Commit Graph

60408 Commits

Author SHA1 Message Date
Prakhar Pratyush 5af6c04a9e realm_settings: Update do_set_realm_stream to send event on commit.
Earlier, we were using 'send_event' in 'do_set_realm_stream' which
can lead to a situation, if any db operation is added after the
'send_event' in future, where we enqueue events but the action
function fails at a later stage.

Events should not be sent until we know we're not rolling back.

Fixes part of #30489.
2024-08-23 09:10:56 -07:00
Prakhar Pratyush c0dc005d05 realm_settings: Send event on commit in do_set...authentication_methods.
Earlier, we were using 'send_event' in
'do_set_realm_authentication_methods' which can lead to a situation
where we enqueue events but there's an error at a later stage in
the codepath using this function.

Events should not be sent until we know we're not rolling back.

Fixes part of #30489.
2024-08-23 09:10:56 -07:00
Prakhar Pratyush 63064e926b realm_settings: Update do_set...default_setting to send event on commit.
Earlier, we were using 'send_event' in do_set_realm_user_default_setting
which can lead to a situation, if any db operation is added after
the 'send_event' in future, where we enqueue events but the action
function fails at a later stage.

Events should not be sent until we know we're not rolling back.

Fixes part of #30489.
2024-08-23 09:10:56 -07:00
Prakhar Pratyush 8ddaa949fc user_settings: Send event on commit in do_regenerate_api_key.
Earlier, we were using 'send_event' in 'do_regenerate_api_key'
which can lead to a situation, if any db operation is added after
the 'send_event' in future, where we enqueue events but the action
function fails at a later stage.

Events should not be sent until we know we're not rolling back.

Fixes part of #30489.
2024-08-23 09:10:56 -07:00
Prakhar Pratyush 7e03569495 user_settings: Send event on commit in do_change_full_name.
Earlier, we were using 'send_event' in 'do_change_full_name'
which can lead to a situation, if any db operation is added after
the 'send_event' in future, where we enqueue events but the action
function fails at a later stage.

Events should not be sent until we know we're not rolling back.

Fixes part of #30489.
2024-08-23 09:10:56 -07:00
Sahil Batra d2c7e7e94c user_groups: Fix live updating user groups UI.
This commit updates code to live update the groups UI if
realm or group level setting to manage groups is changed.

This commit also does some refactoring to better organize the
code in different functions.

And also, the code to hide/disable the UI if the user does not
have permission to manage the group in JS such that the same code
is used for live-updating as well.
2024-08-23 09:09:03 -07:00
Sahil Batra 03ec0e1f14 stream-settings: Live update subscribers list correctly.
This commit fixes the live update of subscribers list
on changing can_remove_subscribers_group setting.

Previously, whole members panel, including the pill container
to add subscriebrs, is re-rendered. But the click and input
handlers for the add subscribers UI is not added again after
re-rendering and thus they do not work.

This commit updates the code to just re-render the subscribers
list which is only needed to update the "Unsubscribe" button.
2024-08-23 09:09:03 -07:00
Karl Stolley 27bf68637b global_times: Correct malformed closing tags in overlay. 2024-08-22 09:12:20 -07:00
Alya Abbott 06ba9710a7 help: Fix up message deletion permissions documentation. 2024-08-22 09:11:52 -07:00
Shubham Padia 24061cfc3b dependencies: Upgrade @astrojs/starlight to 0.26.1. 2024-08-22 09:11:14 -07:00
Mateusz Mandera 9cad9644e7 import_util: Fix file extensions of emoji files downloaded from Slack.
The Slack API when returning the emoji records, returns the record for
its thumbsup_all emoji with the url ending with .png, even though the
file is a gif.

