1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-29 02:02:41 +01:00
Commit graph

470 commits

Author SHA1 Message Date
epriestley
ec8581ab62 Clean up redirect URIs for "Temporary Tokens" and "API Tokens" settings panels
Summary: Fixes T11223. I missed a few of these; most of them kept working anyway because we have redirects in place, but make them a bit more modern/not-hard-coded.

Test Plan:
  - Generated and revoked API tokens for myself.
  - Generated and revoked API tokens for bots.
  - Revoked temporary tokens for myself.
  - Clicked the link to the API tokens panel from the Conduit console.
  - Clicked all the cancel buttons in all the dialogs, too.

In all cases, everything now points at the correct URIs. Previously, some things pointed at the wrong URIs (mostly dealing with stuff for bots).

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11223

Differential Revision: https://secure.phabricator.com/D16185
2016-06-28 14:51:04 -07:00
epriestley
2cb779575d Split "Edit Blocking Tasks" into "Edit Parent Tasks" and "Edit Subtasks"
Summary:
Ref T11179. This splits "Edit Blocking Tasks" into two options now that we have more room ("Edit Parent Tasks", "Edit Subtasks").

This also renames "Blocking" tasks to "Subtasks", and "Blocked" tasks to "Parent" tasks. My goals here are:

  - Make the relationship direction more clear: it's more clear which way is up with "parent" and "subtask" at a glance than with "blocking" and "blocked" or "dependent" and "dependency".
  - Align language with "Create Subtask".
  - To some small degree, use more flexible/general-purpose language, although I haven't seen any real confusion here.

Fixes T6815. I think I narrowed this down to two issues:

  - Just throwing a bare exeception (we now return a dialog explicitly).
  - Not killing open transactions when the cyclec check fails (we now kill them).

Test Plan:
  - Edited parent tasks.
  - Edited subtasks.
  - Tried to introduce graph cycles, got a nice error dialog.

{F1697087}

{F1697088}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T6815, T11179

Differential Revision: https://secure.phabricator.com/D16166
2016-06-22 11:20:38 -07:00
epriestley
f9e3108938 Fix an issue with AuthProviderConfig handles
Summary: Fixes T11156. These were never correct, but also never actually used until I made timelines load object handles unconditionally in D16111.

Test Plan: Viewed an auth provider with transactions, no more fatal.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11156

Differential Revision: https://secure.phabricator.com/D16128
2016-06-16 06:04:43 -07:00
epriestley
ffb50ef45d Require login for "Must Verify Email" controller
Summary:
Via HackerOne. This page fatals if accessed directly while logged out.

The "shouldRequireLogin()" check is wrong; this is a logged-in page.

Test Plan:
Viewed the page while logged out, no more fatal.

Faked my way through the actual verification flow.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D16077
2016-06-07 16:37:12 -07:00
epriestley
abeab59448 Fix redirect to Password settings panel after "Reset Password" login
Summary: Fixes T11107. The URI change here meant we were dropping the "key" parameter, which allows you to set a new password without knowing your old one.

Test Plan: Reset password, didn't need to provide old one anymore.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11107

Differential Revision: https://secure.phabricator.com/D16075
2016-06-07 14:07:40 -07:00
epriestley
814fa135b0 Centralize "this is the current user for the request" code
Summary:
Ref T11098. This primarily fixes Conduit calls to `*.edit` methods failing when trying to access user preferences.

(The actual access is a little weird, since it seems like we're building some UI stuff inside a policy query, but that's an issue for another time.)

To fix this, consolidate the "we're about to run some kind of request with this user" code and run it consistently for web, conduit, and SSH sessions.

Additionally, make sure we swap things to the user's translation.

Test Plan:
  - Ran `maniphest.edit` via `arc call-conduit`, no more settings exception.
  - Set translation to ALL CAPS, got all caps output from `ssh` and Conduit.

Reviewers: avivey, chad

Reviewed By: chad

Maniphest Tasks: T11098

Differential Revision: https://secure.phabricator.com/D16066
2016-06-07 07:43:50 -07:00
epriestley
e1a9473eda Make auth provider autologin modular and implement it for all OAuth2 adapters
Summary:
Ref T10785. Around the time we launched Phacility SAAS we implemented this weird autologin hack. It works fine, so clean it up, get rid of the `instanceof` stuff, and support it for any OAuth2 provider.

