1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-24 15:52:41 +01:00
Commit graph

6933 commits

Author SHA1 Message Date
epriestley
751ffe123d Support HTTP Strict Transport Security
Summary:
Ref T4340. The attack this prevents is:

  - An adversary penetrates your network. They acquire one of two capabilities:
    - Your server is either configured to accept both HTTP and HTTPS, and they acquire the capability to observe HTTP traffic.
    - Or your server is configured to accept only HTTPS, and they acquire the capability to control DNS or routing. In this case, they start a proxy server to expose your secure service over HTTP.
  - They send you a link to `http://secure.service.com` (note HTTP, not HTTPS!)
  - You click it since everything looks fine and the domain is correct, not noticing that the "s" is missing.
  - They read your traffic.

This is similar to attacks where `https://good.service.com` is proxied to `https://good.sorvace.com` (i.e., a similar looking domain), but can be more dangerous -- for example, the browser will send (non-SSL-only) cookies and the attacker can write cookies.

This header instructs browsers that they can never access the site over HTTP and must always use HTTPS, defusing this class of attack.

Test Plan:
  - Configured HTTPS locally.
  - Accessed site over HTTP (got application redirect) and HTTPS.
  - Enabled HSTS.
  - Accessed site over HTTPS (to set HSTS).
  - Tore down HTTPS part of the server and tried to load the site over HTTP. Browser refused to load "http://" and automatically tried to load "https://". In another browser which had not received the "HSTS" header, loading over HTTP worked fine.
  - Brought the HTTPS server back up, things worked fine.
  - Turned off the HSTS config setting.
  - Loaded a page (to set HSTS with expires 0, diabling it).
  - Tore down the HTTPS part of the server again.
  - Tried to load HTTP.
  - Now it worked.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4340

Differential Revision: https://secure.phabricator.com/D11820
2015-02-19 10:33:48 -08:00
epriestley
35c55f7ddf Improve visibility of repository credential errors
Summary:
Fixes T7310. We have a whole mechanism for surfacing update errors, but only surface actual update errors, not pull errors.

Instead, surface pull errors too.

Then format them a little more nicely.

Test Plan: {F309769}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7310

Differential Revision: https://secure.phabricator.com/D11821
2015-02-19 10:32:25 -08:00
Chad Little
4c2e36f561 Have DifferentialRevisionListView return ObjectBoxView
Summary: Uses PHUIObjectBoxView to display lists of diffs in Differential and Diffusion, unless embedded on a dashboard.

Test Plan:
Test Dashboard panel, Differential home, Commit, and Diff

{F282173}

{F282174}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11659
2015-02-19 08:11:17 -08:00
Chad Little
e2fcc3c187 Touch up Audit/Commit List UI
Summary: Fixes a few issues. The author of the commit is more prominent / not cut off. Auditors is in a more consistent location. More space is available for reasons. Commits by themselves look much less janky. Only downside is actual Audits are now 3 lines vs. 2, but the extra space is used well.

Test Plan:
Test list of audits and commits.

{F309237}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11817
2015-02-19 07:03:18 -08:00
Chad Little
b1ed68b8fe Set Header on XHProf ObjectBox
Summary: Third times the charm?

Test Plan: pray

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11816
2015-02-18 16:03:02 -08:00
Chad Little
7cd7ee4543 Fix fatal in XHProf
Summary: derp, fixed method call

Test Plan: Looked up PHUIHeaderView, checked method.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11815
2015-02-18 15:54:25 -08:00
Bob Trahan
17e5f7ff31 Legalpad - make "Cancel" button "Log Out" button for required signature documents
Summary: Fixes T7299. Also re-direct the user to the initial request uri if the signature was required.

Test Plan: made a signature required legalpad doc. visit the instance at a specific uri, signed the document, and ended up at that specific uri

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7299

Differential Revision: https://secure.phabricator.com/D11809
2015-02-18 13:19:07 -08:00
epriestley
dd96967306 Only increment status message cursor if we're going to consume the message
Summary:
Fixes the long uptake we saw on `meta.phacility.com`. I regressed this in D11795.

We make three calls to this method, but only one actually consumes the messages. The other two are just checking to see if there are any messages.

Only move the cursor up if we're actually going to process the messages.

