Commit Graph

5061 Commits

Author SHA1 Message Date
Hardik Dharmani bae28dfe64 message_list_hover: Extract module for hover/unhover logic.
Remove the various message-hover related functions from ui_init.js and
put them in a new module.
2023-09-28 18:07:26 -07:00
Anders Kaseorg f4768b0030 lint: Fix semgrep scanning of extensionless Python scripts.
Semgrep 0.118.0 changed the default of --scan-unknown-extensions to
false.  It also seems that it no longer respects --lang (or never
did), so rename the config file to reflect that it only includes
Python rules, to make it clear that additional languages will require
separate config files.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-09-28 14:19:50 -07:00
Aman Agrawal 820b564072 right_sidebar_ui: Rename to sidebar_ui. 2023-09-28 08:41:03 -07:00
Sahil Batra 1de3a9f4a3 bots: Extract code for showing integration url modal in new file.
This commit creates a new file integration_url_modal.js which
now contains the code for showing integration url modal.

Since show_generate_integration_url_modal is used in multiple
places, this change helps us in avoiding import cycles.
2023-09-26 09:15:20 -07:00
Sahil Batra f3c17b8d4f users: Extract code for showing deactivation modal in new file.
This commit creates a new file user_deactivation_ui.js which
now contains the code for showing deactivation modal for user
and bots.

Since confirm_deactivation and confirm_bot_deactivation functions
are used in multiple places, this change helps us in avoiding
import cycles.
2023-09-26 09:15:20 -07:00
Aman Agrawal e0ff125116 views: Write a common show and hide function.
Fixes #26688
2023-09-25 13:16:25 -07:00
Sahil Batra c7cbdd3741 custom_fields: Extract some code in custom_profile_fields_ui.js.
This commit moves initialize_custom_pronouns_type_fields,
initialize_custom_user_type_fields, initialize_custom_date_type_fields
and append_custom_profile_fields functions to the new file
custom_profile_fields_ui.js from settings_account.js since
they are used for both showing custom profile fields in
"Profile" settings panel and "Edit user" form shown in
user profile modal. This change also helps us in avoiding
import cycles.
2023-09-25 13:14:49 -07:00
Tim Abbott c379d0bad6 right_sidebar_ui: Extract new module.
This UI is not actually a popover, and so there is no need for it to
live in popovers.js.
2023-09-25 06:29:47 -07:00
Aman Agrawal bdf6b210b8 copied_tooltip: Remove tippyjs import cycle by extracting it.
Moving show_copied_confirmation to a new library breaks the
dependency cycle of popover_menus and tippyjs.
2023-09-24 15:16:27 -07:00
Anders Kaseorg d6884399b2 invite: Convert module to TypeScript.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-09-22 17:10:51 -07:00
Anders Kaseorg 35568ec4d6 flatpickr: Convert module to TypeScript.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-09-22 17:08:17 -07:00
YashRE42 cb04ae1f95 search: Redesign search box.
Fixes #21798.
2023-09-21 08:58:31 -07:00
Anders Kaseorg acd0c5568a corporate: Remove Twitter third-party JavaScript and branding.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-09-21 08:53:37 -07:00
Daniil Fadeev d96110590b playground_links: Migrate popover to Tippy.
Fixes part of #23632.
2023-09-15 12:25:26 -07:00
Daniil Fadeev d89cd1e241 user_card_popover: Rename Handlebars templates.
List of renamed templates:
`user_info_popover_content` -> `user_card_popover_content`
`user_info_popover_manage_menu` -> `user_card_popover_manage_menu`
`user_info_popover_title` -> `user_card_popover_title`
2023-09-15 12:24:00 -07:00
Anders Kaseorg 28597365da python: Delete superfluous parens.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-09-13 13:40:19 -07:00
evykassirer a0df603aa7 puppeteer: Allow reruns in interactive mode when tests succeed.
We already allowed reruns for failing tests, and this adds
the ability to rerun tests that succeeded as well, which is
helpful for debugging flaky tests.
2023-09-13 12:46:22 -07:00
Anders Kaseorg 2665a3ce2b python: Elide unnecessary list wrappers.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-09-13 12:41:23 -07:00
Daniil Fadeev c5f6c00a81 popovers: Extract user info popovers into their own module.
The intent behind this commit is to tidy up how we handle user info
popovers. The first step is to move everything related to them into
its own module. This commit should not have any functional changes.
2023-09-13 11:49:08 -07:00
Aman Agrawal 6ef0753a51 inbox: Add new narrow. 2023-09-12 09:20:33 -07:00
Anders Kaseorg 6988622fe8 ruff: Enable B023 Function definition does not bind loop variable.
Python’s loop scoping is misdesigned, resulting in a very common
gotcha for functions that close over loop variables [1].  The general
problem is so bad that even the Go developers plan to break
compatibility in order to fix the same design mistake in their
language [2].