(We could conceivably support OAuth1 as well, but no one has expressed an interest in it and I don't think I have any OAuth1 providers configured correctly locally so it would take a little bit to set up and test.)

Test Plan:
  - Configured OAuth2 adapters (Facebook) for auto-login.
  - Saw no config option on other adapters (LDAP).
  - Nuked all options but one, did autologin with Facebook and Phabricator.
  - Logged out, got logout screen.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10785

Differential Revision: https://secure.phabricator.com/D16060
2016-06-06 14:33:09 -07:00
epriestley
6f1053c206 Convert user profile images into a standard cache
Summary:
Ref T4103. Ref T10078. This moves profile image caches to new usercache infrastructure.

These dirty automatically based on configuration and User properties, so add some stuff to make that happen.

This reduces the number of queries issued on every page by 1.

Test Plan: Browsed around, changed profile image, viewed as self, viewed as another user, verified no more query to pull this information on every page

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103, T10078

Differential Revision: https://secure.phabricator.com/D16040
2016-06-05 08:52:15 -07:00
epriestley
2b344b2bb5 Make caches misses throw by default intead of inline-generating
Summary:
Ref T4103. Ref T10078. Currently, when a user misses a cache we just build it for them.

This is the behavior we want for the the viewer (so we don't have to build every cache up front if we don't actually need them), but not the right behavior for other users (since it allows performance problems to go undetected).

Make inline cache generation strict by default, then make sure all the things that rely on cache data request the correct data (well, all of the things identified by unit tests, at least: there might be some more stuff I haven't hit yet).

This fixes test failures in D16040, and backports a piece of that change.

Test Plan: Identified and then fixed failures with `arc unit --everything`.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103, T10078

Differential Revision: https://secure.phabricator.com/D16042
2016-06-05 08:51:54 -07:00
epriestley
9180f429eb Provide a general-purpose, modular user cache for settings and other similar data
Summary:
Ref T4103. Currently, we issue a `SELECT * FROM user_preferences ... WHERE userPHID = ...` on every page to load the viewer's settings.

There are several other questionable data accesses on every page too, most of which could benefit from improved caching strategies (see T4103#178122).

This query will soon get more expensive, since it may need to load several objects (e.g., the user's settings and their "role profile" settings). Although we could put that data on the User and do both in one query, it's nicer to put it on the Preferences object ("This inherits from profile X") which means we need to do several queries.

Rather than paying a greater price, we can cheat this stuff into the existing query where we load the user's session by providing a user cache table and doing some JOIN magic. This lets us issue one query and try to get cache hits on a bunch of caches cheaply (well, we'll be in trouble at the MySQL JOIN limit of 61 tables, but have some headroom).

For now, just get it working:

  - Add the table.
  - Try to get user settings "for free" when we load the session.
  - If we miss, fill user settings into the cache on-demand.
  - We only use this in one place (DarkConsole) for now. I'll use it more widely in the next diff.

Test Plan:
  - Loaded page as logged-in user.
  - Loaded page as logged-out user.
  - Examined session query to see cache joins.
  - Changed settings, saw database cache fill.
  - Toggled DarkConsole on and off.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16001
2016-06-02 06:28:56 -07:00
epriestley
0fad384727 Fix minor section formatting mishap in SSH key email
Summary: Ref T10917. This is getting added as a link right now, which causes it to get `<a href>`'d in HTML mail. Add it as text instead.

Test Plan: Edited a key, examined HTML mail body carefully.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10917

Differential Revision: https://secure.phabricator.com/D15952
2016-05-19 15:20:19 -07:00
epriestley
6f6ca0102d Send forced mail on SSH key edits
Summary:
Ref T10917. This cheats fairly heavily to generate SSH key mail:

  - Generate normal transaction mail.
  - Force it to go to the user.
  - Use `setForceDelivery()` to force it to actually be delivered.
  - Add some warning language to the mail body.

This doesn't move us much closer to Glorious Infrastructure for this whole class of events, but should do what it needs to for now and doesn't really require anything sketchy.

Test Plan: Created and edited SSH keys, got security notice mail.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10917

Differential Revision: https://secure.phabricator.com/D15948
2016-05-19 15:01:25 -07:00
epriestley
da6b3de65c Use transactions to apply web UI SSH key edits
Summary:
Ref T10917. Converts web UI edits to transactions.

