1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-28 01:32:42 +01:00
Commit graph

592 commits

Author SHA1 Message Date
Chad Little
05377bea19 Add an avatar builtin file generator
Summary: Ref T10319. This builds out a reasonably decent avatar generator. 256 colors x 74 images x 2 borders, 38k options. Not completely sure though how names disburse though, so likely half that number. I can add lowercase lettering to double the footprint if needed though.

Test Plan:
UIExamples. Color generator here: http://tools.medialab.sciences-po.fr/iwanthue/

{F3416622}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T10319

Differential Revision: https://secure.phabricator.com/D17418
2017-02-27 11:09:30 -08:00
epriestley
99bcf5f112 Make bin/lipsum generate hanldle generator keys and arguments more clearly
Summary:
Ref T12319. Currently, `bin/lipsum` uses substring matches against human-readable text to chose which objects to generate.

Instead:

  - Use separate selector keys which are guaranteed to be unique.
  - When a match is exact, select only that generator.
  - When a match is ambiguous, fail and warn the user.

Test Plan: Generated several types of objects, tried to generate ambiguous objects like "e".

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T12319

Differential Revision: https://secure.phabricator.com/D17420
2017-02-27 09:09:28 -08:00
epriestley
1b2c047ce0 Correct spelling of "phabrictor" in Lipsum and elsewhere
Summary: Ref T12319. The product name is misspelled in some methods, and a few places in the documentation.

Test Plan: `grep`

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T12319

Differential Revision: https://secure.phabricator.com/D17419
2017-02-27 09:09:13 -08:00
Chad Little
bf44210dc8 Reduce application search engine results list for Dashboards
Summary: Ref T10390. Simplifies dropdown by rolling out canUseInPanel in useless panels

Test Plan: Add a query panel, see less options.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T10390

Differential Revision: https://secure.phabricator.com/D17341
2017-02-22 12:42:43 -08:00
Chad Little
f9163bf065 Allow lightbox comments to be viewed logged out
Summary: Fixes T12160. Lightbox thread view should be visible if file is public.

Test Plan:
Add a file to a task, log out, click on file in task, get lightbox and no error. Expand comments, see login box.

{F2867067}

{F2867088}

{F2867098}

{F2867114}

{F2867124}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T12160

Differential Revision: https://secure.phabricator.com/D17347
2017-02-13 13:54:13 -08:00
Chad Little
f54dfe7567 Add a basic icon typeahead
Summary: Fixes T11971, adds a basic typeahead for selecting an icon.

Test Plan:
http://local.phacility.com/typeahead/browse/PhabricatorIconDatasource/

{F2561013}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T11971

Differential Revision: https://secure.phabricator.com/D17301
2017-02-03 09:19:29 -08:00
Chad Little
e980b94a2f Add a Picture Menu Item for Profiles
Summary: Just making profiles a little nicer, adds a big picture, easier mechanism for updating photos. Also larger profile pictures... need to re-thumb?

Test Plan:
View my profile, edit my picture, view a stranger, see profile. Check mobile, tablet, desktop. Check action menu on mobile.

{F2559394}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D17295
2017-02-02 08:52:38 -08:00
Chad Little
489587d607 Add download link to embedded files
Summary: Ref T3612. Doesn't render correctly, need help please. Adds a download icon into the renderfilelinkview to allow easier downloads.

Test Plan: Click on link, get download, click on file, get lightbox.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T3612

Differential Revision: https://secure.phabricator.com/D16980
2017-01-03 10:50:26 -08:00
Chad Little
dece7af50b Prettier file embeds
Summary: Spruce up the file embeds a little more, hover state, icons, file size.

Test Plan:
Add a psd and pdf, see new icons. Check differential, still see icons there too. Test mobile, desktop.

{F2042539}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D16950
2016-11-27 14:57:06 -08:00
epriestley
4dadad53ae Prevent media from autoplaying when rendered as a feed story
Summary: Fixes T11845. Users can still embed a text panel on the home page to give it some ambiance.

Test Plan: Wrote an autoplay video as a comment, saw it in feed. Before change: autoplay. After change: no auto play. On task: still autoplay.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11845

Differential Revision: https://secure.phabricator.com/D16920
2016-11-22 14:19:56 -08:00
Chad Little
0aa3f8b86b Allow commenting on non-viewable lightbox files
Summary: Removes the viewable restriction on embedded files. Builds a basic lightbox UI for commenting.

Test Plan:
Add psd, pdf to Maniphest task, clicked on download, comment, left comment. Closed box.

{F1943726}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T3612

Differential Revision: https://secure.phabricator.com/D16917
2016-11-22 11:29:36 -08:00
Chad Little
88a966993b Ajax commenting on lightbox images
Summary: Adds a comment box, you can put text into it, hit enter, and see it come back.

Test Plan: Put text into box, see it come back.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T3612

Differential Revision: https://secure.phabricator.com/D16907
2016-11-21 20:19:37 -08:00
Chad Little
8aeb7aa525 Show file comments on file lightboxes
Summary: Basic work in progress, but should show timeline comments for files when in lightbox mode. Looks reasonable.

Test Plan: click on images, see comments from timeline.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T3612

Differential Revision: https://secure.phabricator.com/D16896
2016-11-18 13:24:03 -08:00
epriestley
7c4c76d32a Fix a Quicksand/Lightbox contention issue
Summary:
Fixes T11785. Lightbox calls `JX.Stratcom.pass()` to let other handlers react, but should not. At least today, we never put, e.g., links inside a lightbox.

This code appears in the original commit so it was probably just copy/pasted from somewhere and I missed it in review.

(Or there's some edge case I'm not thinking of and we'll figure it out soon enough.)

Additionally, blacklist `/file/data/` from Quicksand naviagtion: Quicksand should never fetch these URIs.

Test Plan:
  - Disabled `security.alternate-file-domain`.
  - Enabled Quicksand ("Persistent Chat").
  - Clicked an image thumbnail on a task.
    - Repeated that until things flipped out a bit.
    - After the patch: no issues.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11785

Differential Revision: https://secure.phabricator.com/D16884
2016-11-16 17:10:56 -08:00
epriestley
706c21375e Remove empty implementations of describeAutomaticCapabilities()
Summary:
This has been replaced by `PolicyCodex` after D16830. Also:

  - Rebuild Celerity map to fix grumpy unit test.
  - Fix one issue on the policy exception workflow to accommodate the new code.

Test Plan:
  - `arc unit --everything`
  - Viewed policy explanations.
  - Viewed policy errors.

Reviewers: chad

Reviewed By: chad

Subscribers: hach-que, PHID-OPKG-gm6ozazyms6q6i22gyam

Differential Revision: https://secure.phabricator.com/D16831
2016-11-09 15:24:22 -08:00
epriestley
f9f25c1e4d Allow users to drop .ics files on calendar views to import them
Summary:
Ref T10747. When a user drops a ".ics" file or a bunch of ".ics" files into a calendar view, import the events.

(Possibly we should just do this if you drop ".ics" files into any application, but we can look at that later.)

Test Plan: Dropped some .ics files into calendar views, got imports.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10747

Differential Revision: https://secure.phabricator.com/D16722
2016-10-18 15:26:44 -07:00
epriestley
d5925ffc57 When a file is stored as chunks, show "Format: Chunks" instead of "Format: Raw"
Summary: Fixes T11712. This is somewhat misleading with encryption enabled.

Test Plan: Viewed chunked and unchunked files.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11712

Differential Revision: https://secure.phabricator.com/D16636
2016-09-29 15:47:09 -07:00
Josh Cox
26b29a60c0 Remarkup rule to embed images
Summary:
Ref T4190. Added the remarkup rule to embed images:

Syntax is as follows:

`{image <IMAGE_URL>}`

Parameters are also supported, like:
`{image uri=<IMAGE_URI>, width=500px, height=200px, alt=picture of a moose, href=google.com}`

URLs without a protocol are not supported.

Test Plan: Tested with many of the syntax variations. If the provided URL doesn't point to an image, then a broken image icon will be shown.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley, yelirekim

Maniphest Tasks: T4190

Differential Revision: https://secure.phabricator.com/D16597
2016-09-26 16:55:38 -04:00
Josh Cox
7d576c3f94 Fix a bug in the imageproxy controller
Summary: Somehow this got through last week :( It's a bug that causes the controller to... *ahem*... just not work. Luckily nothing uses this yet so nothing was really affected.

Test Plan: Hit `/file/imageproxy/?uri=http://i.imgur.com/nTvVrYN.jpg` and are served a nice picture of a bird

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, yelirekim

Differential Revision: https://secure.phabricator.com/D16598
2016-09-26 10:44:55 -04:00
Josh Cox
eea540c5e4 Endpoint+controller for a remarkup image proxy
Summary:
Ref T4190. Currently only have the endpoint and controller working. I added caching so subsequent attempts to proxy the same image should result in the same redirect URL. Still need to:

- Write a remarkup rule that uses the endpoint

Test Plan: Hit /file/imageproxy/?uri=http://i.imgur.com/nTvVrYN.jpg and are served the picture

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley, yelirekim

Maniphest Tasks: T4190

Differential Revision: https://secure.phabricator.com/D16581
2016-09-23 10:28:24 -04:00
epriestley
af5769a6be Add a "--copy" flag to "bin/files migrate"
Summary:
Ref T11596. When exporting data from the Phacility cluster, we `bin/files migrate` data from S3 into a database dump on the `aux` tier.

With current semantics, this //moves// the data and destroys it in S3.

Add a `--copy` flag to //copy// the data instead. This leaves the old copy around, which is what we want for exports.

Test Plan:
  - Ran `bin/files migrate` to go from `blob` to `disk` with `--copy`. Verified a copy was left in the database.
  - Copied it back, verified a copy was left on disk (total: 2 database copies, 1 disk copy).
  - Moved it back without copy, verified database was destroyed and disk was created (total: 1 database copy, 2 disk copies).
  - Moved it back without copy, verified local disk was destroyed and blob was created (total: 2 datbabase copies, 1 disk copy).

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11596

Differential Revision: https://secure.phabricator.com/D16497
2016-09-06 13:53:59 -07:00
epriestley
56bd762dd3 Allow file comments to be edited
Summary:
Fixes T10750. Files have some outdated cache/key code which prevents recording an edit history on file comments.

Remove this ancient cruft.

(Users must `bin/storage adjust` after upgrading to this patch to reap the benefits.)

