1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-26 23:40:57 +01:00
Commit graph

120 commits

Author SHA1 Message Date
epriestley
dba4c4bdf6 Emit a "Content-Security-Policy" HTTP header
Summary:
See PHI399. Ref T4340. This header provides an additional layer of protection against various attacks, including XSS attacks which embed inline `<script ...>` or `onhover="..."` content into the document.

**style-src**: The "unsafe-inline" directive affects both `style="..."` and `<style>`. We use a lot of `style="..."`, some very legitimately, so we can't realistically get away from this any time soon. We only use one `<style>` (for monospaced font preferences) but can't disable `<style>` without disabling `style="..."`.

**img-src**: We use "data:" URIs to inline small images into CSS, and there's a significant performance benefit from doing this. There doesn't seem to be a way to allow "data" URIs in CSS without allowing them in the document itself.

**script-src** and **frame-src**: For a small number of flows (Recaptcha, Stripe) we embed external javascript, some of which embeds child elements (or additional resources) into the document. We now whitelist these narrowly on the respective pages.

This won't work with Quicksand, so I've blacklisted it for now.

**connect-src**: We need to include `'self'` for AJAX to work, and any websocket URIs.

**Clickjacking**: We now have three layers of protection:

  - X-Frame-Options: works in older browsers.
  - `frame-ancestors 'none'`: does the same thing.
  - Explicit framebust in JX.Stratcom after initialization: works in ancient IE.

We could probably drop the explicit framebust but it wasn't difficult to retain.

**script tags**: We previously used an inline `<script>` tag to start Javelin. I've moved this to `<data data-javelin-init ...>` tags, which seems to work properly.

**`__DEV__`**: We previously used an inline `<script>` tag to set the `__DEV__` mode flag. I tried using the "initialization" tags for this, but they fire too late. I moved it to `<html data-developer-mode="1">`, which seems OK everywhere.

**CSP Scope**: Only the CSP header on the original request appears to matter -- you can't refine the scope by emitting headers on CSS/JS. To reduce confusion, I disabled the headers on those response types. More headers could be disabled, although we're likely already deep in the land of diminishing returns.

**Initialization**: The initialization sequence has changed slightly. Previously, we waited for the <script> in bottom of the document to evaluate. Now, we go fishing for tags when domcontentready fires.

Test Plan:
  - Browsed around in Firefox, Safari and Chrome looking for console warnings. Interacted with various Javascript behaviors. Enabled Quicksand.
  - Disabled all the framebusting, launched a clickjacking attack, verified that each layer of protection is individually effective.
  - Verified that the XHProf iframe in Darkconsole and the PHPAST frame layout work properly.
  - Enabled notifications, verified no complaints about connecting to Aphlict.
  - Hit `__DEV__` mode warnings based on the new data attribute.
  - Tried to do sketchy stuff with `data:` URIs and SVGs. This works but doesn't seem to be able to do anything dangerous.
  - Went through the Stripe and Recaptcha workflows.
  - Dumped and examined the CSP headers with `curl`, etc.
  - Added a raw <script> tag to a page (as though I'd found an XSS attack), verified it was no longer executed.

Maniphest Tasks: T4340

Differential Revision: https://secure.phabricator.com/D19143
2018-02-27 10:17:30 -08:00
epriestley
aba209e999 Hide the Differential scroll objective list on trackpad systems
Summary:
Ref T12733. In the longer run I'd like to just push this out from the edge, but that currently gets us into trouble since we start bumping into content. On my system, the trackpad scrollbar also expands in size when moused over, so the minimum number of pixels we need to push it out is approximatley 15px. This hits body content and the persistent chat.

For now, just disable this element on trackpad systems.

Test Plan:
Disconnected all USB peripherals, quit and relaunched Safari, saw no objective list.

Reconnected mouse, relaunched Safari, saw objective list.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T12733

Differential Revision: https://secure.phabricator.com/D17974
2017-05-20 07:56:21 -07:00
epriestley
51df02821b Move the "select a line range" inline code to DiffInline
Summary: Ref T12616. This makes line range selection use the new code, and removes the remainder of the old "hover a line number" / "select a line range" code.

