Commit Graph

26520 Commits

Author SHA1 Message Date
Tim Abbott 2609274719 streams: Don't allow adding deactivated users to streams.
This query was incorreclty not checking whether a user was deactivated
before managing their subscriptions.

This isn't an important bug, but should prevent some weird corner
cases (like trying to send a notification PM to a deactivated user,
which fails).
2018-05-20 19:17:15 -07:00
Tim Abbott cedad52c59 presence: Extract and use get_active_user helper.
This adds a new reusable function for fetching just active users.
2018-05-20 19:07:29 -07:00
Tim Abbott 451b12d0b2 test_home: Fix broken narrow parsing exception test. 2018-05-20 19:06:14 -07:00
Tim Abbott 44b3aeb08d home: Improve logging for narrow parsing exceptions.
This now includes the request and (and thus the related metadata).
2018-05-20 18:47:43 -07:00
Tim Abbott 9360af37d4 typing: Remove unnecessary conditional for recipient types.
It wasn't actually possible for `recipient_for_emails` to return a
STREAM regardless, and this makes things read a little clearer.
2018-05-20 18:35:48 -07:00
Tim Abbott ecdc7fb296 typing: Fix unnecessary else clause for recipient validation.
The other cases all return anyway.
2018-05-20 18:27:25 -07:00
Tim Abbott 06ed55e45a webpack: Add ALLOWED_HOSTS list for zulipdev.com and friends.
This makes it possible to again use the *.zulipdev.com domains in the
development environment.

Ideally, we'd also read REALM_HOSTS to make this more flexible.
2018-05-20 18:12:28 -07:00
Tim Abbott ae0a929988 tornado: Ensure that tornado doesn't autoreload into syntax errors.
We've for a long time been plagued by run-dev.py needing to be
restarted every time one does a rebase that has merge conflicts,
because the Tornado process restarts itself into a syntax error and
crashes.

This fixes the Tornado autoreload process to check explicitly for
whether files actually syntax-check before trying to actually reload
the Tornado process to run that code.

There are a few things that are a bit janky:
* Ideally, this would go into Tornado upstream
* We removed the `_watched_files` feature, which we weren't using.
* Ideally, we'd use something other than `importlib.reload` that just
  does the syntax-check without adjusting the state within our current
  process.

Fixes #4351.
2018-05-20 16:50:10 -07:00
Tim Abbott 4f4d56b021 tornado: Import autoreload module from upstream Tornado.
This allows to patch things directly.
2018-05-20 16:49:17 -07:00
Vishnu Ks 61e124a2ab models: Create get_source_profile function.
This will be used in our upcoming feature to import settings from
other Zulip realms.
2018-05-20 15:30:30 -07:00
Vishnu Ks 74e823f5fa models: Add function for getting membership realms. 2018-05-20 15:17:19 -07:00
Max Nussenbaum 0ff2051982 portico: Add tour section to homepage.
This adds a tour of Zulip to the bottom of the homepage.

In order to get the carousel nave, we use Bootstrap 2 from a CDN on
this page; this isn't ideal in the medium term, but upgrading
Bootstrap across the project is too much work for now.
2018-05-20 15:04:23 -07:00
Joshua Pan a62e10d9c2 slash-commands: Suppress local echo for slash commands. 2018-05-20 14:42:09 -07:00
Joshua Pan afe09071b9 slash-commands: Implement /day and /night. 2018-05-20 14:42:09 -07:00
Joshua Pan bdba539480 Rename get_fixed_content_for_widget to do_widget_pre_save_actions. 2018-05-20 14:42:09 -07:00
Tim Abbott f8fcbbb672 docs: Update security model docs for new stream history feature. 2018-05-20 14:38:51 -07:00
Tim Abbott 4f8e09d5af provision: Fix buggy management of apt_dependencies_hash.
Apparently, we were incorrectly appending each new hash onto the end
of the file, basically resulting in every run of provision being
treated as a miss for this cache.

