Commit Graph

19431 Commits

Author SHA1 Message Date
PieterCK
4db7ea2296 migration_status: Add parse_migration_status.
This commit adds `parse_migration_status`, which takes in the string
output of `showmigrations` and parse it into key-value pair of installed
apps and a list of its migration status.

This is a prep commit to rework the check migrations function of
import/export which will parse the output of `showmigrations` to write
the `migration_status.json` file.
2025-01-24 17:08:37 -08:00
PieterCK
68b3ce482a check-database-compatibility: Refactor a STALE_MIGRATIONS.
This consolidates the list of stale migration to
`lib/migration_status.py` as `STALE_MIGRATIONS`.

This is a prep work to make the migration status tool at
`migration_status.py` be able to clean its output of these migrations
too.
2025-01-24 17:08:37 -08:00
PieterCK
0b2f5c638d export_test: Prevent migration status fixtures from going stale.
Currently if for what ever reason one decided to change how
`migration_status.json` is written, the check migrations tests in
`test_import_export.py` will happily just use the old and potentially
stale migration status test fixtures in
`fixtures/applied_migrations_fixtures` against other stale fixtures and
run the check migrations tests in a bubble.

This adds an assertion in `verify_migration_status_json` that makes sure
all the migration status fixtures we use in the tests resembles the
actual `migration_status.json` file our export tool will write.
2025-01-24 17:08:37 -08:00
PieterCK
7a2b91ae97 migration_status: Update ANSI code clean up regex.
in `get_migrations_status`, we clean up the printed output of any ANSI
codes used to format the output. Currently the regex only cleans up bold
ANSI escape code (\x1b[1m) and style reset code (\x1b[0m). So it won't
be able to clean up basic ANSI escape codes such as "\x1b\31;1m" which
is used to format `showmigrations` output for apps with no migrations.
   e.g, "\x1b\31;1m (no migrations)"

This commit updates the regex to catch a wider range of basic ANSI
codes.
2025-01-24 17:08:37 -08:00
PieterCK
5f2286353f migration_status: Move connection.close_all() to test_fixtures.py.
The `get_migration_status` command calls `connections.close_all()` when
its done and it was previously only called when we need to rebuild the
dev or test database and when running the `get_migration_status`
command.

This commit moves the `connections.close_all()` call out of the function
and into `test_fixtures.py` directly, making sure it will only be called
when we are rebuilding the dev/test database. This is a prep work to
refactor the check migration function of import/export later on which
plans to use `get_migration_status`.
2025-01-24 17:08:37 -08:00
PieterCK
dfae02a273 migration_status: Move get_migration_status to a new file.
This moves `get_migration_status` to its own file in
zerver/lib/migration_status.py. This is a prep work to refactor the
check migration function of import/export later on.

Some of the imports are moved into `get_migration_status` because we're
planning to share this file with `check-database-compatibility` which is
also called when one does `production-upgrade`, so we'd want to avoid
doing file-wide import on certain types of modules because it will fail
under that scenario.

In `test_fixtures.py`, `get_migration_status` is imported within
`Database.what_to_do_with_migrations` so that it is called after
`cov.start()` in `test-backend`. This is to avoid wierd interaction with
coverage, see more details in #33063.

Fixes #33063.
2025-01-24 17:08:37 -08:00
Mateusz Mandera
f81e514d07 slack: Fetch workspace users from /users.list in the correct manner.
1. Fetching from the `/users.list` endpoint is supposed to use
   pagination. Slack will return at most 1000 results in a single
   request. This means that our Slack import system hasn't worked
   properly for workspaces with more than 1000 users. Users after the
   first 1000 would be considered by our tool as mirror dummies and thus
   created with is_active=False,is_mirror_dummy=True.
   Ref https://api.slack.com/methods/users.list

2. Workspaces with a lot of users, and therefore requiring the use of
   paginated requests to fetch them all, might also get us to run into
   Slack's rate limits, since we'll be doing repeating requests to the
   endpoint.
   Therefore, the API fetch needs to also handle rate limiting errors
   correctly.
   Per, https://api.slack.com/apis/rate-limits#headers, we can just read
   the retry-after header from the rsponse and wait the indicated number
   of seconds before repeating the requests. This is an easy approach to
   implement, so that's what we go with here.
2025-01-24 16:41:53 -08:00
Aman Agrawal
9f71f4578b portico: Replace "Find accounts" link with "Log in".
Fixes #32199

We only need a log in button since that will take users to
"/accounts/go" if we are on a non-realm specific URL.

