Commit Graph

1588 Commits

Author SHA1 Message Date
Brock Whittaker 83184d5c60 /about/: Merge with /authors, redesign page.
This adds the authors to the Zulip repository on GitHub from
/authors/ along with re-styling the page to fit the same
aesthetic as /for/open-source/ and other product-pages.
2017-08-15 16:09:01 -07:00
Jack Zhang b82bdc82bf context_processors.py: Add flag for whether page is help center.
This is needed once the header markup is deduplicated.
2017-08-15 12:15:21 -07:00
Tim Abbott ffc1ceeaa4 lint: Ban use of get_stream in the rest of messages.py.
This will help avoid potential future security bugs.
2017-08-15 10:40:02 -07:00
Tim Abbott 842bf77efb unread: Convert mark_topic_as_read to use stream IDs.
This is safer in its handling of potentially renamed streams.
2017-08-15 10:40:02 -07:00
Tim Abbott f3a41ac796 unread: Convert mark_stream_as_read to use stream IDs.
The logic is simpler and more robust.
2017-08-15 10:40:02 -07:00
Steve Howell 89f9017686 Create new endpoints for marking streams/topics as read.
The new endpoints are:
    /json/mark_stream_as_read: takes stream name
    /json/mark_topic_as_read: takes stream name, topic name

The /json/flags endpoint no longer allows streams or topics
to be passed in as parameters.
2017-08-15 10:17:29 -07:00
Steve Howell 60cc8fd58a Extract do_mark_stream_messages_as_read.
This function optimizes marking streams and topics as read,
by using UserMessage.where_unread(), which uses a partial
index on the "read" flag.

This also simplifies the code path for ordinary message
flag updates.

In order to keep 100% line coverage, I simplified the
logging in update_message_flags, so now all requests
will show the "actually" format.

This is an interim step toward creating dedicated endpoints
for marking streams/topics as reads, so we do error checking
with asserts for flag/operation, so we don't introduce a
temporary translation string.
2017-08-15 10:09:10 -07:00
Steve Howell ffe4f09c88 Extract update_stream_topic_message_flags.
This is mostly a pure code extraction, except that we now
disregard the `messages` option for stream/topic updates,
since the web app always passes in an empty list (and this
commit is really just an incremental step toward creating
new endpoints.)
2017-08-15 10:09:10 -07:00
Tim Abbott a6a3915dd7 messages: Move is_public_stream out of views code.
The main purpose of this change is to minimize access to get_stream in
views code.
2017-08-15 10:06:26 -07:00
Steve Howell 274938bf5f Eliminate approximate_unread_count().
We use page_params.unread_msgs.count in the web
app instead.

Fixes #1300.
2017-08-14 12:39:00 -07:00
Jack Zhang fc6c2b321b portico: Reimplement /apps routes using pushState. 2017-08-10 10:21:53 -07:00
Jack Zhang 1e6570fa5d Update integrations doc context relative urls. 2017-08-10 10:21:53 -07:00
Tim Abbott 1d10941712 register: Don't display field to enter password unless needed.
This should significantly improve the user experience for new users
signing up with GitHub/Google auth.  It comes complete with tests for
the various cases.  Further work may be needed for LDAP to not prompt
for a password, however.

Fixes #886.
2017-08-09 13:44:57 -07:00
Umair Khan 4a3fde023f google: Respect is_signup argument.
This allows us to go to Registration form directly. This behaviour is
similar to what we follow in GitHub oAuth. Before this, in registration
flow if an account was not found, user was asked if they wanted to go to
registration flow. This confirmation behavior is followed for login
oauth path.
2017-08-09 13:44:57 -07:00
Umair Khan bb0eb76bf3 github: Don't ask for password in registration. 2017-08-09 13:44:57 -07:00
neiljp (Neil Pilgrim) 24cc14c10d mypy: Refer to default_stream in if statement, allowing type inference. 2017-08-07 21:27:50 -07:00
Rishi Gupta 251bd3e577 registration.py: Remove first_in_realm from accounts_register.
The parent commit implies first_in_realm == realm_creation.
2017-08-05 10:17:14 -07:00
Steve Howell 63f7b9a579 Remove "all" option for flag-updating endpoint.
The "all" option for 'message/flags' was dangerous, as it could
apply to any of our flags.  The only flag it made sense for, the
"read" flag, now has a dedicated endpoint.
2017-08-04 14:10:46 -07:00
Steve Howell 541156792e Add /mark_all_as_read endpoint.
This change simplifies how we mark all messages as read.  It also
speeds up the backend by taking advantage of our partial index
for unread messages.  We also use a new statsd indicator.
2017-08-04 14:10:46 -07:00
neiljp (Neil Pilgrim) b19e62b7ce mypy: Initialize search_term to {} rather than None & avoid Optional. 2017-08-03 11:09:50 -07:00
Rishi Gupta f995094441 registration: Split out onboarding messages to onboarding.py. 2017-08-01 22:47:53 -07:00
Rishi Gupta cec65d78da realm creation: Update text of initial PM. 2017-08-01 22:38:22 -07:00
Rishi Gupta a51d8d4251 realm creation: Change initial realm messages and streams. 2017-08-01 22:38:22 -07:00
Rishi Gupta 9c5765bcde registration: Split welcome message creation out of initial stream creation.
The welcome messages aren't a faithful reproduction of what was there
before, but they're about to be changed in the next few commits anyway.
2017-08-01 22:38:22 -07:00
Rishi Gupta 70d77c7251 realm creation: Move sending of initial notifications stream message.
Slowly collecting all initial realm messages into
send_initial_realm_messages, so that it is easy to control their order.
2017-08-01 22:38:22 -07:00
Rishi Gupta 377e32d77c realm creation: Add an initial private stream. 2017-08-01 22:38:22 -07:00
Rishi Gupta 139a2224fe realm creation: Move initial stream setup into its own function. 2017-08-01 22:38:22 -07:00
James Rowan db4a8227ee realm creation: Move DEFAULT_NEW_REALM_STREAMS out of settings. 2017-08-01 22:38:22 -07:00
Tim Abbott 1338c6fa0c report: Fix path to find webpack bundle source maps.
The previous code only worked for release tarballs, which has the
source maps in both places.
2017-08-01 08:55:45 -07:00
Tim Abbott a9fa1a5527 api: Migrate /json/messages_in_narrow off legacy API.
This completes the major endpoint migrations to eliminate legacy API
endpoints from Zulip.

