Commit Graph

2188 Commits

Author SHA1 Message Date
Tim Abbott df7466e893 Add test suite for deactivate realms. 2016-05-10 09:50:57 -07:00
Tim Abbott 76814f37a3 decorators: Block access to JSON endpoints for deactivated users.
While in theory users should be unable to get a valid session in order
to access these endpoints in the first place, this provides an extra
layer of hardering to prevent a deactivated user with a session from
accessing data via the old-style JSON API.
2016-05-10 09:50:57 -07:00
Tim Abbott b28b3cd65c CVE-2016-4427: Fix access by deactivated realms/users.
The security model for deactivated users (and users in deactivated
realms) being unable to access the service is intended to work via two
mechanisms:

* All active user sessions are deleted, and all login code paths
  (where a user could get a new session) check whether the user (or
  realm) is inactive before authorizing the request, preventing the
  user from accessing the website and AJAX endpoints.
* All API code paths (which don't require a session) check whether the
  user (and realm) are active.

However, this security model was not implemented correctly.  In
particular, the check for whether a user has an active account in the
login process was done inside the login form's validators, which meant
that authentication mechanisms that did not use the login form
(e.g. Google and REMOTE_USER auth) could succeed in granting a session
even with an inactive account.  The Zulip homepage would still fail to
load because the code for / includes an API call to Tornado authorized
by the user's token that would fail, but this mechanism could allow an
inactive user to access realm data or users to access data in a
deactivated realm.

This fixes the issue by adding explicit checks for inactive users and
inactive realms in all authentication backends (even those that were
already protected by the login form validator).

Mirror dummy users are already inactive, so we can remove the explicit
code around mirror dummy users.

The following commits add a complete set of tests for Zulip's inactive
user and realm security model.
2016-05-10 09:50:48 -07:00
Tim Abbott b31ac1eca9 Fix users in deactivated realms sending webhook messages.
In a deactivated realm, webhooks would still successfully send
messages, since there was no check for whether the realm was active in
api_key_only_webhook_view.
2016-05-10 09:50:48 -07:00
Tim Abbott 9da73b22d3 assert_json_error_contains: Support passing a status code.
Previously this test helper function hardcoded 400.
2016-05-10 09:50:48 -07:00
Tim Abbott 3cde06ea33 Add support for setting HTTP status codes in JsonableError. 2016-05-10 09:50:48 -07:00
Tim Abbott b4ccca300b Add tests for whether API keys appear in initial state data. 2016-05-10 09:50:47 -07:00
Tim Abbott 07fc47f953 CVE-2016-4426: Fix non-admin users having access to all bot API keys.
Long ago, there was work on an experimental integration model where
every user in a realm would have administrative control over all bots,
with the goal of simplifying the process of setting up communally
administered bots for smaller teams.  While that new model was never
fully implemented (and thus never setup as an option), an error in
that original implementation meant that the data on all bots in a
realm, including their API keys, was sent to the browsers of users via
the `realm_bots` variable in `page_params`.  The data wasn't displayed
in the UI for non-admin users, but was available via e.g. the
javascript console.

This commit updates this behavior to only send sensitive bot data like
API keys to the owner of the bot (and realm admins).

We may in the future implement a model simplifying communally
administered integrations, but if we do that, those bots should be
limited in their capabilities (e.g. only able to send webhook
messages).

This bug has been present since Zulip was released as open source.
2016-05-10 09:50:02 -07:00
Tim Abbott b869be9301 style: Use 'not in' consistently rather than `not foo in`. 2016-05-09 17:00:10 -07:00
Tim Abbott 43f167849b queue: Disable RabbitMQ heartbeat in BlockingConnection.
Fixes #741.
2016-05-09 10:23:28 -07:00
Tim Abbott 0c42fc2f8f queue: Refactor Pika credentials code to be a bit cleaner. 2016-05-09 10:23:28 -07:00
Tim Abbott 0161d2fddd Cleanup guardian-based complexity in get_realm_user_dicts.
The old code for this lookup was unnecessarily complicated because we
were working around Guardian, where the `is_realm_admin` check was
extremely expensive.
2016-05-09 10:12:35 -07:00
Tim Abbott 2a2cbd60c3 cache: Fix fragile active_bot_dicts_in_realm caching model.
The issue here is similar to that in the previous commit.
2016-05-09 10:12:35 -07:00
Tim Abbott fbc7e977ac cache: Fix fragile active_user_dicts_in_realm caching model.
Previously we relied on having two matching list of fields for the
get_active_user_dicts_in_realm, one in the actual code and the other
in the caching system.  By unifying these lists to have a single
source, we eliminate a class of caching bugs we might otherwise
regularly introduce.
2016-05-09 10:12:35 -07:00
Tim Abbott f02571202a EventsRegisterTest: display full error diffs. 2016-05-09 10:12:35 -07:00
Umair Khan 5359e6b0d4 Convert Zulip to use Jinja2 templates.
This results in a substantial performance improvement for all of
Zulip's backend templates.

