1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-30 17:30:59 +01:00
Commit graph

7643 commits

Author SHA1 Message Date
epriestley
75cbc3ef6c Fix an issues with moved Phriction documents if the old location does not exist or can't be loaded
Summary: Fixes T5250. This needs some general cleanup, but fix the fatal.

Test Plan:
  - Viewed moved document.
  - Viewed moved-from-nonexistent-source document.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T5250

Differential Revision: https://secure.phabricator.com/D9357
2014-06-03 12:42:54 -07:00
Joshua Spence
c86604bad8 Reduce the verbosity of the ./bin/search index script.
Summary: Currently, the `./bin/search index` script produces a lot of output (one line for every indexed object). Instead, use a `PhutilConsoleProgressBar` to indicate progress. This is much less verbose and gives a real indication of how long the script should take to complete.

Test Plan: Ran `./bin/search index` and verified that a progress bar was output.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9364
2014-06-03 11:46:43 -07:00
Joshua Spence
1503840cd9 Batch up SQL operations in the ./bin/repository parents script.
Summary: Fixes T5255. Currently the `./bin/repository parents` workflow is quite slow. Batching up the SQL operations should make the workflow //seem// much faster.

Test Plan: Not yet tested.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5255

Differential Revision: https://secure.phabricator.com/D9361
2014-06-03 11:27:57 -07:00
epriestley
e3d7c16d8c Use "https://" instead of "git://" for anoymous GitHub requests in documentation
Summary: These both work, but "git://" uses a nonstandard and possibly firewalled port, is less familiar to users, and is not promoted in the GitHub UI.

Test Plan: `grep`, reviewed diff.

Reviewers: chad, avive, avivey

Reviewed By: avivey

Subscribers: epriestley, avivey

Differential Revision: https://secure.phabricator.com/D9360
2014-06-03 09:40:16 -07:00
Joshua Spence
0d03bbe43c Allow repositories to be deleted using ./bin/remove.
Summary: Currently, repositories can be deleted using `./bin/repository delete`. It makes sense to expose this operate to the `./bin/remove` script as well, for consistency.

Test Plan: Deleted a repository with `./bin/remove rTEST`.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9350
2014-06-02 17:11:58 -07:00
Joshua Spence
c2eff7c216 Allow projects to be deleted with ./bin/remove destroy.
Summary: Fixes T5235. Implement `PhabricatorDestructableInterface` on `PhabricatorProject` so that projects can be deleted with `./bin/remove destroy`.

Test Plan: Created (and then destroyed) a test project. Verified that the corresponding objects (project, slugs and workboard columns) were removed from the database.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Maniphest Tasks: T5235

Differential Revision: https://secure.phabricator.com/D9352
2014-06-02 17:10:29 -07:00
Joshua Spence
1e2a592ceb Expose "Abandon Revision" to non-authors with a config flag.
Summary: Fixes T4720. Allows non-authors to permanently reject a differential by exposing the "Abandon Revision" action via a configuration flag.

Test Plan: {F161434}

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4720

Differential Revision: https://secure.phabricator.com/D9306
2014-06-02 16:58:48 -07:00
epriestley
8ea9935ea5 Deduplicate parents from PhabricatorGitGraphStream
Summary: Fixes T5226. It's rare (but possible) for a commit to have the same parent more than once in Git.

Test Plan: Ran `bin/repository parents` on a normal repository.

Reviewers: joshuaspence

Reviewed By: joshuaspence

Subscribers: epriestley

Maniphest Tasks: T5226

Differential Revision: https://secure.phabricator.com/D9344
2014-06-02 15:25:28 -07:00
Chad Little
b5bbe39ec6 [redesign] Remove most gradients, tweak hovercards
Summary: The removes our least used gradients and uses base colors. Tweaked Hovercards to use.

Test Plan: Test Hovercards and UIExamples Actions Headers

Reviewers: epriestley, btrahan

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9347
2014-06-02 15:12:38 -07:00
Chad Little
c9e2df6799 [redesign] Hoverselect colors
Summary: Builds a consistent 'selected, hover' state slightly darker than selected states.

Test Plan: Tested Conpherence, Sidenavs

Reviewers: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9345
2014-06-02 15:11:30 -07:00
epriestley
c8ee8d8ae9 Fix routes for MetaMTA
Summary: This no longer has a base URI since it's not accessible.
2014-05-30 11:33:11 -07:00
Chad Little
ec4dc50f4e [redesign] Add back power icon
Summary: Adds back the power icon

Test Plan: Logged out of local instance, saw icon appear. Click login icon. Logged in. Ate a toast sandwich.

Reviewers: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9336
2014-05-29 20:50:31 -07:00
Chad Little
0e05f078b0 [Redesign] Update Filetree CSS
Summary: Tweaks colors, updates icons

Test Plan: Tested a filetree view, clicked and hovered.

Reviewers: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9335
2014-05-29 16:05:51 -07:00
epriestley
23a238b045 Remove "organization", "communication" and "miscellaneous" app groups
Summary:
Merge "Organization" and "Communication" into "Core". The split between these three was always tenuous, and this is easier to use and nicer looking on the new launcher.

Merge "Miscellaneous" into "Utilities" since they're basically the same thing.

Test Plan: Looked at app launcher.

Reviewers: chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D9334
2014-05-29 15:25:26 -07:00
epriestley
24eacaa032 Remove application small/hidden tiles
Summary:
Ref T5176. This paves the way for the redesign by making the homepage editor thing a little more manageable/coherent.

Not perfect, but we can clean it up a bit after the new design.

Test Plan:
Home page:

{F162093}

New "Pinned Applications" settings panel (this supports drag-and-drop to reorder):

{F162094}

Pin an app:

{F162095}

Unpin an app:

{F162096}

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T5176

Differential Revision: https://secure.phabricator.com/D9332
2014-05-29 15:03:49 -07:00
epriestley
09a3506821 Merge branch 'master' into redesign 2014-05-29 15:02:13 -07:00
epriestley
81d95cf682 Make default view of "Applications" app a full-page launcher
Summary:
This probably needs some tweaks, but the idea is to make it easier to browse and access applications without necessarily needing them to be on the homepage.

Open to feedback.

Test Plan:
(This screenshot merges "Organization", "Communication" and "Core" into a single "Core" group. We can't actually do this yet because it wrecks the homepage.)

{F160052}

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T5176

Differential Revision: https://secure.phabricator.com/D9297
2014-05-29 12:17:54 -07:00
Joshua Spence
2f668493a0 Don't attempt to discover parents commits for untracked branchs.
Summary: Fixes T5195. Currently, the `./bin/repository parents` workflow doesn't respect tracked branches and will attempt to build parents caches for all branches.

Test Plan: For at least one of our repositories, this patch fixes the `Unknown commit` exception. Unfortunately, it doesn't seem to completely solve this problem though, but I suspect that this is due to commits that were overwritten with a `git push --force` or similar.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5195

Differential Revision: https://secure.phabricator.com/D9322
2014-05-29 12:02:37 -07:00
epriestley
3929309225 Update config to point at modern custom field article.
Summary: Fixes T5215. This mentions an old article name.

Test Plan: Read config option.

Reviewers: chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T5215

Differential Revision: https://secure.phabricator.com/D9331
2014-05-29 12:01:30 -07:00
epriestley
63ed126b2a Point github.com/facebook URIs at github.com/phacility insead
Summary: Point everything at the new canonical URI.

Test Plan: `grep`

Reviewers: chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D9328
2014-05-29 08:33:25 -07:00
epriestley
7f2b6412a2 Fix an issue with Phrequent where range_start might not be defined
Summary: If two events start on the same second (somewhat common now, since
start time can be specified) we'll hit a "push" with no range start. Instead,
always set a minimal range start.
2014-05-29 06:44:45 -07:00
James Rhodes
b20142c0fe Fix PhabricatorPolicyDataTestCase
Summary: Fixes T5219.

Test Plan: Ran `arc unit`.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Maniphest Tasks: T5219

Differential Revision: https://secure.phabricator.com/D9326
2014-05-29 05:45:14 -07:00
Chad Little
eb14c3085b [redesign] Tokens and List
Summary: Takes a pass at standardizing spacing and colors for lists and tokens.

Test Plan: Tested a lot of lists, policy, timeline, quick create, diffusion.

Reviewers: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9325
2014-05-28 20:58:22 -07:00
Chad Horohoe
dd3dfde983 T4446: Fix Elasticsearch support for 1.0 and above
Summary:
Elasticsearch 1.0 deprecated the "filter" top-level
parameter in favor of "post_filter" which is applied
after scores and so forth are calculated.

Instead search field.corpus with a term query.

Test Plan:
Tested against Elasticsearch 1.1.1, able to perform
basic queries without query parse errors.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Maniphest Tasks: T4446

Differential Revision: https://secure.phabricator.com/D9321
2014-05-28 15:36:39 -07:00
Chad Little
c7a7574f0c Remove oneline feed story
Summary: People seem confused and it is a little inconsistent. Also added other app icon types.

Test Plan: Viewed a number of feed stories.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9320
2014-05-28 11:18:28 -07:00
Joshua Spence
1855e66758 Add some file types to pygments.dropdown-choices.
Summary: I could just add these options to my local configuration, but I figured I'd submit these upstream since they are (in my opinion) fairly common file formats.

Test Plan: N/A

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9319
2014-05-28 06:26:20 -07:00
epriestley
2aef04a78a Fix Diffusion blame/highlight for logged-out users
Summary:
Fixes T5199. We try to save these options in user preferences, but logged-out users don't have preferences.

Instead, just use GET links for logged-out users.

Test Plan:
  - As a logged-out user, toggled blame and highlight on and off.
  - As a logged-in user, toggled blame and highlight on and off.

Reviewers: btrahan, vrana

Reviewed By: vrana

Subscribers: epriestley

Maniphest Tasks: T5199

Differential Revision: https://secure.phabricator.com/D9310
2014-05-27 17:37:26 -07:00
Stepan Generalov
71d2b0868b Fix typo: behvaior->behavior
See: <https://github.com/facebook/phabricator/pull/622>

Reviewed by: epriestley
2014-05-27 17:24:34 -07:00
epriestley
70ec8052fd Fix issue when editing a project with no secondary hash tags
Summary: Fixes T5186. If a project has no secondary tags, we issue a bogus query right now.

Test Plan: Edited a project with no secondary tags.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T5186

Differential Revision: https://secure.phabricator.com/D9300
2014-05-27 17:21:34 -07:00
lkassianik
92ccadaa42 Create an empty state for dashboards
Summary: Fixes T5177. Not sure if checking for panelPHIDs is right, but seemed like a better choice than adding a new property on dashboard.

Test Plan: Create dashboard with no panels. Go to view dashboard. "view" page should have a placeholder that directs user to Manage Dashboard

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Maniphest Tasks: T5177

Differential Revision: https://secure.phabricator.com/D9312
2014-05-27 15:34:41 -07:00
Chad Little
c4add5af9b Common Colors, Spacing for Menus and Typeaheads
Summary: Adds more consistent colors and spacing to notifications, conpherence dropdowns, search dropdowns, and typeaheads.

Test Plan: Tested Notifications, menu and page. Conpherence, menu and page, Search, and Typeaheads.

Reviewers: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9313
2014-05-27 15:28:59 -07:00
epriestley
33aa395806 Delete some junko garbage
Summary: We haven't needed this for like three years, so we probably won't ever need it. It's in history if we do.

Test Plan: thought long and hard

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D9311
2014-05-27 13:44:21 -07:00
Joshua Spence
1daa0aa36e Syntax highlight .arclint files as JSON.
Summary: After T2039, it makes sense to syntax highlight `.arclint` files as JSON.

Test Plan: N/A

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9305
2014-05-27 06:14:06 -07:00
Chad Little
87411f5b29 Reduce Apps Sprite, Sidenav apps tweak
Summary: Removes lightblue app icons, moves the menu ones to menu sprite. Minor CSS updates to apps nav.

Test Plan: Test all sm icons work in new nav, test apps nav.

Reviewers: epriestley, btrahan

Subscribers: epriestley, Korvin, hach-que

Differential Revision: https://secure.phabricator.com/D9302
2014-05-26 22:15:05 -07:00
lkassianik
607f4bfab8 Remove dedicated "Jump Nav" navigation element
Summary: Fixes T5175. Not sure if I cleaned out everything, but this seemed like a reasonable first pass. Attempted to delete all code that belonged to Jump Nav feature only.

Test Plan: Open phabricator homepage, verify Jump Nav element is gone, verify the Search bar still autocompletes and jumps to shortcuts.

Reviewers: chad, epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Maniphest Tasks: T5175

Differential Revision: https://secure.phabricator.com/D9301
2014-05-26 11:16:03 -07:00
epriestley
b93c2f6852 Fix two Passphrase credential type issues
Summary:
Fixes T4991. Two issues:

  - These error messages pass an object to "%s", when they mean to pass a type constant.
  - The check for noncreatable credentials is incorrectly in the "edit" branch of the controller.

Test Plan:
  - Edited a "SSH Key on disk" credential.
  - Tried to create a credential with a bogus type.

Reviewers: btrahan, joshuaspence

Reviewed By: joshuaspence

Subscribers: epriestley

Maniphest Tasks: T4991

Differential Revision: https://secure.phabricator.com/D9299
2014-05-26 05:46:26 -07:00
Ben Alpert
b7a8c0b200 Fix references to set-config --show in docs
Test Plan: Crossed many fingers.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9298
2014-05-26 03:52:25 -07:00
Chad Little
3c91ec93fd Update Icons 2014-05-25 21:13:18 -07:00
Chad Little
74e42d7cce clean up tablet view, group tiles. 2014-05-25 16:30:32 -07:00
Chad Little
ff9057fd82 More tweaks, Conpherence 2014-05-25 13:18:51 -07:00
Chad Little
3aec1b1159 Redesign sidenav, crumbs 2014-05-24 21:56:45 -07:00
epriestley
c1a4b102cc Order projects near the top of results
Summary: Reorder main search typehaead as Jump, Apps, Prjoects, Users, Symbols instead of having projects at the bottom. Ref T5176.

Test Plan: {F159689}

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T5176

Differential Revision: https://secure.phabricator.com/D9283
2014-05-24 12:54:56 -07:00
epriestley
0771559d58 Change "Contains Text" label to "Contains Words"
Summary: Fixes T4818. Clarify that this does not search for arbitrary text substrings.

Test Plan: `grep`

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T4818

Differential Revision: https://secure.phabricator.com/D9278
2014-05-24 12:45:23 -07:00
lkassianik
7de4e80907 Move Dashboard and Panel edit history out of the way
Summary: Fixes T5170, Create new page for dashboard history

Test Plan: Open dashboard, manage dashboard, click on "View History". Dashboard history should appear. Panel history should appear on panel view page under panel.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Maniphest Tasks: T5170

Differential Revision: https://secure.phabricator.com/D9280
2014-05-24 12:29:28 -07:00
epriestley
eace05e4a5 Change "Blocking Tasks" property list label to "Blocks"
Summary: Ref T5021. This specific label is a little more clear as "Blocks". See also IRC.

Test Plan: eyeballed it

Reviewers: btrahan, lpriestley, hach-que

Reviewed By: hach-que

Subscribers: epriestley

Maniphest Tasks: T5021

Differential Revision: https://secure.phabricator.com/D9279
2014-05-24 06:27:36 -07:00
Chad Little
9979f6e19f Dashboard CSS updates
Summary: Updates ObjectList dashboarda and tweaks minor css items elsewhere.

Test Plan: Test my dashboard, editing, and standalone

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9275
2014-05-23 21:48:15 -07:00
lkassianik
6a80b6a588 "Blocks" instead of "Dependent Tasks"
Summary: Fixes T5021, UI labels for the fields, "Edit Dependencies" in the action list, transaction strings ("added dependent tasks", etc), UI strings in the dependencies dialog (title/submit/etc)

Test Plan: Open task, edit blocks, dialog should have new term, task history should show "blocks" instead of "dependencies"

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Maniphest Tasks: T5021

Differential Revision: https://secure.phabricator.com/D9270
2014-05-23 13:50:27 -07:00
Chad Little
5a8a32b7c5 Dashboard UI stuffs
Summary:
- Make CSS more resilient with columns
 - Add objectlist css
 - Fix Maniphest list css

Test Plan:
Tested a number of different panels and dashboards, desktop, tablet, and mobile.

{F159447}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9273
2014-05-23 13:44:51 -07:00
Bob Trahan
102befdede Project - add ability to select an icon for typeaheads and such
Summary: Fixes T5090. Introduced getIcon into Handle stack which allows you to specify a per handle icon. getIcon falls back ot getTypeIcon.

Test Plan: changed the icon on a project a bunch. verified transactions showed up. verified icon showed up in typeahead. verified icon showed up in tokens that were pre-generated (not typed in). units test passed.

Reviewers: chad, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5090

Differential Revision: https://secure.phabricator.com/D9264
2014-05-23 10:41:24 -07:00
epriestley
217e0e7fe1 Fix workboard link from project profile pages
Summary: Fixes T5165. This uses `$this->id`, but that may not always be populated anymore. Use the project ID directly instead.

Test Plan: Clicked a workboard link.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T5165

Differential Revision: https://secure.phabricator.com/D9266
2014-05-23 07:29:16 -07:00
Aviv Eyal
9bba4cda2f Diffusion browser: Update editor link when clicking on a line
Summary: Highlighing and URL are fixed on click - now the edit button too.

Test Plan: click on lines with and without value in "Editr Link" (And without %l in it).

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9227
2014-05-22 15:33:30 -07:00
epriestley
27a369d15a Make it much easier to add one-off event listeners
Summary:
Ref T4657. Right now, you have to muck with `events.listeners` to install listeners. Instead, automatically install all subclasses of AutoEventListener.

Primarily, this makes it easier to resolve requests with "drop this file in `src/extensions/`, no warranty", which seems to have worked well so far in resolving things like custom remarkup rules, etc.

Test Plan:
  - Added such a listener, had it autoregister.
  - Clicked around and saw the effects of normal listeners.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4657

Differential Revision: https://secure.phabricator.com/D9262
2014-05-22 15:19:28 -07:00
Bob Trahan
c39f302c04 Project - use hashtag as a way to access project profile in URI, e.g. /project/hashtag/
Summary: Fixes T4022. Hooks up the project profile controller to understanding URIs like /project/hashtag/ Also, makes handles have the new /project/hashtag/ URI by default, thus upselling that feature super duper heavily.

Test Plan: clicked some project links, noted pretty uri and page working nicely.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: chad, epriestley, Korvin

Maniphest Tasks: T4022

Differential Revision: https://secure.phabricator.com/D9260
2014-05-22 15:16:16 -07:00
epriestley
a76f61f7e1 Make auth.email-domains case-insensitive
Summary:
Fixes T5143. Currently, if your allowed domain is "example.com", we reject signups from "@Example.com".

Instead, lowercase both parts before performing the check.

Test Plan:
  - Before patch:
    - Set allowed domains to "yghe.net".
    - Tried "x@yghe.net", no error.
    - Tried "x@xxxy.net", error.
    - Tried "x@yghE.net", incorrectly results in an error.
  - After patch:
    - Set allowed domains to "yghe.net".
    - Tried "x@yghe.net", no error.
    - Tried "x@xxxy.net", error.
    - Tried "x@yghE.net", this correctly no longer produces an error.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5143

Differential Revision: https://secure.phabricator.com/D9261
2014-05-22 14:51:00 -07:00
Chad Little
c88385fa22 Tweak mobile action css, add to people
Summary: Makes the mobile action menu a little nicer, adds it to /people/

Test Plan: Test myself on my install, mobile and desktop.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9259
2014-05-22 12:04:11 -07:00
Bob Trahan
922e5c0849 Projects - add "Additional Hashtags" to projects
Summary:
Fixes T4021. Chooses to keep a "primary" slug based off the name - including all that lovely logic - and allow the user to specify "additional" slugs. Expose these as "hashtags" to the user.

Sets us up for a fun diff where we can delete all the Project => Phriction automagicalness. In terms of this diff, see the TODOs i added.

Test Plan:
added a primary slug as an additional slug - got an error. added a slug in use on another project - got an error. added multiple good slugs and they worked. removed slugs and it worked. made some remark using multiple new slugs and they all linked to the correct project

ran epriestley's case

 - Create project "A".
 - Give it additional slug "B".
 - Try to create project "B".

and i got a nice error about hashtag collision

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4021

Differential Revision: https://secure.phabricator.com/D9250
2014-05-22 11:19:03 -07:00
lkassianik
6302414883 Make the default view of dashboards be just the dashboard
Summary: Fixes T4985, add manage page, change view page to show only panels. Arguably, PhabricatorDashboardArrangeController is no longer necessary. Also, still trying to figure out if I updated all flows that involve "arrange/{id}". Probably missed some. Also not sure of the Manage Dashboard icon. Please advise.

Test Plan: Create dashboard, add panels, "view/{id}" should show just panels, Manage Dashboard should show timeline and edit links.

Reviewers: #blessed_reviewers, epriestley, chad

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4985

Differential Revision: https://secure.phabricator.com/D9258
2014-05-22 11:10:53 -07:00
epriestley
f896dc5392 Put a cache in front of Celerity transforms, and update packages
Summary:
Fixes T5094. In some cases we do slightly expensive transformations to resources (inlining images, replacing URIs, building packages). We can throw cache in front of them easily since URIs are already permanently associated with a single resource.

Also browse around and move some CSS/JS into packages.

Test Plan:
Added logging to verify the caches are working, saw moderately improved performance.

Browsed around looking at resources tab in developer console, saw fewer total requests.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5094

Differential Revision: https://secure.phabricator.com/D9175
2014-05-22 10:47:00 -07:00
epriestley
f1534e6feb Make password reset emails use one-time tokens
Summary:
Ref T4398. This code hadn't been touched in a while and had a few crufty bits.

**One Time Resets**: Currently, password reset (and similar links) are valid for about 48 hours, but we always use one token to generate them (it's bound to the account). This isn't horrible, but it could be better, and it produces a lot of false positives on HackerOne.

Instead, use TemporaryTokens to make each link one-time only and good for no more than 24 hours.

**Coupling of Email Verification and One-Time Login**: Currently, one-time login links ("password reset links") are tightly bound to an email address, and using a link verifies that email address.

This is convenient for "Welcome" emails, so the user doesn't need to go through two rounds of checking email in order to login, then very their email, then actually get access to Phabricator.

However, for other types of these links (like those generated by `bin/auth recover`) there's no need to do any email verification.

Instead, make the email verification part optional, and use it on welcome links but not other types of links.

**Message Customization**: These links can come out of several workflows: welcome, password reset, username change, or `bin/auth recover`. Add a hint to the URI so the text on the page can be customized a bit to help users through the workflow.

**Reset Emails Going to Main Account Email**: Previously, we would send password reset email to the user's primary account email. However, since we verify email coming from reset links this isn't correct and could allow a user to verify an email without actually controlling it.

Since the user needs a real account in the first place this does not seem useful on its own, but might be a component in some other attack. The user might also no longer have access to their primary account, in which case this wouldn't be wrong, but would not be very useful.

Mitigate this in two ways:

  - First, send to the actual email address the user entered, not the primary account email address.
  - Second, don't let these links verify emails: they're just login links. This primarily makes it more difficult for an attacker to add someone else's email to their account, send them a reset link, get them to login and implicitly verify the email by not reading very carefully, and then figure out something interesting to do (there's currently no followup attack here, but allowing this does seem undesirable).

**Password Reset Without Old Password**: After a user logs in via email, we send them to the password settings panel (if passwords are enabled) with a code that lets them set a new password without knowing the old one.

Previously, this code was static and based on the email address. Instead, issue a one-time code.

**Jump Into Hisec**: Normally, when a user who has multi-factor auth on their account logs in, we prompt them for factors but don't put them in high security. You usually don't want to go do high-security stuff immediately after login, and it would be confusing and annoying if normal logins gave you a "YOU ARE IN HIGH SECURITY" alert bubble.

However, if we're taking you to the password reset screen, we //do// want to put the user in high security, since that screen requires high security. If we don't do this, the user gets two factor prompts in a row.

To accomplish this, we set a cookie when we know we're sending the user into a high security workflow. This cookie makes login finalization upgrade all the way from "partial" to "high security", instead of stopping halfway at "normal". This is safe because the user has just passed a factor check; the only reason we don't normally do this is to reduce annoyance.

**Some UI Cleanup**: Some of this was using really old UI. Modernize it a bit.

Test Plan:
  - **One Time Resets**
    - Used a reset link.
    - Tried to reuse a reset link, got denied.
    - Verified each link is different.
  - **Coupling of Email Verification and One-Time Login**
    - Verified that `bin/auth`, password reset, and username change links do not have an email verifying URI component.
    - Tried to tack one on, got denied.
    - Used the welcome email link to login + verify.
    - Tried to mutate the URI to not verify, or verify something else: got denied.
  - **Message Customization**
    - Viewed messages on the different workflows. They seemed OK.
  - **Reset Emails Going to Main Account Email**
    - Sent password reset email to non-primary email.
    - Received email at specified address.
    - Verified it does not verify the address.
  - **Password Reset Without Old Password**
    - Reset password without knowledge of old one after email reset.
    - Tried to do that without a key, got denied.
    - Tried to reuse a key, got denied.
  - **Jump Into Hisec**
    - Logged in with MFA user, got factor'd, jumped directly into hisec.
    - Logged in with non-MFA user, no factors, normal password reset.
  - **Some UI Cleanup**
    - Viewed new UI.
  - **Misc**
    - Created accounts, logged in with welcome link, got verified.
    - Changed a username, used link to log back in.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D9252
2014-05-22 10:41:00 -07:00
epriestley
5e7b316fbe Free task leases on "phd start"
Summary:
Fixes T5154. Currently, "phd stop" terminates daemons relatively abruptly (and other things do too, like killing them). This can leave them with long leases that won't expire any time soon. Normally this isn't a big deal, since it just means an email or an import takes a bit longer (often 2 hours, but up to 24 hours) to run. However:

  - We've increased default lease durations a lot fairly recently -- the 2 hours used to be 15 minutes.
  - Harbormaster and Drydock add new types of tasks which are more dependent on other tasks, so waiting 2 hours for something to free up can hold up more stuff in queue.

When `phd start` is run, we can be confident (at least, in normal circumstances) that leases are safe to free, since we do a check. This undoes any damage done by abrupt stops in "phd stop" or by users or systems killing stuff.

(It would be nice to make "phd stop" more graceful at some point, but we always have to deal with abrupt termination in some cases no matter how gentle "phd stop" is.)

One sort-of-questionable thing here is that we don't distinguish between tasks which had an active lease and tasks which had been released, since the system itself does not make a distiction. So, for example, if you have a task that retries 5 times and waits an hour between retries, you'll get a retry on every `phd start` now, and could exhaust them all in a few minutes if you cycle `phd start` aggressively. I think this is OK. In the future, we could try to distinguish between these types of tasks, and only free the ones with active leases.

Test Plan:
  - Used `phd start` normally, saw it free leases.
  - Used `phd start`, killed it real quick so no taskmasters spawned, ran it again an saw no leases freed.
  - Used `phd start --keep-leases`.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5154

Differential Revision: https://secure.phabricator.com/D9256
2014-05-22 10:40:45 -07:00
epriestley
890ae77a9a Don't fatal when viewing a moved document if the target does not exist or isn't visible
Summary: Fixes T5156. If a document has been moved but the new one does not exist or can't be seen by the viewer, render a generic message.

Test Plan: Viewed moved-plus-visible and moved-plus-nonvisible documents.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5156

Differential Revision: https://secure.phabricator.com/D9254
2014-05-22 10:39:48 -07:00
epriestley
38b17157fa Use stable commit identifier to load repository commit
Summary: Fixes T5113. This was caught in the crossfire of cleaning up the DiffusionRequest "commit" properties.

Test Plan: Loaded `/rXnnnn` with some of the `nnn` missing.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5113

Differential Revision: https://secure.phabricator.com/D9253
2014-05-22 10:39:06 -07:00
Tal Shiri
2133e61048 Added placeholder support to custom text fields
Summary: placeholder text is pretty useful.

Test Plan: placeholder text is pretty useful. also fully supports not breaking everything.

Reviewers: chad, #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9223
2014-05-22 09:12:55 -07:00
epriestley
3c8d88deb4 Don't warn about conflicts when reverting Phriction documents
Summary:
Fixes T5144. This was incorrectly checking the //content// version, not the //head// version, so reverts would raise the "conflict" warning.

Also fix a couple of FontAwesome icons.

Test Plan:
  - Edited a document.
  - Reverted a document.
  - Opened two edit tabs. Edited one, tried to edit #2, got a warning.
  - Opened two revert tabs. Reverted in one, tried to revert in #2, got a warning.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T5144

Differential Revision: https://secure.phabricator.com/D9249
2014-05-21 16:05:59 -07:00
epriestley
a9d6a2f02d Fix weird subscribe+comment rendering
Summary:
Fixes T5146. When we're rendering a transaction group that includes a comment, we hide the "x added a comment" text, since it's implicit and obvious and cleans the UI up a little.

However, the way this works is really complicated and messy and created the T5146 issue after I made self-subscriptions have a lower priority than comments do.

Clean this code up so it makes a little more sense and gets this case right.

Test Plan: {F158270}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5146

Differential Revision: https://secure.phabricator.com/D9245
2014-05-21 13:37:11 -07:00
epriestley
d2ead465f3 Remove "Close Task" button
Summary: Fixes T5134

Test Plan: Went to a task, closed it. Felt satisfied.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley, Korvin

Maniphest Tasks: T4657, T5134

Differential Revision: https://secure.phabricator.com/D9221
2014-05-21 12:44:58 -07:00
lkassianik
fbbb43c472 Expose dashboard policy editing to UI
Summary: Fixes T4981, Allow Dashboard view and edit policies to be configured

Test Plan: Create dashboard, edit dashboard, make sure user can edit who can edit and who can see dashboard.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4981

Differential Revision: https://secure.phabricator.com/D9243
2014-05-21 12:23:27 -07:00
lkassianik
953f95054f Allow dashboard panel policies to be edited
Summary: Fixes T4982, expose dashboard panel policy editing to UI

Test Plan: Create panel, verify that user can edit who can see and who can edit panel

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Maniphest Tasks: T4982

Differential Revision: https://secure.phabricator.com/D9238
2014-05-21 10:48:39 -07:00
Chad Little
ac05fe9c3b Replace action sprite with FontAwesome
Summary: Replaces the action icons in action headers with FontAwesome

Test Plan:
- grep SPRITE_ACTIONS
- grep sprite-actions
- Replace on UIExamples
- Replace on Workboards
- Replace on Dashboards
- Replace on FeedStories

{F157840}
{F157841}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9230
2014-05-21 10:18:43 -07:00
Chad Little
53940e272f Add standard spacing around viewing panels
Summary: Just wraps them in some boxes in edit and standalone mode.

Test Plan: Tested 3 panels in edit and standalone mode.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9232
2014-05-21 10:18:18 -07:00
James Rhodes
49c15a6d95 Allow a limit to be set on the number of results in a query panel
Summary: This allows a maximum number of items to be set in a query panel.  Mostly useful when you have a query panel on the feed search and you don't want 4 billion results cluttering your dashboard.

Test Plan: Created a query panel with a maximum and it worked.  Left it blank and got the default results.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Maniphest Tasks: T4980

Differential Revision: https://secure.phabricator.com/D9235
2014-05-21 10:09:51 -07:00
Joshua Spence
eba11238b9 Show daemon arguments with ./bin/phd status.
Summary: Fixes T4735. When running `./bin/phd`, show daemon arguments.

Test Plan:
```
./bin/phd status
PID  	Started                 	Daemon                                            Arguments
12711	May 20 2014, 9:02:52 AM 	PhabricatorRepositoryPullLocalDaemon              []
12716	May 20 2014, 9:02:52 AM 	PhabricatorGarbageCollectorDaemon                 []
12733	May 20 2014, 9:02:53 AM 	PhabricatorTaskmasterDaemon                       []
12768	May 20 2014, 9:02:53 AM 	PhabricatorTaskmasterDaemon                       []
12775	May 20 2014, 9:02:53 AM 	PhabricatorTaskmasterDaemon                       []
12780	May 20 2014, 9:02:54 AM 	PhabricatorTaskmasterDaemon                       []
12838	May 20 2014, 9:02:54 AM 	PhabricatorFactDaemon                             []
13436	May 20 2014, 9:03:23 AM 	PhabricatorRepositoryPullLocalDaemon              ["X","--not","Y"]
```

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Maniphest Tasks: T4735

Differential Revision: https://secure.phabricator.com/D9208
2014-05-20 16:47:47 -07:00
Joshua Spence
b6d15377dd Show daemon arguments when launching a daemon with ./bin/phd.
Summary: Ref T4735. When launching daemons (with `./bin/phd start` or `./bin/phd launch`), print the arguments that are specified for the daemon.

Test Plan:
Ran `./bin/phd launch repo -- --not X`.

```
> sudo ./bin/phd launch repo -- --not X
Preparing to launch daemons.
NOTE: Logs will appear in '/mnt/logs/phd/daemons.log'.

Launching daemon "PhabricatorRepositoryPullLocalDaemon" with arguments ["--not","X"].
```

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4735

Differential Revision: https://secure.phabricator.com/D9205
2014-05-20 16:45:22 -07:00
Chad Little
76dc959c65 Dashboard display tweaks
Summary: Changes headers to standard light blue, tweaks spacing for uniformity.

Test Plan:
Test editing and using my dashboard.

{F157744}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9228
2014-05-20 16:23:51 -07:00
Chad Little
c7380b6023 Fix header icons in Pholio
Summary: Uses FontAwesome

Test Plan: Open/Close a Pholio Mock in my sandbox.

Reviewers: lpriestley, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9220
2014-05-20 11:59:02 -07:00
epriestley
cac61980f9 Add "temporary tokens" to auth, for SMS codes, TOTP codes, reset codes, etc
Summary:
Ref T4398. We have several auth-related systems which require (or are improved by) the ability to hand out one-time codes which expire after a short period of time.

In particular, these are:

  - SMS multi-factor: we need to be able to hand out one-time codes for this in order to prove the user has the phone.
  - Password reset emails: we use a time-based rotating token right now, but we could improve this with a one-time token, so once you reset your password the link is dead.
  - TOTP auth: we don't need to verify/invalidate keys, but can improve security by doing so.

This adds a generic one-time code storage table, and strengthens the TOTP enrollment process by using it. Specifically, you can no longer edit the enrollment form (the one with a QR code) to force your own key as the TOTP key: only keys Phabricator generated are accepted. This has no practical security impact, but generally helps raise the barrier potential attackers face.

Followup changes will use this for reset emails, then implement SMS multi-factor.

Test Plan:
  - Enrolled in TOTP multi-factor auth.
  - Submitted an error in the form, saw the same key presented.
  - Edited the form with web tools to provide a different key, saw it reject and the server generate an alternate.
  - Change the expiration to 5 seconds instead of 1 hour, submitted the form over and over again, saw it cycle the key after 5 seconds.
  - Looked at the database and saw the tokens I expected.
  - Ran the GC and saw all the 5-second expiry tokens get cleaned up.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D9217
2014-05-20 11:43:45 -07:00
epriestley
f0147fd8ad Allow workboards to be filtered with ApplicationSearch
Summary:
Ref T4673.

IMPORTANT: I had to break one thing (see TODO) to get this working. Not sure how you want to deal with that. I might be able to put the element //inside// the workboard, or I could write some JS. But I figured I'd get feedback first.

General areas for improvement:

  - It would be nice to give you some feedback that you have a filter applied.
  - It would be nice to let you save and quickly select common filters.
  - These would probably both be covered by a dropdown menu instead of a button, but that's more JS than I want to sign up for right now.
  - Managing custom filters is also a significant amount of extra UI to build.
  - Also, maybe these filters should be sticky per-board? Or across all boards? Or have a "make this my default view"? I tend to dislike implicit stickiness.

Test Plan:
Before:

{F157543}

Apply Filter:

{F157544}

Filtered:

{F157545}

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: qgil, swisspol, epriestley

Maniphest Tasks: T4673

Differential Revision: https://secure.phabricator.com/D9211
2014-05-20 11:42:05 -07:00
lkassianik
8a429c51ac Embed dashboard panels in comments
Summary: Fixes T4983, Panel prefix 'W' should be recognized as a shortcut to a dashboard panel

Test Plan: Open any comment input, type '{W1}', or other existing panel, preview should embed that panel.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Maniphest Tasks: T4983

Differential Revision: https://secure.phabricator.com/D9215
2014-05-20 11:37:40 -07:00
epriestley
bed9ce2d18 Make PeopleQuery throw, not select everything, when handed empty array
Summary: Make `->withPHIDs(array())` throw on this query instead of selecting everything.

Test Plan: Poked around.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D9210
2014-05-20 08:26:55 -07:00
epriestley
481a295454 Fix watchers to actually work properly 2014-05-20 08:20:34 -07:00
epriestley
16a2876448 Fix watcher query to work correctly with no watchers. 2014-05-20 06:35:22 -07:00
Bob Trahan
5f33aa5b4f Dashboards - add ability to install dashboard as home
Summary:
See title. Adds PhabricatorDashboardInstall data object which scopes installs to objectPHID + applicationClass. This is because we already have a collision for user home pages and user profiles. Assume only one dashboard per objectPHID + applicationClass though at the database level.

Fixes T5076.

Test Plan: From dashboard view, installed a dashboard - success! Went back to dashboard view and uninstalled it!

Reviewers: chad, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5076

Differential Revision: https://secure.phabricator.com/D9206
2014-05-19 16:09:31 -07:00
Bob Trahan
d9058d7f3f Dashboards - add remove functionality
Summary: To get there, upgrade "headerless" to "headerMode". Add a new removepanel controller. Fixes T5084.

Test Plan: removed some panels to much success

Reviewers: chad, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5078, T5084

Differential Revision: https://secure.phabricator.com/D9156
2014-05-19 14:04:26 -07:00
epriestley
9cb4047134 Apply hierarchical policy checks to Phriction
Summary: Ref T4029. When checking the view policy of a document, require the viewer to also be able to see all of the ancestors.

Test Plan:
  - Hard-coded `/x/y/` to "no one".
    - Checked that `/x/y/` is not visible.
    - Checked that `/x/y/z/` is not visible.
    - Checked that `/x/`, `/x/q/`, etc., are still visible.
  - Tested project pages and sub-pages for project visibility.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4029

Differential Revision: https://secure.phabricator.com/D9199
2014-05-19 12:41:30 -07:00
epriestley
4d7c1026f4 Use PhrictionDocumentQuery to load documents
Summary: Ref T4029. We use a lot of very outdated content loading in Phriction, which blocks T4029.

Test Plan:
- Called phriction.info
- Called phriction.history
- Called phriction.edit
- Viewed document list.
- Deleted a document.
- Viewed history.
- Viewed a diff.
- Created a document.
- Edited a document.
- Moved a document.
- Tried to overwrite a document with "new".
- Tried to overwrite a document with "move".
- Viewed a moved document note.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: shadowhand, epriestley

Maniphest Tasks: T4029

Differential Revision: https://secure.phabricator.com/D9194
2014-05-19 12:41:12 -07:00
epriestley
3a31554268 Allow projects to be "watched", sort of a super-subscribe
Summary:
Ref T4967. Adds a "Watch" relationship to projects, which is stronger than member/subscribed.

Specifically, when a task is tagged with a project, we'll include all project watchers in the email/notifications. Normally we don't include projects unless they're explicitly CC'd, or have some other active role in the object (like being a reviewer or auditor).

This allows you to closely follow a project without needing to write a Herald rule for every project you care about.

Test Plan:
  - Watched/unwatched a project.
  - Tested the watch/subscribe/member relationships:
    - Watching implies subscribe.
    - Joining implies subscribe.
    - Leaving implies unsubscribe + unwatch.
    - You can't unsubscribe until you unwatch (slightly better would be unsubscribe implies unwatch, but this is a bit tricky).
  - Watched a project, then recevied email about a tagged task without otherwise being involved.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4967

Differential Revision: https://secure.phabricator.com/D9185
2014-05-19 12:40:57 -07:00
epriestley
af0edf883d Don't disable the "Show Public Key" action for locked credentials
Summary: Fixes T5104. It's still OK to reveal public keys of locked credentials -- the controller has the right logic, this UI just isn't in sync.

Test Plan: Viewed passphrase; saw enabled menu item on locked credential.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5104

Differential Revision: https://secure.phabricator.com/D9186
2014-05-19 12:40:42 -07:00
epriestley
edd8242008 Don't hide action lists if there are no property list properties
Summary:
Fixes T5108. If we render a property list with no properties, it doesn't render anything. This hides any attached action list.

Instead, insert an empty property if we have an action list but no properties.

(This could use some cleanup eventually, but resolve the issue for now.)

Test Plan: Viewed a property list with actions but no properties; saw actions.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5108

Differential Revision: https://secure.phabricator.com/D9201
2014-05-19 12:40:30 -07:00
epriestley
3b7a781f12 Remove references to ExampleLintEngine from the documentation
Summary: See D9198.

Test Plan: eyeballed it

Reviewers: joshuaspence, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D9200
2014-05-19 12:40:20 -07:00
epriestley
703e0b3968 Disable the edit/quote menu for non-standard comments
Summary: Fixes T4930. We currently show the edit/quote menu if a transaction group has //inline// comments, but this doesn't make sense and doesn't work properly. Only show this menu if the group has a normal comment.

Test Plan:
Viewed these groups:

  - Normal comment (edits fine).
  - Just inlines (no more edit menu).
  - Inline + comment (edits fine, affects the normal comment properly).

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: bitglue, epriestley

Maniphest Tasks: T4930

Differential Revision: https://secure.phabricator.com/D9180
2014-05-19 12:39:26 -07:00
epriestley
b64407d47e Fix explosive runtime of detectCopiedCode()
Summary:
Fixes T5041. Pretty sure this is the issue: if a diff contains a large number of identical lines longer than 30 characters, we end up paying O(N^2) for each set.

Instead, when N > 16, opt to pay 0.

