1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-25 00:02:41 +01:00
Commit graph

256 commits

Author SHA1 Message Date
epriestley
81a9726fa1 Make the new "Unverified Email" behavior more clear to other users
Summary:
Ref T12268. Ref T12157. When you mention or interact with a user who is unlikely to be able to respond (for example, because their account is disabled), we try to show a colored dot to provide a hint about this.

Recently, we no longer send any normal mail to unverified addresses. However, the rules for showing a dot haven't been updated yet, so they only care about this if `auth.require-verification` is set. This can be misleading, because if you say `Hey @alice, what do you think about this?` and she hasn't verified her email, you may not get a response.

Update the rule so users with unverified email addresses get a grey dot in all cases. The hint is basically "you shouldn't expect a response from this user".

Make the meaning of this hint more clear on the hovercard and profile.

Also:

  - Allow the non-ajax version of the hovercard page (which is basically only useful for testing hovercards) accept `?names=...` so you can just plug usernames, hashtags, etc., in there.
  - Fix a bug where the user's join date was based on their profile creation date instead of account creation date on the hovercard. Users may not have a profile creation date (if they never changed any account details), and it may be different from their account creation date.

Test Plan: {F2998517}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T12268, T12157

Differential Revision: https://secure.phabricator.com/D17374
2017-02-17 10:28:44 -08:00
epriestley
5f26dd9b66 Use futures to improve clustered repository main page performance
Summary:
Ref T11954. In cluster configurations, we get repository information by making HTTP calls over Conduit.

These are slower than local calls, so clustering imposes a performance penalty. However, we can use futures and parallelize them so that clustering actually improves overall performance.

When not running in clustered mode, this just makes us run stuff inline.

Test Plan:
  - Browsed Git, Mercurial and Subversion repositories.
  - Locally, saw a 700ms wall time page drop to 200ms.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11954

Differential Revision: https://secure.phabricator.com/D17009
2016-12-08 07:26:32 -08:00
epriestley
f45a13cff4 Improve settings caches on fast paths like Conduit
Summary:
Ref T11954. This reduces how much work we need to do to load settings, particularly for Conduit (which currently can not benefit directly from the user cache, because it loads the user indirectly via a token).

Specifically:

  - Cache builtin defaults in the runtime cache. This means Phabricator may need to be restarted if you change a global setting default, but this is exceptionally rare.
  - Cache global defaults in the mutable cache. This means we do less work to load them.
  - Avoid loading settings classes if we don't have to.
  - If we missed the user cache for settings, try to read it from the cache table before we actually go regenerate it (we miss on Conduit pathways).

Test Plan: Used `ab -n100 ...` to observe a ~6-10ms performance improvement for `user.whoami`.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11954

Differential Revision: https://secure.phabricator.com/D16998
2016-12-06 09:12:10 -08:00
epriestley
6058d3305f Normalize remote IP addresses when writing to logs, etc
Summary:
Ref T11939. IPv4 addresses can normally only be written in one way, but IPv6 addresses have several formats.

For example, the addresses "FFF::", "FfF::", "fff::", "0ffF::", "0fFf:0::", and "0FfF:0:0:0:0:0:0:0" are all the same address.

Normalize all addresses before writing them to logs, etc, so we store the most-preferred form ("fff::", above).

Test Plan:
Ran an SSH clone over IPv6:

```
$ git fetch ssh://local@::1/diffusion/26/locktopia.git
```

It worked; verified that address read out of `SSH_CLIENT` sensibly.

Faked my remote address as a non-preferred-form IPv6 address using `preamble.php`.

Failed to login, verified that the preferred-form version of the address appeared in the user activity log.

Made IPv6 requests over HTTP:

```
$ curl -H "Host: local.phacility.com" "http://[::1]/"
```

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11939

Differential Revision: https://secure.phabricator.com/D16987
2016-12-05 11:20:29 -08:00
epriestley
a1025ca52e Make logged-out users use global settings, not default settings
Summary: Fixes T11917. Give logged-out / omnipotent users the global settings, not the default settings.

Test Plan: Changed applications and language, logged out, saw changes as a public user.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11917

Differential Revision: https://secure.phabricator.com/D16936
2016-11-23 14:26:00 -08:00
epriestley
9803674525 Extract variable type information from pht() calls
Summary:
Ref T5267. When extrating data from `pht()` calls, also extract the argument types and export them into the map so they can be used by consumers.

We recognize plurals (`phutil_count()`, `new PhutilNumber`) and genders (`phutil_person()`). We'll need to annotate the codebase for those, since they're currently runtime-only.

