1. 29 Mar, 2020 1 commit
    • Daniel Stone's avatar
      HACK: Conduit: Accept OAuth2 Authorization header · 5e9cf61a
      Daniel Stone authored
      This is really lame. The Ruby OAuth2 client can only pass its token in
      the form data (which Phab is not prepared to accept), or as part of the
      Authorization header (which PHP strips out).
      
      Use a function only available in newer PHP to scrape the Authorization
      header from the raw stream.
      
      I have no idea what the correct fix is.
      5e9cf61a
  2. 22 Nov, 2019 1 commit
  3. 03 Jan, 2019 1 commit
    • Austin McKinley's avatar
      Raise warning when accidentally submitting Conduit parameters as a JSON-encoded body · 05a94741
      Austin McKinley authored
      Summary: See T12447 for discussion. It is reasonably intuitive to try and pass Conduit parameters via a JSON-encoded HTTP body, but if you do so, you'll get an unhelpful messsage about how method so-and-so does not accept a parameter named "your_entire_json_body". Instead, detect this mistake and advise developers to use form-encoded parameters.
      
      Test Plan:
      Got a better error when attempting to make Conduit calls from React code. Tested the following additional invocations of Conduit and got the expected results without an error:
      
      * From the Conduit UI
      * With cURL:
      ```
      ~ $ curl http://local.phacility.com:8080/api/conpherence.querythread \
      >     -d api.token=api-tvv2zb565zrtueab5ddprmpxvrwb \
      >     -d ids[0]=1
      ```
      * With `arc call-conduit`:
      ```
      ~ $ echo '{
      >   "ids": [
      >     1
      >   ]
      > }' | arc call-conduit --conduit-uri http://local.phacility.com:8080/ --conduit-token api-tvv2zb565zrtueab5ddprmpxvrwb conpherence.querythread
      ```
      
      Reviewers: epriestley
      
      Reviewed By: epriestley
      
      Subscribers: Korvin
      
      Differential Revision: https://secure.phabricator.com/D19944
      05a94741
  4. 09 Nov, 2018 1 commit
  5. 20 Jul, 2018 1 commit
    • epriestley's avatar
      Make the Conduit auth error for an unrecognized public key a little more useful · eb80a5ed
      epriestley authored
      Summary: Ref T13168. This is just a small quality-of-life fix: we can disclose which public key we're talking about because public keys are public.
      
      Test Plan:
        - Hit public key error (through my own bumbling / not reading or following instructions). Specifically, I haven't associated the key with a device in Almanac.
        - Before: vague error.
        - After: more specific error with enough key material that I could grep for it.
      
      Reviewers: amckinley
      
      Reviewed By: amckinley
      
      Subscribers: yelirekim
      
      Maniphest Tasks: T13168
      
      Differential Revision: https://secure.phabricator.com/D19516
      eb80a5ed
  6. 18 Jul, 2017 1 commit
  7. 14 Oct, 2016 1 commit
  8. 07 Jun, 2016 1 commit
    • epriestley's avatar
      Centralize "this is the current user for the request" code · 814fa135
      epriestley authored
      Summary:
      Ref T11098. This primarily fixes Conduit calls to `*.edit` methods failing when trying to access user preferences.
      
      (The actual access is a little weird, since it seems like we're building some UI stuff inside a policy query, but that's an issue for another time.)
      
      To fix this, consolidate the "we're about to run some kind of request with this user" code and run it consistently for web, conduit, and SSH sessions.
      
      Additionally, make sure we swap things to the user's translation.
      
      Test Plan:
        - Ran `maniphest.edit` via `arc call-conduit`, no more settings exception.
        - Set translation to ALL CAPS, got all caps output from `ssh` and Conduit.
      
      Reviewers: avivey, chad
      
      Reviewed By: chad
      
      Maniphest Tasks: T11098
      
      Differential Revision: https://secure.phabricator.com/D16066
      814fa135
  9. 18 May, 2016 1 commit
    • epriestley's avatar
      Deactivate SSH keys instead of destroying them completely · 0308d580
      epriestley authored
      Summary:
      Ref T10917. Currently, when you delete an SSH key, we really truly delete it forever.
      
