1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-01 11:12:42 +01:00
Commit graph

68 commits

Author SHA1 Message Date
Joshua Spence
321c61a853 Remove daemon envHash and envInfo
Summary: Ref T7053. Remove the `envHash` and `envInfo` fields, which are no longer used now that the daemons restart automagically. Depends on D14458.

Test Plan: Saw no more setup issues.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: tycho.tatitscheff, epriestley

Maniphest Tasks: T7053

Differential Revision: https://secure.phabricator.com/D14446
2015-11-11 08:54:45 +11:00
Joshua Spence
368f359114 Use PhutilClassMapQuery instead of PhutilSymbolLoader
Summary: Use `PhutilClassMaQuery` instead of `PhutilSymbolLoader`, mostly for consistency. Depends on D13588.

Test Plan: Poked around a bunch of pages.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D13589
2015-08-14 07:49:01 +10:00
Joshua Spence
b6d745b666 Extend from Phobject
Summary: All classes should extend from some other class. See D13275 for some explanation.

Test Plan: `arc unit`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D13283
2015-06-15 18:02:27 +10:00
epriestley
069e60d2ff Send mail to targets in the user's translation
Summary: Ref T6367.

Test Plan:
  - Added and executed unit tests.
  - Sent mail to A (en_US) and B (en_A*).
  - Got one mail in English and one mail in ENGLISH.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6367

Differential Revision: https://secure.phabricator.com/D13142
2015-06-03 18:59:33 -07:00
Joshua Spence
36e2d02d6e phtize all the things
Summary: `pht`ize a whole bunch of strings in rP.

Test Plan: Intense eyeballing.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: hach-que, Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D12797
2015-05-22 21:16:39 +10:00
Joshua Spence
acb45968d8 Use __CLASS__ instead of hard-coding class names
Summary: Use `__CLASS__` instead of hard-coding class names. Depends on D12605.

Test Plan: Eyeball it.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: hach-que, Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D12806
2015-05-14 07:21:13 +10:00
epriestley
40fb0f98df Mostly defuse DNS rebinding attack for outbound requests
Summary: Ref T6755. I'll add some notes there about specifics.

Test Plan:
  - Made connections to HTTP and HTTPS URIs.
  - Added some debugging code to verify that HTTP URIs were pre-resolved.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6755

Differential Revision: https://secure.phabricator.com/D12169
2015-03-26 11:12:22 -07:00
epriestley
1c32c9b965 Improve granluarity and defaults of security.allow-outbound-http
Summary:
Ref T6755. This is a partial fix, but:

  - Allow netblocks to be blacklisted instead of making the feature all-or-nothing.
  - Default to disallow requests to all reserved private/local/special IP blocks. This should generally be a "safe" setting.
  - Explain the risks better.
  - Improve the errors rasied by Macro when failing.
  - Removed `security.allow-outbound-http`, as it is superseded by this setting and is somewhat misleading.
    - We still make outbound HTTP requests to OAuth.
    - We still make outbound HTTP requests for repositories.

From a technical perspective:

  - Separate URIs that are safe to link to or redirect to (basically, not "javascript://") from URIs that are safe to fetch (nothing in a private block).
  - Add the default blacklist.
  - Be more careful with response data in Macro fetching, and don't let the user see it if it isn't ultimately valid.

Additionally:

  - I want to do this check before pulling repositories, but that's enough of a mess that it should go in a separate diff.
  - The future implementation of T4190 needs to perform the fetch check.

Test Plan:
  - Fetched a valid macro.
  - Fetched a non-image, verified it didn't result in a viewable file.
  - Fetched a private-ip-space image, got an error.
  - Fetched a 404, got a useful-enough error without additional revealing response content (which is usually HTML anyway and not useful).
  - Fetched a bad protocol, got an error.
  - Linked to a local resource, a phriction page, a valid remote site, all worked.
  - Linked to private IP space, which worked fine (we want to let you link and redierect to other private services, just not fetch them).
  - Added and executed unit tests.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6755

Differential Revision: https://secure.phabricator.com/D12136
2015-03-23 10:44:03 -07:00
epriestley
d4680a7e4e Update Phabricator to work with more modular translations
Summary:
Ref T7152. Ref T1139. This updates Phabricator so third-party libraries can translate their own stuff. Also:

  - Hide "All Caps" when not in development mode, since some users have found this a little confusing.
  - With other changes, adds a "Raw Strings" mode (development mode only).
  - Add an example silly translation to make sure the serious business flag works.
  - Add a basic British English translation.
  - Simplify handling of translation overrides.

Test Plan:
  - Flipped serious business / development on and off and saw silly/development translations drop off.
  - Switched to "All Caps" and saw all caps.
  - Switched to Very English, Wow!
  - Switched to British english and saw "colour".

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7152, T1139

Differential Revision: https://secure.phabricator.com/D11747
2015-02-11 13:02:35 -08:00
epriestley
74ea59235a Make the "daemons and web have different config" warning more specific
Summary:
I'm hitting this in the cluster and couldn't figure it out after staring at it for a couple minutes. Produce a better error.

