1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-19 05:12:41 +01:00
Commit graph

12503 commits

Author SHA1 Message Date
epriestley
46881c4ce5 Add a session engine extension point
Summary: Ref T7673. This is really just so I can force admin.phacility.com logout when you log out of an instance, but there are a few other things we could move here eventually, like the WILLREGISTERUSER event.

Test Plan: Logged out of an instance, got logged out of parent (see next change).

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T7673

Differential Revision: https://secure.phabricator.com/D15629
2016-04-05 15:19:47 -07:00
Chad Little
e6421b6ab3 Update Home for newPage
Summary: Converts /home/ to `newPage`

Test Plan: Pull up Quick Create page, home, mobile home.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15626
2016-04-05 13:53:54 -07:00
epriestley
5dec03af32 Make OAuth scope handling more flexible
Summary:
Ref T7303. Currently, our handling of "scope" is fairly rigid and adheres to the spec, but some of these behaviors don't make much sense in practice.

Soften some behaviors and make them more flexible:

**Soft Failure on Unknown Permissions**: If a client asks for a permission we don't know about, just warn that we don't recognize it instead of fataling. In particular, I plan to make `offline_access` and `whoami` implicit. Older clients that request these permissions will still work fine as long as we don't hard-fatal.

**Move `user.whoami` to ALWAYS scope**: Make `whoami` a default permission. We've already done this, in effect; this just formalizes it.

**Tokens no longer expire**: Make `offline_access` (infinite-duration tokens) a default permission. I think the OAuth model doesn't map well to reality. It is common for other providers to issue "temporary" tokens with a duration of multiple years, and the refesh workflow is sort of silly. We can add a "temporary" scope later if we need temporary tokens.

This flow was potentially extra silly with the "log out of Phacility" use case, where we might need to have you log in again before we could log you out, which is bizarre and senseless. Avoid this nonsense.

**Move away from granular permissions**: Users currently get to pick-and-choose which permissions they grant, but this likely rarely/never works in practice and is fairly hostile since applications can't communicate which permissions they need. Applications which can actually operate with only some subset of permissions can make separate requests (e.g., when you activate "cool feature X", it asks for X permission). I think applications that do this are rare; pretty much everything just asks for tons of permissions and everyone grants them.

Making this all-or-nothing is better for well-behaved applications and better for users. It's also slightly better for overzealous applications that ask for more than they need, but whatever. Users can make an informed decision, hopefully, and I plan to let administrators force applications to a subset of permissions once we introduce meaningful scopes.

Test Plan:
  - Generated tokens.
  - Used tokens.
  - Authorized an instance.
  - Faked some bogus scopes, got clean authorization.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T7303

Differential Revision: https://secure.phabricator.com/D15621
2016-04-05 13:53:33 -07:00
Chad Little
960f8abdf1 Update Settings for newPage
Summary: Converts over to `newPage`

Test Plan: Pull up Settings panel, test a few.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15625
2016-04-05 13:53:25 -07:00
Chad Little
c8995ad0fe Update phpast for new UI
Summary: New UI for phpast

Test Plan: Open page, doesn't crash

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15627
2016-04-05 13:52:59 -07:00
epriestley
8dfc7d4201 Allow OAuth applications to be disabled instead of destroyed
Summary: Ref T7303. This interaction is very oldschool; modernize it to enable/disable instead of "nuke from orbit".

Test Plan:
  - Enabled applications.
  - Disabled applications.
  - Viewed applications in list view.
  - Generated new tokens.
  - Tried to use a token from a disabled application (got rebuffed).
  - Tried to use a token from an enabled application (worked fine).

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T7303

Differential Revision: https://secure.phabricator.com/D15620
2016-04-05 13:22:05 -07:00
epriestley
c29bbbab19 Remove bogus '$this->resource' from SES error handling pathway
Summary: Ref T10728. This property does not exist and is never referenced. The `'resource'` key is also never referenced, so I believe this can be safely removed.

Test Plan: Will make @amckinley do my job for me.

Reviewers: chad

Reviewed By: chad

Subscribers: amckinley

Maniphest Tasks: T10728

Differential Revision: https://secure.phabricator.com/D15624
2016-04-05 13:19:07 -07:00
Chad Little
00604dff45 Update Releeph to new UI
Summary: Runs through Releeph to move to new UI and `newPage`

Test Plan: Ran through product, release, branch, everything seems to work.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15623
2016-04-05 13:16:10 -07:00
epriestley
1bd33ad759 Correct table documentation in Remarkup reference
Summary: Ref T10570. Earlier work on that task made tables activate even if indented so they work in quoted blocks. However, the documentation doesn't explicitly mark them in code blocks, so it turned them into markup.

