1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-23 23:32:40 +01:00
Commit graph

1051 commits

Author SHA1 Message Date
epriestley
b2b677d446 Fix some sloppiness with definition of $slug. 2011-08-31 12:00:34 -07:00
epriestley
de170bf001 Fix autoload map. 2011-08-30 18:09:02 -07:00
epriestley
0996697810 Remove 4-way cookie purge logic
Summary: HPHP has behaviorial differences from PHP which make this logic
problematic and we provide a good error message to users when there's a cookie
issue now, so unsplit the cookie logic and just clear the same cookie we'd
otherwise set, as per ssl / base domain.

Test Plan: Logged in and out of my local install.

Reviewers: jungejason

Reviewed By: jungejason

CC: aran, jungejason

Differential Revision: 876
2011-08-30 16:52:33 -07:00
epriestley
701bf8317f Provide access to Phriction via Conduit
Summary:
Provide three Phriction methods for programmatic access to Phriction:

  - phriction.info: get information about a document
  - phriction.history: get change history for a document
  - phriction.edit: create or update a document

I moved all the editing/creation logic into a new PhrictionDocumentEditor to
share code between the Conduit and Web edit pathways.

Test Plan: Got info and history via conduit. Edited and created new pages via
conduit and web.

Reviewers: hsb, jungejason, tuomaspelkonen, aran, hunterbridges

Reviewed By: hunterbridges

CC: skrul, aran, hunterbridges

Differential Revision: 866
2011-08-30 15:52:45 -07:00
mgummelt
ee6c24b98d Add two new conduit methods: createlintresults and getdiffproperty
Summary:
We need createlintresults because we are doing extended
static analysis offline, and thus we need to be able to update the
lint results associated with a diff.  This is similar to
updateunitresults, but "create" is more accurate than "update" since
we never need to change existing lint results.

getdiffproperty is used by the client to ensure it isn't creating any
duplicates lint results.  It's the symmetric operation to
setdiffproperty, which already exists.

Test Plan:
We have a new offline linter that I used to test.  This
linter calls getdiffproperty on every run.

1. Tested updating an existing set of lint results by first running
"arc diff" with lint errors caught by the local linter, then later
running offline analysis which catches one other error and updates via
createlintresults.  Ensured the differential lint results were as
expected.

2. Tested the creation of an entirely new diff property through
createlintresults.  I first ran "arc diff --nolint" to skip all lint
results, then ran offline analysis which caught an error and updated
through createlintresults.  Ensured differential lint results were as
expected.

Reviewers: epriestley

Reviewed By: epriestley

CC: dpepper, aran, mgummelt, jungejason, epriestley

Differential Revision: 868
2011-08-30 15:14:27 -07:00
epriestley
39ca1e7e39 Add user.info and phid.info Conduit methods
Summary: Allow user and arbitrary object lookup by PHID.

Test Plan: Executed user.whoami, user.info, user.find and phid.info via Conduit
console.

Reviewers: jungejason, tuomaspelkonen, aran, nh

Reviewed By: nh

CC: skrul, aran, nh, jungejason, epriestley

Differential Revision: 870
2011-08-30 12:46:02 -07:00
epriestley
f7e136ecd2 Remove accidental double-rendering of content sources from Differential
Summary: Oops, I left this in from an earlier version and missed it since I was
mostly looking at Maniphest for testing. We already render this information in
the header, don't additionally render it under the comments.

Test Plan: derp derp, loaded any revision with sourced comments

Reviewers: jungejason, tuomaspelkonen, aran

Reviewed By: jungejason

CC: aran, jungejason

Differential Revision: 871
2011-08-30 12:16:43 -07:00
epriestley
76c11ea32e Add "maniphest.find" to Conduit
Summary: Execute searches like the primary Maniphest task list. Let me know what
else you guys need from this API.

Test Plan: Executed "maniphest.info" and "maniphest.find"

Reviewers: jungejason, tuomaspelkonen, aran, nh

Reviewed By: nh

CC: blair, skrul, aran, jungejason, epriestley, nh, tuomaspelkonen

Differential Revision: 867
2011-08-30 11:09:08 -07:00
epriestley
69445222f7 Track content sources (email, web, conduit, mobile) for replies
Summary:
When an object is updated, record the content source for the update. This mostly
isn't terribly useful but one concrete thing I want to do with it is let admins
audit via-email replies more easily since there are a bunch of options which let
you do hyjinx if you intentionally configure them insecurely. I think having a
little more auditability around this feature is generally good. At some point
I'm going to turn this into a link admins can click to see details.

It also allows us to see how frequently different mechanisms are used, and lets
you see if someone is at their desk or on a mobile or whatever, at least
indirectly.

The "tablet" and "mobile" sources are currently unused but I figured I'd throw
them in anyway. SMS support should definitely happen at some point.

Not 100% sure about the design for this, I might change it to plain text at some
point.

Test Plan: Updated objects and saw update sources rendered.

Reviewers: jungejason, tuomaspelkonen, aran

Reviewed By: jungejason

CC: aran, epriestley, jungejason

Differential Revision: 844
2011-08-30 11:08:27 -07:00
epriestley
764d3d1c65 Make "pcntl" script error more explicit
Summary: This may make it easier to debug problems with CLI + pcntl

Test Plan: Added a syntax error to the script and got more useful output

Reviewers: johnduhart, jungejason, tuomaspelkonen, aran

Reviewed By: johnduhart

CC: aran, johnduhart

Differential Revision: 869
2011-08-29 10:07:25 -07:00
epriestley
0334a92621 Save empty fields as no row, not an empty row
Summary: When a user stores the empty string in an auxiliary field, simply don't
store it, and delete it if it already exists.

Test Plan: Edited a revision with an empty "Quack" field, got an empty row in
the DB. Applied patch, edited empty again, row went away. Edited empty again,
still no row. Edited and put something in the field, got a row.

Reviewers: jungejason, tuomaspelkonen, aran

Reviewed By: jungejason

CC: aran, jungejason

Differential Revision: 865
2011-08-26 16:26:02 -07:00
epriestley
99b9ceb6d7 Fix arcanist documentation to include "set -e" in example SVN hooks
Summary: "set -e" causes the script to exit if any command returns nonzero.
Without it, we incorrectly discard the failure code. At Facebook everything runs
in "set -e" or some equivalent so I never picked this up in testing.

Test Plan:
Added the hook to my svn local, it blocked bad commits and allowed good ones.

  >>> orbital:~/devtools/svnroot $ svn commit -m "quaa"
  Sending        test.php
  Transmitting file data .svn: Commit failed (details follow):
  svn: Commit blocked by pre-commit hook (exit code 1) with output:

  LINT ERRORS

  This changeset has lint errors. You must fix all lint errors before you can
  commit.

  You can add '@bypass-lint' to your commit message to disable lint checks for
  this commit, or '@nolint' to the file with errors to disable lint for that
  file.

  >>> Lint for test.php:

     Error  (XHP1) PHP Syntax Error!
      This file contains a syntax error: XHPAST Parse Error: syntax error,
      unexpected '}' on line 1

      >>>        1 <?php asdddddd;!}}

Reviewers: svemir, jungejason, tuomaspelkonen, aran

Reviewed By: svemir

CC: aran, svemir, epriestley

Differential Revision: 864
2011-08-26 11:51:38 -07:00
epriestley
f4e25b7a35 Sync Phabricator to Javelin HEAD
Summary: cpiro reported a cache inconsistency issue from a push a while ago
which this should fix (see #?????), and we haven't sync'd in a while anyway.

Test Plan: Poked some interfaces very gently.

Reviewers: cpiro, cpojer, tomo, jungejason, tuomaspelkonen, aran

Reviewed By: tomo

CC: aran, epriestley, tomo, cpiro

Differential Revision: 859
2011-08-25 18:14:47 -07:00
Nicholas Harper
8c0e5e1c58 Turn off write guard when saving differential comment cache
Summary:
It is possible to view a comment that has no cache; when viewing such a comment
the request doesn't have a csrf token and there is no need for one, so we turn
off the write guard.

Test Plan:
loaded an old diff that had no cache, and the page loaded instead of throwing
an AphrontCSRFException.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: 858
2011-08-25 15:45:16 -07:00
moos3
69f7581582 Fixed the missing space after the : for vote 2011-08-23 22:03:56 -04:00
moos3
003694458b fixes 2011-08-23 21:21:00 -04:00
moos3
dd9b15600a added the support for slowvote links from the bot 2011-08-23 21:17:27 -04:00
Evan Priestley
556531cb1c Merge pull request #59 from hwang36/delete_line
Delete one line
2011-08-23 14:34:16 -07:00
epriestley
d1134810d6 Allow insecure mail auth with "Reply-To" header
Summary: Quora wants to handle some moderation tasks with Phabricator, but want
to lower the barrier to entry for the install and let moderators adopt it
gradually. One request is to allow auth rules to be relaxed so we can auth based
on Reply-To to make things easier. This is insecure if configured but not really
a big deal and the patch isn't big or complicated.

Test Plan: Sent a test email with bogus "From" but valid "Reply-To". It was
rejected with this setting off, and allowed with this setting on.

Reviewers: jungejason, tuomaspelkonen, aran

Reviewed By: jungejason

CC: aran, jungejason

Differential Revision: 842
2011-08-23 14:13:04 -07:00
epriestley
04b4f04cb9 Render internal stack frames more reasonably
Summary: Some stack frames do not have file/line information, e.g. __autoload
triggers. Render these as "Internal".

Test Plan: Reloaded a trace with an internal __autoload() frame, got
"(Internal)" instead of ": 0" with warnings.

Reviewers: jungejason, tuomaspelkonen, aran

Reviewed By: jungejason

CC: aran, jungejason

Differential Revision: 843
2011-08-23 14:12:41 -07:00
epriestley
fd0f4d9c52 Delay sending JOIN command until after MOTD finishes for IRC bot
Summary: Do JOIN in the protocol handler, after we receive 376 ("end of motd").

Test Plan: Ran bot, it joined a channel after receieving a 376 command.

Reviewers: moos3, codeblock, aran, jungejason, tuomaspelkonen

Reviewed By: moos3

CC: aran, moos3

Differential Revision: 855
2011-08-23 14:12:30 -07:00
Hua Wang
e903b82fff Delete one line
Summary: Delete one line which has no effect.

Test Plan: Open revision page to make sure it still works.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: 852
2011-08-23 00:45:43 -07:00
epriestley
30024a8d86 Render full close status, not just "Closed", in Maniphest list view
Summary: Instead of just saying a task is "Closed", say "Resolved", "Wontfix",
etc.

Test Plan: Looked at task list view, saw "Resolved", "Wontfix", etc.

Reviewers: skrul, hunterbridges, jungejason, tuomaspelkonen, aran

Reviewed By: skrul

CC: aran, skrul, jungejason, epriestley

Differential Revision: 851
2011-08-22 18:27:03 -07:00
epriestley
6cae153569 Allow CommitTask daemon to recover from deleted repositories
Summary: If a user partially discovers a repository and then deletes it, the
timeline will have events from the old repository which this daemon won't be
able to parse.

Test Plan: @ajtrichards, can you apply this locally and restart your daemons
(##phd stop##, then relaunch them) and let me know if it fixes the issue?

Reviewers: ajtrichards, jungejason, tuomaspelkonen, aran

Reviewed By: ajtrichards

CC: aran, epriestley, ajtrichards

Differential Revision: 845
2011-08-22 15:41:27 -07:00
Evan Priestley
3dbe60b388 Merge pull request #55 from svemir/patch1
SVN error message may also be "File not found"
2011-08-22 15:22:24 -07:00
Richard
9192a0ecf8 Added the ability for SSL to be fined in the irc_config.json file, if not there we assume that its false and continue on our way. if "ssl":true is in the config then we are going to use ssl:// to make the connection use openssl. 2011-08-22 15:20:57 -07:00
moos3
2d677d3992 added the ability for the irc nick to have a identify password. just add "nickpass":"password" to your irc_config.json file and it will identify on connect" 2011-08-22 15:20:57 -07:00
Svemir Brkic
e4093e8013 SVN error message may also be "File not found" 2011-08-22 17:34:37 -04:00
Nicholas Harper
bd2b557b42 Mark diffusion browse result as empty directory when appropriate
Summary:
When selecting children of a directory, it is possible that none of its
children exist anymore even though the directory still exists. After fetching
the children but before returning them, we should check whether there are any,
and if there are no children, set the reason as empty directory.

