1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-01 03:02:43 +01:00
Commit graph

991 commits

Author SHA1 Message Date
epriestley
008461a395 Use getBestURI() to set file handle URIs
Summary: getBestURI() = best URI

Test Plan:
It says "best" in the name so it must be the best!

Also in Maniphest emails we'll link you to /view/ even for binaries and other
non-viewable content.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: anjali, aran

Differential Revision: https://secure.phabricator.com/D1461
2012-01-19 17:16:30 -08:00
awyler
6080d74112 Created personal vs. global herald rule distingtion
Summary:
A personal rule only has actions targeting the owner.  Likewise, only they can
edit the rule. OTOH, a global may affect any target and is editable by anyone.

There are no new action types.  Instead, type of the rule modifies the available
targets and the messaging in the ui.  This is beneficial because herald rule
adapters don't need to be aware of the difference between emailing the owner of
a personal rule and emailing an arbitrary user.

This diff sets up the logic and ui for creating personal/global rules.  All
existing rules have been defaulted to global.

TODO: Filter all existing rules into personal/global
TODO: Create a UI for surfacing (relevant?) global rules.

Test Plan:
1. Created a personal rule to email myself.  Created a dumby revision satisfying
the conditions of that rule.  Verified that I recieved a herald email.
2. Removed my adminship, change the owner of a personal rule. verified that I
couldn't edit the rule.
3.Changed rule type to global. verified that I could edit the rule.
4. Verified that admins can edit both global and personal rules.

Reviewers: epriestley, jungejason

Reviewed By: epriestley

CC: aran, zizzy

Differential Revision: https://secure.phabricator.com/D1449
2012-01-19 11:21:49 -08:00
Dave Ingram
3edf60627d Add support for marking files as "generated" by regexp against path
Summary:
Not all auto-generated files can include the magical
"generated" annotation for one reason or another, but they may follow
path rules. This patch allows files to be marked as automatically
generated by matching the path with a regular expression.

Test Plan:
Alter 'differential.generated-paths' setting in config.
Create a new diff that affects a file matching one of those regular
expressions. Verify that Differential marks it as automatically
generated and therefore probably not worth reviewing (in the same way as
the magical "generated" annotation.

Reviewers: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D1455
2012-01-19 18:30:19 +00:00
tuomaspelkonen
7f9fb3597d Make updating postponed tests work again for Facebook.
Summary: It was broken by D!352

Test Plan: Praying that it works.

Reviewers: nh, epriestley, andrewjcg

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D1453
2012-01-18 20:46:16 -08:00
epriestley
ad36865e50 Add optional "Re:" prefix to all threaded mail and allow disabling mail about
your own actions

Summary:
  - Mail.app on Lion has cumbersome threading rules, see T782. Add an option to
stick "Re: " in front of all threaded mail so it behaves. This is horrible, but
apparently the least-horrible option.
  - While I was in there, I added an option for T228.

Test Plan:
  - Sent a bunch of threaded and unthreaded mail with varous "Re:" settings,
seemed to get "Re:" in the right places.
  - Disabled email about my stuff, created a task with just me, got voided mail,
added a CC, got mail to just the CC.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran, mkjones

Maniphest Tasks: T228, T782

Differential Revision: https://secure.phabricator.com/D1448
2012-01-18 15:20:50 -08:00
awyler
14d16eab17 Enable Phabricator admin to change the owner of a herald rule
Summary:
Added a typeahead in the edit herald rule page that allows an admin or
owner to change the current owner of a rule.  If the typeahead is emptied, the
current owner will remain owner.

Test Plan:
Created a test rule.  Changed the owner.  Deleted the owner in the
typahead. Verified expected behavior.

Reviewers: jungejason, epriestley

Reviewed By: epriestley

CC: aran, jungejason, epriestley, xela

Differential Revision: https://secure.phabricator.com/D1322
2012-01-18 11:59:35 -08:00
epriestley
42ddad1bc8 Add project.query to Conduit
Summary: Add a conduit method to query project information.

Test Plan: Ran method from API test console.

Reviewers: bill, btrahan, jungejason

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T681

Differential Revision: https://secure.phabricator.com/D1444
2012-01-18 09:57:26 -08:00
vrana
6472dbe168 Change fileName to filename
Summary: There are lots of callsites to $changeset->getFilename() so it seemed
easier to rename getFileName() to getFilename() even if it includes database
change. Plus I think that getFilename() is better.