Changes in templates:
- Change `block.super` to `super()`.
- Remove `load` tag because Jinja2 doesn't support it.
- Use `minified_js()|safe` instead of `{% minified_js %}`.
- Use `compressed_css()|safe` instead of `{% compressed_css %}`.
- `forloop.first` -> `loop.first`.
- Use `{{ csrf_input }}` instead of `{% csrf_token %}`.
- Use `{# ... #}` instead of `{% comment %}`.
- Use `url()` instead of `{% url %}`.
- Use `_()` instead of `{% trans %}` because in Jinja `trans` is a block tag.
- Use `{% trans %}` instead of `{% blocktrans %}`.
- Use `{% raw %}` instead of `{% verbatim %}`.

Changes in tools:
- Check for `trans` block in `check-templates` instead of `blocktrans`

Changes in backend:
- Create custom `render_to_response` function which takes `request` objects
  instead of `RequestContext` object. There are two reasons to do this:
    1. `RequestContext` is not compatible with Jinja2
    2. `RequestContext` in `render_to_response` is deprecated.
- Add Jinja2 related support files in zproject/jinja2 directory. It
  includes a custom backend and a template renderer, compressors for js
  and css and Jinja2 environment handler.
- Enable `slugify` and `pluralize` filters in Jinja2 environment.

Fixes #620.
2016-05-09 09:55:18 -07:00
Preston Hansen 635828069f Add feature to mark all in stream/topic as read with mouse.
Fixes #736.
2016-05-08 09:02:46 -07:00
Tim Abbott 6139e8948a travis: User REQ framework for extracting JSON payload. 2016-05-07 11:54:14 -07:00
Tim Abbott 678adc2048 webhooks: Use REQ more consistently in stream name parsing.
To avoid the potential for introducing regressions here, we carefully
pass a default to REQ or not based on how the existing webhook's
parsing code worked.  In the longer term, we'll want to make the
behavior consistent.
2016-05-07 11:54:14 -07:00
Tomasz Kolek c2de38239e Add payload validation to has_request_variables and REQ tasks.
[with tweaks by tabbott]
2016-05-07 11:54:09 -07:00
Tim Abbott c1a680e2a9 rate_limiter: Fix misplaced type annotation and cleanup code.
You don't put type annotations on return values.
2016-05-06 13:38:12 -07:00
Tim Abbott 4219a6779f socket: Initialize client_id to None by default.
This fixes an exception where client_id was never set in an error code
path.  It shouldn't be needed, but I think this makes the code clearer
and this will help in debugging the actual problem.

Related to #753.
2016-05-05 14:49:26 -07:00
Tim Abbott 191201bd10 Fix unnecessary whitespace between % and (. 2016-05-04 14:22:52 -07:00
Tim Abbott 54022ac204 Fix unnecessary whitespace between , and ). 2016-05-04 14:16:53 -07:00
Tim Abbott ae6037668a test_runner: Add debugging tips for missing test modules. 2016-05-03 12:33:47 -07:00
Tim Abbott bab267f332 test_runner: Improve error handling when importing test files.
The error message for a test file that doesn't import properly was
previously pretty difficult to understand and it wasn't clear how to
debug the issue.
2016-05-03 12:17:10 -07:00
rahuldeve 899bfb97ee Add tests for managing uploads in S3. 2016-05-02 22:14:47 -07:00
rahuldeve 01fb6c77a2 Add test for managing files in Local Storage. 2016-05-02 22:14:47 -07:00
rahuldeve dde832b158 Add Attachment model to keep track of uploads.
This commit adds the capability to keep track and remove uploaded
files.  Unclaimed attachments are files that have been uploaded to the
server but are not referred in any messages.  A management command to
remove old unclaimed files after a week is also included.

