Commit Graph

66 Commits

Author SHA1 Message Date
Tim Abbott ab2ef76baa login: Fix hash being lost with redirects.
This fixes the following flow being broken:

* You start on
  http://zulipdev.com:9991/accounts/go/?next=/upgrade%23sponsorship
  (which we link to from e.g. /plans/)

* The form on that page has
  `action=/accounts/go/?next=%2Fupgrade%23sponsorship`, i.e. it has correctly
  URL-encoded the `next `value.

* You enter a realm name and hit submit.

* That redirects you to
  `http://realm-26.zulipdev.com:9991/upgrade#sponsorship`, would is
  correct if you are already logged in.

* However, if you're not logged in, `/upgrade` will serve a redirect
  to the login page, landing you at
  `http://realm-26.zulipdev.com:9991/devlogin/?next=/upgrade/#sponsorship`.
  This page works.  But in production, it would instead be:
  `http://realm-26.zulipdev.com:9991/login/?next=/upgrade/#sponsorship`.
  On this page, password login works but social login does not.
  Note that the `next=` value is no longer URL-encoded, and thus is
  parsed by the browser as `?next=/upgrade` + a hash of
  `#sponsorship`.

* If you now login with Google auth, you find yourself on
  `http://realm-26.zulipdev.com:9991/#sponsorship` (no /upgrade).

The root cause was that we have a bit of JavaScript in signup.js and
dev-login.js that is intended to handle this; but it was broken for
the social login case for unknown legacy reasons.

This bug appears to date from the original
b62bdde303 which introduced `next`
support for social backends in the first place.
2021-07-24 09:50:15 -07:00
Priyank Patel 607abc0b77 signup: Use e.key instead of deprecated e.which.
Tested by making sure Enter works as expected in the signup flow.
2021-06-02 14:04:53 -07:00
sahil839 d37ddf13a4 registration: Show spinner and disable button while processing.
This commit disables the button and shows a loading spinner on
the button when signup request is being processed to avoid race
conditions caused by user clicking on the button multiple times.

The fix is done observing that for the case when form is invalid
the whole page is rerendered and thus we do not need to remove
the spinner and enable the button again and for other errors
we redirect to some other page.

And for the validation taking place in client-side, the button
is disabled and spinner is shown, only is form is valid, by
using "$('#registration').valid()".
2021-05-27 22:51:13 -07:00
Siddharth Asthana 4262c04db1 registration: Encode source realm as an integer.
In the source realm selector, when we select a realm from which we want
to import the data, we pass the source realm's string_id. The problem
with this approach is that the string_id can be an empty string. This
commit makes the source_realm pass the realm's id instead of string_id.
Now, the source_realm's value will either be an integer or "" (empty
string) when we don't want to import settings from any realm.
2021-05-02 11:12:49 -07:00
Anders Kaseorg bf056c8990 js: Extract password_quality module; remove zxcvbn from globals.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-04-24 13:08:52 -07:00
Gaurav Pandey a9fcafc433 reset_confirm: Add show password feature to reset confirm page.
Fixes part of #17301.
2021-04-23 15:01:37 -07:00
Gaurav Pandey 91c73025d2 register: Add show password feature to password fields.
Fixes part of #17301.
2021-04-23 15:01:37 -07:00
Gaurav Pandey fa235e60ff login: Add show password feature to login page.
The show password feature is a functionality to
toggle the visibility of the password fields in forms
so that one can check if they have entered the correct
password or not. We implement this using an eye icon
toggling which converts input field type from password
to text and vice-versa.
Fixes part of #17301.
2021-04-23 15:01:37 -07:00
Anders Kaseorg ea9ca6b7d0 js: Use jQuery as a module.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-03-12 10:08:25 -08:00
Anders Kaseorg a3e6ebb04c js: Convert static/js/common.js to ES6 module.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-28 14:23:00 -08:00
Anders Kaseorg 5bee572332 js: Convert static/js/portico/signup.js to ES6 module.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-10 10:27:14 -08:00
aryanshridhar f92f99d92d dependencies: Replace moment.js with date-fns.
Replaced methods/functions of moment.js with date-fns library.
The motive was to replace it with a smaller frontend timezone library.

