1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-15 11:22:40 +01:00
Commit graph

17676 commits

Author SHA1 Message Date
epriestley
54bcbdaba9 Fix an XSS issue with certain high-priority remarkup rules embedded inside lower-priority link rules
Summary:
See <https://hackerone.com/reports/758002>. The link rules don't test that their parameters are flat text before using them in unsafe contexts.

Since almost all rules are lower-priority than these link rules, this behavior isn't obvious. However, two rules have broadly higher priority (monospaced text, and one variation of link rules has higher priority than the other), and the latter can be used to perform an XSS attack with input in the general form `()[ [[ ... | ... ]] ]` so that the inner link rule is evaluated first, then the outer link rule uses non-flat text in an unsafe way.

Test Plan:
Tested examples in HackerOne report. A simple example of broken (but not unsafe) behavior is:

```
[[ `x` | `y` ]]
```

Differential Revision: https://secure.phabricator.com/D20937
2019-12-13 10:37:50 -08:00
Arturas Moskvinas
4cd333b33f Use same method to get object URI as used in DifferentialTransactionEditor and PhabricatorApplicationTransactionEditor
Summary: Maniphest object has `getURI` method, let's use it

Test Plan: Create event in task - URI generated as expected in email notification

Reviewers: epriestley, Pawka, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D20935
2019-12-10 17:37:30 +02:00
epriestley
33c534f9b7 Extend Config to full-width
Summary:
Ref T13362. Some applications moved to fixed-width a while ago but I was generally unsatisfied with where they ended up and have been pushing them back to full-width.

Push Config back to full-width. Some of the subpages end up a little weird, but this provides more space to work with to make some improvements, like makign `maniphest.statuses` more legible in the UI>

Test Plan: Grepped for `setFixed(`, updated each page in `/config/`. Browsed each controller, saw workable full-width UIs.

Maniphest Tasks: T13362

Differential Revision: https://secure.phabricator.com/D20925
2019-11-25 16:18:41 -08:00
epriestley
1667acfa5d Implement "PolicyInterface" on "UserEmail" so "EmailQuery" can load them properly
Summary:
See PHI1558. Ref T11860. Ref T13444. I partly implemented PHIDs for "UserEmail" objects, but they can't load on their own so you can't directly `bin/remove destroy` them yet.

Allow them to actually load by implementing "PolicyInterface".

Addresses are viewable and editable by the associated user, unless they are a bot/list address, in which case they are viewable and editable by administrators (in preparation for T11860). This has no real impact on anything today.

Test Plan:
  - Used `bin/remove destroy <phid>` to destroy an individual email address.
  - Before: error while loading the object by PHID in the query policy layer.
  - After: clean load and destroy.

Maniphest Tasks: T13444, T11860

Differential Revision: https://secure.phabricator.com/D20927
2019-11-25 15:08:13 -08:00
epriestley
eb6df7a209 Remove "phlog()" of exeptions during Conduit calls
Summary: Fixes T13465. This "phlog()" made some degree of sense at one time, but is no longer useful or consistent. Get rid of it. See T13465 for discussion.

Test Plan: Made a conduit call that hit a policy error, no longer saw error in log.

Maniphest Tasks: T13465

Differential Revision: https://secure.phabricator.com/D20924
2019-11-22 12:03:08 -08:00
epriestley
2abf292821 Fix an issue where editing paths in Owners packages could raise an error: undefined index "display"
Summary:
Fixes T13464. Fully-realized paths have a "path" (normalized, effective path) and a "display" path (user-facing, un-normalized path).

During transaction validation we build ref keys for paths before we normalize the "display" values. A few different approaches could be taken to resolve this, but just default the "display" path to the raw "path" if it isn't present since that seems simplest.

Test Plan: Edited paths in an Owners package, no longer saw a warning in the logs.

Maniphest Tasks: T13464

Differential Revision: https://secure.phabricator.com/D20923
2019-11-21 11:29:04 -08:00
epriestley
374f8b10b3 Add a "--dry-run" flag to "bin/repository rebuild-identities"
Summary: Ref T13444. Allow the effects of performing an identity rebuild to be previewed without committing to any changes.

Test Plan: Ran "bin/repository rebuild-identities --all-identities" with and without "--dry-run".

Maniphest Tasks: T13444

Differential Revision: https://secure.phabricator.com/D20922
2019-11-19 12:38:20 -08:00
epriestley
63d84e0b44 Improve use of keys when iterating over commits in "bin/audit delete" and "bin/repository rebuild-identities"
Summary:
Fixes T13457. Ref T13444. When we iterate over commits in a particular repository, the default iteration strategy can't effectively use the keys on the table.