Enable the Ruff rule function-uses-loop-variable (B023) [3], which
conservatively prohibits functions from binding loop variables at all.

[1] https://docs.python-guide.org/writing/gotchas/#late-binding-closures
[2] https://go.dev/s/loopvar-design
[3] https://beta.ruff.rs/docs/rules/function-uses-loop-variable/

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-09-11 18:03:45 -07:00
Anders Kaseorg cf4791264c python: Replace functools.partial with type-safe returns.curry.partial.
The type annotation for functools.partial uses unchecked Any for all
the function parameters (both early and late).  returns.curry.partial
uses a mypy plugin to check the parameters safely.

https://returns.readthedocs.io/en/latest/pages/curry.html

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-09-11 18:03:45 -07:00
Alex Vandiver b94402152d models: Always search Messages with a realm_id or id limit.
Unless there is a limit on `id`, always provide a `realm_id` limit as
well.  We also notate which index is expected to be used in each
query.
2023-09-11 15:00:37 -07:00
Alex Vandiver 067de6f948 coverage: Skip zerver.lib.migrate coverage.
It is only covered when we run migration tests, which we are not
guaranteed to always be able to do.
2023-09-11 15:00:37 -07:00
Alex Vandiver d6745209f2 django: Use .exists() instead of .count() when possible. 2023-09-11 15:00:37 -07:00
Lalit Kumar Singh 5f74b9051e ts: Migrate `user_topics.js` to typescript. 2023-09-11 10:57:38 -07:00
Daniil Fadeev 7777c55b22 popovers: Extract `user_group_popover` into separate module.
This is a preparatory commit before we migrate `user_group_popover`
from Bootstrap to Tippy library.

The previous implementation was weirdly sharing the logic around
`current_message_info_popover_elem` with the user info popovers based
on a message; very likely an unfortunate latent bug caused by
copy/paste.

To address that, we need to add dedicated functions like
get_user_group_popover_items to avoid breaking keyboard navigation
with this extraction.
2023-09-11 10:26:50 -07:00
Lalit Kumar Singh c47a18eb2b ts: Migrate `realm_logo` to TypeScript. 2023-09-09 18:30:43 -07:00
Lalit Kumar Singh b8e0850aa1 ts: Migrate `realm_icon` to TypeScript. 2023-09-09 18:30:43 -07:00
Aman Agrawal 1305fe74b6 test-js-with-node: Remove deleted dropdown-list-widget module.
Fixes #25741
2023-09-09 18:22:25 -07:00
Anders Kaseorg 31b5879242 docs: Remove obsolete mentions of reStructuredText.
Commit b53e676860 (#19600) removed the
last of our reST.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-09-09 01:56:16 -07:00
Anders Kaseorg 964cc182a4 sync-translations: Normalize translations to NFC.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-09-08 17:51:47 -07:00
Lalit Kumar Singh affdffdda5 ts: Migrate `settings_emoji.js` to TypeScript. 2023-09-08 13:09:34 -07:00
Lalit Kumar Singh 5c2ba6c8fa ts: Migrate `avatar.js` module to TypeScript. 2023-09-08 13:09:12 -07:00
Zixuan James Li c336bf0398 api: Avoid programming errors due to nested Annotated types.
We want to reject ambiguous type annotations that set ApiParamConfig
inside a Union. If a parameter is Optional and has a default of None, we
prefer Annotated[Optional[T], ...] over Optional[Annotated[T, ...]].