Test Plan: Hovered line numbers; selected line ranges.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T12616

Differential Revision: https://secure.phabricator.com/D17927
2017-05-17 08:41:26 -07:00
epriestley
8fdc1bff5f When disconnected from Aphlict after a successful connection, retry the first reconnect right away
Summary:
Fixes T12567. We currently retry after 2s, 4s, 8s, 16s, ...

If we connected cleanly once, retry the first time right away. There are a bunch of reasonable cases where this will work fine and we don't need to wait. Then we fall back: 0s, 2s, 4s, 8s, ...

Test Plan: {F4911905}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T12567

Differential Revision: https://secure.phabricator.com/D17706
2017-04-17 15:53:29 -07:00
epriestley
1212047843 Add a "Reconnect" debugging action and show reconnect delays in the console
Summary: Ref T12568. Ref T12567. Allows you to force a reconnect, and shows the reconnect delay on connection close/failure.

Test Plan: {F4911879}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T12568, T12567

Differential Revision: https://secure.phabricator.com/D17705
2017-04-17 15:51:24 -07:00
epriestley
28c68eb4fd Decrease JX.Leader lease duration from 16,000ms to 1,500ms and usurp more aggressively
Summary:
Ref T12573. `JX.Leader` synchronizes the Aphlict connection across multiple windows.

Currently, we only test to see if the leader window has been closed every 16 seconds. Instead, test every 1.5 seconds.

Also, make windows keep trying to become the leader forever. This was removed previously (in D15806) but I think that change decreased robustness here.

Test Plan:
  - Opened two windows to the "Realtime" tab in DarkConsole.
  - Saw one become the leader and one become a follower.
  - (Optionally, wait for 10 seconds here to test the "keep trying to become the leader" behavior.)
  - Closed the leader.
  - Saw the follower become the leader after ~1.5 seconds.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T12573

Differential Revision: https://secure.phabricator.com/D17703
2017-04-17 15:48:47 -07:00
epriestley
b02f64f6ee Make project token sorting and normalization a little less hacky
Summary:
Ref T8510. Use "\n" as a delimiter between name sections. Specifically, project "AAA" with tag "zzz" should be a better match for query "AAA" than project "AAA BBB" is.

Make use of this delimiter slighlty more obvious in the UI.

Test Plan:
  - Created projects "Phacility" and "Phacility Core Access".
  - Typed "Phacility".
  - Before patch: first hit is "Phacility Core Access".
  - After patch: first hit is "Phacility".
  - Viewed debugging output table, saw visual explanation of behavior.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T8510

Differential Revision: https://secure.phabricator.com/D16886
2016-11-17 08:02:23 -08:00
epriestley
9a10413dbc Improve typeahead behavior with mixed-case matches
Summary:
Ref T8510. We had two issues with mixed-case result sorting, like typing `@joe` to match user `Joe`.

  - The fallback sort was not normalized properly, so "J" could sort after "j". Instead, normalize values for sorting.
  - The `prefix_hits` and older `priority_hits` mechanisms were competing destructively. The `prefix_hits` mechanism completely replaces the `priority_hits` mechanism. Instead, use only the `prefix_hits` mechanism.

Test Plan:
  - Copied results for "joe" from WMF.
  - Hard-coded the controller to return them.
  - Searched for `@joe`.
  - After patches, first hit is user "Joe".

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T8510

Differential Revision: https://secure.phabricator.com/D16826
2016-11-08 11:50:15 -08:00
epriestley
3198aa1659 Allow dialogs to opt in to being resizable
Summary: Ref T11034. Ref T4788. This allows you to resize the typeahead browse dialog if you want. I plan to let you resize the object selector dialog in the future.

Test Plan: {F1695433}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4788, T11034

Differential Revision: https://secure.phabricator.com/D16156
2016-06-20 19:13:58 -07:00
epriestley
ad0562e15e Improve some typeahead matching behaviors
Summary:
Ref T8510. Sort prefix matches above non-prefix matches, so that "Ape Discovery" does not match "discovery" better than "Discovery".

Sort functions last.

Rename function internal strings so they don't get over-promoted the prefix-match rules.

Add kind of a hack to get "Project X" sorting above all the "Project X (Milestone 1)" results.

Test Plan:
Created "Ape Discovery", "Baboon Discovery", "Chimpanzee Discovery", etc.

