This commit adds a realm setting:
"Require end-to-end encryption for push notification content".
This commit just involves backend & UI changes to add the setting,
the impact of this setting is in the next commit.
Fixes part of #35370.
This is only `text/plain`, currently. In such cases where the
client-provided content-type also does not specify a `charset`, we use
`chardet` to make a guess, and store that guess to provide later when
serving the content. The detection is done in a streaming fashion,
and thus should not require re-downloading the full content.
This commit adds an error code to make it easier for clients
to identify when push device registration is rejected due to
server not being configured to use push notification service.
Fixes part of 35368.
This commit updates code to send messages to "general chat" topic
if streams used for announcements for "New user signups",
"New created streams", "Moderation requests" and "Zulip updates"
have topics policy set to allow only "general chat" messages.
Uses the approach done for email change confirmations in #34980 to avoid
triggering a reactivation via just a GET request. Instead, the GET
should return a page which will trigger the browser to then POST the key
to the endpoint.
This commit addresses the issue where the topic highlighting
in search results was offset by one character when an
apostrophe was present. The problem stemmed from the disparity
in HTML escaping generated by the function `func.escape_html` which
is used to obtain `topic_matches` differs from the escaping performed
by the function `django.utils.html.escape` for apostrophes (').
func.escape_html | django.utils.html.escape
-----------------+--------------------------
' | '
To fix this SQL query is changed to return the HTML-escaped
topic name generated by the function `func.escape_html`.
Fixes: #25633.
Co-authored-by: Pieter CK <pieterceka123@gmail.com>
This commit is a preparatory step for allowing organization owners to
reset user preferences, refactors the `clear_scheduled_emails` function
to support bulk operations.
In 40956ae4c5 we implemented group sync
via SAML during sign in and sign up. The sign up implementation used a
session variable group_memberships_sync_map to plumb through the sync
information to the registration codepath, to execute group sync after
user creation.
We can use a more robust approach instead, and just amend groups on the
`PreregistrationUser` object that's going to be used for registration.
Adds support for syncing group memberships for a user when logging in
via SAML. The list of group memberships is passed by the IdP in the
zulip_groups SAML attribute in the SAMLResponse.
Having a logger object will be helpful in the upcoming commit to pass as
argument to sync_groups. We use the root logger here (sticking to
original behavior) rather than setting up `getLogger(__name__)` to avoid
breaking a large number of tests which assert logs content - as there
doesn't seem to be any major upside to using a separate logger for this
file.
In user signup context, we are okay with there being an existing mirror
dummy user with the matching email - at the end of the signup, that
mirror dummy account will be activated and control of it given to the
user doing this signup.
However, in email change contexts (SCIM API and regular email change
flow), we can't change an account's email address to the address that
already belongs to an existing mirror dummy user.
To avoid subtle bugs like this, we make callers have to explicitly
specify whether existance of mirror dummies with the matching email
address is okay or not.
Just like with signup confirmation links, we shouldn't trigger email
change based on a GET to the confirmation URL - POST should be required.
So upon GET of the confirmation link, we serve a form which will
immediately be POSTed by JS code to finalize the email change.
The get_object_from_key call should be included in the transaction - we
shouldn't modify the object if the rest of the function fails to
actually confirm the email change (e.g. due to IntegrityError occurring).
The `acting_user` parameter is added in preparation to make
`do_update_outgoing_webhook_service` log `RealmAuditLog` when updating
bots service. It doesn't have any use as of right now.
This updates `do_update_outgoing_webhook_service` to use
`BotServicesOutgoing` as the schema for the updated service data we send
back to client because it's the schema `bot_data.update` expects.
The function is also refactored to allow updating specific fields of the
Service row instead of requiring all value for the Service fields to be
passed.
This is a prep commit for #34524, it adds another field to the Service
field.
When a user was joining via a multi-use invitation link, using one of
the social auth methods (e.g. Login with Google), the intended group
memberships configured on the multi-use invite would be ignored.
When a user is added to a channel, we send
the user that was added a Notification Bot
DMs to let them know about it.
In this commit, we add an option for whether or not
this message is sent.
If more than 100 users are added at once, we
do not send notification bot DMs since it would
be a performance-costly operation.
We also send this threshold value of 100 in the
initial state data to the clients.
Fixes part of #31189
The subdomain and host parts are already used within zulip_url, api_url,
this commit adds them as context properties themselves, so that they
can be used in email addresses and URLs without the URI scheme,
increasing uniformity.
The new context properties `display_host` and `display_subdomain` are
usable in the Help, API docs and Policies.
Occurrences of `*.zulipchat.com` have been updated to use them.
Showing these realms in the drop down list of realms is not helpful
for developers, so we filter them out of the list. Realms that are
deactivated without a redirect are still listed.
