diff options
Diffstat (limited to 'extensions/PhabBugz')
-rw-r--r-- | extensions/PhabBugz/Extension.pm | 7 | ||||
-rwxr-xr-x | extensions/PhabBugz/bin/update_project_members.pl | 99 | ||||
-rw-r--r-- | extensions/PhabBugz/lib/Config.pm | 5 | ||||
-rw-r--r-- | extensions/PhabBugz/lib/Constants.pm | 8 | ||||
-rw-r--r-- | extensions/PhabBugz/lib/Feed.pm | 461 | ||||
-rw-r--r-- | extensions/PhabBugz/lib/Policy.pm | 26 | ||||
-rw-r--r-- | extensions/PhabBugz/lib/Project.pm | 43 | ||||
-rw-r--r-- | extensions/PhabBugz/lib/Revision.pm | 154 | ||||
-rw-r--r-- | extensions/PhabBugz/lib/User.pm | 5 | ||||
-rw-r--r-- | extensions/PhabBugz/lib/Util.pm | 457 | ||||
-rw-r--r-- | extensions/PhabBugz/lib/WebService.pm | 389 | ||||
-rw-r--r-- | extensions/PhabBugz/template/en/default/admin/email/squatter-alert.txt.tmpl | 34 | ||||
-rw-r--r-- | extensions/PhabBugz/template/en/default/admin/params/phabbugz.html.tmpl | 1 | ||||
-rw-r--r-- | extensions/PhabBugz/template/en/default/hook/global/user-error-errors.html.tmpl | 11 |
14 files changed, 806 insertions, 894 deletions
diff --git a/extensions/PhabBugz/Extension.pm b/extensions/PhabBugz/Extension.pm index ee96901a2..c857c60ab 100644 --- a/extensions/PhabBugz/Extension.pm +++ b/extensions/PhabBugz/Extension.pm @@ -18,11 +18,6 @@ use Bugzilla::Extension::PhabBugz::Feed; our $VERSION = '0.01'; -BEGIN { - *Bugzilla::User::phab_phid = sub { return $_[0]->{phab_phid}; }; - *Bugzilla::User::phab_review_status = sub { return $_[0]->{phab_review_status}; }; -} - sub config_add_panels { my ($self, $args) = @_; my $modules = $args->{panel_modules}; @@ -85,7 +80,7 @@ sub install_filesystem { my $files = $args->{'files'}; my $extensionsdir = bz_locations()->{'extensionsdir'}; - my $scriptname = $extensionsdir . "/PhabBugz/bin/phabbugzd.pl"; + my $scriptname = $extensionsdir . "/PhabBugz/bin/phabbugz_feed.pl"; $files->{$scriptname} = { perms => Bugzilla::Install::Filesystem::WS_EXECUTE diff --git a/extensions/PhabBugz/bin/update_project_members.pl b/extensions/PhabBugz/bin/update_project_members.pl deleted file mode 100755 index fe62170a6..000000000 --- a/extensions/PhabBugz/bin/update_project_members.pl +++ /dev/null @@ -1,99 +0,0 @@ -#!/usr/bin/perl - -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, You can obtain one at http://mozilla.org/MPL/2.0/. -# -# This Source Code Form is "Incompatible With Secondary Licenses", as -# defined by the Mozilla Public License, v. 2.0. - -use 5.10.1; -use strict; -use warnings; - -use lib qw(. lib local/lib/perl5); - -use Bugzilla; -BEGIN { Bugzilla->extensions() } - -use Bugzilla::Constants; -use Bugzilla::Error; -use Bugzilla::Group; - -use Bugzilla::Extension::PhabBugz::Project; -use Bugzilla::Extension::PhabBugz::Util qw( - get_phab_bmo_ids -); - -Bugzilla->usage_mode(USAGE_MODE_CMDLINE); - -my ($phab_uri, $phab_sync_groups); - -if (!Bugzilla->params->{phabricator_enabled}) { - exit; -} - -# Sanity checks -unless ($phab_uri = Bugzilla->params->{phabricator_base_uri}) { - ThrowUserError('invalid_phabricator_uri'); -} - -unless ($phab_sync_groups = Bugzilla->params->{phabricator_sync_groups}) { - ThrowUserError('invalid_phabricator_sync_groups'); -} - -# Loop through each group and perform the following: -# -# 1. Load flattened list of group members -# 2. Check to see if Phab project exists for 'bmo-<group_name>' -# 3. Create if does not exist with locked down policy. -# 4. Set project members to exact list -# 5. Profit - -my $sync_groups = Bugzilla::Group->match({ name => [ split('[,\s]+', $phab_sync_groups) ] }); - -foreach my $group (@$sync_groups) { - # Create group project if one does not yet exist - my $phab_project_name = 'bmo-' . $group->name; - my $project = Bugzilla::Extension::PhabBugz::Project->new_from_query({ - name => $phab_project_name - }); - if (!$project) { - my $secure_revision = Bugzilla::Extension::PhabBugz::Project->new_from_query({ - name => 'secure-revision' - }); - $project = Bugzilla::Extension::PhabBugz::Project->create({ - name => $phab_project_name, - description => 'BMO Security Group for ' . $group->name, - view_policy => $secure_revision->phid, - edit_policy => $secure_revision->phid, - join_policy => $secure_revision->phid - }); - } - - if (my @group_members = get_group_members($group)) { - $project->set_members(\@group_members); - $project->update(); - } -} - -sub get_group_members { - my ($group) = @_; - my $group_obj = ref $group ? $group : Bugzilla::Group->check({ name => $group }); - my $members_all = $group_obj->members_complete(); - my %users; - foreach my $name (keys %$members_all) { - foreach my $user (@{ $members_all->{$name} }) { - $users{$user->id} = $user; - } - } - - # Look up the phab ids for these users - my $phab_users = get_phab_bmo_ids({ ids => [ keys %users ] }); - foreach my $phab_user (@{ $phab_users }) { - $users{$phab_user->{id}}->{phab_phid} = $phab_user->{phid}; - } - - # We only need users who have accounts in phabricator - return grep { $_->phab_phid } values %users; -}
\ No newline at end of file diff --git a/extensions/PhabBugz/lib/Config.pm b/extensions/PhabBugz/lib/Config.pm index 85ba37e74..d4b71430b 100644 --- a/extensions/PhabBugz/lib/Config.pm +++ b/extensions/PhabBugz/lib/Config.pm @@ -31,11 +31,6 @@ sub get_param_list { checker => \&check_urlbase }, { - name => 'phabricator_sync_groups', - type => 't', - default => '', - }, - { name => 'phabricator_api_key', type => 't', default => '', diff --git a/extensions/PhabBugz/lib/Constants.pm b/extensions/PhabBugz/lib/Constants.pm index 754130f0b..1692f8fb9 100644 --- a/extensions/PhabBugz/lib/Constants.pm +++ b/extensions/PhabBugz/lib/Constants.pm @@ -16,12 +16,16 @@ our @EXPORT = qw( PHAB_AUTOMATION_USER PHAB_ATTACHMENT_PATTERN PHAB_CONTENT_TYPE - PHAB_POLL_SECONDS + PHAB_FEED_POLL_SECONDS + PHAB_USER_POLL_SECONDS + PHAB_GROUP_POLL_SECONDS ); use constant PHAB_ATTACHMENT_PATTERN => qr/^phabricator-D(\d+)/; use constant PHAB_AUTOMATION_USER => 'phab-bot@bmo.tld'; use constant PHAB_CONTENT_TYPE => 'text/x-phabricator-request'; -use constant PHAB_POLL_SECONDS => 5; +use constant PHAB_FEED_POLL_SECONDS => $ENV{PHAB_FEED_POLL} // 5; +use constant PHAB_USER_POLL_SECONDS => $ENV{PHAB_USER_POLL} // 60; +use constant PHAB_GROUP_POLL_SECONDS => $ENV{PHAB_GROUP_POLL} // 300; 1; diff --git a/extensions/PhabBugz/lib/Feed.pm b/extensions/PhabBugz/lib/Feed.pm index 074ecc0f9..c46d36c13 100644 --- a/extensions/PhabBugz/lib/Feed.pm +++ b/extensions/PhabBugz/lib/Feed.pm @@ -9,14 +9,21 @@ package Bugzilla::Extension::PhabBugz::Feed; use 5.10.1; +use IO::Async::Timer::Periodic; +use IO::Async::Loop; use List::Util qw(first); use List::MoreUtils qw(any); use Moo; +use Scalar::Util qw(blessed); +use Try::Tiny; -use Bugzilla::Logging; use Bugzilla::Constants; +use Bugzilla::Error; +use Bugzilla::Field; +use Bugzilla::Logging; +use Bugzilla::Mailer; use Bugzilla::Search; -use Bugzilla::Util qw(diff_arrays with_writable_database with_readonly_database); +use Bugzilla::Util qw(diff_arrays format_time with_writable_database with_readonly_database); use Bugzilla::Extension::PhabBugz::Constants; use Bugzilla::Extension::PhabBugz::Policy; @@ -25,13 +32,9 @@ use Bugzilla::Extension::PhabBugz::User; use Bugzilla::Extension::PhabBugz::Util qw( add_security_sync_comments create_revision_attachment - edit_revision_policy get_bug_role_phids - get_phab_bmo_ids - get_project_phid get_security_sync_groups is_attachment_phab_revision - make_revision_public request set_phab_user ); @@ -40,38 +43,85 @@ has 'is_daemon' => ( is => 'rw', default => 0 ); sub start { my ($self) = @_; - while (1) { - my $ok = eval { - if (Bugzilla->params->{phabricator_enabled}) { + + # Query for new revisions or changes + my $feed_timer = IO::Async::Timer::Periodic->new( + first_interval => 0, + interval => PHAB_FEED_POLL_SECONDS, + reschedule => 'drift', + on_tick => sub { + try{ $self->feed_query(); - Bugzilla->_cleanup(); } - 1; - }; - ERROR( $@ // "unknown exception" ) unless $ok; - sleep(PHAB_POLL_SECONDS); - } + catch { + FATAL($_); + }; + Bugzilla->_cleanup(); + }, + ); + + # Query for new users + my $user_timer = IO::Async::Timer::Periodic->new( + first_interval => 0, + interval => PHAB_USER_POLL_SECONDS, + reschedule => 'drift', + on_tick => sub { + try{ + $self->user_query(); + } + catch { + FATAL($_); + }; + Bugzilla->_cleanup(); + }, + ); + + # Update project membership in Phabricator based on Bugzilla groups + my $group_timer = IO::Async::Timer::Periodic->new( + first_interval => 0, + interval => PHAB_GROUP_POLL_SECONDS, + reschedule => 'drift', + on_tick => sub { + try{ + $self->group_query(); + } + catch { + FATAL($_); + }; + Bugzilla->_cleanup(); + }, + ); + + my $loop = IO::Async::Loop->new; + $loop->add($feed_timer); + $loop->add($user_timer); + $loop->add($group_timer); + $feed_timer->start; + $user_timer->start; + $group_timer->start; + $loop->run; } sub feed_query { my ($self) = @_; - my $dbh = Bugzilla->dbh; + + local Bugzilla::Logging->fields->{type} = 'FEED'; # Ensure Phabricator syncing is enabled if (!Bugzilla->params->{phabricator_enabled}) { - INFO("PHABRICATOR SYNC DISABLED"); + WARN("PHABRICATOR SYNC DISABLED"); return; } # PROCESS NEW FEED TRANSACTIONS - INFO("FEED: Fetching new transactions"); + INFO("Fetching new stories"); my $story_last_id = $self->get_last_id('feed'); # Check for new transctions (stories) my $new_stories = $self->new_stories($story_last_id); - INFO("FEED: No new stories") unless @$new_stories; + INFO("No new stories") unless @$new_stories; # Process each story foreach my $story_data (@$new_stories) { @@ -81,25 +131,29 @@ sub feed_query { my $object_phid = $story_data->{objectPHID}; my $story_text = $story_data->{text}; - DEBUG("STORY ID: $story_id"); - DEBUG("STORY PHID: $story_phid"); - DEBUG("AUTHOR PHID: $author_phid"); - DEBUG("OBJECT PHID: $object_phid"); + TRACE("STORY ID: $story_id"); + TRACE("STORY PHID: $story_phid"); + TRACE("AUTHOR PHID: $author_phid"); + TRACE("OBJECT PHID: $object_phid"); INFO("STORY TEXT: $story_text"); # Only interested in changes to revisions for now. if ($object_phid !