Date-fns ~ 11.51 kb
moment.js ~ 217.87 kb

Some of the format strings change because date-fns encodes them
differently from how moment did.

Fixes #16373.
2021-02-05 11:04:32 -08:00
Anders Kaseorg 2f80415756 eslint: Fix unicorn/no-lonely-if.
https://github.com/sindresorhus/eslint-plugin-unicorn/blob/v24.0.0/docs/rules/no-lonely-if.md

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-12-22 16:14:28 -08:00
Anders Kaseorg 984a5bb737 dependencies: Upgrade JavaScript dependencies.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-12-09 23:07:38 -08:00
Anders Kaseorg 48f5e5179a eslint: Fix unicorn/prefer-string-slice.
https://github.com/sindresorhus/eslint-plugin-unicorn/blob/master/docs/rules/prefer-string-slice.md

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-07 16:00:33 -07:00
Priyansh Garg 8dd29f4e99 portico: Improve error messages display on registration page.
Improves the display of error messages on registration page fixing
mis-positioning of error messages and overlapping with other text
in some cases.

Part of: #15750.
2020-08-31 22:12:03 -07:00
Anders Kaseorg 6ec808b8df js: Add "use strict" directive to CommonJS files.
ES and TypeScript modules are strict by default and don’t need this
directive.  ESLint will remind us to add it to new CommonJS files and
remove it from ES and TypeScript modules.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-07-31 22:09:46 -07:00
Anders Kaseorg a43307bc4e js: Use Moment.js as a module.
Note that require("moment") and require("moment-timezone") resolve to
the same thing, but the latter adds timezone support as a side effect.
So I went with the latter in every file where .tz is used.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-07-28 10:54:35 -07:00
Anders Kaseorg a2a5871088 js: Replace deprecated $.trim method.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-07-22 12:20:23 -07:00
Anders Kaseorg 96dcc0ce6e js: Use ES6 object literal shorthand syntax.
Generated by ESLint.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-07-21 12:42:22 -07:00
Anders Kaseorg a9ca5f603b js: Replace deprecated jQuery event trigger shorthand.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-07-21 12:01:26 -07:00
Anders Kaseorg 4e42137bd9 js: Replace deprecated jQuery event handler shorthand.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-07-21 12:01:26 -07:00
Anders Kaseorg b65d2e063d js: Reformat with Prettier.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-07-17 14:31:25 -07:00
Anders Kaseorg f3726db89a js: Normalize strings to double quotes.
Prettier would do this anyway, but it’s separated out for a more
reviewable diff.  Generated by ESLint.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-07-17 14:31:24 -07:00
Anders Kaseorg a79322bc94 eslint: Enable prefer-arrow-callback.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-07-03 16:55:50 -07:00
Mateusz Mandera 6dbd2b5fc3 auth: Merge RemoteUserBackend into external_authentication_methods.
We register ZulipRemoteUserBackend as an external_authentication_method
to make it show up in the corresponding field in the /server_settings
endpoint.

This also allows rendering its login button together with
Google/Github/etc. leading to us being able to get rid of some of the
code that was handling it as a special case - the js code for plumbing
the "next" value and the special {% if only_sso %} block in login.html.
An additional consequence of the login.html change is that now the
backend will have it button rendered even if it isn't the only backend
enabled on the server.
2019-12-10 20:16:21 +01:00
Anders Kaseorg 28f3dfa284 js: Automatically convert var to let and const in most files.
This commit was originally automatically generated using `tools/lint
--only=eslint --fix`.  It was then modified by tabbott to contain only
changes to a set of files that are unlikely to result in significant
merge conflicts with any open pull request, excluding about 20 files.
His plan is to merge the remaining changes with more precise care,
potentially involving merging parts of conflicting pull requests
before running the `eslint --fix` operation.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-11-03 12:42:39 -08:00
Anders Kaseorg ed63042480 templates: Replace focusing scripts with autofocus attribute.
Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-09-16 17:23:20 -07:00
Alexandra Ciobica eb6c5e1962 auth: Style the GitHub auth email selection page.
I added the `white-box` as it was in the other similar pages
(`/accounts/go`).