Tests for getting the file referred in messages are also included.
2016-05-02 22:14:47 -07:00
Tim Abbott 762a3188ee Fix missing whitespace after # in comments. 2016-05-02 22:10:47 -07:00
Tim Abbott d9e4968d6f Increase maximum URL length for RealmEmoji to 1000.
The default of 200 was shorter than the Camo URLs use by Zulip.
2016-05-02 19:02:56 -07:00
Tim Abbott 5bd94c15c7 Use camo to avoid mixed content warnings when displaying emoji. 2016-05-02 17:21:31 -07:00
Tim Abbott 65207477c4 bugdown: Annotate emoji handleMatch function. 2016-05-02 17:01:09 -07:00
Tim Abbott f06c8c7cc2 Update *.readthedocs.org => *.readthedocs.io.
ReadTheDocs has moved their hosting of user project websites to the
new readthedocs.io domain.
2016-04-29 16:00:08 -07:00
Tim Abbott 4644967afc dropbox preview: Remove preview_fail.png error condition.
Since we don't have a stable way to get the Dropbox preview failure
image (and it was sorta a weird setup anyway), it seems best to just
remove the condition.
2016-04-29 15:40:52 -07:00
Tim Abbott 4be3c4afd6 Use mocks so we can re-enable Dropbox integration tests. 2016-04-29 15:27:43 -07:00
Ashish Kumar 31408d639e Type annotation of zerver/lib/cache.py. 2016-04-29 14:43:48 -07:00
Ashish Kumar 48be2e33f8 Delete old route for /json/get_public_streams. 2016-04-29 12:57:57 -07:00
Ashish Kumar b5ab4d45f9 Replace /json/get_public_streams with REST style route. 2016-04-29 12:57:57 -07:00
Tim Abbott af4203b41b Stop using initial password for newly activated users.
Previously we needed to use a specified password when activating a
formerly mirror dummy user, in order for that user to be able to
(re)set their password and login.  Now that we have our own password
reset form, this is no longer required.
2016-04-28 14:28:09 -07:00
Tim Abbott 89d9060aab Add logging for failures in password reset form.
This may be useful for monitoring abuse issues.
2016-04-28 14:28:09 -07:00
Tim Abbott a0430c02ce Allow users who haven't set a password to set one.
Previously, if a user had only authenticated via Google auth, they
would be unable to reset their password in order to set one (which is
needed to setup the mobile apps, for example).
2016-04-28 14:27:43 -07:00
Antek Grzanka 646ea3214a Add Taiga integration. 2016-04-28 13:44:53 -07:00
Tim Abbott 755695d3c0 bugdown: Add type: ignore for fenced_code import.
This is a workaround to allow us to type-check files that depend on
this.  Ideally in the future we'll fix the type errors in
fenced_code.py.
2016-04-28 12:50:47 -07:00
Tim Abbott 7a81524c97 event_queue: Fix import from wrong file. 2016-04-28 12:46:21 -07:00
Tim Abbott 3e5ad69ffc Extract camo encoding to a library. 2016-04-27 22:23:40 -07:00
Tim Abbott aebe7334a4 style: Fix missing :s between dict keys and values. 2016-04-27 22:23:40 -07:00
Tim Abbott 02ab03ec7a MITNameTest: Mock network access from Hesiod lookups.
The purpose of these tests is to check the logic, not that DNS is
working on the relevant machine.
2016-04-27 22:23:40 -07:00
Tim Abbott c9359bd75a test_hooks: Fix missing assert_json_success checks.
Several recently merged webhooks were incorrectly not checking that
the actual webhook result didn't return an error.  While they would
usually still fail in most cases when checking whether the message
came back correctly, this hid the root cause errors and thus made it
much harder to debug.
2016-04-27 13:25:21 -07:00
Tim Abbott e6cfd917a5 Fix settings.RATE_LIMITING=False for webhooks.
We were incorrectly applying the rate limiting rules to webhooks even
if rate limiting was disabled (as in the test suite), causing test
failures when the total number of webhook tests in Zulip got too high.
2016-04-27 13:17:28 -07:00
Vladislav Manchev f5e6176aea Add custom realm emoji UI to administration page. 2016-04-26 13:15:54 -07:00
Tomasz Kolek 12fc4f047c test_helpers: Create get_last_message helper. 2016-04-26 09:54:02 -07:00
Tomasz Kolek 5fbda3a9c1 Add codeship integration. 2016-04-26 09:54:01 -07:00
David Payne 8c62a27769 Add teamcity webhook integration.
This integration relies on the Teamcity "tcWebHooks" plugin which is
available at
https://netwolfuk.wordpress.com/category/teamcity/tcplugins/tcwebhooks/

It posts build fail and success notifications to a stream specified in
the webhook URL.

It uses the name of the build configuration as the topic.

For personal builds, it tries to map the Teamcity username to a Zulip
username, and sends a private message to that person.
2016-04-26 09:45:26 -07:00
Tomasz Kolek c74483e69e github_webhook: change double quotes to single quotes for consistency. 2016-04-21 17:04:25 -07:00
Tomasz Kolek 09e40b27c2 github_webhook: throw an exception on unhandled events types. 2016-04-21 17:03:58 -07:00
Tomasz Kolek fafc9cb742 github_webhook: remove redundant parenthesis. 2016-04-21 17:02:49 -07:00
Tomasz Kolek 43b0cfaebc github_webhook: Use more one-line pythonic assignments. 2016-04-21 17:00:47 -07:00
Tomasz Kolek decb686255 github_webhook: factor out is_test_repository function. 2016-04-21 16:57:19 -07:00
Tomasz Kolek e1079d8475 github_webhook: extract the constants to the top of the file. 2016-04-21 16:56:44 -07:00
Tim Abbott ae047f8551 Fix slightly ugly login page URL of /login?next=/. 2016-04-21 14:59:39 -07:00
Tim Abbott 8a278cbe3a Switch to using a Zulip version of @login_required.
Currently the code is the unmodified Django upstream implementation;
this commit is preparation for modifying it.
2016-04-21 14:59:39 -07:00
Tim Abbott d9dba5d2c2 deactivate_realm: Improve error handling for unknown realm. 2016-04-21 09:02:00 -07:00
Tim Abbott c2237c60c0 deactivate_realm: Fix help string. 2016-04-21 09:02:00 -07:00
Tim Abbott d890011442 Add a script to reactivated deactivated realms. 2016-04-21 09:02:00 -07:00
Tim Abbott 79297898f1 Remove obsolete AppleDeviceToken model. 2016-04-20 21:51:52 -07:00
Tim Abbott 49799440a4 Replace use of django-guardian with fields on UserProfile.
As documented in https://github.com/zulip/zulip/issues/441, Guardian
has quite poor performance, and in fact almost 50% of the time spent
running the Zulip backend test suite on my laptop was inside Guardian.

