Commit Graph

45482 Commits

Author SHA1 Message Date
somesh202 219ecea659 people: Extract helper functions for medium avatar urls.
The new is obviously parallel with the small avatar URL construction,
and allows us to deduplicate this construction between the popovers
and full user profile logic for getting a medium avatar URL.

Fixes #20140.
2021-12-02 14:56:34 -08:00
Aini-Alem Robertson e9d80390cc stats: Remove complex regex badly implementing toLocaleString.
This regular expression to add commas to a large number is hard to
read and produces less useful output than using the standard browser
API for doing this.

Fixes #20416.
2021-12-02 14:35:56 -08:00
Sahil Batra fc8db93f36 settings: Disable spectator access setting when server setting is False.
We disable the enable_spectator_access setting when the server level
setting, WEB_PUBLIC_STREAMS_ENABLED setting is set to False.

This commit adds a new argument is_disabled to settings_checkbox which
is used to disable the checkbox and set the color of label accordingly.

This commit also adds a help-link besides the label pointing to
"/help/web-public-streams" which is shown irrespective of the
setting being enabled or disabled.

Fixes #20417.
2021-12-02 14:33:51 -08:00
Sahil Batra 03a91a8b77 settings: Remove render_only parameter from enable_spectator_access checkbox.
The render_only parameter was passed to settings_checkbox partial of
realm_enable_spectator_access to hide the setting if the server-level
setting is set to False, but it was incorrect since we do not pass
page_params dict to the template and this was not working.

Initialy the render_only was set as page_params.development_environment
and then to page_params.server_web_public_streams_enabled in 260851cd0.
Both of these were incorrect since page_params is undefined in this
template.

We have now decided to disable the setting instead of hiding and this
will be done in next commit and this commit removes the render_only
parameter since it is not working anyways.
2021-12-02 14:33:51 -08:00
Sahil Batra eb50641af3 settings: Remove is_nested parameter and disableable class.
The is_nested paramter in settings_checkbox.hbs used to
set disableable class in the div element is not used
anywhere and thus we can remove both the is_nested parameter
and disableable class.

The is_nested paramater was first added in 3e0b420423 and
disableable class was added in 706f422c3.

The use of is_nested parameter was removed in a501abf3a1.
2021-12-02 14:33:51 -08:00
alguimo 8ae6e1b718 settings: Remove Unset and Disable buttons when no permissions.
This makes the UI for users browsing organization permissions a bit
less confusing; if they can't edit anything, they shouldn't have these
extra little buttons.

Fixes #20002.
2021-12-02 14:32:01 -08:00
Ganesh Pawar 19c4a63d51 move_topic_modal: Use `dialog_error` to display error.
Fixes #20210
2021-12-02 14:02:27 -08:00
Ganesh Pawar f4dac2dd77 minor: Pass the error function to channel call in with_first_message_id.
We accidentally passed `error_cb` to the `get` function when it should
have been `error`.
2021-12-02 14:02:27 -08:00
Ganesh Pawar 4ccaff6e32 modal: Hide, instead of empty, the dialog error element.
Consider a modal with an error element displayed. When a user clicks
the submit button, the current behaviour is to empty the element. This
empties the inner HTML of the error element, but the CSS makes it still
visible, just empty. This looks bad. To avoid this, we hide the element.
We use the `ui_report` module to display errors, which adds the `show`
class to the error element every time an error is to be displayed. This
makes sure that the error element isn't hidden when the user re-clicks
the submit button while the modal is still open.
2021-12-02 14:02:27 -08:00
Mateusz Mandera 72e5664031 semgrep: Enforce use of get_object_from_key for Confirmation fetching.
get_object_from_key should be used when trying to fetch a Confirmation
object. There are some places that need to make
Confirmation.objects.filter(...) queries, so we can't completely ban the
pattern, but we can ban .get(...) and
.filter(..., confirmation_key=..., ...).
2021-12-02 12:05:08 -08:00
Tim Abbott 92d717b8a5 accounts: Improve code documentation for confirmation endpoint. 2021-12-02 09:50:41 -08:00
Mateusz Mandera 53a44a17e0 check_prereg_key: Raise exception in case of validation failure.
The code is cleaner when this raises an exception that can be translated
into an error response by the caller.
2021-12-02 09:50:41 -08:00
Mateusz Mandera 39ce424fd5 confirmation: Delete rendundant confirmation_link_expired_error page.
This template provides nothing that link_expired.html does not and is
redundant.
2021-12-02 09:50:41 -08:00
Mateusz Mandera 4a030f616f auth: Improve Confirmation link error handling in social auth codepath.
render_confirmation_key_error provides better error responses than
simply rendering the "link expired" template.
2021-12-02 09:50:41 -08:00
Mateusz Mandera 7c5daac8b6 get_object_from_key: Accept multiple allowed Confirmation types.
This allows making check_prereg_key significantly cleaner.
2021-12-02 09:50:41 -08:00
Mateusz Mandera f40b39ba0e registration: Make check_prereg_key return PreregistrationUser. 2021-12-02 09:50:41 -08:00
Steve Howell 42061359a9 dead code: Kill off most of html_branches.
The code that was removed here was intended
for tooling that either never got built or
became obsolete.
2021-12-02 09:49:10 -08:00
Steve Howell 5a5dcd6962 minor: Streamline IGNORE_IDS in check-templates. 2021-12-02 09:49:10 -08:00
Steve Howell c0d72ba236 check-templates: Avoid duplicate tokenizing step.
Now we only tokenize the file once, and we pass
**validated** tokens to the pretty printer.