This is about 95% "the right way", and then I cheated on the last 5% instead of building a real EditEngine. We don't need it for anything else right now and some of the dialog workflows here are a little weird so I'm just planning to skip it for the moment unless it ends up being easier to do after the next phase (mail notifications) or something like that.

Test Plan: {F1652160}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10917

Differential Revision: https://secure.phabricator.com/D15947
2016-05-19 15:00:18 -07:00
epriestley
08bea1d363 Add ViewController and SearchEngine for SSH Public Keys
Summary:
Ref T10917. This primarily prepares these for transactions by giving us a place to:

  - review old deactivated keys; and
  - review changes to keys.

Future changes will add transactions and a timeline so key changes are recorded exhaustively and can be more easily audited.

Test Plan:
{F1652089}

{F1652090}

{F1652091}

{F1652092}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10917

Differential Revision: https://secure.phabricator.com/D15946
2016-05-19 09:48:46 -07:00
epriestley
0308d580d7 Deactivate SSH keys instead of destroying them completely
Summary:
Ref T10917. Currently, when you delete an SSH key, we really truly delete it forever.

This isn't very consistent with other applications, but we built this stuff a long time ago before we were as rigorous about retaining data and making it auditable.

In partiular, destroying data isn't good for auditing after security issues, since it means we can't show you logs of any changes an attacker might have made to your keys.

To prepare to improve this, stop destoying data. This will allow later changes to become transaction-oriented and show normal transaction logs.

The tricky part here is that we have a `UNIQUE KEY` on the public key part of the key.

Instead, I changed this to `UNIQUE (key, isActive)`, where `isActive` is a nullable boolean column. This works because MySQL does not enforce "unique" if part of the key is `NULL`.

So you can't have two rows with `("A", 1)`, but you can have as many rows as you want with `("A", null)`. This lets us keep the "each key may only be active for one user/object" rule without requiring us to delete any data.

Test Plan:
- Ran schema changes.
- Viewed public keys.
- Tried to add a duplicate key, got rejected (already associated with another object).
- Deleted SSH key.
- Verified that the key was no longer actually deleted from the database, just marked inactive (in future changes, I'll update the UI to be more clear about this).
- Uploaded a new copy of the same public key, worked fine (no duplicate key rejection).
- Tried to upload yet another copy, got rejected.
- Generated a new keypair.
- Tried to upload a duplicate to an Almanac device, got rejected.
- Generated a new pair for a device.
- Trusted a device key.
- Untrusted a device key.
- "Deleted" a device key.
- Tried to trust a deleted device key, got "inactive" message.
- Ran `bin/ssh-auth`, got good output with unique keys.
- Ran `cat ~/.ssh/id_rsa.pub | ./bin/ssh-auth-key`, got good output with one key.
- Used `auth.querypublickeys` Conduit method to query keys, got good active keys.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10917

Differential Revision: https://secure.phabricator.com/D15943
2016-05-18 14:54:28 -07:00
epriestley
eef2172161 When a user tries to regsiter while logged in, just send them home
Summary: This error message is pointless and dead-ends logged-in users needlessly if they're sent to the register page by documentation or Advanced Enterprise Sales Funnels.

Test Plan: Visited `/auth/register/` while logged in, was sent home.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D15739
2016-04-16 19:15:15 -07:00
epriestley
46881c4ce5 Add a session engine extension point
Summary: Ref T7673. This is really just so I can force admin.phacility.com logout when you log out of an instance, but there are a few other things we could move here eventually, like the WILLREGISTERUSER event.

Test Plan: Logged out of an instance, got logged out of parent (see next change).

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T7673

Differential Revision: https://secure.phabricator.com/D15629
2016-04-05 15:19:47 -07:00
epriestley
e55522cade Implement "auth.logout" Conduit API method
Summary:
Ref T7303. Ref T7673. This implements an "auth.logout" which:

  - terminates all web sessions;
  - terminates the current OAuth token if called via OAuth; and
  - may always be called via OAuth.

(Since it consumes an OAuth token, even a "malicious" OAuth application can't really be that much of a jerk with this: it can't continuously log you out, since calling the method once kills the token. The application would need to ask your permission again to get a fresh token.)

