Commit Graph

61032 Commits

Author SHA1 Message Date
AJ Kerrigan 697c79a6cc
docs: Advertise Inbox and Recent view navigation shortcuts.
Add to the help center and in-app shortcuts overlay, near the existing
"Go to combined feed" shortcut, documentation for the similar inbox/recent view
navigation shortcuts.
2024-09-26 13:13:35 -07:00
Alex Vandiver a20673a267 upload: Allow filtering to just a prefix (e.g. a realm id). 2024-09-26 12:01:11 -07:00
Alex Vandiver 33781f019c users: Factor out do_send_password_reset_email. 2024-09-26 12:01:11 -07:00
Alex Vandiver 2c51824b7d slack_import: Strip port from "domain_name".
This lets slack conversions be done on development hosts, which have a
trailing :9991 on their EXTERNAL_HOST; otherwise, we generate fake
emails like `imported-slack-bot@host.name:9991` which fail to
validate.
2024-09-26 12:01:11 -07:00
Alex Vandiver e68096c907 slack: Protect against zip bombs.
A file which unpacks to more than 10x its original size is suspect,
particularly if that results in an uncompressed size > 1GB.
2024-09-26 12:01:11 -07:00
Alex Vandiver 6f7c14c9ec slack: Check that the archive is shaped the way we expect.
This is some minor protection against malicious zipfiles (e.g. many
very deep directories to chew up inodes), in addition to validation.
2024-09-26 12:01:11 -07:00
Alex Vandiver d9f868a163 slack: Clean up expanded zipfiles more consistently. 2024-09-26 12:01:11 -07:00
Alex Vandiver 579cf4ada7 upload: Make local-file save_attachment_contents chunk-at-a-time.
This means it does not attempt to hold large files entirely in memory
when writing them to a new location on disk.
2024-09-26 12:01:11 -07:00
Alex Vandiver 2dc737335e upload: Switch from BinaryIO to IO[bytes].
This is slightly more generally-compatible.
2024-09-26 12:01:11 -07:00
Alex Vandiver 638c579c56 tusd: Set metadata correctly in S3.
The Content-Type, Content-Disposition, StorageClass, and general
metadata are not set according to our patterns by tusd; copy the file
to itself to update those properties.
2024-09-26 12:00:43 -07:00
Alex Vandiver 287850d08d tusd: Remove non-ASCII characters from path-ids. 2024-09-26 12:00:43 -07:00
Alex Vandiver 84280ed7c2 upload: When serving s3 download URLs, send real filename.
Setting `ResponseContentDisposition=attachment` means that we override
the stored `ContentDisposition`, which includes a filename.  This
means that using the "Download" link on servers with S3 storage
produced a file named the sanitized version we stored.

Explicitly build a `ContentDisposition` to tell S3 to return, which
includes both `attachment` as well as the filename (if we have it
locally).
2024-09-26 12:00:43 -07:00
Sahil Batra 6ddaaa4ef9 signup: Show realm name in a tooltip on signup page.
This is needed to make sure that user can see the realm
name in case it does not fits into the UI and is shown
with ellipsis.

Fixes #31676.
2024-09-26 11:58:31 -07:00
Tim Abbott 9b67164270 email_notifications: Fix emoji being giant in Outlook.
Apparently, Outlook ignores height/width CSS rules, but does support
the attribute on the image element itself, so specify that instead.

I don't think there are likely to be image tag implementations that
don't support the attribute, given that's the only thing that works in
Outlook.
2024-09-26 11:58:12 -07:00
Alex Vandiver 0c7d83f7da kandra: Use vector to plumb SES logs into S3. 2024-09-26 11:19:45 -07:00
Alex Vandiver 60759ab5fb kandra: Use generic "vector" process, not dedicated "akamai" process.
This makes the Vector configuration extensible, to allow it to be used
not just for ingesting Akamai logs.
2024-09-26 11:19:45 -07:00
Aman Agrawal 6e4895b05f landing-page: Update streams_and_topics_day images.
Removed the night images since they were not being used and these
new day mode images are designed to look not too bright in the
dark mode screens too.
2024-09-26 09:27:01 -07:00
Anders Kaseorg d5bc3421fc install-tusd: Be careful to match the complete version line.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-09-26 09:26:34 -07:00
Anders Kaseorg fb623f4450 eslint: Fix @typescript-eslint/no-duplicate-type-constituents.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-09-25 15:43:37 -07:00
Anders Kaseorg e63365a4da katex_server: Fix import/no-named-as-default.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-09-25 15:41:01 -07:00
Anders Kaseorg 890f9e67f4 settings_linkifiers: Fix zod import.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-09-25 15:40:04 -07:00
Alex Vandiver b0ca32c955 nginx: Fix missing word in comment. 2024-09-25 11:15:03 -07:00
tnmkr a435b7687a custom_profile_fields: Update label for non-editable field toggle.
The rewording clarifies that this setting allows users to change only
the value of the field for their own account.