For that reason, we have to make that code correct file extensions based
on the response content-type. Emojis are the smallest set of images to
download, so for simplicity of implementation, we remove the
parallelization of the downloads in favor of just processing them
serially.
2024-08-21 16:30:19 -07:00
Mateusz Mandera 669e0a3e47 import: Fix export->import of emojis from Slack.
Ideally this would besplit up into two commits, but it's hard to split
into self-contained, atomic chunks now that this segment of the
import/export system is generally kind of broken after thumbnailing
system changes.

1. 3rd party export converters don't make .original image files.
Insteadthey provide a single file, which the import should treat as if
it's .original.

2. 3rd party converters create all the records with is_animated=False.
That's an issue, because without setting that correctly on the
RealmEmoji objects, Zulip doesn't know that it should use the "still"
thumbnail when the emoji is being used in a user's status. Which leads
to incorrectly displaying the user status with the distracting
animation.
2024-08-21 16:30:19 -07:00
Mateusz Mandera 5476340b52 import: Export and import .original emoji files correctly.
The export tool was only exporting the already-thumbnailed emoji file,
omitting the original one. Now we make sure to export the .original file
too, like we do for avatars, and make the import tool process it
directly, to thumbnail it directly and generate a still in the case of
animated emojis.

Otherwise, the imported realm wouldn't have the <emoji>.png.original
file that we generally expect to have accessible, and stills for
animated emojis were completely missing.
2024-08-21 16:30:19 -07:00
Mateusz Mandera 2a1da859ea auth: Update AzureADAuthBackend to use the newer Microsoft API.
As detailed in the comment in the code:

The upstream implementation uses the outdated /oauth2/authorize
API (instead of the v2.0 API), which doesn't allow us to authenticate
users with just a personal Microsoft account. v2.0 API is required.
This requires us to override the default URLs to use it as well
as adjust the requested scopes, to match this new API.

The backend in its previous state was only able to authenticate users
that were tied to an organizational directory, even if the application
settings in Azure were set up to also allow personal accounts. Users
trying to use a personal account would face an error from Microsoft:

AADSTS500200: User account 'xxxx@example.com' is a
personal Microsoft account. Personal Microsoft accounts are not
supported for this application unless explicitly invited to an
organization

https://github.com/python-social-auth/social-core/issues/723 is a
related upstream issue.
2024-08-21 16:16:30 -07:00
evykassirer 6ff793590f bootstrap_typeahead: Fix bug on select with no active item.
This bug was introduced in d9f25d01a1
It's possible that `find(".active")` returns `undefined` here.
2024-08-21 16:07:37 -07:00
Rahul Rajesh Kumar b6597896b0
footer: Open social links in a separate browser tab.
Fixes #31415.
2024-08-21 16:05:45 -07:00
Karl Stolley 562e6d6802 global_times: Allow global times to display inline. 2024-08-21 16:02:33 -07:00
Karl Stolley 02161582fd mentions: Allow mentions to display inline. 2024-08-21 16:02:33 -07:00
Aman Agrawal 580b9e9dae navbar: Remove signup button.
This allows log in button in navbar for spectators to have more space
to be displayed in different languages without being truncated.
Login page already has 2 buttons for user to sign up from.
2024-08-21 12:02:59 -07:00
Tim Abbott f1d828cb7d test_openapi: Remove now-unused blocks.
As we remove uses of the has_request_variables system in favor of
typed_endpoints, parts of this file have lost test coverage.
2024-08-21 11:33:42 -07:00
Tim Abbott 9348b87d73 topic: Remove now-unused REQ_topic. 2024-08-21 11:27:54 -07:00
Kenneth Rodrigues 2483e600a2 message_send: Convert to typed endpoint.
Convert `message_send.py` use `typed endpoint`.

Disable `message_send` endpoint `to` parameter in the `openapi`
`validate_json_schema` check, because it is a special case where the
content type of the parameter is application/json but the
parameter may or may not be JSON encoded since previously we also
accepted a raw string and some ad-hoc bot might still depend on sending
a raw string.

