1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-14 10:52:41 +01:00
Commit graph

324 commits

Author SHA1 Message Date
Chad Little
063f93a106 Rework desktop header
Summary: Removes the glow icons and uses a hover change. Fixes phantom anchors.

Test Plan: Review in Chrome at various sizes (phone tablet). Check that icons still work. Check that mobile menus render when clicked.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2876

Differential Revision: https://secure.phabricator.com/D5549
2013-04-03 08:26:36 -07:00
Anh Nhan Nguyen
f46e3badae Modernized People Ldap Controller a tiny little bit
Summary: somewhat. de-uglified panels, add dust, etc. you get it.

Test Plan:
Visited, looked at nice new form.
Visited `http://phab.van/people/ldap/?import=true&usernames[]=anh&usernames[]=han&email[anh]=anh%40nhan.com&email[han]=han%40nhan.com&name[anh]=Nhan&name[han]=Nguyen` to hack in a few users. Did not work (CSRF ¬.¬), but saw what I wanted. Beautiful `PhabricatorObjectItemView`s. With color bars
These images where before the diff update. Error messages would appear as attributes (good for you that I did not include them, since it looks horrible)

The looks of it (refuse to take THIS in mobile):
{F36428}
{F36429}

Reviewers: epriestley, chad, btrahan

Reviewed By: btrahan

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D5387
2013-04-02 08:58:53 -07:00
Anh Nhan Nguyen
5320d85343 Some pht()'s for People that got missed
Summary: We certainly don't go all-caps enough, else we would have noticed them.

Test Plan: Looked at profiles, people edit page before and after with All-Caps

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D5450
2013-03-26 12:47:25 -07:00
Anh Nhan Nguyen
b0e9371a9c Consolidate User Profile loading
Summary:
Introduce `PhabricatorUserQuery::attachProfilesForUsers()` for batch attachment of user profiles (for a future diff)
Introduce `PhabricatorUser::loadUserProfile()` to load attached user profiles (or load them on their own, if no one is attached).

USed them in code

Test Plan:
verified that use sites did not break

- Uploaded user profile image for bots
- changed my own profile image and blurb
- looked a lot at my own profile

Reviewers: epriestley, btrahan, chad

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D5395
2013-03-24 06:42:54 -07:00
Jakub Vrana
efe0c135fe Implement text mode for Phabricator Remarkup rules
Test Plan:
  lang=remarkup
  D1
  {D1}
  {C1}
  {F1}
  [[ Test ]]
  iiam
  {meme, src=iiam, above="I\'m not always", below="But I am"}
  @{function:pht}
  @vrana

Reviewers: epriestley, edward

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2617

Differential Revision: https://secure.phabricator.com/D5392
2013-03-22 17:33:36 -07:00
epriestley
cb84cb1c0f Don't require admin privileges to verify email addresses
Summary: Fixes T2821. In D5386 we locked most of this app down, but missed one controller which needs to be accessible by non-admins (this controller should probably be in some other app, like auth, in the long term).

Test Plan: @shanemhansen confirmed this fixed his install

Reviewers: chad, AnhNhan

Reviewed By: chad

CC: shanemhansen, aran

Maniphest Tasks: T2821

Differential Revision: https://secure.phabricator.com/D5422
2013-03-22 14:39:43 -07:00
Anh Nhan Nguyen
e3a9ddfc4f Made most of People inaccessible for passer-bys
Summary:
Depends on D5360; Refs T2770

See https://secure.phabricator.com/chatlog/channel/6/?at=54481 for discussion.

This will be a sad day, when I will repeatedly continue to hit a glass wall trying to get into `/people/` to browse the user list J4F at http://secure.phabricator.com/.

Test Plan:
verified that I could not access People as some passer-by.

Verified I could still access user profiles (at least I think I got the right controller for that).

Reviewers: epriestley, chad, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2770

Differential Revision: https://secure.phabricator.com/D5386
2013-03-19 13:48:58 -07:00
Anh Nhan Nguyen
d21880530d Migrated People's listing to PhabricatorObjectListView
Summary:
Depends on D5359

Exactly what it says on a tin

made icons white; replaced panel with header

Made People app God-Mode only; did @epriestley's comments

reverted god-mode changes

Test Plan:
{F36157}

tell my if you like

Reviewers: epriestley, chad, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D5360
2013-03-19 13:47:05 -07:00
Anh Nhan Nguyen
3ad33dbc04 Profile Pictures can only be edited for System Agents
Summary:
I feel pretty disturbed by having the thought of admins,
super-beings among all users, being able to edit my profile picture. So I took away
that capability of theirs.

Test Plan: Tried to edit a sys agent's profile pic, and somebody else's.

Reviewers: epriestley, chad, btrahan, Afaque_Hussain

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D5358
2013-03-16 11:44:14 -04:00
epriestley
855e085c6f Uninstall Conduit calls when uninstalling applications
Summary: Fixes T2698. When applications are installed, their Conduit calls should drop out. This will also let us land Releeph without exposing Conduit calls.

Test Plan:
  - Viewed Conduit console; uninstalled some applications and verified their calls dropped out.
  - Tried to make an uninstalled call; got an appropriate error.

Reviewers: edward, btrahan

Reviewed By: edward

CC: aran

Maniphest Tasks: T2698

Differential Revision: https://secure.phabricator.com/D5302
2013-03-13 07:09:05 -07:00
Afaque Hussain
95b84881b7 Enabling Admins to set profile pictures for System Agents
Summary: Added an action in Edit option of People application allowing Admins to set profile pictures for System Agents

Test Plan: By trying to set a profile picture for the sytem agents

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D5293
2013-03-08 08:31:25 -08:00
epriestley
8ae718c2aa Require a viewer for Remarkup rendering
Summary:
Provide a viewer to all remarkup engines.

This fixes commit summaries in Diffusion, which were failing to link because they didn't have a user and thus couldn't see/load `D123`, e.g.

Test Plan: Grepped for engine creation.

Reviewers: vrana

Reviewed By: vrana

CC: aran, edward

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D5152
2013-03-04 12:33:05 -08:00
epriestley
57cce93e5a Add user omnipotence
Summary:
Daemons (and probably a few other things) need to make queries without having a real user. Introduce a formal omnipotent user who can bypass any policy restriction.

(I called this "ominpotent" rather than "omniscient" because it can bypass CAN_EDIT, CAN_JOIN, etc. "Omnicapable" might be a better word, but AFAIK is not a real word.)

Test Plan: Unit tests.

Reviewers: vrana, edward

Reviewed By: edward

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D5149
2013-02-28 11:01:40 -08:00
epriestley
fe500f4268 Pre-prepare for hovercards
Summary:
D5120 and followups refactor and generalize object references in Remarkup -- notably, they move remarkup rules from a central location to the implementing applications.

Preserve blame by doing moves/renames only first. This change moves application remarkup rules into those applications, and renames the ones D5120 modifies.

Test Plan: Typed some preview text into a textarea, got a valid Remarkup render.

Reviewers: vrana, chad

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D5123
2013-02-26 14:57:41 -08:00
Chad Little
3d6500823c Modernize People
Summary: Adds Crumbs, pht's, and checkout out mobile.

Test Plan: Added, removed people. Changed roles, checked iOS and Chrome.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D5052
2013-02-21 14:10:22 -08:00
epriestley
a22bea2a74 Apply lint rules to Phabricator
Summary: Mostly applies a new call spacing rule; also a few things that have slipped through via pull requests and such

Test Plan: `find src/ -type f -name '*.php' | xargs -n16 arc lint --output summary --apply-patches`

Reviewers: chad

Reviewed By: chad

CC: aran

Differential Revision: https://secure.phabricator.com/D5002
2013-02-19 13:33:10 -08:00
epriestley
ef7f16180c Restore merge of phutil_tag. 2013-02-13 14:51:18 -08:00
epriestley
73cce6e131 Revert "Promote phutil-tag again"
This reverts commit 8fbabdc06d, reversing
changes made to 2dab1c1e42.
2013-02-13 14:08:57 -08:00
epriestley
4bd2ad9270 Merge branch 'master' into phutil_tag
Auditors: vrana
2013-02-13 12:42:57 -08:00
vrana
4eb84149c2 Convert everything to safe HTML
Summary: Sgrepped for `"=~/</"` and manually changed every HTML.

Test Plan: This doesn't work yet but it is hopefully one of the last diffs before Phabricator will be undoubtedly HTML safe.

Reviewers: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4927
2013-02-13 12:35:40 -08:00
vrana
718d22d607 Convert Remarkup to safe HTML
Test Plan: None.

Reviewers: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4919
2013-02-13 12:34:49 -08:00
vrana
9b8da73765 Convert AphrontTableView to safe HTML
Summary:
Lots of killed `phutil_escape_html()`.

Done by searching for `AphrontTableView` and then `$rows` (usually) backwards.

Test Plan:
Looked at homepage.

  echo id(new AphrontTableView(array(array('<'))))->render();

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4884
2013-02-09 15:11:38 -08:00
epriestley
879c14e13a Consolidate HTTP header access
Summary: Route all `$_SERVER['HTTP_...']` stuff through AphrontRequest (it would be nice to make this non-static, but the stack is a bit tangled right now...)

Test Plan: Verified CSRF and cascading profiling. `var_dump()`'d User-Agent and Referer and verified they are populated and returned correct values when accessed. Restarted server to trigger setup checks.

