1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-25 08:12:40 +01:00
Commit graph

9924 commits

Author SHA1 Message Date
Aviv Eyal
0569938880 expose renderHandle in PhabricatorModularTransactionType
Test Plan: Tested with a transactionType from an extension.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin

Maniphest Tasks: T9789

Differential Revision: https://secure.phabricator.com/D16236
2016-07-06 01:54:51 +00:00
epriestley
989b585bbe Fix ApplicationSearch URIs for Settings
Summary: Fixes T11275. This search query doesn't actually have any options so these links are a little pointless, but generate valid links instead of 404s.

Test Plan: Clicked "Advanced Search" and "Edit Queries" from `/settings/`.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11275

Differential Revision: https://secure.phabricator.com/D16238
2016-07-05 16:55:39 -07:00
epriestley
921d56efb0 Make repository URI creation work regardless of "repository" transaction order
Summary: Fixes T11276. This feels slightly iffy (we `attachRepository()` here, and also when applying the TYPE_REPOSITORY transaction) but simpler than trying to reorder things.

Test Plan: Created a repository URI with transactions in `["uri", "repository"]` order.

Reviewers: chad, avivey

Reviewed By: avivey

Maniphest Tasks: T11276

Differential Revision: https://secure.phabricator.com/D16237
2016-07-05 16:45:33 -07:00
epriestley
5ffdb73273 Don't try to prune unreachable commits from repositories with no outdated refs
Summary:
Fixes T11269. The basic issue is that `git log` in an empty repository exits with an error message.

Prior to recent Git (2.6?), this message reads:

> fatal: bad default revision 'HEAD'

This message was somewhat recently changed by <ce11360467>. After that, it reads:

> fatal: your current branch 'master' does not have any commits yet

This change isn't //technically// a //complete// fix because you could still hit this issue like this:

  - Create an empty repository.
  - Push some stuff to `master`.
  - Delete `master`.

However, this is very rare and even in this case the repository will fix itself once you push something again. We can try to fix that if any users ever actually hit it.

Test Plan:
  - Created a new empty Git repository.
  - Ran `bin/repository update Rxx`.
  - Before patch: "git log" error because of the empty repository.
  - After patch: clean update.
  - Also ran `repository update` on a non-empty repository.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11269

Differential Revision: https://secure.phabricator.com/D16234
2016-07-05 09:09:46 -07:00
epriestley
b53831101f Raise explicit setup issues about PHP 7
Summary: Ref T9640. Fixes T9888. Decline to support PHP 7 until the async signal handling issue in T11270 is resolved.

Test Plan: Faked local version, got helpful error message.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9640, T9888

Differential Revision: https://secure.phabricator.com/D16231
2016-07-05 05:33:26 -07:00
epriestley
c7e7f113fd Open "Help" menu links in a new window
Summary: Fixes T11243. Seems reasonable to open this stuff in a new window so you don't put any application state in Herald, etc., at risk -- looking in this menu for help with a currently-executing workflow is reasonable and normal.

Test Plan: Clicked a help menu link, saw it open in a new page.

Reviewers: avivey, chad

Reviewed By: chad

Maniphest Tasks: T11243

Differential Revision: https://secure.phabricator.com/D16230
2016-07-04 10:59:40 -07:00
epriestley
2a1393c008 Fix impropery history graph trace in Mercurial
Summary: Fixes T11267. This data was coming back weird (in reverse order relative to the graph itself). Previously it worked OK anyway, but the new logic is a little more sensitive to the input.

Test Plan: Viewed a Mercurial repository with linear history, saw linear history.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11267

Differential Revision: https://secure.phabricator.com/D16229
2016-07-04 10:24:14 -07:00
Chad Little
d09094f4fb More tokens
Summary: Ref T11244. 8 more tokens. Probably need better math on the selector?

Test Plan: Award Dat Boi.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: putnam, Korvin

Maniphest Tasks: T11244

Differential Revision: https://secure.phabricator.com/D16228
2016-07-03 18:32:40 -07:00
epriestley
fa6d3e2de3 Implement a "pro" EditEngine for dashboard panels
Summary:
Ref T10855. This can't replace the old edit flow yet, but get the basics in place.

(This is actually much closer to just being able to swap than I anticipated since CustomFields sort of just work, but the exiting flow has some "clone existing panel" / "place directly on dashboard" stuff that this doesn't yet.)

Test Plan: Created and edited a panel by manually using the "editpro" flow.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10855

Differential Revision: https://secure.phabricator.com/D16226
2016-07-03 15:07:36 -07:00
epriestley
d7b4c50941 Fix a flipped higlight vs no-highlight condition
Ref T11257.

Auditors: chad
2016-07-02 05:22:55 -07:00
epriestley
498cb5c096 Fix an XSS issue where Diffusion files exceeding the highlighting byte limit were not properly escaped
Fixes T11257.

Auditors: chad
2016-07-02 05:17:05 -07:00
epriestley
bc3ac31584 Don't load the entire graph for tasks
Summary:
Ref T4788. As it turns out, our tasks are very tightly connected.

Instead of loading every parent/child task, then every parent/child of those tasks, etc., etc., only load tasks in the "same direction" that we're already heading.

For example, we load children of children, but not parents of children. And we load parents of parents, but not children of parents.

Basically we only go "up" and "down" now, but not "out" as much. This should reduce the gigantic multiple-thousand-node graphs currently shown in the UI.

I still discover the whole graph for revisiosn, because I think it's probably more useful and always much smaller. That might need adjustment too, though.

Test Plan: Seems fine locally??

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4788

Differential Revision: https://secure.phabricator.com/D16218
2016-07-01 11:43:14 -07:00
Chad Little
f26374241a Make Phame Header and Profile Image Transactional
Summary: Ref T9360. This makes these transactional.

Test Plan: Set new header, delete header. Set new profile image, reset profile image.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T9360

Differential Revision: https://secure.phabricator.com/D16217
2016-07-01 11:23:42 -07:00
epriestley
0a132e468f Render parent and child tasks in Maniphest with a graph trace
Summary: Ref T4788. This seems reasonable locally, but not sure how it will feel on real data. Might need some tweaks, or might just be a terrible idea.

Test Plan: {F1708059}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4788

Differential Revision: https://secure.phabricator.com/D16214
2016-07-01 10:41:07 -07:00
epriestley
cc7ae60aaf Make the revision graph view more flexible
Summary:
Ref T4788. This separates the revision graph view into a base class with core logic and a revision class with Differential-specific logic, so I can subclass it in Maniphest, etc., and try using it in other applications to show similar graphs.

Not sure if we'll stick with it, but even if we don't this makes the code a bit cleaner and gets custom rendering logic out of the RevisionViewController, which is nice.

Test Plan: Viewed revisions, saw the stack UI completely unchanged.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4788

Differential Revision: https://secure.phabricator.com/D16213
2016-07-01 10:40:49 -07:00
Chad Little
95b1a89e5c New Tokens
Summary: New tokens, slightly larger (18x18 vs 16x16). I think these all feel decent, I might tweak the thumbs icons a little more color-wise.

Test Plan:
Use Tokens.

{F1707411}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T11244

Differential Revision: https://secure.phabricator.com/D16211
2016-07-01 07:12:34 -07:00
epriestley
dc37789d53 Build that thing someone posted a screenshot of on Facebook
Summary: Seemed kinda cool.

Test Plan: {F1707244}

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D16210
2016-07-01 04:36:24 -07:00
epriestley
6c7e392f89 Merge "Table of Contents", "Local Commits", "Update History" and "Similar Revisions"
Summary: Ref T10628. Turn these into tabs in a single box, since "local commits" and "similar revisions" are of particularly rare use.

Test Plan: {F1707196}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10628

Differential Revision: https://secure.phabricator.com/D16209
2016-06-30 18:50:52 -07:00
epriestley
65980ac683 Convert all remaining old tabs to new PHUITabGroupViews
Summary: Ref T10628. This moves everything else over. I'll clean up the cruft in the next diff.

Test Plan:
- Viewed Conduit API page, toggled tabs.
- Viewed Harbormaster build, toggled tabs.
- Viewed a Drydock lease, swapped tabs.
- Viewed a Drydock resource, swapped tabs.
- Viewed mail, swapped tabs.
- Grepped for `addPropertyList(...)`, looked for any remaining calls with a second argument.
- Also checked rSAAS for any calls, but we don't have anything there that uses tabs.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10628

Differential Revision: https://secure.phabricator.com/D16207
2016-06-30 18:50:09 -07:00
epriestley
5a4ecc7a9c Convert "Diff Details" tabs to PHUITabGroup
Summary:
Ref T10628. Switch this to be nicer and more modern.

  - When there's only one tab, add an option to hide it.

Test Plan:
  - Viewed normal revisions (no tabs).
  - Viewed X vs Y revisions (two tabs, rightmost tab selected by default).

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10628

Differential Revision: https://secure.phabricator.com/D16206
2016-06-30 18:49:51 -07:00
epriestley
189910d615 Make TabGroups a standalone UI element
Summary:
Ref T10628. Currently, tabs are part of ObjectBoxes. However, the code is a bit of a mess and I want to use them in some other contexts, notably the "prose diff" dialog to show "old raw, new raw, diff".

Pull them out, and update Files to use the new stuff. My plan is:

  - Update all callsites to this stuff.
  - Remove the builtin-in ObjectBox integration to simplify ObjectBox a bit.
  - Move forward with T10628.

This is pretty straightforward. A couple of the sigils are a little weird, but I'll update the JS later. For now, the same JS can drive both old and new tabs.

Test Plan: Viewed files, everything was unchanged.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10628

Differential Revision: https://secure.phabricator.com/D16205
2016-06-30 18:49:37 -07:00
epriestley
01862b8f23 Detect the MIME type of large files by examining the first chunk
Summary:
Fixes T11242. See that task for detailed discussion.

Previously, it didn't particularly matter that we don't MIME detect chunked files since they were all just big blobs of junk (PSDs, zips/tarballs, whatever) that we handled uniformly.

However, videos are large and the MIME type also matters.

  - Detect the overall mime type by detecitng the MIME type of the first chunk. This appears to work properly, at least for video.
  - Skip mime type detection on other chunks, which we were performing and ignoring. This makes uploading chunked files a little faster since we don't need to write stuff to disk.

Test Plan:
Uploaded a 50MB video locally, saw it as chunks with a "video/mp4" mime type, played it in the browser in Phabricator as an embedded HTML 5 video.

{F1706837}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11242

Differential Revision: https://secure.phabricator.com/D16204
2016-06-30 13:57:39 -07:00
epriestley
7a315780b4 When using the "Close as Duplicate" relationship action, limit the UI to 1 task
Summary:
Ref T4788. When closing a task as a duplicate of another task, you can only select one task, since it doesn't really make sense to merge one task into several other tasks (this operation is //possible//, but probably not what anyone ever wants to do, I think?).

Make the UI understand this: after you select a task, disable all of the "select" buttons in the UI to make this clear.

Test Plan:
  - Used "Close as Duplicate", only allowed to select 1 task.
  - Used other editors like "Merge Duplicates In", allowed to select lots of tasks.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4788

Differential Revision: https://secure.phabricator.com/D16203
2016-06-30 13:48:21 -07:00
Chad Little
23ec515afc Improve PhamePost search options
Summary: Ref T9360. This adds ability to search posts by blog(s) and by type better.

Test Plan:
Create some posts, search for them.

{F1705961}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T9360

Differential Revision: https://secure.phabricator.com/D16199
2016-06-30 12:56:28 -07:00
epriestley
163f2c4262 Refine available filters and defaults for relationship selection
Summary:
Ref T4788. Fixes T10703.

In the longer term I want to put this on top of ApplicationSearch, but that's somewhat complex and we're at a fairly good point to pause this feature for feedback.

Inch toward that instead: provide more appropriate filters and defaults without rebuilding the underlying engine. Specifically:

  - No "assigned" for commits (barely makes sense).
  - No "assigned" for mocks (does not make sense).
  - Default to "open" for parent tasks, subtasks, close as duplicate, and merge into.

Also, add a key to the `search_document` table to improve the performance of the "all open stuff of type X" query. "All Open Tasks" is about 100x faster on my machine with this key.

Test Plan:
  - Clicked all object relationships, saw more sensible filters and defaults.
  - Saw "open" query about 100x faster locally (300ms to 3ms).

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4788, T10703

Differential Revision: https://secure.phabricator.com/D16202
2016-06-30 11:51:36 -07:00
epriestley
7574f8dcf5 When all actions in a submenu are disabled, disable the submenu header
Summary: Fixes T11240. Also simplify things a little and share a bit more code.

Test Plan:
  - Viewed revisions and tasks, opened submenu.
  - Viewed as a user without edit permission, saw the menus greyed out.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11240

Differential Revision: https://secure.phabricator.com/D16201
2016-06-30 10:57:33 -07:00
epriestley
2a7545a452 Convert Maniphest merge operations to modern Relationship code
Summary:
Ref T4788. Fixes T7820. This updates the "Merge Duplicates In" interaction, and adds a "Close as Duplicate" action.

These are the last interactions that were using the old code, so it removes that code.

Merges are now recorded as real edges, so we can show them in the UI later on (originally from T9390, etc).

Also provides more general support for relationships which need EDIT permission, not-undoable relationships like merges, preventing relating an object to itself, and relationship side effects like merges.

Finally, fixes a couple of behaviors around typing an exact object name (like `T123`) to find the related object.

Test Plan:
  - Merged tasks into the current task.
  - Closed the current task as a duplicate of another task.
  - Edited other relationships.
  - Searched for tasks, commits, etc., by object monogram.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4788, T7820

Differential Revision: https://secure.phabricator.com/D16196
2016-06-30 08:35:45 -07:00
epriestley
4f8d07594e Fix a CSRF issue with adding new email addresses
Summary:
The first dialog was being given the wrong user (`$user`, should be `$viewer`), leading to a CSRF issue.

(The CSRF token it generated was invalid in all validation contexts, so this wasn't a security problem or a way to capture CSRF tokens for other users.)

Use `newDialog()` instead.

(This seems completely unrelated to the vaguely-similar-looking issues we saw earlier this week.)

