Commit Graph

62 Commits

Author SHA1 Message Date
Rishi Gupta c1713c9659 Prevent code from using email domain to determine realm when subdomains.
Also removes the intermediate step of going through Realm.domain in the
non-subdomains case. Part of a larger project to remove Realm.domain
entirely.
2016-11-11 15:26:51 -08:00
Rishi Gupta b114690bd5 forms.HomepageForm: Rename subdomain to string_id.
No change to behavior.
2016-11-09 16:31:48 -08:00
Rishi Gupta 38f1ab325c forms.HomepageForm: No longer take a domain argument.
domain was unused. No change to behavior.
2016-11-09 16:31:48 -08:00
Rishi Gupta ff2fe0cf92 forms.HomepageForm: Improve error messages.
No change to behavior.
2016-11-09 16:31:48 -08:00
Rishi Gupta d1acc54b2f forms.HomepageForm: Stop users from signing up for realms they can't join.
We do this check in accounts_register as well, but might as well tell the
user now not to get their hopes up.
2016-11-09 16:31:48 -08:00
Rishi Gupta 82b60ad29e forms.HomepageForm: Disallow mit mailing lists from open mirroring realms.
I'm guessing the old behavior was unintended, rather than policy.
2016-11-09 16:31:48 -08:00
Rishi Gupta 78dee73511 forms.HomepageForm: Consolidate check for open realm.
Does change/fix behavior in various corner cases when the domain passed in
to HomepageForm and subdomain passed in to HomepageForm correspond to
different realms.
2016-11-09 16:31:48 -08:00
Rishi Gupta 01526677c4 forms.HomepageForm: Use string_id to determine intended signup realm.
If the user comes in to HomepageForm with a set subdomain, use that to
determine the signup realm instead of the email address.

In the non-REALMS_HAVE_SUBDOMAINS case, still allow using the email address
if no subdomain is passed.
2016-11-09 16:31:48 -08:00
Rishi Gupta eddd8fb5fe forms.HomepageForm: Reorder email checks for future edits.
No change to behavior.
2016-11-09 16:31:48 -08:00
Rishi Gupta 60b5b82b57 forms.py: Merge get_valid_realm into caller.
No change to behavior.
2016-11-09 16:31:48 -08:00
Rishi Gupta bab481efc2 forms.py: Refactor MIT mailing list check into a modern style.
No change to behavior. non_mit_mailing_list never returned False, so it was
never possible to reach the line "Otherwise, the user is an MIT mailing
list, and .."
2016-11-07 22:37:55 -08:00
Rishi Gupta 76c99eaf55 forms.py: Change variable names to be more specific.
No change to behavior.
2016-11-07 22:37:55 -08:00
Rishi Gupta 6544c756d6 forms.py: Reorder imports. 2016-11-05 10:37:15 -07:00
Rishi Gupta 5e6d4da8a8 realm creation flow: Prevent disposable email signups.
Check user's email address against a list of 2000 disposable email
domains. Does not affect the create_realm management command.
2016-11-05 10:37:15 -07:00
Rishi Gupta 2033381d24 realm creation flow: Restrict subdomains one can create via the web flow.
Disallow Realm.string_id's like "streams", "about", and several hundred
others. Also restrict string_id's to be at least 3 characters long, and only
use characters in [a-z0-9-].

Does not restrict realms created by the create_realm.py management command.
2016-11-05 10:37:15 -07:00
Rishi Gupta 4a74301a62 models.py: Replace resolve_subdomain_to_realm with get_realm_by_string_id.
No change in functionality.
2016-11-03 13:59:11 -07:00
Tim Abbott dd008ae559 realm creation flow: Allow signups from all emails.
This (1) removes the check on whether the domain of the email matches
the Realm.domain of an existing realm and (2) avoids setting `realm =
get_realm(domain)` in the realm creation flow, which would cause the
wrong code path to be followed in the event that the domain in a
user's email address happens to match a deactivated realm.
2016-11-03 13:58:52 -07:00
Rishi Gupta 9ef8536cc6 models.Realm: Require Realm.string_id to be non-NULL.
Adds a database migration, adds a new string_id argument to the management
realm creation command, and adds a short name field to the web realm
creation form when REALMS_HAVE_SUBDOMAINS is False.
2016-11-02 22:46:34 -07:00
Rishi Gupta 777fcaa6a0 Add new organization type field to Realm objects.
Adds a new field org_type to Realm.  Defaults for restricted_to_domain
and invite_required are now controlled by org_type at time of realm
creation (see zerver.lib.actions.do_create_realm), rather than at the
database level.  Note that the backend defaults are all
org_type=corporate, since that matches the current assumptions in the
codebase, whereas the frontend default is org_type=community, since if
a user isn't sure they probably want community.

Since we will likely in the future enable/disable various
administrative features based on whether an organization is corporate
or community, we discuss those issues in the realm creation form.
Before we actually implement any such features, we'll want to make
sure users understand what type of organization they are a member of.