"/accounts/go" already has link to go to "Find accounts" page.
2025-01-24 14:55:47 -08:00
Steve Howell
63cab557b5 event types: Introduce BaseEvent class.
Some checks failed
Code scanning / CodeQL (push) Has been cancelled
Zulip production suite / Ubuntu 22.04 production build (push) Has been cancelled
Zulip CI / ${{ matrix.name }} (zulip/ci:bookworm, true, false, Debian 12 (Python 3.11, backend + documentation), bookworm) (push) Has been cancelled
Zulip CI / ${{ matrix.name }} (zulip/ci:jammy, false, true, Ubuntu 22.04 (Python 3.10, backend + frontend), jammy) (push) Has been cancelled
Zulip CI / ${{ matrix.name }} (zulip/ci:noble, false, false, Ubuntu 24.04 (Python 3.12, backend), noble) (push) Has been cancelled
Zulip production suite / ${{ matrix.name }} (zulip/ci:bookworm, --test-custom-db, Debian 12 production install with custom db name and user, bookworm) (push) Has been cancelled
Zulip production suite / ${{ matrix.name }} (zulip/ci:jammy, , Ubuntu 22.04 production install and PostgreSQL upgrade with pgroonga, jammy) (push) Has been cancelled
Zulip production suite / ${{ matrix.name }} (zulip/ci:noble, , Ubuntu 24.04 production install, noble) (push) Has been cancelled
Zulip production suite / ${{ matrix.name }} (zulip/ci:bookworm-7.0, 7.0 Version Upgrade, bookworm) (push) Has been cancelled
Zulip production suite / ${{ matrix.name }} (zulip/ci:bookworm-8.0, 8.0 Version Upgrade, bookworm) (push) Has been cancelled
Zulip production suite / ${{ matrix.name }} (zulip/ci:jammy-6.0, 6.0 Version Upgrade, jammy) (push) Has been cancelled
Zulip production suite / ${{ matrix.name }} (zulip/ci:noble-9.0, 9.0 Version Upgrade, noble) (push) Has been cancelled
2025-01-23 16:33:10 -08:00
Aman Agrawal
b8e8c06bef message_summary: Add minor comment. 2025-01-23 16:29:42 -08:00
Steve Howell
a9b7b0e692 test helper: Use subscribe_via_post.
The shorter name more clearly describes what
it does and that it's the more expensive sibling
of simple subscribe.
2025-01-23 16:10:37 -08:00
Steve Howell
0f8f5fafe1 test_example.py: Add new example with mock.patch.
The original mocking example now uses time_machine, so I slimmed
down a lot of its comments, and then I created another
mocking example so that we still touch on mocking in
terms of mock.patch.

The new method reinforces the pattern of testing both the
sad path and happy path inside the same test.
2025-01-23 16:10:37 -08:00
Steve Howell
d6bd3f7abc test_example.py: Clean up minor things.
I flipped an assert to have actual/expected in standard
Zulip order, renamed some variables, and tightened up
a few comments.
2025-01-23 16:10:37 -08:00
Prakhar Pratyush
181572021d get_stream_topics: Add support for empty topic name.
This commit is a part of the work to support empty
string as a topic name.

Previously, empty string was not a valid topic name.

Adds `allow_empty_topic_name` boolean parameter to
`GET /users/me/{stream_id}/topics` endpoint to decide
whether the topic names in the fetched `topics` array
can be empty strings.

If False, the topic names in the fetched response will
have the value of `realm_empty_topic_display_name` field
in `POST /register` response replacing "".

Fixes part of #23291.
2025-01-22 15:54:11 -08:00
Shubham Padia
a76042ce39 invite: Any combination of default streams should be subscribe-able.
Fixes #32706.