Reviewers: vrana

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D4888
2013-02-09 15:01:57 -08:00
vrana
d817dfa8fc Convert some phutil_escape_html() to hsprintf()
Summary: Found by `sgrep_php -e '"...".phutil_escape_html(...)'`.

Test Plan:
/
/D1
/uiexample/
/countdown/1/
/herald/transcript/1/all/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4869
2013-02-08 15:59:02 -08:00
vrana
afc5333bb3 Convert AphrontFormView to safe HTML
Summary: Searched for `AphrontFormView` and then for `appendChild()`.

Test Plan: /login/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4855
2013-02-07 18:01:00 -08:00
vrana
059920c2da Convert AphrontErrorView to safe HTML
Summary: Done by searching for `AphrontErrorView` and then `appendChild()`.

Test Plan:
Looked at Commit Detail.
Looked at Revision Detail.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4843
2013-02-07 17:26:01 -08:00
epriestley
11bb8db970 Merge branch 'master' into phutil_tag
(Sync.)
2013-02-07 08:08:01 -08:00
Bob Trahan
1d0058abcf Update PeopleMenu to only show integration with applications if they are installed
Summary: do so via event engine. note different order now...

Test Plan: toggled "show beta applications" to off and noted that Conpherence disappeared. Otherwise noted that links showed.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2424

Differential Revision: https://secure.phabricator.com/D4708
2013-02-05 13:46:02 -08:00
epriestley
0f1bdbe147 Merge branch 'master' into phutil_tag
(Sync.)
2013-02-04 06:19:52 -08:00
epriestley
30dedb2251 Allow PhabricatorMenuView to have items inserted in the middle
Summary:
Make `PhabricatorMenuView` more flexible, so callers can add items to the beginning/end/middle.

In particular, this allows event handlers to receive a $menu and call `addMenuItemToLabel('activity', ...)` or similar, for D4708.

Test Plan: Unit tests. Browsed site. Home page, Conpherence, and other pages with menus look correct.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D4792
2013-02-03 10:02:35 -08:00
epriestley
39221b1d3f Merge branch 'master' into phutil_tag
(Synchronizing.)
2013-01-29 11:05:02 -08:00
Afaque Hussain
5017c80b31 Installation & Uninstallion of Applications
Summary: Created Applications application which allows uninstallation & installation of application.

Test Plan: In "Applications" application, clicked on uninstalled the application by cliking Uninstall and chekcing whether they are really uninstalled(Disabling URI & in appearance in the side pane). Then Clicked on the install button of the uninstalled application to check whether they are installed.

Reviewers: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4715
2013-01-29 09:17:24 -08:00
epriestley
edfcd7bd2d render_tag -> tag: phame, remarkup
Summary: Converts various callsites from render_tag variants to tag variants.

Test Plan: See inlines.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4689
2013-01-28 18:44:15 -08:00
vrana
20768d65d5 Convert phutil_render_tag(X, Y, '...') to phutil_tag
Summary:
Created with spatch:

  lang=diff
  - phutil_render_tag
  + phutil_tag
    (X, Y, '...')

Then searched for `&` and `<` in the output and replaced them.

Test Plan: Loaded homepage.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4503
2013-01-24 19:20:27 -08:00
vrana
48561a8b1f Convert phutil_render_tag(X, Y, phutil_escape_html(Z)) to phutil_tag
Summary:
Created with spatch:

  lang=diff
  - phutil_render_tag
  + phutil_tag
    (X, Y,
  - phutil_escape_html(
    Z
  - )
    )

Test Plan: Loaded homepage

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4501
2013-01-24 19:08:55 -08:00
Bob Trahan
b873f3f991 Conpherence V1
Summary: it's ugly. but it works. basically. See T2399 for a roughly prioritized list of what still needs to happen.

Test Plan:
- created a conpherence with myself from my profile
- created a conpherence with myself from "new conpherence"
- created a conphernece with another from "new conpherence"
- created a conpherence with several others
- created a conpherence with files in the initial post
 - verified files via comment text ("{F232} is awesome!") and via traditional attach
- edited a conpherence image
 - verified it showed up in the header and in the conpherence menu on the left
- edited a conpherence title
 - verified it showed up in the header and in the conpherence menu on the right
- verified each widget showed up when clicked and displayed the proper data
 - calendar being an exception since it sucks so hard right now.

Reviewers: epriestley, chad

Reviewed By: epriestley

CC: aran, epriestley, chad, codeblock, Korvin

Maniphest Tasks: T2301

Differential Revision: https://secure.phabricator.com/D4620
2013-01-24 17:23:05 -08:00
Andrei Antonescu
f919f000e7 Created a preference pane for DarkConsole, instead of link
Summary: Just removed the link and created a new field under preferences. Now the setting is under Display Preferences.

Test Plan: Enablied/Disabled dark console to see if it works.

Reviewers: epriestley

Reviewed By: epriestley

CC: irinav, aran, Korvin

Maniphest Tasks: T2344

Differential Revision: https://secure.phabricator.com/D4549

Conflicts:

	src/view/page/PhabricatorStandardPageView.php
2013-01-19 17:42:54 -08:00
Gregor Stocks
cd9d59344c Fix a rap bug, and add a beat
Summary:
The flow was off in some cases. This should mitigate it.

Adds a Unicode musical note character at the start of the rap which,
when clicked, embeds a song in the background, hides it and plays it.
Currently the song is Gangsta's Paradise (karaoke version) but if you'd
prefer a different song, I can probably change it with only a few weeks
of work.

This doesn't respect the "embed youtubes" preference because you have to
click something to embed it, so it's your own fault your referers are
getting leaked.

For now, does the simplest thing and doesn't loop it. If it turns out
people are spending a lot of time on this page, we should look into
doing something like youtuberepeater.

Not trying to make this share code with the existing Youtube embedding
stuff - I think they're doing different enough things that solving them
both in the same way would be more code.

Test Plan:
Clicked the note in Firefox. Clicked the note in Chrome.
Considered clicking the note in Safari and Internet Explorer.

Reviewers: epriestley

Reviewed By: epriestley

CC: miorel, HarrisonW, aran, Korvin

Differential Revision: https://secure.phabricator.com/D4437
2013-01-15 10:32:49 -08:00
Gregor Stocks
e2f37b059b Replace "insert rap about tokens here" with a rap about tokens
Test Plan:
Made getTokenStatus() return the four legal values and an
illegal one, looked at the linked account page and confirmed that the
rap rendered and had correct meter

Reviewers: epriestley

Reviewed By: epriestley

CC: miorel, aran, Korvin

Differential Revision: https://secure.phabricator.com/D4433
2013-01-14 17:29:37 -08:00
Chad Little
38626dce64 Remove spacer from sidebars.
Summary: This removes all calls to addSpacer and the method. We were applying it inconsistently and it was causing spacing issues with redesigning the sidenav. My feeling is we can recreate the space in CSS if the design dictates, which would apply it consistently.

Test Plan: Go to Applications, click on every application.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4420
2013-01-13 08:17:12 -08:00
epriestley
ad4c4acafc Break profiles less after D4376
Summary: This won't win any awards, but makes User and Project profile pages significantly less broken in the wake of D4376.

Test Plan:
{F28858}
{F28859}

Reviewers: btrahan, chad

Reviewed By: chad

CC: aran

Differential Revision: https://secure.phabricator.com/D4382
2013-01-09 13:57:31 -08:00
epriestley
a5c7286df7 Don't issue unnecssary query when loading user profile images
Summary: Fixes T2264.

Test Plan: Loaded profile.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2264

Differential Revision: https://secure.phabricator.com/D4324
2013-01-02 14:03:36 -08:00
vrana
f2639e528c Fix displaying of user status
Summary:
This fixes two separate issues:

# `getTextStatus()` is used for machine readable data in handles and user.info method. Broken since D3810.
# Status may contain date. Broken since beginning but masked by the fact that CSS ignores unknown class names.

Test Plan:
Displayed revision with reviewer away.
Called `user.addstatus`.
Edited status in calendar.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

CC: nh, aran, Korvin

Differential Revision: https://secure.phabricator.com/D4275
2012-12-21 16:30:36 -08:00
epriestley
f6b1964740 Improve Search architecture
Summary:
The search indexing API has several problems right now:

  - Always runs in-process.
    - It would be nice to push this into the task queue for performance. However, the API currently passses an object all the way through (and some indexers depend on preloaded object attributes), so it can't be dumped into the task queue at any stage since we can't serialize it.
    - Being able to use the task queue will also make rebuilding indexes faster.
    - Instead, make the API phid-oriented.
  - No uniform indexing API.
    - Each "Editor" currently calls SomeCustomIndexer::indexThing(). This won't work with AbstractTransactions. The API is also just weird.
    - Instead, provide a uniform API.
  - No uniform CLI.
    - We have `scripts/search/reindex_everything.php`, but it doesn't actually index everything. Each new document type needs to be separately added to it, leading to stuff like D3839. Third-party applications can't provide indexers.
    - Instead, let indexers expose documents for indexing.
  - Not application-oriented.
    - All the indexers live in search/ right now, which isn't the right organization in an application-orietned view of the world.
    - Instead, move indexers to applications and load them with SymbolLoader.

