Commit Graph

1488 Commits

Author SHA1 Message Date
Cynthia Lin 7cbc9f40bf compose: Change styling of upload progress bar.
Related to #9095.
2018-04-16 09:46:35 -07:00
Tarun Kumar 0b62410f5e pm_pill: Achieve 100% node-test coverage for compose_pm_pill.js. 2018-04-13 11:59:57 -07:00
Tarun Kumar 51601fab44 muting: Achieve 100% node-test coverage for settings_muting.js. 2018-04-13 11:59:57 -07:00
Rohitt Vashishtha 7a4788b364 node-tests: Add basic tests for notifications API.
This commit exposes some inner variables of notifications.js to make
them easily testable. The first test added simply checks whether the
showing and closing of notifications works properly, and doesn't yet
verify the main code logic of the notification generation.
2018-04-13 09:13:50 -07:00
Rohitt Vashishtha 703351288a zjquery: Add replaceWith() and selector.location. 2018-04-13 09:13:50 -07:00
Rohitt Vashishtha 2e7f215f44 zjquery: Add option to silently ignore find() errors. 2018-04-13 09:13:50 -07:00
Steve Howell f56b4b7ec2 zjquery: Simplify validation for $(...).
We flatten the code a bit by removing a check that type is object,
and we replace it later with a check that type is string.

We also no longer allow document-like objects to be wrapped based
on the location-attribute-is-present hack.  Instead, we want the
tests to just set document to 'document-stub'.
2018-04-12 11:37:01 -07:00
Steve Howell 368b37e198 zjquery: Add a selector attribute to our wrapped elements.
We might as well have this for debugging purposes and to simplify
the code that happens when we double-wrap DOM elements.
2018-04-12 11:37:01 -07:00
Steve Howell f78947f2ba zjquery: Fix minor typo in comments.
This typo came from s/impl/self/ at some point :)
2018-04-12 11:37:01 -07:00
Steve Howell 174d065b2e zjquery: Add to_$ hook so elements can wrap themselves. 2018-04-12 11:37:01 -07:00
Steve Howell f505f3de04 zjquery: Support $.fn.foo mechanism.
We can now extend zjquery using the $.fn mechanism.  This isn't
necessarily recommended for test code (since you can just stub
individual objects directly), but some of our real code does this.
2018-04-12 11:37:00 -07:00
Steve Howell f5e0794d5c zjsquery: Give special treatment to "body" tag.
We don't do things like $('table') much in our code, but $('body')
is in the code.
2018-04-12 11:37:00 -07:00
Steve Howell 3971fae05d node tests: Fix some leaks with $(...). 2018-04-12 11:37:00 -07:00
Steve Howell 205bcb8ef9 Fix recently broken reactions tests with s/html/text/.
In the real code, as part of a quick security patch, we started
using text() to set values instead of html().  The tests now
reflect this.
2018-04-12 11:29:08 -07:00
Tim Abbott 65b9d9e0f3 CVE-2018-9990: Fix XSS issue with stream names in topic typeahead.
Zulip's search typeahead had a security bug, where when autocompleting
a specially crafted stream name, and then hitting space, code within
the stream name would be executed.

Zulip was doing HTML escaping correctly in the main code path using
Filter.describe to describe a narrow, but the escaping function was
not called in a few parallel code paths.  We fix this in a way that
should protect all of these code paths, by making Filter.describe
return properly escaped HTML, rather than depending on its callers to
do so.

Thanks to w2w for reporting this issue.
2018-04-12 09:46:54 -07:00
Rohitt Vashishtha 3bdc8bbaa5 CVE-2018-9986: Fix XSS issues with frontend markdown processor.
This fixes a set of XSS issues with Zulip's frontend markdown
processor, which is used in a limited set of contexts, such as local
echo of messages and the drafts feature.

The implementation of several syntax elements, including the <em>
syntax, user and stream mentions, and some others failed to properly
escape the content inside the syntax.

Fix this, and add tests for each corrected code path.

Thanks to w2w for reporting this issue.
2018-04-12 09:46:37 -07:00
YJDave 92a04b31a0 custom fields: Clean custom fields to use existing defined function. 2018-04-12 09:40:09 -07:00
Marco Burstein c36a658fee uploads: Fix the upload progress bar.
There was already a progress bar set up, but it became non-functional
after refactoring.  This fixes it.

