Commit Graph

46143 Commits

Author SHA1 Message Date
Sahil Batra 74294ae602 stream_settings: Extract function to set title in right column.
This is a prep commit such that we can use this function to
live-update the title.
2022-01-28 11:39:15 -08:00
Sahil Batra 12efde8a51 stream-settings: Refactor code to pass sub object to title template.
This commit refactors the code to directly pass sub object to
selected_stream_title template instead of passing name, is_web_public
and invite_only as different parameters.
2022-01-28 11:39:15 -08:00
Aman Agrawal 5688d8b0df scroll_bar: Remove unnessary adjustment of keyboard icon.
Since the keyboard icon is not associated with scrollbar, we
can just have a fixed margin-right for it.
2022-01-28 09:50:27 -08:00
Aman Agrawal b0dd063bb8 scroll_bar: Simplify module.
The content which is scrollable is moved left by the width of the
scrollbar when scrollbar is visible. The navbar, floating recipient bar
and composebox doesn't move. We reduce their width by scrollbar width
to adjust for the reduced width of the scrollable content.

Since floating recipient bar is center aligned (with margin: 0 auto)
we also have to move left by half the scrollbar width.

Group css classes having the same value being assigned together. This
makes the code easier to understand.
2022-01-28 09:50:27 -08:00
Lauryn Menard 1cbfa7e672 docs: Update gsoc "how to" guide to use contributor vs student.
Updates `docs/contributing/summer-with-zulip.md` to use
contributor, instead of student, due to changes in gsoc
eligibility and terminology.
2022-01-28 09:47:57 -08:00
N-Shar-ma 4219f9bdf8 compose: Align blue selection properly in Drafts.
Added a negative `outline-offset` of the same width as the grey border
for the blue selection outline around the `draft-info-box`.

This removes the gap between the blue box in the active state, while
the unselected `draft-info-box`es look the same as before, with a grey
border.

Fixes: #20950.
2022-01-28 09:15:28 -08:00
Lauryn Menard 0499af583d api_docs: Have user settings with enum integers use schema keyword.
There are three user settings that are integer enums:
`color_scheme`, `demote_inactive_streams` and
`desktop_icon_count_displays`.

Unlike the other user settings, these were using the `content`
keyword instead of the `schema` keyword in their definitions,
which caused them not to be rendered correctly in the api
documentation.

Changes the keyword to `schema` and fixes the indentation
for these three user settings in the two endpoints using
them.
2022-01-28 08:33:49 -08:00
Lauryn Menard 44c86d823a api_docs: Remove unnecessary quotation marks in openapi arrays.
Removes various instances of quotation marks that are not needed,
specifically looking at instances of arrays, e.g. `- "`, in the
OpenAPI documentation.
2022-01-28 08:31:24 -08:00
Aman Agrawal 38e044173d login_to_access: Remove icons for login buttons.
They don't serve the purpose of adding clarity to button.
2022-01-28 08:30:56 -08:00
Alya Abbott 6ee09e6290 developer docs: Address PR feedback. 2022-01-28 08:29:40 -08:00
Alya Abbott c390d10fb3 developer docs: Extend contributor guide.
Covers why someone's PR might not be merged right away.
2022-01-28 08:29:40 -08:00
Mateusz Mandera 4102816240 upload: Pass the target realm to create_attachment.
The target realm was not being passed to create_attachment in
upload_message_file implementations. This was a bug in the edge-case of
cross-realm messages - in particular, causing a bug in the email
gateway:
When an email with an attachment is sent, the message is mirrored to
Zulip with Email Gateway Bot as the message sender and uploader of the
attachment. Due to the realm not being passed to create_attachment, the
Attachment would get created with .realm being the system bot realm,
making the attachment inaccessible under some conditions due to failing
the following condition check (that's expected to pass, provided that
the .realm is set correctly):
```
    if (
        attachment.is_realm_public
        and attachment.realm == user_profile.realm
        and user_profile.can_access_public_streams()
    ):
        # Any user in the realm can access realm-public files
        return True
```
2022-01-27 17:23:44 -08:00
Lauryn Menard a832a8a3af api_docs: Fix enum strings in parameters to have quotes.
Fixes the rendering of enums to show strings with quotation marks,
while integers will continue to be rendered without quotation marks.

This allows for an empty string to be passed as an enum value and be
rendered as such in the documentation. Null will be rendered without
quotation marks, like integer values.
2022-01-27 13:03:20 -08:00
Sahil Batra 5e506a833f actions: Use transaction.atomic for do_change_avatar_fields. 2022-01-27 10:33:55 -08:00
Sahil Batra a2df7470d5 actions: Use transaction.atomic for do_change_realm_plan_type. 2022-01-27 10:33:55 -08:00
Sahil Batra f5ea13eea8 actions: Use transaction.atomic for do_change_user_delivery_email. 2022-01-27 10:33:55 -08:00
Steve Howell 576b966edc search suggestions: Add comment about server history. 2022-01-27 10:19:07 -08:00
Steve Howell eb2bf77212 search suggestions: Find older topics.
We no longer limit our list of candidate topics
to 300.

