1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-24 15:52:41 +01:00
Commit graph

9816 commits

Author SHA1 Message Date
epriestley
532c440e84 Show a better account name in Phortune account handles
Summary: Accounts have proper names now.

Test Plan: Saw a better name on Instances view.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11766
2015-02-13 11:00:29 -08:00
epriestley
e5b402d13f Lock all reply-handler options in the upstream, plus cookie prefix
Summary:
Ref T7185. These settings shouldn't be unlocked anywhere. Specifically:

  - `reply-handler`: These are on the way out.
  - `reply-handler-domain`: Also hopefully on the way out; locked because a compromised administrator account can redirect replies.
  - `phabricator.cookie-prefix`: Not dangerous per se, but an admin could have a hard time fixing this if they changed it by accident since their session would become invalid immediately.

Test Plan: Browsed Config.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7185

Differential Revision: https://secure.phabricator.com/D11764
2015-02-13 11:00:09 -08:00
epriestley
ebebeb8f7c Upgrade "masked" config to "hidden"
Summary:
Ref T7185. We currently have "locked", "masked", and "hidden" config.

However, "masked" does not really do anything. It was intended to mask values in DarkConsole, but Config got built out instead and "hidden" is strictly better in modern usage and protects against compromised administrator accounts. "hidden" implies "locked", so it's now strictly more powerful than just locked.

Remove "masked" and upgrade all "masked" config to "hidden". In particular, this hides some API keys and secret keys much more aggressively in Config, which is desirable.

Test Plan: Browsed things like S3 API keys in config and could no longer see them.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7185

Differential Revision: https://secure.phabricator.com/D11763
2015-02-13 10:59:50 -08:00
epriestley
f74fa49636 Clean up a text string
Summary: Pretty sure this was me derping, not trying to make a joke.

Test Plan: New text makes sense.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11762
2015-02-13 07:03:09 -08:00
Bob Trahan
d39da529ca Legalpad - allow for legalpad documents to be required to be signed for using Phabricator
Summary: Fixes T7159.

Test Plan:
Created a legalpad document that needed a signature and I was required to sign it no matter what page I hit. Signed it and things worked! Added a new legalpad document and I had to sign again!

Ran unit tests and they passed!

Logged out as a user who was roadblocked into signing a bunch of stuff and it worked!

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7159

Differential Revision: https://secure.phabricator.com/D11759
2015-02-12 15:22:56 -08:00
Bob Trahan
d598edc5f3 MetaMTA - update documentation and make config a tad easier
Summary: Fixes T7088. Mainly this updates the documentation but I also snuck in tweaking how the domain reply handler is built. This does two main things -- makes the behavior consistent as some applications who didn't override this behavior would send out emails with reply tos AND makes it easier for us to deprecate the custom domain thing on a per application basis, which is just silly. On that note, the main documentation doesn't get into how this can be overridden, though I left in that mini blurb on the config setting itself. We could deprecate this harder and LOCK things if you want as well.

Test Plan: read docs, looked good. reasoned through re-factor

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7088

Differential Revision: https://secure.phabricator.com/D11725
2015-02-12 11:05:39 -08:00
Chad Little
1e94320371 Remove margin on error-view when in an object list
Summary: I feel like this got derped by recent updates, who knows.

Test Plan:
Tested a failed Project search in Projects and in Dashboards. Spacing seems correct

{F297441}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11755
2015-02-12 04:58:20 -08:00
epriestley
30b201bade Allow Home and Dashboards to be uninstalled
Summary:
Ref T7143. This is the simplest fix for adding a new route for Home, at the cost of possibly letting users break instances. However:

  - It's kind of hard to get to the option to uninstall Home anyway.
  - It's hard to imagine anyone will really uninstall Home by accident, right? Right?
  - Put a really scary warning on the action just in case.

Dashboards was only required because Home was required, I think, so just drop that too.

