1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-25 08:12:40 +01:00
Commit graph

7613 commits

Author SHA1 Message Date
Chad Little
9979f6e19f Dashboard CSS updates
Summary: Updates ObjectList dashboarda and tweaks minor css items elsewhere.

Test Plan: Test my dashboard, editing, and standalone

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9275
2014-05-23 21:48:15 -07:00
lkassianik
6a80b6a588 "Blocks" instead of "Dependent Tasks"
Summary: Fixes T5021, UI labels for the fields, "Edit Dependencies" in the action list, transaction strings ("added dependent tasks", etc), UI strings in the dependencies dialog (title/submit/etc)

Test Plan: Open task, edit blocks, dialog should have new term, task history should show "blocks" instead of "dependencies"

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Maniphest Tasks: T5021

Differential Revision: https://secure.phabricator.com/D9270
2014-05-23 13:50:27 -07:00
Chad Little
5a8a32b7c5 Dashboard UI stuffs
Summary:
- Make CSS more resilient with columns
 - Add objectlist css
 - Fix Maniphest list css

Test Plan:
Tested a number of different panels and dashboards, desktop, tablet, and mobile.

{F159447}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9273
2014-05-23 13:44:51 -07:00
Bob Trahan
102befdede Project - add ability to select an icon for typeaheads and such
Summary: Fixes T5090. Introduced getIcon into Handle stack which allows you to specify a per handle icon. getIcon falls back ot getTypeIcon.

Test Plan: changed the icon on a project a bunch. verified transactions showed up. verified icon showed up in typeahead. verified icon showed up in tokens that were pre-generated (not typed in). units test passed.

Reviewers: chad, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5090

Differential Revision: https://secure.phabricator.com/D9264
2014-05-23 10:41:24 -07:00
epriestley
217e0e7fe1 Fix workboard link from project profile pages
Summary: Fixes T5165. This uses `$this->id`, but that may not always be populated anymore. Use the project ID directly instead.

Test Plan: Clicked a workboard link.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T5165

Differential Revision: https://secure.phabricator.com/D9266
2014-05-23 07:29:16 -07:00
Aviv Eyal
9bba4cda2f Diffusion browser: Update editor link when clicking on a line
Summary: Highlighing and URL are fixed on click - now the edit button too.

Test Plan: click on lines with and without value in "Editr Link" (And without %l in it).

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9227
2014-05-22 15:33:30 -07:00
epriestley
27a369d15a Make it much easier to add one-off event listeners
Summary:
Ref T4657. Right now, you have to muck with `events.listeners` to install listeners. Instead, automatically install all subclasses of AutoEventListener.

Primarily, this makes it easier to resolve requests with "drop this file in `src/extensions/`, no warranty", which seems to have worked well so far in resolving things like custom remarkup rules, etc.

Test Plan:
  - Added such a listener, had it autoregister.
  - Clicked around and saw the effects of normal listeners.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4657

Differential Revision: https://secure.phabricator.com/D9262
2014-05-22 15:19:28 -07:00
Bob Trahan
c39f302c04 Project - use hashtag as a way to access project profile in URI, e.g. /project/hashtag/
Summary: Fixes T4022. Hooks up the project profile controller to understanding URIs like /project/hashtag/ Also, makes handles have the new /project/hashtag/ URI by default, thus upselling that feature super duper heavily.

Test Plan: clicked some project links, noted pretty uri and page working nicely.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: chad, epriestley, Korvin

Maniphest Tasks: T4022

Differential Revision: https://secure.phabricator.com/D9260
2014-05-22 15:16:16 -07:00
epriestley
a76f61f7e1 Make auth.email-domains case-insensitive
Summary:
Fixes T5143. Currently, if your allowed domain is "example.com", we reject signups from "@Example.com".

Instead, lowercase both parts before performing the check.

