1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-11 16:16:14 +01:00
Commit graph

369 commits

Author SHA1 Message Date
epriestley
7170b062e6 Remove PhabricatorUser->loadPreferences()
Summary: Ref T4103. This method has no more callers.

Test Plan: `grep`

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16039
2016-06-05 08:50:48 -07:00
epriestley
7ef6c0a523 Modularize all the mail preferences
Summary:
Ref T4103. This isn't completely perfect but should let us move forward without also expanding scope into "too much mail".

I split the existing "Mail Preferences" into two panels: a "Mail Delivery" panel for the EditEngine settings, and a "2000000 dropdowns" panel for the two million dropdowns. This one retains the old code more or less unmodified.

Test Plan:
  - Ran unit tests, which cover most of this stuff.
  - Grepped for all removed constants.
  - Ran migrations, inspected database results.
  - Changed settings in both modified panels.
  - This covers a lot of ground, but anything I missed will hopefully be fairly obvious.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16038
2016-06-05 08:50:07 -07:00
epriestley
d326b239ae Resolve timezone conflicts in a modern transactional way
Summary: Ref T4103. Also get rid of the weird cache clear that nothing else uses and which we don't actually need.

Test Plan:
  - Resolved timezone conflict by ignoring it.
  - Resolved timezone conflict by picking a valid timezone.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16037
2016-06-05 08:49:43 -07:00
epriestley
9d7c286252 Allow users to turn off desktop notifications
Summary: Fixes T8846. Ref T4103. I just took the shortest reasonable path here, this panel could use some attention on the next Conpherence iteration.

Test Plan: Turned on/off desktop notifications. Observed corresponding behavior in test notifications.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103, T8846

Differential Revision: https://secure.phabricator.com/D16036
2016-06-05 08:49:21 -07:00
epriestley
6199e95577 Use transactions to apply Ajax settings mutations
Summary:
Ref T4103. Some settings (mostly nav collapsed/expanded states) use this endpoint to make adjustments when users press keys (like `\` to toggle the durable column).

All of these settings are now formal, so swap things over to transactions.

Test Plan: Collapsed/expanded various navs, reloaded pages, settings stuck.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16035
2016-06-05 08:48:43 -07:00
epriestley
fc45de29a6 Modernize various menu collapse settings
Summary: Ref T4103. Fully modernize the filetree show/hide, durable column show/hide, and profile menu collapse/wide settings.

Test Plan:
  - Toggled filetree on/off, reloaded page, setting stuck.
  - Same with conpherence column and profile menus.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16034
2016-06-04 14:44:36 -07:00
epriestley
804e7a6e06 When a user enables/disables DarkConsole, forget their console UI visibility setting
Summary: Ref T4103. This primarily makes sure the console gets turned on when you enable it so you aren't like "where's the console???"

Test Plan: Enabled console, saw console.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16030
2016-06-04 14:44:13 -07:00
epriestley
109917a94b Turn DarkConsole settings into real settings
Summary:
Ref T4103. These settings long-predate proper settings and are based on hard-coded user properties. Turn them into real settings.

(I didn't try to migrate the value since they're trivial to restore and only useful to developers.)

Test Plan:
  - Toggled console on/off.
  - Swapped tabs.
  - Reloaded page, everything stayed sticky.

Reviewers: chad

Reviewed By: chad

Subscribers: eadler

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16029
2016-06-04 14:43:43 -07:00
epriestley
64d6593e9c Modernize pinned homepage applications settings
Summary:
Ref T4103. A few bits here:

  - We have an ancient "tiles" preference which was just a fallback from 2-3 years ago. Throw that away.
  - Modenize the other pinned stuff. We should likely revisit this after the next homepage update but I just left the actual defaults alone for now.
  - Lightly prepare for global default editing.
  - Add a "reset to defaults" option.

Test Plan:
  - Pinned, unpinned, reordered and reset application homepage order.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16028
2016-06-04 14:42:39 -07:00
epriestley
44e88f186c Modernize "favorite project policies" setting
Summary:
Ref T4103. Convert this into a proper internal setting and use transactions to mutate it.

Also remove some no-longer-used old non-modular settings constants.

Test Plan:
  - Used policy dropdown, saw recently-used projects.
  - Selected some new projects, saw them appear.
  - Grepped for all removed constants.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16027
2016-06-04 14:42:11 -07:00
epriestley
5c8ff3d37c Convert Diffusion blame and color into standard internal settings
Summary: Ref T4103. Modernize the blame/color toggles in Diffusion. These have no separate settings UI.

Test Plan: Toggled blame and colors, reloaded pages, settings stuck.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16026
2016-06-04 14:41:49 -07:00
epriestley
1e17fd31a4 Modernize Conpherence access to user preferences
Summary:
Ref T4103. Conpherence is doing some weird stuff and has its own redudnant settings object.

  - Get rid of `ConpherenceSettings`.
  - Use `getUserSetting()` instead of `loadPreferences()`.
  - When applying transactions, add a new mechanism to efficiently prefill caches (this will still work anyway, but it's slower if we don't bulk-fetch).

Test Plan:
  - Changed global Conpherence setting.
  - Created a new Conpherence, saw setting set to global default.
  - Changed local room setting.
  - Submitted messages.
  - Saw cache prefill for all particpiants in database.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16025
2016-06-04 14:41:25 -07:00
epriestley
9a076b71a3 Remove standalone huge single page setting edit controller
Summary: Ref T4103. This isn't necessary or particularly useful anymore since panels have been converted.

Test Plan: Visited URI, got a 404.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16024
2016-06-04 14:41:03 -07:00
epriestley
45f347fe47 Use EditEngine for diff, display, developer and most email settings
Summary: Ref T4103. This converts other straightforward panels to modern stuff.

Test Plan:
  - Edited various settings.
  - Tried to set a bogus editor value.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16023
2016-06-04 14:40:32 -07:00
epriestley
ef28adae9a Use EditEngine for Conpherence preferences
Summary: Ref T4103. Only trick here is hiding the panel if Conpherence is not installed.

Test Plan:
  - Edited Conpherence preferences.
  - Uninstalled Conpherence, saw panel vanish.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16022
2016-06-04 14:40:04 -07:00
epriestley
eb673fd783 Formalize and fully modularize settings panel groups
Summary:
Ref T4103. Settings panels are grouped into categories of similar panels (like "Email" or "Sessions and Logs").

Currently, this is done informally, by just grouping and ordering by strings. This won't work well with translations, since it means the ordering is entirely dependent on the language order, so the first settings panel you see might be something irrelvant or confusing. We'd also potentially break third-party stuff by changing strings, but do so in a silent hard-to-detect way.

Provide formal objects and modularize the panel groups completely.

Test Plan: Verified all panels still appear properly and in the same groups and order.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16020
2016-06-04 14:39:11 -07:00
epriestley
2725fdf800 When a user changes their timezone, clear their ignored timezone offset
Summary:
Ref T4103. We have a couple of settings like this where changing one setting changes another (e.g., enabling DarkConsole makes the console visible).

Provide a mechanism to let changing timezone really mean "change timezone, and also clear the timezone offset".

Test Plan: Swapped timezones, reconciled them by ignoring the offset, changed timezone again to another zone with the same offset, got asked to reconcile again.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16018
2016-06-04 14:38:43 -07:00
epriestley
2f936094d8 Convert "Account" and "Date and Time" settings to EditEngine
Summary:
Ref T4103. This pretty much replaces these panels in-place with similar looking ones that go through EditEngine.

This has a few rough edges but they're pretty minor and/or hard to hit (for example, when editing another user's settings, the crumbs have a redundant link in them).

Test Plan:
  - Edited my own settings.
  - Edited a bot user's settings.
  - Tried to edit another user's settings (failed).

{F1674465}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16017
2016-06-04 14:38:20 -07:00
epriestley
67482fd19d Continue modernizing application access to user preferences
Summary:
Ref T4103. This is just incremental cleanup:

  - Add "internal" settings, which aren't editable via the UI. They can still do validation and run through the normal pathway. Move a couple settings to use this.
  - Remove `getPreference()` on `PhabricatorUser`, which was a sort of prototype version of `getUserSetting()`.
  - Make `getUserSetting()` validate setting values before returning them, to improve robustness if we change allowable values later.
  - Add a user setting cache, since reading user settings was getting fairly expensive on Calendar.
  - Improve performance of setting validation for timezone setting (don't require building/computing all timezone offsets).
  - Since we have the cache anyway, make the timezone override a little more general in its approach.
  - Move editor stuff to use `getUserSetting()`.

Test Plan:
  - Changed search scopes.
  - Reconciled local and server timezone settings by ignoring and changing timezones.
  - Changed date/time settings, browsed Calendar, queried date ranges.
  - Verified editor links generate properly in Diffusion.
  - Browsed around with time/date settings looking at timestamps.
  - Grepped for `getPreference()`, nuked all the ones coming off `$user` or `$viewer` that I could find.
  - Changed accessiblity to high-contrast colors.
  - Ran all unit tests.
  - Grepped for removed constants.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16015
2016-06-04 14:37:56 -07:00
epriestley
57c2f61b75 Modularize Conpherence notification preferences
Summary:
Ref T4103. This is a weird standalone setting that I didn't clean up earlier.

Also fix an issue with the PronounSetting and the Editor not interacting properly.

Test Plan: Edited using new EditEngine UI.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16014
2016-06-04 14:37:36 -07:00
epriestley
ebd8f3c987 Make translation, timezone and pronoun into real settings
Summary:
Ref T4103. These are currently stored on the user, for historic/performance reasons.

Since I want administrators to be able to set defaults for translations and timezones at a minimum and there's no longer a meaningful performance penalty for moving them off the user record, turn them into real preferences and then nuke the columns.

Test Plan:
  - Set settings to unusual values.
  - Ran migrations.
  - Verified my unusual settings survived.
  - Created a new user.
  - Edited all settings with old and new UIs.
  - Reconciled client/server timezone disagreement.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16005
2016-06-02 06:29:47 -07:00
epriestley
9180f429eb Provide a general-purpose, modular user cache for settings and other similar data
Summary:
Ref T4103. Currently, we issue a `SELECT * FROM user_preferences ... WHERE userPHID = ...` on every page to load the viewer's settings.

