Land to GitHub + support stuff
Summary:
A usable, Land to GitHub flow.
Still to do:
- Refactor all git/hg stratagies to a sane structure.
- Make the dialogs Workflow + explain why it's disabled.
- Show button and request Link Account if GH is enabled, but user is not linked.
- After refreshing token, user ends up in the settings stage.
Hacked something in LandController to be able to show an arbitrary dialog from a strategy.
It's not very nice, but I want to make some more refactoring to the controller/strategy/ies anyway.
Also made PhabricatorRepository::getRemoteURIObject() public, because it was very useful in getting
the domain and path for the repo.
Test Plan:
Went through these flows:
- load revision in hosted, github-backed, non-github backed repos to see button as needed.
- hit land with weak token - sent to refresh it with the extra scope.
- Land to repo I'm not allowed - got proper error message.
- Successfully landed; Failed to apply patch.
Reviewers: epriestley, #blessed_reviewers
Reviewed By: epriestley
CC: Korvin, epriestley, aran
Maniphest Tasks: T182
Differential Revision: https://secure.phabricator.com/D7555
2013-11-13 17:25:14 -08:00
|
|
|
<?php
|
|
|
|
|
|
|
|
final class DifferentialLandingToGitHub
|
|
|
|
extends DifferentialLandingStrategy {
|
|
|
|
|
|
|
|
private $account;
|
|
|
|
private $provider;
|
|
|
|
|
|
|
|
public function processLandRequest(
|
|
|
|
AphrontRequest $request,
|
|
|
|
DifferentialRevision $revision,
|
|
|
|
PhabricatorRepository $repository) {
|
|
|
|
|
|
|
|
$viewer = $request->getUser();
|
|
|
|
$this->init($viewer, $repository);
|
|
|
|
|
|
|
|
$workspace = $this->getGitWorkspace($repository);
|
|
|
|
|
|
|
|
try {
|
|
|
|
id(new DifferentialLandingToHostedGit())
|
|
|
|
->commitRevisionToWorkspace(
|
|
|
|
$revision,
|
|
|
|
$workspace,
|
|
|
|
$viewer);
|
|
|
|
} catch (Exception $e) {
|
|
|
|
throw new PhutilProxyException(
|
|
|
|
'Failed to commit patch',
|
|
|
|
$e);
|
|
|
|
}
|
|
|
|
|
|
|
|
try {
|
|
|
|
$this->pushWorkspaceRepository($repository, $workspace);
|
|
|
|
} catch (Exception $e) {
|
|
|
|
// If it's a permission problem, we know more than git.
|
|
|
|
$dialog = $this->verifyRemotePermissions($viewer, $revision, $repository);
|
|
|
|
if ($dialog) {
|
|
|
|
return $dialog;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Else, throw what git said.
|
|
|
|
throw new PhutilProxyException(
|
|
|
|
'Failed to push changes upstream',
|
|
|
|
$e);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* returns PhabricatorActionView or an array of PhabricatorActionView or null.
|
|
|
|
*/
|
2014-01-30 09:07:50 -08:00
|
|
|
public function createMenuItem(
|
Land to GitHub + support stuff
Summary:
A usable, Land to GitHub flow.
Still to do:
- Refactor all git/hg stratagies to a sane structure.
- Make the dialogs Workflow + explain why it's disabled.
- Show button and request Link Account if GH is enabled, but user is not linked.
- After refreshing token, user ends up in the settings stage.
Hacked something in LandController to be able to show an arbitrary dialog from a strategy.
It's not very nice, but I want to make some more refactoring to the controller/strategy/ies anyway.
Also made PhabricatorRepository::getRemoteURIObject() public, because it was very useful in getting
the domain and path for the repo.
Test Plan:
Went through these flows:
- load revision in hosted, github-backed, non-github backed repos to see button as needed.
- hit land with weak token - sent to refresh it with the extra scope.
- Land to repo I'm not allowed - got proper error message.
- Successfully landed; Failed to apply patch.