Test Plan:
  - Before patch:
    - Set allowed domains to "yghe.net".
    - Tried "x@yghe.net", no error.
    - Tried "x@xxxy.net", error.
    - Tried "x@yghE.net", incorrectly results in an error.
  - After patch:
    - Set allowed domains to "yghe.net".
    - Tried "x@yghe.net", no error.
    - Tried "x@xxxy.net", error.
    - Tried "x@yghE.net", this correctly no longer produces an error.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5143

Differential Revision: https://secure.phabricator.com/D9261
2014-05-22 14:51:00 -07:00
Chad Little
c88385fa22 Tweak mobile action css, add to people
Summary: Makes the mobile action menu a little nicer, adds it to /people/

Test Plan: Test myself on my install, mobile and desktop.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9259
2014-05-22 12:04:11 -07:00
Bob Trahan
922e5c0849 Projects - add "Additional Hashtags" to projects
Summary:
Fixes T4021. Chooses to keep a "primary" slug based off the name - including all that lovely logic - and allow the user to specify "additional" slugs. Expose these as "hashtags" to the user.

Sets us up for a fun diff where we can delete all the Project => Phriction automagicalness. In terms of this diff, see the TODOs i added.

Test Plan:
added a primary slug as an additional slug - got an error. added a slug in use on another project - got an error. added multiple good slugs and they worked. removed slugs and it worked. made some remark using multiple new slugs and they all linked to the correct project

ran epriestley's case

 - Create project "A".
 - Give it additional slug "B".
 - Try to create project "B".

and i got a nice error about hashtag collision

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4021

Differential Revision: https://secure.phabricator.com/D9250
2014-05-22 11:19:03 -07:00
lkassianik
6302414883 Make the default view of dashboards be just the dashboard
Summary: Fixes T4985, add manage page, change view page to show only panels. Arguably, PhabricatorDashboardArrangeController is no longer necessary. Also, still trying to figure out if I updated all flows that involve "arrange/{id}". Probably missed some. Also not sure of the Manage Dashboard icon. Please advise.

Test Plan: Create dashboard, add panels, "view/{id}" should show just panels, Manage Dashboard should show timeline and edit links.

Reviewers: #blessed_reviewers, epriestley, chad

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4985

Differential Revision: https://secure.phabricator.com/D9258
2014-05-22 11:10:53 -07:00
epriestley
f896dc5392 Put a cache in front of Celerity transforms, and update packages
Summary:
Fixes T5094. In some cases we do slightly expensive transformations to resources (inlining images, replacing URIs, building packages). We can throw cache in front of them easily since URIs are already permanently associated with a single resource.

Also browse around and move some CSS/JS into packages.

Test Plan:
Added logging to verify the caches are working, saw moderately improved performance.

Browsed around looking at resources tab in developer console, saw fewer total requests.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5094

Differential Revision: https://secure.phabricator.com/D9175
2014-05-22 10:47:00 -07:00
epriestley
f1534e6feb Make password reset emails use one-time tokens
Summary:
Ref T4398. This code hadn't been touched in a while and had a few crufty bits.

**One Time Resets**: Currently, password reset (and similar links) are valid for about 48 hours, but we always use one token to generate them (it's bound to the account). This isn't horrible, but it could be better, and it produces a lot of false positives on HackerOne.

Instead, use TemporaryTokens to make each link one-time only and good for no more than 24 hours.

**Coupling of Email Verification and One-Time Login**: Currently, one-time login links ("password reset links") are tightly bound to an email address, and using a link verifies that email address.

This is convenient for "Welcome" emails, so the user doesn't need to go through two rounds of checking email in order to login, then very their email, then actually get access to Phabricator.

However, for other types of these links (like those generated by `bin/auth recover`) there's no need to do any email verification.

Instead, make the email verification part optional, and use it on welcome links but not other types of links.

**Message Customization**: These links can come out of several workflows: welcome, password reset, username change, or `bin/auth recover`. Add a hint to the URI so the text on the page can be customized a bit to help users through the workflow.

