Commit Graph

10498 Commits

Author SHA1 Message Date
Tim Abbott d55c3bd142 Add npm-debug.log to gitignore. 2016-05-12 16:32:51 -07:00
Tim Abbott 12b32d3889 check-py3: Display git status --porcelain output. 2016-05-12 16:30:58 -07:00
Tim Abbott aa7ff158b6 Reduce development environment RAM requirements by 750MB.
Since we merged cd2348e9ae more than a
month ago and haven't seen any noticable regresions as a result, it's
reasonable at this point to do a corresponding decrease in our
documented RAM requirements for the Zulip development environment.
2016-05-12 16:12:43 -07:00
Tim Abbott e7cb1e3f92 README.dev: Make 'official Zulip PPA' link to the PPA. 2016-05-12 15:38:02 -07:00
Tim Abbott efd24b374e analytics: Fix cnts variable reuse with different type.
Found using mypy.
2016-05-12 14:07:32 -07:00
Sumana Harihareswara 038c1ea20f Add integration project links to README.
The README should link to all Zulip-specific open source projects
so users know where to file bugs and code contributors can pitch
in.

Fixes: #674.
2016-05-12 13:45:20 -07:00
Tomasz Kolek f486e47d4d Change CircleCI logo on /integrations to leave off the name.
The name is already present in the label just below.
2016-05-12 13:14:18 -07:00
Umair Khan 99b73c2728 digest emails: Fix typo in remaining_unread_pms_count.
This error likely caused this feature to never trigger.
2016-05-12 13:09:37 -07:00
Umair Khan dfc58b0ed0 Upgrade digest email templates to Jinja2.
Fixes: #780
2016-05-13 01:01:28 +05:00
Tim Abbott 60722a8fce Integration guide: Add a note about spelling integraiton names. 2016-05-11 21:19:15 -07:00
Tomasz Kolek eeeb4d0c92 Add CircleCI integration.
Fixes: #617.
2016-05-11 21:17:37 -07:00
Tom 014fcf7570 README.dev.md: Add PPA instructions to get tsearch-extras.
Fixes #109.
2016-05-11 16:22:53 -07:00
Sumana Harihareswara c270b94b21 Fix formatting, grammar, and style in Yo integration docs. 2016-05-10 21:34:05 -07:00
Sumana Harihareswara 4c529cdf37
Update Getting Started With Hubot doc link. 2016-05-10 20:54:28 -04:00
Bert Muthalaly 261dac25a5 Fix skipping to latest messages (fast_forward_pointer).
The refactoring in b8ec8f5ef0 had a
slightly wrong URL.
2016-05-10 17:24:42 -07:00
Tim Abbott 2409ac9b2f cache: Add type annotations to active_*_dict_fields. 2016-05-10 11:48:03 -07:00
Tim Abbott f2aee961e1 test_auth_backends: Fix unused variables. 2016-05-10 11:46:39 -07:00
Tim Abbott 92bec8cfea Merge Zulip 1.3.12 security release. 2016-05-10 11:32:26 -07:00
Tim Abbott 90634356cb Add changelog for Zulip 1.3.12 release. 2016-05-10 09:51:49 -07:00
Tim Abbott 9b65464b6b logout_all_users: Add option to logout deactivated users. 2016-05-10 09:50:57 -07:00
Tim Abbott 393159bbd8 queue: Disable RabbitMQ heartbeat in BlockingConnection.
Fixes #741.
2016-05-10 09:50:57 -07:00
Tim Abbott 6f282581f7 requirements: Upgrade pika to version 0.10.0.
This is needed to fix RabbitMQ heartbeat issues that cause connections
to drop (#741).  It's also relevant for Python 3 support.
2016-05-10 09:50:57 -07:00
Tim Abbott d82e44ecd0 queue: Refactor Pika credentials code to be a bit cleaner. 2016-05-10 09:50:57 -07:00
Tim Abbott 620debc5fd Change PrincipalError to return status code 403 by default. 2016-05-10 09:50:57 -07:00
Tim Abbott 85c64c9f93 zulip_login_required: Add checks for active users and realms.
Like the recent change blocking JSON endpoints for deactivated users
and users in deactivated realms, this change is a hardening
improvement.  Those users should be unable to get an active session
anyway, but if somehow one is leaked, this means they won't be able to
access any user data.
2016-05-10 09:50:57 -07:00
Tim Abbott be216506a9 Improve api_fetch_api_key error messages.
Previously, api_fetch_api_key would not give clear error messages if
password auth was disabled or the user's realm had been deactivated;
additionally, the account disabled error stopped triggering when we
moved the active account check into the auth decorators.
2016-05-10 09:50:57 -07:00
Tim Abbott 52ddd500f0 Add tests for authentication backends. 2016-05-10 09:50:57 -07:00
Tim Abbott 38c82083de Add test suite for deactivated users. 2016-05-10 09:50:57 -07:00
Tim Abbott df7466e893 Add test suite for deactivate realms. 2016-05-10 09:50:57 -07:00
Tim Abbott 76814f37a3 decorators: Block access to JSON endpoints for deactivated users.
While in theory users should be unable to get a valid session in order
to access these endpoints in the first place, this provides an extra
layer of hardering to prevent a deactivated user with a session from
accessing data via the old-style JSON API.
2016-05-10 09:50:57 -07:00
Tim Abbott b28b3cd65c CVE-2016-4427: Fix access by deactivated realms/users.
The security model for deactivated users (and users in deactivated
realms) being unable to access the service is intended to work via two
mechanisms:

* All active user sessions are deleted, and all login code paths
  (where a user could get a new session) check whether the user (or
  realm) is inactive before authorizing the request, preventing the
  user from accessing the website and AJAX endpoints.
* All API code paths (which don't require a session) check whether the
  user (and realm) are active.

