Previously, when a message move request was made with
propagate_mode="change_all" using a message that had passed the
time limit, the error was "The time limit for editing this
message's topic/channel has passed." — the same error used for
change_one/change_later moves. We do have code to return how
many messages can be moved along with the first movable message
ID, but it only ran when the request message itself was within
the time limit.
Skip the per-message time limit check for "change_all" requests
and let check_time_limit_for_change_all_propagate_mode handle
them, so the response always reports how many messages can be
moved even when the request message is past the deadline. This
lets clients fall back to "change_later" with the returned
message ID to move the allowed messages.
When no messages in the topic can be moved, the error is now
"The time limit for moving this topic has passed." instead of
the generic "The time limit for editing this message's
topic/channel has passed.", making it clear that the entire
topic is past the deadline and avoiding the confusing
"this message's" phrasing when the move was triggered from the
topic popover or message header row from the webapp UI and not
from a particular message related UI.
Fixes#38930.
Zulip production suite / ${{ matrix.name }} (zulip/ci:bookworm, --test-custom-db, Debian 12 production install with custom db name and user, bookworm) (push) Has been cancelled
Zulip production suite / ${{ matrix.name }} (zulip/ci:jammy, , Ubuntu 22.04 production install and PostgreSQL upgrade with pgroonga, jammy) (push) Has been cancelled
Previously, the `require_e2ee_push_notifications` setting would
send legacy push notifications with redacted content.
Now, legacy push notifications are skipped entirely when this
setting is enabled, so only clients supporting E2EE will receive
push notifications.
Signed-off-by: Prakhar Pratyush <prakhar@zulip.com>
Zulip production suite / ${{ matrix.name }} (zulip/ci:bookworm, --test-custom-db, Debian 12 production install with custom db name and user, bookworm) (push) Has been cancelled
Zulip production suite / ${{ matrix.name }} (zulip/ci:jammy, , Ubuntu 22.04 production install and PostgreSQL upgrade with pgroonga, jammy) (push) Has been cancelled
This removes
- an unclear fuzzy syntax that had been incorrectly accepted by our
`<time:…>` Markdown extension and could not be reproducibly parsed
without a specific Python library (even the UNIX timestamp part did
not work reliably: some UNIX timestamps were instead parsed as
YYYYMMDD);
- a fundamentally ambiguous ad-hoc list of three-letter timezone
abbreviations that we had needed to manually disambiguate by some kind
of subjective popularity;
- an unpleasant dependency of the `pg_backup_and_purge` script that we
had needed to install system-wide because there might not be a
virtualenv set up.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
Zulip production suite / ${{ matrix.name }} (zulip/ci:bookworm, --test-custom-db, Debian 12 production install with custom db name and user, bookworm) (push) Has been cancelled
Zulip production suite / ${{ matrix.name }} (zulip/ci:jammy, , Ubuntu 22.04 production install and PostgreSQL upgrade with pgroonga, jammy) (push) Has been cancelled
4c3aa4c007 migrated the GET
/users/{user_id_or_email}/presence endpoint to return only the modern
format (active_timestamp and idle_timestamp). The assumption that the
endpoint had no significant consumers turned out to be wrong: the
Zulip web app itself was a consumer (in user_card_popover, where it
caused a "Failed to parse presence API response" error for any
currently active user), and there are likely third-party integrations
relying on the legacy format as well.
Restore the legacy website and aggregated dictionaries alongside the
new modern fields, so existing clients keep working. Clients should
migrate to the modern fields, which is now phrased as a recommendation
rather than a breaking change in the API and self-hosted upgrade
notes.
Additionally, add a top-level server_timestamp field to the response,
matching the behavior of other presence endpoints. This lets clients
compute presence-status age against the server's clock rather than
guessing with the local clock.
Refactor the view to query UserPresence once and format both the
modern and legacy presence dicts from the same row, rather than
issuing two queries that fetch the same data.
The user_groups read and write endpoints were unintentionally blocked
to bot users by the @require_member_or_admin decorator (renamed to
@require_human_non_guest_user in #37927). This prevented bot
integrations from using groups as an ACL mechanism, and from
managing groups they had created.