**Reset Emails Going to Main Account Email**: Previously, we would send password reset email to the user's primary account email. However, since we verify email coming from reset links this isn't correct and could allow a user to verify an email without actually controlling it.

Since the user needs a real account in the first place this does not seem useful on its own, but might be a component in some other attack. The user might also no longer have access to their primary account, in which case this wouldn't be wrong, but would not be very useful.

Mitigate this in two ways:

  - First, send to the actual email address the user entered, not the primary account email address.
  - Second, don't let these links verify emails: they're just login links. This primarily makes it more difficult for an attacker to add someone else's email to their account, send them a reset link, get them to login and implicitly verify the email by not reading very carefully, and then figure out something interesting to do (there's currently no followup attack here, but allowing this does seem undesirable).

**Password Reset Without Old Password**: After a user logs in via email, we send them to the password settings panel (if passwords are enabled) with a code that lets them set a new password without knowing the old one.

Previously, this code was static and based on the email address. Instead, issue a one-time code.

**Jump Into Hisec**: Normally, when a user who has multi-factor auth on their account logs in, we prompt them for factors but don't put them in high security. You usually don't want to go do high-security stuff immediately after login, and it would be confusing and annoying if normal logins gave you a "YOU ARE IN HIGH SECURITY" alert bubble.

However, if we're taking you to the password reset screen, we //do// want to put the user in high security, since that screen requires high security. If we don't do this, the user gets two factor prompts in a row.

To accomplish this, we set a cookie when we know we're sending the user into a high security workflow. This cookie makes login finalization upgrade all the way from "partial" to "high security", instead of stopping halfway at "normal". This is safe because the user has just passed a factor check; the only reason we don't normally do this is to reduce annoyance.

**Some UI Cleanup**: Some of this was using really old UI. Modernize it a bit.

Test Plan:
  - **One Time Resets**
    - Used a reset link.
    - Tried to reuse a reset link, got denied.
    - Verified each link is different.
  - **Coupling of Email Verification and One-Time Login**
    - Verified that `bin/auth`, password reset, and username change links do not have an email verifying URI component.
    - Tried to tack one on, got denied.
    - Used the welcome email link to login + verify.
    - Tried to mutate the URI to not verify, or verify something else: got denied.
  - **Message Customization**
    - Viewed messages on the different workflows. They seemed OK.
  - **Reset Emails Going to Main Account Email**
    - Sent password reset email to non-primary email.
    - Received email at specified address.
    - Verified it does not verify the address.
  - **Password Reset Without Old Password**
    - Reset password without knowledge of old one after email reset.
    - Tried to do that without a key, got denied.
    - Tried to reuse a key, got denied.
  - **Jump Into Hisec**
    - Logged in with MFA user, got factor'd, jumped directly into hisec.
    - Logged in with non-MFA user, no factors, normal password reset.
  - **Some UI Cleanup**
    - Viewed new UI.
  - **Misc**
    - Created accounts, logged in with welcome link, got verified.
    - Changed a username, used link to log back in.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D9252
2014-05-22 10:41:00 -07:00
epriestley
5e7b316fbe Free task leases on "phd start"
Summary:
Fixes T5154. Currently, "phd stop" terminates daemons relatively abruptly (and other things do too, like killing them). This can leave them with long leases that won't expire any time soon. Normally this isn't a big deal, since it just means an email or an import takes a bit longer (often 2 hours, but up to 24 hours) to run. However:

  - We've increased default lease durations a lot fairly recently -- the 2 hours used to be 15 minutes.
  - Harbormaster and Drydock add new types of tasks which are more dependent on other tasks, so waiting 2 hours for something to free up can hold up more stuff in queue.

When `phd start` is run, we can be confident (at least, in normal circumstances) that leases are safe to free, since we do a check. This undoes any damage done by abrupt stops in "phd stop" or by users or systems killing stuff.

(It would be nice to make "phd stop" more graceful at some point, but we always have to deal with abrupt termination in some cases no matter how gentle "phd stop" is.)