Test Plan:
Rebuilt extraction maps, got data like this (note "number" type annotation).

```
  "Scaling pool \"%s\" up to %s daemon(s).": {
    "uses": [
      {
        "file": "/daemon/PhutilDaemonOverseer.php",
        "line": 378
      }
    ],
    "types": [
      null,
      "number"
    ]
  },
```

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T5267

Differential Revision: https://secure.phabricator.com/D16823
2016-11-08 08:33:15 -08:00
epriestley
e337029769 Allow users to mark themselves as "Available", "Busy" or "Away" while attending an event
Summary:
Ref T11816.

  - Now that we can do something meaningful with them, bring back the yellow dots for "busy".
  - Default to "busy" when attending events (we could make this "busy" for short events and "away" for long events or something).
  - Let users pick how to display their attending status on the event page.
  - Also show which event the user is attending since I had to mess with the cache code anyway. We can get rid of this again if it doesn't feel good.

Test Plan:
{F1904179}

{F1904180}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11816

Differential Revision: https://secure.phabricator.com/D16802
2016-11-04 16:55:44 -07:00
epriestley
c9510cc118 Make it more clear that red dots next to usernames mean Calendar availability
Summary:
Ref T11809. We show a red dot next to a username to indicate that the user is away (on vacation, in a meeting, etc).

It's not very obvious what this means unless you know that's what it is: when you click the username or view a hovercard, there's no visual hint about what the red dot means. It does say "Away", but there is a lot of information and it doesn't visually connect the two.

Connect the two visually by putting a red dot next to the "Away" bit, too.

Test Plan:
Here's my version of it, this feels OK to me but could maybe be more designed:

{F1893916}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11809

Differential Revision: https://secure.phabricator.com/D16791
2016-11-02 13:45:43 -07:00
Josh Cox
a88dc2afc2 Added a setup check for empty REMOTE_ADDR
Summary: Fixes T8850. Previously, if a user's preamble script mangled `$_SERVER['REMOTE_ADDR']` or somehow set it to `null`, the user would get errors when performing certain actions. Now those errors shouldn't occur, and instead the user will be warned that there is a setup issue related to their preamble script.

Test Plan: Create a preamble script that contains `$_SERVER['REMOTE_ADDR'] = null;` then navigate to /config/issue/. There should be a warning there about `REMOTE_ADDR` not being available.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, yelirekim, epriestley

Maniphest Tasks: T8850

Differential Revision: https://secure.phabricator.com/D16450
2016-08-25 13:04:12 -04:00
epriestley
26c6f64fd4 In email, render dates with an explicit timezone offset
Summary:
Fixes T10633. When generating email about a transaction which adjusts a date, render the offset explicitly (like "UTC-7").

This makes it more clear in cases like this:

  - mail is being sent to multiple users, and not necessarily using the viewer's settings;
  - you get some mail while travelling and aren't sure which timezone setting it generated under.

Test Plan: Rendered in text mode, saw UTC offset.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10633

Differential Revision: https://secure.phabricator.com/D16287
2016-07-13 08:32:37 -07:00
epriestley
60c55387ab Don't show client-side setup prompts until user accounts activate
Summary: Fixes T11198. These are confusing or premature if you aren't an activated user: disabled or unapproved accounts won't be able to act on them.

Test Plan: Changed timezone, went through flow to correct it

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11198

Differential Revision: https://secure.phabricator.com/D16167
2016-06-22 11:54:15 -07:00
epriestley
c4de87a07a Improve some settings-related performance
Summary:
Ref T4103. Two small improvements:

  - Don't work as hard to validate translations. We just need to know if a translation exists, we don't need to count how many strings it has and build the entire menu.
  - Allow `getUserSetting()` to work on any setting without doing all the application/visibility checks. It's OK for code to look at, say, your "Conpherence Notifications" setting even if that application is not installed for you.

Test Plan: Used XHProf and saw 404 page drop from ~60ms to ~40ms locally.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16046
2016-06-05 10:32:23 -07:00
epriestley
5ba7938d54 Simplify user cache management of data forms
Summary: Ref T4103. Ref T10078. We currently have separate "usable" and "raw" values, but can simplify this by making `newValueForUsers()` return the raw value.

Test Plan: Ran unit tests; browsed around; dropped caches and browsed around.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103, T10078

Differential Revision: https://secure.phabricator.com/D16043
2016-06-05 08:53:27 -07:00
epriestley
c1331bcb7b Cache user notification and message counts
Summary:
Ref T4103. Ref T10078. This puts a user cache in front of notification and message counts.

This reduces the number of queries issued on every page by 4 (2x building the menu, 2x building Quicksand data).

Also fixes some minor issues:

  - Daemons could choke on sending mail in the user's translation.
  - No-op object updates could fail in the daemons.
  - Questionable data access pattern in the file query coming out of the profile file cache.

Test Plan:
  - Sent myself notifications. Saw count go up.
  - Cleared them by visiting objects and clearing all notifications. Saw count go down.
  - Sent myself messages. Saw count go up.
  - Cleared them by visiting threads. Saw count go down.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103, T10078

Differential Revision: https://secure.phabricator.com/D16041
2016-06-05 08:52:43 -07:00
epriestley
6f1053c206 Convert user profile images into a standard cache
Summary:
Ref T4103. Ref T10078. This moves profile image caches to new usercache infrastructure.