Test Plan:
  - Added a new email address.
  - Clicked "Done" on the last step.
  - Completed workflow instead of getting a CSRF error.

Reviewers: chad, tide

Reviewed By: tide

Differential Revision: https://secure.phabricator.com/D16200
2016-06-30 08:35:24 -07:00
Chad Little
fd0a606f79 Misc Phame cleanup
Summary:
Ref T9360.

[x] View Live useless on archived blogs
[x] Edit Blog Image treatment like profiles
[x] Pager next/prev should keep you on whatever view you're on
[x] Unset user titles aren't falling back properly
[x] Add captions to edit fields for better clarification

Test Plan: Archive a blog, Edit a photo, verify pager on live and internal blogs, check empty titles, and view new edit form instructions.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T9360

Differential Revision: https://secure.phabricator.com/D16197
2016-06-29 19:08:32 -07:00
epriestley
dc9283b85d Convert all standard relationship-editing actions to modern Relationships code
Summary: Ref T4788. This moves everything except "merge" to the new code.

Test Plan:
  - Edited relationships in Differential, Diffusion, and Pholio.
  - Uninstalled Pholio, made sure "Edit Mocks..." actions vanished.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4788

Differential Revision: https://secure.phabricator.com/D16193
2016-06-29 11:24:52 -07:00
epriestley
25cc90d632 Inch toward using ApplicationSearch to power related objects
Summary:
Ref T4788. Fixes T9232. This moves the "search for stuff to attach to this object" flow away from hard-coding and legacy constants and toward something more modular and flexible.

It also adds an "Edit Commits..." action to Maniphest, resolving T9232. The behavior of the search for commits isn't great right now, but it will improve once these use real ApplicationSearch.

Test Plan: Edited a tasks' related commits, mocks, tasks, etc.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4788, T9232

Differential Revision: https://secure.phabricator.com/D16189
2016-06-29 11:22:29 -07:00
Chad Little
2b76785a13 Better 404 for Phame
Summary: "Fixes" fatals on phacility.com blog. If post_id is either `0` or any other integer not in the blog system, show a normal Phame 404 with crumbs.

Test Plan: http://local.blog.phacility.com/post/0/last_published/, http://local.blog.phacility.com/post/999999/last_published/

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D16192
2016-06-28 21:34:42 -07:00
epriestley
ec8581ab62 Clean up redirect URIs for "Temporary Tokens" and "API Tokens" settings panels
Summary: Fixes T11223. I missed a few of these; most of them kept working anyway because we have redirects in place, but make them a bit more modern/not-hard-coded.

Test Plan:
  - Generated and revoked API tokens for myself.
  - Generated and revoked API tokens for bots.
  - Revoked temporary tokens for myself.
  - Clicked the link to the API tokens panel from the Conduit console.
  - Clicked all the cancel buttons in all the dialogs, too.

In all cases, everything now points at the correct URIs. Previously, some things pointed at the wrong URIs (mostly dealing with stuff for bots).

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11223

Differential Revision: https://secure.phabricator.com/D16185
2016-06-28 14:51:04 -07:00
Chad Little
92fc628b04 Better destruction of PhameBlog, BadgesBadge
Summary: Allows proper destruction of Badge Awards and Phame Posts.

Test Plan: bin/remove destroy PHID...

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D16182
2016-06-27 18:24:23 -07:00
Aviv Eyal
de6349dd67 Revision substate CLOSED_FROM_ACCEPTED
Summary:
Ref T9838.

Add a Properties field to Revision, and update a `wasAcceptedBeforeClose` when closing a revision.

Test Plan:
A quick run through the obvious steps (Close with commit/manually,  with or w/o accept) and calling `differential.query` shows the `wasAcceptedBeforeClose` property was setup correctly.

Pushing closed + accepted passes the relevant herald, which was my immediate issue; Pushing un-accepted is blocked.
Test the "commit" rule (Different from "pre-commit") by hacking the DB and running the "has accepted revision" rule in a test-console.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Maniphest Tasks: T9838

Differential Revision: https://secure.phabricator.com/D15085
2016-06-27 20:29:47 +00:00
Chad Little
af5001db64 Allow PhameBlog to take a full URI instead of just a domain name
Summary: Ref T9897. This moves "Domain" to "DomainFullURI" to allow setting of https or for some reason, a port. I guess.

Test Plan: Try to break by setting a path, or fake protocol. Set to http, or https, see correct redirects. Verify domain still gets written.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T9897

Differential Revision: https://secure.phabricator.com/D16173
2016-06-24 14:11:52 -07:00
epriestley
89f9f97159 Provide basic support for Subversion revprops
Summary:
Ref T11208. See that task for a more detailed description of revprops.

This allows revprop changes in a hosted Subversion repository if the repository has the "allow dangerous changes" flag set.

In the future, we could expand this into real Herald support, but the only use case we have for now is letting `svnsync` work.

Test Plan:
Edited revprops with `svn propset --revprop -r 2 propkey propvalue repositoryuri`:

  - Tried before patch, got a "configure a commit hook" error.
  - Tried after patch, got a "dangerous change" error.
  - Allowed dangerous changes.
  - Did a revprop edit.
  - Prevented dangerous changes.
  - Got an error again.
  - Made a normal commit to an SVN repository.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11208

Differential Revision: https://secure.phabricator.com/D16174
2016-06-24 13:43:32 -07:00
Chad Little
a75eea7637 Fix spurious timeline entry for badges
Summary: Fixes T11164. At least, this fixes it locally for me. I don't know how to code. Copy Pasta!

Test Plan: Change name, don't see extra timeline entry on quality set anymore.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T11164

Differential Revision: https://secure.phabricator.com/D16169
2016-06-22 13:23:23 -07:00
Chad Little
3bb3170a2c Add space under comment previews
Summary: Fixes T11166. Adds some class, and space to the preview widget.

Test Plan: Test Maniphest, Ponder, etc, without a footer.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T11166

Differential Revision: https://secure.phabricator.com/D16168
2016-06-22 12:18:33 -07:00
epriestley
60c55387ab Don't show client-side setup prompts until user accounts activate
Summary: Fixes T11198. These are confusing or premature if you aren't an activated user: disabled or unapproved accounts won't be able to act on them.

Test Plan: Changed timezone, went through flow to correct it

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11198

Differential Revision: https://secure.phabricator.com/D16167
2016-06-22 11:54:15 -07:00
epriestley
2cb779575d Split "Edit Blocking Tasks" into "Edit Parent Tasks" and "Edit Subtasks"
Summary:
Ref T11179. This splits "Edit Blocking Tasks" into two options now that we have more room ("Edit Parent Tasks", "Edit Subtasks").

This also renames "Blocking" tasks to "Subtasks", and "Blocked" tasks to "Parent" tasks. My goals here are:

  - Make the relationship direction more clear: it's more clear which way is up with "parent" and "subtask" at a glance than with "blocking" and "blocked" or "dependent" and "dependency".
  - Align language with "Create Subtask".
  - To some small degree, use more flexible/general-purpose language, although I haven't seen any real confusion here.

Fixes T6815. I think I narrowed this down to two issues:

  - Just throwing a bare exeception (we now return a dialog explicitly).
  - Not killing open transactions when the cyclec check fails (we now kill them).

Test Plan:
  - Edited parent tasks.
  - Edited subtasks.
  - Tried to introduce graph cycles, got a nice error dialog.

{F1697087}

{F1697088}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T6815, T11179

Differential Revision: https://secure.phabricator.com/D16166
2016-06-22 11:20:38 -07:00
epriestley
4bbe6f307a Resolve relationship edit conflicts more naturally
Summary:
Ref T11179. Ref T4768. Currently, on `master`, if two users open "Edit Revisions" at the same time, then add revisions A and B, only the last state wins (just "B").

Instead, apply these as "add A" and "add B" so they merge in a natural way.

Test Plan:
  - Opened edit dialog in two windows.
  - Added "A" in one, "B" in the other.
  - Saved both.
  - Saw "Added A" and "Added B" transactions, instead of "Added A" and "Removed A, added B".

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4768, T11179

Differential Revision: https://secure.phabricator.com/D16164
2016-06-22 11:17:30 -07:00
epriestley
b5d90b4714 Drive modular task relationships through a new "relationships" controller
Summary: Ref T11179. This is basically a "pro" controller to replace the SearchAttach controller. It does basically the same stuff, just in a (mostly) more modern and modular way.

Test Plan:
  - Added and removed mocks.
  - Added and removed revisions.
  - Everything worked just like it did before.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11179

Differential Revision: https://secure.phabricator.com/D16163
2016-06-22 11:16:58 -07:00
epriestley
bf62badfda Modularize "related objects" menu items in Maniphest
Summary:
Ref T11179. This generates the Maniphest menu items in a modular way. It doesn't change any of the underlying code yet.

Searching for commits doesn't work particularly well so I've just hidden that for now, but the item itself works fine.

Test Plan: {F1696849}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11179

Differential Revision: https://secure.phabricator.com/D16162
2016-06-22 11:16:16 -07:00
Chad Little
83c4701231 Check CAN_VIEW and CAN_EDIT at SearchAttachController
Summary: Fixes T11193. Assume this is the correct place to check for permissions before attaching edges.

Test Plan: Create a task and set edit policy to Admins, log into test account. Try to Edit Subtasks, Merge Duplicates, Attach a Diff, or Attach a Mock, get a Policy Dialog explaing why.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T11193

Differential Revision: https://secure.phabricator.com/D16161
2016-06-22 14:00:37 +00:00
epriestley
921a5b4941 Push typehead browse result selector button down one <div>
Summary: Fixes T11190. The div with all the stuff in it was sometimes ending up on top of the "select" button, making it unclickable.

Test Plan: Clicked "select" in several browsers.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11190

Differential Revision: https://secure.phabricator.com/D16160
2016-06-21 15:28:12 -07:00
epriestley
f38730aab8 Allow Herald text list fields to use "Exists" / "Does not exist" conditions
Summary: This makes it more natural to write Herald rules about commits that appear on any or no branches.

Test Plan: Wrote a commit rule for commits on any branch, ran it with `bin/repository reparse --herald <commit>`, saw expected results in web UI.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D16158
2016-06-21 15:27:43 -07:00
epriestley
56d3197fe0 Fold task-relationship actions into an accordion dropdown
Summary:
Ref T11179. Alternative to D16152. I think this turned out a bit better than the other one did.

Currently, we render two copies of the menu (one for mobile, one for desktop). A big chunk of this is sharing the nodes instead: when you open the mobile dropdown menu, it steals the nodes from the document. When you close it, it puts them back. Magic! Sneaky!

Test Plan:
{F1695499}

{F1695500}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11179

Differential Revision: https://secure.phabricator.com/D16157
2016-06-20 19:14:27 -07:00
epriestley
3198aa1659 Allow dialogs to opt in to being resizable
Summary: Ref T11034. Ref T4788. This allows you to resize the typeahead browse dialog if you want. I plan to let you resize the object selector dialog in the future.

Test Plan: {F1695433}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4788, T11034

Differential Revision: https://secure.phabricator.com/D16156
2016-06-20 19:13:58 -07:00
epriestley
6f275ba144 Render browse results with global result style
Summary:
Ref T11034. This seems a little more promising. Two problems at the moment:

  - This doesn't actually provide any useful information at all right now.
  - Many object types have no profile images.

Test Plan:
{F1695254}

{F1695255}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11034

Differential Revision: https://secure.phabricator.com/D16155
2016-06-20 16:49:02 -07:00
epriestley
851aba80ce Render dropdown metadata earlier
Summary:
Ref T11179. One issue I'm getting with trying to turn actions into dropdowns is that we currently render this menu very late, which can cause us to try to add more metadata after we start resolving metadata. This won't work right now (and making it work seems unreasonably complicated), so stop doing it and fatal if something tries.

(This might make some things fatal but //should// be safe -- anything that fatals should have been broken already.)

Test Plan:
Browsed around looking for fatals, didn't see any.

(This primarily avoids a broken state / fatal in a future diff.)

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11179

Differential Revision: https://secure.phabricator.com/D16151
2016-06-20 15:35:29 -07:00
Chad Little
967945e4b4 Add ability to link back to parent site in external phame blogs
Summary: Ref T9897. Adds a Parent Site and Parent Domain field to allow external sites to link back to parent.

Test Plan: Set up ```local.blog.phacility.com```, set parent site to "Phacility" and parent domain to "local.www.phacility.com". Get new crumbs at Blog and Post levels.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T9897

Differential Revision: https://secure.phabricator.com/D16150
2016-06-20 12:50:27 -07:00
epriestley
9a2c2505a0 Handle tag tags properly in discovery
Summary:
Fixes T11180. In Git, it's possible to tag a tag (????). When you do, we try to log the tag-object, which automatically resolves to the commit and fails.

Just skip these. If "A" points at "B" which points at "C", it's fine to ignore "A" and "B" since we'll get the same stuff when we process "C".

Test Plan:
  - Tagged a tag.
  - Pushed it.
  - Discovered it.
  - Before patch: got exception similar to the one in T11180.
  - After patch: got tag-tag skipped. Also got slightly better error messages.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11180

Differential Revision: https://secure.phabricator.com/D16149
2016-06-20 11:10:02 -07:00
Chad Little
f763c314e1 Fix external blog images
Summary: Reading the code, this seems correct, but I don't have a local test. Ref T9897

Test Plan: read carefully

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T9897

Differential Revision: https://secure.phabricator.com/D16148
2016-06-19 08:08:16 -07:00
Chad Little
431ca4aac3 Reduce crumbs UI in Phame live views
Summary: Makes the crumbs background and border disappear in the live view of Phame.

Test Plan: Go live, see no crumb bg. Test blog, post, mobile, desktop.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D16146
2016-06-18 07:54:05 -07:00
Chad Little
20affe9ce8 Add new super hero header for Phame Blog
Summary: Adds a new header layout for Phame Blog. Subtitles now also.

Test Plan:
With Image, With Subtitle, Without Image, Without Subtitle. Mobile, Tablet, Desktop.