Test Plan: Uninstalled home.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: chad, epriestley

Maniphest Tasks: T7143

Differential Revision: https://secure.phabricator.com/D11753
2015-02-11 15:24:54 -08:00
epriestley
36494d4e2e Add a "did verify email" event to Phabricator
Summary: Ref T7152. Gives us an event hook so we can go make users a member of any instance they've been invited to as soon as they verify an email address.

Test Plan:
  - Used `bin/auth verify` to trigger the event.
  - Build out the invite flow in rSERVICES.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7152

Differential Revision: https://secure.phabricator.com/D11752
2015-02-11 14:39:06 -08:00
Bob Trahan
6b77dd8e37 Dashboards - fix optionality of SearchEngines
Summary: Ref T7234. I didn't know about this spot in D11750.

Test Plan: ..the next diff really makes this work for the T7234 scenario.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7234

Differential Revision: https://secure.phabricator.com/D11751
2015-02-11 14:08:05 -08:00
Bob Trahan
e23351ea36 Dashboards - introduce ability to optionally allow SearchEngines to be used as dashboard panels
Summary:
Ref T7234. Turns out some search engines are context specific such that they can't be bubbled up to a dashboard panel generically. The example in question is an Instance Members search, where the instance must be specified and is done so in normal codepaths but the dashboard panel stuff has no way of doing that. Ergo, just turn off these sorts of panels.

Note this code just makes it so we can turn off these sorts of panels but does not do any of that.

Test Plan:
made sure all the queries still showed up

otherwise, next diff

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7234

Differential Revision: https://secure.phabricator.com/D11750
2015-02-11 13:43:59 -08:00
epriestley
d4680a7e4e Update Phabricator to work with more modular translations
Summary:
Ref T7152. Ref T1139. This updates Phabricator so third-party libraries can translate their own stuff. Also:

  - Hide "All Caps" when not in development mode, since some users have found this a little confusing.
  - With other changes, adds a "Raw Strings" mode (development mode only).
  - Add an example silly translation to make sure the serious business flag works.
  - Add a basic British English translation.
  - Simplify handling of translation overrides.

Test Plan:
  - Flipped serious business / development on and off and saw silly/development translations drop off.
  - Switched to "All Caps" and saw all caps.
  - Switched to Very English, Wow!
  - Switched to British english and saw "colour".

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7152, T1139

Differential Revision: https://secure.phabricator.com/D11747
2015-02-11 13:02:35 -08:00
epriestley
187836b8a9 Show open setup issue keys in "title" attribute of setup issues warning
Summary:
Ref T7184. I managed to write a phantom setup issue which fails normally and succeeds when looked at carefully, so clicking "you have open issues..." always cleared them. This made it very difficult to figure out what the problem was.

Show issue keys in the "title" attribute to make this sort of thing easier to deal with.

Test Plan: Moused over "You have issues..." text, saw issue key, quickly fixed issue with new information.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7184

Differential Revision: https://secure.phabricator.com/D11743
2015-02-11 13:00:59 -08:00
Joshua Spence
2a2b47326c Fix text lint issues
Summary: Ref T5105. This is a proof-of-concept for D11458.

Test Plan: `arc lint --everything`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Maniphest Tasks: T5105

Differential Revision: https://secure.phabricator.com/D11642
2015-02-12 07:00:13 +11:00
Joshua Spence
5a20daedc7 Allow diviner books to be permanently destroyed
Summary: Fixes T7182.

Test Plan: Deleted a book with `./bin/remove destroy`

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7182

Differential Revision: https://secure.phabricator.com/D11742
2015-02-12 06:56:22 +11:00
Chad Little
edc7fcbd5a Fix outlier dashboard panel display bugs
Summary: ref T7236, should resolve all, or at least most issues.

