1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-17 20:32:41 +01:00
Commit graph

8446 commits

Author SHA1 Message Date
epriestley
45e9f8e689 Minor, getEmail() no longer exists. 2012-05-07 10:45:03 -07:00
epriestley
95017e14e9 Minor, derrrp. 2012-05-07 10:34:07 -07:00
epriestley
58efe52b3a Minor, fix method call fatal. 2012-05-07 10:32:29 -07:00
epriestley
87207b2f4e Allow users to have multiple email addresses, and verify emails
Summary:
  - Move email to a separate table.
  - Migrate existing email to new storage.
  - Allow users to add and remove email addresses.
  - Allow users to verify email addresses.
  - Allow users to change their primary email address.
  - Convert all the registration/reset/login code to understand these changes.
  - There are a few security considerations here but I think I've addressed them. Principally, it is important to never let a user acquire a verified email address they don't actually own. We ensure this by tightening the scoping of token generation rules to be (user, email) specific.
  - This should have essentially zero impact on Facebook, but may require some minor changes in the registration code -- I don't exactly remember how it is set up.

Not included here (next steps):

  - Allow configuration to restrict email to certain domains.
  - Allow configuration to require validated email.

Test Plan:
This is a fairly extensive, difficult-to-test change.

  - From "Email Addresses" interface:
    - Added new email (verified email verifications sent).
    - Changed primary email (verified old/new notificactions sent).
    - Resent verification emails (verified they sent).
    - Removed email.
    - Tried to add already-owned email.
  - Created new users with "accountadmin". Edited existing users with "accountadmin".
  - Created new users with "add_user.php".
  - Created new users with web interface.
  - Clicked welcome email link, verified it verified email.
  - Reset password.
  - Linked/unlinked oauth accounts.
  - Logged in with oauth account.
  - Logged in with email.
  - Registered with Oauth account.
  - Tried to register with OAuth account with duplicate email.
  - Verified errors for email verification with bad tokens, etc.

Reviewers: btrahan, vrana, jungejason

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1184

Differential Revision: https://secure.phabricator.com/D2393
2012-05-07 10:29:33 -07:00
epriestley
803dea1517 Make "user role" editing more clear
Summary: The various interfaces here are in conflict about what a role is and isn't. Make them all consistent.

Test Plan: Edited some users into various roles, verified they reported correctly.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1190

Differential Revision: https://secure.phabricator.com/D2415
2012-05-07 10:25:36 -07:00
epriestley
2d9d2f1aed Allow "Differential Revision ID" field appear on create/edit messages
Summary:
  - In practice, 'edit' has two modes, 'create' and 'edit'. These seem like they should map to "create a revision" and "update a revision", but they are completely different.
    - We use the "create" mode:
      - When creating a message from the working copy.
      - When creating a message from a file.
      - When creating a message from a commit.
      - When creating a message from a user template.
      - When creating a message from an "--edit"!
    - We use the "edit" mode:
      - ONLY when updating a revision with `arc diff --verbatim`.
  - The only difference is in which fields may be overwritten. Under "create", all fields may be overwritten. Under "edit", only safe fields may be overwritten.
  - The "Differential Revision" field currently does not render in either edit mode. This is wrong. Even though it can not be updated in the "edit" mode, it should still render in both modes. This is the only material change this revision makes.
  - Without this change, when we "create" a new message from a working copy and the working copy has a "Differential Revision" field, we incorrectly discard it.
  - The only field which does not render on edit modes now is "Reviewed by" (not "Reviewers"), which is correct, since we do not read the value.

Test Plan: Ran "arc diff" to create/update revisions. Ran "arc diff --verbatim" to create/update revisions with implicit edits (with D2411). Ran "arc diff --edit" to update revisions with explicit edits.

Reviewers: jungejason, btrahan

Reviewed by: jungejason

CC: vrana, aran

Differential Revision: https://secure.phabricator.com/D2412
2012-05-07 08:14:16 -07:00
epriestley
7b5f47b17d Enforce upload size limits and transport exceptions with appropriate response encoding
Summary:
  - When a user uploads an oversized file, throw an exception.
  - When an uncaught exception occurs during a Conduit request, return a Conduit response.
  - When an uncaught exception occurs during a non-workflow Ajax request, return an Ajax response.

