1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-11 08:06:13 +01:00
Commit graph

179 commits

Author SHA1 Message Date
epriestley
301fed1b43 Revise administrative workflow for user creation
Summary:
- When an administrator creates a user, provide an option to send a welcome
email. Right now this workflow kind of dead-ends.
  - Prevent administrators from changing the "System Agent" flag. If they can
change it, they can grab another user's certificate and then act as them. This
is a vaguely weaker security policy than is exhibited elsewhere in the
application. Instead, make user accounts immutably normal users or system agents
at creation time.
  - Prevent administrators from changing email addresses after account creation.
Same deal as conduit certs. The 'bin/accountadmin' script can still do this if a
user has a real problem.
  - Prevent administrators from resetting passwords. There's no need for this
anymore with welcome emails plus email login and it raises the same issues.

Test Plan:
- Created a new account, selected "send welcome email", got a welcome email,
logged in with the link inside it.
  - Created a new system agent.
  - Reset an account's password.

Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: anjali, aran, epriestley
Differential Revision: 379
2011-05-31 13:06:32 -07:00
Cristian Adamo
c44b076b25 No empty name or e-mail we'll be accepted.
Summary: the user can't let the realname and/or  e-mail address be empty

Test Plan: enter on 'settings/account' and change your name to '' and the same
for the e-mail 'settings/email'

Reviewers: epriestley

CC: epriestley
2011-05-23 00:20:35 -03:00
epriestley
deb80b7652 Provide an activity log for login and administrative actions
Summary: This isn't complete, but I figured I'd ship it for review while it's still smallish.

Provide an activity log for high-level system actions (logins, admin actions). This basically allows two things to happen:

  - The log itself is useful if there are shenanigans.
  - Password login can check it and start CAPTCHA'ing users after a few failed attempts.

I'm going to change how the admin stuff works a little bit too, since right now you can make someone an agent, grab their certificate, revert them back to a normal user, and then act on their behalf over Conduit. This is a little silly, I'm going to move "agent" to the create workflow instead. I'll also add a confirm/email step to the administrative password reset flow.

Test Plan: Took various administrative and non-administrative actions, they appeared in the logs. Filtered the logs in a bunch of different ways.

Reviewers: jungejason, tuomaspelkonen, aran

CC:

Differential Revision: 302
2011-05-20 19:08:26 -07:00
epriestley
f1d43bc3c5 Establish a Conduit connection from PhabricatorIRCBot
Summary:
Allow construction of handlers which use Conduit.

Test Plan:
Made a bot that connects to local and runs conduit.ping.

Reviewed By: mroch
Reviewers: mroch, codeblock, aran, jungejason, tuomaspelkonen
CC: aran, mroch
Differential Revision: 299
2011-05-17 16:16:07 -07:00
epriestley
f72c1acc63 Lockdown tool directory editing to administrators
Summary:
Someone has "defaced" secure.phabricator.com with a helpful suggestion that I
actually do this; fair enough. :P

Test Plan:
Logged in as myself, unable to edit directory information. Logged out, logged in
as admin, was able to edit directory information.

I need to fix some more CSS stuff since some of these tabs render out hideous in
the admin background, but I can followup with that.

Reviewed By: tuomaspelkonen
Reviewers: aran, jungejason, tuomaspelkonen
Commenters: aran
CC: aran, tuomaspelkonen, epriestley
Differential Revision: 296
2011-05-17 13:17:13 -07:00
epriestley
f9f8ef0e6e Admin and disabled flags for users
Summary:
Provide an "isAdmin" flag for users, to designate administrative users.

Restore the account editing interface and allow it to set role flags and reset
passwords.

Provide an "isDisabled" flag for users and shut down all system access for them.

Test Plan:
Created "admin" and "disabled" users. Did administrative things with the admin
user. Tried to do stuff with the disabled user and was rebuffed. Tried to access
administrative interfaces with a normal non-admin user and was denied.

Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: ccheever, aran
Differential Revision: 278
2011-05-12 11:17:50 -07:00
epriestley
361ec78b03 Add missing includes from XHPAST parse bug. 2011-04-06 23:14:58 -07:00
epriestley
29ce4ed83f Paginate the user list view. 2011-04-02 09:58:42 -07:00
jungejason
6aa006b903 Make conduit-uri info easier to be copied into arcrc
Summary:
add the conduit URI and the username together with the arc
certificate to the setting page.

Test Plan:
run arc diff to make sure it still works after copying the
generated test into the .arcrc file.

Reviewed By: epriestley
Reviewers: epriestley
CC: epriestley
Differential Revision: 73
2011-03-15 21:52:48 -07:00
jungejason
4194e78943 Remove phabricator.conduit-uri config setting
Summary:
We have phabricator.conduit-uri in the config setting, but it
is always the phabricator uir appended with '/api'. So we just remove
this setting.

Test Plan:
test arc diff to make sure it still work.

Reviewed By: epriestley
Reviewers: epriestley
CC: jungejason, epriestley
Differential Revision: 71
2011-03-14 12:32:28 -07:00
epriestley
2f3d98b24b Further OAuth modularization. 2011-02-28 10:15:42 -08:00
epriestley
d3efdcff03 Modularize oauth. 2011-02-27 20:38:11 -08:00
epriestley
d0ea1f1c7b Restore profile links to OAuth resources.
Summary:

Test Plan:

Reviewers:

CC:
2011-02-22 11:06:37 -08:00
epriestley
063269a00a Store OAuth tokens and more OAuth account info.
Summary:

Test Plan:

Reviewers:

CC:
2011-02-22 10:27:27 -08:00
epriestley
21286a723e Lint slop and some cleanup.
Summary:

Test Plan:

Reviewers:

CC:
2011-02-22 09:22:57 -08:00
epriestley
b462349ec8 OAuth linking/unlinking controls.
Summary:

Test Plan:

Reviewers:

CC:
2011-02-21 23:25:14 -08:00
epriestley
fdd510ba17 Rough cut of projects.
Summary:

Test Plan:

Reviewers:

CC:
2011-02-20 18:41:23 -08:00
epriestley
c457032645 Slightly more sophisticated profiles.
Summary:

Test Plan:

Reviewers:

CC:
2011-02-19 18:28:41 -08:00
epriestley
f0066ed742 Very very rough cut of profiles.
Summary:

Test Plan:

Reviewers:

CC:
2011-02-19 17:33:53 -08:00
epriestley
490280e6eb Add email to settings. Disable arbitrary user editing.
Summary:

Test Plan:

Reviewers:

CC:
2011-02-19 16:46:14 -08:00
epriestley
03b88d1da3 Don't throw when a user saves account settings without changing their profile
picture.

Summary:
Going to Settings -> Account and hitting "Save" without selecting
a file in the file dialog currently throws.

Test Plan:
Went to Settings -> Account and hit "Save" without making changes.
No exception. Then uploaded a picture normally.

Differential Revision: 30
Reviewed By: tomo
Reviewers: tomo
2011-02-10 16:15:11 -08:00
epriestley
7aa6943890 Choose a more appropriate glyph for People.
Summary:

Test Plan:

Reviewers:

CC:
2011-02-07 20:56:05 -08:00
epriestley
99aee37866 Lint fluff. 2011-02-06 12:58:01 -08:00
epriestley
701d029123 Add some profile upload jonx. 2011-02-05 23:56:06 -08:00
epriestley
78f0b4aff9 Use ".arcrc" for the user settings to avoid confusion with project ".arcconfig". 2011-02-05 22:37:59 -08:00
epriestley
605268f9aa Some acutal conduit authentication. 2011-02-05 22:36:21 -08:00
epriestley
29f7219a49 CSRF / Logout 2011-01-30 18:52:29 -08:00
epriestley
ccf7df6093 Authentication 2011-01-26 15:34:20 -08:00
epriestley
89dae65c35 Basic user/account tool. 2011-01-23 18:09:16 -08:00