1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-22 23:02:42 +01:00
Commit graph

594 commits

Author SHA1 Message Date
epriestley
301fed1b43 Revise administrative workflow for user creation
Summary:
- When an administrator creates a user, provide an option to send a welcome
email. Right now this workflow kind of dead-ends.
  - Prevent administrators from changing the "System Agent" flag. If they can
change it, they can grab another user's certificate and then act as them. This
is a vaguely weaker security policy than is exhibited elsewhere in the
application. Instead, make user accounts immutably normal users or system agents
at creation time.
  - Prevent administrators from changing email addresses after account creation.
Same deal as conduit certs. The 'bin/accountadmin' script can still do this if a
user has a real problem.
  - Prevent administrators from resetting passwords. There's no need for this
anymore with welcome emails plus email login and it raises the same issues.

Test Plan:
- Created a new account, selected "send welcome email", got a welcome email,
logged in with the link inside it.
  - Created a new system agent.
  - Reset an account's password.

Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: anjali, aran, epriestley
Differential Revision: 379
2011-05-31 13:06:32 -07:00
epriestley
729d2f9c93 Remove .sql3 hacks from Differential
Summary:
See T178. D372 is the correct fix for this problem, hardcoding .sql3 is not.

Test Plan:
This code should be unreachable after T178 since these files will always be
marked as binary.

Reviewed By: tuomaspelkonen
Reviewers: tuomaspelkonen
CC: elgenie, aran, tuomaspelkonen
Differential Revision: 373
2011-05-31 12:14:58 -07:00
epriestley
d96d515cc2 Add comment linking to Maniphest and Differential
Summary:
Allows you to link to comments with "D123#3" or "T123#3", then adds a pile of JS
to try to make it not terrible. :/

The thing I'm trying to avoid here is when someone says "look at this!
http://blog.com/#comment-239291" and you click and your browser jumps somewhere
random and you have no idea which comment they meant. Since I really hate this,
I've tried to avoid it by making sure the comment is always highlighted.

Test Plan:
Put T1#1 and D1#1 in remarkup and verified they linked properly.

Clicked anchors on individual comments.

Faked all comments hidden in Differential and verified they expanded on anchor
or anchor change.

Reviewed By: aran
Reviewers: aran, tomo, mroch, jungejason, tuomaspelkonen
CC: aran, epriestley
Differential Revision: 383
2011-05-31 11:11:19 -07:00
epriestley
ead9bbfeb1 Test for pcntl availability from the command line, not Apache
Summary:
In RHEL6 at the least, pcntl installs from distro package management to the CLI
but not to Apache. Since we don't need it in apache and it's a pain to build
manually, just verify it exists on the CLI.

Test Plan:
Simulated script failures and verified setup output.

Reviewed By: codeblock
Reviewers: codeblock, aran, jungejason, tuomaspelkonen
CC: aran, epriestley, kevinwallace, codeblock
Differential Revision: 380
2011-05-30 21:02:08 -07:00
jungejason
693977fb3b Set time zone for PhabricatorRepositoryCommitDiscoveryDaemon
Summary:
the daemon is generating a lot of warning about timezone not
being set. Add it.

Test Plan:
php -l. Launched the daemon and it didn't crash. It's
difficult to make it parse a commit on my sandbox though. I will see if
it fixes the problem once it is live.

Reviewed By: epriestley
Reviewers: epriestley, tuomaspelkonen
CC: aran, epriestley, jungejason
Differential Revision: 356
2011-05-30 15:38:43 -07:00
epriestley
8ae765f6d7 Enable SendGrid Parse API as an inbound email handler
Summary:
Sendmail is seriously difficult to configure; SendGrid is extremely easy. It's
also pretty expensive ($80/mo) but there are a bunch of startups that already
have plans so it's effectively free for them.

Test Plan:
Configured SendGrid and sent reply email through it.

Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: aran, epriestley
Differential Revision: 376
2011-05-30 12:28:33 -07:00
epriestley
d3fed84b9c Minor IRCBot fixes/upgrades
Summary:
Keep him from getting killed every 24 hours by the overseer, add basic commit
support.

Test Plan:
Ran irc bot, fed him a commit, fed him "http://blah/D1".

Reviewed By: aran
Reviewers: aran, jungejason, tuomaspelkonen, codeblock, mroch
CC: aran, epriestley
Differential Revision: 377
2011-05-30 12:24:39 -07:00
epriestley
0cdf4c2518 Properly parse email replies with varied 'To' address formats
Summary:
While my client and some others send email replies with an address like
##T1+x+y@example.com##, some other clients have sent either
##<T1+x+y@example.com>## or ##"T1+x+y@example.com" <T1+x+y@example.com>##.
Properly parse all the formats we've seen in the wild.

