1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-13 10:22:42 +01:00
Commit graph

39 commits

Author SHA1 Message Date
Gareth Evans
ef797494ca Add Allowed uris config
Summary:
Kind of a quick look at an idea for T2184

Ref T2184

Test Plan: Make sure the site still loads

Reviewers: epriestley

CC: aran, Korvin, mbishopim3

Maniphest Tasks: T2184

Differential Revision: https://secure.phabricator.com/D6045
2013-05-26 10:57:45 -07:00
Angelos Evripiotis
bfdce02689 prepend path/to/phabricator/support/bin/ to $PATH
Summary:
It's sometimes necessary to specify the paths to individual binaries
explicitly, e.g. a particular build of 'javelinsymbols' or a newer
version of git than is installed on your shared system.

By adding symlinks in the .../phabricator/support/bin/ directory you
can now spell these out using the file system.

Test Plan:
Ran on local Ubuntu VM:

  .. add 'TEST' repo to diffusion ..
  .. visit 127.0.01/diffusion/TEST - see ok ..

  $ cd /opt
  $ sudo sh -c 'echo "exit 1" > badgit'
  $ sudo chmod +x /opt/badgit
  $ sudo mkdir goodgit
  $ sudo mv /usr/bin/git /opt/goodgit/

  .. unset environment.append-paths ..
  .. visit 127.0.01/diffusion/TEST - see error 'git: not found' ..
  .. set environment.append-paths to /opt/goodgit/ ..
  .. visit 127.0.01/diffusion/TEST - see ok ..

  $ sudo ln -s /opt/badgit /usr/bin/git
  .. visit 127.0.01/diffusion/TEST - see error 'error #1' ..
  sudo ln -s /opt/goodgit/git web/phabricator/support/bin/git
  .. visit 127.0.01/diffusion/TEST - see ok ..

  .. unset environment.append-paths ..
  .. visit 127.0.01/diffusion/TEST - see ok ..

  $ sudo rm web/phabricator/support/bin/git
  .. visit 127.0.01/diffusion/TEST - see error 'error #1' ..

  $ sudo rm /usr/bin/git
  $ sudo mv /opt/goodgit/git /usr/bin/
  .. visit 127.0.01/diffusion/TEST - see ok ..

Note that 'DIRECTORY_SEPARATOR' was not used because apparently it's
portable and ok to just use '/'.
http://alanhogan.com/tips/php/directory-separator-not-necessary
(I'm pretty new to PHP so looking for guidance :)

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2378

Differential Revision: https://secure.phabricator.com/D5561
2013-04-03 12:49:46 -07:00
epriestley
cd07182e9c Provide a local cache for PhabricatorEnv
Summary: We hit some env config fairly often (~200 calls on the home page) and it's not especially cheap right now. This saves about 10ms on home, which is ~8% of the page weight on my machine.

Test Plan: Clicked around, everything seemed fine. Unit tests.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D5512
2013-04-01 12:05:49 -07:00
epriestley
32d23254c9 Use --user and --password from bin/storage in PHP migrations
Summary:
Fixes T2059. Ref T2517.

Currently, you can run `bin/storage upgrade` with `--user` and `--password` arguments. However, these clownishly apply only to `.sql` patches -- the `.php` migrations still use the default user and password.

This is dumb. Stop doing it. Respect `--user` and `--password` for PHP patches.

(I implemented "override", which is very similar to "repair", but kept them separate since I think they're semantically distinct enough to differentiate.)

Test Plan: Ran `./bin/storage upgrade --user x --pass y --apply phabricator:20130219.commitsummarymig.php`. Verified the correct user and password were used both for the initial connect and patch application.

