Commit Graph

60115 Commits

Author SHA1 Message Date
Tim Abbott ed72d1a080 version: Update version after 9.3 release. 2024-11-22 17:16:35 -08:00
Tim Abbott 0968ef91e8 Release Zulip Server 9.3. 2024-11-22 17:10:02 -08:00
Tim Abbott 406e77ad74 migrations: Add progress indicator for imageattachment backfill.
These migrations can take a while, so it's worth having a progress
indicator.

Fixes #32232.

(cherry picked from commit ddc26c6af7)
2024-11-22 14:26:20 -08:00
Anders Kaseorg d88caa7237 requirements: Upgrade Python requirements.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
(cherry picked from commit ffad6e7486)
2024-11-21 10:28:36 -08:00
Anders Kaseorg 421bdbde57 requirements: Upgrade Python requirements.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
(cherry picked from commit 3ec58fd3d5)
2024-11-21 10:28:36 -08:00
Anders Kaseorg b268ec3933 test_counts: Remove mostly unused assert_table_count helper.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
(cherry picked from commit 5b486a74f5)
2024-11-21 10:28:36 -08:00
Anders Kaseorg 23934d5fc2 ruff: Fix SIM115 Use a context manager for opening files.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
(cherry picked from commit 71ca928ec9)
2024-11-21 10:28:36 -08:00
Anders Kaseorg 9a38328617 ruff: Fix SIM910 Use `.get(key)` instead of `.get(key, None)`.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
(cherry picked from commit 10271fb850)
2024-11-21 10:28:36 -08:00
Anders Kaseorg 5fcf72a645 requirements: Upgrade Python requirements.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
(cherry picked from commit a9fb8dccae)
2024-11-21 10:28:36 -08:00
Anders Kaseorg c6eca2cdab corporate: Fix decorators to pass arguments and update signatures.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
(cherry picked from commit 65846c8543)
2024-11-21 10:28:36 -08:00
Anders Kaseorg f878ecf207 requirements: Upgrade Python requirements.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
(cherry picked from commit 8589becc48)
2024-11-21 10:28:36 -08:00
Anders Kaseorg c4d8a988af ruff: Fix PLR1730 Replace `if` statement with `min`.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-11-21 10:28:36 -08:00
Anders Kaseorg 19bb8d75d8 run-dev: Remove unnecessary compress=False for aiohttp.
This seems to have been unnecessary since aiohttp 2, and now causes a
type error.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
(cherry picked from commit d67831ba4b)
2024-11-21 10:28:36 -08:00
Tim Abbott bad373bbfa migrations: Fix migration 0576 local backfill path and repeat.
Unfortunately, because this migration has already been run for many
installations, we need to ship another copy of the migration.

It should be a noop when repeated.

(cherry picked from commit 66537c8bf8)
2024-11-19 17:14:11 -08:00
PieterCK 71ff784e14 slack_data_import: Fix incorrect hyperlink conversion.
Currently, Slack messages containing hyperlinks
(e.g.,<http://foo.com|Foo!>) are converted like
normal links. This commit reformats Slack
hyperlinks into Zulip-friendly markdown
(e.g., [Foo!](http://foo.com)).

Part of #32165.

(cherry picked from commit fc50736f4e)
2024-11-19 17:14:11 -08:00
Aman Agrawal 27ad311b38 recent_view: Fix backfill data not updated after reload.
This fixes backfill data not being inserted in recent view if
recent view was open when it received the backfill data.

Fixed by inserted rows in the sorted order instead of inserting
them randomly which caused rows to not be inserted if there were
no rows around the row being inserted.

(cherry picked from commit 6fe3ceb0ee)
2024-11-19 17:14:11 -08:00
Tim Abbott 8c50f0ecdd docs: Simplify Docker trade-offs discussion.
(cherry picked from commit ffa7e0ac08)
2024-11-18 18:32:25 -08:00
Tim Abbott c68ac3f431 docs: Stop describing Docker as experimental.
It's not an accurate descripton for an image that's been used in
production for many years, and we fully support.

(cherry picked from commit 81476308f5)
2024-11-18 18:32:25 -08:00
Mateusz Mandera 432ac3902c slack: Call the correct resize_* function when importing realm icon.
For resizing the icon.png files, we use resize_avatar, not resize_logo.
This is pretty confusing - sure, for icons we use the same function as
for avatars, but we should have a proper name for the function called in
the icon context. So this commit also adds resize_realm_icon, and
changes the calls to resize_avatar in icon contexts to
resize_realm_icon.

