Commit Graph

33285 Commits

Author SHA1 Message Date
clarammdantas cf5d3a3ef3 left sidebar: Fix bot availability status in "private messages".
This changes the availability icon for bot users to user_circle_green;
previously it was accidentally defaulting to user_circle_empty, making
it appear that bots were never available.

Fixes #13149.
2019-09-18 17:40:25 -07:00
Tim Abbott 75d579847e docs: Update changelog through current master. 2019-09-18 17:36:31 -07:00
Tim Abbott 356e68e09e test-backend: Temporarily disable coverage requirement for mattermost.
The mattermost import tool has some temporary coverage regressions.
2019-09-18 12:11:58 -07:00
Vishnu Ks c4af0b7bc4 mattermost: Support importing messages without team name.
Mattermost doesn't place private messages within a particular team,
which is what this is needed for.
2019-09-18 11:57:37 -07:00
Vishnu Ks bf5f531e90 import_util: Support huddles in SubscriberHandler. 2019-09-18 11:53:13 -07:00
Tim Abbott edee1251c8 message_list: Replace buggy rerender_the_whole_thing.
As it turns out, our rerender_the_whole_thing function (used whenever
we were adding messages and discovered that the resulting message list
would be out-of-order) was just broken and scrolled the browser to a
random location.

This caused two user-facing bugs:

* On very fast networks, if two users sent messages at very close to
  the same time, we could end up with out-of-order message deliveries,
  triggering this code path, which was intended to silently correct
  the situation, but failed.

* In some narrows to streams with muted topics in the history but some
  recent traffic, the user's browser-cached history might have some
  gaps that mean the server fetch we do after narrowing discovers the
  history is out-of-order, again triggering the
  rerender_the_whole_thing code path.

The fix is to just remove that function, adding a new option to the
well-tested rerender_preserving_scrolltop (which has explicit logic to
preserve the scroll position) instead.

Fixes #12067.  Likely also fixes #12498.
2019-09-18 11:43:21 -07:00
Tim Abbott 0815a9bd53 docs: Add a link to changelog from section on deploying master. 2019-09-18 11:18:12 -07:00
Rishi Gupta 2646d70cbd emails: Add realm name to footer of missed message emails.
Missed message emails for mentions come from streams and possibly orgs you
don't normally get missed message emails for, so they can be hard to place.
2019-09-17 17:45:59 -07:00
Anders Kaseorg fe7d814e8d team: Move contributors_list into page_params.
This sidesteps tricky escaping issues, and will make it easier to
build a strict Content-Security-Policy.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-17 16:06:33 -07:00
Anders Kaseorg 7494f1600c templates: Move page_params from an inline script to the <body> dataset.
This sidesteps tricky escaping issues, and will make it easier to
build a strict Content-Security-Policy.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-17 16:06:33 -07:00
Anders Kaseorg f1ecd3c18b templates: Defer all script execution.
This allows parsing and resource loading to continue in parallel with
script fetching.  It also means we don’t need to concern ourselves
with explicitly waiting for the DOM to become ready.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-17 16:06:33 -07:00
Anders Kaseorg 9b38bcc2a6 templates: Abstract render_bundle behind a Jinja2 macro.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-17 16:06:33 -07:00
Rohitt Vashishtha 1df5cdc41a typeahead: Align the tip text centered vertically. 2019-09-17 13:09:03 -07:00
Rohitt Vashishtha 3e3deb2f17 typeahead: Move tip text to bottom. 2019-09-17 13:09:03 -07:00
Tim Abbott 68f6f622a7 open source: Add a more complete "why zulip" explanation.
Also contains a lot of edits from Rishi, including to the content
around Zulip's features and what to highlight there.
2019-09-17 12:40:38 -07:00
Tim Abbott 5452c0b4ac open source: Document some recent and upcoming features. 2019-09-17 12:03:20 -07:00
Rishi Gupta 2ebbd9a917 portico: Fix line-height in hero image description. 2019-09-17 12:03:20 -07:00
Alexandra Ciobica 8828ef72fe portico: Add hover styling to `Atlassian migration guide` on /hello.
I changed the element to be  a `p` instead of `div` because the styling
for `a`s inside paragraphs is already there and the element should
anyway be a paragraph.

