1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-04 20:52:43 +01:00
Commit graph

821 commits

Author SHA1 Message Date
Chad Little
2386705873 Allow awarding Badges from the profile
Summary:
[WIP] Allows awarding a badge from a user profile. Unsure of the interactions here if a user can't award any badges, or if we should just hide this.

Fixes T10688
Fixes T10318

Test Plan: Award some badges. Steal them back.

Reviewers: lpriestley, epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T10318, T10688

Differential Revision: https://secure.phabricator.com/D15544
2016-03-31 20:39:06 +00:00
lkassianik
878b941309 Show "no badges" text in people profiles with archived badges only
Summary: Fixes T10670, for users with exclusively archived badges, user profile should show "no badges" message instead of blank box

Test Plan: Award badge to user with no badges, archive badge, user profile should show "no badges" message under badges.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin

Maniphest Tasks: T10670

Differential Revision: https://secure.phabricator.com/D15538
2016-03-28 11:40:06 -07:00
lkassianik
0330ea575d Converting badge recipients from Edge to BadgeAward table
Summary: Ref T8996, Convert badge recipients from Edges to actual BadgeAward objects

Test Plan: Create badge, award it to recipient. Make sure adding/removing recipients works. (Still need to migrate exisiting recipients to new table and need to create activity feed blurbs)

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: chad, Korvin

Maniphest Tasks: T8996

Differential Revision: https://secure.phabricator.com/D15014
2016-03-26 14:03:48 -07:00
epriestley
f07d0ae7c3 Make dates/times more concise in Diffusion
Summary: I think I like this better -- but maybe right-aligned?

Test Plan:
{F1180295}

{F1180296}

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D15495
2016-03-18 09:11:09 -07:00
epriestley
8e3ea4e034 Use new modular temporary auth token constants in one-time login and password reset flows
Summary:
Ref T10603. This converts existing hard-codes to modular constants.

Also removes one small piece of code duplication.

Test Plan:
  - Performed one-time logins.
  - Performed a password reset.
  - Verified temporary tokens were revoked properly.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10603

Differential Revision: https://secure.phabricator.com/D15476
2016-03-16 09:33:24 -07:00
Chad Little
1392872c5c Convert people manage page to two column
Summary: Ref T10545, this brings flags back? and converts the layout to two column w/curtain

Test Plan: View a few manage pages.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T10545

Differential Revision: https://secure.phabricator.com/D15449
2016-03-09 08:57:11 -08:00
Chad Little
fe7e288cf5 Solidify PHUITwoColumnView as a page layout
Summary:
Rolls out a new "Object Page" design with PHUITwoColumnView. This is reasonably polished, but wanted to post it up for you now for feedback before chasing down minor bugs. This implements TwoColumn in the following applications:

 - Ponder
 - Paste
 - Slowvote
 - Countdown
 - Projects
 - Profile
 - Passphrase

This helped track down display issues and inconsistencies and make sure the layout was flexible for different pages.

Test Plan:
Test each of the applications on mobile, tablet, and desktop breakpoints.

{F1135705}

{F1135706}

{F1135707}

{F1135708}

{F1135709}

{F1135710}

{F1135711}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15366
2016-03-01 07:23:08 -08:00
Chad Little
e9f4ca6ca3 Redesign PonderQuestionView
Summary: Full new UI, testing some upcoming treatments for consideration in other View controllers. Small tweaks to allow PHUITwoColumnView to have fixed and fluid width, and let TransactionCommentView go fullWidth.

Test Plan:
Tested a number of Ponder cases, New Question, with and without summary, with and without answers, with and without comments. Mobile, Tablet, and Desktop layouts. Verify Project and Profile UI's still in tact.

{F1120961}

{F1120962}

{F1120963}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15315
2016-02-23 17:20:07 -08:00
Chad Little
f5e2f9587c Add setHeader to PHUITwoColumnView for consistent page layouts
Summary: Working towards making PHUITwoColumnView into a page layout engine. Adds header support.

Test Plan: Use new header on Profile and Profiles. No visual changes, less duplicated code.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15292
2016-02-17 13:09:10 -08:00
Chad Little
12d8520059 Convert PHUIObjectBoxView to AphrontTagView
Summary: Attempting to clean PHUIObjectBoxView up a little as well as finally being able to `addClass` on the sucker. I'm running into some issue with `addTabs` though, which on Files isn't firing.

Test Plan: Bounce around tons of screens.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15291
2016-02-17 12:54:56 -08:00
Chad Little
c1f57605ab Normalize colors a bit better on Profiles/Projects, add Workboard backgrounds
Summary: Cleans up the backgrounds a little on Projects/Profiles and adds a number of colour choices for Workboards.

Test Plan:
Manually add each color for testing. Test new project / profile layouts with and without properties.

{F1109325}

{F1109326}

{F1109327}

{F1109328}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15269
2016-02-13 12:08:29 -08:00
Chad Little
6ae0a62f9f New People Hovercards
Summary: Mimics the Project Hovercards, more custom UI.

Test Plan: Hover over person with and without badges, hover over project.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15253
2016-02-11 15:41:55 -08:00
epriestley
7550557e44 Don't show archived projects by default in policy control
Summary:
When filling in filler projects, only select active ones.

Also use a slightly more modern method signature.

Test Plan: Disabled a project, saw it vanish from the control.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D15199
2016-02-06 12:41:58 -08:00
epriestley
42954bc5ac Fix bad rendering pathway on user profiles for viewers without Badges application
Summary: Fixes T10275. We'd fatal on `$flex` not being defined.

Test Plan: Uninstalled badges, viewed profile. Before: fatal; now: no badges element appears but profile renders properly.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10275

Differential Revision: https://secure.phabricator.com/D15182
2016-02-04 07:17:31 -08:00
Chad Little
2f0571923c Add project list to user profiles
Summary: Adds which Projects a user is a member of to their profile, with a link to more. Build fallback states for no badges or no projects.

Test Plan:
Review a user with projects, without projects, with badges, without badges.

{F1084127}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15150
2016-02-04 02:22:34 +00:00
Chad Little
6bb24e1d0c Move PhabricatorHovercard to PHUIHovercard
Summary: No UI changes, just some search and replace for UI consistency.

Test Plan: Test person and object hovercards still work. UIExamples too.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15172
2016-02-03 16:26:30 +00:00
epriestley
9d125b459e Use large text columns to store IP addresses
Summary: Fixes T10259. There was no real reason to do this `ip2long()` stuff in the first place -- it's very slightly smaller, but won't work with ipv6 and the savings are miniscule.

Test Plan:
  - Ran migration.
  - Viewed logs in web UI.
  - Pulled and pushed.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10259

Differential Revision: https://secure.phabricator.com/D15165
2016-02-02 10:13:14 -08:00
epriestley
18f34fab73 Always give users "fa-user" icons in tokenizers
Summary: Fixes T10247. The flavor icons are unhelpful/confusing in these contexts; show a boringer icon instead.

Test Plan: Used tokenizer to select user with custom profile icon. Reloaded page. Saw boringer icon in both cases.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10247

Differential Revision: https://secure.phabricator.com/D15154
2016-02-01 09:49:12 -08:00
epriestley
08e7b6f79f Fix object extraction from user profile blurbs
Summary: Fixes T10242. Currently, we don't extract files, mentions, etc., properly from user profile blurbs.

Test Plan: Uploaded a file to my profile blurb, saw it attach properly.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10242

Differential Revision: https://secure.phabricator.com/D15153
2016-02-01 09:46:45 -08:00
epriestley
354858e434 Disambiguate isEmpty()
Summary:
Fixes T10250.

Rename the one I added to `hasAnyProperties()` for clarity.

Test Plan:
  - Viewed a project profile with content.
  - Viewed a project profile with no properties.
  - Viewed a workboard with tasks that had a mixture of additional projects and no additional projects.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10250

Differential Revision: https://secure.phabricator.com/D15151
2016-01-31 15:20:04 -08:00
Chad Little
e2da571734 Add additional icons for User Profiles
Summary: Designer, Musician, Spy, Robot

Test Plan: Click Choose Icon, see that I am a designer.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15147
2016-01-31 20:09:06 +00:00
Chad Little
b8139e6946 Add basic fields back to Manage pages
Summary: It feels wierd to edit a project or profile and not see the changes. For now add them back to the Manage page.

Test Plan: Edit a Profile, Edit a Project. See updates on Manage page.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15140
2016-01-29 11:52:00 -08:00
Chad Little
5e639feab4 Minor tweaks to Profile/Project
Summary:
- Redirect to profileview when new image is uploaded.
- Add ProfileNav to EditPicture on Profile
- Add ProfileNav to EditProfile on Profile

Test Plan: Set new images on Profiles and Projects. See new redirect. See new navs.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15132
2016-01-28 22:45:19 +00:00
Chad Little
fe5cd4ca2c Move FontIcon calls to Icon
Summary: Normalizes all `setFontIcon` calls to `setIcon`.

Test Plan: UIExamples, Almanac, Apps list, etc.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, hach-que, yelirekim

Differential Revision: https://secure.phabricator.com/D15129
2016-01-28 08:48:45 -08:00
Chad Little
36158dbdc0 Convert all calls to 'IconFont' to just 'Icon'
Summary: Mostly for consistency, we're not using other forms of icons and this makes all classes that use an icon call it in the same way.

Test Plan: tested uiexamples, lots of other random pages.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15125
2016-01-27 20:59:27 -08:00
epriestley
c11c7f2900 Prevent "Manage" profile menu items from being hidden
Summary: Ref T10054. Prevent users from removing this item and locking themselves out of the system unless they can guess the URI.

Test Plan: Tried to disable "Manage", wasn't permitted to.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10054

Differential Revision: https://secure.phabricator.com/D15113
2016-01-25 06:43:03 -08:00
Chad Little
a9e2e6c5aa Update Profiles to look like Project UI
Summary: Updates People profiles to look more like Project profiles. This removes Conpherence and Flag links. Don't think you like Conpherence links much and for Flags maybe we can put them in the quick create menu?

Test Plan:
View profiles with and without Badges.

{F1069365}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15111
2016-01-24 17:42:57 -08:00
epriestley
8efaaa188f Move user editing/management actions to a separate "Manage" item, like projects
Summary: This improves consistency (by making this UI more similar to the projects UI) and gives us more flexibility the next time we update user profiles.

Test Plan:
{F1068889}

Took all the actions (probably?) to check that all the redirects were updated.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D15104
2016-01-24 10:01:31 -08:00
epriestley
06aa207960 Allow users to have profile icons
Summary: Ref T10054. This primarily improves aesthetics and consistency for member/wathcher lists in projects.

Test Plan:
{F1068873}

{F1068874}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10054

Differential Revision: https://secure.phabricator.com/D15103
2016-01-24 09:58:01 -08:00
epriestley
da5d01e542 Convert user profiles to Profile Panels
Summary:
Ref T10054. Primary goal is to be able to remove IconNav from the codebase.

I've made these non-editable so users can't customize them yet. We //might// want administrators to customize these globally instead? In any case, we avoid a bunch of product questions by just locking these down for now.

Test Plan: {F1061348}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10054

Differential Revision: https://secure.phabricator.com/D15020
2016-01-15 09:13:13 -08:00
epriestley
5d6dd7df7d Add a basic remarkup typeahead for users and projects
Summary: Ref T3725. This probably has 900,000 bugs. This will need updates for subprojects/milestones.

Test Plan:
  - Tested very gently in Safari, Firefox and Chrome.
  - Reasonable inputs appear to work.
  - Clicking, escape, tab, return, arrow keys work OK?

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T3725

Differential Revision: https://secure.phabricator.com/D15029
2016-01-15 09:11:46 -08:00
epriestley
08de131da5 Begin modularizing main menu items
Summary:
Ref T10077. Ref T8918. The way the main menu is built is not very modular and fairly hacky.

It assumes menus are provided by applications, but this isn't exactly true. Notably, the "Quick Create" menu is not per-application.

The current method of building this menu is very inefficient (see T10077). Particularly, we have to build it //twice// because we need to build it once to render the item and then again to render the dropdown options.

Start cleaning this up. This diff doesn't actually have any behavioral changes, since I can't swap the menu over until we get rid of all the other items and I haven't extended this to Notifications/Conpherence yet so it doesn't actually fix T8918.

Test Plan: Viewed menus while logged in, logged out, in different applications, in desktop/mobile. Nothing appeared different.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T8918, T10077

Differential Revision: https://secure.phabricator.com/D14922
2016-01-04 06:57:09 -08:00
epriestley
be5b89687e Separate external editor integration from callsigns
Summary: Ref T4245. Pass the whole repository in so it can do something else in a future change.

Test Plan: Loaded changesets in Diffusion.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4245

Differential Revision: https://secure.phabricator.com/D14931
2016-01-04 06:54:01 -08:00
epriestley
bdc517485c Modernize Hovercard implementation
Summary:
Ref T8980. Move away from events to EngineExtensions.

This also simplifies hovercards a bit:

  - Removes tasks from revision cards.
  - Removes blockers/blocked from task cards.
  - Removes "Send Message" from user cards.

These mostly felt cluttery to me. Open to arguments to retain them. I think we can make better use of the space, though (e.g., flags, projects + board columns).

Test Plan:
  - Viewed people, task, revision, commit and project hovercards.

{F1043256}

{F1043257}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T8980

Differential Revision: https://secure.phabricator.com/D14878
2015-12-24 12:18:28 -08:00
epriestley
ba37149bf9 Improve bin/lipsum UX
Summary: Ref T9156. This makes the UX a little more modern/standard/safe.

Test Plan:
```
epriestley@orbital ~/dev/phabricator $ ./bin/lipsum generate
Choose which type or types of test data you want to generate, or select "all".

      - Differential Revisions
      - Files
      - Maniphest Tasks
      - Pastes
      - Pholio Mocks
      - Projects
      - User Accounts
```

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9156

Differential Revision: https://secure.phabricator.com/D14873
2015-12-24 09:06:35 -08:00
epriestley
99c9df96b4 Convert all "DocumentIndexers" into "FulltextEngines"
Summary: Ref T9979. This simplifies/standardizes the code a bit, but mostly gives us more consistent class names and structure.

Test Plan:
  - Used `bin/search index --type ...` to index documents of every indexable type.
  - Searched for documents by unique text, found them.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9979

Differential Revision: https://secure.phabricator.com/D14842
2015-12-21 17:25:23 -08:00
epriestley
2447d9bdf2 Begin improving modularity of IndexEngine, add locks
Summary:
Ref T9890. Ref T9979. Several adjacent goals:

  - The `SearchEngine` vs `ApplicationSearchEngine` thing is really confusing. There are also a bunch of confusing class names and class relationships within the fulltext indexing. I want to rename these classes to be more standard (`IndexEngine`, `IndexEngineExtension`, etc). Rename `SearchIndexer` to `IndexEngine`. A future change will rename `SearchEngine`.
  - Add the index locks described in T9890.
  - Structure things a little more normally so future diffs can do the "EngineExtension" thing more cleanly.

Test Plan:
Indexing:

  - Renamed a task to have a unique word in the title.
  - Ran `bin/search index Txxx`.
  - Searched for unique word.
  - Found task.

Locking:

  - Added a `sleep(10)` after the `lock()` call.
  - Ran `bin/search index Txxx` in two windows.
  - Saw first one lock, sleep 10 seconds, index.
  - Saw second one give up temporarily after failing to grab the lock.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9890, T9979

Differential Revision: https://secure.phabricator.com/D14834
2015-12-21 17:04:10 -08:00
epriestley
2868a69f65 Remove all setObjectURI() from ActionListViews
Summary:
Ref T10004. After D14804, we get this behavior by default and no longer need to set it explicitly.

(If some endpoint did eventually need to set it explicitly, it could just change what it passes to `setHref()`, but I believe we currently have no such endpoints and do not foresee ever having any.)

Test Plan:
  - As a logged out user, clicked various links in Differential, Maniphest, Files, etc., always got redirected to a sensible place after login.
  - Grepped for `setObjectURI()`, `getObjectURI()` (there are a few remaining callsites, but to a different method with the same name in Doorkeeper).

Reviewers: chad

Reviewed By: chad

Subscribers: hach-que

Maniphest Tasks: T10004

Differential Revision: https://secure.phabricator.com/D14805
2015-12-17 08:30:22 -08:00
epriestley
05a798e3ac Add basic typechecking support to Conduit
Summary:
Ref T9964. I want to show users what we're expecting in "constraints", and let constraints like "authors=epriestley" work to make things easier.

I'm generally very happy with the "HTTPParameterType" stuff from EditEngine, so add a parallel set of "ConduitParameterType" classes. These are a little simpler than the HTTP ones, but have a little more validation logic.

