def add_bot_backend(request, user_profile, full_name_raw=REQ("full_name"), short_name=REQ(),
default_sending_stream_name=REQ('default_sending_stream', default=None),
default_events_register_stream_name=REQ('default_events_register_stream', default=None),
default_all_public_streams=REQ(validator=check_bool, default=None)):
# type: (HttpRequest, UserProfile, Text, Text, Optional[Text], Optional[Text], Optional[bool]) -> HttpResponse
short_name += "-bot"
full_name = check_full_name(full_name_raw)
email = '%s@%s' % (short_name, user_profile.realm.get_bot_domain())
form = CreateUserForm({'full_name': full_name, 'email': email})
if not form.is_valid():
# We validate client-side as well
return json_error(_('Bad name or username'))
try:
get_user_profile_by_email(email)
return json_error(_("Username already in use"))
except UserProfile.DoesNotExist:
pass
if len(request.FILES) == 0:
avatar_source = UserProfile.AVATAR_FROM_GRAVATAR
elif len(request.FILES) != 1:
return json_error(_("You may only upload one file at a time"))
else:
avatar_source = UserProfile.AVATAR_FROM_USER
default_sending_stream = None
if default_sending_stream_name is not None:
(default_sending_stream, ignored_rec, ignored_sub) = access_stream_by_name(
user_profile, default_sending_stream_name)
default_events_register_stream = None
if default_events_register_stream_name is not None:
(default_events_register_stream, ignored_rec, ignored_sub) = access_stream_by_name(
user_profile, default_events_register_stream_name)
bot_profile = do_create_user(email=email, password='',
realm=user_profile.realm, full_name=full_name,
short_name=short_name, active=True,
bot_type=UserProfile.DEFAULT_BOT,
bot_owner=user_profile,
avatar_source=avatar_source,
default_sending_stream=default_sending_stream,
default_events_register_stream=default_events_register_stream,
default_all_public_streams=default_all_public_streams)
if len(request.FILES) == 1:
user_file = list(request.FILES.values())[0]
upload_avatar_image(user_file, user_profile, bot_profile)
json_result = dict(
api_key=bot_profile.api_key,
avatar_url=avatar_url(bot_profile),
default_sending_stream=get_stream_name(bot_profile.default_sending_stream),
default_events_register_stream=get_stream_name(bot_profile.default_events_register_stream),
default_all_public_streams=bot_profile.default_all_public_streams,
)
return json_success(json_result)
def patch_bot_backend(request, user_profile, email,
full_name=REQ(default=None),
default_sending_stream=REQ(default=None),
default_events_register_stream=REQ(default=None),
default_all_public_streams=REQ(default=None, validator=check_bool)):
# type: (HttpRequest, UserProfile, Text, Optional[Text], Optional[Text], Optional[Text], Optional[bool]) -> HttpResponse
try:
bot = get_user_profile_by_email(email)
except:
return json_error(_('No such user'))
if not user_profile.can_admin_user(bot):
return json_error(_('Insufficient permission'))
if full_name is not None:
check_change_full_name(bot, full_name)
if default_sending_stream is not None:
if default_sending_stream == "":
stream = None
else:
(stream, recipient, sub) = access_stream_by_name(
user_profile, default_sending_stream)
do_change_default_sending_stream(bot, stream)
if default_events_register_stream is not None:
if default_events_register_stream == "":
stream = None
else:
(stream, recipient, sub) = access_stream_by_name(
user_profile, default_events_register_stream)
do_change_default_events_register_stream(bot, stream)
if default_all_public_streams is not None:
do_change_default_all_public_streams(bot, default_all_public_streams)
if len(request.FILES) == 0:
pass
elif len(request.FILES) == 1:
user_file = list(request.FILES.values())[0]
upload_avatar_image(user_file, user_profile, bot.email)
avatar_source = UserProfile.AVATAR_FROM_USER
do_change_avatar_source(bot, avatar_source)
else:
return json_error(_("You may only upload one file at a time"))
json_result = dict(
full_name=bot.full_name,
avatar_url=avatar_url(bot),
default_sending_stream=get_stream_name(bot.default_sending_stream),
default_events_register_stream=get_stream_name(bot.default_events_register_stream),
default_all_public_streams=bot.default_all_public_streams,
)
return json_success(json_result)
def json_invite_users(request, user_profile,
invitee_emails_raw=REQ("invitee_emails"),
body=REQ("custom_body", default=None)):
# type: (HttpRequest, UserProfile, str, Optional[str]) -> HttpResponse
if not invitee_emails_raw:
return json_error(_("You must specify at least one email address."))
if body == '':
body = None
invitee_emails = get_invitee_emails_set(invitee_emails_raw)
stream_names = request.POST.getlist('stream')
if not stream_names:
return json_error(_("You must specify at least one stream for invitees to join."))
# We unconditionally sub you to the notifications stream if it
# exists and is public.
notifications_stream = user_profile.realm.notifications_stream # type: Optional[Stream]
if notifications_stream and not notifications_stream.invite_only:
stream_names.append(notifications_stream.name)
streams = [] # type: List[Stream]
for stream_name in stream_names:
try:
(stream, recipient, sub) = access_stream_by_name(user_profile, stream_name)
except JsonableError:
return json_error(_("Stream does not exist: %s. No invites were sent.") % (stream_name,))
streams.append(stream)
ret_error, error_data = do_invite_users(user_profile, invitee_emails, streams, body)
if ret_error is not None:
return json_error(data=error_data, msg=ret_error)
else:
return json_success()
def invite_users_backend(request: HttpRequest, user_profile: UserProfile,
invitee_emails_raw: str=REQ("invitee_emails"),
invite_as_admin: Optional[bool]=REQ(validator=check_bool, default=False),
) -> HttpResponse:
if user_profile.realm.invite_by_admins_only and not user_profile.is_realm_admin:
return json_error(_("Must be an organization administrator"))
if invite_as_admin and not user_profile.is_realm_admin:
return json_error(_("Must be an organization administrator"))
if not invitee_emails_raw:
return json_error(_("You must specify at least one email address."))
invitee_emails = get_invitee_emails_set(invitee_emails_raw)
stream_names = request.POST.getlist('stream')
if not stream_names:
return json_error(_("You must specify at least one stream for invitees to join."))
# We unconditionally sub you to the notifications stream if it
# exists and is public.
notifications_stream = user_profile.realm.notifications_stream # type: Optional[Stream]
if notifications_stream and not notifications_stream.invite_only:
stream_names.append(notifications_stream.name)
streams = [] # type: List[Stream]
for stream_name in stream_names:
try:
(stream, recipient, sub) = access_stream_by_name(user_profile, stream_name)
except JsonableError:
return json_error(_("Stream does not exist: %s. No invites were sent.") % (stream_name,))
streams.append(stream)
do_invite_users(user_profile, invitee_emails, streams, invite_as_admin)
return json_success()
def remove_default_stream(request: HttpRequest,
user_profile: UserProfile,
stream_name: str=REQ()) -> HttpResponse:
(stream, recipient, sub) = access_stream_by_name(user_profile, stream_name,
allow_realm_admin=True)
do_remove_default_stream(stream)
return json_success()
def mute_topic(user_profile: UserProfile, stream_name: str,
topic_name: str) -> HttpResponse:
(stream, recipient, sub) = access_stream_by_name(user_profile, stream_name)
if topic_is_muted(user_profile, stream.id, topic_name):
return json_error(_("Topic already muted"))
do_mute_topic(user_profile, stream, recipient, topic_name)
return json_success()
def create_default_stream_group(request: HttpRequest, user_profile: UserProfile,
group_name: Text=REQ(), description: Text=REQ(),
stream_names: List[Text]=REQ(validator=check_list(check_string))) -> None:
streams = []
for stream_name in stream_names:
(stream, recipient, sub) = access_stream_by_name(user_profile, stream_name)
streams.append(stream)
do_create_default_stream_group(user_profile.realm, group_name, description, streams)
return json_success()
def json_subscription_property(request, user_profile, subscription_data=REQ(
validator=check_list(
check_dict([("stream", check_string),
("property", check_string),
("value", check_variable_type(
[check_string, check_bool]))])))):
# type: (HttpRequest, UserProfile, List[Dict[str, Any]]) -> HttpResponse
"""
This is the entry point to changing subscription properties. This
is a bulk endpoint: requestors always provide a subscription_data
list containing dictionaries for each stream of interest.
Requests are of the form:
[{"stream": "devel", "property": "in_home_view", "value": False},
{"stream": "devel", "property": "color", "value": "#c2c2c2"}]
"""
if request.method != "POST":
return json_error(_("Invalid verb"))
property_converters = {"color": check_string, "in_home_view": check_bool,
"desktop_notifications": check_bool,
"audible_notifications": check_bool,
"pin_to_top": check_bool}
response_data = []
for change in subscription_data:
stream_name = change["stream"]
property = change["property"]
value = change["value"]
if property not in property_converters:
return json_error(_("Unknown subscription property: %s") % (property,))
(stream, recipient, sub) = access_stream_by_name(user_profile, stream_name)
if sub is None:
return json_error(_("Not subscribed to stream %s") % (stream_name,))
property_conversion = property_converters[property](property, value)
if property_conversion:
return json_error(property_conversion)
do_change_subscription_property(user_profile, sub, stream,
property, value)
response_data.append({'stream': stream_name,
'property': property,
'value': value})
return json_success({"subscription_data": response_data})
def mute_topic(user_profile: UserProfile,
stream_id: Optional[int],
stream_name: Optional[str],
topic_name: str) -> HttpResponse:
if stream_name is not None:
(stream, recipient, sub) = access_stream_by_name(user_profile, stream_name)
else:
assert stream_id is not None
(stream, recipient, sub) = access_stream_by_id(user_profile, stream_id)
if topic_is_muted(user_profile, stream.id, topic_name):
return json_error(_("Topic already muted"))
do_mute_topic(user_profile, stream, recipient, topic_name)
return json_success()
def update_default_stream_group_streams(request: HttpRequest, user_profile: UserProfile,
group_id: int, op: Text=REQ(),
stream_names: List[Text]=REQ(
validator=check_list(check_string))) -> None:
group = access_default_stream_group_by_id(user_profile.realm, group_id,)
streams = []
for stream_name in stream_names:
(stream, recipient, sub) = access_stream_by_name(user_profile, stream_name)
streams.append(stream)
if op == 'add':
do_add_streams_to_default_stream_group(user_profile.realm, group, streams)
elif op == 'remove':
do_remove_streams_from_default_stream_group(user_profile.realm, group, streams)
else:
return json_error(_('Invalid value for "op". Specify one of "add" or "remove".'))
