Commit Graph

35014 Commits

Author SHA1 Message Date
majordwarf 39286fc1cd css: Reorder portico-signin.scss to put `.app-main` next to each other. 2020-03-17 12:40:08 -07:00
majordwarf 868891e724 css: Use SCSS nesting in portico-signin.scss for `.register-form`. 2020-03-17 12:40:08 -07:00
majordwarf 65fbc2f612 css: Refactor and reorder `.register-form` child elements. 2020-03-17 12:40:08 -07:00
majordwarf 84d92b8e9a css: Refactor and nest `.forgot-password-container`. 2020-03-17 12:40:08 -07:00
majordwarf 9a29978b09 css: Use SCSS nesting in portico-signin.scss for `.account-creation`. 2020-03-17 12:40:08 -07:00
majordwarf b7f7f4ef05 css: Use SCSS nesting in portico-signin.scss for `.new-style`. 2020-03-17 12:40:08 -07:00
majordwarf f7f3148e44 css: Use SCSS nesting in portico-signin.scss for `.input-box`. 2020-03-17 12:40:08 -07:00
majordwarf a14846f259 css: Use SCSS nesting in portico-signin.scss for `.alert`. 2020-03-17 12:40:08 -07:00
majordwarf 3b5fa831ac css: Use SCSS nesting in portico-signin.scss for `button`. 2020-03-17 12:40:08 -07:00
majordwarf 8d92c7277c css: Merge `button` in portico-signin.scss. 2020-03-17 12:40:08 -07:00
majordwarf 1cfd309130 css: Reorder portico-signin.scss to put `.new-style` next to each other. 2020-03-17 12:40:08 -07:00
majordwarf 4b3890c7e2 css: Use SCSS nesting in portico-signin.scss for `.header`. 2020-03-17 12:40:06 -07:00
majordwarf 6709fccd49 css: Merge `.header` in portico-signin.scss. 2020-03-17 12:35:25 -07:00
majordwarf 1e579921b7 css: Remove empty CSS ruleset from portico-signin.scss. 2020-03-17 12:35:25 -07:00
YashRE42 96cd8d3677 filter: Cache value of can_mark_messages_read.
Given that can_mark_messages_read is called whenever the blue box
cursor stops on a message and that it is calculated purely on the
basis of sorted_term_types, it makes sense to cache the result.
2020-03-17 12:27:08 -07:00
YashRE42 4d972e1d10 filter: Cache/store sorted_term_types.
Given that the sorted term types depends only on the filter, it makes
sense to only build them once and cache the results.
2020-03-17 12:27:08 -07:00
Pranav 83ad56aa64 ui: Fix list_render sorting breaking after re-creation/update.
Previously, when list_render.create was called, if a list_render
object with the given name existed, it returned the existing
list_render object with the previous properties, without the property
to sort the lists added.  The root cause of the bug was that when we
added the sorting click handlers, we put them just in the constructor,
not in __set_events, the function we call from appropriate code paths
to add the other necessary click handlers.

Fix this by moving the code to add the sorting properties into
__set_events().

Fixes #14175.
2020-03-17 12:08:02 -07:00
Stefan Weil c220b971ae
docs: Fix some typos in documentation (most of them found and fixed by codespell).
Signed-off-by: Stefan Weil <sw@weilnetz.de>
2020-03-17 05:57:10 -07:00
Mateusz Mandera 5e47f2975e actions: Optimize query in get_occupied_streams.
Using an Exists subquery to avoid scanning the entire Subscription
table seems to speed things up greatly.
Set up with:
 ./manage.py populate_db --extra_users 2000 --extra-streams 1000

Tested on my computer, the original function was taking ~1.2seconds,
the optimized version only ~0.05-0.06.

Likely fixes #13874; we can re-open if after production testing we
feel more work is warranted.
2020-03-17 05:44:05 -07:00
Steve Howell 327831df1e hotkeys: Fix "n" key behavior in some narrows.
If you were in the "Starred messages" narrow and
your pointer was on a message with the stream/topic
of "social/lunch", we wouldn't move you to the unread
messages for that topic.

I fixed this by removing the code that looked at
the current message's topic.  Instead, we only look
at the active narrow to figure out the "next" topic
to go to.

Fixes #14120.
2020-03-17 05:41:47 -07:00
Mateusz Mandera 884ff425da cache: Remove dead code for caching recipients.
With recipient column denormalized into all three of Stream, UserProfile
and Huddle, there is no more use for this caching.
2020-03-17 05:41:11 -07:00
Mateusz Mandera b4ce167a88 models: Add recipient foreign key to Huddle.
This follows the already tested approach from
8acfa17fe6.
2020-03-17 05:41:11 -07:00
Mateusz Mandera 08780fcb95 test_import_export: Fix how stream.recipient_id is verified. 2020-03-17 05:41:11 -07:00
Tim Abbott b064559652 zephyr: Add strict assertion about username format.
This ensures that even if it were possible to create an MIT Kerberos
account with a malicious username and/or hack webathena to pretend
that's the case, one couldn't do anything malicious.