Test Plan:
This is really just a proof of concept; some of these fields are now filled in:

{F1023845}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9964

Differential Revision: https://secure.phabricator.com/D14763
2015-12-14 04:21:39 -08:00
Chad Little
6985643f58 Filter archived Badges from UI
Summary: If you archive a badge, remove it's presence in the main Phabricator UI. These are still accessible from `/badges/` for properity. Ref T9944

Test Plan: Archive a badge, weep uncontrollably.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T9944

Differential Revision: https://secure.phabricator.com/D14730
2015-12-10 10:49:42 -08:00
Chad Little
b482027687 Actual 2x avatar, new profile picture options
Summary: Provides a real 2x avatar and offers new built in images for profile pictures.

Test Plan: reload profile, see sharper image, pick eevee, see eevee

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D14668
2015-12-04 13:24:25 -08:00
epriestley
618cec23d8 Make notification counts properly translatable
Summary:
Ref T9132. When I've touched `PhabricatorApplication` I keep hitting this bad `pht()` junk.

The warning is correct, these strings are not extactable and can not be translated.

Fix it so they can be extracted and translated.

Broadly, in all cases we want to render one of these:

> 95 Things (for fewer than some limit)
> 99+ Things (when we hit the limit)

Test Plan: Looked at homepage status counts, moused over them, saw reasonable strings. Grepped for removed method.

Reviewers: chad

Reviewed By: chad

Subscribers: joshuaspence

Maniphest Tasks: T9132

Differential Revision: https://secure.phabricator.com/D14638
2015-12-03 07:06:39 -08:00
Joshua Spence
cf2eb0dd5f Move some files around
Summary: Move some `PhabricatorPolicyRule` implementations to a subdirectory of the parent application.

Test Plan: N/A

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D14478
2015-11-17 06:26:13 +11:00
Joshua Spence
c35b564f4d Various translation improvements
Summary: Depends on D14070.

Test Plan: Eyeball it.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, hach-que

Differential Revision: https://secure.phabricator.com/D14073
2015-11-03 07:02:46 +11:00
Joshua Spence
495cb7a2e0 Mark PhabricatorPHIDType::getPHIDTypeApplicationClass() as abstract
Summary: Fixes T9625. As explained in a `TODO` comment, seems reasonable enough.

Test Plan: Unit tests.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, hach-que

Maniphest Tasks: T9625

Differential Revision: https://secure.phabricator.com/D14068
2015-11-03 06:47:12 +11:00
epriestley
32dc62955a Disable "Send Message" profile action if viewer is logged out
Summary: Fixes T9598.

Test Plan:
  - Used "Send Message" as a logged-in user.
  - Used "Send Message" as a logged-out user. The action was disabled and clicking it popped up a login dialog.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9598

Differential Revision: https://secure.phabricator.com/D14326
2015-10-24 08:13:14 -07:00
epriestley
9c798e5cca Provide bin/garbage for interacting with garbage collection
Summary:
Fixes T9494. This:

  - Removes all the random GC.x.y.z config.
  - Puts it all in one place that's locked and which you use `bin/garbage set-policy ...` to adjust.
  - Makes every TTL-based GC configurable.
  - Simplifies the code in the actual GCs.

Test Plan:
  - Ran `bin/garbage collect` to collect some garbage, until it stopped collecting.
  - Ran `bin/garbage set-policy ...` to shorten policy. Saw change in web UI. Ran `bin/garbage collect` again and saw it collect more garbage.
  - Set policy to indefinite and saw it not collect garabge.
  - Set policy to default and saw it reflected in web UI / `collect`.
  - Ran `bin/phd debug trigger` and saw all GCs fire with reasonable looking queries.
  - Read new docs.

{F857928}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9494

Differential Revision: https://secure.phabricator.com/D14219
2015-10-02 09:17:24 -07:00
epriestley
878a493301 Begin standardizing garbage collectors
Summary: Ref T9494. Improve support infrastructure for garbage collectors.

Test Plan:
  - Ran `bin/phd debug trigger`, saw collectors execute.

{F857852}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9494

Differential Revision: https://secure.phabricator.com/D14218
2015-10-01 16:58:43 -07:00
epriestley
a0ed843d47 Don't allow welcome mail to be sent to users who can't login
Summary:
Fixes T9446. We allow administrators to send "Welcome" mail to bots and mailing lists.

This is harmless (these links do not function), but confusing.

Instead, disable this option in the UI and explain why it is disabled when it is clicked. Also prevent generation of this mail lower in the stack.

Test Plan:
  - Viewed a bot page, saw action disabled, clicked it, got explanation.
  - Viewed a normal user page, saw action enabled, clicked it, sent welcome email.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9446

Differential Revision: https://secure.phabricator.com/D14134
2015-09-20 04:28:33 -07:00
epriestley
29948eaa5b Use phutil_hashes_are_identical() when comparing hashes in Phabricator
Summary: See D14025. In all cases where we compare hashes, use strict, constant-time comparisons.

Test Plan: Logged in, logged out, added TOTP, ran Conduit, terminated sessions, submitted forms, changed password. Tweaked CSRF token, got rejected.

Reviewers: chad

Reviewed By: chad

Subscribers: chenxiruanhai

Differential Revision: https://secure.phabricator.com/D14026
2015-09-01 15:52:44 -07:00
Chad Little
84049e6d07 Fix public/private profile edit note
Summary: Fixes T8976. Checks state of note before applying to box.

Test Plan: Set policy to login, edit profile.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T8976

Differential Revision: https://secure.phabricator.com/D13739
2015-07-27 15:12:03 -07:00
Chad Little
0ba6569959 Add Badges to Hovercards
Summary: Fixes T8942, Makes Badges if installed show up on your hovercard.

Test Plan: Give a badge, mention myself, see badge on hovercard.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T8942

Differential Revision: https://secure.phabricator.com/D13703
2015-07-24 10:58:13 -07:00
Chad Little
ded654b8e2 Badges ... on your profile
Summary: Shows badges on profile if you have them. Check if app is installed, show badges.

Test Plan:
Gave myself a liberal selection of badge. Gave notchad one badge. Gave chadtwo absolutely nothing.

{F651069}

Reviewers: btrahan, lpriestley, epriestley

Reviewed By: epriestley

Subscribers: johnny-bit, epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D13692
2015-07-23 11:46:34 -07:00
Chad Little
cf83db15d6 Allow public viewing of profiles and people calendars
Summary: Ref T4830, this allows profile view and calendar profile view to be publicly visible. Also adds a note reminding the user of visibility.

Test Plan: Log out, visit a profile and various links.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4830

Differential Revision: https://secure.phabricator.com/D13676
2015-07-22 09:32:54 -07:00
Chad Little
d83dce9893 Allow People to be Flagged
Summary: Ref T8888, Makes People Flaggable (and makes me wonder if we should rename Flags->Bookmarks).

Test Plan: Flag myself. Get excited.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: joshuaspence, epriestley, Korvin

Maniphest Tasks: T8888

Differential Revision: https://secure.phabricator.com/D13654
2015-07-20 13:43:58 -07:00
Joshua Spence
12a088d8b7 Fix a broken class reference
Summary: This was broken in D13374. Also rearranged a few classes.

Test Plan: `arc lint`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D13575
2015-07-07 22:53:13 +10:00
Joshua Spence
acb1eb81cc Move some PhabricatorSearchField subclasses
Summary: Move some `PhabricatorSearchField` subclasses to be adjacent to the application to which they belong. This seems generally better to me than lumping them all together in the `src/applications/search/field/` directory. I was also wondering if it makes sense to rename these subclasses as `PhabricatorXSearchField` rather than `PhabricatorSearchXField` (as per T5655), but wasn't really sure if these objects are meant to be search-fields, or just fields belonging to the #search application.

Test Plan: N/A.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D13374
2015-07-06 22:52:05 +10:00
epriestley
4b298c1c44 Merge branch 'master' into redesign-2015 2015-06-30 11:20:16 -07:00
epriestley
4adaf53bf0 Dramatically increase cache hit rate for feed
Summary:
Ref T8631. The query plan for feed stories is really bad right now, because we miss caches we should be hitting:

  - The workspace cache is stored at each query, so adjacent queries can't benefit from the cache (only subqueries). Feed has primarily sibling queries.
    - There is no technical reason to do this. Store the workspace cache on the root query, so sibling queries can hit it.
  - In `ObjectQuery`, we check the workspace once, then load all the PHIDs. When the PHIDs are a mixture of transactions and objects, we always miss the workspace and load the objects twice.
    - Instead, check the workspace after loading each type of object.
  - `HandleQuery` does not set itself as the parent query for `ObjectQuery`, so handles never hit the workspace cache.
    - Pass it, so they can hit the workspace cache.
  - Feed's weird `PhabricatorFeedStory::loadAllFromRows()` method does not specify a parent query on its object/handle queries.
    - Just declare the object query to be the "root" query until this eventually gets cleaned up.

Test Plan: Saw queries for each object drop from 4-6x to 1x in `/feed/`.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T8631

Differential Revision: https://secure.phabricator.com/D13479
2015-06-30 11:19:41 -07:00
Chad Little
08ec0f1704 [Redesign] Remove AphrontTable restriction on Search Engine
Summary: Ref T8099, functionally I prefer to be able to set anything 'table-like' with `setTable` for design consistency. This looses the restriction and did some light grepping for other missed cases.

Test Plan: Test new UI, grep for other missing cases.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T8099

Differential Revision: https://secure.phabricator.com/D13471
2015-06-29 12:28:55 -07:00
epriestley
26a007f879 Merge branch 'master' into redesign-2015 2015-06-25 13:59:08 -07:00
Bob Trahan
541e3d9e1c Conpherence - remove room vs message distinction as far as users are concerned
Summary:
Ref T8488, T8469, T8485.

This is done in regards to T8488 as far as users are concerned. There's still some classes, and etc. that should be re-named probably. T8469 and T8485 are basically moot now though.

Rather than having "Send Message" exposed, just expose "Create Room". Users get the full form. One change is "title" is now required.

This diff removes the concept of "isRoom" entirely.

Test Plan: Verifed a user with no conpherences had sensible data in both column view and full conpherence view. Created rooms with various policies and things worked well.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: chad, epriestley, Korvin

Maniphest Tasks: T8469, T8485, T8488

Differential Revision: https://secure.phabricator.com/D13351
2015-06-25 13:14:20 -07:00
Chad Little
dbdeca58fc [Redesign] Fix People Log Query
Summary: Fixes T8642, This is a table, but not returned as one. Set it to Content for now with a Collapsed layout.

Test Plan: Test /people/logs/

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T8642

Differential Revision: https://secure.phabricator.com/D13395
2015-06-22 22:10:07 +01:00
epriestley
7d7e13d79b Merge branch 'master' into redesign-2015 2015-06-19 08:33:30 -07:00
Chad Little
801607381d [Redesign] PhabricatorApplicationSearchResultView
Summary: Ref T8099. This adds a new class which all search engines return for layout. I thought about this a number of ways, and I think this is the cleanest path. Each Engine can return whatever UI bits they needs, and AppSearch or Dashboard picks and lays the bits out as needed. In the AppSearch case, interfaces like Notifications, Calendar, Legalpad all need more custom layouts. I think this also leaves a resonable path forward for NUX as well. Also, not sure I implemented the class correctly, but assume thats easy to fix?

Test Plan: Review and do a search in each application changed. Grep for all call sites.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T8099

Differential Revision: https://secure.phabricator.com/D13332
2015-06-19 11:46:20 +01:00
epriestley
b12f13efd8 Force date/time preferences to valid values
Summary:
Fixes T8601. To reproduce the problem:

  - Set your time preference to `""` (the empty string). This isn't possible from the modern UI, but can be done with "Right Click > Inspect Element", or users may have carried it forward from an older setting (this is the case with me and @hach-que on this install).
  - Load Calendar with some events.
  - This parses an epoch, which sets `valueTime` to `""` (since there are no format characters in the preference) and then `getEpoch()` fails because `strlen($time)` is 0.
  - Since `getEpoch()` failed, `getDateTime()` also fails.

To fix this:

  - Only permit the date and time preferences to have valid values.

Test Plan:
  - Loaded page before patch, saw fatal.
  - Applied patch.
  - No more fatal.
  - Viewed tooltips, dates/times, dates/times in other apps.
  - Changed my preferences, saw them respected.

Reviewers: lpriestley

Reviewed By: lpriestley

Subscribers: epriestley, hach-que

Maniphest Tasks: T8601

Differential Revision: https://secure.phabricator.com/D13346
2015-06-18 15:11:01 -07:00
Chad Little
3846a00916 [Redesign] Fix alignment of icon/grip on ObjectList
Summary:
Ref T8099, these should sit in a 4px gutter.

Also:
- remove bad route on feed
- Fix issue with custom logos
- Fix unit error

Test Plan: Review on dashboards and on Maniphest homepage

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T8099

Differential Revision: https://secure.phabricator.com/D13310
2015-06-16 13:09:48 -07:00
epriestley
53ef057b1b Merge branch 'master' into redesign-2015 2015-06-15 08:06:23 -07:00
epriestley
88e7cd158f Allow Spaces to be archived
Summary:
Ref T8377. This adds a standard disable/enable feature to Spaces, with a couple of twists:

  - You can't create new stuff in an archived space, and you can't move stuff into an archived space.
  - We don't show results from an archived space by default in ApplicationSearch queries. You can still find these objects if you explicitly search for "Spaces: <the archived space>".

So this is a "put it in a box in the attic" sort of operation, but that seems fairly nice/reasonable.

Test Plan:
  - Archived and activated spaces.
  - Used ApplicationSearch, which omitted archived objects by default but allowed searches for them, specifically, to succeed.
  - Tried to create objects into an archived space (this is not allowed).
  - Edited objects in an archived space (this is OK).

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T8377

Differential Revision: https://secure.phabricator.com/D13238
2015-06-11 10:13:47 -07:00
epriestley
739bdeccab Improve some Spaces behaviors
Summary:
Ref T8449. Try out some more subtle behaviors:

  - Make the "Space" control part of the policy control, so the UI shows "Visible To: [Space][Policy]". I think this helps make the role of spaces more clear. It also makes them easier to implement.
  - Don't show the default space in headers: instead, show nothing.
  - If the user has access to only one space, pretend spaces don't exist (no edit controls, no header stuff).

This might be confusing, but I think most of the time it will all align fairly well with user expectation.

Test Plan:
  - Viewed a list of pastes (saw Space with non-default space, no space with default space, no space with user in only one space).
  - Viewed a paste (saw Space with non-default space, saw no space with default space, saw no space with user in only one space).
  - Edited spaces on objects (control as privileged user, no control as locked user).
  - Created a new paste in a space (got space select as privileged user, no select as locked user).

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T8449

Differential Revision: https://secure.phabricator.com/D13229
2015-06-10 15:52:18 -07:00
epriestley
8d6209b701 Don't require users be activated in order to establish Web sessions
Summary: Ref T8496. In D13123, the condition for establishing a web session was made too strict: we need to let non-activated users establish web sessions in order to see "you are a bad disabled person" or "your account needs approval" messages. The previous behavior let them in, the new behavior incorrectly locks them out.

Test Plan: Enabled login approvals and registered a new account with username/password auth.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: joshuaspence, epriestley

Maniphest Tasks: T8496

Differential Revision: https://secure.phabricator.com/D13239
2015-06-10 15:34:02 -07:00
epriestley
57b898af9a Merge branch 'master' into redesign-2015 2015-06-10 07:44:58 -07:00
Joshua Spence
f47e69c015 Mark some strings for translation
Summary: Add some more `pht`izations.

