Commit Graph

2423 Commits

Author SHA1 Message Date
Tim Abbott 64b4d83038 push_notifications: Improve debugging of lookup problems.
We're having this error being thrown often, and don't know why.
2017-11-09 15:20:24 -08:00
Steve Howell 531a3ee9de refactor: Fix parse.quote(force_str(s)) calls in bugdown. 2017-11-09 10:43:20 -08:00
Steve Howell 786e90d774 Removed unused imports of force_bytes. 2017-11-09 10:32:14 -08:00
Steve Howell 50e3285a0d tests: Remove force_text() in test_messages.py. 2017-11-09 10:27:30 -08:00
YJDave de67bf81fd org settings: Allow users to delete their message.
Fixes #7049.
2017-11-09 10:20:34 -08:00
rht 5937141264 Remove usage of six.moves.string_types. 2017-11-09 10:00:00 -08:00
Harshit Bansal 65838bb825 email_gateway: Disable code block processor for email gateway.
Generally emails are not written with markdown in mind and hence
sometimes render in strange ways. This commit fixes a particular
issue that was causing whitespace before paragraphs to be treated
as code block due to which email content was being rendered in a
box that scrolls in right direction a lot.

Fixes: #7045.
2017-11-09 09:56:35 -08:00
derAnfaenger 19bc55aa45 Fix various typos.
The typos and their corrections were found with the
aid of https://github.com/lucasdemarchi/codespell.
2017-11-09 16:26:38 +01:00
rht 04f4f7166c zerver/tests: Use python 3 syntax for typing.
This patch was extracted by tabbott for just the files with no open
PRs modifying them.
2017-11-08 12:50:27 -08:00
Tim Abbott 5703b38ffb api: Move usage instructions to their own page. 2017-11-08 10:29:24 -08:00
Eeshan Garg 7c113f0447 api-docs: Render api_url in /api docs.
In templates/zerver/api/main.html, since the current context isn't
passed to render_markdown_path when rendering an article,
render_markdown_path doesn't have the context to render values such
as api_url. This commit makes sure that it does by passing a dict
called api_uri_context to render_markdown_path when rendering an
article.
2017-11-08 01:29:49 -03:30
Steve Howell ae0b27a7ed Extract messages_for_ids. 2017-11-07 17:48:27 -08:00
Steve Howell 47c63217cc tests: Add test_include_history().
Before this test, we weren't really testing the logic to
get flags from UserMessage.
2017-11-07 17:48:27 -08:00
Steve Howell 8616a4ebc5 Use client_gratavar=True for users on in page_params.
This change affects realm_users and realm_non_active_users.

Note that we still send full avatar urls in realm_user/add
events, so apply_events has to do something mildly hacky to
turn the avatar_url to None in that case.

Fixing the event is probably not worth the trouble, as single
urls are not bandwidth hogs; we only need this optimization
for bulk data.
2017-11-07 16:38:14 -08:00
Steve Howell a076581426 Use client_gravatar=True for avatar URLs in page_params.
This change affects these values:

    * page_params.avatar_url
    * page_params.avatar_url_medium

It requires passing the client_gravatar flag through this
codepath:

    * home_real
    * do_events_register
    * fetch_initial_state_data
    * avatar_url
2017-11-07 16:38:14 -08:00
Rishi Gupta 15b3a8e4ff email change: Use confirmation object user to determine changeability.
Seems like the more logical check. Also, the previous code makes it feel
like there is a potential vulnerability where one could get an email change
object in a realm where email changes are disabled, and then open that link
while logged in to a different realm.

While we're at it, remove the unnecessary check that the user is
logged in when clicking the confirmation link; that creates
unnecessary trouble for users who use multiple browsers.
2017-11-07 16:26:27 -08:00
Rishi Gupta 1823d46236 unsubscribe: Use a custom confirmation error page.
Reverts a bit of 6e02ce8.
2017-11-07 16:02:49 -08:00
Tim Abbott 417f92c8e1 markdown: Remove now-obsolete bugdown_matches_marked.
Fixes #7099.
2017-11-07 12:01:57 -08:00
neiljp (Neil Pilgrim) 9655c4f122 mypy: Amend type of bad_stream_content within test_bad_narrow_stream_content. 2017-11-07 11:26:46 -08:00
neiljp (Neil Pilgrim) 8a0d4e6bff mypy: Improve typing of test_narrow.py:exercise_bad_narrow_operand.
- Add explicit Any type parameter to Sequence
- Specify compatible List type parameters for addition in function body.
2017-11-07 11:26:46 -08:00
neiljp (Neil Pilgrim) 6a1786dc1b mypy: Clarify return type of _check_messages_before_archiving. 2017-11-07 11:26:46 -08:00
rht fa7016644e refactor: Remove six.moves.https_cookies import. 2017-11-07 10:51:44 -08:00
rht 9c7d5812ce refactor: Remove six.moves.urllib.parse import. 2017-11-07 10:51:44 -08:00
rht de319b4558 refactor: Remove six.moves.StringIO import. 2017-11-07 10:51:44 -08:00
rht 6cce0e346e refactor: Remove six.moves.filter import. 2017-11-07 10:51:44 -08:00
rht 80a8d4f9f3 refactor: Remove six.moves.map import. 2017-11-07 10:46:42 -08:00
rht 549a26860f refactor: Remove six.moves.range import. 2017-11-07 10:46:42 -08:00
rht ec5120e807 refactor: Remove six.moves.zip import. 2017-11-07 10:46:42 -08:00
rht 19bd335cbb Change urllib import to be Python 3-specific. 2017-11-07 10:46:42 -08:00
Steve Howell 2bbfda041a Support client_gravatar field for event registration.
This commit allows clients to register client_gravatar=True, and
then we recognize that flag for message events.  If the flag is
True, we will not calculate gravatar URLs and let the clients do
it themselves.  (Clients can calculate gravatar URLs based on
emails with just a little bit of code.)
2017-11-07 10:42:17 -08:00
Steve Howell 3462127ddb Improve test_client_info_for_normal_users().
We now test both possible values of apply_markdown.
2017-11-07 10:36:02 -08:00
Steve Howell 01777623a7 Improve test_get_events_narrow().
We now test message events with both possible value of
apply_markdown (False and True).
2017-11-07 10:36:02 -08:00
Steve Howell 88e1e284bb Restructure send-message code for gravatars.
This refactoring doesn't change behavior, but it sets us up
to more easily handle a register setting for `client_gravatar`,
which will allow clients to tell us they're going to compute
their own gravatar URLs.