One sort-of-questionable thing here is that we don't distinguish between tasks which had an active lease and tasks which had been released, since the system itself does not make a distiction. So, for example, if you have a task that retries 5 times and waits an hour between retries, you'll get a retry on every `phd start` now, and could exhaust them all in a few minutes if you cycle `phd start` aggressively. I think this is OK. In the future, we could try to distinguish between these types of tasks, and only free the ones with active leases.

Test Plan:
  - Used `phd start` normally, saw it free leases.
  - Used `phd start`, killed it real quick so no taskmasters spawned, ran it again an saw no leases freed.
  - Used `phd start --keep-leases`.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5154

Differential Revision: https://secure.phabricator.com/D9256
2014-05-22 10:40:45 -07:00
epriestley
890ae77a9a Don't fatal when viewing a moved document if the target does not exist or isn't visible
Summary: Fixes T5156. If a document has been moved but the new one does not exist or can't be seen by the viewer, render a generic message.

Test Plan: Viewed moved-plus-visible and moved-plus-nonvisible documents.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5156

Differential Revision: https://secure.phabricator.com/D9254
2014-05-22 10:39:48 -07:00
epriestley
38b17157fa Use stable commit identifier to load repository commit
Summary: Fixes T5113. This was caught in the crossfire of cleaning up the DiffusionRequest "commit" properties.

Test Plan: Loaded `/rXnnnn` with some of the `nnn` missing.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5113

Differential Revision: https://secure.phabricator.com/D9253
2014-05-22 10:39:06 -07:00
Tal Shiri
2133e61048 Added placeholder support to custom text fields
Summary: placeholder text is pretty useful.

Test Plan: placeholder text is pretty useful. also fully supports not breaking everything.

Reviewers: chad, #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9223
2014-05-22 09:12:55 -07:00
epriestley
3c8d88deb4 Don't warn about conflicts when reverting Phriction documents
Summary:
Fixes T5144. This was incorrectly checking the //content// version, not the //head// version, so reverts would raise the "conflict" warning.

Also fix a couple of FontAwesome icons.

Test Plan:
  - Edited a document.
  - Reverted a document.
  - Opened two edit tabs. Edited one, tried to edit #2, got a warning.
  - Opened two revert tabs. Reverted in one, tried to revert in #2, got a warning.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T5144

Differential Revision: https://secure.phabricator.com/D9249
2014-05-21 16:05:59 -07:00
Chad Little
2ad501873a Fix changeset layout in Modern Firefox
Summary: Looks like a rule for old Firefox is causing layout issues in new Firefox. Prefer new Firefox. Fixes T4987

Test Plan:
Tested the current version of Firefox.

Bug:

{F158209}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4987

Differential Revision: https://secure.phabricator.com/D9240
2014-05-21 13:45:02 -07:00
epriestley
a9d6a2f02d Fix weird subscribe+comment rendering
Summary:
Fixes T5146. When we're rendering a transaction group that includes a comment, we hide the "x added a comment" text, since it's implicit and obvious and cleans the UI up a little.

However, the way this works is really complicated and messy and created the T5146 issue after I made self-subscriptions have a lower priority than comments do.

Clean this code up so it makes a little more sense and gets this case right.

Test Plan: {F158270}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5146

Differential Revision: https://secure.phabricator.com/D9245
2014-05-21 13:37:11 -07:00
epriestley
d2ead465f3 Remove "Close Task" button
Summary: Fixes T5134

Test Plan: Went to a task, closed it. Felt satisfied.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley, Korvin

Maniphest Tasks: T4657, T5134

Differential Revision: https://secure.phabricator.com/D9221
2014-05-21 12:44:58 -07:00
lkassianik
fbbb43c472 Expose dashboard policy editing to UI
Summary: Fixes T4981, Allow Dashboard view and edit policies to be configured

Test Plan: Create dashboard, edit dashboard, make sure user can edit who can edit and who can see dashboard.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4981

Differential Revision: https://secure.phabricator.com/D9243
2014-05-21 12:23:27 -07:00
Chad Little
0bf18d5f27 Mobile-ize Dashboards
Summary: Adds mobile support to dashboards.

