1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-20 04:20:55 +01:00
Commit graph

86 commits

Author SHA1 Message Date
epriestley
09c8af4de0 Upgrade phabricator to libphutil v2
Summary: Mechanical changes from D2588. No "Class.php" moves yet.

Test Plan: See D2588.

Reviewers: vrana, btrahan, jungejason

Reviewed By: vrana

CC: aran

Maniphest Tasks: T1103

Differential Revision: https://secure.phabricator.com/D2591
2012-05-30 14:26:29 -07:00
epriestley
b2890eeb0e Add "final" to all Phabricator "Controller" classes
Summary:
These are all unambiguously unextensible. Issues I hit:

  - Maniphest Change/Diff controllers, just consolidated them.
  - Some search controllers incorrectly extend from "Search" but should extend from "SearchBase". This has no runtime effects.
  - D1836 introduced a closure, which we don't handle correctly (somewhat on purpose; we target PHP 5.2). See T962.

Test Plan: Ran "testEverythingImplemented" unit test to identify classes extending from `final` classes. Resolved issues.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T795

Differential Revision: https://secure.phabricator.com/D1843
2012-03-09 15:46:25 -08:00
epriestley
b571f0b229 Forbid mailing list names contianing spaces or commas
Summary:
They end up in "CCs:" fields where they can't be parsed.

Not bothering to migrate since I think only Dropbox has hit this.

Also improved another error condition's handling.

Test Plan: Tried to save a mailing list with spaces and commas in the name.

Reviewers: btrahan, Makinde

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T947

Differential Revision: https://secure.phabricator.com/D1813
2012-03-07 13:18:00 -08:00
Nick Harper
6ddb98f804 Add retry count to meta mta view
Summary:
Show the retry count in the meta mta view (in addition to the list of
messages) - I find this info useful when I'm trying to debug what's going on
with mail failures.

Task ID: #

Blame Rev:

Test Plan:
loaded /mail/view/NNNNN/ and saw the retry count

Revert Plan:

Tags:

Reviewers: epriestley, btrahan, jungejason

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1782
2012-03-05 11:36:55 -08:00
Nick Harper
8f27f4272c Provide a way to view MetaMTA messages by status
Summary:
Added a query option of status for the MetaMTA list controller. There currently
isn't a ui for accessing this.

Task ID: #

Blame Rev:

Test Plan:
loaded /mail/, /mail/?status=queued, /mail?phid=PHID...&status=...
each request returned a sane list of data

Revert Plan:

Tags:

Reviewers: epriestley, btrahan, jungejason

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1784
2012-03-05 11:36:38 -08:00
blair
913c931cb0 [mailing list] add paging
Summary:
The mailing list page in MetaMTA only showed the first 100
sorted by ID, so it made it seem like lists were missing. Changed it to
do paging and short by name, so it has some user-understandable order.

Test Plan:
 - Go to /mail/lists/
 - Step through pager, confirm ordering.

Reviewers: nh, epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1670
2012-02-22 12:47:13 -08:00
epriestley
bfea830d09 Add email preferences to receive fewer less-important notifications
Summary:
A few similar requests have come in across several tools and use cases that I
think this does a reasonable job of resolving.

We currently send one email for each update an object receives, but these aren't
always appreciated:

  - Asana does post-commit review via Differential, so the "committed" mails are
useless.
  - Quora wants to make project category edits to bugs without spamming people
attached to them.
  - Some users in general are very sensitive to email volumes, and this gives us
a good way to reduce the volumes without incurring the complexity of
delayed-send-batching.

The technical mechanism is basically:

  - Mail may optionally have "mail tags", which indicate content in the mail
(e.g., "maniphest-priority, maniphest-cc, maniphest-comment" for a mail which
contains a priority change, a CC change, and a comment).
  - If a mail has tags, remove any recipients who have opted out of all the
tags.
  - Some tags can't be opted out of via the UI, so this ensures that important
email is still delivered (e.g., cc + assign + comment is always delivered
because you can't opt out of "assign" or "comment").