Test Plan:
  - Uploaded overlarge files.
  - Hit an exception page with ?__ajax__=1 and ?__conduit__=1

Reviewers: btrahan, vrana, jungejason

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T875, T788

Differential Revision: https://secure.phabricator.com/D2385
2012-05-07 06:17:00 -07:00
epriestley
b80ea9e0e8 Revert cd63d9b2ce / D2403, see diff. This broke inline comments by making them not span enough columns. 2012-05-07 06:01:56 -07:00
epriestley
c30cb7669e Simplify transaction handling and restore read/write locks
Summary:
  - We used to have connection-level caching, so we needed getTransactionKey() to make sure there was one transaction state per real connection. We now cache in Lisk and each Connection object is guaranteed to represent a real, unique connection, so we can make this a non-static.
  - I kept the classes separate because it was a little easier, but maybe we should merge them?
  - Also track/implement read/write locking.
  - (The advantage of this over just writing LOCK IN SHARE MODE is that you can use, e.g., some Query class even if you don't have access to the queries it runs.)

Test Plan: Can you come up with a way to write unit tests for this? It seems like testing that it works requires deadlocking MySQL if the test is running in one process.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D2398
2012-05-05 11:29:09 -07:00
epriestley
9f9716f81f Fix Firefox upload fatal
Summary:
Several problems:

  - With fpm-warmup, 'PhabricatorAccessLog' is always loaded, even if it hasn't actually initialized. Use a global instead (barf). I'll fix this when I refactor index.php, hopefully soon.
  - The 'POST' check isn't sufficient in Firefox for HTML5 uploads -- not 100% sure why, maybe it encodes post bodies differently? I added an additional '__file__' requirement, and will add this param to GET on all file uploads in a future diff.

See discussion in D2381.

Test Plan: Uploaded files with Firefox via drag-and-drop without various mysterious errors.

Reviewers: vrana, btrahan, jungejason

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D2405
2012-05-05 11:28:30 -07:00
vrana
cd63d9b2ce Use subtler highlighting for copied and moved code
Summary:
The highlighting is distracting according to Nick Shrock and others.
Real designer, Lee Byron, helped me with this.

It also gives us unagressive target for jumping to the source line in future.

Another feature I will probably implement is highlighting also the source of copies/moves.
I will use the right side of the left column for it.

Test Plan:
Hover copied notifier.
Hover coverage notifier.

I've also checked that this doesn't break our super-flaky old/new code JavaScript detector.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Koolvin, leebyron, schrockn

Differential Revision: https://secure.phabricator.com/D2403
2012-05-04 21:56:24 -07:00
vrana
1c5412ebe6 Unhighlight bright code in coverage
Summary:
It looks weird:
{F10953, size=full}

Test Plan: Hover coverage.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2401
2012-05-04 18:06:28 -07:00
epriestley
db20c74044 Add a missing (string) cast to repository.query
Summary: The method returns a PhutilURI object, which json_encode() encodes as "{}" since all the properties are private.

Test Plan:
Examined the output of "repository.query" more carefully:

  "0" : {
    "name"      : "Phabricator",
    "callsign"  : "P",
    "vcs"       : "git",
    "uri"       : "http:\/\/local.aphront.com:8080\/diffusion\/P\/",
    "remoteURI" : "git:\/\/github.com\/facebook\/phabricator.git",
    "tracking"  : true
  },

Reviewers: csilvers, btrahan, vrana, jungejason

Reviewed By: csilvers

CC: aran

Differential Revision: https://secure.phabricator.com/D2402
2012-05-04 17:08:42 -07:00
epriestley
a122336b3e Try to diagnose App Login only for OAuth providers which support it
Summary: We currently try to do "app login" for all OAuth providers, but not all of them support it in a meaningful way. Particularly, it always fails for Google.

Test Plan: Ran google diagnostics on a working config, no longer got a diagnostic failure.

Reviewers: btrahan, vrana, csilvers

Reviewed By: csilvers

CC: aran

Differential Revision: https://secure.phabricator.com/D2377
2012-05-04 16:16:29 -07:00
epriestley
049048765d Add "repository.create" and "repository.query" methods to Conduit
Summary: Primarily for @csilvers who has 92 million repositories or something. This is a touch hacky, but movitated by pragmatism.

Test Plan:
  - Ran "repository.create" to create repositories, "repository.query" to list them.
  - Tested most or maybe all of the error conditions, probably.

Reviewers: btrahan, vrana, csilvers

Reviewed By: csilvers

CC: aran

Differential Revision: https://secure.phabricator.com/D2396
2012-05-04 16:16:22 -07:00
epriestley
e214536f38 Use "w" transactions for reading if they exist, so we can do transactional reads
Summary: Generally moves us toward having a sane approach to transaction handling.