Test Plan: Eyeball it.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: hach-que, Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D13200
2015-06-09 23:06:52 +10:00
epriestley
8915fd8be8 Don't try to generate a CSRF token for the omnipotent user
Summary:
We can end up here with a stack trace like this, while rendering an embedded Slowvote trying to publish a Feed story:

```
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] [2015-06-08 22:49:57] EXCEPTION: (PhutilProxyException) Error while executing Task ID 830591. {>} (PhabricatorDataNotAttachedException) Attempting to access attached data on PhabricatorUser (via getAlternateCSRFString()), but the data is not actually attached. Before accessing attachable data on an object, you must load and attach it.
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] Data is normally attached by calling the corresponding needX() method on the Query class when the object is loaded. You can also call the corresponding attachX() method explicitly. at [<phabricator>/src/infrastructure/storage/lisk/PhabricatorLiskDAO.php:166]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] arcanist(head=master, ref.master=7d15b85a1bc0), phabricator(head=master, ref.master=929f5f22acef), phutil(head=master, ref.master=92882eb9404d)
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #0 <#2> PhabricatorLiskDAO::assertAttached(string) called at [<phabricator>/src/applications/people/storage/PhabricatorUser.php:556]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #1 <#2> PhabricatorUser::getAlternateCSRFString() called at [<phabricator>/src/applications/people/storage/PhabricatorUser.php:432]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #2 <#2> PhabricatorUser::generateToken(integer, integer, string, integer) called at [<phabricator>/src/applications/people/storage/PhabricatorUser.php:344]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #3 <#2> PhabricatorUser::getRawCSRFToken() called at [<phabricator>/src/applications/people/storage/PhabricatorUser.php:357]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #4 <#2> PhabricatorUser::getCSRFToken() called at [<phabricator>/src/infrastructure/javelin/markup.php:91]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #5 <#2> phabricator_form(PhabricatorUser, array, array) called at [<phabricator>/src/applications/slowvote/view/SlowvoteEmbedView.php:169]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #6 <#2> SlowvoteEmbedView::render() called at [<phabricator>/src/view/AphrontView.php:175]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #7 <#2> AphrontView::producePhutilSafeHTML() called at [<phutil>/src/markup/render.php:133]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #8 <#2> phutil_escape_html(SlowvoteEmbedView)
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #9 <#2> array_map(string, array) called at [<phutil>/src/markup/engine/remarkup/PhutilRemarkupBlockStorage.php:56]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #10 <#2> PhutilRemarkupBlockStorage::restore(PhutilSafeHTML, integer) called at [<phutil>/src/markup/engine/PhutilRemarkupEngine.php:299]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #11 <#2> PhutilRemarkupEngine::restoreText(PhutilSafeHTML, integer) called at [<phutil>/src/markup/engine/PhutilRemarkupEngine.php:295]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #12 <#2> PhutilRemarkupEngine::postprocessText(array) called at [<phabricator>/src/infrastructure/markup/PhabricatorMarkupEngine.php:138]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #13 <#2> PhabricatorMarkupEngine::process() called at [<phabricator>/src/applications/feed/story/PhabricatorFeedStory.php:167]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #14 <#2> PhabricatorFeedStory::loadAllFromRows(array, PhabricatorUser) called at [<phabricator>/src/applications/feed/query/PhabricatorFeedQuery.php:37]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #15 <#2> PhabricatorFeedQuery::willFilterPage(array) called at [<phabricator>/src/infrastructure/query/policy/PhabricatorPolicyAwareQuery.php:237]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #16 <#2> PhabricatorPolicyAwareQuery::execute() called at [<phabricator>/src/infrastructure/query/policy/PhabricatorPolicyAwareQuery.php:168]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #17 <#2> PhabricatorPolicyAwareQuery::executeOne() called at [<phabricator>/src/applications/feed/worker/FeedPushWorker.php:12]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #18 <#2> FeedPushWorker::loadFeedStory() called at [<phabricator>/src/applications/feed/worker/FeedPublisherWorker.php:6]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #19 <#2> FeedPublisherWorker::doWork() called at [<phabricator>/src/infrastructure/daemon/workers/PhabricatorWorker.php:91]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #20 <#2> PhabricatorWorker::executeTask() called at [<phabricator>/src/infrastructure/daemon/workers/storage/PhabricatorWorkerActiveTask.php:162]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #21 <#2> PhabricatorWorkerActiveTask::executeTask() called at [<phabricator>/src/infrastructure/daemon/workers/PhabricatorTaskmasterDaemon.php:22]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #22 PhabricatorTaskmasterDaemon::run() called at [<phutil>/src/daemon/PhutilDaemon.php:185]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #23 PhutilDaemon::execute() called at [<phutil>/scripts/daemon/exec/exec_daemon.php:125]
```

Just return `null`.

Test Plan: Will check that tasks clear in production.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D13218
2015-06-08 16:07:21 -07:00
Joshua Spence
af1b586990 Fix method visibilities
Summary: See also D13186.

Test Plan: Ran `arc unit --everything`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D13201
2015-06-09 07:17:44 +10:00
epriestley
3bb7f3624f Implement PhabricatorApplicationTransactionInterface on PhabricatorUser
Summary: Right now, "Publish" workers for user profile edits (title / blub) can get gummed up in the daemons. Implement the interfaces and provide a Query so they can go through.

Test Plan:
  - Made a profile "Title" edit.
  - Used `bin/worker execute --id <id>` to see task fail.
  - Applied patch.
  - Saw task work.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D13213
2015-06-08 13:35:57 -07:00
epriestley
bf87976d25 Support ordering in SearchField
Summary:
Ref T8441. Ref T7715. Automatically generate a modern "Order" control in ApplicationSearch for engines which fully support SearchField.

Notably, this allows the standard "Order" control to automatically support custom field orders. We do this in Maniphest today, but in an ad-hoc way.

Test Plan: Performed order-by queries in Almanac (Services), Pholio, Files, People, Projects, and Paste.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7715, T8441

Differential Revision: https://secure.phabricator.com/D13193
2015-06-08 12:21:48 -07:00
epriestley
3e2b0c35f9 Move People to SearchFields
Summary:
Ref T8441. Ref T7715. This is the second of three ApplicationSearch + CustomField use cases (Maniphest is the third).

Also add a way to set a default ordering for the fields.

Test Plan:
  - Performed searches with each field.
  - Added a custom field and searched for it.
  - Observed desired ordering.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7715, T8441

Differential Revision: https://secure.phabricator.com/D13190
2015-06-08 12:20:35 -07:00
epriestley
b4de79741c Fix a minor issue with the approval queue
Ref T8454. This got gummed up in swapping between double negatives like "noDisabled".

Viewed queue, saw "Hide Disabled Users" instead of "Show Only Disabled Users".

Auditors: joshuaspence, btrahan
2015-06-06 06:39:02 -07:00
epriestley
ef90007a21 Support Spaces transactions
Summary:
Ref T8424. This adds crude integration with Paste's edit/view workflows: you can change the space a Paste appears in, see transactions, and get a policy callout.

Lots of rough edges and non-obviousness but it pretty much works.

Test Plan:
  - Created and updated Pastes.
  - Moved them between spaces, saw policy effects.
  - Read transactions.
  - Looked at feed.
  - Faked query to return no spaces, saw control and other stuff vanish.
  - Faked query to return no spaces, created pastes.
  - Tried to submit bad values and got errors.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T8424

Differential Revision: https://secure.phabricator.com/D13159
2015-06-05 10:42:49 -07:00
Erik Fercak
5deaeec668 Use a class constant instead of a hardcoded string
Test Plan: Submitted a form - saw nothing out of ordinary.

Reviewers: #blessed_reviewers

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D13167
2015-06-05 07:27:35 -07:00
epriestley
e5b923743a Make CSRF salt per-user instead of per-request
Summary:
Fixes T8326. This removes calls to PhabricatorStartup from places that daemons may access.

This salt doesn't need to be global; it's embedded in the token we return. It's fine if we use a different salt every time. In practice, we always use the same viewer, so this change causes little or no behavioral change.

Ref T8424. For Spaces, I need a per-request cache for all spaces, because they have unusual access patterns and require repeated access, in some cases by multiple viewers.

We don't currently have a per-request in-process cache that we, e.g., clear in the daemons.

We do have a weak/theoretical/forward-looking attempt at this in `PhabricatorStartup::getGlobal()` but I'm going to throw that away (it's kind of junky, partly because of T8326) and replace it with a more formal mechanism.

Test Plan:
  - Submitted some forms.
  - Grepped for `csrf.salt`.
  - Viewed page source, saw nice CSRF tokens with salt.
  - All the salts are still the same on every page I checked, but it doesn't matter if this isn't true everywhere.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T8326, T8424

Differential Revision: https://secure.phabricator.com/D13151
2015-06-04 17:26:23 -07:00
epriestley
992c199577 Add "Mailing List" users
Summary:
Ref T8387. Adds new mailing list users.

This doesn't migrate anything yet. I also need to update the "Email Addresses" panel to let administrators change the list address.

Test Plan:
  - Created and edited a mailing list user.
  - Viewed profile.
  - Viewed People list.
  - Searched for lists / nonlists.
  - Grepped for all uses of `getIsDisabled()` / `getIsSystemAgent()` and added relevant corresponding behaviors.
  - Hit the web/api/ssh session blocks.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: eadler, tycho.tatitscheff, epriestley

Maniphest Tasks: T8387

Differential Revision: https://secure.phabricator.com/D13123
2015-06-03 18:42:33 -07:00
epriestley
13f0dac0ed Expand the power of user filtering
Summary:
Ref T8387. This mostly merges D10565 + D10480. I'm going to touch this to add mailing list stuff shortly so I wanted to clean those up.

This isn't super pretty but is fully flexible and consistent with other modern query UIs.

This should be more-or-less backward compatible.

Test Plan: Fiddled with the new options.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: eadler, cburroughs, epriestley

Maniphest Tasks: T8044, T8387

Differential Revision: https://secure.phabricator.com/D13122
2015-06-03 18:42:32 -07:00
Chad Little
132bff3ea5 [Redesign] People, Profile, Feed UI
Summary: Ref T8099, Mostly a Feed cleanup, removing old CSS, relying on modern display objects, adds back the feed to profile (I miss it, but maybe you don't).

Test Plan: Visit Feed on Profiles, Projects, Feed, and Dashboards. Same UI Everywhere. TODO, "Public Feed".

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T8099

Differential Revision: https://secure.phabricator.com/D13101
2015-06-01 11:28:01 -07:00
Chad Little
75673a8e37 [Redesign] Cleanup Harbormaster UI
Summary: Ref T8099, adds StatusIcons in place of barColor. May need to revisit icons. Also fixed incorrect icons used in Drydock.

Test Plan: Visit Harbormaster, Drydock, see proper icons.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T8099

Differential Revision: https://secure.phabricator.com/D13054
2015-05-28 13:00:26 -07:00
Chad Little
3d407732d6 [Redesign] Put all ApplicationSearch results in an ObjectBox
Summary:
Ref T8099. In most cases we return either an ObjectList or AphrontTable, and can pretty up the UI in ApplicationSearch. There are a few edge cases, like  PeopleUserLog, that can be cleanup up individually in the future, but look fine for now.
Also added 'setNotice' for AphrontTable for a few cases where we want to convey addtional information.

TODO: Seems we always pass a Pager Object, which tries to get displayed, I'll redesign that interaction in the future, probably by passing the Pager to the ObjectBox

Test Plan: Went throught most/all ApplicationSearch panels I could find, even edge cases look better.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T8099

Differential Revision: https://secure.phabricator.com/D12989
2015-05-24 09:13:58 -07:00
epriestley
bfca11dbba Merge branch 'master' into redesign-2015 2015-05-22 12:57:32 -07:00
Joshua Spence
36e2d02d6e phtize all the things
Summary: `pht`ize a whole bunch of strings in rP.

Test Plan: Intense eyeballing.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: hach-que, Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D12797
2015-05-22 21:16:39 +10:00
Chad Little
a4784e03ff [Redesign] Add Table, Collapse support to ObjectBox
Summary: Converts most all tables to be directly set via `setTable` to an ObjectBox. I think this path is more flexible design wise, as we can change the box based on children, and not just CSS. We also already do this with PropertyList, Forms, ObjectList, and Header. `setCollapsed` is added to ObjectBox to all children objects to bleed to the edges (like diffs).

Test Plan: I did a grep of `appendChild($table)` as well as searches for `PHUIObjectBoxView`, also with manual opening of hundreds of files. I'm sure I missed 5-8 places. If you just appendChild($table) nothing breaks, it just looks a little funny.

Reviewers: epriestley, btrahan

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D12955
2015-05-20 12:48:43 -07:00
Joshua Spence
c896aeb62e Various linter fixes
Summary: Apply various linter fixes.

Test Plan: Unit tests + eyeballing.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: hach-que, Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D12390
2015-05-20 07:27:41 +10:00
Bob Trahan
189c55d1d3 People - fix hovercards for people
Summary: Fixes T8242. D12833 removed the title as well as the blurb from people hovercards. When re-adding the title don't bother throwing things through pht since that seems like not something you translate exactly and also lose the flavor text which most users end up having since title is rarely set (at least on this install).

Test Plan: viewed hovercards and saw title and blurb again as appropos relative to the data being set

Reviewers: chad, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T8242

Differential Revision: https://secure.phabricator.com/D12915
2015-05-18 15:39:34 -07:00
Joshua Spence
f3d382cec4 Fix some method signatures
Summary: Fix some method signatures so that arguments with default values are at the end of the argument list (see D12418).

Test Plan: Eyeballed the callsites.

Reviewers: epriestley, #blessed_reviewers, hach-que

Reviewed By: epriestley, #blessed_reviewers, hach-que

Subscribers: hach-que, Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D12782
2015-05-19 06:58:43 +10:00
epriestley
705c1e6498 Fix an issue with user.whoami
Summary:
Both user.whoami and user.query call the same wire formatting code, but expect different data.

Don't try to add availability data to user.whoami.

Stop adding email data to user.query. We've added it since D11791, but my intent was for it to be exposed //only// via user.whoami (i.e., expose your address, not others').

Test Plan:
  - Called both methods.
  - Saw emails on user.whoami.
  - Saw availability on user.query.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D12848
2015-05-14 16:48:45 -07:00
epriestley
2bc9dec85f Remove "status" field from events
Summary:
Ref T8183. See that task for discussion.

  - For now, events always mark users as "Away".
  - In the future, we may reintroduce "sporradic" or other more complicated availability states, but they would be properties of the invitee, not of the event itself.
  - This also removes the long-deprecated `user.addstatus` and `user.removestatus` Conduit calls.

Test Plan:
  - Created, edited, viewed events.
  - Grepped for removed symbols.
  - Viewed profile calendar.
  - Viewed Conpherence calendar.
  - Load Conduit console.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T8183

Differential Revision: https://secure.phabricator.com/D12840
2015-05-14 11:15:44 -07:00
epriestley
aa550189c7 Add an availability cache for users
Summary: Ref T7707. Caches availability on users to reduce the cost of loading handles. This cache is very slightly tricky to dirty properly.

Test Plan:
  - Use DarkConsole to examine queries; saw cache hits, miss+fill, dirty.
  - Saw availability change correctly after canceling, joining, declining events.
  - Saw no queries to Calendar for pages with only availability data.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7707

Differential Revision: https://secure.phabricator.com/D12838
2015-05-14 11:15:22 -07:00
epriestley
fef3c778fd Replace user "status" with "availability"
Summary:
Ref T7707. Ref T8183.

  - Currently, user status is derived by looking at events they //created//. Instead, look at non-cancelled invites they are attending.
  - Prepare for on-user caching.
  - Mostly remove "Sporradic" as a status, although I left room for adding more information later.

Test Plan:
- Called user.query.
- Viewed profile.
- Viewed hovercard.
- Used mentions.
- Saw status immediately update when attending/leaving/cancelling a current event.
- Created an event ending at 6 PM and an event from 6:10PM - 7PM, saw "Away until 7PM".

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T8183, T7707

Differential Revision: https://secure.phabricator.com/D12833
2015-05-14 11:15:04 -07:00
epriestley
04186e02cf Separate handle "status" and "availability"
Summary:
Ref T7707. Handles currently have a "status" field and a "disabled" field.

The "status" field has these possible values: "open", "closed", "1", "2". durp durp durp

Instead, do:

  - status = <open, closed>
  - availability = <full, partial, none, disabled>

I think these make more sense? And are a bit more general? And use the same kind of constants for all values!

Test Plan: Looked at all affected handles in all states (probably).

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7707

Differential Revision: https://secure.phabricator.com/D12832
2015-05-14 11:14:44 -07:00
lkassianik
97611958b0 Refactor PHUICalendarMonthView to be a little more readable
Summary: Refactor `PHUICalendarMonthView` to be a little more readable

Test Plan: Make sure month view still works

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D12831
2015-05-13 15:58:46 -07:00
Joshua Spence
acb45968d8 Use __CLASS__ instead of hard-coding class names
Summary: Use `__CLASS__` instead of hard-coding class names. Depends on D12605.

Test Plan: Eyeball it.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: hach-que, Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D12806
2015-05-14 07:21:13 +10:00
lkassianik
f677394b6f People calendar month view should pass AphrontFormDateControlValue for start range and end range to MonthView
Summary: Fixes T8181, People calendar month view should pass AphrontFormDateControlValue for start range and end range to MonthView

Test Plan: Open install/p/epriestley/calendar without error

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Maniphest Tasks: T8181

Differential Revision: https://secure.phabricator.com/D12827
2015-05-13 12:01:04 -07:00
epriestley
b36a8fa885 Implement a user profile image cache
Summary:
Ref T7707. The general form of this can probably be refined somewhat over time as we have more use cases.

I put this cache on the user object itself because we essentially always need this data and it's trivial to invalidate the cache (we can do it implicilty during reads).

Also fix an issue with short, wide images not thumbnailing properly after recent changes.

Test Plan:
  - Loaded some pages; saw caches write; saw good pictures.
  - Reloaded; saw cache reads; saw good pictures.
  - Changed profile picture; saw immediate update.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7707

Differential Revision: https://secure.phabricator.com/D12826
2015-05-13 11:38:51 -07:00
epriestley
47b14c9bde Convert inline profile image transforms to new transformations
Summary:
Ref T7707. Fixes T7879. Fixes T4406. When creating profile images:

  - Use the new transforms;
  - mark them as "profile" images so they're forced to the most-open policies.