{F1691506}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D16147
2016-06-18 14:21:39 +00:00
epriestley
96c51028e5 In Harbormaster, release artifacts as soon as no waiting/running build steps will use them
Summary:
Ref T11153. If you have a build plan like this:

  - Lease machine A.
  - Lease machine B.
  - Run client-tests on machine A.
  - Run server-tests on machine B.

...and we get machine A quickly, then finish the tests, we currently do not release machine A until the whole plan finishes.

In the best case, this wastes resources (something else could be using that machine for a while).

In a worse case, this wastes a lot of resources (if machine B is slow to acquire, or the server tests are much slower than the client tests, machine A will get tied up for a really long time).

In the absolute worst case, this might deadlock things.

Instead, release artifacts as soon as no waiting/running steps take them as inputs. In this case, we'd release machine A as soon as we finished running the client tests.

In the case where machines A and B are resources of the same type, this should prevent deadlocks. In all cases, this should improve build throughput at least somewhat.

Test Plan:
I wrote this build plan which runs a "fast" step (10 seconds) and a "slow" step (120 seconds):

{F1691190}

Before the patch, running this build plan held the lease on the "fast" machine for the full 120 seconds, then released both leases at the same time at the very end.

After this patch, I ran this plan and observed the "fast" lease get released after 10 seconds, while the "slow" lease was held for the full 120.

(Also added some `var_dump()` into things to sanity check the logic; it appeared correct.)

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11153

Differential Revision: https://secure.phabricator.com/D16145
2016-06-17 16:13:56 -07:00
Chad Little
ccf43c412e More links on Blog manage page
Summary: Adds a view live and view internal link to the blog and crumbs manage page.

Test Plan: Click on new links.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D16142
2016-06-17 12:53:59 -07:00
Chad Little
e384e945d0 Add basic support for Phame blog headers
Summary: Fixes T10901. Allows blogs to have headers. I've built this in a basic way, any file, max-height is 240. Should bleed into top crumbs, so any spacing you want you should add to the file itself. Might have to see how users break this.

Test Plan: Set a blog header, see blog header, remove blog header, see no blog header. Check mobile, tablet, desktop break points.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T10901

Differential Revision: https://secure.phabricator.com/D16141
2016-06-17 12:08:51 -07:00
Chad Little
0d4902a0e5 Add ability to set a header image per Phame blog
Summary: This is the backend half of uploading an image as a header for Phame Blogs. Allows you to upload image, or delete it. Ref T10901

Test Plan:
Go to Manage Blog, visit Edit Header Image, Upload snarky file. See snarky file on Manage page. Edit Header Image, click delete, save, see file goes away.

{F1690966}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T10901

Differential Revision: https://secure.phabricator.com/D16140
2016-06-17 11:23:21 -07:00
epriestley
95d95e3fb4 Try to get to the bottom of the sporradic test failures in testColumnExtendedPolicies()
Summary:
This test has been failing occasionally in a way that does not reproduce, and only when no one is looking at it.

Try to add some extra assertions to maybe get more information.

Test Plan: `arc unit`

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D16137
2016-06-17 07:58:31 -07:00
epriestley
28eb562899 Ignore unrecognized refs in "refs/remotes/"
Summary: Ref T9028. When selecting refs, pretend refs in "refs/remotes/" that we don't otherwise recognize don't exist, since it looks like these are probably remotes //of the remote// we're observing, and who knows what state they're in.

Test Plan: Used `bin/repository discover --verbose` to verify that these named refs no longer appear in the list.

Reviewers: chad, joshuaspence

Reviewed By: joshuaspence

Maniphest Tasks: T9028

Differential Revision: https://secure.phabricator.com/D16136
2016-06-16 16:03:36 -07:00
epriestley
8032a14223 Mark unreachable commits handles as "closed"
Summary:
Ref T9028. Mostly, this gives them a strikethru style.

(I think this is probably the right definition of "closed" for commits. Another definition might be "audited", but I don't think completing audits really "closes" a commit.)

Test Plan: {F1689662}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9028

Differential Revision: https://secure.phabricator.com/D16135
2016-06-16 13:01:09 -07:00
epriestley
7c8f9d7ba2 Don't track "phabricator/" staging area tags
Summary: Ref T9028. Ref T6878. This rule should probably be refined in the long term, but for now just ignore "phabricator/diff/12424" and similar staging area tags.

Test Plan: Ran `bin/repository discover --verbose` on a repository with staging area refs, saw Phabricator ignore those refs as untracked.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T6878, T9028

Differential Revision: https://secure.phabricator.com/D16134
2016-06-16 11:22:02 -07:00
epriestley
1c63ac6a3a When a ref is moved or deleted, put it on a list; later, check for reachability
Summary:
Ref T9028. This allows us to detect when commits are unreachable:

  - When a ref (tag, branch, etc) is moved or deleted, store the old thing it pointed at in a list.
  - After discovery, go through the list and check if all the stuff on it is still reachable.
  - If something isn't, try to follow its ancestors back until we find something that is reachable.
  - Then, mark everything we found as unreachable.
  - Finally, rebuild the repository summary table to correct the commit count.

Test Plan:
  - Deleted a ref, ran `pull` + `refs`, saw oldref in database.
  - Ran `discover`, saw it process the oldref, mark the unreachable commit, and update the summary table.
  - Visited commit page, saw it properly marked.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9028

Differential Revision: https://secure.phabricator.com/D16133
2016-06-16 11:21:38 -07:00
epriestley
02d7bb8604 Add "bin/repository mark-reachable" for fixing commit reachability flags
Summary:
Ref T9028. This corrects the reachability of existing commits in a repository.

In particular, it can be used to mark deleted commits as unreachable.

Test Plan:
  - Ran it on a bad repository, with bad args, etc.
  - Ran it on a clean repo, got no changes.
  - Marked a reachable commit as unreachable, ran script, got it marked reachable.
  - Started deleting tags and branches from the local working copy while running the script, saw greater parts of the repository get marked unreachable.
  - Pulled repository again, everything automatically revived.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9028

Differential Revision: https://secure.phabricator.com/D16132
2016-06-16 11:21:17 -07:00
epriestley
77ee518d88 Make daemons ignore "Unreachable" commits and avoid duplicate work
Summary:
Ref T9028. This improves the daemon behavior for unreachable commits. There is still no way for commits to become marked unreachable on their own.

  - When a daemon encounters an unreachable commit, fail permanently.
  - When we revive a commit, queue new daemons to process it (since some of the daemons might have failed permanently the first time around).
  - Before doing a step on a commit, check if the step has already been done and skip it if it has. This can't happen normally, but will soon be possible if a commit is repeatedly deleted and revived very quickly.
  - Steps queued with `bin/repository reparse ...` still execute normally.

Test Plan:
  - Used `bin/repository reparse` to run every step, verified they all mark the commit with the proper flag.
  - Faked the `reparse` exception in the "skip step" code, used `repository reparse` to skip every step.
  - Marked a commit as unreachable, ran `discover`, saw daemons queue for it.
  - Ran daemons with `bin/worker execute --id ...`, saw them all skip + queue the next step.
  - Marked a commit as unreachable, ran `bin/repository reparse` on it, got permanent failures immediately for each step.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9028

Differential Revision: https://secure.phabricator.com/D16131
2016-06-16 11:20:56 -07:00
epriestley
ec89c7d63e Add an "Unreachable" flag for commits and revive them during discovery
Summary:
Ref T9028. This is the easy part of dealing with deleted commits:

  - Add a flag for unreachable commits (nothing sets this flag yet).
  - Ignore unreachable commits when querying for known commits during discovery, so we pretend they do not exist.
  - When recording a commit, try just reviving an existing unreachable commit first. If that works, bail out.

Test Plan:
  - Artificially marked a commit as unreachable with raw SQL.
  - Verified it said "deleted: unreachable" in the UI.
  - Ran `repository discover --trace --verbose`.
  - Saw the discovery process ignore the commit when filling the cache.
  - Saw the discovery process revive the commit instead of trying to record it again.
  - Web UI now shows the commit as normal.
  - Running `repository discover` again doesn't make any further changes.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9028

Differential Revision: https://secure.phabricator.com/D16130
2016-06-16 11:20:37 -07:00
epriestley
2949905c04 Fetch and discover all Git ref types, not just branches
Summary:
Ref T9028. Fixes T6878. Currently, we only fetch and discover branches. This is fine 99% of the time but sometimes commits are pushed to just a tag, e.g.:

```
git checkout <some hash>
nano file.c
git commit -am '...'
git tag wild-wild-west
git push origin wild-wild-west
```

Through a similar process, commits can also be pushed to some arbitrary named ref (we do this for staging areas).

With the current rules, we don't fetch tag refs and won't discover these commits.

Change the rules so:

  - we fetch all refs; and
  - we discover ancestors of all refs.

Autoclose rules for tags and arbitrary refs are just hard-coded for now. We might make these more flexible in the future, or we might do forks instead, or maybe we'll have to do both.

Test Plan:
Pushed a commit to a tag ONLY (`vegetable1`).

<cf508b8de6>

On `master`, prior to the change:

  - Used `update` + `refs` + `discover`.
  - Verified tag was not fetched with `git for-each-ref` in local working copy and the web UI.
  - Verified commit was not discovered using the web UI.

With this patch applied:

  - Used `update`, saw a `refs/*` fetch instead of a `refs/heads/*` fetch.
  - Used `git for-each-ref` to verify that tag fetched.
  - Used `repository refs`.
  - Saw new tag appear in the tags list in the web UI.
  - Saw new refcursor appear in refcursor table.
  - Used `repository discover --verbose` and examine refs for sanity.
  - Saw commit row appear in database.
  - Saw commit skeleton appear in web UI.
  - Ran `bin/phd debug task`.
  - Saw commit fully parse.

{F1689319}

Reviewers: chad

Reviewed By: chad

Subscribers: avivey

Maniphest Tasks: T6878, T9028

Differential Revision: https://secure.phabricator.com/D16129
2016-06-16 11:20:05 -07:00
epriestley
67084a6953 Support AES256 at-rest encryption in Files
Summary:
Ref T11140. This makes encryption actually work:

  - Provide a new configuation option, `keyring`, for specifying encryption keys.
  - One key may be marked as `default`. This activates AES256 encryption for Files.
  - Add `bin/files generate-key`. This is helps when generating valid encryption keys.
  - Add `bin/files encode`. This changes the storage encoding of a file, and helps test encodings and migrate existing data.
  - Add `bin/files cycle`. This re-encodes the block key with a new master key, if your master key leaks or you're just paraonid.
  - Document all these options and behaviors.

Test Plan:
  - Configured a bad `keyring`, hit a bunch of different errors.
  - Used `bin/files generate-key` to try to generate bad keys, got appropriate errors ("raw doesn't support keys", etc).
  - Used `bin/files generate-key` to generate an AES256 key.
  - Put the new AES256 key into the `keyring`, without `default`.
  - Uploaded a new file, verified it still uploaded as raw data (no `default` key yet).
  - Used `bin/files encode` to change a file to ROT13 and back to raw. Verified old data got deleted and new data got stored properly.
  - Used `bin/files encode --key ...` to explicitly convert a file to AES256 with my non-default key.
  - Forced a re-encode of an AES256 file, verified the old data was deleted and a new key and IV were generated.
  - Used `bin/files cycle` to try to cycle raw/rot13 files, got errors.
  - Used `bin/files cycle` to cycle AES256 files. Verified metadata changed but file data did not. Verified file data was still decryptable with metadata.
  - Ran `bin/files cycle --all`.
  - Ran `encode` and `cycle` on chunked files, saw commands fail properly. These commands operate on the underlying data blocks, not the chunk metadata.
  - Set key to `default`, uploaded a file, saw it stored as AES256.
  - Read documentation.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11140

Differential Revision: https://secure.phabricator.com/D16127
2016-06-16 08:08:56 -07:00
epriestley
39afc0f97c Add an AES256 storage format for at-rest encryption
Summary:
Ref T11140. This doesn't do anything yet since there's no way to enable it and no way to store master keys.

Those are slightly tougher problems and I'm not totally satisfied that I have an approach I really like for either problem, so I may wait for a bit before tackling them. Once they're solved, this does the mechanical encrypt/decrypt stuff, though.

This design is substantially similar to the AWS S3 server-side encryption design, and intended as an analog for it. The decisions AWS has made in design generally seem reasonable to me.

Each block of file data is encrypted with a unique key and a unique IV, and then that key and IV are encrypted with the master key (and a distinct, unique IV). This is better than just encrypting with the master key directly because:

  - You can rotate the master key later and only need to re-encrypt a small amount of key data (about 48 bytes per file chunk), instead of re-encrypting all of the actual file data (up to 4MB per file chunk).
  - Instead of putting the master key on every server, you can put it on some dedicated keyserver which accepts encrypted keys, decrypts them, and returns plaintext keys, and can send it 32-byte keys for decryption instead of 4MB blocks of file data.
  - You have to compromise the master key, the database, AND the file store to get the file data. This is probably not much of a barrier realistically, but it does make attacks very slightly harder.

The "KeyRing" thing may change once I figure out how I want users to store master keys, but it was the simplest approach to get the unit tests working.

Test Plan:
  - Ran unit tests.
  - Dumped raw data, saw encrypted blob.
  - No way to actually use this in the real application yet so it can't be tested too extensively.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11140

Differential Revision: https://secure.phabricator.com/D16124
2016-06-16 08:05:57 -07:00
epriestley
f9e3108938 Fix an issue with AuthProviderConfig handles
Summary: Fixes T11156. These were never correct, but also never actually used until I made timelines load object handles unconditionally in D16111.

Test Plan: Viewed an auth provider with transactions, no more fatal.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11156

Differential Revision: https://secure.phabricator.com/D16128
2016-06-16 06:04:43 -07:00
Chad Little
4e14b3f3a5 Use modern layout in Phame Blog management
Summary: Uses PHUITwoColumnView in Blog Manage and Blog Picture. Ref T9897

Test Plan: Use each page.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T9897

Differential Revision: https://secure.phabricator.com/D16126
2016-06-15 16:07:28 -07:00
Chad Little
b94b16df49 Allow Phame Posts to be ordered by datePublished
Summary: Adds some ordering options to PhamePost queries. Works on search, PhameHome, BlogHome

Test Plan: Try searching with Order By set to Date Published in application search, get correct order. Check a blog home page, check PhameHome.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T9897

Differential Revision: https://secure.phabricator.com/D16125
2016-06-15 12:48:56 -07:00
epriestley
1049feb0ed Add support to Files for file storage formats, to support encryption-at-rest
Summary:
Ref T11140. When reading and writing files, we optionally apply a "storage format" to them.

