Commit Graph

44480 Commits

Author SHA1 Message Date
Mateusz Mandera c460351898 auth: Add logging of successful attempts to social codepath.
The previous commit introduced logging of attempts for username+password
backends. For completeness, we should log, in the same format,
successful attempts via social auth backends.
2021-09-14 15:39:41 -07:00
Mateusz Mandera a4e77d514b auth: Log details of authentication attempts.
These details are useful to log. This only makes sense for some auth
backends, namely email and ldap backends, because other backends are
"external" in the sense that they happen at some external provider's
server (Google, SAML IdP etc.) so the failure also happens there and we
don't get useful information about what happened.
2021-09-14 15:39:41 -07:00
Mateusz Mandera 5d54cd1041 tests: Use a HttpRequest object in assert_login_failure.
Our convention is to always have authenticate() called with a request
object. We need to be consistent with that in tests too, to avoid test
failures resulting from breaking that assumption.
We modify assert_login_failure to call client.login() in the same way as
the other similar helpers - with a properly initialized HttpRequest
instance.
2021-09-14 15:39:41 -07:00
Tim Abbott e7c62c4190 stream_data: Rephrase descriptions of stream permissons.
The previous phrasing used incorrect terminology (E.g. "stream
members", not "stream subscribers", which is really confusing given
that we have a "member" role which is also relevant in this text).
2021-09-14 11:29:32 -07:00
Aman Agrawal 7c8e19758a stream_data: Add web_public as a stream privacy mode.
Show web_public descriptions for web public streams.

(Temporarily limited to development environments, since this feature
is not available yet).
2021-09-14 11:12:47 -07:00
Aman Agrawal 354491d037 models: Add is_web_public property to Realm model.
This will allow us easily know if a realm has web_public
enabled or not.
2021-09-14 10:33:53 -07:00
Aman Agrawal 5a2a787b76 user_passes_test: Extract zulip_redirect_to_login from it.
This function will be re-used to
setup redirect logic in home view.
2021-09-14 10:33:53 -07:00
Aman Agrawal dff4ab0daf spectators: Add comments and assertions on security model.
These tweaks help make reasoning about the spectators security model
easier to understand.
2021-09-14 10:33:14 -07:00
Mateusz Mandera d1d0e484ea docs: Fix Entity ID values in instructions in saml-authentication.md.
The Entity ID for zulipchat.com is `https://zulipchat.com` currently.
Some of these errors happened in the big zulipchat->zulip rename commit
71078adc50, then it was repeated in
10d356d2de and there was also some
confusion when coming up with the instructions for Keycloack in
10d356d2de. Client-ID value in Keycloack
is the expected Issuer for SAMLRequests and thus needs to match our
Entity ID.
2021-09-14 10:23:32 -07:00
Anders Kaseorg 18891a84c3 Vagrantfile: Move inline provision script to a separate file.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-14 10:22:48 -07:00
Anders Kaseorg 19a7e24f1f Vagrantfile: Remove workarounds for ancient Vagrant bugs.
Vagrant 2.2.6 is the earliest version with the Docker usability test
fix, and is also conveniently the version in the Ubuntu 20.04
repository.  Users with older versions will get a friendly error
message from ‘Vagrant.require_version’ (and can install an updated
Vagrant from upstream).

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-14 10:15:06 -07:00
Sahil Batra cc65ed103c settings: Use correct object in notification settings template.
In commit 40f4316, we changed the code to pass user settings
with settings_object variable, but this change was missed
during rebasing.
2021-09-14 10:13:44 -07:00
Jonny Tran 87cd743f99
settings_overlay: Change privacy icon to a lock.
This avoids duplication with the `fa-user` for the user's profile, and is also just
more intuitive for account/security settings.

Fixes #19737.
2021-09-14 10:13:16 -07:00
Rohitt Vashishtha 9299ad7843 styles: Remove incorrect css block for datepicker input.
This block didn't work consistently across .night-mode and
.color-scheme-automatic classes, and the default style for
this field already works for the day and night themes both.
2021-09-13 17:12:49 -07:00
Rohitt Vashishtha ddcea9c64b postcss: Cleanly import flatpickr dark theme.
We add postcss-import for night_mode.css only. This plugin inlines
the imports of external files, instead of letting the file go via
our usual webpack toolchain.

We do this so that we can use the postcss-prefixwrap plugin to scope
the third-party CSS properly and use it inside our night-mode class.

Fixes #10607.

[anders@zulip.com: Replace postcss-wrap with postcss-prefixwrap.]

Co-authored-by: Anders Kaseorg <anders@zulip.com>
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-13 17:12:49 -07:00
Rohitt Vashishtha 62188e8036 postcss: Convert plugins object to an array.
Since order matters for plugins, its better to use the Array syntax
to pass plugins to the PostCSS instead of Object.

This also allows us to reliably add more plugins programatically if
we so choose.

[anders@zulip.com: Adjust to work with postcss-cli.]

