Commit Graph

49192 Commits

Author SHA1 Message Date
Lauryn Menard cba8738eea search: Check if user can access stream topics before fetching history.
When building search suggestions for stream topics, instead of
assuming that the user has access to the stream's topic history
from the server, we check whether the user has access to the
stream's topics.
2022-11-05 15:09:49 -07:00
Eric Smith c4823bfd03
docs: Remove unnecessary type annotations from tutorial.
In 4c3c976174, we removed the need
to explicitly declare types for Django model fields. Here, we update that detail 
in our documentation.
2022-11-04 15:31:42 -07:00
Tim Abbott 426c806a87 docs: Document docker-zulip postgres upgrade requirement.
Since this is a hard requirement for upgrading the Docker image, it's
worth highlighting here.
2022-11-04 15:19:57 -07:00
Alex Vandiver d8ebbedbbb outgoing_webhook: Ignore the exception on failure if the stream is gone.
In the outgoing webhook handler, there is potentially several seconds
of trying between when a message triggering an outgoing webhook
arrives, and when it fails.  In the meantime, the stream the
triggering message was on may have been deleted, causing the
"Failure!" message to have no valid stream to be sent to.

Rather than raise an exception in the outgoing webhook worker, ignore
the exception and move on.
2022-11-04 14:46:17 -07:00
Alex Vandiver eb7a2f2c38 queue: Do test retries in tests.
The lambda passed to `queue_json_publish` is used if
`settings.USING_RABBITMQ` is unset -- which is only true in tests.  As
such, this pattern causes failures to never actually retry within
tests.

This behaviour has existed ever since the outgoing webhook code was
introduced in 53a8b2ac87, with no explanation.  Not passing that
argument allows tests to verify the retry behaviour when webhooks
fail.
2022-11-04 14:46:17 -07:00
Zixuan James Li 7dbd98d25c rest: Restrict access to json views via basic auth.
Previously, test cases or clients accessing /json/ views using HTTP
Basic Auth would be accepted, while we intended to only allow clients
authenticated with a session cookie to access these views.

This adds a check on the accessed path to avoid this possibility.

It seems unlikely that any API clients clients were taking advantage
of this unintended quirk; so we're not going to bother documenting
this bug fix as an API change. In any case, it should be trivial for
anyone affected to consult the documentation and then switch their
/json/foo URL to a correct /api/v1/foo URL.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-11-04 14:44:07 -07:00
Anders Kaseorg 51d1ccb064 build_emoji: Guard mutable default with read-only type.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-04 14:42:33 -07:00
Alya Abbott 4316f47f8d help center: Update list of fields in full profile.
Also add documentation on what fields are shown in the mobile app.
2022-11-04 14:41:09 -07:00
Lauryn Menard f17030a802 compose-validate: Use settings config value for policy check.
Updates the check in compose validate for the organization's
policy on sending private messages to use the code/value in
settings_config, instead of the number value.
2022-11-04 14:37:45 -07:00
Lauryn Menard 6b4ab21562 narrow-banner: Exclude bots when checking org sending pms policy.
Private messages between a user and a bot are not restricted by
the organization's policy setting for sending private messages.
So, for the empty banner text, we set the default title for
a single bot for the "pm-with" narrow.

Group private messages that include a bot are restricted by
this policy setting, so those messages stay the same.

Also, since bot's aren't people, we update the text for valid
"pm-with", "sender" and "group-pm-with" operands to include the
user's full name in the title.

When there are multiple people in the "pm-with" narrow, we still
send a generic "these people" message instead of listing all the
users in the narrow.

Finally, we make the default message end in a period instead of
an exclamation mark.
2022-11-04 14:37:45 -07:00
Lauryn Menard f06143bc7c narrow-banner: Check private message policy for empty narrow title.
For narrows that focus on private messages ("is:private", "pm-with",
"group-pm-with"), we want to check the organization private message
policy and set an empty narrow title that matches that policy.

For these narrows with invalid users, we prioritize that message
for the empty narrow title, instead of the private message policy
message.