Tweak the ordering so the "<repositoryID, epoch, [id]>" key can be used.

Test Plan:
  - Ran `bin/audit delete --repository X` and `bin/repository rebuild-identities --repository X` before and after changes.
    - With just the key changes, performance was slightly better. My local data isn't large enough to really emphasize the key changes.
    - With the page size changes, performance was a bit better (~30%, but on 1-3 second run durations).
  - Used `--trace` and ran `EXPLAIN ...` on the new queries, saw them select the "<repositoryID, epoch, [id]>" key and report a bare "Using index condition" in the "Extra" column.

Maniphest Tasks: T13457, T13444

Differential Revision: https://secure.phabricator.com/D20921
2019-11-19 10:18:55 -08:00
epriestley
a7aca500bc Update repository identities after all mutations to users and email addresses
Summary:
Ref T13444. Currently, many mutations to users and email addresses (particularly: user creation; and user and address destruction) do not propagate properly to repository identities.

Add hooks to all mutation workflows so repository identities get rebuilt properly when users are created, email addresses are removed, users or email addresses are destroyed, or email addresses are reassigned.

Test Plan:
- Added random email address to account, removed it.
- Added unassociated email address to account, saw identity update (and associate).
  - Removed it, saw identity update (and disassociate).
- Registered an account with an unassociated email address, saw identity update (and associate).
  - Destroyed the account, saw identity update (and disassociate).
- Added address X to account A, unverified.
  - Invited address X.
  - Clicked invite link as account B.
  - Confirmed desire to steal address.
  - Saw identity update and reassociate.

Maniphest Tasks: T13444

Differential Revision: https://secure.phabricator.com/D20914
2019-11-19 09:41:59 -08:00
epriestley
89dcf9792a Give "PhabricatorUserEmail" a PHID
Summary:
Ref T13444. To interact meaningfully with "DestructionEngine", objects need a PHID. The "UserEmail" object currently does not have one (or a real "Query").

Provide basic PHID support so "DestructionEngine" can interact with the object more powerfully.

Test Plan:
  - Ran migrations, checked data in database, saw sensible PHIDs assigned.
  - Added a new email address to my account, saw it get a PHID.

Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam

Maniphest Tasks: T13444

Differential Revision: https://secure.phabricator.com/D20913
2019-11-19 09:41:29 -08:00
epriestley
d69a7360ea Use DestructionEngine to destroy UserEmail objects
Summary: Ref T13444. Prepare to hook identity updates when user email addreses are destroyed.

Test Plan:
  - Destroyed a user with `bin/remove destroy ... --trace`, saw email deleted.
  - Destroyed an email from the web UI, saw email deleted.

Maniphest Tasks: T13444

Differential Revision: https://secure.phabricator.com/D20912
2019-11-19 09:40:58 -08:00
epriestley
18da346972 Add additional flags to "bin/repository rebuild-identities" to improve flexibility
Summary:
Ref T13444. Repository identities have, at a minimum, some bugs where they do not update relationships properly after many types of email address changes.

It is currently very difficult to fix this once the damage is done since there's no good way to inspect or rebuild them.

Take some steps toward improving observability and providing repair tools: allow `bin/repository rebuild-identities` to effect more repairs and operate on identities more surgically.

Test Plan: Ran `bin/repository rebuild-identities` with all new flags, saw what looked like reasonable rebuilds occur.

Maniphest Tasks: T13444

Differential Revision: https://secure.phabricator.com/D20911
2019-11-19 09:39:48 -08:00
epriestley
0014d0404c Consolidate repository identity resolution and detection code
Summary: Ref T13444. Send all repository identity/detection through a new "DiffusionRepositoryIdentityEngine" which handles resolution and detection updates in one place.

Test Plan:
  - Ran `bin/repository reparse --message ...`, saw author/committer identity updates.
  - Added "goose@example.com" to my email addresses, ran daemons, saw the identity relationship get picked up.
  - Ran `bin/repository rebuild-identities ...`, saw sensible rebuilds.

Maniphest Tasks: T13444

Differential Revision: https://secure.phabricator.com/D20910
2019-11-19 09:39:11 -08:00
epriestley
6afbb6102d Remove "PhabricatorEventType::TYPE_DIFFUSION_LOOKUPUSER" event
Summary: Ref T13444. This is an ancient event and part of the old event system. It is not likely to be in use anymore, and repository identities should generally replace it nowadays anyway.

Test Plan: Grepped for constant and related methods, no longer found any hits.