These dirty automatically based on configuration and User properties, so add some stuff to make that happen.

This reduces the number of queries issued on every page by 1.

Test Plan: Browsed around, changed profile image, viewed as self, viewed as another user, verified no more query to pull this information on every page

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103, T10078

Differential Revision: https://secure.phabricator.com/D16040
2016-06-05 08:52:15 -07:00
epriestley
2b344b2bb5 Make caches misses throw by default intead of inline-generating
Summary:
Ref T4103. Ref T10078. Currently, when a user misses a cache we just build it for them.

This is the behavior we want for the the viewer (so we don't have to build every cache up front if we don't actually need them), but not the right behavior for other users (since it allows performance problems to go undetected).

Make inline cache generation strict by default, then make sure all the things that rely on cache data request the correct data (well, all of the things identified by unit tests, at least: there might be some more stuff I haven't hit yet).

This fixes test failures in D16040, and backports a piece of that change.

Test Plan: Identified and then fixed failures with `arc unit --everything`.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103, T10078

Differential Revision: https://secure.phabricator.com/D16042
2016-06-05 08:51:54 -07:00
epriestley
7170b062e6 Remove PhabricatorUser->loadPreferences()
Summary: Ref T4103. This method has no more callers.

Test Plan: `grep`

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16039
2016-06-05 08:50:48 -07:00
epriestley
d326b239ae Resolve timezone conflicts in a modern transactional way
Summary: Ref T4103. Also get rid of the weird cache clear that nothing else uses and which we don't actually need.

Test Plan:
  - Resolved timezone conflict by ignoring it.
  - Resolved timezone conflict by picking a valid timezone.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16037
2016-06-05 08:49:43 -07:00
epriestley
109917a94b Turn DarkConsole settings into real settings
Summary:
Ref T4103. These settings long-predate proper settings and are based on hard-coded user properties. Turn them into real settings.

(I didn't try to migrate the value since they're trivial to restore and only useful to developers.)

Test Plan:
  - Toggled console on/off.
  - Swapped tabs.
  - Reloaded page, everything stayed sticky.

Reviewers: chad

Reviewed By: chad

Subscribers: eadler

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16029
2016-06-04 14:43:43 -07:00
epriestley
44e88f186c Modernize "favorite project policies" setting
Summary:
Ref T4103. Convert this into a proper internal setting and use transactions to mutate it.

Also remove some no-longer-used old non-modular settings constants.

Test Plan:
  - Used policy dropdown, saw recently-used projects.
  - Selected some new projects, saw them appear.
  - Grepped for all removed constants.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16027
2016-06-04 14:42:11 -07:00
epriestley
1e17fd31a4 Modernize Conpherence access to user preferences
Summary:
Ref T4103. Conpherence is doing some weird stuff and has its own redudnant settings object.

  - Get rid of `ConpherenceSettings`.
  - Use `getUserSetting()` instead of `loadPreferences()`.
  - When applying transactions, add a new mechanism to efficiently prefill caches (this will still work anyway, but it's slower if we don't bulk-fetch).

Test Plan:
  - Changed global Conpherence setting.
  - Created a new Conpherence, saw setting set to global default.
  - Changed local room setting.
  - Submitted messages.
  - Saw cache prefill for all particpiants in database.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16025
2016-06-04 14:41:25 -07:00
epriestley
d5f924b3fa Fix reading ad-hoc settings with no formal Settings object
Summary:
Ref T4103. Some settings (like the collapsed/expanded state of the diff filetree) are currently ad-hoc. They weren't being read correctly.

Also, simplify the caching code a little bit.

Test Plan: Toggled filetree, reloaded page, got sticky behavior.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16021
2016-06-04 14:39:34 -07:00
epriestley
67482fd19d Continue modernizing application access to user preferences
Summary:
Ref T4103. This is just incremental cleanup:

  - Add "internal" settings, which aren't editable via the UI. They can still do validation and run through the normal pathway. Move a couple settings to use this.
  - Remove `getPreference()` on `PhabricatorUser`, which was a sort of prototype version of `getUserSetting()`.
  - Make `getUserSetting()` validate setting values before returning them, to improve robustness if we change allowable values later.
  - Add a user setting cache, since reading user settings was getting fairly expensive on Calendar.
  - Improve performance of setting validation for timezone setting (don't require building/computing all timezone offsets).
  - Since we have the cache anyway, make the timezone override a little more general in its approach.
  - Move editor stuff to use `getUserSetting()`.