~ /^PHID-DREV/) { - DEBUG("SKIPPING: Not a revision change"); + INFO("SKIPPING: Not a revision change"); $self->save_last_id($story_id, 'feed'); next; } # Skip changes done by phab-bot user - my $phab_users = get_phab_bmo_ids({ phids => [$author_phid] }); - if (@$phab_users) { - my $user = Bugzilla::User->new({ id => $phab_users->[0]->{id}, cache => 1 }); - if ($user->login eq PHAB_AUTOMATION_USER) { - DEBUG("SKIPPING: Change made by phabricator user"); + my $phab_user = Bugzilla::Extension::PhabBugz::User->new_from_query( + { + phids => [ $author_phid ] + } + ); + + if ($phab_user && $phab_user->bugzilla_id) { + if ($phab_user->bugzilla_user->login eq PHAB_AUTOMATION_USER) { + INFO("SKIPPING: Change made by phabricator user"); $self->save_last_id($story_id, 'feed'); next; } @@ -111,15 +165,69 @@ sub feed_query { $self->save_last_id($story_id, 'feed'); } + # Process any build targets as well. + my $dbh = Bugzilla->dbh; + + INFO("Checking for revisions in draft mode"); + my $build_targets = $dbh->selectall_arrayref( + "SELECT name, value FROM phabbugz WHERE name LIKE 'build_target_%'", + { Slice => {} } + ); + + my $delete_build_target = $dbh->prepare( + "DELETE FROM phabbugz WHERE name = ? AND VALUE = ?" + ); + + foreach my $target (@$build_targets) { + my ($revision_id) = ($target->{name} =~ /^build_target_(\d+)$/); + my $build_target = $target->{value}; + + next unless $revision_id && $build_target; + + INFO("Processing revision $revision_id with build target $build_target"); + + my $revision = + Bugzilla::Extension::PhabBugz::Revision->new_from_query( + { + ids => [ int($revision_id) ] + } + ); + + with_writable_database { + $self->process_revision_change($revision, " created D" . $revision->id); + }; + + # Set the build target to a passing status to + # allow the revision to exit draft state + request( 'harbormaster.sendmessage', { + buildTargetPHID => $build_target, + type => 'pass' + } ); + + $delete_build_target->execute($target->{name}, $target->{value}); + } +} + +sub user_query { + my ( $self ) = @_; + + local Bugzilla::Logging->fields->{type} = 'USERS'; + + # Ensure Phabricator syncing is enabled + if (!Bugzilla->params->{phabricator_enabled}) { + WARN("PHABRICATOR SYNC DISABLED"); + return; + } + # PROCESS NEW USERS - INFO("FEED: Fetching new users"); + INFO("Fetching new users"); my $user_last_id = $self->get_last_id('user'); # Check for new users my $new_users = $self->new_users($user_last_id); - INFO("FEED: No new users") unless @$new_users; + INFO("No new users") unless @$new_users; # Process each new user foreach my $user_data (@$new_users) { @@ -128,10 +236,10 @@ sub feed_query { my $user_realname = $user_data->{fields}{realName}; my $object_phid = $user_data->{phid}; - DEBUG("USER ID: $user_id"); - DEBUG("USER LOGIN: $user_login"); - DEBUG("USER REALNAME: $user_realname"); - DEBUG("OBJECT PHID: $object_phid"); + TRACE("ID: $user_id"); + TRACE("LOGIN: $user_login"); + TRACE("REALNAME: $user_realname"); + TRACE("OBJECT PHID: $object_phid"); with_readonly_database { $self->process_new_user($user_data); @@ -140,26 +248,110 @@ sub feed_query { } } +sub group_query { + my ($self) = @_; + + local Bugzilla::Logging->fields->{type} = 'GROUPS'; + + # Ensure Phabricator syncing is enabled + if ( !Bugzilla->params->{phabricator_enabled} ) { + WARN("PHABRICATOR SYNC DISABLED"); + return; + } + + # PROCESS SECURITY GROUPS + + INFO("Updating group memberships"); + + # Loop through each group and perform the following: + # + # 1. Load flattened list of group members + # 2. Check to see if Phab project exists for 'bmo-<group_name>' + # 3. Create if does not exist with locked down policy. + # 4. Set project members to exact list including phab-bot user + # 5. Profit + + my $sync_groups = Bugzilla::Group->match( { isactive => 1, isbuggroup => 1 } ); + + # Load phab-bot Phabricator user to add as a member of each project group later + my $phab_bmo_user = Bugzilla::User->new( { name => PHAB_AUTOMATION_USER, cache => 1 } ); + my $phab_user = + Bugzilla::Extension::PhabBugz::User->new_from_query( + { + ids => [ $phab_bmo_user->id ] + } + ); + + # secure-revision project that will be used for bmo group projects + my $secure_revision = + Bugzilla::Extension::PhabBugz::Project->new_from_query( + { + name => 'secure-revision' + } + ); + + foreach my $group (@$sync_groups) { + # Create group project if one does not yet exist + my $phab_project_name = 'bmo-' . $group->name; + my $project = + Bugzilla::Extension::PhabBugz::Project->new_from_query( + { + name => $phab_project_name + } + ); + + if ( !$project ) { + INFO("Project $phab_project_name not found. Creating."); + $project = Bugzilla::Extension::PhabBugz::Project->create( + { + name => $phab_project_name, + description => 'BMO Security Group for ' . $group->name, + view_policy => $secure_revision->phid, + edit_policy => $secure_revision->phid, + join_policy => $secure_revision->phid + } + ); + } + else { + # Make sure that the group project permissions are set properly + INFO("Updating permissions on $phab_project_name"); + $project->set_policy( 'view', $secure_revision->phid ); + $project->set_policy( 'edit', $secure_revision->phid ); + $project->set_policy( 'join', $secure_revision->phid ); + } + + # Make sure phab-bot also a member of the new project group so that it can + # make policy changes to the private revisions + INFO("Setting project members for " . $project->name); + my $set_members = $self->get_group_members( $group ); + push @$set_members, $phab_user unless grep $_->phid eq $phab_user->phid, @$set_members; + $project->set_members( $set_members ); + $project->update(); + } +} + sub process_revision_change { my ($self, $revision_phid, $story_text) = @_; # Load the revision from Phabricator - my $revision = Bugzilla::Extension::PhabBugz::Revision->new_from_query({ phids => [ $revision_phid ] }); + my $revision = + blessed $revision_phid + ? $revision_phid + : Bugzilla::Extension::PhabBugz::Revision->new_from_query({ phids => [ $revision_phid ] }); # NO BUG ID if (!$revision->bug_id) { if ($story_text =~ /\s+created\s+D\d+/) { # If new revision and bug id was omitted, make revision public - DEBUG("No bug associated with new revision. Marking public."); - $revision->set_policy('view', 'public'); - $revision->set_policy('edit', 'users'); + INFO("No bug associated with new revision. Marking public."); + $revision->make_public(); $revision->update(); INFO("SUCCESS"); return; } else { - DEBUG("SKIPPING: No bug associated with revision change"); + INFO("SKIPPING: No bug associated with revision change"); return; } } @@ -180,11 +372,8 @@ sub process_revision_change { # If bug is public then remove privacy policy if (!@{ $bug->groups_in }) { - DEBUG('Bug is public so setting view/edit public'); - $revision->set_policy('view', 'public'); - $revision->set_policy('edit', 'users'); - my $secure_project_phid = get_project_phid('secure-revision'); - $revision->remove_project($secure_project_phid); + INFO('Bug is public so setting view/edit public'); + $revision->make_public(); } # else bug is private. else { @@ -193,54 +382,51 @@ sub process_revision_change { # If bug privacy groups do not have any matching synchronized groups, # then leave revision private and it will have be dealt with manually. if (!@set_groups) { - DEBUG('No matching groups. Adding comments to bug and revision'); + INFO('No matching groups. Adding comments to bug and revision'); add_security_sync_comments([$revision], $bug); } # Otherwise, we create a new custom policy containing the project # groups that are mapped to bugzilla groups. else { - my @set_projects = map { "bmo-" . $_ } @set_groups; + my $set_project_names = [ map { "bmo-" . $_ } @set_groups ]; # If current policy projects matches what we want to set, then # we leave the current policy alone. my $current_policy; if ($revision->view_policy =~ /^PHID-PLCY/) { - DEBUG("Loading current policy: " . $revision->view_policy); + INFO("Loading current policy: " . $revision->view_policy); $current_policy = Bugzilla::Extension::PhabBugz::Policy->new_from_query({ phids => [ $revision->view_policy ]}); - my $current_projects = $current_policy->rule_projects; - DEBUG("Current policy projects: " . join(", ", @$current_projects)); - my ($added, $removed) = diff_arrays($current_projects, \@set_projects); + my $current_project_names = [ map { $_->name } @{ $current_policy->rule_projects } ]; + INFO("Current policy projects: " . join(", ", @$current_project_names)); + my ($added, $removed) = diff_arrays($current_project_names, $set_project_names); if (@$added || @$removed) { - DEBUG('Project groups do not match. Need new custom policy'); - $current_policy= undef; + INFO('Project groups do not match. Need new custom policy'); + $current_policy = undef; } else { - DEBUG('Project groups match. Leaving current policy as-is'); + INFO('Project groups match. Leaving current policy as-is'); } } if (!