Commit Graph

101 Commits

Author SHA1 Message Date
Greg Price a116303604 passwords: Express the quality threshold as guesses required.
The original "quality score" was invented purely for populating
our password-strength progress bar, and isn't expressed in terms
that are particularly meaningful.  For configuration and the core
accept/reject logic, it's better to use units that are readily
understood.  Switch to those.

I considered using "bits of entropy", defined loosely as the log
of this number, but both the zxcvbn paper and the linked CACM
article (which I recommend!) are written in terms of the number
of guesses.  And reading (most of) those two papers made me
less happy about referring to "entropy" in our terminology.
I already knew that notion was a little fuzzy if looked at
too closely, and I gained a better appreciation of how it's
contributed to confusion in discussing password policies and
to adoption of perverse policies that favor "Password1!" over
"derived unusual ravioli raft".  So, "guesses" it is.

And although the log is handy for some analysis purposes
(certainly for a graph like those in the zxcvbn paper), it adds
a layer of abstraction, and I think makes it harder to think
clearly about attacks, especially in the online setting.  So
just use the actual number, and if someone wants to set a
gigantic value, they will have the pleasure of seeing just
how many digits are involved.

(Thanks to @YJDave for a prototype that the code changes in this
 commit are based on.)
2017-10-08 15:48:44 -07:00
Greg Price aa4104a5af logging: Add option to show the PID in each log message. 2017-10-06 19:21:40 -07:00
Tim Abbott a7e81baed8 settings: Document SEND_LOGIN_EMAILS setting. 2017-09-29 22:39:58 -07:00
Tim Abbott c73c12f0e7 settings: Document privacy policy setting.
Also clean up the text around the TERMS_OF_SERVICE setting a bit.
2017-09-29 22:37:56 -07:00
Greg Price 412f6e70d8 logging: Add option to show the module a log message came from. 2017-09-28 18:26:39 -07:00
Supermanu 28beddfd76 backends.py: Enable auth with any ldap attributes as username.
This commit enables user to authenticate with any attribute set in
AUTH_LDAP_USER_SEARCH given that LDAP_EMAIL_ATTR is set to an email
attributes in the ldap server. Thus email and username can be
completely unrelated.

With some tweaks by tabbott to squash in the documentation and make it
work on older servers.
2017-09-15 10:28:41 -07:00
Tim Abbott 4725afe99a settings: Move NOREPLY_EMAIL_ADDRESS to DEFAULT_SETTINGS.
Since we're auto-detecting the value anyway, there's no reason it
can't be moved to DEFAULT_SETTINGS.

This lets us remove some clutter from the installation documentation.
2017-08-15 17:21:40 -07:00
Tim Abbott d9c8c4db09 settings: Clean up documentation for configuring outgoing email.
Since we now discuss Gmail in the prod-email instructions, we just
link to that here.
2017-08-15 17:21:40 -07:00
vbNETonIce 4a5f82bc71 settings: Add default for INLINE_URL_EMBED_PREVIEW.
Tweaked by tabbott to improve the documentation around this setting
and its INLINE_IMAGE_PREVIEW cousin.
2017-07-31 21:11:12 -07:00
vbNETonIce ea72432dca rename in comment: scripts/restart-zulip to scripts/restart-server
found this when trying to follow this comment and the script didn't exist anymore
2017-07-28 10:29:17 -07:00
Vaida Plankyte 26f5f77524 prod_settings_template.py: Update GitHub/Google auth setup docs. 2017-07-27 17:35:14 -07:00
Rishi Gupta 6439603974 prod_settings_template: Add quotes around push notification url. 2017-07-25 17:42:33 -07:00
Aditya Bansal b9bffaa446 pep8: Add compliance with rule E261 to prod_settings_template.py. 2017-07-11 11:55:01 -07:00
James Rowan 368bd66d8b emails: Refactor send_email functions to take both a sender name and address.
This will allow for customized senders for emails, e.g. 'Zulip Digest' for
digest emails and 'Zulip Missed Messages' for missed message emails.