Fixes #21889.
2022-11-04 14:37:45 -07:00
Sahil Batra 1fce1c3c73 register: Handle "Pronouns" type fields for older mobile clients.
Mobile clients older than v27.192 do not support PRONOUNS type
custom profile fields, so we instead change the type of it to
SHORT_TEXT in the data sent with register response and also in
the events sent to those clients.
2022-11-04 14:31:18 -07:00
Sahil Batra b2737b0878 migrations: Add migration to migrate pronouns custom profile fields.
This commit adds a migration to migrate SHORT_TEXT type profile
fields for pronouns to recently added PRONOUNS type.
2022-11-04 14:31:18 -07:00
Julia Bichler 16bed8ef42 stream settings: Hide email portion if unsubscribed.
This hides the stream email portion in the general settings
if the user is not subscribed to the stream.

Fixes part of #19519.
2022-11-04 14:22:27 -07:00
Julia Bichler 74f2d8ca7f stream settings: Allow modifying of email address.
This allows the user to modify the stream email address
by adding or removing tags before copying.

Fixes part of #19519.
2022-11-04 14:22:27 -07:00
Julia Bichler 6e163bb042 stream settings: Add copy email address modal.
This moves the stream email address to a modal
and adds a copy button.

Fixes part of #19519.
2022-11-04 14:22:27 -07:00
Lauryn Menard 54ad2f5266 compose-actions: Stop compose box load for invalid users with any trigger.
A user could trigger a "pm-with" narrow with an invalid user by moving
back/forward in the session, which would trigger the compose box to
open via a hash change. Updates the check to pass in any "pm-with"
narrow with an invalid user.

Also, if the compose box was active/started in the previous view, but
without any content, then we want to actively cancel/close it in the
invalid user "pm-with" narrow.
2022-11-04 14:08:25 -07:00
Lauryn Menard 09c4e2f662 compose-actions: Load compose box for PMs based on org policy.
If an organization has disabled sending private messages, we do not
want to load the compose box automatically for "pm-with" narrows.

We still open the compose box for private messages narrows with a
single bot user as this is not limited by this organization setting.

Also, if the compose box was active/started in a narrow with a bot
user, but had no content, then we want to close/cancel that in a
new narrow with a person or group.
2022-11-04 14:08:25 -07:00
Aman Agrawal 836db701aa recent: Fix cursor position after muting a topic above a PM row.
Fixes #23332

Check if col we are trying to focus exists for the row inside
`set_table_focus`.

We call `revive_current_focus` after `topics_widget` is defined
since it can be used inside it.
2022-11-04 13:59:22 -07:00
Aman Agrawal 4bd46f1cb4 recent: Simplify down arrow navigation.
Fixes #23331

Combine checks for last row between `vim_dowm` and `down_arrow`.

Check for the presence of unread counter in `set_table_focus`
directly so that it can be used in other cases as well. This is
especially useful when marking the last row in the table as read.
2022-11-04 13:59:22 -07:00
Aman Agrawal c41c94e36e recent_topics: Improve behaviour of inplace rerender.
We used to hide and show topic rows in the DOM when topics are
updated. This resulted in incorrect calculations in the length of
visible topics. As a consequence, focus is sometimes set to hidden topic.
Removing hidden topics from DOM helps us keep
the calculations correct.

The fixes bugs related to focus being lost when trying to mute
or mark as read the last row.
2022-11-04 13:59:20 -07:00
Aman Agrawal ef067eafad topic_list: Move topic filter out of topics list `ul`.
Instead of topic filter box being a part of the list when keeps
updating, we move it out and fix its position.

This should reduce rendering time of topics list and provide
a smoother experience to users when waiting for topics list to
load.
2022-11-04 13:40:46 -07:00
Anders Kaseorg d717b38704 dependencies: Upgrade JavaScript dependencies.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-03 14:48:40 -07:00
Anders Kaseorg 3a718d786f js: Fix type issue with FormatJS rich text elements.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-03 14:48:40 -07:00
Anders Kaseorg b582d5886c stylelint: Fix import-notation.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-03 14:48:40 -07:00
Anders Kaseorg b9dfa23666 requirements: Upgrade Python requirements.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-03 14:08:58 -07:00
Anders Kaseorg c6f6df986c openapi: Fix “contatining” typo.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-03 14:08:58 -07:00
Lauryn Menard 8410990c42 help-docs: Revise the article on searching for messages.
Updates the first part of the article to discuss the basics of
the search feature. Adds sub-headers / sections to the list of
search operators. Makes the exluding messages a section header
instead of a sub-section of the list.
2022-11-03 12:17:37 -07:00
Lauryn Menard 6f1d9ce466 help-docs: Fix "group-pm-with" format in search for messages article.
Updates the help center article on searching for messages to have
the correct format for the "group-pm-with" operator.