Main project now sorts above milestones:

{F1681773}

Prefix matches now sort above other matches:

{F1681774}

Function results (rarely used) are now less prominent:

{F1681775}

Better function results here:

{F1681776}

More function results:

{F1681777}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T8510

Differential Revision: https://secure.phabricator.com/D16094
2016-06-09 13:22:34 -07:00
epriestley
f2c36a934e Provide an <input type="file"> control in Remarkup for mobile and users with esoteric windowing systems
Summary:
Ref T5187. This definitely feels a bit flimsy and I'm going to hold it until I cut the release since it changes a couple of things about Workflow in general, but it seems to work OK and most of it is fine.

The intent is described in T5187#176236.

In practice, most of that works like I describe, then the `phui-file-upload` behavior gets some weird glue to figure out if the input is part of the form. Not the most elegant system, but I think it'll hold until we come up with many reasons to write a lot more Javascript.

Test Plan:
Used both drag-and-drop and the upload dialog to upload files in Safari, Firefox and Chrome.

{F1653716}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T5187

Differential Revision: https://secure.phabricator.com/D15953
2016-05-20 16:24:22 -07:00
epriestley
58b55c2fa6 Probably improve behavior around duplicate notifications
Summary:
We're sometimes getting duplicate notifications right now. I think this is because multiple windows are racing and becoming leaders.

Clean this up a little:

  - Fix the `timeoout` typo.
  - Only try to usurp once.
  - Use different usurp and expire delays, so we don't fire them at the exact same time.

Not sure if this'll work or not but it should theoretically be a little cleaner.

Test Plan:
  - Quit Safari, reopened Safari, still saw a fast reconnect to the notification server (this is the goal of usurping).
  - Did normal notification stuff like opening a chat in two windows, got notifications.
  - Hard to reproduce the race for sure, but this at least fixes the outright `timeoout` bug.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D15806
2016-04-27 03:56:55 -07:00
epriestley
2930733ac9 Complete modernization of Aphlict configuration
Summary:
Fixes T10697. This finishes bringing the rest of the config up to cluster power levels.

Phabricator is now given an arbitrarily long list of notification servers.

Each Aphlict server is given an arbitrarily long list of ports to run services on.

Users are free to make them meet in the middle by proxying whatever they want to whatever else they want.

This should also accommodate clustering fairly easily in the future.

Also rewrote the status UI and changed a million other things. 🐗

Test Plan:
{F1217864}

{F1217865}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10697

Differential Revision: https://secure.phabricator.com/D15703
2016-04-14 04:57:00 -07:00
epriestley
c286d2b441 Don't try to center dialogs horizontally
Summary:
Fixes T10302. I think we had fixed-width dialog containers in the past (?) but they all handle their own centering now.

This was causing them to be slightly off-center as a result, and creating the 7px issue in T10302.

Test Plan:
  - Viewed a wide dialog (task edit).
  - Viewed a narrow dialog (notification dismissal confirmation).
  - Viewed dialogs on wide/narrow screens.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10302

Differential Revision: https://secure.phabricator.com/D15529
2016-03-26 12:29:36 -07:00
epriestley
bf43d4cf2a Don't mutate DOM on touch-originated cursor events in Differential
Summary:
Fixes T10229. Broadly:

  - When the user hovers over a line number or inline comment, we update the yellow reticle to highlight the relevant lines. Specifically, this is in response to a `mouseover` event.
  - On touch devices, touches fire `mouseover` and if you mutate the DOM inside the event, the device aborts the touch.

To remedy this:

  - Distingiush between mouse-originated and touch-originated cursor events.
    - We do this, roughly, by setting a flag when we see "touchstart", and clearing it when we see the second copy of any unique cursor event.
    - This method is complex, but should be robust to any implementation differences between devices (for example, it will work no matter which order the events are fired in).
    - This method should also produce the correct results on weird devices that have both mouse-devices and touch-devices available for cursor input.
  - When we see a touch-originated `mouseover` or `mouseout`, don't mutate the DOM.
  - Put an extra DOM mutation into the `click` event to improve highlighting behavior on touch devices.

Test Plan:
  - In iOS Simulator (4s, iOS 9.2), clicked various inline actions ("Reply", "Hide", "Done", "Cancel", line numbers, etc). Got responses after a single touch.
  - Verified hover + click behavior on a desktop.
  - Logged and examined a bunch of events as a general sanity check.

