def send_message(self, message: Dict[str, Any]) -> Dict[str, Any]:
if not self._rate_limit.is_legal():
self._rate_limit.show_error_and_exit()
if message["type"] == "stream":
message_id = internal_send_stream_message_by_name(
self.user_profile.realm,
self.user_profile,
message["to"],
message["topic"],
message["content"],
)
return {"id": message_id}
assert message["type"] == "private"
# Ensure that it's a comma-separated list, even though the
# usual 'to' field could be either a List[str] or a str.
recipients = ",".join(message["to"]).split(",")
if len(message["to"]) == 0:
raise EmbeddedBotEmptyRecipientsList(
_("Message must have recipients!"))
elif len(message["to"]) == 1:
recipient_user = get_active_user(recipients[0],
self.user_profile.realm)
message_id = internal_send_private_message(self.user_profile,
recipient_user,
message["content"])
else:
message_id = internal_send_huddle_message(self.user_profile.realm,
self.user_profile,
recipients,
message["content"])
return {"id": message_id}
def send_message(self, message: Dict[str, Any]) -> None:
if not self._rate_limit.is_legal():
self._rate_limit.show_error_and_exit()
if message['type'] == 'stream':
internal_send_stream_message(self.user_profile.realm,
self.user_profile, message['to'],
message['topic'], message['content'])
return
assert message['type'] == 'private'
# Ensure that it's a comma-separated list, even though the
# usual 'to' field could be either a List[str] or a str.
recipients = ','.join(message['to']).split(',')
if len(message['to']) == 0:
raise EmbeddedBotEmptyRecipientsList(
_('Message must have recipients!'))
elif len(message['to']) == 1:
recipient_user = get_active_user(recipients[0],
self.user_profile.realm)
internal_send_private_message(self.user_profile.realm,
self.user_profile, recipient_user,
message['content'])
else:
internal_send_huddle_message(self.user_profile.realm,
self.user_profile, recipients,
message['content'])
def get_presence_backend(request: HttpRequest, user_profile: UserProfile,
email: str) -> HttpResponse:
# This isn't used by the webapp; it's available for API use by
# bots and other clients. We may want to add slim_presence
# support for it (or just migrate its API wholesale) later.
try:
target = get_active_user(email, user_profile.realm)
except UserProfile.DoesNotExist:
return json_error(_("No such user"))
if target.is_bot:
return json_error(_("Presence is not supported for bot users."))
presence_dict = get_presence_for_user(target.id)
if len(presence_dict) == 0:
return json_error(
_("No presence data for {email}").format(email=email))
# For initial version, we just include the status and timestamp keys
result = dict(presence=presence_dict[target.email])
aggregated_info = result["presence"]["aggregated"]
aggr_status_duration = datetime_to_timestamp(
timezone_now()) - aggregated_info["timestamp"]
if aggr_status_duration > settings.OFFLINE_THRESHOLD_SECS:
aggregated_info["status"] = "offline"
for val in result["presence"].values():
val.pop("client", None)
val.pop("pushable", None)
return json_success(result)
def send_message(self, message: Dict[str, Any]) -> None:
if not self._rate_limit.is_legal():
self._rate_limit.show_error_and_exit()
if message['type'] == 'stream':
internal_send_stream_message_by_name(
self.user_profile.realm, self.user_profile,
message['to'], message['topic'], message['content']
)
return
assert message['type'] == 'private'
# Ensure that it's a comma-separated list, even though the
# usual 'to' field could be either a List[str] or a str.
recipients = ','.join(message['to']).split(',')
if len(message['to']) == 0:
raise EmbeddedBotEmptyRecipientsList(_('Message must have recipients!'))
elif len(message['to']) == 1:
recipient_user = get_active_user(recipients[0], self.user_profile.realm)
internal_send_private_message(self.user_profile.realm, self.user_profile,
recipient_user, message['content'])
else:
internal_send_huddle_message(self.user_profile.realm, self.user_profile,
recipients, message['content'])
def principal_to_user_profile(agent: UserProfile, principal: str) -> UserProfile:
try:
return get_active_user(principal, agent.realm)
except UserProfile.DoesNotExist:
# We have to make sure we don't leak information about which users
# are registered for Zulip in a different realm. We could do
# something a little more clever and check the domain part of the
# principal to maybe give a better error message
raise PrincipalError(principal)
def principal_to_user_profile(agent: UserProfile, principal: str) -> UserProfile:
try:
return get_active_user(principal, agent.realm)
except UserProfile.DoesNotExist:
# We have to make sure we don't leak information about which users
# are registered for Zulip in a different realm. We could do
# something a little more clever and check the domain part of the
# principal to maybe give a better error message
raise PrincipalError(principal)
def get_presence_backend(request: HttpRequest, user_profile: UserProfile,
email: str) -> HttpResponse:
try:
target = get_active_user(email, user_profile.realm)
except UserProfile.DoesNotExist:
return json_error(_('No such user'))
if target.is_bot:
return json_error(_('Presence is not supported for bot users.'))