There are a few reasons for this:

    * It obviously saves a lot of extra computation
      just in terms of tokenization.

    * It allows our validator to add fields
      to the Token objects that help the pretty
      printer.

I also removed/tweaked a lot of legacy tests for
pretty_print.py that were exercising bizarrely
formatted HTML that we now simply ban during the
validation phase.
2021-12-02 09:49:10 -08:00
Steve Howell 0decfa8da0 check-templates: Remove prevent_dangling_tags.
This was a misfeature--it occasionally flagged
code that was ugly but necessarily ugly to
ensure proper rendering.
2021-12-02 09:49:10 -08:00
Steve Howell 6152bed378 check-templates: Prevent excessive newlines. 2021-12-02 09:49:10 -08:00
Steve Howell 6fc445ddd9 check-templates: Defer some indentation checks.
This accomplishes a few things:

    * lighten the load for the main validation loop
    * defer indentation checks until we are sure the author
      even knows how to match up tags
    * add some info to the Token objects that we may soon
      consume in our pretty-printer
2021-12-02 09:49:10 -08:00
Steve Howell f1fa9bff83 refactor: Extract tag_flavor(). 2021-12-02 09:49:10 -08:00
Steve Howell c6799c0903 refactor: Move logic for HTML_VOID_TAGS.
This sets up for the next commit.
2021-12-02 09:49:10 -08:00
Steve Howell c4b181a169 check-templates: Insist on 4-space indents.
We now complain about programmers who don't use
4-space indents in template files, rather than
letting the pretty printer fix them.

This is partly just to simplify the pretty printer
code (in future commits), but it also makes the
symptom more obvious to newbie developers. They
are probably just as able to react to the direct
error messages as they are able to figure out how
to read diffs from the pretty printer and grok
the --fix syntax. And once they learn the convention
and configure their editor, it should then be a
one time problem.
2021-12-02 09:49:10 -08:00
Steve Howell 2f0f27b841 templates: Fix minor whitespace errors.
(we also add validation)
2021-12-02 09:49:10 -08:00
Steve Howell a744e38e67 check-templates: Make parser more thorough (and faster).
We now create tokens for whitespace and text, such that you
could rebuild the template file with "".join(token.s for
token in tokens).

I also fixed a few bugs related to not parsing
whitespace-control tokens.

We no longer ignore template variables, although we could do
a lot better at validating them.

The most immediate use case for the more thorough parser is
to simplify the pretty printer, but it should also make it
less likely for us to skip over new template constructs
(i.e. the tool will fail hard rather than acting strange).

Note that this speeds up the tool by almost 3x, which may be
slightly surprising considering we are building more tokens.
The reason is that we are now munching efficiently through
big chunks of whitespace and text at a time, rather than
checking each individual character to see if it starts one
of the N other token types.

The changes to the pretty_print module here are a bit ugly,
but they should mostly be made irrelevant in subsequent
commits.
2021-12-02 09:49:10 -08:00
Steve Howell 2eac0560b2 check-templates: Explicitly skip comment tags. 2021-12-02 09:49:10 -08:00
Steve Howell 7f651b6aa2 refactor: Remove pseudo singleton end tags.
These aren't necessary any more.
2021-12-02 09:49:10 -08:00
Steve Howell 2f5ae1a54b check-templates: Be more flexible with inline tags.
We now only complain about inline tags having mismatched
indents if the author clearly tried to format them as
blocks.
2021-12-02 09:49:10 -08:00
Steve Howell d197813b88 check-templates: Extract/improve report_problem.
We extract the function for modularity and to
allow early-return.

We also add checks for "else" and improve a few
error messages.
2021-12-02 09:49:10 -08:00
Steve Howell 00e80b8c91 tools: Remove pretty-print-html.
This tool has been unmaintained since our initial code
sweep to fix templates, and it has possibly bit-rotted
during unrelated code sweeps like introducing mypy, etc.

It's not documented anywhere.