$current_policy) { - DEBUG("Creating new custom policy: " . join(", ", @set_projects)); - my $new_policy = Bugzilla::Extension::PhabBugz::Policy->create(\@set_projects); - $revision->set_policy('view', $new_policy->phid); - $revision->set_policy('edit', $new_policy->phid); + INFO("Creating new custom policy: " . join(", ", @$set_project_names)); + $revision->make_private($set_project_names); } - my $secure_project_phid = get_project_phid('secure-revision'); - $revision->add_project($secure_project_phid); + # Subscriber list of the private revision should always match + # the bug roles such as assignee, qa contact, and cc members. + my $subscribers = get_bug_role_phids($bug); + $revision->set_subscribers($subscribers); } - - # Subscriber list of the private revision should always match - # the bug roles such as assignee, qa contact, and cc members. - my $subscribers = get_bug_role_phids($bug); - $revision->set_subscribers($subscribers); } my ($timestamp) = Bugzilla->dbh->selectrow_array("SELECT NOW()"); - my $attachment = create_revision_attachment($bug, $revision, $timestamp); - + INFO('Checking for revision attachment'); + my $attachment = create_revision_attachment($bug, $revision, $timestamp, $revision->author->bugzilla_user); + INFO('Attachment ' . $attachment->id . ' created or already exists.'); + # ATTACHMENT OBSOLETES # fixup attachments on current bug @@ -252,11 +438,11 @@ sub process_revision_change { next if $attach_revision_id != $revision->id; my $make_obsolete = $revision->status eq 'abandoned' ? 1 : 0; - DEBUG('Updating obsolete status on attachmment ' . $attachment->id); + INFO('Updating obsolete status on attachmment ' . $attachment->id); $attachment->set_is_obsolete($make_obsolete); if ($revision->title ne $attachment->description) { - DEBUG('Updating description on attachment ' . $attachment->id); + INFO('Updating description on attachment ' . $attachment->id); $attachment->set_description($revision->title); } @@ -272,8 +458,8 @@ sub process_revision_change { }); foreach my $attachment (@$other_attachments) { $other_bugs{$attachment->bug_id}++; - DEBUG('Updating obsolete status on attachment ' . - $attachment->id . " for bug " . $attachment->bug_id); + INFO('Updating obsolete status on attachment ' . + $attachment->id . " for bug " . $attachment->bug_id); $attachment->set_is_obsolete(1); $attachment->update($timestamp); } @@ -281,17 +467,28 @@ sub process_revision_change { # REVIEWER STATUSES my (@accepted_phids, @denied_phids, @accepted_user_ids, @denied_user_ids); - unless ($revision->status eq 'changes-planned' || $revision->status eq 'needs-review') { - foreach my $reviewer (@{ $revision->reviewers }) { - push(@accepted_phids, $reviewer->phab_phid) if $reviewer->phab_review_status eq 'accepted'; - push(@denied_phids, $reviewer->phab_phid) if $reviewer->phab_review_status eq 'rejected'; - } + foreach my $reviewer (@{ $revision->reviewers }) { + push(@accepted_phids, $reviewer->phid) if $reviewer->{phab_review_status} eq 'accepted'; + push(@denied_phids, $reviewer->phid) if $reviewer->{phab_review_status} eq 'rejected'; } - my $phab_users = get_phab_bmo_ids({ phids => \@accepted_phids }); - @accepted_user_ids = map { $_->{id} } @$phab_users; - $phab_users = get_phab_bmo_ids({ phids => \@denied_phids }); - @denied_user_ids = map { $_->{id} } @$phab_users; + if ( @accepted_phids ) { + my $phab_users = Bugzilla::Extension::PhabBugz::User->match( + { + phids => \@accepted_phids + } + ); + @accepted_user_ids = map { $_->bugzilla_user->id } grep { defined $_->bugzilla_user } @$phab_users; + } + + if ( @denied_phids ) { + my $phab_users = Bugzilla::Extension::PhabBugz::User->match( + { + phids => \@denied_phids + } + ); + @denied_user_ids = map { $_->bugzilla_user->id } grep { defined $_->bugzilla_user } @$phab_users; + } my %reviewers_hash = map { $_->name => 1 } @{ $revision->reviewers }; @@ -299,19 +496,22 @@ sub process_revision_change { my ($attach_revision_id) = ($attachment->filename =~ PHAB_ATTACHMENT_PATTERN); next if $revision->id != $attach_revision_id; - # Clear old flags if no longer accepted + # Clear old accepted review flags if no longer accepted my (@denied_flags, @new_flags, @removed_flags, %accepted_done, $flag_type); foreach my $flag (@{ $attachment->flags }) { next if $flag->type->name ne 'review'; $flag_type = $flag->type if $flag->type->is_active; + next if $flag->status ne '+'; if (any { $flag->setter->id == $_ } @denied_user_ids) { + INFO('Denying review flag set by ' . $flag->setter->name); push(@denied_flags, { id => $flag->id, setter => $flag->setter, status => 'X' }); } if (any { $flag->setter->id == $_ } @accepted_user_ids) { + INFO('Skipping as review+ already set by ' . $flag->setter->name); $accepted_done{$flag->setter->id}++; } - if ($flag->status eq '+' - && !any { $flag->setter->id == $_ } (@accepted_user_ids, @denied_user_ids)) { + if (!any { $flag->setter->id == $_ } (@accepted_user_ids, @denied_user_ids)) { + INFO('Clearing review+ flag set by ' . $flag->setter->name); push(@removed_flags, { id => $flag->id, setter => $flag->setter, status => 'X' }); } } @@ -322,6 +522,7 @@ sub process_revision_change { foreach my $user_id (@accepted_user_ids) { next if $accepted_done{$user_id}; my $user = Bugzilla::User->check({ id => $user_id, cache => 1 }); + INFO('Setting new review+ flag for ' . $user->name); push(@new_flags, { type_id => $flag_type->id, setter => $user, status => '+' }); } @@ -344,6 +545,7 @@ sub process_revision_change { if ($comment) { $comment .= "\n" . Bugzilla->params->{phabricator_base_uri} . "D" . $revision->id; + INFO("Flag comment: $comment"); # Add transaction_id as anchor if one present # $comment .= "#" . $params->{transaction_id} if $params->{transaction_id}; $bug->add_comment($comment, { @@ -380,7 +582,7 @@ sub process_new_user { my $phab_user = Bugzilla::Extension::PhabBugz::User->new($user_data); if (!$phab_user->bugzilla_id) { - DEBUG("SKIPPING: No bugzilla id associated with user"); + WARN("SKIPPING: No bugzilla id associated with user"); return; } @@ -389,6 +591,55 @@ sub process_new_user { # Pre setup before querying DB my $old_user = set_phab_user(); + # CHECK AND WARN FOR POSSIBLE USERNAME SQUATTING + INFO("Checking for username squatters"); + my $dbh = Bugzilla->dbh; + my $regexp = $dbh->quote( ":?:" . quotemeta($phab_user->name) . "[[:>:]]" ); + my $results = $dbh->selectall_arrayref( " + SELECT userid, login_name, realname + FROM profiles + WHERE userid != ? AND " . $dbh->sql_regexp( 'realname', $regexp ), + { Slice => {} }, + $bug_user->id ); + if (@$results) { + # The email client will display the Date: header in the desired timezone, + # so we can always use UTC here. + my $timestamp = Bugzilla->dbh->selectrow_array('SELECT LOCALTIMESTAMP(0)'); + $timestamp = format_time($timestamp, '%a, %d %b %Y %T %z', 'UTC'); + + foreach my $row (@$results) { + WARN( + 'Possible username squatter: ', + 'phab user login: ' . $phab_user->name, + ' phab user realname: ' . $phab_user->realname, + ' bugzilla user id: ' . $row->{userid}, + ' bugzilla login: ' . $row->{login_name}, + ' bugzilla realname: ' . $row->{realname} + ); + + my $vars = { + date => $timestamp, + phab_user_login => $phab_user->name, + phab_user_realname => $phab_user->realname, + bugzilla_userid => $bug_user->id, + bugzilla_login => $bug_user->login, + bugzilla_realname => $bug_user->name, + squat_userid => $row->{userid}, + squat_login => $row->{login_name}, + squat_realname => $row->{realname} + }; + + my $message; + my $template = Bugzilla->template; + $template->process("admin/email/squatter-alert.txt.tmpl", $vars, \$message) + || ThrowTemplateError($template->error()); + + MessageToMTA($message); + } + } + + # ADD SUBSCRIBERS TO REVSISIONS FOR CURRENT PRIVATE BUGS + my $params = { f3 => 'OP', j3 => 'OR', @@ -432,8 +683,10 @@ sub process_new_user { # the first value of each row should be the bug id my @bug_ids = map { shift @$_ } @$data; + INFO("Updating subscriber values for old private bugs"); + foreach my $bug_id (@bug_ids) { - DEBUG("Processing bug $bug_id"); + INFO("Processing bug $bug_id"); my $bug = Bugzilla::Bug->new({ id => $bug_id, cache => 1 }); @@ -442,7 +695,8 @@ sub process_new_user { foreach my $attachment (@attachments) { my ($revision_id) = ($attachment->filename =~ PHAB_ATTACHMENT_PATTERN); - DEBUG("Processing revision D$revision_id"); + + INFO("Processing revision D$revision_id"); my $revision = Bugzilla::Extension::PhabBugz::Revision->new_from_query( { ids => [ int($revision_id) ] }); @@ -450,7 +704,7 @@ sub process_new_user { $revision->add_subscriber($phab_user->phid); $revision->update(); - DEBUG("Revision $revision_id updated"); + INFO("Revision $revision_id updated"); } } @@ -467,7 +721,9 @@ sub new_stories { my ( $self, $after ) = @_; my $data = { view => 'text' }; $data->{after} = $after if $after; + my $result = request( 'feed.query_id', $data ); + unless ( ref $result->{result}{data} eq 'ARRAY' && @{ $result->{result}{data} } ) { @@ -487,7 +743,9 @@ sub new_users { } }; $data->{before} = $after if $after; + my $result = request( 'user.search', $data ); + unless ( ref $result->{result}{data} eq 'ARRAY' && @{ $result->{result}{data} } ) { @@ -504,7 +762,7 @@ sub get_last_id { my $last_id = Bugzilla->dbh->selectrow_array( " SELECT value FROM phabbugz WHERE name = ?", undef, $type_full ); $last_id ||= 0; - DEBUG( "QUERY " . uc($type_full) . ": $last_id" ); + TRACE(uc($type_full) . ": $last_id" ); return $last_id; } @@ -513,9 +771,34 @@ sub save_last_id { # Store the largest last key so we can start from there in the next session my $type_full = $type . "_last_id"; - DEBUG( "UPDATING " . uc($type_full) . ": $last_id" ); + TRACE("UPDATING " . uc($type_full) . ": $last_id" ); Bugzilla->dbh->do( "REPLACE INTO phabbugz (name, value) VALUES (?, ?)", undef, $type_full, $last_id ); } +sub get_group_members { + my ( $self, $group ) = @_; + + my $group_obj = + ref $group ? $group : Bugzilla::Group->check( { name => $group, cache => 1 } ); + + my $flat_list = join(',', + @{ Bugzilla::Group->flatten_group_membership( $group_obj->id ) } ); + + my $user_query = " + SELECT DISTINCT profiles.userid + FROM profiles, user_group_map AS ugm + WHERE ugm.user_id = profiles.userid + AND ugm.isbless = 0 + AND ugm.group_id IN($flat_list)"; + my $user_ids = Bugzilla->dbh->selectcol_arrayref($user_query); + + # Return matching users in Phabricator + return Bugzilla::Extension::PhabBugz::User->match( + { + ids => $user_ids + } + ); +} + 1; diff --git a/extensions/PhabBugz/lib/Policy.pm b/extensions/PhabBugz/lib/Policy.pm index 8162ac52c..a86c83036 100644 --- a/extensions/PhabBugz/lib/Policy.pm +++ b/extensions/PhabBugz/lib/Policy.pm @@ -41,7 +41,7 @@ has 'rules' => ( has 'rule_projects' => ( is => 'lazy', - isa => ArrayRef[Str], + isa => ArrayRef[Object], ); # { @@ -88,7 +88,7 @@ sub new_from_query { } sub create { - my ($class, $project_names) = @_; + my ($class, $projects) = @_; my $data = { objectType => 'DREV', @@ -97,23 +97,19 @@ sub create { { action => 'allow', rule => 'PhabricatorSubscriptionsSubscribersPolicyRule', + }, + { + action => 'allow', + rule => 'PhabricatorDifferentialReviewersPolicyRule' } ] }; - if (@$project_names) { - my $project_phids = []; - foreach my $project_name (@$project_names) { - my $project = Bugzilla::Extension::PhabBugz::Project->new_from_query({ name => $project_name }); - push @$project_phids, $project->phid if $project; - } - - ThrowUserError('invalid_phabricator_sync_groups') unless @$project_phids; - + if (@$projects) { push @{ $data->{policy} }, { action => 'allow', - rule => 'PhabricatorProjectsPolicyRule', - value => $project_phids, + rule => 'PhabricatorProjectsAllPolicyRule', + value => [ map { $_->phid } @$projects ], }; } else { @@ -131,11 +127,9 @@ sub _build_rule_projects { my ($self) = @_; return [] unless $self->rules; - my $rule = first { $_->{rule} eq 'PhabricatorProjectsPolicyRule'} @{ $self->rules }; + my $rule = first { $_->{rule} =~ /PhabricatorProjects(?:All)?PolicyRule/ } @{ $self->rules }; return [] unless $rule; return [ - map { $_->name } - grep { $_ } map { Bugzilla::Extension::PhabBugz::Project->new_from_query( { phids => [$_] } ) } @{ $rule->{value} } ]; diff --git a/extensions/PhabBugz/lib/Project.pm b/extensions/PhabBugz/lib/Project.pm index b0babc58b..c52e1a661 100644 --- a/extensions/PhabBugz/lib/Project.pm +++ b/extensions/PhabBugz/lib/Project.pm @@ -9,15 +9,14 @@ package Bugzilla::Extension::PhabBugz::Project; use 5.10.1; use Moo; +use Scalar::Util qw(blessed); use Types::Standard -all; use Type::Utils; use Bugzilla::Error; use Bugzilla::Util qw(trim); -use Bugzilla::Extension::PhabBugz::Util qw( - request - get_phab_bmo_ids -); +use Bugzilla::Extension::PhabBugz::User; +use Bugzilla::Extension::PhabBugz::Util qw(request); ######################### # Initialization # @@ -47,7 +46,18 @@ sub new_from_query { my $result = request( 'project.search', $data ); if ( exists $result->{result}{data} && @{ $result->{result}{data} } ) { - return $class->new( $result->{result}{data}[0] ); + # If name is used as a query param, we need to loop through and look + # for exact match as Conduit will tokenize the name instead of doing + # exact string match :( If name is not used, then return first one. + if ( exists $params->{name} ) { + foreach my $item ( @{ $result->{result}{data} } ) { + next if $item->{fields}{name} ne $params->{name}; + return $class->new($item); + } + } + else { + return $class->new( $result->{result}{data}[0] ); + } } } @@ -157,7 +167,7 @@ sub create { my $result = request( 'project.edit', $data ); return $class->new_from_query( - { phids => $result->{result}{object}{phid} } ); + { phids => [ $result->{result}{object}{phid} ] } ); } sub update { @@ -270,20 +280,20 @@ sub set_description { sub add_member { my ( $self, $member ) = @_; $self->{add_members} ||= []; - my $member_phid = blessed $member ? $member->phab_phid : $member; + my $member_phid = blessed $member ? $member->phid : $member; push( @{ $self->{add_members} }, $member_phid ); } sub remove_member { my ( $self, $member ) = @_; $self->{remove_members} ||= []; - my $member_phid = blessed $member ? $member->phab_phid : $member; + my $member_phid = blessed $member ? $member->phid : $member; push( @{ $self->{remove_members} }, $member_phid ); } sub set_members { my ( $self, $members ) = @_; - $self->{set_members} = [ map { $_->phab_phid } @$members ]; + $self->{set_members} = [ map { blessed $_ ? $_->phid : $_ } @$members ]; } sub set_policy { @@ -307,16 +317,13 @@ sub _build_members { return [] if !@phids; - my $users = get_phab_bmo_ids( { phids => \@phids } ); - - my @members; - foreach my $user (@$users) { - my $member = Bugzilla::User->new( { id => $user->{id}, cache => 1 } ); - $member->{phab_phid} = $user->{phid}; - push( @members, $member ); - } + my $users = Bugzilla::Extension::PhabBugz::User->match( + { + phids => \@phids + } + ); - return \@members; + return [ map { $_->bugzilla_user } @$users ]; } 1; diff --git a/extensions/PhabBugz/lib/Revision.pm b/extensions/PhabBugz/lib/Revision.pm index 98c3196c2..900454220 100644 --- a/extensions/PhabBugz/lib/Revision.pm +++ b/extensions/PhabBugz/lib/Revision.pm @@ -17,10 +17,9 @@ use Type::Utils; use Bugzilla::Bug; use Bugzilla::Error; use Bugzilla::Util qw(trim); -use Bugzilla::Extension::PhabBugz::Util qw( - get_phab_bmo_ids - request -); +use Bugzilla::Extension::PhabBugz::Project; +use Bugzilla::Extension::PhabBugz::User; +use Bugzilla::Extension::PhabBugz::Util qw(request); ######################### # Initialization # @@ -37,12 +36,12 @@ has author_phid => ( is => 'ro', isa => Str ); has bug_id => ( is => 'ro', isa => Str ); has view_policy => ( is => 'ro', isa => Str ); has edit_policy => ( is => 'ro', isa => Str ); -has projects_raw => ( is => 'ro', isa => ArrayRef [Str] ); has subscriber_count => ( is => 'ro', isa => Int ); has bug => ( is => 'lazy', isa => Object ); has author => ( is => 'lazy', isa => Object ); has reviewers => ( is => 'lazy', isa => ArrayRef [Object] ); has subscribers => ( is => 'lazy', isa => ArrayRef [Object] ); +has projects => ( is => 'lazy', isa => ArrayRef [Object] ); has reviewers_raw => ( is => 'ro', isa => ArrayRef [ @@ -62,6 +61,12 @@ has subscribers_raw => ( viewerIsSubscribed => Bool, ] ); +has projects_raw => ( + is => 'ro', + isa => Dict [ + projectPHIDs => ArrayRef [Str] + ] +); sub new_from_query { my ( $class, $params ) = @_; @@ -93,18 +98,18 @@ sub new_from_query { sub BUILDARGS { my ( $class, $params ) = @_; - $params->{title} = $params->{fields}->{title}; - $params->{summary} = $params->{fields}->{summary}; - $params->{status} = $params->{fields}->{status}->{value}; - $params->{creation_ts} = $params->{fields}->{dateCreated}; - $params->{modification_ts} = $params->{fields}->{dateModified}; - $params->{author_phid} = $params->{fields}->{authorPHID}; - $params->{bug_id} = $params->{fields}->{'bugzilla.bug-id'}; - $params->{view_policy} = $params->{fields}->{policy}->{view}; - $params->{edit_policy} = $params->{fields}->{policy}->{edit}; - $params->{reviewers_raw} = $params->{attachments}->{reviewers}->{reviewers}; - $params->{subscribers_raw} = $params->{attachments}->{subscribers}; - $params->{projects} = $params->{attachments}->{projects}; + $params->{title} = $params->{fields}->{title}; + $params->{summary} = $params->{fields}->{summary}; + $params->{status} = $params->{fields}->{status}->{value}; + $params->{creation_ts} = $params->{fields}->{dateCreated}; + $params->{modification_ts} = $params->{fields}->{dateModified}; + $params->{author_phid} = $params->{fields}->{authorPHID}; + $params->{bug_id} = $params->{fields}->{'bugzilla.bug-id'}; + $params->{view_policy} = $params->{fields}->{policy}->{view}; + $params->{edit_policy} = $params->{fields}->{policy}->{edit}; + $params->{reviewers_raw} = $params->{attachments}->{reviewers}->{reviewers}; + $params->{subscribers_raw} = $params->{attachments}->{subscribers}; + $params->{projects_raw} = $params->{attachments}->{projects}; $params->{subscriber_count} = $params->{attachments}->{subscribers}->{subscriberCount}; @@ -284,12 +289,13 @@ sub _build_bug { sub _build_author { my ($self) = @_; return $self->{author} if $self->{author}; - my $users = get_phab_bmo_ids( { phids => [ $self->author_phid ] } ); - if (@$users) { - $self->{author} = - new Bugzilla::User( { id => $users->[0]->{id}, cache => 1 } ); - $self->{author}->{phab_phid} = $self->author_phid; - return $self->{author}; + my $phab_user = Bugzilla::Extension::PhabBugz::User->new_from_query( + { + phids => [ $self->author_phid ] + } + ); + if ($phab_user) { + return $self->{author} = $phab_user; } } @@ -306,22 +312,22 @@ sub _build_reviewers { return [] unless @phids; - my $users = get_phab_bmo_ids( { phids => \@phids } ); + my $users = Bugzilla::Extension::PhabBugz::User->match( + { + phids => \@phids + } + ); - my @reviewers; foreach my $user (@$users) { - my $reviewer = Bugzilla::User->new( { id => $user->{id}, cache => 1 } ); - $reviewer->{phab_phid} = $user->{phid}; foreach my $reviewer_data ( @{ $self->reviewers_raw } ) { - if ( $reviewer_data->{reviewerPHID} eq $user->{phid} ) { - $reviewer->{phab_review_status} = $reviewer_data->{status}; + if ( $reviewer_data->{reviewerPHID} eq $user->phid ) { + $user->{phab_review_status} = $reviewer_data->{status}; last; } } - push @reviewers, $reviewer; } - return \@reviewers; + return $self->{reviewers} = $users; } sub _build_subscribers { @@ -335,19 +341,31 @@ sub _build_subscribers { push @phids, $phid; } - my $users = get_phab_bmo_ids( { phids => \@phids } ); + my $users = Bugzilla::Extension::PhabBugz::User->match( + { + phids => \@phids + } + ); - return [] unless @phids; + return $self->{subscribers} = $users; +} - my @subscribers; - foreach my $user (@$users) { - my $subscriber = - Bugzilla::User->new( { id => $user->{id}, cache => 1 } ); - $subscriber->{phab_phid} = $user->{phid}; - push @subscribers, $subscriber; +sub _build_projects { + my ($self) = @_; + + return $self->{projects} if $self->{projects}; + return [] unless $self->projects_raw->{projectPHIDs}; + + my @projects; + foreach my $phid ( @{ $self->projects_raw->{projectPHIDs} } ) { + push @projects, Bugzilla::Extension::PhabBugz::Project->new_from_query( + { + phids => [ $phid ] + } + ); } - return \@subscribers; + return $self->{projects} = \@projects; } ######################### @@ -364,27 +382,27 @@ sub add_comment { sub add_reviewer { my ( $self, $reviewer ) = @_; $self->{add_reviewers} ||= []; - my $reviewer_phid = blessed $reviewer ? $reviewer->phab_phid : $reviewer; + my $reviewer_phid = blessed $reviewer ? $reviewer->phid : $reviewer; push @{ $self->{add_reviewers} }, $reviewer_phid; } sub remove_reviewer { my ( $self, $reviewer ) = @_; $self->{remove_reviewers} ||= []; - my $reviewer_phid = blessed $reviewer ? $reviewer->phab_phid : $reviewer; + my $reviewer_phid = blessed $reviewer ? $reviewer->phid : $reviewer; push @{ $self->{remove_reviewers} }, $reviewer_phid; } sub set_reviewers { my ( $self, $reviewers ) = @_; - $self->{set_reviewers} = [ map { $_->phab_phid } @$reviewers ]; + $self->{set_reviewers} = [ map { $_->phid } @$reviewers ]; } sub add_subscriber { my ( $self, $subscriber ) = @_; $self->{add_subscribers} ||= []; my $subscriber_phid = - blessed $subscriber ? $subscriber->phab_phid : $subscriber; + blessed $subscriber ? $subscriber->phid : $subscriber; push @{ $self->{add_subscribers} }, $subscriber_phid; } @@ -392,7 +410,7 @@ sub remove_subscriber { my ( $self, $subscriber ) = @_; $self->{remove_subscribers} ||= []; my $subscriber_phid = - blessed $subscriber ? $subscriber->phab_phid : $subscriber; + blessed $subscriber ? $subscriber->phid : $subscriber; push @{ $self->{remove_subscribers} }, $subscriber_phid; } @@ -423,4 +441,50 @@ sub remove_project { push @{ $self->{remove_projects} }, $project_phid; } +sub make_private { + my ( $self, $project_names ) = @_; + + my $secure_revision_project = + Bugzilla::Extension::PhabBugz::Project->new_from_query( + { + name => 'secure-revision' + } + ); + + my @set_projects; + foreach my $name (@$project_names) { + my $set_project = + Bugzilla::Extension::PhabBugz::Project->new_from_query( + { + name => $name + } + ); + push @set_projects, $set_project; + } + + my $new_policy = Bugzilla::Extension::PhabBugz::Policy->create(\@set_projects); + $self->set_policy('view', $new_policy->phid); + $self->set_policy('edit', $new_policy->phid); + + foreach my $project ($secure_revision_project, @set_projects) { + $self->add_project($project->phid); + } + + return $self; +} + +sub make_public { + my ( $self ) = @_; + + $self->set_policy('view', 'public'); + $self->set_policy('edit', 'users'); + + my @current_group_projects = grep { $_->name =~ /^(bmo-.*|secure-revision)$/ } @{ $self->projects }; + foreach my $project (@current_group_projects) { + $self->remove_project($project->phid); + } + + return $self; +} + 1; diff --git a/extensions/PhabBugz/lib/User.pm b/extensions/PhabBugz/lib/User.pm index 3b2d87e60..9d4e9eef4 100644 --- a/extensions/PhabBugz/lib/User.pm +++ b/extensions/PhabBugz/lib/User.pm @@ -116,14 +116,14 @@ sub match { my ( $class, $params ) = @_; # BMO id search takes precedence if bugzilla_ids is used. - my $bugzilla_ids = delete $params->{bugzilla_ids}; + my $bugzilla_ids = delete $params->{ids}; if ($bugzilla_ids) { my $bugzilla_data = $class->get_phab_bugzilla_ids( { ids => $bugzilla_ids } ); $params->{phids} = [ map { $_->{phid} } @$bugzilla_data ]; } - return [] if !$params->{phids}; + return [] if !@{ $params->{phids} }; # Look for BMO external user id in external-accounts attachment my $data = { @@ -177,6 +177,7 @@ sub get_phab_bugzilla_ids { # Store new values in memcache for later retrieval foreach my $user ( @{ $result->{result} } ) { + next if !$user->{phid}; $memcache->set( { key => "phab_user_bugzilla_id_" . $user->{id}, diff --git a/extensions/PhabBugz/lib/Util.pm b/extensions/PhabBugz/lib/Util.pm index 844d8c0b5..d25f62f68 100644 --- a/extensions/PhabBugz/lib/Util.pm +++ b/extensions/PhabBugz/lib/Util.pm @@ -21,63 +21,26 @@ use Bugzilla::Extension::PhabBugz::Constants; use JSON::XS qw(encode_json decode_json); use List::Util qw(first); use LWP::UserAgent; +use Taint::Util qw(untaint); +use Try::Tiny; use base qw(Exporter); our @EXPORT = qw( - add_comment_to_revision add_security_sync_comments create_revision_attachment - create_private_revision_policy - create_project - edit_revision_policy get_attachment_revisions get_bug_role_phids - get_members_by_bmo_id - get_members_by_phid - get_phab_bmo_ids - get_project_phid - get_revisions_by_ids - get_revisions_by_phids + get_needs_review get_security_sync_groups intersect is_attachment_phab_revision - make_revision_private - make_revision_public request set_phab_user - set_project_members - set_revision_subscribers ); -sub get_revisions_by_ids { - my ($ids) = @_; - return _get_revisions({ ids => $ids }); -} - -sub get_revisions_by_phids { - my ($phids) = @_; - return _get_revisions({ phids => $phids }); -} - -sub _get_revisions { - my ($constraints) = @_; - - my $data = { - queryKey => 'all', - constraints => $constraints - }; - - my $result = request('differential.revision.search', $data); - - ThrowUserError('invalid_phabricator_revision_id') - unless (exists $result->{result}{data} && @{ $result->{result}{data} }); - - return $result->{result}{data}; -} - sub create_revision_attachment { - my ( $bug, $revision, $timestamp ) = @_; + my ( $bug, $revision, $timestamp, $submitter ) = @_; my $phab_base_uri = Bugzilla->params->{phabricator_base_uri}; ThrowUserError('invalid_phabricator_uri') unless $phab_base_uri; @@ -97,22 +60,38 @@ sub create_revision_attachment { ($timestamp) = Bugzilla->dbh->selectrow_array("SELECT NOW()"); } - my $attachment = Bugzilla::Attachment->create( - { - bug => $bug, - creation_ts => $timestamp, - data => $revision_uri, - description => $revision->title, - filename => 'phabricator-D' . $revision->id . '-url.txt', - ispatch => 0, - isprivate => 0, - mimetype => PHAB_CONTENT_TYPE, + # If submitter, then switch to that user when creating attachment + my ($old_user, $attachment); + try { + if ($submitter) { + $old_user = Bugzilla->user; + $submitter->{groups} = [ Bugzilla::Group->get_all ]; # We need to always be able to add attachment + Bugzilla->set_user($submitter); } - ); - # Insert a comment about the new attachment into the database. - $bug->add_comment($revision->summary, { type => CMT_ATTACHMENT_CREATED, - extra_data => $attachment->id }); + $attachment = Bugzilla::Attachment->create( + { + bug => $bug, + creation_ts => $timestamp, + data => $revision_uri, + description => $revision->title, + filename => 'phabricator-D' . $revision->id . '-url.txt', + ispatch => 0, + isprivate => 0, + mimetype => PHAB_CONTENT_TYPE, + } + ); + + # Insert a comment about the new attachment into the database. + $bug->add_comment($revision->summary, { type => CMT_ATTACHMENT_CREATED, + extra_data => $attachment->id }); + } + catch { + die $_; + } + finally { + Bugzilla->set_user($old_user) if $old_user; + }; return $attachment; } @@ -132,321 +111,47 @@ sub get_bug_role_phids { push(@bug_users, $bug->qa_contact) if $bug->qa_contact; push(@bug_users, @{ $bug->cc_users }) if @{ $bug->cc_users }; - return get_members_by_bmo_id(\@bug_users); -} - -sub create_private_revision_policy { - my ($bug, $groups) = @_; - - my $data = { - objectType => 'DREV', - default => 'deny', - policy => [ - { - action => 'allow', - rule => 'PhabricatorSubscriptionsSubscribersPolicyRule', - } - ] - }; - - if(scalar @$groups gt 0) { - my $project_phids = []; - foreach my $group (@$groups) { - my $phid = get_project_phid('bmo-' . $group); - push(@$project_phids, $phid) if $phid; - } - - ThrowUserError('invalid_phabricator_sync_groups') unless @$project_phids; - - push(@{ $data->{policy} }, - { - action => 'allow', - rule => 'PhabricatorProjectsPolicyRule', - value => $project_phids, - } - ); - } - else { - my $secure_revision = Bugzilla::Extension::PhabBugz::Project->new_from_query({ - name => 'secure-revision' - }); - push(@{ $data->{policy} }, - { - action => 'allow', - value => $secure_revision->phid, - } - ); - } - - my $result = request('policy.create', $data); - return $result->{result}{phid}; -} - -sub make_revision_public { - my ($revision_phid) = @_; - return request('differential.revision.edit', { - transactions => [ - { - type => 'view', - value => 'public' - }, - { - type => 'edit', - value => 'users' - } - ], - objectIdentifier => $revision_phid - }); -} - -sub make_revision_private { - my ($revision_phid) = @_; - - my $secure_revision = Bugzilla::Extension::PhabBugz::Project->new_from_query({ - name => 'secure-revision' - }); - - return request('differential.revision.edit', { - transactions => [ - { - type => "view", - value => $secure_revision->phid - }, - { - type => "edit", - value => $secure_revision->phid - } - ], - objectIdentifier => $revision_phid - }); -} - -sub edit_revision_policy { - my ($revision_phid, $policy_phid, $subscribers) = @_; - - my $data = { - transactions => [ - { - type => 'view', - value => $policy_phid - }, - { - type => 'edit', - value => $policy_phid - } - ], - objectIdentifier => $revision_phid - }; - - if (@$subscribers) { - push(@{ $data->{transactions} }, { - type => 'subscribers.set', - value => $subscribers - }); - } - - return request('differential.revision.edit', $data); -} - -sub set_revision_subscribers { - my ($revision_phid, $subscribers) = @_; - - my $data = { - transactions => [ - { - type => 'subscribers.set', - value => $subscribers - } - ], - objectIdentifier => $revision_phid - }; - - return request('differential.revision.edit', $data); -} - -sub add_comment_to_revision { - my ($revision_phid, $comment) = @_; - - my $data = { - transactions => [ - { - type => 'comment', - value => $comment - } - ], - objectIdentifier => $revision_phid - }; - return request('differential.revision.edit', $data); -} - -sub get_project_phid { - my $project = shift; - my $memcache = Bugzilla->memcached; - - # Check memcache - my $project_phid = $memcache->get_config({ key => "phab_project_phid_" . $project }); - if (!$project_phid) { - my $data = { - queryKey => 'all', - constraints => { - name => $project - } - }; - - my $result = request('project.search', $data); - return undef - unless (exists $result->{result}{data} && @{ $result->{result}{data} }); - - $project_phid = $result->{result}{data}[0]{phid}; - $memcache->set_config({ key => "phab_project_phid_" . $project, data => $project_phid }); - } - return $project_phid; -} - -sub create_project { - my ($project, $description, $members) = @_; - - my $secure_revision = Bugzilla::Extension::PhabBugz::Project->new_from_query({ - name => 'secure-revision' - }); - - my $data = { - transactions => [ - { type => 'name', value => $project }, - { type => 'description', value => $description }, - { type => 'edit', value => $secure_revision->phid }. - { type => 'join', value => $secure_revision->phid }, - { type => 'view', value => $secure_revision->phid }, - { type => 'icon', value => 'group' }, - { type => 'color', value => 'red' } - ] - }; - - my $result = request('project.edit', $data); - return $result->{result}{object}{phid}; -} - -sub set_project_members { - my ($project_id, $phab_user_ids) = @_; - - my $data = { - objectIdentifier => $project_id, - transactions => [ - { type => 'members.set', value => $phab_user_ids } - ] - }; - - my $result = request('project.edit', $data); - return $result->{result}{object}{phid}; -} - -sub get_members_by_bmo_id { - my $users = shift; - - my $result = get_phab_bmo_ids({ ids => [ map { $_->id } @$users ] }); - - my @phab_ids; - foreach my $user (@$result) { - push(@phab_ids, $user->{phid}) - if ($user->{phid} && $user->{phid} =~ /^PHID-USER/); - } - - return \@phab_ids; -} - -sub get_members_by_phid { - my $phids = shift; - - my $result = get_phab_bmo_ids({ phids => $phids }); - - my @bmo_ids; - foreach my $user (@$result) { - push(@bmo_ids, $user->{id}) - if ($user->{phid} && $user->{phid} =~ /^PHID-USER/); - } - - return \@bmo_ids; -} - -sub get_phab_bmo_ids { - my ($params) = @_; - my $memcache = Bugzilla->memcached; - - # Try to find the values in memcache first - my @results; - if ($params->{ids}) { - my @bmo_ids = @{ $params->{ids} }; - for (my $i = 0; $i < @bmo_ids; $i++) { - my $phid = $memcache->get({ key => "phab_user_bmo_id_" . $bmo_ids[$i] }); - if ($phid) { - push(@results, { - id => $bmo_ids[$i], - phid => $phid - }); - splice(@bmo_ids, $i, 1); - } - } - $params->{ids} = \@bmo_ids; - } - - if ($params->{phids}) { - my @phids = @{ $params->{phids} }; - for (my $i = 0; $i < @phids; $i++) { - my $bmo_id = $memcache->get({ key => "phab_user_phid_" . $phids[$i] }); - if ($bmo_id) { - push(@results, { - id => $bmo_id, - phid => $phids[$i] - }); - splice(@phids, $i, 1); - } + my $phab_users = + Bugzilla::Extension::PhabBugz::User->match( + { + ids => [ map { $_->id } @bug_users ] } - $params->{phids} = \@phids; - } - - my $result = request('bugzilla.account.search', $params); - - # Store new values in memcache for later retrieval - foreach my $user (@{ $result->{result} }) { - $memcache->set({ key => "phab_user_bmo_id_" . $user->{id}, - value => $user->{phid} }); - $memcache->set({ key => "phab_user_phid_" . $user->{phid}, - value => $user->{id} }); - push(@results, $user); - } + ); - return \@results; + return [ map { $_->phid } @{ $phab_users } ]; } sub is_attachment_phab_revision { my ($attachment) = @_; - return ($attachment->contenttype eq PHAB_CONTENT_TYPE - && $attachment->attacher->login eq PHAB_AUTOMATION_USER) ? 1 : 0; + return $attachment->contenttype eq PHAB_CONTENT_TYPE; } sub get_attachment_revisions { my $bug = shift; - my $revisions; - my @attachments = grep { is_attachment_phab_revision($_) } @{ $bug->attachments() }; - if (@attachments) { - my @revision_ids; - foreach my $attachment (@attachments) { - my ($revision_id) = - ( $attachment->filename =~ PHAB_ATTACHMENT_PATTERN ); - next if !$revision_id; - push( @revision_ids, int($revision_id) ); - } + return unless @attachments; - if (@revision_ids) { - $revisions = get_revisions_by_ids( \@revision_ids ); - } + my @revision_ids; + foreach my $attachment (@attachments) { + my ($revision_id) = + ( $attachment->filename =~ PHAB_ATTACHMENT_PATTERN ); + next if !$revision_id; + push( @revision_ids, int($revision_id) ); } - return @$revisions; + return unless @revision_ids; + + my @revisions; + foreach my $revision_id (@revision_ids) { + push @revisions, Bugzilla::Extension::PhabBugz::Revision->new_from_query({ + ids => [ $revision_id ] + }); + } + + return \@revisions; } sub request { @@ -478,7 +183,12 @@ sub request { if $response->is_error; my $result; - my $result_ok = eval { $result = decode_json( $response->content); 1 }; + my $result_ok = eval { + my $content = $response->content; + untaint($content); + $result = decode_json( $content ); + 1; + }; if (!$result_ok || $result->{error_code}) { ThrowCodeError('phabricator_api_error', { reason => 'JSON decode failure' }) if !