Commit Graph

2443 Commits

Author SHA1 Message Date
Steve Howell 3462127ddb Improve test_client_info_for_normal_users().
We now test both possible values of apply_markdown.
2017-11-07 10:36:02 -08:00
Steve Howell 01777623a7 Improve test_get_events_narrow().
We now test message events with both possible value of
apply_markdown (False and True).
2017-11-07 10:36:02 -08:00
Steve Howell 88e1e284bb Restructure send-message code for gravatars.
This refactoring doesn't change behavior, but it sets us up
to more easily handle a register setting for `client_gravatar`,
which will allow clients to tell us they're going to compute
their own gravatar URLs.

The `client_gravatar` flag already exists in our code, but it
is only used for Django views (users/messages) but not for
Zulip events.

The main change is to move the call to `set_sender_avatar` into
`finalize_payload`, which adds the boolean `client_gravatar`
parameter to that function.  And then we update various callers
to supply that flag.

One small performance benefit of this change is that we now
lazily compute the client message payloads in
`event_queue.process_message_event` now, so this will improve
performance if all interested clients have the same value of
`apply_markdown`.  But the change here is really preparing us
for the additional boolean parameter, which will cause us to
have four variations of the payload.
2017-11-07 10:36:02 -08:00
Steve Howell 5be13fb066 Add cachify decorator. 2017-11-07 10:36:02 -08:00
derAnfaenger 0709033858 bugdown: Fetch complete data for tweet.
This makes an extended instead of a normal query,
resulting in the full text of a tweet being fetched
instead of just a truncated version.
2017-11-07 09:13:39 -08:00
rht c7fa1d4146 zerver/tests: Remove inheritance from object. 2017-11-06 08:53:48 -08:00
neiljp (Neil Pilgrim) 42f5eea61f mypy: Improve typing of request.pyi (REQ).
This expands request.pyi to type-check the arguments passed into REQ.

Tweaked by tabbott to fix the report.py annotations.
2017-11-04 20:26:03 -07:00
neiljp (Neil Pilgrim) 0d31cb568c mypy: Broaden some types from Dict to Any based on context. 2017-11-04 19:47:45 -07:00
neiljp (Neil Pilgrim) 055dff9038 mypy: Clarify parameter types in test_decorators.py. 2017-11-04 19:47:45 -07:00
neiljp (Neil Pilgrim) 6e6b1ce0d5 mypy: Explicitly inherit test_[sequence|mapping] test classes from generic types. 2017-11-04 19:47:45 -07:00
neiljp (Neil Pilgrim) 3fd720d8f4 mypy: Broadly specify lambda type parameters in test_events.py. 2017-11-04 19:47:45 -07:00
neiljp (Neil Pilgrim) aae8a03415 mypy: Explicitly specify Dict[str, Any] as DummyForm base type. 2017-11-04 19:47:45 -07:00
neiljp (Neil Pilgrim) b0e9fd7fa0 mypy: Specify type of decorator correctly in test_logging_handlers.py. 2017-11-04 19:47:45 -07:00
neiljp (Neil Pilgrim) f3b5b9db78 mypy: Specify Callable parameters in FakeClient functions in WorkerTest. 2017-11-04 19:47:45 -07:00
neiljp (Neil Pilgrim) 6f490394c3 mypy: Set explicit Any-like parameters for StatsMock functions. 2017-11-04 19:47:45 -07:00
Greg Price 68b0a419ec decorator: Cut a bunch of dead imports of two view decorators.
Saw these when grepping for these two decorators; they're actually
more numerous than the surviving use sites are.  Cut out the noise.
2017-11-04 19:27:00 -07:00
neiljp (Neil Pilgrim) d63733077f mypy: Return AdminZulipHandler in test_logging_handlers.py.
Switching from __class__.__name__ to isinstance() allows mypy to
confirm the list comprehension type, and so the return type.
2017-11-04 16:18:27 -07:00
Rishi Gupta 6e02ce8344 unsubscribe: Use get_object_from_key for confirmation.
This is the only one of the confirmation pathways that wasn't using this
idiom, I think.
2017-11-03 15:33:16 -07:00
Rishi Gupta fdbe36644e confirmation: Add confirmation_type to get_object_from_key.
This change:

* Prevents weird potential attacks like taking a valid confirmation link
  (say an unsubscribe link), and putting it into the URL of a multiuse
  invite link. I don't know of any such attacks one could do right now, but
  reasoning about it is complicated.

* Makes the code easier to read, and in the case of confirmation/views.py,
  exposes something that needed refactoring anyway (USER_REGISTRATION and
  INVITATION should have different endpoints, and both of those endpoints
  should be in zerver/views/registration, not this file).
2017-11-03 15:33:16 -07:00
Tim Abbott 957e1c2ec6 mypy: Fix buggy import setup for embedded bot tests. 2017-11-03 14:38:43 -07:00
derAnfaenger f382875d5a embedded bots: Add full test coverage for queue processor. 2017-11-03 13:57:24 -07:00
derAnfaenger 3985cae689 outgoing webhook bots: Add message flow tests.
This adds coverage for the outgoing_webhooks
queue worker.
2017-11-03 13:55:16 -07:00
derAnfaenger 84328320eb outgoing webhook tests: Simplify response mock.
Before this commit, ResponseMock() was initialized
with a data attribute, which isn't used in the tests
and does not occur in the outgoing webhook code.
2017-11-03 13:53:39 -07:00
Greg Price 119bc14182 alias domains: Add a v1 of this feature.
The main limitation of this version is that it's controlled entirely
from settings, with nothing in the database and no web UI or even
management command to control it.  That makes it a bit more of a
burden for the server admins than it'd ideally be, but that's fine
for now.

Relatedly, the web flow for realm creation still requires choosing a
subdomain even if the realm is destined to live at an alias domain.

Specific to the dev environment, there is an annoying quirk: the
special dev login flow doesn't work on a REALM_HOSTS realm.  Also,
in this version the `add_new_realm` and `add_new_user` management
commands, which are intended for use in development environments only,
don't support this feature.

In manual testing, I've confirmed that a REALM_HOSTS realm works for
signup and login, with email/password, Google SSO, or GitHub SSO.
Most of that was in dev; I used zulipstaging.com to also test
 * logging in with email and password;
 * logging in with Google SSO... far enough to correctly determine
   that my email address is associated with some other realm.
2017-11-03 13:38:59 -07:00
Steve Howell 9767029211 Allow generic bots to be mentioned.
The original PR to allow generic bots to be mentioned had
some merge issues that we detected about a week after the
fact.  This commit restores the logic from the original PR.

The reason we didn't detect this bug earlier is that the
merge issues didn't break any existing behavior.  Instead,
they made it so that only UserMessage rows got written for
bots, but no events were being set.  The part of the commit
that got lost is restored here, so now events get sent as
well.

Thanks to @derAnfaenger for reporting this and being patient
as we tracked it down.

Fixes #7140
2017-11-03 07:45:18 -07:00
derAnfaenger 2155b255d6 service bot tests: Remove bot stream subscription.
Since service bots react to all @-mentions, the
stream subscription was redundant.
2017-11-02 14:44:11 -07:00
rht dcc831f767 refactor: Replace all __unicode__ method with __str__.
Close #6627.
2017-11-02 11:01:47 -07:00
Harshit Bansal 44bff43c86 actions.py: Rename `do_remove_reaction()` to `do_remove_reaction_legacy()`. 2017-10-31 15:42:35 -07:00
Harshit Bansal 233595b2f7 actions.py: Rename `do_add_reaction()` to `do_add_reaction_legacy()`. 2017-10-31 15:42:35 -07:00
Umair Khan 636046aec9 user-groups: Add basic backend for UserGroup model.
This adds the data model and bugdown support for the new UserGroup
mention feature.

Before it'll be fully operational, we'll still need:
* A backend API for making these.
* A UI for interacting with that API.
* Typeahead on the frontend.
* CSS to make them look pretty and see who's in them.
2017-10-31 15:16:14 -07:00
Tim Abbott 6df65abd50 team: Tweak some text. 2017-10-31 12:44:05 -07:00
Tim Abbott d27002ba21 landing-page: Replace /about with /team and /history in links. 2017-10-31 12:44:05 -07:00
Sampriti Panda d6df408a0e search: Add tests for multiple unicode search operands. 2017-10-31 10:53:16 -07:00
Tim Abbott 5e3ba1f20f mypy: Fix an unnecessary duplicate type declaration. 2017-10-31 10:46:02 -07:00
Sampriti Panda ee61e1be2c search: Fix misaligned highlights due to unicode characters.
tsearch_extras returns search offsets in bytes but our highlight
function treated them as character offsets.  Added a check to subtract
extra bytes if the tsearch search backend is being used.