Maniphest Tasks: T13444

Differential Revision: https://secure.phabricator.com/D20909
2019-11-19 09:38:03 -08:00
epriestley
a2b2c391a1 Distinguish between "Assigned" and "Effective" identity PHIDs more clearly and consistently
Summary:
Ref T13444. You can currently explicitly unassign an identity (useful if the matching algorithm is misfiring). However, this populates the "currentEffectiveUserPHID" with the "unassigned()" token, which mostly makes things more difficult.

When an identity is explicitly unassigned, convert that into an explicit `null` in the effective user PHID.

Then, realign "assigned" / "effective" language a bit. Previously, `withAssigneePHIDs(...)` actualy queried effective users, which was misleading. Finally, bulk up the list view a little bit to make testing slightly easier.

Test Plan:
  - Unassigned an identity, ran migration, saw `currentEffectiveUserPHID` become `NULL` for the identity.
  - Unassigned a fresh identity, saw NULL.
  - Queried for various identities under the modified constraints.

Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam

Maniphest Tasks: T13444

Differential Revision: https://secure.phabricator.com/D20908
2019-11-19 09:37:44 -08:00
epriestley
df0f5c6cee Make repository identity email address association case-insensitive
Summary:
Ref T13444. Currently, identities for a particular email address are queried with "LIKE" against a binary column, which makes the query case-sensitive.

  - Extract the email address into a separate "sort255" column.
  - Add a key for it.
  - Make the query a standard "IN (%Ls)" query.
  - Deal with weird cases where an email address is 10000 bytes long or full of binary junk.

Test Plan:
  - Ran migration, inspected database for general sanity.
  - Ran query script in T13444, saw it return the same hits for "git@" and "GIT@".

Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam

Maniphest Tasks: T13444

Differential Revision: https://secure.phabricator.com/D20907
2019-11-19 09:37:26 -08:00
epriestley
d58eddcf0a When predicting project membership during edits, predict milestones will have parent membership
Summary:
Depends on D20919. Ref T13462. When editing milestones, we currently predict they will have no members for policy evaluation purposes. This isn't the right rule.

Instead, predict that their membership will be the same as the parent project's membership, and pass this hint to the policy layer.

See T13462 for additional context and discussion.

Test Plan:
  - Set project A's edit policy to "Project Members".
  - Joined project A.
  - Tried to create a milestone of project A.
    - Before: policy exception that the edit policy excludes me.
    - After: clean milestone creation.
  - As a non-member, tried to create a milestone. Received appropriate policy error.

Maniphest Tasks: T13462

Differential Revision: https://secure.phabricator.com/D20920
2019-11-18 23:07:05 -08:00
epriestley
959504a488 When predicting object policies for project milestones, adjust objects so they behave like milestones
Summary:
Ref T13462. Currently, when testing milestone edit policies during creation, the project object does not behave like a milestone:

  - it doesn't have a milestone number yet, so it doesn't try to access the parent project; and
  - the parent project isn't attached yet.

Instead: attach the parent project sooner (which "should" be harmless, although it's possible this has weird side effects); and give the adjusted policy object a dummy milestone number if it doesn't have one yet. This forces it to act like a milestone when emitting policies.

Test Plan:
  - Set "Projects" application default edit policy to "No One".
  - Created a milestone I had permission to create.
    - Before: failed with a policy error, because the project behaved like a non-milestone and returned "No One" as the effective edit policy.
    - After: worked properly, correctly evaluting the parent project edit policy as the effective edit policy.
  - Tried to create a milestone I did not have permission to create (no edit permission on parent project).
    - Got an appropriate edit policy error.

Maniphest Tasks: T13462

Differential Revision: https://secure.phabricator.com/D20919
2019-11-18 23:06:03 -08:00
epriestley
de66a8ece1 Remove "stronger/weaker" policy color hints from object headers
Summary:
Fixes T13461. Some applications provide hints about policy strength in the header, but these hints are inconsistent and somewhat confusing. They don't make much sense for modern objects with Custom Forms, which don't have a single "default" policy.

Remove this feature since it seems to be confusing things more than illuminating them.

Test Plan:
  - Viewed various objects, no longer saw colored policy hints.
  - Grepped for all removed symbols.

Maniphest Tasks: T13461

Differential Revision: https://secure.phabricator.com/D20918
2019-11-18 22:05:26 -08:00
epriestley
1996b0cd55 Update the "owner can always view/edit" policy exception rule
Summary: Fixes T13460. This rule vanished from the UI in D20165; update things so it returns to the UI.

