1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-28 09:42:41 +01:00
Commit graph

6676 commits

Author SHA1 Message Date
epriestley
4f4dc9c83e Update PhabricatorRepositoryManagementLookupUsersWorkflow to use ConduitCall
Summary:
Ref T2783.

This updates PhabricatorRepositoryManagementLookupUsersWorkflow to use ConduitCall to retrieve information about the commit.

Test Plan:
Ran `bin/repository lookup-users rTESTe9683b64d3283f0b2d355fdbf231bc918b5ac0ab --trace` and saw the information returned (by making a request to `diffusion.querycommits` as the omnipotent user, signed with the device key).

Mucked with `cluster.addresses` and saw requests rejected.

Reviewers: hach-que, btrahan

Reviewed By: btrahan

Subscribers: Krenair, epriestley, Korvin

Maniphest Tasks: T2783

Differential Revision: https://secure.phabricator.com/D10403
2015-01-02 15:13:57 -08:00
epriestley
fa7bb8ff7a Add cluster.addresses and require membership before accepting cluster authentication tokens
Summary:
Ref T2783. Ref T6706.

  - Add `cluster.addresses`. This is a whitelist of CIDR blocks which define cluster hosts.
  - When we recieve a request that has a cluster-based authentication token, require the cluster to be configured and require the remote address to be a cluster member before we accept it.
    - This provides a general layer of security for these mechanisms.
    - In particular, it means they do not work by default on unconfigured hosts.
  - When cluster addresses are configured, and we receive a request //to// an address not on the list, reject it.
    - This provides a general layer of security for getting the Ops side of cluster configuration correct.
    - If cluster nodes have public IPs and are listening on them, we'll reject requests.
    - Basically, this means that any requests which bypass the LB get rejected.

Test Plan:
  - With addresses not configured, tried to make requests; rejected for using a cluster auth mechanism.
  - With addresses configred wrong, tried to make requests; rejected for sending from (or to) an address outside of the cluster.
  - With addresses configured correctly, made valid requests.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6706, T2783

Differential Revision: https://secure.phabricator.com/D11159
2015-01-02 15:13:41 -08:00
epriestley
c84b9d408c Add bin/almanac register to associate a host with an Almanac device and trust it
Summary:
Ref T2783. This is basically a more refined version of D10400, which churned a bit on things like SSH key storage, the actual way the signing protocol shook out, etc.

  - When Phabricator tries to make an intra-cluster service call as the omnipotent user, sign it with the host's device key.
  - Add `bin/almanac register` to say "this host is X device, identified by private key Y". This stores the keypair locally, adds the public key to Almanac, and trusts it.

Net effect is that once a host has been registered, the daemons can make calls to other nodes as the omnipotent user. This is primarily necessary so they can access repository API methods on remote hosts.

Test Plan:
  - Ran `bin/almanac register` with various valid and invalid inputs.
  - Verified keys get generated/added/stored properly.
  - Made a device-signed cluster Conduit call.
  - Made a normal old user-signed cluster Conduit call.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T2783

Differential Revision: https://secure.phabricator.com/D11158
2015-01-02 15:13:30 -08:00
Joshua Spence
8dee37a132 Fix some linter violations
Summary: Self-explanatory.

Test Plan: `arc lint`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11142
2015-01-03 09:11:41 +11:00
Joshua Spence
1b80f6e09d Remove an unused class
Summary: This class is unused after D6679.

Test Plan: `grep`

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11149
2015-01-03 09:09:31 +11:00
Joshua Spence
70245da2ed Remove an unused class
Summary: Self-explanatory.

Test Plan: `grep`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11150
2015-01-03 09:07:35 +11:00
Joshua Spence
dad8e7c78a Remove an unused class
Summary: This class is no longer used after D8168.

Test Plan: `grep`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11152
2015-01-03 09:07:35 +11:00
Joshua Spence
6221f9d90f Remove an unused class
Summary: Self-explanatory.

Test Plan: `grep`

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11153
2015-01-03 09:07:35 +11:00
Joshua Spence
c2729b954e Remove an unused class
Summary: This class is no longer required after D10869.

Test Plan: `grep`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11154
2015-01-03 09:07:32 +11:00
epriestley
7cbaad5cd1 Fix some edge strings; particularly revision editing
Summary:
These didn't get translated quite right:

  - We need to use `$total_count` because some languages have different words for 1, 2-3, and 4+ things (for example). So the strings might translate as:
    - alincoln added a reviewer-one ...
    - alincoln added reviewers-few ...
    - alincoln added reviewers-many ...
  - That is, while English has only "reviewer" and "reviewers", other languages have more plural forms, and "reviewer", "reviewers-few" and "reviewers-many" may be completely different words.
  - In English, because we know we always have 2+ in this branch and the only special word is for 1, we can just drop this.
  - Anyway, the %4$s stuff is counting assuming that $total_count is included in the string, so these were a off by one.
  - See also D11160.

There a probably a couple more of these, but they should be easy enough to hunt down as they crop up.

Test Plan: Saw nice strings instead of empty strings, or invalid strings (after D11160).

Reviewers: joshuaspence, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11162
2015-01-02 13:48:08 -08:00
Chad Little
61e26cd242 Remove 'Author:' byline text
Summary: The actual author here usually gets truncated by the extra text, which doesn't seem needed in most (all?) cases.

Test Plan: Look at list of recent commits.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11127
2015-01-02 11:39:47 -08:00
epriestley
08126d3904 Improve top-level exception handling
Summary:
Fixes T6692. Addresses two main issues:

  - The write guard would sometimes not get disposed of on exception pathways, generating an unnecessary secondary error which was just a symptom of the original root error.
    - This was generally confusing and reduced the quality of reports we received because users would report the symptomatic error sometimes instead of the real error.
    - Instead, reflow the handling so that we always dispose of the write guard if we create one.
  - If we missed the Controller-level error page generation (normally, a nice page with full CSS, etc), we'd jump straight to Startup-level error page generation (very basic plain text).
    - A large class of errors occur too early or too late to be handled by Controller-level pages, but many of these errors are not fundamental, and the plain text page is excessively severe.
    - Provide a mid-level simple HTML error page for errors which can't get full CSS, but also aren't so fundamental that we have no recourse but plain text.

Test Plan:
Mid-level errors now produce an intentional-looking error page:

{F259885}

Verified that setup errors still render properly.

@chad, feel free to tweak the exception page -- I just did a rough pass on it. Like the setup error stuff, it doesn't have Celerity, so we can't use `{$colors}` and no other CSS will be loaded.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley, chad

Maniphest Tasks: T6692

Differential Revision: https://secure.phabricator.com/D11126
2015-01-02 10:49:27 -08:00
Fabian Stelzer
00495e3a0e remove unused FeedStory object in getTitleForFeed functions
Summary:
Removes an unused PhabricatorFeedStory Parameter from all getTitleForFeed() and getApplicationTransactionTitleForFeed() functions.
Ref D11088 Ref T6545

Test Plan: ran all unit tests and viewed some dashboard feeds

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6545

Differential Revision: https://secure.phabricator.com/D11146
2015-01-02 08:45:43 -08:00
epriestley
7c4de0f6be Revert "Rename PhabricatorPolicyRule subclasses for consistency"
This reverts commit 8b7561776f.