Test Plan:
Ran the regexp against all the formats observed in the wild (see
https://secure.phabricator.com/mail/received/) and verified it parses them
correctly.

Reviewed By: jungejason
Reviewers: tuomaspelkonen, jungejason, aran
CC: anjali, aran, jungejason
Differential Revision: 370
2011-05-30 00:38:01 -07:00
epriestley
0238f260df When an email reply to a task includes files, attach them to the task
Summary:
Allow files to be attached to a task by attaching them to an email reply to the
task.

Test Plan:
Applied this patch live since I haven't managed to get inbound email configured
locally, then attached files to a task via email.

Reviewed By: jungejason
Reviewers: tuomaspelkonen, jungejason, aran
CC: anjali, aran, jungejason
Differential Revision: 369
2011-05-30 00:37:24 -07:00
epriestley
77a86dfe61 Make the admin view look better, and fix a minor Chrome CSS glitch
Summary:
- Provide a red version of the logo for the admin view.
  - Make selected tabs in the admin view look correct.
  - Fix a Chrome styling issue where the username and "settings" would have
weird offsets.

Test Plan:
Loaded Phabricator in chrome and clicked around tabs of an admin interface.
Hovered over logo.

Reviewed By: jungejason
Reviewers: cadamo, jungejason, tuomaspelkonen, aran
CC: aran, epriestley, jungejason
Differential Revision: 371
2011-05-29 11:39:52 -07:00
epriestley
43775a11e0 Document remarkup and bring over the <tt> rule from Diviner. 2011-05-29 10:20:24 -07:00
epriestley
4ca2072773 Update celerity map. 2011-05-29 02:49:27 -07:00
epriestley
c7ff835073 Replace "Phabricator" menu text with phabricator logo
Summary:
I ran a 99designs contest and this gear-eye thing was actually pretty okay. All
this stuff needs tweaks but at least it won't render with a big square on
windows anymore.

Test Plan:
Looked at menu, it seemed slightly more legitimate and designey than before?

Reviewed By: jungejason
Reviewers: tuomaspelkonen, jungejason, aran
CC: aran, epriestley, jungejason
Differential Revision: 363
2011-05-29 02:48:14 -07:00
Evan Priestley
2ab6b41906 Merge pull request #8 from cadamo/master
Change the location of the Javelin source to facebook/javelin
2011-05-29 01:01:35 -07:00
Cristian Adamo
1720680b4b Just change the location. 2011-05-28 15:14:54 -07:00
epriestley
0492f3ba2e Use Javelin workflow on directory item deletion
Summary:
I think I wrote this before I laid in workflow, so they always redirect to
another page even if you have JS. Use workflow if it's available.

Test Plan:
Deleted a directory item and a directory category via dialog workflow instead of
full page reloads.

Reviewed By: jungejason
Reviewers: jungejason, tuomaspelkonen, aran
CC: moskov, aran, jungejason
Differential Revision: 359
2011-05-28 11:57:31 -07:00
epriestley
bc71888249 Mask typed passwords as they are entered into 'accountadmin'
Summary:
Currently, we echo the password as the user types it. This turns out to be a bit
of an issue in over-the-shoulder installs. Instead, disable tty echo while the
user is typing their password so nothing is shown (like how 'sudo' works).

Also show a better error message if the user chooses a duplicate email; without
testing for this we just throw a duplicate key exception when saving, which
isn't easy to understand. The other duplicate key exception is duplicate
username, which is impossible (the script updates rather than creating in this
case).

There's currently a bug where creating a user and setting their password at the
same time doesn't work. This is because we hash the PHID into the password hash,
but it's empty if the user hasn't been persisted yet. Make sure the user is
persisted before setting their password.

Finally, fix an issue where $original would have the new username set, creating
a somewhat confusing summary at the end.

I'm also going to improve the password behavior/explanation here once I add
welcome emails ("Hi Joe, epriestley created an account for you on Phabricator,
click here to login...").

Test Plan:
- Typed a password and didn't have it echoed. I also tested this on Ubuntu
without encountering problems.
  - Chose a duplicate email, got a useful error message instead of the exception
I'd encountered earlier.
  - Created a new user with a password in one pass and logged in as that user,
this worked properly.
  - Verified summary table does not contain username for new users.

Reviewed By: jungejason
Reviewers: jungejason, tuomaspelkonen, aran
CC: moskov, jr, aran, jungejason
Differential Revision: 358
2011-05-28 11:52:59 -07:00
epriestley
fff08a9894 Allow emails to be used for login
Summary:
Despite the form's claims that you can login with username or email, it actually
accepted only username.