In order to be able to style it better, I removed the buttons and added
`div`s instead, then added click handler for submitting the form.

If the email is associated to a Zulip account, the avatar of the account
is displayed and the text `Log in`, otherwize a `+` sign is
displayed and the text `Create new account`.
2019-08-08 11:12:51 -07:00
Harshit Bansal bf14a0af4d auth: Migrate google auth to python-social-auth.
This replaces the two custom Google authentication backends originally
written in 2012 with using the shared python-social-auth codebase that
we already use for the GitHub authentication backend.  These are:

* GoogleMobileOauth2Backend, the ancient code path for mobile
  authentication last used by the EOL original Zulip Android app.

* The `finish_google_oauth2` code path in zerver/views/auth.py, which
  was the webapp (and modern mobile app) Google authentication code
  path.

This change doesn't fix any known bugs; its main benefit is that we
get to remove hundreds of lines of security-sensitive semi-duplicated
code, replacing it with a widely trusted, high quality third-party
library.
2019-07-21 20:51:34 -07:00
Anders Kaseorg 12e6189970 signup, settings: Update password strength meter on input events.
Pasting a generated password into the password box triggers neither a
change event (until the password box is unfocused) nor a keyup event.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-06-27 14:51:19 -07:00
Thomas Ip 6cad1988a9 jQuery: Use positional methods on single selectors.
For selectors like `$('.element:first')`, we can simply write
`$('.element').first()`.
2019-06-06 15:21:26 -07:00
Abhinav Singh 62d9241c03 refactor: Remove inline javascript code from accounts_send_confirm.html.
This commit removes inline javascript code present in
accounts_send_confirm.html and moves it to signup.js. This page is
rendered when the "/accounts/send_confirm" endpoint is visited. An
empty div element is added in accounts_send_confirm.html with
unique data-page-id attribute to make it more easy to find in which
page we are, while working with the javascript code.
2019-03-25 15:14:24 -07:00
Abhinav Singh 4b8f6b55be refactor: Remove inline javascript code from reset_confirm.html.
This commit removes inline javascript code present in reset_confirm.html
and moves it to signup.js. The reset_confirm.html page is rendered when
the user visits "/accounts/password/reset" confirmation page. An empty
div element is added in reset_confirm.html with unique data-page-id
attribute to make it more easy to find in which page we are, while
working with the javascript code.
2019-03-25 15:14:24 -07:00
Abhinav Singh 17d9c24094 refactor: Remove inline javascript code from reset.html.
This commit removes inline javascript code present in reset.html and
moves it to signup.js. The reset.html page is rendered when the user
visits "/accounts/password/reset". An empty div element is added in
reset.html with unique data-page-id attribute to make it more easy
to find in which page we are, while working with the javascript code.
2019-03-25 15:14:24 -07:00
Abhinav Singh 65d9d017c3 refactor: Remove inline javascript code from create_realm.html.
This commit removes inline javascript code present in create_realm.html
and moves it to signup.js. The create_realm.html page is rendered when
the user visits "/new". An empty div element is added in
create_realm.html with unique data-page-id attribute to make it more easy
to find in which page we are, while working with the javascript code.
2019-03-25 15:14:24 -07:00
Abhinav Singh 2a14fcf3e9 refactor: Remove inline javascript code from accounts_home.html.
This commit removes inline javascript code present in
accounts_home.html and moves it to signup.js. The accounts_home.html
page is rendered when the user visits "/register". An empty div
element is added in accounts_home.html with unique data-page-id
attribute to make it more easy to find in which page we are, while
working with the javascript code.
2019-03-25 15:14:24 -07:00
Abhinav Singh 4efef4f1a5 refactor: Remove inline javascript code from login.html.
This commit removes inline javascript code present in login.html and
moves it to signup.js. An empty div element is added in login.html
with unique data-page-id attribute to make it more easy to find in
which page we are, while working with the javascript code.
2019-03-25 15:14:24 -07:00
Harshit Bansal dc1fd61adf registration: Don't remove LDAP populated full name.
This commit fixes a bug that caused:
1: A valid full name on an onboarding form to be cleared after an
invalid submission.
2: Incorrectly cleared name populated from LDAP which was janky from
UX perspective.