Reviewers: chad

Reviewed By: chad

Subscribers: aljungberg

Maniphest Tasks: T10229

Differential Revision: https://secure.phabricator.com/D15136
2016-01-29 06:55:41 -08:00
epriestley
75b8d3312b Hide the autocompleter intelligently when you ignore it and keep typing
Summary:
Ref T10163. When we think the user has finished typing a word (because they typed a space, period, or other similar characters) and nothing else they might type could possibly change the outcome (usually because the words they have typed already match nothing), just deactivate the autocomplete.

As a special case, if the word they have typed already select exactly one result, //and// they have already typed exactly that result,  assume they just typed it from memory and deactivate.

Test Plan:
  - Typed `@dog qwer zxcv` and saw autocomplete deactivate on the space before `z` (on my local install, `@dog` is ambiguous but `@dog qwer` matches nothing).
  - Typed `@epriestley ` and saw autocomplete deactivate on space.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10163

Differential Revision: https://secure.phabricator.com/D15039
2016-01-16 14:41:43 -08:00
epriestley
a07a06ab08 Give custom controls passable disabled states
Summary: Fixes T9871. Ref T10004. These won't win any awards but it fixes them being incredibly weird and confusing.

Test Plan:
{F1029090}

  - Tried to use controls, got reasonable behavior.
  - Used normal controls to make sure I didn't break anything.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9871, T10004

Differential Revision: https://secure.phabricator.com/D14814
2015-12-17 15:13:28 -08:00
epriestley
e869e7df0b When logged-out users hit a "Login Required" dialog, try to choose a better "next" URI
Summary:
Ref T10004. After a user logs in, we send them to the "next" URI cookie if there is one, but currently don't always do a very good job of selecting a "next" URI, especially if they tried to do something with a dialog before being asked to log in.

In particular, if a logged-out user clicks an action like "Edit Blocking Tasks" on a Maniphest task, the default behavior is to send them to the standalone page for that dialog after they log in. This can be pretty confusing.

See T2691 and D6416 for earlier efforts here. At that time, we added a mechanism to //manually// override the default behavior, and fixed the most common links. This worked, but I'd like to fix the //default// beahvior so we don't need to remember to `setObjectURI()` correctly all over the place.

ApplicationEditor has also introduced new cases which are more difficult to get right. While we could get them right by using the override and being careful about things, this also motivates fixing the default behavior.

Finally, we have better tools for fixing the default behavior now than we did in 2013.

Instead of using manual overrides, have JS include an "X-Phabricator-Via" header in Ajax requests. This is basically like a referrer header, and will contain the page the user's browser is on.

In essentially every case, this should be a very good place (and often the best place) to send them after login. For all pages currently using `setObjectURI()`, it should produce the same behavior by default.

I'll remove the `setObjectURI()` mechanism in the next diff.

Test Plan: Clicked various workflow actions while logged out, saw "next" get set to a reasonable value, was redirected to a sensible, non-confusing page after login (the page with whatever button I clicked on it).

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10004

Differential Revision: https://secure.phabricator.com/D14804
2015-12-17 08:30:03 -08:00
epriestley
29e2acd525 Have "limit=1" tokenizers replace tokens instead of disabling "Browse"
Summary:
Fixes T9984. When a tokenizer only allows one selection (like "Task Owner:" or "Land Onto Branch:"), keep the browse button active but have it //replace// values.

Also, have "Create Subtask" default to the system default status, so subtasks of closed tasks are not also closed.

Test Plan:
  - Browsed an empty limit=1 tokenizer.
  - Replaced a full limit=1 tokenizer.
  - Browsed an empty no-limit tokenizer.
  - Browsed more tokens into the no-limit tokenizer.
  - Typed some tokens normally.
  - Created a subtask of a closed task.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9984

Differential Revision: https://secure.phabricator.com/D14785
2015-12-14 15:29:42 -08:00
epriestley
3680d959dd Disable tokenizer "Browse" button once tokenizer is full
Summary: Ref T7858. Don't let users add multiple values to single-value tokenizers by using the "Browse" button.

Test Plan:
  - Added a token, browse button was disabled.
  - Removed the token, browse button was enabled again.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T7858

Differential Revision: https://secure.phabricator.com/D14738
2015-12-10 17:50:05 -08:00
epriestley
fe66d52a22 Don't copy null attributes passed to JX.$N()
Summary:
Fixes T8919. In Safari, `node.href = null;` has no effect, but in Chrome it is like `node.href = "null";`.

