Commit Graph

19 Commits

Author SHA1 Message Date
Philip Skomorokhov 866a7b06b2 upload: Limit total size of files uploaded by a user to 1GB.
Fixes #3884.
2017-03-04 18:08:30 -08:00
Tim Abbott 20f9c04ab5 decorator: Add logging data to zulip_login_required.
This fixes an issue that many logged=in pages such as /stats did not
correctly report either the connecting client or the user in server
logs.
2017-02-20 21:15:44 -08:00
Tim Abbott 473c0ee1fe mypy: Remove now-unused type: ignores. 2017-02-18 17:01:01 -08:00
Yago González 7fe090f902 translations: Improve some poorly-worded strings. 2017-01-28 18:04:17 -08:00
Rishi Gupta cf762eaf84 Change X.realm.id to X.realm_id across codebase.
This makes it more clearly the pattern in the Zulip codebase, and thus
decreases the risk of accidentally doing database queries.
2017-01-03 16:46:26 -08:00
Umair Khan fd9dd51d16 Url encoded name of the file should be an ascii.
The url encoded name of the file should not be a unicode. This
results in an error when we later try to unquote it.

Fixes: #1803
2016-09-26 21:13:34 -07:00
Tim Abbott 939528303d upload: Add type: ignore for mimetypes.guess_type stubs issue. 2016-09-19 21:40:08 -07:00
Steve Howell 1c37c0e93f uploads: Remove redir=False codepath for serving S3 files.
It does not seem that we need to support this any more.  Eliminating
the code gets us to 100% line coverage with our tests on view/uploads.py.
2016-09-17 12:13:07 -07:00
Steve Howell a630bbf8b8 uploads: Remove dead code in serve_local(). 2016-09-17 12:13:07 -07:00
Tim Abbott b2a24e0306 Revert "Add authorization check before serving files."
This reverts commit e985b57259.

This commit will break production when we next do a release, because
we haven't done a migration to create Attachment objects for
previously uploaded files.
2016-06-27 12:09:56 -07:00
rahuldeve e985b57259 Add authorization check before serving files. 2016-06-27 11:24:35 -07:00
rahuldeve 674def30ee Add support for serving files using API authentication.
Also remove 'get_uploaded_file' view function and the corresponding
old '/user_upload/' url pattern.
2016-06-27 11:00:41 -07:00
Tim Abbott 79570f99c2 json_upload_file: Remove unnecessary has_request_variables. 2016-06-27 10:29:30 -07:00
Tim Abbott 8272fb4a94 zerver.views.upload: Move upload functions later in file. 2016-06-27 10:28:09 -07:00
rahuldeve fa13582ffb Serve uploaded files through get_uploaded_file in development.
Previously, uploaded files were served:
* With S3UploadBackend, via get_uploaded_file (redirects to S3)
* With LocalUploadBackend in production, via nginx directly
* With LocalUploadBackend in development, via Django's static file server

This changes that last case to use get_uploaded_file in development,
which is a key step towards being able to do proper access control
authorization.

Does not affect production.
2016-06-09 22:58:25 -07:00
Tim Abbott 13bac1cc2a Fix serving files uploaded to S3.
This was broken by the refactoring to realm_id_str in:
a261a6bbac.
2016-06-09 21:55:50 -07:00
rahuldeve 3e3462da0d Refactor zerver.lib.upload.upload_message_image_through_web_client.
upload_message_image_through_web_client -> upload_message_image_from_request
2016-06-09 21:09:12 -07:00
rahuldeve ed83bb7f54 Refactor zerver.views.upload. 2016-06-08 09:49:14 -07:00
Tim Abbott bc2961d3ac Refactor file upload routes to their own file. 2016-06-06 16:09:05 -07:00