This dumps a hash of each configuration key value which is set to a non-default value into the daemon log. This is much more compact than the full config, and doesn't spread secrets around, so it seems like a good balance between providing information and going crazy with it.

Test Plan: {F284139}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11699
2015-02-05 14:07:35 -08:00
epriestley
d8550c114d Promote instance identity to the upstream and pass it to commit hooks
Summary:
Fixes T7019. In a cluster environment, pushes currently fail because the commit hook can't identify the instance.

For web processes, the hostname identifies the instance -- but we don't have a hostname in the hook.

For CLI processes, the environment identifies the instance -- but we don't have an environment in the hook under SVN.

Promote the instance identifier into the upstream and pack/unpack it explicitly for hooks. This is probably not useful for anyone but us, but the amount of special-purpose code we're introducing is very small.

I poked at trying to do this in a more general way, but:

  - We MUST know this BEFORE we run code, so the normal subclassing stuff is useless.
  - I couldn't come up with any other parameter which might ever be useful to pass in.

Test Plan: Used `git push` to push code through proxied HTTP, got a clean push.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7019

Differential Revision: https://secure.phabricator.com/D11495
2015-01-27 14:51:48 -08:00
Bob Trahan
923096efc8 Config - add phd.variant-config to suppress "Daemon & Web config" error message on a per key basis
Summary: Fixes T6959.

Test Plan: When I was ready to test the feature, the "Daemon & Web config" error already showed up, from having added phd.variant-config. I went meta and changed the value of phd.variant-config to have phd.variant-config. The config error disappeared. I then changed the conpherence setting about conpherence email prefix and the error showed up again. Removing the conpherence config setting made the error disappear once more.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6959

Differential Revision: https://secure.phabricator.com/D11399
2015-01-14 13:46:31 -08:00
epriestley
fa7bb8ff7a Add cluster.addresses and require membership before accepting cluster authentication tokens
Summary:
Ref T2783. Ref T6706.

  - Add `cluster.addresses`. This is a whitelist of CIDR blocks which define cluster hosts.
  - When we recieve a request that has a cluster-based authentication token, require the cluster to be configured and require the remote address to be a cluster member before we accept it.
    - This provides a general layer of security for these mechanisms.
    - In particular, it means they do not work by default on unconfigured hosts.
  - When cluster addresses are configured, and we receive a request //to// an address not on the list, reject it.
    - This provides a general layer of security for getting the Ops side of cluster configuration correct.
    - If cluster nodes have public IPs and are listening on them, we'll reject requests.
    - Basically, this means that any requests which bypass the LB get rejected.

Test Plan:
  - With addresses not configured, tried to make requests; rejected for using a cluster auth mechanism.
  - With addresses configred wrong, tried to make requests; rejected for sending from (or to) an address outside of the cluster.
  - With addresses configured correctly, made valid requests.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6706, T2783

Differential Revision: https://secure.phabricator.com/D11159
2015-01-02 15:13:41 -08:00
epriestley
19845395d8 Allow PhutilTranslator::translate() to return defaults
Summary: Allow PhutilTranslator::translate() to return defaults

Test Plan: Just check some strings returned correctly.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, Zolli, epriestley

Projects: #localization

Maniphest Tasks: T6845

Differential Revision: https://secure.phabricator.com/D11121
2015-01-01 08:15:40 -08:00
epriestley
6a5369b173 Add an extensible "SiteSource" for configuration
Summary:
Fixes T2792. This adds a pluggable configuration layer between all the stuff on disk (local/file) and the runtime configurable stuff (database).

An install can subclass this source and:

  - For Phacility, query a remote service (like Almanac) to retrieve hostname-based configuration, allowing one install to serve multiple instances.
  - Maybe for Phacility, query a remote service (like Phlux) to retrieve sitevar-like configuration (e.g., put everything in readonly mode to deal with a maintenance issue?). Not sure if we'll do this or not. We might just nuke Phlux since Almanac is sort-of-a-superset of it for our purposes.
  - For third parties, query some other remote service if that makes config management easier. In particular, it would theoretically let you put locked config in Zookeeper or whatever else you want.

Test Plan: Added a fake source and saw it inject configuration.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T2792

Differential Revision: https://secure.phabricator.com/D10787
2014-11-05 15:30:40 -08:00
Bob Trahan
04d501cf22 asort should be ksort 2014-08-27 11:36:08 -07:00
Bob Trahan
c2874945c8 Daemons - add status of environment to daemon console, etc
Summary: Shows the UI everywhere. Also asort() the keys before calculating the environment hash as that is probably an issue for someone at some point we just don't need to have. Ref T5968.