Test Plan:
  - Ran `bin/storage adjust`.
  - Edited a comment in Files.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10750

Differential Revision: https://secure.phabricator.com/D16312
2016-07-18 16:17:43 -07:00
epriestley
8ad61d0150 Simplify "builtin file" management and recover from races
Summary:
Fixes T11307. Fixes T8124. Currently, builtin files are tracked by using a special transform with an invalid source ID.

Just use a dedicated column instead. The transform thing is too clever/weird/hacky and exposes us to issues with the "file" and "transform" tables getting out of sync (possibly the issue in T11307?) and with race conditions.

Test Plan:
  - Loaded profile "edit picture" page, saw builtins.
  - Deleted all builtin files, put 3 second sleep in the storage engine write, loaded profile page in two windows.
    - Before patch: one of them failed with a race.
    - After patch: both of them loaded.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T8124, T11307

Differential Revision: https://secure.phabricator.com/D16271
2016-07-11 09:25:34 -07:00
epriestley
830f3eb8f8 When users choose a default project icon, make a permanent file
Summary:
Fixes T10907. As written, this workflow will incorrectly reuse a temporary file if one exists.

Instead, make a new permanent file.

(Storage is still shared, so this usually will not actually create a copy of the file's data.)

Test Plan:
  - Set a project's icon by clicking first button in "Use Picture" row.
  - Before patch: temporary image was reused.
  - After patch: new permanent file is generated.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10907

Differential Revision: https://secure.phabricator.com/D16270
2016-07-11 09:24:00 -07:00
epriestley
189910d615 Make TabGroups a standalone UI element
Summary:
Ref T10628. Currently, tabs are part of ObjectBoxes. However, the code is a bit of a mess and I want to use them in some other contexts, notably the "prose diff" dialog to show "old raw, new raw, diff".

Pull them out, and update Files to use the new stuff. My plan is:

  - Update all callsites to this stuff.
  - Remove the builtin-in ObjectBox integration to simplify ObjectBox a bit.
  - Move forward with T10628.

This is pretty straightforward. A couple of the sigils are a little weird, but I'll update the JS later. For now, the same JS can drive both old and new tabs.

Test Plan: Viewed files, everything was unchanged.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10628

Differential Revision: https://secure.phabricator.com/D16205
2016-06-30 18:49:37 -07:00
epriestley
01862b8f23 Detect the MIME type of large files by examining the first chunk
Summary:
Fixes T11242. See that task for detailed discussion.

Previously, it didn't particularly matter that we don't MIME detect chunked files since they were all just big blobs of junk (PSDs, zips/tarballs, whatever) that we handled uniformly.

However, videos are large and the MIME type also matters.

  - Detect the overall mime type by detecitng the MIME type of the first chunk. This appears to work properly, at least for video.
  - Skip mime type detection on other chunks, which we were performing and ignoring. This makes uploading chunked files a little faster since we don't need to write stuff to disk.

Test Plan:
Uploaded a 50MB video locally, saw it as chunks with a "video/mp4" mime type, played it in the browser in Phabricator as an embedded HTML 5 video.

{F1706837}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11242

Differential Revision: https://secure.phabricator.com/D16204
2016-06-30 13:57:39 -07:00
epriestley
67084a6953 Support AES256 at-rest encryption in Files
Summary:
Ref T11140. This makes encryption actually work:

  - Provide a new configuation option, `keyring`, for specifying encryption keys.
  - One key may be marked as `default`. This activates AES256 encryption for Files.
  - Add `bin/files generate-key`. This is helps when generating valid encryption keys.
  - Add `bin/files encode`. This changes the storage encoding of a file, and helps test encodings and migrate existing data.
  - Add `bin/files cycle`. This re-encodes the block key with a new master key, if your master key leaks or you're just paraonid.
  - Document all these options and behaviors.

Test Plan:
  - Configured a bad `keyring`, hit a bunch of different errors.
  - Used `bin/files generate-key` to try to generate bad keys, got appropriate errors ("raw doesn't support keys", etc).
  - Used `bin/files generate-key` to generate an AES256 key.
  - Put the new AES256 key into the `keyring`, without `default`.
  - Uploaded a new file, verified it still uploaded as raw data (no `default` key yet).
  - Used `bin/files encode` to change a file to ROT13 and back to raw. Verified old data got deleted and new data got stored properly.
  - Used `bin/files encode --key ...` to explicitly convert a file to AES256 with my non-default key.
  - Forced a re-encode of an AES256 file, verified the old data was deleted and a new key and IV were generated.
  - Used `bin/files cycle` to try to cycle raw/rot13 files, got errors.
  - Used `bin/files cycle` to cycle AES256 files. Verified metadata changed but file data did not. Verified file data was still decryptable with metadata.
  - Ran `bin/files cycle --all`.
  - Ran `encode` and `cycle` on chunked files, saw commands fail properly. These commands operate on the underlying data blocks, not the chunk metadata.
  - Set key to `default`, uploaded a file, saw it stored as AES256.
  - Read documentation.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11140

Differential Revision: https://secure.phabricator.com/D16127
2016-06-16 08:08:56 -07:00
epriestley
39afc0f97c Add an AES256 storage format for at-rest encryption
Summary:
Ref T11140. This doesn't do anything yet since there's no way to enable it and no way to store master keys.

Those are slightly tougher problems and I'm not totally satisfied that I have an approach I really like for either problem, so I may wait for a bit before tackling them. Once they're solved, this does the mechanical encrypt/decrypt stuff, though.

This design is substantially similar to the AWS S3 server-side encryption design, and intended as an analog for it. The decisions AWS has made in design generally seem reasonable to me.

Each block of file data is encrypted with a unique key and a unique IV, and then that key and IV are encrypted with the master key (and a distinct, unique IV). This is better than just encrypting with the master key directly because:

  - You can rotate the master key later and only need to re-encrypt a small amount of key data (about 48 bytes per file chunk), instead of re-encrypting all of the actual file data (up to 4MB per file chunk).
  - Instead of putting the master key on every server, you can put it on some dedicated keyserver which accepts encrypted keys, decrypts them, and returns plaintext keys, and can send it 32-byte keys for decryption instead of 4MB blocks of file data.
  - You have to compromise the master key, the database, AND the file store to get the file data. This is probably not much of a barrier realistically, but it does make attacks very slightly harder.

The "KeyRing" thing may change once I figure out how I want users to store master keys, but it was the simplest approach to get the unit tests working.

Test Plan:
  - Ran unit tests.
  - Dumped raw data, saw encrypted blob.
  - No way to actually use this in the real application yet so it can't be tested too extensively.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11140

Differential Revision: https://secure.phabricator.com/D16124
2016-06-16 08:05:57 -07:00
epriestley
1049feb0ed Add support to Files for file storage formats, to support encryption-at-rest
Summary:
Ref T11140. When reading and writing files, we optionally apply a "storage format" to them.

The default format is "raw", which means we just store the raw data.

This change modularizes formats and adds a "rot13" format, which proves formatting works and is testable. In the future, I'll add real encryption formats.

Test Plan:
  - Added unit tests.
  - Viewed files in web UI.
  - Changed a file's format to rot13, saw the data get rotated on display.
  - Set default format to rot13:
    - Uploaded a small file, verified data was stored as rot13.
    - Uploaded a large file, verified metadata was stored as "raw" (just a type, no actual data) and blob data was stored as rot13.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11140

Differential Revision: https://secure.phabricator.com/D16122
2016-06-15 11:17:53 -07:00
epriestley
f9a58fafba Add "video/quicktime" as a default Video MIME type
Summary: Ref T11142. H264 video in a Quicktime container works in Safari and Firefox for me (although not Chrome), so include it in the default video mime types.

Test Plan: Uploaded video file from T11142 locally, saw it render with `<video />` properly in Safari.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11142

Differential Revision: https://secure.phabricator.com/D16121
2016-06-14 14:44:18 -07:00
epriestley
4d12c58dcf Allow Pholio mocks to be created and edited without drag-and-drop
Summary: Ref T6523. Allows you to click stuff instead of using drag-and-drop.

Test Plan: On iOS simulator, created and updated a mock.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T6523

Differential Revision: https://secure.phabricator.com/D16088
2016-06-09 08:43:38 -07:00
epriestley
411cf13457 Add Videos to Remarkup
Summary: Ref T6916. Added video to remarkup using D7156 as reference.

Test Plan:
  - Viewed video files (MP4, Ogg) in Safari, Chrome, Firefox (some don't work, e.g., OGG in Safari, but nothing we can really do about that).
  - Used `alt`.
  - Used `autoplay`.
  - Used `loop`.
  - Used `media=audio`.
  - Viewed file detail page.

Reviewers: nateguchi2, chad, #blessed_reviewers

Reviewed By: chad, #blessed_reviewers

Subscribers: asherkin, ivo, joshuaspence, Korvin, epriestley

Tags: #remarkup

Maniphest Tasks: T6916

Differential Revision: https://secure.phabricator.com/D11297
2016-06-07 13:20:25 -07:00
epriestley
c1331bcb7b Cache user notification and message counts
Summary:
Ref T4103. Ref T10078. This puts a user cache in front of notification and message counts.

This reduces the number of queries issued on every page by 4 (2x building the menu, 2x building Quicksand data).

Also fixes some minor issues:

  - Daemons could choke on sending mail in the user's translation.
  - No-op object updates could fail in the daemons.
  - Questionable data access pattern in the file query coming out of the profile file cache.

Test Plan:
  - Sent myself notifications. Saw count go up.
  - Cleared them by visiting objects and clearing all notifications. Saw count go down.
  - Sent myself messages. Saw count go up.
  - Cleared them by visiting threads. Saw count go down.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103, T10078

Differential Revision: https://secure.phabricator.com/D16041
2016-06-05 08:52:43 -07:00
epriestley
f2c36a934e Provide an <input type="file"> control in Remarkup for mobile and users with esoteric windowing systems
Summary:
Ref T5187. This definitely feels a bit flimsy and I'm going to hold it until I cut the release since it changes a couple of things about Workflow in general, but it seems to work OK and most of it is fine.

The intent is described in T5187#176236.

In practice, most of that works like I describe, then the `phui-file-upload` behavior gets some weird glue to figure out if the input is part of the form. Not the most elegant system, but I think it'll hold until we come up with many reasons to write a lot more Javascript.

Test Plan:
Used both drag-and-drop and the upload dialog to upload files in Safari, Firefox and Chrome.

{F1653716}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T5187

Differential Revision: https://secure.phabricator.com/D15953
2016-05-20 16:24:22 -07:00
Chad Little
d85386488b Add "wide" remarkup image support for Documents
Summary: Seems to work ok, if you give `size=wide` to an image file, we blow it out a bit in DocumentPro mode.

