Commit Graph

16224 Commits

Author SHA1 Message Date
Zixuan James Li 7dbd98d25c rest: Restrict access to json views via basic auth.
Previously, test cases or clients accessing /json/ views using HTTP
Basic Auth would be accepted, while we intended to only allow clients
authenticated with a session cookie to access these views.

This adds a check on the accessed path to avoid this possibility.

It seems unlikely that any API clients clients were taking advantage
of this unintended quirk; so we're not going to bother documenting
this bug fix as an API change. In any case, it should be trivial for
anyone affected to consult the documentation and then switch their
/json/foo URL to a correct /api/v1/foo URL.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-11-04 14:44:07 -07:00
Sahil Batra 1fce1c3c73 register: Handle "Pronouns" type fields for older mobile clients.
Mobile clients older than v27.192 do not support PRONOUNS type
custom profile fields, so we instead change the type of it to
SHORT_TEXT in the data sent with register response and also in
the events sent to those clients.
2022-11-04 14:31:18 -07:00
Sahil Batra b2737b0878 migrations: Add migration to migrate pronouns custom profile fields.
This commit adds a migration to migrate SHORT_TEXT type profile
fields for pronouns to recently added PRONOUNS type.
2022-11-04 14:31:18 -07:00
Anders Kaseorg b9dfa23666 requirements: Upgrade Python requirements.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-03 14:08:58 -07:00
Anders Kaseorg c6f6df986c openapi: Fix “contatining” typo.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-03 14:08:58 -07:00
M@ 47ecd33d3a
import: Narrow the id-window to just the current realm.
On multi-realm systems this results in traversal of all messages in
all realms and returns a massive payload of 1 row per stream on 
the server, not the intended one row per realm.
2022-11-03 12:13:43 -07:00
Anders Kaseorg 3d853caf16 ruff: Fix C417 Unnecessary `map` usage.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-03 12:10:15 -07:00
Anders Kaseorg ab864be904 ruff: Fix C416 Unnecessary `set` comprehension (rewrite using `set()`).
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-03 12:10:15 -07:00
Anders Kaseorg 77c15547e6 ruff: Fix C414 Unnecessary `list` call within `sorted()`.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-03 12:10:15 -07:00
Anders Kaseorg 69e94b5991 ruff: Fix C413 Unnecessary `list` call around `sorted()`.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-03 12:10:15 -07:00
Anders Kaseorg 9e53f0c756 ruff: Fix C405 Unnecessary `list` literal (rewrite as a `set` literal).
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-03 12:10:15 -07:00
Anders Kaseorg 033d2615f6 ruff: Fix B017 `assertRaises(Exception):` should be considered evil.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-03 12:10:15 -07:00
Anders Kaseorg e1a2894af9 ruff: Fix B011 Do not `assert False` (`python -O` removes these calls).
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-03 12:10:15 -07:00
Anders Kaseorg adffad384c lint: Replace pycodestyle and pyflakes with ruff.
https://github.com/charliermarsh/ruff

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-03 12:10:15 -07:00
Tim Abbott 873ab01c7a message_flags: Fix accidentally quadratic behavior. 2022-11-02 21:05:24 -07:00
Sahil Batra aeb9a27d0e message: Ignore messages in unsubcribed streams when marking them unread.
Zulip's unread messages design has an invariant that all unread stream
messages must be in streams the user is subscribed to. For example, We
do not include the unread messages from unsubscribed streams in the
"unread_msgs" data structure in "/register" response and we mark all
unread messages as read when unsubscribing a user from a stream.

Previously, the mark as unread endpoint allowed violating that
invariant, allowing you to mark messages in any stream as unread.

Doing so caused the "message_details" data structures sent with
"update_message_flags" events to not contain messages from
unsubscribed streams, even though those messages were present in the
set of message IDs. These malformed events, in turn, caused exceptions
in the frontend's processing of such an event.

This change is paired with a separate UI change to not offer the "Mark
as unread" feature in such streams; with just this commit, that will
silently fail.

With some additions to the tests by tabbott.
2022-11-02 14:49:23 -07:00
Mateusz Mandera 6e336ef6f6 delete_topic: Use the same timeout pattern as /mark_all_as_read.
We don't want to use the nginx 502 timeout as an API pattern. In
/mark_all_as_read we've already figured out how we want to handle this
instead.
2022-11-02 16:50:06 -04:00
Zixuan James Li da9ad7c3a7 markdown: Pass realm down into render_stream_description.
This guarantees that the Realm is always non-None when we hit the
codepath is_static_or_current_realm_url via
do_change_stream_description, so that we can properly skip rewritting
some images.

Fixes #19405

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-11-01 08:20:47 -07:00
Mateusz Mandera 582d5b0aa3 realm_creation: Rework error pages.
The previous error page was inadequate for serving the two different
scenarios where we show errors in realm_creations, in particular
containing a misleading sentence about realm creation being disabled
(even in the case where it was actually enabled and the user simply had
an expired link).
2022-10-31 17:35:06 -07:00
Tim Abbott b057d8ea17 invites: Delete ScheduledEmails in revoke invites transactions.
This prevents likely rare race conditions where a reminder about a
revoked invitation might get sent.
2022-10-31 15:06:42 -07:00
Mateusz Mandera 3dd0545118 invites: Add atomic() around some invite-revoking blocks.
These should only ever happen together, so should be wrapped in
atomic().
2022-10-31 14:37:46 -07:00
Lauryn Menard 0c947985bd tests: Update tests to use example profile picture.
So that we can stop using Tim's photo for tests, adds an open
license profile picture to use instead.

Updates tests that used `tim.png` to use the new example profile
picture, which is located in `static/images/test-images/avatars/`.
2022-10-31 14:36:54 -07:00
Lauryn Menard 1eda42f509 images: Create `/authentication_backends` directory for icons.
Creates `static/images/authentication_backends` directory for icons
of backend authentication methods, which are used on the log-in page.

And updates the example documentation in the API `/server_settings`
endpoint.
2022-10-31 14:36:54 -07:00
Lauryn Menard 89713bab76 tests: Use Zulip icon for markdown test cases instead of octopus.
Updates the markdown test case that used `zulip-octopus.png` to
instead use an zulip logo that's also referenced in a frontend
puppeteer test, `static/images/logo/zulip-icon-128x128.png`.
2022-10-31 14:36:54 -07:00
Sahil Batra 888e4f9bf4 custom_profile_fields: Fix query for display_in_profile_summary limit.
The query in display_in_profile_summary_limit_reached should check
realm also since there is per-realm limit of 2 fields, otherwise
this will cause issues where multiple realms are hosted on the
same server.

Fixes #23368.
2022-10-31 14:10:47 -07:00
Mateusz Mandera 760587450e retention: Remove two redundant comments.
These two identical comments don't contribute anything useful and seem
just out of place at this point.
2022-10-31 10:23:57 -07:00
Mateusz Mandera 7b13204e8f retention: Use Message.realm to simplify private message query.
We no longer need to do the inner joins to figure out the message's
realm and split up the cross-realm and regular case - now we just look
at zerver_message.realm directly.
2022-10-31 10:23:57 -07:00
Mateusz Mandera 78a325ac58 internal_send_private_message: Fix edge case of message to system bot.
I don't think this is used anywhere outside of tests, but we should have
this logic correct. If this function is used to send a message from a
user to a cross-realm bot, the message.realm should be the realm of the
user.

In the normal case, where a user send a message to a cross-realm bot
through the API is already handled correctly, this bug is unrelated.
2022-10-31 10:23:57 -07:00
Mateusz Mandera ebc144896f delete_realm: Use Message.realm column for message count. 2022-10-31 09:57:42 -07:00
Mateusz Mandera 601f0677f3 update_first_visible_message_id: Use Message.realm column.
With the Message.realm column added, this query can now be improved.
2022-10-31 09:57:42 -07:00
Lauryn Menard bcd1763dca api-docs: Clarify narrow parameters in API documentation.
Clarifies most of the narrow parameter descriptions by adding
information about what a user's message history includes, about
new bot users not generally being subscribed to streams, and
about the specific `streams:public` narrow.

Updates the main descriptions for the `/get-messages` and
`/check-messages-match-narrow` endpoints.

Fixes #19477.
2022-10-28 17:32:44 -07:00
Sahil Batra 2a8b7412ff url_encoding: Use user name instead of email in personal_narrow_url.
This commit updates the urls for personal narrow sent in email
notifications to be of form "{user_id}-{encoded_full_name}" to
make it consistent with the urls that we use for such narrows
in webapp which were recently updated in b4eddad for improving
performance. We encode the full name in the same way that we do in
webapp by replacing the url characters encoded by browser with "-".
2022-10-28 09:47:43 -07:00
Mateusz Mandera a410f6b241 do_mark_all_as_read: Split up the work into batches.
Fixes #15403.
2022-10-27 16:59:54 -07:00
Mateusz Mandera ef468322f1 test_openapi: Fix status code passed to validate_... in test_attributes.
It doesn't seem to make sense to append _{number} to the status code in
that arg, because the resulting string stops looking like a status code
and actually makes this test fail in the follow-up commit with the
confusing error message of

Unknown response http status: 2000

So this just seems like a bug.
2022-10-27 16:59:54 -07:00
Alya Abbott 8f6cf65f28 help center: Reorganize and extend the "Logging in" help page.
Also move some instructions from related pages into shared /include files,
with minor tweaks.
2022-10-26 12:28:29 -07:00
Matt Keller 4d87bf291c slack: Skip files where file_access: file_not_found. 2022-10-25 12:18:20 -07:00
Lauryn Menard e66f125ee6 recent-topics: Update hash for view to be "#recent".
Updates the hash used for the recent conversations view to be
"#recent" instead of "#recent_topics".

We will need to keep the logic for handling "#recent_topics"
permanently because users potentially have messages from
Welcome Bot with links to that hash.

Including "recent_topics" as a web_public_allowed_hash in
hash_util.js can be changed once self-hosted servers cannot
upgrade directly to Zulip 5.x from the current version.

Fixes #23132.
2022-10-25 11:03:44 -07:00
Anders Kaseorg d41afb2b25 tools: Add missing spaces in concatenated string literals.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-10-24 14:52:49 -07:00
Prakhar Pratyush 38aa1ee1ff test_classes: Improve assert_database_query_count output message.
Output message should talk about both the cases:
actual_count > expected_count and actual_count < expected_count.

The message now includes information for the case where
actual_query_count < expected_query_count.

Fixes: #23325
2022-10-24 10:18:58 -07:00
Lauryn Menard c9044f7acd recent-topics: Rename to "Recent conversations" in web-app and docs.
Replaces instances of "recent topics" in the web-app and documentation
to be "recent conversations".

Renames both `recent-topics.md` files in the help center to be
`recent-conversations.md` and updates/redirects links to new URL.