This security improvement only impacts a single installation of Zulip
where Zephyr mirroring is in use that has already had the fix applied,
so there's no reason to do a security notice for it.

Found by Graham Bleaney using pysa.
2020-03-17 05:37:25 -07:00
Rike-Benjamin Schuppner bb49a60bd5
docs: Fix type in authentication methods. 2020-03-15 17:55:08 -07:00
Steve Howell ff4b5d8ce6 minor: Fix list/set test flake. 2020-03-15 09:11:14 -04:00
Anders Kaseorg a491c5a162 styles: Fix SimpleBar hover styling for simplebar@5.1.0.
Follow an upstream adjustment to the styling of the vertical
scrollbar (but not the horizontal scrollbar).

https://github.com/Grsmto/simplebar/issues/420

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2020-03-13 16:14:23 -07:00
Steve Howell fcc5ae5247 invites: Fix regression w/email vs. delivery_email.
In 220c2a5ff3 I
introduced a query to find invites by delivery_email
but was still using email as the key.

For most realms `email` and `delivery_email` are
synonymous, so this temporary bug would not affect
them.  For realms that restrict emails, the invite
would have probably failed for other reasons, but
the symptom would have been less clear.
2020-03-12 10:13:08 -04:00
majordwarf 68dcdcd28e todo_list: Add task description and index numbers.
The user can pass description along with the task name by splitting the input string with hyphen.

Eg: Task Title - Task Description
todo_list: Add index numbers to task.
2020-03-12 08:02:06 -04:00
majordwarf ba2f11f78c todo_list: Render task name in bold text. 2020-03-12 08:02:06 -04:00
Steve Howell 1b16693526 tests: Limit email-based logins.
We now have this API...

If you really just need to log in
and not do anything with the actual
user:

    self.login('hamlet')

If you're gonna use the user in the
rest of the test:

    hamlet = self.example_user('hamlet')
    self.login_user(hamlet)

If you are specifically testing
email/password logins (used only in 4 places):

    self.login_by_email(email, password)

And for failures uses this (used twice):

    self.assert_login_failure(email)
2020-03-11 17:10:22 -07:00
Steve Howell c235333041 test performance: Pass in users to api_* helpers.
This reduces query counts in some cases, since
we no longer need to look up the user again. In
particular, it reduces some noise when we
count queries for O(N)-related tests.

The query count is usually reduced by 2 per
API call.  We no longer need to look up Realm
and UserProfile.  In most cases we are saving
these lookups for the whole tests, since we
usually already have the `user` objects for
other reasons.  In a few places we are simply
moving where that query happens within the
test.

In some places I shorten names like `test_user`
or `user_profile` to just be `user`.
2020-03-11 14:18:29 -07:00
Steve Howell 626ad0078d tests: Add uuid_get and uuid_post.
We want a clean codepath for the vast majority
of cases of using api_get/api_post, which now
uses email and which we'll soon convert to
accepting `user` as a parameter.

These apis that take two different types of
values for the same parameter make sweeps
like this kinda painful, and they're pretty
easy to avoid by extracting helpers to do
the actual common tasks.  So, for example,
here I still keep a common method to
actually encode the credentials (since
the whole encode/decode business is an
annoying detail that you don't want to fix
in two places):

    def encode_credentials(self, identifier: str, api_key: str) -> str:
        """
        identifier: Can be an email or a remote server uuid.
        """
        credentials = "%s:%s" % (identifier, api_key)
        return 'Basic ' + base64.b64encode(credentials.encode('utf-8')).decode('utf-8')

But then the rest of the code has two separate
codepaths.

And for the uuid functions, we no longer have
crufty references to realm.  (In fairness, realm
will also go away when we introduce users.)

For the `is_remote_server` helper, I just inlined
it, since it's now only needed in one place, and the
name didn't make total sense anyway, plus it wasn't
a super robust check.  In context, it's easier
just to use a comment now to say what we're doing:

    # If `role` doesn't look like an email, it might be a uuid.
    if settings.ZILENCER_ENABLED and role is not None and '@' not in role:
        # do stuff
2020-03-11 14:18:29 -07:00
Steve Howell 00dc976379 tests: Use users for common_subscribe_to_streams.
We also use users for get_streams().
2020-03-11 14:18:29 -07:00
Sourabh Singh 1b3cfecf2a
webhooks: Add team reviewers support in github webhook.
The github webhook implementation previously ignored the "team reviewers"
part of pull_request events, resulting in inaccurate output.