Test Plan:
Test in Phame and Maniphest.

{F1256717}

{F1256718}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15840
2016-05-03 17:27:30 -07:00
epriestley
ab20f243b3 Improve consistency of file access policies, particularly for LFS
Summary:
Ref T7789. Currently, we use different viewers if you have `security.alternate-file-domain` configured vs if you do not.

This is largely residual from the days of one-time-tokens, and can cause messy configuration-dependent bugs like the one in T7789#172057.

Instead, always use the omnipotent viewer. Knowledge of the secret key alone is sufficient to access a file.

Test Plan:
  - Disabled `security.alternate-file-domain`.
  - Reproduced an issue similar to the one described on T7789.
  - Applied change.
  - Clean LFS interaction.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T7789

Differential Revision: https://secure.phabricator.com/D15784
2016-04-22 08:12:08 -07:00
epriestley
37b93f4262 Don't require POST to download LFS files from main domain
Summary:
Ref T7789. If you don't have `security.alternate-file-domain` configured, we won't serve binary files over GET.

This is a security measure intended to prevent `<applet src="..." />` attacks and similar, where you upload some "dangerous" binary, include it in another page, and it gets some of the host's permissions because Java/Flash security models are (or were, in the past) goofy.

Allow them to be served over GET if the client is Git LFS. This is safe; these attacks can't add arbitrary HTTP headers.

Test Plan:
Fetched files over GET with and without the LFS header.

```
$ curl -v http://local.phacility.com/file/data/@local/jfht2cxjazi5cmjomfhl/PHID-FILE-sa7mh2pfaocz2adiimeh/netgear_rma.pdf > /dev/null
...
HTTP 302 Redirect
...
```

```
$ curl -v -H 'X-Phabricator-Request-Type: git-lfs' http://localcontent.phacility.com/file/data/@local/jfht2cxjazi5cmjomfhl/PHID-FILE-sa7mh2pfaocz2adiimeh/netgear_rma.pdf > /dev/null
...
HTTP 200 Content
...
```

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T7789

Differential Revision: https://secure.phabricator.com/D15654
2016-04-07 08:55:32 -07:00
epriestley
5938d768d6 Don't dead-end users with out-of-date links to files
Summary: Ref T10262. Instead of dumping an unhelpful 403 "ACCESS DENIED" page on users, explain the most likely cause of the issue and give them a link to return to the file detail page to learn more or get an up-to-date link.

Test Plan: Hit both errors, had a lovely experience with the helpful dialog text.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10262

Differential Revision: https://secure.phabricator.com/D15650
2016-04-06 16:29:30 -07:00
epriestley
5664c838fb Reduce thumbnail flickering in comment previews
Summary:
Ref T10262. Currently, we always render a tag like this when you `{F123}` an image in remarkup:

```
<img src="/xform/preview/abcdef/" />
```

This either generates the preview or redirects to an existing preview. This is a good behavior in general, because the preview may take a while to generate and we don't want to wait for it to generate on the server side.

However, this flickers a lot in Safari. We might be able to cache this, but we really shouldn't, since the preview URI isn't a legitimately stable/permanent one.

Instead, do a (cheap) server-side check to see if the preview already exists. If it does, return a direct URI. This gives us a stable thumbnail in Safari.

Test Plan:
  - Dragged a dog picture into comment box.
  - Typed text.
  - Thing didn't flicker like crazy all the time in Safari.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10262

Differential Revision: https://secure.phabricator.com/D15646
2016-04-06 15:52:52 -07:00
epriestley
439821c7b2 Don't require one-time tokens to view file resources
Summary:
Ref T10262. This removes one-time tokens and makes file data responses always-cacheable (for 30 days).

The URI will stop working once any attached object changes its view policy, or the file view policy itself changes.

Files with `canCDN` (totally public data like profile images, CSS, JS, etc) use "cache-control: public" so they can be CDN'd.

Files without `canCDN` use "cache-control: private" so they won't be cached by the CDN. They could still be cached by a misbehaving local cache, but if you don't want your users seeing one anothers' secret files you should configure your local network properly.

Our "Cache-Control" headers were also from 1999 or something, update them to be more modern/sane. I can't find any evidence that any browser has done the wrong thing with this simpler ruleset in the last ~10 years.

Test Plan:
  - Configured alternate file domain.
  - Viewed site: stuff worked.
  - Accessed a file on primary domain, got redirected to alternate domain.
  - Verified proper cache headers for `canCDN` (public) and non-`canCDN` (private) files.
  - Uploaded a file to a task, edited task policy, verified it scrambled the old URI.
  - Reloaded task, new URI generated transparently.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10262

Differential Revision: https://secure.phabricator.com/D15642
2016-04-06 14:14:36 -07:00
epriestley
f9836cb646 Scramble file secrets when related objects change policies
Summary:
Ref T10262. Files have an internal secret key which is partially used to control access to them, and determines part of the URL you need to access them. Scramble (regenerate) the secret when:

  - the view policy for the file itself changes (and the new policy is not "public" or "all users"); or
  - the view policy or space for an object the file is attached to changes (and the file policy is not "public" or "all users").

This basically means that when you change the visibility of a task, any old URLs for attached files stop working and new ones are implicitly generated.

Test Plan:
  - Attached a file to a task, used `SELECT * FROM file WHERE id = ...` to inspect the secret.
  - Set view policy to public, same secret.
  - Set view policy to me, new secret.
  - Changed task view policy, new secret.
  - Changed task space, new secret.
  - Changed task title, same old secret.
  - Added and ran unit tests which cover this behavior.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10262

Differential Revision: https://secure.phabricator.com/D15641
2016-04-06 14:14:16 -07:00
Chad Little
1914ea28eb Update Files to new UI
Summary: Modernize Files a bit, use newPage

Test Plan: New file, drag and drop file, view file, edit file

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15631
2016-04-05 15:58:27 -07:00
epriestley
a24f001b08 Support pushing data into Git LFS
Summary:
Ref T7789. Ref T10604. This implements the `upload` action, which streams file data into Files.

This makes Git LFS actually work, at least roughly.

Test Plan:
  - Tracked files in an LFS repository.
  - Pushed LFS data (`git lfs track '*.png'; git add something.png; git commit -m ...; git push`).
  - Pulled LFS data (`git checkout master^; rm -rf .git/lfs; git checkout master; open something.png`).
  - Verified LFS refs show up in the gitlfsref table.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T7789, T10604

Differential Revision: https://secure.phabricator.com/D15492
2016-03-18 09:36:34 -07:00
epriestley
772c658aac Convert one-time file access tokens to modular token types
Summary: Fixes T10603. This is the last of the ad-hoc temporary tokens.

Test Plan:
  - Used a file token.
  - Viewed type in {nav Config > Temporary Tokens}.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10603

Differential Revision: https://secure.phabricator.com/D15481
2016-03-16 09:34:52 -07:00
epriestley
a837c3d73e Make temporary token storage/schema more flexible
Summary:
Ref T10603. This makes minor updates to temporary tokens:

  - Rename `objectPHID` (which is sometimes used to store some other kind of identifier instead of a PHID) to `tokenResource` (i.e., which resource does this token permit access to?).
  - Add a `userPHID` column. For LFS tokens and some other types of tokens, I want to bind the token to both a resource (like a repository) and a user.
  - Add a `properties` column. This makes tokens more flexible and supports custom behavior (like scoping LFS tokens even more tightly).

Test Plan:
- Ran `bin/storage upgrade -f`, got a clean upgrade.
- Viewed one-time tokens.
- Revoked one token.
- Revoked all tokens.
- Performed a one-time login.
- Performed a password reset.
- Added an MFA token.
- Removed an MFA token.
- Used a file token to view a file.
- Verified file token was removed after viewing file.
- Linked my account to an OAuth1 account (Twitter).

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10603

Differential Revision: https://secure.phabricator.com/D15478
2016-03-16 09:33:38 -07:00
epriestley
abb4c03b47 Remove shouldShowSubscribersProperty() from SubscribableInterface
Summary:
Every caller returns `true`. This was added a long time ago for Projects, but projects are no longer subscribable.

I don't anticipate needing this in the future.

Test Plan: Grepped for this method.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D15409
2016-03-06 06:01:36 -08:00
epriestley
4974e8487b Scale up small cover images instead of surrounding them with empty space
Summary: This makes small cover images full-width instead of teeny tiny dots in the middle of an island of whitespace.

Test Plan: Uploaded a small cover image.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D15203
2016-02-06 16:09:38 -08:00
epriestley
b6a38b403c Add storage and read logic for workboard card cover photos
Summary:
No way to set photos yet, but if you magic them in they work.

Primarily, this consolidates rendering logic so the move + edit + view controllers all run the same code to do tags / cover photos.

Test Plan: {F1095870}

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D15201
2016-02-06 15:34:41 -08:00
Chad Little
d92353930f Add a map marker icon for Milestones
Summary: Never got added.

Test Plan: Select a Milestone Project, edit Picture, see marker.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15194
2016-02-05 13:40:52 -08:00
epriestley
68254a046f Fix mishandling of chunk threshold in Diffusion for installs with no chunk engines available
Summary: Fixes T10273. The threshold is `null` if no chunk engines are available, but the code didn't handle this properly.

Test Plan: Disabled all chunk engines, reloaded, hit issue described in task. Applied patch, got clean file content.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10273

Differential Revision: https://secure.phabricator.com/D15179
2016-02-03 14:46:21 -08:00
Chad Little
fe5cd4ca2c Move FontIcon calls to Icon
Summary: Normalizes all `setFontIcon` calls to `setIcon`.

Test Plan: UIExamples, Almanac, Apps list, etc.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, hach-que, yelirekim

Differential Revision: https://secure.phabricator.com/D15129
2016-01-28 08:48:45 -08:00
Chad Little
36158dbdc0 Convert all calls to 'IconFont' to just 'Icon'
Summary: Mostly for consistency, we're not using other forms of icons and this makes all classes that use an icon call it in the same way.

Test Plan: tested uiexamples, lots of other random pages.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15125
2016-01-27 20:59:27 -08:00
Chad Little
43b8581d72 Fix some spelling errors in Icons
Summary: Some minor spelling mistakes.

Test Plan: Read

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15122
2016-01-27 20:59:14 -08:00
Chad Little
a0a3ac51f6 Fix project image redirect in files
Summary: I moved history to manage and missed this callsite.

Test Plan: Use present icon/color quick select.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15099
2016-01-23 16:46:12 -08:00
Chad Little
b381265d92 First cut of new Project Home
Summary:
First pass at a new Project Home page. This is starting to sprawl, so punting this up now before it gets too large.