Does not update instances of "recent topics" in frontend code comments
and does not update the main overview changelog, for now.

Does not change case study text where "recent topics" was referenced
in a quote, but does change generic text references to be "recent
conversations".
2022-10-21 10:28:19 -07:00
Anders Kaseorg c5c180fda3 email_validation: Restore case-insensitive domain validation.
This was broken by commit b945aa3443
(#22604), because email_to_domain implicitly lowercased the result.

No adjustment is needed for is_disposable_domain, which already
lowercases its argument.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-10-20 08:19:07 -07:00
Anders Kaseorg 89e4233b68 timeout: Correct thread id type passed to PyThreadState_SetAsyncExc.
This type changed in Python 3.7:
https://github.com/python/cpython/pull/781

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-10-19 14:49:24 -07:00
David Rosa 64c31b7cb9 help: Rename "Add custom profile fields" -> "Custom profile fields".
Renames the help article on custom profile fields to reflect that
its content is not just about adding fields.

Adds a redirect from the old URL to the new URL and updates internal
links, linking to #add-a-custom-profile-field where appropriate.

Fixes #23170.
2022-10-19 11:58:00 -07:00
Mateusz Mandera f6f7e4c53f migrations: Remove bugged Recipients in 0419. 2022-10-18 20:50:10 -07:00
David Rosa d9dd272a78 help: Update documentation on bots.
Adds new tab to `zerver/lib/markdown/tabbed_sections.py` to document
managing bots from both personal settings and organization settings.

Documents adding bots from the organization settings Bots panel.

Separates instructions for deactivating and reactivating a bot from
both personal settings and organization settings.

Fixes a few formatting issues such as missing bold formatting and
heading level.

Fixes: #23066.
2022-10-18 10:16:42 -07:00
Florian Pritz f37ac80384 import_realm: Speed up first_message_id calculation.
On my data (about 10 million messages in 1600 streams) this used to take
about 40 hours, while the improved statement completes in roughly 30
seconds.

The old solution had postgres go through the entire table until the
first match for each stream. Thus, the time spent scanning the table
got longer and longer for each stream because postgres always started at
the beginning (and somehow it did not use any indices) and had to skip
over all rows until it found the first message from the stream that is
was looking for each time.

This new statement just performans a bulk operation, scanning the table
only once and then inserts the results directly into the destination
table.

Slightly more verbose inforation about this change can be found in:
https://chat.zulip.org/#narrow/stream/31-production-help/topic/Import.20Rocketchat.20data/near/1408867

Signed-off-by: Florian Pritz <bluewind@xinu.at>
2022-10-17 11:43:21 -07:00
Zixuan James Li 46329a2710 test_classes: Create a dedicate helper for query count check.
This adds a helper based on testing patterns of using the "queries_captured"
context manager with "assert_length" to check the number of queries
executed for preventing performance regression.

It explains the rationale of checking the query count through an
"AssertionError" and prints the queries captured as assert_length does,
but with a format optimized for displaying the queries in a more
readable manner.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-10-17 11:32:52 -07:00
Zixuan James Li 9117db8887 test_helpers: Tighten type annotation for queries_captured.
This adds CapturedQueryDict to provide a more accurate type annotation
for the return value of queries_captured. We also replace "Generator"
with "Iterator" because the latter two type parameters were unused.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-10-17 11:32:52 -07:00
PIG208 7db221c8dc
migrations: Remove noop realm filters operations.
We followed a same approach as in #22611 to mark migrations as noops. We
might eventually squash them.

Migration operations that only change the validators should be removed
as they are essentially noops that do not affect the database schema.

However, ./manage.py makemigration still generates a new migration for
validators change regardless. So we still have to keep one migration
that updates the validators to the latest state. We prefer to keep the
earliest one for this purpose.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-10-14 17:52:28 -07:00
Mateusz Mandera 61de767967 login page: Show form-independent errors even if email auth disabled.
These used to only be shown conditional on the
{% if password_auth_enabled %} in the template. Meaning that if you had
an org with email auth disabled and a deactivated user tried to log in,
they wouldn't see the error shown and get confused.

This switches the position of where these error will be shown (above the
login+password form instead of below it), but it looks fine.
2022-10-14 13:07:58 -07:00
Lauryn Menard 171da34546 events: Send empty list for custom_profile_fields in spectator view.
Send an empty list of `custom_profile_fields` in `page_params` for
spectators, rather than not sending the field at all.

Also, updates the user info popover to not show the manage user
three-dot menu when in a spectator view.
2022-10-14 13:05:35 -07:00
Tim Abbott 966e63cc14 migrations: Add noop reverse_code for migration 0419.
This migration is naturally one that should be a noop when
downgrading, so declare it as such.
2022-10-13 23:16:01 -07:00
Lauryn Menard 98074951ef api-docs: Update examples of queue_id for uuid format. 2022-10-13 10:08:42 -07:00
Alex Vandiver c328de3372 cache: Log a warning when attempting to store a whole QuerySet.
As noted in the previous commit, this causes bloat in memcached, for
no purpose.  Log a warning when `cache_with_key` sees a QuerySet
returned from the function it is decorating.
2022-10-12 22:25:48 -07:00
Alex Vandiver 55c0e670d9 cache: Only cache list results of QuerySets, not the QuerySet itself.
Storing a QuerySet rather than the list version of the result in it
has a large overhead -- and, as noted by the type annotations, the
result is only ever used as a list.  This difference is particularly
important because the cached `get_realm_user_dicts` can get extremely
large for realms with large numbers of users, potentially overflowing
the 1MB default object limit in memcached.

Switch all cases of `cache_with_key` which return QuerySets to
returning the list values of them.
2022-10-12 22:25:48 -07:00
Alex Vandiver 204f1b58e8 cache: Drop realm_id from `realm_user_dict_fields`.
Storing this key is superfluous, as it will be the same for all users,
and definitionally already known to fetch the cache for the realm.  It
is also not currently used by the callsites that read rows from the
cache.
2022-10-12 22:25:48 -07:00
Alex Vandiver 5d42a0cb00 linkifiers: Support %20 in URLs for topic links.
9381a3bd45 added support for linkifier pattern URLs containing
`%20`-style escapes, but only did so for the codepath which is used in
the message body -- topic links did not understand them.

Expand the support to include when they are substituted into topics.
2022-10-11 14:31:13 -07:00
Anders Kaseorg f28f30085a openapi: Remove documentation for unstable timezones.json path.
The location of files in /static is not part of our stable API.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-10-11 14:26:33 -07:00
Julia Bichler 4bb381fc80 message_edit: Support sending notifications with topic changes.
Previously we did not send notification for topic-only edits.
Now, we add backend support for sending notification to topic-only
edits as well.

We would add support for this in webapp in further commits since
message edit UI will be updated as well. We just make sure that no
notifications are sent when editing topic using pencil icon in
message header.

We also change the API default for moving a topic to only notify the
new location, not the old one; this matches the current defaults in
the web UI.

Includes many tests.

We also update the puppeteer tests to test only content edit as
we are going to change the UI to not allow topic editing from
message edit UI. Also fixing the existing tests to pass while
doing topic edits is somewhat complex as notification message
is also sent to new topic by default.

Fixes #21712.

Co-authored-by: Aman Agrawal <amanagr@zulip.com>
Co-authored-by: Tim Abbott <tabbott@zulip.com>
2022-10-11 11:35:41 -07:00
Matt Keller c5f106ce1b slack: Skip files where file_access: access_denied.
These stubs are incomplete and should be treated akin to tombstones.
2022-10-11 10:53:16 -07:00
Sahil Batra 3712d9c3f5 realm: Remove redundant code.
This code is not needed as we have changed the message
edit settings to be handled by "do_set_realm_property"
function in 04693b6ac1.
2022-10-11 10:51:43 -07:00
Mateusz Mandera 470c0458e6 do_deactivate_user: Use .on_commit around send_event calls.
The previous commit did this for revoking sessions. send_events should
be handled similarly too, to correctly handle calling do_deactivate_user
inside a transaction.
2022-10-11 10:49:07 -07:00
Mateusz Mandera a94b2572be do_deactivate_user: Revoke sessions in transaction.on_commit().
Fixes #21709.
2022-10-11 10:49:07 -07:00
Anders Kaseorg 6d19256877 notes: Separate __notes_map per-subclass.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-10-10 08:42:13 -07:00
Anders Kaseorg 1385a827c2 python: Clean up getattr, setattr, delattr calls with literal names.
These were useful as a transitional workaround to ignore type errors
that only show up with django-stubs, while avoiding errors about
unused type: ignore comments without django-stubs.  Now that the
django-stubs transition is complete, switch to type: ignore comments
so that mypy will tell us if they become unnecessary.  Many already
have.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-10-10 08:40:28 -07:00
Anders Kaseorg 5e1ebf2861 python: Fix __dict__ mutation abuse.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-10-10 08:33:08 -07:00
Anders Kaseorg b45484573e python: Use format string for logging str(obj).
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-10-10 08:32:29 -07:00
Anders Kaseorg fcd81a8473 python: Replace avoidable uses of __special__ attributes.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-10-10 08:32:29 -07:00
Mateusz Mandera cefed552f6 test_slack_importer: Add assertion about message count.
This will help catch any future regression that might lead the import
tool to fail to import messages into the correct realm.
2022-10-07 10:10:01 -07:00
Mateusz Mandera 42b3575183 models: Make Message.realm and ArchivedMessage.realm non-null.
In the previous commits, these have been backfilled, so now we can
enforce non-nullable.
2022-10-07 10:10:01 -07:00
Mateusz Mandera c1e701ec22 migrations: Add migration to backfill Message.realm. 2022-10-07 10:10:01 -07:00
Mateusz Mandera 00b3546c9f models: Add denormalized .realm column to Message.
This commit adds the OPTIONAL .realm attribute to Message
(and ArchivedMessage), with the server changes for making new Messages
have this set. Old Messages still have to be migrated to backfill this,
before it can be non-nullable.

