Commit Graph

4485 Commits

Author SHA1 Message Date
Sahil Batra 8528914131 settings: Fix live update code for realm-level user defaults section.
Previously, on receiving udpate event of realm-level default setting,
we updated the whole page, but this might be problematic now in case
where user has edited settings in two subsections with save/discard
button still present and if user clicks on save button of one
subsection then the setting in other subsection also resets to its
original value as whole page is updated.

So, this commit changes the behavior to only update the changed
setting and not affecting other settings similar to what we do
in 'Organization settings' and 'Organization permissions' sections.

We also do not call 'settings_display.report_emojiset_change' when
realm-level default of emojiset setting is updated because we now
uses save/discard widget.
2021-10-07 10:16:28 -07:00
Sahil Batra a7b14756ec settings_org: Use admin-realm-form class in save-discard click handlers.
We use 'admin-realm-form' class as selector in save-discard click
handlers instead of 'organization' which includes all the organization
settings sections, but save/discard widget is used only for some
sections and all of them are inside the form with class 'admin-realm-form'.

This will also help us to avoid code duplication when changing the realm
level defaults section to use save-discard widget.
2021-10-07 10:12:10 -07:00
Aman Agrawal cc8cb5432e channel: Simplify password change tracking.
Move the password tracking variables from setup to channel module.
Track password_change requests in channel.
Directly use xhr object to store `password_changes` information.
Tests modified to accomodote this change by converting strings to
objects.
2021-10-05 10:23:43 -07:00
Aman Agrawal 8433ce90dc channel: Ask spectator to login for unauthenticated requests.
Get complete coverage for channel.
2021-10-05 10:23:43 -07:00
Alex Vandiver db934be064 CVE-2021-41115: Use re2 for user-supplied linkifier patterns.
Zulip attempts to validate that the regular expressions that admins
enter for linkifiers are well-formatted, and only contain a specific
subset of regex grammar.  The process of checking these
properties (via a regex!) can cause denial-of-service via
backtracking.

Furthermore, this validation itself does not prevent the creation of
linkifiers which themselves cause denial-of-service when they are
executed.  As the validator accepts literally anything inside of a
`(?P<word>...)` block, any quadratic backtracking expression can be
hidden therein.

Switch user-provided linkifier patterns to be matched in the Markdown
processor by the `re2` library, which is guaranteed constant-time.
This somewhat limits the possible features of the regular
expression (notably, look-head and -behind, and back-references);
however, these features had never been advertised as working in the
context of linkifiers.

A migration removes any existing linkifiers which would not function
under re2, after printing them for posterity during the upgrade; they
are unlikely to be common, and are impossible to fix automatically.

The denial-of-service in the linkifier validator was discovered by
@erik-krogh and @yoff, as GHSL-2021-118.
2021-10-04 21:26:24 +00:00
Dinesh 206168ed28 puppeteer: Remove waitFors on deletion spinners.
Also added a waitFor for the modal to disappear and removed
waitFor for the spinner to hide which would obviously be hidden
with modal and it also doesn't add much value.
2021-10-03 18:47:42 -07:00
Aman Agrawal 58172fe21a compose: Allow user to undo formatting.
For text that already has the formatting that the user is
trying to apply, we undo the formatting. This gives a nice
experience of applying and removing the formatting from text
on the same button press.
2021-10-01 16:45:50 -07:00
Ganesh Pawar fa928d5cd1 streams: Split setting for stream creation policy.
Users wanted a feature where they could specify
which users can create public streams and which users can
create private streams.

This splits stream creation code into two parts,
public and private stream creation.

Fixes #17009.
2021-10-01 10:26:42 -07:00
Ganesh Pawar 66bd282d12 puppeteer_tests: Use loop when testing changing policies for streams.
Previously, this logic copied code to test each individual case.
2021-09-30 16:13:51 -07:00
sahil839 1e1f08fa4e settings: Add moderators and members option to msg-delete dropdown.
This commit adds moderators, full members and members options to
the delete_own_message_policy dropdown.
2021-09-30 14:59:31 -07:00
sahil839 909a3cde76 realm: Replace allow_message_deleting with delete_own_message_policy.
This commit replaces 'allow_message_deleting' boolean setting
with an integer setting 'delete_own_message_policy'. We have a
separate dropdown now for deciding which user-roles can delete
messages sent by themselves and the time-limit setting droddown
is different.

