Summary:
- When an administrator creates a user, provide an option to send a welcome
email. Right now this workflow kind of dead-ends.
- Prevent administrators from changing the "System Agent" flag. If they can
change it, they can grab another user's certificate and then act as them. This
is a vaguely weaker security policy than is exhibited elsewhere in the
application. Instead, make user accounts immutably normal users or system agents
at creation time.
- Prevent administrators from changing email addresses after account creation.
Same deal as conduit certs. The 'bin/accountadmin' script can still do this if a
user has a real problem.
- Prevent administrators from resetting passwords. There's no need for this
anymore with welcome emails plus email login and it raises the same issues.
Test Plan:
- Created a new account, selected "send welcome email", got a welcome email,
logged in with the link inside it.
- Created a new system agent.
- Reset an account's password.
Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: anjali, aran, epriestley
Differential Revision: 379
Summary:
See T178. D372 is the correct fix for this problem, hardcoding .sql3 is not.
Test Plan:
This code should be unreachable after T178 since these files will always be
marked as binary.
Reviewed By: tuomaspelkonen
Reviewers: tuomaspelkonen
CC: elgenie, aran, tuomaspelkonen
Differential Revision: 373
Summary:
Allows you to link to comments with "D123#3" or "T123#3", then adds a pile of JS
to try to make it not terrible. :/
The thing I'm trying to avoid here is when someone says "look at this!
http://blog.com/#comment-239291" and you click and your browser jumps somewhere
random and you have no idea which comment they meant. Since I really hate this,
I've tried to avoid it by making sure the comment is always highlighted.
Test Plan:
Put T1#1 and D1#1 in remarkup and verified they linked properly.
Clicked anchors on individual comments.
Faked all comments hidden in Differential and verified they expanded on anchor
or anchor change.
Reviewed By: aran
Reviewers: aran, tomo, mroch, jungejason, tuomaspelkonen
CC: aran, epriestley
Differential Revision: 383
Summary:
In RHEL6 at the least, pcntl installs from distro package management to the CLI
but not to Apache. Since we don't need it in apache and it's a pain to build
manually, just verify it exists on the CLI.
Test Plan:
Simulated script failures and verified setup output.
Reviewed By: codeblock
Reviewers: codeblock, aran, jungejason, tuomaspelkonen
CC: aran, epriestley, kevinwallace, codeblock
Differential Revision: 380
Summary:
the daemon is generating a lot of warning about timezone not
being set. Add it.
Test Plan:
php -l. Launched the daemon and it didn't crash. It's
difficult to make it parse a commit on my sandbox though. I will see if
it fixes the problem once it is live.
Reviewed By: epriestley
Reviewers: epriestley, tuomaspelkonen
CC: aran, epriestley, jungejason
Differential Revision: 356
Summary:
Sendmail is seriously difficult to configure; SendGrid is extremely easy. It's
also pretty expensive ($80/mo) but there are a bunch of startups that already
have plans so it's effectively free for them.
Test Plan:
Configured SendGrid and sent reply email through it.
Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: aran, epriestley
Differential Revision: 376
Summary:
Keep him from getting killed every 24 hours by the overseer, add basic commit
support.
Test Plan:
Ran irc bot, fed him a commit, fed him "http://blah/D1".
Reviewed By: aran
Reviewers: aran, jungejason, tuomaspelkonen, codeblock, mroch
CC: aran, epriestley
Differential Revision: 377
Summary:
While my client and some others send email replies with an address like
##T1+x+y@example.com##, some other clients have sent either
##<T1+x+y@example.com>## or ##"T1+x+y@example.com" <T1+x+y@example.com>##.
Properly parse all the formats we've seen in the wild.
Test Plan:
Ran the regexp against all the formats observed in the wild (see
https://secure.phabricator.com/mail/received/) and verified it parses them
correctly.