The `client_gravatar` flag already exists in our code, but it
is only used for Django views (users/messages) but not for
Zulip events.

The main change is to move the call to `set_sender_avatar` into
`finalize_payload`, which adds the boolean `client_gravatar`
parameter to that function.  And then we update various callers
to supply that flag.

One small performance benefit of this change is that we now
lazily compute the client message payloads in
`event_queue.process_message_event` now, so this will improve
performance if all interested clients have the same value of
`apply_markdown`.  But the change here is really preparing us
for the additional boolean parameter, which will cause us to
have four variations of the payload.
2017-11-07 10:36:02 -08:00
Steve Howell 5be13fb066 Add cachify decorator. 2017-11-07 10:36:02 -08:00
derAnfaenger 0709033858 bugdown: Fetch complete data for tweet.
This makes an extended instead of a normal query,
resulting in the full text of a tweet being fetched
instead of just a truncated version.
2017-11-07 09:13:39 -08:00
rht c7fa1d4146 zerver/tests: Remove inheritance from object. 2017-11-06 08:53:48 -08:00
neiljp (Neil Pilgrim) 42f5eea61f mypy: Improve typing of request.pyi (REQ).
This expands request.pyi to type-check the arguments passed into REQ.

Tweaked by tabbott to fix the report.py annotations.
2017-11-04 20:26:03 -07:00
neiljp (Neil Pilgrim) 0d31cb568c mypy: Broaden some types from Dict to Any based on context. 2017-11-04 19:47:45 -07:00
neiljp (Neil Pilgrim) 055dff9038 mypy: Clarify parameter types in test_decorators.py. 2017-11-04 19:47:45 -07:00
neiljp (Neil Pilgrim) 6e6b1ce0d5 mypy: Explicitly inherit test_[sequence|mapping] test classes from generic types. 2017-11-04 19:47:45 -07:00
neiljp (Neil Pilgrim) 3fd720d8f4 mypy: Broadly specify lambda type parameters in test_events.py. 2017-11-04 19:47:45 -07:00
neiljp (Neil Pilgrim) aae8a03415 mypy: Explicitly specify Dict[str, Any] as DummyForm base type. 2017-11-04 19:47:45 -07:00
neiljp (Neil Pilgrim) b0e9fd7fa0 mypy: Specify type of decorator correctly in test_logging_handlers.py. 2017-11-04 19:47:45 -07:00
neiljp (Neil Pilgrim) f3b5b9db78 mypy: Specify Callable parameters in FakeClient functions in WorkerTest. 2017-11-04 19:47:45 -07:00
neiljp (Neil Pilgrim) 6f490394c3 mypy: Set explicit Any-like parameters for StatsMock functions. 2017-11-04 19:47:45 -07:00
Greg Price 68b0a419ec decorator: Cut a bunch of dead imports of two view decorators.
Saw these when grepping for these two decorators; they're actually
more numerous than the surviving use sites are.  Cut out the noise.
2017-11-04 19:27:00 -07:00
neiljp (Neil Pilgrim) d63733077f mypy: Return AdminZulipHandler in test_logging_handlers.py.
Switching from __class__.__name__ to isinstance() allows mypy to
confirm the list comprehension type, and so the return type.
2017-11-04 16:18:27 -07:00
Rishi Gupta 6e02ce8344 unsubscribe: Use get_object_from_key for confirmation.
This is the only one of the confirmation pathways that wasn't using this
idiom, I think.
2017-11-03 15:33:16 -07:00
Rishi Gupta fdbe36644e confirmation: Add confirmation_type to get_object_from_key.
This change:

* Prevents weird potential attacks like taking a valid confirmation link
  (say an unsubscribe link), and putting it into the URL of a multiuse
  invite link. I don't know of any such attacks one could do right now, but
  reasoning about it is complicated.

* Makes the code easier to read, and in the case of confirmation/views.py,
  exposes something that needed refactoring anyway (USER_REGISTRATION and
  INVITATION should have different endpoints, and both of those endpoints
  should be in zerver/views/registration, not this file).
2017-11-03 15:33:16 -07:00
Tim Abbott 957e1c2ec6 mypy: Fix buggy import setup for embedded bot tests. 2017-11-03 14:38:43 -07:00
derAnfaenger f382875d5a embedded bots: Add full test coverage for queue processor. 2017-11-03 13:57:24 -07:00
derAnfaenger 3985cae689 outgoing webhook bots: Add message flow tests.
This adds coverage for the outgoing_webhooks
queue worker.
2017-11-03 13:55:16 -07:00
derAnfaenger 84328320eb outgoing webhook tests: Simplify response mock.
Before this commit, ResponseMock() was initialized
with a data attribute, which isn't used in the tests
and does not occur in the outgoing webhook code.
2017-11-03 13:53:39 -07:00
Greg Price 119bc14182 alias domains: Add a v1 of this feature.
The main limitation of this version is that it's controlled entirely
from settings, with nothing in the database and no web UI or even
management command to control it.  That makes it a bit more of a
burden for the server admins than it'd ideally be, but that's fine
for now.

Relatedly, the web flow for realm creation still requires choosing a
subdomain even if the realm is destined to live at an alias domain.

Specific to the dev environment, there is an annoying quirk: the
special dev login flow doesn't work on a REALM_HOSTS realm.  Also,
in this version the `add_new_realm` and `add_new_user` management
commands, which are intended for use in development environments only,
don't support this feature.