Test Plan: Viewed the setup check and saw a link to the daemon console. Viewed the daemon console and saw the various stale config daemons. Clicked a daemon and saw a "stale config" header icon where expected. Restarted daemons and all of this went away.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5968

Differential Revision: https://secure.phabricator.com/D10367
2014-08-27 11:35:21 -07:00
Bob Trahan
6f246bd351 Daemons - add a config check for out of date daemon environment
Summary: Fixes T4881.

Test Plan: made a config change, saw the issue, restarted daemons and it went away

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4881

Differential Revision: https://secure.phabricator.com/D10339
2014-08-22 14:52:36 -07:00
epriestley
df361470c1 Be more strict about "Location:" redirects
Summary:
Via HackerOne. Chrome (at least) interprets backslashes like forward slashes, so a redirect to "/\evil.com" is the same as a redirect to "//evil.com".

  - Reject local URIs with backslashes (we never generate these).
  - Fully-qualify all "Location:" redirects.
  - Require external redirects to be marked explicitly.

Test Plan:
  - Expanded existing test coverage.
  - Verified that neither Diffusion nor Phriction can generate URIs with backslashes (they are escaped in Diffusion, and removed by slugging in Phriction).
  - Logged in with Facebook (OAuth2 submits a form to the external site, and isn't affected) and Twitter (OAuth1 redirects, and is affected).
  - Went through some local redirects (login, save-an-object).
  - Verified file still work.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D10291
2014-08-18 14:11:06 -07:00
Joshua Spence
0a62f13464 Change double quotes to single quotes.
Summary: Ran `arc lint --apply-patches --everything` over rP, mainly to change double quotes to single quotes where appropriate. These changes also validate that the `ArcanistXHPASTLinter::LINT_DOUBLE_QUOTE` rule is working as expected.

Test Plan: Eyeballed it.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin, hach-que

Differential Revision: https://secure.phabricator.com/D9431
2014-06-09 11:36:50 -07:00
epriestley
38cc38eaf6 Modernize documentation links
Summary:
  - Point them at the new Diviner.
  - Make them a little less cumbersome to write.

Test Plan: Found almost all of these links in the UI and clicked them.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8553
2014-03-17 15:01:31 -07:00
Joshua Spence
e11adc4ad7 Added some additional assertion methods.
Summary:
There are quite a few tests in Arcanist, libphutil and Phabricator that do something similar to `$this->assertEqual(false, ...)` or `$this->assertEqual(true, ...)`.

This is unnecessarily verbose and it would be cleaner if we had `assertFalse` and `assertTrue` methods.

Test Plan: I contemplated adding a unit test for the `getCallerInfo` method but wasn't sure if it was required / where it should live.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Differential Revision: https://secure.phabricator.com/D8460
2014-03-08 19:16:21 -08:00
epriestley
df85cd83d1 Put PATH in $_ENV after we adjust it so ExecFuture/etc pick it up
Summary: The change to setEnv() means this may not propagate correctly in
some cases. See IRC.

Auditors: btrahan
2013-11-27 21:03:00 -08:00
epriestley
a6c4117ec4 Fix controller-level access rules
Summary:
Ref T603. I had to partially revert this earlier because it accidentally blocked access to Conduit and File data for installs without "policy.allow-public", since the applications are available to "all users" but some endpoints actually need to be available even when not logged in.

This readjusts the gating in the controller to properly apply application visibility restrictions, and then adds a giant pile of unit test coverage to make sure it sticks and all the weird cases are covered.

Test Plan:
  - Added and executed unit tests.
  - Executed most of the tests manually, by using logged in / admin / public / disabled users.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7211
2013-10-03 19:05:47 -07:00
epriestley
3b9ccf11f2 Drive auth config with the database
Summary: Ref T1536. This is the last major migration. Moves us over to the DB and drops all the config stuff.

Test Plan:
  - Ran the migration.
  - Saw all my old config brought forward and respected, with accurate settings.
  - Ran LDAP import.
  - Grepped for all removed config options.

Reviewers: btrahan, chad

Reviewed By: btrahan

CC: aran, wez

Maniphest Tasks: T1536

Differential Revision: https://secure.phabricator.com/D6243
2013-06-20 11:18:11 -07:00
Gareth Evans
ef797494ca Add Allowed uris config
Summary:
Kind of a quick look at an idea for T2184

Ref T2184

Test Plan: Make sure the site still loads

Reviewers: epriestley

CC: aran, Korvin, mbishopim3

Maniphest Tasks: T2184

Differential Revision: https://secure.phabricator.com/D6045
2013-05-26 10:57:45 -07:00
Angelos Evripiotis
bfdce02689 prepend path/to/phabricator/support/bin/ to $PATH
Summary:
It's sometimes necessary to specify the paths to individual binaries
explicitly, e.g. a particular build of 'javelinsymbols' or a newer
version of git than is installed on your shared system.

By adding symlinks in the .../phabricator/support/bin/ directory you
can now spell these out using the file system.

Test Plan:
Ran on local Ubuntu VM:

  .. add 'TEST' repo to diffusion ..
  .. visit 127.0.01/diffusion/TEST - see ok ..