Test Plan:
  - Set restrictive default file policies.
  - Changed profile picture, project pictures, etc. Verified they were visible to logged-out users.
  - Registered via OAuth.
  - Updated a Conpherence thread image.
  - Browsed around looking for profile images, fixed sizing on everything I could find.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7879, T7707, T4406

Differential Revision: https://secure.phabricator.com/D12821
2015-05-13 11:38:46 -07:00
epriestley
f3d76a90f0 Translate "All Day" events into the viewer's time
Summary:
Ref T8021.

  - When "All Day" events are loaded, convert them into the viewer's time.
  - When "All Day" events are saved, convert them into a +24 hour range.

Test Plan:
  - Created and updated "All Day" events.
  - Created and updated normal events.
  - Changed timezones, edited and viewed "All Day" events and normal events.
  - In all cases, "All Day" events appeared to be 12:00AM - 11:59:59PM to the viewer, on the correct day.
  - Normal events shifted around properly according to timezones.

Reviewers: lpriestley

Reviewed By: lpriestley

Subscribers: epriestley

Maniphest Tasks: T8021

Differential Revision: https://secure.phabricator.com/D12765
2015-05-07 18:57:28 -07:00
Joshua Spence
4ea9d76f66 Add some missing type hints
Summary: Add some typehints for Remarkup rules.

Test Plan: Browsed around some Remarkup text.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D12694
2015-05-05 07:33:00 +10:00
lkassianik
25b1fb1de2 Calendar event edit view should validate that start time preceeds end time
Summary: Closes T8023, Calendar event edit view should validate that start time preceeds end time .

Test Plan: Create Calendar event, add details, make end time be earlier than start time, try to save, get error, make sure all previously entered details are populated correctly.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Maniphest Tasks: T8023

Differential Revision: https://secure.phabricator.com/D12656
2015-05-02 15:28:04 -07:00
epriestley
be14f75274 Update various hard-coded URIs
Summary: Fixes T7918. Update hard-coded ApplicationSearch URIs for parameterized typeaheads.

Test Plan: Found all these links and clicked 'em. Probably.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T7918

Differential Revision: https://secure.phabricator.com/D12554
2015-04-26 07:15:25 -07:00
epriestley
3ba56ceaf0 Add an anyone() typeahead function for matching any document owner
Summary: Fixes T5733.

Test Plan: Ran search and Maniphest queries.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5733

Differential Revision: https://secure.phabricator.com/D12535
2015-04-23 15:44:27 -07:00
epriestley
83617073f5 Rename TypehaeadUserParameterizedDatasource to PeopleUserFunctionDatasource
Summary: Ref T4100. This improves application scoping (Typeahead -> People) and uses a more consitent and concise name (Parameterized -> Function).

Test Plan:
  - `grep`
  - Used affected datasource.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4100

Differential Revision: https://secure.phabricator.com/D12532
2015-04-23 11:49:34 -07:00
epriestley
f64ca87bfe Implement open() and closed() Maniphest tokenizer status functions, plus cleanup
Summary:
Ref T4100.

  - Make it easy to choose all open or closed tasks.
  - Make "special" tokenizers composable.
  - Get `viewer()` generating documentation properly.

Test Plan:
  - Ran queries with new tokens.
  - Browsed new tokens.
  - Viewed docs on new tokens.
  - Used plain status tokens.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: chad, epriestley

Maniphest Tasks: T4100

Differential Revision: https://secure.phabricator.com/D12530
2015-04-23 11:49:34 -07:00
epriestley
135c8799e6 Refine global search UI for tokenizer functions
Summary:
Ref T4100.

  - Removes the "with unowned" checkbox in favor of the "no owners" function.
  - Support functions in "Authors" and "Owners".

Test Plan:
  - Ran various global search and Maniphest queries.

{F379931}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4100

Differential Revision: https://secure.phabricator.com/D12523
2015-04-23 11:49:33 -07:00
epriestley
3a2c2ae3c3 Implement a scope selector for the global search
Summary:
See M1433. Fixes T7266. Fixes T4475. Ref T7314.

Future work/notes/etc:

  - Write the User Guide (see TODO).
  - This might needs some design tweaks -- I think it's functionally almost-equivalent to the mock, but the UI isn't quite the same.
  - (Mobile design is a touch off-looking I think?)
  - When you use a custom query, the duplicate "magnifying glass" icons are a little weird. Maybe change one or the other.
  - Maybe worth adding an "Open Documents in Current Application" option? Planning to wait for feedback on that.
  - Need a Quicksand integration to change the current application at some point.
  - Searching in "Current Application" from, e.g., the 404 page just searches all documents. Current plan is to just document this behavior, since the icon is a pretty good callout and it seems plausible that this is intuitive enough that users won't have a hard time with it.

Test Plan:
New dropdown:

{F379150}

Device-ish:

{F379151}

Normal search (current application, from maniphest, selects tasks):

{F379153}

Application search from non-application:

{F379154}

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: johnny-bit, epriestley

Maniphest Tasks: T7266, T7314, T4475

Differential Revision: https://secure.phabricator.com/D12509
2015-04-22 14:31:36 -07:00
epriestley
e5e5974d9f Give typeahead browse dialogs sensible titles
Summary: Ref T4100. Let datasources specify a more meaningful title than the class name.

Test Plan: Browsed some sources.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: chad, epriestley

Maniphest Tasks: T4100

Differential Revision: https://secure.phabricator.com/D12469
2015-04-20 10:06:23 -07:00
epriestley
f331463d50 Make "user's projects" a logical datasource and add viewerprojects()
Summary:
Ref T4100. Ref T5595. This converts `projects(user)` into a logical datasource.

Also adds a viewerprojects() logical datasource.

Test Plan: {F375546}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4100, T5595

Differential Revision: https://secure.phabricator.com/D12462
2015-04-20 10:06:20 -07:00
epriestley
eb69b115a7 Simplify members() datasource function
Summary: Ref T4100. Implement members() in terms of the real projects datasource.

Test Plan: Used members() functions in Differential, browsed members() functions.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4100

Differential Revision: https://secure.phabricator.com/D12459
2015-04-20 10:06:17 -07:00
epriestley
c246aa2638 Implement a projects() datasource function
Summary:
Ref T4100. This is like members(), but is implemented on top of the raw datasource. This is a lot simpler and involves way less code duplication.

I'll go back and implement members() like this, too.

Nothing actually uses this yet.

Test Plan:
  - Used browse view to browse datasource.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4100

Differential Revision: https://secure.phabricator.com/D12458
2015-04-20 10:06:16 -07:00
epriestley
e27c0b416d Add "Edge Logic" support to PolicyAwareQuery
Summary:
Ref T4100. Ref T5595. This allows PolicyAwareQuery to write all the logic for AND, OR, NOT, and NULL (i.e., "not in any projects") queries against any edge type.

It accepts an edge type and a list of constraints (which are basically just operator-value pairs, like `<NOT, PHID-X-Y>`, meaning the results must not have an edge connecting them to `PHID-X-Y`).

This doesn't actually do anything yet; see future diffs.

Test Plan: `arc unit --everything`

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4100, T5595

Differential Revision: https://secure.phabricator.com/D12455
2015-04-20 10:06:12 -07:00
epriestley
f5580c7a08 Make buildWhereClause() a method of AphrontCursorPagedPolicyAwareQuery
Summary:
Ref T4100. Ref T5595.

To support a unified "Projects:" query across all applications, a future diff is going to add a set of "Edge Logic" capabilities to `PolicyAwareQuery` which write the required SELECT, JOIN, WHERE, HAVING and GROUP clauses for you.

With the addition of "Edge Logic", we'll have three systems which may need to build components of query claues: ordering/paging, customfields/applicationsearch, and edge logic.

For most clauses, queries don't currently call into the parent explicitly to get default components. I want to move more query construction logic up the class tree so it can be shared.

For most methods, this isn't a problem, but many subclasses define a `buildWhereClause()`. Make all such definitions protected and consistent.

This causes no behavioral changes.

Test Plan: Ran `arc unit --everything`, which does a pretty through job of verifying this statically.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: yelirekim, hach-que, epriestley

Maniphest Tasks: T4100, T5595

Differential Revision: https://secure.phabricator.com/D12453
2015-04-20 10:06:09 -07:00
Chad Little
50e2d5174f Remove Send Message Button on Profile w/ no Conpherence
Summary: Fixes T7847

Test Plan: Uninstall Conpherence

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7847

Differential Revision: https://secure.phabricator.com/D12450
2015-04-17 13:25:05 -07:00
epriestley
76448a75de Make token UI stronger and more consistent
Summary:
Ref T4100. Overall:

  - Use token background color to communicate token type (blue = object, yellow = function, grey = disabled/closed, red = invalid).
  - Use token icon color to make color choices consistent (specifically, use project icon colors in project tokens).
  - For functions, use token icon to communicate function result type (e.g., viewer() has a user icon; members(...) has a group icon), since we don't need the icon to indicate "this is a function" anymore.

Test Plan:
{F374615}
{F374616}
{F374617}

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4100

Differential Revision: https://secure.phabricator.com/D12446
2015-04-17 11:06:58 -07:00
epriestley
845466b49b Implement viewer() and members(project) typeahead functions
Summary:
Ref T4100. This is still a bit rough around the edges, but mostly does what we're after.

  - Implements viewer() and members(...) functions.
  - The new browse workflow makes these discoverable.

Test Plan: {F374201}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: chad, epriestley

Maniphest Tasks: T4100

Differential Revision: https://secure.phabricator.com/D12444
2015-04-17 11:06:58 -07:00
epriestley
fd60a739c1 Improve browsability of People query
Summary: Ref T5750. Fix this query so it works better with the browse view. In particular, make it return results before the user types a query.

Test Plan:
  - Used a people tokenizer.
  - Used global search tokenizer to search for people.
  - Ran new version of query in production to make sure it wasn't crazy.
  - Browsed through results in browse view.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5750

Differential Revision: https://secure.phabricator.com/D12427
2015-04-17 11:06:57 -07:00
epriestley
156b156e77 Give Conduit params/return/errors protected visibility
Summary:
Ref T7803. Ref T5873. I want to drive Conduit through more shared infrastructure, but can't currently add parameters automatically.

Put a `getX()` around the `defineX()` methods so the parent can provide default behaviors.

Also like 60% of methods don't define any special error types; don't require them to implement this method. I want to move away from this in general.

Test Plan:
  - Ran `arc unit --everything`.
  - Called `conduit.query`.
  - Browsed Conduit UI.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: hach-que, epriestley

Maniphest Tasks: T5873, T7803

Differential Revision: https://secure.phabricator.com/D12380
2015-04-13 11:58:35 -07:00
epriestley
4fba6e7730 Remove trivial implementations of getPagingColumn()
Summary:
Ref T7803. Some Query subclasses implement getPagingColumn() in a trivial way, usually to provide a table alias.

Formalize the concept of a primary table alias, and remove obsoleted getPagingColumn() implementations.

Test Plan: Issued affected queries.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7803

Differential Revision: https://secure.phabricator.com/D12356
2015-04-13 11:58:19 -07:00
epriestley
d403700e1f Convert all tokenizers to take token/scalar inputs
Summary: Ref T7689. Ref T4100. This advances the goals of removing `loadViewerHandles()` (only 67 callsites remain!) and letting tokenizers some day take token functions like `viewer()` and `members(differential)`.

Test Plan:
- Sent a new message; used "To".
  - I simplified the cancel URI construction slightly because it's moot in all normal cases.
- Edited a thread; used "Add Participants".
- Searched rooms; used "Participants".
- Searched countdowns; used "Authors".
- Created a diff; used "Repository".
- Edited a revision; edited "Projects"; edited "Reveiwers"; edited "Subscribers".
- Searched for revisions; edited "responsible users"; "authors"; "reviwers"; "subscribers"; "repositories".
- Added revision comments; edited "Add Reveiwers"; "Add Subscribers".
- Commented on a commit; edited "Add Auditors"; "Add subscribers".
- Edited a commit; edited "Projects".
- Edited a repository; edited "Projects".
- Searched feed, used "include Users"; "include Proejcts".
- Searched files, used "authors".
- Edited initiative; edited "Projects".
- Searched backers; used "Backers".
- Searched initiatives; used "Owners".
- Edited build plans; edited "Run Command".
- Searched Herald; used "Authors".
- Added signature exemption in Legalpad.
- Searhced legalpad; used "creators"; used "contributors".
- Searched signatures; used "documents"; used "signers".
- Created meme.
- Searched macros; used "Authors".
- Used "Projects" in Maniphest reports.
- Used Maniphest comment actions.
- Edited Maniphest tasks; edited "Assigned To"; edited "CC"; edited "projects".
- Used "parent" in Maniphest task creation workflow.
- Searched for projects; used "assigned to"; "in any projec"; "in all projects"; "not in projects"; "in users' projects"; "authors"; "subscribers".
- Edited Maniphest bug filing domains, used "Default Author".
- Searched for OAuth applications, used "Creators".
- Edited Owners pacakge; edited "Primary Owner"; edited "Owners".
- Searched for Owners packages; used "Owner".
  - OMG this UI is OLD
- Edited a paste; edited "Projects".
- Searched for paste; used "Authors".
- Searched user activity log; used "Actors"; used "Users".
- Edited a mock; edited "Projects"; edited "CC".
- Searched for mocks; used "Authors".
- Edited Phortune account; edited "Members".
- Edited Phortune merchant account; edited "Members".
- Searched Phrequent; used "Users".
- Edited Ponder question; sued "projects".
- Searched Ponder; used "Authors"; used "Answered By".
- Added project members.
- Searched for projects; used "Members".
- Edited a Releeph product; edited "Pushers".
- Searched pull requests; searched "Requestors".
- Edited an arcanist project; used "Uses Symbols From".
- Searhced push logs; used "Repositories"; used "Pushers".
- Searched repositories; used "In nay project".
- Used global search; used Authors/owners/Subscribers/In Any Project.
- Edited a slowvote; used "Projects".
- Searched slovotes; used "Authors".
- Created a custom "Users" field; edited and searched for it.
- Made a whole lot of typos in this list. ^^^^^^

Did not test:

- Lint is nontrivial to test locally, I'll test it in production.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4100, T7689

Differential Revision: https://secure.phabricator.com/D12224
2015-03-31 14:10:55 -07:00
epriestley
a8271ecd40 Remove most callsites to Controller->renderHandlesForPHIDs()
Summary: Ref T7689. This moves most of the easy/testable callsites off `Controller->renderHandlesForPHIDs()`.

Test Plan:
- Viewed a file; viewed author; viewed "attached" tab.
- Viewed a mock; viewed attached tasks.
- Viewed a credential; viewed "Used By".
- Viewed a paste; viewed author; viewed forks; viewed forked from.
- Viewed a dashboard; viewed panel list.
- Viewed a dashboard panel; viewed "Appears On".
- Viewed a Phortune account; viewed "Members"; viewed payment methods.
- Viewed a Phortune merchant account; viewed "Members".
- Viewed Phortune account switcher; viewed "Accounts".
  - I just removed "Members:" here since it felt kind of out-of-place anyway.
- Viewed a Phragment fragment, viewed "Latest Version", viewed "Snapshots".
- Viewed a Phargment snapshot, viewed "Fragment".

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: hach-que, epriestley

Maniphest Tasks: T7689

Differential Revision: https://secure.phabricator.com/D12207
2015-03-31 05:48:19 -07:00
epriestley
1752be630c Improve handle semantics with HandlePool / HandleList
Summary:
Ref T7689, which discusses some of the motivation here. Briefly, these methods are awkward:

  - Controller->loadHandles()
  - Controller->loadViewerHandles()
  - Controller->renderHandlesForPHIDs()

This moves us toward better semantics, less awkwardness, and a more reasonable attack on T7688 which won't double-fetch a bunch of data.

Test Plan:
  - Added unit tests.
  - Converted one controller to the new stuff.
    - Viewed countdown lists, saw handles render.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7689

Differential Revision: https://secure.phabricator.com/D12202
2015-03-31 05:48:19 -07:00
Chad Little
076cc6ed7e Change setErrorView to setInfoView in PHUIObjectBoxView
Summary: Renames the method in PHUIObjectBoxView to match the new PHUIInfoView class.

Test Plan: grepped codebase. Went to Calendar and tried a new status.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D12005
2015-03-06 17:03:18 -08:00
Chad Little
19f2468753 Remove AprhontPanelView from LDAP search
Summary: Makes this just a plain box (we don't have UI for table-in-form just yet).

Test Plan: Faked some connection data to view the display.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7427

Differential Revision: https://secure.phabricator.com/D11982
2015-03-05 08:48:18 -08:00
epriestley
ab4743b216 Improve Phortune policy behavior
Summary:
Currently, PhortuneAccounts have a very open default policy to allow merchants to see and interact with them.

This has the undesirable side effect of leaking their names in too many places, because all users are allowed to load the handles for the accounts. Although this information is not super sensitive, we shouldn't expose it.

