The original "quality score" was invented purely for populating
our password-strength progress bar, and isn't expressed in terms
that are particularly meaningful. For configuration and the core
accept/reject logic, it's better to use units that are readily
understood. Switch to those.
I considered using "bits of entropy", defined loosely as the log
of this number, but both the zxcvbn paper and the linked CACM
article (which I recommend!) are written in terms of the number
of guesses. And reading (most of) those two papers made me
less happy about referring to "entropy" in our terminology.
I already knew that notion was a little fuzzy if looked at
too closely, and I gained a better appreciation of how it's
contributed to confusion in discussing password policies and
to adoption of perverse policies that favor "Password1!" over
"derived unusual ravioli raft". So, "guesses" it is.
And although the log is handy for some analysis purposes
(certainly for a graph like those in the zxcvbn paper), it adds
a layer of abstraction, and I think makes it harder to think
clearly about attacks, especially in the online setting. So
just use the actual number, and if someone wants to set a
gigantic value, they will have the pleasure of seeing just
how many digits are involved.
(Thanks to @YJDave for a prototype that the code changes in this
commit are based on.)
This sets the column width of the upload table actions and size
columns to always be 75 so that the buttons are always in the same
line and take up the least amount of space possible with that
constraint.
"Mobile push notifications always" is now indented and a
sub-setting of "Mobile push notifications when offline".
It can be selected only when the outer setting is
selected, otherwise it is greyed out.
Fixes#6570.
Now that we display the name and aliases of the currently focused
emoji at the bottom of the emoji picker, we don't need to display
the title text for emojis separately.
Fixes: #6111.
Emoji showcase refers to the space at the bottom of the emoji
picker we use for showing name as well as aliases of the currently
focused emoji.
Fixes: #6110.
This commit switches to use sprite sheets for rendering emojis
in all the remaining places, i.e., message bodies and composebox
typeahead. This commit also includes some changes to notifications.py
file so that the spans used for rendering emojis can be converted
to corresponding image tags so that we don't break the emoji rendering
in missed message emails since we can't use sprite sheets there.
As part of switching the bugdown system to use sprite sheets, we need
to switch the name_to_codepoint mappings to match the new sprite
sheets. This has the side effect of fixing a bunch of emoji like
numbers and flag emoji in the emoji pickers.
Fixes: #3895.
Fixes: #3972.
This moves the stuff that should not scroll with the table such as the
search box and tips so it is moved out to be above the
`.progressive-table-wrapper` element.
The "View file" option will open the file in a new window if it
is a filetype that can open in the browser and if not, it will just
trigger a download or whatever the browser's settings are.
The popovers for the message down chevron and left sidebar had
strange side padding and non-uniform padding between the top and
bottom. This changes them to all have the same padding as the
nav `#gear_menu`; none on the sides and 5px on the top and bottom.
We were having an anchor tag inside a button which is incorrect HTML.
Chrome and safari handle this case but firefox doesn't and hence the
dropup menu wasn't opening on firefox.
This commit is a bit complicated, because we do full redraws of
the topic list frequently, and we don't want to randomly obliterate
our "No more topics found" message, so we need to keep a bit of
extra state around.
We now use a template to render the "more topics" link.
We also remove an unnecessary conditional and an unnecessary
attribute.
Finally, our unit tests are a bit more granular now.
Change the reaction popover to be based off the container elements
for the various message control icons. This will enable us to easily
control the visibility of the base element when the popover is opened
or closed. Also removes redundant `reactions_hover` class.
Bootstrap's `fixTitle()` function removes the base element's original
title attribute. This commit fixes some weird behaviors by restoring
the original title of the element on which the popover is based off.
This restructures organization settings and permissions to be
more accurately grouped and for the permissions page to not be too
long.
CHANGES:
PROFILE:
(this was split out)
organization-profile-admin.handlebars:
form #1:
name
description
(SUBMIT)
avatar:
(UPLOAD)
(DELETE)
SETTINGS:
organization-settings-admin.handlebars:
language (mostly untouched)
message editing:
time limit/history/retention
message feed:
mandatory-topics
preview images
preview websites
PERMISSIONS:
organization-permissions-admin.handlebars
(mostly stuff was removed)
Joining:
restrict domains
require invite
User Identity:
name changes
email changes
Streams/Emoji:
creating streams:
waiting period (ADDED)
adding emojis
(SUBMIT) for whole panel
The profile group (name, description, avatar) were split into a new
page that did not previously exist, and the permissions was stripped
of message settings (message editing, message feed), but keeping the
"waiting period" input and putting it in the "Streams & custom emoji"
section.