Co-authored-by: Anders Kaseorg <anders@zulip.com>
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-13 17:12:49 -07:00
Anders Kaseorg 9bed17e0ab install-node: Upgrade Node.js from 14.17.5 to 14.17.6.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-13 10:12:43 -07:00
Anders Kaseorg dadacc38a8 dependencies: Upgrade JavaScript dependencies.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-13 10:12:43 -07:00
Anders Kaseorg 04075201a0 dependencies: Upgrade webpack-dev-server to 4.2.0.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-13 10:12:43 -07:00
Anders Kaseorg 2fe1ece3a6 run-dev: Discard Transfer-Encoding header from upstream response.
When the upstream provides a chunked response, proxying this header
causes a protocol-level miscommunication.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-13 10:12:43 -07:00
Anders Kaseorg d840d80ed4 tsconfig: Enable noImplicitOverride.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-13 10:10:34 -07:00
Anders Kaseorg cf6515c774 test-js-with-puppeteer: Remove bogus CHROMIUM_EXECUTABLE variable.
This environment variable is not a thing and has never been a thing,
while the path it purportedly pointed to does not exist and has never
existed.  It appears to have been inexplicably both cargo-culted and
renamed from test-js-with-casper.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-13 10:10:13 -07:00
Sahil Batra 2bbbcf0f15 help: Update notification related help pages as per new UI.
This commit updates the headings used in notification
related pages as per the updated headings after 14e383ad7a,
60112405ba, and 6651842dc.
2021-09-13 10:07:36 -07:00
Sahil Batra 0c11ced0a0 settings: Refactor settings_display.js to use settings_object variable.
This commit changes the settings_display.js code to reference the
user_setings object using settings_object variable. This will help
to easily use the same code for realm-level defaults where instead
of user_settings realm_user_settings_defaults object will be used.
2021-09-13 08:32:31 -07:00
Sahil Batra 40f4316972 settings: Pass user settings using settings_object variable.
Instead of passing user settings directly as user_settings
variable to the settings templates, we pass them using
settings_object variable.

This change is important so that we can use the exisiting
display_settings and notification_settings template for
realm-level default settings by passing realm-level
settings using settings_source variable.
2021-09-13 08:32:31 -07:00
Sahil Batra afeb4b2113 settings: Add condition for time and default language settings UI.
We would have the UI for default language and time settign only for
user settings for now and not for realm-level settings because we
still need to migrate the backend to support the new model and will
be done in further commits.
2021-09-13 08:32:31 -07:00
Sahil Batra cb9109dccf templates: Add condition for showing stream notification settings.
We need to show the stream-specific notification settings only in
user notification settings and not for realm-level default settings.
This commit is a prep commit and adds a condition to make sure that
stream-specific settings are shown only for user-settings.
2021-09-13 08:32:31 -07:00
Jonny Tran e682152e98 lightbox: Fix alignment of x button in image view menu.
Fixes #19711.
2021-09-13 08:31:11 -07:00
Sahil Batra 6651842dc6 settings: Split email notification settings.
This commit splites email notification settings in two
parts - one with heading "Email message notifications"
containing batchning period, message-content and
organization-name settings and the other with heading
"Other emails" containing login, digest and marketing
emails settings.

Fixes #19717.
2021-09-12 16:43:55 -07:00
Sahil Batra 60112405ba settings: Restructure 'Personal settings > Notifications' section.
We remove the 'Other notification settings' heading and increase the
font size of 'Desktop message notifications' and 'Mobile message
notifications' headings as these are now on the same level with
'Notification triggers' heading.

We also add status elements to show saving indicator along the mobile,
desktop and email headings which was previously shown with the
"Other notification settings" heading.
2021-09-12 16:43:55 -07:00
Sahil Batra 14e383ad7a settings: Rename headings in notification settings UI.
This commit renames 'desktop' and 'mobile' headings in
notification settings UI to 'desktop message notifications'
and 'mobile message notifications' respectively.
2021-09-12 16:43:55 -07:00
Riken Shah fbf5c41a56 buddy_list: Show still image for animated emojis.
This commit changes the behavior of how we show
animated emojis in the buddy list. We now show still
image of animated emoji and when hovered show the
animated emoji.

