Commit Graph

1328 Commits

Author SHA1 Message Date
Steve Howell 1f6ddf0110 refactor: Extract transmit.js from compose.js.
We now isolate the code to transmit messages into transmit.js.
It is stable code that most folks doing UI work in compose.js don't
care about the details of, so it's just clutter there.  Also, we may
soon have other widgets than the compose box that send messages.

This change mostly preserves test coverage, although in some cases
we stub at a higher level for the compose path (this is a good thing).
Extracting out transmit.js allows us to lock down 100% coverage on that
file.
2018-02-20 09:29:26 -08:00
Vishnu Ks d34dd4cd02 signup: Show subdomain availability during signup.
This uses an actual query to the backend to check if the subdomain is
available, using the same logic we would use to check when the
subdomain is in fact created.
2018-02-19 10:45:17 -08:00
Tim Abbott be9dbccdfa settings: Link to documentation on changing settings.
This is obviously more important than the pre-existing link to the
developer documentation for this system.

Fixes #7910.
2018-02-19 09:55:50 -08:00
Shubham Dhama 9feae472f8 org settings: Add button to deactivate organization.
This adds button under "Organization profile" settings, which
deactivates the organization and sends an "event" to all the
active user and log out them.

Fixes: #8212.
2018-02-18 10:20:38 -08:00
Tim Abbott b3d37b5412 sendfile: Clean up sendfile settings code. 2018-02-16 05:10:19 +05:30
Aditya Bansal efe8545303 local-uploads: Start running authentication checks on file requests.
From here on we start to authenticate uploaded file request before
serving this files in production. This involves allowing NGINX to
pass on these file requests to Django for authentication and then
serve these files by making use on internal redirect requests having
x-accel-redirect field. The redirection on requests and loading
of x-accel-redirect param is handled by django-sendfile.

NOTE: This commit starts to authenticate these requests for Zulip
servers running platforms either Ubuntu Xenial (16.04) or above.

Fixes: #320 and #291 partially.
2018-02-16 05:06:37 +05:30
Greg Price 8d98ce1648 errors: Note upstream fix for that Django DisallowedHost bug. 2018-02-15 10:37:29 -08:00
Greg Price c6ce6dd5c6 settings: Try to clarify how AUTH_LDAP_USER_ATTR_MAP works.
This comment didn't really explain things unless you were looking at
the code, and/or had a strong enough association for what "cn" means
that it was obvious what must be meant.  Maybe this will be clearer.

There is one other meaningful key, which is optional: "short_name",
for which I guess a typical value if supplied would be "uid" or
"userid".  I'm not sure we really do much with a user's `short_name`,
though, so didn't add a comment for it.  When this key is omitted,
we set the user's `short_name` to the same thing as `full_name`.
2018-02-13 11:18:14 -08:00
Aman Jain a0b58b1560 activity: Add a link to copy list of realm admins.
Tweaked by tabbott to do the database queries properly.

This should help user to copy realm admin emails in a go.
Fixes: #7885
2018-02-12 08:55:45 -08:00
Greg Price 12d878c785 APNs: Drop disused setting from old implementation. 2018-02-09 17:16:21 -08:00
Tim Abbott afda05adc4 rate limiting: Increase default rate limits.
It's too easy to go over the rate limits when using the webapp.

The correct fix for this probably involves some changes to which
routes get covered by what sort of rate limit, but for now, just
increase the limits.
2018-02-09 11:55:08 -08:00
Greg Price 9e70026741 settings: Slightly clarify LDAP setup docs.
There's kind of a lot of prose in this LDAP section; and empirically
this bit about zulip-secrets.conf is easy to miss.
2018-02-08 10:05:25 -08:00
Brock Whittaker fe3a5665da panels: Rename "desktop_notifications_panel" => "panels".
The original code made a 3/4-hearted effort to generically accommodate
more banners/"panels" later, but named itself after the first one made.

[greg: expanded commit message.]
2018-02-05 16:00:52 -08:00
Greg Price 93e29629ab settings: In ALLOWED_HOSTS example, show a list and an IP address.
Different formats for configuration files have a wide variety of ways
of representing lists; so if you're not accustomed to Python syntax,
or aren't thinking of this file as Python code, the syntax for several
ALLOWED_HOSTS entries may not be obvious.  And this setting is one
that an admin is likely to want to touch quite early in using Zulip.
So, demonstrate a multi-element list.

