1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-14 19:02:41 +01:00
Commit graph

342 commits

Author SHA1 Message Date
vrana
afc5333bb3 Convert AphrontFormView to safe HTML
Summary: Searched for `AphrontFormView` and then for `appendChild()`.

Test Plan: /login/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4855
2013-02-07 18:01:00 -08:00
vrana
059920c2da Convert AphrontErrorView to safe HTML
Summary: Done by searching for `AphrontErrorView` and then `appendChild()`.

Test Plan:
Looked at Commit Detail.
Looked at Revision Detail.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4843
2013-02-07 17:26:01 -08:00
vrana
6bb7a282b1 Convert AphrontFormControl to safe HTML
Summary: Everything here now should properly handle plain strings and safe HTML.

Test Plan: /settings/panel/display/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4826
2013-02-05 15:52:46 -08:00
vrana
be4662e667 Convert setCaption() to safe HTML
Test Plan: /settings/panel/display/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4824
2013-02-05 15:52:43 -08:00
vrana
bcf9b9d4a7 Convert some phutil_escape_html() to hsprintf()
Summary:
In the second phase, I want to get rid of the most of `phutil_escape_html()` calls in favor of plain strings or `PhutilSafeHTML`.
This is an example of how it could look.

Test Plan: /api/user.whoami

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4823
2013-02-05 15:52:41 -08:00
vrana
48561a8b1f Convert phutil_render_tag(X, Y, phutil_escape_html(Z)) to phutil_tag
Summary:
Created with spatch:

  lang=diff
  - phutil_render_tag
  + phutil_tag
    (X, Y,
  - phutil_escape_html(
    Z
  - )
    )

Test Plan: Loaded homepage

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4501
2013-01-24 19:08:55 -08:00
Nick Pellegrino
bb175655ae Adding the Conduit query method.
Summary:
T2154
Adding the Conduit query method implementation, and metadata to the phutil register library.

Test Plan:
Choose conduit.query on the web UI to see information about the method.
Then, click the "Call Method" button and observe the method result.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4550
2013-01-19 16:37:21 -08:00
Chad Little
38626dce64 Remove spacer from sidebars.
Summary: This removes all calls to addSpacer and the method. We were applying it inconsistently and it was causing spacing issues with redesigning the sidenav. My feeling is we can recreate the space in CSS if the design dictates, which would apply it consistently.

Test Plan: Go to Applications, click on every application.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4420
2013-01-13 08:17:12 -08:00
vrana
2cc7f82ece Move Conduit methods inside applications
Test Plan:
/conduit/
/conduit/method/arcanist.projectinfo/
Call method

  $ echo '{}' | arc call-conduit user.whoami

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4268
2012-12-21 12:21:59 -08:00
epriestley
6dd0169873 Fix various issues with SSH receivers
Summary:
  - Original command is in SSH_ORIGINAL_COMMAND, not normal argv.
  - Use PhutilShellLexer to parse it.
  - Fix a protocol encoding issue with ConduitSSHWorkflow. I think I'm going to make this protocol accept multiple commands anyway because SSH pipes are crazy expensive to build (even locally, they're ~300ms).

Test Plan: With other changes, successfully executed "arc list --conduit-uri=ssh://localhost:2222".

Reviewers: btrahan, vrana

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T550

Differential Revision: https://secure.phabricator.com/D4232
2012-12-19 11:11:32 -08:00
epriestley
e78898970a Implement SSHD glue and Conduit SSH endpoint
Summary:
  - Build "sshd-auth" (for authentication) and "sshd-exec" (for command execution) binaries. These are callable by "sshd-vcs", located [[https://github.com/epriestley/sshd-vcs | in my account on GitHub]]. They are based on precursors [[https://github.com/epriestley/sshd-vcs-glue | here on GitHub]] which I deployed for TenXer about a year ago, so I have some confidence they at least basically work.
    - The problem this solves is that normally every user would need an account on a machine to connect to it, and/or their public keys would all need to be listed in `~/.authorized_keys`. This is a big pain in most installs. Software like Gitosis/Gitolite solve this problem by giving you an easy way to add public keys to `~/.authorized_keys`, but this is pretty gross.
    - Roughly, instead of looking in `~/.authorized_keys` when a user connects, the patched sshd instead runs `echo <public key> | sshd-auth`. The `sshd-auth` script looks up the public key and authorizes the matching user, if they exist. It also forces sshd to run `sshd-exec` instead of a normal shell.
    - `sshd-exec` receives the authenticated user and any command which was passed to ssh (like `git receive-pack`) and can route them appropriately.
    - Overall, this permits a single account to be set up on a server which all Phabricator users can connect to without any extra work, and which can safely execute commands and apply appropriate permissions, and disable users when they are disabled in Phabricator and all that stuff.
  - Build out "sshd-exec" to do more thorough checks and setup, and delegate command execution to Workflows (they now exist, and did not when I originally built this stuff).
  - Convert @btrahan's conduit API script into a workflow and slightly simplify it (ConduitCall did not exist at the time it was written).

The next steps here on the Repository side are to implement Workflows for Git, SVN and HG wire protocols. These will mostly just proxy the protocols, but also need to enforce permissions. So the approach will basically be:

  - Implement workflows for stuff like `git receive-pack`.
  - These workflows will implement enough of the underlying protocol to determine what resource the user is trying to access, and whether they want to read or write it.
  - They'll then do a permissons check, and kick the user out if they don't have permission to do whatever they are trying to do.
  - If the user does have permission, we just proxy the rest of the transaction.

Next steps on the Conduit side are more simple:

  - Make ConduitClient understand "ssh://" URLs.

Test Plan: Ran `sshd-exec --phabricator-ssh-user epriestley conduit differential.query`, etc. This will get a more comprehensive test once I set up sshd-vcs.

Reviewers: btrahan, vrana

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603, T550

Differential Revision: https://secure.phabricator.com/D4229
2012-12-19 11:08:07 -08:00
vrana
cd46fd4afe Mark finished postponed linters as okay
Test Plan: Called it on a diff with postponed linters and no messages.