      This isn't very consistent with other applications, but we built this stuff a long time ago before we were as rigorous about retaining data and making it auditable.
      
      In partiular, destroying data isn't good for auditing after security issues, since it means we can't show you logs of any changes an attacker might have made to your keys.
      
      To prepare to improve this, stop destoying data. This will allow later changes to become transaction-oriented and show normal transaction logs.
      
      The tricky part here is that we have a `UNIQUE KEY` on the public key part of the key.
      
      Instead, I changed this to `UNIQUE (key, isActive)`, where `isActive` is a nullable boolean column. This works because MySQL does not enforce "unique" if part of the key is `NULL`.
      
      So you can't have two rows with `("A", 1)`, but you can have as many rows as you want with `("A", null)`. This lets us keep the "each key may only be active for one user/object" rule without requiring us to delete any data.
      
      Test Plan:
      - Ran schema changes.
      - Viewed public keys.
      - Tried to add a duplicate key, got rejected (already associated with another object).
      - Deleted SSH key.
      - Verified that the key was no longer actually deleted from the database, just marked inactive (in future changes, I'll update the UI to be more clear about this).
      - Uploaded a new copy of the same public key, worked fine (no duplicate key rejection).
      - Tried to upload yet another copy, got rejected.
      - Generated a new keypair.
      - Tried to upload a duplicate to an Almanac device, got rejected.
      - Generated a new pair for a device.
      - Trusted a device key.
      - Untrusted a device key.
      - "Deleted" a device key.
      - Tried to trust a deleted device key, got "inactive" message.
      - Ran `bin/ssh-auth`, got good output with unique keys.
      - Ran `cat ~/.ssh/id_rsa.pub | ./bin/ssh-auth-key`, got good output with one key.
      - Used `auth.querypublickeys` Conduit method to query keys, got good active keys.
      
      Reviewers: chad
      
      Reviewed By: chad
      
      Maniphest Tasks: T10917
      
      Differential Revision: https://secure.phabricator.com/D15943
      0308d580
  10. 13 Apr, 2016 1 commit
    • epriestley's avatar
      Allow public users to make intracluster API requests · 99be132e
      epriestley authored
      Summary:
      Ref T10784. On `secure`, logged-out users currently can't browse repositories when cluster/service mode is enabled because they aren't permitted to make intracluster requests.
      
      We don't allow totally public external requests (they're hard to rate limit and users might write bots that polled `feed.query` or whatever which we'd have no way to easily disable) but it's fine to allow intracluster public requests.
      
      Test Plan: Browsed a clustered repository while logged out locally.
      
      Reviewers: chad
      
      Reviewed By: chad
      
      Maniphest Tasks: T10784
      
      Differential Revision: https://secure.phabricator.com/D15695
      99be132e
  11. 04 Apr, 2016 3 commits
    • Chad Little's avatar
      Update Conduit for new UI · e2685a24
      Chad Little authored
      Summary: View various conduit pages and update to new UI and add calls to newPage
      
      Test Plan: View list, view method, make a call.
      
      Reviewers: epriestley
      
      Reviewed By: epriestley
      
      Subscribers: Korvin
      
      Differential Revision: https://secure.phabricator.com/D15613
      e2685a24
    • epriestley's avatar
      Implement "auth.logout" Conduit API method · e55522ca
      epriestley authored
      Summary:
      Ref T7303. Ref T7673. This implements an "auth.logout" which:
      
        - terminates all web sessions;
        - terminates the current OAuth token if called via OAuth; and
        - may always be called via OAuth.
      
      (Since it consumes an OAuth token, even a "malicious" OAuth application can't really be that much of a jerk with this: it can't continuously log you out, since calling the method once kills the token. The application would need to ask your permission again to get a fresh token.)
      
      The primary goal here is to let Phacility instances call this against the Phacility upstream, so that when you log out of an instance it also logs you out of your Phacility account (possibly with a checkbox or something).
      