See: https://secure.phabricator.com/rP8b7561776f3f5535c625b6d260811cfc51cf4b61
2015-01-02 06:39:36 -08:00
Joshua Spence
a98ec20dba Rename PhabricatorSetupCheck subclasses for consistency
Summary: Ref T5655.

Test Plan: `arc lint` and `arc unit`

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T5655

Differential Revision: https://secure.phabricator.com/D11130
2015-01-02 15:27:58 +11:00
Joshua Spence
8b7561776f Rename PhabricatorPolicyRule subclasses for consistency
Summary: Ref T5655.

Test Plan: `arc lint` and `arc unit`

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T5655

Differential Revision: https://secure.phabricator.com/D11131
2015-01-02 15:24:44 +11:00
Joshua Spence
4e28de07fe Rename PhabricatorSettingsPanel subclasses for consistency
Summary: Ref T5655.

Test Plan: `arc lint` and `arc unit`

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T5655

Differential Revision: https://secure.phabricator.com/D11136
2015-01-02 15:20:08 +11:00
Joshua Spence
f1d343111f Remove an unused feed story class
Summary: This class is no longer used after D7370.

Test Plan: `arc lint` and `arc unit`

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11132
2015-01-02 11:46:16 +11:00
Joshua Spence
cfadc41459 Remove an unused class
Summary: This class is no longer used after D7370.

Test Plan: `grep`

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11129
2015-01-02 11:34:34 +11:00
Joshua Spence
c98aab6a21 Remove an unused class
Summary: This class is no longer required after D10792.

Test Plan: `grep`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11134
2015-01-02 11:24:38 +11:00
Joshua Spence
18acb8537a Remove an unused class
Summary: This class is no longer used after D7585.

Test Plan: `grep`

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11135
2015-01-02 11:23:58 +11:00
Joshua Spence
44ec1d7374 Modernize Dashboard edges
Summary: Modernize Dashboard edges to subclass `PhabricatorEdgeType`. Largely based on D11045.

Test Plan: Attached a panel to a dashboard, observed the expected comment in the transaction view (both ways).

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11114
2015-01-02 10:11:59 +11:00
Joshua Spence
a6acedef0b Modernize Pholio edges
Summary: Modernize Pholio edges to subclass `PhabricatorEdgeType`. Largely based on D11045.

Test Plan: Attached a mock to a task, observed the expected comment in the transaction view (both ways).

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11113
2015-01-02 10:11:41 +11:00
Joshua Spence
f0db6e4818 Migrate Project edges to subclass PhabricatorEdgeType
Summary: Modernize Project edges to subclass `PhabricatorEdgeType`. Largely based on D11045.

Test Plan: Add a member to a project, saw new rows in the `phabricator_project.edge` and `phabricator_user.edge` tables.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11111
2015-01-02 10:10:59 +11:00
Joshua Spence
422b2f2b89 Remove deprecated maniphest.find Conduit method
Summary: This method has been deprecated for a long time (see D2887 and D6336).

Test Plan:
```lang=bash
> echo '{}' | arc --conduit-uri=http://phabricator.local call-conduit 'maniphest.find'
Waiting for JSON parameters on stdin...
{"error":"ERR-CONDUIT-CALL","errorMessage":"ERR-CONDUIT-CALL: ","response":null}
```

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11117
2015-01-02 10:03:31 +11:00
Joshua Spence
22ee37e8b5 Make the PhabricatorApplication::getName() method abstract
Summary: In D10027, the `getName()` method was added to `PhabricatorApplication` to //allow// applications to explicitly declare their names rather than relying on the name being inferred from the name of the `PhabricatorApplication` subclass. I feel that sufficient time has passed such that we can //require// applications to explicitly declare their names.

Test Plan: N/A

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11119
2015-01-02 10:03:31 +11:00
epriestley
19845395d8 Allow PhutilTranslator::translate() to return defaults
Summary: Allow PhutilTranslator::translate() to return defaults

Test Plan: Just check some strings returned correctly.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, Zolli, epriestley

Projects: #localization

Maniphest Tasks: T6845

Differential Revision: https://secure.phabricator.com/D11121
2015-01-01 08:15:40 -08:00
Fabian Stelzer
f33e2de092 make repo callsigns optional
Summary:
Ref T4245 Make repo callsigns optional
This is far from done and still very ugly. I'm just submitting it to check if i'm solving this in the right places.
Right now there's three places with duplicate code and building the identifierMap in the CommitQuery is very ugly.
If we only want to support this in the user frontend then i could hack it into the Markup rule itself and not touch the CommitQuery. Even uglier but more limited in scope...

Generally this approach will need a lot of "check this first and then try the other" in a few places.
I could move the Repository queries into a specialised PhabricatorRepositoryQuery method (withCallsignOrID) but i'm not sure about that.

Test Plan:
 - phid.lookup works with R1 and rTEST (which is the same repo)
 - R1 and rTEST euqally work in remarkup (tested in comments).
 - Reviewed the following syntax also all works:
rTEST
rTESTd773137a7cb9
rTEST:d773137a7cb9
R1
R1:d773137a7cb9
d773137a7cb9
{rTEST}
{rTESTd773137a7cb9}
{rTEST:d773137a7cb9}
{R1}
{R1:d773137a7cb9}
{d773137a7cb9}

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Maniphest Tasks: T4245

Differential Revision: https://secure.phabricator.com/D11050
2015-01-01 08:07:26 -08:00
Fabian Stelzer
cd677161e1 Do not CC users without permissions to view an object
Summary:
Ref T4411
I'm not quite sure if this is the right place for this as it will be difficult to provide proper user feedback of why we removed a particular subscriber.
Is the ApplicationTransactionEditor generally the right place to extract mentioned phids in comments?
On the other hand in some cases we cannot really give user feedback why a user was not subscribed (e.g.: commits & diffs)

Adding a diff to a repo where the user mentioned has no view permissions the subscriber is currently still added. Still would have to find where this is donet...

Any other places?

Unrelated: Is there any way to remove a subscriber from a commit/audit ?

