profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/alexmv/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.

alexmv/barnowl 2

A multi-protocol curses IM client.

alexmv/dist-zilla 2

scary tools for building CPAN distributions

alexmv/email-mime 2

perl library for parsing MIME messages

alexmv/grit 2

Grit gives you object oriented read/write access to Git repositories via Ruby.

alexmv/AnyMQ 1

Simple message queue based on AnyEvent

alexmv/File-MMagic-XS 1

MIME Magic Based On Apache's mod_mime_magic

alexmv/git-pureperl 1

A Pure Perl interface to Git repositories

alexmv/AnyMQ-AMQP 0

amqp binding for AnyMQ

alexmv/arcanist 0

Command line interface for Phabricator

Pull request review commentzulip/zulip

webpack: Increase Node.js heap size on low-memory systems

 def build_for_dev_server(host: str, port: str, minify: bool, disable_host_check:     # This is our most dynamic configuration, which we use for our     # dev server.  The key piece here is that we identify changes to     # files as devs make edits and serve new assets on the fly.-    webpack_args = ["node", "node_modules/.bin/webpack-cli", "serve"]+    webpack_args = ["node"]+    with open("/proc/meminfo") as meminfo:+        if int(next(meminfo).split()[1]) < 3 * 1024 * 1024:+            webpack_args += ["--max-old-space-size=1536"]+    webpack_args = ["node_modules/.bin/webpack-cli", "serve"]
    webpack_args += ["node_modules/.bin/webpack-cli", "serve"]
andersk

comment created time in 5 days

PullRequestReviewEvent

push eventalexmv/matterbridge

Alex Vandiver

commit sha 9f971cdebad5e7f10ecb1769276f455fd65c567a

version: Move version information into a separate package. This will allow it to be accessed by other sections of the code.

view details

Alex Vandiver

commit sha e190db77d6a9d8f096c5c838c6773b89fefa6db6

zulip: Use the matterbridge version in the user-agent.

view details

push time in 5 days

PR opened 42wim/matterbridge

Better error handling on Zulip

We noticed that matterbridge bots were making thousands of requests to Zulip servers with unauthenticated credentials. This is an attempt to stem that tide.

Specifically, it catches failures when registering, which were previously completely ignored -- most of the unauthenticated requests were to yourserver.zulipchat.com which is the example host in the configuration, which isn't currently a valid Zulip realm: https://github.com/42wim/matterbridge/blob/53cafa9f3d0c8be33821fc7338b1da97e91d9cc6/matterbridge.toml.sample#L1564-L1582

It also catches the 401's when fetching events, which were not rate-limited previously.

Finally, it provides a more specific user-agent, which will make it easier to track down errors like this in the future. It does so by doing a small re-arrangement of packages to make the version information available via a package which is not main.

I made commits directly into vendor/github.com/matterbridge/gozulipbot/ directly, rather than open a PR against https://github.com/matterbridge/gozulipbot. It looks like the gozulipbot code in this repo has already diverged from the other repository, so it looked easier to fix it here. Regardless, however, the key flaws of failing to check for failure during queue registration and failing to rate-limit 401 responses also apply to the matterbridge/gozulipbot repository, and should also be applied there.

I'm happy to open a second PR there if you'd prefer; let me know how you'd like to proceed, as it looks like there are changes other than these which need backporting out of vendor/ and into matterbridge/gozulipbot.