Test Plan:
  - `bin/search index`
    - Indexed one revision, one task.
    - Indexed `--type TASK`, `--type DREV`, etc., for all types.
    - Indexed `--all`.
  - Added the word "saboteur" to a revision, task, wiki page, and question and then searched for it.
    - Creating users is a pain; searched for a user after indexing.
    - Creating commits is a pain; searched for a commit after indexing.
    - Mocks aren't currently loadable in the result view, so their indexing is moot.

Reviewers: btrahan, vrana

Reviewed By: btrahan

CC: 20after4, aran

Maniphest Tasks: T1991, T2104

Differential Revision: https://secure.phabricator.com/D4261
2012-12-21 14:21:31 -08:00
vrana
2cc7f82ece Move Conduit methods inside applications
Test Plan:
/conduit/
/conduit/method/arcanist.projectinfo/
Call method

  $ echo '{}' | arc call-conduit user.whoami

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4268
2012-12-21 12:21:59 -08:00
epriestley
f306cab653 Use application icons for "Eye" menu and Crumbs
Summary:
Issues here:

  - Need an application-sized "eye", or a "home" icon for "Phabricator Home".
  - Some of the "apps_lb_2x" sliced images are the "_dark_" versions, not the light versions.
  - If you slice an application-sized "logout" (power off) icon and application-sized "help" (questionmark in circle) icon I can replace the current menu icons and nearly get rid of "autosprite".
  - To replace the icons on /applications/, the non-retina size is "4x", so we'd need "8x" for retina. Alternatively I can reduce the icon sizes by 50%.
  - The "Help", "Settings" and "Logout" items currently have a "glowing" hover state, which needs a variant (or we can drop it).
  - The /applications/ icons have a white hover state (or we can drop it).
  - The 1x application (14x14) icons aren't used anywhere right now, should they be? Maybe in the feed in the future, etc?
  - The "apps-2x" and "apps-large" sheets are the same image, but getting them to actually use the same file is a bit tricky, so I just left them separate for now.

Test Plan:
{F26698}
{F26699}

Reviewers: chad

Reviewed By: chad

CC: aran

Maniphest Tasks: T1960

Differential Revision: https://secure.phabricator.com/D4108
2012-12-07 13:37:28 -08:00
epriestley
e3f6bbfff8 Refactor the main menu in preparation for a mobile application menu
Summary:
As per discussion, this primes the existing mobile menu / menu button for "phabricator" and "application" menus.

Design here is very rough, I'm just trying to get everything laid in functionally first. It's based on `frame_v3.png` but missing a lot of touches.

Test Plan:
{F26143}
{F26144}

Reviewers: chad

Reviewed By: chad

CC: aran

Maniphest Tasks: T1960

Differential Revision: https://secure.phabricator.com/D4058
2012-12-07 13:33:03 -08:00
vrana
bff795d848 Allow disabling editing multiple files at once
Summary: Resolves T2095.

Test Plan:
Saved it, button disappeared.
Saved it back, button appeared.

Reviewers: epriestley, aran

Reviewed By: epriestley

CC: Korvin

Maniphest Tasks: T2095

Differential Revision: https://secure.phabricator.com/D4071
2012-12-03 16:02:52 -08:00
vrana
3645dc2dd9 Filter all lint messages by owner
Summary: Also add link to this page.

Test Plan:
/diffusion/lint/
/diffusion/lint/?owner[0]=a (zero lint messages)
/diffusion/lint/?owner[0]=b (nonzero lint messages)
Clicked the link.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4069
2012-12-03 14:25:07 -08:00
vrana
ef85f49adc Delete license headers from files
Summary:
This commit doesn't change license of any file. It just makes the license implicit (inherited from LICENSE file in the root directory).

We are removing the headers for these reasons:

- It wastes space in editors, less code is visible in editor upon opening a file.
- It brings noise to diff of the first change of any file every year.
- It confuses Git file copy detection when creating small files.
- We don't have an explicit license header in other files (JS, CSS, images, documentation).
- Using license header in every file is not obligatory: http://www.apache.org/dev/apply-license.html#new.

This change is approved by Alma Chao (Lead Open Source and IP Counsel at Facebook).

Test Plan: Verified that the license survived only in LICENSE file and that it didn't modify externals.

Reviewers: epriestley, davidrecordon

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2035

Differential Revision: https://secure.phabricator.com/D3886
2012-11-05 11:16:51 -08:00
epriestley
7b3f7ea8f7 Don't send the address verification email "From" the user in question
Summary: Sending these as the user doesn't make a ton of sense, and LLVM reports some issues with these emails getting caught in spam filters. Users expect these emails, so just send them from "noreply@example.com" or whatever is configured.

Test Plan: Sent myself a verification email, verified it came from a noreply@ address.

Reviewers: btrahan, vrana

Reviewed By: btrahan

CC: klimek, aran

Maniphest Tasks: T1994

Differential Revision: https://secure.phabricator.com/D3843
2012-10-31 09:57:40 -07:00
Bob Trahan
60466d3bcc Create a status tool by giving /calendar/ some teeth
Summary: you can now add, edit, and delete status events. also added a "description" to status events and surface it in the big calendar view on mouse hover. some refactoring changes as well to make validation logic centralized within the storage class.

Test Plan: added, edited, deleted. yay.

Reviewers: epriestley, vrana

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T407

Differential Revision: https://secure.phabricator.com/D3810
2012-10-24 13:22:24 -07:00
epriestley
c679b78270 Fix some Editor issues
Summary: The property is called 'actor', not 'user'. Extend from Phobject to catch this class of error automatically. Upgrade a couple of getActor() to requireActor().

Test Plan: Created new users.

Reviewers: btrahan, vrana

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D3776
2012-10-22 16:25:31 -07:00
Bob Trahan
d9c6e07f2c If users are on the email to Phabricator, do not send them the Phabricator reply.
Summary: When we receive an email, figure out if any of the other tos and ccs are users. If they are, pass their phids through the stach as "exclude phids" and exclude them from getting the email.

Test Plan: used the various applications (audit, differential, maniphest) and noted emails were sent as expected.

Reviewers: epriestley, vrana

Reviewed By: vrana

CC: aran, Korvin, vrana

Maniphest Tasks: T1676

Differential Revision: https://secure.phabricator.com/D3645
2012-10-10 10:18:23 -07:00
vrana
22cb8f5d08 Require canonical numbers in routes
Summary:
D03646 works, I don't want it to work.
Theoretically, it can cause us some troubles if we use this string in JS number context where 030 is 24.

Test Plan: D03646, D3646

Reviewers: epriestley, edward

Reviewed By: edward

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D3646
2012-10-05 18:07:54 -07:00
epriestley
78784aa1fe Group applications into groups on /applications/
Summary: So they're maybe a little easier to deal with? I'm going to take this formally to "plz @chad plz help" land.

Test Plan: {F20329}

Reviewers: btrahan, vrana, chad

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D3609
2012-10-03 15:46:19 -07:00
epriestley
270256d336 Restore flavor text to applications
Summary: D3581 removed some flavor text. Allow applications to provide flavor text instead of status information if they so desire.

Test Plan: {F20325}

Reviewers: vrana, btrahan

Reviewed By: btrahan

CC: aran, chad

Differential Revision: https://secure.phabricator.com/D3608
2012-10-03 15:16:26 -07:00
vrana
8ff52c0b6c Set viewer for all handles loaded in controllers
Summary:
I've replaced all `id(new PhabricatorObjectHandleData(...))->loadHandles()` by `$this->loadViewerHandles(...)`.
Lint caught one usage in a static method.

Test Plan: Displayed revision with sporadic author.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D3432
2012-09-04 23:14:26 -07:00
Bob Trahan
cc0b74b01a bin/accountadmin - allow creation of system accounts and create workflow for system accounts that are in trouble
Summary: the former is self explanatory. the latter is necessary for installations that require email verification. since many system agents are given bogus email address there can become a problem where these accounts can't be verified

Test Plan: created system agent account from scratch. edited user and toggled system agent accountness. created system agent with unverified email address and verified it.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T1656

Differential Revision: https://secure.phabricator.com/D3401
2012-08-29 11:07:29 -07:00
epriestley
012370c6ab Use sprites for (nearly) all application icons
Summary: Sprites for everyone.

Test Plan: Loaded `/applications/`.

Reviewers: btrahan, chad, vrana

Reviewed By: vrana

CC: aran

Maniphest Tasks: T1569

Differential Revision: https://secure.phabricator.com/D3280
2012-08-14 14:23:55 -07:00
Marcel Beck
b57cf0dbe1 Update src/applications/people/controller/PhabricatorPeopleController.php
Only enable importing users from LDAP, if ldap auth is enabled.
2012-08-14 09:43:55 +03:00
epriestley
e0e339f16c Modernize People application
Summary: Move to application navigation, make it possible to get to /logs/ from the navigation.

Test Plan: Hit all interfaces, verified email.

Reviewers: btrahan, vrana

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1569, T631

Differential Revision: https://secure.phabricator.com/D3261
2012-08-13 15:27:21 -07:00
epriestley
20ac900e8b Make settings panels more modular and modern
Summary:
Currently, we have a hard-coded list of settings panels. Make them a bit more modular.

  - Allow new settings panels to be defined by third-party code (see {D2340}, for example -- @ptarjan).
  - This makes the OAuth stuff more flexible for {T887} / {T1536}.
  - Reduce the number of hard-coded URIs in various places.