  $ cd /opt
  $ sudo sh -c 'echo "exit 1" > badgit'
  $ sudo chmod +x /opt/badgit
  $ sudo mkdir goodgit
  $ sudo mv /usr/bin/git /opt/goodgit/

  .. unset environment.append-paths ..
  .. visit 127.0.01/diffusion/TEST - see error 'git: not found' ..
  .. set environment.append-paths to /opt/goodgit/ ..
  .. visit 127.0.01/diffusion/TEST - see ok ..

  $ sudo ln -s /opt/badgit /usr/bin/git
  .. visit 127.0.01/diffusion/TEST - see error 'error #1' ..
  sudo ln -s /opt/goodgit/git web/phabricator/support/bin/git
  .. visit 127.0.01/diffusion/TEST - see ok ..

  .. unset environment.append-paths ..
  .. visit 127.0.01/diffusion/TEST - see ok ..

  $ sudo rm web/phabricator/support/bin/git
  .. visit 127.0.01/diffusion/TEST - see error 'error #1' ..

  $ sudo rm /usr/bin/git
  $ sudo mv /opt/goodgit/git /usr/bin/
  .. visit 127.0.01/diffusion/TEST - see ok ..

Note that 'DIRECTORY_SEPARATOR' was not used because apparently it's
portable and ok to just use '/'.
http://alanhogan.com/tips/php/directory-separator-not-necessary
(I'm pretty new to PHP so looking for guidance :)

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2378

Differential Revision: https://secure.phabricator.com/D5561
2013-04-03 12:49:46 -07:00
epriestley
cd07182e9c Provide a local cache for PhabricatorEnv
Summary: We hit some env config fairly often (~200 calls on the home page) and it's not especially cheap right now. This saves about 10ms on home, which is ~8% of the page weight on my machine.

Test Plan: Clicked around, everything seemed fine. Unit tests.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D5512
2013-04-01 12:05:49 -07:00
epriestley
32d23254c9 Use --user and --password from bin/storage in PHP migrations
Summary:
Fixes T2059. Ref T2517.

Currently, you can run `bin/storage upgrade` with `--user` and `--password` arguments. However, these clownishly apply only to `.sql` patches -- the `.php` migrations still use the default user and password.

This is dumb. Stop doing it. Respect `--user` and `--password` for PHP patches.

(I implemented "override", which is very similar to "repair", but kept them separate since I think they're semantically distinct enough to differentiate.)

Test Plan: Ran `./bin/storage upgrade --user x --pass y --apply phabricator:20130219.commitsummarymig.php`. Verified the correct user and password were used both for the initial connect and patch application.

Reviewers: chad, vrana

Reviewed By: chad

CC: aran

Maniphest Tasks: T2059, T2517

Differential Revision: https://secure.phabricator.com/D5115
2013-02-25 22:20:23 -08:00
epriestley
7e17acfb68 Remove PhabricatorSetup and make PHABRICATOR_ENV optional
Summary:
  - PHABRICATOR_ENV is now optional. If you don't specify it, we won't load a config file.
  - PhabricatorSetup is now gone.
    - I removed the alternate file domain check for now, see T2380.
  - `phabricator.setup` config is now gone.
  - Rewrote documentation:
    - No more mentions of `phabricator.setup`.
    - Normal install guide no longer mentions PHABRICATOR_ENV. This is now an advanced topic.
    - Clarified that you only need to set up one of apache, nginx or lighttpd.
    - Tweaked a few things I've seen users have difficulty with.

This should have no effect on any existing installs, but make the process much simpler for future installs.

Closes T2221.
Closes T2223.
Closes T2228.

Test Plan:
  - Removed my PHABRICATOR_ENV and went through the install process.
  - Generated and read documentation.

Reviewers: btrahan, chad

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2221, T2223, T2228

Differential Revision: https://secure.phabricator.com/D4596
2013-01-23 12:03:19 -08:00
epriestley
4425903480 Don't require phabricator.base-uri to be configured
Summary:
Fixes T2293.

We currently hard-require this in setup. We do not need to; we don't actually need it until we start running daemons. Move it to post-install and provide more guidance.

We could make this even easier in the future, but we'd need to special case it, since it's dangerous to let it be set to any value (if you set it to the wrong value, you can't log in). We could safely have a workflow which writes the current request URI into the database configuration, or a two-stage workflow where we set the URI and then verify it, but these both imply some special casing and complication. This should be a step forward from where we are today, regardless.

Test Plan:
Removed "phabricator.base-uri" from my configuration. Verified Phabricator still works.

Without "phabricator.base-uri" configured, logged in from multiple host names (127.0.0.1:8080, local.aphront.com:8080).

Configured "phabricator.base-uri". Verified my unblessed session no longer worked. Verified setup issue went away.