Also:
* Converts the sender name to always be "Zulip", if the from_email used to
  be settings.NOREPLY_EMAIL_ADDRESS or settings.ZULIP_ADMINISTRATOR.

* Changes the default value of settings.NOREPLY_EMAIL_ADDRESS in the
  prod_setting_template to no longer have a display name. The only use of
  that display name was in the email pathway.
2017-07-04 14:25:01 -07:00
Rishi Gupta dd3dd26f15 prod_settings_template: Update description for FEEDBACK_EMAIL. 2017-07-04 14:25:01 -07:00
Pweaver (Paul Weaver) 2c10e7c0db Change from and noreply emails to use EXTERNAL_HOST domain.
This eliminates another mandatory setting from what one needs to
configure to setup a Zulip server.
2017-07-01 08:09:25 -07:00
Rishi Gupta 2012913cc1 prod_settings_template: Update description of NOREPLY_EMAIL_ADDRESS. 2017-06-29 17:54:33 -07:00
Rishi Gupta 85d38bd17b emails: Remove DEFAULT_FROM_EMAIL from prod_settings_template. 2017-06-29 17:54:33 -07:00
Pweaver (Paul Weaver) 5c07125994 Enable EmailAuthBackend by default to simplify a production install.
This should save a step from the installation process in the common
case.
2017-06-12 21:53:35 -07:00
Eklavya Sharma cc1937c8d5 mypy: Use Optional with strings where required. 2017-05-23 21:56:50 -07:00
Tim Abbott a2f5d133e8 docs: Document the push notification forwarding service. 2017-05-18 13:39:58 -07:00
Tim Abbott ab3f55408d settings: Document how to set EXTERNAL_HOST to include a port number.
Also, make sure that ALLOWED_HOSTS is correct in the case that a port
number is included.
2017-05-12 14:27:29 -07:00
Rishi Gupta 962b56efbd settings: Change example NOREPLY_EMAIL_ADDRESS to have a display name.
We used to use constructions like
from_email = "Zulip <%s>" % (settings.NOREPLY_EMAIL_ADDRESS,)
but no longer do. All references to settings.NOREPLY_EMAIL_ADDRESS in the
codebase now do not append a display name.
2017-05-05 14:38:25 -07:00
Tim Abbott cf444203c4 docs: Update email configuration documentation.
Fixes #2958.
2017-02-22 22:26:43 -08:00
Tim Abbott 8c1285924e prod_settings_template: Move email configuration up.
This reflects the fact that you definitely need to configure this, but
you don't have to configure any of the auth backends, really.
2017-02-22 22:26:43 -08:00
Tim Abbott 7964408633 prod_settings_template: Move ALLOWED_HOSTS up and clarify. 2017-02-22 22:26:43 -08:00
Feorlen 1973360d17 Update comment to suggest Mailgun for EmailAuthBackend SMTP. 2017-02-17 08:02:03 -08:00
Tim Abbott 21f09dcab7 docs: Make it harder to screw up our manage.py commands. 2017-02-03 12:57:50 -08:00
Tim Abbott 0dd5d6cea0 errors: Separate browser error reporting from backend. 2017-01-27 10:27:41 -08:00
Tim Abbott d6e38e2a5c lint: Clean up E123 PEP-8 rule. 2017-01-23 21:34:26 -08:00
Tim Abbott 287b84d113 auth: Improve configuration/documentation for password strength.
Followup to #3190.
2017-01-17 20:52:52 -08:00
Bojidar Marinov 786dd0fca4 auth: Make min password length and strength configurable.
This adds some configuration options to settings.py, namely
PASSWORD_MIN_LENGTH and PASSWORD_MIN_QUALITY, which control
when the frontend validator invalidates the password.