Fixes: #5844.
This is hacky, but I can't figure out another way to do it that
doesn't cause other problems.
Ideally, we'd add some sort of exclude rule to our HTML template
linter so we can check the rest of the file.
This refactor will facilitate making it possible to set CSS properties
on this controls span; in particular, we're hoping to disable user
selection of the whitespace in this region.
The main side effect of this refactor is that we need to add JS code
to also hide the icon-vector-pencil element, since it's now in a new
span.
The bot API key when selected in the "Your bots" panel would have
some whitespace due to the fact that the HTML markup would make
some space between the span and button.
Fixes: #6189.
This fixes a confusing bug where administrators would be offered the
convenient topic-edit pencil even if message editing was actually
disabled.
This doesn't yet fix the real-time sync issues of changing the setting
without reloading.
Fixes#5946.
This refactors and fixes unicode issues where entities don't display
properly due to being a special character that seems to be rendered
incorrectly in a non-deterministic way every time.
interface_type select menu will be used to choose the interface
for outgoing webhooks. It will be displayed only when the selected
bot type is OUTGOING WEBHOOK type. The default value is GENERIC
interface type (1).
It's hinted in the registation process, and as long as one person in the
realm does it, everyone else will know. The tooltip also draws too much
visual attention.
In case the user was not allowed to upload an emoji, we were displaying
two different but sematically same tips. This commit merges them and
also updates `update_custom_emoji_ui()` function in settings_emoji.js
to live update tooltip.
Our code to edit messages that were echoed locally but failed
by the server was broken. We just disable it for now.
We have opened #5841 to try to restore this functionality.
Because of local echo, message ids can change in message rows.
Having reactions use markup to indicate their message id just
creates more moving parts, since we would need to handle
message_id_changed events.
Now our handlers just call row.get_message_id() as needed.
Currently when hovering over the external link icon generated when a topic contains a
realm filter, an underline appears. This commit removes that underline.
This either removes aria-hidden=true assignments from buttons with
text, or adds a span to only hide the 'x' symbol rather than the
button for closing buttons.
This makes the avatar portion more responsive and efficient on many
screen settings and also fixes some of the design incongruences present
on the page.
This new setting controls whether or not users are allowed to see the
edit history in a Zulip organization. It controls access through 2
key mechanisms:
* For long-ago edited messages, get_messages removes the edit history
content from messages it sends to clients.
* For newly edited messages, clients are responsible for checking the
setting and not saving the edit history data. Since the webapp was
the only client displaying it before this change, this just required
some changes in message_events.js.
Significantly modified by tabbott to fix some logic bugs and add a
test.
Add a line of text stating that there are no active or inactive bots.
This is for better understanding of the user, as blank screen that
used to appear in case of no bots being present might seem broken
to some.
Tweaked by tabbott to improve the English.
Prior to this, when the setting for controlling whether can admins only
upload an emoji was set to true, we were not displaying upload emoji form
even for admins and as a result they were locked out.
This is to make viewing bots easy from user's perspective. As the
most used tab in "Active bots", "Inactive bots" and "Add a new bot"
would be the first one.
Our current workflow for creating a new stream allows the user to
invite as many other users as they like but since there can be
mistakes in doing so, we now open a modal with a warning if the
number of invites are more than 100 just to confirm that user indeed
wanted to do this.
Fixes: #1663.
"Add a new bot" UI used to be common in "Active bots" and
"Inactive bots". "Add a new bot" UI was below the list of all
active/inactive bots.
If there were more than a few bots was more than four, then the user
had to scroll down the entire list of bots to "Add a new bot", which
was annoying. This new model makes the UI look cleaner as well.
Flaskbotrc is a file containing config of all active
outgoing webhook bots. It is used to provide configuration
of all active outgoing webhook bots to zulip-bot-server.
Added a dropdown in the organization settings page with a search-box and
required styles. Also added an element to disable it. Added a method to
populate the dropdown using list_rendering.js. Also altered response to
the event of deletion of the notifications stream on the frontend. On
selection of a new stream or on clicking 'Disable', a patch request is
made with stream-id to /json/realm.
Fixes: #3708.
This removes the old base button style which was a blue button and
kills the unnecessary .white class which was essentially just acting as
the new button base.
This then removes all references throughout the settings/subscriptions
pages to those button styles.