Test Plan: Added a test which dropped from ~100s to ~0 after changes (this diff includes a reduced-strenght version of the test, since parsing a 4,000 line diff is a little bit pricey).

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5041

Differential Revision: https://secure.phabricator.com/D9178
2014-05-19 12:39:12 -07:00
epriestley
ba6a5dae61 Make "Facts" publicly viewable
Summary: Ref T4830. Also deletes some very obsolete code.

Test Plan: Looked at Facts as logged out user.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4830

Differential Revision: https://secure.phabricator.com/D9177
2014-05-19 12:39:00 -07:00
epriestley
dd5d30e643 Adjust action strength of self subscribe/unsubscribe
Summary:
Ref T4968. If you add a comment to revision you aren't currently subscribed to, the email currently chooses "[Changed Subscribers]" as the action title. This is less interesting than "[Commented]", provided the affected subscriber is you (adding other people //is// usually interesting).

In this case, reduce the strength of this action below the strength of "comment".

Test Plan: Made several comments in conjunction with implicit and explicit subscriptions. Saw "[Commented]" for stuff affecting me, and "[Changed Subscribers]" for stuff affecting others.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4968

Differential Revision: https://secure.phabricator.com/D9168
2014-05-19 12:23:32 -07:00
epriestley
b1ec4a9a21 Add very basic conflict detection to Phriction
Summary: Ref T4768. This is extremely basic, but will stop conflicts from going silently unnoticed.

Test Plan: {F156219}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4768

Differential Revision: https://secure.phabricator.com/D9167
2014-05-19 12:23:24 -07:00
epriestley
cc9ee66ef3 When a task changes status, update blocked tasks
Summary:
Ref T5008. Three notes:

  - I'm not hiding these even if the status change is open -> open or closed -> closed. I think these are OK, but might be a little spammy.
  - These show in feed, but shouldn't, since they're very redundant with stories which will almost always appear adjacently. Probably a bit spammy, see TODO. We can't hide them from feed without also squelching the notifications right now, which I //don't// want to do.
  - You get a notification even if you're on the original task which changed status. This is definitely spammy, see other TODO.

Test Plan: {F156217}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5008

Differential Revision: https://secure.phabricator.com/D9166
2014-05-19 12:23:17 -07:00
lkassianik
3d457a53be Close pholio mocks
Summary: Fixes T4299, Add status dropdown to mock edit view

Test Plan: Edit mock, close mock, thumbnail title should read (Disabled). Default mocks list should show only open mocks.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: chad, epriestley, Korvin

Maniphest Tasks: T4299

Differential Revision: https://secure.phabricator.com/D9145
2014-05-19 11:34:23 -07:00
Chad Little
3a81f8c68d Convert rest of SPRITE_STATUS to FontAwesome
Summary:
Updates policy, headers, typeaheads to FA over policy icons

Need advice - can't seem to place where icons come from on Typeahead? Wrong icons and wrong colors.... it is late

Test Plan:
- grepped for SPRITE_STATUS
- grepped for sprite-status
- grepped for setStatus for headers
- grepped individual icons names

Browsed numerous places, checked new dropdowns, see pudgy people.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4739

Differential Revision: https://secure.phabricator.com/D9179
2014-05-18 16:10:54 -07:00
epriestley
7a9d5f8f2d Fix JIRA issue URI selection for JIRA installs which are not on the domain root
Summary: Fixes T4859. See that for details.

Test Plan:
  - Verified things still work on my local (domain root) install.
  - Added some unit tests.
  - Did not verify a non-root install since I don't have one handy, hopefully @salehe can help.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: salehe, epriestley

Maniphest Tasks: T4859

Differential Revision: https://secure.phabricator.com/D8836
2014-05-18 05:45:21 -07:00
epriestley
d744d5d859 Fix binary/utf8 issues with Differential changeset parse cache
Summary:
Fixes T4898. After we increased the strictness of the `%s` conversion, most `serialize()` output is rejected from the cache.

Drop the cache, change the column type to latin1_bin, and then use `%B` to mark the data as binary during query construction.

Test Plan: Viewed Differential, saw cache fills.

Reviewers: btrahan, spicyj

Reviewed By: spicyj

Subscribers: epriestley

Maniphest Tasks: T4898

Differential Revision: https://secure.phabricator.com/D9171
2014-05-17 16:34:13 -07:00
epriestley
a74545c9da Provide a rough, unstable API for reporting coverage into Diffusion
Summary:
Ref T4994. This stuff works:

  - You can dump a blob of coverage information into `diffusion.updatecoverage`. This wipes existing coverage information and replaces it.
  - It shows up when viewing files.
  - It shows up when viewing commits.

This stuff does not work:

  - When viewing files, the Javascript hover interaction isn't tied in yet.
  - We always show this information, even if you're behind the commit where it was generated.
  - You can't do incremental updates.
  - There's no aggregation at the file (this file has 90% coverage), diff (the changes in this commit are 90% covered), or directory (the code in this directory has 90% coverage) levels yet.
  - This is probably not the final form of the UI, storage, or API, so you should expect occasional changes over time. I've marked the method as "Unstable" for now.

Test Plan:
  - Ran `save_lint.php` to check for collateral damage; it worked fine.
  - Ran `save_lint.php` on a new branch to check creation.
  - Published some fake coverage information.
  - Viewed an affected commit.
  - Viewed an affected file.

{F151915}

{F151916}

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: jhurwitz, epriestley, zeeg

Maniphest Tasks: T5044, T4994

Differential Revision: https://secure.phabricator.com/D9022
2014-05-17 16:10:54 -07:00
epriestley
baa6441668 Remove some needless +x flags. 2014-05-17 15:41:12 -07:00
epriestley
4aea31023d Index inline comments on commits
Summary: Fixes T3044. We currently don't add these to the index.

Test Plan: Made a unique inline comment on a commit, then searched for it.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T3044

Differential Revision: https://secure.phabricator.com/D9170
2014-05-17 15:31:53 -07:00
epriestley
28c198d902 Give audits a clickable commit title, even if they are importing or messageless
Summary:
Fixes T3854. Subversion allows commits with no message, and in other cases we might not have imported the message yet. In these cases, we may not render any text inside the link.

When we hit these cases, render appropriate replacement text.

Test Plan: {F156229}

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T3854

Differential Revision: https://secure.phabricator.com/D9169
2014-05-17 15:25:31 -07:00
epriestley
1efb7e9497 Allow public countdowns to be viewed by logged out users
Summary: Fixes T5093. Ref T4830.

Test Plan:
  - As a logged out user, viewed a public countdown detail page.
  - (Tried to view a nonpublic one, got asked to login.)

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4830, T5093

Differential Revision: https://secure.phabricator.com/D9162
2014-05-17 13:40:20 -07:00
Chad Little
697e47459e Allow phui-closed-tag to be readable on hover
Summary: In general these are fairly readable, but if not it cleans up on hover (and hover card).

Test Plan: tested a closed task in my sandbox

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9158
2014-05-16 21:51:28 -07:00
Chad Little
31cd9b2169 Update PHUIStatusItemView to FontAwesome
Summary: Changes to using FontAwesome

Test Plan:
Testing UIExamples and each of the pages (except releelph)

{F155942}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9157
2014-05-16 18:59:02 -07:00
Tal Shiri
43d45c4956 can now tell phabricator you trust an auth provider's emails (useful for Google OAuth), which will mark emails as "verified" and will skip email verification.
Summary: This is useful when you're trying to onboard an entire office and you end up using the Google OAuth anyway.

Test Plan: tested locally. Maybe I should write some tests?

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9150
2014-05-16 14:14:06 -07:00
epriestley
cf6353e516 Fix a typo in ManiphestTaskQuery
Summary: This doesn't have any impact on anything right now (we don't persist the query) but could in the future, so I just left it as-is but fixed the typo.

Test Plan: looked at it carefully

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: WikiChad, epriestley

Differential Revision: https://secure.phabricator.com/D9155
2014-05-16 12:20:13 -07:00
epriestley
1ec21dc81d Serve .eot and .ttf through Celerity
Summary:
D9153 fixed half of this, but exposed another issue, which is that we don't actually serve ".eot" and ".ttf" through Celerity right now.

Make sure we include them in the routes.

Test Plan:
  - Downloaded CSS, JS, TTF, EOT, WOFF, JPG, etc., through Celerity.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D9154
2014-05-16 09:53:18 -07:00
epriestley
0b4f2c8508 Properly transform Celerity resource URIs with query strings and anchors
Summary:
See <6a45b7e670>

These URIs have "?hack=iefix#ieieielol" on them, which the parser doesn't recognize as a known resource, so it errs on the side of caution by not rewriting.

Instead, strip this bit off, attempt to rewrite, then put it back on.

Test Plan: Loaded `font-awesome.css` locally and saw properly rewritten URIs.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D9153
2014-05-16 09:27:39 -07:00
Brayden
715bf1fd55 Added a popup to both start and end times with Phrequent allowing the user to edit their start/end times. Also added a field for notes on the stop time
Summary:
I have added a dialog box which pops up when a user starts or stops tracking time on an issue with Phrequent. These dialogs allow the user to modify the time if it so happens that they forgot to either clock in or out.
I have also added a Note field in the dialog when a user stops tracking time. This allows them to enter a note about the time, and is entered into the database, but is currently (as far as I know) not visible anywhere in Phabricator.
I have made these changes according to the suggestions found in T3568

Also, upon clocking in or out, if the time entered is a future time, an error is returned and the user is asked to enter a valid time.

Test Plan:
Start tracking time and edit the start date/time, then end the time and edit that timestamp as well.
Also, try entering future dates/times and ensure that the dialog reports an error and asks for the time again.
Ensure that these edited times are recorded properly.

Reviewers: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Maniphest Tasks: T3568

Differential Revision: https://secure.phabricator.com/D9147
2014-05-16 08:53:50 -07:00
epriestley
3e9a988cd7 Fix an incorrect filtering of groupless results from Maniphest "Group By" query
Summary:
Fixes T5081. This block enforces policies and prevents you from seeing groups associated with projects you can't see. However, it incorrectly removes tasks which end up with no group key. This can happen in two cases:

  - The task isn't in a project.
  - The task is in a project, but the query includes an "In All Projects: <that project>" constraint. In that case, we don't show the group becuase it would always contain every task.

Test Plan:
Replicated the setup in T5081, saw an "Ungrouped" group with "Task A":

{F155766}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5081

Differential Revision: https://secure.phabricator.com/D9152
2014-05-16 08:47:06 -07:00
epriestley
4925dd7e6e Remove documentation about obsolete Differential event listeners
Summary:
Fixes T5069. T2222 mostly-intentionally stopped emitting these.

My sense is that users generally find event listeners (or, really, writing PHP at all) much less preferable to things like Herald rules or HTTP hooks. This is generally good, since those things are way easier to maintain, so I plan to continue moving away from events in cases where we have reasonable alternatives.

We also generally have more and better alternatives now than when these were written.

Test Plan: `grep`

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5069

Differential Revision: https://secure.phabricator.com/D9151
2014-05-16 08:47:00 -07:00
Bob Trahan
45f4431a84 Conpherence - fix send bug for users with no javascript
Summary: we should do a redirect if its not an ajax request, which solves this problem since folks with no javascript aren't sending ajax requests. Fixes T5049.

Test Plan: inverted the predicate, tried ajax requests, and got redirected

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5049

Differential Revision: https://secure.phabricator.com/D9149
2014-05-16 08:24:25 -07:00
epriestley
302d5bcec5 Allow dashboard panels to render in a headerless mode
Summary:
Ref T4986. This mostly just makes tab panels a little nicer.

Maybe this will be modal (header = "none", "edit", "view") in a few diffs but we can clean it up then if so.

Test Plan: {F155491}

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T4986

Differential Revision: https://secure.phabricator.com/D9143
2014-05-15 19:31:13 -07:00
epriestley
bf6e87da24 Add a "tabs" dashboard panel type
Summary:
Ref T4986. Allows you to create a dashboard panel out of dashboard panels.

bwahaha

Test Plan:
{F155472}

{F155473}

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4986

Differential Revision: https://secure.phabricator.com/D9141
2014-05-15 19:23:13 -07:00
epriestley
63acd90cef Allow dashboard panels to detect rendering cycles and arrest stack overflows
Summary:
Ref T4986. Ref T4983. Panels will soon be able to contain other panels, either via Remarkup (`{W1}`) or maybe through new types of meta-panels.

Allow panels to detect that they are being rendered very deeply and/or within themselves.

Test Plan: Faked some errors, got failed panel renders. Since panels can't //really// contain other panels yet, this doesn't really have an impact.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: chad, epriestley

Maniphest Tasks: T4983, T4986

Differential Revision: https://secure.phabricator.com/D9140
2014-05-15 19:21:36 -07:00
epriestley
e5e95352c7 Move Maniphest list rendering to SearchEngine
Summary: Ref T4986. Moves Maniphest over. Nothing tricky here, just a complex block of rendering.

Test Plan: Viewed Maniphest list. Created Maniphest panel. Used batch editor, drag-and-drop.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4986

Differential Revision: https://secure.phabricator.com/D9139
2014-05-15 19:17:38 -07:00
epriestley
d653fa13de Move paste rendering into SearchEngine
Summary:
Ref T4986. One note:

  - I've disabled syntax highlighting in the previews. When we miss caches this is just way way too slow and has frustrated me several times in the past. The value of syntax highlighting these snippets is not huge. We could maybe ajax this in or use it //if// we get a cache hit in the future, but just kill it for the moment.

Test Plan: Viewed pastes. Created a paste panel.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4986

Differential Revision: https://secure.phabricator.com/D9138
2014-05-15 19:17:22 -07:00
epriestley
5b3ccfd95f Move people list rendering into SearchEngine
Summary:
Ref T4986. One note:

  - We have a separate "browse directory" capability, to provide some soft privacy for users of public installs. Respect that policy within the SearchEngine.
  - Also restore some other icons I missed earlier.

Test Plan:
  - Viewed people list.
  - Build people panel.
  - Verified people panel was just me without browse capability.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4986

Differential Revision: https://secure.phabricator.com/D9137
2014-05-15 19:17:09 -07:00
epriestley
e6f6a58f93 Move activity log rendering to a dashboard panel
Summary:
Ref T4986. Swap this in. Two minor notes:

  - I adjusted the SearchEngine to add an additional constraint when the viewer isn't an admin. This mostly stops us from doing a bunch of unnecessary work.
  - I fixed the settings panel to paginate (currently loads all results, slow in production).

Test Plan: Viewed logs; viewed settings panel; created a dashboard panel.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4986

Differential Revision: https://secure.phabricator.com/D9136
2014-05-15 19:17:02 -07:00
Bob Trahan
6300955661 Dashboards - add layout mode to dashboards
Summary:
This gets us the ability to specify a "layout mode" and which column a panel should appear in at panel add time. Changing the layout mode from a multi column view to a single column view or vice versa will reset all panels to the left most column.

You can also drag and drop where columns appear via the "arrange" mode.

We also have a new dashboard create flow. Create dashboard -> arrange mode. (As opposed to view mode.) This could all possibly use massaging.

Fixes T4996.

Test Plan:
made a dashboard with panels in multiple columns. verified correct widths for various layout modes

re-arranged collumns like whoa.

Reviewers: chad, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4996

Differential Revision: https://secure.phabricator.com/D9031
2014-05-15 19:12:40 -07:00
epriestley
702f073f0a Fix some logic in WaitForPreviousBuildStep
Summary: Fixes T5062. See inlines.

Test Plan: Did not test whatsoever.

Reviewers: hach-que

Reviewed By: hach-que

Subscribers: epriestley

Maniphest Tasks: T5062

Differential Revision: https://secure.phabricator.com/D9132
2014-05-15 07:36:44 -07:00
Aviv Eyal
f2c0e94ea8 Show command transactions in Harbormaster builds
Summary:
Create transaction, editor, etc, and move command generation over to editor.
Show in a timeline in the buildable page.

Also prevent Engine from creating an empty transaction when build starts (Fixes T4885).

Fixes T4886.

Test Plan: Restart builds and buildables, look at timeline.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4885, T4886

Differential Revision: https://secure.phabricator.com/D9110
2014-05-15 07:04:34 -07:00
epriestley
7f22958a82 Use font icons on user approval queue
Summary: Fixes T5066.

Test Plan: {F155058}

Reviewers: chad, btrahan, shadowhand

Reviewed By: shadowhand

Subscribers: shadowhand, epriestley

Maniphest Tasks: T5066

Differential Revision: https://secure.phabricator.com/D9133
2014-05-15 06:51:01 -07:00
epriestley
f2d72ced4b Fix a missed call to setCommit() on DiffusionRequest
See: <https://github.com/facebook/phabricator/issues/608>

Test Plan: Viewed a Subversion diff. Grepped for `setCommit()` again.

Auditors: btrahan
2014-05-15 04:45:53 -07:00
epriestley
15561a27c3 When a conduit method requires a string constant, call it "string-const" not "enum"
Summary: Ref T5058. The use of "enum" is confusing; we mean "choose one of these specific string constants". Make this more clear.

Test Plan: Viewed each call from the web UI.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5058

Differential Revision: https://secure.phabricator.com/D9127
2014-05-14 21:59:03 -07:00
epriestley
0ad0669916 Allow branch deletions to be pushed in Mercurial
Summary: Fixes T5050. This might not be 100% right in all edge cases, but it worked on everything I tried.

Test Plan:
  - Pushed a branch deletion.
  - Pushed a branch creation.
  - Pushed a brnach creation + deletion.
  - Pushed a brnach deletion + creation.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5050

Differential Revision: https://secure.phabricator.com/D9122
2014-05-14 16:59:15 -07:00
epriestley
fe0c98facc Pass correct number of parameters to pht() when closing a branch in Mercurial
Summary: Ref T5050. This fixes the immediate error (bad pht()) but doesn't fix the other error (can't `--close-branch`) yet.

Test Plan: Pushed a `--close-branch` commit, got a first-level error instead of an error about an error.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5050

Differential Revision: https://secure.phabricator.com/D9119
2014-05-14 16:59:02 -07:00
epriestley
e841270677 Fix "Recently Closed" column for custom task statuses
Summary: Fixes T5056.

Test Plan: Viewed locally, saw numbers.

Reviewers: btrahan, shadowhand

Reviewed By: shadowhand

Subscribers: shadowhand, epriestley

Maniphest Tasks: T5056

Differential Revision: https://secure.phabricator.com/D9126
2014-05-14 16:49:50 -07:00
Eric Stern
358b59ffa7 If PhabricatorIRCBot encounters a 'nick used' error, try adding a number
Summary: Someone stole my bot's name, so the bot couldn't (re)connect. This tries adding some text to the name if it encounters a 433 'nick in use' error

Test Plan: Started a ton of bots: F154744

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9123
2014-05-14 15:30:08 -07:00
Chad Little
6a45b7e670 Update FontAwesome to 4.1.0
Summary: 71 new icons! Pied Piper!

Test Plan: tested new icons on UIExample. Perused a few other pages in Maniphest, Differential. No issues noted.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9125
2014-05-14 14:44:56 -07:00
Bob Trahan
67a5dfa662 Notifications - hide header dropdown if app is uninstalled
Summary: Fixes T5019.

Test Plan: uninstalled notifications and dropdown disappeared too

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5019

Differential Revision: https://secure.phabricator.com/D9121
2014-05-14 10:08:07 -07:00
Bob Trahan
53e95d37cf Calendar - make calendar publicly accessible
Summary: yay public policy. Ref T4830.

Test Plan: browsed about calendar from a logged out browser

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4830

Differential Revision: https://secure.phabricator.com/D9120
2014-05-14 10:00:46 -07:00
epriestley
d111536ae2 Provide more context on what "Lock Permanently" means in the UI
Summary:
Administrators may encounter this UI for the first time when configuring a repository, without ever having used Passphrase before. If they end up here on a workflow like this, the meaning of "Lock Permanently" may not be totally clear. Add some explanatory text.

(See also T4721, which discusses Passphrase documentation more generally.)

Test Plan: {F154209}

Reviewers: lpriestley

Reviewed By: lpriestley

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D9102
2014-05-14 09:25:58 -07:00
Ben Alpert
348ca4207c Use "added a dependency" over "added a revision"
Test Plan: Added a dependency, saw a descriptive description.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9111
2014-05-13 19:53:26 -07:00
epriestley
436f0563e8 Add a SublimeText-style repository typeahead
Summary:
Allows you to quickly search for files within a repository. Roughly:

  - We build a big tree of everything and ship it to the client.
  - The client implements a bunch of Sublime-ish magic to find paths.

Test Plan: {F154007}

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley, zeeg

Differential Revision: https://secure.phabricator.com/D9087
2014-05-13 14:08:21 -07:00
epriestley
82102cd95a Move Push log rendering to SearchEngine
Summary: Ref T4986. Move push logs to a View, then have all the stuff that needs to use it use that View.

Test Plan: Viewed push logs and transaction detail in Diffusion. Created a panel.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4986

Differential Revision: https://secure.phabricator.com/D9104
2014-05-13 14:00:24 -07:00
epriestley
23ada21d35 Remove commit from DiffusionRequest
Summary: Ref T2683. This field is //almost// entirely redundant with `symbolicCommit`. Improve how some of the diff query stuff works a bit, then remove it.

Test Plan: Browsed around in all interfaces, looked at a bunch of diffs, etc.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T2683

Differential Revision: https://secure.phabricator.com/D9099
2014-05-13 13:53:06 -07:00
epriestley
347252fda8 Improve clarity of commit and symbol handling in DiffusionRequest
Summary:
Ref T2683. Currently, DiffusionRequest has four different "commitey" things:

  - `commit`
  - `rawCommit`
  - `symbolicCommit`
  - `stableCommit`

Of these, only two are actually distinct, useful values: `symbolicCommit` (which holds the value the request originally contained, if one existed) and `stableCommit` (which resolves that value, or the value implied by its omission, into a stable, permanent commit identifier).

  - `rawCommit` is equivalent to `symbolicCommit` and can be simply removed.
  - `commit` has some sketchy magic around it that needs to be pulled out before it can be jettisoned.

Test Plan: Viewed SVN, Git, and Mercurial repositories. Viewed brwose/history/change/tag/branch/etc views.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T2683

Differential Revision: https://secure.phabricator.com/D9098
2014-05-13 13:52:48 -07:00
epriestley
b80b851600 Throw a more tailored exception after failing to resolve a ref
Summary: Ref T2683. Throw a more tailored exception to allow callers to distinguish between bad refs (which are expected, if users try to visit garbage branches) and other types of errors.

Test Plan: Tried to view branch "alksndfklansdf". Viewed branch "master".

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T2683

Differential Revision: https://secure.phabricator.com/D9094
2014-05-13 13:52:33 -07:00
epriestley
ce3f9211e4 Let diffusion.readmequery accept a commit
Summary:
Ref T2683. This should probably just be `diffusion.filecontentquery` but keep things as they are for now.

This method uses a commit, so accept one. Soon, this will save a bit of work.

Test Plan: Viewed readmes in main and browse views.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T2683

Differential Revision: https://secure.phabricator.com/D9093
2014-05-13 13:52:20 -07:00
epriestley
112c9e6b5e Rename "commitType" to "symbolicType"
Summary:
Ref T2683. The old name was a bit confusing because it meant "the type of the thing the symbol represents": a "commit type" should logically always be "commit".

(Currently, this is only used to detect when we're looking at a tag.)

Test Plan: Looked at a tag. Looked at some other non-tag things. Browsed around, `grep`.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T2683

Differential Revision: https://secure.phabricator.com/D9092
2014-05-13 13:52:03 -07:00
epriestley
9a2c68fd88 Rename "stableCommitName" to "stableCommit"
Summary:
Ref T2683. This is closely related to "symbolicCommit", but has an inconsistent "name" on the end.

Also, `diffusion.searchquery` uses this parameter inconsistently.

Test Plan:
  - `grep`ed for callsites.
  - Ran searches in Git and Mercurial repositories.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T2683

Differential Revision: https://secure.phabricator.com/D9091
2014-05-13 13:51:45 -07:00
epriestley
7cc9720d60 Remove shouldCreateDiffusionRequest from Diffusion conduit methods
Summary:
Ref T2683. This has no callsites, and the functionality is covered by the `initFromConduit` flag.

This simplifies the code and reduces then number of internal `diffusion.resolverefs` calls we make on, e.g., the Git repository page from 7 to 2.

Test Plan: Grepped for these symbols.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T2683

Differential Revision: https://secure.phabricator.com/D9090
2014-05-13 13:51:33 -07:00
William R. Otte
0ab192d245 Add documentation about the script and regex linter to the user guide.
Summary:
The big, gigantic comment about the script and regex linter belongs in a more obvious place.  I think this is a more obvious place. I also cleaned up a couple things.

I'll update D9084 to remove the big comment block and point here instead.

Test Plan: `bin/diviner generate --book src/docs/book/user.book`

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9100
2014-05-13 13:51:01 -07:00
Lex
cff721c657 s/Debate Paste Accuracy/Eat Paste/
Summary: Don't get me wrong, "Debate Paste Accuracy" is witty, but we can aspire to better.

Test Plan: Consume glue, obviously.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, chrisbolt, Korvin

Differential Revision: https://secure.phabricator.com/D9106
2014-05-13 12:19:42 -07:00
epriestley
38f5894b58 Move Drydock object list rendering to SearchEngine
Summary: Ref T4986. Allows the Drydock search engines to render as panels.

Test Plan: Viewed affected interfaces in Drydock. Created panels from each engine.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4986

Differential Revision: https://secure.phabricator.com/D9103
2014-05-13 12:14:33 -07:00
epriestley
2592bfcbb3 Add an "authored commits" prebuilt filter to Audit
Summary: Add a prebuilt filter to show all of the viewer's commits across all repositories. I could go either way on this, but it seems maybe-useful (?), and we have similar prebuilt filters elsewhere.

Test Plan: scoped it out <.< >.>

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8881
2014-05-13 08:06:22 -07:00
Chad Little
0120388a75 Found some missing icons
Summary: Did a more exhaustive grep on setIcon and found 99.9% of the icons.

Test Plan: I verified icon names on UIExamples, but unable to test some of the more complex flows visually. Mostly a read and replace.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin, hach-que

Differential Revision: https://secure.phabricator.com/D9088
2014-05-13 07:45:39 -07:00
epriestley
77b4c3145a Simplify Diffusion main view
Summary:
Currently, Diffusion has very complex views. After three years I'm not really used to them and rarely use many of these options.

Simplify the browse and history views:

  - Put the browse view on top.
  - Move dates to the right.
  - Remove "History" and "Edit" links from the browse view. You can access these actions by clicking the file/path.
  - Remove "Browse" link from the history view. You can access this action by clicking the commit.
  - Remove "Change Type", which is essentially never useful, from the history view.
  - Add some tweaks for mobile.

Test Plan: {F153931}

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley, zeeg

Differential Revision: https://secure.phabricator.com/D9085
2014-05-12 19:57:12 -07:00
Chad Little
315ac6aab7 Remove white app icons
Summary: Remove white app icons, no longer in use as far as grep/memory serve. These were for list hover states.

Test Plan: Rebuild sprites, celerity. Grep for appIcon use (only feed). Verify all action lists are driven by FontAwesome.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin, hach-que

Differential Revision: https://secure.phabricator.com/D9078
2014-05-12 13:34:00 -07:00
epriestley
f170991897 Put an in-request cache in front of APC
Summary: Most requests examine the same buckets, especially the first bucket. Let them just read it out of request cache.

Test Plan: Observed most bucket fetches resolving in <10us instead of <10ms.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D9080
2014-05-12 12:34:04 -07:00
epriestley
84fc8f0baf Don't try to rebuild a repository graph cache bucket more than once per request
Summary: Ref T2683. This is a small optimization, but it has low complexity: don't rebuild a bucket more than once in the same request, since it will almost always be the same. Bucket rebuilds are pretty cheap, but this saves a few queries.

Test Plan:
  - After discovering (but before parsing) a commit, viewed its browse view. Verified that this patch causes us to perform only one bucket rebuild, and therefore reduces the number of queries we issue.
  - Parsed the commit and viewed the browse view again, got successful rebuild and then fills from cache.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T2683

Differential Revision: https://secure.phabricator.com/D9055
2014-05-12 11:47:32 -07:00
epriestley
cfa265f020 Make sure READMEs can hit the markup cache in Diffusion
Summary: Ref T2683. Normally not a big deal, but if a readme has some codeblocks missing the cache can slow things down.

Test Plan:
  - Verified we hit the cache.
  - Verified TOC still works.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5028, T2683

Differential Revision: https://secure.phabricator.com/D9049
2014-05-12 11:47:31 -07:00
epriestley
53e9df8a02 Slightly reduce the cost of resolving refs
Summary: Ref T2683. By resolving the stable name earlier, we can save a resolve when viewing branch heads. This is ~100ms in Mercurial, and roughly 25% of page weight. It's less bad in Git.

Test Plan: Saw page cost go down in "Services" tab, particularly for Mercurial browse views.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T2683

Differential Revision: https://secure.phabricator.com/D9048
2014-05-12 11:47:30 -07:00
epriestley
e13369d208 Use RepositoryGraphCache to service diffusion.lastmodifiedquery
Summary:
Ref T2683. At least locally, browse views are now nearly instantaneous, even in Mercurial. We also fall back to what we were doing before if we miss or take too long, so this shouldn't make things very much worse even in extreme cases.

For a local `hg` repo, the time we spend pulling browse stuff has dropped from ~3,000ms to ~20ms. This is probably atypical, but not completely crazy or rigged or anything.

Test Plan: Viewed Git, Subversion and Mercurial repositories and observed dramatically better performance in Git and Mercurial as they took advantage of the cache.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley, jhurwitz

Maniphest Tasks: T2683

Differential Revision: https://secure.phabricator.com/D9047
2014-05-12 11:47:29 -07:00
epriestley
e34ee684e1 Batch execution of LastModified query
Summary:
Ref T2683. Further reduces query count of last modified loads; we're now at 11 instead of 200+.

(This works in SVN but could be further optimized.)

Test Plan:
Loaded SVN, Mercurial, Git:

{F34864}
{F34865}
{F34866}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley, vrana, aran

Maniphest Tasks: T2683

Differential Revision: https://secure.phabricator.com/D5256
2014-05-12 11:47:28 -07:00
epriestley
e03deb7d4a Always pull extra browse information over Ajax, and batch some of the queries
Summary:
This code is currently quite complicated because we pull history data inline for SVN files, and via ajax for everything else (SVN dirs, everything in Git and Hg).

Always pull over ajax; batch some of the queries.

Test Plan: {F34860}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley, vrana, aran

Maniphest Tasks: T2683

Differential Revision: https://secure.phabricator.com/D5255
2014-05-12 11:47:27 -07:00
epriestley
df59f4b047 Batch all supplementary information in Diffusion browse views
Summary: Ref T2683. Instead of sending one request for each path's history, send one request for all of it. This permits optimizations which are not currently available to us. It degrades the user experience a tiny bit in theory, but on my machine it's actually way faster already.

Test Plan: Loaded a browse page.

Reviewers: vrana, btrahan

Reviewed By: btrahan

Subscribers: epriestley, aran

Maniphest Tasks: T2683

Differential Revision: https://secure.phabricator.com/D5254
2014-05-12 11:47:26 -07:00
epriestley
ac020bc420 Implement a lint count query
Summary: Ref T2683. This query is currently unbatched and happens inside a view. Leave it inside the view for now, but separate it and make it batchable.

Test Plan: {F34848}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley, vrana, aran

Maniphest Tasks: T2683

Differential Revision: https://secure.phabricator.com/D5252
2014-05-12 11:47:25 -07:00
epriestley
e4ea092f60 Implement a chunked, APC-backed graph cache
Summary:
Ref T2683. This is a refinement and simplification of D5257. In particular:

  - D5257 only cached the commit chain, not path changes. This meant that we had to go issue an awkward query (which was slow on Facebook's install) periodically while reading the cache. This was reasonable locally but killed performance at FB scale. Instead, we can include path information in the cache. It is very rare that this is large except in Subversion, and we do not need to use this cache in Subversion. In other VCSes, the scale of this data is quite small (a handful of bytes per commit on average).
  - D5257 required a large, slow offline computation step. This relies on D9044 to populate parent data so we can build the cache online at will, and let it expire with normal LRU/LFU/whatever semantics. We need this parent data for other reasons anyway.
  - D5257 separated graph chunks per-repository. This change assumes we'll be able to pull stuff from APC most of the time and that the cost of switching chunks is not very large, so we can just build one chunk cache across all repositories. This allows the cache to be simpler.
  - D5257 needed an offline cache, and used a unique cache structure. Since this one can be built online it can mostly use normal cache code.
  - This also supports online appends to the cache.
  - Finally, this has a timeout to guarantee a ceiling on the worst case: the worst case is something like a query for a file that has never existed, in a repository which receives exactly 1 commit every time other repositories receive 4095 commits, on a cold cache. If we hit cases like this we can bail after warming the cache up a bit and fall back to asking the VCS for an answer.

This cache isn't perfect, but I believe it will give us substantial gains in the average case. It can often satisfy "average-looking" queries in 4-8ms, and pathological-ish queries in 20ms on my machine; `hg` usually can't even start up in less than 100ms. The major thing that's attractive about this approach is that it does not require anything external or complicated, and will "just work", even producing reasonble improvements for users without APC.

In followups, I'll modify queries to use this cache and see if it holds up in more realistic workloads.

Test Plan:
  - Used `bin/repository cache` to examine the behavior of this cache.
  - Did some profiling/testing from the web UI using `debug.php`.
  - This //appears// to provide a reasonable fast way to issue this query very quickly in the average case, without the various issues that plagued D5257.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley, jhurwitz

Maniphest Tasks: T2683

Differential Revision: https://secure.phabricator.com/D9045
2014-05-12 11:47:23 -07:00
epriestley
95eab2f3b0 Record parent relationships when discovering commits
Summary:
Ref T4455. This adds a `repository_parents` table which stores `<childCommitID, parentCommitID>` relationships.

For new commits, it is populated when commits are discovered.

For older commits, there's a `bin/repository parents` script to rebuild the data.

Right now, there's no UI suggestion that you should run the script. I haven't come up with a super clean way to do this, and this table will only improve performance for now, so it's not important that we get everyone to run the script right away. I'm just leaving it for the moment, and we can figure out how to tell admins to run it later.

The ultimate goal is to solve T2683, but solving T4455 gets us some stuff anyway (for example, we can serve `diffusion.commitparentsquery` faster out of this cache).

Test Plan:
  - Used `bin/repository discover` to discover new commits in Git, SVN and Mercurial repositories.
  - Used `bin/repository parents` to rebuild Git and Mercurial repositories (SVN repos just exit with a message).
  - Verified that the table appears to be sensible.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: jhurwitz, epriestley

Maniphest Tasks: T4455

Differential Revision: https://secure.phabricator.com/D9044
2014-05-12 11:47:22 -07:00
Chad Little
b2f3001ec4 Replace Sprite-Icons with FontAwesome
Summary: The removes the sprite sheet 'icons' and replaces it with FontAwesome fonts.

Test Plan:
- Grep for SPRITE_ICONS and replace
- Grep for sprite-icons and replace
- Grep for PhabricatorActionList and choose all new icons
- Grep for Crumbs and fix icons
- Test/Replace PHUIList Icon support
- Test/Replace ObjectList Icon support (foot, epoch, etc)
- Browse as many pages as I could get to
- Remove sprite-icons and move remarkup to own sheet
- Review this diff in Differential

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin, hach-que

Differential Revision: https://secure.phabricator.com/D9052
2014-05-12 10:08:32 -07:00
lkassianik
dfcccd4cb8 Add config to require real name, respect config when creating new users, drop real name from full name if not provided.
Summary: Fixes T4728, first pass, Make real name optional on user accounts

Test Plan: Default real name config should be false (not required). Create new user, real name should not be required. Toggle config, real name should be required. Users with no real name should be always listed by their usernames.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4728

Differential Revision: https://secure.phabricator.com/D9027
2014-05-12 09:51:41 -07:00
epriestley
1687ffcd9e Make phrasing on "Mark All Read" consistent
Summary: Fixes T5025. We label this action in two different ways ("Clear All Notifications", "Mark All Read"). The latter is probably a better description.

Test Plan: looked at the UI.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T5025

Differential Revision: https://secure.phabricator.com/D9073
2014-05-12 07:24:09 -07:00
epriestley
23487dc357 Update .arclint in Phabricator for phutil-library lint
Summary:
Also fix a few other minor issues:

  - Use lint config.
  - Fix a method signature from `arc unit --everything` (unrelated).
  - Add a javelin doc.

Test Plan: Ran `arc lint`, `arc unit`, `arc linters`.

Reviewers: btrahan, joshuaspence

Reviewed By: joshuaspence

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D9072
2014-05-12 06:01:30 -07:00
Joshua Spence
566f8ab9aa Use the ArcanistConfigurationDrivenLintEngine as a linting engine.
Summary:
Ref T2039. This diff is the equivalent to D9057, but for rP.

Depends on D9066.

Test Plan: Ran `arc lint` and ensure it doesn't complain about the `.arclint` file.

Reviewers: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T2039

Differential Revision: https://secure.phabricator.com/D9064
2014-05-12 04:47:25 -07:00
epriestley
94772689cd Further modernize lint documentation
Summary: Ref T2039. Contains a small amount of wishful thinking, I'll note it inline.

Test Plan: Generated and read documentation.

Reviewers: btrahan, avive, joshuaspence

Reviewed By: joshuaspence

Subscribers: epriestley, avivey

Maniphest Tasks: T2039

Differential Revision: https://secure.phabricator.com/D9061
2014-05-12 04:47:13 -07:00
epriestley
1644ef185e Fix system agent toggling in MySQL strict mode
Summary: `''` is not a valid integer.

Test Plan: Used `bin/accountadmin` to turn bot flag on and off for a user.

Reviewers: btrahan, Firehed

Reviewed By: Firehed

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D9046
2014-05-10 16:58:07 -07:00
epriestley
98013cc599 Fix typo
Summary: This doesn't look like it is spelled correctly.

Test Plan: Seems more correct now.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D9043
2014-05-10 11:39:39 -07:00
epriestley
b64415c9b1 Use bracket-free, human-readable query URIs everywhere
Summary: See <http://fab.wmflabs.org/T88>. While this issue is on MW's side, these links are kind of ugly and have more readable alternate forms now. Update them to use proper modern forms.

Test Plan: See inlines.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D9042
2014-05-10 11:37:38 -07:00
epriestley
997c8591b2 Add 'repositoryPHID' to 'differential.createrawdiff'
Summary:
See <https://github.com/facebook/phabricator/issues/596>

Broadly, Facebook would like to bring Pull Requests from GitHub into Phabricator.

In the long term we can do this properly via Doorkeeper/Nuance, but that's probably a ways off. This seems like a reasonable low-budget compromise for now.

I'm a little hesitant to add a ton of parameters to this call, but `repositoryPHID` seems pretty reasonable, and is notable because it also controls default policies.

Test Plan:
  - Created a diff with no repositoryPHID.
  - Created a diff with a repositoryPHID.
    - Verified it carried over when the diff was used to create a revision.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: ptarjan, jamesgpearce, epriestley

Differential Revision: https://secure.phabricator.com/D9023
2014-05-09 18:06:41 -07:00
Jacob Hurwitz
9d0d1ac42f Speed up DiffusionBrowseFileController by removing call to array_merge
Summary: Some profiling using XHProf in the Dark Console showed me that Diffusion was wasting a ton of time on array_merge. This change sped up the loading of a large file in Diffusion from 16.8 seconds to 2.4 seconds.

Test Plan: Load files in Diffusion. They all look good. Also, use a PHP shell to try to manually verify that I still kinda remember some PHP and, yes, this is functionally equivalent to what was there before.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9032
2014-05-09 18:06:29 -07:00
Bob Trahan
e96c363eef Add SMS support
Summary:
Provides a working SMS implementation with support for Twilio.

This version doesn't really retry if we get any gruff at all. Future versions should retry.

Test Plan: used bin/sms to send messages and look at them.

Reviewers: chad, epriestley

Reviewed By: epriestley

Subscribers: aurelijus, epriestley, Korvin

Maniphest Tasks: T920

Differential Revision: https://secure.phabricator.com/D8930
2014-05-09 12:47:21 -07:00
epriestley
e6aff100f2 Move even more rendering into SearchEngine
Summary: Ref T4986. I think this is the last of the easy ones, there are about 10 not-quite-so-trivial ones left.

Test Plan:
  - Viewed app results.
  - Created panels.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4986

Differential Revision: https://secure.phabricator.com/D9025
2014-05-09 12:28:02 -07:00
epriestley
352d9f6b06 Move more rendering into SearchEngines for panels
Summary: Ref T4986. Getting closer. Nothing out of the ordinary in this group.

Test Plan:
For each application:

  - Viewed the normal search results.
  - Created a panel version and viewed it.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4986

Differential Revision: https://secure.phabricator.com/D9024
2014-05-09 12:25:52 -07:00
epriestley
78b89711cb Move a bunch more rendering into SearchEngine
Summary: Ref T4986. These are mostly mechanical now, I skipped a couple of slightly tricky ones. Still a bunch to go.

Test Plan:
For each engine:

  - Viewed the application;
  - created a panel to issue the query.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4986

Differential Revision: https://secure.phabricator.com/D9017
2014-05-08 20:04:19 -07:00
epriestley
c6a68aadc0 Move dashboard list rendering to ApplicationSearch
Summary: Ref T4986. This is "good" and "desirable".

Test Plan: Saw dashboard list, panel.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4986

Differential Revision: https://secure.phabricator.com/D9015
2014-05-08 20:04:18 -07:00
epriestley
46405064e9 Move Countdown rendering to SearchEngine
Summary: Ref T4986.

Test Plan: Viewed app, made a panel.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4986

Differential Revision: https://secure.phabricator.com/D9014
2014-05-08 20:04:18 -07:00
epriestley
9d1cfcd8ec Move Conduit rendering to SearchEngine
Summary: Ref T4986. Nothing special.