Test Plan: Tested Legalpad, Account Activity, Feed, Maniphest, Differential, Projects, Countdown

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7236

Differential Revision: https://secure.phabricator.com/D11738
2015-02-11 07:05:28 -08:00
epriestley
7797443428 Support invites in the registration and login flow
Summary:
Ref T7152. This substantially completes the upstream login flow. Basically, we just cookie you and push you through normal registration, with slight changes:

  - All providers allow registration if you have an invite.
  - Most providers get minor text changes to say "Register" instead of "Login" or "Login or Register".
  - The Username/Password provider changes to just a "choose a username" form.
  - We show the user that they're accepting an invite, and who invited them.

Then on actual registration:

  - Accepting an invite auto-verifies the address.
  - Accepting an invite auto-approves the account.
  - Your email is set to the invite email and locked.
  - Invites get to reassign nonprimary, unverified addresses from other accounts.

But 98% of the code is the same.

Test Plan:
  - Accepted an invite.
  - Verified a new address on an existing account via invite.
  - Followed a bad invite link.
  - Tried to accept a verified invite.
  - Reassigned an email by accepting an unverified, nonprimary invite on a new account.
  - Verified that reassigns appear in the activity log.

{F291493}
{F291494}
{F291495}
{F291496}
{F291497}
{F291498}
{F291499}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7152

Differential Revision: https://secure.phabricator.com/D11737
2015-02-11 06:06:28 -08:00
epriestley
6f90fbdef8 Send emails for email invites
Summary:
Ref T7152. Ref T3554.

  - When an administrator clicks "send invites", queue tasks to send the invites.
  - Then, actually send the invites.
  - Make the links in the invites work properly.
  - Also provide `bin/worker execute` to make debugging one-off workers like this easier.
  - Clean up some UI, too.

Test Plan:
We now get as far as the exception which is a placeholder for a registration workflow.

{F291213}

{F291214}

{F291215}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3554, T7152

Differential Revision: https://secure.phabricator.com/D11736
2015-02-11 06:06:09 -08:00
epriestley
ae59760222 Add administrative invite interfaces
Summary:
Ref T7152. This implements the administrative UI for the upstream email invite workflow.

Pieces of this will be reused in Instances to implement the instance invite workflow, although some of it is probably going to be a bit copy/pastey.

This doesn't actually create or send invites yet, and they still can't be carried through registration.

Test Plan:
{F290970}

{F290971}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7152

Differential Revision: https://secure.phabricator.com/D11733
2015-02-11 06:05:53 -08:00
epriestley
a3f380a695 Make setup check groups more robust against fataling existing subclasses
Auditors: chad
2015-02-10 16:53:38 -08:00
epriestley
bdd7a35b30 Remove direct calls to LowLevelCommitQuery
Summary: Ref T2783. This cleans up some more of the direct VCS access calls. If the repository is local, this boils down to an in-process call. If not, it uses Conduit to make an intracluster request.

Test Plan: Used `reparse.php --message <commit> --trace` to observe cluster request.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T2783

Differential Revision: https://secure.phabricator.com/D11253
2015-02-10 15:58:51 -08:00
epriestley
a7814b071c Add auth.querypublickeys to retrieve public keys
Summary:
Fixes T6484. I primarily need this to synchronize device public keys in the Phabricator cluster so the new stuff in T2783 works.

Although, actually, maybe I don't really need it. But I wrote it anyway and it's desirable to have sooner or later.

Test Plan: Ran method.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6484

Differential Revision: https://secure.phabricator.com/D11163
2015-02-10 15:44:21 -08:00
Chad Little
b701313e0e Split Setup Issues into Groups
Summary: Groups setup issues into Important, PHP, MySQL, and Base for easier parsing on initial installations.

Test Plan:
Test my internal server and various issues.

{F289699}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7207

Differential Revision: https://secure.phabricator.com/D11726
2015-02-10 12:53:00 -08:00
Bob Trahan
91a1f56a4c Subversion - set minimum required version to 1.5
Summary: Fixes T7228.

Test Plan: hacked $version to be '1.4' and saw the proper error message

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7228

Differential Revision: https://secure.phabricator.com/D11732
2015-02-10 12:07:18 -08:00
Joshua Spence
d66cbff298 Rename a constant
Summary: Rename `DifferentialChangesetParser::WHITESPACE_IGNORE_FORCE` to `DifferentialChangesetParser::WHITESPACE_IGNORE_ALL` to better reflect reality.

