From c731508d748aeda7073c3c8be7d073a47d29be4b Mon Sep 17 00:00:00 2001 From: epriestley Date: Thu, 13 Dec 2018 12:34:12 -0800 Subject: [PATCH 01/44] Require MFA implementations to return a formal result object when validating factors Summary: Ref T13222. See PHI873. Currently, MFA implementations return this weird sort of ad-hoc dictionary from validation, which is later used to render form/control stuff. I want to make this more formal to handle token reuse / session binding cases, and let MFA factors share more code around challenges. Formalize this into a proper object instead of an ad-hoc bundle of properties. Test Plan: - Answered a TOTP MFA prompt wrong (nothing, bad value). - Answered a TOTP MFA prompt properly. - Added new TOTP MFA, survived enrollment. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13222 Differential Revision: https://secure.phabricator.com/D19885 --- src/__phutil_library_map__.php | 2 + .../engine/PhabricatorAuthSessionEngine.php | 20 +++++++-- ...catorAuthHighSecurityRequiredException.php | 1 + .../auth/factor/PhabricatorAuthFactor.php | 8 +--- .../factor/PhabricatorAuthFactorResult.php | 37 ++++++++++++++++ .../auth/factor/PhabricatorTOTPAuthFactor.php | 43 +++++++++++-------- 6 files changed, 82 insertions(+), 29 deletions(-) create mode 100644 src/applications/auth/factor/PhabricatorAuthFactorResult.php diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php index b0408e127d..614479c072 100644 --- a/src/__phutil_library_map__.php +++ b/src/__phutil_library_map__.php @@ -2198,6 +2198,7 @@ phutil_register_library_map(array( 'PhabricatorAuthEditController' => 'applications/auth/controller/config/PhabricatorAuthEditController.php', 'PhabricatorAuthFactor' => 'applications/auth/factor/PhabricatorAuthFactor.php', 'PhabricatorAuthFactorConfig' => 'applications/auth/storage/PhabricatorAuthFactorConfig.php', + 'PhabricatorAuthFactorResult' => 'applications/auth/factor/PhabricatorAuthFactorResult.php', 'PhabricatorAuthFactorTestCase' => 'applications/auth/factor/__tests__/PhabricatorAuthFactorTestCase.php', 'PhabricatorAuthFinishController' => 'applications/auth/controller/PhabricatorAuthFinishController.php', 'PhabricatorAuthHMACKey' => 'applications/auth/storage/PhabricatorAuthHMACKey.php', @@ -7833,6 +7834,7 @@ phutil_register_library_map(array( 'PhabricatorAuthEditController' => 'PhabricatorAuthProviderConfigController', 'PhabricatorAuthFactor' => 'Phobject', 'PhabricatorAuthFactorConfig' => 'PhabricatorAuthDAO', + 'PhabricatorAuthFactorResult' => 'Phobject', 'PhabricatorAuthFactorTestCase' => 'PhabricatorTestCase', 'PhabricatorAuthFinishController' => 'PhabricatorAuthController', 'PhabricatorAuthHMACKey' => 'PhabricatorAuthDAO', diff --git a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php index 2020e4a542..8754709258 100644 --- a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php +++ b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php @@ -496,14 +496,25 @@ final class PhabricatorAuthSessionEngine extends Phobject { $id = $factor->getID(); $impl = $factor->requireImplementation(); - $validation_results[$id] = $impl->processValidateFactorForm( + $validation_result = $impl->processValidateFactorForm( $factor, $viewer, $request); - if (!$impl->isFactorValid($factor, $validation_results[$id])) { + if (!($validation_result instanceof PhabricatorAuthFactorResult)) { + throw new Exception( + pht( + 'Expected "processValidateFactorForm()" to return an object '. + 'of class "%s"; got something else (from "%s").', + 'PhabricatorAuthFactorResult', + get_class($impl))); + } + + if (!$validation_result->getIsValid()) { $ok = false; } + + $validation_results[$id] = $validation_result; } if ($ok) { @@ -595,17 +606,20 @@ final class PhabricatorAuthSessionEngine extends Phobject { array $validation_results, PhabricatorUser $viewer, AphrontRequest $request) { + assert_instances_of($validation_results, 'PhabricatorAuthFactorResult'); $form = id(new AphrontFormView()) ->setUser($viewer) ->appendRemarkupInstructions(''); foreach ($factors as $factor) { + $result = idx($validation_results, $factor->getID()); + $factor->requireImplementation()->renderValidateFactorForm( $factor, $form, $viewer, - idx($validation_results, $factor->getID())); + $result); } $form->appendRemarkupInstructions(''); diff --git a/src/applications/auth/exception/PhabricatorAuthHighSecurityRequiredException.php b/src/applications/auth/exception/PhabricatorAuthHighSecurityRequiredException.php index 56a4f9fc89..9f37d36a44 100644 --- a/src/applications/auth/exception/PhabricatorAuthHighSecurityRequiredException.php +++ b/src/applications/auth/exception/PhabricatorAuthHighSecurityRequiredException.php @@ -7,6 +7,7 @@ final class PhabricatorAuthHighSecurityRequiredException extends Exception { private $factorValidationResults; public function setFactorValidationResults(array $results) { + assert_instances_of($results, 'PhabricatorAuthFactorResult'); $this->factorValidationResults = $results; return $this; } diff --git a/src/applications/auth/factor/PhabricatorAuthFactor.php b/src/applications/auth/factor/PhabricatorAuthFactor.php index 7cddc2758c..21c861921f 100644 --- a/src/applications/auth/factor/PhabricatorAuthFactor.php +++ b/src/applications/auth/factor/PhabricatorAuthFactor.php @@ -14,19 +14,13 @@ abstract class PhabricatorAuthFactor extends Phobject { PhabricatorAuthFactorConfig $config, AphrontFormView $form, PhabricatorUser $viewer, - $validation_result); + PhabricatorAuthFactorResult $validation_result = null); abstract public function processValidateFactorForm( PhabricatorAuthFactorConfig $config, PhabricatorUser $viewer, AphrontRequest $request); - public function isFactorValid( - PhabricatorAuthFactorConfig $config, - $validation_result) { - return (idx($validation_result, 'valid') === true); - } - public function getParameterName( PhabricatorAuthFactorConfig $config, $name) { diff --git a/src/applications/auth/factor/PhabricatorAuthFactorResult.php b/src/applications/auth/factor/PhabricatorAuthFactorResult.php new file mode 100644 index 0000000000..80d719063d --- /dev/null +++ b/src/applications/auth/factor/PhabricatorAuthFactorResult.php @@ -0,0 +1,37 @@ +isValid = $is_valid; + return $this; + } + + public function getIsValid() { + return $this->isValid; + } + + public function setHint($hint) { + $this->hint = $hint; + return $this; + } + + public function getHint() { + return $this->hint; + } + + public function setValue($value) { + $this->value = $value; + return $this; + } + + public function getValue() { + return $this->value; + } + +} diff --git a/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php b/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php index ae3608d525..3658f050e2 100644 --- a/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php +++ b/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php @@ -154,10 +154,14 @@ final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor { PhabricatorAuthFactorConfig $config, AphrontFormView $form, PhabricatorUser $viewer, - $validation_result) { + PhabricatorAuthFactorResult $validation_result = null) { - if (!$validation_result) { - $validation_result = array(); + if ($validation_result) { + $value = $validation_result->getValue(); + $hint = $validation_result->getHint(); + } else { + $value = null; + $hint = true; } $form->appendChild( @@ -166,8 +170,8 @@ final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor { ->setLabel(pht('App Code')) ->setDisableAutocomplete(true) ->setCaption(pht('Factor Name: %s', $config->getFactorName())) - ->setValue(idx($validation_result, 'value')) - ->setError(idx($validation_result, 'error', true))); + ->setValue($value) + ->setError($hint)); } public function processValidateFactorForm( @@ -178,21 +182,22 @@ final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor { $code = $request->getStr($this->getParameterName($config, 'totpcode')); $key = new PhutilOpaqueEnvelope($config->getFactorSecret()); - if (self::verifyTOTPCode($viewer, $key, $code)) { - return array( - 'error' => null, - 'value' => $code, - 'valid' => true, - ); - } else { - return array( - 'error' => strlen($code) ? pht('Invalid') : pht('Required'), - 'value' => $code, - 'valid' => false, - ); - } - } + $result = id(new PhabricatorAuthFactorResult()) + ->setValue($code); + if (self::verifyTOTPCode($viewer, $key, $code)) { + $result->setIsValid(true); + } else { + if (strlen($code)) { + $hint = pht('Invalid'); + } else { + $hint = pht('Required'); + } + $result->setHint($hint); + } + + return $result; + } public static function generateNewTOTPKey() { return strtoupper(Filesystem::readRandomCharacters(32)); From b8cbfda07ce6b7d921465d407d10a5cce45a8c6c Mon Sep 17 00:00:00 2001 From: epriestley Date: Thu, 13 Dec 2018 10:13:56 -0800 Subject: [PATCH 02/44] Track MFA "challenges" so we can bind challenges to sessions and support SMS and other push MFA Summary: Ref T13222. See PHI873. Ref T9770. Currently, we support only TOTP MFA. For some MFA (SMS and "push-to-app"-style MFA) we may need to keep track of MFA details (e.g., the code we SMS'd you). There isn't much support for that yet. We also currently allow free reuse of TOTP responses across sessions and workflows. This hypothetically enables some "spyglass" attacks where you look at someone's phone and type the code in before they do. T9770 discusses this in more detail, but is focused on an attack window starting when the user submits the form. I claim the attack window opens when the TOTP code is shown on their phone, and the window between the code being shown and being submitted is //much// more interesting than the window after it is submitted. To address both of these cases, start tracking MFA "Challenges". These are basically a record that we asked you to give us MFA credentials. For TOTP, the challenge binds a particular timestep to a given session, so an attacker can't look at your phone and type the code into their browser before (or after) you do -- they have a different session. For now, this means that codes are reusable in the same session, but that will be refined in the future. For SMS / push, the "Challenge" would store the code we sent you so we could validate it. This is mostly a step on the way toward one-shot MFA, ad-hoc MFA in comment action stacks, and figuring out what's going on with Duo. Test Plan: - Passed MFA normally. - Passed MFA normally, simultaneously, as two different users. - With two different sessions for the same user: - Opened MFA in A, opened MFA in B. B got a "wait". - Submitted MFA in A. - Clicked "Wait" a bunch in B. - Submitted MFA in B when prompted. - Passed MFA normally, then passed MFA normally again with the same code in the same session. (This change does not prevent code reuse.) Reviewers: amckinley Reviewed By: amckinley Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam Maniphest Tasks: T13222, T9770 Differential Revision: https://secure.phabricator.com/D19886 --- .../20181213.auth.06.challenge.sql | 12 ++ src/__phutil_library_map__.php | 9 ++ ...torHighSecurityRequestExceptionHandler.php | 19 ++- .../engine/PhabricatorAuthSessionEngine.php | 92 ++++++++++-- .../auth/factor/PhabricatorAuthFactor.php | 134 ++++++++++++++++- .../factor/PhabricatorAuthFactorResult.php | 31 +++- .../auth/factor/PhabricatorTOTPAuthFactor.php | 142 +++++++++++++++--- .../phid/PhabricatorAuthChallengePHIDType.php | 32 ++++ .../query/PhabricatorAuthChallengeQuery.php | 99 ++++++++++++ .../auth/storage/PhabricatorAuthChallenge.php | 54 +++++++ 10 files changed, 573 insertions(+), 51 deletions(-) create mode 100644 resources/sql/autopatches/20181213.auth.06.challenge.sql create mode 100644 src/applications/auth/phid/PhabricatorAuthChallengePHIDType.php create mode 100644 src/applications/auth/query/PhabricatorAuthChallengeQuery.php create mode 100644 src/applications/auth/storage/PhabricatorAuthChallenge.php diff --git a/resources/sql/autopatches/20181213.auth.06.challenge.sql b/resources/sql/autopatches/20181213.auth.06.challenge.sql new file mode 100644 index 0000000000..0e5eeb35f0 --- /dev/null +++ b/resources/sql/autopatches/20181213.auth.06.challenge.sql @@ -0,0 +1,12 @@ +CREATE TABLE {$NAMESPACE}_auth.auth_challenge ( + id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, + phid VARBINARY(64) NOT NULL, + userPHID VARBINARY(64) NOT NULL, + factorPHID VARBINARY(64) NOT NULL, + sessionPHID VARBINARY(64) NOT NULL, + challengeKey VARCHAR(255) NOT NULL COLLATE {$COLLATE_TEXT}, + challengeTTL INT UNSIGNED NOT NULL, + properties LONGTEXT NOT NULL COLLATE {$COLLATE_TEXT}, + dateCreated INT UNSIGNED NOT NULL, + dateModified INT UNSIGNED NOT NULL +) ENGINE=InnoDB, COLLATE {$COLLATE_TEXT}; diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php index 614479c072..85f54f3cac 100644 --- a/src/__phutil_library_map__.php +++ b/src/__phutil_library_map__.php @@ -2187,6 +2187,9 @@ phutil_register_library_map(array( 'PhabricatorAuthApplication' => 'applications/auth/application/PhabricatorAuthApplication.php', 'PhabricatorAuthAuthFactorPHIDType' => 'applications/auth/phid/PhabricatorAuthAuthFactorPHIDType.php', 'PhabricatorAuthAuthProviderPHIDType' => 'applications/auth/phid/PhabricatorAuthAuthProviderPHIDType.php', + 'PhabricatorAuthChallenge' => 'applications/auth/storage/PhabricatorAuthChallenge.php', + 'PhabricatorAuthChallengePHIDType' => 'applications/auth/phid/PhabricatorAuthChallengePHIDType.php', + 'PhabricatorAuthChallengeQuery' => 'applications/auth/query/PhabricatorAuthChallengeQuery.php', 'PhabricatorAuthChangePasswordAction' => 'applications/auth/action/PhabricatorAuthChangePasswordAction.php', 'PhabricatorAuthConduitAPIMethod' => 'applications/auth/conduit/PhabricatorAuthConduitAPIMethod.php', 'PhabricatorAuthConduitTokenRevoker' => 'applications/auth/revoker/PhabricatorAuthConduitTokenRevoker.php', @@ -7823,6 +7826,12 @@ phutil_register_library_map(array( 'PhabricatorAuthApplication' => 'PhabricatorApplication', 'PhabricatorAuthAuthFactorPHIDType' => 'PhabricatorPHIDType', 'PhabricatorAuthAuthProviderPHIDType' => 'PhabricatorPHIDType', + 'PhabricatorAuthChallenge' => array( + 'PhabricatorAuthDAO', + 'PhabricatorPolicyInterface', + ), + 'PhabricatorAuthChallengePHIDType' => 'PhabricatorPHIDType', + 'PhabricatorAuthChallengeQuery' => 'PhabricatorCursorPagedPolicyAwareQuery', 'PhabricatorAuthChangePasswordAction' => 'PhabricatorSystemAction', 'PhabricatorAuthConduitAPIMethod' => 'ConduitAPIMethod', 'PhabricatorAuthConduitTokenRevoker' => 'PhabricatorAuthRevoker', diff --git a/src/aphront/handler/PhabricatorHighSecurityRequestExceptionHandler.php b/src/aphront/handler/PhabricatorHighSecurityRequestExceptionHandler.php index f8d522711f..1cbf4c6e4f 100644 --- a/src/aphront/handler/PhabricatorHighSecurityRequestExceptionHandler.php +++ b/src/aphront/handler/PhabricatorHighSecurityRequestExceptionHandler.php @@ -29,13 +29,28 @@ final class PhabricatorHighSecurityRequestExceptionHandler $throwable) { $viewer = $this->getViewer($request); + $results = $throwable->getFactorValidationResults(); $form = id(new PhabricatorAuthSessionEngine())->renderHighSecurityForm( $throwable->getFactors(), - $throwable->getFactorValidationResults(), + $results, $viewer, $request); + $is_wait = false; + foreach ($results as $result) { + if ($result->getIsWait()) { + $is_wait = true; + break; + } + } + + if ($is_wait) { + $submit = pht('Wait Patiently'); + } else { + $submit = pht('Enter High Security'); + } + $dialog = id(new AphrontDialogView()) ->setUser($viewer) ->setTitle(pht('Entering High Security')) @@ -62,7 +77,7 @@ final class PhabricatorHighSecurityRequestExceptionHandler 'actions, you should leave high security.')) ->setSubmitURI($request->getPath()) ->addCancelButton($throwable->getCancelURI()) - ->addSubmitButton(pht('Enter High Security')); + ->addSubmitButton($submit); $request_parameters = $request->getPassthroughRequestParameters( $respect_quicksand = true); diff --git a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php index 8754709258..acd16f690f 100644 --- a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php +++ b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php @@ -480,7 +480,59 @@ final class PhabricatorAuthSessionEngine extends Phobject { new PhabricatorAuthTryFactorAction(), 0); + $now = PhabricatorTime::getNow(); + + // We need to do challenge validation first, since this happens whether you + // submitted responses or not. You can't get a "bad response" error before + // you actually submit a response, but you can get a "wait, we can't + // issue a challenge yet" response. Load all issued challenges which are + // currently valid. + $challenges = id(new PhabricatorAuthChallengeQuery()) + ->setViewer($viewer) + ->withFactorPHIDs(mpull($factors, 'getPHID')) + ->withUserPHIDs(array($viewer->getPHID())) + ->withChallengeTTLBetween($now, null) + ->execute(); + $challenge_map = mgroup($challenges, 'getFactorPHID'); + $validation_results = array(); + $ok = true; + + // Validate each factor against issued challenges. For example, this + // prevents you from receiving or responding to a TOTP challenge if another + // challenge was recently issued to a different session. + foreach ($factors as $factor) { + $factor_phid = $factor->getPHID(); + $issued_challenges = idx($challenge_map, $factor_phid, array()); + $impl = $factor->requireImplementation(); + + $new_challenges = $impl->getNewIssuedChallenges( + $factor, + $viewer, + $issued_challenges); + + foreach ($new_challenges as $new_challenge) { + $issued_challenges[] = $new_challenge; + } + $challenge_map[$factor_phid] = $issued_challenges; + + if (!$issued_challenges) { + continue; + } + + $result = $impl->getResultFromIssuedChallenges( + $factor, + $viewer, + $issued_challenges); + + if (!$result) { + continue; + } + + $ok = false; + $validation_results[$factor_phid] = $result; + } + if ($request->isHTTPPost()) { $request->validateCSRF(); if ($request->getExists(AphrontRequest::TYPE_HISEC)) { @@ -491,30 +543,28 @@ final class PhabricatorAuthSessionEngine extends Phobject { new PhabricatorAuthTryFactorAction(), 1); - $ok = true; foreach ($factors as $factor) { - $id = $factor->getID(); + $factor_phid = $factor->getPHID(); + + // If we already have a validation result from previously issued + // challenges, skip validating this factor. + if (isset($validation_results[$factor_phid])) { + continue; + } + $impl = $factor->requireImplementation(); - $validation_result = $impl->processValidateFactorForm( + $validation_result = $impl->getResultFromChallengeResponse( $factor, $viewer, - $request); - - if (!($validation_result instanceof PhabricatorAuthFactorResult)) { - throw new Exception( - pht( - 'Expected "processValidateFactorForm()" to return an object '. - 'of class "%s"; got something else (from "%s").', - 'PhabricatorAuthFactorResult', - get_class($impl))); - } + $request, + $issued_challenges); if (!$validation_result->getIsValid()) { $ok = false; } - $validation_results[$id] = $validation_result; + $validation_results[$factor_phid] = $validation_result; } if ($ok) { @@ -566,6 +616,18 @@ final class PhabricatorAuthSessionEngine extends Phobject { return $token; } + // If we don't have a validation result for some factors yet, fill them + // in with an empty result so form rendering doesn't have to care if the + // results exist or not. This happens when you first load the form and have + // not submitted any responses yet. + foreach ($factors as $factor) { + $factor_phid = $factor->getPHID(); + if (isset($validation_results[$factor_phid])) { + continue; + } + $validation_results[$factor_phid] = new PhabricatorAuthFactorResult(); + } + throw id(new PhabricatorAuthHighSecurityRequiredException()) ->setCancelURI($cancel_uri) ->setFactors($factors) @@ -613,7 +675,7 @@ final class PhabricatorAuthSessionEngine extends Phobject { ->appendRemarkupInstructions(''); foreach ($factors as $factor) { - $result = idx($validation_results, $factor->getID()); + $result = $validation_results[$factor->getPHID()]; $factor->requireImplementation()->renderValidateFactorForm( $factor, diff --git a/src/applications/auth/factor/PhabricatorAuthFactor.php b/src/applications/auth/factor/PhabricatorAuthFactor.php index 21c861921f..2b8ec486e2 100644 --- a/src/applications/auth/factor/PhabricatorAuthFactor.php +++ b/src/applications/auth/factor/PhabricatorAuthFactor.php @@ -14,12 +14,7 @@ abstract class PhabricatorAuthFactor extends Phobject { PhabricatorAuthFactorConfig $config, AphrontFormView $form, PhabricatorUser $viewer, - PhabricatorAuthFactorResult $validation_result = null); - - abstract public function processValidateFactorForm( - PhabricatorAuthFactorConfig $config, - PhabricatorUser $viewer, - AphrontRequest $request); + PhabricatorAuthFactorResult $validation_result); public function getParameterName( PhabricatorAuthFactorConfig $config, @@ -40,4 +35,131 @@ abstract class PhabricatorAuthFactor extends Phobject { ->setFactorKey($this->getFactorKey()); } + protected function newResult() { + return new PhabricatorAuthFactorResult(); + } + + protected function newChallenge( + PhabricatorAuthFactorConfig $config, + PhabricatorUser $viewer) { + + return id(new PhabricatorAuthChallenge()) + ->setUserPHID($viewer->getPHID()) + ->setSessionPHID($viewer->getSession()->getPHID()) + ->setFactorPHID($config->getPHID()); + } + + final public function getNewIssuedChallenges( + PhabricatorAuthFactorConfig $config, + PhabricatorUser $viewer, + array $challenges) { + assert_instances_of($challenges, 'PhabricatorAuthChallenge'); + + $now = PhabricatorTime::getNow(); + + $new_challenges = $this->newIssuedChallenges( + $config, + $viewer, + $challenges); + + assert_instances_of($new_challenges, 'PhabricatorAuthChallenge'); + + foreach ($new_challenges as $new_challenge) { + $ttl = $new_challenge->getChallengeTTL(); + if (!$ttl) { + throw new Exception( + pht('Newly issued MFA challenges must have a valid TTL!')); + } + + if ($ttl < $now) { + throw new Exception( + pht( + 'Newly issued MFA challenges must have a future TTL. This '. + 'factor issued a bad TTL ("%s"). (Did you use a relative '. + 'time instead of an epoch?)', + $ttl)); + } + } + + $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); + foreach ($new_challenges as $challenge) { + $challenge->save(); + } + unset($unguarded); + + return $new_challenges; + } + + abstract protected function newIssuedChallenges( + PhabricatorAuthFactorConfig $config, + PhabricatorUser $viewer, + array $challenges); + + final public function getResultFromIssuedChallenges( + PhabricatorAuthFactorConfig $config, + PhabricatorUser $viewer, + array $challenges) { + assert_instances_of($challenges, 'PhabricatorAuthChallenge'); + + $result = $this->newResultFromIssuedChallenges( + $config, + $viewer, + $challenges); + + if ($result === null) { + return $result; + } + + if (!($result instanceof PhabricatorAuthFactorResult)) { + throw new Exception( + pht( + 'Expected "newResultFromIssuedChallenges()" to return null or '. + 'an object of class "%s"; got something else (in "%s").', + 'PhabricatorAuthFactorResult', + get_class($this))); + } + + $result->setIssuedChallenges($challenges); + + return $result; + } + + abstract protected function newResultFromIssuedChallenges( + PhabricatorAuthFactorConfig $config, + PhabricatorUser $viewer, + array $challenges); + + final public function getResultFromChallengeResponse( + PhabricatorAuthFactorConfig $config, + PhabricatorUser $viewer, + AphrontRequest $request, + array $challenges) { + assert_instances_of($challenges, 'PhabricatorAuthChallenge'); + + $result = $this->newResultFromChallengeResponse( + $config, + $viewer, + $request, + $challenges); + + if (!($result instanceof PhabricatorAuthFactorResult)) { + throw new Exception( + pht( + 'Expected "newResultFromChallengeResponse()" to return an object '. + 'of class "%s"; got something else (in "%s").', + 'PhabricatorAuthFactorResult', + get_class($this))); + } + + $result->setIssuedChallenges($challenges); + + return $result; + } + + abstract protected function newResultFromChallengeResponse( + PhabricatorAuthFactorConfig $config, + PhabricatorUser $viewer, + AphrontRequest $request, + array $challenges); + } diff --git a/src/applications/auth/factor/PhabricatorAuthFactorResult.php b/src/applications/auth/factor/PhabricatorAuthFactorResult.php index 80d719063d..d75480747d 100644 --- a/src/applications/auth/factor/PhabricatorAuthFactorResult.php +++ b/src/applications/auth/factor/PhabricatorAuthFactorResult.php @@ -4,8 +4,10 @@ final class PhabricatorAuthFactorResult extends Phobject { private $isValid = false; - private $hint; + private $isWait = false; + private $errorMessage; private $value; + private $issuedChallenges = array(); public function setIsValid($is_valid) { $this->isValid = $is_valid; @@ -16,13 +18,22 @@ final class PhabricatorAuthFactorResult return $this->isValid; } - public function setHint($hint) { - $this->hint = $hint; + public function setIsWait($is_wait) { + $this->isWait = $is_wait; return $this; } - public function getHint() { - return $this->hint; + public function getIsWait() { + return $this->isWait; + } + + public function setErrorMessage($error_message) { + $this->errorMessage = $error_message; + return $this; + } + + public function getErrorMessage() { + return $this->errorMessage; } public function setValue($value) { @@ -34,4 +45,14 @@ final class PhabricatorAuthFactorResult return $this->value; } + public function setIssuedChallenges(array $issued_challenges) { + assert_instances_of($issued_challenges, 'PhabricatorAuthChallenge'); + $this->issuedChallenges = $issued_challenges; + return $this; + } + + public function getIssuedChallenges() { + return $this->issuedChallenges; + } + } diff --git a/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php b/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php index 3658f050e2..7f426d0138 100644 --- a/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php +++ b/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php @@ -77,7 +77,7 @@ final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor { $e_code = true; if ($request->getExists('totp')) { - $okay = self::verifyTOTPCode( + $okay = $this->verifyTOTPCode( $user, new PhutilOpaqueEnvelope($key), $code); @@ -150,50 +150,131 @@ final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor { } + protected function newIssuedChallenges( + PhabricatorAuthFactorConfig $config, + PhabricatorUser $viewer, + array $challenges) { + + $now = $this->getCurrentTimestep(); + + // If we already issued a valid challenge, don't issue a new one. + if ($challenges) { + return array(); + } + + // Otherwise, generate a new challenge for the current timestep. It TTLs + // after it would fall off the bottom of the window. + $timesteps = $this->getAllowedTimesteps(); + $min_step = min($timesteps); + + $step_duration = $this->getTimestepDuration(); + $ttl_steps = ($now - $min_step) + 1; + $ttl_seconds = ($ttl_steps * $step_duration); + + return array( + $this->newChallenge($config, $viewer) + ->setChallengeKey($now) + ->setChallengeTTL(PhabricatorTime::getNow() + $ttl_seconds), + ); + } + public function renderValidateFactorForm( PhabricatorAuthFactorConfig $config, AphrontFormView $form, PhabricatorUser $viewer, - PhabricatorAuthFactorResult $validation_result = null) { + PhabricatorAuthFactorResult $result) { - if ($validation_result) { - $value = $validation_result->getValue(); - $hint = $validation_result->getHint(); + $value = $result->getValue(); + $error = $result->getErrorMessage(); + $is_wait = $result->getIsWait(); + + if ($is_wait) { + $control = id(new AphrontFormMarkupControl()) + ->setValue($error) + ->setError(pht('Wait')); } else { - $value = null; - $hint = true; + $control = id(new PHUIFormNumberControl()) + ->setName($this->getParameterName($config, 'totpcode')) + ->setDisableAutocomplete(true) + ->setValue($value) + ->setError($error); } - $form->appendChild( - id(new PHUIFormNumberControl()) - ->setName($this->getParameterName($config, 'totpcode')) - ->setLabel(pht('App Code')) - ->setDisableAutocomplete(true) - ->setCaption(pht('Factor Name: %s', $config->getFactorName())) - ->setValue($value) - ->setError($hint)); + $control + ->setLabel(pht('App Code')) + ->setCaption(pht('Factor Name: %s', $config->getFactorName())); + + $form->appendChild($control); } - public function processValidateFactorForm( + protected function newResultFromIssuedChallenges( PhabricatorAuthFactorConfig $config, PhabricatorUser $viewer, - AphrontRequest $request) { + array $challenges) { + + // If we've already issued a challenge at the current timestep or any + // nearby timestep, require that it was issued to the current session. + // This is defusing attacks where you (broadly) look at someone's phone + // and type the code in more quickly than they do. + + $step_duration = $this->getTimestepDuration(); + $now = $this->getCurrentTimestep(); + $timesteps = $this->getAllowedTimesteps(); + $timesteps = array_fuse($timesteps); + $min_step = min($timesteps); + + $session_phid = $viewer->getSession()->getPHID(); + + foreach ($challenges as $challenge) { + $challenge_timestep = (int)$challenge->getChallengeKey(); + + // This challenge isn't for one of the timesteps you'd be able to respond + // to if you submitted the form right now, so we're good to keep going. + if (!isset($timesteps[$challenge_timestep])) { + continue; + } + + // This is the number of timesteps you need to wait for the problem + // timestep to leave the window, rounded up. + $wait_steps = ($challenge_timestep - $min_step) + 1; + $wait_duration = ($wait_steps * $step_duration); + + if ($challenge->getSessionPHID() !== $session_phid) { + return $this->newResult() + ->setIsWait(true) + ->setErrorMessage( + pht( + 'This factor recently issued a challenge to a different login '. + 'session. Wait %s seconds for the code to cycle, then try '. + 'again.', + new PhutilNumber($wait_duration))); + } + } + + return null; + } + + protected function newResultFromChallengeResponse( + PhabricatorAuthFactorConfig $config, + PhabricatorUser $viewer, + AphrontRequest $request, + array $challenges) { $code = $request->getStr($this->getParameterName($config, 'totpcode')); $key = new PhutilOpaqueEnvelope($config->getFactorSecret()); - $result = id(new PhabricatorAuthFactorResult()) + $result = $this->newResult() ->setValue($code); - if (self::verifyTOTPCode($viewer, $key, $code)) { + if ($this->verifyTOTPCode($viewer, $key, (string)$code)) { $result->setIsValid(true); } else { if (strlen($code)) { - $hint = pht('Invalid'); + $error_message = pht('Invalid'); } else { - $hint = pht('Required'); + $error_message = pht('Required'); } - $result->setHint($hint); + $result->setErrorMessage($error_message); } return $result; @@ -203,7 +284,7 @@ final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor { return strtoupper(Filesystem::readRandomCharacters(32)); } - public static function verifyTOTPCode( + private function verifyTOTPCode( PhabricatorUser $user, PhutilOpaqueEnvelope $key, $code) { @@ -318,4 +399,19 @@ final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor { $rows); } + private function getTimestepDuration() { + return 30; + } + + private function getCurrentTimestep() { + $duration = $this->getTimestepDuration(); + return (int)(PhabricatorTime::getNow() / $duration); + } + + private function getAllowedTimesteps() { + $now = $this->getCurrentTimestep(); + return range($now - 2, $now + 2); + } + + } diff --git a/src/applications/auth/phid/PhabricatorAuthChallengePHIDType.php b/src/applications/auth/phid/PhabricatorAuthChallengePHIDType.php new file mode 100644 index 0000000000..2d2fea26b6 --- /dev/null +++ b/src/applications/auth/phid/PhabricatorAuthChallengePHIDType.php @@ -0,0 +1,32 @@ +ids = $ids; + return $this; + } + + public function withPHIDs(array $phids) { + $this->phids = $phids; + return $this; + } + + public function withUserPHIDs(array $user_phids) { + $this->userPHIDs = $user_phids; + return $this; + } + + public function withFactorPHIDs(array $factor_phids) { + $this->factorPHIDs = $factor_phids; + return $this; + } + + public function withChallengeTTLBetween($challenge_min, $challenge_max) { + $this->challengeTTLMin = $challenge_min; + $this->challengeTTLMax = $challenge_max; + return $this; + } + + public function newResultObject() { + return new PhabricatorAuthChallenge(); + } + + protected function loadPage() { + return $this->loadStandardPage($this->newResultObject()); + } + + protected function buildWhereClauseParts(AphrontDatabaseConnection $conn) { + $where = parent::buildWhereClauseParts($conn); + + if ($this->ids !== null) { + $where[] = qsprintf( + $conn, + 'id IN (%Ld)', + $this->ids); + } + + if ($this->phids !== null) { + $where[] = qsprintf( + $conn, + 'phid IN (%Ls)', + $this->phids); + } + + if ($this->userPHIDs !== null) { + $where[] = qsprintf( + $conn, + 'userPHID IN (%Ls)', + $this->userPHIDs); + } + + if ($this->factorPHIDs !== null) { + $where[] = qsprintf( + $conn, + 'factorPHID IN (%Ls)', + $this->factorPHIDs); + } + + if ($this->challengeTTLMin !== null) { + $where[] = qsprintf( + $conn, + 'challengeTTL >= %d', + $this->challengeTTLMin); + } + + if ($this->challengeTTLMax !== null) { + $where[] = qsprintf( + $conn, + 'challengeTTL <= %d', + $this->challengeTTLMax); + } + + return $where; + } + + public function getQueryApplicationClass() { + return 'PhabricatorAuthApplication'; + } + +} diff --git a/src/applications/auth/storage/PhabricatorAuthChallenge.php b/src/applications/auth/storage/PhabricatorAuthChallenge.php new file mode 100644 index 0000000000..883aad475a --- /dev/null +++ b/src/applications/auth/storage/PhabricatorAuthChallenge.php @@ -0,0 +1,54 @@ + array( + 'properties' => self::SERIALIZATION_JSON, + ), + self::CONFIG_AUX_PHID => true, + self::CONFIG_COLUMN_SCHEMA => array( + 'challengeKey' => 'text255', + 'challengeTTL' => 'epoch', + ), + self::CONFIG_KEY_SCHEMA => array( + 'key_issued' => array( + 'columns' => array('userPHID', 'challengeTTL'), + ), + ), + ) + parent::getConfiguration(); + } + + public function getPHIDType() { + return PhabricatorAuthChallengePHIDType::TYPECONST; + } + + +/* -( PhabricatorPolicyInterface )----------------------------------------- */ + + + public function getCapabilities() { + return array( + PhabricatorPolicyCapability::CAN_VIEW, + ); + } + + public function getPolicy($capability) { + return PhabricatorPolicies::POLICY_NOONE; + } + + public function hasAutomaticCapability($capability, PhabricatorUser $viewer) { + return ($viewer->getPHID() === $this->getUserPHID()); + } + +} From 5e94343c7d1ac87f1c4621c503373e88ddc892e3 Mon Sep 17 00:00:00 2001 From: epriestley Date: Fri, 14 Dec 2018 05:26:51 -0800 Subject: [PATCH 03/44] Add a garbage collector for MFA challenges Summary: Depends on D19886. Ref T13222. Clean up MFA challenges after they expire. (There's maybe some argument to keeping these around for a little while for debugging/forensics, but I suspect it would never actually be valuable and figure we can cross that bridge if we come to it.) Test Plan: - Ran `bin/garbage collect --collector ...` and saw old MFA challenges collected. - Triggered a new challenge, GC'd again, saw it survive GC while still active. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13222 Differential Revision: https://secure.phabricator.com/D19888 --- src/__phutil_library_map__.php | 2 ++ ...abricatorAuthChallengeGarbageCollector.php | 28 +++++++++++++++++++ .../auth/storage/PhabricatorAuthChallenge.php | 3 ++ 3 files changed, 33 insertions(+) create mode 100644 src/applications/auth/garbagecollector/PhabricatorAuthChallengeGarbageCollector.php diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php index 85f54f3cac..8b545f3767 100644 --- a/src/__phutil_library_map__.php +++ b/src/__phutil_library_map__.php @@ -2188,6 +2188,7 @@ phutil_register_library_map(array( 'PhabricatorAuthAuthFactorPHIDType' => 'applications/auth/phid/PhabricatorAuthAuthFactorPHIDType.php', 'PhabricatorAuthAuthProviderPHIDType' => 'applications/auth/phid/PhabricatorAuthAuthProviderPHIDType.php', 'PhabricatorAuthChallenge' => 'applications/auth/storage/PhabricatorAuthChallenge.php', + 'PhabricatorAuthChallengeGarbageCollector' => 'applications/auth/garbagecollector/PhabricatorAuthChallengeGarbageCollector.php', 'PhabricatorAuthChallengePHIDType' => 'applications/auth/phid/PhabricatorAuthChallengePHIDType.php', 'PhabricatorAuthChallengeQuery' => 'applications/auth/query/PhabricatorAuthChallengeQuery.php', 'PhabricatorAuthChangePasswordAction' => 'applications/auth/action/PhabricatorAuthChangePasswordAction.php', @@ -7830,6 +7831,7 @@ phutil_register_library_map(array( 'PhabricatorAuthDAO', 'PhabricatorPolicyInterface', ), + 'PhabricatorAuthChallengeGarbageCollector' => 'PhabricatorGarbageCollector', 'PhabricatorAuthChallengePHIDType' => 'PhabricatorPHIDType', 'PhabricatorAuthChallengeQuery' => 'PhabricatorCursorPagedPolicyAwareQuery', 'PhabricatorAuthChangePasswordAction' => 'PhabricatorSystemAction', diff --git a/src/applications/auth/garbagecollector/PhabricatorAuthChallengeGarbageCollector.php b/src/applications/auth/garbagecollector/PhabricatorAuthChallengeGarbageCollector.php new file mode 100644 index 0000000000..8a715cb178 --- /dev/null +++ b/src/applications/auth/garbagecollector/PhabricatorAuthChallengeGarbageCollector.php @@ -0,0 +1,28 @@ +establishConnection('w'); + + queryfx( + $conn, + 'DELETE FROM %R WHERE challengeTTL < UNIX_TIMESTAMP() LIMIT 100', + $challenge_table); + + return ($conn->getAffectedRows() == 100); + } + +} diff --git a/src/applications/auth/storage/PhabricatorAuthChallenge.php b/src/applications/auth/storage/PhabricatorAuthChallenge.php index 883aad475a..4ef2a7054f 100644 --- a/src/applications/auth/storage/PhabricatorAuthChallenge.php +++ b/src/applications/auth/storage/PhabricatorAuthChallenge.php @@ -25,6 +25,9 @@ final class PhabricatorAuthChallenge 'key_issued' => array( 'columns' => array('userPHID', 'challengeTTL'), ), + 'key_collection' => array( + 'columns' => array('challengeTTL'), + ), ), ) + parent::getConfiguration(); } From b6999c7ef41dac8699ed07063872ea36ef3390f6 Mon Sep 17 00:00:00 2001 From: Austin McKinley Date: Fri, 14 Dec 2018 15:19:56 -0800 Subject: [PATCH 04/44] Move admin promotions to modular transactions Summary: Continue clean up of super-old code. I am pretty proud of "defrocked", but would also consider "dethroned", "ousted", "unseated", "unmade", or "disenfranchised". I feel like there's a word for being kicked out of Hogwarts and having your wizarding powers revoked, but it is not leaping to mind. Test Plan: Promoted/demoted users to/from admin, attempted to demote myself and observed preserved witty text, checked user timelines, checked feed, checked DB for sanity, including `user_logs`. I didn't test exposing this via Conduit to attempt promoting a user without having admin access. Reviewers: epriestley Reviewed By: epriestley Subscribers: Korvin Differential Revision: https://secure.phabricator.com/D19891 --- src/__phutil_library_map__.php | 2 + .../PhabricatorPeopleEmpowerController.php | 31 +++--- .../people/editor/PhabricatorUserEditor.php | 39 -------- .../PhabricatorUserEmpowerTransaction.php | 95 +++++++++++++++++++ 4 files changed, 115 insertions(+), 52 deletions(-) create mode 100644 src/applications/people/xaction/PhabricatorUserEmpowerTransaction.php diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php index 8b545f3767..8478bb45d5 100644 --- a/src/__phutil_library_map__.php +++ b/src/__phutil_library_map__.php @@ -4622,6 +4622,7 @@ phutil_register_library_map(array( 'PhabricatorUserEditorTestCase' => 'applications/people/editor/__tests__/PhabricatorUserEditorTestCase.php', 'PhabricatorUserEmail' => 'applications/people/storage/PhabricatorUserEmail.php', 'PhabricatorUserEmailTestCase' => 'applications/people/storage/__tests__/PhabricatorUserEmailTestCase.php', + 'PhabricatorUserEmpowerTransaction' => 'applications/people/xaction/PhabricatorUserEmpowerTransaction.php', 'PhabricatorUserFerretEngine' => 'applications/people/search/PhabricatorUserFerretEngine.php', 'PhabricatorUserFulltextEngine' => 'applications/people/search/PhabricatorUserFulltextEngine.php', 'PhabricatorUserIconField' => 'applications/people/customfield/PhabricatorUserIconField.php', @@ -10683,6 +10684,7 @@ phutil_register_library_map(array( 'PhabricatorUserEditorTestCase' => 'PhabricatorTestCase', 'PhabricatorUserEmail' => 'PhabricatorUserDAO', 'PhabricatorUserEmailTestCase' => 'PhabricatorTestCase', + 'PhabricatorUserEmpowerTransaction' => 'PhabricatorUserTransactionType', 'PhabricatorUserFerretEngine' => 'PhabricatorFerretEngine', 'PhabricatorUserFulltextEngine' => 'PhabricatorFulltextEngine', 'PhabricatorUserIconField' => 'PhabricatorUserCustomField', diff --git a/src/applications/people/controller/PhabricatorPeopleEmpowerController.php b/src/applications/people/controller/PhabricatorPeopleEmpowerController.php index a49f8b3d1d..09021bf73e 100644 --- a/src/applications/people/controller/PhabricatorPeopleEmpowerController.php +++ b/src/applications/people/controller/PhabricatorPeopleEmpowerController.php @@ -22,22 +22,26 @@ final class PhabricatorPeopleEmpowerController $request, $done_uri); - if ($user->getPHID() == $viewer->getPHID()) { - return $this->newDialog() - ->setTitle(pht('Your Way is Blocked')) - ->appendParagraph( - pht( - 'After a time, your efforts fail. You can not adjust your own '. - 'status as an administrator.')) - ->addCancelButton($done_uri, pht('Accept Fate')); - } + $validation_exception = null; if ($request->isFormPost()) { - id(new PhabricatorUserEditor()) - ->setActor($viewer) - ->makeAdminUser($user, !$user->getIsAdmin()); + $xactions = array(); + $xactions[] = id(new PhabricatorUserTransaction()) + ->setTransactionType( + PhabricatorUserEmpowerTransaction::TRANSACTIONTYPE) + ->setNewValue(!$user->getIsAdmin()); - return id(new AphrontRedirectResponse())->setURI($done_uri); + $editor = id(new PhabricatorUserTransactionEditor()) + ->setActor($viewer) + ->setContentSourceFromRequest($request) + ->setContinueOnMissingFields(true); + + try { + $editor->applyTransactions($user, $xactions); + return id(new AphrontRedirectResponse())->setURI($done_uri); + } catch (PhabricatorApplicationTransactionValidationException $ex) { + $validation_exception = $ex; + } } if ($user->getIsAdmin()) { @@ -60,6 +64,7 @@ final class PhabricatorPeopleEmpowerController } return $this->newDialog() + ->setValidationException($validation_exception) ->setTitle($title) ->setShortTitle($short) ->appendParagraph($body) diff --git a/src/applications/people/editor/PhabricatorUserEditor.php b/src/applications/people/editor/PhabricatorUserEditor.php index 8092824a0c..c8068858da 100644 --- a/src/applications/people/editor/PhabricatorUserEditor.php +++ b/src/applications/people/editor/PhabricatorUserEditor.php @@ -131,45 +131,6 @@ final class PhabricatorUserEditor extends PhabricatorEditor { /* -( Editing Roles )------------------------------------------------------ */ - - /** - * @task role - */ - public function makeAdminUser(PhabricatorUser $user, $admin) { - $actor = $this->requireActor(); - - if (!$user->getID()) { - throw new Exception(pht('User has not been created yet!')); - } - - $user->openTransaction(); - $user->beginWriteLocking(); - - $user->reload(); - if ($user->getIsAdmin() == $admin) { - $user->endWriteLocking(); - $user->killTransaction(); - return $this; - } - - $log = PhabricatorUserLog::initializeNewLog( - $actor, - $user->getPHID(), - PhabricatorUserLog::ACTION_ADMIN); - $log->setOldValue($user->getIsAdmin()); - $log->setNewValue($admin); - - $user->setIsAdmin((int)$admin); - $user->save(); - - $log->save(); - - $user->endWriteLocking(); - $user->saveTransaction(); - - return $this; - } - /** * @task role */ diff --git a/src/applications/people/xaction/PhabricatorUserEmpowerTransaction.php b/src/applications/people/xaction/PhabricatorUserEmpowerTransaction.php new file mode 100644 index 0000000000..12d6dc7523 --- /dev/null +++ b/src/applications/people/xaction/PhabricatorUserEmpowerTransaction.php @@ -0,0 +1,95 @@ +getIsAdmin(); + } + + public function generateNewValue($object, $value) { + return (bool)$value; + } + + public function applyInternalEffects($object, $value) { + $object->setIsAdmin((int)$value); + } + + public function applyExternalEffects($object, $value) { + $user = $object; + + $this->newUserLog(PhabricatorUserLog::ACTION_ADMIN) + ->setOldValue($this->getOldValue()) + ->setNewValue($value) + ->save(); + } + + public function validateTransactions($object, array $xactions) { + $user = $object; + $actor = $this->getActor(); + + $errors = array(); + foreach ($xactions as $xaction) { + $old = $xaction->getOldValue(); + $new = $xaction->getNewValue(); + + if ($old === $new) { + continue; + } + + if ($user->getPHID() === $actor->getPHID()) { + $errors[] = $this->newInvalidError( + pht('After a time, your efforts fail. You can not adjust your own '. + 'status as an administrator.'), $xaction); + } + + if (!$actor->getIsAdmin()) { + $errors[] = $this->newInvalidError( + pht('You must be an administrator to create administrators.'), + $xaction); + } + } + + return $errors; + } + + public function getTitle() { + $new = $this->getNewValue(); + if ($new) { + return pht( + '%s empowered this user as an administrator.', + $this->renderAuthor()); + } else { + return pht( + '%s defrocked this user.', + $this->renderAuthor()); + } + } + + public function getTitleForFeed() { + $new = $this->getNewValue(); + if ($new) { + return pht( + '%s empowered %s as an administrator.', + $this->renderAuthor(), + $this->renderObject()); + } else { + return pht( + '%s defrocked %s.', + $this->renderAuthor(), + $this->renderObject()); + } + } + + public function getRequiredCapabilities( + $object, + PhabricatorApplicationTransaction $xaction) { + + // Unlike normal user edits, admin promotions require admin + // permissions, which is enforced by validateTransactions(). + + return null; + } +} From 46052878b1de10f33feab0895c8c90d2e87c20ec Mon Sep 17 00:00:00 2001 From: epriestley Date: Fri, 14 Dec 2018 05:39:53 -0800 Subject: [PATCH 05/44] Bind MFA challenges to particular workflows, like signing a specific Legalpad document Summary: Depends on D19888. Ref T13222. When we issue an MFA challenge, prevent the user from responding to it in the context of a different workflow: if you ask for MFA to do something minor (award a token) you can't use the same challenge to do something more serious (launch nukes). This defuses highly-hypothetical attacks where the attacker: - already controls the user's session (since the challenge is already bound to the session); and - can observe MFA codes. One version of this attack is the "spill coffee on the victim when the code is shown on their phone, then grab their phone" attack. This whole vector really strains the bounds of plausibility, but it's easy to lock challenges to a workflow and it's possible that there's some more clever version of the "spill coffee" attack available to more sophisticated social engineers or with future MFA factors which we don't yet support. The "spill coffee" attack, in detail, is: - Go over to the victim's desk. - Ask them to do something safe and nonsuspicious that requires MFA (sign `L123 Best Friendship Agreement`). - When they unlock their phone, spill coffee all over them. - Urge them to go to the bathroom to clean up immediately, leaving their phone and computer in your custody. - Type the MFA code shown on the phone into a dangerous MFA prompt (sign `L345 Eternal Declaration of War`). - When they return, they may not suspect anything (it would be normal for the MFA token to have expired), or you can spill more coffee on their computer now to destroy it, and blame it on the earlier spill. Test Plan: - Triggered signatures for two different documents. - Got prompted in one, got a "wait" in the other. - Backed out of the good prompt, returned, still prompted. - Answered the good prompt. - Waited for the bad prompt to expire. - Went through the bad prompt again, got an actual prompt this time. Reviewers: amckinley Reviewed By: amckinley Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam Maniphest Tasks: T13222 Differential Revision: https://secure.phabricator.com/D19889 --- .../20181214.auth.01.workflowkey.sql | 2 ++ .../engine/PhabricatorAuthSessionEngine.php | 24 +++++++++++++++++++ .../auth/factor/PhabricatorAuthFactor.php | 5 +++- .../auth/factor/PhabricatorTOTPAuthFactor.php | 14 +++++++++++ .../auth/storage/PhabricatorAuthChallenge.php | 2 ++ .../storage/PhabricatorAuthFactorConfig.php | 15 ++++++++++++ .../LegalpadDocumentSignController.php | 5 ++++ 7 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 resources/sql/autopatches/20181214.auth.01.workflowkey.sql diff --git a/resources/sql/autopatches/20181214.auth.01.workflowkey.sql b/resources/sql/autopatches/20181214.auth.01.workflowkey.sql new file mode 100644 index 0000000000..538778e218 --- /dev/null +++ b/resources/sql/autopatches/20181214.auth.01.workflowkey.sql @@ -0,0 +1,2 @@ +ALTER TABLE {$NAMESPACE}_auth.auth_challenge + ADD workflowKey VARCHAR(255) NOT NULL COLLATE {$COLLATE_TEXT}; diff --git a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php index acd16f690f..f3814b949d 100644 --- a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php +++ b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php @@ -46,6 +46,26 @@ final class PhabricatorAuthSessionEngine extends Phobject { const ONETIME_USERNAME = 'rename'; + private $workflowKey; + + public function setWorkflowKey($workflow_key) { + $this->workflowKey = $workflow_key; + return $this; + } + + public function getWorkflowKey() { + + // TODO: A workflow key should become required in order to issue an MFA + // challenge, but allow things to keep working for now until we can update + // callsites. + if ($this->workflowKey === null) { + return 'legacy'; + } + + return $this->workflowKey; + } + + /** * Get the session kind (e.g., anonymous, user, external account) from a * session token. Returns a `KIND_` constant. @@ -473,6 +493,10 @@ final class PhabricatorAuthSessionEngine extends Phobject { return $this->issueHighSecurityToken($session, true); } + foreach ($factors as $factor) { + $factor->setSessionEngine($this); + } + // Check for a rate limit without awarding points, so the user doesn't // get partway through the workflow only to get blocked. PhabricatorSystemActionEngine::willTakeAction( diff --git a/src/applications/auth/factor/PhabricatorAuthFactor.php b/src/applications/auth/factor/PhabricatorAuthFactor.php index 2b8ec486e2..be99df9c79 100644 --- a/src/applications/auth/factor/PhabricatorAuthFactor.php +++ b/src/applications/auth/factor/PhabricatorAuthFactor.php @@ -43,10 +43,13 @@ abstract class PhabricatorAuthFactor extends Phobject { PhabricatorAuthFactorConfig $config, PhabricatorUser $viewer) { + $engine = $config->getSessionEngine(); + return id(new PhabricatorAuthChallenge()) ->setUserPHID($viewer->getPHID()) ->setSessionPHID($viewer->getSession()->getPHID()) - ->setFactorPHID($config->getPHID()); + ->setFactorPHID($config->getPHID()) + ->setWorkflowKey($engine->getWorkflowKey()); } final public function getNewIssuedChallenges( diff --git a/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php b/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php index 7f426d0138..373745e244 100644 --- a/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php +++ b/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php @@ -225,6 +225,9 @@ final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor { $session_phid = $viewer->getSession()->getPHID(); + $engine = $config->getSessionEngine(); + $workflow_key = $engine->getWorkflowKey(); + foreach ($challenges as $challenge) { $challenge_timestep = (int)$challenge->getChallengeKey(); @@ -249,6 +252,17 @@ final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor { 'again.', new PhutilNumber($wait_duration))); } + + if ($challenge->getWorkflowKey() !