1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-23 23:32:40 +01:00
Commit graph

83 commits

Author SHA1 Message Date
epriestley
ecc598f18d Support multiple database masters and convert easy callers
Summary:
Ref T11044. This moves toward partitioned application databases:

  - You can define multiple masters.
  - Convert all the easily-convertible code to become multi-master aware.

This doesn't convert most of `bin/storage` or "Config > Database (Stuff)" yet, as both are quite involved. They still work for now, but only operate on the first master instead of all masters.

Test Plan: Configured multiple masters, browsed around, ran `bin/storage` commands, ran `bin/storage --host ...`.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11044

Differential Revision: https://secure.phabricator.com/D16115
2016-11-12 16:30:20 -08:00
epriestley
0f800a3cd8 In Phabricator, drop PhutilClassMap caches after loading additional libraries
Summary:
Depends on D16755. Right now, we build a setup check map (to run preflight checks), then later load libraries.

This means any checks included in third-party libraries don't get added to the map, and no longer run.

(These are rare, but Phacility has a couple).

Instead, delete the caches after loading extra libraries.

Test Plan: With this and D16755, re-ran setup checks and saw Phacility setup checks run.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D16756
2016-10-26 15:46:33 -07:00
epriestley
1ee426e4ac Add a specialized cache for storing "has setup ever worked?"
Summary:
Ref T11613. In D16503/T11598 I refined the setup flow to improve messaging for early-stage setup issues, but failed to fully untangle things.

We sometimes still try to access a cache which uses configuration before we build configuration, which causes an error.

Instead, store "are we in flight / has setup ever worked?" in a separate cache which doesn't use the cache namespace. This stops us from trying to read config before building config.

Test Plan:
Hit bad extension error with a fake extension, got a proper setup help page:

{F1812803}

Solved the error, reloaded, broke things again, got a "friendly" page:

{F1812805}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11613

Differential Revision: https://secure.phabricator.com/D16542
2016-09-12 08:04:32 -07:00
epriestley
0e8ceeb690 Continue on bad database configuration from select scripts
Summary: Ref T11589. Provide a way for scripts to say "just continue if database config fails", and use it in `bin/config` and `bin/storage`.

Test Plan:
  - Broke database config.
  - Ran `bin/config`, worked fine.
  - Ran `bin/storage`, got helpful "set up the database" message.
  - Ran `bin/repository`, got fatal.
  - Ran normal site with valid/invalid config, got proper feedback.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11589

Differential Revision: https://secure.phabricator.com/D16502
2016-09-06 14:20:57 -07:00
epriestley
3099601463 Split setup check phases into "preflight" and "post-config"
Summary:
Ref T11589. This runs:

  - preflight checks (critical checks: PHP version stuff, extensions);
  - configuration;
  - normal checks.

The PHP checks are split into critical ("bad version") and noncritical ("sub-optimal config").

I tidied up the extension checks slightly, we realistically depend on `cURL` nowadays.

Test Plan:
  - Faked a preflight failure.
  - Hit preflight check.
  - Got expected error screen.
  - Loaded normal pages.
  - Hit a normal setup check.
  - Used DarkConsole "Startup" tab to verify that preflight checks take <1ms to run (we run them on every page without caching, at least for now, but they only do trivial checks like PHP versions).

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11589

Differential Revision: https://secure.phabricator.com/D16500
2016-09-06 14:20:11 -07:00
epriestley
d0013d0898 Distinguish between unreachable cluster database hosts and missing MySQL databases
Summary:
Fixes T11577. When we connect to a host and try to select a database which does not exist, we currently treat it as though the host wasn't reachable.

This isn't correct, and prevents storage from being initialized while already in cluster mode, since the "config" database won't exist yet the first time we connect.

Instead, distinguish between `AphrontSchemaQueryException` (thrown on connection if the requested database is not present) and other errors.

Test Plan:
  - Put Phabricator into cluster database mode (`cluster.databases = ...`).
  - Swapped `storage.default-namespace` to force initialization of a new install.
  - Ran `bin/storage upgrade`.
    - Before patch: Immediate fatal about unreachablility.
    - After patch: Database initialized.
  - Also ran initialization steps in tranditional single-host mode (`cluster.databases` empty, `mysql.host` configured).

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11577

Differential Revision: https://secure.phabricator.com/D16489
2016-09-02 08:23:21 -07:00
epriestley
de4312bcde Before executing svnserve, change the CWD to a readable directory
Summary: Fixes T10941. This avoids a confusing dead end when configuring Subversion hosting, where `svnserve` will fail to execute hooks if the CWD isn't readable by the vcs-user.

Test Plan:
  - Updated and committed in a hosted SVN repository.
  - Ran some git operations, too.
  - @dpotter confirmed this locally in T10941.

Reviewers: chad

Reviewed By: chad

Subscribers: dpotter

Maniphest Tasks: T10941

Differential Revision: https://secure.phabricator.com/D15879
2016-05-11 06:48:18 -07:00
epriestley
20bad9a4ba Reset umask to 022 for all Phabricator processes
Summary:
Fixes T7475. If you do something like:

  $ umask 123
  $ ./bin/phd start

...the daemons might inherit the weird umask, do a `git fetch` with the weird umask, and end up creating files with weird permissions in repositories.