return json_success()
def json_stream_exists(request: HttpRequest, user_profile: UserProfile, stream_name: Text=REQ("stream"),
autosubscribe: bool=REQ(validator=check_bool, default=False)) -> HttpResponse:
check_stream_name(stream_name)
try:
(stream, recipient, sub) = access_stream_by_name(user_profile, stream_name)
except JsonableError as e:
return json_error(e.msg, status=404)
# access_stream functions return a subscription if and only if we
# are already subscribed.
result = {"subscribed": sub is not None}
# If we got here, we're either subscribed or the stream is public.
# So if we're not yet subscribed and autosubscribe is enabled, we
# should join.
if sub is None and autosubscribe:
bulk_add_subscriptions([stream], [user_profile], acting_user=user_profile)
result["subscribed"] = True
return json_success(result) # results are ignored for HEAD requests
def home_real(request):
# type: (HttpRequest) -> HttpResponse
# We need to modify the session object every two weeks or it will expire.
# This line makes reloading the page a sufficient action to keep the
# session alive.
request.session.modified = True
user_profile = request.user
# If a user hasn't signed the current Terms of Service, send them there
if settings.TERMS_OF_SERVICE is not None and settings.TOS_VERSION is not None and \
int(settings.TOS_VERSION.split('.')[0]) > user_profile.major_tos_version():
return accounts_accept_terms(request)
narrow = [] # type: List[List[Text]]
narrow_stream = None
narrow_topic = request.GET.get("topic")
if request.GET.get("stream"):
try:
narrow_stream_name = request.GET.get("stream")
(narrow_stream, ignored_rec,
ignored_sub) = access_stream_by_name(user_profile,
narrow_stream_name)
narrow = [["stream", narrow_stream.name]]
except Exception:
logging.exception("Narrow parsing")
if narrow_stream is not None and narrow_topic is not None:
narrow.append(["topic", narrow_topic])
register_ret = do_events_register(user_profile,
request.client,
apply_markdown=True,
narrow=narrow)
user_has_messages = (register_ret['max_message_id'] != -1)
# Reset our don't-spam-users-with-email counter since the
# user has since logged in
if user_profile.last_reminder is not None:
user_profile.last_reminder = None
user_profile.save(update_fields=["last_reminder"])
# Brand new users get narrowed to PM with welcome-bot
needs_tutorial = user_profile.tutorial_status == UserProfile.TUTORIAL_WAITING
first_in_realm = realm_user_count(user_profile.realm) == 1
# If you are the only person in the realm and you didn't invite
# anyone, we'll continue to encourage you to do so on the frontend.
prompt_for_invites = first_in_realm and \
not PreregistrationUser.objects.filter(referred_by=user_profile).count()
if user_profile.pointer == -1 and user_has_messages:
# Put the new user's pointer at the bottom
#
# This improves performance, because we limit backfilling of messages
# before the pointer. It's also likely that someone joining an
# organization is interested in recent messages more than the very
# first messages on the system.
register_ret['pointer'] = register_ret['max_message_id']
user_profile.last_pointer_updater = request.session.session_key
if user_profile.pointer == -1:
latest_read = None
else:
try:
latest_read = UserMessage.objects.get(
user_profile=user_profile, message__id=user_profile.pointer)
except UserMessage.DoesNotExist:
# Don't completely fail if your saved pointer ID is invalid
logging.warning("%s has invalid pointer %s" %
(user_profile.email, user_profile.pointer))
latest_read = None
# Set default language and make it persist
default_language = register_ret['default_language']
url_lang = '/{}'.format(request.LANGUAGE_CODE)
if not request.path.startswith(url_lang):
translation.activate(default_language)
request.session[translation.LANGUAGE_SESSION_KEY] = default_language
# Pass parameters to the client-side JavaScript code.
# These end up in a global JavaScript Object named 'page_params'.
page_params = dict(
# Server settings.
development_environment=settings.DEVELOPMENT,
debug_mode=settings.DEBUG,
test_suite=settings.TEST_SUITE,
poll_timeout=settings.POLL_TIMEOUT,
login_page=settings.HOME_NOT_LOGGED_IN,
root_domain_uri=settings.ROOT_DOMAIN_URI,
maxfilesize=settings.MAX_FILE_UPLOAD_SIZE,
max_avatar_file_size=settings.MAX_AVATAR_FILE_SIZE,
server_generation=settings.SERVER_GENERATION,
use_websockets=settings.USE_WEBSOCKETS,
save_stacktraces=settings.SAVE_FRONTEND_STACKTRACES,
server_inline_image_preview=settings.INLINE_IMAGE_PREVIEW,
server_inline_url_embed_preview=settings.INLINE_URL_EMBED_PREVIEW,
password_min_length=settings.PASSWORD_MIN_LENGTH,
password_min_quality=settings.PASSWORD_MIN_ZXCVBN_QUALITY,
# Misc. extra data.
have_initial_messages=user_has_messages,
initial_servertime=time.time(
), # Used for calculating relative presence age
default_language_name=get_language_name(
register_ret['default_language']),
language_list_dbl_col=get_language_list_for_templates(
register_ret['default_language']),
language_list=get_language_list(),
needs_tutorial=needs_tutorial,
first_in_realm=first_in_realm,
prompt_for_invites=prompt_for_invites,
furthest_read_time=sent_time_in_epoch_seconds(latest_read),
has_mobile_devices=num_push_devices_for_user(user_profile) > 0,
)
undesired_register_ret_fields = [
'streams',
]
for field_name in set(
register_ret.keys()) - set(undesired_register_ret_fields):
page_params[field_name] = register_ret[field_name]
if narrow_stream is not None:
# In narrow_stream context, initial pointer is just latest message
recipient = get_recipient(Recipient.STREAM, narrow_stream.id)
try:
initial_pointer = Message.objects.filter(
recipient=recipient).order_by('id').reverse()[0].id
except IndexError:
initial_pointer = -1
page_params["narrow_stream"] = narrow_stream.name
if narrow_topic is not None:
page_params["narrow_topic"] = narrow_topic
page_params["narrow"] = [
dict(operator=term[0], operand=term[1]) for term in narrow
]
page_params["max_message_id"] = initial_pointer
page_params["pointer"] = initial_pointer
page_params["have_initial_messages"] = (initial_pointer != -1)
page_params["enable_desktop_notifications"] = False
statsd.incr('views.home')
show_invites = True
# Some realms only allow admins to invite users
if user_profile.realm.invite_by_admins_only and not user_profile.is_realm_admin:
show_invites = False
request._log_data['extra'] = "[%s]" % (register_ret["queue_id"], )
response = render(
request,
'zerver/index.html',
context={
'user_profile':
user_profile,
'page_params':
simplejson.encoder.JSONEncoderForHTML().encode(page_params),
'nofontface':
is_buggy_ua(request.META.get("HTTP_USER_AGENT", "Unspecified")),
'avatar_url':
avatar_url(user_profile),
'show_debug':
settings.DEBUG and ('show_debug' in request.GET),
'pipeline':
settings.PIPELINE_ENABLED,
'show_invites':
show_invites,
'is_admin':
user_profile.is_realm_admin,
'show_webathena':
user_profile.realm.webathena_enabled,
'enable_feedback':
settings.ENABLE_FEEDBACK,
'embedded':
narrow_stream is not None,
},
)
patch_cache_control(response,
no_cache=True,
no_store=True,
must_revalidate=True)
return response
def home_real(request):
# type: (HttpRequest) -> HttpResponse
# We need to modify the session object every two weeks or it will expire.
# This line makes reloading the page a sufficient action to keep the
# session alive.
request.session.modified = True
user_profile = request.user
# If a user hasn't signed the current Terms of Service, send them there
if settings.TERMS_OF_SERVICE is not None and settings.TOS_VERSION is not None and \
int(settings.TOS_VERSION.split('.')[0]) > user_profile.major_tos_version():
return accounts_accept_terms(request)
narrow = [] # type: List[List[Text]]
narrow_stream = None
narrow_topic = request.GET.get("topic")
if request.GET.get("stream"):
try:
narrow_stream_name = request.GET.get("stream")
(narrow_stream, ignored_rec,
ignored_sub) = access_stream_by_name(user_profile,
narrow_stream_name)
narrow = [["stream", narrow_stream.name]]
except Exception:
logging.exception("Narrow parsing")
if narrow_stream is not None and narrow_topic is not None:
narrow.append(["topic", narrow_topic])
register_ret = do_events_register(user_profile,
request.client,
apply_markdown=True,
narrow=narrow)
user_has_messages = (register_ret['max_message_id'] != -1)
# Reset our don't-spam-users-with-email counter since the
# user has since logged in
if user_profile.last_reminder is not None:
user_profile.last_reminder = None
user_profile.save(update_fields=["last_reminder"])
# Brand new users get the tutorial
needs_tutorial = settings.TUTORIAL_ENABLED and \
user_profile.tutorial_status != UserProfile.TUTORIAL_FINISHED
first_in_realm = realm_user_count(user_profile.realm) == 1
# If you are the only person in the realm and you didn't invite
# anyone, we'll continue to encourage you to do so on the frontend.
prompt_for_invites = first_in_realm and \
not PreregistrationUser.objects.filter(referred_by=user_profile).count()
if user_profile.pointer == -1 and user_has_messages:
# Put the new user's pointer at the bottom
#
# This improves performance, because we limit backfilling of messages
# before the pointer. It's also likely that someone joining an
# organization is interested in recent messages more than the very
# first messages on the system.
register_ret['pointer'] = register_ret['max_message_id']
user_profile.last_pointer_updater = request.session.session_key
if user_profile.pointer == -1:
latest_read = None
else:
try:
latest_read = UserMessage.objects.get(
user_profile=user_profile, message__id=user_profile.pointer)
except UserMessage.DoesNotExist:
# Don't completely fail if your saved pointer ID is invalid
logging.warning("%s has invalid pointer %s" %
(user_profile.email, user_profile.pointer))
latest_read = None
desktop_notifications_enabled = user_profile.enable_desktop_notifications
if narrow_stream is not None:
desktop_notifications_enabled = False
if user_profile.realm.notifications_stream:
notifications_stream = user_profile.realm.notifications_stream.name
else:
notifications_stream = ""
# Set default language and make it persist
default_language = register_ret['default_language']
url_lang = '/{}'.format(request.LANGUAGE_CODE)
if not request.path.startswith(url_lang):
translation.activate(default_language)
request.session[translation.LANGUAGE_SESSION_KEY] = default_language
# Pass parameters to the client-side JavaScript code.
# These end up in a global JavaScript Object named 'page_params'.
page_params = dict(
# Server settings.
share_the_love=settings.SHARE_THE_LOVE,
development_environment=settings.DEVELOPMENT,
debug_mode=settings.DEBUG,
test_suite=settings.TEST_SUITE,
poll_timeout=settings.POLL_TIMEOUT,
login_page=settings.HOME_NOT_LOGGED_IN,
server_uri=settings.SERVER_URI,
maxfilesize=settings.MAX_FILE_UPLOAD_SIZE,
max_avatar_file_size=settings.MAX_AVATAR_FILE_SIZE,
server_generation=settings.SERVER_GENERATION,
use_websockets=settings.USE_WEBSOCKETS,
save_stacktraces=settings.SAVE_FRONTEND_STACKTRACES,
server_inline_image_preview=settings.INLINE_IMAGE_PREVIEW,
server_inline_url_embed_preview=settings.INLINE_URL_EMBED_PREVIEW,
# realm data.
# TODO: Move all of these data to register_ret and pull from there
realm_uri=user_profile.realm.uri,
password_auth_enabled=password_auth_enabled(user_profile.realm),
domains=list_of_domains_for_realm(user_profile.realm),
name_changes_disabled=name_changes_disabled(user_profile.realm),
mandatory_topics=user_profile.realm.mandatory_topics,
show_digest_email=user_profile.realm.show_digest_email,
realm_presence_disabled=user_profile.realm.presence_disabled,
is_zephyr_mirror_realm=user_profile.realm.is_zephyr_mirror_realm,
# user_profile data.
# TODO: Move all of these data to register_ret and pull from there
fullname=user_profile.full_name,
email=user_profile.email,
enter_sends=user_profile.enter_sends,
user_id=user_profile.id,
is_admin=user_profile.is_realm_admin,
can_create_streams=user_profile.can_create_streams(),
autoscroll_forever=user_profile.autoscroll_forever,
default_desktop_notifications=user_profile.