Reviewers: chad, vrana

Reviewed By: chad

CC: aran

Maniphest Tasks: T2059, T2517

Differential Revision: https://secure.phabricator.com/D5115
2013-02-25 22:20:23 -08:00
epriestley
7e17acfb68 Remove PhabricatorSetup and make PHABRICATOR_ENV optional
Summary:
  - PHABRICATOR_ENV is now optional. If you don't specify it, we won't load a config file.
  - PhabricatorSetup is now gone.
    - I removed the alternate file domain check for now, see T2380.
  - `phabricator.setup` config is now gone.
  - Rewrote documentation:
    - No more mentions of `phabricator.setup`.
    - Normal install guide no longer mentions PHABRICATOR_ENV. This is now an advanced topic.
    - Clarified that you only need to set up one of apache, nginx or lighttpd.
    - Tweaked a few things I've seen users have difficulty with.

This should have no effect on any existing installs, but make the process much simpler for future installs.

Closes T2221.
Closes T2223.
Closes T2228.

Test Plan:
  - Removed my PHABRICATOR_ENV and went through the install process.
  - Generated and read documentation.

Reviewers: btrahan, chad

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2221, T2223, T2228

Differential Revision: https://secure.phabricator.com/D4596
2013-01-23 12:03:19 -08:00
epriestley
4425903480 Don't require phabricator.base-uri to be configured
Summary:
Fixes T2293.

We currently hard-require this in setup. We do not need to; we don't actually need it until we start running daemons. Move it to post-install and provide more guidance.

We could make this even easier in the future, but we'd need to special case it, since it's dangerous to let it be set to any value (if you set it to the wrong value, you can't log in). We could safely have a workflow which writes the current request URI into the database configuration, or a two-stage workflow where we set the URI and then verify it, but these both imply some special casing and complication. This should be a step forward from where we are today, regardless.

Test Plan:
Removed "phabricator.base-uri" from my configuration. Verified Phabricator still works.

Without "phabricator.base-uri" configured, logged in from multiple host names (127.0.0.1:8080, local.aphront.com:8080).

Configured "phabricator.base-uri". Verified my unblessed session no longer worked. Verified setup issue went away.

Reviewers: btrahan, vrana

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2293

Differential Revision: https://secure.phabricator.com/D4580
2013-01-22 13:57:02 -08:00
Nick Pellegrino
3e6fa43658 getConfigEnv fails fast when key is not found and no default value is given.
Summary:
T2345
getConfig throws an Exception when the key does not exist.
Also removes dead code that throws an Exception.

Test Plan:
Reloaded the Phabricator home page.  In the process, found
2 Exceptions thrown due to nonexistent keys.  After addressing these problems,
the home page loads without Exceptions.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4541
2013-01-19 12:11:28 -08:00
epriestley
d5c29e1135 Make timezone configuration impossible to get wrong
Summary: Fixes T2269. If the user manages to mess up both the PHP and Phabricator configurations, set the timezone to UTC. We basically never use this anyway (we always render into the user's time), PHP just gets angry at us if we don't set it. (We do use it for logged-out users, I suppose.)

Test Plan: Set PHP and Phabricator timezones to goofy nonsense, verified we recover sensibly from it.

Reviewers: btrahan, vrana

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2228, T2269

Differential Revision: https://secure.phabricator.com/D4496
2013-01-19 08:38:37 -08:00
Asher Baker
da9315b145 Read default values of custom config options
Summary: Because the Default configuration provider is loaded before custom libraries, any config options specified in them don't get a default values.

Test Plan: Looked at /config/

Reviewers: epriestley, codeblock, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4532
2013-01-19 08:36:08 -08:00
epriestley
9e2ec82094 Minor, fix initialization order so config initialization does not fatal on phlog(). 2013-01-18 11:29:18 -08:00
epriestley
0e36c802c5 Apply a hack to unbreak bin/storage upgrade across the DB config boundary
Summary: This is gross, but fixes an issue where `bin/storage upgrade` tries to access DB config which doesn't exist yet. We need a version of this for `bin/config` anyway. I'll sort this out into a proper sequenced startup process in a followup.