As part of this migration, we also clean up the old API_SUPER_USERS
variable used to mark EMAIL_GATEWAY_BOT as an API super user; now that
permission is managed entirely via the database.

When rebasing past this commit, developers will need to do a
`manage.py migrate` in order to apply the migration changes before the
server will run again.

We can't yet remove Guardian from INSTALLED_APPS, requirements.txt,
etc. in this release, because otherwise the reverse migration won't
work.

Fixes #441.
2016-04-20 21:51:52 -07:00
Tim Abbott 28d1a3105c models: Add a __repr__ for Client. 2016-04-20 15:26:51 -07:00
Tim Abbott 552caf661a Caching: Fix 'update_fields' not being present in .delete() 2016-04-20 15:12:53 -07:00
Tim Abbott a72385246e Fix missing whitespace after '=' in python/js code. 2016-04-20 11:36:14 -07:00
David Payne ece96ef3fe Jira's "issue created" message should @-notify the assignee. 2016-04-20 10:54:30 -07:00
Tomasz Kolek 82f1cdb085 Add send_webhook_fixture_message command.
This tool simplifies the process of producing nice screenshots for
documenting webhook integrations.

Fixes #658.
2016-04-20 10:45:27 -07:00
Eklavya Sharma c7a93cba22 Add tests for checking image validity in SetAvatarTest. 2016-04-20 12:27:23 +05:30
Eklavya Sharma af7c3de5f5 Add SetAvatarTest to test_upload.py.
Test multiple file uploads for /json/set_avatar.
Test no file upload for /json/set_avatar.
Add test images for SetAvatarTest.
2016-04-20 12:23:22 +05:30
Eklavya Sharma 126273b1e7 Add a test for local file uploads. 2016-04-20 12:00:13 +05:30
Eklavya Sharma 4e18d856e3 Prevent 500 error when user uploads invalid avatar.
When uploaded avatar image is not a valid image file, PIL raises
IOError. Catch the IOError raised by PIL and raise JsonableError.
This will return a response with status code 400.
2016-04-20 12:00:13 +05:30
Eklavya Sharma 2d60a1d0f3 Move upload-related tests to test_upload.py.
Move S3Test, FileUploadTest and SanitizeNameTests from
test_external.py to test_upload.py.
2016-04-19 16:48:30 -07:00
Tim Abbott 78febc3abb Fix missing newlines at end of .txt files. 2016-04-14 14:36:29 -07:00
Tim Abbott 5195d1ecb7 Fix missing newlines at ends of JSON files. 2016-04-14 10:48:52 -07:00
Tim Abbott 1bf11f6b7f Split FileUploadTest out of S3Test.
S3Test is now only the S3-specific test (which isn't even run), so we
can now invest in making FileUploadTest have good coverage of the
(local) file upload code paths.
2016-04-14 10:35:10 -07:00
Tim Abbott 26463bb34d Fix nondeterministic subscriptions for default test users.
Previously, the UserProfile objects were created in the order
generated by a Set, which meant tests would randomly start failing if
the code that runs before this part of populate_db changed (and thus
caused the Set object used to pass users into bulk_create_users to
have a different order when enumerated).

This fixes the issue in two ways -- one by sorting the users inside
bulk_create_users, and second by attaching subscriptions to users
based on a deterministic ordering.
2016-04-13 13:19:02 -07:00
Tim Abbott f6edc21981 Change stream used in test_get_old_messages_with_only_searching_anchor.
This prevents this test from breaking when in a few commits we fix a
nondeterminism issue in the populate_db test fixtures.
2016-04-13 13:19:02 -07:00
Tim Abbott ffccb572f0 Don't autoreload Tornado when running inside test suite.
The restarted Tornado processes seemed to escape the process group and
thus continue running after run-dev.py finished.