Reviewers: btrahan, vrana

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2293

Differential Revision: https://secure.phabricator.com/D4580
2013-01-22 13:57:02 -08:00
epriestley
baa9d96082 Increase the power of bin/config
Summary:
Fixes T2254. Make the CLI for config more powerful:

  - Add validation for `set`.
  - Add `get`.
  - Add `list`.
  - Add `delete`.

The `get` command produces fairly verbose JSON to support flags like `--all`, or `--source database` later. The other commands are straightforward.

Test Plan:
Tested `config set`:

  $ ./bin/config set
  Usage Exception: Specify a configuration key and a value to set it to.
  $ ./bin/config set x
  Usage Exception: Specify a value to set the key 'x' to.
  $ ./bin/config set phabricator.base-uri
  Usage Exception: Specify a value to set the key 'phabricator.base-uri' to.
  $ ./bin/config set phabricator.base-uri x
  Usage Exception: Config option 'phabricator.base-uri' is invalid. The URI must start with 'http://' or 'https://'.
  $ ./bin/config set phabricator.base-uri http://x
  Usage Exception: Config option 'phabricator.base-uri' is invalid. The URI must contain a dot ('.'), like 'http://example.com/', not just a bare name like 'http://example/'. Some web browsers will not set cookies on domains with no TLD.
  $ ./bin/config set phabricator.base-uri http://x.com
  Set 'phabricator.base-uri' in local configuration.
  $

Tested `config get`:

  $ ./bin/config get pygments.enabled
  {
    "config" : []
  }
  $ ./bin/config set pygments.enabled true
  Set 'pygments.enabled' in local configuration.
  $ ./bin/config get pygments.enabled
  {
    "config" : [
      {
        "key"    : "pygments.enabled",
        "source" : "local",
        "value"  : true
      }
    ]
  }
  $

Tested `config delete`:

  $ ./bin/config delete
  Usage Exception: Specify a configuration key to delete.
  $ ./bin/config delete x x
  Usage Exception: Too many arguments: expected one key.
  $ ./bin/config delete x
  Usage Exception: No such configuration key 'x'! Use `config list` to list all keys.
  $ ./bin/config delete pygments.enabled
  Deleted 'pygments.enabled' from local configuration.
  $ ./bin/config delete pygments.enabled
  Usage Exception: Configuration key 'pygments.enabled' is not set in local configuration!
  $

Tested `config list`:

  $ ./bin/config list
  account.editable
  account.minimum-password-length
  amazon-ec2.access-key
  amazon-ec2.secret-key
  amazon-s3.access-key
  amazon-s3.endpoint
  amazon-s3.secret-key
  amazon-ses.access-key
  amazon-ses.secret-key
  aphront.default-application-configuration-class
  audit.can-author-close-audit
  auth.email-domains
  auth.login-message
  auth.password-auth-enabled
  auth.require-email-verification
  auth.sessions.conduit
  auth.sessions.web
  auth.sshkeys.enabled
  cache.enable-deflate
  celerity.force-disk-reads
  celerity.minify
  celerity.resource-hash
  celerity.resource-path
  config.hide
  config.lock
  config.mask
  controller.oauth-registration
  darkconsole.always-on
  darkconsole.enabled
  debug.profile-rate
  debug.stop-on-redirect
  differential.allow-reopen
  differential.allow-self-accept
  differential.always-allow-close
  differential.anonymous-access
  differential.custom-remarkup-block-rules
  differential.custom-remarkup-rules
  differential.days-fresh
  differential.days-stale
  differential.enable-email-accept
  differential.expose-emails-prudently
  differential.field-selector
  differential.generated-paths
  differential.require-test-plan-field
  differential.revision-custom-detail-renderer
  differential.show-host-field
  differential.show-test-plan-field
  differential.whitespace-matters
  disqus.application-id
  disqus.application-secret
  disqus.auth-enabled
  disqus.auth-permanent
  disqus.registration-enabled
  disqus.shortname
  environment.append-paths
  events.listeners
  facebook.application-id
  facebook.application-secret
  facebook.auth-enabled
  facebook.auth-permanent
  facebook.registration-enabled
  facebook.require-https-auth
  feed.http-hooks
  feed.public
  files.image-mime-types
  files.viewable-mime-types
  gcdaemon.ttl.daemon-logs
  gcdaemon.ttl.differential-parse-cache
  gcdaemon.ttl.general-cache
  gcdaemon.ttl.herald-transcripts
  gcdaemon.ttl.markup-cache
  gcdaemon.ttl.task-archive
  github.application-id
  github.application-secret
  github.auth-enabled
  github.auth-permanent
  github.registration-enabled
  google.application-id
  google.application-secret
  google.auth-enabled
  google.auth-permanent
  google.registration-enabled
  ldap.activedirectory_domain
  ldap.anonymous-user-name
  ldap.anonymous-user-password
  ldap.auth-enabled
  ldap.base_dn
  ldap.hostname
  ldap.port
  ldap.real_name_attributes
  ldap.referrals
  ldap.search-first
  ldap.search_attribute
  ldap.start-tls
  ldap.username-attribute
  ldap.version
  load-libraries
  log.access.format
  log.access.path
  maniphest.custom-fields
  maniphest.custom-task-extensions-class
  maniphest.default-priority
  maniphest.enabled
  metamta.can-send-as-user
  metamta.default-address
  metamta.differential.attach-patches
  metamta.differential.inline-patches
  metamta.differential.patch-format
  metamta.differential.reply-handler
  metamta.differential.reply-handler-domain
  metamta.differential.subject-prefix
  metamta.differential.unified-comment-context
  metamta.diffusion.attach-patches
  metamta.diffusion.byte-limit
  metamta.diffusion.inline-patches
  metamta.diffusion.reply-handler
  metamta.diffusion.reply-handler-domain
  metamta.diffusion.subject-prefix
  metamta.diffusion.time-limit
  metamta.domain
  metamta.herald.show-hints
  metamta.insecure-auth-with-reply-to
  metamta.macro.reply-handler-domain
  metamta.macro.subject-prefix
  metamta.mail-adapter
  metamta.maniphest.default-public-author
  metamta.maniphest.public-create-email
  metamta.maniphest.reply-handler
  metamta.maniphest.reply-handler-domain
  metamta.maniphest.subject-prefix
  metamta.one-mail-per-recipient
  metamta.package.reply-handler
  metamta.package.subject-prefix
  metamta.pholio.reply-handler-domain
  metamta.pholio.subject-prefix
  metamta.placeholder-to-recipient
  metamta.precedence-bulk
  metamta.public-replies
  metamta.re-prefix
  metamta.recipients.show-hints
  metamta.reply.show-hints
  metamta.send-immediately
  metamta.single-reply-handler-prefix
  metamta.user-address-format
  metamta.vary-subjects
  mysql.configuration-provider
  mysql.host
  mysql.implementation
  mysql.pass
  mysql.user
  notification.client-uri
  notification.debug
  notification.enabled
  notification.log
  notification.pidfile
  notification.server-uri
  notification.user
  phabricator.application-id
  phabricator.application-secret
  phabricator.auth-enabled
  phabricator.auth-permanent
  phabricator.base-uri
  phabricator.csrf-key
  phabricator.env
  phabricator.mail-key
  phabricator.oauth-uri
  phabricator.production-uri
  phabricator.registration-enabled
  phabricator.serious-business
  phabricator.setup
  phabricator.show-beta-applications
  phabricator.show-error-callout
  phabricator.show-stack-traces
  phabricator.timezone
  phame.skins
  phd.log-directory
  phd.pid-directory
  phd.start-taskmasters
  phd.trace
  phd.verbose
  phid.external-loaders
  phpmailer.mailer
  phpmailer.smtp-host
  phpmailer.smtp-password
  phpmailer.smtp-port
  phpmailer.smtp-protocol
  phpmailer.smtp-user
  phriction.enabled
  policy.allow-public
  pygments.dropdown-choices
  pygments.enabled
  recaptcha.enabled
  recaptcha.private-key
  recaptcha.public-key
  remarkup.enable-embedded-youtube
  repository.default-local-path
  search.elastic.host
  search.engine-selector
  security.alternate-file-domain
  security.hmac-key
  security.require-https
  sendgrid.api-key
  sendgrid.api-user
  storage.default-namespace
  storage.engine-selector
  storage.local-disk.path
  storage.mysql-engine.max-size
  storage.s3.bucket
  storage.upload-size-limit
  style.monospace
  syntax-highlighter.engine
  syntax.filemap
  test.value
  tokenizer.ondemand
  translation.override
  translation.provider
  uri.allowed-protocols
  $

Reviewers: btrahan, codeblock

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2254

Differential Revision: https://secure.phabricator.com/D4570
2013-01-21 15:27:42 -08:00
Nick Pellegrino
f0682941b6 Testing that PhabricatorEnv::getEnvConfig throws an exception if config option is not found.
Summary: Unit test for T2345

Test Plan: Ran unit tests, checked that it passed.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4552
2013-01-19 17:05:45 -08:00
Nick Pellegrino
3e6fa43658 getConfigEnv fails fast when key is not found and no default value is given.
Summary:
T2345
getConfig throws an Exception when the key does not exist.
Also removes dead code that throws an Exception.

Test Plan:
Reloaded the Phabricator home page.  In the process, found
2 Exceptions thrown due to nonexistent keys.  After addressing these problems,
the home page loads without Exceptions.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4541
2013-01-19 12:11:28 -08:00
epriestley
d5c29e1135 Make timezone configuration impossible to get wrong
Summary: Fixes T2269. If the user manages to mess up both the PHP and Phabricator configurations, set the timezone to UTC. We basically never use this anyway (we always render into the user's time), PHP just gets angry at us if we don't set it. (We do use it for logged-out users, I suppose.)