Fixes: #14096.
2020-03-10 16:29:59 -07:00
Tim Abbott 68274cae74 apps: Fix broken desktop download links.
This was introduced by my failing to properly test the recent bundle
of changes to this logic.
2020-03-10 14:38:23 -07:00
BIraj 60385366f0 js: Cleanup debug.js example to use ES syntax. 2020-03-09 14:07:13 -07:00
Mateusz Mandera 2000608a9e report_error: Fix inaccurate docstring.
do_report_error isn't actually below.
2020-03-09 13:54:58 -07:00
Mateusz Mandera 89394fc1eb middleware: Use request.user for logging when possible.
Instead of trying to set the _requestor_for_logs attribute in all the
relevant places, we try to use request.user when possible (that will be
when it's a UserProfile or RemoteZulipServer as of now). In other
places, we set _requestor_for_logs to avoid manually editing the
request.user attribute, as it should mostly be left for Django to manage
it.
In places where we remove the "request._requestor_for_logs = ..." line,
it is clearly implied by the previous code (or the current surrounding
code) that request.user is of the correct type.
2020-03-09 13:54:58 -07:00
Mateusz Mandera 0255ca9b6a middleware: Log user.id/realm.string_id instead of _email. 2020-03-09 13:54:58 -07:00
akashaviator 700123a30b api: Document DELETE ../messages/{message_id}/reactions endpoint.
This refactors remove_reaction in python_examples.py to validate the
result with validate_against_openapi_schema.  Minor changes and some
additions have been made to the OpenAPI format data for
/messages/{message_id}/reactions endpoint.
2020-03-08 19:12:45 -07:00
akashaviator 5dd1a1fc83 api: Document POST ../messages/{message_id}/reactions endpoint.
This refactors add_reaction in python_examples.py to use the
openapi_test_function decorator and validate result with
validate_against_openapi_schema. Minor changes have been made to the
OpenAPI format data for /messages/{message_id}/reactions endpoint.

This also adds add-emoji.md to templates/zerver/api and adds
add-emoji to rest-endpoints.md (templates/zerver/help/include).
2020-03-08 19:04:15 -07:00
akashaviator 9c63976da5 api: Refactor get_members_backend in zerver/views/users.py.
This refactors get_members_backend to return user data of a single
user in the form of a dictionary (earlier being a list with a single
dictionary).

This also refactors it to return the data with an appropriate key
(inside a dictionary), "user" or "members", according to the type of
data being returned.

Tweaked by tabbott to use somewhat less opaque code and simple OpenAPI
descriptions.
2020-03-08 18:43:30 -07:00
Tim Abbott 2c75b39078 templates: Delete show_debug feature.
As far as I know, this hasn't been used in at least 5 years, and I'm
not sure there's a real use case for it with the current app.
2020-03-08 18:34:59 -07:00
Tim Abbott ccf63ac66b decorators: Restructure get_client_name interface.
Previously, get_client_name was responsible for both parsing the
User-Agent data as well as handling the override behavior that we want
to use "website" rather than "Mozilla" as the key for the Client object.

Now, it's just responsible for User-Agent, and the override behavior
is entirely within process_client (the function concerned with Client
objects).

This has the side effect of changing what `Client` object we'll use
for HTTP requests to /json/ endpoints that set the `client` attribute.
I think that's in line with our intent -- we only have a use case for
API clients overriding the User-Agent parsing (that feature is a
workaround for situations where the third party may not control HTTP
headers but does control the HTTP request payload).

This loses test coverage on the `request.GET['client']` code path; I
disable that for now since we don't have a real use for that behavior.

(We may want to change that logic to have Client recognize individual
browsers; doing so requires first using a better User-Agent parsing
library).

Part of #14067.
2020-03-08 14:19:50 -07:00
Tim Abbott 53cc00c21c messages: Ban the sender property when not mirroring.
The "sender" property in `send_message_backend` is meant to only do
something when doing Zephyr mirroring (or similar).  We should help
clients behave correctly by banning this property in requests that are
not specifically requesting mirroring behavior.

This commit requires changes to a number of tests that incorrectly
passed this parameter or didn't use the right setup for mirroring.
2020-03-08 14:09:32 -07:00
Tim Abbott cf897cc4b6 test_messages: Convert Zephyr mirror tests to use API.
The special Zephyr mirroring logic is only intended to be used via the
API, so this sets up a more effective test.  It also allows us to
remove certain Client parsing logic for the /json/ views using session
authentication.
2020-03-08 13:38:20 -07:00
sahil839 6a791e1939 subscriber list: Fix display of email addresses in subscribers list.
Original email address is shown to admin users in subscriber list when
email_address_visibilty is set to "Admins only" by passing delivery_email
at required places.  Email address are not shown to non-admin users when
visibility is set to "Admins only".

Tweaked by tabbott to fix a few bugs and dead code.

Fixes a part of #13541.
2020-03-08 12:42:08 -07:00
Tim Abbott d0927d38fc streams: Use user IDs in membership list to track subscribers.
User IDs are more robust than email addresses as they don't change
with time, and also don't have complications with
different email_address_visibility settings.
2020-03-08 12:37:48 -07:00
Mateusz Mandera fe0f381914 populate_db: Don't restrict email domains by default in tests and dev.
The email domain restriction to @zulip.com is annoying in development
environment when trying to test sign up. For consistency, it's best to
have tests use the same default, and the tests that require domain
restriction can be adjusted to set that configuration up for themselves
explicitly.
2020-03-07 18:38:59 -08:00