Page MenuHomePhabricator
Feed Advanced Search

Yesterday

epriestley committed rP54b952df5d14: Fix weird gap/spacing on user "Manage" page (authored by epriestley).
Fix weird gap/spacing on user "Manage" page
Fri, Dec 14, 11:40 PM
epriestley closed D19892: Fix weird gap/spacing on user "Manage" page.
Fri, Dec 14, 11:40 PM
epriestley accepted D19891: Move admin promotions to modular transactions.

I feel like there's a word for being kicked out of Hogwarts and having your wizarding powers revoked, but it is not leaping to mind.

Fri, Dec 14, 11:37 PM
epriestley requested review of D19892: Fix weird gap/spacing on user "Manage" page.
Fri, Dec 14, 11:30 PM
epriestley added inline comments to D19886: Track MFA "challenges" so we can bind challenges to sessions and support SMS and other push MFA.
Fri, Dec 14, 10:45 PM
epriestley added a comment to D19888: Add a garbage collector for MFA challenges.

Yeah -- I initially kept it for a week, but then I was like "it would be better to make that week configurable since it's kind of weird to hard-code it and there's support to make it configurable...", but that was kind of a bit more code and we'd end up with a mild mess removing it later since the configurable part gets stored in Config. I'd also guess there's a real possibility that we never actually look at this table to debug anything.

Fri, Dec 14, 10:06 PM
epriestley added inline comments to D19890: Simplify and correct some challenge TTL lockout code.
Fri, Dec 14, 4:07 PM
epriestley added inline comments to D19886: Track MFA "challenges" so we can bind challenges to sessions and support SMS and other push MFA.
Fri, Dec 14, 4:02 PM
epriestley added a comment to D19886: Track MFA "challenges" so we can bind challenges to sessions and support SMS and other push MFA.

Some of the TTL/window stuff is a little funky here, my expectation is that this change more of a "shaped roughly correctly/moving us in the right direction" kind of change than a polished product. D19890 improves things a bit. Changes in this sequence all make life harder for attackers, but until everything is in the actual security model the changes implement may have some weird holes in it.

Fri, Dec 14, 4:00 PM
epriestley requested review of D19890: Simplify and correct some challenge TTL lockout code.
Fri, Dec 14, 3:59 PM
epriestley added a revision to T13222: 2018 Week 48-50 Bonus Content: D19890: Simplify and correct some challenge TTL lockout code.
Fri, Dec 14, 3:57 PMPlans
epriestley added a child revision for D19889: Bind MFA challenges to particular workflows, like signing a specific Legalpad document: D19890: Simplify and correct some challenge TTL lockout code.
Fri, Dec 14, 3:57 PM
epriestley updated the diff for D19889: Bind MFA challenges to particular workflows, like signing a specific Legalpad document.
  • Move a related logic change to the next diff.
Fri, Dec 14, 2:26 PM
epriestley requested review of D19889: Bind MFA challenges to particular workflows, like signing a specific Legalpad document.
Fri, Dec 14, 2:18 PM
epriestley added a revision to T13222: 2018 Week 48-50 Bonus Content: D19889: Bind MFA challenges to particular workflows, like signing a specific Legalpad document.
Fri, Dec 14, 2:16 PMPlans
epriestley added a child revision for D19888: Add a garbage collector for MFA challenges: D19889: Bind MFA challenges to particular workflows, like signing a specific Legalpad document.
Fri, Dec 14, 2:16 PM
epriestley requested review of D19888: Add a garbage collector for MFA challenges.
Fri, Dec 14, 1:34 PM
epriestley added a child revision for D19886: Track MFA "challenges" so we can bind challenges to sessions and support SMS and other push MFA: D19888: Add a garbage collector for MFA challenges.
Fri, Dec 14, 1:32 PM
epriestley added a revision to T13222: 2018 Week 48-50 Bonus Content: D19888: Add a garbage collector for MFA challenges.
Fri, Dec 14, 1:32 PMPlans
epriestley added a comment to D19887: Move user renames to modular transactions.