$result_ok; @@ -493,9 +203,8 @@ sub request { sub get_security_sync_groups { my $bug = shift; - my $phab_sync_groups = Bugzilla->params->{phabricator_sync_groups} - || ThrowUserError('invalid_phabricator_sync_groups'); - my $sync_group_names = [ split('[,\s]+', $phab_sync_groups) ]; + my $sync_groups = Bugzilla::Group->match( { isactive => 1, isbuggroup => 1 } ); + my $sync_group_names = [ map { $_->name } @$sync_groups ]; my $bug_groups = $bug->groups_in; my $bug_group_names = [ map { $_->name } @$bug_groups ]; @@ -519,7 +228,7 @@ sub add_security_sync_comments { my $phab_error_message = 'Revision is being made private due to unknown Bugzilla groups.'; foreach my $revision (@$revisions) { - add_comment_to_revision( $revision->{phid}, $phab_error_message ); + $revision->add_comment($phab_error_message); } my $num_revisions = scalar @$revisions; @@ -536,4 +245,36 @@ sub add_security_sync_comments { Bugzilla->set_user($old_user); } +sub get_needs_review { + my ($user) = @_; + $user //= Bugzilla->user; + return unless $user->id; + + my $phab_user = Bugzilla::Extension::PhabBugz::User->new_from_query( + { + ids => [ $user->id ] + } + ); + + return [] unless $phab_user; + + my $diffs = request( + 'differential.revision.search', + { + attachments => { + reviewers => 1, + }, + constraints => { + reviewerPHIDs => [$phab_user->phid], + statuses => [qw( needs-review )], + }, + order => 'newest', + } + ); + ThrowCodeError('phabricator_api_error', { reason => 'Malformed Response' }) + unless exists $diffs->{result}{data}; + + return $diffs->{result}{data}; +} + 1; diff --git a/extensions/PhabBugz/lib/WebService.pm b/extensions/PhabBugz/lib/WebService.pm index 5b6310de6..0239ccf74 100644 --- a/extensions/PhabBugz/lib/WebService.pm +++ b/extensions/PhabBugz/lib/WebService.pm @@ -13,115 +13,44 @@ use warnings; use base qw(Bugzilla::WebService); -use Bugzilla::Attachment; -use Bugzilla::Bug; -use Bugzilla::BugMail; use Bugzilla::Constants; -use Bugzilla::Error; -use Bugzilla::Extension::Push::Util qw(is_public); use Bugzilla::User; -use Bugzilla::Util qw(detaint_natural); +use Bugzilla::Util qw(detaint_natural datetime_from time_ago trick_taint); use Bugzilla::WebService::Constants; use Bugzilla::Extension::PhabBugz::Constants; use Bugzilla::Extension::PhabBugz::Util qw( - add_security_sync_comments - create_revision_attachment - create_private_revision_policy - edit_revision_policy - get_bug_role_phids - get_project_phid - get_revisions_by_ids - intersect - is_attachment_phab_revision - make_revision_public - request - get_security_sync_groups + get_needs_review ); -use List::Util qw(first); +use DateTime (); +use List::Util qw(first uniq); use List::MoreUtils qw(any); use MIME::Base64 qw(decode_base64); -use constant PUBLIC_METHODS => qw( +use constant READ_ONLY => qw( check_user_permission_for_bug - obsolete_attachments - revision - update_reviewer_statuses + needs_review ); -sub revision { - my ($self, $params) = @_; - - # Phabricator only supports sending credentials via HTTP Basic Auth - # so we exploit that function to pass in an API key as the password - # of basic auth. BMO does not support basic auth but does support - # use of API keys. - my $http_auth = Bugzilla->cgi->http('Authorization'); - $http_auth =~ s/^Basic\s+//; - $http_auth = decode_base64($http_auth); - my ($login, $api_key) = split(':', $http_auth); - $params->{'Bugzilla_login'} = $login; - $params->{'Bugzilla_api_key'} = $api_key; - - my $user = Bugzilla->login(LOGIN_REQUIRED); - - # Prechecks - _phabricator_precheck($user); - - unless (defined $params->{revision} && detaint_natural($params->{revision})) { - ThrowCodeError('param_required', { param => 'revision' }) - } - - # Obtain more information about the revision from Phabricator - my $revision_id = $params->{revision}; - my $revisions = get_revisions_by_ids([$revision_id]); - my $revision = $revisions->[0]; - - my $revision_phid = $revision->{phid}; - my $revision_title = $revision->{fields}{title} || 'Unknown Description'; - my $bug_id = $revision->{fields}{'bugzilla.bug-id'}; - - my $bug = Bugzilla::Bug->new($bug_id); - - # If bug is public then remove privacy policy - my $result; - if (is_public($bug)) { - $result = make_revision_public($revision_id); - } - # else bug is private - else { - my @set_groups = get_security_sync_groups($bug); - - # If bug privacy groups do not have any matching synchronized groups, - # then leave revision private and it will have be dealt with manually. - if (!@set_groups) { - add_security_sync_comments($revisions, $bug); - } - - my $policy_phid = create_private_revision_policy($bug, \@set_groups); - my $subscribers = get_bug_role_phids($bug); - $result = edit_revision_policy($revision_phid, $policy_phid, $subscribers); - } - - my $attachment = create_revision_attachment($bug, $revision_id, $revision_title); - - Bugzilla::BugMail::Send($bug_id, { changer => $user }); - - return { - result => $result, - attachment_id => $attachment->id, - attachment_link => Bugzilla->localconfig->{urlbase} . "attachment.cgi?id=" . $attachment->id - }; -} +use constant PUBLIC_METHODS => qw( + check_user_permission_for_bug + needs_review + set_build_target +); sub check_user_permission_for_bug { my ($self, $params) = @_; my $user = Bugzilla->login(LOGIN_REQUIRED); - # Prechecks - _phabricator_precheck($user); + # Ensure PhabBugz is on + ThrowUserError('phabricator_not_enabled') + unless Bugzilla->params->{phabricator_enabled}; + + # Validate that the requesting user's email matches phab-bot + ThrowUserError('phabricator_unauthorized_user') + unless $user->login eq PHAB_AUTOMATION_USER; # Validate that a bug id and user id are provided ThrowUserError('phabricator_invalid_request_params') @@ -136,184 +65,152 @@ sub check_user_permission_for_bug { }; } -sub update_reviewer_statuses { +sub needs_review { my ($self, $params) = @_; - + ThrowUserError('phabricator_not_enabled') + unless Bugzilla->params->{phabricator_enabled}; my $user = Bugzilla->login(LOGIN_REQUIRED); - - # Prechecks - _phabricator_precheck($user); - - my $revision_id = $params->{revision_id}; - unless (defined $revision_id && detaint_natural($revision_id)) { - ThrowCodeError('param_required', { param => 'revision_id' }) - } - - my $bug_id = $params->{bug_id}; - unless (defined $bug_id && detaint_natural($bug_id)) { - ThrowCodeError('param_required', { param => 'bug_id' }) + my $dbh = Bugzilla->dbh; + + my $reviews = get_needs_review(); + + my $authors = Bugzilla::Extension::PhabBugz::User->match({ + phids => [ + uniq + grep { defined } + map { $_->{fields}{authorPHID} } + @$reviews + ] + }); + + my %author_phab_to_id = map { $_->phid => $_->bugzilla_user->id } @$authors; + my %author_id_to_user = map { $_->bugzilla_user->id => $_->bugzilla_user } @$authors; + + # bug data + my $visible_bugs = $user->visible_bugs([ + uniq + grep { $_ } + map { $_->{fields}{'bugzilla.bug-id'} } + @$reviews + ]); + + # get all bug statuses and summaries in a single query to avoid creation of + # many bug objects + my %bugs; + if (@$visible_bugs) { + #<<< + my $bug_rows =$dbh->selectall_arrayref( + 'SELECT bug_id, bug_status, short_desc ' . + ' FROM bugs ' . + ' WHERE bug_id IN (' . join(',', ('?') x @$visible_bugs) . ')', + { Slice => {} }, + @$visible_bugs + ); + #>>> + %bugs = map { $_->{bug_id} => $_ } @$bug_rows; } - my $accepted_user_ids = $params->{accepted_users}; - defined $accepted_user_ids - || ThrowCodeError('param_required', { param => 'accepted_users' }); - $accepted_user_ids = [ split(':', $accepted_user_ids) ]; - - my $denied_user_ids = $params->{denied_users}; - defined $denied_user_ids - || ThrowCodeError('param_required', { param => 'denied_users' }); - $denied_user_ids = [ split(':', $denied_user_ids) ]; - - my $bug = Bugzilla::Bug->check($bug_id); - - my @attachments = - grep { is_attachment_phab_revision($_) } @{ $bug->attachments() }; - - return { result => [] } if !@attachments; - - my $dbh = Bugzilla->dbh; - my ($timestamp) = $dbh->selectrow_array("SELECT NOW()"); - - my @updated_attach_ids; - foreach my $attachment (@attachments) { - my ($curr_revision_id) = ($attachment->filename =~ PHAB_ATTACHMENT_PATTERN); - next if $revision_id != $curr_revision_id; - - # Clear old flags if no longer accepted - my (@denied_flags, @new_flags, @removed_flags, %accepted_done, $flag_type); - foreach my $flag (@{ $attachment->flags }) { - next if $flag->type->name ne 'review'; - $flag_type = $flag->type if $flag->type->is_active; - if (any { $flag->setter->id == $_ } @$denied_user_ids) { - push(@denied_flags, { id => $flag->id, setter => $flag->setter, status => 'X' }); - } - if (any { $flag->setter->id == $_ } @$accepted_user_ids) { - $accepted_done{$flag->setter->id}++; - } - if ($flag->status eq '+' - && !any { $flag->setter->id == $_ } (@$accepted_user_ids, @$denied_user_ids)) { - push(@removed_flags, { id => $flag->id, setter => $flag->setter, status => 'X' }); - } - } - - $flag_type ||= first { $_->name eq 'review' && $_->is_active } @{ $attachment->flag_types }; - - # Create new flags - foreach my $user_id (@$accepted_user_ids) { - next if $accepted_done{$user_id}; - my $user = Bugzilla::User->check({ id => $user_id, cache => 1 }); - push(@new_flags, { type_id => $flag_type->id, setter => $user, status => '+' }); + # build result + my $datetime_now = DateTime->now(time_zone => $user->timezone); + my @result; + foreach my $review (@$reviews) { + my $review_flat = { + id => $review->{id}, + title => $review->{fields}{title}, + url => Bugzilla->params->{phabricator_base_uri} . 