There's a few other things that will happen naturally, so I believe
this fixes #611.
2017-07-31 13:08:06 -07:00
Tim Abbott ed10ce70d4 invites: Migrate to non-legacy API format.
This has the side effect of making it possible for a bot user to
invite users with its API key, which seems useful.
2017-07-31 13:08:06 -07:00
Tim Abbott 6a50e13156 uploads: Remove legacy /json/upload_file endpoint.
This migrates Zulip to use the equivalent API endpoint that has been
present for a while.
2017-07-31 13:08:06 -07:00
Tim Abbott 1e5aee054b settings: Migrate main settings-change code to API.
This was one of the few major remaining endpoints that were still on
the old-style legacy API.
2017-07-31 13:08:06 -07:00
Tim Abbott 9bf02fb913 custom_profile: Prevent bot users from accessing endpoint. 2017-07-31 13:08:06 -07:00
Tim Abbott 93261e14b7 hotspots: Prevent bot users from accessing endpoint. 2017-07-31 13:08:06 -07:00
Anna Liao 6a3c8ca2c5 push_notifications: Add human users only decorator.
This is part of #4517.
2017-07-31 13:08:06 -07:00
vaibhav 691aff55a3 bots: Add UI to select Slack compatible interface for webhooks.
interface_type select menu will be used to choose the interface
for outgoing webhooks. It will be displayed only when the selected
bot type is OUTGOING WEBHOOK type. The default value is GENERIC
interface type (1).
2017-07-28 16:22:55 -07:00
Pweaver (Paul Weaver) 5932896ebb Fix browser error reporting to find webpack source map files.
When we switched to using webpack, source map files weren't being
logged in the expected place.
2017-07-28 16:01:23 -07:00
Steve Howell 69fd967c5d topics history: Simplify data in /topics endpoint.
In anticipation of have all unread message ids available to the
web app in page_params (via a separate effort), we are simplifying
the /topics endpoint to no longer return unread counts.

Instead we have a list of tiny dictionaries with these fields:

    name - name of the topic
    max_id - max message id for the topic (aka most recent)

The items in the list are order by most-recent-topic-first.
2017-07-27 14:26:22 -07:00
Vishnu Ks 6551640c67 confirmation: Use ConfirmationKeyException in get_object_from_key.
Fixes #5739.
2017-07-25 18:44:30 -07:00
Greg Price 11a7a17087 streams: Remove a redundant field in the `json_stream_exists` result.
This route is called only in `js/compose.js`, to handle autosubscribe.
That code doesn't check this "exists" field, because there's no need
-- the same information is already carried in whether the result was
success or failure.  So just eliminate it.

This makes the logic here a little simpler.  It also eliminates
another usage of the `data` parameter to `json_error`.  I have half a
mind to eliminate that parameter, in favor of making `JsonableError`
subclasses whenever there's structured data to include, in particular
to get the benefits of typing.  There are a couple of places where
that change isn't locally a clear win, but this is not one of them.
2017-07-25 15:33:11 -07:00
Greg Price b2f770c1ee invite: Simplify error-handling with exceptions.
I especially like what happens to the return type of
`do_invite_users`.
2017-07-25 15:33:11 -07:00
Greg Price 28b4234227 admin: Make an error about auth settings not mimic auth errors.
This error isn't saying that any kind of authentication or
authorization failed -- it's just a validation error like
any other validation error in the values the user is asking to
set.  The thought of authentication comes into it only because
the setting happens to be *about* authentication.

Fix the error to look like the other validation errors around it,
rather than give a 403 HTTP status code and a "reason" field that
mimics the "reason" fields in `api_fetch_api_key`.
2017-07-25 15:33:11 -07:00
Greg Price 9faa44af60 JsonableError: Optionally carry error codes and structured data.
This provides the main infrastructure for fixing #5598.  From here,
it's a matter of on the one hand upgrading exception handlers -- the
many except-blocks in the codebase that look for JsonableError -- to
look beyond the string `msg` and pass on the machine-readable full
error information to their various downstream recipients, and on the
other hand adjusting places where we raise errors to take advantage
of this mechanism to give the errors structured details.

In an ideal future, I think all exception handlers that look (or
should look) for a JsonableError would use its contents in structured
form, never mentioning `msg`; but the majority of error sites might
continue to just instantiate JsonableError with a string message.  The
latter is the simplest thing to do, and probably most error types will
never have code looking for them specifically.

Because the new API refactors the `to_json_error_msg` method which was
designed for subclasses to override, update the 4 subclasses that did
so to take full advantage of the new API instead.
2017-07-24 16:41:22 -07:00
Greg Price 4837d4178d JsonableError: Make `http_status_code` a class attribute only.
This simplifies things for all codepaths not involving this feature.

Using this feature becomes slightly easier when you're already
defining a subclass, but now requires you to define a subclass.
Currently we use it just once out of >100 uses of JsonableError, and
that use already has a subclass, so this seems like a win.
2017-07-24 16:41:22 -07:00
Greg Price 6dfb46dc08 JsonableError: Rename `status_code` and rely more on its default.
With #5598 there will soon be an application-level error code
optionally associated with a `JsonableError`, so rename this
field to make clear that it specifically refers to an
HTTP status code.