== $workflow_key) { + return $this->newResult() + ->setIsWait(true) + ->setErrorMessage( + pht( + 'This factor recently issued a challenge for a different '. + 'workflow. Wait %s seconds for the code to cycle, then try '. + 'again.', + new PhutilNumber($wait_duration))); + } } return null; diff --git a/src/applications/auth/storage/PhabricatorAuthChallenge.php b/src/applications/auth/storage/PhabricatorAuthChallenge.php index 4ef2a7054f..63d2092e49 100644 --- a/src/applications/auth/storage/PhabricatorAuthChallenge.php +++ b/src/applications/auth/storage/PhabricatorAuthChallenge.php @@ -7,6 +7,7 @@ final class PhabricatorAuthChallenge protected $userPHID; protected $factorPHID; protected $sessionPHID; + protected $workflowKey; protected $challengeKey; protected $challengeTTL; protected $properties = array(); @@ -20,6 +21,7 @@ final class PhabricatorAuthChallenge self::CONFIG_COLUMN_SCHEMA => array( 'challengeKey' => 'text255', 'challengeTTL' => 'epoch', + 'workflowKey' => 'text255', ), self::CONFIG_KEY_SCHEMA => array( 'key_issued' => array( diff --git a/src/applications/auth/storage/PhabricatorAuthFactorConfig.php b/src/applications/auth/storage/PhabricatorAuthFactorConfig.php index 8420ea9ba7..2bed939402 100644 --- a/src/applications/auth/storage/PhabricatorAuthFactorConfig.php +++ b/src/applications/auth/storage/PhabricatorAuthFactorConfig.php @@ -8,6 +8,8 @@ final class PhabricatorAuthFactorConfig extends PhabricatorAuthDAO { protected $factorSecret; protected $properties = array(); + private $sessionEngine; + protected function getConfiguration() { return array( self::CONFIG_SERIALIZATION => array( @@ -49,4 +51,17 @@ final class PhabricatorAuthFactorConfig extends PhabricatorAuthDAO { return $impl; } + public function setSessionEngine(PhabricatorAuthSessionEngine $engine) { + $this->sessionEngine = $engine; + return $this; + } + + public function getSessionEngine() { + if (!$this->sessionEngine) { + throw new PhutilInvalidStateException('setSessionEngine'); + } + + return $this->sessionEngine; + } + } diff --git a/src/applications/legalpad/controller/LegalpadDocumentSignController.php b/src/applications/legalpad/controller/LegalpadDocumentSignController.php index 8ef35e3493..27769432c2 100644 --- a/src/applications/legalpad/controller/LegalpadDocumentSignController.php +++ b/src/applications/legalpad/controller/LegalpadDocumentSignController.php @@ -154,7 +154,12 @@ final class LegalpadDocumentSignController extends LegalpadController { // Require two-factor auth to sign legal documents. if ($viewer->isLoggedIn()) { + $workflow_key = sprintf( + 'legalpad.sign(%s)', + $document->getPHID()); + $hisec_token = id(new PhabricatorAuthSessionEngine()) + ->setWorkflowKey($workflow_key) ->requireHighSecurityToken( $viewer, $request, From 95ea4f11b94f7ce9cc26a91423374684e5b8d2bf Mon Sep 17 00:00:00 2001 From: Austin McKinley Date: Tue, 18 Dec 2018 12:06:29 -0800 Subject: [PATCH 06/44] Fix sorting bug in ProjectDatasource Summary: See https://discourse.phabricator-community.org/t/typeahead-returning-only-archived-results/2220. Ref T12538. If a user has more than 100 disabled projects matching their search term, only disabled projects will be returned in the typeahead search results. Test Plan: Harcoded hard limit in `PhabricatorTypeaheadModularDatasourceController` to force truncation of search results, observed active project on top of results as expected. Reviewers: epriestley Reviewed By: epriestley Subscribers: Korvin Maniphest Tasks: T12538 Differential Revision: https://secure.phabricator.com/D19907 --- src/applications/project/query/PhabricatorProjectQuery.php | 5 +++++ .../project/typeahead/PhabricatorProjectDatasource.php | 3 ++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/applications/project/query/PhabricatorProjectQuery.php b/src/applications/project/query/PhabricatorProjectQuery.php index 9b051c00dd..293378355e 100644 --- a/src/applications/project/query/PhabricatorProjectQuery.php +++ b/src/applications/project/query/PhabricatorProjectQuery.php @@ -187,6 +187,11 @@ final class PhabricatorProjectQuery 'column' => 'milestoneNumber', 'type' => 'int', ), + 'status' => array( + 'table' => $this->getPrimaryTableAlias(), + 'column' => 'status', + 'type' => 'int', + ), ); } diff --git a/src/applications/project/typeahead/PhabricatorProjectDatasource.php b/src/applications/project/typeahead/PhabricatorProjectDatasource.php index d0abcad2ca..e5b24335cf 100644 --- a/src/applications/project/typeahead/PhabricatorProjectDatasource.php +++ b/src/applications/project/typeahead/PhabricatorProjectDatasource.php @@ -26,7 +26,8 @@ final class PhabricatorProjectDatasource $query = id(new PhabricatorProjectQuery()) ->needImages(true) - ->needSlugs(true); + ->needSlugs(true) + ->setOrderVector(array('-status', 'id')); if ($this->getPhase() == self::PHASE_PREFIX) { $prefix = $this->getPrefixQuery(); From 38083f6f9efe1389e5d12bef971a9fb25e58798b Mon Sep 17 00:00:00 2001 From: epriestley Date: Tue, 18 Dec 2018 15:14:44 -0800 Subject: [PATCH 07/44] Slightly modernize PholioImageQuery Summary: Ref T11351. My end goal is to remove `applyInitialEffects()` from Pholio to clear the way for D19897. Start with some query modernization. Test Plan: Browsed Pholio, nothing appeared to have changed. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T11351 Differential Revision: https://secure.phabricator.com/D19910 --- .../pholio/query/PholioImageQuery.php | 33 +++++++------------ 1 file changed, 11 insertions(+), 22 deletions(-) diff --git a/src/applications/pholio/query/PholioImageQuery.php b/src/applications/pholio/query/PholioImageQuery.php index 79ffdc56d7..5f541f1768 100644 --- a/src/applications/pholio/query/PholioImageQuery.php +++ b/src/applications/pholio/query/PholioImageQuery.php @@ -44,43 +44,32 @@ final class PholioImageQuery return $this->mockCache; } - protected function loadPage() { - $table = new PholioImage(); - $conn_r = $table->establishConnection('r'); - - $data = queryfx_all( - $conn_r, - 'SELECT * FROM %T %Q %Q %Q', - $table->getTableName(), - $this->buildWhereClause($conn_r), - $this->buildOrderClause($conn_r), - $this->buildLimitClause($conn_r)); - - $images = $table->loadAllFromArray($data); - - return $images; + public function newResultObject() { + return new PholioImage(); } - protected function buildWhereClause(AphrontDatabaseConnection $conn) { - $where = array(); + protected function loadPage() { + return $this->loadStandardPage($this->newResultObject()); + } - $where[] = $this->buildPagingClause($conn); + protected function buildWhereClauseParts(AphrontDatabaseConnection $conn) { + $where = parent::buildWhereClauseParts($conn); - if ($this->ids) { + if ($this->ids !== null) { $where[] = qsprintf( $conn, 'id IN (%Ld)', $this->ids); } - if ($this->phids) { + if ($this->phids !== null) { $where[] = qsprintf( $conn, 'phid IN (%Ls)', $this->phids); } - if ($this->mockIDs) { + if ($this->mockIDs !== null) { $where[] = qsprintf( $conn, 'mockID IN (%Ld)', @@ -94,7 +83,7 @@ final class PholioImageQuery $this->obsolete); } - return $this->formatWhereClause($conn, $where); + return $where; } protected function willFilterPage(array $images) { From 1d84b5b86b848d7b084d82e010a36aaa7a00d0ab Mon Sep 17 00:00:00 2001 From: epriestley Date: Tue, 18 Dec 2018 15:23:07 -0800 Subject: [PATCH 08/44] Give Pholio images a more modern initializer method Summary: Depends on D19910. Ref T11351. Minor changes to make this behave in a more modern way. Test Plan: - Destroyed a mock. - Lipsum'd a mock. - Poked around, edited/viewed mocks. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T11351 Differential Revision: https://secure.phabricator.com/D19911 --- .../controller/PholioImageUploadController.php | 2 +- .../controller/PholioMockEditController.php | 4 ++-- .../PhabricatorPholioMockTestDataGenerator.php | 9 +++++---- .../pholio/storage/PholioImage.php | 18 ++++++++++++------ src/applications/pholio/storage/PholioMock.php | 7 ++++--- 5 files changed, 24 insertions(+), 16 deletions(-) diff --git a/src/applications/pholio/controller/PholioImageUploadController.php b/src/applications/pholio/controller/PholioImageUploadController.php index 0329d3eb1d..39dd661a4a 100644 --- a/src/applications/pholio/controller/PholioImageUploadController.php +++ b/src/applications/pholio/controller/PholioImageUploadController.php @@ -22,7 +22,7 @@ final class PholioImageUploadController extends PholioController { $title = $file->getName(); } - $image = id(new PholioImage()) + $image = PholioImage::initializeNewImage() ->attachFile($file) ->setName($title) ->setDescription($description) diff --git a/src/applications/pholio/controller/PholioMockEditController.php b/src/applications/pholio/controller/PholioMockEditController.php index 89d1fe2a50..9a09c9bc67 100644 --- a/src/applications/pholio/controller/PholioMockEditController.php +++ b/src/applications/pholio/controller/PholioMockEditController.php @@ -140,7 +140,7 @@ final class PholioMockEditController extends PholioController { $sequence = $sequence_map[$file_phid]; if ($replaces_image_phid) { - $replace_image = id(new PholioImage()) + $replace_image = PholioImage::initializeNewImage() ->setReplacesImagePHID($replaces_image_phid) ->setFilePhid($file_phid) ->attachFile($file) @@ -153,7 +153,7 @@ final class PholioMockEditController extends PholioController { ->setNewValue($replace_image); $posted_mock_images[] = $replace_image; } else if (!$existing_image) { // this is an add - $add_image = id(new PholioImage()) + $add_image = PholioImage::initializeNewImage() ->setFilePhid($file_phid) ->attachFile($file) ->setName(strlen($title) ? $title : $file->getName()) diff --git a/src/applications/pholio/lipsum/PhabricatorPholioMockTestDataGenerator.php b/src/applications/pholio/lipsum/PhabricatorPholioMockTestDataGenerator.php index 039b0ddeef..c038fcf922 100644 --- a/src/applications/pholio/lipsum/PhabricatorPholioMockTestDataGenerator.php +++ b/src/applications/pholio/lipsum/PhabricatorPholioMockTestDataGenerator.php @@ -41,10 +41,11 @@ final class PhabricatorPholioMockTestDataGenerator $sequence = 0; $images = array(); foreach ($files as $file) { - $image = new PholioImage(); - $image->setFilePHID($file->getPHID()); - $image->setSequence($sequence++); - $image->attachMock($mock); + $image = PholioImage::initializeNewImage() + ->setFilePHID($file->getPHID()) + ->setSequence($sequence++) + ->attachMock($mock); + $images[] = $image; } diff --git a/src/applications/pholio/storage/PholioImage.php b/src/applications/pholio/storage/PholioImage.php index 70f6e8b8c4..e0b55bae10 100644 --- a/src/applications/pholio/storage/PholioImage.php +++ b/src/applications/pholio/storage/PholioImage.php @@ -9,16 +9,23 @@ final class PholioImage extends PholioDAO protected $mockID; protected $filePHID; - protected $name = ''; - protected $description = ''; + protected $name; + protected $description; protected $sequence; - protected $isObsolete = 0; + protected $isObsolete; protected $replacesImagePHID = null; private $inlineComments = self::ATTACHABLE; private $file = self::ATTACHABLE; private $mock = self::ATTACHABLE; + public static function initializeNewImage() { + return id(new self()) + ->setName('') + ->setDescription('') + ->setIsObsolete(0); + } + protected function getConfiguration() { return array( self::CONFIG_AUX_PHID => true, @@ -43,8 +50,8 @@ final class PholioImage extends PholioDAO ) + parent::getConfiguration(); } - public function generatePHID() { - return PhabricatorPHID::generateNewPHID(PholioImagePHIDType::TYPECONST); + public function getPHIDType() { + return PholioImagePHIDType::TYPECONST; } public function attachFile(PhabricatorFile $file) { @@ -67,7 +74,6 @@ final class PholioImage extends PholioDAO return $this->mock; } - public function attachInlineComments(array $inline_comments) { assert_instances_of($inline_comments, 'PholioTransactionComment'); $this->inlineComments = $inline_comments; diff --git a/src/applications/pholio/storage/PholioMock.php b/src/applications/pholio/storage/PholioMock.php index 569513cb46..7ce4ece479 100644 --- a/src/applications/pholio/storage/PholioMock.php +++ b/src/applications/pholio/storage/PholioMock.php @@ -295,9 +295,10 @@ final class PholioMock extends PholioDAO PhabricatorDestructionEngine $engine) { $this->openTransaction(); - $images = id(new PholioImage())->loadAllWhere( - 'mockID = %d', - $this->getID()); + $images = id(new PholioImageQuery()) + ->setViewer($engine->getViewer()) + ->withMockIDs(array($this->getID())) + ->execute(); foreach ($images as $image) { $image->delete(); } From c4c5d8a21093ddf9a325319c08bad2f3429036bc Mon Sep 17 00:00:00 2001 From: epriestley Date: Tue, 18 Dec 2018 15:38:00 -0800 Subject: [PATCH 09/44] Un-implement MarkupInterface from Mocks and Images in Pholio Summary: Depends on D19911. Ref T11351. `MarkupInterface` has mostly been replaced with `PHUIRemarkupView`, and isn't really doing anything for us here. Get rid of it to simplify the code. Test Plan: Viewed various mocks with descriptions and image descriptions, saw remarkup presented properly. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T11351 Differential Revision: https://secure.phabricator.com/D19912 --- src/__phutil_library_map__.php | 2 - .../controller/PholioMockViewController.php | 7 +--- .../pholio/storage/PholioImage.php | 28 +------------- .../pholio/storage/PholioMock.php | 38 ------------------- .../pholio/view/PholioMockImagesView.php | 16 +------- 5 files changed, 4 insertions(+), 87 deletions(-) diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php index 8478bb45d5..deaaae0e98 100644 --- a/src/__phutil_library_map__.php +++ b/src/__phutil_library_map__.php @@ -10946,7 +10946,6 @@ phutil_register_library_map(array( 'PholioDefaultViewCapability' => 'PhabricatorPolicyCapability', 'PholioImage' => array( 'PholioDAO', - 'PhabricatorMarkupInterface', 'PhabricatorPolicyInterface', ), 'PholioImageDescriptionTransaction' => 'PholioImageTransactionType', @@ -10962,7 +10961,6 @@ phutil_register_library_map(array( 'PholioInlineListController' => 'PholioController', 'PholioMock' => array( 'PholioDAO', - 'PhabricatorMarkupInterface', 'PhabricatorPolicyInterface', 'PhabricatorSubscribableInterface', 'PhabricatorTokenReceiverInterface', diff --git a/src/applications/pholio/controller/PholioMockViewController.php b/src/applications/pholio/controller/PholioMockViewController.php index 2ab31d0d96..fd601f0a32 100644 --- a/src/applications/pholio/controller/PholioMockViewController.php +++ b/src/applications/pholio/controller/PholioMockViewController.php @@ -37,10 +37,6 @@ final class PholioMockViewController extends PholioController { PholioMockHasTaskEdgeType::EDGECONST); $this->setManiphestTaskPHIDs($phids); - $engine = id(new PhabricatorMarkupEngine()) - ->setViewer($viewer); - $engine->addObject($mock, PholioMock::MARKUP_FIELD_DESCRIPTION); - $title = $mock->getName(); if ($mock->isClosed()) { @@ -62,8 +58,7 @@ final class PholioMockViewController extends PholioController { $timeline = $this->buildTransactionTimeline( $mock, - new PholioTransactionQuery(), - $engine); + new PholioTransactionQuery()); $timeline->setMock($mock); $curtain = $this->buildCurtainView($mock); diff --git a/src/applications/pholio/storage/PholioImage.php b/src/applications/pholio/storage/PholioImage.php index e0b55bae10..92694fb806 100644 --- a/src/applications/pholio/storage/PholioImage.php +++ b/src/applications/pholio/storage/PholioImage.php @@ -2,11 +2,8 @@ final class PholioImage extends PholioDAO implements - PhabricatorMarkupInterface, PhabricatorPolicyInterface { - const MARKUP_FIELD_DESCRIPTION = 'markup:description'; - protected $mockID; protected $filePHID; protected $name; @@ -86,32 +83,9 @@ final class PholioImage extends PholioDAO } -/* -( PhabricatorMarkupInterface )----------------------------------------- */ - - - public function getMarkupFieldKey($field) { - $content = $this->getMarkupText($field); - return PhabricatorMarkupEngine::digestRemarkupContent($this, $content); - } - - public function newMarkupEngine($field) { - return PhabricatorMarkupEngine::newMarkupEngine(array()); - } - - public function getMarkupText($field) { - return $this->getDescription(); - } - - public function didMarkupText($field, $output, PhutilMarkupEngine $engine) { - return $output; - } - - public function shouldUseMarkupCache($field) { - return (bool)$this->getID(); - } - /* -( PhabricatorPolicyInterface Implementation )-------------------------- */ + public function getCapabilities() { return $this->getMock()->getCapabilities(); } diff --git a/src/applications/pholio/storage/PholioMock.php b/src/applications/pholio/storage/PholioMock.php index 7ce4ece479..cf32a34131 100644 --- a/src/applications/pholio/storage/PholioMock.php +++ b/src/applications/pholio/storage/PholioMock.php @@ -2,7 +2,6 @@ final class PholioMock extends PholioDAO implements - PhabricatorMarkupInterface, PhabricatorPolicyInterface, PhabricatorSubscribableInterface, PhabricatorTokenReceiverInterface, @@ -15,8 +14,6 @@ final class PholioMock extends PholioDAO PhabricatorFulltextInterface, PhabricatorFerretInterface { - const MARKUP_FIELD_DESCRIPTION = 'markup:description'; - const STATUS_OPEN = 'open'; const STATUS_CLOSED = 'closed'; @@ -216,41 +213,6 @@ final class PholioMock extends PholioDAO } -/* -( PhabricatorMarkupInterface )----------------------------------------- */ - - - public function getMarkupFieldKey($field) { - $content = $this->getMarkupText($field); - return PhabricatorMarkupEngine::digestRemarkupContent($this, $content); - } - - public function newMarkupEngine($field) { - return PhabricatorMarkupEngine::newMarkupEngine(array()); - } - - public function getMarkupText($field) { - if ($this->getDescription()) { - return $this->getDescription(); - } - - return null; - } - - public function didMarkupText($field, $output, PhutilMarkupEngine $engine) { - require_celerity_resource('phabricator-remarkup-css'); - return phutil_tag( - 'div', - array( - 'class' => 'phabricator-remarkup', - ), - $output); - } - - public function shouldUseMarkupCache($field) { - return (bool)$this->getID(); - } - - /* -( PhabricatorApplicationTransactionInterface )------------------------- */ diff --git a/src/applications/pholio/view/PholioMockImagesView.php b/src/applications/pholio/view/PholioMockImagesView.php index c95d8827d3..d5ac41cd03 100644 --- a/src/applications/pholio/view/PholioMockImagesView.php +++ b/src/applications/pholio/view/PholioMockImagesView.php @@ -72,13 +72,6 @@ final class PholioMockImagesView extends AphrontView { $default = PhabricatorFile::loadBuiltin($viewer, 'image-100x100.png'); - $engine = id(new PhabricatorMarkupEngine()) - ->setViewer($this->getUser()); - foreach ($mock->getAllImages() as $image) { - $engine->addObject($image, 'default'); - } - $engine->process(); - $images = array(); $current_set = 0; foreach ($mock->getAllImages() as $image) { @@ -92,14 +85,9 @@ final class PholioMockImagesView extends AphrontView { $current_set++; } - $description = $engine->getOutput($image, 'default'); + $description = $image->getDescription(); if (strlen($description)) { - $description = phutil_tag( - 'div', - array( - 'class' => 'phabricator-remarkup', - ), - $description); + $description = new PHUIRemarkupView($viewer, $description); } $history_uri = '/pholio/image/history/'.$image->getID().'/'; From aa3b2ec5dcd0ba91e36d5a0b59f37f27ec78b57c Mon Sep 17 00:00:00 2001 From: epriestley Date: Tue, 18 Dec 2018 15:54:27 -0800 Subject: [PATCH 10/44] Give Pholio Images an authorPHID and use ExtendedPolicies to implement policy behavior Summary: Depends on D19912. Ref T11351. Images currently use `getMock()->getPolicy()` stuff to define policies. This causes bugs with object policies like "Subscribers", since the policy engine tries to evaluate the subscribers //for the image// when the intent is to evaluate the subscribers for the mock. Move this to ExtendedPolicies to fix the behavior, and give Images sensible policy behavior when they aren't attached to a mock (specifically: only the user who created the image can see it). Test Plan: Applied migrations, created and edited mocks and images without anything blowing up. Set mock visibility to "Subscribers", everything worked great. Reviewers: amckinley Reviewed By: amckinley Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam Maniphest Tasks: T11351 Differential Revision: https://secure.phabricator.com/D19913 --- .../20181218.pholio.01.imageauthor.sql | 2 + src/__phutil_library_map__.php | 1 + .../PholioImageUploadController.php | 1 + .../controller/PholioMockEditController.php | 2 + .../controller/PholioMockViewController.php | 19 ++++---- ...PhabricatorPholioMockTestDataGenerator.php | 1 + .../pholio/storage/PholioImage.php | 46 +++++++++++++++---- 7 files changed, 53 insertions(+), 19 deletions(-) create mode 100644 resources/sql/autopatches/20181218.pholio.01.imageauthor.sql diff --git a/resources/sql/autopatches/20181218.pholio.01.imageauthor.sql b/resources/sql/autopatches/20181218.pholio.01.imageauthor.sql new file mode 100644 index 0000000000..4ff0a16258 --- /dev/null +++ b/resources/sql/autopatches/20181218.pholio.01.imageauthor.sql @@ -0,0 +1,2 @@ +ALTER TABLE {$NAMESPACE}_pholio.pholio_image + ADD authorPHID VARBINARY(64) NOT NULL; diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php index deaaae0e98..7767a93561 100644 --- a/src/__phutil_library_map__.php +++ b/src/__phutil_library_map__.php @@ -10947,6 +10947,7 @@ phutil_register_library_map(array( 'PholioImage' => array( 'PholioDAO', 'PhabricatorPolicyInterface', + 'PhabricatorExtendedPolicyInterface', ), 'PholioImageDescriptionTransaction' => 'PholioImageTransactionType', 'PholioImageFileTransaction' => 'PholioImageTransactionType', diff --git a/src/applications/pholio/controller/PholioImageUploadController.php b/src/applications/pholio/controller/PholioImageUploadController.php index 39dd661a4a..0ff5e061f5 100644 --- a/src/applications/pholio/controller/PholioImageUploadController.php +++ b/src/applications/pholio/controller/PholioImageUploadController.php @@ -23,6 +23,7 @@ final class PholioImageUploadController extends PholioController { } $image = PholioImage::initializeNewImage() + ->setAuthorPHID($viewer->getPHID()) ->attachFile($file) ->setName($title) ->setDescription($description) diff --git a/src/applications/pholio/controller/PholioMockEditController.php b/src/applications/pholio/controller/PholioMockEditController.php index 9a09c9bc67..fd1df77a8e 100644 --- a/src/applications/pholio/controller/PholioMockEditController.php +++ b/src/applications/pholio/controller/PholioMockEditController.php @@ -141,6 +141,7 @@ final class PholioMockEditController extends PholioController { if ($replaces_image_phid) { $replace_image = PholioImage::initializeNewImage() + ->setAuthorPHID($viewer->getPHID()) ->setReplacesImagePHID($replaces_image_phid) ->setFilePhid($file_phid) ->attachFile($file) @@ -154,6 +155,7 @@ final class PholioMockEditController extends PholioController { $posted_mock_images[] = $replace_image; } else if (!$existing_image) { // this is an add $add_image = PholioImage::initializeNewImage() + ->setAuthorPHID($viewer->getPHID()) ->setFilePhid($file_phid) ->attachFile($file) ->setName(strlen($title) ? $title : $file->getName()) diff --git a/src/applications/pholio/controller/PholioMockViewController.php b/src/applications/pholio/controller/PholioMockViewController.php index fd601f0a32..e24889875a 100644 --- a/src/applications/pholio/controller/PholioMockViewController.php +++ b/src/applications/pholio/controller/PholioMockViewController.php @@ -82,7 +82,7 @@ final class PholioMockViewController extends PholioController { $add_comment = $this->buildAddCommentView($mock, $comment_form_id); $crumbs = $this->buildApplicationCrumbs(); - $crumbs->addTextCrumb('M'.$mock->getID(), '/M'.$mock->getID()); + $crumbs->addTextCrumb($mock->getMonogram(), $mock->getURI()); $crumbs->setBorder(true); $thumb_grid = id(new PholioMockThumbGridView()) @@ -92,16 +92,17 @@ final class PholioMockViewController extends PholioController { $view = id(new PHUITwoColumnView()) ->setHeader($header) ->setCurtain($curtain) - ->setMainColumn(array( - $output, - $thumb_grid, - $details, - $timeline, - $add_comment, - )); + ->setMainColumn( + array( + $output, + $thumb_grid, + $details, + $timeline, + $add_comment, + )); return $this->newPage() - ->setTitle('M'.$mock->getID().' '.$title) + ->setTitle(pht('%s %s', $mock->getMonogram(), $title)) ->setCrumbs($crumbs) ->setPageObjectPHIDs(array($mock->getPHID())) ->addQuicksandConfig( diff --git a/src/applications/pholio/lipsum/PhabricatorPholioMockTestDataGenerator.php b/src/applications/pholio/lipsum/PhabricatorPholioMockTestDataGenerator.php index c038fcf922..041e14fcbf 100644 --- a/src/applications/pholio/lipsum/PhabricatorPholioMockTestDataGenerator.php +++ b/src/applications/pholio/lipsum/PhabricatorPholioMockTestDataGenerator.php @@ -42,6 +42,7 @@ final class PhabricatorPholioMockTestDataGenerator $images = array(); foreach ($files as $file) { $image = PholioImage::initializeNewImage() + ->setAuthorPHID($author_phid) ->setFilePHID($file->getPHID()) ->setSequence($sequence++) ->attachMock($mock); diff --git a/src/applications/pholio/storage/PholioImage.php b/src/applications/pholio/storage/PholioImage.php index 92694fb806..0f800bbb0f 100644 --- a/src/applications/pholio/storage/PholioImage.php +++ b/src/applications/pholio/storage/PholioImage.php @@ -2,8 +2,10 @@ final class PholioImage extends PholioDAO implements - PhabricatorPolicyInterface { + PhabricatorPolicyInterface, + PhabricatorExtendedPolicyInterface { + protected $authorPHID; protected $mockID; protected $filePHID; protected $name; @@ -57,8 +59,7 @@ final class PholioImage extends PholioDAO } public function getFile() { - $this->assertAttached($this->file); - return $this->file; + return $this->assertAttached($this->file); } public function attachMock(PholioMock $mock) { @@ -67,8 +68,7 @@ final class PholioImage extends PholioDAO } public function getMock() { - $this->assertAttached($this->mock); - return $this->mock; + return $this->assertAttached($this->mock); } public function attachInlineComments(array $inline_comments) { @@ -83,20 +83,46 @@ final class PholioImage extends PholioDAO } -/* -( PhabricatorPolicyInterface Implementation )-------------------------- */ +/* -( PhabricatorPolicyInterface )----------------------------------------- */ public function getCapabilities() { - return $this->getMock()->getCapabilities(); + return array( + PhabricatorPolicyCapability::CAN_VIEW, + PhabricatorPolicyCapability::CAN_EDIT, + ); } public function getPolicy($capability) { - return $this->getMock()->getPolicy($capability); + // If the image is attached to a mock, we use an extended policy to match + // the mock's permissions. + if ($this->getMockID()) { + return PhabricatorPolicies::getMostOpenPolicy(); + } + + // If the image is not attached to a mock, only the author can see it. + return $this->getAuthorPHID(); } - // really the *mock* controls who can see an image public function hasAutomaticCapability($capability, PhabricatorUser $viewer) { - return $this->getMock()->hasAutomaticCapability($capability, $viewer); + return false; + } + + +/* -( PhabricatorExtendedPolicyInterface )--------------------------------- */ + + + public function getExtendedPolicy($capability, PhabricatorUser $viewer) { + if ($this->getMockID()) { + return array( + array( + $this->getMock(), + $capability, + ), + ); + } + + return array(); } } From 979187132d7b3d6750ba9e3b4b1bb7efbab501d7 Mon Sep 17 00:00:00 2001 From: Austin McKinley Date: Wed, 19 Dec 2018 11:31:02 -0800 Subject: [PATCH 11/44] Update accountadmin to use new admin empowerment code Summary: Fixes https://discourse.phabricator-community.org/t/admin-account-creation-fails-call-to-undefined-method-phabricatorusereditor-makeadminuser/2227. This callsite got skipped when updating the EmpowerController to use the new transactional admin approval code. Test Plan: Invoked `accountadmin` to promote a user, no longer got an exception. Reviewers: epriestley Reviewed By: epriestley Subscribers: Korvin Differential Revision: https://secure.phabricator.com/D19915 --- scripts/user/account_admin.php | 21 ++++++++++++++++++- .../PhabricatorAuthRegisterController.php | 21 ++++++++++++++++++- .../PhabricatorUserEmpowerTransaction.php | 5 ++++- 3 files changed, 44 insertions(+), 3 deletions(-) diff --git a/scripts/user/account_admin.php b/scripts/user/account_admin.php index 9e01896637..4ad722e125 100755 --- a/scripts/user/account_admin.php +++ b/scripts/user/account_admin.php @@ -200,9 +200,28 @@ $user->openTransaction(); $editor->updateUser($user, $verify_email); } - $editor->makeAdminUser($user, $set_admin); $editor->makeSystemAgentUser($user, $set_system_agent); + $xactions = array(); + $xactions[] = id(new PhabricatorUserTransaction()) + ->setTransactionType( + PhabricatorUserEmpowerTransaction::TRANSACTIONTYPE) + ->setNewValue($set_admin); + + $actor = PhabricatorUser::getOmnipotentUser(); + $content_source = PhabricatorContentSource::newForSource( + PhabricatorConsoleContentSource::SOURCECONST); + + $people_application_phid = id(new PhabricatorPeopleApplication())->getPHID(); + + $transaction_editor = id(new PhabricatorUserTransactionEditor()) + ->setActor($actor) + ->setActingAsPHID($people_application_phid) + ->setContentSource($content_source) + ->setContinueOnMissingFields(true); + + $transaction_editor->applyTransactions($user, $xactions); + $user->saveTransaction(); echo pht('Saved changes.')."\n"; diff --git a/src/applications/auth/controller/PhabricatorAuthRegisterController.php b/src/applications/auth/controller/PhabricatorAuthRegisterController.php index 1138d52b33..9e1aef592c 100644 --- a/src/applications/auth/controller/PhabricatorAuthRegisterController.php +++ b/src/applications/auth/controller/PhabricatorAuthRegisterController.php @@ -416,7 +416,26 @@ final class PhabricatorAuthRegisterController } if ($is_setup) { - $editor->makeAdminUser($user, true); + $xactions = array(); + $xactions[] = id(new PhabricatorUserTransaction()) + ->setTransactionType( + PhabricatorUserEmpowerTransaction::TRANSACTIONTYPE) + ->setNewValue(true); + + $actor = PhabricatorUser::getOmnipotentUser(); + $content_source = PhabricatorContentSource::newFromRequest( + $request); + + $people_application_phid = id(new PhabricatorPeopleApplication()) + ->getPHID(); + + $transaction_editor = id(new PhabricatorUserTransactionEditor()) + ->setActor($actor) + ->setActingAsPHID($people_application_phid) + ->setContentSource($content_source) + ->setContinueOnMissingFields(true); + + $transaction_editor->applyTransactions($user, $xactions); } $account->setUserPHID($user->getPHID()); diff --git a/src/applications/people/xaction/PhabricatorUserEmpowerTransaction.php b/src/applications/people/xaction/PhabricatorUserEmpowerTransaction.php index 12d6dc7523..1b561d3236 100644 --- a/src/applications/people/xaction/PhabricatorUserEmpowerTransaction.php +++ b/src/applications/people/xaction/PhabricatorUserEmpowerTransaction.php @@ -45,7 +45,10 @@ final class PhabricatorUserEmpowerTransaction 'status as an administrator.'), $xaction); } - if (!$actor->getIsAdmin()) { + $is_admin = $actor->getIsAdmin(); + $is_omnipotent = $actor->isOmnipotent(); + + if (!$is_admin && !$is_omnipotent) { $errors[] = $this->newInvalidError( pht('You must be an administrator to create administrators.'), $xaction); From c72d29f401e2dfa37d8077cf25cb2f013a11e2b4 Mon Sep 17 00:00:00 2001 From: Austin McKinley Date: Wed, 19 Dec 2018 16:24:12 -0800 Subject: [PATCH 12/44] Cleanup some clustering rough edges Summary: Suppress an unhelpful Almanac transaction and document the location of the secret clustering management capability. I thought maybe implementing `shouldHide` and checking for `isCreate` would work, but the binding apparently gets created before an interface is bound to it. Test Plan: Looked at a fresh binding and didn't see "Unknown Object(??)", ran bin/diviner and saw expected output. Reviewers: epriestley Reviewed By: epriestley Subscribers: Korvin Differential Revision: https://secure.phabricator.com/D19917 --- .../AlmanacBindingInterfaceTransaction.php | 21 ++++++++++++++----- .../user/cluster/cluster_repositories.diviner | 13 +++++++++++- 2 files changed, 28 insertions(+), 6 deletions(-) diff --git a/src/applications/almanac/xaction/AlmanacBindingInterfaceTransaction.php b/src/applications/almanac/xaction/AlmanacBindingInterfaceTransaction.php index f43fcdfa86..03effc028e 100644 --- a/src/applications/almanac/xaction/AlmanacBindingInterfaceTransaction.php +++ b/src/applications/almanac/xaction/AlmanacBindingInterfaceTransaction.php @@ -55,11 +55,22 @@ final class AlmanacBindingInterfaceTransaction } public function getTitle() { - return pht( - '%s changed the interface for this binding from %s to %s.', - $this->renderAuthor(), - $this->renderOldHandle(), - $this->renderNewHandle()); + if ($this->getOldValue() === null) { + return pht( + '%s set the interface for this binding to %s.', + $this->renderAuthor(), + $this->renderNewHandle()); + } else if ($this->getNewValue() == null) { + return pht( + '%s removed the interface for this binding.', + $this->renderAuthor()); + } else { + return pht( + '%s changed the interface for this binding from %s to %s.', + $this->renderAuthor(), + $this->renderOldHandle(), + $this->renderNewHandle()); + } } public function validateTransactions($object, array $xactions) { diff --git a/src/docs/user/cluster/cluster_repositories.diviner b/src/docs/user/cluster/cluster_repositories.diviner index 13307d0b79..9e4b324a58 100644 --- a/src/docs/user/cluster/cluster_repositories.diviner +++ b/src/docs/user/cluster/cluster_repositories.diviner @@ -98,7 +98,7 @@ repository to retrieve the data it needs. It will use the result of this query to respond to the user. -Setting up a Cluster Services +Setting up Cluster Services ============================= To set up clustering, first register the devices that you want to use as part @@ -107,6 +107,17 @@ of the cluster with Almanac. For details, see @{article:Cluster: Devices}. NOTE: Once you create a service, new repositories will immediately allocate on it. You may want to disable repository creation during initial setup. +NOTE: To create clustered services, your account must have the "Can Manage +Cluster Services" capability. By default, no accounts have this capability, +and you must enable it by changing the configuration of the Almanac +application. Navigate to the Alamanc application configuration as follows: +{nav icon=home, name=Home > +Applications > +Almanac > +Configure > +Edit Policies > +Can Manage Cluster Services } + Once the hosts are registered as devices, you can create a new service in Almanac: From 2de632d4fe98d7a0369d49c4669a7961122f6f16 Mon Sep 17 00:00:00 2001 From: Austin McKinley Date: Thu, 20 Dec 2018 13:50:15 -0800 Subject: [PATCH 13/44] Update continue/break for php 7.3 Summary: Fixes https://discourse.phabricator-community.org/t/error-on-project-creation-or-edition-with-php7-3/2236 I didn't actually repro this because I don't have php 7.3 installed. I'm also not sure if the `break; break` was intentional or not, since I'm not sure you could ever reach two consecutive break statements. Test Plan: Created some projects. Didn't actually try to hit the code that fires if you're making a project both a subproject and a milestone. Reviewers: epriestley Reviewed By: epriestley Subscribers: Korvin Differential Revision: https://secure.phabricator.com/D19925 --- .../project/editor/PhabricatorProjectTransactionEditor.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/applications/project/editor/PhabricatorProjectTransactionEditor.php b/src/applications/project/editor/PhabricatorProjectTransactionEditor.php index 581ec23153..ee2c087085 100644 --- a/src/applications/project/editor/PhabricatorProjectTransactionEditor.php +++ b/src/applications/project/editor/PhabricatorProjectTransactionEditor.php @@ -55,12 +55,12 @@ final class PhabricatorProjectTransactionEditor case PhabricatorProjectParentTransaction::TRANSACTIONTYPE: case PhabricatorProjectMilestoneTransaction::TRANSACTIONTYPE: if ($xaction->getNewValue() === null) { - continue; + continue 2; } if (!$parent_xaction) { $parent_xaction = $xaction; - continue; + continue 2; } $errors[] = new PhabricatorApplicationTransactionValidationError( @@ -71,8 +71,7 @@ final class PhabricatorProjectTransactionEditor 'project or milestone project. A project can not be both a '. 'subproject and a milestone.'), $xaction); - break; - break; + break 2; } } From 0673e79d6d96fcb5baa88062291a617cd3b56eda Mon Sep 17 00:00:00 2001 From: epriestley Date: Fri, 14 Dec 2018 07:50:29 -0800 Subject: [PATCH 14/44] Simplify and correct some challenge TTL lockout code Summary: Depends on D19889. Ref T13222. Some of this logic is either not-quite-right or a little more complicated than it needs to be. Currently, we TTL TOTP challenges after three timesteps -- once the current code could no longer be used. But we actually have to TTL it after five timesteps -- once the most-future acceptable code could no longer be used. Otherwise, you can enter the most-future code now (perhaps the attacker compromises NTP and skews the server clock back by 75 seconds) and then an attacker can re-use it in three timesteps. Generally, simplify things a bit and trust TTLs more. This also makes the "wait" dialog friendlier since we can give users an exact number of seconds. The overall behavior here is still a little odd because we don't actually require you to respond to the challenge you were issued (right now, we check that the response is valid whenever you submit it, not that it's a valid response to the challenge we issued), but that will change in a future diff. This is just moving us generally in the right direction, and doesn't yet lock everything down properly. Test Plan: - Added a little snippet to the control caption to list all the valid codes to make this easier: ``` $key = new PhutilOpaqueEnvelope($config->getFactorSecret()); $valid = array(); foreach ($this->getAllowedTimesteps() as $step) { $valid[] = self::getTOTPCode($key, $step); } $control->setCaption( pht( 'Valid Codes: '.implode(', ', $valid))); ``` - Used the most-future code to sign `L3`. - Verified that `L4` did not unlock until the code for `L3` left the activation window. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13222 Differential Revision: https://secure.phabricator.com/D19890 --- .../action/PhabricatorAuthTryFactorAction.php | 2 +- .../auth/factor/PhabricatorTOTPAuthFactor.php | 65 ++++++++++--------- 2 files changed, 37 insertions(+), 30 deletions(-) diff --git a/src/applications/auth/action/PhabricatorAuthTryFactorAction.php b/src/applications/auth/action/PhabricatorAuthTryFactorAction.php index 246298567b..40e7c858d1 100644 --- a/src/applications/auth/action/PhabricatorAuthTryFactorAction.php +++ b/src/applications/auth/action/PhabricatorAuthTryFactorAction.php @@ -9,7 +9,7 @@ final class PhabricatorAuthTryFactorAction extends PhabricatorSystemAction { } public function getScoreThreshold() { - return 10 / phutil_units('1 hour in seconds'); + return 100 / phutil_units('1 hour in seconds'); } public function getLimitExplanation() { diff --git a/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php b/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php index 373745e244..471fe89ed7 100644 --- a/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php +++ b/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php @@ -155,25 +155,43 @@ final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor { PhabricatorUser $viewer, array $challenges) { - $now = $this->getCurrentTimestep(); + $current_step = $this->getCurrentTimestep(); // If we already issued a valid challenge, don't issue a new one. if ($challenges) { return array(); } - // Otherwise, generate a new challenge for the current timestep. It TTLs - // after it would fall off the bottom of the window. - $timesteps = $this->getAllowedTimesteps(); - $min_step = min($timesteps); + // Otherwise, generate a new challenge for the current timestep and compute + // the TTL. + // When computing the TTL, note that we accept codes within a certain + // window of the challenge timestep to account for clock skew and users + // needing time to enter codes. + + // We don't want this challenge to expire until after all valid responses + // to it are no longer valid responses to any other challenge we might + // issue in the future. If the challenge expires too quickly, we may issue + // a new challenge which can accept the same TOTP code response. + + // This means that we need to keep this challenge alive for double the + // window size: if we're currently at timestep 3, the user might respond + // with the code for timestep 5. This is valid, since timestep 5 is within + // the window for timestep 3. + + // But the code for timestep 5 can be used to respond at timesteps 3, 4, 5, + // 6, and 7. To prevent any valid response to this challenge from being + // used again, we need to keep this challenge active until timestep 8. + + $window_size = $this->getTimestepWindowSize(); $step_duration = $this->getTimestepDuration(); - $ttl_steps = ($now - $min_step) + 1; + + $ttl_steps = ($window_size * 2) + 1; $ttl_seconds = ($ttl_steps * $step_duration); return array( $this->newChallenge($config, $viewer) - ->setChallengeKey($now) + ->setChallengeKey($current_step) ->setChallengeTTL(PhabricatorTime::getNow() + $ttl_seconds), ); } @@ -216,31 +234,15 @@ final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor { // nearby timestep, require that it was issued to the current session. // This is defusing attacks where you (broadly) look at someone's phone // and type the code in more quickly than they do. - - $step_duration = $this->getTimestepDuration(); - $now = $this->getCurrentTimestep(); - $timesteps = $this->getAllowedTimesteps(); - $timesteps = array_fuse($timesteps); - $min_step = min($timesteps); - $session_phid = $viewer->getSession()->getPHID(); + $now = PhabricatorTime::getNow(); $engine = $config->getSessionEngine(); $workflow_key = $engine->getWorkflowKey(); foreach ($challenges as $challenge) { $challenge_timestep = (int)$challenge->getChallengeKey(); - - // This challenge isn't for one of the timesteps you'd be able to respond - // to if you submitted the form right now, so we're good to keep going. - if (!isset($timesteps[$challenge_timestep])) { - continue; - } - - // This is the number of timesteps you need to wait for the problem - // timestep to leave the window, rounded up. - $wait_steps = ($challenge_timestep - $min_step) + 1; - $wait_duration = ($wait_steps * $step_duration); + $wait_duration = ($challenge->getChallengeTTL() - $now) + 1; if ($challenge->getSessionPHID() !== $session_phid) { return $this->newResult() @@ -248,7 +250,7 @@ final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor { ->setErrorMessage( pht( 'This factor recently issued a challenge to a different login '. - 'session. Wait %s seconds for the code to cycle, then try '. + 'session. Wait %s second(s) for the code to cycle, then try '. 'again.', new PhutilNumber($wait_duration))); } @@ -259,7 +261,7 @@ final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor { ->setErrorMessage( pht( 'This factor recently issued a challenge for a different '. - 'workflow. Wait %s seconds for the code to cycle, then try '. + 'workflow. Wait %s second(s) for the code to cycle, then try '. 'again.', new PhutilNumber($wait_duration))); } @@ -423,8 +425,13 @@ final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor { } private function getAllowedTimesteps() { - $now = $this->getCurrentTimestep(); - return range($now - 2, $now + 2); + $current_step = $this->getCurrentTimestep(); + $window = $this->getTimestepWindowSize(); + return range($current_step - $window, $current_step + $window); + } + + private function getTimestepWindowSize() { + return 2; } From 657f3c380608abc0fc59088d979457f1d8826f06 Mon Sep 17 00:00:00 2001 From: epriestley Date: Mon, 17 Dec 2018 08:40:43 -0800 Subject: [PATCH 15/44] When accepting a TOTP response, require it respond explicitly to a specific challenge Summary: Depends on D19890. Ref T13222. See PHI873. Currently, we only validate TOTP responses against the current (realtime) timestep. Instead, also validate them against a specific challenge. This mostly just moves us toward more specifically preventing responses from being reused, and supporting flows which must look more like this (SMS/push). One rough edge here is that during the T+3 and T+4 windows (you request a prompt, then wait 60-120 seconds to respond) only past responses actually work (the current code on your device won't). For example: - At T+0, you request MFA. We issue a T+0 challenge that accepts codes T-2, T-1, T+0, T+1, and T+2. The challenge locks out T+3 and T+4 to prevent the window from overlapping with the next challenge we may issue (see D19890). - If you wait 60 seconds until T+3 to actually submit a code, the realtime valid responses are T+1, T+2, T+3, T+4, T+5. The challenge valid responses are T-2, T-1, T+0, T+1, and T+2. Only T+1 and T+2 are in the intersection. Your device is showing T+3 if the clock is right, so if you type in what's shown on your device it won't be accepted. - This //may// get refined in future changes, but, in the worst case, it's probably fine if it doesn't. Beyond 120s you'll get a new challenge and a full [-2, ..., +2] window to respond, so this lockout is temporary even if you manage to hit it. - If this //doesn't// get refined, I'll change the UI to say "This factor recently issued a challenge which has expired, wait N seconds." to smooth this over a bit. Test Plan: - Went through MFA. - Added a new TOTP factor. - Hit some error cases on purpose. - Tried to use an old code a moment after it expired, got rejected. - Waited 60+ seconds, tried to use the current displayed factor, got rejected (this isn't great, but currently expected). Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13222 Differential Revision: https://secure.phabricator.com/D19893 --- .../auth/factor/PhabricatorTOTPAuthFactor.php | 100 ++++++++++++------ 1 file changed, 69 insertions(+), 31 deletions(-) diff --git a/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php b/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php index 471fe89ed7..e2f0dc74b3 100644 --- a/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php +++ b/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php @@ -77,10 +77,10 @@ final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor { $e_code = true; if ($request->getExists('totp')) { - $okay = $this->verifyTOTPCode( - $user, + $okay = (bool)$this->getTimestepAtWhichResponseIsValid( + $this->getAllowedTimesteps($this->getCurrentTimestep()), new PhutilOpaqueEnvelope($key), - $code); + (string)$code); if ($okay) { $config = $this->newConfigForUser($user) @@ -240,6 +240,8 @@ final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor { $engine = $config->getSessionEngine(); $workflow_key = $engine->getWorkflowKey(); + $current_timestep = $this->getCurrentTimestep(); + foreach ($challenges as $challenge) { $challenge_timestep = (int)$challenge->getChallengeKey(); $wait_duration = ($challenge->getChallengeTTL() - $now) + 1; @@ -265,6 +267,22 @@ final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor { 'again.', new PhutilNumber($wait_duration))); } + + // If the current realtime timestep isn't a valid response to the current + // challenge but the challenge hasn't expired yet, we're locking out + // the factor to prevent challenge windows from overlapping. Let the user + // know that they should wait for a new challenge. + $challenge_timesteps = $this->getAllowedTimesteps($challenge_timestep); + if (!isset($challenge_timesteps[$current_timestep])) { + return $this->newResult() + ->setIsWait(true) + ->setErrorMessage( + pht( + 'This factor recently issued a challenge which has expired. '. + 'A new challenge can not be issued yet. Wait %s second(s) for '. + 'the code to cycle, then try again.', + new PhutilNumber($wait_duration))); + } } return null; @@ -277,12 +295,36 @@ final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor { array $challenges) { $code = $request->getStr($this->getParameterName($config, 'totpcode')); - $key = new PhutilOpaqueEnvelope($config->getFactorSecret()); $result = $this->newResult() ->setValue($code); - if ($this->verifyTOTPCode($viewer, $key, (string)$code)) { + // We expect to reach TOTP validation with exactly one valid challenge. + if (count($challenges) !