Test Plan:
  - Changed search scopes.
  - Reconciled local and server timezone settings by ignoring and changing timezones.
  - Changed date/time settings, browsed Calendar, queried date ranges.
  - Verified editor links generate properly in Diffusion.
  - Browsed around with time/date settings looking at timestamps.
  - Grepped for `getPreference()`, nuked all the ones coming off `$user` or `$viewer` that I could find.
  - Changed accessiblity to high-contrast colors.
  - Ran all unit tests.
  - Grepped for removed constants.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16015
2016-06-04 14:37:56 -07:00
epriestley
ebd8f3c987 Make translation, timezone and pronoun into real settings
Summary:
Ref T4103. These are currently stored on the user, for historic/performance reasons.

Since I want administrators to be able to set defaults for translations and timezones at a minimum and there's no longer a meaningful performance penalty for moving them off the user record, turn them into real preferences and then nuke the columns.

Test Plan:
  - Set settings to unusual values.
  - Ran migrations.
  - Verified my unusual settings survived.
  - Created a new user.
  - Edited all settings with old and new UIs.
  - Reconciled client/server timezone disagreement.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16005
2016-06-02 06:29:47 -07:00
epriestley
edfc6a6934 Convert some loadPreferences() to getUserSetting()
Summary:
Ref T4103. This doesn't get everything, but takes care of most of the easy stuff.

The tricky-ish bit here is that I need to move timezones, pronouns and translations to proper settings. I expect to pursue that next.

Test Plan:
- Grepped for `loadPreferences` to identify callsites.
- Changed start-of-week setting, loaded Calendar, saw correct start.
- Visited welcome page, read "Adjust Settings" point.
- Loaded Conpherence -- I changed behavior here slightly (switching threads drops the title glyph) but it wasn't consistent to start with and this seems like a good thing to push to the next version of Conpherence.
- Enabled Filetree, toggled in Differential.
- Disabled Filetree, no longer visible in Differential.
- Changed "Unified Diffs" preference to "Small Screens" vs "Always".
- Toggled filetree in Diffusion.
- Edited a task, saw sensible projects in policy dropdown.
- Viewed user profile, uncollapsed/collapsed side nav, reloaded page, sticky'd.
- Toggled "monospaced textareas", used a comment box, got appropriate fonts.
- Toggled durable column.
- Disabled title glyphs.
- Changed monospaced font to 18px/36px impact.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16004
2016-06-02 06:29:20 -07:00
epriestley
9180f429eb Provide a general-purpose, modular user cache for settings and other similar data
Summary:
Ref T4103. Currently, we issue a `SELECT * FROM user_preferences ... WHERE userPHID = ...` on every page to load the viewer's settings.

There are several other questionable data accesses on every page too, most of which could benefit from improved caching strategies (see T4103#178122).

This query will soon get more expensive, since it may need to load several objects (e.g., the user's settings and their "role profile" settings). Although we could put that data on the User and do both in one query, it's nicer to put it on the Preferences object ("This inherits from profile X") which means we need to do several queries.

Rather than paying a greater price, we can cheat this stuff into the existing query where we load the user's session by providing a user cache table and doing some JOIN magic. This lets us issue one query and try to get cache hits on a bunch of caches cheaply (well, we'll be in trouble at the MySQL JOIN limit of 61 tables, but have some headroom).

For now, just get it working:

  - Add the table.
  - Try to get user settings "for free" when we load the session.
  - If we miss, fill user settings into the cache on-demand.
  - We only use this in one place (DarkConsole) for now. I'll use it more widely in the next diff.

Test Plan:
  - Loaded page as logged-in user.
  - Loaded page as logged-out user.
  - Examined session query to see cache joins.
  - Changed settings, saw database cache fill.
  - Toggled DarkConsole on and off.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16001
2016-06-02 06:28:56 -07:00
epriestley
5e6716399c Make Settings modular and allow them to be EditEngine'd
Summary: Ref T4103. This starts breaking out settings in a modern way to prepare for global defaults.

Test Plan:
  - Edited diff settings.
  - Saw them take effect in primary settings pane.
  - Set stuff to new automatic defaults.
  - Tried to edit another user's settings.
  - Edited a bot's settings as an administrator.

{F1669077}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D15995
2016-05-31 15:32:02 -07:00
epriestley
b256f2d7b2 Prepare UserPreferences for transactions
Summary:
Ref T4103. This give preferences a PHID, policy/transaction interfaces, a transaction table, and a Query class.

This doesn't actually change how they're edited, yet.

Test Plan:
- Ran migrations.
- Inspected database for date created, date modified, PHIDs.
- Changed some of my preferences.
- Deleted a user's preferences, verified they reset properly.
- Set some preferences as a new user, got a new row.
- Destroyed a user, verified their preferences were destroyed.
- Sent Conpherence messages.
- Send mail.
- Tried to edit another user's settings.
- Tried to edit a bot's settings as a non-admin.
- Edited a bot's settings as an admin (technically, none of the editable settings are actually stored in the settings table, currently).

