Commit Graph

55883 Commits

Author SHA1 Message Date
Alex Vandiver 8102519242 send_email: Remove `List-Unsubscribe-Post` from remote-server emails.
For remote servers, we cannot advertise `List-Unsubscribe=One-Click`,
which is specified in RFC 8058[^1] to mean that the `List-Unsubscribe`
URL supports a POST request with no arguments to unsubscribe.  Because
we show an interstitial and confirmation page, as this is not just a
mailing list which is disabled if you click the link, it does not
support the mail system performing the unsubscribe for the user.

Remove the inaccurate header for remote servers.

[^1]: https://datatracker.ietf.org/doc/html/rfc8058
2023-12-15 09:12:25 -08:00
Aman Agrawal 0fe725fdbd test_stripe: Add tests to check sponsorship approval. 2023-12-15 09:08:48 -08:00
Aman Agrawal 4b5e8971a3 sponsorship_approval: Fix punctuation. 2023-12-15 09:08:48 -08:00
Prakhar Pratyush 1588f49b4f test_stripe: Add end-to-end test for RemoteRealm billing flow. 2023-12-15 09:08:48 -08:00
Prakhar Pratyush 33e04362e1 test_stripe: Add 'billing_session" to StripeTest.
This prep commit adds a 'billing_session' field to StripeTest class.

Creates 'client_billing_get', 'client_billing_post', and
'client_billing_patch' helper functions.

This will help in reusing code for RemoteRealm and
RemoteZulipServer end-to-end tests.
2023-12-15 09:08:48 -08:00
Aman Agrawal 53b7e956ea test_remote_billing: Extract remote server / realm login methods. 2023-12-15 09:08:48 -08:00
evykassirer 1f7b3d7a2d stream edit toggler: Update `select_tab` when changing hash."
This fixes a bug in #26717 where the hash would flash to #personal
before #subscribers. Sometimes `setup_toggler` is called after
the hash change, and it needs to know which tab to show.

Ideally in the future we'd clean up this code so that the hash
changing function isn't called multiple times.
2023-12-15 08:47:45 -08:00
Alex Vandiver 0f2cc383f6 send_email: Support add_context for remote servers.
612f2c73d6 started passing add_context to
`send_custom_server_email`, but did not make it make use of it.

Also add the `hostname` as a built-in value, since that is most likely
the most useful property.
2023-12-15 08:37:02 -08:00
Tim Abbott 63e5712837 push_notifications: Improve logging when not contacting bouncer. 2023-12-15 08:15:36 -08:00
Aman Agrawal f5aa88e165 billing: Don't show current license for legacy plan customers. 2023-12-15 08:10:16 -08:00
Prakhar Pratyush c12a9eeb9c stripe: Fix 'get_billable_licenses_for_customer' not using event_time.
The call to 'get_billable_licenses_for_customer' during the
'sync_license_ledger_if_needed' step should use the audit_log's
event_time while calculating 'current_count_for_billed_licenses'.

Earlier, it used timezone_now(), resulting in the latest user count
recorded corresponding to each audit log.
2023-12-15 08:09:31 -08:00
Mateusz Mandera d351353126 zilencer: Fix server/register failing to check if server is deactivated.
A deactivated server shouldn't be updated like that - we want to return
an error.
2023-12-15 08:06:58 -08:00
Tim Abbott 53f40133eb remote_server: Handle JsonableErrors and connection failures better.
This fixes the exception case on the initial
`/api/v1/remotes/server/analytics/status` case.  Other exceptions from
`send_to_push_bouncer` are allowed to escape.

Co-authored-by: Alex Vandiver <alexmv@zulip.com>
2023-12-14 15:08:52 -08:00
Anders Kaseorg b472d769d1 change_user_role: List role choices in --help output.
Fixes #28227.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-12-14 15:06:18 -08:00
Evy Kassirer 6e902defba
node tests: Use noop helper function pattern in test files.
Some files already were using `noop` in place of `() => {}`.
It's both clearer what it means and is easier to type.
This updates all test files to fully use `noop`, and
adds a shared import from the test lib file.
2023-12-14 14:51:33 -08:00
Aman Agrawal 11dff6b4d8 zilencer: Add tests for migrating customer from server to realm. 2023-12-14 14:31:28 -08:00
Aman Agrawal b4e92ecc48 zilencer: Don't consider deactivated realms to transfer server plan. 2023-12-14 14:31:28 -08:00
Alya Abbott ba80084ea7
remote_billing_page: Deny login for server / remote realm.
If server has plan, deny login for realm.
If realm has plan, deny login for server.

Co-authored-by: Aman Agrawal <amanagr@zulip.com>
Co-authored-by: Alya Abbott <alya@zulip.com>
2023-12-14 14:25:12 -08:00
Tim Abbott 8965f011fb i18n: Update translation data from Transifex. 2023-12-14 13:22:21 -08:00
Sahil Batra 94f0837b9c settings: Restrict length of realm Jitsi url custom input.
We have a restriction of 200 characters for jitsi_server_url
realm setting custom input element.

Fixes part of #27355.
2023-12-14 12:11:59 -08:00
Sahil Batra 633ec698f5 realm: Enfore length restriction on jitsi_server_url at API level.
Previously, passing a url longer than 200 characters for
jitsi_server_url caused a low-level failure at DB level. This
commit adds this restriction at API level.