== 1) { + throw new Exception( + pht( + 'Reached TOTP challenge validation with an unexpected number of '. + 'unexpired challenges (%d), expected exactly one.', + phutil_count($challenges))); + } + + $challenge = head($challenges); + + $challenge_timestep = (int)$challenge->getChallengeKey(); + $current_timestep = $this->getCurrentTimestep(); + + $challenge_timesteps = $this->getAllowedTimesteps($challenge_timestep); + $current_timesteps = $this->getAllowedTimesteps($current_timestep); + + // We require responses be both valid for the challenge and valid for the + // current timestep. A longer challenge TTL doesn't let you use older + // codes for a longer period of time. + $valid_timestep = $this->getTimestepAtWhichResponseIsValid( + array_intersect_key($challenge_timesteps, $current_timesteps), + new PhutilOpaqueEnvelope($config->getFactorSecret()), + (string)$code); + + if ($valid_timestep) { $result->setIsValid(true); } else { if (strlen($code)) { @@ -300,29 +342,6 @@ final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor { return strtoupper(Filesystem::readRandomCharacters(32)); } - private function verifyTOTPCode( - PhabricatorUser $user, - PhutilOpaqueEnvelope $key, - $code) { - - $now = (int)(time() / 30); - - // Allow the user to enter a code a few minutes away on either side, in - // case the server or client has some clock skew. - for ($offset = -2; $offset <= 2; $offset++) { - $real = self::getTOTPCode($key, $now + $offset); - if (phutil_hashes_are_identical($real, $code)) { - return true; - } - } - - // TODO: After validating a code, this should mark it as used and prevent - // it from being reused. - - return false; - } - - public static function base32Decode($buf) { $buf = strtoupper($buf); @@ -424,15 +443,34 @@ final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor { return (int)(PhabricatorTime::getNow() / $duration); } - private function getAllowedTimesteps() { - $current_step = $this->getCurrentTimestep(); + private function getAllowedTimesteps($at_timestep) { $window = $this->getTimestepWindowSize(); - return range($current_step - $window, $current_step + $window); + $range = range($at_timestep - $window, $at_timestep + $window); + return array_fuse($range); } private function getTimestepWindowSize() { + // The user is allowed to provide a code from the recent past or the + // near future to account for minor clock skew between the client + // and server, and the time it takes to actually enter a code. return 2; } + private function getTimestepAtWhichResponseIsValid( + array $timesteps, + PhutilOpaqueEnvelope $key, + $code) { + + foreach ($timesteps as $timestep) { + $expect_code = self::getTOTPCode($key, $timestep); + if (phutil_hashes_are_identical($code, $expect_code)) { + return $timestep; + } + } + + return null; + } + + } From ce953ea4479052c7e671c8c75af6833252ebefd4 Mon Sep 17 00:00:00 2001 From: epriestley Date: Mon, 17 Dec 2018 08:40:57 -0800 Subject: [PATCH 16/44] Explicitly mark MFA challenges as "answered" and "completed" Summary: Depends on D19893. Ref T13222. See PHI873. A challenge is "answered" if you provide a valid response. A challenge is "completed" if we let you through the MFA check and do whatever actual action the check is protecting. If you only have one MFA factor, challenges will be "completed" immediately after they are "answered". However, if you have two or more factors, it's possible to "answer" one or more prompts, but fewer than all of the prompts, and end up with "answered" challenges that are not "completed". In the future, it may also be possible to answer all the challenges but then have an error occur before they are marked "completed" (for example, a unique key collision in the transaction code). For now, nothing interesting happens between "answered" and "completed". This would take the form of the caller explicitly providing flags like "wait to mark the challenges as completed until I do something" and "okay, mark the challenges as completed now". This change prevents all token reuse, even on the same workflow. Future changes will let the answered challenges "stick" to the client form so you don't have to re-answer challenges for a short period of time if you hit a unique key collision. Test Plan: - Used a token to get through an MFA gate. - Tried to go through another gate, was told to wait for a long time for the next challenge window. Reviewers: amckinley Reviewed By: amckinley Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam Maniphest Tasks: T13222 Differential Revision: https://secure.phabricator.com/D19894 --- .../autopatches/20181217.auth.01.digest.sql | 2 + .../sql/autopatches/20181217.auth.02.ttl.sql | 2 + .../20181217.auth.03.completed.sql | 2 + .../engine/PhabricatorAuthSessionEngine.php | 12 ++ .../auth/factor/PhabricatorAuthFactor.php | 2 +- .../factor/PhabricatorAuthFactorResult.php | 25 +++- .../auth/factor/PhabricatorTOTPAuthFactor.php | 22 +++- .../auth/storage/PhabricatorAuthChallenge.php | 113 ++++++++++++++++++ 8 files changed, 174 insertions(+), 6 deletions(-) create mode 100644 resources/sql/autopatches/20181217.auth.01.digest.sql create mode 100644 resources/sql/autopatches/20181217.auth.02.ttl.sql create mode 100644 resources/sql/autopatches/20181217.auth.03.completed.sql diff --git a/resources/sql/autopatches/20181217.auth.01.digest.sql b/resources/sql/autopatches/20181217.auth.01.digest.sql new file mode 100644 index 0000000000..8e30143e8f --- /dev/null +++ b/resources/sql/autopatches/20181217.auth.01.digest.sql @@ -0,0 +1,2 @@ +ALTER TABLE {$NAMESPACE}_auth.auth_challenge + ADD responseDigest VARCHAR(255) COLLATE {$COLLATE_TEXT}; diff --git a/resources/sql/autopatches/20181217.auth.02.ttl.sql b/resources/sql/autopatches/20181217.auth.02.ttl.sql new file mode 100644 index 0000000000..c8e883dbea --- /dev/null +++ b/resources/sql/autopatches/20181217.auth.02.ttl.sql @@ -0,0 +1,2 @@ +ALTER TABLE {$NAMESPACE}_auth.auth_challenge + ADD responseTTL INT UNSIGNED; diff --git a/resources/sql/autopatches/20181217.auth.03.completed.sql b/resources/sql/autopatches/20181217.auth.03.completed.sql new file mode 100644 index 0000000000..22ca6e21ff --- /dev/null +++ b/resources/sql/autopatches/20181217.auth.03.completed.sql @@ -0,0 +1,2 @@ +ALTER TABLE {$NAMESPACE}_auth.auth_challenge + ADD isCompleted BOOL NOT NULL; diff --git a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php index f3814b949d..74183f4ffa 100644 --- a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php +++ b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php @@ -576,6 +576,8 @@ final class PhabricatorAuthSessionEngine extends Phobject { continue; } + $issued_challenges = idx($challenge_map, $factor_phid, array()); + $impl = $factor->requireImplementation(); $validation_result = $impl->getResultFromChallengeResponse( @@ -592,6 +594,16 @@ final class PhabricatorAuthSessionEngine extends Phobject { } if ($ok) { + // We're letting you through, so mark all the challenges you + // responded to as completed. These challenges can never be used + // again, even by the same session and workflow: you can't use the + // same response to take two different actions, even if those actions + // are of the same type. + foreach ($validation_results as $validation_result) { + $challenge = $validation_result->getAnsweredChallenge() + ->markChallengeAsCompleted(); + } + // Give the user a credit back for a successful factor verification. PhabricatorSystemActionEngine::willTakeAction( array($viewer->getPHID()), diff --git a/src/applications/auth/factor/PhabricatorAuthFactor.php b/src/applications/auth/factor/PhabricatorAuthFactor.php index be99df9c79..8cd61f089d 100644 --- a/src/applications/auth/factor/PhabricatorAuthFactor.php +++ b/src/applications/auth/factor/PhabricatorAuthFactor.php @@ -45,7 +45,7 @@ abstract class PhabricatorAuthFactor extends Phobject { $engine = $config->getSessionEngine(); - return id(new PhabricatorAuthChallenge()) + return PhabricatorAuthChallenge::initializeNewChallenge() ->setUserPHID($viewer->getPHID()) ->setSessionPHID($viewer->getSession()->getPHID()) ->setFactorPHID($config->getPHID()) diff --git a/src/applications/auth/factor/PhabricatorAuthFactorResult.php b/src/applications/auth/factor/PhabricatorAuthFactorResult.php index d75480747d..faa25b4f42 100644 --- a/src/applications/auth/factor/PhabricatorAuthFactorResult.php +++ b/src/applications/auth/factor/PhabricatorAuthFactorResult.php @@ -3,19 +3,36 @@ final class PhabricatorAuthFactorResult extends Phobject { - private $isValid = false; + private $answeredChallenge; private $isWait = false; private $errorMessage; private $value; private $issuedChallenges = array(); - public function setIsValid($is_valid) { - $this->isValid = $is_valid; + public function setAnsweredChallenge(PhabricatorAuthChallenge $challenge) { + if (!$challenge->getIsAnsweredChallenge()) { + throw new PhutilInvalidStateException('markChallengeAsAnswered'); + } + + if ($challenge->getIsCompleted()) { + throw new Exception( + pht( + 'A completed challenge was provided as an answered challenge. '. + 'The underlying factor is implemented improperly, challenges '. + 'may not be reused.')); + } + + $this->answeredChallenge = $challenge; + return $this; } + public function getAnsweredChallenge() { + return $this->answeredChallenge; + } + public function getIsValid() { - return $this->isValid; + return (bool)$this->getAnsweredChallenge(); } public function setIsWait($is_wait) { diff --git a/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php b/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php index e2f0dc74b3..0984347197 100644 --- a/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php +++ b/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php @@ -283,6 +283,17 @@ final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor { 'the code to cycle, then try again.', new PhutilNumber($wait_duration))); } + + if ($challenge->getIsReusedChallenge()) { + return $this->newResult() + ->setIsWait(true) + ->setErrorMessage( + pht( + 'You recently provided a response to this factor. Responses '. + 'may not be reused. Wait %s second(s) for the code to cycle, '. + 'then try again.', + new PhutilNumber($wait_duration))); + } } return null; @@ -325,7 +336,16 @@ final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor { (string)$code); if ($valid_timestep) { - $result->setIsValid(true); + $now = PhabricatorTime::getNow(); + $step_duration = $this->getTimestepDuration(); + $step_window = $this->getTimestepWindowSize(); + $ttl = $now + ($step_duration * $step_window); + + $challenge + ->setProperty('totp.timestep', $valid_timestep) + ->markChallengeAsAnswered($ttl); + + $result->setAnsweredChallenge($challenge); } else { if (strlen($code)) { $error_message = pht('Invalid'); diff --git a/src/applications/auth/storage/PhabricatorAuthChallenge.php b/src/applications/auth/storage/PhabricatorAuthChallenge.php index 63d2092e49..89ffd67ef7 100644 --- a/src/applications/auth/storage/PhabricatorAuthChallenge.php +++ b/src/applications/auth/storage/PhabricatorAuthChallenge.php @@ -10,8 +10,20 @@ final class PhabricatorAuthChallenge protected $workflowKey; protected $challengeKey; protected $challengeTTL; + protected $responseDigest; + protected $responseTTL; + protected $isCompleted; protected $properties = array(); + private $responseToken; + + const TOKEN_DIGEST_KEY = 'auth.challenge.token'; + + public static function initializeNewChallenge() { + return id(new self()) + ->setIsCompleted(0); + } + protected function getConfiguration() { return array( self::CONFIG_SERIALIZATION => array( @@ -22,6 +34,9 @@ final class PhabricatorAuthChallenge 'challengeKey' => 'text255', 'challengeTTL' => 'epoch', 'workflowKey' => 'text255', + 'responseDigest' => 'text255?', + 'responseTTL' => 'epoch?', + 'isCompleted' => 'bool', ), self::CONFIG_KEY_SCHEMA => array( 'key_issued' => array( @@ -38,6 +53,104 @@ final class PhabricatorAuthChallenge return PhabricatorAuthChallengePHIDType::TYPECONST; } + public function getIsReusedChallenge() { + if ($this->getIsCompleted()) { + return true; + } + + // TODO: A challenge is "reused" if it has been answered previously and + // the request doesn't include proof that the client provided the answer. + // Since we aren't tracking client responses yet, any answered challenge + // is always a reused challenge for now. + + return $this->getIsAnsweredChallenge(); + } + + public function getIsAnsweredChallenge() { + return (bool)$this->getResponseDigest(); + } + + public function markChallengeAsAnswered($ttl) { + $token = Filesystem::readRandomCharacters(32); + $token = new PhutilOpaqueEnvelope($token); + + return $this + ->setResponseToken($token, $ttl) + ->save(); + } + + public function markChallengeAsCompleted() { + return $this + ->setIsCompleted(true) + ->save(); + } + + public function setResponseToken(PhutilOpaqueEnvelope $token, $ttl) { + if (!$this->getUserPHID()) { + throw new PhutilInvalidStateException('setUserPHID'); + } + + if ($this->responseToken) { + throw new Exception( + pht( + 'This challenge already has a response token; you can not '. + 'set a new response token.')); + } + + $now = PhabricatorTime::getNow(); + if ($ttl < $now) { + throw new Exception( + pht( + 'Response TTL is invalid: TTLs must be an epoch timestamp '. + 'coresponding to a future time (did you use a relative TTL by '. + 'mistake?).')); + } + + if (preg_match('/ /', $token->openEnvelope())) { + throw new Exception( + pht( + 'The response token for this challenge is invalid: response '. + 'tokens may not include spaces.')); + } + + $digest = PhabricatorHash::digestWithNamedKey( + $token->openEnvelope(), + self::TOKEN_DIGEST_KEY); + + if ($this->responseDigest !== null) { + if (!phutil_hashes_are_identical($digest, $this->responseDigest)) { + throw new Exception( + pht( + 'Invalid response token for this challenge: token digest does '. + 'not match stored digest.')); + } + } else { + $this->responseDigest = $digest; + } + + $this->responseToken = $token; + $this->responseTTL = $ttl; + + return $this; + } + + public function setResponseDigest($value) { + throw new Exception( + pht( + 'You can not set the response digest for a challenge directly. '. + 'Instead, set a response token. A response digest will be computed '. + 'automatically.')); + } + + public function setProperty($key, $value) { + $this->properties[$key] = $value; + return $this; + } + + public function getProperty($key, $default = null) { + return $this->properties[$key]; + } + /* -( PhabricatorPolicyInterface )----------------------------------------- */ From b63783c06718b4d757d4eacb1ed5f412415693a7 Mon Sep 17 00:00:00 2001 From: epriestley Date: Mon, 17 Dec 2018 10:57:23 -0800 Subject: [PATCH 17/44] Carry MFA responses which have been "answered" but not "completed" through the MFA workflow Summary: Depends on D19894. Ref T13222. See PHI873. When you provide a correct response to an MFA challenge, we mark it as "answered". Currently, we never let you reuse an "answered" token. That's usually fine, but if you have 2+ factors on your account and get one or more (but fewer than all of them) right when you submit the form, you need to answer them all again, possibly after waiting for a lockout period. This is needless. When you answer a challenge correctly, add a hidden input with a code proving you got it right so you don't need to provide another answer for a little while. Why not just put your response in a form input, e.g. ``? - We may allow the "answered" response to be valid for a different amount of time than the actual answer. For TOTP, we currently allow a response to remain valid for 60 seconds, but the actual code you entered might expire sooner. - In some cases, there's no response we can provide (with push + approve MFA, you don't enter a code, you just tap "yes, allow this" on your phone). Conceivably, we may not be able to re-verify a push+approve code if the remote implements one-shot answers. - The "responseToken" stuff may end up embedded in normal forms in some cases in the future, and this approach just generally reduces the amount of plaintext MFA we have floating around. Test Plan: - Added 2 MFA tokens to my account. - Hit the MFA prompt. - Provided one good response and one bad response. - Submitted the form. - Old behavior: good response gets locked out for ~120 seconds. - New behavior: good response is marked "answered", fixing the other response lets me submit the form. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13222 Differential Revision: https://secure.phabricator.com/D19895 --- .../engine/PhabricatorAuthSessionEngine.php | 19 +++ .../auth/factor/PhabricatorAuthFactor.php | 34 +++++ .../auth/factor/PhabricatorTOTPAuthFactor.php | 18 +-- .../auth/storage/PhabricatorAuthChallenge.php | 118 +++++++++++++++--- 4 files changed, 164 insertions(+), 25 deletions(-) diff --git a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php index 74183f4ffa..c129d898f2 100644 --- a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php +++ b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php @@ -517,6 +517,11 @@ final class PhabricatorAuthSessionEngine extends Phobject { ->withUserPHIDs(array($viewer->getPHID())) ->withChallengeTTLBetween($now, null) ->execute(); + + PhabricatorAuthChallenge::newChallengeResponsesFromRequest( + $challenges, + $request); + $challenge_map = mgroup($challenges, 'getFactorPHID'); $validation_results = array(); @@ -710,6 +715,7 @@ final class PhabricatorAuthSessionEngine extends Phobject { ->setUser($viewer) ->appendRemarkupInstructions(''); + $answered = array(); foreach ($factors as $factor) { $result = $validation_results[$factor->getPHID()]; @@ -718,10 +724,23 @@ final class PhabricatorAuthSessionEngine extends Phobject { $form, $viewer, $result); + + $answered_challenge = $result->getAnsweredChallenge(); + if ($answered_challenge) { + $answered[] = $answered_challenge; + } } $form->appendRemarkupInstructions(''); + if ($answered) { + $http_params = PhabricatorAuthChallenge::newHTTPParametersFromChallenges( + $answered); + foreach ($http_params as $key => $value) { + $form->addHiddenInput($key, $value); + } + } + return $form; } diff --git a/src/applications/auth/factor/PhabricatorAuthFactor.php b/src/applications/auth/factor/PhabricatorAuthFactor.php index 8cd61f089d..a9483a9809 100644 --- a/src/applications/auth/factor/PhabricatorAuthFactor.php +++ b/src/applications/auth/factor/PhabricatorAuthFactor.php @@ -165,4 +165,38 @@ abstract class PhabricatorAuthFactor extends Phobject { AphrontRequest $request, array $challenges); + final protected function newAutomaticControl( + PhabricatorAuthFactorResult $result) { + + $is_answered = (bool)$result->getAnsweredChallenge(); + if ($is_answered) { + return $this->newAnsweredControl($result); + } + + $is_wait = $result->getIsWait(); + if ($is_wait) { + return $this->newWaitControl($result); + } + + return null; + } + + private function newWaitControl( + PhabricatorAuthFactorResult $result) { + + $error = $result->getErrorMessage(); + + return id(new AphrontFormMarkupControl()) + ->setValue($error) + ->setError(pht('Wait')); + } + + private function newAnsweredControl( + PhabricatorAuthFactorResult $result) { + + return id(new AphrontFormMarkupControl()) + ->setValue(pht('Answered!')); + } + + } diff --git a/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php b/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php index 0984347197..2a8999f2e4 100644 --- a/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php +++ b/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php @@ -202,15 +202,11 @@ final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor { PhabricatorUser $viewer, PhabricatorAuthFactorResult $result) { - $value = $result->getValue(); - $error = $result->getErrorMessage(); - $is_wait = $result->getIsWait(); + $control = $this->newAutomaticControl($result); + if (!$control) { + $value = $result->getValue(); + $error = $result->getErrorMessage(); - if ($is_wait) { - $control = id(new AphrontFormMarkupControl()) - ->setValue($error) - ->setError(pht('Wait')); - } else { $control = id(new PHUIFormNumberControl()) ->setName($this->getParameterName($config, 'totpcode')) ->setDisableAutocomplete(true) @@ -321,6 +317,12 @@ final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor { $challenge = head($challenges); + // If the client has already provided a valid answer to this challenge and + // submitted a token proving they answered it, we're all set. + if ($challenge->getIsAnsweredChallenge()) { + return $result->setAnsweredChallenge($challenge); + } + $challenge_timestep = (int)$challenge->getChallengeKey(); $current_timestep = $this->getCurrentTimestep(); diff --git a/src/applications/auth/storage/PhabricatorAuthChallenge.php b/src/applications/auth/storage/PhabricatorAuthChallenge.php index 89ffd67ef7..9e49ee154a 100644 --- a/src/applications/auth/storage/PhabricatorAuthChallenge.php +++ b/src/applications/auth/storage/PhabricatorAuthChallenge.php @@ -17,6 +17,7 @@ final class PhabricatorAuthChallenge private $responseToken; + const HTTPKEY = '__hisec.challenges__'; const TOKEN_DIGEST_KEY = 'auth.challenge.token'; public static function initializeNewChallenge() { @@ -24,6 +25,89 @@ final class PhabricatorAuthChallenge ->setIsCompleted(0); } + public static function newHTTPParametersFromChallenges(array $challenges) { + assert_instances_of($challenges, __CLASS__); + + $token_list = array(); + foreach ($challenges as $challenge) { + $token = $challenge->getResponseToken(); + if ($token) { + $token_list[] = sprintf( + '%s:%s', + $challenge->getPHID(), + $token->openEnvelope()); + } + } + + if (!$token_list) { + return array(); + } + + $token_list = implode(' ', $token_list); + + return array( + self::HTTPKEY => $token_list, + ); + } + + public static function newChallengeResponsesFromRequest( + array $challenges, + AphrontRequest $request) { + assert_instances_of($challenges, __CLASS__); + + $token_list = $request->getStr(self::HTTPKEY); + $token_list = explode(' ', $token_list); + + $token_map = array(); + foreach ($token_list as $token_element) { + $token_element = trim($token_element, ' '); + + if (!strlen($token_element)) { + continue; + } + + // NOTE: This error message is intentionally not printing the token to + // avoid disclosing it. As a result, it isn't terribly useful, but no + // normal user should ever end up here. + if (!preg_match('/^[^:]+:/', $token_element)) { + throw new Exception( + pht( + 'This request included an improperly formatted MFA challenge '. + 'token and can not be processed.')); + } + + list($phid, $token) = explode(':', $token_element, 2); + + if (isset($token_map[$phid])) { + throw new Exception( + pht( + 'This request improperly specifies an MFA challenge token ("%s") '. + 'multiple times and can not be processed.', + $phid)); + } + + $token_map[$phid] = new PhutilOpaqueEnvelope($token); + } + + $challenges = mpull($challenges, null, 'getPHID'); + + $now = PhabricatorTime::getNow(); + foreach ($challenges as $challenge_phid => $challenge) { + // If the response window has expired, don't attach the token. + if ($challenge->getResponseTTL() < $now) { + continue; + } + + $token = idx($token_map, $challenge_phid); + if (!$token) { + continue; + } + + $challenge->setResponseToken($token); + } + } + + protected function getConfiguration() { return array( self::CONFIG_SERIALIZATION => array( @@ -58,12 +142,17 @@ final class PhabricatorAuthChallenge return true; } - // TODO: A challenge is "reused" if it has been answered previously and - // the request doesn't include proof that the client provided the answer. - // Since we aren't tracking client responses yet, any answered challenge - // is always a reused challenge for now. + if (!$this->getIsAnsweredChallenge()) { + return false; + } - return $this->getIsAnsweredChallenge(); + // If the challenge has been answered but the client has provided a token + // proving that they answered it, this is still a valid response. + if ($this->getResponseToken()) { + return false; + } + + return true; } public function getIsAnsweredChallenge() { @@ -75,7 +164,8 @@ final class PhabricatorAuthChallenge $token = new PhutilOpaqueEnvelope($token); return $this - ->setResponseToken($token, $ttl) + ->setResponseToken($token) + ->setResponseTTL($ttl) ->save(); } @@ -85,7 +175,7 @@ final class PhabricatorAuthChallenge ->save(); } - public function setResponseToken(PhutilOpaqueEnvelope $token, $ttl) { + public function setResponseToken(PhutilOpaqueEnvelope $token) { if (!$this->getUserPHID()) { throw new PhutilInvalidStateException('setUserPHID'); } @@ -97,15 +187,6 @@ final class PhabricatorAuthChallenge 'set a new response token.')); } - $now = PhabricatorTime::getNow(); - if ($ttl < $now) { - throw new Exception( - pht( - 'Response TTL is invalid: TTLs must be an epoch timestamp '. - 'coresponding to a future time (did you use a relative TTL by '. - 'mistake?).')); - } - if (preg_match('/ /', $token->openEnvelope())) { throw new Exception( pht( @@ -129,11 +210,14 @@ final class PhabricatorAuthChallenge } $this->responseToken = $token; - $this->responseTTL = $ttl; return $this; } + public function getResponseToken() { + return $this->responseToken; + } + public function setResponseDigest($value) { throw new Exception( pht( From 961fd7e8491e7df29dabddd2c7cdeabbc11fae1b Mon Sep 17 00:00:00 2001 From: epriestley Date: Mon, 17 Dec 2018 11:17:03 -0800 Subject: [PATCH 18/44] In Legalpad, prompt for MFA at the end of the workflow instead of the beginning Summary: Depends on D19895. Ref T13222. This is a simple behavioral improvement for the current MFA implementation in Legalpad: don't MFA the user and //then// realize that they forgot to actually check the box. Test Plan: - Submitted form without the box checked, got an error saying "check the box" instead of MFA. - Submitted the form with the box checked, got an MFA prompt. - Passed the MFA gate, got a signed form. - Tried to sign another form, hit MFA timed lockout. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13222 Differential Revision: https://secure.phabricator.com/D19896 --- .../LegalpadDocumentSignController.php | 29 +++++++++---------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/src/applications/legalpad/controller/LegalpadDocumentSignController.php b/src/applications/legalpad/controller/LegalpadDocumentSignController.php index 27769432c2..ab98c0bb78 100644 --- a/src/applications/legalpad/controller/LegalpadDocumentSignController.php +++ b/src/applications/legalpad/controller/LegalpadDocumentSignController.php @@ -151,21 +151,6 @@ final class LegalpadDocumentSignController extends LegalpadController { $errors = array(); $hisec_token = null; if ($request->isFormOrHisecPost() && !$has_signed) { - - // Require two-factor auth to sign legal documents. - if ($viewer->isLoggedIn()) { - $workflow_key = sprintf( - 'legalpad.sign(%s)', - $document->getPHID()); - - $hisec_token = id(new PhabricatorAuthSessionEngine()) - ->setWorkflowKey($workflow_key) - ->requireHighSecurityToken( - $viewer, - $request, - $document->getURI()); - } - list($form_data, $errors, $field_errors) = $this->readSignatureForm( $document, $request); @@ -192,6 +177,20 @@ final class LegalpadDocumentSignController extends LegalpadController { $signature->setVerified($verified); if (!$errors) { + // Require MFA to sign legal documents. + if ($viewer->isLoggedIn()) { + $workflow_key = sprintf( + 'legalpad.sign(%s)', + $document->getPHID()); + + $hisec_token = id(new PhabricatorAuthSessionEngine()) + ->setWorkflowKey($workflow_key) + ->requireHighSecurityToken( + $viewer, + $request, + $document->getURI()); + } + $signature->save(); // If the viewer is logged in, signing for themselves, send them to From 21f07bf6f73b46d7370175c3534b07c97a032478 Mon Sep 17 00:00:00 2001 From: epriestley Date: Wed, 19 Dec 2018 10:57:26 -0800 Subject: [PATCH 19/44] Make Images in Pholio refer to mocks by PHID instead of ID Summary: Ref T11351. In Pholio, we currently use a `mockID`, but a `mockPHID` is generally preferable / more modern / more flexible. In particular, we need PHIDs to load handles and prefer PHIDs when exposing information to the API, and using PHIDs internally makes a bunch of things easier/better/faster and ~nothing harder/worse/slower. I'll add some inlines about a few things. Test Plan: Ran migrations, spot-checked database for sanity. Loaded Pholio, saw data unchanged. Created and edited images. Reviewers: amckinley Reviewed By: amckinley Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam Maniphest Tasks: T11351 Differential Revision: https://secure.phabricator.com/D19914 --- .../20181219.pholio.01.imagephid.sql | 2 + .../20181219.pholio.02.imagemigrate.php | 35 +++++++++++++++++ .../20181219.pholio.03.imageid.sql | 2 + .../pholio/editor/PholioMockEditor.php | 2 +- ...PhabricatorPholioMockTestDataGenerator.php | 2 +- .../pholio/phid/PholioImagePHIDType.php | 10 ++--- .../pholio/query/PholioImageQuery.php | 35 ++++++----------- .../pholio/query/PholioMockQuery.php | 8 ++-- .../pholio/storage/PholioImage.php | 39 +++++++++++++------ .../pholio/storage/PholioMock.php | 2 +- 10 files changed, 88 insertions(+), 49 deletions(-) create mode 100644 resources/sql/autopatches/20181219.pholio.01.imagephid.sql create mode 100644 resources/sql/autopatches/20181219.pholio.02.imagemigrate.php create mode 100644 resources/sql/autopatches/20181219.pholio.03.imageid.sql diff --git a/resources/sql/autopatches/20181219.pholio.01.imagephid.sql b/resources/sql/autopatches/20181219.pholio.01.imagephid.sql new file mode 100644 index 0000000000..870cddd950 --- /dev/null +++ b/resources/sql/autopatches/20181219.pholio.01.imagephid.sql @@ -0,0 +1,2 @@ +ALTER TABLE {$NAMESPACE}_pholio.pholio_image + ADD mockPHID VARBINARY(64); diff --git a/resources/sql/autopatches/20181219.pholio.02.imagemigrate.php b/resources/sql/autopatches/20181219.pholio.02.imagemigrate.php new file mode 100644 index 0000000000..f1fc1b3c37 --- /dev/null +++ b/resources/sql/autopatches/20181219.pholio.02.imagemigrate.php @@ -0,0 +1,35 @@ +establishConnection('w'); +$iterator = new LiskRawMigrationIterator($conn, $image->getTableName()); + +foreach ($iterator as $image_row) { + if ($image_row['mockPHID']) { + continue; + } + + $mock_id = $image_row['mockID']; + + $mock_row = queryfx_one( + $conn, + 'SELECT phid FROM %R WHERE id = %d', + $mock, + $mock_id); + + if (!$mock_row) { + continue; + } + + queryfx( + $conn, + 'UPDATE %R SET mockPHID = %s WHERE id = %d', + $image, + $mock_row['phid'], + $image_row['id']); +} diff --git a/resources/sql/autopatches/20181219.pholio.03.imageid.sql b/resources/sql/autopatches/20181219.pholio.03.imageid.sql new file mode 100644 index 0000000000..3a3cb029ac --- /dev/null +++ b/resources/sql/autopatches/20181219.pholio.03.imageid.sql @@ -0,0 +1,2 @@ +ALTER TABLE {$NAMESPACE}_pholio.pholio_image + DROP mockID; diff --git a/src/applications/pholio/editor/PholioMockEditor.php b/src/applications/pholio/editor/PholioMockEditor.php index d1f7daf3a5..a653272fba 100644 --- a/src/applications/pholio/editor/PholioMockEditor.php +++ b/src/applications/pholio/editor/PholioMockEditor.php @@ -91,7 +91,7 @@ final class PholioMockEditor extends PhabricatorApplicationTransactionEditor { $images = $this->getNewImages(); foreach ($images as $image) { - $image->setMockID($object->getID()); + $image->setMockPHID($object->getPHID()); $image->save(); } diff --git a/src/applications/pholio/lipsum/PhabricatorPholioMockTestDataGenerator.php b/src/applications/pholio/lipsum/PhabricatorPholioMockTestDataGenerator.php index 041e14fcbf..b97a5fc3c7 100644 --- a/src/applications/pholio/lipsum/PhabricatorPholioMockTestDataGenerator.php +++ b/src/applications/pholio/lipsum/PhabricatorPholioMockTestDataGenerator.php @@ -65,7 +65,7 @@ final class PhabricatorPholioMockTestDataGenerator ->setActor($author) ->applyTransactions($mock, $transactions); foreach ($images as $image) { - $image->setMockID($mock->getID()); + $image->setMockPHID($mock->getPHID()); $image->save(); } diff --git a/src/applications/pholio/phid/PholioImagePHIDType.php b/src/applications/pholio/phid/PholioImagePHIDType.php index b28dbd64d5..d7a9984fd5 100644 --- a/src/applications/pholio/phid/PholioImagePHIDType.php +++ b/src/applications/pholio/phid/PholioImagePHIDType.php @@ -32,13 +32,9 @@ final class PholioImagePHIDType extends PhabricatorPHIDType { foreach ($handles as $phid => $handle) { $image = $objects[$phid]; - $id = $image->getID(); - $mock_id = $image->getMockID(); - $name = $image->getName(); - - $handle->setURI("/M{$mock_id}/{$id}/"); - $handle->setName($name); - $handle->setFullName($name); + $handle + ->setName($image->getName()) + ->setURI($image->getURI()); } } diff --git a/src/applications/pholio/query/PholioImageQuery.php b/src/applications/pholio/query/PholioImageQuery.php index 5f541f1768..0fa7bfb1a0 100644 --- a/src/applications/pholio/query/PholioImageQuery.php +++ b/src/applications/pholio/query/PholioImageQuery.php @@ -5,8 +5,7 @@ final class PholioImageQuery private $ids; private $phids; - private $mockIDs; - private $obsolete; + private $mockPHIDs; private $needInlineComments; private $mockCache = array(); @@ -21,13 +20,8 @@ final class PholioImageQuery return $this; } - public function withMockIDs(array $mock_ids) { - $this->mockIDs = $mock_ids; - return $this; - } - - public function withObsolete($obsolete) { - $this->obsolete = $obsolete; + public function withMockPHIDs(array $mock_phids) { + $this->mockPHIDs = $mock_phids; return $this; } @@ -69,18 +63,11 @@ final class PholioImageQuery $this->phids); } - if ($this->mockIDs !== null) { + if ($this->mockPHIDs !== null) { $where[] = qsprintf( $conn, - 'mockID IN (%Ld)', - $this->mockIDs); - } - - if ($this->obsolete !== null) { - $where[] = qsprintf( - $conn, - 'isObsolete = %d', - $this->obsolete); + 'mockPHID IN (%Ls)', + $this->mockPHIDs); } return $where; @@ -92,16 +79,18 @@ final class PholioImageQuery if ($this->getMockCache()) { $mocks = $this->getMockCache(); } else { - $mock_ids = mpull($images, 'getMockID'); + $mock_phids = mpull($images, 'getMockPHID'); + // DO NOT set needImages to true; recursion results! $mocks = id(new PholioMockQuery()) ->setViewer($this->getViewer()) - ->withIDs($mock_ids) + ->withPHIDs($mock_phids) ->execute(); - $mocks = mpull($mocks, null, 'getID'); + $mocks = mpull($mocks, null, 'getPHID'); } + foreach ($images as $index => $image) { - $mock = idx($mocks, $image->getMockID()); + $mock = idx($mocks, $image->getMockPHID()); if ($mock) { $image->attachMock($mock); } else { diff --git a/src/applications/pholio/query/PholioMockQuery.php b/src/applications/pholio/query/PholioMockQuery.php index 5f1711def6..9e3154ec5c 100644 --- a/src/applications/pholio/query/PholioMockQuery.php +++ b/src/applications/pholio/query/PholioMockQuery.php @@ -115,18 +115,18 @@ final class PholioMockQuery $need_inline_comments) { assert_instances_of($mocks, 'PholioMock'); - $mock_map = mpull($mocks, null, 'getID'); + $mock_map = mpull($mocks, null, 'getPHID'); $all_images = id(new PholioImageQuery()) ->setViewer($viewer) ->setMockCache($mock_map) - ->withMockIDs(array_keys($mock_map)) + ->withMockPHIDs(array_keys($mock_map)) ->needInlineComments($need_inline_comments) ->execute(); - $image_groups = mgroup($all_images, 'getMockID'); + $image_groups = mgroup($all_images, 'getMockPHID'); foreach ($mocks as $mock) { - $mock_images = idx($image_groups, $mock->getID(), array()); + $mock_images = idx($image_groups, $mock->getPHID(), array()); $mock->attachAllImages($mock_images); $active_images = mfilter($mock_images, 'getIsObsolete', true); $mock->attachImages(msort($active_images, 'getSequence')); diff --git a/src/applications/pholio/storage/PholioImage.php b/src/applications/pholio/storage/PholioImage.php index 0f800bbb0f..1440773722 100644 --- a/src/applications/pholio/storage/PholioImage.php +++ b/src/applications/pholio/storage/PholioImage.php @@ -6,7 +6,7 @@ final class PholioImage extends PholioDAO PhabricatorExtendedPolicyInterface { protected $authorPHID; - protected $mockID; + protected $mockPHID; protected $filePHID; protected $name; protected $description; @@ -29,7 +29,7 @@ final class PholioImage extends PholioDAO return array( self::CONFIG_AUX_PHID => true, self::CONFIG_COLUMN_SCHEMA => array( - 'mockID' => 'id?', + 'mockPHID' => 'phid?', 'name' => 'text128', 'description' => 'text', 'sequence' => 'uint32', @@ -37,14 +37,9 @@ final class PholioImage extends PholioDAO 'replacesImagePHID' => 'phid?', ), self::CONFIG_KEY_SCHEMA => array( - 'key_phid' => null, - 'keyPHID' => array( - 'columns' => array('phid'), - 'unique' => true, - ), - 'mockID' => array( - 'columns' => array('mockID', 'isObsolete', 'sequence'), - ), + // TODO: There should be a key starting with "mockPHID" here at a + // minimum, but it's not entirely clear what other columns we should + // have as part of the key. ), ) + parent::getConfiguration(); } @@ -71,6 +66,10 @@ final class PholioImage extends PholioDAO return $this->assertAttached($this->mock); } + public function hasMock() { + return (bool)$this->getMockPHID(); + } + public function attachInlineComments(array $inline_comments) { assert_instances_of($inline_comments, 'PholioTransactionComment'); $this->inlineComments = $inline_comments; @@ -82,6 +81,22 @@ final class PholioImage extends PholioDAO return $this->inlineComments; } + public function getURI() { + if ($this->hasMock()) { + $mock = $this->getMock(); + + $mock_uri = $mock->getURI(); + $image_id = $this->getID(); + + return "{$mock_uri}/{$image_id}/"; + } + + // For now, standalone images have no URI. We could provide one at some + // point, although it's not clear that there's any motivation to do so. + + return null; + } + /* -( PhabricatorPolicyInterface )----------------------------------------- */ @@ -96,7 +111,7 @@ final class PholioImage extends PholioDAO public function getPolicy($capability) { // If the image is attached to a mock, we use an extended policy to match // the mock's permissions. - if ($this->getMockID()) { + if ($this->hasMock()) { return PhabricatorPolicies::getMostOpenPolicy(); } @@ -113,7 +128,7 @@ final class PholioImage extends PholioDAO public function getExtendedPolicy($capability, PhabricatorUser $viewer) { - if ($this->getMockID()) { + if ($this->hasMock()) { return array( array( $this->getMock(), diff --git a/src/applications/pholio/storage/PholioMock.php b/src/applications/pholio/storage/PholioMock.php index cf32a34131..62285d0a59 100644 --- a/src/applications/pholio/storage/PholioMock.php +++ b/src/applications/pholio/storage/PholioMock.php @@ -259,7 +259,7 @@ final class PholioMock extends PholioDAO $this->openTransaction(); $images = id(new PholioImageQuery()) ->setViewer($engine->getViewer()) - ->withMockIDs(array($this->getID())) + ->withMockIDs(array($this->getPHID())) ->execute(); foreach ($images as $image) { $image->delete(); From 6c43d1d52cbd7a9808cf84d6d730c0a46241c111 Mon Sep 17 00:00:00 2001 From: epriestley Date: Wed, 19 Dec 2018 11:52:53 -0800 Subject: [PATCH 20/44] Remove "willRenderTimeline()" from ApplicationTransactionInterface Summary: Depends on D19914. Ref T11351. Some of the Phoilo rabbit holes go very deep. `PhabricatorApplicationTransactionInterface` currently requires you to implement `willRenderTimeline()`. Almost every object just implements this as `return $timeline`; only Pholio, Diffusion, and Differential specialize it. In all cases, they are specializing it mostly to render inline comments. The actual implementations are a bit of a weird mess and the way the data is threaded through the call stack is weird and not very modern. Try to clean this up: - Stop requiring `willRenderTimeline()` to be implemented. - Stop requiring `getApplicationTransactionViewObject()` to be implemented (only the three above, plus Legalpad, implement this, and Legalpad's implementation is a no-op). These two methods are inherently pretty coupled for almost any reasonable thing you might want to do with the timeline. - Simplify the handling of "renderdata" and call it "View Data". This is additional information about the current view of the transaction timeline that is required to render it correctly. This is only used in Differential, to decide if we can link an inline comment to an anchor on the same page or should link it to another page. We could perhaps do this on the client instead, but having this data doesn't seem inherently bad to me. - If objects want to customize timeline rendering, they now implement `PhabricatorTimelineInterface` and provide a `TimelineEngine` which gets a nice formal stack. This leaves a lot of empty `willRenderTimeline()` implementations hanging around. I'll remove these in the next change, it's just going to be deleting a couple dozen copies of an identical empty method implementation. Test Plan: - Viewed audits, revisions, and mocks with inline comments. - Used "Show Older" to page a revision back in history (this is relevant for "View Data"). - Grepped for symbols: willRenderTimeline, getApplicationTransactionViewObject, Legalpad classes. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T11351 Differential Revision: https://secure.phabricator.com/D19918 --- resources/celerity/map.php | 18 ++-- src/__phutil_library_map__.php | 16 +++- .../storage/PhabricatorAuditTransaction.php | 4 - .../PhabricatorBadgesCommentController.php | 1 + .../base/controller/PhabricatorController.php | 20 ++-- .../PhabricatorConfigHistoryController.php | 8 +- .../DifferentialRevisionTimelineEngine.php | 78 +++++++++++++++ .../storage/DifferentialRevision.php | 77 ++------------- .../storage/DifferentialTransaction.php | 4 - .../controller/DiffusionCommitController.php | 2 - .../engine/DiffusionCommitTimelineEngine.php | 30 ++++++ .../legalpad/storage/LegalpadTransaction.php | 4 - .../legalpad/view/LegalpadTransactionView.php | 4 - .../PholioMockCommentController.php | 5 +- .../engine/PholioMockTimelineEngine.php | 19 ++++ .../pholio/storage/PholioMock.php | 21 ++-- .../pholio/storage/PholioTransaction.php | 4 - .../PonderAnswerCommentController.php | 1 + .../PonderQuestionCommentController.php | 1 + .../ReleephRequestCommentController.php | 1 + .../storage/PhabricatorRepositoryCommit.php | 36 ++----- .../PhabricatorSlowvoteCommentController.php | 1 + ...licationTransactionShowOlderController.php | 13 ++- .../editengine/PhabricatorEditEngine.php | 1 + .../PhabricatorStandardTimelineEngine.php | 4 + .../engine/PhabricatorTimelineEngine.php | 95 +++++++++++++++++++ ...ricatorApplicationTransactionInterface.php | 16 ---- .../PhabricatorTimelineInterface.php | 7 ++ ...bricatorApplicationTransactionResponse.php | 42 ++++---- .../PhabricatorApplicationTransaction.php | 4 - .../PhabricatorApplicationTransactionView.php | 41 ++++---- src/view/phui/PHUITimelineView.php | 12 ++- .../behavior-show-older-transactions.js | 6 +- 33 files changed, 366 insertions(+), 230 deletions(-) create mode 100644 src/applications/differential/engine/DifferentialRevisionTimelineEngine.php create mode 100644 src/applications/diffusion/engine/DiffusionCommitTimelineEngine.php delete mode 100644 src/applications/legalpad/view/LegalpadTransactionView.php create mode 100644 src/applications/pholio/engine/PholioMockTimelineEngine.php create mode 100644 src/applications/transactions/engine/PhabricatorStandardTimelineEngine.php create mode 100644 src/applications/transactions/engine/PhabricatorTimelineEngine.php create mode 100644 src/applications/transactions/interface/PhabricatorTimelineInterface.php diff --git a/resources/celerity/map.php b/resources/celerity/map.php index 3b86ebeeb4..7044c5293a 100644 --- a/resources/celerity/map.php +++ b/resources/celerity/map.php @@ -10,7 +10,7 @@ return array( 'conpherence.pkg.css' => 'e68cf1fa', 'conpherence.pkg.js' => '15191c65', 'core.pkg.css' => '9d1148a4', - 'core.pkg.js' => '4bde473b', + 'core.pkg.js' => 'bd89cb1d', 'differential.pkg.css' => '06dc617c', 'differential.pkg.js' => 'ef0b989b', 'diffusion.pkg.css' => 'a2d17c7d', @@ -425,7 +425,7 @@ return array( 'rsrc/js/application/transactions/behavior-comment-actions.js' => '59e27e74', 'rsrc/js/application/transactions/behavior-reorder-configs.js' => 'd7a74243', 'rsrc/js/application/transactions/behavior-reorder-fields.js' => 'b59e1e96', - 'rsrc/js/application/transactions/behavior-show-older-transactions.js' => '8f29b364', + 'rsrc/js/application/transactions/behavior-show-older-transactions.js' => '0e1eca96', 'rsrc/js/application/transactions/behavior-transaction-comment-form.js' => 'b23b49e6', 'rsrc/js/application/transactions/behavior-transaction-list.js' => '1f6794f6', 'rsrc/js/application/typeahead/behavior-typeahead-browse.js' => '635de1ec', @@ -639,7 +639,7 @@ return array( 'javelin-behavior-phabricator-remarkup-assist' => 'acd29eee', 'javelin-behavior-phabricator-reveal-content' => '60821bc7', 'javelin-behavior-phabricator-search-typeahead' => 'c3e917d9', - 'javelin-behavior-phabricator-show-older-transactions' => '8f29b364', + 'javelin-behavior-phabricator-show-older-transactions' => '0e1eca96', 'javelin-behavior-phabricator-tooltips' => 'c420b0b9', 'javelin-behavior-phabricator-transaction-comment-form' => 'b23b49e6', 'javelin-behavior-phabricator-transaction-list' => '1f6794f6', @@ -950,6 +950,12 @@ return array( 'javelin-install', 'phuix-button-view', ), + '0e1eca96' => array( + 'javelin-behavior', + 'javelin-stratcom', + 'javelin-dom', + 'phabricator-busy', + ), '0f764c35' => array( 'javelin-install', 'javelin-util', @@ -1581,12 +1587,6 @@ return array( '8e1baf68' => array( 'phui-button-css', ), - '8f29b364' => array( - 'javelin-behavior', - 'javelin-stratcom', - 'javelin-dom', - 'phabricator-busy', - ), '8ff5e24c' => array( 'javelin-behavior', 'javelin-stratcom', diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php index 7767a93561..6320811c9a 100644 --- a/src/__phutil_library_map__.php +++ b/src/__phutil_library_map__.php @@ -647,6 +647,7 @@ phutil_register_library_map(array( 'DifferentialRevisionSummaryTransaction' => 'applications/differential/xaction/DifferentialRevisionSummaryTransaction.php', 'DifferentialRevisionTestPlanHeraldField' => 'applications/differential/herald/DifferentialRevisionTestPlanHeraldField.php', 'DifferentialRevisionTestPlanTransaction' => 'applications/differential/xaction/DifferentialRevisionTestPlanTransaction.php', + 'DifferentialRevisionTimelineEngine' => 'applications/differential/engine/DifferentialRevisionTimelineEngine.php', 'DifferentialRevisionTitleHeraldField' => 'applications/differential/herald/DifferentialRevisionTitleHeraldField.php', 'DifferentialRevisionTitleTransaction' => 'applications/differential/xaction/DifferentialRevisionTitleTransaction.php', 'DifferentialRevisionTransactionType' => 'applications/differential/xaction/DifferentialRevisionTransactionType.php', @@ -769,6 +770,7 @@ phutil_register_library_map(array( 'DiffusionCommitSearchConduitAPIMethod' => 'applications/diffusion/conduit/DiffusionCommitSearchConduitAPIMethod.php', 'DiffusionCommitStateTransaction' => 'applications/diffusion/xaction/DiffusionCommitStateTransaction.php', 'DiffusionCommitTagsController' => 'applications/diffusion/controller/DiffusionCommitTagsController.php', + 'DiffusionCommitTimelineEngine' => 'applications/diffusion/engine/DiffusionCommitTimelineEngine.php', 'DiffusionCommitTransactionType' => 'applications/diffusion/xaction/DiffusionCommitTransactionType.php', 'DiffusionCommitVerifyTransaction' => 'applications/diffusion/xaction/DiffusionCommitVerifyTransaction.php', 'DiffusionCompareController' => 'applications/diffusion/controller/DiffusionCompareController.php', @@ -1630,7 +1632,6 @@ phutil_register_library_map(array( 'LegalpadTransaction' => 'applications/legalpad/storage/LegalpadTransaction.php', 'LegalpadTransactionComment' => 'applications/legalpad/storage/LegalpadTransactionComment.php', 'LegalpadTransactionQuery' => 'applications/legalpad/query/LegalpadTransactionQuery.php', - 'LegalpadTransactionView' => 'applications/legalpad/view/LegalpadTransactionView.php', 'LiskChunkTestCase' => 'infrastructure/storage/lisk/__tests__/LiskChunkTestCase.php', 'LiskDAO' => 'infrastructure/storage/lisk/LiskDAO.php', 'LiskDAOTestCase' => 'infrastructure/storage/lisk/__tests__/LiskDAOTestCase.php', @@ -4433,6 +4434,7 @@ phutil_register_library_map(array( 'PhabricatorStandardCustomFieldUsers' => 'infrastructure/customfield/standard/PhabricatorStandardCustomFieldUsers.php', 'PhabricatorStandardPageView' => 'view/page/PhabricatorStandardPageView.php', 'PhabricatorStandardSelectCustomFieldDatasource' => 'infrastructure/customfield/datasource/PhabricatorStandardSelectCustomFieldDatasource.php', + 'PhabricatorStandardTimelineEngine' => 'applications/transactions/engine/PhabricatorStandardTimelineEngine.php', 'PhabricatorStaticEditField' => 'applications/transactions/editfield/PhabricatorStaticEditField.php', 'PhabricatorStatusController' => 'applications/system/controller/PhabricatorStatusController.php', 'PhabricatorStatusUIExample' => 'applications/uiexample/examples/PhabricatorStatusUIExample.php', @@ -4532,6 +4534,8 @@ phutil_register_library_map(array( 'PhabricatorTimeFormatSetting' => 'applications/settings/setting/PhabricatorTimeFormatSetting.php', 'PhabricatorTimeGuard' => 'infrastructure/time/PhabricatorTimeGuard.php', 'PhabricatorTimeTestCase' => 'infrastructure/time/__tests__/PhabricatorTimeTestCase.php', + 'PhabricatorTimelineEngine' => 'applications/transactions/engine/PhabricatorTimelineEngine.php', + 'PhabricatorTimelineInterface' => 'applications/transactions/interface/PhabricatorTimelineInterface.php', 'PhabricatorTimezoneIgnoreOffsetSetting' => 'applications/settings/setting/PhabricatorTimezoneIgnoreOffsetSetting.php', 'PhabricatorTimezoneSetting' => 'applications/settings/setting/PhabricatorTimezoneSetting.php', 'PhabricatorTimezoneSetupCheck' => 'applications/config/check/PhabricatorTimezoneSetupCheck.php', @@ -4871,6 +4875,7 @@ phutil_register_library_map(array( 'PholioMockSearchEngine' => 'applications/pholio/query/PholioMockSearchEngine.php', 'PholioMockStatusTransaction' => 'applications/pholio/xaction/PholioMockStatusTransaction.php', 'PholioMockThumbGridView' => 'applications/pholio/view/PholioMockThumbGridView.php', + 'PholioMockTimelineEngine' => 'applications/pholio/engine/PholioMockTimelineEngine.php', 'PholioMockTransactionType' => 'applications/pholio/xaction/PholioMockTransactionType.php', 'PholioMockViewController' => 'applications/pholio/controller/PholioMockViewController.php', 'PholioRemarkupRule' => 'applications/pholio/remarkup/PholioRemarkupRule.php', @@ -5991,6 +5996,7 @@ phutil_register_library_map(array( 'PhabricatorSubscribableInterface', 'PhabricatorCustomFieldInterface', 'PhabricatorApplicationTransactionInterface', + 'PhabricatorTimelineInterface', 'PhabricatorMentionableInterface', 'PhabricatorDestructibleInterface', 'PhabricatorProjectInterface', @@ -6072,6 +6078,7 @@ phutil_register_library_map(array( 'DifferentialRevisionSummaryTransaction' => 'DifferentialRevisionTransactionType', 'DifferentialRevisionTestPlanHeraldField' => 'DifferentialRevisionHeraldField', 'DifferentialRevisionTestPlanTransaction' => 'DifferentialRevisionTransactionType', + 'DifferentialRevisionTimelineEngine' => 'PhabricatorTimelineEngine', 'DifferentialRevisionTitleHeraldField' => 'DifferentialRevisionHeraldField', 'DifferentialRevisionTitleTransaction' => 'DifferentialRevisionTransactionType', 'DifferentialRevisionTransactionType' => 'PhabricatorModularTransactionType', @@ -6194,6 +6201,7 @@ phutil_register_library_map(array( 'DiffusionCommitSearchConduitAPIMethod' => 'PhabricatorSearchEngineAPIMethod', 'DiffusionCommitStateTransaction' => 'DiffusionCommitTransactionType', 'DiffusionCommitTagsController' => 'DiffusionController', + 'DiffusionCommitTimelineEngine' => 'PhabricatorTimelineEngine', 'DiffusionCommitTransactionType' => 'PhabricatorModularTransactionType', 'DiffusionCommitVerifyTransaction' => 'DiffusionCommitAuditTransaction', 'DiffusionCompareController' => 'DiffusionController', @@ -7201,7 +7209,6 @@ phutil_register_library_map(array( 'LegalpadTransaction' => 'PhabricatorModularTransaction', 'LegalpadTransactionComment' => 'PhabricatorApplicationTransactionComment', 'LegalpadTransactionQuery' => 'PhabricatorApplicationTransactionQuery', - 'LegalpadTransactionView' => 'PhabricatorApplicationTransactionView', 'LiskChunkTestCase' => 'PhabricatorTestCase', 'LiskDAO' => array( 'Phobject', @@ -10079,6 +10086,7 @@ phutil_register_library_map(array( 'HarbormasterBuildkiteBuildableInterface', 'PhabricatorCustomFieldInterface', 'PhabricatorApplicationTransactionInterface', + 'PhabricatorTimelineInterface', 'PhabricatorFulltextInterface', 'PhabricatorFerretInterface', 'PhabricatorConduitResultInterface', @@ -10469,6 +10477,7 @@ phutil_register_library_map(array( 'AphrontResponseProducerInterface', ), 'PhabricatorStandardSelectCustomFieldDatasource' => 'PhabricatorTypeaheadDatasource', + 'PhabricatorStandardTimelineEngine' => 'PhabricatorTimelineEngine', 'PhabricatorStaticEditField' => 'PhabricatorEditField', 'PhabricatorStatusController' => 'PhabricatorController', 'PhabricatorStatusUIExample' => 'PhabricatorUIExample', @@ -10567,6 +10576,7 @@ phutil_register_library_map(array( 'PhabricatorTimeFormatSetting' => 'PhabricatorSelectSetting', 'PhabricatorTimeGuard' => 'Phobject', 'PhabricatorTimeTestCase' => 'PhabricatorTestCase', + 'PhabricatorTimelineEngine' => 'Phobject', 'PhabricatorTimezoneIgnoreOffsetSetting' => 'PhabricatorInternalSetting', 'PhabricatorTimezoneSetting' => 'PhabricatorOptionGroupSetting', 'PhabricatorTimezoneSetupCheck' => 'PhabricatorSetupCheck', @@ -10967,6 +10977,7 @@ phutil_register_library_map(array( 'PhabricatorTokenReceiverInterface', 'PhabricatorFlaggableInterface', 'PhabricatorApplicationTransactionInterface', + 'PhabricatorTimelineInterface', 'PhabricatorProjectInterface', 'PhabricatorDestructibleInterface', 'PhabricatorSpacesInterface', @@ -11001,6 +11012,7 @@ phutil_register_library_map(array( 'PholioMockSearchEngine' => 'PhabricatorApplicationSearchEngine', 'PholioMockStatusTransaction' => 'PholioMockTransactionType', 'PholioMockThumbGridView' => 'AphrontView', + 'PholioMockTimelineEngine' => 'PhabricatorTimelineEngine', 'PholioMockTransactionType' => 'PholioTransactionType', 'PholioMockViewController' => 'PholioController', 'PholioRemarkupRule' => 'PhabricatorObjectRemarkupRule', diff --git a/src/applications/audit/storage/PhabricatorAuditTransaction.php b/src/applications/audit/storage/PhabricatorAuditTransaction.php index ad96edb3a4..da312e626a 100644 --- a/src/applications/audit/storage/PhabricatorAuditTransaction.php +++ b/src/applications/audit/storage/PhabricatorAuditTransaction.php @@ -32,10 +32,6 @@ final class PhabricatorAuditTransaction return new PhabricatorAuditTransactionComment(); } - public function getApplicationTransactionViewObject() { - return new PhabricatorAuditTransactionView(); - } - public function getRemarkupBlocks() { $blocks = parent::getRemarkupBlocks(); diff --git a/src/applications/badges/controller/PhabricatorBadgesCommentController.php b/src/applications/badges/controller/PhabricatorBadgesCommentController.php index a9108fd8dd..32e1775149 100644 --- a/src/applications/badges/controller/PhabricatorBadgesCommentController.php +++ b/src/applications/badges/controller/PhabricatorBadgesCommentController.php @@ -51,6 +51,7 @@ final class PhabricatorBadgesCommentController if ($request->isAjax() && $is_preview) { return id(new PhabricatorApplicationTransactionResponse()) + ->setObject($badge) ->setViewer($viewer) ->setTransactions($xactions) ->setIsPreview($is_preview); diff --git a/src/applications/base/controller/PhabricatorController.php b/src/applications/base/controller/PhabricatorController.php index df0c94c13d..e05a6016a6 100644 --- a/src/applications/base/controller/PhabricatorController.php +++ b/src/applications/base/controller/PhabricatorController.php @@ -482,14 +482,14 @@ abstract class PhabricatorController extends AphrontController { PhabricatorApplicationTransactionInterface $object, PhabricatorApplicationTransactionQuery $query, PhabricatorMarkupEngine $engine = null, - $render_data = array()) { + $view_data = array()) { - $viewer = $this->getRequest()->getUser(); + $request = $this->getRequest(); + $viewer = $this->getViewer(); $xaction = $object->getApplicationTransactionTemplate(); - $view = $xaction->getApplicationTransactionViewObject(); $pager = id(new AphrontCursorPagerView()) - ->readFromRequest($this->getRequest()) + ->readFromRequest($request) ->setURI(new PhutilURI( '/transactions/showolder/'.