1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-28 17:52:43 +01:00
Commit graph

6278 commits

Author SHA1 Message Date
epriestley
8efea3abe9 Add a configuration warning when memory_limit will limit file uploads
Summary: Fixes T6011. See that task for discussion. We can detect when `memory_limit` will be the limiting factor for drag-and-drop uploads and warn administrators about it.

Test Plan: Fiddled configuration values and hit, then resolved, the issue.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6011

Differential Revision: https://secure.phabricator.com/D10413
2014-09-04 12:48:34 -07:00
epriestley
a6296a64a4 Allow Passphrase to store empty secrets
Summary: Fixes T6001. We currently don't allow empty secrets, but accounts with no password are occasionally used in the wild.

Test Plan:
  - Created a credential with an empty secret.
  - Revealed secret, saw empty message.
  - Edited it (no form changes), saw secret unchanged.
  - Changed it to a nonempty secret.
  - Revealed nonempty secret.
  - Edited it (no form changes), saw secret unchanged.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6001

Differential Revision: https://secure.phabricator.com/D10414
2014-09-04 12:48:05 -07:00
epriestley
4d3cc7b28d Use %s, not %d, to encode a 64-bit integer for a query
Summary: Fixes T5982. Probably. I'm just guessing here but like 95% sure this will fix it and 99% sure it won't hurt/break anything.

Test Plan: Still works on my 64-bit install, for what little that's worth.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5982

Differential Revision: https://secure.phabricator.com/D10415
2014-09-04 12:47:51 -07:00
epriestley
d8e3f2edf2 Move column hide/show to the column context menu on workboards
Summary: Fixes T5993. Now that we have a context menu we can make some edit operations easier to access.

Test Plan: Toggled column visibility. Verified board state (columns shown/hidden, ordering) was retained.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5993

Differential Revision: https://secure.phabricator.com/D10417
2014-09-04 12:47:32 -07:00
Bob Trahan
2f4addc671 Diffusion / Herald - tweak "Accepted Differential Revision exists" Herald field
Summary: make it use the value of the revision before any post-commit magic has occurred. Fixes T4754

Test Plan: made a herald rule that said "if revision exists, and revision accept does not exists, block push". tried to push a commit that had a revision that wasn't accepted and I was blocked.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: mbishopim3, epriestley, Korvin

Maniphest Tasks: T4754, T4574

Differential Revision: https://secure.phabricator.com/D10393
2014-09-03 15:28:12 -07:00
Bob Trahan
7ecbc70784 Daemons - handle daemons that can't be killed a bit better
Summary:
Ref T2374. Fixes T5988.

Keep track of what's been killed and not been killed, and surface that maybe you need sudo if things don't get killed with --force

...also basically make this force thing work. I managed to convinced myself stuff was getting killed with --force when it mostly wasn't. Make sure the --force parameter gets pushed as low as it needs to go to have things get killed.

Test Plan:
 - `sudo ./bin/phd restart`
 - `rm -rf /var/tmp/phd/pid/*`
 - `./bin/phd stop` --> get warning about rogue daemons
 - `./bin/phd stop X` --> get warning about no running daemons
 - `./bin/phd stop --force` --> get warning about not being able to kill daemons
 - `sudo ./bin/phd stop --force` --> kill daemons successfully

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T2374, T5988

Differential Revision: https://secure.phabricator.com/D10386
2014-09-03 15:19:02 -07:00
Bob Trahan
b60d0c338a Maniphest - always cc the user, including when creating from template
Summary: Ref T6031. I figure its totally cool to include the user creating the task as a subscriber, even if from the template case, so just do that there too. Code is written such that if the user wasn't already in the subscriber case they end up being the last person in the tokenizer. Theoretically this should make any users who didn't want to be automagically subscribed via the create from template case to remove themselves.

Test Plan: made a template from a task that didn't have me as a subscriber initially and observed i was a subscriber.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T6031

Differential Revision: https://secure.phabricator.com/D10408
2014-09-03 13:08:52 -07:00
Bob Trahan
b2d5968460 Maniphest - make custom fields always render last
Summary: Fixes T6029. We should append custom fields last so they show up after things like projects, tokens, etc that render via UI events.

Test Plan: viewed a task with custom fields and projects was last

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T6029

Differential Revision: https://secure.phabricator.com/D10407
2014-09-03 12:49:24 -07:00
James Rhodes
d7f51325e3 Populate results of DiffusionQueryCommitsConduitAPIMethod with DiffusionLowLevelCommitQuery
Summary:
Ref T2783.  This populates the following fields in DiffusionQueryCommitsConduitAPIMethod using DiffusionLowLevelCommitQuery when `bypassCache` is set to true:

  * `authorName`
  * `authorEmail`
  * `committerName`
  * `committerEmail`
  * `message`
  * `hashes`

The original outline called for `authorPHID` and `committerPHID` as well (but no `message` field).  As far as I can tell, the PHIDs aren't actual a property on `DiffusionCommitRef`, and since the intention of this is to be able to populate a `DiffusionCommitRef`, I haven't included them.  Let me know if we really do need the PHIDs here.

Test Plan: Tested using 3 Phabricator instances (one web, one taskmaster and one storage).  The web and taskmaster tiers are directed at the Conduit API of the storage tier.  Made a `diffusion.querycommits` from the Conduit app on the web tier instance and saw the data populated from the raw VCS data (located on the storage tier).

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Maniphest Tasks: T2783

Differential Revision: https://secure.phabricator.com/D10399
2014-09-03 22:49:44 +10:00
epriestley
df3ddd5de4 Fix bin/phd log instructions
Summary: The command takes `--id` (since recently?), fix command prompt.

Test Plan: `bin/phd help log`

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D10404
2014-09-02 17:11:36 -07:00
epriestley
957c1d6602 Add a setting for selecting SMTP mail encoding
Summary:
Fixes T5956. We changed the default mail encoding to `quoted-printable` to fix delivery via SendGrid via SMTP, but this broke multiple other mailers.

  - Change the default back to 8bit (which works everywhere except SendGrid).
  - Add a configuration setting for selecting `quoted-printable`.
  - Document this issue.
  - Discourage use of SendGrid in documentation.

(IMPORTANT) @klimek @nickz This reverts the `quoted-printable` fix for SendGrid. You will need to adjust your configurations (set `phpmailer.smtp-encoding` to `quoted-printable`) and restart your daemons or mail will get double newlines again.

Test Plan:
  - Sent mail via SendGrid with various `phpmailer.smtp-encoding` settings, saw mail arrive with specified encoding.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: klimek, nickz, epriestley

Maniphest Tasks: T5956

Differential Revision: https://secure.phabricator.com/D10397
2014-09-02 10:47:34 -07:00
Bob Trahan
b93bc7e479 phutil_utf8_shorten => PhutilUTF8StringTruncator
Summary: Ref T3307. Only one I thought was tricky was Excel; I went with bytes there like it was email.