default_desktop_notifications,
avatar_url=avatar_url(user_profile),
avatar_url_medium=avatar_url(user_profile, medium=True),
avatar_source=user_profile.avatar_source,
timezone=user_profile.timezone,
# Stream message notification settings:
stream_desktop_notifications_enabled=user_profile.
enable_stream_desktop_notifications,
stream_sounds_enabled=user_profile.enable_stream_sounds,
# Private message and @-mention notification settings:
desktop_notifications_enabled=desktop_notifications_enabled,
sounds_enabled=user_profile.enable_sounds,
enable_offline_email_notifications=user_profile.
enable_offline_email_notifications,
pm_content_in_desktop_notifications=user_profile.
pm_content_in_desktop_notifications,
enable_offline_push_notifications=user_profile.
enable_offline_push_notifications,
enable_online_push_notifications=user_profile.
enable_online_push_notifications,
enable_digest_emails=user_profile.enable_digest_emails,
# Realm foreign key data from register_ret.
# TODO: Rename these to match register_ret values.
subbed_info=register_ret['subscriptions'],
unsubbed_info=register_ret['unsubscribed'],
neversubbed_info=register_ret['never_subscribed'],
people_list=register_ret['realm_users'],
bot_list=register_ret['realm_bots'],
initial_pointer=register_ret['pointer'],
initial_presences=register_ret['presences'],
event_queue_id=register_ret['queue_id'],
# Misc. extra data.
have_initial_messages=user_has_messages,
initial_servertime=time.time(
), # Used for calculating relative presence age
default_language_name=get_language_name(
register_ret['default_language']),
language_list_dbl_col=get_language_list_for_templates(
register_ret['default_language']),
language_list=get_language_list(),
needs_tutorial=needs_tutorial,
first_in_realm=first_in_realm,
prompt_for_invites=prompt_for_invites,
notifications_stream=notifications_stream,
cross_realm_bots=list(get_cross_realm_dicts()),
unread_count=approximate_unread_count(user_profile),
furthest_read_time=sent_time_in_epoch_seconds(latest_read),
has_mobile_devices=num_push_devices_for_user(user_profile) > 0,
)
# These fields will be automatically copied from register_ret into
# page_params. It is a goal to move more of the page_params list
# into this sort of cleaner structure.
page_params_core_fields = [
'alert_words',
'attachments',
'default_language',
'emoji_alt_code',
'hotspots',
'last_event_id',
'left_side_userlist',
'max_icon_file_size',
'max_message_id',
'muted_topics',
'realm_add_emoji_by_admins_only',
'realm_allow_message_editing',
'realm_authentication_methods',
'realm_bot_domain',
'realm_create_stream_by_admins_only',
'realm_default_language',
'realm_default_streams',
'realm_email_changes_disabled',
'realm_emoji',
'realm_filters',
'realm_icon_source',
'realm_icon_url',
'realm_invite_by_admins_only',
'realm_inline_image_preview',
'realm_inline_url_embed_preview',
'realm_invite_required',
'realm_message_content_edit_limit_seconds',
'realm_message_retention_days',
'realm_name',
'realm_description',
'realm_name_changes_disabled',
'realm_restricted_to_domain',
'realm_waiting_period_threshold',
'referrals',
'twenty_four_hour_time',
'zulip_version',
]
for field_name in page_params_core_fields:
page_params[field_name] = register_ret[field_name]
if narrow_stream is not None:
# In narrow_stream context, initial pointer is just latest message
recipient = get_recipient(Recipient.STREAM, narrow_stream.id)
try:
initial_pointer = Message.objects.filter(
recipient=recipient).order_by('id').reverse()[0].id
except IndexError:
initial_pointer = -1
page_params["narrow_stream"] = narrow_stream.name
if narrow_topic is not None:
page_params["narrow_topic"] = narrow_topic
page_params["narrow"] = [
dict(operator=term[0], operand=term[1]) for term in narrow
]
page_params["max_message_id"] = initial_pointer
page_params["initial_pointer"] = initial_pointer
page_params["have_initial_messages"] = (initial_pointer != -1)
statsd.incr('views.home')
show_invites = True
# Some realms only allow admins to invite users
if user_profile.realm.invite_by_admins_only and not user_profile.is_realm_admin:
show_invites = False
request._log_data['extra'] = "[%s]" % (register_ret["queue_id"], )
response = render(
request,
'zerver/index.html',
context={
'user_profile':
user_profile,
'page_params':
simplejson.encoder.JSONEncoderForHTML().encode(page_params),
'nofontface':
is_buggy_ua(request.META.get("HTTP_USER_AGENT", "Unspecified")),
'avatar_url':
avatar_url(user_profile),
'show_debug':
settings.DEBUG and ('show_debug' in request.GET),
'pipeline':
settings.PIPELINE_ENABLED,
'show_invites':
show_invites,
'is_admin':
user_profile.is_realm_admin,
'show_webathena':
user_profile.realm.webathena_enabled,
'enable_feedback':
settings.ENABLE_FEEDBACK,
'embedded':
narrow_stream is not None,
},
)
patch_cache_control(response,
no_cache=True,
no_store=True,
must_revalidate=True)
return response
def add_bot_backend(
request: HttpRequest, user_profile: UserProfile,
full_name_raw: Text=REQ("full_name"), short_name_raw: Text=REQ("short_name"),
bot_type: int=REQ(validator=check_int, default=UserProfile.DEFAULT_BOT),
payload_url: Optional[Text]=REQ(validator=check_url, default=""),
service_name: Optional[Text]=REQ(default=None),
config_data: Optional[Dict[Text, Text]]=REQ(default=None,
validator=check_dict(value_validator=check_string)),
interface_type: int=REQ(validator=check_int, default=Service.GENERIC),
default_sending_stream_name: Optional[Text]=REQ('default_sending_stream', default=None),
default_events_register_stream_name: Optional[Text]=REQ('default_events_register_stream',
default=None),
default_all_public_streams: Optional[bool]=REQ(validator=check_bool, default=None)
) -> HttpResponse:
short_name = check_short_name(short_name_raw)
service_name = service_name or short_name
short_name += "-bot"
full_name = check_full_name(full_name_raw)
email = '%s@%s' % (short_name, user_profile.realm.get_bot_domain())
form = CreateUserForm({'full_name': full_name, 'email': email})
if bot_type == UserProfile.EMBEDDED_BOT:
if not settings.EMBEDDED_BOTS_ENABLED:
return json_error(_("Embedded bots are not enabled."))
if service_name not in [bot.name for bot in EMBEDDED_BOTS]:
return json_error(_("Invalid embedded bot name."))
if not form.is_valid():
# We validate client-side as well
return json_error(_('Bad name or username'))
try:
get_user(email, user_profile.realm)
return json_error(_("Username already in use"))
except UserProfile.DoesNotExist:
pass
check_valid_bot_type(user_profile, bot_type)
check_valid_interface_type(interface_type)
if len(request.FILES) == 0:
avatar_source = UserProfile.AVATAR_FROM_GRAVATAR
elif len(request.FILES) != 1:
return json_error(_("You may only upload one file at a time"))
else:
avatar_source = UserProfile.AVATAR_FROM_USER
default_sending_stream = None
if default_sending_stream_name is not None:
(default_sending_stream, ignored_rec, ignored_sub) = access_stream_by_name(
user_profile, default_sending_stream_name)
default_events_register_stream = None
if default_events_register_stream_name is not None:
(default_events_register_stream, ignored_rec, ignored_sub) = access_stream_by_name(
user_profile, default_events_register_stream_name)
bot_profile = do_create_user(email=email, password='',
realm=user_profile.realm, full_name=full_name,
short_name=short_name,
bot_type=bot_type,
bot_owner=user_profile,
avatar_source=avatar_source,
default_sending_stream=default_sending_stream,
default_events_register_stream=default_events_register_stream,
default_all_public_streams=default_all_public_streams)
if len(request.FILES) == 1:
user_file = list(request.FILES.values())[0]
upload_avatar_image(user_file, user_profile, bot_profile)
if bot_type in (UserProfile.OUTGOING_WEBHOOK_BOT, UserProfile.EMBEDDED_BOT):
add_service(name=service_name,
user_profile=bot_profile,
base_url=payload_url,
interface=interface_type,
token=random_api_key())
if bot_type == UserProfile.EMBEDDED_BOT:
for key, value in config_data.items():
set_bot_config(bot_profile, key, value)
json_result = dict(
api_key=bot_profile.api_key,
avatar_url=avatar_url(bot_profile),
default_sending_stream=get_stream_name(bot_profile.default_sending_stream),
default_events_register_stream=get_stream_name(bot_profile.default_events_register_stream),
default_all_public_streams=bot_profile.default_all_public_streams,
)
return json_success(json_result)
def home_real(request: HttpRequest) -> HttpResponse:
# We need to modify the session object every two weeks or it will expire.
# This line makes reloading the page a sufficient action to keep the
# session alive.
request.session.modified = True
user_profile = request.user
# If a user hasn't signed the current Terms of Service, send them there
if settings.TERMS_OF_SERVICE is not None and settings.TOS_VERSION is not None and \
int(settings.TOS_VERSION.split('.')[0]) > user_profile.major_tos_version():
return accounts_accept_terms(request)
narrow = [] # type: List[List[str]]
narrow_stream = None
narrow_topic = request.GET.get("topic")
if request.GET.get("stream"):
try:
narrow_stream_name = request.GET.get("stream")
(narrow_stream, ignored_rec, ignored_sub) = access_stream_by_name(
user_profile, narrow_stream_name)
narrow = [["stream", narrow_stream.name]]
except Exception:
logging.exception("Narrow parsing exception", extra=dict(request=request))
if narrow_stream is not None and narrow_topic is not None:
narrow.append(["topic", narrow_topic])
register_ret = do_events_register(user_profile, request.client,
apply_markdown=True, client_gravatar=True,
narrow=narrow)
user_has_messages = (register_ret['max_message_id'] != -1)
# Reset our don't-spam-users-with-email counter since the
# user has since logged in
if user_profile.last_reminder is not None: # nocoverage
# TODO: Look into the history of last_reminder; we may have
# eliminated that as a useful concept for non-bot users.
user_profile.last_reminder = None
user_profile.save(update_fields=["last_reminder"])
# Brand new users get narrowed to PM with welcome-bot
needs_tutorial = user_profile.tutorial_status == UserProfile.TUTORIAL_WAITING
first_in_realm = realm_user_count(user_profile.realm) == 1
# If you are the only person in the realm and you didn't invite
# anyone, we'll continue to encourage you to do so on the frontend.
prompt_for_invites = first_in_realm and \
not PreregistrationUser.objects.filter(referred_by=user_profile).count()
if user_profile.pointer == -1 and user_has_messages:
# Put the new user's pointer at the bottom
#
# This improves performance, because we limit backfilling of messages
# before the pointer. It's also likely that someone joining an
# organization is interested in recent messages more than the very
# first messages on the system.
register_ret['pointer'] = register_ret['max_message_id']
user_profile.last_pointer_updater = request.session.session_key
if user_profile.pointer == -1:
latest_read = None
else:
latest_read = get_usermessage_by_message_id(user_profile, user_profile.pointer)
if latest_read is None:
# Don't completely fail if your saved pointer ID is invalid
logging.warning("%s has invalid pointer %s" % (user_profile.email, user_profile.pointer))
