This commit updates the API endpoint to get channel's email address
to check if user has permission to post to that channel and raise
an error if user does not have that permission.
Previously, once a bot was created, its email address was immutable.
This was problematic when organizations wanted to rename bots to
better reflect their purpose or fix naming mistakes. The only
workaround was to deactivate the old bot and create a new one,
losing the bot's message history and requiring updates to all
integrations.
This change allows organization administrators and owners to edit
a bot's short_name through the bot edit modal, which updates the
bot's email address accordingly. The new email is validated to
ensure it follows the correct format and isn't already in use.
Users are warned via hint text that integrations will need to be
updated to use the new email address.
Fixes#34604.
This commit introduces server support for a new `mentions` narrow
operator that allows users to filter messages mentioning a specific
user by their user ID or email. Documentation has been updated to
reflect the new operator syntax.
Use the integration name as the default channel name for all
integrations.
The channel name is only used for tests, so the exact string used for
the channel name does not matter, we only want to assert that the
desired and expected names match.
Added another type of anchor `date` along with the `anchor_date`
parameter to fetch messages anchored to a specific date/time.
If a date is provided, the datetime is set to midnight (00:00)
on that day in UTC. If no timezone is provided, UTC is assumed.
If no message has been sent on or after the `anchor_date`, we
fall back to using the `newest` anchor value.
The `create_time` and `date_sent` fields in `attachment` objects will now
return UNIX timestamps in seconds. Previously, these values were returned in
milliseconds.
Co-authored-by: orientor <orientorrenovare@gmail.com>
In preparation for moving the majority of the outgoing webhook
documentation to the help center, we move the payload content,
which is partially generated from zerver/openapi/zulip.yaml, to
a separate article in the API documentation.
Adds an instruction block for creating an outgoing webhook bot
user. Makes some general revisions to the order of the content
on the page, and adds some header links to help with navigating
the content.
Fixes#36601.
It is important to note that the database column
is still called `giphy_rating` but is used as
a common rating value for the GIPHY and Tenor
integrations.
I also renamed `giphy_rating_options` to
`gif_rating_options` so that it makes more sense
and reiterates on the fact that both the integrations
have a common rating value.
Increments API feature level to 442.
This adds the new Tenor GIF picker in Zulip.
In case both the API keys and other credentials
for Tenor and GIPHY integrations are set, we
show the Tenor picker instead of the GIPHY picker
instead of showing two GIF picker buttons.
We currently use a hardcoded content filter
for Tenor.
The eventual goal with this is to use the existing
ids for the ratings of both integrations in
`realm_giphy_rating` as a common rating for GIFs.
Discussion: https://chat.zulip.org/#narrow/channel/101-design/topic/GIF.20picker.20service/near/2306084
Signed-off-by: apoorvapendse <apoorvavpendse@gmail.com>
This commit extends `/api/mobile-notifications` to document
sample data:
* sent by a self-hosted server to the bouncer
* sent by the bouncer to FCM
* sent by the bouncer to APNs
as a part of sending E2EE push notifications.
Signed-off-by: Prakhar Pratyush <prakhar@zulip.com>
This commit removes the `notification_settings_legacy` and
`display_settings_legacy` fields, which were deprecated and
are no longer used by modern clients. Cleaning them up simplifies
the codebase and reduces complexity for future changes.
Zulip production suite / ${{ matrix.name }} (zulip/ci:bookworm, --test-custom-db, Debian 12 production install with custom db name and user, bookworm) (push) Has been cancelled
Zulip production suite / ${{ matrix.name }} (zulip/ci:jammy, , Ubuntu 22.04 production install and PostgreSQL upgrade with pgroonga, jammy) (push) Has been cancelled
When an image is deleted before thumbnailing completes, the edit history shows
a loading spinner forever because the old rendered HTML contains a loading
placeholder that never gets updated. Replace these loading spinners with
the deleted file placeholder image and set the alt text to
"This file does not exist or has been deleted."
to make it usable for any deleted file, not just images.
Fixes#36487.
Previously, in the `GET /users` API suite, `user_list_incomplete=False` was
being incorrectly used when fetching users which resulted in the server
returning fake users for guest users that lack permission to see all users
in the organization. This commit fixes this bug.
Fixes#36559.
Zulip production suite / ${{ matrix.name }} (zulip/ci:bookworm, --test-custom-db, Debian 12 production install with custom db name and user, bookworm) (push) Has been cancelled
Zulip production suite / ${{ matrix.name }} (zulip/ci:jammy, , Ubuntu 22.04 production install and PostgreSQL upgrade with pgroonga, jammy) (push) Has been cancelled
Previously, we maintained separate registeries for the screenshot
configurations - `WEBHOOK_SCREENSHOT_CONFIG`,
`FIXTURELESS_SCREENSHOT_CONFIG`, `DOC_SCREENSHOT_CONFIG`. Now, all
integration-related configuration is in a single registry
`INTEGRATIONS`.
Updated all mentions of DOC_SCREENSHOT_CONFIG in the docs.
For users imported from other chat applications, is_imported_stub flag
is set to True until the user logs in for the first time.
This is preparation for #26950 to add a separated imported users tab
in "Users" settings panel.
We redirect existing URLs to the new URLs. We want to use
`/integrations/category/{category_slug}` for categories and
`/integrations/{integration_name}` instead of
`/integrations/doc/{integration_name}` for individual integrations page.
Earlier we were using asymmetric cryptography.
We were using libsodium "sealed box" which is unauthenticated
by design. The sender could have been anyone, as long as they
had the receiver's public key.
We had authenticity but only because the device's public key
is effectively kept secret. We were relying on the public key
being kept secret - which was a security risk. It's easy to
end up with code somewhere that treats the public key as public,
and can leak it.
This commit makes changes to use symmetric cryptography -
libsodium's `crypto_secretbox_easy` which provides authenticated
encryption using XSalsa20 and Poly1305.
`push_public_key` is replaced with `push_key` and it represents
a base64 encoded 33-byte value: one-byte prefix followed by 32-byte
secret key generated by the client.
The prefix `0x31` indicates the current cryptosystem in use.
It allows for future extensibility - for example, `0x32` could denote
a different cryptosystem.
Involves API changes to replace the `push_public_key` parameter
with `push_key` in `/api/v1/mobile_push/register` endpoint.
Signed-off-by: Prakhar Pratyush <prakhar@zulip.com>
Revises the descriptions for web_left_sidebar_show_channel_folders
and web_inbox_show_channel_folders, as well as the API changelog
entries for when those two settings were introduced (feature levels
411 and 431).
This updates the `/export/realm/consents` API endpoint to also include
`email_address_visibility` field for each item in the `export_consents`
object.
This is a prep commit to add a warnings in the "Start export?"
confirmation modal for when there are no usable owner account.
The encrypted push notification payload previously included a `pm_users`
field for group direct messages.
This commit replaces the `pm_users` field with `recipient_user_ids`.
(new name to migrate from the old "private" keyword)
It's a sorted array of all user IDs participating in a 1:1 or group DM
conversation, including both `user_id` and `sender_id`.
* Previously, `pm_users` was included only for group DMs;
`recipient_user_ids` is present for both 1:1 and group DM conversations.
* The old `pm_users` field was a string containing a comma-separated
list of sorted user IDs. `recipient_user_ids` has a more structured
array format.
Signed-off-by: Prakhar Pratyush <prakhar@zulip.com>
Users are removed from archived streams as well on deactivation. Since
archived stream subscriber list is also visible in channel settings, we
should send peer_remove for it as well.