In manual testing, I've confirmed that a REALM_HOSTS realm works for
signup and login, with email/password, Google SSO, or GitHub SSO.
Most of that was in dev; I used zulipstaging.com to also test
 * logging in with email and password;
 * logging in with Google SSO... far enough to correctly determine
   that my email address is associated with some other realm.
2017-11-03 13:38:59 -07:00
Steve Howell 9767029211 Allow generic bots to be mentioned.
The original PR to allow generic bots to be mentioned had
some merge issues that we detected about a week after the
fact.  This commit restores the logic from the original PR.

The reason we didn't detect this bug earlier is that the
merge issues didn't break any existing behavior.  Instead,
they made it so that only UserMessage rows got written for
bots, but no events were being set.  The part of the commit
that got lost is restored here, so now events get sent as
well.

Thanks to @derAnfaenger for reporting this and being patient
as we tracked it down.

Fixes #7140
2017-11-03 07:45:18 -07:00
derAnfaenger 2155b255d6 service bot tests: Remove bot stream subscription.
Since service bots react to all @-mentions, the
stream subscription was redundant.
2017-11-02 14:44:11 -07:00
rht dcc831f767 refactor: Replace all __unicode__ method with __str__.
Close #6627.
2017-11-02 11:01:47 -07:00
Harshit Bansal 44bff43c86 actions.py: Rename `do_remove_reaction()` to `do_remove_reaction_legacy()`. 2017-10-31 15:42:35 -07:00
Harshit Bansal 233595b2f7 actions.py: Rename `do_add_reaction()` to `do_add_reaction_legacy()`. 2017-10-31 15:42:35 -07:00
Umair Khan 636046aec9 user-groups: Add basic backend for UserGroup model.
This adds the data model and bugdown support for the new UserGroup
mention feature.

Before it'll be fully operational, we'll still need:
* A backend API for making these.
* A UI for interacting with that API.
* Typeahead on the frontend.
* CSS to make them look pretty and see who's in them.
2017-10-31 15:16:14 -07:00
Tim Abbott 6df65abd50 team: Tweak some text. 2017-10-31 12:44:05 -07:00
Tim Abbott d27002ba21 landing-page: Replace /about with /team and /history in links. 2017-10-31 12:44:05 -07:00
Sampriti Panda d6df408a0e search: Add tests for multiple unicode search operands. 2017-10-31 10:53:16 -07:00
Tim Abbott 5e3ba1f20f mypy: Fix an unnecessary duplicate type declaration. 2017-10-31 10:46:02 -07:00
Sampriti Panda ee61e1be2c search: Fix misaligned highlights due to unicode characters.
tsearch_extras returns search offsets in bytes but our highlight
function treated them as character offsets.  Added a check to subtract
extra bytes if the tsearch search backend is being used.

Fixes #4084.
Fixes #7021.
2017-10-31 09:06:46 -07:00
Tim Abbott 8f9463bd72 test_bugdown: Check for unknown keys in markdown_test_cases.json.
This should help protect us from typos.
2017-10-31 08:58:42 -07:00
Brock Whittaker e86e259cb1 /api/: Add Markdown-based /api-new documentation.
This commit allows for the /api-new/ page to rendered similarly to our
/help pages.  It's based on the old content for /api, but we're not
replacing the old content yet, to give a bit of time to restructure
things reasonably.

Tweaked by eeshangarg and tabbott.
2017-10-30 22:32:43 -07:00
Aditya Bansal 31ea495842 test_uploads: Extract 'use_s3_backend' to test helpers. 2017-10-30 21:56:31 -07:00
Aditya Bansal 269cd3b8bf tests: Remove work around for non-writeable name property of StringIO. 2017-10-30 21:56:31 -07:00
Greg Price 26edde21f7 alias domains: Tweak a test helper that assumes hosts are subdomains.
Because this is for tests, a heuristic like this that's right in most
situations is actually fine; we can override it in the few cases where
a test might set up a situation where it fails.

So just make it clear for the next reader that that's what's going on,
and also adjust the helper's interface slightly so that its callers
do have that flexibility.
2017-10-30 18:29:29 -07:00
Greg Price eb55a3a1ba template context: Give better names to the URLs for the API.
The "subdomain" label is redundant, to the extent it's even
accurate -- this is really just the URL we want to display,
which may or may not involve a subdomain.  Similarly "external".

The former `external_api_path_subdomain` was never a path -- it's a
host, followed by a path, which together form a scheme-relative URL.
I'm not quite convinced that value is actually the right thing in
2 of the 3 places we use it, but fixing that can start by giving an
accurate name to the thing we have.
2017-10-30 18:29:29 -07:00
Steve Howell faba34dae4 Simplify bulk_remove_subscriptions().
We extract get_bulk_stream_subscriber_info() from this
function to remove some of the complexity.  Also, in that
new function we avoid a hop to the database by querying
on stream ids instead of recipient ids.  The query that
gets changed here does require a join to the recipient
table (to get the stream id), so it's a little bit of a
tradeoff.
2017-10-30 16:33:50 -07:00
rht c4fcff7178 refactor: Replace super(.*self) with Python 3-specific super().
We change all the instances except for the `test_helpers.py`
TimeTrackingCursor monkey-patching, which actually needs to specify
the base class.
2017-10-30 14:30:25 -07:00
Harshit Bansal c863bb83a0 html_diff: Migrate to use lxml.
We were using Google's diff-match-patch library to diff HTML. The
problem with that approach is that it is a text differ, not an HTML
differ and so it ends up messing up the HTML tags. `lxml` is a safer
option.

Fixes: #7219.
2017-10-30 14:10:35 -07:00
Tim Abbott c160c06f9c bot_storage: Fix missing test coverage.
Apparently, we didn't have coverage on setting a second value for a
key.
2017-10-30 14:10:35 -07:00
Steve Howell 2d0daffbc0 tests: Verify query counts for stream deactivation. 2017-10-29 18:36:35 -07:00
Steve Howell 126e14d1de Add zerver/lib/stream_subscription.py.
The first method we extract to this library is
get_active_subscriptions_for_stream_id().