Test Plan: Sort of tricky to test convincingly since it's inherently race-prone, but ran `debug pulllocal` and pushed update messages and saw it pick them up.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11808
2015-02-18 12:53:37 -08:00
Joshua Spence
6a8f31a0ec Fix undefined variable
Summary:
I am hitting this error when generating Diviner documentation:

```
COMMAND
'/usr/src/phabricator/bin/diviner' atomize --ugly --book $SOME_BOOK --atomizer 'DivinerPHPAtomizer' -- $SOME_PATHS

STDOUT
(empty)

STDERR
[2015-02-18 23:05:01] EXCEPTION: (RuntimeException) Undefined variable: type at [<phutil>/src/error/PhutilErrorHandler.php:210]
  #0 PhutilErrorHandler::handleError(integer, string, string, integer, array) called at [<phabricator>/src/applications/diviner/atomizer/DivinerPHPAtomizer.php:315]
  #1 DivinerPHPAtomizer::parseReturnType(DivinerAtom, XHPASTNode) called at [<phabricator>/src/applications/diviner/atomizer/DivinerPHPAtomizer.php:116]
  #2 DivinerPHPAtomizer::executeAtomize(string, string) called at [<phabricator>/src/applications/diviner/atomizer/DivinerAtomizer.php:23]
  #3 DivinerAtomizer::atomize(string, string, array) called at [<phabricator>/src/applications/diviner/workflow/DivinerAtomizeWorkflow.php:109]
  #4 DivinerAtomizeWorkflow::execute(PhutilArgumentParser) called at [<phutil>/src/parser/argument/PhutilArgumentParser.php:396]
  #5 PhutilArgumentParser::parseWorkflowsFull(array) called at [<phutil>/src/parser/argument/PhutilArgumentParser.php:292]
  #6 PhutilArgument... (87 more bytes) ... at [<phutil>/src/future/exec/ExecFuture.php:416]
  #0 ExecFuture::resolvex(NULL) called at [<phutil>/src/future/exec/ExecFuture.php:438]
  #1 ExecFuture::resolveJSON() called at [<phabricator>/src/applications/diviner/workflow/DivinerGenerateWorkflow.php:349]
  #2 DivinerGenerateWorkflow::resolveAtomizerFutures(array, array) called at [<phabricator>/src/applications/diviner/workflow/DivinerGenerateWorkflow.php:209]
  #3 DivinerGenerateWorkflow::buildAtomCache() called at [<phabricator>/src/applications/diviner/workflow/DivinerGenerateWorkflow.php:170]
  #4 DivinerGenerateWorkflow::generateBook(string, PhutilArgumentParser) called at [<phabricator>/src/applications/diviner/workflow/DivinerGenerateWorkflow.php:74]
  #5 DivinerGenerateWorkflow::execute(PhutilArgumentParser) called at [<phutil>/src/parser/argument/PhutilArgumentParser.php:396]
  #6 PhutilArgumentParser::parseWorkflowsFull(array) called at [<phutil>/src/parser/argument/PhutilArgumentParser.php:292]
  #7 PhutilArgumentParser::parseWorkflows(array) called at [<phabricator>/scripts/diviner/diviner.php:21]
```

Test Plan: N/A

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11807
2015-02-19 07:23:01 +11:00
Chad Little
11f0c1a47d Modernize XHProf
Summary: Use modern components, pht

Test Plan: I have no data locally, expect @epriestley to commandeer

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11805
2015-02-18 11:51:12 -08:00
Bob Trahan
7f1914540f Phortune - require high security sessions for subscription edits
Summary: Ref T7202.

Test Plan: Visited edit subscription page and it worked. Clicked edit link from subscription view page and got to the right place.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7202

Differential Revision: https://secure.phabricator.com/D11803
2015-02-18 11:37:30 -08:00
Chad Little
f9638edf37 Allow public on list of subscribers
Summary: Fixes T7317, allows public to be set on this list controller.

Test Plan: Tested a list of subscribers on a logged in and logged out Diff.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7317

Differential Revision: https://secure.phabricator.com/D11801
2015-02-18 11:11:12 -08:00
epriestley
02b174c2af Allow a different SSH host to be set in Diffusion
Summary:
Ref T6941. In the cluster (and in other reasonable setups) we've separated SSH load balancers from HTTP load balancers.