Test Plan:
Logged in using my email.

Reviewed By: jungejason
Reviewers: tuomaspelkonen, jungejason, aran
CC: jr, anjali, aran, jungejason
Differential Revision: 354
2011-05-28 06:32:27 -07:00
Aizat Faiz
fdf39a9cb1 Add PHP openssl extension as a dependency
Summary:
After successfully installing phabricator on my Mac OS X 10.6.7, I was unable to
link my accounts to either Facebook or GitHub.

I diagnosed that file_get_contents() and fopen() were not working properly.

After installing the php openssl package I was able to get it linking
successfully.

Test Plan:
With php's openssl extension disabled, and phabricator installed. Try linking to
Facebook and GitHub and observe that it fails.  You can visit the Auth
Diagnostics page and "Facebook Graph" and "App Login" should fail.

With php's openssl extension enabled, linking to Facebook and GitHub should be
successful.

Change the configuration to add "phabricator.setup = false".

Disable php's openssl extension.  Visit the phabricator site and observe that it
requires you to install php's openssl extension.

Enable php's openssl extension. Visit the phabricator site and observe that it
installs fine.

Reviewed By: epriestley
Reviewers: epriestley
CC: aran, epriestley
Differential Revision: 352
2011-05-28 08:53:08 +08:00
epriestley
05846d5d48 Ensure syntax errors and other configuration problems are surfaced to the user.
Summary:
Some PHP has junky defaults for error_reporting / display_errors, and the "@"
silences fatals. The @ should never have been there, I just copied it from the
libphutil initializer where we use @ because the default error message can be
confusing and we display a more useful one.

Test Plan:
Added fatals to my conf file, got a decent error message instead of silent exit
with err=255.

Reviewed By: aran
Reviewers: tuomaspelkonen, aran, jungejason
CC: aran
Differential Revision: 355
2011-05-27 16:59:21 -07:00
epriestley
cc5a86f75a Reenable login forms for installs with multiple login mechanisms. 2011-05-27 16:34:10 -07:00
epriestley
e88d187362 Resolve some complete nonfunctionality in SendGrid adapter. 2011-05-27 16:22:05 -07:00
tuomaspelkonen
f076956f32 Added custom remarkup.
Summary:
Vendor specific markups are now possible.

Test Plan:
Tested with the Facebook specific tasks markup.

Reviewed By: jungejason
Reviewers: epriestley, jungejason
CC: aran, jungejason
Differential Revision: 349
2011-05-27 13:53:06 -07:00
tuomaspelkonen
19e10b2b5d Embedded youtube videos.
Summary:
Markup support for embedding Youtube videos.

Test Plan:
https://www.youtube.com/watch?v=Vw4KVoEVcr0 was embedded

Reviewed By: epriestley
Reviewers: epriestley
CC: aran, epriestley
Differential Revision: 353
2011-05-27 13:50:58 -07:00
epriestley
ce8a406424 Improve file preview in Maniphest
Summary:
Show large thumbnails of attached files in Maniphest.

Test Plan:
Looked at large thumbnails in Maniphest.

Reviewed By: jungejason
Reviewers: tomo, aran, jungejason, tuomaspelkonen
CC: anjali, aran, epriestley, jungejason
Differential Revision: 335
2011-05-27 09:35:56 -07:00
epriestley
109a202b6c Improve drag-and-drop uploader
Summary:
Make it discoverable, show uploading progress, show file thumbnails, allow you
to remove files, make it a generic form component.

Test Plan:
Uploaded ducks

Reviewed By: tomo
Reviewers: aran, tomo, jungejason, tuomaspelkonen
CC: anjali, aran, epriestley, tomo
Differential Revision: 334
2011-05-27 09:34:29 -07:00
epriestley
8af5bb117d Basic image thumbnailing
Summary:
This is still very rough but provides basic support for generating image
thumbnails. I need to separate stuff out a bit but I'm going to integrate into
Maniphest before I hit the profile stuff so this seems like a reasonable
starting point.

Test Plan:
Generated some image thumbnails in various sizes.

Reviewed By: aran
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran
Differential Revision: 333
2011-05-27 09:33:33 -07:00
epriestley
dbedb012eb Add support for SendGrid as an outbound mail adapter
Summary: SendGrid is a popular mail delivery platform, similar to Amazon SES. Provide support for delivering email via their REST API.

Test Plan: Created a SendGrid account, configured my local install to use it, sent some mail, received mail.