Test Plan: test various dashboard layouts, mobile and table breakpoints. Desktop too.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9242
2014-05-21 12:08:14 -07:00
Chad Little
e8ca470a40 Cleanup Feed on Dashboards
Summary: Minor style updates, makes full width feed work.

Test Plan: test full, 1/2, 1/3 feed in dashboards.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9241
2014-05-21 11:37:36 -07:00
lkassianik
953f95054f Allow dashboard panel policies to be edited
Summary: Fixes T4982, expose dashboard panel policy editing to UI

Test Plan: Create panel, verify that user can edit who can see and who can edit panel

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Maniphest Tasks: T4982

Differential Revision: https://secure.phabricator.com/D9238
2014-05-21 10:48:39 -07:00
Chad Little
5e905edafa Fix height of send message area on Conpherence
Summary: When I tweaked the mobile layout, this didn't get updated. Reduces height of send message area.

Test Plan: test layout on mobile and desktop

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9237
2014-05-21 10:38:13 -07:00
Chad Little
5d6a7f5cf4 Remove Action Icons
Summary: Deletes the action icons

Test Plan: n/a

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9231
2014-05-21 10:19:04 -07:00
Chad Little
ac05fe9c3b Replace action sprite with FontAwesome
Summary: Replaces the action icons in action headers with FontAwesome

Test Plan:
- grep SPRITE_ACTIONS
- grep sprite-actions
- Replace on UIExamples
- Replace on Workboards
- Replace on Dashboards
- Replace on FeedStories

{F157840}
{F157841}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9230
2014-05-21 10:18:43 -07:00
Chad Little
53940e272f Add standard spacing around viewing panels
Summary: Just wraps them in some boxes in edit and standalone mode.

Test Plan: Tested 3 panels in edit and standalone mode.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9232
2014-05-21 10:18:18 -07:00
James Rhodes
49c15a6d95 Allow a limit to be set on the number of results in a query panel
Summary: This allows a maximum number of items to be set in a query panel.  Mostly useful when you have a query panel on the feed search and you don't want 4 billion results cluttering your dashboard.

Test Plan: Created a query panel with a maximum and it worked.  Left it blank and got the default results.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Maniphest Tasks: T4980

Differential Revision: https://secure.phabricator.com/D9235
2014-05-21 10:09:51 -07:00
Joshua Spence
eba11238b9 Show daemon arguments with ./bin/phd status.
Summary: Fixes T4735. When running `./bin/phd`, show daemon arguments.

Test Plan:
```
./bin/phd status
PID  	Started                 	Daemon                                            Arguments
12711	May 20 2014, 9:02:52 AM 	PhabricatorRepositoryPullLocalDaemon              []
12716	May 20 2014, 9:02:52 AM 	PhabricatorGarbageCollectorDaemon                 []
12733	May 20 2014, 9:02:53 AM 	PhabricatorTaskmasterDaemon                       []
12768	May 20 2014, 9:02:53 AM 	PhabricatorTaskmasterDaemon                       []
12775	May 20 2014, 9:02:53 AM 	PhabricatorTaskmasterDaemon                       []
12780	May 20 2014, 9:02:54 AM 	PhabricatorTaskmasterDaemon                       []
12838	May 20 2014, 9:02:54 AM 	PhabricatorFactDaemon                             []
13436	May 20 2014, 9:03:23 AM 	PhabricatorRepositoryPullLocalDaemon              ["X","--not","Y"]
```

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Maniphest Tasks: T4735

Differential Revision: https://secure.phabricator.com/D9208
2014-05-20 16:47:47 -07:00
Joshua Spence
b6d15377dd Show daemon arguments when launching a daemon with ./bin/phd.
Summary: Ref T4735. When launching daemons (with `./bin/phd start` or `./bin/phd launch`), print the arguments that are specified for the daemon.