Appropriate test changes to correctly set .realm for Messages the tests
manually create are included here as well.
2022-10-07 10:09:38 -07:00
Mateusz Mandera a4008d938a test_soft_deactivation: Add docstring explaining send_fake_message. 2022-10-07 10:09:38 -07:00
Anders Kaseorg 133c8b16ed requirements: Upgrade openapi-core.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-10-07 10:03:51 -07:00
Anders Kaseorg ba3aefc3d1 openapi: Set x-model: dict for objects used as associative arrays.
This works around an openapi-core bug.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-10-07 10:03:51 -07:00
Sahil Batra 2bf70fe4db custom_profile_field: Add "Pronouns" custom field type.
This commit adds "Pronouns" custom profile field type. We also
add "Pronouns" type field in the development environment
2022-10-06 17:56:26 -07:00
Anders Kaseorg 92ad4455ed requirements: Upgrade Django to 4.1.
zerver/migrations/0240_usermessage_migrate_bigint_id_into_id.py needs
to be updated to account for Django 4.1 creating AutoField as an
identity column rather than a serial column.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-10-06 15:59:07 -07:00
Anders Kaseorg 67cbb21267 migrations: Fix UserMessage.id sequence calculation in 0240.
The sequence value should reflect the last id, not the next id, to
avoid leaving a gap of 1.  Also, it should take ArchivedUserMessage.id
into account to avoid collisions during future archiving.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-10-06 15:59:07 -07:00
Anders Kaseorg 8230324068 markdown: Store ZulipMarkdown in members with the right type.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-10-06 15:15:10 -07:00
Anders Kaseorg 2bd81dd5c9 fenced_code: Avoid sloppy AttributeError handler.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-10-06 15:15:10 -07:00
Anders Kaseorg 3cf91e9e45 markdown: Rename our Markdown subclass to ZulipMarkdown.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-10-06 15:15:10 -07:00
Anders Kaseorg 97be895cf0 markdown: Remove Optional from zulip_rendering_result type.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-10-06 15:15:10 -07:00
Anders Kaseorg d01c99d2ee markdown: Add missing None check in InlineInterestingLinkProcessor.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-10-06 15:15:10 -07:00
Anders Kaseorg eb9957aa35 subdomains: Fix realm=None case for is_static_or_current_realm_url.
Fixes #22636.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-10-06 15:15:10 -07:00
Anders Kaseorg ad2795698b models: Remove explicit id fields.
With django-stubs, these explicit copies of Django’s implicit id
fields are no longer needed for type checking.  An exception is the
BigAutoField AbstractUserMessage.id, which is left alone.

This reverts commit c08ee904d8 (#15641).

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-10-06 13:49:11 -07:00
Anders Kaseorg 47c5deeccd python: Mark dict parameters with defaults as read-only.
Found by semgrep 0.115 more accurately applying the rule added in
commit 0d6c771baf (#15349).

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-10-06 13:48:28 -07:00
Zixuan James Li 7fd8d77ce0 typing: Import ValuesQuerySet alias from django_stubs_ext.
This saves us from using a conditional import.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-10-05 16:15:56 -07:00
Zixuan James Li a4eaa770f0 typing: Import StrPromise alias from django_stubs_ext.
This saves us from using a conditional import.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-10-05 16:15:56 -07:00
PIG208 df18bbbd48 requirements: Add django-stubs and configure plugin.
Note that django_stubs_ext is required to be placed within common.in
because we need the monkeypatched types in runtime; django-stubs
itself is for type checking only.

In the future, we would like to pin to a release instead of a git
revision, but several patches we've contributed upstream have not
appeared in a release yet.

We also remove the type annotation for RealmAuditLog.event_last_message_id
here instead of earlier because type checking fails otherwise.

Fixes #11560.
2022-10-05 16:15:56 -07:00
Zixuan James Li 4c3c976174 models: Implicitly type model fields with django-stubs.
Previously, we type the model fields with explicit type annotations
manually with the approximate types. This was because the lack of types
for Django.

django-stubs provides more specific types for all these fields that
incompatible with our previous approximate annotations. So now we can
remove the inline type annotations and rely on the types defined in the
stubs. This allows mypy to infer the types of the model fields for us.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-10-05 16:15:56 -07:00
Zixuan James Li b28949b9e7 typing: Use django-stubs' type annotations for QuerySet.
We no longer need to annotate the type of objects returned
from queries since django-stubs plugin infers that already.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-10-05 16:15:56 -07:00
evykassirer 6a90a4b27c emoji: Switch users with blob emoji to use Google style. 2022-10-04 12:29:35 -07:00
evykassirer c321f57785 settings: Explain that Google blob emojis are deprecated.
Part of fixing #19371.
2022-10-04 12:29:35 -07:00
evykassirer 8a9e68e026 emoji: Finish script to generate emoji_names.py with CLDR data.
This script pulls from our previously custom-written emoji strings
and fills in the rest from CLDR. It also removes 4 custom emoji which
collide with some of the new CLDR names (they will now just be called
by their CLDR name).
2022-10-04 12:29:35 -07:00
Anders Kaseorg 7dcffca50e tornado: Construct Django BaseHandler once, not per-request.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-30 11:20:45 -07:00
Anders Kaseorg 4c808026b2 tests: Disable lazy loading of moto.
This works around some regression in moto 1.3.15 that I bisected to
b8820009e8
where ‘tools/test-backend test_transfer’ fails when run by itself.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-30 11:19:39 -07:00
Zixuan James Li e16de8d9e7 scim: Further slim down SCIMClient removing unused attributes.
This removes everything from SCIMClient except the "is_authenticated`
method. Previously, "realm" and "name" were only needed for logging
purposes. It is the best to keep SCIMClient as minimal as possible, as
it is only intended to be used for authenticating requests to SCIM
views.

This change also gurantees that the "LogRequests" middleware will not
rely on the type unsafe access of the format_requestor_for_logs method
on SCIMClient.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-09-30 15:34:50 +02:00
Zixuan James Li a9273c9aac scim: Remove unused test case attribute.
The scim_client attribute on SCIMTestCase is currently unused since
9198fe4fac.

The creation of the SCIMClient instance was previously needed because
zerver.middleware.validate_scim_bearer_token returns SCIMClient from the db.
The attribute itself on the was never really used in the test case.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-09-30 15:34:50 +02:00
Anders Kaseorg e00f883263 test_runner: Remove empty ParallelTestSuite.__init__ override.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-29 18:43:24 -07:00
khanhdq ee2141b0f1 email_notifications: Change missed message for wildcard mention.
Add #stream_name to wildcard mention because it is important
information for interpreting the wildcard mention (larger streams may
mean something very different to you than small ones).

Fixes #22885.
2022-09-29 15:55:14 -07:00
khanhdq bb8365ab36 email_notifications: Add ``realm_name`` to email notifications.
Add {{ realm_name }} to the "Reply to this email directly ..." line.

This ensures the realm name is always present in the email
notification footer area, in a consistent location.
2022-09-29 15:54:35 -07:00
khanhdq 59d0f9b301 email_notifications: Highlight personal mentions in explanations.
Change the explanations for why notifications were received, with
different text for personal and wildcard mentions.
2022-09-29 15:54:21 -07:00
Sahil Batra 04693b6ac1 message_edit: Send only changed settings in event data and api response.
Previously, we included all three message edit related settings
("allow_message_editing", "message_content_edit_limit_seconds" and
"edit_topic_policy") in the event data and api response irrespective
of which of these settings were changed. Now, we only include changed
settings and separate events are sent for each setting if more than
one of them is changed.

Note that the previous typed in event_schema.py for
`message_content_edit_limit_seconds` incorrectly did not allow `None`
as a value, which is used to encode no limit.
2022-09-28 11:47:40 -07:00
Mateusz Mandera 522c159441 test_push_notifs: Change type_id arg of get_message to no default.
This isn't used anywhere, nor would type_id 100 make much sense.
2022-09-28 16:45:34 +02:00
Mateusz Mandera b35ad99035 test_push_notifications: Use proper user.id for Recipient type_id.
Recipient with type PERSONAL type_id 1 is a Recipient for a system bot,
since those get created first. Even if it doesn't break tests, it's
still bad, because it is not the intention of those tests to simulate a
cross-realm private message to a system bot.
2022-09-28 16:45:34 +02:00
Mateusz Mandera 5850c38f4e test_digest: Use proper stream.id in test_get_hot_topics.
Just using values 1 and 2 as stream ids is not good, because there's no
idea in which realm these streams are (or hypothetically if they exist).
This can create weird Messages with sender being a user of "zulip" realm
and the stream being in another realm - which would be a corrupted
state.
2022-09-28 16:45:25 +02:00
Kartik Srivastava 409ef040bb stream_topic: Refactor user_ids_muting_topic.
This refactors and renames user_ids_muting_topic to accept a parameter
'visibility_policy' and fetch user IDs that have a specific
visibility_policy(provided as the parameter) set for a topic.
2022-09-27 17:18:48 -07:00
Anders Kaseorg 8eec4bf171 message_fetch: Move narrowing query builder to zerver.lib.narrow.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-27 17:02:10 -07:00
Aman Agrawal b84722de01 events: Clean up logic for spectator events_register parameters.
Unfortunately, doing so requires forking common API documentation
text, since we're not making any changes to other endpoints that don't
allow unauthenticated requests at all.

Follow-up on #21995.
2022-09-27 16:12:59 -07:00
Mateusz Mandera 2811a1228f import_util: Make build_message only take kwargs.
build_message has a lot of arguments, so it's hard to verify correctness
of callers that just try to get the order right. It's much clearer to be
explicit via kwargs. mattermost.py and rocketchat.py already do this, so
let's bring slack.py and gitter.py up to par.
2022-09-27 15:04:48 -07:00
Mateusz Mandera e360b5e29b export: Remove unnecessary if in export with consent code.
This might be a bit cleaner.
2022-09-27 11:56:27 -07:00
Mateusz Mandera 318d7fd4cd export: Only export messages that a consenting user can access.
As mentioned in the TODO this commit deletes, the export with member
consent system was failing to account for the fact that if consenting
users only have access to a subset of messages of a stream with
protected history, only that subset should be exported - rather than all
the stream's messages.
2022-09-27 11:56:27 -07:00
Lauryn Menard 569863ffa6 templates: Improve footer content on documentation pages.
Makes the footer content on doc pages more contextually appropriate
for self-hosted organizations, when `settings.CORPORATE_ENABLED` is
false.

When `settings.CORPORATE_ENABLED` is true, there is specific footer
content for the policy documentation pages, and for the help center
and API documentation pages.

Fixes #23068.
2022-09-27 11:13:55 -07:00
Mateusz Mandera 065b59213b models: Rename get_huddle to get_or_create_huddle.
Small follow-up to d86e4ac34d.
get_ makes it sound like it doesn't have side-effects, when these are
actually much like the django ORM .get_or_create function.
2022-09-27 10:42:03 -07:00
Zixuan James Li a20c9ea28d scim: Use setattr to set request.user as scim_client.
This is a type-unsafe workaround before we can fix the problem that
django_scim2 relies on request.user being present to authenticate
requests.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-09-27 10:19:32 -07:00
Anders Kaseorg 676d40d66b sentry: Initialize sentry in AppConfig ready hook.
This breaks an import cycle that prevented django-stubs from inferring
types for django.conf.settings.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-26 12:42:36 -07:00
Anders Kaseorg 7908e2c3a5 computed_settings: Move logging callbacks from zerver.lib.logging_util.
This breaks an import cycle that prevented django-stubs from inferring
types for django.conf.settings.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-26 12:42:36 -07:00
Anders Kaseorg 02be415122 settings_type: Extract new module for types used in settings.
This breaks an import cycle that prevented django-stubs from inferring
types for django.conf.settings.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-26 12:42:36 -07:00
Anders Kaseorg 9198fe4fac scim: Downgrade SCIMClient from a model to an ephemeral dataclass.
SCIMClient is a type-unsafe workaround for django-scim2’s conflation
of SCIM users with Django users.  Given that a SCIMClient is not a
UserProfile, it might as well not be a model at all, since it’s only
used to satisfy django-scim2’s request.user.is_authenticated queries.