This also fixes the strange button styles that changed the :hover and
:active opacity to 0.05 which led to unpredictable results on various
backgrounds.
Add 'Type of bot' option for bots by adding dropdown option in
settings->"Your bots". For now, this allows creating incoming webhook
bots in addition to default bots.
This will enable users to add a bot as an incoming webhook
(in addition to add full-featured bots).
With various minor tweaks and cleanups by tabbott.
Fixes#2186.
This makes it possible for Zulip administrators to delete messages.
This is primarily intended for use in deleting early test messages,
but it can solve other problems as well.
Later we'll want to play with the permissions model for this, but for
now, the goal is just to integrate the feature.
Note that it saves the deleted messages for some time using the same
approach as Zulip's message retention policy feature.
Fixes#135.
If a realm is configured to allow any user to upload a realm emoji
then that user should also be allowed to delete the emoji in case
he feels it doesn't look good or if he uploaded a wrong emoji file.
This commit tweaks the realm emoji settings UI to allow an user who
uploaded an emoji to delete it.
Fixes: #4761.
Create property_types object for realm settings. In set_up function,
iterate over property_types to find settings that were updated, send those
new values to the server, and report that the changes were made.
These ID elements in the message edit forms were never used, and were
they used, would have been broken anyway. We fix this by just
removing them.
Fixes#4913.
Previously, the way the organization description textarea was
generated, there'd be a newline and ~12 spaces added each time on
reloaded the page and hit "save changes".
This change makes it so that the organization description only changes
when the user actually changes it.
This cleans up the styling of the organization and the user settings
components to be more responsive and have more consistent styling with
the rest of the overlays.
We used to render the subscriptions_settings template for every
stream when you loaded "Manage Streams," which can be very slow
for a big realm. Now we only render the right pane on demand.
- Add file_name field to `RealmEmoji` model and migration.
- Add emoji upload supporting to Upload backends.
- Add uploaded file processing to emoji views.
- Use emoji source url as based for display url.
- Change emoji form for image uploading.
- Fix back-end tests.
- Fix front-end tests.
- Add tests for emoji uploading.
Fixes#1134
This removes the old compose emoji picker in its entirety, changing
the few callbacks needed to launch the reactions-style emoji picker
instead and hook it up properly.
Callbacks for reactions and composing messages are distinguished by
selecting for, respectively, the .reaction and .composition classes.
Fixes#4122.
We are doing this refactor for the sake of keeping our template
consistent with the indentation policy and maintaining its
readability at the same time.
Fixes bugs of when multiple messages are being edited simultaneously.
Specifically, typeahead is no longer broken, copying messages to clipboard
is less buggy, and resizing is no longer
broken when multiple messages are being edited.
Note that this code is disabled until the infrastructure for the
feature can be finished.
Tweaked by tabbott to use slightly cleaner names for the various sets.
This fixes the /me elements to be display inline-block and inline
rather than display block with top and left properties.
This also fixes an unrelated issue with emoji reactions not being
able to be clicked on with /me messages.
Fixes: #4218.
This changes the layout of "organization settings" for
non-administrators such that they can view "Filter settings".
("Actions" column and form to add a new filter are not available).
Fixes: #3636
This changes the layout of "organization settings" for
non-administrators such that they can view "Default streams" ("Actions"
and the form to add new default stream is not visible).
The "Copy" button will only be shown for "View Source"
or "Topic editing only". Also replaced "Copy to clipboard"
with "Copy and close" to make autoclose less surprising.
Fixes#4238.
This better sets expectatations for the fact that in Zulip, the
Organization settings UI is available read-only to non-administrator
users.
Tweaked by tabbott to update some additional references.
We had never-enabled code to allow users to set default
streams for their bots (for event registration, default sending, etc.).
This commit removes the code.
* Change the classes and ids of different widgets and modals
and make suitable changes in `admin.js`.
* Remove any other occurrences of `alias` or `realm_alias`
from admin.js.
* 'd' in message view opens drafts.
This also adds hotkeys within the drafts UI:
* Up/down arrow keys navigate the drafts.
* Pressing enter edits the selected draft.
* Pressing backspace deletes the selected draft.
Some variable names tweaked by tabbott.
- Add message retention period field to organization settings form.
- Add css for retention period field.
- Add convertor to not negative int or to None.
- Add retention period setting processing to back-end.
- Fix tests.
Modified by tabbott to hide the setting, since it doesn't work yet.
The goal of merging this setting code now is to avoid unnecessary
merge conflicts in the future.
Part of #106.