We also move num_subscribers_for_stream_id() to here, which
is slightly annoying (having the method on Stream was nice)
but avoids some circular dependency issues.
2017-10-29 18:36:35 -07:00
Steve Howell f5fcbe453b Use get_stream_recipient() in test_narrow.mute_stream(). 2017-10-28 17:57:39 -07:00
Steve Howell 8302689789 Extract Message.is_stream_message().
This sets us up to denormalize on to Message some notion of
whether a message is for a stream (without having to hit the
Recipient table).
2017-10-28 17:57:39 -07:00
Steve Howell 8b012c6210 Extract get_personal_recipient(). 2017-10-28 17:57:39 -07:00
Steve Howell a28841e8aa Extract get_stream_recipient().
Do you call get_recipient(Recipient.STREAM, stream_id) or
get_recipient(stream_id, Recipient.STREAM)?  I could never
remember, and it was not very type safe, since both parameters
are integers.
2017-10-28 17:57:39 -07:00
Harshit Bansal 4c077a77ed notifications: Instead of regex use lxml for fixing emojis. 2017-10-28 10:38:33 -07:00
Steve Howell d132c30c24 Remove `active` parameter from `do_create_user()`.
Almost all callers to do_create_user were trying to
create active users, except for one test.  The
active=False codepath was kind of broken (things
like sending welcome messages had sort of undefined
behavior there), so instead of trying to maintain it,
we just update the one test (`test_people`) to flip the
`is_active` flag manually.

Fixes #7197
2017-10-28 10:32:01 -07:00
Steve Howell c978464d16 tests: Fix send_message calls in test_user.py. 2017-10-28 10:20:59 -07:00
Steve Howell 610d9b4abc tests: Fix send_message calls in test_unread.py. 2017-10-28 10:20:59 -07:00
Steve Howell a20bba04ca tests: Fix send_message calls in test_tutorial.py. 2017-10-28 10:20:59 -07:00
Steve Howell bb42004464 tests: Fix send_message calls in test_subs.py. 2017-10-28 10:20:59 -07:00
Steve Howell fba754224c tests: Fix send_message calls in test_soft_deactivation.py. 2017-10-28 10:20:59 -07:00
Steve Howell 6475b25a00 tests: Fix send_message calls in test_signup.py. 2017-10-28 10:20:59 -07:00
Steve Howell f264bbc7ca tests: Fix send_message calls in test_service_bot_system.py. 2017-10-28 10:20:59 -07:00
Steve Howell 8276442ee6 tests: Fix send_message calls in test_retention.py. 2017-10-28 10:20:59 -07:00
Steve Howell 1f077f7177 tests: Fix send_message calls in test_reactions.py. 2017-10-28 10:20:59 -07:00
Steve Howell 74943b4120 tests: Fix send_message calls in test_notifications.py. 2017-10-28 10:20:59 -07:00
Steve Howell 26e51c016d tests: Fix send_message calls in test_narrow.py. 2017-10-28 10:20:59 -07:00
Steve Howell 5c00bbc1a9 tests: Fix send_message in test_message_edit_notifications.py. 2017-10-28 10:20:59 -07:00
Steve Howell cf1a4540ef tests: Fix send_message calls in test_link_embed.py. 2017-10-28 10:20:59 -07:00
Steve Howell fd9d919fc6 tests: Fix send_message calls in test_home.py. 2017-10-28 10:20:59 -07:00
Steve Howell 1c38130626 tests: Fix send_message calls in test_export.py. 2017-10-28 10:20:59 -07:00
Steve Howell 3e319837ef tests: Fix send_message calls in test_events.py.
We mostly introduce these functions (as part of a big
code sweep):

    send_stream_message
    send_personal_message
    send_huddle_message

In two cases, where we want to specifically manipulate
queue ids, we now call check_send_message directly.  (The
above three functions deliberately don't support kwargs
to ensure simple code and better type safety.)
2017-10-28 10:20:59 -07:00
Steve Howell 25379a3b19 Fix send_message calls in test_embedded_bot_system.py. 2017-10-28 10:20:59 -07:00
Steve Howell 4372bfb4a5 tests: Fix send_message calls in test_bugdown.py. 2017-10-28 10:20:59 -07:00
Steve Howell 7cf5be2266 tests: Fix send_message calls in test_alert_words.py. 2017-10-28 10:20:59 -07:00
Steve Howell 53ad6270b4 tests: Fix send_message calls in test_event_queue.py. 2017-10-28 10:20:59 -07:00
Steve Howell 9c90c40c08 tests: Fix send_message calls in test_upload.py. 2017-10-28 10:20:59 -07:00
Tim Abbott fa55d7ed33 retry_event: Remove requirement of failed_tries being already there.
This fixes a bug where retries in the signups queue threw an exception.
2017-10-27 18:15:53 -07:00
Tim Abbott 090563fb25 test_tornado: Fix IOLoop exceptions output spam.
We weren't quite following the proper protocol for Tornado tests.
2017-10-27 16:28:33 -07:00
Tim Abbott f790e667b3 test_tornado: Fix repeated autoreload configuration in tests.
Apparently, our previous efforts to disable AUTORELOAD in the tests
were incorrect.
2017-10-27 16:19:03 -07:00
Tim Abbott aacafd7a4d test_tornado: Fix incorrect tearDown method for IOLoops.
We appear to have 2 bugs of this form, so this just cuts half of the
exception/warning log output, but it's a start.
2017-10-27 16:13:42 -07:00
Tim Abbott 49d7d49038 test_narrow: Fix sqlalchemy warning spam. 2017-10-27 16:06:03 -07:00
Tim Abbott d80d15c08d GoogleSubdomainLoginTest: Suppress unnecessary logging output.
This helps make our test output nice and clean.
2017-10-27 16:06:03 -07:00
Tim Abbott a1fa7a3c83 JWT: Filter out logging.warning output in tests. 2017-10-27 16:06:03 -07:00
Tim Abbott fca6df09b0 test_home: Mark a couple tests as explicitly slow. 2017-10-27 16:05:55 -07:00
Tim Abbott 28b25a66c2 test_events: Mark several slower tests as explicitly slow. 2017-10-27 15:46:59 -07:00
Tim Abbott ef9679667f test_docs: Fix unnecessary info-level logging in tests. 2017-10-27 15:44:45 -07:00
Tim Abbott 5467296f60 decorators: Use human_users_only more aggressively. 2017-10-27 15:16:13 -07:00
Tim Abbott 1cd017288d views: Fix imports of REQ/has_request_variables from the wrong place.
These were never in zerver/decorator.py, and so it makes sense to
import them zerver/lib/request.py, mostly for ease of finding things.
2017-10-27 15:07:31 -07:00
Greg Price e4b4f67b44 subdomains: Tighten search for EXTERNAL_HOST in get_subdomain.
If a Zulip install at example.org got a request at an HTTP `Host`
like foo.example.org.evil.com (or even foo.example.orgevil.com),
we would accept it as subdomain foo.  This isn't likely to happen
in practice because it shouldn't pass ALLOWED_HOSTS, and it's not
obvious to me that anything untoward could be done with it even
if ALLOWED_HOSTS were set wide open, but if nothing else it
multiplies the cases in analyzing this logic.