Instead, just use semantics similar to `phutil_tag()`: don't assign attributes with `null` values.

Test Plan:
No more `/null` href in Chrome in Owners typehaead.

Typeahead still works in Chrome/Safari.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T8919

Differential Revision: https://secure.phabricator.com/D14021
2015-08-31 15:52:04 -07:00
Joshua Spence
445caf1d97 Change monospace text formatting
Summary: Using `##` can cause some formatting issues, see D13071.

Test Plan: See D13071.

Reviewers: epriestley, #blessed_reviewers, chad

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D13072
2015-05-31 10:07:45 +10:00
Aviv Eyal
1aa8bc319b Search symbols by ctrl/cmd-click
Summary:
Refs T8302.
V1 of the implementation. This replaces the previous mode, but I guess there's no real reason we can't have
some symbols always clickable and the rest require modifier.

I'm also a little concerned about discoverability; Holding down ctrl/cmd will make the cursor change, so there's
some hint that something might be up, but that's probably not obvious enough.

Test Plan:
Tested in diffusion and differential and differential comments on:
- Windows/Chrome,
- Windows/IE 11
- LInux/Firefox 38
- Mac/Chrome
- Mac/Safari

Reviewers: chad, epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley, joshuaspence

Maniphest Tasks: T8302

Differential Revision: https://secure.phabricator.com/D13034
2015-05-28 15:33:06 -07:00
lkassianik
6b1d13bfaf Time control typeaheads.
Summary: Ref T8031, Time control typeaheads

Test Plan: Edit an event, type '3', typeahead should suggest, '3:00 AM', '3:30 AM', '3:00 PM', '3:30 PM'.

Reviewers: chad, epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Maniphest Tasks: T8031

Differential Revision: https://secure.phabricator.com/D12953
2015-05-20 09:51:26 -07:00
epriestley
c94bd8e4f2 Stop using JX.Scrollbar for main page content
Summary:
Ref T8151. This is option (5). It needs a few adjustments but feels pretty good. Major issues are:

  - Without a mouse, the scrollbars overlap by default, so we //must// move the column off the right margin.
  - Scrolling sometimes "bleeds" between the chat vs the main frame in a way that's not as discrete as the old framed content, but feels generally reasonable to me.

If we pursue this, I'd plan to make these additional changes:

  - Move the panel away from the right margin only if the page scrollbars are zero-width (i.e., in OSX trackpad mode).
  - Fix the notch in the upper right corner when the chat is moved away from the right margin.
  - Probably remove the body "overflow-y: scroll" on Conpherence and Workboards.
  - Update the resizing code to deal with 300px vs 315px widths.
  - We can probably clean up some JX.Scrollbar "main panel" code.

Here's the "bad" case, where I've visually separated the column to provide room for a scrollbar. This isn't ideal, but looks and feels OK to me:

{F398375}

Test Plan:
  - Tried Firefox, Chrome, Safari, with and without a mouse.
  - Tried normal Conpherence.

Reviewers: btrahan, chad

Reviewed By: btrahan

Subscribers: avivey, epriestley

Maniphest Tasks: T8151

Differential Revision: https://secure.phabricator.com/D12789
2015-05-11 12:02:00 -07:00
Bob Trahan
5520dbfac6 Quicksand and Pholio - make mock edit work
Summary: Fixes T8036. In addition to making the mock edit work, this tightens quicksand code such that the correct page id is returned even if start() has not been called yet. It also tightens mock view where some functions should respect statics.enabled a bit more.

Test Plan:
clicked edit mock, mock crumb, edit mock, mock crum, edit mock, made edits and they worked! clicked edit mock, mock crumb, edit mock, mock crumb, edit mock, profile icon, hit browser back to edit mock, made edits and they worked!

also observed mock view page not occasionally wigging out from image_onload race not having statics.enabled respect during the above

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T8036

Differential Revision: https://secure.phabricator.com/D12739
2015-05-07 10:42:07 -07:00
Bob Trahan
1db79044b5 Quicksand - fix toggle behavior to work with quicksand
Summary:
Fixes T7919. This is a pretty generic toggle behavior. Make it quicksand ready by making it install only once and swallow the regular "click" event so the quicksand "click" event doesn't get funky with it.

