Commit Graph

44950 Commits

Author SHA1 Message Date
Alex Vandiver
2b025608d0 provision: Remove unsupported Ubuntu versions, add Impish. 2021-11-08 18:21:46 -08:00
Alex Vandiver
30968e8b5a sentry: Increase shutdown_timeout from 2s to 10s.
This increases the possible maximum wait time to send exceptions
during shutdown.  The larger value makes it possible to send larger
exceptions, and weather larger network hiccups, during shutdown.  In
instances where a service is crash-looping, it is already not serving
requests reliably, and better ensuring those exceptions are captured
is of significant value.
2021-11-08 18:11:47 -08:00
Sahil Batra
c8b00941f2 stream_settings: Add user-id column in subscriber-list. 2021-11-08 18:10:25 -08:00
Sahil Batra
e3aed119ec stream_settings: Add heading row in subscriber list. 2021-11-08 18:10:25 -08:00
Sahil Batra
2105b5eda8 settings: Add user-id column to bot list. 2021-11-08 18:10:25 -08:00
Sahil Batra
36c1a1f1ee settings: Add user-id column in active and deactivated users list. 2021-11-08 18:10:25 -08:00
YashRE42
778b7c0bdb links: Replace all references to Django docs to link to /3.2/ version.
Previously, our codebase contained links to various versions of the
Django docs, eg https://docs.djangoproject.com/en/1.8/ref/
request-response/#django.http.HttpRequest and https://
docs.djangoproject.com/en/2.2/ref/settings/#std:setting-SERVER_EMAIL
opening a link to a doc with an outdated Django version would show a
warning "This document is for an insecure version of Django that is no
longer supported. Please upgrade to a newer release!".

Most of these links are inside comments.

Following the replacement of these links in our docs, this commit uses
a search with the regex "docs.djangoproject.com/en/([0-9].[0-9]*)/"
and replaces all matches with "docs.djangoproject.com/en/3.2/".

All the new links in this commit have been generated by the above
replace and each link has then been manually checked to ensure that
(1) the page still exists and has not been moved to a new location
(and it has been found that no page has been moved like this), (2)
that the anchor that we're linking to has not been changed (and it has
been found that no anchor has been changed like this).

One comment where we mentioned a Django version in text before linking
to a page for that version has also been changed, the comment
mentioned the specific version when a change happened, and the history
is no longer relevant to us.
2021-11-08 18:06:16 -08:00
YashRE42
40444cf415 docs: Update all links to Django docs to point to version /3.2/.
Previously, our docs had links to various versions of the Django docs,
eg https://docs.djangoproject.com/en/1.10/topics/migrations/ and
https://docs.djangoproject.com/en/2.0/ref/signals/#post-save, opening
a link to a doc with an outdated Django version would show a warning
"This document is for an insecure version of Django that is no longer
supported. Please upgrade to a newer release!".

This commit uses a search with the regex
"docs.djangoproject.com/en/([0-9].[0-9]*)/" and replaces all matches
inside the /docs/ folder with "docs.djangoproject.com/en/3.2/".

All the new links in this commit have been generated by the above
replace and each link has then been manually checked to ensure that
(1) the page still exists and has not been moved to a new location
(and it has been found that no page has been moved like this), (2)
that the anchor that we're linking to has not been changed (and it has
been found that this happened once, for https://docs.djangoproject.com
/en/1.8/ref/django-admin/#runserver-port-or-address-port, where
/#runserver-port-or-address-port was changed to /#runserver).
2021-11-08 18:06:16 -08:00
YashRE42
87dd2a15c2 docs: Re-add accidentally deleted link definitions in advanced setup.
In commit f6c78a35a4 we accidentally
deleted these link definitions, probably thinking that the end of the
markdown file would be the same as the end of the rendered doc. This
broke the links `[cloning your fork of the Zulip
repository][zulip-rtd-git-cloning]` and `[connecting the Zulip
upstream repository][zulip-rtd-git-connect]`.

