Page MenuHomePhabricator
Feed All Stories

Dec 14 2018

epriestley closed D19881: Give sessions real PHIDs and slightly modernize session queries.
Dec 14 2018, 12:14 AM

Dec 13 2018

epriestley requested review of D19886: Track MFA "challenges" so we can bind challenges to sessions and support SMS and other push MFA.
Dec 13 2018, 11:46 PM
epriestley added a revision to T9770: It is possible to use the same 2FA token more than once: D19886: Track MFA "challenges" so we can bind challenges to sessions and support SMS and other push MFA.
Dec 13 2018, 11:44 PM · Security, Auth
epriestley added a revision to T13222: 2018 Week 48-51 Bonus Content: D19886: Track MFA "challenges" so we can bind challenges to sessions and support SMS and other push MFA.
Dec 13 2018, 11:44 PM · Plans
epriestley added a comment to T13219: When returning a writable connection as a "r" connection, label it so it can be reused as a "w" connection.

Yeah, that's T10769.

Dec 13 2018, 11:41 PM · Clusters, Infrastructure
joshuaspence added a comment to T13219: When returning a writable connection as a "r" connection, label it so it can be reused as a "w" connection.

I am seeing a similar issue on our install:

[2018-12-13 12:20:12] EXCEPTION: (PhabricatorClusterImproperWriteException) Unable to establish a write-mode connection (to application database "phabricator_repository") because Phabricator is in read-only mode. Whatever you are trying to do does not function correctly in read-only mode. at [<phabricator>/src/infrastructure/storage/lisk/PhabricatorLiskDAO.php:119] arcanist(head=stable, ref.master=d9a4293ae734, ref.stable=45a8d22c74a6), phabricator(head=stable, ref.master=2951694c2737, ref.stable=237a2a190984), phlab(head=master, ref.master=564c60d09ff4), phutil(head=stable, ref.master=dd136d1c3712, ref.stable=414a4c6abb1b)
  #0 PhabricatorLiskDAO::raiseImproperWrite(string) called at [<phabricator>/src/infrastructure/storage/lisk/PhabricatorLiskDAO.php:60]
  #1 PhabricatorLiskDAO::establishLiveConnection(string) called at [<phabricator>/src/infrastructre/storage/lisk/LiskDAO.php:1011]
  #2 LiskDAO::establishConnection(string) called at [<phabricator>/src/applications/repository/stora... (619 more bytes) ... at [<phutil>/src/future/exec/ExecFuture.php:380]
[13-Dec-2018 12:20:12 Etc/UTC] arcanist(head=stable, ref.master=d9a4293ae734, ref.stable=45a8d22c74a6), phabricator(head=stable, ref.master=2951694c2737, ref.stable=237a2a190984), phlab(head=master, ref.master=564c60d09ff4), phutil(head=stable, ref.master=dd136d1c3712, ref.stable=414a4c6abb1b)
[13-Dec-2018 12:20:12 Etc/UTC]   #0 <#3> ExecFuture::resolvex() called at [<phabricator>/src/applications/repository/daemon/PhabricatorRepositoryPullLocalDaemon.php:446]
[13-Dec-2018 12:20:12 Etc/UTC]   #1 phlog(PhutilProxyException) called at [<phabricator>/src/applications/repository/daemon/PhabricatorRepositoryPullLocalDaemon.php:453]
[13-Dec-2018 12:20:12 Etc/UTC]   #2 PhabricatorRepositoryPullLocalDaemon::resolveUpdateFuture(PhabricatorRepository, ExecFuture, integer) called at [<phabricator>/src/applications/repository/daemon/PhabricatorRepositoryPullLocalDaemon.php:222]
[13-Dec-2018 12:20:12 Etc/UTC]   #3 PhabricatorRepositoryPullLocalDaemon::run() called at [<phutil>/src/daemon/PhutilDaemon.php:219]
[13-Dec-2018 12:20:12 Etc/UTC]   #4 PhutilDaemon::execute() called at [<phutil>/scripts/daemon/exec/exec_daemon.php:131]
Dec 13 2018, 11:40 PM · Clusters, Infrastructure
joshuaspence added a comment to T13219: When returning a writable connection as a "r" connection, label it so it can be reused as a "w" connection.