The default animation was getting cut off when `uploadFinished` is
called, so we add a delay before removing the upload bar to make it
get to the end.

Tweaked by tabbott to have a more natural feeling animation setup
(where we don't animate the width adjustments; just the disappearance
of the bar).

Fixes #8863.
2018-04-09 22:53:06 -07:00
Tim Abbott a4def8d409 copy_and_paste: Re-disable copy-paste handler in production.
This reverts commit 6e048c5d3f.

See #8963 for the main issue we need to fix before re-enabling this;
basically, some combination of toMarkdown and the way text/html gets
written was introducing a lot of bonus/bogus whitespace, both in the
form of newlines and spaces converted to `&nbsp;`.
2018-04-09 22:10:28 -07:00
Shubham Dhama b650b6b38c markdown: Add @stream as an alias for @all.
Fixes: #8930.
2018-04-09 16:35:14 -07:00
Marco Burstein 7c66d11781 compose: Show avatars for people in typeahead autocompletes.
`@everone` and `@all` will have a megaphone icon from FontAwesome in
place of the avatar.

Also, fix the `composebox_typeahead` tests to account for the images.

Fix #6635.
2018-04-09 15:47:11 -07:00
Priyank ee078c372f install-node: Upgrade node, yarn, and nvm.
node -> v8.9.4
yarn -> 1.5.1
nvm -> 0.33.8

Also updates a test in timerender.js which depends on time
provided by node which is now changed in newer release.

Some changes have been made in circeci script, we just create ~/.config
directory and chown it to circleci user so installing new version of yarn
does not cause any ci failure on circleci during provision.
2018-04-09 13:56:48 -07:00
Tim Abbott dfac0302fc people: Extract small_avatar_url_for_person.
This is intended to be used in places like compose typeahead to
display users' avatars.
2018-04-09 12:12:44 -07:00
YJDave 24f51739eb subscription: Add real time sync for user-just-deactivated case.
Currently, stream subscriptions aren't getting updated without
hard reload when user is deactivated in realm.

Fix this issue by updating stream subscription widgets on user
deactivation event.

Fixes #5623
2018-04-08 16:54:12 -07:00
YJDave 386c56b466 stream_data.js: Replace user_email with user_id in func is_user_subscribed. 2018-04-08 16:54:12 -07:00
Balaji2198 c63d1c9205 node tests: Cover compose_not_subscribed in compose.js.
This commit covers the node tests to close(X) button and
subscribe button click handlers in compose.js.
2018-04-07 20:23:21 -07:00
YJDave f15ddc93e0 create stream: Fix stream email not rendering on stream creation.
Fixes #8817
2018-04-07 20:10:45 -07:00
Armaan Ahluwalia 58d07fabef settings: Change save and discard button look and feel.
This commit changes the way the save and discard buttons on the
organization profile, settings and permissions tabs look and fades
them out after a delay. It also cleans up the code a bit in the
settings_org.js file. It introduces changes to the css in
settings.css as well as the template for save-discard buttons.

It also fixes a bug on the user settings whereby if an option
that requires reload is clicked before clicking an option that does
not require reload, the reload message is erased. This could create
an issue where the user is not aware that a reload is required.
The loader is also changed to using fa-icon as loading spinner on
user settings and the colors are tweaked a little bit.
2018-04-05 21:49:12 -07:00
Tarun Kumar c53458c9c0 user-groups: Add template for non-editable groups. 2018-04-05 17:40:12 -07:00
Balaji2198 605916f6d7 compose: Add subscribe button to the not subscribed stream error message.
Before that, we needed to go the stream settings to subscribe to a
particular stream.

Fixes #3877.
2018-04-05 17:15:18 -07:00
Shubham Padia 6262460773 refactor: Rename mark_message(s)_as_read to notify_server_message(s)_read.
Fixes #8965.
Mark_message(s)_as_read is used in marking a message as having been
read by the browser, rename it to notify_server_message(s)_read to
avoid any confusion.
2018-04-05 09:54:48 -07:00
Steve Howell c164d07baa zjquery: Enforce only one arg for $(...) function. 2018-04-05 10:46:45 -04:00
Steve Howell 27770d7f6b Fix recent pitfall in toggle component.
This is a recent regression where we I refactored the toggle
component.  For some reason the old code was waiting until
after the callback to set some of its state, and I did the
same thing when I simplified how the state was stored.