This doesn’t solve the type safety issue with assigning a SCIMClient
to request.user, nor the performance issue with running the SCIM
middleware on non-SCIM requests.  But it reduces the risk of potential
consequences worse than crashing, since there’s no longer a
request.user.id for Django to confuse with the ID of an actual
UserProfile.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-26 11:36:48 -07:00
Anders Kaseorg ce9ceb7f9f tornado: Fix Tornado CSRF check with X-Forwarded-Proto.
Since Django factors request.is_secure() into its CSRF check, we need
this to tell it to consider requests forwarded from nginx to Tornado
as secure.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-23 16:01:12 -07:00
Lauryn Menard b2e0b5187d api-docs: Document `away` as deprecated way to access presence_enabled.
Updates API documentation and changelog for user status `away`
now being a deprecated way to access a user's `presence_enabled`
setting for clients supporting older servers.

Final step in making user status `away` a deprecated way to access
`presence_enabled` for clients supporting older servers.

Part of transitioning from 'unavailable' user status feature to
'invisible mode' user presence feature.
2022-09-23 12:27:54 -07:00
Lauryn Menard 4793f017f9 user-status: Delete status field from UserStatus model.
We are no longer writing to or reading the UserStatus.status field,
so we delete that from the model.

Fifth step in making user status `away` a deprecated way to access
`presence_enabled` for clients supporting older servers.

Part of transitioning from 'unavailable' user status feature to
'invisible mode' user presence feature.
2022-09-23 12:27:54 -07:00
Lauryn Menard 37aca4ac67 user-status: Stop updating the UserStatus model for `away` updates.
Fourth step in making user status `away` a deprecated way to access
`presence_enabled` for clients supporting older servers, and
checkpoint commit prior to deleting the `status` field from the
UserStatus model.

Part of transitioning from 'unavailable' user status feature to
'invisible mode' user presence feature.
2022-09-23 12:27:54 -07:00
Lauryn Menard e36cfdb0a7 user-status: Send `away=True` if `!presence_enabled` for user status.
We stop sending the `away=True` based on the user's `UserStatus`
object having `status=AWAY`, and instead send that value if
`!presence_enabled` for the user.

Third step in making user status `away` a deprecated way to access
`presence_enabled` for clients supporting older servers.

Part of transitioning from 'unavailable' user status feature to
'invisible mode' user presence feature.
2022-09-23 12:27:54 -07:00
Lauryn Menard 7b128d6b1b user-settings: Migrate users with away status to `!presence_enabled`.
Now that user status updates with `away=True|False` also update the
user's presence_enabled setting, we do a migration so that users with
`UserStatus.status=AWAY` also have the presence_enabled setting as
False (`away=!presence_enabled`).

Second step in making user status away a deprecated way to access
presence_enabled for clients supporting older servers.

Part of transitioning from 'unavailable' user status feature to
'invisible mode' user presence feature.
2022-09-23 12:27:54 -07:00
Lauryn Menard 843eb4e4fc user-status: Update `presence_enabled` with changes to user status `away`.
When a user toggles a status update for `away=True|False`, we now update
their `presence_enabled` setting to match (`away!=presence_enabled`).

First step of making user status `away` updates a deprecated way to
access presence_enabled for clients supporting older servers, and
checkpoint commit before migrating users with a current UserStatus
of `status=AWAY` to have their `presence_enabled` set to `False`.

Note that when user status `away` is updated, we now send 4 events:
user_status, user_settings, presence, and update_global_notifications.

Also, this means that these updates change the UserPresence.status
value, which impacts the test for importing and exporting user
information.

Part of transitioning from 'unavailable' user status feature to
'invisible mode' user presence feature.
2022-09-23 12:27:54 -07:00
Lauryn Menard 3428fe86d6 user-status: Move `do_update_user_status` to separate actions file.
We need to move this function to a separate actions file specifically
for `user_status` because otherwise we will have a circular import
between `actions/user_settings.py` and `actions/presence.py` in an
upcoming commit.

Prep commit for migrating "unavailable" user status feature to
"invisible" user presence feature.
2022-09-23 12:27:54 -07:00
Lauryn Menard 47c1dbaa7d user-status: Refactor function names with "user_info" for clarity.
Rename functions that refer to "user_info" without a reference to
"status" to help clarify in the backend between UserPresence
and UserStatus models.

Prep commit for migrating "unavailable" user status feature to
"invisible" user presence feature.
2022-09-23 12:27:54 -07:00
Lauryn Menard 32381f8678 user-presence: Refactor function names with "status" for clarity.
Rename functions that refer to "status" without a reference to
"presence" to help clarify in the backend between UserPresence
and UserStatus models.

Prep commit for migrating "unavailable" user status feature to
"invisible" user presence feature.
2022-09-23 12:27:54 -07:00
Matt Keller fd996c286e slack: Filter out non-.json files for processing. 2022-09-23 09:59:34 -07:00
David Rosa c6abb7bedf help: Restructure "Mastering the compose box" article.
This help center article should include more features rather than just
focusing on the "go to conversation" button. We should broaden and
restructure this page to cover other advanced features.

Refactors the "Go to conversation" section as step-by-step instructions,
and adds a `keyboard_tip`.

Adds new section "Toggle between Ctrl+Enter and Enter".
Deletes the "Enable Enter to send" help center article, and adds its
content as a new subheading in this section.
Updates existing links accordingly and adds a URL redirect.
Documents "Enable Control + Enter to send".
Tweaks intro paragraph of "Mastering the compose box".

Fixes: #22817.
2022-09-22 15:20:37 -07:00
Mateusz Mandera 940830055b delete_in_topic: Split up the deletion into batches.
Fixes #22821.

As explained in the comment in the code:

Topics can be large enough that this request will inevitably time out.
In such a case, it's good for some progress to be accomplished, so that
full deletion can be achieved by repeating the request. For that purpose,
we delete messages in atomic batches, committing after each batch.

The additional perk is that the ordering of messages should prevent some
hypothetical deadlocks - ref #19054
2022-09-22 15:01:43 -07:00
Mateusz Mandera cf2f14f04c delete_in_topic: Name unused variable as ignored.
sub isn't used, so let's just call it ignored_sub to be explicit about
that intent.
2022-09-22 15:01:43 -07:00
yogesh sirsat 543f36b7da custom_profile_fields: Add "display_in_profile_summary" field in model.
To allow `custom_profile_field` to display in user profile popover,
added new boolean field "display_in_profile_summary" in its model class.

In `custom_profile_fields.py`, functions are edited as per conditions,
like currently we can display max 2 `custom_profile_fields` except
`LONG_TEXT` and `USER` type fields.

Default external account custom profile fields made updatable for only
this new field, as previous they were not updatable.

Fixes part of: #21215
2022-09-20 17:03:57 -07:00
Anders Kaseorg 2e9cd20380 timezone: Improve tzdata parser’s compatibility with zic(8).
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-20 16:58:31 -07:00
Anders Kaseorg 7222f3fe2b tornado: Raise the same error for nonexistent and unauthorized queues.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-20 15:20:36 -07:00
Anders Kaseorg f929050230 external_accounts: Make ExternalAccount dataclass to fix typing.
Commit 1a426fa6be (#22977) changed name
to be a StrPromise rather than a str.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-20 15:14:33 -07:00
Yogesh Sirsat 1a426fa6be i18n: Add translation tags to default external accounts name. 2022-09-20 10:42:33 -07:00
Zixuan James Li 3193afffe8 test_runner: Remove monkey-patched SubSuiteList.
This monkey-patching approach is not meaningful when what we really need
is just the names of the test, that can already be done in
get_test_names.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-09-20 10:18:22 -07:00
Lauryn Menard 34f5218cc8 templates: Replace default HTML title and meta-description elements.
Removes the default title element of "Zulip" from `base.html` and
the default meta-description sentence from `meta_tags.html`. Also
removes default open graph metadata.

For portico templates that would would fail tests, set both
`PAGE_TITLE` and `PAGE_DESCRIPTION` variables with appropriate
content.

Co-authored-by: Alya Abbott <alya@zulip.com>
2022-09-19 20:17:17 -07:00
Anders Kaseorg 92f9a9ba41 forms: Fix another 500 error on realm creation with invalid email.
Followup to commit c0287473b9 (#22723).

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-19 14:12:32 -07:00
Zixuan James Li 3400cb425b models: Tighten type annotation for query_for_ids.
This makes use of the type parameters of ValuesQuerySet (a.k.a
_QuerySet) to provide a more accurate type annotation for query_for_ids.

Note that QuerySet[ModelT] is equivalent to _QuerySet[ModelT, ModelT].

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-09-19 14:10:15 -07:00
Anders Kaseorg 23d9dd3163 streams: Fix can_remove_subscribers_from_stream type.
Added by commit c3fe8420fd (#22589).

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-19 13:53:44 -07:00
Mateusz Mandera 29589a69eb bots: Replace some redundant logic with is_cross_realm_bot_email.
is_cross_realm_bot_email is just
`email.lower() in settings.CROSS_REALM_BOT_EMAILS` which is the same,
aside of looking at .lower() - which is actually more correct.
2022-09-17 17:52:01 -07:00
rht a7cff0f091 Slack import: Translate to emoji name to codepoint using iamcal data.
Because Slack emoji naming is different from Zulip's.
According to https://emojipedia.org/slack/, Slack's emoji shortcodes are
derived from https://github.com/iamcal/emoji-data.
There are probably some deviations from that dataset, but this PR should
at least catch the ones that are identical to iamcal's.
2022-09-17 12:04:07 -07:00
Anders Kaseorg 403837e52d python: Use ‘not in’ for negated membership tests
Fixes “E713 Test for membership should be `not in`” found by
ruff (https://github.com/charliermarsh/ruff).

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-17 11:48:33 -07:00
Jason Hildebrand 7efd59b6d7 email_mirror: Remove limits (expiry, max uses) to improve usability.
These limits don't appear to provide useful security benefits, and
they do impact usability because they prevented email-based users from
replying more than once, or from replying to message more than 5 days
old.

Fixes #2755.
Fixes #19994.
2022-09-16 18:07:28 -07:00
yogesh sirsat 180a9cbdcb stream_bots: Allow bot owners to unsubscribe their bots from streams.
Users who owns bots can unsubscribe their bots from streams.