Test Plan: Set PHP and Phabricator timezones to goofy nonsense, verified we recover sensibly from it.

Reviewers: btrahan, vrana

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2228, T2269

Differential Revision: https://secure.phabricator.com/D4496
2013-01-19 08:38:37 -08:00
Asher Baker
da9315b145 Read default values of custom config options
Summary: Because the Default configuration provider is loaded before custom libraries, any config options specified in them don't get a default values.

Test Plan: Looked at /config/

Reviewers: epriestley, codeblock, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4532
2013-01-19 08:36:08 -08:00
epriestley
9e2ec82094 Minor, fix initialization order so config initialization does not fatal on phlog(). 2013-01-18 11:29:18 -08:00
epriestley
0e36c802c5 Apply a hack to unbreak bin/storage upgrade across the DB config boundary
Summary: This is gross, but fixes an issue where `bin/storage upgrade` tries to access DB config which doesn't exist yet. We need a version of this for `bin/config` anyway. I'll sort this out into a proper sequenced startup process in a followup.

Test Plan: `bin/storage upgrade` no longer fatals when upgrading across the config boundary.

Reviewers: asherkin, codeblock, btrahan, vrana

Reviewed By: codeblock

CC: aran

Differential Revision: https://secure.phabricator.com/D4512
2013-01-18 07:50:52 -08:00
epriestley
5beaafb952 Load libraries before adding database config
Summary:
If your configuration overrides the connection adapter, we need to load libraries before we can setup the database config source.

Also lock this since it won't work when edited from the web anymore, and so sneaky users can't upload stuff and then edit their config to run arbitrary code.

Test Plan: See chatlog in #phabricator. This is a problem for Facebook only.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D4498
2013-01-17 18:59:58 -08:00
epriestley
b0d815d157 Repair invalid configuration by setting values back to defaults
Summary:
When configuration is set incorrectly (e.g., of the wrong type), detect and repair it by setting it to the default value. A setup warning will be raised separately.

Notably, this removes the need to hard-code all the class types.

This runs separately from the "invalid config" check because we need to run it on every page, but do setup checks only once per restart (some of them are slow).

Also dirty setup when we edit configuration.

Test Plan: Set config incorrectly on purpose, saw Phabricator correct it on restart and on every subsequent page load until it was fixed.

Reviewers: btrahan, vrana

Reviewed By: vrana

CC: aran

Maniphest Tasks: T2292

Differential Revision: https://secure.phabricator.com/D4492
2013-01-17 16:25:38 -08:00
epriestley
74cb7a8971 Add database configuration source to the source stack
Summary:
Read configuration from the new database source.

This adds an extra MySQL connect + query to every page. They're very cheap so I think we can suffer them for now, but I'd like to put cache in front of this at some point. The difficulties are:

  - If we use APC, multi-frontend installs (Facebook) can't dirty it (major problem), and the CLI can't dirty it (fine for now, maybe a major problem later).
  - If we use Memcache, we need to add config stuff.
  - We could use APC in all non-Facebook installs if we can make it dirtyable from the CLI, but I don't see a reasonable way to do that.
  - We don't have any other caches which are faster than the database.

So I'll probably implement Memcache support at some point, although this is a lame excuse for it.

Test Plan: Added some config values via web UI, saw them active on the install.

Reviewers: btrahan, codeblock, vrana

Reviewed By: codeblock

CC: aran

Maniphest Tasks: T2221

Differential Revision: https://secure.phabricator.com/D4296
2013-01-17 15:10:21 -08:00
vrana
f896696fde Don't pop invalid test environment
Summary: If `unset($env)` throws then we pop some other environment instead which is impossible to pop later.

Test Plan:
  $ arc unit src/infrastructure/env/__tests__ src/applications/calendar/storage/__tests__

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4488
2013-01-17 12:01:46 -08:00
epriestley
cbe9aea876 Enable log discard modes for all scripts
Summary:
Fixes T2273. We currently discard logs, service calls, etc., for daemons, but not for other scripts. However, other scripts may be long-running or issue a large body of service calls (e.g., `bin/search index --all`). We never retrieve this information from scripts (it is used to build darkconsole; in scripts, we echo it immediately under --trace), so discard it immediately to prevent these scripts from requiring a large amount of memory.

(When the daemons load `__init_script__.php` they end up calling this code, so this doesn't change anything for them. They hit another ServiceProfiler discard along the daemon pathways in libphutil, but the call is idempotent.)

Test Plan: Ran `bin/search index --all` and saw increasing memory usage before this patch, but steady memory usage after this patch.

Reviewers: btrahan, vrana, codeblock

Reviewed By: codeblock

CC: aran

Maniphest Tasks: T2273

Differential Revision: https://secure.phabricator.com/D4364
2013-01-08 15:54:08 -08:00
epriestley
21efc7cb64 Show all configuration defaults when editing configuration
Summary: Show the value for all loaded configuration sources.