Test Plan:
In sandbox, browsed in diffusion to a directory that exists but has no
files and saw that it has a useful message instead of a vague exception.

Reviewers: epriestley, tuomaspelkonen, jungejason

Reviewed By: tuomaspelkonen

CC: aran, tuomaspelkonen

Differential Revision: 846
2011-08-22 14:28:36 -07:00
Richard
fbef90c4c6 Added the ability to support Irc Bots that need to login into private IRC Servers. Requires the following to be added to the config.json file
"user":"authenticationusername",
"pass":"thisuserspassowrd",

This will allow people with internal irc servers to use this if they control access from ldap for irc.
2011-08-22 11:12:34 -07:00
David Reuss
c236e4ad72 Enable support for a single reply-handler for outbound emails
Summary:
This allows you to configure a single mailbox for all mail sent by phabricator,
so you
can keep a mailaddress like bugs@example.com and don't need a catchall on your
domain/subdomain.

Test Plan:
Enabled and disabled suffix. Saw mails generated have to correct prefix. Also
piped raw mails
into the scripts/mail/mail_handler.php and ensured comments went into
phabricator for both maniphest
and differential.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: 815
2011-08-22 10:20:49 +02:00
epriestley
5bf28498c8 Provide a basic maniphest.createtask method via Conduit
Summary: This could be a lot fancier but let's see what else we need. Also fixed
some bugs with maniphest.info.

Test Plan: Used the Conduit web console to create some tasks with different
values.

Reviewers: jungejason, tuomaspelkonen, aran

Reviewed By: jungejason

CC: aran, jungejason, epriestley

Differential Revision: 824
2011-08-21 14:04:01 -07:00
epriestley
57208dfd52 Strip port numbers from HTTP host headers before comparing them for cookie
purposes

Summary:
Browsers send port numbers (like ":443" or proxy ports) in the Host header and
we'll currently reject them with a message like:

> Blah is configured on "x.y.com" but you are accessing it on "x.y.com:443".

Instead, examine only the host part.

Test Plan: Had my local listen on port 81 and accessed Phabricator before/after
the change; it now works without throwing.

Reviewers: jungejason, tuomaspelkonen, aran

Reviewed By: jungejason

CC: aran, epriestley, abdul, jungejason

Differential Revision: 841
2011-08-21 11:47:28 -07:00
Jason Ge
c04805cde4 Open AphrontWriteGuard for user login
Summary: Open AphrontWriteGuard for user login.

Test Plan: verified that the user can log in.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: 840
2011-08-19 21:30:10 -07:00
epriestley
411e16771a Make detection/recovery for bad cookies more strict
Summary: When a user has bad cookies, try to clear everything and tell them they
might need to manually clear things.

Test Plan: Added "&& false" to the valid branch and got the exception message.

Reviewers: jungejason

Reviewed By: jungejason

CC: aran, jungejason

Differential Revision: 839
2011-08-19 15:45:35 -07:00
epriestley
67de714a2f Remove (most) support for 'differential.attach-task-class'
Summary:
After D814 and D829, you should be able to implement this logic in the
didWriteRevision() method of the field.

Note that the attacher is still referenced in
ConduitAPI_differential_updatetaskrevisionassoc_Method. This method should
probably be moved to facebook/ since it's pretty Facebook-specific.

No rush on any of this, it's not hurting anything.

Test Plan:
  - Hit differential.getcommitmessage
  - Ran 'arc diff'

Reviewers: jungejason, tuomaspelkonen, aran

Reviewed By: jungejason

CC: aran, jungejason

Differential Revision: 830
2011-08-19 14:10:30 -07:00
epriestley
ed33e59c5a Fix login issue with stale HTTP vs HTTPS cookies
Summary:
In D758, I tightened the scope for which we issue cookies. Instead of setting
them on the whole domain we set them only on the subdomain, and we set them as
HTTPS only if the install is HTTPS.

However, this can leave the user with a stale HTTP cookie which the browser
sends and which never gets cleared. Handle this situation by:

  - Clear all four <domain, https> pairs when clearing cookies ("nuke it from
orbit").
  - Clear 'phsid' cookies when they're invalid.

Test Plan: Applied a hackier version of this patch to secure.phabricator.com and
was able to login with a stale HTTP cookie.

Reviewers: jungejason, tuomaspelkonen, aran

Reviewed By: jungejason

CC: aran, jungejason

Differential Revision: 838
2011-08-19 14:09:41 -07:00
Ricky Elrod
638bb7ae3f Allow files to be attached to Maniphest tasks while the task is being created.
Summary:
This commit lets users who are filing Maniphest tasks to attache files to them
right off the bat.

Test Plan:
{F3545}

and

{F3546}

Reviewers: epriestley, fmoo, aran

CC:

Differential Revision: 837
2011-08-19 12:44:01 -04:00
epriestley
dc39571d63 Simplify default field loadout for Differential
Summary:
Remove the blame revision, revert plan and lines fields from the default field
loadout. (After D829 this doesn't cause issues where we have bogus dictionary
entries.)

You should add these back to the Facebook configuration since Facebook wants
these fields. However, I want to keep the default stack very light and I never
saw a huge amount of value in these fields at Facebook so I don't think they
make the cut. Sorry, tomo. ;_;

Test Plan: Ran "arc diff" locally.

Reviewers: jungejason, tuomaspelkonen, aran

Reviewed By: aran

CC: aran, tomo, epriestley

Differential Revision: 831
2011-08-18 19:51:32 -07:00
epriestley
ebdd6d3d11 Fix a variable typo which prevents metadata from attaching to @mention
Differential comments

Summary: If you @mention several users, at least one of which is already CC'd,
we unset all the CCs and don't attach the "Added CCs: ..." block to the comment.

Test Plan: @mentioned two users, one of whom was already CC'd.

Reviewers: jungejason, tuomaspelkonen, aran

Reviewed By: jungejason

CC: aran, jungejason

Differential Revision: 827
2011-08-18 19:49:52 -07:00
epriestley
0be3db03ee Drive Differential commit message parsing through extensible fields
Summary:
I think this is the last major step -- use the fields to parse commit messages,
not a hard-coded list of stuff. This adds two primary methods to fields, one to
get all the labels they'll parse (so we can do "CC" and "CCs" and treat them as
the same field) and one to parse the string into a canonical representation
(e.g., lookup reviewers and such).

You'll need to impelement the one block of task-specific stuff I removed in
Facebook's task field:

  list($pre_comment) = split(' -- ', $data);
  $data = array_filter(preg_split('/[^\d]+/', $pre_comment));
  foreach ($data as $k => $v) {
    $data[$k] = (int)$v;
  }
  $data = array_unique($data);
  break;

Otherwise I think this is clean.

Test Plan:
  - Called the conduit method with various commit messages, parsed fields/errors
seemed correct.
  - "arc diff"'d this diff onto localhost, then updated it.
  - "arc amend"'d this diff.

Reviewers: jungejason, tuomaspelkonen, aran

Reviewed By: jungejason

CC: aran, jungejason, epriestley

Differential Revision: 829
2011-08-18 19:49:39 -07:00
epriestley
735120b842 Fix bug where CC value is ignored on intial parse from commit message
Summary: While I thought this was complicated, there was nothing subtle or
tricky here -- I just misnamed a variable.

Test Plan: Created a revision with default CCs, got CCs instead of nothing.

Reviewers: aran, jungejason, tuomaspelkonen

Reviewed By: aran

CC: aran

Differential Revision: 834
2011-08-18 13:08:28 -07:00
Jason Ge
4693ffa82b Deprecate generateProperties
Summary:
deprecate generateProperties() from class
DifferentialRevisionDetailRenderer. Custom fields now provides a much
more powerful version of generateProperties().

Depends on D814.

Test Plan:
implemented facebook task field with custom field and
verified it worked.

Reviewers: epriestley, tuomaspelkonen

Reviewed By: epriestley

CC: aran, jungejason, epriestley

Differential Revision: 826
2011-08-18 11:33:10 -07:00
epriestley
2bb4cf149e Fix SendGrid adapter for HTTPSFuture changes. 2011-08-18 09:55:35 -07:00
epriestley
6dc193d3d9 Fully update library map. 2011-08-18 09:52:36 -07:00
epriestley
a67ce60d67 Unguard two external POST endpoints from CSRF. 2011-08-18 07:25:45 -07:00
epriestley
ae7488f710 Drive commit message rendering from field specifications
Summary:
When rendering commit messages, drive all the logic through field specification
classes instead of the hard-coded DifferentialCommitMessageData class. This
removes DifferentialCommitMessageData and support classes.

Note that this effectively reverts D546, and will cause a minor break for
Facebook (Task IDs will no longer render in commit messages generated by "arc
amend", and will not be editable via "arc diff --edit"). This can be resolved by
implementing the feature as a custom field. While I've been able to preserve the
task ID functionality elsewhere, I felt this implementation was too complex to
reasonably leave hooks for, and the break is pretty minor.

Test Plan:
  - Made numerous calls to differential.getcommitmessage across many diffs in
various states, with and without 'edit' and with and without various field
overrides.
  - General behavior seems correct (messages look accurate, and have the
expected information). Special fields like "Reviewed By" and "git-svn-id" seem
to work correctly.
  - Edit behavior seems correct (edit mode shows all editable fields, hides
fields like "Reviewed By").
  - Field overwrite behavior seems correct (overwritable fields show the correct
values when overwritten, ignore provided values otherwise).

Reviewed By: jungejason
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran, jungejason
Differential Revision: 814
2011-08-18 07:20:20 -07:00
epriestley
966778c2bd Improve unhandled exception dialogs
Summary:
Make the unhandled exception dialogs slightly more useful:

  - Make them easier to read.
  - Link to files from Phabricator libraries.
  - Don't show traces by default.
  - Show traces in development mode.
  - Rename button from "Cancel" to "Close" and only show it for Ajax.

Test Plan: Rigged DirectoryHomeController to throw, loaded home page. Changed
stack trace setting in config. Clicked some files in the trace.
Reviewed By: aran
Reviewers: aran, jungejason, tuomaspelkonen, codeblock
CC: aran, epriestley
Differential Revision: 823
2011-08-17 16:23:11 -07:00
epriestley
b291ad9807 Unguard thumbnail generation from CSRF. 2011-08-17 14:39:00 -07:00
epriestley
46b85ab212 Unguard conduit.getcertificate() so it can execute logging writes. 2011-08-17 12:26:30 -07:00
epriestley
0e6bc7c939 Unguard the DarkConsole XHProf profile write. 2011-08-17 12:21:35 -07:00
epriestley
b42b78f65c Unguard another safe write in Conduit token generation. 2011-08-17 12:00:35 -07:00
epriestley
cd3a3bf759 Make Herald Rules sticky in X-Herald-Rules
Summary:
See T354. List every rule which has ever been applied in X-Herald-Rules, not
just the ones which most recently triggered.

Also some random fixes while I was debugging this:

  - When conduit methods throw non-conduit exceptions, make sure they get
logged.
  - Trigger the Facebook "tasks" backcompat block only if we were going to fail
(this should reduce the shakniess of the transition).
  - Fix some log spew from the new field stuff.

Test Plan:
  - Created a rule (ID #3) "No Zebras" which triggers for revisions without
"zebra" in the title.
  - Created a revision without "zebra" in the title, got X-Herald-Rules: <2>,
<3>
  - Updated revision to have "zebra" in the title, verified rule did not trigger
in Herald transcript.
  - Verified X-Herald-Rules is still: <2>, <3>

Reviewed By: aran
Reviewers: aran, jungejason, tuomaspelkonen
CC: aran, epriestley
Differential Revision: 817
2011-08-17 10:38:29 -07:00
epriestley
90be65f6ec This write should also be unguarded, it is not vulnerable to CSRF. 2011-08-17 10:12:30 -07:00
epriestley
88eb6410b3 This is also an unguarded but CSRF-safe cache write. 2011-08-16 14:44:13 -07:00
epriestley
30abed8b05 Fix minor CSRF-patch issues. 2011-08-16 14:39:01 -07:00
epriestley
a3700022a8 Defer initial preview until CSRF header for JX.Request loads. 2011-08-16 14:31:52 -07:00
epriestley
2d22226ff0 Unguard the Differential update time write on GET. 2011-08-16 13:50:47 -07:00
epriestley
74f3112b1c Allow daemons to perform writes unconditionally. 2011-08-16 13:43:51 -07:00
epriestley
0964a9123f These conduit methods SHOULD allow unguarded writes. 2011-08-16 13:38:14 -07:00
epriestley
39b4d20ce5 Create AphrontWriteGuard, a backup mechanism for CSRF validation
Summary:
Provide a catchall mechanism to find unprotected writes.