Instead, just normalize the umask to 022 in all cases. This is overwhelmingly the most common setting, and the one we assume things are configured with.

(When we want to force permissions to a certain setting, we do so explicitly.)

Test Plan:
  - Added `var_dump(umask())` to observe umask.
  - Ran `bin/phd`, saw proper umask (`18`, which is decimal of `022` octal).
  - Set `umask 123`, then ran `bin/phd`, saw it correct properly again.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T7475

Differential Revision: https://secure.phabricator.com/D15721
2016-04-15 10:03:01 -07:00
epriestley
0379cc10ac Fixes T10805. When clustering is not configured, this check should just
return.

Auditors: chad
2016-04-14 04:32:20 -07:00
epriestley
ebff07d019 Automatically sever databases after prolonged unreachability
Summary:
Ref T4571. When a database goes down briefly, we fall back to replicas.

However, this fallback is slow (not good for users) and keeps sending a lot of traffic to the master (might be bad if the root cause is load-related).

Keep track of recent connections and fully degrade into "severed" mode if we see a sequence of failures over a reasonable period of time. In this mode, we send much less traffic to the master (faster for users; less load for the database).

We do send a little bit of traffic still, and if the master recovers we'll recover back into normal mode seeing several connections in a row succeed.

This is similar to what most load balancers do when pulling web servers in and out of pools.

For now, the specific numbers are:

  - We do at most one health check every 3 seconds.
  - If 5 checks in a row fail or succeed, we sever or un-sever the database (so it takes about 15 seconds to switch modes).
  - If the database is currently marked unhealthy, we reduce timeouts and retries when connecting to it.

Test Plan:
  - Configured a bad `master`.
  - Browsed around for a bit, initially saw "unrechable master" errors.
  - After about 15 seconds, saw "major interruption" errors instead.
  - Fixed the config for `master`.
  - Browsed around for a while longer.
  - After about 15 seconds, things recovered.
  - Used "Cluster Databases" console to keep an eye on health checks: it now shows how many recent health checks were good:

{F1213397}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4571

Differential Revision: https://secure.phabricator.com/D15677
2016-04-11 08:43:52 -07:00
epriestley
146fb646f9 Automatically degrade to read-only mode when unable to connect to the master
Summary:
Ref T4571. If we fail to connect to the master, automatically try to degrade into a temporary read-only mode ("UNREACHABLE") for the remainder of the request, if possible.

If the request was something like "load the homepage", that'll work fine. If it was something like "submit a comment", there's nothing we can do and we just have to fail.

Detecting this condition imposes a performance penalty: every request checks the connection and gives the database a long time to respond, since we don't want to drop writes unless we have to. So the degraded mode works, but it's really slow, and may perpetuate the problem if the root issue is load-related.

This lays the groundwork for improving this case by degrading futher into a "SEVERED" mode which will persist across requests. In the future, if several requests in a short period of time fail, we'll sever the database host and refuse to try to connect to it for a little while, connecting directly to replicas instead (basically, we're "health checking" the master, like a load balancer would health check a web application server). This will give us a better (much faster) degraded mode in a major service disruption, and reduce load on the master if the root cause is load-related, giving it a better chance of recovering on its own.

Test Plan:
  - Disabled master in config by changing the host/username, got degraded automatically to UNREACAHBLE mode immediately.
  - Faked full SEVERED mode, requests hit replicas and put me in the mode properly.
  - Made stuff work, hit some good pages.
  - Hit some non-cluster pages.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4571

Differential Revision: https://secure.phabricator.com/D15674
2016-04-10 12:20:13 -07:00
epriestley
e0a8cac703 When no master database is configured, automatically degrade to read-only mode
Summary: Ref T4571. If `cluster.databases` is configured but only has replicas, implicitly drop to read-only mode and send writes to a replica.

Test Plan:
  - Disabled the `master`, saw Phabricator automatically degrade into read-only mode against replicas.
  - (Also tested: explicit read-only mode, non-cluster mode, properly configured cluster mode).

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4571

Differential Revision: https://secure.phabricator.com/D15672
2016-04-10 12:19:55 -07:00
epriestley
071741c61d When Phabricator is in read-only mode, explain why
Summary:
Ref T4571. Allows users to click the "read-only mode" notification to get more information about why an install is in read-only mode.

Installs can be in this mode for several reasons (explicit administrative action, no masters defined, no masters reachable), and it's useful to be able to tell the difference.

Test Plan: {F1212930}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4571

Differential Revision: https://secure.phabricator.com/D15671
2016-04-10 12:19:18 -07:00
epriestley
49d93dcf98 Add a cluster.read-only option
Summary:
Ref T4571. There will be a very long path beyond this, but add a basic read-only mode. You can explicitly enable this to put Phabricator in a sort of "maintenance" mode today if you're swapping databases or something.

In the long term, we'll automatically degrade into this mode if the master database is down.

Test Plan:
  - Enabled read-only mode.
  - Browsed around.
  - Didn't immediately see anything that was totally 100% broken.