This new setting has two options - everyone and admins only. Other
options including moderators will be added further.

We also remove the "Never" option from the original time-limit
dropdown, as admins are always allowed to delete message. This
never option resembled the case of only admins being allowed to
delete but this state is now resembled by setting the dropdown
to "admins only" and we also disable the time-limit dropdown in
this case as admins are allowed to delete irrespective of limit.

Note, this setting is only for deleting messages sent by the
deleting user themselves, and only admins are allowed to delete
messages sent by others as before.
2021-09-30 14:59:31 -07:00
sahil839 b13bfa09c5 message: Make zero invalid value for message_content_delete_limit_seconds.
We make zero invalid value for message_content_delete_limit_seconds and
for handling the case of "Allow to delete message any time", the API-level
value of message_content_delete_limit_seconds is "anytime" and "None"
as the DB-level value. We also use these values for message retention
setting, so it helps maintain consistency.
2021-09-30 14:45:39 -07:00
isakhagg 9d291c9d3f tooltip: Add "download" text to tooltips on files.
Fixed #19740.
2021-09-27 10:54:37 -07:00
Sahil Batra c233ee9935 settings: Migrate twenty_four_hour_time setting to RealmUserDefault.
This commit removes the existing default_twenty_four_hour_time field in
Realm table which was used to set the twenty_four_hour_time setting of
new user on joining and instead we now use the twenty_four_hour_time
field of RealmUserDefault table for the same.

With some tweaks by tabbott to clarify the documentation.
2021-09-23 10:44:42 -07:00
Anders Kaseorg abee9258c6 js: Fix @typescript-eslint/restrict-template-expressions.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-22 18:06:06 -07:00
Anders Kaseorg f7a7cfea62 js: Fix @typescript-eslint/restrict-plus-operands.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-22 18:06:06 -07:00
Anders Kaseorg ba610440ab js: Fix @typescript-eslint/no-floating-promises.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-22 18:06:06 -07:00
Sahil Batra 145e020af8 settings: Add live update code for user presence-enabled setting. 2021-09-21 14:56:27 -07:00
Sahil Batra 22ec3c7993 settings: Add UI for realm-level default of presence-enabled setting. 2021-09-21 14:39:13 -07:00
Aman Agrawal 8c50a08066 stream_edit: Live update UI when a stream becomes web public. 2021-09-21 10:22:33 -07:00
Sahil Batra 1682ec46dd settings: Add live update code for realm-default notification settings. 2021-09-16 15:46:41 -07:00
Sahil Batra ed71b3211a puppeteer: Specify container for notification settings tests.
We will add realm-level defaults of notification settings in
further commits which will result in two elements with same
class. So, this commit specifies container element id along
with the class of setting element to make sure that we wait
for the correct element.
2021-09-16 15:46:41 -07:00
Sahil Batra 8b9b0638c6 settings_config: Pass settings object as parameter to all_notifications.
We pass user_settings object to all_notifications and
get_notifications_table_row_data such that we can use these
functions for realm-level settings also.
2021-09-16 15:46:41 -07:00
Sahil Batra 1b530e74d2 settings: Disable realm-level defaults of user settings for non-admins. 2021-09-16 15:46:40 -07:00
Sahil Batra 3242a61894 user_groups: Hide system user groups from UI.
We do not have any system user groups as of
now, but this commit is just a prep commit
to prevent any change in user-facing pages
to avoid confusion till this feature is
completed.