A user with permission to invite users should be able to subscribe users
to any of the default streams whether they have the permission to do so
or not for each of those default streams or not. This should only happen
in the invite code path, and not the subscribe code path.

This commit also adds the ability to pick and chose default streams if
you do not have the permission to subscribe to any other channels.

Before this, if you did not have the permission to subscribe any other
channels, only the checkbox to subscribe to all the default streams at
once was available to you.

For the stream pill typeahead, we don't show streams that the user
cannot subscribe other users to. For more details, see

   https://chat.zulip.org/#narrow/channel/101-design/topic/can.20subscribe.20other.20users.20permission.20invite
2025-01-22 14:27:06 -08:00
Shubham Padia
41c74314c0 streams: Use can_add_subscribers_group for permission check.
The function to check relevant permissions does so for multiple streams
at once to save us database query counts. Doing it one by one for every
stream would become very expensive.
We've also added `insufficient_permission_streams` to the filter
functions return type for streams for which the current user does not
have permission to subscribe other users.
2025-01-22 14:27:06 -08:00
Shubham Padia
7df417f8b1 invite: Extract common logic into it's own function.
The logic to get streams and user groups was common between a normal
invite and a multiuse invite.
2025-01-22 14:27:06 -08:00
Shubham Padia
97996b9929 streams: Add can_add_subscribers_group as a setting.
We're not using this setting to check the permissions yet.
2025-01-22 14:27:06 -08:00
Tim Abbott
b1a5755864 openapi: Fix broken links to group-setting-values. 2025-01-22 14:27:06 -08:00
Shubham Padia
24341076a3 realm: Delete invite_to_stream_policy. 2025-01-22 12:33:58 -08:00
Shubham Padia
275a1a4c69 realm: Use can_add_subscribers_group instead of invite_to_stream_policy.
We remove `invite_to_stream_policy` from the backend wherever applicable
except deleting the field. We have just ported the existing behaviour of
`invite_to_stream_policy` to `can_add_subscribers_group` except one
change. We have added an explicit exception for admins to have this
permission whether they are part of this group or not. The reason for
this is we are adding `stream.can_add_susbcribers_group` in the future
which will grant all admins permission to subscribe other users to a
channel given they have access to a channel. So it makes sense that we
add this exception to the realm level property also.
See https://chat.zulip.org/#narrow/channel/101-design/topic/Can.20subscribe.20other.20users.20on.20user.20profile/near/2039825
2025-01-22 12:33:58 -08:00
Shubham Padia
9402b248a1 state_data: Remove can_subscribe_other_users attribute.
While `can_subscribe_other_users` property will make sense for the
current permissions structure where the ability to add subscribers to
channels is dictated with a realm level setting. In the future, we are
adding a channel level `can_add_subscribers_group`, and having a
property called `can_subscribe_other_users` in state_data will be
confusing since the permission to add subscribers will vary channel to
channel.
We have not removed user.can_subscribe_other_users, that will be better
removed when we add the channel level setting.
See more discussion at
https://chat.zulip.org/#narrow/channel/378-api-design/topic/invite_to_stream_policy.20deprecation/near/2039787
2025-01-22 12:33:58 -08:00
Shubham Padia
3cdc9d8459 realm: Add can_add_subscribers_group as a setting.
This commit just adds the setting, the work to use this setting and
replace `invite_to_stream_policy` will be done in future commits.
2025-01-22 12:33:56 -08:00
Aman Agrawal
b047c4d322 message_summary: Add API endpoint to generate narrow summary.
This prototype API is disabled in production through settings not
configuring a default model.
2025-01-22 12:12:08 -08:00
Steve Howell
c66d790fac server tests: Avoid assertCountEqual in easy places. 2025-01-22 10:55:25 -08:00
Steve Howell
6fcbd2f2d2 test helpers: Simplify check_user_subscribed_only_to_streams.
b4fedaa765 introduced
this helper, and I assume that the weird loop over
zip made sense at the time.

The assertEqual approach on the whole
set gives nice messages in modern Python.
2025-01-22 10:55:25 -08:00
Steve Howell
deb53070ae default streams: Return set instead of a list.
We also change the test helper.