I am seeing a similar issue on our install:

Dec 13 2018, 11:38 PM · Clusters, Infrastructure
amckinley accepted D19884: Upgrade an old "weakDigest()" inside TOTP synchronization code.
Dec 13 2018, 10:14 PM
epriestley added inline comments to D19885: Require MFA implementations to return a formal result object when validating factors.
Dec 13 2018, 9:22 PM
amckinley accepted D19885: Require MFA implementations to return a formal result object when validating factors.
Dec 13 2018, 9:17 PM
epriestley added inline comments to D19883: Upgrade sessions digests to HMAC256, retaining compatibility with old digests.
Dec 13 2018, 9:03 PM
amckinley accepted D19883: Upgrade sessions digests to HMAC256, retaining compatibility with old digests.

Accepted assuming my inlines aren't actual issues.

Dec 13 2018, 8:56 PM
epriestley requested review of D19885: Require MFA implementations to return a formal result object when validating factors.
Dec 13 2018, 8:42 PM
epriestley added a revision to T13222: 2018 Week 48-51 Bonus Content: D19885: Require MFA implementations to return a formal result object when validating factors.
Dec 13 2018, 8:41 PM · Plans
epriestley committed rPHUcad1985726c9: Fix construction of two new qsprintf() exceptions (authored by epriestley).
Fix construction of two new qsprintf() exceptions
Dec 13 2018, 8:22 PM
epriestley closed D19882: Fix construction of two new qsprintf() exceptions.
Dec 13 2018, 8:22 PM
epriestley requested review of D19884: Upgrade an old "weakDigest()" inside TOTP synchronization code.
Dec 13 2018, 8:21 PM
epriestley added a revision to T12509: Plan the path forward from HMAC-SHA1: D19884: Upgrade an old "weakDigest()" inside TOTP synchronization code.
Dec 13 2018, 8:19 PM · Infrastructure, Security
epriestley added a revision to T13222: 2018 Week 48-51 Bonus Content: D19884: Upgrade an old "weakDigest()" inside TOTP synchronization code.
Dec 13 2018, 8:19 PM · Plans
amckinley accepted D19882: Fix construction of two new qsprintf() exceptions.
Dec 13 2018, 7:49 PM
amckinley accepted D19881: Give sessions real PHIDs and slightly modernize session queries.
Dec 13 2018, 7:48 PM
epriestley requested review of D19883: Upgrade sessions digests to HMAC256, retaining compatibility with old digests.
Dec 13 2018, 7:33 PM
epriestley added a revision to T13225: Complete session digest migration from SHA1 to SHA256: D19883: Upgrade sessions digests to HMAC256, retaining compatibility with old digests.
Dec 13 2018, 7:31 PM · Installing & Upgrading, Infrastructure, Security
epriestley added a revision to T13222: 2018 Week 48-51 Bonus Content: D19883: Upgrade sessions digests to HMAC256, retaining compatibility with old digests.
Dec 13 2018, 7:31 PM · Plans
epriestley added a comment to T13222: 2018 Week 48-51 Bonus Content.

One piece of minor mess here -- when you bin/auth recover yourself into a MFA'd account, you can get two MFA prompts: one to upgrade the session, then one to allow you to perform a password reset. Probably, the contextless password reset should only require MFA if you actually submit the form, and should do one-shot MFA, and ideally should carry the challenge tokens from the login and belong to the same workflow, although that's probably impractical.

Dec 13 2018, 7:21 PM · Plans
epriestley requested review of D19882: Fix construction of two new qsprintf() exceptions.
Dec 13 2018, 7:02 PM
epriestley added a revision to T13217: Upgrading: Hardening of qsprintf(): D19882: Fix construction of two new qsprintf() exceptions.
Dec 13 2018, 7:01 PM · Installing & Upgrading, Infrastructure, Security, Guides
epriestley added a revision to T13222: 2018 Week 48-51 Bonus Content: D19882: Fix construction of two new qsprintf() exceptions.
Dec 13 2018, 7:01 PM · Plans
epriestley triaged T13225: Complete session digest migration from SHA1 to SHA256 as Low priority.
Dec 13 2018, 6:42 PM · Installing & Upgrading, Infrastructure, Security
epriestley requested review of D19881: Give sessions real PHIDs and slightly modernize session queries.
Dec 13 2018, 6:36 PM
epriestley added a revision to T13222: 2018 Week 48-51 Bonus Content: D19881: Give sessions real PHIDs and slightly modernize session queries.
Dec 13 2018, 6:34 PM · Plans
epriestley added a comment to T13222: 2018 Week 48-51 Bonus Content.