Test Plan: played around on a few endpoints but mostly thought carefully

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T3307

Differential Revision: https://secure.phabricator.com/D10392
2014-08-29 15:15:13 -07:00
Bob Trahan
482784b9b2 Flag - fix purple flag
Summary: purple != violet, and in our CSS we call these things by the fanciest of terms. Fixes T5995.

Test Plan: flagged something purple and saw that the "remove purple flag" flag was indeed purple. quickly tested other colors and they all seem good too.

Reviewers: epriestley, chad

Reviewed By: chad

Subscribers: epriestley, Korvin

Maniphest Tasks: T5995

Differential Revision: https://secure.phabricator.com/D10389
2014-08-29 14:40:16 -07:00
Bob Trahan
546d092ebd Ponder - fix redirect after leaving a question comment
Summary: we did some security lock down on URI stuff and I think this was a casualty. Fixes T5992.

Test Plan: left a comment, got redirected. no more 500 response.

Reviewers: chad, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5992

Differential Revision: https://secure.phabricator.com/D10388
2014-08-29 11:33:36 -07:00
epriestley
340b40172f Tweak --limit for bin/phd log
Summary:
Ref T5405.

  - `--limit` wasn't actually used anywhere.
  - Make it mean "the N newest lines".

Test Plan: Ran `bin/phd log`, `bin/phd log --limit 3`.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5405

Differential Revision: https://secure.phabricator.com/D10385
2014-08-29 10:02:19 -07:00
James Rhodes
f015cb50fe Prevent "Wait for Build Commits" from creating billions of logs
Summary:
Resolves T5987.  This build step was at some point converted to use yielding, which meant that whenever the build step executes it will create a new log.  This checks to see if there is an existing log before creating a new one and uses that instead.

Long term we're going to need some way of attaching data to `PhabricatorWorkerYieldException` that can be read when the build step starts again; this will allow us to move more build steps off `while (...) { ... sleep(X); }` loops and onto yielding.

Test Plan: Tested locally.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley

Maniphest Tasks: T5987

Differential Revision: https://secure.phabricator.com/D10383
2014-08-30 02:11:45 +10:00
Bob Trahan
d1936711a0 Diffusion - replace last hg manifest call with hg locate
Summary: Fixes T4387.

Test Plan: Setup a mercurial repository for rabbitmq-server. Browsed around it and things looked good.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4387

Differential Revision: https://secure.phabricator.com/D10380
2014-08-28 13:08:42 -07:00
James Rhodes
2fd395e859 Allow pre-commit adapter to use custom actions
Summary: Looks like I missed this when implementing custom actions and hence you can't currently use custom actions on the pre-commit adapters.

Test Plan: Added a custom action to a pre-commit Herald rule.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D10316
2014-08-28 10:59:30 +10:00
James Rhodes
b163883d88 Hide "Warning: Permanently added ... to the list of known hosts." in Harbormaster
Summary: Ref T1049.  This messages is always printed to standard error now that the known hosts file is set to /dev/null.  This hides the warning so that we'll be able to parse stderr for Windows hosts (where Powershell decides to output XML...)

Test Plan: Tested locally and verified the warning no longer appears.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T1049

Differential Revision: https://secure.phabricator.com/D10362
2014-08-28 08:24:04 +10:00
James Rhodes
a26c6147f5 Prevent artifact key collision when builds are restarted
Summary: Ref T1049.  Because we no longer destroy artifacts when builds are restarted, we need the build generation number to be part of the artifact key, otherwise we get collisions when restarting builds that contain build steps that emit artifacts.

Test Plan: Ran it with a build plan of "Lease Host" and "Run Command", no longer got an artifact key crash.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T1049

Differential Revision: https://secure.phabricator.com/D10336
2014-08-28 08:21:36 +10:00
James Rhodes
0e15393b46 Prevent crash when build step has been deleted on build plan
Summary: This prevents crashes when looking at builds, where the build steps have been deleted on the build plan since the build was run.  Currently the only information that's pulled from the build step is the description (because this was too large to copy to every target).

Test Plan: Tested it locally.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D10361
2014-08-28 08:20:11 +10:00
Bob Trahan
06882a99cf Daemons - move combined log to console
Summary: Fixes T5405.

Test Plan: ran a few commands (log, log --id X --id Y, log --id BADX, log --id BADX --id BADY) and verified good output

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5405

Differential Revision: https://secure.phabricator.com/D10371
2014-08-27 14:53:38 -07:00
Bob Trahan
2fdd7f0f3d Daemons - better handle rogue daemons from phd
Summary: Ref T2374. While building D10367 I noticed that phd was finding rogue daemons way more than it should be. Re-jigger this code path so rogue daemons are checked for *after* we've dealt with known daemons. This keeps the logic pretty simple overall.

Test Plan: phd start; kill pid files; phd stop and get the right warning; phd stop --force and it kills the rogue demons. phd stop in normal conditions no longer reporting rogue daemons erroneously

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T2374

Differential Revision: https://secure.phabricator.com/D10368
2014-08-27 12:24:06 -07:00
Bob Trahan
85b767bbdc Notifications - fix pager
Summary: D10281 upgraded us to modern infrastructure but I think forget to set this little helper to return true. Fixes T5975.

Test Plan: paged through notifications with glee

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5975

Differential Revision: https://secure.phabricator.com/D10369
2014-08-27 12:23:55 -07:00
Bob Trahan
c2874945c8 Daemons - add status of environment to daemon console, etc
Summary: Shows the UI everywhere. Also asort() the keys before calculating the environment hash as that is probably an issue for someone at some point we just don't need to have. Ref T5968.

Test Plan: Viewed the setup check and saw a link to the daemon console. Viewed the daemon console and saw the various stale config daemons. Clicked a daemon and saw a "stale config" header icon where expected. Restarted daemons and all of this went away.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5968

Differential Revision: https://secure.phabricator.com/D10367
2014-08-27 11:35:21 -07:00
James Rhodes
0988ddbf2f Don't render HTML for "user answered question" transaction if the rendering target is not HTML
Summary:
Resolves T5817.  Continuation of D10231.

This corrects the rendering of the "user answered question" transaction so that it does not incorrectly attempt to render the question handle as HTML in emails if the rendering target is not HTML.

Test Plan: Used `bin/mail show-outbound` to verify that the email didn't contain escaped HTML when answering a question.

Reviewers: #blessed_reviewers, btrahan, epriestley

Reviewed By: #blessed_reviewers, btrahan, epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5817

Differential Revision: https://secure.phabricator.com/D10319
2014-08-27 08:28:45 +10:00
James Rhodes
ddfa5cbdf6 Remove setWorkingDirectory call on SFTP interface
Summary: I derped on this; the SFTP interface doesn't have setWorkingDirectory because it implements DrydockFilesystemInterface and not DrydockCommandInterface.  So when you use the Upload File build step, the daemon will crash due to an undefined method.