There are several other questionable data accesses on every page too, most of which could benefit from improved caching strategies (see T4103#178122).

This query will soon get more expensive, since it may need to load several objects (e.g., the user's settings and their "role profile" settings). Although we could put that data on the User and do both in one query, it's nicer to put it on the Preferences object ("This inherits from profile X") which means we need to do several queries.

Rather than paying a greater price, we can cheat this stuff into the existing query where we load the user's session by providing a user cache table and doing some JOIN magic. This lets us issue one query and try to get cache hits on a bunch of caches cheaply (well, we'll be in trouble at the MySQL JOIN limit of 61 tables, but have some headroom).

For now, just get it working:

  - Add the table.
  - Try to get user settings "for free" when we load the session.
  - If we miss, fill user settings into the cache on-demand.
  - We only use this in one place (DarkConsole) for now. I'll use it more widely in the next diff.

Test Plan:
  - Loaded page as logged-in user.
  - Loaded page as logged-out user.
  - Examined session query to see cache joins.
  - Changed settings, saw database cache fill.
  - Toggled DarkConsole on and off.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D16001
2016-06-02 06:28:56 -07:00
epriestley
7fe1a6840e Modularize all straightforward settings
Summary:
Ref T4103. This tackles all the easy stuff. Not yet handled:

  - Translation, pronoun, timezone: these are weird and stored on the User object instead of in settings.
  - Conpherence default: actually just missed this one, it's normal.
  - 1000 dropdowns for email notification preferences (messy, technically).

Test Plan:
wow look at all these settings

{F1670442}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D15999
2016-06-02 06:28:35 -07:00
epriestley
9b27b5c7da Convert "Display Preferences" to modular settings
Summary: Ref T4103. Just porting these directly for now, no attempt to organize things yet.

Test Plan: {F1669263}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D15997
2016-06-01 04:44:46 -07:00
epriestley
5e6716399c Make Settings modular and allow them to be EditEngine'd
Summary: Ref T4103. This starts breaking out settings in a modern way to prepare for global defaults.

Test Plan:
  - Edited diff settings.
  - Saw them take effect in primary settings pane.
  - Set stuff to new automatic defaults.
  - Tried to edit another user's settings.
  - Edited a bot's settings as an administrator.

{F1669077}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D15995
2016-05-31 15:32:02 -07:00
epriestley
b256f2d7b2 Prepare UserPreferences for transactions
Summary:
Ref T4103. This give preferences a PHID, policy/transaction interfaces, a transaction table, and a Query class.

This doesn't actually change how they're edited, yet.

Test Plan:
- Ran migrations.
- Inspected database for date created, date modified, PHIDs.
- Changed some of my preferences.
- Deleted a user's preferences, verified they reset properly.
- Set some preferences as a new user, got a new row.
- Destroyed a user, verified their preferences were destroyed.
- Sent Conpherence messages.
- Send mail.
- Tried to edit another user's settings.
- Tried to edit a bot's settings as a non-admin.
- Edited a bot's settings as an admin (technically, none of the editable settings are actually stored in the settings table, currently).

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D15991
2016-05-31 12:28:44 -07:00
epriestley
5b77b86ffb Show translation option names natively, instead of in the current translation
Summary: Ref T5267. Put "Deutsch" in the list instead of "German", so you can find your language without knowing the English word for it.

Test Plan: {F1661598}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T5267

Differential Revision: https://secure.phabricator.com/D15980
2016-05-26 08:07:57 -07:00
epriestley
10ffa42504 Separate locales into more usable groups in the translation menu
Summary:
Ref T5267. Ref T4103. Currently, adding new locale support to the upstream fills this menu with confusing options which don't do anything. Separate it into four groups:

  - Translations: these have a "reasonable number" of strings and you'll probably see some obvious effect if you switch to the translation.
  - Limited Translations: these have very few or no strings, and include locales which we've added but don't ship translations for.
  - Silly Translations: Pirate english, etc.
  - Test Translations: ALLCAPS, raw strings, etc.

Czech is currently in "test" instead of "limited" for historical reasons; I'll remedy this in the next change.

Test Plan: {F1661523}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103, T5267

Differential Revision: https://secure.phabricator.com/D15978
2016-05-26 08:00:06 -07:00
epriestley
a4e5780043 Remove "Search Preferences"
Summary:
Ref T4103. This removes these options:

{F1660585}

The jump nav option came from T916, when we had a separate jump nav on the home page. Essentially no one has ever been confused by the behavior of search or disabled this feature. Here are the stats for this install:

| Total Users | 36656 |
| Have Set Any Preference | 3084 |
| Have Disabled Jump | 6
| Are Not "Security Researchers" | 2
| Any Account Activity | 0

The "/" option came in the same change, but the preference came from T989. This keystroke conflicts with a default Firefox keystroke. Almost no one cares about this either, but I count 6 real users who have disabled the behavior. I suspect the number of real users who //use// it may be smaller.

In Safari and Firefox, the "tab" key does the same thing.

In Chrome, the "tab" key does the same thing if {nav Preferences > Web Content > "Pressing Tab highlights..."} is disabled.

Upshot: jump nav is great, bulk of the change in T989 was clearly great, specific preferences that came out of it seem not-so-great and now is a good time to kill them as we head into T4103.

Test Plan:
  - Grepped for removed constants.
  - Pressed "/".
  - Searched for `T123`.
  - Viewed settings.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4103

Differential Revision: https://secure.phabricator.com/D15976
2016-05-26 06:21:47 -07:00
epriestley
efd001b42f Wordsmith the timezone selection UX
Summary:
Ref T3025.

  - Show current zone to make the current vs new more clear.
  - Tweak some text.

Test Plan: {F1656534}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T3025

Differential Revision: https://secure.phabricator.com/D15965
2016-05-23 10:31:42 -07:00
epriestley
2a00f185eb When the JS "Intl" API is available, use it to guess the timezone
Summary:
Ref T3025. Chrome gives us an easily-accessible, much better guess at which timezone the user is in.

Firefox also exposes "Intl" but this doesn't seem to be a reliable method to read the timezone.

Test Plan:
In Chrome, swapped my system date/time between zones, clicked the "reconcile" popup, got the dropdown prefilled accurately.

In Safari (no `Intl` API) got the normal flow with no default selected.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T3025

Differential Revision: https://secure.phabricator.com/D15962
2016-05-22 09:14:02 -07:00
epriestley
a91004ef1b Detect timezone discrepancies and prompt users to reconcile them
Summary: Ref T3025. This adds a check for different client/server timezone offsets and gives users an option to fix them or ignore them.

Test Plan:
  - Fiddled with timezone in Settings and System Preferences.
  - Got appropriate prompts and behavior after simulating various trips to and from exotic locales.

In particular, this slightly tricky case seems to work correctly:

  - Travel to NY.
  - Ignore discrepancy (you're only there for a couple hours for an important meeting, and returning to SF on a later flight).
  - Return to SF for a few days.
  - Travel back to NY.
  - You should be prompted again, since you left the timezone after you ignored the discrepancy.

{F1654528}

{F1654529}

{F1654530}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T3025

Differential Revision: https://secure.phabricator.com/D15961
2016-05-21 13:25:23 -07:00
epriestley
08bea1d363 Add ViewController and SearchEngine for SSH Public Keys
Summary:
Ref T10917. This primarily prepares these for transactions by giving us a place to:

  - review old deactivated keys; and
  - review changes to keys.

Future changes will add transactions and a timeline so key changes are recorded exhaustively and can be more easily audited.

Test Plan:
{F1652089}

{F1652090}

{F1652091}

{F1652092}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10917

Differential Revision: https://secure.phabricator.com/D15946
2016-05-19 09:48:46 -07:00
epriestley
0308d580d7 Deactivate SSH keys instead of destroying them completely
Summary:
Ref T10917. Currently, when you delete an SSH key, we really truly delete it forever.

This isn't very consistent with other applications, but we built this stuff a long time ago before we were as rigorous about retaining data and making it auditable.

In partiular, destroying data isn't good for auditing after security issues, since it means we can't show you logs of any changes an attacker might have made to your keys.

To prepare to improve this, stop destoying data. This will allow later changes to become transaction-oriented and show normal transaction logs.

The tricky part here is that we have a `UNIQUE KEY` on the public key part of the key.

Instead, I changed this to `UNIQUE (key, isActive)`, where `isActive` is a nullable boolean column. This works because MySQL does not enforce "unique" if part of the key is `NULL`.

So you can't have two rows with `("A", 1)`, but you can have as many rows as you want with `("A", null)`. This lets us keep the "each key may only be active for one user/object" rule without requiring us to delete any data.

Test Plan:
- Ran schema changes.
- Viewed public keys.
- Tried to add a duplicate key, got rejected (already associated with another object).
- Deleted SSH key.
- Verified that the key was no longer actually deleted from the database, just marked inactive (in future changes, I'll update the UI to be more clear about this).
- Uploaded a new copy of the same public key, worked fine (no duplicate key rejection).
- Tried to upload yet another copy, got rejected.
- Generated a new keypair.
- Tried to upload a duplicate to an Almanac device, got rejected.
- Generated a new pair for a device.
- Trusted a device key.
- Untrusted a device key.
- "Deleted" a device key.
- Tried to trust a deleted device key, got "inactive" message.
- Ran `bin/ssh-auth`, got good output with unique keys.
- Ran `cat ~/.ssh/id_rsa.pub | ./bin/ssh-auth-key`, got good output with one key.
- Used `auth.querypublickeys` Conduit method to query keys, got good active keys.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10917

Differential Revision: https://secure.phabricator.com/D15943
2016-05-18 14:54:28 -07:00
epriestley
49eb6403a4 Send HTML email by default
Summary: Ref T10694. Switch default mode to HTML since it has a number of significant advantages and we haven't seen reports of significant problems.