The primary goal here is to let Phacility instances call this against the Phacility upstream, so that when you log out of an instance it also logs you out of your Phacility account (possibly with a checkbox or something).

This also smooths over the session token code. Before this change, your sessions would get logged out but when you reloaded we'd tell you your session was invalid.

Instead, try to clear the invalid session before telling the user there's an issue. I think that ssentially 100% of invalid sessions are a result of something in this vein (e.g., forced logout via Settings) nowadays, since the session code is generally stable and sane and has been for a long time.

Test Plan:
  - Called `auth.logout` via console, got a reasonable logout experience.
  - Called `auth.logout` via OAuth.
    - Tried to make another call, verified OAuth token had been invalidated.
    - Verified web session had been invalidated.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T7303, T7673

Differential Revision: https://secure.phabricator.com/D15594
2016-04-04 09:12:06 -07:00
Chad Little
6bbba1e315 Update Auth for new UI
Summary: [WIP] Tossing this up for safety and to read through it. Need to test, update some of the other flows. This updates everything in Auth for new UI and modern conventions.

Test Plan: Loooots of random testing, new providers, edit providers, logging out, forgot password... more coming.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15550
2016-03-31 13:51:12 -07:00
epriestley
6ef4747e9d Convert OAuth1 handshake tokens to new modular temporary tokens
Summary: Ref T10603. Swap these over and give them nice UI strings.

Test Plan:
- Refreshed a Twitter OAuth link.
- Unlinked and re-linked a Twitter account.
- Viewed the new type in {nav Config > Temporary Tokens}.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10603

Differential Revision: https://secure.phabricator.com/D15480
2016-03-16 09:34:18 -07:00
epriestley
33a95d44bd Formally modularize MFA/TOTP tokens, provide a module panel for temporary tokens
Summary:
Ref T10603. We have a couple of sort of ad-hoc tokens, so start formalizing them. First up is MFA tokens.

Also adds a new config module panel for these.

Test Plan:
  - Added MFA.
  - Added MFA, intentionally fumbled the input, completed the workflow.
  - Removed MFA.
  - Viewed tokens, saw MFA sync tokens.
  - Viewed new module config panel.

{F1177014}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10603

Differential Revision: https://secure.phabricator.com/D15479
2016-03-16 09:33:58 -07:00
epriestley
a837c3d73e Make temporary token storage/schema more flexible
Summary:
Ref T10603. This makes minor updates to temporary tokens:

  - Rename `objectPHID` (which is sometimes used to store some other kind of identifier instead of a PHID) to `tokenResource` (i.e., which resource does this token permit access to?).
  - Add a `userPHID` column. For LFS tokens and some other types of tokens, I want to bind the token to both a resource (like a repository) and a user.
  - Add a `properties` column. This makes tokens more flexible and supports custom behavior (like scoping LFS tokens even more tightly).

Test Plan:
- Ran `bin/storage upgrade -f`, got a clean upgrade.
- Viewed one-time tokens.
- Revoked one token.
- Revoked all tokens.
- Performed a one-time login.
- Performed a password reset.
- Added an MFA token.
- Removed an MFA token.
- Used a file token to view a file.
- Verified file token was removed after viewing file.
- Linked my account to an OAuth1 account (Twitter).

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10603

Differential Revision: https://secure.phabricator.com/D15478
2016-03-16 09:33:38 -07:00
epriestley
8e3ea4e034 Use new modular temporary auth token constants in one-time login and password reset flows
Summary:
Ref T10603. This converts existing hard-codes to modular constants.

Also removes one small piece of code duplication.

Test Plan:
  - Performed one-time logins.
  - Performed a password reset.
  - Verified temporary tokens were revoked properly.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10603

Differential Revision: https://secure.phabricator.com/D15476
2016-03-16 09:33:24 -07:00
epriestley
cf15e0de43 Modularize temporary token types
Summary:
Ref T10603. For LFS, we need to issue a new type of temporary token.

This makes the temporary token code modular so applications can add new token types without modifying the Auth application.

(I'm moving slowly here because it impacts authentication.)

Test Plan:
  - Used `bin/auth recover` to get a one-time token from the CLI.
  - Used "Forgot your password?" to get a one-time token from the web UI.
  - Followed the web UI token to initiate a password reset, prompting generation of a password token.
  - Viewed these tokens in the web UI:

{F1176908}

  - Revoked a token.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10603

Differential Revision: https://secure.phabricator.com/D15475
2016-03-16 09:33:05 -07:00
Chad Little
fe5cd4ca2c Move FontIcon calls to Icon
Summary: Normalizes all `setFontIcon` calls to `setIcon`.