Test Plan: Tested on my live server.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D10351
2014-08-27 08:27:46 +10:00
James Rhodes
3049e46875 Fix redirects in Phragment
Summary: This fixes the ZIP controller redirect in Phragment after the external redirect change.

Test Plan: Tested it on my server.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin, hach-que

Differential Revision: https://secure.phabricator.com/D10350
2014-08-27 08:26:37 +10:00
Bob Trahan
7cdee1884e Feed - permenantly fail publish workers if the uri they are posting to is not in configu
Summary: Fixes T5958

Test Plan: i just used the ole logic noodle on this one

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5958

Differential Revision: https://secure.phabricator.com/D10359
2014-08-26 15:05:54 -07:00
epriestley
69b0ac724a Render remarkup in feed in a mostly reasonable way
Summary:
Fixes T4057. This sort of sidesteps the trickiest (but very rare) case of things like embedded slowvotes. We might be able to refine that later.

In the common bad case (macros, large images) it gets reasonable results by using `overflow: hidden` with `max-height`.

We use `PhabriatorMarkupEngine::summarize()` to try to just render the first paragraph.

Test Plan: {F195093}

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4057

Differential Revision: https://secure.phabricator.com/D10355
2014-08-26 14:36:35 -07:00
Bob Trahan
d13d6963dd phd - make stop / restart savvy to daemons without pid files
Summary: Ref T2374. This currently doesn't work in that while the daemons are stopped, they are restarted. How do I stop them for good? (If it worked I'd also give it a little pass for variable names, etc quality stuff)

Test Plan:
```
14:09:20 ~/Dropbox/code/phalanx (T2374)
~> sudo ./bin/phd restart
There are no running Phabricator daemons.
Freeing active task leases...
Freed 0 task lease(s).
Preparing to launch daemons.
NOTE: Logs will appear in '/var/tmp/phd/log/daemons.log'.

Launching daemon "PhabricatorRepositoryPullLocalDaemon".
Launching daemon "PhabricatorGarbageCollectorDaemon".
Launching daemon "PhabricatorTaskmasterDaemon".
Launching daemon "PhabricatorTaskmasterDaemon".
Launching daemon "PhabricatorTaskmasterDaemon".
Launching daemon "PhabricatorTaskmasterDaemon".
Done.
14:09:30 ~/Dropbox/code/phalanx (T2374)
~> rm -rf /var/tmp/phd/pid/*
14:09:42 ~/Dropbox/code/phalanx (T2374)
~> sudo ./bin/phd stop
There are no running Phabricator daemons.
There are processes running that look like Phabricator daemons but have no corresponding PID files:

php /Users/btrahan/Dropbox/code/libphutil/scripts/daemon/exec/exec_daemon.php PhabricatorRepositoryPullLocalDaemon --load-phutil-library=/Users/btrahan/Dropbox/code/arcanist/src --load-phutil-library=/Users/btrahan/Dropbox/code/phalanx/src --log=/var/tmp/phd/log/daemons.log --
php /Users/btrahan/Dropbox/code/libphutil/scripts/daemon/exec/exec_daemon.php PhabricatorGarbageCollectorDaemon --load-phutil-library=/Users/btrahan/Dropbox/code/arcanist/src --load-phutil-library=/Users/btrahan/Dropbox/code/phalanx/src --log=/var/tmp/phd/log/daemons.log --
php /Users/btrahan/Dropbox/code/libphutil/scripts/daemon/exec/exec_daemon.php PhabricatorTaskmasterDaemon --load-phutil-library=/Users/btrahan/Dropbox/code/arcanist/src --load-phutil-library=/Users/btrahan/Dropbox/code/phalanx/src --log=/var/tmp/phd/log/daemons.log --
php /Users/btrahan/Dropbox/code/libphutil/scripts/daemon/exec/exec_daemon.php PhabricatorTaskmasterDaemon --load-phutil-library=/Users/btrahan/Dropbox/code/arcanist/src --load-phutil-library=/Users/btrahan/Dropbox/code/phalanx/src --log=/var/tmp/phd/log/daemons.log --
php /Users/btrahan/Dropbox/code/libphutil/scripts/daemon/exec/exec_daemon.php PhabricatorTaskmasterDaemon --load-phutil-library=/Users/btrahan/Dropbox/code/arcanist/src --load-phutil-library=/Users/btrahan/Dropbox/code/phalanx/src --log=/var/tmp/phd/log/daemons.log --
php /Users/btrahan/Dropbox/code/libphutil/scripts/daemon/exec/exec_daemon.php PhabricatorTaskmasterDaemon --load-phutil-library=/Users/btrahan/Dropbox/code/arcanist/src --load-phutil-library=/Users/btrahan/Dropbox/code/phalanx/src --log=/var/tmp/phd/log/daemons.log --
php /Users/btrahan/Dropbox/code/phalanx/scripts/daemon/phd-daemon PhabricatorRepositoryPullLocalDaemon --daemonize --log=/var/tmp/phd/log/daemons.log --phd=/var/tmp/phd/pid
php /Users/btrahan/Dropbox/code/phalanx/scripts/daemon/phd-daemon PhabricatorGarbageCollectorDaemon --daemonize --log=/var/tmp/phd/log/daemons.log --phd=/var/tmp/phd/pid
php /Users/btrahan/Dropbox/code/phalanx/scripts/daemon/phd-daemon PhabricatorTaskmasterDaemon --daemonize --log=/var/tmp/phd/log/daemons.log --phd=/var/tmp/phd/pid
php /Users/btrahan/Dropbox/code/phalanx/scripts/daemon/phd-daemon PhabricatorTaskmasterDaemon --daemonize --log=/var/tmp/phd/log/daemons.log --phd=/var/tmp/phd/pid
php /Users/btrahan/Dropbox/code/phalanx/scripts/daemon/phd-daemon PhabricatorTaskmasterDaemon --daemonize --log=/var/tmp/phd/log/daemons.log --phd=/var/tmp/phd/pid
php /Users/btrahan/Dropbox/code/phalanx/scripts/daemon/phd-daemon PhabricatorTaskmasterDaemon --daemonize --log=/var/tmp/phd/log/daemons.log --phd=/var/tmp/phd/pid

Stop these processes by re-running this command with the --force parameter.
14:09:47 ~/Dropbox/code/phalanx (T2374)
~> sudo ./bin/phd stop --force
Interrupting daemon 'Rogue daemon' (66167)...
Interrupting daemon 'Rogue daemon' (66174)...
Interrupting daemon 'Rogue daemon' (66177)...
Interrupting daemon 'Rogue daemon' (66191)...
Interrupting daemon 'Rogue daemon' (66193)...
Interrupting daemon 'Rogue daemon' (66196)...
Interrupting daemon 'Rogue overseer' (66166)...
Interrupting daemon 'Rogue overseer' (66169)...
Interrupting daemon 'Rogue overseer' (66175)...
Interrupting daemon 'Rogue overseer' (66189)...
Interrupting daemon 'Rogue overseer' (66192)...
Interrupting daemon 'Rogue overseer' (66195)...
Daemon 66167 exited.
Daemon 66174 exited.
Daemon 66177 exited.
Daemon 66191 exited.
Daemon 66193 exited.
Daemon 66196 exited.
Daemon 66166 exited.
Daemon 66169 exited.
Daemon 66175 exited.
Daemon 66189 exited.
Daemon 66192 exited.
Daemon 66195 exited.
```