Reviewed By: jungejason
Reviewers: tuomaspelkonen, jungejason, aran
CC: anjali, aran, jungejason
Differential Revision: 370
Summary:
Allow files to be attached to a task by attaching them to an email reply to the
task.
Test Plan:
Applied this patch live since I haven't managed to get inbound email configured
locally, then attached files to a task via email.
Reviewed By: jungejason
Reviewers: tuomaspelkonen, jungejason, aran
CC: anjali, aran, jungejason
Differential Revision: 369
Summary:
- Provide a red version of the logo for the admin view.
- Make selected tabs in the admin view look correct.
- Fix a Chrome styling issue where the username and "settings" would have
weird offsets.
Test Plan:
Loaded Phabricator in chrome and clicked around tabs of an admin interface.
Hovered over logo.
Reviewed By: jungejason
Reviewers: cadamo, jungejason, tuomaspelkonen, aran
CC: aran, epriestley, jungejason
Differential Revision: 371
Summary:
I ran a 99designs contest and this gear-eye thing was actually pretty okay. All
this stuff needs tweaks but at least it won't render with a big square on
windows anymore.
Test Plan:
Looked at menu, it seemed slightly more legitimate and designey than before?
Reviewed By: jungejason
Reviewers: tuomaspelkonen, jungejason, aran
CC: aran, epriestley, jungejason
Differential Revision: 363
Summary:
I think I wrote this before I laid in workflow, so they always redirect to
another page even if you have JS. Use workflow if it's available.
Test Plan:
Deleted a directory item and a directory category via dialog workflow instead of
full page reloads.
Reviewed By: jungejason
Reviewers: jungejason, tuomaspelkonen, aran
CC: moskov, aran, jungejason
Differential Revision: 359
Summary:
Currently, we echo the password as the user types it. This turns out to be a bit
of an issue in over-the-shoulder installs. Instead, disable tty echo while the
user is typing their password so nothing is shown (like how 'sudo' works).
Also show a better error message if the user chooses a duplicate email; without
testing for this we just throw a duplicate key exception when saving, which
isn't easy to understand. The other duplicate key exception is duplicate
username, which is impossible (the script updates rather than creating in this
case).
There's currently a bug where creating a user and setting their password at the
same time doesn't work. This is because we hash the PHID into the password hash,
but it's empty if the user hasn't been persisted yet. Make sure the user is
persisted before setting their password.
Finally, fix an issue where $original would have the new username set, creating
a somewhat confusing summary at the end.
I'm also going to improve the password behavior/explanation here once I add
welcome emails ("Hi Joe, epriestley created an account for you on Phabricator,
click here to login...").
Test Plan:
- Typed a password and didn't have it echoed. I also tested this on Ubuntu
without encountering problems.
- Chose a duplicate email, got a useful error message instead of the exception
I'd encountered earlier.
- Created a new user with a password in one pass and logged in as that user,
this worked properly.
- Verified summary table does not contain username for new users.
Reviewed By: jungejason
Reviewers: jungejason, tuomaspelkonen, aran
CC: moskov, jr, aran, jungejason
Differential Revision: 358
Summary:
Despite the form's claims that you can login with username or email, it actually
accepted only username.
Test Plan:
Logged in using my email.
Reviewed By: jungejason
Reviewers: tuomaspelkonen, jungejason, aran
CC: jr, anjali, aran, jungejason
Differential Revision: 354
Summary:
After successfully installing phabricator on my Mac OS X 10.6.7, I was unable to
link my accounts to either Facebook or GitHub.
I diagnosed that file_get_contents() and fopen() were not working properly.
After installing the php openssl package I was able to get it linking
successfully.
Test Plan:
With php's openssl extension disabled, and phabricator installed. Try linking to
Facebook and GitHub and observe that it fails. You can visit the Auth
Diagnostics page and "Facebook Graph" and "App Login" should fail.
With php's openssl extension enabled, linking to Facebook and GitHub should be
successful.
Change the configuration to add "phabricator.setup = false".