Also fixes a bug in Quicksand that I discovered developing / testing this feature. We have to update the internal member variable to be better than 0 similarly to how id works. So do that.

Test Plan: went to phriction, toggled menu open, clicked home, clicked phriction and toggled menu again. Went back in history and noted menu was left to toggle state I previously had it. (currently a feature, not a bug)

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7919

Differential Revision: https://secure.phabricator.com/D12708
2015-05-04 14:38:50 -07:00
Bob Trahan
6575cc568d Quicksand - fix spooky back button issue
Summary: Fixes T7911.

Test Plan:
 - load a page
 - click something else
 - go back to original page via clicking
 - browser refresh
 - click something else
 - browser back -- and it now works!

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7911

Differential Revision: https://secure.phabricator.com/D12603
2015-04-28 17:20:32 -07:00
Bob Trahan
00f864b359 Quicksand - fix project board page and quicksand
Summary: Fixes T7913. Collapse the separate board dropdown into the board projects behavior; we always need that anyway and now we can install the listener more granularly.

Test Plan:
 - visted project board
 - invoked create task, cancelled dialog
 - visited project feed
 - visited project board
 - invoked create task, cancelled dialog (FAILED pre patch...!)

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7913

Differential Revision: https://secure.phabricator.com/D12599
2015-04-28 14:51:49 -07:00
epriestley
ccd6770a09 Fix an issue where "Browse > Select" did not work for dynamic tokenizers
Summary:
Ref T4100. In Herald, using the browse dialog to select a result didn't work because we'd add the token with no name value. Other things would render it elsewhere, but it would eventaully be discarded.

Instead, add it with a name value.

Test Plan: Edited a Herald rule and used Browse > Select to add a token. Saved rule. Saw token persist.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4100

Differential Revision: https://secure.phabricator.com/D12529
2015-04-23 11:49:34 -07:00
Bob Trahan
dd9ec255ec Quicksand - make notification and message counts update as you navigate around
Summary: Ref T7573. Unify code to fetch these counts and do some light formatting since we're going to need to do the same thing for some conpherence-specific ajax in the durable column (See T7708).

Test Plan: loaded up two tabs, one with a durable column on and one without. in the without browser, i read some messages, decrementing my unread count. when i navigated again in the durable column browser, the count updated correctly. with no notifications, commented on a task with another user to get a notification and it showed up properly. visited the task by clicking not the notification and the bubble count decremented correctly

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7573

Differential Revision: https://secure.phabricator.com/D12498
2015-04-21 15:46:36 -07:00
Bob Trahan
2fab72d43b Quicksand - update title while navigating about
Summary: Fixes T7744. Also fixes a bug where we were copying the response object erroneously; that's not necessary to move around since we cleanly initialize it for each load

Test Plan: from user profile, clicked feed tab and saw new title. clicked calendar tab and saw new title. clicked back and saw feed title and page render.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7744

Differential Revision: https://secure.phabricator.com/D12487
2015-04-21 11:01:05 -07:00
epriestley
1602858b26 Possible fix for JX.History spookiness?
Summary: Ref T7573. I only got this reproducing like 10% of the time in Firefox but I can't reproduce it anymore after this change.

Test Plan:
  - Added some logging.
  - Saw Firefox handing us nonsense state values (?)
  - Read the Firefox documentation?
  - Maybe state is expected to be an object? This shouldn't matter?
  - I don't really know?

iiam

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7573

Differential Revision: https://secure.phabricator.com/D12485
2015-04-20 16:41:19 -07:00
Bob Trahan
4d5badeec0 Quicksand - provide some plumbing for fancier updates
Summary: Ref D12448. Ref T7573. This changes quicksand up a bit so rather than caching just rendered HTML we also cache the initial response from the server. We also fire off a quicksand-redraw event which will let things like the page objects for notifications update correctly while using Quicksand (see D12448).

Test Plan: loaded up /p/btrahan/  Clicked the UI elements to navigate to various profile views up to maniphest. clicked back until back at /p/btrahan/ and it worked. clicked forward until all the way back to maniphest and it worked. clicked back 2x, then clicked new links, then back and it worked

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7573

Differential Revision: https://secure.phabricator.com/D12449
2015-04-20 15:44:14 -07:00
Chad Little
ca388d95fd Make the browse button on the tokenizer, be on the tokenizer
Summary: Moves the Browse... button into a Search Icon on the actual tokenizer. I played with a number of icon treatments, and Search seems to convey the right attribute, other things like lists and menus didn't quite feel right to me, but feel free to push back if you hate search.