The reason we had a loose match like this, I assume, is to allow
the user to come from arbitrary ports -- especially in development.
So tighten the pattern to allow just that, and add some tests for
that behavior and a comment explaining why this complication is
needed.
2017-10-27 14:42:24 -07:00
Greg Price 1b19af2612 subdomains: Write some tests for get_subdomain.
This logic is a bit subtle, and we're about to make changes to it.
So let's have some tests.
2017-10-27 14:42:24 -07:00
Greg Price 318682fd52 auth: Use URL rather than cookie to pass signed data cross-domain.
The cookie mechanism only works when passing the login token to a
subdomain.  URLs work across domains, which is why they're the
standard transport for SSO on the web.  Switch to URLs.

Tweaked by tabbott to add a test for an expired token.
2017-10-27 14:42:04 -07:00
Greg Price 6efcce9374 oauth login: Refactor tests to dedupe a bit of recurring logic.
This makes the tests a little cleaner in itself, and also prepares
them to adjust with less churn when we change how
redirect_and_log_into_subdomain passes the signed token.
2017-10-27 14:28:38 -07:00
Greg Price fad3d56810 views: Move some login code from `registration` to `auth`.
Most of these have more to do with authentication in general than with
registering a new account.  `create_preregistration_user` could go
either way; we move it to `auth` so we can make the imports go only in
one direction.
2017-10-27 14:28:38 -07:00
Henrik Pettersson 09cd47c6ad Add UI for viewing and cancelling open Zulip invitations.
Lets administrators view a list of open(unconfirmed) invitations and
resend or revoke a chosen invitation.

There are a few changes that we can expect for the future:

  * It is currently possible to invite an email that you have already
    invited, it might make sense to change this behavior.

  * Resend currently sends an invite reminder instead of resending the
    original invite, this is because 'custom_body' was not stored when
    the first invite was sent.

Tweaked in various minor ways, primarily in the backend, by tabbott,
mostly for style consistency with the rest of the codebase.

Fixes: #1180.
2017-10-27 13:07:43 -07:00
Vishnu Ks 8c68a167fe backend: Allow Administrators to invite new users as admins.
Tweaked by tabbott to have the field before the invitation is
completed be called invite_as_admins, not invited_as_admins, for
readability.

Fixes #6834.
2017-10-27 11:19:38 -07:00
Steve Howell 4b78f69a87 tests: Introduce send_huddle_message().
The tighter interface here makes for shorter lines (or
fewer multi-line calls) and it leads to stricter type
checking.
2017-10-27 11:00:23 -07:00
Steve Howell 9707767b21 tests: Introduce send_personal_message().
The tighter interface prevents the need to specify
Recipient.PERSONAL (which can often be inaccurate in the
huddle case, anyway), and it prevents tests from confusingly
specifying a "subject" field for PMs.
2017-10-27 11:00:23 -07:00
Steve Howell 25a6fbd05d tests: Introduce send_stream_message().
Having send_stream_message() avoids the need to supply
Recipient.STREAM as a parameter, and it also uses the more
modern name of `topic_name` for topics.  Under the hood, it
avoids some annoying steps for re-formatting the recipients,
since we just have a single stream name.
2017-10-27 11:00:23 -07:00
Steve Howell 9576d25f92 Use check_send_stream_message in test_not_too_many_queries.
When possible, we want to use direct APIs for sending
stream messages.

This changes the codepath slightly, by not using
forwarded_user_profile, but it doesn't impact the number
of queries, and it's a simple check.

We also remove a couple "subject" references here.
2017-10-27 11:00:23 -07:00
Steve Howell abf16a96d1 Rename subject -> topic_name in assert_stream_message(). 2017-10-27 11:00:23 -07:00
Steve Howell c4404ed078 tests: Change some test topic names to not use "subject". 2017-10-27 11:00:23 -07:00
Steve Howell a70ede6c75 Allow "default" bots to see mentions on all streams.
This change allows normal bots to get UserMessage rows when
they are mentioned on a stream, even if they are not actually
subscribed to the stream.

Fixes #7140.
2017-10-26 22:16:47 -07:00
Steve Howell 53dbcbe2a4 refactor: Handle service bot mentions earlier in the code.
We now find all (possibly) relevant service bots for a message
in the call to get_recipient_info.  This allows us to eliminate
some code that would patch them after we rendered.

The get_service_bot_events() function will ignore any service
bots that weren't actually mentioned in the message (due to
backticks) or part of the active user ids.
2017-10-26 22:16:47 -07:00
Steve Howell 87b48f722d Add MentionData.get_user_ids().
This prepares us to take advantage of the user_ids
in subsequent commits related to `do_send_messages()`.
2017-10-26 22:16:47 -07:00
Steve Howell 635675fe48 Reduce queries needed for sending messages.
In do_send_messages, we only produce one dictionary for
the event queues, instead of different flavors for text
vs. html.  This prevents two unnecessary queries to the
database.