Test Plan: Looked at Conduit, made a panel.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4986

Differential Revision: https://secure.phabricator.com/D9013
2014-05-08 20:04:18 -07:00
epriestley
684805a88a Move rendering to SearchEngine for Calendar
Summary:
Ref T4986. This one needs `getApplicationURI()` so make it a little beefier to deal with that.

(It would be vaguely nice to somehow share the handle and application stuff between Controllers and Engine classes like this, but I don't immediately see a clean way to do it without traits. Not a big deal, in any case.)

Test Plan:
  - Viewed Calendar.
  - Made a Calendar panel.
  - Viewed feed.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4986

Differential Revision: https://secure.phabricator.com/D9012
2014-05-08 20:04:18 -07:00
epriestley
c72b753e54 Move audit rendering into SearchEngine
Summary:
Ref T4986. Updates audit.

Slightly tweaks on method visibility.

Just used a HandleQuery since we have to rebuild the whole view thing otherwise; this is an unusual case.

Test Plan:
  - Checked Audit.
  - Checked Feed.
  - Checked Slowvote.

{F151555}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4986

Differential Revision: https://secure.phabricator.com/D9011
2014-05-08 20:04:18 -07:00
epriestley
8f42f4b538 Move Slowvote rendering into SearchEngine
Summary:
Ref T4986. This adds a bit of structure for handles, since we used to have Controller utilities but no longer do.

Hopefully these will start going faster soon...

Test Plan:

  - Checked feed for collateral damage.
  - Checked slowvote for collateral damage.
  - Made a slowvote panel.

{F151550}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4986

Differential Revision: https://secure.phabricator.com/D9010
2014-05-08 20:04:18 -07:00
epriestley
dadd9a9dd9 Let feed panels render something meaningful-ish
Summary:
Ref T4986. We need to introduce alternate views to make this more pleasant, but let rendering move to engines so it can be shared between panels and controllers.

I also moved some of the pagination logic in to avoid duplicating that.

So far, only Feed works. I'm going to do these gradually since we have ~40-50 of them.

Test Plan:
  - Used global search to check for collateral damage.
  - Used not-global search too.
  - Used normal feed.

{F151541}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: chad, epriestley

Maniphest Tasks: T4986

Differential Revision: https://secure.phabricator.com/D9008
2014-05-08 20:04:18 -07:00
epriestley
d30f43b15b Rough skeleton of a "Query" dashboard panel
Summary: Ref T4986. This isn't pretty/usable yet (I need to move rendering out of ListController classes and into SearchEngine classes, I think) but does pull the correct results.

Test Plan: {F151537}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4986

Differential Revision: https://secure.phabricator.com/D9007
2014-05-08 20:04:17 -07:00
Ashish SHUKLA
0da22abdb5 WordPress.com OAuth2 plugin
Summary:
This plugin provides an OAuth authentication provider to authenticate users using WordPress.com Connect.

This diff corresponds to github pull request https://github.com/facebook/phabricator/pull/593/ and had its libphutil counterpart reviewed in D9004.

Test Plan: Configured WordPress.com as an authentication provider, saw it show up on the login screen, registered a new account, got expected defaults for my username/name/email/profile picture.

Reviewers: chad, #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D9019
2014-05-08 14:23:19 -07:00
Chad Little
38739755c6 Make workboards truly 'fixed' in display
Summary:
**WIP**

This sets a shadow fixed to the full screen of the browser for which panels to live in. I have some minor things to fix, but play with it.

Specifically I haven't been able to dig up when stuff that overflowwed, doesn't always render even after scroll.

Test Plan: Test on a board with many tasks, many panels, small screens. Test on mobile too!

Reviewers: epriestley, btrahan

Reviewed By: btrahan

Subscribers: qgil, epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9005
2014-05-08 14:21:32 -07:00
Bob Trahan
61dd5ab6c1 Worker - supporting running queued tasks in process
Summary: Ref D8930. My "send test" for SMS was failing before this patch, and now it works nicely.

Test Plan: Used new code in D8930 that uses $this->queueTask() to get some work done and it got done in process

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9018
2014-05-08 13:14:58 -07:00
epriestley
c3838c5354 Fix construction of "View Tasks" URI from user profiles
Summary: Fixes T4995. This uses commas so it shouldn't have `[]`. I think I just derped this a while ago.

Test Plan: fiddled

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T4995

Differential Revision: https://secure.phabricator.com/D9009
2014-05-08 10:33:32 -07:00
epriestley
24dcd36fe6 Fix a link in the documentation
Summary: Was bad, now good.

Test Plan: Observed goodness.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D9003
2014-05-07 14:58:49 -07:00
Bob Trahan
7f13e8a5c5 Workboards - remove 7 column restriction
Summary: Fixes T4914. We currently have a finite limit on column displays which caused T4914. This fixes T4914 by no longer using a fluid layout. Rather, we use a fixed column width layout which does not have a 7 column limit. Future work - see T4054 for an example - will likely make the fluid layout thing work with infinite columns, and / or other work may re-jigger project workboards directly.

Test Plan: had a project like in T4914 that wouldn't load and it loaded post this change! added more columns and using javascript inspector noted proper width being set

Reviewers: epriestley, chad

Reviewed By: epriestley

Subscribers: joshuaspence, epriestley, Korvin

Maniphest Tasks: T4054, T4914

Differential Revision: https://secure.phabricator.com/D8942
2014-05-07 09:38:29 -07:00
epriestley
9a4188e89b Fix transaction apply issue for Paste subscriptions
Summary: Fixes T4979.

Auditors: btrahan
2014-05-07 07:21:37 -07:00
epriestley
0620386d0e Fix typo (demo)
Summary: There was a typo.

Test Plan: Now there is no typo.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: aran, epriestley

Differential Revision: https://secure.phabricator.com/D8995
2014-05-07 07:19:50 -07:00
Aviv Eyal
61257d88d5 Update doc for available lints
Summary:
- Mention many new linters now included.
- Basic description of .arclint + example
- Move Philosophy sections above Configuration sections.

Test Plan: compile with bin/diviner.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: joshuaspence, hach-que, epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9000
2014-05-06 19:08:30 -07:00
William R. Otte
a57cbbea8c Fix for email parsing from Outlook clients.
Summary: D1239 got it mostly right, but some versions of Outlook apparently put a '> ' in front of the 'Original Message' marker, which the parser couln't grok.

Test Plan: Added a test case to the unit tests, applied the patch to my install and asked one of my heathen Outlook using colleagues to reply to a Conpherence post.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8998
2014-05-06 20:31:27 -05:00
Bob Trahan
7f56bcd2d4 Fix paste
Summary: Fixes T4970.

Test Plan: left a comment on a paste

Reviewers: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4970

Differential Revision: https://secure.phabricator.com/D8996
2014-05-06 15:00:39 -07:00
Yonas Yanfa
a928caf41d Fix typos on Import Repository page
See: <https://github.com/facebook/phabricator/pull/590>

Reviewed by: epriestley
2014-05-05 14:28:49 -07:00
Gareth Evans
01892e3808 Add Marked With Any Flag search option
Summary: T3692

Test Plan: Search for macros with/without flags and then all flagged

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Maniphest Tasks: T3692

Differential Revision: https://secure.phabricator.com/D8976
2014-05-05 14:20:28 -07:00
epriestley
572089c936 Give removed comments a special icon
Summary: Ref T4909.

Test Plan: {F150659}

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T4909

Differential Revision: https://secure.phabricator.com/D8984
2014-05-05 12:00:27 -07:00
epriestley
85bc05be25 Make two small fixes to the quoting feature
Summary:
Ref T4119.

  - Trim newlines off the quoted text before quoting it; otherwise we can end up with a staircase of ">" at the end of a quote.
  - Allow image macros to have leading whitespace, so multiple consecuitive quoted macros work properly.

Test Plan: I QUOTED MACROS A LOT OF TIMES

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T4119

Differential Revision: https://secure.phabricator.com/D8983
2014-05-05 11:23:12 -07:00
epriestley
bfc1ccfdf1 Move all comment management junk into a dropdown menu
Summary:
man I sure hate Javascript

I removed the ajax-edit and ajax-remove interactions, becuase they were prohibitively complex to get working given that the entire menu has to change too. Instead, the page just reloads. This works perfectly fine in practice.

If we want to restore these in the future, we should have the server re-render the entire transaction group or something. I think very little is lost here, though.

Test Plan:
  - Took all the actions.
  - Used existing dropdown menus.

{F150196}

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8966
2014-05-05 10:57:23 -07:00
epriestley
cb44531751 Use ActionList-based dropdowns in Policy
Summary: See previous diffs. These mostly look reasonable with shared CSS.

Test Plan: {F150431}

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8975
2014-05-05 10:56:57 -07:00
epriestley
7584d10b49 Use ActionList-based dropdowns in Conpherence
Summary:
See D8966, D8973. Replace PhabricatorDropdownMenu with PHUIXDropdownMenu.

These new menus look weird on mobile because all action lists pick up a bunch of weird styles on mobile and we're now reusing the CSS.

Test Plan:
{F150425}

{F150426}

Reviewers: btrahan, chad

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8974
2014-05-05 10:56:38 -07:00
epriestley
707c5aec81 Add a quote action to Differential and Maniphest
Summary:
Ref T4119. This is ugly for now, but technically works.

The comment area and transaction log don't realy know about each other, so for the moment the linking is a bit manual. Differential/Maniphest are special cases anyway.

Test Plan: {F149992}

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4119

Differential Revision: https://secure.phabricator.com/D8957
2014-05-05 10:55:58 -07:00
epriestley
b3476af5f0 Add support and very basic styling for quotes in Phabricator
Summary: Ref T4119. Adds the block rule and makes a faint effort at CSS.

Test Plan: See D8953 for a screenshot.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4119

Differential Revision: https://secure.phabricator.com/D8955
2014-05-05 10:55:44 -07:00
epriestley
58f66fea80 Allow users to remove their own comments, and administrators to remove any comment
Summary:
Fixes T4909. Adds a "remove" link next to the edit link, which permanently hides a comment. Addresses two use cases:

  - Allowing administrators to clean up spam.
  - Allowing users to try to put the genie back in the bottle if they post passwords or sensitive links, etc.

The user who removed the comment is named in the removal text to enforce some level of administrative accountability.

No data is deleted, but there's currently no method to restore these comments. We'll see if we need one.

This is cheating a little bit by storing "removed" as "2" in the isDeleted field. This doesn't seem tooooo bad for now.

Test Plan:
  - Removed some of my comments.
  - As an administrator, removed other users' comments.
  - Failed to view history of a removed comment.
  - Failed to edit a removed comment.
  - Failed to remove a removed comment.
  - Verified feed doesn't show the old comment after comment removal.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: qgil, chad, epriestley

Maniphest Tasks: T4909

Differential Revision: https://secure.phabricator.com/D8945
2014-05-05 10:55:32 -07:00
epriestley
6bced2170e Allow structured destruction of Maniphest tasks
Summary:
Ref T4749. Ref T3265. Ref T4909.

  - Support ManiphestTasks in `bin/remove`.
  - Transactions need manual help for now.

Test Plan:
  - Destroyed tasks.
  - Examined log to verify task, transaction, and comment destruction.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3265, T4749, T4909

Differential Revision: https://secure.phabricator.com/D8944
2014-05-05 10:55:19 -07:00
epriestley
74faacee4d Never try to run README as a commit hook
Summary:
Fixes T4960. Users `chmod +x` this, and then bash chokes on it.

Phabricator "owns" this file anyway, so there is no real ambiguity here: this should never be a hook script.

Test Plan:
  - Did `chmod +x README`.
  - Made a commit.
  - Added `z.sh`, got blocked.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T4960

Differential Revision: https://secure.phabricator.com/D8981
2014-05-05 10:54:53 -07:00
epriestley
ac9c82fcdf Check view policy, not join policy, when raising an error for Phame custom domains
Summary: A user in IRC hit this; this looks like a typo.

Test Plan: Created a new blog with a public view policy, a non-public join policy, and a custom domain.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: legien, epriestley

Differential Revision: https://secure.phabricator.com/D8980
2014-05-05 10:54:44 -07:00
epriestley
9b66f00484 Make tokens more accessible to assitive technologies
Summary:
Ref T4843.

  - The token award buttons are just icons.
  - The tokens themselves are just icons.
  - Also spread the tokens out a tiny bit, they feel a little tight to me right now.

Test Plan: Used VoiceOver to read out tokens and token actions. Looked at an object with several token awards.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4843

Differential Revision: https://secure.phabricator.com/D8982
2014-05-05 10:54:34 -07:00
epriestley
cc8827a8c1 Improve accessibility of some UI elements (forms, icons, timeline)
Summary: Ref T4843. Chips away at a few more things.

Test Plan: Used VoiceOver and got a generally more sensible-seeming result.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T4843

Differential Revision: https://secure.phabricator.com/D8978
2014-05-05 08:16:35 -07:00
epriestley
bd7420c4bb Allow pastes to be edited
Summary: Fixes T4814.

Test Plan: Edited pastes from the web UI.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4814

Differential Revision: https://secure.phabricator.com/D8970
2014-05-04 11:11:46 -07:00
epriestley
c2f58496ad Make the paste "Create" transaction take a file PHID instead of content
Summary:
Ref T4814. Although this approach made sense at one point, we have more file infrastructure now and T4814 will be easier if we just pass a PHID in.

Also swap Conduit over to use the Editor.

Test Plan:
  - Created a paste.
  - Created a paste via Conduit.
  - Verified that files had correct permissions and appropriate object links in Files.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4814

Differential Revision: https://secure.phabricator.com/D8969
2014-05-04 11:11:34 -07:00
epriestley
a272ddcc78 Fix two parsing issues for diffs with damaged whitespace
Summary:
Fixes T4941. If a diff has had trailing whitespace stripped, we will fail to handle empty lines correctly (previously, these lines had a leading space when the original tool emitted them).

(This probably stopped working around the time we began retaining newlines.)

Test Plan: The diff in T4941 now parses and renders correctly.

Reviewers: asherkin, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4941

Differential Revision: https://secure.phabricator.com/D8968
2014-05-04 10:48:49 -07:00
epriestley
58fbb0ae53 Support mailto in Phabricator config defaults
Summary: Fixes T3949.

Test Plan: grumble grumble

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3949

Differential Revision: https://secure.phabricator.com/D8963
2014-05-04 10:48:35 -07:00
epriestley
ca6b821cda Minor, fix undefined variable during Passphrase creation. 2014-05-04 05:00:14 -07:00
lkassianik
d7b7b19337 Add a "Lock Permanently" action to Passphrase
Summary: Fixes T4931. Each new credential should come with the ability to lock the credential permanently, so that no one can ever edit again. Each existing credential must allow user to lock existing credential.

Test Plan: Create new credential, verify that you can lock it before saving it. Open existing unlocked credential, verify that option to lock it exists. Once credential is locked, the option to reveal it should be disabled, and editing the credential won't allow username/password updates.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4931

Differential Revision: https://secure.phabricator.com/D8947
2014-05-02 18:21:51 -07:00
Bob Trahan
bfa8803287 Search - making clicking the search button not submit placeholder text
Summary: Need to wire up the button to have a click handler that clears out the placeholder text. Fixes T4847.

Test Plan: Clicked the search button and got results for nothing as opposed to "Search." Typed a search and clicked button and got expected results.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4847

Differential Revision: https://secure.phabricator.com/D8960
2014-05-02 17:57:01 -07:00
Chad Little
83dc10f6ac Fix minor design nits, Herald
Summary:
 - Personal Rules display like globals
 - Remove "boxy" look around transcripts
 - Fix Property list widths, breaks, on mobile
 - Add proper blank state for no actions

Test Plan: Tested Herald on mobile and desktop, used simulator in Chrome

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8958
2014-05-02 14:25:58 -07:00
Bob Trahan
4e4a520b78 Transactions - fix edit submit URI
Summary:
tracing this a bit, in core/behavior-form.js we end up doing form.submit() on this form. Before this patch, the form had no submitURI set so it ended up doing a page load. Now, we set the submitURI and (at least) the form is actually submitted and data is saved. Ref T4669.

Not sure how come the syntheticSubmit even isn't getting picked up though?

Test Plan: hit apple + enter to submit comment edit. page reloaded and my edit persisted!

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4669

Differential Revision: https://secure.phabricator.com/D8952
2014-05-02 09:37:34 -07:00
Bob Trahan
97f88f468b Audit - fix profile link
Summary: forgot to update this with new application search.

Test Plan: verified "View Commits" took me to my commits and the commits of another user from respective profile pages.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8951
2014-05-02 08:56:16 -07:00
epriestley
889440ead0 Allow structured destruction of Differential Revisions
Summary:
Ref T4749. Ref T3265. Ref T4909.

  - Remove old "destroy revision" script.
  - Move to structured `bin/remove` destruction.
  - Fix some edge issues.
  - Add transaction destruction support.

Test Plan:
  - Destroyed a bunch of revisions.
  - Saw diffs, changesets, hunks, transactions, edges, and inlines also get wiped out.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4749, T4909, T3265

Differential Revision: https://secure.phabricator.com/D8943
2014-05-01 18:25:30 -07:00
epriestley
2022a70e16 Implement bin/remove, for structured destruction of objects
Summary:
Ref T4749. Ref T3265. Ref T4909. Several goals here:

  - Move user destruction to the CLI to limit the power of rogue admins.
  - Start consolidating all "destroy named object" scripts into a single UI, to make it easier to know how to destroy things.
  - Structure object destruction so we can do a better and more automatic job of cleaning up transactions, edges, search indexes, etc.
  - Log when we destroy objects so there's a record if data goes missing.

Test Plan: Used `bin/remove destroy` to destroy several users.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3265, T4749, T4909

Differential Revision: https://secure.phabricator.com/D8940
2014-05-01 18:23:31 -07:00
epriestley
1876bef404 Add CSS and docs for remarkup checkbox list styles
Summary: See D8931. Ref T3945. CSS for the checkmark styles.

Test Plan: {F149713}

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T3945

Differential Revision: https://secure.phabricator.com/D8932
2014-05-01 17:53:34 -07:00
Bob Trahan
d1d6924dfa Maniphest - add conduit method to get status information
Summary: Ref T4938. `arc close` needs to know about custom statuses and this conduit method is step 1 of letting it know

Test Plan: See next diff, which works!

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4938

Differential Revision: https://secure.phabricator.com/D8937
2014-05-01 16:11:39 -07:00
Chad Little
f32662a729 Fix audit display on the homedashpageboxlist
Summary: we need set flush on the home display

Test Plan: checked home and audit home, both cards, proper spacing

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8939
2014-05-01 16:09:25 -07:00
Chad Little
173fd49e67 Used Cards instead of States for Harbormaster Buildables
Summary: Switched to Obect Cards for better consistency with application search. Added Byline for colorblind/accessability (can move).

Test Plan: Tested my Harbormaster build.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8934
2014-05-01 14:38:21 -07:00
Chad Little
da5f22172c Update Audit to use Cards in ObjectList
Summary: For general consistency with Differential / other application searches. May look at "Cards" as the default view for everything.

Test Plan: Reload my Audit page, easier to read and find status colors.

Reviewers: epriestley, btrahan

Reviewed By: btrahan

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8935
2014-05-01 14:37:06 -07:00
epriestley
7145587df7 Lock down some config options
Summary:
This is just a general review of config options, to reduce the amount of damage a rogue administrator (without host access) can do. In particular:

  - Fix some typos.
  - Lock down some options which would potentially let a rogue administrator do something sketchy.
    - Most of the new locks relate to having them register a new service account, then redirect services to their account. This potentially allows them to read email.
    - Lock down some general disk stuff, which could be troublesome in combination with other vulnerabilities.

Test Plan:
  - Read through config options.
  - Tried to think about how to do evil things with each one.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8928
2014-05-01 10:23:49 -07:00
epriestley
68023e64a9 Document multi-factor authentication
Summary: Ref T4398. This has a few lies (in the sense of "features that don't work yet") but should describe behavior accurately after a few more patches.

Test Plan: Read it.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8910
2014-05-01 10:23:41 -07:00
epriestley
a04e138ae2 Minor cleanup of some session code
Summary: Ref T4398. Add some documentation and use `phutil_units()`.

Test Plan:
  - Established a web session.
  - Established a conduit session.
  - Entered and exited hisec.
  - Used "Sessions" panel to examine results.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8924
2014-05-01 10:23:19 -07:00
epriestley
e146958217 Generate QR codes for TOTP tokens
Summary: Ref T4398. I found a reasonable-ish LGPLv3 library for doing this, which isn't too huge or unwieldy.

Test Plan:
  - Scanned QR code with Authy.
  - Scanned QR code with Google Authenticator.

{F149317}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8923
2014-05-01 10:23:11 -07:00
epriestley
50376aad04 Require multiple auth factors to establish web sessions
Summary:
Ref T4398. This prompts users for multi-factor auth on login.

Roughly, this introduces the idea of "partial" sessions, which we haven't finished constructing yet. In practice, this means the session has made it through primary auth but not through multi-factor auth. Add a workflow for bringing a partial session up to a full one.

Test Plan:
  - Used Conduit.
  - Logged in as multi-factor user.
  - Logged in as no-factor user.
  - Tried to do non-login-things with a partial session.
  - Reviewed account activity logs.

{F149295}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8922
2014-05-01 10:23:02 -07:00
Chad Little
1e6b2f26e9 Change spacing, layout of ObjectItem states
Summary:
A few tweaks:

 - Height in box is consistent now at 50px an Object
 - Divider/rule extends full width of box
 - Icon centers inside rule, box area.

Test Plan:
Test UIExamples, check spacing with 4px grid in Photoshop. Test mobile/desktop layout of Harbormaster.

{F149599}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8929
2014-05-01 09:35:14 -07:00
epriestley
730cb65913 Add aural label for "application" breadcrumb in crumbs
Summary: Ref T4843. This is a purely-visual link; label it with the application name.

Test Plan: {F149583}

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T4843

Differential Revision: https://secure.phabricator.com/D8927
2014-05-01 08:55:45 -07:00
epriestley
2f7508929f Document the aural attribute and __aural__ preview mode
Summary:
Ref T4843. Document the new assistive features in the developer docs.

(Also use the recommended mode to set them. They're equivalent for `aural=true` (but not for `aural=false`), so this doesn't actually change anything.)

Test Plan: Read documentation.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T4843

Differential Revision: https://secure.phabricator.com/D8926
2014-05-01 07:54:29 -07:00
austinkelleher
eec0576793 Make the hard limit on the number of files showing in Herald emails a constant.
See: <https://github.com/facebook/phabricator/pull/587>

Reviewed by: epriestley
2014-05-01 07:37:26 -07:00
epriestley
c9dc554cb9 Allow users to provide alt text for image embeds
Summary:
Ref T4843.

  - Add an `alt` attribute so users can provide alternate text for `{Fnnn}`.
  - Add an `alt` attribute to image macros.

Test Plan: Embedded an image with `alt` and a macro, inspected HTML source to verify the `alt` attribute was present.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T4843

Differential Revision: https://secure.phabricator.com/D8925
2014-05-01 07:18:29 -07:00
epriestley
e8cebb7da5 Add support for aural-only and visual-only elements
Summary:
Ref T4843. This adds support to `javelin_tag()` for an `aural` attribute. When specified, `true` values mean "this content is aural-only", while `false` values mean "this content is not aural".

  - I've attempted to find the best modern approaches for marking this content, but the `aural` attribute should let us change the mechanism later.
  - Make the "beta" markers on application navigation visual only (see T4843). This information is of very low importance, the application navigation is accessed frequently, and the information is available on the application list.
  - Partially convert the main navigation. This is mostly to test things, since I want to get more concrete feedback about approaches here.
  - Add a `?__aural__=1` attribute, which renders the page with aural-only elements visible and visual-only elements colored.

Test Plan: {F146476}

Reviewers: btrahan, scp, chad

Reviewed By: chad

Subscribers: aklapper, qgil, epriestley

Maniphest Tasks: T4843

Differential Revision: https://secure.phabricator.com/D8830
2014-05-01 07:18:18 -07:00
epriestley
3fde020049 Make many actions require high security
Summary:
Ref T4398. Protects these actions behind a security barrier:

  - Link external account.
  - Retrieve Conduit token.
  - Reveal Passphrase credential.
  - Create user.
  - Admin/de-admin user.
  - Rename user.
  - Show conduit certificate.
  - Make primary email.
  - Change password.
  - Change VCS password.
  - Add SSH key.
  - Generate SSH key.

Test Plan: Tried to take each action and was prompted for two-factor.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8921
2014-04-30 17:44:59 -07:00
lkassianik
cf3f8cd809 Ask users to choose a pronoun instead of sex in the Account settings panel
Summary: Fixes T4845, Use "choose a pronoun" prompt for (grammatical) gender selection instead of "Sex"

Test Plan: Open Account settings panel, expand Pronoun dropdown, verify that options are "<username> updated their/her/his profile". Switch to different language, verify that pronouns propogate

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Maniphest Tasks: T4845

Differential Revision: https://secure.phabricator.com/D8920
2014-04-30 14:42:07 -07:00
epriestley
23e654ec2b Rate limit multi-factor actions
Summary: Ref T4398. Prevent users from brute forcing multi-factor auth by rate limiting attempts. This slightly refines the rate limiting to allow callers to check for a rate limit without adding points, and gives users credit for successfully completing an auth workflow.

Test Plan: Tried to enter hisec with bad credentials 11 times in a row, got rate limited.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8911
2014-04-30 14:30:31 -07:00
epriestley
535cfa3ebe Add bin/auth list-factors and bin/auth strip to remove multi-factor auth
Summary:
Ref T4398. The major goals here is to let administrators strip auth factors in two cases:

  - A user lost their phone and needs access restored to their account; or
  - an install previously used an API-based factor like SMS, but want to stop supporting it (this isn't possible today).

Test Plan:
  - Used `bin/auth list-factors` to show installed factors.
  - Used `bin/auth strip` with various mixtures of flags to selectively choose and strip factors from accounts.
  - Also ran `bin/auth refresh` to verify refreshing OAuth tokens works (small `OAuth` vs `OAuth2` tweak).

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8909
2014-04-30 14:30:00 -07:00
epriestley
d41416faf0 Let dashboard panel types use customfield to manage editing
Summary: Ref T3583. Use the same approach Harbormaster does to give panels cheap forms.

Test Plan:
{F149218}

{F149219}

{F149220}

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3583

Differential Revision: https://secure.phabricator.com/D8919
2014-04-30 14:29:41 -07:00
epriestley
dbadfeb6b7 Give dashboards basic rendering and Ajax support
Summary: Ref T3583. Let dashboards "render", sorta.

Test Plan: {F149187}

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3583

Differential Revision: https://secure.phabricator.com/D8917
2014-04-30 14:29:14 -07:00
epriestley
941f0ba7ae Allow panels to appear on dashboards
Summary:
Ref T3583. Adds edges, query relationships, etc. Lots of debugging/temporary UI.

My general intent here is to use edges to track where panels appear, and then put additional data on the dashboard itself to control layout, positioning, etc.

Dashboards don't actually render yet so this is still pretty boring.

Test Plan:
{F149175}

{F149176}

{F149177}

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3583

Differential Revision: https://secure.phabricator.com/D8916
2014-04-30 14:28:55 -07:00
epriestley
0916af5336 Let dashboard panels render in a very basic way
Summary: Ref T3583. This implements very primitive panel rendering on the panel detail page, and an ajaxable standalone view.

Test Plan:
{F149135}

{F149136}

{F149137}

{F149138}

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3583

Differential Revision: https://secure.phabricator.com/D8913
2014-04-30 14:28:37 -07:00
epriestley
ea954c37e4 Add dashboard panel types
Summary: Ref T3583. These will be the primary class carrying panel implementations.

Test Plan:
{F149125}

{F149126}

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3583

Differential Revision: https://secure.phabricator.com/D8912
2014-04-30 14:28:20 -07:00
Bob Trahan
5f02ed5bbb Phame - add some application polish.
Summary:
Fixes T4880. More specifically

 - adds an "edit" pencil to post lists iff you can edit the post
   - style change so this has no text-decoration
 - adds a "no data" box if you have no posts in a given view
   - style change to crush some margins so it formats like posts do
 - adds some validation that your configuration is correct if you are specifying a custom domain
 - updates docs about custom domains

Test Plan: clicked around and it was better! (see screenshots) read doc changes carefully

Reviewers: epriestley, chad

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4880

Differential Revision: https://secure.phabricator.com/D8918
2014-04-30 13:19:14 -07:00
epriestley
366861f106 Revert the global "not imported yet" warning in Diffusion until we have better support
Summary:
Partially reverts D8903. This was hacky to begin with, but completely breaks if the filetree is enabled (`$view` is not an array).

Just toss it until we have a more structured way to insert it into the document properly. I don't think it's especially important (the Herald warning is way more important).

Test Plan: Multiple users reported that stuff is no longer broken.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8914
2014-04-30 11:39:14 -07:00
epriestley
d5f874b493 Unfatal "Create Repository" UI
See: <https://github.com/facebook/phabricator/issues/584>

Not all controllers in Diffusion have a DiffusionRequest.

Auditors: btrahan
2014-04-30 03:47:54 -07:00
James Rhodes
466af33147 Fix Diffusion crash
Summary: This fixes a crash that happens when visiting Diffusion pages due to an undefined variable.  `$title` is only defined if it has a status to show, but then it uses it anyway and fails.

Test Plan: Pages stopped crashing and people stopped complaining.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8906
2014-04-29 19:06:52 -07:00
Aviv Eyal
31580f19d9 fix query for doorkeeper
Summary: Got exception in daemon logs.

Test Plan: rerun tasks, not exception.

Reviewers: btrahan, epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8905
2014-04-29 15:12:04 -07:00
Bob Trahan
7ed28dacb5 Diffusion + Herald - warn users if importing repository
Summary: 'cuz things fail a bunch until importing is done. Fixes T4094.

Test Plan: set isImporting to return true. Browsed Diffusion and saw helpful warnings everywhere. Browse Herald transcript and saw a helpful warning

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4094

Differential Revision: https://secure.phabricator.com/D8903
2014-04-29 15:07:00 -07:00
epriestley
8fe27800fc Don't show document types in search for uninstalled applications
Summary:
Fixes T4917. Currently, if a user doesn't have access to, e.g., Phriction, they still get a checkbox in the search results to search for Wiki Documents. Those results will be filtered anyway, so this is confusing at best.

Instead, bind PHID types to applications. This is a relatively tailored fix; some areas for potential future work:

  - Go through every PHID type and bind them all to applications. Vaguely nice to have, but doesn't get us anything for now.
  - If no searchable application is installed, we don't show you an error state. This isn't currently possible ("People" is always installed) but in the interest of generality we could throw an exception or something at least.
  - The elasticserach thing could probably constrain types to visible types, but we don't have a viewer there easily right now.

Test Plan: Uninstalled Phriction, saw the checkbox vanish.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4917

Differential Revision: https://secure.phabricator.com/D8904
2014-04-29 15:01:50 -07:00
lkassianik
1d5731b1ae Restrict marking task duplicate to "merge duplicates" workflow
Summary: Fixes T4819, remove status "duplicate" from dropdown in edit task unless task is already in duplicate status

Test Plan: Edit task, not in duplicate status, verify dropdown does not have "duplicate" option. Edit task already in "duplicate" status, verify that dropdown shows "duplicate" status option.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Maniphest Tasks: T4819

Differential Revision: https://secure.phabricator.com/D8902
2014-04-29 11:41:30 -07:00
epriestley
f32971cf81 Hide harbormaster build passes in feed
Summary: These stories/notifications aren't too useful, just turn them off at least for now.

Test Plan: Will vet this in a sec...

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8899
2014-04-29 11:10:34 -07:00
Chad Little
db42aae361 Add PHUIObjectItemView Status Display to Harbormaster
Summary: Took a short pass here with the new UI, holler if something is TOO EXTREME.

Test Plan:
Tested with manual sleep builds.

{F148693}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8901
2014-04-29 11:10:16 -07:00
epriestley
692a28b5b2 Unfatal rendering of repository policy transactions
Summary: Fixes T4919. There's some special casing in Diffusion for CAN_PUSH right now, just accommodate that until things get more general.

Test Plan: Viewed a repository edit screen with a custom policy transaction. Clicked the link to view it.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4919

Differential Revision: https://secure.phabricator.com/D8898
2014-04-29 10:57:32 -07:00
epriestley
301c7d0a14 Require the "ctype" extension explicitly
Summary: Fixes T4916. Although every normal build of PHP has this in the core, at least one distribution which users could reasonably encounter does not.

Test Plan: Changed string to "ctypex", got setup warning. Changed to "ctype", got no warning.

Reviewers: hach-que, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4916

Differential Revision: https://secure.phabricator.com/D8896
2014-04-29 10:57:10 -07:00
Bob Trahan
bcdef099c2 Notifications - add a "Clear All Notifications" link to dropdown
Summary: Fixes T2576. Also hyperlinks "Notifications" and "Messages" for easier quick navigation to those areas. Maybe we could get rid of the "See All X" UI at the bottom and use these links?

Test Plan: cleared all notifications from new UI - it worked! observed new linked "Notifications" and "Messages" headers

Reviewers: chad, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T2576

Differential Revision: https://secure.phabricator.com/D8894
2014-04-29 10:43:38 -07:00
Peng Li
3a0694543d Put a limit on the number of files showing in herald emails
Summary:
Sometimes a commit can be huge (like a branch cut in FB www which could have more than half a million files touched). It will generate some emails with size more than 30M, and it will take quite a while to just sort the files and to send out.
Put a hard limit here to avoid such cases. Probably only matters for FB right now, but still even for a small repo with several thousand files, it is a waste to send them all out. Not sure if there is any cleaner way to do it though.

Test Plan: Tried it in FB installtion.

Reviewers: lifeihuang, epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8889
2014-04-29 10:38:39 -07:00
Chad Little
cafd2dd6cb Add Success/Fail states to PHUIObjectList
Summary:
A number of interfaces could use a more consice looking ObjectItemList for showing pass/fail/warn states.

 - Added a new "State" for PHUIObjectItemListView
 - Updated UIExamples
 - Implemented in Herald (next Harmormaster)

Test Plan: UIExamples / Herald, desktop and mobile

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8893
2014-04-29 10:14:18 -07:00
Chad Little
645631b3de Remove errant wedgies in timeline
Summary: The removes the wedge until such time as we have Herald/Build icons. Actually, this is probably better/cleaner.

Test Plan: Have Herald add me as a CC, test new layout in desktop and mobile.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8895
2014-04-29 10:11:40 -07:00
Bob Trahan
94a2cfbe44 Policy Transactions - add a details view for custom policy
Summary: 'cuz those can be complicated. Fixes T4738. I needed to do a fair amount of heavy lifting to get the policy stuff rendering correctly. For now, I made this end point very one purpose and tried to make that clear.

Test Plan: looked at some custom policies. see screenshots.

Reviewers: chad, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4738

Differential Revision: https://secure.phabricator.com/D8890
2014-04-29 09:42:54 -07:00
Chad Little
3bc2db199a Add a Stacked view for PropertyList
Summary: Turns a Property List into a stacked view like on tablet/mobile. Useful for where text is longer.

Test Plan:
Test a Herald Transcript page

{F148438}

{F148439}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8891
2014-04-29 07:04:22 -07:00
Michael Peters
b6fa4856d2 Making size=full images have a shadow and be inline-block so the space next to them isn't clickable Fixes #4902
Summary: Added .phabricator-remarkup-embed-image to full size images as well

Test Plan: Add an image e.g. `{F123, size=full}` and verify that it has a shadow and the space next to it isn't clickable

Reviewers: chad, epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: chad, epriestley, Korvin

Maniphest Tasks: T4902

Differential Revision: https://secure.phabricator.com/D8858
2014-04-29 05:01:00 -07:00
Chad Little
a46ead7980 Update inline-comment styles in Differential
Summary:
Moderize Inline Comment Display

 - Use standard colors
 - Better display with/without comment
 - OMG Icons

Test Plan:
{F148256}

Test with and without main comment, test with many for few comments on 1-3 files.

Reviewers: epriestley, btrahan

Reviewed By: btrahan

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8885
2014-04-28 19:43:00 -07:00
Bob Trahan
08d9e5ec99 Use initializeNewLog rather than instantiate the UserLog
Summary:
Use initializeNewLog rather than instantiate the UserLog,
Closes T4912

Test Plan: Run install-certificate

Reviewers: #blessed_reviewers, btrahan

Reviewed By: #blessed_reviewers, btrahan

Subscribers: epriestley

Maniphest Tasks: T4912

Differential Revision: https://secure.phabricator.com/D8887
2014-04-28 15:44:52 -07:00
epriestley
a017a8e02b Make two-factor auth actually work
Summary:
Ref T4398. Allows auth factors to render and validate when prompted to take a hi-sec action.

This has a whole lot of rough edges still (see D8875) but does fundamentally work correctly.

Test Plan:
  - Added two different TOTP factors to my account for EXTRA SECURITY.
  - Took hisec actions with no auth factors, and with attached auth factors.
  - Hit all the error/failure states of the hisec entry process.
  - Verified hisec failures appear in activity logs.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8886
2014-04-28 10:20:54 -07:00
epriestley
bf6bda6ef4 Fix wording of "differential.sticky-accept"
Summary: See <http://fab.wmflabs.org/T226>. The summary for this option is confusing, because "true" means sticky but the wording implies "true" means non-sticky.

Test Plan:
  - Looked at the option in summary view.
  - Reviewed related text, none of the other copy here seems confusing or ambiugous to me.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: qgil, epriestley

Differential Revision: https://secure.phabricator.com/D8884
2014-04-28 09:29:05 -07:00
epriestley
17709bc167 Add multi-factor auth and TOTP support
Summary:
Ref T4398. This is still pretty rough and isn't exposed in the UI yet, but basically works. Some missing features / areas for improvement:

  - Rate limiting attempts (see TODO).
  - Marking tokens used after they're used once (see TODO), maybe. I can't think of ways an attacker could capture a token without also capturing a session, offhand.
  - Actually turning this on (see TODO).
  - This workflow is pretty wordy. It would be nice to calm it down a bit.
  - But also add more help/context to help users figure out what's going on here, I think it's not very obvious if you don't already know what "TOTP" is.
  - Add admin tool to strip auth factors off an account ("Help, I lost my phone and can't log in!").
  - Add admin tool to show users who don't have multi-factor auth? (so you can pester them)
  - Generate QR codes to make the transfer process easier (they're fairly complicated).
  - Make the "entering hi-sec" workflow actually check for auth factors and use them correctly.
  - Turn this on so users can use it.
  - Adding SMS as an option would be nice eventually.
  - Adding "password" as an option, maybe? TOTP feels fairly good to me.

I'll post a couple of screens...

Test Plan:
  - Added TOTP token with Google Authenticator.
  - Added TOTP token with Authy.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8875
2014-04-28 09:27:11 -07:00
epriestley
93f23674bf Update Diffusion main documentation
Summary:
This was really out of date and full of lies.

Mostly I've deleted sections, since the UI is way way more self-explanatory and much better at surfacing errors now.

Test Plan: L@@K

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8873
2014-04-28 09:26:34 -07:00
epriestley
9da255efaa Add a "problem commits" prebuilt filter to Audits
Summary: Ref T4715. We show this number on the homepage, provide an easy way to query matching commits.

Test Plan: Clicked "problem commits", saw them.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4715

Differential Revision: https://secure.phabricator.com/D8880
2014-04-28 08:26:08 -07:00
epriestley
8716e734f0 Make JOIN changes to CommitQuery only
Summary:
Fixes T4911. See D8879. This gives us the correct query in cases where there are no audits.

This doesn't try to do the GROUP BY stuff yet.

Test Plan:
  - Viewed a commit in Diffusion with no audits, got a commit detail page.
  - Viewed "All Commits" in web UI, saw commits without any audits included in the list.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4911

Differential Revision: https://secure.phabricator.com/D8882
2014-04-28 08:25:51 -07:00
Bob Trahan
0db6aad80d Audit - polish list view a bit
Summary:
Grab an audit we have authority over if possible, relying on how that's sorted by actor first. This gets us the best description possible of what the audit is about in the list. Also sort out highlighting; right now it looks silly on some views when everything is highlighted.

An open question in the diff - when to highlight audits?

Options I see -

 - never
 - don't do it on "needs attention" but other views
 - calculate what percentage of shown audits user has authority over, if most ( > N% ) don't highlight, otherwise highlight
 - something else
 - some combo of the above

Test Plan: lists of audits looked better

Reviewers: chad, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8876
2014-04-27 22:49:18 -07:00
epriestley
3f5a55fa6e Let users review their own account activity logs
Summary:
Ref T4398. This adds a settings panel for account activity so users can review activity on their own account. Some goals are:

  - Make it easier for us to develop and support auth and credential information, see T4398. This is the primary driver.
  - Make it easier for users to understand and review auth and credential information (see T4842 for an example -- this isn't there yet, but builds toward it).
  - Improve user confidence in security by making logging more apparent and accessible.

Minor corresponding changes:

  - Entering and exiting hisec mode is now logged.
  - This, sessions, and OAuth authorizations have moved to a new "Sessions and Logs" area, since "Authentication" was getting huge.

Test Plan:
  - Viewed new panel.
  - Viewed old UI.
  - Entered/exited hisec and got prompted.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8871
2014-04-27 17:32:09 -07:00
epriestley
320be1a1b8 Modernize user activity logs (ApplicationSearch, policies)
Summary:
Ref T4398. Ref T4842. I want to let users review their own account activity, partly as a general security measure and partly to make some of the multi-factor stuff easier to build and debug.

To support this, implement modern policies and application search.

I also removed the "old" and "new" columns from this output, since they had limited utility and revealed email addresses to administrators for some actions. We don't let administrators access email addresses from other UIs, and the value of doing so here seems very small.