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D15991
2016-05-31 12:28:44 -07:00
epriestley
92ea4fb098 Stop two special cache writes in read-only mode
Summary:
Ref T10769. The user availability cache write shouldn't happen in read-only mode, nor should the Differential parse cache write.

(We might want to turn off the availbility feature completely since it's potentially expensive if we can't cache it, but I think we're OK for now.)

Test Plan:
In read-only mode:

  - Browsed as a user with an out-of-date availability cache.
  - Loaded an older revision without cached parse data.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10769

Differential Revision: https://secure.phabricator.com/D15988
2016-05-30 10:12:09 -07:00
epriestley
5d30ea56cf Add a modern user.search Conduit API method
Summary: Ref T10512. This is fairly bare-bones but appears to work.

Test Plan: Queried all users, queried some stuff by constraints.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10512

Differential Revision: https://secure.phabricator.com/D15959
2016-05-22 05:54:31 -07:00
epriestley
a91004ef1b Detect timezone discrepancies and prompt users to reconcile them
Summary: Ref T3025. This adds a check for different client/server timezone offsets and gives users an option to fix them or ignore them.

Test Plan:
  - Fiddled with timezone in Settings and System Preferences.
  - Got appropriate prompts and behavior after simulating various trips to and from exotic locales.

In particular, this slightly tricky case seems to work correctly:

  - Travel to NY.
  - Ignore discrepancy (you're only there for a couple hours for an important meeting, and returning to SF on a later flight).
  - Return to SF for a few days.
  - Travel back to NY.
  - You should be prompted again, since you left the timezone after you ignored the discrepancy.

{F1654528}

{F1654529}

{F1654530}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T3025

Differential Revision: https://secure.phabricator.com/D15961
2016-05-21 13:25:23 -07:00
epriestley
6f6ca0102d Send forced mail on SSH key edits
Summary:
Ref T10917. This cheats fairly heavily to generate SSH key mail:

  - Generate normal transaction mail.
  - Force it to go to the user.
  - Use `setForceDelivery()` to force it to actually be delivered.
  - Add some warning language to the mail body.

This doesn't move us much closer to Glorious Infrastructure for this whole class of events, but should do what it needs to for now and doesn't really require anything sketchy.

Test Plan: Created and edited SSH keys, got security notice mail.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10917

Differential Revision: https://secure.phabricator.com/D15948
2016-05-19 15:01:25 -07:00
epriestley
0308d580d7 Deactivate SSH keys instead of destroying them completely
Summary:
Ref T10917. Currently, when you delete an SSH key, we really truly delete it forever.

This isn't very consistent with other applications, but we built this stuff a long time ago before we were as rigorous about retaining data and making it auditable.

In partiular, destroying data isn't good for auditing after security issues, since it means we can't show you logs of any changes an attacker might have made to your keys.

To prepare to improve this, stop destoying data. This will allow later changes to become transaction-oriented and show normal transaction logs.

The tricky part here is that we have a `UNIQUE KEY` on the public key part of the key.

Instead, I changed this to `UNIQUE (key, isActive)`, where `isActive` is a nullable boolean column. This works because MySQL does not enforce "unique" if part of the key is `NULL`.

So you can't have two rows with `("A", 1)`, but you can have as many rows as you want with `("A", null)`. This lets us keep the "each key may only be active for one user/object" rule without requiring us to delete any data.

Test Plan:
- Ran schema changes.
- Viewed public keys.
- Tried to add a duplicate key, got rejected (already associated with another object).
- Deleted SSH key.
- Verified that the key was no longer actually deleted from the database, just marked inactive (in future changes, I'll update the UI to be more clear about this).
- Uploaded a new copy of the same public key, worked fine (no duplicate key rejection).
- Tried to upload yet another copy, got rejected.
- Generated a new keypair.
- Tried to upload a duplicate to an Almanac device, got rejected.
- Generated a new pair for a device.
- Trusted a device key.
- Untrusted a device key.
- "Deleted" a device key.
- Tried to trust a deleted device key, got "inactive" message.
- Ran `bin/ssh-auth`, got good output with unique keys.
- Ran `cat ~/.ssh/id_rsa.pub | ./bin/ssh-auth-key`, got good output with one key.
- Used `auth.querypublickeys` Conduit method to query keys, got good active keys.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10917

Differential Revision: https://secure.phabricator.com/D15943
2016-05-18 14:54:28 -07:00
epriestley
99be132ea2 Allow public users to make intracluster API requests
Summary:
Ref T10784. On `secure`, logged-out users currently can't browse repositories when cluster/service mode is enabled because they aren't permitted to make intracluster requests.

We don't allow totally public external requests (they're hard to rate limit and users might write bots that polled `feed.query` or whatever which we'd have no way to easily disable) but it's fine to allow intracluster public requests.