The tests hopefully read more clearly in places
here, and we also communicate to the dev that
order is arbitrary.
2025-01-22 10:55:25 -08:00
ritwik-69
dd56e04dc6 presence: Record stats for invisible users. 2025-01-22 09:19:15 -08:00
Steve Howell
fe39f94e52 timezone server tests: Verify Montreal -> Toronto.
This new test verifies that the server will
canonicalize the America/Montreal timezone to
America/Toronto. In general, we canonicalize via
the standard Python libraries for cities that
are aliases.
2025-01-22 09:16:50 -08:00
Sahil Batra
92376fc133 message_edit: Rename get_message_edit_request_object.
"build_message_edit_request" is a better name for the function.
2025-01-22 09:11:47 -08:00
Steve Howell
650130837a markdown tests: Reveal O(N) behavior to get groups.
This is essentially a failing test that we can improve
by addressing #32934. It is also a useful test to measure
the actual impact of any improvements (with some more
instrumentation).
2025-01-22 09:11:32 -08:00
Steve Howell
14ca1bf2ae markdown tests: Check actual value of set.
The use of assertCountEqual preceded
my changes to use a set instead of a list.

Now assertEqual is more clear and concise.

I should have noticed this in 36a6f0c547
but I caught it now.
2025-01-22 09:11:32 -08:00
Sahil Batra
5f8959397b message_edit: Set stream_topic only if content is edited.
stream_topic variable is needed only when updating content
so we set the field inside is_content_edited block.

Also added a comment clarifying about why we use orig_stream
for stream ID.
2025-01-21 15:33:45 -08:00
Sahil Batra
37f2c5bc78 message_edit: Refactor message edit code.
We add two dataclasses which stored the info for what
needs to be changed the original values to make the
code easy to read.
2025-01-21 15:33:45 -08:00
Sahil Batra
187cd18e12 message_edit: Refactor message edit code for updating content. 2025-01-21 15:33:45 -08:00
Sahil Batra
a2c6997879 message_edit: Always pass realm ID to update_message_cache.
We already have realm_id from message object passed to
do_update_message so there is no need to pass "None" to
update_message_cache for direct messages.

Previously, if "None" was passed to update_message_cache,
realm_id was eventually computed from stream if it was
a stream message and from Message object for direct messages.
But we always passed a value which is not "None" for stream
messages, and we can be sure that the message.realm will
always be the realm in which stream is present to which the
message was sent.
2025-01-21 15:33:45 -08:00
Niloth P
dbced00e47 hubot-integrations: Utilize a constant DOC_PATH for readability. 2025-01-21 15:07:55 -08:00
Niloth P
727fa9f32f hubot-integrations: Add secondary line text for all Hubot scripts. 2025-01-21 15:07:55 -08:00
Niloth P
e7f4d16863 hubot-integrations: Remove the unused logo_alt property.
This was used before `alt="{{ integration.display_name }} logo"` was set
in the common template `integrations/index.html` for all integration
logos. It is no longer necessary.
2025-01-21 15:07:55 -08:00
Niloth P
4b0172b282 hubot-integrations: Update link prefix to GitHub repositories.
The `hubot-scripts` account has been taken over.
While calls to the current set of URLs work as they are redirected to
the new links, this commit updates the link to refer to the right
GitHub account.
2025-01-21 15:07:55 -08:00
Steve Howell
36a6f0c547 group mentions: Use set instead of list for members.
The members aren't ordered, and a lot of the downstream
code merges the members into sets.
2025-01-21 10:23:02 -08:00
Steve Howell
0cbbe0c3bd group mentions: Optimize query with values_list.
The query in question runs in a loop when you have
multiple group mentions in a message. We can at
least make it slim.