Reviewers: mgummelt, epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4223
2012-12-17 14:55:04 -08:00
epriestley
ee392ada93 Add user parameter to differential.createrevision
Summary: arc incorrectly passes a "user" parameter to differential.createrevision (long ago, we respected it, I think). After D4191 this fatals. Provide a stub call until the next version bump.

Test Plan: inspection

Reviewers: vrana, btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D4220
2012-12-17 14:45:11 -08:00
vrana
94d42b6313 Throw on invalid Conduit method parameters
Summary: NOTE: This may break stuff.

Test Plan:
  $ echo '{}' | arc call-conduit conduit.ping
  $ echo '{"x": 1}' | arc call-conduit conduit.ping

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4191
2012-12-17 12:30:14 -08:00
vrana
a0e93fd4c4 Provide a separate error code for invalid Conduit calls
Summary: I plan to use this in Arcanist.

Test Plan:
  $ echo '{}' | arc call-conduit x

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4192
2012-12-17 12:29:51 -08:00
vrana
95a99e71c6 Require Conduit methods to be instances of ConduitAPIMethod
Test Plan:
Deleted `extends ConduitAPIMethod`, then:

  $ echo '{}' | arc call-conduit conduit.ping

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4190
2012-12-14 18:16:55 -08:00
vrana
e4608470dd Make description in user.addstatus really optional
Summary:
Fixes:

> Column 'description' cannot be null".

Test Plan:
  $ echo '{"fromEpoch": 1, "toEpoch": 2, "status": "away"}' | arc call-conduit user.addstatus

Reviewers: btrahan, epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4189
2012-12-14 16:37:31 -08:00
epriestley
0b9c54a6bb Detect missing 'params' in Conduit calls
Summary:
Suhosin has about 50 options for filtering input variables, doucmented here:

http://www.hardened-php.net/suhosin/configuration.html

The default behavior of Suhosin is to drop the variable entirely if it violates any of the rules, then continue with the request. It doesn't affect 'php://input' and doesn't drop other variables, so it evades existing detection, and we can't figure out that it's happened at runtime. We could add blanket checks (Suhosin enabled + suhosin.filter.action set to nothing means this may happen, and will be undetectable if it does happen) but can't tailor a check or recovery to this specific problem.

Instead, raise a better error in the specific case where we encounter this, which is Conduit calls of "arc diff" of files over 1MB (the default POST limit). In these cases, Suhosin drops the variable entirely. If there is no 'params', scream. We never encounter this case normall (`arc`, including `arc call-conduit`, always sends this parameter) although other clients might omit it. The only exception is the web console with `conduit.ping`, which submits nothing; make it submit something so it keeps working.

See also https://github.com/facebook/phabricator/issues/233#issuecomment-11186074

Test Plan: Brought up a Debian + Suhosin box, verified the behavior of Suhosin, made requests with and without 'params'.

Reviewers: btrahan, vrana

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D4144
2012-12-11 14:01:18 -08:00
vrana
0e53731d1d Expose repository info in arcanist.projectinfo
Summary: This is to reduce number of calls from Arcanist.

Test Plan: Called it from web interface.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4146
2012-12-10 15:19:09 -08:00
epriestley
f306cab653 Use application icons for "Eye" menu and Crumbs
Summary:
Issues here:

  - Need an application-sized "eye", or a "home" icon for "Phabricator Home".
  - Some of the "apps_lb_2x" sliced images are the "_dark_" versions, not the light versions.
  - If you slice an application-sized "logout" (power off) icon and application-sized "help" (questionmark in circle) icon I can replace the current menu icons and nearly get rid of "autosprite".
  - To replace the icons on /applications/, the non-retina size is "4x", so we'd need "8x" for retina. Alternatively I can reduce the icon sizes by 50%.
  - The "Help", "Settings" and "Logout" items currently have a "glowing" hover state, which needs a variant (or we can drop it).
  - The /applications/ icons have a white hover state (or we can drop it).
  - The 1x application (14x14) icons aren't used anywhere right now, should they be? Maybe in the feed in the future, etc?
  - The "apps-2x" and "apps-large" sheets are the same image, but getting them to actually use the same file is a bit tricky, so I just left them separate for now.

Test Plan:
{F26698}
{F26699}

Reviewers: chad

Reviewed By: chad

CC: aran

Maniphest Tasks: T1960

Differential Revision: https://secure.phabricator.com/D4108
2012-12-07 13:37:28 -08:00
vrana
b7e8c0a300 Specify content source for differential.close
Test Plan:
  $ arc close-revision 1

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4041
2012-12-07 11:35:42 -08:00
vrana
1536b8a19c Bump Conduit server version number
Summary: See D4076.

Test Plan:
  $ arc diff

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4077
2012-12-03 18:06:39 -08:00
vrana
493196e16a Add Conduit method for getting Diffusion lint messages
Test Plan: /conduit/method/diffusion.getlintmessages/, ran it, saw results.

Reviewers: epriestley, wez

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2038

Differential Revision: https://secure.phabricator.com/D3932
2012-11-27 17:57:57 -08:00
Bob Trahan
8ee6cbe1d4 add "author" information to conduit call
Summary: 'cuz we need it in arcanist for T479 to commit as author

Test Plan: verified the return value was correct in conduit

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T479

Differential Revision: https://secure.phabricator.com/D3917
2012-11-09 13:33:58 -08:00
vrana
ef85f49adc Delete license headers from files
Summary:
This commit doesn't change license of any file. It just makes the license implicit (inherited from LICENSE file in the root directory).

We are removing the headers for these reasons:

- It wastes space in editors, less code is visible in editor upon opening a file.
- It brings noise to diff of the first change of any file every year.
- It confuses Git file copy detection when creating small files.
- We don't have an explicit license header in other files (JS, CSS, images, documentation).
- Using license header in every file is not obligatory: http://www.apache.org/dev/apply-license.html#new.

This change is approved by Alma Chao (Lead Open Source and IP Counsel at Facebook).

Test Plan: Verified that the license survived only in LICENSE file and that it didn't modify externals.