Test Plan:
 - Edited tasks with the mentioned user having view permissions to this specific task and without
 - Raised concern with a commit and commented on the audit with the user having view permissions to the repo and without
 - Added a commit to a repo with and without the mentioned user having permissions
 - Mention a user in a task & commit comment with and without permissions
 - Mentioning a user in a diff description & comments with and without permissions to the specific diff

Reviewers: chad, #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: chad, Korvin, epriestley

Maniphest Tasks: T4411

Differential Revision: https://secure.phabricator.com/D11049
2015-01-01 08:05:52 -08:00
Fabian Stelzer
86eb7c0ec4 Settings History
Summary:
Shows a timeline of all modified settings Fixes T6545
Will show all settings (no pagination, should be not so difficult to add if needed but most installs won't have hundreds of settings changes)
I'm not happy by how the PhabricatorConfigTransaction object is instructed to render the config keys but i don't see any other reasonable way.
We could always show the keys though.

Test Plan: Changed settings and called the history page

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6545

Differential Revision: https://secure.phabricator.com/D11088
2015-01-01 06:52:13 -08:00
Joshua Spence
1ff6972f7e Rename classes for consistency
Summary: These classes are named differently from other `PhabricatorEdgeType` subclasses. Rename them for consistency.

Test Plan: I would expect the linter to complain if I missed anything.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11112
2015-01-01 15:40:26 +11:00
Joshua Spence
7e54ab23b3 Improve puncutation usage
Summary: Use periods where appropriate.

Test Plan: shipitquick

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11110
2015-01-01 15:40:04 +11:00
Joshua Spence
7cab903943 Migrate Differential revision edges to use modern EdgeType subclasses
Summary: Modernize Differential edges to subclass `PhabricatorEdgeType`. Largely based on D11045.

Test Plan: From previous experience, these changes are fairly trivial and safe. I poked around a little to make sure things looked reasonably okay.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, Krenair, epriestley

Differential Revision: https://secure.phabricator.com/D11074
2015-01-01 15:07:03 +11:00
Joshua Spence
c564a3c22a Fix method name
Summary: This is a typo from D11045.

Test Plan: I haven't actually tested this, but the tests from D11045 should apply here.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11108
2015-01-01 14:42:22 +11:00
Joshua Spence
8e3396ce21 Modernize Ponder edge types
Summary: Modernize Ponder edges to subclass `PhabricatorEdgeType`. Largely based on D11045.

Test Plan: I couldn't actually figure out how to get these strings to show up anywhere.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Krenair, chad, epriestley

Differential Revision: https://secure.phabricator.com/D11083
2015-01-01 11:20:22 +11:00
Joshua Spence
83d1e3edb5 Modernize Legalpad edge types
Summary: Modernize Legalpad edges to subclass `PhabricatorEdgeType`. Largely based on D11045.

Test Plan:
# Created a Herald rule to require legal signatures on all diffs.
# Created a new diff.
# Saw the transaction string appear correctly.

I wasn't able to check the inverse transaction because there is none. Also, I couldn't see any text on the feed (presumably, transactions authored by Herald do not generate feed items)

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Krenair, chad, epriestley

Differential Revision: https://secure.phabricator.com/D11082
2015-01-01 11:15:34 +11:00
epriestley
cae8c49745 Fix diffusion.readmequery to work in a cluster enviroment
Summary:
Ref T2783. This method is kind of goofballs:

  - We send a big list of paths to it.
  - It sends back a giant blob of HTML.

Instead, just figure out the path we want locally, then fetch the content with `diffusion.filecontentquery`.

Test Plan:
  - Viewed main view and directory view, saw a README.
  - See screenshots.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T2783

Differential Revision: https://secure.phabricator.com/D11099
2014-12-31 11:54:52 -08:00
epriestley
8c4f3edd8a Skip some repository checks in cluster enviornments
Summary:
Ref T2783. Currently, the repository edit page does some checks agaisnt the local system to look for binaries and files on disk. These checks don't make sense in a cluster environment.

Ideally, we could make a Conduit call to the host (e.g., add something like `diffusion.querysetupstatus`) to do these checks, but since they're pretty basic config things and cluster installs are advanced, it doesn't seem super worthwhile for now.

Test Plan: Saw fewer checks in a cluster repo.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T2783

Differential Revision: https://secure.phabricator.com/D11102
2014-12-31 11:50:35 -08:00
epriestley
376729b44c Don't check "repository.default-local-path" for readability in a cluster environment
Summary:
Ref T2783. When repository services are defined, skip the check for local repository storage.

In particular, in the Phacility cluster, this path won't exist on web nodes, but nothing will ever try to access it.

Test Plan: Verified new branch gets hit with cluster services defined.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T2783

Differential Revision: https://secure.phabricator.com/D11100
2014-12-31 11:50:20 -08:00
epriestley
00192ec8ce Treat MERGE_INTO as a status transaction for mail tags
Summary: Fixes T6838. We use a special transaction type for merging, but don't handle it when figuring out mail tags.

Test Plan: Verified merge mail picks up the `maniphest-status` tag.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T6838

Differential Revision: https://secure.phabricator.com/D11101
2014-12-31 08:37:53 -08:00
Alex Monk
a84cd99893 Paste: Add edit policy
Summary: T5549

Test Plan: Set edit policy on paste, check that only users meeting the policy requirements can edit it.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Maniphest Tasks: T5549

Differential Revision: https://secure.phabricator.com/D11097
2014-12-31 08:24:57 -08:00
epriestley
ba4ebf28ad Allow archived tasks to be queried by object PHID and order by id
Summary: Ref T5402.

Test Plan:
  - Queried archived tasks.
  - Grepped for use sites and verified no other callsites are order-sensitive.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5402

Differential Revision: https://secure.phabricator.com/D11089
2014-12-30 15:54:56 -08:00
Bob Trahan
12c7c399ce Diffusion - fix first "old ref" in push log
Summary: This is a fake hash of many 0s which ends up being a bad link. Detect the fake hash and don't print a link. Fixes T6826.

Test Plan: looked at push log and no longer saw a many 0 entry for the first old ref.

Reviewers: epriestley, chad

Reviewed By: chad

Subscribers: Korvin, epriestley

Maniphest Tasks: T6826

Differential Revision: https://secure.phabricator.com/D11096
2014-12-30 15:17:49 -08:00
Bob Trahan
1c04532852 Owners - sort repositories alphabetically in path chooser
Summary: Fixes T6834. Without this asort() call, repositories are ordered by ID, which is arbitrary to the user. This sorts them alphabetically by callsign.

Test Plan: edited a package and saw repos sorted by call sign

Reviewers: epriestley, chad

Reviewed By: chad

Subscribers: Korvin, epriestley

Maniphest Tasks: T6834

Differential Revision: https://secure.phabricator.com/D11095
2014-12-30 14:28:26 -08:00
epriestley
c2f4ae3502 Separate daemon task table rendering into a standalone class
Summary: Ref T5402, T6238. Pull this out into a class so the Instances app can embed task views.

Test Plan: Loaded `/daemon/` and examined the content in the tables.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T6238, T5402

Differential Revision: https://secure.phabricator.com/D11090
2014-12-30 10:00:06 -08:00
epriestley
2fe553761a Increase severity of "phabricator.base-uri" warning
Summary: Fixes T6828.