Disable php's openssl extension. Visit the phabricator site and observe that it
requires you to install php's openssl extension.
Enable php's openssl extension. Visit the phabricator site and observe that it
installs fine.
Reviewed By: epriestley
Reviewers: epriestley
CC: aran, epriestley
Differential Revision: 352
Summary:
Some PHP has junky defaults for error_reporting / display_errors, and the "@"
silences fatals. The @ should never have been there, I just copied it from the
libphutil initializer where we use @ because the default error message can be
confusing and we display a more useful one.
Test Plan:
Added fatals to my conf file, got a decent error message instead of silent exit
with err=255.
Reviewed By: aran
Reviewers: tuomaspelkonen, aran, jungejason
CC: aran
Differential Revision: 355
Summary:
Vendor specific markups are now possible.
Test Plan:
Tested with the Facebook specific tasks markup.
Reviewed By: jungejason
Reviewers: epriestley, jungejason
CC: aran, jungejason
Differential Revision: 349
Summary:
Show large thumbnails of attached files in Maniphest.
Test Plan:
Looked at large thumbnails in Maniphest.
Reviewed By: jungejason
Reviewers: tomo, aran, jungejason, tuomaspelkonen
CC: anjali, aran, epriestley, jungejason
Differential Revision: 335
Summary:
Make it discoverable, show uploading progress, show file thumbnails, allow you
to remove files, make it a generic form component.
Test Plan:
Uploaded ducks
Reviewed By: tomo
Reviewers: aran, tomo, jungejason, tuomaspelkonen
CC: anjali, aran, epriestley, tomo
Differential Revision: 334
Summary:
This is still very rough but provides basic support for generating image
thumbnails. I need to separate stuff out a bit but I'm going to integrate into
Maniphest before I hit the profile stuff so this seems like a reasonable
starting point.
Test Plan:
Generated some image thumbnails in various sizes.
Reviewed By: aran
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran
Differential Revision: 333
Summary: SendGrid is a popular mail delivery platform, similar to Amazon SES. Provide support for delivering email via their REST API.
Test Plan: Created a SendGrid account, configured my local install to use it, sent some mail, received mail.
Reviewers: tuomaspelkonen, jungejason, aran
CC: ccheever
Differential Revision: 347
Summary:
add logging when syntax highlighting parsing throws exception.
Test Plan:
test when exception is thrown with non-php code. I couldn't
create a file to trigger an exception in running pygmentiza, so I
manually threw an exception to test it.
Reviewed By: tuomaspelkonen
Reviewers: tuomaspelkonen, epriestley
CC: aran, tuomaspelkonen, jungejason
Differential Revision: 350
Summary:
Clicking on a line number will remove the current 'view' the user is in.
This patch retains the current view.
Test Plan:
Open a file in diffusion, and change the view to "blame", clicking on the line
number should retain the same view.
Reviewed By: epriestley
Reviewers: epriestley, jungejason
CC: aran, epriestley, aizatto
Differential Revision: 344
Summary:
It was possible to submit a comment multiple times if the submit
button was pressed more than once quickly. Added javascript code
that disables the button when it is clicked.
Test Plan:
Tried to click the button multiple times very quickly, but the
button was disabled after the first click.
Reviewed By: epriestley
Reviewers: epriestley, jungejason
Commenters: aran
CC: aran, epriestley, tuomaspelkonen
Differential Revision: 337
Summary: the user can't let the realname and/or e-mail address be empty
Test Plan: enter on 'settings/account' and change your name to '' and the same
for the e-mail 'settings/email'
Reviewers: epriestley
CC: epriestley
Summary:
We hit this very short (1s) timeout when the browser chooses to resolve all the
diff requests before the preview request. In the long term we could start the
preview request only after all the diff requests resolve, but this solves the
issue for now and there's no reason for such a short timeout.
The historical reason to have this timeout at all is that intern was megaflaky
and that's no longer a problem.