In particular, ELBs will not let you load balance port 22, so this is likely a reasonable/common issue in larger clusters in AWS.

Allow users to specify an alternate host for SSH traffic.

Test Plan: Set host to someting different, saw it reflected in UI.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6941

Differential Revision: https://secure.phabricator.com/D11800
2015-02-18 10:51:14 -08:00
Chad Little
0b2697bb92 Add ability to query dashboard panels by paneltype
Summary: Pretty basic, but you can now search panels by type (query, text, tab).

Test Plan: Searched for a few different types of panels, results look correct

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11782
2015-02-18 10:50:37 -08:00
epriestley
894025778c Force Aphlict server connections to HTTP
Summary: This port is always HTTP, so use HTTP even if users have set the URI to "https".

Test Plan: Launched server and hit status page, status good.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11799
2015-02-18 07:07:26 -08:00
epriestley
3469265e17 Improve config option documentation for Imagemagick
Summary: Fixes T7306. Fixes a typo and improves the text.

Test Plan: reading

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7306

Differential Revision: https://secure.phabricator.com/D11797
2015-02-17 15:31:20 -08:00
epriestley
6a3824a61d Fix an issue where PullLocal daemon could spin in an error loop
Summary: Fixes T7106. If you have bad credentials AND you've pushed an "update this repository" message into the queue, the loop above this level ends up resetting the timer every time we go through it, so the daemon spins in a loop failing forever.

Test Plan:
  - Created a repo with bad credentials.
  - Clicekd "updated now" to queue an update message.
  - Saw daemon run in a loop.
  - Applied patch, no loop.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7106

Differential Revision: https://secure.phabricator.com/D11795
2015-02-17 15:23:24 -08:00
Bob Trahan
52f724e6cf Project - don't create the empty tag on create anymore
Summary: Fixes T7284. We were initialized the project name to the empty string, which was making things work like a rename, including automagically adding the old slug.

Test Plan: made a project and no more "empty" tag being made. also don't have that bad transaction story anymore.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7284

Differential Revision: https://secure.phabricator.com/D11794
2015-02-17 15:03:57 -08:00
epriestley
b6031a721f Fix a minor issue with killing daemons
Summary: Even if you --force, we can't kill PID 0. This sends the process itself the signal, and terminates it.

Test Plan: See D11786.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11787
2015-02-17 14:20:57 -08:00
Bob Trahan
17ced84ace OAuth - make sure users know they are exposing their primary email address
Summary: Fixes T7263. Last bit there was to upgrade this dialogue to let users know they are letting their primary email address be exposed in these flows. Depends on D11791, D11792, at least in terms of being accurate to the user as the code ended up strangely decoupled.

Test Plan: wordsmithin'

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7263

Differential Revision: https://secure.phabricator.com/D11793
2015-02-17 14:19:33 -08:00
Bob Trahan
d6bbbcb620 Conduit - return primary email if its verified in user methods
Summary: Ref T7263. We need this in the oauth case and otherwise it makes sense to include.

Test Plan: used the conduit console and saw my email address included in the results!

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7263

Differential Revision: https://secure.phabricator.com/D11791
2015-02-17 14:13:49 -08:00
Bob Trahan
81d2f2686c Diffusion - clean up catching ConduitException
Summary: Ref T7123. Turns out that we might throw ConduitClientException now in proxied scenarios. For all but one callsite remove the try / catch bit and don't issue the call for SVN. For the remaining callsite, also don't issue the call for SVN but keep in the exception logic since its renders a pretty error message in the non-proxied case?

Test Plan: played around with diffusion and things looked okay.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7123

Differential Revision: https://secure.phabricator.com/D11789
2015-02-17 14:01:17 -08:00
Bob Trahan
3fcc3fdedf Diffusion - be sure to properly unserialize result from conduit query
Summary: Fixes T7256.

Test Plan: Looked at rXPRF0a7a5f69f5d7 in a local instance. things looked great both pre and post patch.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7256

Differential Revision: https://secure.phabricator.com/D11790
2015-02-17 13:54:59 -08:00
Bob Trahan
733a9c40ee Legalpad - add "no one" signature type
Summary: Fixes T7294. This lets legalpad store other documents that don't need signatures but conceptually belong in legalpad.

