Commit Graph

51683 Commits

Author SHA1 Message Date
Mateusz Mandera dcbcb05655 saml: Make SP-initiated SLO work after signup. 2023-05-23 13:01:15 -07:00
Mateusz Mandera 04f5358a76 tests: Flush session in verify_desktop_flow_end_page in social auth.
As the relevant comment elaborates - what happens next in the test in
simulating the step that happens in the desktop app. Thus a new session
needs to be used. Otherwise, the old session created normally in the
browser pollutes the state and can give falsely passing tests.

This should be happening for all social auth tests using this, not just
in that one SAML test, thus moving it inside the helper method.
2023-05-23 13:01:15 -07:00
Mateusz Mandera 8fb0fe96c6 saml: Save SessionIndex in session and use when making a LogoutRequest.
This is a useful improvement in general for making correct
LogoutRequests to Idps and a necessary one to make SP-initiated logout
fully work properly in the desktop application. During desktop auth
flow, the user goes through the browser, where they log in through their
IdP. This gives them a logged in  browser session at the IdP. However,
SAML SP-initiated logout is fully conducted within the desktop
application. This means that proper information needs to be given to the
the IdP in the LogoutRequest to let it associate the LogoutRequest with
that logged in session that was established in the browser. SessionIndex
is exactly the tool for that in the SAML spec.
2023-05-23 13:01:15 -07:00
Mateusz Mandera 5dd4dcdebb saml: Make SP-initiated SLO work in the desktop application. 2023-05-23 13:01:15 -07:00
Mateusz Mandera 3f55c10685 saml: Rework SP-initiated logout config to support IdP-level config.
This gives more flexibility on a server with multiple organizations and
SAML IdPs. Such a server can have some organizations handled by IdPs
with SLO set up, and some without it set up. In such a scenario, having
a generic True/False server-wide setting is insufficient and instead
being able to specify the IdPs/orgs for SLO is needed.
2023-05-23 13:01:15 -07:00
Mateusz Mandera e8f3b87b17 saml: Sign LogoutRequests and LogoutResponses if certs are set up. 2023-05-23 13:01:15 -07:00
Mateusz Mandera 0bb0220ebb saml: Implement SP-initiated Logout.
Closes #20084

This is the flow that this implements:
1. A logged-in user clicks "Logout".
2. If they didn't auth via SAML, just do normal logout. Otherwise:
3. Form a LogoutRequest and redirect the user to
https://idp.example.com/slo-endpoint?SAMLRequest=<LogoutRequest here>
4. The IdP validates the LogoutRequest, terminates its own user session
and redirects the user to
https://thezuliporg.example.com/complete/saml/?SAMLRequest=<LogoutResponse>
with the appropriate LogoutResponse. In case of failure, the
LogoutResponse is expected to express that.
5. Zulip validates the LogoutResponse and if the response is a success
response, it executes the regular Zulip logout and the full flow is
finished.
2023-05-23 13:01:15 -07:00
Mateusz Mandera dda4603f94 auth: Extract EXPIRABLE_SESSION_VAR_DEFAULT_EXPIRY_SECS. 2023-05-23 13:01:15 -07:00
Mateusz Mandera 01498add9b auth: Rename authentication_method session var. 2023-05-23 13:01:15 -07:00
Karl Stolley 903090c582 css: Move mention-pill colors under rendered markdown.
This just ensures that the mention-pill color selectors are children
of `rendered_markdown`, which class appears both in the message-
preview area as well as individual message rows.

