Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
15,146 Commits 28 Branches 143 Tags 626 MiB
Commit Graph

1071 Commits

Author SHA1 Message Date
Tim Abbott 84b18f865a users: Verify full names explicitly in account registration. 
I believe this completes the project of ensuring that our recent work
on limiting what characters can appears in users' full names covers
the entire codebase.
 2017-02-07 20:20:32 -08:00
Ritwik Srinivas 74b68f6bbc Adds banned characters in name function 
Disallows you from putting the characters @, *, `, and > and " in
your name. Added test cases similar to the MAX_NAME_LENGTH check

Copied initial code from:
https://github.com/zulip/zulip/pull/2473
 2017-02-07 19:31:14 -08:00
Eklavya Sharma 0badbbf0e2 Type annotate a variable to prevent future errors. 
In zerver.tests.test_decorators.test_check_dict, the variable
'keys' has to be explicitly annotated to pass mypy 0.4.7.
See https://github.com/python/mypy/issues/2777 for more info.
 2017-02-06 22:34:01 -08:00
Steve Howell 6e2189f134 bugdown: Disable link previews when bots send messages. 
We do not use `get_link_embed_data` for messsages sent by
bots, as bots often repeat the same URL over and over again
and are generally either text-focused or have their own
mechanisms to provide preview content.

Fixes #2968.
 2017-02-03 17:08:23 -08:00
Tim Abbott a889346c9f Remove zh_CN old Django name for Chinese. 2017-02-03 14:29:03 -08:00
Tim Abbott fa02dfdff4 mobile: Add an endpoint for checking compatibility. 2017-02-03 09:55:34 -08:00
Steve Howell 5b8cc03c61 bugdown: Restore data-user-email to user mention spans. 
(The commit q7ef4e40258280e202325c9295579c93fb948b replaced
data-user-email with data-user-id, but we still need to
support data-user-email for old clients like non-updated
androids and we still want to start the migration forward
to data-user-id.)
 2017-02-02 12:32:18 -08:00
Steve Howell 5ec4ed0d5c bug fix: Allow renaming streams to different cases. 
Before this change, you could not rename a stream
from "denmark" to "Denmark".
 2017-02-01 14:20:46 -08:00
Tomasz Kolek 11a1f1d72b Add support for old Jira API's version to Jira integration. 2017-01-31 15:17:12 -08:00
Tim Abbott d7dd158197 test_signup: Fix test failures due to emacs backup files. 2017-01-30 11:55:50 -08:00
Tim Abbott 87337e0d1f test_realm_aliases: Edit new realm alias test for subdomains. 2017-01-30 11:55:50 -08:00
Harshit Bansal 9bbe0efd77 realm_aliases: Add a test for adding an alias which is already claimed. 
Fixes: #3514.
 2017-01-30 11:55:50 -08:00
Tim Abbott 1bbf0f9a98 streams: Consider stream name validation logic. 2017-01-29 22:07:14 -08:00
Tim Abbott d14037c82e streams: Fix misplaced import. 2017-01-29 22:07:14 -08:00
Tim Abbott 700089f386 bugdown: Fix need for Internet in test_inline_dropbox_bad. 2017-01-29 22:07:14 -08:00
Tim Abbott 32f778636b streams: Add tests for do_rename_stream error paths. 2017-01-29 20:27:00 -08:00
Tim Abbott 01daa3e91a test_helpers: Move get_subscription out of actions.py. 
It's no longer used by anything other than test code.
 2017-01-29 20:27:00 -08:00
Tim Abbott a3f3f5b7bc remove_default_stream: use access_stream_by_name. 2017-01-29 20:27:00 -08:00
Tim Abbott 19eaa92059 add_default_stream: use access_stream_by_name. 2017-01-29 20:27:00 -08:00
Tim Abbott de3f539f58 do_change_stream_description: Accept a stream as argument. 2017-01-29 20:27:00 -08:00
Tim Abbott 2dc90e8ebd rename_stream: Pass a stream object to do_rename_stream. 2017-01-29 20:27:00 -08:00
Tim Abbott 4ad1fadab0 streams: Create and use do_change_stream_invite_only. 2017-01-29 20:26:59 -08:00
Tim Abbott c74ddb74e9 do_make_stream_private: Accept a stream object, not a name. 2017-01-29 20:26:59 -08:00
Tim Abbott e137787d1a users: Use access_stream_by_name to access streams. 
This simplifies the code somewhat and adds greater consistency of
error messages.
 2017-01-29 20:26:59 -08:00
Tim Abbott bb86bba20d stream_exists_backend: Use access_stream_by_name. 2017-01-29 20:26:59 -08:00
Tim Abbott e57e2ee9f1 get_subscribers_backend: Use access_stream_by_id. 2017-01-29 20:26:59 -08:00
Tim Abbott 0d980b7cef json_get_stream_id: Use access_stream_by_name. 2017-01-29 20:26:59 -08:00
Tim Abbott 6685885741 deactivate_stream_backend: Use access_stream_by_id. 2017-01-29 20:26:58 -08:00
Tim Abbott 826cc80c9e update_stream_backend: Use access_stream_by_id. 2017-01-29 20:26:58 -08:00
Tim Abbott 2cf223470d streams: Eliminate get_subscription_or_die helper function. 2017-01-29 20:26:58 -08:00
Tim Abbott 0af34ee710 streams: Add zerver/lib/streams.py library for security checks. 
The goal of this library is to make it a lot easier to prevent bugs
like CVE-2017-0881 by having all of our views logic for fetching a
stream go through a couple carefully tested code paths.
 2017-01-29 20:26:58 -08:00
Tim Abbott 7ecda1ac8e streams: Fix autosubscribe security bug (CVE-2017-0881). 
A bug in Zulip's implementation of the "stream exists" endpoint meant
that any user of a Zulip server could subscribe to an invite-only
stream without needing to be invited by using the "autosubscribe"
argument.