Choice of org_type (via radio button) has been added to the realm
creation flow and the realm creation management command, and the
open-realm option removed.

The database defaults have not been changed, which allows our testing code
to work unchanged.

[includes some HTML/CSS work by Brock Whittaker to make it look nice]
2016-10-05 17:01:46 -07:00
hackerkid ea39fb2556 Add option for hosting each realm on its own subdomain.
This adds support for running a Zulip production server with each
realm on its own unique subdomain, e.g. https://realm_name.example.com.

This patch includes a ton of important features:
* Configuring the Zulip sesion middleware to issue cookier correctly
  for the subdomains case.
* Throwing an error if the user tries to visit an invalid subdomain.
* Runs a portion of the Casper tests with REALMS_HAVE_SUBDOMAINS
  enabled to test the subdomain signup process.
* Updating our integrations documentation to refer to the current subdomain.
* Enforces that users can only login to the subdomain of their realm
  (but does not restrict the API; that will be tightened in a future commit).

Note that toggling settings.REALMS_HAVE_SUBDOMAINS on a live server is
not supported without manual intervention (the main problem will be
adding "subdomain" values for all the existing realms).

[substantially modified by tabbott as part of merging]
2016-09-27 23:24:14 -07:00
Tim Abbott 7950d3181e zmirror: Fix hardcoding of zulip.com support email address.
We now use support_email == settings.ZULIP_ADMINISTRATOR just like
every other support email address reference.
2016-08-18 18:36:07 -07:00
Tim Abbott f0e495831e forms: Fix check for whether terms of service are enabled. 2016-08-12 11:04:45 -07:00
Rishi Gupta 7910a6e134 Terms of Service: Add ability to update TOS and have users re-sign.
Most directly useful for the migration to zulipchat.com.

Creates a new field in UserProfile to store the tos_version, as well as two
new settings TOS_VERSION and FIRST_TIME_TOS_TEMPLATE. We check for a version
mismatch between what the user has signed and the current
settings.TOS_VERSION whenever the user hits the home page, and redirect them
if needed.

Note that accounts_accept_terms.html and
zerver.views.accounts_accept_terms were unused before this commit
(they date from c327446537)
2016-08-11 23:37:48 -07:00
Tim Abbott ed6c134cf4 Clean up and document clean_email code path. 2016-07-26 20:30:12 -07:00
Tim Abbott c25b077224 settings: Extract settings.SHOW_OSS_ANNOUNCEMENT. 2016-07-19 15:28:41 -07:00
Taranjeet Singh 37ea785b8f zerver/forms.py: Fix line with length greater than 120. 2016-07-18 14:42:39 -07:00
Tim Abbott c25c8d8c98 forms: Wrap some very long lines. 2016-06-25 10:52:03 -07:00
Vishnu Ks ad1c3894d9 Add interface for creating new realms.
This is controlled by settings.OPEN_REALM_CREATION; if that setting is
off, this feature doesn't do anything.
2016-06-17 16:15:28 -07:00
medullaskyline 2855c285b4 Annotate zerver.forms. 2016-06-05 12:02:19 -07:00
Umair Khan 5359e6b0d4 Convert Zulip to use Jinja2 templates.
This results in a substantial performance improvement for all of
Zulip's backend templates.

Changes in templates:
- Change `block.super` to `super()`.
- Remove `load` tag because Jinja2 doesn't support it.
- Use `minified_js()|safe` instead of `{% minified_js %}`.
- Use `compressed_css()|safe` instead of `{% compressed_css %}`.
- `forloop.first` -> `loop.first`.
- Use `{{ csrf_input }}` instead of `{% csrf_token %}`.
- Use `{# ... #}` instead of `{% comment %}`.
- Use `url()` instead of `{% url %}`.
- Use `_()` instead of `{% trans %}` because in Jinja `trans` is a block tag.
- Use `{% trans %}` instead of `{% blocktrans %}`.
- Use `{% raw %}` instead of `{% verbatim %}`.

Changes in tools:
- Check for `trans` block in `check-templates` instead of `blocktrans`

Changes in backend:
- Create custom `render_to_response` function which takes `request` objects
  instead of `RequestContext` object. There are two reasons to do this:
    1. `RequestContext` is not compatible with Jinja2
    2. `RequestContext` in `render_to_response` is deprecated.
- Add Jinja2 related support files in zproject/jinja2 directory. It
  includes a custom backend and a template renderer, compressors for js
  and css and Jinja2 environment handler.
- Enable `slugify` and `pluralize` filters in Jinja2 environment.