Test Plan: {F7035134}

Maniphest Tasks: T13460

Differential Revision: https://secure.phabricator.com/D20917
2019-11-18 21:54:45 -08:00
epriestley
e86aae99de Surface edits to "Text" panels on dashboards as remarkup edits
Summary: Fixes T13456. These edits are remarkup edits and should attach files, trigger mentions, and so on.

Test Plan: Created a text panel, dropped a file in. After changes, saw the file attach properly.

Maniphest Tasks: T13456

Differential Revision: https://secure.phabricator.com/D20906
2019-11-13 10:35:09 -08:00
epriestley
2adc36ba0b Correctly identify more SSH private key problems as "formatting" or "passphrase" related
Summary:
Ref T13454. Fixes T13006. When a user provide us with an SSH private key and (possibly) a passphrase:

  # Try to verify that they're correct by extracting the public key.
  # If that fails, try to figure out why it didn't work.

Our success in step (2) will vary depending on what the problem is, and we may end up falling through to a very generic error, but the outcome should generally be better than the old approach.

Previously, we had a very unsophisticated test for the text "ENCRYPTED" in the key body and questionable handling of the results: for example, providing a passphrase when a key did not require one did not raise an error.

Test Plan:
Created and edited credentials with:

  - Valid, passphrase-free keys.
  - Valid, passphrased keys with the right passphrase.
  - Valid, passphrase-free keys with a passphrase ("surplus passphrase" error).
  - Valid, passphrased keys with no passphrase ("missing passphrase" error).
  - Valid, passphrased keys with an invalid passphrase ("invalid passphrase" error).
  - Invalid keys ("format" error).

The precision of these errors will vary depending on how helpful "ssh-keygen" is.

Maniphest Tasks: T13454, T13006

Differential Revision: https://secure.phabricator.com/D20905
2019-11-13 10:22:00 -08:00
epriestley
72f82abe07 Improve recovery from panel action rendering exceptions, and mark "Changeset" queries as not suitable for panel generation
Summary:
Fixes T13443. When a panel raises an exception during edit action generation, it currently escapes to top level. Instead, catch it more narrowly.

Additionally, mark "ChangesetSearchEngine" as not being a suitable search engine for use in query panels. There's no list view or search URI so it can't generate a sensible panel.

Test Plan:
  - Added a changeset panel to a dashboard.
  - Before: entire dashboard fataled.
  - After: panel fataled narrowly, menu fatals narrowly, dashboard no longer permits creation of another Changeset query panel.

Maniphest Tasks: T13443

Differential Revision: https://secure.phabricator.com/D20902
2019-11-08 17:15:21 -08:00
epriestley
a3f4cbd748 Correct rendering of workboard column move stories when a single transaction performs moves on multiple boards
Summary:
See <https://discourse.phabricator-community.org/t/unhandled-exception-rendering-maniphest-task/3234>.

If a single transaction performs column moves on multiple different boards (which is permitted in the API), the rendering logic currently fails. Make it render properly.

Test Plan: {F7011464}

Differential Revision: https://secure.phabricator.com/D20901
2019-11-08 16:57:35 -08:00
epriestley
b83b3224bb Add an "Advanced/Developer..." action item for viewing object handle details and hovercards
Summary:
Ref T13442. Ref T13157. There's a secret URI to look at an object's hovercard in a standalone view, but it's hard to remember and impossible to discover.

In developer mode, add an action to "View Hovercard". Also add "View Handle", which primarily shows the object PHID.

Test Plan: Viewed some objects, saw "Advanced/Developer...". Used "View Hovercard" to view hovercards and "View Handle" to view handles.

Maniphest Tasks: T13442, T13157

Differential Revision: https://secure.phabricator.com/D20887
2019-11-08 16:47:05 -08:00
epriestley
cd60a8aa56 Update various Asana odds-and-ends for "gid" API changes
Summary:
Ref T13453. Some of the Asana integrations also need API updates.

Depends on D20899.

Test Plan:
  - Viewed "asana.workspace-id" in Config, got a sensible GID list.
  - Created a revision, saw the associated Asana task get assigned.
  - Pasted an Asana link I could view into a revision description, saw it Doorkeeper in the metadata.

Maniphest Tasks: T13453

Differential Revision: https://secure.phabricator.com/D20900
2019-11-08 09:07:59 -08:00
epriestley
2223d6b914 Update Asana Auth adapter for "gid" API changes
Summary: Ref T13453. The Asana API has changed, replacing all "id" fields with "gid", including the "users/me" API call result.

Test Plan: Linked an Asana account. Before: error about missing 'id'. After: clean link.