Fixes part of: #21402
2022-09-16 17:51:34 -07:00
Lauryn Menard eb377a8872 read_receipts: Exclude muted users from read receipts.
Removes IDs of users who have muted or been muted by the current
user from the list of user IDs returned by the read receipts
endpoint.

Fixes #22909.
2022-09-16 16:19:54 -07:00
Lauryn Menard 5e58f86aa7 models: Add backward relation to MutedUser foreign keys.
Updates the two UserProfile foreign key fields to have a backward
relation in the MutedUser model by changing the `related_name`
property.

This is a prep commit for removing users with a muted relationship
to the current user from read receipts.
2022-09-16 16:19:54 -07:00
Sahil Batra b9e0575829 realm: Allow only owners to change waiting_period_threshold setting.
We allow only owners to change the waiting period setting to become
full member. This commit contains only backend changes, frontend
changes will be done separately.
2022-09-16 15:27:52 -07:00
Sahil Batra f23bfbd462 realm_domains: Allow only owners to add, edit or delete domains.
We allow only owners to add, edit or delete the allowed domains.
This commit only contains backend changes, frontend changes will
be done in a separate commit.
2022-09-16 15:27:52 -07:00
Sahil Batra 1396fbab6e realm: Allow only owners to change restricted-login related settings.
We allow only owners to change disallow_disposable_email_addresses
and emails_restricted_to_domains settings. This commit only contains
change in backend part, frontend changes will be done separately.
2022-09-16 15:27:52 -07:00
Sahil Batra 63fa2a9338 realm: Allow only owners to change invite_required in backend.
We allow only owners to change the invite_required setting.
This commit only adds the restriction in backend, frontend
changes will be done separately.

We also add a helper function in test_realm.py to avoid
writing same code repeatedly and this helper will also
be used in tests for other settings to be added in
further commits.
2022-09-16 15:04:54 -07:00
Tim Abbott 76bcb96414 realm_export: Improve estimate of data export size.
As suggested by the new comments, the cost for a Zulip data export
scales with messages actually included in the export, so an
organizations with 1M private messages but only 50K public stream
messages should not be modeled the same as one with 1M public stream
messages for the purpose of the limits here.

Also improve the comments and variable names more generally.
2022-09-16 14:54:45 -07:00
Anders Kaseorg 31b4be3b9b event_queue: Replace sequential queue IDs with UUIDs.
This prevents ID conflicts when resharding between multiple Tornado
shards.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-16 10:06:07 -07:00
Tim Abbott 183e7be31c models: Fix subscribed typo. 2022-09-15 16:21:09 -07:00
Mateusz Mandera d86e4ac34d models: Improve comment documentation around Recipients and Huddles. 2022-09-15 16:12:17 -07:00
Anders Kaseorg 987ab741f9 sharding: Support Tornado sharding by regexes.
One should now be able to configure a regex by appending _regex to the
port number:

[tornado_sharding]
9802_regex = ^[l-p].*\.zulipchat\.com$

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-15 16:07:50 -07:00
Sahil Batra c3fe8420fd streams: Allow unsubscribing others based on can_remove_subscribers_group.
Current value of can_remove_subscribers_group field is admins system group
only so behavior is not changed. We would provide support to change this
setting from API and UI in further commits.
2022-09-14 16:14:15 -07:00
Sahil Batra b9248c75f4 stream: Add do_change_can_remove_subscribers_group and field to objects.
This commit adds do_change_can_remove_subscriber_group function for
changing can_remove_subscribers_group field of a stream. We also add
can_remove_subscribers_group_id field to stream and subscription
objects.

This function will be helpful for writing tests in next commit.
We would add API and UI support to change this setting in further
commits.
2022-09-14 16:03:11 -07:00
Sahil Batra 86c2f6881e models: Update can_remove_subscribers_group field to not be null.
This commit udpates can_remove_subscribers_group to be not null.
We already added a migration to set the value of this field for
existing streams and also added a commit to set this field to
admins system group for now while creating streams.
2022-09-14 16:03:11 -07:00
Sahil Batra c9c230c2da migrations: Add migration to set default of can_remove_subscribers_group.
This migration sets can_remove_subscribers_group value to admins system
group for all the existing streams. In further commit we would change
can_remove_subscribers_group to be not null and thus we add this migration
to ensure all existing streams have this setting value set.
2022-09-14 16:03:11 -07:00
Sahil Batra b0de5c0f36 streams: Set can_remove_subscribers_group while creating streams.
This commit sets can_remove_subscribers_group to admins system
group while creating streams as it will be the default value
of this setting. In further we would provide an option to set
value of this setting to any user group while creating streams
using API or UI.
2022-09-14 16:03:11 -07:00
Sahil Batra 941bb5a372 import: Fix import related code for user groups.
We change the import order to import UserGroup objects before
Stream such that we can set can_remove_subscribers_group correctly.

We do not import UserGroupMembership objects here along with
UserGroup since UserProfile objects are not imported and
GroupGroupMembership are also imported later as these are not
required before.
2022-09-14 16:03:11 -07:00
Sahil Batra 49d61d19f4 models: Add can_remove_subscribers_group field to Stream.
This new setting will be used to check which user group
is allowed to unsubscribe others from the stream.
2022-09-14 16:03:11 -07:00
Zixuan James Li e2bf8c49af test_decorators: Remove cachify test cases.
cachify has been removed in 9d448e73d2.
We don't need to keep its tests.

TODO: functools.lru_cache can be replaced by functools.cache when we
drop Python 3.8.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-09-14 09:40:46 -07:00
Anders Kaseorg 61e149dbb5 subdomain: Remove impossible None case from user_matches_subdomain.
The only two callers pass get_subdomain(request) which can’t be None.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-14 09:35:36 -07:00
Lauryn Menard f0dac7beef docs: Update base titles for documentation pages.
Updates the base titles so that they begin with the page content,
and end with "| Zulip" +  information about the type of doc: "help
center", "API documentation", "terms and policies", or "integrations".
2022-09-13 11:36:52 -07:00
Lauryn Menard 09d94c62a5 integrations: Revise integration CATEGORY dict structure.
Adds a META_CATEGORY dict for categories that are not best described
as groups of 'tools', so that in the subsequent commit the PAGE_TITLE
can be set accordingly.

Also, removes 'tools' from the 'Miscellaneous' category text and
spells out 'Human resources' instead of using 'HR'.
2022-09-13 11:36:52 -07:00
Sahil Batra 1e55e7641e export: Do not export direct_members and direct_subgroups field.
We do not need direct_members and direct_subgroups field of
UserGroup objects in the export data since we already have
UserGroupMembership and GroupGroupMembership object data.

While importing we keep these fields empty when creating
UserGroup objects and direct_members and direct_subgroups
fields will get set when UserGroupMembership and
GroupGroupMembership objects are created.

This change will also help us in further changes when we
will change the order of importing to import UserGroup
objects just after Realm objects.
2022-09-13 11:07:09 -07:00
Sahil Batra c714ad993b test_import_export: Add tests for GroupGroupMembership objects. 2022-09-13 11:07:09 -07:00
Anders Kaseorg bd9a1dc971 tests: Consistently JSON-encode ‘to’ parameter
Although our POST /messages handler accepts the ‘to’ parameter with or
without JSON encoding, there are two problems with passing it as an
unencoded string.

Firstly, you’d fail to send a message to a stream named ‘true’ or
‘false’ or ‘null’ or ‘2022’, as the JSON interpretation is prioritized
over the plain string interpretation.

Secondly, and more importantly for our tests, it violates our OpenAPI
schema, which requires the parameter to be JSON-encoded.  This is
because OpenAPI has no concept of a parameter that’s “optionally
JSON-encoded”, nor should it: such a parameter cannot be unambiguously
decoded for the reason above.

Our version of openapi-core doesn’t currently detect this schema
violation, but after the next upgrade it will.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-13 11:05:37 -07:00
Anders Kaseorg a1de8d95a8 openapi: Fix ‘to’ parameter schema.
The previous schema incorrectly prohibited the string, integer, and
string-array forms that we do in fact accept.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-13 11:05:37 -07:00
Anders Kaseorg a5a12398fe openapi: Fix ‘narrow’ parameter schema.
The previous schema incorrectly prohibited the two-element array form
that we do in fact accept, and didn’t specify anything about the
contents of the object form.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-13 11:05:37 -07:00
Yogesh Sirsat 50c13f9db0 custom_profile_fields: Backend tests for default external account type. 2022-09-12 14:29:11 -07:00
Yogesh Sirsat c355934179 custom_profile_fields: Change data of default external account type.
change the names of "github" and "twitter" external account fields to
"GitHub username" and "Twitter username" respectively and remove the
hints of them.
2022-09-12 14:29:11 -07:00
Florian Pritz a276603766 rocketchat: Deduplicate and ignore huddle rooms with same users.
If there are more than 1 room with the same set of users, the import
will fail due to a unique constraint on the huddle_hash. Figuring out
why and which room is causing this database error is kinda difficult.

We deduplicate those cases here and simply merge the rooms together.
Note however, that the deduplication does not work as expected so we
simply ignore them all together for now and only raise an exception
along some logging output. At least this way, it is pretty clear what is
wrong and you do not have to wait to get a database error during the
actual import.

We also ignore empty huddle rooms since those are the duplicates that
caused problems for me and if they are empty, ignoring them is easier
than trying to get the merge to work.

Not sure where those channels come from since we discovered this with
production data.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
2022-09-09 16:57:24 -07:00
Florian Pritz 3677aabcbd rocketchat: Ignore mention mapping failures.
Not sure where those come from since we discovered this with production
data.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
2022-09-09 16:57:24 -07:00
Florian Pritz c308799133 rocketchat: Only set message content if it exists.
Not sure where those come from since we discovered this with production
data.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
2022-09-09 16:57:24 -07:00
Florian Pritz 1cc2764d45 rocketchat: Ignore reactions from non-existant users.
Not sure where those come from since we discovered this with production
data. Somehow there were reactions with usernames that were old and no
longer existed.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
2022-09-09 16:57:24 -07:00
Florian Pritz 26fe028534 rocketchat: Truncate long stream names.
These will lead to an error during import otherwise.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
2022-09-09 16:57:24 -07:00
Florian Pritz 3a27919b5b rocketchat: Ignore rocketchat attachments without types.
Not sure where those come from since we discovered this with production
data.

There only was a single instance of this in my entire batch of data in
an old message from the time when we started using Rocket.Chat. This
might be an old issue or it might require some special settings that
were later changed.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
2022-09-09 16:57:24 -07:00
Florian Pritz 5ec8f4ef09 rocketchat: Ignore missing rocketchat attachments.
Not sure where those come from since we discovered this with production
data.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
2022-09-09 16:57:24 -07:00
Florian Pritz 96fa0991f8 rocketchat: Handle long or invalid rocketchat attachment names.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2022-09-09 16:57:24 -07:00
David Rosa 620854d437 integrations: Add incoming webhook macro to relevant docs.
Several integration docs instruct the user to create a bot, but don't
specify that the type of bot should be "Incoming webhook".