Also take this opportunity to eliminate most of the places
that refer to it, which only do so to repeat the default value.
2017-07-24 16:41:22 -07:00
Greg Price e18baff32c JsonableError: Rename message from `error` to `msg`.
The whole thing is an error, so "message" is a more apt word for the
error message specifically.  We abbreviate that as `msg` in the actual
HTTP responses and in the signatures of `json_error` and friends, so
do the same here.
2017-07-24 16:41:22 -07:00
Jack Zhang e915321f89 registration: Remove organization type selection in realm creation. 2017-07-21 13:09:06 -07:00
Vishnu Ks fbf24624f8 views: Remove unused get_user_profile_by_email import from users. 2017-07-20 16:50:23 -07:00
Vishnu Ks 9e8de244e8 users: Use get_user in patch_bot_backend view. 2017-07-18 17:14:05 -07:00
Vishnu Ks 0d6e92d946 messages: Use get_user_including_cross_realm in create_mirrored_message_users. 2017-07-18 17:14:05 -07:00
Vishnu Ks 9ebf5090d2 messages: Use get_user_including_cross_realm in by_group_pm_with function. 2017-07-18 17:14:05 -07:00
Vishnu Ks fc8b6f69bd messages: Use get_user_including_cross_realm in by_pm_with function. 2017-07-18 17:14:05 -07:00
Vishnu Ks 7b78224c42 messages: Use get_user_including_cross_realm in by_sender function. 2017-07-18 17:14:05 -07:00
Vishnu Ks d99032e896 views: Add user_realm attribute to class NarrowBuilder. 2017-07-18 17:14:05 -07:00
Vishnu Ks 479945a1d5 views: Remove unused imports from messages.py. 2017-07-18 17:14:05 -07:00
Rishi Gupta 5d168c90f9 confirmation: Remove ConfirmationManager.
Also adds Confirmation.type, and cleans up the rest of Confirmation to look
more like the model definitions in zerver.

In the migration, all existing confirmations adopt the type
USER_REGISTRATION, to be conservative. In a few commits, different
confirmation types will have different validity periods, and
USER_REGISTRATION will have the shortest default.
2017-07-17 23:18:47 -07:00
Rishi Gupta 0f4b71b766 confirmation: Liberate get_link_for_object from ConfirmationManager. 2017-07-17 23:18:47 -07:00
Rishi Gupta 3b97262647 confirmation: Liberate confirm from ConfirmationManager. 2017-07-17 23:18:47 -07:00
Rishi Gupta 3bc74113ad utils: Cast generate_random_token to str.
Having this be Text is forcing various URLs, emails, etc to be type
annotated as Text.
2017-07-17 23:18:47 -07:00
Tim Abbott 1a51bcd2df actions: Record acting_user for subscriptions RealmAuditLog entries.
In most cases, we do have the data for which other user was
responsible for subscribing the target user to new streams.

The main case where we don't is when the user is created and gets the
default streams.
2017-07-17 17:23:41 -07:00
Rishi Gupta 36dbb76516 emails: Rename clear_followup_emails_queue. 2017-07-17 16:05:38 -07:00
Rishi Gupta 5b3e6af2e5 emails: Remove only emails of the correct type when clearing queue. 2017-07-17 16:05:38 -07:00
Rishi Gupta f51bd898dc notifications: Change clear_followup_emails_queue to take a user_id. 2017-07-17 16:05:38 -07:00
Vishnu Ks dd58406f03 users: Use get_user_including_cross_realm in avatar view. 2017-07-17 14:51:35 -07:00
Vishnu Ks d5c65a806b users: Decorate avatar view with zulip_login_required.
This will make it possible in the future to have multiple users on a
server witht he same email address.
2017-07-17 14:51:18 -07:00
Vishnu Ks f9245e26d9 Make user_id, realm_id mandatory in _get_unversioned_avatar_url. 2017-07-17 21:01:30 +00:00
Rishi Gupta f1aaf4cc33 emails: Remove the display_email function.
No longer needed, since this now only appears in build_email.
2017-07-16 16:56:39 -07:00
Rishi Gupta 154d37afd2 emails: Add to_user_id argument to send_email.
Both the queue processor and ScheduledJob emails need to sometimes pass a
to_user_id and sometimes pass a to_email, and it's more convenient to just
have one function that they can call that can handle either.

Also removes the now redundant send_email_to_user.
2017-07-16 16:56:39 -07:00
neiljp (Neil Pilgrim) 8611a2cafa tidying: Combine multiple 'import typing' lines onto one line. 2017-07-16 16:43:21 -07:00
Durga Akhil Mundroy 146dfa6f0b org-permissions: Add allow_edit_history organiztion setting.
This new setting controls whether or not users are allowed to see the
edit history in a Zulip organization.  It controls access through 2
key mechanisms:

* For long-ago edited messages, get_messages removes the edit history
  content from messages it sends to clients.

* For newly edited messages, clients are responsible for checking the
  setting and not saving the edit history data.  Since the webapp was
  the only client displaying it before this change, this just required
  some changes in message_events.js.

Significantly modified by tabbott to fix some logic bugs and add a
test.
2017-07-16 10:10:06 -07:00
Vaida Plankyte 28ea174ed9 backend: Implement high contrast mode display setting. 2017-07-14 14:53:24 -07:00
Steve Howell 475eb21a5e Revert commits related to client_message_id.
I pushed a bunch of commits that attempted to introduce
the concept of `client_message_id` into our server, as
part of cleaning up our codepaths related to messages you
sent (both for the locally echoed case and for the host
case).

When we deployed this, we had some strange failures involving
double-echoed messages and issues advancing the pointer that appeared
related to #5779.  We didn't get to the bottom of exactly why the PR
caused havoc, but I decided there was a cleaner approach, anyway.
2017-07-14 12:13:35 -07:00
Steve Howell 8fbb55df85 Introduce client_message_id on the server.
We are deprecating local_id/local_message_id on the Python server.
Instead of the server knowing about the client's implementation of
local id, with the message id = 9999.01 scheme, we just send the
server an opaque id to send back to us.