Reviewers: epriestley, davidrecordon

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2035

Differential Revision: https://secure.phabricator.com/D3886
2012-11-05 11:16:51 -08:00
Bob Trahan
a977b49e33 add ids and phids to maniphest.query
Summary: requires add withTaskPHIDs to maniphest query class.

Test Plan: queried via conduit by task id and task phid -- respective success!

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2017

Differential Revision: https://secure.phabricator.com/D3863
2012-11-01 10:47:45 -07:00
Bob Trahan
7c99d52548 filter_phids => filterPHIDs
Summary: typo of sorts. should probably be philterPHIDs. :P

Test Plan: verified i spelled "filterPHIDs" correctly.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T1993

Differential Revision: https://secure.phabricator.com/D3846
2012-10-30 18:21:35 -07:00
Bob Trahan
60466d3bcc Create a status tool by giving /calendar/ some teeth
Summary: you can now add, edit, and delete status events. also added a "description" to status events and surface it in the big calendar view on mouse hover. some refactoring changes as well to make validation logic centralized within the storage class.

Test Plan: added, edited, deleted. yay.

Reviewers: epriestley, vrana

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T407

Differential Revision: https://secure.phabricator.com/D3810
2012-10-24 13:22:24 -07:00
Bob Trahan
d9c6e07f2c If users are on the email to Phabricator, do not send them the Phabricator reply.
Summary: When we receive an email, figure out if any of the other tos and ccs are users. If they are, pass their phids through the stach as "exclude phids" and exclude them from getting the email.

Test Plan: used the various applications (audit, differential, maniphest) and noted emails were sent as expected.

Reviewers: epriestley, vrana

Reviewed By: vrana

CC: aran, Korvin, vrana

Maniphest Tasks: T1676

Differential Revision: https://secure.phabricator.com/D3645
2012-10-10 10:18:23 -07:00
epriestley
5cbc4fe7e1 Rename ManiphestTaskQuery::withProjects() to withAllProjects()
Summary: After D3630, make the API more clear: withAllProjects() vs withAnyProjects()

Test Plan: Loaded project page, maniphest task query, reports, filtered by project and "noproject". Grep.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1610

Differential Revision: https://secure.phabricator.com/D3631
2012-10-04 15:31:04 -07:00
Bob Trahan
84ddc4a0c9 Add a defaulty priority configuration flag for maniphest tasks
Summary: instance-wide this setting be

Test Plan: made a new task and noted the default priority honored what was in btrahan.conf

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T1842

Differential Revision: https://secure.phabricator.com/D3626
2012-10-04 14:19:37 -07:00
epriestley
36d02b6c79 Fix a use of $method in Conduit which is not available in scope
Summary:
This got refactored at some point and lost access to $method. Also make the error a little more helpful.

See https://groups.google.com/forum/?fromgroups=#!topic/phabricator-dev/05voYIPV7uU

Test Plan:
  $ arc list --conduit-uri=http://local.aphront.com:8080/
  Exception
  ERR-CONDUIT-CORE: Invalid parameter information was passed to method 'conduit.connect', could not decode JSON serialization. Data: xxx{"client":"arc","clientVersion":5,"clientDescription":"orbital:\/INSECURE\/devtools\/arcanist\/bin\/..\/scripts\/arcanist.php list --conduit-uri=http:\/\/local.aphront.com:8080\/","user":"epriestley","host":"http:\/\/local.aphront.com:8080\/api\/","authToken":1349367823,"authSignature":"54bc136589c076ea06f8e5fb77c76ea7d57aec5b"}
  (Run with --trace for a full exception trace.)

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D3622
2012-10-04 09:30:32 -07:00
epriestley
78784aa1fe Group applications into groups on /applications/
Summary: So they're maybe a little easier to deal with? I'm going to take this formally to "plz @chad plz help" land.

Test Plan: {F20329}

Reviewers: btrahan, vrana, chad

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D3609
2012-10-03 15:46:19 -07:00
epriestley
14fe3f5d14 Implement getHelpURI() for new applications
Summary: A bunch of recently-created applications have help available; link to it.

Test Plan: Clicked each app, clicked help link in menu bar, ended up in relevant documentation.

Reviewers: vrana, btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D3602
2012-10-03 12:39:18 -07:00
epriestley
a717d7db33 Add Conduit and Herald applications
Summary: See D3572. Adds applications for Conduit and Herald.

Test Plan: Viewed `/applications/`, saw applications. Clicked buttons, got to applications.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D3578
2012-10-01 12:56:10 -07:00
Christopher Blizzard
f1d4755c61 Fix unit test updates so a diff update has a predictable unit test status
Test Plan: Tested with various unit test states and noted that the
worst unit test result was always the state used for the entire diff.

Reviewers: nh, epriestley

Reviewed By: nh

Differential Revision https://secure.phabricator.com/D3465
2012-09-24 17:02:03 -07:00
vrana
d28c591e74 Don't fatal on duplicate field in commit message
Summary:
If the actual commit message has a duplicate field and we shouldAutoclose it then the commit message parser fails.
Put the error in `$errors` instead.

Test Plan:
Reparsed commit with duplicate field in message.
Tried to `arc diff` message with duplicate field.

Reviewers: epriestley, nh

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D3470
2012-09-10 17:24:39 -07:00
epriestley
dbc8218f06 Add 'viewer' to some Remarkup callsites
Summary:
I want to implement a `{P123}` rule to embed pastes, but we need viewers everywhere before it will work with privacy.

This is not exhaustive; many Remarkup callsites haven't been converted to `PhabricatorMarkupInterface` yet.

Test Plan: Looked at Maniphest, Differential, Diffusion, Phriction; added markup, made edits and hit previews.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D3428
2012-09-05 11:40:48 -07:00
vrana
9b843a3d44 Allow linking unit tests
Summary:
We have lots of info about unit tests.
This allows linking them from Unit field.

Test Plan: Monkey patched `$test['link']`, clicked on it.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D3434
2012-09-05 11:02:06 -07:00
epriestley
d814245eea Add 'paste.query' conduit method and deprecate 'paste.info'
Summary:
  - Modernize the Paste Conduit API.
  - Deprecate 'paste.info'.
  - Make queries policy-aware.
  - Move methods into the application to support greater modularity.