  - Depends on D758.
  - Similar to WriteOnHTTPGet stuff from Facebook's stack.
  - Since we have a small number of storage mechanisms and highly structured
read/write pathways, we can explicitly answer the question "is this page
performing a write?".
  - Never allow writes without CSRF checks.
  - This will probably break some things. That's fine: they're CSRF
vulnerabilities or weird edge cases that we can fix. But don't push to Facebook
for a few days unless you're prepared to deal with this.
  - **>>> MEGADERP: All Conduit write APIs are currently vulnerable to CSRF!
<<<**

Test Plan:
  - Ran some scripts that perform writes (scripts/search indexers), no issues.
  - Performed normal CSRF submits.
  - Added writes to an un-CSRF'd page, got an exception.
  - Executed conduit methods.
  - Did login/logout (this works because the logged-out user validates the
logged-out csrf "token").
  - Did OAuth login.
  - Did OAuth registration.

Reviewers: pedram, andrewjcg, erling, jungejason, tuomaspelkonen, aran,
codeblock
Commenters: pedram
CC: aran, epriestley, pedram
Differential Revision: 777
2011-08-16 13:29:57 -07:00
epriestley
68c30e1a71 Provide a setting which forces all file views to be served from an alternate
domain

Summary:
See D758, D759.

  - Provide a strongly recommended setting which permits configuration of an
alternate domain.
  - Lock cookies down better: set them on the exact domain, and use SSL-only if
the configuration is HTTPS.
  - Prevent Phabriator from setting cookies on other domains.

This assumes D759 will land, it is not effective without that change.

Test Plan:
  - Attempted to login from a different domain and was rejected.
  - Logged out, logged back in normally.
  - Put install in setup mode and verified it revealed a warning.
  - Configured an alterate domain.
  - Tried to view an image with an old URI, got a 400.
  - Went to /files/ and verified links rendered to the alternate domain.
  - Viewed an alternate domain file.
  - Tried to view an alternate domain file without the secret key, got a 404.

Reviewers: andrewjcg, erling, aran, tuomaspelkonen, jungejason, codeblock
CC: aran
Differential Revision: 760
2011-08-16 13:21:46 -07:00
epriestley
355b753df7 Prevent file download without POST + CSRF
Summary: This prevents <applet /> attacks unless the attacker can upload an
applet which has a viewable MIME type as detected by `file`. I'm not sure if
this is possible or not. It should, at least, narrow the attack window. There
are no real tradeoffs here, this is probably a strictly better application
behavior regardless of the security issues.
Test Plan:
  - Tried to download a file via GET, got redirected to info.
  - Downloaded a file via POST + CSRF from the info page.

Reviewers: andrewjcg, erling, aran, jungejason, tuomaspelkonen
CC: aran
Differential Revision: 759
2011-08-16 13:19:16 -07:00
epriestley
3aa17c7443 Prevent CSRF uploads via /file/dropupload/
Summary:
We don't currently validate CSRF tokens on this workflow. This allows an
attacker to upload arbitrary files on the user's behalf. Although I believe the
tight list of servable mime-types means that's more or less the end of the
attack, this is still a vulnerability.

In the long term, the right solution is probably to pass CSRF tokens on all Ajax
requests in an HTTP header (or just a GET param) or something like that.
However, this endpoint is unique and this is the quickest and most direct way to
close the hole.

Test Plan:
  - Drop-uploaded files to Files, Maniphest, Phriction and Differential.
  - Modified CSRF vaidator to use __csrf__.'x' and verified uploads and form
submissions don't work.

Reviewers: andrewjcg, aran, jungejason, tuomaspelkonen, erling
Commenters: andrewjcg, pedram
CC: aran, epriestley, andrewjcg, pedram
Differential Revision: 758
2011-08-16 13:19:10 -07:00
epriestley
735847865c Improve error messages when hitting PHP file upload issues
Summary: See T429. When you hit certain errors, you get less-than-helpful
messages like "upload error 3". Instead, produce human-readable errors.
Test Plan: Simulated errors, verified user receives decent error messages.
Reviewed By: aran
Reviewers: jungejason, tuomaspelkonen, aran, startupguy
CC: aran
Differential Revision: 816
2011-08-16 13:16:41 -07:00
epriestley
ec0d91a3ff Drive revision update from Conduit via custom fields
Summary:
When we create or update a revision, we use a parsed commit message dictionary
to edit its fields. Drive consumption of the dictionary through custom fields
instead of hardcoding.

This requires adding some fields which don't really do anything right now to
cover fields which appear only in the commit message.

Test Plan: "arc diff"'d this revision against localhost, "arc diff"'d again to
update.
Reviewed By: jungejason
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran, jungejason
Differential Revision: 811
2011-08-15 10:25:54 -07:00
epriestley
a869dbf45b Implement all field edit interfaces on the custom field schema
Summary:
Moves the revision edit controller to be completely schema-driven.

Depends on D810.

Test Plan: Edited revisions. Entered intentionally invalid values to trigger
error conditions.
Reviewed By: jungejason
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran, jungejason, epriestley
Differential Revision: 810
2011-08-15 10:21:00 -07:00
epriestley
442d1dbeaa Move Differential's remaining field views to extensble field schema
Summary:
Move all the rest of the fields into the custom field schema, for revision
views.

I left a couple of stubs in here (willWriteRevision, didWriteRevision) since I'd
planned to do edits here too, but this diff is sort of big-ish already. I'll do
all the edit fields in the next revision.

Depends on D808.

Test Plan: Viewed, edited and conduit'ed some revisions.
Reviewed By: jungejason
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran, jungejason, epriestley
Differential Revision: 809
2011-08-15 10:20:46 -07:00
epriestley
5038b26018 Move Differential's read-only fields to the extensible field schema
Summary:
Move additional fields (which rely on loading handles) to the extensible field
classes and out of hardcoding in the controller.

Depends on D807.

Test Plan: Viewed, edited, and hit conduit for revisions.
Reviewed By: jungejason
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran, jungejason, epriestley
Differential Revision: 808
2011-08-15 08:39:58 -07:00
epriestley
52ec6c02ee Move Differential's simple fields to the extensible field schema
Summary:
Differential has a bunch of display-only fields, implement them all as field
specifications instead of hard-coded fields.

Also add some more documentation and fix redundant string constants in blame
rev/revert plan fields.

Test Plan: Viewed, edited, and hit conduit for revisions.
Reviewed By: jungejason
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran, jungejason, epriestley
Differential Revision: 807
2011-08-15 08:39:48 -07:00
epriestley
e5ecd784ec Tweak Maniphest custom fields
Summary:
  - Fix a bug where 'caption' didn't do anything.
  - Provide an abstract base implementation for extensions.
  - Add some documentation.
  - Expose aux fields via conduit.

Test Plan: Added some fields like "Dinosaur", "Kilograms" and "derp" on my local
install. Read documentation.
Reviewed By: jungejason
Reviewers: hunterbridges, jungejason, tuomaspelkonen, aran
CC: aran, philc, jungejason
Differential Revision: 785
2011-08-15 08:39:18 -07:00
epriestley
7aa1eff383 Expose Differential auxiliary fields in Conduit
Summary: Similar to D785 for Maniphest, expose auxiliary field values via
Conduit.
Test Plan: Ran revision.getinfo on a revision with aux fields, got them in the
response.
Reviewed By: jungejason
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran, jungejason
Differential Revision: 802
2011-08-14 10:43:38 -07:00
epriestley
e196bf5b43 Provide builtin definitions for "Blame Revision" and "Revert Plan" fields
Summary:
This is just to ease transitions for any installs which use these fields (e.g.,
Facebook). I'll write some docs and a migration script once this stuff is a
little more solid, too.

Depends on D800.

Technically these are "better" than the current fields since they show up other
places than the edit screen (derp derp).

Test Plan: Created a field selector which provides these; verified they work by
typing stuff into them and saving the revision.
Reviewed By: jungejason
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran, epriestley, jungejason
Differential Revision: 801
2011-08-14 10:04:50 -07:00
epriestley
9b3370368d Allow Differential custom fields to appear on edit and view interfaces
Summary: Depends on D798. Extends custom fields and makes the vaguely useful:
they can appear on the edit and view interfaces. This does not integrate them
with commit messages yet; that's more complicated but I plan to do it shortly.
Test Plan: Implemented a custom field per P123, it correctly appears on the edit
interface, persists, validates, and shows up when viewing the revision.
Reviewed By: jungejason
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran, epriestley, jungejason
Differential Revision: 800
2011-08-14 10:04:37 -07:00
epriestley
dd74903cae Add basic auxiliary field storage for Differential
Summary:
Precursor to building this out to solve T343. This is similar to the Maniphest
fields we landed recently, although I think they're dissimilar enough that it
isn't worth going crazy trying to make them share code, at least for now.

This doesn't really do anything yet, just adds a storage object and a couple of
selector/field indirection classes.

Test Plan: Ran SQL upgrade script, created an aux field.
Reviewed By: jungejason
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran, jungejason
Differential Revision: 798
2011-08-14 10:04:21 -07:00
epriestley
e137080d9c Fix missing SearchExecutor reference from D788. 2011-08-10 06:38:35 -07:00
epriestley
314e33c905 Loop subtask creation instead of task creation when in a subtask workflow
Summary: Simplify the division of a parent task into several subtasks by looping
the "create subtask" workflow. This replaces "Create Another Task" with "Create
Another Subtask" when you arrive via subtasking.
Test Plan:
  - Created a task, looped task create flow.
  - Created a subtask, looped subtask create flow.

Reviewed By: codeblock
Reviewers: hunterbridges, codeblock, jungejason, tuomaspelkonen, aran
CC: aran, codeblock, epriestley
Differential Revision: 779
2011-08-09 16:55:44 -07:00
mgummelt
d3b8389256 include revision id in getdiff conduit call
Summary:
we need to know the revision id in order to generate
differential links.  It would be amazing if there existed some library
for object <-> network call mapping, and we could get all the
information about an object given some unique ID rather than having to
create a dictionary manually.  One can dream...

Test Plan:
1. setup on test phabricator instance
2. called differential.getdiff from client code with a valid diffid
3. verified that the correct revisionID was included

Reviewed By: epriestley
Reviewers: epriestley
CC: dpepper, aran, epriestley, mgummelt
Differential Revision: 795
2011-08-09 15:57:24 -07:00
epriestley
b8e08f34f7 Provide an indirection layer between documents and the search engine
Summary:
In preparation for adding another search engine (see T355):

  - Rename "executor" to "engine".
  - Move all engine-specific operations into the engine. Specifically, this
means that indexing moves out of the document store and into the engine (it was
sort of silly where it was before).
  - Split choice of an engine into an overridable "selector" class, a base API,
and a concrete MySQL implementation (just like storage engine selection).
  - Make all callers go through the indirection layer.

The default selector just unconditionally selects the MySQL engine, but now
(with D786) I can build an Elastic Search engine and you guys can build a
multi-target engine if you want and I don't get there fast enough.

Test Plan:
  - Created a new document (task).
  - Searched for and found it.
  - Viewed index reconstruction.

Reviewed By: jungejason
Reviewers: jungejason, amckinley, tuomaspelkonen, aran
CC: aran, jungejason, epriestley
Differential Revision: 788
2011-08-08 11:43:05 -07:00
epriestley
e35d72f489 Build a basic calendar view
Summary:
This is a very small step toward building a Status and possibly an Oncall tool.
Build a calendar view which renders months.

Much of my hesitance to bang these tools out is that dealing with
dates/calendaring is basically horrible, so I'm trying to ease into it.