Bind Challenges to Sessions

Dec 13 2018, 6:03 PM · Plans
epriestley added a comment to T12521: "(Exception) Expected nonempty 'cmds' specification!" when trying to clone or pull mercurial repository.

If you want me to look at something, file a report on Discourse with reproduction steps that I can follow to reproduce the issue. I don't need any other discussion or context. I do need working reproduction steps.

Dec 13 2018, 5:46 PM · Bug Report (Needs Information)
epriestley added a comment to T12521: "(Exception) Expected nonempty 'cmds' specification!" when trying to clone or pull mercurial repository.

No.

Dec 13 2018, 5:43 PM · Bug Report (Needs Information)
arrowd added a comment to T12521: "(Exception) Expected nonempty 'cmds' specification!" when trying to clone or pull mercurial repository.

@epriestley I have seen you working on Mercurial stuff. Can you take a look at my findings above?

Dec 13 2018, 4:38 PM · Bug Report (Needs Information)
epriestley committed rPecae936d9701: Fix another qsprintf() straggler in "Has Open Subtasks" (authored by epriestley).
Fix another qsprintf() straggler in "Has Open Subtasks"
Dec 13 2018, 1:17 PM
epriestley closed D19880: Fix another qsprintf() straggler in "Has Open Subtasks".
Dec 13 2018, 1:17 PM
epriestley added a comment to T2549: Support linking multiple external accounts from the same provider with one Phabricator account.

Sorry, yeah, I meant T6703.

Dec 13 2018, 12:48 PM · Restricted Project, Restricted Project, LDAP, Auth, OAuthServer
urzds added a comment to T2549: Support linking multiple external accounts from the same provider with one Phabricator account.

I believe that instead of T7667 you meant to write T6703.

Dec 13 2018, 11:20 AM · Restricted Project, Restricted Project, LDAP, Auth, OAuthServer
joshuaspence accepted D19880: Fix another qsprintf() straggler in "Has Open Subtasks".

Looks about right.

Dec 13 2018, 1:07 AM
epriestley requested review of D19880: Fix another qsprintf() straggler in "Has Open Subtasks".
Dec 13 2018, 12:58 AM
epriestley committed rP9aa5a52fbd1b: Completely remove "LiskDAOSet" and "loadRelatives/loadOneRelative" (authored by epriestley).
Completely remove "LiskDAOSet" and "loadRelatives/loadOneRelative"
Dec 13 2018, 12:42 AM
epriestley closed T13218: Remove LiskDAO->loadOneRelative() as Resolved by committing rP9aa5a52fbd1b: Completely remove "LiskDAOSet" and "loadRelatives/loadOneRelative".
Dec 13 2018, 12:42 AM · Installing & Upgrading, Infrastructure
epriestley closed D19879: Completely remove "LiskDAOSet" and "loadRelatives/loadOneRelative".
Dec 13 2018, 12:42 AM
epriestley committed rP02933acbd5ae: Remove all application callers to "putInSet()" (authored by epriestley).
Remove all application callers to "putInSet()"
Dec 13 2018, 12:41 AM
epriestley closed D19878: Remove all application callers to "putInSet()".
Dec 13 2018, 12:41 AM
epriestley committed rP793f185d2924: Remove application callsites to "LiskDAO->loadOneRelative()" (authored by epriestley).
Remove application callsites to "LiskDAO->loadOneRelative()"
Dec 13 2018, 12:40 AM
epriestley closed D19876: Remove application callsites to "LiskDAO->loadOneRelative()".
Dec 13 2018, 12:39 AM
avivey awarded D19877: Move user approval to modular transactions a Like token.
Dec 13 2018, 12:39 AM
joshuaspence edited P2111 (An Untitled Masterwork).
Dec 13 2018, 12:36 AM
epriestley committed rP5c99163b7c80: Remove application callers to "LiskDAO->loadRelatives()" (authored by epriestley).
Remove application callers to "LiskDAO->loadRelatives()"
Dec 13 2018, 12:33 AM
epriestley closed D19874: Remove application callers to "LiskDAO->loadRelatives()".
Dec 13 2018, 12:33 AM
amckinley accepted D19879: Completely remove "LiskDAOSet" and "loadRelatives/loadOneRelative".
Dec 13 2018, 12:28 AM
amckinley accepted D19878: Remove all application callers to "putInSet()".
Dec 13 2018, 12:27 AM
joshuaspence edited P2111 (An Untitled Masterwork).
Dec 13 2018, 12:25 AM
joshuaspence created P2111 (An Untitled Masterwork).
Dec 13 2018, 12:24 AM
epriestley requested review of D19879: Completely remove "LiskDAOSet" and "loadRelatives/loadOneRelative".
Dec 13 2018, 12:18 AM
epriestley added a revision to T13218: Remove LiskDAO->loadOneRelative(): D19879: Completely remove "LiskDAOSet" and "loadRelatives/loadOneRelative".
Dec 13 2018, 12:16 AM · Installing & Upgrading, Infrastructure
epriestley requested review of D19878: Remove all application callers to "putInSet()".
Dec 13 2018, 12:15 AM
epriestley added a revision to T13218: Remove LiskDAO->loadOneRelative(): D19878: Remove all application callers to "putInSet()".
Dec 13 2018, 12:13 AM · Installing & Upgrading, Infrastructure
amckinley committed rPaba99459238f: Move user approval to modular transactions (authored by amckinley).
Move user approval to modular transactions
Dec 13 2018, 12:12 AM
amckinley closed D19877: Move user approval to modular transactions.
Dec 13 2018, 12:12 AM
amckinley updated the diff for D19877: Move user approval to modular transactions.