Test Plan: Used interface to issue a bunch of queries against user logs, got reasonable/expected results.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: keir, epriestley

Maniphest Tasks: T4842, T4398

Differential Revision: https://secure.phabricator.com/D8856
2014-04-27 17:31:35 -07:00
epriestley
f42ec84d0c Add "High Security" mode to support multi-factor auth
Summary:
Ref T4398. This is roughly a "sudo" mode, like GitHub has for accessing SSH keys, or Facebook has for managing credit cards. GitHub actually calls theirs "sudo" mode, but I think that's too technical for big parts of our audience. I've gone with "high security mode".

This doesn't actually get exposed in the UI yet (and we don't have any meaningful auth factors to prompt the user for) but the workflow works overall. I'll go through it in a comment, since I need to arrange some screenshots.

Test Plan: See guided walkthrough.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8851
2014-04-27 17:31:11 -07:00
Chad Little
c453e98c40 Moderize Herald UI
Summary: Removes many tables and uses PropertyLists and ObjectItemList when possible. Adds cleaner CSS, makes mobile editing more possible.

Test Plan: Test new UI on desktop and mobile. Verify all functionality still exists.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4272

Differential Revision: https://secure.phabricator.com/D8860
2014-04-27 11:18:48 -07:00
Bob Trahan
2ecc04c159 Audit - move over to application search
Summary: ...also kills off "PhabricatorAuditCommitQuery" and "PhabricatorAuditQuery", by moving the work to "DiffusionCommitQuery". Generally cleans up some code around the joint on this too. Also provides policies for audit requests, which is basically the policy for the underlying commit. Fixes T4715. (For the TODO I added about files, I just grabbed T4713.)

Test Plan:
Audit: verified the three default views all showed the correct things, including highligthing. did some custom queries and got the correct results.
Diffusion: verified "blame view" still worked. verified paths were highlighted for packages i owned.
Home: verified audit boxes showed up with proper commits w/ audits
bin/audit: played around with it via --dry-run and got the right audits back

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: chad, epriestley, Korvin

Maniphest Tasks: T4715

Differential Revision: https://secure.phabricator.com/D8805
2014-04-27 09:43:05 -07:00
epriestley
2823547f2c Update contributor documentation
Summary:
It's fairly common for people to show up and be interested in finding easy stuff to work on. This stuff basically doesn't exist and probably never will: it doesn't make much sense to deliberately leave easy bugs broken just because someone might show up and want to fix a couple of easy bugs.

Almost all of the work that's valuable to us requires a depth or bredth of context which can't be acquired in a few hours here and there, and probably always will. I think it also always //should//, in that as long as we continue refactoring and clearing technical debt aggressively and having solid static analysis support tools, we should never have a large backlog of human-intelligence codebase tasks. The closest we've ever come were probably `pht()` and `phutil_tag()`, which both have a lot of subtleties and we mostly automated `phutil_tag()` anyway. These tasks are also //incredibly boring// to write and review.

So, accept this as a reality and realign the contributor documentation to try to deal with this case:

  - Set expectations about starter tasks not existing and throwing a couple of hours at the project writing code being a hard path.
  - Suggest non-code contributions which anyone can do.
  - Segue into code contributions with context and suggestions.

Test Plan: Generated and read documentation.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8872
2014-04-26 22:30:19 -07:00
Kyle Jao
e8c6c81b6e Fix for showing an unregistered author name in the tooltip of diffusion revision link
Summary:
When showing contents of a file with the blame mode enabled, tooltips pops out
when the mouse hovers over previous commit linkes on left side. The last part of the
tooltips is the author's name. If an author is unregistered, the name becomes
<span>name</span>.

{F147724}

This doesn't happen if the author is registered.

Test Plan:
Check tooltips after making the change.
{F147725}

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8869
2014-04-26 12:51:48 -07:00
epriestley
88ae246593 Write search bolding in a way which is certainly HTML-safe
Summary:
This algorithm is tricky, and uses `phutil_safe_html()` directly, which makes it potentially unsafe.

In particular, D8859 fixes a bug with it which caused it to produce non-utf8 output. This doesn't guarantee it's a security problem, but does make it suspicious.

I don't actually see a way to break it, but rewrite it so that it's absolutely bulletproof and does not need to call `phutil_safe_html()`.

Test Plan:
{F147487}

@rugabarbo, if you have a chance, can you check if this still works for you?

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley, rugabarbo

Differential Revision: https://secure.phabricator.com/D8862
2014-04-26 12:44:16 -07:00
epriestley
1b0d53ec65 Fix Differential transaction strengths
Summary: Fixes T4899. Action strengths got lost somewhere along the way; actions like "Accepted" should be stronger than "Changed Subscribers".

Test Plan: Verified things sort as expected now, with major actions at the top.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T4899

Differential Revision: https://secure.phabricator.com/D8857
2014-04-26 12:44:05 -07:00
Chad Little
7671a962c7 Show search/login on tablet and mobile.
Summary: We should always have some sort of menu on mobile for logging in.

Test Plan: Test mobile, tablet, and desktop breakpoints. Gate seearch icon by public_policy.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4731

Differential Revision: https://secure.phabricator.com/D8868
2014-04-26 12:33:44 -07:00
epriestley
8fc5977b9a Fix quick create on mobile
Summary: Fixes T4903. At some point maybe-soonish we should maybe go make `"device" => true` the default, and put `"device" => "hella-busted"` on the remaining bad pages.

Test Plan: L@@K @ W/ iOS Simulator

Reviewers: chad

Reviewed By: chad

Subscribers: epriestley, k

Maniphest Tasks: T4903

Differential Revision: https://secure.phabricator.com/D8863
2014-04-26 12:31:55 -07:00
Pavel Ivanov
035d55f67f Fix strange bug for russian language search results
Summary:
I created this review to get an answer...
It should not be taken as a real fix.

I noticed that phabricator return corrupted search results for some russian queries (without this patch).
See screenshot:
{F147443}

But I can't reproduce this bug on https://secure.phabricator.com/
This search query causes problems only for my phabricator instance.

More than that, I didn't find any php.ini-settings that can resolve this problem.
It's look like your phabricator instance use /u-modifier by default.

But how is it possible?

Test Plan: NONE

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8859
2014-04-25 11:52:17 -07:00
Pavel Ivanov
5e80901cec Email paste link
Summary: Fixes T4878

Test Plan:
1. Go to paste
2. Add comment
3. Check that paste subsribers got paste link by email

See T4878 for more details.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Maniphest Tasks: T4878

Differential Revision: https://secure.phabricator.com/D8861
2014-04-25 11:50:39 -07:00
epriestley
7654df5d3b Fix insufficient loading for processing Differential mail
Summary: Some actions (notably, `!accept`) require more information than we currently load.

Test Plan: Piped in some `!accept` mail using `bin/mail receive-test`.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8844
2014-04-24 13:47:57 -07:00
lkassianik
9a827096a7 Ability to close poll
Summary: Fixes T3566 List of poll actions should include ability to close an open poll or reopen a closed poll.

Test Plan: Poll author should be able to close/reopen poll. Non-author should get policy screen when attempting to close/reopen poll.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Maniphest Tasks: T3566

Differential Revision: https://secure.phabricator.com/D8846
2014-04-24 12:02:56 -07:00
epriestley
ea66aead59 Fix an issue with multiple "open" statuses and the "View All" button on Projects
Summary: See IRC. We construct this a little bit wrong if there are multiple "open" statuses. Use a more modern construction.

Test Plan: Hit `?statuses=wontfix,invalid`, etc. Clicked "view all" from projects.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8854
2014-04-24 10:35:28 -07:00
epriestley
3a881f5108 Put "Task" first on global search result type list
Summary: Fixes T4606. Also shortens two unusual type names which are currently inconsistent.

Test Plan: Expanded advanced search.

Reviewers: chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T4606

Differential Revision: https://secure.phabricator.com/D8853
2014-04-24 08:11:13 -07:00
epriestley
3b5883d8c1 Fix an issue with embedding slowvotes
Summary:
In some applications, using `{V2}` syntax to embed a vote throws. The chain of causality looks like this:

  - We try to render a `phabricator_form()`.
  - This requires a CSRF token.
  - We look for a CSRF token on the user.
  - It's an omnipotent user with no token, so everything fails.

To resolve this, make sure we always pass the real user in.

Test Plan:
  - Lots of `grep`.
  - Made a Differential comment with `{V2}`.
  - Made a Diffusion comment with `{V2}`.
  - Made a Maniphest comment with `{V2}`.
  - Replied to a Conpherence thread with `{V2}`.
  - Created a Conpherence thread with `{V2}`.
  - Used Conduit to update a Conpherence thread with `{V2}`.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley, lkassianik

Differential Revision: https://secure.phabricator.com/D8849
2014-04-23 16:30:38 -07:00
epriestley
5f033d580c Fix a HunkQuery issue where no hunks load at all
Summary:
If you create a diff with no hunks (e.g., it adds a single empty file), we never attachHunks() so we throw on getHunks().

Instead, make sure changesets get hunks attached if they expect it.

Test Plan: Created a new diff with a single empty file in it.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: zeeg, epriestley

Differential Revision: https://secure.phabricator.com/D8842
2014-04-23 14:22:10 -07:00
epriestley
67f015a76c Clarify STRICT_ALL_TABLES instructions
Summary:
  - Mention the `[mysqld]` section.
  - Should be `sql_mode`, not `sql-mode`.
  - Improve clarity of the text.
  - Slightly nicer markup.

Test Plan: {F147076}

Reviewers: csilvers, btrahan

Reviewed By: btrahan

Subscribers: epriestley, spicyj

Differential Revision: https://secure.phabricator.com/D8847
2014-04-23 13:04:57 -07:00
Chad Little
4135c7de37 Clean up FontAwesome / Timeline CSS
Summary: Normalize FA CSS, expand timeline icons to 14px, fix mobile browsers, give attribution in uiexamples

Test Plan: tested iOS simulator, chrome, ie

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8845
2014-04-22 18:29:14 -07:00
Chad Little
094c79d6e2 Make reject, accept outline icons
Summary: These are a little easier on the eyes.

Test Plan:
Reject an epriestley diff.

{F146851}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8841
2014-04-22 14:55:45 -07:00
epriestley
a88f09469d Adjust reviewer transaction icon in Differential
Summary:
Ref T4866. I did a fancy version of this but it looks pretty bad/confusing so here's a simple version.

Fancy-but-whack version:

{F146847}

Test Plan: This version is like that, but just always uses `fa-user`.

Reviewers: chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T4866

Differential Revision: https://secure.phabricator.com/D8840
2014-04-22 14:32:45 -07:00
Chad Little
9d3f8117e7 More resilient timeline icon layout
Summary: center aligns the icons in the fill area, removes some of the positioning jank. Also set new icons for maniphest custom.

Test Plan: test desktop and mobile layouts, tested thin pins for proper centering.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4866

Differential Revision: https://secure.phabricator.com/D8839
2014-04-22 14:24:36 -07:00
Chad Little
11fd6afeb1 Move Timeline icons to Fonts
Summary: Throwing this up for testing, swapped out all icons in timeline for their font equivelants. Used better icons where I could as well. We should feel free to use more / be fun with the icons when possible since there is no penalty anymore.

Test Plan: I browsed many, not all, timelines in my sandbox and in IE8. Some of these were just swagged, but I'm expecting we'll do more SB testing before landing.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8827
2014-04-22 08:25:54 -07:00
Chad Little
31b1cc6cd8 Remove Glyphicons Fonts
Summary: For the time being, no need to have these in the repository.

Test Plan: Reload UIExamples, only see FontAwesome

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8835
2014-04-21 21:09:25 -07:00
epriestley
3d12bbb17c Minor, improve notification resiliance
Summary: The token transactions can publish empty transaction feed stories.
Stop them from doing that, and make notifications fail more quietly.

Auditors: btrahan
2014-04-21 16:28:59 -07:00
epriestley
fcf5149b36 Clean up numerous rough edges in Mail configuration
Summary:
  - Support file attachments in Mailgun, after D8831.
  - Fix `bin/mail send-test --attach ...` flag.
  - Make `bin/mail send-test` route mail through the daemons.
  - Remove the `workerTaskID` on MetaMTAMail, which is only used (needlessly) by `bin/mail resend` and creates a huge mess elsewhere.
  - Currently, when mail fails, the daemon exits with a very generic and useless message. Instead, make `sendNow()` throw when it fails, so the real reason is surfaced. This is OK now because mail is always sent via the daemons.
  - Now that Mailgun supports attachments, document it.
  - Update a bunch of mail docs.

Test Plan:
  - Sent mail.
  - Sent mail with attachments.
  - Read documentation.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8832
2014-04-21 15:45:29 -07:00
Bob Trahan
c00733a292 Project - add editor-level support for detecting name conflicts
Summary: Fixes T4833. I wish there was an elegant way to catch this exception but I think the stack is written such that we really should just do this one-off query here...

Test Plan: from the "create project" link under "edit task" I received a more detailed exception than the report in T4833 post patch. I also tested editing an existing project - yay - and editing an existing project to some other existing project's name - got a nice error dialogue.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4833

Differential Revision: https://secure.phabricator.com/D8834
2014-04-21 15:44:35 -07:00
epriestley
5cbdda413c Paradigms, paradigms, paradigms
Summary: Fixes T4693.

Test Plan: {F146407}

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4693

Differential Revision: https://secure.phabricator.com/D8829
2014-04-21 15:33:59 -07:00
epriestley
0cfc5aa0aa Support "public" policy in Tokens
Summary: Ref T4830. Allows logged-out users to browse tokens, policies permitting.

Test Plan: Browsed tokens as a logged-out user.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T4830

Differential Revision: https://secure.phabricator.com/D8828
2014-04-21 15:33:07 -07:00
epriestley
27d426e3fe Allow Conduit console to be browsed by logged-out users
Summary:
Ref T4830. A few methods, like `conduit.ping`, are callable without authentication, so this even has some use cases. Also:

  - Make some Differential stuff a little more consistent.
  - Use slightly more modern rendering.
  - Deprecate the status-oriented `user` calls; these will be replaced by Calendar methods.

Test Plan: Browsed console as logged out / logged in users.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4830

Differential Revision: https://secure.phabricator.com/D8826
2014-04-21 15:32:48 -07:00
epriestley
4143ecf015 Minor updates to UIExamples
Summary:
Ref T4830.

  - If the application policy is public, allow logged-out users to browse examples.
  - Use standard elements instead of custom ones.

Test Plan: Browsed UIExamples.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T4830

Differential Revision: https://secure.phabricator.com/D8825
2014-04-21 15:32:03 -07:00
epriestley
28696d08ac Remove indirect loads of Differential revisions from Releeph requests
Summary:
Ref T3551. Currently, there are many layers of indirection between pull requests and revisions. After D8822, revisions and other types of requested objects are recorded directly on the request. This allows us to simplify data access and querying.

A lot of stuff here is doing `instanceof` checks to keep APIs stable, but most of those can go away in the long run.

Test Plan:
  - Browsed requests.
  - Verified revision-dependent fields (like "Revision", "Size", "Churn") still render correctly.
  - Called `releeph.queryrequests`.
  - Called `releephwork.nextrequest`.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3551

Differential Revision: https://secure.phabricator.com/D8824
2014-04-20 11:55:47 -07:00
epriestley
65913162e7 Allow discovered but unparsed commits to be requested in Releeph
Summary:
Ref T3662. Releeph blocks users from requsting unparsed commits, but there's no real technical reason for this.

The `releephwork.getorigcommitmessage` method assumes data exists, but should be replaced with `diffusion.querycommits` anyway.

Test Plan: Ran `diffusion.querycommits`. Requested a commit.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3662

Differential Revision: https://secure.phabricator.com/D8823
2014-04-20 11:55:29 -07:00
epriestley
1a3ac09975 Add "requestedObjectPHID" to ReleephRequest
Summary:
Ref T3551. Currently, ReleephRequests don't have a direct concept of the //object// being requested. You can request `D123`, but that is just a convenient way to write `rXyyyy`.

When the UI wants to display information about a revision, it deduces it by examining the commit.

This is primarily an attack on T3551, so we don't need to load <commit -> edge -> revision> (in an ad-hoc way) to get revisions. Instead, when you request a revision we keep track of it and can load it directly later.

Later, this will let us do more things: for example, if you request a branch, we can automatically update the commits (as GitHub does), etc. (Repository branches will need PHIDs first, of course.)

This adds and populates the column but doesn't use it yet. The second part of the migration could safely be run while Phabricator is up, although even for Facebook this table is probably quite small.

Test Plan:
  - Ran migration.
  - Verified existing requests associated sensibly.
  - Created a new commit request.
  - Created a new revision request.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3551

Differential Revision: https://secure.phabricator.com/D8822
2014-04-20 11:55:18 -07:00
epriestley
a588955bf7 Remove loadPhabricatorRepository from ReleephProject
Summary: Ref T3551. Repository is guaranteed if a product is loaded with modern mechanisms.

Test Plan:
  - Edited a request.
  - Called `releephwork.getbranchcommitmessage`.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3551

Differential Revision: https://secure.phabricator.com/D8821
2014-04-20 11:55:09 -07:00
epriestley
d75d0acba5 Remove loadReleephBranch and loadReleephProject from ReleephRequest
Summary: Ref T3551. Ref T3549. Mostly unnecessary with modern calls.

Test Plan:
- Called `releeph.queryrequests`.
- Called `releeph.request`.
- Called `releephwork.getbranchcommitmessage`.
- Called `releephwork.getcommitmessage`.
- Called `releephwork.nextrequest`.
- Viewed and edited branches and requests.
- Made a comment on a request.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3549, T3551

Differential Revision: https://secure.phabricator.com/D8820
2014-04-20 11:54:58 -07:00
epriestley
a4f975ef3e Remove some ad-hoc handle loads from Releeph
Summary:
Ref T3551. Releeph does a bunch of old-school on-object data loading; start cleaning that up.

This doesn't change anything, just makes the code more modern/consistent.

Test Plan: Edited a request; called `releephwork.nextrequest`.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3551

Differential Revision: https://secure.phabricator.com/D8819
2014-04-20 11:54:50 -07:00
epriestley
230fce735e Move /project/ controllers to /product/
Summary: Ref T3549. Move only, no extra changes.

Test Plan: Loaded application.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3549

Differential Revision: https://secure.phabricator.com/D8817
2014-04-20 11:54:37 -07:00
epriestley
6e6ad2cfcf Add modern releeph.queryproducts and releeph.querybranches
Summary:
Ref T3662. Ref T3549. These methods are pretty conservative for now, but get the structure in place.

Also do a bunch more project -> product stuff.

Test Plan: Made calls to both methods, browsed around the UI a fair amount.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3549, T3662

Differential Revision: https://secure.phabricator.com/D8816
2014-04-20 11:54:22 -07:00
epriestley
f5cc5c122a Rename ReleephProjectQuery to ReleephProductQuery
Summary: Ref T3549.

Test Plan: grep/lint

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3549

Differential Revision: https://secure.phabricator.com/D8815
2014-04-20 11:51:02 -07:00
austinkelleher
2e5065feb5 Update function name to follow naming convention.
See: <http://github.com/facebook/phabricator/pull/575>

Reviewed by: epriestley
2014-04-20 08:37:37 -07:00
Chad Little
ce1dbbec3c Add FontAwesome as a font/icon choice
Summary:
This adds FontAwesome and attempts to make use as icons as consistent as possible. May require additional tweaks once we start using, but in practice this is pretty finished.

 - Adds FontAwesome
 - Adds additional transforms (rotates, spins)
 - Adds additional colors
 - Better scopes halflings and fontawesome
 - Shares CSS between fonts for consistency

Test Plan:
Tested various browsers back to IE8, mobile.

{F146146}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8818
2014-04-19 10:00:37 -07:00
epriestley
5570ec5156 Rename Releeph "Project" PHID type to "Product"
Summary: Ref T3549.

Test Plan: `grep`, loaded some pages

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3549

Differential Revision: https://secure.phabricator.com/D8811
2014-04-18 17:52:45 -07:00
epriestley
fde4ccf9b2 Use standard handle loading in Releeph
Summary: Ref T3718. Move from unbatched / ad-hoc loading to standard stuff for handles.

Test Plan: Looked at some requests and saw no changes.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3718

Differential Revision: https://secure.phabricator.com/D8810
2014-04-18 17:52:32 -07:00
epriestley
c7f5dc0208 Remove some unused Releeph field methods
Summary: Ref T3718. Remove `bulkLoad()` and header-view rendering wrappers.

Test Plan: Viewed a request, looked the same. `grep`'d for stuff.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3718

Differential Revision: https://secure.phabricator.com/D8809
2014-04-18 17:52:22 -07:00
epriestley
71ef48b3e5 When a diff has 12,345 lines, render "12,345 lines" instead of "12 lines"
Summary: This `%d` should be a `%s`, since the `PhutilNumber` value may get formatted according to locale settings.

Test Plan: will make @zeeg

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley, zeeg

Differential Revision: https://secure.phabricator.com/D8814
2014-04-18 17:52:11 -07:00
epriestley
9889892e5b Actually squelch Harbormaster "test passed" mail
Summary:
Ref T1049. When Harbormaster tests pass, don't bother sending an email about it.

(I tried to implement this earlier but didn't test it entirely properly, and we needed a little more code.)

Test Plan: Used `bin/harbormaster build` to build some junk, got no email about passes.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T1049

Differential Revision: https://secure.phabricator.com/D8813
2014-04-18 17:51:59 -07:00
epriestley
f1245f4f34 Remove flavor text for action buttons
Summary: A small but appreciable number of users find flavor on buttons confusing. Remove this flavor. This retains flavor in headers, error messages, etc., which doesn't cause confusion.

Test Plan: Looked at a revision, task, paste, macro, etc.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8812
2014-04-18 17:51:46 -07:00
Wenyu Zhang
ba956711a5 Change password_hash() algorithm from CRYPT_BLOWFISH to PASSWORD_BCRYPT.
Summary:
PHP 5.5 specifies constant PASSWORD_BCRYPT should be used in password_hash()
instead of CRYPT_BLOWFISH. Using CRYPT_BLOWFISH is not supported in either PHP
or HHVM. This constant breaks Username / Password authentication.

Test Plan:
Login using Username/Password with bcrypt hash. Before applying the patch,
No matter what password entered, it will always fail authentication. After this
patch, user should be able to login with bcrypt hash.

Reviewers: btrahan, epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8808
2014-04-18 13:38:36 -07:00
epriestley
35df988036 Use standard UI elements to render pull requests in Releeph
Summary:
Ref T3718. Ref T3644. Ref T3092. Switches from the Releeph UI elements to standard ones. I'll attach some screenshots.

Also fixes CSRF against the request action endpoint.

Test Plan:
  - Viewed request details.
  - Took actions on a request from detail page.
  - Viewed request list.
  - Took actions on a request from list page.
  - Used keyboard shortcuts to navigate list.
  - Used keyboard shortcuts to take actions.
  - Simulated errors.
  - Viewed on devices.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: grp, FacebookPOC, mattlqx, tala, beng, LegNeato, epriestley

Maniphest Tasks: T3718, T3092, T3644

Differential Revision: https://secure.phabricator.com/D8771
2014-04-18 06:44:45 -07:00
Chad Little
41ea90c686 Add Glyphicons Halflings Font and Examples
Summary: This adds in the Glyphicons Halflings Font/Iconset as an option for PHUIIconView along with a standard set of 10 colors. This will be a replacement for the standard action icon set in upcoming diffs, as well as obviously give us more flexibility, less KB, and less design resource time managing images.

Test Plan: UIExamples, Diviner

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8798
2014-04-17 17:31:23 -07:00
epriestley
95a405da10 Record build success or failure on buildable objects
Summary:
Fixes T4810. When a buildable completes, make an effort to update the corresponding object with a success or failure message. Commits don't support this yet, but revisions do.

{F144614}

Test Plan:
  - Used `bin/harbormaster build` and `bin/harbormaster update` to run a pile of builds.
  - Tried good/bad builds.
  - Sent some normal mail to make sure the mail reentrancy change didn't break stuff.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4810

Differential Revision: https://secure.phabricator.com/D8803
2014-04-17 16:04:14 -07:00
epriestley
49bc32f12d Implement PhabricatorApplicationTransactionInterface in Differential
Summary:
Ref T4810. Ultimate goal is to let Harbormaster post a "build passed/failed" transaction. To prepare for that, implement `PhabricatorApplicationTransactionInterface` in Differential.

To allow Harbormaster to take action on //diffs// but have the transactions apply to //revisions//, I added a new method so that objects can redirect transactions to some other object.

Test Plan:
  - Subscribed/unsubscribed/attached/detached from Differential, saw transactions appear properly.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4810

Differential Revision: https://secure.phabricator.com/D8802
2014-04-17 16:03:24 -07:00
epriestley
62973e0f53 Add activeDiffPHID to differential.query
Summary: Ref T4809. This saves us a few round trips to find a Buildable, and generally makes the notion of "active" more explicit (i.e., not just the diff with the largest ID). In the future, we may let you revert to previous diffs, which would make the "largest number" rule not always correct.

Test Plan: Ran `differential.query`, got sensible results.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4809

Differential Revision: https://secure.phabricator.com/D8800
2014-04-17 16:01:27 -07:00
epriestley
0ef599e906 Give Buildables a status, populate it, and return it over Conduit
Summary:
Ref T4809. Currently, buildables have a status field but nothing populates it. Populate it:

  - When builds change state, update the Buildable state.
  - Use the new Buildable state on the web UI.
  - Return the new Buildable state from Conduit.

To make it easier to debug/test this:

  - Provide `bin/harbormaster update Bxxx ...` to force foreground update of a Buildable.

Test Plan:
  - Used `bin/harbormaster update Bxxx --force --trace` to update buildables.
  - Looked at buidlable list, saw statuses reported properly.
  - Used Conduit to read statuses.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4809

Differential Revision: https://secure.phabricator.com/D8799
2014-04-17 16:01:16 -07:00
epriestley
4918773afe Drop nonsense buildStatus field from Buildable
Summary:
Ref T4809. Buildables currently have buildStatus and buildableStatus. Neither are used, and no one knows why we have two.

I'm going to use buildableStatus shortly, but buildStatus is meaningless; burn it.

Test Plan: `grep`, examined similar get/set calls, created a new buildable, ran storage upgrade.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4809

Differential Revision: https://secure.phabricator.com/D8796
2014-04-17 16:01:06 -07:00
epriestley
7c1bcdea16 Add "harbormaster.querybuilds" Conduit API
Summary:
Ref T4809. This one is more straightforward. A couple of tweaks:

  - Remove the WAITING status, since nothing ever sets it and I suspect nothing ever will with the modern way artifacts work (maybe). At a minimum, it's confusing with the new Target status that's also called "WAITING" but means something different.
  - Consolidate 17 copies of these status names into one method.

Test Plan: Ran some queries via Conduit, got reasonable looking results.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4809

Differential Revision: https://secure.phabricator.com/D8795
2014-04-17 16:00:58 -07:00
epriestley
3b0be0961c Add a rough harbormaster.querybuildables Conduit API method
Summary: Ref T4809. I need to sort out some of the "status" stuff we're doing before this is actually useful (there's no sensible "status" value to expose right now) but once that happens `arc` can query this to figure out whether it needs to warn the user about pending/failed builds.

Test Plan: Ran query with various different parameters.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4809

Differential Revision: https://secure.phabricator.com/D8794
2014-04-17 16:00:25 -07:00
epriestley
b5df5af04d Link to Herald transcripts from Herald transactions
Summary: See IRC. Some users are having difficulty figuring out why Herald is taking some actions. Make it easier to get to the transcript.

Test Plan: {F144622}

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: dctrwatson, epriestley

Differential Revision: https://secure.phabricator.com/D8804
2014-04-17 15:57:34 -07:00
epriestley
e49251ec98 Improve robustnesss of feed text rendering
Summary:
Couple of minor cleanup things here:

  - Pass handles to ApplicationTransactions when rendering their stories; this happened implicitly before but doesn't now.
  - Add `?text=1` to do ad-hoc rendering of a story in text mode.
  - Make Conduit skip unrenderable stories.
  - Fix/modernize some text in the Commit story.

Test Plan: Rendered text versions of stories via Conduit and `?text=1`.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: zeeg, spicyj, epriestley

Differential Revision: https://secure.phabricator.com/D8793
2014-04-17 15:57:18 -07:00
epriestley
4a6d2e9c97 Allow tasks to yield to other tasks
Summary:
For Harbormaster tasks which want to poll or wait, this lets them say "try again a little later" without having to sleep and hold a queue slot.

This is basically the same as failing, except that we don't increment the failure counter. Instead, we just set the current lease to the correct length and then exit. The task will be retried after the lease expires.

Test Plan: Using both `bin/harbormaster` and `phd debug taskmaster`, ran a lot of waiting tasks through the queue, faking them to either yield or not yield in a controlled manner. The queue responded as expected, yielding tasks appropraitely and retrying them later.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8792
2014-04-16 13:02:12 -07:00
epriestley
afd04731ab Add a "Create build step" transaction to Harbormaster
Summary:
Without this, build steps that have no options (like "wait for previous commits") don't actually save, since the transaction array is empty.

This also generally nice and consistent.

Test Plan: Created a new "wait" step, viewed transaction log.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8791
2014-04-16 13:01:56 -07:00
epriestley
78bf266bde Allow Harbormaster build targets to wait for messages
Summary:
This hooks up all the pieces of the build pipeline so `harbormaster.sendmessage` actually works. Particularly:

  - Candidate build steps (i.e., those which interact with external systems) can now "Wait for Message". This pauses them indefinitely when they complete, until something calls `harbormaster.sendmessage`.
  - After processing a target, we check if we should move it to PASSED or WAITING.
  - Before updating a build, we move WAITING targets with pending messages to either PASSED or FAILED.
  - I added an explicit "Building" state, which doesn't affect workflows but communicates more information to human users.

A big part of this is avoiding races. I believe we get the correct behavior no matter which order events occur in:

  - We update builds after targets complete and after we receive messages, so we're guaranteed to update once both these conditions are true. This means messages can't be lost (even if they arrive before a build completes).
  - The minor changes to the build engine logic mean that firing additional build updates is always safe, no matter what the current state of the build is.
  - The build itself is protected by a lock in the build engine.
  - The target is not covered by an explicit lock, but for all states only the engine (waiting) //or// the worker (all other states) can interact with it. All of the interactions also move the target state forward to the same destination and have no other side effects.
  - Messages are only consumed inside the engine lock, so they don't need an explicit lock.

Test Plan:
  - Made an HTTP request wait after completion, then ran a pile of builds through it using `bin/harbormaster build` and the web UI.
  - Passed and failed message-awaiting builds with `harbormaster.sendmessage`.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley, zeeg

Differential Revision: https://secure.phabricator.com/D8788
2014-04-16 13:01:46 -07:00
epriestley
803c50c1e7 Allow Harbormaster HTTP steps to pass credentials
Summary: Fixes T4590. Use the credentials custom field to allow Harbormaster HTTP requests to include usernames/passwords.

Test Plan: Ran a build plan with credentials, verified they were sent to the remote server.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4590

Differential Revision: https://secure.phabricator.com/D8786
2014-04-16 13:01:38 -07:00
epriestley
c402d7d307 Implement smart waits for rarely updated repositories
Summary:
Ref T4605. When figuring out how long to wait to update a repository, factor in when it was last pushed. For rarely updated repositories, wait longer between updates.

(A slightly funky thing about this is that empty repos update every 15 seconds, but that seems OK for the moment.)

Test Plan:
Ran `bin/phd debug pulllocal` and saw sensible calculations and output:

```
...
<VERB> PhabricatorRepositoryPullLocalDaemon Last commit to repository "rPOEMS" was 1,239,608 seconds ago; considering a wait of 6,198 seconds before update.
>>> [79] <query> SELECT * FROM `repository` r   ORDER BY r.id DESC
<<< [79] <query> 514 us
>>> [80] <query> SELECT * FROM `repository_statusmessage` WHERE statusType = 'needs-update'
<<< [80] <query> 406 us
<VERB> PhabricatorRepositoryPullLocalDaemon Repository "rINIH" is not due for an update for 8,754 second(s).
<VERB> PhabricatorRepositoryPullLocalDaemon Repository "rDUCK" is not due for an update for 14 second(s).
<VERB> PhabricatorRepositoryPullLocalDaemon Repository "rMTESTX" is not due for an update for 21,598 second(s).
<VERB> PhabricatorRepositoryPullLocalDaemon Repository "rQWER" is not due for an update for 14 second(s).
<VERB> PhabricatorRepositoryPullLocalDaemon Repository "rBT" is not due for an update for 13 second(s).
<VERB> PhabricatorRepositoryPullLocalDaemon Repository "rSVNX" is not due for an update for 21,598 second(s).
<VERB> PhabricatorRepositoryPullLocalDaemon Repository "rINIG" is not due for an update for 13 second(s).
<VERB> PhabricatorRepositoryPullLocalDaemon Repository "rHGTEST" is not due for an update for 21,598 second(s).
<VERB> PhabricatorRepositoryPullLocalDaemon Repository "rBTX" is not due for an update for 14 second(s).
<VERB> PhabricatorRepositoryPullLocalDaemon Repository "rGX" is not due for an update for 13 second(s).
<VERB> PhabricatorRepositoryPullLocalDaemon Repository "rMTX" is currently updating.
<VERB> PhabricatorRepositoryPullLocalDaemon Repository "rPOEMS" is not due for an update for 6,198 second(s).
<VERB> PhabricatorRepositoryPullLocalDaemon Repository "rPHU" is currently updating.
<VERB> PhabricatorRepositoryPullLocalDaemon Repository "rSVN" is not due for an update for 21,598 second(s).
<VERB> PhabricatorRepositoryPullLocalDaemon Repository "rPHY" is currently updating.
<VERB> PhabricatorRepositoryPullLocalDaemon Repository "rGTEST" is not due for an update for 21,598 second(s).
<VERB> PhabricatorRepositoryPullLocalDaemon Repository "rINIS" is not due for an update for 6,894 second(s).
<VERB> PhabricatorRepositoryPullLocalDaemon Repository "rARCLINT" is not due for an update for 21,599 second(s).
<VERB> PhabricatorRepositoryPullLocalDaemon Repository "rLPHX" is not due for an update for 1,979 second(s).
<VERB> PhabricatorRepositoryPullLocalDaemon Repository "rARC" is not due for an update for 1,824 second(s).
<VERB> PhabricatorRepositoryPullLocalDaemon Repository "rINIHG" is not due for an update for 21,599 second(s).
...
```

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4605

Differential Revision: https://secure.phabricator.com/D8782
2014-04-16 13:01:04 -07:00
epriestley
5671c4b276 Make PullLocal daemon more flexible and transparent about scheduling
Summary:
Ref T4605. Fixes T3466. The major change here is that we now run up to four simultaneous updates. This should ease cases where, e.g., one very slow repository was blocking other repositories. It also tends to increase load; the next diff will introduce smart backoff for cold repositories to ease this.

The rest of this is just a ton of logging so I can IRC debug these things by having users run them in `phd debug pulllocal` mode.

For T3466:

  - You now have to hit four simultaneous hangs to completely block the update process.
  - Importing repository updates are killed after 4 hours.
  - Imported repository updates are killed after 15 minutes.

Test Plan:
  - Ran `phd debug pulllocal` and observed sensible logs and behavior.
  - Interrupted daemon from sleeps and processing with `diffusion.looksoon`.
  - Ran with various `--not`, `--no-discovery` flags.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3466, T4605

Differential Revision: https://secure.phabricator.com/D8785
2014-04-16 13:00:49 -07:00
epriestley
417056932e Make discovery slightly cheaper in the common case
Summary:
Ref T4605. Before discovering branches, try to prefill the cache in bulk. For repositories with large numbers of branches, this allows us to issue dramatically fewer queries.

(Before D8780, this cache was usually held across discovery events, so being able to fill it cheaply was not as relevant.)

Test Plan: Ran discovery on Git, Mercurial and SVN repositories. Observed fewer queries for Git/Mercurial.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4605

Differential Revision: https://secure.phabricator.com/D8781
2014-04-16 13:00:38 -07:00
epriestley
118c696f72 Separate repository updates from the pull daemon
Summary:
Ref T4605. Currently, the PullLocal daemon is responsible for two relatively distinct things:

  - scheduling repository updates; and
  - actually updating repositories.

Move the "actually updating" part into a new `bin/repository update` command, which basically runs the pull, discover, refs and mirror commands. This will let the parent process focus on scheduling in a more understandable way and update multiple repositories at once. It also makes it easier to debug and understand update behavior since the non-scheduling pipeline can be run separately.

Test Plan:
  - Ran `update --trace` on SVN, Mercurial and Git repos.
  - Ran PullLocal daemon for a while without issues.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4605

Differential Revision: https://secure.phabricator.com/D8780
2014-04-16 13:00:29 -07:00
Chad Little
2cf2117eee Remove extra workboard margin on mobile
Summary: We have too much space on workboards when displayed on mobile devices.

Test Plan: Shrink browser display, note that all workboards align to common gutters.

Reviewers: epriestley, btrahan

Reviewed By: btrahan

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8790
2014-04-16 11:09:53 -07:00
Chad Little
f5eb7b6404 Add ability to edit Projects on mobile
Summary: sets action list to crumbs

Test Plan: shrink browser, see mobile action list, click on it, edit

Reviewers: epriestley, btrahan

Reviewed By: btrahan

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8789
2014-04-16 11:06:04 -07:00
epriestley
041c3fd19d Let project prefilling accept PHIDs
Summary: I recently made this better about accepting project names, but we use it in some cases with PHIDs. Make that work properly again.

Test Plan: Clicked "New Task" from a project page.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8778
2014-04-15 11:17:37 -07:00
epriestley
20abf37b88 Fix a lookup issue in Owners
Summary:
Fixes T4477. Sort of winging this but it's probably the right fix?

One error in T4477.

One error via email:

```
[2014-04-15 17:44:34] ERROR 8: Undefined index: /some_index/ at [/phab_path/phabricator/src/applications/owners/storage/PhabricatorOwnersPackage.php:213]
  #0 PhabricatorOwnersPackage::findLongestPathsPerPackage(Array of size 3 starting with: { 0 => Array of size 3 starting with: { id => 5 } }, Array of size 8 starting with: { / => Array of size 2 starting with: { /some_index/some_file.py => true } }) called at [/phab_path/phabricator/src/applications/owners/storage/PhabricatorOwnersPackage.php:170]
  #1 PhabricatorOwnersPackage::loadPackagesForPaths(Object PhabricatorRepository, Array of size 2 starting with: { 0 => /some_index/some_file.py }) called at [/phab_path/phabricator/src/applications/owners/storage/PhabricatorOwnersPackage.php:119]
...
```

Test Plan: Will make @zeeg do it.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley, zeeg

Maniphest Tasks: T4477

Differential Revision: https://secure.phabricator.com/D8779
2014-04-15 11:12:42 -07:00
Bob Trahan
c845b757ee Maniphest - remove "attach file" action
Summary: Fixes T4655. Basically leaves the display code intact for legacy installs but removes the option from the UI and removes "create" code.

Test Plan:
tried to attach file and the action was not in the dropdown!
made a new task and it worked!
commented on an old task and it worked!

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4655

Differential Revision: https://secure.phabricator.com/D8777
2014-04-15 10:49:05 -07:00
epriestley
04c07a7a7b Remove the developer-specific CSRF help in phabricator_form()
Summary:
Fixes T4802. For context, see T1921.

Originally (in T1921), a developer ran into an issue where rendering `phabricator_form()` with an absolute URI confusingly dropped CSRF tokens, and it wasn't obvious why. This is a security measure, but at the time it wasn't very clear how all the pieces fit together. To make it more clear, we:

  # expanded the exception text in developer mode to include a description of this issue; and
  # added an exception in developer mode when rendering a form like this.

However, (2) causes some undesirable interactions for file downloads. In particular, if:

  - developer mode is on; and
  - there's no alternate file domain configured; and
  - you try to download a file...

...we produce CDN URIs that are fully-qualified, and you get the exception from (2) above.

This is kind of a mess, and producing fully-qualified CDN URIs in all cases is simple and clear and desirable. To resolve this, just revert (2). We still have the clarification from (1) above and this hasn't caused further issues, so I think that's sufficient. This is a rare issue anyway and not particularly serious or error prone (at worst, a bit confusing and annoying, but hopefully easy to understand and resolve after the changes in (1)).

Test Plan: With develper mode and no alternate file domain, downloaded files from Files.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4802

Differential Revision: https://secure.phabricator.com/D8776
2014-04-15 10:18:41 -07:00
epriestley
cb545856a9 Make task queue more robust against long-running tasks
Summary:
See discussion in D8773. Three small adjustments which should help prevent this kind of issue:

  - When queueing followup tasks, hold them on the worker until we finish the task, then queue them only if the work was successful.
  - Increase the default lease time from 60 seconds to 2 hours. Although most tasks finish in far fewer than 60 seconds, the daemons are generally stable nowadays and these short leases don't serve much of a purpose. I think they also date from an era where lease expiry and failure were less clearly distinguished.
  - Increase the default wait-after-failure from 60 seconds to 5 minutes. This largely dates from the MetaMTA era, where Facebook ran services with high failure rates and it was appropriate to repeatedly hammer them until things went through. In modern infrastructure, such failures are rare.

Test Plan:
  - Verified that tasks queued properly after the main task was updated.
  - Verified that leases default to 7200 seconds.
  - Intentionally failed a task and verified default 300 second wait before retry.
  - Removed all default leases shorter than 7200 seconds (there was only one).
  - Checked all the wait before retry implementations for anything much shorter than 5 minutes (they all seem reasonable).

