Commit Graph

56382 Commits

Author SHA1 Message Date
Anders Kaseorg 0dd92d2116 test_classes: Add Content-Type header to empty DELETE/POST bodies.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-02-05 19:57:21 -05:00
Anders Kaseorg a356ec7011 test_classes: Default client_post to application/x-www-form-urlencoded.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-02-05 19:57:21 -05:00
Anders Kaseorg d9f2f23c6a requirements: Upgrade to openapi-core pre-release.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-02-05 19:57:21 -05:00
Anders Kaseorg 41f253774d Revert "zproject: Prevent having exactly 17/18 middlewares, for Python 3.11 bug."
This reverts commit cf0b803d50.
2024-02-05 19:57:21 -05:00
Anders Kaseorg 4f27381ebc ci: Disable coverage on Debian 12.
This is probably a more effective workaround for
https://github.com/python/cpython/issues/106092.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-02-05 19:57:21 -05:00
roanster007 49e3e6da06 timerender: Fix get_timestamp_for_flatpickr when no parameter passed.
Previously, when no parameter was passed to the get_timestamp_for_
flatpickr method, it would result in an uncaught exception. This is
breaking the "Add global time" of compose bar.

This can be avoided by doing an early return of current time to hour
in case no string is passed.
2024-02-05 12:33:39 -08:00
roanster007 d971b36026 timerender: Extract get_current_time_to_hour helper.
We will reuse this in the next commit.
2024-02-05 12:33:13 -08:00
Alex Vandiver fe1fd30a58 puppet: Create redistunnel group.
This was left off of 1fe5e7c7da.
2024-02-05 12:15:15 -08:00
Aman Agrawal 37b0f59200 reactions: Rename `get_reaction_section`.
We pluralize it to indicate that it can return multiple row from
multiple lists / rows.
2024-02-05 11:06:46 -08:00
Aman Agrawal c436b8011f message_list_view: Use `$()` to create an empty jQuery object. 2024-02-05 11:06:46 -08:00
Aman Agrawal 7463f561f1 echo: Track if we are showing slow spinner for a message. 2024-02-05 11:06:46 -08:00
Aman Agrawal 8acbf02ad7 reactions: Fix reactions not displayed in all messages view.
We were not updating all the rendered `messages-rows` but just
for the current view.

This bug was introduced in
df180f7bd5
2024-02-05 11:06:46 -08:00
Lauryn Menard cbb6d962d5 stripe: Add billing address collection to checkout session.
This will require customers to include an address when setting
up, or updating, the credit card information for their account.
The billing address for the card will also be saved as the
billing address for the stripe customer object.

The customer object billing address appears on the invoices
that are generated by stripe.
2024-02-05 10:16:04 -08:00
Aman Agrawal f71337aaf7 compose_actions: Fix incorrect condition.
This was introduced in #28767 with the intention to skip scrolling
the selected message.

So, the actual bug that the PR fixed would have been just fixed
by opening the compose box early.
2024-02-05 08:51:10 -08:00
Alex Vandiver 437361de32 requirements: Revert orjson upgrade due to segfault.
Version 3.9.11 and 3.9.12 are susceptible to random segfaults:
- https://github.com/ijl/orjson/issues/452
2024-02-05 08:42:29 -08:00
Tim Abbott 67ed87ecb5 web: Use better exponential backoff algorithm.
This matches the algorithm that we designed for the Python API, except
that we use a ratio of 2 rather than sqrt(2) in the message_fetch code
path, because it's a heavier request.

We increase the number of failures before showing a user-facing error
to roughly preserve the same time period before a user-facing error is
shown.
2024-02-04 17:38:56 -08:00
Tim Abbott e91748022f web: Respect rate-limiting headers in main APIs.
Previously, these endpoints just did exponential backoff, without
looking at the rate-limiting headers returned by the server, resulting
in requests that the client could have been certain would fail with an
additional rate-limiting error.