Test Plan:
Alter database.
Open revision.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D1437
2012-01-17 10:50:14 -08:00
epriestley
ef768f9694 Use phutil_utf8_hard_wrap() in Phabricator
Summary: See D1433.

Test Plan: Created a new diff with a line >80chars, observed it wrapping
correctly.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D1438
2012-01-17 09:48:58 -08:00
epriestley
e2c75d5dc2 Improve Differential handling of disabled users
Summary:
We currently allow you to assign code review to disabled users, but
should not.

Test Plan:
  - Created revisions with no reviewers and only disabled reviewers, was
appropriately warned.
  - Looked at a disabled user handle link, was clearly informed.
  - Tried to create a new revision with a disabled reviewer, was rebuffed.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D1429
2012-01-17 09:27:19 -08:00
jungejason
4faab06c3c Enable herald rule for commits that need auditing
Summary:
enable herald commit rules to have access to auditing info.

Note that the new herald condition I added contains info for the
packages. I thought about using a simpler herald condition like
"Requires audit is true or false" and let it work together with the
existing "Affected package contains any of the package". It doesn't work
because we need the info about the package to decide if the commit
requires audit, but the herald conditions work separately.

Test Plan:
- A commit requiring auditing was detected by a herald rule that checks
  the auditing status
- A commit not requiring auditing was not detected by a herald rule
  which checks auditing status, but was detected by a rule which doesn't
  check the auditing status

Reviewers: epriestley, nh

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1399
2012-01-17 09:13:07 -08:00
epriestley
05ee317555 Remove "parsedHunk" property
Summary: This is never read anywhere and clearly has no effect.

Test Plan: grep

Reviewers: vrana, btrahan, jungejason

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D1434
2012-01-17 08:09:56 -08:00
epriestley
8f1c7dc663 Remove some unused nonsense
Summary: These blocks do nothing. end() produces a side effect on the internal
array pointer, but the code does not depend on it.

Test Plan: Reasoned about the code? Also viewed some diffs.

Reviewers: vrana, btrahan, jungejason

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D1432
2012-01-17 08:09:45 -08:00
epriestley
2d8b35db93 Remove getDisplayLine()
Summary: No callsites anywhere. Unclear what this method is even supposed to do.

Test Plan: grep

Reviewers: vrana, btrahan, jungejason

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D1435
2012-01-17 08:09:38 -08:00
epriestley
96c08a4f37 Put file name in view URI, so downloading it with option-return creates a
usefully-named file

Summary:
If you Command-L + Option-Return to download stuff off, e.g., Paste,
you get "PHID-FILE-ad98abg9bsd9ashbs.txt" in your download folder. Put the file
name in the URI instead, so you get a reasonably named file.

Test Plan: Downloaded some files, got reasonable results.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D1427
2012-01-16 17:38:10 -08:00
vrana
f94c05a5bb Declare property
Test Plan: Display revision

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D1430
2012-01-16 17:36:11 -08:00
vrana
8bed2f4387 Utilize phutil_render_tag()
Test Plan: Display diff with lint error.

Reviewers: pad, epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D1428
2012-01-16 17:08:21 -08:00
epriestley
b35ea500cc Allow files to be deleted
Summary:
A couple of people mentioned that they've had users accidentally upload
sensitive files. Allow files to be deleted.

(At some point it might be nice to keep the file handle around and log who
deleted it, but this addresses the immediate problem without needing too much
work.)

Test Plan: Deleted some files.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T780

Differential Revision: https://secure.phabricator.com/D1423
2012-01-16 16:15:18 -08:00
vrana
c0592b55d7 Use generic URIs
Summary:
/diffusion/X/history/?copies=0 is same as /diffusion/X/history/
/countdown/1/?chrome=1 is same as /countdown/1/

Test Plan:
Visit /diffusion/X/history/, click on Show/Hide Copies/Branches twice.
Visit /countdown/1/, click on Disable/Enable Chrome twice.

Reviewers: epriestley, tuomaspelkonen

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D1424
2012-01-16 14:53:05 -08:00
epriestley
82c0795e54 Unify logic for username validation
Summary: Revisit of D1254. Don't require lowercase, just standardize the logic.
The current implementation has nonuniform logic -- PeopleEditController forbids
uppercase.

Test Plan: Ran unit tests, see also D1254.

Reviewers: btrahan, jungejason, aran

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D1415
2012-01-16 11:52:59 -08:00
epriestley
f81021fa7f Improve error message for Conduit path problems
Summary:
A few people in IRC have been having issues here recently. If you misconfigure
the IRC bot, e.g., you get a 200 response back with a bunch of login HTML in it.
This is unhelpful.