Move logging in PhabricatorUserDisableTransaction.

Dec 13 2018, 12:08 AM
epriestley accepted D19877: Move user approval to modular transactions.
Dec 13 2018, 12:07 AM
amckinley updated the diff for D19877: Move user approval to modular transactions.

Override requireCapabilities to correctly check permissions.

Dec 13 2018, 12:07 AM
epriestley added a comment to D19877: Move user approval to modular transactions.

The effects of this change are left as an exercise for the reader, but PhabricatorPeopleDisableController, for example, won't let you disable a user that has already been approved.

Dec 13 2018, 12:06 AM
epriestley added a comment to D19877: Move user approval to modular transactions.

You could also move the log in Disable if you want. I'm not sure anyone's going to approve or disable a user while creating them (and you can't create via the API today anyway) but I think this implementation allows it and the other one doesn't necessarily.

Dec 13 2018, 12:04 AM
epriestley requested changes to D19877: Move user approval to modular transactions.

Looks great to me except for the permissions juggling, try this inline?

Dec 13 2018, 12:02 AM
amckinley added a comment to D19877: Move user approval to modular transactions.

Also note that this is a slight behavior change, because it is now possible to "unapprove" an already-approved user (primarily by using Conduit). The effects of this change are left as an exercise for the reader, but PhabricatorPeopleDisableController, for example, won't let you disable a user that has already been approved.

Dec 13 2018, 12:00 AM
epriestley added inline comments to D19877: Move user approval to modular transactions.
Dec 13 2018, 12:00 AM

Dec 12 2018

amckinley accepted D19876: Remove application callsites to "LiskDAO->loadOneRelative()".
Dec 12 2018, 11:57 PM
epriestley added inline comments to D19877: Move user approval to modular transactions.
Dec 12 2018, 11:55 PM
amckinley accepted D19874: Remove application callers to "LiskDAO->loadRelatives()".
Dec 12 2018, 11:54 PM
amckinley added inline comments to D19877: Move user approval to modular transactions.
Dec 12 2018, 11:53 PM
amckinley added inline comments to D19877: Move user approval to modular transactions.
Dec 12 2018, 11:52 PM
amckinley requested review of D19877: Move user approval to modular transactions.
Dec 12 2018, 11:52 PM
epriestley requested review of D19876: Remove application callsites to "LiskDAO->loadOneRelative()".
Dec 12 2018, 11:51 PM
epriestley added a revision to T13218: Remove LiskDAO->loadOneRelative(): D19876: Remove application callsites to "LiskDAO->loadOneRelative()".
Dec 12 2018, 11:49 PM · Installing & Upgrading, Infrastructure
epriestley requested review of D19874: Remove application callers to "LiskDAO->loadRelatives()".
Dec 12 2018, 11:41 PM
epriestley added a revision to T13218: Remove LiskDAO->loadOneRelative(): D19874: Remove application callers to "LiskDAO->loadRelatives()".
Dec 12 2018, 11:39 PM · Installing & Upgrading, Infrastructure
epriestley updated the task description for T784: Allow Differential changesets to be marked with various attributes.
Dec 12 2018, 11:24 PM · Restricted Project, Restricted Project, Restricted Project, Arcanist, Differential
amckinley committed rP5cb462d511c7: Show more of UTC offset when user's TZ is not an integer number of hours offset (authored by amckinley).
Show more of UTC offset when user's TZ is not an integer number of hours offset
Dec 12 2018, 10:02 PM
amckinley closed D19873: Show more of UTC offset when user's TZ is not an integer number of hours offset.
Dec 12 2018, 10:02 PM
epriestley added a comment to D19873: Show more of UTC offset when user's TZ is not an integer number of hours offset.