Test Plan: Viewed / edited every option in every panel. Grepped for all references to these URIs.

Reviewers: btrahan, vrana, ptarjan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D3257
2012-08-13 12:37:26 -07:00
epriestley
df5bf75e36 Move Settings to a separate directory
Summary:
We currently have two relatively distinct applications, "People" and "Settings", living in /people/. Move settings to its own directory.

This renames a couple of classes but makes no real code changes.

Test Plan: Browsed /settings/, changed some settings.

Reviewers: btrahan, vrana

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1569, T631

Differential Revision: https://secure.phabricator.com/D3256
2012-08-13 12:37:18 -07:00
epriestley
d3fd790574 Add basic support for new navigation menu
Summary:
Add a new left-side application menu. This menu shows which application you're in and provides a quick way to get to other applications.

On desktops, menus are always shown but the app menu can be collapsed to be very small.

On tablets, navigation buttons allow you to choose between the menus and the content.

On phones, navigation buttons allow you to choose between the app menu, the local menu, and the content.

This needs some code and UI cleanup, but has no effect yet so I think it's okay to land as-is, I'll clean it up a bit as I start integrating it. I want to play around with it a bit and see if it's good/useful or horrible anyway.

Test Plan: Will include screenshots.

Reviewers: vrana, btrahan, chad

Reviewed By: btrahan

CC: aran, alanh

Maniphest Tasks: T1569

Differential Revision: https://secure.phabricator.com/D3223
2012-08-11 07:06:12 -07:00
epriestley
81f8b507fe Use shinier menu icons
Summary:
  - Use @chad's nice gradient overlay icons.
  - Show selected states.
  - Use profile picture for profile item (not sure about this treatment?)
  - Workflow the logout link

Test Plan: Will add screenshots.

Reviewers: alanh, btrahan, chad

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D3225
2012-08-10 12:11:24 -07:00
epriestley
ed4a155c91 Rename "IDPaged" to "CursorPaged", "executeWithPager" to "executeWith[Cursor|Offset]Pager"
Summary:
I'm trying to make progress on the policy/visibility stuff since it's a blocker for Wikimedia.

First, I want to improve Projects so they can serve as policy groups (e.g., an object can have a visibility policy like "Visible to: members of project 'security'"). However, doing this without breaking anything or snowballing into a bigger change is a bit awkward because Projects are name-ordered and we have a Conduit API which does offset paging. Rather than breaking or rewriting this stuff, I want to just continue offset paging them for now.

So I'm going to make PhabricatorPolicyQuery extend PhabricatorOffsetPagedQuery, but can't currently since the `executeWithPager` methods would clash. These methods do different things anyway and are probably better with different names.

This also generally improves the names of these classes, since cursors are not necessarily IDs (in the feed case, they're "chronlogicalKeys", for example). I did leave some of the interals as "ID" since calling them "Cursor"s (e.g., `setAfterCursor()`) seemed a little wrong -- it should maybe be `setAfterCursorPosition()`. These APIs have very limited use and can easily be made more consistent later.

Test Plan: Browsed around various affected tools; any issues here should throw/fail in a loud/obvious way.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D3177
2012-08-07 11:54:06 -07:00
epriestley
ebb7807bb4 Fix an issue with URIs missing trailing slashes, like "/maniphest"
Summary:
In D3144, I made us look in application maps to find routing rules. However, we don't process //all// the maps when we 404 and try to do a "/" redirect. Process all of the maps.

Additionally, in D3146 I made the menu items application-driven. However, some pages (like 404) don't have a controller. Drop the requirement that the controller be nonnull.

Test Plan:
  - Visited "/maniphest", got a redirect after this patch.
  - Visited "/asldknfalksfn", got a 404 after this patch.

Reviewers: davidreuss, vrana, btrahan

Reviewed By: davidreuss

CC: aran

Maniphest Tasks: T1607

Differential Revision: https://secure.phabricator.com/D3158
2012-08-06 12:46:51 -07:00
epriestley
314c25365d Drive menu icons from Applications
Summary:
This makes no changes, it just moves the menu icons to the applications instead of hard-coded on the page.

I'm going to try to address some of the angst in T1593 next...

Test Plan: Loaded logged-in / logged out pages. Clicked menu items. Looked at /applications/.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Maniphest Tasks: T1593, T1569

Differential Revision: https://secure.phabricator.com/D3146
2012-08-05 14:12:43 -07:00
Nick Harper
14e3e5ccfd Provide user option for disabling diffusion symbol cross-references
Summary: Some people don't like these, so they should be able to turn them off.

Test Plan:
Toggled the setting on and off; loaded a page in diffusion and differential
that should have symbol cross-references, and saw that they weren't linked
when I had the setting disabled. I also checked that the symbols are still
linked when the setting hasn't been touched.

Reviewers: epriestley, vrana

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D3069
2012-07-26 20:25:27 -07:00
Ricky Elrod
729f246f92 Add a checkbox to allow administrators to re-send the welcome email to users.
Summary:
See title - This simply adds a checkbox to the "Edit User" page in the
admin view, to allow an administrator to re-send the "Welcome to Phabricator"
email.

Test Plan:
Sent myself another welcome email using the checkbox.
Created a new user using the admin panel, to make sure emails still get
sent for new users.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T1524

Differential Revision: https://secure.phabricator.com/D3081
2012-07-26 17:41:14 -04:00
vrana
0d162e15f6 Make Diffusion view sticky
Summary: Blame can be slow.

Test Plan:
Viewed a file with no preference, saw blame.
Changed view, saw it.
Viewed a file, saw the changed view.
Viewed a file as raw document.

Reviewers: Two9A, epriestley

Reviewed By: epriestley

CC: aran, epriestley, Korvin, btrahan

Maniphest Tasks: T1278

Differential Revision: https://secure.phabricator.com/D3000
2012-07-17 17:38:29 -07:00
epriestley
30deacdbaf Fix some more ldap issues
Summary:
  - LDAP import needs to use envelopes.
  - Use ldap_sprintf().

Test Plan: Configured an LDAP server. Added an account. Imported it; logged in with it. Tried to login with accounts like ",", etc., got good errors.

Reviewers: vrana, btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D2995
2012-07-17 14:05:26 -07:00
epriestley
dd70c59465 Use OpaqueEnvelopes for all passwords in Phabricator
Summary:
See D2991 / T1526. Two major changes here:

  - PHP just straight-up logs passwords on ldap_bind() failures. Suppress that with "@" and keep them out of DarkConsole by enabling discard mode.
  - Use PhutilOpaqueEnvelope whenever we send a password into a call stack.

Test Plan:
  - Created a new account.
  - Reset password.
  - Changed password.
  - Logged in with valid password.
  - Tried to login with bad password.
  - Changed password via accountadmin.
  - Hit various LDAP errors and made sure nothing appears in the logs.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D2993
2012-07-17 12:06:33 -07:00
Evan Priestley
62e039b748 Merge pull request #150 from linead/ldap_dir
Ldap dir
2012-07-11 18:37:36 -07:00
Felix Fung
523395590b Fixed 'Sever' Typo 2012-07-10 23:11:42 -07:00
Daniel Fullarton
42dfee38e7 Refactor methods, fix style issues 2012-07-11 00:56:38 +10:00
epriestley
18cfab0c36 Allow configuration of the default monospaced font style
Summary: This is a fairly contentious default that we can easily move to configuration.

Test Plan: Changed the default, changed my user setting, reverted my user setting, verified the "settings" page.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D2935
2012-07-06 15:39:43 -07:00
linead
51d2d06e37 Added ldap import controller 2012-07-04 12:10:38 +10:00
epriestley
948259ee92 Minor, restore missing limits from 310cf00fc3 2012-07-03 06:25:03 -07:00
epriestley
310cf00fc3 Consolidate feed query code
Summary: Simplify FeedQuery by making it extend from PhabricatorIDPagedPolicyQuery

Test Plan: Looked at feed on home, projects, user profile, and called `feed.query`.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D2905
2012-07-02 15:41:19 -07:00
Bob Trahan
ee6c6943b3 Robustify profile image controls ever so slightly
Summary: show project profile image on pertinent edit page. also add a "Use Default Image" checkbox for both project and user profiles. Also added a function for projects to get the profile picture to prevent some copy + paste action.

Test Plan: set my user profile and project profile image. clicked "Use Default Image" and got the default image back.

Reviewers: epriestley, floatinglomas

Reviewed By: floatinglomas

CC: aran, Korvin

Maniphest Tasks: T1307

Differential Revision: https://secure.phabricator.com/D2852
2012-06-26 08:14:15 -07:00
Daniel Fullarton
37df05c7a5 T1354 : Resize profile pics (specifically to handle github v3 api)
Reviewed by: epriestley
GitHub Pull: https://github.com/facebook/phabricator/pull/140
2012-06-25 06:29:19 -07:00
vrana
c762050b7c Get rid of file_get_contents($uri)
Summary: It requires `allow_url_fopen` which we don't check in setup and our installation is about to disable it.

Test Plan:
Login with OAuth.
/oauth/facebook/diagnose/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D2787
2012-06-18 17:45:45 -07:00
vrana
e84f9f9ec9 Send Differential e-mails in user's language
Summary:
Works this way:

- Select users' language with multiplexing.
- Select default language otherwise (it can be different from current user's language).
- Build body and subject for each user individually.
- Set the original language after sending the mails.