Fixes part of #12853.
2019-09-17 11:59:22 -07:00
Alexandra Ciobica 5b64a27597 portico: Add hover behavior for app icons on /hello. 2019-09-17 11:55:23 -07:00
Alexandra Ciobica b94ea6553b portico: Fix gradient on /hello. 2019-09-17 11:55:23 -07:00
Alexandra Ciobica 9bb7249c42 portico: Add hover behaviour to `Take the tour` button on /hello. 2019-09-17 11:55:23 -07:00
Anders Kaseorg 366dce5d52 confirm_preregistrationuser: Uninline script.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-16 17:23:20 -07:00
Anders Kaseorg ed63042480 templates: Replace focusing scripts with autofocus attribute.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-16 17:23:20 -07:00
Tim Abbott 6f6c761d80 docs: Further expand documentation on using IDs in narrows.
These docs had a number of typos, and also didn't fully clarify how to
handle lists of integers for `pm-with`.

Also makes some tweaks to the user docs to make this clearer as well.

Fixes #13167.
2019-09-16 17:17:03 -07:00
Tim Abbott 0a426c6a44 settings: Add detailed comments explaining our postgres configuration. 2019-09-16 16:32:57 -07:00
Chris Bobbe 04e6c3bd18 docs/version-control: Set commit message line limit to 70.
https://github.com/zulip/zulip-mobile/pull/3404#issuecomment-477411875

A discussion followed at

https://chat.zulip.org/#narrow/stream/3-backend/topic/commit.20line.20length

and that was agreed on for the commit message body, but noted that a
length of 76 was acceptable for the summary because of the
single-line constraint and the fact that it ends in a period, making
it clear where it ends.
2019-09-16 15:02:02 -07:00
Wyatt Hoodes d2c3ddc765 test_events: Use stdout_suppressed in export test. 2019-09-13 11:54:14 -07:00
Wyatt Hoodes e37c91d195 test_realm_export: Use stdout_suppressed in tests.
From a testing perspective, calling `export_realm_wrapper`
prints unnecessary data to stdout.
2019-09-13 11:54:14 -07:00
Wyatt Hoodes e3595e4b3f test_slack_message_conversion: Use subTest for fixtures test. 2019-09-13 11:54:14 -07:00
Wyatt Hoodes dbaf6ac7e7 test_push_notifications: Remove fixtures print statement. 2019-09-13 11:54:14 -07:00
Wyatt Hoodes 4a64a487d3 bugdown: Remove print statement from fixtures test. 2019-09-13 11:54:14 -07:00
Wyatt Hoodes 698b0f1b91 test_management_commands: Use subTest with help tests.
We remove the print statement, and instead use
subTest to improve debuggability.
2019-09-13 11:54:14 -07:00
Anders Kaseorg 2ec946ad4d postgres-init-db: Require an Enter press in confirmation prompt.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-12 16:04:55 -07:00
Anders Kaseorg 78b018989e export: Refuse to overwrite an existing directory or tarball.
Previously, incorrectly passing an existing directory to the
`manage.py export --output` option would remove its contents without
warning.  Abort instead.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-12 16:04:55 -07:00
Tim Abbott fcf5936341 version: Update version and changelog for Zulip 2.0.5 release. 2019-09-11 16:36:19 -07:00
Anders Kaseorg 780ecb672b CVE-2019-16216: Fix MIME type validation.
* Whitelist a small number of image/ types to be served as
  non-attachments.
* Serve the file using the type that we validated rather than relying
  on an independent guess to match.

This issue can lead to a stored XSS security vulnerability for older
browsers that don't support Content-Security-Policy.

It primarily affects servers using Zulip's local file uploads backend
for servers running Ubuntu 16.04 Xenial or newer; the legacy local
file upload backend for (now EOL) Ubuntu 14.04 Trusty was not affected
and it has limited impact for the S3 upload backend (which uses an
unprivileged S3 bucket domain to serve files).