Remove unused validators from `validator.py`.
2024-08-21 11:13:00 -07:00
Prakhar Pratyush 8b3d5a9455 custom_profile_fields: Update transaction to be durable.
This commit updates the db transaction to be durable for
do_update_user_custom_profile_data_if_changed to avoid
addition of any outer atomic block.

While adding any outer atomic block this will raise a runtime error
and we can replace the durable argument with 'savepoint=False'
otherwise we'll have to manually track down the action functions
getting called in that outer atomic block and set the savepoint=False
otherwise it'll lead to creation of savepoints which we don't want.

We can't set savepoint=False before hand to the outermost action
function because it leads to rollback of transaction in tests when
an error is raised in action function.
2024-08-21 10:51:23 -07:00
Prakhar Pratyush e729c51485 custom_profile_fields: Update remove...value to send event on commit.
Earlier, we were using 'send_event' in
check_remove_custom_profile_field_value which can lead to a
situation where we enqueue events but the function fails at a
later stage.

Events should not be sent until we know we're not rolling back.

Fixes part of #30489.
2024-08-21 10:51:23 -07:00
Prakhar Pratyush bfe7eb6b2c do_change_full_name: Noop if value isn't really changing.
In do_change_full_name, we shouldn't create RealmAuditLog
entry and sends events if the value isn't changing.
2024-08-21 10:51:23 -07:00
Sahil Batra 6718ff5166 user_groups: Make bottom margin for setting consistent with streams.
This commit increases the gap between group setting elements to make
it same with what we have for stream settings.
2024-08-21 10:30:25 -07:00
Sahil Batra 688def19ab user_groups: Fix showing tooltip for disabled settings.
Preivously, the tooltip was shown only for first element
since initialize_disable_btn_hint_popover only added the
tooltip to first element. And then after d9f25d01a1, there
was an error shown as initialize_disable_btn_hint_popover
asserted that only single element list was passed.

This commit fixes it by calling initialize_disable_btn_hint_popover
for each setting element. Similarly the code to destroy the
tooltip on enabling the setting elements is called for each
element.
2024-08-21 10:30:25 -07:00
afeefuddin be9d879682 settings_bots: Convert module to TypeScript. 2024-08-21 08:28:40 -07:00
afeefuddin 4b89d0ff06 state_data: Add realm_bot_creation_policy type. 2024-08-21 08:28:40 -07:00
afeefuddin 5579700920 list_widget: Make filter_value optional in render_empty_list_message_if_needed. 2024-08-21 08:28:40 -07:00
Alya Abbott 3227a9f35a help: Add a tip to turn off read receipts with invisible mode. 2024-08-21 08:25:44 -07:00
Alex Vandiver 6cc480e2b5 kandra: Ensure that we do not error out creating standby.signal.
Force us to have restored the `/var/lib/postgresql/14/main` directory
before we try to create `standby.signal` in it.
2024-08-20 14:03:51 -07:00
Alex Vandiver 49e5722a9f kandra: Match the logic in zulip::profile::postgresql. 2024-08-20 14:03:51 -07:00
Alex Vandiver 9e58780d46 puppet: Fix indentation. 2024-08-20 14:03:51 -07:00
Mateusz Mandera 7e1f468f04 saml: Fix exception when syncing missing value to custom profile field.
There was a bug here that would trigger an exception inside
`sync_user_profile_custom_fields`, causing it to get logged with
logging.warning, when an attribute configured for SAML custom profile
field sync was missing from a SAMLResponse or had an empty value.
`sync_user_profile_custom_fields` expects valid values, and None is not
valid.

We could consider a slightly different behavior here instead - when an
attribute is sent with no value in the SAMLResponse, that means the attr
has no value in the IdP's user directory - so perhaps a better behavior
would be to also remove the custom profile field value in Zulip. However
there are two issues with that:

1. It's not necessarily the best behavior, because an organization might
want the "user doesn't have this attribute set at the IdP level" state
to just mean that the user should be free to set the value manually in
Zulip if they wish. And having that value get reset on every login would
then be an issue. The implementation in this commit is consistent with
this philosophy.