Test Plan:
Tested lots of tokens, little tokens, small screens, etc.

{F375467}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D12452
2015-04-18 10:58:50 -07:00
epriestley
76448a75de Make token UI stronger and more consistent
Summary:
Ref T4100. Overall:

  - Use token background color to communicate token type (blue = object, yellow = function, grey = disabled/closed, red = invalid).
  - Use token icon color to make color choices consistent (specifically, use project icon colors in project tokens).
  - For functions, use token icon to communicate function result type (e.g., viewer() has a user icon; members(...) has a group icon), since we don't need the icon to indicate "this is a function" anymore.

Test Plan:
{F374615}
{F374616}
{F374617}

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4100

Differential Revision: https://secure.phabricator.com/D12446
2015-04-17 11:06:58 -07:00
epriestley
845466b49b Implement viewer() and members(project) typeahead functions
Summary:
Ref T4100. This is still a bit rough around the edges, but mostly does what we're after.

  - Implements viewer() and members(...) functions.
  - The new browse workflow makes these discoverable.

Test Plan: {F374201}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: chad, epriestley

Maniphest Tasks: T4100

Differential Revision: https://secure.phabricator.com/D12444
2015-04-17 11:06:58 -07:00
epriestley
a4261f41c2 Make browse action available for dynamic/JS-driven tokenizers
Summary: Ref T5750. This makes browse work for all of the dynamic tokenizers in Herald, Policies, batch editor, etc.

Test Plan: Used tokenizers in Herald, Policies, Batch editor.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5750

Differential Revision: https://secure.phabricator.com/D12442
2015-04-17 11:06:58 -07:00
epriestley
a641601407 Implement a rough browse view for tokenizers
Summary: Ref T5750. This adds a basic browse view. Design is a bit rough, see T7841 for some screenshots.

Test Plan: Used browse view to add tokens to tokenizers.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5750

Differential Revision: https://secure.phabricator.com/D12441
2015-04-17 11:06:58 -07:00
epriestley
b40a84c92f Clean up some Conpherence beahviors with a mouse
Summary:
Fixes T7825. If JX.Scrollbar activates, we sometimes target the wrong node.

(We don't have this issue in the column because it rebuilds a new JX.Scrollbar every time.)

Test Plan:
  - Sent messages, no spooky text.
  - Loaded page, got scroll to bottom.
  - Unplugged all USB devices, restarted browser, repeated.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T7825

Differential Revision: https://secure.phabricator.com/D12413
2015-04-14 13:04:22 -07:00
epriestley
d9d0daecd7 Scroll the chat column to the bottom when images load
Summary:
Fixes T7558. This might not be 100% perfect but should solve most of the issue.

I briefly looked at things like `MutationObserver` (some fancy next-gen browser junk) but couldn't immediately get it working.

Other methods for handling this kind of thing involve polling, complicated polyfills, etc. We could give `MutationObserver` a more serious effort if this is too leaky.

Test Plan:
  - In a thread with some images, reloaded the page and saw the scrollbar stay at the bottom.
  - Tested with and without USB devices attached.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T7558

Differential Revision: https://secure.phabricator.com/D12191
2015-03-28 08:35:12 -07:00
epriestley
ad1bed136c Fix an issue with returning to a the initial page in Quicksand
Summary: Fixes T7058. We weren't propagating `state` properly so some other code ended up doing the wrong thing.

Test Plan:
  - Clicked from Home -> Anything -> Home under Quicksand, saw reloads with no double requests.
  - Used "back", saw back button work properly.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T7058

Differential Revision: https://secure.phabricator.com/D12190
2015-03-28 07:38:14 -07:00
epriestley
e5580d038d Improve Conpherence column textarea JS behaviors
Summary:
  - Don't show a loading state on the whole column while sending chat. We could show some kind of minor loading state, but standard JX.Busy stuff will kick in after a couple seconds anyway.
  - Blank the textarea immediately on submit so you can start typing more text.
  - Don't disable the form while submiting; disabling it prevents you from typing more text.
  - Hide the placeholder while the textarea is focused. If we don't do this, the placeholder reappearing after submitting text feels weird to me.