The default format is "raw", which means we just store the raw data.

This change modularizes formats and adds a "rot13" format, which proves formatting works and is testable. In the future, I'll add real encryption formats.

Test Plan:
  - Added unit tests.
  - Viewed files in web UI.
  - Changed a file's format to rot13, saw the data get rotated on display.
  - Set default format to rot13:
    - Uploaded a small file, verified data was stored as rot13.
    - Uploaded a large file, verified metadata was stored as "raw" (just a type, no actual data) and blob data was stored as rot13.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11140

Differential Revision: https://secure.phabricator.com/D16122
2016-06-15 11:17:53 -07:00
epriestley
f9a58fafba Add "video/quicktime" as a default Video MIME type
Summary: Ref T11142. H264 video in a Quicktime container works in Safari and Firefox for me (although not Chrome), so include it in the default video mime types.

Test Plan: Uploaded video file from T11142 locally, saw it render with `<video />` properly in Safari.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11142

Differential Revision: https://secure.phabricator.com/D16121
2016-06-14 14:44:18 -07:00
Chad Little
695f0b09b2 Add supportsSearch to Phame Blog/Post
Summary: Flips the bits from true to false in transaction editor.

Test Plan: update a post, search for new term

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T9897

Differential Revision: https://secure.phabricator.com/D16120
2016-06-14 13:35:49 -07:00
Chad Little
cfa73eb544 Make PhameBlog full text searchable
Summary: Ref T9897, makes blogs searchable

Test Plan: Make a blog, index it, search for it.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T9897

Differential Revision: https://secure.phabricator.com/D16119
2016-06-14 13:13:22 -07:00
epriestley
2e45021250 Fix several issues with email-related global preferences
Summary:
Ref T11098. Mixture of issues here:

  - Similar problem to D16112, where users with no settings at all could fail to fall back to the global defaults.
    - I made `UserPreferencesQuery` responsible for building defaults instead to simplify this, since we have 4 or 5 callsites which need to do it and they aren't easily reducible.
  - Handle cases where `metamta.one-mail-per-recipient` is off (and thus users can not have any custom settings) more explicitly.
  - When `metamta.one-mail-per-recipient` is off, remove the "Email Format" panel for users only -- administrators can still access it in global preferences.

Test Plan:
  - Deleted a user's preferences, changed globals, purged cache, made sure defaults reflected global defaults.
  - Changed global mail tags, sent mail to the user, verified it was dropped in accordinace with global settings.
  - Changed user's settings to get the mail instead, verified mail was sent.
  - Toggled user's Re / Vary settings, verified mail subject lines reflected user settings.
  - Disabled `metamta.one-mail-per-recipient`, verified user "Email Format" panel vanished.
  - Edited "Email Format" in single-mail-mode in global prefs as an administrator.
  - Sent more mail, verified mail respected new global settings.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11098

Differential Revision: https://secure.phabricator.com/D16118
2016-06-14 12:35:31 -07:00
epriestley
cb7560d301 Remove "re prefix" and "vary subjects" config
Summary: Ref T11098. There is no reason to maintain these as separate values now that they can be configured in global settings.

Test Plan:
  - Hit and read setup issue.
  - Fiddled with settings.
  - I'll vet this more throughly in the next diff since I need to fix an issue with global defaults in mail and can explicitly test this at the same time.

Reviewers: chad

Reviewed By: chad

Subscribers: eadler

Maniphest Tasks: T11098

Differential Revision: https://secure.phabricator.com/D16117
2016-06-14 12:35:12 -07:00
Chad Little
bce44c8b02 Add PhamePost to full text search
Summary: Adds PhamePost object to fulltextsearch index. Some issue searching just "Open" though? Also "closed" objects search fine but don't display as disabled.

Test Plan:
bin/search index --type POST

{F1687043}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T9897

Differential Revision: https://secure.phabricator.com/D16116
2016-06-14 12:18:58 -07:00
epriestley
e44d92babc Have modular transactions fall back correctly when selecting feed titles
Summary: Ref T9789. Falling back to `parent::` is better, and fixes older-style feed stories for Pastes, like "added a comment".

Test Plan: Viewed a comment feed story about a paste.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9789

Differential Revision: https://secure.phabricator.com/D16114
2016-06-14 11:07:42 -07:00
Luka Kladaric
fc1c633bae fix Vary Subjects option names
Summary:
The option names for `Vary Subjects` are copypasta from the `Add "Re:" Prefix` option. Fix their names to refer to `Vary Subjects` instead.

Fixes T11148

Test Plan: Verify option names for `Vary Subjects` refer to `Add "Re:" Prefix` before apply. Verify they no longer do after apply.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin

Maniphest Tasks: T11148

Differential Revision: https://secure.phabricator.com/D16113
2016-06-14 17:13:12 +00:00
epriestley
33ec855449 Modularize application transactions in Paste, mostly
Summary:
Ref T9789. `Transaction` and `Editor` classes are the last major pieces of infrastructure that haven't been fully modularized.

Some of the specific issues are:

  - `Editor` classes rely on a bunch of `instanceof` stuff in the base class to pick up transaction types like "subscribe", "projects", etc. Instead, applications should be adding these, and third-party applications should be able to add them.
  - Code is spread across `Transaction` and `Editor` classes somewhat oddly. For example, generating old/new values would probably make more sense at the `Transaction` level, but it currently exists at the `Editor` level.
  - Both types of classes have a lot of functions based on `switch()` statements, which require a ton of boilerplate and are just generally kind of hard to work with.

This creates classes for each type of transaction, and moves almost all of the logic to them. These classes are simpler and more focused than the old stuff was, and can organize related code better.

This starts inching toward defining `CoreTransactions` for features shared across applications. It only defines the "Create" transaction so far, but at some point I plan to move all the other shared transactions to Core and let them control which objects they're available for.

Test Plan:
  - Created pastes with web UI and API.
  - Edited all paste properites.
  - Archived/activated.
  - Verified files got reasonable names.
  - Reviewed timeline and feed.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9789

Differential Revision: https://secure.phabricator.com/D16111
2016-06-14 06:13:28 -07:00
epriestley
d68b2cc0e4 Fix construction of default settings for users with no settings at all
Summary:
Ref T11098. Users with at least one setting set correctly fall back to the defaults, but users with no settings at all currently do not.

Make them fall back to global defaults properly.

Test Plan:
  - Set global defaults to some non-default setting.
  - Completely delete a user's settings.
  - `bin/cache purge --purge-all` or `--purge-user`.
  - View settings as the user.
    - Before change: showed hard-coded defaults instead of global defaults until you save anything.
    - After change: properly shows global defaults from the start.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11098

Differential Revision: https://secure.phabricator.com/D16112
2016-06-13 15:50:12 -07:00
epriestley
65634781b4 Don't re-mention users for comment edits
Summary:
Ref T11035. This only fixes half of the issue: comment editing has been fixed, but normal transactions which edit things like descriptions haven't yet.

The normal edits aren't fixed because the "oldValues" are populated too late. The code should start working once they get populated sooner, but I don't want to jump the gun on that since it'll probably have some spooky effects. I have some other transaction changes coming down the pipe which should provide a better context for testing "oldValue" population order.

Test Plan:
  - Mentioned `@dog` in a comment.
  - Removed `@dog` as a subscriber.
  - Edited the comment, adding some unrelated text at the end (e.g., fixing a typo).
    - Before change: `@dog` re-added as subscriber.
    - After change: no re-add.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11035

Differential Revision: https://secure.phabricator.com/D16108
2016-06-13 13:57:59 -07:00
Chad Little
74682d46ae Add edit-pencil to ApplicationSearch for PhamePosts
Summary: Adds a quick edit link to PhamePosts in ApplicationSearch

Test Plan: Review a few searches, click on pencil.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D16109
2016-06-13 12:05:22 -07:00
Shijie Feng
aaf3698666 Add datasources to allow search revisions by project.
Summary:
When having lots of repos, seeing "all revisions in this project" is hard, and we ended up adding herald rules to basically copy project tags to the revisions on a per-project basis. Adding a "tagged: project" function to the Repositories search field allows users to find differentials within a project.

Fix T10850.

Test Plan: search differentials by tagging project and repository in the Repository field

Reviewers: avivey, epriestley, #blessed_reviewers

Reviewed By: avivey, epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Maniphest Tasks: T10850

Differential Revision: https://secure.phabricator.com/D16096
2016-06-13 18:08:44 +00:00
Chad Little
e78488f6eb Clean up some PhamePostEditor archive cases
Summary: Forgot to save this file locally. Adds isArchived to same hidden features as isDraft

Test Plan: test mail on archived posts

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D16106
2016-06-13 10:54:30 -07:00
Chad Little
72c57d36a3 Ability to archive Phame Posts
Summary: Ref T9897. Adds ability to Archive a Phame Post (only visible under ApplicationSearch).

Test Plan: Archive a post, re-publish it, search for it, archive it again. View Home, Blog, Live pages.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T9897

Differential Revision: https://secure.phabricator.com/D16104
2016-06-13 10:47:53 -07:00
epriestley
a5e29f3ffa Fix an ancient ad-hoc string truncation
Summary: Fixes T11139. We missed this years ago when we moved to PhutilUTF8StringTruncator.

Test Plan: {F1686072}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11139

Differential Revision: https://secure.phabricator.com/D16105
2016-06-13 10:16:25 -07:00
epriestley
bba53205de Remove all uses of PhutilGitURI in Phabricator
Summary:
Ref T11137. This class is removed in D16099. Depends on D16099.

`PhutilURI` now attempts to "just work" with Git-style URIs, so at least in theory we can just delete all of this code and pretend it does not exist.

(I've left "Display URI" and "Effective URI" as distinct, at least for now, because I think the distinction may be relevant in the future even though it isn't right now, and to keep this diff small, although I may go remove one after I think about this for a bit.)

Test Plan:
  - Created a new Git repository with a Git URI.
  - Pulled/updated it, which now works correctly and should resolve the original issue in T11137.
  - Verified that daemons now align the origin to a Git-style URI with a relative path, which should resolve the original issue in T11004.
  - Grepped for `PhutilGitURI`.
  - Also grepped in `arcanist/`, but found no matches, so no patch for that.
  - Checked display/conduit URIs.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11137

Differential Revision: https://secure.phabricator.com/D16100
2016-06-13 07:20:58 -07:00
epriestley
fb156af480 Render prose diffs in email as summaries
Summary:
Ref T7643. When a large block of prose text is edited (like a wiki page), summarize the diff when sending mail.

For now, I'm still showing the whole thing in the web UI, since it's a bit more manageable there.

Also try to fix newlines in Airmail.

Test Plan:
This web diff:

{F1682591}

..became this mail diff:

{F1682592}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T7643

Differential Revision: https://secure.phabricator.com/D16098
2016-06-10 09:39:58 -07:00
epriestley
ad0562e15e Improve some typeahead matching behaviors
Summary:
Ref T8510. Sort prefix matches above non-prefix matches, so that "Ape Discovery" does not match "discovery" better than "Discovery".

Sort functions last.

Rename function internal strings so they don't get over-promoted the prefix-match rules.

Add kind of a hack to get "Project X" sorting above all the "Project X (Milestone 1)" results.

Test Plan:
Created "Ape Discovery", "Baboon Discovery", "Chimpanzee Discovery", etc.

Main project now sorts above milestones:

{F1681773}

Prefix matches now sort above other matches:

{F1681774}

Function results (rarely used) are now less prominent:

{F1681775}

Better function results here:

{F1681776}

More function results:

{F1681777}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T8510

Differential Revision: https://secure.phabricator.com/D16094
2016-06-09 13:22:34 -07:00
epriestley
c694bd651b Make base64 the default SMTP encoding
Summary: Ref T11120. If this works, I'll just remove this option completely.

Test Plan: ¯\_(ツ)_/¯

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11120

Differential Revision: https://secure.phabricator.com/D16095
2016-06-09 13:22:17 -07:00
epriestley
e6e4ddd03a Change simple template dashboard to "Open Tasks" instead of "All Tasks"
Summary: "All Tasks" is bad in the long run and not clearly better for new installs.

Test Plan: Created a new smiple template, saw open tasks only.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D16093
2016-06-09 12:27:50 -07:00
epriestley
55a698a28a Use HTTPEngineExtension proxy for git HTTP operations
Summary: Ref T10227. When we perform `git` http operations (fetch, mirror) check if we should use a proxy; if we should, set `http_proxy` or `https_proxy` in the environment to make `git` have `curl` use it.

Test Plan:
  - Configured a proxy extension to run stuff through a local instance of Charles.
  - Ran `repository pull` and `repository mirror`.
  - Saw `git` HTTP requests route through the proxy.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10227

Differential Revision: https://secure.phabricator.com/D16092
2016-06-09 12:17:10 -07:00
epriestley
a88329fc38 Implement basic differential.revision.search
Summary: Ref T11123. This implements a very basic skeleton for modern revision search.

Test Plan: Viewed and executed Conduit API method.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11123

Differential Revision: https://secure.phabricator.com/D16089
2016-06-09 09:06:58 -07:00
epriestley
4d12c58dcf Allow Pholio mocks to be created and edited without drag-and-drop
Summary: Ref T6523. Allows you to click stuff instead of using drag-and-drop.

Test Plan: On iOS simulator, created and updated a mock.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T6523

Differential Revision: https://secure.phabricator.com/D16088
2016-06-09 08:43:38 -07:00
epriestley
3b1c6073a5 Don't include other users' unpublished drafts when counting Pholio inlines
Summary: Fixes T10886. This should get more formal some day, but just fix it for now.