Fixes #4084.
Fixes #7021.
2017-10-31 09:06:46 -07:00
Tim Abbott 8f9463bd72 test_bugdown: Check for unknown keys in markdown_test_cases.json.
This should help protect us from typos.
2017-10-31 08:58:42 -07:00
Brock Whittaker e86e259cb1 /api/: Add Markdown-based /api-new documentation.
This commit allows for the /api-new/ page to rendered similarly to our
/help pages.  It's based on the old content for /api, but we're not
replacing the old content yet, to give a bit of time to restructure
things reasonably.

Tweaked by eeshangarg and tabbott.
2017-10-30 22:32:43 -07:00
Aditya Bansal 31ea495842 test_uploads: Extract 'use_s3_backend' to test helpers. 2017-10-30 21:56:31 -07:00
Aditya Bansal 269cd3b8bf tests: Remove work around for non-writeable name property of StringIO. 2017-10-30 21:56:31 -07:00
Greg Price 26edde21f7 alias domains: Tweak a test helper that assumes hosts are subdomains.
Because this is for tests, a heuristic like this that's right in most
situations is actually fine; we can override it in the few cases where
a test might set up a situation where it fails.

So just make it clear for the next reader that that's what's going on,
and also adjust the helper's interface slightly so that its callers
do have that flexibility.
2017-10-30 18:29:29 -07:00
Greg Price eb55a3a1ba template context: Give better names to the URLs for the API.
The "subdomain" label is redundant, to the extent it's even
accurate -- this is really just the URL we want to display,
which may or may not involve a subdomain.  Similarly "external".

The former `external_api_path_subdomain` was never a path -- it's a
host, followed by a path, which together form a scheme-relative URL.
I'm not quite convinced that value is actually the right thing in
2 of the 3 places we use it, but fixing that can start by giving an
accurate name to the thing we have.
2017-10-30 18:29:29 -07:00
Steve Howell faba34dae4 Simplify bulk_remove_subscriptions().
We extract get_bulk_stream_subscriber_info() from this
function to remove some of the complexity.  Also, in that
new function we avoid a hop to the database by querying
on stream ids instead of recipient ids.  The query that
gets changed here does require a join to the recipient
table (to get the stream id), so it's a little bit of a
tradeoff.
2017-10-30 16:33:50 -07:00
rht c4fcff7178 refactor: Replace super(.*self) with Python 3-specific super().
We change all the instances except for the `test_helpers.py`
TimeTrackingCursor monkey-patching, which actually needs to specify
the base class.
2017-10-30 14:30:25 -07:00
Harshit Bansal c863bb83a0 html_diff: Migrate to use lxml.
We were using Google's diff-match-patch library to diff HTML. The
problem with that approach is that it is a text differ, not an HTML
differ and so it ends up messing up the HTML tags. `lxml` is a safer
option.

Fixes: #7219.
2017-10-30 14:10:35 -07:00
Tim Abbott c160c06f9c bot_storage: Fix missing test coverage.
Apparently, we didn't have coverage on setting a second value for a
key.
2017-10-30 14:10:35 -07:00
Steve Howell 2d0daffbc0 tests: Verify query counts for stream deactivation. 2017-10-29 18:36:35 -07:00
Steve Howell 126e14d1de Add zerver/lib/stream_subscription.py.
The first method we extract to this library is
get_active_subscriptions_for_stream_id().

We also move num_subscribers_for_stream_id() to here, which
is slightly annoying (having the method on Stream was nice)
but avoids some circular dependency issues.
2017-10-29 18:36:35 -07:00
Steve Howell f5fcbe453b Use get_stream_recipient() in test_narrow.mute_stream(). 2017-10-28 17:57:39 -07:00
Steve Howell 8302689789 Extract Message.is_stream_message().
This sets us up to denormalize on to Message some notion of
whether a message is for a stream (without having to hit the
Recipient table).
2017-10-28 17:57:39 -07:00
Steve Howell 8b012c6210 Extract get_personal_recipient(). 2017-10-28 17:57:39 -07:00
Steve Howell a28841e8aa Extract get_stream_recipient().
Do you call get_recipient(Recipient.STREAM, stream_id) or
get_recipient(stream_id, Recipient.STREAM)?  I could never
remember, and it was not very type safe, since both parameters
are integers.
2017-10-28 17:57:39 -07:00
Harshit Bansal 4c077a77ed notifications: Instead of regex use lxml for fixing emojis. 2017-10-28 10:38:33 -07:00
Steve Howell d132c30c24 Remove `active` parameter from `do_create_user()`.
Almost all callers to do_create_user were trying to
create active users, except for one test.  The
active=False codepath was kind of broken (things
like sending welcome messages had sort of undefined
behavior there), so instead of trying to maintain it,
we just update the one test (`test_people`) to flip the
`is_active` flag manually.

Fixes #7197
2017-10-28 10:32:01 -07:00
Steve Howell c978464d16 tests: Fix send_message calls in test_user.py. 2017-10-28 10:20:59 -07:00
Steve Howell 610d9b4abc tests: Fix send_message calls in test_unread.py. 2017-10-28 10:20:59 -07:00
Steve Howell a20bba04ca tests: Fix send_message calls in test_tutorial.py. 2017-10-28 10:20:59 -07:00
Steve Howell bb42004464 tests: Fix send_message calls in test_subs.py. 2017-10-28 10:20:59 -07:00
Steve Howell fba754224c tests: Fix send_message calls in test_soft_deactivation.py. 2017-10-28 10:20:59 -07:00
Steve Howell 6475b25a00 tests: Fix send_message calls in test_signup.py. 2017-10-28 10:20:59 -07:00
Steve Howell f264bbc7ca tests: Fix send_message calls in test_service_bot_system.py. 2017-10-28 10:20:59 -07:00
Steve Howell 8276442ee6 tests: Fix send_message calls in test_retention.py. 2017-10-28 10:20:59 -07:00
Steve Howell 1f077f7177 tests: Fix send_message calls in test_reactions.py. 2017-10-28 10:20:59 -07:00
Steve Howell 74943b4120 tests: Fix send_message calls in test_notifications.py. 2017-10-28 10:20:59 -07:00
Steve Howell 26e51c016d tests: Fix send_message calls in test_narrow.py. 2017-10-28 10:20:59 -07:00
Steve Howell 5c00bbc1a9 tests: Fix send_message in test_message_edit_notifications.py. 2017-10-28 10:20:59 -07:00
Steve Howell cf1a4540ef tests: Fix send_message calls in test_link_embed.py. 2017-10-28 10:20:59 -07:00
Steve Howell fd9d919fc6 tests: Fix send_message calls in test_home.py. 2017-10-28 10:20:59 -07:00
Steve Howell 1c38130626 tests: Fix send_message calls in test_export.py. 2017-10-28 10:20:59 -07:00
Steve Howell 3e319837ef tests: Fix send_message calls in test_events.py.
We mostly introduce these functions (as part of a big
code sweep):