This calendar is locale-aware and all that jazz.

Test Plan:
  - See:
https://secure.phabricator.com/file/view/PHID-FILE-c07a9c663a7d040d2529/
  - Verified that months have the right number of days, today is the right day
of the week, months begin on the day after previous months end on, etc.

Reviewed By: aran
Reviewers: jungejason, tuomaspelkonen, aran
Commenters: cwbeck, jungejason
CC: blair, aran, epriestley, cwbeck, jungejason
Differential Revision: 791
2011-08-08 10:34:06 -07:00
epriestley
fa49c6c52d Provide a "reference-with-full-name" syntax for Remarkup
Summary:
Provide a {T123} syntax which pulls in the entire name of an object, not just a
link to it. A major use for this is organizing projects using wiki pages. Since
handle links show object status now, this lets you organize stuff in an ad-hoc
way and get a reasonable overview of it. We can make handles richer in the
future, too.

The performance on this isn't perfect (it adds some potential single gets) but I
think it's okay for now and I don't want to make remarkup engine even more
complex until the preprocess/postprocess stuff has had a chance to settle and
I'm more confident it works.

In Differential and Maniphest we'll also incorrectly cache the object
state/name, but that'll fix itself once I move the cache code to use
preprocess/postprocess correctly.

Test Plan:
  - See https://secure.phabricator.com/file/view/PHID-FILE-5f9ca32407bec20899b9/
for an example.
  - Generated and looked over the documentation.

Reviewed By: jungejason
Reviewers: jungejason, tuomaspelkonen, aran, hunterbridges
CC: skrul, aran, jungejason, epriestley
Differential Revision: 784
2011-08-06 12:55:16 -07:00
epriestley
233511419c Update Celerity map. 2011-08-05 17:43:56 -07:00
epriestley
6cd58b17b4 Refactor Phabricator mention rule to do data fetching in post processing
Summary:
This accomplishes two goals:

  - Data fetching is now grouped across blocks.
  - Demonstrates that D737 actually works.

Test Plan: Used @mentions in Phriction preview, they rendered properly. Verified
only one service call was being made across blocks.
Reviewed By: jungejason
Reviewers: hunterbridges, jungejason, tuomaspelkonen, aran
CC: aran, jungejason, epriestley
Differential Revision: 738
2011-08-05 08:18:52 -07:00
epriestley
d064c6efa8 Use exceptions for S3 error messages
Summary:
Right now, the "SimpleEmailService" class uses trigger_error() to communicate
error messages. This means they get lost in the error logs and aren't visible in
the MetaMTA interface.

Provide a flag to strengthen them into exceptions, instead.

(I've attempted to emulate the prevailing style so I can offer this upstream.)

Test Plan: Faked an error condition and got a detailed stack trace in MetaMTA
instead of an empty "Message" field.
Reviewed By: jungejason
Reviewers: hunterbridges, codeblock, jungejason, tuomaspelkonen, aran
CC: aran, jungejason
Differential Revision: 783
2011-08-04 14:17:13 -07:00
epriestley
c0ce76abb8 Add a "Create Subtask" operation to Maniphest
Summary:
Add a new "Create Subtask" action that allows you to quickly split a task into
dependent subtasks, using the parent task as a template.

Followups:

  - Cause "workflow=<parent>" to change "Create Another Task" into "Create
Another Subtask" (after D736).
  - Show parent tasks (requires some schema stuff).

Test Plan:
  - Created a new task.
  - Created a new subtask.

Reviewed By: codeblock
Reviewers: hunterbridges, codeblock, jungejason, tuomaspelkonen, aran
CC: aran, codeblock
Differential Revision: 774
2011-08-03 14:14:31 -07:00
epriestley
6eea500bbd Document character encoding policies and how to fix mangled UTF8 files
Summary:
See D431, where I promised to document this like 2 months ago. Document that:

  - Everything should be UTF-8.
  - ASCII is recommended.
  - How to identify and repair files which aren't valid UTF-8.
  - What to do if you're using some other encoding.

Test Plan: Generated and read documentation.
Reviewed By: codeblock
Reviewers: edward, codeblock, jungejason, tuomaspelkonen, aran
CC: aran, codeblock
Differential Revision: 776
2011-08-03 14:04:52 -07:00
epriestley
3b76dd11a9 Add object status to Handles
Summary:
We use ObjectHandles as proxy objects which can refer to any other object in the
system. Add the concept of the underlying object's "status" (e.g., open, closed
or busy).

This allows us to render completed tasks and revisions with strikethrough. In
the future, if we implement OOO or something, we could render users with a
"busy" status if they're on vacation, etc.

Test Plan: Viewed a task with closed revisions and dependencies:
https://secure.phabricator.com/file/view/PHID-FILE-6183e81286fa3288d33d/
Reviewed By: codeblock
Reviewers: codeblock, hunterbridges, jungejason, tuomaspelkonen, aran
CC: aran, codeblock
Differential Revision: 772
2011-08-03 14:02:45 -07:00
epriestley
774211af76 Tweak style on "Create Another Task" button
Summary:
Not totally sure I'm in love with this but I think it's somewhat non-terrible,
despite the lack of lens flare.

Also made "Cancel" take you back to the task if you got to "Create" from "Create
Another Task".

Test Plan:
  - Style:
https://secure.phabricator.com/file/view/PHID-FILE-ad37d3c1f3b2c7a7a7d1/
  - Hit "Cancel" from "Create Another", got sent back to task.
  - Hit "Cancel" from normal create, got sent back to list.
  - Tried to save an invalid task after making changes to CC/Projects, changes
were preserved.

Reviewed By: codeblock
Reviewers: hunterbridges, jungejason, tuomaspelkonen, aran, codeblock
CC: aran, epriestley, codeblock
Differential Revision: 736
2011-08-03 13:15:18 -07:00
epriestley
4061593f18 Update celerity map 2011-08-03 13:12:18 -07:00
epriestley
bd3a14f248 Add an Amazon S3 storage engine for Phabricator
Summary: Implements an S3 storage engine option for Phabricator.
Test Plan:
  - Uploaded files to S3.
  - Looked at them.
  - Verified they appeared in S3 using the S3 file browser.

Reviewed By: jungejason
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran, jungejason
Differential Revision: 752
2011-08-03 10:58:03 -07:00
epriestley
07696e93fb Improve documentation for specifying env vars
Summary: This syntax is somewhat obscure and awkward, try to document it more completely in the location users are most likely to run into it for the first time.

Test Plan: Generated documentation: https://secure.phabricator.com/file/view/PHID-FILE-ba958fd365e5312d9077/

Reviewers: codeblock, egillth, jungejason, tuomaspelkonen, aran

CC:

Differential Revision: 775
2011-08-03 09:45:04 -07:00
epriestley
b288b49cea Update doc example. 2011-08-03 09:16:50 -07:00
epriestley
29444d1df3 Add a little more unit test documentation, fail loudly when isolation prevents a
query

Summary:
  - Provide an example unit test, and document it.
  - Document database isolation better.
  - When we issue an unsimulated query to the isolated connection, throw a
helpful message.
  - Pygments is complaining about my madeup "lang=demo", change it to
"lang=text".

Test Plan:
  - Ran the unit test (sanity check).
  - Ran all other unit tests (verify I didn't break isolation).
  - Added a queryfx(..., 'SELECT 1') to a test and verified it throws.
  - Read the documentation.

Reviewed By: edward
Reviewers: edward, jungejason, tuomaspelkonen, aran
CC: aran, edward
Differential Revision: 773
2011-08-03 09:15:43 -07:00
hunterbridges
fecde0f6d2 Fixed auxiliary field submit bug on new task
Reviewers: epriestley
Test Plan: Configure auxiliary fields, create new task
2011-08-02 13:58:52 -05:00
epriestley
f49e35deaf Basic task dependencies for Maniphest
Summary:
This allows you to edit dependencies. It is a better patch than it used to be.
It depends on D725.

  - If you create a cycle, it just throws an exception and aborts the workflow.
It should not do this.
  - Tasks which depend on the current task aren't shown in the UI. Need to add a
new table for this.
  - Transaction text says "attached Task" but should probably say "added a
dependency on task".

Test Plan: Created valid and invalid dependencies between tasks. Created valid
and invalid dependencies between revisions.
Reviewed By: tuomaspelkonen
Reviewers: davidreuss, jungejason, tuomaspelkonen, aran
Commenters: codeblock
CC: aran, codeblock, tuomaspelkonen, epriestley
Differential Revision: 595
2011-08-02 11:16:31 -07:00
epriestley
054ac65a9d Very basic unit test documentation
Summary: This needs work but is better than nothing.
Test Plan: Generated and read documentation, clicked links.
Reviewed By: edward
Reviewers: edward
CC: aran, edward
Differential Revision: 765
2011-08-02 11:11:09 -07:00
epriestley
6ee6fcf36f "indigo" and "violet" are perfectly valid. 2011-08-02 10:48:14 -07:00
epriestley
8a03a73e95 Fix some brace lint stuff.
Summary: New brace linter picked these up (see D755).
Test Plan: Visual inspection.
Reviewed By: jungejason
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran, jungejason
Differential Revision: 756
2011-08-02 10:40:45 -07:00
epriestley
2bcdaad16c Add CSS for Rainbow syntax highlighter
Summary: See D768
Test Plan: Looked at highlighted .rainbow files
Reviewed By: pedram
Reviewers: tristanfisher, jungejason, tuomaspelkonen, aran, codeblock, pedram
Commenters: tristanfisher
CC: aran, pedram, tristanfisher
Differential Revision: 769
2011-08-02 10:40:15 -07:00
hunterbridges
4903038940 Support for config-based custom fields in Maniphest
Test Plan: Add fields to config based on specification on T335. View on Task
Edit and Task Detail. Supported types are string, int and select
Reviewed By: epriestley
Reviewers: epriestley
CC: aran, epriestley, hunterbridges
Differential Revision: 753
2011-08-02 10:07:27 -07:00
epriestley
b5ada76ab0 Explicitly show that "escape" closes dialogs in Phabricator
Summary: See T382. I think bill also asked about this (T308); there's no way to
figure it out right now.
Test Plan:
  - Hit "?", verified the dialog now reveals that escape closes it.
  - Hit escape, dialog vanished.

Reviewed By: jungejason
Reviewers: fzamore, bill, codeblock, jungejason, tuomaspelkonen, aran
CC: aran, jungejason
Differential Revision: 763
2011-08-02 09:21:28 -07:00
Edward Speyer
9e2231f6d6 Revert "Generated code> make it harder to mark code as generated"
Summary: This reverts commit e15da75687.
Test Plan: None
Reviewed By: epriestley
Reviewers: epriestley
CC: aran, epriestley
Differential Revision: 762
2011-08-02 14:47:10 +01:00
Edward Speyer
e15da75687 Generated code> make it harder to mark code as generated
Summary: It's now harder to accidentally mark code as generated.
Test Plan:
Tested with this diff in my sandbox; only file "D" was shown, the others
were marked as generated:

  diff --git a/A b/A
  index e69de29..780b46c 100644
  --- a/A
  +++ b/A
  @@ -0,0 +1,2 @@
  +@generated
  +Tue Jun  7 16:41:17 PDT 2011
  diff --git a/B b/B
  index e69de29..b55fe21 100644
  --- a/B
  +++ b/B
  @@ -0,0 +1,3 @@
  +/**
  + * @generated by ed
  + */
  diff --git a/C b/C
  index e69de29..e0f808a 100644
  --- a/C
  +++ b/C
  @@ -0,0 +1,3 @@
  +/**
  + * {@generated <<jonx>lol>}
  + */
  diff --git a/D b/D
  index e69de29..89e8829 100644
  --- a/D
  +++ b/D
  @@ -0,0 +1,2 @@
  +string = STDIN.readlines
  +string.include?('@generated')

Reviewed By: jungejason
Reviewers: jungejason
CC: aran, edward, jungejason
Differential Revision: 408
2011-08-02 12:50:37 +01:00
epriestley
6deddbfc70 Better enforce uniqueness for email delivery
Summary:
@skrul reports receiving multiple copies of notification emails since
@hunterbridges configured some bizarre dystopian email replication factory on
their outbound route. Two fixes:

  - Ensure "To" and "Cc" are unique. Email shouldn't be replicated for "To:
x@y.com, x@y.com" but it's silly that we do this.
  - Remove "To" addresses from "Cc". Email shouldn't be replicated here either,
but we don't really lose anything by accommodating this.