Test Plan: Reloaded mock with other unpublished draft inlines, saw accurate count.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10886

Differential Revision: https://secure.phabricator.com/D16087
2016-06-09 08:43:12 -07:00
Chad Little
e808963eae Add Ponder Question mail create receiver
Summary: Fixes T11115, but unclear how to test this. I think I've asked this in the past.

Test Plan:
 - Visit Applications -> Ponder
 - Configure external email
 - Test External Email
 - See new Question

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T11115

Differential Revision: https://secure.phabricator.com/D16084
2016-06-08 14:48:20 -07:00
epriestley
72d554aa9b Fix parsing of anchors in Phriction document link syntax
Summary: Ref T4280. At some point (probably D15732) we started getting anchor parsing wrong. Just pop the anchor off before doing all the logic, then put it back on at the end.

Test Plan:
Tested various forms like:

```
[[ x ]]
[[ x | z ]]
[[ x#y | z ]]
[[ ./x#y | z ]]
```

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4280

Differential Revision: https://secure.phabricator.com/D16083
2016-06-08 13:14:33 -07:00
Chad Little
3453507230 Add print styles for Phortune carts
Summary: Fixes T10899, adds styles specifically for printing Phortune carts.

Test Plan: Print a Phortune cart

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T10899

Differential Revision: https://secure.phabricator.com/D16079
2016-06-08 07:52:18 -07:00
epriestley
a653d4d9b3 Give ConpherenceThreadQuery a primary table alias
Summary: Fixes T11113. On the 2nd+ page, we could end up with an ambiguous `id` WHERE clause because we don't define a primary table alias on this query. Define one.

Test Plan:
Changed SearchEngine to return pages of size 5, searched for my threads, toggled to second page, no exception.

Used DarkConsole to examine that second-page query, saw that it had `thread.id` explicitly instead of `id` implicitly.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11113

Differential Revision: https://secure.phabricator.com/D16080
2016-06-08 07:39:45 -07:00
Chad Little
c71f92a1eb Fix new Countdown link
Summary: Correct the url for edit engine. Fixes T11046

Test Plan: new install -> clicky green button

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T11046

Differential Revision: https://secure.phabricator.com/D16078
2016-06-07 20:13:08 -07:00
epriestley
ffb50ef45d Require login for "Must Verify Email" controller
Summary:
Via HackerOne. This page fatals if accessed directly while logged out.

The "shouldRequireLogin()" check is wrong; this is a logged-in page.

Test Plan:
Viewed the page while logged out, no more fatal.

Faked my way through the actual verification flow.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D16077
2016-06-07 16:37:12 -07:00
epriestley
abeab59448 Fix redirect to Password settings panel after "Reset Password" login
Summary: Fixes T11107. The URI change here meant we were dropping the "key" parameter, which allows you to set a new password without knowing your old one.

Test Plan: Reset password, didn't need to provide old one anymore.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11107

Differential Revision: https://secure.phabricator.com/D16075
2016-06-07 14:07:40 -07:00
epriestley
411cf13457 Add Videos to Remarkup
Summary: Ref T6916. Added video to remarkup using D7156 as reference.

Test Plan:
  - Viewed video files (MP4, Ogg) in Safari, Chrome, Firefox (some don't work, e.g., OGG in Safari, but nothing we can really do about that).
  - Used `alt`.
  - Used `autoplay`.
  - Used `loop`.
  - Used `media=audio`.
  - Viewed file detail page.

Reviewers: nateguchi2, chad, #blessed_reviewers

Reviewed By: chad, #blessed_reviewers

Subscribers: asherkin, ivo, joshuaspence, Korvin, epriestley

Tags: #remarkup

Maniphest Tasks: T6916

Differential Revision: https://secure.phabricator.com/D11297
2016-06-07 13:20:25 -07:00
epriestley
814fa135b0 Centralize "this is the current user for the request" code
Summary:
Ref T11098. This primarily fixes Conduit calls to `*.edit` methods failing when trying to access user preferences.

(The actual access is a little weird, since it seems like we're building some UI stuff inside a policy query, but that's an issue for another time.)

To fix this, consolidate the "we're about to run some kind of request with this user" code and run it consistently for web, conduit, and SSH sessions.

Additionally, make sure we swap things to the user's translation.

Test Plan:
  - Ran `maniphest.edit` via `arc call-conduit`, no more settings exception.
  - Set translation to ALL CAPS, got all caps output from `ssh` and Conduit.

Reviewers: avivey, chad

Reviewed By: chad

Maniphest Tasks: T11098

Differential Revision: https://secure.phabricator.com/D16066
2016-06-07 07:43:50 -07:00
epriestley
8a7ded6129 Fix one more remarkup line wrapping issue
Summary:
Ran into this while fixing T11098#179088.

The "Transaction Type" details in the conduit autogenerated documentation for `*.edit` endpoints still wraps incorrectly.

Test Plan: Purged remarkup cache, reloaded page, got full-width text.

Reviewers: avivey, chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D16065
2016-06-07 07:04:29 -07:00
epriestley
fb2da8bd8b Add links and diffs for text block edits to mail
Summary:
Ref T7643.

  - When a transaction edits a text block, add a link to the changes (for HTML mail).
  - Also, inline the changes in the mail (for HTML mail).
  - Do nothing for text mail since I don't think we really have room? And I don't know how we can make the diff look any good.

Test Plan:
Edited a task description, generated mail, examined mail.

  - It contained a link leading to a prose diff.
  - It had a more-or-less reasonable inline text diff.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T7643

Differential Revision: https://secure.phabricator.com/D16063
2016-06-06 17:12:46 -07:00
epriestley
02877c600a Use prose diffs in Phriction
Summary: Ref T3353. This improves whitespace display of prose diffs and uses them in Phriction.

Test Plan: {F1677957}

Reviewers: chad, avivey

Reviewed By: avivey

Subscribers: avivey

Maniphest Tasks: T3353

Differential Revision: https://secure.phabricator.com/D16062
2016-06-06 14:33:23 -07:00
epriestley
e1a9473eda Make auth provider autologin modular and implement it for all OAuth2 adapters
Summary:
Ref T10785. Around the time we launched Phacility SAAS we implemented this weird autologin hack. It works fine, so clean it up, get rid of the `instanceof` stuff, and support it for any OAuth2 provider.

(We could conceivably support OAuth1 as well, but no one has expressed an interest in it and I don't think I have any OAuth1 providers configured correctly locally so it would take a little bit to set up and test.)

Test Plan:
  - Configured OAuth2 adapters (Facebook) for auto-login.
  - Saw no config option on other adapters (LDAP).
  - Nuked all options but one, did autologin with Facebook and Phabricator.
  - Logged out, got logout screen.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10785

Differential Revision: https://secure.phabricator.com/D16060
2016-06-06 14:33:09 -07:00
Aviv Eyal
e1119b3f31 Render more info for binary files in Differential
Summary:
Ref T10856. The rendering logic was already there, but it was expecting the information under `properties`
field, whereas arc puts it under `metadata`. Not sure if that something that changed a long time ago or if
it was always like this.

Test Plan: {F1252657 size=full}

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T10856

Differential Revision: https://secure.phabricator.com/D15828
2016-06-06 19:58:39 +00:00
epriestley
b3477bfc56 Render sometimes-legible prose diffs in the Phabricator UI
Summary:
Ref T3353. This hooks the prose engine up to the UI and throws away the hard-wrapping hacks.

These are likely still very rough in many cases, but are hopefully a big step forward from the old version in the vast majority of cases.

Test Plan: {F1677809}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T3353

Differential Revision: https://secure.phabricator.com/D16056
2016-06-06 12:33:42 -07:00
epriestley
f97d120c3f When a task is removed from projects, remove its position on proxy columns for those projects
Summary:
Fixes T11088. When a task is removed from a project, we don't normally delete its column positions. If you accidentally remove a project and then restore the project, it's nice for the task to stay where you put it.

However, we do need to remove its positions in proxy columns to avoid the issue in T11088.

Test Plan:
  - Added a failing unit test, made it pass.
  - Added a task to "X > Milestone 1", loaded workboard, used "Edit Projects" to move it to "X" instead, loaded workboard.
    - Before, it stayed in the "Milestone 1" column.
    - After, it moves to the "Backlog" column.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11088

Differential Revision: https://secure.phabricator.com/D16052
2016-06-05 16:06:01 -07:00
epriestley
b4a07d528f Allow users to unset "Editor", tailor short error messages properly on settings forms
Summary:
Ref T11098.

  - Allow "Editor" to be set to the empty string.
  - Don't match a validation error to a field unless the actual settings for the field and error match.

Test Plan:
  - Tried to set "Editor" to "", success.
  - Tried to set "Editor" to "javascript://", only that field got marked "Invalid".

Reviewers: avivey, chad

Reviewed By: chad

Maniphest Tasks: T11098

Differential Revision: https://secure.phabricator.com/D16051
2016-06-05 14:03:02 -07:00
epriestley
4936be0868 Fix exception when trying to save global setting mail tags
Summary: Ref T11098. Template preferences don't have a user, but this codepath didn't get fully updated to account for that.

Test Plan: Saved mail tags in global prefernces.

Reviewers: avivey, chad

Reviewed By: chad

Maniphest Tasks: T11098

Differential Revision: https://secure.phabricator.com/D16050
2016-06-05 13:57:20 -07:00
epriestley
6ac5f84c8b Redirect older "/panel/" settings URIs to modern location
Summary:
Ref T11098. We have a fair number of these, including links in email, which we can't turn into explicit `/user/` URIs.

Just redirect them to the modern places.

Test Plan: Clicked "Customize Menu..." on home page.

Reviewers: chad, avivey

Reviewed By: avivey

Subscribers: avivey

Maniphest Tasks: T11098

Differential Revision: https://secure.phabricator.com/D16049
2016-06-05 13:41:23 -07:00
epriestley
421bf2e548 Allow administrators to configure global default settings
Summary:
Ref T4103. This just adds a single global default setting group, not full profiles.

Primarily, I'm not sure how administrators are supposed to set profiles for users, since most ways user accounts get created don't really support setting roles.. When we figure that out, it should be reasonably easy to extend this. There also isn't much of a need for this now, since pretty much everyone just wants to turn off mail.

Test Plan:
  - Edited personal settings.
  - Edited global settings.
  - Edited a bot's settings.
  - Tried to edit some other user's settings.
  - Saw defaults change appropriately as I edited global and personal settings.

{F1677266}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16048
2016-06-05 13:15:06 -07:00
epriestley
c9ef7aeaa3 Validate select/option settings more strictly when reading them
Summary:
Ref T4103. If the database has `""` (empty string) for select/option settings, we can let that value be effective in the UI right now.

One consequence is that timestamps can vanish from the UI.

Instead, be stricter and discard it as an invalid value.

Test Plan:
  - Forced `time-format` setting to `''`.
  - Saw timestamps vanish before change.
  - Saw timestamps return to the default value after change.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16047
2016-06-05 10:32:42 -07:00
epriestley
c4de87a07a Improve some settings-related performance
Summary:
Ref T4103. Two small improvements:

  - Don't work as hard to validate translations. We just need to know if a translation exists, we don't need to count how many strings it has and build the entire menu.
  - Allow `getUserSetting()` to work on any setting without doing all the application/visibility checks. It's OK for code to look at, say, your "Conpherence Notifications" setting even if that application is not installed for you.

Test Plan: Used XHProf and saw 404 page drop from ~60ms to ~40ms locally.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16046
2016-06-05 10:32:23 -07:00
epriestley
7969f66dfe Fully modularize the "Quick Actions" menu
Summary:
Ref T10077. Currently, we issue 6+ queries on every page to build this menu, since the menu is built application-by-application.

Build the menu with dedicated modules instead so a single "EditEngine" module can provide all of them with one query.

I'd like to reduce this to 0 queries but I'm not totally sure what we want to do with this menu.

This change removes these items, because EditEngine can not currently provide them:

  - Calendar: Eventually via EditEngine eventually.
  - Conpherence: Probably via EditEngine, doesn't seem too important.
  - People: Maybe via EditEngine, doesn't seem too important? "Welcome" is likely better?
  - Pholio: Eventually via EditEngine.

It adds a bunch of other items as a side effect:

{F1677151}

This reduces the queries issued on every page by ~5.

This also makes quick create actions visible while logged out (see T7073).

Test Plan:
  - Viewed menu while logged in.
  - Viewed menu while logged out.
  - Viewed standalone version of menu.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10077

Differential Revision: https://secure.phabricator.com/D16045
2016-06-05 10:32:01 -07:00
epriestley
aa4ba0fa92 After toggling DarkConsole, force a user settings cache fill
Summary:
Ref T10078. Currently, you toggle DarkConsole and then load a page, but on the load we have to refill your settings cache since toggling DarkConsole dirtied it.

This is fine, except that it makes it harder to understand what's going on with queries on a page. Just force it to reload right away instead.

Test Plan: Toggled DarkConsole, reloaded page, no longer saw settings toggle-related cache fill.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10078

Differential Revision: https://secure.phabricator.com/D16044
2016-06-05 10:04:23 -07:00
epriestley
5ba7938d54 Simplify user cache management of data forms
Summary: Ref T4103. Ref T10078. We currently have separate "usable" and "raw" values, but can simplify this by making `newValueForUsers()` return the raw value.

Test Plan: Ran unit tests; browsed around; dropped caches and browsed around.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103, T10078

Differential Revision: https://secure.phabricator.com/D16043
2016-06-05 08:53:27 -07:00
epriestley
c1331bcb7b Cache user notification and message counts
Summary:
Ref T4103. Ref T10078. This puts a user cache in front of notification and message counts.

This reduces the number of queries issued on every page by 4 (2x building the menu, 2x building Quicksand data).

Also fixes some minor issues:

  - Daemons could choke on sending mail in the user's translation.
  - No-op object updates could fail in the daemons.
  - Questionable data access pattern in the file query coming out of the profile file cache.

Test Plan:
  - Sent myself notifications. Saw count go up.
  - Cleared them by visiting objects and clearing all notifications. Saw count go down.
  - Sent myself messages. Saw count go up.
  - Cleared them by visiting threads. Saw count go down.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103, T10078

Differential Revision: https://secure.phabricator.com/D16041
2016-06-05 08:52:43 -07:00
epriestley
6f1053c206 Convert user profile images into a standard cache
Summary:
Ref T4103. Ref T10078. This moves profile image caches to new usercache infrastructure.