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T2374

Differential Revision: https://secure.phabricator.com/D10354
2014-08-26 14:12:31 -07:00
epriestley
912b4c564d Allow "Track Only" and "Autoclose" to accept regular expressions
Summary: Fixes T2564. See screenshot.

Test Plan:
{F194796}

  - Made a bunch of valid and invalid adjustments here and verified that the branches table showed autoclose state and branches consistent with the settings.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T2564

Differential Revision: https://secure.phabricator.com/D10349
2014-08-26 13:28:55 -07:00
James Rhodes
51b34c0544 Abort previous build targets when a build is restarted
Summary: Ref T5936. This implements build implementations aborting early when the build has since been restarted.   Build steps now periodically poll to see if the build's current generation does not match their generation, and they throw a `HarbormasterBuildAbortedException` if that is the case.

Test Plan: Tested locally on my machine with the sleep build step.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5936

Differential Revision: https://secure.phabricator.com/D10322
2014-08-26 20:46:23 +10:00
epriestley
53a678c568 Improve documentation and tooling around autoclose
Summary:
Fixes T4767. I believe 80% of this was actually caused by the author issue fixed in T5771, but this should help make the other 20% debuggable.

  - Record why we didn't autoclose a commit when we process it.
  - Show branch autoclose status in the main branch table.
  - Show commit autoclose status on the edit screen.
  - Add documentation about how to find these statuses and what they mean.

Test Plan:
  - Read documentation.
  - Viewed branches and hovered over the various states.
  - Viewed commits in various states and checked the "Autoclose?" field.
  - Pushed some commits and saw autoclose activate.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4767

Differential Revision: https://secure.phabricator.com/D10348
2014-08-25 16:14:19 -07:00
epriestley
6dd82d86a2 Provide some hints for Amazon RDS configuration
Summary: Fixes T2605. Provide some instructions on configuring RDS properly. The "DB Parameter Group" thing in the web UI seems pretty easy to use, it's just not obvious that it's what you should be using.

Test Plan: Jiggled these warnings to trigger them, viewed the output, saw a table of values and a hint about RDS.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T2605

Differential Revision: https://secure.phabricator.com/D10343
2014-08-25 11:41:40 -07:00
epriestley
7e655da977 Use a single newline between HTML mail sections
Summary: Ref T992. This makes HTML mail layout more consistent with text mail layout and fixes my greatest annoyance with it.

Test Plan: Used `bin/mail list-outbound --id <id> --dump-html` to view mail in Safari, saw it have a normal amount of whitespace between sections.

Reviewers: btrahan, talshiri, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T992

Differential Revision: https://secure.phabricator.com/D10344
2014-08-25 11:35:29 -07:00
epriestley
17376927e5 Allow Ponder questions and answers to be destroyed with bin/remove
Summary: Ref T5847.

Test Plan: Used `bin/remove destroy` to destroy a question. Saw the question and its answers get wiped out.

Reviewers: btrahan, shadowhand

Reviewed By: shadowhand

Subscribers: shadowhand, epriestley

Maniphest Tasks: T5847

Differential Revision: https://secure.phabricator.com/D10345
2014-08-25 08:41:03 -07:00
epriestley
3275d80cf9 Detect ft_stopword_file being unsupported
Summary:
Ref T2605. For old MySQL, this option is not supported. Catch that and tailor the error.

I couldn't find the first version of MySQL which introduced this optino in order to produce a more useful error. I spent about ~10 minutes looking.

Test Plan: Faked the error, survived setup.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T2605

Differential Revision: https://secure.phabricator.com/D10342
2014-08-25 07:30:39 -07:00
epriestley
061c1c1494 Fix undefined $repository
Auditors: btrahan
2014-08-23 03:49:06 -07:00
Bob Trahan
c1e8d97069 Diffusion - re-jigger how README files get rendered
Summary: be more aggressive about assuming plain-text, use remarkup for no extension, .remarkup, and .md, and last but not least use rainbow for .rainbow. Fixes T5818.

Test Plan: my README rendered just fine post these changes

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: asherkin, epriestley, Korvin

Maniphest Tasks: T5818

Differential Revision: https://secure.phabricator.com/D10340
2014-08-22 15:49:03 -07:00
Bob Trahan
6f246bd351 Daemons - add a config check for out of date daemon environment
Summary: Fixes T4881.

Test Plan: made a config change, saw the issue, restarted daemons and it went away

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4881

Differential Revision: https://secure.phabricator.com/D10339
2014-08-22 14:52:36 -07:00
Bob Trahan
3bc391fbc7 Paste - add created time to pastes in a list
Summary: Fixes T5943. We do this differently in different places; Audit / Differential do something like this while Pholio expands the "byLine" to include a timestamp. Go with the Audit / Differential approach, as presumably having the date as a top line, easily scannable metadata is the goal here.

Test Plan: viewed a list of pastes and saw a timestamp of creation at the top.

Reviewers: epriestley, chad

Reviewed By: chad

Subscribers: epriestley, Korvin

Maniphest Tasks: T5943

Differential Revision: https://secure.phabricator.com/D10338
2014-08-22 13:15:49 -07:00
James Rhodes
2a4a30044b Set the working directory when providing SSH / SFTP interfaces
Summary: Ref T1049.  Set the working directory when executing commands on Drydock hosts.  Without this set, they execute in the user's default home directory.

Test Plan: Ran a build and saw the correct working directory when running `pwd`.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: CanadianBadass, epriestley, Korvin

Maniphest Tasks: T1049

Differential Revision: https://secure.phabricator.com/D10293
2014-08-22 14:40:31 +10:00
Bob Trahan
d83a9c606b Emails - fix duplicate email error
Summary: $email => $e_email. Fixes T5933.

Test Plan: Added an email that was already on another account and got the proper "Duplicate" UI with the duplicate email address still entered

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5933

Differential Revision: https://secure.phabricator.com/D10334
2014-08-21 16:07:14 -07:00
epriestley
4a566f9e5d Allow passwords to be edited even if account.editable is false
Summary:
Fixes T5900. We have some very old code here which does not let you update your password if the `account.editable` flag is set.