Test Plan:
  - Switched preference to default (saw "HTML" in UI).
  - Sent myself some mail.
  - Got HTML mail.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10694

Differential Revision: https://secure.phabricator.com/D15885
2016-05-18 14:53:57 -07:00
epriestley
8cdafb0032 Allow users to set a line-height in their monospaced font preference
Summary: Ref T10959. This does not fix the problem because the `.differential-diff td` rule is still stronger, but it does let you choose a more compact or breezy style for remarkup blocks and pastes.

Test Plan:
  - Set font to `24px / 48px impact`.
  - Viewed a paste, saw lovely readable text.
  - Viewed an inline code block which was very easy on the eyes.

{F1310420}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10959

Differential Revision: https://secure.phabricator.com/D15904
2016-05-13 05:10:27 -07:00
epriestley
2930733ac9 Complete modernization of Aphlict configuration
Summary:
Fixes T10697. This finishes bringing the rest of the config up to cluster power levels.

Phabricator is now given an arbitrarily long list of notification servers.

Each Aphlict server is given an arbitrarily long list of ports to run services on.

Users are free to make them meet in the middle by proxying whatever they want to whatever else they want.

This should also accommodate clustering fairly easily in the future.

Also rewrote the status UI and changed a million other things. 🐗

Test Plan:
{F1217864}

{F1217865}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10697

Differential Revision: https://secure.phabricator.com/D15703
2016-04-14 04:57:00 -07:00
Chad Little
57e606b395 Update Settings/Config UI
Summary: Testing out a new 'nav' layout in Settings / Config. Spent a few days here and couldn't find much better overall.

Test Plan: View each page in Settings and in Config. Save some config options. Test mobile, desktop, tablet.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15659
2016-04-08 22:00:38 +00:00
Chad Little
960f8abdf1 Update Settings for newPage
Summary: Converts over to `newPage`

Test Plan: Pull up Settings panel, test a few.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15625
2016-04-05 13:53:25 -07:00
epriestley
a837c3d73e Make temporary token storage/schema more flexible
Summary:
Ref T10603. This makes minor updates to temporary tokens:

  - Rename `objectPHID` (which is sometimes used to store some other kind of identifier instead of a PHID) to `tokenResource` (i.e., which resource does this token permit access to?).
  - Add a `userPHID` column. For LFS tokens and some other types of tokens, I want to bind the token to both a resource (like a repository) and a user.
  - Add a `properties` column. This makes tokens more flexible and supports custom behavior (like scoping LFS tokens even more tightly).

Test Plan:
- Ran `bin/storage upgrade -f`, got a clean upgrade.
- Viewed one-time tokens.
- Revoked one token.
- Revoked all tokens.
- Performed a one-time login.
- Performed a password reset.
- Added an MFA token.
- Removed an MFA token.
- Used a file token to view a file.
- Verified file token was removed after viewing file.
- Linked my account to an OAuth1 account (Twitter).

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10603

Differential Revision: https://secure.phabricator.com/D15478
2016-03-16 09:33:38 -07:00
epriestley
8e3ea4e034 Use new modular temporary auth token constants in one-time login and password reset flows
Summary:
Ref T10603. This converts existing hard-codes to modular constants.

Also removes one small piece of code duplication.

Test Plan:
  - Performed one-time logins.
  - Performed a password reset.
  - Verified temporary tokens were revoked properly.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10603

Differential Revision: https://secure.phabricator.com/D15476
2016-03-16 09:33:24 -07:00
epriestley
e1c934ab22 De-garbage the horrible garbage project section of the policy selection control
Summary:
Fixes T4136.

When listing projects in the "Visible To" selector control:

  - Instead of showing every project you are a member of, show only a few.
  - Add an option to choose something else which isn't in the menu.
  - If you've used the control before, show the stuff you've selected in the recent past.
  - If you haven't used the control before or haven't used it much, show the stuff you've picked and them some filler.
  - Don't offer milestones.
  - Also don't offer milestones in the custom policy UI.

Test Plan:
{F1091999}

{F1092000}

  - Selected a project.
  - Used "find" to select a different project.
  - Saw reasonable defaults.
  - Saw favorites stick.
  - Tried to typeahead a milestone (nope).
  - Used "Custom Policy", tried to typeahead a milestone (nope).
  - Used "Custom Policy" in general.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T4136

Differential Revision: https://secure.phabricator.com/D15184
2016-02-05 09:50:06 -08:00
Chad Little
fe5cd4ca2c Move FontIcon calls to Icon
Summary: Normalizes all `setFontIcon` calls to `setIcon`.

Test Plan: UIExamples, Almanac, Apps list, etc.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, hach-que, yelirekim

Differential Revision: https://secure.phabricator.com/D15129
2016-01-28 08:48:45 -08:00
Chad Little
36158dbdc0 Convert all calls to 'IconFont' to just 'Icon'
Summary: Mostly for consistency, we're not using other forms of icons and this makes all classes that use an icon call it in the same way.

Test Plan: tested uiexamples, lots of other random pages.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D15125
2016-01-27 20:59:27 -08:00
epriestley
0a554c2ed5 Allow profile menus to be collapsed and expanded
Summary:
Ref T10054. I think this gets everything except:

  - circles on icons;
  - I spent ~15 minutes poking at animations but wasn't able to get anything that looked reasonable whatsoever.

Test Plan:
  - Collapsed menus.
  - Expanded menus.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10054

Differential Revision: https://secure.phabricator.com/D15056
2016-01-19 13:16:54 -08:00
epriestley
08de131da5 Begin modularizing main menu items
Summary:
Ref T10077. Ref T8918. The way the main menu is built is not very modular and fairly hacky.

It assumes menus are provided by applications, but this isn't exactly true. Notably, the "Quick Create" menu is not per-application.

The current method of building this menu is very inefficient (see T10077). Particularly, we have to build it //twice// because we need to build it once to render the item and then again to render the dropdown options.

Start cleaning this up. This diff doesn't actually have any behavioral changes, since I can't swap the menu over until we get rid of all the other items and I haven't extended this to Notifications/Conpherence yet so it doesn't actually fix T8918.

Test Plan: Viewed menus while logged in, logged out, in different applications, in desktop/mobile. Nothing appeared different.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T8918, T10077

Differential Revision: https://secure.phabricator.com/D14922
2016-01-04 06:57:09 -08:00
Aviv Eyal
18f0371b71 Remove Certificate page
Summary: Closes T9703. This page has become redundant 10 months ago, at D10988.

Test Plan: Look at /settings page, don't see word "Certificate".

Reviewers: epriestley, #blessed_reviewers, chad

Reviewed By: #blessed_reviewers, chad

Subscribers: Korvin

Maniphest Tasks: T9703

Differential Revision: https://secure.phabricator.com/D14400
2015-11-04 06:35:22 +00:00
epriestley
29948eaa5b Use phutil_hashes_are_identical() when comparing hashes in Phabricator
Summary: See D14025. In all cases where we compare hashes, use strict, constant-time comparisons.

Test Plan: Logged in, logged out, added TOTP, ran Conduit, terminated sessions, submitted forms, changed password. Tweaked CSRF token, got rejected.

Reviewers: chad

Reviewed By: chad

Subscribers: chenxiruanhai

Differential Revision: https://secure.phabricator.com/D14026
2015-09-01 15:52:44 -07:00
Joshua Spence
368f359114 Use PhutilClassMapQuery instead of PhutilSymbolLoader
Summary: Use `PhutilClassMaQuery` instead of `PhutilSymbolLoader`, mostly for consistency. Depends on D13588.

Test Plan: Poked around a bunch of pages.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D13589
2015-08-14 07:49:01 +10:00
Chad Little
ba2cc4f2ee Update Settings for handleRequest
Summary: Run through the Settings controllers

Test Plan: Test various settings pages, save some settings.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D13775
2015-08-04 09:32:21 -07:00
epriestley
1ccdb941b9 Merge branch 'master' into redesign-2015 2015-06-22 15:52:40 -07:00
Bob Trahan
1bb2978a89 Desktop Notification support
Summary:
Fixes T4139. Adds a "Desktop Notifications" panel to settings. For now, we start with "Send Desktop Notifications Too" functionality. We can try to be fancy later and only send desktop notifications if the web app doesn't have focus, etc.

Test Plan:
Made some comments as a test user on a task and got purdy desktop notifications using Chrome. Then did it again with Firefox.

Played around with permissions form with Chrome and got helpful information about what was up. Played around with Firefox and got similar results, except canceling the dialogue didn't invoke my handler code somehow. Oh Firefox!

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: rbalik, tycho.tatitscheff, joshuaspence, epriestley, Korvin

Maniphest Tasks: T4139

Differential Revision: https://secure.phabricator.com/D13219
2015-06-22 13:11:37 -07:00
epriestley
bb58a123e6 Modularize Celerity postprocessors
Summary: Not sure if we want this, but it seems to work fine.

Test Plan: {F516736}

Reviewers: joshuaspence, chad

Reviewed By: joshuaspence, chad

Subscribers: joshuaspence, epriestley

Differential Revision: https://secure.phabricator.com/D13363
2015-06-20 06:10:42 -07:00
epriestley
6af1c02f06 Merge branch 'master' into redesign-2015 2015-06-15 14:06:59 -07:00
lkassianik
d3b7071e70 Add date format preference and respect it in date selection controls
Summary: Ref T8362, Add date format preference and respect it in date selection controls

Test Plan: Set date format preference in the user settings panels, create new event, select new start date in the correct format.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: jasonrumney, eadler, epriestley, Korvin

Maniphest Tasks: T8362

Differential Revision: https://secure.phabricator.com/D13262
2015-06-15 09:26:33 -07:00
epriestley
53ef057b1b Merge branch 'master' into redesign-2015 2015-06-15 08:06:23 -07:00
Joshua Spence
b6d745b666 Extend from Phobject
Summary: All classes should extend from some other class. See D13275 for some explanation.

Test Plan: `arc unit`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D13283
2015-06-15 18:02:27 +10:00
lkassianik
643b90008f Fix query frequency unit and change time preference from input to dropdown.
Summary: Ref T8362, Fix query frequency unit and change time preference from input to dropdown.