Fixing this saves about 4s (over 1/3) of the no-op provision time.
2018-05-20 14:22:32 -07:00
Tim Abbott 235002a549 provision: Don't install lsb-release if already installed.
This early bootstrapping step should be rearely required, and it saves
about 0.5s in our no-op provision time.
2018-05-20 14:22:32 -07:00
Tim Abbott 9be3c704f1 register_server: Fix recommendation to run with python 2.
Since `python` is usually Python 2, this recommendation failed on most
systems.
2018-05-20 13:16:33 -07:00
Tim Abbott 12dcabcdbd docker: Remove need for static_asset_compiler.
Now that the way we're installing from Git involving building a
release tarball with a 2-stage build, we no longer need to do this.
2018-05-20 13:15:21 -07:00
Priyank Patel d140838831 provision: Bump provision version after dependencies upgrade. 2018-05-20 11:18:59 -07:00
Priyank Patel ac7e6b19bd xmlhttprequest: Upgrade xmlhttprequest to v1.8.0. 2018-05-20 11:11:03 -07:00
Priyank Patel 62a90661ad underscore: Upgrade underscore to v1.9.0. 2018-05-20 11:11:03 -07:00
Priyank Patel 4605579335 typescript: Upgrade typescript to v2.8.3. 2018-05-20 11:11:03 -07:00
Priyank Patel 38d6654265 tslint: Upgrade tslint to v5.10.0. 2018-05-20 11:11:03 -07:00
Priyank Patel a60099a6d5 ts-loader: Upgrade ts-loader to v4.3.0. 2018-05-20 11:11:03 -07:00
Priyank Patel 0c87ce5b1c svgo: Upgrade svgo to v1.0.5.
It also updated all the svg to be optmized per new version.
This new version, since the last version contains bug fixes and improvement.
Refs: https://github.com/svg/svgo/releases
2018-05-20 11:11:03 -07:00
Priyank Patel 0d697cd569 String.codePointAt: Upgrade String.codePointAt polyfill to v0.2.1. 2018-05-20 11:11:03 -07:00
Priyank Patel 4091815721 moment-timezone: Upgrade moment-timezone to v0.5.17.
Refs: https://github.com/moment/moment-timezone/blob/master/changelog.md
2018-05-20 11:11:03 -07:00
Priyank Patel 506b23237a jquery-validation: Upgrade jquery-validation to v1.17.0
Refs: https://github.com/jquery-validation/jquery-validation/releases/tag/1.17.0
2018-05-20 11:11:03 -07:00
Priyank Patel 11d819ee3d clipboard: Upgrade clipboard to v2.0.1. 2018-05-20 11:11:03 -07:00
Priyank Patel 9c4a189781 moment: Upgrade moment to v2.22.1.
This version since the last version contains bug fixes and locale improvements.
Ref: https://github.com/moment/moment/blob/develop/CHANGELOG.md#2221-see-full-changelog
2018-05-20 11:11:03 -07:00
Priyank Patel 778742a189 jsdom: Upgrade jsdom to v11.10.0.
This also updates node_tests to use new constructor which is uppercase,
and some properties that are changed to be more clear now, like
jsdom().defaultView which is meant to the window object is now called window.

Ref: https://github.com/jsdom/jsdom/blob/master/Changelog.md
2018-05-20 11:11:03 -07:00
Priyank Patel 00151f988a handlebars: Upgrade handlebars to v4.0.11.
This version only contains bugfixes. No breaking changes have been introduced.
Ref: https://github.com/wycats/handlebars.js/blob/master/release-notes.md#v4011---october-17th-2017
2018-05-20 11:11:03 -07:00
Priyank Patel 7b40f8d50d flatpickr: Upgrade flatpickr to v4.5.0.
This new version is a lot ahead that what we now have currently.
Reading through the changelog there does not seem to any breaking
changes, just that this package have been updated a lot.