This was approximately introduced in D890, and I think it was mostly copy/pasted at that point. I'm not sure this ever really made sense. The option is not documented as affecting this, for example. In the modern environment of auth providers, it definitely does not make sense.

Instead, always allow users to change passwords if the install has a password provider configured.

Test Plan:
  - Set `account.editable` to false.
  - Used a password reset link.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5900

Differential Revision: https://secure.phabricator.com/D10331
2014-08-21 15:35:43 -07:00
epriestley
05eb77c0a7 Mark redirects to php.net from symbols as external
Summary: Fixes T5942. These are external but currently unmarked.

Test Plan: Visited link, got redirected.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T5942

Differential Revision: https://secure.phabricator.com/D10332
2014-08-21 14:45:51 -07:00
epriestley
79c837d505 Make file handles have "/Fxxx" as the URI
Summary:
Primarily, this fixes searching for `F123` in global search.

The info URI is now a better URI than the "best" URI for files, and doesn't have redirect issues.

Test Plan: Searched for `F123` in global search.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D10330
2014-08-21 12:21:10 -07:00
epriestley
f43355855c Add bin/files compact for sharing file data storage
Summary:
Fixes T5912. When we write files, we attempt to share storage if two files have the same content.

In some cases, we may not share storage. Examples include:

  - Files migrated with `bin/files migrate` (it's simpler not to try to dedupe them).
  - Old files, from before storage was sharable (the mechanism did not exist).
  - Files broken by the bug fixed in T5912.

Add a script to compact files by pointing files with the same content hash at the same file contnet.

In the particular case of files broken by the bug in T5912, we know the hash of the file's content and will only point them at a file that we can load the data for, so this fixes them.

Compaction is not hugely useful in general, but this script isn't too complex and the ability to fix damage from the bug in T5912 is desirable. We could remove this capability eventually.

Test Plan:
  - Ran `files compact --all --dry-run` and sanity checked a bunch of the duplicates for actually being duplicates.
  - Migrated individual files with `files compact Fnnn --trace` and verified the storage compacted and all files survived the process.
  - Verified unused storage was correctly destroyed after removing the last reference to it.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5912

Differential Revision: https://secure.phabricator.com/D10327
2014-08-21 11:47:59 -07:00
epriestley
fca8b5ab1b Improve UX for repository updates
Summary:
Fixes T5926. Fixes T5830. Ref T4767. Users currently sometimes have a hard time understanding repository update frequencies. This is compounded by aggressive backoff and incorrect backoff while importing repositories.

  - Don't back off while importing repositories. This prevents us from hanging at 99.99% for inactive repositories while waiting for the next update.
  - Back off less aggressively in general, and even more gradually during the first 3 days. This should make behavior around weekends better.
  - Show update frequency in the UI.
  - Provide an explicit "update now" button to call `diffusion.looksoon` in a more user-friendly way.
  - Document how backoff policies work and how to adjust behavior.

Test Plan:
  - Ran `bin/phd debug pulllocal` and verified backoff worked correctly from debugging output.
  - Clicked "Update Now" to get a hint, reloaded page to see it update.
  - Read documentation.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4767, T5830, T5926

Differential Revision: https://secure.phabricator.com/D10323
2014-08-21 11:30:12 -07:00
epriestley
d122d9ec86 Allow users to recover from a missing password hasher
Summary:
Fixes T5934. If you hash a password with, e.g., bcrypt, and then lose the bcrypt hasher for some reason, we currently fatal when trying to figure out if we can upgrade.

Instead, detect that the current hasher implementation has vanished and let the user reset their password (for account passwords) or choose a new one (for VCS passwords)>

Test Plan:
Account password:

  - Artifically disabled bcrypt hasher.
  - Viewed password panel, saw warnings about missing hasher.
  - Used password reset workflow to change password, saw iterated MD5 hashed password get set.
  - Enabled bcrypt hasher again.
  - Saw upgrade warning.
  - Upgraded password to bcrypt.

VCS password:

  - Artificially disabled bcrypt hasher.
  - Viewed password panel, saw warnings about missing hasher.
  - Reset password.
  - Saw iterated md5 password.
  - Reenabled bcrypt.
  - Upgraded to bcrypt.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5934

Differential Revision: https://secure.phabricator.com/D10325
2014-08-21 11:30:05 -07:00
epriestley
241cfc2e83 Don't leave temporary files around when trying to use credentials with destroyed secrets
Summary: Ref T4284. This fixes at least one problem which can cause the observed behavior.

Test Plan:
  - Before applying patch, used `PHABRICATOR_CREDENTIAL=PHID-CDTL-... bin/ssh-connect` + debugging prints to verify the keyfile was written and cleaned up normally.
  - Destroyed the credental, verified the temporary file was not cleand up correctly.
  - Applied patch, verified temporary file was not written and command exited with sensible error.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4284

Differential Revision: https://secure.phabricator.com/D10328
2014-08-21 11:26:02 -07:00
epriestley
7d31ea7c55 Minor tweaks to bin/mail send-test
Summary: Clean up some arg handling stuff.

Test Plan: Used this while debugging.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D10314
2014-08-21 11:25:44 -07:00
epriestley
f50ba4fb07 Fix herald "Repository" rule for Revisions and Diffs
Summary: This was broken by rP5ac36e8 by a derpy typo.

Test Plan: Ran dry run against a revision with a a repository, saw the field fill in on the transcript.

Reviewers: nickz, btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D10326
2014-08-21 10:54:07 -07:00
epriestley
3273874744 Fix an issue with build generations not being set for strict MySQL
Summary: Target creation fatals otherwise ('buildGeneration' may not be NULL)

Auditors: hach-que
2014-08-21 09:23:48 -07:00
cburroughs
fd45f64e47 Include all audit states in audit.query
Summary:
Additional audit states were made queryable for T5871.
Include them in Conduit's audit.query as well.  In doing so corrects
references from "status-foo" to "audit-status-foo".

Depends on D10271

Test Plan: with an api, issues queries and got sensible results

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D10290
2014-08-21 06:14:23 -07:00
James Rhodes
efadfbbc97 Implement build generations in Harbormaster
Summary:
Ref T5932.  Ref T5936.  This implements build generations in Harbormaster, which provides the infrastructure required to both show users the previous states of restarted builds and to allow users to forcefully abort builds (and their targets).

You can view previous generations of a build by adding `?g=<n>` to the URI, but this isn't exposed in the UI anywhere yet.