+48 -21

0 comment

9 changed files

pr created time in 5 days

push eventalexmv/matterbridge

Alex Vandiver

commit sha cbef4fb27b94fa39ff112ffff4015596bf27b5fa

zulip: Catch non-200 responses from Zulip server during registration. The RegisterEvents method, called from the Connect of the zulip bridge, never checked the HTTP response code from the server; it would blindly assume success and shove the JSON it got into the Queue structure. This meant that matterbridge would happily make repeated requests to the server (see subsequent commits) despite initial registration having failed. Catch non-200 responses, and (when possible) unravel the server-supplied error message within that; return as an err.

view details

Alex Vandiver

commit sha 73851e9d64b7c74a801c3684309c856c56d5a761

zulip: Treat unknown errors with a 10-second backoff. An unknown error (including an unauthorized error) would fall through with no calls to time.Sleep, resulting in hammering the server as quickly as possible. Add a 10-second sleep in the default error case. The heartbeat is left with no explicit sleep, but all other codepaths now contain one.

view details

Alex Vandiver

commit sha 5ee14966bcc041a163bcaaca95d62070427a1a30

zulip: Treat 401's as UnauthorizedError as well. Zulip servers respond with 401's if the authentication fails (e.g. a bad token), and 403's if the authenticated user does not have permission to read something. 403's are thus, unlikely to happen for this method of consuming the API, and 401's are far more likely. Include 401 responses in UnauthorizedErrors.

view details

Alex Vandiver

commit sha 417c591bd83f9fd1dd14362f77a46e0a586c5a17

version: Move version information into a separate package. This will allow it to be accessed by other sections of the code.

view details

Alex Vandiver

commit sha 6bd276363b970a4e8f650ff732bc8b1f1ad29ccd

zulip: Use the matterbridge version in the user-agent.

view details

push time in 5 days

create barnchalexmv/matterbridge

branch : zulip-auth-failure

created branch time in 5 days

fork alexmv/matterbridge

bridge between mattermost, IRC, gitter, xmpp, slack, discord, telegram, rocketchat, twitch, ssh-chat, zulip, whatsapp, keybase, matrix, microsoft teams, nextcloud, mumble, vk and more with REST API (mattermost not required!)

fork in 5 days

fork alexmv/gozulipbot

A bot library in Go for Zulip

fork in 5 days

issue commentzulip/zulip

Show "Download <filename>..." tooltip on uploaded file links

You should make sure to start out by reading the Contributing Guide in our documentation!

This fix is likely a small change in javascript, in static/js/util.js: https://github.com/zulip/zulip/blob/233d250eff4081cf2c300141cff5db7863837404/static/js/util.js#L300-L301

If you have other questions, please pop onto https://chat.zulip.org/ to ask for help -- the development community page may be helpful to read as background for that.

alexmv

comment created time in 5 days

issue commentzulip/zulip

Show "Download <filename>..." tooltip on uploaded file links

Sure -- have at it!

alexmv

comment created time in 6 days

issue commentzulip/zulip

Failure to send a password reset email should not 500

SMTP error codes are an unregulated mess, which makes them very hard to act on. For instance, a failure we recently saw in production was:

454 Temporary service failure

...and code 454 is technically a transient failure of the receiver system, which is accurate here. But it's also used for declining to relay mail or needing authentication and those are just the first two hits that turn up on Google.

alexmv

comment created time in 10 days

pull request commentzulip/zulip

find_team: Send one email per email address, not per organization.

Is the current format nicer enough that it's worth special-casing the only-one-matching-realm case, and reusing the existing formatting for that? I'm not sure it is, but thought I'd toss out the idea.

eeshangarg

comment created time in 11 days

delete branch alexmv/zulip

delete branch : empty-rendered-content

delete time in 11 days

push eventzulip/zulip

Alex Vandiver

commit sha 039b869ca58b640d3578d14567c39574b0b8a686

email_notifications: Fix inline-ing of image-URL-only messages. fe255172956d adjusted the email_notifications codepath to use `lxml.html.fragment_fromstring` method when parsing `rendered_content`, but left the tests using a helper which called `fromstring`. Switching the tests to match the code as run reveals a bug -- using `drop_tree` on all `message_inline_image` classes now _does_ remove all of a top-level image-URL-only message. Previously, such messages were "safe" from the block that calls `drop_tree` only by dint of `drop_tree` being a silent no-op for the root element. When parsed using `fragment_fromstring`, they are no longer the root, and as such an empty message results. Reorder relative_to_full_url to check for only one `message_inline_image` within the top `<div>`, and only run the `drop_tree` path in the alternate case. Tests must be adjusted for their output now including one more layer of `<div>`.

