Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zulip/zerver/tests
History
Sahil Batra 4c4caa7be4 CVE-2023-32677: Check permission to subscribe other users in invites. 
This commit updates the API to check the permission to subscribe other
users while inviting.  The API will error if the user passes the
"stream_ids" parameter (even when it contains only default streams)
and the calling user does not having permission to subscribe others to
streams.

For users who do not have permission to subscribe others, the
invitee will be subscribed to default streams at the time of
accepting the invite.

There is no change for multiuse invites, since only admins are allowed
to send them, and admins always have the permission to subscribe
others to streams.
 		2023-05-19 16:13:32 -04:00
..
fixtures narrow: Add backend support for `is:dm` narrow. 2023-04-25 09:07:08 -07:00
images
__init__.py
test_alert_words.py tests: Refactor away result.json() calls with helpers. 2022-06-06 23:06:00 -07:00
test_attachments.py upload: Rename delete_message_image to use word "attachment". 2023-03-02 16:36:19 -08:00
test_audit_log.py linkifier: Support URL templates for linkifiers. 2023-04-19 12:20:49 -07:00
test_auth_backends.py requirements: Upgrade Python requirements. 2023-05-10 19:44:47 -07:00
test_bots.py test_classes: Rename and refactor 'tornado_redirected_to_list'. 2023-04-07 09:45:26 -07:00
test_cache.py ruff: Fix N818 exception name should be named with an Error suffix. 2022-11-17 16:52:00 -08:00
test_compatibility.py ruff: Fix RSE102 Unnecessary parentheses on raised exception. 2023-02-04 16:34:55 -08:00
test_create_video_call.py tests: Refactor away result.json() calls with helpers. 2022-06-06 23:06:00 -07:00
test_custom_profile_data.py settings: Add backend code for using user email_address_visibility setting. 2023-02-10 17:35:49 -08:00
test_data_types.py
test_decorators.py zerver: Remove now-unused report/ endpoints. 2023-05-09 13:16:28 -07:00
test_digest.py black: Reformat with Black 23. 2023-02-02 10:40:13 -08:00
test_docs.py api_url_context: Replace `uri` with `url`. 2023-04-26 16:37:16 -07:00
test_drafts.py test_draft: Avoid inference with type annotation. 2022-07-26 18:00:24 -07:00
test_email_change.py settings: Add backend code for using user email_address_visibility setting. 2023-02-10 17:35:49 -08:00
test_email_log.py emails: Add new onboarding email with guide for organization type. 2023-04-10 08:38:09 -07:00
test_email_mirror.py error-bot: Remove ERROR_BOT support. 2023-04-13 14:59:58 -07:00
test_email_notifications.py requirements: Upgrade Python requirements. 2023-05-10 19:44:47 -07:00
test_embedded_bot_system.py ruff: Fix N818 exception name should be named with an Error suffix. 2022-11-17 16:52:00 -08:00
test_event_queue.py user_groups: Use check_add_user_group instead in test cases. 2023-03-27 09:05:00 -07:00
test_event_system.py scheduled_message: Send CRUD events to clients. 2023-04-28 17:25:00 -07:00
test_events.py events: Fix apply_events when raw_unread_msgs not present. 2023-05-10 13:44:35 -07:00
test_example.py emails: Add new onboarding email with guide for organization type. 2023-04-10 08:38:09 -07:00
test_external.py test_classes: Add submit_realm_creation_form helper. 2023-03-27 15:44:42 -07:00
test_github.py ruff: Fix N818 exception name should be named with an Error suffix. 2022-11-17 16:52:00 -08:00
test_gitter_importer.py auth: Remove Realm.AUTHENTICATION_FLAGS class attribute. 2023-04-18 09:22:56 -07:00
test_home.py accounts: Allow user to change email visibility during first login. 2023-05-16 13:52:56 -07:00
test_hotspots.py actions: Split out zerver.actions.create_user. 2022-04-14 17:14:35 -07:00
test_i18n.py i18n: Update translation data from Transifex. 2023-05-02 13:16:25 -07:00
test_import_export.py export: Handle RealmAuditLog with .acting_user in different realm. 2023-05-19 11:12:19 -07:00
test_integrations.py
test_integrations_dev_panel.py black: Reformat with Black 23. 2023-02-02 10:40:13 -08:00