Renames create-a-bot.md -> create-an-incoming-webhook.md for clarity,
and replaces all incomplete instructions with this macro.
Renames bot_types.png -> bot_types_incoming_webhook.png and updates
the image with a screenshot of the latest UI.
2022-09-09 16:31:33 -07:00
David Rosa 217915a50c integrations: Remove "Yo".
The Yo company shut down in 2016.
https://en.wikipedia.org/wiki/Yo_(app)#History

Removes `yo` instances from `zerver/lib/integrations.py`.
Removes `zerver/webhooks/yo`.
Removes `static/images/integrations/yo-app`.
2022-09-09 16:31:33 -07:00
Raghav Luthra 4dad9fa158 user_settings: Add user setting to control the user list style.
Added a user_list_style personal user setting to the bottom of
Settings > Display settings > Theme section which controls the look
of the right sidebar user list.

The radio button UI includes a preview of what the styles look like.

The setting is intended to eventually have 3 possible values: COMPACT,
WITH_STATUS and WITH_AVATAR; the final value is not yet implemented.

Co-authored-by: Tim Abbott <tabbott@zulip.com>
2022-09-09 16:30:54 -07:00
Mateusz Mandera 95bc77ae4f help center: Update "SAML authentication" to follow help center guidelines.
Co-authored-by: Alya Abbott <alya@zulip.com>
2022-09-09 10:30:05 -07:00
Anders Kaseorg 7d485aa58f docs: Correct more “webapp” to “web app”.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-08 20:23:28 -07:00
Anders Kaseorg 4c38b1371b test_auth_backends: Fix SOCIAL_AUTH_GITHUB_TEAM_ID mock.
SOCIAL_AUTH_GITHUB_TEAM_ID is expected to be the string of an integer.

The requests mock for the bogus /None URL is unused because the
function that would request it is itself mocked.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-08 20:23:28 -07:00
Anders Kaseorg 6f5346cc7d stripe: Fix WildValue usage.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-08 20:22:38 -07:00
yogesh sirsat e4b74c2099 streams: Fix misleading comment in "test_subs". 2022-09-08 16:56:07 -07:00
Zixuan James Li 8a80443b73 uptimerobot: Use the create-bot-construct-url macro for uptimerobot.
Since the setup for uptimerobot does not deviate from what we have in
the "create-bot-construct-url" macro, we can reuse it and event
filtering instructions for uptimerobot will be automatically included.

TODO: Add event filtering documentation for buildbot when it supports
custom endpoint URL.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-09-08 13:37:35 -07:00
Zixuan James Li 6b527dfa61 integrations: Add documentation for the event filtering system.
We create "event-filter-instruction.md" and add it to
"create-bot-construct-url.md". This allows the user to keep track of the
supported event types for most of the integrations that implement this
feature. Note that not all integrations use "create-bot-construct-url.md".

We also need to rename "function" to "view_function" to make this change
type-check.

This is relevant to #18392.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-09-08 13:37:35 -07:00
Anders Kaseorg a9b12ae067 message_fetch: Remove obsolete UnicodeDecodeError handler.
This handler from commit a696141a25
(#7418) was almost certainly made unreachable when commit
c3e395b7d8 (#13092) removed anything
that might have thrown a UnicodeDecodeError from highlight_string.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-09-08 11:07:43 -07:00
Lauryn Menard 7f738803f0 help-docs: Rename organization language help center file.
Renames article about organization language used for automated
messages and invitation emails. Creates URL redirect and updates
links in repository (web app, help center and api documentation).

Prior to this change, the article was named:
'change-the-default-language-for-your-organization'.

Fixes #21949.
2022-09-07 09:45:37 -07:00
Christopher Chong 28173cafc8 message_flags: Fix deadlocks when updating message flags.
Previously, an active production Zulip server would experience a class
of deadlocks caused by two or more concurrent bulk update operations
on the UserMessage table.

This is because UPDATE ... SET ... WHERE statements that execute in
parallel take row-level UPDATE locks as they get results; since the
query plans may result in getting rows in different orders between two
queries, this can result in deadlocks.

Some databases allow ORDER BY on their UPDATE ... WHERE statements;
PostgreSQL does not. In PostgreSQL, the answer is to do a sub-select
with an ORDER BY ... FOR UPDATE to ensure consistent ordering on row
locks.

We do this all code paths using bitand or bitor as part of bulk
editing message flags, which should ensure that these concurrent
operations obtain row level locks on the table in the same order.

Fixes #19054.
2022-09-06 16:06:58 -07:00
Matt Keller e1023f45cf sentry: Properly stringify a possibly-None result. 2022-09-06 15:06:05 -07:00
Mateusz Mandera 01d659b672 internal_prep_private_message: Remove redundant realm arg.
This is redundant and is taken based on recipient_user anyway.
2022-09-06 15:03:17 -07:00
Lauryn Menard 049302fe61 templates: Rename `OPEN_GRAPH` variables to `PAGE` or `PAGE_METADATA`.
Renames existing template variables starting with `OPEN_GRAPH` to be
either `PAGE` or `PAGE_METADATA` since these variables are used for
adding both open graph metdata and page titles/descriptions for SEO.
2022-09-06 14:57:06 -07:00
Lauryn Menard 18b401f476 tests: Update DocPageTest for HTML metatags for landing pages.
Updates `_test` in DocPageTest so that the generic test boolean
parameters will confirm that there is an HTML title element as well
as a meta-description for SEO and meta tags for open graph data.

Sets tests for error pages and dev env pages to `landing_page=False`
since these pages will not have the metadata added in subsequent
commits.

API and integration docs are automated to have this metadata. There
is a specific test for the integrations open graph data. The list of
API endpoints with specific content are tested for this now.

The specific test for portico pages open graph data is removed in
favor of the more generic test style, which will not fail if/when
the template data and text is changed or updated.
2022-09-06 14:57:06 -07:00
Lauryn Menard cde096ffa5 tests: Split `test_doc_endpoints` into more specific endpoint tests.
In `zerver/tests/test_docs.py`, we split the catch all test for doc
endpoints into more specific test groups: dev environment pages,
error pages, corporate pages. Also, moves the api endpoints being
tested to the specific test for api endpoints.
2022-09-06 14:57:06 -07:00
Lauryn Menard 13852c54e8 tests: Expand test for new communities directory page.
Expands specific test for new open communities directory page to
test that the zulip dev realm was added to the page. Adds a generic
test for the endpoint to the generic `test_doc_endpoint`
test.
2022-09-06 14:57:06 -07:00
Lauryn Menard 17974cafbc tests: Move test for non-existent integration to integration doc test.
Moves test for a non-existent integration to the specific test for
integration doc endpoints.
2022-09-06 14:57:06 -07:00
Lauryn Menard 9ad6457f32 tests: Move URL redirect tests for portico landing pages.
Moves three URL redirect tests in `zerver/tests/test_docs.py` to
the unit test for URL redirects in `zerver/tests/test_urls.py`.
2022-09-06 14:57:06 -07:00
Tim Abbott 3826fc8af9 test_events: Fix test failures 10 days after last provision.
In bbf4c25553, we added support for
triggering user group changes when the waiting_period_threshold realm
setting was changed.

The test_events test did not expect this, and thus would fail if the
last provision was between 10 and 20 days ago.

The simplest fix is to just increase those numbers, since computing
whether the database was too old would be more complex than it is
worth for this test.
2022-09-06 11:31:13 -07:00
madrix01 4303ba1efc actions: Create a separate message_delete.py file.
This is preparatory commit for #18941.
Importing `do_delete_message` from `message_edit.py` was causing a
circular import error. In order to avoid that, we create a separate
message_delete.py file which has all the functions related to deleting
messages.
The tests for deleting messages are present in
`zerver/tests/test_message_edit.py`.

Fixes a part of #18941
2022-09-01 14:18:38 -07:00
Hari Prashant Bhimaraju 7268060df3 lidarr: Strengthen types using WildValue. 2022-09-01 14:05:14 -07:00
Hari Prashant Bhimaraju 3f1c2c3f31 mention: Strengthen types using WildValue. 2022-09-01 14:05:14 -07:00
Hari Prashant Bhimaraju f3c7d41316 netlify: Strengthen types using WildValue. 2022-09-01 14:05:14 -07:00
Hari Prashant Bhimaraju 2f5a20a1e7 newrewlic: Strengthen types using WildValue. 2022-09-01 14:05:14 -07:00
Hari Prashant Bhimaraju 35ec9c3fd6 opencollective: Strengthen types using WildValue. 2022-09-01 14:05:14 -07:00
Hari Prashant Bhimaraju c5793d9ad6 opsgenie: Strengthen types using WildValue. 2022-09-01 14:05:14 -07:00
Hari Prashant Bhimaraju 6e2c1768c9 pagerduty: Strengthen types using WildValue. 2022-09-01 14:05:14 -07:00
Hari Prashant Bhimaraju 736e10d9f7 taiga: Strengthen types using WildValue. 2022-09-01 14:05:14 -07:00
Hari Prashant Bhimaraju a5281323fc trello: Strengthen types using WildValue. 2022-09-01 14:05:14 -07:00
Hari Prashant Bhimaraju 6dfcb775b5 pingdom: Strengthen types using WildValue. 2022-09-01 14:05:14 -07:00
Hari Prashant Bhimaraju 7e34484b24 radarr: Strengthen types using WildValue. 2022-09-01 14:05:14 -07:00
Hari Prashant Bhimaraju c8750e5609 raygun: Strengthen types using WildValue. 2022-09-01 14:05:14 -07:00
Hari Prashant Bhimaraju e68be37bb3 reviewboard: Strengthen types using WildValue. 2022-09-01 14:05:14 -07:00
Hari Prashant Bhimaraju d8a467e1e7 semaphore: Strengthen types using WildValue. 2022-09-01 14:05:14 -07:00
Hari Prashant Bhimaraju 2dab5cbd03 solano: Strengthen types using WildValue.
This commit strengthens types by typing the Solano webhook's incoming
payload as WildValue, which eradicates the use of Any within the
incoming webhook integration.