Test Plan: Browsed a clustered repository while logged out locally.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10784

Differential Revision: https://secure.phabricator.com/D15695
2016-04-13 12:51:16 -07:00
epriestley
46881c4ce5 Add a session engine extension point
Summary: Ref T7673. This is really just so I can force admin.phacility.com logout when you log out of an instance, but there are a few other things we could move here eventually, like the WILLREGISTERUSER event.

Test Plan: Logged out of an instance, got logged out of parent (see next change).

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T7673

Differential Revision: https://secure.phabricator.com/D15629
2016-04-05 15:19:47 -07:00
epriestley
f07d0ae7c3 Make dates/times more concise in Diffusion
Summary: I think I like this better -- but maybe right-aligned?

Test Plan:
{F1180295}

{F1180296}

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D15495
2016-03-18 09:11:09 -07:00
epriestley
06aa207960 Allow users to have profile icons
Summary: Ref T10054. This primarily improves aesthetics and consistency for member/wathcher lists in projects.

Test Plan:
{F1068873}

{F1068874}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10054

Differential Revision: https://secure.phabricator.com/D15103
2016-01-24 09:58:01 -08:00
epriestley
be5b89687e Separate external editor integration from callsigns
Summary: Ref T4245. Pass the whole repository in so it can do something else in a future change.

Test Plan: Loaded changesets in Diffusion.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4245

Differential Revision: https://secure.phabricator.com/D14931
2016-01-04 06:54:01 -08:00
epriestley
99c9df96b4 Convert all "DocumentIndexers" into "FulltextEngines"
Summary: Ref T9979. This simplifies/standardizes the code a bit, but mostly gives us more consistent class names and structure.

Test Plan:
  - Used `bin/search index --type ...` to index documents of every indexable type.
  - Searched for documents by unique text, found them.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9979

Differential Revision: https://secure.phabricator.com/D14842
2015-12-21 17:25:23 -08:00
epriestley
2447d9bdf2 Begin improving modularity of IndexEngine, add locks
Summary:
Ref T9890. Ref T9979. Several adjacent goals:

  - The `SearchEngine` vs `ApplicationSearchEngine` thing is really confusing. There are also a bunch of confusing class names and class relationships within the fulltext indexing. I want to rename these classes to be more standard (`IndexEngine`, `IndexEngineExtension`, etc). Rename `SearchIndexer` to `IndexEngine`. A future change will rename `SearchEngine`.
  - Add the index locks described in T9890.
  - Structure things a little more normally so future diffs can do the "EngineExtension" thing more cleanly.

Test Plan:
Indexing:

  - Renamed a task to have a unique word in the title.
  - Ran `bin/search index Txxx`.
  - Searched for unique word.
  - Found task.

Locking:

  - Added a `sleep(10)` after the `lock()` call.
  - Ran `bin/search index Txxx` in two windows.
  - Saw first one lock, sleep 10 seconds, index.
  - Saw second one give up temporarily after failing to grab the lock.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9890, T9979

Differential Revision: https://secure.phabricator.com/D14834
2015-12-21 17:04:10 -08:00
epriestley
a0ed843d47 Don't allow welcome mail to be sent to users who can't login
Summary:
Fixes T9446. We allow administrators to send "Welcome" mail to bots and mailing lists.

This is harmless (these links do not function), but confusing.

Instead, disable this option in the UI and explain why it is disabled when it is clicked. Also prevent generation of this mail lower in the stack.

Test Plan:
  - Viewed a bot page, saw action disabled, clicked it, got explanation.
  - Viewed a normal user page, saw action enabled, clicked it, sent welcome email.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9446

Differential Revision: https://secure.phabricator.com/D14134
2015-09-20 04:28:33 -07:00
epriestley
29948eaa5b Use phutil_hashes_are_identical() when comparing hashes in Phabricator
Summary: See D14025. In all cases where we compare hashes, use strict, constant-time comparisons.

Test Plan: Logged in, logged out, added TOTP, ran Conduit, terminated sessions, submitted forms, changed password. Tweaked CSRF token, got rejected.

Reviewers: chad

Reviewed By: chad

Subscribers: chenxiruanhai

Differential Revision: https://secure.phabricator.com/D14026
2015-09-01 15:52:44 -07:00
Chad Little
ded654b8e2 Badges ... on your profile
Summary: Shows badges on profile if you have them. Check if app is installed, show badges.

Test Plan:
Gave myself a liberal selection of badge. Gave notchad one badge. Gave chadtwo absolutely nothing.

{F651069}

Reviewers: btrahan, lpriestley, epriestley

Reviewed By: epriestley

Subscribers: johnny-bit, epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D13692
2015-07-23 11:46:34 -07:00
Chad Little
d83dce9893 Allow People to be Flagged
Summary: Ref T8888, Makes People Flaggable (and makes me wonder if we should rename Flags->Bookmarks).