Test Plan: Change user time preference in Date Time Settings panel, open feed, observe new time stamps.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T8362

Differential Revision: https://secure.phabricator.com/D13236
2015-06-11 10:57:11 -07:00
epriestley
57b898af9a Merge branch 'master' into redesign-2015 2015-06-10 07:44:58 -07:00
epriestley
a4d874287f Allow administrators to configure "Email Settings" settings for lists
Summary:
Fixes T8387. This completes conversion of lists into users.

These settings allow administrators to reduce the amount of mail delivered to lists, ahead of T5791.

Test Plan: {F468206}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T8387

Differential Revision: https://secure.phabricator.com/D13138
2015-06-03 18:42:41 -07:00
epriestley
d4a2034d2f Allow administrators to configure "Email Format" settings for lists
Summary: Ref T8387. Mostly completeness, but you might want to choose html vs text mail.

Test Plan: {F468203}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T8387

Differential Revision: https://secure.phabricator.com/D13137
2015-06-03 18:42:40 -07:00
epriestley
14e318cb16 Allow administrators to edit the "Account" panel for mailing lists and bots
Summary:
Ref T8387. Ref T6367. This allows selection of a language, which will be respected in email delievered to the list users.

For example, you could have a German list that gets mail in German or something. I don't know that the feature is really useful, it's mostly just for completeness.

I also supported it for bots, mostly so their pronouns can be configured.

Test Plan: {F468186}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6367, T8387

Differential Revision: https://secure.phabricator.com/D13136
2015-06-03 18:42:39 -07:00
epriestley
e0a3e6ba3b Allow administrators to manage addresses for mailing list users
Summary: Ref T8387. Mostly just modernizes this panel to work for viewers vs users. Auto-verify these edits since they aren't otherwise verifiable.

Test Plan:
  - Added, changed, removed addresses for a list.
  - Used panel normally for my own account.
  - Verified bots don't get a panel.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: eadler, epriestley

Maniphest Tasks: T8387

Differential Revision: https://secure.phabricator.com/D13125
2015-06-03 18:42:34 -07:00
epriestley
992c199577 Add "Mailing List" users
Summary:
Ref T8387. Adds new mailing list users.

This doesn't migrate anything yet. I also need to update the "Email Addresses" panel to let administrators change the list address.

Test Plan:
  - Created and edited a mailing list user.
  - Viewed profile.
  - Viewed People list.
  - Searched for lists / nonlists.
  - Grepped for all uses of `getIsDisabled()` / `getIsSystemAgent()` and added relevant corresponding behaviors.
  - Hit the web/api/ssh session blocks.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: eadler, tycho.tatitscheff, epriestley

Maniphest Tasks: T8387

Differential Revision: https://secure.phabricator.com/D13123
2015-06-03 18:42:33 -07:00
epriestley
bfca11dbba Merge branch 'master' into redesign-2015 2015-05-22 12:57:32 -07:00
Joshua Spence
36e2d02d6e phtize all the things
Summary: `pht`ize a whole bunch of strings in rP.

Test Plan: Intense eyeballing.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: hach-que, Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D12797
2015-05-22 21:16:39 +10:00
Chad Little
a4784e03ff [Redesign] Add Table, Collapse support to ObjectBox
Summary: Converts most all tables to be directly set via `setTable` to an ObjectBox. I think this path is more flexible design wise, as we can change the box based on children, and not just CSS. We also already do this with PropertyList, Forms, ObjectList, and Header. `setCollapsed` is added to ObjectBox to all children objects to bleed to the edges (like diffs).

Test Plan: I did a grep of `appendChild($table)` as well as searches for `PHUIObjectBoxView`, also with manual opening of hundreds of files. I'm sure I missed 5-8 places. If you just appendChild($table) nothing breaks, it just looks a little funny.

Reviewers: epriestley, btrahan

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D12955
2015-05-20 12:48:43 -07:00
lkassianik
31988e74d1 Add a setting so user can choose when Calendar weeks start
Summary: Closes T8176, Add a setting so user can choose when Calendar weeks start

Test Plan: Open account settings, go to "Date and Time", change week start day, open Calendar, observe that month view responds to new week start day.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T8176

Differential Revision: https://secure.phabricator.com/D12884
2015-05-16 20:13:25 -07:00
lkassianik
dbac658025 Split up settings into "Date and Time Settings" and everything else.
Summary: Ref T8176, Split up settings into "Date and Time Settings" and everything else.

Test Plan: Open /settings, Account Settings should now have two tabs: "Account" and "Date and Time"

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T8176

Differential Revision: https://secure.phabricator.com/D12881
2015-05-16 17:21:37 -07:00
Chad Little
46f6c2680e [Redesign] New PHUIObjectItemListView
Summary:
New, cleaner, ObjectItemLists. Lots of minor style tweaks, basic overview:

 - Remove FootIcons
 - Remove Stackable
 - Remove Plain List
 - Add StatusIcon
 - Add setting ObjectList to an ObjectBox
 - Minor retouches to Headers

Mostly, this should give us an idea of life with the new Object Lists. I'll take another application by application pass down the road. This mostly looks at implementation in Maniphest, Differential, Audit, Workboards. Checked a few other areas and dialogs while testing, and everything looks square.

Test Plan: Maniphest, Differential, Homepage, Audit, People, and other applications. Drag reorder, etc.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D12865
2015-05-15 13:28:59 -07:00
Joshua Spence
acb45968d8 Use __CLASS__ instead of hard-coding class names
Summary: Use `__CLASS__` instead of hard-coding class names. Depends on D12605.

Test Plan: Eyeball it.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: hach-que, Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D12806
2015-05-14 07:21:13 +10:00
epriestley
29feca3c1e Add a preference to disable ghost comments
Summary: Ref T7447. At least some users dislike this feature so strongly that they'd prefer not to have it at all.

Test Plan: Viewed ghosts; toggled preference, no more ghosts.

Reviewers: chad

Reviewed By: chad

Subscribers: yelirekim, epriestley

Maniphest Tasks: T7447

Differential Revision: https://secure.phabricator.com/D12704
2015-05-04 12:02:42 -07:00
epriestley
3a2c2ae3c3 Implement a scope selector for the global search
Summary:
See M1433. Fixes T7266. Fixes T4475. Ref T7314.

Future work/notes/etc:

  - Write the User Guide (see TODO).
  - This might needs some design tweaks -- I think it's functionally almost-equivalent to the mock, but the UI isn't quite the same.
  - (Mobile design is a touch off-looking I think?)
  - When you use a custom query, the duplicate "magnifying glass" icons are a little weird. Maybe change one or the other.
  - Maybe worth adding an "Open Documents in Current Application" option? Planning to wait for feedback on that.
  - Need a Quicksand integration to change the current application at some point.
  - Searching in "Current Application" from, e.g., the 404 page just searches all documents. Current plan is to just document this behavior, since the icon is a pretty good callout and it seems plausible that this is intuitive enough that users won't have a hard time with it.

Test Plan:
New dropdown:

{F379150}

Device-ish:

{F379151}

Normal search (current application, from maniphest, selects tasks):

{F379153}

Application search from non-application:

{F379154}

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: johnny-bit, epriestley

Maniphest Tasks: T7266, T7314, T4475

Differential Revision: https://secure.phabricator.com/D12509
2015-04-22 14:31:36 -07:00
Chad Little
306ab29259 Add documentation for customizing fonts
Summary: Fixes T7888, adds clarification of property and an example.

Test Plan: Read the text, copy/paste example.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7888

Differential Revision: https://secure.phabricator.com/D12508
2015-04-22 12:13:11 -07:00
epriestley
e7702acdc6 Don't escape quotation marks when printing the monospaced CSS rule
Summary:
Fixes T7888. This is currently safe, but double quotes are incorrectly escaped.

To keep them unescaped, we have to punch through PhutilSafeHTML a bit. Since the allowable characters are strictly filtered this is still safe in practice, just not as theoretically-safe.

Test Plan: Set font to `32px "impact"` (with quotes), saw impact font.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T7888

Differential Revision: https://secure.phabricator.com/D12506
2015-04-22 09:28:35 -07:00
epriestley
7aebd2388f Remove monospaced font preference global defaults
Summary: Fixes T7764. These settings have low utility, are no longer used by default, have become less useful on modern Windows which has a better selection of available fonts, and will eventually be subsumed (at least, for the most part) by T4103.

Test Plan:
  - Grepped for strings.
  - Viewed settings.
  - Changed font to "24px impact".
  - Viewed diffs with default and custom font.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: chad, epriestley

Maniphest Tasks: T7764

Differential Revision: https://secure.phabricator.com/D12301
2015-04-06 08:08:53 -07:00
epriestley
88b46063b4 Make durable column sticky across requests
Summary: When you open the column, keep it open on future requests.

Test Plan: Opened column, clicked to Conpherence (no column), clicked elsewhere (column again), reloaded page (column), closed column, clicked something (no column).

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D12038
2015-03-10 18:46:16 -07:00
epriestley
33d7034276 Add a preference for always using unified diffs
Summary: Ref T2009. These aren't good enough to actually use so I won't land this yet, but it makes testing changes a lot easier.

Test Plan:
  - Swapped setting.
  - Loaded revisions.
  - Saw setting respected.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T2009

Differential Revision: https://secure.phabricator.com/D11972
2015-03-05 14:01:15 -08:00
Chad Little
c038c643f4 Move PHUIErrorView to PHUIInfoView
Summary: Since this element isn't strictly about errors, re-label as info view instead.

Test Plan: Grepped for all callsites, tested UIExamples and a few other random pages.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: hach-que, Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11867
2015-03-01 14:45:56 -08:00
epriestley
d4680a7e4e Update Phabricator to work with more modular translations
Summary:
Ref T7152. Ref T1139. This updates Phabricator so third-party libraries can translate their own stuff. Also:

  - Hide "All Caps" when not in development mode, since some users have found this a little confusing.
  - With other changes, adds a "Raw Strings" mode (development mode only).
  - Add an example silly translation to make sure the serious business flag works.
  - Add a basic British English translation.
  - Simplify handling of translation overrides.