Reviewers: btrahan, sowedance

Reviewed By: sowedance

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8774
2014-04-15 08:42:02 -07:00
Peng Li
6a4f126000 Give the commitownersparser a little more time
Summary:
Recently we see issues with huge commits (branch cuts for www) where people received hundreds of emails for the same commit. By checking all the active and archived tasks related to such commits, I saw the following pattern:
 - The commit itself is marked as importStatus = 15 which means all the processing was actually done;
 - In archived tasks, I see one PhabricatorRepositorySvnCommitMessageParserWorker, one PhabricatorRepositorySvnCommitChangeParserWorker, followed by many PhabricatorRepositoryCommitHeraldWorker, which means that the PhabricatorRepositoryCommitOwnersWorker (who schedule those herald tasks) was never done;
 - PhabricatorRepositoryCommitOwnersWorker is always active (for days) with failureCount = 0;
 - In daemon log I see a lot of lease expire exception for PhabricatorRepositoryCommitOwnersWorker.
So to me it looks like the following happened:
 - Everything is fine until we schedule the PhabricatorRepositoryCommitOwnersWorker
 - PhabricatorRepositoryCommitOwnersWorker actually successfully finished but its running time exceed 60s. Before it finishes, it scheduled the PhabricatorRepositoryCommitHeraldWorker task
 - When we try to archive it, the lease expiration exception happened. As a result, it stayed active and will be picked up immediately since it is in the head of the queue
 - The two steps above repeat forever until we kill it
I am not sure why we want to check lease expiration when we are archiving the task. For now I am giving the worker a little more time since parsing half million affected path needs some time..

Test Plan: Patched in our production and it worked.

Reviewers: lifeihuang, JoelB, #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8773
2014-04-14 15:52:02 -07:00
epriestley
47245b1b59 Remove some ad-hoc loading of repositories from Releeph
Summary: Ref T3551. Since we now require repositories in order to perform policy checks, things that did loads properly don't need to load this data explicitly.

Test Plan: Edited a product, cut a new branch.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3551

Differential Revision: https://secure.phabricator.com/D8769
2014-04-14 12:08:04 -07:00
epriestley
f4c8a34abe Remove several "loadArcanistProject()" methods
Summary:
Ref T3551. Releeph has old-style `loadX()` methods; get rid of one of them.

Differential has a couple of copies of this too, clean them up.

Test Plan:
  - Viewed various differential revisions (with and without projects).
  - Viewed and edited Releeph products.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3551

Differential Revision: https://secure.phabricator.com/D8768
2014-04-14 12:07:32 -07:00
epriestley
05e30a024d Unban releeph product name "branch"
Summary:
Fixes T3657. We no longer construct ambiguous URIs, so product names are no longer restricted.

Also fix some minor URI construction stuff.

Test Plan: Created a product called "branch".

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3657

Differential Revision: https://secure.phabricator.com/D8767
2014-04-14 12:07:14 -07:00
epriestley
6deab24475 Remove ReleephProjectController
Summary:
Ref T3657. General changes here:

  - Removes `ReleephProjectController`, which is the source of T3657.
  - Mostly moves requests from "RQ" as a monogram to "Y" (looks like a merge, mnemonic for "yank"?, we don't have too many characters left). This should be essentially only cosmetic. This reduces ambiguity with "rQ" and "R123", which are current and future repository monograms. This will continue in the next few diffs.
  - Makes requests implement policies correctly.

Test Plan: Created, edited, browsed requests.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3657

Differential Revision: https://secure.phabricator.com/D8766
2014-04-14 12:06:56 -07:00
epriestley
6899fbcf29 Add DifferentialHunkQuery to start hiding hunk storage details
Summary:
Ref T4045. We have a lot of direct queries against the hunk table right now. These are messy, not really policy-aware, and limit our options on T4045.

This query is unusual (it requires changesets, and does not accept IDs). This keeps us from having to load changeset -> diff -> revision in order to do policy checks. We could also fix this with smarter policy checks and caching, but I'd rather not open that can of worms for now. This object is very low level and relatively unusual, and this small deviation from convention seems like the cleanest cut to make to keep this from snowballing.

Test Plan: Used Herald dry runs to verify that the affected rules still output the same data.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4045

Differential Revision: https://secure.phabricator.com/D8765
2014-04-14 12:06:26 -07:00
epriestley
aaf1320b02 Simplify Herald logic for loading Differential changes
Summary: Ref T4045. These three methods are fairly copy-pastey. Provide a more formal DifferentialHunk API for querying various types of line ranges.

Test Plan: Used test console to verify that "added content", "removed content", and "changed content" rules still produce the same data.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4045

Differential Revision: https://secure.phabricator.com/D8764
2014-04-14 12:06:20 -07:00
epriestley
2712091a71 Move Releeph branch controllers toward a modern/stable state
Summary:
Ref T3644. Ref T3657. Ref T3549. Basically:

  - Move these controllers to modern query/policy infrastructure.
  - Move them to consistent, ID-based URIs.
  - Rename "Project" to "Product"; "Pick Request" to "Pull Request".
  - Clean up a few UI things here and there.

Test Plan:
  - Created and edited branches.
  - Opened and closed branches.
  - Viewed branch history.
  - Searched within a branch.
  - Browsed to branches from products.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3644, T3549, T3657

Differential Revision: https://secure.phabricator.com/D8646
2014-04-12 16:53:51 -07:00
Bob Trahan
cb675a46a2 Differential - fix bug writing affected paths
Summary: Fixes T4774. With the new code and configuration instructions downplaying the role of arcanist project we weren't writing affected paths at all! I had this issue on my installation - no affected paths were written. We seem to always have the repository now though if we can see it, so not too bad of a fix.

Test Plan: updated a diff and was able to browse in diffusion.

Reviewers: epriestley, bitglue

Reviewed By: epriestley, bitglue

Subscribers: bitglue, epriestley, Korvin

Maniphest Tasks: T4774

Differential Revision: https://secure.phabricator.com/D8757
2014-04-11 12:54:21 -07:00
Bob Trahan
f86ab666f6 Differential - make diffs you authored + are reviewer for show up in appropos boxes
Summary: Fixes T2328. Note the audit part is fixed now.

Test Plan: Tried to reproduce the audit issue by raising my own commit as a problem; it showed up before code changes! Made a diff with my self as author and reviewer; it showed up as expected

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T2328

Differential Revision: https://secure.phabricator.com/D8755
2014-04-11 10:31:07 -07:00
epriestley
499f66963d Minor, fix the scoping of a static variable
Auditors: chad, btrahan
2014-04-11 04:24:58 -07:00
Ben Alpert
ac0ad2e016 Fix typo in variable name
Summary: Follow-up to D8758.

Test Plan: Crossed fingers.

Reviewers: #blessed_reviewers, chad, epriestley

Reviewed By: #blessed_reviewers, chad, epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8759
2014-04-11 04:18:24 -07:00
Bob Trahan
524e8a64f4 Countdown - use better date control
Summary: Fixes T3576

Test Plan: made a countdown and it looked right on view. edited it and it had the right values pre and post edit.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T3576

Differential Revision: https://secure.phabricator.com/D8754
2014-04-10 18:14:47 -07:00
epriestley
650bc97ed7 Don't load every commit if there are no local hashes
Summary: We make a silly query for every commit if you copy/paste a diff.

Test Plan: Copy/pasted diffs now render in fewer than 30 seconds.

Reviewers: btrahan, spicyj

Reviewed By: btrahan, spicyj

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8758
2014-04-10 18:09:54 -07:00
Joshua Spence
e7419d85f7 Set celerity.minify true in production environments.
Summary: I haven't been able to understand why this isn't set by default in production environments (since it is recommended to do so anyway).

Test Plan: N/A

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8743
2014-04-10 14:39:05 -07:00
Bob Trahan
3e0b3a1db5 Feed - fix some whacky "text mode" rendering code
Summary: ...add a "renderingTarget" to FeedStory and use it as appropos. Overall, not a ton of changes was necessary to make this work. I think this could be made to be even cleaner by going through each and every feed story and re-implementing as necessary with the full toolset available. But this is good enough for now I think, and just something to keep cleaning up when we're in here. Fixes T4630.

Test Plan: made a task. gave it a token. viewed my feed - saw stories. used conduit.feed.query with mode == 'text' and got good readable results.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: spicyj, epriestley, Korvin

Maniphest Tasks: T4630

Differential Revision: https://secure.phabricator.com/D8750
2014-04-10 13:46:02 -07:00
Bob Trahan
4b56dbed3a Herald - make tokenizers have the purdy icons
Summary: ...use the prefab stuff as it does fancier things than we were doing. Only trick then really is to pass username and the map of handle phids => icons to the client so prefab can work nicely. Fixes T4775.

Test Plan: made a herald rule with projects and users. Saw nice icons. Reloaded page and still saw nice icons.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4775

Differential Revision: https://secure.phabricator.com/D8749
2014-04-10 12:38:15 -07:00
epriestley
facd3ea8ef Modernize chatlog a bit
Summary:
Ref T4786. This doesn't fully fix the issue since there's no way to make channels public yet, but gets some of the infrastructure more up to date.

  - Allow public access to the list and log controllers.
  - Implement proper policy checks in the Events (this has no practical impact on the only controller that loads this stuff, it's just for general/future purposes).
  - Remove a old-style unused method for building page frames.

Test Plan: Viewed log list and log details as logged-in and logged out users.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4786

Differential Revision: https://secure.phabricator.com/D8746
2014-04-10 11:45:21 -07:00
epriestley
ab7d89edc8 Use better secrets in generating account tokens
Summary:
When we generate account tokens for CSRF keys and email verification, one of the inputs we use is the user's password hash. Users won't always have a password hash, so this is a weak input to key generation. This also couples CSRF weirdly with auth concerns.

Instead, give users a dedicated secret for use in token generation which is used only for this purpose.

Test Plan:
  - Ran upgrade scripts.
  - Verified all users got new secrets.
  - Created a new user.
  - Verified they got a secret.
  - Submitted CSRF'd forms, they worked.
  - Adjusted the CSRF token and submitted CSRF'd forms, verified they don't work.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8748
2014-04-10 11:45:10 -07:00
Brayden Winterton
b660960771 Add a priorityColor property to the maniphest conduit endpoint
Summary:
I added a getTaskPriorityColor function to the ManiphestTaskPriority class which returns the color set in the maniphest config for the given priority.

This is in preparation for a change to arcanist which will allow it to display the priority color (if it is a supported color) upon running `arc tasks`.

Fixed some linting issues

Test Plan:
Invoke the maniphest.info method from conduit and ensure that:
 * The priorityColor property is given in the json
 * the priorityColor property is set correctly

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8734
2014-04-09 11:32:08 -07:00
Bob Trahan
2d43cf1296 OAuth - add a little notes section for admins to remember details about external accounts
Summary: Fixes T4755. This also includes putting in a note that Google might ToS you to use the Google+ API. Lots of code here as there was some repeated stuff between OAuth1 and OAuth2 so I made a base OAuth with less-base OAuth1 and OAuth2 inheriting from it. The JIRA provider remains an independent mess and didn't get the notes field thing.

Test Plan: looked at providers and read pretty instructions.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4755

Differential Revision: https://secure.phabricator.com/D8726
2014-04-09 11:09:50 -07:00
epriestley
8b3eced0c7 Make Maniphest project prefill more modern and standard
Summary: Fixes T4777. We technically support `?projects=...` already, but parse it in an unusual way and apply old, awkward, excessively strict lookups to it.

Test Plan: Used reasonable, standard, human-readable strings to prefill `?projects=` and got the results I expected.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T4777

Differential Revision: https://secure.phabricator.com/D8733
2014-04-09 08:37:23 -07:00
Brayden Winterton
dffbbaf0a6 Added isClosed property to maniphest conduit endpoint in order to fix an issue with arcanist when displaying tasks
Summary:
Arcanist is currently displaying all tasks as closed when invoking `arc tasks`.
This is because arcanist is setting the display to closed if there is anything in the `status` property. Adding an isClosed property will allow arcanist to properly display open/closed status on tasks by checking against the isClosed property. The isClosed property will be set according to the closed property that is set on each status in maniphest.

Test Plan:
Invoke the conduit maniphest.info method on any task and insure that:
 # The isClosed property is included in the properties
 # that it is set properly according to the statuses set for maniphest.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: chad, epriestley, Korvin

Maniphest Tasks: T4744

Differential Revision: https://secure.phabricator.com/D8731
2014-04-09 07:47:31 -07:00
lkassianik
01552d85de Show Projects bucket unconditionally in repository summary screen
Summary: fixes T4753

Test Plan: looked at repository with projects, looked at repository with no projects

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: chad, epriestley, Korvin

Maniphest Tasks: T4753

Differential Revision: https://secure.phabricator.com/D8730
2014-04-08 19:48:31 -07:00
epriestley
4d0935ba5e Rate limit requests by IP
Summary:
Fixes T3923. On `secure.phabricator.com`, we occasionally get slowed to a crawl when someone runs a security scanner against us, or 5 search bots decide to simultaneously index every line of every file in Diffusion.

Every time a user makes a request, give their IP address some points. If they get too many points in 5 minutes, start blocking their requests automatically for a while.

We give fewer points for logged in requests. We could futher refine this (more points for a 404, more points for a really slow page, etc.) but let's start simply.

Also, provide a mechanism for configuring this, and configuring the LB environment stuff at the same time (this comes up rarely, but we don't have a good answer right now).

Test Plan: Used `ab` and reloading over and over again to hit rate limits. Read documentation.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: chad, epriestley

Maniphest Tasks: T3923

Differential Revision: https://secure.phabricator.com/D8713
2014-04-08 18:36:21 -07:00
Ben Alpert
a7272dfb03 Switch back to zwsp for oncopy line marker
Summary:
Fixes T4759.

Turns out Chrome on windows doesn't really like the word joiner character. We'll switch back to zwsp but make it `position: absolute;` so it doesn't turn into a line break.

Test Plan: Looked at diffs in IE9 and Chrome Windows. Made sure copying still works as expected.

Reviewers: chad, #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4759

Differential Revision: https://secure.phabricator.com/D8727
2014-04-08 17:55:48 -07:00
epriestley
563a1ac5bf Fix parsing and storage of generated SSH keys
Summary: Fixes T4772. We weren't parsing generated public keys properly, and were storing them in the wrong format.

Test Plan:
  - Updated a private key.
  - Generated a public key.
  - Saved the public key.
  - Used a generated private key to authenticate.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4772

Differential Revision: https://secure.phabricator.com/D8721
2014-04-08 14:52:37 -07:00
epriestley
f79320e64e Render default/current settings in the same format they'll be edited
Summary:
Fixes T4773. For config settings of type `list<string>`, `set`, or `list<regex>`, the "defaults" table and "examples" aren't always in the same format you should actually use when changing the setting.

This is pretty confusing. Instead, always show the settings in the desired format. For example, if the user should enter a newline-separated list, show them a newline separated list.

Test Plan:
  - Grepped for `list<string>`, `list<regex>`, and `'set'`; verified all the config had the right example format (most already did).
  - Viewed config settings of various kinds, including custom settings.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4773

Differential Revision: https://secure.phabricator.com/D8725
2014-04-08 12:09:43 -07:00
Bob Trahan
d5ded805b2 Herald - fix change type bug
Summary: wasn't working due to some type issues. Fixes T4756. I also made it display nicer while I was debugging this.

Test Plan: created a herald rule to block changes that added refs. git tag -a "test" -m "test test"; git push origin test got me blocked!

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4756

Differential Revision: https://secure.phabricator.com/D8724
2014-04-08 11:58:28 -07:00
epriestley
582ec54465 Add a checkbox to the LDAP auth configuration UI to "Always Search"
Summary: Fixes T3208. This forces us to bind+search even if there are no anonymous credentials.

Test Plan: Checked the box, saved the form. Unchecked the box, saved the form. LDAP??

Reviewers: Firehed

Reviewed By: Firehed

Subscribers: epriestley

Maniphest Tasks: T3208

Differential Revision: https://secure.phabricator.com/D8723
2014-04-08 11:36:23 -07:00
epriestley
58ba8e7d63 Use correct viewer for debug.stop-on-redirect
Summary:
See <https://github.com/facebook/phabricator/pull/563>.

I think this secondary construction of a `$user` is very old, and predates subsequent changes which cause a proper user to construct earlier, so using the user on the `$request` should (I think) always work. I couldn't immediately find any cases where it does not.

Test Plan: With `debug.stop-on-redirect` set, hit various redirects, like jump-naving to T1. Got a proper stop dialog.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8718
2014-04-08 10:27:05 -07:00
epriestley
b937bf5946 Spell "eventually" correctly, eventually.
Auditors: btrahan
2014-04-08 10:26:33 -07:00
epriestley
e8e62f82ce Hide "Land to hosted git" button for now
Summary: Ref T182. This feature rarely/never works and is on the balance enormously confusing to users (see <https://github.com/facebook/phabricator/issues/566>). If installs have somehow made it sort of work, they can comment this line out for now until we have time to make this work more reasonably.

Test Plan: Looked at a revision in Differential.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T182

Differential Revision: https://secure.phabricator.com/D8719
2014-04-08 08:05:28 -07:00
epriestley
88dc1cf3f6 Add a basic CSS doc
Summary: Fixes T3426. This describes all the weird stuff we've got, at least. We can expand this as we get more contributors or after writing CSS lint.

Test Plan: Read document.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T3426

Differential Revision: https://secure.phabricator.com/D8720
2014-04-08 08:05:05 -07:00
epriestley
740fbba961 Add meta referrer tag to all pages
Summary: Ref T4342. Puts meta="referrer" on everything.

Test Plan: In Safari, used the Charles http proxy to verify this change actually stops referrers from being sent.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4342

Differential Revision: https://secure.phabricator.com/D8712
2014-04-08 05:14:15 -07:00
epriestley
bd0011076b Don't disrupt repository import chain when publishing is disabled
Summary:
Fixes T4736. Currently, we incorrectly skip the `writeImportStatusFlag()` call if publishing is disabled (the `herald-disabled`) check. This means we don't flag the commit as imported, and don't move the pipeline forward correctly.

Instead, we only want to skip the owners stuff, not the pipeline stuff. Move that to a method.

(Also fix a nearby TODO now that we have a permanent failure exception.)

Test Plan:
  - Used `scripts/repository/reparse.php --owners ...` to execute this code, fiddled with things to hit both the disabled and enabled branches and verified the flag stuff is still reached.
  - Faked the exceptions and made sure they raise correctly.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4736

Differential Revision: https://secure.phabricator.com/D8715
2014-04-08 05:13:28 -07:00
Ben Alpert
cd829434d4 Include storyText in feed POST data
Summary: I also changed PhabricatorApplicationTransactionFeedStory and the TokenGivenFeedStory to include only the title/first line of the feed story, which is more convenient (previously, strip_tags gave a multi-line story without even any linebreaks) and more consistent with the other story types.

Test Plan: Added a requestbin URL to feed.http-hooks, commented on a Differential, and saw storyText equal to "alpert added a comment to D2: c." in the POST data it received.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Maniphest Tasks: T4630

Differential Revision: https://secure.phabricator.com/D8710
2014-04-06 11:48:39 -07:00
epriestley
b03912213f Add original mail headers to the bottom of error mail
Summary: From IRC, this is sometimes helpful for debugging if there's a mailing list issue or something like that. For example, it can show "To" and "Cc".

Test Plan: Got some email, saw headers in it.

Reviewers: dctrwatson, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8708
2014-04-06 07:57:03 -07:00
Chad Little
3b33089de7 Don't show 'needs review' on DifferentialObjects
Summary:
This text is overly repetitive and is not super important. Keeps the other states. Also

- Easier to parse reviewers now
- Mobile is less janky

Test Plan:
reload my list of diffs

{F138756}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8707
2014-04-04 14:00:28 -07:00
Bob Trahan
c408168c25 Diffusion - Warn users to explicitly provide PATH for SVN hosted repositories
Summary: Fixes T4547.

Test Plan: saw the warning, looked good

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4547

Differential Revision: https://secure.phabricator.com/D8706
2014-04-04 12:47:10 -07:00
Bob Trahan
f67a853fe7 Audit - add ability to add a package as an auditor
Summary: Fixes T4687. This was also pretty easy...!

Test Plan: made a package with a test user as owner. added package as owner. looked right on commit page. logged in as test user and verified audit showed up on home page.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: chad, epriestley, Korvin

Maniphest Tasks: T4687

Differential Revision: https://secure.phabricator.com/D8705
2014-04-04 12:25:03 -07:00
Bob Trahan
496a7d8967 Transactions - make edit transactions that are grouped work nicely
Summary: ...the key is to move a layer lower and beam down the updated comment. There is a wee bit of Javascript gymnastics going on here. Fixes T4608.

Test Plan: made a comment + resolve. clicked edit and made changes. noted transaction updated correctly and "history" link worked. edited again to a deletion and noted the "this is deleted" looked right and history link still worked

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin, chad

Maniphest Tasks: T4608

Differential Revision: https://secure.phabricator.com/D8702
2014-04-04 12:23:22 -07:00
Bob Trahan
6b5308c981 Audit - add ability to add user or projects as auditors
Summary: Ref T4687. Trickier part is adding packages; will require some typeahead core changes

Test Plan: add a project as an auditor succuessfully!

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4687

Differential Revision: https://secure.phabricator.com/D8704
2014-04-04 11:29:10 -07:00
epriestley
c8cf7bb506 Simplify some more older mail error handling code
Summary: Ref T4371. We can reuse more code for this "your stuff is empty" error, now, and benefit from global rate limiting and being able to reply to arbitrary addresses.

Test Plan: Sent valid, empty, and empty-ignored email via `mail_handler.php`, got appropriate actions/errors/states.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4371

Differential Revision: https://secure.phabricator.com/D8701
2014-04-04 11:14:33 -07:00
epriestley
2f01214322 Restore reply instructions to ApplicationTransaction email
Summary: This "Reply to comment, etc., etc." section got lost along the way at some point. Restore it for transaction mail.

Test Plan: Received mail from Maniphest with reply instructions.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8700
2014-04-04 11:14:21 -07:00
epriestley
7f81fd4bf4 Make contextual matching of project monograms more liberal
Summary:
We currently share the same regexp between PHID matching (usually unambiguous) and remarkup matching (often ambiguous).

This means that some project monograms which should work fine don't work properly in some contexts. Improve these behaviors.

For example:

  - `#domain.com`
    - Previously did not work at all.
    - Now works in unambiguous cases, and in remarkup.
  - `#1`
    - Previously did not work at all.
    - Now works in unambiguous cases.
  - `#dot.`
    - Previously did not work at all.
    - Now works in unambiguous cases.

Test Plan:
  - Created projects `domain.com`, `1`, etc.
  - Used jump nav to match them unambiguously, everything worked.
  - Used remarkup preview to match them ambiguously, the reasonable ones worked.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8703
2014-04-04 11:13:06 -07:00
epriestley
e3b5737d02 Support CustomField in Herald, mostly
Summary: Ref T655. Ref T418. This mostly supports CustomFields in Herald, for conditions only.

Test Plan: {F137845}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T418, T655

Differential Revision: https://secure.phabricator.com/D8695
2014-04-03 18:43:49 -07:00
epriestley
d9cdbdb9fa When we fail to process mail, tell the user about it
Summary:
Ref T4371. Ref T4699. Fixes T3994.

Currently, we're very conservative about sending errors back to users. A concern I had about this was that mistakes could lead to email loops, massive amounts of email spam, etc. Because of this, I was pretty hesitant about replying to email with more email when I wrote this stuff.

However, this was a long time ago. We now have Message-ID deduplication, "X-Phabricator-Sent-This-Mail", generally better mail infrastructure, and rate limiting. Together, these mechanisms should reasonably prevent anything crazy (primarily, infinite email loops) from happening.

Thus:

  - When we hit any processing error after receiving a mail, try to send the author a reply with details about what went wrong. These are limited to 6 per hour per address.
  - Rewrite most of the errors to be more detailed and informative.
  - Rewrite most of the errors in a user-facing voice ("You sent this mail..." instead of "This mail was sent..").
  - Remove the redundant, less sophisticated code which does something similar in Differential.

Test Plan:
  - Using `scripts/mail/mail_receiver.php`, artificially received a pile of mail.
  - Hit a bunch of different errors.
  - Saw reasonable error mail get sent to me.
  - Saw other reasonable error mail get rate limited.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3994, T4371, T4699

Differential Revision: https://secure.phabricator.com/D8692
2014-04-03 18:43:18 -07:00
Ben Alpert
f9a92c7631 Sort inline comments by id in case of ties
Summary: This ensures that two comments by the same author on the same line are sorted properly.

Test Plan: Before this patch, made two comments that appeared in the wrong order. With this patch, they sort correctly.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8697
2014-04-03 18:41:58 -07:00
Ben Alpert
133772d7eb Set from name when $can_send_as_user is true
Test Plan: Crossed fingers.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8694
2014-04-03 17:51:23 -07:00
Ben Alpert
a0ac3d6716 Add colgroup in differential "shield" tables
Summary: Fixes minor brokenness from D8686.

Test Plan: Expanded a generated file, saw a normal-looking diff.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8693
2014-04-03 15:50:02 -07:00
Chad Little
7446402f92 Differential Action List on Mobile
Summary: Make the actions appear in crumbs on mobile

Test Plan: Test action list on a mobile diff layout

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4730

Differential Revision: https://secure.phabricator.com/D8691
2014-04-03 12:01:04 -07:00
epriestley
c9311a9eae Make errors in dialogs look reasonable instead of hideous
Summary: I accidentally made these exceptionally ugly recently.

Test Plan: {F137411}

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley, chad

Differential Revision: https://secure.phabricator.com/D8684
2014-04-03 11:23:03 -07:00
epriestley
957b9c1729 Restore Maniphest status transactions for burnup chart purposes
Summary: The "burnup chart" relies on these to determine when tasks opened and we recently stopped writing them. Keep writing them for now. They're fluff and don't show up in the UI, but draw the right chart.

Test Plan: Saw chart go up when I made tasks.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8682
2014-04-03 11:22:47 -07:00
epriestley
847b7977c1 Add semi-generic rate limiting infrastructure
Summary:
This adds a system which basically keeps a record of recent actions, who took them, and how many "points" they were worth, like:

  epriestley email.add 1 1233989813
  epriestley email.add 1 1234298239
  epriestley email.add 1 1238293981

We can use this to rate-limit actions by examining how many actions the user has taken in the past hour (i.e., their total score) and comparing that to an allowed limit.

One major thing I want to use this for is to limit the amount of error email we'll send to an email address. A big concern I have with sending more error email is that we'll end up in loops. We have some protections against this in headers already, but hard-limiting the system so it won't send more than a few errors to a particular address per hour should provide a reasonable secondary layer of protection.

This use case (where the "actor" needs to be an email address) is why the table uses strings + hashes instead of PHIDs. For external users, it might be appropriate to rate limit by cookies or IPs, too.

To prove it works, I rate limited adding email addresses. This is a very, very low-risk security thing where a user with an account can enumerate addresses (by checking if they get an error) and sort of spam/annoy people (by adding their address over and over again). Limiting them to 6 actions / hour should satisfy all real users while preventing these behaviors.

Test Plan:
This dialog is uggos but I'll fix that in a sec:

{F137406}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8683
2014-04-03 11:22:38 -07:00
Ben Alpert
9fedd343eb Break long words in differential two-up view
Summary: This should prevent long lines from making the code width different between files, which can be annoying. (And of course, it stops long lines from making a giant scrollbar too.)

Test Plan:
Loaded this diff in Chrome, Firefox, IE9, and IE8:

{F137505}

(That's a screenshot from Chrome, but it looks about the same in the other browsers.)

Reviewers: chad, #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin, chad

Maniphest Tasks: T2004

Differential Revision: https://secure.phabricator.com/D8686
2014-04-03 09:40:00 -07:00
James Rhodes
85394a9e9e Set name parameter when saving file via Drydock
Summary: This sets the name parameter when Drydock uploads a file so that the storage engine picks it up correctly.

Test Plan: N/A

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8673
2014-04-03 09:21:36 -07:00
James Rhodes
3e6bfda0ca (Celerity) Fix mimetype for JPEG files so IE will load them
Summary: IE won't load background images in a page that are served with the mimetype "image/jpg" as it only recognises the "image/jpeg" mimetype.

Test Plan: Spent an hour or two going back and forth between Linux (to dev) and Windows (to test) to find the source of this issue, then flipped several tables at IE for being terrible.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8689
2014-04-03 09:18:42 -07:00
Ben Alpert
2bd8603d95 Update Celerity docs
Test Plan: Crossed fingers.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin, chad

Differential Revision: https://secure.phabricator.com/D8687
2014-04-03 06:09:02 -07:00
Chad Little
3005b7a7b1 Mobile Differential Diff Review (2-up)
Summary:
This does two things

 - Modernizes Table of Contents
 - Makes Differential reasonable on mobile

I say resonable, as you still have to scroll horizontal to see the entire diff. This is minor as the rest of the page is 100x more useful. A 1-up view would be preferred, but this is still an improvement.

Test Plan: Used iOS simulator for browsing diffs.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin, chad

Differential Revision: https://secure.phabricator.com/D8681
2014-04-02 21:49:28 -07:00
Bob Trahan
c6cbff1997 Differential - modernize "Local Commits" table
Summary: ...also link to commits we know about in "Local Commits" and "Revision Update History" tables. Fixes T4585.

Test Plan: made a repo. made a diff (foo) and committed it (bar). made a new diff that was comprised of two local commits. noted links to (bar) in various commit hashes as expected

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin, chad

Maniphest Tasks: T4585

Differential Revision: https://secure.phabricator.com/D8679
2014-04-02 13:18:11 -07:00
epriestley
af0b749369 Fix many lies in the "User Roles" document
Summary: Fixes T3047. Update this document and remove some lies ("menu bar is read in admin interfaces"!!!!).

Test Plan:
  - Read text.
  - Searched for "System Agent" in the UI and replaced it with "bot" or "bot/script" or similar.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3047

Differential Revision: https://secure.phabricator.com/D8675
2014-04-02 12:06:56 -07:00
epriestley
3294649a02 Make user creation process simpler
Summary:
Fixes T4065. This divides user creation into separate "Standard User" and "Script/Bot" workflows which show only relevant fields and provide guidance.

This fixes the verification mess associated with script/bot users by verifying their email addresses automatically.

Test Plan:
  - Created a standard user.
  - Created a script/bot.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4065

Differential Revision: https://secure.phabricator.com/D8674
2014-04-02 12:06:27 -07:00
epriestley
1df9a6e6b0 Move "Send Welcome Email" to profiles and nuke old weird edit UI
Summary: Ref T4065. Moves the last of the weird alternate edit UI to profiles. The old "Edit" controller is now for creation only, and the funky pencil icon is gone.

Test Plan: Created accounts; sent welcome email.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4065

Differential Revision: https://secure.phabricator.com/D8670
2014-04-02 12:06:17 -07:00
epriestley
04b9f94602 Give administrators selective access to System Agent settings panels
Summary: Ref T4065. Give administrators an "Edit Settings" link from profiles, which allows selective edit of settings panels. Enable Conduit, SSH Keys, and VCS Password.

Test Plan:
  - Used these panels for a bot.
  - Used these panels on my own account.
  - Tried to use these panels for a non-bot account, was denied.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4065

Differential Revision: https://secure.phabricator.com/D8668
2014-04-02 12:06:05 -07:00
epriestley
c9268c4858 Put Disable/Admin flags on profiles
Summary: Ref T4065. Moves the "disable / enable" and "make / unmake administrator" actions to profiles.

Test Plan: Disabled and enabled users, and made and unmade administrators.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4065

Differential Revision: https://secure.phabricator.com/D8666
2014-04-02 12:05:49 -07:00
epriestley
b6b2e65511 Allow administrators to edit System Agent information from the agent's profile
Summary:
Ref T4065. Currently, we have this super copy/pasted "edit profile picture" UI for system agents.

Instead, give administrators direct access from profiles, so they can use the same code pages do.

Test Plan: Edited my profile picture and profile details. Edited an agent's. Was unable to edit a non-agent user.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4065

Differential Revision: https://secure.phabricator.com/D8664
2014-04-02 12:05:34 -07:00
epriestley
b53134bf32 Move "Change Username" from weird edit panel to standard object action
Summary: Ref T4065. Make this work in a more standard way which administrators have a reasonable shot at finding and using. See D8662 for discussion.

Test Plan: Changed a user's username.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4065

Differential Revision: https://secure.phabricator.com/D8663
2014-04-02 12:05:19 -07:00
epriestley
a6a19ac721 Move "Delete User" action to user profiles
Summary:
Ref T4065. The existence of two separate edit workflows for users is broadly confusing to administrators.

I want to unify user administration and improve administration of system agent accounts. Particularly, I plan to:

  - Give administrators limited access to profile editing of system agents (e.g., change profile picture).
  - Give administrators limited access to Settings for system agents.
  - Broadly, move all the weird old special editing into standard editing.

Test Plan:
  - Hit all the errors (delete self, no username, wrong username).
  - Deleted a user.
  - Visited page as a non-admin, got 403'd.
  - Viewed old edit UI.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4065

Differential Revision: https://secure.phabricator.com/D8662
2014-04-02 12:05:07 -07:00
epriestley
81fa847bc5 Make "JIRA Issues" field work better with noncredentialed accounts
Summary:
Currently, users get an error when making any changes to this field if they don't have a linked JIRA account.

Instead:

  - We should only raise an error if they're trying to //add// issues, and only on the new issues. It's always fine to remove issues, and existing issues the author can't see are also fine.
  - When we can't add things because there's no account (vs because there's a permissions error or they don't exist), raise a more tailored exception.

Test Plan:
  - As JIRA and non-JIRA users, made various edits to this field.
  - Got appropriate exceptions, including better tailoring.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: mbishopim3, epriestley

Differential Revision: https://secure.phabricator.com/D8676
2014-04-02 12:03:59 -07:00
Bob Trahan
b50426a98f Herald - print out rule monogram rather than rule phid on transcript controller
Summary: Fixes T4632.

Test Plan: viewed a transcript for rule x which depends on rule y and noted "rule y" printed out rather than "PHID-BLAH-BLAH"

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4632

Differential Revision: https://secure.phabricator.com/D8678
2014-04-02 11:59:50 -07:00
Bob Trahan
69b8f56cda Fix maniphest "create" transactions
Summary: the quotes are 'cuz "create" is inferred. Previously, we inferred on "status", but since we set that on "initializeNewTask" instead infer off "title" (aka "name") like most other apps do. Only hairy tweak was to elevate TYPE_TITLE to the most important of all maniphest transactions, which doesn't actually seem too unreasonable if not correct even? Fixes T4686.

Test Plan: made a new task, used bin/mail, got the right headers (mail vary prefix == created)

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4686

Differential Revision: https://secure.phabricator.com/D8639
2014-04-01 14:26:03 -07:00
epriestley
ff98565db6 Fix an issue where email for "accepted" revisions would fatal
Summary: When trying to render "BRANCH", we need the active diff. Load it
in general since it seems reasonable for custom fields to expect it to
exist during mail rendering.
2014-04-01 13:35:01 -07:00
Bob Trahan
750a30d441 Hide uninstalled applications on the "Home Application Tiles" preferences page
Summary: Fixes T4685.

Test Plan: loaded home page settings and saw phrequent, uninstalled phrequent, refreshed, and no longer saw phrequent!

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4685

Differential Revision: https://secure.phabricator.com/D8640
2014-04-01 12:27:52 -07:00
epriestley
a6b1fac117 Fix SVN translation of "add-file" protocol frames over SSH
Summary: Fixes T4697. When pushing moved/copied files, SVN sends an "add-file" protocol frame which has a URI in it that needs translation from external format ("/diffusion/X/") to internal format ("/path/to/svn").

Test Plan:
  - Copied/moved files and committed them in SVN.
  - Added files (no copy/move) and committed them in SVN.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4697

Differential Revision: https://secure.phabricator.com/D8654
2014-04-01 08:23:48 -07:00
epriestley
cf6f7446ce Restore "Branch" and "changes since last update" fields to Differential mail
Summary: Ref T418. Fixes T4642. The "changes since last update" and "branch" fields got dropped; restore them in a general, field-driven way.

Test Plan:
  - Created a revision, got relevant sections in mail.
  - Commented on a revision, got relevant sections in mail.
  - Updated a revision, got relevant sections in mail.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: spicyj, epriestley

Maniphest Tasks: T418, T4642

Differential Revision: https://secure.phabricator.com/D8657
2014-04-01 08:23:34 -07:00
epriestley
3aabfc7f4d Fix JIRA integration from "arc" commit messages
Summary: Fixes T4683. This was just a missing method implementation. Also provide a couple of translation things.

Test Plan:
  - Created a revision from the command line with a nonempty `JIRA Issues:` line, via `arc diff`.
  - Looked at the translation strings.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T4683

Differential Revision: https://secure.phabricator.com/D8656
2014-03-31 09:27:30 -07:00
Ben Alpert
deba531401 Send mail to audit comment author too
Summary: Previously, you would not receive a mail message for the first comment you make on an audit, but you would for subsequent comments because everyone who's made a comment would be CCed on the email. This mirrors DifferentialTransactionEditor's getMailTo which always adds `$object->getAuthorPHID()`.

Test Plan: With self mail turned on, made the first comment on a commit and received an email for it. With self mail turned off, commented on a different commit and saw in `bin/mail list-outbound` that the message was voided.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8650
2014-03-31 07:52:51 -07:00
Chad Little
42da874691 Update Phriction History UI
Summary: Uses cards, fixes bgcolors.

Test Plan: View edit history on a few documents.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin, chad

Differential Revision: https://secure.phabricator.com/D8648
2014-03-30 11:18:49 -07:00
Carl Jackson
213eea7bdd Fix Mailgun Reply-To handling
Summary:
When sending the "Reply-To" header to Mailgun, Phabricator would
previously send two headers for every "Reply-To": "Reply-To[0][email]" and
"Reply-To[0][name]". Instead, explicitly build the header as specified by RFC
2822 and send it to Mailgun pre-baked.

Pretty sure this bug was a cargo-cult from the Sendgrid code, where (apparently)
this actually works.

Test Plan:
Triggered an email from Phabricator, saw that the header was sent
properly.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8645
2014-03-29 10:53:52 -07:00
Chad Little
cca5078d9f Make attention count yellow
Summary:
It needs attention! Serious color for serious action.

Also, Flags probably need urgent action!1!

Test Plan: Reload Hompage, see new color

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin, chad

Differential Revision: https://secure.phabricator.com/D8644
2014-03-29 10:26:53 -07:00
epriestley
8c88180ee1 Rename project -> product on edit/create UIs
Summary: Ref T3092. Ref T3549. Modernize the product creation and edit UIs and make them say "product" instead of "project".

Test Plan:
  - Created products.
  - Edited products.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3092, T3549

Differential Revision: https://secure.phabricator.com/D8636
2014-03-29 09:16:40 -07:00
epriestley
98b0b5e62b Rename more project -> product in Releeph
Summary:
Ref T3549.

  - Renames most "project" in view/list controllers.
  - Moves away from "ProjectController".
  - Modernizes some modern UI.

Test Plan:
  - Viewed product lists.
  - Viewed product detail pages.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3549

Differential Revision: https://secure.phabricator.com/D8635
2014-03-29 09:16:24 -07:00
epriestley
c7bcecb9b0 Use ApplicationTransactions for Releeph product activity
Summary:
Ref T3549. Ref T3663.

  - Use transactions for activate/deactivate.
  - Rename some "project" -> "product".

Test Plan:
  - Activated products.
  - Deactivated products.

{F135480}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3663, T3549

Differential Revision: https://secure.phabricator.com/D8634
2014-03-29 09:16:02 -07:00
epriestley
d3dbbec88d Rename Releeph "Project" transactions to "Product"
Summary: Ref T3549. This table isn't written to yet; rename it and the DAOs and modernize the history controller.

Test Plan: Viewed history page for a product.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3549

Differential Revision: https://secure.phabricator.com/D8633
2014-03-29 09:15:09 -07:00
epriestley
a5ad923573 Modernize Releeph "Product Activate" controller
Summary:
Ref T3549. A few things here:

  - Releeph has an object called a "Project". We'd like to call this a "Product" instead. See T3549. Rename easy instances that don't break URIs.
  - Releeph has a "ProjectController" which tries to be smart about loading objects. However, it's big and messy and doesn't have the finesse to do policies or `needX(...)` correctly. It also generates URIs which collide with one another. Introduce "ProductController" to start to move away from it.
  - Some small modernizations to this controller to take advantage of newer infrastructure (like easier dialog rendering).

Test Plan: Deactivated and reactivated products.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3549

Differential Revision: https://secure.phabricator.com/D8632
2014-03-29 09:14:44 -07:00
epriestley
6c8cef3bee Remove ReleephUserView
Summary:
Fixes T3738. Facebook uses this to provide a couple of integrations (push karma, is user an intern?), but the mechanism is both very complex and not very general.

Instead, these features are better implemented in Hovercards or via CustomField. We'll help Facebook integrate things when the time comes, but per discussion in T3738 none of this is critical or especially complicated.

Test Plan:
  - Grepped for all callsites.
  - Viewed a request and verified that author/requestor populated and rendered correctly.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T3738

Differential Revision: https://secure.phabricator.com/D8631
2014-03-29 09:14:32 -07:00
epriestley
ce5714526a Remove Releeph "Authors" rules
Summary:
Fixes T3659. Releeph has some awkward complexity around who ends up as a commit author. Instead, we should always try to use the original author.

Metadata (like the requestor's identity) should be accessed via Conduit or other channels instead.

Test Plan: Saved some projects, grepped for all related symbols.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T3659

Differential Revision: https://secure.phabricator.com/D8630
2014-03-29 09:14:08 -07:00
epriestley
4f26b8ffcf Remove "Release Counter" from Releeph
Summary: Fixes T3658. This field doesn't make much sense and doesn't appear to ever have actually been implemented. Particularly, the `%N` pattern doesn't actually work and I can't find anything which actually calls this stuff or exposes it externally. Facebook doesn't use it (see T3658) and I don't think it's useful in general.

Test Plan: Used `grep` to look for stuff, edited a project.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T3658

Differential Revision: https://secure.phabricator.com/D8628
2014-03-29 09:13:45 -07:00
Chad Little
cc626b0306 Add pager to all Audit Views
Summary: Fixes T1153, removes the "active" restriction from pagination

Test Plan: Bring up audit, test pager exists, and doesn't exist when needed

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: aik099, epriestley, Korvin

Maniphest Tasks: T1153

Differential Revision: https://secure.phabricator.com/D8643
2014-03-29 08:43:17 -07:00
Bob Trahan
44942f3378 Fix help menu links for folks with diviner uninstalled
Summary: move code to uninstallable help app rather than diviner. Fixes T4690.