$object->getPHID().'/')); @@ -500,6 +500,13 @@ abstract class PhabricatorController extends AphrontController { ->executeWithCursorPager($pager); $xactions = array_reverse($xactions); + $timeline_engine = PhabricatorTimelineEngine::newForObject($object) + ->setViewer($viewer) + ->setTransactions($xactions) + ->setViewData($view_data); + + $view = $timeline_engine->buildTimelineView(); + if ($engine) { foreach ($xactions as $xaction) { if ($xaction->getComment()) { @@ -513,14 +520,9 @@ abstract class PhabricatorController extends AphrontController { } $timeline = $view - ->setUser($viewer) - ->setObjectPHID($object->getPHID()) - ->setTransactions($xactions) ->setPager($pager) - ->setRenderData($render_data) ->setQuoteTargetID($this->getRequest()->getStr('quoteTargetID')) ->setQuoteRef($this->getRequest()->getStr('quoteRef')); - $object->willRenderTimeline($timeline, $this->getRequest()); return $timeline; } diff --git a/src/applications/config/controller/PhabricatorConfigHistoryController.php b/src/applications/config/controller/PhabricatorConfigHistoryController.php index 238d09234d..9157ecb8bb 100644 --- a/src/applications/config/controller/PhabricatorConfigHistoryController.php +++ b/src/applications/config/controller/PhabricatorConfigHistoryController.php @@ -16,18 +16,14 @@ final class PhabricatorConfigHistoryController $xaction = $object->getApplicationTransactionTemplate(); - $view = $xaction->getApplicationTransactionViewObject(); - - $timeline = $view - ->setUser($viewer) + $timeline = id(new PhabricatorApplicationTransactionView()) + ->setViewer($viewer) ->setTransactions($xactions) ->setRenderAsFeed(true) ->setObjectPHID(PhabricatorPHIDConstants::PHID_VOID); $timeline->setShouldTerminate(true); - $object->willRenderTimeline($timeline, $this->getRequest()); - $title = pht('Settings History'); $header = $this->buildHeaderView($title); diff --git a/src/applications/differential/engine/DifferentialRevisionTimelineEngine.php b/src/applications/differential/engine/DifferentialRevisionTimelineEngine.php new file mode 100644 index 0000000000..51d2c28fe0 --- /dev/null +++ b/src/applications/differential/engine/DifferentialRevisionTimelineEngine.php @@ -0,0 +1,78 @@ +getViewer(); + $xactions = $this->getTransactions(); + $revision = $this->getObject(); + + $view_data = $this->getViewData(); + if (!$view_data) { + $view_data = array(); + } + + $left = idx($view_data, 'left'); + $right = idx($view_data, 'right'); + + $diffs = id(new DifferentialDiffQuery()) + ->setViewer($viewer) + ->withIDs(array($left, $right)) + ->execute(); + $diffs = mpull($diffs, null, 'getID'); + $left_diff = $diffs[$left]; + $right_diff = $diffs[$right]; + + $old_ids = idx($view_data, 'old'); + $new_ids = idx($view_data, 'new'); + $old_ids = array_filter(explode(',', $old_ids)); + $new_ids = array_filter(explode(',', $new_ids)); + + $type_inline = DifferentialTransaction::TYPE_INLINE; + $changeset_ids = array_merge($old_ids, $new_ids); + $inlines = array(); + foreach ($xactions as $xaction) { + if ($xaction->getTransactionType() == $type_inline) { + $inlines[] = $xaction->getComment(); + $changeset_ids[] = $xaction->getComment()->getChangesetID(); + } + } + + if ($changeset_ids) { + $changesets = id(new DifferentialChangesetQuery()) + ->setViewer($viewer) + ->withIDs($changeset_ids) + ->execute(); + $changesets = mpull($changesets, null, 'getID'); + } else { + $changesets = array(); + } + + foreach ($inlines as $key => $inline) { + $inlines[$key] = DifferentialInlineComment::newFromModernComment( + $inline); + } + + $query = id(new DifferentialInlineCommentQuery()) + ->needHidden(true) + ->setViewer($viewer); + + // NOTE: This is a bit sketchy: this method adjusts the inlines as a + // side effect, which means it will ultimately adjust the transaction + // comments and affect timeline rendering. + $query->adjustInlinesForChangesets( + $inlines, + array_select_keys($changesets, $old_ids), + array_select_keys($changesets, $new_ids), + $revision); + + return id(new DifferentialTransactionView()) + ->setViewData($view_data) + ->setChangesets($changesets) + ->setRevision($revision) + ->setLeftDiff($left_diff) + ->setRightDiff($right_diff); + } + +} diff --git a/src/applications/differential/storage/DifferentialRevision.php b/src/applications/differential/storage/DifferentialRevision.php index 9b169f3c67..ef94da7f67 100644 --- a/src/applications/differential/storage/DifferentialRevision.php +++ b/src/applications/differential/storage/DifferentialRevision.php @@ -11,6 +11,7 @@ final class DifferentialRevision extends DifferentialDAO PhabricatorSubscribableInterface, PhabricatorCustomFieldInterface, PhabricatorApplicationTransactionInterface, + PhabricatorTimelineInterface, PhabricatorMentionableInterface, PhabricatorDestructibleInterface, PhabricatorProjectInterface, @@ -998,73 +999,6 @@ final class DifferentialRevision extends DifferentialDAO return new DifferentialTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - $viewer = $request->getViewer(); - - $render_data = $timeline->getRenderData(); - $left = $request->getInt('left', idx($render_data, 'left')); - $right = $request->getInt('right', idx($render_data, 'right')); - - $diffs = id(new DifferentialDiffQuery()) - ->setViewer($request->getUser()) - ->withIDs(array($left, $right)) - ->execute(); - $diffs = mpull($diffs, null, 'getID'); - $left_diff = $diffs[$left]; - $right_diff = $diffs[$right]; - - $old_ids = $request->getStr('old', idx($render_data, 'old')); - $new_ids = $request->getStr('new', idx($render_data, 'new')); - $old_ids = array_filter(explode(',', $old_ids)); - $new_ids = array_filter(explode(',', $new_ids)); - - $type_inline = DifferentialTransaction::TYPE_INLINE; - $changeset_ids = array_merge($old_ids, $new_ids); - $inlines = array(); - foreach ($timeline->getTransactions() as $xaction) { - if ($xaction->getTransactionType() == $type_inline) { - $inlines[] = $xaction->getComment(); - $changeset_ids[] = $xaction->getComment()->getChangesetID(); - } - } - - if ($changeset_ids) { - $changesets = id(new DifferentialChangesetQuery()) - ->setViewer($request->getUser()) - ->withIDs($changeset_ids) - ->execute(); - $changesets = mpull($changesets, null, 'getID'); - } else { - $changesets = array(); - } - - foreach ($inlines as $key => $inline) { - $inlines[$key] = DifferentialInlineComment::newFromModernComment( - $inline); - } - - $query = id(new DifferentialInlineCommentQuery()) - ->needHidden(true) - ->setViewer($viewer); - - // NOTE: This is a bit sketchy: this method adjusts the inlines as a - // side effect, which means it will ultimately adjust the transaction - // comments and affect timeline rendering. - $query->adjustInlinesForChangesets( - $inlines, - array_select_keys($changesets, $old_ids), - array_select_keys($changesets, $new_ids), - $this); - - return $timeline - ->setChangesets($changesets) - ->setRevision($this) - ->setLeftDiff($left_diff) - ->setRightDiff($right_diff); - } - /* -( PhabricatorDestructibleInterface )----------------------------------- */ @@ -1206,4 +1140,13 @@ final class DifferentialRevision extends DifferentialDAO return new DifferentialRevisionDraftEngine(); } + +/* -( PhabricatorTimelineInterface )--------------------------------------- */ + + + public function newTimelineEngine() { + return new DifferentialRevisionTimelineEngine(); + } + + } diff --git a/src/applications/differential/storage/DifferentialTransaction.php b/src/applications/differential/storage/DifferentialTransaction.php index 53fdc71a15..c49e40f988 100644 --- a/src/applications/differential/storage/DifferentialTransaction.php +++ b/src/applications/differential/storage/DifferentialTransaction.php @@ -65,10 +65,6 @@ final class DifferentialTransaction return new DifferentialTransactionComment(); } - public function getApplicationTransactionViewObject() { - return new DifferentialTransactionView(); - } - public function shouldHide() { $old = $this->getOldValue(); $new = $this->getNewValue(); diff --git a/src/applications/diffusion/controller/DiffusionCommitController.php b/src/applications/diffusion/controller/DiffusionCommitController.php index 5621b1fa12..fae215f381 100644 --- a/src/applications/diffusion/controller/DiffusionCommitController.php +++ b/src/applications/diffusion/controller/DiffusionCommitController.php @@ -740,8 +740,6 @@ final class DiffusionCommitController extends DiffusionController { $commit, new PhabricatorAuditTransactionQuery()); - $commit->willRenderTimeline($timeline, $this->getRequest()); - $timeline->setQuoteRef($commit->getMonogram()); return $timeline; diff --git a/src/applications/diffusion/engine/DiffusionCommitTimelineEngine.php b/src/applications/diffusion/engine/DiffusionCommitTimelineEngine.php new file mode 100644 index 0000000000..49914c4b4f --- /dev/null +++ b/src/applications/diffusion/engine/DiffusionCommitTimelineEngine.php @@ -0,0 +1,30 @@ +getTransactions(); + + $path_ids = array(); + foreach ($xactions as $xaction) { + if ($xaction->hasComment()) { + $path_id = $xaction->getComment()->getPathID(); + if ($path_id) { + $path_ids[] = $path_id; + } + } + } + + $path_map = array(); + if ($path_ids) { + $path_map = id(new DiffusionPathQuery()) + ->withPathIDs($path_ids) + ->execute(); + $path_map = ipull($path_map, 'path', 'id'); + } + + return id(new PhabricatorAuditTransactionView()) + ->setPathMap($path_map); + } +} diff --git a/src/applications/legalpad/storage/LegalpadTransaction.php b/src/applications/legalpad/storage/LegalpadTransaction.php index c43c86c5fc..dc4bbfe942 100644 --- a/src/applications/legalpad/storage/LegalpadTransaction.php +++ b/src/applications/legalpad/storage/LegalpadTransaction.php @@ -14,10 +14,6 @@ final class LegalpadTransaction extends PhabricatorModularTransaction { return new LegalpadTransactionComment(); } - public function getApplicationTransactionViewObject() { - return new LegalpadTransactionView(); - } - public function getBaseTransactionClass() { return 'LegalpadDocumentTransactionType'; } diff --git a/src/applications/legalpad/view/LegalpadTransactionView.php b/src/applications/legalpad/view/LegalpadTransactionView.php deleted file mode 100644 index a68619c000..0000000000 --- a/src/applications/legalpad/view/LegalpadTransactionView.php +++ /dev/null @@ -1,4 +0,0 @@ -isAjax() && $is_preview) { - $xaction_view = id(new PholioTransactionView()) - ->setMock($mock); - return id(new PhabricatorApplicationTransactionResponse()) + ->setObject($mock) ->setViewer($viewer) ->setTransactions($xactions) - ->setTransactionView($xaction_view) ->setIsPreview($is_preview); } else { return id(new AphrontRedirectResponse())->setURI($mock_uri); diff --git a/src/applications/pholio/engine/PholioMockTimelineEngine.php b/src/applications/pholio/engine/PholioMockTimelineEngine.php new file mode 100644 index 0000000000..80b64e73b7 --- /dev/null +++ b/src/applications/pholio/engine/PholioMockTimelineEngine.php @@ -0,0 +1,19 @@ +getViewer(); + $object = $this->getObject(); + + PholioMockQuery::loadImages( + $viewer, + array($object), + $need_inline_comments = true); + + return id(new PholioTransactionView()) + ->setMock($object); + } + +} diff --git a/src/applications/pholio/storage/PholioMock.php b/src/applications/pholio/storage/PholioMock.php index 62285d0a59..51bdd1a196 100644 --- a/src/applications/pholio/storage/PholioMock.php +++ b/src/applications/pholio/storage/PholioMock.php @@ -7,6 +7,7 @@ final class PholioMock extends PholioDAO PhabricatorTokenReceiverInterface, PhabricatorFlaggableInterface, PhabricatorApplicationTransactionInterface, + PhabricatorTimelineInterface, PhabricatorProjectInterface, PhabricatorDestructibleInterface, PhabricatorSpacesInterface, @@ -228,17 +229,6 @@ final class PholioMock extends PholioDAO return new PholioTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - PholioMockQuery::loadImages( - $request->getUser(), - array($this), - $need_inline_comments = true); - $timeline->setMock($this); - return $timeline; - } /* -( PhabricatorTokenReceiverInterface )---------------------------------- */ @@ -288,9 +278,18 @@ final class PholioMock extends PholioDAO /* -( PhabricatorFerretInterface )----------------------------------------- */ + public function newFerretEngine() { return new PholioMockFerretEngine(); } +/* -( PhabricatorTimelineInterace )---------------------------------------- */ + + + public function newTimelineEngine() { + return new PholioMockTimelineEngine(); + } + + } diff --git a/src/applications/pholio/storage/PholioTransaction.php b/src/applications/pholio/storage/PholioTransaction.php index 240b9d93e6..e4656dc7f6 100644 --- a/src/applications/pholio/storage/PholioTransaction.php +++ b/src/applications/pholio/storage/PholioTransaction.php @@ -23,10 +23,6 @@ final class PholioTransaction extends PhabricatorModularTransaction { return new PholioTransactionComment(); } - public function getApplicationTransactionViewObject() { - return new PholioTransactionView(); - } - public function getMailTags() { $tags = array(); switch ($this->getTransactionType()) { diff --git a/src/applications/ponder/controller/PonderAnswerCommentController.php b/src/applications/ponder/controller/PonderAnswerCommentController.php index 4b60fb939a..3d3e3a1392 100644 --- a/src/applications/ponder/controller/PonderAnswerCommentController.php +++ b/src/applications/ponder/controller/PonderAnswerCommentController.php @@ -50,6 +50,7 @@ final class PonderAnswerCommentController extends PonderController { if ($request->isAjax() && $is_preview) { return id(new PhabricatorApplicationTransactionResponse()) + ->setObject($answer) ->setViewer($viewer) ->setTransactions($xactions) ->setIsPreview($is_preview); diff --git a/src/applications/ponder/controller/PonderQuestionCommentController.php b/src/applications/ponder/controller/PonderQuestionCommentController.php index 84c276cd5d..d50cd637c4 100644 --- a/src/applications/ponder/controller/PonderQuestionCommentController.php +++ b/src/applications/ponder/controller/PonderQuestionCommentController.php @@ -46,6 +46,7 @@ final class PonderQuestionCommentController extends PonderController { if ($request->isAjax() && $is_preview) { return id(new PhabricatorApplicationTransactionResponse()) + ->setObject($question) ->setViewer($viewer) ->setTransactions($xactions) ->setIsPreview($is_preview); diff --git a/src/applications/releeph/controller/request/ReleephRequestCommentController.php b/src/applications/releeph/controller/request/ReleephRequestCommentController.php index 0a31261a13..96500e8bc5 100644 --- a/src/applications/releeph/controller/request/ReleephRequestCommentController.php +++ b/src/applications/releeph/controller/request/ReleephRequestCommentController.php @@ -51,6 +51,7 @@ final class ReleephRequestCommentController if ($request->isAjax() && $is_preview) { return id(new PhabricatorApplicationTransactionResponse()) + ->setObject($pull) ->setViewer($viewer) ->setTransactions($xactions) ->setIsPreview($is_preview); diff --git a/src/applications/repository/storage/PhabricatorRepositoryCommit.php b/src/applications/repository/storage/PhabricatorRepositoryCommit.php index b5fe08b6e0..ddc4dbbf9f 100644 --- a/src/applications/repository/storage/PhabricatorRepositoryCommit.php +++ b/src/applications/repository/storage/PhabricatorRepositoryCommit.php @@ -14,6 +14,7 @@ final class PhabricatorRepositoryCommit HarbormasterBuildkiteBuildableInterface, PhabricatorCustomFieldInterface, PhabricatorApplicationTransactionInterface, + PhabricatorTimelineInterface, PhabricatorFulltextInterface, PhabricatorFerretInterface, PhabricatorConduitResultInterface, @@ -738,33 +739,6 @@ final class PhabricatorRepositoryCommit return new PhabricatorAuditTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - $xactions = $timeline->getTransactions(); - - $path_ids = array(); - foreach ($xactions as $xaction) { - if ($xaction->hasComment()) { - $path_id = $xaction->getComment()->getPathID(); - if ($path_id) { - $path_ids[] = $path_id; - } - } - } - - $path_map = array(); - if ($path_ids) { - $path_map = id(new DiffusionPathQuery()) - ->withPathIDs($path_ids) - ->execute(); - $path_map = ipull($path_map, 'path', 'id'); - } - - return $timeline->setPathMap($path_map); - } - /* -( PhabricatorFulltextInterface )--------------------------------------- */ @@ -916,4 +890,12 @@ final class PhabricatorRepositoryCommit return $this; } + +/* -( PhabricatorTimelineInterface )--------------------------------------- */ + + + public function newTimelineEngine() { + return new DiffusionCommitTimelineEngine(); + } + } diff --git a/src/applications/slowvote/controller/PhabricatorSlowvoteCommentController.php b/src/applications/slowvote/controller/PhabricatorSlowvoteCommentController.php index 035eb577d8..3d48c31866 100644 --- a/src/applications/slowvote/controller/PhabricatorSlowvoteCommentController.php +++ b/src/applications/slowvote/controller/PhabricatorSlowvoteCommentController.php @@ -51,6 +51,7 @@ final class PhabricatorSlowvoteCommentController if ($request->isAjax() && $is_preview) { return id(new PhabricatorApplicationTransactionResponse()) + ->setObject($poll) ->setViewer($viewer) ->setTransactions($xactions) ->setIsPreview($is_preview); diff --git a/src/applications/transactions/controller/PhabricatorApplicationTransactionShowOlderController.php b/src/applications/transactions/controller/PhabricatorApplicationTransactionShowOlderController.php index cdbdbf1ba9..741e1e6f93 100644 --- a/src/applications/transactions/controller/PhabricatorApplicationTransactionShowOlderController.php +++ b/src/applications/transactions/controller/PhabricatorApplicationTransactionShowOlderController.php @@ -27,7 +27,18 @@ final class PhabricatorApplicationTransactionShowOlderController return new Aphront404Response(); } - $timeline = $this->buildTransactionTimeline($object, $query); + $raw_view_data = $request->getStr('viewData'); + try { + $view_data = phutil_json_decode($raw_view_data); + } catch (Exception $ex) { + $view_data = array(); + } + + $timeline = $this->buildTransactionTimeline( + $object, + $query, + null, + $view_data); $phui_timeline = $timeline->buildPHUITimelineView($with_hiding = false); $phui_timeline->setShouldAddSpacers(false); diff --git a/src/applications/transactions/editengine/PhabricatorEditEngine.php b/src/applications/transactions/editengine/PhabricatorEditEngine.php index 86cc014102..3b3e5abdd7 100644 --- a/src/applications/transactions/editengine/PhabricatorEditEngine.php +++ b/src/applications/transactions/editengine/PhabricatorEditEngine.php @@ -1955,6 +1955,7 @@ abstract class PhabricatorEditEngine $preview_content = $this->newCommentPreviewContent($object, $xactions); return id(new PhabricatorApplicationTransactionResponse()) + ->setObject($object) ->setViewer($viewer) ->setTransactions($xactions) ->setIsPreview($is_preview) diff --git a/src/applications/transactions/engine/PhabricatorStandardTimelineEngine.php b/src/applications/transactions/engine/PhabricatorStandardTimelineEngine.php new file mode 100644 index 0000000000..a9f6ea4ba0 --- /dev/null +++ b/src/applications/transactions/engine/PhabricatorStandardTimelineEngine.php @@ -0,0 +1,4 @@ +newTimelineEngine(); + } else { + $engine = new PhabricatorStandardTimelineEngine(); + } + + $engine->setObject($object); + + return $engine; + } + + final public function setViewer(PhabricatorUser $viewer) { + $this->viewer = $viewer; + return $this; + } + + final public function getViewer() { + return $this->viewer; + } + + final public function setObject($object) { + $this->object = $object; + return $this; + } + + final public function getObject() { + return $this->object; + } + + final public function setTransactions(array $xactions) { + assert_instances_of($xactions, 'PhabricatorApplicationTransaction'); + $this->xactions = $xactions; + return $this; + } + + final public function getTransactions() { + return $this->xactions; + } + + final public function setRequest(AphrontRequest $request) { + $this->request = $request; + return $this; + } + + final public function getRequest() { + return $this->request; + } + + final public function setViewData(array $view_data) { + $this->viewData = $view_data; + return $this; + } + + final public function getViewData() { + return $this->viewData; + } + + final public function buildTimelineView() { + $view = $this->newTimelineView(); + + if (!($view instanceof PhabricatorApplicationTransactionView)) { + throw new Exception( + pht( + 'Expected "newTimelineView()" to return an object of class "%s" '. + '(in engine "%s").', + 'PhabricatorApplicationTransactionView', + get_class($this))); + } + + $viewer = $this->getViewer(); + $object = $this->getObject(); + $xactions = $this->getTransactions(); + + return $view + ->setViewer($viewer) + ->setObjectPHID($object->getPHID()) + ->setTransactions($xactions); + } + + protected function newTimelineView() { + return new PhabricatorApplicationTransactionView(); + } + +} diff --git a/src/applications/transactions/interface/PhabricatorApplicationTransactionInterface.php b/src/applications/transactions/interface/PhabricatorApplicationTransactionInterface.php index fdccf7b775..1c6b4a0049 100644 --- a/src/applications/transactions/interface/PhabricatorApplicationTransactionInterface.php +++ b/src/applications/transactions/interface/PhabricatorApplicationTransactionInterface.php @@ -35,15 +35,6 @@ interface PhabricatorApplicationTransactionInterface { */ public function getApplicationTransactionTemplate(); - /** - * Hook to augment the $timeline with additional data for rendering. - * - * @return PhabricatorApplicationTransactionView - */ - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request); - } // TEMPLATE IMPLEMENTATION ///////////////////////////////////////////////////// @@ -64,11 +55,4 @@ interface PhabricatorApplicationTransactionInterface { return new <<>>Transaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - */ diff --git a/src/applications/transactions/interface/PhabricatorTimelineInterface.php b/src/applications/transactions/interface/PhabricatorTimelineInterface.php new file mode 100644 index 0000000000..2ec9fb2103 --- /dev/null +++ b/src/applications/transactions/interface/PhabricatorTimelineInterface.php @@ -0,0 +1,7 @@ +transactionView = $transaction_view; - return $this; - } - - public function getTransactionView() { - return $this->transactionView; - } + private $object; protected function buildProxy() { return new AphrontAjaxResponse(); @@ -33,6 +24,15 @@ final class PhabricatorApplicationTransactionResponse return $this->transactions; } + public function setObject($object) { + $this->object = $object; + return $this; + } + + public function getObject() { + return $this->object; + } + public function setViewer(PhabricatorUser $viewer) { $this->viewer = $viewer; return $this; @@ -57,19 +57,17 @@ final class PhabricatorApplicationTransactionResponse } public function reduceProxyResponse() { - if ($this->transactionView) { - $view = $this->transactionView; - } else if ($this->getTransactions()) { - $view = head($this->getTransactions()) - ->getApplicationTransactionViewObject(); - } else { - $view = new PhabricatorApplicationTransactionView(); - } + $object = $this->getObject(); + $viewer = $this->getViewer(); + $xactions = $this->getTransactions(); - $view - ->setUser($this->getViewer()) - ->setTransactions($this->getTransactions()) - ->setIsPreview($this->isPreview); + $timeline_engine = PhabricatorTimelineEngine::newForObject($object) + ->setViewer($viewer) + ->setTransactions($xactions); + + $view = $timeline_engine->buildTimelineView(); + + $view->setIsPreview($this->isPreview); if ($this->isPreview) { $xactions = mpull($view->buildEvents(), 'render'); diff --git a/src/applications/transactions/storage/PhabricatorApplicationTransaction.php b/src/applications/transactions/storage/PhabricatorApplicationTransaction.php index f38c56acb3..00e723c0c6 100644 --- a/src/applications/transactions/storage/PhabricatorApplicationTransaction.php +++ b/src/applications/transactions/storage/PhabricatorApplicationTransaction.php @@ -79,10 +79,6 @@ abstract class PhabricatorApplicationTransaction throw new PhutilMethodNotImplementedException(); } - public function getApplicationTransactionViewObject() { - return new PhabricatorApplicationTransactionView(); - } - public function getMetadataValue($key, $default = null) { return idx($this->metadata, $key, $default); } diff --git a/src/applications/transactions/view/PhabricatorApplicationTransactionView.php b/src/applications/transactions/view/PhabricatorApplicationTransactionView.php index 9916628edf..c2b32aa190 100644 --- a/src/applications/transactions/view/PhabricatorApplicationTransactionView.php +++ b/src/applications/transactions/view/PhabricatorApplicationTransactionView.php @@ -15,8 +15,8 @@ class PhabricatorApplicationTransactionView extends AphrontView { private $quoteRef; private $pager; private $renderAsFeed; - private $renderData = array(); private $hideCommentOptions = false; + private $viewData = array(); public function setRenderAsFeed($feed) { $this->renderAsFeed = $feed; @@ -97,21 +97,6 @@ class PhabricatorApplicationTransactionView extends AphrontView { return $this->pager; } - /** - * This is additional data that may be necessary to render the next set - * of transactions. Objects that implement - * PhabricatorApplicationTransactionInterface use this data in - * willRenderTimeline. - */ - public function setRenderData(array $data) { - $this->renderData = $data; - return $this; - } - - public function getRenderData() { - return $this->renderData; - } - public function setHideCommentOptions($hide_comment_options) { $this->hideCommentOptions = $hide_comment_options; return $this; @@ -121,6 +106,15 @@ class PhabricatorApplicationTransactionView extends AphrontView { return $this->hideCommentOptions; } + public function setViewData(array $view_data) { + $this->viewData = $view_data; + return $this; + } + + public function getViewData() { + return $this->viewData; + } + public function buildEvents($with_hiding = false) { $user = $this->getUser(); @@ -216,10 +210,11 @@ class PhabricatorApplicationTransactionView extends AphrontView { } $view = id(new PHUITimelineView()) - ->setUser($this->getUser()) + ->setViewer($this->getViewer()) ->setShouldTerminate($this->shouldTerminate) ->setQuoteTargetID($this->getQuoteTargetID()) - ->setQuoteRef($this->getQuoteRef()); + ->setQuoteRef($this->getQuoteRef()) + ->setViewData($this->getViewData()); $events = $this->buildEvents($with_hiding); foreach ($events as $event) { @@ -230,10 +225,6 @@ class PhabricatorApplicationTransactionView extends AphrontView { $view->setPager($this->getPager()); } - if ($this->getRenderData()) { - $view->setRenderData($this->getRenderData()); - } - return $view; } @@ -246,7 +237,7 @@ class PhabricatorApplicationTransactionView extends AphrontView { $field = PhabricatorApplicationTransactionComment::MARKUP_FIELD_COMMENT; $engine = id(new PhabricatorMarkupEngine()) - ->setViewer($this->getUser()); + ->setViewer($this->getViewer()); foreach ($this->transactions as $xaction) { if (!$xaction->hasComment()) { continue; @@ -414,10 +405,10 @@ class PhabricatorApplicationTransactionView extends AphrontView { private function renderEvent( PhabricatorApplicationTransaction $xaction, array $group) { - $viewer = $this->getUser(); + $viewer = $this->getViewer(); $event = id(new PHUITimelineEventView()) - ->setUser($viewer) + ->setViewer($viewer) ->setAuthorPHID($xaction->getAuthorPHID()) ->setTransactionPHID($xaction->getPHID()) ->setUserHandle($xaction->getHandle($xaction->getAuthorPHID())) diff --git a/src/view/phui/PHUITimelineView.php b/src/view/phui/PHUITimelineView.php index 3353a2e2bd..d0e942f461 100644 --- a/src/view/phui/PHUITimelineView.php +++ b/src/view/phui/PHUITimelineView.php @@ -7,7 +7,7 @@ final class PHUITimelineView extends AphrontView { private $shouldTerminate = false; private $shouldAddSpacers = true; private $pager; - private $renderData = array(); + private $viewData = array(); private $quoteTargetID; private $quoteRef; @@ -40,11 +40,15 @@ final class PHUITimelineView extends AphrontView { return $this; } - public function setRenderData(array $data) { - $this->renderData = $data; + public function setViewData(array $data) { + $this->viewData = $data; return $this; } + public function getViewData() { + return $this->viewData; + } + public function setQuoteTargetID($quote_target_id) { $this->quoteTargetID = $quote_target_id; return $this; @@ -72,7 +76,7 @@ final class PHUITimelineView extends AphrontView { 'phabricator-show-older-transactions', array( 'timelineID' => $this->id, - 'renderData' => $this->renderData, + 'viewData' => $this->getViewData(), )); } $events = $this->buildEvents(); diff --git a/webroot/rsrc/js/application/transactions/behavior-show-older-transactions.js b/webroot/rsrc/js/application/transactions/behavior-show-older-transactions.js index 28754ee3a2..74b17cd45c 100644 --- a/webroot/rsrc/js/application/transactions/behavior-show-older-transactions.js +++ b/webroot/rsrc/js/application/transactions/behavior-show-older-transactions.js @@ -83,7 +83,11 @@ JX.behavior('phabricator-show-older-transactions', function(config) { }; var fetch_older_workflow = function(href, callback, swap) { - return new JX.Workflow(href, config.renderData) + var params = { + viewData: JX.JSON.stringify(config.viewData) + }; + + return new JX.Workflow(href, params) .setHandler(JX.bind(null, callback, swap)); }; From 937e88c399ab6b77bf678acf24717b4008539659 Mon Sep 17 00:00:00 2001 From: epriestley Date: Thu, 20 Dec 2018 10:22:25 -0800 Subject: [PATCH 21/44] Remove obsolete, no-op implementations of "willRenderTimeline()" Summary: Depends on D19918. Ref T11351. In D19918, I removed all calls to this method. Now, remove all implementations. All of these implementations just `return $timeline`, only the three sites in D19918 did anything interesting. Test Plan: Used `grep willRenderTimeline` to find callsites, found none. Reviewers: amckinley Reviewed By: amckinley Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam Maniphest Tasks: T11351 Differential Revision: https://secure.phabricator.com/D19919 --- src/applications/almanac/storage/AlmanacBinding.php | 6 ------ src/applications/almanac/storage/AlmanacDevice.php | 7 ------- src/applications/almanac/storage/AlmanacInterface.php | 6 ------ src/applications/almanac/storage/AlmanacNamespace.php | 6 ------ src/applications/almanac/storage/AlmanacNetwork.php | 7 ------- src/applications/almanac/storage/AlmanacService.php | 7 ------- src/applications/auth/storage/PhabricatorAuthPassword.php | 8 -------- .../auth/storage/PhabricatorAuthProviderConfig.php | 7 ------- src/applications/auth/storage/PhabricatorAuthSSHKey.php | 6 ------ .../badges/storage/PhabricatorBadgesBadge.php | 7 ------- src/applications/base/PhabricatorApplication.php | 6 ------ .../calendar/storage/PhabricatorCalendarEvent.php | 6 ------ .../calendar/storage/PhabricatorCalendarExport.php | 7 ------- .../calendar/storage/PhabricatorCalendarImport.php | 6 ------ .../config/storage/PhabricatorConfigEntry.php | 7 ------- .../conpherence/storage/ConpherenceThread.php | 5 ----- .../countdown/storage/PhabricatorCountdown.php | 6 ------ .../dashboard/storage/PhabricatorDashboard.php | 7 ------- .../dashboard/storage/PhabricatorDashboardPanel.php | 7 ------- .../differential/storage/DifferentialDiff.php | 7 ------- src/applications/diviner/storage/DivinerLiveBook.php | 7 ------- src/applications/drydock/storage/DrydockBlueprint.php | 7 ------- src/applications/files/storage/PhabricatorFile.php | 7 ------- src/applications/fund/storage/FundBacker.php | 7 ------- src/applications/fund/storage/FundInitiative.php | 7 ------- .../harbormaster/storage/HarbormasterBuildable.php | 7 ------- .../harbormaster/storage/build/HarbormasterBuild.php | 7 ------- .../storage/configuration/HarbormasterBuildPlan.php | 8 -------- .../storage/configuration/HarbormasterBuildStep.php | 7 ------- src/applications/herald/storage/HeraldRule.php | 7 ------- src/applications/herald/storage/HeraldWebhook.php | 6 ------ src/applications/legalpad/storage/LegalpadDocument.php | 7 ------- .../macro/storage/PhabricatorFileImageMacro.php | 7 ------- src/applications/maniphest/storage/ManiphestTask.php | 7 ------- .../storage/PhabricatorMetaMTAApplicationEmail.php | 6 ------ src/applications/nuance/storage/NuanceItem.php | 6 ------ src/applications/nuance/storage/NuanceQueue.php | 6 ------ src/applications/nuance/storage/NuanceSource.php | 7 ------- .../oauthserver/storage/PhabricatorOAuthServerClient.php | 6 ------ .../owners/storage/PhabricatorOwnersPackage.php | 6 ------ .../packages/storage/PhabricatorPackagesPackage.php | 6 ------ .../packages/storage/PhabricatorPackagesPublisher.php | 6 ------ .../packages/storage/PhabricatorPackagesVersion.php | 6 ------ .../passphrase/storage/PassphraseCredential.php | 7 ------- src/applications/paste/storage/PhabricatorPaste.php | 7 ------- src/applications/people/storage/PhabricatorUser.php | 6 ------ src/applications/phame/storage/PhameBlog.php | 6 ------ src/applications/phame/storage/PhamePost.php | 7 ------- src/applications/phlux/storage/PhluxVariable.php | 7 ------- src/applications/phortune/storage/PhortuneAccount.php | 7 ------- src/applications/phortune/storage/PhortuneCart.php | 7 ------- src/applications/phortune/storage/PhortuneMerchant.php | 7 ------- .../phortune/storage/PhortunePaymentProviderConfig.php | 7 ------- src/applications/phriction/storage/PhrictionDocument.php | 7 ------- src/applications/phurl/storage/PhabricatorPhurlURL.php | 6 ------ src/applications/ponder/storage/PonderAnswer.php | 7 ------- src/applications/ponder/storage/PonderQuestion.php | 7 ------- src/applications/project/storage/PhabricatorProject.php | 7 ------- .../project/storage/PhabricatorProjectColumn.php | 7 ------- src/applications/releeph/storage/ReleephBranch.php | 7 ------- src/applications/releeph/storage/ReleephProject.php | 7 ------- src/applications/releeph/storage/ReleephRequest.php | 7 ------- .../repository/storage/PhabricatorRepository.php | 7 ------- .../repository/storage/PhabricatorRepositoryIdentity.php | 7 ------- .../repository/storage/PhabricatorRepositoryURI.php | 6 ------ .../storage/PhabricatorProfileMenuItemConfiguration.php | 7 ------- .../settings/storage/PhabricatorUserPreferences.php | 6 ------ .../slowvote/storage/PhabricatorSlowvotePoll.php | 7 ------- .../spaces/storage/PhabricatorSpacesNamespace.php | 6 ------ .../storage/PhabricatorEditEngineConfiguration.php | 6 ------ .../daemon/workers/storage/PhabricatorWorkerBulkJob.php | 5 ----- 71 files changed, 471 deletions(-) diff --git a/src/applications/almanac/storage/AlmanacBinding.php b/src/applications/almanac/storage/AlmanacBinding.php index c593e40fa7..5577ee5e7d 100644 --- a/src/applications/almanac/storage/AlmanacBinding.php +++ b/src/applications/almanac/storage/AlmanacBinding.php @@ -214,12 +214,6 @@ final class AlmanacBinding return new AlmanacBindingTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } /* -( PhabricatorDestructibleInterface )----------------------------------- */ diff --git a/src/applications/almanac/storage/AlmanacDevice.php b/src/applications/almanac/storage/AlmanacDevice.php index a1ebdfffae..f25b2eb5a1 100644 --- a/src/applications/almanac/storage/AlmanacDevice.php +++ b/src/applications/almanac/storage/AlmanacDevice.php @@ -212,13 +212,6 @@ final class AlmanacDevice return new AlmanacDeviceTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorSSHPublicKeyInterface )----------------------------------- */ diff --git a/src/applications/almanac/storage/AlmanacInterface.php b/src/applications/almanac/storage/AlmanacInterface.php index 5c7f65ddd1..9a5023e751 100644 --- a/src/applications/almanac/storage/AlmanacInterface.php +++ b/src/applications/almanac/storage/AlmanacInterface.php @@ -176,12 +176,6 @@ final class AlmanacInterface return new AlmanacInterfaceTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - return $timeline; - } - /* -( PhabricatorConduitResultInterface )---------------------------------- */ diff --git a/src/applications/almanac/storage/AlmanacNamespace.php b/src/applications/almanac/storage/AlmanacNamespace.php index 238a7b628b..0c8f0c5ec7 100644 --- a/src/applications/almanac/storage/AlmanacNamespace.php +++ b/src/applications/almanac/storage/AlmanacNamespace.php @@ -199,12 +199,6 @@ final class AlmanacNamespace return new AlmanacNamespaceTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - return $timeline; - } - /* -( PhabricatorDestructibleInterface )----------------------------------- */ diff --git a/src/applications/almanac/storage/AlmanacNetwork.php b/src/applications/almanac/storage/AlmanacNetwork.php index 6d2f23032e..3913d2f6e7 100644 --- a/src/applications/almanac/storage/AlmanacNetwork.php +++ b/src/applications/almanac/storage/AlmanacNetwork.php @@ -69,13 +69,6 @@ final class AlmanacNetwork return new AlmanacNetworkTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorPolicyInterface )----------------------------------------- */ diff --git a/src/applications/almanac/storage/AlmanacService.php b/src/applications/almanac/storage/AlmanacService.php index ee40d83400..7348abd936 100644 --- a/src/applications/almanac/storage/AlmanacService.php +++ b/src/applications/almanac/storage/AlmanacService.php @@ -234,13 +234,6 @@ final class AlmanacService return new AlmanacServiceTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorDestructibleInterface )----------------------------------- */ diff --git a/src/applications/auth/storage/PhabricatorAuthPassword.php b/src/applications/auth/storage/PhabricatorAuthPassword.php index 3bcb95693e..930cbe61cb 100644 --- a/src/applications/auth/storage/PhabricatorAuthPassword.php +++ b/src/applications/auth/storage/PhabricatorAuthPassword.php @@ -225,12 +225,4 @@ final class PhabricatorAuthPassword return new PhabricatorAuthPasswordTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - - } diff --git a/src/applications/auth/storage/PhabricatorAuthProviderConfig.php b/src/applications/auth/storage/PhabricatorAuthProviderConfig.php index ba9b43a967..d4d1f5517c 100644 --- a/src/applications/auth/storage/PhabricatorAuthProviderConfig.php +++ b/src/applications/auth/storage/PhabricatorAuthProviderConfig.php @@ -99,13 +99,6 @@ final class PhabricatorAuthProviderConfig return new PhabricatorAuthProviderConfigTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorPolicyInterface )----------------------------------------- */ diff --git a/src/applications/auth/storage/PhabricatorAuthSSHKey.php b/src/applications/auth/storage/PhabricatorAuthSSHKey.php index 5bbb7de834..df4f09c11b 100644 --- a/src/applications/auth/storage/PhabricatorAuthSSHKey.php +++ b/src/applications/auth/storage/PhabricatorAuthSSHKey.php @@ -167,10 +167,4 @@ final class PhabricatorAuthSSHKey return new PhabricatorAuthSSHKeyTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - return $timeline; - } - } diff --git a/src/applications/badges/storage/PhabricatorBadgesBadge.php b/src/applications/badges/storage/PhabricatorBadgesBadge.php index e2c63c1d0c..c6701a5b62 100644 --- a/src/applications/badges/storage/PhabricatorBadgesBadge.php +++ b/src/applications/badges/storage/PhabricatorBadgesBadge.php @@ -133,13 +133,6 @@ final class PhabricatorBadgesBadge extends PhabricatorBadgesDAO return new PhabricatorBadgesTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorSubscribableInterface )----------------------------------- */ diff --git a/src/applications/base/PhabricatorApplication.php b/src/applications/base/PhabricatorApplication.php index 1cabeb0709..e699a890d4 100644 --- a/src/applications/base/PhabricatorApplication.php +++ b/src/applications/base/PhabricatorApplication.php @@ -657,10 +657,4 @@ abstract class PhabricatorApplication return new PhabricatorApplicationApplicationTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } } diff --git a/src/applications/calendar/storage/PhabricatorCalendarEvent.php b/src/applications/calendar/storage/PhabricatorCalendarEvent.php index 501d02efa9..51c9a8a973 100644 --- a/src/applications/calendar/storage/PhabricatorCalendarEvent.php +++ b/src/applications/calendar/storage/PhabricatorCalendarEvent.php @@ -1319,12 +1319,6 @@ final class PhabricatorCalendarEvent extends PhabricatorCalendarDAO return new PhabricatorCalendarEventTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } /* -( PhabricatorSubscribableInterface )----------------------------------- */ diff --git a/src/applications/calendar/storage/PhabricatorCalendarExport.php b/src/applications/calendar/storage/PhabricatorCalendarExport.php index 5a8ad84da4..93daaf6e5d 100644 --- a/src/applications/calendar/storage/PhabricatorCalendarExport.php +++ b/src/applications/calendar/storage/PhabricatorCalendarExport.php @@ -174,13 +174,6 @@ final class PhabricatorCalendarExport extends PhabricatorCalendarDAO return new PhabricatorCalendarExportTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorDestructibleInterface )----------------------------------- */ diff --git a/src/applications/calendar/storage/PhabricatorCalendarImport.php b/src/applications/calendar/storage/PhabricatorCalendarImport.php index 1c7c1a5431..09e7ee138b 100644 --- a/src/applications/calendar/storage/PhabricatorCalendarImport.php +++ b/src/applications/calendar/storage/PhabricatorCalendarImport.php @@ -148,12 +148,6 @@ final class PhabricatorCalendarImport return new PhabricatorCalendarImportTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - return $timeline; - } - public function newLogMessage($type, array $parameters) { $parameters = array( 'type' => $type, diff --git a/src/applications/config/storage/PhabricatorConfigEntry.php b/src/applications/config/storage/PhabricatorConfigEntry.php index a8f00133a9..4e28180eed 100644 --- a/src/applications/config/storage/PhabricatorConfigEntry.php +++ b/src/applications/config/storage/PhabricatorConfigEntry.php @@ -69,13 +69,6 @@ final class PhabricatorConfigEntry return new PhabricatorConfigTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorPolicyInterface )----------------------------------------- */ diff --git a/src/applications/conpherence/storage/ConpherenceThread.php b/src/applications/conpherence/storage/ConpherenceThread.php index bb355154a4..4a99fccdb9 100644 --- a/src/applications/conpherence/storage/ConpherenceThread.php +++ b/src/applications/conpherence/storage/ConpherenceThread.php @@ -319,11 +319,6 @@ final class ConpherenceThread extends ConpherenceDAO return new ConpherenceTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - return $timeline; - } /* -( PhabricatorNgramInterface )------------------------------------------ */ diff --git a/src/applications/countdown/storage/PhabricatorCountdown.php b/src/applications/countdown/storage/PhabricatorCountdown.php index cfc6690085..0e275604da 100644 --- a/src/applications/countdown/storage/PhabricatorCountdown.php +++ b/src/applications/countdown/storage/PhabricatorCountdown.php @@ -103,12 +103,6 @@ final class PhabricatorCountdown extends PhabricatorCountdownDAO return new PhabricatorCountdownTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } /* -( PhabricatorTokenReceiverInterface )---------------------------------- */ diff --git a/src/applications/dashboard/storage/PhabricatorDashboard.php b/src/applications/dashboard/storage/PhabricatorDashboard.php index 2e673de19c..86181dbf9d 100644 --- a/src/applications/dashboard/storage/PhabricatorDashboard.php +++ b/src/applications/dashboard/storage/PhabricatorDashboard.php @@ -138,13 +138,6 @@ final class PhabricatorDashboard extends PhabricatorDashboardDAO return new PhabricatorDashboardTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorPolicyInterface )----------------------------------------- */ diff --git a/src/applications/dashboard/storage/PhabricatorDashboardPanel.php b/src/applications/dashboard/storage/PhabricatorDashboardPanel.php index 9f8875dc1b..ea71e04771 100644 --- a/src/applications/dashboard/storage/PhabricatorDashboardPanel.php +++ b/src/applications/dashboard/storage/PhabricatorDashboardPanel.php @@ -121,13 +121,6 @@ final class PhabricatorDashboardPanel return new PhabricatorDashboardPanelTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorPolicyInterface )----------------------------------------- */ diff --git a/src/applications/differential/storage/DifferentialDiff.php b/src/applications/differential/storage/DifferentialDiff.php index 5f229f39b3..0b882228c5 100644 --- a/src/applications/differential/storage/DifferentialDiff.php +++ b/src/applications/differential/storage/DifferentialDiff.php @@ -707,13 +707,6 @@ final class DifferentialDiff return new DifferentialDiffTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorDestructibleInterface )----------------------------------- */ diff --git a/src/applications/diviner/storage/DivinerLiveBook.php b/src/applications/diviner/storage/DivinerLiveBook.php index 07089264ae..d9dfc0107e 100644 --- a/src/applications/diviner/storage/DivinerLiveBook.php +++ b/src/applications/diviner/storage/DivinerLiveBook.php @@ -151,13 +151,6 @@ final class DivinerLiveBook extends DivinerDAO return new DivinerLiveBookTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorFulltextInterface )--------------------------------------- */ diff --git a/src/applications/drydock/storage/DrydockBlueprint.php b/src/applications/drydock/storage/DrydockBlueprint.php index 61e2dbfcfa..368dbe8f6a 100644 --- a/src/applications/drydock/storage/DrydockBlueprint.php +++ b/src/applications/drydock/storage/DrydockBlueprint.php @@ -303,13 +303,6 @@ final class DrydockBlueprint extends DrydockDAO return new DrydockBlueprintTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorPolicyInterface )----------------------------------------- */ diff --git a/src/applications/files/storage/PhabricatorFile.php b/src/applications/files/storage/PhabricatorFile.php index 5109202a33..21c9bd2fd3 100644 --- a/src/applications/files/storage/PhabricatorFile.php +++ b/src/applications/files/storage/PhabricatorFile.php @@ -1552,13 +1552,6 @@ final class PhabricatorFile extends PhabricatorFileDAO return new PhabricatorFileTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorPolicyInterface Implementation )-------------------------- */ diff --git a/src/applications/fund/storage/FundBacker.php b/src/applications/fund/storage/FundBacker.php index d2a97cd32c..67ce3c2d8c 100644 --- a/src/applications/fund/storage/FundBacker.php +++ b/src/applications/fund/storage/FundBacker.php @@ -118,11 +118,4 @@ final class FundBacker extends FundDAO return new FundBackerTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - } diff --git a/src/applications/fund/storage/FundInitiative.php b/src/applications/fund/storage/FundInitiative.php index 2b9fbf1f71..077646fea0 100644 --- a/src/applications/fund/storage/FundInitiative.php +++ b/src/applications/fund/storage/FundInitiative.php @@ -168,13 +168,6 @@ final class FundInitiative extends FundDAO return new FundInitiativeTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorSubscribableInterface )----------------------------------- */ diff --git a/src/applications/harbormaster/storage/HarbormasterBuildable.php b/src/applications/harbormaster/storage/HarbormasterBuildable.php index 98f374579b..0e2e93a0c9 100644 --- a/src/applications/harbormaster/storage/HarbormasterBuildable.php +++ b/src/applications/harbormaster/storage/HarbormasterBuildable.php @@ -291,13 +291,6 @@ final class HarbormasterBuildable return new HarbormasterBuildableTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorPolicyInterface )----------------------------------------- */ diff --git a/src/applications/harbormaster/storage/build/HarbormasterBuild.php b/src/applications/harbormaster/storage/build/HarbormasterBuild.php index 6acbac6468..04ba35ee1e 100644 --- a/src/applications/harbormaster/storage/build/HarbormasterBuild.php +++ b/src/applications/harbormaster/storage/build/HarbormasterBuild.php @@ -401,13 +401,6 @@ final class HarbormasterBuild extends HarbormasterDAO return new HarbormasterBuildTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorPolicyInterface )----------------------------------------- */ diff --git a/src/applications/harbormaster/storage/configuration/HarbormasterBuildPlan.php b/src/applications/harbormaster/storage/configuration/HarbormasterBuildPlan.php index fc9ab5f573..a41dc89790 100644 --- a/src/applications/harbormaster/storage/configuration/HarbormasterBuildPlan.php +++ b/src/applications/harbormaster/storage/configuration/HarbormasterBuildPlan.php @@ -144,14 +144,6 @@ final class HarbormasterBuildPlan extends HarbormasterDAO return new HarbormasterBuildPlanTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - - /* -( PhabricatorPolicyInterface )----------------------------------------- */ diff --git a/src/applications/harbormaster/storage/configuration/HarbormasterBuildStep.php b/src/applications/harbormaster/storage/configuration/HarbormasterBuildStep.php index 54c069e97d..cee9a3f9c3 100644 --- a/src/applications/harbormaster/storage/configuration/HarbormasterBuildStep.php +++ b/src/applications/harbormaster/storage/configuration/HarbormasterBuildStep.php @@ -129,13 +129,6 @@ final class HarbormasterBuildStep extends HarbormasterDAO return new HarbormasterBuildStepTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorPolicyInterface )----------------------------------------- */ diff --git a/src/applications/herald/storage/HeraldRule.php b/src/applications/herald/storage/HeraldRule.php index d2b8d36f05..6b078336aa 100644 --- a/src/applications/herald/storage/HeraldRule.php +++ b/src/applications/herald/storage/HeraldRule.php @@ -326,13 +326,6 @@ final class HeraldRule extends HeraldDAO return new HeraldRuleTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorPolicyInterface )----------------------------------------- */ diff --git a/src/applications/herald/storage/HeraldWebhook.php b/src/applications/herald/storage/HeraldWebhook.php index 05ec69e194..aa992ec203 100644 --- a/src/applications/herald/storage/HeraldWebhook.php +++ b/src/applications/herald/storage/HeraldWebhook.php @@ -208,12 +208,6 @@ final class HeraldWebhook return new HeraldWebhookTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - return $timeline; - } - /* -( PhabricatorDestructibleInterface )----------------------------------- */ diff --git a/src/applications/legalpad/storage/LegalpadDocument.php b/src/applications/legalpad/storage/LegalpadDocument.php index 004802de39..428a35b56c 100644 --- a/src/applications/legalpad/storage/LegalpadDocument.php +++ b/src/applications/legalpad/storage/LegalpadDocument.php @@ -217,13 +217,6 @@ final class LegalpadDocument extends LegalpadDAO return new LegalpadTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorDestructibleInterface )----------------------------------- */ diff --git a/src/applications/macro/storage/PhabricatorFileImageMacro.php b/src/applications/macro/storage/PhabricatorFileImageMacro.php index 0cd6726f5f..8c0631cf84 100644 --- a/src/applications/macro/storage/PhabricatorFileImageMacro.php +++ b/src/applications/macro/storage/PhabricatorFileImageMacro.php @@ -106,13 +106,6 @@ final class PhabricatorFileImageMacro extends PhabricatorFileDAO return new PhabricatorMacroTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorSubscribableInterface )----------------------------------- */ diff --git a/src/applications/maniphest/storage/ManiphestTask.php b/src/applications/maniphest/storage/ManiphestTask.php index cdac563a14..7b9b7d2b91 100644 --- a/src/applications/maniphest/storage/ManiphestTask.php +++ b/src/applications/maniphest/storage/ManiphestTask.php @@ -460,13 +460,6 @@ final class ManiphestTask extends ManiphestDAO return new ManiphestTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorSpacesInterface )----------------------------------------- */ diff --git a/src/applications/metamta/storage/PhabricatorMetaMTAApplicationEmail.php b/src/applications/metamta/storage/PhabricatorMetaMTAApplicationEmail.php index fb70b377a7..623fd88e91 100644 --- a/src/applications/metamta/storage/PhabricatorMetaMTAApplicationEmail.php +++ b/src/applications/metamta/storage/PhabricatorMetaMTAApplicationEmail.php @@ -131,12 +131,6 @@ final class PhabricatorMetaMTAApplicationEmail return new PhabricatorMetaMTAApplicationEmailTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - return $timeline; - } - /* -( PhabricatorDestructibleInterface )----------------------------------- */ diff --git a/src/applications/nuance/storage/NuanceItem.php b/src/applications/nuance/storage/NuanceItem.php index 09a106ca7a..4f9ab750c1 100644 --- a/src/applications/nuance/storage/NuanceItem.php +++ b/src/applications/nuance/storage/NuanceItem.php @@ -201,10 +201,4 @@ final class NuanceItem return new NuanceItemTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - return $timeline; - } - } diff --git a/src/applications/nuance/storage/NuanceQueue.php b/src/applications/nuance/storage/NuanceQueue.php index f0ba5bb45c..7cbb1e761c 100644 --- a/src/applications/nuance/storage/NuanceQueue.php +++ b/src/applications/nuance/storage/NuanceQueue.php @@ -87,10 +87,4 @@ final class NuanceQueue return new NuanceQueueTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - return $timeline; - } - } diff --git a/src/applications/nuance/storage/NuanceSource.php b/src/applications/nuance/storage/NuanceSource.php index c3f1d57c9b..0f0dd4d7de 100644 --- a/src/applications/nuance/storage/NuanceSource.php +++ b/src/applications/nuance/storage/NuanceSource.php @@ -107,13 +107,6 @@ final class NuanceSource extends NuanceDAO return new NuanceSourceTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorPolicyInterface )----------------------------------------- */ diff --git a/src/applications/oauthserver/storage/PhabricatorOAuthServerClient.php b/src/applications/oauthserver/storage/PhabricatorOAuthServerClient.php index 4154383c30..1ebecbc369 100644 --- a/src/applications/oauthserver/storage/PhabricatorOAuthServerClient.php +++ b/src/applications/oauthserver/storage/PhabricatorOAuthServerClient.php @@ -99,12 +99,6 @@ final class PhabricatorOAuthServerClient return new PhabricatorOAuthServerTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - return $timeline; - } - /* -( PhabricatorDestructibleInterface )----------------------------------- */ diff --git a/src/applications/owners/storage/PhabricatorOwnersPackage.php b/src/applications/owners/storage/PhabricatorOwnersPackage.php index 7e2a348c89..17954ea80a 100644 --- a/src/applications/owners/storage/PhabricatorOwnersPackage.php +++ b/src/applications/owners/storage/PhabricatorOwnersPackage.php @@ -615,12 +615,6 @@ final class PhabricatorOwnersPackage return new PhabricatorOwnersPackageTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - return $timeline; - } - /* -( PhabricatorCustomFieldInterface )------------------------------------ */ diff --git a/src/applications/packages/storage/PhabricatorPackagesPackage.php b/src/applications/packages/storage/PhabricatorPackagesPackage.php index 53e040e5f4..822988e8fb 100644 --- a/src/applications/packages/storage/PhabricatorPackagesPackage.php +++ b/src/applications/packages/storage/PhabricatorPackagesPackage.php @@ -197,12 +197,6 @@ final class PhabricatorPackagesPackage return new PhabricatorPackagesPackageTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - return $timeline; - } - /* -( PhabricatorNgramsInterface )----------------------------------------- */ diff --git a/src/applications/packages/storage/PhabricatorPackagesPublisher.php b/src/applications/packages/storage/PhabricatorPackagesPublisher.php index 57737cdab9..b7610499d4 100644 --- a/src/applications/packages/storage/PhabricatorPackagesPublisher.php +++ b/src/applications/packages/storage/PhabricatorPackagesPublisher.php @@ -173,12 +173,6 @@ final class PhabricatorPackagesPublisher return new PhabricatorPackagesPublisherTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - return $timeline; - } - /* -( PhabricatorNgramsInterface )----------------------------------------- */ diff --git a/src/applications/packages/storage/PhabricatorPackagesVersion.php b/src/applications/packages/storage/PhabricatorPackagesVersion.php index aba2473073..e1abf043a1 100644 --- a/src/applications/packages/storage/PhabricatorPackagesVersion.php +++ b/src/applications/packages/storage/PhabricatorPackagesVersion.php @@ -164,12 +164,6 @@ final class PhabricatorPackagesVersion return new PhabricatorPackagesVersionTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - return $timeline; - } - /* -( PhabricatorNgramsInterface )----------------------------------------- */ diff --git a/src/applications/passphrase/storage/PassphraseCredential.php b/src/applications/passphrase/storage/PassphraseCredential.php index 737a20c1e9..6cb7cbf24e 100644 --- a/src/applications/passphrase/storage/PassphraseCredential.php +++ b/src/applications/passphrase/storage/PassphraseCredential.php @@ -125,13 +125,6 @@ final class PassphraseCredential extends PassphraseDAO return new PassphraseCredentialTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorPolicyInterface )----------------------------------------- */ diff --git a/src/applications/paste/storage/PhabricatorPaste.php b/src/applications/paste/storage/PhabricatorPaste.php index 19aabcf8e0..ad3965ce46 100644 --- a/src/applications/paste/storage/PhabricatorPaste.php +++ b/src/applications/paste/storage/PhabricatorPaste.php @@ -227,13 +227,6 @@ final class PhabricatorPaste extends PhabricatorPasteDAO return new PhabricatorPasteTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorSpacesInterface )----------------------------------------- */ diff --git a/src/applications/people/storage/PhabricatorUser.php b/src/applications/people/storage/PhabricatorUser.php index 5d310378e0..9b6f6cdbe4 100644 --- a/src/applications/people/storage/PhabricatorUser.php +++ b/src/applications/people/storage/PhabricatorUser.php @@ -1379,12 +1379,6 @@ final class PhabricatorUser return new PhabricatorUserTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - return $timeline; - } - /* -( PhabricatorFulltextInterface )--------------------------------------- */ diff --git a/src/applications/phame/storage/PhameBlog.php b/src/applications/phame/storage/PhameBlog.php index fa2ac00454..fde39da0fc 100644 --- a/src/applications/phame/storage/PhameBlog.php +++ b/src/applications/phame/storage/PhameBlog.php @@ -339,12 +339,6 @@ final class PhameBlog extends PhameDAO return new PhameBlogTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - return $timeline; - } - /* -( PhabricatorSubscribableInterface Implementation )-------------------- */ diff --git a/src/applications/phame/storage/PhamePost.php b/src/applications/phame/storage/PhamePost.php index 8380a18f4d..c95d48054b 100644 --- a/src/applications/phame/storage/PhamePost.php +++ b/src/applications/phame/storage/PhamePost.php @@ -287,13 +287,6 @@ final class PhamePost extends PhameDAO return new PhamePostTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorDestructibleInterface )----------------------------------- */ diff --git a/src/applications/phlux/storage/PhluxVariable.php b/src/applications/phlux/storage/PhluxVariable.php index 875b3dee92..d8c2d5315e 100644 --- a/src/applications/phlux/storage/PhluxVariable.php +++ b/src/applications/phlux/storage/PhluxVariable.php @@ -49,13 +49,6 @@ final class PhluxVariable extends PhluxDAO return new PhluxTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorPolicyInterface )----------------------------------------- */ diff --git a/src/applications/phortune/storage/PhortuneAccount.php b/src/applications/phortune/storage/PhortuneAccount.php index ff3b0d8a84..8402ffa6d1 100644 --- a/src/applications/phortune/storage/PhortuneAccount.php +++ b/src/applications/phortune/storage/PhortuneAccount.php @@ -113,13 +113,6 @@ final class PhortuneAccount extends PhortuneDAO return new PhortuneAccountTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorPolicyInterface )----------------------------------------- */ diff --git a/src/applications/phortune/storage/PhortuneCart.php b/src/applications/phortune/storage/PhortuneCart.php index 07554ccb87..81f7099d0f 100644 --- a/src/applications/phortune/storage/PhortuneCart.php +++ b/src/applications/phortune/storage/PhortuneCart.php @@ -644,13 +644,6 @@ final class PhortuneCart extends PhortuneDAO return new PhortuneCartTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorPolicyInterface )----------------------------------------- */ diff --git a/src/applications/phortune/storage/PhortuneMerchant.php b/src/applications/phortune/storage/PhortuneMerchant.php index 81d0391370..a4fff91c5e 100644 --- a/src/applications/phortune/storage/PhortuneMerchant.php +++ b/src/applications/phortune/storage/PhortuneMerchant.php @@ -86,13 +86,6 @@ final class PhortuneMerchant extends PhortuneDAO return new PhortuneMerchantTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorPolicyInterface )----------------------------------------- */ diff --git a/src/applications/phortune/storage/PhortunePaymentProviderConfig.php b/src/applications/phortune/storage/PhortunePaymentProviderConfig.php index b358b51d0b..65d5b3e65c 100644 --- a/src/applications/phortune/storage/PhortunePaymentProviderConfig.php +++ b/src/applications/phortune/storage/PhortunePaymentProviderConfig.php @@ -114,11 +114,4 @@ final class PhortunePaymentProviderConfig extends PhortuneDAO return new PhortunePaymentProviderConfigTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - } diff --git a/src/applications/phriction/storage/PhrictionDocument.php b/src/applications/phriction/storage/PhrictionDocument.php index b6dcd6d56d..24f216fe26 100644 --- a/src/applications/phriction/storage/PhrictionDocument.php +++ b/src/applications/phriction/storage/PhrictionDocument.php @@ -231,13 +231,6 @@ final class PhrictionDocument extends PhrictionDAO return new PhrictionTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorTokenReceiverInterface )---------------------------------- */ diff --git a/src/applications/phurl/storage/PhabricatorPhurlURL.php b/src/applications/phurl/storage/PhabricatorPhurlURL.php index c36bf6e8cb..76a4fd045a 100644 --- a/src/applications/phurl/storage/PhabricatorPhurlURL.php +++ b/src/applications/phurl/storage/PhabricatorPhurlURL.php @@ -165,12 +165,6 @@ final class PhabricatorPhurlURL extends PhabricatorPhurlDAO return new PhabricatorPhurlURLTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } /* -( PhabricatorSubscribableInterface )----------------------------------- */ diff --git a/src/applications/ponder/storage/PonderAnswer.php b/src/applications/ponder/storage/PonderAnswer.php index f9e3e8eb8d..0dcf44d617 100644 --- a/src/applications/ponder/storage/PonderAnswer.php +++ b/src/applications/ponder/storage/PonderAnswer.php @@ -125,13 +125,6 @@ final class PonderAnswer extends PonderDAO return new PonderAnswerTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - // Markup interface diff --git a/src/applications/ponder/storage/PonderQuestion.php b/src/applications/ponder/storage/PonderQuestion.php index 17f7ee3fdc..2ae6c76d68 100644 --- a/src/applications/ponder/storage/PonderQuestion.php +++ b/src/applications/ponder/storage/PonderQuestion.php @@ -153,13 +153,6 @@ final class PonderQuestion extends PonderDAO return new PonderQuestionTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - // Markup interface diff --git a/src/applications/project/storage/PhabricatorProject.php b/src/applications/project/storage/PhabricatorProject.php index f134b2c633..adbfb0dc36 100644 --- a/src/applications/project/storage/PhabricatorProject.php +++ b/src/applications/project/storage/PhabricatorProject.php @@ -703,13 +703,6 @@ final class PhabricatorProject extends PhabricatorProjectDAO return new PhabricatorProjectTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorSpacesInterface )----------------------------------------- */ diff --git a/src/applications/project/storage/PhabricatorProjectColumn.php b/src/applications/project/storage/PhabricatorProjectColumn.php index 7ddfb4351d..b4c5df885e 100644 --- a/src/applications/project/storage/PhabricatorProjectColumn.php +++ b/src/applications/project/storage/PhabricatorProjectColumn.php @@ -242,13 +242,6 @@ final class PhabricatorProjectColumn return new PhabricatorProjectColumnTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorPolicyInterface )----------------------------------------- */ diff --git a/src/applications/releeph/storage/ReleephBranch.php b/src/applications/releeph/storage/ReleephBranch.php index cef3f16ed0..5e23499a9d 100644 --- a/src/applications/releeph/storage/ReleephBranch.php +++ b/src/applications/releeph/storage/ReleephBranch.php @@ -166,13 +166,6 @@ final class ReleephBranch extends ReleephDAO return new ReleephBranchTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorPolicyInterface )----------------------------------------- */ diff --git a/src/applications/releeph/storage/ReleephProject.php b/src/applications/releeph/storage/ReleephProject.php index bda0d0372d..318d687efd 100644 --- a/src/applications/releeph/storage/ReleephProject.php +++ b/src/applications/releeph/storage/ReleephProject.php @@ -127,13 +127,6 @@ final class ReleephProject extends ReleephDAO return new ReleephProductTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorPolicyInterface )----------------------------------------- */ diff --git a/src/applications/releeph/storage/ReleephRequest.php b/src/applications/releeph/storage/ReleephRequest.php index a877192107..23956e4a3c 100644 --- a/src/applications/releeph/storage/ReleephRequest.php +++ b/src/applications/releeph/storage/ReleephRequest.php @@ -307,13 +307,6 @@ final class ReleephRequest extends ReleephDAO return new ReleephRequestTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorPolicyInterface )----------------------------------------- */ diff --git a/src/applications/repository/storage/PhabricatorRepository.php b/src/applications/repository/storage/PhabricatorRepository.php index 12c2b9e8a3..6967085644 100644 --- a/src/applications/repository/storage/PhabricatorRepository.php +++ b/src/applications/repository/storage/PhabricatorRepository.php @@ -2621,13 +2621,6 @@ final class PhabricatorRepository extends PhabricatorRepositoryDAO return new PhabricatorRepositoryTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorPolicyInterface )----------------------------------------- */ diff --git a/src/applications/repository/storage/PhabricatorRepositoryIdentity.php b/src/applications/repository/storage/PhabricatorRepositoryIdentity.php index 416d1a3cd2..d361ccda40 100644 --- a/src/applications/repository/storage/PhabricatorRepositoryIdentity.php +++ b/src/applications/repository/storage/PhabricatorRepositoryIdentity.php @@ -142,11 +142,4 @@ final class PhabricatorRepositoryIdentity return new PhabricatorRepositoryIdentityTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - } diff --git a/src/applications/repository/storage/PhabricatorRepositoryURI.php b/src/applications/repository/storage/PhabricatorRepositoryURI.php index c8d560705a..cc0f28b828 100644 --- a/src/applications/repository/storage/PhabricatorRepositoryURI.php +++ b/src/applications/repository/storage/PhabricatorRepositoryURI.php @@ -613,12 +613,6 @@ final class PhabricatorRepositoryURI return new PhabricatorRepositoryURITransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - return $timeline; - } - /* -( PhabricatorPolicyInterface )----------------------------------------- */ diff --git a/src/applications/search/storage/PhabricatorProfileMenuItemConfiguration.php b/src/applications/search/storage/PhabricatorProfileMenuItemConfiguration.php index 37124393fb..ba6a5b2ef8 100644 --- a/src/applications/search/storage/PhabricatorProfileMenuItemConfiguration.php +++ b/src/applications/search/storage/PhabricatorProfileMenuItemConfiguration.php @@ -273,11 +273,4 @@ final class PhabricatorProfileMenuItemConfiguration return new PhabricatorProfileMenuItemConfigurationTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - } diff --git a/src/applications/settings/storage/PhabricatorUserPreferences.php b/src/applications/settings/storage/PhabricatorUserPreferences.php index 63b2bd3a0a..9280608457 100644 --- a/src/applications/settings/storage/PhabricatorUserPreferences.php +++ b/src/applications/settings/storage/PhabricatorUserPreferences.php @@ -253,10 +253,4 @@ final class PhabricatorUserPreferences return new PhabricatorUserPreferencesTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - return $timeline; - } - } diff --git a/src/applications/slowvote/storage/PhabricatorSlowvotePoll.php b/src/applications/slowvote/storage/PhabricatorSlowvotePoll.php index 3b642256d2..fcf0009448 100644 --- a/src/applications/slowvote/storage/PhabricatorSlowvotePoll.php +++ b/src/applications/slowvote/storage/PhabricatorSlowvotePoll.php @@ -139,13 +139,6 @@ final class PhabricatorSlowvotePoll extends PhabricatorSlowvoteDAO return new PhabricatorSlowvoteTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - - return $timeline; - } - /* -( PhabricatorPolicyInterface )----------------------------------------- */ diff --git a/src/applications/spaces/storage/PhabricatorSpacesNamespace.php b/src/applications/spaces/storage/PhabricatorSpacesNamespace.php index 5f01376840..6b51d9c999 100644 --- a/src/applications/spaces/storage/PhabricatorSpacesNamespace.php +++ b/src/applications/spaces/storage/PhabricatorSpacesNamespace.php @@ -99,12 +99,6 @@ final class PhabricatorSpacesNamespace return new PhabricatorSpacesNamespaceTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - return $timeline; - } - /* -( PhabricatorDestructibleInterface )----------------------------------- */ diff --git a/src/applications/transactions/storage/PhabricatorEditEngineConfiguration.php b/src/applications/transactions/storage/PhabricatorEditEngineConfiguration.php index 3a1c8ec60b..707dbe9714 100644 --- a/src/applications/transactions/storage/PhabricatorEditEngineConfiguration.php +++ b/src/applications/transactions/storage/PhabricatorEditEngineConfiguration.php @@ -347,10 +347,4 @@ final class PhabricatorEditEngineConfiguration return new PhabricatorEditEngineConfigurationTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - return $timeline; - } - } diff --git a/src/infrastructure/daemon/workers/storage/PhabricatorWorkerBulkJob.php b/src/infrastructure/daemon/workers/storage/PhabricatorWorkerBulkJob.php index 312281617d..d6e8437091 100644 --- a/src/infrastructure/daemon/workers/storage/PhabricatorWorkerBulkJob.php +++ b/src/infrastructure/daemon/workers/storage/PhabricatorWorkerBulkJob.php @@ -241,11 +241,6 @@ final class PhabricatorWorkerBulkJob return new PhabricatorWorkerBulkJobTransaction(); } - public function willRenderTimeline( - PhabricatorApplicationTransactionView $timeline, - AphrontRequest $request) { - return $timeline; - } /* -( PhabricatorDestructibleInterface )----------------------------------- */ From 11cf8f05b176f4f911675d023285b0fb35e7f01f Mon Sep 17 00:00:00 2001 From: epriestley Date: Thu, 20 Dec 2018 10:41:01 -0800 Subject: [PATCH 22/44] Remove "getApplicationTransactionObject()" from ApplicationTransactionInterface Summary: Depends on D19919. Ref T11351. This method appeared in D8802 (note that "get...Object" was renamed to "get...Transaction" there, so this method was actually "new" even though a method of the same name had existed before). The goal at the time was to let Harbormaster post build results to Diffs and have them end up on Revisions, but this eventually got a better implementation (see below) where the Harbormaster-specific code can just specify a "publishable object" where build results should go. The new `get...Object` semantics ultimately broke some stuff, and the actual implementation in Differential was removed in D10911, so this method hasn't really served a purpose since December 2014. I think that broke the Harbormaster thing by accident and we just lived with it for a bit, then Harbormaster got some more work and D17139 introduced "publishable" objects which was a better approach. This was later refined by D19281. So: the original problem (sending build results to the right place) has a good solution now, this method hasn't done anything for 4 years, and it was probably a bad idea in the first place since it's pretty weird/surprising/fragile. Note that `Comment` objects still have an unrelated method with the same name. In that case, the method ties the `Comment` storage object to the related `Transaction` storage object. Test Plan: Grepped for `getApplicationTransactionObject`, verified that all remaining callsites are related to `Comment` objects. Reviewers: amckinley Reviewed By: amckinley Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam Maniphest Tasks: T11351 Differential Revision: https://secure.phabricator.com/D19920 --- .../almanac/storage/AlmanacBinding.php | 4 ---- .../almanac/storage/AlmanacDevice.php | 4 ---- .../almanac/storage/AlmanacInterface.php | 4 ---- .../almanac/storage/AlmanacNamespace.php | 4 ---- .../almanac/storage/AlmanacNetwork.php | 4 ---- .../almanac/storage/AlmanacService.php | 4 ---- .../auth/storage/PhabricatorAuthPassword.php | 4 ---- .../storage/PhabricatorAuthProviderConfig.php | 4 ---- .../auth/storage/PhabricatorAuthSSHKey.php | 4 ---- .../badges/storage/PhabricatorBadgesBadge.php | 4 ---- src/applications/base/PhabricatorApplication.php | 4 ---- .../calendar/storage/PhabricatorCalendarEvent.php | 4 ---- .../storage/PhabricatorCalendarExport.php | 4 ---- .../storage/PhabricatorCalendarImport.php | 4 ---- .../config/storage/PhabricatorConfigEntry.php | 4 ---- .../conpherence/storage/ConpherenceThread.php | 4 ---- .../countdown/storage/PhabricatorCountdown.php | 4 ---- .../dashboard/storage/PhabricatorDashboard.php | 4 ---- .../storage/PhabricatorDashboardPanel.php | 4 ---- .../differential/storage/DifferentialDiff.php | 4 ---- .../differential/storage/DifferentialRevision.php | 4 ---- .../diviner/storage/DivinerLiveBook.php | 4 ---- .../drydock/storage/DrydockBlueprint.php | 4 ---- .../files/storage/PhabricatorFile.php | 4 ---- src/applications/fund/storage/FundBacker.php | 4 ---- src/applications/fund/storage/FundInitiative.php | 4 ---- .../engine/HarbormasterBuildableEngine.php | 4 +--- .../storage/HarbormasterBuildable.php | 4 ---- .../storage/build/HarbormasterBuild.php | 4 ---- .../configuration/HarbormasterBuildPlan.php | 4 ---- .../configuration/HarbormasterBuildStep.php | 4 ---- src/applications/herald/storage/HeraldRule.php | 4 ---- src/applications/herald/storage/HeraldWebhook.php | 4 ---- .../legalpad/storage/LegalpadDocument.php | 4 ---- .../macro/storage/PhabricatorFileImageMacro.php | 4 ---- .../maniphest/storage/ManiphestTask.php | 4 ---- .../PhabricatorMetaMTAApplicationEmail.php | 4 ---- src/applications/nuance/storage/NuanceItem.php | 4 ---- src/applications/nuance/storage/NuanceQueue.php | 4 ---- src/applications/nuance/storage/NuanceSource.php | 4 ---- .../storage/PhabricatorOAuthServerClient.php | 4 ---- .../owners/storage/PhabricatorOwnersPackage.php | 4 ---- .../storage/PhabricatorPackagesPackage.php | 4 ---- .../storage/PhabricatorPackagesPublisher.php | 4 ---- .../storage/PhabricatorPackagesVersion.php | 4 ---- .../passphrase/storage/PassphraseCredential.php | 4 ---- .../paste/storage/PhabricatorPaste.php | 4 ---- .../people/storage/PhabricatorUser.php | 4 ---- src/applications/phame/storage/PhameBlog.php | 4 ---- src/applications/phame/storage/PhamePost.php | 4 ---- src/applications/phlux/storage/PhluxVariable.php | 4 ---- src/applications/pholio/storage/PholioMock.php | 4 ---- .../phortune/storage/PhortuneAccount.php | 4 ---- .../phortune/storage/PhortuneCart.php | 4 ---- .../phortune/storage/PhortuneMerchant.php | 4 ---- .../storage/PhortunePaymentProviderConfig.php | 4 ---- .../phriction/storage/PhrictionDocument.php | 4 ---- .../phurl/storage/PhabricatorPhurlURL.php | 4 ---- src/applications/ponder/storage/PonderAnswer.php | 4 ---- .../ponder/storage/PonderQuestion.php | 4 ---- .../project/storage/PhabricatorProject.php | 4 ---- .../project/storage/PhabricatorProjectColumn.php | 4 ---- .../releeph/storage/ReleephBranch.php | 4 ---- .../releeph/storage/ReleephProject.php | 4 ---- .../releeph/storage/ReleephRequest.php | 4 ---- .../repository/storage/PhabricatorRepository.php | 4 ---- .../storage/PhabricatorRepositoryCommit.php | 4 ---- .../storage/PhabricatorRepositoryIdentity.php | 4 ---- .../storage/PhabricatorRepositoryURI.php | 4 ---- .../PhabricatorProfileMenuItemConfiguration.php | 4 ---- .../storage/PhabricatorUserPreferences.php | 4 ---- .../slowvote/storage/PhabricatorSlowvotePoll.php | 4 ---- .../spaces/storage/PhabricatorSpacesNamespace.php | 4 ---- .../PhabricatorSubscriptionsEditController.php | 4 +--- .../PhabricatorSubscriptionsMuteController.php | 4 +--- .../tokens/editor/PhabricatorTokenGivenEditor.php | 4 +--- .../PhabricatorApplicationTransactionEditor.php | 3 +-- ...PhabricatorApplicationTransactionInterface.php | 15 --------------- ...bricatorApplicationTransactionReplyHandler.php | 4 +--- .../PhabricatorEditEngineConfiguration.php | 4 ---- .../workers/storage/PhabricatorWorkerBulkJob.php | 4 ---- 81 files changed, 6 insertions(+), 328 deletions(-) diff --git a/src/applications/almanac/storage/AlmanacBinding.php b/src/applications/almanac/storage/AlmanacBinding.php index 5577ee5e7d..a7096fc51f 100644 --- a/src/applications/almanac/storage/AlmanacBinding.php +++ b/src/applications/almanac/storage/AlmanacBinding.php @@ -206,10 +206,6 @@ final class AlmanacBinding return new AlmanacBindingEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new AlmanacBindingTransaction(); } diff --git a/src/applications/almanac/storage/AlmanacDevice.php b/src/applications/almanac/storage/AlmanacDevice.php index f25b2eb5a1..1d1010733a 100644 --- a/src/applications/almanac/storage/AlmanacDevice.php +++ b/src/applications/almanac/storage/AlmanacDevice.php @@ -204,10 +204,6 @@ final class AlmanacDevice return new AlmanacDeviceEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new AlmanacDeviceTransaction(); } diff --git a/src/applications/almanac/storage/AlmanacInterface.php b/src/applications/almanac/storage/AlmanacInterface.php index 9a5023e751..6cd318186f 100644 --- a/src/applications/almanac/storage/AlmanacInterface.php +++ b/src/applications/almanac/storage/AlmanacInterface.php @@ -168,10 +168,6 @@ final class AlmanacInterface return new AlmanacInterfaceEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new AlmanacInterfaceTransaction(); } diff --git a/src/applications/almanac/storage/AlmanacNamespace.php b/src/applications/almanac/storage/AlmanacNamespace.php index 0c8f0c5ec7..128cfdb72e 100644 --- a/src/applications/almanac/storage/AlmanacNamespace.php +++ b/src/applications/almanac/storage/AlmanacNamespace.php @@ -191,10 +191,6 @@ final class AlmanacNamespace return new AlmanacNamespaceEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new AlmanacNamespaceTransaction(); } diff --git a/src/applications/almanac/storage/AlmanacNetwork.php b/src/applications/almanac/storage/AlmanacNetwork.php index 3913d2f6e7..78313fad77 100644 --- a/src/applications/almanac/storage/AlmanacNetwork.php +++ b/src/applications/almanac/storage/AlmanacNetwork.php @@ -61,10 +61,6 @@ final class AlmanacNetwork return new AlmanacNetworkEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new AlmanacNetworkTransaction(); } diff --git a/src/applications/almanac/storage/AlmanacService.php b/src/applications/almanac/storage/AlmanacService.php index 7348abd936..2979b74367 100644 --- a/src/applications/almanac/storage/AlmanacService.php +++ b/src/applications/almanac/storage/AlmanacService.php @@ -226,10 +226,6 @@ final class AlmanacService return new AlmanacServiceEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new AlmanacServiceTransaction(); } diff --git a/src/applications/auth/storage/PhabricatorAuthPassword.php b/src/applications/auth/storage/PhabricatorAuthPassword.php index 930cbe61cb..3196b58e60 100644 --- a/src/applications/auth/storage/PhabricatorAuthPassword.php +++ b/src/applications/auth/storage/PhabricatorAuthPassword.php @@ -217,10 +217,6 @@ final class PhabricatorAuthPassword return new PhabricatorAuthPasswordEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorAuthPasswordTransaction(); } diff --git a/src/applications/auth/storage/PhabricatorAuthProviderConfig.php b/src/applications/auth/storage/PhabricatorAuthProviderConfig.php index d4d1f5517c..1de34c4077 100644 --- a/src/applications/auth/storage/PhabricatorAuthProviderConfig.php +++ b/src/applications/auth/storage/PhabricatorAuthProviderConfig.php @@ -91,10 +91,6 @@ final class PhabricatorAuthProviderConfig return new PhabricatorAuthProviderConfigEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorAuthProviderConfigTransaction(); } diff --git a/src/applications/auth/storage/PhabricatorAuthSSHKey.php b/src/applications/auth/storage/PhabricatorAuthSSHKey.php index df4f09c11b..7350af8cfd 100644 --- a/src/applications/auth/storage/PhabricatorAuthSSHKey.php +++ b/src/applications/auth/storage/PhabricatorAuthSSHKey.php @@ -159,10 +159,6 @@ final class PhabricatorAuthSSHKey return new PhabricatorAuthSSHKeyEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorAuthSSHKeyTransaction(); } diff --git a/src/applications/badges/storage/PhabricatorBadgesBadge.php b/src/applications/badges/storage/PhabricatorBadgesBadge.php index c6701a5b62..2fc787d9ee 100644 --- a/src/applications/badges/storage/PhabricatorBadgesBadge.php +++ b/src/applications/badges/storage/PhabricatorBadgesBadge.php @@ -125,10 +125,6 @@ final class PhabricatorBadgesBadge extends PhabricatorBadgesDAO return new PhabricatorBadgesEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorBadgesTransaction(); } diff --git a/src/applications/base/PhabricatorApplication.php b/src/applications/base/PhabricatorApplication.php index e699a890d4..9526fb1442 100644 --- a/src/applications/base/PhabricatorApplication.php +++ b/src/applications/base/PhabricatorApplication.php @@ -649,10 +649,6 @@ abstract class PhabricatorApplication return new PhabricatorApplicationEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorApplicationApplicationTransaction(); } diff --git a/src/applications/calendar/storage/PhabricatorCalendarEvent.php b/src/applications/calendar/storage/PhabricatorCalendarEvent.php index 51c9a8a973..a8092aaa88 100644 --- a/src/applications/calendar/storage/PhabricatorCalendarEvent.php +++ b/src/applications/calendar/storage/PhabricatorCalendarEvent.php @@ -1311,10 +1311,6 @@ final class PhabricatorCalendarEvent extends PhabricatorCalendarDAO return new PhabricatorCalendarEventEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorCalendarEventTransaction(); } diff --git a/src/applications/calendar/storage/PhabricatorCalendarExport.php b/src/applications/calendar/storage/PhabricatorCalendarExport.php index 93daaf6e5d..4ad2b457f3 100644 --- a/src/applications/calendar/storage/PhabricatorCalendarExport.php +++ b/src/applications/calendar/storage/PhabricatorCalendarExport.php @@ -166,10 +166,6 @@ final class PhabricatorCalendarExport extends PhabricatorCalendarDAO return new PhabricatorCalendarExportEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorCalendarExportTransaction(); } diff --git a/src/applications/calendar/storage/PhabricatorCalendarImport.php b/src/applications/calendar/storage/PhabricatorCalendarImport.php index 09e7ee138b..37ddac857c 100644 --- a/src/applications/calendar/storage/PhabricatorCalendarImport.php +++ b/src/applications/calendar/storage/PhabricatorCalendarImport.php @@ -140,10 +140,6 @@ final class PhabricatorCalendarImport return new PhabricatorCalendarImportEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorCalendarImportTransaction(); } diff --git a/src/applications/config/storage/PhabricatorConfigEntry.php b/src/applications/config/storage/PhabricatorConfigEntry.php index 4e28180eed..3462c4e7ba 100644 --- a/src/applications/config/storage/PhabricatorConfigEntry.php +++ b/src/applications/config/storage/PhabricatorConfigEntry.php @@ -61,10 +61,6 @@ final class PhabricatorConfigEntry return new PhabricatorConfigEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorConfigTransaction(); } diff --git a/src/applications/conpherence/storage/ConpherenceThread.php b/src/applications/conpherence/storage/ConpherenceThread.php index 4a99fccdb9..7a5f97ed41 100644 --- a/src/applications/conpherence/storage/ConpherenceThread.php +++ b/src/applications/conpherence/storage/ConpherenceThread.php @@ -311,10 +311,6 @@ final class ConpherenceThread extends ConpherenceDAO return new ConpherenceEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new ConpherenceTransaction(); } diff --git a/src/applications/countdown/storage/PhabricatorCountdown.php b/src/applications/countdown/storage/PhabricatorCountdown.php index 0e275604da..1c61ae7ffc 100644 --- a/src/applications/countdown/storage/PhabricatorCountdown.php +++ b/src/applications/countdown/storage/PhabricatorCountdown.php @@ -95,10 +95,6 @@ final class PhabricatorCountdown extends PhabricatorCountdownDAO return new PhabricatorCountdownEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorCountdownTransaction(); } diff --git a/src/applications/dashboard/storage/PhabricatorDashboard.php b/src/applications/dashboard/storage/PhabricatorDashboard.php index 86181dbf9d..53bc2f857d 100644 --- a/src/applications/dashboard/storage/PhabricatorDashboard.php +++ b/src/applications/dashboard/storage/PhabricatorDashboard.php @@ -130,10 +130,6 @@ final class PhabricatorDashboard extends PhabricatorDashboardDAO return new PhabricatorDashboardTransactionEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorDashboardTransaction(); } diff --git a/src/applications/dashboard/storage/PhabricatorDashboardPanel.php b/src/applications/dashboard/storage/PhabricatorDashboardPanel.php index ea71e04771..89b577ab87 100644 --- a/src/applications/dashboard/storage/PhabricatorDashboardPanel.php +++ b/src/applications/dashboard/storage/PhabricatorDashboardPanel.php @@ -113,10 +113,6 @@ final class PhabricatorDashboardPanel return new PhabricatorDashboardPanelTransactionEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorDashboardPanelTransaction(); } diff --git a/src/applications/differential/storage/DifferentialDiff.php b/src/applications/differential/storage/DifferentialDiff.php index 0b882228c5..e4c33dc766 100644 --- a/src/applications/differential/storage/DifferentialDiff.php +++ b/src/applications/differential/storage/DifferentialDiff.php @@ -699,10 +699,6 @@ final class DifferentialDiff return new DifferentialDiffEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new DifferentialDiffTransaction(); } diff --git a/src/applications/differential/storage/DifferentialRevision.php b/src/applications/differential/storage/DifferentialRevision.php index ef94da7f67..3397f9cb03 100644 --- a/src/applications/differential/storage/DifferentialRevision.php +++ b/src/applications/differential/storage/DifferentialRevision.php @@ -991,10 +991,6 @@ final class DifferentialRevision extends DifferentialDAO return new DifferentialTransactionEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new DifferentialTransaction(); } diff --git a/src/applications/diviner/storage/DivinerLiveBook.php b/src/applications/diviner/storage/DivinerLiveBook.php index d9dfc0107e..480bc50d05 100644 --- a/src/applications/diviner/storage/DivinerLiveBook.php +++ b/src/applications/diviner/storage/DivinerLiveBook.php @@ -143,10 +143,6 @@ final class DivinerLiveBook extends DivinerDAO return new DivinerLiveBookEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new DivinerLiveBookTransaction(); } diff --git a/src/applications/drydock/storage/DrydockBlueprint.php b/src/applications/drydock/storage/DrydockBlueprint.php index 368dbe8f6a..ebe2f9f601 100644 --- a/src/applications/drydock/storage/DrydockBlueprint.php +++ b/src/applications/drydock/storage/DrydockBlueprint.php @@ -295,10 +295,6 @@ final class DrydockBlueprint extends DrydockDAO return new DrydockBlueprintEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new DrydockBlueprintTransaction(); } diff --git a/src/applications/files/storage/PhabricatorFile.php b/src/applications/files/storage/PhabricatorFile.php index 21c9bd2fd3..cc80d272b1 100644 --- a/src/applications/files/storage/PhabricatorFile.php +++ b/src/applications/files/storage/PhabricatorFile.php @@ -1544,10 +1544,6 @@ final class PhabricatorFile extends PhabricatorFileDAO return new PhabricatorFileEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorFileTransaction(); } diff --git a/src/applications/fund/storage/FundBacker.php b/src/applications/fund/storage/FundBacker.php index 67ce3c2d8c..87ab342e2a 100644 --- a/src/applications/fund/storage/FundBacker.php +++ b/src/applications/fund/storage/FundBacker.php @@ -110,10 +110,6 @@ final class FundBacker extends FundDAO return new FundBackerEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new FundBackerTransaction(); } diff --git a/src/applications/fund/storage/FundInitiative.php b/src/applications/fund/storage/FundInitiative.php index 077646fea0..5e4dd48026 100644 --- a/src/applications/fund/storage/FundInitiative.php +++ b/src/applications/fund/storage/FundInitiative.php @@ -160,10 +160,6 @@ final class FundInitiative extends FundDAO return new FundInitiativeEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new FundInitiativeTransaction(); } diff --git a/src/applications/harbormaster/engine/HarbormasterBuildableEngine.php b/src/applications/harbormaster/engine/HarbormasterBuildableEngine.php index 25222975b7..7f743b3adf 100644 --- a/src/applications/harbormaster/engine/HarbormasterBuildableEngine.php +++ b/src/applications/harbormaster/engine/HarbormasterBuildableEngine.php @@ -96,9 +96,7 @@ abstract class HarbormasterBuildableEngine $publishable = $this->getPublishableObject(); $editor = $this->newEditor(); - $editor->applyTransactions( - $publishable->getApplicationTransactionObject(), - $xactions); + $editor->applyTransactions($publishable, $xactions); } public function getAuthorIdentity() { diff --git a/src/applications/harbormaster/storage/HarbormasterBuildable.php b/src/applications/harbormaster/storage/HarbormasterBuildable.php index 0e2e93a0c9..aabfd49eb9 100644 --- a/src/applications/harbormaster/storage/HarbormasterBuildable.php +++ b/src/applications/harbormaster/storage/HarbormasterBuildable.php @@ -283,10 +283,6 @@ final class HarbormasterBuildable return new HarbormasterBuildableTransactionEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new HarbormasterBuildableTransaction(); } diff --git a/src/applications/harbormaster/storage/build/HarbormasterBuild.php b/src/applications/harbormaster/storage/build/HarbormasterBuild.php index 04ba35ee1e..602e388477 100644 --- a/src/applications/harbormaster/storage/build/HarbormasterBuild.php +++ b/src/applications/harbormaster/storage/build/HarbormasterBuild.php @@ -393,10 +393,6 @@ final class HarbormasterBuild extends HarbormasterDAO return new HarbormasterBuildTransactionEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new HarbormasterBuildTransaction(); } diff --git a/src/applications/harbormaster/storage/configuration/HarbormasterBuildPlan.php b/src/applications/harbormaster/storage/configuration/HarbormasterBuildPlan.php index a41dc89790..2e379aab23 100644 --- a/src/applications/harbormaster/storage/configuration/HarbormasterBuildPlan.php +++ b/src/applications/harbormaster/storage/configuration/HarbormasterBuildPlan.php @@ -136,10 +136,6 @@ final class HarbormasterBuildPlan extends HarbormasterDAO return new HarbormasterBuildPlanEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new HarbormasterBuildPlanTransaction(); } diff --git a/src/applications/harbormaster/storage/configuration/HarbormasterBuildStep.php b/src/applications/harbormaster/storage/configuration/HarbormasterBuildStep.php index cee9a3f9c3..dd0ebdc507 100644 --- a/src/applications/harbormaster/storage/configuration/HarbormasterBuildStep.php +++ b/src/applications/harbormaster/storage/configuration/HarbormasterBuildStep.php @@ -121,10 +121,6 @@ final class HarbormasterBuildStep extends HarbormasterDAO return new HarbormasterBuildStepEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new HarbormasterBuildStepTransaction(); } diff --git a/src/applications/herald/storage/HeraldRule.php b/src/applications/herald/storage/HeraldRule.php index 6b078336aa..1b005898cb 100644 --- a/src/applications/herald/storage/HeraldRule.php +++ b/src/applications/herald/storage/HeraldRule.php @@ -318,10 +318,6 @@ final class HeraldRule extends HeraldDAO return new HeraldRuleEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new HeraldRuleTransaction(); } diff --git a/src/applications/herald/storage/HeraldWebhook.php b/src/applications/herald/storage/HeraldWebhook.php index aa992ec203..0101dbef52 100644 --- a/src/applications/herald/storage/HeraldWebhook.php +++ b/src/applications/herald/storage/HeraldWebhook.php @@ -200,10 +200,6 @@ final class HeraldWebhook return new HeraldWebhookEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new HeraldWebhookTransaction(); } diff --git a/src/applications/legalpad/storage/LegalpadDocument.php b/src/applications/legalpad/storage/LegalpadDocument.php index 428a35b56c..efcd6b5f15 100644 --- a/src/applications/legalpad/storage/LegalpadDocument.php +++ b/src/applications/legalpad/storage/LegalpadDocument.php @@ -209,10 +209,6 @@ final class LegalpadDocument extends LegalpadDAO return new LegalpadDocumentEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new LegalpadTransaction(); } diff --git a/src/applications/macro/storage/PhabricatorFileImageMacro.php b/src/applications/macro/storage/PhabricatorFileImageMacro.php index 8c0631cf84..656a4c9c57 100644 --- a/src/applications/macro/storage/PhabricatorFileImageMacro.php +++ b/src/applications/macro/storage/PhabricatorFileImageMacro.php @@ -98,10 +98,6 @@ final class PhabricatorFileImageMacro extends PhabricatorFileDAO return new PhabricatorMacroEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorMacroTransaction(); } diff --git a/src/applications/maniphest/storage/ManiphestTask.php b/src/applications/maniphest/storage/ManiphestTask.php index 7b9b7d2b91..1372e2cb88 100644 --- a/src/applications/maniphest/storage/ManiphestTask.php +++ b/src/applications/maniphest/storage/ManiphestTask.php @@ -452,10 +452,6 @@ final class ManiphestTask extends ManiphestDAO return new ManiphestTransactionEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new ManiphestTransaction(); } diff --git a/src/applications/metamta/storage/PhabricatorMetaMTAApplicationEmail.php b/src/applications/metamta/storage/PhabricatorMetaMTAApplicationEmail.php index 623fd88e91..39eb4001cd 100644 --- a/src/applications/metamta/storage/PhabricatorMetaMTAApplicationEmail.php +++ b/src/applications/metamta/storage/PhabricatorMetaMTAApplicationEmail.php @@ -123,10 +123,6 @@ final class PhabricatorMetaMTAApplicationEmail return new PhabricatorMetaMTAApplicationEmailEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorMetaMTAApplicationEmailTransaction(); } diff --git a/src/applications/nuance/storage/NuanceItem.php b/src/applications/nuance/storage/NuanceItem.php index 4f9ab750c1..f182e17580 100644 --- a/src/applications/nuance/storage/NuanceItem.php +++ b/src/applications/nuance/storage/NuanceItem.php @@ -193,10 +193,6 @@ final class NuanceItem return new NuanceItemEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new NuanceItemTransaction(); } diff --git a/src/applications/nuance/storage/NuanceQueue.php b/src/applications/nuance/storage/NuanceQueue.php index 7cbb1e761c..a19f1693b3 100644 --- a/src/applications/nuance/storage/NuanceQueue.php +++ b/src/applications/nuance/storage/NuanceQueue.php @@ -79,10 +79,6 @@ final class NuanceQueue return new NuanceQueueEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new NuanceQueueTransaction(); } diff --git a/src/applications/nuance/storage/NuanceSource.php b/src/applications/nuance/storage/NuanceSource.php index 0f0dd4d7de..5e06a5dc0a 100644 --- a/src/applications/nuance/storage/NuanceSource.php +++ b/src/applications/nuance/storage/NuanceSource.php @@ -99,10 +99,6 @@ final class NuanceSource extends NuanceDAO return new NuanceSourceEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new NuanceSourceTransaction(); } diff --git a/src/applications/oauthserver/storage/PhabricatorOAuthServerClient.php b/src/applications/oauthserver/storage/PhabricatorOAuthServerClient.php index 1ebecbc369..a951bf5781 100644 --- a/src/applications/oauthserver/storage/PhabricatorOAuthServerClient.php +++ b/src/applications/oauthserver/storage/PhabricatorOAuthServerClient.php @@ -91,10 +91,6 @@ final class PhabricatorOAuthServerClient return new PhabricatorOAuthServerEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorOAuthServerTransaction(); } diff --git a/src/applications/owners/storage/PhabricatorOwnersPackage.php b/src/applications/owners/storage/PhabricatorOwnersPackage.php index 17954ea80a..564fc8a28b 100644 --- a/src/applications/owners/storage/PhabricatorOwnersPackage.php +++ b/src/applications/owners/storage/PhabricatorOwnersPackage.php @@ -607,10 +607,6 @@ final class PhabricatorOwnersPackage return new PhabricatorOwnersPackageTransactionEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorOwnersPackageTransaction(); } diff --git a/src/applications/packages/storage/PhabricatorPackagesPackage.php b/src/applications/packages/storage/PhabricatorPackagesPackage.php index 822988e8fb..15748329e7 100644 --- a/src/applications/packages/storage/PhabricatorPackagesPackage.php +++ b/src/applications/packages/storage/PhabricatorPackagesPackage.php @@ -189,10 +189,6 @@ final class PhabricatorPackagesPackage return new PhabricatorPackagesPackageEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorPackagesPackageTransaction(); } diff --git a/src/applications/packages/storage/PhabricatorPackagesPublisher.php b/src/applications/packages/storage/PhabricatorPackagesPublisher.php index b7610499d4..21b586dc1f 100644 --- a/src/applications/packages/storage/PhabricatorPackagesPublisher.php +++ b/src/applications/packages/storage/PhabricatorPackagesPublisher.php @@ -165,10 +165,6 @@ final class PhabricatorPackagesPublisher return new PhabricatorPackagesPublisherEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorPackagesPublisherTransaction(); } diff --git a/src/applications/packages/storage/PhabricatorPackagesVersion.php b/src/applications/packages/storage/PhabricatorPackagesVersion.php index e1abf043a1..cd5e2648f8 100644 --- a/src/applications/packages/storage/PhabricatorPackagesVersion.php +++ b/src/applications/packages/storage/PhabricatorPackagesVersion.php @@ -156,10 +156,6 @@ final class PhabricatorPackagesVersion return new PhabricatorPackagesVersionEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorPackagesVersionTransaction(); } diff --git a/src/applications/passphrase/storage/PassphraseCredential.php b/src/applications/passphrase/storage/PassphraseCredential.php index 6cb7cbf24e..b10d392d36 100644 --- a/src/applications/passphrase/storage/PassphraseCredential.php +++ b/src/applications/passphrase/storage/PassphraseCredential.php @@ -117,10 +117,6 @@ final class PassphraseCredential extends PassphraseDAO return new PassphraseCredentialTransactionEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PassphraseCredentialTransaction(); } diff --git a/src/applications/paste/storage/PhabricatorPaste.php b/src/applications/paste/storage/PhabricatorPaste.php index ad3965ce46..79f1a953f6 100644 --- a/src/applications/paste/storage/PhabricatorPaste.php +++ b/src/applications/paste/storage/PhabricatorPaste.php @@ -219,10 +219,6 @@ final class PhabricatorPaste extends PhabricatorPasteDAO return new PhabricatorPasteEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorPasteTransaction(); } diff --git a/src/applications/people/storage/PhabricatorUser.php b/src/applications/people/storage/PhabricatorUser.php index 9b6f6cdbe4..8b1c7cba5c 100644 --- a/src/applications/people/storage/PhabricatorUser.php +++ b/src/applications/people/storage/PhabricatorUser.php @@ -1371,10 +1371,6 @@ final class PhabricatorUser return new PhabricatorUserTransactionEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorUserTransaction(); } diff --git a/src/applications/phame/storage/PhameBlog.php b/src/applications/phame/storage/PhameBlog.php index fde39da0fc..71a5186225 100644 --- a/src/applications/phame/storage/PhameBlog.php +++ b/src/applications/phame/storage/PhameBlog.php @@ -331,10 +331,6 @@ final class PhameBlog extends PhameDAO return new PhameBlogEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhameBlogTransaction(); } diff --git a/src/applications/phame/storage/PhamePost.php b/src/applications/phame/storage/PhamePost.php index c95d48054b..300579b086 100644 --- a/src/applications/phame/storage/PhamePost.php +++ b/src/applications/phame/storage/PhamePost.php @@ -279,10 +279,6 @@ final class PhamePost extends PhameDAO return new PhamePostEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhamePostTransaction(); } diff --git a/src/applications/phlux/storage/PhluxVariable.php b/src/applications/phlux/storage/PhluxVariable.php index d8c2d5315e..fb0d5c2f80 100644 --- a/src/applications/phlux/storage/PhluxVariable.php +++ b/src/applications/phlux/storage/PhluxVariable.php @@ -41,10 +41,6 @@ final class PhluxVariable extends PhluxDAO return new PhluxVariableEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhluxTransaction(); } diff --git a/src/applications/pholio/storage/PholioMock.php b/src/applications/pholio/storage/PholioMock.php index 51bdd1a196..a7e9a9b05d 100644 --- a/src/applications/pholio/storage/PholioMock.php +++ b/src/applications/pholio/storage/PholioMock.php @@ -221,10 +221,6 @@ final class PholioMock extends PholioDAO return new PholioMockEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PholioTransaction(); } diff --git a/src/applications/phortune/storage/PhortuneAccount.php b/src/applications/phortune/storage/PhortuneAccount.php index 8402ffa6d1..b0b57645c3 100644 --- a/src/applications/phortune/storage/PhortuneAccount.php +++ b/src/applications/phortune/storage/PhortuneAccount.php @@ -105,10 +105,6 @@ final class PhortuneAccount extends PhortuneDAO return new PhortuneAccountEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhortuneAccountTransaction(); } diff --git a/src/applications/phortune/storage/PhortuneCart.php b/src/applications/phortune/storage/PhortuneCart.php index 81f7099d0f..2b121a3b0c 100644 --- a/src/applications/phortune/storage/PhortuneCart.php +++ b/src/applications/phortune/storage/PhortuneCart.php @@ -636,10 +636,6 @@ final class PhortuneCart extends PhortuneDAO return new PhortuneCartEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhortuneCartTransaction(); } diff --git a/src/applications/phortune/storage/PhortuneMerchant.php b/src/applications/phortune/storage/PhortuneMerchant.php index a4fff91c5e..4916cfede7 100644 --- a/src/applications/phortune/storage/PhortuneMerchant.php +++ b/src/applications/phortune/storage/PhortuneMerchant.php @@ -78,10 +78,6 @@ final class PhortuneMerchant extends PhortuneDAO return new PhortuneMerchantEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhortuneMerchantTransaction(); } diff --git a/src/applications/phortune/storage/PhortunePaymentProviderConfig.php b/src/applications/phortune/storage/PhortunePaymentProviderConfig.php index 65d5b3e65c..1e151b3fbb 100644 --- a/src/applications/phortune/storage/PhortunePaymentProviderConfig.php +++ b/src/applications/phortune/storage/PhortunePaymentProviderConfig.php @@ -106,10 +106,6 @@ final class PhortunePaymentProviderConfig extends PhortuneDAO return new PhortunePaymentProviderConfigEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhortunePaymentProviderConfigTransaction(); } diff --git a/src/applications/phriction/storage/PhrictionDocument.php b/src/applications/phriction/storage/PhrictionDocument.php index 24f216fe26..9f8a4a475b 100644 --- a/src/applications/phriction/storage/PhrictionDocument.php +++ b/src/applications/phriction/storage/PhrictionDocument.php @@ -223,10 +223,6 @@ final class PhrictionDocument extends PhrictionDAO return new PhrictionTransactionEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhrictionTransaction(); } diff --git a/src/applications/phurl/storage/PhabricatorPhurlURL.php b/src/applications/phurl/storage/PhabricatorPhurlURL.php index 76a4fd045a..4f3ee36dea 100644 --- a/src/applications/phurl/storage/PhabricatorPhurlURL.php +++ b/src/applications/phurl/storage/PhabricatorPhurlURL.php @@ -157,10 +157,6 @@ final class PhabricatorPhurlURL extends PhabricatorPhurlDAO return new PhabricatorPhurlURLEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorPhurlURLTransaction(); } diff --git a/src/applications/ponder/storage/PonderAnswer.php