Thanks to Rafid Aslam for discovering this issue.
 2017-01-29 15:30:59 -08:00
Tim Abbott bd6f71580e docs: Remove obsolete terms-enterprise page. 
This was documentation for the old zulip.com enterprise service that
no longer exists.
 2017-01-28 18:12:19 -08:00
Yago González 7fe090f902 translations: Improve some poorly-worded strings. 2017-01-28 18:04:17 -08:00
Tim Abbott 5d6f42d136 tests: Fix missing type annotation for events list. 2017-01-28 17:51:46 -08:00
Tim Abbott 153418de38 subs: Send create event to new subscribers of invite-only streams. 
This fixes a regression introduced by our migration to track
subscribers for all public streams, where now users who are added to
an invite-only stream were receiving a mark_subscribed event
for a stream their browser didn't know existed, causing an exception.

To fix this, we now send a stream create event to the browser just
before the user receives the notification that it was added to the
invite-only stream.
 2017-01-28 17:12:16 -08:00
Tim Abbott f665980079 test_subs: Add some additional asserts. 2017-01-28 17:11:39 -08:00
avisrivastava254084 762b84710e auth: Redirect users to home from /login if already logged in. 
This makes various links in Zulip work a bit more reasonably for
already-logged-in users.

Fixes #3316.
 2017-01-28 16:10:19 -08:00
Raghav Jajodia c8451097be tests: Replace Stream.objects.get() with get_stream(). 
This should have a slight perf benefit from using caching, and also in
some cases cleans up the code a bit.

Fixes #3284.
 2017-01-27 15:04:13 -08:00
Tim Abbott 0dd5d6cea0 errors: Separate browser error reporting from backend. 2017-01-27 10:27:41 -08:00
Steve Howell 4be2d6577d Add a new community realm to our test databases. 
The realm with string_id of "simple" just has three users
named alice, bob, and cindy for now.  It is useful for testing
scenarios where realms don't have special zulip.com exception
handling.
 2017-01-26 19:25:34 -08:00
Harshit Bansal b4186fdfdd views/realm_aliases.py: Use domain instead of id as handle for RealmAlias. 
We need to make the change for the API, and the next commit introduces a
unique_together constraint on (realm, domain) anyway.
 2017-01-26 17:24:25 -08:00
Harshit Bansal 06cc306d00 Add stricter domain validation and improve error messages. 2017-01-26 17:24:25 -08:00
Tomasz Kolek 7de45951e2 Make webhooks as separate modules with view and tests. 
Create python packege for every webhook with view.py and tests.py
 2017-01-25 23:14:19 -08:00
Harshit Bansal 8c428dc130 Fix `ZulipLDAPAuthBackend` not to rely on user's email domain. 
In case realms have subdomains and the user hasn't been populated
yet in the Django User model, `ZulipLDAPAuthBackend` should not
rely on user's email domain to determine in which realm it should
be created in.

Fixes: #2227.
 2017-01-25 15:24:49 -08:00
Tim Abbott 4e171ce787 lint: Clean up E126 PEP-8 rule. 2017-01-23 22:06:13 -08:00
Tim Abbott d6e38e2a5c lint: Clean up E123 PEP-8 rule. 2017-01-23 21:34:26 -08:00
Tim Abbott 9cc83f87fc lint: Clean up E241 PEP-8 rule. 2017-01-23 21:21:14 -08:00
Tim Abbott d96f392147 lint: Clean up E741 PEP-8 rule. 2017-01-23 21:07:04 -08:00
Tim Abbott e9158dd520 lint: Clean up E121 PEP-8 rule. 2017-01-23 21:02:39 -08:00