Maniphest Tasks: T13453

Differential Revision: https://secure.phabricator.com/D20899
2019-11-08 09:02:15 -08:00
epriestley
338b4cb2e7 Prevent workboard cards from being grabbed by the "Txxx" object name text
Summary:
Fixes T13452. We currently give users mixed signals about the interaction mode of this text: the cursor says "text" but the behavior is "grab".

Make the behavior "text" to align with the cursor. An alternate variation of this change is to remove the cursor, but this is preferable if it doesn't cause problems, since copying the task ID is at least somewhat useful.

Test Plan: In Safari, Firefox, and Chrome: selected and copied object names from workboard cards; and dragged workboard cards by other parts of their UI.

Maniphest Tasks: T13452

Differential Revision: https://secure.phabricator.com/D20898
2019-11-08 08:29:53 -08:00
epriestley
d4491ddc22 Fix an issue with 1up diff block rendering for added or removed blocks
Summary: Ref T13425. When a change adds or removes a block (vs adding or removing a document, or changing a block), we currently try to render `null` as cell content in the unified view. Make this check broader to catch both "no opposite document" and "no opposite cell".

Test Plan: {F7008772}

Subscribers: artms

Maniphest Tasks: T13425

Differential Revision: https://secure.phabricator.com/D20897
2019-11-08 07:37:06 -08:00
epriestley
502ca4767e When "Fetch Refs" are configured for a repository, highlight the "Branches" menu item in the Diffusion Management UI
Summary: Ref T13448. Minor UI issue: setting a "Fetch Refs" value does not highlight the associated menu item, but should.

Test Plan: Set only "Fetch Refs", now saw menu item highlighted.

Maniphest Tasks: T13448

Differential Revision: https://secure.phabricator.com/D20895
2019-11-07 16:28:33 -08:00
epriestley
1b40f7e540 Always initialize Git repositories with "git init", never with "git clone"
Summary:
Fixes T13448. We currently "git clone" to initialize repositories, but this will fetch too many refs if "Fetch Refs" is configured.

In modern Phabricator, there's no apparent reason to "git clone"; we can just "git init" instead. This workflow naturally falls through to an update, where we'll do a "git fetch" and pull in exactly the refs we want.

Test Plan:
  - Configured an observed repository with "Fetch Refs".
  - Destroyed the working copy.
  - Ran "bin/repository pull X --trace --verbose".
    - Before: saw "git clone" pull in the world.
    - After: saw "git init" create a bare empty working copy, then "git fetch" fill it surgically.

Both flows end up in the same place, this one is just simpler and does less work.

Maniphest Tasks: T13448

Differential Revision: https://secure.phabricator.com/D20894
2019-11-07 16:17:35 -08:00
epriestley
8dd57a1ed2 When fetching Git repositories, pass "--no-tags" to make explicit "Fetch Refs" operate more narrowly
Summary:
Ref T13448. The default behavior of "git fetch '+refs/heads/master:refs/heads/master'" is to follow and fetch associated tags.

We don't want this when we pass a narrow refspec because of "Fetch Refs" configuration. Tell Git that we only want the refs we explicitly passed.

Note that this doesn't prevent us from fetching tags (if the refspec specifies them), it just stops us from fetching extra tags that aren't part of the refspec.

Test Plan:
  - Ran "bin/repository pull X --trace --verbose" in a repository with a "Fetch Refs" configuration, saw only "master" get fetched (previously: "master" and reachable tags).
  - Ran "git fetch --no-tags '+refs/*:refs/*'", saw tags fetched normally ("--no-tags" does not disable fetching tags).

Maniphest Tasks: T13448

Differential Revision: https://secure.phabricator.com/D20893
2019-11-07 16:17:08 -08:00
epriestley
9dbde24dda Manually prune Git working copy refs instead of using "--prune", to improve "Fetch Refs" behavior
Summary:
Ref T13448. When "Fetch Refs" is configured:

  - We switch to a narrow mode when running "ls-remote" against the local working copy. This excludes surplus refs, so we'll incorrectly detect that the local and remote working copies are identical in cases where the local working copy really has surplus refs.
  - We rely on "--prune" to remove surplus local refs, but it only prunes refs matching the refspecs we pass "git fetch". Since these refspecs are very narrow under "Fetch Only", the pruning behavior is also very narrow.

Instead:

  - When listing local refs, always list everything. If we have too much stuff locally, we want to get rid of it.
  - When we identify surplus local refs, explicitly delete them instead of relying on "--prune". We can just do this in all cases so we don't have separate "--prune" and "manual" cases.