Fixes #19521
2021-09-12 16:24:29 -07:00
Riken Shah 8c31e6f96e emoji: Add backend changes to support still image for animated emojis.
Now, when we add a custom animated emoji to the realm
we also save a still image of it (1st frame of the gif). So
we can avoid showing an animated emoji every time.
2021-09-12 07:13:04 +00:00
Anders Kaseorg 729f70142f populate_db: Fix naive datetime RuntimeWarning.
Fixes these warnings from populate_db:

/srv/zulip-py3-venv/lib/python3.6/site-packages/django/db/models/fields/__init__.py:1419: RuntimeWarning: DateTimeField Draft.last_edit_time received a naive datetime (2021-09-10 23:33:15.063608) while time zone support is active.
  RuntimeWarning)
/srv/zulip-py3-venv/lib/python3.6/site-packages/django/db/models/fields/__init__.py:1419: RuntimeWarning: DateTimeField Draft.last_edit_time received a naive datetime (2021-09-10 23:33:15.065517) while time zone support is active.
  RuntimeWarning)

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-10 17:02:50 -07:00
Tim Abbott e5c1b8e614 confirmation: Avoid fetching time twice creating confirmation link.
This avoids a quirk where the expiry date would be a few microseconds
before the time that would be expected from the creation timestamp.
2021-09-10 16:55:32 -07:00
Mateusz Mandera ad188130ba do_send_confirmation_email: Make invite_expires_in_days optional.
create_confirmation_link has validity time as an optional argument,
because it has reasonable defaults. Thus it's a better API for
do_send_confirmation_email to make this optional as well, allowing
relying on create_confirmation_link's defaults.
2021-09-10 16:53:03 -07:00
Mateusz Mandera bea9205c4a create_confirmation_link: Turn some args into kwargs-only. 2021-09-10 16:53:03 -07:00
Mateusz Mandera 3205f680c1 do_invite_users: Turn some args into kwargs-only. 2021-09-10 16:53:03 -07:00
shanukun 8c1ea78d7d invite: Extend invite api for handling expiration duration.
This extends the invite api endpoints to handle an extra
argument, expiration duration, which states the number of
days before the invitation link expires.

For prereg users, expiration info is attached to event
object to pass it to invite queue processor in order to
create and send confirmation link.
In case of multiuse invites, confirmation links are
created directly inside do_create_multiuse_invite_link(),

For filtering valid user invites, expiration info stored in
Confirmation object is used, which is accessed by a prereg
user using reverse generic relations.

Fixes #16359.
2021-09-10 16:53:03 -07:00
Mateusz Mandera 9caa71c7fd confirmation: Migration to add expiry_date - last step.
With the previous steps, all Confirmation objects should have been
migrated and the expiry_date field is being used for checking
confirmation validity - so all that's left is to set the NOT NULL
constraint on the column.
2021-09-10 16:53:03 -07:00
Mateusz Mandera de5fc7826b confirmation: Use expiry_date to verify validity. 2021-09-10 16:53:03 -07:00
Mateusz Mandera 18ad18c025 confirmation: Migration to add expiry_date step 2 - backfill. 2021-09-10 16:53:02 -07:00
Eeshan Garg 85b1f1bed9 email: Update follow-up day 1 emails to mention demo orgs.
This is a part of #19523.
2021-09-10 16:31:54 -07:00
Eeshan Garg bf9c35ded4 onboarding: Mention demo orgs in Welcome Bot's PMs.
This is a part of #19523.
2021-09-10 16:31:54 -07:00
Eeshan Garg 9c501f3efc navbar_alerts: Add alerts for demo org deadlines.
This commit displays a banner at the top for demo orgs letting the
user know that the org will be automatically deleted in the
specified number of days. The alerts are prioritized as follows:

- If there are <=7 days left till deletion, the alert is prioritized
  above desktop notification queries and is colored red.
- If there are more then 7 days left till deletion, the alert is
  prioritized below desktop notification queries.

This is a part of #19523.
2021-09-10 16:31:54 -07:00
Eeshan Garg 3b1cb0b25a docs: Indicate latest Zulip version in installation and upgrade docs.
With copy-editing from tabbott, and also a migration to use
LATEST_RELEASE_VERSION, which will be correct even on the /latest/
paths.

Fixes #19695.
2021-09-10 14:50:48 -07:00
Sahil Batra 270a082ecb settings: Increase width of message edit and delete limit setting.
This commit increases the width of message edit and delete limit
dropdowns to 325px to make them consistent with most of the other
settings in the page and also such that there is enough space
for all options in German translation.
2021-09-10 14:29:32 -07:00
Sahil Batra 3a036d7532 settings: Fix width of edit_topic_policy dropdown.
We increase the width of edit_topic_policy dropdown
such that there is enough space for all the options
in German translation.
2021-09-10 14:29:32 -07:00
Sahil Batra 1b5b7b8c2b settings: Specify moderators in dropdown options.
We change the label of various organization settings
to specify moderators.

Labels for 'admins only', 'admins and moderators'
and 'nobody' are still same.

The updated labels are -
- 'Admins, moderators and full members'
- 'Admins, moderators and members'
- 'Admins, moderators, members and guests'

These options will be replaced by user groups in
future but this is an intermediate fix.

Fixes #19562.
2021-09-10 14:29:32 -07:00
Abhijeet Prasad Bodas e023c13cdc email notifications: Frontend work for custom batching periods.
This utilizes the API added in 5db4fe8652.

We still need /help/ documentation updates for this feature.

Fixes #15280.
2021-09-10 14:28:33 -07:00