It also means we only put one dictionary on the "message"
event queue instead of two, albeit a wider one that has
some values that won't be sent to the actual clients.

This wider dictionary from MessageDict.wide_dict is also
used for the `feedback_messages` queue and service bot
queues.  Since the extra fields are possibly useful down
the road, and they'll just be ignored for now, we don't
bother to remove them.  Also, those queue processors won't
have access to `content_type`, which they shouldn't need.

Fixes #6947
2017-10-26 16:35:28 -07:00
Steve Howell df93a99b50 Cache only one row per message.
Before this change, we populated two cache entries for each
message that we sent.  The entries were largely redundant,
with the only difference being whether we sent the content
as raw markdown or as the rendered HTML.

This commit makes it so we only have one cache entry per
message, and it includes both content and rendered_content.

One legacy source on confusion here is that `content`
changes meaning when you're on the front end.  Here is the
situation going forward:

    database:
        content = raw
        rendered_contented = rendered

    cache entry:
        content = raw
        rendered_contented = rendered

    payload for the frontend:
        content = raw (for apply_markdown=False)
        content = rendered (for apply_markdown=True)
2017-10-26 16:35:28 -07:00
Steve Howell 0cef7c9fd5 Refactor: Extract get_client_info_for_message_event().
This removes some clutter from process_message_event, and it
makes process_message_event() a bit easier to test.
2017-10-26 16:35:28 -07:00
Steve Howell a50671165a tests: Add test_content_types(). 2017-10-26 15:47:44 -07:00
derAnfaenger 18e5bcbbb1 tests: Enable call_consume_in_tests for email mirror queue. 2017-10-26 14:53:27 -07:00
derAnfaenger 17949adf11 embedded bots: Add StateHandler remove() function. 2017-10-26 14:49:50 -07:00
Greg Price 27adbe8d79 subdomains: Clean up a use of various falsy values for the root domain.
This isn't a complete cleanup of the logic at this spot, but
at least the messy part that remains is now explicit.
2017-10-26 10:29:17 -07:00
Henrik Pettersson 2f52da7baa test_signup: extract InviteUserBase class
This is a refactor done in preparation for #1180
2017-10-25 16:32:04 -07:00
derAnfaenger 8680541912 embedded bots: Add message flow tests. 2017-10-25 16:13:37 -07:00
Abhijeet Kaur a88178afaf Embedded bots: Add support for creating embedded bots via the API.
Adds support to add "Embedded bot" Service objects. This service
handles every embedded bot.

Extracted from "Embedded bots: Add support to add embedded bots from
UI" by Robert Honig.

Tweaked by tabbott to be disabled by default.
2017-10-25 16:13:29 -07:00
derAnfaenger ce4ba9c178 bot services: Use call_consume_in_tests. 2017-10-25 15:56:12 -07:00
derAnfaenger 0d0c8fee7e embedded bots: Migrate StateHandler API to use get and put.
This moves away from handling a StateHandler object like a dict
and gives it the methods get, put, and contains.
2017-10-25 15:39:28 -07:00
derAnfaenger 34e3eb8c67 embedded bots: Rename state and state_handler to storage. 2017-10-25 15:39:28 -07:00
derAnfaenger cd600b8677 embedded bots: Add StateHandler marshaling functions. 2017-10-25 15:39:28 -07:00
Vishnu Ks 9314a7ac8b backends: Move EmailLogBackEnd to email_backends. 2017-10-25 14:35:12 -07:00
Steve Howell 14d2d4e506 Fix bug in flush_user_profile().
Every time we updated a UserProfile object, we were calling
delete_display_recipient_cache(), which churns the cache and
does an extra database hop to find subscriptions.  This was
due to saying `updated_fields` instead of `update_fields`.

This made us prone to cache churn for fields like UserProfile.pointer
that are fairly volatile.

Now we use the helper function changed().  To prevent the
opposite problem, we use all the fields that could invalidate
the cache.
2017-10-25 11:30:56 -07:00
Steve Howell 2387fa70af tests: Make test_people() more robust.
This test had a little bug, where we weren't actually
verifying `realm_bots` before, because we weren't using
`field` to look it up.

This commit fixes that bug and adds additional checks,
particularly for the recently added `realm_non_active_users'.
2017-10-25 11:18:30 -07:00
Steve Howell 305fe6106b Add `realm_non_active_users` data to initial payload.
We now add `realm_non_active_users` to the result of
`do_events_register` (and thus `page_params`).  It has
the same structure as `realm_users`, but it's for
non-active users.  Clients need data on non-active users
when they process old messages that were sent by those
users when they were active.  Clients can currently get
most of the data they need in the message events, but it
makes for ugly client code.

Fixes #4322
2017-10-25 11:18:30 -07:00
Steve Howell 769c741c7c refactor: Simplify event updates for `realm_users`.
We make a few things cleaner for populating `realm_users`
in `do_event_register` and `apply_events`:

    * We have a `raw_users` intermediate dictionary that
      makes event updates O(1) and cleaner to read.

    * We extract an `is_me` section for all updates that
      apply to the current user.

    * For `update` events, we do a more surgical copying
      of fields from the event into our dict.  This
      prevents us from mutating fields in the event,
      which was sketchy (at least in test mode).  In
      particular, this allowed us to remove some ugly
      `del` code related to avatars.

    * We introduce local vars `was_admin` and `now_admin`.

The cleanup had two test implications:

    * We no longer need to normalize `realm_users`, since
      `apply_events` now sees `raw_users` instead.  Since
      `raw_users` is a dict, there is no need to normalize
      it, unlike lists with possibly random order.

    * We updated the schema for avatar updates to include
      the two fields that we used to hackily delete from
      an event.
2017-10-25 11:18:30 -07:00
Shekh Ataul d239f77966 refactor: Replace mkdir_p functions with Python 3 builtin.
This didn't exist in Python 2, but it does in Python 3, so we get to
reap the rewards of dropping Python 2 support.