🌈

Dec 12 2018, 10:02 PM
amckinley updated the diff for D19873: Show more of UTC offset when user's TZ is not an integer number of hours offset.

Repeated code.

Dec 12 2018, 10:02 PM
amckinley added a comment to D19873: Show more of UTC offset when user's TZ is not an integer number of hours offset.

New appearance:

Screen Shot 2018-12-13 at 8.29.20 AM.png (277×840 px, 34 KB)

Dec 12 2018, 10:02 PM
amckinley updated the diff for D19873: Show more of UTC offset when user's TZ is not an integer number of hours offset.

Change format string to match "hours:minutes", rename variables for clarity.

Dec 12 2018, 10:00 PM
epriestley accepted D19873: Show more of UTC offset when user's TZ is not an integer number of hours offset.

I didn't know about %+, neat.

Dec 12 2018, 9:47 PM
amckinley requested review of D19873: Show more of UTC offset when user's TZ is not an integer number of hours offset.
Dec 12 2018, 9:21 PM
epriestley added a comment to T13222: 2018 Week 48-51 Bonus Content.

This should learn from Auth and support multiple providers of the same type from initial implementation (see T6703).

Dec 12 2018, 8:37 PM · Plans
epriestley moved T5504: Figure out how to render external accounts in the UI from Backlog to Grey Users / Nuance on the Auth board.
Dec 12 2018, 8:36 PM · Restricted Project, Auth
epriestley moved T4310: Allow external users to establish real sessions from Backlog to Grey Users / Nuance on the Auth board.
Dec 12 2018, 8:36 PM · Auth
epriestley moved T1205: Allow grey users in some form or other from Backlog to Grey Users / Nuance on the Auth board.
Dec 12 2018, 8:36 PM · Restricted Project, People, Auth, Wikimedia
epriestley moved T6115: Allow multi-factor authentication to be a requirement for user subgroups, including administrators from Backlog to MFA on the Auth board.
Dec 12 2018, 8:29 PM · Haskell.org, Auth
epriestley moved T4184: API does not contain user.create from Backlog to Far Future on the Auth board.
Dec 12 2018, 8:28 PM · Restricted Project, FreeBSD, Conduit, Auth
epriestley merged T6117: The login screen is pretty confusing when you have LDAP and Username/Password enabled into T11514: Authentication should have a way to customize the credentials name.
Dec 12 2018, 8:27 PM · Auth, LDAP, Feature Request
epriestley merged task T6117: The login screen is pretty confusing when you have LDAP and Username/Password enabled into T11514: Authentication should have a way to customize the credentials name.
Dec 12 2018, 8:27 PM · Auth
epriestley moved T6549: Backup codes for multi-factor authentication from Backlog to MFA on the Auth board.
Dec 12 2018, 8:26 PM · Restricted Project, Auth
epriestley moved T8787: Add support for U2F MFA once browser implementations improve and compatible hardware is more widely available from Backlog to MFA on the Auth board.
Dec 12 2018, 8:26 PM · Haskell.org, Auth
epriestley moved T4279: Improve auth/LDAP import tools to assist in linking/merging accounts and migrations across providers from Backlog to LDAP is Special on the Auth board.
Dec 12 2018, 8:25 PM · Auth