Test Plan: `bin/storage upgrade` no longer fatals when upgrading across the config boundary.

Reviewers: asherkin, codeblock, btrahan, vrana

Reviewed By: codeblock

CC: aran

Differential Revision: https://secure.phabricator.com/D4512
2013-01-18 07:50:52 -08:00
epriestley
5beaafb952 Load libraries before adding database config
Summary:
If your configuration overrides the connection adapter, we need to load libraries before we can setup the database config source.

Also lock this since it won't work when edited from the web anymore, and so sneaky users can't upload stuff and then edit their config to run arbitrary code.

Test Plan: See chatlog in #phabricator. This is a problem for Facebook only.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D4498
2013-01-17 18:59:58 -08:00
epriestley
b0d815d157 Repair invalid configuration by setting values back to defaults
Summary:
When configuration is set incorrectly (e.g., of the wrong type), detect and repair it by setting it to the default value. A setup warning will be raised separately.

Notably, this removes the need to hard-code all the class types.

This runs separately from the "invalid config" check because we need to run it on every page, but do setup checks only once per restart (some of them are slow).

Also dirty setup when we edit configuration.

Test Plan: Set config incorrectly on purpose, saw Phabricator correct it on restart and on every subsequent page load until it was fixed.

Reviewers: btrahan, vrana

Reviewed By: vrana

CC: aran

Maniphest Tasks: T2292

Differential Revision: https://secure.phabricator.com/D4492
2013-01-17 16:25:38 -08:00
epriestley
74cb7a8971 Add database configuration source to the source stack
Summary:
Read configuration from the new database source.

This adds an extra MySQL connect + query to every page. They're very cheap so I think we can suffer them for now, but I'd like to put cache in front of this at some point. The difficulties are:

  - If we use APC, multi-frontend installs (Facebook) can't dirty it (major problem), and the CLI can't dirty it (fine for now, maybe a major problem later).
  - If we use Memcache, we need to add config stuff.
  - We could use APC in all non-Facebook installs if we can make it dirtyable from the CLI, but I don't see a reasonable way to do that.
  - We don't have any other caches which are faster than the database.

So I'll probably implement Memcache support at some point, although this is a lame excuse for it.

Test Plan: Added some config values via web UI, saw them active on the install.

Reviewers: btrahan, codeblock, vrana

Reviewed By: codeblock

CC: aran

Maniphest Tasks: T2221

Differential Revision: https://secure.phabricator.com/D4296
2013-01-17 15:10:21 -08:00
vrana
f896696fde Don't pop invalid test environment
Summary: If `unset($env)` throws then we pop some other environment instead which is impossible to pop later.

Test Plan:
  $ arc unit src/infrastructure/env/__tests__ src/applications/calendar/storage/__tests__

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4488
2013-01-17 12:01:46 -08:00
epriestley
cbe9aea876 Enable log discard modes for all scripts
Summary:
Fixes T2273. We currently discard logs, service calls, etc., for daemons, but not for other scripts. However, other scripts may be long-running or issue a large body of service calls (e.g., `bin/search index --all`). We never retrieve this information from scripts (it is used to build darkconsole; in scripts, we echo it immediately under --trace), so discard it immediately to prevent these scripts from requiring a large amount of memory.

(When the daemons load `__init_script__.php` they end up calling this code, so this doesn't change anything for them. They hit another ServiceProfiler discard along the daemon pathways in libphutil, but the call is idempotent.)

Test Plan: Ran `bin/search index --all` and saw increasing memory usage before this patch, but steady memory usage after this patch.

Reviewers: btrahan, vrana, codeblock

Reviewed By: codeblock

CC: aran

Maniphest Tasks: T2273

Differential Revision: https://secure.phabricator.com/D4364
2013-01-08 15:54:08 -08:00
epriestley
21efc7cb64 Show all configuration defaults when editing configuration
Summary: Show the value for all loaded configuration sources.