Fix this by using the maximum of the existing exponential backoff with
the value returned by the rate-limiting header.

Fixes #28807.
2024-02-04 17:38:56 -08:00
Tim Abbott 624e1a85ce message_fetch: Add small backfill delay.
This should help reduce the risk of hitting rate limits when users
have a very large number of messages to fetch via this mechanism.

Inline the `messages` variable that was only used in one place while
we're touching this.
2024-02-04 17:38:56 -08:00
Tim Abbott 370afd6464 reload: Add on-focus handler after a delay. 2024-02-04 17:38:56 -08:00
Tim Abbott 5f4e1de661 util: Fix call_function_periodically.
This function incorrectly and misleadingly did an immediate initial
call, despite both of its callers doing immediate calls themselves (in
one case, with a different parameter passed).

This led to unnecessary server load when reloading the app via event
system triggered reloads, since every client would call `/` twice.
2024-02-04 17:38:56 -08:00
Aman Agrawal de33aa4b7b stripe: Add page to show list of past customer invoices. 2024-02-04 17:38:24 -08:00
Tim Abbott d8ec141de2 navigate: Fix buggy detection of start/end.
I was not able to reproduce obviously badly broken behavior from these
logic bugs, but after the renaming of message_viewport helpers in the
last few commits, it's clear that this logic was trying to check if
we're actually at the start/end of the possibly message feed, not just
the rendered portion, and doing so incorrectly.
2024-02-04 17:34:24 -08:00
Tim Abbott 4f8da7462d message_scroll: Add some explanatory comments. 2024-02-04 17:34:24 -08:00
Tim Abbott 84ec491e34 message_viewport: Rename at_top for clarity. 2024-02-04 17:34:24 -08:00
Tim Abbott 42956e0305 message_viewport: Rename at_bottom for clarity. 2024-02-04 17:34:24 -08:00
Tim Abbott 45f9bd21e5 message_viewport: Rename bottom_message_visible. 2024-02-04 17:34:24 -08:00
Tim Abbott 6562ea94e4 unread: Stop treating bottom of render windows as the global bottom.
The previous logic for both scrolling down and using pagedown would
incorrectly mark an entire conversation as read when reaching the
bottom of a render window, even if there were more messages loaded or
to fetch from the server.

Fix this error in the calculation by asking the correct data
structures if we're actually at the bottom.

To avoid the navigate.js keyboard shortcut code paths circumventing
this new logic, or needing to duplicate it, they now call
process_visible, rather than its helper.
2024-02-04 17:34:24 -08:00
Aman Agrawal da7cb0af1c bootstrap: Remove unused dropdown toggle class definitions. 2024-02-03 17:20:28 -08:00
Aman Agrawal ee2f08aa96 css: Remove state dropdown-toggle class. 2024-02-03 17:20:28 -08:00
Aman Agrawal 088eadbca1 css: Remove stale dropdown-list-widget class. 2024-02-03 17:20:28 -08:00
Aman Agrawal 1b8605a6e6 stream_popover: Remove remnants select_stream_widget.
We replaced the bootstrap dropdown with our custom dropdown
widget. These were missed during the migration.
2024-02-03 17:20:28 -08:00
Aman Agrawal 91073cfbe1 css: Remove stale CSS.
This doesn't seem to be effectively used anywhere.
2024-02-03 17:20:28 -08:00
Aman Agrawal e923c593f6 topic_generator: Rearrange checks inside if statement.
Primary objective is to remove the call to narrow_state.active,
in doing so, I rearranged the conditions a bit.
2024-02-03 17:19:30 -08:00
Aman Agrawal adedc0283f narrow: Remove not required call to save_narrow.
Since we always call `deactivate` from `hashchange`,
`browser_history.state.changing_hash` is always `true` and hence
`save_narrow` just retuns without doing anything.
2024-02-03 17:19:30 -08:00
Aman Agrawal eaafaba482 unread_ops: Remove unused function. 2024-02-03 17:19:30 -08:00
Aman Agrawal 3099457e06 narrow: Remove duplicate clear search form.
This function doesn't need to be called since `render_title_area`
already takes care of it which is always called when changing
narrow.
2024-02-03 17:15:26 -08:00
Alex Vandiver dc950235e5 puppet: Raise net.core.somaxconn on redis. 2024-02-02 17:54:02 -08:00
Alex Vandiver ec59b4fd78 puppet: Enact redis' kernel config suggestions. 2024-02-02 17:54:02 -08:00
Alex Vandiver 069f262e7b puppet: Inline all sysctl settings, and always check for containers. 2024-02-02 17:54:02 -08:00
Alex Vandiver fd69f5f8e2 puppet: Call systemd reload after adding or changing a teleport service. 2024-02-02 17:54:02 -08:00
Alex Vandiver 1ac6e24eaa puppet: Rename exec resource of systemd_daemon_reload.
This makes it easier to put as a "notify" resource.
2024-02-02 17:54:02 -08:00
Alex Vandiver 4947753bfd puppet: Remove unused systemd_daemon_reload.
572443edc6 removed the callsite that triggered the exec in
`zulip::systemd_daemon_reload`, making its inclusion and ordering via
`require` moot.