However, this security model was not implemented correctly.  In
particular, the check for whether a user has an active account in the
login process was done inside the login form's validators, which meant
that authentication mechanisms that did not use the login form
(e.g. Google and REMOTE_USER auth) could succeed in granting a session
even with an inactive account.  The Zulip homepage would still fail to
load because the code for / includes an API call to Tornado authorized
by the user's token that would fail, but this mechanism could allow an
inactive user to access realm data or users to access data in a
deactivated realm.

This fixes the issue by adding explicit checks for inactive users and
inactive realms in all authentication backends (even those that were
already protected by the login form validator).

Mirror dummy users are already inactive, so we can remove the explicit
code around mirror dummy users.

The following commits add a complete set of tests for Zulip's inactive
user and realm security model.
2016-05-10 09:50:48 -07:00
Tim Abbott b31ac1eca9 Fix users in deactivated realms sending webhook messages.
In a deactivated realm, webhooks would still successfully send
messages, since there was no check for whether the realm was active in
api_key_only_webhook_view.
2016-05-10 09:50:48 -07:00
Tim Abbott 9da73b22d3 assert_json_error_contains: Support passing a status code.
Previously this test helper function hardcoded 400.
2016-05-10 09:50:48 -07:00
Tim Abbott 3cde06ea33 Add support for setting HTTP status codes in JsonableError. 2016-05-10 09:50:48 -07:00
Tim Abbott b38c50c6bb docs: Document possible auditing features in security model. 2016-05-10 09:50:47 -07:00
Tim Abbott 44fae09a48 docs: Clarify security model around bots and invite-only streams. 2016-05-10 09:50:47 -07:00
Tim Abbott b4ccca300b Add tests for whether API keys appear in initial state data. 2016-05-10 09:50:47 -07:00
Tim Abbott 07fc47f953 CVE-2016-4426: Fix non-admin users having access to all bot API keys.
Long ago, there was work on an experimental integration model where
every user in a realm would have administrative control over all bots,
with the goal of simplifying the process of setting up communally
administered bots for smaller teams.  While that new model was never
fully implemented (and thus never setup as an option), an error in
that original implementation meant that the data on all bots in a
realm, including their API keys, was sent to the browsers of users via
the `realm_bots` variable in `page_params`.  The data wasn't displayed
in the UI for non-admin users, but was available via e.g. the
javascript console.

This commit updates this behavior to only send sensitive bot data like
API keys to the owner of the bot (and realm admins).

We may in the future implement a model simplifying communally
administered integrations, but if we do that, those bots should be
limited in their capabilities (e.g. only able to send webhook
messages).

This bug has been present since Zulip was released as open source.
2016-05-10 09:50:02 -07:00
Tim Abbott b869be9301 style: Use 'not in' consistently rather than `not foo in`. 2016-05-09 17:00:10 -07:00
Tim Abbott 9cf18f8535 settings: Fix whitespace errors. 2016-05-09 16:53:12 -07:00
Tim Abbott 624258750c confirmation: Fix trailing whitespace. 2016-05-09 16:49:33 -07:00
Tim Abbott 43f167849b queue: Disable RabbitMQ heartbeat in BlockingConnection.
Fixes #741.
2016-05-09 10:23:28 -07:00
Tim Abbott 2dfa7562e2 requirements: Upgrade pika to version 0.10.0.
This is needed to fix RabbitMQ heartbeat issues that cause connections
to drop (#741).  It's also relevant for Python 3 support.
2016-05-09 10:23:28 -07:00
Tim Abbott 0c42fc2f8f queue: Refactor Pika credentials code to be a bit cleaner. 2016-05-09 10:23:28 -07:00
Tim Abbott 0161d2fddd Cleanup guardian-based complexity in get_realm_user_dicts.
The old code for this lookup was unnecessarily complicated because we
were working around Guardian, where the `is_realm_admin` check was
extremely expensive.
2016-05-09 10:12:35 -07:00
Tim Abbott 2a2cbd60c3 cache: Fix fragile active_bot_dicts_in_realm caching model.
The issue here is similar to that in the previous commit.
2016-05-09 10:12:35 -07:00
Tim Abbott fbc7e977ac cache: Fix fragile active_user_dicts_in_realm caching model.
Previously we relied on having two matching list of fields for the
get_active_user_dicts_in_realm, one in the actual code and the other
in the caching system.  By unifying these lists to have a single
source, we eliminate a class of caching bugs we might otherwise
regularly introduce.
2016-05-09 10:12:35 -07:00
Tim Abbott f02571202a EventsRegisterTest: display full error diffs. 2016-05-09 10:12:35 -07:00
Tim Abbott 6c744564a7 travis: Add debugging code for rabbitmq nagios failures. 2016-05-09 09:55:18 -07:00
Umair Khan 0d324925b5 Add documentation on translation tags.
[substantially modified by tabbott]
2016-05-09 09:55:18 -07:00