Test Plan: reading

Reviewers: chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T6828

Differential Revision: https://secure.phabricator.com/D11075
2014-12-30 08:01:44 -08:00
Fabian Stelzer
b642359eb6 add missing needprojectphids for project reports
Summary: Adds a missing needProjectPHIDs called in the project reports. Fixes T6833

Test Plan: visited all task reports

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley

Maniphest Tasks: T6833

Differential Revision: https://secure.phabricator.com/D11086
2014-12-30 07:10:31 -08:00
Joshua Spence
39ca2fdf64 Use new FutureIterator instead of Futures
Summary: Ref T6829. Deprecate the `Futures()` function.

Test Plan: N/A

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6829

Differential Revision: https://secure.phabricator.com/D11077
2014-12-30 23:13:38 +11:00
Joshua Spence
eedd7aa58b Minor linter fixes
Summary: Fix a few minor lint issues.

Test Plan: Ran `arc lint`.

Reviewers: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11059
2014-12-30 02:48:03 -08:00
Chad Horohoe
9374ace602 Ensure dateCreated property exists at index creation time
Summary:
Since the default query will sort on this when no query string is
attached we want to make sure the property at least exists.

Otherwise Elasticsearch yells at you: "No mapping found for [dateCreated]
in order to sort on" when you try to search for documents that haven't
been indexed yet.

Test Plan:
Searched for Mocks and Initiatives (no such documents exist in my index)
and got the error. After patching and reinitializing the index, the error
during querying went away.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11056
2014-12-30 02:46:17 -08:00
epriestley
c8d707caa0 Improve pygments.enabled discussion
Summary: Ref T6533. Provide better instructions around installing, enabling, and troubleshooting Pygments.

Test Plan: Read documentation, viewed config option, clicked links.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley, fabe

Maniphest Tasks: T6533

Differential Revision: https://secure.phabricator.com/D11053
2014-12-29 16:15:48 -08:00
epriestley
cea1432782 Skip Mercurial tests if hg is not present
Summary: I don't have `hg` yet on my new laptop; we should just skip tests if the user is missing binaries. Add a convenience method to do this.

Test Plan: Got clean `arc unit --everything` with no `hg` installed.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11051
2014-12-29 16:15:37 -08:00
Fabian Stelzer
736857d1f6 Setup check to install/enable pygments
Summary: Fixes T6533 - actively prompt the user to install and enable pygments

Test Plan: uninstalled / disabled pygments and checked setup checks

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6533

Differential Revision: https://secure.phabricator.com/D11048
2014-12-29 09:51:40 -08:00
epriestley
9dd0eca335 Lock feed.public and feed.http-hooks config options
Summary:
Ref T6817. Ref T5726. These both bypass policy checks, and would allow an attacker who gains control of an administrative account to enable public feed, then view feed stories they could not normally see; or enable feed.http-hooks, then read the posted text.

In the longer term I'd like to remove `feed.public` completely (possibly providing API alternatives, if necessary).

Test Plan: Looked at options in web UI and saw them locked.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T6817, T5726

Differential Revision: https://secure.phabricator.com/D11046
2014-12-29 08:04:47 -08:00
Alex Monk
102e431feb Migrate Maniphest task blockers to modern EdgeType classes
Summary:
Prevents "edited tasks, added: 1; removed: 1"

Fixes T6757, using D9839 as an example

Test Plan: Added and removed blockers to/from tasks, saw the expected history entries.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Maniphest Tasks: T6757

Differential Revision: https://secure.phabricator.com/D11045
2014-12-28 06:40:39 -08:00
Bob Trahan
9219645287 Daemons - add "objectPHID" to task tables.
Summary: Ref T5402. This more or less "fixes" it but there's probably some polish to do?

Test Plan:
stopped and started daemons. error logs look good.

ran bin/storage upgrade.  noted that `adjust` added the appropriate indices for active and archive task.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T5402

Differential Revision: https://secure.phabricator.com/D11044
2014-12-23 16:30:05 -08:00
Bob Trahan
a4474a4975 Daemons - introduce PhabricatorWorkerArchiveTaskQuery
Summary: Ref T5402. This cleans up some code and sets us up to use this sort of data more easily later.

Test Plan: viewed the daemon console from the web and the log of a specific archived daemon. both looked good. for other callsites looked really, really carefully.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T5402

Differential Revision: https://secure.phabricator.com/D11042
2014-12-23 15:45:42 -08:00
epriestley
b3394c53d8 Detect goofy sudo -n output under OSX
Summary: See rP2fedb6f941d8. We might need a more general version of this since we do some `sudo` stuff elsewhere, but at least on my machine `sudo -n` exits with code 0 when the target user exists but needs a password.

Test Plan:
  - Tried to run daemons as root, with no automatic sudo to root. Got a bad result before (phd believed it had executed the daemons) and a good result afterward (phd recognized that sudo failed).
  - Tried to run daemons from root, as a non-root user. Got a good result in both cases.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: fabe, epriestley

Differential Revision: https://secure.phabricator.com/D11041
2014-12-23 14:45:07 -08:00
epriestley
f35a38b086 Allow public access to the project edit/history page
Summary: Fixes T6807. This page shows edit history and has edit options, but is not an edit interface itself per se. Allowing public access is consistent with other interfaces/applications.

Test Plan: Viewed a public project's history page as a public user.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T6807

Differential Revision: https://secure.phabricator.com/D11039
2014-12-23 10:00:12 -08:00
Fabian Stelzer
2fedb6f941 Start phd daemons as the correctly configured user and refuse otherwise
Summary:
Fixes T5196
If no phd.user is configured the behaviour is unchanged besides printing a warning when run as root (Usually i would add an exit(1) here but that would break existing installs who do that).
If phd.user is set and the current user is root it will run the daemon as: su USER -c "command" (I'm not sure if this works for every platform needed)
Otherwise it will refuse to start if configured and current user mismatch.

Test Plan: Stopped & Started phd daemon with various users and different phd.user settings including root

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: vinzent, epriestley

Maniphest Tasks: T5196

Differential Revision: https://secure.phabricator.com/D11036
2014-12-23 08:15:51 -08:00
Fabian Stelzer
6132d8012b show the current size limit when a file upload fails
Summary: Show the php.ini setting for max upload or alterantively the in phabricator configured one. Fixes T6663

Test Plan: changed php.ini and alternatively phabricator file upload size settings to minimal values and try to upload a larger file

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, btrahan, chad, epriestley

Maniphest Tasks: T6663

Differential Revision: https://secure.phabricator.com/D11031
2014-12-23 05:17:16 -08:00
Chad Horohoe
a366f85c11 Properly create Elasticsearch index
Summary:
When the index does not exist and auto_create_index isn't
enabled, running ./bin/index results in a failure. That's
T5990

Instead create an index properly. This also allows us to do
nice things like do a proper mapping and analysis like for
substring matching like outlined by @fabe in T6552.

