Tim Abbott
2609274719
streams: Don't allow adding deactivated users to streams.
...
This query was incorreclty not checking whether a user was deactivated
before managing their subscriptions.
This isn't an important bug, but should prevent some weird corner
cases (like trying to send a notification PM to a deactivated user,
which fails).
2018-05-20 19:17:15 -07:00
Tim Abbott
cedad52c59
presence: Extract and use get_active_user helper.
...
This adds a new reusable function for fetching just active users.
2018-05-20 19:07:29 -07:00
Tim Abbott
451b12d0b2
test_home: Fix broken narrow parsing exception test.
2018-05-20 19:06:14 -07:00
Tim Abbott
44b3aeb08d
home: Improve logging for narrow parsing exceptions.
...
This now includes the request and (and thus the related metadata).
2018-05-20 18:47:43 -07:00
Tim Abbott
9360af37d4
typing: Remove unnecessary conditional for recipient types.
...
It wasn't actually possible for `recipient_for_emails` to return a
STREAM regardless, and this makes things read a little clearer.
2018-05-20 18:35:48 -07:00
Tim Abbott
ecdc7fb296
typing: Fix unnecessary else clause for recipient validation.
...
The other cases all return anyway.
2018-05-20 18:27:25 -07:00
Tim Abbott
06ed55e45a
webpack: Add ALLOWED_HOSTS list for zulipdev.com and friends.
...
This makes it possible to again use the *.zulipdev.com domains in the
development environment.
Ideally, we'd also read REALM_HOSTS to make this more flexible.
2018-05-20 18:12:28 -07:00
Tim Abbott
ae0a929988
tornado: Ensure that tornado doesn't autoreload into syntax errors.
...
We've for a long time been plagued by run-dev.py needing to be
restarted every time one does a rebase that has merge conflicts,
because the Tornado process restarts itself into a syntax error and
crashes.
This fixes the Tornado autoreload process to check explicitly for
whether files actually syntax-check before trying to actually reload
the Tornado process to run that code.
There are a few things that are a bit janky:
* Ideally, this would go into Tornado upstream
* We removed the `_watched_files` feature, which we weren't using.
* Ideally, we'd use something other than `importlib.reload` that just
does the syntax-check without adjusting the state within our current
process.
Fixes #4351 .
2018-05-20 16:50:10 -07:00
Tim Abbott
4f4d56b021
tornado: Import autoreload module from upstream Tornado.
...
This allows to patch things directly.
2018-05-20 16:49:17 -07:00
Vishnu Ks
61e124a2ab
models: Create get_source_profile function.
...
This will be used in our upcoming feature to import settings from
other Zulip realms.
2018-05-20 15:30:30 -07:00
Vishnu Ks
74e823f5fa
models: Add function for getting membership realms.
2018-05-20 15:17:19 -07:00
Max Nussenbaum
0ff2051982
portico: Add tour section to homepage.
...
This adds a tour of Zulip to the bottom of the homepage.
In order to get the carousel nave, we use Bootstrap 2 from a CDN on
this page; this isn't ideal in the medium term, but upgrading
Bootstrap across the project is too much work for now.
2018-05-20 15:04:23 -07:00
Joshua Pan
a62e10d9c2
slash-commands: Suppress local echo for slash commands.
2018-05-20 14:42:09 -07:00
Joshua Pan
afe09071b9
slash-commands: Implement /day and /night.
2018-05-20 14:42:09 -07:00
Joshua Pan
bdba539480
Rename get_fixed_content_for_widget to do_widget_pre_save_actions.
2018-05-20 14:42:09 -07:00
Tim Abbott
f8fcbbb672
docs: Update security model docs for new stream history feature.
2018-05-20 14:38:51 -07:00
Tim Abbott
4f8e09d5af
provision: Fix buggy management of apt_dependencies_hash.
...
Apparently, we were incorrectly appending each new hash onto the end
of the file, basically resulting in every run of provision being
treated as a miss for this cache.
Fixing this saves about 4s (over 1/3) of the no-op provision time.
2018-05-20 14:22:32 -07:00
Tim Abbott
235002a549
provision: Don't install lsb-release if already installed.