This change was initially made in 6117c38,
but it was reverted in 1543775a due to merge
conflicts with the typescript migration of
user_groups.js.
2021-09-16 13:11:03 -07:00
Priyank Patel 0d91472c64 ts: Convert timerender module to TypeScript. 2021-09-15 17:19:39 -07:00
Priyank Patel 9de3b2f4fd ts: Convert user_groups module to TypeScript. 2021-09-15 16:53:17 -07:00
Priyank Patel 3e6141d03f user_groups: Remove suppress_errors support for get_user_group_from_id. 2021-09-15 16:52:35 -07:00
Sahil Batra 06f46cc146 settings: Add live update code for realm-level defaults settings.
This commit adds code for live-updating the realm-level default
settings page which contains only display settings as of now.

This commit also adds realm_user_settings_defaults object to
zpage_params so that we can write the tests.
2021-09-15 09:56:33 -07:00
Aman Agrawal 7c8e19758a stream_data: Add web_public as a stream privacy mode.
Show web_public descriptions for web public streams.

(Temporarily limited to development environments, since this feature
is not available yet).
2021-09-14 11:12:47 -07:00
Anders Kaseorg dadacc38a8 dependencies: Upgrade JavaScript dependencies.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-13 10:12:43 -07:00
Riken Shah fbf5c41a56 buddy_list: Show still image for animated emojis.
This commit changes the behavior of how we show
animated emojis in the buddy list. We now show still
image of animated emoji and when hovered show the
animated emoji.

Fixes #19521
2021-09-12 16:24:29 -07:00
Eeshan Garg 9c501f3efc navbar_alerts: Add alerts for demo org deadlines.
This commit displays a banner at the top for demo orgs letting the
user know that the org will be automatically deleted in the
specified number of days. The alerts are prioritized as follows:

- If there are <=7 days left till deletion, the alert is prioritized
  above desktop notification queries and is colored red.
- If there are more then 7 days left till deletion, the alert is
  prioritized below desktop notification queries.

This is a part of #19523.
2021-09-10 16:31:54 -07:00
Sahil Batra 1b5b7b8c2b settings: Specify moderators in dropdown options.
We change the label of various organization settings
to specify moderators.

Labels for 'admins only', 'admins and moderators'
and 'nobody' are still same.

The updated labels are -
- 'Admins, moderators and full members'
- 'Admins, moderators and members'
- 'Admins, moderators, members and guests'

These options will be replaced by user groups in
future but this is an intermediate fix.

Fixes #19562.
2021-09-10 14:29:32 -07:00
Dinesh 22f47d3c20 puppeteer: remove test_not_delete_draft_on_sending().
This test was `assert`ing the draft is not getting cleared
as soon as sending, which is desired behaviour to some extent
because we don't want to delete it until we receive a confirmation
from the server, but given the right amount of delay (or very
low network latency), the draft will be cleared. This inconsistency
was causing failures.

We could better test this with a node test. A node test was
already added in #18827.
2021-09-10 10:25:48 -07:00
sahil839 d74f6a5de6 drafts: Rename stream to stream_name in formatted draft object.
We are renaming stream to stream_name in formatted draft object
just to be more explicit and be clear that we are storing that
stream name in this variable.
2021-09-08 15:18:11 -07:00
sahil839 238ba1c36f drafts: Save stream_id along with stream names for drafts.
This commit changes snapshot_message to store stream_id for
drafts along with stream names. The stream_id field is
undefined if draft is for empty or invalid stream name.

After this change:
  - If draft has a valid stream_id stored and it maps to
    a stream, then we display the stream name from the
    obtained stream object.

  - If draft.stream_id is undefined or doesn't map to a stream,
    then we display the name stored in draft.stream, which can
    be invalid (no stream of this name existed ever), can be
    empty and can also be name of a deactivated stream.

This change helps us to show correct stream-name for drafts
in case of renaming a stream.

Fixes #15155.
2021-09-08 15:18:10 -07:00
Aman Agrawal 1347ee98ee compose: Extract function to format text in compose_ui.
Along with the extraction, we do some simplifications of inserting
text in compose too. This same function can now be used in
compose formatting popover too.

