Apparently, Django's CSRF protection mechanism changed at some point,
and now we get a different CSRF token every time the webapp is loaded.
This, in turn, caused our reload logic to avoid losing state to be
completely ineffective, since the CSRF check in reload.initialize
always failed.
We fix this in a secure fashion by passing the reload instructions
from the browser to its reloaded self via localstorage, keyed by a
randomly generated token. The token randomization is primarily
relevant for handling several Zulip tabs in the same browser, but also
servers to make it very difficult for an attacker to ever trigger this
code path by redirecting a browser to `/#reload` URLs.
Fixes#3411.
Fixes#3687.
This was actually being done in 2 ways: via not saving the narrow in
the reload and second through calling `change_tab_to('#home')`. The
code is so ancient that it seems unlikely that this behavior was still
intentional.
Fixes part of #3687 (the remainder is fixed in a few commits).
We now track our inbound timing events using code in
typing_data.js.
This code may be a little more robust with variations on how
recipients are represented in events, although there are no known
bugs here.
This change moves most of the logic related to starting and
stopping outbound typing indicators to a new module called
typing_status.js that is heavily unit tested.
While this was in some sense a rewrite, the logic was mostly
inspired by the existing code.
This change does fix one known bug, which is that when we
were changing recipients before (while typing was active), we
were not stopping and starting typing indicators. This was
a fairly minor bug, since usually users leave the compose
box to change recipients, and we would do stop/start under
that scenario. Now we also handle the case where the user
does not leave the compose box to change recipients.
Previously, we would let the backend pick a color and send it to the
frontend; then the frontend would ignore that color and pick a
different color and send it to the backend, which would in turn resync
to us.
Fixes#3572.
Fixes#3858.
This fixes two bugs:
* If a user is not subscribed to a default stream, he or she would not
be have the option to invite users to that default stream.
* The initial streams checked in the invite modal were the
non-invite-only streams the user was subscribed to, not their
default streams.
Fixes: #4209.
The old code may have had some subtle bugs related to sorting of
ids or stringification or failed Dict lookups. The new data
layer should be more robust. We had some tracebacks recently
from the old code, and they should go away now.
This fixes the styling to stay on the screen of most reasonably sized
monitors along with extending the JavaScript code to allow for the
video to be keyed to in the lightbox.
This fixes the hubot text that still stays when you transition to
integration details along with fixing the first animation that is
choppy and previews briefly before fading in.
Fixes#4210.
Replacing file input doesn't work for value clearing. The best
way is to clean value directly, which excludes accidentally adding
wrong file after upload-widget validation error.
This makes it much more convenient to close the emoji reactions
popover after opening it with the hotkeys.
It'd be great if we had a test suite for escape so that we could add
tests for this.
Fixes part of #4197.
This is kinda hacky and probably not how we want this to work
long-term, but I think it's a larger refactoring project to make this
part of the model make sense.
Checking by href is a flawed approach due to the fact that hashes
are included in the href and will throw off the results of
returning the last block in a path. The window.location.pathname
property is a much better indicator of the current path.
If a url is present in stream description, it will be
rendered as a clickable link under /streams page.
Tweaked by tabbott to use the separate rendered_description element to
avoid duplicate rendering and to live-update.
Fixes#1435.
iOS doesn’t seem to play nice with the web socket library we are using
them, so disable use of websockets for sending messages until we can
fix that.
Fixes#2306.
Instead of passing in a hash to template whose keys are a
mixture of records and strings, we now pass in an
array of records. This also removes a spurious if condition
in the template that was a result of the janky data structure.
We were incorrectly appending all the emoji into the emoji picker
every time it was opened, rather than just once.
Note by tabbott: Arguably this isn't the right fix, in that it might
be better to just render the emoji picker once at the beginning. But
this definitely fixes the bug.
Fixes#3952.
This was regressed in 89e17e1aee.
At least one of the symptoms was that we weren't updating the
activity list properly. This could also cause tracebacks in
compose fade logic.
This adds an image feed that you can scroll through with hotkeys
in the lightbox.
The left and right arrow keys along with the left and right arrows
will go to the prev/next image, and clicking on an image will also
take a user to that image.
This fixes a bug where newly received very-long messages would only
sometimes be collapsed properly until a second message arrived
(whether it did the right thing dependened on whether the new message
had the same recipient or a different recipient from other arriving
messages).
Apparently, we correctly called condense.condense_and_collapse in all
but one of the codepaths of `render` that add new messages. This
adds a call on the missing codepath.
Fixes#3978.
This adds an organization description field to the Realm model, as well as
an input field to the organization settings template. Added three tests.
Set the max length of the field to 100 characters.
Fixes#3962.
On realms with ``should_list_all_streams() == False``, previously, we
would subscribe a user to a stream, but also incorrectly show the stream
creation dialog.
Instead, we act as if the stream was newly created.
This change makes our dependency on compose.stream_name() happen
in sort_recipients, so we compute it only once, and we can
more easily break the circular dependency.