      This also smooths over the session token code. Before this change, your sessions would get logged out but when you reloaded we'd tell you your session was invalid.
      
      Instead, try to clear the invalid session before telling the user there's an issue. I think that ssentially 100% of invalid sessions are a result of something in this vein (e.g., forced logout via Settings) nowadays, since the session code is generally stable and sane and has been for a long time.
      
      Test Plan:
        - Called `auth.logout` via console, got a reasonable logout experience.
        - Called `auth.logout` via OAuth.
          - Tried to make another call, verified OAuth token had been invalidated.
          - Verified web session had been invalidated.
      
      Reviewers: chad
      
      Reviewed By: chad
      
      Maniphest Tasks: T7303, T7673
      
      Differential Revision: https://secure.phabricator.com/D15594
      e55522ca
    • epriestley's avatar
      Begin cleaning up OAuth scope handling · 60133b6f
      epriestley authored
      Summary:
      Ref T7303. OAuth scope handling never got fully modernized and is a bit of a mess.
      
      Also introduce implicit "ALWAYS" and "NEVER" scopes.
      
      Always give tokens access to meta-methods like `conduit.getcapabilities` and `conduit.query`. These do not expose user information.
      
      Test Plan:
        - Used a token to call `user.whoami`.
        - Used a token to call `conduit.query`.
        - Used a token to try to call `user.query`, got rebuffed.
      
      Reviewers: chad
      
      Reviewed By: chad
      
      Maniphest Tasks: T7303
      
      Differential Revision: https://secure.phabricator.com/D15593
      60133b6f
  12. 14 Dec, 2015 1 commit
    • epriestley's avatar
      Move ConduitLogs to ApplicationSearch · 4a147dcb
      epriestley authored
      Summary:
      Ref T9980. Start making this UI more useful and powerful so we can give administrators a better toolset for reacting to API changes.
      
      Fixes T9755. We were logging the caller, just not rendering it properly.
      
      Test Plan: {F1025799}
      
      Reviewers: chad
      
      Reviewed By: chad
      
      Maniphest Tasks: T9755, T9980
      
      Differential Revision: https://secure.phabricator.com/D14779
      4a147dcb
  13. 18 Oct, 2015 1 commit
  14. 01 Sep, 2015 1 commit
  15. 04 Jun, 2015 2 commits
    • epriestley's avatar
      Add "Mailing List" users · 992c1995
      epriestley authored
      Summary:
      Ref T8387. Adds new mailing list users.
      
      This doesn't migrate anything yet. I also need to update the "Email Addresses" panel to let administrators change the list address.
      
      Test Plan:
        - Created and edited a mailing list user.
        - Viewed profile.
        - Viewed People list.
        - Searched for lists / nonlists.
        - Grepped for all uses of `getIsDisabled()` / `getIsSystemAgent()` and added relevant corresponding behaviors.
        - Hit the web/api/ssh session blocks.
      
      Reviewers: btrahan
      
      Reviewed By: btrahan
      
      Subscribers: eadler, tycho.tatitscheff, epriestley
      
      Maniphest Tasks: T8387
      
      Differential Revision: https://secure.phabricator.com/D13123
      992c1995
    • epriestley's avatar
      Update account roles documentation and remove actAsUser · 8440b3ef
      epriestley authored
      Summary:
      Ref T8387. This describes changes I haven't made yet, but plan to make.
      
      Also removes the long-deprecated actAsUser capability so I can remove the caveat about it from the documentation.
      
      Test Plan: `grep`, reading
      
      Reviewers: btrahan, eadler
      
      Reviewed By: btrahan, eadler
      
      Subscribers: eadler, epriestley
      
      Maniphest Tasks: T8387
      
      Differential Revision: https://secure.phabricator.com/D13120
      8440b3ef
  16. 22 May, 2015 1 commit
  17. 20 May, 2015 1 commit
    • Chad Little's avatar
      [Redesign] Add Table, Collapse support to ObjectBox · a4784e03
      Chad Little authored
      Summary: Converts most all tables to be directly set via `setTable` to an ObjectBox. I think this path is more flexible design wise, as we can change the box based on children, and not just CSS. We also already do this with PropertyList, Forms, ObjectList, and Header. `setCollapsed` is added to ObjectBox to all children objects to bleed to the edges (like diffs).
      