This commit changes the name from local_id -> client_message_id,
but it doesn't change the actual values passed yet.

The goal for client_key in future commits will be to:
    * Have it for all messages, not just locally rendered messages
    * Not have it overlap with server-side message ids.

The history behind local_id having numbers like 9999.01 is that
they are actually interim message ids and the numerical value is
used for rendering the message list when we do client-side rendering.
2017-07-13 23:42:27 -04:00
Jack Zhang 6e2f90c8c9 Improve /integrations page load time.
Prior to this commit, 7 megabytes of images (through 253 individual requests)
were heavily slowing down the initial load. With this commit, we load only the
logos (60 or so images).

Documentation and images for the individual integration sub-pages is requested
separately using the /integrations/doc/ endpoint, which returns HTML.
2017-07-13 20:37:09 -07:00
Rishi Gupta cca573421d test_emails: Add email_base_{default,message} to ignore list. 2017-07-13 19:17:53 -07:00
James Rowan 0369a9f3bf emails: Make change in email notification come from 'Zulip Account Security.' 2017-07-13 14:50:36 -07:00
neiljp (Neil Pilgrim) 07255d49d5 mypy: Add check for parse_user_agent returning None in compatibility.py. 2017-07-08 10:49:42 -07:00
Rishi Gupta 0f46fd86dd urls: Rename arguments to accounts/unsubscribe.
type -> email_type to match future work on ScheduledJob.

token -> confirmation_key to match what the other confirmation views urls
call this argument.
2017-07-07 18:56:14 -07:00
Rishi Gupta 11a4cffba0 confirmation: Add explicit host in call to get_link_for_object in auth.py. 2017-07-07 18:56:14 -07:00
Rishi Gupta 8fed9eeb75 confirmation: Make host a required argument in get_link_for_object.
Removes some lines of test from test_email_change.py. The relevant code path
was never utilized by the code itself, just by the tests.
2017-07-07 18:53:00 -07:00
Rishi Gupta c72a5f2efe confirmation: Call get_link_for_object with host=unused when host unused. 2017-07-07 18:53:00 -07:00
Vaida d5517bae36 Delete the old zulip.com "referrals" system.
This system hasn't been in active use for several years, and had some 
problems with it's design.  So it makes sense to just remove it to declutter
the codebase.

Fixes #5655.
2017-07-07 14:59:18 -07:00
Vishnu Ks 92e7255217 page_params: Include password min length and quality.
The change password form http://localhost:9991/#settings/your-account
don't have data-min-length and data-min-quality attributes. The
account_settings.handlebar which has the change password form is
rendered client side. So we have to pass the value of min length
and quality in page params to set the data-min-length and
data-min-quality attributes.
2017-07-07 14:48:06 -07:00
neiljp (Neil Pilgrim) f1a8148242 mypy: Set remote_username parameter to Optional[Text] based on a test. 2017-07-07 10:56:33 -07:00
Tim Abbott d6e0960ca2 push_notifications: Fix mypy annotation logic around push tokens.
I'm not 100% confident this is long-term correct, but at least it's
consistent.
2017-07-07 10:54:37 -07:00
Tim Abbott eaa33cce73 push_notifications: Validate format of APNS tokens.
This fixes a bug where we would previously not validate the format of
APNS tokens before writing them to the database, which could lead to
exceptions in the push notifications system if a buggy mobile app
submitted invalid format tokens.
2017-07-07 10:28:36 -07:00
Jack Zhang cb3e930159 integrations: Extend integrations classes with categories.
For now, all integrations are temporarily under the category
'analytics'. Real categorizations should be added prior to
deployment.
2017-07-06 13:04:43 -07:00
James Rowan 0951666cbb emails: Confirmation emails should come from the NOREPLY address.
This prevents users from accidentally sending a confirmation link
specific to their account to their Zulip administrator if they reply
to the invitation, invitation reminder, account confirmation, or new
email confirmation emails.
2017-07-05 15:18:33 -07:00
Vaida Plankyte c88530366e user_settings.py: Use the singular 'they' pronoun. 2017-07-05 09:27:44 -07:00
James Rowan d88e7308bf emails: Add a FromAddress class to control access to certain settings emails.
No change in behavior.

Also makes the first step towards converting all uses of
settings.ZULIP_ADMINISTRATOR and settings.NOREPLY_EMAIL_ADDRESS to
FromAddress.*.

Once everything is converted, it will be easier to ensure that future
development doesn't break backwards compatibility with the old style of
settings emails.
2017-07-04 14:25:01 -07:00
James Rowan 368bd66d8b emails: Refactor send_email functions to take both a sender name and address.
This will allow for customized senders for emails, e.g. 'Zulip Digest' for
digest emails and 'Zulip Missed Messages' for missed message emails.

Also:
* Converts the sender name to always be "Zulip", if the from_email used to
  be settings.NOREPLY_EMAIL_ADDRESS or settings.ZULIP_ADMINISTRATOR.

* Changes the default value of settings.NOREPLY_EMAIL_ADDRESS in the
  prod_setting_template to no longer have a display name. The only use of
  that display name was in the email pathway.
2017-07-04 14:25:01 -07:00
Franziska von der Goltz 98847937f4 realm: add mandatory topic setting on org level.
Lets organizations require users to specify a topic the discussion.

Fixes: #5164.
2017-07-04 14:09:21 -07:00
Greg Price 7b526b3946 narrow: Add comments explaining how we limit to legitimately-visible results.
Two wrinkles here:

* It's actually a little subtle why `ok_to_include_history` is
  correct; in particular, it's not true that a term `stream:foo` will
  always limit the query to the stream `foo`.  For this, add an
  explanatory comment backed up by an assert.