Closes #2628
2017-01-10 04:55:41 -08:00
Tim Abbott c65820618f settings: Set an intelligent default for ALLOWED_HOSTS. 2017-01-06 14:46:47 -08:00
Tim Abbott f3ee0eb67b settings: Improve ALLOWED_HOSTS defaults. 2017-01-06 14:46:47 -08:00
nikolay abc2ff4a06 pep8: Fix many rule E128 violations.
[Tweaked by tabbott to adjust some approaches used in wrapping]
2016-12-03 13:33:31 -08:00
Alex Huang c8ddea16c3 pep8: Fix E122. 2016-12-01 23:16:35 -08:00
Kevin Chen 6107c877e8 bugdown: Add option to support "file:///" as hyperlink.
This contains contributions from Tim Abbott and Igor Tokarev.

Fixes #380.
2016-11-06 22:30:05 -08:00
Steve Howell ab0ee0b923 Upgrade: revert change to default LOCAL_UPLOADS_DIR in prod settings.
The main purpose of the "var" convention is to make it easy to write stuff
inside of our git repo when running a dev instance, and then "var" gets
excluded from checkins. For production, that's not as much of a concern.
For upgrades we don't want to be changing the directory around and confusing
matters, especially with the extra moving part of nginx configs (which have
their own issues in terms of being overwritten by accident when admins go to
S3).
2016-09-06 14:51:29 -07:00
Vishnu Ks a7ead9e99d settings: Eliminate ADMIN_DOMAIN for creating initial realm.
We now use `./manage.py generate_realm_creation_link` as the flow flow
for creating one's first realm.
2016-08-25 09:37:33 -07:00
Tim Abbott 21b9efd985 Clarify ALLOWED_HOSTS string format.
This is obvious to anyone who knows Python, but knowing Python should
not be a requirement to administer a Zulip server.

Fixes #1606.
2016-08-24 22:19:54 -07:00
Taranjeet Singh 86ecf28588 prod_settings_template.py: Fix line with length greater than 120.
This updates file zproject/prod_settings_template.py.
2016-08-19 11:56:43 -07:00
Tim Abbott 11cac86a58 settings: Add support for specifying a remote redis password. 2016-08-11 16:54:22 -07:00
Tim Abbott b3a768f4b2 settings: Improve ALLOWED_HOSTS defaults logic and docs.
This removes the requirement for the user to put localhost/127.0.0.1
in their ALLOWED_HOSTS list, since it is now added automatically.

Fixes: #1358.
2016-08-05 21:25:29 -07:00
Umair Khan 6c248a662d prod_settings_template.py: Add GitHub team and org. 2016-08-03 12:01:15 -07:00
Tim Abbott 25c0710800 prod_settings_template: Fix typo in redis documentation. 2016-07-31 19:45:53 -07:00
acrefoot e568dbc76f Add TERMS_OF_SERVICE setting.
This new setting allows the server administrator to add a custom
Terms of Service page by supplying the path to a markdown file.

Also adds a test.
2016-07-29 20:47:31 -07:00
Tim Abbott eef66ee031 Document GitHub authentication. 2016-07-29 12:49:10 -07:00
Tim Abbott d9b5f3089b prod_settings: Cleanup intro to Google auth documentation. 2016-07-29 12:49:01 -07:00
Eklavya Sharma 3b3b5c7c16 Rename management command email-mirror to email_mirror.
All other zulip management command names have underscores, so
rename email-mirror to email_mirror.

This will also make it possible to import this module, which will
help in writing tests for it.
2016-07-28 14:52:09 -07:00
Eklavya Sharma f067c7fb15 Fix email-mirror instructions in prod_settings_template.py.
When email mirroring is done via polling, the IMAP account's
password should be stored in zulip-secrets.conf in
email_gateway_password, not in email_gateway_login.
2016-07-25 11:30:17 -07:00
Tim Abbott 35339f5117 Rename local_settings_template to prod_settings_template. 2016-07-19 20:59:59 -07:00