Most stuff is 80-90% broken right now. For example:

  - Stuff like submitting comments doesn't work, and gives you a confusing, unhelpful error.
  - None of the UI really knows that it's read-only. EditEngine stuff should all hide itself and say "you can't add new comments while an install is in read-only mode", for example, but currently does not.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4571

Differential Revision: https://secure.phabricator.com/D15662
2016-04-09 13:40:47 -07:00
epriestley
57f016b166 Convert OAuthServer to Transactions + EditEngine
Summary: Ref T7303. This application is currently stone-age tech (no transactions, hard "delete" action). Bring it up to modern specs.

Test Plan:
  - Created and edited an OAuth application.
  - Viewed transaction record.
  - Tried to create something with no name, invalid redirect URI, etc. Was gently rebuffed with detailed explanatory errors.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T7303

Differential Revision: https://secure.phabricator.com/D15609
2016-04-05 01:55:49 -07:00
Joshua Spence
321c61a853 Remove daemon envHash and envInfo
Summary: Ref T7053. Remove the `envHash` and `envInfo` fields, which are no longer used now that the daemons restart automagically. Depends on D14458.

Test Plan: Saw no more setup issues.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: tycho.tatitscheff, epriestley

Maniphest Tasks: T7053

Differential Revision: https://secure.phabricator.com/D14446
2015-11-11 08:54:45 +11:00
Joshua Spence
368f359114 Use PhutilClassMapQuery instead of PhutilSymbolLoader
Summary: Use `PhutilClassMaQuery` instead of `PhutilSymbolLoader`, mostly for consistency. Depends on D13588.

Test Plan: Poked around a bunch of pages.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D13589
2015-08-14 07:49:01 +10:00
Joshua Spence
b6d745b666 Extend from Phobject
Summary: All classes should extend from some other class. See D13275 for some explanation.

Test Plan: `arc unit`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D13283
2015-06-15 18:02:27 +10:00
epriestley
069e60d2ff Send mail to targets in the user's translation
Summary: Ref T6367.

Test Plan:
  - Added and executed unit tests.
  - Sent mail to A (en_US) and B (en_A*).
  - Got one mail in English and one mail in ENGLISH.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6367

Differential Revision: https://secure.phabricator.com/D13142
2015-06-03 18:59:33 -07:00
Joshua Spence
36e2d02d6e phtize all the things
Summary: `pht`ize a whole bunch of strings in rP.

Test Plan: Intense eyeballing.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: hach-que, Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D12797
2015-05-22 21:16:39 +10:00
Joshua Spence
acb45968d8 Use __CLASS__ instead of hard-coding class names
Summary: Use `__CLASS__` instead of hard-coding class names. Depends on D12605.

Test Plan: Eyeball it.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: hach-que, Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D12806
2015-05-14 07:21:13 +10:00
epriestley
40fb0f98df Mostly defuse DNS rebinding attack for outbound requests
Summary: Ref T6755. I'll add some notes there about specifics.

Test Plan:
  - Made connections to HTTP and HTTPS URIs.
  - Added some debugging code to verify that HTTP URIs were pre-resolved.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6755

Differential Revision: https://secure.phabricator.com/D12169
2015-03-26 11:12:22 -07:00
epriestley
1c32c9b965 Improve granluarity and defaults of security.allow-outbound-http
Summary:
Ref T6755. This is a partial fix, but:

  - Allow netblocks to be blacklisted instead of making the feature all-or-nothing.
  - Default to disallow requests to all reserved private/local/special IP blocks. This should generally be a "safe" setting.
  - Explain the risks better.
  - Improve the errors rasied by Macro when failing.
  - Removed `security.allow-outbound-http`, as it is superseded by this setting and is somewhat misleading.
    - We still make outbound HTTP requests to OAuth.
    - We still make outbound HTTP requests for repositories.

From a technical perspective:

  - Separate URIs that are safe to link to or redirect to (basically, not "javascript://") from URIs that are safe to fetch (nothing in a private block).
  - Add the default blacklist.
  - Be more careful with response data in Macro fetching, and don't let the user see it if it isn't ultimately valid.

Additionally:

  - I want to do this check before pulling repositories, but that's enough of a mess that it should go in a separate diff.
  - The future implementation of T4190 needs to perform the fetch check.

Test Plan:
  - Fetched a valid macro.
  - Fetched a non-image, verified it didn't result in a viewable file.
  - Fetched a private-ip-space image, got an error.
  - Fetched a 404, got a useful-enough error without additional revealing response content (which is usually HTML anyway and not useful).
  - Fetched a bad protocol, got an error.
  - Linked to a local resource, a phriction page, a valid remote site, all worked.
  - Linked to private IP space, which worked fine (we want to let you link and redierect to other private services, just not fetch them).
  - Added and executed unit tests.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6755

Differential Revision: https://secure.phabricator.com/D12136
2015-03-23 10:44:03 -07:00
epriestley
d4680a7e4e Update Phabricator to work with more modular translations
Summary:
Ref T7152. Ref T1139. This updates Phabricator so third-party libraries can translate their own stuff. Also:

  - Hide "All Caps" when not in development mode, since some users have found this a little confusing.
  - With other changes, adds a "Raw Strings" mode (development mode only).
  - Add an example silly translation to make sure the serious business flag works.
  - Add a basic British English translation.
  - Simplify handling of translation overrides.