This is a follow-up to #29570 which implented the setting through a
series of 3 commits ending in 23efb5cec7.
2024-09-25 11:14:41 -07:00
Tim Abbott 21ddd719e7 message_events: Fix move_message_stream_id type confusion. 2024-09-25 11:13:09 -07:00
Alex Vandiver 77a121082b kandra: Add localhost access to internal APIs on port 80.
This parallels 02d3fb7666.
2024-09-25 10:08:27 -07:00
Anders Kaseorg 5a978edf40 install-aws-server: Fix SC2206 violation.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-09-24 23:05:39 -07:00
Anders Kaseorg 0cc6421118 install-transifex-cli: Upgrade Transifex CLI from 1.6.16 to 1.6.17.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-09-24 20:51:24 -07:00
Anders Kaseorg a9fb8dccae requirements: Upgrade Python requirements.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-09-24 19:27:21 -07:00
Anders Kaseorg f0f048de69 corporate: Import corporate.lib.stripe lazily.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-09-24 18:18:26 -07:00
Anders Kaseorg fcafcb24d7 corporate: Fix decorators to pass arguments and update signatures.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-09-24 18:18:26 -07:00
Anders Kaseorg 5e62903d29 corporate: Use Literal types for upgrade parameters.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-09-24 18:18:26 -07:00
Anders Kaseorg 88782f2917 integrations: Lazily load webhook integrations.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-09-24 18:17:52 -07:00
Anders Kaseorg 6c442273ee test_urls: Remove dead URLResolutionTest.
This test was written back when Django accepted view function names as
strings that might be wrong; that’s not possible in Django ≥ 1.10.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-09-24 18:17:52 -07:00
evykassirer 76a602842d message_list: Make data required in the constructor. 2024-09-24 17:16:15 -07:00
evykassirer 28c3701677 message_list: Move comment from constructor to class definition. 2024-09-24 17:16:15 -07:00
evykassirer 35bb00a6e5 message_view: Rename TargetMessageIdInfo to be more specific. 2024-09-24 17:16:15 -07:00
evykassirer 608c5ee54a message_view: Make trigger required for changehash and update_hash_to_match_filter. 2024-09-24 17:16:15 -07:00
Anders Kaseorg 184c0203f3 upload: Lazily import boto3.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-09-24 16:38:37 -07:00
evykassirer af915523a7 message_view: Convert module to typescript. 2024-09-24 15:43:27 -07:00
evykassirer b0785f0f2c message_view: Name mutated opts separate from function params.
This will help with Typescript conversion.
2024-09-24 15:43:27 -07:00
evykassirer 5b151cff96 message_view: Rename show's original opts to show_opts.
This will help with Typescript conversion.
2024-09-24 15:43:27 -07:00
evykassirer 3da3661a34 message_view: Access window.history.state through browser_history. 2024-09-24 15:43:27 -07:00
evykassirer df03d65cad browser_history: Use zod to parse window.history.state. 2024-09-24 15:43:27 -07:00
Vector73 9e4e85e140 saved_snippets: Add backend for saved snippets.
Part of #31227.
2024-09-24 15:27:58 -07:00
Tim Abbott 90a4b4934a text_fixtures: Fix buggy skip-checks placement. 2024-09-24 15:00:46 -07:00
evykassirer 7bff149325 filter: Fix bug where invalid stream name could throw an error. 2024-09-24 15:00:10 -07:00
Sahil Batra 758fdc87e0 group_setting_pill: Do not allow guest users for some settings.
For settings with allow_everyone_group is False, guest users
are not allowed to do the task controlled by that setting even
if the guest user is member of the group which is used for
that setting.

So, we do not show guest users in typeahead for such settings
and also not create a pill when someone types full email of
the guest user in the input.

There is no such restriction in the API and it is fine
since we eventually have the check to not give guest user
the permission.
And we still allow guests to be part of any group, so there is
no restriction on using groups containing guests as subgroups
of the anonymous groups and showing them in typeahead.
2024-09-24 14:36:45 -07:00
Sahil Batra d0fbad3250 group_setting_pill: Pass setting_type in pill_config.
We only use pills UI for can_manage_group setting currently,
but we can still pass setting_type in pill_config so that we
can use that while calling get_group_permission_setting_config
for checking if group is allowed to be used in the setting when
creating group pill from group name.
2024-09-24 14:36:45 -07:00
Sahil Batra c4026615ae user_group_pill: Accept setting_type as parameter in typeahead_source.
We currently use the pills UI only for can_manage_group setting so
it is fine to pass setting type as "group" directly to
get_realm_user_groups_for_setting, but it would be better to just
accept setting_type as parameter in typeahead_source and pass that
to get_realm_user_groups_for_setting as other settings will also
use the pills UI in future.
2024-09-24 14:36:45 -07:00
evykassirer b2e1c5aec4 message_fetch: Don't allow undefined narrow term operands. 2024-09-24 14:34:07 -07:00