Try to detect that a conduit request is going to the wrong path and raise a
concise, explicit error which is comprehensible from the CLI.

Also created a "PlainText" response and moved the IE nosniff header to the base
response object.

Test Plan: As a logged-out user, hit various nonsense with "?__conduit__=true"
in the URI. Got good error messages. Hit nonsense without it, got login screens.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T775

Differential Revision: https://secure.phabricator.com/D1407
2012-01-16 11:48:21 -08:00
vrana
f109342a7a Display link in Revision ToC for copied or moved files
Summary:
They are present in the document so there is not reason to omit the links to
them.
They sometimes contains changed lines so the link could be actualy useful.

Test Plan: Display ToC of revision with moved and copied files.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley, nh

Differential Revision: https://secure.phabricator.com/D1412
2012-01-16 09:10:17 -08:00
vrana
c7997e0a7c Display Show Raw File links in Differential only if the file exists
Test Plan:
Open menu for added file
Open menu for deleted file
Open menu for changed file

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1410
2012-01-16 09:08:40 -08:00
epriestley
025cc1376e Fix a fatal on the file info screen
Summary: D1354 added a query for a possibly-empty list -- only show the table if
there are transformations.

Test Plan: Reloaded a previously-fataling page, no fatals. Viewed a file with
transformations, got a list.

Reviewers: davidreuss, btrahan, jungejason

Reviewed By: davidreuss

CC: aran, davidreuss

Differential Revision: https://secure.phabricator.com/D1414
2012-01-16 07:01:23 -08:00
vrana
49a59bd885 Fix XSS in Differential
Test Plan: Display a revision with file copied to ##<b>hack</b>##.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1411
2012-01-15 22:36:14 -08:00
vrana
9ba4f24e93 Send 403 for admin pages without being admin
Summary: I've also moved the response generation for 404 from
##AphrontDefaultApplicationConfiguration## to ##buildResponseString()##

Test Plan:
Visit /
Visit /mail/
Visit /x/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley, vrana

Differential Revision: https://secure.phabricator.com/D1406
2012-01-15 17:30:23 -08:00
epriestley
d8bbf55959 Improve behavior when user submits a no-op action in Differential
Summary:
See T730 and the slightly-less-pretty version of this in D1398.

When a user takes an action in Differential that has no effect (for instance,
accepting an already-accepted revision), prompt them:

  Action Has No Effect

  You can not accept this revision because it has already been accepted.

  Do you want to post the feedback anyway, as a normal comment?

                        [Cancel] [Post as Comment]

If they have no comment text, the dialog only says "Cancel".

I think this is probably the best way to balance all the concerns here -- it
might occasionally be a little annoying, but that should be rare, and it should
never be confusing (the current workflow is extremely confusing).

This also fixes the issue where you can add all sorts of CCs who are already
part of the revision, either explicitly or via mentions.

Test Plan:
Posted some has-effect and has-no-effect comments, made different
choices in the dialog, everything seems to work OK?

Reviewers: vrana, btrahan, jungejason

Reviewed By: vrana

CC: aran, vrana

Maniphest Tasks: T730

Differential Revision: https://secure.phabricator.com/D1403
2012-01-15 03:44:09 -08:00
vrana
4cff02dcc0 Add BRANCH to Accepted and Needs Revision e-mails
Summary:
I always forget a branch which I used for the diff so that I must open
my browser which takes some time. This diff adds the name of the branch to the
sent e-mails. But only if the diff is in the state Accepted or Needs Revision to
not pollute other e-mails.

Test Plan:
Comment
Request changes
Accept
Look at the e-mails

Reviewers: epriestley

Reviewed By: epriestley

CC: olivier, aran, epriestley, vrana

Differential Revision: https://secure.phabricator.com/D1396
2012-01-14 11:12:28 -08:00
vrana
c6febdfc52 Add link from lint error to code
Test Plan:
Display diff with lint errors
Click on a line number in lint errors overview

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1400
2012-01-14 11:11:17 -08:00
vrana
5cf6d788ce Don't add author and reviewers to CCs
Summary:
Commenting on a diff causes adding the writer to the CCs. It doesn't make much
sense if the writer is author or reviewer who get all the copies anyway.

I've also moved the decision to DifferentialCommentEditor.