Test Plan: uninstalled diviner, noted no links, then moved the code and suddenly helpful help links showed up once more.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4690

Differential Revision: https://secure.phabricator.com/D8638
2014-03-28 13:41:19 -07:00
Bob Trahan
8d41d9d8f8 Fix Maniphest links w.r.t. new "status" data format
Summary: 0 => imploded string of hotness.  Fixes T4689

Test Plan: for each spot i fixed, clicked link and it worked! (I did a grep for "/maniphest" to find these spots; 98% confident I got them all.)

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4689

Differential Revision: https://secure.phabricator.com/D8626
2014-03-28 12:59:09 -07:00
epriestley
6324eff8a7 Update HTTPS docs for https.blindly-trust-domains
Summary: The doc is no longer entirely accurate.

Test Plan: Reading.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8627
2014-03-27 19:11:15 -07:00
Chad Little
c3146abc8f Major timeline redesign
Summary: OMG We Have TOKENS

Test Plan: TOKENS, also UIExamples

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin, chad

Differential Revision: https://secure.phabricator.com/D8624
2014-03-27 14:24:31 -07:00
Bob Trahan
de2da8355b Workboards - make priority changes less aggressive and generally better
Summary: Fixes T4641.

Test Plan: Dragged a "normal" task between "high" and "low" tasks and it stayed as "normal". Generally seems correct when playing around.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: mbishopim3, Beltran-rubo, epriestley, Korvin

Maniphest Tasks: T4641

Differential Revision: https://secure.phabricator.com/D8622
2014-03-27 10:50:54 -07:00
Bob Trahan
655ac9927f Workboards - add column detail page
Summary: followup to D8544. This ends up creating an editor + transactions to get the job done.

Test Plan: made a column - saw a nice created transaction. edited the name - saw a nice name edit. deleted the column - saw a deleted transaction, updated "deleted" ui, and hte action change to activate. "Activated" the column and saw a transaction and updated UI. Tried to delete a column with tasks in it and got an error.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8620
2014-03-26 14:40:47 -07:00
epriestley
1aad40b7bf Allow users to receive email about pushes via Herald
Summary:
Fixes T4677. Implements a "send an email" pre-receive action, which sends push summaries.

For use cases where features are often pushed as a large number of commits (e.g., checkpoint commits are retained), using commit emails means users get a ton of email. Instead, this allows you to get an email about a push, which summarizes what changed.

Overall, this is basically the same as commit email, but more suitable for some workflows.

Test Plan:
Wrote some rules, then made a bunch of pushes. Got email like this:

{F134929}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4677

Differential Revision: https://secure.phabricator.com/D8618
2014-03-26 13:51:15 -07:00
epriestley
75c47c6ae0 Provide an "event" page for push logs, which shows details on all events in a given push
Summary:
Ref T4677. This shows a more detailed view of an entire "git push", "hg push", or "svn commit".

This is mostly to give push summary emails a reasonable, stable URI to link to for T4677.

Test Plan:
  - Pushed into SVN, Git and Mercurial.
  - Viewed partial and imported event records.

{F134864}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4677

Differential Revision: https://secure.phabricator.com/D8616
2014-03-26 13:51:09 -07:00
epriestley
a5f55d506f Provide a real object ("PhabricatorRepositoryPushEvent") to represent an entire push transaction
Summary:
Ref T4677. Currently, we record individual actions in a push as PhabricatorRepositoryPushLogs, but tie them together only loosely with a `transactionKey`.

Provide a real PushEvent object, and move some of the denormalized fields to it. This primarily just gives us more robust infrastructure for building, e.g., email about pushes, for T4677, since we can act on real PHIDs rather than passing awkward identifiers around.

Test Plan:
  - Performed migration.
  - Looked at database for consistency.
  - Browsed/queried push logs.
  - Pushed a bunch of stuff.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4677

Differential Revision: https://secure.phabricator.com/D8615
2014-03-26 13:51:06 -07:00
epriestley
c828160c22 Minor, fix a constant in PhabricatorRepositoryEditor
See <https://github.com/facebook/phabricator/pull/554>
2014-03-26 10:45:48 -07:00
epriestley
2e0301d647 Update repository hosting documentation for all the issues users have hit
Summary:
Ref T4151. Addresses these issues:

  - Mentions `diffusion.ssh-user`.
  - Mentions `/etc/shadow` and `!!`.
  - Mentions `/etc/passwd` and shell.
  - Mentions `sshd -d -d -d`.
  - Mentions `Defaults requiretty`.
  - Adds `AllowUsers` to default configuration.
  - Mentions `sudo -E ...` as a troubleshooting step.
  - Mentions multiple VCS binaries.
  - Fixes `sshd` paths to be absolute.
  - Fixes example path in `sshd_config` template.
  - Mentions `GIT_CURL_VERBOSE`.
  - Walks users through cloning.
  - Adds documentation for custom hooks.
  - Mentions that only `daemon-user` interacts with repositories.
  - Added general troubleshooting guide.

I didn't fix these:

  - Weird one-time issue with `sudoers.d/`. We tell you to edit `/etc/sudoers` directly anyway.
  - Insane `#includedir` magic, as above.
  - Confusion around `vcs-user` for HTTP, since I think this is fairly clear.
  - Confusion around parent directory permissions -- not sure about this one, `sshd` normally runs as root?

I added an `ssh-shell` as a safer alternative to `/bin/sh`. I need to test this a bit more.

Test Plan:
  - Read documentation.
  - Will test `ssh-shell`.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: bluehawk, mbishopim3, epriestley

Maniphest Tasks: T4151

Differential Revision: https://secure.phabricator.com/D8586
2014-03-26 06:44:18 -07:00
James Rhodes
fc3b5ddce6 Prevent buildable list in Harbormaster from breaking when container or buildables are missing
Summary: Ref T1049.  I'm fair sure this is just a case of bad data in my local install, but we probably don't want the default page for Harbormaster to break when there's invalid / missing container or buildable handles on any of the builds.

Test Plan: Loaded the page, didn't get a crash due to null reference.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: demo, epriestley, Korvin

Maniphest Tasks: T1049

Differential Revision: https://secure.phabricator.com/D8608
2014-03-25 17:35:49 -07:00
epriestley
e8e12910a7 Implement a "credential" standard custom field
Summary: Ref T4590. Ref T1049. This is primarily intended to support HTTP auth in Harbormaster.

Test Plan: Added a field, edited it, etc.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4590, T1049

Differential Revision: https://secure.phabricator.com/D8607
2014-03-25 16:13:27 -07:00
epriestley
acfc3c3e5d Add an "instructions" key to custom fields
Summary: Ref T1049. I'm planning to use this in Harbormaster custom fields shortly.

Test Plan: {F133843}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T1049

Differential Revision: https://secure.phabricator.com/D8606
2014-03-25 16:12:49 -07:00
epriestley
6e3c17e6f9 Don't create invalid build steps while adding them
Summary:
Ref T1049. Currently, the "add" dialog lets you select a build step type, but then immediately creates one. If you "cancel" from the edit screen, you end up with an empty (and almost certainly invalid) build step.

Instead, don't create the step until it's valid.

Test Plan: Add Step -> Pick Type -> Add Step -> Cancel no longer creates empty step.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T1049

Differential Revision: https://secure.phabricator.com/D8605
2014-03-25 16:12:05 -07:00
epriestley
d6b937ca27 Allow external systems to send messages to build targets
Summary:
Ref T1049. Allows external systems to send a message to a build target. The primary intended use case is:

  - You make an HTTP request to Jenkins.
  - The build goes into a "waiting" state.
  - Later, Jenkins calls `harbormaster.sendmessage` to report that the target passed or failed.
  - The build continues as appropriate.

This is deceptively complicated because:

  - There are a lot of race concerns. We might get a message back from an external system before it even responds to the request we made. We want to make sure we process these messages no matter when we receive them.
  - These messages need to be sent to a build target (vs a build or buildable) because we'll get into trouble with parallelization later on otherwise (Jenkins is told to do 3 builds; we can't tell which ones failed or what overall state is unless the message are sent to targets).
  - I initially thought about implementing this as a separate "Wait for a response from an external system" build step. This gets a lot more complicated for users once we do parallelization, though. Particularly, in the case where you've told Jenkins to do 3 builds, the three "wait" steps need to know which target they're waiting for (and jenkins needs to know some unique identifier for each target). So this pretty much boils down to a more complicated, more error-prone version of using target PHIDs.

This makes the already-muddy Build UI a bit worse, but it needs a general clarity pass anyway (it's showing way too much uninteresting data, and should show a better summary of results instead).

Test Plan:
  - This doesn't really do anything interesting yet.
  - Used Conduit to send messages to build plans.
  - Viewed the messages on the build screen.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T1049

Differential Revision: https://secure.phabricator.com/D8604
2014-03-25 16:11:28 -07:00
epriestley
25f91567a7 Make various minor Harbormaster UI improvements
Summary: Ref T1049. Tweaks some of the UI and code to improve / clean it up a bit.

Test Plan: Ran build plans, browsed UI.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T1049

Differential Revision: https://secure.phabricator.com/D8603
2014-03-25 16:10:50 -07:00
epriestley
cec8d10731 Rename concrete Harbormaster step implementations
Summary: Ref T1049. For consistency, rename these to "Harbormaster...".

Test Plan: Ran migration, ran builds, everything still works fine.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T1049

Differential Revision: https://secure.phabricator.com/D8602
2014-03-25 16:09:51 -07:00
epriestley
281f06e281 Rename "BuildStepImplementation" to "HarbormasterBuildStepImplementation"
Summary: Ref T1049. D8588 already required custom code to change what it extends, so this is as good a time as we're going to get to move to more standard class name.

Test Plan: `arc liberate`; `arc lint`

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T1049

Differential Revision: https://secure.phabricator.com/D8601
2014-03-25 16:09:21 -07:00
epriestley
a246c85c6b Use ApplicationTransactions and CustomField to implement build steps
Summary:
Ref T1049. Fixes T4602. Moves all the funky field stuff to CustomField. Uses ApplicationTransactions to apply and record edits.

This makes "artifact" fields a little less nice (but still perfectly usable). With D8599, I think they're reasonable overall. We can improve this in the future.

All other field types are better (e.g., fixes weird bugs with "bool", fixes lots of weird behavior around required fields), and this gives us access to many new field types.

Test Plan:
Made a bunch of step edits. Here's an example:

{F133694}

Note that:

  - "Required" fields work correctly.
  - the transaction record is shown at the bottom of the page.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4602, T1049

Differential Revision: https://secure.phabricator.com/D8600
2014-03-25 16:08:40 -07:00
epriestley
72337dedaf Make Harbormaster input and output artifacts more explicit
Summary:
Ref T1049. In Harbormaster, build steps may have various inputs (like a host they should run on) and outputs (like a reference to an uploaded file).

  - Currently, inputs aren't defined anywhere (except implicitly at runtime).
    - Instead, define inputs explicitly.
  - Currently, outputs are defined in a way that loses information when misconfigured (the keys will collide).
    - Instead, define inputs and outputs so they work whether a step is configured correctly or not.
  - Currently, there's no simple way to see a step's inputs and outputs.
    - Add some UI for this.
  - Currently, reordering steps has some surprising side effects.
    - Instead of invalidating steps after reordering them, validate them at display time and warn the user.

Test Plan:
{F133679}
{F133680}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley, chad

Maniphest Tasks: T1049

Differential Revision: https://secure.phabricator.com/D8599
2014-03-25 16:02:34 -07:00
epriestley
5b74fa0a75 Make all build steps support variables
Summary: Ref T1049. This generally simplifies things. The steps which don't support variables generally don't make sense to support varaibles anyway.

Test Plan: Edited some steps.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T1049

Differential Revision: https://secure.phabricator.com/D8588
2014-03-25 16:02:07 -07:00
epriestley
ed2e12047a Downgrade accepts on "request changes", and make sticky accepts optional
Summary:
Fixes T3202. This fixes a couple of workflow issues:

  - Accepted Revision -> Request Review. Currently this stays "accepted" due to sticky rules being too aggressive, but should transition to "needs review".
  - Accepted Revision -> Plan Changes -> Request Review. Currently this stays "accepted". I think this behavior is correct, and have retained it. (In this case, you don't update the revision, you just "undo" your plan changes.) You can "Request Review" again to get back to "Needs Review".

Then implements a "sticky accept" switch:

  - When off, updates downgrade accepts.
  - When off, "request review" always downgrades accepts.

Test Plan:
  - Went through all (I think?) of the plan changes / request review / accept / update workflows, with sticky accept on and off.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3202

Differential Revision: https://secure.phabricator.com/D8614
2014-03-25 15:41:07 -07:00
epriestley
8e88187835 Allow filtering of "date" custom fields
Summary: Ref T4663. Ref T4659. Allows "date" fields to be filtered with range parameters.

Test Plan:
  - Added a custom "date" field with "search".
  - Populated some values.
  - Searched for dates using new range filters.
  - Combined date search with other searches.
  - Ran other searches independently.
  - Inspected the generated queries.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: shadowhand, epriestley

Maniphest Tasks: T4659, T4663

Differential Revision: https://secure.phabricator.com/D8598
2014-03-25 14:21:32 -07:00
epriestley
17dee98d32 Add a one-click "Scuttle Task" button to Maniphest
Summary: Fixes T4657. See that task for discussion of edge cases.

Test Plan: {F132941}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: chad, carl, epriestley

Maniphest Tasks: T4657

Differential Revision: https://secure.phabricator.com/D8590
2014-03-25 14:20:25 -07:00
epriestley
9ca86b69b7 Make Maniphest task statuses user configurable
Summary: Fixes T1812. Moves the internal configuration into public space and documents it.

Test Plan:
  - Tried to set it to some invalid stuff.
  - Set it to various valid things.
  - Browsed around, changed statuses, filtered statuses, viewed statuses, merged duplictes, examined transaction record, created tasks.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T1812

Differential Revision: https://secure.phabricator.com/D8585
2014-03-25 14:05:36 -07:00
epriestley
7713fb5d99 Add config validation for task status config
Summary: Ref T1812. This still doesn't expose configuration to the user, but adds validation for it.

Test Plan: Added a pile of unit tests.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T1812

Differential Revision: https://secure.phabricator.com/D8584
2014-03-25 14:04:51 -07:00
epriestley
07fdcde87e Provide viewer to CustomFields in ApplicationSearch
Summary: Fixes T4663.

Test Plan:
Added a custom field which accesses the viewer's username.

{F133249}

Reviewers: carl, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4663

Differential Revision: https://secure.phabricator.com/D8595
2014-03-25 14:02:18 -07:00
epriestley
2547a222d8 Guarantee that fields copied from diffs persist on revisions
Summary:
Fixes T4636. Currently, we copy fields from the diff to the revision during the external effect phase, but there's no guarantee that we persist the object after this phase.

(In practice, when Herald rules trigger they cause the object to persist on this install, which is why we don't see this issue.)

Instead, move the field copies to the internal phase, where persistence is guaranteed.

Also consolidate some of the diff loading.

Test Plan: Ran `arc diff`.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: mbishopim3, epriestley

Maniphest Tasks: T4636

Differential Revision: https://secure.phabricator.com/D8610
2014-03-25 14:01:38 -07:00
epriestley
150a3adf2c Minor UI improvements for Harbormaster
Summary: Ref T1049. Makes some minor UI tweaks.

Test Plan: Looked at UI.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T1049

Differential Revision: https://secure.phabricator.com/D8587
2014-03-25 13:59:43 -07:00
epriestley
62e3463ab7 Show primary email in approval queue interface
Summary:
Request from @csilvers. When approving users, the primary email address is useful for administrators.

(This queue is only accessible by administrators, so this doesn't expose email information in general.)

Test Plan: {F132912}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: shadowhand, csilvers, epriestley

Differential Revision: https://secure.phabricator.com/D8589
2014-03-25 13:59:01 -07:00
epriestley
0a76d82a7c Use string constants, not integer constants, to represent task status internally
Summary:
Ref T1812. I think integer constants are going to be confusing and error prone for users to interact with. For example, because we use 0-5, adding a second "open" status like "needs verification" without disrupting the existing statuses would require users to define a status with, e.g., constant `6`, but order it between constants `0` and `1`. And if they later remove statuses, they need to avoid reusing existing constants.

Instead, use more manageable string constants like "open", "resolved", etc.

We must migrate three tables:

  - The task table itself, to update task status.
  - The transaction table, to update historic status changes.
  - The saved query table, to update saved queries which specify status sets.

Test Plan:
  - Saved a query with complicated status filters.
  - Ran migrations.
  - Looked at the query, at existing tasks, and at task transactions.
  - Forced migrations to run again to verify idempotentcy/safety.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T1812

Differential Revision: https://secure.phabricator.com/D8583
2014-03-25 13:58:14 -07:00
epriestley
47d6d0bbad Drive Maniphest statuses with internal pseudo-configuration
Summary: Ref T1812. Without actually exposing configuration, this moves all status information into a config-like chunk of data which can later be exposed to human editors.

Test Plan:
  - Made a bunch of status changes.
  - Merged duplicates.
  - Created task.
  - Viewed feed, transaction record, etc.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T1812

Differential Revision: https://secure.phabricator.com/D8582
2014-03-25 13:56:45 -07:00
epriestley
fdc7b8672b Internalize Maniphest task status colors
Summary: Ref T1812. These are a bit fluff and don't make too much sense to make configurable, at least for now.

Test Plan: Grepped for external callers.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T1812

Differential Revision: https://secure.phabricator.com/D8581
2014-03-25 13:56:11 -07:00
epriestley
2a6d930480 Despecialize status handling in Maniphest Reports
Summary: Ref T1812. This is mega gross but Facts is too far away to do this right for now.

Test Plan:
bleh gross

Looked at reports, saw same data as before.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T1812

Differential Revision: https://secure.phabricator.com/D8580
2014-03-25 13:49:33 -07:00
epriestley
33bda2d590 Despecialize most task status handling
Summary: Ref T1812. Moves most specialized status handling into `ManiphestTaskStatus`. The only real missing case is reports.

Test Plan:
Browsed most of the affected interfaces. Changed task status:

{F132697}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T1812

Differential Revision: https://secure.phabricator.com/D8579
2014-03-25 13:47:42 -07:00
epriestley
750c872839 Update Google auth documentation to discuss "Google+ API" and new console URI
Summary: Fixes T4451. See also D8612.

Test Plan: Viewed panel and read text, saw it matched up with the new console.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4451

Differential Revision: https://secure.phabricator.com/D8613
2014-03-25 13:36:47 -07:00
epriestley
beccedb57c Make the "NOTE:" text bold and slightly darker
Summary: See screenshot. This does look like an improvement to me.

Test Plan: {F133255}

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley, chad

Differential Revision: https://secure.phabricator.com/D8597
2014-03-22 18:06:46 -07:00
epriestley
9c872749a0 Restore psyduck to his proper place
Summary: Fixes T4665. The "attachable" logic was a little off after a recent change.

Test Plan: With and without a profile image, viewed a page.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T4665

Differential Revision: https://secure.phabricator.com/D8594
2014-03-22 12:15:13 -07:00
Chad Little
8fb227d352 Update Remarkup Note Styles
Summary: Update notes, important, and warnings to look different than codeblocks.

Test Plan: test in diviner and legalpad

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin, chad, avivey

Differential Revision: https://secure.phabricator.com/D8592
2014-03-21 21:42:39 -07:00
epriestley
ae03cb7fff Issue a proper 404 when trying to edit nonexistent events
Summary: We'll fatal a little later here when trying to call methods. 404 instead.

Test Plan: Visited `/calendar/event/edit/9999999/` or similar.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8591
2014-03-21 19:11:48 -07:00
epriestley
d8713f6f0b Make dialogs a little easier to use
Summary:
  - Dialog pages currently have no titles or crumbs, and look shoddy. Add titles and crumbs.
  - Dialog titles aren't always great for crumbs, add an optional "short title" for crumbs.
  - `AphrontDialogResponse` is pure boilerplate. Allow controllers to just return a `DialogView` instead and get the same effect.
  - Building dialogs requires a bit of boilerplate, and we generally construct them with no explicit `"action"`, which has some issues with T4593. Provide a convenience method to set the viewer and get a reasonable, explict submit URI.

Test Plan:
  - Viewed dialog on its own.
  - Viewed dialog as a dialog.

{F132353}

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8577
2014-03-21 14:40:05 -07:00
epriestley
03c6bf0d09 Make Herald less ambitious about resolving repositories for revisions
Summary:
Fixes T4636. If a user manually deletes a "repository" setting from a revision, Herald attempts to resolve it. Instead, Herald should now just trust Differential. Generally, the new logic is:

  - When diffs are created, figure out repository information.
  - When revisions are updated, copy info from diffs.
  - Everywhere else, just trust the revision field.

Test Plan:
  - Created revisions.
  - Used Herald to dry-run revisions before and after a manual edit to remove the repository setting.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4636

Differential Revision: https://secure.phabricator.com/D8576
2014-03-21 14:39:56 -07:00
epriestley
70ed1ff7d0 Use standard UI kit on project member page
Summary: Fixes T4400. Removes very, very old "PhabricatorObjectListView", which was only used here.

Test Plan: {F132249}

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley, chad

Maniphest Tasks: T4400

Differential Revision: https://secure.phabricator.com/D8574
2014-03-19 19:30:27 -07:00
epriestley
cebc7f4e8b Show profile pictures in subscribers dialog
Summary: Ref T4400. Also stops rendering "and 1 other" in subscriber lists, since it looks a bit silly in practice (we can just put the other subscriber there instead). Don't do the "and x others" until X is at least 2.

Test Plan: Viewed/clicked subscriber lists and transactions.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4400

Differential Revision: https://secure.phabricator.com/D8573
2014-03-19 19:29:48 -07:00
epriestley
ef01aef45a Show user profile images on User list
Summary: Ref T4400. Same deal as projects. Tweaked the CSS a touch to make it look better in these views.

Test Plan: Viewed /people/.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley, chad

Maniphest Tasks: T4400

Differential Revision: https://secure.phabricator.com/D8571
2014-03-19 19:28:04 -07:00
epriestley
55d315a577 Show project profile images in project list view
Summary: Ref T4400. Adds project images to spice this UI up a bit.

Test Plan: Looked at list.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4400

Differential Revision: https://secure.phabricator.com/D8570
2014-03-19 19:27:37 -07:00
epriestley
221222ad7a Lock "security.require-https" from web edits
Summary: This can be used to lock yourself out of an instance, so prevent web edits.

Test Plan: Loaded page, wasn't web-editable.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8572
2014-03-19 19:27:04 -07:00
epriestley
3d639f5f98 Allow ObjectItemListView to show profile images
Summary: Ref T4400. Adds `setImageURI()` for object card/items.

Test Plan:
{F132229}

Also tested mobile.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley, chad

Maniphest Tasks: T4400

Differential Revision: https://secure.phabricator.com/D8569
2014-03-19 19:26:24 -07:00
epriestley
b8fafdbd90 Fix Passphrase cancel URI
Summary: The "Cancel" button on the "Edit Credential" interface doesn't go back to the "View Credential" interface for existing credentials.

Test Plan: Clicked "Cancel" on both "create" and "edit" workflows.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8568
2014-03-19 19:25:31 -07:00
Ben Alpert
7eaba7baff Fix typo
Test Plan: Crossed fingers.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8566
2014-03-19 05:13:30 -07:00
epriestley
833b8a78d8 Reload subscribers before sending mail, etc
Summary: Fixes T4629. CCs added by Herald don't get added to the cached subscriber list. Just reload subscribers before sending mail to pick up effects.

Test Plan: Created an "always add X as CC" Herald rule for revisions, created a revision, saw them get initial mail.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: spicyj, epriestley

Maniphest Tasks: T4629

Differential Revision: https://secure.phabricator.com/D8565
2014-03-18 16:01:21 -07:00
epriestley
5721560663 Use modern UI for OAuthServer details page
Summary: Mostly just UI updates and policy enforcement. Improves error message when trying to authorize an already-authorized application.

Test Plan:
{F131584}

{F131585}

{F131586}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8564
2014-03-18 15:39:45 -07:00
epriestley
1534033664 Use ApplicationSearch in OAuthServer
Summary: Update the infrastructure and UI of the client list.

Test Plan: {F131570}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8563
2014-03-18 13:31:04 -07:00
epriestley
34c890b7e1 Use modern UI and policies in OAuth client editing
Summary:
Updates this stuff a bit:

  - Add a global create permission for OAuth applications. The primary goal is to reduce attack surface area by making it more difficult for an adversary to do anything which requires that they create and configure an OAuth application/client. Normal users shouldn't generally need to create applications, OAuth is complex, and doing things with user accounts is inherently somewhat administrative.
  - Use normal policies to check create and edit permissions, now that we have infrastructure for it.
  - Use modern UI kit.

Test Plan:
  - Created a client.
  - Edited a client.
  - Tried to create a client as a non-admin.
  - Tried to edit a client I don't own.

{F131511}

{F131512}

{F131513}

{F131514}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8562
2014-03-18 13:30:48 -07:00
epriestley
995a890565 Make OAuth client authorizations a Settings panel
Summary: This modernizes and simplifies OAuth client authorizations a bit, moving them to a settings panel similar to the "Sessions" panel.

Test Plan:
  - Viewed authorizations.
  - Revoked an authorization.
  - Created a test authorization.

{F131196}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8561
2014-03-18 13:28:19 -07:00
epriestley
8909f8ec59 Modernize OAuthServer PHIDs and Queries
Summary:
  - Modernize PHID types.
  - Implement `PhabricatorPolicyInterface`.
  - Make queries policy aware.

Test Plan: Browsed client and authorization lists.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: chad, epriestley

Differential Revision: https://secure.phabricator.com/D8560
2014-03-18 13:27:55 -07:00
epriestley
a2a4f4b3da Fix validation of Harbormaster HTTP methods
Summary: Precedence here was mucked up.

Test Plan: Plan with no explicit "method" now defaults to POST correctly.

Reviewers: dctrwatson, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8559
2014-03-18 12:05:14 -07:00
Bob Trahan
809e5a0389 Workboards - let users delete columns
Summary: Fixes T4408. I had to add a "status" to colum. I think we'll need this once we get fancier anyway but for now we have "active" and deleted.

Test Plan: deleted a column. noted reloaded workboard with all those tasks back in the default colun. loaded a task and saw the initial transaction had a "Disabled" icon next to the deleted workboard. also saw the new transaction back to the default column worked.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4408

Differential Revision: https://secure.phabricator.com/D8544
2014-03-18 10:40:31 -07:00
epriestley
1e8ed3e5ff Treat "request review" more like an update
Summary:
After "reject; plan changes; request review", revisions go back to "needs revision". Instead, they should remain in "needs review" (the reviewers need to review comments on the "request review", in the normal case). Generally, "request reivew" should act a lot like "update", just not actually change the diff.

To accomplish this, downgrade reviewers on "request review" to "rejected older", just like we would on an update.

Test Plan: Did "reject; plan; request", revision ended in "needs review". Rejected it into "needs revision"; updated it into "needs review".

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: dctrwatson, epriestley

Differential Revision: https://secure.phabricator.com/D8558
2014-03-17 18:19:42 -07:00
epriestley
5b2887b69b Add "Date Updated" query fields for Maniphest
Summary:
Fixes T4637.

  - We already allow you to order by this column but don't have a key on it. Add one.
  - Expose UI for querying on ranges.

Test Plan:
  - Ran some queries, got reasonable-looking results and no table scans.

Reviewers: btrahan, bigo

Reviewed By: bigo

Subscribers: bigo, epriestley

Maniphest Tasks: T4637

Differential Revision: https://secure.phabricator.com/D8557
2014-03-17 15:53:07 -07:00
epriestley
ba8925a531 Support multiple LDAP filters in the Phabricator UI
Summary: Ref T3208. Not ready for prime time yet.

Test Plan: ldap T.T

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley, frgtn, aran

Maniphest Tasks: T3208

Differential Revision: https://secure.phabricator.com/D8160
2014-03-17 15:08:30 -07:00
epriestley
7167a729bf Fail more gracefully when rendering transcripts if handle is missing
Summary: Fixes T4628. I can only partially reproduce the root cause here, but if transcript display rules aren't quite right we should just degrade here rather than fatalling. Transcripts are a messy business by any measure.

Test Plan: Sort-of-reproing transcript renders OK now.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4628

Differential Revision: https://secure.phabricator.com/D8554
2014-03-17 15:02:10 -07:00
epriestley
aea624118b Allow users to terminate login sessions
Summary:
This is partly a good feature, and partly should reduce false positives on HackerOne reporting things vaguely related to this.

Allow a user to terminate login sessions from the settings panel.

Test Plan:
  - Terminated a session.
  - Terminated all sessions.
  - Tried to terminate all sessions again.
  - Logged in with two browsers, terminated the other browser's session, reloaded, got kicked out.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8556
2014-03-17 15:02:01 -07:00
epriestley
38cc38eaf6 Modernize documentation links
Summary:
  - Point them at the new Diviner.
  - Make them a little less cumbersome to write.

Test Plan: Found almost all of these links in the UI and clicked them.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8553
2014-03-17 15:01:31 -07:00
epriestley
039b8e43b9 Whitelist allowed editor protocols
Summary:
This is the other half of D8548. Specifically, the attack here was to set your own editor link to `javascript\n:...` and then you could XSS yourself. This isn't a hugely damaging attack, but we can be more certain by adding a whitelist here.

We already whitelist linkable protocols in remarkup (`uri.allowed-protocols`) in general.

Test Plan:
Tried to set and use valid/invalid editor URIs.

{F130883}

{F130884}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8551
2014-03-17 13:00:37 -07:00
epriestley
ced70f6b32 Make install documentation more clear about Windows support
Summary: See D8549.

Test Plan: {F129985}

Reviewers: chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8550
2014-03-16 13:00:20 -07:00
epriestley
b3b0ef3647 Use viwer-based checks for application visibility when rendering home elements
Summary:
Fixes T4619. Currently, even if a viewer can't see Maniphest, they'll still see empty panels on the home page. These panels will always be empty so there's no real policy violation, but it's confusing.

Longer term, dashboards should fix this.

Test Plan: Viewed home page with a user with and without permissions on the apps.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4619

Differential Revision: https://secure.phabricator.com/D8545
2014-03-15 11:28:02 -07:00
epriestley
69eab4196d Use modern ApplicationTransactions "no effect" stuff in Maniphest
Summary: Fixes T912. This was very nearly working, it just needed a little tweaking on the last mile.

Test Plan:
Made updates with no effect, and updates with an effect. Made a no-effect update and posted just the comment part.

{F129037}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T912

Differential Revision: https://secure.phabricator.com/D8543
2014-03-14 15:13:51 -07:00
epriestley
3bea0958dd Always link to "#5" (not "#comment-5") for "T123#5"
Summary:
Fixes T3976. Long ago, some applications used "#comment-5" instead of "#5" for transaction/comment anchors. Now everything (I think?) uses "#5"; this is the style used by ApplicationTransactions.

This might break some very old, explcit `T123#comment-5` links, or off-site links to the `comment-N` anchors, but all that stuff generally got renumbered when we migrated anyway and getting you to the right object is like 95% of the job.

Test Plan: Verified that `T123#5` now links to `#5`.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3976

Differential Revision: https://secure.phabricator.com/D8542
2014-03-14 14:50:40 -07:00
epriestley
7be740cd30 Modernize CustomField documentation
Summary: Fixes T4102. Document all the new stuff that CustomField supports now, and all the applications you can use it with.

Test Plan: Generated and read documentation.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4102

Differential Revision: https://secure.phabricator.com/D8541
2014-03-14 14:50:27 -07:00
epriestley
8797c3ad0b Partly update the .arcconfig documentation
Summary: This needs more updates after .arclint is ready to use, but should fix most of the biggest issues.

Test Plan: Generated and read it.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8539
2014-03-14 14:33:53 -07:00
epriestley
60d8dc813e Document the security vulnerability reporting policy
Summary: Fixes T2791. I'm happy with HackerOne, so this pretty much just says "use HackerOne".

Test Plan:
{F128995}

  - Clicked all the links.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T2791

Differential Revision: https://secure.phabricator.com/D8538
2014-03-14 14:33:41 -07:00
epriestley
559c0fe886 Tune cookie behaviors for 'phcid', 'phreg', etc
Summary:
Fixes T3471. Specific issues:

  - Add the ability to set a temporary cookie (expires when the browser closes).
  - We overwrote 'phcid' on every page load. This creates some issues with browser extensions. Instead, only write it if isn't set. To counterbalance this, make it temporary.
  - Make the 'next_uri' cookie temporary.
  - Make the 'phreg' cookie temporary.
  - Fix an issue where deleted cookies would persist after 302 (?) in some cases (this is/was 100% for me locally).

Test Plan:
  - Closed my browser, reopned it, verified temporary cookies were gone.
  - Logged in, authed, linked, logged out.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3471

Differential Revision: https://secure.phabricator.com/D8537
2014-03-14 14:33:31 -07:00
Bob Trahan
3ff9f5f48a Transactions - add "and X others" dialog support to application transactions
Summary: Fixes T4430. Basically does a little code massage from the new stuff in D8525 and application transactions to get this working. Adds a new controller to the subscriptions app to make rendering these pretty easy peasy.

Test Plan: Used my test task in D8525 to verify both add and rem versions of these dialogs worked correctly.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, chad, Korvin

Maniphest Tasks: T4430

Differential Revision: https://secure.phabricator.com/D8540
2014-03-14 14:27:45 -07:00
epriestley
6b4887ab22 Improve error and large file handling in thumbnailing
Summary:
Ref T2479, T4406. We should do a better job of (a) handling image processing errors and (b) declining to process large image files.

This fixes the worst of it, which is that users can upload huge GIFs with a large number of frames and hang a `convert` process for a long time, eating a CPU and a pile of memory.

This code is still pretty iffy and needs some more work. A near-term product goal for it is supporting 100x100 profile images.

Test Plan: Uploaded large and small GIFs, after setting the definition of "enormous" to be pretty small. Saw the small GIFs thumbnail into animated GIFs, and the large ones thumbnail into static images.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T2479, T4406

Differential Revision: https://secure.phabricator.com/D8536
2014-03-14 11:53:49 -07:00
epriestley
48910537b9 Fix rendering of comments deleted by editing
Summary:
Fixes T4609. Steps are:

  - Make a comment.
  - Edit it.
  - Delete all the text.

We expect to see "This comment has been deleted." -- instead, things currently render goofy.

Root cause is that `hasComment()` means both "comment object exists" //and// "comment object is nonempty".

Test Plan: {F128862}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: aran, epriestley

Maniphest Tasks: T4609

Differential Revision: https://secure.phabricator.com/D8533
2014-03-14 11:53:30 -07:00
epriestley
838f781285 Add a robots.txt file to disallow /diffusion/
Summary:
Fixes T4610. Open to suggestions, etc., if there's anything I'm missing.

Also:

  - Moves these "system" endpoints into a real application.
  - Makes `isUnlisted()` work a little more consistently.

Test Plan: Accessed `/robots.txt`, `/status/` and `/debug/`.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: aran, epriestley

Maniphest Tasks: T4610

Differential Revision: https://secure.phabricator.com/D8532
2014-03-14 11:53:17 -07:00
epriestley
efcca310c2 In Differential mail, hide "summary" if empty and show "test plan" if nonempty
Summary:
Ref T4481. Summary is optional, but we currently always render it.

We previously rendered TEST PLAN. I wanted to see if anyone missed it. I miss it a little bit, and it sounds like @spicyj misses it. Restore it.

Test Plan:
  $ ./bin/mail show-outbound --id 15232
  ...
  BODY
  epriestley created this revision.
  epriestley added reviewers: The Bureaucracy, duck.
  epriestley added a subscriber: duck.

  TEST PLAN
    more j

  REVISION DETAIL
    http://local.aphront.com:8080/D1042

  AFFECTED FILES
    number_j.txt

  CHANGE DETAILS
    Index: number_j.txt
    ===================================================================
    --- number_j.txt
    +++ number_j.txt
    @@ -137,3 +137,4 @@
     j
     j
     j
    +j

  To: epriestley, duck, Sebastiangarcia, Ahmedsmoore, nathanhthomas, chewnicorn
  Cc: duck

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: aran, epriestley, spicyj

Maniphest Tasks: T4481

Differential Revision: https://secure.phabricator.com/D8531
2014-03-14 11:53:06 -07:00
epriestley
f54bc8ae58 Add "Send an email" action to Herald for Maniphest
Summary: Fixes T4403. Supports the "send an email" action in Maniphest.

Test Plan: Wrote a "email duck" rule, then commented on a task and saw "duck" get an email.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: aran, epriestley

Maniphest Tasks: T4403

Differential Revision: https://secure.phabricator.com/D8529
2014-03-14 11:52:31 -07:00
epriestley
b168ee116b Fix "Send an email to" Herald rule for Differential
Summary: Herald returns a map of `phid => true`. This is unintuitive and should probably be cleaned up eventually.

Test Plan: With a "Send an email to" rule, updated a revision and saw no error in error log.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: aran, epriestley

Differential Revision: https://secure.phabricator.com/D8527
2014-03-14 11:52:16 -07:00
epriestley
ab117c2baf Fix "arc diff --verbatim" when updating a revision
Summary: Fixes T4601. The "Differential Revision" field needs to be present in the "editable" version of the message so that `--verbatim` works correctly. Some day all of this might get rewritten to be a little easier to follow, maybe, but keep things working properly for now.

Test Plan: Used `arc diff`, `arc diff --edit`, `arc diff --verbatim`

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: aran, epriestley

Maniphest Tasks: T4601

Differential Revision: https://secure.phabricator.com/D8526
2014-03-14 11:50:22 -07:00
Bob Trahan
c7079b52a2 Subscriptions - make a dialog for massive subscription lists
Summary: Ref T4430. This just deploys it on the property lists. (Help on how to do translations better? I tried a more traditional pht('%s, %s, %s, and %d other(s)') but I think the string lookup assumes the %d comes as the second param or something?)

Test Plan: Made a Maniphest Task with a hojillion subscribers and noted the working dialogue. Also made a Pholio Mock with lots of subscribers and it worked.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: aran, epriestley, Korvin, chad

Maniphest Tasks: T4430

Differential Revision: https://secure.phabricator.com/D8525
2014-03-14 11:22:00 -07:00
epriestley
f1637961e7 Forbid "." and ".." in slugs
Summary: Fixes T4614. These don't do anything bad or dangerous, but generate unusable pages.

Test Plan:
  - Added and executed unit tests.
  - Tried to create pages like `/../`, `/begin/../end/`, etc.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: aran, epriestley

Maniphest Tasks: T4614

Differential Revision: https://secure.phabricator.com/D8535
2014-03-14 08:54:26 -07:00
Chad Little
3257372585 End Cap for Timeline
Summary: End-cap for timeline. Fixes T4438

Test Plan: Tested on a timeline with and without endcap.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: aran, epriestley, Korvin, chad, btrahan

Maniphest Tasks: T4438

Differential Revision: https://secure.phabricator.com/D8530
2014-03-14 08:51:50 -07:00
epriestley
6bda39aaad Fix a couple of minor OAuthServer things
Summary:
I was a bit hasty with this.

  - This should be uninstallable.
  - Provide a real description.
  - Choose a better title glyph (trident of neptune).

Test Plan: Poked around.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: aran, epriestley

Differential Revision: https://secure.phabricator.com/D8534
2014-03-14 08:46:07 -07:00
epriestley
f7b1ed7221 Fix two registration errors for unusual provider emails
Summary:
See <https://github.com/facebook/phabricator/issues/541>.

  - If a provider returns the email `""` or `"0"`, we currently don't let the user edit it and thus don't let them register.
  - If a provider returns an invalid email like `"!!!"` (permitted by GitHub, e.g.), we show them a nonsense error message.

Instead:

  - Pretend we didn't get an address if we get an invalid address.
  - Test the address strictly against `null`.

Test Plan: Registered on Phabricator with my GitHub email set to `""` (empty string) and `"!!!"` (bang bang bang).

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: aran, epriestley

Differential Revision: https://secure.phabricator.com/D8528
2014-03-13 19:03:12 -07:00
John Watson
a5f6e19dfd Make PhabricatorBotFeedNotificationHandler work with new PhabricatorApplicationTransactionFeedStory
Summary: Depends on D8521

Test Plan: ran with handler enabled and phabot posted stories

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: aran, epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8524
2014-03-13 18:20:05 -07:00
John Watson
8789f97867 Include objectPHID in feed.query text view
Summary: This way the type of story can be inferred.

Test Plan: requested feed.query with `view=>'text'`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: aran, epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8521
2014-03-13 17:56:25 -07:00
epriestley
1d30354223 Fix issue with ref/fixes in commit messages
Summary: Fixes T4600. If there's also a revision, the variable "$message" gets overwritten. groan~

Test Plan: Pushed a commit with "Fixes T123" and a revision, saw it parse on the first try.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: chrisbolt, aran, epriestley

Maniphest Tasks: T4600

Differential Revision: https://secure.phabricator.com/D8519
2014-03-13 17:47:11 -07:00
William R. Otte
29436dfe37 Added 'method' field to the HTTP request build step.
Summary:
This revision adds a 'method' field to the HTTP request harbormaster build step.  This allows the user to specify GET, POST, DELETE, and PUT (limited by the underlying wrapper phabricator uses for HTTP requests).  I'm not sure how much sense PUT makes, but oh well.

Existing plans shouldn't break, as if this field is an empty string, we default to POST, which is the old behavior.

Fixes T4604

Test Plan: 1) Verified that the empty string does, in fact, issue a POST request.  Changed the method to be GET and observed that the problem described in T4604 is resolved.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: aran, epriestley

Maniphest Tasks: T4604

Differential Revision: https://secure.phabricator.com/D8520
2014-03-13 15:51:05 -07:00
Bob Trahan
e6118bcbaf Tweak application and maniphest editors to handle policy corner cases better
Summary:
Fixes T4362. If you have a default edit + view policy of "no one" things get weird when you try to create a task - basically its impossible.