These dirty automatically based on configuration and User properties, so add some stuff to make that happen.

This reduces the number of queries issued on every page by 1.

Test Plan: Browsed around, changed profile image, viewed as self, viewed as another user, verified no more query to pull this information on every page

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103, T10078

Differential Revision: https://secure.phabricator.com/D16040
2016-06-05 08:52:15 -07:00
epriestley
2b344b2bb5 Make caches misses throw by default intead of inline-generating
Summary:
Ref T4103. Ref T10078. Currently, when a user misses a cache we just build it for them.

This is the behavior we want for the the viewer (so we don't have to build every cache up front if we don't actually need them), but not the right behavior for other users (since it allows performance problems to go undetected).

Make inline cache generation strict by default, then make sure all the things that rely on cache data request the correct data (well, all of the things identified by unit tests, at least: there might be some more stuff I haven't hit yet).

This fixes test failures in D16040, and backports a piece of that change.

Test Plan: Identified and then fixed failures with `arc unit --everything`.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103, T10078

Differential Revision: https://secure.phabricator.com/D16042
2016-06-05 08:51:54 -07:00
epriestley
7170b062e6 Remove PhabricatorUser->loadPreferences()
Summary: Ref T4103. This method has no more callers.

Test Plan: `grep`

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16039
2016-06-05 08:50:48 -07:00
epriestley
7ef6c0a523 Modularize all the mail preferences
Summary:
Ref T4103. This isn't completely perfect but should let us move forward without also expanding scope into "too much mail".

I split the existing "Mail Preferences" into two panels: a "Mail Delivery" panel for the EditEngine settings, and a "2000000 dropdowns" panel for the two million dropdowns. This one retains the old code more or less unmodified.

Test Plan:
  - Ran unit tests, which cover most of this stuff.
  - Grepped for all removed constants.
  - Ran migrations, inspected database results.
  - Changed settings in both modified panels.
  - This covers a lot of ground, but anything I missed will hopefully be fairly obvious.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16038
2016-06-05 08:50:07 -07:00
epriestley
d326b239ae Resolve timezone conflicts in a modern transactional way
Summary: Ref T4103. Also get rid of the weird cache clear that nothing else uses and which we don't actually need.

Test Plan:
  - Resolved timezone conflict by ignoring it.
  - Resolved timezone conflict by picking a valid timezone.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16037
2016-06-05 08:49:43 -07:00
epriestley
9d7c286252 Allow users to turn off desktop notifications
Summary: Fixes T8846. Ref T4103. I just took the shortest reasonable path here, this panel could use some attention on the next Conpherence iteration.

Test Plan: Turned on/off desktop notifications. Observed corresponding behavior in test notifications.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103, T8846

Differential Revision: https://secure.phabricator.com/D16036
2016-06-05 08:49:21 -07:00
epriestley
6199e95577 Use transactions to apply Ajax settings mutations
Summary:
Ref T4103. Some settings (mostly nav collapsed/expanded states) use this endpoint to make adjustments when users press keys (like `\` to toggle the durable column).

All of these settings are now formal, so swap things over to transactions.

Test Plan: Collapsed/expanded various navs, reloaded pages, settings stuck.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16035
2016-06-05 08:48:43 -07:00
epriestley
e3f4f051fe Add --purge-user to bin/cache purge
Summary: Ref T4103. Provide a CLI mechanism for purging the user cache.

Test Plan:
  - Purged with `--purge-user` and `--purge-all`.
  - Verified cache table got wiped.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16033
2016-06-04 14:45:15 -07:00
epriestley
fc45de29a6 Modernize various menu collapse settings
Summary: Ref T4103. Fully modernize the filetree show/hide, durable column show/hide, and profile menu collapse/wide settings.

Test Plan:
  - Toggled filetree on/off, reloaded page, setting stuck.
  - Same with conpherence column and profile menus.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16034
2016-06-04 14:44:36 -07:00
epriestley
804e7a6e06 When a user enables/disables DarkConsole, forget their console UI visibility setting
Summary: Ref T4103. This primarily makes sure the console gets turned on when you enable it so you aren't like "where's the console???"

Test Plan: Enabled console, saw console.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16030
2016-06-04 14:44:13 -07:00
epriestley
109917a94b Turn DarkConsole settings into real settings
Summary:
Ref T4103. These settings long-predate proper settings and are based on hard-coded user properties. Turn them into real settings.

(I didn't try to migrate the value since they're trivial to restore and only useful to developers.)

Test Plan:
  - Toggled console on/off.
  - Swapped tabs.
  - Reloaded page, everything stayed sticky.

Reviewers: chad

Reviewed By: chad

Subscribers: eadler

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16029
2016-06-04 14:43:43 -07:00
epriestley
64d6593e9c Modernize pinned homepage applications settings
Summary:
Ref T4103. A few bits here:

  - We have an ancient "tiles" preference which was just a fallback from 2-3 years ago. Throw that away.
  - Modenize the other pinned stuff. We should likely revisit this after the next homepage update but I just left the actual defaults alone for now.
  - Lightly prepare for global default editing.
  - Add a "reset to defaults" option.

Test Plan:
  - Pinned, unpinned, reordered and reset application homepage order.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16028
2016-06-04 14:42:39 -07:00
epriestley
44e88f186c Modernize "favorite project policies" setting
Summary:
Ref T4103. Convert this into a proper internal setting and use transactions to mutate it.

Also remove some no-longer-used old non-modular settings constants.

Test Plan:
  - Used policy dropdown, saw recently-used projects.
  - Selected some new projects, saw them appear.
  - Grepped for all removed constants.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16027
2016-06-04 14:42:11 -07:00
epriestley
5c8ff3d37c Convert Diffusion blame and color into standard internal settings
Summary: Ref T4103. Modernize the blame/color toggles in Diffusion. These have no separate settings UI.

Test Plan: Toggled blame and colors, reloaded pages, settings stuck.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16026
2016-06-04 14:41:49 -07:00
epriestley
1e17fd31a4 Modernize Conpherence access to user preferences
Summary:
Ref T4103. Conpherence is doing some weird stuff and has its own redudnant settings object.

  - Get rid of `ConpherenceSettings`.
  - Use `getUserSetting()` instead of `loadPreferences()`.
  - When applying transactions, add a new mechanism to efficiently prefill caches (this will still work anyway, but it's slower if we don't bulk-fetch).

Test Plan:
  - Changed global Conpherence setting.
  - Created a new Conpherence, saw setting set to global default.
  - Changed local room setting.
  - Submitted messages.
  - Saw cache prefill for all particpiants in database.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16025
2016-06-04 14:41:25 -07:00
epriestley
9a076b71a3 Remove standalone huge single page setting edit controller
Summary: Ref T4103. This isn't necessary or particularly useful anymore since panels have been converted.

Test Plan: Visited URI, got a 404.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16024
2016-06-04 14:41:03 -07:00
epriestley
45f347fe47 Use EditEngine for diff, display, developer and most email settings
Summary: Ref T4103. This converts other straightforward panels to modern stuff.

Test Plan:
  - Edited various settings.
  - Tried to set a bogus editor value.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16023
2016-06-04 14:40:32 -07:00
epriestley
ef28adae9a Use EditEngine for Conpherence preferences
Summary: Ref T4103. Only trick here is hiding the panel if Conpherence is not installed.

Test Plan:
  - Edited Conpherence preferences.
  - Uninstalled Conpherence, saw panel vanish.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16022
2016-06-04 14:40:04 -07:00
epriestley
d5f924b3fa Fix reading ad-hoc settings with no formal Settings object
Summary:
Ref T4103. Some settings (like the collapsed/expanded state of the diff filetree) are currently ad-hoc. They weren't being read correctly.

Also, simplify the caching code a little bit.

Test Plan: Toggled filetree, reloaded page, got sticky behavior.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16021
2016-06-04 14:39:34 -07:00
epriestley
eb673fd783 Formalize and fully modularize settings panel groups
Summary:
Ref T4103. Settings panels are grouped into categories of similar panels (like "Email" or "Sessions and Logs").

Currently, this is done informally, by just grouping and ordering by strings. This won't work well with translations, since it means the ordering is entirely dependent on the language order, so the first settings panel you see might be something irrelvant or confusing. We'd also potentially break third-party stuff by changing strings, but do so in a silent hard-to-detect way.

Provide formal objects and modularize the panel groups completely.

Test Plan: Verified all panels still appear properly and in the same groups and order.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16020
2016-06-04 14:39:11 -07:00
epriestley
2725fdf800 When a user changes their timezone, clear their ignored timezone offset
Summary:
Ref T4103. We have a couple of settings like this where changing one setting changes another (e.g., enabling DarkConsole makes the console visible).

Provide a mechanism to let changing timezone really mean "change timezone, and also clear the timezone offset".

Test Plan: Swapped timezones, reconciled them by ignoring the offset, changed timezone again to another zone with the same offset, got asked to reconcile again.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16018
2016-06-04 14:38:43 -07:00
epriestley
2f936094d8 Convert "Account" and "Date and Time" settings to EditEngine
Summary:
Ref T4103. This pretty much replaces these panels in-place with similar looking ones that go through EditEngine.

This has a few rough edges but they're pretty minor and/or hard to hit (for example, when editing another user's settings, the crumbs have a redundant link in them).

Test Plan:
  - Edited my own settings.
  - Edited a bot user's settings.
  - Tried to edit another user's settings (failed).

{F1674465}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16017
2016-06-04 14:38:20 -07:00
epriestley
67482fd19d Continue modernizing application access to user preferences
Summary:
Ref T4103. This is just incremental cleanup:

  - Add "internal" settings, which aren't editable via the UI. They can still do validation and run through the normal pathway. Move a couple settings to use this.
  - Remove `getPreference()` on `PhabricatorUser`, which was a sort of prototype version of `getUserSetting()`.
  - Make `getUserSetting()` validate setting values before returning them, to improve robustness if we change allowable values later.
  - Add a user setting cache, since reading user settings was getting fairly expensive on Calendar.
  - Improve performance of setting validation for timezone setting (don't require building/computing all timezone offsets).
  - Since we have the cache anyway, make the timezone override a little more general in its approach.
  - Move editor stuff to use `getUserSetting()`.

Test Plan:
  - Changed search scopes.
  - Reconciled local and server timezone settings by ignoring and changing timezones.
  - Changed date/time settings, browsed Calendar, queried date ranges.
  - Verified editor links generate properly in Diffusion.
  - Browsed around with time/date settings looking at timestamps.
  - Grepped for `getPreference()`, nuked all the ones coming off `$user` or `$viewer` that I could find.
  - Changed accessiblity to high-contrast colors.
  - Ran all unit tests.
  - Grepped for removed constants.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16015
2016-06-04 14:37:56 -07:00
epriestley
57c2f61b75 Modularize Conpherence notification preferences
Summary:
Ref T4103. This is a weird standalone setting that I didn't clean up earlier.

Also fix an issue with the PronounSetting and the Editor not interacting properly.

Test Plan: Edited using new EditEngine UI.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16014
2016-06-04 14:37:36 -07:00
Asher Baker
3849a69995 Modernize metamta.differential.patch-format
Summary: Change metamta.differential.patch-format over to an enum option now that they're implemented.

Test Plan: Looked at settings page.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D16032
2016-06-04 12:17:14 +00:00
epriestley
a34b769b4f Prevent creation of inline comments with mismatched changesetID / revisionPHID
Summary:
Ref T11092. With Quicksand (or, possibly, some as-yet-unknown non-Quicksand workflow) the client can get stuck with an out-of-date revision PHID.

We then save comments with a `revisionPHID` from one revision and a `changesetID` from a different one.

Detect and prevent this. This stops the workflow immediately when the use first clicks, so it should allow us to detect this issue if it has some other non-Quicksand cause.

Test Plan:
  - Opened revision `D123`.
  - Pressed `\` to enable the sidebar and Quicksand.
  - Clicked a link to revision `D124`.
  - Added inlines.

Previously, these could ghost. The exact UI behavior is difficult to describe, but in the database they end up with a `changesetID` for `D124` but the original `revisionPHID` for `D123`, presumably because state is sticking around from the first page.

After this patch, an exception is thrown immediately. Additionally:

  - Reloaded to clear quicksand state, added comments fine.
  - Disabled sidebar/quicksand, added comments fine.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11092

Differential Revision: https://secure.phabricator.com/D16031
2016-06-03 13:48:49 -07:00
epriestley
03e54afc14 Give Phame blogs an explicit 404 controller
Summary:
Ref T11076. Ref T9897. Bad links on Phame blogs are currently made worse because we try to prompt you to login on a non-cookie domain.

Instead, just 404 in a vanilla way. Do so cleanly on external domains.

Test Plan: {F1672399}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9897, T11076

Differential Revision: https://secure.phabricator.com/D16010
2016-06-02 09:12:21 -07:00
epriestley
24acac117b Consider identifier types when sorting clone URIs
Summary:
Fixes T11082. Currently, the `/123/` and `/CALLSIGN/` versions of the URI get the same score.

Also the scores are backwards.

Test Plan:
  - Added `getPublicCloneURI()` output to repository listing.
  - Before patch, saw a repository with a callsign list a less-preferred ID-based URI.
  - After patch, saw the repository list the more-preferred callsign-based URI.

Reviewers: chad

Reviewed By: chad

Subscribers: nikolay.metchev

Maniphest Tasks: T11082

Differential Revision: https://secure.phabricator.com/D16008
2016-06-02 06:57:43 -07:00
epriestley
ebd8f3c987 Make translation, timezone and pronoun into real settings
Summary:
Ref T4103. These are currently stored on the user, for historic/performance reasons.

Since I want administrators to be able to set defaults for translations and timezones at a minimum and there's no longer a meaningful performance penalty for moving them off the user record, turn them into real preferences and then nuke the columns.

Test Plan:
  - Set settings to unusual values.
  - Ran migrations.
  - Verified my unusual settings survived.
  - Created a new user.
  - Edited all settings with old and new UIs.
  - Reconciled client/server timezone disagreement.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16005
2016-06-02 06:29:47 -07:00
epriestley
edfc6a6934 Convert some loadPreferences() to getUserSetting()
Summary:
Ref T4103. This doesn't get everything, but takes care of most of the easy stuff.