Remove the call.
2024-02-02 17:54:02 -08:00
Mateusz Mandera 6dd6fc045f realm_settings: Improve authentication_methods param validation.
The endpoint was lacking validation that the authentication_methods dict
submitted by the user made sense. So e.g. it allowed submitting a
nonsense key like NoSuchBackend or modifying the realm's configured
authentication methods for a backend that's not enabled on the server,
which should not be allowed.

Both were ultimately harmless, because:
1. Submitting NoSuchBackend would luckily just trigger a KeyError inside
   the transaction.atomic() block in do_set_realm_authentication_methods
   so it would actually roll back the database changes it was trying to
   make. So this couldn't actually create some weird
   RealmAuthenticationMethod entries.
2. Silently enabling or disabling e.g. GitHub for a realm when GitHub
   isn't enabled on the server doesn't really change anything. And this
   action is only available to the realm's admins to begin with, so
   there's no attack vector here.

test_supported_backends_only_updated wasn't actually testing anything,
because the state it was asserting:
```
        self.assertFalse(github_auth_enabled(realm))
        self.assertTrue(dev_auth_enabled(realm))
        self.assertFalse(password_auth_enabled(realm))
```

matched the desired state submitted to the API...
```
        result = self.client_patch(
            "/json/realm",
            {
                "authentication_methods": orjson.dumps(
                    {"Email": False, "Dev": True, "GitHub": False}
                ).decode()
            },
        )
```

so we just replace it with a new test that tests the param validation.
2024-02-02 17:26:32 -08:00
Alex Vandiver 6e9b25d993 puppet: Add key to allow prod to write ccache on zmirrorp. 2024-02-02 17:24:12 -08:00
Alex Vandiver 96b65cbeab install-ssh-authorized-keys: Merge multiple authorized_keys secrets. 2024-02-02 17:24:12 -08:00
Alex Vandiver 1567275959 install-ssh-authorized-keys: Use --check rather than another argument. 2024-02-02 17:24:12 -08:00
Alex Vandiver afa24923e5 install-ssh-authorized-keys: Enable -o pipefail to catch AWS errors. 2024-02-02 17:24:12 -08:00
Alex Vandiver a0347e76cb install-ssh-keys: Enable -o pipefail to catch AWS errors. 2024-02-02 17:24:12 -08:00
Alex Vandiver f8a9edc382 install-ssh-*: Pass -a to rsync to preserve rights, owners, and times. 2024-02-02 17:24:12 -08:00
Alex Vandiver 0bd1e2b434 puppet: Rename and limit production key distribution. 2024-02-02 17:24:12 -08:00