The KeyError exception has been replaced to catch a ValidationError
instead now, since the incoming payload's keys will be tamed before
usage and the non-existence of the key is raised as a
ValidationError in the taming function.
2022-09-01 14:05:14 -07:00
Hari Prashant Bhimaraju 31c7f8266d sonarqube: Strengthen types using WildValue. 2022-09-01 14:05:14 -07:00
Hari Prashant Bhimaraju 146dd68cf2 sonarr: Strengthen types using WildValue. 2022-09-01 14:05:14 -07:00
Hari Prashant Bhimaraju 6a22c626d6 splunk: Strengthen types using WildValue. 2022-09-01 14:05:14 -07:00
Hari Prashant Bhimaraju 0052ad55a6 statuspage: Strengthen types using WildValue. 2022-09-01 14:05:14 -07:00
Hari Prashant Bhimaraju 9b7a91b49c stripe: Strengthen types using WildValue. 2022-09-01 14:05:14 -07:00
Hari Prashant Bhimaraju c5579cf15a teamcity: Strengthen types using WildValue. 2022-09-01 14:05:14 -07:00
Hari Prashant Bhimaraju b46d96af1a thinkst: Strengthen types using WildValue. 2022-09-01 14:05:14 -07:00
Hari Prashant Bhimaraju 6ac9b63def updown: Strengthen types using WildValue. 2022-09-01 14:05:14 -07:00
Hari Prashant Bhimaraju eca9088176 uptimerobot: Strengthen types using WildValue.
This commit strengthens types by typing the webhook's incoming
payload as WildValue and taming the values of the payload before
usage, which eradicates the use of Any within the UptimeRobot
incoming webhook integration.

The payload's values are now tamed, stored in variables and passed
into message templates as opposed to passing in the payload dict as
keyword arguments.

The KeyError exception has been replaced to catch a ValidationError
instead now, since the incoming payload's keys will be tamed before
usage and the non-existence of the key is raised as a
ValidationError in the taming function.
2022-09-01 14:05:07 -07:00
Hari Prashant Bhimaraju e9e1c1d6b1 zapier: Strengthen types using WildValue. 2022-09-01 14:02:01 -07:00
Hari Prashant Bhimaraju 76b49459f8 zabbix: Strengthen types using WildValue.
This commit strengthens types by typing the webhook's incoming
payload as WildValue, which eradicates the use of Any within the
Zabbix incoming webhook integration.

The KeyError exception has been replaced to catch a ValidationError
instead now, since the incoming payload's keys will be tamed before
usage and the non-existence of the key is raised as a
ValidationError in the taming function.
2022-09-01 14:02:01 -07:00
Christopher Chong f1a3cdc4c6 integrations: Add Azure DevOps webhook integration. 2022-09-01 14:01:13 -07:00
Alya Abbott 87a295677e portico: Fix title and description for /attribution. 2022-09-01 11:33:35 -07:00
Lauryn Menard 5a7aa8228a urls: Extend documentation URL redirects system to corporate landing pages.
Extends the URL redirect system used for documentation pages to corporate
landing pages. This makes it easier and consistent for contributors who
work on both areas to create new URL redirects when needed.
2022-08-31 15:01:29 -07:00
Lauryn Menard 878b46e758 urls: Simplify process to add URL redirects for documentation pages.
Creates `zerver.lib.url_redirects.py` to record old and new URLs
for documentation pages that have been renamed/moved and need URL
redirects.

This file is then used by `zproject.urls.py` to redirect links and
by `zerver.test.test_urls.py` to test that all of the old URLs
return a success response with a common page header/text depending
on the type of redirect (help center, policy, or API).

Adds a section to contributor docs on writing documentation for
how to use this redirect system when renaming a help center or api
documentation page.

Fixes #21946. Fixes #17897.
2022-08-31 15:01:29 -07:00
Mateusz Mandera d21a1fe47f middleware: Log 5xx json_errors in JsonErrorHandler.
django.request logs responses with 5xx response codes (our configuration
of the logger prevents it from logging 4xx as well which it normally
does too). However, it does it without the traceback which results in
quite unhelpful log message that look like
"Bad Gateway:/api/v1/users/me/apns_device_token" - particularly
confusing when sent via email to server admins.

The solution here is to do the logging ourselves, using Django's
log_response() (which is meant for this purpose), and including the
traceback. Django tracks (via response._has_been_logged attribute) that
the response has already been logged, and knows to not duplicate that
action. See log_response() in django's codebase for these details.

Fixes #19596.
2022-08-31 14:43:15 -07:00
Mateusz Mandera 10a1596d96 send_analytics_to_remote_server: Log connection errors with traceback.
It seems helpful for this to get logged with the traceback rather than
just the general
"<exception name>  while trying to connect to push notification bouncer."
2022-08-31 14:43:15 -07:00
Khushiyant 8609c441ff images: Move Giphy images into proper subdirectories.
The logo were only used in the integration documentation and belong in
static/images/integrations/giphy/; the in-app image is given its own
directory.

Fixes #22464.
2022-08-30 22:40:59 -07:00
Anders Kaseorg 019c9527c1 test_message_flags: Fix “accessibility” spelling.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-08-30 17:36:21 -07:00
Aman Agrawal 379c6acbea portico: Add page to list open organizations.
Fixes #22020
2022-08-30 16:02:06 -07:00
Aman Agrawal 09572fe09b templates: Provide proper error message if entrypoint is not defined. 2022-08-30 16:02:06 -07:00
Mateusz Mandera 5bcf78e0cb import: Fix timestamp check in long_term_idle_helper.
This is supposed to be 60 days, but timestamps are in seconds.
2022-08-29 15:18:00 -07:00
Mateusz Mandera d350406991 gitter: Make imported Realm start with only GitHub auth enabled.
Users will only be able to login via GitHub, because imported users
get GitHub's generated noreply email addresses - so this should be the
only auth method enabled at first, to avoid confusion.
2022-08-29 11:10:18 -07:00
Mateusz Mandera d5b450c1e0 import: Fix the import of authentication_methods BitField.
The ordering of bits that fix_realm_authentication_bitfield was making
was incorrect, it needs to be reversed.
2022-08-29 11:10:18 -07:00
Zixuan James Li 3df8dd4b38 typing: Broaden parameter type for bulk_regenerate_api_keys.
In zerver.management.commands.logout_all_users,
we pass a values queryset containing the ids into
this function, which is not actually a list. This
broadens the type annotation so that the ValuesQuerySet
is accepted.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-29 11:06:41 -07:00
Mateusz Mandera eed8800573 long_term_idle_helper: Change all_user_ids arg to an Iterator. 2022-08-29 11:03:27 -07:00
Mateusz Mandera 4c7a9816ff gitter: Soft deactivate appropriate imported users.
We want to use the long_term_idle_helper logic for gitter imports just
like we do for slack.
2022-08-29 11:03:27 -07:00
Mateusz Mandera 75f26bb8ff long_term_idle_helper: Take list of user_ids as arg instead of dicts.
Only ["id"] is accessed on the dicts (representing the external tool
users). Given that for some tools the id may be under a different name
etc. due to different user dicts format, it's best to just pass those
ids to the function so that it can stay generalized and not reliant
on a specific user dict format.
2022-08-29 11:03:27 -07:00
Mateusz Mandera 7ac31223e8 gitter: Extract get_user_from_message helper. 2022-08-29 11:03:27 -07:00
Mateusz Mandera c4c270380a slack: Use get_timestamp_from_message helper function where relevant.
get_timestamp_from_message was extracted in the previous commit. We can
deduplicate and the code a bit cleaner by using it where appropriate
instead of message["ts"].
2022-08-29 11:03:27 -07:00
Mateusz Mandera 9e56e71afe long_term_idle_helper: Take timestamp_from_message callable arg.
message["ts"] is slack-specific. For this to be a general util function
it needs to take a callable that will grab a timestamp from the message
dict (which has varying formats depending on what we're importing from).
2022-08-29 11:03:27 -07:00
Mateusz Mandera a86aa13e57 gitter: Extract get_timestamp_from_message function. 2022-08-29 11:03:27 -07:00
Alex Vandiver 1b1faa3907 import_util: Factor out long_term_idle_helper. 2022-08-29 11:03:27 -07:00
Alex Vandiver 842cff5975 gitter: Some users (e.g. from matrix.org) may not have avatar URLs. 2022-08-29 11:03:27 -07:00
Lauryn Menard d5f4a93d6c bots: Refer to notification bot messages as automated notices.
Updates in-app and documentation references to automated messages
sent by the notification bot as automated notices (or automated
messages where more appropriate/clear), instead of notifications.

Also, makes some small related revisions / general clean ups to
`resolve-a-topic.md`.

Fixes #22188.
2022-08-29 10:54:08 -07:00
Zixuan James Li bb9e80d7a2 i18n: Deal with lazy strings more carefully.
This uses a more specific type `_StrPromise` to replace `Promise`
providing typing information for lazy translation strings.

In places where the callee evaluates the `_StrPromise` object in all
cases we simply force the evaluation with `str()`. This includes
`JsonableError` that ends up handled by the error handler middleware,
and `internal_send_stream_message` that depends on `check_stream_topic`,
requiring the `topic` to be evaluated anyway. In other siuations, the
callee is expected to be able to handle `StrPromise` explicitly.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-29 10:52:45 -07:00
Zixuan James Li ab9279aabe models: Fix type annotation with StrPromise.
Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-29 10:52:45 -07:00
Mateusz Mandera f55ec8a026 tests: Replace some testserver.com dummy domains with zulip.example.com. 2022-08-29 10:39:14 -07:00
Mateusz Mandera 3ff0b64281 test_import_export: Use get_output_dir() helper.
That's much briefer and cleaner than repeating the os.path.join
expression and the helper already exists.
2022-08-29 10:39:14 -07:00
Mateusz Mandera ac9e927989 import_realm: Validate emails of users being imported.
Having users with malformed email addresses in our database can lead to
hard to debug issues and we really should try to prevent that.
2022-08-29 10:39:14 -07:00
Mateusz Mandera 43107fcdc3 scim: Upgrade scim2-filter-parser to 0.4.0 to fix case-sensitivity.
userName lookups are supposed to be case-insensitive per the SCIM2 RFC
and this was fixed upstream in
https://github.com/15five/scim2-filter-parser/pull/31
and included in 0.4.0 release.
2022-08-29 10:35:29 -07:00
evykassirer efee77b41f emoji: Add which emoji are supported to the /register call.
Fixes #21037.

This is part of fixing #19371. To bulk-add new emoji regularly,
mobile needs to know which servers support which emoji.
`staticfiles_storage.url` generates a unique URL with a hash
based on the file content, which lets mobile know if it needs
to update its locally stored data.
2022-08-26 17:58:31 -07:00
sahil839 bd1a27491e tests: Rename missed message email tests in test_email_notifications.py.
This commit changes the name of missed message email tests for
personal and huddle messages to be more clear:

- from *_personal_missed_stream_messages to *_missed_personal_messages

- from *_huddle_missed_stream_messages to *_missed_huddle_messages
2022-08-26 11:48:29 -07:00
sahil839 decc8d41fa emails: Add quote prefix ">" in plain text missed message emails.
We add quote prefix ">" to each line of the message in the plain text
missed message emails, which are then rendered as quotes by email
clients. We also move the message content in the next line after sender.