馃嵃

Fri, Dec 14, 12:47 AM
epriestley added inline comments to D19887: Move user renames to modular transactions.
Fri, Dec 14, 12:32 AM
epriestley added inline comments to D19887: Move user renames to modular transactions.
Fri, Dec 14, 12:30 AM
epriestley accepted D19887: Move user renames to modular transactions.
Fri, Dec 14, 12:27 AM
epriestley added a comment to D19885: Require MFA implementations to return a formal result object when validating factors.

D19886 ended up renaming "Hint" to "Error Message" and pushing the instanceof X logic into the abstract base AuthFactor class, using this sorta thing:

Fri, Dec 14, 12:17 AM
epriestley committed rP080fb1985f29: Upgrade an old "weakDigest()" inside TOTP synchronization code (authored by epriestley).
Upgrade an old "weakDigest()" inside TOTP synchronization code
Fri, Dec 14, 12:16 AM
epriestley added a commit to T12509: Plan the path forward from HMAC-SHA1: rP080fb1985f29: Upgrade an old "weakDigest()" inside TOTP synchronization code.
Fri, Dec 14, 12:16 AMInfrastructure, Security
epriestley added a commit to T13222: 2018 Week 48-50 Bonus Content: rP080fb1985f29: Upgrade an old "weakDigest()" inside TOTP synchronization code.
Fri, Dec 14, 12:16 AMPlans
epriestley closed D19884: Upgrade an old "weakDigest()" inside TOTP synchronization code.
Fri, Dec 14, 12:16 AM
epriestley committed rP1d34238dc945: Upgrade sessions digests to HMAC256, retaining compatibility with old digests (authored by epriestley).
Upgrade sessions digests to HMAC256, retaining compatibility with old digests
Fri, Dec 14, 12:16 AM
epriestley added a commit to T13225: Complete session digest migration from SHA1 to SHA256: rP1d34238dc945: Upgrade sessions digests to HMAC256, retaining compatibility with old digests.
Fri, Dec 14, 12:15 AMInstalling & Upgrading, Infrastructure, Security
epriestley closed D19883: Upgrade sessions digests to HMAC256, retaining compatibility with old digests.
Fri, Dec 14, 12:15 AM
epriestley added a commit to T13222: 2018 Week 48-50 Bonus Content: rP1d34238dc945: Upgrade sessions digests to HMAC256, retaining compatibility with old digests.
Fri, Dec 14, 12:15 AMPlans
epriestley committed rPc58506aeaace: Give sessions real PHIDs and slightly modernize session queries (authored by epriestley).
Give sessions real PHIDs and slightly modernize session queries
Fri, Dec 14, 12:15 AM
epriestley closed D19881: Give sessions real PHIDs and slightly modernize session queries.
Fri, Dec 14, 12:14 AM
epriestley added a commit to T13222: 2018 Week 48-50 Bonus Content: rPc58506aeaace: Give sessions real PHIDs and slightly modernize session queries.
Fri, Dec 14, 12:14 AMPlans

Thu, Dec 13

epriestley requested review of D19886: Track MFA "challenges" so we can bind challenges to sessions and support SMS and other push MFA.
Thu, Dec 13, 11:46 PM
epriestley added a revision to T9770: It is possible to use the same 2FA token more than once: D19886: Track MFA "challenges" so we can bind challenges to sessions and support SMS and other push MFA.
Thu, Dec 13, 11:44 PMSecurity, Auth
epriestley added a revision to T13222: 2018 Week 48-50 Bonus Content: D19886: Track MFA "challenges" so we can bind challenges to sessions and support SMS and other push MFA.
Thu, Dec 13, 11:44 PMPlans
epriestley added a comment to T13219: When returning a writable connection as a "r" connection, label it so it can be reused as a "w" connection.

Yeah, that's T10769.