Test Plan: Made `paste.query`, `paste.info`, `paste.create` calls. Browsed Paste interfaces. Forked a paste.

Reviewers: vrana, btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D3379
2012-08-24 13:20:20 -07:00
epriestley
85bf88e400 Allow pastes to be flagged
Summary:
This does a few things:

  - Allows you to flag pastes. This is straightforward.
  - Allows Applications to register event listeners.
  - Makes object action lists emit a 'didrenderactions' event, so other applications can add more actions. The Flags application injects its action in this way. This should generally make it much easier to add actions to objects when we add new applications, with less code duplication and better modularity. We have a really hacky version of this in Differential that I want to get rid of in lieu of this more general approach. I'm going to make object lists do the same thing, so any application can jump in and add stuff.

Test Plan: Flagged and unflagged pastes. Viewed home page, differential, flags list.

Reviewers: vrana, btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D3377
2012-08-24 13:19:47 -07:00
epriestley
51a5dacd6d Remove path.getowners method
Summary: This has been deprecated for quite a while and I'm pretty sure there are no callsites in the wild since this tool doesn't get much use outside of Facebook.

Test Plan: grep

Reviewers: vrana, btrahan, meitros

Reviewed By: vrana

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D3195
2012-08-21 16:44:30 -07:00
epriestley
6ed202b675 Add a 'silent' option to differential.createcomment
Summary: See T1677. I think wanting bots to be able to post comments without sending email is a pretty reasonable use case. Eventually we should probably support this more broadly and maybe protect it with permissions (normal users maybe shouldn't be able to do this?) but we can wait for use cases.

Test Plan: Made comments with and without "silent". Verified that the non-silent comment sent email, and the silent comment did not.

Reviewers: btrahan, vrana

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1677

Differential Revision: https://secure.phabricator.com/D3341
2012-08-20 14:08:52 -07:00
epriestley
f0be29649d Fix a f()[0] use in rPd45855e33e0b98d521ea3e44a4c1f718821ec6cc
Summary: See D3291.

Test Plan: Ran `phpast.getast` via API.

Reviewers: alanh

Reviewed By: alanh

CC: aran

Differential Revision: https://secure.phabricator.com/D3292
2012-08-15 04:36:41 -07:00
Alan Huang
d45855e33e Expose xhpast via Conduit
Summary:
Create `phpast.{version,getast}` methods for calling xhpast
with `--version` and with source code as input, respectively.

Test Plan:
Run `arc call-conduit` a bunch of times; delete xhpast; run
it a bunch more times.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T1534

Differential Revision: https://secure.phabricator.com/D3289
2012-08-14 19:18:28 -07:00
epriestley
66cee129b6 Remove all code referencing old tab navigation
Summary:
  - Add getHelpURI() to PhabricatorApplication for application user guides.
  - Add a new "help" icon menu item and skeletal Diviner application.
  - Move help tabs to Applications where they exist, document the other ones that don't exist yet.
  - Grep for all tab-related stuff and delete it.

Test Plan: Clicked "help" for some apps. Clicked around randomly in a bunch of other apps.

Reviewers: btrahan, vrana

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D3267
2012-08-13 15:28:41 -07:00
Bob Trahan
dd26bc6d1a Remove shield for Conduit API responses
Summary: 'cuz we don't need it and it's lame complexity for API clients of all kinds. Rip the band-aid off now.

Test Plan: used conduit console and verified no more shield. also did some JS stuff around the suite to verify I didn't kill JS

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T891

Differential Revision: https://secure.phabricator.com/D3265
2012-08-13 14:49:32 -07:00
vrana
18a8964b03 Use correct constant in differential.createrawdiff 2012-08-13 13:51:13 -07:00
epriestley
330b0a3d4b Make projects policy-aware
Summary: We managed to move enough Owners stuff aside to make this reasonable; make projects implement the policy interface and projectquery use cursor-based paging.

Test Plan:
  - Grepped for ProjectQuery callsites.
  - Created an audit comment.
  - Used `project.query` to query projects.
  - Loaded homepage.
  - Viewed Maniphest task list, grouped by project.
  - Viewed project list.
  - Created / edited project.
  - Browsed Owners.

Reviewers: vrana, btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D3200
2012-08-08 17:10:10 -07:00
epriestley
386735a39d Remove PhabricatorOwnersOwner::loadAffiliatedPackages()
Summary: See D3193 for discussion.

Test Plan: Ran `owners.query` via conduit, verified I got sensible output.

Reviewers: vrana, btrahan, meitros

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D3194
2012-08-08 12:26:13 -07:00
epriestley
fbf6d967ff Add getMemberPHIDs() and loadMemberPHIDs() to PhabricatorProject
Summary:
I want to:

  - move the membership storage to edges
  - remove the concepts of "roles" (which are decorative text only) and "owners" (which will be replaced with policy-based controls)

This moves us a step closer to that by reducing the use of ProjectAffiliation outside of the class.

Test Plan: Loaded project profile. Called `project.query`. Joined and left a project.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D3182
2012-08-07 11:55:00 -07:00
epriestley
b0fda3be25 Rename setMembers() to withMemberPHIDs() in PhabricatorProjectQuery
Summary: This is clearer and more consistent with other Query classes.

Test Plan: Used home page, conduit api, project list, other interfaces.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D3179
2012-08-07 11:54:24 -07:00
Alan Huang
7f98e3a8bd Miscellaneous updates for scoped symbols
Summary: Update Conduit, jump nav, and docs to handle symbol contexts.

Test Plan: Call conduit, use jump nav.

Reviewers: epriestley

Reviewed By: epriestley

CC: nh, aran, Korvin

Maniphest Tasks: T1602

Differential Revision: https://secure.phabricator.com/D3172
2012-08-07 09:29:34 -07:00
Alan Huang
358baf1b3a Improve the flag.* Conduit methods
Summary:
 - Put the code to generate informational dicts about flags into the
   base class.
 - Update flag.delete to accept an object PHID in order to delete the
   flag on that object, since currently the model is that each object
   may have at most one flag, and each flag has exactly one object,
   although the former is not enforced.
 - Add flag.edit, which creates or updates a flag, optionally with the
   given color and note.