Test Plan:
- Comment on a diff of user with custom translation.
- Set default to a custom translation. Comment on a diff of user with default translation.
- Set default to a default translation. Comment on a diff of user with default translation.

Repeat with/without multiplexing.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T1139

Differential Revision: https://secure.phabricator.com/D2774
2012-06-18 12:41:09 -07:00
epriestley
957f9e2ec5 Add an administrative tool for deleting users
Summary:
Allow administrators to delete accounts if they jump through enough hoops.

Also remove bogus caption about usernames being uneditable since we let admins edit those too now.

Test Plan: Tried to delete myself. Deleted a non-myself user.

Reviewers: csilvers, vrana

Reviewed By: csilvers

CC: aran

Maniphest Tasks: T1184

Differential Revision: https://secure.phabricator.com/D2767
2012-06-15 17:02:20 -07:00
vrana
48ebcf0679 Allow user override translation and implement PhutilPerson
Test Plan:
Altered database.
Wrote a custom translation and selected it in preferences.
Verified that the text is custom translated.
Set language back to default.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T1139

Differential Revision: https://secure.phabricator.com/D2757
2012-06-14 18:33:00 -07:00
Espen Volden
726041584f Made it possible to login using LDAP
Summary: Made it possible to link and unlink LDAP accounts with  Phabricator accounts.

Test Plan:
I've tested this code locally and in production where I work.
I've tried creating an account from scratch by logging in with LDAP and linking and unlinking an LDAP account with an existing account. I've tried to associate the same LDAP account with different Phabricator accounts and it failed as expected.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin, auduny, svemir

Maniphest Tasks: T742

Differential Revision: https://secure.phabricator.com/D2722
2012-06-13 08:58:46 -07:00
epriestley
d73a6d3dcd Fix username route for new "._-" usernames
Summary: We allow ".", "_" and "-" in usernames now, but not in the route.

Test Plan: Went to /p/.-_/, got 404'd at the route level before and now make it to the profile controller.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Maniphest Tasks: T1348

Differential Revision: https://secure.phabricator.com/D2729
2012-06-13 08:39:02 -07:00
vrana
11b3c6a4d5 Display e-mail preferences even if user can't change them
Test Plan: Displayed e-mail preferences with and without multiplexing.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D2699
2012-06-11 09:51:36 -07:00
epriestley
0e1bbbd489 Allow administrators to change usernames
Summary:
Give them a big essay about how it's dangerous, but allow them to do it formally.

Because the username is part of the password salt, users must change their passwords after a username change.

Make password reset links work for already-logged-in-users since there's no reason not to (if you have a reset link, you can log out and use it) and it's much less confusing if you get this email and are already logged in.

Depends on: D2651

Test Plan: Changed a user's username to all kinds of crazy things. Clicked reset links in email. Tried to make invalid/nonsense name changes.

Reviewers: btrahan, vrana

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1303

Differential Revision: https://secure.phabricator.com/D2657
2012-06-06 07:09:56 -07:00
epriestley
0a7b4591ef Allow usernames to include ".", "-" and "_"
Summary:
See T1303, which presents a reasonable case for inclusion of these characters in valid usernames.

Also, unify username validity handling.

Test Plan: Created a new user with a valid name. Tried to create a new user with an invalid name. Ran unit tests.

Reviewers: btrahan, vrana

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1303

Differential Revision: https://secure.phabricator.com/D2651
2012-06-06 07:09:05 -07:00
epriestley
489303a057 Fix transaction handling in PhabricatorUserEditor->createNewUser()
Summary:
See https://github.com/facebook/phabricator/issues/117

  - The $user save can hit a duplicate key exception like the email, but we don't handle it correctly.
  - When the $user saves but the $email does not, the $user is left with a (rolled-back, invalid) ID. This makes the UI glitch out a bit. Wipe the ID if we abort the transaction.
  - We show the "Required" star marker even if the email is filled in.

The ID issue is sort of a general problem, but I think it's fairly rare: you must be doing inserts on related objects and the caller must catch the transaction failure and attempt to handle it in some way.

I can think of three approaches:

  - Manually "roll back" the objects inside the transaction, as here. Seems OK if this really is a rare problem.
  - Automatically roll back the 'id' and 'phid' columns (if they exist). Seems reasonable but maybe more complicated than necessary. Won't get every case right. For instance, if we inserted a third object here and that failed, $email would still have the userPHID set.
  - Automatically roll back the entire object. We can do this by cloning all the writable fields. Seems like it might be way too magical, but maybe the right solution? Might have weird bugs with nonwritable fields and other random stuff.

We can trigger the rollback by storing objects we updated on the transaction, and either throwing them away or rolling them back on saveTransaction() / killTransaction().

These fancier approaches all seem to have some tradeoffs though, and I don't think we need to pick one yet, since this has only caused problems in one case.

Test Plan: Tried to create a new user (via People -> Create New User) with a duplicate username. Got a proper UI message with no exception and no UI glitchiness.

Reviewers: btrahan, vrana, hgrimberg, hgrimberg01

Reviewed By: hgrimberg01

CC: aran

Differential Revision: https://secure.phabricator.com/D2650
2012-06-05 06:46:01 -07:00
vrana
6cc196a2e5 Move files in Phabricator one level up
Summary:
- `kill_init.php` said "Moving 1000 files" - I hope that this is not some limit in `FileFinder`.
- [src/infrastructure/celerity] `git mv utils.php map.php; git mv api/utils.php api.php`
- Comment `phutil_libraries` in `.arcconfig` and run `arc liberate`.

NOTE: `arc diff` timed out so I'm pushing it without review.

Test Plan:
/D1234
Browsed around, especially in `applications/repository/worker/commitchangeparser` and `applications/` in general.

Auditors: epriestley

Maniphest Tasks: T1103
2012-06-01 12:32:44 -07:00
Craig Silverstein
06b2eb55f0 Fix a typo.
Test Plan: (None)

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2627
2012-05-31 15:22:58 -07:00
epriestley
09c8af4de0 Upgrade phabricator to libphutil v2
Summary: Mechanical changes from D2588. No "Class.php" moves yet.

Test Plan: See D2588.

Reviewers: vrana, btrahan, jungejason

Reviewed By: vrana

CC: aran

Maniphest Tasks: T1103

Differential Revision: https://secure.phabricator.com/D2591
2012-05-30 14:26:29 -07:00
vrana
5e49de7b35 Use loadRelatives() in loadPrimaryEmail()
Summary: This is an example of code simplification with D2557.

Test Plan: Display user list, verify the SQL queries.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2558
2012-05-30 10:43:16 -07:00
epriestley
557e508656 Allow restriction of permitted email domains
Summary:
Allow allowed email addresses to be restricted to certain domains. This implies email must be verified.

This probably isn't QUITE ready for prime-time without a few other tweaks (better administrative tools, notably) but we're nearly there.

Test Plan:
  - With no restrictions:
    - Registered with OAuth
    - Created an account with accountadmin
    - Added an email
  - With restrictions:
    - Tried to OAuth register with a restricted address, was prompted to provide a valid one.
    - Tried to OAuth register with a valid address, worked fine.
    - Tried to accountadmin a restricted address, got blocked.
    - Tried to accountadmin a valid address, worked fine.
    - Tried to add a restricted address, blocked.
    - Tried to add a valid address, worked fine.
    - Created a user with People with an invalid address, got blocked.
    - Created a user with People with a valid address, worked fine.

Reviewers: btrahan, csilvers

Reviewed By: csilvers

CC: aran, joe, csilvers

Maniphest Tasks: T1184

Differential Revision: https://secure.phabricator.com/D2581
2012-05-26 06:04:35 -07:00
epriestley
70fd96037b Consolidate user editing code
Summary:
  - We currently have some bugs in account creation due to nontransactional user/email editing.
    - We save $user, then try to save $email. This may fail for various reasons, commonly because the email isn't unique.
    - This leaves us with a $user with no email.
  - Also, logging of edits is somewhat inconsistent across various edit mechanisms.
  - Move all editing to a `PhabricatorUserEditor` class.
  - Handle some broken-data cases more gracefully.

Test Plan:
  - Created and edited a user with `accountadmin`.
  - Created a user with `add_user.php`
  - Created and edited a user with People editor.
  - Created a user with OAuth.
  - Edited user information via Settings.
  - Tried to create an OAuth user with a duplicate email address, got a proper error.
  - Tried to create a user via People with a duplicate email address, got a proper error.

Reviewers: btrahan, vrana, jungejason

Reviewed By: btrahan

CC: tberman, aran

Maniphest Tasks: T1184

Differential Revision: https://secure.phabricator.com/D2569
2012-05-25 07:30:44 -07:00
epriestley
79e8a637c2 Minor, fail gracefully if there are data integrity problems until I can fix oauth transactions. 2012-05-24 15:17:50 -07:00
epriestley
e12961802b Minor improvements to email management interface
Summary:
  - If you have an unverified primary email, we show a disabled "Primary" button right now in the "Status" column. Instead we should show an enabled "Verify" button, to allow you to re-send the verification email.
  - Sort addresses in a predictable way.