Test Plan:
Sent a mail to the same to/cc, verified I was to'd only and not cc'd when the
mail was delivered.

@hunterbridges, can you apply this patch locally and verify it fixes the issue?
You can test by going to MetaMTA -> Send New Message and sending a message to
yourself as both To and CC.

Reviewed By: skrul
Reviewers: skrul, hunterbridges, jungejason, tuomaspelkonen, aran
CC: aran, skrul, epriestley
Differential Revision: 751
2011-08-01 15:52:51 -07:00
epriestley
3ceb3d340b Use active project filter as default field value when creating new tasks
Summary: See T389. If you're looking at tasks in project X, default new tasks
into project X.
Test Plan:
  - Created a new task without associated projects.
  - Created a new task from a filter view with 1 and 2 projects; defaults were
filled in.
  - Submitted task with invalid title, projects were correctly preserved.

Reviewed By: skrul
Reviewers: skrul, hunterbridges, jungejason, tuomaspelkonen, aran
CC: aran, skrul, epriestley
Differential Revision: 757
2011-08-01 15:29:34 -07:00
epriestley
7baf7c774d Further simplify SearchAttachController
Summary: Try to break this apart a little better in preparation for D595. No
functional changes, just refactored the relatively large processRequest()
method.
Test Plan:
  - Attached and detached revisions from tasks.
  - Attached and detached tasks from revisions.
  - Merged tasks.

Reviewed By: jungejason
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran, jungejason
Differential Revision: 725
2011-08-01 15:28:00 -07:00
epriestley
9d3f33a7a6 Rough implementation of drag-and-drop file uploads
Summary:
This gets all the major pieces working. Allows you to drag-and-drop files in
Differential and Phriction, and embed files in remarkup with {Fxxx} references.
See also task.

I'm explicitly not documenting this yet since it's still pretty rough.

Test Plan: Dragged and dropped stuff into Differential and Phriction.
Reviewed By: jungejason
Reviewers: jungejason, tuomaspelkonen, aran, tomo
Commenters: tomo
CC: aran, tomo, jungejason
Differential Revision: 674
2011-08-01 15:27:13 -07:00
epriestley
35d03d36c7 Improve display behavior of commit messages in Diffusion
Summary:
See T372. Always render commit messages on one display line, so the table
doesn't jump around as they AJAX in on browse views.

The goal here is to have the cell choose a size naturally and for its content to
render with "overflow: hidden" if the natural size isn't large enough to contain
the content. "white-space: pre" or "white-space: nowrap" would prevent wrapping
but potentially make the table exceed the display width when a better behavior
is to hide some of the commit message.

Also use utf8-aware shortening, now that we have a function for it.

Casting a wide net in case anyone has a better way to do the CSS here. It's kind
of nasty that we have to use so many DOM nodes.

Test Plan:
  - Resized window while viewing browse and history views in Safari, Chrome and
Firefox. Table exhibited described behavior.
  - Verified summaries render sensibly and are properly truncated to 100
characters.

Reviewed By: aran
Reviewers: aran, jungejason, tuomaspelkonen, tomo, mroch, cpojer
CC: aran, epriestley
Differential Revision: 750
2011-07-31 12:05:06 -07:00
epriestley
1048669158 Provide a paste.create Conduit method
Summary:
  - Allow the console to handle abstract classes correctly.
  - Move paste dictionary generation to an abstract base class.
  - Add paste.create.
  - Add 'objectName', 'parentPHID', and 'content' to Paste info dictionaries
(you can use filePHID with file.download to get the content but I think just
always sending it back is reasonable).

Test Plan:
  - Use paste.create to create new pastes.
  - Used paste.info to get existing pastes.
  - Checked console UI to make sure "paste." didn't show up or anything
silly/dumb like that.
  - Tried to call the method "paste" and got the right exception.

Reviewed By: codeblock
Reviewers: codeblock, jungejason, tuomaspelkonen, aran
CC: aran, codeblock
Differential Revision: 747
2011-07-29 19:00:04 -07:00
epriestley
90cbf8459c Streamline Files interfaces
Summary:
  - There's no way you can figure out the ID of a file right now. Expose that
more prominently.
  - Put the drag-and-drop uploader on the main page so you don't have to click
through.
  - Restore the basic uploader so IE users can theoretically use the suite I
guess? Added author info to basic uploader.
  - Show author information in the table.
  - Show date information in the table.
  - Link file names.
  - Rename table for filter views.
  - When you upload one file, just jump to it. When you upload multiple files,
jump to your uploads and highlight them.
  - Add an "arc download" hint.

Test Plan: Uploaded single files, groups of files, and files via simple
uploader.
Reviewers: codeblock, jungejason, tuomaspelkonen, aran
Commenters: codeblock
CC: aran, codeblock, epriestley
Differential Revision: 746
2011-07-29 17:56:49 -07:00
epriestley
b70b9bb6d7 Be more explicit in rendering context links in Differential
Summary: See T368. The current rendering result can cause some confusion for the
first/last chunks, make their behavior more explicit.
Test Plan:
  - Clicked various "show more" links on a bunch of top/bottom/middle omitted
context blocks in a variety of diffs.
  - Located a @generated shielded file and verified the initial render is
correct when the entire file is default-hidden.

Reviewed By: avitaloliver
Reviewers: avitaloliver, jungejason, tuomaspelkonen, aran
CC: aran, avitaloliver
Differential Revision: 744
2011-07-29 17:23:36 -07:00
epriestley
eb23539141 Add a 'file.info' Conduit method
Summary:
Need this for 'arc upload' and 'arc download'.

Given a file PHID or ID, provides information about it.

Test Plan:
  - Implemented 'arc upload' and 'arc download' based on 'file.info'.
  - Used Conduit API console to test method.

Reviewed By: codeblock
Reviewers: codeblock, jungejason, tuomaspelkonen, aran
CC: aran, codeblock, epriestley
Differential Revision: 741
2011-07-29 11:41:16 -07:00
epriestley
ab0f09d115 Style tweaks for Conduit API console
Summary:
  - Use pretty JSON formatter for human-readable Conduit output
  - Fix some whitespace issues with format/layout.

Test Plan:
  - Looked at conduit console.
  - Looked at human-readable output of several calls.

Reviewed By: codeblock
Reviewers: codeblock, jungejason, tuomaspelkonen, aran
CC: aran, codeblock
Differential Revision: 740
2011-07-28 21:43:44 -07:00
epriestley
879431fb50 Improve GC performance for Herald Transcripts
Summary: This has to table scan a ginormous table right now, give it a fighting
chance with a more usable key.
Test Plan:
  - Launched GC daemon, no errors.
  - Used test console to create a new transcript.
  - Viewed some old transcripts.
  - Ran EXPLAIN on the SELECT and verified it was utilizing the garbageCollected
key.

Reviewed By: jungejason
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran, epriestley, jungejason
Differential Revision: 735
2011-07-28 18:50:54 -07:00
Evan Priestley
4efd36ccf5 Merge pull request #44 from hunterbridges/workflow-create
Modified create workflow to support rapid templated task creation, made T
2011-07-27 10:03:11 -07:00
hunterbridges
218856e8b8 Modified create workflow to support rapid templated task creation, made Task Edit repopulate user input array fields on error
Reviewers: epriestley
Test Plan: Create a new task in Maniphest, then click "Create Another Task Like This"

Differential Revision: 734
2011-07-27 11:56:55 -05:00
epriestley
ede78b2ccc Improve Diffusion behavior for SVN file moves
Summary:
We just weren't handling these at all reasonably, must have dropped the logic
when they got ported.

This still isn't perfect: we have some display glitches around file names, so
the 'away' part renders as "This file was moved to .". I'll see if I can follow
up and fix that, but this resolves the more immediate issue of the interface
just not working at all.

Test Plan: Moved and copied files in my test repository, verified they rendered
somewhat correctly.
Reviewed By: jungejason
Reviewers: tuomaspelkonen, jungejason, aran
CC: aran, jungejason, epriestley
Differential Revision: 699
2011-07-26 17:52:38 -07:00
Jason Ge
4dc6552af9 Restore "author" link to diffusion
Summary: create the page by getting data from the search result.
Test Plan:
load page with url /author/, /author/valid_username, and
/uathor/invalid_username, and verified that it works as expected.

Reviewed By: epriestley
Reviewers: epriestley, tuomaspelkonen
Commenters: tuomaspelkonen
CC: hwang, aran, tuomaspelkonen, epriestley, jungejason
Differential Revision: 723
2011-07-26 12:02:50 -07:00
epriestley
9d94ea9fdf Restore user edit controller, remove profile edit controller
Summary:
I took the wrong route out of the URI map in
rP0de2e03cc245723fd64f410f5fe22ee65f05f568.

The removed route was user account editing/creation.

The intended route was profile editing (now in Settings).

Test Plan:
  - Clicked "Create New Account", got account create interface instead of 404.
  - Went to /profile/edit/, got 404 instead of class-not-found exception.

Reviewed By: moskov
Reviewers: moskov, jungejason, tuomaspelkonen, aran
CC: aran, moskov
Differential Revision: 731
2011-07-25 20:37:00 -07:00
hunterbridges
aeae33b7d6 Key Value Store for ManiphestTask
Test Plan: Look at a task detail. Some dummy attributes are automatically added in ManiphestTaskDetailController.
Reviewed By: epriestley

Differential Revision: 730
2011-07-25 19:11:55 -07:00
tuomaspelkonen
e00fae8436 Files can be set not to use 'ignore-all' by default.
Summary:
Python people don't seem to like the 'ignore-all' as default. Provide a way
to configure which file types should not use 'ignore-all'.

Test Plan:
Tested that it worked with bunch of Python of files and non-python
files. Cache was disabled during the test.

Reviewed By: jungejason
Reviewers: epriestley, jungejason
Commenters: epriestley
CC: aran, jungejason, epriestley
Differential Revision: 713
2011-07-25 10:46:40 -07:00
epriestley
29e3a7dae3 Slightly simplify SearchAttach controller
Summary:
I want clean this up enough that I can land D595 without making a complete mess,
here's a small simplification.

Move object load logic into PhabricatorObjectHandleData.

Test Plan: Attached tasks and revisions, merged tasks.
Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: aran
Differential Revision: 724
2011-07-25 09:57:53 -07:00
epriestley
0de2e03cc2 Unify profile and avatar images, move profile editing into settings
Summary: See T266. Combine these interfaces into one and move it to settings.

Test Plan: Edited my profile and account.

Reviewers: codeblock, tcook, jungejason, tuomaspelkonen, aran

CC:

Differential Revision: 722
2011-07-25 09:57:51 -07:00
epriestley
8d26399cfd Remove unused EXPECTED_SCHEMA_VERSION constant
Summary: This didn't end up getting used but I neglected to delete it.
Test Plan: git grep
Reviewed By: jungejason
Reviewers: tuomaspelkonen, jungejason, aran
CC: aran, jungejason
Differential Revision: 721
2011-07-24 18:16:39 -07:00
epriestley
eacd0f5370 Allow Maniphest task status to be changed on the "Edit Task" interface
Summary: We omit a 'status' dropdown when creating a new task since it's silly
to create a non-open task and would just clutter the interface, but there's no
reason not to allow status to be edited on the "Edit" interface.
Test Plan: Created a new task (no status dropdown). Edited a task, including
changing the task status.
Reviewed By: jungejason
Reviewers: toulouse, jungejason, tuomaspelkonen, aran
CC: aran, jungejason
Differential Revision: 720
2011-07-24 18:10:55 -07:00
epriestley
26bca41828 Improve setup process to detect 'open_basedir', 'date.timezone' and 'safe_mode'
problems

Summary: Detect more PHP misconfigurations in setup.
Test Plan: Broke my configuration, ran setup, it seemed to detect all the
problems and issue meaningful error messages.
Reviewed By: jungejason
Reviewers: hunterbridges, 10098, jungejason, tuomaspelkonen, aran
CC: aran, jungejason
Differential Revision: 717
2011-07-24 18:10:48 -07:00
epriestley
da8beefa6c Use AphrontFormLayoutView, not AphrontFormView, for GitHub 'Repository'
interface

Summary:
See T58. When I originally wrote this interface you couldn't make a form that
looked like a form but wasn't really a form, so I made it a real form. That
meant you could hit "return" in the text input and submit the form, which didn't
do anything but is vaguely silly.