While we're at it, we don't need to dump/reload event queues in the
test suite either.
2016-04-13 13:19:01 -07:00
Tim Abbott 47879c5e00 Fix nondeterminism in test_successful_subscriptions_add.
Previously this test would fail if the streams list generated by
populate_db contained more than 2 streams.
2016-04-13 13:18:24 -07:00
Tim Abbott fb55fcef1e Fix missing zerver/tests/__init__.py. 2016-04-11 22:34:22 -07:00
Tim Abbott be96cf809d Move Zulip backend tests to zerver.tests. 2016-04-11 22:16:09 -07:00
Ashish 1bf644369f Delete old route for json/update_active_status. 2016-04-11 21:38:23 -07:00
Ashish 78b9f45bf7 Delete old route for json/update_pointer. 2016-04-11 21:38:23 -07:00
Ashish 9429358795 Delete old route for /json/get_profile. 2016-04-11 21:38:23 -07:00
Ashish 42fe918138 Delete old route for json/get_old_messages. 2016-04-11 21:38:23 -07:00
Ashish cfefc94200 Delete old route for json/set_alert_words. 2016-04-11 21:38:23 -07:00
Ashish c0a218edfc Delete old route for /json/update_message_flags. 2016-04-11 21:38:23 -07:00
Ashish a12006d86f Replace /json/update_active_status with REST style route. 2016-04-11 21:38:23 -07:00
Ashish 6356584f84 Replace /json/update_pointer with REST style route. 2016-04-11 21:38:23 -07:00
Ashish b8ec8f5ef0 Replace /json/get_profile with REST style route. 2016-04-11 21:38:23 -07:00
Ashish cb8da46bbf Replace /json/get_old_messages with REST style route. 2016-04-11 21:38:23 -07:00
Ashish 8fc8717409 Replace json/set_alert_words with REST style route. 2016-04-11 21:38:22 -07:00
Ashish 41993ef2f5 Replace /json/update_message_flags with REST style route. 2016-04-11 21:38:22 -07:00
Ashish dac4e58b91 Changes REST API backend route for /json/change_enter_sends. 2016-04-11 21:11:51 -07:00
Tim Abbott b61d73fc93 Delete unused old StreamColor model. 2016-04-08 13:06:04 -07:00
Ashish 9cfa7d5765 Annotation of zerver/lib/handlers.py. 2016-04-08 11:18:36 -07:00
Ashish 86a8d3d0f5 Annotation of zerver/lib/rate_limiter.py 2016-04-08 11:18:36 -07:00
Ashish 2f8c717e52 List to tuple conversion for consistency in user rules zerver/lib/rate_limiter.py. 2016-04-08 11:18:35 -07:00
Ashish 8abca4f319 Annotation of zerver/lib/migrate.py 2016-04-08 11:18:35 -07:00
Ashish 038af80889 Annotation of zerver/lib/statistics.py 2016-04-08 11:11:58 -07:00
Ashish 2cf8731444 Annotation of zerver/lib/alert_words.py 2016-04-08 11:11:58 -07:00
Anindya Chakravarti f3d03d89b4 Add integration for Yo App.
[includes some small tweaks by tabbott]
2016-04-08 11:02:10 -07:00
Tomasz Kolek 44ed9da7f0 Add pingdom integration. 2016-04-08 10:36:29 -07:00
Varshit 4e1060076d Purge 'from typing import *' from zerver/.
This is a partial implementation of #636.
2016-04-07 14:07:07 -07:00
Eklavya Sharma 5f03c1444e Remove duplicate module zerver/views/webhooks.py.
Also move type annotations from zerver/views/webhooks.py to
appropriate files in zerver/views/webhooks.py.
2016-04-07 12:37:22 +05:30
Tim Abbott 75d134a9b2 Import tornado.autoreload explicitly.
Fixes #623.
2016-04-03 16:52:23 -07:00
Ashish 909b0635c8 Add management command to test sending email.
Fixes: #622.

[With cleanups/doc tweaks by tabbott]
2016-04-03 16:50:16 -07:00
Varshit e0ef1a991e Rewrite sanitize_name to better preserve filenames.
The previous version of sanitize_name dropped all unicode characters
and mangled filenames with multiple `.`s in the extension, leading to
confusing URLs for files uploaded to Zulip.

Fixes #321.