* The TODO comment in `messages_in_narrow_backend` about assuming this
  is a search, I'm pretty sure doesn't matter; it seems to only be
  saying that we return the set of fields we would for a search.
  They're harmless to send, and in any case it doesn't appear to be
  true anymore that the client only calls this for a search: the
  `can_apply_locally` function also causes narrows with `has:` to go
  to the server.  So just take that comment out.
2017-06-30 11:47:40 -04:00
Greg Price 7785a1046b narrow: Describe the key security invariant of NarrowBuilder.
(After writing the term "invariant" a few times in these comments and
now this commit message, my inner mathematician reminds me that this
property is properly termed a "monovariant" -- something does change,
but it changes only in one direction.  Pretty sure saying "invariant"
communicates better here, though.)
2017-06-30 11:47:40 -04:00
Rishi Gupta 577e201df0 emails: Replace DEFAULT_FROM_EMAIL with ZULIP_ADMINISTRATOR.
We're getting rid of DEFAULT_FROM_EMAIL from prod_settings_template, since
we only really need one of {DEFAULT_FROM_EMAIL, ZULIP_ADMINISTRATOR}.
2017-06-29 17:54:33 -07:00
Rishi Gupta bf996f91ba deactivated.html: Use support_email instead of custom context variable. 2017-06-29 11:20:32 -07:00
Umair Khan dc78a7888f login_or_register_remote_user: Send login emails for mobile.
Fixes #5389
2017-06-26 16:14:14 -07:00
Umair Khan 34a91be9a2 api_fetch_api_key: Send new login emails for mobile. 2017-06-26 16:14:14 -07:00
Vishnu Ks 00668c7bbd registration.py: Send pms from welcome-bot on user creation. 2017-06-25 11:23:45 -04:00
Vaida Plankyte 1fb8eb823a test_emails.py: Add referrer_realm_name to test values. 2017-06-22 14:19:33 -04:00
Sampriti Panda 5dc053d6fb bots: Add validation to add_bot_backend to prevent empty short names
Fixes #5487
2017-06-21 10:11:08 -04:00
Abhijeet Kaur 14fdc2aea6 bots: Add 'Bot type' column to bots list in organization settings. 2017-06-20 23:04:46 -04:00
Cory Lynch 00ebb4f4d4 messages.py: Ignore own email in group PMs. 2017-06-20 21:22:45 -04:00
vaibhav 33c0c00cd6 Outgoing webhook System: first Iteration of outgoing webhook UI. 2017-06-19 16:05:54 -04:00
Cory Lynch b4419528f7 Update narrow.py, messages.py to support is:unread. 2017-06-19 06:51:13 -04:00
Tim Abbott 57d26c1a66 auth: Add realm_creation parameter to RegistrationForm. 2017-06-15 11:04:25 -07:00
Harshit Bansal 0e25634934 views/alert_words.py: Use `do_add_alert_words()` in `add_alert_words()`.
Revert to the use of `do_add_alert_words()` in `add_alert_words()`
instead of `do_set_alert_words()` since it is used for serving a
PUT request. This change seems to be mistakenly done in commit
`d564a76f8e45b24cd2c66475ef7693582fb2f5fc'.
2017-06-13 16:36:11 -07:00
Umair Khan 1e9c87855c Django 1.11: is_authenticated is now a property. 2017-06-13 15:04:04 -07:00
Rishi Gupta 1f77a0cdee confirmation: Remove Confirmation.objects.send_confirmation.
I think it makes sense to wrest the email sending from confirmation, now
that we have a clean email-sending interface in send_email. A few other
reasons:
* send_confirmation is get_link_for_object followed by send_email, but those
  two functions have no arguments in common.
* Sending email through confirmation obfuscates the context dict, and is a
  relatively complicated piece of the codebase anyone trying to deal with
  the email system has to understand.
* The three emails previously being sent through confirmation don't have
  that much in common, other than that they happen to have a confirmation
  link in them.

The .split('/')[-1] in registration.py is a hack, but a hack used several
places in the codebase, so maybe one day get_link_for_object will also
return the confirmation_key.
2017-06-12 23:02:28 -07:00
Rishi Gupta e4d3ce953b registration.py: Refactor send_registration_completion_email.
We're about to make a change where we no longer deal with confirmation
objects in these email pathways.

The "if settings.DEVELOPMENT and realm_creation" is a bit of a hack, but no
worse a hack as was there before, I think. I think it's also less confusing
if the method signature matches what happens in production.
2017-06-12 23:02:28 -07:00
Rishi Gupta 9a02739008 emails: Remove invitation_mit. 2017-06-12 23:02:28 -07:00
Rishi Gupta 3332ebaf22 emails: Remove confirmation_registration_mit.
Not enough new Zephyr signups to justify the carrying cost :(.
2017-06-12 23:02:28 -07:00
Rishi Gupta 1d702d13a4 emails: Replace context variable zulip_support with support_email. 2017-06-10 01:35:03 -07:00
Rishi Gupta 15b967fc3e emails: Move support_email into a common context. 2017-06-10 01:25:44 -07:00
Rishi Gupta 056489c247 emails: Move verbose_support_offers into a common context.
Server settings should just be added to the context in build_email, so that
the individual email pathways (and later, the email testing framework)
doesn't have to worry about it.
2017-06-10 01:16:03 -07:00
Vaida Plankyte 114b080d01 emails: Add base template for html emails. 2017-06-09 23:34:24 -07:00
Rishi Gupta 2f1d678133 test_emails: Impose a specific order on the templates. 2017-06-09 23:34:24 -07:00
Rishi Gupta 69e7029663 test_emails: Use zerver.lib.send_email for rendering email.
Previously the rendering code in test_emails.py did not match the rendering
code in send_email.py. This commit removes the duplication to reduce the
chance they drift in the future.