Switch the seven @require_human_non_guest_user-decorated endpoints in
zerver/views/user_groups.py and the inner decorator in
require_user_group_create_permission (which gates POST
/user_groups/create) to @require_non_guest_user. Guest users remain
blocked.
This also permits a leaked bot API key to create groups and manage
the ones the bot owns. Per discussion on chat.zulip.org, that does
not escalate to any security-sensitive operation; a follow-up may
revisit the default value of can_create_user_groups for new
organizations, which is orthogonal.
Discussed on chat.zulip.org:
https://chat.zulip.org/#narrow/channel/378-api-design/topic/GET.20.2Fuser_groups.2F.3Cid.3E.2Fmembers.2F.3Cuser_id.3E.20not.20accessible.20to.20bo
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Add video/quicktime as a supported MIME type for inline video previews,
enabling .mov (QuickTime) files to render with the existing
message_inline_video HTML.
QuickTime is a container format, and whether a given .mov file actually
plays depends on which codec combinations the browser supports inside
it. Chrome, Safari, and Edge accept most common combinations; Firefox
plays .mov files whose codecs match those it already supports for MP4
(primarily H.264 / AAC) and rejects the rest. For the files a browser
can't decode, attach an error handler that hides the preview element
while leaving the download link in the surrounding <a> tag available
as a fallback.
Fixes#29728.
Co-Authored-By: Henrik Holst <6200749+hholst80@users.noreply.github.com>
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Non-bot accounts have no reason to use these endpoints, or the
BotStorageData model, so we now enforce that restriction explicitly
with new require_bot_user decorator on the view functions.
Co-authored-by: Lauryn Menard <lauryn@zulip.com>
Regenerating a user's API key didn't delete the Device records
for the user which resulted in server keep sending E2EE push
notifications to those devices whose session had just been revoked.
This commit fixes the bug.
Signed-off-by: Prakhar Pratyush <prakhar@zulip.com>
The "standard" for .wav files is technically `audio/vnd.wave`,
although it is not in common use. Neither `audio/wav` nor
`audio/x-wav` are technically in the IANA mime-type registry, but both
are in much more common use for `.wav` files.
Add `audio/x-wav` and `audio/vnd.wave` as allowed mime-types for
the inline audio player.
When a user is deleted via `manage.py delete_user`, the replacement
dummy user profile now has `is_deleted=True`. This field is exposed
in the API user objects (only present when `true`) so that clients
can distinguish permanently deleted users from deactivated ones.
Updates the empty narrow banner for all of the "channels" narrows
to not suggest "starting a conversation" since new conversations
cannot be started in archived channels and, if public or web-public
channels don't exist, then the user cannot start a conversation in
one.
Fixes#32506.
Co-authored-by: Kumar Aniket <sachinaniket2004@gmail.com>
Co-authored-by: whilstsomebody <whilstsomebody@gmail.com>
Co-authored-by: Lauryn Menard <lauryn@zulip.com>
The GET /users/{user_id_or_email}/presence endpoint now always returns
presence data in the modern format, with active_timestamp and
idle_timestamp fields.
Previously, the legacy format was returned by default (with website
and aggregated keys), and a slim_presence parameter was needed to
opt in to the modern format. Since the legacy format is slated for
full removal, there is no reason to support it from this endpoint.
Fixes#36710.
And convert its type from `Callable` to `str`.
It's type was previously set to a string in the frontend, and validator
functions in the backend, which were never called.
The `user` object was temporarily restored to reaction
events in zulip#33009 to maintain compatibility with mobile
clients.
As the Zulip mobile app has fully migrated to using the
`user_id` field, this commit permanently removes the `user`
object from reaction events.
Change API documentation sidebar section headers from h4 to h2,
and the "API documentation home" link from h1 to h2, creating a
proper heading hierarchy under the page title.
Drop the "Zulip homepage" link and the "REST API" section heading
from the API documentation sidebar. The page title and navigation
are handled by the header, making these redundant.
As zuliprc files are in a standard format that you can access from
any programming language, not just Python, it makes more sense to
have them documented with the information about API keys.
Fixes#10670.