Reviewers: tuomaspelkonen, jungejason, aran

CC: ccheever

Differential Revision: 347
2011-05-27 09:27:54 -07:00
jungejason
686ffafa21 Improve logging for syntax highlighting parsing
Summary:
add logging when syntax highlighting parsing throws exception.

Test Plan:
test when exception is thrown with non-php code. I couldn't
create a file to trigger an exception in running pygmentiza, so I
manually threw an exception to test it.

Reviewed By: tuomaspelkonen
Reviewers: tuomaspelkonen, epriestley
CC: aran, tuomaspelkonen, jungejason
Differential Revision: 350
2011-05-26 17:51:22 -07:00
Aizat Faiz
6c3b1feec8 [diffusion] keep 'view' parameter when clicking on a line number
Summary:
Clicking on a line number will remove the current 'view' the user is in.

This patch retains the current view.

Test Plan:
Open a file in diffusion, and change the view to "blame", clicking on the line
number should retain the same view.

Reviewed By: epriestley
Reviewers: epriestley, jungejason
CC: aran, epriestley, aizatto
Differential Revision: 344
2011-05-25 19:14:51 -07:00
tuomaspelkonen
d21a056f1c Multiple comment submissions for a diff is prevented now.
Summary:
It was possible to submit a comment multiple times if the submit
button was pressed more than once quickly. Added javascript code
that disables the button when it is clicked.

Test Plan:
Tried to click the button multiple times very quickly, but the
button was disabled after the first click.

Reviewed By: epriestley
Reviewers: epriestley, jungejason
Commenters: aran
CC: aran, epriestley, tuomaspelkonen
Differential Revision: 337
2011-05-25 12:14:43 -07:00
tuomaspelkonen
3dd12e7cc6 Changed 'diffusion.getrecentcommitsbypath' to return only the direct and child
changes.

Summary:
It was incorrectly returning copies.

Test Plan:
Tested that the conduit call for 'tfb/trunk/www/last_min_rev.txt' matches
https://phabricator.fb.com/diffusion/E/history/tfb/trunk/www/last_min_rev.txt

Reviewed By: jungejason
Reviewers: jungejason, epriestley, aran
CC: aran, jungejason
Differential Revision: 340
2011-05-24 16:14:37 -07:00
tuomaspelkonen
9498c3a0db Fixed resource map. 2011-05-23 19:52:13 -07:00
tuomaspelkonen
2740245f8b Fixed resource map. 2011-05-23 19:30:44 -07:00
epriestley
120c3bcecd Bring over Arcanist documentation.
Summary: Mostly from arcanist/ and libphutil/.
2011-05-23 07:42:58 -07:00
Evan Priestley
97eba990d8 Merge pull request #7 from cadamo/master
The user can't let empty the realname and/or e-mail form.
2011-05-22 20:52:48 -07:00
Cristian Adamo
c44b076b25 No empty name or e-mail we'll be accepted.
Summary: the user can't let the realname and/or  e-mail address be empty

Test Plan: enter on 'settings/account' and change your name to '' and the same
for the e-mail 'settings/email'

Reviewers: epriestley

CC: epriestley
2011-05-23 00:20:35 -03:00
epriestley
553c6c78fe Raise PhabricatorShapedRequest request timeout
Summary:
We hit this very short (1s) timeout when the browser chooses to resolve all the
diff requests before the preview request. In the long term we could start the
preview request only after all the diff requests resolve, but this solves the
issue for now and there's no reason for such a short timeout.

The historical reason to have this timeout at all is that intern was megaflaky
and that's no longer a problem.

Test Plan:
Faked it so it would use a 1ms timeout the first time and then a 20s timeout;
got reasonable behavior.

Reviewed By: aran
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran
Differential Revision: 329
2011-05-22 14:48:26 -07:00
epriestley
9f65a5efb8 Drag-and-drop upload for Maniphest
Summary:
This needs a bunch of UI polish (critically, it's totally undiscoverable) but it
basically works correctly. I'll clean it up in some followups.

Test Plan:
Uploaded some files via drag-and-drop, made comments, etc.

Reviewed By: aran
Reviewers: tomo, aran, jungejason, tuomaspelkonen
CC: anjali, aran
Differential Revision: 332
2011-05-22 14:47:04 -07:00
epriestley
3f11c8a602 Tweak Maniphest CSS, fix remarkup in description change views
Summary:
Various CSS tweaks and fixes:

  - Add remarkup styling to description change views, missed this before.
  - Fix CSS so that transactions with only one item (e.g., changed priority)
don't have weird floater underneath them.
  - Add more space between transaction items.
  - Make default background color lighter and less heavy.
  - Use beigey color for comment form in Maniphest.
  - Share more CSS between Maniphest and Differential (previews, feedback).
  - Move "Leap Into Action" call to Differential, replace Maniphest with
thematically-consistent "Weigh In" (obviously, Maniphest has a nautical theme).