Ergo, re-jigger how we do policy checks just a bit.

 - if its a new object, don't bother with the "can the $actor edit this thing by virtue of having can see / can edit priveleges?" That makes no sense on create.
 - add a hook so when doing the "will $actor still be able to edit this thing after all the edits" checks the object can be updated to its ultimate state. This matters for Maniphest as being the owner lets you do all sorts of stuff.

Test Plan:
- made a task with no one policy and assigned to no one - exception
- made a task with no one policy and assigned to me - success
 - made a comment on the task - success
 - reassigned the task to another user - exception
 - reassigned the task to another user and updated policies to "users" - success

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: aran, epriestley, Korvin

Maniphest Tasks: T4362

Differential Revision: https://secure.phabricator.com/D8508
2014-03-13 13:50:08 -07:00
epriestley
a9f38e55e5 Modernize Facebook OAuth instructions
Summary: Ref T4593. We have somewhat outdated instructions, and safer setup instructions are now available.

Test Plan: Read instructions.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: aran, epriestley

Maniphest Tasks: T4593

Differential Revision: https://secure.phabricator.com/D8518
2014-03-13 13:00:47 -07:00
epriestley
ae7324fd5b Fix an anchor redirect issue with OAuth server, plus modernize the application a bit
Summary:
Ref T4593. Via HackerOne. An attacker can use the anchor reattachment, combined with the Facebook token workflow, combined with redirection on OAuth errors to capture access tokens. The attack works roughly like this:

  - Create an OAuth application on Phabricator.
  - Set the domain to `evil.com`.
  - Grab the OAuth URI for it (something like `https://phabricator.com/oauthserver/auth/?redirect_uri=http://evil.com&...`).
  - Add an invalid `scope` parameter (`scope=xyz`).
  - Use //that// URI to build a Facebook OAuth URI (something like `https://facebook.com/oauth/?redirect_uri=http://phabricator.com/...&response_type=token`).
  - After the user authorizes the application on Facebook (or instantly if they've already authorized it), they're redirected to the OAuth server, which processes the request. Since this is the 'token' workflow, it has auth information in the URL anchor/fragment.
  - The OAuth server notices the `scope` error and 302's to the attacker's domain, preserving the anchor in most browsers through anchor reattachment.
  - The attacker reads the anchor in JS and can do client workflow stuff.

To fix this, I've made several general changes/modernizations:

  - Add a new application and make it beta. This is mostly cleanup, but also turns the server off for typical installs (it's not generally useful quite yet).
  - Add a "Console" page to make it easier to navigate.
  - Modernize some of the UI, since I was touching most of it anyways.

Then I've made specific security-focused changes:

  - In the web-based OAuth workflow, send back a human-readable page when errors occur. I //think// this is universally correct. Previously, humans would get a blob of JSON if they entered an invalid URI, etc. This type of response is correct for the companion endpoint ("ServerTokenController") since it's called by programs, but I believe not correct for this endpoint ("AuthController") since it's used by humans. Most of this is general cleanup (give humans human-readable errors instead of JSON blobs).
  - Never 302 off this endpoint automatically. Previously, a small set of errors (notably, bad `scope`) would cause a 302 with 'error'. This exposes us to anchor reattachment, and isn't generally helpful to anyone, since the requesting application did something wrong and even if it's prepared to handle the error, it can't really do anything better than we can.
  - The only time we'll 'error' back now from this workflow is if a user explicitly cancels the workflow. This isn't a 302, but a normal link (the cancel button), so the anchor is lost.
  - Even if the application is already approved, don't blindly 302. Instead, show the user a confirmation dialog with a 'continue' link. This is perhaps slightly less user-friendly than the straight redirect, but I think it's pretty reasonable in general, and it gives us a lot of protection against these classes of attack. This redirect is then through a link, not a 302, so the anchor is again detached.
  -

Test Plan: I attempted to hit everything I touched. See screenshots.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: aran, epriestley

Maniphest Tasks: T4593

Differential Revision: https://secure.phabricator.com/D8517
2014-03-13 12:59:10 -07:00
epriestley
969d0c3e8d Use "\z" instead of "$" to anchor validating regular expressions
Summary:
Via HackerOne. In regular expressions, "$" matches "end of input, or before terminating newline". This means that the expression `/^A$/` matches two strings: `"A"`, and `"A\n"`.

When we care about this, use `\z` instead, which matches "end of input" only.

This allowed registration of `"username\n"` and similar.

Test Plan:
  - Grepped codebase for all calls to `preg_match()` / `preg_match_all()`.
  - Fixed the ones where this seemed like it could have an impact.
  - Added and executed unit tests.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: aran, epriestley

Differential Revision: https://secure.phabricator.com/D8516
2014-03-13 12:42:41 -07:00
epriestley
58877a9b6c Fix some collateral damage from SSH Keypair generation
Summary: There's no `addHiddenInput()` on the layout view. Instead, build it
from the form. See: <https://github.com/facebook/phabricator/issues/538>.

Auditors: btrahan
2014-03-13 07:31:45 -07:00
epriestley
f950985cfd Allow Passphrase to generate SSH keypairs and extact public keys from private keys
Summary:
Ref T4587.

  - Add an option to generate a keypair.
  - Add an option to view the public keys for existing keypairs.

Test Plan:
  - Generated keypairs.
  - Viewed public keys.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: aran, epriestley

Maniphest Tasks: T4587

Differential Revision: https://secure.phabricator.com/D8515
2014-03-12 18:58:25 -07:00
epriestley
44fc671b3f Add a "Generate Keypair" option on the SSH Keys panel
Summary: Ref T4587. Add an option to automatically generate a keypair, associate the public key, and save the private key.

Test Plan: Generated some keypairs. Hit error conditions, etc.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: aran, epriestley

Maniphest Tasks: T4587

Differential Revision: https://secure.phabricator.com/D8513
2014-03-12 18:17:11 -07:00
epriestley
d27cd5fb99 Disable Herald more aggressively when it's turned off for a repository
Summary:
Currently, disabling Herald only disables feed, notifications and email. Historically, audits didn't really create external effects so it made sense for Herald to only partially disable itself.

With the advent of Harbormaster/Build Plans, it makes more sense for Herald to just stop doing anything. When this option is disabled, stop all audit/build/publish/feed/email actions for the repository.

Test Plan: Ran `scripts/repository/reparse.php --herald`, etc.

Reviewers: dctrwatson, btrahan

Reviewed By: btrahan

Subscribers: aran, epriestley

Differential Revision: https://secure.phabricator.com/D8509
2014-03-12 18:16:50 -07:00
epriestley
8a409aa40f Fix parsing of "Reviewed By" field
Summary: In the Message parser, we read this field and expect to get an array of PHIDs out of it. Currently, we get a string. Instead, get an array of PHIDs.

Test Plan: Wrote a message like "Fixes Tnnn" with "Reviewed by: duck", and saw no more parse error during message parsing.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: aran, epriestley

Differential Revision: https://secure.phabricator.com/D8510
2014-03-12 18:11:09 -07:00
epriestley
e068b04b5c Silence a warning about unknown fields in 'getcommitmessage'
Summary: Similar to D8491, some of my new exceptions are a bit too aggressive. See IRC. This one's hitting an edit workflow with 'revisionID' onboard somehow.

Test Plan: Not entirely sure how to hit this, but it won't throw anymore.

Reviewers: btrahan, dctrwatson, zeeg

Reviewed By: zeeg

Subscribers: zeeg, aran, epriestley

Differential Revision: https://secure.phabricator.com/D8514
2014-03-12 17:24:58 -07:00
Michael Peters
3f7f5a47ff Fix a small typo when creating a Herald rule
Summary: "Users who an edit" to "Users who can edit"

Test Plan: Verified that typo is gone after the change

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: aran, epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8511
2014-03-12 16:12:43 -07:00
epriestley
4173367f87 Add missing needReviewerAuthority() for differential.createcomment
Summary: For some actions (like accept) we need to load reviewer authority so we can figure out if the actor can act on behalf of project reviewers, etc.

Test Plan: Will make @dctrwatson do it.

Reviewers: dctrwatson, btrahan

Reviewed By: btrahan

Subscribers: chad, aran, dctrwatson, epriestley

Differential Revision: https://secure.phabricator.com/D8505
2014-03-12 15:24:54 -07:00
epriestley
3b861ab741 Fix two transactional issues around revision status
Summary:
Two issues:

  - Herald is currently overwriting accepts and rejects with "blocking reviewer". Just stop it from doing that.
  - When you update an accepted revision, we put it back in "needs review", then return it to "accepted", generating an extra transaction. Instead, don't.

Test Plan:
  - Updated a revision with an accepting, herald-based blocking project reviewer. Reviewer was still accepting.
  - Updated an accepted revision, didn't get an extra transaction.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: aran, epriestley

Differential Revision: https://secure.phabricator.com/D8506
2014-03-12 15:24:43 -07:00
epriestley
193e8a54fc Add "pusher is committer" to Herald as a pre-commit rule
Summary:
Fixes T4594. Also, allow "exists" / "does not exist" to be run against author/committer. This allows construction of rules like:

  - Committer identities must be authentic.
  - Committer identities must be resolvable.
  - Author identities must be resolvable.

Test Plan: Created some rules using these new rules and ran them.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: aran, epriestley

Maniphest Tasks: T4594

Differential Revision: https://secure.phabricator.com/D8507
2014-03-12 15:24:33 -07:00
epriestley
08d013b391 Minor, fix parameter passed to HarbormasterBuildable::applyBuildPlans()
Summary: This should be a PHID, not an object.
2014-03-12 12:13:54 -07:00
epriestley
c0d433727c Modernize "revision update history" in Differential
Summary:
Ref T4585.

  - Use modern UI kit.
  - Make mobile-ish.
  - Fix a couple minor things.

Test Plan:
{F127155}

{F127156}

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: aran, epriestley, chad

Maniphest Tasks: T4585

Differential Revision: https://secure.phabricator.com/D8504
2014-03-12 11:39:43 -07:00
epriestley
a4a4322d7a Add a "tags" field to Diffusion commit
Summary:
  - Fixes T4588.
  - See D8501.
  - Adds a "Tags" field for Herald commit emails.
  - Fixes a bug in `tagsquery` when filtering by commit name.
  - Make `tagsquery` just return nothing instead of fataling against Mercurial/Subversion.

Test Plan: Used `bin/repository/reparse.php --herald` to exercise this code.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: aran, epriestley

Maniphest Tasks: T4588

Differential Revision: https://secure.phabricator.com/D8502
2014-03-12 11:30:52 -07:00
epriestley
611f670720 Add CustomField to Diffusion and add a "branches" field
Summary:
Ref T4588. Request from @zeeg. Adds a "BRANCHES" field to commit emails, so the branches the commit appears on are shown.

I've implemented this with CustomField, but in a very light way.

Test Plan: Used `scripts/repository/reparse.php --herald` to generate mail, got a BRANCHES section where applicable.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: aran, epriestley, zeeg

Maniphest Tasks: T4588

Differential Revision: https://secure.phabricator.com/D8501
2014-03-12 11:30:33 -07:00
epriestley
69399dfc2a Remove phpast.* Conduit methods
Summary:
Ref T4592. These were added with the intent of not requiring builds on Windows, but then we got builds on Windows working and they seem to be straightforward. See T4592 for most recent discussion.

Remove these methods because they aren't really practical for anything and increase attack surface area by giving adversaries access to `xhpast`, and generally bloat up the Conduit API. To my knowledge, nothing has ever called them.

(If an install somehow relies on these, they can drop them into `src/extensions/` to expose them again.)

Test Plan: Viewed conduit.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: aran, epriestley

Maniphest Tasks: T4592

Differential Revision: https://secure.phabricator.com/D8500
2014-03-12 11:30:22 -07:00
epriestley
7176240717 Whitelist controllers which can receive a 'code' parameter
Summary:
Ref T4593. There are a variety of clever attacks against OAuth which involve changing the redirect URI to some other URI on the same domain which exhibits unexpected behavior in response to an OAuth request. The best approach to dealing with this is for providers to lock to a specific path and refuse to redirect elsewhere, but not all providers do this.

We haven't had any specific issues related to this, but the anchor issue in T4593 was only a step away.

To mitigate this in general, we can reject the OAuth2 `'code'` parameter on //every// page by default, and then whitelist it on the tiny number of controllers which should be able to receive it.

This is very coarse, kind of overkill, and has some fallout (we can't use `'code'` as a normal parameter in the application), but I think it's relatively well-contained and seems reasonable. A better approach might be to whitelist parameters on every controller (i.e., have each controller specify the parameters it can receive), but that would be a ton of work and probably cause a lot of false positives for a long time.

Since we don't use `'code'` normally anywhere (as far as I can tell), the coarseness of this approach seems reasonable.

Test Plan:
  - Logged in with OAuth.
  - Hit any other page with `?code=...` in the URL, got an exception.
  - Grepped for `'code'` and `"code"`, and examined each use to see if it was impacted.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: aran, epriestley

Maniphest Tasks: T4593

Differential Revision: https://secure.phabricator.com/D8499
2014-03-12 11:30:04 -07:00
Chad Little
27485bc644 Add type=submit to AphrontDialogView
Summary: This is required for browsers <= IE7

Test Plan: Inspected HTML for type.

Reviewers: epriestley

Subscribers: aran, epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8503
2014-03-12 11:27:48 -07:00
epriestley
9e3baacc95 Restore old "author can not be a reviewer" rule to Transactions
Summary:
This is a bit messy, but not tooo bad:

  - In general, stop the author from being added as a reviewer.
  - In the specific case that "self accept" is enabled, allow it. This is easier than trying to special case it.
  - When commandeering, we make the author a reviewer and make the actor the author, but these happen after validation. At validation time, it looks like we're making the author a reviewer. Just special case this.
  - Provide a slightly nicer message when trying to add yourself from `arc`. We hit the Transactions message anyway, but it's not formatted as cleanly.
  - Don't try to add the author via Herald.

Test Plan:
  - Edited a revision with author = reviewer, got stopped.
  - Commandeered revision.
  - Updated from `arc`.
  - Updated in general.
  - Fired a "add author as reviewer" Herald rule without things breaking.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: aran, epriestley

Differential Revision: https://secure.phabricator.com/D8496
2014-03-12 06:04:30 -07:00
epriestley
95285aee50 When creating a new revision, include the summary in the initial email
Summary: This got dropped in the ApplicationTransactions stuff.

Test Plan: Created a new revision.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: aran, epriestley

Differential Revision: https://secure.phabricator.com/D8495
2014-03-11 17:13:00 -07:00
epriestley
0b6c0c135f Default new reviewers to "added", and don't overwrite reviewer states when updating
Summary:
Fixes two issues with Differential:

  - New reviewers on initial diff were being created into a `null` state.
  - The `"="` edge update was overwriting accepted/rejected statuses. This could maybe be more nuanced in the long run, but I've just made it update correctly for now.

Test Plan:
  - Created and updated a revision, paying attention to reviewer statuses.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: aran, epriestley

Differential Revision: https://secure.phabricator.com/D8494
2014-03-11 17:12:47 -07:00
epriestley
ad88ff28a1 Reject Phame domains which include a port number
Summary: Via HackerOne. This doesn't actually have any security impact as far as we can tell, but a researcher reported it since it seems suspicious. At a minimum, it could be confusing. Also improve some i18n stuff.

Test Plan: Hit all the error cases, then saved a valid custom domain.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: aran, epriestley

Differential Revision: https://secure.phabricator.com/D8493
2014-03-11 15:53:15 -07:00
Bob Trahan
740757fd9b Diffusion - add ToC for readme files
Summary: see title. Fixes T4549.

Test Plan: made a readme that had some headers and observed a nice ToC

Reviewers: chad, epriestley

Reviewed By: epriestley

Subscribers: aran, epriestley, Korvin

Maniphest Tasks: T4549

Differential Revision: https://secure.phabricator.com/D8490
2014-03-11 15:52:16 -07:00
Bob Trahan
a1faac0a21 Phame - create conduit API to create posts
Summary:
nothing too crazy here. try to be smart about some defaults (i.e. phame title is optional and can be derived from title; post as not a draft by default; etc). Fixes T3695.

also do a little re-factoring to centralizing initializing new posts and turning posts into dictionaries. also change blogs => posts in another conduit method so it makes sense and stuff.

Test Plan: made some posts via conduit. testing trying to specify blogger, phame title, and isDraft, all worked nicely

Reviewers: chad, epriestley

Reviewed By: epriestley

Subscribers: aran, epriestley, Korvin

Maniphest Tasks: T3695

Differential Revision: https://secure.phabricator.com/D8485
2014-03-11 15:51:53 -07:00
Bob Trahan
46cf263e9d Fix a bug for updating diffs
Summary: Hit this issue in D8485. I think reviewedByPHID changes should appear in application transactions.

Test Plan: Would like to deploy this and try updating D8485 again.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: aran, epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8491
2014-03-11 15:36:03 -07:00
epriestley
0b15624c37 Fix two minor Differential issues
Summary: The JIRA field is currently always enabled. This isn't correct; it
should be disabled if there's no JIRA provider.

We also use the old set of reviewers to compute mail delivery. Instead, reload
the correct set of reviewers before moving on after finalizing transactions.
2014-03-11 13:50:13 -07:00
Neal Poole
8818252f52 [herald] Add support for Arcanist Project as a field for Differential revisions
Summary: Useful in cases where there is an Arcanist Project but not a repository tracked by Phabricator for a particular revision.

Test Plan: Created a new rule to flag Differential revisions with a particular Arcanist project, verified that it applied as expected via the test console to revisions with the project specified and with a different project specified.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: aran, epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8463
2014-03-11 13:15:14 -07:00
Michael Peters
8b6c86e27d Fix the script that saves lint for a repo into the database and updates diffusion.
Summary:
It appears a change to the way the configuration was loaded into ArcanistRepositoryAPI in rARCa2285b2b broke the save_lint script.
This updates the DiffusionLintSaveRunner to use the configuration correctly, allowing the linter to run

Test Plan: cd /your/project; ../../../path/to/phabricator/scripts/repository/save_lint.php

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: aran, epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D8487
2014-03-11 13:07:45 -07:00
epriestley
2dbfb1d5fb Remove DifferentialComment
Summary: Ref T2222. Remove this; no more callsites.

Test Plan: `grep`

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8477
2014-03-11 13:02:33 -07:00
epriestley
592591e715 Clean up various pieces of dead/obsolete Differential code
Summary:
Ref T2222.

  - Removes `DifferentialTasksAttacher`, which has had no callsites for a very long time.
  - Moves `differential.getrevisioncomments` off `DifferentialCommentQuery`.
  - Moves Releeph churn field off `DifferentialCommentQuery`.
  - Removes dead code in `DifferentialRevisionViewController`.
  - Removes `DifferentialException` (no references).
  - Removes `DifferentialRevision->loadComments()` (no callsites).
  - Removes `DifferentialRevision->loadReviewedBy()` (all callsites updated).
  - Removes `DifferentialCommentQuery` (all callsites updated).

Test Plan: Mostly a lot of `grep`.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8476
2014-03-11 13:02:19 -07:00
epriestley
a49fec39be Move lint/unit test warning code forward to Transactions
Summary: Ref T2222. Makes the "lint/unit errors" warnings work again.

Test Plan: Viewed some revisions with and without these warnings.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8475
2014-03-11 13:02:18 -07:00
epriestley
20cc85878e Remove almost all old Differential field code
Summary: Ref T2222. The unit and lint fields still have one piece of functionality that I need to port, but everythign else is obsolete.

Test Plan: Lots of `grep`.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8474
2014-03-11 13:02:16 -07:00
epriestley
3f67430f46 Use PhabricatorObjectListQuery in Herald worker
Summary: Ref T2222. Straightforward, just breaks a needless dependency.

Test Plan: Pushed and parsed a commit with "Auditors" in it.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8473
2014-03-11 13:02:14 -07:00
epriestley
7cd4e70ef2 Remove DifferentialFieldSelector
Summary: Ref T2222. Gets rid of DifferentialFieldSelector, favoring `differential.fields`.

Test Plan: `grep`

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8472
2014-03-11 13:02:13 -07:00
epriestley
40b471faea Move "close tasks on commit" code out of field specification stuff
Summary: Ref T2222. There's some magic here, just port it forward in a mostly-reasonable way. This could use some refinement eventually.

Test Plan: Pushed commits with "Fixes" and "Ref" language, used `reparse.php` to trigger the new code. Saw expected updates in Maniphest.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8471
2014-03-11 13:02:12 -07:00
epriestley
3910d0d5e1 Remove field selector on Diff view and Revision List View
Summary:
Ref T2222. This has some minor functionality regressions:

  - The plain diff page no longer shows unit/test status. I want to give diffs separate custom fields for this.
  - It was technically possible to shove more data on the list view, although this doensn't affect the default config.

Test Plan: Looked at list view, diff detail view. Grepped for changes.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8470
2014-03-11 13:02:10 -07:00
epriestley
48059265f3 Use CustomFields to power Conduit auxiliary dictionaries
Summary: Ref T2222. Moves this Conduit stuff over.

Test Plan: Made Conduit calls, saw data in results.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8469
2014-03-11 13:02:09 -07:00
epriestley
77af6be803 Remove host/path and test plan enable/disable options
Summary: Ref T2222. These no longer have an effect, and are obsoleted by `differential.fields`.

Test Plan: `grep`

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8468
2014-03-11 13:02:07 -07:00
epriestley
9e8bbdb3a2 Port Differential mail features forward to transactions
Summary:
Ref T2222. Brings the major mail features (affected files, patches) forward.

This drops some of the minor integrations which just show object state (like "Maniphest Tasks") since I think they're not very important. I'll put them back if users miss them.

Test Plan: Sent mail with inline/attached patches.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8459
2014-03-11 13:02:06 -07:00
epriestley
50331016f7 Modernize commit message tips
Summary: Ref T2222. Fully modernizes these tips. No callsites remain for the old methods.

Test Plan: `grep`

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8457
2014-03-11 13:02:05 -07:00
epriestley
1df84168ef Remove DifferentialRevisionEditor
Summary: Ref T2222. This has no callsites and no functionality not present in the TransactionEditor.

Test Plan: awwyiss

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8456
2014-03-11 13:02:04 -07:00
epriestley
c68703fbcb Perform derived index updates in TransactionEditor
Summary: Ref T2222. We have two tables (one for hashes; one for paths) which were unevenly updated before. Now, update them consistently in the TransactionEditor.

Test Plan: Created a revision, saw it populate this information.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8455
2014-03-11 13:02:03 -07:00
epriestley
a19f49632f Remove willWriteRevision/didWriteRevision hooks
Summary:
Ref T2222. DifferentialRevisionEditor has no remaining callsites, but it has a bit of functionality which still needs to be ported forward. I'm going to rip it apart piece by piece.

This removes the willWriteRevision/didWriteRevision hooks. They are completely encapsulated by transactions now, except for a unique piece of branch/task logic, which I migrated forward.

Test Plan:
  - Lots of `grep`.
  - Created a new revision on branch `T25`, saw it associate with the task.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8454
2014-03-11 13:02:01 -07:00
epriestley
fbaa12440e Use DifferentialRevisionEditor in lipsum
Summary: Ref T2222.

Test Plan: Generated revisions with `bin/lipsum`.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8453
2014-03-11 13:02:00 -07:00
epriestley
a5fbe921b7 Use CustomFields in differential.createrevision
Summary:
Ref T2222. Ref T3886. Medium term goal is to remove `DifferentialRevisionEditor`.

This temporarily reduces a couple of pieces of functionality unique to the RevisionEditor, but I'm going to go clean those up in the next couple diffs.

Test Plan: Used `arc diff --create` to create several revisions with different data.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3886, T2222

Differential Revision: https://secure.phabricator.com/D8452
2014-03-11 13:01:59 -07:00
epriestley
d8968755e9 Use CustomField for differential.updaterevision
Summary: Ref T2222. Ref T3794. Medium term goal is to remove `DifferentialRevisionEditor`. This removes one of two callsites.

Test Plan: Used `arc diff --edit` to repeatedly update a revision, making changes to various fields.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3794, T2222

Differential Revision: https://secure.phabricator.com/D8451
2014-03-11 13:01:58 -07:00
epriestley
6dd191a3c1 Allow configuration of Differential custom fields
Summary: Ref T2222. Ref T3886. This is a little early for general use, but the message parse/generate stuff requires CustomFields and FieldSpecifications to be closely aligned, so this provides at least a plausbile approach for any installs that run into trouble.

Test Plan: Viewed config; reordered fields.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222, T3886

Differential Revision: https://secure.phabricator.com/D8450
2014-03-11 13:01:57 -07:00
epriestley
ae3c1f7819 Perform commit message parsing and construction with new CustomFields
Summary: Ref T2222. Ref T3886. Converts parsing and construction of commit messages to be driven by CustomField.

Test Plan:
This is a huge, messy change. I've made an effort to test it exhasutively, but suspect I probably missed a few behaviors. Roughly:

  - Enumerted all current fields (fields implementing `shouldAppearOnCommitMessage()`) and tried to test them one by one.
  - Used `arc diff --edit` repeatedly to manipulate each field (this workflow hits both the parse and construct steps).
  - Used `arc amend --show` to examine construct output (this does not activate the "edit" mode).

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3886, T2222

Differential Revision: https://secure.phabricator.com/D8449
2014-03-11 13:01:55 -07:00
epriestley
966eb2ae26 Fail feed story renders individually, instead of in aggregate
Summary: When we fail to render a feed story because something is broken, just break that story, not the entire feed.

Test Plan: {F125898}

Reviewers: btrahan, chad

Reviewed By: chad

CC: aran

Differential Revision: https://secure.phabricator.com/D8488
2014-03-10 18:22:24 -07:00
epriestley
a0f534b87c Minor improvements to Diviner layout
Summary:
  - Render functions as `func()` for consistency/clarity.
  - Sort articles first.
  - Sort case insensitively.
  - Label the "no group" symbols.

Test Plan: Regenerated and examined docs.

Reviewers: btrahan, chad

Reviewed By: chad

CC: aran

Differential Revision: https://secure.phabricator.com/D8480
2014-03-10 17:59:13 -07:00
Bob Trahan
8e41315238 Hovercard - add project images
Summary:
adds project images. Also fiddles with HTML + CSS just a bit so we have a "picture" column and a "details" column if a picture exists.

This keeps the details all in a nice column even if there are many details that end up being taller than the picture UI.

Fixes T3991.

Test Plan: looked at a task (no pic), project (pic w/ no details), and user (pic w/ many details) hovercard and all looked good on Chrome and Safari

Reviewers: epriestley, chad

CC: chad, Korvin, epriestley, aran

Maniphest Tasks: T3991

Differential Revision: https://secure.phabricator.com/D8483
2014-03-10 17:10:32 -07:00
epriestley
761b662283 Don't prefill "add email address" from GET
Summary: Via HackerOne. I don't think this is a security vulnerability, but it is inconsistent. There's no reason to prefill this, and I think the code was just lazy.

Test Plan:
  - Hit this page with `?email=xyz` in a GET request, no more prefill.
  - Looped the page with bad addresses, appropriate prefill.
  - Added an address.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D8458
2014-03-10 16:21:47 -07:00
epriestley
042ab0ad9d Fix three minor edge case behaviors in Conpherence
Summary:
Couple of tweaks:

  - If a conpherence has no participants, we fail to `attachParticipants()`. This can happen if you leave a Conpherence as the last participant, then visit the URI again explicitly.
  - If you can't load any transactions (usually, because you don't have permission to view a thread's transactions), we try to attach `null` instead of `array()`. This can happen if you attempt to view a thread you don't have permission to see. A more general fix would be to tweak the load/filtering order, but I'm leaving that for another time since it's more involved and only gives us a small performance gain in unusual sitautions.
  - `initializeNewThread()` should be declared `static`.

Test Plan:
  - Viewed a thread with no participants, got proper policy error.
  - Viewed a thread I couldn't see, got proper policy error.
  - Grepped for `initializeNewThread()`.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D8467
2014-03-10 16:21:28 -07:00
epriestley
5854de8c1c Don't 302 to an external URI, even after CSRF POST
Summary:
Via HackerOne. This defuses an attack which allows users to steal OAuth tokens through a clever sequence of steps:

  - The attacker begins the OAuth workflow and copies the Facebook URL.
  - The attacker mutates the URL to use the JS/anchor workflow, and to redirect to `/phame/live/X/` instead of `/login/facebook:facebook.com/`, where `X` is the ID of some blog they control. Facebook isn't strict about paths, so this is allowed.
  - The blog has an external domain set (`blog.evil.com`), and the attacker controls that domain.
  - The user gets stopped on the "live" controller with credentials in the page anchor (`#access_token=...`) and a message ("This blog has moved...") in a dialog. They click "Continue", which POSTs a CSRF token.
  - When a user POSTs a `<form />` with no `action` attribute, the browser retains the page anchor. So visiting `/phame/live/8/#anchor` and clicking the "Continue" button POSTs you to a page with `#anchor` intact.
  - Some browsers (including Firefox and Chrome) retain the anchor after a 302 redirect.
  - The OAuth credentials are thus preserved when the user reaches `blog.evil.com`, and the attacker's site can read them.

This 302'ing after CSRF post is unusual in Phabricator and unique to Phame. It's not necessary -- instead, just use normal links, which drop anchors.

I'm going to pursue further steps to mitigate this class of attack more thoroughly:

  - Ideally, we should render forms with an explicit `action` attribute, but this might be a lot of work. I might render them with `#` if no action is provided. We never expect anchors to survive POST, and it's surprising to me that they do.
  - I'm going to blacklist OAuth parameters (like `access_token`) from appearing in GET on all pages except whitelisted pages (login pages). Although it's not important here, I think these could be captured from referrers in some cases. See also T4342.

Test Plan: Browsed all the affected Phame interfaces.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, arice

Differential Revision: https://secure.phabricator.com/D8481
2014-03-10 16:21:07 -07:00
epriestley
0a779b60a2 Exclude disabled (disapproved) users from count on People application on homepage
Summary:
The People application shows users awaiting approval, but incorrectly counts disabled users (i.e., users who were not approved).

Instead, count only non-disabled, non-approved users.

Test Plan: My homepage count dropped from 4 to 1, corresponding to the actual number of accounts.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, spicyj

Differential Revision: https://secure.phabricator.com/D8486
2014-03-10 16:20:49 -07:00
Joshua Spence
e11adc4ad7 Added some additional assertion methods.
Summary:
There are quite a few tests in Arcanist, libphutil and Phabricator that do something similar to `$this->assertEqual(false, ...)` or `$this->assertEqual(true, ...)`.

This is unnecessarily verbose and it would be cleaner if we had `assertFalse` and `assertTrue` methods.

Test Plan: I contemplated adding a unit test for the `getCallerInfo` method but wasn't sure if it was required / where it should live.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Differential Revision: https://secure.phabricator.com/D8460
2014-03-08 19:16:21 -08:00
epriestley
06626205fe Minor, fix an issue with StoredCustomFields that serialize, like JIRA 2014-03-08 07:36:04 -08:00
Anirudh Sanjeev
44b41a94ae Add a note suggesting restarting daemons for feed.http-hooks
Summary:
I was trying to set up a http hook, but despite setting the config,
the endpoint wasn't getting a request. I was advised on IRC by balpert to
restart my daemons and it worked great after I did that.

Since this information isn't in the documentation, I am adding it to the
description of the option, so it helps the next person.

Test Plan: N/A

Reviewers: #blessed_reviewers, epriestley

Reviewed By: epriestley

CC: Korvin, epriestley, aran, spicyj

Differential Revision: https://secure.phabricator.com/D8447
2014-03-08 06:37:16 -08:00
epriestley
314edcabbb Fix Herald adapter construction for new revisions. Fixes T4572. 2014-03-08 06:35:41 -08:00
epriestley
76577df506 Extract textual object list parsing from Differential
Summary:
Ref T2222. Currently, Differential has a fairly hairy piece of logic to parse object lists, like `Reviewers: alincoln, htaft`. Extract, generalize, and cover this.

  - Some of the logic can be simplified with modern ObjectQuery stuff.
  - Make `@username` the formal monogram for users.
  - Make `list@domain.com` the formal monogram for mailing lists.
  - Add test coverage.

Test Plan:
  - Ran unit tests.
  - Called `differential.parsecommitmessage` with a bunch of real-world inputs and got sensible results.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8445
2014-03-07 17:44:44 -08:00
epriestley
aff34077c5 Move Differential commit message parsing to a separate, tested class
Summary: Ref T2222. We have a hunk of logic that purely does text parsing here; separate it and get coverage on it.

Test Plan:
  - Ran new unit tests.
  - Used `differential.parsecommitmessage`.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8444
2014-03-07 17:44:35 -08:00
epriestley
f25cce1e69 Remove DifferentialCommentEditor and DifferentialCommentMail
Summary: Ref T2222. These no longer have any callsites. Also got rid of a little bit of other code which also no longer has callsites.

Test Plan: `grep`

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8443
2014-03-07 17:44:19 -08:00
epriestley
1c51ed5940 Use TransactionEditor in differential.createcomment
Summary: Ref T2222. Update this callsite; pretty straightforward.

Test Plan: Used Conduit to take actions and saw their effects in Differential.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8442
2014-03-07 17:44:10 -08:00
epriestley
b04f706c0a Use TransactionEditor when closing revisions in response to commits
Summary: Ref T2222. When we discover a commit associated with a revision, close it using modern transactions.

Test Plan: {F123848}

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8441
2014-03-07 17:43:58 -08:00
epriestley
458a28eed3 Truncate logSource in Harbormaster to the database column limit
Summary: This can be a command, which might be arbitrarily long, but the column is VARCHAR(255).

Test Plan: `grep`

Reviewers: dctrwatson, btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D8446
2014-03-07 17:43:46 -08:00
epriestley
0488ce73c4 Add assertions to no-assertions tests in phabricator/
Summary: Ref T4570. Add trivial assertions to tests which fail-by-exploding so we can fail tests with no assertions.

Test Plan: Ran `arc unit --everything` with Arcanist patched to fail with no assertions.

Reviewers: leebyron, btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T4570

Differential Revision: https://secure.phabricator.com/D8436
2014-03-07 10:02:46 -08:00
Michael Peters
5e47f2a862 Adding author information to AuditListView
Summary:
Adding the Author to the home page and Audit overview page,
so that at a glance you can see who authored the commits
that need to be audited

Test Plan: View home page and audit overview page and see that author is shown

Reviewers: #blessed_reviewers, epriestley

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Differential Revision: https://secure.phabricator.com/D8438
2014-03-07 08:40:35 -08:00
epriestley
49eaa9f8fe Use TransactionEditor in Differential mail handling
Summary: Ref T2222. Moves this instance of CommentEditor to TransactionEditor.

Test Plan: Used `bin/mail receive-test` to test receiving comment mail and action mail.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8427
2014-03-07 08:10:18 -08:00
epriestley
4dfd4944c4 Don't use CommentEditor in lipsum
Summary: Ref T2222. For now, I'm just dropping this rather than updating it since I'll need to come back here later for `DifferentialRevisionEditor` anyway, and no users rely on this functionality.

Test Plan: Static checks; this isn't user-facing.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8426
2014-03-07 08:10:07 -08:00
epriestley
75514cc0f7 Update differential.close to use DifferentialTransactionEditor
Summary: Ref T2222. Straightforward update to new stuff.

Test Plan:
  - Tried to close an uncloseable revision.
  - Closed a closeable revision.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8425
2014-03-07 08:09:59 -08:00
epriestley
3dc9afa28d Remove differential.markcommitted
Summary: Ref T2222. Primary goal is to remove this callsite for `DifferentialCommentEditor`, but rather than updating it I'm just nuking this method since it's been deprecated for more than a year (more than two years?)

Test Plan: Reloaded Conduit method list.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8424
2014-03-07 08:09:33 -08:00
epriestley
5801176edc When creating a new Phame blog post, check that the author has permission to post to the blog
Summary:
Via HackerOne. We're missing this permissions check, so you can sneak around it with URL editing right now.

I checked the other queries in this application and they seem OK.

Test Plan: Tried to post to a blog I had no permission to join.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D8423
2014-03-06 14:06:07 -08:00
epriestley
270929dd6b Include Source Sans on-demand with Celerity
Summary:
Unwinds the mess I made in D8422 / D8430:

  - Remove `'fonts'`, since individual fonts can be included via Celerity now.
  - Include Source Sans from the local source when a document uses it as a fontkit.

Test Plan: Browsed Diviner, saw Source Sans.

Reviewers: chad

Reviewed By: chad

CC: aran

Differential Revision: https://secure.phabricator.com/D8431
2014-03-06 11:39:48 -08:00
Peng Li
81d9935efe Allow parenthesis in author name
Summary: We have a dozen users who has `(...)` in their 'real name', like 'Jimmy (He) Zhang', and it's causing the diffusion file browser problems when blame is enabled. The parser does not expect those parenthesis and the lines of code will be empty if they were last touched by a user like that.

Test Plan: Try it

Reviewers: wez, lifeihuang, JoelB, #blessed_reviewers, epriestley

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Differential Revision: https://secure.phabricator.com/D8429
2014-03-06 11:28:46 -08:00
epriestley
270916a26e Support WOFF files in Celerity and add Source Sans Pro
Summary:
  - Allow Celerity to map and serve WOFF files.
  - Add Source Sans Pro, Source Sans Pro Bold, and the corresponding LICENSE.
  - Add a `font-source-sans-pro` resource for the font.

Test Plan:
  - Changed body `font-face` to `'Source Sans Pro'`.
  - Added `require_celerity_resource('font-source-sans-pro')` in StandardPageView.

Works in Firefox/Chrome/Safari, at least:

{F123296}

{F123297}

{F123298}

Reviewers: btrahan, chad

Reviewed By: chad

CC: chad, aran

Differential Revision: https://secure.phabricator.com/D8430
2014-03-06 11:28:24 -08:00
Bob Trahan
d08576ed4e Workboards - add task create + improve task placement wrt priority edits
Summary: Fixes T4553, T4407.

Test Plan: created tasks and they showed up in the proper column. edited task priority and they moved about sensically.

Reviewers: chad, epriestley

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Maniphest Tasks: T4553, T4407

Differential Revision: https://secure.phabricator.com/D8420
2014-03-05 18:40:28 -08:00
epriestley
001a9557ec Enable Diviner to use the markup cache. 2014-03-05 17:22:27 -08:00
epriestley
5b8e7d2de3 Minor, allow documentation to be accessed while logged out. 2014-03-05 17:19:40 -08:00
epriestley
f55168b08b Minor, actually show article titles in Diviner. 2014-03-05 16:48:29 -08:00
epriestley
867dae9414 Make Diviner's "advanced search" a little less derp
Summary: Ref T988. This layout got mucked up a while ago, restore it to some semblance of sanity and give it a couple of basic search options.

Test Plan: Searched for stuff. Woooo~~

Reviewers: btrahan, chad

Reviewed By: chad

CC: aran

Maniphest Tasks: T988

Differential Revision: https://secure.phabricator.com/D8419
2014-03-05 16:45:21 -08:00
epriestley
81d381f69d Give Diviner a non-legacy root controller
Summary: Ref T988. Instead of hard-coding the application landing page, make the Diviner root show books if any have been generated. Otherwise, show a helpful message about how to generate documentation locally.

Test Plan:
{F122723}

{F122724}

Reviewers: chad, btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T988

Differential Revision: https://secure.phabricator.com/D8416
2014-03-05 13:07:50 -08:00
epriestley
d07fc70bbe Make bin/diviner generate with no arguments mean "generate everything"
Summary: Ref T988. This makes it easier to generate documentation.

Test Plan: Ran with and without `--book`. Examined CLI output.

Reviewers: chad, btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T988

Differential Revision: https://secure.phabricator.com/D8415
2014-03-05 13:00:50 -08:00
epriestley
873a4721b8 Divide Phabricator documentation into four books
Summary:
Ref T988. Divides documentation into four books:

  - User: Install, configure and use Phabricator.
  - Contrib: Develop and contribute to Phabricator.
  - Flavor: Worldly advice.
  - Generated: Generated technical documentation.

Test Plan: Generated the books and got sensible results. See screenshots.

Reviewers: chad, btrahan

Reviewed By: btrahan

CC: chad, aran

Maniphest Tasks: T988

Differential Revision: https://secure.phabricator.com/D8414
2014-03-05 13:00:24 -08:00
epriestley
fb52eda3d9 Allow Diviner books to have a "preface" section
Summary: Ref T988. This is primarily intended to let us add the "HEY! THIS ISN'T USER DOCUMENTATION" notices to the arcanist and libphutil technical docs.

Test Plan: Added some prefaces, generated docs, looked at them.

Reviewers: chad, btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T988

Differential Revision: https://secure.phabricator.com/D8410
2014-03-05 12:08:01 -08:00
epriestley
feac35a0fd Improve 404 behavior for new Diviner
Summary:
Ref T988. When the user clicks a link we haven't explicitly resolved before, we send them to the `/find/` endpoint, but currently just 404 if we can't find the relevant documentation.

Instead, display a more user-friendly error message, since we're probably going to have some of these. Also, make the page title much worse.

Test Plan: Hit a 404 via `/find/`, got a nicer page.

Reviewers: chad, btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T988

Differential Revision: https://secure.phabricator.com/D8408
2014-03-05 12:07:39 -08:00
epriestley
03abde0b25 Fix Diviner links to articles by title
Summary:
Ref T988. This fixes the biggest current problem with Diviner, which is dead links to articles.

In the new Diviner, articles can have both a "name" (derived from the file name, and used in the URI) and a "title" (optional, specified explicitly). For example, we have one document with the name "feedback" and the title "Give Feedback! Get Support!".

On disk, we want to use the name for the actual file where the text lives ("feedback.diviner"). We also want to use the name in the URI, to generate a clean URI and to allow us to retitle the document slightly without breaking links to it (for example, we renamed the "Backup" document to "Backups and Migrations").

