Earlier, we were constructing the APNs & FCM payloads for legacy &
E2EE push notifications even if the user didn't have such a registered
device to send notifications to.
This commit makes changes to construct:
* apns_payload only if the user has an apple device registered
* fcm_payload only if the user has an android device registered
* payload_to_encrypt only if the user has push device registered
which supports E2EE.
Also, now we perform one db query instead of two to calculate
`apple_devices` and `android_devices` for the legacy case.
Overall, this helps to avoid unnecessary compute.
Signed-off-by: Prakhar Pratyush <prakhar@zulip.com>
This commit updates the `transaction.atomic` context manager
used to take a lock on Message row in `handle_push_notification`
to use `durable=True` instead of `savepoint=False`. It helps to
avoid introducing an outer transaction by mistake - resulting in
locking row for a longer duration.
Signed-off-by: Prakhar Pratyush <prakhar@zulip.com>
Temporarily exclude Git from `test_integration_doc_endpoints`,
until the doc is updated.
The screenshot for this integration is added separately since this
adds a new screenshot for an integration whose doc is in the
python-zulip-api repo.
Since this breaks the sync between the docs and the screenshots, an
exclusion is added to make the tests pass.
Temporarily exclude jira-plugin from `test_integration_doc_endpoints`,
until the doc is updated.
The screenshot for this integration is added separately since this
adds a new screenshot for an integration whose doc is in the
python-zulip-api repo.
Since this breaks the sync between the docs and the screenshots, an
exclusion is added to make the tests pass.
For video and audio call integrations.
The new category is a subset of the "Communication" category, as all
"Video calling" integrations are also listed under "Communication".
This prevents a development-mode-only directory traversal attack,
where the Django development server could be made to respond to
requests for `/user_avatars/../../../../../../etc/passwd`.
The production server is not affected by this vulnerability, as
nginx's configuration sets `PATH_INFO` to `$document_uri`, which is
normalized[^1] -- that is, by the time uwsgi and Django see it, the path
has been percent-decoded once, and all `../` path components have been
applied[^2].
Close this by explicitly normalizing the paths before comparing; the
`LOCAL_UPLOADS_DIR` side is unlikely to require normalization as well,
but is also normalized for consistency. The failure here is left as
an assertion failure, and not a JsonableError, because it only affects
the development server.
[^1]: https://nginx.org/en/docs/http/ngx_http_core_module.html#var_uri
[^2]: https://nginx.org/en/docs/http/ngx_http_core_module.html#location
The hardcoded content (topic and message) for the screenshot configs are
loaded from `fixtureless_integrations.py`. Add a new
FIXTURELESS_SCREENSHOT_CONFIG_OPTIONAL_FIELDS dict to maintain the
optional fields of fixtureless screenshot configs, and load both into
FIXTURELESS_SCREENSHOT_CONFIG.
This commit does not set any screenshot configs, but only adds the
framework.
This does not include any screenshot configs, just defining the format,
and loading FIXTURELESS_SCREENSHOT_CONFIG from the file.
Co-authored-by: Lauryn Menard <lauryn@zulip.com>
The only callsite of do_export_realm calls `rmtree` on the output
path, which means this symlink is always dangling. Since realms can
also be exported by end-users, following it would always be a race
condition, anyways.
Remove it.
Emails to missed-message email addressees which are marked
"auto-replied" are clearly auto-replies, and will not contribute
usefully to the conversation. We also ignore "auto-generated" emails
to missed-message addresses, as they must actually be auto-replies
which are misclassifying themselves, as missed-message addresses are
not meant to be targets for any auto-generated emails.
We accept auto-generated and auto-replied emails to stream incoming
email addresses, as auto-generated emails to those are clearly useful,
and auto-replied emails are unexpected enough to allow (given that
Zulip does not produce outgoing emails From: stream email addresses).
There is no need for 'select_related("usergroup_ptr")' in queries
for NamedUserGroup table because Django always does a join against
base UserGroup table.
For get and filter queries of NamedUserGroup, realm_for_sharding
field is used instead of realm field, as directly using
realm_for_sharding field on NamedUserGroup makes the query faster
than using realm present on the base UserGroup table.
Anonymous groups were being created for stream permission
settings when calling the subscriptions endpoint without
any streams data or when calling it only for subscribing
users to streams and not for creating any new streams.
This commit makes sure that no such unused anonymous groups
are created.
This commit renames `stream_creator_or_nobody` value for
`default_group_name` field in `server_supported_permission_settings`
object to `channel_creator`.
In #35965 we added `push_device_registered_user_ids` to message &
update_message event.
Zulip servers with such events in their event queues when upgraded
to the new version set push_device_registered_user_ids to empty list,
which is incorrect - it leads to no push notification sent.
This commit adds compatibility code to handle such events. The newly
introduced `push_device_registered` check is used only for events
with `push_device_registered_user_id` present in them.