When a client successfully registers for E2EE push notifications,
automatically remove any matching legacy PushDeviceToken and
RemotePushDeviceToken registration with the same token for the user.
Signed-off-by: Prakhar Pratyush <prakhar@zulip.com>
Replace the undocumented integer-only idle_queue_timeout parameter
on `POST /register` with a documented parameter that accepts
either a positive integer (seconds) or the string "mobile" to use
the server's recommended timeout for mobile clients (currently
12 hours).
The parameter resolution (None → default 10 min, "mobile" → 12h,
capped at 7 days) happens in ClientDescriptor.__init__, and the
resolved value is sent back through the Tornado response as
idle_queue_timeout_secs, which is included in the `POST /register`
response so clients know the effective timeout.
Signed-off-by: Prakhar Pratyush <prakhar@zulip.com>
Documents the /realm/domains and /realm/domains/{domain} endpoints
and methods. Links to the help center article on restricting
account creation in the descriptions for these endpoints.
Makes slight revisions to the related realm setting in the /register
response and related events in /get-events.
Updates the API changelog to link to the new endpoint docs.
Co-authored-by: Lauryn Menard <lauryn@zulip.com>
Removes mentions of the billing administrator setting from the
help center and API docs.
Updates the self-hosted billing and mobile notifications articles
to better reference the new user-group setting for who can manage
plans and billing.
Servers running a Zulip version older than 10.0+ still need to use
the management command to set the `is_billing_admin` setting for a
non-admin user to see the billing management option in the gear
menu of their Zulip organization. For the main Zulip help center
documentation, we add a note that links to the production mobile
push notificaiton service as that has instructions for using that
management command.
Updates the API documentation article for API keys to note that
generating a new API key will logout the account from any mobile
clients.
Updates the API key modal in the web app with a similar note.
We already note this in the help center article on protecting your
account, which has a section about generating a new API key.
Previously, if the user toggles the preview mode in the compose box before
an image/GIF in the drafted message has been uploaded and thumbnailed,
then the loading indicator shown in the preview of the message will never update.
To address this issue, this commit adds a new cheap endpoint to return the
status of the thumbnail generation. This endpoint will be polled by the compose
box to update the loading indicator.
fixes part of #32961.
Creates SubscriptionProperty and SubscriptionPropertyValue schemas
that are used for both this endpoint and the bulk endpoint for
updating multiple personal channel settings at the same time.
Updates the descriptions of both endpoints to link to each other
and to link to relevant help center articles.
Co-authored-by: Lauryn Menard <lauryn@zulip.com>
Add a JSONField `alternative_url_templates` to `RealmFilter` that
stores a list of additional RFC 6570 URL templates. These are used
for reverse linkification only — allowing pasted URLs matching any
of these templates to be converted back to the linkifier pattern
text.
Validation in `clean()` ensures each alternative template is valid
RFC 6570 and that its variables exactly match the pattern's named
groups, just like the primary `url_template`.
This setting will be used to define a set of users
who would be considered as workplace users for billing
and non-workplace users would be billed at a discounted
rate.
Long text custom profile fields cannot be rendered directly on user
cards due to large content length.
Instead of displaying the value, show the custom profile field name
with a copy button, and clicking on the name would go to the
user profile where the full value can be viewed. This field is
rendered after all the other fields.
Fixes: #36517.
We now update date_joined field for the users to the time when they
log in for the first time. This does not change the behavior for user
creating their account through normal registration flow themselves
but for users whose accounts where created using API or when their
account was imported.
This commit removes "avatar_url", "bot_type", "email",
"full_name", "is_active" and "owner_id" fields from bot
objects passed in "realm_bots" as user objects in
"realm_users" already has those fields and clients can
get the data needed from it.
Also removes the code to send realm_bot/update events
when changing these fields.
This commit removes "api_key" field from bot objects sent to
clients and also update the code to not send any event when
a bot's api key is regenerated.
Clients now fetch API key of a bot using a recently added
endpoint.
Earlier, `POST /users/<int:user_id>/status` only accepted requests
from human users - which is not required.
Bots with admin role should also be allowed to change user status
of human users.
This commit makes changes to make it possible.
Signed-off-by: Prakhar Pratyush <prakhar@zulip.com>
