the arguments in the `setup_subscriptions_stream_hash`
method to remove the `stream_id` param and just take it from the `sub`
argument it is passed (which is an object that contains the property,
`stream_id`.
2017-10-11 12:44:10 -07:00
Brock Whittaker 7b8f2f8828 emoji-popover: Change :focus state from outline to darken.
This changes the :focus state of reactions that have been reacted
by yourself to darken on :focus rather than have the default
browser outline.
2017-10-11 12:31:49 -07:00
Brock Whittaker 897b33e79d components: De-duplicate `.no-underline` class.
This de-duplicates occurances of the `.no-underline` class by
removing it from "portico.css" and ensuring compaitbility by adding
support for the standard and :hover cases.
2017-10-11 12:24:44 -07:00
Brock Whittaker 968a8a0b6c /create_realm/: Change TOS checkbox to feature new styling.
This changes the TOS checkbox to use the internal checkbox styling
rather than the unstyled default appearance.
2017-10-11 12:24:44 -07:00
Brock Whittaker df9092cf42 components: Split out "app_components.css" for shared components.
This new “app_components.css” is for shared components between the
internal app and the portico pages.
2017-10-11 12:24:44 -07:00
neiljp (Neil Pilgrim) c04ff1cc79 mypy: Any->Call in create_single_page() in create-test-api-docs. 2017-10-11 12:16:50 -07:00
neiljp (Neil Pilgrim) fc947d92e2 mypy: Improve return type in bitbucket2 webhook function. 2017-10-11 12:16:50 -07:00
Steve Howell 7c726a5e77 Remove sender names from the message cache.
This removes sender names from the message cache, since
they aren't guaranteed to be valid, and they're inexpensive
to add.

This commit will make the message cache entries smaller
by removing sender___full_name and sender__short_name
fields.

Then we add in the sender fields to the message payloads
by doing a query against the unique sender ids of the
messages we are processing.

This change leads to 2 extra database hops for most of
our message-related codepaths.  The reason there are 2 hops
instead of 1 is that we basically re-calculate way too
much data to get a no-markdown dictionary.
2017-10-11 11:37:16 -07:00
Steve Howell 3910448b1d Extract MessageDict.post_process_dicts().
Introduce MessageDict.post_process_dicts() will allow us
the ability to do the following:

    * use less memory in the cache for repeated data
    * prevent cache invalidation
    * format data according to different client needs

The first use of this function is pretty inconsequential, but
it sets us up for more consequential changes.

In this commit we defer the MessageDict.hydrate_recipient_info
step until after we pull data out of the cache.  This impacts
cache size as follows:

    * streams - negligibly bigger
    * PMs/huddles - slimmer due to not needing to repeat
                    sender data like email/full_name

Again, the main point of this change is to start setting up
the infrastructure to do post-processing.
2017-10-11 11:37:16 -07:00
Steve Howell 6bf43e6332 refactor: Extract MessageDict.hydrate_recipient_info().
This is a first step to eventually slimming the message cache,
but there are still some moving parts there to be worked through.

The more immediate benefit of extracting this function is that
we can put tests on it.  Also, it isolates some functionality
that may go away as our clients gets smarter.
2017-10-11 11:37:16 -07:00
Tim Abbott baee129eda lint: Exclude style= rules for email log.
This is temporary, because this PR was written before these rules were
put in place.
2017-10-11 10:41:40 -07:00