Test Plan:
Ran `./bin/phd launch repo -- --not X`.

```
> sudo ./bin/phd launch repo -- --not X
Preparing to launch daemons.
NOTE: Logs will appear in '/mnt/logs/phd/daemons.log'.

Launching daemon "PhabricatorRepositoryPullLocalDaemon" with arguments ["--not","X"].
```

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4735

Differential Revision: https://secure.phabricator.com/D9205
2014-05-20 16:45:22 -07:00
Chad Little
76dc959c65 Dashboard display tweaks
Summary: Changes headers to standard light blue, tweaks spacing for uniformity.

Test Plan:
Test editing and using my dashboard.

{F157744}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9228
2014-05-20 16:23:51 -07:00
Chad Little
2f6a865506 Add Spaces icon
Summary: n/t

Test Plan: photoshop, review

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9225
2014-05-20 14:41:04 -07:00
Chad Little
c7380b6023 Fix header icons in Pholio
Summary: Uses FontAwesome

Test Plan: Open/Close a Pholio Mock in my sandbox.

Reviewers: lpriestley, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9220
2014-05-20 11:59:02 -07:00
Chad Little
f9f4fe67fb Dashboard panel for Maniphest tasks/groups
Summary: Basic styling for the 'panel' version of Maniphest groups. Not super sold on it, but a decent start.

Test Plan:
Test dashboards and Maniphest homepage

{F157639}

{F157640}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9219
2014-05-20 11:48:16 -07:00
Chad Little
8e8e2ceb31 Remove unused icons
Summary: These little guys, all alone in the world. Time for bed little icons.

Test Plan: rm

Reviewers: epriestley, btrahan

Subscribers:
2014-05-20 11:46:04 -07:00
epriestley
cac61980f9 Add "temporary tokens" to auth, for SMS codes, TOTP codes, reset codes, etc
Summary:
Ref T4398. We have several auth-related systems which require (or are improved by) the ability to hand out one-time codes which expire after a short period of time.

In particular, these are:

  - SMS multi-factor: we need to be able to hand out one-time codes for this in order to prove the user has the phone.
  - Password reset emails: we use a time-based rotating token right now, but we could improve this with a one-time token, so once you reset your password the link is dead.
  - TOTP auth: we don't need to verify/invalidate keys, but can improve security by doing so.

This adds a generic one-time code storage table, and strengthens the TOTP enrollment process by using it. Specifically, you can no longer edit the enrollment form (the one with a QR code) to force your own key as the TOTP key: only keys Phabricator generated are accepted. This has no practical security impact, but generally helps raise the barrier potential attackers face.

Followup changes will use this for reset emails, then implement SMS multi-factor.

Test Plan:
  - Enrolled in TOTP multi-factor auth.
  - Submitted an error in the form, saw the same key presented.
  - Edited the form with web tools to provide a different key, saw it reject and the server generate an alternate.
  - Change the expiration to 5 seconds instead of 1 hour, submitted the form over and over again, saw it cycle the key after 5 seconds.
  - Looked at the database and saw the tokens I expected.
  - Ran the GC and saw all the 5-second expiry tokens get cleaned up.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D9217
2014-05-20 11:43:45 -07:00
epriestley
f0147fd8ad Allow workboards to be filtered with ApplicationSearch
Summary:
Ref T4673.

IMPORTANT: I had to break one thing (see TODO) to get this working. Not sure how you want to deal with that. I might be able to put the element //inside// the workboard, or I could write some JS. But I figured I'd get feedback first.

General areas for improvement:

  - It would be nice to give you some feedback that you have a filter applied.
  - It would be nice to let you save and quickly select common filters.
  - These would probably both be covered by a dropdown menu instead of a button, but that's more JS than I want to sign up for right now.
  - Managing custom filters is also a significant amount of extra UI to build.
  - Also, maybe these filters should be sticky per-board? Or across all boards? Or have a "make this my default view"? I tend to dislike implicit stickiness.