The tricky-ish bit here is that I need to move timezones, pronouns and translations to proper settings. I expect to pursue that next.

Test Plan:
- Grepped for `loadPreferences` to identify callsites.
- Changed start-of-week setting, loaded Calendar, saw correct start.
- Visited welcome page, read "Adjust Settings" point.
- Loaded Conpherence -- I changed behavior here slightly (switching threads drops the title glyph) but it wasn't consistent to start with and this seems like a good thing to push to the next version of Conpherence.
- Enabled Filetree, toggled in Differential.
- Disabled Filetree, no longer visible in Differential.
- Changed "Unified Diffs" preference to "Small Screens" vs "Always".
- Toggled filetree in Diffusion.
- Edited a task, saw sensible projects in policy dropdown.
- Viewed user profile, uncollapsed/collapsed side nav, reloaded page, sticky'd.
- Toggled "monospaced textareas", used a comment box, got appropriate fonts.
- Toggled durable column.
- Disabled title glyphs.
- Changed monospaced font to 18px/36px impact.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16004
2016-06-02 06:29:20 -07:00
epriestley
9180f429eb Provide a general-purpose, modular user cache for settings and other similar data
Summary:
Ref T4103. Currently, we issue a `SELECT * FROM user_preferences ... WHERE userPHID = ...` on every page to load the viewer's settings.

There are several other questionable data accesses on every page too, most of which could benefit from improved caching strategies (see T4103#178122).

This query will soon get more expensive, since it may need to load several objects (e.g., the user's settings and their "role profile" settings). Although we could put that data on the User and do both in one query, it's nicer to put it on the Preferences object ("This inherits from profile X") which means we need to do several queries.

Rather than paying a greater price, we can cheat this stuff into the existing query where we load the user's session by providing a user cache table and doing some JOIN magic. This lets us issue one query and try to get cache hits on a bunch of caches cheaply (well, we'll be in trouble at the MySQL JOIN limit of 61 tables, but have some headroom).

For now, just get it working:

  - Add the table.
  - Try to get user settings "for free" when we load the session.
  - If we miss, fill user settings into the cache on-demand.
  - We only use this in one place (DarkConsole) for now. I'll use it more widely in the next diff.

Test Plan:
  - Loaded page as logged-in user.
  - Loaded page as logged-out user.
  - Examined session query to see cache joins.
  - Changed settings, saw database cache fill.
  - Toggled DarkConsole on and off.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16001
2016-06-02 06:28:56 -07:00
epriestley
7fe1a6840e Modularize all straightforward settings
Summary:
Ref T4103. This tackles all the easy stuff. Not yet handled:

  - Translation, pronoun, timezone: these are weird and stored on the User object instead of in settings.
  - Conpherence default: actually just missed this one, it's normal.
  - 1000 dropdowns for email notification preferences (messy, technically).

Test Plan:
wow look at all these settings

{F1670442}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D15999
2016-06-02 06:28:35 -07:00
epriestley
39cb5e7211 Improve some Phame custom domain remarkup and link behaviors
Summary:
Ref T6299. This makes more of the links point to the right places.

Not covered yet:

  - Projects and subscribers don't point to the right place (this is a little tricky to fix, I think).
  - `[[ #anchor ]]`s won't do the right thing in, uh, email, I guess, since `uri.here` is not set. This is also a little tricky.

Possibly we should just remove subscribers (although also kind of tricky).

Test Plan: On a custom-domain blog, observed that fewer things were broken.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T6299

Differential Revision: https://secure.phabricator.com/D16007
2016-06-02 06:28:06 -07:00
Chad Little
7126025fe6 Add information dialogs to adding project members if unsupported
Summary: If you try to join or add members to a parent project, we currently return 404. This instead adds an informational dialog. Fixes T11055

Test Plan: Click on Join Project and Add Members while on a Parent Project or Milestone.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T11055

Differential Revision: https://secure.phabricator.com/D16000
2016-06-01 12:42:58 -07:00
epriestley
4458fb6f8f Correct tooltip label for open audit count
Summary: Fixes T11071. This was a copy/paste error from D14638.

Test Plan: {F1669989}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11071

Differential Revision: https://secure.phabricator.com/D15998
2016-06-01 07:12:10 -07:00
epriestley
9b27b5c7da Convert "Display Preferences" to modular settings
Summary: Ref T4103. Just porting these directly for now, no attempt to organize things yet.

Test Plan: {F1669263}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D15997
2016-06-01 04:44:46 -07:00
Aviv Eyal
ba505c03f9 Fix typo in link to docs
Test Plan: click new link, get to the right page

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15996
2016-05-31 23:36:15 +00:00
epriestley
5e6716399c Make Settings modular and allow them to be EditEngine'd
Summary: Ref T4103. This starts breaking out settings in a modern way to prepare for global defaults.

Test Plan:
  - Edited diff settings.
  - Saw them take effect in primary settings pane.
  - Set stuff to new automatic defaults.
  - Tried to edit another user's settings.
  - Edited a bot's settings as an administrator.

{F1669077}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D15995
2016-05-31 15:32:02 -07:00
epriestley
b256f2d7b2 Prepare UserPreferences for transactions
Summary:
Ref T4103. This give preferences a PHID, policy/transaction interfaces, a transaction table, and a Query class.

This doesn't actually change how they're edited, yet.

Test Plan:
- Ran migrations.
- Inspected database for date created, date modified, PHIDs.
- Changed some of my preferences.
- Deleted a user's preferences, verified they reset properly.
- Set some preferences as a new user, got a new row.
- Destroyed a user, verified their preferences were destroyed.
- Sent Conpherence messages.
- Send mail.
- Tried to edit another user's settings.
- Tried to edit a bot's settings as a non-admin.
- Edited a bot's settings as an admin (technically, none of the editable settings are actually stored in the settings table, currently).

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D15991
2016-05-31 12:28:44 -07:00
epriestley
92ea4fb098 Stop two special cache writes in read-only mode
Summary:
Ref T10769. The user availability cache write shouldn't happen in read-only mode, nor should the Differential parse cache write.

(We might want to turn off the availbility feature completely since it's potentially expensive if we can't cache it, but I think we're OK for now.)

Test Plan:
In read-only mode:

  - Browsed as a user with an out-of-date availability cache.
  - Loaded an older revision without cached parse data.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10769

Differential Revision: https://secure.phabricator.com/D15988
2016-05-30 10:12:09 -07:00
epriestley
f5f784f4c1 Version clustered, observed repositories in a reasonable way (by largest discovered HEAD)
Summary:
Ref T4292. For hosted, clustered repositories we have a good way to increment the internal version of the repository: every time a user pushes something, we increment the version by 1.

We don't have a great way to do this for observed/remote repositories because when we `git fetch` we might get nothing, or we might get some changes, and we can't easily tell //what// changes we got.

For example, if we see that another node is at "version 97", and we do a fetch and see some changes, we don't know if we're in sync with them (i.e., also at "version 97") or ahead of them (at "version 98").

This implements a simple way to version an observed repository:

  - Take the head of every branch/tag.
  - Look them up.
  - Pick the biggest internal ID number.

This will work //except// when branches are deleted, which could cause the version to go backward if the "biggest commit" is the one that was deleted. This should be OK, since it's rare and the effects are minor and the repository will "self-heal" on the next actual push.

Test Plan:
  - Created an observed repository.
  - Ran `bin/repository update` and observed a sensible version number appear in the version table.
  - Pushed to the remote, did another update, saw a sensible update.
  - Did an update with no push, saw no effect on version number.
  - Toggled repository to hosted, saw the version reset.
  - Simulated read traffic to out-of-sync node, saw it do a remote fetch.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4292

Differential Revision: https://secure.phabricator.com/D15986
2016-05-30 09:53:01 -07:00
epriestley
e81637a6c6 Fix some issues with the "Explain Why" dialog
Summary:
Ref T11051. This is still not as clear as it should be, but is at least working as intended now.

I believe this part of the code just never worked. The test plan on D10489 didn't specifically cover it.

Test Plan:
Did this sort of thing in a repository:

```
$ git checkout -b featurex
$ echo x >> y
$ git commit -am wip
$ arc diff
```

Then I simulated just pushing it (this flow is a little more involved than necessary):

```
$ arc land --hold
$ git commit --amend
$ # remove all metadata -- particularly, "Differential Revision"!
$ git push HEAD:master
```

I got a not-great but more-useful dialog:

{F1667318}

Prior to this change, the hash match was incorrectly not reported at all.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11051

Differential Revision: https://secure.phabricator.com/D15989
2016-05-30 09:52:35 -07:00
epriestley
74a36f9d7b Read "Database Status" page connection information from cluster config if present
Summary:
Fixes T11043. This page was still reading the old information directly instead of going through the cluster-aware stuff.

Have it ask the cluster-aware stuff for information instead.

Test Plan:
  - Nuked MySQL on localhost.
  - Configured cluster hosts.
  - Loaded "Database Status" page -- worked after patch.
  - Grepped for any remaining `mysql.configuration-provider` stragglers, came up empty.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11043

Differential Revision: https://secure.phabricator.com/D15982
2016-05-26 12:14:39 -07:00
epriestley
727a7de759 Sort project typeahead tokens by display name, not hashtag
Summary:
Fixes T8510. Results are internally ordered by "name", which is the full list of strings a user can type to match a result. On the balance, it is probably good/correct to order by this (particularly, it allows `function(x)` to sort near `x`).

However, the way projects were built put the tags first, so a project like "Discovery" could end up last if it had originally been created with a different name like "Search Team", so that its first slug is "search-team".

Instead, put the display name first in the ordering.

Test Plan:
{F1661775}

To reproduce in particular:

  - Create a project named "Zebra".
  - Create a lot of projects named "Armadillo-blahblahblah".
  - Rename "Zebra" to "Armadillo".

Before the patch, the new "Armadillo" project would still sort as though it were named "Zebra". After the patch, it sorts as expected normally.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T8510

Differential Revision: https://secure.phabricator.com/D15981
2016-05-26 10:47:09 -07:00
epriestley
5b77b86ffb Show translation option names natively, instead of in the current translation
Summary: Ref T5267. Put "Deutsch" in the list instead of "German", so you can find your language without knowing the English word for it.

Test Plan: {F1661598}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T5267

Differential Revision: https://secure.phabricator.com/D15980
2016-05-26 08:07:57 -07:00
epriestley
10ffa42504 Separate locales into more usable groups in the translation menu
Summary:
Ref T5267. Ref T4103. Currently, adding new locale support to the upstream fills this menu with confusing options which don't do anything. Separate it into four groups:

  - Translations: these have a "reasonable number" of strings and you'll probably see some obvious effect if you switch to the translation.
  - Limited Translations: these have very few or no strings, and include locales which we've added but don't ship translations for.
  - Silly Translations: Pirate english, etc.
  - Test Translations: ALLCAPS, raw strings, etc.

Czech is currently in "test" instead of "limited" for historical reasons; I'll remedy this in the next change.

Test Plan: {F1661523}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103, T5267

Differential Revision: https://secure.phabricator.com/D15978
2016-05-26 08:00:06 -07:00
epriestley
a4e5780043 Remove "Search Preferences"
Summary:
Ref T4103. This removes these options:

{F1660585}

The jump nav option came from T916, when we had a separate jump nav on the home page. Essentially no one has ever been confused by the behavior of search or disabled this feature. Here are the stats for this install:

| Total Users | 36656 |
| Have Set Any Preference | 3084 |
| Have Disabled Jump | 6
| Are Not "Security Researchers" | 2
| Any Account Activity | 0

The "/" option came in the same change, but the preference came from T989. This keystroke conflicts with a default Firefox keystroke. Almost no one cares about this either, but I count 6 real users who have disabled the behavior. I suspect the number of real users who //use// it may be smaller.

In Safari and Firefox, the "tab" key does the same thing.

In Chrome, the "tab" key does the same thing if {nav Preferences > Web Content > "Pressing Tab highlights..."} is disabled.

Upshot: jump nav is great, bulk of the change in T989 was clearly great, specific preferences that came out of it seem not-so-great and now is a good time to kill them as we head into T4103.

Test Plan:
  - Grepped for removed constants.
  - Pressed "/".
  - Searched for `T123`.
  - Viewed settings.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D15976
2016-05-26 06:21:47 -07:00
epriestley
189600e411 Allow broader HTTP access to public repositories, respect nonstandard Phabricator HTTP port when generating repository URIs
Summary:
Fixes T11030. Fixes T11032.

  - Allow HTTP access to "Public" repositories even if `diffusion.allow-http-auth` is disabled.
  - If you run Phabricator on an unusual port (???) use that port as the default when generating HTTP URIs.

Test Plan:
  - Faked `phabricator.base-uri` to an unusual port, saw repository HTTP URI generate with an unusual port.
  - Disabled `diffusion.allow-http-auth`, confirmed that toggling view policy between "public" and "users" activated or deactivated HTTP clone URI.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11030, T11032

Differential Revision: https://secure.phabricator.com/D15973
2016-05-25 09:07:00 -07:00
epriestley
d1eed54d85 Fix expansion of projects into lists of user PHIDs
Summary:
Ref T11016. I think I inverted the meaning of this function by accident in D14893.

The intent is to return a list of users: direct users, and all members of all projects.

Prior to this patch actually returns direct users, and all projects they are members of.

Test Plan:
  - Created "Project with Dog".
  - Added user "dog" to project.
  - Created package "X", owning file "/x", with audit enabled.
  - Made "X" owned by "Project with Dog".
  - Modified "/x" and had user "dog" accept it.
  - Landed change.
  - Prior to change: package "X" incorrectly added as auditor.
  - After change: package "X" correctly omitted as auditor, because a member reviewed the change.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11016

Differential Revision: https://secure.phabricator.com/D15971
2016-05-24 06:38:37 -07:00
epriestley
74e117ae41 Don't send mail to "uninteresting" auditors
Summary:
Fixes T11017. We add packages as "uninteresting" auditors so that we can query commits by package later.