The preferred method now is to run:

    ./tools/check-templates --fix
2021-12-02 09:49:10 -08:00
Steve Howell 5b75a7373c minor: Clean up jobs.html template. 2021-12-02 09:49:10 -08:00
Aman Agrawal a91fac75ce narrow: Check if narrow is spectator compatible before activation. 2021-12-02 09:44:00 -08:00
Aman Agrawal 0254187771 hotkey: Disable message interaction for spectators with keyboard. 2021-12-02 09:44:00 -08:00
Aman Agrawal b72a9c1261 reactions: Don't create local echo for reactions at a common point.
update_ui_and_send_reaction_ajax is called from hotkeys, popovers,
reaction clicks, etc. but it is the common point to deny
spectator from creating a reaction local echo.
2021-12-02 09:44:00 -08:00
Ganesh Pawar d3a47b3a83 edit_bot_modal: Fix puppeteer test flake.
This replaces the old way of waiting for the modal to be
hidden or shown with micromodal-specific ones.
2021-12-02 09:31:32 -08:00
Alex Vandiver f31bf3f06c puppet: Install camo on Docker.
Now that go-camo runs within supervisor, it can be run in Docker
simply.

Fixes #20101.
Fixes zulip/docker-zulip#179.
2021-12-02 09:25:00 -08:00
Alex Vandiver 358a7fb0c6 puppet: Read camo secret at startup time, not at puppet-apply time.
Writing the secret to the supervisor configuration file makes changes
to the secret requires a zulip-puppet-apply to take hold.  The Docker
image is constructed to avoid having to run zulip-puppet-apply on
startup, and indeed cannot run zulip-puppet-apply after having
configured secrets, as it has replaced the zulip.conf file with a
symlink, for example.  This means that camo gets the static secret
that was built into the image, and not the one regenerated on first
startup.

Read the camo secret at process startup time.  Because this pattern is
likely common with "12-factor" applications which can read from
environment variables, write a generic tool to map secrets to
environment variables before exec'ing a binary, and use that for Camo.
2021-12-02 09:25:00 -08:00
Anders Kaseorg 5344e86c57 requirements: Upgrade Python requirements.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-12-02 08:16:20 -08:00
Palash a444560684 onboarding: Replace 'edit profile' with 'profile' in bot command list.
And change the tests accordingly.
2021-12-02 08:12:51 -08:00
Ketan1502 0a2649d9fe left sidebar: Add titles for remaining global filters.
Fixes part of #20284.
2021-12-01 17:07:55 -08:00
Alya Abbott 8070b84785 help center: Remove outdated intro from index page. 2021-12-01 17:05:59 -08:00
Palash 6404b7bf61 onboarding: Make Welcome Bot more interactive.
1. The initial welcome message now contains less detail.
2. The bot now responds to these commands: "apps", "edit profile",
"dark mode", "light mode", "streams", "topics", "message formatting",
"keyboard shortcuts" and "help" - the bot still responds if there are
slight variations in these commands.
3. Tests have been made to check if bot responds to the advertised
commands (with variations) and gives a negative message if it doesn't
understand the message.

With substantial tweaks by tabbott.

Fixes #19900.
2021-12-01 16:30:48 -08:00
Palash 67f35d913a capitalization: Add 'I understand' to the IGNORED_PHRASES list.
String 'Here are a few messages I understand:'(next commit) was failing
./tools/check-capitalization check because of the capital I. I added
'I understand' to the IGNORED_PHRASES list in tools/lib/capitalization.py.

Adding "I" was working as well but didn't seem to me as a very great fix.
Strangely enough, adding " I " to the list made the test fail again
(With a lot of failed strings this time) as mentioned in the following
CZO thread.

Relevent CZO chat -
https://chat.zulip.org/#narrow/stream/49-development-help/topic/capitalization.20confusion.2E
2021-12-01 15:47:24 -08:00
Alex Vandiver 54d037f24a version: Update version and changelog after 4.8 release. 2021-12-01 23:42:11 +00:00
Mateusz Mandera a014ef75a3 CVE-2021-43791: Validate confirmation keys in /accounts/register/ codepath.
A confirmation link takes a user to the check_prereg_key_and_redirect
endpoint, before getting redirected to POST to /accounts/register/. The
problem was that validation was happening in the check_prereg_key_and_redirect
part and not in /accounts/register/ - meaning that one could submit an
expired confirmation key and be able to register.

We fix this by moving validation into /accouts/register/.
2021-12-01 23:14:04 +00:00
Mateusz Mandera a1cd660147 confirmation: Use error status codes for confirmation link error pages. 2021-12-01 23:14:04 +00:00
Tim Abbott 9875c9be1b stream_data: Fix web_public option defintion being development only.
The availability of this option is now controlled by fancier logic in
stream_settings_ui.js, but we neglected to remove this
development_environment guard when doing so, resulting in stream
creation being broken in production environments (because the
JavaScript code depended on this value being available).
2021-12-01 14:08:16 -08:00
Eeshan Garg f976bf723e links: Rename developer-community -> development-community. 2021-12-01 13:41:46 -08:00