Test Plan:
  - Flipped serious business / development on and off and saw silly/development translations drop off.
  - Switched to "All Caps" and saw all caps.
  - Switched to Very English, Wow!
  - Switched to British english and saw "colour".

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7152, T1139

Differential Revision: https://secure.phabricator.com/D11747
2015-02-11 13:02:35 -08:00
Chad Little
3da38c74da PHUIErrorView
Summary: Clean up the error view styling.

Test Plan:
Tested as many as I could find, built additional tests in UIExamples

{F280452}

{F280453}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: hach-que, Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11605
2015-02-01 20:14:56 -08:00
Chad Little
8b06804394 Remove getIconName from all applications
Summary: Not used anymore

Test Plan: grep for 'getIconName'

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: hach-que, Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11582
2015-01-30 12:11:21 -08:00
Bob Trahan
7d309a8e46 Application Emails - make various user email editing paths respect application emails
Summary: Ref T3404. The only mildly sketchy bit is these codepaths all load the application email directly, by-passing privacy. I think this is necessary because not getting to see an application doesn't mean you should be able to break the application by registering a colliding email address.

Test Plan:
Tried to add a registered application email to a user account via the web ui and got a pretty error.
Ran unit tests.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T3404

Differential Revision: https://secure.phabricator.com/D11565
2015-01-29 14:41:09 -08:00
Chad Little
96edc9d2bc Roll out more FontIcons
Summary: Sidenav launcher, search typeahead results, apps launcher

Test Plan:
Used each of these items

{F275814}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11499
2015-01-26 08:19:22 -08:00
Chad Little
5d8bb61dde Add FontIcon bridge to AppIcons
Summary: Select a similar or better FontAwesome icon to represent each application

Test Plan: Visual inspection

Reviewers: epriestley, btrahan

Subscribers: hach-que, Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11489
2015-01-24 23:43:01 -08:00
Joshua Spence
c2ac63e9ad Increase visibility of PhabricatorController::buildApplicationMenu methods
Summary: Ref T6822. This method needs to be `public` because it is called from `PhabricatorApplicationSearchController::buildApplicationMenu()`.

Test Plan: I wouldn't expect //increasing// method visibility to break anything.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6822

Differential Revision: https://secure.phabricator.com/D11416
2015-01-16 07:41:26 +11:00
Joshua Spence
d6b882a804 Fix visiblity of LiskDAO::getConfiguration()
Summary: Ref T6822.

Test Plan: `grep`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: hach-que, Korvin, epriestley

Maniphest Tasks: T6822

Differential Revision: https://secure.phabricator.com/D11370
2015-01-14 06:54:13 +11:00
Joshua Spence
e7f8e79742 Fix method visibility for PhabricatorController subclasses
Summary: Ref T6822.

Test Plan: Visual inspection. These methods are only called from within `PhabricatorController` subclasses.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6822

Differential Revision: https://secure.phabricator.com/D11241
2015-01-07 07:34:59 +11:00
Joshua Spence
4e28de07fe Rename PhabricatorSettingsPanel subclasses for consistency
Summary: Ref T5655.

Test Plan: `arc lint` and `arc unit`

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T5655

Differential Revision: https://secure.phabricator.com/D11136
2015-01-02 15:20:08 +11:00
Chad Little
0c37f8db4b Make settings a wrench, not a cog
Summary: Change icon for Settings app to more match previous. Also align plus icon a little better.

Test Plan: Lots of staring.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D10934
2014-12-04 17:36:15 -08:00
Chad Little
20035fe9a8 Update Phabricator header to use FontAwesome
Summary: Updates header to use font-icons instead of images.

Test Plan: Test desktop and mobile layouts, Chrome, FF, Safari, IE.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D10930
2014-12-04 13:01:23 -08:00
epriestley
af6ffd8c7b Allow Almanac devices to have SSH keys
Summary: Ref T5833. Expose a key management interface for Almanac devices.

Test Plan: {F231962}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5833

Differential Revision: https://secure.phabricator.com/D10825
2014-11-11 08:20:08 -08:00
Evan Priestley
32cdc23efc Separate SSH key management from the settings panel
Summary:
Ref T5833. I want to add SSH keys to Almanac devices, but the edit workflows for them are currently bound tightly to users.

Instead, decouple key management from users and the settings panel.

Test Plan:
  - Uploaded, generated, edited and deleted SSH keys.
  - Hit missing name, missing key, bad key format, duplicate key errors.
  - Edited/generated/deleted/etc keys for a bot user as an administrator.
  - Got HiSec'd on everything.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5833

Differential Revision: https://secure.phabricator.com/D10824
2014-11-11 08:18:26 -08:00
epriestley
bf17b12daf Standardize SSH key storage
Summary:
Ref T5833. This fixes a few weird things with this table:

  - A bunch of columns were nullable for no reason.
  - We stored an MD5 hash of the key (unusual) but never used it and callers were responsible for manually populating it.
  - We didn't perform known-key-text lookups by using an index.

Test Plan:
  - Ran migrations.
  - Faked duplicate keys, saw them clean up correctly.
  - Added new keys.
  - Generated new keys.
  - Used `bin/auth-ssh` and `bin/auth-ssh-key`.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5833

Differential Revision: https://secure.phabricator.com/D10805
2014-11-07 15:34:44 -08:00
epriestley
e29955b48d Move SSHKey table to Auth database
Summary: Ref T5833. Since these will no longer be bound specifically to users, bring them to a more central location.

Test Plan:
  - Edited SSH keys.
  - Ran `bin/ssh-auth` and `bin/ssh-auth-key`.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5833

Differential Revision: https://secure.phabricator.com/D10791
2014-11-06 12:37:22 -08:00
epriestley
6f0d3b0796 Add a query/policy layer on top of SSH keys for Almanac
Summary:
Ref T5833. Currently, SSH keys are associated only with users, and are a bit un-modern. I want to let Almanac Devices have SSH keys so devices in a cluster can identify to one another.

For example, with hosted installs, initialization will go something like this:

  - A request comes in for `company.phacility.com`.
  - A SiteSource (from D10787) makes a Conduit call to Almanac on the master install to check if `company` is a valid install and pull config if it is.
  - This call can be signed with an SSH key which identifies a trusted Almanac Device.

In the cluster case, a web host can make an authenticated call to a repository host with similar key signing.

To move toward this, put a proper Query class on top of SSH key access (this diff). In following diffs, I'll:

  - Rename `userPHID` to `objectPHID`.
  - Move this to the `auth` database.
  - Provide UI for device/key association.

An alternative approach would be to build some kind of special token layer in Conduit, but I think that would be a lot harder to manage in the hosting case. This gives us a more direct attack on trusting requests from machines and recognizing machines as first (well, sort of second-class) actors without needing things like fake user accounts.

Test Plan:
  - Added and removed SSH keys.
  - Added and removed SSH keys from a bot account.
  - Tried to edit an unonwned SSH key (denied).
  - Ran `bin/ssh-auth`, got sensible output.
  - Ran `bin/ssh-auth-key`, got sensible output.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5833

Differential Revision: https://secure.phabricator.com/D10790
2014-11-06 12:37:02 -08:00
Joshua Spence
3cf9a5820f Minor formatting changes
Summary: Apply some autofix linter rules.

Test Plan: `arc lint` and `arc unit`

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin, hach-que

Differential Revision: https://secure.phabricator.com/D10585
2014-10-08 08:39:49 +11:00
epriestley
03519c53bb Mark questionable column nullability for later
Summary:
Ref T1191. Ref T6203. While generating expected schemata, I ran into these columns which seem to have sketchy nullability.

  - Mark most of them for later resolution (T6203). They work fine today and don't need to block T1191. Changing them can break the application, so we can't autofix them.
  - Forgive a couple of them that are sort-of reasonable or going to get wiped out.

Test Plan: Saw 94 remaining warnings.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: hach-que, epriestley

Maniphest Tasks: T1191, T6203

Differential Revision: https://secure.phabricator.com/D10593
2014-10-01 07:59:44 -07:00
epriestley
098d0d93d6 Generate expected schemata for User/People tables
Summary:
Ref T1191. Some notes here:

  - Drops the old LDAP and OAuth info tables. These were migrated to the ExternalAccount table a very long time ago.
  - Separates surplus/missing keys from other types of surplus/missing things. In the long run, my plan is to have only two notice levels:
    - Error: something we can't fix (missing database, table, or column; overlong key).
    - Warning: something we can fix (surplus anything, missing key, bad column type, bad key columns, bad uniqueness, bad collation or charset).
    - For now, retaining three levels is helpful in generating all the expected scheamta.

Test Plan:
  - Saw ~200 issues resolve, leaving ~1,300.
  - Grepped for removed tables.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T1191

Differential Revision: https://secure.phabricator.com/D10580
2014-10-01 07:36:47 -07:00
Bob Trahan
d83a9c606b Emails - fix duplicate email error
Summary: $email => $e_email. Fixes T5933.

Test Plan: Added an email that was already on another account and got the proper "Duplicate" UI with the duplicate email address still entered

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5933

Differential Revision: https://secure.phabricator.com/D10334
2014-08-21 16:07:14 -07:00
epriestley
4a566f9e5d Allow passwords to be edited even if account.editable is false
Summary:
Fixes T5900. We have some very old code here which does not let you update your password if the `account.editable` flag is set.

This was approximately introduced in D890, and I think it was mostly copy/pasted at that point. I'm not sure this ever really made sense. The option is not documented as affecting this, for example. In the modern environment of auth providers, it definitely does not make sense.

Instead, always allow users to change passwords if the install has a password provider configured.

Test Plan:
  - Set `account.editable` to false.
  - Used a password reset link.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5900

Differential Revision: https://secure.phabricator.com/D10331
2014-08-21 15:35:43 -07:00
epriestley
d122d9ec86 Allow users to recover from a missing password hasher
Summary:
Fixes T5934. If you hash a password with, e.g., bcrypt, and then lose the bcrypt hasher for some reason, we currently fatal when trying to figure out if we can upgrade.