Test Plan:
Deleted and created index multiple times to verify
proper index creation and usage.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, manybubbles, chasemp, fabe, epriestley

Differential Revision: https://secure.phabricator.com/D10955
2014-12-22 13:10:52 -08:00
Chad Horohoe
c953c0fedc Switch normal query from match to simple_query_string
Summary:
It's like query_string but fails a little nicer on bad
input. It also allows for limited Lucene syntax; notably
exact string matches with quotation marks.

Fixes T6780

Test Plan:
Tested multiple query constructions, including exact string
matching.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley

Maniphest Tasks: T6780

Differential Revision: https://secure.phabricator.com/D11011
2014-12-22 13:00:33 -08:00
Austin Kelleher
bdda61184b Fixing typo unautorized -> unauthorized.
Summary: Fixing small typo unautorized -> unauthorized.

Test Plan: N/A

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: chad, Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11029
2014-12-22 12:57:49 -08:00
Fabian Stelzer
853ce5e927 setup warning for mysql with default boolean syntax
Summary: Ref: T6747 add a setup warning if mysql is configured with the default boolean syntax

Test Plan: Run setup checks with default mysql config and then add the desired config option, restart and check again.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley

Maniphest Tasks: T6747

Differential Revision: https://secure.phabricator.com/D11030
2014-12-22 12:57:15 -08:00
epriestley
340373f7bb Almanac: forced interface PHIDs, prefix/suffix device query, DestructibleInterface
Summary: Ref T5833. Ref T6238. These are general capabilities which are particularly useful for synchronizing cluster specifications to instances.

Test Plan:
  - Synchronized networks, devices, interfaces, services, bindings and properties to a managed instance.
  - Used typeahead.
  - Destroyed networks, devices, and services. Saw interfaces and bindings destroyed.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6238, T5833

Differential Revision: https://secure.phabricator.com/D11024
2014-12-22 12:50:44 -08:00
Bob Trahan
e76499bbbb Maniphest - kill TYPE_PROJECTS
Summary: Fixes T5245. Migrate old TYPE_PROJECTS transaction to new style edge transactions. Kill remaining rendering code.

Test Plan:
issued some fun queries to get some old-style transaction in my install:

```
// go from nothing to 1
INSERT INTO maniphest_transaction (phid, authorPHID, objectPHID, viewPolicy, editPolicy, commentVersion, transactionType, oldValue, newValue, contentSource, metadata, dateCreated, dateModified)
VALUES ('PHID-XACT-TASK-000000000000000', 'PHID-USER-zo35vxnoi4bxqak6yqhc', 'PHID-TASK-hb5wphctibxxqryo6ssi', 'users', 'users', 0, 'projects', '[]', '["PHID-PROJ-4teaxbjk5okv7mdz2qlx"]', '', '{}', 1419274578, 1419274578)

// go from 1 to 2
INSERT INTO maniphest_transaction (phid, authorPHID, objectPHID, viewPolicy, editPolicy, commentVersion, transactionType, oldValue, newValue, contentSource, metadata, dateCreated, dateModified)
VALUES ('PHID-XACT-TASK-111111111111111', 'PHID-USER-zo35vxnoi4bxqak6yqhc', 'PHID-TASK-hb5wphctibxxqryo6ssi', 'users', 'users', 0, 'projects', '["PHID-PROJ-4teaxbjk5okv7mdz2qlx"]', '["PHID-PROJ-4teaxbjk5okv7mdz2qlx", "PHID-PROJ-a7giqlyyfirqswg6gn6x"]', '', '{}', 1419274580, 1419274580)

// swap 1 for 1 with 2 in set
INSERT INTO maniphest_transaction (phid, authorPHID, objectPHID, viewPolicy, editPolicy, commentVersion, transactionType, oldValue, newValue, contentSource, metadata, dateCreated, dateModified)
VALUES ('PHID-XACT-TASK-222222222222222', 'PHID-USER-zo35vxnoi4bxqak6yqhc', 'PHID-TASK-hb5wphctibxxqryo6ssi', 'users', 'users', 0, 'projects', '["PHID-PROJ-4teaxbjk5okv7mdz2qlx", "PHID-PROJ-a7giqlyyfirqswg6gn6x"]', '["PHID-PROJ-4teaxbjk5okv7mdz2qlx", "PHID-PROJ-cety4gr55gpxzhwtrkhx"]', '', '{}', 1419274582, 1419274582)

// go from 2 to 1
INSERT INTO maniphest_transaction (phid, authorPHID, objectPHID, viewPolicy, editPolicy, commentVersion, transactionType, oldValue, newValue, contentSource, metadata, dateCreated, dateModified)
VALUES ('PHID-XACT-TASK-333333333333333', 'PHID-USER-zo35vxnoi4bxqak6yqhc', 'PHID-TASK-hb5wphctibxxqryo6ssi', 'users', 'users', 0, 'projects', '["PHID-PROJ-4teaxbjk5okv7mdz2qlx", "PHID-PROJ-cety4gr55gpxzhwtrkhx"]', '["PHID-PROJ-4teaxbjk5okv7mdz2qlx"]', '', '{}', 1419274584, 1419274584)
```

took a screenshot. ran the migration script and compared the screenshots and things looked correctly migrated...!

old style:

{F255408}

new style:

{F255407}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T5245

Differential Revision: https://secure.phabricator.com/D11032
2014-12-22 11:54:02 -08:00
Chad Little
b925f42c55 Remove docs sprite, replace with FontAwesome
Summary: Removes the docs sprite in Conpherence with FontAwesome, adds additional icons. Unsure what happens if someone customized this config option.

Test Plan: Added images and files to a Conpherence, saw new icons.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11028
2014-12-20 20:59:24 -08:00
Chad Little
194d33e4bd Missed a call to Conpherence sprite
Summary: Fixes an exception on Conpherence.

Test Plan: Use Conpherence. Grep for other locations.

Reviewers: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11027
2014-12-20 13:08:07 -08:00
Chad Little
1e0f1f4936 Remove payments sprite
Summary: Removes unused payments sprite and code, also some unused conpherence generated images. We use images in login (and could use FontAwesome, maybe).

Test Plan: grep codebase, pull up uiexamples icons page

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11025
2014-12-20 09:44:53 -08:00
Chad Little
f07f7bfaa4 Remove unused Conpherence sprites
Summary: These were refactored out a while ago

Test Plan: Grep codebase, use Conpherence on desktop, mobile.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11023
2014-12-20 07:44:50 -08:00
epriestley
0ce08b4d27 Work around lack of PKCS8 support in OSX ssh-keygen
Summary:
Ref T4209. Ref T6240. Ref T6238. See D10401 for original discussion.

On OSX, `ssh-keygen` doesn't support PKCS8:

  - When we hit an issue with this, raise a more tailored message about it.
  - Allow the user to work around the problem with `auth cache-pkcs8 ...`, providing reasonable guidance / warnings.