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-11 15:46:36 -07:00
Mateusz Mandera a1fa0b011e docs: Fix typo in production/email.md. 2019-09-10 16:10:12 -07:00
Anders Kaseorg 6bab61a0d6 styles: Remove overrides for KaTeX line-height and white-space.
Commit ba66dfe977 incorrectly inflated
the specificity level of these rules by moving them inside
.rendered_markdown “entirely for readability”.  KaTeX has its own
rules that work better, so just delete ours.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-10 16:03:20 -07:00
Thomas Ashish Cherian ea17673885 docs: Include su in email docs restart-server command.
It's likely the user was root as this point in the instructions.
2019-09-10 16:00:34 -07:00
Anders Kaseorg 17192ed46b Revert "provision: Give concrete NFS error message on older OSX versions."
This reverts commit 073ecaac66 (#9365).

This exception handler was overly broad in catching all `OSError`s,
and it made debugging harder by hiding the actual exception.
Furthermore, we no longer use NFS (#12963), and we’re now getting
reports of Windows users running into this message.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-09 14:47:51 -07:00
Thomas Ip 574c35c0b8 markdown: Render ordered lists using <ol> markup.
This brings us in line, and also allows us to style these more like
unordered lists, which is visually more appealing.

On the backend, we now use the default list blockprocessor + sane list
extension of python-markdown to get proper list markup; on the
frontend, we mostly return to upstream's code as they have followed
CommonMark on this issue.

Using <ol> here necessarily removes the behaviour of not renumbering
on lists written like 3, 4, 7; hopefully users will be OK with the
change.

Fixes #12822.
2019-09-08 16:42:20 -07:00
Wyatt Hoodes 4a176714e1 actions: Remove leftover print statement. 2019-09-08 15:36:30 -07:00
Tim Abbott 9c21fb75cf requirements: Upgrade twisted to 19.7.0. 2019-09-08 09:42:32 -07:00
Tim Abbott 7e75f987df ldap: Fix logging of warning for deactivated users.
Also cleans up the interface between the management command and the
LDAP backends code to not guess/recompute under what circumstances
what should be logged.

Co-authored-by: mateuszmandera <mateusz.mandera@protonmail.com>
2019-09-08 09:35:23 -07:00
Tim Abbott d1a2784d52 ldap: Fix attempting to sync data for deactivated users.
The order of operations for our LDAP synchronization code wasn't
correct: We would run the code to sync avatars (etc.) even for
deactivated users.

Thanks to niels for the report.

Co-authored-by: mateuszmandera <mateusz.mandera@protonmail.com>
2019-09-08 09:35:23 -07:00
Anders Kaseorg 7af04690b9 requirements: Use PyPI fork of line_profiler supporting Python 3.7.
Also move it to dev.in.

Other notes for posterity: this should have been installed with a
pinned commit hash, and could have been installed directly from the
upstream Git repository, even on Python 3.7, as long as Cython was
installed as well.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-08 09:34:55 -07:00
Tim Abbott 94251a9341 docs: Add a full article on modifying Zulip.
We have lots of documentation for Zulip developers; but previously
didn't have a nice top-level page for Zulip server administrators to
learn how to manage patches to Zulip.
2019-09-06 13:52:56 -07:00
Rishi Gupta 81f06ab375 readme: Remove Travis badge.
Travis hasn't been our primary CI system for a long time, and flakes,
and the badges look duplicate with the CircleCI one, so we should just
remove it.

See discussion at
https://chat.zulip.org/#narrow/stream/101-design/topic/github.20badges.
2019-09-06 13:14:14 -07:00
Rishi Gupta 34dee2d953 readme: Advertise digital ocean droplet and docker install. 2019-09-06 13:14:01 -07:00
Mateusz Mandera 2ce2024bd7 ldap: Fix unintended user deactivation in case of connection failure.
Fixes #13130.

django_auth_ldap doesn't give any other way of detecting that LDAPError
happened other than catching the signal it emits - so we have to
register a receiver. In the receiver we just raise our own Exception
which will properly propagate without being silenced by
django_auth_ldap. This will stop execution before the user gets
deactivated.
2019-09-05 11:59:20 -07:00