This implements a check that detects Optional[Annotated[T, ...]] and
raise an assertion error if ApiParamConfig is in the annotation. It also
checks if the type annotation contains any ApiParamConfig objects that
are ignored, which can happen if the Annotated type is nested inside
another type like List, Union, etc.

Note that because
param: Annotated[Optional[T], ...] = None
and
param: Optional[Annotated[Optional[T], ...]] = None
are equivalent in runtime prior to Python 3.11, there is no way for us
to distinguish the two. So we cannot detect that in runtime.
See also: https://github.com/python/cpython/issues/90353
2023-09-08 08:20:17 -07:00
Zixuan James Li f4caf9dd79 api: Add new typed_endpoint decorators.
The goal of typed_endpoint is to replicate most features supported by
has_request_variables, and to improve on top of it. There are some
unresolved issues that we don't plan to work on currently. For example,
typed_endpoint does not support ignored_parameters_supported for 400
responses, and it does not run validators on path-only arguments.

Unlike has_request_variables, typed_endpoint supports error handling by
processing validation errors from Pydantic.

Most features supported by has_request_variables are supported by
typed_endpoint in various ways.

To define a function, use a syntax like this with Annotated if there is
any metadata you want to associate with a parameter, do note that
parameters that are not keyword-only are ignored from the request:
```
@typed_endpoint
def view(
    request: HttpRequest,
    user_profile: UserProfile,
    *,
    foo: Annotated[int, ApiParamConfig(path_only=True)],
    bar: Json[int],
    other: Annotated[
        Json[int],
        ApiParamConfig(
            whence="lorem",
            documentation_status=NTENTIONALLY_UNDOCUMENTED
        )
    ] = 10,
) -> HttpResponse:
    ....
```

There are also some shorthands for the commonly used annotated types,
which are encouraged when applicable for better readability and less
typing:
```
WebhookPayload = Annotated[Json[T], ApiParamConfig(argument_type_is_body=True)]
PathOnly = Annotated[T, ApiParamConfig(path_only=True)]
```

Then the view function above can be rewritten as:
```
@typed_endpoint
def view(
    request: HttpRequest,
    user_profile: UserProfile,
    *,
    foo: PathOnly[int],
    bar: Json[int],
    other: Annotated[
        Json[int],
        ApiParamConfig(
            whence="lorem",
            documentation_status=INTENTIONALLY_UNDOCUMENTED
        )
    ] = 10,
) -> HttpResponse:
    ....
```

There are some intentional restrictions:
- A single parameter cannot have more than one ApiParamConfig
- Path-only parameters cannot have default values
- argument_type_is_body is incompatible with whence
- Arguments of name "request", "user_profile", "args", and "kwargs" and
  etc. are ignored by typed_endpoint.
- positional-only arguments are not supported by typed_endpoint. Only
  keyword-only parameters are expected to be parsed from the request.
- Pydantic's strict mode is always enabled, because we don't want to
  coerce input parsed from JSON into other types unnecessarily.
- Using strict mode all the time also means that we should always use
  Json[int] instead of int, because it is only possible for the request
  to have data of type str, and a type annotation of int will always
  reject such data.

typed_endpoint's handling of ignored_parameters_unsupported is mostly
identical to that of has_request_variables.
2023-09-08 08:20:17 -07:00
evykassirer 3c16541eb4 recent: Rename recent_topics_util. 2023-09-08 07:36:33 -07:00
evykassirer f8db06569f recent: Rename recent_topics_ui. 2023-09-08 07:36:33 -07:00
Lalit Kumar Singh 9a6f7f0ead ts: Migrate `attachments_ui.js` to typescript. 2023-09-07 17:54:48 -07:00
Alex Vandiver 5d3ce8b2d4 puppet: Update dependencies. 2023-09-06 09:20:06 -07:00
Anders Kaseorg 81bd63cb46 ruff: Fix PIE808 Unnecessary `start` argument in `range`.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-09-01 14:57:01 -07:00
Lalit Kumar Singh 4f3a971e64 ts: Migrate `channel.js` module to TypeScript. 2023-08-28 09:19:07 -07:00
Zixuan James Li a081428ad2 user_groups: Make locks required for updating user group memberships.
**Background**

User groups are expected to comply with the DAG constraint for the
many-to-many inter-group membership. The check for this constraint has
to be performed recursively so that we can find all direct and indirect
subgroups of the user group to be added.