Test Plan:
{F28469}

{F28470}

{F28471}

Reviewers: btrahan, codeblock

Reviewed By: codeblock

CC: aran

Maniphest Tasks: T2255

Differential Revision: https://secure.phabricator.com/D4312
2013-01-01 14:10:33 -08:00
epriestley
ba489f9d85 Add a local configuration source and a non-environmental ENV config source
Summary:
See discussion in T2221. Before we can move configuration to the database, we have a bootstrapping problem: we need database credentials to live //somewhere// if we can't guess them (and we can only really guess localhost / root / no password).

Some options for this are:

  - Have them live in ENV variables.
    - These are often somewhat unfamiliar to users.
    - Scripts would become a huge pain -- you'd have to dump a bunch of stuff into ENV.
    - Some environments have limited ability to set ENV vars.
    - SSH is also a pain.
  - Have them live in a normal config file.
    - This probably isn't really too awful, but:
    - Since we deploy/upgrade with git, we can't currently let them edit a file which already exists, or their working copy will become dirty.
    - So they have to copy or create a file, then edit it.
    - The biggest issue I have with this is that it will be difficult to give specific, easily-followed directions from Setup. The instructions need to be like "Copy template.conf.php to real.conf.php, then edit these keys: x, y, z". This isn't as easy to follow as "run script Y".
  - Have them live in an abnormal config file with script access (this diff).
    - I think this is a little better than a normal config file, because we can tell users 'run phabricator/bin/config set mysql.user phabricator' and such, which is easier to follow than editing a config file.

I think this is only a marginal improvement over a normal config file and am open to arguments against this approach, but I think it will be a little easier for users to deal with than a normal config file. In most cases they should only need to store three values in this file -- db user/host/pass -- since once we have those we can bootstrap everything else. Normal config files also aren't going away for more advanced users, we're just offering a simple alternative for most users.

This also adds an ENVIRONMENT file as an alternative to PHABRICATOR_ENV. This is just a simple way to specify the environment if you don't have convenient access to env vars.

Test Plan: Ran `config set x y`, verified writes. Wrote to ENVIRONMENT, ran `PHABRICATOR_ENV= ./bin/repository`.

Reviewers: btrahan, vrana, codeblock

Reviewed By: codeblock

CC: aran

Maniphest Tasks: T2221

Differential Revision: https://secure.phabricator.com/D4294
2012-12-30 06:16:15 -08:00
epriestley
19b2c3d3d0 Formalize configuration sources and source stacks
Summary: Currently, we have a configuration stack for unit tests, but they're built in to `PhabricatorEnv`. Pull them out and formalize them, so we can add more configuration sources (e.g., database).

Test Plan: Ran unit tests, web requests, scripts. This code had fairly good existing test coverage.

Reviewers: btrahan, vrana

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2223, T2221

Differential Revision: https://secure.phabricator.com/D4284
2012-12-25 06:44:29 -08:00
vrana
6cc196a2e5 Move files in Phabricator one level up
Summary:
- `kill_init.php` said "Moving 1000 files" - I hope that this is not some limit in `FileFinder`.
- [src/infrastructure/celerity] `git mv utils.php map.php; git mv api/utils.php api.php`
- Comment `phutil_libraries` in `.arcconfig` and run `arc liberate`.

NOTE: `arc diff` timed out so I'm pushing it without review.

Test Plan:
/D1234
Browsed around, especially in `applications/repository/worker/commitchangeparser` and `applications/` in general.

Auditors: epriestley

Maniphest Tasks: T1103
2012-06-01 12:32:44 -07:00
Bob Trahan
ed57869fc2 Fix setup from getRequiredClasses buggyboo
Summary:
D2470 added Package mailhandler, which was configured incorrectly in the getRequiredClasses function. this makes it like the other mail handlers

Reported at https://github.com/facebook/phabricator/issues/112

Test Plan: setup mode no longer fails

Reviewers: epriestley, jungejason, royklopper

Reviewed By: royklopper

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2476
2012-05-15 14:14:22 -07:00
Jason Ge
67d4f1ef4c Detect package change and send out email
Summary:
For package creation and deletion, send email to all the owners For
package modification, detect important fields such as owners and paths, and then
send out emails to all owners (including deleted owners and current owners)

Also start using transaction for package creation/deletion/modification.