This fixes two bugs:
* If a user is not subscribed to a default stream, he or she would not
be have the option to invite users to that default stream.
* The initial streams checked in the invite modal were the
non-invite-only streams the user was subscribed to, not their
default streams.
Fixes: #4209.
If a url is present in stream description, it will be
rendered as a clickable link under /streams page.
Tweaked by tabbott to use the separate rendered_description element to
avoid duplicate rendering and to live-update.
Fixes#1435.
Instead of passing in a hash to template whose keys are a
mixture of records and strings, we now pass in an
array of records. This also removes a spurious if condition
in the template that was a result of the janky data structure.
This adds an organization description field to the Realm model, as well as
an input field to the organization settings template. Added three tests.
Set the max length of the field to 100 characters.
Fixes#3962.
This also fixes the error associated with view on toggle deactivation.
Now, on deactivating a bot, the bot-name and bot-email should strike-out.
And on reactivating a bot, the bot-name and bot-email should remove strike-out.
Toggle edit button on bot activation/deactivation.
Fixes#3413.
Send typing notification events when user types in the compose box.
Listen for these events and display a notification.
Sending notifications: Notifications are throttled, so that start
notifications are sent every 10 seconds of active typing, and stop
notifications are sent 5 seconds after active typing stops or when the
compose box is closed.
Displaying notifications:
When a typing notification is received, if the current narrow is private
messages or is: pm-with and the user is not the sender,
"Othello is typing..." is displayed underneath the last message. This notification is
removed after 15 seconds. If another notification is received during this period, the
expiration is extended. When a stop notification is received the notification is removed.
Internally, a list of users currently typing is maintained for each
conversation (in a dict). When an event is received the list (for the appropriate
conversation) is updated and the notifications template is re-rendered
based on the narrow information. This template is also re-rendered when
the narrow changes.
Significantly modified by tabbott for clarity.
Fixes#150.
Previously, the code to hide "Change email" button on page load when
email changes are disabled was present in settings.js using jquery to
hide the button. Now, the show/hide is handled in the account-settings handlebars.
Using this UI, a user can now reactivate the bots owned by him.
Until now if a bot was deactivated, there was no way to use the
old bot's original email address. But now they can be reactivated
and their email can be reused.
Fixes: #1183.
This adds a button to #subsciption page called "View Stream"
that narrows the user to that particular stream.
This fix involves typical changes to JS/CSS to add new features,
and we also add a "preview_url" field to the sub object in
stream_data.js.
Fixes#3878
Change applies to both subdomains and non-subdomains case, though we use
just the EXTERNAL_HOST in the non-subdomains case if there is only 1 realm.
Fixes#3903.
This refactors the .message_controls to stop relying on absolute
positioning and strange CSS, and throws them inline.
This also restyles so they hang to the right of the time which is now
always present.
Fixes: #3761.
This currently only supports this in emoji reactions, not in actual
emoji in message bodies, but it's a great start for people who want a
text-only view.
Tweaked to update the text by tabbott.
Fixes#3169.
This restyles the subscriber list in the subscription settings panel to
have a more padded and lighter aesthetic and replaces the dark red
buttons with transparent buttons that have only red borders and inner
text.
Add neccesary UI in #administration and #settings for
changing the bot owner. The bot owner select control
is rendered dynamically in order to avoid performance
issues in case of large number of users.
Fixes: #2719.
Change the remaining "Admin settings" with a button, namely
changing a stream's privacy, to instead be a "[Change]" link
opening a confirmation modal.
Fixes: #3493.
Brock Whittaker
Garvit
Greg Price
Vishnu Ks
Anupam-dagar
Ali Rizwi
Harshit Bansal
Steve Howell
Cynthia Lin
Sarah
Rishi Gupta
Tim Abbott
Vaida Plankyte
Yago González
franziskagoltz
Jack Zhang
vaibhav
Steve Howell
Durga Akhil Mundroy
Abhijeet Kaur
Vishnu Ks
Vaida Plankyte
Umair Khan
Aditya Bansal
K.Kanakhin
digi0ps
Mahim Goyal
Jack Zhang
fionabunny
Cory Lynch
Joshua Pan
Raghav Jajodia
derAnfaenger
Jonathan Pan
James Wang
Ayush Jain
Arpith Siromoney
Amala Deshmukh
zerocod3r
Kanak Garg
Saurav Pratihar
Rafid Aslam
Sourav Badami
Pranjay Patil
Brock Whittaker
Aman Khantaal