Test Plan: See test case, which fails before this patch and passes afterwards.

Reviewers: vrana, btrahan, jungejason

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D2394
2012-05-04 13:25:53 -07:00
vrana
e4f4b6a3fe Add conduit method for deleting user status
Test Plan: All four eventualities.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2383
2012-05-04 13:03:02 -07:00
vrana
3fa310f3c0 Render shields before highlighting code
Summary:
It saves some time on non-highlighting generated and other not interesting code.

The code is quite complex (300 lines methods) so I'm not sure if everything is moved correctly.

P.S. I hope that moved code detector will work...

Test Plan:
Display generated file with all whitespace, verify that it is not highlighted.
Display normal file.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Koolvin

Maniphest Tasks: T1134

Differential Revision: https://secure.phabricator.com/D2358
2012-05-04 12:43:46 -07:00
vrana
8745374cb5 Mark optional conduit parameter 2012-05-04 00:33:00 -07:00
vrana
87ff461470 Add /F123 shortcut
Summary:
I wanted to point someone on a file uploaded to Phabricator and the normal link is just too long.

I guess that this also improves security. Because pointing someone to the file directly reveals the secret key used in /data/ and it can be served without auth?

We already use `{F123}` so there will be no conflicts in future because we wouldn't want to reuse it for something else.

I promote the link on /file/ - it adds one redirect but I think it's worth it. I also considered making the link from the File ID column but there are already too many links (with some duplicity).

Test Plan:
/file/
/F123 (redirect)
/F9999999999 (404)

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2380
2012-05-03 23:51:40 -07:00
vrana
416e4e7b67 Allowing setting user status
Summary:
I will use it for highlighting users which are not currently available.

Maybe I will also use it in the nagging tool.

I don't plan creating a UI for it as API is currently enough for us.
Maybe I will visualize it at /calendar/ later.

I plan creating `user.deletestatus` method when this one will be done.

Test Plan:
`storage upgrade`
Call Conduit `user.addstatus`.
Verify DB.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2382
2012-05-03 18:24:30 -07:00
epriestley
9b2ededd48 Document configuration of file upload limits
Summary: I have a patch which makes uploads all fancy and adds progress bars, but document the landscape first since it's quite complicated.

Test Plan: Generated, read docs. Configured `storage.upload-size-limit` to various values.

Reviewers: btrahan, vrana

Reviewed By: vrana

CC: aran

Maniphest Tasks: T875

Differential Revision: https://secure.phabricator.com/D2381
2012-05-03 17:30:17 -07:00
vrana
74ef98e76e Delete __init_env__.php
Summary: This script is not used since D976.

Test Plan:
  grep init_env

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2379
2012-05-03 14:28:52 -07:00
Evan Priestley
c901f8389d Merge pull request #109 from Khan/to-upstream2
Add docs for using lighttpd as the webserver.
2012-05-03 13:55:25 -07:00
Craig Silverstein
d6e2e4e4c5 Add docs for using lighttpd as the webserver.
lighttpd could support rules like this, to add efficiency:

    # Aggressively cache all static files
    $HTTP["url"] =~ "\.(jpg|gif|png|css|js|htc)" {
        expire.url = ( "" => "access 1 years" )
    }

    # Compress files for faster transfer
    compress.filetype = (
        "text/plain",
        "text/html",
        "text/javascript",
        "text/css",
        "text/xml"
    )

    compress.cache-dir = <would need to set to something>?

I don't know if that is necessary or useful.  Probably not a good idea
at this point, where the code is changing so rapidly: a 1 year cache
of javascript code could cause trouble.  And i think the default
lighttpd.conf already compresses text/html, text/plain, text/css, and
application/x-javascript by default, so we're ok there (could add
text/javascript and text/xml, I guess).
2012-05-03 13:42:35 -07:00
epriestley
6a04328430 Tighten scope requests with Google OAuth
Summary: We currently make a ludicrously gigantic permission request to do Google auth (read/write access to the entire address book), since I couldn't figure out how to do a more narrowly tailored request when I implemented it. @csilvers pointed me at some much more sensible APIs; we can now just ask for user ID, name, and email address.

Test Plan: Created a new account via Google Oauth. Linked/unlinked an existing account. Verified diagnostics page still works correctly. Logged in with a pre-existing Google account created with the old API (to verify user IDs are the same through both methods).