b/src/applications/ponder/storage/PonderAnswer.php index 0dcf44d617..9179e22a44 100644 --- a/src/applications/ponder/storage/PonderAnswer.php +++ b/src/applications/ponder/storage/PonderAnswer.php @@ -117,10 +117,6 @@ final class PonderAnswer extends PonderDAO return new PonderAnswerEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PonderAnswerTransaction(); } diff --git a/src/applications/ponder/storage/PonderQuestion.php b/src/applications/ponder/storage/PonderQuestion.php index 2ae6c76d68..40ec9fbee8 100644 --- a/src/applications/ponder/storage/PonderQuestion.php +++ b/src/applications/ponder/storage/PonderQuestion.php @@ -145,10 +145,6 @@ final class PonderQuestion extends PonderDAO return new PonderQuestionEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PonderQuestionTransaction(); } diff --git a/src/applications/project/storage/PhabricatorProject.php b/src/applications/project/storage/PhabricatorProject.php index adbfb0dc36..4dae13f3c6 100644 --- a/src/applications/project/storage/PhabricatorProject.php +++ b/src/applications/project/storage/PhabricatorProject.php @@ -695,10 +695,6 @@ final class PhabricatorProject extends PhabricatorProjectDAO return new PhabricatorProjectTransactionEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorProjectTransaction(); } diff --git a/src/applications/project/storage/PhabricatorProjectColumn.php b/src/applications/project/storage/PhabricatorProjectColumn.php index b4c5df885e..756c356ee1 100644 --- a/src/applications/project/storage/PhabricatorProjectColumn.php +++ b/src/applications/project/storage/PhabricatorProjectColumn.php @@ -234,10 +234,6 @@ final class PhabricatorProjectColumn return new PhabricatorProjectColumnTransactionEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorProjectColumnTransaction(); } diff --git a/src/applications/releeph/storage/ReleephBranch.php b/src/applications/releeph/storage/ReleephBranch.php index 5e23499a9d..28323a9981 100644 --- a/src/applications/releeph/storage/ReleephBranch.php +++ b/src/applications/releeph/storage/ReleephBranch.php @@ -158,10 +158,6 @@ final class ReleephBranch extends ReleephDAO return new ReleephBranchEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new ReleephBranchTransaction(); } diff --git a/src/applications/releeph/storage/ReleephProject.php b/src/applications/releeph/storage/ReleephProject.php index 318d687efd..db47ac5d39 100644 --- a/src/applications/releeph/storage/ReleephProject.php +++ b/src/applications/releeph/storage/ReleephProject.php @@ -119,10 +119,6 @@ final class ReleephProject extends ReleephDAO return new ReleephProductEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new ReleephProductTransaction(); } diff --git a/src/applications/releeph/storage/ReleephRequest.php b/src/applications/releeph/storage/ReleephRequest.php index 23956e4a3c..c21f9b28c8 100644 --- a/src/applications/releeph/storage/ReleephRequest.php +++ b/src/applications/releeph/storage/ReleephRequest.php @@ -299,10 +299,6 @@ final class ReleephRequest extends ReleephDAO return new ReleephRequestTransactionalEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new ReleephRequestTransaction(); } diff --git a/src/applications/repository/storage/PhabricatorRepository.php b/src/applications/repository/storage/PhabricatorRepository.php index 6967085644..e1febe7ac8 100644 --- a/src/applications/repository/storage/PhabricatorRepository.php +++ b/src/applications/repository/storage/PhabricatorRepository.php @@ -2613,10 +2613,6 @@ final class PhabricatorRepository extends PhabricatorRepositoryDAO return new PhabricatorRepositoryEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorRepositoryTransaction(); } diff --git a/src/applications/repository/storage/PhabricatorRepositoryCommit.php b/src/applications/repository/storage/PhabricatorRepositoryCommit.php index ddc4dbbf9f..fecb1762bd 100644 --- a/src/applications/repository/storage/PhabricatorRepositoryCommit.php +++ b/src/applications/repository/storage/PhabricatorRepositoryCommit.php @@ -731,10 +731,6 @@ final class PhabricatorRepositoryCommit return new PhabricatorAuditEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorAuditTransaction(); } diff --git a/src/applications/repository/storage/PhabricatorRepositoryIdentity.php b/src/applications/repository/storage/PhabricatorRepositoryIdentity.php index d361ccda40..76c6aed9e0 100644 --- a/src/applications/repository/storage/PhabricatorRepositoryIdentity.php +++ b/src/applications/repository/storage/PhabricatorRepositoryIdentity.php @@ -134,10 +134,6 @@ final class PhabricatorRepositoryIdentity return new DiffusionRepositoryIdentityEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorRepositoryIdentityTransaction(); } diff --git a/src/applications/repository/storage/PhabricatorRepositoryURI.php b/src/applications/repository/storage/PhabricatorRepositoryURI.php index cc0f28b828..8b1de62dd6 100644 --- a/src/applications/repository/storage/PhabricatorRepositoryURI.php +++ b/src/applications/repository/storage/PhabricatorRepositoryURI.php @@ -605,10 +605,6 @@ final class PhabricatorRepositoryURI return new DiffusionURIEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorRepositoryURITransaction(); } diff --git a/src/applications/search/storage/PhabricatorProfileMenuItemConfiguration.php b/src/applications/search/storage/PhabricatorProfileMenuItemConfiguration.php index ba6a5b2ef8..8520cac1bd 100644 --- a/src/applications/search/storage/PhabricatorProfileMenuItemConfiguration.php +++ b/src/applications/search/storage/PhabricatorProfileMenuItemConfiguration.php @@ -265,10 +265,6 @@ final class PhabricatorProfileMenuItemConfiguration return new PhabricatorProfileMenuEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorProfileMenuItemConfigurationTransaction(); } diff --git a/src/applications/settings/storage/PhabricatorUserPreferences.php b/src/applications/settings/storage/PhabricatorUserPreferences.php index 9280608457..0af6b4553c 100644 --- a/src/applications/settings/storage/PhabricatorUserPreferences.php +++ b/src/applications/settings/storage/PhabricatorUserPreferences.php @@ -245,10 +245,6 @@ final class PhabricatorUserPreferences return new PhabricatorUserPreferencesEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorUserPreferencesTransaction(); } diff --git a/src/applications/slowvote/storage/PhabricatorSlowvotePoll.php b/src/applications/slowvote/storage/PhabricatorSlowvotePoll.php index fcf0009448..b8355c0586 100644 --- a/src/applications/slowvote/storage/PhabricatorSlowvotePoll.php +++ b/src/applications/slowvote/storage/PhabricatorSlowvotePoll.php @@ -131,10 +131,6 @@ final class PhabricatorSlowvotePoll extends PhabricatorSlowvoteDAO return new PhabricatorSlowvoteEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorSlowvoteTransaction(); } diff --git a/src/applications/spaces/storage/PhabricatorSpacesNamespace.php b/src/applications/spaces/storage/PhabricatorSpacesNamespace.php index 6b51d9c999..e8b2afb435 100644 --- a/src/applications/spaces/storage/PhabricatorSpacesNamespace.php +++ b/src/applications/spaces/storage/PhabricatorSpacesNamespace.php @@ -91,10 +91,6 @@ final class PhabricatorSpacesNamespace return new PhabricatorSpacesNamespaceEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorSpacesNamespaceTransaction(); } diff --git a/src/applications/subscriptions/controller/PhabricatorSubscriptionsEditController.php b/src/applications/subscriptions/controller/PhabricatorSubscriptionsEditController.php index 817e92ce39..13a0e14c23 100644 --- a/src/applications/subscriptions/controller/PhabricatorSubscriptionsEditController.php +++ b/src/applications/subscriptions/controller/PhabricatorSubscriptionsEditController.php @@ -77,9 +77,7 @@ final class PhabricatorSubscriptionsEditController ->setContinueOnMissingFields(true) ->setContentSourceFromRequest($request); - $editor->applyTransactions( - $object->getApplicationTransactionObject(), - array($xaction)); + $editor->applyTransactions($object, array($xaction)); } else { // TODO: Eventually, get rid of this once everything implements diff --git a/src/applications/subscriptions/controller/PhabricatorSubscriptionsMuteController.php b/src/applications/subscriptions/controller/PhabricatorSubscriptionsMuteController.php index e29d5e3802..929a4985dd 100644 --- a/src/applications/subscriptions/controller/PhabricatorSubscriptionsMuteController.php +++ b/src/applications/subscriptions/controller/PhabricatorSubscriptionsMuteController.php @@ -55,9 +55,7 @@ final class PhabricatorSubscriptionsMuteController ->setContinueOnMissingFields(true) ->setContentSourceFromRequest($request); - $editor->applyTransactions( - $object->getApplicationTransactionObject(), - array($xaction)); + $editor->applyTransactions($object, array($xaction)); return id(new AphrontReloadResponse())->setURI($object_uri); } diff --git a/src/applications/tokens/editor/PhabricatorTokenGivenEditor.php b/src/applications/tokens/editor/PhabricatorTokenGivenEditor.php index ea4e8367c0..0d2f143635 100644 --- a/src/applications/tokens/editor/PhabricatorTokenGivenEditor.php +++ b/src/applications/tokens/editor/PhabricatorTokenGivenEditor.php @@ -166,9 +166,7 @@ final class PhabricatorTokenGivenEditor ->setContinueOnNoEffect(true) ->setContinueOnMissingFields(true); - $editor->applyTransactions( - $object->getApplicationTransactionObject(), - $xactions); + $editor->applyTransactions($object, $xactions); } } diff --git a/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php b/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php index 738fcf098b..697c4600a5 100644 --- a/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php +++ b/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php @@ -3766,7 +3766,6 @@ abstract class PhabricatorApplicationTransactionEditor $editor = $node->getApplicationTransactionEditor(); $template = $node->getApplicationTransactionTemplate(); - $target = $node->getApplicationTransactionObject(); if (isset($add[$node->getPHID()])) { $edge_edit_type = '+'; @@ -3792,7 +3791,7 @@ abstract class PhabricatorApplicationTransactionEditor ->setActingAsPHID($this->getActingAsPHID()) ->setContentSource($this->getContentSource()); - $editor->applyTransactions($target, array($template)); + $editor->applyTransactions($node, array($template)); } } diff --git a/src/applications/transactions/interface/PhabricatorApplicationTransactionInterface.php b/src/applications/transactions/interface/PhabricatorApplicationTransactionInterface.php index 1c6b4a0049..205253ba22 100644 --- a/src/applications/transactions/interface/PhabricatorApplicationTransactionInterface.php +++ b/src/applications/transactions/interface/PhabricatorApplicationTransactionInterface.php @@ -17,17 +17,6 @@ interface PhabricatorApplicationTransactionInterface { public function getApplicationTransactionEditor(); - /** - * Return the object to apply transactions to. Normally this is the current - * object (that is, `$this`), but in some cases transactions may apply to - * a different object: for example, @{class:DifferentialDiff} applies - * transactions to the associated @{class:DifferentialRevision}. - * - * @return PhabricatorLiskDAO Object to apply transactions to. - */ - public function getApplicationTransactionObject(); - - /** * Return a template transaction for this object. * @@ -47,10 +36,6 @@ interface PhabricatorApplicationTransactionInterface { return new <<>>Editor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new <<>>Transaction(); } diff --git a/src/applications/transactions/replyhandler/PhabricatorApplicationTransactionReplyHandler.php b/src/applications/transactions/replyhandler/PhabricatorApplicationTransactionReplyHandler.php index 5457708953..9a369717f0 100644 --- a/src/applications/transactions/replyhandler/PhabricatorApplicationTransactionReplyHandler.php +++ b/src/applications/transactions/replyhandler/PhabricatorApplicationTransactionReplyHandler.php @@ -107,11 +107,9 @@ abstract class PhabricatorApplicationTransactionReplyHandler ->attachComment($comment); } - $target = $object->getApplicationTransactionObject(); - $this->newEditor($mail) ->setContinueOnNoEffect(true) - ->applyTransactions($target, $xactions); + ->applyTransactions($object, $xactions); } private function processMailCommands( diff --git a/src/applications/transactions/storage/PhabricatorEditEngineConfiguration.php b/src/applications/transactions/storage/PhabricatorEditEngineConfiguration.php index 707dbe9714..6c9f3a50a6 100644 --- a/src/applications/transactions/storage/PhabricatorEditEngineConfiguration.php +++ b/src/applications/transactions/storage/PhabricatorEditEngineConfiguration.php @@ -339,10 +339,6 @@ final class PhabricatorEditEngineConfiguration return new PhabricatorEditEngineConfigurationEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorEditEngineConfigurationTransaction(); } diff --git a/src/infrastructure/daemon/workers/storage/PhabricatorWorkerBulkJob.php b/src/infrastructure/daemon/workers/storage/PhabricatorWorkerBulkJob.php index d6e8437091..68263fccb7 100644 --- a/src/infrastructure/daemon/workers/storage/PhabricatorWorkerBulkJob.php +++ b/src/infrastructure/daemon/workers/storage/PhabricatorWorkerBulkJob.php @@ -233,10 +233,6 @@ final class PhabricatorWorkerBulkJob return new PhabricatorWorkerBulkJobEditor(); } - public function getApplicationTransactionObject() { - return $this; - } - public function getApplicationTransactionTemplate() { return new PhabricatorWorkerBulkJobTransaction(); } From 28989ac23145457fa49ab194244bdb86e886e9c9 Mon Sep 17 00:00:00 2001 From: epriestley Date: Thu, 20 Dec 2018 11:36:23 -0800 Subject: [PATCH 23/44] Make the Pholio Mock "getImages" / "getAllImages" API more clear Summary: Depends on D19920. Ref T11351. Currently, "images" and "all images" are attached to Mocks separately, and `getImages()` gets you only some images. Clean this up slightly: - One attach method; attach everything. - Two getters, one for "images" (returns all images); one for "active images" (returns active images). Test Plan: Browsed around Pholio without any apparent behavioral changes. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T11351 Differential Revision: https://secure.phabricator.com/D19921 --- .../PholioMockCommentController.php | 4 +-- .../controller/PholioMockEditController.php | 2 +- .../pholio/query/PholioMockQuery.php | 6 ++-- .../pholio/query/PholioMockSearchEngine.php | 2 +- .../pholio/storage/PholioMock.php | 32 ++++++++----------- .../pholio/view/PholioMockEmbedView.php | 4 +-- .../pholio/view/PholioMockImagesView.php | 6 ++-- .../pholio/view/PholioMockThumbGridView.php | 6 ++-- .../pholio/view/PholioTransactionView.php | 2 +- .../xaction/PholioImageFileTransaction.php | 4 +-- 10 files changed, 30 insertions(+), 38 deletions(-) diff --git a/src/applications/pholio/controller/PholioMockCommentController.php b/src/applications/pholio/controller/PholioMockCommentController.php index d54b4677e5..a4f9daf886 100644 --- a/src/applications/pholio/controller/PholioMockCommentController.php +++ b/src/applications/pholio/controller/PholioMockCommentController.php @@ -24,7 +24,7 @@ final class PholioMockCommentController extends PholioController { $draft = PhabricatorDraft::buildFromRequest($request); - $mock_uri = '/M'.$mock->getID(); + $mock_uri = $mock->getURI(); $comment = $request->getStr('comment'); @@ -33,7 +33,7 @@ final class PholioMockCommentController extends PholioController { $inline_comments = id(new PholioTransactionComment())->loadAllWhere( 'authorphid = %s AND transactionphid IS NULL AND imageid IN (%Ld)', $viewer->getPHID(), - mpull($mock->getImages(), 'getID')); + mpull($mock->getActiveImages(), 'getID')); if (!$inline_comments || strlen($comment)) { $xactions[] = id(new PholioTransaction()) diff --git a/src/applications/pholio/controller/PholioMockEditController.php b/src/applications/pholio/controller/PholioMockEditController.php index fd1df77a8e..6c0ea58d13 100644 --- a/src/applications/pholio/controller/PholioMockEditController.php +++ b/src/applications/pholio/controller/PholioMockEditController.php @@ -25,7 +25,7 @@ final class PholioMockEditController extends PholioController { $title = pht('Edit Mock: %s', $mock->getName()); $is_new = false; - $mock_images = $mock->getImages(); + $mock_images = $mock->getActiveImages(); $files = mpull($mock_images, 'getFile'); $mock_images = mpull($mock_images, null, 'getFilePHID'); } else { diff --git a/src/applications/pholio/query/PholioMockQuery.php b/src/applications/pholio/query/PholioMockQuery.php index 9e3154ec5c..465f23d34b 100644 --- a/src/applications/pholio/query/PholioMockQuery.php +++ b/src/applications/pholio/query/PholioMockQuery.php @@ -58,7 +58,7 @@ final class PholioMockQuery } protected function loadPage() { - $mocks = $this->loadStandardPage(new PholioMock()); + $mocks = $this->loadStandardPage($this->newResultObject()); if ($mocks && $this->needImages) { self::loadImages($this->getViewer(), $mocks, $this->needInlineComments); @@ -127,9 +127,7 @@ final class PholioMockQuery foreach ($mocks as $mock) { $mock_images = idx($image_groups, $mock->getPHID(), array()); - $mock->attachAllImages($mock_images); - $active_images = mfilter($mock_images, 'getIsObsolete', true); - $mock->attachImages(msort($active_images, 'getSequence')); + $mock->attachImages($mock_images); } } diff --git a/src/applications/pholio/query/PholioMockSearchEngine.php b/src/applications/pholio/query/PholioMockSearchEngine.php index 2433484d69..cbb175b2de 100644 --- a/src/applications/pholio/query/PholioMockSearchEngine.php +++ b/src/applications/pholio/query/PholioMockSearchEngine.php @@ -111,7 +111,7 @@ final class PholioMockSearchEngine extends PhabricatorApplicationSearchEngine { ->setImageURI($image_uri) ->setImageSize($x, $y) ->setDisabled($mock->isClosed()) - ->addIconCount('fa-picture-o', count($mock->getImages())) + ->addIconCount('fa-picture-o', count($mock->getActiveImages())) ->addIconCount('fa-trophy', $mock->getTokenCount()); if ($mock->getAuthorPHID()) { diff --git a/src/applications/pholio/storage/PholioMock.php b/src/applications/pholio/storage/PholioMock.php index a7e9a9b05d..0e61ffc2d1 100644 --- a/src/applications/pholio/storage/PholioMock.php +++ b/src/applications/pholio/storage/PholioMock.php @@ -30,7 +30,6 @@ final class PholioMock extends PholioDAO protected $spacePHID; private $images = self::ATTACHABLE; - private $allImages = self::ATTACHABLE; private $coverFile = self::ATTACHABLE; private $tokenCount = self::ATTACHABLE; @@ -93,33 +92,28 @@ final class PholioMock extends PholioDAO return parent::save(); } - /** - * These should be the images currently associated with the Mock. - */ public function attachImages(array $images) { assert_instances_of($images, 'PholioImage'); + $images = mpull($images, null, 'getPHID'); + $images = msort($images, 'getSequence'); $this->images = $images; return $this; } public function getImages() { - $this->assertAttached($this->images); - return $this->images; + return $this->assertAttached($this->images); } - /** - * These should be *all* images associated with the Mock. This includes - * images which have been removed and / or replaced from the Mock. - */ - public function attachAllImages(array $images) { - assert_instances_of($images, 'PholioImage'); - $this->allImages = $images; - return $this; - } + public function getActiveImages() { + $images = $this->getImages(); - public function getAllImages() { - $this->assertAttached($this->images); - return $this->allImages; + foreach ($images as $phid => $image) { + if ($image->getIsObsolete()) { + unset($images[$phid]); + } + } + + return $images; } public function attachCoverFile(PhabricatorFile $file) { @@ -143,7 +137,7 @@ final class PholioMock extends PholioDAO } public function getImageHistorySet($image_id) { - $images = $this->getAllImages(); + $images = $this->getImages(); $images = mpull($images, null, 'getID'); $selected_image = $images[$image_id]; diff --git a/src/applications/pholio/view/PholioMockEmbedView.php b/src/applications/pholio/view/PholioMockEmbedView.php index 88f2f2ac55..38b375b68b 100644 --- a/src/applications/pholio/view/PholioMockEmbedView.php +++ b/src/applications/pholio/view/PholioMockEmbedView.php @@ -25,7 +25,7 @@ final class PholioMockEmbedView extends AphrontView { $thumbnail = null; if (!empty($this->images)) { $images_to_show = array_intersect_key( - $this->mock->getImages(), array_flip($this->images)); + $this->mock->getActiveImages(), array_flip($this->images)); } $xform = PhabricatorFileTransform::getTransformByKey( @@ -54,7 +54,7 @@ final class PholioMockEmbedView extends AphrontView { ->setImageURI($thumbnail) ->setImageSize($x, $y) ->setDisabled($mock->isClosed()) - ->addIconCount('fa-picture-o', count($mock->getImages())) + ->addIconCount('fa-picture-o', count($mock->getActiveImages())) ->addIconCount('fa-trophy', $mock->getTokenCount()); return $item; diff --git a/src/applications/pholio/view/PholioMockImagesView.php b/src/applications/pholio/view/PholioMockImagesView.php index d5ac41cd03..70f5fe8bb3 100644 --- a/src/applications/pholio/view/PholioMockImagesView.php +++ b/src/applications/pholio/view/PholioMockImagesView.php @@ -74,7 +74,7 @@ final class PholioMockImagesView extends AphrontView { $images = array(); $current_set = 0; - foreach ($mock->getAllImages() as $image) { + foreach ($mock->getImages() as $image) { $file = $image->getFile(); $metadata = $file->getMetadata(); $x = idx($metadata, PhabricatorFile::METADATA_IMAGE_WIDTH); @@ -110,7 +110,7 @@ final class PholioMockImagesView extends AphrontView { ); } - $ids = mpull($mock->getImages(), 'getID'); + $ids = mpull($mock->getActiveImages(), 'getID'); if ($this->imageID && isset($ids[$this->imageID])) { $selected_id = $this->imageID; } else { @@ -118,7 +118,7 @@ final class PholioMockImagesView extends AphrontView { } $navsequence = array(); - foreach ($mock->getImages() as $image) { + foreach ($mock->getActiveImages() as $image) { $navsequence[] = $image->getID(); } diff --git a/src/applications/pholio/view/PholioMockThumbGridView.php b/src/applications/pholio/view/PholioMockThumbGridView.php index 457d700f1f..b859eaaa9a 100644 --- a/src/applications/pholio/view/PholioMockThumbGridView.php +++ b/src/applications/pholio/view/PholioMockThumbGridView.php @@ -12,7 +12,7 @@ final class PholioMockThumbGridView extends AphrontView { public function render() { $mock = $this->mock; - $all_images = $mock->getAllImages(); + $all_images = $mock->getImages(); $all_images = mpull($all_images, null, 'getPHID'); $history = mpull($all_images, 'getReplacesImagePHID', 'getPHID'); @@ -25,10 +25,10 @@ final class PholioMockThumbGridView extends AphrontView { } // Figure out the columns. Start with all the active images. - $images = mpull($mock->getImages(), null, 'getPHID'); + $images = mpull($mock->getActiveImages(), null, 'getPHID'); // Now, find deleted images: obsolete images which were not replaced. - foreach ($mock->getAllImages() as $image) { + foreach ($mock->getImages() as $image) { if (!$image->getIsObsolete()) { // Image is current. continue; diff --git a/src/applications/pholio/view/PholioTransactionView.php b/src/applications/pholio/view/PholioTransactionView.php index 69613c5428..1126db9c85 100644 --- a/src/applications/pholio/view/PholioTransactionView.php +++ b/src/applications/pholio/view/PholioTransactionView.php @@ -97,7 +97,7 @@ final class PholioTransactionView private function renderInlineContent(PholioTransaction $inline) { $comment = $inline->getComment(); $mock = $this->getMock(); - $images = $mock->getAllImages(); + $images = $mock->getImages(); $images = mpull($images, null, 'getID'); $image = idx($images, $comment->getImageID()); diff --git a/src/applications/pholio/xaction/PholioImageFileTransaction.php b/src/applications/pholio/xaction/PholioImageFileTransaction.php index 5f68dad9f1..6d257c313e 100644 --- a/src/applications/pholio/xaction/PholioImageFileTransaction.php +++ b/src/applications/pholio/xaction/PholioImageFileTransaction.php @@ -6,7 +6,7 @@ final class PholioImageFileTransaction const TRANSACTIONTYPE = 'image-file'; public function generateOldValue($object) { - $images = $object->getImages(); + $images = $object->getActiveImages(); return array_values(mpull($images, 'getPHID')); } @@ -24,7 +24,7 @@ final class PholioImageFileTransaction $new_map = array_fuse($this->getNewValue()); $obsolete_map = array_diff_key($old_map, $new_map); - $images = $object->getImages(); + $images = $object->getActiveImages(); foreach ($images as $seq => $image) { if (isset($obsolete_map[$image->getPHID()])) { $image->setIsObsolete(1); From 1e2bc7775bc45300bb383b2332bada6c9af21662 Mon Sep 17 00:00:00 2001 From: epriestley Date: Thu, 20 Dec 2018 11:53:40 -0800 Subject: [PATCH 24/44] Remove the onboard "mailKey" from Pholio Mocks Summary: Depends on D19921. Ref T11351. Ref T13065. Update Pholio to use the shared mail infrastructure. See D19670 for a previous change in this vein. Test Plan: Ran upgrade, spot-checked that everything made it into the new table alive. Reviewers: amckinley Reviewed By: amckinley Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam Maniphest Tasks: T13065, T11351 Differential Revision: https://secure.phabricator.com/D19922 --- .../20181220.pholio.01.mailkey.php | 28 +++++++++++++++++++ .../20181220.pholio.02.dropmailkey.sql | 2 ++ .../pholio/storage/PholioMock.php | 18 ++---------- 3 files changed, 32 insertions(+), 16 deletions(-) create mode 100644 resources/sql/autopatches/20181220.pholio.01.mailkey.php create mode 100644 resources/sql/autopatches/20181220.pholio.02.dropmailkey.sql diff --git a/resources/sql/autopatches/20181220.pholio.01.mailkey.php b/resources/sql/autopatches/20181220.pholio.01.mailkey.php new file mode 100644 index 0000000000..37dcfd1434 --- /dev/null +++ b/resources/sql/autopatches/20181220.pholio.01.mailkey.php @@ -0,0 +1,28 @@ +establishConnection('w'); + +$properties_table = new PhabricatorMetaMTAMailProperties(); +$conn = $properties_table->establishConnection('w'); + +$iterator = new LiskRawMigrationIterator( + $mock_conn, + $mock_table->getTableName()); + +foreach ($iterator as $row) { + queryfx( + $conn, + 'INSERT IGNORE INTO %T + (objectPHID, mailProperties, dateCreated, dateModified) + VALUES + (%s, %s, %d, %d)', + $properties_table->getTableName(), + $row['phid'], + phutil_json_encode( + array( + 'mailKey' => $row['mailKey'], + )), + PhabricatorTime::getNow(), + PhabricatorTime::getNow()); +} diff --git a/resources/sql/autopatches/20181220.pholio.02.dropmailkey.sql b/resources/sql/autopatches/20181220.pholio.02.dropmailkey.sql new file mode 100644 index 0000000000..a71bc5dc69 --- /dev/null +++ b/resources/sql/autopatches/20181220.pholio.02.dropmailkey.sql @@ -0,0 +1,2 @@ +ALTER TABLE {$NAMESPACE}_pholio.pholio_mock + DROP mailKey; diff --git a/src/applications/pholio/storage/PholioMock.php b/src/applications/pholio/storage/PholioMock.php index 0e61ffc2d1..25b216ba5d 100644 --- a/src/applications/pholio/storage/PholioMock.php +++ b/src/applications/pholio/storage/PholioMock.php @@ -25,7 +25,6 @@ final class PholioMock extends PholioDAO protected $name; protected $description; protected $coverPHID; - protected $mailKey; protected $status; protected $spacePHID; @@ -65,15 +64,9 @@ final class PholioMock extends PholioDAO self::CONFIG_COLUMN_SCHEMA => array( 'name' => 'text128', 'description' => 'text', - 'mailKey' => 'bytes20', 'status' => 'text12', ), self::CONFIG_KEY_SCHEMA => array( - 'key_phid' => null, - 'phid' => array( - 'columns' => array('phid'), - 'unique' => true, - ), 'authorPHID' => array( 'columns' => array('authorPHID'), ), @@ -81,15 +74,8 @@ final class PholioMock extends PholioDAO ) + parent::getConfiguration(); } - public function generatePHID() { - return PhabricatorPHID::generateNewPHID('MOCK'); - } - - public function save() { - if (!$this->getMailKey()) { - $this->setMailKey(Filesystem::readRandomCharacters(20)); - } - return parent::save(); + public function getPHIDType() { + return PholioMockPHIDType::TYPECONST; } public function attachImages(array $images) { From b1e7e3a10e8c2a9e1e9df665addce909ed8847d1 Mon Sep 17 00:00:00 2001 From: epriestley Date: Wed, 19 Dec 2018 11:47:45 -0800 Subject: [PATCH 25/44] Reduce the amount of weird "static" and "cache" behavior in Pholio query classes Summary: Depends on D19922. Ref T11351. These query classes have some slightly weird behavior, including `public static function loadImages(...)`. Convert all this stuff into more standard query patterns. Test Plan: Grepped for callsites, browsed around in Pholio. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T11351 Differential Revision: https://secure.phabricator.com/D19923 --- .../engine/PholioMockTimelineEngine.php | 11 +- .../pholio/query/PholioImageQuery.php | 66 ++++++----- .../pholio/query/PholioMockQuery.php | 104 ++++++++---------- .../pholio/view/PholioMockImagesView.php | 2 +- 4 files changed, 95 insertions(+), 88 deletions(-) diff --git a/src/applications/pholio/engine/PholioMockTimelineEngine.php b/src/applications/pholio/engine/PholioMockTimelineEngine.php index 80b64e73b7..8543649e68 100644 --- a/src/applications/pholio/engine/PholioMockTimelineEngine.php +++ b/src/applications/pholio/engine/PholioMockTimelineEngine.php @@ -7,10 +7,13 @@ final class PholioMockTimelineEngine $viewer = $this->getViewer(); $object = $this->getObject(); - PholioMockQuery::loadImages( - $viewer, - array($object), - $need_inline_comments = true); + $images = id(new PholioImageQuery()) + ->setViewer($viewer) + ->withMocks(array($object)) + ->needInlineComments(true) + ->execute(); + + $object->attachImages($images); return id(new PholioTransactionView()) ->setMock($object); diff --git a/src/applications/pholio/query/PholioImageQuery.php b/src/applications/pholio/query/PholioImageQuery.php index 0fa7bfb1a0..0d64540f91 100644 --- a/src/applications/pholio/query/PholioImageQuery.php +++ b/src/applications/pholio/query/PholioImageQuery.php @@ -6,9 +6,9 @@ final class PholioImageQuery private $ids; private $phids; private $mockPHIDs; + private $mocks; private $needInlineComments; - private $mockCache = array(); public function withIDs(array $ids) { $this->ids = $ids; @@ -20,6 +20,16 @@ final class PholioImageQuery return $this; } + public function withMocks(array $mocks) { + assert_instances_of($mocks, 'PholioMock'); + + $mocks = mpull($mocks, null, 'getPHID'); + $this->mocks = $mocks; + $this->mockPHIDs = array_keys($mocks); + + return $this; + } + public function withMockPHIDs(array $mock_phids) { $this->mockPHIDs = $mock_phids; return $this; @@ -30,14 +40,6 @@ final class PholioImageQuery return $this; } - public function setMockCache($mock_cache) { - $this->mockCache = $mock_cache; - return $this; - } - public function getMockCache() { - return $this->mockCache; - } - public function newResultObject() { return new PholioImage(); } @@ -76,26 +78,40 @@ final class PholioImageQuery protected function willFilterPage(array $images) { assert_instances_of($images, 'PholioImage'); - if ($this->getMockCache()) { - $mocks = $this->getMockCache(); - } else { - $mock_phids = mpull($images, 'getMockPHID'); + $mock_phids = array(); + foreach ($images as $image) { + if (!$image->hasMock()) { + continue; + } - // DO NOT set needImages to true; recursion results! - $mocks = id(new PholioMockQuery()) - ->setViewer($this->getViewer()) - ->withPHIDs($mock_phids) - ->execute(); - $mocks = mpull($mocks, null, 'getPHID'); + $mock_phids[] = $image->getMockPHID(); } - foreach ($images as $index => $image) { - $mock = idx($mocks, $image->getMockPHID()); - if ($mock) { - $image->attachMock($mock); + if ($mock_phids) { + if ($this->mocks) { + $mocks = $this->mocks; } else { - // mock is missing or we can't see it - unset($images[$index]); + $mocks = id(new PholioMockQuery()) + ->setViewer($this->getViewer()) + ->withPHIDs($mock_phids) + ->execute(); + } + + $mocks = mpull($mocks, null, 'getPHID'); + + foreach ($images as $key => $image) { + if (!$image->hasMock()) { + continue; + } + + $mock = idx($mocks, $image->getMockPHID()); + if (!$mock) { + unset($images[$key]); + $this->didRejectResult($image); + continue; + } + + $image->attachMock($mock); } } diff --git a/src/applications/pholio/query/PholioMockQuery.php b/src/applications/pholio/query/PholioMockQuery.php index 465f23d34b..4820ffd8eb 100644 --- a/src/applications/pholio/query/PholioMockQuery.php +++ b/src/applications/pholio/query/PholioMockQuery.php @@ -58,21 +58,14 @@ final class PholioMockQuery } protected function loadPage() { - $mocks = $this->loadStandardPage($this->newResultObject()); - - if ($mocks && $this->needImages) { - self::loadImages($this->getViewer(), $mocks, $this->needInlineComments); + if ($this->needInlineComments && !$this->needImages) { + throw new Exception( + pht( + 'You can not query for inline comments without also querying for '. + 'images.')); } - if ($mocks && $this->needCoverFiles) { - $this->loadCoverFiles($mocks); - } - - if ($mocks && $this->needTokenCounts) { - $this->loadTokenCounts($mocks); - } - - return $mocks; + return $this->loadStandardPage(new PholioMock()); } protected function buildWhereClauseParts(AphrontDatabaseConnection $conn) { @@ -109,58 +102,53 @@ final class PholioMockQuery return $where; } - public static function loadImages( - PhabricatorUser $viewer, - array $mocks, - $need_inline_comments) { - assert_instances_of($mocks, 'PholioMock'); + protected function didFilterPage(array $mocks) { + $viewer = $this->getViewer(); - $mock_map = mpull($mocks, null, 'getPHID'); - $all_images = id(new PholioImageQuery()) - ->setViewer($viewer) - ->setMockCache($mock_map) - ->withMockPHIDs(array_keys($mock_map)) - ->needInlineComments($need_inline_comments) - ->execute(); + if ($this->needImages) { + $images = id(new PholioImageQuery()) + ->setViewer($viewer) + ->withMocks($mocks) + ->needInlineComments($this->needInlineComments) + ->execute(); - $image_groups = mgroup($all_images, 'getMockPHID'); - - foreach ($mocks as $mock) { - $mock_images = idx($image_groups, $mock->getPHID(), array()); - $mock->attachImages($mock_images); - } - } - - private function loadCoverFiles(array $mocks) { - assert_instances_of($mocks, 'PholioMock'); - $cover_file_phids = mpull($mocks, 'getCoverPHID'); - $cover_files = id(new PhabricatorFileQuery()) - ->setViewer($this->getViewer()) - ->withPHIDs($cover_file_phids) - ->execute(); - - $cover_files = mpull($cover_files, null, 'getPHID'); - - foreach ($mocks as $mock) { - $file = idx($cover_files, $mock->getCoverPHID()); - if (!$file) { - $file = PhabricatorFile::loadBuiltin($this->getViewer(), 'missing.png'); + $image_groups = mgroup($images, 'getMockPHID'); + foreach ($mocks as $mock) { + $images = idx($image_groups, $mock->getPHID(), array()); + $mock->attachImages($images); } - $mock->attachCoverFile($file); } - } - private function loadTokenCounts(array $mocks) { - assert_instances_of($mocks, 'PholioMock'); + if ($this->needCoverFiles) { + $cover_files = id(new PhabricatorFileQuery()) + ->setViewer($viewer) + ->withPHIDs(mpull($mocks, 'getCoverPHID')) + ->execute(); + $cover_files = mpull($cover_files, null, 'getPHID'); - $phids = mpull($mocks, 'getPHID'); - $counts = id(new PhabricatorTokenCountQuery()) - ->withObjectPHIDs($phids) - ->execute(); - - foreach ($mocks as $mock) { - $mock->attachTokenCount(idx($counts, $mock->getPHID(), 0)); + foreach ($mocks as $mock) { + $file = idx($cover_files, $mock->getCoverPHID()); + if (!$file) { + $file = PhabricatorFile::loadBuiltin( + $viewer, + 'missing.png'); + } + $mock->attachCoverFile($file); + } } + + if ($this->needTokenCounts) { + $counts = id(new PhabricatorTokenCountQuery()) + ->withObjectPHIDs(mpull($mocks, 'getPHID')) + ->execute(); + + foreach ($mocks as $mock) { + $token_count = idx($counts, $mock->getPHID(), 0); + $mock->attachTokenCount($token_count); + } + } + + return $mocks; } public function getQueryApplicationClass() { diff --git a/src/applications/pholio/view/PholioMockImagesView.php b/src/applications/pholio/view/PholioMockImagesView.php index 70f5fe8bb3..99645c4a91 100644 --- a/src/applications/pholio/view/PholioMockImagesView.php +++ b/src/applications/pholio/view/PholioMockImagesView.php @@ -110,7 +110,7 @@ final class PholioMockImagesView extends AphrontView { ); } - $ids = mpull($mock->getActiveImages(), 'getID'); + $ids = mpull($mock->getActiveImages(), null, 'getID'); if ($this->imageID && isset($ids[$this->imageID])) { $selected_id = $this->imageID; } else { From 741fb747db42f0905bb1a32ec9fe7eb815eee62e Mon Sep 17 00:00:00 2001 From: epriestley Date: Tue, 18 Dec 2018 15:09:05 -0800 Subject: [PATCH 26/44] Implement "replace" transactions in Pholio without "applyInitialEffects" Summary: Depends on D19923. Ref T11351. Currently, this transaction takes an `Image` as the `newValue` and uses some magic to reduce it into PHIDs by the time we're done. This creates some problems today where I'd like to get rid of `applyInitialEffects` for MFA code. In the future, it creates a problem becuase there's no way to pass an entire `Image` object over the API. Instead, create the `Image` first, then just provide the PHID. This is generally simpler, will work well with the API in the future, and stops us from needing any `applyInitialEffects` stuff. Test Plan: Replaced images in a Pholio mock. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T11351 Differential Revision: https://secure.phabricator.com/D19924 --- .../controller/PholioMockEditController.php | 17 ++- .../pholio/editor/PholioMockEditor.php | 42 +++++-- .../xaction/PholioImageReplaceTransaction.php | 110 ++++++++++++++---- 3 files changed, 128 insertions(+), 41 deletions(-) diff --git a/src/applications/pholio/controller/PholioMockEditController.php b/src/applications/pholio/controller/PholioMockEditController.php index 6c0ea58d13..9187d9d61f 100644 --- a/src/applications/pholio/controller/PholioMockEditController.php +++ b/src/applications/pholio/controller/PholioMockEditController.php @@ -143,20 +143,22 @@ final class PholioMockEditController extends PholioController { $replace_image = PholioImage::initializeNewImage() ->setAuthorPHID($viewer->getPHID()) ->setReplacesImagePHID($replaces_image_phid) - ->setFilePhid($file_phid) + ->setFilePHID($file_phid) ->attachFile($file) ->setName(strlen($title) ? $title : $file->getName()) ->setDescription($description) - ->setSequence($sequence); + ->setSequence($sequence) + ->save(); + $xactions[] = id(new PholioTransaction()) - ->setTransactionType( - PholioImageReplaceTransaction::TRANSACTIONTYPE) - ->setNewValue($replace_image); + ->setTransactionType(PholioImageReplaceTransaction::TRANSACTIONTYPE) + ->setNewValue($replace_image->getPHID()); + $posted_mock_images[] = $replace_image; } else if (!$existing_image) { // this is an add $add_image = PholioImage::initializeNewImage() ->setAuthorPHID($viewer->getPHID()) - ->setFilePhid($file_phid) + ->setFilePHID($file_phid) ->attachFile($file) ->setName(strlen($title) ? $title : $file->getName()) ->setDescription($description) @@ -202,7 +204,6 @@ final class PholioMockEditController extends PholioController { ->setMetadataValue('edge:type', $proj_edge_type) ->setNewValue(array('=' => array_fuse($v_projects))); - $mock->openTransaction(); $editor = id(new PholioMockEditor()) ->setContentSourceFromRequest($request) ->setContinueOnNoEffect(true) @@ -210,8 +211,6 @@ final class PholioMockEditController extends PholioController { $xactions = $editor->applyTransactions($mock, $xactions); - $mock->saveTransaction(); - return id(new AphrontRedirectResponse()) ->setURI('/M'.$mock->getID()); } diff --git a/src/applications/pholio/editor/PholioMockEditor.php b/src/applications/pholio/editor/PholioMockEditor.php index a653272fba..4c0b14261b 100644 --- a/src/applications/pholio/editor/PholioMockEditor.php +++ b/src/applications/pholio/editor/PholioMockEditor.php @@ -4,6 +4,8 @@ final class PholioMockEditor extends PhabricatorApplicationTransactionEditor { private $newImages = array(); + private $images = array(); + public function getEditorApplicationClass() { return 'PhabricatorPholioApplication'; } @@ -48,9 +50,7 @@ final class PholioMockEditor extends PhabricatorApplicationTransactionEditor { foreach ($xactions as $xaction) { switch ($xaction->getTransactionType()) { case PholioImageFileTransaction::TRANSACTIONTYPE: - case PholioImageReplaceTransaction::TRANSACTIONTYPE: return true; - break; } } return false; @@ -75,11 +75,6 @@ final class PholioMockEditor extends PhabricatorApplicationTransactionEditor { } } break; - case PholioImageReplaceTransaction::TRANSACTIONTYPE: - $image = $xaction->getNewValue(); - $image->save(); - $new_images[] = $image; - break; } } $this->setNewImages($new_images); @@ -275,4 +270,37 @@ final class PholioMockEditor extends PhabricatorApplicationTransactionEditor { return parent::shouldImplyCC($object, $xaction); } + public function loadPholioImage($object, $phid) { + if (!isset($this->images[$phid])) { + + $image = id(new PholioImageQuery()) + ->setViewer($this->getActor()) + ->withPHIDs(array($phid)) + ->executeOne(); + + if (!$image) { + throw new Exception( + pht( + 'No image exists with PHID "%s".', + $phid)); + } + + $mock_phid = $image->getMockPHID(); + if ($mock_phid) { + if ($mock_phid !== $object->getPHID()) { + throw new Exception( + pht( + 'Image ("%s") belongs to the wrong object ("%s", expected "%s").', + $phid, + $mock_phid, + $object->getPHID())); + } + } + + $this->images[$phid] = $image; + } + + return $this->images[$phid]; + } + } diff --git a/src/applications/pholio/xaction/PholioImageReplaceTransaction.php b/src/applications/pholio/xaction/PholioImageReplaceTransaction.php index 4978fa9768..a0e62bc1e4 100644 --- a/src/applications/pholio/xaction/PholioImageReplaceTransaction.php +++ b/src/applications/pholio/xaction/PholioImageReplaceTransaction.php @@ -6,25 +6,25 @@ final class PholioImageReplaceTransaction const TRANSACTIONTYPE = 'image-replace'; public function generateOldValue($object) { - $new_image = $this->getNewValue(); - return $new_image->getReplacesImagePHID(); + $editor = $this->getEditor(); + $new_phid = $this->getNewValue(); + + return $editor->loadPholioImage($object, $new_phid) + ->getReplacesImagePHID(); } - public function generateNewValue($object, $value) { - return $value->getPHID(); - } + public function applyExternalEffects($object, $value) { + $editor = $this->getEditor(); + $old_phid = $this->getOldValue(); - public function applyInternalEffects($object, $value) { - $old = $this->getOldValue(); - $images = $object->getImages(); - foreach ($images as $seq => $image) { - if ($image->getPHID() == $old) { - $image->setIsObsolete(1); - $image->save(); - unset($images[$seq]); - } - } - $object->attachImages($images); + $old_image = $editor->loadPholioImage($object, $old_phid) + ->setIsObsolete(1) + ->save(); + + $editor->loadPholioImage($object, $value) + ->setMockPHID($object->getPHID()) + ->setSequence($old_image->getSequence()) + ->save(); } public function getTitle() { @@ -54,27 +54,87 @@ final class PholioImageReplaceTransaction $object, PhabricatorApplicationTransaction $u, PhabricatorApplicationTransaction $v) { - $u_img = $u->getNewValue(); - $v_img = $v->getNewValue(); - if ($u_img->getReplacesImagePHID() == $v_img->getReplacesImagePHID()) { + + $u_phid = $u->getOldValue(); + $v_phid = $v->getOldValue(); + + if ($u_phid === $v_phid) { return $v; } + + return null; } public function extractFilePHIDs($object, $value) { - $file_phids = array(); + $editor = $this->getEditor(); + + $file_phid = $editor->loadPholioImage($object, $value) + ->getFilePHID(); + + return array($file_phid); + } + + public function validateTransactions($object, array $xactions) { + $errors = array(); + + $mock_phid = $object->getPHID(); $editor = $this->getEditor(); - $images = $editor->getNewImages(); - foreach ($images as $image) { - if ($image->getPHID() !== $value) { + foreach ($xactions as $xaction) { + $new_phid = $xaction->getNewValue(); + + try { + $new_image = $editor->loadPholioImage($object, $new_phid); + } catch (Exception $ex) { + $errors[] = $this->newInvalidError( + pht( + 'Unable to load replacement image ("%s"): %s', + $new_phid, + $ex->getMessage()), + $xaction); continue; } - $file_phids[] = $image->getFilePHID(); + $old_phid = $new_image->getReplacesImagePHID(); + if (!$old_phid) { + $errors[] = $this->newInvalidError( + pht( + 'Image ("%s") does not specify which image it replaces.', + $new_phid), + $xaction); + continue; + } + + try { + $old_image = $editor->loadPholioImage($object, $old_phid); + } catch (Exception $ex) { + $errors[] = $this->newInvalidError( + pht( + 'Unable to load replaced image ("%s"): %s', + $old_phid, + $ex->getMessage()), + $xaction); + continue; + } + + if ($old_image->getMockPHID() !== $mock_phid) { + $errors[] = $this->newInvalidError( + pht( + 'Replaced image ("%s") belongs to the wrong mock ("%s", expected '. + '"%s").', + $old_phid, + $old_image->getMockPHID(), + $mock_phid), + $xaction); + continue; + } + + // TODO: You shouldn't be able to replace an image if it has already + // been replaced. + } - return $file_phids; + return $errors; } } From e469f8594ed310a662ba98aa586e560be6c4ab87 Mon Sep 17 00:00:00 2001 From: epriestley Date: Thu, 20 Dec 2018 13:38:34 -0800 Subject: [PATCH 27/44] Implement Pholio file add/remove transactions without "applyInitialEffects" Summary: Depends on D19924. Ref T11351. Like in D19924, apply these transactions by accepting PHIDs instead of objects so we don't need to juggle the `Image` objects down to PHIDs in `applyInitialEffects`. (Validation is a little light here for now, but only first-party code can reach this, and you can't violate policies or do anything truly bad even if you could pick values to feed in here.) Test Plan: Created and edited Mocks; added, removed, and reordered images in a Pholio Mock. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T11351 Differential Revision: https://secure.phabricator.com/D19926 --- .../controller/PholioMockEditController.php | 8 ++- .../pholio/editor/PholioMockEditor.php | 68 +------------------ .../xaction/PholioImageFileTransaction.php | 58 +++++++++------- 3 files changed, 41 insertions(+), 93 deletions(-) diff --git a/src/applications/pholio/controller/PholioMockEditController.php b/src/applications/pholio/controller/PholioMockEditController.php index 9187d9d61f..3e33a5eff8 100644 --- a/src/applications/pholio/controller/PholioMockEditController.php +++ b/src/applications/pholio/controller/PholioMockEditController.php @@ -162,11 +162,13 @@ final class PholioMockEditController extends PholioController { ->attachFile($file) ->setName(strlen($title) ? $title : $file->getName()) ->setDescription($description) - ->setSequence($sequence); + ->setSequence($sequence) + ->save(); + $xactions[] = id(new PholioTransaction()) ->setTransactionType(PholioImageFileTransaction::TRANSACTIONTYPE) ->setNewValue( - array('+' => array($add_image))); + array('+' => array($add_image->getPHID()))); $posted_mock_images[] = $add_image; } else { $xactions[] = id(new PholioTransaction()) @@ -193,7 +195,7 @@ final class PholioMockEditController extends PholioController { $xactions[] = id(new PholioTransaction()) ->setTransactionType(PholioImageFileTransaction::TRANSACTIONTYPE) ->setNewValue( - array('-' => array($mock_image))); + array('-' => array($mock_image->getPHID()))); } } diff --git a/src/applications/pholio/editor/PholioMockEditor.php b/src/applications/pholio/editor/PholioMockEditor.php index 4c0b14261b..7f4d589934 100644 --- a/src/applications/pholio/editor/PholioMockEditor.php +++ b/src/applications/pholio/editor/PholioMockEditor.php @@ -2,8 +2,6 @@ final class PholioMockEditor extends PhabricatorApplicationTransactionEditor { - private $newImages = array(); - private $images = array(); public function getEditorApplicationClass() { @@ -14,16 +12,6 @@ final class PholioMockEditor extends PhabricatorApplicationTransactionEditor { return pht('Pholio Mocks'); } - private function setNewImages(array $new_images) { - assert_instances_of($new_images, 'PholioImage'); - $this->newImages = $new_images; - return $this; - } - - public function getNewImages() { - return $this->newImages; - } - public function getCreateObjectTitle($author, $object) { return pht('%s created this mock.', $author); } @@ -43,56 +31,6 @@ final class PholioMockEditor extends PhabricatorApplicationTransactionEditor { return $types; } - protected function shouldApplyInitialEffects( - PhabricatorLiskDAO $object, - array $xactions) { - - foreach ($xactions as $xaction) { - switch ($xaction->getTransactionType()) { - case PholioImageFileTransaction::TRANSACTIONTYPE: - return true; - } - } - return false; - } - - protected function applyInitialEffects( - PhabricatorLiskDAO $object, - array $xactions) { - - $new_images = array(); - foreach ($xactions as $xaction) { - switch ($xaction->getTransactionType()) { - case PholioImageFileTransaction::TRANSACTIONTYPE: - $new_value = $xaction->getNewValue(); - foreach ($new_value as $key => $txn_images) { - if ($key != '+') { - continue; - } - foreach ($txn_images as $image) { - $image->save(); - $new_images[] = $image; - } - } - break; - } - } - $this->setNewImages($new_images); - } - - protected function applyFinalEffects( - PhabricatorLiskDAO $object, - array $xactions) { - - $images = $this->getNewImages(); - foreach ($images as $image) { - $image->setMockPHID($object->getPHID()); - $image->save(); - } - - return $xactions; - } - protected function shouldSendMail( PhabricatorLiskDAO $object, array $xactions) { @@ -105,11 +43,11 @@ final class PholioMockEditor extends PhabricatorApplicationTransactionEditor { } protected function buildMailTemplate(PhabricatorLiskDAO $object) { - $id = $object->getID(); + $monogram = $object->getMonogram(); $name = $object->getName(); return id(new PhabricatorMetaMTAMail()) - ->setSubject("M{$id}: {$name}"); + ->setSubject("{$monogram}: {$name}"); } protected function getMailTo(PhabricatorLiskDAO $object) { @@ -150,7 +88,7 @@ final class PholioMockEditor extends PhabricatorApplicationTransactionEditor { $body->addLinkSection( pht('MOCK DETAIL'), - PhabricatorEnv::getProductionURI('/M'.$object->getID())); + PhabricatorEnv::getProductionURI($object->getURI())); return $body; } diff --git a/src/applications/pholio/xaction/PholioImageFileTransaction.php b/src/applications/pholio/xaction/PholioImageFileTransaction.php index 6d257c313e..e18fca28e2 100644 --- a/src/applications/pholio/xaction/PholioImageFileTransaction.php +++ b/src/applications/pholio/xaction/PholioImageFileTransaction.php @@ -11,28 +11,34 @@ final class PholioImageFileTransaction } public function generateNewValue($object, $value) { - $new_value = array(); - foreach ($value as $key => $images) { - $new_value[$key] = mpull($images, 'getPHID'); - } - $old = array_fuse($this->getOldValue()); - return $this->getEditor()->getPHIDList($old, $new_value); + $editor = $this->getEditor(); + + $old_value = $this->getOldValue(); + $new_value = $value; + + return $editor->getPHIDList($old_value, $new_value); } - public function applyInternalEffects($object, $value) { + public function applyExternalEffects($object, $value) { $old_map = array_fuse($this->getOldValue()); $new_map = array_fuse($this->getNewValue()); - $obsolete_map = array_diff_key($old_map, $new_map); - $images = $object->getActiveImages(); - foreach ($images as $seq => $image) { - if (isset($obsolete_map[$image->getPHID()])) { - $image->setIsObsolete(1); - $image->save(); - unset($images[$seq]); - } + $add_map = array_diff_key($new_map, $old_map); + $rem_map = array_diff_key($old_map, $new_map); + + $editor = $this->getEditor(); + + foreach ($rem_map as $phid) { + $editor->loadPholioImage($object, $phid) + ->setIsObsolete(1) + ->save(); + } + + foreach ($add_map as $phid) { + $editor->loadPholioImage($object, $phid) + ->setMockPHID($object->getPHID()) + ->save(); } - $object->attachImages($images); } public function getTitle() { @@ -95,18 +101,20 @@ final class PholioImageFileTransaction } public function extractFilePHIDs($object, $value) { - $images = $this->getEditor()->getNewImages(); - $images = mpull($images, null, 'getPHID'); + $editor = $this->getEditor(); + // NOTE: This method is a little weird (and includes ALL the file PHIDs, + // including old file PHIDs) because we currently don't have a storage + // object when called. This might change at some point. + + $new_phids = $value; $file_phids = array(); - foreach ($value as $image_phid) { - $image = idx($images, $image_phid); - if (!