Fixes #620.
2016-05-09 09:55:18 -07:00
Tim Abbott 89d9060aab Add logging for failures in password reset form.
This may be useful for monitoring abuse issues.
2016-04-28 14:28:09 -07:00
Tim Abbott a0430c02ce Allow users who haven't set a password to set one.
Previously, if a user had only authenticated via Google auth, they
would be unable to reset their password in order to set one (which is
needed to setup the mobile apps, for example).
2016-04-28 14:27:43 -07:00
Tim Abbott c661bc17fb Fix support for having a unique, open realm.
The previous implementation didn't work because HomepageForm rejected
the email as not having a domain.  Additionally, the logic in
accounts_register didn't work with Google auth because that code path
doesn't pass through accounts_home.  Since whether there's a unique
open realm for the server is effectively a configuration property, we
can fix the bug and make the logic clearer by moving it into the
"figure out the user's realm" function.
2016-01-09 22:52:34 -08:00
Tim Abbott e9243d0f0b Apply Python 3 futurize transform lib2to3.fixes.fix_has_key. 2015-11-01 08:10:01 -08:00
Tim Abbott 8c34c40924 Apply Python 3 futurize transform lib2to3.fixes.fix_except. 2015-11-01 08:08:33 -08:00
Tim Abbott 494797ea0a Fix has_valid_realm logic following get_realm refactor. 2015-10-19 09:59:06 -07:00
Tim Abbott 3e1f4e611c Clarify on zulip.com signup form that we're not taking new teams. 2015-10-19 09:37:24 -07:00
Tim Abbott 71a06d58de Convert uses of Realm.objects.get() to get_realm().
get_realm is better in two key ways:
* It uses memcached to fetch the data from the cache and thus is faster.
* It does a case-insensitive query and thus is more safe.
2015-10-15 09:16:58 -04:00
Tim Abbott bda9d78092 Use settings.ZULIP_ADMINISTRATOR as contact list for deactivated users. 2015-09-29 17:59:47 -07:00
Waseem Daher 6bb9b129f7 Update Zulip support email to zulip-devel@googlegroups.com.
Ideally some of these templates should really point to the
local installation's support email address, but this is a
good start.

Exceptions:
* Where to report security incidents
* MIT Zephyr-related pages
* zulip.com terms and conditions
2015-09-29 17:59:47 -07:00
David Roe edf7e732a2 ENTERPRISE => VOYAGER.
(imported from commit 4f8080b9f506a87ca40bef32e39de5218cba916a)
2015-08-21 10:33:35 -07:00
David Roe 472898cfc6 Allow adding users to realms more easily in Dev VM.
Include new field on Realm to control whether e-mail invitations are required
separately from whether the e-mail domain must match.
Allow control of these fields from admin panel.
Update logic in registration page to use these fields.

(imported from commit edc7f0a4c43b57361d9349e258ad4f217b426f88)
2015-08-19 22:24:53 -07:00
Zev Benjamin 2e1d5ffd1c Make password_auth_enabled() take a realm object
This will actually be used in an upcoming commit.

(imported from commit 5d3db685a245899b2523440398f2ed2f0cfec4f4)
2014-04-04 16:51:32 -07:00
Tim Abbott 4bf3ace444 [manual] Allow signups for emails held by non-MIT mirror dummy accounts.
Before this is deployed to prod, we need to manually frob our database
to set the is_mirror_dummy=True bit for all existing mirror users.

(imported from commit 39f1938cef091cf1d7d97307f76b137fe1d92b6c)
2014-01-10 21:38:59 -05:00
Tim Abbott 2c87cb5101 Fix OurAuthenticationForm return value for invalid accounts.
(imported from commit 10461554bec5d86d2ab768177762f11cd905e0f3)
2014-01-09 11:08:41 -05:00
Jessica McKellar 0e120c9bbf Show users in deactivated realms an error page when they try to log in.
(imported from commit 6de839ae944b8c76715361c2211cd759d78f4f1a)
2014-01-07 20:24:21 -05:00
Tim Abbott 6721c465c9 Add admin API endpoint for creating users.
(imported from commit a8b919c7d21b28dfd75b6b95736a375874ead15f)
2013-12-10 13:21:33 -05:00
Leo Franchi 501f063426 Replace email_to_domain with split_email_to_domain and resolve_email_to_domain
Now that we support email aliases, we have to be careful when going from
an email address to a domain that we assume we can use to get a Realm
object for. When we care about the Realm's domain, we want to follow
any RealmAliases that exist for a certain domain.

When we just care about the original email address domain itself,
for comparison or other purposes, use split_email_from_domain

This removes the ambiguity of having to decide when to use
email_to_domain + RealmAlias or just email_to_domain

(imported from commit 0e199495502d946ce2e1aae56263e7e8665be4ed)
2013-11-26 10:45:01 -05:00
Tim Abbott 4116e06c88 Disable signups for realms that exist as part of enterprise deployments.
(imported from commit 4200b44c7153d1dba674982916ef0470c75bdf6d)
2013-11-15 19:36:17 -05:00
Kevin Mehall 53c76aa657 Move enterprise-registration to zilencer/ from zerver/
(imported from commit d8a58913040376dbdbc9dcee13ab8a7910733da7)
2013-11-15 11:21:52 -05:00