This helps us in clearly showing the message authors in missed message
emails especially in emails with multiple messages and senders.

Fixes #15836.
2022-08-26 11:48:29 -07:00
Alya Abbott ff82c69480 help center: Rewrite Import from Slack documentation. 2022-08-25 15:17:43 -07:00
Adam Sah c6130ce4b1 email_notifications: Complete test coverage for module.
Following the last commit, there was this WELCOME_EMAIL_SENDER code
without an existing automated test.
2022-08-25 13:04:51 -07:00
Adam Sah 637867dad1 settings: Send presence update event toggling presence_enabled.
Fixes #21180.
2022-08-25 12:30:12 -07:00
Tim Abbott c98f9bcb8e email_notifications: Use assert to verify only one recipient.
This ValueError had no test coverage, because the code path wasn't
actually possible with how the caller is constructed.

Rather than writing a highly artificial test for this as proposed in
2022-08-25 12:26:02 -07:00
Zixuan James Li c8d5959689 settings: Make AVATAR_SALT mandatory.
This also allows us to remove some assertions as we now know that
AVATAR_SALT will never be None.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-25 12:13:03 -07:00
Zixuan James Li 059d0e7be8 settings: Make SHARED_SECRET mandatory.
This implements get_mandatory_secret that ensures SHARED_SECRET is
set when we hit zerver.decorator.authenticate_notify. To avoid getting
ZulipSettingsError when setting up the secrets, we set an environment
variable DISABLE_MANDATORY_SECRET_CHECK to skip the check and default
its value to an empty string.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-25 12:13:03 -07:00
Adam Sah b1293a84f8 testing: 100% coverage for zerver/webhooks/{librato,pivotal}. 2022-08-25 12:04:24 -07:00
Anders Kaseorg 4a61e36def CVE-2022-36048: Rewrite only specific local links to relative.
Due to mismatches between the URL parsers in Python and browsers, it
was possible to hoodwink rewrite_local_links_to_relative into
generating links that browsers would interpret as absolute.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-08-24 16:29:09 -07:00
Mateusz Mandera c1c9024af5 email_mirror: Replace disallowed characters in incoming email subject.
These characters are not allowed and trying to create a Zulip message
with those characters throws a JsonableError in check_stream_topic.

We don't want to reject emails with those chars in the subject, so
it's best to just modify it appropriately.
2022-08-22 17:16:20 -07:00
Hari Prashant Bhimaraju fd0b013bcd slack_incoming: Handle optional attachment fields aptly.
This commit checks for null values for keys within "attachment" in
the Slack integration's incoming payloads. These keys were expected
to exist optionally previously, and the existence of null values for
these wasn't anticipated. Due to an issue report for such null
values in the payload, their handling is updated appropriately.

The checks for these values are truthiness checks since the strategy
for these values being null or falsy ("", 0) is the same; we don't
process that key-value pair. This is consistent with how Slack handles
this scenario.

For the case where all the attachment fields have null values, Slack
displays this as an empty block with no content, and therefore our
strategy for this is a no-op.

Tests updated.
2022-08-22 16:40:13 -07:00
Aman Agrawal ef21f9107c urls: Move /hello files to the corporate folder. 2022-08-22 15:53:43 -07:00
Aman Agrawal 21a2fd482e portico: Move to corporate folder.
Since the URLs that use these function are present in corporate/urls,
this file belongs in the corporate folder.
2022-08-22 15:53:43 -07:00
Aman Agrawal 4b6df8a678 home: Only serve landing page at root domain on corporate servers. 2022-08-22 15:53:43 -07:00
Zixuan James Li db92033b23 typing: Tighten type annotations for patch_queue_publish.
Since this decorator is only used for methods of
TestServiceBotEventTriggers, we can type the decorated method's
signature accurately without using ParamSpec.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-22 15:46:16 -07:00
Zixuan James Li 32a77fc0bf test_helpers: Move patch_queue_publish to test_service_bot_system.
This prepares us to tighten the type annotations for this helper.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-22 15:46:16 -07:00
Zixuan James Li 30536caa68 typing: Remove FuncT.
We can express the type of these decorators with Concatenate and ParamSpec
now for tighter type annotations.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-22 15:46:16 -07:00
Zixuan James Li 21fd62427d typing: Remove ViewFuncT.
This removes ViewFuncT and all the associated type casts with ParamSpec
and Concatenate. This provides more accurate type annotation for
decorators at the cost of making the concatenated parameters
positional-only. This change does not intend to introduce any other
behavioral difference. Note that we retype args in process_view as
List[object] because the view functions can not only be called with
arguments of type str.

Note that the first argument of rest_dispatch needs to be made
positional-only because of the presence of **kwargs.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-22 15:46:16 -07:00
Israel Ebonko 1f286ab283 integration: Add wekan integration.
Fixes #13086

Co-authored-by: Ganesh Pawar (ganpa3) <pawarg256@gmail.com>
2022-08-22 15:37:22 -07:00
Zixuan James Li 965ed728e1 type_debug: Remove type_debug.
This module was originally introduced in 2016 to assist adding mypy
annotations to the project. Back then static type checking was not that
established throughout the codebase, so it was helpful to be able to
print out the types for type checking purposes.

This workflow is no longer helpful for improving type annotations right
now, and it has been unused for a while.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-22 13:19:09 -07:00
Julia Bichler 33c790e2fc message_edit: Return a bool in maybe_send_resolve_topic_notifications.
Whether we sent a resolve topic notification or not may be useful in
the caller. It was originally intended to be used in #21712, but may
only be relevant for future logging.

Part of #21712.
2022-08-18 15:39:23 -07:00
Julia Bichler 83254a3d79 message_edit: Check resolve topic notifications earlier.
This will have no real effect in most situations. However, a user
moves a topic to another stream while also adding/removing the
resolved-topic checkmark from the topic name, then the "This topic was
resolved" notificaiton will now appear just before the "This topic was
moved" notification rather than just after.

This is likely slightly less confusing to users, since the topic
having been moved from somewhere else is likely the most salient fact
to a reader.

We expect to change things to not send both notifications in an
upcoming commit.

This refactoring helps with #21712.
2022-08-18 15:39:17 -07:00
Mateusz Mandera 2c693f3bd9 billing: Fix licenses amount check during user signup/invitation.
Our seat count calculation is different for guest user than normal users
(a number of initial guests are free, and additional marginal guests are
worth 1/5 of a seat) - so these checks we apply when a user is being
invited or signing up need to know whether it's a guest or non-guest
being added.
2022-08-18 11:56:54 -07:00
Zixuan James Li 1e8cb0e7b1 decorator: Rename profile to user_profile.
This is more consistent with how we name UserProfile objects.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-17 12:05:38 -07:00
Zixuan James Li de22b72670 rate_limit: Remove rate_limit_ip.
Because rate_limit_request_by_ip is the only caller of it, it is safe
for us to inline RateLimitedIpAddr and remove this helper. This ensures
that we have consistent internals for rate limiting functions, which all
have a should_rate_limit check.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-17 12:05:38 -07:00
Zixuan James Li 730d3ec929 typing: Fix type annotation of assert_(not_)in_success_response.
This allows us to use them with HttpResponse objects returned by
calling a view function directly.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-17 12:05:38 -07:00
Zixuan James Li db3fd6947f test_decorators: Remove errors_disallowed helper.
The said hack was removed in c00aab8ede,
and rate_limit itself has also been removed.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-17 12:05:38 -07:00
Zixuan James Li 26a518267a rate_limit: Replace rate_limit with inlined rate limit checks.
This change incorporate should_rate_limit into rate_limit_user and
rate_limit_request_by_ip. Note a slight behavior change to other callers
to rate_limit_request_by_ip is made as we now check if the client is
eligible to be exempted from rate limiting now, which was previously
only done as a part of zerver.lib.rate_limiter.rate_limit.

Now we mock zerver.lib.rate_limiter.RateLimitedUser instead of
zerver.decorator.rate_limit_user in
zerver.tests.test_decorators.RateLimitTestCase, because rate_limit_user
will always be called but rate limit only happens the should_rate_limit
check passes;

we can continue to mock zerver.lib.rate_limiter.rate_limit_ip, because the
decorated view functions call rate_limit_request_by_ip that calls
rate_limit_ip when the should_rate_limit check passes.

We need to mock zerver.decorator.rate_limit_user for SkipRateLimitingTest
now because rate_limit has been removed. We don't need to mock
RateLimitedUser in this case because we are only verifying that
the skip_rate_limiting flag works.

To ensure coverage in add_logging_data, a new test case is added to use
a web_public_view (which decorates the view function with
add_logging_data) with a new flag to check_rate_limit_public_or_user_views.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-17 12:05:38 -07:00
Zixuan James Li 2aac1dc40a rate_limit: Move rate_limit_remote_server to zilencer.auth.
This allows us to avoid importing from zilencer conditionally in
zerver.lib.rate_limiter, as we make rate limiting self-contained now.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-17 12:05:38 -07:00
Zixuan James Li f158c86ae1 test_decorators: Rework RateLimitTestCase.
- RateLimitTestCase.get_ratelimited_view is replaced by a view
function directly decorated by public_json_view.

- the META dict is initialized with "PATH_INFO": "test" because now the
tests cover the process_client codepath;

- HostRequestMock is initialized with host="zulip.testserver" to pass
the validate_account_and_subdomain check;

- check_rate_limit_public_or_user_views replaces both
test_rate_limiting_happens_in_normal_case and
test_rate_limiting_happens_by_ip_if_unauthed.

Overall, we deduplicate the test cases in this change, and make sure
that they also cover the view function decorators for authentication.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-17 12:05:38 -07:00
Zixuan James Li 0916f9eca2 test_decorators: Extract check_rate_limit_public_or_user_views.
The test setup for some of the test cases are largely similar, so it
would be cleaner to be able to reuse them.

Note that we use "check" in the name of this helper because later we
will extend it to take a flag to set whether rate limiting is expected.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-17 12:05:38 -07:00
Zixuan James Li 29bad25f83 zilencer: Only apply rate limit to remote server.
This refactors the test case alongside, since normal views accessed by
remote server do not get rate limited by remote server anymore.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-17 12:05:38 -07:00
Zixuan James Li 79e86471e7 rate_limit: Extract should_rate_limit from rate_limit.
This allows us to reapply this check for other rate limiting functions.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-17 12:05:38 -07:00
Lauryn Menard 885c3d6593 subscriptions: Send update events for `is_muted` property.
In Zulip 2.1.0, the `is_muted` stream subscription property was
added and replaced the `in_home_view` property. But the server has
still only been sending subscription update events with the
`in_home_view` property.

Updates `do_change_subscription_property` to send a subscription
update event for both `is_muted` and `in_home_view`, so that
clients can fully migrate away from using `in_home_view` allowing
us to eventually remove it completely.
2022-08-16 16:50:51 -07:00