# We pick a language for the user as follows:
# * First priority is the language in the URL, for debugging.
# * If not in the URL, we use the language from the user's settings.
request_language = translation.get_language_from_path(request.path_info)
if request_language is None:
request_language = register_ret['default_language']
translation.activate(request_language)
# We also save the language to the user's session, so that
# something reasonable will happen in logged-in portico pages.
request.session[translation.LANGUAGE_SESSION_KEY] = translation.get_language()
two_fa_enabled = settings.TWO_FACTOR_AUTHENTICATION_ENABLED
# Pass parameters to the client-side JavaScript code.
# These end up in a global JavaScript Object named 'page_params'.
page_params = dict(
# Server settings.
development_environment = settings.DEVELOPMENT,
debug_mode = settings.DEBUG,
test_suite = settings.TEST_SUITE,
poll_timeout = settings.POLL_TIMEOUT,
login_page = settings.HOME_NOT_LOGGED_IN,
root_domain_uri = settings.ROOT_DOMAIN_URI,
maxfilesize = settings.MAX_FILE_UPLOAD_SIZE,
max_avatar_file_size = settings.MAX_AVATAR_FILE_SIZE,
server_generation = settings.SERVER_GENERATION,
use_websockets = settings.USE_WEBSOCKETS,
save_stacktraces = settings.SAVE_FRONTEND_STACKTRACES,
warn_no_email = settings.WARN_NO_EMAIL,
server_inline_image_preview = settings.INLINE_IMAGE_PREVIEW,
server_inline_url_embed_preview = settings.INLINE_URL_EMBED_PREVIEW,
password_min_length = settings.PASSWORD_MIN_LENGTH,
password_min_guesses = settings.PASSWORD_MIN_GUESSES,
jitsi_server_url = settings.JITSI_SERVER_URL,
search_pills_enabled = settings.SEARCH_PILLS_ENABLED,
# Misc. extra data.
have_initial_messages = user_has_messages,
initial_servertime = time.time(), # Used for calculating relative presence age
default_language_name = get_language_name(register_ret['default_language']),
language_list_dbl_col = get_language_list_for_templates(register_ret['default_language']),
language_list = get_language_list(),
needs_tutorial = needs_tutorial,
first_in_realm = first_in_realm,
prompt_for_invites = prompt_for_invites,
furthest_read_time = sent_time_in_epoch_seconds(latest_read),
has_mobile_devices = num_push_devices_for_user(user_profile) > 0,
bot_types = get_bot_types(user_profile),
two_fa_enabled = two_fa_enabled,
# Adding two_fa_enabled as condition saves us 3 queries when
# 2FA is not enabled.
two_fa_enabled_user = two_fa_enabled and bool(default_device(user_profile)),
)
undesired_register_ret_fields = [
'streams',
]
for field_name in set(register_ret.keys()) - set(undesired_register_ret_fields):
page_params[field_name] = register_ret[field_name]
if narrow_stream is not None:
# In narrow_stream context, initial pointer is just latest message
recipient = get_stream_recipient(narrow_stream.id)
try:
initial_pointer = Message.objects.filter(recipient=recipient).order_by('id').reverse()[0].id
except IndexError:
initial_pointer = -1
page_params["narrow_stream"] = narrow_stream.name
if narrow_topic is not None:
page_params["narrow_topic"] = narrow_topic
page_params["narrow"] = [dict(operator=term[0], operand=term[1]) for term in narrow]
page_params["max_message_id"] = initial_pointer
page_params["pointer"] = initial_pointer
page_params["have_initial_messages"] = (initial_pointer != -1)
page_params["enable_desktop_notifications"] = False
statsd.incr('views.home')
show_invites = True
# Some realms only allow admins to invite users
if user_profile.realm.invite_by_admins_only and not user_profile.is_realm_admin:
show_invites = False
if user_profile.is_guest:
show_invites = False
show_billing = False
show_plans = False
if settings.CORPORATE_ENABLED:
from corporate.models import Customer
if user_profile.is_billing_admin or user_profile.is_realm_admin:
customer = Customer.objects.filter(realm=user_profile.realm).first()
if customer is not None and customer.has_billing_relationship:
show_billing = True
if user_profile.realm.plan_type == Realm.LIMITED:
show_plans = True
request._log_data['extra'] = "[%s]" % (register_ret["queue_id"],)
page_params['translation_data'] = {}
if request_language != 'en':
page_params['translation_data'] = get_language_translation_data(request_language)
csp_nonce = generate_random_token(48)
emojiset = user_profile.emojiset
if emojiset == UserProfile.TEXT_EMOJISET:
# If current emojiset is `TEXT_EMOJISET`, then fallback to
# GOOGLE_EMOJISET for picking which spritesheet's CSS to
# include (and thus how to display emojis in the emoji picker
# and composebox typeahead).
emojiset = UserProfile.GOOGLE_BLOB_EMOJISET
response = render(request, 'zerver/app/index.html',
context={'user_profile': user_profile,
'emojiset': emojiset,
'page_params': JSONEncoderForHTML().encode(page_params),
'csp_nonce': csp_nonce,
'avatar_url': avatar_url(user_profile),
'show_debug':
settings.DEBUG and ('show_debug' in request.GET),
'pipeline': settings.PIPELINE_ENABLED,
'search_pills_enabled': settings.SEARCH_PILLS_ENABLED,
'show_invites': show_invites,
'show_billing': show_billing,
'show_plans': show_plans,
'is_admin': user_profile.is_realm_admin,
'is_guest': user_profile.is_guest,
'show_webathena': user_profile.realm.webathena_enabled,
'enable_feedback': settings.ENABLE_FEEDBACK,
'embedded': narrow_stream is not None,
'invite_as': PreregistrationUser.INVITE_AS,
},)
patch_cache_control(response, no_cache=True, no_store=True, must_revalidate=True)
return response
def patch_bot_backend(request,
user_profile,
email,
full_name=REQ(default=None),
bot_owner=REQ(default=None),
default_sending_stream=REQ(default=None),
default_events_register_stream=REQ(default=None),
default_all_public_streams=REQ(default=None,
validator=check_bool)):
# type: (HttpRequest, UserProfile, Text, Optional[Text], Optional[Text], Optional[Text], Optional[Text], Optional[bool]) -> HttpResponse
try:
bot = get_user(email, user_profile.realm)
except UserProfile.DoesNotExist:
return json_error(_('No such user'))
if not user_profile.can_admin_user(bot):
return json_error(_('Insufficient permission'))
if full_name is not None:
check_change_full_name(bot, full_name, user_profile)
if bot_owner is not None:
owner = get_user(bot_owner, user_profile.realm)
do_change_bot_owner(bot, owner, user_profile)
if default_sending_stream is not None:
if default_sending_stream == "":
stream = None # type: Optional[Stream]
else:
(stream, recipient,
sub) = access_stream_by_name(user_profile, default_sending_stream)
do_change_default_sending_stream(bot, stream)
if default_events_register_stream is not None:
if default_events_register_stream == "":
stream = None
else:
(stream, recipient,
sub) = access_stream_by_name(user_profile,
default_events_register_stream)
do_change_default_events_register_stream(bot, stream)
if default_all_public_streams is not None:
do_change_default_all_public_streams(bot, default_all_public_streams)
if len(request.FILES) == 0:
pass
elif len(request.FILES) == 1:
user_file = list(request.FILES.values())[0]
upload_avatar_image(user_file, user_profile, bot)
avatar_source = UserProfile.AVATAR_FROM_USER
do_change_avatar_fields(bot, avatar_source)
else:
return json_error(_("You may only upload one file at a time"))
json_result = dict(
full_name=bot.full_name,
avatar_url=avatar_url(bot),
default_sending_stream=get_stream_name(bot.default_sending_stream),
default_events_register_stream=get_stream_name(
bot.default_events_register_stream),
default_all_public_streams=bot.default_all_public_streams,
)
# Don't include the bot owner in case it is not set.
# Default bots have no owner.
if bot.bot_owner is not None:
json_result['bot_owner'] = bot.bot_owner.email
return json_success(json_result)
def patch_bot_backend(
request: HttpRequest, user_profile: UserProfile, email: Text,
full_name: Optional[Text]=REQ(default=None),
bot_owner: Optional[Text]=REQ(default=None),
default_sending_stream: Optional[Text]=REQ(default=None),
default_events_register_stream: Optional[Text]=REQ(default=None),
default_all_public_streams: Optional[bool]=REQ(default=None, validator=check_bool)
) -> HttpResponse:
try:
bot = get_user(email, user_profile.realm)
except UserProfile.DoesNotExist:
return json_error(_('No such user'))
if not user_profile.can_admin_user(bot):
return json_error(_('Insufficient permission'))
if full_name is not None:
check_change_full_name(bot, full_name, user_profile)
if bot_owner is not None:
owner = get_user(bot_owner, user_profile.realm)
do_change_bot_owner(bot, owner, user_profile)
if default_sending_stream is not None:
if default_sending_stream == "":
stream = None # type: Optional[Stream]
else:
(stream, recipient, sub) = access_stream_by_name(
user_profile, default_sending_stream)
do_change_default_sending_stream(bot, stream)
if default_events_register_stream is not None:
if default_events_register_stream == "":
stream = None
else:
(stream, recipient, sub) = access_stream_by_name(
user_profile, default_events_register_stream)
do_change_default_events_register_stream(bot, stream)
if default_all_public_streams is not None:
do_change_default_all_public_streams(bot, default_all_public_streams)
if len(request.FILES) == 0:
pass
elif len(request.FILES) == 1:
user_file = list(request.FILES.values())[0]
upload_avatar_image(user_file, user_profile, bot)
avatar_source = UserProfile.AVATAR_FROM_USER
do_change_avatar_fields(bot, avatar_source)
else:
return json_error(_("You may only upload one file at a time"))
json_result = dict(
full_name=bot.full_name,
avatar_url=avatar_url(bot),
default_sending_stream=get_stream_name(bot.default_sending_stream),
default_events_register_stream=get_stream_name(bot.default_events_register_stream),
default_all_public_streams=bot.default_all_public_streams,
)