Fixes part of #27355.
2023-12-14 12:11:59 -08:00
Alex Vandiver bedb68b2fe registration: Prevent injecting arbitrary strings via query param.
While the query parameter is properly excaped when inlined into the
template (and thus is not an XSS), it can still produce content which
misleads the user via carefully-crafted query parameter.

Validate that the parameter looks like an email address.

Thanks to jinjo2 for reporting this, via HackerOne.
2023-12-14 12:00:16 -08:00
Alex Vandiver 9067220af6 signup: Send status code 400 on invalid emails. 2023-12-14 12:00:16 -08:00
Lauryn Menard 83d6481f6f support: Add the remote realm's plan type to the support view.
The plan type for the remote realm is useful to compare to any
current plan attached to the same remote realm.
2023-12-14 11:38:02 -08:00
Alya Abbott b8d05aea1b portico: Update count of Tim's daughters on /team page. 2023-12-14 11:33:57 -08:00
Tim Abbott 1757b88760 billing: Offer release announcement subscriptions.
Also avoid prompting for full name time more than once.
Adds TOS version field to Remote server user.

Co-authored-by: Karl Stolley <karl@zulip.com>
Co-authored-by: Aman Agrawal <amanagr@zulip.com>
2023-12-14 10:51:16 -08:00
Alex Vandiver 4ef93de128 zilencer: Set the remote server as the user in Sentry. 2023-12-14 09:46:21 -08:00
Alex Vandiver 863c1c28f7 zilencer: Log why the server got a 401. 2023-12-14 09:46:21 -08:00
Tim Abbott 036b1156f2 zilencer: Avoid using stale last_audit_log_update. 2023-12-14 09:26:45 -08:00
Aman Agrawal e02e0cd37e models: Make it easier to debug current plan name and status.
`print(plan)` now works to know the plan tier and status.
2023-12-14 08:22:25 -08:00
Aman Agrawal d795400b21 billing: Allow upgrade scheduled legacy orgs to view billing page.
Don't redirect them to sponsorship page.
2023-12-14 08:22:25 -08:00
Aman Agrawal 34a1be80a4 model: Use same name for legacy plan across the app. 2023-12-14 08:22:25 -08:00
Anders Kaseorg c7245d5f3b models: Make ScheduledMessage.read_by_sender non-nullable.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-12-14 08:16:31 -08:00
Anders Kaseorg 77a6f44455 message_send: Add read_by_sender API parameter.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-12-14 08:16:31 -08:00
Anders Kaseorg d7d5b6c73e models: Move Message.sent_by_human to Client.default_read_by_sender.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-12-14 08:16:31 -08:00
Anders Kaseorg d893ff5ba8 digest: Exclude bots with sender.is_bot, not sent_by_human.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-12-14 08:16:31 -08:00
Sahil Batra 92c1dfc248 message_send: Optimize checking access to DM recipients.
We previously used get_accessible_user_ids to check whether the
sender can access all DM recipients, which was not efficient as
it queries the Message table. This commit updates the code to
make sure we use get_inaccessible_user_ids which is much more
efficient as it limits the queries to only DM recipients and
also queries the Message table only if needed.

This can still be optimized further as mentioned in #27835 but
this commit is a nice first step.
2023-12-14 08:14:09 -08:00
Lauryn Menard 8bce83709f corporate: Add billing support email constant.
Adds BILLING_SUPPORT_EMAIL to `stripe.py` with a value of
"sales@zulip.com" so that it can be consistently used in
billing code.
2023-12-14 08:12:01 -08:00
Mateusz Mandera 651590c49a remote_billing: Store acting users in remote user audit logs. 2023-12-14 08:11:04 -08:00
Anders Kaseorg a13e42f18a docs: Add missing spaces around code spans.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-12-14 00:05:44 -08:00
Aman Agrawal 10ef308848 migrate_server_to_realm: Reset server tier during migration. 2023-12-13 22:29:30 -08:00
Aman Agrawal a5311c8032 stripe: End legacy plan before approving full sponsorship. 2023-12-13 22:29:30 -08:00
Alex Vandiver 612f2c73d6 send_custom_email: Support JSON extra context with remote servers. 2023-12-13 22:28:20 -08:00
Alex Vandiver 2863b5954e send_custom_email: Make --json an additional filter, not a target. 2023-12-13 22:28:20 -08:00
Alex Vandiver 2de1a23721 send_custom_email: Provide an unsubscribe link for remote servers. 2023-12-13 22:28:20 -08:00
Alex Vandiver 791d66fe28 send_custom_email: Split out the sending to remote servers. 2023-12-13 22:28:20 -08:00
Alex Vandiver 62e6b10ecd send_email: Pull admins_only back into send_custom_email filtering.
There is no reason for this to be an explicit argument to
send_custom_email, when the rest of the filtering already happens
upstream.
2023-12-13 22:28:20 -08:00
Alex Vandiver 1229e38a0d send_custom_email: Stop lying about the type of options.
Saying `**options: str` is a lie, since it contains bools.  We pluck
out the two bools that we need properly typed because we will be
pushing them into function calls, and type them explicitly as bools.
2023-12-13 22:28:20 -08:00
Tim Abbott bfa3d144eb zilencer: Don't try to migrate ended plans. 2023-12-13 17:55:00 -08:00
Tim Abbott b8deb44a05 zilencer: Fix mismigrated plan type assertion. 2023-12-13 17:55:00 -08:00