Also, reorders the list so that the private message searches are
all together, and the `streams:public` operator is last so that
it stands out a bit more.
2022-11-03 12:17:37 -07:00
M@ 47ecd33d3a
import: Narrow the id-window to just the current realm.
On multi-realm systems this results in traversal of all messages in
all realms and returns a massive payload of 1 row per stream on 
the server, not the intended one row per realm.
2022-11-03 12:13:43 -07:00
Anders Kaseorg 7021852627 install-node: Silence expected “node: command not found” on first run.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-03 12:11:08 -07:00
Anders Kaseorg d494181127 ruff: Enable more errors.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-03 12:10:15 -07:00
Anders Kaseorg 3d853caf16 ruff: Fix C417 Unnecessary `map` usage.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-03 12:10:15 -07:00
Anders Kaseorg ab864be904 ruff: Fix C416 Unnecessary `set` comprehension (rewrite using `set()`).
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-03 12:10:15 -07:00
Anders Kaseorg 77c15547e6 ruff: Fix C414 Unnecessary `list` call within `sorted()`.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-03 12:10:15 -07:00
Anders Kaseorg 69e94b5991 ruff: Fix C413 Unnecessary `list` call around `sorted()`.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-03 12:10:15 -07:00
Anders Kaseorg 9e53f0c756 ruff: Fix C405 Unnecessary `list` literal (rewrite as a `set` literal).
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-03 12:10:15 -07:00
Anders Kaseorg 033d2615f6 ruff: Fix B017 `assertRaises(Exception):` should be considered evil.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-03 12:10:15 -07:00
Anders Kaseorg e1a2894af9 ruff: Fix B011 Do not `assert False` (`python -O` removes these calls).
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-03 12:10:15 -07:00
Anders Kaseorg 9d2d6c8eb7 ruff: Fix M001 Unused `noqa` directive.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-03 12:10:15 -07:00
Anders Kaseorg adffad384c lint: Replace pycodestyle and pyflakes with ruff.
https://github.com/charliermarsh/ruff

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-03 12:10:15 -07:00
Mateusz Mandera 05913f5e3a saml: Extract logic for enabling wantMessagesSigned locally.
As explained in 158287f998,
wantMessagesSigned can't be enabled globally (as it'll break setups with
IdPs that sign SAMLResponse assertions) - but is needed for
LogoutRequests, and will be for LogoutResponses in the SP-initiated SLO
flow in future commits.

We extract a function with the necessary hacky logic for re-use in the
SP-initiated SLO implementation.
2022-11-02 21:58:46 -07:00
Tim Abbott 931ed069b3 tools: Don't display release candidate as forks. 2022-11-02 21:38:24 -07:00
Tim Abbott f0d3793c97 i18n: Update translations from Transifex. 2022-11-02 21:35:19 -07:00
Tim Abbott 873ab01c7a message_flags: Fix accidentally quadratic behavior. 2022-11-02 21:05:24 -07:00
Alya Abbott d9dde2b4d9 help center: Add a detail to /help/mute-a-stream.
Indicate that muted streams are sorted to the bottom of their section.
2022-11-02 17:05:28 -07:00
Anders Kaseorg ccfb516a79 lint: Enable caching for Prettier.
Caching is new in Prettier 2.7.0, but broken before 3.0.0-alpha.4.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-02 16:50:37 -07:00
Anders Kaseorg 683a6b0411 dependencies: Upgrade Prettier to 3.0.0-alpha.4.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-11-02 16:50:37 -07:00
evykassirer 6ef5736bfe drafts: Rename undefined draft topics to empty string.
This fixes an error state that came out of #22094.
The code causing the error was fixed in #23238 but some
drafts still have undefined topics which has some strange
side effects. One day we'll have typescript help catch
this kind of thing!

More details on CZO: https://chat.zulip.org/#narrow/stream/9-issues/topic/live.20update.20issue.20with.20drafts/near/1457913
2022-11-02 16:36:36 -07:00
evykassirer 919f08d80f drafts: Catch and log error caused by drafts with undefined topics.
This is a bandaid fix to an error that came out of #22094.
The error was fixed in #23238 but some drafts still have
undefined topics which is raising this error.

More details on CZO: https://chat.zulip.org/#narrow/stream/9-issues/topic/live.20update.20issue.20with.20drafts/near/1457913
2022-11-02 16:20:40 -07:00