[tweaked significantly by tabbott]
2016-04-03 16:26:12 -07:00
Tim Abbott 4a50336476 Add type: Any for tornado.ioloop.add_timeout return value. 2016-04-03 15:40:24 -07:00
Tim Abbott b6dd6413d0 Add type: ignore for tornado_ioloop_logging Tornado versioning code. 2016-04-03 15:40:24 -07:00
Tim Abbott 53ab18eea0 Add type: ignore for chain.from_iterable. 2016-04-03 15:40:24 -07:00
Tim Abbott 9abd332c07 Add type: ignore for mock.Mock() monkey-patching. 2016-04-03 15:40:24 -07:00
Tim Abbott 0d40473818 Add type: ignore for empty list mypy bug. 2016-04-03 15:40:24 -07:00
Tim Abbott 3a2d5266d8 Add type: ignore for mypy super() bug. 2016-04-03 15:40:24 -07:00
Tim Abbott e3ec3e2526 Add type: ignore for test_helpers monkey-patching. 2016-04-03 15:40:24 -07:00
Tim Abbott 6c999927ac Add type: ignore for csrf_exempt decorator. 2016-04-03 15:40:23 -07:00
Tim Abbott b7dcf2181f Add PEP-484 type annotations to management commands. 2016-04-03 15:40:23 -07:00
Tim Abbott 32f8f85f8b Add PEP-484 type annotations to zerver/*.py. 2016-04-03 15:40:23 -07:00
Tim Abbott ee8be22160 Add PEP-484 type annotations to zerver/worker/. 2016-04-03 15:40:23 -07:00
Tim Abbott ec7bb0b011 Add PEP-484 type annotations to zerver/views/. 2016-04-03 15:40:23 -07:00
Tim Abbott 2059f650ab Add PEP-484 type annotations to zerver/lib/. 2016-04-03 15:40:23 -07:00
Tim Abbott d8f7d89fb4 Add PEP-484 type annotations to zerver/models.py.
Done pair-programming with Guido.
2016-04-03 15:40:06 -07:00
Tim Abbott b99313545e Add PEP-484 type annotations to global dictionaties. 2016-04-03 15:40:06 -07:00
Tim Abbott 77be524dc4 Add PEP-484 type annotations to generator functions. 2016-04-03 15:40:05 -07:00
Tim Abbott 2c88085572 test_decorators: Clean up Request.REQUEST mocking. 2016-04-03 15:40:05 -07:00
Tim Abbott 96eb81e5d5 Add documentation of Zulip's markdown implementation. 2016-04-01 09:56:59 -07:00
Tim Abbott a407f090e1 models: Document some of the more interesting model classes. 2016-04-01 09:34:45 -07:00
Ryan Moore 2fe0700f55 Update memcache -> remote cache in inline documentation. 2016-03-31 12:56:42 -07:00
Ryan Moore beac606ce6 switch output stats memcached -> remote_cache 2016-03-31 12:54:29 -07:00
Ryan Moore 15cc3fde7b s/memcache/remote_cache/ in models 2016-03-31 12:54:29 -07:00
Ryan Moore 1489f0992c s/fill_memcached_cache/fill_remote_cache/g 2016-03-31 12:54:29 -07:00
Ryan Moore 18139fd86f s/memcached_prefix/remote_cache_prefix/g 2016-03-31 12:54:29 -07:00
Ryan Moore 85b05d4e2b s/memcached_output/remote_cache_output/g 2016-03-31 12:54:29 -07:00
Ryan Moore 5346e2ac23 s/memcached_count_delta/remote_cache_count_delta/g 2016-03-31 12:54:29 -07:00
Ryan Moore 1f120aa3a8 s/memcached_total/remote_cache_total/g 2016-03-31 12:54:29 -07:00
Ryan Moore 3c180b43df s/memcached_stats/remote_cache_stats/g 2016-03-31 12:54:28 -07:00
Ryan Moore 1a2117292f s/memcached_requests/remote_cache_requests/g 2016-03-31 12:54:28 -07:00
Ryan Moore 16c936f638 s/memcached_time/remote_cache_time/g 2016-03-31 12:54:28 -07:00
Ryan Moore 9f29b80f8a s/items_for_memcached/items_for_remote_cache/g 2016-03-31 12:54:28 -07:00
Tim Abbott 723d8c288a Add tornado autoreload hook to dump event queues on reload.
It's always been the case that in production, Tornado dumps all the
event queues when shut down so that they can be reloaded by the
replacement Tornado process.  This never worked in development because
the codepath for auto-reload didn't go through either a signal or
sys.exit (it re-execs the process instead).

This meant that we didn't have a mechanism for testing the event queue
dump/load functionality in the development environment.  We fix this
by adding such dumping/loading.  However, this breaks the automatic
reloading of open browser windows on a server restart, so we add that
back in by adjusting the special `restart` events to pass a special
`immediate` flag when used in development.

This also has the benefit of removing the "Bad event queue" errors one
would get on every file save induced restart on the Python console.
2016-03-30 23:09:16 -07:00
Tim Abbott 59e2be2f5f Notify clients when an event queue is garbage collected. 2016-03-30 23:09:14 -07:00
Tim Abbott bf43db0dad Send responses from fetch_events in dict format. 2016-03-30 22:04:09 -07:00
Tim Abbott 485e46f136 Wrap most of fetch_events in a try/except JsonableError.
This is a no-op right now, but we'll want the new structure for the
next commit, and splitting this out makes it a lot easier to read what
is actually changed in the next commit.
2016-03-30 22:02:32 -07:00
Tim Abbott ad1494f8e0 Use dictionaries for passing data into event server subsystem.
This marshalls data in a portable format in preparation for splitting
the event queue server from the Tornado server.
2016-03-30 22:01:08 -07:00
Tim Abbott 6cd14af18f events: Migrate client_type => client_type_name in marshalling code. 2016-03-30 22:00:50 -07:00
Tim Abbott e9637a545f Rename zerver.handlers to zerver.logging_handlers for clarity. 2016-03-30 21:48:38 -07:00
Tim Abbott 06b33da709 process_queue: Fix missing worker.setup() in single-threaded codepath. 2016-03-27 23:17:16 -07:00
Tim Abbott cd2348e9ae Run queue processers multithreaded in development.
This change drops the memory used for Python processes run by Zulip in
development from about 1GB to 300MB on my laptop.