Test Plan:
  - Sent a lot of text.
  - Real fast.
  - Focused and unfocused the area.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D12086
2015-03-14 12:00:17 -07:00
epriestley
6fa507987d Generalize URI pattern blacklist for Quicksand
Summary:
Fixes T7060. Removes some hard-coding.

This assumes that "pages with no durable column" and "pages with no Quicksand" are the same, but that's correct today and I can't come up with a use case where they'd be different offhand.

Test Plan:
  - Clicked a revision with column open, got Quicksand navigation.
  - Clicked into Conpherence with column open, got real navigation.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7060

Differential Revision: https://secure.phabricator.com/D12036
2015-03-10 15:32:15 -07:00
epriestley
5afa2c3b62 Add support for playing sounds
Summary:
Ref T5369. New HTML5 version without flash dependencies.

This doesn't play any sounds.

Test Plan: Did not play any sounds.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: joshuaspence, epriestley

Maniphest Tasks: T5369

Differential Revision: https://secure.phabricator.com/D9535
2015-03-10 14:20:00 -07:00
Bob Trahan
10f1692b1b Conpherence - more threadManager stuff and get scrolling working
Summary: Ref T7014. The main conpherence view is kind of broken without this in subtle ways because of /conpherence/ versus /conpherence/x/ init'ing things differently; this fixes that. Moves more normal view conpherence logic into threadManager. Makes all the display code happen outside of threadManager, setting us up for some display manager later maybe.

Test Plan: sent messages, updated title, etc and the messages pane auto scrolled correctly!

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7014

Differential Revision: https://secure.phabricator.com/D12035
2015-03-10 13:53:30 -07:00
epriestley
b8ed980d3d Fix scrollbar being cut off at end of gutter
Summary:
The "mlb" on the left nav creates a phantom bottom margin which gives the content measurable height but not scrollable height. Replace it with "plb" (padding) instead.

The 2px-spacer calculation was also not quite correct.

Test Plan:
  - Viewed pages with navs; padding vs margin didn't seem to make any other differences.
  - Scrollbar now stops in the right place in Safari, Chrome, Firefox.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D12007
2015-03-07 09:53:58 -08:00
epriestley
ebcab8edb6 Namespace Aphlict clients by request path, plus other fixes
Summary:
Fixes T7130. Fixes T7041. Fixes T7012.

Major change here is partitioning clients. In the Phacility cluster, being able to get a huge pile of instances on a single server -- without needing to run a process per instance -- is desirable.

To accomplish this, just bucket clients by the path they connect with. This will let us set client URIs to `/instancename/` and then route connections to a small set of servers. This degrades cleanly in the common case and has no effect on installs which don't do instancing.

Also fix two unrelated issues:

  - Fix the timeouts, which were incorrectly initializing in `open()` (which is called during reconnect, causing them to reset every time). Instead, initialize in the constructor. Cap timeout at 5 minutes.
  - Probably fix subscriptions, which were using a property with an object definition. Since this is by-ref, all concrete instances of the object share the same property, so all users would be subscribed to everything. Probably.

Test Plan:
  - Hit notification status page, saw version bump and instance/path name.
  - Saw instance/path name in client and server logs.
  - Stopped server, saw reconnects after 2, 4, 16, ... seconds.
  - Sent test notification; received test notification.
  - Didn't explicitly test the subscription thing but it should be obvious by looking at `/notification/status/` shortly after a push.

Reviewers: joshuaspence, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7041, T7012, T7130

Differential Revision: https://secure.phabricator.com/D11769
2015-02-16 11:31:15 -08:00
Joshua Spence
2a2b47326c Fix text lint issues
Summary: Ref T5105. This is a proof-of-concept for D11458.

Test Plan: `arc lint --everything`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Maniphest Tasks: T5105

Differential Revision: https://secure.phabricator.com/D11642
2015-02-12 07:00:13 +11:00
epriestley
08045efb30 Fix mouse access to Workboard scrollbars
Summary: Fixes T7075. The invisible "fancy" scrollbar was covering these; hide it more aggressively.

Test Plan:
  - Scrollbars on Workboards can now be interacted with directly.
  - Normal scrollable and unscrollable pages work as expected.
  - Resized some windows.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T7075

Differential Revision: https://secure.phabricator.com/D11560
2015-01-29 07:10:35 -08:00