Test Plan:
- tested mail creation and deletion
- tested modification to auditing enabled, primary owners, owners, paths

Reviewers: epriestley, nh, vrana

Reviewed By: epriestley

CC: prithvi, aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2470
2012-05-14 15:58:24 -07:00
epriestley
0f06287dc5 Allow PhabricatorEnv to be temporarily made mutable for unit tests
Summary: Introduces a scope-guarded way to override the env config, for unit tests which are sensitive to config values.

Test Plan: Ran unit tests.

Reviewers: btrahan, vrana, jungejason

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D2237
2012-04-17 07:52:01 -07:00
vrana
32d2395a45 Unify links to www.phabricator.com and phabricator.com
Test Plan:
  scripts/sql/upgrade_schema.php

Verify links at /directory/2/.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Maniphest Tasks: T1096

Differential Revision: https://secure.phabricator.com/D2172
2012-04-09 14:32:03 -07:00
vrana
2c8e6f99bd Standardize mysql.configuration-provider
Summary: NOTE: BC break!

Test Plan: /

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, nh

Differential Revision: https://secure.phabricator.com/D2130
2012-04-08 21:32:15 -07:00
vrana
d4c5761f41 Customizable MySQL implementation
Test Plan:
- /
- upgrade_schema.php
- Setup
- Try disabling mysql_connect.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2133
2012-04-07 10:54:12 -07:00
vrana
330d62984b Check required classes in setup
Test Plan:
Run setup with 'differential.attach-task-class' set to:

- ''
- 'FacebookTasksAttacher'
- 'X'

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1999
2012-03-22 15:58:27 -07:00
vrana
9622dcd98a Check instance of differential.attach-task-class
Test Plan: Attach Facebook task to revision

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1991
2012-03-22 11:10:49 -07:00
vrana
4fba549a99 Use PhabricatorEnv::newObjectFromConfig() wherever possible
Test Plan:
/mail/send/
scripts/aphront/aphrontpath.php /

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1983
2012-03-21 14:57:52 -07:00
vrana
07b60b2016 Require valid class for certain config settings
Summary:
It is now possible to set config setting requiring class of certain implementation to something completely else.
The consequence is that your Phabricator may stop working after update because you didn't implement some new method.

This diff validates the class upon usage.
It throws exception which is better than fatal thrown currently after calling undefined method.

Better solution would be to validate classes when setting the config but it would be too expensive - respective class definitions would have to be loaded and checked by reflection.

I was also thinking about some check script but nobody would run it after changing config.

The same behavior should be implemented for these settings:

- metamta.mail-adapter
- metamta.maniphest.reply-handler
- metamta.differential.reply-handler
- metamta.diffusion.reply-handler
- storage.engine-selector
- search.engine-selector
- differential.field-selector
- maniphest.custom-task-extensions-class
- aphront.default-application-configuration-class
- controller.oauth-registration

Test Plan:
Send comment, verify that it pass.
Change `metamta.differential.reply-handler` to incompatible class, verify that sending comment shows nice red exception.
Set `metamta.differential.reply-handler` to empty string, verify that it throws.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1919
2012-03-21 14:14:01 -07:00
epriestley
fce6a7089c Fix production file links for some alt-domain configurations
Summary:
We sometimes call PhabricatorEnv::getProductionURI($file->getBestURI()) or
similar, but this may currently cause us to construct a URI like this:

  http://domain.com/http://cdn-domain.com/file/data/xxx/yyy/name.jpg

Instead, if the provided URI has a domain already, leave it unmodified.