    send_stream_message
    send_personal_message
    send_huddle_message

In two cases, where we want to specifically manipulate
queue ids, we now call check_send_message directly.  (The
above three functions deliberately don't support kwargs
to ensure simple code and better type safety.)
2017-10-28 10:20:59 -07:00
Steve Howell 25379a3b19 Fix send_message calls in test_embedded_bot_system.py. 2017-10-28 10:20:59 -07:00
Steve Howell 4372bfb4a5 tests: Fix send_message calls in test_bugdown.py. 2017-10-28 10:20:59 -07:00
Steve Howell 7cf5be2266 tests: Fix send_message calls in test_alert_words.py. 2017-10-28 10:20:59 -07:00
Steve Howell 53ad6270b4 tests: Fix send_message calls in test_event_queue.py. 2017-10-28 10:20:59 -07:00
Steve Howell 9c90c40c08 tests: Fix send_message calls in test_upload.py. 2017-10-28 10:20:59 -07:00
Tim Abbott fa55d7ed33 retry_event: Remove requirement of failed_tries being already there.
This fixes a bug where retries in the signups queue threw an exception.
2017-10-27 18:15:53 -07:00
Tim Abbott 090563fb25 test_tornado: Fix IOLoop exceptions output spam.
We weren't quite following the proper protocol for Tornado tests.
2017-10-27 16:28:33 -07:00
Tim Abbott f790e667b3 test_tornado: Fix repeated autoreload configuration in tests.
Apparently, our previous efforts to disable AUTORELOAD in the tests
were incorrect.
2017-10-27 16:19:03 -07:00
Tim Abbott aacafd7a4d test_tornado: Fix incorrect tearDown method for IOLoops.
We appear to have 2 bugs of this form, so this just cuts half of the
exception/warning log output, but it's a start.
2017-10-27 16:13:42 -07:00
Tim Abbott 49d7d49038 test_narrow: Fix sqlalchemy warning spam. 2017-10-27 16:06:03 -07:00
Tim Abbott d80d15c08d GoogleSubdomainLoginTest: Suppress unnecessary logging output.
This helps make our test output nice and clean.
2017-10-27 16:06:03 -07:00
Tim Abbott a1fa7a3c83 JWT: Filter out logging.warning output in tests. 2017-10-27 16:06:03 -07:00
Tim Abbott fca6df09b0 test_home: Mark a couple tests as explicitly slow. 2017-10-27 16:05:55 -07:00
Tim Abbott 28b25a66c2 test_events: Mark several slower tests as explicitly slow. 2017-10-27 15:46:59 -07:00
Tim Abbott ef9679667f test_docs: Fix unnecessary info-level logging in tests. 2017-10-27 15:44:45 -07:00
Tim Abbott 5467296f60 decorators: Use human_users_only more aggressively. 2017-10-27 15:16:13 -07:00
Tim Abbott 1cd017288d views: Fix imports of REQ/has_request_variables from the wrong place.
These were never in zerver/decorator.py, and so it makes sense to
import them zerver/lib/request.py, mostly for ease of finding things.
2017-10-27 15:07:31 -07:00
Greg Price e4b4f67b44 subdomains: Tighten search for EXTERNAL_HOST in get_subdomain.
If a Zulip install at example.org got a request at an HTTP `Host`
like foo.example.org.evil.com (or even foo.example.orgevil.com),
we would accept it as subdomain foo.  This isn't likely to happen
in practice because it shouldn't pass ALLOWED_HOSTS, and it's not
obvious to me that anything untoward could be done with it even
if ALLOWED_HOSTS were set wide open, but if nothing else it
multiplies the cases in analyzing this logic.

The reason we had a loose match like this, I assume, is to allow
the user to come from arbitrary ports -- especially in development.
So tighten the pattern to allow just that, and add some tests for
that behavior and a comment explaining why this complication is
needed.
2017-10-27 14:42:24 -07:00
Greg Price 1b19af2612 subdomains: Write some tests for get_subdomain.
This logic is a bit subtle, and we're about to make changes to it.
So let's have some tests.
2017-10-27 14:42:24 -07:00
Greg Price 318682fd52 auth: Use URL rather than cookie to pass signed data cross-domain.
The cookie mechanism only works when passing the login token to a
subdomain.  URLs work across domains, which is why they're the
standard transport for SSO on the web.  Switch to URLs.

Tweaked by tabbott to add a test for an expired token.
2017-10-27 14:42:04 -07:00
Greg Price 6efcce9374 oauth login: Refactor tests to dedupe a bit of recurring logic.
This makes the tests a little cleaner in itself, and also prepares
them to adjust with less churn when we change how
redirect_and_log_into_subdomain passes the signed token.
2017-10-27 14:28:38 -07:00
Greg Price fad3d56810 views: Move some login code from `registration` to `auth`.
Most of these have more to do with authentication in general than with
registering a new account.  `create_preregistration_user` could go
either way; we move it to `auth` so we can make the imports go only in
one direction.
2017-10-27 14:28:38 -07:00
Henrik Pettersson 09cd47c6ad Add UI for viewing and cancelling open Zulip invitations.
Lets administrators view a list of open(unconfirmed) invitations and
resend or revoke a chosen invitation.

There are a few changes that we can expect for the future:

  * It is currently possible to invite an email that you have already
    invited, it might make sense to change this behavior.

  * Resend currently sends an invite reminder instead of resending the
    original invite, this is because 'custom_body' was not stored when
    the first invite was sent.

Tweaked in various minor ways, primarily in the backend, by tabbott,
mostly for style consistency with the rest of the codebase.

Fixes: #1180.
2017-10-27 13:07:43 -07:00
Vishnu Ks 8c68a167fe backend: Allow Administrators to invite new users as admins.
Tweaked by tabbott to have the field before the invitation is
completed be called invite_as_admins, not invited_as_admins, for
readability.

Fixes #6834.
2017-10-27 11:19:38 -07:00
Steve Howell 4b78f69a87 tests: Introduce send_huddle_message().
The tighter interface here makes for shorter lines (or
fewer multi-line calls) and it leads to stricter type
checking.
2017-10-27 11:00:23 -07:00
Steve Howell 9707767b21 tests: Introduce send_personal_message().
The tighter interface prevents the need to specify
Recipient.PERSONAL (which can often be inaccurate in the
huddle case, anyway), and it prevents tests from confusingly
specifying a "subject" field for PMs.
2017-10-27 11:00:23 -07:00
Steve Howell 25a6fbd05d tests: Introduce send_stream_message().
Having send_stream_message() avoids the need to supply
Recipient.STREAM as a parameter, and it also uses the more
modern name of `topic_name` for topics.  Under the hood, it
avoids some annoying steps for re-formatting the recipients,
since we just have a single stream name.
2017-10-27 11:00:23 -07:00
Steve Howell 9576d25f92 Use check_send_stream_message in test_not_too_many_queries.
When possible, we want to use direct APIs for sending
stream messages.

This changes the codepath slightly, by not using
forwarded_user_profile, but it doesn't impact the number
of queries, and it's a simple check.

We also remove a couple "subject" references here.
2017-10-27 11:00:23 -07:00
Steve Howell abf16a96d1 Rename subject -> topic_name in assert_stream_message(). 2017-10-27 11:00:23 -07:00
Steve Howell c4404ed078 tests: Change some test topic names to not use "subject". 2017-10-27 11:00:23 -07:00
Steve Howell a70ede6c75 Allow "default" bots to see mentions on all streams.
This change allows normal bots to get UserMessage rows when
they are mentioned on a stream, even if they are not actually
subscribed to the stream.

Fixes #7140.
2017-10-26 22:16:47 -07:00
Steve Howell 53dbcbe2a4 refactor: Handle service bot mentions earlier in the code.
We now find all (possibly) relevant service bots for a message
in the call to get_recipient_info.  This allows us to eliminate
some code that would patch them after we rendered.

The get_service_bot_events() function will ignore any service
bots that weren't actually mentioned in the message (due to
backticks) or part of the active user ids.
2017-10-26 22:16:47 -07:00
Steve Howell 87b48f722d Add MentionData.get_user_ids().
This prepares us to take advantage of the user_ids
in subsequent commits related to `do_send_messages()`.
2017-10-26 22:16:47 -07:00
Steve Howell 635675fe48 Reduce queries needed for sending messages.
In do_send_messages, we only produce one dictionary for
the event queues, instead of different flavors for text
vs. html.  This prevents two unnecessary queries to the
database.

It also means we only put one dictionary on the "message"
event queue instead of two, albeit a wider one that has
some values that won't be sent to the actual clients.

This wider dictionary from MessageDict.wide_dict is also
used for the `feedback_messages` queue and service bot
queues.  Since the extra fields are possibly useful down
the road, and they'll just be ignored for now, we don't
bother to remove them.  Also, those queue processors won't
have access to `content_type`, which they shouldn't need.

Fixes #6947
2017-10-26 16:35:28 -07:00
Steve Howell df93a99b50 Cache only one row per message.
Before this change, we populated two cache entries for each
message that we sent.  The entries were largely redundant,
with the only difference being whether we sent the content
as raw markdown or as the rendered HTML.

This commit makes it so we only have one cache entry per
message, and it includes both content and rendered_content.