In practice, this only really matters very much for one key, which I'm just going to make the services extension cache automatically. So it's sort of moot, but good to have around for weird cases and to make testing easier.

Test Plan: Hit error, cached key, got clean asymmetric auth.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4209, T6240, T6238

Differential Revision: https://secure.phabricator.com/D11021
2014-12-19 16:36:40 -08:00
Bob Trahan
8ac73b2bf3 Differential - tighten up access of Differential data from other applications
Summary: Fixes T6790. Turn the old method into "new" (old signature) and "newEphemeral". Deploy "newEphemeral" as many places as possible; basically places we are not in the Differential application *and* have no intentions of ever saving the diff. These callsites are also all places we are just trying to get some changesets at the end of the day.

Test Plan: set differential application policy to 'administrators only'. viewed a commit in diffusion and it worked without any errors! i'm just using my thinkin' noodle on the other code paths.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6790

Differential Revision: https://secure.phabricator.com/D11020
2014-12-19 14:54:15 -08:00
epriestley
e0f4e19c3f Add an Almanac service typeahead datasource
Summary: Ref T5833. Ref T6238. This will probably be useful somewhere in the upstream eventually, and is materially useful in the Instances application right now.

Test Plan: tippy typey typey

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6238, T5833

Differential Revision: https://secure.phabricator.com/D11016
2014-12-19 12:36:14 -08:00
Chad Little
9c6467d867 Fix typo in people controller 2014-12-19 09:48:55 -08:00
Bob Trahan
9141da84c8 Maniphest - convert old CC transactions to modern SUBSCRIBER transactions
Summary: database migration + drop old view code. Fixes T5604.

Test Plan: grepped src/ for TYPE_CCS (no hits); viewed some tasks with old cc transactions and noted they still rendered correctly post data conversion

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T5604

Differential Revision: https://secure.phabricator.com/D11015
2014-12-18 14:42:46 -08:00
epriestley
d2df3064bc Allow Almanac services to be locked
Summary:
Fixes T6741. This allows Almanac services to be locked from the CLI. Locked services (and their bindings, interfaces and devices) can not be edited. This serves two similar use cases:

  - For normal installs, you can protect cluster configuration from an attacker who compromises an account (or generally harden services which are intended to be difficult to edit).
  - For Phacility, we can lock externally-managed instance cluster configuration without having to pull any spooky tricks.

Test Plan:
  - Locked and unlocked services.
  - Verified locking a service locks connected properties, bindings, binding properties, interfaces, devices, and device properties.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6741

Differential Revision: https://secure.phabricator.com/D11006
2014-12-18 14:31:36 -08:00
epriestley
cd6f67ef95 When repository services are available, use them when creating a new repository
Summary:
Ref T2783. When creating a new repository, test for cluster services. If cluster services are available, allocate on a random open service.

Show the service that repositories are allocated on.

Test Plan: Created a new repository, saw it allocate onto an available cluster service.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T2783

Differential Revision: https://secure.phabricator.com/D11003
2014-12-18 14:31:22 -08:00
Bob Trahan
10f2cfec5b Maniphest - remove references to deprecated transaction type TYPE_PROJECTS from code
Summary:
...except the transaction class itself, which still needs some knowledge of these transactions for older installs.

Ref T5245. T5604 and T5245 are now in a similar place -- there's an unknown set of bugs introduced from my changes and there's still old display code lying around with some old transactions in the database. I'll stomp out the bugs if / when they surface and data migration is up next.

This revision also adds a "TransactionPreviewString" method to the edge objects so that we can have a prettier "Bob edited associated projects." preview of this transaction.

Test Plan: added a project from task detail and saw correct preview throughout process with correct project added. bulk removed a project from some tasks. added a project from the edit details pane.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T5245

Differential Revision: https://secure.phabricator.com/D11013
2014-12-18 14:17:16 -08:00
Chad Little
2d3f5dae3c Have app tooltips align east with more width
Summary: I find this easier to read

Test Plan: Hover over tooltip area

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11012
2014-12-18 14:03:13 -08:00
Bob Trahan
83db5965ab Maniphest - introduce needProjectPHIDs
Summary: Ref T5245. This is some of the associated cleanup there.

Test Plan:
foreach ManiphestTaskQuery site, I made the change (or not) and tested as follows:

=== Call sites where added needProjectPHIDs ===

- PhabricatorHomeMainController - loaded the home page
- ManiphestBatchEditController - batch edited some tasks (added a project)
- ManiphestConduitAPIMethod - tested implicitly when tested ManiphestUpdateConduitAPIMethod
- ManiphestInfoConduitAPIMethod - used the method via conduit console with input id : 1
- ManiphestQueryConduitAPIMethod - used the method via conduit console with input ids : [1, 2]
- ManiphestUpdateConduitAPIMethod - used the method via conduit with input id : 1 and comment : “asdasds"
- ManiphestReportController - viewed “By User” and “By Project”
- ManiphestSubpriorityController - changed the priority of a task via a drag on manphest home
- ManiphestTaskMailReceiver - updated Task 1 via bin/mail receive-test with a comment that is the README
- ManiphestTaskSearchEngine - loaded Manifest home page
- ManiphestTaskEditController - edited a task
- ManiphestTransactionEditor - closed a blocking task
- ManiphestTransactionSaveController - commented on a task
- PhabricatorProjectProfileController - viewed project with id of 1 that has a few tasks in it
- PhabricatorSearchAttachController - merged tasks together
- DifferentialTransactionEditor - submit a diff that references a task; commit the diff (thus closing the diff) and the task gets updated
- PhabricatorRepositoryCommitMessageParserWorker - submit a diff that references a task; commit the diff (thus closing the diff) and the task gets updated

=== Calls sites where *did not* add needProjectPHIDs (they do not appear in this revision) ===

- PhabricatorManiphestApplication - loaded the home page
- ManiphestGetTaskTransactionsConduitAPIMethod - used the method via conduit console with input ids : [1, 2] ManiphestTaskDetailController - viewed a task with and without associated projects; finished workflow creating a task with a parent
- ManiphestTransactionPreviewController - verified transaction preview showed up properly
- PhabricatorProjectBoardViewController - viewed a board
- PhabricatorProjectMoveController - moved a task around
- ManiphestRemarkupRule - made a task reference like {T123}
- ManiphestTaskQuery - executed a custom query for all tasks with page size of 2 and paginated through some tasks
- ManiphestTaskPHIDType - nothing random seems broken? =D

=== Call sites where had to do something funky ===

- ManiphestHovercardEventListener - loaded hover cards from task mentions

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T5245

Differential Revision: https://secure.phabricator.com/D11004
2014-12-18 13:53:45 -08:00
Chad Little
7361e605dc Add mobile app menu to Project Lists
Summary: Using Project lists on mobile is missing the query menu, this adds it.