Test Plan:
  - Flipped serious business / development on and off and saw silly/development translations drop off.
  - Switched to "All Caps" and saw all caps.
  - Switched to Very English, Wow!
  - Switched to British english and saw "colour".

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7152, T1139

Differential Revision: https://secure.phabricator.com/D11747
2015-02-11 13:02:35 -08:00
epriestley
74ea59235a Make the "daemons and web have different config" warning more specific
Summary:
I'm hitting this in the cluster and couldn't figure it out after staring at it for a couple minutes. Produce a better error.

This dumps a hash of each configuration key value which is set to a non-default value into the daemon log. This is much more compact than the full config, and doesn't spread secrets around, so it seems like a good balance between providing information and going crazy with it.

Test Plan: {F284139}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11699
2015-02-05 14:07:35 -08:00
epriestley
d8550c114d Promote instance identity to the upstream and pass it to commit hooks
Summary:
Fixes T7019. In a cluster environment, pushes currently fail because the commit hook can't identify the instance.

For web processes, the hostname identifies the instance -- but we don't have a hostname in the hook.

For CLI processes, the environment identifies the instance -- but we don't have an environment in the hook under SVN.

Promote the instance identifier into the upstream and pack/unpack it explicitly for hooks. This is probably not useful for anyone but us, but the amount of special-purpose code we're introducing is very small.

I poked at trying to do this in a more general way, but:

  - We MUST know this BEFORE we run code, so the normal subclassing stuff is useless.
  - I couldn't come up with any other parameter which might ever be useful to pass in.

Test Plan: Used `git push` to push code through proxied HTTP, got a clean push.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7019

Differential Revision: https://secure.phabricator.com/D11495
2015-01-27 14:51:48 -08:00
Bob Trahan
923096efc8 Config - add phd.variant-config to suppress "Daemon & Web config" error message on a per key basis
Summary: Fixes T6959.

Test Plan: When I was ready to test the feature, the "Daemon & Web config" error already showed up, from having added phd.variant-config. I went meta and changed the value of phd.variant-config to have phd.variant-config. The config error disappeared. I then changed the conpherence setting about conpherence email prefix and the error showed up again. Removing the conpherence config setting made the error disappear once more.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6959

Differential Revision: https://secure.phabricator.com/D11399
2015-01-14 13:46:31 -08:00
epriestley
fa7bb8ff7a Add cluster.addresses and require membership before accepting cluster authentication tokens
Summary:
Ref T2783. Ref T6706.

  - Add `cluster.addresses`. This is a whitelist of CIDR blocks which define cluster hosts.
  - When we recieve a request that has a cluster-based authentication token, require the cluster to be configured and require the remote address to be a cluster member before we accept it.
    - This provides a general layer of security for these mechanisms.
    - In particular, it means they do not work by default on unconfigured hosts.
  - When cluster addresses are configured, and we receive a request //to// an address not on the list, reject it.
    - This provides a general layer of security for getting the Ops side of cluster configuration correct.
    - If cluster nodes have public IPs and are listening on them, we'll reject requests.
    - Basically, this means that any requests which bypass the LB get rejected.

Test Plan:
  - With addresses not configured, tried to make requests; rejected for using a cluster auth mechanism.
  - With addresses configred wrong, tried to make requests; rejected for sending from (or to) an address outside of the cluster.
  - With addresses configured correctly, made valid requests.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6706, T2783

Differential Revision: https://secure.phabricator.com/D11159
2015-01-02 15:13:41 -08:00
epriestley
19845395d8 Allow PhutilTranslator::translate() to return defaults
Summary: Allow PhutilTranslator::translate() to return defaults

Test Plan: Just check some strings returned correctly.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, Zolli, epriestley

Projects: #localization

Maniphest Tasks: T6845

Differential Revision: https://secure.phabricator.com/D11121
2015-01-01 08:15:40 -08:00
epriestley
6a5369b173 Add an extensible "SiteSource" for configuration
Summary:
Fixes T2792. This adds a pluggable configuration layer between all the stuff on disk (local/file) and the runtime configurable stuff (database).

An install can subclass this source and:

  - For Phacility, query a remote service (like Almanac) to retrieve hostname-based configuration, allowing one install to serve multiple instances.
  - Maybe for Phacility, query a remote service (like Phlux) to retrieve sitevar-like configuration (e.g., put everything in readonly mode to deal with a maintenance issue?). Not sure if we'll do this or not. We might just nuke Phlux since Almanac is sort-of-a-superset of it for our purposes.
  - For third parties, query some other remote service if that makes config management easier. In particular, it would theoretically let you put locked config in Zookeeper or whatever else you want.