      Test Plan: I did a grep of `appendChild($table)` as well as searches for `PHUIObjectBoxView`, also with manual opening of hundreds of files. I'm sure I missed 5-8 places. If you just appendChild($table) nothing breaks, it just looks a little funny.
      
      Reviewers: epriestley, btrahan
      
      Subscribers: Korvin, epriestley
      
      Differential Revision: https://secure.phabricator.com/D12955
      a4784e03
  18. 08 May, 2015 1 commit
  19. 05 May, 2015 1 commit
  20. 04 May, 2015 1 commit
  21. 05 Apr, 2015 1 commit
    • Joshua Spence's avatar
      Fix some odd looking arrays · ea376685
      Joshua Spence authored
      Summary: These arrays looks a little odd, most likely due to the autofix applied by `ArcanistXHPASTLinter::LINT_ARRAY_SEPARATOR`. See D12296 in which I attempt to improve the autocorrection from this linter rule.
      
      Test Plan: N/A
      
      Reviewers: epriestley, #blessed_reviewers
      
      Reviewed By: epriestley, #blessed_reviewers
      
      Subscribers: epriestley
      
      Differential Revision: https://secure.phabricator.com/D12281
      ea376685
  22. 03 Mar, 2015 1 commit
    • Chad Little's avatar
      Modernize Conduit app a bit · 42318043
      Chad Little authored
      Summary: Remove some AphrontPanels, add some phts, fix some table layouts.
      
      Test Plan: Browse many Conduit pages, test a few calls.
      
      Reviewers: btrahan, epriestley
      
      Reviewed By: epriestley
      
      Subscribers: Korvin, epriestley
      
      Maniphest Tasks: T7427
      
      Differential Revision: https://secure.phabricator.com/D11957
      42318043
  23. 23 Jan, 2015 1 commit
    • epriestley's avatar
      Proxy Diffusion Conduit API calls · d94d1da6
      epriestley authored
      Summary:
      Fixes T7020. When an external user makes a Conduit request to Diffusion but the repository isn't hosted locally, we need to proxy it.
      
      This also adds a guard layer to prevent requests from getting infinitely proxied inside the cluster.
      
      In "trivial" configurations (where the repository is a service repository, but the service is on the local device) I'm making us always proxy anyway. This basically makes it reasonable to test this stuff (otherwise you'd have to set up two different installs) and this configuration doesn't make much sense in real life (if you're using multiple machines, making one a dedicating daemons+repo box is almost certainly the most reasonable configuration, even for a cluster size of 2).
      
      Test Plan:
        - With a service-hosted repository, made Diffusion conduit calls and browsed the UI. Verified requests got proxied once, then resovled.
        - With a non-service repository, made Diffusion conduit calls and browsed UI. Verified requests were handled in-process immediately.
      
      Reviewers: btrahan
      
      Reviewed By: btrahan
      
      Subscribers: epriestley
      
      Maniphest Tasks: T7020
      
      Differential Revision: https://secure.phabricator.com/D11475
      d94d1da6
  24. 02 Jan, 2015 1 commit
    • epriestley's avatar
      Add `cluster.addresses` and require membership before accepting cluster authentication tokens · fa7bb8ff
      epriestley authored
      Summary:
      Ref T2783. Ref T6706.
      
        - Add `cluster.addresses`. This is a whitelist of CIDR blocks which define cluster hosts.
        - When we recieve a request that has a cluster-based authentication token, require the cluster to be configured and require the remote address to be a cluster member before we accept it.
          - This provides a general layer of security for these mechanisms.
          - In particular, it means they do not work by default on unconfigured hosts.
        - When cluster addresses are configured, and we receive a request //to// an address not on the list, reject it.
          - This provides a general layer of security for getting the Ops side of cluster configuration correct.
          - If cluster nodes have public IPs and are listening on them, we'll reject requests.
          - Basically, this means that any requests which bypass the LB get rejected.
      