One legacy source on confusion here is that `content`
changes meaning when you're on the front end.  Here is the
situation going forward:

    database:
        content = raw
        rendered_contented = rendered

    cache entry:
        content = raw
        rendered_contented = rendered

    payload for the frontend:
        content = raw (for apply_markdown=False)
        content = rendered (for apply_markdown=True)
2017-10-26 16:35:28 -07:00
Steve Howell 0cef7c9fd5 Refactor: Extract get_client_info_for_message_event().
This removes some clutter from process_message_event, and it
makes process_message_event() a bit easier to test.
2017-10-26 16:35:28 -07:00
Steve Howell a50671165a tests: Add test_content_types(). 2017-10-26 15:47:44 -07:00
derAnfaenger 18e5bcbbb1 tests: Enable call_consume_in_tests for email mirror queue. 2017-10-26 14:53:27 -07:00
derAnfaenger 17949adf11 embedded bots: Add StateHandler remove() function. 2017-10-26 14:49:50 -07:00
Greg Price 27adbe8d79 subdomains: Clean up a use of various falsy values for the root domain.
This isn't a complete cleanup of the logic at this spot, but
at least the messy part that remains is now explicit.
2017-10-26 10:29:17 -07:00
Henrik Pettersson 2f52da7baa test_signup: extract InviteUserBase class
This is a refactor done in preparation for #1180
2017-10-25 16:32:04 -07:00
derAnfaenger 8680541912 embedded bots: Add message flow tests. 2017-10-25 16:13:37 -07:00
Abhijeet Kaur a88178afaf Embedded bots: Add support for creating embedded bots via the API.
Adds support to add "Embedded bot" Service objects. This service
handles every embedded bot.

Extracted from "Embedded bots: Add support to add embedded bots from
UI" by Robert Honig.

Tweaked by tabbott to be disabled by default.
2017-10-25 16:13:29 -07:00
derAnfaenger ce4ba9c178 bot services: Use call_consume_in_tests. 2017-10-25 15:56:12 -07:00
derAnfaenger 0d0c8fee7e embedded bots: Migrate StateHandler API to use get and put.
This moves away from handling a StateHandler object like a dict
and gives it the methods get, put, and contains.
2017-10-25 15:39:28 -07:00
derAnfaenger 34e3eb8c67 embedded bots: Rename state and state_handler to storage. 2017-10-25 15:39:28 -07:00
derAnfaenger cd600b8677 embedded bots: Add StateHandler marshaling functions. 2017-10-25 15:39:28 -07:00
Vishnu Ks 9314a7ac8b backends: Move EmailLogBackEnd to email_backends. 2017-10-25 14:35:12 -07:00
Steve Howell 14d2d4e506 Fix bug in flush_user_profile().
Every time we updated a UserProfile object, we were calling
delete_display_recipient_cache(), which churns the cache and
does an extra database hop to find subscriptions.  This was
due to saying `updated_fields` instead of `update_fields`.

This made us prone to cache churn for fields like UserProfile.pointer
that are fairly volatile.

Now we use the helper function changed().  To prevent the
opposite problem, we use all the fields that could invalidate
the cache.
2017-10-25 11:30:56 -07:00
Steve Howell 2387fa70af tests: Make test_people() more robust.
This test had a little bug, where we weren't actually
verifying `realm_bots` before, because we weren't using
`field` to look it up.

This commit fixes that bug and adds additional checks,
particularly for the recently added `realm_non_active_users'.
2017-10-25 11:18:30 -07:00
Steve Howell 305fe6106b Add `realm_non_active_users` data to initial payload.
We now add `realm_non_active_users` to the result of
`do_events_register` (and thus `page_params`).  It has
the same structure as `realm_users`, but it's for
non-active users.  Clients need data on non-active users
when they process old messages that were sent by those
users when they were active.  Clients can currently get
most of the data they need in the message events, but it
makes for ugly client code.

Fixes #4322
2017-10-25 11:18:30 -07:00
Steve Howell 769c741c7c refactor: Simplify event updates for `realm_users`.
We make a few things cleaner for populating `realm_users`
in `do_event_register` and `apply_events`:

    * We have a `raw_users` intermediate dictionary that
      makes event updates O(1) and cleaner to read.

    * We extract an `is_me` section for all updates that
      apply to the current user.

    * For `update` events, we do a more surgical copying
      of fields from the event into our dict.  This
      prevents us from mutating fields in the event,
      which was sketchy (at least in test mode).  In
      particular, this allowed us to remove some ugly
      `del` code related to avatars.

    * We introduce local vars `was_admin` and `now_admin`.

The cleanup had two test implications:

    * We no longer need to normalize `realm_users`, since
      `apply_events` now sees `raw_users` instead.  Since
      `raw_users` is a dict, there is no need to normalize
      it, unlike lists with possibly random order.

    * We updated the schema for avatar updates to include
      the two fields that we used to hackily delete from
      an event.
2017-10-25 11:18:30 -07:00
Shekh Ataul d239f77966 refactor: Replace mkdir_p functions with Python 3 builtin.
This didn't exist in Python 2, but it does in Python 3, so we get to
reap the rewards of dropping Python 2 support.

Fixes #7082.
2017-10-25 11:06:11 -07:00
Steve Howell 420ca5a470 tests: Test out-of-stream mentions. 2017-10-24 14:31:58 -07:00
Tim Abbott 3ee53d5de3 auth: Don't offer password reset links when useless.
If an organization doesn't have the EmailAuthBackend (which allows
password auth) enabled, then our password reset form doesn't do
anything, so we should hide it in the UI.
2017-10-24 12:07:43 -07:00
Tim Abbott d69c39cad1 ldap: Prevent useless password resets when email auth is not enabled.
While the passwords wouldn't do anything without email auth enabled
anyway, it's probably better not to have users be able to go through
the flow.
2017-10-24 12:07:43 -07:00
Tim Abbott b81bde3a90 ldap: Prevent creating accounts with Zulip/EmailAuthBackend passwords.
While our recent changing to hide /register means we don't need a nice
pretty error message here, eventually we'll want to clean up the error
message.

Fixes #7047.
2017-10-24 11:21:49 -07:00
Steve Howell b851020b1e Excluded topic-muted users from stream push notifications.
Fixes #7059
2017-10-23 17:26:15 -07:00
Steve Howell 78b1a8442b Add StreamTopicTarget.user_ids_muting_topic(). 2017-10-23 17:26:15 -07:00
Steve Howell 0263c857b3 tests: Add test_stream_recipient_info(). 2017-10-23 17:26:15 -07:00
Tim Abbott 145817d1e0 forms: Pass the realm into authenticate in OurAuthenticationForm.
Historically, we'd just use the default Django version of this
function.  However, since we did the big subdomains migration, it's
now the case that we have to pass in the subdomain to authenticate
(i.e. there's no longer a fallback to just looking up the user by
email).

This fixes a problem with user creation in an LDAP realm, because
previously, the user creation flow would just pass in the username and
password (after validating the subdomain).
2017-10-23 12:36:09 -07:00
Tim Abbott 4ecf781ed4 test_signup: Fix LDAP end-to-end tests accidentally using wrong backend.
Apparently, we were accidentally using the EmailAuthBackend in parts
of these tests.
2017-10-23 12:25:47 -07:00
Steve Howell a66409de2e tests: Add FetchQueriesTest.test_queries().
This new test solves the problem that when we
made changes to the page-load codepath in the past,
it's been hard to identify what new code caused
more database queries.  Now you can see query
counts broken out by event type.

This requires a small, harmless change to extract
an `always_want` function in `lib/events.py`.
2017-10-23 11:11:19 -07:00
Steve Howell c584289d11 tests: Count cache hits for page load. 2017-10-23 11:11:19 -07:00
Steve Howell 0e106a2488 Add client_gratavar support to GET /messages.
Clients fetching messages can now specify that they are able
to compute their avatar, and if they set client_gratavar to
True in the request (w/our normal encoding scheme), then the
backend will not compute it, and the payload will be smaller.

The fix starts with get_messages_backend.  The flag gets
passed down through these functions:

    * MessageDict.post_process_dicts.
    * MessageDict.set_sender_avatar.