# Don't include the bot owner in case it is not set.
# Default bots have no owner.
if bot.bot_owner is not None:
json_result['bot_owner'] = bot.bot_owner.email
return json_success(json_result)
def add_bot_backend(request,
user_profile,
full_name_raw=REQ("full_name"),
short_name=REQ(),
default_sending_stream_name=REQ('default_sending_stream',
default=None),
default_events_register_stream_name=REQ(
'default_events_register_stream', default=None),
default_all_public_streams=REQ(validator=check_bool,
default=None)):
# type: (HttpRequest, UserProfile, Text, Text, Optional[Text], Optional[Text], Optional[bool]) -> HttpResponse
short_name += "-bot"
full_name = check_full_name(full_name_raw)
email = short_name + "@" + user_profile.realm.domain
form = CreateUserForm({'full_name': full_name, 'email': email})
if not form.is_valid():
# We validate client-side as well
return json_error(_('Bad name or username'))
try:
get_user_profile_by_email(email)
return json_error(_("Username already in use"))
except UserProfile.DoesNotExist:
pass
if len(request.FILES) == 0:
avatar_source = UserProfile.AVATAR_FROM_GRAVATAR
elif len(request.FILES) != 1:
return json_error(_("You may only upload one file at a time"))
else:
user_file = list(request.FILES.values())[0]
upload_avatar_image(user_file, user_profile, email)
avatar_source = UserProfile.AVATAR_FROM_USER
default_sending_stream = None
if default_sending_stream_name is not None:
(default_sending_stream, ignored_rec,
ignored_sub) = access_stream_by_name(user_profile,
default_sending_stream_name)
default_events_register_stream = None
if default_events_register_stream_name is not None:
(default_events_register_stream, ignored_rec,
ignored_sub) = access_stream_by_name(
user_profile, default_events_register_stream_name)
bot_profile = do_create_user(
email=email,
password='',
realm=user_profile.realm,
full_name=full_name,
short_name=short_name,
active=True,
bot_type=UserProfile.DEFAULT_BOT,
bot_owner=user_profile,
avatar_source=avatar_source,
default_sending_stream=default_sending_stream,
default_events_register_stream=default_events_register_stream,
default_all_public_streams=default_all_public_streams)
json_result = dict(
api_key=bot_profile.api_key,
avatar_url=avatar_url(bot_profile),
default_sending_stream=get_stream_name(
bot_profile.default_sending_stream),
default_events_register_stream=get_stream_name(
bot_profile.default_events_register_stream),
default_all_public_streams=bot_profile.default_all_public_streams,
)
return json_success(json_result)
def add_bot_backend(
request: HttpRequest, user_profile: UserProfile,
full_name_raw: Text=REQ("full_name"), short_name_raw: Text=REQ("short_name"),
bot_type: int=REQ(validator=check_int, default=UserProfile.DEFAULT_BOT),
payload_url: Optional[Text]=REQ(validator=check_url, default=""),
service_name: Optional[Text]=REQ(default=None),
config_data: Optional[Dict[Text, Text]]=REQ(default=None,
validator=check_dict(value_validator=check_string)),
interface_type: int=REQ(validator=check_int, default=Service.GENERIC),
default_sending_stream_name: Optional[Text]=REQ('default_sending_stream', default=None),
default_events_register_stream_name: Optional[Text]=REQ('default_events_register_stream',
default=None),
default_all_public_streams: Optional[bool]=REQ(validator=check_bool, default=None)
) -> HttpResponse:
short_name = check_short_name(short_name_raw)
service_name = service_name or short_name
short_name += "-bot"
full_name = check_full_name(full_name_raw)
email = '%s@%s' % (short_name, user_profile.realm.get_bot_domain())
form = CreateUserForm({'full_name': full_name, 'email': email})
if bot_type == UserProfile.EMBEDDED_BOT:
if not settings.EMBEDDED_BOTS_ENABLED:
return json_error(_("Embedded bots are not enabled."))
if service_name not in [bot.name for bot in EMBEDDED_BOTS]:
return json_error(_("Invalid embedded bot name."))
if not form.is_valid():
# We validate client-side as well
return json_error(_('Bad name or username'))
try:
get_user(email, user_profile.realm)
return json_error(_("Username already in use"))
except UserProfile.DoesNotExist:
pass
check_valid_bot_type(user_profile, bot_type)
check_valid_interface_type(interface_type)
if len(request.FILES) == 0:
avatar_source = UserProfile.AVATAR_FROM_GRAVATAR
elif len(request.FILES) != 1:
return json_error(_("You may only upload one file at a time"))
else:
avatar_source = UserProfile.AVATAR_FROM_USER
default_sending_stream = None
if default_sending_stream_name is not None:
(default_sending_stream, ignored_rec, ignored_sub) = access_stream_by_name(
user_profile, default_sending_stream_name)
default_events_register_stream = None
if default_events_register_stream_name is not None:
(default_events_register_stream, ignored_rec, ignored_sub) = access_stream_by_name(
user_profile, default_events_register_stream_name)
bot_profile = do_create_user(email=email, password='',
realm=user_profile.realm, full_name=full_name,
short_name=short_name,
bot_type=bot_type,
bot_owner=user_profile,
avatar_source=avatar_source,
default_sending_stream=default_sending_stream,
default_events_register_stream=default_events_register_stream,
default_all_public_streams=default_all_public_streams)
if len(request.FILES) == 1:
user_file = list(request.FILES.values())[0]
upload_avatar_image(user_file, user_profile, bot_profile)
if bot_type in (UserProfile.OUTGOING_WEBHOOK_BOT, UserProfile.EMBEDDED_BOT):
add_service(name=service_name,
user_profile=bot_profile,
base_url=payload_url,
interface=interface_type,
token=random_api_key())
if bot_type == UserProfile.EMBEDDED_BOT:
for key, value in config_data.items():
set_bot_config(bot_profile, key, value)
notify_created_bot(bot_profile)
json_result = dict(
api_key=bot_profile.api_key,
avatar_url=avatar_url(bot_profile),
default_sending_stream=get_stream_name(bot_profile.default_sending_stream),
default_events_register_stream=get_stream_name(bot_profile.default_events_register_stream),
default_all_public_streams=bot_profile.default_all_public_streams,
)
return json_success(json_result)
def add_default_stream(request: HttpRequest,
user_profile: UserProfile,
stream_name: str=REQ()) -> HttpResponse:
(stream, recipient, sub) = access_stream_by_name(user_profile, stream_name)
do_add_default_stream(stream)
return json_success()
def json_get_stream_id(request: HttpRequest,
user_profile: UserProfile,
stream_name: str=REQ('stream')) -> HttpResponse:
(stream, recipient, sub) = access_stream_by_name(user_profile, stream_name)
return json_success({'stream_id': stream.id})
def json_get_stream_id(request: HttpRequest,
user_profile: UserProfile,
stream_name: Text=REQ('stream')) -> HttpResponse:
(stream, recipient, sub) = access_stream_by_name(user_profile, stream_name)
return json_success({'stream_id': stream.id})
def json_get_stream_id(request, user_profile, stream_name=REQ('stream')):
# type: (HttpRequest, UserProfile, Text) -> HttpResponse
(stream, recipient, sub) = access_stream_by_name(user_profile, stream_name)
return json_success({'stream_id': stream.id})
def add_bot_backend(request,
user_profile,
full_name_raw=REQ("full_name"),
short_name_raw=REQ("short_name"),
bot_type=REQ(validator=check_int,
default=UserProfile.DEFAULT_BOT),
payload_url=REQ(validator=check_url, default=None),
interface_type=REQ(validator=check_int,
default=Service.GENERIC),
default_sending_stream_name=REQ('default_sending_stream',
default=None),
default_events_register_stream_name=REQ(
'default_events_register_stream', default=None),
default_all_public_streams=REQ(validator=check_bool,
default=None)):
# type: (HttpRequest, UserProfile, Text, Text, int, Optional[Text], int, Optional[Text], Optional[Text], Optional[bool]) -> HttpResponse
short_name = check_short_name(short_name_raw)
service_name = short_name
short_name += "-bot"
full_name = check_full_name(full_name_raw)
email = '%s@%s' % (short_name, user_profile.realm.get_bot_domain())
form = CreateUserForm({'full_name': full_name, 'email': email})
if not form.is_valid():
# We validate client-side as well
return json_error(_('Bad name or username'))
try:
get_user(email, user_profile.realm)
return json_error(_("Username already in use"))
except UserProfile.DoesNotExist:
pass
check_valid_bot_type(bot_type)
check_valid_interface_type(interface_type)
if len(request.FILES) == 0:
avatar_source = UserProfile.AVATAR_FROM_GRAVATAR
elif len(request.FILES) != 1:
return json_error(_("You may only upload one file at a time"))
else:
avatar_source = UserProfile.AVATAR_FROM_USER
default_sending_stream = None
if default_sending_stream_name is not None:
(default_sending_stream, ignored_rec,
ignored_sub) = access_stream_by_name(user_profile,
default_sending_stream_name)
default_events_register_stream = None
if default_events_register_stream_name is not None:
(default_events_register_stream, ignored_rec,
ignored_sub) = access_stream_by_name(
user_profile, default_events_register_stream_name)
bot_profile = do_create_user(
email=email,
password='',
realm=user_profile.realm,
full_name=full_name,
short_name=short_name,
active=True,
bot_type=bot_type,
bot_owner=user_profile,
avatar_source=avatar_source,
default_sending_stream=default_sending_stream,
default_events_register_stream=default_events_register_stream,
default_all_public_streams=default_all_public_streams)
if len(request.FILES) == 1:
user_file = list(request.FILES.values())[0]
upload_avatar_image(user_file, user_profile, bot_profile)
if bot_type == UserProfile.OUTGOING_WEBHOOK_BOT:
add_outgoing_webhook_service(name=service_name,
user_profile=bot_profile,
base_url=payload_url,
interface=interface_type,
token=random_api_key())
json_result = dict(
api_key=bot_profile.api_key,
avatar_url=avatar_url(bot_profile),
default_sending_stream=get_stream_name(
bot_profile.default_sending_stream),
default_events_register_stream=get_stream_name(
bot_profile.default_events_register_stream),
default_all_public_streams=bot_profile.default_all_public_streams,
)
return json_success(json_result)
def remove_default_stream(request, user_profile, stream_name=REQ()):
# type: (HttpRequest, UserProfile, Text) -> HttpResponse
(stream, recipient, sub) = access_stream_by_name(user_profile, stream_name)
do_remove_default_stream(stream)
return json_success()
def home_real(request):
# type: (HttpRequest) -> HttpResponse
# We need to modify the session object every two weeks or it will expire.
# This line makes reloading the page a sufficient action to keep the
# session alive.
request.session.modified = True
user_profile = request.user
# If a user hasn't signed the current Terms of Service, send them there
if settings.TERMS_OF_SERVICE is not None and settings.TOS_VERSION is not None and \
int(settings.TOS_VERSION.split('.')[0]) > user_profile.major_tos_version():
return accounts_accept_terms(request)
narrow = [] # type: List[List[Text]]
narrow_stream = None
narrow_topic = request.GET.get("topic")
if request.GET.get("stream"):
try:
narrow_stream_name = request.GET.get("stream")
(narrow_stream, ignored_rec, ignored_sub) = access_stream_by_name(
user_profile, narrow_stream_name)
narrow = [["stream", narrow_stream.name]]
except Exception:
logging.exception("Narrow parsing")
if narrow_stream is not None and narrow_topic is not None:
narrow.append(["topic", narrow_topic])
register_ret = do_events_register(user_profile, request.client,
apply_markdown=True, narrow=narrow)
user_has_messages = (register_ret['max_message_id'] != -1)
# Reset our don't-spam-users-with-email counter since the
# user has since logged in
if user_profile.last_reminder is not None:
user_profile.last_reminder = None
user_profile.save(update_fields=["last_reminder"])
# Brand new users get the tutorial
needs_tutorial = settings.TUTORIAL_ENABLED and \
user_profile.tutorial_status != UserProfile.TUTORIAL_FINISHED
first_in_realm = realm_user_count(user_profile.realm) == 1
# If you are the only person in the realm and you didn't invite
# anyone, we'll continue to encourage you to do so on the frontend.
prompt_for_invites = first_in_realm and \
not PreregistrationUser.objects.filter(referred_by=user_profile).count()
if user_profile.pointer == -1 and user_has_messages:
# Put the new user's pointer at the bottom
#
# This improves performance, because we limit backfilling of messages
# before the pointer. It's also likely that someone joining an
# organization is interested in recent messages more than the very
# first messages on the system.
register_ret['pointer'] = register_ret['max_message_id']
user_profile.last_pointer_updater = request.session.session_key
if user_profile.pointer == -1:
latest_read = None
else:
try:
latest_read = UserMessage.objects.get(user_profile=user_profile,
message__id=user_profile.pointer)
except UserMessage.DoesNotExist:
# Don't completely fail if your saved pointer ID is invalid
logging.warning("%s has invalid pointer %s" % (user_profile.email, user_profile.pointer))
latest_read = None
# Set default language and make it persist
default_language = register_ret['default_language']
url_lang = '/{}'.format(request.LANGUAGE_CODE)
if not request.path.startswith(url_lang):
translation.activate(default_language)