Test Plan: UIExamples, Almanac, Apps list, etc.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, hach-que, yelirekim

Differential Revision: https://secure.phabricator.com/D15129
2016-01-28 08:48:45 -08:00
Chad Little
36158dbdc0 Convert all calls to 'IconFont' to just 'Icon'
Summary: Mostly for consistency, we're not using other forms of icons and this makes all classes that use an icon call it in the same way.

Test Plan: tested uiexamples, lots of other random pages.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15125
2016-01-27 20:59:27 -08:00
epriestley
08de131da5 Begin modularizing main menu items
Summary:
Ref T10077. Ref T8918. The way the main menu is built is not very modular and fairly hacky.

It assumes menus are provided by applications, but this isn't exactly true. Notably, the "Quick Create" menu is not per-application.

The current method of building this menu is very inefficient (see T10077). Particularly, we have to build it //twice// because we need to build it once to render the item and then again to render the dropdown options.

Start cleaning this up. This diff doesn't actually have any behavioral changes, since I can't swap the menu over until we get rid of all the other items and I haven't extended this to Notifications/Conpherence yet so it doesn't actually fix T8918.

Test Plan: Viewed menus while logged in, logged out, in different applications, in desktop/mobile. Nothing appeared different.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T8918, T10077

Differential Revision: https://secure.phabricator.com/D14922
2016-01-04 06:57:09 -08:00
Nick Zheng
8eec9e2c0e Provide a more straightforward way to revoke SSH keys by finding and destroying the objects
Summary: Ref T9967

Test Plan:
Ran migrations.
Verified database populated properly with PHIDs (SELECT * FROM auth_sshkey;).
Ran auth.querypublickeys conduit method to see phids show up
Ran bin/remove destroy <phid>.
Viewed the test key was gone.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin

Maniphest Tasks: T9967

Differential Revision: https://secure.phabricator.com/D14823
2015-12-19 11:52:26 -08:00
epriestley
5d76a4b0a2 Improve handling of multiple edit forms when logged out
Summary:
Ref T10004. Currently, when a logged-out user visits an application like Maniphest, we show them a disabled "Create Task" button with no dropdown menu.

This is technically correct in some sense because none of the items in the menu will work, but we can be more helpful and show the items, just in a disabled state:

{F1028903}

When the user clicks these, they'll be pushed through the login flow and (after D14804) end up on the same page they were on when they selected the item. From here, they can proceed normally.

I changed "...to continue." to "...to take this action." to hopefully be a little more clear. In particular, we do not //continue// the action after you log in: you end up back on the same page you started on. For example, if you clicked "Create New Bug" from the list view, you end up back on the list view and need to click "Create New Bug" again. If you clicked "Edit Task" from some task detail page, you end up on the task detail page and have to click "Edit Task" again.

I think this behavior is always very good. I think it is often the best possible behavior: for actions like "Edit Blocking Tasks" and "Merge Duplicates In", the alternatives I can see are:

  - Send user back to task page (best?)
  - Send user to standalone page with weird dialog on it and no context (underlying problem behavior all of this is tackling, clearly not good)
  - Send user back to task page, but with dialog open (very complicated, seems kind of confusing/undesirable?)

For actions like "Create New Bug" or "Edit Task", we have slightly better options:

  - Send user back to task page (very good?)
  - Send user to edit/create page (slightly better?)

However, we have no way to tell if a Workflow "makes sense" to complete in a standalone way. That is, we can't automatically determine which workflows are like "Edit Task" and which workflows are like "Merge Duplicates In".

Even within an action, this distinction is not straightforward. For example, "Create Task" can standalone from the Maniphest list view, but should not from a Workboard. "Edit Task" can standalone from the task detail page, but should not from an "Edit" pencil action on a list or a workboard.

Since the simpler behavior is easy, very good in all cases, often the best behavior, and never (I think?) confusing or misleading, I don't plan to puruse the "bring you back to the page, with the dialog open" behavior at any point. I'm theoretically open to discussion here if you REALLY want the dialogs to pop open magically but I think it's probably a lot of work.