This commit also changes test_emails.html to ensure that we always display
both the HTML and text versions of an email.
2017-06-09 23:34:24 -07:00
Rishi Gupta 7fae8fb53d test_emails: Make fixture values more helpful for visual review.
Also fixes the fact that we were pulling assets from chat.zulip.org.
2017-06-09 23:34:24 -07:00
Tim Abbott 14ff26bd67 test_emails: Don't require test coverage for failed template rendering. 2017-06-09 16:28:01 -07:00
Cory Lynch 6219128d87 dev: Add /emails/ URL for testing email templates.
Fixes #5270.
2017-06-09 16:21:49 -07:00
Akhil 4986027126 org-settings: Add backend for notifications stream.
Realm.notifications_stream is not a boolean, Text or integer field, and
thus doesn't fit into the do_set_realm_property framework. Added function
to update it in actions.py. Altered the view, realm.py, to accept
stream-id. Also, notifications stream can be disabled by sending a
negative id.
2017-06-09 16:03:52 -07:00
Abhijeet Kaur 60ff82ed7c bots: Add UI for creating different types of bot.
Add 'Type of bot' option for bots by adding dropdown option in
settings->"Your bots".  For now, this allows creating incoming webhook
bots in addition to default bots.

This will enable users to add a bot as an incoming webhook
(in addition to add full-featured bots).

With various minor tweaks and cleanups by tabbott.

Fixes #2186.
2017-06-06 21:11:22 -07:00
Greg Price 04b363f3a2 apps: Redirect /apps -> zulipchat.com/apps, except on upstream itself.
This page describes software the user will get from upstream for
their own devices, independent of what's on the server they're
using.  So it should live in a place maintained together with
that other software, rather than be distributed and versioned
with the server.

The use of ZILENCER_ENABLED to tell the difference is rather a hack
but is currently how we do this in the small handful of similar
spots; see #5245.

Fixes #5234.
2017-06-06 11:21:20 -07:00
Tim Abbott 1f48fa2767 invite: Fix invite_by_admins_only to be enforced in backend.
This is CVE-2017-0896.

Apparently, this setting never actually was wired up to anything other
than hiding the UI widget.

Huge thanks to Ibram Marzouk from the HackerOne community for finding
this security bug.
2017-06-01 17:24:29 -07:00
K.Kanakhin 2434f2d96c messages: Add support for admins deleting messages.
This makes it possible for Zulip administrators to delete messages.
This is primarily intended for use in deleting early test messages,
but it can solve other problems as well.

Later we'll want to play with the permissions model for this, but for
now, the goal is just to integrate the feature.

Note that it saves the deleted messages for some time using the same
approach as Zulip's message retention policy feature.

Fixes #135.
2017-05-29 21:59:38 -07:00
Harshit Bansal 298e23b447 realm_emoji.py: Allow an user to delete an emoji uploaded by them.
If a realm is configured to allow any user to upload an emoji,
then, an emoji author must be allowed to delete an emoji uploaded
by them.
2017-05-29 20:21:25 -07:00
Maxim Averin 685fb16c39 Switch change_full_name to use RealmAuditLog.
This requires adding an `acting_user` parameter to the
`do_change_bot_owner` function.
2017-05-29 15:22:08 -07:00
Reid Barton ccb4c5c26f bots: Move zephyr-related files to api/integrations/zephyr/. 2017-05-26 15:07:02 -07:00
Ethan d4d689532d mypy: serve_local return type to FileResponse. 2017-05-25 15:41:52 -07:00
umkay 9ab0a8be6a mypy: Fix strict optional in zerver/views. 2017-05-25 09:30:41 -07:00
umkay ccc70445d6 mypy: Fix strict-optional errors for test files.
Fix mypy --strict-optional errors in zerver/tests
2017-05-24 12:43:28 -07:00
Yago González c0f2036435 api: Handle unregistered users in dev_fetch_api_key.
Fixes #4851.
2017-05-24 09:39:44 -07:00
Tim Abbott 109c5c677a mypy: Fix return value annotation for google_oauth2_csrf. 2017-05-23 17:47:03 -07:00
Tim Abbott 796cf8e5fd mypy: Fix a buggy annotation in create_mirrored_message_users. 2017-05-23 15:45:56 -07:00
Vishnu Ks 789ef217a8 send_email.py: Remove unused get_user_profile_by_email import. 2017-05-23 15:27:21 -07:00
Yago González 83f3959906 api: Remove unnecessary period for consistency. 2017-05-23 15:01:26 -07:00
Matt Long 19363b2b77 notification_settings: Refactor notification preference settings.
Previously, all notification preference setting had a dedicated test
and setter. Now, all are handled through a modular function using the
property_types framework.
2017-05-23 14:47:46 -07:00
Konstantin Gukov c40759562c streams: Refactor get_user_profile_by_email to get_user. 2017-05-23 10:32:53 -07:00
Konstantin Gukov dd76222a3f Fetch system bots using new get_system_bot function.
This eliminate a bunch of uninteresting calls to
get_user_profile_by_email.
2017-05-23 10:30:40 -07:00
JoshuaGoldin 0b88957d12 views: Use property_types for display settings.
This reduces semi-duplicated code here.
2017-05-22 18:11:08 -07:00
Tim Abbott accc7406da views/presence: Refactor get_user_profile_by_email -> get_user. 2017-05-22 16:43:08 -07:00
Lech Kaiel 7995dd2de6 views/users: Refactor get_user_profile_by_email to get_user. 2017-05-22 16:42:16 -07:00
Tim Abbott 040067b2a2 invite: Remove obsolete bulk_invite_users endpoint. 2017-05-17 17:30:15 -07:00
Aditya Bansal 092d670e85 pep8: Add compliance with rule E261 to zerver/views/user_settings.py. 2017-05-18 03:00:32 +05:30
Aditya Bansal cc2b334020 pep8: Add compliance with rule E261 to zerver/views/streams.py. 2017-05-18 03:00:32 +05:30
Aditya Bansal 11aeeec2ab pep8: Add compliance with rule E261 to zerver/views/registration.py. 2017-05-18 03:00:32 +05:30
Aditya Bansal 5cdfd899dc pep8: Add compliance with rule E261 to zerver/views/realm.py. 2017-05-18 03:00:32 +05:30
Aditya Bansal db3c05002a pep8: Add compliance with rule E261 to zerver/views/presence.py. 2017-05-18 03:00:32 +05:30
Aditya Bansal 634c08c3dd pep8: Add compliance with rule E261 to zerver/views/messages.py. 2017-05-18 03:00:32 +05:30
Aditya Bansal 35e3d57ed9 pep8: Add compliance with rule E261 to zerver/views/invite.py. 2017-05-18 03:00:32 +05:30
Aditya Bansal 1979476152 pep8: Add compliance with rule E261 to zerver/views/integrations.py. 2017-05-18 03:00:32 +05:30
Aditya Bansal fe3b42c8f8 pep8: Add compliance with rule E261 to zerver/views/home.py. 2017-05-18 03:00:32 +05:30
Aditya Bansal c504b013b1 pep8: Add compliance with rule E261 to views/auth.py. 2017-05-18 03:00:32 +05:30
Tim Abbott 850519b314 api: Move cross_realm_bots into the register_ret response.
This is probably not the right long-term solution to the cross-realm
bots problem (that solution is probably to eliminate cross-realm bots
and replace them with per-realm bots).  But in the short term, this
will at least make it possible for mobile apps to interact with these
cross-realm bots using the `realm_user` data set.
2017-05-16 20:23:13 -07:00
Tim Abbott cab908b664 api: Move notifications_stream into the register_ret API.
While we're at it, we at least fix the API to use a stream ID, not a
stream name, to refer to the notifications stream.
2017-05-16 18:57:14 -07:00
Steve Howell e6cc0ffcdd Eliminate PMs to non-subscribers when creating streams.
This should make stream creation relatively fast again, since we
will no longer send O(N) PMs out to tell folks the stream was
created.
2017-05-16 10:43:27 -07:00
Steve Howell c8dd056ac5 Extract you_were_just_subscribed_message(). 2017-05-16 09:01:00 -07:00
Steve Howell bbd8c1c49b Do not send PMs to subscribers when creating streams.
When we create a stream, we usually send a welcome message on the
stream itself as well as an announcement on the announcement stream,
but we no longer PM the individual users.  Hopefully this will be
more pleasant for users (less spammy), and it also will make creating a
stream a lot faster.