Test Plan:
Comment on a diff where I am author
Comment on a diff where I am reviewer
Comment on a diff where I am neither
Explicitely Add CCs where I am author

Reviewers: epriestley

Reviewed By: epriestley

CC: jungejason, aran, epriestley

Differential Revision: https://secure.phabricator.com/D1397
2012-01-14 11:10:40 -08:00
epriestley
cedb0c045a Lock down accepted next URI values for redirect after login
Summary:
I locked this down a little bit recently, but make
double-extra-super-sure that we aren't sending the user anywhere suspicious or
open-redirecty. This also locks down protocol-relative URIs (//evil.com/path)
although I don't think any browsers do bad stuff with them in this context, and
header injection URIs (although I don't think any of the modern PHP runtimes are
vulnerable).

Test Plan:
  - Ran tests.
  - Hit redirect page with valid and invalid next URIs; was punted to / for
invalid ones and to the right place for valid ones.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: arice, aran, epriestley, btrahan

Differential Revision: https://secure.phabricator.com/D1369
2012-01-13 11:58:45 -08:00
Bob Trahan
cf61f0e32d Adding an "ssh" client for conduit
Summary: ..."ssh" is in quotes 'cuz this is step 1 and there's no ssh in sight
at the moment.

Test Plan:
ran api.php PHID-USER-xee4ju2teq7mflitwfcs differential.query a few times...
 - tried valid input, it worked!
 - tried bad input, it worked in that it failed and told me so!
ran api.php crap_user differential.query a few times...
 - verified error message with respect to crap_user
ran api.php PHID-USER-xee4ju2teq7mflitwfcs crap_method a few times...
 - verified error message with respect to crap_method
visited http://phabricator.dev/conduit/method/differential.query a few times...
 - tried valid input, it worked!

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, btrahan, epriestley

Maniphest Tasks: T550

Differential Revision: https://secure.phabricator.com/D1357
2012-01-13 11:54:13 -08:00
epriestley
04eb1f98e2 Always mark revisions as "updated" when users comment on them
Summary: See T773 and the explanatory inline comment.

Test Plan: Made no-action comments and comments that did something (reject, plan
changes) to revisions. Saw them always jump to the top of the action list.

Reviewers: jungejason, simpkins, btrahan

Reviewed By: jungejason

CC: aran, jungejason

Maniphest Tasks: T773

Differential Revision: https://secure.phabricator.com/D1386
2012-01-12 20:08:26 -08:00
epriestley
f5e1e3377c Add basic draft support to Phriction
Summary:
  - When a user is creating a Phriction document, save a draft as
"phriction:<slug>".
  - When a user is editing a Phriction document, save a draft as "<document
phid>:<document version>".
  - If a user has an available draft, use that instead of the native content.
  - If using a draft, tell the user and give them an option to discard it.
  - If a page is updated, your draft is lost (we show new page content
unconditionally) but this should be rare and is the simplest way to resolve this
issue in a realtively consistent way.

Test Plan:
  - Recovered drafts for new and edited pages.
  - Used "nodraft" to discard drafts.

Reviewers: davidreuss, btrahan, jungejason

Reviewed By: davidreuss

CC: aran, davidreuss

Maniphest Tasks: T769

Differential Revision: https://secure.phabricator.com/D1378
2012-01-12 18:04:20 -08:00
Jason Ge
cf35a640ec Enable filtering for committed revisions
Summary:
engineers requested to supporting filtering by 'committed'
revisions, and I think it makes sense.

Test Plan: verified that all the three options worked

Reviewers: epriestley, btrahan, nh

Reviewed By: nh

CC: nh, wolffiex, aran

Differential Revision: https://secure.phabricator.com/D1383
2012-01-12 17:02:20 -08:00
epriestley
bfbe6ec594 Prevent login brute forcing with captchas
Summary: If a remote address has too many recent login failures, require they
fill out a captcha before they can attempt to login.

Test Plan: Tried to login a bunch of times, then submitted the CAPTHCA form with
various combinations of valid/invalid passwords and valid/invalid captchas.

Reviewers: btrahan, jungejason

Reviewed By: jungejason

CC: aran, epriestley, jungejason

Maniphest Tasks: T765

Differential Revision: https://secure.phabricator.com/D1379
2012-01-12 15:22:05 -08:00
epriestley
7f7710a24d Add @phutil-external-symbol declarations to Phabricator
Summary: See D1381.

Test Plan: Ran "arc liberate src/ --all" and got a clean rebuild.