After D422 there's a layout-only form element, so switch to that.

Test Plan: Loaded the tab, hit return in the textarea, it didn't do a form
submit.
Reviewed By: jungejason
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran, jungejason, epriestley
Differential Revision: 719
2011-07-24 18:10:40 -07:00
epriestley
6e08a9215d Move "Preferences" to "Settings"
Summary:
It makes more sense to just make this a settings panel rather than a standalone
app, particularly since setting panels are relatively well separated now.

Also default-disabled the SSH Keys interface since it won't currently be useful
for most installs.

Test Plan: Edited preferences.
Reviewed By: jungejason
Reviewers: tuomaspelkonen, jungejason, aran
CC: aran, jungejason
Differential Revision: 716
2011-07-24 12:25:43 -07:00
Hua Wang
2a894438ae Add a 'description' field to Phriction
Summary:
Add a new column to PhrictionContent called 'comment' or 'description' or
something
        Add an optional field to the Phriction document editing interface that
allows you to add a comment

Test Plan:
Run the sql patch to modify phriction_content table
           Create a new wiki page in Phriction
           Type in words in description field and save the page
           Visit this page and click "Edit Page" button
           The content in the desciption field is saved

Reviewed By: epriestley
Reviewers: epriestley, hsb, codeblock
Commenters: codeblock
CC: aran, codeblock, hwang, epriestley
Differential Revision: 709
2011-07-23 21:11:42 -07:00
epriestley
8df62d5352 Allow users to associate SSH Public Keys with their accounts
Summary:
With the sshd-vcs thing I hacked together, this will enable Phabricator to host
repositories without requiring users to have SSH accounts.

I also fixed "subporjects" and added an explicit ENGINE to it.

Test Plan: Created, edited and deleted public keys. Attempted to add the same
public key twice. Attempted to add invalid and unnamed public keys.
Reviewed By: aran
Reviewers: jungejason, tuomaspelkonen, aran, cadamo, codeblock
CC: aran, epriestley
Differential Revision: 711
2011-07-23 09:15:20 -07:00
epriestley
ffae7b19e6 Slightly loosen the mention regexp to allow for "Go ask @tomo."
Summary: Currently, we incorrectly flag these under the "@lists.com" rule.
Test Plan:
https://secure.phabricator.com/file/view/PHID-FILE-887c2bc66eb9d47d02f4/
Reviewed By: tomo
Reviewers: tomo
CC: aran, epriestley, tomo
Differential Revision: 708
2011-07-23 09:07:36 -07:00
epriestley
ef89340aa9 Update roadmap document. 2011-07-22 10:38:34 -07:00
epriestley
c6557d3363 Allow administrative editing of project resources
Summary:
Currently, you can only edit your own affiliation to projects. Enable users to
be managed in a more reasonable batched way.

I'll lock this down to admins/owners and add a transaction log at some point.

Test Plan: Edited project affiliations. Verified Herald still works.
Reviewed By: jungejason
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran, jungejason
Differential Revision: 677
2011-07-21 16:46:28 -07:00
epriestley
2b7210260f Allow Phabricator storage engines to be extended and configured
Summary:
See T344. Currently, there's a hard-coded 12MB filesize limit and some awkward
interactions with MySQL's max_allowed_packet. Make this system generally more
robust:

  - Move the upload limit to configuration.
  - Add setup steps which reconcile max_allowed_packet vs MySQL file storage
limits.
  - Add a layer of indirection between uploading files and storage engines.
  - Allow the definition of new storage engines.
  - Define a local disk storage engine.
  - Add a "storage engine selector" class which manages choosing which storage
engines to put files in.
  - Document storage engines.
  - Document file storage classes.

Test Plan:
Setup mode:

  - Disabled MySQL storage engine, misconfigured it, configured it correctly.
  - Disabled file storage engine, set it to something invalid, set it to
something valid.
  - Verified max_allowed_packet is read correctly.

Application mode:

  - Configured local file storage.
  - Uploaded large and small files.
  - Verified larger files were written to local storage.
  - Verified smaller files were written to MySQL blob storage.

Documentation:

  - Read documentation.

Reviewed By: jungejason
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran, epriestley, jungejason
Differential Revision: 695
2011-07-21 16:44:24 -07:00
epriestley
7b40c616d6 Refactor user settings
Summary:
I want to do two things here:

  - Add SSH Keys
  - Move "Preferences" into this panel

But this controller was pretty gigantic and messy. Split it apart and use
delegation instead.

There are no functional changes. I changed some of the conduit certificate text
to simplify it since no one should need to go through that workflow anymore,
given the existence of "arc install-certificate".

Test Plan:
  - Edited realname, including attempting to remove it.
  - Edited profile picture.
  - Edited timezone.
  - Edited email, including attempting to remove it.
  - Regenerated condiut certificate.
  - Linked and unlinked an OAuth account.

Reviewed By: jungejason
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran, jungejason
Differential Revision: 688
2011-07-21 16:42:14 -07:00
epriestley
1bf8180d65 Add user documentation for managing large changesets
Summary: See task and P91, this just adapts my Discussion post to be more
general. I'll follow up by linking to it from the Arcanist error message.
Test Plan: Read the document.
Reviewed By: jungejason
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran, jungejason
Differential Revision: 701
2011-07-21 16:36:58 -07:00
Ricky Elrod
caa5b050b1 Fix header display bug on forked pastes.
Summary:
You can only call setHeader() on a Panel once. Otherwise the last sticks. Move the "forks of this paste" stuff to its own panel (only shown if there are, indeed, forks), and make the columns look nicer.

Test Plan:
Viewed previously forked pastes, forked a paste and looked at the original, and looked at a non-forked paste. All looked sane.

Reviewers:
epriestley

CC:

Differential Revision: 700
2011-07-21 11:22:56 -04:00
epriestley
3eafe9e3bb Fix Diffusion rendering of SVN files which did not change
Summary:
Share code with the new PhabricatorDifferenceEngine, which handles diffs with no
changes correctly.

(This isn't the same issue as file moves, but I ran into it while generating a
repro case.)

Test Plan: Previously, changes which didn't change file content (e.g., property
changes) would throw. Now they work.
Reviewed By: tuomaspelkonen
Reviewers: tuomaspelkonen, jungejason, aran
CC: aran, epriestley, tuomaspelkonen
Differential Revision: 698
2011-07-20 11:54:33 -07:00
epriestley
ed5c46681d Allow SVN repositories to import subdirectories instead of the entire repository
Summary:
See T325. While this is a touch hacky it ends up being fairly clean, and we can
now do initial imports much more quickly and this actually cleaned up some of
the code. I also made the repository edit interface a little less foreboding.

@tuomaspelkonen, did you get anywhere with that bug you were chasing down a
couple days ago? We can hold this if it throws a wrench into stuff you're
working on.

Test Plan:
  - Imported a subdirectory of a midsized SVN project (jQuery UI).
  - Commit discovery for ~3500/4500 commits took just a few seconds.
  - Commit discovery correctly ignored commits which didn't affect this
directory.
  - Commit discovery correctly stopped at commit 13.
  - Browse interface shows an incomplete listing, but that's fine, and
everything is otherwise functionally correct. We can add a note or something
later ("this is a view of commits affecting a subdirectory, some paths aren't
available"), but this behavior probably won't be too startling to users.
  - Edited Git and SVN repositories to test form logic.

Reviewed By: jungejason
Reviewers: tuomaspelkonen, jungejason, aran, Girish
Commenters: tuomaspelkonen
CC: jcleveley, aran, jungejason, tuomaspelkonen
Differential Revision: 696
2011-07-20 10:56:02 -07:00
Cristian Adamo
8cca3079fc Add subprojects to a main project.
Summary:
Quite basic subproject attachment.

Test Plan:
Go to some proj
ect and add another as a subproject.
Play around the ui.

Reviewers:	epr
iestley
CC:
2011-07-19 15:50:15 -03:00
epriestley
87fa97e49a Require double brackets for Phriction links
Summary:
Single brackets are getting some troublesome false positives in Facebook's
install. Particularly, there's a weird convention at Facebook of tagging diffs
by putting stuff like "[perf]" or "[chat]" in the title, although this isn't
turned into structured data at any stage. When commits appear in Diffusion, we
currently link such ad-hoc tags to Phriction.

Wikipedia uses double-bracket sytnax, as do many other wikis, so this seems like
a reasonable burden to place on the lightweightness of the markup. The
alternative is selectively disabling Phriction markup in some interfaces, but
I'd rather allow integration in commit messages and just guard the syntax more
closely.

(I'm not providing any sort of migration plan since this landed less than a week
ago and I'm pretty confident no one has built a huge wiki yet, but I added a
CHANGELOG note.)

Test Plan: Edited a wiki document and added some links. Verified single brackets
were unlinked and double brackets were linked.
Reviewed By: jungejason
Reviewers: hsb, aran, jungejason, tuomaspelkonen
CC: aran, jungejason, epriestley
Differential Revision: 689
2011-07-18 09:18:42 -07:00
epriestley
c0ae2f6289 Show change diffs in Phriction
Summary:
This is really rough and needs work (particularly, there's some diff code I
really need to refactor since I sort-of-copy-pasted it) but basically
functional.

Show text changes between diffs and allow users to revert to earlier versions.

Differential's line-oriented diff style isn't ideal for large blocks of text but
I'm betting this is probably good enough in most cases. We can see how bad it is
in practice and then fix it if needbe.

I added a bunch of support for "description" but didn't add the feature in this
diff, I'll either follow up or task it out since it should be a pretty
straightforward change.

Test Plan: Looked at history for several Phriction documents, clicked "previous
change" / "next change", clicked revert buttons.
Reviewed By: hsb
Reviewers: hsb, codeblock, jungejason, tuomaspelkonen
CC: aran, hsb, epriestley
Differential Revision: 687
2011-07-18 08:46:45 -07:00
epriestley
6f388f97d9 Improve Phabricator behavior for fatal errors
Summary:
  - Exceptions on the rendering pathway currently go uncaught and result in a
blank page. Commonly, this is a bad require_celerity_resource() call. Although
we can't safely render a page if the rendering pathway is broken, we can show a
useful message.
  - When PHP exits because of a fatal error, there is an opportunity to run code
in the shutdown handler. This allows us to show messages at least some of the
time, e.g. "call to unknown function derp() in somefile.php at line 99"
  - flip dem tables

Test Plan: Added fatals ("derp();") and rendering exceptions
("require_celerity_resource('does-not-exist')") to a controller and verified
that the error handling behavior is now more useful.
Reviewed By: aran
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran, epriestley
Differential Revision: 680
2011-07-18 07:23:01 -07:00
Ricky Elrod
3ed0e84a63 Add an ID column to slowvote's list view.
Summary:
Add an ID column to slowvote's list view.

Test Plan:
Suddenly, an ID column was there. :D

Reviewed By: epriestley

Differential Revision: 686
2011-07-17 14:20:55 -07:00
epriestley
d2954dae40 Use Workflow, not Request, for Differential populate/show more requests
Summary: When a JX.Request fails, there's no default error handling. Rather than
write some kind of custom stuff, just use JX.Workflow so we get exception
dialogs. We have plans to enhance these anyway (see T302).
Test Plan: Changed the changeset view controller to throw exceptions. Verified I
got un-mysterious exception dialogs when a changeset failed because of an
exception in either initial rendering or after hitting "see more".
Reviewed By: tomo
Reviewers: jungejason, tuomaspelkonen, aran, tomo
CC: aran, epriestley, tomo
Differential Revision: 679
2011-07-16 19:15:54 -07:00
epriestley
5e00d00cf7 Show more information on revision views
Summary:
Show line count, arcanist project and base revision.

This adds a little clutter but I think we're still okay and I can play around
with it later.