Test Plan:
  - Added, verified and removed a secondary email address.
  - Resent verification email for primary address.
  - Changed primary address.

Reviewers: btrahan, csilvers

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1184

Differential Revision: https://secure.phabricator.com/D2548
2012-05-23 12:55:07 -07:00
Nick Harper
c2a9a8079f Remove email from handles
Summary:
Since user emails aren't in the user table, we had to do extra data fetching
for handles, and the emails are only used in MetaMTA, so we move the email
code into MetaMTA and remove it from handles.

Test Plan: send test emails

Reviewers: jungejason, vrana, epriestley

Reviewed By: epriestley

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2494
2012-05-21 17:37:26 -07:00
epriestley
77f546c572 Allow installs to require email verification
Summary:
Allow installs to require users to verify email addresses before they can use Phabricator. If a user logs in without a verified email address, they're given instructions to verify their address.

This isn't too useful on its own since we don't actually have arbitrary email registration, but the next step is to allow installs to restrict email to only some domains (e.g., @mycompany.com).

Test Plan:
  - Verification
    - Set verification requirement to `true`.
    - Tried to use Phabricator with an unverified account, was told to verify.
    - Tried to use Conduit, was given a verification error.
    - Verified account, used Phabricator.
    - Unverified account, reset password, verified implicit verification, used Phabricator.
  - People Admin Interface
    - Viewed as admin. Clicked "Administrate User".
    - Viewed as non-admin
  - Sanity Checks
    - Used Conduit normally from web/CLI with a verified account.
    - Logged in/out.
    - Sent password reset email.
    - Created a new user.
    - Logged in with an unverified user but with the configuration set to off.

Reviewers: btrahan, vrana, jungejason

Reviewed By: btrahan

CC: aran, csilvers

Maniphest Tasks: T1184

Differential Revision: https://secure.phabricator.com/D2520
2012-05-21 12:47:38 -07:00
Bob Trahan
de1973b516 fix a small bug from new profile status code stuff
Summary: we need a user (the viewer in this case) for the status to render correctly with respect to timezone

Test Plan: my profile no longer fatals with an away status

Reviewers: davidreuss, vrana

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D2504
2012-05-19 17:00:17 -07:00
vrana
9f35a3ba45 Highlight away and sporadic users in revision list
Summary:
This is not so general as `getRequiredHandlePHIDs()`.
It allows bulk loading of user statuses only in revision list.

It also loads data in `render()`. I'm not sure if it's OK.

Maybe we can use the colorful point here.
Or maybe some unicode symbol?

Test Plan: {F11451, size=full}

Reviewers: btrahan, epriestley

Reviewed By: btrahan

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2484
2012-05-18 14:28:41 -07:00
vrana
d9b4fcb336 Display user status on user profile
Test Plan:
Display users with:

- Title.
- Status.
- Title and status.

Also display project.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D2491
2012-05-18 00:28:31 -07:00
vrana
2476c872ff Add Conduit method for querying user status
Summary:
I want to use this to warn user if he specifies reviewers that are away.

We can also implement a general query method but I think that this usage is the
most useful not only for me but also in general case.

Test Plan:
Call the method for user which is away and which is not away.
Add user status through Conduit.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D2492
2012-05-17 23:58:50 -07:00
Bob Trahan
679f778235 OAuth -- add support for Disqus
Summary:
also fix some bugs where we weren't properly capturing the expiry value or scope of access tokens.

This code isn't the cleanest as some providers don't confirm what scope you've been granted. In that case, assume the access token is of the minimum scope Phabricator requires. This seems more useful to me as only Phabricator at the moment really easily / consistently lets the user increase / decrease the granted scope so its basically always the correct assumption at the time we make it.

Test Plan: linked and unlinked Phabricator, Github, Disqus and Facebook accounts from Phabricator instaneces

Reviewers: epriestley

Reviewed By: epriestley

CC: zeeg, aran, Koolvin

Maniphest Tasks: T1110

Differential Revision: https://secure.phabricator.com/D2431
2012-05-08 12:08:05 -07:00
Bob Trahan
8c6fa3e62d Conduit user.query
Summary: specify user table to make things not ambiguous

Test Plan: conduit console still works, including ID query...!

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Koolvin

Maniphest Tasks: T1075

Differential Revision: https://secure.phabricator.com/D2419
2012-05-07 13:47:06 -07:00
Bob Trahan
c58bd95842 Conduit user.query method
Summary: also includes a PhabricatorPeopleQuery object

Test Plan: queried for various combinations username, realname, id, phid, and email. verified correct results.

Reviewers: epriestley

Reviewed By: epriestley

CC: zeeg, aran, Koolvin

Maniphest Tasks: T1075

Differential Revision: https://secure.phabricator.com/D2416
2012-05-07 13:35:09 -07:00
epriestley
87207b2f4e Allow users to have multiple email addresses, and verify emails
Summary:
  - Move email to a separate table.
  - Migrate existing email to new storage.
  - Allow users to add and remove email addresses.
  - Allow users to verify email addresses.
  - Allow users to change their primary email address.
  - Convert all the registration/reset/login code to understand these changes.
  - There are a few security considerations here but I think I've addressed them. Principally, it is important to never let a user acquire a verified email address they don't actually own. We ensure this by tightening the scoping of token generation rules to be (user, email) specific.
  - This should have essentially zero impact on Facebook, but may require some minor changes in the registration code -- I don't exactly remember how it is set up.

Not included here (next steps):

  - Allow configuration to restrict email to certain domains.
  - Allow configuration to require validated email.

Test Plan:
This is a fairly extensive, difficult-to-test change.

  - From "Email Addresses" interface:
    - Added new email (verified email verifications sent).
    - Changed primary email (verified old/new notificactions sent).
    - Resent verification emails (verified they sent).
    - Removed email.
    - Tried to add already-owned email.
  - Created new users with "accountadmin". Edited existing users with "accountadmin".
  - Created new users with "add_user.php".
  - Created new users with web interface.
  - Clicked welcome email link, verified it verified email.
  - Reset password.
  - Linked/unlinked oauth accounts.
  - Logged in with oauth account.
  - Logged in with email.
  - Registered with Oauth account.
  - Tried to register with OAuth account with duplicate email.
  - Verified errors for email verification with bad tokens, etc.

Reviewers: btrahan, vrana, jungejason

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1184

Differential Revision: https://secure.phabricator.com/D2393
2012-05-07 10:29:33 -07:00
epriestley
803dea1517 Make "user role" editing more clear
Summary: The various interfaces here are in conflict about what a role is and isn't. Make them all consistent.

Test Plan: Edited some users into various roles, verified they reported correctly.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1190

Differential Revision: https://secure.phabricator.com/D2415
2012-05-07 10:25:36 -07:00
vrana
416e4e7b67 Allowing setting user status
Summary:
I will use it for highlighting users which are not currently available.

Maybe I will also use it in the nagging tool.

I don't plan creating a UI for it as API is currently enough for us.
Maybe I will visualize it at /calendar/ later.

I plan creating `user.deletestatus` method when this one will be done.

Test Plan:
`storage upgrade`
Call Conduit `user.addstatus`.
Verify DB.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2382
2012-05-03 18:24:30 -07:00
Bob Trahan
8988667dcc Make Oauth-registration flows a bit more resilient to failures from the providers
Summary: basically by validating we have good user data when we set the user data.

Test Plan: simulated a failure from a phabricator on phabricator oauth scenario. viewed ui that correctly told me there was an error with the provider and to try again.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Koolvin

Maniphest Tasks: T1077

Differential Revision: https://secure.phabricator.com/D2337
2012-05-01 11:51:40 +02:00
epriestley
8ed48a89f4 Use a disk-based default avatar, not a database-based one
Summary:
This is mostly in an effort to simplify D2323. Currently, we load one image into the database by default. This is a weird special case that makes things more complicated than necessary.

Instead, use a disk-based default avatar.

Test Plan: Verified that a user without an image appears with the default avatar as a handle, in profile settings, and on their person page.

Reviewers: btrahan, vrana, edward, jungejason

Reviewed By: vrana

CC: aran

Maniphest Tasks: T345

Differential Revision: https://secure.phabricator.com/D2331
2012-04-27 17:44:10 -07:00
epriestley
20a5c9b261 Use "closed", not "committed", in Differential
Summary: "Committed" is SVN-specific language, and confusing in Git and Mercurial. Use neutral language instead.

Test Plan: Inspection.

Reviewers: btrahan, Makinde, vrana, jungejason

Reviewed By: vrana

CC: aran

Maniphest Tasks: T909

Differential Revision: https://secure.phabricator.com/D2087
2012-04-23 17:40:57 -07:00
vrana
549a86cd96 Add sex
Summary:
We will need it for intl.

I've put it to User instead of UserProfile to be easier accessible.

Test Plan:
Apply SQL patch.
Change sex to Male.
Change sex to Unknown.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Koolvin

Maniphest Tasks: T1139

Differential Revision: https://secure.phabricator.com/D2287
2012-04-19 16:05:25 -07:00
vrana
9be054443f Handle refreshing profile image with expired OAuth token
Summary:
If OAuth token is expired then refreshing profile image doesn't work.
This diffs solves it this way:

- Hide Refresh Profile Image button with expired token.
- Display Refresh Token with expired token.
- Update token after logging-in.