We continue to limit the topic results to 10, since
we don't want to overwhelm users or crowd out
non-topic-related suggestions.

We try to handle this is an efficient manner.
2022-01-27 10:19:07 -08:00
Lauryn Menard aaa627229e api: Update `update_message` event required fields.
Makes `edit_timestamp` and `user_id` required fields for all
`update_message` events.

Adds `rendering_only` as another required field to signal if
events are only updating the rendered content of the message,
which is currently the case for adding inline url previews.

Updates `test_event.py` so that `do_update_message` and
`do_update_embedded_data` refer to the same testing schema
for `update_message` events, and therefore reflect the same
required fields for the `update_message` event.

The OpenAPI definition for `update_message` events is also
updated to reflect the required field and descriptions of
various properties are updated for the addition of the
`rendering_only` property.
2022-01-26 13:11:26 -08:00
Lauryn Menard 7077871111 api_documentation: Update rate limit error description.
Moves details about the rate limit error object and handling to
the OpenAPI documentation description for that common error.

Previously, this information was on the general rest error
handling documentation page without clear connection to the
specific rate limit error.

Fixes a typo in the changelog (feature 36) for that same error
and also fixes a misplaced colon in the description of the error
for missing request parameters.
2022-01-26 12:51:02 -08:00
Sahil Batra 7265a76fc6 stream-settings: Show icon according to in the right column title.
We were showing # for all types of streams in the title at the top
in the right column of stream settings overlay. This commit fixes
it to show globe icon for web-public streams and lock icon for
private streams.
2022-01-26 12:50:05 -08:00
Sahil Batra e26de17ee1 stream-settings: Add space between # and stream name in title.
This commit adds space between # and the stream name appearing
at the top in right column in stream settings overlay.
2022-01-26 12:50:05 -08:00
Alex Vandiver 2066860ab6 start-server: Start auxiliary services, if they exist.
Services like go-camo and smokescreen are not stopped in stop-server,
since they are upgraded and restarted by puppet application.  As such,
they also do not appear in start-server, despite the server relying on
them to be running to function properly.

Ensure those services are started, by starting them in start-server,
if they are configured in supervisor on the host.
2022-01-26 12:39:54 -08:00
Alex Vandiver 88c3f560ae supervisor: Add a filter for only(-not)-running. 2022-01-26 12:39:54 -08:00
Alex Vandiver 7243c3c73d scripts: Re-implement list_supervisor_processes using API. 2022-01-26 12:39:54 -08:00
Alex Vandiver 8e35cdb3da scripts: Add a supervisor package, to use the XMLRPC Supervisor API.
For many uses, shelling out to `supervisorctl` is going to produce
better error messages.  However, for instances where we wish to parse
the output of `supervisorctl`, using the API directly is less brittle.
2022-01-26 12:39:54 -08:00
Anders Kaseorg be7108ebca docs: Suggest running reindex-textual-data in the venv manually.
Until the previous commit makes its way into a release, we can
document this workaround.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-26 11:56:30 -08:00
Anders Kaseorg aec6cd4cdb reindex-textual-data: Find psycopg2 in the virtualenv.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-26 11:56:30 -08:00
Lauryn Menard fee7c5712f api_docs: Fix small typos in organizational role description.
Fixes two small typos in the description of the `role` value
returned from the `/get-own-user` endpoint.
2022-01-26 10:36:51 -08:00
Ashwat Kumar Singh 563b06ee08
stream_settings: Make disabled tab look disabled in dark mode.
Make disabled tabs look disabled in dark mode by adding color
to ".ind-tab.disabled" in "dark_theme.css".

Fixes #20917.
2022-01-26 04:11:47 -08:00
Anders Kaseorg 0cc4b180b7 requirements: Downgrade libcst.
The new version is a native extension and is missing binary wheels for
64-bit ARM.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-25 19:43:03 -08:00
Anders Kaseorg 8332732d54 requirements: Add hashes for additional orjson wheels.
Fixes #20911.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-25 19:43:03 -08:00
Alex Vandiver 157cbca1e0 corporate: Fix links for move in c4eede68d6. 2022-01-25 19:00:44 -08:00
Lauryn Menard c4eede68d6 docs: Rename `user.md` to `helpcenter.md`.
Renames `/docs/documentation/user.md` to reflect the rebranding
from "user documentation" to "help center documentation".