Test Plan:
  - Disabled all mail tags in the web UI.
  - Used test console to send myself mail with an opt-outable tag, it was
immediately dropped.
  - Used test console to send myself mail with an opt-outable tag and a custom
tag, it was delivered.
  - Made Differential updates affecting CCs with and without comments, got
appropriate delivery.
  - Made Maniphest updates affecting project, priority and CCs with and without
comments, got appropriate delivery.
  - Verified mail headers in all cases.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley, moskov

Maniphest Tasks: T616, T855

Differential Revision: https://secure.phabricator.com/D1635
2012-02-17 22:57:07 -08:00
epriestley
47631530a5 Remove admin requirement from MetaMTASendGridReceiveController
Summary:
This got caught in the crossfire when we admin-only'd the whole MetaMTA tool. It
should not be admin only.

(Generally, we should probably separate this out better at some point.)

Test Plan: Hit /mail/sendgrid/ as a logged-out, non-admin user (like SendGrid
does).

Reviewers: s, btrahan

Reviewed By: s

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1588
2012-02-06 19:31:20 -08:00
epriestley
cedb0c045a Lock down accepted next URI values for redirect after login
Summary:
I locked this down a little bit recently, but make
double-extra-super-sure that we aren't sending the user anywhere suspicious or
open-redirecty. This also locks down protocol-relative URIs (//evil.com/path)
although I don't think any browsers do bad stuff with them in this context, and
header injection URIs (although I don't think any of the modern PHP runtimes are
vulnerable).

Test Plan:
  - Ran tests.
  - Hit redirect page with valid and invalid next URIs; was punted to / for
invalid ones and to the right place for valid ones.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: arice, aran, epriestley, btrahan

Differential Revision: https://secure.phabricator.com/D1369
2012-01-13 11:58:45 -08:00
epriestley
65a56c6ce0 Improve mailing list edit form
Summary:
  - Add some captions to make it more clear what these fields mean.
  - Require "name", since tokenizers use it exclusively.
  - Limit URI to allowed protocols, since admins can currently XSS users by
entering a "javascript:" URI and then tricking the user into clicking the
mailing list name. This exploit is dumb, but technically privilege escallation.

Test Plan:
  - Created a new mailing list.
  - Edited a mailing list.
  - Tested URI: valid, invalid, omitted.
  - Tested name: valid, omitted.

Reviewers: btrahan, jungejason, davidreuss

Reviewed By: btrahan

CC: aran, btrahan

Differential Revision: https://secure.phabricator.com/D1365
2012-01-11 15:48:21 -08:00
Evan Priestley
71e1911dfc Lock down MetaMTA functionality to administrators
Summary:
We have a debug interface for sending various sorts of email, but normal users
don't really need to use it. In particular, they can:

  - Send arbitrary email to other users;
  - Discover other users' email addresses fairly easily (CC everyone);
  - Send arbitrary email to arbitrary addresses in conjunction with "Mailing
Lists"

In fact, normal users don't need to get to the MetaMTA web interface at all and
it has some somewhat-sensitive things beacuse it has a lot of detailed
information about mail. For instance, users can look at mail records to discover
things like password reset links and per-user object email addresses.

We should smooth out the UI here but I think I can do something about T21 fairly
soon and cover it then.

Test Plan:
Went to /mail/ with a non-admin, got 404'd. Went to /mail/ with an
admin, everything works, got a red admin header.

Reviewers: jungejason, btrahan

Reviewed By: btrahan

CC: aran, btrahan, jungejason

Maniphest Tasks: T718

Differential Revision: https://secure.phabricator.com/D1292
2011-12-30 14:37:13 -08:00
Marek Sapota
b71a55900a Allow tweaking of Differential mail by using events
Summary: Allow tweaking Differential mail before sending.

Test Plan:
Wrote a listener renaming Differential attachments and it worked without
problems.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley, mareksapota, davidreuss

Differential Revision: 1091
2011-11-09 10:13:53 -08:00
epriestley
802dcd4cfb Add attchment support to SendGridAdapter
Summary:
  - Add attachment support for SendGrid.
  - Add attachment support to the MetaMTA test console.