Test Plan:
Wait until token expires.
/settings/page/facebook/ - no Refresh Profile Image button.
Refresh Token.
Refresh Profile Image.

Reviewers: epriestley, jungejason

Reviewed By: epriestley

CC: michalburger1, aran, Koolvin

Differential Revision: https://secure.phabricator.com/D2281
2012-04-19 09:30:25 -07:00
epriestley
c458768415 Fix various threading issues, particularly in Gmail
Summary:
  - Add an explicit multiplexing option, and enable it by default. This is necessary for Mail.app to coexist with other clients ("Re:" breaks outlook at the very least, and generally sucks in the common case), and allows users with flexible clients to enable subject variance.
  - Add an option for subject line variance. Default to not varying the subject, so mail no longer says [Committed], [Closed], etc. This is so the defaults thread correctly in Gmail (not entirely sure this actually works).
  - Add a preference to enable subject line variance.
  - Unless all mail is multiplexed, don't enable or respect the "Re" or "vary subject" preferences. These are currently shown and respected in non-multiplex cases, which creates inconsistent results.

NOTE: @jungejason @nh @vrana This changes the default behavior (from non-multiplexing to multiplexing), and might break Facebook's integration. You should be able to keep the same behavior by setting the options appropriately, although if you can get the new defaults working they're probably better.

Test Plan:
Send mail from Maniphest, Differential and Audit. Updated preferences. Enabled/disabled multiplexing. Things seem OK?

NOTE: I haven't actually been able to repro the Gmail threading issue so I'm not totally sure what's going on there, maybe it started respecting "Re:" (or always has), but @cpiro and @20after4 both reported it independently. This fixes a bunch of bugs in any case and gives us more conservative set of defaults.

I'll see if I can buff out the Gmail story a bit but every client is basically a giant black box of mystery. :/

Reviewers: btrahan, vrana, jungejason, nh

Reviewed By: btrahan

CC: cpiro, 20after4, aran

Maniphest Tasks: T1097, T847

Differential Revision: https://secure.phabricator.com/D2206
2012-04-12 09:31:03 -07:00
Aizat Faiz
f0e89b7723 Fix typo 'retrive' to 'retrieve'. 2012-04-12 17:17:30 +08:00
vrana
935f3657b5 Allow %f2 and other escape sequences in editor link
Test Plan: Open in Editor.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2184
2012-04-10 11:36:37 -07:00
vrana
e87e1786a6 Fix docs links after D2181
Test Plan:
  diviner .

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2188
2012-04-10 11:33:26 -07:00
epriestley
6eb91b2a0e Improve documentation for System Agents and other account roles
Summary: Explain this stuff better and add some documentation links.

Test Plan: Read documentation, viewed account edit interfaces.

Reviewers: btrahan, vrana, jungejason

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T834

Differential Revision: https://secure.phabricator.com/D2158
2012-04-08 15:10:00 -07:00
vrana
d1b7059a2d Open editor from stack trace
Summary:
I've considered that user may have set editor but not checked out Phabricator repositories.
But stack trace is useful mainly for developers.

Test Plan:
Click on path in Unhandled Exception.
Repeat with disabled editor.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2107
2012-04-04 18:19:14 -07:00
Bob Trahan
f7d975ab72 Fix refresh profile picture functionality
Summary:
turns out both github and Phabricator fall back to if the user already has a login session when accessing the pertinent profile picture data. Facebook on the other hand is a stingy bastard about have an actual access token. Ergo, in production (once I could test Facebook) this button failed.

The patch sets the access token properly such that the provider can use it properly when retrieving the profile image.

Test Plan: re-did my meta-Phabricator test and it still passed. setup my phabricator dev instance for Facebook OAuth (created a test app and everything... :/ )  and it worked end to end.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Maniphest Tasks: T870

Differential Revision: https://secure.phabricator.com/D1986
2012-03-21 17:46:38 -07:00
Bob Trahan
5eb922fdb4 T870 - add a refresh button for sync'd OAuth accounts
Summary: nice title!

Test Plan: refreshed my profile pic against my OAuth Phabricator instance.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Maniphest Tasks: T870

Differential Revision: https://secure.phabricator.com/D1980
2012-03-21 16:10:50 -07:00
David Fisher
1c9a8ccb7c Added Search Box Preferences
Summary:
Resolves T989
- users can now disable the '/' keyboard shortcut which focuses the
  search box
- users can now disable the jump nav functionality of the search box

Test Plan:
- verified that the '/' keyboard shortcut works with preference enabled
  or unset
- verified that '/' no longer has any effect and disappears from
  keyboard shortcuts help overlay with preference disabled
- verified that search boxes have jump nav capabilities with jump nav
  functionality preference unset or enabled
- verified that search boxes do not jump with jump nav preference
  disabled
- verified that the jump nav still works as a jump nav with jump nav
  preference disabled

Reviewers: epriestley

Reviewed By: epriestley

CC: simpkins, aran, epriestley, vrana

Maniphest Tasks: T989

Differential Revision: https://secure.phabricator.com/D1902
2012-03-14 20:47:41 -07:00
epriestley
f0e9df1fda Improve UI hints and error messages for supported file types
Summary:
We give you a pretty bad error right now if your server doesn't have, say, png support, saying "only png is supportd loololloo".

Instead, show you which formats are supported in the error messsage, and tell you upfront.

Test Plan: Tried to upload supported and unsupported images, got appropriate errors and supported format text.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T981

Differential Revision: https://secure.phabricator.com/D1894
2012-03-14 12:41:33 -07:00
epriestley
d0af617818 Add "final" to (almost) everything else
Summary: Last of the big final patches. Left a few debatable classes (12 out of about 400) that I'll deal with individually eventually.

Test Plan: Ran testEverythingImplemented.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T795

Differential Revision: https://secure.phabricator.com/D1881
2012-03-13 16:21:04 -07:00
vrana
d5bf30bb48 Prepare database for UTF-8
Summary: D1830#8

Test Plan:
`scripts/sql/upgrade_schema.php`
Try adding duplicate SSH Public Key - failed.
Try adding new SSH Public Key - succeeded.

Reviewers: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1852
2012-03-09 18:56:22 -08:00
epriestley
b2890eeb0e Add "final" to all Phabricator "Controller" classes
Summary:
These are all unambiguously unextensible. Issues I hit:

  - Maniphest Change/Diff controllers, just consolidated them.
  - Some search controllers incorrectly extend from "Search" but should extend from "SearchBase". This has no runtime effects.
  - D1836 introduced a closure, which we don't handle correctly (somewhat on purpose; we target PHP 5.2). See T962.

Test Plan: Ran "testEverythingImplemented" unit test to identify classes extending from `final` classes. Resolved issues.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T795

Differential Revision: https://secure.phabricator.com/D1843
2012-03-09 15:46:25 -08:00
vrana
ad58491c6c Support /differential/filter/<filter>/<username>/
Summary: NOTE: I didn't add BC for ?phid=.

Test Plan:
/differential/
/differential/filter/active/
/differential/filter/active/epriestley/
/differential/filter/active/x/ - 404
/differential/filter/revisions/?status=open - search for epriestley
/differential/filter/revisions/epriestley/?status=open
/p/jakubv/

Reviewers: epriestley, nh

Reviewed By: epriestley

CC: aran, epriestley

Maniphest Tasks: T900

Differential Revision: https://secure.phabricator.com/D1797
2012-03-06 15:21:59 -08:00
epriestley
1eeaeb62e4 Remove commit list from Diffusion in favor of Audit commit list
Summary:
We can drive this query better from the Audit tool now; get rid of the Diffusion
version.

Preserve usernames in URIs as per T900.

Test Plan: Clicked "Commits" from profile. Browsed audit commit filters.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T904

Differential Revision: https://secure.phabricator.com/D1713
2012-02-28 21:12:08 -08:00
epriestley
bfea830d09 Add email preferences to receive fewer less-important notifications
Summary:
A few similar requests have come in across several tools and use cases that I
think this does a reasonable job of resolving.

We currently send one email for each update an object receives, but these aren't
always appreciated:

  - Asana does post-commit review via Differential, so the "committed" mails are
useless.
  - Quora wants to make project category edits to bugs without spamming people
attached to them.
  - Some users in general are very sensitive to email volumes, and this gives us
a good way to reduce the volumes without incurring the complexity of
delayed-send-batching.

The technical mechanism is basically:

  - Mail may optionally have "mail tags", which indicate content in the mail
(e.g., "maniphest-priority, maniphest-cc, maniphest-comment" for a mail which
contains a priority change, a CC change, and a comment).
  - If a mail has tags, remove any recipients who have opted out of all the
tags.
  - Some tags can't be opted out of via the UI, so this ensures that important
email is still delivered (e.g., cc + assign + comment is always delivered
because you can't opt out of "assign" or "comment").

Test Plan:
  - Disabled all mail tags in the web UI.
  - Used test console to send myself mail with an opt-outable tag, it was
immediately dropped.
  - Used test console to send myself mail with an opt-outable tag and a custom
tag, it was delivered.
  - Made Differential updates affecting CCs with and without comments, got
appropriate delivery.
  - Made Maniphest updates affecting project, priority and CCs with and without
comments, got appropriate delivery.
  - Verified mail headers in all cases.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley, moskov

Maniphest Tasks: T616, T855

Differential Revision: https://secure.phabricator.com/D1635
2012-02-17 22:57:07 -08:00
vrana
fe4d717cc7 Escape result of PhabricatorOAuthProvider::getProviderName()
Test Plan: /settings/page/facebook/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1556
2012-02-02 18:35:45 -08:00
epriestley
7bee68a763 Document configuration of external editor links
Summary: Provide some documentation for this feature since it's not super
obvious how it works.