(cherry picked from commit 420849ff6a)
2024-11-18 18:32:25 -08:00
Alex Vandiver d37f47b318 slack_import: Strip port from "domain_name".
This lets slack conversions be done on development hosts, which have a
trailing :9991 on their EXTERNAL_HOST; otherwise, we generate fake
emails like `imported-slack-bot@host.name:9991` which fail to
validate.

(cherry picked from commit 2c51824b7d)
2024-11-18 18:32:25 -08:00
Alex Vandiver d72abb9096 slack: Protect against zip bombs.
A file which unpacks to more than 10x its original size is suspect,
particularly if that results in an uncompressed size > 1GB.

(cherry picked from commit e68096c907)
2024-11-18 18:32:25 -08:00
Alex Vandiver 5f19ebd1f0 slack: Check that the archive is shaped the way we expect.
This is some minor protection against malicious zipfiles (e.g. many
very deep directories to chew up inodes), in addition to validation.

(cherry picked from commit 6f7c14c9ec)
2024-11-18 18:32:25 -08:00
Alex Vandiver c6eb0647ba slack: Clean up expanded zipfiles more consistently.
(cherry picked from commit d9f868a163)
2024-11-18 18:32:25 -08:00
Mateusz Mandera 8bed7c7235 docs: Fix upgrade instructions for Ubuntu 22.04->24.04.
Due to Ubuntu 22.04->24.04 doing an incompatible minor version
jump in rabbitmq-server, we need to work around the issue by removing
the rabbitmq-server package before upgrading to 24.04.

https://bugs.launchpad.net/ubuntu/+source/rabbitmq-server/+bug/2074309
(cherry picked from commit e37f3cca07)
2024-11-18 18:32:25 -08:00
Mateusz Mandera a7822f427e signup: Mirror dummy user should be registered with role from invite.
Aside of what's generally explained in the code comment, this is
motivated by the specific situation of import of Slack Connect channels.
These channels contain users who are "external collaborators" and
limited to a single channel in Slack. We don't have more sophisticated
handling of their import, which would map this concept 1-to-1 in Zulip -
but we create them as inactive dummy users, meaning they have to go
through signup before their account is usable.

The issue is that their imported UserProfile.role is set to Member and
when they register, the UserProfile gets reactivated with that role
unchanged. However, if e.g. the user is signing up after they received
an invitation from the admin, they should get the role that was
configured on the invite. In particular important if the user is meant
to still be "limited" and thus the admin invites them as a guest - they
definitely don't want the user to get a full Member account because of
this weird interaction between import and registration.

(cherry picked from commit 1d7d3fae61)
2024-11-18 18:32:25 -08:00
Mateusz Mandera aef6bee8c6 retention: Limit number of ids passed to db in delete messages query.
If do_delete_messages (and friends) are called for a massive number of
messages, the giant list of message ids is passed to Postgres even
though chunk_size makes all but the first chunk_size of message ids
useless.

(cherry picked from commit 18fbb5d146)
2024-11-18 18:32:25 -08:00
Mateusz Mandera fb188778f5 retention: Rename run_archiving_in_chunks to run_archiving.
(cherry picked from commit ed7c330548)
2024-11-18 18:32:25 -08:00
Tim Abbott 6ea213c300 email_notifications: Fix emoji being giant in Outlook.
Apparently, Outlook ignores height/width CSS rules, but does support
the attribute on the image element itself, so specify that instead.

I don't think there are likely to be image tag implementations that
don't support the attribute, given that's the only thing that works in
Outlook.

(cherry picked from commit 9b67164270)
2024-11-18 18:32:25 -08:00
Aditya Kumar Kasaudhan 6956e9a2b3 slack_incoming: Add ok=false to JSON in case of error.
Previously, errors were returned using Zulip's default format,
which did not match Slack's expected response structure.

This change ensures that errors in the Slack incoming webhook handler
return JSON responses in Slack's expected format: {ok: false, error:
"error string"}.

Fixes: #31878.
(cherry picked from commit d448b75176)
2024-11-18 18:32:25 -08:00
Anders Kaseorg cf47a7cb0c email_notifications: Prevent html2text from mangling Unicode.
html2text mangles Unicode by default, with a --unicode-snob option to
disable it.  If I have to get called a “snob” for wanting to correctly
support non-English languages, then uh, I’ll take one for the team.

https://github.com/Alir3z4/html2text/blob/2024.2.26/html2text/config.py#L111-L150

Signed-off-by: Anders Kaseorg <anders@zulip.com>
(cherry picked from commit 42e1517255)
2024-11-18 18:32:25 -08:00
Aman Agrawal bd41af941e echo: Fix send messages not visible when auto narrowed to recipient.
We simply forgot to `add_to_narrow` locally echoed messages if
the current narrow changed before we received confirmation from
server.