Test Plan:
Before:

{F157543}

Apply Filter:

{F157544}

Filtered:

{F157545}

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: qgil, swisspol, epriestley

Maniphest Tasks: T4673

Differential Revision: https://secure.phabricator.com/D9211
2014-05-20 11:42:05 -07:00
lkassianik
8a429c51ac Embed dashboard panels in comments
Summary: Fixes T4983, Panel prefix 'W' should be recognized as a shortcut to a dashboard panel

Test Plan: Open any comment input, type '{W1}', or other existing panel, preview should embed that panel.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Maniphest Tasks: T4983

Differential Revision: https://secure.phabricator.com/D9215
2014-05-20 11:37:40 -07:00
Chad Little
b38ad4e45a Style text boxes and tab panels in dashboards
Summary: Adds basic borders, spacing to tab panels and text boxes.

Test Plan:
Added some of each to my Dashboard.

{F157622}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5078

Differential Revision: https://secure.phabricator.com/D9216
2014-05-20 10:53:16 -07:00
epriestley
bed9ce2d18 Make PeopleQuery throw, not select everything, when handed empty array
Summary: Make `->withPHIDs(array())` throw on this query instead of selecting everything.

Test Plan: Poked around.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D9210
2014-05-20 08:26:55 -07:00
epriestley
481a295454 Fix watchers to actually work properly 2014-05-20 08:20:34 -07:00
Chad Little
6e9753c66c Dashboard View for Feed
Summary: A basic rendering of feed in dashboards

Test Plan:
built a feed in dashboards, viewed it as my homepage.

{F157119}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9209
2014-05-20 08:05:03 -07:00
epriestley
16a2876448 Fix watcher query to work correctly with no watchers. 2014-05-20 06:35:22 -07:00
Bob Trahan
5f33aa5b4f Dashboards - add ability to install dashboard as home
Summary:
See title. Adds PhabricatorDashboardInstall data object which scopes installs to objectPHID + applicationClass. This is because we already have a collision for user home pages and user profiles. Assume only one dashboard per objectPHID + applicationClass though at the database level.

Fixes T5076.

Test Plan: From dashboard view, installed a dashboard - success! Went back to dashboard view and uninstalled it!

Reviewers: chad, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5076

Differential Revision: https://secure.phabricator.com/D9206
2014-05-19 16:09:31 -07:00
Bob Trahan
d9058d7f3f Dashboards - add remove functionality
Summary: To get there, upgrade "headerless" to "headerMode". Add a new removepanel controller. Fixes T5084.

Test Plan: removed some panels to much success

Reviewers: chad, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5078, T5084

Differential Revision: https://secure.phabricator.com/D9156
2014-05-19 14:04:26 -07:00
epriestley
9cb4047134 Apply hierarchical policy checks to Phriction
Summary: Ref T4029. When checking the view policy of a document, require the viewer to also be able to see all of the ancestors.

Test Plan:
  - Hard-coded `/x/y/` to "no one".
    - Checked that `/x/y/` is not visible.
    - Checked that `/x/y/z/` is not visible.
    - Checked that `/x/`, `/x/q/`, etc., are still visible.
  - Tested project pages and sub-pages for project visibility.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4029

Differential Revision: https://secure.phabricator.com/D9199
2014-05-19 12:41:30 -07:00
epriestley
4d7c1026f4 Use PhrictionDocumentQuery to load documents
Summary: Ref T4029. We use a lot of very outdated content loading in Phriction, which blocks T4029.

Test Plan:
- Called phriction.info
- Called phriction.history
- Called phriction.edit
- Viewed document list.
- Deleted a document.
- Viewed history.
- Viewed a diff.
- Created a document.
- Edited a document.
- Moved a document.
- Tried to overwrite a document with "new".
- Tried to overwrite a document with "move".
- Viewed a moved document note.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: shadowhand, epriestley

Maniphest Tasks: T4029

Differential Revision: https://secure.phabricator.com/D9194
2014-05-19 12:41:12 -07:00