Instead, detect that the current hasher implementation has vanished and let the user reset their password (for account passwords) or choose a new one (for VCS passwords)>

Test Plan:
Account password:

  - Artifically disabled bcrypt hasher.
  - Viewed password panel, saw warnings about missing hasher.
  - Used password reset workflow to change password, saw iterated MD5 hashed password get set.
  - Enabled bcrypt hasher again.
  - Saw upgrade warning.
  - Upgraded password to bcrypt.

VCS password:

  - Artificially disabled bcrypt hasher.
  - Viewed password panel, saw warnings about missing hasher.
  - Reset password.
  - Saw iterated md5 password.
  - Reenabled bcrypt.
  - Upgraded to bcrypt.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5934

Differential Revision: https://secure.phabricator.com/D10325
2014-08-21 11:30:05 -07:00
Bob Trahan
d1c3915e3a SSH Keys - allow viewer to download the private key
Summary: ...cuz otherwise this is pretty pointless. Fixes T5931.

Test Plan: generated a key, downloaded the key. previously download failed.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5931

Differential Revision: https://secure.phabricator.com/D10311
2014-08-20 16:22:06 -07:00
Tal Shiri
4c57e6d34d HTML emails
Summary:
Added support for side-by-side HTML and plaintext email building.

We can control if the HTML stuff is sent by by a new config, metamta.html-emails

Test Plan:
Been running this in our deployment for a few months now.

====Well behaved clients====
 - Gmail
 - Mail.app

====Bad clients====

- [[ http://airmailapp.com/ | Airmail ]]. They confuse Gmail too, though.

====Need testing====
 - Outlook (Windows + Mac)

Reviewers: chad, #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: webframp, taoqiping, chad, epriestley, Korvin

Maniphest Tasks: T992

Differential Revision: https://secure.phabricator.com/D9375
2014-08-15 08:12:21 -07:00
epriestley
bcdadf5947 Add autocomplete=off to all non-login password forms
Summary: Fixes T5579. Modern browsers aggressively autofill credentials, but at least Firefox still behaves slightly better with this flag. Hopefully other browsers will follow suit.

Test Plan: Browsed various interfaces, verifying that login interfaces allow autocomplete while non-login interfaces do not.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5579

Differential Revision: https://secure.phabricator.com/D10253
2014-08-13 10:06:48 -07:00
epriestley
c443913c0b Allow users to set notifications to "Email", "Notification", or "Ignore"
Summary:
Ref T5861. Ref T5769. If users don't care at all about something, allow them to ignore it.

We have some higher-volume notifications either built now (column changes) or coming (mentions) which users might reasonably want to ignore completely.

Test Plan:
Ignored some notifications, then took appropraite actions. Saw my user culled from the notification subscriber list.

{F189531}

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5769, T5861

Differential Revision: https://secure.phabricator.com/D10240
2014-08-12 12:29:03 -07:00
epriestley
f6f9d78f3a Modularize mail tags
Summary:
Ref T5861. Currently, mail tags are hard-coded; move them into applications. Each Editor defines its own tags.

This has zero impact on the UI or behavior.

Test Plan:
  - Checked/unchecked some options, saved form.
  - Swapped back to `master` and saw exactly the same values.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5861

Differential Revision: https://secure.phabricator.com/D10238
2014-08-12 12:28:41 -07:00
epriestley
d011f8fdc6 Add a setting to disable all notification email
Summary: Ref T5861. Adds an option to opt out of all notification email. We'll still send you password resets, email verifications, etc.

Test Plan:
{F189484}

  - Added unit tests.
  - With preference set to different things, tried to send myself mail. Mail respected preferences.
  - Sent password reset email, which got through the preference.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: rush898, epriestley

Maniphest Tasks: T5861

Differential Revision: https://secure.phabricator.com/D10237
2014-08-12 12:28:29 -07:00
epriestley
0196f53f9d Separate email formatting options into a new panel
Summary:
Ref T5861. These two options are complex, rarely useful, and not directly related to controlling what mail you receive.

Move them to a separate panel to make way for more stuff on the preferences panel. We'll probably add an "HTML" option to this new panel eventually, too.

Test Plan:
{F189474}

  - Used both panels.
  - Tested with multiplexing off.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T5861

Differential Revision: https://secure.phabricator.com/D10236
2014-08-12 12:28:17 -07:00
Bob Trahan
20a65b21eb Settings - upgrade monospace font regexp to support '.'
Summary: this data is a little weird since its user-entered and we need to put it in a web page un-escaped for the font to load correctly. Ergo, we use a regex to make the input safe / sane, and said regex needs to support a '.'.  Fixes T5810.

Test Plan: added Fixedsys Excelsior 3.01 to my system and was able to set my preference and get the new font

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: dereckson, epriestley, Korvin

Maniphest Tasks: T5810

Differential Revision: https://secure.phabricator.com/D10163
2014-08-06 13:53:30 -07:00
Joshua Spence
8fd098329b Rename AphrontQueryException subclasses
Summary: Ref T5655. Depends on D10149.

Test Plan: Ran `arc unit`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin, hach-que

Maniphest Tasks: T5655

Differential Revision: https://secure.phabricator.com/D10150
2014-08-06 07:51:21 +10:00
epriestley
95eeffff7e Terminate other sessions on credential changes
Summary:
Fixes T5509. Currently, existing sessions live on even if you change your password.

Over the course of the program, we've recieved a lot of HackerOne reports that sessions do not terminate when users change their passwords. I hold that this isn't a security vulnerability: users can explicitly manage sessions, and this is more general and more powerful than tying session termination to password resets. In particular, many installs do not use a password provider at all (and no researcher has reported this in a general, application-aware way that discusses multiple authentication providers).

That said, dealing with these false positives is vaguely time consuming, and the "expected" behavior isn't bad for users, so just align behavior with researcher expectations: when passwords are changed, providers are removed, or multi-factor authentication is added to an account, terminate all other active login sessions.

Test Plan:
  - Using two browsers, established multiple login sessions.
  - In one browser, changed account password. Saw session terminate and logout in the second browser.
  - In one browser, removed an authentication provider. Saw session terminate and logout in the second browser.
  - In one browser, added MFA. Saw session terminate and logout in the second browser.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5509

Differential Revision: https://secure.phabricator.com/D10135
2014-08-04 12:04:35 -07:00
epriestley
e56dc8f299 Invalidate outstanding password reset links when users adjust email addresses
Summary:
Fixes T5506. Depends on D10133. When users remove an email address or change their primary email address, invalidate any outstanding password reset links.

This is a very small security risk, but the current behavior is somewhat surprising, and an attacker could sit on a reset link for up to 24 hours and then use it to re-compromise an account.

Test Plan:
  - Changed primary address and removed addreses.
  - Verified these actions invalidated outstanding one-time login temporary tokens.
  - Tried to use revoked reset links.
  - Revoked normally from new UI panel.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5506

Differential Revision: https://secure.phabricator.com/D10134
2014-08-04 12:04:23 -07:00
epriestley
30f6405a86 Add an explicit temporary token management page to Settings
Summary:
Ref T5506. This makes it easier to understand and manage temporary tokens.

Eventually this could be more user-friendly, since it's relatively difficult to understand what this screen means. My short-term goal is just to make the next change easier to implement and test.

The next diff will close a small security weakness: if you change your email address, password reset links which were sent to the old address are still valid. Although an attacker would need substantial access to exploit this (essentially, it would just make it easier for them to re-compromise an already compromised account), it's a bit surprising. In the next diff, email address changes will invalidate outstanding password reset links.

Test Plan:
  - Viewed outstanding tokens.
  - Added tokens to the list by making "Forgot your password?" requests.
  - Revoked tokens individually.
  - Revoked all tokens.
  - Tried to use a revoked token.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5506

Differential Revision: https://secure.phabricator.com/D10133
2014-08-04 12:04:13 -07:00
Joshua Spence
0c8f487b0f Implement the getName method in PhabricatorApplication subclasses
Summary: Provide an implementation for the `getName` method rather than automagically determining the application name.

Test Plan: Saw reasonable application names in the launcher.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D10027
2014-07-23 23:52:50 +10:00
Joshua Spence
86c399b657 Rename PhabricatorApplication subclasses
Summary: Ref T5655. Some discussion in D9839. Generally speaking, `Phabricator{$name}Application` is clearer than `PhabricatorApplication{$name}`.

Test Plan:
# Pinned and uninstalled some applications.
# Applied patch and performed migrations.
# Verified that the pinned applications were still pinned and that the uninstalled applications were still uninstalled.
# Performed a sanity check on the database contents.

Reviewers: btrahan, epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: hach-que, epriestley, Korvin

Maniphest Tasks: T5655

Differential Revision: https://secure.phabricator.com/D9982
2014-07-23 10:03:09 +10:00
Joshua Spence
f4b05312cd Fix broken references to auth adapters
This was broken in D9999 but somehow didn't fail linting or unit tests.

Auditors: epriestley
2014-07-22 21:20:45 +10:00
James Rhodes
9cb6b2cfcc Remove user-independent date and time functions from Phabricator
Summary: These have been moved into libphutil.

Test Plan: Browsed Phabricator, didn't see a crash.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9907
2014-07-13 12:03:17 +10:00
epriestley
e46826ad36 Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.

External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.

Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.

However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).

Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:

  - Add `CAN_EDIT` on these objects.
  - Make that very restricted, but open up `CAN_VIEW`.
  - Require `CAN_EDIT` any time we're going to do something authentication/identity related.

This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.

I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.

Test Plan:
  - Viewed external accounts.
  - Linked an external account.
  - Refreshed an external account.
  - Edited profile picture.
  - Viewed sessions panel.
  - Published a bunch of stuff to Asana/JIRA.
  - Legalpad signature page now shows external accounts.

{F171595}

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3732, T1205, T3116

Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 10:18:10 -07:00
epriestley
5dffd88737 Fix validation of SSH keys with spaces in the comment field
Summary: Fixes T5449. Keys are in the form `<type> <key> <comments>`, where comments are optional and can have spaces.

Test Plan:
Tried these invalid keys:

  - Empty.
  - One part.
  - Invalid type.