view details

Alex Vandiver

commit sha 8c7295995145185c01e1f147acc17cb1fd223c05

push_notifications: Handle empty rendered_messages. This parallels fe255172956d, but for mobile notifications. It also adds a test, which verifies that such content does not crash either mobile or email notifications.

view details

push time in 11 days

PR merged zulip/zulip

More fixes for empty rendered content size: L

Testing plan: New and existing tests.

Ref #19559.

+41 -29

1 comment

4 changed files

alexmv

pr closed time in 11 days

pull request commentzulip/zulip

saml: Set requestedAuthnContext to False in prod_settings_template.

Yup, looks good to me, @mateuszmandera! Thanks, and merged.

mateuszmandera

comment created time in 11 days

push eventzulip/zulip

Mateusz Mandera

commit sha 4c9792b6a3f4db3580666068b3646e64e1a24c5c

saml: Set requestedAuthnContext to False in prod_settings_template. AuthnContextClassRef tells the IdP what forms of authentication the user should use on the IdP's server for us to be okay with it. I don't think there's a reason for us to enforce anything here and it should be up to the IdP's configuration to handle authentication how it wants. The default AuthnContextClassRef only allows PasswordProtectedTransport, causing the IdP to e.g. reject authentication with Yubikey in AzureAD SAML - which can be confusing for folks setting up SAML and is just not necessary.

view details

Mateusz Mandera

commit sha 0e8735aeea1369dffee3890518f5edb0b87fda04

saml: Link to python3-saml docs above the security config dict.

view details

push time in 11 days

PR merged zulip/zulip

saml: Set requestedAuthnContext to False in prod_settings_template. size: S

AuthnContextClassRef tells the IdP what forms of authentication the user should use on the IdP's server for us to be okay with it. I don't think there's a reason for us to enforce anything here and it should be up to the IdP's configuration to handle authentication how it wants.

The default AuthnContextClassRef only allows PasswordProtectedTransport, causing the IdP to e.g. reject authentication with Yubikey in AzureAD SAML - which can be confusing for folks setting up SAML and is just not necessary.

+13 -0

3 comments

1 changed file

mateuszmandera

pr closed time in 11 days

push eventalexmv/zulip

Alex Vandiver

commit sha 29542d9f444d6338be3a7a2858cff8b2a05f61a6

email_notifications: Fix inline-ing of image-URL-only messages. fe255172956d adjusted the email_notifications codepath to use `lxml.html.fragment_fromstring` method when parsing `rendered_content`, but left the tests using a helper which called `fromstring`. Switching the tests to match the code as run reveals a bug -- using `drop_tree` on all `message_inline_image` classes now _does_ remove all of a top-level image-URL-only message. Previously, such messages were "safe" from the block that calls `drop_tree` only by dint of `drop_tree` being a silent no-op for the root element. When parsed using `fragment_fromstring`, they are no longer the root, and as such an empty message results. Reorder relative_to_full_url to check for only one `message_inline_image` within the top `<div>`, and only run the `drop_tree` path in the alternate case. Tests must be adjusted for their output now including one more layer of `<div>`.

view details

Alex Vandiver

commit sha 6aeae9c823fa71a87680012a1bb12c437b34f0c6

push_notifications: Handle empty rendered_messages. This parallels fe255172956d, but for mobile notifications. It also adds a test, which verifies that such content does not crash either mobile or email notifications.

view details

push time in 12 days

pull request commentzulip/zulip

saml: Set requestedAuthnContext to False in prod_settings_template.