2. There's some implementation difficulty - upstream
`self.get_attr(...)`, which we use for reading the attr value from the
SAMLResponse, doesn't distinguish between an attribute being sent with
no value and the attribute not being sent at all - in both cases it
returns None. So we'd need some extra work here with parsing the
SAMLResponse properly, to be able to know when the custom profile field
should get cleared.
2024-08-20 13:57:30 -07:00
Aman Agrawal 2a158cb8d9 test_stripe: Normalize fixtures for test_stripe_billing_portal_urls. 2024-08-20 13:54:48 -07:00
Tim Abbott aaea645a49 docs: Clean up discussion of very old versions. 2024-08-20 11:53:24 -07:00
Mateusz Mandera cde83e8818 saml: Add documentation about user role/custom profile fields sync.
With substantial rewriting by tabbott, including moving mostly
irrelevant references to very old Zulip versions.
2024-08-20 11:53:24 -07:00
Mateusz Mandera 833dce8a13 saml: Add support for syncing user role.
Replace the SOCIAL_AUTH_SYNC_CUSTOM_ATTRS_DICT with
SOCIAL_AUTH_SYNC_ATTRS_DICT, designed to support also regular user attrs
like role or full name (in the future).

Custom attributes can stay configured as they were and will get merged
into SOCIAL_AUTH_SYNC_ATTRS_DICT in computed_settings, or can be
specified in SOCIAL_AUTH_SYNC_ATTRS_DICT directly with "custom__"
prefix.

The role sync is plumbed through to user creation, so users can
immediately be created with their intended role as provided by the IdP
when they're creating their account, even when doing this flow without
an invitiation.
2024-08-20 11:53:24 -07:00
Mateusz Mandera 9841bb9522 docs: Add note to SOCIAL_AUTH_SYNC_CUSTOM_ATTRS_DICT in settings.py. 2024-08-20 11:53:24 -07:00
Mateusz Mandera 8c1a1ea8db scim: Extract ROLE_TYPE_TO_NAME dict to UserProfile.
This allows these mappings to used in other APIs. Specifically, we want
to use this for syncing role during SAML auth.
2024-08-20 11:53:24 -07:00
Mateusz Mandera 76b41e433a maybe_send_to_registration: Enforce kwargs.
Most of these should be kwargs, to make sure we're not accidentally
getting the order wrong when calling it.
2024-08-20 11:53:24 -07:00
Kenneth Rodrigues 86bf0d3ea3 decorators: Migrate to typed_endpoint.
Modify `semgrep-py.yml` to treat arguments after `*args` as
keyword-only arguments.
2024-08-20 10:15:30 -07:00
Alex Vandiver 47ebef057e puppet: Switch to an included limits.d file. 2024-08-20 10:04:40 -07:00
Alex Vandiver 64516ab9f4 install-aws-server: Output tsh ssh command, not ssh. 2024-08-20 10:04:40 -07:00
Alex Vandiver c0237e3d58 kandra: Correct group ownership and permissions to match package's.
This reverts b000328ba5 and re-applies
a759d26a32.  It is likely that the
upstream packages are simply inconsistent.
2024-08-20 10:04:40 -07:00
Alex Vandiver a5a898ba21 install-aws-server: Switch to 24.04. 2024-08-20 10:04:37 -07:00
Alex Vandiver 3adedc9545 install-aws-server: Set the name of the root EBS volume. 2024-08-20 10:03:59 -07:00
Alex Vandiver fe0a7b3b77 kandra: Drop support for 20.04 hosts. 2024-08-20 10:03:59 -07:00
Kenneth Rodrigues 50712bfa81 scheduled_messages: Migrate to typed_endpoint.
Migrate `scheduled_message.py` to typed_endpoint.

Perform Json parsing in the endpoint itself instead of
in `recipient_parsing.py`.
2024-08-20 10:03:22 -07:00