      Test Plan:
        - With addresses not configured, tried to make requests; rejected for using a cluster auth mechanism.
        - With addresses configred wrong, tried to make requests; rejected for sending from (or to) an address outside of the cluster.
        - With addresses configured correctly, made valid requests.
      
      Reviewers: btrahan
      
      Reviewed By: btrahan
      
      Subscribers: epriestley
      
      Maniphest Tasks: T6706, T2783
      
      Differential Revision: https://secure.phabricator.com/D11159
      fa7bb8ff
  25. 15 Dec, 2014 2 commits
    • epriestley's avatar
      Add conduit.getcapabilities and a modern CLI handshake workflow · 288498f8
      epriestley authored
      Summary:
      Ref T5955.
      
        - Add `conduit.getcapabilities` to help arc (and other clients) determine formats, protocols, etc., the server supports.
        - Fixes T3117. Add a more modern version of the handshake workflow that allows all generated tokens to remain valid for an hour.
        - Generally, add a CLI token type. This token type expires after an hour when generated, then becomes permanent if used.
      
      Test Plan:
        - See D10988.
        - Ran `conduit.getcapabilities` and inspected output.
      
      Reviewers: btrahan
      
      Reviewed By: btrahan
      
      Subscribers: epriestley
      
      Maniphest Tasks: T3117, T5955
      
      Differential Revision: https://secure.phabricator.com/D10989
      288498f8
    • epriestley's avatar
      Accept Conduit tokens as an authentication mechanism · 0507626f
      epriestley authored
      Summary:
        - Ref T5955. Accept the tokens introduced in D10985 as an authentication token.
        - Ref T3628. Permit simple `curl`-compatible decoding of parameters.
      
      Test Plan:
        - Ran some sensible `curl` API commands:
      
      ```
      epriestley@orbital ~/dev/phabricator $ curl -g "http://local.phacility.com/api/user.whoami?api.token=api-f7dfpoyelk4mmz6vxcueb6hcbtbk" ; echo
      {"result":{"phid":"PHID-USER-cvfydnwadpdj7vdon36z","userName":"admin","realName":"asdf","image":"http:\/\/local.phacility.com\/res\/1410737307T\/phabricator\/3eb28cd9\/rsrc\/image\/avatar.png","uri":"http:\/\/local.phacility.com\/p\/admin\/","roles":["admin","verified","approved","activated"]},"error_code":null,"error_info":null}
      ```
      
      ```
      epriestley@orbital ~/dev/phabricator $ curl -g "http://local.phacility.com/api/differential.query?api.token=api-f7dfpoyelk4mmz6vxcueb6hcbtbk&ids[]=1" ; echo
      {"result":[{"id":"1","phid":"PHID-DREV-v3a67ixww3ccg5lqbxee","title":"zxcb","uri":"http:\/\/local.phacility.com\/D1","dateCreated":"1418405590","dateModified":"1418405590","authorPHID":"PHID-USER-cvfydnwadpdj7vdon36z","status":"0","statusName":"Needs Review","branch":null,"summary":"","testPlan":"zxcb","lineCount":"6","activeDiffPHID":"PHID-DIFF-pzbtc5rw6pe5j2kxtlr2","diffs":["1"],"commits":[],"reviewers":[],"ccs":[],"hashes":[],"auxiliary":{"phabricator:projects":[],"phabricator:depends-on":[],"organization.sqlmigration":null},"arcanistProjectPHID":null,"repositoryPHID":null,"sourcePath":null}],"error_code":null,"error_info":null}
      ```
      
        - Ran older-style commands like `arc list` against the local install.
        - Ran commands via web console.
        - Added and ran a unit test to make sure nothing is using forbidden parameter names.
        - Terminated a token and verified it no longer works.
      