Test Plan:
Used `bin/diviner generate` to regenerate documentation, verified it now renders properly.

{F1205818}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10570

Differential Revision: https://secure.phabricator.com/D15619
2016-04-05 09:02:54 -07:00
Chad Little
4d9bbc539e Update MetaMTA to new UI
Summary: Swaps over to new hotness

Test Plan: Pull up mail view, see new UI

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15616
2016-04-05 07:26:46 -07:00
Chad Little
57ed6b749a Update Help for newPage
Summary: Swaps over to `newPage` and `newDialog`

Test Plan: Unsure how to actually pull these up?

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15617
2016-04-05 07:26:31 -07:00
Chad Little
4761dba0cd Update Search edit page for new UI
Summary: Updates to use new UI

Test Plan: Save a custom query, edit a custom query

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15618
2016-04-05 07:26:09 -07:00
Chad Little
f2a38f52d7 Update Drydock remaining pages to new UI
Summary: Updates Console and Operations page.

Test Plan: Pull up Console, pull up status page

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15615
2016-04-05 07:25:43 -07:00
Chad Little
e965a59bca Update Batch Edit and Report pages
Summary: Moves these Maniphest pages over to modern UI, components

Test Plan: Batch Edit Tasks, View some reports.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15614
2016-04-05 07:24:47 -07:00
epriestley
57f016b166 Convert OAuthServer to Transactions + EditEngine
Summary: Ref T7303. This application is currently stone-age tech (no transactions, hard "delete" action). Bring it up to modern specs.

Test Plan:
  - Created and edited an OAuth application.
  - Viewed transaction record.
  - Tried to create something with no name, invalid redirect URI, etc. Was gently rebuffed with detailed explanatory errors.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T7303

Differential Revision: https://secure.phabricator.com/D15609
2016-04-05 01:55:49 -07:00
Chad Little
e2685a248b Update Conduit for new UI
Summary: View various conduit pages and update to new UI and add calls to newPage

Test Plan: View list, view method, make a call.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15613
2016-04-04 16:39:23 -07:00
Chad Little
0b54810ba1 Update Passphrase Edit/Create UI
Summary: Updates pages to modern UI, newPage

Test Plan: Create Crediential, Edit Credential

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15612
2016-04-04 14:22:13 -07:00
Chad Little
968a75b579 Update typeahead for new UI
Summary: Uses modern UI, `newPage`, etc. Changes table behavior to always scroll if too large for container, can't find anything this breaks, but be on the lookout.

Test Plan: Pull up help and view pages, search for some people and projects.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15611
2016-04-04 12:45:56 -07:00
Chad Little
23979a05aa Upate notifications for newPage
Summary: Single callsite, swap to `newPage`

Test Plan: Visit page, see same status message. Also remove device ready flag.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15610
2016-04-04 19:26:05 +00:00
Chad Little
3317086fdb Convert missing commit page to newPage
Summary: Minor conversion.

Test Plan: Fake a missing commit. View same layout.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15608
2016-04-04 10:34:34 -07:00
epriestley
b07a524b4b Fix resolution of commits in SVN repositories without callsigns
Summary:
Fixes T10721. When trying to load commits by identifier, we would take some bad pathways in Subversion if the repository had no callsign and end up missing the commits.

Fix this logic so it works for either callsigns (e.g., if passed `rXyyy`) or with PHIDs if passed repositories.

Test Plan:
  - Viewed SVN commit in a Subversion repository with no callsign.
  - Added a callsign, looked at it again.
  - Viewed non-SVN commits in callsign and non-callsign repositories.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10721

Differential Revision: https://secure.phabricator.com/D15607
2016-04-04 09:44:36 -07:00
epriestley
5f957807a7 Update OAuthServer for modern SearchEngine fields
Summary: Ref T7303. Small modernization.