presence_dict = UserPresence.get_status_dict_by_user(target)
if len(presence_dict) == 0:
return json_error(_('No presence data for %s' % (target.email,)))
# For initial version, we just include the status and timestamp keys
result = dict(presence=presence_dict[target.email])
aggregated_info = result['presence']['aggregated']
aggr_status_duration = datetime_to_timestamp(timezone_now()) - aggregated_info['timestamp']
if aggr_status_duration > settings.OFFLINE_THRESHOLD_SECS:
aggregated_info['status'] = 'offline'
for val in result['presence'].values():
val.pop('client', None)
val.pop('pushable', None)
return json_success(result)
def get_presence_backend(request: HttpRequest, user_profile: UserProfile,
email: str) -> HttpResponse:
try:
target = get_active_user(email, user_profile.realm)
except UserProfile.DoesNotExist:
return json_error(_('No such user'))
if target.is_bot:
return json_error(_('Presence is not supported for bot users.'))
presence_dict = UserPresence.get_status_dict_by_user(target)
if len(presence_dict) == 0:
return json_error(_('No presence data for %s' % (target.email, )))
# For initial version, we just include the status and timestamp keys
result = dict(presence=presence_dict[target.email])
aggregated_info = result['presence']['aggregated']
aggr_status_duration = datetime_to_timestamp(
timezone_now()) - aggregated_info['timestamp']
if aggr_status_duration > settings.OFFLINE_THRESHOLD_SECS:
aggregated_info['status'] = 'offline'
for val in result['presence'].values():
val.pop('client', None)
val.pop('pushable', None)
return json_success(result)
def save(self,
domain_override: Optional[bool]=None,
subject_template_name: str='registration/password_reset_subject.txt',
email_template_name: str='registration/password_reset_email.html',
use_https: bool=False,
token_generator: PasswordResetTokenGenerator=default_token_generator,
from_email: Optional[str]=None,
request: HttpRequest=None,
html_email_template_name: Optional[str]=None,
extra_email_context: Optional[Dict[str, Any]]=None
) -> None:
"""
If the email address has an account in the target realm,
generates a one-use only link for resetting password and sends
to the user.
We send a different email if an associated account does not exist in the
database, or an account does exist, but not in the realm.
Note: We ignore protocol and the various email template arguments (those
are an artifact of using Django's password reset framework).
"""
email = self.cleaned_data["email"]
realm = get_realm(get_subdomain(request))
if not email_auth_enabled(realm):
logging.info("Password reset attempted for %s even though password auth is disabled." % (email,))
return
if realm.deactivated:
logging.info("Realm is deactivated")
return
user = None # type: Optional[UserProfile]
try:
user = get_active_user(email, realm)
except UserProfile.DoesNotExist:
pass
context = {
'email': email,
'realm_uri': realm.uri,
}
if user is not None:
token = token_generator.make_token(user)
uid = urlsafe_base64_encode(force_bytes(user.id)).decode('ascii')
endpoint = reverse('django.contrib.auth.views.password_reset_confirm',
kwargs=dict(uidb64=uid, token=token))
context['no_account_in_realm'] = False
context['reset_url'] = "{}{}".format(user.realm.uri, endpoint)
send_email('zerver/emails/password_reset', to_user_id=user.id,
from_name="Zulip Account Security",
from_address=FromAddress.NOREPLY, context=context)
else:
context['no_account_in_realm'] = True
accounts = UserProfile.objects.filter(email__iexact=email)
if accounts:
context['accounts'] = accounts
context['multiple_accounts'] = accounts.count() != 1
send_email('zerver/emails/password_reset', to_email=email,
from_name="Zulip Account Security",
from_address=FromAddress.NOREPLY, context=context)
def save(
self,
domain_override: Optional[bool] = None,
subject_template_name:
str = 'registration/password_reset_subject.txt',
email_template_name: str = 'registration/password_reset_email.html',
use_https: bool = False,
token_generator:
PasswordResetTokenGenerator = default_token_generator,
from_email: Optional[str] = None,
request: HttpRequest = None,
html_email_template_name: Optional[str] = None,
extra_email_context: Optional[Dict[str, Any]] = None) -> None:
"""
If the email address has an account in the target realm,
generates a one-use only link for resetting password and sends
to the user.
We send a different email if an associated account does not exist in the
database, or an account does exist, but not in the realm.
Note: We ignore protocol and the various email template arguments (those
are an artifact of using Django's password reset framework).
"""
email = self.cleaned_data["email"]
realm = get_realm(get_subdomain(request))
if not email_auth_enabled(realm):
logging.info(
"Password reset attempted for %s even though password auth is disabled."
% (email, ))
return
if realm.deactivated:
logging.info("Realm is deactivated")
return
user = None # type: Optional[UserProfile]
try:
user = get_active_user(email, realm)
except UserProfile.DoesNotExist:
pass
context = {
'email': email,
'realm_uri': realm.uri,
}
if user is not None:
token = token_generator.make_token(user)
uid = urlsafe_base64_encode(force_bytes(user.id)).decode('ascii')
endpoint = reverse(
'django.contrib.auth.views.password_reset_confirm',
kwargs=dict(uidb64=uid, token=token))
context['no_account_in_realm'] = False
context['reset_url'] = "{}{}".format(user.realm.uri, endpoint)
send_email('zerver/emails/password_reset',
to_user_id=user.id,
from_name="Zulip Account Security",
from_address=FromAddress.NOREPLY,
context=context)
else:
context['no_account_in_realm'] = True
accounts = UserProfile.objects.filter(email__iexact=email)
if accounts:
context['accounts'] = accounts
context['multiple_accounts'] = accounts.count() != 1
send_email('zerver/emails/password_reset',
to_email=email,
from_name="Zulip Account Security",
from_address=FromAddress.NOREPLY,
context=context)