This is my way to address #32934. It doesn't undo
the O(N) behavior, but N here is usually 1 or 2.
2025-01-21 10:23:02 -08:00
Sahil Batra
264e49e7e8 groups: Allow changing description and settings for deactivated groups.
Some checks failed
Code scanning / CodeQL (push) Has been cancelled
Zulip production suite / Ubuntu 22.04 production build (push) Has been cancelled
Zulip CI / ${{ matrix.name }} (zulip/ci:bookworm, true, false, Debian 12 (Python 3.11, backend + documentation), bookworm) (push) Has been cancelled
Zulip CI / ${{ matrix.name }} (zulip/ci:jammy, false, true, Ubuntu 22.04 (Python 3.10, backend + frontend), jammy) (push) Has been cancelled
Zulip CI / ${{ matrix.name }} (zulip/ci:noble, false, false, Ubuntu 24.04 (Python 3.12, backend), noble) (push) Has been cancelled
Zulip production suite / ${{ matrix.name }} (zulip/ci:bookworm, --test-custom-db, Debian 12 production install with custom db name and user, bookworm) (push) Has been cancelled
Zulip production suite / ${{ matrix.name }} (zulip/ci:jammy, , Ubuntu 22.04 production install and PostgreSQL upgrade with pgroonga, jammy) (push) Has been cancelled
Zulip production suite / ${{ matrix.name }} (zulip/ci:noble, , Ubuntu 24.04 production install, noble) (push) Has been cancelled
Zulip production suite / ${{ matrix.name }} (zulip/ci:bookworm-7.0, 7.0 Version Upgrade, bookworm) (push) Has been cancelled
Zulip production suite / ${{ matrix.name }} (zulip/ci:bookworm-8.0, 8.0 Version Upgrade, bookworm) (push) Has been cancelled
Zulip production suite / ${{ matrix.name }} (zulip/ci:jammy-6.0, 6.0 Version Upgrade, jammy) (push) Has been cancelled
Zulip production suite / ${{ matrix.name }} (zulip/ci:noble-9.0, 9.0 Version Upgrade, noble) (push) Has been cancelled
We now allow changing description and all the permission settings
for deactivated groups as well, as there is no need to restrict
it and makes handling UI for deactivated groups easier.
2025-01-16 14:38:45 -08:00
Sahil Batra
abbd546531 openapi: Fix description for update-user-group endpoint.
Description for "PATCH /user_groups/{user_group_id}" endpoint
only mentioned updating name and description, but permission
settings are also updated using the same endpoint.
2025-01-16 14:25:43 -08:00
Mateusz Mandera
d1cbb0dd59 CVE-2024-56136: Don't leak information via "invalid subdomain" error.
The bug we're fixing here leaks information by returning an "invalid
subdomain" error when an attempt is made to log in to user@example.com
on a subdomain X when user@example.com does not exist on X, but does
on another subdomain Y.

This allows an attacker to determine that a certain email address has an
account on the server.

Instead, this should just return a regular authentication error.
2025-01-16 12:30:08 -05:00
Alex Vandiver
8bd8a33dd2 thumbnail: Show the first few frames of large animated images.
71406ac767 switched the IMAGE_BOMB_TOTAL_PIXELS cutoff for what
images we preview to include the number of frames in the calculation.
While accurate to the implementation (thumbnailing a 1k-frame animation is
prohibitive, even a small resolutions), this was a behaviour change
from without thumbnailing -- animated gifs did not display inline at
all anymore.

Switch to thumbnailing as many frames as we can fit into a pixel-based
animated thumbnailing threshold, with a minimum of three (to be able
to convey that the image is actually animated).  Smaller-resolution
images will hence get more frames in their preview.  This also allows
the standard animate-on-hover or always-animate behaviour to be true
to their configurations, without confusing edge cases.

Fixes: #32609.
2025-01-15 09:56:19 -08:00
Prakhar Pratyush
fb91cd6f4d message_edit: Disallow resolving empty string topic.
This commit makes changes to the edit message endpoint
to disallow resolving empty string topic.

It also removes the resolve topic button in the web client
from topic popover and message header for empty string topic.
2025-01-14 14:22:21 -08:00
Anders Kaseorg
f223251ffe requirements: Upgrade Python requirements.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2025-01-14 09:42:16 -08:00
Anders Kaseorg
653b0b0436 ruff: Partially reformat Python with Ruff 0.9 (2025 style).
These are the changes that are backwards compatible with the 2024
style.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2025-01-14 09:42:16 -08:00
Mateusz Mandera
99ea0255da validate_hostname_or_raise_error: Improve hostname validation.
Obviously, URLs with a path or query are not valid hostnames.
2025-01-13 18:34:20 -08:00