      Reviewers: btrahan
      
      Reviewed By: btrahan
      
      Subscribers: epriestley
      
      Maniphest Tasks: T3628, T5955
      
      Differential Revision: https://secure.phabricator.com/D10986
      0507626f
  26. 21 Nov, 2014 1 commit
    • epriestley's avatar
      Allow device SSH keys to be trusted · 5e0f218f
      epriestley authored
      Summary:
      Ref T6240. Some discussion in that task. In instance/cluster environments, daemons need to make Conduit calls that bypass policy checks.
      
      We can't just let anyone add SSH keys with this capability to the web directly, because then an adminstrator could just add a key they own and start signing requests with it, bypassing policy checks.
      
      Add a `bin/almanac trust-key --id <x>` workflow for trusting keys. Only trusted keys can sign requests.
      
      Test Plan:
        - Generated a user key.
        - Generated a device key.
        - Trusted a device key.
        - Untrusted a device key.
        - Hit the various errors on trust/untrust.
        - Tried to edit a trusted key.
      
      {F236010}
      
      Reviewers: btrahan
      
      Reviewed By: btrahan
      
      Subscribers: epriestley
      
      Maniphest Tasks: T6240
      
      Differential Revision: https://secure.phabricator.com/D10878
      5e0f218f
  27. 18 Nov, 2014 1 commit
  28. 17 Nov, 2014 1 commit
    • epriestley's avatar
      Allow Phabricator to accept Conduit requests signed with an SSH key · 657b36dd
      epriestley authored
      Summary:
      Ref T4209.  Depends on D10402.
      
      This updates Conduit to support authenticating calls from other servers by signing the request parameters with the sending server's private key and verifying it with the public key stored in the database.
      
      Test Plan:
        - Made like 500 bad calls using the stuff in D10402.
        - Made a few valid calls using the stuff in D10402.
      
      Reviewers: hach-que, btrahan, #blessed_reviewers
      
      Reviewed By: btrahan, #blessed_reviewers
      
      Subscribers: epriestley, Korvin
      
      Maniphest Tasks: T6240, T4209
      
      Differential Revision: https://secure.phabricator.com/D10401
      657b36dd
  29. 07 Oct, 2014 1 commit
  30. 25 Jul, 2014 1 commit
    • Joshua Spence's avatar
      Don't log Conduit 404s as errors · bff217ef
      Joshua Spence authored
      Summary: Fixes T5695. A Conduit "method does not exist" exception is somewhat expected... there is no need to `phlog` the exception.
      
      Test Plan: Called a non-existent Conduit method. Saw no exceptions in the error logs.
      
      Reviewers: #blessed_reviewers, epriestley
      
      Reviewed By: #blessed_reviewers, epriestley
      
      Subscribers: epriestley, Korvin
      
      Maniphest Tasks: T5695
      
      Differential Revision: https://secure.phabricator.com/D10042
      bff217ef
  31. 10 Jul, 2014 1 commit
    • Bob Trahan's avatar
      Security - disable conduit act as user by default · e281c5ee
      Bob Trahan authored
      Summary: Introduce a new configuration setting that by default disables the conduit as as user method. Wordily explain that turning it on is not recommended. Fixes T3818.
      
      Test Plan:
      ```
      15:25:19 ~/Dropbox/code/phalanx/src/applications/conduit (T3818)
      ~>  echo '{}' | arc call-conduit --conduit-uri http://phalanx.dev/ user.whoami
      Waiting for JSON parameters on stdin...
      {"error":null,"errorMessage":null,"response":{"phid":"PHID-USER-tghb3b2gbdyezdcuw2or","userName":"btrahan","realName":"Bob Trahan","image":"http:\/\/phalanx.dev\/file\/data\/yncjbh7phk7ktrdhuorn\/PHID-FILE-qyf4ui3x2ll3e52hpg5e\/profile-profile-gravatar","uri":"http:\/\/phalanx.dev\/p\/btrahan\/","roles":["admin","verified","approved","activated"]}}
      15:25:34 ~/Dropbox/code/phalanx/src/applications/conduit (T3818)
      