Test Plan: Viewed a diff with various settings for the "Whitespace changes" option.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11730
2015-02-11 06:54:10 +11:00
Joshua Spence
84b0c8e6db Fix a pht method call
Summary: Ref T7046. I missed this in D11680.

Test Plan: `arc lint`

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7046

Differential Revision: https://secure.phabricator.com/D11731
2015-02-11 06:54:10 +11:00
epriestley
767397ee14 Reject objects with invalid policies instead of fataling
Summary: This is correct, but the root cause of the issue isn't very clear to me.

Test Plan: Poked around various pages which filter objects.

Reviewers: joshuaspence

Reviewed By: joshuaspence

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11727
2015-02-10 06:16:42 -08:00
Joshua Spence
aaf8d73ec7 Fix pht method calls
Summary: Ref T7046. This is mainly a proof-of-concept for D11661.

Test Plan: `arc lint`

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7046

Differential Revision: https://secure.phabricator.com/D11680
2015-02-10 18:57:45 +11:00
Joshua Spence
c66954af26 Fix a TODO
Summary: Rename `DifferentialChangesetParser::WHITESPACE_IGNORE_ALL` to `DifferentialChangesetParser::WHITESPACE_IGNORE_MOST`.

Test Plan: Browsed a diff with a few different settings for "Whitespace changes".

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11715
2015-02-10 18:37:18 +11:00
epriestley
2a0af8e299 Add email invites to Phabricator (logic only)
Summary:
Ref T7152. This builds the core of email invites and implements all the hard logic for them, covering it with a pile of tests.

There's no UI to create these yet, so users can't actually get invites (and administrators can't send them).

This stuff is a complicated mess because there are so many interactions between accounts, email addresses, email verification, email primary-ness, and user verification. However, I think I got it right and got test coverage everwhere.

The degree to which this is exception-driven is a little icky, but I think it's a reasonable way to get the testability we want while still making it hard for callers to get the flow wrong. In particular, I expect there to be at least two callers (one invite flow in the upstream, and one derived invite flow in Instances) so I believe there is merit in burying as much of this logic inside the Engine as is reasonably possible.

Test Plan: Unit tests only.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7152

Differential Revision: https://secure.phabricator.com/D11723
2015-02-09 16:12:36 -08:00
Bob Trahan
ac504f232f Projects - smooth out scenarios around renaming a project and slugs
Summary:
Fixes T7092. When you name project "Foo" which has primary hashtag "foo" to "Foobar", post this patch the hashtag "foo" gets added as a secondary hashtag. Also makes sure we don't normalize the hashtags in the query function as the wikimedia folks were hitting an issue around capitalization on the hashtag.

Note that T6909 remains "broken" in that you get an error that you can't do that, though if you just omit the additional hashtag it would work fine. I think if a fix is necessary here the best bet would be to simply detect this particular scenario and let things proceed; its a bit tricky though since its about two transactions about to be applied and how they interact with one another...

Test Plan: Made project "Foo" which has primary hashtag "foo". Renamed it to "Foobar" and verified "foo" was added as a secondary hashtag and "foobar" was the primary hashtag. Renamed it again to "Foo" and noted that the hashtags all ended up correct.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7092, T6909

Differential Revision: https://secure.phabricator.com/D11697
2015-02-09 15:48:17 -08:00
epriestley
5b1ea8c8d5 Pass instance through file transform URIs
Summary:
This makes thumbnail URIs work on instanced, CDN'd installs like Phacility cluster instances.

Some of these transforms can proabably be removed, but the underlying code to generate the transform should be cleaned up too and we have some other tasks filed elsewhere about this anyway.