Test Plan: made a document with signature type "no one" and it saved. viewed the document and noted no signing UI was present.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7294

Differential Revision: https://secure.phabricator.com/D11788
2015-02-17 11:45:20 -08:00
epriestley
e946e7cebc Add a "--gently" flag to phd stop and phd restart
Summary:
In the cluster, the box has a ton of stuff that "looks like a daemon" beacuse it is some other instance's daemon.

Stop `phd restart` from complaining about this if given a "--gently" flag, which is like the opposite of "--force".

(I'll make it `stop --force` at the beginning of a whole-box restart to kill stragglers.)

Test Plan: Ran `bin/phd restart --gently`, etc.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11784
2015-02-17 11:14:34 -08:00
epriestley
267ff7fbc9 Add a policy restricting mailing list management
Summary:
Fixes T7291. There are a class of spam/annoyance attacks here that we should be more strict about preventing, since you can add an individual's address as a mailing list.

This application is likely on the way out so I didn't bother trying to do per-object policies.

Test Plan: Set policy restrictively and could no longer create or edit mailing lists.

Reviewers: joshuaspence, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7291

Differential Revision: https://secure.phabricator.com/D11783
2015-02-17 11:14:26 -08:00
Bob Trahan
82f47f9689 Legalpad - fix requires signature transaction from always being saved
Summary: Fixes T7295. Humbling debugging experience but I got it.

Test Plan: saved a legalpad doc without edits over and over and saw no "requires signature" transaction. toggled "requires signature", saved, and saw the transaction.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7295

Differential Revision: https://secure.phabricator.com/D11785
2015-02-17 11:07:14 -08:00
Bob Trahan
e100961453 workboards - make errors from filtering show up
Summary: Fixes T7252. The UI is slightly different than in Maniphest - in Maniphest the error shows up at the bottom and here it shows up the top - but I think the UI here makes sense as you see the error right away on the newly returned dialogue?

Test Plan: set "created after" to "assdaasds" and got an error back. set filter to something that should work and it worked

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7252

Differential Revision: https://secure.phabricator.com/D11760
2015-02-17 11:06:21 -08:00
epriestley
ebcab8edb6 Namespace Aphlict clients by request path, plus other fixes
Summary:
Fixes T7130. Fixes T7041. Fixes T7012.

Major change here is partitioning clients. In the Phacility cluster, being able to get a huge pile of instances on a single server -- without needing to run a process per instance -- is desirable.

To accomplish this, just bucket clients by the path they connect with. This will let us set client URIs to `/instancename/` and then route connections to a small set of servers. This degrades cleanly in the common case and has no effect on installs which don't do instancing.

Also fix two unrelated issues:

  - Fix the timeouts, which were incorrectly initializing in `open()` (which is called during reconnect, causing them to reset every time). Instead, initialize in the constructor. Cap timeout at 5 minutes.
  - Probably fix subscriptions, which were using a property with an object definition. Since this is by-ref, all concrete instances of the object share the same property, so all users would be subscribed to everything. Probably.

Test Plan:
  - Hit notification status page, saw version bump and instance/path name.
  - Saw instance/path name in client and server logs.
  - Stopped server, saw reconnects after 2, 4, 16, ... seconds.
  - Sent test notification; received test notification.
  - Didn't explicitly test the subscription thing but it should be obvious by looking at `/notification/status/` shortly after a push.

Reviewers: joshuaspence, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7041, T7012, T7130

Differential Revision: https://secure.phabricator.com/D11769
2015-02-16 11:31:15 -08:00
epriestley
9a9c4afe59 Improve error messaging for empty Conpherence threads
Summary: Fixes T7275. This makes the error stuff a little more consistent with other modern UIs.

Test Plan: {F307286}

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7275

Differential Revision: https://secure.phabricator.com/D11778
2015-02-16 11:31:00 -08:00
epriestley
3a8cd60bab When cluster.instance is defined, use it to namespace S3 objects
Summary: Ref T7163. This isn't //technically// necessary but seems generally desirable.

Test Plan: Will deploy S3 in production.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7163

Differential Revision: https://secure.phabricator.com/D11770
2015-02-16 11:30:37 -08:00
epriestley
5a9d70707b Fix bad Phortune Subscriptions query
Summary:
Fixes T7285. If the user tries to view a subscription they don't have permission to view, we may filter all the subscriptions out, then still try to load related data. This can fatal because it's invalid.