 - Project homes now have "large header"
 - Custom Fields / Descriptions are in the main column
 - Feed is simpler visually
 - new "Background" option for PHUIObjectBoxView
 - move header buttons globally to "Grey" instead of "Simple"
 - New color and hover states for "Grey"
 - Transitions on Buttons haha
 - Edit Icon on Nav is now under "Manage" panel
 - New "Manage" Panel

TODO:
 - More testing of bad cases of Custom Fields
 - Members Page in flux, needs design
 - Um still not sure how to make Custom Field not show UI

Test Plan:
Lots of random Project page visits. Save project, watch project, edit project, etc.

{F1068191}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15097
2016-01-23 16:11:45 -08:00
epriestley
b51a859636 Allow diffusion.filecontentquery to load data for arbitrarily large files
Summary:
Fixes T10186. After D14970, `diffusion.filecontentquery` puts the content in a file and returns the file PHID.

However, it does this in a way that doesn't go through the chunking engine, so it will fail for files larger than the chunk threshold (generally, 8MB).

Instead, stream the file from the underlying command directly into chunked storage.

Test Plan:
  - Made a commit including a really big file: 4dcd4c492b
  - Used `diffusion.filecontentquery` to load file content.
  - Parsed/imported commit locally.
  - Used `diffusion.filecontentquery` to load content for smaller files (README, etc).

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10186

Differential Revision: https://secure.phabricator.com/D15072
2016-01-21 09:52:43 -08:00
epriestley
5c2e49a812 Allow any user to watch any project they can see
Summary:
Ref T6183. Ref T10054. Historically, only members could watch projects because there were some weird special cases with policies. These policy issues have been resolved and Herald is generally powerful enough to do equivalent watches on most objects anyway.

Also puts a "Watch Project" button on the feed panel to make the behavior and meaning more obvious.

Test Plan:
  - Watched a project I was not a member of.
  - Clicked the feed watch/unwatch button.

{F1064909}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T6183, T10054

Differential Revision: https://secure.phabricator.com/D15063
2016-01-19 19:38:30 -08:00
epriestley
9f36594100 Put feed on project home, move history to a separate page
Summary:
Ref T10054. This shuffles some stuff around to move us closer to mocks in M1450 in terms of what information is on which pages.

Home now has feed, members, watchers, link to "edit project / project edit history".

History now has edit history, edit details, edit picture, archive/unarchive.

Test Plan:
New home page:

{F1064889}

New edit/history page:

{F1064890}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10054

Differential Revision: https://secure.phabricator.com/D15060
2016-01-19 19:37:38 -08:00
Chad Little
b1c77f6527 Add new Project icons, 200px
Summary: Adds 64? or so 200px (retina) icons for better Project organization.

Test Plan: Edit Picture -> Choose Icon -> Retro Camera -> Save.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15057
2016-01-19 13:23:14 -08:00
Chad Little
f7646b40aa Remove defunt project image choices
Summary: These are old project image choices, remove and only go with FontAwesome related images.

Test Plan: Project -> Edit Picture -> Save

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15051
2016-01-19 08:50:59 -08:00
epriestley
a9a5991f01 Update project profile image composer for new IconSet code
Summary:
Fixes T6856. Fixes T10164.

  - Make the profile image composer code use the underlying icon name instead of the top-level icon key, so it works instead of 404'ing.
  - Change the button to show a preview of the profile icon instead of the text "Use Icon and Color".
  - When creating a new non-milestone project, automatically set the profile image to the icon + color image.

Test Plan:
  - Created several new projects, saw appropriate default icons.
  - Edited projects, saw icon previews.
  - Clicked icon buttons to set icons.
  - Poked around other applications which use builtins (Pholio, user profiles) to look for anything I broke, but everything seemed fine.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T6856, T10164

Differential Revision: https://secure.phabricator.com/D15050
2016-01-18 15:09:21 -08:00
epriestley
3f439e25bc Remove newFromMenu() from SideNav
Summary: Ref T10054. Just simplifying this a bit before I start laying in the new profile menus.

Test Plan:
  - Viewed Diviner on desktop and checked the mobile menu.
  - Viewed Files on desktop and checked the mobile menu.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10054

Differential Revision: https://secure.phabricator.com/D15015
2016-01-14 05:33:34 -08:00
epriestley
cb08757032 Swap S3 to first-party client
Summary:
Ref T5155. Swaps Phabricator over to the new first-party S3 client using the v4 authentication API so it works in all regions.

The API requires an explicit region, so the new `amazon-s3.region` is now required. I'll write guidance about this.

Test Plan:
  - Uploaded files to S3.
  - Migrated ~1GB of files to S3.
  - Loaded a bunch of files off S3.
  - Browsed around the S3 bucket.
  - Deleted a file, verified the data on S3 was destroyed.
  - Hit new setup warning.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T5155

Differential Revision: https://secure.phabricator.com/D14982
2016-01-10 07:55:27 -08:00
epriestley
ff6bfe387d Don't drop "phabricator-remarkup-embed-image" class from Remarkup images with width or height
Summary: Ref T10110. If an image had `width` or `height`, we would accidentally not give it an `$image_class`.

Test Plan:
{F1057988}

{F1057989}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10110

Differential Revision: https://secure.phabricator.com/D14983
2016-01-09 15:40:45 -08:00
epriestley
67ac356b03 Modernize bin/files migrate and fix behavior on chunk engines
Summary: Ref T9828. Mostly just does a minor modernization pass, but also doesn't migrate chunked files since it's not meaningful (they don't have data, directly).

Test Plan: Ran `bin/files migrate` with various flags. Migrated S3 -> Blob and Blob -> S3.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9828

Differential Revision: https://secure.phabricator.com/D14981
2016-01-09 11:46:23 -08:00
epriestley
efba69a440 Give users an explicit error if they try to upload a too-large diff to Differential
Summary:
Ref T8612. If a change affects more than 10K paths + hunks, tell the user it's too big and don't bother trying to write it. We're mostly bounded by INSERTs here.

Also, fix an issue with file upload errors. The keys are real PHP constants, but were accidentally converted to strings in D12797, causing every error to show as "unknown error".

Test Plan: {F1057509}

Reviewers: joshuaspence

Reviewed By: joshuaspence

Maniphest Tasks: T8612

Differential Revision: https://secure.phabricator.com/D14977
2016-01-08 18:53:33 -08:00
epriestley
9ab22e21b3 Allow installs to customize project icons
Summary:
Ref T10010. Ref T5819. General alignment of the stars:

  - There were some hacks in Conduit around stripping `fa-...` off icons when reading and writing that I wanted to get rid of.
  - We probably have room for a subtitle in the new heavy nav, and using the icon name is a good starting point (and maybe good enough on its own?)
  - The project list was real bad looking with redundant tag/names, now it is very slightly less bad looking with non-redundant types?
  - Some installs will want to call Milestones something else, and this gets us a big part of the way there.
  - This may slightly help to reinforce "tag" vs "policy" vs "group" stuff?

---

I'm letting installs have enough rope to shoot themselves in the foot (e.g., define 100 icons). It isn't the end of the world if they reuse icons, and is clearly their fault.

I think the cases where 100 icons will break down are:

  - Icon selector dialog may get very unwieldy.
  - Query UI will be pretty iffy/huge with 100 icons.

We could improve these fairly easily if an install comes up with a reasonable use case for having 100 icons.

---

The UI on the icon itself in the list views is a little iffy -- mostly, it's too saturated/bold.

I'd ideally like to try either:

  - rendering a "shade" version (i.e. lighter, less-saturated color); or
  - rendering a "shade" tag with just the icon in it.

However, there didn't seem to be a way to do the first one right now (`fa-example sh-blue` doesn't work) and the second one had weird margins/padding, so I left it like this for now. I figure we can clean it up once we build the thick nav, since that will probably also want an identical element.

(I don't want to render a full tag with the icon + name since I think that's confusing -- it looks like a project/object tag, but is not.)

Test Plan:
{F1049905}

{F1049906}

Reviewers: chad

Reviewed By: chad

Subscribers: 20after4, Luke081515.2

Maniphest Tasks: T5819, T10010

Differential Revision: https://secure.phabricator.com/D14918
2016-01-08 14:01:53 -08:00
epriestley
ba37149bf9 Improve bin/lipsum UX
Summary: Ref T9156. This makes the UX a little more modern/standard/safe.

Test Plan:
```
epriestley@orbital ~/dev/phabricator $ ./bin/lipsum generate
Choose which type or types of test data you want to generate, or select "all".

      - Differential Revisions
      - Files
      - Maniphest Tasks
      - Pastes
      - Pholio Mocks
      - Projects
      - User Accounts
```

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9156

Differential Revision: https://secure.phabricator.com/D14873
2015-12-24 09:06:35 -08:00
Chad Little
5fecd55d6e More NUX states
Summary: Ref T10032, adds "Basic" NUX to more applications.

Test Plan: Visit each with ?nux=true and click on the create link. T10032 is tracking which apps need general modernization to pick up these changes.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T10032

Differential Revision: https://secure.phabricator.com/D14847
2015-12-21 13:13:44 -08:00
epriestley
2868a69f65 Remove all setObjectURI() from ActionListViews
Summary:
Ref T10004. After D14804, we get this behavior by default and no longer need to set it explicitly.

(If some endpoint did eventually need to set it explicitly, it could just change what it passes to `setHref()`, but I believe we currently have no such endpoints and do not foresee ever having any.)

Test Plan:
  - As a logged out user, clicked various links in Differential, Maniphest, Files, etc., always got redirected to a sensible place after login.
  - Grepped for `setObjectURI()`, `getObjectURI()` (there are a few remaining callsites, but to a different method with the same name in Doorkeeper).

Reviewers: chad

Reviewed By: chad

Subscribers: hach-que

Maniphest Tasks: T10004

Differential Revision: https://secure.phabricator.com/D14805
2015-12-17 08:30:22 -08:00
epriestley
5e182180a9 Provide a "PHUIFormIconSetControl"
Summary:
Ref T9992. This is a step on the path to getting EditEngine working in Badges, Projects and Calendar.

This doesn't add a new `EditField` for icons yet, just standardizes the old stuff. New stuff is more general and I saved 150 lines of code.

I put the endpoint in Files because the similar "choose a profile picture" endpoint will definitely go there, and this endpoint might eventually feature, like, "draw your own icon~~" or something.

Test Plan:
  - Created events, projects and badges with custom icons.
  - Edited events, projects and badges, changing their icons.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9992

Differential Revision: https://secure.phabricator.com/D14799
2015-12-16 08:46:51 -08:00
Joshua Spence
9104867c71 Linter fixes
Summary: Minor linter fixes.