Test Plan:
  - Created a new repository, observed from a GitHub repository, with many tags/refs/branches. Pulled it.
  - Observed lots of refs in `git for-each-ref`.
  - Changed "Fetch Refs" to "refs/heads/master".
  - Ran `bin/repository pull X --trace --verbose`.

On deciding to do something:

  - Before: since "master" did not change, the pull declined to act.
  - After: the pull detected surplus refs and deleted them. Since the states then matched, it declined further action.

On pruning:

  - Before: if the pull was forced to act, it ran "fetch --prune" with a narrow refspec, which did not prune the working copy.
  - After: saw working copy pruned explicitly with "update-ref -d" commands.

Also, set "Fetch Refs" back to the default (empty) and pulled, saw everything pull.

Maniphest Tasks: T13448

Differential Revision: https://secure.phabricator.com/D20892
2019-11-07 16:15:46 -08:00
epriestley
f5f2a0bc56 Allow username changes which modify letter case to go through as valid
Summary:
Fixes T13446. Currently, the validation logic here rejects a rename like "alice" to "ALICE" (which changes only letter case) but this is a permissible rename.

Allow collisions that collide with the same user to permit this rename.

Also, fix an issue where an empty rename was treated improperly.

Test Plan:
  - Renamed "alice" to "ALICE".
    - Before: username collision error.
    - After: clean rename.
  - Renamed "alice" to "orange" (an existing user). Got an error.
  - Renamed "alice" to "", "!@#$", etc (invalid usernames). Got sensible errors.

Maniphest Tasks: T13446

Differential Revision: https://secure.phabricator.com/D20890
2019-11-06 08:10:36 -08:00
epriestley
6bada7db4c Change the Herald "do not include [any of]" condition label to "include none of"
Summary: Fixes T13445. Make the meaning of this condition more clear, since the current wording is ambiguous between "any of" and "all of".

Test Plan: Edited a Herald rule with a PHID list field ("Project tags"), saw text label say "include none of".

Maniphest Tasks: T13445

Differential Revision: https://secure.phabricator.com/D20889
2019-11-06 07:55:53 -08:00
epriestley
be2b8f4bcb Support querying projects by "Root Projects" in the UI, and "min/max depth" in the API
Summary:
Fixes T13441. Internally, projects can be queried by depth, but this is not exposed in the UI.

Add a "Is root project?" contraint in the UI, and "minDepth" / "maxDepth" constraints to the API.

Test Plan:
  - Used the UI to query root projects, got only root projects back.
  - Used "project.search" in the API to query combinations of root projects and projects at particular depths, got matching results.

Maniphest Tasks: T13441

Differential Revision: https://secure.phabricator.com/D20886
2019-10-31 12:56:33 -07:00
epriestley
e46e383bf2 Clean up "Revisions/Commits" table in Maniphest slightly
Summary: Ref T13440. Give the table more obvious visual structure and get rid of the largely useless header columns.

Test Plan: Viewed table, saw a slightly cleaner result.

Maniphest Tasks: T13440

Differential Revision: https://secure.phabricator.com/D20885
2019-10-31 12:29:53 -07:00
epriestley
c48f300eb1 Add support for rendering section dividers in tables; use section dividers for changes on tasks
Summary: Depends on D20883. Ref T13440. In most cases, all changes belong to the same repository, which makes the "Repository" column redundant and visually noisy. Show repository information in a section header.

Test Plan: {F6989932}

Maniphest Tasks: T13440

Differential Revision: https://secure.phabricator.com/D20884
2019-10-31 12:13:25 -07:00
epriestley
7bdfe5b46a Show commits and revisions on tasks in a tabular view instead of handle lists
Summary: Depends on D20882. Ref T13440. Instead of lists of "Differential Revisions" and "Commits", show all changes related to the task in a tabular view.

Test Plan: {F6989816}

Maniphest Tasks: T13440

Differential Revision: https://secure.phabricator.com/D20883
2019-10-31 12:10:09 -07:00
epriestley
b0d9f89c95 Remove "State Icons" from handles
Summary: Ref T13440. This feature is used in only one interface which I'm about to rewrite, so throw it away.

Test Plan: Grepped for all affected symbols, didn't find any hits anywhere.

Maniphest Tasks: T13440

Differential Revision: https://secure.phabricator.com/D20882
2019-10-31 12:04:43 -07:00
epriestley
97bed35085 Show repository information (and use repository identities) in commit hovercards
Summary:
Ref T12164. Ref T13439. Commit hovercards don't currently show the repository. Although this is sometimes obvious from context, it isn't at other times and it's clearly useful/important.