Test Plan: CDN'd local install now loads thumbnails properly.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11719
2015-02-09 15:31:47 -08:00
Bob Trahan
03639a7c1e OAuth - add concept of "trusted" clients that get auto redirects
Summary: Fixes T7153.

Test Plan:
used `bin/auth trust-oauth-client` and `bin/auth untrust-oauth-client` to set the bit and verify error states.

registered via oauth with `bin/auth trust-oauth-client` set and I did not have the confirmation screen
registered via oauth with `bin/auth untrust-oauth-client` set and I did have the confirmation screen

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7153

Differential Revision: https://secure.phabricator.com/D11724
2015-02-09 14:23:49 -08:00
Joshua Spence
7cbdfbee24 Remove temporary code
Summary: I //think// Maniphest has switched to real edges now.

Test Plan: N/A

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11716
2015-02-10 08:22:23 +11:00
Joshua Spence
ddc0041e73 Remove some temporary code
Summary: I think this is safe to remove now.

Test Plan: WIP

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11717
2015-02-10 08:21:48 +11:00
Chad Little
ae7dc8b9d2 Add getGroup to ConfigOptions
Summary: Adds core and apps grouping to configuration options, makes it somewhat easier to browse config options.

Test Plan: Set each option, review list. Breakdown is nearly 50/50 apps/core.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11722
2015-02-09 13:10:56 -08:00
Joshua Spence
4af3a37d6c Minor tightening of .arclint regexs
Summary: Self-explanatory.

Test Plan: Eyeball it.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11681
2015-02-10 06:54:35 +11:00
Chad Little
cdd8dcbf17 Update InlineCommentSummary UI
Summary: Minor spring cleaning, improve the visual feel of the comments table, more consistent structure.

Test Plan:
Test multiple comments, long comments, short comments, and multiple lines.

{F282462}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: hach-que, Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11666
2015-02-09 08:38:51 -08:00
epriestley
e7c2754b69 Add support for ".woff2" resources
Summary: Ref T7210. Not sure if this fixes things, but it's definitely //an// issue.

Test Plan:
  - Not able to reproduce issue locally yet.
  - These get into the map now, at least?
  - Saw `.woff2` URIs transform in CSS.
  - Loaded a `.woff2` file.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T7210

Differential Revision: https://secure.phabricator.com/D11720
2015-02-09 08:12:47 -08:00
epriestley
74b860519d Remarkup: Correctly render inline embed layout
Summary:
The generated HTML is like `<p>some text <div …>…</div> more text</p>`, and HTML `<p/>` tags may not contain block content like `<div/>` tags. Browsers actually parse this as if it was `<p>some text </p><div …>…</div> more text<p></p>` (sic).

The layout CSS class already has `display: inline` set, but this is not sufficient. Browser's HTML parser doesn't care what CSS rules will be applied, it only deals with the meanings of tags.

Fixes T7201.

Test Plan:
Verify that the following displays the image inline:

`some text {Fnnn,layout=inline} more text`

Reviewers: chad, epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Projects: #remarkup

Maniphest Tasks: T7201

Differential Revision: https://secure.phabricator.com/D11706
2015-02-09 07:52:46 -08:00
Chad Little
fce178caf2 Add bigtext option to PHUIActionPanelView
Summary: Adds option for setting large text instead of icons. Adds success state.

Test Plan:
Built some more examples.

{F286388}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11710
2015-02-09 07:27:54 -08:00
Chad Little
1d05861fb3 PHUIActionPanelView
Summary: Super duper sized panels for singluar actions.

Test Plan:
UIExamples, will need more testing in Phacility.

{F286098}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11709
2015-02-07 17:06:28 -08:00
epriestley
8c568d88d7 Reduce severity of auth provider warning
Summary:
Ref T7208. Now that we have approvals (new installs are safe by default), take those into account when generating this warning.

Try to soften the warning to cover the case discussed in T7208, hopefully without requiring additional measures.

Test Plan:
{F286014}

{F286015}

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T7208

Differential Revision: https://secure.phabricator.com/D11708
2015-02-07 14:45:27 -08:00
Chad Little
272ce408dc Clean up authentication list
Summary: Uses more standard boxes for display, and icons!