I went through about 5 really messy diffs trying to fix this. It's very complicated because there are a lot of objects and many of them are related to PhortuneAccounts, but PhortuneAccounts are not bound to a specific merchant. This lead to a lot of threading viewers and merchants all over the place through the call stack and some really sketchy diffs with OmnipotentUsers that weren't going anywhere good.

This is the cleanest approach I came up with, by far:

  - Introduce the concept of an "Authority", which gives a user more powers as a viewer. For now, since we only have one use case, this is pretty open-ended.
  - When a viewer is acting as a merchant, grant them authority through the merchant.
  - Have Accounts check if the viewer is acting with merchant authority. This lets us easily implement the rule "merchants can see this stuff" without being too broad.

Then update the Subscription view to respect Merchant Authority.

I partially updated the Cart views to respect it. I'll finish this up in a separate diff, but this seemed like a good checkpoint that introduced the concept without too much extra baggage.

This feels pretty good/clean to me, overall, even ignoring the series of horrible messes I made on my way here.

Test Plan:
  - Verified I can see everything I need to as a merchant (modulo un-updated Cart UIs).
  - Verified I can see nothing when acting as a normal user.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11945
2015-03-03 10:38:25 -08:00
Chad Little
c038c643f4 Move PHUIErrorView to PHUIInfoView
Summary: Since this element isn't strictly about errors, re-label as info view instead.

Test Plan: Grepped for all callsites, tested UIExamples and a few other random pages.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: hach-que, Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11867
2015-03-01 14:45:56 -08:00
Chad Little
36b049c7cc Add a noDataString function to FeedBuilder
Summary: Feed currently returns nothing is there are no stories, we can present a better view here by allowing a base and customizable set of errors. Fixes T7383

Test Plan:
Test a Project feed with no noDataSting and People with a noDataSting

{F321700}

{F321701}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7383

Differential Revision: https://secure.phabricator.com/D11897
2015-02-27 11:49:56 -08:00
Chad Little
3003b293d8 Fix footer display when IconNav is present
Summary: Fixes T7382, specifically we were drawing double navs, removed those from each page and added the correct CSS rule.

Test Plan: Test a number of people and profile pages with a footer set.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7382

Differential Revision: https://secure.phabricator.com/D11895
2015-02-26 10:27:28 -08:00
Chad Little
15824bd516 Fix People mobile menu URLs
Summary: The mobile menu on people profiles has the incorrect order in the URLs and thus, 404s.

Test Plan: Went to a profile on a mobile display, click on feed and calendar links, got to correct place.

Reviewers: epriestley, btrahan

Reviewed By: btrahan

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11847
2015-02-23 09:23:30 -08:00
Bob Trahan
d6bbbcb620 Conduit - return primary email if its verified in user methods
Summary: Ref T7263. We need this in the oauth case and otherwise it makes sense to include.

Test Plan: used the conduit console and saw my email address included in the results!

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7263

Differential Revision: https://secure.phabricator.com/D11791
2015-02-17 14:13:49 -08:00
epriestley
f206da2dbf Increase height of message box on invite workflow
Summary:
At least one user wanted to type more text here, and it seems reasonable that administrators may want to write a couple of paragraphs.

I didn't make this short for any particular reason, I just wasn't sure what the workflow would look like as I was building it.

Test Plan: Loaded page, saw normal height text area.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11779
2015-02-16 11:09:07 -08:00
Bob Trahan
d39da529ca Legalpad - allow for legalpad documents to be required to be signed for using Phabricator
Summary: Fixes T7159.

Test Plan:
Created a legalpad document that needed a signature and I was required to sign it no matter what page I hit. Signed it and things worked! Added a new legalpad document and I had to sign again!

Ran unit tests and they passed!

Logged out as a user who was roadblocked into signing a bunch of stuff and it worked!

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7159

Differential Revision: https://secure.phabricator.com/D11759
2015-02-12 15:22:56 -08:00
epriestley
36494d4e2e Add a "did verify email" event to Phabricator
Summary: Ref T7152. Gives us an event hook so we can go make users a member of any instance they've been invited to as soon as they verify an email address.

Test Plan:
  - Used `bin/auth verify` to trigger the event.
  - Build out the invite flow in rSERVICES.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7152

Differential Revision: https://secure.phabricator.com/D11752
2015-02-11 14:39:06 -08:00
epriestley
d4680a7e4e Update Phabricator to work with more modular translations
Summary:
Ref T7152. Ref T1139. This updates Phabricator so third-party libraries can translate their own stuff. Also:

  - Hide "All Caps" when not in development mode, since some users have found this a little confusing.
  - With other changes, adds a "Raw Strings" mode (development mode only).
  - Add an example silly translation to make sure the serious business flag works.
  - Add a basic British English translation.
  - Simplify handling of translation overrides.

Test Plan:
  - Flipped serious business / development on and off and saw silly/development translations drop off.
  - Switched to "All Caps" and saw all caps.
  - Switched to Very English, Wow!
  - Switched to British english and saw "colour".

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7152, T1139

Differential Revision: https://secure.phabricator.com/D11747
2015-02-11 13:02:35 -08:00
epriestley
7797443428 Support invites in the registration and login flow
Summary:
Ref T7152. This substantially completes the upstream login flow. Basically, we just cookie you and push you through normal registration, with slight changes:

  - All providers allow registration if you have an invite.
  - Most providers get minor text changes to say "Register" instead of "Login" or "Login or Register".
  - The Username/Password provider changes to just a "choose a username" form.
  - We show the user that they're accepting an invite, and who invited them.

Then on actual registration:

  - Accepting an invite auto-verifies the address.
  - Accepting an invite auto-approves the account.
  - Your email is set to the invite email and locked.
  - Invites get to reassign nonprimary, unverified addresses from other accounts.

But 98% of the code is the same.

Test Plan:
  - Accepted an invite.
  - Verified a new address on an existing account via invite.
  - Followed a bad invite link.
  - Tried to accept a verified invite.
  - Reassigned an email by accepting an unverified, nonprimary invite on a new account.
  - Verified that reassigns appear in the activity log.

{F291493}
{F291494}
{F291495}
{F291496}
{F291497}
{F291498}
{F291499}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7152

Differential Revision: https://secure.phabricator.com/D11737
2015-02-11 06:06:28 -08:00
epriestley
6f90fbdef8 Send emails for email invites
Summary:
Ref T7152. Ref T3554.

  - When an administrator clicks "send invites", queue tasks to send the invites.
  - Then, actually send the invites.
  - Make the links in the invites work properly.
  - Also provide `bin/worker execute` to make debugging one-off workers like this easier.
  - Clean up some UI, too.

Test Plan:
We now get as far as the exception which is a placeholder for a registration workflow.

{F291213}

{F291214}

{F291215}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3554, T7152

Differential Revision: https://secure.phabricator.com/D11736
2015-02-11 06:06:09 -08:00
epriestley
ae59760222 Add administrative invite interfaces
Summary:
Ref T7152. This implements the administrative UI for the upstream email invite workflow.

Pieces of this will be reused in Instances to implement the instance invite workflow, although some of it is probably going to be a bit copy/pastey.

This doesn't actually create or send invites yet, and they still can't be carried through registration.

Test Plan:
{F290970}

{F290971}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7152

Differential Revision: https://secure.phabricator.com/D11733
2015-02-11 06:05:53 -08:00
Joshua Spence
aaf8d73ec7 Fix pht method calls
Summary: Ref T7046. This is mainly a proof-of-concept for D11661.

Test Plan: `arc lint`

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7046

Differential Revision: https://secure.phabricator.com/D11680
2015-02-10 18:57:45 +11:00
epriestley
2a0af8e299 Add email invites to Phabricator (logic only)
Summary:
Ref T7152. This builds the core of email invites and implements all the hard logic for them, covering it with a pile of tests.

There's no UI to create these yet, so users can't actually get invites (and administrators can't send them).

This stuff is a complicated mess because there are so many interactions between accounts, email addresses, email verification, email primary-ness, and user verification. However, I think I got it right and got test coverage everwhere.

The degree to which this is exception-driven is a little icky, but I think it's a reasonable way to get the testability we want while still making it hard for callers to get the flow wrong. In particular, I expect there to be at least two callers (one invite flow in the upstream, and one derived invite flow in Instances) so I believe there is merit in burying as much of this logic inside the Engine as is reasonably possible.

Test Plan: Unit tests only.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7152

Differential Revision: https://secure.phabricator.com/D11723
2015-02-09 16:12:36 -08:00
Chad Little
ae7dc8b9d2 Add getGroup to ConfigOptions
Summary: Adds core and apps grouping to configuration options, makes it somewhat easier to browse config options.

Test Plan: Set each option, review list. Breakdown is nearly 50/50 apps/core.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11722
2015-02-09 13:10:56 -08:00
Bob Trahan
345966cb41 People - refine permissions on creating new users
Summary: Fixes T7142. Make old permission mean "make (non-bot) users" and then nuance the UI for those administrators who can make bot accounts.

Test Plan: loaded up admin a with full powers and admin b with restricted powers. noted admin a could make a full user. noted admin b could not make a full user. noted admin b got an error even via clever uri hacking.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7142

Differential Revision: https://secure.phabricator.com/D11702
2015-02-05 16:47:09 -08:00
Bob Trahan
69f06387cb People - add back "add new user" ui
Summary: This got clobbered in D11547. Revive the code but move it up from the base class to the PeopleList controller which is presumably all the main "admin" views. Fixes T7181.

Test Plan: Saw the button once more on /people/...!

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7181

Differential Revision: https://secure.phabricator.com/D11698
2015-02-05 12:26:54 -08:00
Bob Trahan
5a9df1a225 Policy - filter app engines where the user can't see the application from panel editing
Summary: Fixes T7118. This does the basic "filter the list" thing, though it ends up being a little manual since I guess this hasn't come up before? There is also potential weird behavior if the user was using an app and lost access to it - they will have nothing selected on edit - but I think this is actually correct behavior in this circumstance.

Test Plan:
used a user who couldn't get access to the "quick create" apps and noted that the dropdown list on dashboard panel create was missing the expected engines

ran `arc unit --everything` to verify abstract method implemented everywhere

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7118

Differential Revision: https://secure.phabricator.com/D11687
2015-02-04 15:47:48 -08:00
Bob Trahan
b2320c2e68 Policy - clean up access to user profile image uri
Summary: Ref T7094. We already had and were mostly using "needProfileImage" on the people query class. Only real trick in this diff is deleting a conduit end point that has been marked deprecated for the better part of 3 years.

Test Plan: clicked around the people action and profiles and calendars loaded nicely.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7094

Differential Revision: https://secure.phabricator.com/D11630
2015-02-02 14:04:23 -08:00
Chad Little
8f1e0c0262 Revamp Profile with new IconNav
Summary: Revamps Profile to be like Projects, a mini portal and side nav with icons.

Test Plan: Viewed my own profile, as well as others. Test seeing my commits, tasks, diffs, and upcoming events. Checked mobile navigation.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11547
2015-02-02 12:13:48 -08:00
Chad Little
99292c5c6a Use icons with Config Options page
Summary: This sets an icon for each config, makes it easier to scan.

Test Plan:
Reload Config page, see all new icons

{F281089}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11619
2015-02-02 10:17:25 -08:00
Chad Little
3da38c74da PHUIErrorView
Summary: Clean up the error view styling.

Test Plan:
Tested as many as I could find, built additional tests in UIExamples

{F280452}

{F280453}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: hach-que, Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11605
2015-02-01 20:14:56 -08:00
Chad Little
8b06804394 Remove getIconName from all applications
Summary: Not used anymore

Test Plan: grep for 'getIconName'

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: hach-que, Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11582
2015-01-30 12:11:21 -08:00
Bob Trahan
7d309a8e46 Application Emails - make various user email editing paths respect application emails
Summary: Ref T3404. The only mildly sketchy bit is these codepaths all load the application email directly, by-passing privacy. I think this is necessary because not getting to see an application doesn't mean you should be able to break the application by registering a colliding email address.

Test Plan:
Tried to add a registered application email to a user account via the web ui and got a pretty error.
Ran unit tests.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T3404

Differential Revision: https://secure.phabricator.com/D11565
2015-01-29 14:41:09 -08:00
Chad Little
170dc15c05 Make border conditional in crumbs
Summary: Add a setBorder call to CrumbsView to be more deliberate when a border is drawn. Could not find any CSS hacks to set it conditionally CSS.

Test Plan: Browsed every application that called crumbs and make a design decision. Also fixed a few bad layouts.

Reviewers: btrahan, epriestley

Reviewed By: btrahan

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11533
2015-01-28 09:33:49 -08:00
Chad Little
5d8bb61dde Add FontIcon bridge to AppIcons
Summary: Select a similar or better FontAwesome icon to represent each application

Test Plan: Visual inspection

Reviewers: epriestley, btrahan

Subscribers: hach-que, Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11489
2015-01-24 23:43:01 -08:00
Joshua Spence
c2ac63e9ad Increase visibility of PhabricatorController::buildApplicationMenu methods
Summary: Ref T6822. This method needs to be `public` because it is called from `PhabricatorApplicationSearchController::buildApplicationMenu()`.

Test Plan: I wouldn't expect //increasing// method visibility to break anything.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6822

Differential Revision: https://secure.phabricator.com/D11416
2015-01-16 07:41:26 +11:00
Joshua Spence
463d094f96 Fix method visibility for PhabricatorPolicyAwareQuery subclasses
Summary: Ref T6822.

Test Plan:
`grep` for the following:

  - `->willFilterPage(`
  - `->loadPage(`
  - `->didFilterPage(`
  - `->getReversePaging(`
  - `->didFilterPage(`
  - `->willExecute(`
  - `->nextPage(`

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: hach-que, Korvin, epriestley

Maniphest Tasks: T6822

Differential Revision: https://secure.phabricator.com/D11367
2015-01-14 07:01:16 +11:00
Joshua Spence
d6b882a804 Fix visiblity of LiskDAO::getConfiguration()
Summary: Ref T6822.

Test Plan: `grep`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: hach-que, Korvin, epriestley

Maniphest Tasks: T6822

Differential Revision: https://secure.phabricator.com/D11370
2015-01-14 06:54:13 +11:00
Bob Trahan
e85dfcbeee People - add application policy on user creation
Summary: Ref T6947.

Test Plan: made the setting say only admin user a and noted admin user b lost access

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T4137, T6947

Differential Revision: https://secure.phabricator.com/D11357
2015-01-12 15:18:16 -08:00
Chad Little
790d250967 Move ActionList mobile links to better location
Summary: Ref T5752, moves mobile action menus to the object box instead of crumbs.

Test Plan: View action menus at tablet, desktop, and mobile break points. Verify clicking buttons works as expected opening menu.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T5752

Differential Revision: https://secure.phabricator.com/D11340
2015-01-12 07:24:35 -08:00
Joshua Spence
e7f8e79742 Fix method visibility for PhabricatorController subclasses
Summary: Ref T6822.

Test Plan: Visual inspection. These methods are only called from within `PhabricatorController` subclasses.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6822

Differential Revision: https://secure.phabricator.com/D11241
2015-01-07 07:34:59 +11:00
Joshua Spence
e448386d39 Fix method visibility for PhabricatorApplicationSearchEngine methods
Summary: Ref T6822.

Test Plan: Visual inspection. These methods are only called from within the `PhabricatorApplicationSearchEngine` class.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6822

Differential Revision: https://secure.phabricator.com/D11242
2015-01-07 07:34:52 +11:00
Joshua Spence
7c124d7854 Rename PhutilRealnameContextFreeGrammar for consistency
Summary: Ref T5655. Depends on D11226.

Test Plan: See D11226.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Maniphest Tasks: T5655

Differential Revision: https://secure.phabricator.com/D11227
2015-01-06 12:04:19 +11:00
epriestley
fa7bb8ff7a Add cluster.addresses and require membership before accepting cluster authentication tokens
Summary:
Ref T2783. Ref T6706.

  - Add `cluster.addresses`. This is a whitelist of CIDR blocks which define cluster hosts.
  - When we recieve a request that has a cluster-based authentication token, require the cluster to be configured and require the remote address to be a cluster member before we accept it.
    - This provides a general layer of security for these mechanisms.
    - In particular, it means they do not work by default on unconfigured hosts.
  - When cluster addresses are configured, and we receive a request //to// an address not on the list, reject it.
    - This provides a general layer of security for getting the Ops side of cluster configuration correct.
    - If cluster nodes have public IPs and are listening on them, we'll reject requests.
    - Basically, this means that any requests which bypass the LB get rejected.