Test Plan: test mobile layout, click menu, see query list

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11010
2014-12-18 11:07:40 -08:00
Chad Little
05c13857af Link search query to Dashboard header title
Summary: Makes the header text clickable to the full results.

Test Plan: Click on a few queries.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11008
2014-12-18 08:40:50 -08:00
epriestley
f5600acb16 Don't skip policy checks on ObjectQuery if special capabilities are required
Summary: Ref T6741. As an optimization, we omit policy checks on ObjectQuery, but need to retain them if the query requests non-view permissions. This primarily affected Almanac properties.

Test Plan: Almanac properties now do full policy checks on ObjectQuery loads.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6741

Differential Revision: https://secure.phabricator.com/D11005
2014-12-17 17:04:12 -08:00
epriestley
d8739459f6 Rename "Local" settings in Diffusion to "Storage"
Summary: Ref T2783. In Diffusion -> Edit Repository, we currently have a section called "Local" with options about where the repository is stored. The current name is misleading in a cluster environment, where storage may not actually be local. Shortly, this will also have an option for cluster storage. Call this "Storage" instead.

Test Plan: Edited a repository and poked around.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T2783

Differential Revision: https://secure.phabricator.com/D11001
2014-12-17 11:13:49 -08:00
epriestley
3fa519da74 Allow Almanac service types to define default properties
Summary:
Ref T5833. This allows Almanac ServiceTypes to define default properties for a service, which show up in the UI and are more easily editable.

Overall, this makes it much easier to make structured/usable/consistent service records: you can check a checkbox that says "prevent new allocations" instead of needing to know the meaning of a key.

Test Plan: {F251593}

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5833

Differential Revision: https://secure.phabricator.com/D10996
2014-12-17 11:10:50 -08:00
epriestley
c85327ca3e Give AlmanacServices a service type
Summary:
Ref T5833. This allows services to be typed, to distinguish between different kinds of services. This makes a few things easier:

  - It's easier for clients to select the services they're interested in (see note in T5873 about Phacility). This isn't a full-power solution, but gets is some of the way there.
  - It's easier to set appropriate permissions around when modifications to the Phabricator cluster are allowed. These service nodes need to be demarcated as special in some way no matter what (see T6741). This also defines a new policy for users who are permitted to create services.
  - It's easier to browse/review/understand services.
  - Future diffs will allow ServiceTypes to specify more service structure (for example, default properties) to make it easier to configure services correctly. Instead of a free-for-all, you'll get a useful list of things that consumers of the service expect to read.

The "custom" service type allows unstructured/freeform services to be created.

Test Plan:
  - Created a new service (and hit error cases).
  - Edited an existing service.
  - Saw service types on list and detail views.
  - Poked around new permission stuff.
  - Ran `almanac.queryservices` with service class specification.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5833

Differential Revision: https://secure.phabricator.com/D10995
2014-12-17 11:10:27 -08:00
Bob Trahan
f24ae96bb6 Pholio - fix show older transactions for if there are inline comments
Summary: We didn't load enough data for this case for the custom view class Pholio uses. Fixes T6770. Re-jiggers the signature of the loadImages function in the PholioMockQuery to get there so as to not duplicate any business logic.

Test Plan: made a pholio mock with lots of inline comments. pre-patch "show older" fatals and post-patch "show older" works

Reviewers: chad, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6770

Differential Revision: https://secure.phabricator.com/D11002
2014-12-17 09:42:37 -08:00
Joshua Spence
ed4c7893e9 Fix a exception being thrown from Diviner
Summary: If no Diviner groups are defined that this line currently throws a fatal exception... make this a little more safe.

Test Plan: Applied to our install, no more exceptions.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D10999
2014-12-17 18:10:31 +11:00
epriestley
f18ee5c237 Generate and use "cluster" Conduit API tokens
Summary:
Ref T5955. Ref T2783.

  - Removes the "temporary" type. I was going to use this for T3628 but it started taking more time than I wanted to spend on it.
  - Add a "cluster" type, which is an internal-only token type used within a cluster. This token value is never shown to the user.
  - Automatically generate, use, and cycle cluster tokens.

Test Plan:
  - Diffusion (mostly) works with a repository configured to use a remote service.
  - Saw cluster tokens generate; terminated a cluster token and saw it regenerate.
  - Viewed cluster token in settings panel and saw nice explanatory text instead, as expected (we might just hide these eventually).

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T2783, T5955

Differential Revision: https://secure.phabricator.com/D10990
2014-12-15 11:15:14 -08:00
epriestley
288498f8d0 Add conduit.getcapabilities and a modern CLI handshake workflow
Summary:
Ref T5955.

  - Add `conduit.getcapabilities` to help arc (and other clients) determine formats, protocols, etc., the server supports.
  - Fixes T3117. Add a more modern version of the handshake workflow that allows all generated tokens to remain valid for an hour.
  - Generally, add a CLI token type. This token type expires after an hour when generated, then becomes permanent if used.

Test Plan:
  - See D10988.
  - Ran `conduit.getcapabilities` and inspected output.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3117, T5955

Differential Revision: https://secure.phabricator.com/D10989
2014-12-15 11:14:53 -08:00
epriestley
0507626f01 Accept Conduit tokens as an authentication mechanism
Summary:
  - Ref T5955. Accept the tokens introduced in D10985 as an authentication token.
  - Ref T3628. Permit simple `curl`-compatible decoding of parameters.

Test Plan:
  - Ran some sensible `curl` API commands:

```
epriestley@orbital ~/dev/phabricator $ curl -g "http://local.phacility.com/api/user.whoami?api.token=api-f7dfpoyelk4mmz6vxcueb6hcbtbk" ; echo
{"result":{"phid":"PHID-USER-cvfydnwadpdj7vdon36z","userName":"admin","realName":"asdf","image":"http:\/\/local.phacility.com\/res\/1410737307T\/phabricator\/3eb28cd9\/rsrc\/image\/avatar.png","uri":"http:\/\/local.phacility.com\/p\/admin\/","roles":["admin","verified","approved","activated"]},"error_code":null,"error_info":null}
```

```
epriestley@orbital ~/dev/phabricator $ curl -g "http://local.phacility.com/api/differential.query?api.token=api-f7dfpoyelk4mmz6vxcueb6hcbtbk&ids[]=1" ; echo
{"result":[{"id":"1","phid":"PHID-DREV-v3a67ixww3ccg5lqbxee","title":"zxcb","uri":"http:\/\/local.phacility.com\/D1","dateCreated":"1418405590","dateModified":"1418405590","authorPHID":"PHID-USER-cvfydnwadpdj7vdon36z","status":"0","statusName":"Needs Review","branch":null,"summary":"","testPlan":"zxcb","lineCount":"6","activeDiffPHID":"PHID-DIFF-pzbtc5rw6pe5j2kxtlr2","diffs":["1"],"commits":[],"reviewers":[],"ccs":[],"hashes":[],"auxiliary":{"phabricator:projects":[],"phabricator:depends-on":[],"organization.sqlmigration":null},"arcanistProjectPHID":null,"repositoryPHID":null,"sourcePath":null}],"error_code":null,"error_info":null}
```

  - Ran older-style commands like `arc list` against the local install.
  - Ran commands via web console.
  - Added and ran a unit test to make sure nothing is using forbidden parameter names.
  - Terminated a token and verified it no longer works.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3628, T5955

Differential Revision: https://secure.phabricator.com/D10986
2014-12-15 11:14:41 -08:00
epriestley
39f2bbaeea Add Conduit Tokens to make authentication in Conduit somewhat more sane
Summary:
Ref T5955. Summary of intended changes:

**Improve Granularity of Authorization**: Currently, users have one Conduit Certificate. This isn't very flexible, and means that you can't ever generate an API token with limited permissions or IP block controls (see T6706). This moves toward a world where you can generate multiple tokens, revoke them individually, and assign disparate privileges to them.