Test Plan: N/A

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D14631
2015-12-03 07:44:23 +11:00
Nipunn Koorapati
c4ea1e6e21 Increase the maximum size eligible for image transforms configurable from 4MB->16MB
Summary: Also increase the timeout for the external process to complete the transform.

Test Plan: Careful inspection

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: joshuaspence, cburroughs, chad, Korvin

Differential Revision: https://secure.phabricator.com/D14528
2015-11-25 06:42:44 -08:00
Joshua Spence
c35b564f4d Various translation improvements
Summary: Depends on D14070.

Test Plan: Eyeball it.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, hach-que

Differential Revision: https://secure.phabricator.com/D14073
2015-11-03 07:02:46 +11:00
Joshua Spence
495cb7a2e0 Mark PhabricatorPHIDType::getPHIDTypeApplicationClass() as abstract
Summary: Fixes T9625. As explained in a `TODO` comment, seems reasonable enough.

Test Plan: Unit tests.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, hach-que

Maniphest Tasks: T9625

Differential Revision: https://secure.phabricator.com/D14068
2015-11-03 06:47:12 +11:00
epriestley
9c798e5cca Provide bin/garbage for interacting with garbage collection
Summary:
Fixes T9494. This:

  - Removes all the random GC.x.y.z config.
  - Puts it all in one place that's locked and which you use `bin/garbage set-policy ...` to adjust.
  - Makes every TTL-based GC configurable.
  - Simplifies the code in the actual GCs.

Test Plan:
  - Ran `bin/garbage collect` to collect some garbage, until it stopped collecting.
  - Ran `bin/garbage set-policy ...` to shorten policy. Saw change in web UI. Ran `bin/garbage collect` again and saw it collect more garbage.
  - Set policy to indefinite and saw it not collect garabge.
  - Set policy to default and saw it reflected in web UI / `collect`.
  - Ran `bin/phd debug trigger` and saw all GCs fire with reasonable looking queries.
  - Read new docs.

{F857928}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9494

Differential Revision: https://secure.phabricator.com/D14219
2015-10-02 09:17:24 -07:00
epriestley
878a493301 Begin standardizing garbage collectors
Summary: Ref T9494. Improve support infrastructure for garbage collectors.

Test Plan:
  - Ran `bin/phd debug trigger`, saw collectors execute.

{F857852}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9494

Differential Revision: https://secure.phabricator.com/D14218
2015-10-01 16:58:43 -07:00
Chad Little
b8567f1764 Use setTable on File Transforms tables
Summary: Minor, but nicer.

Test Plan: Review File Transforms page, see new UI.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D14140
2015-09-21 12:29:05 -07:00
epriestley
6f372943db Add support for temporary files to file.allocate
Summary:
Ref T7148. I can do most of the export stuff by only modifying the Instances codebase, but want to upload all the backups and exports as temporary files and can't currently do this via the API.

Make the necessary API changes so that the export workflow can use them when it gets built out.

Test Plan: See next diff. Uploaded files with `arc upload --temporary` and saw them upload as temporary files.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T7148

Differential Revision: https://secure.phabricator.com/D14055
2015-09-04 10:34:32 -07:00
epriestley
bcc5e55af2 Push construction of routing maps into Sites
Summary:
This enables CORGI.

Currently, `AphrontSite` subclasses can't really have their own routes. They can do this sort of hacky rewriting of paths, but that's a mess and not desirable in the long run.

Instead, let subclasses build their own routing maps. This will let CORP and ORG have their own routing maps.

I was able to get rid of the `PhameBlogResourcesSite` since it can really just share the standard resources site.

Test Plan:
  - With no base URI set, and a base URI set, loaded main page and resources (from main site).
  - With file domain set, loaded resources from main site and file site.
  - Loaded a skinned blog from a domain.
  - Loaded a skinned blog from the main site.
  - Viewed "Request" tab of DarkConsole to see site/controller info.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D14008
2015-08-31 04:01:01 -07:00
Joshua Spence
368f359114 Use PhutilClassMapQuery instead of PhutilSymbolLoader
Summary: Use `PhutilClassMaQuery` instead of `PhutilSymbolLoader`, mostly for consistency. Depends on D13588.

Test Plan: Poked around a bunch of pages.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D13589
2015-08-14 07:49:01 +10:00
epriestley
bbc1074ced Allow upload of arbitrary text files
Summary:
Fixes T8984. Because of how drag-and-drop upload works, the text file with content `code` is interpreted as a forbidden variable. Disable this check for the drop upload controller.

(The risk here is a general one where the controller redirects and bundles paramters; this controller does not do that, so it's safe to make this change.)

Test Plan: Uploaded a text file containing only the string "code" (no quotes) by using drag-and-drop.

Reviewers: chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T8984

Differential Revision: https://secure.phabricator.com/D13744
2015-07-28 08:04:13 -07:00
Chad Little
e90379dd2d Update Files for handleRequest
Summary: Update Files application

Test Plan: Upload a file, edit a file, view details, transforms, delete file

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D13735
2015-07-27 09:41:53 -07:00
Joshua Spence
f695dcea9e Use PhutilClassMapQuery
Summary: Use `PhutilClassMapQuery` where appropriate.

Test Plan: Browsed around the UI to verify things seemed somewhat working.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D13429
2015-07-07 22:51:57 +10:00
Joshua Spence
acb1eb81cc Move some PhabricatorSearchField subclasses
Summary: Move some `PhabricatorSearchField` subclasses to be adjacent to the application to which they belong. This seems generally better to me than lumping them all together in the `src/applications/search/field/` directory. I was also wondering if it makes sense to rename these subclasses as `PhabricatorXSearchField` rather than `PhabricatorSearchXField` (as per T5655), but wasn't really sure if these objects are meant to be search-fields, or just fields belonging to the #search application.

Test Plan: N/A.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D13374
2015-07-06 22:52:05 +10:00
epriestley
1e3c49086e Merge branch 'master' into redesign-2015 2015-06-28 07:41:46 -07:00
Eitan Adler
2536febed3 Remove duplicated duplicated words
Test Plan: eyeball it

Reviewers: joshuaspence, #blessed_reviewers, epriestley

Reviewed By: joshuaspence, #blessed_reviewers, epriestley

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D13462
2015-06-27 08:43:44 -07:00
epriestley
14a395ed8e Merge branch 'master' into redesign-2015 2015-06-25 10:06:50 -07:00
Eitan Adler
3c7f4e5c5b Remove duplicate duplicate words which are not requires
Summary: Change 'the the' to 'the' where appropriate.

Test Plan: eyeball it

Reviewers: joshuaspence, chad, #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D13412
2015-06-23 17:26:14 -07:00
epriestley
b55f9b6120 Merge branch 'master' into redesign-2015 2015-06-22 12:26:41 -07:00
epriestley
d1983560a6 Show when objects have a non-default policy
Summary:
Fixes T6787. I'm kind of cheating a little bit here by not unifying default selection with `initializeNew(...)` methods, but I figure we can let this settle for a bit and then go do that later. It's pretty minor.

Since we're not doing templates I kind of want to swap the `'template'` key to `'type'` so maybe I'll do that too at some point.

@chad, freel free to change these, I was just trying to make them pretty obvious. I //do// think it's good for them to stand out, but my approach is probably a bit inconsistent/heavy-handed in the new design.

Test Plan:
{F525024}

{F525025}

{F525026}

{F525027}

Reviewers: btrahan, chad

Reviewed By: btrahan

Subscribers: johnny-bit, joshuaspence, chad, epriestley

Maniphest Tasks: T6787

Differential Revision: https://secure.phabricator.com/D13387
2015-06-22 11:46:59 -07:00
epriestley
bb58a123e6 Modularize Celerity postprocessors
Summary: Not sure if we want this, but it seems to work fine.

Test Plan: {F516736}

Reviewers: joshuaspence, chad

Reviewed By: joshuaspence, chad

Subscribers: joshuaspence, epriestley

Differential Revision: https://secure.phabricator.com/D13363
2015-06-20 06:10:42 -07:00
Chad Little
801607381d [Redesign] PhabricatorApplicationSearchResultView
Summary: Ref T8099. This adds a new class which all search engines return for layout. I thought about this a number of ways, and I think this is the cleanest path. Each Engine can return whatever UI bits they needs, and AppSearch or Dashboard picks and lays the bits out as needed. In the AppSearch case, interfaces like Notifications, Calendar, Legalpad all need more custom layouts. I think this also leaves a resonable path forward for NUX as well. Also, not sure I implemented the class correctly, but assume thats easy to fix?

Test Plan: Review and do a search in each application changed. Grep for all call sites.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T8099

Differential Revision: https://secure.phabricator.com/D13332
2015-06-19 11:46:20 +01:00
epriestley
53ef057b1b Merge branch 'master' into redesign-2015 2015-06-15 08:06:23 -07:00
Joshua Spence
1239cfdeaf Add a bunch of tests for subclass implementations
Summary: Add a bunch of tests to ensure that subclasses behave.

Test Plan: `arc unit`

Reviewers: eadler, #blessed_reviewers, epriestley

Reviewed By: eadler, #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D13272
2015-06-15 18:13:27 +10:00
Joshua Spence
b6d745b666 Extend from Phobject
Summary: All classes should extend from some other class. See D13275 for some explanation.

Test Plan: `arc unit`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D13283
2015-06-15 18:02:27 +10:00
epriestley
52f8756c3c Add a "template" parameter to application default policies
Summary:
Ref T5681. Ref T6860. This doesn't do anything interesting on its own, just makes the next diff smaller.

In the next diff, policies become aware of the types of objects they're acting on. We need to specify which object type all the "Default View/Edit" settings are for so they get the right rules.

For example, a rule like "Allow task author" is OK for "View Policy" on a task, and also OK for "Default View Policy" on ManiphestApplication. But it's not OK for "Can Create Tasks" on ManiphestApplication.

So annotate all the "template"/"default" policies with their types. The next diff will use these to let you select appropriate rules for the given object type.

Test Plan:
  - Used `grep` to find these.
  - This change has no effect.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5681, T6860

Differential Revision: https://secure.phabricator.com/D13251
2015-06-11 13:25:30 -07:00
epriestley
57b898af9a Merge branch 'master' into redesign-2015 2015-06-10 07:44:58 -07:00
epriestley
7f5919de1c Don't load attached files for profile images
Summary:
Ref T8478. I think the cycle is:

  - Conpherence Thread > Loads handle for participant > loads file for profile image > loads attached files to check visibility > loads conpherence thread > ...