Tried these valid keys:

  - No comment.
  - Normal comment.
  - Comment with spaces.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T5449

Differential Revision: https://secure.phabricator.com/D9701
2014-06-23 15:28:52 -07:00
epriestley
46d9bebc84 Remove all device = true from page construction
Summary: Fixes T5446. Depends on D9687.

Test Plan: Mostly regexp'd this. Lint doesn't complain.

Reviewers: chad

Reviewed By: chad

Subscribers: epriestley, hach-que

Maniphest Tasks: T5446

Differential Revision: https://secure.phabricator.com/D9690
2014-06-23 15:18:14 -07:00
Chad Little
c9a195369f Add email preferences to Pholio
Summary: Fixes T5386, adds a base set of email preferences to Pholio

Test Plan: Turned on, tested and got email, turned off, tested and saw notifications.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5386

Differential Revision: https://secure.phabricator.com/D9644
2014-06-21 12:01:05 -07:00
Joshua Spence
d0128afa29 Applied various linter fixes.
Summary: Applied some more linter fixes that I previously missed because my global `arc` install was out-of-date.

Test Plan: Will run `arc unit` on another host.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9443
2014-06-09 16:04:12 -07:00
Joshua Spence
0a62f13464 Change double quotes to single quotes.
Summary: Ran `arc lint --apply-patches --everything` over rP, mainly to change double quotes to single quotes where appropriate. These changes also validate that the `ArcanistXHPASTLinter::LINT_DOUBLE_QUOTE` rule is working as expected.

Test Plan: Eyeballed it.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin, hach-que

Differential Revision: https://secure.phabricator.com/D9431
2014-06-09 11:36:50 -07:00
Chad Little
41ef6824be Make ObjectItem default as "Card"
Summary: This went smoother than expeced. Makes the rounded Card the default, also tweaked selected state a little.

Test Plan:
Test UIExamples, Maniphest, Home, Differential, Harbormaster, Audit. Everything seems normal

{F163971}

{F163973}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9408
2014-06-07 12:12:11 -07:00
Chad Little
b1362e4e46 Make App Pinning use Stackable list
Summary: This makes setStackble play well in ObjectBox, also tweaks dragging in a stackable box (pinning)

Test Plan: Drag in App Settings, Drag in Maniphest, Workboards

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Differential Revision: https://secure.phabricator.com/D9413
2014-06-07 11:28:37 -07:00
epriestley
99c72a32d0 Allow installs to require multi-factor authentication for all users
Summary: Ref T5089. Adds a `security.require-multi-factor-auth` which forces all users to enroll in MFA before they can use their accounts.

Test Plan:
Config:

{F159750}

Roadblock:

{F159748}

After configuration:

{F159749}

  - Required MFA, got roadblocked, added MFA, got unblocked.
  - Removed MFA, got blocked again.
  - Used `bin/auth strip` to strip MFA, got blocked.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5089

Differential Revision: https://secure.phabricator.com/D9285
2014-06-03 16:50:27 -07:00
epriestley
6df1a02413 (Redesign) Clean up older "Tile" code
Summary:
This does some backend cleanup of the tile stuff, and some general cleanup of other application things:

  - Users who haven't customized preferences get a small, specific set of pinned applications: Differential, Maniphest, Diffusion, Audit, Phriction, Projects (and, for administrators, Auth, Config and People).
  - Old tile size methods are replaced with `isPinnnedByDefault()`.
  - Shortened some short descriptions.
  - `shouldAppearInLaunchView()` replaced by less ambiguous `isLaunchable()`.
  - Added a marker for third-party / extension applications.

Test Plan: Faked away my preferences and viewed the home page, saw a smaller set of default pins.

Reviewers: chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D9358
2014-06-03 15:47:27 -07:00
epriestley
24eacaa032 Remove application small/hidden tiles
Summary:
Ref T5176. This paves the way for the redesign by making the homepage editor thing a little more manageable/coherent.

Not perfect, but we can clean it up a bit after the new design.

Test Plan:
Home page:

{F162093}

New "Pinned Applications" settings panel (this supports drag-and-drop to reorder):

{F162094}

Pin an app:

{F162095}

Unpin an app:

{F162096}

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T5176

Differential Revision: https://secure.phabricator.com/D9332
2014-05-29 15:03:49 -07:00
epriestley
81d95cf682 Make default view of "Applications" app a full-page launcher
Summary:
This probably needs some tweaks, but the idea is to make it easier to browse and access applications without necessarily needing them to be on the homepage.

Open to feedback.

Test Plan:
(This screenshot merges "Organization", "Communication" and "Core" into a single "Core" group. We can't actually do this yet because it wrecks the homepage.)

{F160052}

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T5176

Differential Revision: https://secure.phabricator.com/D9297
2014-05-29 12:17:54 -07:00
epriestley
f1534e6feb Make password reset emails use one-time tokens
Summary:
Ref T4398. This code hadn't been touched in a while and had a few crufty bits.

**One Time Resets**: Currently, password reset (and similar links) are valid for about 48 hours, but we always use one token to generate them (it's bound to the account). This isn't horrible, but it could be better, and it produces a lot of false positives on HackerOne.

Instead, use TemporaryTokens to make each link one-time only and good for no more than 24 hours.

**Coupling of Email Verification and One-Time Login**: Currently, one-time login links ("password reset links") are tightly bound to an email address, and using a link verifies that email address.

This is convenient for "Welcome" emails, so the user doesn't need to go through two rounds of checking email in order to login, then very their email, then actually get access to Phabricator.

However, for other types of these links (like those generated by `bin/auth recover`) there's no need to do any email verification.

Instead, make the email verification part optional, and use it on welcome links but not other types of links.

**Message Customization**: These links can come out of several workflows: welcome, password reset, username change, or `bin/auth recover`. Add a hint to the URI so the text on the page can be customized a bit to help users through the workflow.

**Reset Emails Going to Main Account Email**: Previously, we would send password reset email to the user's primary account email. However, since we verify email coming from reset links this isn't correct and could allow a user to verify an email without actually controlling it.

Since the user needs a real account in the first place this does not seem useful on its own, but might be a component in some other attack. The user might also no longer have access to their primary account, in which case this wouldn't be wrong, but would not be very useful.

Mitigate this in two ways:

  - First, send to the actual email address the user entered, not the primary account email address.
  - Second, don't let these links verify emails: they're just login links. This primarily makes it more difficult for an attacker to add someone else's email to their account, send them a reset link, get them to login and implicitly verify the email by not reading very carefully, and then figure out something interesting to do (there's currently no followup attack here, but allowing this does seem undesirable).

**Password Reset Without Old Password**: After a user logs in via email, we send them to the password settings panel (if passwords are enabled) with a code that lets them set a new password without knowing the old one.

Previously, this code was static and based on the email address. Instead, issue a one-time code.

**Jump Into Hisec**: Normally, when a user who has multi-factor auth on their account logs in, we prompt them for factors but don't put them in high security. You usually don't want to go do high-security stuff immediately after login, and it would be confusing and annoying if normal logins gave you a "YOU ARE IN HIGH SECURITY" alert bubble.

However, if we're taking you to the password reset screen, we //do// want to put the user in high security, since that screen requires high security. If we don't do this, the user gets two factor prompts in a row.

To accomplish this, we set a cookie when we know we're sending the user into a high security workflow. This cookie makes login finalization upgrade all the way from "partial" to "high security", instead of stopping halfway at "normal". This is safe because the user has just passed a factor check; the only reason we don't normally do this is to reduce annoyance.

**Some UI Cleanup**: Some of this was using really old UI. Modernize it a bit.

Test Plan:
  - **One Time Resets**
    - Used a reset link.
    - Tried to reuse a reset link, got denied.
    - Verified each link is different.
  - **Coupling of Email Verification and One-Time Login**
    - Verified that `bin/auth`, password reset, and username change links do not have an email verifying URI component.
    - Tried to tack one on, got denied.
    - Used the welcome email link to login + verify.
    - Tried to mutate the URI to not verify, or verify something else: got denied.
  - **Message Customization**
    - Viewed messages on the different workflows. They seemed OK.
  - **Reset Emails Going to Main Account Email**
    - Sent password reset email to non-primary email.
    - Received email at specified address.
    - Verified it does not verify the address.
  - **Password Reset Without Old Password**
    - Reset password without knowledge of old one after email reset.
    - Tried to do that without a key, got denied.
    - Tried to reuse a key, got denied.
  - **Jump Into Hisec**
    - Logged in with MFA user, got factor'd, jumped directly into hisec.
    - Logged in with non-MFA user, no factors, normal password reset.
  - **Some UI Cleanup**
    - Viewed new UI.
  - **Misc**
    - Created accounts, logged in with welcome link, got verified.
    - Changed a username, used link to log back in.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D9252
2014-05-22 10:41:00 -07:00
epriestley
e6f6a58f93 Move activity log rendering to a dashboard panel
Summary:
Ref T4986. Swap this in. Two minor notes:

  - I adjusted the SearchEngine to add an additional constraint when the viewer isn't an admin. This mostly stops us from doing a bunch of unnecessary work.
  - I fixed the settings panel to paginate (currently loads all results, slow in production).

Test Plan: Viewed logs; viewed settings panel; created a dashboard panel.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4986

Differential Revision: https://secure.phabricator.com/D9136
2014-05-15 19:17:02 -07:00
Chad Little
0120388a75 Found some missing icons
Summary: Did a more exhaustive grep on setIcon and found 99.9% of the icons.

Test Plan: I verified icon names on UIExamples, but unable to test some of the more complex flows visually. Mostly a read and replace.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin, hach-que

Differential Revision: https://secure.phabricator.com/D9088
2014-05-13 07:45:39 -07:00
Chad Little
b2f3001ec4 Replace Sprite-Icons with FontAwesome
Summary: The removes the sprite sheet 'icons' and replaces it with FontAwesome fonts.