Test Plan: Ran a build plan with a Sleep step in it.  Reconfigured it for various sleep times and viewed previous generations of the build after restarting it.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Maniphest Tasks: T5932, T5936

Differential Revision: https://secure.phabricator.com/D10321
2014-08-21 22:55:24 +10:00
James Rhodes
a2a0f002f0 Fix security.require-https by marking redirect as external
Summary:
Resolves T5937.  HTTPS redirects caused by `security.require-https` use a full scheme, domain and port in the URI.  Consequently, this causes invocation of the new external redirect logic and prevents redirection from occurring properly when accessing the HTTP version of Phabricator that has `security.require-https` turned on.

I've also fixed the automatic slash redirection logic to add the external flag where appropriate.

Test Plan: Configured SSL on my local machine and turned on `security.require-https`.  Observed the "Refusing to redirect" exception on master, while the redirect completed successfully with this patch.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5937

Differential Revision: https://secure.phabricator.com/D10318
2014-08-21 21:35:29 +10:00
James Rhodes
1ffa16aa6b Fix invalid redirect when issuing actions on buildables
Summary: Caught this with the new redirect validation logic.  The `$return_uri` was being set as just `B123` which is not valid.  Prefixing it with `/` (like is done in `HarbormasterBuildActionController` already) gives the correct result of reloading the buildable's page.

Test Plan: Restarted all builds on a buildable, saw the page reload correctly.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D10320
2014-08-21 21:34:57 +10:00
epriestley
b7ad48aa50 Minor, also update PHPMailerLite to use quoted-printable
Summary: See T5927.

Auditors: btrahan
2014-08-20 17:18:49 -07:00
Bob Trahan
d1c3915e3a SSH Keys - allow viewer to download the private key
Summary: ...cuz otherwise this is pretty pointless. Fixes T5931.

Test Plan: generated a key, downloaded the key. previously download failed.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5931

Differential Revision: https://secure.phabricator.com/D10311
2014-08-20 16:22:06 -07:00
epriestley
66fa59d04d Fix an issue where migrating files could prematurely destroy duplicates
Summary:
Fixes T5912. When migrating files, we try to clean up the old data. However, this code isn't aware of reference counting, and unconditionally destroys the old data.

For example, if you migrate files `F1` and `F2` and they have the same data, we'll delete the shared data when we migrate `F1`. Then you'll get an error when you migrate `F2`.

Since this only affects duplicate files, it primarily hits default profile pictures, which are the most numerous duplicate files on most installs.

Test Plan:
  - Verified that the theory was correct by uploading two copies of a file and migrating the first one, before applying the patch. The second one's data was nuked and it couldn't be migrated.
  - Applied patch.
  - Uploaded two copies of a new file, migrated the first one (no data deletion), migrated the second one (data correctly deleted).
  - Uploaded two copies of another new file, `bin/remove destory'd` the first one (no data deletion), then did it to the second one (data correctly deleted).

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5912

Differential Revision: https://secure.phabricator.com/D10312
2014-08-20 15:32:32 -07:00
epriestley
e5acdd85e6 When destroying an object, destroy its Herald transcripts too
Summary: Ref T5915. Make `bin/remove destroy` a bit more thorough, since Herald transcripts can have field information in them.

Test Plan: Used `bin/remove destroy` to nuke revisions, saw their transcripts vanish too.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5915

Differential Revision: https://secure.phabricator.com/D10306
2014-08-20 15:04:34 -07:00
epriestley
5ac36e8f77 Allow Herald "diff" rules to reject content before it is written
Summary: Fixes T5915. Occasionally, users derp up and diff private key material. Adding a pre-write Herald phase enables configuration of a partial layer of protection that will reject these changes before they hit disk, provided they can be detected by, e.g., filename.

Test Plan:
  - Added a rule with checks on every field, verified they looked fine in the transcript.
  - Created some revisions to test those changes (I have a bunch of revision rules locally).
  - Verified rejects don't write transcripts to the database.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5915

Differential Revision: https://secure.phabricator.com/D10305
2014-08-20 14:26:29 -07:00
epriestley
15385e1fe9 Don't SIGINT ourselves on bad daemon data
Summary:
If daemon data is mangled, `bin/phd restart` will SIGINT process `0`, which kills it.

uh oh T.T so sad

Test Plan: Used `bin/phd start` to start daemons; removed PID information from one; saw `bin/phd stop` shut down cleanly and not kill itself.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: mholden, epriestley

Differential Revision: https://secure.phabricator.com/D10308
2014-08-20 13:18:17 -07:00
Bob Trahan
8dd4d5cfe5 Files - make file info page public
Summary: and for bonus, finesse some URIs a tad. Fixes T5922.

Test Plan: viewed F1 logged out and it worked! viewed the ugly URI for F1 and got redirected to the pretty URI.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5922

Differential Revision: https://secure.phabricator.com/D10309
2014-08-20 13:18:21 -07:00
Bob Trahan
20d6c7a048 Login to Comment - kill intermediary dialogue
Summary: its not necessary. Fixes T5906

Test Plan: clicked "Login to Comment" and went straight to the login form, sans intermediary dialogue

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5906

Differential Revision: https://secure.phabricator.com/D10295
2014-08-20 13:17:14 -07:00
epriestley
a46d1f1cd8 Flag meme redirect as external
Summary: Fixes T5918.

Test Plan: Verified memes work again.

Reviewers: hach-que, btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T5918

Differential Revision: https://secure.phabricator.com/D10307
2014-08-20 06:59:08 -07:00
epriestley
5449200972 Send SMTP mail using quoted-printable encoding in all cases
Summary: See D10278. This works around a bug (?) in SendGrid, see http://stackoverflow.com/questions/6276181/extra-newlines-in-plain-text-emails-sent-via-sendgrid

Test Plan: @nickz confirmed this resolved his issue. See also D10278.

Reviewers: nickz, btrahan, chad

Reviewed By: chad

Subscribers: nickz, epriestley

Differential Revision: https://secure.phabricator.com/D10303
2014-08-19 17:36:38 -07:00
epriestley
94cdddc211 Cover redirects to files in more cases
Summary: Ref T5894. We have a couple more similar cases. Make them all do a decision-based redirect for now.

Test Plan: Did "View Raw File" and such, and also made sure thumbnails still work.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T5894

Differential Revision: https://secure.phabricator.com/D10301
2014-08-19 15:53:15 -07:00
epriestley
e8ece70ee0 Support bin/remove destroy Fnnn for files
Summary: Straightforward (this is the one object type we do let you delete from the web UI) implemetation of `PhabricatorDestructibleInterface`.

Test Plan: Used `bin/remove destroy` to destory several files. Used `--trace` to verify they wiped file data.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D10300
2014-08-19 15:44:27 -07:00
James Rhodes
df7fb09845 Remove localhost Drydock allocator
Summary: This has never been enabled by default, and isn't safe.  Remove it since people can use preallocated or EC2 hosts.