Test Plan: As a logged out user, clicked "Create Task". Got a dropdown showing the options available to me if I log in. Clicked one, logged in, ended up in a reasonable place (the task list page where I'd started).

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10004

Differential Revision: https://secure.phabricator.com/D14806
2015-12-17 08:30:54 -08:00
epriestley
e869e7df0b When logged-out users hit a "Login Required" dialog, try to choose a better "next" URI
Summary:
Ref T10004. After a user logs in, we send them to the "next" URI cookie if there is one, but currently don't always do a very good job of selecting a "next" URI, especially if they tried to do something with a dialog before being asked to log in.

In particular, if a logged-out user clicks an action like "Edit Blocking Tasks" on a Maniphest task, the default behavior is to send them to the standalone page for that dialog after they log in. This can be pretty confusing.

See T2691 and D6416 for earlier efforts here. At that time, we added a mechanism to //manually// override the default behavior, and fixed the most common links. This worked, but I'd like to fix the //default// beahvior so we don't need to remember to `setObjectURI()` correctly all over the place.

ApplicationEditor has also introduced new cases which are more difficult to get right. While we could get them right by using the override and being careful about things, this also motivates fixing the default behavior.

Finally, we have better tools for fixing the default behavior now than we did in 2013.

Instead of using manual overrides, have JS include an "X-Phabricator-Via" header in Ajax requests. This is basically like a referrer header, and will contain the page the user's browser is on.

In essentially every case, this should be a very good place (and often the best place) to send them after login. For all pages currently using `setObjectURI()`, it should produce the same behavior by default.

I'll remove the `setObjectURI()` mechanism in the next diff.

Test Plan: Clicked various workflow actions while logged out, saw "next" get set to a reasonable value, was redirected to a sensible, non-confusing page after login (the page with whatever button I clicked on it).

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10004

Differential Revision: https://secure.phabricator.com/D14804
2015-12-17 08:30:03 -08:00
epriestley
6c4c93a091 Allow login to be disabled for authentication providers
Summary:
Fixes T9997. This was in the database since v0, I just never hooked up the UI since it wasn't previously meaningful.

However, it now makes sense to have a provider like Asana with login disabled and use it only for integrations.

Test Plan: Disabled login on a provider, verified it was no longer available for login/registration but still linkable.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9997

Differential Revision: https://secure.phabricator.com/D14794
2015-12-15 15:03:06 -08:00
epriestley
91447c54bc Write 500 words on how to restart webservers
Summary:
Fixes T9874.

  - Stop using the phrase "restart your webserver". Instead, say "restart Phabricator".
  - Write a document explaining that "Restart Phabricator" means to restart all of the server processes, depending on how your configuration is set up, and approximately how to do that.
  - Link to this document.
  - In places where we are not specifically giving instructions and the user isn't expected to do anything, be intentionally vague so as to avoid being misleading.

Test Plan:
  - Read document.
  - Hit "exetnsion" and "PHP config" setup checks, got "restart Phabricator" with documentation links in both cases.

Reviewers: chad

Maniphest Tasks: T9874

Differential Revision: https://secure.phabricator.com/D14636
2015-12-02 09:16:10 -08:00
Aviv Eyal
e8fdf478bb JIRA Integration: Link and/or Comment
Summary:
Current JIRA integration is quite noisy in terms of email, and makes users hunt and peck for the related revisions.

Teach it to create an Issue Link on the JIRA side, and allow to disable commenting.

Test Plan: comment on revision in each of the 4 settings, check JIRA end for expected result.

Reviewers: btrahan, eMxyzptlk, epriestley, #blessed_reviewers, avivey

Reviewed By: epriestley, #blessed_reviewers

Subscribers: avivey, vhbit, jra3, eMxyzptlk, frenchs, aik099, svemir, rmuslimov, cpa199, waynea, epriestley, Korvin, hach-que

Projects: #doorkeeper

Maniphest Tasks: T5422

Differential Revision: https://secure.phabricator.com/D9858
2015-11-12 19:30:43 +00:00
epriestley
1b00ef08a0 Remove some low-hanging buildStandardPageResponse() methods
Summary: Ref T9690. I wanted to do an example of how to do these but it looks like most of them are trivial (no callsites) and the rest are a little tricky (weird interaction with frames, or in Releeph).