Test Plan:
- Grep for SPRITE_ICONS and replace
- Grep for sprite-icons and replace
- Grep for PhabricatorActionList and choose all new icons
- Grep for Crumbs and fix icons
- Test/Replace PHUIList Icon support
- Test/Replace ObjectList Icon support (foot, epoch, etc)
- Browse as many pages as I could get to
- Remove sprite-icons and move remarkup to own sheet
- Review this diff in Differential

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin, hach-que

Differential Revision: https://secure.phabricator.com/D9052
2014-05-12 10:08:32 -07:00
epriestley
68023e64a9 Document multi-factor authentication
Summary: Ref T4398. This has a few lies (in the sense of "features that don't work yet") but should describe behavior accurately after a few more patches.

Test Plan: Read it.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8910
2014-05-01 10:23:41 -07:00
epriestley
e8cebb7da5 Add support for aural-only and visual-only elements
Summary:
Ref T4843. This adds support to `javelin_tag()` for an `aural` attribute. When specified, `true` values mean "this content is aural-only", while `false` values mean "this content is not aural".

  - I've attempted to find the best modern approaches for marking this content, but the `aural` attribute should let us change the mechanism later.
  - Make the "beta" markers on application navigation visual only (see T4843). This information is of very low importance, the application navigation is accessed frequently, and the information is available on the application list.
  - Partially convert the main navigation. This is mostly to test things, since I want to get more concrete feedback about approaches here.
  - Add a `?__aural__=1` attribute, which renders the page with aural-only elements visible and visual-only elements colored.

Test Plan: {F146476}

Reviewers: btrahan, scp, chad

Reviewed By: chad

Subscribers: aklapper, qgil, epriestley

Maniphest Tasks: T4843

Differential Revision: https://secure.phabricator.com/D8830
2014-05-01 07:18:18 -07:00
epriestley
3fde020049 Make many actions require high security
Summary:
Ref T4398. Protects these actions behind a security barrier:

  - Link external account.
  - Retrieve Conduit token.
  - Reveal Passphrase credential.
  - Create user.
  - Admin/de-admin user.
  - Rename user.
  - Show conduit certificate.
  - Make primary email.
  - Change password.
  - Change VCS password.
  - Add SSH key.
  - Generate SSH key.

Test Plan: Tried to take each action and was prompted for two-factor.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8921
2014-04-30 17:44:59 -07:00
lkassianik
cf3f8cd809 Ask users to choose a pronoun instead of sex in the Account settings panel
Summary: Fixes T4845, Use "choose a pronoun" prompt for (grammatical) gender selection instead of "Sex"

Test Plan: Open Account settings panel, expand Pronoun dropdown, verify that options are "<username> updated their/her/his profile". Switch to different language, verify that pronouns propogate

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: epriestley, Korvin

Maniphest Tasks: T4845

Differential Revision: https://secure.phabricator.com/D8920
2014-04-30 14:42:07 -07:00
epriestley
a017a8e02b Make two-factor auth actually work
Summary:
Ref T4398. Allows auth factors to render and validate when prompted to take a hi-sec action.

This has a whole lot of rough edges still (see D8875) but does fundamentally work correctly.

Test Plan:
  - Added two different TOTP factors to my account for EXTRA SECURITY.
  - Took hisec actions with no auth factors, and with attached auth factors.
  - Hit all the error/failure states of the hisec entry process.
  - Verified hisec failures appear in activity logs.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8886
2014-04-28 10:20:54 -07:00
epriestley
17709bc167 Add multi-factor auth and TOTP support
Summary:
Ref T4398. This is still pretty rough and isn't exposed in the UI yet, but basically works. Some missing features / areas for improvement:

  - Rate limiting attempts (see TODO).
  - Marking tokens used after they're used once (see TODO), maybe. I can't think of ways an attacker could capture a token without also capturing a session, offhand.
  - Actually turning this on (see TODO).
  - This workflow is pretty wordy. It would be nice to calm it down a bit.
  - But also add more help/context to help users figure out what's going on here, I think it's not very obvious if you don't already know what "TOTP" is.
  - Add admin tool to strip auth factors off an account ("Help, I lost my phone and can't log in!").
  - Add admin tool to show users who don't have multi-factor auth? (so you can pester them)
  - Generate QR codes to make the transfer process easier (they're fairly complicated).
  - Make the "entering hi-sec" workflow actually check for auth factors and use them correctly.
  - Turn this on so users can use it.
  - Adding SMS as an option would be nice eventually.
  - Adding "password" as an option, maybe? TOTP feels fairly good to me.

I'll post a couple of screens...

Test Plan:
  - Added TOTP token with Google Authenticator.
  - Added TOTP token with Authy.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8875
2014-04-28 09:27:11 -07:00
epriestley
3f5a55fa6e Let users review their own account activity logs
Summary:
Ref T4398. This adds a settings panel for account activity so users can review activity on their own account. Some goals are:

  - Make it easier for us to develop and support auth and credential information, see T4398. This is the primary driver.
  - Make it easier for users to understand and review auth and credential information (see T4842 for an example -- this isn't there yet, but builds toward it).
  - Improve user confidence in security by making logging more apparent and accessible.

Minor corresponding changes:

  - Entering and exiting hisec mode is now logged.
  - This, sessions, and OAuth authorizations have moved to a new "Sessions and Logs" area, since "Authentication" was getting huge.

Test Plan:
  - Viewed new panel.
  - Viewed old UI.
  - Entered/exited hisec and got prompted.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8871
2014-04-27 17:32:09 -07:00
epriestley
f42ec84d0c Add "High Security" mode to support multi-factor auth
Summary:
Ref T4398. This is roughly a "sudo" mode, like GitHub has for accessing SSH keys, or Facebook has for managing credit cards. GitHub actually calls theirs "sudo" mode, but I think that's too technical for big parts of our audience. I've gone with "high security mode".

This doesn't actually get exposed in the UI yet (and we don't have any meaningful auth factors to prompt the user for) but the workflow works overall. I'll go through it in a comment, since I need to arrange some screenshots.

Test Plan: See guided walkthrough.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4398

Differential Revision: https://secure.phabricator.com/D8851
2014-04-27 17:31:11 -07:00
epriestley
563a1ac5bf Fix parsing and storage of generated SSH keys
Summary: Fixes T4772. We weren't parsing generated public keys properly, and were storing them in the wrong format.

Test Plan:
  - Updated a private key.
  - Generated a public key.
  - Saved the public key.
  - Used a generated private key to authenticate.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4772

Differential Revision: https://secure.phabricator.com/D8721
2014-04-08 14:52:37 -07:00
epriestley
847b7977c1 Add semi-generic rate limiting infrastructure
Summary:
This adds a system which basically keeps a record of recent actions, who took them, and how many "points" they were worth, like:

  epriestley email.add 1 1233989813
  epriestley email.add 1 1234298239
  epriestley email.add 1 1238293981

We can use this to rate-limit actions by examining how many actions the user has taken in the past hour (i.e., their total score) and comparing that to an allowed limit.

One major thing I want to use this for is to limit the amount of error email we'll send to an email address. A big concern I have with sending more error email is that we'll end up in loops. We have some protections against this in headers already, but hard-limiting the system so it won't send more than a few errors to a particular address per hour should provide a reasonable secondary layer of protection.

This use case (where the "actor" needs to be an email address) is why the table uses strings + hashes instead of PHIDs. For external users, it might be appropriate to rate limit by cookies or IPs, too.

To prove it works, I rate limited adding email addresses. This is a very, very low-risk security thing where a user with an account can enumerate addresses (by checking if they get an error) and sort of spam/annoy people (by adding their address over and over again). Limiting them to 6 actions / hour should satisfy all real users while preventing these behaviors.

Test Plan:
This dialog is uggos but I'll fix that in a sec:

{F137406}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8683
2014-04-03 11:22:38 -07:00
epriestley
1df9a6e6b0 Move "Send Welcome Email" to profiles and nuke old weird edit UI
Summary: Ref T4065. Moves the last of the weird alternate edit UI to profiles. The old "Edit" controller is now for creation only, and the funky pencil icon is gone.

Test Plan: Created accounts; sent welcome email.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4065

Differential Revision: https://secure.phabricator.com/D8670
2014-04-02 12:06:17 -07:00
epriestley
04b9f94602 Give administrators selective access to System Agent settings panels
Summary: Ref T4065. Give administrators an "Edit Settings" link from profiles, which allows selective edit of settings panels. Enable Conduit, SSH Keys, and VCS Password.

Test Plan:
  - Used these panels for a bot.
  - Used these panels on my own account.
  - Tried to use these panels for a non-bot account, was denied.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4065

Differential Revision: https://secure.phabricator.com/D8668
2014-04-02 12:06:05 -07:00
Bob Trahan
750a30d441 Hide uninstalled applications on the "Home Application Tiles" preferences page
Summary: Fixes T4685.

Test Plan: loaded home page settings and saw phrequent, uninstalled phrequent, refreshed, and no longer saw phrequent!

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T4685

Differential Revision: https://secure.phabricator.com/D8640
2014-04-01 12:27:52 -07:00
epriestley
aea624118b Allow users to terminate login sessions
Summary:
This is partly a good feature, and partly should reduce false positives on HackerOne reporting things vaguely related to this.

Allow a user to terminate login sessions from the settings panel.

Test Plan:
  - Terminated a session.
  - Terminated all sessions.
  - Tried to terminate all sessions again.
  - Logged in with two browsers, terminated the other browser's session, reloaded, got kicked out.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8556
2014-03-17 15:02:01 -07:00
epriestley
38cc38eaf6 Modernize documentation links
Summary:
  - Point them at the new Diviner.
  - Make them a little less cumbersome to write.

Test Plan: Found almost all of these links in the UI and clicked them.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8553
2014-03-17 15:01:31 -07:00
epriestley
039b8e43b9 Whitelist allowed editor protocols
Summary:
This is the other half of D8548. Specifically, the attack here was to set your own editor link to `javascript\n:...` and then you could XSS yourself. This isn't a hugely damaging attack, but we can be more certain by adding a whitelist here.

We already whitelist linkable protocols in remarkup (`uri.allowed-protocols`) in general.

Test Plan:
Tried to set and use valid/invalid editor URIs.

{F130883}

{F130884}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D8551
2014-03-17 13:00:37 -07:00