Test Plan:
Spend endless hours repeatedly running arc call-conduit and
arc flag.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D3141
2012-08-03 11:41:33 -07:00
mkedia
48806b5e3e [easy] Add support for fetching all packages to owners.query
Summary: as title

Test Plan: tested without params. Tested with single known path

Reviewers: epriestley, vrana, nh

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D3139
2012-08-02 16:07:05 -07:00
Alan Huang
d31accf076 Add a flag.delete Conduit method
Summary: Fairly straightforward: allow deletion of flags from Conduit.

Test Plan: Try arc call-conduit with different ids.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T1556

Differential Revision: https://secure.phabricator.com/D3132
2012-08-02 12:25:01 -07:00
Nick Harper
88caa45854 Save daemon state to database
Summary:
To make it easier to monitor daemons, let's store their current state
(running, died, exited, or unknown) to the db. The purpose of this is to
provide more information on the daemon console about the status of daemons,
especially when they are running on multiple machines. This is mostly backend
work, with only a few frontend changes. (It is also dependent on a change
to libphutil.)

These changes will make dead or stuck daemons more obvious, and will allow
more work on the frontend to hide daemons (and logs) that have exited cleanly,
i.e. ones we don't care about any more.

Test Plan:
- run db migration, check in db that all daemons were marked as exited
- start up a daemon, check in db that it is marked as running
- open web interface, check that daemon is listed as running
- after daemon has been running for a little bit, check in db that dateModified
  is being updated (indicating daemon is properly sending heartbeat)
- kill -9 daemon (but don't run bin/phd yet), and check that db still shows it
  as running
- edit daemon db entry to show it as being on a different host, and backdate
  dateModified field by 3 minutes, and check the web ui to show that the status
  is unknown.
- change db entry to have proper host, check in web ui that daemon status is
  displayed as dead. Check db to see that the status was saved.
- run bin/phd stop, and see that the formerly dead daemon is now exited.

Reviewers: epriestley, vrana

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D3126
2012-08-01 17:06:04 -07:00
Bob Trahan
96860c5cc1 Add full text search to maniphest.query
Summary: ...also swapped "status" and "order" so "status" is first, as in my testing it was sub-optimal to specifiy status (more of "what i want") after order ("how I want it")

Test Plan: ran various queries on my test instance via conduit console and the results all seem correct

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T1381

Differential Revision: https://secure.phabricator.com/D3028
2012-07-23 09:14:45 -07:00
mkedia
ce3a3f1d14 Merge branch 'master' of github.com:facebook/phabricator 2012-07-17 20:17:48 -07:00
mkedia
1383683b1b [easy] add phid to repository.query
Summary:
owners.query returns paths as (repo phid, path). That should
get fixed in some non-breaking way, but for now just add phid to
repository.query so I can support non-E repos.

Would like to sneak this in before tomorrow's push

Test Plan: http://phabricator.mkedia.dev4925.snc6.facebook.com/conduit/method/repository.query/

Reviewers: epriestley, nh, vrana

Reviewed By: nh

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D3001
2012-07-17 20:17:03 -07:00
epriestley
9d26ef4248 Improve differential.createinline
Summary:
  - Share code between `createinline` and `getcomments`
  - Make them both extend the base class.
  - Sync up the parameters (this is more or less nonbreaking since the call is ~6 hours old).

Test Plan: Created and fetched inlines via the API.

Reviewers: alanh, vrana, btrahan

Reviewed By: vrana

CC: aran

Maniphest Tasks: T1500

Differential Revision: https://secure.phabricator.com/D2988
2012-07-17 12:06:18 -07:00
mkedia
508f1b19f9 [easy] Add limit param to recent commits
Summary: as title

Test Plan: https://phabricator.fb.com/conduit/method/diffusion.getrecentcommitsbypath/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D2838
2012-07-16 17:46:42 -07:00
Alan Huang
8065d72899 Add a differential.createinline method to Conduit
Summary: a silly thing because I was bored

Test Plan: and I said "arc call-conduit", and there were comments

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T1500

Differential Revision: https://secure.phabricator.com/D2971
2012-07-16 11:49:06 -07:00
Andrew Gallagher
eac8e0e7f3 Support postponed lint status in creatediff conduit call
Test Plan:
Created diff with a postponed linter and the lint status set to such
via arcanist.  Verified lint status showed as postponed in diff view.

Reviewers: epriestley, vrana

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T1332

Differential Revision: https://secure.phabricator.com/D2932
2012-07-10 20:02:16 -07:00
epriestley
e2e9aed4fa Fix symbol handling in symbol query and IRC "Where is x?" handler
Summary: If a symbol's project has no linked repository, we currently explode. Instead, decline to generate a URI and fall back gracefully.

Test Plan: https://secure.phabricator.com/chatlog/channel/%23phabricator/?at=22345

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1465

Differential Revision: https://secure.phabricator.com/D2948
2012-07-09 17:51:42 -07:00
Alan Huang
731e0df2b5 Add a differential.abandon Conduit method.
Summary:
Brazenly copied from differential.close. Ulterior motive
is to be able to automate discarding of useless commits from
arcanist testing.

Test Plan:
Called method in phabricator sandbox. Revisions were
successfully abandoned.

Reviewers: epriestley

Reviewed By: epriestley

CC: nh, aran, Korvin

Differential Revision: https://secure.phabricator.com/D2928
2012-07-05 16:47:04 -07:00
epriestley
310cf00fc3 Consolidate feed query code
Summary: Simplify FeedQuery by making it extend from PhabricatorIDPagedPolicyQuery

Test Plan: Looked at feed on home, projects, user profile, and called `feed.query`.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D2905
2012-07-02 15:41:19 -07:00
dschleimer
86fa4fd97f [Phabricator] track Mercurial bookmarks for differential diffs
Summary:
This adds all the changes necessary to track the active Mercurial
bookmark for differential diffs.  We render both branch and bookmark
information in the branch field of the Differential revison view, as
seen in
https://secure.phabricator.com/file/data/kzpmu3evfkukxdjyxrfz/PHID-FILE-eqorsqupxvwirqi2s5lo/bookmark_differential.jpg

The Arcanist half of this is https://secure.phabricator.com/D2896

Test Plan:
Mostly D2896.