request.session[translation.LANGUAGE_SESSION_KEY] = default_language
# Pass parameters to the client-side JavaScript code.
# These end up in a global JavaScript Object named 'page_params'.
page_params = dict(
# Server settings.
share_the_love = settings.SHARE_THE_LOVE,
development_environment = settings.DEVELOPMENT,
debug_mode = settings.DEBUG,
test_suite = settings.TEST_SUITE,
poll_timeout = settings.POLL_TIMEOUT,
login_page = settings.HOME_NOT_LOGGED_IN,
server_uri = settings.SERVER_URI,
maxfilesize = settings.MAX_FILE_UPLOAD_SIZE,
max_avatar_file_size = settings.MAX_AVATAR_FILE_SIZE,
server_generation = settings.SERVER_GENERATION,
use_websockets = settings.USE_WEBSOCKETS,
save_stacktraces = settings.SAVE_FRONTEND_STACKTRACES,
server_inline_image_preview = settings.INLINE_IMAGE_PREVIEW,
server_inline_url_embed_preview = settings.INLINE_URL_EMBED_PREVIEW,
# Misc. extra data.
have_initial_messages = user_has_messages,
initial_servertime = time.time(), # Used for calculating relative presence age
default_language_name = get_language_name(register_ret['default_language']),
language_list_dbl_col = get_language_list_for_templates(register_ret['default_language']),
language_list = get_language_list(),
needs_tutorial = needs_tutorial,
first_in_realm = first_in_realm,
prompt_for_invites = prompt_for_invites,
unread_count = approximate_unread_count(user_profile),
furthest_read_time = sent_time_in_epoch_seconds(latest_read),
has_mobile_devices = num_push_devices_for_user(user_profile) > 0,
)
undesired_register_ret_fields = [
'streams',
]
for field_name in set(register_ret.keys()) - set(undesired_register_ret_fields):
page_params[field_name] = register_ret[field_name]
if narrow_stream is not None:
# In narrow_stream context, initial pointer is just latest message
recipient = get_recipient(Recipient.STREAM, narrow_stream.id)
try:
initial_pointer = Message.objects.filter(recipient=recipient).order_by('id').reverse()[0].id
except IndexError:
initial_pointer = -1
page_params["narrow_stream"] = narrow_stream.name
if narrow_topic is not None:
page_params["narrow_topic"] = narrow_topic
page_params["narrow"] = [dict(operator=term[0], operand=term[1]) for term in narrow]
page_params["max_message_id"] = initial_pointer
page_params["pointer"] = initial_pointer
page_params["have_initial_messages"] = (initial_pointer != -1)
page_params["enable_desktop_notifications"] = False
statsd.incr('views.home')
show_invites = True
# Some realms only allow admins to invite users
if user_profile.realm.invite_by_admins_only and not user_profile.is_realm_admin:
show_invites = False
request._log_data['extra'] = "[%s]" % (register_ret["queue_id"],)
response = render(request, 'zerver/index.html',
context={'user_profile': user_profile,
'page_params': simplejson.encoder.JSONEncoderForHTML().encode(page_params),
'nofontface': is_buggy_ua(request.META.get("HTTP_USER_AGENT", "Unspecified")),
'avatar_url': avatar_url(user_profile),
'show_debug':
settings.DEBUG and ('show_debug' in request.GET),
'pipeline': settings.PIPELINE_ENABLED,
'show_invites': show_invites,
'is_admin': user_profile.is_realm_admin,
'show_webathena': user_profile.realm.webathena_enabled,
'enable_feedback': settings.ENABLE_FEEDBACK,
'embedded': narrow_stream is not None,
},)
patch_cache_control(response, no_cache=True, no_store=True, must_revalidate=True)
return response
def home_real(request: HttpRequest) -> HttpResponse:
# We need to modify the session object every two weeks or it will expire.
# This line makes reloading the page a sufficient action to keep the
# session alive.
request.session.modified = True
user_profile = request.user
# If a user hasn't signed the current Terms of Service, send them there
if settings.TERMS_OF_SERVICE is not None and settings.TOS_VERSION is not None and \
int(settings.TOS_VERSION.split('.')[0]) > user_profile.major_tos_version():
return accounts_accept_terms(request)
narrow = [] # type: List[List[str]]
narrow_stream = None
narrow_topic = request.GET.get("topic")
if request.GET.get("stream"):
try:
# TODO: We should support stream IDs and PMs here as well.
narrow_stream_name = request.GET.get("stream")
(narrow_stream, ignored_rec,
ignored_sub) = access_stream_by_name(user_profile,
narrow_stream_name)
narrow = [["stream", narrow_stream.name]]
except Exception:
logging.warning("Invalid narrow requested, ignoring",
extra=dict(request=request))
if narrow_stream is not None and narrow_topic is not None:
narrow.append(["topic", narrow_topic])
register_ret = do_events_register(user_profile,
request.client,
apply_markdown=True,
client_gravatar=True,
notification_settings_null=True,
narrow=narrow)
user_has_messages = (register_ret['max_message_id'] != -1)
# Reset our don't-spam-users-with-email counter since the
# user has since logged in
if user_profile.last_reminder is not None: # nocoverage
# TODO: Look into the history of last_reminder; we may have
# eliminated that as a useful concept for non-bot users.
user_profile.last_reminder = None
user_profile.save(update_fields=["last_reminder"])
# Brand new users get narrowed to PM with welcome-bot
needs_tutorial = user_profile.tutorial_status == UserProfile.TUTORIAL_WAITING
first_in_realm = realm_user_count(user_profile.realm) == 1
# If you are the only person in the realm and you didn't invite
# anyone, we'll continue to encourage you to do so on the frontend.
prompt_for_invites = first_in_realm and \
not PreregistrationUser.objects.filter(referred_by=user_profile).count()
if user_profile.pointer == -1 and user_has_messages:
# Put the new user's pointer at the bottom
#
# This improves performance, because we limit backfilling of messages
# before the pointer. It's also likely that someone joining an
# organization is interested in recent messages more than the very
# first messages on the system.
register_ret['pointer'] = register_ret['max_message_id']
user_profile.last_pointer_updater = request.session.session_key
if user_profile.pointer == -1:
latest_read = None
else:
latest_read = get_usermessage_by_message_id(user_profile,
user_profile.pointer)
if latest_read is None:
# Don't completely fail if your saved pointer ID is invalid
logging.warning("%s has invalid pointer %s" %
(user_profile.email, user_profile.pointer))
# We pick a language for the user as follows:
# * First priority is the language in the URL, for debugging.
# * If not in the URL, we use the language from the user's settings.
request_language = translation.get_language_from_path(request.path_info)
if request_language is None:
request_language = register_ret['default_language']
translation.activate(request_language)
# We also save the language to the user's session, so that
# something reasonable will happen in logged-in portico pages.
request.session[
translation.LANGUAGE_SESSION_KEY] = translation.get_language()
two_fa_enabled = settings.TWO_FACTOR_AUTHENTICATION_ENABLED
# Pass parameters to the client-side JavaScript code.
# These end up in a global JavaScript Object named 'page_params'.
page_params = dict(
# Server settings.
development_environment=settings.DEVELOPMENT,
debug_mode=settings.DEBUG,
test_suite=settings.TEST_SUITE,
poll_timeout=settings.POLL_TIMEOUT,
login_page=settings.HOME_NOT_LOGGED_IN,
root_domain_uri=settings.ROOT_DOMAIN_URI,
max_file_upload_size=settings.MAX_FILE_UPLOAD_SIZE,
max_avatar_file_size=settings.MAX_AVATAR_FILE_SIZE,
server_generation=settings.SERVER_GENERATION,
use_websockets=settings.USE_WEBSOCKETS,
save_stacktraces=settings.SAVE_FRONTEND_STACKTRACES,
warn_no_email=settings.WARN_NO_EMAIL,
server_inline_image_preview=settings.INLINE_IMAGE_PREVIEW,
server_inline_url_embed_preview=settings.INLINE_URL_EMBED_PREVIEW,
password_min_length=settings.PASSWORD_MIN_LENGTH,
password_min_guesses=settings.PASSWORD_MIN_GUESSES,
jitsi_server_url=settings.JITSI_SERVER_URL,
search_pills_enabled=settings.SEARCH_PILLS_ENABLED,
server_avatar_changes_disabled=settings.AVATAR_CHANGES_DISABLED,
server_name_changes_disabled=settings.NAME_CHANGES_DISABLED,
# Misc. extra data.
have_initial_messages=user_has_messages,
initial_servertime=time.time(
), # Used for calculating relative presence age
default_language_name=get_language_name(
register_ret['default_language']),
language_list_dbl_col=get_language_list_for_templates(
register_ret['default_language']),
language_list=get_language_list(),
needs_tutorial=needs_tutorial,
first_in_realm=first_in_realm,
prompt_for_invites=prompt_for_invites,
furthest_read_time=sent_time_in_epoch_seconds(latest_read),
has_mobile_devices=num_push_devices_for_user(user_profile) > 0,
bot_types=get_bot_types(user_profile),
two_fa_enabled=two_fa_enabled,
# Adding two_fa_enabled as condition saves us 3 queries when
# 2FA is not enabled.
two_fa_enabled_user=two_fa_enabled
and bool(default_device(user_profile)),
)
undesired_register_ret_fields = [
'streams',
]
for field_name in set(
register_ret.keys()) - set(undesired_register_ret_fields):
page_params[field_name] = register_ret[field_name]
if narrow_stream is not None:
# In narrow_stream context, initial pointer is just latest message
recipient = get_stream_recipient(narrow_stream.id)
try:
initial_pointer = Message.objects.filter(
recipient=recipient).order_by('id').reverse()[0].id
except IndexError:
initial_pointer = -1
page_params["narrow_stream"] = narrow_stream.name
if narrow_topic is not None:
page_params["narrow_topic"] = narrow_topic
page_params["narrow"] = [
dict(operator=term[0], operand=term[1]) for term in narrow
]
page_params["max_message_id"] = initial_pointer
page_params["pointer"] = initial_pointer
page_params["have_initial_messages"] = (initial_pointer != -1)
page_params["enable_desktop_notifications"] = False
statsd.incr('views.home')
show_invites = True
show_add_streams = True
# Some realms only allow admins to invite users
if user_profile.realm.invite_by_admins_only and not user_profile.is_realm_admin:
show_invites = False
if user_profile.is_guest:
show_invites = False
show_add_streams = False
show_billing = False
show_plans = False
if settings.CORPORATE_ENABLED:
from corporate.models import Customer, CustomerPlan
if user_profile.is_billing_admin or user_profile.is_realm_admin:
customer = Customer.objects.filter(
realm=user_profile.realm).first()
if customer is not None and CustomerPlan.objects.filter(
customer=customer).exists():
show_billing = True
if user_profile.realm.plan_type == Realm.LIMITED:
show_plans = True
request._log_data['extra'] = "[%s]" % (register_ret["queue_id"], )
page_params['translation_data'] = {}
if request_language != 'en':
page_params['translation_data'] = get_language_translation_data(
request_language)
csp_nonce = generate_random_token(48)
emojiset = user_profile.emojiset
if emojiset == UserProfile.TEXT_EMOJISET:
# If current emojiset is `TEXT_EMOJISET`, then fallback to
# GOOGLE_EMOJISET for picking which spritesheet's CSS to
# include (and thus how to display emojis in the emoji picker
# and composebox typeahead).
emojiset = UserProfile.GOOGLE_BLOB_EMOJISET
navbar_logo_url = compute_navbar_logo_url(page_params)
response = render(
request,
'zerver/app/index.html',
context={
'user_profile': user_profile,
'emojiset': emojiset,
'page_params': JSONEncoderForHTML().encode(page_params),
'csp_nonce': csp_nonce,
'avatar_url': avatar_url(user_profile),
'show_debug': settings.DEBUG and ('show_debug' in request.GET),
'pipeline': settings.PIPELINE_ENABLED,
'search_pills_enabled': settings.SEARCH_PILLS_ENABLED,
'show_invites': show_invites,
'show_add_streams': show_add_streams,
'show_billing': show_billing,
'show_plans': show_plans,
'is_admin': user_profile.is_realm_admin,
'is_guest': user_profile.is_guest,
'night_mode': user_profile.night_mode,
'navbar_logo_url': navbar_logo_url,
'show_webathena': user_profile.realm.webathena_enabled,
'enable_feedback': settings.ENABLE_FEEDBACK,
'embedded': narrow_stream is not None,
'invite_as': PreregistrationUser.INVITE_AS,
'max_file_upload_size': settings.MAX_FILE_UPLOAD_SIZE,
},
)
patch_cache_control(response,
no_cache=True,
no_store=True,
must_revalidate=True)
return response
def patch_bot_backend(
request: HttpRequest, user_profile: UserProfile, bot_id: int,
full_name: Optional[str]=REQ(default=None),
bot_owner_id: Optional[int]=REQ(default=None),
config_data: Optional[Dict[str, str]]=REQ(default=None,
validator=check_dict(value_validator=check_string)),
service_payload_url: Optional[str]=REQ(validator=check_url, default=None),
service_interface: Optional[int]=REQ(validator=check_int, default=1),
default_sending_stream: Optional[str]=REQ(default=None),
default_events_register_stream: Optional[str]=REQ(default=None),
default_all_public_streams: Optional[bool]=REQ(default=None, validator=check_bool)
) -> HttpResponse:
bot = access_bot_by_id(user_profile, bot_id)
if full_name is not None:
check_change_bot_full_name(bot, full_name, user_profile)
if bot_owner_id is not None:
try:
owner = get_user_profile_by_id_in_realm(bot_owner_id, user_profile.realm)
except UserProfile.DoesNotExist:
return json_error(_('Failed to change owner, no such user'))
if not owner.is_active:
return json_error(_('Failed to change owner, user is deactivated'))
if owner.is_bot:
return json_error(_("Failed to change owner, bots can't own other bots"))
previous_owner = bot.bot_owner
if previous_owner != owner:
do_change_bot_owner(bot, owner, user_profile)
if default_sending_stream is not None:
if default_sending_stream == "":
stream = None # type: Optional[Stream]
else:
(stream, recipient, sub) = access_stream_by_name(
user_profile, default_sending_stream)
do_change_default_sending_stream(bot, stream)
if default_events_register_stream is not None:
if default_events_register_stream == "":
stream = None
else:
(stream, recipient, sub) = access_stream_by_name(
user_profile, default_events_register_stream)
do_change_default_events_register_stream(bot, stream)
if default_all_public_streams is not None:
do_change_default_all_public_streams(bot, default_all_public_streams)
if service_payload_url is not None:
check_valid_interface_type(service_interface)
assert service_interface is not None
do_update_outgoing_webhook_service(bot, service_interface, service_payload_url)
if config_data is not None:
do_update_bot_config_data(bot, config_data)
if len(request.FILES) == 0:
pass
elif len(request.FILES) == 1:
user_file = list(request.FILES.values())[0]
upload_avatar_image(user_file, user_profile, bot)
avatar_source = UserProfile.AVATAR_FROM_USER
do_change_avatar_fields(bot, avatar_source)
else:
return json_error(_("You may only upload one file at a time"))
json_result = dict(
full_name=bot.full_name,
avatar_url=avatar_url(bot),
service_interface = service_interface,
service_payload_url = service_payload_url,
config_data = config_data,
default_sending_stream=get_stream_name(bot.default_sending_stream),
default_events_register_stream=get_stream_name(bot.default_events_register_stream),
default_all_public_streams=bot.default_all_public_streams,
)
# Don't include the bot owner in case it is not set.
# Default bots have no owner.
if bot.bot_owner is not None:
json_result['bot_owner'] = bot.bot_owner.email
return json_success(json_result)
def add_default_stream(request, user_profile, stream_name=REQ()):
# type: (HttpRequest, UserProfile, Text) -> HttpResponse
(stream, recipient, sub) = access_stream_by_name(user_profile, stream_name)
do_add_default_stream(stream)
return json_success()
def json_get_stream_id(
request: HttpRequest,
user_profile: UserProfile,
stream_name: str = REQ("stream")) -> HttpResponse:
(stream, sub) = access_stream_by_name(user_profile, stream_name)
return json_success({"stream_id": stream.id})
def add_default_stream(request: HttpRequest,
user_profile: UserProfile,
stream_name: Text=REQ()) -> HttpResponse:
(stream, recipient, sub) = access_stream_by_name(user_profile, stream_name)
do_add_default_stream(stream)
return json_success()
def add_bot_backend(
request: HttpRequest,
user_profile: UserProfile,
full_name_raw: str = REQ("full_name"),
short_name_raw: str = REQ("short_name"),
bot_type: int = REQ(validator=check_int, default=UserProfile.DEFAULT_BOT),
payload_url: Optional[str] = REQ(validator=check_url, default=""),
service_name: Optional[str] = REQ(default=None),
config_data: Dict[str, str] = REQ(
default={}, validator=check_dict(value_validator=check_string)),
interface_type: int = REQ(validator=check_int, default=Service.GENERIC),
default_sending_stream_name: Optional[str] = REQ('default_sending_stream',
default=None),
default_events_register_stream_name: Optional[str] = REQ(
'default_events_register_stream', default=None),
default_all_public_streams: Optional[bool] = REQ(validator=check_bool,
default=None)
) -> HttpResponse:
short_name = check_short_name(short_name_raw)
if bot_type != UserProfile.INCOMING_WEBHOOK_BOT:
service_name = service_name or short_name
short_name += "-bot"
full_name = check_full_name(full_name_raw)
try:
email = '%s@%s' % (short_name, user_profile.realm.get_bot_domain())
except InvalidFakeEmailDomain:
return json_error(
_("Can't create bots until FAKE_EMAIL_DOMAIN is correctly configured.\n"
"Please contact your server administrator."))
form = CreateUserForm({'full_name': full_name, 'email': email})
if bot_type == UserProfile.EMBEDDED_BOT:
if not settings.EMBEDDED_BOTS_ENABLED:
return json_error(_("Embedded bots are not enabled."))
if service_name not in [bot.name for bot in EMBEDDED_BOTS]:
return json_error(_("Invalid embedded bot name."))
if not form.is_valid():
# We validate client-side as well
return json_error(_('Bad name or username'))
try:
get_user_by_delivery_email(email, user_profile.realm)
return json_error(_("Username already in use"))
except UserProfile.DoesNotExist:
pass
check_bot_name_available(
realm_id=user_profile.realm_id,
full_name=full_name,
)
check_bot_creation_policy(user_profile, bot_type)
check_valid_bot_type(user_profile, bot_type)
check_valid_interface_type(interface_type)
if len(request.FILES) == 0:
avatar_source = UserProfile.AVATAR_FROM_GRAVATAR
elif len(request.FILES) != 1:
return json_error(_("You may only upload one file at a time"))
else:
avatar_source = UserProfile.AVATAR_FROM_USER
default_sending_stream = None
if default_sending_stream_name is not None:
(default_sending_stream, ignored_rec,
ignored_sub) = access_stream_by_name(user_profile,
default_sending_stream_name)
default_events_register_stream = None
if default_events_register_stream_name is not None:
(default_events_register_stream, ignored_rec,
ignored_sub) = access_stream_by_name(
user_profile, default_events_register_stream_name)
if bot_type in (UserProfile.INCOMING_WEBHOOK_BOT,
UserProfile.EMBEDDED_BOT) and service_name:
check_valid_bot_config(bot_type, service_name, config_data)
bot_profile = do_create_user(
email=email,
password=None,
realm=user_profile.realm,
full_name=full_name,
short_name=short_name,
bot_type=bot_type,
bot_owner=user_profile,
avatar_source=avatar_source,
default_sending_stream=default_sending_stream,
default_events_register_stream=default_events_register_stream,
default_all_public_streams=default_all_public_streams)
if len(request.FILES) == 1:
user_file = list(request.FILES.values())[0]
upload_avatar_image(user_file, user_profile, bot_profile)
if bot_type in (UserProfile.OUTGOING_WEBHOOK_BOT,
UserProfile.EMBEDDED_BOT):
assert (isinstance(service_name, str))
add_service(name=service_name,
user_profile=bot_profile,
base_url=payload_url,
interface=interface_type,
token=generate_api_key())
if bot_type == UserProfile.INCOMING_WEBHOOK_BOT and service_name:
set_bot_config(bot_profile, "integration_id", service_name)
if bot_type in (UserProfile.INCOMING_WEBHOOK_BOT,
UserProfile.EMBEDDED_BOT):
for key, value in config_data.items():
set_bot_config(bot_profile, key, value)
notify_created_bot(bot_profile)
api_key = get_api_key(bot_profile)
json_result = dict(
api_key=api_key,
avatar_url=avatar_url(bot_profile),
default_sending_stream=get_stream_name(
bot_profile.default_sending_stream),
default_events_register_stream=get_stream_name(
bot_profile.default_events_register_stream),
default_all_public_streams=bot_profile.default_all_public_streams,
)
return json_success(json_result)
def patch_bot_backend(
request: HttpRequest,
user_profile: UserProfile,
bot_id: int,
full_name: Optional[str] = REQ(default=None),
bot_owner_id: Optional[int] = REQ(default=None),
config_data: Optional[Dict[str, str]] = REQ(
default=None, validator=check_dict(value_validator=check_string)),
service_payload_url: Optional[str] = REQ(validator=check_url,
default=None),
service_interface: Optional[int] = REQ(validator=check_int, default=1),
default_sending_stream: Optional[str] = REQ(default=None),
default_events_register_stream: Optional[str] = REQ(default=None),
default_all_public_streams: Optional[bool] = REQ(default=None,
validator=check_bool)
) -> HttpResponse:
bot = access_bot_by_id(user_profile, bot_id)
if full_name is not None:
check_change_bot_full_name(bot, full_name, user_profile)
if bot_owner_id is not None:
try:
owner = get_user_profile_by_id_in_realm(bot_owner_id,
user_profile.realm)
except UserProfile.DoesNotExist:
return json_error(_('Failed to change owner, no such user'))
if not owner.is_active:
return json_error(_('Failed to change owner, user is deactivated'))
if owner.is_bot:
return json_error(
_("Failed to change owner, bots can't own other bots"))
previous_owner = bot.bot_owner
if previous_owner != owner:
do_change_bot_owner(bot, owner, user_profile)
if default_sending_stream is not None:
if default_sending_stream == "":
stream = None # type: Optional[Stream]
else:
(stream, recipient,
sub) = access_stream_by_name(user_profile, default_sending_stream)
do_change_default_sending_stream(bot, stream)
if default_events_register_stream is not None:
if default_events_register_stream == "":
stream = None
else:
(stream, recipient,
sub) = access_stream_by_name(user_profile,
default_events_register_stream)
do_change_default_events_register_stream(bot, stream)
if default_all_public_streams is not None:
do_change_default_all_public_streams(bot, default_all_public_streams)
if service_payload_url is not None:
check_valid_interface_type(service_interface)
assert service_interface is not None
do_update_outgoing_webhook_service(bot, service_interface,
service_payload_url)
if config_data is not None:
do_update_bot_config_data(bot, config_data)
if len(request.FILES) == 0:
pass
elif len(request.FILES) == 1:
user_file = list(request.FILES.values())[0]
upload_avatar_image(user_file, user_profile, bot)
avatar_source = UserProfile.AVATAR_FROM_USER
do_change_avatar_fields(bot, avatar_source)
else:
return json_error(_("You may only upload one file at a time"))
json_result = dict(
full_name=bot.full_name,
avatar_url=avatar_url(bot),
service_interface=service_interface,
service_payload_url=service_payload_url,
config_data=config_data,
default_sending_stream=get_stream_name(bot.default_sending_stream),
default_events_register_stream=get_stream_name(
bot.default_events_register_stream),
default_all_public_streams=bot.default_all_public_streams,
)