This kind of check is vulnerable to phantom reads which is possible at
the default read committed isolation level because we cannot guarantee
that the check is still valid when we are adding the subgroups to the
user group.

**Solution**

To avoid having another transaction concurrently update one of the
to-be-subgroup after the recursive check is done, and before the subgroup
is added, we use SELECT FOR UPDATE to lock the user group rows.

The lock needs to be acquired before a group membership change is about
to occur before any check has been conducted.

Suppose that we are adding subgroup B to supergroup A, the locking protocol
is specified as follows:

1. Acquire a lock for B and all its direct and indirect subgroups.
2. Acquire a lock for A.

For the removal of user groups, we acquire a lock for the user group to
be removed with all its direct and indirect subgroups. This is the special
case A=B, which is still complaint with the protocol.

**Error handling**

We currently rely on Postgres' deadlock detection to abort transactions
and show an error for the users. In the future, we might need some
recovery mechanism or at least better error handling.

**Notes**

An important note is that we need to reuse the recursive CTE query that
finds the direct and indirect subgroups when applying the lock on the
rows. And the lock needs to be acquired the same way for the addition and
removal of direct subgroups.

User membership change (as opposed to user group membership) is not
affected. Read-only queries aren't either. The locks only protect
critical regions where the user group dependency graph might violate
the DAG constraint, where users are not participating.

**Testing**

We implement a transaction test case targeting some typical scenarios
when an internal server error is expected to happen (this means that the
user group view makes the correct decision to abort the transaction when
something goes wrong with locks).

To achieve this, we add a development view intended only for unit tests.
It has a global BARRIER that can be shared across threads, so that we
can synchronize them to consistently reproduce certain potential race
conditions prevented by the database locks.

The transaction test case lanuches pairs of threads initiating possibly
conflicting requests at the same time. The tests are set up such that exactly N
of them are expected to succeed with a certain error message (while we don't
know each one).

**Security notes**

get_recursive_subgroups_for_groups will no longer fetch user groups from
other realms. As a result, trying to add/remove a subgroup from another
realm results in a UserGroup not found error response.

We also implement subgroup-specific checks in has_user_group_access to
keep permission managing in a single place. Do note that the API
currently don't have a way to violate that check because we are only
checking the realm ID now.
2023-08-24 17:21:08 -07:00
evykassirer a8d2481d77 generate emoji: Use hex_codepoint_to_emoji.
This new util function helps make the
code here a little more readable.
2023-08-23 16:18:15 -07:00
evykassirer 0289beb784 emoji: Match emoji sequences in markdown.
Fixes #11767.

Previously multi-character emoji sequences weren't matched in the
emoji regex, so we'd convert the characters to separate images,
breaking the intended display.

This change allows us to match the full emoji sequence, and
therefore show the correct image.
2023-08-23 16:18:15 -07:00
evykassirer 78f0dca269 narrow: Save blue box position and restore on navigation.
This saves the blue box position as state on the location
in brower history, with `history.replaceState`.

The position is restored when a narrow is activated.

Fixes #20066.
2023-08-23 13:40:26 -07:00
shu.chen 321776ac49
provision: Add provision support for Fedora 38.
Tweaked provision script to run successfully in Fedora 38 and
included a script to build the groonga libs from source because
the packages in Fedora repos are outdated.

There is a major version jump from the last supported version (F34)
which is EOL so references and support for older versions were
removed.

Fixes: #20635
2023-08-22 11:26:29 -07:00
Anders Kaseorg 328cdde243 documentation: Remove duplicate heading IDs on server side.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-08-21 17:25:14 -07:00
Anders Kaseorg c5dce72ff4 install-transifex-cli: Upgrade Transifex CLI from 1.6.8 to 1.6.10.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-08-17 18:16:47 -07:00
Anders Kaseorg 041dcdfbad tools: Use subprocess.check_call where appropriate.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-08-17 17:05:34 -07:00