Additionally, loaded a diff created with a bookmark, as per the link in the summary.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T1331

Differential Revision: https://secure.phabricator.com/D2897
2012-06-30 15:41:58 -07:00
epriestley
2bb8150506 Add specific close status queries to maniphest.find (and rename it to maniphest.query)
Summary:
  - Allow clients to query for specific closed statuses (invalid, resolved, wontfix, etc), not just "closed" tasks.
  - Rename this method to maniphest.query and deprecate maniphest.find as an alias to maniphest.query, for API consistency.

Test Plan: Ran queries for all tasks, "wontfix" tasks, closed tasks.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D2887
2012-06-29 09:17:19 -07:00
Andrew Gallagher
3223defe96 Add support for postponed linters
Summary:
This adds:
1) A new "arc:lint-postponed" diff property which stores a list of
lint names that are postponed and a finishpostponedlinters conduit
method which removes linters from this list.  Postponed linters are
shown in the lint details.
2) A updatelintmessages conduit message, which adds additional lint
messages to the "arc:lint" diff property.

In combination, this provides very basic support for running
asynchronous static analysis tools.  When the diff is being created,
a list of asynchronous static analysis runs can be added to the
diff's postponed linters list.  As these postponed linters finish
up, then can report new lint messages back to the diff then mark
themselves as complete.

The client is currently responsible for filtering the lint messages
by things like affected lines and files.

Test Plan:
Used conduit call API to add lint messages and remove postponed
linters from a test diff.

Reviewers: epriestley, vrana, nh, jungejason

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T1332

Differential Revision: https://secure.phabricator.com/D2792
2012-06-28 18:09:38 -07:00
epriestley
bbfb686db5 Allow 'repository.create' to set description and autoclose
Summary:
These are currently not available via Conduit.

Also fix a bug where bad JSON input triggers an error about undefined `$metadata`.

Test Plan: Ran 'repository.create' with and without a description and with and without autoclose. Verified the created repositories had the requested attributes.

Reviewers: btrahan, vrana

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D2881
2012-06-28 09:54:48 -07:00
epriestley
c0d48d0b2d Return attached hashes from differential.query
Summary: See T693. To do "arc branch" performantly in immutable history repositories, we need to be able to do a single query to identify revisions related by hash. Return hash information to enable this.

Test Plan: Ran `differential.query`.

Reviewers: btrahan, vrana

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T693

Differential Revision: https://secure.phabricator.com/D2859
2012-06-26 09:07:52 -07:00
vrana
43121f6858 Provide a Conduit method to get inline comments
Summary:
See D2855 for usage.

This has a drawback that inlines without a comment (synthetic comments) are not attached anywhere.
I don't like adding more and more methods so I've chosen this solution.
Plus comments and inline comments are often useful together.

Test Plan: Called the method on a revision with inline comments.

Reviewers: epriestley

Reviewed By: epriestley

CC: vii, aran, Korvin

Differential Revision: https://secure.phabricator.com/D2844
2012-06-23 09:34:14 -07:00
epriestley
a4e2eb3d8c Add a "differential.createrawdiff" Conduit method
Summary:
"differential.creatediff" requires a mostly-parsed diff, but there's no reason we can't make DifferentialDiffs out of raw diffs.

This mainly serves to lower the adoption barrier if getting "arc" distributed is too much of a hassle.

Test Plan: Made a diff out of a raw block of diff text.

Reviewers: ffx, vrana, btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D2751
2012-06-20 12:35:04 -07:00
Nick Harper
4b10707d4d Add user.enable conduit method
Test Plan: enabled a disabled user

Reviewers: vrana, epriestley

Reviewed By: vrana

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D2800
2012-06-19 14:36:08 -07:00
mkedia
a5b5128be9 Add path support to differential.query
Summary:
Allows clients to select open differential revisions that
affect a set of paths.

Test Plan:
http://phabricator.mkedia.dev2975.facebook.com/conduit/method/differential.query/ with

paths: [["E", "tfb/trunk/www/html/intern/css/tabloid"]]
status: "status-open"

(internal facebook repo, obvi)

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: vrana, aran, Korvin

Differential Revision: https://secure.phabricator.com/D2788
2012-06-18 17:43:22 -07:00
epriestley
cdd3683ed7 Allow applications to call Conduit directly
Summary:
Sorry this took so long, had a bunch of stuff going on today.

Separate the actual core part of making conduit calls from the controller, so the application can make conduit calls without needing to invoke HTTP or redo auth. Generally, this lets us build more parts of the application on top of Conduit, as appropriate.

This diff can be simplified, but I wanted to unblock you guys first. I'll followup with a cleanup patch once I have a chance.

Test Plan: Ran unit tests, ran calls from the conduit API console, and ran calls over arc.

Reviewers: nodren, 20after4, btrahan, vrana

Reviewed By: 20after4

CC: aran, svemir

Maniphest Tasks: T945

Differential Revision: https://secure.phabricator.com/D2718
2012-06-17 08:47:09 -07:00
epriestley
31fcd78c76 Add "verified" or "unverified" to role output in user.query
Summary: See discussion in rP2f138d0501887fd0aca0f8536176f092880f662c.

Test Plan: Ran `user.query` on verified and unverified users.

Reviewers: csilvers, vrana

Reviewed By: csilvers

CC: aran

Differential Revision: https://secure.phabricator.com/D2768
2012-06-15 17:00:26 -07:00
vrana
ba9b4f5b66 Optimize SQL queries in differential.getdiff
Test Plan:
Verified that the method retuns the same output.
Verified the number of SQL queries.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D2764
2012-06-15 15:15:23 -07:00
Ben Rogers
444c634b6c Allows branches to appear in diffusion with out triggering closing things from the commit message
Summary: Implemented it how it was suggested in ticket comments

Test Plan: create a revision in a branch, push that branch up, verify it's visible in diffusion and also that revision is not closed, then merge and push to master, verify that revision closed

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin, 20after4

Maniphest Tasks: T1210

Differential Revision: https://secure.phabricator.com/D2706
2012-06-15 14:10:15 -07:00
vrana
371419344a Revert D2542
Summary: Not required after D2730.