...
This early bootstrapping step should be rearely required, and it saves
about 0.5s in our no-op provision time.
2018-05-20 14:22:32 -07:00
Tim Abbott
9be3c704f1
register_server: Fix recommendation to run with python 2.
...
Since `python` is usually Python 2, this recommendation failed on most
systems.
2018-05-20 13:16:33 -07:00
Tim Abbott
12dcabcdbd
docker: Remove need for static_asset_compiler.
...
Now that the way we're installing from Git involving building a
release tarball with a 2-stage build, we no longer need to do this.
2018-05-20 13:15:21 -07:00
Priyank Patel
d140838831
provision: Bump provision version after dependencies upgrade.
2018-05-20 11:18:59 -07:00
Priyank Patel
ac7e6b19bd
xmlhttprequest: Upgrade xmlhttprequest to v1.8.0.
2018-05-20 11:11:03 -07:00
Priyank Patel
62a90661ad
underscore: Upgrade underscore to v1.9.0.
2018-05-20 11:11:03 -07:00
Priyank Patel
4605579335
typescript: Upgrade typescript to v2.8.3.
2018-05-20 11:11:03 -07:00
Priyank Patel
38d6654265
tslint: Upgrade tslint to v5.10.0.
2018-05-20 11:11:03 -07:00
Priyank Patel
a60099a6d5
ts-loader: Upgrade ts-loader to v4.3.0.
2018-05-20 11:11:03 -07:00
Priyank Patel
0c87ce5b1c
svgo: Upgrade svgo to v1.0.5.
...
It also updated all the svg to be optmized per new version.
This new version, since the last version contains bug fixes and improvement.
Refs: https://github.com/svg/svgo/releases
2018-05-20 11:11:03 -07:00
Priyank Patel
0d697cd569
String.codePointAt: Upgrade String.codePointAt polyfill to v0.2.1.
2018-05-20 11:11:03 -07:00
Priyank Patel
4091815721
moment-timezone: Upgrade moment-timezone to v0.5.17.
...
Refs: https://github.com/moment/moment-timezone/blob/master/changelog.md
2018-05-20 11:11:03 -07:00
Priyank Patel
506b23237a
jquery-validation: Upgrade jquery-validation to v1.17.0
...
Refs: https://github.com/jquery-validation/jquery-validation/releases/tag/1.17.0
2018-05-20 11:11:03 -07:00
Priyank Patel
11d819ee3d
clipboard: Upgrade clipboard to v2.0.1.
2018-05-20 11:11:03 -07:00
Priyank Patel
9c4a189781
moment: Upgrade moment to v2.22.1.
...
This version since the last version contains bug fixes and locale improvements.
Ref: https://github.com/moment/moment/blob/develop/CHANGELOG.md#2221-see-full-changelog
2018-05-20 11:11:03 -07:00
Priyank Patel
778742a189
jsdom: Upgrade jsdom to v11.10.0.
...
This also updates node_tests to use new constructor which is uppercase,
and some properties that are changed to be more clear now, like
jsdom().defaultView which is meant to the window object is now called window.
Ref: https://github.com/jsdom/jsdom/blob/master/Changelog.md
2018-05-20 11:11:03 -07:00
Priyank Patel
00151f988a
handlebars: Upgrade handlebars to v4.0.11.
...
This version only contains bugfixes. No breaking changes have been introduced.
Ref: https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v4011---october-17th-2017
2018-05-20 11:11:03 -07:00
Priyank Patel
7b40f8d50d
flatpickr: Upgrade flatpickr to v4.5.0.
...
This new version is a lot ahead that what we now have currently.
Reading through the changelog there does not seem to any breaking
changes, just that this package have been updated a lot.
Ref: https://github.com/flatpickr/flatpickr/releases
2018-05-20 11:11:03 -07:00
Priyank Patel
f02c2349b8
@types/webpack: Upgrade @types/webpack to v4.4.0.
...
This updates the webpack typescript type defenations to latest so we
can find bugs with webpack configurations.
2018-05-20 11:11:03 -07:00
Priyank Patel
bcfc34c996
webpack-cli: Upgrade webpack-cli to v2.1.3.