Test Plan: Removed it; didn't see it appear on the "Create Blueprint" page.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D10287
2014-08-20 08:29:32 +10:00
Chad Little
0057cf17e9 Clean up image file diffs UI
Summary: Uses AphrontTable now, cleans up interactions. Fixes T5874, Fixes T4910

Test Plan:
tested a large image

{F192585}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4910, T5874

Differential Revision: https://secure.phabricator.com/D10296
2014-08-19 14:46:37 -07:00
epriestley
e8c51cd934 Fix external redirect flagging issue with image thumbnails
Summary: Fixes T5894. This needs some improvement when we lay in real CDN stuff, but should get all the cases right for now.

Test Plan: Thumbnails work properly again.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T5894

Differential Revision: https://secure.phabricator.com/D10299
2014-08-19 14:21:32 -07:00
Bob Trahan
ed98a1cc84 Paste - fix caching mechanism for S3-stored files
Summary: Fixes T5798. We basically weren't using the caching mechanism. Also adds service calls for S3 stuff, and support for seeing a little info like you can for conduit.

Test Plan: uploaded a paste, looked at paste list - no s3 service calls. edited the paste, looked at paste list - no s3 service calls and edited content properly shown

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5798

Differential Revision: https://secure.phabricator.com/D10294
2014-08-19 12:01:17 -07:00
Bob Trahan
59b626d2c1 Audit - allow queries for "partial" and "accepted" audits
Summary: Fixes T5871. These queries get to use the actual column on the commit table since they are about the "aggregate" state of different audits.

Test Plan: issues queries and got sensible results.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5871

Differential Revision: https://secure.phabricator.com/D10271
2014-08-19 10:43:52 -07:00
epriestley
df361470c1 Be more strict about "Location:" redirects
Summary:
Via HackerOne. Chrome (at least) interprets backslashes like forward slashes, so a redirect to "/\evil.com" is the same as a redirect to "//evil.com".

  - Reject local URIs with backslashes (we never generate these).
  - Fully-qualify all "Location:" redirects.
  - Require external redirects to be marked explicitly.

Test Plan:
  - Expanded existing test coverage.
  - Verified that neither Diffusion nor Phriction can generate URIs with backslashes (they are escaped in Diffusion, and removed by slugging in Phriction).
  - Logged in with Facebook (OAuth2 submits a form to the external site, and isn't affected) and Twitter (OAuth1 redirects, and is affected).
  - Went through some local redirects (login, save-an-object).
  - Verified file still work.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D10291
2014-08-18 14:11:06 -07:00
epriestley
1652e07b4d Provide a purchase detail view in Phortune
Summary: Ref T2787. This provides a purchase detail screen (which has nothing useful on it yet) and converts a bunch of PHIDs into slightly more useful links.

Test Plan: Browsed around my account.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T2787

Differential Revision: https://secure.phabricator.com/D10284
2014-08-18 13:15:21 -07:00
epriestley
211a93529b Implement DestructibleInterface for dashboards and panels
Summary: Fixes T5471.

Test Plan: Used `bin/remove destroy` to destroy a dashboard and a panel.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5471

Differential Revision: https://secure.phabricator.com/D10283
2014-08-18 13:15:13 -07:00
epriestley
fce43179e7 Move notifications to ApplicationSearch
Summary: Ref T5891. This just modernizes infrastructure.

Test Plan: Viewed "All" and "Unread" notifications.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T5891

Differential Revision: https://secure.phabricator.com/D10281
2014-08-16 11:14:32 -07:00
epriestley
98a847a36c Don't render a grip on tasks returned over AJAX to non-draggable UIs
Summary:
Fixes T5140. When you ajax-edit a task and we send back a full-size card, we currently always put a drag grip on it.

If you clicked the "edit" thing from a priority-ordered list, this is appropriate. However, if you clicked it from some other type of list, it is not.

Pass the expected grippableness through the call.

Test Plan:
  - Edited a task from a reorderable (priority-ordered) view, got grip.
  - Edited a task from a nonreorderable (author-ordered) view, got no grip.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T5140

Differential Revision: https://secure.phabricator.com/D10282
2014-08-16 11:12:43 -07:00
James Rhodes
26f283fe21 Implement passphrase.query for querying credentials
Summary: Resolves T5868.  This implements `passphrase.query` and a mechanism for allowing Conduit access to credentials.

Test Plan: Tested locally.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: talshiri, epriestley, Korvin

Maniphest Tasks: T5868

Differential Revision: https://secure.phabricator.com/D10262
2014-08-16 22:41:03 +10:00
epriestley
300910f462 Allow columns to have a point limit
Summary:
Fixes T5885. This implements optional soft point limits for workboard columns, per traditional Kanban.

  - Allow columns to have a point limit set.
  - When a column has a point limit, show it in the header.
  - If a column has too many points in it, show the column and point count in red.

@chad, this could probably use some design tweaks. In particular:

  - I changed the color of "hidden" columns to avoid confusion with "overfull" columns. We might be able to find a better color.
  - UI hints for overfull columns might need adjustment.

(After T4427, we'll let you sum some custom field instead of total number of tasks, which is why this is called "points" rather than "number of tasks".)

Test Plan:
{F190914}

Note that:

  - "Pre-planning" has a limit, so it shows "4/12".
  - "Planning" has a limit and is overfull, so it shows "5 / 4".
  - Other columns do not have limits.
  - "Post-planning" is a hidden column. This might be too muted now.

Transactions:

{F190915}

Error messages / edit screen:

{F190916}

Reviewers: btrahan, chad

Reviewed By: btrahan

Subscribers: chad, epriestley

Maniphest Tasks: T5885

Differential Revision: https://secure.phabricator.com/D10276
2014-08-15 11:16:08 -07:00
epriestley
eaacb4a511 Replace ActionHeader minicons with Font icons
Summary:
Ref T5885. See D10276.

Currently, ActionHeaders can only have minicons, and we don't use them anywhere and they probably don't make much sense in the product anymore.

Instead, allow them to have font icons. Remove minicons, which have no callsites and probably won't in the future.

Test Plan:
{F190925}

  - Grepped for `minicons`.
  - Grepped for `setHeaderIcon()`.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T5885

Differential Revision: https://secure.phabricator.com/D10277
2014-08-15 11:08:28 -07:00
epriestley
f9de495d0b Use file.download to retrieve macro images in the IRC macro bot
Summary: Fixes T5884. Macro images are no longer public on most installs. We could generate tokens for them, but this (using Conduit to pull the file data) is easier and more correct.

Test Plan: Logged a bot into IRC and had it spam part of a macro before being killed for flooding.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5884

Differential Revision: https://secure.phabricator.com/D10274
2014-08-15 11:08:11 -07:00
epriestley
607e99490b Migrate "cancdn" to "canCDN" in the database
Summary: Ref T5884. We migrated with "canCDN" and then had live writes with "cancdn". Move everything to "canCDN" for consistency.