We also fix up the callers for post_process_dicts to explicitly
pass in the client_gravatar path, but for now they all just hard
code the value to False.
2017-10-20 15:49:21 -07:00
Tim Abbott d1cb039c2c test_management_commands: Add check for expected system exit.
This was missed in the recent improvements to
send_webhook_fixture_message.
2017-10-20 09:16:38 -07:00
Tim Abbott 9b791acf50 test_push_notifications: Fix tests failing due to rebase.
message.triggers got recently renamed.
2017-10-19 18:34:28 -07:00
Maarten Rijke 841f02934d push_notifications: Add setting to redact content.
This commit adds a setting that toggles redacting content of push
notifications and replacing it with "***REDACTED***".
2017-10-19 18:16:06 -07:00
derAnfaenger 2e51d39d69 embedded bots: Add StateHandler tests. 2017-10-19 13:09:23 -07:00
derAnfaenger a2b7929b22 embedded bots: Alter tests to accept any class name.
Some bots have class names that differ from their module name,
e.g. `helloworld.py` vs. `HelloWorld`. Our tests should accept
all of these, as long as a handler class is present.
2017-10-19 13:09:23 -07:00
derAnfaenger 07703daf90 page_params: Add list of available embedded bots. 2017-10-19 10:37:55 -07:00
Rishi Gupta e7ba4c5168 emails: Send first welcome email right away.
I think an hour after signup is not the right time to try to get someone to
re-engage with a product.

This also makes the day1 email clearly a transactional email both in
experiencing the product and in the eyes of various anti-spam laws, and
allows us to remove the unsubscribe link.
2017-10-19 00:04:07 -07:00
Tim Abbott 85917a7269 subdomains: Improve support for using the root domain.
This modifies the realm creation form to (1) support a
realm_in_root_domain flag and (2) clearly check whether the root
domain is available inside check_subdomain_available before trying to
create a realm with it; this should avoid IntegrityErrors.
2017-10-18 23:38:55 -07:00
Tim Abbott 0bfcf2da41 subdomains: Don't compute realm_subdomain if not needed.
We were doing an unnecessary database query on every user registration
checking the availability of the user's subdomain, when in fact this
is only required for realm creation.
2017-10-18 23:05:15 -07:00
Umair Khan c14e9f3ae8 registration: Add LDAP tests. 2017-10-18 23:05:09 -07:00
Umair Khan 3d6715445a ldap: Fix test_registration_through_ldap.
Fixes #6663
2017-10-18 23:05:09 -07:00
Tim Abbott 642086ff65 subdomains: Pass whether root domain is available to registration.
This data is necessary to determine whether to offer the root domain
in the realm creation form.
2017-10-18 22:53:10 -07:00
Tim Abbott e98ca0714b notifications: Simplify how triggers are passed around.
This removes the utterly unnecessary `triggers` dict (which always was
a dict with exactly one value True) in favor of a single field,
'trigger'.

Inspired by Kunal Gupta's work in #6659.
2017-10-18 21:42:05 -07:00
derAnfaenger 02f50680cf test_messages.py: Switch misordered send_message parameters. 2017-10-18 11:55:11 -07:00
rht 691598a88b py3: Remove "from six.moves import range".
This is no longer required, since in Python 3, this is what the range
built-in does.
2017-10-17 23:28:14 -07:00
Tim Abbott 64cd0c2c5a notifications: Add failing test for push notifications on muted topics.
This is some pre-work as part of #7059.
2017-10-17 22:49:33 -07:00
Tim Abbott 024c27dd3e notifications: Fix sending push notifications on muted streams.
Apparently, the stream muting feature did not take priority over the
stream_push_notify feature.  This fixes that gap.

Fixes zulip/zulip-mobile#1314.
2017-10-17 22:38:54 -07:00
Tim Abbott d37820f39f tests: Fix test_message_edit_notifications.
This was broken in a minor way by my fix to #7031.
2017-10-17 22:12:32 -07:00
Alena Volkova 5515a075ec urls: Move the report endpoints to be API-style routes. 2017-10-17 22:05:56 -07:00
Tim Abbott 513b6d624f notifications: Fix double-sending in missedmessage_hook.
While the missedmessage_hook logic originally did a reasonably good
job of avoiding double-sending notifications, there was a corner case
it didn't handle, namely a user who had been presence-idle when a
message was sent and became also event-queue-idle as well within the
next 10 minutes.  For those users, they got a notification at message
send time, and the missedmessage_hook would deliver it a second time.

We fix this by just checking the conveniently available push_notified
and email_notified variables that indicate whether the message already
had a notification triggered.

Fixes #7031.
2017-10-17 21:54:03 -07:00
Steve Howell 33338f78e9 tests: Make test_bulk_message_fetching() more thorough.
We include the post-processing step when counting queries now.
2017-10-16 23:37:10 -07:00
Steve Howell d909355dc2 refactor: Move methods from models.py -> lib/messages.py.
Message.get_raw_db_rows is moved to MessageDict, since its
implementation details are highly coupled to other methods
in MessageDict.

And then sew_messages_and_reactions comes along for the
ride.

We eventually want to move Reaction.get_raw_db_rows to there
as well.
2017-10-16 23:37:10 -07:00
Steve Howell 3c6cc3d454 Defer deleting intermediate values in message dictionaries.
We're about to have multiple post-processing stages for building
message dictionaries.  Rather than having individual "hydration"
methods remove intermediate values, we just wait until the end.

This decouples the hyrdration steps.  The potentional problem
here is that we may have a field like sender_is_mirror_dummy
that isn't part of the final payload, but we need it for
calculating display recipients and avatars.  We don't want to
delete it too early from the objects.
2017-10-16 23:37:10 -07:00
Tim Abbott b5c107ed27 push_notifications: Remove unnecessary check for no devices.
This should have been checked by the caller anyway.
2017-10-13 17:30:20 -07:00
Tim Abbott 27a450b58d push_notifications: Improve error message for GCM sending issues.
This addresses one of the sources of confusion in #6993.
2017-10-13 17:30:11 -07:00
Umair Khan a48a86237d ldap: Change logging level to warning.
Fixes #6960.
2017-10-13 17:13:18 -07:00
Harshit Bansal 7d5bcf5534 notifications: Use lxml instead of hacky regexes to scrub inline images. 2017-10-13 16:13:58 +00:00
Harshit Bansal 8d42f42ef2 notifications: Correctly convert relative narrow links to absolute URLs. 2017-10-13 15:44:47 +00:00
Greg Price b095463f9b logging: Clear out the Django default config on logger `django`.
By default, Django sets up two handlers on this logger, one of them
its AdminEmailHandler.  We have our own handler for sending email on
error, and we want to stick to that -- we like the format somewhat
better, and crucially we've given it some rate-limiting through
ZulipLimiter.

Since we cleaned out our logging config in e0a5e6fad, though, we've
been sending error emails through both paths.  The config we'd had
before that for `django` was redundant with the config on the root --
but having *a* config there was essential for causing
`logging.config.dictConfig`, when Django passes it our LOGGING dict,
to clear out that logger's previous config.  So, give it an empty
config.

Django by default configures two loggers: `django` and
`django.server`.  We have our own settings for `django.server`
anyway, so this is the only one we need to add.

The stdlib `logging` and `logging.config` docs aren't 100% clear, and
while the source of `logging` is admirably straightforward the source
of `logging.config` is a little twisty, so it's not easy to become
totally confident that this has the right effect just by reading.
Fortunately we can put some of that source-diving to work in writing
a test for it.
2017-10-12 22:45:14 -07:00
Tim Abbott a466bf8a47 report: Fix handling of reports with no more_info. 2017-10-12 17:38:28 -07:00
Steve Howell e0bc1b114e Make sure mentions refer only to active users.
An active user can share the same full name as a deactivated
user.  We now only allow mention syntax to find users who are
activated.

Fixed #6978
2017-10-12 17:11:36 -07:00
Steve Howell a6c3621f55 Support client_gravatar in /json/users endpoint. 2017-10-12 14:00:41 -07:00
Steve Howell 1fc6a5febc Add get_avatar_field() function.
This function is designed to replace avatar_url() and
avatar_url_from_dict() over time.

There are a few things new about it:

    * We make the parameters more explicit, rather than
      passing in an opaque dictionary or requiring a
      UserProfile object.  (A lot of our callers want
      to use `values()` for efficiency sake, since we
      are often doing bulk user operations.)