We still send notifications when we add subscribers to an existing
stream.
2017-05-16 08:58:17 -07:00
Steve Howell e2732dabf3 Send welcome messages as part of /create_realm flow.
We now pre-populate the streams in DEFAULT_NEW_REALM_STREAMS
(social/general/zulip, unless somebody changes settings.py) with
welcome messages.  This makes the streams appear to be active
right away, and it also gives the Zulip realm less of a
blank-slate feeling when you create it.

This change only affects the normal web-based create-realm flow.
It doesn't impact the management commands for creating realms
or setting default streams.
2017-05-15 20:38:08 -07:00
Tim Abbott 97abaae9af home: Remove now-unnecessary page_params_core_fields duplication.
Also, we update the documentation to make the overall system a bit
clearer.

Fixes #4628.
2017-05-13 22:58:18 -07:00
Tim Abbott 223624be25 settings: Add support for longer, markdown-powered realm descriptions.
This makes it possible to create much prettier login pages.

Further work on styling may be necessary.
2017-05-11 13:59:46 -07:00
Umair Khan dc2a9a4c5b github: Add sign up button on registration page. 2017-05-10 17:49:08 -07:00
Umair Khan d56db0a3b4 auth.py: Add confirmation handlers for signup.
These handlers will kick into action when is_signup is False. In case
the account exists, the user will be logged in, otherwise, user will
be asked if they want to proceed to registration.
2017-05-10 17:20:34 -07:00
Umair Khan 11426a2cec log_into_subdomain: User should be None in signup. 2017-05-10 17:20:34 -07:00
Tim Abbott 5019b53492 auth: Pass is_signup option around. 2017-05-10 17:20:34 -07:00
Tim Abbott ce3974b40e auth: add is_signup option to login_or_register_remote_user. 2017-05-10 17:20:34 -07:00
Tim Abbott e8eaec0a18 mypy: Fix various errors caught by removing cache_with_key. 2017-05-10 14:37:20 -07:00
Tim Abbott 2d97db3518 streams: Add endpoint for modifying properties of a single stream.
This is likely to be the more common endpoint for API clients like the
mobile apps to interact with when modifying streams.
2017-05-09 13:42:34 -07:00
kunall17 e087bc24f8 streams: Migrate stream property changes to new REST endpoint.
This is one of the last major endpoints that were still done in the
pre-REST style.

While we're at it, we change the endpoint to expect a stream ID, not a
stream name.
2017-05-09 13:39:23 -07:00
Rishi Gupta 925ee8c0f1 Add a send_email function that takes a template_prefix and context.
This commit replaces all uses of django.core.mail.send_mail with send_email,
other than in the password reset flow, since that code looks like it is just
a patch to Django's password reset code.

The send_email function is in a new file, since putting it in
zerver.lib.notifications would create an import loop with confirmation.models.

send_future_email will soon be moved into email.py as well.
2017-05-05 14:20:32 -07:00
Tim Abbott f4a1cea488 auth: Refactor conditionals in login_or_register_remote_user. 2017-05-05 10:19:02 -07:00
hackerkid 83eb161249 Set user timezone automatically during signup. 2017-05-04 16:36:51 -07:00
Tim Abbott 33ecfd7da4 auth: Remove require_GET for api_get_auth_backends.
Unfortunately, the Android app incorrectly uses POST with this
endpoint, so the recent change to add this needs to be reverted.
2017-05-04 14:39:02 -07:00
Rishi Gupta 21a6377204 email: Move and rename find_team_email templates. 2017-05-03 23:26:14 -07:00
Rishi Gupta 975d5bd8c0 email: Move and rename notify_change_in_email templates. 2017-05-03 20:54:40 -07:00
Rishi Gupta ed0c310aa3 email: Move and rename preregistrationuser_confirmation_email templates. 2017-05-03 20:54:40 -07:00
Rishi Gupta aa21012783 email: Move and rename mituser_confirmation_email templates. 2017-05-03 20:54:40 -07:00
Rishi Gupta 0a32d9efa3 email: Fix filenames of notify_change_in_email templates. 2017-05-03 20:54:40 -07:00
Rishi Gupta 326f9a8506 email: Fix zephyr mirror registration email not working with subdomains.
If a user is trying to register for a mit zephyr mirroring realm, we send
them a specific registration email with a link to a few more instructions.