$image) { - continue; - } - $file_phids[] = $image->getFilePHID(); + foreach ($new_phids as $phid) { + $file_phids[] = $editor->loadPholioImage($object, $phid) + ->getFilePHID(); } + return $file_phids; } @@ -114,7 +122,7 @@ final class PholioImageFileTransaction $object, PhabricatorApplicationTransaction $u, PhabricatorApplicationTransaction $v) { - return $this->getEditor()->mergePHIDOrEdgeTransactions($u, $v); + return $this->getEditor()->mergePHIDOrEdgeTransactions($u, $v); } } From b3faa2874cc3b0394d713f5c358990e29c4cf7a3 Mon Sep 17 00:00:00 2001 From: epriestley Date: Sat, 22 Dec 2018 14:16:16 -0800 Subject: [PATCH 28/44] Restore a Mock key to Pholio Images Summary: Ref T11351. We only query for images by PHID or by Mock, so the only key we need for now is ``. Test Plan: Ran `bin/storage upgrade`. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T11351 Differential Revision: https://secure.phabricator.com/D19934 --- src/applications/pholio/storage/PholioImage.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/applications/pholio/storage/PholioImage.php b/src/applications/pholio/storage/PholioImage.php index 1440773722..782f4d0d44 100644 --- a/src/applications/pholio/storage/PholioImage.php +++ b/src/applications/pholio/storage/PholioImage.php @@ -37,9 +37,9 @@ final class PholioImage extends PholioDAO 'replacesImagePHID' => 'phid?', ), self::CONFIG_KEY_SCHEMA => array( - // TODO: There should be a key starting with "mockPHID" here at a - // minimum, but it's not entirely clear what other columns we should - // have as part of the key. + 'key_mock' => array( + 'columns' => array('mockPHID'), + ), ), ) + parent::getConfiguration(); } From e98ee73602ac00393faafc0d4d32c671896b6ada Mon Sep 17 00:00:00 2001 From: epriestley Date: Sat, 22 Dec 2018 06:10:44 -0800 Subject: [PATCH 29/44] Fix the last remaining (?) continue inside switch Summary: See . This is the only remaining case that the linter rule in D19931 detected in libphutil, arcanist, or Phabricator. Test Plan: Ran `arc lint --everything ...` in all three repositories, only hit this one. Reviewers: amckinley Reviewed By: amckinley Differential Revision: https://secure.phabricator.com/D19932 --- .../phriction/editor/PhrictionTransactionEditor.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/applications/phriction/editor/PhrictionTransactionEditor.php b/src/applications/phriction/editor/PhrictionTransactionEditor.php index 6d72fc5b8e..d09ff5d556 100644 --- a/src/applications/phriction/editor/PhrictionTransactionEditor.php +++ b/src/applications/phriction/editor/PhrictionTransactionEditor.php @@ -351,7 +351,7 @@ final class PhrictionTransactionEditor switch ($type) { case PhrictionDocumentContentTransaction::TRANSACTIONTYPE: if ($xaction->getMetadataValue('stub:create:phid')) { - continue; + break; } if ($this->getProcessContentVersionError()) { From 3c65601285e9855177d829f48827482b7b658a61 Mon Sep 17 00:00:00 2001 From: epriestley Date: Sat, 22 Dec 2018 04:31:20 -0800 Subject: [PATCH 30/44] Implement "@{config:...}" as a real Remarkup rule Summary: See . I want to make it easier to link to configuration from system text. We currently use this weird hack with `{{...}}` that only works within Config itself. Instead, use `@{config:...}`, which is already used by Diviner for `@{class:...}`, etc., so it shouldn't conflict with anything. Test Plan: Viewed config options, clicked links to other config options. Reviewers: amckinley Reviewed By: amckinley Differential Revision: https://secure.phabricator.com/D19928 --- src/__phutil_library_map__.php | 2 + ...PhabricatorAuthenticationConfigOptions.php | 6 +-- .../config/option/PhabricatorConfigOption.php | 6 --- .../markup/PhabricatorMarkupEngine.php | 1 + .../rule/PhabricatorConfigRemarkupRule.php | 50 +++++++++++++++++++ 5 files changed, 56 insertions(+), 9 deletions(-) create mode 100644 src/infrastructure/markup/rule/PhabricatorConfigRemarkupRule.php diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php index 6320811c9a..e3fb90377b 100644 --- a/src/__phutil_library_map__.php +++ b/src/__phutil_library_map__.php @@ -2672,6 +2672,7 @@ phutil_register_library_map(array( 'PhabricatorConfigProxySource' => 'infrastructure/env/PhabricatorConfigProxySource.php', 'PhabricatorConfigPurgeCacheController' => 'applications/config/controller/PhabricatorConfigPurgeCacheController.php', 'PhabricatorConfigRegexOptionType' => 'applications/config/custom/PhabricatorConfigRegexOptionType.php', + 'PhabricatorConfigRemarkupRule' => 'infrastructure/markup/rule/PhabricatorConfigRemarkupRule.php', 'PhabricatorConfigRequestExceptionHandlerModule' => 'applications/config/module/PhabricatorConfigRequestExceptionHandlerModule.php', 'PhabricatorConfigResponse' => 'applications/config/response/PhabricatorConfigResponse.php', 'PhabricatorConfigSchemaQuery' => 'applications/config/schema/PhabricatorConfigSchemaQuery.php', @@ -8409,6 +8410,7 @@ phutil_register_library_map(array( 'PhabricatorConfigProxySource' => 'PhabricatorConfigSource', 'PhabricatorConfigPurgeCacheController' => 'PhabricatorConfigController', 'PhabricatorConfigRegexOptionType' => 'PhabricatorConfigJSONOptionType', + 'PhabricatorConfigRemarkupRule' => 'PhutilRemarkupRule', 'PhabricatorConfigRequestExceptionHandlerModule' => 'PhabricatorConfigModule', 'PhabricatorConfigResponse' => 'AphrontStandaloneHTMLResponse', 'PhabricatorConfigSchemaQuery' => 'Phobject', diff --git a/src/applications/config/option/PhabricatorAuthenticationConfigOptions.php b/src/applications/config/option/PhabricatorAuthenticationConfigOptions.php index 2239d98858..1440714bf7 100644 --- a/src/applications/config/option/PhabricatorAuthenticationConfigOptions.php +++ b/src/applications/config/option/PhabricatorAuthenticationConfigOptions.php @@ -33,7 +33,7 @@ final class PhabricatorAuthenticationConfigOptions pht( 'If true, email addresses must be verified (by clicking a link '. 'in an email) before a user can login. By default, verification '. - 'is optional unless {{auth.email-domains}} is nonempty.')), + 'is optional unless @{config:auth.email-domains} is nonempty.')), $this->newOption('auth.require-approval', 'bool', true) ->setBoolOptions( array( @@ -55,7 +55,7 @@ final class PhabricatorAuthenticationConfigOptions "registration, you can disable the queue to reduce administrative ". "overhead.\n\n". "NOTE: Before you disable the queue, make sure ". - "{{auth.email-domains}} is configured correctly ". + "@{config:auth.email-domains} is configured correctly ". "for your install!")), $this->newOption('auth.email-domains', 'list', array()) ->setSummary(pht('Only allow registration from particular domains.')) @@ -66,7 +66,7 @@ final class PhabricatorAuthenticationConfigOptions "here.\n\nUsers will only be allowed to register using email ". "addresses at one of the domains, and will only be able to add ". "new email addresses for these domains. If you configure this, ". - "it implies {{auth.require-email-verification}}.\n\n". + "it implies @{config:auth.require-email-verification}.\n\n". "You should omit the `@` from domains. Note that the domain must ". "match exactly. If you allow `yourcompany.com`, that permits ". "`joe@yourcompany.com` but rejects `joe@mail.yourcompany.com`.")) diff --git a/src/applications/config/option/PhabricatorConfigOption.php b/src/applications/config/option/PhabricatorConfigOption.php index 385af002c7..6d7f88bdfb 100644 --- a/src/applications/config/option/PhabricatorConfigOption.php +++ b/src/applications/config/option/PhabricatorConfigOption.php @@ -209,12 +209,6 @@ final class PhabricatorConfigOption return null; } - // TODO: Some day, we should probably implement this as a real rule. - $description = preg_replace( - '/{{([^}]+)}}/', - '[[/config/edit/\\1/ | \\1]]', - $description); - return new PHUIRemarkupView($viewer, $description); } diff --git a/src/infrastructure/markup/PhabricatorMarkupEngine.php b/src/infrastructure/markup/PhabricatorMarkupEngine.php index 0c56d9ed41..868bbc5676 100644 --- a/src/infrastructure/markup/PhabricatorMarkupEngine.php +++ b/src/infrastructure/markup/PhabricatorMarkupEngine.php @@ -510,6 +510,7 @@ final class PhabricatorMarkupEngine extends Phobject { $rules[] = new PhutilRemarkupDocumentLinkRule(); $rules[] = new PhabricatorNavigationRemarkupRule(); $rules[] = new PhabricatorKeyboardRemarkupRule(); + $rules[] = new PhabricatorConfigRemarkupRule(); if ($options['youtube']) { $rules[] = new PhabricatorYoutubeRemarkupRule(); diff --git a/src/infrastructure/markup/rule/PhabricatorConfigRemarkupRule.php b/src/infrastructure/markup/rule/PhabricatorConfigRemarkupRule.php new file mode 100644 index 0000000000..f353f8c1e8 --- /dev/null +++ b/src/infrastructure/markup/rule/PhabricatorConfigRemarkupRule.php @@ -0,0 +1,50 @@ +getPriority() - 1; + } + + public function markupConfig(array $matches) { + if (!$this->isFlatText($matches[0])) { + return $matches[0]; + } + + $config_key = $matches[1]; + + try { + $option = PhabricatorEnv::getEnvConfig($config_key); + } catch (Exception $ex) { + return $matches[0]; + } + + $is_text = $this->getEngine()->isTextMode(); + $is_html_mail = $this->getEngine()->isHTMLMailMode(); + + if ($is_text || $is_html_mail) { + return pht('"%s"', $config_key); + } + + $link = phutil_tag( + 'a', + array( + 'href' => urisprintf('/config/edit/%s/', $config_key), + 'target' => '_blank', + ), + $config_key); + + return $this->getEngine()->storeText($link); + } + +} From 15df57f1c88b58e0b3cac29c776cf56f042c4e87 Mon Sep 17 00:00:00 2001 From: epriestley Date: Sat, 22 Dec 2018 04:20:35 -0800 Subject: [PATCH 31/44] In Webhooks, give errors human-readable labels and show reminder text for "Silent Mode" Summary: Depends on D19928. See . Currently, we report "hook" and "silent", which are raw internal codes. Instead, report human-readable labels so the user gets a better hint about what's going on ("In Silent Mode"). Also, render a "hey, you're in silent mode so none of this will work" reminder banner in this UI. Test Plan: {F6074421} Note: - New warning banner. - Table has more human-readable text ("In Silent Mode"). Reviewers: amckinley Reviewed By: amckinley Differential Revision: https://secure.phabricator.com/D19929 --- .../HeraldWebhookViewController.php | 13 +++++ .../herald/storage/HeraldWebhookRequest.php | 53 +++++++++++++++++++ .../view/HeraldWebhookRequestListView.php | 6 +-- .../herald/worker/HeraldWebhookWorker.php | 25 ++++++--- 4 files changed, 88 insertions(+), 9 deletions(-) diff --git a/src/applications/herald/controller/HeraldWebhookViewController.php b/src/applications/herald/controller/HeraldWebhookViewController.php index 9b11f5d433..d8e5eb3c54 100644 --- a/src/applications/herald/controller/HeraldWebhookViewController.php +++ b/src/applications/herald/controller/HeraldWebhookViewController.php @@ -50,6 +50,19 @@ final class HeraldWebhookViewController ->setLimit(20) ->execute(); + $warnings = array(); + if (PhabricatorEnv::getEnvConfig('phabricator.silent')) { + $message = pht( + 'Phabricator is currently configured in silent mode, so it will not '. + 'publish webhooks. To adjust this setting, see '. + '@{config:phabricator.silent} in Config.'); + + $warnings[] = id(new PHUIInfoView()) + ->setTitle(pht('Silent Mode')) + ->setSeverity(PHUIInfoView::SEVERITY_WARNING) + ->appendChild(new PHUIRemarkupView($viewer, $message)); + } + $requests_table = id(new HeraldWebhookRequestListView()) ->setViewer($viewer) ->setRequests($requests) diff --git a/src/applications/herald/storage/HeraldWebhookRequest.php b/src/applications/herald/storage/HeraldWebhookRequest.php index 5db5b2916e..3381f6a99c 100644 --- a/src/applications/herald/storage/HeraldWebhookRequest.php +++ b/src/applications/herald/storage/HeraldWebhookRequest.php @@ -26,6 +26,15 @@ final class HeraldWebhookRequest const RESULT_OKAY = 'okay'; const RESULT_FAIL = 'fail'; + const ERRORTYPE_HOOK = 'hook'; + const ERRORTYPE_HTTP = 'http'; + const ERRORTYPE_TIMEOUT = 'timeout'; + + const ERROR_SILENT = 'silent'; + const ERROR_DISABLED = 'disabled'; + const ERROR_URI = 'uri'; + const ERROR_OBJECT = 'object'; + protected function getConfiguration() { return array( self::CONFIG_AUX_PHID => true, @@ -108,6 +117,28 @@ final class HeraldWebhookRequest return $this->getProperty('errorCode'); } + public function getErrorTypeForDisplay() { + $map = array( + self::ERRORTYPE_HOOK => pht('Hook Error'), + self::ERRORTYPE_HTTP => pht('HTTP Error'), + self::ERRORTYPE_TIMEOUT => pht('Request Timeout'), + ); + + $type = $this->getErrorType(); + return idx($map, $type, $type); + } + + public function getErrorCodeForDisplay() { + $code = $this->getErrorCode(); + + if ($this->getErrorType() !== self::ERRORTYPE_HOOK) { + return $code; + } + + $spec = $this->getHookErrorSpec($code); + return idx($spec, 'display', $code); + } + public function setTransactionPHIDs(array $phids) { return $this->setProperty('transactionPHIDs', $phids); } @@ -187,6 +218,28 @@ final class HeraldWebhookRequest ->setTooltip($tooltip); } + private function getHookErrorSpec($code) { + $map = $this->getHookErrorMap(); + return idx($map, $code, array()); + } + + private function getHookErrorMap() { + return array( + self::ERROR_SILENT => array( + 'display' => pht('In Silent Mode'), + ), + self::ERROR_DISABLED => array( + 'display' => pht('Hook Disabled'), + ), + self::ERROR_URI => array( + 'display' => pht('Invalid URI'), + ), + self::ERROR_OBJECT => array( + 'display' => pht('Invalid Object'), + ), + ); + } + /* -( PhabricatorPolicyInterface )----------------------------------------- */ diff --git a/src/applications/herald/view/HeraldWebhookRequestListView.php b/src/applications/herald/view/HeraldWebhookRequestListView.php index 4e0f6510b9..082d320bba 100644 --- a/src/applications/herald/view/HeraldWebhookRequestListView.php +++ b/src/applications/herald/view/HeraldWebhookRequestListView.php @@ -55,8 +55,8 @@ final class HeraldWebhookRequestListView $request->getID(), $icon, $handles[$request->getObjectPHID()]->renderLink(), - $request->getErrorType(), - $request->getErrorCode(), + $request->getErrorTypeForDisplay(), + $request->getErrorCodeForDisplay(), $last_request, ); } @@ -66,7 +66,7 @@ final class HeraldWebhookRequestListView ->setHeaders( array( pht('ID'), - '', + null, pht('Object'), pht('Type'), pht('Code'), diff --git a/src/applications/herald/worker/HeraldWebhookWorker.php b/src/applications/herald/worker/HeraldWebhookWorker.php index 150f98fd50..bc93f092d5 100644 --- a/src/applications/herald/worker/HeraldWebhookWorker.php +++ b/src/applications/herald/worker/HeraldWebhookWorker.php @@ -35,14 +35,20 @@ final class HeraldWebhookWorker // If we're in silent mode, permanently fail the webhook request and then // return to complete this task. if (PhabricatorEnv::getEnvConfig('phabricator.silent')) { - $this->failRequest($request, 'hook', 'silent'); + $this->failRequest( + $request, + HeraldWebhookRequest::ERRORTYPE_HOOK, + HeraldWebhookRequest::ERROR_SILENT); return; } $hook = $request->getWebhook(); if ($hook->isDisabled()) { - $this->failRequest($request, 'hook', 'disabled'); + $this->failRequest( + $request, + HeraldWebhookRequest::ERRORTYPE_HOOK, + HeraldWebhookRequest::ERROR_DISABLED); throw new PhabricatorWorkerPermanentFailureException( pht( 'Associated hook ("%s") for webhook request ("%s") is disabled.', @@ -59,7 +65,10 @@ final class HeraldWebhookWorker 'https', )); } catch (Exception $ex) { - $this->failRequest($request, 'hook', 'uri'); + $this->failRequest( + $request, + HeraldWebhookRequest::ERRORTYPE_HOOK, + HeraldWebhookRequest::ERROR_URI); throw new PhabricatorWorkerPermanentFailureException( pht( 'Associated hook ("%s") for webhook request ("%s") has invalid '. @@ -76,7 +85,11 @@ final class HeraldWebhookWorker ->withPHIDs(array($object_phid)) ->executeOne(); if (!$object) { - $this->failRequest($request, 'hook', 'object'); + $this->failRequest( + $request, + HeraldWebhookRequest::ERRORTYPE_HOOK, + HeraldWebhookRequest::ERROR_OBJECT); + throw new PhabricatorWorkerPermanentFailureException( pht( 'Unable to load object ("%s") for webhook request ("%s").', @@ -182,9 +195,9 @@ final class HeraldWebhookWorker list($status) = $future->resolve(); if ($status->isTimeout()) { - $error_type = 'timeout'; + $error_type = HeraldWebhookRequest::ERRORTYPE_TIMEOUT; } else { - $error_type = 'http'; + $error_type = HeraldWebhookRequest::ERRORTYPE_HTTP; } $error_code = $status->getStatusCode(); From 10db27833b6e23013ca1994935063973a774dc15 Mon Sep 17 00:00:00 2001 From: epriestley Date: Sat, 22 Dec 2018 03:54:21 -0800 Subject: [PATCH 32/44] Remove old Phrequent propery rendering code and show "Time Spent" in higher precision Summary: See . Phrequent has two nearly-identical copies of its rendering code: one for old "property event" objects and one for newer "curtain" objects. In the upstream, both trackable object types (tasks and revisions) use curtains, so throw away the old code since it isn't reachable. Third-party trackable objects can update to the curtain UI, but it's unlikely they exist. Render the remaining curtain UI with more precision, so we show "Time Spent: 2d, 11h, 49m" instead of "Time Spent: 2d". Test Plan: {F6074404} Reviewers: amckinley Reviewed By: amckinley Differential Revision: https://secure.phabricator.com/D19927 --- .../PhrequentCurtainExtension.php | 17 ++-- .../event/PhrequentUIEventListener.php | 91 ------------------- 2 files changed, 11 insertions(+), 97 deletions(-) diff --git a/src/applications/phrequent/engineextension/PhrequentCurtainExtension.php b/src/applications/phrequent/engineextension/PhrequentCurtainExtension.php index 25d0e424a6..ea284e9a42 100644 --- a/src/applications/phrequent/engineextension/PhrequentCurtainExtension.php +++ b/src/applications/phrequent/engineextension/PhrequentCurtainExtension.php @@ -29,6 +29,7 @@ final class PhrequentCurtainExtension $handles = $viewer->loadHandles(array_keys($event_groups)); $status_view = new PHUIStatusListView(); + $now = PhabricatorTime::getNow(); foreach ($event_groups as $user_phid => $event_group) { $item = new PHUIStatusItemView(); @@ -68,16 +69,20 @@ final class PhrequentCurtainExtension } $block = new PhrequentTimeBlock($event_group); - $item->setNote( - phutil_format_relative_time( - $block->getTimeSpentOnObject( - $object->getPHID(), - time()))); + + $duration = $block->getTimeSpentOnObject( + $object->getPHID(), + $now); + + $duration_display = phutil_format_relative_time_detailed( + $duration, + $levels = 3); + + $item->setNote($duration_display); $status_view->addItem($item); } - return $this->newPanel() ->setHeaderText(pht('Time Spent')) ->setOrder(40000) diff --git a/src/applications/phrequent/event/PhrequentUIEventListener.php b/src/applications/phrequent/event/PhrequentUIEventListener.php index 9987bcfd03..e876559efe 100644 --- a/src/applications/phrequent/event/PhrequentUIEventListener.php +++ b/src/applications/phrequent/event/PhrequentUIEventListener.php @@ -5,7 +5,6 @@ final class PhrequentUIEventListener public function register() { $this->listen(PhabricatorEventType::TYPE_UI_DIDRENDERACTIONS); - $this->listen(PhabricatorEventType::TYPE_UI_WILLRENDERPROPERTIES); } public function handleEvent(PhutilEvent $event) { @@ -13,9 +12,6 @@ final class PhrequentUIEventListener case PhabricatorEventType::TYPE_UI_DIDRENDERACTIONS: $this->handleActionEvent($event); break; - case PhabricatorEventType::TYPE_UI_WILLRENDERPROPERTIES: - $this->handlePropertyEvent($event); - break; } } @@ -61,91 +57,4 @@ final class PhrequentUIEventListener $this->addActionMenuItems($event, $track_action); } - private function handlePropertyEvent($ui_event) { - $user = $ui_event->getUser(); - $object = $ui_event->getValue('object'); - - if (!$object || !$object->getPHID()) { - // No object, or the object has no PHID yet.. - return; - } - - if (!($object instanceof PhrequentTrackableInterface)) { - // This object isn't a time trackable object. - return; - } - - if (!$this->canUseApplication($ui_event->getUser())) { - return; - } - - $events = id(new PhrequentUserTimeQuery()) - ->setViewer($user) - ->withObjectPHIDs(array($object->getPHID())) - ->needPreemptingEvents(true) - ->execute(); - $event_groups = mgroup($events, 'getUserPHID'); - - if (!$events) { - return; - } - - $handles = id(new PhabricatorHandleQuery()) - ->setViewer($user) - ->withPHIDs(array_keys($event_groups)) - ->execute(); - - $status_view = new PHUIStatusListView(); - - foreach ($event_groups as $user_phid => $event_group) { - $item = new PHUIStatusItemView(); - $item->setTarget($handles[$user_phid]->renderLink()); - - $state = 'stopped'; - foreach ($event_group as $event) { - if ($event->getDateEnded() === null) { - if ($event->isPreempted()) { - $state = 'suspended'; - } else { - $state = 'active'; - break; - } - } - } - - switch ($state) { - case 'active': - $item->setIcon( - PHUIStatusItemView::ICON_CLOCK, - 'green', - pht('Working Now')); - break; - case 'suspended': - $item->setIcon( - PHUIStatusItemView::ICON_CLOCK, - 'yellow', - pht('Interrupted')); - break; - case 'stopped': - $item->setIcon( - PHUIStatusItemView::ICON_CLOCK, - 'bluegrey', - pht('Not Working Now')); - break; - } - - $block = new PhrequentTimeBlock($event_group); - $item->setNote( - phutil_format_relative_time( - $block->getTimeSpentOnObject( - $object->getPHID(), - time()))); - - $status_view->addItem($item); - } - - $view = $ui_event->getValue('view'); - $view->addProperty(pht('Time Spent'), $status_view); - } - } From 543f2b6bf156be8eed7764927663d4366a8e1561 Mon Sep 17 00:00:00 2001 From: epriestley Date: Mon, 17 Dec 2018 11:35:13 -0800 Subject: [PATCH 33/44] Allow any transaction group to be signed with a one-shot "Sign With MFA" action Summary: Depends on D19896. Ref T13222. See PHI873. Add a core "Sign With MFA" transaction type which prompts you for MFA and marks your transactions as MFA'd. This is a one-shot gate and does not keep you in MFA. Test Plan: - Used "Sign with MFA", got prompted for MFA, answered MFA, saw transactions apply with MFA metadata and markers. - Tried to sign alone, got appropriate errors. - Tried to sign no-op changes, got appropriate errors. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13222 Differential Revision: https://secure.phabricator.com/D19897 --- src/__phutil_library_map__.php | 2 + .../PhabricatorAuthMFAEditEngineExtension.php | 52 +++++ .../constants/PhabricatorTransactions.php | 1 + .../editengine/PhabricatorEditEngine.php | 6 +- ...habricatorApplicationTransactionEditor.php | 205 +++++++++++++++--- .../PhabricatorApplicationTransaction.php | 30 +++ src/view/phui/PHUITimelineEventView.php | 2 +- 7 files changed, 265 insertions(+), 33 deletions(-) create mode 100644 src/applications/auth/engineextension/PhabricatorAuthMFAEditEngineExtension.php diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php index e3fb90377b..b788d5b924 100644 --- a/src/__phutil_library_map__.php +++ b/src/__phutil_library_map__.php @@ -2231,6 +2231,7 @@ phutil_register_library_map(array( 'PhabricatorAuthLoginController' => 'applications/auth/controller/PhabricatorAuthLoginController.php', 'PhabricatorAuthLoginHandler' => 'applications/auth/handler/PhabricatorAuthLoginHandler.php', 'PhabricatorAuthLogoutConduitAPIMethod' => 'applications/auth/conduit/PhabricatorAuthLogoutConduitAPIMethod.php', + 'PhabricatorAuthMFAEditEngineExtension' => 'applications/auth/engineextension/PhabricatorAuthMFAEditEngineExtension.php', 'PhabricatorAuthMainMenuBarExtension' => 'applications/auth/extension/PhabricatorAuthMainMenuBarExtension.php', 'PhabricatorAuthManagementCachePKCS8Workflow' => 'applications/auth/management/PhabricatorAuthManagementCachePKCS8Workflow.php', 'PhabricatorAuthManagementLDAPWorkflow' => 'applications/auth/management/PhabricatorAuthManagementLDAPWorkflow.php', @@ -7885,6 +7886,7 @@ phutil_register_library_map(array( 'PhabricatorAuthLoginController' => 'PhabricatorAuthController', 'PhabricatorAuthLoginHandler' => 'Phobject', 'PhabricatorAuthLogoutConduitAPIMethod' => 'PhabricatorAuthConduitAPIMethod', + 'PhabricatorAuthMFAEditEngineExtension' => 'PhabricatorEditEngineExtension', 'PhabricatorAuthMainMenuBarExtension' => 'PhabricatorMainMenuBarExtension', 'PhabricatorAuthManagementCachePKCS8Workflow' => 'PhabricatorAuthManagementWorkflow', 'PhabricatorAuthManagementLDAPWorkflow' => 'PhabricatorAuthManagementWorkflow', diff --git a/src/applications/auth/engineextension/PhabricatorAuthMFAEditEngineExtension.php b/src/applications/auth/engineextension/PhabricatorAuthMFAEditEngineExtension.php new file mode 100644 index 0000000000..adad1f9274 --- /dev/null +++ b/src/applications/auth/engineextension/PhabricatorAuthMFAEditEngineExtension.php @@ -0,0 +1,52 @@ +getViewer(); + + $mfa_field = id(new PhabricatorApplyEditField()) + ->setViewer($viewer) + ->setKey(self::FIELDKEY) + ->setLabel(pht('MFA')) + ->setIsFormField(false) + ->setCommentActionLabel(pht('Sign With MFA')) + ->setCommentActionOrder(12000) + ->setActionDescription( + pht('You will be prompted to provide MFA when you submit.')) + ->setDescription(pht('Sign this transaction group with MFA.')) + ->setTransactionType($mfa_type); + + return array( + $mfa_field, + ); + } + +} diff --git a/src/applications/transactions/constants/PhabricatorTransactions.php b/src/applications/transactions/constants/PhabricatorTransactions.php index 7a606fe65c..3b523417dd 100644 --- a/src/applications/transactions/constants/PhabricatorTransactions.php +++ b/src/applications/transactions/constants/PhabricatorTransactions.php @@ -16,6 +16,7 @@ final class PhabricatorTransactions extends Phobject { const TYPE_COLUMNS = 'core:columns'; const TYPE_SUBTYPE = 'core:subtype'; const TYPE_HISTORY = 'core:history'; + const TYPE_MFA = 'core:mfa'; const COLOR_RED = 'red'; const COLOR_ORANGE = 'orange'; diff --git a/src/applications/transactions/editengine/PhabricatorEditEngine.php b/src/applications/transactions/editengine/PhabricatorEditEngine.php index 3b3e5abdd7..e664197278 100644 --- a/src/applications/transactions/editengine/PhabricatorEditEngine.php +++ b/src/applications/transactions/editengine/PhabricatorEditEngine.php @@ -1105,6 +1105,7 @@ abstract class PhabricatorEditEngine $editor = $object->getApplicationTransactionEditor() ->setActor($viewer) ->setContentSourceFromRequest($request) + ->setCancelURI($cancel_uri) ->setContinueOnNoEffect(true); try { @@ -1785,7 +1786,9 @@ abstract class PhabricatorEditEngine $controller = $this->getController(); $request = $controller->getRequest(); - if (!$request->isFormPost()) { + // NOTE: We handle hisec inside the transaction editor with "Sign With MFA" + // comment actions. + if (!$request->isFormOrHisecPost()) { return new Aphront400Response(); } @@ -1919,6 +1922,7 @@ abstract class PhabricatorEditEngine ->setContinueOnNoEffect($request->isContinueRequest()) ->setContinueOnMissingFields(true) ->setContentSourceFromRequest($request) + ->setCancelURI($view_uri) ->setRaiseWarnings(!$request->getBool('editEngine.warnings')) ->setIsPreview($is_preview); diff --git a/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php b/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php index 697c4600a5..aa3ef0ceb6 100644 --- a/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php +++ b/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php @@ -84,6 +84,10 @@ abstract class PhabricatorApplicationTransactionEditor private $transactionQueue = array(); private $sendHistory = false; + private $shouldRequireMFA = false; + private $hasRequiredMFA = false; + private $request; + private $cancelURI; const STORAGE_ENCODING_BINARY = 'binary'; @@ -284,6 +288,22 @@ abstract class PhabricatorApplicationTransactionEditor return $this->raiseWarnings; } + public function setShouldRequireMFA($should_require_mfa) { + if ($this->hasRequiredMFA) { + throw new Exception( + pht( + 'Call to setShouldRequireMFA() is too late: this Editor has already '. + 'checked for MFA requirements.')); + } + + $this->shouldRequireMFA = $should_require_mfa; + return $this; + } + + public function getShouldRequireMFA() { + return $this->shouldRequireMFA; + } + public function getTransactionTypesForObject($object) { $old = $this->object; try { @@ -328,6 +348,8 @@ abstract class PhabricatorApplicationTransactionEditor $types[] = PhabricatorTransactions::TYPE_SPACE; } + $types[] = PhabricatorTransactions::TYPE_MFA; + $template = $this->object->getApplicationTransactionTemplate(); if ($template instanceof PhabricatorModularTransaction) { $xtypes = $template->newModularTransactionTypes(); @@ -383,6 +405,8 @@ abstract class PhabricatorApplicationTransactionEditor return null; case PhabricatorTransactions::TYPE_SUBTYPE: return $object->getEditEngineSubtype(); + case PhabricatorTransactions::TYPE_MFA: + return null; case PhabricatorTransactions::TYPE_SUBSCRIBERS: return array_values($this->subscribers); case PhabricatorTransactions::TYPE_VIEW_POLICY: @@ -473,6 +497,8 @@ abstract class PhabricatorApplicationTransactionEditor case PhabricatorTransactions::TYPE_SUBTYPE: case PhabricatorTransactions::TYPE_HISTORY: return $xaction->getNewValue(); + case PhabricatorTransactions::TYPE_MFA: + return true; case PhabricatorTransactions::TYPE_SPACE: $space_phid = $xaction->getNewValue(); if (!strlen($space_phid)) { @@ -611,6 +637,7 @@ abstract class PhabricatorApplicationTransactionEditor case PhabricatorTransactions::TYPE_CREATE: case PhabricatorTransactions::TYPE_HISTORY: case PhabricatorTransactions::TYPE_SUBTYPE: + case PhabricatorTransactions::TYPE_MFA: case PhabricatorTransactions::TYPE_TOKEN: case PhabricatorTransactions::TYPE_VIEW_POLICY: case PhabricatorTransactions::TYPE_EDIT_POLICY: @@ -673,6 +700,7 @@ abstract class PhabricatorApplicationTransactionEditor case PhabricatorTransactions::TYPE_CREATE: case PhabricatorTransactions::TYPE_HISTORY: case PhabricatorTransactions::TYPE_SUBTYPE: + case PhabricatorTransactions::TYPE_MFA: case PhabricatorTransactions::TYPE_EDGE: case PhabricatorTransactions::TYPE_TOKEN: case PhabricatorTransactions::TYPE_VIEW_POLICY: @@ -850,10 +878,6 @@ abstract class PhabricatorApplicationTransactionEditor $xaction->setIsSilentTransaction(true); } - if ($actor->hasHighSecuritySession()) { - $xaction->setIsMFATransaction(true); - } - return $xaction; } @@ -893,6 +917,7 @@ abstract class PhabricatorApplicationTransactionEditor } public function setContentSourceFromRequest(AphrontRequest $request) { + $this->setRequest($request); return $this->setContentSource( PhabricatorContentSource::newFromRequest($request)); } @@ -901,6 +926,24 @@ abstract class PhabricatorApplicationTransactionEditor return $this->contentSource; } + public function setRequest(AphrontRequest $request) { + $this->request = $request; + return $this; + } + + public function getRequest() { + return $this->request; + } + + public function setCancelURI($cancel_uri) { + $this->cancelURI = $cancel_uri; + return $this; + } + + public function getCancelURI() { + return $this->cancelURI; + } + final public function applyTransactions( PhabricatorLiskDAO $object, array $xactions) { @@ -966,9 +1009,29 @@ abstract class PhabricatorApplicationTransactionEditor $warnings); } } + } + foreach ($xactions as $xaction) { + $this->adjustTransactionValues($object, $xaction); + } + + // Now that we've merged and combined transactions, check for required + // capabilities. Note that we're doing this before filtering + // transactions: if you try to apply an edit which you do not have + // permission to apply, we want to give you a permissions error even + // if the edit would have no effect. + $this->applyCapabilityChecks($object, $xactions); + + $xactions = $this->filterTransactions($object, $xactions); + + if (!$is_preview) { $this->willApplyTransactions($object, $xactions); + $this->hasRequiredMFA = true; + if ($this->getShouldRequireMFA()) { + $this->requireMFA($object, $xactions); + } + if ($object->getID()) { $this->buildOldRecipientLists($object, $xactions); @@ -994,33 +1057,6 @@ abstract class PhabricatorApplicationTransactionEditor $this->applyInitialEffects($object, $xactions); } - foreach ($xactions as $xaction) { - $this->adjustTransactionValues($object, $xaction); - } - - // Now that we've merged and combined transactions, check for required - // capabilities. Note that we're doing this before filtering - // transactions: if you try to apply an edit which you do not have - // permission to apply, we want to give you a permissions error even - // if the edit would have no effect. - $this->applyCapabilityChecks($object, $xactions); - - // See T13186. Fatal hard if this object has an older - // "requireCapabilities()" method. The code may rely on this method being - // called to apply policy checks, so err on the side of safety and fatal. - // TODO: Remove this check after some time has passed. - if (method_exists($this, 'requireCapabilities')) { - throw new Exception( - pht( - 'Editor (of class "%s") implements obsolete policy method '. - 'requireCapabilities(). The implementation for this Editor '. - 'MUST be updated. See <%s> for discussion.', - get_class($this), - 'https://secure.phabricator.com/T13186')); - } - - $xactions = $this->filterTransactions($object, $xactions); - // TODO: Once everything is on EditEngine, just use getIsNewObject() to // figure this out instead. $mark_as_create = false; @@ -1580,6 +1616,10 @@ abstract class PhabricatorApplicationTransactionEditor // email and is only partially supported in the upstream. You don't // need any capabilities to apply it. return null; + case PhabricatorTransactions::TYPE_MFA: + // Signing a transaction group with MFA does not require permissions + // on its own. + return null; case PhabricatorTransactions::TYPE_EDGE: return $this->getLegacyRequiredEdgeCapabilities($xaction); default: @@ -2272,11 +2312,19 @@ abstract class PhabricatorApplicationTransactionEditor array $xactions) { $type_comment = PhabricatorTransactions::TYPE_COMMENT; + $type_mfa = PhabricatorTransactions::TYPE_MFA; $no_effect = array(); $has_comment = false; $any_effect = false; + + $meta_xactions = array(); foreach ($xactions as $key => $xaction) { + if ($xaction->getTransactionType() === $type_mfa) { + $meta_xactions[$key] = $xaction; + continue; + } + if ($this->transactionHasEffect($object, $xaction)) { if ($xaction->getTransactionType() != $type_comment) { $any_effect = true; @@ -2286,15 +2334,30 @@ abstract class PhabricatorApplicationTransactionEditor } else { $no_effect[$key] = $xaction; } + if ($xaction->hasComment()) { $has_comment = true; } } + // If every transaction is a meta-transaction applying to the transaction + // group, these transactions are junk. + if (count($meta_xactions) == count($xactions)) { + $no_effect = $xactions; + $any_effect = false; + } + if (!$no_effect) { return $xactions; } + // If none of the transactions have an effect, the meta-transactions also + // have no effect. Add them to the "no effect" list so we get a full set + // of errors for everything. + if (!$any_effect) { + $no_effect += $meta_xactions; + } + if (!$this->getContinueOnNoEffect() && !$this->getIsPreview()) { throw new PhabricatorApplicationTransactionNoEffectException( $no_effect, @@ -2375,6 +2438,12 @@ abstract class PhabricatorApplicationTransactionEditor $xactions, $type); break; + case PhabricatorTransactions::TYPE_MFA: + $errors[] = $this->validateMFATransactions( + $object, + $xactions, + $type); + break; case PhabricatorTransactions::TYPE_CUSTOMFIELD: $groups = array(); foreach ($xactions as $xaction) { @@ -2556,6 +2625,36 @@ abstract class PhabricatorApplicationTransactionEditor return $errors; } + private function validateMFATransactions( + PhabricatorLiskDAO $object, + array $xactions, + $transaction_type) { + $errors = array(); + + $factors = id(new PhabricatorAuthFactorConfig())->loadAllWhere( + 'userPHID = %s', + $this->getActingAsPHID()); + + foreach ($xactions as $xaction) { + if (!$factors) { + $errors[] = new PhabricatorApplicationTransactionValidationError( + $transaction_type, + pht('No MFA'), + pht( + 'You do not have any MFA factors attached to your account, so '. + 'you can not sign this transaction group with MFA. Add MFA to '. + 'your account in Settings.'), + $xaction); + } + } + + if ($xactions) { + $this->setShouldRequireMFA(true); + } + + return $errors; + } + protected function adjustObjectForPolicyChecks( PhabricatorLiskDAO $object, array $xactions) { @@ -4707,4 +4806,48 @@ abstract class PhabricatorApplicationTransactionEditor ->setNewValue($new_value); } + private function requireMFA(PhabricatorLiskDAO $object, array $xactions) { + $editor_class = get_class($this); + + $object_phid = $object->getPHID(); + if ($object_phid) { + $workflow_key = sprintf( + 'editor(%s).phid(%s)', + $editor_class, + $object_phid); + } else { + $workflow_key = sprintf( + 'editor(%s).new()', + $editor_class); + } + + $actor = $this->getActor(); + + $request = $this->getRequest(); + if ($request === null) { + throw new Exception( + pht( + 'This transaction group requires MFA to apply, but the Editor was '. + 'not configured with a Request. This workflow can not perform an '. + 'MFA check.')); + } + + $cancel_uri = $this->getCancelURI(); + if ($cancel_uri === null) { + throw new Exception( + pht( + 'This transaction group requires MFA to apply, but the Editor was '. + 'not configured with a Cancel URI. This workflow can not perform '. + 'an MFA check.')); + } + + id(new PhabricatorAuthSessionEngine()) + ->setWorkflowKey($workflow_key) + ->requireHighSecurityToken($actor, $request, $cancel_uri); + + foreach ($xactions as $xaction) { + $xaction->setIsMFATransaction(true); + } + } + } diff --git a/src/applications/transactions/storage/PhabricatorApplicationTransaction.php b/src/applications/transactions/storage/PhabricatorApplicationTransaction.php index 00e723c0c6..725178d6ca 100644 --- a/src/applications/transactions/storage/PhabricatorApplicationTransaction.php +++ b/src/applications/transactions/storage/PhabricatorApplicationTransaction.php @@ -473,6 +473,8 @@ abstract class PhabricatorApplicationTransaction return 'fa-th-large'; case PhabricatorTransactions::TYPE_COLUMNS: return 'fa-columns'; + case PhabricatorTransactions::TYPE_MFA: + return 'fa-vcard'; } return 'fa-pencil'; @@ -510,6 +512,8 @@ abstract class PhabricatorApplicationTransaction return 'sky'; } break; + case PhabricatorTransactions::TYPE_MFA; + return 'pink'; } return null; } @@ -835,6 +839,10 @@ abstract class PhabricatorApplicationTransaction return pht( 'You have not moved this object to any columns it is not '. 'already in.'); + case PhabricatorTransactions::TYPE_MFA: + return pht( + 'You can not sign a transaction group that has no other '. + 'effects.'); } return pht( @@ -1076,6 +1084,12 @@ abstract class PhabricatorApplicationTransaction } break; + + case PhabricatorTransactions::TYPE_MFA: + return pht( + '%s signed these changes with MFA.', + $this->renderHandleLink($author_phid)); + default: // In developer mode, provide a better hint here about which string // we're missing. @@ -1238,6 +1252,9 @@ abstract class PhabricatorApplicationTransaction } break; + case PhabricatorTransactions::TYPE_MFA: + return null; + } return $this->getTitle(); @@ -1320,6 +1337,10 @@ abstract class PhabricatorApplicationTransaction // (which are shown anyway) but less interesting than any other type of // transaction. return 0.75; + case PhabricatorTransactions::TYPE_MFA: + // We want MFA signatures to render at the top of transaction groups, + // on top of the things they signed. + return 10; } return 1.0; @@ -1434,6 +1455,8 @@ abstract class PhabricatorApplicationTransaction $this_source = $this->getContentSource()->getSource(); } + $type_mfa = PhabricatorTransactions::TYPE_MFA; + foreach ($group as $xaction) { // Don't group transactions by different authors. if ($xaction->getAuthorPHID() != $this->getAuthorPHID()) { @@ -1477,6 +1500,13 @@ abstract class PhabricatorApplicationTransaction if ($is_mfa != $xaction->getIsMFATransaction()) { return false; } + + // Don't group two "Sign with MFA" transactions together. + if ($this->getTransactionType() === $type_mfa) { + if ($xaction->getTransactionType() === $type_mfa) { + return false; + } + } } return true; diff --git a/src/view/phui/PHUITimelineEventView.php b/src/view/phui/PHUITimelineEventView.php index 1cf6400bb5..86628058fe 100644 --- a/src/view/phui/PHUITimelineEventView.php +++ b/src/view/phui/PHUITimelineEventView.php @@ -605,7 +605,7 @@ final class PHUITimelineEventView extends AphrontView { // provide a hint that it was extra authentic. if ($this->getIsMFA()) { $extra[] = id(new PHUIIconView()) - ->setIcon('fa-vcard', 'green') + ->setIcon('fa-vcard', 'pink') ->setTooltip(pht('MFA Authenticated')); } } From 3da9844564cf7f93916e420ecae64a4faf15a2d7 Mon Sep 17 00:00:00 2001 From: epriestley Date: Tue, 18 Dec 2018 05:55:17 -0800 Subject: [PATCH 34/44] Tighten some MFA/TOTP parameters to improve resistance to brute force attacks Summary: Depends on D19897. Ref T13222. See some discussion in D19890. - Only rate limit users if they're actually answering a challenge, not if they're just clicking "Wait Patiently". - Reduce the number of allowed attempts per hour from 100 back to 10. - Reduce the TOTP window from +/- 2 timesteps (allowing ~60 seconds of skew) to +/- 1 timestep (allowing ~30 seconds of skew). - Change the window where a TOTP response remains valid to a flat 60 seconds instead of a calculation based on windows and timesteps. Test Plan: - Hit an MFA prompt. - Without typing in any codes, mashed "submit" as much as I wanted (>>10 times / hour). - Answered prompt correctly. - Mashed "Wait Patiently" as much as I wanted (>>10 times / hour). - Guessed random numbers, was rate limited after 10 attempts. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13222 Differential Revision: https://secure.phabricator.com/D19898 --- .../action/PhabricatorAuthTryFactorAction.php | 2 +- .../engine/PhabricatorAuthSessionEngine.php | 29 +++++++++---- .../auth/factor/PhabricatorAuthFactor.php | 4 ++ .../auth/factor/PhabricatorTOTPAuthFactor.php | 42 +++++++++++++++---- 4 files changed, 59 insertions(+), 18 deletions(-) diff --git a/src/applications/auth/action/PhabricatorAuthTryFactorAction.php b/src/applications/auth/action/PhabricatorAuthTryFactorAction.php index 40e7c858d1..246298567b 100644 --- a/src/applications/auth/action/PhabricatorAuthTryFactorAction.php +++ b/src/applications/auth/action/PhabricatorAuthTryFactorAction.php @@ -9,7 +9,7 @@ final class PhabricatorAuthTryFactorAction extends PhabricatorSystemAction { } public function getScoreThreshold() { - return 100 / phutil_units('1 hour in seconds'); + return 10 / phutil_units('1 hour in seconds'); } public function getLimitExplanation() { diff --git a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php index c129d898f2..d29530dbfd 100644 --- a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php +++ b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php @@ -567,10 +567,21 @@ final class PhabricatorAuthSessionEngine extends Phobject { if ($request->getExists(AphrontRequest::TYPE_HISEC)) { // Limit factor verification rates to prevent brute force attacks. - PhabricatorSystemActionEngine::willTakeAction( - array($viewer->getPHID()), - new PhabricatorAuthTryFactorAction(), - 1); + $any_attempt = false; + foreach ($factors as $factor) { + $impl = $factor->requireImplementation(); + if ($impl->getRequestHasChallengeResponse($factor, $request)) { + $any_attempt = true; + break; + } + } + + if ($any_attempt) { + PhabricatorSystemActionEngine::willTakeAction( + array($viewer->getPHID()), + new PhabricatorAuthTryFactorAction(), + 1); + } foreach ($factors as $factor) { $factor_phid = $factor->getPHID(); @@ -610,10 +621,12 @@ final class PhabricatorAuthSessionEngine extends Phobject { } // Give the user a credit back for a successful factor verification. - PhabricatorSystemActionEngine::willTakeAction( - array($viewer->getPHID()), - new PhabricatorAuthTryFactorAction(), - -1); + if ($any_attempt) { + PhabricatorSystemActionEngine::willTakeAction( + array($viewer->getPHID()), + new PhabricatorAuthTryFactorAction(), + -1); + } if ($session->getIsPartial() && !$jump_into_hisec) { // If we have a partial session and are not jumping directly into diff --git a/src/applications/auth/factor/PhabricatorAuthFactor.php b/src/applications/auth/factor/PhabricatorAuthFactor.php index a9483a9809..5dccbe1653 100644 --- a/src/applications/auth/factor/PhabricatorAuthFactor.php +++ b/src/applications/auth/factor/PhabricatorAuthFactor.php @@ -52,6 +52,10 @@ abstract class PhabricatorAuthFactor extends Phobject { ->setWorkflowKey($engine->getWorkflowKey()); } + abstract public function getRequestHasChallengeResponse( + PhabricatorAuthFactorConfig $config, + AphrontRequest $response); + final public function getNewIssuedChallenges( PhabricatorAuthFactorConfig $config, PhabricatorUser $viewer, diff --git a/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php b/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php index 2a8999f2e4..33bb961691 100644 --- a/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php +++ b/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php @@ -80,7 +80,7 @@ final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor { $okay = (bool)$this->getTimestepAtWhichResponseIsValid( $this->getAllowedTimesteps($this->getCurrentTimestep()), new PhutilOpaqueEnvelope($key), - (string)$code); + $code); if ($okay) { $config = $this->newConfigForUser($user) @@ -206,9 +206,10 @@ final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor { if (!$control) { $value = $result->getValue(); $error = $result->getErrorMessage(); + $name = $this->getChallengeResponseParameterName($config); $control = id(new PHUIFormNumberControl()) - ->setName($this->getParameterName($config, 'totpcode')) + ->setName($name) ->setDisableAutocomplete(true) ->setValue($value) ->setError($error); @@ -221,6 +222,15 @@ final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor { $form->appendChild($control); } + public function getRequestHasChallengeResponse( + PhabricatorAuthFactorConfig $config, + AphrontRequest $request) { + + $value = $this->getChallengeResponseFromRequest($config, $request); + return (bool)strlen($value); + } + + protected function newResultFromIssuedChallenges( PhabricatorAuthFactorConfig $config, PhabricatorUser $viewer, @@ -301,7 +311,9 @@ final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor { AphrontRequest $request, array $challenges) { - $code = $request->getStr($this->getParameterName($config, 'totpcode')); + $code = $this->getChallengeResponseFromRequest( + $config, + $request); $result = $this->newResult() ->setValue($code); @@ -335,13 +347,10 @@ final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor { $valid_timestep = $this->getTimestepAtWhichResponseIsValid( array_intersect_key($challenge_timesteps, $current_timesteps), new PhutilOpaqueEnvelope($config->getFactorSecret()), - (string)$code); + $code); if ($valid_timestep) { - $now = PhabricatorTime::getNow(); - $step_duration = $this->getTimestepDuration(); - $step_window = $this->getTimestepWindowSize(); - $ttl = $now + ($step_duration * $step_window); + $ttl = PhabricatorTime::getNow() + 60; $challenge ->setProperty('totp.timestep', $valid_timestep) @@ -475,7 +484,7 @@ final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor { // The user is allowed to provide a code from the recent past or the // near future to account for minor clock skew between the client // and server, and the time it takes to actually enter a code. - return 2; + return 1; } private function getTimestepAtWhichResponseIsValid( @@ -493,6 +502,21 @@ final class PhabricatorTOTPAuthFactor extends PhabricatorAuthFactor { return null; } + private function getChallengeResponseParameterName( + PhabricatorAuthFactorConfig $config) { + return $this->getParameterName($config, 'totpcode'); + } + private function getChallengeResponseFromRequest( + PhabricatorAuthFactorConfig $config, + AphrontRequest $request) { + $name = $this->getChallengeResponseParameterName($config); + + $value = $request->getStr($name); + $value = (string)$value; + $value = trim($value); + + return $value; + } } From d3c325c4fc7321a2411ef0c2608527ee701c041e Mon Sep 17 00:00:00 2001 From: epriestley Date: Tue, 18 Dec 2018 07:01:20 -0800 Subject: [PATCH 35/44] Allow objects to be put in an "MFA required for all interactions" mode, and support "MFA required" statuses in Maniphest Summary: Depends on D19898. Ref T13222. See PHI873. Allow objects to opt into an "MFA is required for all edits" mode. Put tasks in this mode if they're in a status that specifies it is an `mfa` status. This is still a little rough for now: - There's no UI hint that you'll have to MFA. I'll likely add some hinting in a followup. - All edits currently require MFA, even subscribe/unsubscribe. We could maybe relax this if it's an issue. Test Plan: - Edited an MFA-required object via comments, edit forms, and most/all of the extensions. These prompted for MFA, then worked correctly. - Tried to edit via Conduit, failed with a reasonably comprehensible error. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13222 Differential Revision: https://secure.phabricator.com/D19899 --- src/__phutil_library_map__.php | 6 ++ .../PhabricatorManiphestConfigOptions.php | 2 + .../constants/ManiphestTaskStatus.php | 5 ++ .../engine/ManiphestTaskMFAEngine.php | 11 ++++ .../maniphest/storage/ManiphestTask.php | 11 +++- ...PhabricatorSubscriptionsEditController.php | 3 +- .../editengine/PhabricatorEditEngine.php | 2 +- .../PhabricatorEditEngineMFAEngine.php | 39 +++++++++++ .../PhabricatorEditEngineMFAInterface.php | 7 ++ ...habricatorApplicationTransactionEditor.php | 64 +++++++++++++++++-- 10 files changed, 142 insertions(+), 8 deletions(-) create mode 100644 src/applications/maniphest/engine/ManiphestTaskMFAEngine.php create mode 100644 src/applications/transactions/editengine/PhabricatorEditEngineMFAEngine.php create mode 100644 src/applications/transactions/editengine/PhabricatorEditEngineMFAInterface.php diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php index b788d5b924..552a27a321 100644 --- a/src/__phutil_library_map__.php +++ b/src/__phutil_library_map__.php @@ -1731,6 +1731,7 @@ phutil_register_library_map(array( 'ManiphestTaskListController' => 'applications/maniphest/controller/ManiphestTaskListController.php', 'ManiphestTaskListHTTPParameterType' => 'applications/maniphest/httpparametertype/ManiphestTaskListHTTPParameterType.php', 'ManiphestTaskListView' => 'applications/maniphest/view/ManiphestTaskListView.php', + 'ManiphestTaskMFAEngine' => 'applications/maniphest/engine/ManiphestTaskMFAEngine.php', 'ManiphestTaskMailReceiver' => 'applications/maniphest/mail/ManiphestTaskMailReceiver.php', 'ManiphestTaskMergeInRelationship' => 'applications/maniphest/relationship/ManiphestTaskMergeInRelationship.php', 'ManiphestTaskMergedFromTransaction' => 'applications/maniphest/xaction/ManiphestTaskMergedFromTransaction.php', @@ -2977,6 +2978,8 @@ phutil_register_library_map(array( 'PhabricatorEditEngineListController' => 'applications/transactions/controller/PhabricatorEditEngineListController.php', 'PhabricatorEditEngineLock' => 'applications/transactions/editengine/PhabricatorEditEngineLock.php', 'PhabricatorEditEngineLockableInterface' => 'applications/transactions/editengine/PhabricatorEditEngineLockableInterface.php', + 'PhabricatorEditEngineMFAEngine' => 'applications/transactions/editengine/PhabricatorEditEngineMFAEngine.php', + 'PhabricatorEditEngineMFAInterface' => 'applications/transactions/editengine/PhabricatorEditEngineMFAInterface.php', 'PhabricatorEditEnginePointsCommentAction' => 'applications/transactions/commentaction/PhabricatorEditEnginePointsCommentAction.php', 'PhabricatorEditEngineProfileMenuItem' => 'applications/search/menuitem/PhabricatorEditEngineProfileMenuItem.php', 'PhabricatorEditEngineQuery' => 'applications/transactions/query/PhabricatorEditEngineQuery.php', @@ -7298,6 +7301,7 @@ phutil_register_library_map(array( 'DoorkeeperBridgedObjectInterface', 'PhabricatorEditEngineSubtypeInterface', 'PhabricatorEditEngineLockableInterface', + 'PhabricatorEditEngineMFAInterface', ), 'ManiphestTaskAssignHeraldAction' => 'HeraldAction', 'ManiphestTaskAssignOtherHeraldAction' => 'ManiphestTaskAssignHeraldAction', @@ -7336,6 +7340,7 @@ phutil_register_library_map(array( 'ManiphestTaskListController' => 'ManiphestController', 'ManiphestTaskListHTTPParameterType' => 'AphrontListHTTPParameterType', 'ManiphestTaskListView' => 'ManiphestView', + 'ManiphestTaskMFAEngine' => 'PhabricatorEditEngineMFAEngine', 'ManiphestTaskMailReceiver' => 'PhabricatorObjectMailReceiver', 'ManiphestTaskMergeInRelationship' => 'ManiphestTaskRelationship', 'ManiphestTaskMergedFromTransaction' => 'ManiphestTaskTransactionType', @@ -8754,6 +8759,7 @@ phutil_register_library_map(array( 'PhabricatorEditEngineExtensionModule' => 'PhabricatorConfigModule', 'PhabricatorEditEngineListController' => 'PhabricatorEditEngineController', 'PhabricatorEditEngineLock' => 'Phobject', + 'PhabricatorEditEngineMFAEngine' => 'Phobject', 'PhabricatorEditEnginePointsCommentAction' => 'PhabricatorEditEngineCommentAction', 'PhabricatorEditEngineProfileMenuItem' => 'PhabricatorProfileMenuItem', 'PhabricatorEditEngineQuery' => 'PhabricatorCursorPagedPolicyAwareQuery', diff --git a/src/applications/maniphest/config/PhabricatorManiphestConfigOptions.php b/src/applications/maniphest/config/PhabricatorManiphestConfigOptions.php index 609db0d1b6..c5527aa485 100644 --- a/src/applications/maniphest/config/PhabricatorManiphestConfigOptions.php +++ b/src/applications/maniphest/config/PhabricatorManiphestConfigOptions.php @@ -212,6 +212,8 @@ The keys you can provide in a specification are: status. - `locked` //Optional bool.