This commit fixes things by adding back the definitions.
2021-11-08 18:06:16 -08:00
Ganesh Pawar
edf7c0fb5a edit_bot: Migrate modal to dialog_widget. 2021-11-08 17:34:42 -08:00
Ganesh Pawar
8cc781f0c8 change_stream_info_modal: Migrate modal to dialog_widget.
The CSS changes make the description input box a more likely size for
what currently makes sense for stream descriptions.
2021-11-08 17:27:27 -08:00
Ganesh Pawar
8c7d320422 message_edit_history: Migrate modal to dialog_widget. 2021-11-08 17:24:31 -08:00
Alya Abbott
30f2d50f1f portico: Add links to Lean case study from Kevin's quote. 2021-11-07 09:53:28 -08:00
Alya Abbott
e106caa68f portico: Add Lean case study. 2021-11-07 09:53:28 -08:00
Priyansh Garg
42f231c85c data_import: Ignore Rocket.Chat livechat streams/messages.
This resolves the issues reported in #20108, major chunk of which were
due to the incomplete support for importing the livechat streams/messages
in the tool. So, it's best not to import any livechat streams/messages for
now until a complete support for importing the same is developed.
2021-11-07 09:50:55 -08:00
Eeshan Garg
0cbf22fe9d terminology: Use the term "global time" to refer to time widget. 2021-11-07 09:48:20 -08:00
Aman Agrawal
ffba7c7352 open-source: Stop quote used as image for feature from overflowing.
In small screens, the quote used as a standin for image used
to overflow from screen as it didn't had responsive size set.
This image has additional bound of `max-width: 100%` which
stops them from overflowing which the quote did not.
2021-11-06 06:18:06 -07:00
Anders Kaseorg
8e8dda8813 frontend_tests: Skip broken event_status test.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-11-05 21:04:47 -07:00
Anders Kaseorg
a3b46736fd templates: Remove unused zerver/for/open-source.md.
This is unused as of commit 0e4aee48e9
(#19793).

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-11-05 18:01:38 -07:00
Anders Kaseorg
b54007d36c clean-repo: Remove.
Unless this was working around a specific bug that has somehow
persisted for eight years, this was just pointlessly defeating
Python’s bytecode cache every time you started the dev server.

This reverts commits deffda072f,
59228f7458, and
ae45217671.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-11-05 17:44:24 -07:00
Anders Kaseorg
a3445dac95 install-shfmt: Upgrade shfmt from 3.3.1 to 3.4.0.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-11-05 17:34:13 -07:00
Anders Kaseorg
8df6eccd42 dependencies: Upgrade JavaScript dependencies.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-11-05 17:34:13 -07:00
Anders Kaseorg
f2a443a736 install-node: Upgrade Node.js from 14.18.1 to 16.13.0.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-11-05 17:34:13 -07:00
Anders Kaseorg
2080278758 styles: Use legacy color notations for older browser compatibility.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-11-05 17:34:13 -07:00
Anders Kaseorg
22d68831d7 styles: Fix function-url-quotes.
Fixed manually.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-11-05 17:34:13 -07:00
Anders Kaseorg
17e72da336 styles: Fix declaration-block-no-redundant-longhand-properties.
Fixed manually.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-11-05 17:34:13 -07:00
Anders Kaseorg
52ad928d3e styles: Fix shorthand-property-no-redundant-values.
Generated by stylelint --fix.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-11-05 17:34:13 -07:00
Anders Kaseorg
c732a63b2f upload_widget: Convert $e.get(0) to $e[0].
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-11-05 17:34:13 -07:00
Eeshan Garg
075ad5470a corporate: Update fixtures for switching from Standard to Plus.
After the Stripe migration to the hosted checkout page, we were
missing one fixture for the test for switching from Standard to
Plus. This commit updates the fixtures for that particular test.
2021-11-05 17:23:10 -07:00
Vishnu KS
585d98d5a9 billing: Enforce the Stripe API version is in sync with billing system. 2021-11-05 17:23:10 -07:00
Vishnu KS
6c06858e02 billing: Migrate to Stripe hosted checkout page. 2021-11-05 17:23:10 -07:00
Vishnu KS
1a1b9b28ff corporate: Store the Stripe API version. 2021-11-05 17:23:10 -07:00
Alex Vandiver
90fc811b54 settings: Limit non-logged-in email-sending to 5/day, not per 30 min.
This more closely matches email_change_by_user and
password_reset_form_by_email limits; legitimate users are unlikely to
need to send more than 5 emails to themselves during a day.
2021-11-05 15:58:05 -07:00
Alex Vandiver
c9ebccdf70 ci: Update outdated comments to generated Dockerfiles.
These were missed in the doc updates in d78723b6e8, which were for
behavior changes in 16067bc4fc.
2021-11-05 15:45:46 -07:00
Andrew McAfee
4f63378e7f settings: Add UI option for custom notification batching period.
PR #19576 added a settings option for selecting a notification batching
period. We want to extend that UI option with the ability to select
a custom period.