Thu, Dec 13, 11:41 PMClusters, Infrastructure
epriestley added inline comments to D19885: Require MFA implementations to return a formal result object when validating factors.
Thu, Dec 13, 9:22 PM
epriestley added inline comments to D19883: Upgrade sessions digests to HMAC256, retaining compatibility with old digests.
Thu, Dec 13, 9:03 PM
epriestley requested review of D19885: Require MFA implementations to return a formal result object when validating factors.
Thu, Dec 13, 8:42 PM
epriestley added a revision to T13222: 2018 Week 48-50 Bonus Content: D19885: Require MFA implementations to return a formal result object when validating factors.
Thu, Dec 13, 8:41 PMPlans
epriestley committed rPHUcad1985726c9: Fix construction of two new qsprintf() exceptions (authored by epriestley).
Fix construction of two new qsprintf() exceptions
Thu, Dec 13, 8:22 PM
epriestley added a commit to T13217: Upgrading: Hardening of qsprintf(): rPHUcad1985726c9: Fix construction of two new qsprintf() exceptions.
Thu, Dec 13, 8:22 PMInstalling & Upgrading, Infrastructure, Security, Guides
epriestley added a commit to T13222: 2018 Week 48-50 Bonus Content: rPHUcad1985726c9: Fix construction of two new qsprintf() exceptions.
Thu, Dec 13, 8:22 PMPlans
epriestley closed D19882: Fix construction of two new qsprintf() exceptions.
Thu, Dec 13, 8:22 PM
epriestley requested review of D19884: Upgrade an old "weakDigest()" inside TOTP synchronization code.
Thu, Dec 13, 8:21 PM
epriestley added a revision to T12509: Plan the path forward from HMAC-SHA1: D19884: Upgrade an old "weakDigest()" inside TOTP synchronization code.
Thu, Dec 13, 8:19 PMInfrastructure, Security
epriestley added a revision to T13222: 2018 Week 48-50 Bonus Content: D19884: Upgrade an old "weakDigest()" inside TOTP synchronization code.
Thu, Dec 13, 8:19 PMPlans
epriestley requested review of D19883: Upgrade sessions digests to HMAC256, retaining compatibility with old digests.
Thu, Dec 13, 7:33 PM
epriestley added a revision to T13225: Complete session digest migration from SHA1 to SHA256: D19883: Upgrade sessions digests to HMAC256, retaining compatibility with old digests.
Thu, Dec 13, 7:31 PMInstalling & Upgrading, Infrastructure, Security
epriestley added a revision to T13222: 2018 Week 48-50 Bonus Content: D19883: Upgrade sessions digests to HMAC256, retaining compatibility with old digests.
Thu, Dec 13, 7:31 PMPlans
epriestley added a comment to T13222: 2018 Week 48-50 Bonus Content.

One piece of minor mess here -- when you bin/auth recover yourself into a MFA'd account, you can get two MFA prompts: one to upgrade the session, then one to allow you to perform a password reset. Probably, the contextless password reset should only require MFA if you actually submit the form, and should do one-shot MFA, and ideally should carry the challenge tokens from the login and belong to the same workflow, although that's probably impractical.

Thu, Dec 13, 7:21 PMPlans
epriestley requested review of D19882: Fix construction of two new qsprintf() exceptions.
Thu, Dec 13, 7:02 PM
epriestley added a revision to T13217: Upgrading: Hardening of qsprintf(): D19882: Fix construction of two new qsprintf() exceptions.
Thu, Dec 13, 7:01 PMInstalling & Upgrading, Infrastructure, Security, Guides
epriestley added a revision to T13222: 2018 Week 48-50 Bonus Content: D19882: Fix construction of two new qsprintf() exceptions.
Thu, Dec 13, 7:01 PMPlans
epriestley triaged T13225: Complete session digest migration from SHA1 to SHA256 as Low priority.
Thu, Dec 13, 6:42 PMInstalling & Upgrading, Infrastructure, Security
epriestley requested review of D19881: Give sessions real PHIDs and slightly modernize session queries.
Thu, Dec 13, 6:36 PM
epriestley added a revision to T13222: 2018 Week 48-50 Bonus Content: D19881: Give sessions real PHIDs and slightly modernize session queries.
Thu, Dec 13, 6:34 PMPlans
epriestley added a comment to T13222: 2018 Week 48-50 Bonus Content.