We use "text-field-edit", which has good cross-browser `undo` /
`redo` support, to do the text replace for us instead of writing
that logic ourselves.
2021-09-07 14:57:17 -07:00
Signior-X 459ce92109 compose: Make the route of message sending through drafts.
Before this commit, the message or any draft is deleted as soon
as the compose box is closed. So, it removes that by removing
delete_active_drafts and instead this commit will add the deletion
process of drafts in reify_message_id that is called when a
message is successfully sent and received.

Now, see there are two types of messages, one that are locally
echoed and the second ones are that aren't locally echoed but
sent directly to server. This commit only saves the message in
draft if it is locally echoed as they are the only messages
that show message failed in message list. The non locally echoed
ones aren't remove from the compose box until they are
successfully sent. Now as the draft-id is stored in the message
data for locally echoed messages, as they are echoed from the
server, they are deleted using that draft-id.

This also adds node tests for echo reify_message_id for testing
this feature that this commit is adding.

Fixes #17697
2021-09-07 14:36:05 -07:00
Aman Agrawal 31de905955 login_to_access: Rename module to `spectators`.
This allows us to call spectators.login_to_access which
is more clear for what it does.
2021-09-07 09:47:28 -07:00
Anders Kaseorg 646c04eff2 Rename default branch to ‘main’.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-09-06 12:56:35 -07:00
Aman Agrawal 34a37f55d6 spectators: Rename is_web_public_compatible functions. 2021-09-06 09:00:16 -07:00
Aman Agrawal f5e4dca8f2 login_to_access_modal: Restore current hash after login. 2021-09-06 09:00:16 -07:00
Aman Agrawal a67cff4964 reactions: Don't process clicks from spectators.
The reaction count goes up locally if we don't have this check.
This is misleading for spectators.
2021-09-06 09:00:16 -07:00
Aman Agrawal cfd81b1bf4 login_to_access: Take user to web_public_compatible hash on exit.
We save the last web_public_compatible hash that user visited
before the modal was shown and take user to that hash when
user exits the modal.
2021-09-06 09:00:16 -07:00
Aman Agrawal 3e7538b974 filter: Copy is_web_public_compatible from server to frontend.
This will be used to check if the narrow being requested by
spectator requires authentication without requesting the server.
Having this check locally, makes this process look snappy to
the user and doesn't result in 404s in the browser log.
2021-09-06 09:00:16 -07:00
Aman Agrawal 3ed833a7e4 hashchange: For hash that needs auth, prompt spectator to login.
For spectators, without sending any request to the server,
check locally if the hash requires authentication or which
shows a feature that requires authentication;
if it does, we show login_to_access modal to the user.
2021-09-06 09:00:16 -07:00
rht 6bfebd5558 emoji: Enable Japanese characters in the symbol section.
This was originally meant to fix the emoji mapping conflict during a
Slack import. In Slack, 🎉 and ㊗️ have different
symbols, but they both map to 🎉 in Zulip prior to this commit.
㊗️ now refers to the Japanese character version, as is
observed in Matrix and Slack.

I expand the fix to include all other Japanese characters.  Matrix.org
and Slack already have those characters in their symbol section, and so
this is to reach feature parity.

See the discussion thread in https://chat.zulip.org/#narrow/stream/9-issues/topic/duplicate.20emoji.20in.20data.20import
2021-08-31 06:42:36 -07:00
Sahil Batra fef825d56f settings: Rename class of notification settings elements.
We rename class of notification settings except checkboxes
by prefixing them with 'setting_' for clarity.

We do not change class of checkboxes because settings_checkbox
is used by other templates also and if we only change class
of those using notification_settings_checkboxes then live
update code will break and will need to add separate condition
for differentiating between which partial template is used.
2021-08-20 07:51:23 -07:00
Sahil Batra d05730a199 settings: Rename classes for display settings elements.
We rename the class of display setting elements by prefixing
them with 'setting_' for clarity.
2021-08-20 07:51:11 -07:00