**Standardize Token Management**: This moves Conduit to work the same way that sessions, OAuth authorizations, and temporary tokens already work, instead of being this crazy bizarre mess.

**Make Authentication Faster**: Authentication currently requires a handshake (conduit.connect) to establish a session, like the web UI. This is unnecessary from a security point of view and puts an extra round trip in front of all Conduit activity. Essentially no other API anywhere works like this.

**Make Authentication Simpler**: The handshake is complex, and involves deriving hashes. The session is also complex, and creates issues like T4377. Handshake and session management require different inputs.

**Make Token Management Simpler**: The certificate is this huge long thing right now, which is not necessary from a security perspective. There are separate Arcanist handshake tokens, but they have a different set of issues. We can move forward to a token management world where neither of these problems exist.

**Lower Protocol Barrier**: The simplest possible API client is very complex right now. It should be `curl`. Simplifying authentication is a necessary step toward this.

**Unblock T2783**: T2783 is blocked on nodes in the cluster making authenticated API calls to other nodes. This provides a simpler way forward than the handshake mess (or enormous-hack-mess) which would currently be required.

Test Plan:
  - Generated tokens.
  - Generated tokens for a bot account.
  - Terminated tokens (and for a bot account).
  - Terminated all tokens (and for a bot account).
  - Ran GC and saw it reap all the expired tokens.

NOTE: These tokens can not actually be used to authenticate yet!

{F249658}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5955

Differential Revision: https://secure.phabricator.com/D10985
2014-12-15 11:14:23 -08:00
epriestley
2c7be52fc2 Lock phabricator.show-prototypes
Summary:
Two goals:

  - If an attacker compromises an administrator account (without compromising the host itself), they can currently take advantage of vulnerabilities in prototype applications by enabling the applications, then exploiting the vulnerability. Locking this option requires CLI access to enable prototypes, so installs which do not have prototypes enabled have no exposure to security issues in prototype applications.
  - Making this very slightly harder to enable is probably a good thing, given the state of the world and support.

Test Plan: Verified that web UI shows the value is locked and instructs the user to update via the CLI.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D10993
2014-12-15 11:00:20 -08:00
epriestley
2037979142 Prevent Phame blogs from using invalid skins
Summary: Via HackerOne. An attacker with access to both Phame and the filesystem could potentially load a skin that lives outside of the configured skin directories, because we had insufficient checks on the actual skin at load time.

Test Plan: Attempted to build a blog with an invalid skin; got an exception instead of a mis-load of a sketchy skin.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D10992
2014-12-15 10:41:49 -08:00
epriestley
2a9db94ba6 Restore Maniphest subscriber transaction mail tag
Summary: Fixes T6748. This just didn't get aligned when CCs became a modern transaction.

Test Plan: Added a CC to a task, used `bin/mail show-outbound` to verify it showed up as a CC tag.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T6748

Differential Revision: https://secure.phabricator.com/D10991
2014-12-14 07:49:30 -08:00
epriestley
4505724cc4 Allow repositories to be bound to an AlmanacService
Summary:
Ref T2783. This is primarily exploratory and just figuring out what we're blocked on:

  - Allow a Repository to be bound to a Service. The Service may eventually define multiple read/write nodes, etc.
    - There's no UI to do this binding yet, you have to touch the database manually.
  - If a repository is bound to a Service, effect Conduit calls via calls to the remote service instead of executing them in-process.
    - These don't actually work yet since there's no authentication (see T5955).

Test Plan:
  - Made a nice Service with a nice Binding to a nice Interface on a nice Device.
  - Force-associated a repository with the service using a raw MySQL query.
  - Saw Phabricator try to make a remote call to the service (on localhost) and fail because of missing auth stuff.
  - Also ran `almanac.queryservices`.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T2783

Differential Revision: https://secure.phabricator.com/D10982
2014-12-12 12:07:11 -08:00
Bob Trahan
2b99b4add8 Home - limit "status" queries to 100 and show 99+ if we hit that
Summary: Fixes T6595. This diff has two issues as is... 1) the differential data fetching is pretty cheesey, but it looks like we can't just issue three separate databases to get the right data? 2) the translations break, since I am turning this into a string (and not an int) so the whole pluralization bit fails. I think 1 is okay as is and 2 needs to be fixed though I am not sure how to best do that...

Test Plan: loaded home page and it looked nice...!

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6595

Differential Revision: https://secure.phabricator.com/D10979
2014-12-12 12:02:25 -08:00
Bob Trahan
905fc217b8 Phriction - validateTransactions that need parent ancestry to complete successfully
Summary:
Fixes T6651, T6682. Since policy is defined by ancestry, you can't make things outside the core tree.

An alternative fix would be to automagically stub everything in these cases. This has potential negative policy implications - consider making a public document with several levels of depth that automagically stubs out its ancestry as public - and additionally the PhabricatorApplicationTransactionEditor framework would make this very tricky code (i.e. you are expected to validateTransactions in said hook *and* return an error if things aren't valid and not do some automagic stubbing, etc.)

Test Plan: tried to move a doc from location/that/exists to locationz/thatz/dontz/existz/ and got an error message with links to each missing doc. tried to create a doc at locatonz/thatz/dontz/existsz/ and got an error message with links to each missing doc.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6682, T6651

Differential Revision: https://secure.phabricator.com/D10978
2014-12-12 11:35:43 -08:00
Bob Trahan
dda8e64a3e Maniphest - load subscribers in getApplicationTransactionsObject
Summary: Fixes T6734. This is a very generic fix, which basically attaches the subscribers if necessary. This seems like a good idea given there's some crazy generic code doing this sort of thing? This would end up being a new pattern for these types of objects that may be loaded by a general object query but then get some editor action against them.

Test Plan: I can't actually reproduce this in my sandbox so I'll verify live again.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6734

Differential Revision: https://secure.phabricator.com/D10976
2014-12-11 11:30:33 -08:00