Test Plan:
  - Used `grep` to look for callsites.
  - Hit all applications locally, everything worked.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9690

Differential Revision: https://secure.phabricator.com/D14385
2015-11-03 10:11:36 -08:00
Joshua Spence
c35b564f4d Various translation improvements
Summary: Depends on D14070.

Test Plan: Eyeball it.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, hach-que

Differential Revision: https://secure.phabricator.com/D14073
2015-11-03 07:02:46 +11:00
Joshua Spence
495cb7a2e0 Mark PhabricatorPHIDType::getPHIDTypeApplicationClass() as abstract
Summary: Fixes T9625. As explained in a `TODO` comment, seems reasonable enough.

Test Plan: Unit tests.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, hach-que

Maniphest Tasks: T9625

Differential Revision: https://secure.phabricator.com/D14068
2015-11-03 06:47:12 +11:00
epriestley
59c9317101 Prevent mailing lists from being bin/auth recover'd
Summary:
Fixes T9610.

  - We currently permit you to `bin/auth recover` users who can not establish web sessions (but this will never work). Prevent this.
  - We don't emit a tailored error if you follow one of these links. Tailor the error.

Even with the first fix, you can still hit the second case by doing something like:

  - Recover a normal user.
  - Make them a mailing list in the DB.
  - Follow the recovery link.

The original issue here was an install that did a large migration and set all users to be mailing lists. Normal installs should never encounter this, but it's not wholly unreasonable to have daemons or mailing lists with the administrator flag.

Test Plan:
  - Tried to follow a recovery link for a mailing list.
  - Tried to generate a recovery link for a mailing list.
  - Generated and followed a recovery link for a normal administrator.

{F906342}

```
epriestley@orbital ~/dev/phabricator $ ./bin/auth recover tortise-list
Usage Exception: This account ("tortise-list") can not establish web sessions, so it is not possible to generate a functional recovery link. Special accounts like daemons and mailing lists can not log in via the web UI.
```

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9610

Differential Revision: https://secure.phabricator.com/D14325
2015-10-24 18:12:56 -07:00
epriestley
b038041dc6 Prevent duplicate account links from being created by swapping logins and then refreshing the link
Summary:
Fixes T6707. Users can currently do this:

  - Log in to a service (like Facebook or Google) with account "A".
  - Link their Phabricator account to that account.
  - Log out of Facebook, log back in with account "B".
  - Refresh the account link from {nav Settings > External Accounts}.

When they do this, we write a second account link (between their Phabricator account and account "B"). However, the rest of the codebase assumes accounts are singly-linked, so this breaks down elsewhere.

For now, decline to link the second account. We'll permit this some day, but need to do more work to allow it, and the need is very rare.

Test Plan:
  - Followed the steps above, hit the new error.
  - Logged back in to the proper account and did a link refresh (which worked).

{F905562}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T6707

Differential Revision: https://secure.phabricator.com/D14319
2015-10-24 04:50:36 -07:00
epriestley
9c798e5cca Provide bin/garbage for interacting with garbage collection
Summary:
Fixes T9494. This:

  - Removes all the random GC.x.y.z config.
  - Puts it all in one place that's locked and which you use `bin/garbage set-policy ...` to adjust.
  - Makes every TTL-based GC configurable.
  - Simplifies the code in the actual GCs.

Test Plan:
  - Ran `bin/garbage collect` to collect some garbage, until it stopped collecting.
  - Ran `bin/garbage set-policy ...` to shorten policy. Saw change in web UI. Ran `bin/garbage collect` again and saw it collect more garbage.
  - Set policy to indefinite and saw it not collect garabge.
  - Set policy to default and saw it reflected in web UI / `collect`.
  - Ran `bin/phd debug trigger` and saw all GCs fire with reasonable looking queries.
  - Read new docs.

{F857928}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9494

Differential Revision: https://secure.phabricator.com/D14219
2015-10-02 09:17:24 -07:00
epriestley
878a493301 Begin standardizing garbage collectors
Summary: Ref T9494. Improve support infrastructure for garbage collectors.

Test Plan:
  - Ran `bin/phd debug trigger`, saw collectors execute.

{F857852}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9494

Differential Revision: https://secure.phabricator.com/D14218
2015-10-01 16:58:43 -07:00
epriestley
0449a07f53 Add bin/auth unlimit and clean up a TODO
Summary:
I stumbled across this TODO and was worried that there was a glaring hole in MFA that I'd somehow forgotten about, but the TODO is just out of date.