    * We start to support the client_gravatar option.
2017-10-12 14:00:41 -07:00
Steve Howell f0194f1821 Reset client descriptors at the start of event tests.
Fixes #6958
2017-10-12 10:27:16 -07:00
Steve Howell 941f718b08 Move tutorial code out of EventsRegisterTest.setUp.
Now we only run this code for the single test that needs
this setup.
2017-10-12 09:44:01 -07:00
Tim Abbott 66a3f514d4 zilencer: Remove long-obsolete Deployment model.
This was a precursor to RemoteZulipServer, which is no longer used for
anything, and was cluttering the codebase.
2017-10-11 23:48:01 -07:00
Robert Hönig e749deb136 onboarding: Add welcome-bot response to initial user message.
Fixes #6030.
2017-10-11 20:45:42 -07:00
derAnfaenger 5ddc336844 tests: Add welcome bot as user. 2017-10-11 20:45:42 -07:00
Greg Price 55426894cd errors: Force a super-simpler handler for 400 errors.
This works around a bug in Django in handling the error case of a
client sending an inappropriate HTTP `Host:` header.  Various
internal Django machinery expects to be able to casually call
`request.get_host()`, which will attempt to parse that header, so an
exception will be raised.  The exception-handling machinery attempts
to catch that exception and just turn it into a 400 response... but
in a certain case, that machinery itself ends up trying to call
`request.get_host()`, and we end up with an uncaught exception that
causes a 500 response, a chain of tracebacks in the logs, and an email
to the server admins.  See example below.

That `request.get_host` call comes in the midst of some CSRF-related
middleware, which doesn't even serve any function unless you have a
form in your 400 response page that you want CSRF protection for.
We use the default 400 response page, which is a 26-byte static
HTML error message.  So, just send that with no further ado.

Example exception from server logs (lightly edited):

  2017-10-08 09:51:50.835 ERR  [django.security.DisallowedHost] Invalid HTTP_HOST header: 'example.com'. You may need to add 'example.com' to ALLOWED_HOSTS.
  2017-10-08 09:51:50.835 ERR  [django.request] Internal Server Error: /loginWithSetCookie
  Traceback (most recent call last):
    File ".../django/core/handlers/exception.py", line 41, in inner
      response = get_response(request)
    File ".../django/utils/deprecation.py", line 138, in __call__
      response = self.process_request(request)
    File ".../django/middleware/common.py", line 57, in process_request
      host = request.get_host()
    File ".../django/http/request.py", line 113, in get_host
      raise DisallowedHost(msg)
  django.core.exceptions.DisallowedHost: Invalid HTTP_HOST header: 'example.com'. You may need to add 'example.com' to ALLOWED_HOSTS.

  During handling of the above exception, another exception occurred:

  Traceback (most recent call last):
    File ".../django/core/handlers/exception.py", line 109, in get_exception_response
      response = callback(request, **dict(param_dict, exception=exception))
    File ".../django/utils/decorators.py", line 145, in _wrapped_view
      result = middleware.process_view(request, view_func, args, kwargs)
    File ".../django/middleware/csrf.py", line 276, in process_view
      good_referer = request.get_host()
    File ".../django/http/request.py", line 113, in get_host
      raise DisallowedHost(msg)
  django.core.exceptions.DisallowedHost: Invalid HTTP_HOST header: 'example.com'. You may need to add 'example.com' to ALLOWED_HOSTS.
2017-10-11 20:43:36 -07:00
Tim Abbott 676a6af8cb push_notifications: Get back to 100% test coverage.
We didn't have tests for a few new code paths.
2017-10-11 20:17:27 -07:00
Tim Abbott 298c59f7fd push_notifications: Fix error message for unregistered bouncer.
Previously, we were just returning a JSON error to the client, when it
was a server problem.

Fixes #6639.
2017-10-11 19:09:24 -07:00
Tim Abbott 9e2e344937 report: Fix missing test coverage on draft sanitization. 2017-10-11 18:43:39 -07:00
Steve Howell 9ecf41980c Remove message.is_mentioned in message events.
This field would get overwritten with an improper value when
we looped over multiple clients, due to not making full copies
of the message dictionary.  This failure would be somewhat
random depending on how clients were ordered in the loop.

The only consumers of this field were the mobile app and the
apply-events-to-unread-counts logic.  Both of these will now
use `flags` instead.
2017-10-11 16:55:34 -07:00
Steve Howell fed972d1fb Fix bug with applying message events to unread counts.
The `is_mentioned` flag in message events was buggy.  We now
look directly at flags.

We will kill off `is_mentioned` in a subsequent commit.

We also remove some debugging code in the test that was failing
before this fix.  The test would only fail when `is_mentioned`
was wrong, which never happened when you ran a single test, and
which would happen randomly when you ran multiple tests.
2017-10-11 16:55:34 -07:00
Steve Howell a6ad9a6d7c Add is_zephyr to the Stream model.
Add this field to the Stream model will prevent us from having
to look at realm data for several types of stream operations, which
can be prone to either doing extra database lookups or making
our cached data bloated.

Going forward, we'll set stream.is_zephyr to True whenever the
realm's string id is "zephyr".
2017-10-11 16:15:56 -07:00
Steve Howell 7c726a5e77 Remove sender names from the message cache.
This removes sender names from the message cache, since
they aren't guaranteed to be valid, and they're inexpensive
to add.

This commit will make the message cache entries smaller
by removing sender___full_name and sender__short_name
fields.

Then we add in the sender fields to the message payloads
by doing a query against the unique sender ids of the
messages we are processing.

This change leads to 2 extra database hops for most of
our message-related codepaths.  The reason there are 2 hops
instead of 1 is that we basically re-calculate way too
much data to get a no-markdown dictionary.
2017-10-11 11:37:16 -07:00
Steve Howell 3910448b1d Extract MessageDict.post_process_dicts().
Introduce MessageDict.post_process_dicts() will allow us
the ability to do the following:

    * use less memory in the cache for repeated data
    * prevent cache invalidation
    * format data according to different client needs

The first use of this function is pretty inconsequential, but
it sets us up for more consequential changes.

In this commit we defer the MessageDict.hydrate_recipient_info
step until after we pull data out of the cache.  This impacts
cache size as follows:

    * streams - negligibly bigger
    * PMs/huddles - slimmer due to not needing to repeat
                    sender data like email/full_name

Again, the main point of this change is to start setting up
the infrastructure to do post-processing.
2017-10-11 11:37:16 -07:00
Steve Howell 6bf43e6332 refactor: Extract MessageDict.hydrate_recipient_info().
This is a first step to eventually slimming the message cache,
but there are still some moving parts there to be worked through.

The more immediate benefit of extracting this function is that
we can put tests on it.  Also, it isolates some functionality
that may go away as our clients gets smarter.
2017-10-11 11:37:16 -07:00
Alena Volkova 79560e21bf urls: Move the json/tutorial_status endpoint to be an API-style route. 2017-10-09 15:13:33 -07:00
Alena Volkova 0e653d198d test_decorators: Replace the json/tutorial_status endpoint in tests.
This endpoint is about to become an API-style route and have the legacy
decorator removed from its view. The json/fetch_api_key endpoint will be
used in tests instead of it.
2017-10-09 15:13:33 -07:00
Steve Howell 75db4f5187 Avoid O(N) query pitfall for /users endpoint.
We now use a `.values` query to get just the fields we need
in order to fulfill '/json/users' requests.

The main benefit is that we don't do O(N) queries for bot
owners, but we also have less data on UserProfile to process.
2017-10-09 14:08:07 -07:00
Steve Howell f87159ad98 Flush standard output in match_states(). 2017-10-09 12:23:49 -07:00
Harshit Bansal 3acaa79336 reactions.py: Don't check for valid emoji name while removing reaction.
On receiving a request for deleting a reaction, just check if such
a reaction exists or not. If it exists then just delete the reaction
otherwise send an error message that such a reaction doesn't exist.
It doesn't make sense to check whether an emoji name is valid or not.
2017-10-09 17:54:37 +00:00
Tim Abbott 9cf26db6db test_management_commands: Fix send_webhook_fixture_message test.
I unfortunately didn't remember this could have a test.
2017-10-08 21:20:35 -07:00
Steve Howell 12e65eb21c Use stream ids in various tests.
This commit prepares us to introduce a StreamLite class. For
these tests, we don't care about the actual contents of the
Stream, just the right stream is there.
2017-10-08 20:18:34 -07:00
Greg Price a116303604 passwords: Express the quality threshold as guesses required.
The original "quality score" was invented purely for populating
our password-strength progress bar, and isn't expressed in terms
that are particularly meaningful.  For configuration and the core
accept/reject logic, it's better to use units that are readily
understood.  Switch to those.

I considered using "bits of entropy", defined loosely as the log
of this number, but both the zxcvbn paper and the linked CACM
article (which I recommend!) are written in terms of the number
of guesses.  And reading (most of) those two papers made me
less happy about referring to "entropy" in our terminology.
I already knew that notion was a little fuzzy if looked at
too closely, and I gained a better appreciation of how it's
contributed to confusion in discussing password policies and
to adoption of perverse policies that favor "Password1!" over
"derived unusual ravioli raft".  So, "guesses" it is.