Test Plan: Attached a file to a task; got an email with a valid URI instead of
an invalid URI.

Reviewers: btrahan

Reviewed By: btrahan

CC: Makinde, aran, epriestley

Differential Revision: https://secure.phabricator.com/D1622
2012-02-15 17:06:36 -08:00
epriestley
549146bc7c Move ALL files to serve from the alternate file domain, not just files without
"Content-Disposition: attachment"

Summary:
We currently serve some files off the primary domain (with "Content-Disposition:
attachment" + a CSRF check) and some files off the alternate domain (without
either).

This is not sufficient, because some UAs (like the iPad) ignore
"Content-Disposition: attachment". So there's an attack that goes like this:

	- Alice uploads xss.html
	- Alice says to Bob "hey download this file on your iPad"
        - Bob clicks "Download" on Phabricator on his iPad, gets XSS'd.

NOTE: This removes the CSRF check for downloading files. The check is nice to
have but only raises the barrier to entry slightly. Between iPad / sniffing /
flash bytecode attacks, single-domain installs are simply insecure. We could
restore the check at some point in conjunction with a derived authentication
cookie (i.e., a mini-session-token which is only useful for downloading files),
but that's a lot of complexity to drop all at once.

(Because files are now authenticated only by knowing the PHID and secret key,
this also fixes the "no profile pictures in public feed while logged out"
issue.)

Test Plan: Viewed, info'd, and downloaded files

Reviewers: btrahan, arice, alok

Reviewed By: arice

CC: aran, epriestley

Maniphest Tasks: T843

Differential Revision: https://secure.phabricator.com/D1608
2012-02-14 14:52:27 -08:00
epriestley
cedb0c045a Lock down accepted next URI values for redirect after login
Summary:
I locked this down a little bit recently, but make
double-extra-super-sure that we aren't sending the user anywhere suspicious or
open-redirecty. This also locks down protocol-relative URIs (//evil.com/path)
although I don't think any browsers do bad stuff with them in this context, and
header injection URIs (although I don't think any of the modern PHP runtimes are
vulnerable).

Test Plan:
  - Ran tests.
  - Hit redirect page with valid and invalid next URIs; was punted to / for
invalid ones and to the right place for valid ones.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: arice, aran, epriestley, btrahan

Differential Revision: https://secure.phabricator.com/D1369
2012-01-13 11:58:45 -08:00
epriestley
5fdea30878 Documentation: improve Diffusion documentation 2011-05-19 13:40:40 -07:00
epriestley
baab61a01e Correct a mask config value
Summary:
The correct name of this key is 'github.application-secret', not
'github.secret'. Make DarkConsole check that all the masked keys exist to
prevent this from happening again. This isn't super important since this
is just intended to protected against casual security lapses (taking a
screenshot with DarkCnosole's "Config" tab open, for instance) but it's easy
to check for so it seems worthwhile to get right.

Test Plan:
Loaded page without the actual config file change, got an exception.
Fixed the config, reloaded the page, good news goats (really trying to get this
to catch on since goats are adorable).

Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: aran
Differential Revision: 189
2011-04-30 11:56:16 -07:00
epriestley
bb79418615 Don't send sandbox URIs in Herald messages. 2011-04-04 14:23:03 -07:00
epriestley
eccc76dae6 Fix some issues caught by HipHop, and work around some issues
caused by HipHop.
2011-02-26 21:01:42 -08:00
epriestley
3b7d73c41b Add a "Config" plugin to DarkConsole.
Summary: This plugin lets you see how the host is configured at runtime.

Test Plan:

Reviewers:

CC:
2011-02-11 16:48:43 -08:00
epriestley
03fec6e911 PhabricatorEnv
'infratructure' -> 'infrastructure' (rofl)
Recaptcha
Email Login / Forgot Password
Password Reset
2011-01-31 11:55:26 -08:00