Reviewers: epriestley, #blessed_reviewers
Reviewed By: epriestley
CC: Korvin, epriestley, aran
Maniphest Tasks: T182
Differential Revision: https://secure.phabricator.com/D7555
2013-11-13 17:25:14 -08:00
|
|
|
PhabricatorUser $viewer,
|
|
|
|
DifferentialRevision $revision,
|
|
|
|
PhabricatorRepository $repository) {
|
|
|
|
|
|
|
|
$vcs = $repository->getVersionControlSystem();
|
|
|
|
if ($vcs !== PhabricatorRepositoryType::REPOSITORY_TYPE_GIT) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($repository->isHosted()) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
try {
|
|
|
|
// These throw when failing.
|
|
|
|
$this->init($viewer, $repository);
|
|
|
|
$this->findGitHubRepo($repository);
|
|
|
|
} catch (Exception $e) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2013-12-09 13:29:12 -08:00
|
|
|
return $this->createActionView($revision, pht('Land to GitHub'))
|
2014-05-13 07:45:39 -07:00
|
|
|
->setIcon('fa-cloud-upload');
|
Land to GitHub + support stuff
Summary:
A usable, Land to GitHub flow.
Still to do:
- Refactor all git/hg stratagies to a sane structure.
- Make the dialogs Workflow + explain why it's disabled.
- Show button and request Link Account if GH is enabled, but user is not linked.
- After refreshing token, user ends up in the settings stage.
Hacked something in LandController to be able to show an arbitrary dialog from a strategy.
It's not very nice, but I want to make some more refactoring to the controller/strategy/ies anyway.
Also made PhabricatorRepository::getRemoteURIObject() public, because it was very useful in getting
the domain and path for the repo.
Test Plan:
Went through these flows:
- load revision in hosted, github-backed, non-github backed repos to see button as needed.
- hit land with weak token - sent to refresh it with the extra scope.
- Land to repo I'm not allowed - got proper error message.
- Successfully landed; Failed to apply patch.
Reviewers: epriestley, #blessed_reviewers
Reviewed By: epriestley
CC: Korvin, epriestley, aran
Maniphest Tasks: T182
Differential Revision: https://secure.phabricator.com/D7555
2013-11-13 17:25:14 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
public function pushWorkspaceRepository(
|
|
|
|
PhabricatorRepository $repository,
|
|
|
|
ArcanistRepositoryAPI $workspace) {
|
|
|
|
|
|
|
|
$token = $this->getAccessToken();
|
|
|
|
|
|
|
|
$github_repo = $this->findGitHubRepo($repository);
|
|
|
|
|
|
|
|
$remote = urisprintf(
|
|
|
|
'https://%s:x-oauth-basic@%s/%s.git',
|
|
|
|
$token,
|
|
|
|
$this->provider->getProviderDomain(),
|
|
|
|
$github_repo);
|
|
|
|
|
|
|
|
$workspace->execxLocal(
|
2014-06-09 11:36:49 -07:00
|
|
|
'push %P HEAD:master',
|
Land to GitHub + support stuff
Summary:
A usable, Land to GitHub flow.
Still to do:
- Refactor all git/hg stratagies to a sane structure.
- Make the dialogs Workflow + explain why it's disabled.
- Show button and request Link Account if GH is enabled, but user is not linked.
- After refreshing token, user ends up in the settings stage.
Hacked something in LandController to be able to show an arbitrary dialog from a strategy.
It's not very nice, but I want to make some more refactoring to the controller/strategy/ies anyway.
Also made PhabricatorRepository::getRemoteURIObject() public, because it was very useful in getting
the domain and path for the repo.
Test Plan:
Went through these flows:
- load revision in hosted, github-backed, non-github backed repos to see button as needed.
- hit land with weak token - sent to refresh it with the extra scope.
- Land to repo I'm not allowed - got proper error message.
- Successfully landed; Failed to apply patch.