There is only one server that we know about that has such a realm, and that
server uses subdomains. This commit changes the logic to work in the
subdomains case, rather than in the non-subdomains case (though see next
para).

Note that the current check is deceptive, and is not actually correct in the
non-subdomains case. The prereg user has a realm only in the atypical case
of someone registering via the special URL for completely-open realms.

To do this correctly in the non-subdomains case, we would need to copy a
bunch of the logic from the beginning of accounts_register to figure out
which realm the user is signing up for, so that we can check if that realm
is a zephyr mirroring realm. Given how complicated the registration code is
already, I think it is probably not worth it at the moment. This commit also
removes the partial (deceptive) check, since I think it does more harm than
good.
2017-05-03 20:52:24 -07:00
Rishi Gupta 6fd3426e92 confirmation: Replace *_template_path arguments with template_prefix.
Relies on the fact that all the email template names now follow the same
pattern.

Note that there was some template_prefix-like computation being done in
send_confirmation (conditioned on obj.realm.is_zephyr_mirror_realm); that
computation is now being done in the callers.
2017-05-03 20:44:57 -07:00
Rishi Gupta 4f20fdc572 user_settings: Update change-email confirmation message. 2017-05-03 19:34:58 -07:00
Tim Abbott 51260b7536 auth: Add new route to get server settings.
Specifically, this makes easily available to the desktop and mobile
apps data on the server's configuration, including important details
like the realm icon, name, and description.

It deprecates /api/v1/get_auth_backends.
2017-05-03 16:40:14 -07:00
Tim Abbott 5d5a314051 auth: Refactor api_get_auth_backends. 2017-05-03 16:40:07 -07:00
sinwar 5c3cb79747 streams: Ban null character from stream name.
This is a better solution to the problem of how _pg_re_escape should
handle the null character.  There's really no good reason to have a
null character in a stream name.
2017-05-01 23:43:01 -07:00
Steve Howell 711a50f1e8 Add internal_prep_private_message().
The new function takes a full UserProfile object for the sender,
which allows us to avoid O(N) calls when creating the stream to
find the user profile of the notification bot.  (The calls were
already cached, so this won't necessarily be a huge performance
win.)

We also don't have to worry about sending a blank subject any more.
2017-05-01 16:23:38 -07:00
Steve Howell 0f4de8e37d Add internal_prep_stream_message().
The new, more direct interface for prepping internal stream
messages circumvents the bug-prone extract_recipients() method,
which has the pitfall that it will try to parse a stream name
as JSON.  It also takes a UserProfile object for the sender, so
it's a bit more type-safe.
2017-05-01 16:23:38 -07:00
Steve Howell e3edc4d829 Send welcome messages for new streams. 2017-05-01 16:23:38 -07:00
K.Kanakhin f13d6a18eb realm-emoji: Add realm emoji uploading instead url providing.
- Add file_name field to `RealmEmoji` model and migration.
- Add emoji upload supporting to Upload backends.
- Add uploaded file processing to emoji views.
- Use emoji source url as based for display url.
- Change emoji form for image uploading.
- Fix back-end tests.
- Fix front-end tests.
- Add tests for emoji uploading.

Fixes #1134
2017-05-01 14:50:20 -07:00
fionabunny 78f2df5649 home.py: move initial_pointer as pointer to register_ret.
This is the last of the fields in page_params that could come from
register_ret but wasn't doing so.
2017-04-28 23:39:14 -07:00
fionabunny d3e7e6542a home.py: move user_profile full_name to register_ret.
Move the user_profile data section down into fetch_initial_state_data
so it entirely pulls from register_ret for #3853.
2017-04-28 23:31:28 -07:00
fionabunny d5421f25e1 home.py: move user_profile email to register_ret.
Move the user_profile data section down into fetch_initial_state_data so
it entirely pulls from register_ret for #3853
2017-04-28 23:27:34 -07:00
fionabunny 9daf9faa5c home.py: move enter_sends to register_ret.
Move the user_profile data section down into fetch_initial_state_data so
it entirely pulls from register_ret for #3853
2017-04-28 23:26:28 -07:00
fionabunny 6f770c2465 home.py: move user_id to register_ret.
Move the user_profile data section down into fetch_initial_state_data so
it entirely pulls from register_ret for #3853
2017-04-28 23:26:28 -07:00
fionabunny 6159b8e21a home.py: move is_admin to register_ret.
Move the user_profile data section down into fetch_initial_state_data so
it entirely pulls from register_ret for #3853
2017-04-28 23:26:27 -07:00
fionabunny d92da7d193 home.py: move can_create_streams to register_ret.
Move the user_profile data section down into fetch_initial_state_data
so it entirely pulls from register_ret for #3853.

This field requires some changes to the events race handling.
2017-04-28 23:23:21 -07:00
fionabunny 379a8afaae home.py: move autoscroll_forever to register_ret.
Move the user_profile data section down into fetch_initial_state_data so
it entirely pulls from register_ret for #3853
2017-04-28 23:16:32 -07:00
fionabunny 22be291d96 home.py: move default_desktop_notifications to register_ret.
Move the user_profile data section down into fetch_initial_state_data so
it entirely pulls from register_ret for #3853
2017-04-28 23:16:32 -07:00
Tim Abbott df8f4a837c home: Get page_params.enable_desktop_notifications from register_ret. 2017-04-28 23:15:35 -07:00