Test Plan:
  - Searched by various users.
  - Viewed all, reordered, etc.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T7303

Differential Revision: https://secure.phabricator.com/D15606
2016-04-04 09:12:42 -07:00
epriestley
e55522cade Implement "auth.logout" Conduit API method
Summary:
Ref T7303. Ref T7673. This implements an "auth.logout" which:

  - terminates all web sessions;
  - terminates the current OAuth token if called via OAuth; and
  - may always be called via OAuth.

(Since it consumes an OAuth token, even a "malicious" OAuth application can't really be that much of a jerk with this: it can't continuously log you out, since calling the method once kills the token. The application would need to ask your permission again to get a fresh token.)

The primary goal here is to let Phacility instances call this against the Phacility upstream, so that when you log out of an instance it also logs you out of your Phacility account (possibly with a checkbox or something).

This also smooths over the session token code. Before this change, your sessions would get logged out but when you reloaded we'd tell you your session was invalid.

Instead, try to clear the invalid session before telling the user there's an issue. I think that ssentially 100% of invalid sessions are a result of something in this vein (e.g., forced logout via Settings) nowadays, since the session code is generally stable and sane and has been for a long time.

Test Plan:
  - Called `auth.logout` via console, got a reasonable logout experience.
  - Called `auth.logout` via OAuth.
    - Tried to make another call, verified OAuth token had been invalidated.
    - Verified web session had been invalidated.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T7303, T7673

Differential Revision: https://secure.phabricator.com/D15594
2016-04-04 09:12:06 -07:00
epriestley
60133b6fa5 Begin cleaning up OAuth scope handling
Summary:
Ref T7303. OAuth scope handling never got fully modernized and is a bit of a mess.

Also introduce implicit "ALWAYS" and "NEVER" scopes.

Always give tokens access to meta-methods like `conduit.getcapabilities` and `conduit.query`. These do not expose user information.

Test Plan:
  - Used a token to call `user.whoami`.
  - Used a token to call `conduit.query`.
  - Used a token to try to call `user.query`, got rebuffed.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T7303

Differential Revision: https://secure.phabricator.com/D15593
2016-04-04 09:11:51 -07:00
epriestley
694a8543d8 Modernize some OAuth Server code
Summary:
Ref T7303. This inches toward properly-behaved cluster logout.

  - Use IDs instead of PHIDs in URIs.
  - Slightly more modern code.
  - Fix some crumb stuff.

Test Plan: Created, edited, viewed, deleted, showed secret for, authorized, test-auth'd an application.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T7303

Differential Revision: https://secure.phabricator.com/D15592
2016-04-04 09:11:18 -07:00
Chad Little
f54a2007ea Update XHProf for newPage
Summary: Simple Conversion

Test Plan: Pull up /xhprof/

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15603
2016-04-04 08:40:49 -07:00
Chad Little
12dca28193 Update Phlux to new UI
Summary: Updates view, list, edit pages on Phlux.

Test Plan: Create a variable, see variable, edit variable, view lists.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15602
2016-04-04 08:40:36 -07:00
Chad Little
f90cd8a1ed Modernize People UI
Summary: Updates various /people/ pages for new UI and newPage

Test Plan: Review creating people, new people, sending invites, editing a profile, setting a new picture, something with LDAP

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15604
2016-04-04 08:06:44 -07:00
Chad Little
5452f215ee Update Feed Story page for newPage
Summary: Cleans up Feed Story individual page

Test Plan: View an individual story by clicking on date.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15599
2016-04-03 15:34:07 -07:00
Chad Little
49e5763cd0 Update PhortuneProviderAction to newPage
Summary: Updates to `newPage`

Test Plan: Unsure what specifically to test? Couldn't find where it's called.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15600
2016-04-03 15:33:53 -07:00
Chad Little
e61e426108 Update Facts for newPage
Summary: No UI updates, just swapping over to `newPage`

Test Plan: Pull up each page.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, yelirekim

Differential Revision: https://secure.phabricator.com/D15601
2016-04-03 15:07:52 -07:00
Chad Little
4e7e204ae9 Update Fund edit page for new UI
Summary: Updates fund for new edit UI

Test Plan: Create Fund, Edit Fund

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15595
2016-04-03 12:55:23 -07:00
Chad Little
867c699fee Update Macro Audio edit page for new UI
Summary: Updates Macro Audit Edit page with new UI and newPage

Test Plan: Edit Audio on macro, see new layout, save file.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15598
2016-04-03 12:54:24 -07:00
Chad Little
7694a6729f Update Owners edit paths page to new UI
Summary: Brings the edit paths page in owners up to new UI

Test Plan: Edit some paths, yo.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15596
2016-04-03 12:40:11 -07:00
lkassianik
88d15ce799 Adding awarder info to recipient list on badge view
Summary: Closes T8940, recipient list in badge view should show awarder and date info. Took a first stab at how we want to make the date look, but not sure. Looks odd as it is.