Reviewers: btrahan, jungejason

Reviewed By: jungejason

CC: aran, jungejason

Maniphest Tasks: T762

Differential Revision: https://secure.phabricator.com/D1382
2012-01-12 15:20:18 -08:00
epriestley
d84c0a5be5 Validate all fields in differential.parsecommitmessage
Summary:
  - We currently run ##parseValueFromCommitMessage()## on all fields present in
the message, but not ##validateField()##.
  - This detects value errors (e.g., an invalid reviewer) but not higher-level
errors (e.g., a missing field).
  - This can break the stacked-commits Git mutable history workflow by
recognizing too many commit messages as valid ("multiple valid commit messages,
this is ambiguous").
  - This also gives you some errors ("Missing test plan") too late in "arc diff
--create" (after the diff has been built).

Test Plan:
  - Grepped for validateField() calls, removed a couple of calls that had the
same implementation as the base class.
  - Grepped for other calls to this to make sure I'm not stumbling into
unintended side effects, but it only runs from the diff workflow.
  - Ran "arc diff --create" with an invalid test plan, got a good error early in
the process.
  - Ran "arc diff master" with stacked local commits, got a correct selection of
the intended message.

Reviewers: cpiro, btrahan, jungejason

Reviewed By: cpiro

CC: aran, cpiro

Differential Revision: https://secure.phabricator.com/D1373
2012-01-12 15:20:11 -08:00
epriestley
02fb5fea89 Allow configuration of a minimum password length, unify password reset
interfaces

Summary:
  - We have a hard-coded minimum length of 3 right now (and 1 in the other
interface), which is sort of silly.
  - Provide a more reasonable default, and allow it to be configured.
  - We have two password reset interfaces, one of which no longer actually
requires you to verify you own the account. This is more than a bit derp.
  - Merge the interfaces into one, using either an email token or the account's
current password to let you change the password.

Test Plan:
  - Reset password on an account.
  - Changed password on an account.
  - Created a new account, logged in, set the password.
  - Tried to set a too-short password, got an error.

Reviewers: btrahan, jungejason, nh

Reviewed By: jungejason

CC: aran, jungejason

Maniphest Tasks: T766

Differential Revision: https://secure.phabricator.com/D1374
2012-01-12 07:39:13 -08:00
epriestley
8b3ab97d64 Fix fatal on project list
Summary:
Until T605 gets fixed, you might end up with a Project without a Profile if the
Profile insert failed. This fatals the list view; instead, don't fatal if a
profile is missing.

(At some point we should probably just merge this field into the Project object,
I was just mimicking the user/profile separation but we have partial-field
object support now and Projects aren't super heavily used or very big.)

Test Plan:
  - Viewed list view including a project with a missing profile.
  - Edited the project, creating its profile.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: arice, aran, btrahan

Differential Revision: https://secure.phabricator.com/D1368
2012-01-12 06:52:24 -08:00
epriestley
65a56c6ce0 Improve mailing list edit form
Summary:
  - Add some captions to make it more clear what these fields mean.
  - Require "name", since tokenizers use it exclusively.
  - Limit URI to allowed protocols, since admins can currently XSS users by
entering a "javascript:" URI and then tricking the user into clicking the
mailing list name. This exploit is dumb, but technically privilege escallation.

Test Plan:
  - Created a new mailing list.
  - Edited a mailing list.
  - Tested URI: valid, invalid, omitted.
  - Tested name: valid, omitted.

Reviewers: btrahan, jungejason, davidreuss

Reviewed By: btrahan

CC: aran, btrahan

Differential Revision: https://secure.phabricator.com/D1365
2012-01-11 15:48:21 -08:00
kevin
beaee478d3 Added conduit method to get maniphest transactions
Summary:
Added a Conduit API method to return all transactions for a
given set of task_ids. This will be used to comments and other important
information about the tasks.

Test Plan:
Use Conduit to execute ##maniphest.gettasktransactions## and
visually verify that transaction information is returned.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1361
2012-01-11 09:13:59 -08:00
epriestley
b10fa8023f Support Git implicit file:// URIs
Summary: @s reported an issue with implicit file:// URIs in Git, see P270.
Recognize and handle URIs in this format. For URIs we don't understand, raise an
exception.

Test Plan:
  - Added failing tests.
  - Fixed code.
  - Tests pass.