And although the log is handy for some analysis purposes
(certainly for a graph like those in the zxcvbn paper), it adds
a layer of abstraction, and I think makes it harder to think
clearly about attacks, especially in the online setting.  So
just use the actual number, and if someone wants to set a
gigantic value, they will have the pleasure of seeing just
how many digits are involved.

(Thanks to @YJDave for a prototype that the code changes in this
 commit are based on.)
2017-10-08 15:48:44 -07:00
Steve Howell 3e6bfe1b23 Use user_ids, not emails, for bulk stream operations.
We now return user_ids for subscribers to streams in add-stream
events.  This allows us to eliminate the UserLite class for
both bulk adds and bulk removes.  It also simplifies some JS
code that already wanted to use user_ids, not emails.

Fixes #6898
2017-10-08 12:31:12 -07:00
Steve Howell 10a30bece1 Rename presence_idle_userids -> presence_idle_user_ids. 2017-10-07 12:16:45 -07:00
Harshit Bansal 7b88e3eea7 tests: Add a test suite for verifying the mobile push notifs content.
This test suite works by using the expected_output and new text_output
fields in the bugdown test cases to verify that each syntax is
correctly translated by this new function.

Some of these translations, like strikethrough, are kinda poor; but
this framework should make it easy to iterate on the formatting.

Fixes: #6720.
2017-10-06 16:47:27 -07:00
Harshit Bansal 5a6584890d push_notifications: Start using `get_mobile_push_content()` function. 2017-10-06 16:47:25 -07:00
Tim Abbott 234f7960a1 tests: Add @slow decorator to various methods needing it.
Also, fix the test_message_editing test having way too many cases.

Fixes #1478.
2017-10-06 15:45:04 -07:00
Tim Abbott 0d7617721c test_messages: Clean up some slow tests.
One isn't actually slow; the other was doing something wasteful.
2017-10-06 15:44:17 -07:00
Tim Abbott d5c2508858 tests: Remove unnecessary @slow decorators.
This is part of addressing #1478.
2017-10-06 15:17:34 -07:00
Steve Howell d2966ae5d4 minor: Fix missing "not" in comment. 2017-10-06 14:08:41 -07:00
Tim Abbott 73e1c26c15 test_events: Add missing nocoverage tag on debugging code. 2017-10-06 13:59:26 -07:00
Steve Howell ad521a0e07 minor: Add debugging statement to test.
This test is flaky for some unknown reason, so we print
out the loop index in case the test fails.
2017-10-06 13:56:37 -07:00
Steve Howell a99574ebf0 tests: Make apply-events tests easier to debug.
It's fairly difficult to debug tests that use
EventsRegisterTest.do_test, and when they fail on
Travis, it's particularly challengning.  Now we make
the main diff less noisy, and we also include
the events that were applied.
2017-10-06 13:56:36 -07:00
derAnfaenger 747c283180 lint: Replace `pk` with `id` where they are equivalent. 2017-10-06 12:52:12 -07:00
Tim Abbott 0c44310009 tests: Don't use caching session engine in tests.
Because we run tests in parallel, the caching session engine can lead
to nondeterministic failures.
2017-10-06 12:22:20 -07:00
Tim Abbott fe6a04cbdb Revert "locale: Fix incorrect locale name for zh-Hans."
This reverts commit ba8dc62132.

As best I can tell, the old configuration was correct for what Django
wanted.  Further testing is required, but this at least brings
.tx/config to match the actual filenames; I think our Chinese
translations have been broken until now.
2017-10-06 10:09:08 -07:00
Tim Abbott 1a9adbbe70 test_signup: Fix test for login page redirect.
I forgot to update this in 43bba27e5d.
2017-10-05 23:36:33 -07:00
Tim Abbott 313083484a test_i18n: Remove zh-hans tests for now. 2017-10-05 23:33:12 -07:00
Umair Khan 6fbf41bdbc queue: Add test for signups retry logic. 2017-10-05 23:14:19 -07:00
Umair Khan b464fd7643 makemessages: Change type of translation_strings to List.
In the code this variable is only used as a list, however, we
create it as dictionary which uses more memory.
2017-10-05 22:44:34 -07:00
Alena Volkova 21bc0e845c urls: Delete the json/tutorial_send_message endpoint.
This endpoint is part of the old tutorial, which we've removed, and
has some security downsides as well.

This includes a minor refactoring of the tests.
2017-10-05 15:41:57 -07:00
Tim Abbott e1eb91343b zephyr: Update path to process_cache for repository split.
This should have been done long ago, but better late than never.
2017-10-05 12:35:20 -07:00
Rishi Gupta 0596c4a810 analytics: Enforce various datetime arguments are in UTC.
Sort of a hacky hammer, but
* The original design of the analytics system mistakenly attempted to play
  nicely with non-UTC datetimes.
* Timezone errors are really hard to find and debug, and don't jump out that
  easily when reading code.

I don't know of any outstanding errors, but putting a few "assert this
timezone is in UTC" around will hopefully reduce the chance that there are
any current or future timezone errors.

Note that none of these functions are called outside of the analytics code
(and tests). This commit also doesn't change any current behavior, assuming
a database where all datetimes have been being stored in UTC.
2017-10-05 11:22:06 -07:00
Rishi Gupta 0c2b4d22a7 analytics: Convert datetimes coming from the API into UTC.
Previously, entering a non-UTC end time for a daily stat would give you
incorrect results. This is because:
* All daily stats are collected at and have end_times in the database in
  midnight UTC.
* For daily stats, time_range returns a list of datetimes at midnight in the
  timezone of its end argument. These datetimes are the only ones we look
  for when looking for rows corresponding to the stat in the database.
* Previously, we passed on the end argument from the API to time_range,
  without modification.
2017-10-05 11:22:06 -07:00
Steve Howell d6e21b5ca9 Collect sender_ids (by topic) in `unread_msgs`.
This will allow the mobile app to say "A, B, and C are
talking" in the topic views.
2017-10-05 10:37:15 -07:00
Steve Howell e56084fcf7 Simplify how we apply events for unread messages.
The logic to apply events to page_params['unread_msgs'] was
complicated due to the aggregated data structures that we pass
down to the client.

Now we defer the aggregation logic until after we apply the
events.  This leads to some simplifications in that codepath,
as well as some performance enhancements.

The intermediate data structure has sets and dictionaries that
generally are keyed by message_id, so most message-related
updates are O(1) in nature.

Also, by waiting to compute the counts until the end, it's a
bit less messy to try to keep track of increments/decrements.
Instead, we just update the dictionaries and sets during the
event-apply phase.

This change also fixes some corner cases:

    * We now respect mutes when updating counts.
    * For message updates, instead of bluntly updating
      the whole topic bucket, we update individual
      message ids.

Unfortunately, this change doesn't seem to address the pesky
test that fails sporadically on Travis, related to mention
updates.  It will change the symptom, slightly, though.
2017-10-05 09:42:20 -07:00
Steve Howell c567f105c9 Have topic_is_muted take a stream_id.
This function doesn't need a full Stream object to detect
whether a stream is muted, so we can save future callers
from doing unnecessary DB fetches.
2017-10-05 09:32:16 -07:00
Harshit Bansal ef35e6ac3f reactions: Switch to using `name_to_codepoint`.
Instead of using `unified_reactions` mapping start using
`name_to_codepoint` mapping for converting emoji name to
codepoints. We were using `unified_reactions` mapping
because prior to emoji web PR `name_to_codepoint` mapping
was generated using emoji_map.json which contained old
codepoints but for reactions new codepoints were required
to display them using sprite sheets.
2017-10-04 23:09:14 -07:00
Vishnu Ks eef72a98e4 backends: Create custom email backend EmailLogBackEnd.
Create a new custom email backend which would automatically
logs the emails that are send in the dev environment as
well as print a friendly message in console to visit /emails
for accessing all the emails that are sent in dev environment.
Since django.core.mail.backends.console.EmailBackend is no longer
userd emails would not be printed to the console anymore.
2017-10-04 08:20:29 -07:00
Vishnu Ks 4c2e787ffc emails: Redirect to /emails after generating emails. 2017-10-04 08:20:29 -07:00
kunall17 f091823fc8 push_notifications: Set APNS badge as 0 for now.
We don't yet have support for tracking the number of open APNS
notifications server-side, so setting this to 0 will at least avoid
confusing users.
2017-10-03 17:07:49 -07:00
Steve Howell aae0b2a826 Notify offline users about edited stream messages.
We now do push notifications and missed message emails
for offline users who are subscribed to the stream for
a message that has been edited, but we short circuit
the offline-notification logic for any user who presumably
would have already received a notification on the original
message.