      <go edit libconfig/conduitclient to spoof another user...>
      
      ~>  echo '{}' | arc call-conduit --conduit-uri http://phalanx.dev/ user.whoami
      Waiting for JSON parameters on stdin...
      {"error":"ERR-CONDUIT-CORE","errorMessage":"ERR-CONDUIT-CORE: security.allow-conduit-act-as-user is disabled","response":null}
      15:26:40 ~/Dropbox/code/phalanx/src/applications/conduit (T3818)
      
      <enable option via bin/config....>
      
      ~>  echo '{}' | arc call-conduit --conduit-uri http://phalanx.dev/ user.whoami
      Waiting for JSON parameters on stdin...
      {"error":null,"errorMessage":null,"response":{"phid":"PHID-USER-6lcglnzbkiamdofishgi","userName":"xerxes","realName":"Xerxes Trahan","image":"http:\/\/phalanx.dev\/file\/data\/n2kyeevowetcuynbcxrg\/PHID-FILE-voquikectzpde256zzvm\/profile-1275455993.jpg","uri":"http:\/\/phalanx.dev\/p\/xerxes\/","roles":["verified","approved","activated"]}}
      ```
      
      Reviewers: epriestley
      
      Reviewed By: epriestley
      
      Subscribers: jevripio, sowedance, epriestley, Korvin
      
      Maniphest Tasks: T3818
      
      Differential Revision: https://secure.phabricator.com/D9881
      e281c5ee
  32. 09 Jul, 2014 1 commit
    • Joshua Spence's avatar
      Remove `@group` annotations · 8756d82c
      Joshua Spence authored
      Summary: I'm pretty sure that `@group` annotations are useless now... see D9855. Also fixed various other minor issues.
      
      Test Plan: Eye-ball it.
      
      Reviewers: #blessed_reviewers, epriestley, chad
      
      Reviewed By: #blessed_reviewers, epriestley
      
      Subscribers: epriestley, Korvin, hach-que
      
      Differential Revision: https://secure.phabricator.com/D9859
      8756d82c
  33. 23 Jun, 2014 1 commit
  34. 09 Jun, 2014 1 commit
    • Joshua Spence's avatar
      Change double quotes to single quotes. · 0a62f134
      Joshua Spence authored
      Summary: Ran `arc lint --apply-patches --everything` over rP, mainly to change double quotes to single quotes where appropriate. These changes also validate that the `ArcanistXHPASTLinter::LINT_DOUBLE_QUOTE` rule is working as expected.
      
      Test Plan: Eyeballed it.
      
      Reviewers: #blessed_reviewers, epriestley
      
      Reviewed By: #blessed_reviewers, epriestley
      
      Subscribers: epriestley, Korvin, hach-que
      
      Differential Revision: https://secure.phabricator.com/D9431
      0a62f134
  35. 14 Jan, 2014 2 commits
    • epriestley's avatar
      Replace "web" and "conduit" magic session strings with constants · d392a8f1
      epriestley authored
      Summary: Ref T4310. Ref T3720. We use bare strings to refer to session types in several places right now; use constants instead.
      
      Test Plan: grep; logged out; logged in; ran Conduit commands.
      
      Reviewers: btrahan
      
      Reviewed By: btrahan
      
      CC: aran
      
      Maniphest Tasks: T4310, T3720
      
      Differential Revision: https://secure.phabricator.com/D7963
      d392a8f1
    • epriestley's avatar
      Separate session management from PhabricatorUser · eef314b7
      epriestley authored
      Summary: Ref T4310. Ref T3720. Session operations are currently part of PhabricatorUser. This is more tightly coupled than needbe, and makes it difficult to establish login sessions for non-users. Move all the session management code to a `SessionEngine`.
      
      Test Plan:
        - Viewed sessions.
        - Regenerated Conduit certificate.
        - Verified Conduit sessions were destroyed.
        - Logged out.
        - Logged in.
        - Ran conduit commands.
        - Viewed sessions again.
      
      Reviewers: btrahan
      
      Reviewed By: btrahan
      
      CC: aran
      
      Maniphest Tasks: T4310, T3720
      
      Differential Revision: https://secure.phabricator.com/D7962
      eef314b7