Test Plan:
Faked it so it would use a 1ms timeout the first time and then a 20s timeout;
got reasonable behavior.
Reviewed By: aran
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran
Differential Revision: 329
Summary:
This needs a bunch of UI polish (critically, it's totally undiscoverable) but it
basically works correctly. I'll clean it up in some followups.
Test Plan:
Uploaded some files via drag-and-drop, made comments, etc.
Reviewed By: aran
Reviewers: tomo, aran, jungejason, tuomaspelkonen
CC: anjali, aran
Differential Revision: 332
Summary:
Various CSS tweaks and fixes:
- Add remarkup styling to description change views, missed this before.
- Fix CSS so that transactions with only one item (e.g., changed priority)
don't have weird floater underneath them.
- Add more space between transaction items.
- Make default background color lighter and less heavy.
- Use beigey color for comment form in Maniphest.
- Share more CSS between Maniphest and Differential (previews, feedback).
- Move "Leap Into Action" call to Differential, replace Maniphest with
thematically-consistent "Weigh In" (obviously, Maniphest has a nautical theme).
Test Plan:
Browsed Maniphest and Differential in a couple browsers, styling all seems
correct.
Reviewed By: tomo
Reviewers: tomo, aran, jungejason, tuomaspelkonen
CC: anjali, aran, tomo
Differential Revision: 328
Summary:
Some changeset metadata was not being correctly passed between the top-level
parser and the subparser, so it would be lost or incorrect when rendering
headers like "This file was moved from x to y." or rendering certain content
shields, like "the contents of this file were not modified".
Test Plan:
Created a new diff with a file move in it, rendered it, saw "This file was moved
from README to READYOU" correctly.
Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, grglr, aran
CC: aran, epriestley
Differential Revision: 321
Summary:
Use the new API from D322 to highlight text in parallel in Differential.
Test Plan:
Verified that pygemntize calls started within 20ms of one another in DarkConsole
(also: added a feature to let me do this) instead of running serially.
Reviewed By: aran
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran
Differential Revision: 323
Summary:
This is required to make "arc patch" and "arc export" support binary changes.
Test Plan:
Called from web console and "arc".
Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: aran, epriestley
Differential Revision: 326
Summary:
When a task description is updated, there's currently no way to see the change.
Build an "expanded summary" mode for transactions that shows description change
details. Also include changes in the email.
Test Plan:
Changed task descriptions, clicked "show details", read email.
Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: anjali, aran, epriestley
Differential Revision: 320
Summary: This isn't complete, but I figured I'd ship it for review while it's still smallish.
Provide an activity log for high-level system actions (logins, admin actions). This basically allows two things to happen:
- The log itself is useful if there are shenanigans.
- Password login can check it and start CAPTCHA'ing users after a few failed attempts.
I'm going to change how the admin stuff works a little bit too, since right now you can make someone an agent, grab their certificate, revert them back to a normal user, and then act on their behalf over Conduit. This is a little silly, I'm going to move "agent" to the create workflow instead. I'll also add a confirm/email step to the administrative password reset flow.
Test Plan: Took various administrative and non-administrative actions, they appeared in the logs. Filtered the logs in a bunch of different ways.
Reviewers: jungejason, tuomaspelkonen, aran
CC:
Differential Revision: 302
Summary:
A lot of history views were empty. This fixes that problem.
Test Plan:
Played with sandbox.
Reviewed By: epriestley
Reviewers: epriestley, jungejason
Commenters: aran
CC: aran, epriestley, tuomaspelkonen
Differential Revision: 316
Summary:
Simplified code and now pressing 'Hide/Show' button doesn't lose the
pagesize/offset information.
Test Plan:
Tested with different arguments in my sandbox. Tested that the old
'copies=true' and 'copies=false' are still working.
Reviewed By: epriestley
Reviewers: epriestley, jungejason
CC: aran, epriestley, tuomaspelkonen
Differential Revision: 318