However, when displaying the article we want to use the title.

Currently, you can //only// link to the name, not the title. This is inconvenient:

  - We have a bunch of existing docs which link to titles.
  - It's natural/intuitive to link to titles.
  - Linking to titles makes it easier/cheaper to generate documentation, because we don't need to be able to resolve things at render time.

To remedy this, allow links to target either names or titles. If we miss on a name query, we'll do a title query. This is implemented with a slug hash to allow approximately correct titles (wrong case/spacing/punctuation, e.g.) and sidestep all the UTF8/column length issues.

(In the long run, atom resolution should theoretically be more sophistiated than it is now, and we should do render-time lookups on at least some documents to catch bad links. However, this is fairly complicated and a relatively advanced feature, and I think allowing links to titles is desirable no matter what.)

Test Plan: The user documentation book now has valid links to articles when the titles and names differ.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T988

Differential Revision: https://secure.phabricator.com/D8407
2014-03-05 12:07:26 -08:00
epriestley
2ceffadee7 Support Herald rules for new Differential edits
Summary:
Ref T2222. Ref T4484. See D8404 for discussion.

When a revision is updated with the new Editor, apply Herald rules. Additionally, apply them in a modern way which generates transactions.

Test Plan: {F122299}

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, chad

Maniphest Tasks: T2222, T4484

Differential Revision: https://secure.phabricator.com/D8405
2014-03-05 12:07:13 -08:00
epriestley
84020a363f Let Herald activation depend on which transactions are being applied, and generate transactions
Summary:
Ref T2222. Ref T4484. This is a stepping stone to getting Herald supported in the new Differental code. Generally:

  - Instead of an Editor either supporting or not supporting Herald, let it choose based on transactions. Specifically, Differential only runs rules on revision creation and diff updates.
  - Optionally, allow an Editor to return some transactions to apply instead of having to apply everything itself. This lets us make it clear why changes happend in the transaction log, and share more code.
  - I updated only one transaction type (owners in Maniphest) since it was the easiest and cleanest to update and test. Everything else still works like it used to, it just won't generate a transaction record yet.
  - The transaction records are a touch rough, but we can clean them up later.

Test Plan: {F122282}

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T4484, T2222

Differential Revision: https://secure.phabricator.com/D8404
2014-03-05 12:06:59 -08:00
epriestley
4ef87eeac8 Add an explcit "Changes Planned" state for Differential
Summary: Ref T2222. Ref T4481. This fixes the issue where "Plan Changes" could immediately trigger a state change (e.g., back to accepted) because of state-based transitions out of the NEEDS_REVISION state.

Test Plan: Planned changes an "accepted" revision, it didn't immediately return to being accepted.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222, T4481

Differential Revision: https://secure.phabricator.com/D8403
2014-03-05 10:47:47 -08:00
epriestley
9da6ec2081 Make updates of rejected revisions behave correctly again
Summary:
Ref T2222. Ref T4481. Specifically:

  - When a revision is updated, change all "Reject" reviewers to "Reject Prior".
  - Change status to "Needs Review".
  - Update the state logic to account for this properly.

Test Plan:
  - Created a revision as user A, with B as a reviewer.
  - Rejected as B.
  - Updated the revision as A.
  - Saw revision in "needs review" state, with B as a "Rejected Prior" reviewer.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T4481, T2222

Differential Revision: https://secure.phabricator.com/D8402
2014-03-05 10:47:29 -08:00
epriestley
857e3aee83 Improve ApplicationTransaction behavior for poorly constructed transactions
Summary:
Ref T2222. Five very small improvements:

  - I hit this exception and it took a bit to understand which transaction was causing problems. Add an `Exception` subclass which does a better job of making the message debuggable.
  - The `oldValue` of a transaction may be `null`, legitimately (for example, changing the `repositoryPHID` for a revision from `null` to some valid PHID). Do a check to see if `setOldValue()` has been called, instead of a check for a `null` value.
  - Add an additional check for the other case (shouldn't have a value, but does).
  - When we're not generating a value, don't bother calling the code to generate it. The best case scenario is that it has no effect; any effect it might have (changing the value) is always wrong.
  - Maniphest didn't fall back to the parent correctly when computing this flag, so it got the wrong result for `CustomField` transactions.

Test Plan: Resolved the issue I was hitting more easily, made updates to a `null`-valued custom field, and applied other normal sorts of transactions successfully.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T4557, T2222

Differential Revision: https://secure.phabricator.com/D8401
2014-03-05 10:44:21 -08:00
Chad Little
dd60f25232 Make "My Events" default on Calendar
Summary: Moves Browse to "View All" and makes "My Events" the default on Calendar.

Test Plan: Browse both pages.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Differential Revision: https://secure.phabricator.com/D8397
2014-03-05 08:24:45 -08:00
Bob Trahan
e78df59ced Maniphest Tasks + Project Boards - some polish
Summary:
Fixes T4550 by changing supportsFeed to shouldPublishFeedStory, so things can be more granular like that are with mail. Attempts to fix things generally too, filtering out xactions that have no business in feed, etc.

Also return an updated Task HTML representation on drag and drop moves, etc. This is important so if the priority changes you can see it reflected in the UI.

Test Plan: dragged tasks around. observed no feed stories on subpriority drags. observed feed stories and updated color bars on stories that changed priority

Reviewers: epriestley, chad

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Maniphest Tasks: T4550

Differential Revision: https://secure.phabricator.com/D8399
2014-03-04 17:01:33 -08:00
epriestley
cdeea11fd3 Don't actually construct auth providers when checking for their existence
Summary:
A user reported this stack trace:

http://pastebin.com/6auGbZsE

...on this GitHub issue:

https://github.com/facebook/phabricator/issues/389#issuecomment-36612511

The problem is similar to the original report, but not identical. In this case, we're following a sequence of steps like:

  - Run setup checks.
    - Check for enabled providers, in order to raise "no providers configured yet" warning.
      - Try to generate login/redirect URIs.
  - Build the request.
  - Set the default base URI.
  - Run normal code.

Since we try to generate URIs before we provide a default, this fatals. Instead, don't try to build objects.

An alternative fix might be to try to set defaults earlier, but we depend on some config and on building the Request in order to be able to figure out if a request is HTTP or HTTPS right now. We could assume one, or guess, or use protocol-relative URIs (`///host.com`), but I think this fix is a little cleaner overall. If we keep hitting similar stuff, we could look into alternate fixes.

We could also set some kind of "setup mode" flag and make `getURI()` if it's called during setup mode to detect these during testing. I'd like to hit one more of these before doing that, though.

Test Plan: Reproduced the issue, applied the patch, verified this fixes it.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D8395
2014-03-04 16:11:28 -08:00
epriestley
eec9507ba7 Link board names to board view in "changed column" stories
Summary: Fixes T4552.

Test Plan:
{F122106}

{F122107}

Reviewers: btrahan, chad

Reviewed By: chad

CC: aran

Maniphest Tasks: T4552

Differential Revision: https://secure.phabricator.com/D8396
2014-03-04 13:40:01 -08:00
Bob Trahan
28f3f8bf7b Board feed story - make the task a link too
Summary: looks better, more useful

Test Plan: looked better, was more useful when I observed my feed

Reviewers: chad, epriestley

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Differential Revision: https://secure.phabricator.com/D8394
2014-03-04 12:05:42 -08:00
Eric Stern
3787a8d3db allow https.cabundle in IRC bot
Summary: Adds support for custom SSL certs in the IRC bot config, same as in .arcconfig

Test Plan: Bot wouldn't connect before. Added this code and corresponding line in bot config,  now it does.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Differential Revision: https://secure.phabricator.com/D8393
2014-03-04 11:54:54 -08:00
Bob Trahan
b49b913166 Project work boards - make editing tasks from workboards work
Summary: This wasn't working. Create a little JS handler and server-side support for returning the Task in the "project card" format.

Test Plan: Edited tasks from the board - they worked!

Reviewers: epriestley

Reviewed By: epriestley

CC: Korvin, epriestley, aran, chad

Differential Revision: https://secure.phabricator.com/D8392
2014-03-04 11:50:44 -08:00
Alex Wyler
5fabda2a6d Check for null, strictly, in maniphest.update param validation
Summary:
If the first non-null entry in the params array is falsey, the request bombs.

Something like {"id":279,"projectPHIDs":[],"status":"0","ownerPHID":"PHID-USER-on3xxsnaljmfn36d4b7a"}

Test Plan:
Before:

  echo '{"id":279,"projectPHIDs":[],"status":"0","ownerPHID":"PHID-USER-cj3cpuh7oorbmnn2pl5g"}' | arc call-conduit maniphest.update
  {"error":"ERR-NO-EFFECT","errorMessage":"ERR-NO-EFFECT: Update has no effect.","response":null}

After:

  echo '{"id":279,"projectPHIDs":[],"status":"0","ownerPHID":"PHID-USER-cj3cpuh7oorbmnn2pl5g"}' | arc call-conduit maniphest.update
  {"error":null,"errorMessage":null,"response":{"id":"279","phid":"PHID-TASK-lbwcq3pmur2c5fuqqhlx"...

Reviewers: garoevans, epriestley, #blessed_reviewers

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Differential Revision: https://secure.phabricator.com/D8391
2014-03-04 11:42:18 -08:00
Roy Sindre Norangshol
fb87d0f491 (PhabricatorIRCProtocolAdapter.connect) Use recommended connection registration order from RFC{1459,2812}
http://tools.ietf.org/html/rfc1459.html#section-4.1 and http://tools.ietf.org/html/rfc2812#section-3.1
 mentions that client should send the PASS first, then the latter of NICK/USER.

This is tested and confirmed working with ngircd commit 485d0aec813db9966922f17aae044df2d82b0b67

See: <https://github.com/facebook/phabricator/pull/524>

Reviewed by: epriestley
2014-03-04 11:15:25 -08:00
Bob Trahan
d1e64e64ff Workboards - add transactions for column changes
Summary:
adds ManiphestTransaction::TYPE_PROJECT_COLUMN and makes it work. Had to clean up the Javascript ever so slightly as it was sending up the string "null" when it should just omit the data in these cases. Ref T4422.

NOTE: this is overall a bit buggy - e.g. move a task Foo from column A to top of column B; refresh; task Foo is at bottom of column B and should be at top of column B - but I plan on additional diff or three to clean this up.

Test Plan: dragged tasks around columns. clicked on those tasks and saw some nice transactions.

Reviewers: epriestley

CC: Korvin, epriestley, aran

Maniphest Tasks: T4422

Differential Revision: https://secure.phabricator.com/D8366
2014-03-03 15:58:00 -08:00
epriestley
83206242c9 Clean up some Differential behaviors
Summary:
Ref T2222.

  - Restore mail tags for ApplicationTransactions mail.
  - Restore subject line verbs.
  - Denormalize line count and repository PHID.
  - Fix an issue with the mailgun adapter where headers weren't attached properly.

Test Plan: Sent some mail, verified it had correct subjects and tags.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8378
2014-03-03 08:36:40 -08:00
epriestley
e556d20577 Fix some issues where Conpherence would make to many draft requests
Summary:
A few minor fixes:

  - When we build a tag with `"meta" => null`, strip the attribute like we do for all other attributes. Previously, we would actually set the metadata to `null`. This happened with the Conpherence form.
  - Just respond to the draft request with an empty (but valid) response, instead of building a dialog.
  - `PhabricatorShapedRequest` is confusingly named and I should have caught this in review, but the basic shape of it is:
    - You make one object.
    - You call `trigger()` when stuff changes (e.g., a keystroke).
    - It manages making a small number of requests (e.g., one request after the user stops typing for a moment).
  - The way it was being used previously would incorrectly send a request for every keystroke.

I think I'm going to simplify `ShapedRequest` and merge it into some larger queue for T430.

Test Plan: Typed some text, no longer saw a flurry of requests. Reloaded page, still saw draft text.

Reviewers: btrahan, chad

Reviewed By: chad

CC: aran, chad

Differential Revision: https://secure.phabricator.com/D8380
2014-03-01 11:23:08 -08:00
epriestley
b383d2c338 Replace "Edit" controller with "EditPro" controller
Summary: Ref T2222. Remove the old controller and swap in the new ApplicationTransactions one.

Test Plan: Made a pile of edits.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8377
2014-02-28 16:49:30 -08:00
epriestley
bca0ad8fdd Make "EditPro" controller work with diff updates
Summary:
Ref T2222. Make the "EditPro" controller accommodate diff updates, and support the transaction type. This one is pretty straightforward.

Also make `revisionPHID` in the comments table nullable to fix the "Edit" action.

Test Plan:
  - Created new revision.
  - Updated revision.
  - Tried to do some invalid stuff.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8376
2014-02-28 16:49:22 -08:00
epriestley
8e32ab88c4 Minor, fix a missing parameter. 2014-02-28 15:25:49 -08:00
epriestley
11c1edfb74 Implement "words of power" against ApplicationTransactions
Summary:
Ref T2222. Differential has certain "words of power" (like `Ref T123` or `Depends on D345`) which should expand into a separate transaction when they appear anywhere in text.

Currently, they're respected in only some fields. I'm expanding them to work in any remarkup field, including comments and inline comments.

This partially generalizes transaction expansion/extraction in comments. Eventually, I'll probably implement some very soft sort of reference edge for T4036, maybe.

Test Plan: {F119368}

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8369
2014-02-28 15:20:45 -08:00
epriestley
a3c1dcb928 Produce a more tailored checkout URI for Subversion
Summary:
For imported SVN repositories with an "Import Only" path, we produce a `/path/to/root/` URI, but should produce `/path/to/root/then/to/import/only/`.

As it is, the URI instructs the user to check out the whole repository.

Also, don't show the "Clone As" fragment in the URI for remote repositories, and prevent it from being edited for nonhosted repositories. This is generally more consistent with user expectation.

Test Plan:
  - Created a remote SVN repository with "Import Only", saw path include it.
  - Verified no "Clone As" options, no "Clone As" in URI.
  - Switched it to hosted, saw "Clone As" options appear and work properly.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, staticshock

Differential Revision: https://secure.phabricator.com/D8375
2014-02-28 13:04:41 -08:00
epriestley
d86bb086ca Reduce initial discovery from O(branches * commits) to O(commits)
Summary:
Fixes T4414. Currently, when we discover a new repository, we do something like this:

  foreach (branch) {
    foreach (commit on this branch) {
      do_something();
    }
  }

In cases where there are a lot of branches which mostly just branch `master`, this leads to us doing roughly `O(branches * commits)` work.

We have a `commitCache` to prevent this, but it has two problems:

  - It only fills out of the DB, and we do this whole thing before writing to the DB, which is the entire point.
  - It has a fixed size (2048) and on initial discovery we're usually dealing with way more commits than that.

Instead, also stop doing work if we hit a commit which is known already.

Test Plan:
  - Added `print` on the number of discovered refs and number of unique refs.
  - Ran `bin/repository discover --repair X` on a repo with several branches.
  - Before the patch, got 397 refs and 135 unique refs.
  - After the patch, got 135 refs and 135 unique refs.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T4414

Differential Revision: https://secure.phabricator.com/D8374
2014-02-28 13:02:14 -08:00
epriestley
e28b78f5eb Fix two issues with ref discovery
Summary:
See IRC. I'm having trouble figuring out what's going on with b4taylor's report, but fix two possible issues:

  # The commit query is missing a `repositoryID`, which could cause issues if you import two copies of the same repository.
  # I think we may try to close commits on untracked branches right now, as long as they aren't excluded by other autoclose rules.

Test Plan: Ran `bin/repository refs` on a few repos.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, brennantaylor

Differential Revision: https://secure.phabricator.com/D8373
2014-02-28 12:56:18 -08:00
Chad Little
05607aedf9 Normalize spacing around empty object lists
Summary: Adds an li for semantics, fixes spacing around error view in a phui-box or not

Test Plan: view a project with no tasks, perform a search with no data returned.

Reviewers: epriestley

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Differential Revision: https://secure.phabricator.com/D8371
2014-02-28 11:16:11 -08:00
Chad Little
3a188de328 Align textarea in diff comment
Summary: Better aligns the text area when leaving an inline comment. Also, phts

Test Plan: reload page, view new padding.

Reviewers: epriestley

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Differential Revision: https://secure.phabricator.com/D8370
2014-02-28 08:40:02 -08:00
epriestley
024c331d2b Improve rendering of new-style Differential comments in feed/notifications
Summary: Ref T2222. This probably doesn't get everything, but should improve many of the newer transactions.

Test Plan: Looked at feed after making some edits.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8368
2014-02-27 15:16:32 -08:00
epriestley
647d52f248 Improve threading of new and old Differential mail
Summary: Ref T2222. This should help new mail thread properly with old mail.

Test Plan: Will push.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8367
2014-02-27 15:16:22 -08:00
epriestley
e62c7321c2 Automatically verify the setup account's email address
Summary: Although the defaults don't require a verified email address, it's easy to lock yourself out by accident by configuring `auth.require-email-verification` or `auth.email-domains` before setting up email. Just force-verify the initial/setup account's address.

Test Plan: Went through setup on a fresh install, saw address verify.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D8365
2014-02-27 15:16:04 -08:00
epriestley
a5dbb1fd59 Make new JIRA Issues field editable
Summary: Ref T2222. This updates the new JIRA field to be editable.

Test Plan: Used `/editpro/` to edit associated JIRA issues.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8364
2014-02-27 15:15:48 -08:00
epriestley
ba7d67f917 Use "CommentPro" controller instead of "Comment" controller
Summary: Ref T2222. This will probabaly have a few rough edges too, but seems to work well.

Test Plan:
  - Made a bunch of comments while building this.
  - Made some new comments.
  - Verified that the Asana/JIRA integration is only a little bit janky, not completely broken.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8362
2014-02-27 11:06:55 -08:00
epriestley
62143b5455 Add modern Unit/Lint field support
Summary: Ref T2222. This is mostly copy/paste. No effect yet.

Test Plan: Looked at fields.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8360
2014-02-27 11:06:37 -08:00
epriestley
f6a13fd1c7 Use CustomField, not AuxiliaryField, to power RevisionView
Summary: Ref T2222. This will probably have some rough edges for a bit (e.g., weird cases I didn't remember or think of), but there's no change to the underlying data and we can easily revert if things get too messy.

Test Plan: Looked at a variety of revisions and saw sensible output.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8361
2014-02-27 11:06:14 -08:00
epriestley
0b4a6b8bee Add Branch and Arcanist Project CustomFields
Summary:
Ref T2222. These are pretty straightforward.

For these fields and a few others, the existing code shows the value for the "current/manual" diff (i.e., the diff selected in the diff selection table), not the "active" diff (i.e., the most recent diff attached to the revision). I'm going to drop that for now (always showing the most recent diff instead) and then reevaluate it once we're switched over. In 95% of cases these are the same, anyway.

Test Plan: Looked at fields; this diff changes nothing on its own.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8359
2014-02-27 11:05:48 -08:00
Bob Trahan
37b1b31638 Maniphest - move subpriority edits to be transaction powered
Summary:
...this was nice to do for boards, since this diff also starts calling this code in the board move case. The big trick is to use the new expandTransactions hook to expand the subpriority transaction into a priority transaction if pertinent. The other stuff is just about hiding these new subpriority extractions.

...also removes the "edit" UI from the default board since we can't actually edit anything and it thus is buggy.

Ref T4422. Next step is to move board edits into the editor with their own little transaction.

Test Plan: re-orded tasks on a maniphest query, reloaded, and noted re-order stuck.

Reviewers: epriestley

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Maniphest Tasks: T4422

Differential Revision: https://secure.phabricator.com/D8358
2014-02-27 09:39:59 -08:00
epriestley
cce67caa0f Fix bad method call from CustomField migration
Fixes T4480.
2014-02-27 09:16:50 -08:00
epriestley
8297c2131c Implement more Differential fields on ApplicationTransaction/CustomField
Summary:
Ref T2222. Ref T3886. Gets the storage-based fields working.

This requires future changes to actually do anything, all this code is inactive.

Test Plan: {F118863}

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3886, T2222

Differential Revision: https://secure.phabricator.com/D8357
2014-02-26 16:53:42 -08:00
epriestley
cd7171ec6e Migrate old AuxiliaryField storage to modern CustomField storage
Summary: Ref T2222. Ref T3886. Differential has a legacy storage table for auxiliary fields; move the data to modern storage.

Test Plan:
  - Ran migration.
  - Verified fields still worked properly afterward (view, edit, etc).

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3886, T2222

Differential Revision: https://secure.phabricator.com/D8355
2014-02-26 16:52:30 -08:00
epriestley
ee2b6eebaa Implement detail views for many Differential fields on ApplicationTransactions
Summary:
Ref T2222. This isn't complete and doesn't change runtime behavior yet (the new fields are not glued to the interface), but implements many fields.

(The remaining fields have something weird going on with them, for the most part.)

Test Plan:
With additional changes, rendered most fields sensibly:

{F118834}

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8354
2014-02-26 14:46:18 -08:00
epriestley
7ff2110655 Stop markup cache from hitting cache O(N^2) times
Summary:
The intent of getOrBuildEngine() is to save some boilerplate in cases where we're just using a standard engine, but it didn't get cached so we'd rebuilt it over and over again.

This was especially bad in Differential with a large number of inlines.

Test Plan: "Query" tab of services is no longer quite so ridiculous in Differential.

Reviewers: btrahan, dctrwatson

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D8352
2014-02-26 13:17:28 -08:00
Joshua Spence
7f5b15c6fa Made some classes final.
Summary:
Currently, the linter raises `XHP29` warnings for these files because they are not abstract or final.

I guess there are two possibly solutions, either making the classes final or marking them as `@concrete-extensible`. Given that there are no subclasses of these classes in the `phabricator`, `arcanist` and `libphutil` repositories... I opted to declare the classes as final.

Test Plan:
The following linter warnings are gone:

```
>>> Lint for src/aphront/configuration/AphrontDefaultApplicationConfiguration.php:

   Warning  (XHP29) Class Not abstract Or final
    This class is neither 'final' nor 'abstract', and does not have a
    docblock marking it '@concrete-extensible'.

               3 /**
               4  * @group aphront
               5  */
    >>>        6 class AphrontDefaultApplicationConfiguration
               7   extends AphrontApplicationConfiguration {
               8
               9   public function __construct() {

>>> Lint for src/applications/differential/mail/DifferentialReplyHandler.php:

   Warning  (XHP29) Class Not abstract Or final
    This class is neither 'final' nor 'abstract', and does not have a
    docblock marking it '@concrete-extensible'.

               1 <?php
               2
    >>>        3 class DifferentialReplyHandler extends PhabricatorMailReplyHandler {
               4
               5   private $receivedMail;
               6

```

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Differential Revision: https://secure.phabricator.com/D8347
2014-02-26 13:01:45 -08:00
Joshua Spence
67b32688c8 There should be no spaces before closing parenthesis in calls.
Summary: This currently raises a linter `XHP37` warning.

Test Plan: The file now lints okay.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Differential Revision: https://secure.phabricator.com/D8349
2014-02-26 12:49:33 -08:00
Joshua Spence
cea58de0ba Fixed naming convention violations.
Summary: This file contains member variables prefixed with underscores. This violates the naming convention enforced by the linter.

Test Plan:
The linter warnings have disappeared. Example:
```
>>> Lint for src/infrastructure/storage/lisk/LiskDAO.php:

   Warning  (XHP9) Naming Conventions
    Follow naming conventions: class properties should be named using
    lowerCamelCase.

             183
             184   const COUNTER_TABLE_NAME          = 'lisk_counter';
             185
    >>>      186   private $__dirtyFields            = array();
             187   private $__missingFields          = array();
             188   private static $processIsolationLevel       = 0;
             189   private static $transactionIsolationLevel   = 0;
```

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Differential Revision: https://secure.phabricator.com/D8348
2014-02-26 12:49:11 -08:00
Joshua Spence
6270114767 Various linter fixes.
Summary:
- Removed trailing newlines.
- Added newline at EOF.
- Removed leading newlines.
- Trimmed trailing whitespace.
- Spelling fix.
- Added newline at EOF

Test Plan: N/A

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley

CC: hach-que, chad, Korvin, epriestley, aran

Differential Revision: https://secure.phabricator.com/D8344
2014-02-26 12:44:58 -08:00
epriestley
cd080b092e Use ApplicationTransactions/CustomField to power Differential global search
Summary:
Ref T2222. Ref T3886. Ref T418. A few changes:

  - CustomField can now index into global search.
  - Use CustomField fields instead of older custom fields for Differential global search. (This slightly breaks any custom fields which exist, but they are presumably very rare, and probably do not exist; this break is also very mild.)
  - Automatically perform CustomField and Subscribable indexing on applicable object types.

Test Plan: Used `bin/search index` to reindex a bunch of stuff, then searched for it. Debug-dumped abstract documents to inspect them.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T418, T3886, T2222

Differential Revision: https://secure.phabricator.com/D8346
2014-02-26 11:18:06 -08:00
epriestley
bcf255e9c9 Require CSRF submission to verify email addresses
Summary: If an attacker somehow intercepts a verification URL for an email address, they can hypothetically CSRF the account owner into verifying it. What you'd do before (how do you get the link?) and after (why do you care that you tricked them into verifying) performing this attack is unclear, but in theory we should require a CSRF submission here; add one.

Test Plan: {F118691}

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D8351
2014-02-26 11:17:46 -08:00
epriestley
424ba2e588 Render inline comments in "Pro" mail
Summary: Ref T2222. This enriches mail a little bit to get these rendering pretty much like they do now.

Test Plan: {F118255}

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8343
2014-02-25 15:29:10 -08:00
Bob Trahan
64d15c344e Passphrase - added "looked at secret" transaction.
Summary: Fixes T4376. Only thing I don't like in the current implementation is clicking "Done" doesn't refresh the page so you don't see the viewed secret transaction until you reload. Also made the textarea read-only as when I was playing with this for the first time I assumed I could also edit from the view secret side of things.

Test Plan: Viewed some secrets, saw some transactions.

Reviewers: epriestley

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Maniphest Tasks: T4376

Differential Revision: https://secure.phabricator.com/D8345
2014-02-25 14:58:30 -08:00
Bob Trahan
9b0f906207 Fix calendar part 2
Summary: D8341 was a good start. However, I was looping through all the statuses each time, when I should only deal with a given status once. Instead, unset() a status from the list of statuses once we handled it. Also, delete the last old $key thing, which interfered with my chosen strategy.

Test Plan: made a two day event and verified it showed up in just those two days. (will push and test again just in case but this should be it)

Reviewers: epriestley, chad

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Differential Revision: https://secure.phabricator.com/D8342
2014-02-25 14:20:59 -08:00
Bob Trahan
b1e44239ba Fix calendar display on profile.
Summary:
...maybe anyway because I can't reproduce it live. This diff does two things that should help with bugginess though - uses $viewer rather than $user (...$user is who we are looking at...) *AND* upgrades a Conpherence util class to Calendar, and said util class has unit tests and came about from fixing a similar bug in Conpherence back in the day.

Wrote some comments in the util class because I think it has a tendency to trip people up. These comments are not partciularly good however.

Test Plan: viewed user profile - looked good. viewed conpherence - looked good. ran unit tests - they passed. (note I would also like to push this live and verify Chad's profile is fixed on secure.phabricator.com)

Reviewers: epriestley, chad

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Differential Revision: https://secure.phabricator.com/D8341
2014-02-25 13:43:31 -08:00
epriestley
06fc82a3ee Mark reviewers as "commented" when they leave a comment
Summary:
Ref T2222. This requires one new trick:

  - When merging edge transactions which both add/update an edge, the Editor gets to control how the edge data is merged.

Specifically, we pick the "strongest" state to keep, so "accept + comment" leaves you with an accept instead of a comment.

Test Plan: Accepted, commented on, and comment + accepted revisions. Added some debugging dumps to verify that the merging was getting hit and working correctly.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8340
2014-02-25 12:37:11 -08:00
epriestley
a69cca9fbb Update overall revision status after reviewers change
Summary:
Ref T2222. This doesn't feel super clean, but doesn't feel too bad either.

Basically, Differential transactions can have secondary state-based effects (changing the overall revision status) when reviewers resign, are removed, accept, or reject revisions.

To deal with this in ApplicationTransactions, I did this:

  - `applyFinalEffects()` can now alter the transaction set (notably, add new ones). This mostly matters for email, notifications and feed.
  - In Differential, check for an overall revision state transition in `applyFinalEffects()` (e.g., your reject moving the revision to a rejected state).
  - I'm only writing the transaction if the transition is implied and indirect.
    - For example, if you "Plan Changes", that action changes the state on its own so there's no implicit state change transaction added.

The transactions themselves are kind of fluff, but it seems useful to keep a record of when state changes occurred in the transaction log. If people complain we can hide/remove them.

Test Plan: {F118143}

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8339
2014-02-25 12:36:49 -08:00
epriestley
ca8c2c2d11 Implement Accept/Reject in ApplicationTransactions, approximately
Summary: Ref T2222. This mostly makes Accept/Reject work. The big missing piece is that overall revision status does not yet update properly. I need to think about how I want that to work a little bit more.

Test Plan: Accepted and rejected some stuff.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8333
2014-02-25 12:36:39 -08:00
epriestley
d07292df7f Implement Commandeer action in ApplicationTransactions
Summary: Ref T2222. Implements Commandeer on the new stuff.

Test Plan:
{F117768}

{F117769}

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8331
2014-02-25 12:36:24 -08:00
epriestley
0f0673b9e5 Remove "dateCommitted" field from DifferentialRevision
Summary: Ref T2222. This is obsolete and no longer used. We could deduce it from transactions or commits in modern Phabricator if we wanted it. We may implement a more general mechanism for T4434.

Test Plan: `grep`

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8330
2014-02-25 12:36:14 -08:00
epriestley
9292433dae Implement "Resign" action against ApplicationTransactions
Summary:
Ref T2222. This introduces two small new concepts:

  - `expandTransactions()`: allows a transaction to expand into several transactions. For example, "resign" adds a "remove reviewers" transaction.
    - We have some other cases which could use this, but currently hard-code things outside of the `Editor`.
      - One example is that in Maniphest, closing a task implies claiming it if it is unowned.
  - `setIgnoreOnNoEffect()`: The whole Editor can be set to continue or stop if any transactions have no effect, but this allows the behavior to be refined at the individual transaction level. This is primarily to make the UX less confusing, so the user gets only a single relevant error instead of one for each expanded transaction.

Otherwise, this is pretty straightforward.

Test Plan:
Rigged comment form to use SavePro controller, enabled resign action, then tried to resign from a bunch of stuff.

{F117743}

Reviewers: btrahan

Reviewed By: btrahan

CC: chad, aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8328
2014-02-25 12:36:02 -08:00
epriestley
72a062d802 Truncate Conduit 'clientDescription' so we don't overflow the column
Summary: We store the `arc` commandline in this 255-character column, but it can be more than 255-characters long. If it's huge, truncate it.

Test Plan:
Executed:

  arc list --conduit-uri=http://local.aphront.com:8080/ --conduit-version 6.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

Works fine after this patch.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D8327
2014-02-25 12:35:03 -08:00
Chad Little
c79623f756 Add allday, multiday logic to AphrontEventView
Summary: Hardens up the logic for DST and makes them easier to access elsewhere.

Test Plan: view sample events, all day and multiday, in my sandbox

Reviewers: epriestley

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Differential Revision: https://secure.phabricator.com/D8332
2014-02-24 20:21:28 -08:00
epriestley
d19e2155be Reuse common getUser() / setUser() in PHUICalendarListView
Summary:
These methods already exist in AphrontView. The redefinition can sometimes cause this warning:

  [2014-02-24 18:27:48] ERROR 2048: Declaration of PHUICalendarListView::setUser() should be compatible with AphrontView::setUser(PhabricatorUser $user) at [/INSECURE/devtools/phabricator/src/view/phui/calendar/PHUICalendarListView.php:138]

Test Plan: Viewed calendar on profile.

Reviewers: chad, btrahan

Reviewed By: chad

CC: aran

Differential Revision: https://secure.phabricator.com/D8329
2014-02-24 18:55:19 -08:00
epriestley
4eadcf975a Implement most Differential actions against ApplicationTransactions
Summary: Ref T2222. Implements the simpler actions (abandon, reclaim, close, reopen, plan changes, request review) in a transactional way with validation and effect checks.

Test Plan:
  - Rigged submissions to point at the Pro controller.
  - Rigged dropdown to have all these options all the time.
  - Tried to apply about 20-30 of these operations to various revisions and always got the expected result (success, error, or no-op).

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8307
2014-02-24 15:57:49 -08:00
epriestley
d48a88d4cd Add inline comment support to "Pro" comment save controller
Summary: Ref T2222. Makes the "pro" controller work with inlines.

Test Plan: Added a bunch of inlines and saved them with the "pro" controller.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8306
2014-02-24 15:57:35 -08:00
epriestley
c7d208fda1 Add a "Pro" version of the Differential comment save controller
Summary: Ref T2222. Adds a mostly-functional "Pro" comment controller. This does the core stuff, but does not yet do actions (accept, reject, etc.) or inline comments.

Test Plan: Changed the `if (false)` to an `if (true)`, then made some comments, etc. This is normally unreachable.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8304
2014-02-24 15:57:26 -08:00
epriestley
3a8eb28a07 Send basic email from new ApplicationTransaction editor
Summary: Ref T2222. Adds basic support for email.

Test Plan: Received an email via `/editpro/`.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2222

Differential Revision: https://secure.phabricator.com/D8303
2014-02-24 15:57:16 -08:00
epriestley
763a049f74 Possibly fix issue where refs engine finds empty refs?
Summary:
@mbishopim3 reported an issue in IRC:

> mbishopim3: epriestley: "Error updating working copy: Commit "" has not been discovered yet! Run discovery before updating refs." any ideas?

I can't reproduce it and it went away for him, but one theory is that we're getting here and git/hg are spitting out nothing, which we incorrectly parse as `array("")` when we intend `array()`.

Test Plan:
Pushed some new commits, ran `bin/repositoy refs X`, got expected results.

I can't actually reproduce the bug, but this might fix it and appears to make the code more correct.

Reviewers: btrahan

Reviewed By: btrahan

CC: mbishopim3, aran

Differential Revision: https://secure.phabricator.com/D8326
2014-02-24 14:39:44 -08:00
epriestley
ca851c4d85 Improve Windows install instructions
Summary: This advice is clearer if we also tell you to remove the comment.

Test Plan: Reading adventure!

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D8325
2014-02-24 12:20:53 -08:00
epriestley
a31a7809b0 Fix a type issue with FormView juggling
Summary:
When you click the pencil icon in the Maniphest task list, we currently fatal:

  Argument 1 passed to PhabricatorCustomFieldList::appendFieldsToForm() must be an instance of AphrontFormView, instance of PHUIFormLayoutView given, called in /core/lib/phabricator/src/applications/maniphest/controller/ManiphestTaskEditController.php on line 576 and defined

This is because we build an `AphrontFormView` noramlly, but a `PHUIFormLayoutView` for dialogs, since they don't take a full form (they render their own form tag).

Instead, always build an `AphrontFormView` and just pull the `PHUIFormLayoutView` out of it when we're ready to put it in a dialog. This means `$form` is always the same type of object, and is generally better and makes more sense.

Test Plan: Clicked pencil edit icon in Maniphest task list.

Reviewers: btrahan, chad

Reviewed By: btrahan

CC: aran, carl

Differential Revision: https://secure.phabricator.com/D8324
2014-02-24 12:20:49 -08:00
epriestley
5f95f2b6d5 Fix variable issue on Conpherence draft saving pathway
Summary:
When we save a Conpherence draft, the draft part works fine but `$xactions` never gets defined, so this gets hit a little later on:

  [24-Feb-2014 11:46:10] WARNING: [pool www] child 82805 said into stderr: "NOTICE: PHP message: [2014-02-24 11:46:10] EXCEPTION: (RuntimeException) Undefined variable: xactions at [/INSECURE/devtools/libphutil/src/error/PhutilErrorHandler.php:211]"
  [24-Feb-2014 11:46:10] WARNING: [pool www] child 82805 said into stderr: "NOTICE: PHP message:   #0 PhutilErrorHandler::handleError(8, Undefined variable: xactions, /INSECURE/devtools/phabricator/src/applications/conpherence/controller/ConpherenceUpdateController.php, 122, Array of size 13 starting with: { request => Object AphrontRequest }) called at [/INSECURE/devtools/phabricator/src/applications/conpherence/controller/ConpherenceUpdateController.php:122]"
  [24-Feb-2014 11:46:10] WARNING: [pool www] child 82805 said into stderr: "NOTICE: PHP message:   #1 ConpherenceUpdateController::processRequest() called at [/INSECURE/devtools/phabricator/webroot/index.php:87]"

Instead, define `$xactions`.

Test Plan:
  - Type into Conpherence while tailing the error log.
  - After patch, clean error log.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D8323
2014-02-24 11:56:04 -08:00
epriestley
14627ad65b Fix an incorrectly spelled call on the registration error pathway
Summary: If you copy the registration URL, then register, then load the URL again while logged out (i.e., attempt to reuse the registration URL), we try to show you a tailored error message. However, this call is not correct so we show you a not-so tailored exception instead.

Test Plan:
  - Get to the registration screen.
  - Save URL.
  - Complete registration.
  - Log out.
  - Return to saved URL.

Previously, exception. Now, readable error.

{F117585}

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D8322
2014-02-24 11:45:28 -08:00
Chad Little
396e8ba82c Calendar upgrades
Summary:
Does a handful of things to make Calendar significantly more useful

- Enabled overlapping events
- Profile has a 'week view' of the user
- Profile has a 'month view' of the users
- Multiple users on a calendar are color coded
- Browse view slightly more useful

This stops short of implementing the new 'home' view on Calendar, mostly this is a big step though to make that happen next.

Test Plan: Make lots of events on diffent users.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Maniphest Tasks: T2897, T4375

Differential Revision: https://secure.phabricator.com/D8317
2014-02-24 10:04:23 -08:00
epriestley
e7254944ec Use JSON, not PHP serialization, for XHProf profiles. 2014-02-24 04:16:52 -08:00
epriestley
f49470f9bf Add rough validation on email addresses
Summary: Put a very rough filter on what we'll accept as an email address. We can expand this if anyone is actually using local delivery or other weird things. This is mostly to avoid a theoretical case where some input is parsed differently by `PhutilAddressParser` and the actual mail adapter, in some subtle hypothetical way. This should give us only "reasonable" email addresses which parsers would be hard-pressed to trip up on.

Test Plan: Added and executed unit tests. Tried to add silly emails. Added valid emails.

Reviewers: btrahan, arice

Reviewed By: arice

CC: arice, chad, aran

Differential Revision: https://secure.phabricator.com/D8320
2014-02-23 17:31:46 -08:00
epriestley
a566ae3730 Require a CSRF code for Twitter and JIRA (OAuth 1) logins
Summary:
OAuth1 doesn't have anything like the `state` parameter, and I overlooked that we need to shove one in there somewhere. Append it to the callback URI. This functions like `state` in OAuth2.

Without this, an attacker can trick a user into logging into Phabricator with an account the attacker controls.

Test Plan:
  - Logged in with JIRA.
  - Logged in with Twitter.
  - Logged in with Facebook (an OAuth2 provider).
  - Linked a Twitter account.
  - Linked a Facebook account.
  - Jiggered codes in URIs and verified that I got the exceptions I expected.

Reviewers: btrahan, arice

Reviewed By: arice

CC: arice, chad, aran

Differential Revision: https://secure.phabricator.com/D8318
2014-02-23 16:39:24 -08:00
epriestley
438915032a Minor, mark SERIALIZATION_PHP fields as BINARY in Lisk 2014-02-23 16:35:51 -08:00
epriestley
a298a79bda Convert Phabricator to handle "%s" / "%B" properly
Summary:
Ref T1191. I believe we only have three meaningful binary fields across all applications:

  - The general cache may contain gzipped content.
  - The file storage blob may contain arbitrary binary content.
  - The Passphrase secret can store arbitrary binary data (although it currently never does).

This adds Lisk config for binary fields, and uses `%B` where necessary.

Test Plan:
  - Added and executed unit tests.
  - Forced file uploads to use MySQL, uploaded binaries.
  - Disabled the CONFIG_BINARY on the file storage blob and tried again, got an appropraite failure.
  - Tried to register with an account containing a G-Clef, and was stopped before the insert.

Reviewers: btrahan, arice

Reviewed By: arice

CC: arice, chad, aran

Maniphest Tasks: T1191

Differential Revision: https://secure.phabricator.com/D8316
2014-02-23 16:20:46 -08:00
epriestley
70b008d18d Add test coverage that our definition of BMP agrees with MySQL
Summary:
Ref T1191. Test that MySQL's rules match those of `phutil_is_utf8_with_only_bmp_characters()`:

  - Build a string with //every// character that we consider to be a BMP character.
  - Write it into MySQL.
  - Read it back out.
  - Make sure MySQL didn't truncate it.

Test Plan: Ran unit test. This test runs pretty quickly (50ms), the string with every character isn't all that enormous.

Reviewers: btrahan, arice

Reviewed By: arice

CC: chad, arice, aran

Maniphest Tasks: T1191

Differential Revision: https://secure.phabricator.com/D8314
2014-02-23 16:20:38 -08:00
epriestley
bbf40146fb Recommend STRICT_ALL_TABLES for every install, not just development installs
Summary:
See D8308. Enabling STRICT_ALL_TABLES prevents this entire class of error, by fataling on truncation instead of truncating. We never want truncation; it is always bad and sometimes extremely bad.

We've recommended this mode for developer installs for a long time, and some users run with it enabled, so it's very unlikely to cause any issues (I've had it enabled locally for at least 6-8 months, I think).

Test Plan:
  - Disabled mode.
  - Saw warning.
  - Enabled mode.
  - No warning.

{F117040}

Reviewers: btrahan, chad

Reviewed By: chad

CC: chad, aran, arice

Differential Revision: https://secure.phabricator.com/D8309
2014-02-23 10:59:59 -08:00