Also, use identities to render author/committer information and show committer if the committer differs from the author.

Test Plan: {F6989595}

Maniphest Tasks: T13439, T12164

Differential Revision: https://secure.phabricator.com/D20881
2019-10-31 09:58:20 -07:00
Arturas Moskvinas
bcf15abcd3 Return empty data if fact dimension is missing, not yet available
Summary:
On fresh installation which doesn't have yet any task closed you will not be able to open charts because of error below:
Fixes:
```
[Mon Oct 21 15:42:41 2019] [2019-10-21 15:42:41] EXCEPTION: (TypeError) Argument 1 passed to head_key() must be of the type array, null given, called in ..phabricator/src/applications/fact/chart/PhabricatorFactChartFunction.php on line 86 at [<phutil>/src/utils/utils.php:832]
[Mon Oct 21 15:42:41 2019]   #0 phlog(TypeError) called at [<phabricator>/src/aphront/handler/PhabricatorAjaxRequestExceptionHandler.php:27]
[Mon Oct 21 15:42:41 2019]   #1 PhabricatorAjaxRequestExceptionHandler::handleRequestThrowable(AphrontRequest, TypeError) called at [<phabricator>/src/aphront/configuration/AphrontApplicationConfiguration.php:797]
[Mon Oct 21 15:42:41 2019]   #2 AphrontApplicationConfiguration::handleThrowable(TypeError) called at [<phabricator>/src/aphront/configuration/AphrontApplicationConfiguration.php:345]
[Mon Oct 21 15:42:41 2019]   #3 AphrontApplicationConfiguration::processRequest(AphrontRequest, PhutilDeferredLog, AphrontPHPHTTPSink, MultimeterControl) called at [<phabricator>/src/aphront/configuration/AphrontApplicationConfiguration.php:214]
[Mon Oct 21 15:42:41 2019]   #4 AphrontApplicationConfiguration::runHTTPRequest(AphrontPHPHTTPSink) called at [<phabricator>/webroot/index.php:35
```

To fix issue - lets return empty data set instead

Test Plan:
1) Create fresh phabricator installation
2) Create fresh project
3) Try viewing charts

Reviewers: epriestley, Pawka, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, yelirekim

Differential Revision: https://secure.phabricator.com/D20861
2019-10-30 16:34:22 +02:00
epriestley
9d8cdce8e1 Make the top-level burndown chart in "Maniphest > Reports" show open tasks, not total tasks
Summary:
Ref T13279. See PHI1491. Currently, the top-level "Burnup Rate" chart in Maniphest shows total created tasks above the X-axis, without adjusting for closures.

This is unintended and not very useful. The filtered-by-project charts show the right value (cumulative open tasks, i.e. open minus close). Change the value to aggregate creation events and status change events.

Test Plan: Viewed top-level chart, saw the value no longer monotonically increasing.

Maniphest Tasks: T13279

Differential Revision: https://secure.phabricator.com/D20879
2019-10-29 13:48:43 -07:00
epriestley
114166dd32 Roughly implement "harbormaster.artifact.search"
Summary: Ref T13438. This is a sort of minimal plausible implementation.

Test Plan: Used "harbormaster.artifact.search" to query information about artifacts.

Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam

Maniphest Tasks: T13438

Differential Revision: https://secure.phabricator.com/D20878
2019-10-29 13:37:35 -07:00
epriestley
e1da1d86d6 Trim and URI encode symbol names before building URIs from them
Summary:
Fixes T13437. This URI construction was just missing URI encoding.

Also, trim the symbol because my test case ended up catching "#define\n" as symbol text.

Test Plan:
  - Configured a repository to have PHP symbols.
  - Touched a ".php" file with "#define" in it.
  - Diffed the change.
  - Command-clicked "#define" in the UI, in Safari/MacOS, to jump to the definition.
    - Before: taken to a nonsense page where "#define" became an anchor.
    - After: taken to symbol search for "#define".

Maniphest Tasks: T13437

Differential Revision: https://secure.phabricator.com/D20876
2019-10-29 09:48:42 -07:00
epriestley
4a53fc339e Don't use "phutil_hashes_are_identical()" to compare public keys
Summary:
Ref T13436. There's no real security value to doing this comparison, it just wards off evil "security researchers" who get upset if you ever compare two strings with a non-constant-time algorithm.

In practice, SSH public keys are pretty long, pretty public, and have pretty similar lengths. This leads to a relatively large amount of work to do constant-time comparisons on them (we frequently can't abort early after identifying differing string length).