Reviewers: btrahan, jungejason, s

Reviewed By: s

CC: aran, epriestley, s

Differential Revision: https://secure.phabricator.com/D1362
2012-01-11 09:00:18 -08:00
epriestley
d75007cf42 Validate logins, and simplify email password resets
Summary:
  - There are some recent reports of login issues, see T755 and T754. I'm not
really sure what's going on, but this is an attempt at getting some more
information.
  - When we login a user by setting 'phusr' and 'phsid', send them to
/login/validate/ to validate that the cookies actually got set.
  - Do email password resets in two steps: first, log the user in. Redirect them
through validate, then give them the option to reset their password.
  - Don't CSRF logged-out users. It technically sort of works most of the time
right now, but is silly. If we need logged-out CSRF we should generate it in
some more reliable way.

Test Plan:
  - Logged in with username/password.
  - Logged in with OAuth.
  - Logged in with email password reset.
  - Sent bad values to /login/validate/, got appropriate errors.
  - Reset password.
  - Verified next_uri still works.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran, btrahan, j3kuntz

Maniphest Tasks: T754, T755

Differential Revision: https://secure.phabricator.com/D1353
2012-01-11 08:25:55 -08:00
Andrew Gallagher
840eb46d03 Match unittest results by name or file
Summary:
Just talked to @tuomaspelkonen, and turns out there is a case where
postponed tests results use the filepath for both the name and file
parameters.  Then, after the tests have completed, the unittest
results are updated with the class name as the test name.  To handle
this, this diff matches the stored unittest results name against
either the name or file component of the updated unittest info.

Not sure of great way to generally handle these situations.  Perhaps,
long term, we can just use a placeholder unittest result, mark that
as passed (or delete it?) then add a new test result with the correct
name.

Test Plan: updated unittest result with new name (but file was the same).

Reviewers: epriestley, tuomaspelkonen

Reviewed By: epriestley

CC: aran, epriestley, andrewjcg

Differential Revision: https://secure.phabricator.com/D1356
2012-01-10 16:51:14 -08:00
Andrew Gallagher
48f53ba095 Allow updating diff with results for new unit tests
Summary:
When using postponed unittests to make 'arc diff' faster, there
are some situations where it is difficult to know exactly how
many unittests will be run.  This is the case for many of our
C++ unittests, which we can't really know until we compile the
tests (which is slow, and probably isn't reasonable to be done
before posting the diff).  I suppose we could make sure we
explicitly which tests a C++ unittest will run in some way, but
this would require a lot of change to our backend test infra.
Also, it seems that this is a pretty general issue of not knowing
how many unittests will be run until they actually run.

This diff adds an optional "create" parameter to updateunitresults
which wil create a new unit tests result rather than updating an
existing one.  I am not sure if this really fits here or should
be its own method, but there is a lot of code re-use between them
so I consolidated.

Test Plan: updated a diff with a new unit test result

Reviewers: epriestley, jungejason

Reviewed By: epriestley

CC: aran, epriestley, andrewjcg, tuomaspelkonen

Differential Revision: https://secure.phabricator.com/D1352
2012-01-10 16:18:50 -08:00
Bob Trahan
84ea5c53e4 Kill PhabricatorFileURI
Summary:
we used to need this function for security purposes, but no longer need
it.   remove it so that some call sites can be optimized via smarter data
fetching, and so the whole codebase can have one less thing in it.

Test Plan:
verified the images displayed properly for each of the following
- viewed a diff with added images.
- viewed a user feed
- viewed a user profile
- viewed all image macros
- viewed a paste and clicked through "raw link"
weakness in testing around proxy files and transformed files.  not sure what
these are.  changes here are very programmatic however.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, btrahan, epriestley

Maniphest Tasks: T672

Differential Revision: https://secure.phabricator.com/D1354
2012-01-10 15:21:39 -08:00
Bob Trahan
2a29a51080 Deploy new ArcanistManyWordsAboutDifferentialConstants class from D1328 into
Phabricator

Summary: ...this breaks without D1328.   Used good ole "codemod" to do this
work, with lots of manual edits around 80 chars.

Test Plan: clicked around phabricator tool suite, particular differential, a
bunch

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1351
2012-01-10 11:49:20 -08:00
epriestley
a4ceba9101 Add more information to differential.getdiff
Summary: We need some additional fields to heuristically match revisions to the
working copy in arc.

Test Plan: Executed conduit method, got correct values in fields

Reviewers: btrahan, jungejason

Reviewed By: jungejason

CC: aran, jungejason

Differential Revision: https://secure.phabricator.com/D1347
2012-01-10 10:40:57 -08:00
epriestley
5f8711ebf8 Minor, fix CSRF error caused by D1329. 2012-01-09 13:47:33 -08:00