Test Plan:
  - Sent myself a file with Amazon SES via test console.
  - Sent myself a file with SendGrid via test console.

Reviewers: mareksapota, jungejason, nh, tuomaspelkonen, aran

Reviewed By: jungejason

CC: aran, jungejason

Differential Revision: 1089
2011-11-08 14:28:10 -08:00
epriestley
4156cf6bd9 Add an optional configuration option to set 'Precedence: bulk' headers on
transactional mail

Summary: See T571. SES refuses to deliver mail with this header and there are
various reports of other issues on the internet so I'm defaulting it to off.

Test Plan: Set config to true, tried to send mail, SES rejected it because of
"Precedence: bulk" header.

Reviewers: bmaurer, ola, jungejason, nh, aran

Reviewed By: aran

CC: aran, epriestley, bmaurer

Differential Revision: 1032
2011-10-23 14:25:13 -07:00
epriestley
6dc193d3d9 Fully update library map. 2011-08-18 09:52:36 -07:00
epriestley
a67ce60d67 Unguard two external POST endpoints from CSRF. 2011-08-18 07:25:45 -07:00
Ricky Elrod
420235f9c4 Drag-drop file upload.
Summary:
- have files be uploaded by drag+drop instead of browse.
- Files are named by their uploaded filename, the user isn't given a chance to enter a file name. Is this bad?
- Store author PHID now with files
- Allow an ?author=<username> to limit the /files/ list by author.
- If one file is uploaded, the user is taken to its info page.
- If several are uploaded, they are taken to a list of their files.

Test Plan:
- Quickly tested everything and it still worked, I'd recommend some people try this out before it gets committed though. It's a rather huge revision.

Reviewers:
epriestley, Ttech

CC:

Differential Revision: 612
2011-07-08 15:20:57 -04:00
epriestley
74d57b0a42 Use phabricator_ time functions in more places
Summary:
Replace some more date() calls with locale-aware calls.

Also, at least on my system, the DateTimeZone / DateTime stuff didn't actually
work and always rendered in UTC. Fixed that.

Test Plan:
Viewed daemon console, differential revisions, files, and maniphest timestamps
in multiple timezones.

Reviewed By: toulouse
Reviewers: toulouse, fratrik, jungejason, aran, tuomaspelkonen
CC: aran, toulouse
Differential Revision: 530
2011-06-26 10:38:25 -07:00
Andrew Toulouse
9b522982fa Add timezone support
Summary:
Allows user-configurable timezones. Adds a preference panel, and migrates to the
new date rendering in easily-modified areas of the code. ***In progress***.

Test Plan:
Check database to make sure the field is being changed when the settings are
changed; check affected views to see how they render times.

Reviewed By: epriestley
Reviewers: epriestley
CC: aran, epriestley, toulouse
Differential Revision: 475
2011-06-18 13:07:43 -07:00
epriestley
d710fc097f Improve messaging and setup process for configuring outbound email.
Summary:
- Make the instructional text generally more useful.
  - Show the current configured adapter.
  - When the configuration prevents outbound email from being delivered, show a
warning.
  - Detect 'curl' extension during setup since it's more-or-less required
  - Add curl extension to the install scripts

codeblock: can you verify the rhel-derivs changes are correct?

Test Plan:
Set adapter to test, verified warning; entered setup mode and verified curl. Ran
apt-get on an ubuntu box. Ran yum on an amazon linux box.

Reviewed By: toulouse
Reviewers: toulouse, codeblock
Commenters: codeblock
CC: aran, jungejason, tuomaspelkonen, codeblock, epriestley, toulouse
Differential Revision: 438
2011-06-12 22:40:18 -07:00
epriestley
8ae765f6d7 Enable SendGrid Parse API as an inbound email handler
Summary:
Sendmail is seriously difficult to configure; SendGrid is extremely easy. It's
also pretty expensive ($80/mo) but there are a bunch of startups that already
have plans so it's effectively free for them.

Test Plan:
Configured SendGrid and sent reply email through it.

Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: aran, epriestley
Differential Revision: 376
2011-05-30 12:28:33 -07:00
epriestley
a69f217f98 Make reply-to fully work in Maniphest and Differential for open source
Phabricator

Summary:
Hook up the last pieces. This shouldn't impact the Facebook install, EXCEPT that
I removed "!accept" and added "!rethink" (plan changes). If you want to continue
supporting !accept, you should override the method in your subclass if you don't
already.

Test Plan:
Used the Mail Receiver test console to send mail to tasks and revisions.

Reviewed By: aran
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran
Differential Revision: 289
2011-05-16 15:34:11 -07:00
jungejason
4a76174118 Adding paging to transcript pages
Summary:
enable paging by adding a AphrontPagerView to the two
transcript page.

Test Plan:
test the paging on both pages. Also test it with a certain
phid is given.

Reviewed By: epriestley
Reviewers: epriestley, tuomaspelkonen
CC: epriestley, jungejason
Differential Revision: 116
2011-05-08 15:59:39 -07:00
epriestley
25dee6ecd2 Support email replies in Phabricator
Summary:
Provides support for per-user x per-object unique reply-to email addresses, plus
SMTP integration.

This does not actually make Phabricator use these in outbound email.

Test Plan:
Used test console to validate in-Phabricator routing and handling.

Piped emails into the "mail_handler.php" script to validate mail parsing.

Configured sendmail and sent mail to Phabricator.

Technically I haven't conducted all parts of this test on the same machine since
I lost the will to configure more SMTP servers after configuring phabricator.com

Reviewed By: jungejason
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran, epriestley, jungejason
Differential Revision: 226
2011-05-05 14:58:57 -07:00
epriestley
6bec3d2e4f Simplify and demuddle MetaMTA send pathways
Summary:
I pretty shortsightedly made sending a side effect of save() in the case that a
server is configured for immediate sending. Move this out, make it explicit, and
get rid of all the tangles surrounding it.

The web tool now ignores the server setting and only repsects the checkbox,
which makes far more sense.

Test Plan:
Sent mails from Maniphest, Differential, and the web console. Also ran all the
unit tests. Verified headers from Maniphest.

Reviewed By: rm
Reviewers: aran, rm
CC: tuomaspelkonen, rm, jungejason, aran
Differential Revision: 200
2011-05-02 03:07:30 -07:00
jungejason
cca849c762 Fix 'Transcript' links in Differential
Summary:
add filtering for MetaMTA transcripts, add Herald
transcripts, also fixed PhabricatorObjectHandleData to support commits.
Note that paging in the transcripts pages will be in a different diff.

Test Plan:
test the transcripts for both MetaMTA and Herald.

Reviewed By: epriestley
Reviewers: epriestley, tuomaspelkonen
CC: jungejason, epriestley
Differential Revision: 114
2011-04-08 01:10:05 -07:00
epriestley
361ec78b03 Add missing includes from XHPAST parse bug. 2011-04-06 23:14:58 -07:00
epriestley
cc66c4890d Commit + Herald integration. 2011-04-04 14:13:14 -07:00
epriestley
193dbf16b4 Very basic daemon infrastructure, plus MetaMTA daemon.
Summary: Amazon SES seems to be working well, except that it takes more than a
second to send mail in-process. Kick it out of process. (Between this and the
ImplementationAdapter layer, MetaMTA almost makes sense. :/)

Test Plan: Ran the daemon and got a flood of unsent test email.

Reviewers:

CC:
2011-02-09 17:39:55 -08:00
epriestley
29f7219a49 CSRF / Logout 2011-01-30 18:52:29 -08:00
epriestley
d37692ac06 Set 'From' correctly in MetaMTA. 2011-01-26 16:02:12 -08:00
epriestley
ccf7df6093 Authentication 2011-01-26 15:34:20 -08:00
epriestley
336a8b3212 Mailing lists 2011-01-26 11:30:23 -08:00
epriestley
2112673f06 PHPMailerLite 2011-01-26 09:57:33 -08:00
epriestley
a6274d9270 MetaMetaView 2011-01-26 09:20:09 -08:00
epriestley
bc57b12ef0 MetaMTA 2011-01-26 08:00:52 -08:00