Reviewers: epriestley, #blessed_reviewers
Reviewed By: epriestley
CC: Korvin, epriestley, aran
Maniphest Tasks: T182
Differential Revision: https://secure.phabricator.com/D7555
2013-11-13 17:25:14 -08:00
|
|
|
new PhutilOpaqueEnvelope($remote));
|
|
|
|
}
|
|
|
|
|
|
|
|
private function init($viewer, $repository) {
|
|
|
|
$repo_uri = $repository->getRemoteURIObject();
|
|
|
|
$repo_domain = $repo_uri->getDomain();
|
|
|
|
|
|
|
|
$this->account = id(new PhabricatorExternalAccountQuery())
|
|
|
|
->setViewer($viewer)
|
|
|
|
->withUserPHIDs(array($viewer->getPHID()))
|
2014-06-09 11:36:49 -07:00
|
|
|
->withAccountTypes(array('github'))
|
Land to GitHub + support stuff
Summary:
A usable, Land to GitHub flow.
Still to do:
- Refactor all git/hg stratagies to a sane structure.
- Make the dialogs Workflow + explain why it's disabled.
- Show button and request Link Account if GH is enabled, but user is not linked.
- After refreshing token, user ends up in the settings stage.
Hacked something in LandController to be able to show an arbitrary dialog from a strategy.
It's not very nice, but I want to make some more refactoring to the controller/strategy/ies anyway.
Also made PhabricatorRepository::getRemoteURIObject() public, because it was very useful in getting
the domain and path for the repo.
Test Plan:
Went through these flows:
- load revision in hosted, github-backed, non-github backed repos to see button as needed.
- hit land with weak token - sent to refresh it with the extra scope.
- Land to repo I'm not allowed - got proper error message.
- Successfully landed; Failed to apply patch.
Reviewers: epriestley, #blessed_reviewers
Reviewed By: epriestley
CC: Korvin, epriestley, aran
Maniphest Tasks: T182
Differential Revision: https://secure.phabricator.com/D7555
2013-11-13 17:25:14 -08:00
|
|
|
->withAccountDomains(array($repo_domain))
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 10:18:10 -07:00
|
|
|
->requireCapabilities(
|
|
|
|
array(
|
|
|
|
PhabricatorPolicyCapability::CAN_VIEW,
|
|
|
|
PhabricatorPolicyCapability::CAN_EDIT,
|
|
|
|
))
|
Land to GitHub + support stuff
Summary:
A usable, Land to GitHub flow.
Still to do:
- Refactor all git/hg stratagies to a sane structure.
- Make the dialogs Workflow + explain why it's disabled.
- Show button and request Link Account if GH is enabled, but user is not linked.
- After refreshing token, user ends up in the settings stage.
Hacked something in LandController to be able to show an arbitrary dialog from a strategy.
It's not very nice, but I want to make some more refactoring to the controller/strategy/ies anyway.
Also made PhabricatorRepository::getRemoteURIObject() public, because it was very useful in getting
the domain and path for the repo.
Test Plan:
Went through these flows:
- load revision in hosted, github-backed, non-github backed repos to see button as needed.
- hit land with weak token - sent to refresh it with the extra scope.
- Land to repo I'm not allowed - got proper error message.
- Successfully landed; Failed to apply patch.