Test Plan: `arc diff` with invalid reviewer in commit message.

Reviewers: nh

Reviewed By: nh

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D2733
2012-06-12 17:33:10 -07:00
vrana
6cc196a2e5 Move files in Phabricator one level up
Summary:
- `kill_init.php` said "Moving 1000 files" - I hope that this is not some limit in `FileFinder`.
- [src/infrastructure/celerity] `git mv utils.php map.php; git mv api/utils.php api.php`
- Comment `phutil_libraries` in `.arcconfig` and run `arc liberate`.

NOTE: `arc diff` timed out so I'm pushing it without review.

Test Plan:
/D1234
Browsed around, especially in `applications/repository/worker/commitchangeparser` and `applications/` in general.

Auditors: epriestley

Maniphest Tasks: T1103
2012-06-01 12:32:44 -07:00
epriestley
09c8af4de0 Upgrade phabricator to libphutil v2
Summary: Mechanical changes from D2588. No "Class.php" moves yet.

Test Plan: See D2588.

Reviewers: vrana, btrahan, jungejason

Reviewed By: vrana

CC: aran

Maniphest Tasks: T1103

Differential Revision: https://secure.phabricator.com/D2591
2012-05-30 14:26:29 -07:00
vrana
0044b9cca9 Throw defined error
Test Plan: `differential.setdiffproperty` with non-existent diff and property "arc:lint".

Reviewers: mgummelt, epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D2584
2012-05-26 10:07:44 -07:00
epriestley
557e508656 Allow restriction of permitted email domains
Summary:
Allow allowed email addresses to be restricted to certain domains. This implies email must be verified.

This probably isn't QUITE ready for prime-time without a few other tweaks (better administrative tools, notably) but we're nearly there.

Test Plan:
  - With no restrictions:
    - Registered with OAuth
    - Created an account with accountadmin
    - Added an email
  - With restrictions:
    - Tried to OAuth register with a restricted address, was prompted to provide a valid one.
    - Tried to OAuth register with a valid address, worked fine.
    - Tried to accountadmin a restricted address, got blocked.
    - Tried to accountadmin a valid address, worked fine.
    - Tried to add a restricted address, blocked.
    - Tried to add a valid address, worked fine.
    - Created a user with People with an invalid address, got blocked.
    - Created a user with People with a valid address, worked fine.

Reviewers: btrahan, csilvers

Reviewed By: csilvers

CC: aran, joe, csilvers

Maniphest Tasks: T1184

Differential Revision: https://secure.phabricator.com/D2581
2012-05-26 06:04:35 -07:00
epriestley
70fd96037b Consolidate user editing code
Summary:
  - We currently have some bugs in account creation due to nontransactional user/email editing.
    - We save $user, then try to save $email. This may fail for various reasons, commonly because the email isn't unique.
    - This leaves us with a $user with no email.
  - Also, logging of edits is somewhat inconsistent across various edit mechanisms.
  - Move all editing to a `PhabricatorUserEditor` class.
  - Handle some broken-data cases more gracefully.

Test Plan:
  - Created and edited a user with `accountadmin`.
  - Created a user with `add_user.php`
  - Created and edited a user with People editor.
  - Created a user with OAuth.
  - Edited user information via Settings.
  - Tried to create an OAuth user with a duplicate email address, got a proper error.
  - Tried to create a user via People with a duplicate email address, got a proper error.

Reviewers: btrahan, vrana, jungejason

Reviewed By: btrahan

CC: tberman, aran

Maniphest Tasks: T1184

Differential Revision: https://secure.phabricator.com/D2569
2012-05-25 07:30:44 -07:00
epriestley
2f138d0501 Add a "roles" array to user.query
Summary:
  - Add "role" information, so clients can identify disabled users.
  - Formally deprecate `user.info`

Test Plan: Ran "user.query" and "user.whoami", inspected output. Verified "user.info" appears as deprecated in method list and console.

Reviewers: csilvers, btrahan

Reviewed By: csilvers

CC: aran

Differential Revision: https://secure.phabricator.com/D2565
2012-05-24 12:10:47 -07:00
Nick Harper
e4e56bb431 Return partial differential fields when there's an error parsing
Summary:
If someone typos one name in a cc or reviewer list, it would be nice if we
display all of the valid names in the field when running arc diff (in addition
to the error message).

Test Plan:
used the conduit console to check that calling differential.parsecommitmessage
with a list of some valid and some invalid ccs returns a result with both an
error and a list of some ccs. Also ran arc diff with that list of ccs to check
for the correct user experience.

Reviewers: epriestley, jungejason, vrana

Reviewed By: epriestley

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2542
2012-05-22 18:12:41 -07:00
mkedia
787c95abd8 Add owners.query method
Summary:
Allow callers to find all packages/paths owned by a given
user/project.

Test Plan:
Used conduit api page with --
user owner: PHID-USER-6ce1c976b86e5f3c34f6 (tried both loadPackagesFromProjects
true/false)

proj owner: PHID-PROJ-r5wnmmaawqsn4tvjmqm4

repo/path: E, /tfb/trunk/www/flib/privacy. Checked both path.getowners
and owners.query

(all of these are defined internally at fb)

Reviewers: epriestley, btrahan, nh

Reviewed By: btrahan

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2482
2012-05-22 10:19:58 -07:00
epriestley
8bbc724210 Bump Conduit server version
Summary:
We introduced a "user.query" call recently which is only about two weeks old. Bump versions so users get a forced upgrade.

Also, we raise a fairly confusing message when the user calls a nonexistent method. This is not the intent; `class_exists()` throws. Tailor this exception more carefully.