Test Plan:
  - With addresses not configured, tried to make requests; rejected for using a cluster auth mechanism.
  - With addresses configred wrong, tried to make requests; rejected for sending from (or to) an address outside of the cluster.
  - With addresses configured correctly, made valid requests.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6706, T2783

Differential Revision: https://secure.phabricator.com/D11159
2015-01-02 15:13:41 -08:00
Fabian Stelzer
cd677161e1 Do not CC users without permissions to view an object
Summary:
Ref T4411
I'm not quite sure if this is the right place for this as it will be difficult to provide proper user feedback of why we removed a particular subscriber.
Is the ApplicationTransactionEditor generally the right place to extract mentioned phids in comments?
On the other hand in some cases we cannot really give user feedback why a user was not subscribed (e.g.: commits & diffs)

Adding a diff to a repo where the user mentioned has no view permissions the subscriber is currently still added. Still would have to find where this is donet...

Any other places?

Unrelated: Is there any way to remove a subscriber from a commit/audit ?

Test Plan:
 - Edited tasks with the mentioned user having view permissions to this specific task and without
 - Raised concern with a commit and commented on the audit with the user having view permissions to the repo and without
 - Added a commit to a repo with and without the mentioned user having permissions
 - Mention a user in a task & commit comment with and without permissions
 - Mentioning a user in a diff description & comments with and without permissions to the specific diff

Reviewers: chad, #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: chad, Korvin, epriestley

Maniphest Tasks: T4411

Differential Revision: https://secure.phabricator.com/D11049
2015-01-01 08:05:52 -08:00
Chad Little
9c6467d867 Fix typo in people controller 2014-12-19 09:48:55 -08:00
Bob Trahan
2b99b4add8 Home - limit "status" queries to 100 and show 99+ if we hit that
Summary: Fixes T6595. This diff has two issues as is... 1) the differential data fetching is pretty cheesey, but it looks like we can't just issue three separate databases to get the right data? 2) the translations break, since I am turning this into a string (and not an int) so the whole pluralization bit fails. I think 1 is okay as is and 2 needs to be fixed though I am not sure how to best do that...

Test Plan: loaded home page and it looked nice...!

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6595

Differential Revision: https://secure.phabricator.com/D10979
2014-12-12 12:02:25 -08:00
Joshua Spence
54f8aa8cd9 Minor linter fixes
Summary: Self explanatory

Test Plan: `arc lint`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D10946
2014-12-09 18:37:32 +11:00
epriestley
10b86c2aa3 Don't show meme Remarkup hint button if Macro application is not usable
Summary: See <https://phabricator.wikimedia.org/T906>. This behavior is a bug; we should remove the button if the user can't use the application.

Test Plan:
- With Macro uninstalled, did these things verifying the button vanished:
  - Sent a user a message.
  - Edited a revision.
  - Edited repository basic information.
  - Edited an initiative.
  - Edited a Harbormaster build step.
  - Added task comments.
  - Edited profile blurb.
  - Edited blog description.
  - Commented on Pholio mock.
  - Uploaded Pholio image.
  - Edited Phortune merchant.
  - Edited Phriction document.
  - Edited Ponder answer.
  - Edited Ponder question.
  - Edited Slowvote poll.
  - Edited a comment.
- Reinstalled Macro and saw button come back.
- Used button to put silly text on a funny picture.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D10900
2014-11-24 15:25:25 -08:00
epriestley
5e0f218fe4 Allow device SSH keys to be trusted
Summary:
Ref T6240. Some discussion in that task. In instance/cluster environments, daemons need to make Conduit calls that bypass policy checks.

We can't just let anyone add SSH keys with this capability to the web directly, because then an adminstrator could just add a key they own and start signing requests with it, bypassing policy checks.

Add a `bin/almanac trust-key --id <x>` workflow for trusting keys. Only trusted keys can sign requests.

Test Plan:
  - Generated a user key.
  - Generated a device key.
  - Trusted a device key.
  - Untrusted a device key.
  - Hit the various errors on trust/untrust.
  - Tried to edit a trusted key.

{F236010}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6240

Differential Revision: https://secure.phabricator.com/D10878
2014-11-20 17:33:30 -08:00
lkassianik
1b438a8bd1 Process Remarkup in text and HTML email bodies appropriately
Summary: Ref T6343, adding HTMLMailMode to remarkup, and most objects should now be processed and appear pretty in emails.

Test Plan: Add a comment to a Maniphest task containing a mention of an object like '{T1}' or 'T1'. Emails should show a styled version of the object similar to how the object looks in the context of the Maniphest task in the UI.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: chad, Korvin, epriestley

Maniphest Tasks: T6343, T2617

Differential Revision: https://secure.phabricator.com/D10859
2014-11-17 18:27:21 -08:00
Evan Priestley
32cdc23efc Separate SSH key management from the settings panel
Summary:
Ref T5833. I want to add SSH keys to Almanac devices, but the edit workflows for them are currently bound tightly to users.

Instead, decouple key management from users and the settings panel.

Test Plan:
  - Uploaded, generated, edited and deleted SSH keys.
  - Hit missing name, missing key, bad key format, duplicate key errors.
  - Edited/generated/deleted/etc keys for a bot user as an administrator.
  - Got HiSec'd on everything.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5833

Differential Revision: https://secure.phabricator.com/D10824
2014-11-11 08:18:26 -08:00
epriestley
bf17b12daf Standardize SSH key storage
Summary:
Ref T5833. This fixes a few weird things with this table:

  - A bunch of columns were nullable for no reason.
  - We stored an MD5 hash of the key (unusual) but never used it and callers were responsible for manually populating it.
  - We didn't perform known-key-text lookups by using an index.

Test Plan:
  - Ran migrations.
  - Faked duplicate keys, saw them clean up correctly.
  - Added new keys.
  - Generated new keys.
  - Used `bin/auth-ssh` and `bin/auth-ssh-key`.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5833

Differential Revision: https://secure.phabricator.com/D10805
2014-11-07 15:34:44 -08:00
epriestley
aa0ca6fe4c Make user emails case-insensitive
Summary: Ref T1191. Same deal as D10786. These were previously case-insensitive, but changed to a case-sensitive column type.

Test Plan: Ran `bin/storage adjust` and got and adjustment.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: webframp, epriestley

Maniphest Tasks: T1191

Differential Revision: https://secure.phabricator.com/D10806
2014-11-07 09:48:31 -08:00
epriestley
e29955b48d Move SSHKey table to Auth database
Summary: Ref T5833. Since these will no longer be bound specifically to users, bring them to a more central location.

Test Plan:
  - Edited SSH keys.
  - Ran `bin/ssh-auth` and `bin/ssh-auth-key`.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5833

Differential Revision: https://secure.phabricator.com/D10791
2014-11-06 12:37:22 -08:00
epriestley
f7fbf9ccc1 Change usernames to sort64 to make them case-insensitive
Summary: Ref T1191. After adjustment, usernames currently end up case-sensitive, which means `alincoln` and `Alincoln` are different users. Make them case-sensitive so these names collie.

Test Plan: Ran `bin/storage adjust`.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T1191

Differential Revision: https://secure.phabricator.com/D10786
2014-11-05 12:32:32 -08:00
epriestley
917da08417 Fix various MySQL version issues with new charset stuff
Summary:
Ref T1191. Notable stuff:

  - Adds `--disable-utf8mb4` to `bin/storage` to make it easier to test what things will (approximately) do on old MySQL. This isn't 100% perfect but should catch all the major stuff. It basically makes us pretend the server is an old server.
  - Require utf8mb4 to dump a quickstart.
  - Fix some issues with quickstart generation, notably special casing the FULLTEXT handling.
  - Add an `--unsafe` flag to `bin/storage adjust` to let it truncate data to fix schemata.
  - Fix some old patches which don't work if the default table charset is utf8mb4.

Test Plan:
  - Dumped a quickstart.
  - Loaded the quickstart with utf8mb4.
  - Loaded the quickstart with `--disable-utf8mb4` (verified that we get binary columns, etc).
  - Adjusted schema with `--disable-utf8mb4` (got a long adjustment with binary columns, some truncation stuff with weird edge case test data).
  - Adjusted schema with `--disable-utf8mb4 --unsafe` (got truncations and clean adjust).
  - Adjusted schema back without `--disable-utf8mb4` (got a long adjustment with utf8mb4 columns, some invalid data on truncated utf8).
  - Adjusted schema without `--disable-utf8mb4`, but with `--unsafe` (got truncations on the invalid data).

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T1191

Differential Revision: https://secure.phabricator.com/D10757
2014-10-29 15:49:29 -07:00
Bob Trahan
9dd09f7171 Remove gravatar support
Summary: Fixes T6261. The performance of asking gravatar for these images is horrible and causing lots of people to have issues with the page.

Test Plan: noted how wildly fast the edit profile picture page loaded

Reviewers: chad, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6261

Differential Revision: https://secure.phabricator.com/D10724
2014-10-17 09:56:34 -07:00
epriestley
9352c76e81 Decouple some aspects of request routing and construction
Summary:
Ref T5702. This is a forward-looking change which provides some very broad API improvements but does not implement them. In particular:

  - Controllers no longer require `$request` to construct. This is mostly for T5702, directly, but simplifies things in general. Instead, we call `setRequest()` before using a controller. Only a small number of sites activate controllers, so this is less code overall, and more consistent with most constructors not having any parameters or effects.
  - `$request` now offers `getURIData($key, ...)`. This is an alternate way of accessing `$data` which is currently only available on `willProcessRequest(array $data)`. Almost all controllers which implement this method do so in order to read one or two things out of the URI data. Instead, let them just read this data directly when processing the request.
  - Introduce `handleRequest(AphrontRequest $request)` and deprecate (very softly) `processRequest()`. The majority of `processRequest()` calls begin `$request = $this->getRequest()`, which is avoided with the more practical signature.
  - Provide `getViewer()` on `$request`, and a convenience `getViewer()` on `$controller`. This fixes `$viewer = $request->getUser();` into `$viewer = $request->getViewer();`, and converts the `$request + $viewer` two-liner into a single `$this->getViewer()`.

Test Plan:
  - Browsed around in general.
  - Hit special controllers (redirect, 404).
  - Hit AuditList controller (uses new style).

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5702

Differential Revision: https://secure.phabricator.com/D10698
2014-10-17 05:01:40 -07:00
Joshua Spence
3cf9a5820f Minor formatting changes
Summary: Apply some autofix linter rules.

Test Plan: `arc lint` and `arc unit`

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin, hach-que

Differential Revision: https://secure.phabricator.com/D10585
2014-10-08 08:39:49 +11:00
epriestley
8fa8415c07 Automatically build all Lisk schemata
Summary:
Ref T1191. Now that the whole database is covered, we don't need to do as much work to build expected schemata. Doing them database-by-database was helpful in converting, but is just reudndant work now.

Instead of requiring every application to build its Lisk objects, just build all Lisk objects.

I removed `harbormaster.lisk_counter` because it is unused.

It would be nice to autogenerate edge schemata, too, but that's a little trickier.

Test Plan: Database setup issues are all green.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley, hach-que

Maniphest Tasks: T1191

Differential Revision: https://secure.phabricator.com/D10620
2014-10-02 09:51:20 -07:00
epriestley
4fcc634a99 Fix almost all remaining schemata issues
Summary:
Ref T1191. This fixes nearly every remaining blocker for utf8mb4 -- primarily, overlong keys.

Remaining issue is https://secure.phabricator.com/T1191#77467

Test Plan: I'll annotate inline.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley, hach-que

Maniphest Tasks: T6099, T6129, T6133, T6134, T6150, T6148, T6147, T6146, T6105, T1191

Differential Revision: https://secure.phabricator.com/D10601
2014-10-01 08:18:36 -07:00
epriestley
098d0d93d6 Generate expected schemata for User/People tables
Summary:
Ref T1191. Some notes here:

  - Drops the old LDAP and OAuth info tables. These were migrated to the ExternalAccount table a very long time ago.
  - Separates surplus/missing keys from other types of surplus/missing things. In the long run, my plan is to have only two notice levels:
    - Error: something we can't fix (missing database, table, or column; overlong key).
    - Warning: something we can fix (surplus anything, missing key, bad column type, bad key columns, bad uniqueness, bad collation or charset).
    - For now, retaining three levels is helpful in generating all the expected scheamta.

Test Plan:
  - Saw ~200 issues resolve, leaving ~1,300.
  - Grepped for removed tables.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T1191

Differential Revision: https://secure.phabricator.com/D10580
2014-10-01 07:36:47 -07:00
Chad Little
5f04bb6dd9 Check calendar is installed on profile
Summary: Fixes T6199, checks if Calendar is installed and displays if so.

Test Plan: Turned Calendar on and off, tested both layouts.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T6199

Differential Revision: https://secure.phabricator.com/D10574
2014-09-26 09:28:37 -07:00
Joshua Spence
0151c38b10 Apply some autofix linter rules
Summary: Self-explanatory.

Test Plan: Eyeball it.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D10454
2014-09-10 06:55:05 +10:00
epriestley
3af442e4ac Don't require an actor in PhabricatorFile::attachToObject()
Summary:
Ref T6013. A very long time ago, edges were less clearly low-level infrastructure, and some user-aware stuff got built around edge edits.

This was kind of a mess and I eventually removed it, during or prior to T5245. The big issue was that control flow was really hard to figure out as things went all the way down to the deepest level of infrastructure and then came back up the stack to events and transactions. The new stuff is more top-down and generally seems a lot easier and cleaner.

Consequently, actors are no longer required for edge edits. Remove the parameter.

Test Plan: Poked around; ran unit tests.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley, hach-que

Maniphest Tasks: T6013

Differential Revision: https://secure.phabricator.com/D10412
2014-09-04 12:51:33 -07:00
Bob Trahan
b93bc7e479 phutil_utf8_shorten => PhutilUTF8StringTruncator
Summary: Ref T3307. Only one I thought was tricky was Excel; I went with bytes there like it was email.

Test Plan: played around on a few endpoints but mostly thought carefully

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T3307

Differential Revision: https://secure.phabricator.com/D10392
2014-08-29 15:15:13 -07:00
epriestley
bcdadf5947 Add autocomplete=off to all non-login password forms
Summary: Fixes T5579. Modern browsers aggressively autofill credentials, but at least Firefox still behaves slightly better with this flag. Hopefully other browsers will follow suit.

Test Plan: Browsed various interfaces, verifying that login interfaces allow autocomplete while non-login interfaces do not.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5579

Differential Revision: https://secure.phabricator.com/D10253
2014-08-13 10:06:48 -07:00
epriestley
f6f9d78f3a Modularize mail tags
Summary:
Ref T5861. Currently, mail tags are hard-coded; move them into applications. Each Editor defines its own tags.

This has zero impact on the UI or behavior.

Test Plan:
  - Checked/unchecked some options, saved form.
  - Swapped back to `master` and saw exactly the same values.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5861

Differential Revision: https://secure.phabricator.com/D10238
2014-08-12 12:28:41 -07:00
epriestley
d011f8fdc6 Add a setting to disable all notification email
Summary: Ref T5861. Adds an option to opt out of all notification email. We'll still send you password resets, email verifications, etc.

Test Plan:
{F189484}

  - Added unit tests.
  - With preference set to different things, tried to send myself mail. Mail respected preferences.
  - Sent password reset email, which got through the preference.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: rush898, epriestley

Maniphest Tasks: T5861

Differential Revision: https://secure.phabricator.com/D10237
2014-08-12 12:28:29 -07:00
Mukunda Modell
12aaa942ac Add a CanCDN flag to uploaded files
Summary:
CanCDN flag indicates that a file can be served + cached
via anonymous content distribution networks.

Once D10054 lands, any files that lack the CanCDN flag
will require a one-time-use token and headers will
prohibit cache to protect sensitive files from
unauthorized access.

This diff separates the CanCDN changes from the code that
enforces these restrictions in D10054 so that the changes
can be tested and refined independently.

Test Plan: Work in progress

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: rush898, qgil, epriestley, aklapper, Korvin

Maniphest Tasks: T5685

Differential Revision: https://secure.phabricator.com/D10166
2014-08-07 18:56:20 -07:00
Joshua Spence
8fd098329b Rename AphrontQueryException subclasses
Summary: Ref T5655. Depends on D10149.

Test Plan: Ran `arc unit`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin, hach-que

Maniphest Tasks: T5655

Differential Revision: https://secure.phabricator.com/D10150
2014-08-06 07:51:21 +10:00
epriestley
42cf7f6faa Make the current session key a component of the CSRF token
Summary: Fixes T5510. This purely reduces false positives from HackerOne: we currently rotate CSRF tokens, but do not bind them explicitly to specific sessions. Doing so has no real security benefit and may make some session rotation changes more difficult down the line, but researchers routinely report it. Just conform to expectations since the expected behavior isn't bad and this is less work for us than dealing with false positives.

Test Plan:
  - With two browsers logged in under the same user, verified I was issued different CSRF tokens.
  - Verified the token from one browser did not work in the other browser's session.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5510

Differential Revision: https://secure.phabricator.com/D10136
2014-08-04 12:04:47 -07:00
epriestley
e56dc8f299 Invalidate outstanding password reset links when users adjust email addresses
Summary:
Fixes T5506. Depends on D10133. When users remove an email address or change their primary email address, invalidate any outstanding password reset links.