This effectively boils down to sending notifications to newly
mentioned users.  The motivating use case here is that you
forget to mention somebody in a message, and then you edit
the message to mention the person.  If they are offline, they
will now get pushed notifications and missed message emails,
with some minor caveats.

We try to mostly use the same techniques here as the
send-message code path, and we share common code with the
send-message path once we get to the Tornado layer and call
maybe_enqueue_notifications.

The major places where we differ are in a function called
maybe_enqueue_notifications_for_message_update, and the top
of that function short circuits a bunch of cases where we
can mostly assume that the original message had an offline
notification.

We can expect a couple changes in the future:

    * Requirements may change here, and it might make sense
      to send offline notifications on the update side even
      in circumstances where the original message had a
      notification.

    * We may track more notifications in a DB model, which
      may simplify our short-circuit logic.

In the view/action layer, we already had two separate codepaths
for send-message and update-message, but this mostly echoes
what the send-message path does in terms of collecting data
about recipients.
2017-10-03 15:57:06 -07:00
Tim Abbott 654562b942 check_message: Reject null bytes in message content.
Postgres doesn't like them, we don't have an obvious way to escape
them, and they tend to be sent by buggy tools where it'd be better for
the user to get an error.

This fixes a 500 we were getting occasionally.
2017-10-03 15:32:04 -07:00
Cynthia Lin cfeb125624 zerver: Block access to subdirectories when visiting user docs articles.
Fixes #6770
2017-10-03 11:16:09 -07:00
Umair Khan d95d34a66a Retry email failures in missed-message emails queue.
Fixes #6518.
2017-10-03 10:35:07 -07:00
Tim Abbott 7581e0e1c5 settings: Remove remaining references to REALMS_HAVE_SUBDOMAINS. 2017-10-02 16:43:54 -07:00
Tim Abbott 1d72629dc4 subdomains: Hardcode REALMS_HAVE_SUBDOMAINS=True. 2017-10-02 16:42:43 -07:00
Tim Abbott 95a0a4a06f subdomains: Update AuthBackendTest for subdomains always on.
This is separate from the main subdomains commit mainly for
readability of the history.
2017-10-02 16:32:11 -07:00
Tim Abbott 26a5332828 subdomains: Update some tests to run with subdomains.
Specifically, our request middleware adds an extra database query for
these code paths, to verify whether the subdomain is valid.
2017-10-02 16:32:11 -07:00
Tim Abbott 13bb546ddd subdomains: Hardcode can_add_realm_domains=True.
It was already always True if REALMS_HAVE_SUBDOMAINS, and now that's
the only supported configuration.
2017-10-02 16:32:10 -07:00
Tim Abbott 66658bbf25 subdomains: Hardcode REALMS_HAVE_SUBDOMAINS in API docs. 2017-10-02 16:32:10 -07:00
Tim Abbott 262a0692ab subdomains: Delete completely_open helper function.
We no longer use this anyway.
2017-10-02 16:32:10 -07:00
Tim Abbott e6f8032972 subdomains: Remove get_unique_open_realm code paths.
Since we no longer support !REALMS_HAVE_SUBDOMAINS in production,
these no longer make sense.
2017-10-02 16:32:10 -07:00
Tim Abbott 99e4ceebd4 test_auth_backends: Extract REALMS_HAVE_SUBDOMAINS overrides.
This will make the diff a lot smaller when we hardcode
REALMS_HAVE_SUBDOMAINS=True.
2017-10-02 16:32:09 -07:00
Tim Abbott bd066fe0f1 test_subdomain_restrictions: Update to assume subdomains. 2017-10-02 15:32:39 -07:00
Steve Howell 2be713a7e4 Rename get_userids_for_missed_messages().
We rename this function to get_active_presence_idle_userids().
2017-10-02 15:19:28 -07:00
Steve Howell e660428c21 Rename missed_message_userids to presence_idle_userids. 2017-10-02 15:19:28 -07:00
Tim Abbott e5592fe89f test_signup: Remove REALMS_HAVE_SUBDOMAINS check.
This test actually is just as correct with
REALMS_HAVE_SUBDOMAINS=True.
2017-10-02 13:50:07 -07:00
Tim Abbott 9622da6b16 test_signup: De-inline REALMS_HAVE_SUBDOMAINS=True checks.
These are now just declarations at the top of functions.
2017-10-02 13:50:06 -07:00
Tim Abbott edc10e8f51 test_decorators: de-inline REALMS_HAVE_SUBDOMAINS with statements.
This will significantly shrink the diff when we toggle
REALMS_HAVE_SUBDOMAINS soon.
2017-10-02 13:49:53 -07:00
Tim Abbott 5a27a4cf1c decorator: Improve wrong-subdomain logging output.
Often, it's helpful to see both values in errors.
2017-10-02 13:31:20 -07:00
Vishnu Ks 6b9755c854 email_log: Make generate_email work with subdomains.
This fixes one of our last few test failures with
REALMS_HAVE_SUBDOMAINS.
2017-10-02 12:27:27 -07:00
Tim Abbott 6327f30c76 test_decorators: Remove test_login_deactivated_realm.
This test was a duplicate of test_login_deactivated in LoginTest.
2017-10-02 11:42:15 -07:00
derAnfaenger d1afab7199 Replace deprecated Logging.warn calls with Logging.warning. 2017-10-02 11:11:42 +02:00
Tim Abbott 7d63928fe1 test_signup: Update deactivate realm tests for subdomains.
We add a new test to make sure we cover the potential race condition
with the realm being deactivated after starting the registration
process.
2017-10-01 23:52:08 -07:00
Tim Abbott 651b1882e6 test_outgoing_webhook_system: Set REALMS_HAVE_SUBDOMAINS=True. 2017-10-01 22:47:15 -07:00
Umair Khan 69ccc8ce0e ldap: Show helpful message when realm is None. 2017-09-30 10:18:25 -07:00
Robert Hönig 9d4bffb59d outgoing webhook: Make exception handling more granular and verbose.
Fixes #6127.
2017-09-30 10:14:28 -07:00
Harshit Bansal 5b5bcce098 emoji: Migrate bugdown emoji to use sprite sheets.
This commit switches to use sprite sheets for rendering emojis
in all the remaining places, i.e., message bodies and composebox
typeahead. This commit also includes some changes to notifications.py
file so that the spans used for rendering emojis can be converted
to corresponding image tags so that we don't break the emoji rendering
in missed message emails since we can't use sprite sheets there.

As part of switching the bugdown system to use sprite sheets, we need
to switch the name_to_codepoint mappings to match the new sprite
sheets.  This has the side effect of fixing a bunch of emoji like
numbers and flag emoji in the emoji pickers.

Fixes: #3895.
Fixes: #3972.
2017-09-29 11:14:34 -07:00
Greg Price e0a5e6fade logging: Explain quirks of Python logging config, and apply a style.
This should make it a little easier to understand our logging config
and make changes to it with confidence.

Many of these items that are now redundant used to be required when we
were setting disable_existing_loggers to True (before 500d81bf2), in
order to exempt those loggers from being cleared out.  Now they're not.

One bit of test code needed a tweak to how it got its hands on the
AdminZulipHandler instance; it can do it from the list on the root
logger just as well as on the `django` logger.
2017-09-28 18:26:39 -07:00
Greg Price f129dc4f72 LDAP: Restore an except clause and add test to cover it.
Most of the paths leading through this except clause were cut in
73e8bba37 "ldap auth: Reassure django_auth_ldap".  The remaining one
had no test coverage -- the case that leads to it had a narrow unit
test, but no test had the exception actually propagate here.  As a
result, the clause was mistakenly cut, in commit
8d7f961a6 "LDAP: Remove now-impossible except clause.", which could
lead to an uncaught exception in production.

Restore the except clause, and add a test for it.
2017-09-28 18:26:39 -07:00
Greg Price 7b8f725707 APNs: Accept 1.6-format payloads in bouncer.
This is just enough of a quick fix to work with a stock Zulip 1.6
server.  We should really also make this robust to arbitrary input
from the remote Zulip server, even though it'll be a little tedious.
2017-09-28 10:01:16 -07:00