Bind Challenges to Sessions

Thu, Dec 13, 6:03 PMPlans
epriestley added a comment to T12521: "(Exception) Expected nonempty 'cmds' specification!" when trying to clone or pull mercurial repository.

If you want me to look at something, file a report on Discourse with reproduction steps that I can follow to reproduce the issue. I don't need any other discussion or context. I do need working reproduction steps.

Thu, Dec 13, 5:46 PMBug Report (Needs Information)
epriestley added a comment to T12521: "(Exception) Expected nonempty 'cmds' specification!" when trying to clone or pull mercurial repository.

No.

Thu, Dec 13, 5:43 PMBug Report (Needs Information)
epriestley committed rPecae936d9701: Fix another qsprintf() straggler in "Has Open Subtasks" (authored by epriestley).
Fix another qsprintf() straggler in "Has Open Subtasks"
Thu, Dec 13, 1:17 PM
epriestley closed D19880: Fix another qsprintf() straggler in "Has Open Subtasks".
Thu, Dec 13, 1:17 PM
epriestley added a comment to T2549: Support linking multiple external accounts from the same provider with one Phabricator account.

Sorry, yeah, I meant T6703.

Thu, Dec 13, 12:48 PMRestricted Project, Restricted Project, LDAP, Auth, OAuthServer
epriestley requested review of D19880: Fix another qsprintf() straggler in "Has Open Subtasks".
Thu, Dec 13, 12:58 AM
epriestley committed rP9aa5a52fbd1b: Completely remove "LiskDAOSet" and "loadRelatives/loadOneRelative" (authored by epriestley).
Completely remove "LiskDAOSet" and "loadRelatives/loadOneRelative"
Thu, Dec 13, 12:42 AM
epriestley closed T13218: Remove LiskDAO->loadOneRelative() as Resolved by committing rP9aa5a52fbd1b: Completely remove "LiskDAOSet" and "loadRelatives/loadOneRelative".
Thu, Dec 13, 12:42 AMInstalling & Upgrading, Infrastructure
epriestley closed D19879: Completely remove "LiskDAOSet" and "loadRelatives/loadOneRelative".
Thu, Dec 13, 12:42 AM
epriestley committed rP02933acbd5ae: Remove all application callers to "putInSet()" (authored by epriestley).
Remove all application callers to "putInSet()"
Thu, Dec 13, 12:41 AM
epriestley closed D19878: Remove all application callers to "putInSet()".
Thu, Dec 13, 12:41 AM
epriestley added a commit to T13218: Remove LiskDAO->loadOneRelative(): rP02933acbd5ae: Remove all application callers to "putInSet()".
Thu, Dec 13, 12:41 AMInstalling & Upgrading, Infrastructure
epriestley committed rP793f185d2924: Remove application callsites to "LiskDAO->loadOneRelative()" (authored by epriestley).
Remove application callsites to "LiskDAO->loadOneRelative()"
Thu, Dec 13, 12:40 AM
epriestley closed D19876: Remove application callsites to "LiskDAO->loadOneRelative()".
Thu, Dec 13, 12:39 AM
epriestley added a commit to T13218: Remove LiskDAO->loadOneRelative(): rP793f185d2924: Remove application callsites to "LiskDAO->loadOneRelative()".
Thu, Dec 13, 12:39 AMInstalling & Upgrading, Infrastructure
epriestley committed rP5c99163b7c80: Remove application callers to "LiskDAO->loadRelatives()" (authored by epriestley).
Remove application callers to "LiskDAO->loadRelatives()"
Thu, Dec 13, 12:33 AM
epriestley added a commit to T13218: Remove LiskDAO->loadOneRelative(): rP5c99163b7c80: Remove application callers to "LiskDAO->loadRelatives()".
Thu, Dec 13, 12:33 AMInstalling & Upgrading, Infrastructure
epriestley closed D19874: Remove application callers to "LiskDAO->loadRelatives()".
Thu, Dec 13, 12:33 AM
epriestley requested review of D19879: Completely remove "LiskDAOSet" and "loadRelatives/loadOneRelative".
Thu, Dec 13, 12:18 AM
epriestley added a revision to T13218: Remove LiskDAO->loadOneRelative(): D19879: Completely remove "LiskDAOSet" and "loadRelatives/loadOneRelative".
Thu, Dec 13, 12:16 AMInstalling & Upgrading, Infrastructure
epriestley requested review of D19878: Remove all application callers to "putInSet()".
Thu, Dec 13, 12:15 AM
epriestley added a revision to T13218: Remove LiskDAO->loadOneRelative(): D19878: Remove all application callers to "putInSet()".
Thu, Dec 13, 12:13 AMInstalling & Upgrading, Infrastructure
epriestley accepted D19877: Move user approval to modular transactions.
Thu, Dec 13, 12:07 AM
epriestley added a comment to D19877: Move user approval to modular transactions.