Test Plan: Looked at a couple of revisions. I'm actually not 100% sure about the
SVN logic but maybe I will test that before committing.
Reviewed By: tomo
Reviewers: tomo, jungejason, tuomaspelkonen, aran
CC: aran, tomo
Differential Revision: 685
2011-07-16 18:54:13 -07:00
epriestley
4a3ebd9a68 Add a document preview to Phriction
Summary: Preview Phriction documents as they are edited, similar to how
Differential/Maniphest work.
Test Plan: Mashed my keyboard while editing a Phriction document.
Reviewed By: hsb
Reviewers: hsb, codeblock, jungejason, tuomaspelkonen, aran
CC: aran, hsb
Differential Revision: 684
2011-07-16 18:48:27 -07:00
epriestley
86783fcd07 Show child documents on Phriction pages
Summary: Pull the next couple levels of hierarchy and render them at the bottom
of the page. This might need some tweaking but it seems OK at first glance.
Test Plan:
https://secure.phabricator.com/file/info/PHID-FILE-ef0af5d4dc6dceaeb2e3/

Also reduced limit to 1 and verified the "more" behavior worked properly.

Reviewed By: hsb
Reviewers: hsb, codeblock, jungejason, tuomaspelkonen, aran
CC: aran, hsb
Differential Revision: 676
2011-07-15 20:51:58 -07:00
Ricky Elrod
95d6e0a3c4 Store parents of forked pastes, and list child pastes if there are any.
Summary:
Added a 'parent' field which stores a PHID of another paste. If it is not NULL show a list of children pastes on view.
Also did some misc. refactoring to clean up the code a bit, specifically in the Create controller.

Test Plan:
- Checked old pastes, they were not affected.
- Added a paste, successfully.
- Forked it, successfully.
- Went to the original paste, saw the child paste listed.
- Forked it again, saw the new one added to the list.

Reviewers:
epriestley

CC:

Differential Revision: 672
2011-07-15 18:42:08 -04:00
epriestley
ffb69c3c97 Add a cancel button to Phriction's edit interface
Summary: So you don't have to edit if you don't want to.
Test Plan: Hit "cancel" on an edit of an existing page and an edit of a new
page.
Reviewed By: codeblock
Reviewers: hsb, codeblock, jungejason, tuomaspelkonen, aran
CC: aran, codeblock
Differential Revision: 675
2011-07-15 15:00:18 -07:00
epriestley
b1c42f4893 Simplify CC handling in Maniphest
Summary: This fixes a bug where doing an "Add CC" on a task you were not CC'd on
would remove all the CCs except yourself. It also simplifies the CC handling
code a lot.
Test Plan:
  - Added myself and another user to a task neither of us were CC'd on (old
behavior: added both then removed them; new behavior: added both)
  - Added a user to CC with @mentions.
  - Made a comment on a task I wasn't CC'd on (I was CC'd).
  - Closed a task I wasn't assigned or CC'd on (I was not CC'd, but was
assigned).
  - Made an "Add CC" with new CCs and comment text (ccs added, text appeared).
  - Made an "Add CC" with no CCs and comment text (text appeared, transaction
correctly downgraded to "comment").
  - Made an "Add CC" with exsiting CCs and comment text (text appeared,
transaction correctly downgraded to "comment").

Reviewed By: jungejason
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran, jungejason
Differential Revision: 668
2011-07-14 15:49:10 -07:00
epriestley
15ef2fced0 Fix conservative CSRF token cycling limit
Summary:
We currently cycle CSRF tokens every hour and check for the last two valid ones.
This means that a form could go stale in as little as an hour, and is certainly
stale after two.

When a stale form is submitted, you basically get a terrible heisen-state where
some of your data might persist if you're lucky but more likely it all just
vanishes. The .js file below outlines some more details.

This is a pretty terrible UX and we don't need to be as conservative about CSRF
validation as we're being. Remedy this problem by:

  - Accepting the last 6 CSRF tokens instead of the last 1 (i.e., pages are
valid for at least 6 hours, and for as long as 7).
  - Using JS to refresh the CSRF token every 55 minutes (i.e., pages connected
to the internet are valid indefinitely).
  - Showing the user an explicit message about what went wrong when CSRF
validation fails so the experience is less bewildering.

They should now only be able to submit with a bad CSRF token if:

  - They load a page, disconnect from the internet for 7 hours, reconnect, and
submit the form within 55 minutes; or
  - They are actually the victim of a CSRF attack.

We could eventually fix the first one by tracking reconnects, which might be
"free" once the notification server gets built. It will probably never be an
issue in practice.

Test Plan:
  - Reduced CSRF cycle frequency to 2 seconds, submitted a form after 15
seconds, got the CSRF exception.
  - Reduced csrf-refresh cycle frequency to 3 seconds, submitted a form after 15
seconds, got a clean form post.
  - Added debugging code the the csrf refresh to make sure it was doing sensible
things (pulling different tokens, finding all the inputs).

Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: aran, epriestley
Differential Revision: 660
2011-07-14 08:09:40 -07:00
Ricky Elrod
314d84eae6 Conduit method for slowvote.poll.info.
Summary:
Provides a slowvote.poll.info method.

Test Plan:
Web console - seemed to work fine.

Reviewers:
epriestley, phuzion

CC:

Differential Revision: 659
2011-07-13 20:00:50 -04:00
epriestley
0c49b39658 Allow Phriction document history to be viewed
Summary: Simple access to document history.
Test Plan: Looked at document history.
Reviewed By: codeblock
Reviewers: hsb, codeblock, jungejason, tuomaspelkonen, aran
Commenters: hsb
CC: aran, codeblock, hsb
Differential Revision: 658
2011-07-12 19:09:25 -07:00
epriestley
87436ff8a3 Fix various darkconsole warnings. 2011-07-12 18:04:15 -07:00
epriestley
f761ee91d3 Publish Phriction edits to feed
Summary: Basic integration between Phriction and feed.
Test Plan: Created and edited some documents, they published to feed.
Reviewed By: hsb
Reviewers: hsb, codeblock, jungejason, tuomaspelkonen, aran
CC: aran, hsb
Differential Revision: 653
2011-07-12 16:36:17 -07:00
Blazej Osinski
3771f63441 Linking the unixname in Phabricator's blame view to the employee's profile.
Test Plan:
Visit page
http://phabricator.devXXXX.snc6.facebook.com/diffusion/E/browse/tfb/trunk/www/hphp_files.mk?view=blame
and verify that unixnames are hyperlinks leading to emplyees' profiles.

Task: T297

Reviewed By: tuomaspelkonen
Reviewers: tuomaspelkonen, epriestley
Commenters: epriestley
CC: aran, blazej0, epriestley, tuomaspelkonen
Differential Revision: 622
2011-07-12 14:28:45 -07:00
epriestley
73b0468f72 Add hierarchical breadcrumbs to Phriction
Summary: Show ancestor pages when viewing a page in Phriction.
Test Plan:
https://secure.phabricator.com/file/view/PHID-FILE-042368dbadaa8ab826ec/
Reviewed By: hsb
Reviewers: hsb, codeblock, jungejason, tuomaspelkonen, aran
Commenters: aran
CC: aran, hsb, epriestley
Differential Revision: 654
2011-07-12 14:05:42 -07:00
epriestley
4c44c44964 Add Phriction to the main nav menu
Summary:
A few minor things:

  - Add Phriction to the homepage.
  - Link to remarkup reference on the edit screen.
  - Add a help tab with a super basic help document.

Test Plan: Cursory inspection.
Reviewed By: codeblock
Reviewers: hsb, codeblock, jungejason, tuomaspelkonen, aran
CC: aran, epriestley, codeblock
Differential Revision: 655
2011-07-12 09:26:51 -07:00
epriestley
7d152def3e Basic remarkup integration for Phriction
Summary: Document linking and some general layout improvements. I'd like to
eventually do more meta-dataey things with links (like store them separately and
check them for 404s) but this is a decent start.
Test Plan:
https://secure.phabricator.com/file/view/PHID-FILE-d756b94a06b69c273fce/
Reviewed By: jungejason
Reviewers: hsb, codeblock, jungejason, tuomaspelkonen, aran
CC: aran, jungejason, epriestley
Differential Revision: 650
2011-07-12 06:58:47 -07:00
epriestley
349a8c60e8 Phriction handles and search
Summary: Index Phriction documents in search, and allow
PhabricatorObjectHandleData to load them.
Test Plan: Searched for "pokemons", got my wiki page as a search result.
Reviewed By: hsb
Reviewers: hsb, codeblock, jungejason, tuomaspelkonen, aran
CC: aran, hsb
Differential Revision: 648
2011-07-11 18:39:11 -07:00
epriestley
a49138defd Generalize the markup engine factory
Summary:
This thing services every app but it lives inside Differential right now. Pull
it out, and separate the factory interfaces per-application.

This will let us accommodate changes we need to make for Phriction to support
wiki linking.

Test Plan: Tested remarkup in differential, diffusion, maniphest, people,
slowvote.
Reviewed By: hsb
Reviewers: hsb, codeblock, jungejason, tuomaspelkonen, aran
CC: aran, hsb
Differential Revision: 646
2011-07-11 16:36:30 -07:00
epriestley
6bdbf3c8c2 Basic Phriction list view
Summary: Pretty much ripped from D636, but somewhat simplified. Lists all the
documents in the system.
Test Plan: Looked at both of the views, seems to work correctly.
Reviewed By: hsb
Reviewers: hsb, codeblock, jungejason, tuomaspelkonen, aran
CC: aran, hsb, epriestley
Differential Revision: 645
2011-07-11 16:03:38 -07:00
epriestley
7c21068c9f Very basic Phriction history view
Summary: Provide a (mostly useless, currently) table of document edits.
Test Plan: Looked at document history for several of my high-quality sandbox
wiki pages.
Reviewed By: hsb
Reviewers: hsb, codeblock, jungejason, aran, tuomaspelkonen
CC: aran, hsb
Differential Revision: 644
2011-07-11 15:40:40 -07:00
epriestley
5704b2bc70 Basic edit/create workflow for Phriction
Summary:
This is another chunk of D636, I just simplified it a bit and added slugs.

When you go to a page like /w/pokemon/, it allows you to create or edit the
page.

Title vs slug stuff is a little funky but I think mostly-reasonable.

Test Plan: Created and edited /w/, /w/pokemon/, etc.
Reviewed By: hsb
Reviewers: hsb, codeblock, jungejason, aran, tuomaspelkonen
CC: aran, hsb
Differential Revision: 643
2011-07-11 14:47:33 -07:00
epriestley
a20e46b061 Provide a public view of feed
Summary: Depends on D628. Provides a config option so you can set up a public
feed, which you can iframe. This needs some work but sort of works.
Test Plan: Loaded the public feed as a logged-out user.
Reviewed By: codeblock
Reviewers: jungejason, tuomaspelkonen, aran, codeblock
CC: aran, codeblock
Differential Revision: 635
2011-07-11 12:51:59 -07:00
epriestley
c33eecf438 Improve DarkConsole "Services" and "XHProf" plugins
Summary:

  - Services: Show summary panel of total service call costs and relative page weight.
  - Services: Add "Analyze Query Plans" button, which issues EXPLAIN for each query and flags problems.
  - XHPRof: iframe the profile.

Test Plan: Used the new query plan analysis to find missing keys causing table scans, see D627.

Reviewers: jungejason, tuomaspelkonen, aran

CC:

Differential Revision: 628
2011-07-11 12:51:58 -07:00
epriestley
f95913ec47 Phriction basics
Summary:
Basically a copy/paste of parts of D636, but with two changes:

  - Fully separate the index table ("document") from the content table
("content"). I think this will be a cleaner solution in the long run.
  - Build slugs into the document structure.

This doesn't do anything useful, it just normalizes slugs and lays some
groundwork.

Test Plan:
  - Visited various /w/ pages and saw them normalize correctly.
  - Verified the DAO works by inserting dummy rows.

Reviewed By: codeblock
Reviewers: hsb, codeblock, jungejason, aran, tuomaspelkonen
CC: aran, codeblock, epriestley
Differential Revision: 638
2011-07-11 11:42:50 -07:00
epriestley
467308dd12 Script to selectively convert MyISAM tables to InnoDB
Summary:
A bunch of the .sql patch files don't explicitly specify the table engine, but
we should always use InnoDB with the exception of one table which needs MyISAM
for FULLTEXT.