Fixes #25720.
2023-05-23 12:57:24 -07:00
Anders Kaseorg 8a128ba81e commit-msg: Don’t change the current directory for non-Vagrant.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-05-23 12:24:44 -07:00
evykassirer 9427fb7230 settings: Fix narrow-screen background color, use color variable.
Fixes #25708.
2023-05-23 11:31:03 -07:00
Lauryn Menard eba83b9d87 api-docs: Expand `/update-message` main description for realm settings.
Expands the main description for the `/update-message` documentation
to include a list of the realm settings in the API that are relevant
to when users can update a message's content, topic or stream.
2023-05-23 11:11:20 -07:00
Lauryn Menard 8ec9abe00d api-changelog: Clarify feature level 159 descriptive text.
Original API changelog entries: commit 02eee3a04f and
commit 815bf609fa.
2023-05-23 11:11:20 -07:00
Lauryn Menard e4ae8b79c3 api-changelog: Clarify feature level 162 descriptive text.
Original API changelog entries: commit 73f0eae394 and
commit 2c4e076fef and commit 891f83601d.
2023-05-23 11:11:20 -07:00
Lauryn Menard 0e9c34a975 api-changelog: Clarify feature level 172 descriptive text.
Original API feature level entries: commit 440f9e397a and
commit bd7f728796.
2023-05-23 11:11:20 -07:00
Sahil Batra 295b37bceb bootstrap: Remove bootstrap CSS rules for number type inputs.
We have added the required CSS rules to individual elements in
previous commits and this commit can remove the CSS in bootstrap.css.
2023-05-23 10:54:12 -07:00
Sahil Batra c8ad693e41 billing: Add bootstrap CSS to number type inputs.
This commit adds bootstrap CSS rules for number type inputs
in billing and upgrade page to billing.css as we will be
removing them from bootstrap.css in further commits.
2023-05-23 10:54:12 -07:00
Sahil Batra 96eaadda71 activity: Add bootstrap CSS styles for number type inputs.
This commit adds bootstrap CSS rules for number type inputs
in activity page to activity.css as we will be removing them
from bootstrap.css in further commits.
2023-05-23 10:54:12 -07:00
Sahil Batra a62a863f67 bootstrap: Remove CSS for "submit" type inputs.
We use "submit" type inputs in dev login page. Only "cursor"
CSS was applied to those elements from bootstrap and this
commit adds it to those elements in portico_signin.css and
removes the CSS in bootstrap.css and bootstrap-btn.css.
2023-05-23 10:54:12 -07:00
Sahil Batra 599ad856b2 bootstrap: Remove CSS for ".input-xxlarge" elements.
We use "input-xxlarge" class for search box in activity
support page only. This commit adds the width property
in activity.css for the search box and rest of the CSS
applied using this class was redundant and can be removed
safely.
2023-05-23 10:54:12 -07:00
Sahil Batra f7b27e6fea bootstrap: Remove CSS for ".input-large".
We use "input-large" class only for sponsorship page
and the bootstrap CSS for this class is already
overridden by CSS defined in portico.css.
2023-05-23 10:54:12 -07:00
Sahil Batra 8719594c51 bootstrap: Remove CSS for search type inputs.
We do not use search type inputs anywhere in the app
and thus we can safely remove the CSS for it.
2023-05-23 10:54:12 -07:00
Sahil Batra d8c8de5f27 bootstrap: Remove CSS for color type input elements.
We do not use "color" type input elements anywhere in the
app.
2023-05-23 10:54:12 -07:00
Sahil Batra 3f57672e15 bootstrap: Remove CSS for "tel" type input elements.
We do not use "tel" type input elements anywhere in the
app.
2023-05-23 10:54:12 -07:00
Sahil Batra 385d30b285 bootstrap: Remove CSS for week type input elements.
We do not use "week" type input elements anywhere in the
app.
2023-05-23 10:54:12 -07:00
Sahil Batra 33df97a3d9 bootstrap: Remove CSS for time type input elements.
We do not use "time" type input elements anywhere in the
app.
2023-05-23 10:54:12 -07:00
Sahil Batra 7627f346a3 bootstrap: Remove CSS for month type input elements.
We do not use "month" type input elements anywhere in the
app.
2023-05-23 10:54:12 -07:00
Sahil Batra 5d484a8794 bootstrap: Remove CSS for date type input elements.
We do not use "date" type input elements anywhere in the
app.
2023-05-23 10:54:12 -07:00
Sahil Batra 8ca8745c0e bootstrap: Remove CSS for datetime type input elements.
We do not use "datetime" type input elements anywhere in the
app.
2023-05-23 10:54:12 -07:00
Sahil Batra 286f47468d bootstrap: Remove CSS for button type inputs.
We do not use button type inputs anywhere in the app so
we can remove its CSS.
2023-05-23 10:54:12 -07:00
Sahil Batra b08ba862e6 bootstrap: Remove CSS for reset type inputs.
We do not use "reset" type inputs in our app, so we can
safely remove the CSS for them.
2023-05-23 10:54:12 -07:00
Aman Agrawal dc6099d656 message_row: Use equal top/bottom padding in message content.
We had the `3px 0 1px` padding before migration to use grid,
then I switched it to use `4px 0 1px` since we were planning to
use blue box border which seemed to have helped that case.

Since we switched to using outline for blue box, it makes sense
to just use equal padding.
2023-05-23 10:45:28 -07:00
Greg Price df8a434424 portico: Add Senior Flutter Engineer position to `/jobs` page. 2023-05-22 17:22:39 -07:00
Alex Vandiver 0935d388f0 nginx: Set X-Forwarded-Proto based on trust from requesting source.
Django has a `SECURE_PROXY_SSL_HEADER` setting[^1] which controls if
it examines a header, usually provided by upstream proxies, to allow
it to treat requests as "secure" even if the proximal HTTP connection
was not encrypted.  This header is usually the `X-Forwarded-Proto`
header, and the Django configuration has large warnings about ensuring
that this setting is not enabled unless `X-Forwarded-Proto` is
explicitly controlled by the proxy, and cannot be supplied by the
end-user.

In the absence of this setting, Django checks the `wsgi.url_scheme`
property of the WSGI environment[^2].

Zulip did not control the value of the `X-Forwarded-Proto` header,
because it did not set the `SECURE_PROXY_SSL_HEADER` setting (though
see below).  However, uwsgi has undocumented code which silently
overrides the `wsgi.url_scheme` property based on the
`HTTP_X_FORWARDED_PROTO` property[^3] (and hence the
`X-Forwarded-Proto` header), thus doing the same as enabling the
Django `SECURE_PROXY_SSL_HEADER` setting, but in a way that cannot be
disabled.  It also sets `wsgi.url_scheme` to `https` if the
`X-Forwarded-SSL` header is set to `on` or `1`[^4], providing an
alternate route to deceive to Django.