I was thinking that the link to https://github.com/onelogin/python3-saml#settings should go above the whole SOCIAL_AUTH_SAML_SECURITY_CONFIG definition, since any key in the "Security settings" list documented there can be put into that variable.

mateuszmandera

comment created time in 12 days

PR opened zulip/zulip

More fixes for empty rendered content

Testing plan: New and existing tests.

+39 -29

0 comment

4 changed files

pr created time in 12 days

create barnchalexmv/zulip

branch : empty-rendered-content

created branch time in 12 days

Pull request review commentzulip/zulip

saml: Set requestedAuthnContext to False in prod_settings_template.

     ## set this to True to enable signing of SAMLRequests using the     ## private key.     "authnRequestsSigned": False,+    ## You can change requestedAuthnContext to True to make Zulip include AuthnContext in+    ## SAMLRequests, specifying AuthnContextClassRef. By default,+    ## it will only permit urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport.+    ## You can also set this to a list of specific Authentication Context Classes that you want+    ## to include in the AuthnContext. E.g.:+    ## "requestedAuthnContext": ["urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",+    ##                           "urn:oasis:names:tc:SAML:2.0:ac:classes:X509"]+    ## Refer to python3-saml documentation for this setting
    ## Refer to python-saml documentation for this setting

And maybe link to https://github.com/onelogin/python-saml/blob/master/README.md#settings above this whole block?

mateuszmandera

comment created time in 12 days

PullRequestReviewEvent
PullRequestReviewEvent

pull request commentzulip/zulip

docs: Add documentation for bullseye support.

Backported as 9391840d34859d539da620840f217a79cc5fa6e5.

ligmitz

comment created time in 12 days

push eventzulip/zulip

Gaurav Pandey

commit sha 9391840d34859d539da620840f217a79cc5fa6e5

docs: Add documentation for bullseye support. The support for bullseye was added in #17951 but it was not documented as bullseye was frozen and did not have proper configuration files, hence wasn't documented. Since now bullseye is released as a stable version, it's support can be documented. (cherry picked from commit 502697d2397b5484c9befde4607217e0562c8425)

view details

push time in 12 days

issue openedzulip/zulip

Failure to send a password reset email should not 500

The password reset form calls send_email synchronously:

https://github.com/zulip/zulip/blob/e7c62c4190b8037f9a07e1c3d94be17e8f62f468/zerver/forms.py#L347-L376

This means that if that emails fails to send, it raises an EmailNotDeliveredException:

https://github.com/zulip/zulip/blob/main/zerver/lib/send_email.py#L262-L282

We should catch those in the password reset form, and display a message that says something like:

Something went wrong sending an email to that address. Double-check that you typed it correctly, and try again in a few minutes!

created time in 12 days

push eventalexmv/zulip

Alex Vandiver

commit sha 444c6a1a6c38bd67bdcbbde408faaca7ef164994

email-mirror: Add a standalone server that processes incoming email. Using postfix to handle the incoming email gateway complicates things a great deal: - It cannot verify that incoming email addresses exist in Zulip before accepting them; it thus accepts mail at the `RCPT TO` stage which it cannot handle, and thus must reject after the `DATA`. - It is built to handle both incoming and outgoing email, which results in subtle errors (1c17583ad5b2, 79931051bd27, a53092687e13, #18600). - Rate-limiting happens much too late to avoid denial of service (#12501). - Mis-configurations of the HTTP endpoint can break incoming mail (#18105). Provide a replacement SMTP server which accepts incoming email on port 25, verifies that Zulip can accept the address, and that no rate-limits are being broken, and then adds it directly to the relevant queue. Also simplifies #7814 somewhat.

view details

push time in 13 days

PR opened zulip/zulip

asyncio SMTP mail server instead of postfix

[] Tests [] Come up with a plan (iptables?) for not running this as root, but being able to listen on port 25 [] Rip out the postfix config

+205 -15

0 comment

5 changed files

pr created time in 13 days