'D' . $review->{id}, + }; + + # show date in user's timezone + my $datetime = DateTime->from_epoch( + epoch => $review->{fields}{dateModified}, + time_zone => 'UTC' + ); + $datetime->set_time_zone($user->timezone); + $review_flat->{updated} = $datetime->strftime('%Y-%m-%d %T %Z'); + $review_flat->{updated_fancy} = time_ago($datetime, $datetime_now); + + # review requester + if (my $author = $author_id_to_user{$author_phab_to_id{ $review->{fields}{authorPHID} }}) { + $review_flat->{author_name} = $author->name; + $review_flat->{author_email} = $author->email; } - - # Also add comment to for attachment update showing the user's name - # that changed the revision. - my $comment; - foreach my $flag_data (@new_flags) { - $comment .= $flag_data->{setter}->name . " has approved the revision.\n"; - } - foreach my $flag_data (@denied_flags) { - $comment .= $flag_data->{setter}->name . " has requested changes to the revision.\n"; - } - foreach my $flag_data (@removed_flags) { - $comment .= $flag_data->{setter}->name . " has been removed from the revision.\n"; + else { + $review_flat->{author_name} = 'anonymous'; + $review_flat->{author_email} = 'anonymous'; } - if ($comment) { - $comment .= "\n" . Bugzilla->params->{phabricator_base_uri} . "D" . $revision_id; - # Add transaction_id as anchor if one present - $comment .= "#" . $params->{transaction_id} if $params->{transaction_id}; - $bug->add_comment($comment, { - isprivate => $attachment->isprivate, - type => CMT_ATTACHMENT_UPDATED, - extra_data => $attachment->id - }); + # referenced bug + if (my $bug_id = $review->{fields}{'bugzilla.bug-id'}) { + my $bug = $bugs{$bug_id}; + $review_flat->{bug_id} = $bug_id; + $review_flat->{bug_status} = $bug->{bug_status}; + $review_flat->{bug_summary} = $bug->{short_desc}; } - $attachment->set_flags([ @denied_flags, @removed_flags ], \@new_flags); - $attachment->update($timestamp); - $bug->update($timestamp) if $comment; - - push(@updated_attach_ids, $attachment->id); + push @result, $review_flat; } - Bugzilla::BugMail::Send($bug_id, { changer => $user }) if @updated_attach_ids; - - return { result => \@updated_attach_ids }; + return { result => \@result }; } -sub obsolete_attachments { - my ($self, $params) = @_; +sub set_build_target { + my ( $self, $params ) = @_; - my $user = Bugzilla->login(LOGIN_REQUIRED); - - # Prechecks - _phabricator_precheck($user); - - my $revision_id = $params->{revision_id}; - unless (defined $revision_id && detaint_natural($revision_id)) { - ThrowCodeError('param_required', { param => 'revision' }) - } - - my $bug_id= $params->{bug_id}; - unless (defined $bug_id && detaint_natural($bug_id)) { - ThrowCodeError('param_required', { param => 'bug_id' }) - } - - my $make_obsolete = $params->{make_obsolete}; - unless (defined $make_obsolete) { - ThrowCodeError('param_required', { param => 'make_obsolete' }) - } - $make_obsolete = $make_obsolete ? 1 : 0; - - my $bug = Bugzilla::Bug->check($bug_id); - - my @attachments = - grep { is_attachment_phab_revision($_) } @{ $bug->attachments() }; - - return { result => [] } if !@attachments; - - my $dbh = Bugzilla->dbh; - my ($timestamp) = $dbh->selectrow_array("SELECT NOW()"); - - my @updated_attach_ids; - foreach my $attachment (@attachments) { - my ($curr_revision_id) = ($attachment->filename =~ PHAB_ATTACHMENT_PATTERN); - next if $revision_id != $curr_revision_id; + # Phabricator only supports sending credentials via HTTP Basic Auth + # so we exploit that function to pass in an API key as the password + # of basic auth. BMO does not support basic auth but does support + # use of API keys. + my $http_auth = Bugzilla->cgi->http('Authorization'); + $http_auth =~ s/^Basic\s+//; + $http_auth = decode_base64($http_auth); + my ($login, $api_key) = split(':', $http_auth); + $params->{'Bugzilla_login'} = $login; + $params->{'Bugzilla_api_key'} = $api_key; - $attachment->set_is_obsolete($make_obsolete); - $attachment->update($timestamp); + my $user = Bugzilla->login(LOGIN_REQUIRED); - push(@updated_attach_ids, $attachment->id); - } + # Ensure PhabBugz is on + ThrowUserError('phabricator_not_enabled') + unless Bugzilla->params->{phabricator_enabled}; + + # Validate that the requesting user's email matches phab-bot + ThrowUserError('phabricator_unauthorized_user') + unless $user->login eq PHAB_AUTOMATION_USER; - Bugzilla::BugMail::Send($bug_id, { changer => $user }) if @updated_attach_ids; + my $revision_id = $params->{revision_id}; + my $build_target = $params->{build_target}; - return { result => \@updated_attach_ids }; -} + ThrowUserError('invalid_phabricator_revision_id') + unless detaint_natural($revision_id); -sub _phabricator_precheck { - my ($user) = @_; + ThrowUserError('invalid_phabricator_build_target') + unless $build_target =~ /^PHID-HMBT-[a-zA-Z0-9]+$/; + trick_taint($build_target); - # Ensure PhabBugz is on - ThrowUserError('phabricator_not_enabled') - unless Bugzilla->params->{phabricator_enabled}; + Bugzilla->dbh->do( + "INSERT INTO phabbugz (name, value) VALUES (?, ?)", + undef, + 'build_target_' . $revision_id, + $build_target + ); - # Validate that the requesting user's email matches phab-bot - ThrowUserError('phabricator_unauthorized_user') - unless $user->login eq PHAB_AUTOMATION_USER; + return { result => 1 }; } sub rest_resources { return [ - # Revision creation - qr{^/phabbugz/revision/([^/]+)$}, { + # Set build target in Phabricator + qr{^/phabbugz/build_target/(\d+)/(PHID-HMBT-.*)$}, { POST => { - method => 'revision', + method => 'set_build_target', params => sub { - return { revision => $_[0] }; + return { + revision_id => $_[0], + build_target => $_[1] + }; } } - }, + }, # Bug permission checks qr{^/phabbugz/check_bug/(\d+)/(\d+)$}, { GET => { @@ -323,17 +220,11 @@ sub rest_resources { } } }, - # Update reviewer statuses - qr{^/phabbugz/update_reviewer_statuses$}, { - PUT => { - method => 'update_reviewer_statuses', - } - }, - # Obsolete attachments - qr{^/phabbugz/obsolete$}, { - PUT => { - method => 'obsolete_attachments', - } + # Review requests + qw{^/phabbugz/needs_review$}, { + GET => { + method => 'needs_review', + }, } ]; } diff --git a/extensions/PhabBugz/template/en/default/admin/email/squatter-alert.txt.tmpl b/extensions/PhabBugz/template/en/default/admin/email/squatter-alert.txt.tmpl new file mode 100644 index 000000000..98e92a379 --- /dev/null +++ b/extensions/PhabBugz/template/en/default/admin/email/squatter-alert.txt.tmpl @@ -0,0 +1,34 @@ +[%# This Source Code Form is subject to the terms of the Mozilla Public + # License, v. 2.0. If a copy of the MPL was not distributed with this + # file, You can obtain one at http://mozilla.org/MPL/2.0/. + # + # This Source Code Form is "Incompatible With Secondary Licenses", as + # defined by the Mozilla Public License, v. 2.0. + #%] + +[% PROCESS global/variables.none.tmpl %] + +From: [% Param('mailfrom') %] +To: phabricator-admin@mozilla.com +Subject: Possible Phabricator Username Squatter Alert +Date: [% date %] +X-Bugzilla-Type: squatter-alert + +Possible username squatter: + +Phabricator Account + +login: [% phab_user_login %] +realname: [% phab_user_realname %] + +Bugzilla Account Matching Phabricator Account + +user id: [% bugzilla_userid %] +login: [% bugzilla_login %] +realname: [% bugzilla_realname %] + +Possible Bugzilla Account Squatting On + +user id: [% squat_userid %] +login: [% squat_login %] +realname: [% squat_realname %] diff --git a/extensions/PhabBugz/template/en/default/admin/params/phabbugz.html.tmpl b/extensions/PhabBugz/template/en/default/admin/params/phabbugz.html.tmpl index d67839cc8..1b5bdda4b 100644 --- a/extensions/PhabBugz/template/en/default/admin/params/phabbugz.html.tmpl +++ b/extensions/PhabBugz/template/en/default/admin/params/phabbugz.html.tmpl @@ -16,7 +16,6 @@ phabricator_enabled => 'Enable Phabricator Integration', phabricator_base_uri => 'Phabricator Base URI', phabricator_api_key => 'Phabricator User API Key', - phabricator_sync_groups => 'Comma delimited list of Bugzilla groups to sync to Phabricator projects', phabricator_auth_callback_url => 'Phabricator Auth Delegation URL', phabricator_app_id => 'app_id for API Keys delegated to Phabricator', } diff --git a/extensions/PhabBugz/template/en/default/hook/global/user-error-errors.html.tmpl b/extensions/PhabBugz/template/en/default/hook/global/user-error-errors.html.tmpl index 1457e3525..0274f72ce 100644 --- a/extensions/PhabBugz/template/en/default/hook/global/user-error-errors.html.tmpl +++ b/extensions/PhabBugz/template/en/default/hook/global/user-error-errors.html.tmpl @@ -14,15 +14,18 @@ [% title = "Invalid Phabricator API Key" %] You must provide a valid Phabricator API Key. -[% ELSIF error == "invalid_phabricator_sync_groups" %] - [% title = "Invalid Phabricator Sync Groups" %] - You must provide a comma delimited list of security groups - to sync with Phabricator. +[% ELSIF error == "invalid_phabricator_projects" %] + [% title = "Invalid Phabricator Projects" %] + One or more Phabricator projects selected are invalid. [% ELSIF error == "invalid_phabricator_revision_id" %] [% title = "Invalid Phabricator Revision ID" %] You must provide a valid Phabricator revision ID. +[% ELSIF error == "invalid_phabricator_build_target" %] + [% title = "Invalid Phabricator Build Target" %] + You must provide a valid Phabricator Build Target PHID. + [% ELSIF error == "phabricator_not_enabled" %] [% title = "Phabricator Support Not Enabled" %] The Phabricator to Bugzilla library, PhabBugz, |