def test_insecure_desktop_app(self) -> None:
self.assertEqual(is_outdated_desktop_app("ZulipDesktop/0.5.2 (Mac)"),
(True, True, True))
self.assertEqual(
is_outdated_desktop_app(
"ZulipElectron/2.3.82 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Zulip/2.3.82 Chrome/61.0.3163.100 Electron/2.0.9 Safari/537.36"
),
(True, True, True),
)
self.assertEqual(
is_outdated_desktop_app(
"ZulipElectron/4.0.0 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Zulip/4.0.3 Chrome/66.0.3359.181 Electron/3.1.10 Safari/537.36"
),
(True, True, False),
)
self.assertEqual(
is_outdated_desktop_app(
"ZulipElectron/4.0.3 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Zulip/4.0.3 Chrome/66.0.3359.181 Electron/3.1.10 Safari/537.36"
),
(True, True, False),
)
# Verify what happens if DESKTOP_MINIMUM_VERSION < v < DESKTOP_WARNING_VERSION
with mock.patch("zerver.lib.compatibility.DESKTOP_MINIMUM_VERSION",
"4.0.3"):
self.assertEqual(
is_outdated_desktop_app(
"ZulipElectron/4.0.3 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Zulip/4.0.3 Chrome/66.0.3359.181 Electron/3.1.10 Safari/537.36"
),
(True, False, False),
)
self.assertEqual(
is_outdated_desktop_app(
"ZulipElectron/5.2.0 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Zulip/5.2.0 Chrome/80.0.3987.165 Electron/8.2.5 Safari/537.36"
),
(False, False, False),
)
self.assertEqual(
is_outdated_desktop_app(
"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36"
),
(False, False, False),
)
self.assertEqual(is_outdated_desktop_app(""), (False, False, False))
def home_real(request: HttpRequest) -> HttpResponse:
# Before we do any real work, check if the app is banned.
client_user_agent = request.META.get("HTTP_USER_AGENT", "")
(insecure_desktop_app, banned_desktop_app,
auto_update_broken) = is_outdated_desktop_app(client_user_agent)
if banned_desktop_app:
return render(
request,
"zerver/insecure_desktop_app.html",
context={
"auto_update_broken": auto_update_broken,
},
)
(unsupported_browser,
browser_name) = is_unsupported_browser(client_user_agent)
if unsupported_browser:
return render(
request,
"zerver/unsupported_browser.html",
context={
"browser_name": browser_name,
},
)
# We need to modify the session object every two weeks or it will expire.
# This line makes reloading the page a sufficient action to keep the
# session alive.
request.session.modified = True
if request.user.is_authenticated:
user_profile = request.user
realm = user_profile.realm
# User is logged in and hence no longer `prefers_web_public_view`.
if "prefers_web_public_view" in request.session.keys():
del request.session["prefers_web_public_view"]
else:
realm = get_valid_realm_from_request(request)
# TODO: Ideally, we'd open Zulip directly as a spectator if
# the URL had clicked a link to content on a web-public
# stream. We could maybe do this by parsing `next`, but it's
# not super convenient with Zulip's hash-based URL scheme.
# The "Access without an account" button on the login page
# submits a POST to this page with this hidden field set.
if request.POST.get("prefers_web_public_view") == "true":
request.session["prefers_web_public_view"] = True
# We serve a redirect here, rather than serving a page, to
# avoid browser "Confirm form resubmission" prompts on reload.
redirect_to = get_safe_redirect_to(request.POST.get("next"),
realm.uri)
return redirect(redirect_to)
prefers_web_public_view = request.session.get(
"prefers_web_public_view")
if not prefers_web_public_view:
# For users who haven't opted into the spectator
# experience, we redirect to the login page.
return zulip_redirect_to_login(request,
settings.HOME_NOT_LOGGED_IN)