Reviewers: epriestley, #blessed_reviewers
Reviewed By: epriestley
CC: Korvin, epriestley, aran
Maniphest Tasks: T182
Differential Revision: https://secure.phabricator.com/D7555
2013-11-13 17:25:14 -08:00
|
|
|
->executeOne();
|
|
|
|
|
|
|
|
if (!$this->account) {
|
|
|
|
throw new Exception(
|
|
|
|
"No matching GitHub account found for {$repo_domain}.");
|
|
|
|
}
|
|
|
|
|
|
|
|
$this->provider = PhabricatorAuthProvider::getEnabledProviderByKey(
|
|
|
|
$this->account->getProviderKey());
|
|
|
|
if (!$this->provider) {
|
|
|
|
throw new Exception("GitHub provider for {$repo_domain} is not enabled.");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
private function findGitHubRepo(PhabricatorRepository $repository) {
|
|
|
|
$repo_uri = $repository->getRemoteURIObject();
|
|
|
|
|
|
|
|
$repo_path = $repo_uri->getPath();
|
|
|
|
|
|
|
|
if (substr($repo_path, -4) == '.git') {
|
|
|
|
$repo_path = substr($repo_path, 0, -4);
|
|
|
|
}
|
|
|
|
$repo_path = ltrim($repo_path, '/');
|
|
|
|
|
|
|
|
return $repo_path;
|
|
|
|
}
|
|
|
|
|
|
|
|
private function getAccessToken() {
|
|
|
|
return $this->provider->getOAuthAccessToken($this->account);
|
|
|
|
}
|
|
|
|
|
|
|
|
private function verifyRemotePermissions($viewer, $revision, $repository) {
|
|
|
|
$github_user = $this->account->getUsername();
|
|
|
|
$github_repo = $this->findGitHubRepo($repository);
|
|
|
|
|
|
|
|
$uri = urisprintf(
|
|
|
|
'https://api.github.com/repos/%s/collaborators/%s',
|
|
|
|
$github_repo,
|
|
|
|
$github_user);
|
|
|
|
|
|
|
|
$uri = new PhutilURI($uri);
|
|
|
|
$uri->setQueryParam('access_token', $this->getAccessToken());
|
|
|
|
list($status, $body, $headers) = id(new HTTPSFuture($uri))->resolve();
|
|
|
|
|
|
|
|
// Likely status codes:
|
|
|
|
// 204 No Content: Has permissions. Token might be too weak.
|
|
|
|
// 404 Not Found: Not a collaborator.
|
|
|
|
// 401 Unauthorized: Token is bad/revoked.
|
|
|
|
|
|
|
|
$no_permission = ($status->getStatusCode() == 404);
|
|
|
|
|
|
|
|
if ($no_permission) {
|
|
|
|
throw new Exception(
|
|
|
|
"You don't have permission to push to this repository. \n".
|
|
|
|
"Push permissions for this repository are managed on GitHub.");
|
|
|
|
}
|
|
|
|
|
|
|
|
$scopes = BaseHTTPFuture::getHeader($headers, 'X-OAuth-Scopes');
|
|
|
|
if (strpos($scopes, 'public_repo') === false) {
|
|
|
|
$provider_key = $this->provider->getProviderKey();
|
|
|
|
$refresh_token_uri = new PhutilURI("/auth/refresh/{$provider_key}/");
|
|
|
|
$refresh_token_uri->setQueryParam('scope', 'public_repo');
|
|
|
|
|
|
|
|
return id(new AphrontDialogView())
|
|
|
|
->setUser($viewer)
|
|
|
|
->setTitle(pht('Stronger token needed'))
|
|
|
|
->appendChild(pht(
|
|
|
|
'In order to complete this action, you need a '.
|
|
|
|
'stronger GitHub token.'))
|
|
|
|
->setSubmitURI($refresh_token_uri)
|
|
|
|
->addCancelButton('/D'.$revision->getId())
|
2014-06-07 12:05:30 -07:00
|
|
|
->setDisableWorkflowOnSubmit(true)
|
Land to GitHub + support stuff
Summary:
A usable, Land to GitHub flow.
Still to do:
- Refactor all git/hg stratagies to a sane structure.
- Make the dialogs Workflow + explain why it's disabled.
- Show button and request Link Account if GH is enabled, but user is not linked.
- After refreshing token, user ends up in the settings stage.
Hacked something in LandController to be able to show an arbitrary dialog from a strategy.
It's not very nice, but I want to make some more refactoring to the controller/strategy/ies anyway.
Also made PhabricatorRepository::getRemoteURIObject() public, because it was very useful in getting
the domain and path for the repo.
Test Plan:
Went through these flows:
- load revision in hosted, github-backed, non-github backed repos to see button as needed.
- hit land with weak token - sent to refresh it with the extra scope.
- Land to repo I'm not allowed - got proper error message.
- Successfully landed; Failed to apply patch.
Reviewers: epriestley, #blessed_reviewers
Reviewed By: epriestley
CC: Korvin, epriestley, aran
Maniphest Tasks: T182
Differential Revision: https://secure.phabricator.com/D7555
2013-11-13 17:25:14 -08:00
|
|
|
->addSubmitButton(pht('Refresh Account Link'));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|