On the front of safety, http://pika.readthedocs.org/en/latest/faq.html
explains "Pika does not have any notion of threading in the code. If
you want to use Pika with threading, make sure you have a Pika
connection per thread, created in that thread. It is not safe to share
one Pika connection across threads.".  Since this code only connects
to rabbitmq inside the individual threads, I believe this should be
safe.

Progress towards #32.
2016-03-20 18:04:24 -07:00
Tim Abbott 06e68d52ce Remove dead AsyncDjangoHandler field. 2016-03-20 16:53:13 -07:00
Tim Abbott 0419430000 Enhance Tornado logging with Handler stats.
This was useful data for debugging handler/memory leaks.
2016-03-20 16:53:13 -07:00
Tim Abbott e51811aa9e Add comment documenting logic flow of fetch_events. 2016-03-20 16:53:13 -07:00
Tim Abbott 7fabfe9cb9 Add __repr__s for ClientDescriptor and AsyncDjangoHandler. 2016-03-20 16:53:13 -07:00
Tim Abbott 0b96e5e43f Fix connection not being closed cleanly on event queue GC.
Apparently, our event queue garbage collection logic never actually
disconnected any existing handler objects.

We fix this by disconnecting the handler inside cleanup(), adding a
special check to avoid creating a pointless timeout object.
2016-03-20 16:53:13 -07:00
Tim Abbott 3f55e26a9f Fix Tornado memory leak with synchronously handled requests.
The new Tornado handler tracking logic properly handled requests that
threw an exception or followed the RespondAsynchronously code path,
but did not properly de-allocated the handler in the syncronous case.

An easy reproducer for this is to load a new Zulip browser window;
that will leak 2 handler objects for the 2 synchronous requests made
from Django to Tornado as part of initial state fetching.
2016-03-20 16:53:13 -07:00
Tim Abbott 12a5a3a6e1 Actually fix main Tornado memory leak of handler objects.
This line appears to have been lost in rebasing from the original
implementation of 1396eb7022faec4c2d91553800a35781a96dd5bd; so the
previous fix actually only addressed the issue in a rare exception
case.
2016-03-20 16:53:12 -07:00
Tim Abbott 320428052a Fix AsyncDjangoHandler view exception code path.
The recent Tornado memory leak fix
(1396eb7022) didn't use the correct
variable name for the current handler ID, causing this cleanup code to
fail in the event that a view raised an exception.
2016-03-19 22:50:35 -07:00
Eklavya Sharma 9e3c3e14f5 Partially apply Python 3 libmodernize.fixes.fix_dict_six.
Refer to #256
2016-03-19 15:52:58 -07:00
Eklavya Sharma 176c507b0a Removed calls to ifilterfalse.
Replaced calls to ifilterfalse by list comprehensions because
ifilterfalse is not part of python 3.  Also changed some lists to sets
for faster lookup.

Refer to #256.
2016-03-19 15:46:31 -07:00
Eklavya Sharma 851b0a871d Fix python 3 decode error in zerver/tests.py.
Refer to #256.
2016-03-19 15:46:18 -07:00
Eklavya Sharma 186efc6a6d Handle unicode properly in camo.
In Bugdown's InlineHttpsProcessor.run, hex_encoded_url was not being
decoded to utf-8. This was causing problems in python 3.

Refer to #256.
2016-03-19 15:46:07 -07:00
Tim Abbott 1396eb7022 Fix Tornado memory leak of handler objects.
In 2ea0daab19, handlers were moved to
being tracked via the handlers_by_id dict, but nothing cleared this
dict, resulting in every handler object being leaked.  Since a Tornado
process uses a different handler object for every request, this
resulted in a significant memory leak.  We fix this by clearing the
handlers_by_id dict in the two code paths that would result in a
Tornado handler being de-allocated: the exception codepath and the
handler disconnect codepath.