Tweaked by tabbott to have the natural model that picking a value
present in the dropdown live-updates to remove the custom input,
rather than only having the custom input disappear on reload.

Fixes #19713.
2021-11-05 12:21:55 -07:00
Andrew McAfee
8c7e144e47 settings: Refactor notifications update_page to use switch.
Changes suggested by timabbott: https://github.com/zulip/zulip/pull/19944#discussion_r727565978

Facilitates additional changes for issue #19713.
2021-11-05 11:49:30 -07:00
Alex Vandiver
c8badbd858 reset_password: Show user-facing page on rate-limit. 2021-11-04 20:34:39 -07:00
Alex Vandiver
d3ecbf96a8 rate_limit: Rate-limit password reset attempts by IP, as well. 2021-11-04 20:34:39 -07:00
Alex Vandiver
e3ec2e398c rate_limit: Pass seconds to freedom to all RateLimited exceptions. 2021-11-04 20:34:39 -07:00
Tim Abbott
1cad29fc3a settings: Add rate limiting for email address changes.
Co-authored-by: Alex Vandiver <alexmv@zulip.com>
2021-11-04 20:34:39 -07:00
Alex Vandiver
f0532aecc8 tests: Stop adding an api_by_user rate limit always.
The decorator form is clearer by being more explicit; additionally,
the api_by_user rate-limit only currently used in one place, and makes
it difficult to test per-user rate-limits that are more specific.
2021-11-04 20:34:39 -07:00
Tim Abbott
01e2a495fc rate_limit: Fix missing IP rate limiting on confirmation.
Co-authored-by: Alex Vandiver <alexmv@zulip.com>
2021-11-04 20:34:39 -07:00
Alex Vandiver
48ba2e7cc6 tests: Hitting a rate-limit on find accounts should not send emails. 2021-11-04 20:34:39 -07:00
Alex Vandiver
0cfb156545 rate_limit: Merge two IP rate limits domains that send emails.
Both `create_realm_by_ip` and `find_account_by_ip` send emails to
arbitrary email addresses, and as such can be used to spam users.
Lump their IP rate limits into the same bucket; most legitimate users
will likely not be using both of these endpoints at similar times.

The rate is set at 5 in 30 minutes, the more quickly-restrictive of
the two previous rates.
2021-11-04 20:34:39 -07:00
Alex Vandiver
5f0897e6f7 tests: Add a test that IP rate-limiting is by IP.
The existing test did no verify that the rate limit only applied to
127.0.0.1, and that other IPs were unaffected.  For safety, add an
explicit test of this.
2021-11-04 20:34:39 -07:00
Alex Vandiver
9495dad850 tests: Simplify by always clearing IP limits in rate_limit_rule.
The only use case of rate_limit_rule which does not clear the
RateLimitedIPAddr history is test_hit_ratelimits_as_remote_server,
which is not made any worse by clearing out the IP history for a
non-existent `api_by_remote_server` domain.
2021-11-04 20:34:39 -07:00
Alex Vandiver
260ccc9620 tests: Factor out common non-api rate-limit assert function.
The same `assert_func` is used in multiple places, for non-API
requests.  Factor it out and make it a flag to do_test_hit_ratelimits.
2021-11-04 20:34:39 -07:00
Alex Vandiver
272e78de8b tests: Split out test_find_account_rate_limiting_multiple.
This lets rate_limit_rule be used consistently as a decorator, and
improves how parallel the code is here, with other tests.
2021-11-04 20:34:39 -07:00
Alex Vandiver
328a28d772 tests: Correct the assert in the post-rate-limit test. 2021-11-04 20:34:39 -07:00
Tim Abbott
1dfc62f9a0 emails: Remove username from email change confirmation.
Generally when we send confirmation emails to addresses the user has
not already proven that they control, we want to avoid including in
the email any user-controlled data.  Doing so makes it hard for
malicious actors to use the feature to send spam, since they won't
have a way to include the URL for their malicious website in our
emails.
2021-11-04 17:51:37 -07:00