Test Plan: Ran migration, verified DB only has "canCDN" afterward.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5884

Differential Revision: https://secure.phabricator.com/D10273
2014-08-15 11:07:40 -07:00
epriestley
8403812e15 Make HTML email a little easier to debug
Summary:
Ref T992.

  - Format text/HTML bodies explicitly in `bin/mail show-outbound`.
  - Provide `bin/mail show-outbound --dump-html` so you can do something like `bin/mail show-outbound --dump-html > dump.html; open dump.html` to get a browser preview somewhat easily.

Test Plan: Ran `bin/mail show-outbound` with and without `--dump-html` flag.

Reviewers: talshiri, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T992

Differential Revision: https://secure.phabricator.com/D10272
2014-08-15 11:07:33 -07:00
Manuel Klimek
eb3ed9bbc9 Add an option to put comment context into emails.
Summary:
When enabled, this will show the full history of review comments in an
email-compatible threading-view.

Test Plan: Sending emails with the option on and off.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D10146
2014-08-15 10:14:09 -07:00
epriestley
baa0a71e55 Show task counts in column headers on Workboards
Summary: Ref T4427. This always counts 1 task = 1 point. The tricky bit is making this update in JS.

Test Plan: {F190900}

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T4427

Differential Revision: https://secure.phabricator.com/D10275
2014-08-15 09:28:08 -07:00
Tal Shiri
4c57e6d34d HTML emails
Summary:
Added support for side-by-side HTML and plaintext email building.

We can control if the HTML stuff is sent by by a new config, metamta.html-emails

Test Plan:
Been running this in our deployment for a few months now.

====Well behaved clients====
 - Gmail
 - Mail.app

====Bad clients====

- [[ http://airmailapp.com/ | Airmail ]]. They confuse Gmail too, though.

====Need testing====
 - Outlook (Windows + Mac)

Reviewers: chad, #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: webframp, taoqiping, chad, epriestley, Korvin

Maniphest Tasks: T992

Differential Revision: https://secure.phabricator.com/D9375
2014-08-15 08:12:21 -07:00
Chad Little
dc69c4e58c Touch up notification/messages panels
Summary: Fixes T5575. Moves "All" links into title/header. Mark all read floats left, and connection status sits in footer. Also added hints to enable notifications (it's a cool feature).

Test Plan:
Tested locally both menus.

{F190630}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5575

Differential Revision: https://secure.phabricator.com/D10269
2014-08-14 17:19:01 -07:00
Bob Trahan
ff51a1a451 Remarkup - add a regex to blacklist what objects get link
Summary: Fixes T5453.

Test Plan: made a remarkup comment that "Q1 is dumb and Q10 is awesome" and only Q10 was linked. changed the new setting to have the value " " and the Q1 also started linking.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5453

Differential Revision: https://secure.phabricator.com/D10270
2014-08-14 15:20:45 -07:00
Bob Trahan
f8af89a99e DiffusionCommitQuery - move phid to id mapping
Summary: Ref T5862. makes the exception work better

Test Plan: issued some queries from audit ui with and without repos - they worked

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5862

Differential Revision: https://secure.phabricator.com/D10268
2014-08-14 13:04:38 -07:00
Bob Trahan
644e950ea3 Audit - add ability to query by repositories
Summary: Fixes T5862. The Diffusion table uses `id` but all the other infrastructure uses `phid` so just do a quick load of the repositories to get the ids. Long term, we should re-key the table by phid I think.

Test Plan: made a query with a repository and got a proper result set

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5862

Differential Revision: https://secure.phabricator.com/D10245
2014-08-14 12:40:47 -07:00
Bob Trahan
ea3aeb4962 Add "View Email" action to application transactions
Summary: Should help with debugging. In the web UI there is now a link to "View Email". This uses the same debugging output that `./bin/mail show-outbound` uses. Fixes T5768. Code is very defensive as I think these tables may be truncated eventually?

Test Plan: viewed some emails and it worked!

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5768

Differential Revision: https://secure.phabricator.com/D10244
2014-08-14 12:28:28 -07:00
Bob Trahan
0b7bae29c8 Projects - tokenize projects more aggressively with respect to '-'
Summary:
Fixes T5727. Updates the regexes to split on '-'. Also changes the editor such that tokens are updated by the larger search process. (Note this means we update this data more often then we need to - for every project transaction.)

Users will need to make an edit to a project -or- run `bin/search index "#project-tag"` to make this actually work.

Test Plan: Made "Frontend-Engineering", "Engineering", and "Backend-Enginering". They all showed up in the typeahead!

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5727

Differential Revision: https://secure.phabricator.com/D10247
2014-08-14 12:28:11 -07:00
epriestley
cebbca9e08 Add a "USERS" section to audit emails listing commit authors and committers
Summary: Fixes T5872. This won't show up in the initial email until T4896 is further along.

Test Plan:
```
RECIPIENTS
  discoball (Disco Ball)

BODY
epriestley added a comment.

ffkn

USERS
  epriestley (Author)

COMMIT
  http://local.aphront.com:8080/rPOEMS165b6c54f487
```

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5872

Differential Revision: https://secure.phabricator.com/D10266
2014-08-14 12:14:02 -07:00
epriestley
ae1a821b65 Fix cancdn vs canCDN flag
Summary:
Ref T5884. We migrated to add a `canCDN` flag, but the code looks for a `cancdn` flag.

If this fixes the issue, I'll migrate `cancdn` to `canCDN` in the next diff.

Test Plan: Viewed some files, including old files, and saw the cacheability I expected.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5884

Differential Revision: https://secure.phabricator.com/D10264
2014-08-14 12:13:26 -07:00
epriestley
5d62f56c8f Provide a setup warning about ft_min_word_len
Summary: Fixes T4130. Adds a setup warning when ft_min_word_len is set to the default value.

Test Plan: Hit setup warning; resovled setup warning. Searched for "DOS".

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4130

Differential Revision: https://secure.phabricator.com/D10259
2014-08-13 15:37:45 -07:00
epriestley
ef0460c1ff Surface a better warning when the LDAP extension is not installed
Summary:
Fixes T3347. We can't really do this one as a config thing since we don't know if the user wants to use LDAP.

Instead, just give them a better message than they otherwise get when they try to install/configure/use LDAP.

Test Plan: Faked it and got a reasonable message.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3347

Differential Revision: https://secure.phabricator.com/D10260
2014-08-13 15:37:30 -07:00
epriestley
e616f166ae Provide a setup warning about using the default MySQL stopword file
Summary:
Fixes T2605.

  - Add a setup warning about the stopword file.
  - Provide a simpler stopword file.

Test Plan:
  - Hit setup warning.
  - Resolved it according to instructions.
  - Added "various" to a task, then searched for it, found the task.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T2605

Differential Revision: https://secure.phabricator.com/D10258
2014-08-13 15:34:09 -07:00