# Don't include the bot owner in case it is not set.
# Default bots have no owner.
if bot.bot_owner is not None:
json_result['bot_owner'] = bot.bot_owner.email
return json_success(json_result)
def home_real(request):
# type: (HttpRequest) -> HttpResponse
# We need to modify the session object every two weeks or it will expire.
# This line makes reloading the page a sufficient action to keep the
# session alive.
request.session.modified = True
user_profile = request.user
# If a user hasn't signed the current Terms of Service, send them there
if settings.TERMS_OF_SERVICE is not None and settings.TOS_VERSION is not None and \
int(settings.TOS_VERSION.split('.')[0]) > user_profile.major_tos_version():
return accounts_accept_terms(request)
narrow = [] # type: List[List[Text]]
narrow_stream = None
narrow_topic = request.GET.get("topic")
if request.GET.get("stream"):
try:
narrow_stream_name = request.GET.get("stream")
(narrow_stream, ignored_rec, ignored_sub) = access_stream_by_name(
user_profile, narrow_stream_name)
narrow = [["stream", narrow_stream.name]]
except Exception:
logging.exception("Narrow parsing")
if narrow_stream is not None and narrow_topic is not None:
narrow.append(["topic", narrow_topic])
register_ret = do_events_register(user_profile, request.client,
apply_markdown=True, narrow=narrow)
user_has_messages = (register_ret['max_message_id'] != -1)
# Reset our don't-spam-users-with-email counter since the
# user has since logged in
if user_profile.last_reminder is not None:
user_profile.last_reminder = None
user_profile.save(update_fields=["last_reminder"])
# Brand new users get the tutorial
needs_tutorial = settings.TUTORIAL_ENABLED and \
user_profile.tutorial_status != UserProfile.TUTORIAL_FINISHED
first_in_realm = realm_user_count(user_profile.realm) == 1
# If you are the only person in the realm and you didn't invite
# anyone, we'll continue to encourage you to do so on the frontend.
prompt_for_invites = first_in_realm and \
not PreregistrationUser.objects.filter(referred_by=user_profile).count()
if user_profile.pointer == -1 and user_has_messages:
# Put the new user's pointer at the bottom
#
# This improves performance, because we limit backfilling of messages
# before the pointer. It's also likely that someone joining an
# organization is interested in recent messages more than the very
# first messages on the system.
register_ret['pointer'] = register_ret['max_message_id']
user_profile.last_pointer_updater = request.session.session_key
if user_profile.pointer == -1:
latest_read = None
else:
try:
latest_read = UserMessage.objects.get(user_profile=user_profile,
message__id=user_profile.pointer)
except UserMessage.DoesNotExist:
# Don't completely fail if your saved pointer ID is invalid
logging.warning("%s has invalid pointer %s" % (user_profile.email, user_profile.pointer))
latest_read = None
desktop_notifications_enabled = user_profile.enable_desktop_notifications
if narrow_stream is not None:
desktop_notifications_enabled = False
if user_profile.realm.notifications_stream:
notifications_stream = user_profile.realm.notifications_stream.name
else:
notifications_stream = ""
# Set default language and make it persist
default_language = register_ret['default_language']
url_lang = '/{}'.format(request.LANGUAGE_CODE)
if not request.path.startswith(url_lang):
translation.activate(default_language)
request.session[translation.LANGUAGE_SESSION_KEY] = default_language
# Pass parameters to the client-side JavaScript code.
# These end up in a global JavaScript Object named 'page_params'.
page_params = dict(
# Server settings.
share_the_love = settings.SHARE_THE_LOVE,
development_environment = settings.DEVELOPMENT,
debug_mode = settings.DEBUG,
test_suite = settings.TEST_SUITE,
poll_timeout = settings.POLL_TIMEOUT,
login_page = settings.HOME_NOT_LOGGED_IN,
server_uri = settings.SERVER_URI,
maxfilesize = settings.MAX_FILE_UPLOAD_SIZE,
max_avatar_file_size = settings.MAX_AVATAR_FILE_SIZE,
server_generation = settings.SERVER_GENERATION,
use_websockets = settings.USE_WEBSOCKETS,
save_stacktraces = settings.SAVE_FRONTEND_STACKTRACES,
# realm data.
# TODO: Move all of these data to register_ret and pull from there
realm_uri = user_profile.realm.uri,
password_auth_enabled = password_auth_enabled(user_profile.realm),
domains = list_of_domains_for_realm(user_profile.realm),
name_changes_disabled = name_changes_disabled(user_profile.realm),
mandatory_topics = user_profile.realm.mandatory_topics,
show_digest_email = user_profile.realm.show_digest_email,
realm_presence_disabled = user_profile.realm.presence_disabled,
is_zephyr_mirror_realm = user_profile.realm.is_zephyr_mirror_realm,
# user_profile data.
# TODO: Move all of these data to register_ret and pull from there
fullname = user_profile.full_name,
email = user_profile.email,
enter_sends = user_profile.enter_sends,
user_id = user_profile.id,
is_admin = user_profile.is_realm_admin,
can_create_streams = user_profile.can_create_streams(),
autoscroll_forever = user_profile.autoscroll_forever,
default_desktop_notifications = user_profile.default_desktop_notifications,
avatar_url = avatar_url(user_profile),
avatar_url_medium = avatar_url(user_profile, medium=True),
avatar_source = user_profile.avatar_source,
timezone = user_profile.timezone,
# Stream message notification settings:
stream_desktop_notifications_enabled = user_profile.enable_stream_desktop_notifications,
stream_sounds_enabled = user_profile.enable_stream_sounds,
# Private message and @-mention notification settings:
desktop_notifications_enabled = desktop_notifications_enabled,
sounds_enabled = user_profile.enable_sounds,
enable_offline_email_notifications = user_profile.enable_offline_email_notifications,
pm_content_in_desktop_notifications = user_profile.pm_content_in_desktop_notifications,
enable_offline_push_notifications = user_profile.enable_offline_push_notifications,
enable_online_push_notifications = user_profile.enable_online_push_notifications,
enable_digest_emails = user_profile.enable_digest_emails,
# Realm foreign key data from register_ret.
# TODO: Rename these to match register_ret values.
subbed_info = register_ret['subscriptions'],
unsubbed_info = register_ret['unsubscribed'],
neversubbed_info = register_ret['never_subscribed'],
people_list = register_ret['realm_users'],
bot_list = register_ret['realm_bots'],
initial_pointer = register_ret['pointer'],
initial_presences = register_ret['presences'],
event_queue_id = register_ret['queue_id'],
# Misc. extra data.
have_initial_messages = user_has_messages,
initial_servertime = time.time(), # Used for calculating relative presence age
default_language_name = get_language_name(register_ret['default_language']),
language_list_dbl_col = get_language_list_for_templates(register_ret['default_language']),
language_list = get_language_list(),
needs_tutorial = needs_tutorial,
first_in_realm = first_in_realm,
prompt_for_invites = prompt_for_invites,
notifications_stream = notifications_stream,
cross_realm_bots = list(get_cross_realm_dicts()),
unread_count = approximate_unread_count(user_profile),
furthest_read_time = sent_time_in_epoch_seconds(latest_read),
has_mobile_devices = num_push_devices_for_user(user_profile) > 0,
)
# These fields will be automatically copied from register_ret into
# page_params. It is a goal to move more of the page_params list
# into this sort of cleaner structure.
page_params_core_fields = [
'alert_words',
'attachments',
'default_language',
'emoji_alt_code',
'last_event_id',
'left_side_userlist',
'max_icon_file_size',
'max_message_id',
'muted_topics',
'realm_add_emoji_by_admins_only',
'realm_allow_message_editing',
'realm_authentication_methods',
'realm_bot_domain',
'realm_create_stream_by_admins_only',
'realm_default_language',
'realm_default_streams',
'realm_email_changes_disabled',
'realm_emoji',
'realm_filters',
'realm_icon_source',
'realm_icon_url',
'realm_invite_by_admins_only',
'realm_invite_required',
'realm_message_content_edit_limit_seconds',
'realm_name',
'realm_name_changes_disabled',
'realm_restricted_to_domain',
'realm_waiting_period_threshold',
'referrals',
'twenty_four_hour_time',
'zulip_version',
]
for field_name in page_params_core_fields:
page_params[field_name] = register_ret[field_name]
if narrow_stream is not None:
# In narrow_stream context, initial pointer is just latest message
recipient = get_recipient(Recipient.STREAM, narrow_stream.id)
try:
initial_pointer = Message.objects.filter(recipient=recipient).order_by('id').reverse()[0].id
except IndexError:
initial_pointer = -1
page_params["narrow_stream"] = narrow_stream.name
if narrow_topic is not None:
page_params["narrow_topic"] = narrow_topic
page_params["narrow"] = [dict(operator=term[0], operand=term[1]) for term in narrow]
page_params["max_message_id"] = initial_pointer
page_params["initial_pointer"] = initial_pointer
page_params["have_initial_messages"] = (initial_pointer != -1)
statsd.incr('views.home')
show_invites = True
# Some realms only allow admins to invite users
if user_profile.realm.invite_by_admins_only and not user_profile.is_realm_admin:
show_invites = False
request._log_data['extra'] = "[%s]" % (register_ret["queue_id"],)
response = render_to_response('zerver/index.html',
{'user_profile': user_profile,
'page_params': simplejson.encoder.JSONEncoderForHTML().encode(page_params),
'nofontface': is_buggy_ua(request.META.get("HTTP_USER_AGENT", "Unspecified")),
'avatar_url': avatar_url(user_profile),
'show_debug':
settings.DEBUG and ('show_debug' in request.GET),
'pipeline': settings.PIPELINE_ENABLED,
'show_invites': show_invites,
'is_admin': user_profile.is_realm_admin,
'show_webathena': user_profile.realm.webathena_enabled,
'enable_feedback': settings.ENABLE_FEEDBACK,
'embedded': narrow_stream is not None,
},
request=request)
patch_cache_control(response, no_cache=True, no_store=True, must_revalidate=True)
return response