This is a very small security risk, but the current behavior is somewhat surprising, and an attacker could sit on a reset link for up to 24 hours and then use it to re-compromise an account.

Test Plan:
  - Changed primary address and removed addreses.
  - Verified these actions invalidated outstanding one-time login temporary tokens.
  - Tried to use revoked reset links.
  - Revoked normally from new UI panel.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5506

Differential Revision: https://secure.phabricator.com/D10134
2014-08-04 12:04:23 -07:00
Joshua Spence
f055736eca Rename PhutilRemarkupRule subclasses
Summary: Ref T5655. Depends on D9993.

Test Plan: See D9993.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5655

Differential Revision: https://secure.phabricator.com/D9994
2014-08-05 00:55:43 +10:00
Joshua Spence
023dee0d3b Rename Conduit classes
Summary: Ref T5655. Rename Conduit classes and provide a `getAPIMethodName` method to declare the API method.

Test Plan:
```
> echo '{}' | arc --conduit-uri='http://phabricator.joshuaspence.com' call-conduit user.whoami
Waiting for JSON parameters on stdin...
{"error":null,"errorMessage":null,"response":{"phid":"PHID-USER-lioqffnwn6y475mu5ndb","userName":"josh","realName":"Joshua Spence","image":"http:\/\/phabricator.joshuaspence.com\/res\/1404425321T\/phabricator\/3eb28cd9\/rsrc\/image\/avatar.png","uri":"http:\/\/phabricator.joshuaspence.com\/p\/josh\/","roles":["admin","verified","approved","activated"]}}
```

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin, hach-que

Maniphest Tasks: T5655

Differential Revision: https://secure.phabricator.com/D9991
2014-07-25 10:54:15 +10:00
Joshua Spence
b4d7a9de39 Simplify the implementation of PhabricatorPolicyCapability subclasses
Summary: Instead of implementing the `getCapabilityKey` method in all subclasses of `PhabricatorPolicyCapability`, provide a `final` implementation in the base class which uses reflection. See D9837 and D9985 for similar implementations.

Test Plan: N/A

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin, hach-que

Differential Revision: https://secure.phabricator.com/D10039
2014-07-25 08:25:42 +10:00
Joshua Spence
c34de83619 Rename policy capabilities
Summary: Ref T5655. Rename `PhabricatorPolicyCapability` subclasses for consistency.

Test Plan: Browsed a few applications, nothing seemed broken.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin, hach-que

Maniphest Tasks: T5655

Differential Revision: https://secure.phabricator.com/D10037
2014-07-25 08:20:39 +10:00
Joshua Spence
97a8700e45 Rename PHIDType classes
Summary: Ref T5655. Rename `PhabricatorPHIDType` subclasses for clarity (see discussion in D9839). I'm not too keen on some of the resulting class names, so feel free to suggest alternatives.

Test Plan: Ran unit tests.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin, hach-que

Maniphest Tasks: T5655

Differential Revision: https://secure.phabricator.com/D9986
2014-07-24 08:05:46 +10:00
Joshua Spence
0c8f487b0f Implement the getName method in PhabricatorApplication subclasses
Summary: Provide an implementation for the `getName` method rather than automagically determining the application name.

Test Plan: Saw reasonable application names in the launcher.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D10027
2014-07-23 23:52:50 +10:00
Joshua Spence
86c399b657 Rename PhabricatorApplication subclasses
Summary: Ref T5655. Some discussion in D9839. Generally speaking, `Phabricator{$name}Application` is clearer than `PhabricatorApplication{$name}`.

Test Plan:
# Pinned and uninstalled some applications.
# Applied patch and performed migrations.
# Verified that the pinned applications were still pinned and that the uninstalled applications were still uninstalled.
# Performed a sanity check on the database contents.

Reviewers: btrahan, epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: hach-que, epriestley, Korvin

Maniphest Tasks: T5655

Differential Revision: https://secure.phabricator.com/D9982
2014-07-23 10:03:09 +10:00
Joshua Spence
f4b05312cd Fix broken references to auth adapters
This was broken in D9999 but somehow didn't fail linting or unit tests.

Auditors: epriestley
2014-07-22 21:20:45 +10:00
Joshua Spence
254542237a Simplify the implementation of PhabricatorPHIDType subclasses
Summary: Instead of implementing the `getTypeConstant` method in all subclasses of `PhabricatorPHIDType`, provide a `final` implementation in the base class which uses reflection. See D9837 for a similar implementation.

Test Plan: Ran `arc unit`.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin, hach-que

Differential Revision: https://secure.phabricator.com/D9985
2014-07-22 00:38:23 +10:00
Joshua Spence
76ed7d1a02 Rename PhabricatorDestructableInterface interface
Summary: Ref T5655. The `PhabricatorDestructibleInterface` interface is misspelled as `PhabricatorDestructableInterface`. Fix the spelling mistake.

Test Plan: `grep`. Seeing as this interface is fairly recent, I don't expect that this would cause any widespread breakages.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Maniphest Tasks: T5655

Differential Revision: https://secure.phabricator.com/D9988
2014-07-21 23:59:22 +10:00
epriestley
a115810912 Give projects a proper on-demand datasource
Summary:
Fixes T5614. Ref T4420. Other than the "users" datasource and a couple of others, many datasources ignore what the user typed and just return all results, then rely on the client to filter them.

This works fine for rarely used ("legalpad documents") or always small ("task priorities", "applications") datasets, but is something we should graudally move away from as datasets get larger.

Add a token table to projects, populate it, and use it to drive the datasource query. Additionally, expose it on the applicationsearch UI.

Test Plan:
  - Ran migration.
  - Manually checked the table.
  - Searched for projects by name from ApplicationSearch.
  - Searched for projects by name from typeahead.
  - Manually checked the typeahead response.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5614, T4420

Differential Revision: https://secure.phabricator.com/D9896
2014-07-17 16:35:54 -07:00
epriestley
c52b3c28e1 Remove partial objects from Lisk
Summary:
Ref T4420. This was a performance hack introduced long ago to make typeaheads for users a little cheaper. The idea was that you could load some of an object's columns and skip other ones.

We now always load users on demand, so the cost of loading the whole objects is very small. No other use cases ever arose for this, and it seems unlikely that they will in the future. Remove it all.

Test Plan:
- Grepped for `CONFIG_PARTIAL_OBJECTS`.
- Grepped for `dirtyFields`.
- Grepped for `missingFields`.
- Grepped for `resetDirtyFields`.
- Grepped for `loadColumns`.
- Grepped for `loadColumnsWhere`.
- Grepped for `loadRawDataWhere`.
- Loaded and saved some lisk objects.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4420

Differential Revision: https://secure.phabricator.com/D9895
2014-07-17 15:49:21 -07:00
epriestley
b8d604acaf Make typeahead datasources default to PHID type icons
Summary:
Ref T4420. If a datasource does not specify an icon explicitly, check if the PHID type has a default, and use that.

This leaves us with only Projects and some special stuff setting explicit icons, and reduces code duplication.

Test Plan: Used typeahead to find all affected object types.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4420

Differential Revision: https://secure.phabricator.com/D9894
2014-07-17 15:49:11 -07:00
epriestley
0a3a3eae00 Modernize global search typeahead datasource
Summary: Ref T4420. Bring the global search up to date.

Test Plan: Typed various things into global search.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4420

Differential Revision: https://secure.phabricator.com/D9889
2014-07-17 15:48:36 -07:00
epriestley
dcc6997793 Modernize "users" typeahead datasource
Summary: Ref T4420. Modernize users.

Test Plan:
- Edited "Commit Authors" on Audit search.
- Edited "Created By" on calendar search.
- Edited "invited" on calendar search.
- Edited "To" on "New conpherence message".
- Edited user on "Add user to conpherence thread".
- Edited "Authors" on countdown search.
- Edited "Author" on differential search.
- Edited "Responsible users" on differential search.
- Edited "Owner" on Diffusion lint search.
- Edited "include users" on Feed search.
- Edited "Authors" on file search.
- Edited "Authors" on Herald rule search.
- Edited a couple of user-selecting Herald fields on rules.
- Edited "user" on legalpad signature exemption.
- Edited "creator" on legalpad search.
- Edited "contributors" on legalpad search.
- Edited "signers" on legalpad signature search.
- Edited "Authors" on macro search.
- Edited "Reassign/claim" on task detail.
- Edited "assigned to" on task edit.
- Edited "assigned to", "users projects", "authors" on task search.
- Edited "creators" on oauthserver.
- Edited "authors" on paste search.
- Edited "actors" and "users" on activity log search.
- Edited "authors" on pholio search.
- Edited "users" on phrequent search.
- Edited "authors", "answered by" on Ponder search.
- Edited "add members" on project membership editor.
- Edited "members" on project search.
- Edited "pushers" on releeph product edit.
- Edited "requestors" on releeph request search.
- Edited "pushers" on diffusion push log.
- Edited "authors", "owners", "subscribers" on global search.
- Edited "authors" on slowvote search.
- Edited users in custom policy.
- Grepped for "common/authors", no hits.
- Grepped for "common/users", no (relevant) hits.
- Grepped for "common/accounts", no (relevant) hits.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4420

Differential Revision: https://secure.phabricator.com/D9885
2014-07-17 15:44:18 -07:00
James Rhodes
9cb6b2cfcc Remove user-independent date and time functions from Phabricator
Summary: These have been moved into libphutil.

Test Plan: Browsed Phabricator, didn't see a crash.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9907
2014-07-13 12:03:17 +10:00
epriestley
e46826ad36 Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.

External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.

Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.

However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).

Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:

  - Add `CAN_EDIT` on these objects.
  - Make that very restricted, but open up `CAN_VIEW`.
  - Require `CAN_EDIT` any time we're going to do something authentication/identity related.

This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.

I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.

Test Plan:
  - Viewed external accounts.
  - Linked an external account.
  - Refreshed an external account.
  - Edited profile picture.
  - Viewed sessions panel.
  - Published a bunch of stuff to Asana/JIRA.
  - Legalpad signature page now shows external accounts.

{F171595}

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3732, T1205, T3116

Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 10:18:10 -07:00
Joshua Spence
8756d82cf6 Remove @group annotations
Summary: I'm pretty sure that `@group` annotations are useless now... see D9855. Also fixed various other minor issues.

Test Plan: Eye-ball it.

Reviewers: #blessed_reviewers, epriestley, chad

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin, hach-que

Differential Revision: https://secure.phabricator.com/D9859
2014-07-10 08:12:48 +10:00
epriestley
46d9bebc84 Remove all device = true from page construction
Summary: Fixes T5446. Depends on D9687.

Test Plan: Mostly regexp'd this. Lint doesn't complain.

Reviewers: chad

Reviewed By: chad

Subscribers: epriestley, hach-que

Maniphest Tasks: T5446

Differential Revision: https://secure.phabricator.com/D9690
2014-06-23 15:18:14 -07:00
Gareth Evans
78635a15c1 Only show profile status when calendar app installed
Summary:
If the calendar app is not installed we don't show the status.
Origianlly the idea was to only show the status if the viewer had access to
the app, but for display purposes this seems fine.

Fixes T5087

Test Plan: View with and without calendar installed

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Maniphest Tasks: T5087

Differential Revision: https://secure.phabricator.com/D9582
2014-06-16 14:18:51 -07:00
Gareth Evans
824b8108da Check for calendar before settings status
Summary:
We should not show the status line in the people hover card
if the calendar app has been uninstalled or is not available for the
current user.

Test Plan:
View hover card with calendar installed and uninstalled.
Make sure I see the status at the correct time.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, chad, Korvin

Maniphest Tasks: T5370

Differential Revision: https://secure.phabricator.com/D9577
2014-06-16 12:18:25 -07:00
epriestley
b8bc0aa2b0 Allow users to select QueryPanel search engines from a list
Summary: Ref T4986. Instead of requiring users to know the name of an application search engine class, let them select from a list.

Test Plan:
Created a new panel.

{F165468}

Reviewers: chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T4986

Differential Revision: https://secure.phabricator.com/D9500
2014-06-12 13:22:20 -07:00
epriestley
2834130792 Make named lookup of users case insensitive
Summary: Fixes T5302. Allow the name `@aLiNCoLN` to identify user `@alincoln`.

Test Plan: Queried users with mixed case names.

Reviewers: btrahan, spicyj, chad

Reviewed By: spicyj

Subscribers: epriestley

Maniphest Tasks: T5302

Differential Revision: https://secure.phabricator.com/D9451
2014-06-10 12:17:23 -07:00
Joshua Spence
0a62f13464 Change double quotes to single quotes.
Summary: Ran `arc lint --apply-patches --everything` over rP, mainly to change double quotes to single quotes where appropriate. These changes also validate that the `ArcanistXHPASTLinter::LINT_DOUBLE_QUOTE` rule is working as expected.

Test Plan: Eyeballed it.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin, hach-que

Differential Revision: https://secure.phabricator.com/D9431
2014-06-09 11:36:50 -07:00
epriestley
99c72a32d0 Allow installs to require multi-factor authentication for all users
Summary: Ref T5089. Adds a `security.require-multi-factor-auth` which forces all users to enroll in MFA before they can use their accounts.

Test Plan:
Config:

{F159750}

Roadblock:

{F159748}

After configuration:

{F159749}

  - Required MFA, got roadblocked, added MFA, got unblocked.
  - Removed MFA, got blocked again.
  - Used `bin/auth strip` to strip MFA, got blocked.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5089

Differential Revision: https://secure.phabricator.com/D9285
2014-06-03 16:50:27 -07:00
epriestley
83112cc2e8 Move email verification into PhabricatorUserEditor
Summary: Both email verify and welcome links now verify email, centralize them and record them in the user activity log.

Test Plan:
  - Followed a "verify email" link and got verified.
  - Followed a "welcome" (verifying) link.
  - Followed a "reset" (non-verifying) link.
  - Looked in the activity log for the verifications.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D9284
2014-06-03 16:45:18 -07:00
epriestley
6df1a02413 (Redesign) Clean up older "Tile" code
Summary:
This does some backend cleanup of the tile stuff, and some general cleanup of other application things:

  - Users who haven't customized preferences get a small, specific set of pinned applications: Differential, Maniphest, Diffusion, Audit, Phriction, Projects (and, for administrators, Auth, Config and People).
  - Old tile size methods are replaced with `isPinnnedByDefault()`.
  - Shortened some short descriptions.
  - `shouldAppearInLaunchView()` replaced by less ambiguous `isLaunchable()`.
  - Added a marker for third-party / extension applications.

Test Plan: Faked away my preferences and viewed the home page, saw a smaller set of default pins.

Reviewers: chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D9358
2014-06-03 15:47:27 -07:00
epriestley
23a238b045 Remove "organization", "communication" and "miscellaneous" app groups
Summary:
Merge "Organization" and "Communication" into "Core". The split between these three was always tenuous, and this is easier to use and nicer looking on the new launcher.

Merge "Miscellaneous" into "Utilities" since they're basically the same thing.

Test Plan: Looked at app launcher.

Reviewers: chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D9334
2014-05-29 15:25:26 -07:00
epriestley
81d95cf682 Make default view of "Applications" app a full-page launcher
Summary:
This probably needs some tweaks, but the idea is to make it easier to browse and access applications without necessarily needing them to be on the homepage.

Open to feedback.

Test Plan:
(This screenshot merges "Organization", "Communication" and "Core" into a single "Core" group. We can't actually do this yet because it wrecks the homepage.)

{F160052}

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T5176

Differential Revision: https://secure.phabricator.com/D9297
2014-05-29 12:17:54 -07:00
epriestley
a76f61f7e1 Make auth.email-domains case-insensitive
Summary:
Fixes T5143. Currently, if your allowed domain is "example.com", we reject signups from "@Example.com".

Instead, lowercase both parts before performing the check.

Test Plan:
  - Before patch:
    - Set allowed domains to "yghe.net".
    - Tried "x@yghe.net", no error.
    - Tried "x@xxxy.net", error.
    - Tried "x@yghE.net", incorrectly results in an error.
  - After patch:
    - Set allowed domains to "yghe.net".
    - Tried "x@yghe.net", no error.
    - Tried "x@xxxy.net", error.
    - Tried "x@yghE.net", this correctly no longer produces an error.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5143

Differential Revision: https://secure.phabricator.com/D9261
2014-05-22 14:51:00 -07:00
Chad Little
c88385fa22 Tweak mobile action css, add to people
Summary: Makes the mobile action menu a little nicer, adds it to /people/

Test Plan: Test myself on my install, mobile and desktop.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9259
2014-05-22 12:04:11 -07:00
epriestley
f1534e6feb Make password reset emails use one-time tokens
Summary:
Ref T4398. This code hadn't been touched in a while and had a few crufty bits.

**One Time Resets**: Currently, password reset (and similar links) are valid for about 48 hours, but we always use one token to generate them (it's bound to the account). This isn't horrible, but it could be better, and it produces a lot of false positives on HackerOne.

Instead, use TemporaryTokens to make each link one-time only and good for no more than 24 hours.