Fixes #463.
2016-03-17 18:33:59 -07:00
Tomasz Kolek 3e3a224607 Moved pagerduty webhook into its own file pagerduty.py 2016-03-14 20:44:50 -07:00
Tomasz Kolek 05dce01cee Moved travis webhook into its own file travis.py 2016-03-14 20:44:45 -07:00
Tomasz Kolek f640470fa4 Moved zendesk webhook into its own file zendesk.py 2016-03-14 20:44:42 -07:00
Tomasz Kolek b3e5a256f5 Moved freshdesk webhook into its own file freshdesk.py 2016-03-14 20:44:41 -07:00
Tomasz Kolek 021c66fd9a Moved stash webhook into its own file stash.py 2016-03-14 20:44:41 -07:00
Tomasz Kolek 7a4c9d243f Moved deskdotcom webhook into its own file deskdotcom.py 2016-03-14 20:44:41 -07:00
Tomasz Kolek 087bd72814 Moved bitbucket webhook into its own file bitbucket.py 2016-03-14 20:44:41 -07:00
Tomasz Kolek 93b52f6f8e Moved newrelic webhook into its own file newrelic.py 2016-03-14 20:44:41 -07:00
Tomasz Kolek a2b31da045 Moved pivotal webhook into its own file pivotal.py 2016-03-14 20:44:41 -07:00
Tomasz Kolek 5ade895936 Moved jira webhook into its own file jira.py 2016-03-14 20:44:41 -07:00
Tomasz Kolek a0512244b3 Moved beanstalk webhook into its own file beanstalk.py 2016-03-14 20:44:41 -07:00
Tomasz Kolek 6a3ab0605d Moved github webhook into its own file github.py 2016-03-14 20:44:41 -07:00
Tomasz Kolek 8a0ed47751 moved webhooks to python package 2016-03-14 20:44:41 -07:00
Eklavya Sharma c59185e119 Apply Python 3 futurize transform libfuturize.fixes.fix_print_with_import
Refer #256
2016-03-10 22:02:17 -08:00
Tim Abbott df0d2a726d python3: Add missing utf-8 encoding/decoding in various places. 2016-03-08 09:14:15 -08:00
Tim Abbott a46647a87a python3: Mark certain strings as unicode strings.
This is required in Python 3 since these strings are combined with
other unicode strings.
2016-03-08 09:14:11 -08:00
Tim Abbott cbf9b7605a Add test that all functions defined in urls.py actually exist.
This would have caught the create_user_backend issue introduced recently.
2016-02-07 19:21:53 -08:00
Reid Barton 6c6dc1d81d Allow create user API to create any user in an open realm. 2016-02-07 19:19:19 -08:00
Reid Barton 9735025167 Refactor logic around restricted_to_domain.
Add a function email_allowed_for_realm that checks whether a user with
given email is allowed to join a given realm (either because the email
has the right domain, or because the realm is open), and use it
whenever deciding whether to allow adding a user to a realm.

This commit is not intended to change any behavior, except in one case
where the Zulip realm's domain was not being converted to lowercase.
2016-02-07 10:54:52 -05:00
Reid Barton 0755b51c2e Move create_user_backend into zerver.views.users.
Commit aa33a0da moved users views into their own file, but missed this one.
2016-02-07 10:54:48 -05:00
Reid Barton 4e5f18407d Add comment in create_user_backend about not needing to invite users first. 2016-02-07 10:52:50 -05:00
Tim Abbott 1af7cbfd64 runtornado: Move more imports to the top of the file.
This is needed for adding more specific type annotations but is
otherwise counterproductive since it increases the diff from the
original.
2016-02-03 19:47:14 -08:00
Tim Abbott 2259ce62f8 tornado: Fix AsyncDjangoHandler get() and friends missing args/kwargs. 2016-02-03 19:47:14 -08:00
Tim Abbott 1d008576f2 QueueProcessingWorker: Add stub consume function and queue_name.
QueueProcessingWorker will now throw errors if there's a misconfigured
queue processor.
2016-02-03 19:47:14 -08:00
Tim Abbott 3469fd4bb2 Fix last remaining use of file() -> open(). 2016-02-03 19:31:46 -08:00
Tim Abbott d7b7ae2d0f rundjango: Fix confusing return line in log_message_monkey. 2016-02-03 19:31:45 -08:00
Tim Abbott 05a40f11b3 runtornado: Add explicit return None. 2016-02-03 19:31:45 -08:00
Tim Abbott 37e987e250 Make realm_filters --show's empty list output more consistent. 2016-02-03 19:29:44 -08:00
Tim Abbott 3475a5c1ed Fix test_runner.py fast_test_only return type. 2016-02-03 19:29:44 -08:00
Tim Abbott fcc32b1093 Fix check_redis abuse of setting self.trim global. 2016-02-03 19:29:44 -08:00
Tim Abbott 693b9110df Fix weird import of get_user_profile_by_email from decorator.py. 2016-02-03 19:29:44 -08:00
Tim Abbott 7595e4b05f process_queue: Fix worker variable being accessed before initialization. 2016-02-03 19:29:44 -08:00
Tim Abbott b34768837d storage: Fix type error returning nothing in dry run case. 2016-02-03 19:29:44 -08:00
Tim Abbott 1ee0706511 Fix missing UTF-8 encoding. 2016-02-03 19:29:30 -08:00