Also, fixes any linking in the docs to that file.
2022-01-25 18:42:04 -08:00
Lauryn Menard 8f7f486061 docs: Expand help center guide for updating existing articles.
Adds a section on updating existing help center articles to
the guide for writing help center documentation.
2022-01-25 18:42:04 -08:00
Lauryn Menard 784f923dda documentation: Update tutorial for writing help center documentation.
Updates the tutorial for writing help center articles to encourage
contributors to add to or enhance the existing help center docs
before writing a new articles for new features.

Also, generally updates references to 'user documentation' to be
'help center documentation'.

Additionally, updates some headers within the tutorials for clarity
and consistency, and adds some linkifying throughout the section on
writing documentation.
2022-01-25 18:42:04 -08:00
N-Shar-ma 048c9b99e3 compose: Add format hinting for polls.
Added a placeholder key to the polls slash command object. This is
selected and highlighted after being typed ahead in the compose box.
For slash commands without placeholder, everything works as before.

Formatting hints can easily be added for other slash commands too,
by adding a placeholder key to their object.

Fixes part of #20868
2022-01-25 18:12:42 -08:00
Sharif Naas d560d124a3 python: Replace string concatenations with f-strings. 2022-01-25 17:32:59 -08:00
Mateusz Mandera 40aa156b28 migrations: Fix RealmAuditLog creation in migration 0374. 2022-01-25 17:20:13 -08:00
Lauryn Menard ce49c4ca9e api: Add `subscription_data` details to `/update-subscription-settings`.
Adds detailed definition of objects in the `subscription_data` parameter
array for the `/update-subscription-settings` endpoint.

Fixes #20825. Follow-up to #20409.
2022-01-25 17:19:58 -08:00
Anders Kaseorg 5de6dd66a7 docs: Adjust modinfo command for Debian.
On Debian, /sbin isn’t in the default path for normal users.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-01-25 12:50:36 -08:00
Lauryn Menard 7b1597d4cf api_docs: Format required or optional detail of param object field.
Formats and moves whether a field of an object in a request
parameter is required or optional to be in the same location
and have the same formatting as the general api parameter
documentation.

Also formats any examples within the object detailed
description to be the same as the general api parameter
documentation.

Follow up to #20409.
2022-01-25 11:20:18 -08:00
Raghav Luthra 4b8cb0a8a9 docs: Uncapitalize the name for nginx.
This matches how nginx refers to itself on its own website and
documentation.

Fixes #20887.
2022-01-25 11:17:51 -08:00
Aman Agrawal ec86290e2a tippy: Fix persistent message action tooltips on icons after blur.
When users tabs through the message action icons, they used to
persist even when the focus is not on them. We manually
destroy them on blur event since tippy has some issue with
handling elements with opacity hiding effect.
2022-01-25 11:15:30 -08:00
Alex Vandiver 7ec2a2cde7 version: Update version and changelog after 4.9 release. 2022-01-24 18:46:46 -08:00
Alex Vandiver a5496f4098 CVE-2021-43799: Set a secure Erlang cookie.
The RabbitMQ docs state ([1]):

    RabbitMQ nodes and CLI tools (e.g. rabbitmqctl) use a cookie to
    determine whether they are allowed to communicate with each
    other. [...] The cookie is just a string of alphanumeric
    characters up to 255 characters in size. It is usually stored in a
    local file.

...and goes on to state (emphasis ours):

    If the file does not exist, Erlang VM will try to create one with
    a randomly generated value when the RabbitMQ server starts
    up. Using such generated cookie files are **appropriate in
    development environments only.**

The auto-generated cookie does not use cryptographic sources of
randomness, and generates 20 characters of `[A-Z]`.  Because of a
semi-predictable seed, the entropy of this password is thus less than
the idealized 26^20 = 94 bits of entropy; in actuality, it is 36 bits
of entropy, or potentially as low as 20 if the performance of the
server is known.

These sizes are well within the scope of remote brute-force attacks.

On provision, install, and upgrade, replace the default insecure
20-character Erlang cookie with a cryptographically secure
255-character string (the max length allowed).

[1] https://www.rabbitmq.com/clustering.html#erlang-cookie
2022-01-25 02:13:53 +00:00
Alex Vandiver 93a344fc3c configure-rabbitmq: Set -u, and not -x. 2022-01-25 01:52:36 +00:00
Alex Vandiver ece96c9729 configure-rabbitmq: Factor out sudo, instead of rabbitmqctl. 2022-01-25 01:52:36 +00:00
Alex Vandiver bd7deed691 upgrade: Show output from (re)starting zulip.
5c450afd2d, in ancient history, switched from `check_call` to
`check_output` and throwing away its result.

Use check_call, so that we show the steps to (re)starting the server.
2022-01-25 01:52:34 +00:00
Alex Vandiver e705883857 CVE-2021-43799: During upgrades, restart rabbitmq if necessary.
Check if it is listening on a public interface on port 25672, and if
so shut it down so it can pick up the new configuration.
2022-01-25 01:51:56 +00:00