Under the old code, this didn't manifest as a bug, although
the old code was problematic for other reasons.

This "fix" doesn't actually change anything user facing, as the
follow up commit fixes the proximal problem more directly. And
the toggle component is still prone to people writing code that
tries to inspect the state of the widget as it's being built.
2018-04-04 16:37:39 -07:00
Steve Howell bd591424e2 Add keydown_util.js module.
This is a pretty thin abstraction to prevent having to put
magic numbers in code, doing the which/keyCode hack, and remembering
to all preventDefault.

Hopefully we'll expand it to handle things like shift/alt keys
for components that want their own keyboard handlers (vs. going
through hotkey.js).
2018-04-04 16:37:39 -07:00
Shubham Dhama 2aaad502b4 org settings: Hide "disable" option when setting already disabled.
Fixes: #8942.
2018-04-04 11:40:35 -07:00
Tim Abbott 721b4e8373 i18n: Fix strings for wildcard mentions.
First, "Notify stream" is a lot clearer than "Notify everyone";
second, these strings should be tagged for translation.
2018-04-04 11:26:36 -07:00
Tim Abbott 682d4f2ea1 casper: Fix expected result for i18n test.
Now that this string is translated into German, the test should expect
it in German.
2018-04-03 11:05:48 -07:00
Tim Abbott e59c85c382 casper: Fix tests for custom profile fields. 2018-04-03 09:04:03 -07:00
Tim Abbott 938c4cee08 settings: Add option to control Jitsi video chat integration.
Fixes #8922.
2018-04-02 16:55:16 -07:00
Shubham Padia 10115491a3 real-time sync: Server sends recipent data with delete_message event.
Fixes #8853.
In certain cases, the browser is not able to look up the message.
Include the recipient data for the message in the delete_message event,
so look up of those attributes by the browser isn't required.
2018-04-01 22:19:08 -07:00
Shubham Padia e1d9e3ae03 real-time sync: Use process_read_messages_event in delete_message event.
Replace mark_message_as_read with process_read_messages_event as the
latter function is only correct for marking a message as having been
read by this browser.
2018-04-01 22:17:18 -07:00
Anurag Sharma 1227857de6 hotkeys: Replace C with x for composing PM.
Pressing the 'x' key can now be used to compose a PM.
Pressing the 'C' key displays a modal that shows a deprecation notice.

Fixes #6548.
2018-04-01 16:13:05 -07:00
Shubham Dhama b7aae89029 org settings: Add realm level default time format setting. 2018-03-31 16:23:26 -07:00
Shubham Dhama f4d6b2a853 org settings: Split "Language and notifications" section.
This splits "Language and notifications" section into "Default user
settings" and "Notifications".
With this, we can easily add other default user settings in the
same place.
2018-03-31 16:22:52 -07:00
Shubham Dhama e04b8271ca org settings: Remove obsolete UI updating code for realtime sync.
In our new system for updating realm settings, we don't need to create
separate functions to update the input elements for each feature.
Most of the work is done automatically by
`settings_org.sync_realm_settings`.
2018-03-31 16:19:09 -07:00
Balaji2198 724117cd45 org settings: Refactor the `render_notifications_stream_ui` function.
We are having a same code in `render_notifications_stream_ui`
and `render_signup_notifications_stream_ui` functions aside from
the HTML element. So this commit will remove the duplicate code in
`render_signup_notifications_stream_ui` and make use of
`render_notifications_stream_ui`.

Fixes #8886.
2018-03-31 16:08:47 -07:00
Balaji2198 21fe9fe20a org settings: Add elem param to the render_notifications_stream_ui. 2018-03-31 16:08:47 -07:00
Steve Howell cd8c15f1cf pills: Use a template to render the pills. 2018-03-31 09:32:52 -07:00
Tim Abbott 3fd8d718f4 websockets: Fix race condition in CSRF token initialization.
It appears that we were not always initializing the Socket object
after `setup.js` had the opportunity to set csrf_token.

This should fix #6961.
2018-03-31 09:29:56 -07:00
Tim Abbott e840e5b3a8 Revert "Ignore new messages when lists are behind."
This reverts commit bcdd12773e.

We need to do some improvements in handling FetchStatus for initial
narrows before this will be safe to deploy in production.
2018-03-30 11:52:14 -07:00