These actions are rate limited properly by `PhabricatorAuthTryFactorAction`, which permits a maximum of 10 actions per hour.

  - Remove the TODO.
  - Add `bin/auth unlimit` to make it easier to reset rate limits if someone needs to do that for whatever reason.

Test Plan:
  - Tried to brute force through MFA.
  - Got rate limited properly after 10 failures.
  - Reset rate limit with `bin/auth unlimit`.
  - Saw the expected number of actions clear.

{F805288}

Reviewers: chad

Reviewed By: chad

Subscribers: joshuaspence

Differential Revision: https://secure.phabricator.com/D14105
2015-09-14 07:03:39 -07:00
epriestley
5dccc14bbf Modularize generation of supplemental login messages
Summary:
Ref T9346. This mostly allows us to give users additional advice based on which instance they are trying to log in to in the Phacility cluster.

It's also slightly more flexible than `auth.login-message` was, and maybe we'll add some more hooks here eventually.

This feels like it's a sidegrade in complexity rather than really an improvement, but not too terrible.

Test Plan:
  - Wrote the custom handler in T9346 to replicate old config functionality.
  - Wrote a smart handler for Phacility that can provide context-sensitive messages based on which OAuth client you're trying to use.

See new message box at top (implementation in next diff):

{F780375}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9346

Differential Revision: https://secure.phabricator.com/D14057
2015-09-04 10:34:39 -07:00
epriestley
29948eaa5b Use phutil_hashes_are_identical() when comparing hashes in Phabricator
Summary: See D14025. In all cases where we compare hashes, use strict, constant-time comparisons.

Test Plan: Logged in, logged out, added TOTP, ran Conduit, terminated sessions, submitted forms, changed password. Tweaked CSRF token, got rejected.

Reviewers: chad

Reviewed By: chad

Subscribers: chenxiruanhai

Differential Revision: https://secure.phabricator.com/D14026
2015-09-01 15:52:44 -07:00
epriestley
b4b5d60f77 Fix 'key'/'type' swap in email reset / one-time-login controller
Summary: Fixes T9046. These got swapped around during refactoring.

Test Plan:
  - Used `bin/auth recover` prior to patch (failed).
  - Used `bin/auth recover` after patch (worked).

Reviewers: joshuaspence, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T9046

Differential Revision: https://secure.phabricator.com/D13778
2015-08-03 08:01:43 -07:00
Chad Little
36103dfa18 Update Auth for handleRequest
Summary: Updates Auth app for handleRequest

Test Plan: Tested what I could, Log in, Log out, Change Password, New account, Verify account... but extra eyes very helpful here.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T8628

Differential Revision: https://secure.phabricator.com/D13748
2015-08-01 16:49:27 -07:00
Joshua Spence
f695dcea9e Use PhutilClassMapQuery
Summary: Use `PhutilClassMapQuery` where appropriate.

Test Plan: Browsed around the UI to verify things seemed somewhat working.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D13429
2015-07-07 22:51:57 +10:00
epriestley
7d7e13d79b Merge branch 'master' into redesign-2015 2015-06-19 08:33:30 -07:00
Chad Little
801607381d [Redesign] PhabricatorApplicationSearchResultView
Summary: Ref T8099. This adds a new class which all search engines return for layout. I thought about this a number of ways, and I think this is the cleanest path. Each Engine can return whatever UI bits they needs, and AppSearch or Dashboard picks and lays the bits out as needed. In the AppSearch case, interfaces like Notifications, Calendar, Legalpad all need more custom layouts. I think this also leaves a resonable path forward for NUX as well. Also, not sure I implemented the class correctly, but assume thats easy to fix?

Test Plan: Review and do a search in each application changed. Grep for all call sites.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T8099

Differential Revision: https://secure.phabricator.com/D13332
2015-06-19 11:46:20 +01:00
Joshua Spence
4761cb8d73 Use PhutilInvalidStateException
Summary: Use `PhutilInvalidStateException` where appropriate.

Test Plan: Eyeball it.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D13327
2015-06-18 07:09:02 +10:00
epriestley
53ef057b1b Merge branch 'master' into redesign-2015 2015-06-15 08:06:23 -07:00