// Lock tasks in this status, preventing users from commenting. + - `mfa` //Optional bool.// Require all edits to this task to be signed with + multi-factor authentication. Statuses will appear in the UI in the order specified. Note the status marked `special` as `duplicate` is not settable directly and will not appear in UI diff --git a/src/applications/maniphest/constants/ManiphestTaskStatus.php b/src/applications/maniphest/constants/ManiphestTaskStatus.php index 53d2e1afe3..4d58816e2a 100644 --- a/src/applications/maniphest/constants/ManiphestTaskStatus.php +++ b/src/applications/maniphest/constants/ManiphestTaskStatus.php @@ -160,6 +160,10 @@ final class ManiphestTaskStatus extends ManiphestConstants { return self::getStatusAttribute($status, 'locked', false); } + public static function isMFAStatus($status) { + return self::getStatusAttribute($status, 'mfa', false); + } + public static function getStatusActionName($status) { return self::getStatusAttribute($status, 'name.action'); } @@ -282,6 +286,7 @@ final class ManiphestTaskStatus extends ManiphestConstants { 'disabled' => 'optional bool', 'claim' => 'optional bool', 'locked' => 'optional bool', + 'mfa' => 'optional bool', )); } diff --git a/src/applications/maniphest/engine/ManiphestTaskMFAEngine.php b/src/applications/maniphest/engine/ManiphestTaskMFAEngine.php new file mode 100644 index 0000000000..2aa0e303e3 --- /dev/null +++ b/src/applications/maniphest/engine/ManiphestTaskMFAEngine.php @@ -0,0 +1,11 @@ +getObject()->getStatus(); + return ManiphestTaskStatus::isMFAStatus($status); + } + +} diff --git a/src/applications/maniphest/storage/ManiphestTask.php b/src/applications/maniphest/storage/ManiphestTask.php index 1372e2cb88..ada537fa4d 100644 --- a/src/applications/maniphest/storage/ManiphestTask.php +++ b/src/applications/maniphest/storage/ManiphestTask.php @@ -19,7 +19,8 @@ final class ManiphestTask extends ManiphestDAO PhabricatorFerretInterface, DoorkeeperBridgedObjectInterface, PhabricatorEditEngineSubtypeInterface, - PhabricatorEditEngineLockableInterface { + PhabricatorEditEngineLockableInterface, + PhabricatorEditEngineMFAInterface { const MARKUP_FIELD_DESCRIPTION = 'markup:desc'; @@ -619,4 +620,12 @@ final class ManiphestTask extends ManiphestDAO return new ManiphestTaskFerretEngine(); } + +/* -( PhabricatorEditEngineMFAInterface )---------------------------------- */ + + + public function newEditEngineMFAEngine() { + return new ManiphestTaskMFAEngine(); + } + } diff --git a/src/applications/subscriptions/controller/PhabricatorSubscriptionsEditController.php b/src/applications/subscriptions/controller/PhabricatorSubscriptionsEditController.php index 13a0e14c23..941c0c5811 100644 --- a/src/applications/subscriptions/controller/PhabricatorSubscriptionsEditController.php +++ b/src/applications/subscriptions/controller/PhabricatorSubscriptionsEditController.php @@ -8,7 +8,7 @@ final class PhabricatorSubscriptionsEditController $phid = $request->getURIData('phid'); $action = $request->getURIData('action'); - if (!$request->isFormPost()) { + if (!$request->isFormOrHisecPost()) { return new Aphront400Response(); } @@ -73,6 +73,7 @@ final class PhabricatorSubscriptionsEditController $editor = id($object->getApplicationTransactionEditor()) ->setActor($viewer) + ->setCancelURI($handle->getURI()) ->setContinueOnNoEffect(true) ->setContinueOnMissingFields(true) ->setContentSourceFromRequest($request); diff --git a/src/applications/transactions/editengine/PhabricatorEditEngine.php b/src/applications/transactions/editengine/PhabricatorEditEngine.php index e664197278..8c4a557e83 100644 --- a/src/applications/transactions/editengine/PhabricatorEditEngine.php +++ b/src/applications/transactions/editengine/PhabricatorEditEngine.php @@ -1041,7 +1041,7 @@ abstract class PhabricatorEditEngine } $validation_exception = null; - if ($request->isFormPost() && $request->getBool('editEngine')) { + if ($request->isFormOrHisecPost() && $request->getBool('editEngine')) { $submit_fields = $fields; foreach ($submit_fields as $key => $field) { diff --git a/src/applications/transactions/editengine/PhabricatorEditEngineMFAEngine.php b/src/applications/transactions/editengine/PhabricatorEditEngineMFAEngine.php new file mode 100644 index 0000000000..523672340a --- /dev/null +++ b/src/applications/transactions/editengine/PhabricatorEditEngineMFAEngine.php @@ -0,0 +1,39 @@ +object = $object; + return $this; + } + + public function getObject() { + return $this->object; + } + + public function setViewer(PhabricatorUser $viewer) { + $this->viewer = $viewer; + return $this; + } + + public function getViewer() { + if (!$this->viewer) { + throw new PhutilInvalidStateException('setViewer'); + } + + return $this->viewer; + } + + final public static function newEngineForObject( + PhabricatorEditEngineMFAInterface $object) { + return $object->newEditEngineMFAEngine() + ->setObject($object); + } + + abstract public function shouldRequireMFA(); + +} diff --git a/src/applications/transactions/editengine/PhabricatorEditEngineMFAInterface.php b/src/applications/transactions/editengine/PhabricatorEditEngineMFAInterface.php new file mode 100644 index 0000000000..48acb43c56 --- /dev/null +++ b/src/applications/transactions/editengine/PhabricatorEditEngineMFAInterface.php @@ -0,0 +1,7 @@ +isNewObject = ($object->getPHID() === null); $this->validateEditParameters($object, $xactions); + $xactions = $this->newMFATransactions($object, $xactions); $actor = $this->requireActor(); @@ -4825,11 +4826,22 @@ abstract class PhabricatorApplicationTransactionEditor $request = $this->getRequest(); if ($request === null) { - throw new Exception( - pht( - 'This transaction group requires MFA to apply, but the Editor was '. - 'not configured with a Request. This workflow can not perform an '. - 'MFA check.')); + $source_type = $this->getContentSource()->getSourceTypeConstant(); + $conduit_type = PhabricatorConduitContentSource::SOURCECONST; + $is_conduit = ($source_type === $conduit_type); + if ($is_conduit) { + throw new Exception( + pht( + 'This transaction group requires MFA to apply, but you can not '. + 'provide an MFA response via Conduit. Edit this object via the '. + 'web UI.')); + } else { + throw new Exception( + pht( + 'This transaction group requires MFA to apply, but the Editor was '. + 'not configured with a Request. This workflow can not perform an '. + 'MFA check.')); + } } $cancel_uri = $this->getCancelURI(); @@ -4850,4 +4862,46 @@ abstract class PhabricatorApplicationTransactionEditor } } + private function newMFATransactions( + PhabricatorLiskDAO $object, + array $xactions) { + + $is_mfa = ($object instanceof PhabricatorEditEngineMFAInterface); + if (!$is_mfa) { + return $xactions; + } + + $engine = PhabricatorEditEngineMFAEngine::newEngineForObject($object) + ->setViewer($this->getActor()); + $require_mfa = $engine->shouldRequireMFA(); + + if (!$require_mfa) { + return $xactions; + } + + $type_mfa = PhabricatorTransactions::TYPE_MFA; + + $has_mfa = false; + foreach ($xactions as $xaction) { + if ($xaction->getTransactionType() === $type_mfa) { + $has_mfa = true; + break; + } + } + + if ($has_mfa) { + return $xactions; + } + + $template = $object->getApplicationTransactionTemplate(); + + $mfa_xaction = id(clone $template) + ->setTransactionType($type_mfa) + ->setNewValue(true); + + array_unshift($xactions, $mfa_xaction); + + return $xactions; + } + } From 1c89b3175f1cbb3ef19f36b8a53d3e0b2b21f0de Mon Sep 17 00:00:00 2001 From: epriestley Date: Tue, 18 Dec 2018 08:02:40 -0800 Subject: [PATCH 36/44] Improve UI messaging around "one-shot" vs "session upgrade" MFA Summary: Depends on D19899. Ref T13222. When we prompt you for one-shot MFA, we currently give you a lot of misleading text about your session staying in "high security mode". Differentiate between one-shot and session upgrade MFA, and give the user appropriate cues and explanatory text. Test Plan: - Hit one-shot MFA on an "mfa" task in Maniphest. - Hit session upgrade MFA in Settings > Multi-Factor. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13222 Differential Revision: https://secure.phabricator.com/D19900 --- ...torHighSecurityRequestExceptionHandler.php | 65 +++++++++++++------ .../engine/PhabricatorAuthSessionEngine.php | 1 + ...catorAuthHighSecurityRequiredException.php | 10 +++ 3 files changed, 56 insertions(+), 20 deletions(-) diff --git a/src/aphront/handler/PhabricatorHighSecurityRequestExceptionHandler.php b/src/aphront/handler/PhabricatorHighSecurityRequestExceptionHandler.php index 1cbf4c6e4f..fe9af45666 100644 --- a/src/aphront/handler/PhabricatorHighSecurityRequestExceptionHandler.php +++ b/src/aphront/handler/PhabricatorHighSecurityRequestExceptionHandler.php @@ -45,40 +45,65 @@ final class PhabricatorHighSecurityRequestExceptionHandler } } + $is_upgrade = $throwable->getIsSessionUpgrade(); + + if ($is_upgrade) { + $title = pht('Enter High Security'); + } else { + $title = pht('Provide MFA Credentials'); + } + if ($is_wait) { $submit = pht('Wait Patiently'); - } else { + } else if ($is_upgrade) { $submit = pht('Enter High Security'); + } else { + $submit = pht('Continue'); } $dialog = id(new AphrontDialogView()) ->setUser($viewer) - ->setTitle(pht('Entering High Security')) + ->setTitle($title) ->setShortTitle(pht('Security Checkpoint')) ->setWidth(AphrontDialogView::WIDTH_FORM) ->addHiddenInput(AphrontRequest::TYPE_HISEC, true) - ->setErrors( - array( - pht( - 'You are taking an action which requires you to enter '. - 'high security.'), - )) - ->appendParagraph( - pht( - 'High security mode helps protect your account from security '. - 'threats, like session theft or someone messing with your stuff '. - 'while you\'re grabbing a coffee. To enter high security mode, '. - 'confirm your credentials.')) - ->appendChild($form->buildLayoutView()) - ->appendParagraph( - pht( - 'Your account will remain in high security mode for a short '. - 'period of time. When you are finished taking sensitive '. - 'actions, you should leave high security.')) ->setSubmitURI($request->getPath()) ->addCancelButton($throwable->getCancelURI()) ->addSubmitButton($submit); + $form_layout = $form->buildLayoutView(); + + if ($is_upgrade) { + $dialog + ->setErrors( + array( + pht( + 'You are taking an action which requires you to enter '. + 'high security.'), + )) + ->appendParagraph( + pht( + 'High security mode helps protect your account from security '. + 'threats, like session theft or someone messing with your stuff '. + 'while you\'re grabbing a coffee. To enter high security mode, '. + 'confirm your credentials.')) + ->appendChild($form_layout) + ->appendParagraph( + pht( + 'Your account will remain in high security mode for a short '. + 'period of time. When you are finished taking sensitive '. + 'actions, you should leave high security.')); + } else { + $dialog + ->setErrors( + array( + pht( + 'You are taking an action which requires you to provide '. + 'multi-factor credentials.'), + )) + ->appendChild($form_layout); + } + $request_parameters = $request->getPassthroughRequestParameters( $respect_quicksand = true); foreach ($request_parameters as $key => $value) { diff --git a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php index d29530dbfd..8381e01950 100644 --- a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php +++ b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php @@ -684,6 +684,7 @@ final class PhabricatorAuthSessionEngine extends Phobject { throw id(new PhabricatorAuthHighSecurityRequiredException()) ->setCancelURI($cancel_uri) + ->setIsSessionUpgrade($upgrade_session) ->setFactors($factors) ->setFactorValidationResults($validation_results); } diff --git a/src/applications/auth/exception/PhabricatorAuthHighSecurityRequiredException.php b/src/applications/auth/exception/PhabricatorAuthHighSecurityRequiredException.php index 9f37d36a44..dc197b3a43 100644 --- a/src/applications/auth/exception/PhabricatorAuthHighSecurityRequiredException.php +++ b/src/applications/auth/exception/PhabricatorAuthHighSecurityRequiredException.php @@ -5,6 +5,7 @@ final class PhabricatorAuthHighSecurityRequiredException extends Exception { private $cancelURI; private $factors; private $factorValidationResults; + private $isSessionUpgrade; public function setFactorValidationResults(array $results) { assert_instances_of($results, 'PhabricatorAuthFactorResult'); @@ -35,4 +36,13 @@ final class PhabricatorAuthHighSecurityRequiredException extends Exception { return $this->cancelURI; } + public function setIsSessionUpgrade($is_upgrade) { + $this->isSessionUpgrade = $is_upgrade; + return $this; + } + + public function getIsSessionUpgrade() { + return $this->isSessionUpgrade; + } + } From efb01bf34f609773dfb6d0ed5ea0cb9661f415c0 Mon Sep 17 00:00:00 2001 From: epriestley Date: Tue, 18 Dec 2018 08:09:45 -0800 Subject: [PATCH 37/44] Allow "MFA Required" objects to be edited without MFA if the edit is only creating inverse edges Summary: Depends on D19900. Ref T13222. See PHI873. When an object requires MFA, we currently require MFA for every transaction. This includes some ambiguous cases like "unsubscribe", but also includes "mention", which seems like clearly bad behavior. Allow an "MFA" object to be the target of mentions, "edit child tasks", etc. Test Plan: - Mentioned an MFA object elsewhere (no MFA prompt). - Made an MFA object a subtask of a non-MFA object (no MFA prompt). - Tried to edit an MFA object normally (still got an MFA prompt). Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13222 Differential Revision: https://secure.phabricator.com/D19901 --- .../editor/PhabricatorApplicationTransactionEditor.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php b/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php index bc8fdcd0c6..e58a3618a3 100644 --- a/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php +++ b/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php @@ -4893,6 +4893,13 @@ abstract class PhabricatorApplicationTransactionEditor return $xactions; } + // If the user is mentioning an MFA object on another object or creating + // a relationship like "parent" or "child" to this object, we allow the + // edit to move forward without requiring MFA. + if ($this->getIsInverseEdgeEditor()) { + return $xactions; + } + $template = $object->getApplicationTransactionTemplate(); $mfa_xaction = id(clone $template) From 6a6db0ac8e6f4e949b7e3e0c5512ac88618b2a61 Mon Sep 17 00:00:00 2001 From: epriestley Date: Tue, 18 Dec 2018 08:21:22 -0800 Subject: [PATCH 38/44] Allow tokens to be awarded to MFA-required objects Summary: Depends on D19901. Ref T13222. See PHI873. Currently, the MFA code and the (older, not-really-transactional) token code don't play nicely. In particular, if the Editor throws we tend to get half an effect applied. For now, just make this work. Some day it could become more modern so that the transaction actually applies the write. Test Plan: Awarded and rescinded tokens from an MFA-required object. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13222 Differential Revision: https://secure.phabricator.com/D19902 --- .../PhabricatorTokenGiveController.php | 4 +- .../editor/PhabricatorTokenGivenEditor.php | 74 +++++++++++++++---- 2 files changed, 62 insertions(+), 16 deletions(-) diff --git a/src/applications/tokens/controller/PhabricatorTokenGiveController.php b/src/applications/tokens/controller/PhabricatorTokenGiveController.php index c7c47c41f3..ef8dc75991 100644 --- a/src/applications/tokens/controller/PhabricatorTokenGiveController.php +++ b/src/applications/tokens/controller/PhabricatorTokenGiveController.php @@ -47,11 +47,13 @@ final class PhabricatorTokenGiveController extends PhabricatorTokenController { } $done_uri = $handle->getURI(); - if ($request->isDialogFormPost()) { + if ($request->isFormOrHisecPost()) { $content_source = PhabricatorContentSource::newFromRequest($request); $editor = id(new PhabricatorTokenGivenEditor()) ->setActor($viewer) + ->setRequest($request) + ->setCancelURI($handle->getURI()) ->setContentSource($content_source); if ($is_give) { $token_phid = $request->getStr('tokenPHID'); diff --git a/src/applications/tokens/editor/PhabricatorTokenGivenEditor.php b/src/applications/tokens/editor/PhabricatorTokenGivenEditor.php index 0d2f143635..08a4cbf9b1 100644 --- a/src/applications/tokens/editor/PhabricatorTokenGivenEditor.php +++ b/src/applications/tokens/editor/PhabricatorTokenGivenEditor.php @@ -4,6 +4,8 @@ final class PhabricatorTokenGivenEditor extends PhabricatorEditor { private $contentSource; + private $request; + private $cancelURI; public function setContentSource(PhabricatorContentSource $content_source) { $this->contentSource = $content_source; @@ -14,6 +16,24 @@ final class PhabricatorTokenGivenEditor return $this->contentSource; } + public function setRequest(AphrontRequest $request) { + $this->request = $request; + return $this; + } + + public function getRequest() { + return $this->request; + } + + public function setCancelURI($cancel_uri) { + $this->cancelURI = $cancel_uri; + return $this; + } + + public function getCancelURI() { + return $this->cancelURI; + } + public function addToken($object_phid, $token_phid) { $token = $this->validateToken($token_phid); $object = $this->validateObject($object_phid); @@ -41,18 +61,23 @@ final class PhabricatorTokenGivenEditor id(new PhabricatorTokenCount())->getTableName(), $object->getPHID()); + $current_token_phid = null; + if ($current_token) { + $current_token_phid = $current_token->getTokenPHID(); + } + + try { + $this->publishTransaction( + $object, + $current_token_phid, + $token->getPHID()); + } catch (Exception $ex) { + $token_given->killTransaction(); + throw $ex; + } + $token_given->saveTransaction(); - $current_token_phid = null; - if ($current_token) { - $current_token_phid = $current_token->getTokenPHID(); - } - - $this->publishTransaction( - $object, - $current_token_phid, - $token->getPHID()); - $subscribed_phids = $object->getUsersToNotifyOfTokenGiven(); if ($subscribed_phids) { $related_phids = $subscribed_phids; @@ -86,11 +111,20 @@ final class PhabricatorTokenGivenEditor return; } - $this->executeDeleteToken($object, $token_given); - $this->publishTransaction( - $object, - $token_given->getTokenPHID(), - null); + $token_given->openTransaction(); + $this->executeDeleteToken($object, $token_given); + + try { + $this->publishTransaction( + $object, + $token_given->getTokenPHID(), + null); + } catch (Exception $ex) { + $token_given->killTransaction(); + throw $ex; + } + + $token_given->saveTransaction(); } private function executeDeleteToken( @@ -166,6 +200,16 @@ final class PhabricatorTokenGivenEditor ->setContinueOnNoEffect(true) ->setContinueOnMissingFields(true); + $request = $this->getRequest(); + if ($request) { + $editor->setRequest($request); + } + + $cancel_uri = $this->getCancelURI(); + if ($cancel_uri) { + $editor->setCancelURI($cancel_uri); + } + $editor->applyTransactions($object, $xactions); } From ff49d1ef776b47e1b7a4e3959d7ee903f1a544a0 Mon Sep 17 00:00:00 2001 From: epriestley Date: Tue, 18 Dec 2018 11:09:06 -0800 Subject: [PATCH 39/44] Allow "bin/auth recover" to generate a link which forces a full login session Summary: Depends on D19902. Ref T13222. This is mostly a "while I'm in here..." change since MFA is getting touched so much anyway. Doing cluster support, I sometimes need to log into user accounts on instances that have MFA. I currently accomplish this by doing `bin/auth recover`, getting a parital session, and then forcing it into a full session in the database. This is inconvenient and somewhat dangerous. Instead, allow `bin/auth recover` to generate a link that skips the "partial session" stage: adding required MFA, providing MFA, and signing legalpad documents. Anyone who can run `bin/auth recover` can do this anyway, this just reduces the chance I accidentally bypass MFA on the wrong session when doing support stuff. Test Plan: - Logged in with `bin/auth recover`, was prompted for MFA. - Logged in with `bin/auth recover --force-full-session`, was not prompted for MFA. - Did a password reset, followed reset link, was prompted for MFA. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13222 Differential Revision: https://secure.phabricator.com/D19903 --- .../auth/controller/PhabricatorAuthController.php | 13 +++++++++++-- .../PhabricatorAuthOneTimeLoginController.php | 7 ++++++- .../auth/engine/PhabricatorAuthSessionEngine.php | 8 ++++++-- .../PhabricatorAuthManagementRecoverWorkflow.php | 13 +++++++++++-- .../auth/storage/PhabricatorAuthTemporaryToken.php | 10 ++++++++++ 5 files changed, 44 insertions(+), 7 deletions(-) diff --git a/src/applications/auth/controller/PhabricatorAuthController.php b/src/applications/auth/controller/PhabricatorAuthController.php index 0ed86e3056..4d7644e2d1 100644 --- a/src/applications/auth/controller/PhabricatorAuthController.php +++ b/src/applications/auth/controller/PhabricatorAuthController.php @@ -45,9 +45,12 @@ abstract class PhabricatorAuthController extends PhabricatorController { * event and do something else if they prefer. * * @param PhabricatorUser User to log the viewer in as. + * @param bool True to issue a full session immediately, bypassing MFA. * @return AphrontResponse Response which continues the login process. */ - protected function loginUser(PhabricatorUser $user) { + protected function loginUser( + PhabricatorUser $user, + $force_full_session = false) { $response = $this->buildLoginValidateResponse($user); $session_type = PhabricatorAuthSession::TYPE_WEB; @@ -66,8 +69,14 @@ abstract class PhabricatorAuthController extends PhabricatorController { $should_login = $event->getValue('shouldLogin'); if ($should_login) { + if ($force_full_session) { + $partial_session = false; + } else { + $partial_session = true; + } + $session_key = id(new PhabricatorAuthSessionEngine()) - ->establishSession($session_type, $user->getPHID(), $partial = true); + ->establishSession($session_type, $user->getPHID(), $partial_session); // NOTE: We allow disabled users to login and roadblock them later, so // there's no check for users being disabled here. diff --git a/src/applications/auth/controller/PhabricatorAuthOneTimeLoginController.php b/src/applications/auth/controller/PhabricatorAuthOneTimeLoginController.php index 9f74d50765..0cac95f53d 100644 --- a/src/applications/auth/controller/PhabricatorAuthOneTimeLoginController.php +++ b/src/applications/auth/controller/PhabricatorAuthOneTimeLoginController.php @@ -152,7 +152,12 @@ final class PhabricatorAuthOneTimeLoginController PhabricatorCookies::setNextURICookie($request, $next, $force = true); - return $this->loginUser($target_user); + $force_full_session = false; + if ($link_type === PhabricatorAuthSessionEngine::ONETIME_RECOVER) { + $force_full_session = $token->getShouldForceFullSession(); + } + + return $this->loginUser($target_user, $force_full_session); } // NOTE: We need to CSRF here so attackers can't generate an email link, diff --git a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php index 8381e01950..cc317c894d 100644 --- a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php +++ b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php @@ -893,24 +893,28 @@ final class PhabricatorAuthSessionEngine extends Phobject { * link is used. * @param string Optional context string for the URI. This is purely cosmetic * and used only to customize workflow and error messages. + * @param bool True to generate a URI which forces an immediate upgrade to + * a full session, bypassing MFA and other login checks. * @return string Login URI. * @task onetime */ public function getOneTimeLoginURI( PhabricatorUser $user, PhabricatorUserEmail $email = null, - $type = self::ONETIME_RESET) { + $type = self::ONETIME_RESET, + $force_full_session = false) { $key = Filesystem::readRandomCharacters(32); $key_hash = $this->getOneTimeLoginKeyHash($user, $email, $key); $onetime_type = PhabricatorAuthOneTimeLoginTemporaryTokenType::TOKENTYPE; $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); - id(new PhabricatorAuthTemporaryToken()) + $token = id(new PhabricatorAuthTemporaryToken()) ->setTokenResource($user->getPHID()) ->setTokenType($onetime_type) ->setTokenExpires(time() + phutil_units('1 day in seconds')) ->setTokenCode($key_hash) + ->setShouldForceFullSession($force_full_session) ->save(); unset($unguarded); diff --git a/src/applications/auth/management/PhabricatorAuthManagementRecoverWorkflow.php b/src/applications/auth/management/PhabricatorAuthManagementRecoverWorkflow.php index 9efd07571a..3190a842f7 100644 --- a/src/applications/auth/management/PhabricatorAuthManagementRecoverWorkflow.php +++ b/src/applications/auth/management/PhabricatorAuthManagementRecoverWorkflow.php @@ -13,7 +13,13 @@ final class PhabricatorAuthManagementRecoverWorkflow 'of Phabricator.')) ->setArguments( array( - 'username' => array( + array( + 'name' => 'force-full-session', + 'help' => pht( + 'Recover directly into a full session without requiring MFA '. + 'or other login checks.'), + ), + array( 'name' => 'username', 'wildcard' => true, ), @@ -54,11 +60,14 @@ final class PhabricatorAuthManagementRecoverWorkflow $username)); } + $force_full_session = $args->getArg('force-full-session'); + $engine = new PhabricatorAuthSessionEngine(); $onetime_uri = $engine->getOneTimeLoginURI( $user, null, - PhabricatorAuthSessionEngine::ONETIME_RECOVER); + PhabricatorAuthSessionEngine::ONETIME_RECOVER, + $force_full_session); $console = PhutilConsole::getConsole(); $console->writeOut( diff --git a/src/applications/auth/storage/PhabricatorAuthTemporaryToken.php b/src/applications/auth/storage/PhabricatorAuthTemporaryToken.php index 76e9358831..8ffd603a47 100644 --- a/src/applications/auth/storage/PhabricatorAuthTemporaryToken.php +++ b/src/applications/auth/storage/PhabricatorAuthTemporaryToken.php @@ -106,6 +106,16 @@ final class PhabricatorAuthTemporaryToken extends PhabricatorAuthDAO return $this; } + public function setShouldForceFullSession($force_full) { + return $this->setTemporaryTokenProperty('force-full-session', $force_full); + } + + public function getShouldForceFullSession() { + return $this->getTemporaryTokenProperty('force-full-session', false); + } + + + /* -( PhabricatorPolicyInterface )----------------------------------------- */ From 38c48ae7d048e0858de7358b48c7e6744014c2f5 Mon Sep 17 00:00:00 2001 From: epriestley Date: Tue, 18 Dec 2018 11:31:45 -0800 Subject: [PATCH 40/44] Remove support for the "TYPE_AUTH_WILLLOGIN" event Summary: Depends on D19903. Ref T13222. This was a Facebook-specific thing from D6202 that I believe no other install ever used, and I'm generally trying to move away from the old "event" system (the more modern modular/engine patterns generally replace it). Just drop support for this. Since the constant is being removed, anything that's actually using it should break in an obvious way, and I'll note this in the changelog. There's no explicit replacement but I don't think this hook is useful for anything except "being Facebook in 2013". Test Plan: - Grepped for `TYPE_AUTH_WILLLOGIN`. - Logged in. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13222 Differential Revision: https://secure.phabricator.com/D19904 --- .../controller/PhabricatorAuthController.php | 57 +++++++------------ .../events/constant/PhabricatorEventType.php | 1 - 2 files changed, 21 insertions(+), 37 deletions(-) diff --git a/src/applications/auth/controller/PhabricatorAuthController.php b/src/applications/auth/controller/PhabricatorAuthController.php index 4d7644e2d1..9b7267ec96 100644 --- a/src/applications/auth/controller/PhabricatorAuthController.php +++ b/src/applications/auth/controller/PhabricatorAuthController.php @@ -55,44 +55,29 @@ abstract class PhabricatorAuthController extends PhabricatorController { $response = $this->buildLoginValidateResponse($user); $session_type = PhabricatorAuthSession::TYPE_WEB; - $event_type = PhabricatorEventType::TYPE_AUTH_WILLLOGINUSER; - $event_data = array( - 'user' => $user, - 'type' => $session_type, - 'response' => $response, - 'shouldLogin' => true, - ); - - $event = id(new PhabricatorEvent($event_type, $event_data)) - ->setUser($user); - PhutilEventEngine::dispatchEvent($event); - - $should_login = $event->getValue('shouldLogin'); - if ($should_login) { - if ($force_full_session) { - $partial_session = false; - } else { - $partial_session = true; - } - - $session_key = id(new PhabricatorAuthSessionEngine()) - ->establishSession($session_type, $user->getPHID(), $partial_session); - - // NOTE: We allow disabled users to login and roadblock them later, so - // there's no check for users being disabled here. - - $request = $this->getRequest(); - $request->setCookie( - PhabricatorCookies::COOKIE_USERNAME, - $user->getUsername()); - $request->setCookie( - PhabricatorCookies::COOKIE_SESSION, - $session_key); - - $this->clearRegistrationCookies(); + if ($force_full_session) { + $partial_session = false; + } else { + $partial_session = true; } - return $event->getValue('response'); + $session_key = id(new PhabricatorAuthSessionEngine()) + ->establishSession($session_type, $user->getPHID(), $partial_session); + + // NOTE: We allow disabled users to login and roadblock them later, so + // there's no check for users being disabled here. + + $request = $this->getRequest(); + $request->setCookie( + PhabricatorCookies::COOKIE_USERNAME, + $user->getUsername()); + $request->setCookie( + PhabricatorCookies::COOKIE_SESSION, + $session_key); + + $this->clearRegistrationCookies(); + + return $response; } protected function clearRegistrationCookies() { diff --git a/src/infrastructure/events/constant/PhabricatorEventType.php b/src/infrastructure/events/constant/PhabricatorEventType.php index c92503376b..3dea7b36e6 100644 --- a/src/infrastructure/events/constant/PhabricatorEventType.php +++ b/src/infrastructure/events/constant/PhabricatorEventType.php @@ -22,7 +22,6 @@ final class PhabricatorEventType extends PhutilEventType { const TYPE_PEOPLE_DIDRENDERMENU = 'people.didRenderMenu'; const TYPE_AUTH_WILLREGISTERUSER = 'auth.willRegisterUser'; - const TYPE_AUTH_WILLLOGINUSER = 'auth.willLoginUser'; const TYPE_AUTH_DIDVERIFYEMAIL = 'auth.didVerifyEmail'; } From ca39be60914b844d00df2cdc8356d610d7b1f372 Mon Sep 17 00:00:00 2001 From: epriestley Date: Tue, 18 Dec 2018 11:54:05 -0800 Subject: [PATCH 41/44] Make partial sessions expire after 30 minutes, and do not extend them Summary: Depends on D19904. Ref T13226. Ref T13222. Currently, partial sessions (where you've provided a primary auth factor like a password, but not yet provided MFA) work like normal sessions: they're good for 30 days and extend indefinitely under regular use. This behavior is convenient for full sessions, but normal users don't ever spend 30 minutes answering MFA, so there's no real reason to do it for partial sessions. If we add login alerts in the future, limiting partial sessions to a short lifetime will make them more useful, since an attacker can't get one partial session and keep extending it forever while waiting for an opportunity to get past your MFA. Test Plan: - Did a partial login (to the MFA prompt), checked database, saw a ~29 minute partial session. - Did a full login, saw session extend to ~30 days. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13226, T13222 Differential Revision: https://secure.phabricator.com/D19905 --- .../engine/PhabricatorAuthSessionEngine.php | 61 ++++++++++++------- .../auth/storage/PhabricatorAuthSession.php | 8 ++- 2 files changed, 46 insertions(+), 23 deletions(-) diff --git a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php index cc317c894d..ff3b2adc05 100644 --- a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php +++ b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php @@ -213,26 +213,7 @@ final class PhabricatorAuthSessionEngine extends Phobject { $session = id(new PhabricatorAuthSession())->loadFromArray($session_dict); - $ttl = PhabricatorAuthSession::getSessionTypeTTL($session_type); - - // If more than 20% of the time on this session has been used, refresh the - // TTL back up to the full duration. The idea here is that sessions are - // good forever if used regularly, but get GC'd when they fall out of use. - - // NOTE: If we begin rotating session keys when extending sessions, the - // CSRF code needs to be updated so CSRF tokens survive session rotation. - - if (time() + (0.80 * $ttl) > $session->getSessionExpires()) { - $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); - $conn_w = $session_table->establishConnection('w'); - queryfx( - $conn_w, - 'UPDATE %T SET sessionExpires = UNIX_TIMESTAMP() + %d WHERE id = %d', - $session->getTableName(), - $ttl, - $session->getID()); - unset($unguarded); - } + $this->extendSession($session); // TODO: Remove this, see T13225. if ($is_weak) { @@ -284,7 +265,9 @@ final class PhabricatorAuthSessionEngine extends Phobject { $conn_w = $session_table->establishConnection('w'); // This has a side effect of validating the session type. - $session_ttl = PhabricatorAuthSession::getSessionTypeTTL($session_type); + $session_ttl = PhabricatorAuthSession::getSessionTypeTTL( + $session_type, + $partial); $digest_key = PhabricatorAuthSession::newSessionDigest( new PhutilOpaqueEnvelope($session_key)); @@ -1086,4 +1069,40 @@ final class PhabricatorAuthSessionEngine extends Phobject { } } + private function extendSession(PhabricatorAuthSession $session) { + $is_partial = $session->getIsPartial(); + + // Don't extend partial sessions. You have a relatively short window to + // upgrade into a full session, and your session expires otherwise. + if ($is_partial) { + return; + } + + $session_type = $session->getType(); + + $ttl = PhabricatorAuthSession::getSessionTypeTTL( + $session_type, + $session->getIsPartial()); + + // If more than 20% of the time on this session has been used, refresh the + // TTL back up to the full duration. The idea here is that sessions are + // good forever if used regularly, but get GC'd when they fall out of use. + + $now = PhabricatorTime::getNow(); + if ($now + (0.80 * $ttl) <= $session->getSessionExpires()) { + return; + } + + $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); + queryfx( + $session->establishConnection('w'), + 'UPDATE %R SET sessionExpires = UNIX_TIMESTAMP() + %d + WHERE id = %d', + $session, + $ttl, + $session->getID()); + unset($unguarded); + } + + } diff --git a/src/applications/auth/storage/PhabricatorAuthSession.php b/src/applications/auth/storage/PhabricatorAuthSession.php index 6d54dda781..e007272f7f 100644 --- a/src/applications/auth/storage/PhabricatorAuthSession.php +++ b/src/applications/auth/storage/PhabricatorAuthSession.php @@ -72,10 +72,14 @@ final class PhabricatorAuthSession extends PhabricatorAuthDAO return $this->assertAttached($this->identityObject); } - public static function getSessionTypeTTL($session_type) { + public static function getSessionTypeTTL($session_type, $is_partial) { switch ($session_type) { case self::TYPE_WEB: - return phutil_units('30 days in seconds'); + if ($is_partial) { + return phutil_units('30 minutes in seconds'); + } else { + return phutil_units('30 days in seconds'); + } case self::TYPE_CONDUIT: return phutil_units('24 hours in seconds'); default: From 918f4ebcd82ce83046abac10146452f3c735bc51 Mon Sep 17 00:00:00 2001 From: epriestley Date: Tue, 18 Dec 2018 12:01:15 -0800 Subject: [PATCH 42/44] Fix a double-prompt for MFA when recovering a password account Summary: Depends on D19905. Ref T13222. In D19843, I refactored this stuff but `$jump_into_hisec` was dropped. This is a hint to keep the upgraded session in hisec mode, which we need to do a password reset when using a recovery link. Without it, we double prompt you for MFA: first to upgrade to a full session, then to change your password. Pass this into the engine properly to avoid the double-prompt. Test Plan: - Used `bin/auth recover` to get a partial session with MFA enabled and a password provider. - Before: double MFA prompt. - After: session stays upgraded when it becomes full, no second prompt. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13222 Differential Revision: https://secure.phabricator.com/D19906 --- src/applications/auth/engine/PhabricatorAuthSessionEngine.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php index ff3b2adc05..66a3e9e8fb 100644 --- a/src/applications/auth/engine/PhabricatorAuthSessionEngine.php +++ b/src/applications/auth/engine/PhabricatorAuthSessionEngine.php @@ -434,7 +434,7 @@ final class PhabricatorAuthSessionEngine extends Phobject { $viewer, $request, $cancel_uri, - false, + $jump_into_hisec, true); } From 1729e7b467927e6f439a14b2e40c46856ed50c25 Mon Sep 17 00:00:00 2001 From: epriestley Date: Tue, 18 Dec 2018 12:37:00 -0800 Subject: [PATCH 43/44] Improve UI for "wait" and "answered" MFA challenges Summary: Depends on D19906. Ref T13222. This isn't going to win any design awards, but make the "wait" and "answered" elements a little more clear. Ideally, the icon parts could be animated Google Authenticator-style timers (but I think we'd need to draw them in a `` unless there's some clever trick that I don't know) or maybe we could just have the background be like a "water level" that empties out. Not sure I'm going to actually write the JS for either of those, but the UI at least looks a little more intentional. Test Plan: {F6070914} {F6070915} Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13222 Differential Revision: https://secure.phabricator.com/D19908 --- resources/celerity/map.php | 6 +-- src/__phutil_library_map__.php | 2 + .../auth/factor/PhabricatorAuthFactor.php | 17 +++++-- .../PhabricatorUSEnglishTranslation.php | 45 +++++++++++++++++++ .../form/control/PHUIFormTimerControl.php | 40 +++++++++++++++++ webroot/rsrc/css/phui/phui-form-view.css | 18 ++++++++ 6 files changed, 121 insertions(+), 7 deletions(-) create mode 100644 src/view/form/control/PHUIFormTimerControl.php diff --git a/resources/celerity/map.php b/resources/celerity/map.php index 7044c5293a..69896ca0b1 100644 --- a/resources/celerity/map.php +++ b/resources/celerity/map.php @@ -9,7 +9,7 @@ return array( 'names' => array( 'conpherence.pkg.css' => 'e68cf1fa', 'conpherence.pkg.js' => '15191c65', - 'core.pkg.css' => '9d1148a4', + 'core.pkg.css' => '47535fd5', 'core.pkg.js' => 'bd89cb1d', 'differential.pkg.css' => '06dc617c', 'differential.pkg.js' => 'ef0b989b', @@ -151,7 +151,7 @@ return array( 'rsrc/css/phui/phui-document.css' => 'c4ac41f9', 'rsrc/css/phui/phui-feed-story.css' => '44a9c8e9', 'rsrc/css/phui/phui-fontkit.css' => '1320ed01', - 'rsrc/css/phui/phui-form-view.css' => '2f43fae7', + 'rsrc/css/phui/phui-form-view.css' => 'b04e08d9', 'rsrc/css/phui/phui-form.css' => '7aaa04e3', 'rsrc/css/phui/phui-head-thing.css' => 'fd311e5f', 'rsrc/css/phui/phui-header-view.css' => '1ba8b707', @@ -819,7 +819,7 @@ return array( 'phui-font-icon-base-css' => '870a7360', 'phui-fontkit-css' => '1320ed01', 'phui-form-css' => '7aaa04e3', - 'phui-form-view-css' => '2f43fae7', + 'phui-form-view-css' => 'b04e08d9', 'phui-head-thing-view-css' => 'fd311e5f', 'phui-header-view-css' => '1ba8b707', 'phui-hovercard' => '1bd28176', diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php index 552a27a321..f96f2f8583 100644 --- a/src/__phutil_library_map__.php +++ b/src/__phutil_library_map__.php @@ -1946,6 +1946,7 @@ phutil_register_library_map(array( 'PHUIFormInsetView' => 'view/form/PHUIFormInsetView.php', 'PHUIFormLayoutView' => 'view/form/PHUIFormLayoutView.php', 'PHUIFormNumberControl' => 'view/form/control/PHUIFormNumberControl.php', + 'PHUIFormTimerControl' => 'view/form/control/PHUIFormTimerControl.php', 'PHUIHandleListView' => 'applications/phid/view/PHUIHandleListView.php', 'PHUIHandleTagListView' => 'applications/phid/view/PHUIHandleTagListView.php', 'PHUIHandleView' => 'applications/phid/view/PHUIHandleView.php', @@ -7574,6 +7575,7 @@ phutil_register_library_map(array( 'PHUIFormInsetView' => 'AphrontView', 'PHUIFormLayoutView' => 'AphrontView', 'PHUIFormNumberControl' => 'AphrontFormControl', + 'PHUIFormTimerControl' => 'AphrontFormControl', 'PHUIHandleListView' => 'AphrontTagView', 'PHUIHandleTagListView' => 'AphrontTagView', 'PHUIHandleView' => 'AphrontView', diff --git a/src/applications/auth/factor/PhabricatorAuthFactor.php b/src/applications/auth/factor/PhabricatorAuthFactor.php index 5dccbe1653..e3761c45b3 100644 --- a/src/applications/auth/factor/PhabricatorAuthFactor.php +++ b/src/applications/auth/factor/PhabricatorAuthFactor.php @@ -190,16 +190,25 @@ abstract class PhabricatorAuthFactor extends Phobject { $error = $result->getErrorMessage(); - return id(new AphrontFormMarkupControl()) - ->setValue($error) + $icon = id(new PHUIIconView()) + ->setIcon('fa-clock-o', 'red'); + + return id(new PHUIFormTimerControl()) + ->setIcon($icon) + ->appendChild($error) ->setError(pht('Wait')); } private function newAnsweredControl( PhabricatorAuthFactorResult $result) { - return id(new AphrontFormMarkupControl()) - ->setValue(pht('Answered!')); + $icon = id(new PHUIIconView()) + ->setIcon('fa-check-circle-o', 'green'); + + return id(new PHUIFormTimerControl()) + ->setIcon($icon) + ->appendChild( + pht('You responded to this challenge correctly.')); } diff --git a/src/infrastructure/internationalization/translation/PhabricatorUSEnglishTranslation.php b/src/infrastructure/internationalization/translation/PhabricatorUSEnglishTranslation.php index 5169c08ffd..ec07d018b7 100644 --- a/src/infrastructure/internationalization/translation/PhabricatorUSEnglishTranslation.php +++ b/src/infrastructure/internationalization/translation/PhabricatorUSEnglishTranslation.php @@ -1673,6 +1673,51 @@ final class PhabricatorUSEnglishTranslation 'pass: %2$s.', ), + 'This factor recently issued a challenge to a different login '. + 'session. Wait %s second(s) for the code to cycle, then try '. + 'again.' => array( + 'This factor recently issued a challenge to a different login '. + 'session. Wait %s second for the code to cycle, then try '. + 'again.', + 'This factor recently issued a challenge to a different login '. + 'session. Wait %s seconds for the code to cycle, then try '. + 'again.', + ), + + 'This factor recently issued a challenge for a different '. + 'workflow. Wait %s second(s) for the code to cycle, then try '. + 'again.' => array( + 'This factor recently issued a challenge for a different '. + 'workflow. Wait %s second for the code to cycle, then try '. + 'again.', + 'This factor recently issued a challenge for a different '. + 'workflow. Wait %s seconds for the code to cycle, then try '. + 'again.', + ), + + + 'This factor recently issued a challenge which has expired. '. + 'A new challenge can not be issued yet. Wait %s second(s) for '. + 'the code to cycle, then try again.' => array( + 'This factor recently issued a challenge which has expired. '. + 'A new challenge can not be issued yet. Wait %s second for '. + 'the code to cycle, then try again.', + 'This factor recently issued a challenge which has expired. '. + 'A new challenge can not be issued yet. Wait %s seconds for '. + 'the code to cycle, then try again.', + ), + + 'You recently provided a response to this factor. Responses '. + 'may not be reused. Wait %s second(s) for the code to cycle, '. + 'then try again.' => array( + 'You recently provided a response to this factor. Responses '. + 'may not be reused. Wait %s second for the code to cycle, '. + 'then try again.', + 'You recently provided a response to this factor. Responses '. + 'may not be reused. Wait %s seconds for the code to cycle, '. + 'then try again.', + ), + ); } diff --git a/src/view/form/control/PHUIFormTimerControl.php b/src/view/form/control/PHUIFormTimerControl.php new file mode 100644 index 0000000000..7229d649e9 --- /dev/null +++ b/src/view/form/control/PHUIFormTimerControl.php @@ -0,0 +1,40 @@ +icon = $icon; + return $this; + } + + public function getIcon() { + return $this->icon; + } + + protected function getCustomControlClass() { + return 'phui-form-timer'; + } + + protected function renderInput() { + $icon_cell = phutil_tag( + 'td', + array( + 'class' => 'phui-form-timer-icon', + ), + $this->getIcon()); + + $content_cell = phutil_tag( + 'td', + array( + 'class' => 'phui-form-timer-content', + ), + $this->renderChildren()); + + $row = phutil_tag('tr', array(), array($icon_cell, $content_cell)); + + return phutil_tag('table', array(), $row); + } + +} diff --git a/webroot/rsrc/css/phui/phui-form-view.css b/webroot/rsrc/css/phui/phui-form-view.css index 539eaa2e71..cd44b1135e 100644 --- a/webroot/rsrc/css/phui/phui-form-view.css +++ b/webroot/rsrc/css/phui/phui-form-view.css @@ -556,3 +556,21 @@ properly, and submit values. */ .phuix-form-checkbox-label { margin-left: 4px; } + +.phui-form-timer-icon { + width: 28px; + height: 28px; + padding: 4px; + font-size: 18px; + background: {$greybackground}; + border-radius: 4px; + text-align: center; + vertical-align: middle; + text-shadow: 1px 1px rgba(0, 0, 0, 0.05); +} + +.phui-form-timer-content { + padding: 4px 8px; + color: {$darkgreytext}; + vertical-align: middle; +} From 106e90dcf0863785d3b1ace08190f750e872f3e6 Mon Sep 17 00:00:00 2001 From: epriestley Date: Tue, 18 Dec 2018 14:27:39 -0800 Subject: [PATCH 44/44] Remove the "willApplyTransactions()" hook from ApplicationTransactionEditor Summary: Depends on D19908. Ref T13222. In D19897, I reordered some transaction code and affected the call order of `willApplyTransactions()`. It turns out that we use this call for only one thing, and that thing is pretty silly: naming the raw paste data file when editing paste content. This is only user-visible in the URL when you click "View Raw Paste" and seems exceptionally low-value, so remove the hook and pick a consistent name for the paste datafiles. (We could retain the name behavior in other ways, but it hardly seems worthwhile.) Test Plan: - Created and edited a paste. - Grepped for `willApplyTransactions()`. Note that `EditEngine` (vs `ApplicationTransacitonEditor`) still has a `willApplyTransactions()`, which has one callsite in Phabricator (in Calendar) and a couple in Instances. That's untouched and still works. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13222 Differential Revision: https://secure.phabricator.com/D19909 --- .../PhabricatorPasteContentTransaction.php | 28 ++----------------- ...habricatorApplicationTransactionEditor.php | 15 ---------- .../storage/PhabricatorModularTransaction.php | 5 ---- .../PhabricatorModularTransactionType.php | 4 --- 4 files changed, 3 insertions(+), 49 deletions(-) diff --git a/src/applications/paste/xaction/PhabricatorPasteContentTransaction.php b/src/applications/paste/xaction/PhabricatorPasteContentTransaction.php index c90892345d..1e4ad2d26c 100644 --- a/src/applications/paste/xaction/PhabricatorPasteContentTransaction.php +++ b/src/applications/paste/xaction/PhabricatorPasteContentTransaction.php @@ -5,8 +5,6 @@ final class PhabricatorPasteContentTransaction const TRANSACTIONTYPE = 'paste.create'; - private $fileName; - public function generateOldValue($object) { return $object->getFilePHID(); } @@ -32,26 +30,6 @@ final class PhabricatorPasteContentTransaction return array($error); } - public function willApplyTransactions($object, array $xactions) { - // Find the most user-friendly filename we can by examining the title of - // the paste and the pending transactions. We'll use this if we create a - // new file to store raw content later. - - $name = $object->getTitle(); - if (!strlen($name)) { - $name = 'paste.raw'; - } - - $type_title = PhabricatorPasteTitleTransaction::TRANSACTIONTYPE; - foreach ($xactions as $xaction) { - if ($xaction->getTransactionType() == $type_title) { - $name = $xaction->getNewValue(); - } - } - - $this->fileName = $name; - } - public function generateNewValue($object, $value) { // If this transaction does not really change the paste content, return // the current file PHID so this transaction no-ops. @@ -66,16 +44,16 @@ final class PhabricatorPasteContentTransaction $editor = $this->getEditor(); $actor = $editor->getActor(); - $file = $this->newFileForPaste($actor, $this->fileName, $value); + $file = $this->newFileForPaste($actor, $value); return $file->getPHID(); } - private function newFileForPaste(PhabricatorUser $actor, $name, $data) { + private function newFileForPaste(PhabricatorUser $actor, $data) { return PhabricatorFile::newFromFileData( $data, array( - 'name' => $name, + 'name' => 'raw.txt', 'mime-type' => 'text/plain; charset=utf-8', 'authorPHID' => $actor->getPHID(), 'viewPolicy' => PhabricatorPolicies::POLICY_NOONE, diff --git a/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php b/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php index e58a3618a3..854c361614 100644 --- a/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php +++ b/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php @@ -1026,8 +1026,6 @@ abstract class PhabricatorApplicationTransactionEditor $xactions = $this->filterTransactions($object, $xactions); if (!$is_preview) { - $this->willApplyTransactions($object, $xactions); - $this->hasRequiredMFA = true; if ($this->getShouldRequireMFA()) { $this->requireMFA($object, $xactions); @@ -4374,19 +4372,6 @@ abstract class PhabricatorApplicationTransactionEditor return idx($types, $type); } - private function willApplyTransactions($object, array $xactions) { - foreach ($xactions as $xaction) { - $type = $xaction->getTransactionType(); - - $xtype = $this->getModularTransactionType($type); - if (!$xtype) { - continue; - } - - $xtype->willApplyTransactions($object, $xactions); - } - } - public function getCreateObjectTitle($author, $object) { return pht('%s created this object.', $author); } diff --git a/src/applications/transactions/storage/PhabricatorModularTransaction.php b/src/applications/transactions/storage/PhabricatorModularTransaction.php index f6aece2a7f..38b9d1835d 100644 --- a/src/applications/transactions/storage/PhabricatorModularTransaction.php +++ b/src/applications/transactions/storage/PhabricatorModularTransaction.php @@ -69,11 +69,6 @@ abstract class PhabricatorModularTransaction ->generateNewValue($object, $this->getNewValue()); } - final public function willApplyTransactions($object, array $xactions) { - return $this->getTransactionImplementation() - ->willApplyTransactions($object, $xactions); - } - final public function applyInternalEffects($object) { return $this->getTransactionImplementation() ->applyInternalEffects($object); diff --git a/src/applications/transactions/storage/PhabricatorModularTransactionType.php b/src/applications/transactions/storage/PhabricatorModularTransactionType.php index 35dd3ac197..3d2efe0501 100644 --- a/src/applications/transactions/storage/PhabricatorModularTransactionType.php +++ b/src/applications/transactions/storage/PhabricatorModularTransactionType.php @@ -23,10 +23,6 @@ abstract class PhabricatorModularTransactionType return array(); } - public function willApplyTransactions($object, array $xactions) { - return; - } - public function applyInternalEffects($object, $value) { return; }