Instead, bail if we filtered everything.

Test Plan: Subscritption detail page of another user's subscription is now 404 instead of fatal.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T7285

Differential Revision: https://secure.phabricator.com/D11780
2015-02-16 11:17:51 -08:00
epriestley
f206da2dbf Increase height of message box on invite workflow
Summary:
At least one user wanted to type more text here, and it seems reasonable that administrators may want to write a couple of paragraphs.

I didn't make this short for any particular reason, I just wasn't sure what the workflow would look like as I was building it.

Test Plan: Loaded page, saw normal height text area.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11779
2015-02-16 11:09:07 -08:00
Chad Little
f74d686215 Add crumb border to maniphest reposrts
Summary: Adds a border

Test Plan: See border in Reports

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11774
2015-02-15 18:13:24 -08:00
epriestley
05377ef48c Expand Subscription handles slightly
Summary: Ref T7150. Show some basic information instead of nothing.

Test Plan: Used these in Instances.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T7150

Differential Revision: https://secure.phabricator.com/D11767
2015-02-14 13:40:01 -08:00
epriestley
6d5aec8618 Allow logged-out users to accept invites on nonpublic installs
Summary:
If your install isn't public, users can't see the Auth or People applications while logged out, so we can't load their invites.

Allow this query to go through no matter who the viewing user is.

Test Plan: Invite flow on `admin.phacility.com` now works better.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11765
2015-02-13 11:00:41 -08:00
epriestley
532c440e84 Show a better account name in Phortune account handles
Summary: Accounts have proper names now.

Test Plan: Saw a better name on Instances view.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11766
2015-02-13 11:00:29 -08:00
epriestley
e5b402d13f Lock all reply-handler options in the upstream, plus cookie prefix
Summary:
Ref T7185. These settings shouldn't be unlocked anywhere. Specifically:

  - `reply-handler`: These are on the way out.
  - `reply-handler-domain`: Also hopefully on the way out; locked because a compromised administrator account can redirect replies.
  - `phabricator.cookie-prefix`: Not dangerous per se, but an admin could have a hard time fixing this if they changed it by accident since their session would become invalid immediately.

Test Plan: Browsed Config.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7185

Differential Revision: https://secure.phabricator.com/D11764
2015-02-13 11:00:09 -08:00
epriestley
ebebeb8f7c Upgrade "masked" config to "hidden"
Summary:
Ref T7185. We currently have "locked", "masked", and "hidden" config.

However, "masked" does not really do anything. It was intended to mask values in DarkConsole, but Config got built out instead and "hidden" is strictly better in modern usage and protects against compromised administrator accounts. "hidden" implies "locked", so it's now strictly more powerful than just locked.

Remove "masked" and upgrade all "masked" config to "hidden". In particular, this hides some API keys and secret keys much more aggressively in Config, which is desirable.

Test Plan: Browsed things like S3 API keys in config and could no longer see them.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7185

Differential Revision: https://secure.phabricator.com/D11763
2015-02-13 10:59:50 -08:00
epriestley
f74fa49636 Clean up a text string
Summary: Pretty sure this was me derping, not trying to make a joke.

Test Plan: New text makes sense.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11762
2015-02-13 07:03:09 -08:00
Bob Trahan
d39da529ca Legalpad - allow for legalpad documents to be required to be signed for using Phabricator
Summary: Fixes T7159.

Test Plan:
Created a legalpad document that needed a signature and I was required to sign it no matter what page I hit. Signed it and things worked! Added a new legalpad document and I had to sign again!

Ran unit tests and they passed!

Logged out as a user who was roadblocked into signing a bunch of stuff and it worked!

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7159

Differential Revision: https://secure.phabricator.com/D11759
2015-02-12 15:22:56 -08:00
Bob Trahan
d598edc5f3 MetaMTA - update documentation and make config a tad easier
Summary: Fixes T7088. Mainly this updates the documentation but I also snuck in tweaking how the domain reply handler is built. This does two main things -- makes the behavior consistent as some applications who didn't override this behavior would send out emails with reply tos AND makes it easier for us to deprecate the custom domain thing on a per application basis, which is just silly. On that note, the main documentation doesn't get into how this can be overridden, though I left in that mini blurb on the config setting itself. We could deprecate this harder and LOCK things if you want as well.