Test Plan:
Browsed Maniphest and Differential in a couple browsers, styling all seems
correct.

Reviewed By: tomo
Reviewers: tomo, aran, jungejason, tuomaspelkonen
CC: anjali, aran, tomo
Differential Revision: 328
2011-05-22 13:26:55 -07:00
epriestley
b77e827bec Fix metadata rendering for files moves, etc.
Summary:
Some changeset metadata was not being correctly passed between the top-level
parser and the subparser, so it would be lost or incorrect when rendering
headers like "This file was moved from x to y." or rendering certain content
shields, like "the contents of this file were not modified".

Test Plan:
Created a new diff with a file move in it, rendered it, saw "This file was moved
from README to READYOU" correctly.

Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, grglr, aran
CC: aran, epriestley
Differential Revision: 321
2011-05-22 07:23:48 -07:00
epriestley
d202e71ef1 Use parallel syntax highlighting API in differential
Summary:
Use the new API from D322 to highlight text in parallel in Differential.

Test Plan:
Verified that pygemntize calls started within 20ms of one another in DarkConsole
(also: added a feature to let me do this) instead of running serially.

Reviewed By: aran
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran
Differential Revision: 323
2011-05-22 07:21:10 -07:00
epriestley
1efc66a0dd Add file.download to Conduit
Summary:
This is required to make "arc patch" and "arc export" support binary changes.

Test Plan:
Called from web console and "arc".

Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: aran, epriestley
Differential Revision: 326
2011-05-22 06:57:07 -07:00
epriestley
386a5eecb7 Show description changes in Maniphest
Summary:
When a task description is updated, there's currently no way to see the change.
Build an "expanded summary" mode for transactions that shows description change
details. Also include changes in the email.

Test Plan:
Changed task descriptions, clicked "show details", read email.

Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: anjali, aran, epriestley
Differential Revision: 320
2011-05-21 21:17:45 -07:00
epriestley
deb80b7652 Provide an activity log for login and administrative actions
Summary: This isn't complete, but I figured I'd ship it for review while it's still smallish.

Provide an activity log for high-level system actions (logins, admin actions). This basically allows two things to happen:

  - The log itself is useful if there are shenanigans.
  - Password login can check it and start CAPTCHA'ing users after a few failed attempts.

I'm going to change how the admin stuff works a little bit too, since right now you can make someone an agent, grab their certificate, revert them back to a normal user, and then act on their behalf over Conduit. This is a little silly, I'm going to move "agent" to the create workflow instead. I'll also add a confirm/email step to the administrative password reset flow.

Test Plan: Took various administrative and non-administrative actions, they appeared in the logs. Filtered the logs in a bunch of different ways.

Reviewers: jungejason, tuomaspelkonen, aran

CC:

Differential Revision: 302
2011-05-20 19:08:26 -07:00
tuomaspelkonen
59bfd17c61 Fixed history view.
Summary:
A lot of history views were empty. This fixes that problem.

Test Plan:
Played with sandbox.

Reviewed By: epriestley
Reviewers: epriestley, jungejason
Commenters: aran
CC: aran, epriestley, tuomaspelkonen
Differential Revision: 316
2011-05-20 13:19:20 -07:00
tuomaspelkonen
22b2db6c15 Changed to use getBool and fixed pagesize and offset handling.
Summary:
Simplified code and now pressing 'Hide/Show' button doesn't lose the
pagesize/offset information.

Test Plan:
Tested with different arguments in my sandbox. Tested that the old
'copies=true' and 'copies=false' are still working.

Reviewed By: epriestley
Reviewers: epriestley, jungejason
CC: aran, epriestley, tuomaspelkonen
Differential Revision: 318
2011-05-20 13:15:32 -07:00
adonohue
36a6fcb573 diffusion.getrecentcommitsbypath
Summary:
Implement diffusion.getrecentcommitsbypath, a Conduit wrapper over
DiffusionHistoryQuery which returns results suitable for consumption by
diffusion.getcommits.

Test Plan:
Conduit console

Reviewed By: epriestley
Reviewers: epriestley
CC: aran, epriestley
Differential Revision: 315
2011-05-19 15:59:38 -07:00
epriestley
5fdea30878 Documentation: improve Diffusion documentation 2011-05-19 13:40:40 -07:00
Evan Priestley
0fc96c94c8 Merge pull request #6 from seporaitis/master
Added 'pcntl' to required extensions list
2011-05-19 09:17:54 -07:00