Test Plan: Ran `bin/ssh-auth --sshd-key ...` on `secure` with ~1K keys, saw runtime drop by ~50% (~400ms to ~200ms) with `===`.

Maniphest Tasks: T13436

Differential Revision: https://secure.phabricator.com/D20875
2019-10-28 18:34:30 -07:00
epriestley
24f771c1bc Add an optional "--sshd-key" argument to "bin/ssh-auth" for reading "%k" from modern sshd
Summary: Depends on D20873. Ref T13436. Allow callers to configure "bin/ssh-auth --sshd-key %k" as an "AuthorizedKeysCommand"; if they do, and we recognize the key, emit just that key in the output.

Test Plan:
  - Used `git pull` locally, still worked fine.
  - Instrumented things, saw the public key lookup actually work and emit a single key.
  - Ran without "--sshd-key", got a full key list as before.

Maniphest Tasks: T13436

Differential Revision: https://secure.phabricator.com/D20874
2019-10-28 17:57:03 -07:00
epriestley
02f85f03bd Remove the "ssh-auth-key" script
Summary:
Ref T13436. Historically, this script could be used with a forked copy of "sshd" to do lower-cost per-key auth.

Relatively modern "sshd" supports "%f" to "AuthorizedKeysCommand", which effectively moots this.

Users have never been instructed to use this script for anything, and we moved away from this specific patch to "sshd" some time ago.

Test Plan: Grepped for "ssh-auth-key", no hits.

Maniphest Tasks: T13436

Differential Revision: https://secure.phabricator.com/D20873
2019-10-28 17:52:37 -07:00
epriestley
5d8457a07e In the repository URI index, store Phabricator's own URIs as tokens
Summary:
Fixes T13435. If you move Phabricator or copy data from one environment to another, the repository URI index currently still references the old URI, since it writes the URI as a plain string. This may make "arc which" and similar workflows have difficulty identifying repositories.

Instead, store the "phabricator.base-uri" domain and the "diffusion.ssh-host" domain as tokens, so lookups continue to work correctly even after these values change.

Test Plan:
  - Added unit tests to cover the normalization.
  - Ran migration, ran daemons, inspected `repository_uriindex` table, saw a mixture of sensible tokens (for local domains) and static domains (like "github.com").
  - Ran this thing:

```
$ echo '{"remoteURIs": ["ssh://git@local.phacility.com/diffusion/P"]}' | ./bin/conduit call --method repository.query --trace --input -
Reading input from stdin...
>>> [2] (+0) <conduit> repository.query()
>>> [3] (+3) <connect> local_repository
<<< [3] (+3) <connect> 555 us
>>> [4] (+5) <query> SELECT `r`.* FROM `repository` `r` LEFT JOIN `local_repository`.`repository_uriindex` uri ON r.phid = uri.repositoryPHID WHERE (uri.repositoryURI IN ('<base-uri>/diffusion/P')) GROUP BY `r`.phid ORDER BY `r`.`id` DESC LIMIT 101
<<< [4] (+5) <query> 596 us
<<< [2] (+6) <conduit> 6,108 us
{
  "result": [
    {
      "id": "1",
      "name": "Phabricator",
      "phid": "PHID-REPO-2psrynlauicce7d3q7g2",
      "callsign": "P",
      "monogram": "rP",
      "vcs": "git",
      "uri": "http://local.phacility.com/source/phabricator/",
      "remoteURI": "https://github.com/phacility/phabricator.git",
      "description": "asdf",
      "isActive": true,
      "isHosted": false,
      "isImporting": false,
      "encoding": "UTF-8",
      "staging": {
        "supported": true,
        "prefix": "phabricator",
        "uri": null
      }
    }
  ]
}
```

Note the `WHERE` clause in the query normalizes the URI into "<base-uri>", and the lookup succeeds.

Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam

Maniphest Tasks: T13435

Differential Revision: https://secure.phabricator.com/D20872
2019-10-28 14:44:06 -07:00
epriestley
292f8fc612 Fix an issue where added or removed source files could incorrectly select a DocumentEngine
Summary:
Ref T13425. The changes in D20865 could incorrectly lead to selection of a DocumentEngine that can not generate document diffs if a file was added or removed (for example, when a source file is added).

Move the engine pruning code to be shared -- we should always discard engines which can't generate a diff, even if we don't have both documents.

Test Plan: Viewed an added source file, no more document ref error arising from document engine selection.

Maniphest Tasks: T13425

Differential Revision: https://secure.phabricator.com/D20866
2019-10-26 12:16:49 -07:00