For similar reasons, demonstrate an IP address.  This one is in a
range reserved for documentation (by RFC 5737), like `example.com`.
2018-02-05 10:27:04 -08:00
rht 9a8d2244ca django-2.0: Shift to resolvers from urlresolvers.
The old name is deprecated.
2018-01-30 10:53:54 -08:00
Aditya Bansal 0fcf0c5052 thumbor: Add thumbor on port 9995 in development.
For now, this does nothing in a production environment, but it should
simplify the process of doing testing on the Thumbor implementation,
by integrating a lot of dependency management logic.
2018-01-29 13:10:29 -08:00
Greg Price 3230d35d7f settings: Clean up EMAIL_HOST documentation a bit.
Gmail is a bad example for outbound email; use a generic example.

Also leave the `= None` default out of the config file, as it's
redundant with DEFAULT_SETTINGS in our internal settings.py ; and
explain in the latter why we don't mention the other SMTP settings.
2018-01-24 14:58:21 -08:00
Greg Price 6da9ecef88 settings: Set a flag when email isn't configured, so we can warn. 2018-01-24 14:34:30 -08:00
Greg Price 08bbd7e61d settings: Slightly simplify EMAIL_BACKEND logic.
DEVELOPMENT is defined as just `not PRODUCTION`, but this code made
it look like things might be more complicated than that.
2018-01-24 14:34:30 -08:00
Tim Abbott 56395f40d2 static: Restore bundling KaTeX and zxcvbn via django-pipeline.
Since we need KaTeX to be available for zerver/lib/tex.py and
static/third/katex/cli.js to be able to shell out to it.  However, for
some reason, the KaTeX we bundle using Webpack doesn't seem to be
importable by Node (and it's also kinda a pain to find its filename
from `cli.js`).

So, we work around this by just using the legacy system for KaTeX.

Something similar is needed for zxcvbn.js, in order to support the
settings_account.js use case (basically deferred loading of this
file); that requires JS code to have access to the correct path for
zxcvbn.
2018-01-23 12:30:28 -08:00
Aditya Bansal 76f6f7cb47 datetimepicker: Add flatpickr lib as dependancy. 2018-01-19 11:33:11 -05:00
Aditya Bansal c770bdaa3a reminder_bot: Add infra for adding reminder bot to every realm. 2018-01-19 11:33:11 -05:00
Vishnu Ks 0bca0286a1 billing: Integrate Stripe, using Stripe Checkout.
Stripe Checkout means using JS code provided by Stripe to handle
almost all of the UI, which is great for us.

There are more features we should add to this page and changes we
should make, but this gives us an MVP.

[greg: expanded commit message; fixed import ordering and some types.]
2018-01-17 16:43:54 -08:00
Reid Barton b01b4498cc Fix a typo in prod_settings_template.py. 2018-01-16 08:47:18 -08:00
Aditya Bansal ec1297c1e8 schedulemessages: Add delivery system for scheduled message. 2018-01-10 09:18:02 -05:00
Alena Volkova 9d1063d362 urls: Move the json/fetch_api_key endpoint to be an API-style route. 2018-01-08 13:15:52 -05:00
Vishnu Ks ec207e5697 slack importer: Use standalone database for running tests. 2018-01-07 09:50:27 -05:00
Cynthia Lin 7790e2b23c org settings: Add framework for User groups page. 2018-01-06 11:50:52 -05:00
Eeshan Garg 479bc41ca5 api docs: Remove old and outdated endpoint docs. 2018-01-04 10:17:29 -05:00
Rhea Parekh 092472f42d tests: Add test coverage for uploading avatars to S3UploadBackend.
Add test coverage for the function upload_avatar_image and
ensure_medium_avatar_image in S3UploadBackend.
2017-12-26 09:09:31 -05:00
Greg Price ca5c991994 errors: Simplify manual testing of error emails.
There are two different things you need to patch in order to get error
emails (at `/emails`) in dev.  Flip one of them in dev all the time,
and make the comment on the other a bit more explicit.
2017-12-22 11:52:13 -05:00
Greg Price b15231dfc2 logging: Rename AdminZulipHandler to AdminNotifyHandler.
This name hasn't been right since f7f2ec0ac back in 2013; this handler
sends the log record to a queue, whose consumer will not only maybe
send a Zulip message but definitely send an email.  I found this
pretty confusing when I first worked on this logging code and was
looking for how exception emails got sent; so now that I see exactly
what's actually happening here, fix it.
2017-12-22 11:52:13 -05:00
Vishnu Ks 16d8244c0a tests: Eliminate 'Sending invitation' output spam in test_signup.
Fixes #7563
2017-12-20 18:50:01 -08:00
Greg Price cd5e44491c logging: Drop confusing use of `propagate` in test_settings.
This line was added in e8ab7cd1a as a desperate measure to get the
`set_loglevel` helper to successfully suppress the `zulip.send_email`
logs.