# For users who have selected public access, we load the
# spectator experience. We fall through to the shared code
# for loading the application, with user_profile=None encoding
# that we're a spectator, not a logged-in user.
user_profile = None
update_last_reminder(user_profile)
statsd.incr("views.home")
# If a user hasn't signed the current Terms of Service, send them there
if need_accept_tos(user_profile):
return accounts_accept_terms(request)
narrow, narrow_stream, narrow_topic = detect_narrowed_window(
request, user_profile)
if user_profile is not None:
first_in_realm = realm_user_count(user_profile.realm) == 1
# If you are the only person in the realm and you didn't invite
# anyone, we'll continue to encourage you to do so on the frontend.
prompt_for_invites = (first_in_realm
and not PreregistrationUser.objects.filter(
referred_by=user_profile).count())
needs_tutorial = user_profile.tutorial_status == UserProfile.TUTORIAL_WAITING
else:
first_in_realm = False
prompt_for_invites = False
# The current tutorial doesn't super make sense for logged-out users.
needs_tutorial = False
queue_id, page_params = build_page_params_for_home_page_load(
request=request,
user_profile=user_profile,
realm=realm,
insecure_desktop_app=insecure_desktop_app,
narrow=narrow,
narrow_stream=narrow_stream,
narrow_topic=narrow_topic,
first_in_realm=first_in_realm,
prompt_for_invites=prompt_for_invites,
needs_tutorial=needs_tutorial,
)
log_data = RequestNotes.get_notes(request).log_data
assert log_data is not None
log_data["extra"] = f"[{queue_id}]"
csp_nonce = secrets.token_hex(24)
user_permission_info = get_user_permission_info(user_profile)
response = render(
request,
"zerver/app/index.html",
context={
"user_profile": user_profile,
"page_params": page_params,
"csp_nonce": csp_nonce,
"color_scheme": user_permission_info.color_scheme,
},
)
patch_cache_control(response,
no_cache=True,
no_store=True,
must_revalidate=True)
return response
def home_real(request: HttpRequest) -> HttpResponse:
# Before we do any real work, check if the app is banned.
client_user_agent = request.META.get("HTTP_USER_AGENT", "")
(insecure_desktop_app, banned_desktop_app,
auto_update_broken) = is_outdated_desktop_app(client_user_agent)
if banned_desktop_app:
return render(
request,
"zerver/insecure_desktop_app.html",
context={
"auto_update_broken": auto_update_broken,
},
)
(unsupported_browser,
browser_name) = is_unsupported_browser(client_user_agent)
if unsupported_browser:
return render(
request,
"zerver/unsupported_browser.html",
context={
"browser_name": browser_name,
},
)
# We need to modify the session object every two weeks or it will expire.
# This line makes reloading the page a sufficient action to keep the
# session alive.
request.session.modified = True
if request.user.is_authenticated:
user_profile = request.user
realm = user_profile.realm
else:
# user_profile=None corresponds to the logged-out "web_public" visitor case.
user_profile = None
realm = get_valid_realm_from_request(request)
update_last_reminder(user_profile)
statsd.incr("views.home")
# If a user hasn't signed the current Terms of Service, send them there
if need_accept_tos(user_profile):
return accounts_accept_terms(request)
narrow, narrow_stream, narrow_topic = detect_narrowed_window(
request, user_profile)
if user_profile is not None:
first_in_realm = realm_user_count(user_profile.realm) == 1
# If you are the only person in the realm and you didn't invite
# anyone, we'll continue to encourage you to do so on the frontend.
prompt_for_invites = (first_in_realm
and not PreregistrationUser.objects.filter(
referred_by=user_profile).count())
needs_tutorial = user_profile.tutorial_status == UserProfile.TUTORIAL_WAITING
else:
first_in_realm = False
prompt_for_invites = False
# The current tutorial doesn't super make sense for logged-out users.
needs_tutorial = False
queue_id, page_params = build_page_params_for_home_page_load(
request=request,
user_profile=user_profile,
realm=realm,
insecure_desktop_app=insecure_desktop_app,
narrow=narrow,
narrow_stream=narrow_stream,
narrow_topic=narrow_topic,
first_in_realm=first_in_realm,
prompt_for_invites=prompt_for_invites,
needs_tutorial=needs_tutorial,
)
show_invites, show_add_streams = compute_show_invites_and_add_streams(
user_profile)
request._log_data["extra"] = "[{}]".format(queue_id)
csp_nonce = secrets.token_hex(24)
user_permission_info = get_user_permission_info(user_profile)
response = render(
request,
"zerver/app/index.html",
context={
"user_profile": user_profile,
"page_params": page_params,
"csp_nonce": csp_nonce,
"search_pills_enabled": settings.SEARCH_PILLS_ENABLED,
"show_invites": show_invites,
"show_add_streams": show_add_streams,
"is_owner": user_permission_info.is_realm_owner,
"is_admin": user_permission_info.is_realm_admin,
"is_guest": user_permission_info.is_guest,
"color_scheme": user_permission_info.color_scheme,
"embedded": narrow_stream is not None,
"max_file_upload_size_mib": settings.MAX_FILE_UPLOAD_SIZE,
},
)
patch_cache_control(response,
no_cache=True,
no_store=True,
must_revalidate=True)
return response
def home_real(request: HttpRequest) -> HttpResponse:
# Before we do any real work, check if the app is banned.
client_user_agent = request.headers.get("User-Agent", "")
(insecure_desktop_app, banned_desktop_app,
auto_update_broken) = is_outdated_desktop_app(client_user_agent)
if banned_desktop_app:
return render(
request,
"zerver/insecure_desktop_app.html",
context={
"auto_update_broken": auto_update_broken,
},
)
(unsupported_browser,
browser_name) = is_unsupported_browser(client_user_agent)
if unsupported_browser:
return render(
request,
"zerver/unsupported_browser.html",
context={
"browser_name": browser_name,
},
)
# We need to modify the session object every two weeks or it will expire.
# This line makes reloading the page a sufficient action to keep the
# session alive.
request.session.modified = True
if request.user.is_authenticated:
user_profile = request.user
realm = user_profile.realm
else:
realm = get_valid_realm_from_request(request)
# We load the spectator experience. We fall through to the shared code
# for loading the application, with user_profile=None encoding
# that we're a spectator, not a logged-in user.
user_profile = None
update_last_reminder(user_profile)
statsd.incr("views.home")
# If a user hasn't signed the current Terms of Service, send them there
if need_accept_tos(user_profile):
return accounts_accept_terms(request)
narrow, narrow_stream, narrow_topic = detect_narrowed_window(
request, user_profile)
if user_profile is not None:
first_in_realm = realm_user_count(user_profile.realm) == 1
# If you are the only person in the realm and you didn't invite
# anyone, we'll continue to encourage you to do so on the frontend.
prompt_for_invites = (first_in_realm
and not PreregistrationUser.objects.filter(
referred_by=user_profile).count())
needs_tutorial = user_profile.tutorial_status == UserProfile.TUTORIAL_WAITING
else:
first_in_realm = False
prompt_for_invites = False
# The current tutorial doesn't super make sense for logged-out users.
needs_tutorial = False
queue_id, page_params = build_page_params_for_home_page_load(
request=request,
user_profile=user_profile,
realm=realm,
insecure_desktop_app=insecure_desktop_app,
narrow=narrow,
narrow_stream=narrow_stream,
narrow_topic=narrow_topic,
first_in_realm=first_in_realm,
prompt_for_invites=prompt_for_invites,
needs_tutorial=needs_tutorial,
)
log_data = RequestNotes.get_notes(request).log_data
assert log_data is not None
log_data["extra"] = f"[{queue_id}]"
csp_nonce = secrets.token_hex(24)
user_permission_info = get_user_permission_info(user_profile)
response = render(
request,
"zerver/app/index.html",
context={
"user_profile": user_profile,
"page_params": page_params,
"csp_nonce": csp_nonce,
"color_scheme": user_permission_info.color_scheme,
},
)
patch_cache_control(response,
no_cache=True,
no_store=True,
must_revalidate=True)
return response