Test Plan: Added a fake source and saw it inject configuration.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T2792

Differential Revision: https://secure.phabricator.com/D10787
2014-11-05 15:30:40 -08:00
Bob Trahan
04d501cf22 asort should be ksort 2014-08-27 11:36:08 -07:00
Bob Trahan
c2874945c8 Daemons - add status of environment to daemon console, etc
Summary: Shows the UI everywhere. Also asort() the keys before calculating the environment hash as that is probably an issue for someone at some point we just don't need to have. Ref T5968.

Test Plan: Viewed the setup check and saw a link to the daemon console. Viewed the daemon console and saw the various stale config daemons. Clicked a daemon and saw a "stale config" header icon where expected. Restarted daemons and all of this went away.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5968

Differential Revision: https://secure.phabricator.com/D10367
2014-08-27 11:35:21 -07:00
Bob Trahan
6f246bd351 Daemons - add a config check for out of date daemon environment
Summary: Fixes T4881.

Test Plan: made a config change, saw the issue, restarted daemons and it went away

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4881

Differential Revision: https://secure.phabricator.com/D10339
2014-08-22 14:52:36 -07:00
epriestley
df361470c1 Be more strict about "Location:" redirects
Summary:
Via HackerOne. Chrome (at least) interprets backslashes like forward slashes, so a redirect to "/\evil.com" is the same as a redirect to "//evil.com".

  - Reject local URIs with backslashes (we never generate these).
  - Fully-qualify all "Location:" redirects.
  - Require external redirects to be marked explicitly.

Test Plan:
  - Expanded existing test coverage.
  - Verified that neither Diffusion nor Phriction can generate URIs with backslashes (they are escaped in Diffusion, and removed by slugging in Phriction).
  - Logged in with Facebook (OAuth2 submits a form to the external site, and isn't affected) and Twitter (OAuth1 redirects, and is affected).
  - Went through some local redirects (login, save-an-object).
  - Verified file still work.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D10291
2014-08-18 14:11:06 -07:00
Joshua Spence
0a62f13464 Change double quotes to single quotes.
Summary: Ran `arc lint --apply-patches --everything` over rP, mainly to change double quotes to single quotes where appropriate. These changes also validate that the `ArcanistXHPASTLinter::LINT_DOUBLE_QUOTE` rule is working as expected.

Test Plan: Eyeballed it.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin, hach-que

Differential Revision: https://secure.phabricator.com/D9431
2014-06-09 11:36:50 -07:00
epriestley
38cc38eaf6 Modernize documentation links
Summary:
  - Point them at the new Diviner.
  - Make them a little less cumbersome to write.

Test Plan: Found almost all of these links in the UI and clicked them.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8553
2014-03-17 15:01:31 -07:00
Joshua Spence
e11adc4ad7 Added some additional assertion methods.
Summary:
There are quite a few tests in Arcanist, libphutil and Phabricator that do something similar to `$this->assertEqual(false, ...)` or `$this->assertEqual(true, ...)`.

This is unnecessarily verbose and it would be cleaner if we had `assertFalse` and `assertTrue` methods.

Test Plan: I contemplated adding a unit test for the `getCallerInfo` method but wasn't sure if it was required / where it should live.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Differential Revision: https://secure.phabricator.com/D8460
2014-03-08 19:16:21 -08:00
epriestley
df85cd83d1 Put PATH in $_ENV after we adjust it so ExecFuture/etc pick it up
Summary: The change to setEnv() means this may not propagate correctly in
some cases. See IRC.

Auditors: btrahan
2013-11-27 21:03:00 -08:00
epriestley
a6c4117ec4 Fix controller-level access rules
Summary:
Ref T603. I had to partially revert this earlier because it accidentally blocked access to Conduit and File data for installs without "policy.allow-public", since the applications are available to "all users" but some endpoints actually need to be available even when not logged in.

This readjusts the gating in the controller to properly apply application visibility restrictions, and then adds a giant pile of unit test coverage to make sure it sticks and all the weird cases are covered.

Test Plan:
  - Added and executed unit tests.
  - Executed most of the tests manually, by using logged in / admin / public / disabled users.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7211
2013-10-03 19:05:47 -07:00
epriestley
3b9ccf11f2 Drive auth config with the database
Summary: Ref T1536. This is the last major migration. Moves us over to the DB and drops all the config stuff.

Test Plan:
  - Ran the migration.
  - Saw all my old config brought forward and respected, with accurate settings.
  - Ran LDAP import.
  - Grepped for all removed config options.

Reviewers: btrahan, chad

Reviewed By: btrahan

CC: aran, wez

Maniphest Tasks: T1536

Differential Revision: https://secure.phabricator.com/D6243
2013-06-20 11:18:11 -07:00
Gareth Evans
ef797494ca Add Allowed uris config
Summary:
Kind of a quick look at an idea for T2184

Ref T2184

Test Plan: Make sure the site still loads

Reviewers: epriestley

CC: aran, Korvin, mbishopim3

Maniphest Tasks: T2184

Differential Revision: https://secure.phabricator.com/D6045
2013-05-26 10:57:45 -07:00
Angelos Evripiotis
bfdce02689 prepend path/to/phabricator/support/bin/ to $PATH
Summary:
It's sometimes necessary to specify the paths to individual binaries
explicitly, e.g. a particular build of 'javelinsymbols' or a newer
version of git than is installed on your shared system.