This also fixes the error associated with view on toggle deactivation.
Now, on deactivating a bot, the bot-name and bot-email should strike-out.
And on reactivating a bot, the bot-name and bot-email should remove strike-out.
Toggle edit button on bot activation/deactivation.
Fixes#3413.
Send typing notification events when user types in the compose box.
Listen for these events and display a notification.
Sending notifications: Notifications are throttled, so that start
notifications are sent every 10 seconds of active typing, and stop
notifications are sent 5 seconds after active typing stops or when the
compose box is closed.
Displaying notifications:
When a typing notification is received, if the current narrow is private
messages or is: pm-with and the user is not the sender,
"Othello is typing..." is displayed underneath the last message. This notification is
removed after 15 seconds. If another notification is received during this period, the
expiration is extended. When a stop notification is received the notification is removed.
Internally, a list of users currently typing is maintained for each
conversation (in a dict). When an event is received the list (for the appropriate
conversation) is updated and the notifications template is re-rendered
based on the narrow information. This template is also re-rendered when
the narrow changes.
Significantly modified by tabbott for clarity.
Fixes#150.
We now correctly pass the list item for a user to the function
compose_fade.update_one_row().
This regression started happening in the recent commit of
eece725073. Before that commit,
compose-fade was broken in a different way.
Testing this fix requires creating a stream and opening the compose
box in one window. Then, in the other window, have a user not
subscribed to the stream log on for the first time. Be careful
to make sure you flip back to the other browser tab quickly, and
you should see the new user grayed out. (You can get a false
positive if you wait too long, because the periodic update was
correctly fading before this fix.)
This fixes the a call being made in ui.js that prevents all scroll
events from occurring while a modal is displayed.
This used to be necessary back in 2012 as modals didn't require
scrolling and would affect background scrolling, however it isn't
required anymore.
Our JS/CSS now only uses the user-fade class for elements
that have the user-sidebar-entry class. This should prevent
bugs related to having doubly opaque elements.
We now have specific HTML/CSS classes for message fading and
user fading. They currently both have the same effect, changing
opacity, but we can now more easily treat them differently.
This change also removes "faded" attributes in compose-fade,
which avoids some confusion related to landing pages having
a "faded" class as well.
All open modals now should have the selector ".overlay.show",
so checking if a modal is open is as simple as checking the length
of the selection ".overlay.show".
Fixes#3655.
This consolidates all actions to close modals into modals.js and
triggers the correct cleaning/collapsing function dependent on what the
data-overlay attribute is labeled as.
It also ensures these all have an e.stopPropagation().
Fixes#4029.
This allows for users to resize the message compose box without it
collapsing back down to jQuery autosize’s preferred height.
When you hide the compose box and then re-show it, it keeps the
previous height but reactivates the jQuery module.
Fixes: #2236.
The main issue is that it wasn't doing the correct comparison; the old
logic that subtracted the viewport.scrollTop() was incorrect for how
our popovers seem to work.
Partially fixes#3741.
Previously, the code to hide "Change email" button on page load when
email changes are disabled was present in settings.js using jquery to
hide the button. Now, the show/hide is handled in the account-settings handlebars.
This fix prevents us from calling the resize library for nearly
every single keydown event in the app (ouch!). Realistically,
this performance improvement only impacts folks who turned on
the autoscroll_forever feature, but it should be a significant
speed-up for them. We should go further with this fix, but the
main damage is undone.
We simplify hotkey mappings by using different hashes for
keydown and keypress events. There are browser bugs (iOS, for
example) where keypress events have the wrong keyCode values.
This led us, under iOS, to interpret "!" as "page up."
This fix also helps us disinguish escape from shift-escape.
Brock Whittaker helped on figuring out the keypress/keydown
issues that are addressed in this commit.
Fixes#4019
We have a somewhat janky mechanism for rendering message edits,
and before this fix, we were not unblurring the text boxes when
we closed the message editing session with the escape key, which
made it so that the escape key was unusable.
We had some ancient logic for typeaheads that was supposed to be
Firefox-specific, but I can't reproduce the code even running under
Firefox, and even if it did, it was returning true instead of false
for a long time, so I suspect the code has been wrong/irrelevant for
a long time.
When checking for hotkeys related to popovers, we avoid making
the external call for keys that won't be important for popovers.
This mostly helps testing.
Only check to see if the compose send button is in focus if
we dealing with backspace/shift_tab. As the comment notes here,
these sections of code are somewhat dubious.
This was originally introduced in
025b79d98b, which is far back in ancient
history when compose had a different shape (predates enter-sends,
too), and regardless, this code never affected anything but zulip.com.
This fixes the mobile web experience for Chrome on iOS.
Apparently, Chrome-on-iOS silently has a `viewport` module that
overrides and user-defined module by that name, causing all of our
code that accesses the viewport module to not work on that platform.
We fix this by renaming it.