Fixes #7082.
2017-10-25 11:06:11 -07:00
Steve Howell 420ca5a470 tests: Test out-of-stream mentions. 2017-10-24 14:31:58 -07:00
Tim Abbott 3ee53d5de3 auth: Don't offer password reset links when useless.
If an organization doesn't have the EmailAuthBackend (which allows
password auth) enabled, then our password reset form doesn't do
anything, so we should hide it in the UI.
2017-10-24 12:07:43 -07:00
Tim Abbott d69c39cad1 ldap: Prevent useless password resets when email auth is not enabled.
While the passwords wouldn't do anything without email auth enabled
anyway, it's probably better not to have users be able to go through
the flow.
2017-10-24 12:07:43 -07:00
Tim Abbott b81bde3a90 ldap: Prevent creating accounts with Zulip/EmailAuthBackend passwords.
While our recent changing to hide /register means we don't need a nice
pretty error message here, eventually we'll want to clean up the error
message.

Fixes #7047.
2017-10-24 11:21:49 -07:00
Steve Howell b851020b1e Excluded topic-muted users from stream push notifications.
Fixes #7059
2017-10-23 17:26:15 -07:00
Steve Howell 78b1a8442b Add StreamTopicTarget.user_ids_muting_topic(). 2017-10-23 17:26:15 -07:00
Steve Howell 0263c857b3 tests: Add test_stream_recipient_info(). 2017-10-23 17:26:15 -07:00
Tim Abbott 145817d1e0 forms: Pass the realm into authenticate in OurAuthenticationForm.
Historically, we'd just use the default Django version of this
function.  However, since we did the big subdomains migration, it's
now the case that we have to pass in the subdomain to authenticate
(i.e. there's no longer a fallback to just looking up the user by
email).

This fixes a problem with user creation in an LDAP realm, because
previously, the user creation flow would just pass in the username and
password (after validating the subdomain).
2017-10-23 12:36:09 -07:00
Tim Abbott 4ecf781ed4 test_signup: Fix LDAP end-to-end tests accidentally using wrong backend.
Apparently, we were accidentally using the EmailAuthBackend in parts
of these tests.
2017-10-23 12:25:47 -07:00
Steve Howell a66409de2e tests: Add FetchQueriesTest.test_queries().
This new test solves the problem that when we
made changes to the page-load codepath in the past,
it's been hard to identify what new code caused
more database queries.  Now you can see query
counts broken out by event type.

This requires a small, harmless change to extract
an `always_want` function in `lib/events.py`.
2017-10-23 11:11:19 -07:00
Steve Howell c584289d11 tests: Count cache hits for page load. 2017-10-23 11:11:19 -07:00
Steve Howell 0e106a2488 Add client_gratavar support to GET /messages.
Clients fetching messages can now specify that they are able
to compute their avatar, and if they set client_gratavar to
True in the request (w/our normal encoding scheme), then the
backend will not compute it, and the payload will be smaller.

The fix starts with get_messages_backend.  The flag gets
passed down through these functions:

    * MessageDict.post_process_dicts.
    * MessageDict.set_sender_avatar.

We also fix up the callers for post_process_dicts to explicitly
pass in the client_gravatar path, but for now they all just hard
code the value to False.
2017-10-20 15:49:21 -07:00
Tim Abbott d1cb039c2c test_management_commands: Add check for expected system exit.
This was missed in the recent improvements to
send_webhook_fixture_message.
2017-10-20 09:16:38 -07:00
Tim Abbott 9b791acf50 test_push_notifications: Fix tests failing due to rebase.
message.triggers got recently renamed.
2017-10-19 18:34:28 -07:00
Maarten Rijke 841f02934d push_notifications: Add setting to redact content.
This commit adds a setting that toggles redacting content of push
notifications and replacing it with "***REDACTED***".
2017-10-19 18:16:06 -07:00
derAnfaenger 2e51d39d69 embedded bots: Add StateHandler tests. 2017-10-19 13:09:23 -07:00
derAnfaenger a2b7929b22 embedded bots: Alter tests to accept any class name.
Some bots have class names that differ from their module name,
e.g. `helloworld.py` vs. `HelloWorld`. Our tests should accept
all of these, as long as a handler class is present.
2017-10-19 13:09:23 -07:00
derAnfaenger 07703daf90 page_params: Add list of available embedded bots. 2017-10-19 10:37:55 -07:00
Rishi Gupta e7ba4c5168 emails: Send first welcome email right away.
I think an hour after signup is not the right time to try to get someone to
re-engage with a product.

This also makes the day1 email clearly a transactional email both in
experiencing the product and in the eyes of various anti-spam laws, and
allows us to remove the unsubscribe link.
2017-10-19 00:04:07 -07:00
Tim Abbott 85917a7269 subdomains: Improve support for using the root domain.
This modifies the realm creation form to (1) support a
realm_in_root_domain flag and (2) clearly check whether the root
domain is available inside check_subdomain_available before trying to
create a realm with it; this should avoid IntegrityErrors.
2017-10-18 23:38:55 -07:00
Tim Abbott 0bfcf2da41 subdomains: Don't compute realm_subdomain if not needed.
We were doing an unnecessary database query on every user registration
checking the availability of the user's subdomain, when in fact this
is only required for realm creation.
2017-10-18 23:05:15 -07:00
Umair Khan c14e9f3ae8 registration: Add LDAP tests. 2017-10-18 23:05:09 -07:00
Umair Khan 3d6715445a ldap: Fix test_registration_through_ldap.
Fixes #6663
2017-10-18 23:05:09 -07:00
Tim Abbott 642086ff65 subdomains: Pass whether root domain is available to registration.
This data is necessary to determine whether to offer the root domain
in the realm creation form.
2017-10-18 22:53:10 -07:00
Tim Abbott e98ca0714b notifications: Simplify how triggers are passed around.
This removes the utterly unnecessary `triggers` dict (which always was
a dict with exactly one value True) in favor of a single field,
'trigger'.