MySQL doesn't no-op an ALTER TABLE statment that changes the engine back to
itself and converting large tables can be time consuming, so convert only the
required tables.

Test Plan: Ran on secure.phabricator.com and my local box, it fixed all the
issues in about 3 seconds on secure.phabricator.com and <<1 second on my local.
Reviewed By: codeblock
Reviewers: codeblock, tuomaspelkonen, jungejason, aran
CC: aran, epriestley, codeblock
Differential Revision: 641
2011-07-11 11:42:28 -07:00
mgummelt
36e00db564 bug due to using $fields instead of $this->fields
Summary: see title

Test Plan: ran "arc amend" to ensure that task ids where being included in the commit message

Reviewers: epriestley

CC: dpepper

Differential Revision: 637
2011-07-10 20:26:56 -07:00
epriestley
f55c082e65 Publish Differential stories into feed
Summary: Basic hookup for Differential -> Feed. Also introduces "one-line"
stories for less-important stuff.
Test Plan: Interacted with some revisions, got feed stories out of it.
Reviewed By: jungejason
Reviewers: jungejason, aran, tuomaspelkonen, codeblock
CC: aran, jungejason
Differential Revision: 632
2011-07-09 17:39:17 -07:00
epriestley
4452239d61 Make maniphest add CCs when users are @mentioned
Summary:
We don't currently add CCs, but should (similar to how Differential works).

This also fixes some problems where you can get no-op CC transactions, and makes
mentions a little less aggressively colored.

Test Plan: Applied a bunch of CC/mention transactions to tasks and observed the
behavior.
Reviewed By: jungejason
Reviewers: jungejason, tuomaspelkonen, aran, codeblock
CC: aran, jungejason
Differential Revision: 634
2011-07-09 16:54:59 -07:00
Jason Ge
30733ca575 Fix searching for commits
Summary:
fix two issues. First is that the field in the query is not
correct; the other is to make indexing handle deleted repository.

Test Plan: indexed some commits and the search result looks correct.
Reviewed By: epriestley
Reviewers: epriestley, tuomaspelkonen
CC: aran, epriestley
Differential Revision: 633
2011-07-09 16:25:25 -07:00
epriestley
d665268074 Improve feed stories with "style", and build basic status update stories.
Summary: Straightfoward iteration on feed.
Test Plan:
https://secure.phabricator.com/file/view/PHID-FILE-d07077119dc834e76618/
Reviewed By: codeblock
Reviewers: jungejason, aran, tuomaspelkonen, codeblock
CC: aran, codeblock, epriestley
Differential Revision: 631
2011-07-09 13:53:49 -07:00
epriestley
f8c541b819 Refactor SlowvoteList controller
Summary: No change in functionality, just splitting this method up a bit
Test Plan: Loaded list and looked at all three views.
Reviewed By: jungejason
Reviewers: jungejason, codeblock, aran, tuomaspelkonen
CC: aran, jungejason
Differential Revision: 618
2011-07-09 11:08:14 -07:00
epriestley
84c7ba24c3 Render slowvote respondents as a facepile instead of smushed-together names
Summary: Make this more usable. Also fix a bug where $choices got overriden by a
loop variable.
Test Plan: Looked at a vote with multiple respondents.
Reviewed By: jungejason
Reviewers: tuomaspelkonen, jungejason, aran, codeblock
CC: aran, jungejason
Differential Revision: 629
2011-07-09 10:55:09 -07:00
Evan Priestley
227d75c38c Merge pull request #35 from CodeBlock/master
D623
2011-07-08 23:44:32 -07:00
epriestley
1236275b5f Document the N+1 problem and DarkConsole 2011-07-08 23:42:48 -07:00
epriestley
5264949b7b derp 2011-07-08 23:42:48 -07:00
epriestley
7005cac32a Explicitly test for reply-to support before using the public reply-to address
Summary: We need to perform an explicit test for public reply support.
Previously, the existence of a valid result here was a sufficient implicit test
for public reply support, but it no longer is.
Test Plan: With an unmodified configuration, sent email. It generated with the
correct reply-to (me). Restored my original configuration and sent an email, it
generated with the correct (routed) reply-to.
Reviewed By: codeblock
Reviewers: codeblock
CC: aran, codeblock
Differential Revision: 626
2011-07-08 23:27:49 -07:00
epriestley
e1209be057 Remove PhabricatorPHIDAllocateController
Summary:
This is not very useful and not exposed on the web UI. It's also the only caller
for PhabricatorPHIDConstants::getTypes().

I originally wrote this to test PHID allocation when I built the PHID system but
it's no longer really useful in any way.

phid.allocate might be useful to expose over Conduit eventually but the
implementation is trivial.

Test Plan: Grepped for controller and method names, came up empty.
Reviewed By: codeblock
Reviewers: jungejason, tuomaspelkonen, aran, codeblock
CC: aran, codeblock
Differential Revision: 625
2011-07-08 23:13:18 -07:00
Ricky Elrod
3164e4b521 sendmail is in /usr/sbin/ on RHEL.
Summary:
If we're going to hardcode a path, at least let's do it in a way that works on RHEL too.

Test Plan:
Successfully ran the setup script on RHEL.

Reviewers:
epriestley

CC:

Differential Revision: 623
2011-07-08 21:03:32 -04:00
epriestley
1183f5cef7 Refactor Slowvote poll controller
Summary: No change in functionality, just split up this megamethod
Test Plan: Looked at several votes.
Reviewed By: jungejason
Reviewers: jungejason, codeblock, aran, tuomaspelkonen
CC: aran, jungejason
Differential Revision: 619
2011-07-08 17:34:33 -07:00
epriestley
51c2726a34 Add Differential parse cache to the GC daemon
Summary:
Add the differential parse cache to the GC. This is the largest object in the
system by a wide margin, I think.

This table is potentially gigantic which is why the script truncates it before
doing a schema change.

Test Plan: Ran the GC daemon, it cleaned up some parse caches.
Reviewed By: jungejason
Reviewers: tuomaspelkonen, jungejason, aran
Commenters: tuomaspelkonen
CC: aran, jungejason, tuomaspelkonen, epriestley
Differential Revision: 620
2011-07-08 17:31:25 -07:00
Ricky Elrod
b8e7e06819 Show language of pastes in the list view.
Summary:
Show language of pastes in the list view.

Test Plan:
Saw language of pastes in the list view.

Reviewers:
epriestley

CC:

Differential Revision: 617
2011-07-08 13:55:28 -07:00
Ricky Elrod
3d85d6a81d Add language to paste.info, and show it in Pxxx responses from phabot.
Summary:
Now that we store language with pastes, we can include this in Conduit.

Test Plan:
Tried it on a paste with a blank language, and one with a specified language.
    16:14:50 <@CodeBlock> P1
    16:14:51 <@codeblock-phabot> P1: http://phabricator.local/P1 - test.php
    16:15:05 <@CodeBlock> P43
    16:15:06 <@codeblock-phabot> P43: http://phabricator.local/P43 - sadoijfoisaf (php)

Reviewers:
epriestley, Ttech

CC:

Differential Revision: 616
2011-07-08 13:55:22 -07:00
epriestley
395ccf8a51 Update celerity map. 2011-07-08 13:28:59 -07:00
epriestley
c9acc5b8e9 Allow comment panel to be stuck/unstuck to the bottom of the display
Summary:
See T303. Enable comment panel haunting.

I hid the preview for the sticky panel, which I think is reasonable?

Test Plan:
https://secure.phabricator.com/file/view/PHID-FILE-64713fa8a7c2a22e5b93/
Reviewed By: broofa
Reviewers: broofa, jungejason, aran, tomo, tuomaspelkonen
CC: aran, broofa
Differential Revision: 615
2011-07-08 13:24:20 -07:00
epriestley
57097c2874 Port the "Slowvote" application
Summary: Port slowvote. This has some style/layout roughness but gets us most of
the way there. I'll followup to fix some of the markup issues.
Test Plan: Created and voted in several different kinds of poll.
Reviewed By: codeblock
Reviewers: codeblock, tomo, jungejason, aran, tuomaspelkonen
Commenters: aran, jungejason
CC: aran, codeblock, jungejason, epriestley
Differential Revision: 613
2011-07-08 12:38:53 -07:00
epriestley
cce786a89f Prevent mentions from matching "derp@derp"
Summary: See task / comment.
Test Plan:
https://secure.phabricator.com/file/view/PHID-FILE-f337d112ffe053fdea7d/
Reviewed By: tomo
Reviewers: mroch, tomo
CC: aran, tomo
Differential Revision: 614
2011-07-08 12:32:03 -07:00
Evan Priestley
61f2ba5c47 Merge pull request #32 from CodeBlock/420235f9c4e1a25d6afb1e6eed2896307be8d09e
D612
2011-07-08 12:27:53 -07:00
Ricky Elrod
420235f9c4 Drag-drop file upload.
Summary:
- have files be uploaded by drag+drop instead of browse.
- Files are named by their uploaded filename, the user isn't given a chance to enter a file name. Is this bad?
- Store author PHID now with files
- Allow an ?author=<username> to limit the /files/ list by author.
- If one file is uploaded, the user is taken to its info page.
- If several are uploaded, they are taken to a list of their files.

Test Plan:
- Quickly tested everything and it still worked, I'd recommend some people try this out before it gets committed though. It's a rather huge revision.

Reviewers:
epriestley, Ttech

CC:

Differential Revision: 612
2011-07-08 15:20:57 -04:00
epriestley
8871282037 Linebreak stacktraces in exception messages
Summary: This is a very small step toward making these good, but a concrete
reduction in clowniness.
Test Plan: Rigged an exception and got a more readable trace.
Reviewed By: aran
Reviewers: aran
CC: aran
Differential Revision: 607
2011-07-08 07:24:50 -07:00
epriestley
90e4e12e3d Update Celerity map. 2011-07-07 16:08:43 -07:00
epriestley
a3e676b9d4 Remedy a fatal-flavored oversight. 2011-07-07 16:06:27 -07:00
epriestley
30dbdf322d Show open tasks on project pages
Summary: This is pretty basic but gets us most of the way there I think. Could
use some style tweaks at some point.
Test Plan: Looked at a project page with open tasks, and one without open tasks.
Reviewed By: tuomaspelkonen
Reviewers: cadamo, aran, jungejason, tuomaspelkonen
CC: aran, tuomaspelkonen, epriestley
Differential Revision: 609
2011-07-07 15:54:45 -07:00
mgummelt
81e3ec5998 Merge branch 'master' of github.com:facebook/phabricator into new 2011-07-07 15:30:20 -07:00
epriestley
cef7664d47 Move Project list to use ManiphestTaskQuery
Summary: We decided to move away from driving everything through the search
engine since it doesn't scale terribly well, so use ManiphestTaskQuery instead.
Also link the open count and tweak some display stuff.
Test Plan: Looked at project list, clicked open tasks link
Reviewed By: tuomaspelkonen
Reviewers: cadamo, aran, jungejason, tuomaspelkonen
CC: aran, tuomaspelkonen
Differential Revision: 608
2011-07-07 15:27:19 -07:00
epriestley
62532ef26d Fix Herald to accept new JSON encoding of sparse arrays
Summary: JX.JSON was recently changed to use JSON.stringify (the native
implementation) if it is available. The native implementation has a behavioral
difference from the Javelin implementation, in that it does not compact sparse
arrays. Ignore nulls resulting from removals when processing the encoded action
and condition lists.
Test Plan: Removed conditions from Herald rules.
Reviewed By: aran
Reviewers: aran, cpojer, jungejason
CC: aran, epriestley
Differential Revision: 606
2011-07-07 15:27:12 -07:00
mgummelt
00f4c37ca2 Fixed bug resulting in duplicate field names in commit messages
Summary:
My earlier diff refactored some code without completely
respecting the semantics, sometimes resulting in duplicate field names
returned from differential.getcommitmessage.  This fixes that.

Test Plan:
ran "arc diff" with diff causing the bug (commit message
had an empty Revert Plan: field) and verified no duplicate fields

Reviewed By: epriestley
Reviewers: epriestley
CC: aran, dpepper, epriestley
Differential Revision: 610
2011-07-07 15:26:55 -07:00