The effects of this change are left as an exercise for the reader, but PhabricatorPeopleDisableController, for example, won't let you disable a user that has already been approved.

Thu, Dec 13, 12:06 AM
epriestley added a comment to D19877: Move user approval to modular transactions.

You could also move the log in Disable if you want. I'm not sure anyone's going to approve or disable a user while creating them (and you can't create via the API today anyway) but I think this implementation allows it and the other one doesn't necessarily.

Thu, Dec 13, 12:04 AM
epriestley requested changes to D19877: Move user approval to modular transactions.

Looks great to me except for the permissions juggling, try this inline?

Thu, Dec 13, 12:02 AM
epriestley added inline comments to D19877: Move user approval to modular transactions.
Thu, Dec 13, 12:00 AM

Wed, Dec 12

epriestley added inline comments to D19877: Move user approval to modular transactions.
Wed, Dec 12, 11:55 PM
epriestley requested review of D19876: Remove application callsites to "LiskDAO->loadOneRelative()".
Wed, Dec 12, 11:51 PM
epriestley added a revision to T13218: Remove LiskDAO->loadOneRelative(): D19876: Remove application callsites to "LiskDAO->loadOneRelative()".
Wed, Dec 12, 11:49 PMInstalling & Upgrading, Infrastructure
epriestley requested review of D19874: Remove application callers to "LiskDAO->loadRelatives()".
Wed, Dec 12, 11:41 PM
epriestley added a revision to T13218: Remove LiskDAO->loadOneRelative(): D19874: Remove application callers to "LiskDAO->loadRelatives()".
Wed, Dec 12, 11:39 PMInstalling & Upgrading, Infrastructure
epriestley updated the task description for T784: Allow Differential changesets to be marked with various attributes.
Wed, Dec 12, 11:24 PMRestricted Project, Restricted Project, Restricted Project, Differential, Arcanist
epriestley added a comment to D19873: Show more of UTC offset when user's TZ is not an integer number of hours offset.

馃寛

Wed, Dec 12, 10:02 PM
epriestley accepted D19873: Show more of UTC offset when user's TZ is not an integer number of hours offset.

I didn't know about %+, neat.

Wed, Dec 12, 9:47 PM
epriestley added a comment to T13222: 2018 Week 48-50 Bonus Content.

This should learn from Auth and support multiple providers of the same type from initial implementation (see T6703).

Wed, Dec 12, 8:37 PMPlans
epriestley moved T5504: Figure out how to render external accounts in the UI from Backlog to Grey Users / Nuance on the Auth board.
Wed, Dec 12, 8:36 PMRestricted Project, Auth
epriestley moved T4310: Allow external users to establish real sessions from Backlog to Grey Users / Nuance on the Auth board.
Wed, Dec 12, 8:36 PMAuth
epriestley moved T1205: Allow grey users in some form or other from Backlog to Grey Users / Nuance on the Auth board.
Wed, Dec 12, 8:36 PMRestricted Project, People, Auth, Wikimedia