So, specifically, someone attached their profile image to a thread or message somewhere.

This breaks the cycle by stopping the attached-files visibility check from happening, since we don't need it. This seemed like the easiest link in the chain to break.

//Ideally//, I think the longer-term and more complete fix here is to stop Conpherence from requiring handles in order to load thread handles (and, generally, having a "handles must not load other handles" rule), but that's not trivial and might not be especially practical.

Test Plan: Will test in production.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T8478

Differential Revision: https://secure.phabricator.com/D13216
2015-06-08 15:39:47 -07:00
Joshua Spence
af1b586990 Fix method visibilities
Summary: See also D13186.

Test Plan: Ran `arc unit --everything`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D13201
2015-06-09 07:17:44 +10:00
epriestley
bf87976d25 Support ordering in SearchField
Summary:
Ref T8441. Ref T7715. Automatically generate a modern "Order" control in ApplicationSearch for engines which fully support SearchField.

Notably, this allows the standard "Order" control to automatically support custom field orders. We do this in Maniphest today, but in an ad-hoc way.

Test Plan: Performed order-by queries in Almanac (Services), Pholio, Files, People, Projects, and Paste.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7715, T8441

Differential Revision: https://secure.phabricator.com/D13193
2015-06-08 12:21:48 -07:00
epriestley
3cdaf52ce9 Make Subscribers automatically provide working SearchFields
Summary:
Ref T8441. Ref T7715. For modern Query classes, automatically make subscriber queries and SearchField integrations work.

In particular, we can just drive this query with EdgeLogic and don't need to do anything specific on these Query classes beyond making sure they're implemented in a way that picks up all of the EdgeLogic clauses.

Test Plan:
  - Searched for subscribers in Pholio, Files, Paste, and Projects.
  - Searched for all other fields in Projects to check that Query changes are OK.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7715, T8441

Differential Revision: https://secure.phabricator.com/D13191
2015-06-08 12:20:53 -07:00
epriestley
cdef3e8bc8 Convert Files to SearchFields
Summary:
Ref T8441. Ref T7715.

  - Update FileSearchEngine.
  - Nothing too special/fancy.

Test Plan:
  - Searched for various files.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7715, T8441

Differential Revision: https://secure.phabricator.com/D13175
2015-06-07 07:32:09 -07:00
epriestley
bfca11dbba Merge branch 'master' into redesign-2015 2015-05-22 12:57:32 -07:00
Joshua Spence
36e2d02d6e phtize all the things
Summary: `pht`ize a whole bunch of strings in rP.

Test Plan: Intense eyeballing.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: hach-que, Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D12797
2015-05-22 21:16:39 +10:00
epriestley
d70ca6b7c8 When file transforms race and lose, accept defeat gracefully
Summary: Fixes T8277. Transforming files can race; resolve the race after we lose.

Test Plan:
  - Added `sleep(10)` near the bottom of the transform controller.
  - Transformed a file in two browser windows at the same time; got something like this (exception corresponds to the loser of the race):

{F412526}

  - Applied patch.
  - Repeated process, got this:

{F412527}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T8277

Differential Revision: https://secure.phabricator.com/D12965
2015-05-21 09:42:20 -07:00
epriestley
f99c7beb90 Fully remove all the public-create-mail settings
Summary: Fixes T5703. These have been unused in production for a while and the new stuff seems good.

Test Plan: Mostly `grep`.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5703

Differential Revision: https://secure.phabricator.com/D12949
2015-05-20 14:21:33 -07:00
Chad Little
a4784e03ff [Redesign] Add Table, Collapse support to ObjectBox
Summary: Converts most all tables to be directly set via `setTable` to an ObjectBox. I think this path is more flexible design wise, as we can change the box based on children, and not just CSS. We also already do this with PropertyList, Forms, ObjectList, and Header. `setCollapsed` is added to ObjectBox to all children objects to bleed to the edges (like diffs).

Test Plan: I did a grep of `appendChild($table)` as well as searches for `PHUIObjectBoxView`, also with manual opening of hundreds of files. I'm sure I missed 5-8 places. If you just appendChild($table) nothing breaks, it just looks a little funny.

Reviewers: epriestley, btrahan

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D12955
2015-05-20 12:48:43 -07:00
Joshua Spence
c896aeb62e Various linter fixes
Summary: Apply various linter fixes.

Test Plan: Unit tests + eyeballing.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: hach-que, Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D12390
2015-05-20 07:27:41 +10:00
Joshua Spence
16a8ed72bd Modernize search engine selection
Summary: Remove the `PhabricatorDefaultSearchEngineSelector` class. This is quite similar to D12053.

Test Plan: Went to `/view/PhabricatorSearchApplication/` and saw the storage engine configuration. Set `search.elastic.host` and saw the highlighted storage engine change.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D12670
2015-05-20 06:59:59 +10:00
Bob Trahan
81a475d5a6 Transactions - make implementing TYPE_XXXX_POLICY transactions optional
Summary: Ref T6403. This was actually simple stuff.

Test Plan: changed the edit policy of a paste. changed the edit and join policy of a phame blog.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6403

Differential Revision: https://secure.phabricator.com/D12933
2015-05-19 12:58:18 -07:00
Bob Trahan
3ef0721ada Reduce PhabricatorUser::getOmnipotentUser calls by adding a getViewer method to PhbaricatorDestructionEngine
Summary:
Fixes T6956. Before this change, we called PhabricatorUser::getOmnipotentUser in the various delete methods to query the data. Now, we use $engine->getViewer(), since its always a good thing to have less calls to PhabricatorUser::getOmnipotentUser thrown around the codebase.

I used the "codemod" tool to audit the existing calls to PhabricatorDestructorEngine (all of them) so ostensibly this gets all the spots. If I missed something though, its still going to work, so this change is very low risk.

Test Plan: ./bin/remove destroy P1; visit P1 and get a 404

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6956

Differential Revision: https://secure.phabricator.com/D12866
2015-05-15 14:07:17 -07:00
Joshua Spence
61b178f44e Use PhutilInvalidStateException
Summary: Use `PhutilInvalidStateException`. Depends on D12803.

Test Plan: Unit tests pass.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D12829
2015-05-14 07:53:52 +10:00
Joshua Spence
acb45968d8 Use __CLASS__ instead of hard-coding class names
Summary: Use `__CLASS__` instead of hard-coding class names. Depends on D12605.

Test Plan: Eyeball it.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: hach-que, Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D12806
2015-05-14 07:21:13 +10:00
epriestley
b36a8fa885 Implement a user profile image cache
Summary:
Ref T7707. The general form of this can probably be refined somewhat over time as we have more use cases.

I put this cache on the user object itself because we essentially always need this data and it's trivial to invalidate the cache (we can do it implicilty during reads).

Also fix an issue with short, wide images not thumbnailing properly after recent changes.

Test Plan:
  - Loaded some pages; saw caches write; saw good pictures.
  - Reloaded; saw cache reads; saw good pictures.
  - Changed profile picture; saw immediate update.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7707

Differential Revision: https://secure.phabricator.com/D12826
2015-05-13 11:38:51 -07:00
epriestley
47b14c9bde Convert inline profile image transforms to new transformations
Summary:
Ref T7707. Fixes T7879. Fixes T4406. When creating profile images:

  - Use the new transforms;
  - mark them as "profile" images so they're forced to the most-open policies.

Test Plan:
  - Set restrictive default file policies.
  - Changed profile picture, project pictures, etc. Verified they were visible to logged-out users.
  - Registered via OAuth.
  - Updated a Conpherence thread image.
  - Browsed around looking for profile images, fixed sizing on everything I could find.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7879, T7707, T4406

Differential Revision: https://secure.phabricator.com/D12821
2015-05-13 11:38:46 -07:00
epriestley
7e365eb8ae Convert "profile" image transforms to the new pathway
Summary:
Ref T7707. This ends up being sort of complicated: to support 100x100 images in T4406, we need to scale small images //up// so they look OK when we scale them back down with `background-size` in CSS.

The rest of it is mostly straightforward.

Test Plan:
  - Did an OAuth handshake and saw a scaled-up, scaled-down profile picture that looked correct.
  - Used Pholio, edited pholio, embedded pholio.
  - Uploaded a bunch of small/weird/big images and regenerated all their transforms.
  - Uploaded some text files into Pholio.
  - Grepped for removed methods, etc.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7707

Differential Revision: https://secure.phabricator.com/D12818
2015-05-13 11:38:46 -07:00
epriestley
75f6211233 Convert "preview" image transforms to new pathway
Summary: Ref T7707. Move the 220px (file uploads) and 100px (Pholio thumbgrid) previews over to the new stuff.

Test Plan: Uploaded a bunch of images to remarkup and Pholio; they generated reasonable results in the web UI.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7707

Differential Revision: https://secure.phabricator.com/D12814
2015-05-13 11:38:46 -07:00
epriestley
200e525df1 Support imagemagick on new image transform pathway
Summary: Ref T7707. For animated GIFs, use imagemagick if it is available.

Test Plan: Generated small versions of a bunch of different GIFs.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7707

Differential Revision: https://secure.phabricator.com/D12813
2015-05-13 11:38:46 -07:00
epriestley
fd1e0bc4d3 Implement error-checked "preview" transforms
Summary: Ref T7707. These transforms have a single maximum dimension instead of fixed X and Y dimensions.

Test Plan: Transformed a bunch of files with different sizes/aspect ratios, got sensible results.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7707

Differential Revision: https://secure.phabricator.com/D12812
2015-05-13 11:38:45 -07:00
epriestley
2bdb5404c7 Implement new profile transform with amazing "error handling" feature
Summary:
Ref T7707. Ref T4406. Ref T2479. This implements the profile-style (fixed width and height) transforms in a modern way.

  - Added a "regnerate" feature to the support UI to make testing easier and surface errors.
  - Laboriously check errors from everything.
  - Fix the profile thumbnailing so it crops properly instead of leaving margins.
  - Also defuses the "gigantic white PNG" attack.

This doesn't handle the imagemagick case (for animated GIFs) yet.

Test Plan:
  - Uploaded a variety of wide/narrow/small/large files and converted them into sensible profile pictures.
  - Tried to thumbnail some text files.
  - Set the pixel-size and file-size limits artificially small and hit them.
  - Used "regenerate" a bunch while testing the rest of this stuff.
  - Verified that non-regenerate flows still produce a default/placeholder image.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4406, T2479, T7707

Differential Revision: https://secure.phabricator.com/D12811
2015-05-13 11:38:45 -07:00
epriestley
a19b0029e2 Fix bad aspect ratio on some file previews
Summary: Ref T7707. Fixes T4724. I misread the report on T4724; this is trivial. We're just reading the wrong properties in setting "width" and "height" attributes, the actual thumbnailing logic is fine.