Reviewers: btrahan, vrana, csilvers, Makinde

Reviewed By: csilvers

CC: aran

Differential Revision: https://secure.phabricator.com/D2378
2012-05-03 13:25:06 -07:00
epriestley
5604a662df Minor, if we fatal before loading PhabricatorAccessLog, don't double-fatal. 2012-05-03 13:24:05 -07:00
vrana
631718f99e Implement getNthBusinessDay()
Summary: I will need it for nagging tool.

Test Plan:
None yet.
Please suggest me how to create a testing database (I need to insert some data in the table). I guess that it is now possible?
There is also probably some bug in `arc unit` - `setEnvConfig()` is not called before `getEnvConfig()` resulting in fatal error.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2376
2012-05-03 12:26:58 -07:00
vrana
45c662e4f7 Highlight disabled users in Remarkup
Test Plan:
  @btrahan
  @epriestley
  @xxx

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2374
2012-05-03 11:05:02 -07:00
vrana
73c82e5a94 Display holidays
Summary:
We will need it for two purposes:

- Status tool.
- Nagging tool - @aran suggested using "3 business days" and I don't want it to fall on New Year's Eve or such.

I don't plan working on any interface for editing this as this kind of data should be always imported.

Test Plan:
`bin/storage upgrade`
`scripts/calendar/import_us_holidays.php`
/calendar/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2375
2012-05-03 09:22:52 -07:00
vrana
826e5405b6 Open files in very large diffs inline
Summary: This allows writing inline comments and reduces different behavior between normal and very large diffs.

Test Plan:
Verify that normal diff works.
Verify that very large diff works.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2361
2012-05-02 17:51:35 -07:00
vrana
ec068ff453 Avoid fatal error if there's no Arcanist project or repository
Test Plan: Display diff without repository

Reviewers: nh, epriestley

Reviewed By: epriestley

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2373
2012-05-02 17:39:52 -07:00
vrana
fd3d510dc8 x
Summary:

Test Plan:

Reviewers:

CC:
2012-05-02 17:18:42 -07:00
Nick Harper
6039ca6fb5 Create option for differential custom fields to display warning on accept
Summary:
This adds support to differential fields to display warnings before a revision
gets accepted. Since lint and unit are differential fields, the code for their
warnings was moved into their respective field specification classes, so there
is only one code path for warnings (lint, unit, or custom).

Test Plan:
Select 'Accept' on a revision with lint/unit warnings and see messages appear
like they used to. Change it back to 'Comment' and they go away. Repeat with
a revision without lint/unit warnings and see no warnings appear. Checked
darkconsole to see no errors due to this.

Reviewers: jungejason, epriestley, vrana

Reviewed By: epriestley

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2363
2012-05-02 14:30:21 -07:00
vrana
81dd92fcdc Display Show Raw File link in Diffusion Change View
Summary: NOTE: `renderViewOptionsDropdown()` adds unnecessary parameters to URL but the link just redirects anyway.

Test Plan:
Show Raw File (Left and Right) in SVN and Git.
Verify also Added and Deleted files.

Reviewers: epriestley, aran

Reviewed By: epriestley

CC: Koolvin

Differential Revision: https://secure.phabricator.com/D2370
2012-05-02 14:18:35 -07:00
epriestley
63ce372480 Add "DiffusionRawDiffQuery"
Summary:
  - This is only slightly useful for updating Differential, since DiffQuery (vs RawDiffQuery) already gets you most of what you need. The only thing is that DiffQuery returns the diff for one path only right now(and the SVN version is very "special"). Should be easy to fix in the Git/HG cases at least, though (or maybe just use RawDiffQuery to avoid the SVN mess).
  - Added a "download raw diff" link.

Test Plan: Viewed Diffusion and raw commits for SVN, Mercurial and Git repositories.

Reviewers: vrana, btrahan, jungejason

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D2350
2012-05-02 13:43:45 -07:00
epriestley
5ab14d0879 Provide isolated, read/write storage fixtures for unit tests
Summary:
  - Unit tests can request storage fixtures.
  - We build one fixture across all tests in the process, which can quickstart (takes roughly 1s to build, 200ms to destroy for me). This is a one-time cost for running an arbitrary number of fixture-based tests.
  - We isolate all the connections inside transactions for each test, so individual tests don't affect one another.

Test Plan: Ran unit tests, which cover the important properties of fixtures.

Reviewers: btrahan, vrana, jungejason, edward

Reviewed By: btrahan

CC: aran, davidreuss

Maniphest Tasks: T140

Differential Revision: https://secure.phabricator.com/D2345
2012-05-02 12:42:23 -07:00
Nick Harper
56529f88e0 Show verb of closed diff based on backing vcs, not local vcs
Summary:
When choosing a verb to show with a closed differential revision, choose the
verb based on the upstream vcs, not the vcs used to create the diff, since these
are not the same thing. I also updated the documentation for the next step for
an accepted diff for the case where the local vcs and backing vcs aren't the
same (since arc land doesn't work for those).