Ideally we should disable name change for LDAP as next login
will overwrite any changes but I think that can be done in a
separate PR.

Fixes: #10867.
2019-01-17 10:16:48 -08:00
Vaibhav 34ef37b1fe portico: Fix overlap of server and frontend errors.
Clears the errors received from the server whenever there is a chance of
overlap among them.

Fixes #10831.
2019-01-09 10:56:17 -08:00
Vishnu Ks 96bb27fa84 signup: Fix bug in import settings when subdomain is root.
If branch for showing the profile details would
not have executed if the subdomain was root ("").
The check was changed to check for select input
instead of checking for subdomain.
2018-12-29 15:01:09 -08:00
Tim Abbott bdb3da4504 eslint: Add key-spacing linter rule.
Apparently, we didn't have one of these, and thus had a moderate
number of generally very old violations in the codebase.  Fix this and
clear the ones that exist..
2018-12-18 10:41:06 -08:00
Tim Abbott 008722b809 portico: Fix logic for whether a password field is present.
Now, we correctly avoid calling various password quality/strength
functions in the registration flow in the event that there isn't a
password form on the current page.

Before, some code wasn't inside a block at all, while other code was
using an incorrect check (an empty jQuery object is not falsey).

The overall result was that this would often crash on certain
pages/flows, stopping JS execution and causing various secondary
problems.
2018-12-15 13:58:38 -08:00
Abhinav Singh 979fae0406 portico: Add autofocus to the first input field with errors.
This code brings the focus to the first input field with errors rather
than just the first input field present in the form after the sign up
form is rendered again after invalid data is submitted.

Note from tabbott: This still doesn't handle the ToS checkbox being
the source of the error, but that's an independent issue.

Fixes #10869.
2018-12-04 12:22:09 -08:00
Abhinav Singh 586ce70b8b portico: Auto-detect field to focus for registration page.
This replaces the manually-curated logic for which field to focus.
2018-12-04 12:22:09 -08:00
Tim Abbott 333b8ef668 signup: Move registration JS to signup.js.
Also, fix a linter error encountered in the process.
2018-12-03 12:22:59 -08:00
Abhinav Singh 0774bd7df0 portico: Fix password strength bar reset after form invalidation.
This code prevents the password bar from being incorrectly clear after
the sign up form is rendered again after invalid data is submitted
(generally due to forgetting to agree to ToS).

Fixes #10868.
2018-11-28 11:52:08 -08:00
Vishnu Ks 66dead7fee signup: Fix the full_name hidden bug when user has no other account.
Fixes #9802
2018-06-23 10:56:47 -07:00
Vishnu Ks 3dd9f61851 signup: Show profile details during settings import. 2018-06-19 11:25:23 -07:00
Anupam-dagar 865480ec42 portico: Fix positioning of "disposable email address" errors.
Modified by tabbott to prevent losing the frontend errors, and make it
more clear which errors are from the frontend vs. backend.

Fixes: #8784.
2018-03-22 14:38:57 -07:00