These combine to make Zulip always trust `X-Forwarded-Proto` or
``X-Forwarded-SSL` headers from external sources, and thus able to
trick Django into thinking a request is "secure" when it is not.
However, Zulip is not accessible via unencrypted channels, since it
redirects all `http` requests to `https` at the nginx level; this
mitigates the vulnerability.

Regardless, we harden Zulip against this vulnerability provided by the
undocumented uwsgi feature, by stripping off `X-Forwarded-SSL` headers
before they reach uwsgi, and setting `X-Forwarded-Proto` only if the
request was received directly from a trusted proxy.

Tornado, because it does not use uwsgi, is an entirely separate
codepath.  It uses the `proxy_set_header` values from
`puppet/zulip/files/nginx/zulip-include-common/proxy`, which set
`X-Forwarded-Proto` to the scheme that nginx received the request
over.  As such, `SECURE_PROXY_SSL_HEADER` was set in Tornado, and only
Tornado; since the header was always set in nginx, this was safe.
However, it was also _incorrect_ in cases where nginx did not do SSL
termination, but an upstream proxy did -- it would mark those requests
as insecure when they were actually secure.  We adjust the
`proxy_set_header X-Forwarded-Proto` used to talk to Tornado to
respect the proxy if it is trusted, or the local scheme if not.

[^1]: https://docs.djangoproject.com/en/4.2/ref/settings/#secure-proxy-ssl-header
[^2]: https://wsgi.readthedocs.io/en/latest/definitions.html#envvar-wsgi.url_scheme
[^3]: 73efb013e9/core/protocol.c (L558-L561)
[^4]: 73efb013e9/core/protocol.c (L531-L534)
2023-05-22 16:50:29 -07:00
Greg Price 2baa4fc0ca total-contributions: Add zulip-flutter to the list of repos. 2023-05-22 16:04:26 -07:00
Greg Price c4cc27cd20 total-contributions: Fix bug that replaced a repo's whole history with nothing.
When using a start date before the first commit to a repo, we should
include the repo's entire history (up to the end date) in our totals.

Instead, we were using a range like "..{upper_version}", which in Git
revision-range syntax means the start of the range is HEAD -- so the
range was empty.

Fix that by leaving out the ".." when we want no left endpoint.
2023-05-22 16:04:26 -07:00
Greg Price 0c8fef2fc8 total-contributions: Factor out logic common to all repos. 2023-05-22 16:04:26 -07:00
Karl Stolley ab94bcb21b css: Move recipient-row unread markers to message row file. 2023-05-22 15:54:57 -07:00
Karl Stolley 36c5df7663 css: Move message-row styles to own file. 2023-05-22 15:54:57 -07:00
Karl Stolley ffbd0cb316 css: Clean up comments for future readers. 2023-05-22 15:54:57 -07:00
Tim Abbott a5ac19e93a emails: Work around bad Apple Mail preview parser.
Apparently, Apple Mail interpreted the <body> text in the comment here
as the start of the body in the email in its special parser for
displaying a preview of emails in the inbox view, resulting in every
Zulip email being displayed as "tag out of the email, the ..." instead
of our configured preheader.
2023-05-22 15:50:50 -07:00
xoldyckk 6f009c5e65 ts: Convert rtl.js to TypeScript.
Co-authored-by: Satyam Bansal <sbansal1999@gmail.com>
2023-05-22 15:41:42 -07:00
Lauryn Menard 6d6a335e32 api-docs: Make realm_linkifiers current API clear in description.
Adjusts the descriptions of realm_linkifiers (and deprecated
realm_filters) events and register response fields so that the
description of the current API is complete without the feature
level 176 **Changes** notes.
2023-05-22 15:20:07 -07:00
Lauryn Menard fd02648b0e api-changelog: Update feature level 175 entry and related changes notes. 2023-05-22 13:21:03 -07:00
Karl Stolley 9f99235368 send_button: Suppress Send tooltip on tabbing to send. 2023-05-22 13:01:52 -07:00
Aman Agrawal eeea5c1713 css: Fix @everyone and @stream displayed as user mentions.
Backend incorrectly renders @everyone and @stream as `user-mention`
while they are clearly `group_mention`. To fix this, we use
`data-user-id` property of @everyone and @stream which are
set to `*` for them.
2023-05-22 12:41:44 -07:00
Aman Agrawal 67ff421194 css: Change mention text and background colors. 2023-05-22 12:41:44 -07:00
Aman Agrawal c415944e55 css: Separate mention pill colors. 2023-05-22 12:41:44 -07:00
Lalit 888d6d8037 settings_playground: Fix sorting issues in playgrounds table.
Removed the sorting functions which were sorting under the assumption that
our comparison items were a list instead I used the generic sort functions
functionality of our `list_widget` module.
2023-05-22 09:36:24 -07:00