Until recently, this didn't matter because we didn't send mail to packages. But now we do, so stop mailing them when they don't actually need to do anything.

Test Plan:
  - Made a commit to a file which was part of a package but which I owned (so it does not trigger auditing).
  - `var_dump()`'d mail "To:" PHIDs.
    - Before patch: included package.
    - After patch: no package.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11017

Differential Revision: https://secure.phabricator.com/D15970
2016-05-23 17:55:13 -07:00
epriestley
bb16a1b0e2 Fix a possible fatal on the first push to a cluster repository
Summary:
Fixes T11020. I think this resolves things -- `$new_version` (set above) should be used, not `$new_log` directly.

Specifically, we would get into trouble if the initial push failed for some reason (working copy not initialized yet, commit hook rejected, etc).

Test Plan: Made a bad push to a new repository. Saw it freeze before the patch and succeed afterwards.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11020

Differential Revision: https://secure.phabricator.com/D15969
2016-05-23 17:54:54 -07:00
epriestley
725d60eb4a Fix "Reviewers" validation issue with empty reviewers
Summary: Fixes T11021.

Test Plan: Created a revision without reviewers.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11021

Differential Revision: https://secure.phabricator.com/D15968
2016-05-23 17:16:21 -07:00
epriestley
e1ad312fdd Fix one more "Reviewers" wire format issue
Summary: Fixes T11010. This also needs to be inflated until we fix the whole client/server responsibility issue here.

Test Plan:
  - Created a revision while observing error log, no error.
  - Disabled "allow self accept", tried to make myself a reviewer, got rejected with an error message.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11010

Differential Revision: https://secure.phabricator.com/D15966
2016-05-23 12:48:34 -07:00
lkassianik
627b95bf78 Remove calendar panel in profile and make calendar box header a link to user's calendar
Summary: Ref T9606, Clicking on the calendar preview header in user's profile page should link to user's full month calendar

Test Plan: Open user profile, scroll to calendar preview, click on Calendar box header. This should open the month calendar for the user (not viewer)

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin

Maniphest Tasks: T9606

Differential Revision: https://secure.phabricator.com/D15967
2016-05-23 11:32:56 -07:00
lkassianik
359e8d4aa5 Hover hint on calendar list items should appear on the most convenient side of the item
Summary: Hover hint on calendar list items should be to the right in day view, left in profile view, on top in month view

Test Plan: Open profile view, calendar items should have a left hover. Open day view, calendar items should have a right hover. Open month view, calendar items should have top hover.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin

Maniphest Tasks: T9606

Differential Revision: https://secure.phabricator.com/D15964
2016-05-23 10:49:29 -07:00
lkassianik
de645301b5 Adding a calendar preview panel to people profile
Summary: Ref T9606

Test Plan: Open people profile for a user with events today/tomorrow, see a panel under badges panel with event list

Reviewers: chad, epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin

Maniphest Tasks: T9606

Differential Revision: https://secure.phabricator.com/D15851
2016-05-23 10:39:25 -07:00
epriestley
efd001b42f Wordsmith the timezone selection UX
Summary:
Ref T3025.

  - Show current zone to make the current vs new more clear.
  - Tweak some text.

Test Plan: {F1656534}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T3025

Differential Revision: https://secure.phabricator.com/D15965
2016-05-23 10:31:42 -07:00
epriestley
3d3fff4991 Fix weird remarkup linewrapping on a few instructions forms, plus move toward fixing Phame/CORGI remarkup issues
Summary:
Fixes T10381. When we converted to `PHUIRemarkupView`, some instructional text got linebreaks added when it shouldn't have them (the source is written in PHP and wrapped at 80 characters, but the output should flow naturally).

Fix this so we don't preserve linebreaks.

This also makes `PHUIRemarkupView` a little more powerful and inches us toward fixing Phame/CORGI remarkup issues, getting rid of `PhabricatorMarkupInterface` / `PhabricatorMarkupOneOff`, and dropping all the application hard-coding in `PhabricatorMarkupEngine`.

Test Plan:
  - Grepped for all callsites, looking for callsites which accept remarkup written in `<<<HEREDOC` format.
  - Viewed form instructions, Conduit API methods, HTTP parameter edit instructions.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10381

Differential Revision: https://secure.phabricator.com/D15963
2016-05-22 12:23:05 -07:00
epriestley
2a00f185eb When the JS "Intl" API is available, use it to guess the timezone
Summary:
Ref T3025. Chrome gives us an easily-accessible, much better guess at which timezone the user is in.

Firefox also exposes "Intl" but this doesn't seem to be a reliable method to read the timezone.

Test Plan:
In Chrome, swapped my system date/time between zones, clicked the "reconcile" popup, got the dropdown prefilled accurately.

In Safari (no `Intl` API) got the normal flow with no default selected.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T3025

Differential Revision: https://secure.phabricator.com/D15962
2016-05-22 09:14:02 -07:00
epriestley
5d30ea56cf Add a modern user.search Conduit API method
Summary: Ref T10512. This is fairly bare-bones but appears to work.

Test Plan: Queried all users, queried some stuff by constraints.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10512

Differential Revision: https://secure.phabricator.com/D15959
2016-05-22 05:54:31 -07:00
epriestley
a91004ef1b Detect timezone discrepancies and prompt users to reconcile them
Summary: Ref T3025. This adds a check for different client/server timezone offsets and gives users an option to fix them or ignore them.

Test Plan:
  - Fiddled with timezone in Settings and System Preferences.
  - Got appropriate prompts and behavior after simulating various trips to and from exotic locales.

In particular, this slightly tricky case seems to work correctly:

  - Travel to NY.
  - Ignore discrepancy (you're only there for a couple hours for an important meeting, and returning to SF on a later flight).
  - Return to SF for a few days.
  - Travel back to NY.
  - You should be prompted again, since you left the timezone after you ignored the discrepancy.

{F1654528}

{F1654529}

{F1654530}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T3025

Differential Revision: https://secure.phabricator.com/D15961
2016-05-21 13:25:23 -07:00
epriestley
f2c36a934e Provide an <input type="file"> control in Remarkup for mobile and users with esoteric windowing systems
Summary:
Ref T5187. This definitely feels a bit flimsy and I'm going to hold it until I cut the release since it changes a couple of things about Workflow in general, but it seems to work OK and most of it is fine.

The intent is described in T5187#176236.

In practice, most of that works like I describe, then the `phui-file-upload` behavior gets some weird glue to figure out if the input is part of the form. Not the most elegant system, but I think it'll hold until we come up with many reasons to write a lot more Javascript.

Test Plan:
Used both drag-and-drop and the upload dialog to upload files in Safari, Firefox and Chrome.

{F1653716}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T5187

Differential Revision: https://secure.phabricator.com/D15953
2016-05-20 16:24:22 -07:00
Chad Little
804a5db41a Add transparency to Pholio Edit thumbs
Summary: Makes the background transparent for uploaded thumbs. This page in general needs lots of work, but here's the minimum. Fixes T10986

Test Plan: Edit a Mock with a transparent jeff.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T10986

Differential Revision: https://secure.phabricator.com/D15957
2016-05-20 13:43:22 -07:00
Chad Little
969d3be035 Clean up "points" display on workboards
Summary: Couple of edge cases here I never cleaned up. This inlines points and projects better, with spacing and use of grey to better differentate from project tag colors.

Test Plan:
Review edge cases on workboard with multiple short and long project names.

{F1653998}

{F1653999}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15956
2016-05-20 13:06:57 -07:00
Chad Little
58aa3fdc9d Make View Revision in Mail a little more resilient
Summary: Converts to table so text wraps on long strings well, button always stays top right, better spacing underneath.

Test Plan: Mail, Gmail, mobile

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15955
2016-05-20 12:07:17 -07:00
epriestley
45718268a9 Restore viewer() function to "Responsible Users" tokenizer in Differential
Summary:
Ref T10939. This makes the `viewer()` function work again. It retains its own meaning (viewer, plus all their projects and packages).

There's no `exact-viewer()` function; we could conceivably add one eventually if we need it.

Test Plan:
  - Queried for `viewer()`, got the same results as querying by my own username.
  - Browsed function in token browser.
  - Reviewed autogenerated documentation.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10939

Differential Revision: https://secure.phabricator.com/D15951
2016-05-19 15:21:20 -07:00
epriestley
7ae33d14ec Use new Differential bucketing logic on default (non-dashboard) homepage
Summary:
Ref T10939. If you haven't installed a dashboard, we show an "Active Revisions" panel on the homepage by default. I waited a bit to update this, but the new buckets don't seem to have caused any major problems so far.

Update this to use the new logic. I'm just showing "must review" + "should review", which is similar to the old beahvior.

Also replace the notification count with this same number. This is a little different from the old behavior, but simpler, and I think we should probably move toward getting rid of these counts completely.

Test Plan:
  - Viewed homepage as logged-in user, saw my revisions (including revisions I have authority over only because of project membership).
  - Saw consistent notification count.
  - Grepped for removed method.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10939

Differential Revision: https://secure.phabricator.com/D15950
2016-05-19 15:20:39 -07:00
epriestley
0fad384727 Fix minor section formatting mishap in SSH key email
Summary: Ref T10917. This is getting added as a link right now, which causes it to get `<a href>`'d in HTML mail. Add it as text instead.

Test Plan: Edited a key, examined HTML mail body carefully.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10917

Differential Revision: https://secure.phabricator.com/D15952
2016-05-19 15:20:19 -07:00
epriestley
6f6ca0102d Send forced mail on SSH key edits
Summary:
Ref T10917. This cheats fairly heavily to generate SSH key mail:

  - Generate normal transaction mail.
  - Force it to go to the user.
  - Use `setForceDelivery()` to force it to actually be delivered.
  - Add some warning language to the mail body.

This doesn't move us much closer to Glorious Infrastructure for this whole class of events, but should do what it needs to for now and doesn't really require anything sketchy.

Test Plan: Created and edited SSH keys, got security notice mail.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10917

Differential Revision: https://secure.phabricator.com/D15948
2016-05-19 15:01:25 -07:00
epriestley
da6b3de65c Use transactions to apply web UI SSH key edits
Summary:
Ref T10917. Converts web UI edits to transactions.

This is about 95% "the right way", and then I cheated on the last 5% instead of building a real EditEngine. We don't need it for anything else right now and some of the dialog workflows here are a little weird so I'm just planning to skip it for the moment unless it ends up being easier to do after the next phase (mail notifications) or something like that.

Test Plan: {F1652160}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10917

Differential Revision: https://secure.phabricator.com/D15947
2016-05-19 15:00:18 -07:00
epriestley
08bea1d363 Add ViewController and SearchEngine for SSH Public Keys
Summary:
Ref T10917. This primarily prepares these for transactions by giving us a place to:

  - review old deactivated keys; and
  - review changes to keys.

Future changes will add transactions and a timeline so key changes are recorded exhaustively and can be more easily audited.

Test Plan:
{F1652089}

{F1652090}

{F1652091}

{F1652092}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10917

Differential Revision: https://secure.phabricator.com/D15946
2016-05-19 09:48:46 -07:00
epriestley
36006bcb8f Prevent locked credentials from being made accessible via conduit
Summary:
Via HackerOne. Currently, you can use "Lock Permanently" to lock a credential permanently, but you can still enable Conduit API access to it. This directly contradicts both intent of the setting and its description as presented to the user.

Instead:

  - When a credential is locked, revoke Conduit API access.
  - Prevent API access from being enabled for locked credentials.
  - Prevent API access to locked credentials, period.

Test Plan:
  - Created a credential.
  - Enabled API access.
  - Locked credential.
  - Saw API access become disabled.
  - Tried to enable API access; was rebuffed.
  - Queried credential via API, wasn't granted access.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D15944
2016-05-18 14:54:44 -07:00
epriestley
0308d580d7 Deactivate SSH keys instead of destroying them completely
Summary:
Ref T10917. Currently, when you delete an SSH key, we really truly delete it forever.

This isn't very consistent with other applications, but we built this stuff a long time ago before we were as rigorous about retaining data and making it auditable.

In partiular, destroying data isn't good for auditing after security issues, since it means we can't show you logs of any changes an attacker might have made to your keys.

To prepare to improve this, stop destoying data. This will allow later changes to become transaction-oriented and show normal transaction logs.

The tricky part here is that we have a `UNIQUE KEY` on the public key part of the key.

Instead, I changed this to `UNIQUE (key, isActive)`, where `isActive` is a nullable boolean column. This works because MySQL does not enforce "unique" if part of the key is `NULL`.

So you can't have two rows with `("A", 1)`, but you can have as many rows as you want with `("A", null)`. This lets us keep the "each key may only be active for one user/object" rule without requiring us to delete any data.

Test Plan:
- Ran schema changes.
- Viewed public keys.
- Tried to add a duplicate key, got rejected (already associated with another object).
- Deleted SSH key.
- Verified that the key was no longer actually deleted from the database, just marked inactive (in future changes, I'll update the UI to be more clear about this).
- Uploaded a new copy of the same public key, worked fine (no duplicate key rejection).
- Tried to upload yet another copy, got rejected.
- Generated a new keypair.
- Tried to upload a duplicate to an Almanac device, got rejected.
- Generated a new pair for a device.
- Trusted a device key.
- Untrusted a device key.
- "Deleted" a device key.
- Tried to trust a deleted device key, got "inactive" message.
- Ran `bin/ssh-auth`, got good output with unique keys.
- Ran `cat ~/.ssh/id_rsa.pub | ./bin/ssh-auth-key`, got good output with one key.
- Used `auth.querypublickeys` Conduit method to query keys, got good active keys.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10917

Differential Revision: https://secure.phabricator.com/D15943
2016-05-18 14:54:28 -07:00
epriestley
49eb6403a4 Send HTML email by default
Summary: Ref T10694. Switch default mode to HTML since it has a number of significant advantages and we haven't seen reports of significant problems.

Test Plan:
  - Switched preference to default (saw "HTML" in UI).
  - Sent myself some mail.
  - Got HTML mail.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10694

Differential Revision: https://secure.phabricator.com/D15885
2016-05-18 14:53:57 -07:00