Test Plan:
Test with all enabled, all disabled, and a mix.

{F285945}

{F285946}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11707
2015-02-07 10:46:30 -08:00
Bob Trahan
eee8d194eb OAuthServer - default "whoami" scope and refine scope-asking workflow
Summary: Ref T7153. The "whoami" scope should be default and always on, because otherwise we can't do anything at all. Also, if a client doesn't want a certain scope, don't bother asking the user for it. To get there, had to add "scope" to the definition of a client.

Test Plan: applied the patch to a phabricator "client" and a phabricator "server" as far as oauth shenanigans go. Then I tried to login / register with oauth. If the "client" was configured to ask for "always on" access I got that in the dialogue, and otherwise no additional scope questions were present. Verified scope was properly granted in either case.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7153

Differential Revision: https://secure.phabricator.com/D11705
2015-02-06 15:32:55 -08:00
Eric
28b23fd789 Use --hex-blob flag in bin/storage dump
Summary: mysqldump output can end up having weird encoding issues when raw BLOBs are in the output, preventing the backup restoration from succeeding. This hex-encodes blobs in the dump from the backup workflow causing the output file to only contain ASCII and ensure imports are successful.

Test Plan: Had issues restoring a backup from the original `mysqldump` command issued by this workflow. Ran the same command with this flag added and I was able to restore the backup.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11704
2015-02-06 12:56:23 -08:00
Bob Trahan
472f316bbd Auth - allow for "auto login" providers
Summary: Ref T7153. I am not sure if this is 100% correct because sometimes you have to POST vs GET and I don't know if the redirect response will / can do the right thing? I think options to fix this would be to 1) restrict this functionality to JUST the Phabricator OAuth provider type or 2) something really fancy with an HTTP(S) future.  The other rub right now is when you logout you get half auto-logged in again... Thoughts on that?

Test Plan: setup my local instance to JUST have phabricator oauth available to login. was presented with the dialog automagically...!

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7153

Differential Revision: https://secure.phabricator.com/D11701
2015-02-06 10:50:36 -08:00
Bob Trahan
345966cb41 People - refine permissions on creating new users
Summary: Fixes T7142. Make old permission mean "make (non-bot) users" and then nuance the UI for those administrators who can make bot accounts.

Test Plan: loaded up admin a with full powers and admin b with restricted powers. noted admin a could make a full user. noted admin b could not make a full user. noted admin b got an error even via clever uri hacking.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7142

Differential Revision: https://secure.phabricator.com/D11702
2015-02-05 16:47:09 -08:00
epriestley
57f1ab705e Correct private key permissions before extracting public key in bin/almanac register
Summary: `ssh-keygen` declines to run on a too-public key. Write the correctly-restricted key a little earlier in the workflow.

Test Plan:
```
epriestley@orbital ~/dev/phabricator $ chmod 644 ~/dev/core/conf/keys/daemon.key
epriestley@orbital ~/dev/phabricator $ ./bin/almanac register --private-key ~/dev/core/conf/keys/daemon.key --identify-as local.phacility.net --device daemon.phacility.net --force --allow-key-reuse
Installing public key...
Installing private key...
Installing device ID...
 HOST REGISTERED  This host has been registered as "local.phacility.net" and a trusted keypair has been installed.
epriestley@orbital ~/dev/phabricator $
```

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11700
2015-02-05 14:09:15 -08:00
epriestley
74ea59235a Make the "daemons and web have different config" warning more specific
Summary:
I'm hitting this in the cluster and couldn't figure it out after staring at it for a couple minutes. Produce a better error.

This dumps a hash of each configuration key value which is set to a non-default value into the daemon log. This is much more compact than the full config, and doesn't spread secrets around, so it seems like a good balance between providing information and going crazy with it.

Test Plan: {F284139}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11699
2015-02-05 14:07:35 -08:00