Test Plan: read docs, looked good. reasoned through re-factor

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7088

Differential Revision: https://secure.phabricator.com/D11725
2015-02-12 11:05:39 -08:00
epriestley
30b201bade Allow Home and Dashboards to be uninstalled
Summary:
Ref T7143. This is the simplest fix for adding a new route for Home, at the cost of possibly letting users break instances. However:

  - It's kind of hard to get to the option to uninstall Home anyway.
  - It's hard to imagine anyone will really uninstall Home by accident, right? Right?
  - Put a really scary warning on the action just in case.

Dashboards was only required because Home was required, I think, so just drop that too.

Test Plan: Uninstalled home.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: chad, epriestley

Maniphest Tasks: T7143

Differential Revision: https://secure.phabricator.com/D11753
2015-02-11 15:24:54 -08:00
epriestley
36494d4e2e Add a "did verify email" event to Phabricator
Summary: Ref T7152. Gives us an event hook so we can go make users a member of any instance they've been invited to as soon as they verify an email address.

Test Plan:
  - Used `bin/auth verify` to trigger the event.
  - Build out the invite flow in rSERVICES.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7152

Differential Revision: https://secure.phabricator.com/D11752
2015-02-11 14:39:06 -08:00
Bob Trahan
6b77dd8e37 Dashboards - fix optionality of SearchEngines
Summary: Ref T7234. I didn't know about this spot in D11750.

Test Plan: ..the next diff really makes this work for the T7234 scenario.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7234

Differential Revision: https://secure.phabricator.com/D11751
2015-02-11 14:08:05 -08:00
Bob Trahan
e23351ea36 Dashboards - introduce ability to optionally allow SearchEngines to be used as dashboard panels
Summary:
Ref T7234. Turns out some search engines are context specific such that they can't be bubbled up to a dashboard panel generically. The example in question is an Instance Members search, where the instance must be specified and is done so in normal codepaths but the dashboard panel stuff has no way of doing that. Ergo, just turn off these sorts of panels.

Note this code just makes it so we can turn off these sorts of panels but does not do any of that.

Test Plan:
made sure all the queries still showed up

otherwise, next diff

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7234

Differential Revision: https://secure.phabricator.com/D11750
2015-02-11 13:43:59 -08:00
epriestley
d4680a7e4e Update Phabricator to work with more modular translations
Summary:
Ref T7152. Ref T1139. This updates Phabricator so third-party libraries can translate their own stuff. Also:

  - Hide "All Caps" when not in development mode, since some users have found this a little confusing.
  - With other changes, adds a "Raw Strings" mode (development mode only).
  - Add an example silly translation to make sure the serious business flag works.
  - Add a basic British English translation.
  - Simplify handling of translation overrides.

Test Plan:
  - Flipped serious business / development on and off and saw silly/development translations drop off.
  - Switched to "All Caps" and saw all caps.
  - Switched to Very English, Wow!
  - Switched to British english and saw "colour".

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7152, T1139

Differential Revision: https://secure.phabricator.com/D11747
2015-02-11 13:02:35 -08:00
epriestley
187836b8a9 Show open setup issue keys in "title" attribute of setup issues warning
Summary:
Ref T7184. I managed to write a phantom setup issue which fails normally and succeeds when looked at carefully, so clicking "you have open issues..." always cleared them. This made it very difficult to figure out what the problem was.

Show issue keys in the "title" attribute to make this sort of thing easier to deal with.

Test Plan: Moused over "You have issues..." text, saw issue key, quickly fixed issue with new information.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7184

Differential Revision: https://secure.phabricator.com/D11743
2015-02-11 13:00:59 -08:00
Joshua Spence
2a2b47326c Fix text lint issues
Summary: Ref T5105. This is a proof-of-concept for D11458.

Test Plan: `arc lint --everything`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Maniphest Tasks: T5105

Differential Revision: https://secure.phabricator.com/D11642
2015-02-12 07:00:13 +11:00
Joshua Spence
5a20daedc7 Allow diviner books to be permanently destroyed
Summary: Fixes T7182.

Test Plan: Deleted a book with `./bin/remove destroy`

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7182

Differential Revision: https://secure.phabricator.com/D11742
2015-02-12 06:56:22 +11:00