...
This version just contains bugs fixes and regressions covered.
Ref: https://github.com/webpack/webpack-cli/releases/tag/2.1.3
2018-05-20 11:11:03 -07:00
Priyank Patel
50b663906a
nyc: Upgrade nyc to v11.8.0.
...
This fixes a one vulnerability with this package's dependency.
randomatic - Cryptographically Weak PRNG
Ref: https://nodesecurity.io/advisories/157
2018-05-20 11:11:03 -07:00
Priyank Patel
19ba08e055
webpack-dev-server: Upgrade webpack-dev-server to v3.1.4.
2018-05-20 11:11:03 -07:00
Priyank Patel
74b0a73260
phantomjs-prebuilt: Upgrade phantomjs-prebuilt to 2.1.16.
...
This solves 8 vulnerabilities, in its dependencies.
conacat-stream - Memory Exposure
Ref: https://nodesecurity.io/advisories/597
hoek - Prototype Pollution
Ref: https://nodesecurity.io/advisories/566
tunnel-agent - Memory Exposure
Ref: https://nodesecurity.io/advisories/598
debug - Regular Expression Denial of Service
Ref: https://nodesecurity.io/advisories/534
stringstream - Out-of-bounds Read
Ref: https://nodesecurity.io/advisories/664
2018-05-20 11:11:03 -07:00
Priyank Patel
b9d49c846e
webpack: Upgrade webpack to v4.8.3.
2018-05-20 11:11:03 -07:00
Priyank Patel
6f4fc628e6
node-sass: Upgrade node-sass to v4.9.0.
...
This resolves 12 vulnerabilities.
Following were the issue with the dependencies of node-sass.
hoek - Prototype Pollution
Ref: https://nodesecurity.io/advisories/566
tunnle-agent - Memory Exposure issue
Ref: https://nodesecurity.io/advisories/598
stringstream - Out-of-bounds read
Ref: https://nodesecurity.io/advisories/664
2018-05-20 11:11:03 -07:00
Priyank Patel
b376629974
ploty.js: Upgrade ploty.js to v1.37.1.
...
This solves 14 security venrubilities in the ploty.js's dependencies.
This was found by using the `npm audit` tool which can analyse dependencies
of dependencies issues.
static-eval - Sandbox Breakout / Arbitrary Code Execution
Ref: https://nodesecurity.io/advisories/548
hoek - Prototype pollution
Ref: https://nodesecurity.io/advisories/566
stringstream - Memory Exposure issue
Ref: https://nodesecurity.io/advisories/664
2018-05-20 11:11:03 -07:00
Nikhil Kumar Mishra
fa9d79e203
stats: Add 1 day actives and total users to number of users chart.
2018-05-20 10:56:16 -07:00
Rishi Gupta
5ddc6c21e9
stats: Clean up line spacing in populate_number_of_users in stats.js.
...
We use this compressed form in our other layout definitions. Makes it easier
to visually digest.
2018-05-20 10:56:16 -07:00
Rishi Gupta
66a589c7a7
stats: Extend get_chart_data to support charts with multiple CountStats.
2018-05-20 10:56:16 -07:00
Rishi Gupta
08bf0a66b8
stats: Refactor the get_time_series_by_subgroup calls in get_chart_data.
...
This code is going to end up pretty complex -- each stat has multiple levels
of aggregation (UserCount, RealmCount, InstallationCount), and refinement
(subgroups), and soon we'll have charts that take data from multiple stats
as input.
Not sure what the best way to present it is, but hopefully this simplifies
it a bit.
2018-05-20 10:56:16 -07:00
Nikhil Kumar Mishra
26decb4c48
stats: Add 1day_actives::day CountStat to analytics tables.
2018-05-20 10:56:16 -07:00
Eeshan Garg
3dcde1c139
webhooks/mention: Update docs to conform to style guide.
...
This one took quite a while too. The interaction between Mention
and Zapier is kinda weird and the Zapier instructions are pretty
complicated.
2018-05-20 10:54:13 -07:00
Eeshan Garg
2f93c16df2
webhooks/slack: Update docs to conform to style guide.
2018-05-20 10:54:13 -07:00