In fact, the reason that just setting `level` there wasn't doing the
job had nothing to do with `propagate`, which doesn't interact with
`level`.  (See the long block comment in `zproject/settings.py`,
searching for "Python logging module", for my attempt at concisely
explaining these semantics.)  Rather, our setting for `level` was
getting clobbered by the use of `create_logger`; and setting
`propagate` to False worked by completely suppressing all logs to
`zulip.send_email` and descendants from reaching the normal handlers,
regardless of the log messages' levels.

Now that the `create_logger` issue is fixed (see a few commits before
this one), drop that.
2017-12-12 17:17:08 -08:00
Greg Price b6491fd52a logging: Eliminate log_level from create_logger.
Because calls to `create_logger` generally run after settings are
configured, these would override what we have in `settings.LOGGING` --
which in particular defeated any attempt to set log levels in
`test_settings.py`.  Move all of these settings to the same place in
`settings.py`, so they can be overridden in a uniform way.
2017-12-12 17:17:08 -08:00
Greg Price 10fc40a3f1 dev_settings: Remove accidentally-pushed OAuth app IDs.
These aren't of much use without the corresponding secrets (despite us
calling one of them a "key", both are public IDs), which are in my
personal dev-secrets.conf.  So, remove them.

I had this commit applied in order to test what became 90944983f...
and then I accidentally included it in what I pushed, as 0fa9a489d.
Oops.
2017-12-11 21:06:35 -08:00
Greg Price 0fa9a489d5 wip test oauth 2017-12-11 20:03:52 -08:00
Brock Whittaker e0236646bf night-mode: Add custom CSS through JS.
This adds custom CSS through JavaScript for things that do not
scope well and will override other inherited styles.

This should ONLY be used for problematic CSS that has no obvious
or easy CSS-only solution.

(Specifically, we need this for the "default link" styling, which is
hard to override because we don't want to start winning ties due to
specificity that we would not have won in the light theme).
2017-11-29 23:06:11 -08:00
Rishi Gupta 7c9694077e confirmation: Move check_prereg_key_and_redirect to registration.py. 2017-11-29 22:18:05 -08:00
Rishi Gupta 3675d97870 confirmation: Refactor views.confirm to be clearer.
Also gives more appropriate error messages for expired user_registration and
invitation links.
2017-11-29 22:03:09 -08:00
Tim Abbott f9347962f6 settings: Only include two-factor apps if two-factor auth is enabled. 2017-11-29 11:09:16 -08:00
Vishnu Ks 954c363a2f dev_settings: Convert hostname to lower case when setting external host. 2017-11-29 10:02:55 -08:00
Tim Abbott 586e18b237 auth: Allow accounts with the same email in different realms.
[Modified by greg to (1) keep `USERNAME_FIELD = 'email'`,
(2) silence the corresponding system check, and (3) ban
reusing a system bot's email address, just like we do in
realm creation.]
2017-11-28 16:23:10 -08:00
Greg Price b6cc21b438 debug: Add facility to dump tracemalloc snapshots.
Originally this used signals, namely SIGRTMIN.  But in prod, the
signal handler never fired; I debugged fruitlessly for a while, and
suspect uwsgi was foiling it in a mysterious way (which is kind of
the only way uwsgi does anything.)

So, we listen on a socket.  Bit more code, and a bit trickier to
invoke, but it works.

This was developed for the investigation of memory-bloating on
chat.zulip.org that led to a331b4f64 "Optimize query_all_subs_by_stream()".

For usage instructions, see docstring.
2017-11-28 15:52:07 -08:00
Umair Khan 274bba82b9 two_factor: Add configuration and URLs.
This adds django-two-factor to the project, but held behind
settings.TWO_FACTOR_AUTHENTICATION_ENABLED, so that this has no effect
by default.
2017-11-28 15:21:40 -08:00
Tommy Ip ddaff4cd2a refactor: Extract upload mechanics to new JS module.
Tweaked by tabbott to move changes from the next commit that are
required for this to pass tests into this commit.

Note that this exports a few items that were not previously exported.
2017-11-27 21:31:51 -08:00
derAnfaenger c8a5ae753c embedded bots: Consistently use 'storage' instead of 'state.' 2017-11-27 21:05:34 -08:00
rht 92888a0cde zproject: Use Python 3 syntax for typing. 2017-11-27 17:01:18 -08:00
Tim Abbott 8b935f4e99 settings: Add setting for SYSTEM_BOT_REALM.
This fixes some subtle JavaScript exceptions we've been getting in
zulipchat.com, caused by the system bot realm there not being "zulip"
interacting with get_cross_realm_users.
2017-11-27 14:46:07 -08:00
Tim Abbott d1ff4293a5 backends: Remove assumption that only one user can have a given email.
I probably should have just done this in the original implementation;
there's only a small downside in the form of an extra database query
when trying to authenticate a user who doesn't exist.
2017-11-26 15:42:48 -08:00