Test Plan: Open badge that has awards. Each recipient in list should have a subheader such as "Awarded by ... on ..."

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin

Maniphest Tasks: T8940

Differential Revision: https://secure.phabricator.com/D15590
2016-04-03 08:19:56 -07:00
Chad Little
fa6151778f Fix Legalpad "Sign" box
Summary: Missed converting this page, scenario. The box was poorly formatted.

Test Plan: Create a new document that needs signed, verify box is correctly spaced and colored.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15591
2016-04-02 19:58:35 -07:00
lkassianik
e66bf17505 Fixing the badges query, yet again
Summary: Forgot a more efficient way to get badge from award

Test Plan: Badges on user profiles should still show up with awarder handle on the back of the card

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15589
2016-04-02 18:56:36 -07:00
lkassianik
219357aa9f Adding awarder info to badge cards displayed on user profile pages
Summary: Ref T8940

Test Plan: Award badge, open recipient profile page, badge should appear in badges list, and flipping the badge card should show who awarded it.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: chad, Korvin

Maniphest Tasks: T8940

Differential Revision: https://secure.phabricator.com/D15570
2016-04-02 18:23:11 -07:00
Chad Little
839e7e2fc6 Update Config to new UI
Summary: Converts Config to new UI, updates to `newPage`

Test Plan: Review all pages in Config, setup issues, ignore an issue, edit a config option

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15587
2016-04-03 00:27:39 +00:00
Chad Little
72d12be850 Update Legalpad with modern UI
Summary: Updates Legalpad Manage/Edit with new UI layouts.

Test Plan: Wrote a new document with and without a preamble, edit document, sign document

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15576
2016-04-03 00:25:03 +00:00
Chad Little
bdeb5cf141 Update Multimeter to new UI
Summary: Converts to two column UI

Test Plan: Review a multiple sample page

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15584
2016-04-02 17:19:10 -07:00
Chad Little
2992b5277a Update Diviner to modern UI
Summary: Moves to `newPage`, updates UI on edit page.

Test Plan: Edit a book, view a book, main, list, search.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15585
2016-04-02 17:18:51 -07:00
Chad Little
13176e4185 Normalize Paste edit header
Summary: I've been rolling out "Edit ObjectName: ObjectTitle" consistantly here.

Test Plan: Review Paste edit title

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15586
2016-04-02 17:18:35 -07:00
Chad Little
8d8f983f6a Modernize Dashboard UI and code
Summary: Pulls everything over to two column UI and new edit pages. Removed history view and consolidated some pages.

Test Plan: New Panel, Edit Panel. New Dashboard, Edit Dashboard, View Standalone pages.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15588
2016-04-02 17:16:15 -07:00
Chad Little
fd94e07aad Update UIExamples for newPage
Summary: clever commit summary

Test Plan: clever test plan

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15583
2016-04-02 13:22:41 -07:00
Chad Little
7a1d2087d4 Update Tokens for newPage
Summary: Minor, moves to `newPage`

Test Plan: Test both pages, still work

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15582
2016-04-02 13:22:24 -07:00
Chad Little
64e117f1a5 Modernize Nuance Console page
Summary: Uses UI like Alamanc Console page

Test Plan: Review Console page, click on items.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15581
2016-04-02 13:22:03 -07:00
Chad Little
891661fbe7 Update PhrictionDocument to newPage
Summary: Little straggler here, updates to `newPage`

Test Plan: Review a document, no visibile changes

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15580
2016-04-02 13:21:46 -07:00
Chad Little
18e9e793c3 Update Phurl Edit page to new UI
Summary: Updates Phurl UI on Edit/Create

Test Plan: Edit a Phurl, Create a Phurl.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15579
2016-04-02 13:21:25 -07:00
Chad Little
5a1990487d Update Conpherence to newPage
Summary: Updates Conpherence pages to use `newPage`

Test Plan: View a Room, view list of joined rooms.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15578
2016-04-02 13:21:09 -07:00