test_internet.py ruff: Fix B017 `assertRaises(Exception):` should be considered evil. 2022-11-03 12:10:15 -07:00
test_invite.py CVE-2023-32677: Check permission to subscribe other users in invites. 2023-05-19 16:13:32 -04:00
test_legacy_subject.py tests: Consistently JSON-encode ‘to’ parameter 2022-09-13 11:05:37 -07:00
test_link_embed.py ruff: Fix ISC003 Explicitly concatenated string. 2023-01-04 16:25:07 -08:00
test_logging_handlers.py error_notify: Drop any remaining browser-side errors in RabbitMQ queue. 2023-04-13 14:59:58 -07:00
test_management_commands.py registration: Fix "Resend" link not working for realm creation. 2023-04-27 12:28:37 -07:00
test_markdown.py linkifier: Support URL templates for linkifiers. 2023-04-19 12:20:49 -07:00
test_mattermost_importer.py
test_message_dict.py linkifier: Support URL templates for linkifiers. 2023-04-19 12:20:49 -07:00
test_message_edit.py tests: Add tests to update visibility policy when target topic is empty. 2023-05-11 12:13:50 -07:00
test_message_edit_notifications.py presence: Rewrite the backend data model. 2023-04-26 14:26:47 -07:00
test_message_fetch.py url-encoding: Update URLs for direct messages. 2023-04-25 09:07:08 -07:00
test_message_flags.py test_classes: Rename and refactor 'tornado_redirected_to_list'. 2023-04-07 09:45:26 -07:00
test_message_send.py test_message_send: Move out scheduled message tests. 2023-04-28 17:25:00 -07:00
test_message_topics.py ruff: Fix N818 exception name should be named with an Error suffix. 2022-11-17 16:52:00 -08:00
test_messages.py presence: Rewrite the backend data model. 2023-04-26 14:26:47 -07:00
test_middleware.py report_error: Remove API endpoint for client error reporting. 2023-04-13 14:59:58 -07:00
test_migrations.py migrations: Backfill url_template from url format string. 2023-04-19 12:20:49 -07:00
test_mirror_users.py message: Use `recipient_type_name` for API message type references. 2023-04-18 12:29:33 -07:00
test_muted_users.py mute user: Remove unnecessary check for double muting. 2023-02-20 21:04:13 -08:00
test_new_users.py create-user: Remove notifications sent to admin realm. 2023-03-13 12:28:26 -07:00
test_notification_data.py user_groups: Use check_add_user_group instead in test cases. 2023-03-27 09:05:00 -07:00
test_onboarding.py
test_openapi.py urls: Move jwt_fetch_api_key endpoint to v1_api_mobile_patterns. 2023-04-18 15:44:31 -07:00
test_outgoing_http.py test: Replace occurences of `uri` with `url`. 2023-04-08 16:27:55 -07:00
test_outgoing_webhook_interfaces.py
test_outgoing_webhook_system.py settings: Add backend code for using user email_address_visibility setting. 2023-02-10 17:35:49 -08:00
test_populate_db.py populate_db: Import timedelta from its canonical module. 2023-03-05 14:46:28 -08:00
test_presence.py presence: Support null values in UserPresence. 2023-04-26 14:26:47 -07:00
test_push_notifications.py zilencer: Delete duplicate remote push registrations. 2023-04-13 15:17:20 -07:00
test_queue.py
test_queue_worker.py workers: Pass down if they are running multi-threaded. 2023-05-16 14:05:01 -07:00
test_rate_limiter.py ruff: Fix RSE102 Unnecessary parentheses on raised exception. 2023-02-04 16:34:55 -08:00
test_reactions.py test_classes: Rename and refactor 'tornado_redirected_to_list'. 2023-04-07 09:45:26 -07:00
test_read_receipts.py muted users: Make file naming consistent. 2023-02-10 15:39:57 -08:00
test_realm.py tests: Add coverage to actions/create_realm.py. 2023-05-11 12:13:50 -07:00
test_realm_domains.py realm_domains: Allow only owners to add, edit or delete domains. 2022-09-16 15:27:52 -07:00
test_realm_emoji.py models: Remove type prefixes from __str__ values. 2023-03-08 22:56:55 -08:00
test_realm_export.py realm_export: Return export id from POST which create it. 2023-05-16 14:05:01 -07:00
test_realm_linkifiers.py linkifier: Support URL templates for linkifiers. 2023-04-19 12:20:49 -07:00