Inspired by Kunal Gupta's work in #6659.
2017-10-18 21:42:05 -07:00
derAnfaenger 02f50680cf test_messages.py: Switch misordered send_message parameters. 2017-10-18 11:55:11 -07:00
rht 691598a88b py3: Remove "from six.moves import range".
This is no longer required, since in Python 3, this is what the range
built-in does.
2017-10-17 23:28:14 -07:00
Tim Abbott 64cd0c2c5a notifications: Add failing test for push notifications on muted topics.
This is some pre-work as part of #7059.
2017-10-17 22:49:33 -07:00
Tim Abbott 024c27dd3e notifications: Fix sending push notifications on muted streams.
Apparently, the stream muting feature did not take priority over the
stream_push_notify feature.  This fixes that gap.

Fixes zulip/zulip-mobile#1314.
2017-10-17 22:38:54 -07:00
Tim Abbott d37820f39f tests: Fix test_message_edit_notifications.
This was broken in a minor way by my fix to #7031.
2017-10-17 22:12:32 -07:00
Alena Volkova 5515a075ec urls: Move the report endpoints to be API-style routes. 2017-10-17 22:05:56 -07:00
Tim Abbott 513b6d624f notifications: Fix double-sending in missedmessage_hook.
While the missedmessage_hook logic originally did a reasonably good
job of avoiding double-sending notifications, there was a corner case
it didn't handle, namely a user who had been presence-idle when a
message was sent and became also event-queue-idle as well within the
next 10 minutes.  For those users, they got a notification at message
send time, and the missedmessage_hook would deliver it a second time.

We fix this by just checking the conveniently available push_notified
and email_notified variables that indicate whether the message already
had a notification triggered.

Fixes #7031.
2017-10-17 21:54:03 -07:00
Steve Howell 33338f78e9 tests: Make test_bulk_message_fetching() more thorough.
We include the post-processing step when counting queries now.
2017-10-16 23:37:10 -07:00
Steve Howell d909355dc2 refactor: Move methods from models.py -> lib/messages.py.
Message.get_raw_db_rows is moved to MessageDict, since its
implementation details are highly coupled to other methods
in MessageDict.

And then sew_messages_and_reactions comes along for the
ride.

We eventually want to move Reaction.get_raw_db_rows to there
as well.
2017-10-16 23:37:10 -07:00
Steve Howell 3c6cc3d454 Defer deleting intermediate values in message dictionaries.
We're about to have multiple post-processing stages for building
message dictionaries.  Rather than having individual "hydration"
methods remove intermediate values, we just wait until the end.

This decouples the hyrdration steps.  The potentional problem
here is that we may have a field like sender_is_mirror_dummy
that isn't part of the final payload, but we need it for
calculating display recipients and avatars.  We don't want to
delete it too early from the objects.
2017-10-16 23:37:10 -07:00
Tim Abbott b5c107ed27 push_notifications: Remove unnecessary check for no devices.
This should have been checked by the caller anyway.
2017-10-13 17:30:20 -07:00
Tim Abbott 27a450b58d push_notifications: Improve error message for GCM sending issues.
This addresses one of the sources of confusion in #6993.
2017-10-13 17:30:11 -07:00
Umair Khan a48a86237d ldap: Change logging level to warning.
Fixes #6960.
2017-10-13 17:13:18 -07:00
Harshit Bansal 7d5bcf5534 notifications: Use lxml instead of hacky regexes to scrub inline images. 2017-10-13 16:13:58 +00:00
Harshit Bansal 8d42f42ef2 notifications: Correctly convert relative narrow links to absolute URLs. 2017-10-13 15:44:47 +00:00
Greg Price b095463f9b logging: Clear out the Django default config on logger `django`.
By default, Django sets up two handlers on this logger, one of them
its AdminEmailHandler.  We have our own handler for sending email on
error, and we want to stick to that -- we like the format somewhat
better, and crucially we've given it some rate-limiting through
ZulipLimiter.

Since we cleaned out our logging config in e0a5e6fad, though, we've
been sending error emails through both paths.  The config we'd had
before that for `django` was redundant with the config on the root --
but having *a* config there was essential for causing
`logging.config.dictConfig`, when Django passes it our LOGGING dict,
to clear out that logger's previous config.  So, give it an empty
config.

Django by default configures two loggers: `django` and
`django.server`.  We have our own settings for `django.server`
anyway, so this is the only one we need to add.

The stdlib `logging` and `logging.config` docs aren't 100% clear, and
while the source of `logging` is admirably straightforward the source
of `logging.config` is a little twisty, so it's not easy to become
totally confident that this has the right effect just by reading.
Fortunately we can put some of that source-diving to work in writing
a test for it.
2017-10-12 22:45:14 -07:00
Tim Abbott a466bf8a47 report: Fix handling of reports with no more_info. 2017-10-12 17:38:28 -07:00
Steve Howell e0bc1b114e Make sure mentions refer only to active users.
An active user can share the same full name as a deactivated
user.  We now only allow mention syntax to find users who are
activated.

Fixed #6978
2017-10-12 17:11:36 -07:00
Steve Howell a6c3621f55 Support client_gravatar in /json/users endpoint. 2017-10-12 14:00:41 -07:00
Steve Howell 1fc6a5febc Add get_avatar_field() function.
This function is designed to replace avatar_url() and
avatar_url_from_dict() over time.

There are a few things new about it:

    * We make the parameters more explicit, rather than
      passing in an opaque dictionary or requiring a
      UserProfile object.  (A lot of our callers want
      to use `values()` for efficiency sake, since we
      are often doing bulk user operations.)

    * We start to support the client_gravatar option.
2017-10-12 14:00:41 -07:00
Steve Howell f0194f1821 Reset client descriptors at the start of event tests.
Fixes #6958
2017-10-12 10:27:16 -07:00
Steve Howell 941f718b08 Move tutorial code out of EventsRegisterTest.setUp.
Now we only run this code for the single test that needs
this setup.
2017-10-12 09:44:01 -07:00
Tim Abbott 66a3f514d4 zilencer: Remove long-obsolete Deployment model.
This was a precursor to RemoteZulipServer, which is no longer used for
anything, and was cluttering the codebase.
2017-10-11 23:48:01 -07:00