Test Plan: Flag myself. Get excited.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: joshuaspence, epriestley, Korvin

Maniphest Tasks: T8888

Differential Revision: https://secure.phabricator.com/D13654
2015-07-20 13:43:58 -07:00
epriestley
4adaf53bf0 Dramatically increase cache hit rate for feed
Summary:
Ref T8631. The query plan for feed stories is really bad right now, because we miss caches we should be hitting:

  - The workspace cache is stored at each query, so adjacent queries can't benefit from the cache (only subqueries). Feed has primarily sibling queries.
    - There is no technical reason to do this. Store the workspace cache on the root query, so sibling queries can hit it.
  - In `ObjectQuery`, we check the workspace once, then load all the PHIDs. When the PHIDs are a mixture of transactions and objects, we always miss the workspace and load the objects twice.
    - Instead, check the workspace after loading each type of object.
  - `HandleQuery` does not set itself as the parent query for `ObjectQuery`, so handles never hit the workspace cache.
    - Pass it, so they can hit the workspace cache.
  - Feed's weird `PhabricatorFeedStory::loadAllFromRows()` method does not specify a parent query on its object/handle queries.
    - Just declare the object query to be the "root" query until this eventually gets cleaned up.

Test Plan: Saw queries for each object drop from 4-6x to 1x in `/feed/`.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T8631

Differential Revision: https://secure.phabricator.com/D13479
2015-06-30 11:19:41 -07:00
epriestley
b12f13efd8 Force date/time preferences to valid values
Summary:
Fixes T8601. To reproduce the problem:

  - Set your time preference to `""` (the empty string). This isn't possible from the modern UI, but can be done with "Right Click > Inspect Element", or users may have carried it forward from an older setting (this is the case with me and @hach-que on this install).
  - Load Calendar with some events.
  - This parses an epoch, which sets `valueTime` to `""` (since there are no format characters in the preference) and then `getEpoch()` fails because `strlen($time)` is 0.
  - Since `getEpoch()` failed, `getDateTime()` also fails.

To fix this:

  - Only permit the date and time preferences to have valid values.

Test Plan:
  - Loaded page before patch, saw fatal.
  - Applied patch.
  - No more fatal.
  - Viewed tooltips, dates/times, dates/times in other apps.
  - Changed my preferences, saw them respected.

Reviewers: lpriestley

Reviewed By: lpriestley

Subscribers: epriestley, hach-que

Maniphest Tasks: T8601

Differential Revision: https://secure.phabricator.com/D13346
2015-06-18 15:11:01 -07:00
epriestley
88e7cd158f Allow Spaces to be archived
Summary:
Ref T8377. This adds a standard disable/enable feature to Spaces, with a couple of twists:

  - You can't create new stuff in an archived space, and you can't move stuff into an archived space.
  - We don't show results from an archived space by default in ApplicationSearch queries. You can still find these objects if you explicitly search for "Spaces: <the archived space>".

So this is a "put it in a box in the attic" sort of operation, but that seems fairly nice/reasonable.

Test Plan:
  - Archived and activated spaces.
  - Used ApplicationSearch, which omitted archived objects by default but allowed searches for them, specifically, to succeed.
  - Tried to create objects into an archived space (this is not allowed).
  - Edited objects in an archived space (this is OK).

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T8377

Differential Revision: https://secure.phabricator.com/D13238
2015-06-11 10:13:47 -07:00
epriestley
739bdeccab Improve some Spaces behaviors
Summary:
Ref T8449. Try out some more subtle behaviors:

  - Make the "Space" control part of the policy control, so the UI shows "Visible To: [Space][Policy]". I think this helps make the role of spaces more clear. It also makes them easier to implement.
  - Don't show the default space in headers: instead, show nothing.
  - If the user has access to only one space, pretend spaces don't exist (no edit controls, no header stuff).

This might be confusing, but I think most of the time it will all align fairly well with user expectation.

Test Plan:
  - Viewed a list of pastes (saw Space with non-default space, no space with default space, no space with user in only one space).
  - Viewed a paste (saw Space with non-default space, saw no space with default space, saw no space with user in only one space).
  - Edited spaces on objects (control as privileged user, no control as locked user).
  - Created a new paste in a space (got space select as privileged user, no select as locked user).

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T8449

Differential Revision: https://secure.phabricator.com/D13229
2015-06-10 15:52:18 -07:00
epriestley
8d6209b701 Don't require users be activated in order to establish Web sessions
Summary: Ref T8496. In D13123, the condition for establishing a web session was made too strict: we need to let non-activated users establish web sessions in order to see "you are a bad disabled person" or "your account needs approval" messages. The previous behavior let them in, the new behavior incorrectly locks them out.