test_realm_playgrounds.py rest: Restrict access to json views via basic auth. 2022-11-04 14:44:07 -07:00
test_redis_utils.py typing: Fix missing attribtute of RedisUtilsTest. 2022-06-23 22:05:12 -07:00
test_report.py zerver: Remove now-unused report/ endpoints. 2023-05-09 13:16:28 -07:00
test_retention.py scheduled_messages: Store the final delivered message ID. 2023-05-09 13:48:28 -07:00
test_rocketchat_importer.py data_import: Stop tar'ing up converted data. 2023-02-26 17:42:01 -08:00
test_scheduled_messages.py scheduled-messages: Add explicit test with emails for direct message. 2023-05-18 08:45:51 -07:00
test_scim.py test_scim: Add test for missing or wrong authentication. 2022-11-05 15:13:46 -07:00
test_send_email.py docs: Document how to use SMTP without authentication. 2023-02-27 11:59:48 -08:00
test_server_settings.py settings: Make SHARED_SECRET mandatory. 2022-08-25 12:13:03 -07:00
test_service_bot_system.py ruff: Fix N818 exception name should be named with an Error suffix. 2022-11-17 16:52:00 -08:00
test_sessions.py black: Reformat with Black 23. 2023-02-02 10:40:13 -08:00
test_settings.py user_settings: Add web_mark_read_on_scroll_policy field. 2023-04-18 18:32:02 -07:00
test_signup.py CVE-2023-28623: Prevent unauthorized signup with ldap + external auth. 2023-05-19 16:13:00 -04:00
test_slack_importer.py auth: Rewrite data model for tracking enabled auth backends. 2023-04-18 09:22:56 -07:00
test_slack_message_conversion.py
test_soft_deactivation.py test_classes: Create a dedicate helper for query count check. 2022-10-17 11:32:52 -07:00
test_subdomains.py subdomains: Extend tests for for same-host when STATIC_URL has domain. 2023-02-14 17:17:06 -05:00
test_submessage.py test_classes: Rename and refactor 'tornado_redirected_to_list'. 2023-04-07 09:45:26 -07:00
test_subs.py subscriptions: Change in API used for adding new subscriptions. 2023-05-14 11:19:05 -07:00
test_templates.py ruff: Fix N818 exception name should be named with an Error suffix. 2022-11-17 16:52:00 -08:00
test_thumbnail.py test: Replace occurences of `uri` with `url`. 2023-04-08 16:27:55 -07:00
test_timeout.py test_timeout: Skip test_timeout_warn on Python 3.11 for coverage issue. 2023-05-18 11:52:22 -07:00
test_timestamp.py ruff: Fix N818 exception name should be named with an Error suffix. 2022-11-17 16:52:00 -08:00
test_timezone.py ruff: Fix DTZ001 `datetime.datetime()` without `tzinfo` argument. 2023-01-04 16:25:07 -08:00
test_tornado.py test_tornado: Avoid deprecated AsyncHTTPTestCase. 2022-07-05 17:54:17 -07:00
test_transfer.py upload: Rename upload_message_file to use word "attachment". 2023-03-02 16:36:19 -08:00
test_tutorial.py web: Save a needless 301 redirect from /apps to /apps/. 2023-03-24 14:51:01 -07:00
test_typing.py message-type: Add support for "direct" as value for type parameter. 2023-04-18 12:29:33 -07:00
test_upload.py scheduled_message: Handle attachments properly. 2023-05-08 09:56:02 -07:00
test_upload_local.py test: Replace occurences of `uri` with `url`. 2023-04-08 16:27:55 -07:00
test_upload_s3.py test: Replace occurences of `uri` with `url`. 2023-04-08 16:27:55 -07:00
test_urls.py auth: Remove Realm.AUTHENTICATION_FLAGS class attribute. 2023-04-18 09:22:56 -07:00
test_user_groups.py error-bot: Remove ERROR_BOT support. 2023-04-13 14:59:58 -07:00
test_user_status.py test_classes: Rename and refactor 'tornado_redirected_to_list'. 2023-04-07 09:45:26 -07:00
test_user_topics.py test_classes: Rename and refactor 'tornado_redirected_to_list'. 2023-04-07 09:45:26 -07:00
test_users.py users: Set tos_version to -1 for users who have not logged-in yet. 2023-05-16 13:52:56 -07:00
test_webhooks_common.py black: Reformat with Black 23. 2023-02-02 10:40:13 -08:00
test_widgets.py tests: Consistently JSON-encode ‘to’ parameter 2022-09-13 11:05:37 -07:00
test_zcommand.py tests: Refactor away result.json() calls with helpers. 2022-06-06 23:06:00 -07:00
test_zephyr.py zephyr: Check PERSONAL_ZMIRROR_SERVER before updating cache. 2022-08-12 17:08:04 -07:00