**Coupling of Email Verification and One-Time Login**: Currently, one-time login links ("password reset links") are tightly bound to an email address, and using a link verifies that email address.

This is convenient for "Welcome" emails, so the user doesn't need to go through two rounds of checking email in order to login, then very their email, then actually get access to Phabricator.

However, for other types of these links (like those generated by `bin/auth recover`) there's no need to do any email verification.

Instead, make the email verification part optional, and use it on welcome links but not other types of links.

**Message Customization**: These links can come out of several workflows: welcome, password reset, username change, or `bin/auth recover`. Add a hint to the URI so the text on the page can be customized a bit to help users through the workflow.

**Reset Emails Going to Main Account Email**: Previously, we would send password reset email to the user's primary account email. However, since we verify email coming from reset links this isn't correct and could allow a user to verify an email without actually controlling it.

Since the user needs a real account in the first place this does not seem useful on its own, but might be a component in some other attack. The user might also no longer have access to their primary account, in which case this wouldn't be wrong, but would not be very useful.

Mitigate this in two ways:

  - First, send to the actual email address the user entered, not the primary account email address.
  - Second, don't let these links verify emails: they're just login links. This primarily makes it more difficult for an attacker to add someone else's email to their account, send them a reset link, get them to login and implicitly verify the email by not reading very carefully, and then figure out something interesting to do (there's currently no followup attack here, but allowing this does seem undesirable).

**Password Reset Without Old Password**: After a user logs in via email, we send them to the password settings panel (if passwords are enabled) with a code that lets them set a new password without knowing the old one.

Previously, this code was static and based on the email address. Instead, issue a one-time code.

**Jump Into Hisec**: Normally, when a user who has multi-factor auth on their account logs in, we prompt them for factors but don't put them in high security. You usually don't want to go do high-security stuff immediately after login, and it would be confusing and annoying if normal logins gave you a "YOU ARE IN HIGH SECURITY" alert bubble.

However, if we're taking you to the password reset screen, we //do// want to put the user in high security, since that screen requires high security. If we don't do this, the user gets two factor prompts in a row.

To accomplish this, we set a cookie when we know we're sending the user into a high security workflow. This cookie makes login finalization upgrade all the way from "partial" to "high security", instead of stopping halfway at "normal". This is safe because the user has just passed a factor check; the only reason we don't normally do this is to reduce annoyance.

**Some UI Cleanup**: Some of this was using really old UI. Modernize it a bit.

Test Plan:
  - **One Time Resets**
    - Used a reset link.
    - Tried to reuse a reset link, got denied.
    - Verified each link is different.
  - **Coupling of Email Verification and One-Time Login**
    - Verified that `bin/auth`, password reset, and username change links do not have an email verifying URI component.
    - Tried to tack one on, got denied.
    - Used the welcome email link to login + verify.
    - Tried to mutate the URI to not verify, or verify something else: got denied.
  - **Message Customization**
    - Viewed messages on the different workflows. They seemed OK.
  - **Reset Emails Going to Main Account Email**
    - Sent password reset email to non-primary email.
    - Received email at specified address.
    - Verified it does not verify the address.
  - **Password Reset Without Old Password**
    - Reset password without knowledge of old one after email reset.
    - Tried to do that without a key, got denied.
    - Tried to reuse a key, got denied.
  - **Jump Into Hisec**
    - Logged in with MFA user, got factor'd, jumped directly into hisec.
    - Logged in with non-MFA user, no factors, normal password reset.
  - **Some UI Cleanup**
    - Viewed new UI.
  - **Misc**
    - Created accounts, logged in with welcome link, got verified.
    - Changed a username, used link to log back in.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D9252
2014-05-22 10:41:00 -07:00
epriestley
bed9ce2d18 Make PeopleQuery throw, not select everything, when handed empty array
Summary: Make `->withPHIDs(array())` throw on this query instead of selecting everything.

Test Plan: Poked around.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D9210
2014-05-20 08:26:55 -07:00
Chad Little
3a81f8c68d Convert rest of SPRITE_STATUS to FontAwesome
Summary:
Updates policy, headers, typeaheads to FA over policy icons

Need advice - can't seem to place where icons come from on Typeahead? Wrong icons and wrong colors.... it is late

Test Plan:
- grepped for SPRITE_STATUS
- grepped for sprite-status
- grepped for setStatus for headers
- grepped individual icons names

Browsed numerous places, checked new dropdowns, see pudgy people.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4739

Differential Revision: https://secure.phabricator.com/D9179
2014-05-18 16:10:54 -07:00
epriestley
5b3ccfd95f Move people list rendering into SearchEngine
Summary:
Ref T4986. One note:

  - We have a separate "browse directory" capability, to provide some soft privacy for users of public installs. Respect that policy within the SearchEngine.
  - Also restore some other icons I missed earlier.

Test Plan:
  - Viewed people list.
  - Build people panel.
  - Verified people panel was just me without browse capability.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4986

Differential Revision: https://secure.phabricator.com/D9137
2014-05-15 19:17:09 -07:00
epriestley
e6f6a58f93 Move activity log rendering to a dashboard panel
Summary:
Ref T4986. Swap this in. Two minor notes:

  - I adjusted the SearchEngine to add an additional constraint when the viewer isn't an admin. This mostly stops us from doing a bunch of unnecessary work.
  - I fixed the settings panel to paginate (currently loads all results, slow in production).

Test Plan: Viewed logs; viewed settings panel; created a dashboard panel.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4986

Differential Revision: https://secure.phabricator.com/D9136
2014-05-15 19:17:02 -07:00
epriestley
7f22958a82 Use font icons on user approval queue
Summary: Fixes T5066.

Test Plan: {F155058}

Reviewers: chad, btrahan, shadowhand

Reviewed By: shadowhand

Subscribers: shadowhand, epriestley

Maniphest Tasks: T5066

Differential Revision: https://secure.phabricator.com/D9133
2014-05-15 06:51:01 -07:00
epriestley
15561a27c3 When a conduit method requires a string constant, call it "string-const" not "enum"
Summary: Ref T5058. The use of "enum" is confusing; we mean "choose one of these specific string constants". Make this more clear.

Test Plan: Viewed each call from the web UI.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5058

Differential Revision: https://secure.phabricator.com/D9127
2014-05-14 21:59:03 -07:00
Chad Little
315ac6aab7 Remove white app icons
Summary: Remove white app icons, no longer in use as far as grep/memory serve. These were for list hover states.

Test Plan: Rebuild sprites, celerity. Grep for appIcon use (only feed). Verify all action lists are driven by FontAwesome.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin, hach-que

Differential Revision: https://secure.phabricator.com/D9078
2014-05-12 13:34:00 -07:00
Chad Little
b2f3001ec4 Replace Sprite-Icons with FontAwesome
Summary: The removes the sprite sheet 'icons' and replaces it with FontAwesome fonts.

Test Plan:
- Grep for SPRITE_ICONS and replace
- Grep for sprite-icons and replace
- Grep for PhabricatorActionList and choose all new icons
- Grep for Crumbs and fix icons
- Test/Replace PHUIList Icon support
- Test/Replace ObjectList Icon support (foot, epoch, etc)
- Browse as many pages as I could get to
- Remove sprite-icons and move remarkup to own sheet
- Review this diff in Differential

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin, hach-que

Differential Revision: https://secure.phabricator.com/D9052
2014-05-12 10:08:32 -07:00
lkassianik
dfcccd4cb8 Add config to require real name, respect config when creating new users, drop real name from full name if not provided.
Summary: Fixes T4728, first pass, Make real name optional on user accounts

Test Plan: Default real name config should be false (not required). Create new user, real name should not be required. Toggle config, real name should be required. Users with no real name should be always listed by their usernames.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4728

Differential Revision: https://secure.phabricator.com/D9027
2014-05-12 09:51:41 -07:00
epriestley
1644ef185e Fix system agent toggling in MySQL strict mode
Summary: `''` is not a valid integer.

Test Plan: Used `bin/accountadmin` to turn bot flag on and off for a user.

Reviewers: btrahan, Firehed

Reviewed By: Firehed

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D9046
2014-05-10 16:58:07 -07:00
epriestley
2022a70e16 Implement bin/remove, for structured destruction of objects
Summary:
Ref T4749. Ref T3265. Ref T4909. Several goals here:

  - Move user destruction to the CLI to limit the power of rogue admins.
  - Start consolidating all "destroy named object" scripts into a single UI, to make it easier to know how to destroy things.
  - Structure object destruction so we can do a better and more automatic job of cleaning up transactions, edges, search indexes, etc.
  - Log when we destroy objects so there's a record if data goes missing.

Test Plan: Used `bin/remove destroy` to destroy several users.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3265, T4749, T4909

Differential Revision: https://secure.phabricator.com/D8940
2014-05-01 18:23:31 -07:00
epriestley
50376aad04 Require multiple auth factors to establish web sessions
Summary:
Ref T4398. This prompts users for multi-factor auth on login.

Roughly, this introduces the idea of "partial" sessions, which we haven't finished constructing yet. In practice, this means the session has made it through primary auth but not through multi-factor auth. Add a workflow for bringing a partial session up to a full one.

Test Plan:
  - Used Conduit.
  - Logged in as multi-factor user.
  - Logged in as no-factor user.
  - Tried to do non-login-things with a partial session.
  - Reviewed account activity logs.

{F149295}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8922
2014-05-01 10:23:02 -07:00
epriestley
e8cebb7da5 Add support for aural-only and visual-only elements
Summary:
Ref T4843. This adds support to `javelin_tag()` for an `aural` attribute. When specified, `true` values mean "this content is aural-only", while `false` values mean "this content is not aural".

  - I've attempted to find the best modern approaches for marking this content, but the `aural` attribute should let us change the mechanism later.
  - Make the "beta" markers on application navigation visual only (see T4843). This information is of very low importance, the application navigation is accessed frequently, and the information is available on the application list.
  - Partially convert the main navigation. This is mostly to test things, since I want to get more concrete feedback about approaches here.
  - Add a `?__aural__=1` attribute, which renders the page with aural-only elements visible and visual-only elements colored.

Test Plan: {F146476}

Reviewers: btrahan, scp, chad

Reviewed By: chad

Subscribers: aklapper, qgil, epriestley

Maniphest Tasks: T4843

Differential Revision: https://secure.phabricator.com/D8830
2014-05-01 07:18:18 -07:00
epriestley
3fde020049 Make many actions require high security
Summary:
Ref T4398. Protects these actions behind a security barrier:

  - Link external account.
  - Retrieve Conduit token.
  - Reveal Passphrase credential.
  - Create user.
  - Admin/de-admin user.
  - Rename user.
  - Show conduit certificate.
  - Make primary email.
  - Change password.
  - Change VCS password.
  - Add SSH key.
  - Generate SSH key.

Test Plan: Tried to take each action and was prompted for two-factor.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8921
2014-04-30 17:44:59 -07:00
epriestley
8fe27800fc Don't show document types in search for uninstalled applications
Summary:
Fixes T4917. Currently, if a user doesn't have access to, e.g., Phriction, they still get a checkbox in the search results to search for Wiki Documents. Those results will be filtered anyway, so this is confusing at best.

Instead, bind PHID types to applications. This is a relatively tailored fix; some areas for potential future work:

  - Go through every PHID type and bind them all to applications. Vaguely nice to have, but doesn't get us anything for now.
  - If no searchable application is installed, we don't show you an error state. This isn't currently possible ("People" is always installed) but in the interest of generality we could throw an exception or something at least.
  - The elasticserach thing could probably constrain types to visible types, but we don't have a viewer there easily right now.

Test Plan: Uninstalled Phriction, saw the checkbox vanish.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4917

Differential Revision: https://secure.phabricator.com/D8904
2014-04-29 15:01:50 -07:00
epriestley
a017a8e02b Make two-factor auth actually work
Summary:
Ref T4398. Allows auth factors to render and validate when prompted to take a hi-sec action.

This has a whole lot of rough edges still (see D8875) but does fundamentally work correctly.

Test Plan:
  - Added two different TOTP factors to my account for EXTRA SECURITY.
  - Took hisec actions with no auth factors, and with attached auth factors.
  - Hit all the error/failure states of the hisec entry process.
  - Verified hisec failures appear in activity logs.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8886
2014-04-28 10:20:54 -07:00
epriestley
17709bc167 Add multi-factor auth and TOTP support
Summary:
Ref T4398. This is still pretty rough and isn't exposed in the UI yet, but basically works. Some missing features / areas for improvement:

  - Rate limiting attempts (see TODO).
  - Marking tokens used after they're used once (see TODO), maybe. I can't think of ways an attacker could capture a token without also capturing a session, offhand.
  - Actually turning this on (see TODO).
  - This workflow is pretty wordy. It would be nice to calm it down a bit.
  - But also add more help/context to help users figure out what's going on here, I think it's not very obvious if you don't already know what "TOTP" is.
  - Add admin tool to strip auth factors off an account ("Help, I lost my phone and can't log in!").
  - Add admin tool to show users who don't have multi-factor auth? (so you can pester them)
  - Generate QR codes to make the transfer process easier (they're fairly complicated).
  - Make the "entering hi-sec" workflow actually check for auth factors and use them correctly.
  - Turn this on so users can use it.
  - Adding SMS as an option would be nice eventually.
  - Adding "password" as an option, maybe? TOTP feels fairly good to me.

I'll post a couple of screens...

Test Plan:
  - Added TOTP token with Google Authenticator.
  - Added TOTP token with Authy.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8875
2014-04-28 09:27:11 -07:00
epriestley
3f5a55fa6e Let users review their own account activity logs
Summary:
Ref T4398. This adds a settings panel for account activity so users can review activity on their own account. Some goals are:

  - Make it easier for us to develop and support auth and credential information, see T4398. This is the primary driver.
  - Make it easier for users to understand and review auth and credential information (see T4842 for an example -- this isn't there yet, but builds toward it).
  - Improve user confidence in security by making logging more apparent and accessible.

Minor corresponding changes:

  - Entering and exiting hisec mode is now logged.
  - This, sessions, and OAuth authorizations have moved to a new "Sessions and Logs" area, since "Authentication" was getting huge.

Test Plan:
  - Viewed new panel.
  - Viewed old UI.
  - Entered/exited hisec and got prompted.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8871
2014-04-27 17:32:09 -07:00
epriestley
320be1a1b8 Modernize user activity logs (ApplicationSearch, policies)
Summary:
Ref T4398. Ref T4842. I want to let users review their own account activity, partly as a general security measure and partly to make some of the multi-factor stuff easier to build and debug.

To support this, implement modern policies and application search.

I also removed the "old" and "new" columns from this output, since they had limited utility and revealed email addresses to administrators for some actions. We don't let administrators access email addresses from other UIs, and the value of doing so here seems very small.

Test Plan: Used interface to issue a bunch of queries against user logs, got reasonable/expected results.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: keir, epriestley

Maniphest Tasks: T4842, T4398

Differential Revision: https://secure.phabricator.com/D8856
2014-04-27 17:31:35 -07:00
epriestley
f42ec84d0c Add "High Security" mode to support multi-factor auth
Summary:
Ref T4398. This is roughly a "sudo" mode, like GitHub has for accessing SSH keys, or Facebook has for managing credit cards. GitHub actually calls theirs "sudo" mode, but I think that's too technical for big parts of our audience. I've gone with "high security mode".

This doesn't actually get exposed in the UI yet (and we don't have any meaningful auth factors to prompt the user for) but the workflow works overall. I'll go through it in a comment, since I need to arrange some screenshots.

Test Plan: See guided walkthrough.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8851
2014-04-27 17:31:11 -07:00
epriestley
8fc5977b9a Fix quick create on mobile
Summary: Fixes T4903. At some point maybe-soonish we should maybe go make `"device" => true` the default, and put `"device" => "hella-busted"` on the remaining bad pages.

Test Plan: L@@K @ W/ iOS Simulator

Reviewers: chad

Reviewed By: chad

Subscribers: epriestley, k

Maniphest Tasks: T4903

Differential Revision: https://secure.phabricator.com/D8863
2014-04-26 12:31:55 -07:00
epriestley
3a881f5108 Put "Task" first on global search result type list
Summary: Fixes T4606. Also shortens two unusual type names which are currently inconsistent.

Test Plan: Expanded advanced search.

Reviewers: chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T4606

Differential Revision: https://secure.phabricator.com/D8853
2014-04-24 08:11:13 -07:00
epriestley
27d426e3fe Allow Conduit console to be browsed by logged-out users
Summary:
Ref T4830. A few methods, like `conduit.ping`, are callable without authentication, so this even has some use cases. Also:

  - Make some Differential stuff a little more consistent.
  - Use slightly more modern rendering.
  - Deprecate the status-oriented `user` calls; these will be replaced by Calendar methods.

Test Plan: Browsed console as logged out / logged in users.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4830

Differential Revision: https://secure.phabricator.com/D8826
2014-04-21 15:32:48 -07:00