Test Plan:
  - Ran `echo {} | arc call-conduit derp.derp`, got a better exception.
  - Bumped version, ran `arc list`, got told to upgrade.

Reviewers: indiefan, nh, vrana, btrahan, jungejason, Makinde

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D2527
2012-05-21 16:43:43 -07:00
epriestley
77f546c572 Allow installs to require email verification
Summary:
Allow installs to require users to verify email addresses before they can use Phabricator. If a user logs in without a verified email address, they're given instructions to verify their address.

This isn't too useful on its own since we don't actually have arbitrary email registration, but the next step is to allow installs to restrict email to only some domains (e.g., @mycompany.com).

Test Plan:
  - Verification
    - Set verification requirement to `true`.
    - Tried to use Phabricator with an unverified account, was told to verify.
    - Tried to use Conduit, was given a verification error.
    - Verified account, used Phabricator.
    - Unverified account, reset password, verified implicit verification, used Phabricator.
  - People Admin Interface
    - Viewed as admin. Clicked "Administrate User".
    - Viewed as non-admin
  - Sanity Checks
    - Used Conduit normally from web/CLI with a verified account.
    - Logged in/out.
    - Sent password reset email.
    - Created a new user.
    - Logged in with an unverified user but with the configuration set to off.

Reviewers: btrahan, vrana, jungejason

Reviewed By: btrahan

CC: aran, csilvers

Maniphest Tasks: T1184

Differential Revision: https://secure.phabricator.com/D2520
2012-05-21 12:47:38 -07:00
Bob Trahan
912e414013 Update Conduit Maniphest CRUD API(s) to not accept crud
Summary: see T1241, T1242, T1244 for some examples of crud getting saved

Test Plan: threw some crud in my conduit console and got reasonable errors back

Reviewers: mikaaay, epriestley

Reviewed By: epriestley

CC: aran, Koolvin

Maniphest Tasks: T1241, T1242, T1244

Differential Revision: https://secure.phabricator.com/D2487
2012-05-19 16:18:13 -07:00
vrana
fa36dd513c Integrate user.getcurrentstatus into user.query
Summary: D2492#6

Test Plan:
`user.query` of user which is away.
`user.query` of user which is not away.
`user.whoami` - no information there.

Reviewers: epriestley

Reviewed By: epriestley

CC: btrahan, aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2502
2012-05-19 13:11:14 -07:00
vrana
8dca5cdb5a Add Conduit method to disable user
Summary: There's no method for enabling users somewhat intentionally.

Test Plan: Disable myself (oops, this is probably my last diff ever).

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D2497
2012-05-18 16:29:36 -07:00
vrana
9f35a3ba45 Highlight away and sporadic users in revision list
Summary:
This is not so general as `getRequiredHandlePHIDs()`.
It allows bulk loading of user statuses only in revision list.

It also loads data in `render()`. I'm not sure if it's OK.

Maybe we can use the colorful point here.
Or maybe some unicode symbol?

Test Plan: {F11451, size=full}

Reviewers: btrahan, epriestley

Reviewed By: btrahan

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2484
2012-05-18 14:28:41 -07:00
vrana
2476c872ff Add Conduit method for querying user status
Summary:
I want to use this to warn user if he specifies reviewers that are away.

We can also implement a general query method but I think that this usage is the
most useful not only for me but also in general case.

Test Plan:
Call the method for user which is away and which is not away.
Add user status through Conduit.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D2492
2012-05-17 23:58:50 -07:00
vrana
70e5ef92cf Use transactions in user status Conduit methods
Test Plan:
Add status, verify DB.
Remove status, verify DB.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2397
2012-05-10 11:49:39 -07:00
epriestley
ed34402313 "arc upgrade" (server changes)
Summary: When the server version is ahead of the client version, send a more exciting error!!!

Test Plan: omg~~~

Reviewers: nh, Makinde, btrahan, jungejason

Reviewed By: nh

CC: aran

Differential Revision: https://secure.phabricator.com/D2436
2012-05-09 10:01:46 -07:00
Bob Trahan
c58bd95842 Conduit user.query method
Summary: also includes a PhabricatorPeopleQuery object

Test Plan: queried for various combinations username, realname, id, phid, and email. verified correct results.

Reviewers: epriestley

Reviewed By: epriestley

CC: zeeg, aran, Koolvin

Maniphest Tasks: T1075

Differential Revision: https://secure.phabricator.com/D2416
2012-05-07 13:35:09 -07:00
epriestley
87207b2f4e Allow users to have multiple email addresses, and verify emails
Summary:
  - Move email to a separate table.
  - Migrate existing email to new storage.
  - Allow users to add and remove email addresses.
  - Allow users to verify email addresses.
  - Allow users to change their primary email address.
  - Convert all the registration/reset/login code to understand these changes.
  - There are a few security considerations here but I think I've addressed them. Principally, it is important to never let a user acquire a verified email address they don't actually own. We ensure this by tightening the scoping of token generation rules to be (user, email) specific.
  - This should have essentially zero impact on Facebook, but may require some minor changes in the registration code -- I don't exactly remember how it is set up.

Not included here (next steps):

  - Allow configuration to restrict email to certain domains.
  - Allow configuration to require validated email.

Test Plan:
This is a fairly extensive, difficult-to-test change.

  - From "Email Addresses" interface:
    - Added new email (verified email verifications sent).
    - Changed primary email (verified old/new notificactions sent).
    - Resent verification emails (verified they sent).
    - Removed email.
    - Tried to add already-owned email.
  - Created new users with "accountadmin". Edited existing users with "accountadmin".
  - Created new users with "add_user.php".
  - Created new users with web interface.
  - Clicked welcome email link, verified it verified email.
  - Reset password.
  - Linked/unlinked oauth accounts.
  - Logged in with oauth account.
  - Logged in with email.
  - Registered with Oauth account.
  - Tried to register with OAuth account with duplicate email.
  - Verified errors for email verification with bad tokens, etc.

Reviewers: btrahan, vrana, jungejason

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1184

Differential Revision: https://secure.phabricator.com/D2393
2012-05-07 10:29:33 -07:00