Ref: https://github.com/flatpickr/flatpickr/releases
2018-05-20 11:11:03 -07:00
Priyank Patel f02c2349b8 @types/webpack: Upgrade @types/webpack to v4.4.0.
This updates the webpack typescript type defenations to latest so we
can find bugs with webpack configurations.
2018-05-20 11:11:03 -07:00
Priyank Patel bcfc34c996 webpack-cli: Upgrade webpack-cli to v2.1.3.
This version just contains bugs fixes and regressions covered.
Ref: https://github.com/webpack/webpack-cli/releases/tag/2.1.3
2018-05-20 11:11:03 -07:00
Priyank Patel 50b663906a nyc: Upgrade nyc to v11.8.0.
This fixes a one vulnerability with this package's dependency.

randomatic - Cryptographically Weak PRNG
Ref: https://nodesecurity.io/advisories/157
2018-05-20 11:11:03 -07:00
Priyank Patel 19ba08e055 webpack-dev-server: Upgrade webpack-dev-server to v3.1.4. 2018-05-20 11:11:03 -07:00
Priyank Patel 74b0a73260 phantomjs-prebuilt: Upgrade phantomjs-prebuilt to 2.1.16.
This solves 8 vulnerabilities, in its dependencies.

conacat-stream - Memory Exposure
Ref: https://nodesecurity.io/advisories/597

hoek - Prototype Pollution
Ref: https://nodesecurity.io/advisories/566

tunnel-agent - Memory Exposure
Ref: https://nodesecurity.io/advisories/598

debug - Regular Expression Denial of Service
Ref:  https://nodesecurity.io/advisories/534

stringstream - Out-of-bounds Read
Ref: https://nodesecurity.io/advisories/664
2018-05-20 11:11:03 -07:00
Priyank Patel b9d49c846e webpack: Upgrade webpack to v4.8.3. 2018-05-20 11:11:03 -07:00
Priyank Patel 6f4fc628e6 node-sass: Upgrade node-sass to v4.9.0.
This resolves 12 vulnerabilities.

Following were the issue with the dependencies of node-sass.
hoek - Prototype Pollution
Ref: https://nodesecurity.io/advisories/566

tunnle-agent - Memory Exposure issue
Ref: https://nodesecurity.io/advisories/598

stringstream - Out-of-bounds read
Ref: https://nodesecurity.io/advisories/664
2018-05-20 11:11:03 -07:00
Priyank Patel b376629974 ploty.js: Upgrade ploty.js to v1.37.1.
This solves 14 security venrubilities in the ploty.js's dependencies.
This was found by using the `npm audit` tool which can analyse dependencies
of dependencies issues.

static-eval - Sandbox Breakout / Arbitrary Code Execution
Ref: https://nodesecurity.io/advisories/548

hoek - Prototype pollution
Ref: https://nodesecurity.io/advisories/566

stringstream - Memory Exposure issue
Ref: https://nodesecurity.io/advisories/664
2018-05-20 11:11:03 -07:00
Nikhil Kumar Mishra fa9d79e203 stats: Add 1 day actives and total users to number of users chart. 2018-05-20 10:56:16 -07:00
Rishi Gupta 5ddc6c21e9 stats: Clean up line spacing in populate_number_of_users in stats.js.
We use this compressed form in our other layout definitions. Makes it easier
to visually digest.
2018-05-20 10:56:16 -07:00
Rishi Gupta 66a589c7a7 stats: Extend get_chart_data to support charts with multiple CountStats. 2018-05-20 10:56:16 -07:00
Rishi Gupta 08bf0a66b8 stats: Refactor the get_time_series_by_subgroup calls in get_chart_data.
This code is going to end up pretty complex -- each stat has multiple levels
of aggregation (UserCount, RealmCount, InstallationCount), and refinement
(subgroups), and soon we'll have charts that take data from multiple stats
as input.

Not sure what the best way to present it is, but hopefully this simplifies
it a bit.
2018-05-20 10:56:16 -07:00
Nikhil Kumar Mishra 26decb4c48 stats: Add 1day_actives::day CountStat to analytics tables. 2018-05-20 10:56:16 -07:00
Eeshan Garg 3dcde1c139 webhooks/mention: Update docs to conform to style guide.
This one took quite a while too. The interaction between Mention
and Zapier is kinda weird and the Zapier instructions are pretty
complicated.
2018-05-20 10:54:13 -07:00
Eeshan Garg 2f93c16df2 webhooks/slack: Update docs to conform to style guide. 2018-05-20 10:54:13 -07:00