(cherry picked from commit 3fe1e554a6)
2024-11-18 18:32:25 -08:00
Tim Abbott 7e74966cee puppet: Require libldap-common be installed.
Zulip instances without a database included, like the Docker image,
would not fail to use TLS properly, since `TLS_REQCERT` was not set in
`/etc/ldap/ldap.conf`. While there's a few other ways we could fix
this, just installing libldap-common on app frontend instances seems
like a good solution, and has no impact on other Zulip systems, and it
was already being installed through a "Recommends" tier apt dependency
indirectly from the PostgreSQL server package.

Fixes zulip/docker-zulip#454.

(cherry picked from commit 9d68d89d01)
2024-11-18 18:32:25 -08:00
Tim Abbott f56c5c645f i18n: Update translations from Transifex. 2024-11-06 17:29:12 -08:00
Mateusz Mandera 97f19ede60 thumbnail: Make thumbnailing work with data import.
We didn't have thumbnailing for images coming from data import and this
commit adds the functionality.

There are a few fundamental issues that the implementation needs to
solve.

1. The images come from an untrusted source and therefore we don't want
   to just pass them through to thumbnailing without checking. For that
   reason, we cannot just import ImageAttachment rows from the export
   data, even for zulip=>zulip imports.
   The right way to process images is to pass them to maybe_thumbail(),
   which runs libvips_check_image() on them to verify we're okay with
   thumbnailing, creates ImageAttachment rows for them and sends them
   to the thumbnailing queue worker. This approach lets us handle both
   zulip=>zulip and 3rd party=>zulip imports in the same way,

2. There is a somewhat circular dependency between the Message,
   Attachment and ImageAttachment import process:

- ImageAttachments would ideally be created after importing
  Attachments, but they need to already exist at the time of Message
  import. Otherwise, the markdown processor doesn't know it has to add
  HTML for image previews to messages that reference images. This would
  mean that messages imported from 3rd party tools don't get image
  previews.
- Attachments only get created after Message import however, due to the
  many-to-many relationship between Message and Attachment.

This is solved by fixing up some data of Attachments pre-emptively, such
as the path_ids. This gives us the necessary information for creating
ImageAttachments before importing Messages.

While we generate ImageAttachment rows synchronously, the actual
thumbnailing job is sent to the queue worker. Theoretically, the worker
could be very backlogged and not process the thumbnails anytime soon.
This is fine - if the app is loaded and tries to display a message with
such a not-yet-generated thumbnail, the code in `serve_file` will
generate the thumbnails synchronously on the fly and the user will see
the image preview displayed normally. See:

1b47134d0d/zerver/views/upload.py (L333-L342)
2024-10-29 10:42:03 -07:00
Mateusz Mandera 15ceb41678 tests: Extract upload_image helpers from test_markdown_thumbnail.
These are pretty general and can be useful utils for other tests.
2024-10-29 10:42:03 -07:00
PieterCK 778923112a data_import: Add email validation to third-party data converters.
This commit makes the third-party data converters check for invalid user
emails. If it finds any, it’ll raise an Exception and show an error
message with all the bad emails listed out.

Fixes: #31783
(cherry picked from commit 6289a551aa)
2024-10-25 08:22:14 -07:00
Anders Kaseorg f09c6ee9b1 styles: Fix invalid CSS generated due to @extend misusage.
@extend can only be used in an element selector, not directly within
@media.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
(cherry picked from commit 2c8ad219b1)
2024-10-25 08:22:14 -07:00
Anders Kaseorg 3920e513c5 localstorage: Fix removeDataRegexWithCondition to check parsed data.
Commit bca41fd29f (#23028) introduced
this for reload.is_stale_refresh_token, which had always returned true
because it was operating on the raw JSON string rather than the parsed
data.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
(cherry picked from commit 782fa2a803)
2024-10-25 08:22:14 -07:00
Tim Abbott 26b89b8021 rocketchat: Validate custom emoji before larger data sets.
This is a data set that's relatively likely to have weird failures,
and also likely to be fairly small.