Test Plan:
{F28469}

{F28470}

{F28471}

Reviewers: btrahan, codeblock

Reviewed By: codeblock

CC: aran

Maniphest Tasks: T2255

Differential Revision: https://secure.phabricator.com/D4312
2013-01-01 14:10:33 -08:00
epriestley
ba489f9d85 Add a local configuration source and a non-environmental ENV config source
Summary:
See discussion in T2221. Before we can move configuration to the database, we have a bootstrapping problem: we need database credentials to live //somewhere// if we can't guess them (and we can only really guess localhost / root / no password).

Some options for this are:

  - Have them live in ENV variables.
    - These are often somewhat unfamiliar to users.
    - Scripts would become a huge pain -- you'd have to dump a bunch of stuff into ENV.
    - Some environments have limited ability to set ENV vars.
    - SSH is also a pain.
  - Have them live in a normal config file.
    - This probably isn't really too awful, but:
    - Since we deploy/upgrade with git, we can't currently let them edit a file which already exists, or their working copy will become dirty.
    - So they have to copy or create a file, then edit it.
    - The biggest issue I have with this is that it will be difficult to give specific, easily-followed directions from Setup. The instructions need to be like "Copy template.conf.php to real.conf.php, then edit these keys: x, y, z". This isn't as easy to follow as "run script Y".
  - Have them live in an abnormal config file with script access (this diff).
    - I think this is a little better than a normal config file, because we can tell users 'run phabricator/bin/config set mysql.user phabricator' and such, which is easier to follow than editing a config file.

I think this is only a marginal improvement over a normal config file and am open to arguments against this approach, but I think it will be a little easier for users to deal with than a normal config file. In most cases they should only need to store three values in this file -- db user/host/pass -- since once we have those we can bootstrap everything else. Normal config files also aren't going away for more advanced users, we're just offering a simple alternative for most users.

This also adds an ENVIRONMENT file as an alternative to PHABRICATOR_ENV. This is just a simple way to specify the environment if you don't have convenient access to env vars.

Test Plan: Ran `config set x y`, verified writes. Wrote to ENVIRONMENT, ran `PHABRICATOR_ENV= ./bin/repository`.

Reviewers: btrahan, vrana, codeblock

Reviewed By: codeblock

CC: aran

Maniphest Tasks: T2221

Differential Revision: https://secure.phabricator.com/D4294
2012-12-30 06:16:15 -08:00
epriestley
19b2c3d3d0 Formalize configuration sources and source stacks
Summary: Currently, we have a configuration stack for unit tests, but they're built in to `PhabricatorEnv`. Pull them out and formalize them, so we can add more configuration sources (e.g., database).

Test Plan: Ran unit tests, web requests, scripts. This code had fairly good existing test coverage.

Reviewers: btrahan, vrana

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2223, T2221

Differential Revision: https://secure.phabricator.com/D4284
2012-12-25 06:44:29 -08:00
vrana
6cc196a2e5 Move files in Phabricator one level up
Summary:
- `kill_init.php` said "Moving 1000 files" - I hope that this is not some limit in `FileFinder`.
- [src/infrastructure/celerity] `git mv utils.php map.php; git mv api/utils.php api.php`
- Comment `phutil_libraries` in `.arcconfig` and run `arc liberate`.

NOTE: `arc diff` timed out so I'm pushing it without review.

Test Plan:
/D1234
Browsed around, especially in `applications/repository/worker/commitchangeparser` and `applications/` in general.

Auditors: epriestley

Maniphest Tasks: T1103
2012-06-01 12:32:44 -07:00
epriestley
09c8af4de0 Upgrade phabricator to libphutil v2
Summary: Mechanical changes from D2588. No "Class.php" moves yet.

Test Plan: See D2588.

Reviewers: vrana, btrahan, jungejason

Reviewed By: vrana

CC: aran

Maniphest Tasks: T1103

Differential Revision: https://secure.phabricator.com/D2591
2012-05-30 14:26:29 -07:00
Bob Trahan
ed57869fc2 Fix setup from getRequiredClasses buggyboo
Summary:
D2470 added Package mailhandler, which was configured incorrectly in the getRequiredClasses function. this makes it like the other mail handlers

Reported at https://github.com/facebook/phabricator/issues/112

Test Plan: setup mode no longer fails

Reviewers: epriestley, jungejason, royklopper

Reviewed By: royklopper

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2476
2012-05-15 14:14:22 -07:00
Jason Ge
67d4f1ef4c Detect package change and send out email
Summary:
For package creation and deletion, send email to all the owners For
package modification, detect important fields such as owners and paths, and then
send out emails to all owners (including deleted owners and current owners)

Also start using transaction for package creation/deletion/modification.

Test Plan:
- tested mail creation and deletion
- tested modification to auditing enabled, primary owners, owners, paths

Reviewers: epriestley, nh, vrana

Reviewed By: epriestley

CC: prithvi, aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2470
2012-05-14 15:58:24 -07:00