Test Plan: Uploaded image from T4724, saw it have a proper aspect ratio.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: spicyj, epriestley

Maniphest Tasks: T4724, T7707

Differential Revision: https://secure.phabricator.com/D12810
2015-05-13 11:38:45 -07:00
epriestley
65ff40844b Make modular transforms handle exceptions gracefully
Summary:
Ref T7707. Ref T2479. Ref T5258.

The thumbnailing code is some of the only code in the codebase which doesn't use exceptions to handle errors. I'm going to convert it to use exceptions; make sure they do something reasonable at top level.

Strategy here is:

  - By default, we just fall back to a placeholder image if anything goes wrong.
  - Later, I'll likely add a "debug" workflow from the new "Transforms" UI which will surface the specific exception instead (the code can't really raise any interesting exceptions right now).

Test Plan: Faked an exception and saw some reasonable default images.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5258, T2479, T7707

Differential Revision: https://secure.phabricator.com/D12809
2015-05-13 11:38:45 -07:00
epriestley
c998e44b5a Modularize file transforms and provide a "transforms" UI
Summary:
Ref T7707. Available transforms are currently relatively hard-coded and don't really have any support UI.

Modularize them so we can build some support UI.

This doesn't actually //use// any of the new stuff yet: I want to make a clean cutover once I fix the aspect ratio stuff so I can pick up a cachekey/URI change as a side effect.

Test Plan: {F400524}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: chad, epriestley

Maniphest Tasks: T7707

Differential Revision: https://secure.phabricator.com/D12808
2015-05-13 11:38:45 -07:00
epriestley
ae32d1afb8 Remove unused file transforms
Summary:
Ref T7707.

  - Modernize the file transform endpoint a bit.
  - Delete transforms which are no longer used in the product.

Test Plan:
  - Used Pholio (navigation, inline thumbs).
  - Uploaded images (embed thumb).
  - Changed profile picture (profile thumb).

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7707

Differential Revision: https://secure.phabricator.com/D12807
2015-05-13 11:38:45 -07:00
Joshua Spence
4ea9d76f66 Add some missing type hints
Summary: Add some typehints for Remarkup rules.

Test Plan: Browsed around some Remarkup text.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D12694
2015-05-05 07:33:00 +10:00
lkassianik
55ff197f2a File names should be editable.
Summary: Fixes T7480, File names should be editable and the event should show up in feed.

Test Plan: Upload a file, view file details, edit file, change file name by adding a space and a word to the name, save changes, file name should retain space and not normalize the name, file details should show the edit event, install feed should correctly show an event for the action.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Maniphest Tasks: T7480

Differential Revision: https://secure.phabricator.com/D12561
2015-04-26 15:24:29 -07:00
Bob Trahan
e40aa8f782 Quicksand - make things work correctly with global drag and drop upload
Summary: Fixes T7685. This required making the global drag and drop behavior able to "uninstall" itself so to speak, and then it re-installs it self as necessary.

Test Plan:
Did the following all successfully

 - uploaded a file to homepage
 - homepage -> differential -- no way to upload via drag and drop
 - homepage -> differential -> homepage -- uploaded a file
 - homepage -> differential -> browser back button to homepage -- uploaded a file

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7685

Differential Revision: https://secure.phabricator.com/D12534
2015-04-23 15:08:35 -07:00
epriestley
55e49d7e31 Provide more buildXClause() and buildXClauseParts() on PolicyAwareQuery
Summary:
Ref T4100. Ref T5595. These functions are trivial for now, but move us toward being able to define more default query behavior by default.

Future changes will give these methods meaningful, nontrivial behaviors.

Test Plan: `arc unit --everything`

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5595, T4100

Differential Revision: https://secure.phabricator.com/D12454
2015-04-20 10:06:10 -07:00
epriestley
f5580c7a08 Make buildWhereClause() a method of AphrontCursorPagedPolicyAwareQuery
Summary:
Ref T4100. Ref T5595.

To support a unified "Projects:" query across all applications, a future diff is going to add a set of "Edge Logic" capabilities to `PolicyAwareQuery` which write the required SELECT, JOIN, WHERE, HAVING and GROUP clauses for you.

With the addition of "Edge Logic", we'll have three systems which may need to build components of query claues: ordering/paging, customfields/applicationsearch, and edge logic.

For most clauses, queries don't currently call into the parent explicitly to get default components. I want to move more query construction logic up the class tree so it can be shared.

For most methods, this isn't a problem, but many subclasses define a `buildWhereClause()`. Make all such definitions protected and consistent.

This causes no behavioral changes.

Test Plan: Ran `arc unit --everything`, which does a pretty through job of verifying this statically.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: yelirekim, hach-que, epriestley

Maniphest Tasks: T4100, T5595

Differential Revision: https://secure.phabricator.com/D12453
2015-04-20 10:06:09 -07:00
epriestley
156b156e77 Give Conduit params/return/errors protected visibility
Summary:
Ref T7803. Ref T5873. I want to drive Conduit through more shared infrastructure, but can't currently add parameters automatically.

Put a `getX()` around the `defineX()` methods so the parent can provide default behaviors.

Also like 60% of methods don't define any special error types; don't require them to implement this method. I want to move away from this in general.

Test Plan:
  - Ran `arc unit --everything`.
  - Called `conduit.query`.
  - Browsed Conduit UI.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: hach-que, epriestley

Maniphest Tasks: T5873, T7803

Differential Revision: https://secure.phabricator.com/D12380
2015-04-13 11:58:35 -07:00
epriestley
4fba6e7730 Remove trivial implementations of getPagingColumn()
Summary:
Ref T7803. Some Query subclasses implement getPagingColumn() in a trivial way, usually to provide a table alias.

Formalize the concept of a primary table alias, and remove obsoleted getPagingColumn() implementations.

Test Plan: Issued affected queries.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7803

Differential Revision: https://secure.phabricator.com/D12356
2015-04-13 11:58:19 -07:00
Joshua Spence
ea376685ae Fix some odd looking arrays
Summary: These arrays looks a little odd, most likely due to the autofix applied by `ArcanistXHPASTLinter::LINT_ARRAY_SEPARATOR`. See D12296 in which I attempt to improve the autocorrection from this linter rule.

Test Plan: N/A

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D12281
2015-04-05 22:29:39 +10:00
epriestley
eb81fd1562 Expose all application mail receivers
Summary:
Fixes T7199. This still isn't a shining example of perfect code, but the raw amount of copy/paste is much lower than it used to be.

  - Reduce code duplication between existing receivers.
  - Expose receiving objects in help menus where appropriate.
  - Connect some "TODO" receivers.

Test Plan:
  - Sent mail to every supported object type.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7199

Differential Revision: https://secure.phabricator.com/D12249
2015-04-01 11:52:02 -07:00
epriestley
c32fee0e48 Fully modularize mail commands
Summary: Ref T7199. Everyone can have a mail command! You can have a mail command! You can have a mail command! Mail commands for everyone!

Test Plan: Used `bin/mail receive-test` to issue commands against files and pastes.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7199

Differential Revision: https://secure.phabricator.com/D12238
2015-04-01 08:40:00 -07:00
epriestley
7c5f71b691 Subclass most ReplyHandlers from TransactionReplyHandler
Summary: Ref T7199. Half of these aren't even reachable, but make some progress toward reducing the amount of nonsense and garbage in mail handling.

Test Plan: Tested all reachable handlers with `bin/mail receive-test`.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7199

Differential Revision: https://secure.phabricator.com/D12237
2015-04-01 08:39:50 -07:00
epriestley
0d99c84bd7 Modernize email command parsing
Summary:
Ref T7199. This prepares for an exciting new world of more powerful "!action" commands. In particular:

  - We parse multiple commands per mail.
  - We parse command arguments (these are currently not used).
  - We parse commands at the beginning or end of mail.

Additionally:

  - Do a quick modernization pass on all handlers.
  - Break legacy compatibility with really hacky Facebook stuff (see T1992). They've theoretically been on notice for a year and a half, and their setup relies on calling very old reply handler APIs directly.
  - Some of these handlers had some copy/paste fluff.
  - The Releeph handler is unreachable, but fix it //in theory//.

Test Plan:
- Sent mail to a file; used "!unsubscribe".
- Sent mail to a legalpad document; used "!unsubscribe".
- Sent mail to a task; used various "!close", "!claim", "!assign", etc.
- Sent mail to a paste.
- Sent mail to a revision; used various "!reject", "!claim", etc.
- Tried to send mail to a pull request but it's not actually reachable.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7199

Differential Revision: https://secure.phabricator.com/D12230
2015-03-31 16:48:27 -07:00
epriestley
030e05aa4c Remove reply handler instructions from email
Summary:
Ref T7199. Although this is useful for discovery, it's un-useful enough that we already have an option to disable it, and most applications do not provide any meaningful instructions.

Throwing it away makes it easier to move forward and lets us get rid of a config option.

This is becoming a more advanced/power-user feature anyway, and the new syntax will be significantly more complex and hard to explain with a one-liner. I'm currently thinking that I'll maybe make the "help" menu a dropdown and give it some options like:

  +---+
  | O |
  +---+---------------------+
  | Maniphest Documentation |
  | Maniphest Email Actions |
  +-------------------------+

Then you click the "Email Actions" thing and get a runtime-derived list of available options. Not sure if I'll actually build that, but I think we can fairly throw the in-mail instructions away even if we don't go in that specific direction.

Test Plan: Grepped for `replyHandlerInstructions`, got no hits.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7199

Differential Revision: https://secure.phabricator.com/D12229
2015-03-31 16:48:17 -07:00
epriestley
7cf726c7f7 Fix an issue with FileMailReceiver not working well
Summary: Ref T7199. Guess no one has ever tried to reply to file mail.

Test Plan: Used `bin/mail receive-test` to send mail to files.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7199

Differential Revision: https://secure.phabricator.com/D12228
2015-03-31 16:47:58 -07:00
epriestley
d403700e1f Convert all tokenizers to take token/scalar inputs
Summary: Ref T7689. Ref T4100. This advances the goals of removing `loadViewerHandles()` (only 67 callsites remain!) and letting tokenizers some day take token functions like `viewer()` and `members(differential)`.