(cherry picked from commit 010410c849)
2024-10-25 08:22:14 -07:00
Tim Abbott 3fdf76cbb3 rocketchat: Complete metadata verification before importing uploads.
This is not the best factored version of this, but it saves effort
changing the tests, and importantly should make failures involving
metadata only take a couple seconds rather than first doing a giant
BSON read before learning about them.

(cherry picked from commit 6e4da50577)
2024-10-25 08:22:14 -07:00
Tim Abbott 67ff928fd2 rocketchat: Move bson_code_options to a global variable.
This will make it a lot easier to only read files in when we actually
need them.

(cherry picked from commit 79b6f43d0e)
2024-10-25 08:22:14 -07:00
Karl Stolley e31896f70e lightbox: Address edge case where media may be unavailable.
(cherry picked from commit 708d07a885)
2024-10-09 17:13:37 -07:00
Karl Stolley 0364628241 lightbox: Restore centered media list.
(cherry picked from commit ead6f29200)
2024-10-09 17:13:37 -07:00
Johan Nilsson 9c6d88fa4a integrations: Add support for release events to GitLab integration.
(cherry picked from commit bf9cbe30a7)
2024-10-09 17:13:37 -07:00
Anders Kaseorg ef22685f37 thumbnail: Remove type: ignore.
(An alternate solution is message_classes: list[type[Message |
ArchivedMessage]].)

Signed-off-by: Anders Kaseorg <anders@zulip.com>
(cherry picked from commit 1b4e02c5d0)
2024-10-09 17:13:37 -07:00
Alex Vandiver aaaeb18064 thumbnail: Tighten and clarify the "type: ignore" limitation.
(cherry picked from commit 912c1b5984)
2024-10-09 17:13:37 -07:00
Alex Vandiver 57518a2059 thumbnail: Only lock the message row, not the Attachment row.
This prevents a deadlock between the thumbnailing worker and message
sending, as follows:

1. A user uploads an image, making Attachment and ImageAttachment
   rows, as well as enqueuing a job in the thumbnailing queue.

2. Message sending starts a transaction, creates the Message row,
   and calls `do_claim_attachments`, which edits the Attachment row
   of the upload (implicitly locking it).

3. The thumbnailing worker starts a transaction, locks the
   ImageAttachment row for its image, thumbnails it, and then
   attempts to `select_for_update()` the message objects (joined to
   the Attachments table) to find the ones which link to the
   attachment in question. This query blocks, since "a locking
   clause without a table list affects all tables used in the
   statement"[^1] and the message-send request already has a write
   lock on the Attachments row in question.

4. The message-send request attempts to re-fetch the ImageAttachment
   row inside the transaction, which tries to pull a lock on it.

5. Deadlock, because the message-send request has the Attachment
   lock, and waits for the ImageAttachment lock; the thumbnailing
   worker has the ImageAttachment lock, and waits for the Attachment
   lock.

We break this deadlock by limiting the
`update_message_rendered_content` `select_for_update` to only take
the lock on the Message table, and not also the Attachments table --
no changes will be made to the Attachments, so no lock is necessary
there. This allows the thumbnailing worker to successfully pull the
empty list of messages (since the message-send request has not
commits its transaction, and thus the Message row is not visible
yet), and release its ImageAttachment lock so that the message-send
request can proceed.

[^1]: https://www.postgresql.org/docs/current/sql-select.html#SQL-FOR-UPDATE-SHARE

(cherry picked from commit 3cbbf2307b)
2024-10-09 17:13:37 -07:00
Alex Vandiver 8dca9af3d0 thumbnail: Set a stable ordering on ImageAttachment rows for locking.
Failure to have a stable ordering can lead to deadlocks.

(cherry picked from commit ef21dd9b99)
2024-10-09 17:13:37 -07:00
Pierre Carru 871ef4b7bc slack_incoming: add ok=true to json in case of success.
This better simulates the Slack API, which is important, since some
integrations check this response and decide whether the Slack endpoint
is working based on what they receive.

(cherry picked from commit 5cbe3203f5)
2024-10-09 17:13:37 -07:00
Anders Kaseorg ccbe584571 filter: Fix unparse to round-trip Unicode whitespace operands.
Previously [{operator: "topic", operand: "one\xa0two"}] would be
unparsed to "topic:one\xa0two" which parses as [{operator: "topic",
operand: "one"}, {operator: "search", operand: "two"}], leading to
exceptions in the search pill system.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
(cherry picked from commit 9c2da46966)
2024-10-09 17:13:37 -07:00