Test Plan: Generated documentation, read documentation.

Reviewers: btrahan, vrana, jungejason, nh

Reviewed By: vrana

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1521
2012-01-30 15:56:42 -08:00
vrana
067c7f8a74 Display links to editor in Differential and Diffusion
Summary:
It is possible to open a file in editor by registering a custom URI scheme
(pseudo-protocol). Some editors register it by default.
Having links to open the file in external editor is productivity booster
although it is a little bit harder to set up.
There are several other tools using file_link_format configuration directive
(XDebug, Symfony) to bind to this protocol.
I've added the example with editor: protocol which can be used as a proxy to
actual editor (used by Nette Framework:
http://wiki.nette.org/en/howto-editor-link).

Test Plan:
Configure Editor Link in User Preferences.
Register URI scheme in OS.
Open a file in Diffusion. Click on the Edit button.
Open a revision in Differential. Click on the Edit button.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1422
2012-01-24 10:42:33 -08:00
epriestley
ad36865e50 Add optional "Re:" prefix to all threaded mail and allow disabling mail about
your own actions

Summary:
  - Mail.app on Lion has cumbersome threading rules, see T782. Add an option to
stick "Re: " in front of all threaded mail so it behaves. This is horrible, but
apparently the least-horrible option.
  - While I was in there, I added an option for T228.

Test Plan:
  - Sent a bunch of threaded and unthreaded mail with varous "Re:" settings,
seemed to get "Re:" in the right places.
  - Disabled email about my stuff, created a task with just me, got voided mail,
added a CC, got mail to just the CC.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran, mkjones

Maniphest Tasks: T228, T782

Differential Revision: https://secure.phabricator.com/D1448
2012-01-18 15:20:50 -08:00
epriestley
e2c75d5dc2 Improve Differential handling of disabled users
Summary:
We currently allow you to assign code review to disabled users, but
should not.

Test Plan:
  - Created revisions with no reviewers and only disabled reviewers, was
appropriately warned.
  - Looked at a disabled user handle link, was clearly informed.
  - Tried to create a new revision with a disabled reviewer, was rebuffed.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D1429
2012-01-17 09:27:19 -08:00
epriestley
82c0795e54 Unify logic for username validation
Summary: Revisit of D1254. Don't require lowercase, just standardize the logic.
The current implementation has nonuniform logic -- PeopleEditController forbids
uppercase.

Test Plan: Ran unit tests, see also D1254.

Reviewers: btrahan, jungejason, aran

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D1415
2012-01-16 11:52:59 -08:00
epriestley
bfbe6ec594 Prevent login brute forcing with captchas
Summary: If a remote address has too many recent login failures, require they
fill out a captcha before they can attempt to login.

Test Plan: Tried to login a bunch of times, then submitted the CAPTHCA form with
various combinations of valid/invalid passwords and valid/invalid captchas.

Reviewers: btrahan, jungejason

Reviewed By: jungejason

CC: aran, epriestley, jungejason

Maniphest Tasks: T765

Differential Revision: https://secure.phabricator.com/D1379
2012-01-12 15:22:05 -08:00
epriestley
02fb5fea89 Allow configuration of a minimum password length, unify password reset
interfaces

Summary:
  - We have a hard-coded minimum length of 3 right now (and 1 in the other
interface), which is sort of silly.
  - Provide a more reasonable default, and allow it to be configured.
  - We have two password reset interfaces, one of which no longer actually
requires you to verify you own the account. This is more than a bit derp.
  - Merge the interfaces into one, using either an email token or the account's
current password to let you change the password.

Test Plan:
  - Reset password on an account.
  - Changed password on an account.
  - Created a new account, logged in, set the password.
  - Tried to set a too-short password, got an error.

Reviewers: btrahan, jungejason, nh

Reviewed By: jungejason

CC: aran, jungejason

Maniphest Tasks: T766

Differential Revision: https://secure.phabricator.com/D1374
2012-01-12 07:39:13 -08:00
epriestley
d75007cf42 Validate logins, and simplify email password resets
Summary:
  - There are some recent reports of login issues, see T755 and T754. I'm not
really sure what's going on, but this is an attempt at getting some more
information.
  - When we login a user by setting 'phusr' and 'phsid', send them to
/login/validate/ to validate that the cookies actually got set.
  - Do email password resets in two steps: first, log the user in. Redirect them
through validate, then give them the option to reset their password.
  - Don't CSRF logged-out users. It technically sort of works most of the time
right now, but is silly. If we need logged-out CSRF we should generate it in
some more reliable way.

Test Plan:
  - Logged in with username/password.
  - Logged in with OAuth.
  - Logged in with email password reset.
  - Sent bad values to /login/validate/, got appropriate errors.
  - Reset password.
  - Verified next_uri still works.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran, btrahan, j3kuntz

Maniphest Tasks: T754, T755

Differential Revision: https://secure.phabricator.com/D1353
2012-01-11 08:25:55 -08:00
Bob Trahan
84ea5c53e4 Kill PhabricatorFileURI
Summary:
we used to need this function for security purposes, but no longer need
it.   remove it so that some call sites can be optimized via smarter data
fetching, and so the whole codebase can have one less thing in it.

Test Plan:
verified the images displayed properly for each of the following
- viewed a diff with added images.
- viewed a user feed
- viewed a user profile
- viewed all image macros
- viewed a paste and clicked through "raw link"
weakness in testing around proxy files and transformed files.  not sure what
these are.  changes here are very programmatic however.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, btrahan, epriestley

Maniphest Tasks: T672

Differential Revision: https://secure.phabricator.com/D1354
2012-01-10 15:21:39 -08:00
epriestley
5f8711ebf8 Minor, fix CSRF error caused by D1329. 2012-01-09 13:47:33 -08:00
epriestley
58f2cb2509 Provide a script for batch creating user accounts
Summary: Make it a little easier to create a bunch of accounts if your company
has more than like 5 employees.

Test Plan: Ran "add_user.php" to create new users. Created new users from the
web console.

Reviewers: btrahan, jungejason, rguerin

Reviewed By: btrahan

CC: aran, btrahan, rguerin

Differential Revision: https://secure.phabricator.com/D1336
2012-01-06 11:50:51 -08:00
epriestley
d16454d45d Improve a race condition in session establishment code
Summary:
If you try to establish several sessions quickly (e.g., by running several
copies of "arc" at once, as in "arc x | arc y"), the current logic has a high
chance of making them all pick the same conduit session to refresh (since it's
the oldest one when each process selects the current sessions). This means they
all issue updates against "conduit-3" (or whatever) and one ends up with a bogus
session.

Instead, do an update against the table with the session key we read, so only
one process wins the race. If we don't win the race, try again until we do or
have tried every session slot.

Test Plan:
  - Wiped conduit sessions, ran arc commands to verify the fresh session case.
  - Ran a bunch of arc piped to itself, e.g. "arc list | arc list | arc list |
...". It succeeds up to the session limit, and above that gets failures as
expected.
  - Manually checked the session table to make sure things seemed reasonable
there.
  - Generally ran a bunch of arc commands.
  - Logged out and logged in on the web interface.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran, btrahan

Maniphest Tasks: T687

Differential Revision: https://secure.phabricator.com/D1329
2012-01-06 11:33:03 -08:00
epriestley
aba5b48202 Minor: cosmetic fix to always use the small 50x50 picture in the new profile layout. 2011-12-24 09:12:01 -08:00
epriestley
2e6ab9b9a6 Convert user profile to be more useful and use the new Project profile style
layout

Summary:
  - Use new less-horrible layout.
  - Organize information more completely and sensibly.

Test Plan: Looked at some profiles.

Reviewers: btrahan, jungejason

Reviewed By: jungejason

CC: aran, jungejason

Differential Revision: https://secure.phabricator.com/D1281
2011-12-24 08:54:23 -08:00
epriestley
e45ffda55a Move most remaining sha1() calls to HMAC
Summary:
  - For context, see T547. This is the last (maybe?) in a series of diffs that
moves us off raw sha1() calls in order to make it easier to audit the codebase
for correct use of hash functions.
  - This breaks CSRF tokens. Any open forms will generate an error when
submitted, so maybe upgrade off-peak.
  - We now generate HMAC mail keys but accept MAC or HMAC. In a few months, we
can remove the MAC version.
  - The only remaining callsite is Conduit. We can't use HMAC since Arcanist
would need to know the key. {T550} provides a better solution to this, anyway.

Test Plan:
  - Verified CSRF tokens generate properly.
  - Manually changed CSRF to an incorrect value and got an error.
  - Verified mail generates with a new mail hash.
  - Verified Phabricator accepts both old and new mail hashes.
  - Verified Phabricator rejects bad mail hashes.
  - Checked user log, things look OK.

Reviewers: btrahan, jungejason, benmathews

Reviewed By: btrahan

CC: aran, epriestley, btrahan

Maniphest Tasks: T547

Differential Revision: 1237
2011-12-19 08:56:53 -08:00