Test Plan:
- Sent a new message; used "To".
  - I simplified the cancel URI construction slightly because it's moot in all normal cases.
- Edited a thread; used "Add Participants".
- Searched rooms; used "Participants".
- Searched countdowns; used "Authors".
- Created a diff; used "Repository".
- Edited a revision; edited "Projects"; edited "Reveiwers"; edited "Subscribers".
- Searched for revisions; edited "responsible users"; "authors"; "reviwers"; "subscribers"; "repositories".
- Added revision comments; edited "Add Reveiwers"; "Add Subscribers".
- Commented on a commit; edited "Add Auditors"; "Add subscribers".
- Edited a commit; edited "Projects".
- Edited a repository; edited "Projects".
- Searched feed, used "include Users"; "include Proejcts".
- Searched files, used "authors".
- Edited initiative; edited "Projects".
- Searched backers; used "Backers".
- Searched initiatives; used "Owners".
- Edited build plans; edited "Run Command".
- Searched Herald; used "Authors".
- Added signature exemption in Legalpad.
- Searhced legalpad; used "creators"; used "contributors".
- Searched signatures; used "documents"; used "signers".
- Created meme.
- Searched macros; used "Authors".
- Used "Projects" in Maniphest reports.
- Used Maniphest comment actions.
- Edited Maniphest tasks; edited "Assigned To"; edited "CC"; edited "projects".
- Used "parent" in Maniphest task creation workflow.
- Searched for projects; used "assigned to"; "in any projec"; "in all projects"; "not in projects"; "in users' projects"; "authors"; "subscribers".
- Edited Maniphest bug filing domains, used "Default Author".
- Searched for OAuth applications, used "Creators".
- Edited Owners pacakge; edited "Primary Owner"; edited "Owners".
- Searched for Owners packages; used "Owner".
  - OMG this UI is OLD
- Edited a paste; edited "Projects".
- Searched for paste; used "Authors".
- Searched user activity log; used "Actors"; used "Users".
- Edited a mock; edited "Projects"; edited "CC".
- Searched for mocks; used "Authors".
- Edited Phortune account; edited "Members".
- Edited Phortune merchant account; edited "Members".
- Searched Phrequent; used "Users".
- Edited Ponder question; sued "projects".
- Searched Ponder; used "Authors"; used "Answered By".
- Added project members.
- Searched for projects; used "Members".
- Edited a Releeph product; edited "Pushers".
- Searched pull requests; searched "Requestors".
- Edited an arcanist project; used "Uses Symbols From".
- Searhced push logs; used "Repositories"; used "Pushers".
- Searched repositories; used "In nay project".
- Used global search; used Authors/owners/Subscribers/In Any Project.
- Edited a slowvote; used "Projects".
- Searched slovotes; used "Authors".
- Created a custom "Users" field; edited and searched for it.
- Made a whole lot of typos in this list. ^^^^^^

Did not test:

- Lint is nontrivial to test locally, I'll test it in production.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4100, T7689

Differential Revision: https://secure.phabricator.com/D12224
2015-03-31 14:10:55 -07:00
epriestley
a8271ecd40 Remove most callsites to Controller->renderHandlesForPHIDs()
Summary: Ref T7689. This moves most of the easy/testable callsites off `Controller->renderHandlesForPHIDs()`.

Test Plan:
- Viewed a file; viewed author; viewed "attached" tab.
- Viewed a mock; viewed attached tasks.
- Viewed a credential; viewed "Used By".
- Viewed a paste; viewed author; viewed forks; viewed forked from.
- Viewed a dashboard; viewed panel list.
- Viewed a dashboard panel; viewed "Appears On".
- Viewed a Phortune account; viewed "Members"; viewed payment methods.
- Viewed a Phortune merchant account; viewed "Members".
- Viewed Phortune account switcher; viewed "Accounts".
  - I just removed "Members:" here since it felt kind of out-of-place anyway.
- Viewed a Phragment fragment, viewed "Latest Version", viewed "Snapshots".
- Viewed a Phargment snapshot, viewed "Fragment".

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: hach-que, epriestley

Maniphest Tasks: T7689

Differential Revision: https://secure.phabricator.com/D12207
2015-03-31 05:48:19 -07:00
epriestley
40fb0f98df Mostly defuse DNS rebinding attack for outbound requests
Summary: Ref T6755. I'll add some notes there about specifics.

Test Plan:
  - Made connections to HTTP and HTTPS URIs.
  - Added some debugging code to verify that HTTP URIs were pre-resolved.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6755

Differential Revision: https://secure.phabricator.com/D12169
2015-03-26 11:12:22 -07:00
epriestley
2e72e9ff31 Rate limit outbound requests in Macros
Summary:
Ref T6755. Although we do not return response bodies, it is possible to perform crude portscanning if you can execute a DNS rebinding attack (which, for now, remains theoretical).

Limit users to 60 requests / hour to make it less feasible. This would require ~30 years to portscan all ports on a `/32` netblock.

Users who can guess that services may exist can confirm their existence more quickly than this, but if the attacker already had a very small set of candidate services it seems unlikely that portscanning would be of much use in executing the attack.

This protection should eventually be applied to T4190, too (that task also has other considerations).

Test Plan: Set rate limit very low, hit rate limit.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6755

Differential Revision: https://secure.phabricator.com/D12168
2015-03-26 11:11:52 -07:00
epriestley
6ce4044bfa Lock MIME type configuration
Summary:
Ref T6755. This mitigates an attack where you:

  - compromise an administrative account;
  - configure "text/plain" as an "image" MIME type; and
  - create a new macro sourced from a sensitive resource which is locally accessible over HTTP GET, using DNS rebinding.

You can then view the content of the resource in Files. By preventing the compromised account from reconfiguring the MIME types, the server will instead destroy the response and prevent the attacker from seeing it.

In general, these options should change very rarely, and they often sit just beyond the edge of security vulnerabilities anyway.

For example, if you ignore the warnings about an alternate file domain and elect to serve content from the primary domain, it's still somewhat difficult for an attacker to exploit the vulnerability. If they can add "text/html" or "image/svg+xml" as image MIME types, it becomes trivial. In this case not having an alternate domain is the main issue, but easy modification of this config increases risk/exposure.

Test Plan: Viewed affected config and saw that it is locked.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6755

Differential Revision: https://secure.phabricator.com/D12154
2015-03-25 10:16:22 -07:00
epriestley
4f8147dbb8 Improve protection against SSRF attacks
Summary:
Ref T6755. This improves our resistance to SSRF attacks:

  - Follow redirects manually and verify each component of the redirect chain.
  - Handle authentication provider profile picture fetches more strictly.

Test Plan:
  - Tried to download macros from various URIs which issued redirects, etc.
  - Downloaded an actual macro.
  - Went through external account workflow.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6755

Differential Revision: https://secure.phabricator.com/D12151
2015-03-24 18:49:01 -07:00
epriestley
22b2b8eb89 Fix a bad call in file chunk destruction
Summary: This signature changed at some point after I tested things and I didn't catch it.

Test Plan: Destroyed a chunked large file with `bin/remove`.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D12152
2015-03-24 18:48:51 -07:00
epriestley
1c32c9b965 Improve granluarity and defaults of security.allow-outbound-http
Summary:
Ref T6755. This is a partial fix, but:

  - Allow netblocks to be blacklisted instead of making the feature all-or-nothing.
  - Default to disallow requests to all reserved private/local/special IP blocks. This should generally be a "safe" setting.
  - Explain the risks better.
  - Improve the errors rasied by Macro when failing.
  - Removed `security.allow-outbound-http`, as it is superseded by this setting and is somewhat misleading.
    - We still make outbound HTTP requests to OAuth.
    - We still make outbound HTTP requests for repositories.

From a technical perspective:

  - Separate URIs that are safe to link to or redirect to (basically, not "javascript://") from URIs that are safe to fetch (nothing in a private block).
  - Add the default blacklist.
  - Be more careful with response data in Macro fetching, and don't let the user see it if it isn't ultimately valid.

Additionally:

  - I want to do this check before pulling repositories, but that's enough of a mess that it should go in a separate diff.
  - The future implementation of T4190 needs to perform the fetch check.

Test Plan:
  - Fetched a valid macro.
  - Fetched a non-image, verified it didn't result in a viewable file.
  - Fetched a private-ip-space image, got an error.
  - Fetched a 404, got a useful-enough error without additional revealing response content (which is usually HTML anyway and not useful).
  - Fetched a bad protocol, got an error.
  - Linked to a local resource, a phriction page, a valid remote site, all worked.
  - Linked to private IP space, which worked fine (we want to let you link and redierect to other private services, just not fetch them).
  - Added and executed unit tests.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6755

Differential Revision: https://secure.phabricator.com/D12136
2015-03-23 10:44:03 -07:00
epriestley
b7fa55ff93 Fix improper selection of the chunk engine as a writable engine
Summary:
Fixes T7621. The engine selection code started out making sense, but didn't make as much sense by the time I was done with it.

Specifically, from the vanilla file upload, we may incorrectly try to write directly to the chunk storage engine. This is incorrect, and produces a confusing/bad error.

Make chunk storage engines explicit and don't try to do single-file one-shot writes to them.

Test Plan:
  - Tried to upload a large file with vanilla uploader, got better error message.
  - Uploaded small and large files with drag and drop.
  - Viewed {nav Files > Help/Options}.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7621

Differential Revision: https://secure.phabricator.com/D12110
2015-03-18 19:06:39 -07:00
epriestley
7a93b443c3 Make file upload policies more consistent
Summary:
Ref T7149. Currently, global drag and drop always uses the most open visibility policy on the install. This was appropriate before the application preference was introduced, but default to the application preference now.

In particular, this supports a default value of "Administrators" in the Phacility cluster.

Also simplify/clean up some code.

Test Plan:
  - Set application default policy to "Adminstrators".
  - Uploaded file via drag-and-drop, saw "administrators" policy.
  - Uploaded file via `arc upload`, saw "administrators" policy.
    - Saw better URI for a text file upload after patch.
  - Uploaded file via drag-and-drop-to-textarea, saw "only viewer" policy.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7149

Differential Revision: https://secure.phabricator.com/D12093
2015-03-17 06:33:30 -07:00
epriestley
7482d260b0 Rewrite file documentation to be chunk-aware
Summary:
Ref T7149. We can simplify configuration somewhat by removing the upload limit setting, now that we support arbitrarily large files.

  - Merge configuration documentation.
  - Tell users to set things to at least 32MB. This is 8MB maximum one-shot file + 4x headroom. Chunk sizes are 4MB.

Test Plan:
  - Faked all the setup warnings.
  - Read documentation.
  - Uploaded some files.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7149

Differential Revision: https://secure.phabricator.com/D12083
2015-03-15 11:37:47 -07:00