By adding symlinks in the .../phabricator/support/bin/ directory you
can now spell these out using the file system.

Test Plan:
Ran on local Ubuntu VM:

  .. add 'TEST' repo to diffusion ..
  .. visit 127.0.01/diffusion/TEST - see ok ..

  $ cd /opt
  $ sudo sh -c 'echo "exit 1" > badgit'
  $ sudo chmod +x /opt/badgit
  $ sudo mkdir goodgit
  $ sudo mv /usr/bin/git /opt/goodgit/

  .. unset environment.append-paths ..
  .. visit 127.0.01/diffusion/TEST - see error 'git: not found' ..
  .. set environment.append-paths to /opt/goodgit/ ..
  .. visit 127.0.01/diffusion/TEST - see ok ..

  $ sudo ln -s /opt/badgit /usr/bin/git
  .. visit 127.0.01/diffusion/TEST - see error 'error #1' ..
  sudo ln -s /opt/goodgit/git web/phabricator/support/bin/git
  .. visit 127.0.01/diffusion/TEST - see ok ..

  .. unset environment.append-paths ..
  .. visit 127.0.01/diffusion/TEST - see ok ..

  $ sudo rm web/phabricator/support/bin/git
  .. visit 127.0.01/diffusion/TEST - see error 'error #1' ..

  $ sudo rm /usr/bin/git
  $ sudo mv /opt/goodgit/git /usr/bin/
  .. visit 127.0.01/diffusion/TEST - see ok ..

Note that 'DIRECTORY_SEPARATOR' was not used because apparently it's
portable and ok to just use '/'.
http://alanhogan.com/tips/php/directory-separator-not-necessary
(I'm pretty new to PHP so looking for guidance :)

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2378

Differential Revision: https://secure.phabricator.com/D5561
2013-04-03 12:49:46 -07:00
epriestley
cd07182e9c Provide a local cache for PhabricatorEnv
Summary: We hit some env config fairly often (~200 calls on the home page) and it's not especially cheap right now. This saves about 10ms on home, which is ~8% of the page weight on my machine.

Test Plan: Clicked around, everything seemed fine. Unit tests.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D5512
2013-04-01 12:05:49 -07:00
epriestley
32d23254c9 Use --user and --password from bin/storage in PHP migrations
Summary:
Fixes T2059. Ref T2517.

Currently, you can run `bin/storage upgrade` with `--user` and `--password` arguments. However, these clownishly apply only to `.sql` patches -- the `.php` migrations still use the default user and password.

This is dumb. Stop doing it. Respect `--user` and `--password` for PHP patches.

(I implemented "override", which is very similar to "repair", but kept them separate since I think they're semantically distinct enough to differentiate.)

Test Plan: Ran `./bin/storage upgrade --user x --pass y --apply phabricator:20130219.commitsummarymig.php`. Verified the correct user and password were used both for the initial connect and patch application.

Reviewers: chad, vrana

Reviewed By: chad

CC: aran

Maniphest Tasks: T2059, T2517

Differential Revision: https://secure.phabricator.com/D5115
2013-02-25 22:20:23 -08:00
epriestley
7e17acfb68 Remove PhabricatorSetup and make PHABRICATOR_ENV optional
Summary:
  - PHABRICATOR_ENV is now optional. If you don't specify it, we won't load a config file.
  - PhabricatorSetup is now gone.
    - I removed the alternate file domain check for now, see T2380.
  - `phabricator.setup` config is now gone.
  - Rewrote documentation:
    - No more mentions of `phabricator.setup`.
    - Normal install guide no longer mentions PHABRICATOR_ENV. This is now an advanced topic.
    - Clarified that you only need to set up one of apache, nginx or lighttpd.
    - Tweaked a few things I've seen users have difficulty with.

This should have no effect on any existing installs, but make the process much simpler for future installs.

Closes T2221.
Closes T2223.
Closes T2228.

Test Plan:
  - Removed my PHABRICATOR_ENV and went through the install process.
  - Generated and read documentation.

Reviewers: btrahan, chad

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2221, T2223, T2228

Differential Revision: https://secure.phabricator.com/D4596
2013-01-23 12:03:19 -08:00
epriestley
4425903480 Don't require phabricator.base-uri to be configured
Summary:
Fixes T2293.

We currently hard-require this in setup. We do not need to; we don't actually need it until we start running daemons. Move it to post-install and provide more guidance.

We could make this even easier in the future, but we'd need to special case it, since it's dangerous to let it be set to any value (if you set it to the wrong value, you can't log in). We could safely have a workflow which writes the current request URI into the database configuration, or a two-stage workflow where we set the URI and then verify it, but these both imply some special casing and complication. This should be a step forward from where we are today, regardless.

Test Plan:
Removed "phabricator.base-uri" from my configuration. Verified Phabricator still works.

Without "phabricator.base-uri" configured, logged in from multiple host names (127.0.0.1:8080, local.aphront.com:8080).

Configured "phabricator.base-uri". Verified my unblessed session no longer worked. Verified setup issue went away.

