Go to file
Mateusz Mandera 06c2161f7e auth: Use zxcvbn to ensure password strength on server side.
For a long time, we've been only doing the zxcvbn password strength
checks on the browser, which is helpful, but means users could through
hackery (or a bug in the frontend validation code) manage to set a
too-weak password.  We fix this by running our password strength
validation on the backend as well, using python-zxcvbn.

In theory, a bug in python-zxcvbn could result in it producing a
different opinion than the frontend version; if so, it'd be a pretty
bad bug in the library, and hopefully we'd hear about it from users,
report upstream, and get it fixed that way. Alternatively, we can
switch to shelling out to node like we do for KaTeX.

Fixes #6880.
2019-11-21 10:23:37 -08:00
.circleci circleci: Store XUnit test results. 2019-07-07 22:31:11 -07:00
.github github: Suggest GIFs too in PR template. 2018-02-16 09:59:22 -08:00
.tx cleanup: Delete trailing newlines. 2019-08-06 23:29:11 -07:00
analytics mypy: Upgrade from 0.730 to 0.740. 2019-11-13 12:38:45 -08:00
confirmation confirmation: Set confirmation object realm attribute in realm reactivation. 2019-10-21 16:52:46 -07:00
corporate corporate: Consistently use delivery_email for billing. 2019-11-18 17:02:57 -08:00
docs message_edit: Add message edit local echo. 2019-11-20 17:40:19 -08:00
frontend_tests message_edit: Add message edit local echo. 2019-11-20 17:40:19 -08:00
locale i18n: Update translation data from Transifex. 2019-11-06 14:45:03 -08:00
pgroonga migrations: Remove unused imports. 2019-02-02 17:01:04 -08:00
puppet mypy: Upgrade from 0.730 to 0.740. 2019-11-13 12:38:45 -08:00
requirements auth: Use zxcvbn to ensure password strength on server side. 2019-11-21 10:23:37 -08:00
scripts scripts: Move inline-email-css from tools to scripts. 2019-11-15 17:39:42 -08:00
static js: Automatically convert var to let and const in remaining files. 2019-11-20 23:04:01 -08:00
stubs mypy: Remove daemon mode. 2019-08-25 15:04:12 -07:00
templates settings: Add notification settings checkboxes for wildcard mentions. 2019-11-20 16:58:46 -08:00
tools CVE-2019-18933: Fix insecure account creation via social authentication. 2019-11-21 10:23:37 -08:00
zerver auth: Use zxcvbn to ensure password strength on server side. 2019-11-21 10:23:37 -08:00
zilencer push_notifications: Clear PushDeviceToken on API key change. 2019-11-19 15:37:43 -08:00
zproject auth: Use zxcvbn to ensure password strength on server side. 2019-11-21 10:23:37 -08:00
zthumbor zthumbor: Clean up type ignores. 2019-08-09 17:42:33 -07:00
.browserslistrc webpack: Transpile JS code with Babel. 2019-07-22 17:55:32 -07:00
.codecov.yml codecov: Change threshold to use percentage syntax. 2019-07-20 14:37:04 -07:00
.editorconfig editorconfig: Set JS max_line_length = 100, to match eslintrc. 2019-10-14 17:32:38 -07:00
.eslintignore blueslip: Apply ESLint. 2019-11-01 12:13:59 -07:00
.eslintrc.json js: Automatically convert var to let and const in remaining files. 2019-11-20 23:04:01 -08:00
.gitattributes Revert "gitattributes: Mark yarn.lock as "binary", i.e. suppress diffs." 2019-05-20 19:31:14 -07:00
.gitignore i18n: Move static/locale back to locale. 2019-07-02 14:57:55 -07:00
.gitlint lint: Allow revert commit messages in gitlint. 2018-02-13 09:21:01 -08:00
.isort.cfg tornado: Fix logging of tornado activity level. 2018-04-17 15:59:01 -07:00
.npmignore Add proxy notes to new README.dev.md troubleshooting section. 2016-03-29 21:54:05 -07:00
.stylelintrc lint: Ban color names in CSS. 2019-01-22 15:33:18 -08:00
.travis.yml ci: Move backend and production tests to Ubuntu 16.04 (xenial). 2019-05-24 17:07:15 -07:00
.yarnrc .yarnrc: Set ignore-scripts true. 2019-08-28 16:15:54 -07:00
CODE_OF_CONDUCT.md docs: Add clarifying comma in CODE_OF_CONDUCT.md. 2019-04-05 18:01:37 -07:00
CONTRIBUTING.md docs: Update GSoC/GSoD ideas pages. 2019-10-29 16:07:10 -07:00
Dockerfile-postgresql search: Remove now unnecessary tsearch_extra dependency. 2019-08-29 12:49:26 -07:00
LICENSE license: Move license application notice from LICENSE to NOTICE. 2018-10-02 12:04:44 -07:00
NOTICE license: Move license application notice from LICENSE to NOTICE. 2018-10-02 12:04:44 -07:00
README.md README: Improve links to coverage/CI to point to master. 2019-10-01 15:31:55 -07:00
Vagrantfile Revert "vagrant: Add NFS backend for file synchronization for OSX." 2019-08-12 16:04:00 -07:00
babel.config.js babelrc: Replace with babel.config.js. 2019-10-17 16:48:23 -07:00
manage.py manage.py: Revert sabotaging pika.adapters.twisted_connection import. 2019-01-31 10:04:28 -08:00
mypy.ini settings: Turn on mypy checking. 2019-11-13 12:38:45 -08:00
package.json dependencies: Upgrade simplebar from 4.2.3 to 5.0.7. 2019-11-13 12:46:29 -08:00
postcss.config.js webpack: Move CSS minification to optimization stage. 2019-09-02 21:58:13 -07:00
tsconfig.json tsconfig: Move to top level. 2019-11-04 18:12:11 -08:00
version.py auth: Use zxcvbn to ensure password strength on server side. 2019-11-21 10:23:37 -08:00
yarn.lock dependencies: Upgrade simplebar from 4.2.3 to 5.0.7. 2019-11-13 12:46:29 -08:00

README.md

Zulip overview

Zulip is a powerful, open source group chat application that combines the immediacy of real-time chat with the productivity benefits of threaded conversations. Zulip is used by open source projects, Fortune 500 companies, large standards bodies, and others who need a real-time chat system that allows users to easily process hundreds or thousands of messages a day. With over 500 contributors merging over 500 commits a month, Zulip is also the largest and fastest growing open source group chat project.

CircleCI branch Coverage Status Mypy coverage GitHub release docs Zulip chat Twitter

Getting started

Click on the appropriate link below. If nothing seems to apply, join us on the Zulip community server and tell us what's up!

You might be interested in:

You may also be interested in reading our blog or following us on twitter. Zulip is distributed under the Apache 2.0 license.