Test Plan:
Loaded a committed diff and an accepted diff from fbcode and www to check that
they show the correct thing.

Reviewers: jungejason, epriestley

Reviewed By: epriestley

CC: aran, Koolvin

Maniphest Tasks: T1118

Differential Revision: https://secure.phabricator.com/D2360
2012-05-01 11:30:02 -07:00
vrana
b916722151 Index revision comments
Summary: Only inlines were indexed (contrary to what comment claims).

Test Plan: Index one revision, check database.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2359
2012-05-01 10:46:27 -07:00
epriestley
f04d8ab1a7 Further improve unit/lint rendering
Summary:
I think this improves things, let me know if you have feedback.

Also addresses T840.

Test Plan: See screenshots...

Reviewers: vrana, btrahan, jungejason

Reviewed By: vrana

CC: aran, zeeg

Maniphest Tasks: T840

Differential Revision: https://secure.phabricator.com/D2357
2012-05-01 10:15:56 -07:00
Bob Trahan
8988667dcc Make Oauth-registration flows a bit more resilient to failures from the providers
Summary: basically by validating we have good user data when we set the user data.

Test Plan: simulated a failure from a phabricator on phabricator oauth scenario. viewed ui that correctly told me there was an error with the provider and to try again.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Koolvin

Maniphest Tasks: T1077

Differential Revision: https://secure.phabricator.com/D2337
2012-05-01 11:51:40 +02:00
Bob Trahan
458563c68a Phame - use post title for the actual web page title
Summary: 'cuz it looks dumb to use a URI slug

Test Plan: viewed a post liked the title

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2338
2012-05-01 11:50:51 +02:00
vrana
2f047dce43 Trim lines before detecting copied/moved code
Test Plan:
https://secure.phabricator.com/differential/diff/4043/
{F10761}

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2352
2012-04-30 17:00:32 -07:00
vrana
4cc61687aa Hide lint and unit error details
Summary:
Before: {F10754}

After: {F10753}

Test Plan:
View revision with lint warnings and unit errors.
Click on Details.
Click on Details.
Click on Details.
Click on Details.

Reviewers: asukhachev, epriestley

Reviewed By: epriestley

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2351
2012-04-30 16:50:36 -07:00
vrana
4f9e5323ed Add image size to thumbnails in Remarkup
Test Plan:
View preview of comment with `{F10662}`.
Search for `>getThumb`.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2347
2012-04-30 13:32:00 -07:00
epriestley
1dcc00646a Make "Commandeer" yellow
Summary: See T1178

Test Plan: {F10739}

Reviewers: nh, btrahan, vrana, jungejason

Reviewed By: nh

CC: aran

Maniphest Tasks: T1178

Differential Revision: https://secure.phabricator.com/D2346
2012-04-30 13:07:06 -07:00
vrana
ef5ed6647b Document image macro restriction
Summary: D2230

Test Plan: Read.

Reviewers: mkjones, epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D2343
2012-04-30 12:35:07 -07:00
epriestley
b27d1b3075 Minor, fix an issue created by D2341 + D2342 (namespace storage changed). 2012-04-30 12:14:37 -07:00
epriestley
307ad51404 Minor, use the same connection throughout applyPatchSQL() -- previously we hit caches, but no longer after D2342. 2012-04-30 12:10:35 -07:00
epriestley
a10b91a6a9 Move connection cache from "AphrontDatabaseConnection"-level to "LiskDAO"-level
Summary:
  - Currently, connections are responsible for connection caching. However, I want unit tests to be able to say "throw away the entire connection cache" with storage fixtures, and this is difficult/impossible when connections are responsible for the cache.
  - The only behavioral change is that previously we would use the same connection for read-mode and write-mode queries. We'll now establish two connections. No installs actually differentiate between the modes so it isn't particularly relevant what we do here. In the long term, we should probably check the "w" cache before building a new "r" connection, so transactional code which involves reads and writes works (we don't have any such code right now).

Test Plan: Loaded pages, verified only one connection was established per database. Ran unit tests.

Reviewers: btrahan, vrana, jungejason, edward

Reviewed By: vrana

CC: aran

Maniphest Tasks: T140

Differential Revision: https://secure.phabricator.com/D2342
2012-04-30 11:57:10 -07:00