Reviewers: btrahan, vrana

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2293

Differential Revision: https://secure.phabricator.com/D4580
2013-01-22 13:57:02 -08:00
epriestley
baa9d96082 Increase the power of bin/config
Summary:
Fixes T2254. Make the CLI for config more powerful:

  - Add validation for `set`.
  - Add `get`.
  - Add `list`.
  - Add `delete`.

The `get` command produces fairly verbose JSON to support flags like `--all`, or `--source database` later. The other commands are straightforward.

Test Plan:
Tested `config set`:

  $ ./bin/config set
  Usage Exception: Specify a configuration key and a value to set it to.
  $ ./bin/config set x
  Usage Exception: Specify a value to set the key 'x' to.
  $ ./bin/config set phabricator.base-uri
  Usage Exception: Specify a value to set the key 'phabricator.base-uri' to.
  $ ./bin/config set phabricator.base-uri x
  Usage Exception: Config option 'phabricator.base-uri' is invalid. The URI must start with 'http://' or 'https://'.
  $ ./bin/config set phabricator.base-uri http://x
  Usage Exception: Config option 'phabricator.base-uri' is invalid. The URI must contain a dot ('.'), like 'http://example.com/', not just a bare name like 'http://example/'. Some web browsers will not set cookies on domains with no TLD.
  $ ./bin/config set phabricator.base-uri http://x.com
  Set 'phabricator.base-uri' in local configuration.
  $

Tested `config get`:

  $ ./bin/config get pygments.enabled
  {
    "config" : []
  }
  $ ./bin/config set pygments.enabled true
  Set 'pygments.enabled' in local configuration.
  $ ./bin/config get pygments.enabled
  {
    "config" : [
      {
        "key"    : "pygments.enabled",
        "source" : "local",
        "value"  : true
      }
    ]
  }
  $

Tested `config delete`:

  $ ./bin/config delete
  Usage Exception: Specify a configuration key to delete.
  $ ./bin/config delete x x
  Usage Exception: Too many arguments: expected one key.
  $ ./bin/config delete x
  Usage Exception: No such configuration key 'x'! Use `config list` to list all keys.
  $ ./bin/config delete pygments.enabled
  Deleted 'pygments.enabled' from local configuration.
  $ ./bin/config delete pygments.enabled
  Usage Exception: Configuration key 'pygments.enabled' is not set in local configuration!
  $

Tested `config list`:

  $ ./bin/config list
  account.editable
  account.minimum-password-length
  amazon-ec2.access-key
  amazon-ec2.secret-key
  amazon-s3.access-key
  amazon-s3.endpoint
  amazon-s3.secret-key
  amazon-ses.access-key
  amazon-ses.secret-key
  aphront.default-application-configuration-class
  audit.can-author-close-audit
  auth.email-domains
  auth.login-message
  auth.password-auth-enabled
  auth.require-email-verification
  auth.sessions.conduit
  auth.sessions.web
  auth.sshkeys.enabled
  cache.enable-deflate
  celerity.force-disk-reads
  celerity.minify
  celerity.resource-hash
  celerity.resource-path
  config.hide
  config.lock
  config.mask
  controller.oauth-registration
  darkconsole.always-on
  darkconsole.enabled
  debug.profile-rate
  debug.stop-on-redirect
  differential.allow-reopen
  differential.allow-self-accept
  differential.always-allow-close
  differential.anonymous-access
  differential.custom-remarkup-block-rules
  differential.custom-remarkup-rules
  differential.days-fresh
  differential.days-stale
  differential.enable-email-accept
  differential.expose-emails-prudently
  differential.field-selector
  differential.generated-paths
  differential.require-test-plan-field
  differential.revision-custom-detail-renderer
  differential.show-host-field
  differential.show-test-plan-field
  differential.whitespace-matters
  disqus.application-id
  disqus.application-secret
  disqus.auth-enabled
  disqus.auth-permanent
  disqus.registration-enabled
  disqus.shortname
  environment.append-paths
  events.listeners
  facebook.application-id
  facebook.application-secret
  facebook.auth-enabled
  facebook.auth-permanent
  facebook.registration-enabled
  facebook.require-https-auth
  feed.http-hooks
  feed.public
  files.image-mime-types
  files.viewable-mime-types
  gcdaemon.ttl.daemon-logs
  gcdaemon.ttl.differential-parse-cache
  gcdaemon.ttl.general-cache
  gcdaemon.ttl.herald-transcripts
  gcdaemon.ttl.markup-cache
  gcdaemon.ttl.task-archive
  github.application-id
  github.application-secret
  github.auth-enabled
  github.auth-permanent
  github.registration-enabled
  google.application-id
  google.application-secret
  google.auth-enabled
  google.auth-permanent
  google.registration-enabled
  ldap.activedirectory_domain
  ldap.anonymous-user-name
  ldap.anonymous-user-password
  ldap.auth-enabled
  ldap.base_dn
  ldap.hostname
  ldap.port
  ldap.real_name_attributes
  ldap.referrals
  ldap.search-first
  ldap.search_attribute
  ldap.start-tls
  ldap.username-attribute
  ldap.version
  load-libraries
  log.access.format
  log.access.path
  maniphest.custom-fields
  maniphest.custom-task-extensions-class
  maniphest.default-priority
  maniphest.enabled
  metamta.can-send-as-user
  metamta.default-address
  metamta.differential.attach-patches
  metamta.differential.inline-patches
  metamta.differential.patch-format
  metamta.differential.reply-handler
  metamta.differential.reply-handler-domain
  metamta.differential.subject-prefix
  metamta.differential.unified-comment-context
  metamta.diffusion.attach-patches
  metamta.diffusion.byte-limit
  metamta.diffusion.inline-patches
  metamta.diffusion.reply-handler
  metamta.diffusion.reply-handler-domain
  metamta.diffusion.subject-prefix
  metamta.diffusion.time-limit
  metamta.domain
  metamta.herald.show-hints
  metamta.insecure-auth-with-reply-to
  metamta.macro.reply-handler-domain
  metamta.macro.subject-prefix
  metamta.mail-adapter
  metamta.maniphest.default-public-author
  metamta.maniphest.public-create-email
  metamta.maniphest.reply-handler
  metamta.maniphest.reply-handler-domain
  metamta.maniphest.subject-prefix
  metamta.one-mail-per-recipient
  metamta.package.reply-handler
  metamta.package.subject-prefix
  metamta.pholio.reply-handler-domain
  metamta.pholio.subject-prefix
  metamta.placeholder-to-recipient
  metamta.precedence-bulk
  metamta.public-replies
  metamta.re-prefix
  metamta.recipients.show-hints
  metamta.reply.show-hints
  metamta.send-immediately
  metamta.single-reply-handler-prefix
  metamta.user-address-format
  metamta.vary-subjects
  mysql.configuration-provider
  mysql.host
  mysql.implementation
  mysql.pass
  mysql.user
  notification.client-uri
  notification.debug
  notification.enabled
  notification.log
  notification.pidfile
  notification.server-uri
  notification.user
  phabricator.application-id
  phabricator.application-secret
  phabricator.auth-enabled
  phabricator.auth-permanent
  phabricator.base-uri
  phabricator.csrf-key
  phabricator.env
  phabricator.mail-key
  phabricator.oauth-uri
  phabricator.production-uri
  phabricator.registration-enabled
  phabricator.serious-business
  phabricator.setup
  phabricator.show-beta-applications
  phabricator.show-error-callout
  phabricator.show-stack-traces
  phabricator.timezone
  phame.skins
  phd.log-directory
  phd.pid-directory
  phd.start-taskmasters
  phd.trace
  phd.verbose
  phid.external-loaders
  phpmailer.mailer
  phpmailer.smtp-host
  phpmailer.smtp-password
  phpmailer.smtp-port
  phpmailer.smtp-protocol
  phpmailer.smtp-user
  phriction.enabled
  policy.allow-public
  pygments.dropdown-choices
  pygments.enabled
  recaptcha.enabled
  recaptcha.private-key
  recaptcha.public-key
  remarkup.enable-embedded-youtube
  repository.default-local-path
  search.elastic.host
  search.engine-selector
  security.alternate-file-domain
  security.hmac-key
  security.require-https
  sendgrid.api-key
  sendgrid.api-user
  storage.default-namespace
  storage.engine-selector
  storage.local-disk.path
  storage.mysql-engine.max-size
  storage.s3.bucket
  storage.upload-size-limit
  style.monospace
  syntax-highlighter.engine
  syntax.filemap
  test.value
  tokenizer.ondemand
  translation.override
  translation.provider
  uri.allowed-protocols
  $

Reviewers: btrahan, codeblock

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2254

Differential Revision: https://secure.phabricator.com/D4570
2013-01-21 15:27:42 -08:00
Nick Pellegrino
f0682941b6 Testing that PhabricatorEnv::getEnvConfig throws an exception if config option is not found.
Summary: Unit test for T2345

Test Plan: Ran unit tests, checked that it passed.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4552
2013-01-19 17:05:45 -08:00
Nick Pellegrino
3e6fa43658 getConfigEnv fails fast when key is not found and no default value is given.
Summary:
T2345
getConfig throws an Exception when the key does not exist.
Also removes dead code that throws an Exception.

Test Plan:
Reloaded the Phabricator home page.  In the process, found
2 Exceptions thrown due to nonexistent keys.  After addressing these problems,
the home page loads without Exceptions.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4541
2013-01-19 12:11:28 -08:00
epriestley
d5c29e1135 Make timezone configuration impossible to get wrong
Summary: Fixes T2269. If the user manages to mess up both the PHP and Phabricator configurations, set the timezone to UTC. We basically never use this anyway (we always render into the user's time), PHP just gets angry at us if we don't set it. (We do use it for logged-out users, I suppose.)

Test Plan: Set PHP and Phabricator timezones to goofy nonsense, verified we recover sensibly from it.

Reviewers: btrahan, vrana

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2228, T2269

Differential Revision: https://secure.phabricator.com/D4496
2013-01-19 08:38:37 -08:00