Test Plan: Enabled login approvals and registered a new account with username/password auth.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: joshuaspence, epriestley

Maniphest Tasks: T8496

Differential Revision: https://secure.phabricator.com/D13239
2015-06-10 15:34:02 -07:00
epriestley
8915fd8be8 Don't try to generate a CSRF token for the omnipotent user
Summary:
We can end up here with a stack trace like this, while rendering an embedded Slowvote trying to publish a Feed story:

```
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] [2015-06-08 22:49:57] EXCEPTION: (PhutilProxyException) Error while executing Task ID 830591. {>} (PhabricatorDataNotAttachedException) Attempting to access attached data on PhabricatorUser (via getAlternateCSRFString()), but the data is not actually attached. Before accessing attachable data on an object, you must load and attach it.
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] Data is normally attached by calling the corresponding needX() method on the Query class when the object is loaded. You can also call the corresponding attachX() method explicitly. at [<phabricator>/src/infrastructure/storage/lisk/PhabricatorLiskDAO.php:166]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000] arcanist(head=master, ref.master=7d15b85a1bc0), phabricator(head=master, ref.master=929f5f22acef), phutil(head=master, ref.master=92882eb9404d)
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #0 <#2> PhabricatorLiskDAO::assertAttached(string) called at [<phabricator>/src/applications/people/storage/PhabricatorUser.php:556]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #1 <#2> PhabricatorUser::getAlternateCSRFString() called at [<phabricator>/src/applications/people/storage/PhabricatorUser.php:432]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #2 <#2> PhabricatorUser::generateToken(integer, integer, string, integer) called at [<phabricator>/src/applications/people/storage/PhabricatorUser.php:344]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #3 <#2> PhabricatorUser::getRawCSRFToken() called at [<phabricator>/src/applications/people/storage/PhabricatorUser.php:357]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #4 <#2> PhabricatorUser::getCSRFToken() called at [<phabricator>/src/infrastructure/javelin/markup.php:91]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #5 <#2> phabricator_form(PhabricatorUser, array, array) called at [<phabricator>/src/applications/slowvote/view/SlowvoteEmbedView.php:169]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #6 <#2> SlowvoteEmbedView::render() called at [<phabricator>/src/view/AphrontView.php:175]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #7 <#2> AphrontView::producePhutilSafeHTML() called at [<phutil>/src/markup/render.php:133]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #8 <#2> phutil_escape_html(SlowvoteEmbedView)
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #9 <#2> array_map(string, array) called at [<phutil>/src/markup/engine/remarkup/PhutilRemarkupBlockStorage.php:56]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #10 <#2> PhutilRemarkupBlockStorage::restore(PhutilSafeHTML, integer) called at [<phutil>/src/markup/engine/PhutilRemarkupEngine.php:299]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #11 <#2> PhutilRemarkupEngine::restoreText(PhutilSafeHTML, integer) called at [<phutil>/src/markup/engine/PhutilRemarkupEngine.php:295]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #12 <#2> PhutilRemarkupEngine::postprocessText(array) called at [<phabricator>/src/infrastructure/markup/PhabricatorMarkupEngine.php:138]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #13 <#2> PhabricatorMarkupEngine::process() called at [<phabricator>/src/applications/feed/story/PhabricatorFeedStory.php:167]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #14 <#2> PhabricatorFeedStory::loadAllFromRows(array, PhabricatorUser) called at [<phabricator>/src/applications/feed/query/PhabricatorFeedQuery.php:37]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #15 <#2> PhabricatorFeedQuery::willFilterPage(array) called at [<phabricator>/src/infrastructure/query/policy/PhabricatorPolicyAwareQuery.php:237]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #16 <#2> PhabricatorPolicyAwareQuery::execute() called at [<phabricator>/src/infrastructure/query/policy/PhabricatorPolicyAwareQuery.php:168]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #17 <#2> PhabricatorPolicyAwareQuery::executeOne() called at [<phabricator>/src/applications/feed/worker/FeedPushWorker.php:12]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #18 <#2> FeedPushWorker::loadFeedStory() called at [<phabricator>/src/applications/feed/worker/FeedPublisherWorker.php:6]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #19 <#2> FeedPublisherWorker::doWork() called at [<phabricator>/src/infrastructure/daemon/workers/PhabricatorWorker.php:91]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #20 <#2> PhabricatorWorker::executeTask() called at [<phabricator>/src/infrastructure/daemon/workers/storage/PhabricatorWorkerActiveTask.php:162]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #21 <#2> PhabricatorWorkerActiveTask::executeTask() called at [<phabricator>/src/infrastructure/daemon/workers/PhabricatorTaskmasterDaemon.php:22]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #22 PhabricatorTaskmasterDaemon::run() called at [<phutil>/src/daemon/PhutilDaemon.php:185]
Daemon 43450 STDE [Mon, 08 Jun 2015 22:49:57 +0000]   #23 PhutilDaemon::execute() called at [<phutil>/scripts/daemon/exec/exec_daemon.php:125]
```

Just return `null`.

Test Plan: Will check that tasks clear in production.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D13218
2015-06-08 16:07:21 -07:00