If we get reactions for deactivated users, or otherwise missing
users, we only issue a blueslip warning now. The function
get_message_reactions() was indirectly causing blueslip errors
before this fix, but we can downgrade to warnings now that this
function has better unit tests around it.
We eventually want to track deactivated users on the client.
Fixes#4289
- Add message retention period field to organization settings form.
- Add css for retention period field.
- Add convertor to not negative int or to None.
- Add retention period setting processing to back-end.
- Fix tests.
Modified by tabbott to hide the setting, since it doesn't work yet.
The goal of merging this setting code now is to avoid unnecessary
merge conflicts in the future.
Part of #106.
This modifies the lightbox to only display images inside the
".message_inline_image" class, rather than all images inside the
message body, which currently includes things like the bot icon.
When we get a server error for adding/removing a reaction, we
no longer make a blueslip error, since it is somewhat common for
users to retry actions before the server sends an event. The
code comment that is part of this commit explains this further.
Fixes#4290.
Apparently, Django's CSRF protection mechanism changed at some point,
and now we get a different CSRF token every time the webapp is loaded.
This, in turn, caused our reload logic to avoid losing state to be
completely ineffective, since the CSRF check in reload.initialize
always failed.
We fix this in a secure fashion by passing the reload instructions
from the browser to its reloaded self via localstorage, keyed by a
randomly generated token. The token randomization is primarily
relevant for handling several Zulip tabs in the same browser, but also
servers to make it very difficult for an attacker to ever trigger this
code path by redirecting a browser to `/#reload` URLs.
Fixes#3411.
Fixes#3687.
This was actually being done in 2 ways: via not saving the narrow in
the reload and second through calling `change_tab_to('#home')`. The
code is so ancient that it seems unlikely that this behavior was still
intentional.
Fixes part of #3687 (the remainder is fixed in a few commits).
We now track our inbound timing events using code in
typing_data.js.
This code may be a little more robust with variations on how
recipients are represented in events, although there are no known
bugs here.
This change moves most of the logic related to starting and
stopping outbound typing indicators to a new module called
typing_status.js that is heavily unit tested.
While this was in some sense a rewrite, the logic was mostly
inspired by the existing code.
This change does fix one known bug, which is that when we
were changing recipients before (while typing was active), we
were not stopping and starting typing indicators. This was
a fairly minor bug, since usually users leave the compose
box to change recipients, and we would do stop/start under
that scenario. Now we also handle the case where the user
does not leave the compose box to change recipients.
Previously, we would let the backend pick a color and send it to the
frontend; then the frontend would ignore that color and pick a
different color and send it to the backend, which would in turn resync
to us.
Fixes#3572.
Fixes#3858.
