No OneTemporary
Actions

Size

90 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/src/applications/auth/controller/PhabricatorOAuthDiagnosticsController.php b/src/applications/auth/controller/PhabricatorOAuthDiagnosticsController.php
	index 5fada6c989..ec9add8a23 100644
	--- a/src/applications/auth/controller/PhabricatorOAuthDiagnosticsController.php
	+++ b/src/applications/auth/controller/PhabricatorOAuthDiagnosticsController.php
	@@ -1,228 +1,217 @@
	<?php

	/*
	* Copyright 2012 Facebook, Inc.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	final class PhabricatorOAuthDiagnosticsController
	extends PhabricatorAuthController {

	public function shouldRequireLogin() {
	return false;
	}

	public function willProcessRequest(array $data) {
	$this->provider = PhabricatorOAuthProvider::newProvider($data['provider']);
	}

	public function processRequest() {

	$provider = $this->provider;

	$auth_enabled = $provider->isProviderEnabled();
	$client_id = $provider->getClientID();
	$client_secret = $provider->getClientSecret();
	$key = $provider->getProviderKey();
	$name = phutil_escape_html($provider->getProviderName());

	$res_ok = '<strong style="color: #00aa00;">OK</strong>';
	$res_no = '<strong style="color: #aa0000;">NO</strong>';
	$res_na = '<strong style="color: #999999;">N/A</strong>';

	$results = array();
	$auth_key = $key . '.auth-enabled';
	if (!$auth_enabled) {
	$results[$auth_key] = array(
	$res_no,
	'false',
	$name . ' authentication is disabled in the configuration. Edit the '.
	'Phabricator configuration to enable "'.$auth_key.'".');
	} else {
	$results[$auth_key] = array(
	$res_ok,
	'true',
	$name.' authentication is enabled.');
	}

	$client_id_key = $key. '.application-id';
	if (!$client_id) {
	$results[$client_id_key] = array(
	$res_no,
	null,
	'No '.$name.' Application ID is configured. Edit the Phabricator '.
	'configuration to specify an application ID in '.
	'"'.$client_id_key.'". '.$provider->renderGetClientIDHelp());
	} else {
	$results[$client_id_key] = array(
	$res_ok,
	$client_id,
	'Application ID is set.');
	}

	$client_secret_key = $key.'.application-secret';
	if (!$client_secret) {
	$results[$client_secret_key] = array(
	$res_no,
	null,
	'No '.$name.' Application secret is configured. Edit the '.
	'Phabricator configuration to specify an Application Secret, in '.
	'"'.$client_secret_key.'". '.$provider->renderGetClientSecretHelp());
	} else {
	$results[$client_secret_key] = array(
	$res_ok,
	"It's a secret!",
	'Application secret is set.');
	}

	- $timeout = stream_context_create(
	- array(
	- 'http' => array(
	- 'ignore_errors' => true,
	- 'timeout' => 5,
	- ),
	- ));
	- $timeout_strict = stream_context_create(
	- array(
	- 'http' => array(
	- 'timeout' => 5,
	- ),
	- ));
	+ $timeout = 5;

	- $internet = @file_get_contents("http://google.com/", false, $timeout);
	+ $internet = HTTPSFuture::loadContent("http://google.com/", $timeout);
	if ($internet === false) {
	$results['internet'] = array(
	$res_no,
	null,
	'Unable to make an HTTP request to Google. Check your outbound '.
	'internet connection and firewall/filtering settings.');
	} else {
	$results['internet'] = array(
	$res_ok,
	null,
	'Internet seems OK.');
	}

	$test_uris = $provider->getTestURIs();
	foreach ($test_uris as $uri) {
	- $success = @file_get_contents($uri, false, $timeout);
	+ $success = HTTPSFuture::loadContent($uri, $timeout);
	if ($success === false) {
	$results[$uri] = array(
	$res_no,
	null,
	"Unable to make an HTTP request to {$uri}. {$name} may be ".
	'down or inaccessible.');
	} else {
	$results[$uri] = array(
	$res_ok,
	null,
	'Made a request to '.$uri.'.');
	}
	}

	if ($provider->shouldDiagnoseAppLogin()) {
	$test_uri = new PhutilURI($provider->getTokenURI());
	$test_uri->setQueryParams(
	array(
	'client_id' => $client_id,
	'client_secret' => $client_secret,
	'grant_type' => 'client_credentials',
	));

	- $token_value = @file_get_contents($test_uri, false, $timeout);
	- $token_strict = @file_get_contents($test_uri, false, $timeout_strict);
	- if ($token_value === false) {
	+ $future = new HTTPSFuture($test_uri);
	+ $future->setTimeout($timeout);
	+ try {
	+ list($body) = $future->resolvex();
	$results['App Login'] = array(
	- $res_no,
	- null,
	- "Unable to perform an application login with your Application ID ".
	- "and Application Secret. You may have mistyped or misconfigured ".
	- "them; {$name} may have revoked your authorization; or {$name} may ".
	- "be having technical problems.");
	- } else {
	- if ($token_strict) {
	+ $res_ok,
	+ '(A Valid Token)',
	+ "Raw application login to {$name} works.");
	+ } catch (Exception $ex) {
	+ if ($ex instanceof HTTPFutureResponseStatusCURL) {
	$results['App Login'] = array(
	- $res_ok,
	- '(A Valid Token)',
	- "Raw application login to {$name} works.");
	+ $res_no,
	+ null,
	+ "Unable to perform an application login with your Application ID ".
	+ "and Application Secret. You may have mistyped or misconfigured ".
	+ "them; {$name} may have revoked your authorization; or {$name} ".
	+ "may be having technical problems.");
	} else {
	$data = json_decode($token_value, true);
	if (!is_array($data)) {
	$results['App Login'] = array(
	$res_no,
	$token_value,
	"Application Login failed but the provider did not respond ".
	"with valid JSON error information. {$name} may be experiencing ".
	"technical problems.");
	} else {
	$results['App Login'] = array(
	$res_no,
	null,
	"Application Login failed with error: ".$token_value);
	}
	}
	}
	}

	return $this->renderResults($results);
	}

	private function renderResults($results) {
	$provider = $this->provider;

	$rows = array();
	foreach ($results as $key => $result) {
	$rows[] = array(
	phutil_escape_html($key),
	$result[0],
	phutil_escape_html($result[1]),
	phutil_escape_html($result[2]),
	);
	}

	$table_view = new AphrontTableView($rows);
	$table_view->setHeaders(
	array(
	'Test',
	'Result',
	'Value',
	'Details',
	));
	$table_view->setColumnClasses(
	array(
	null,
	null,
	null,
	'wide',
	));

	$title = $provider->getProviderName() . ' Auth Diagnostics';

	$panel_view = new AphrontPanelView();
	$panel_view->setHeader($title);
	$panel_view->appendChild(
	'<p class="aphront-panel-instructions">These tests may be able to '.
	'help diagnose the root cause of problems you experience with '.
	$provider->getProviderName() .
	' Authentication. Reload the page to run the tests again.</p>');
	$panel_view->appendChild($table_view);

	return $this->buildStandardPageResponse(
	$panel_view,
	array(
	'title' => $title,
	));
	}

	}
	diff --git a/src/applications/auth/controller/PhabricatorOAuthLoginController.php b/src/applications/auth/controller/PhabricatorOAuthLoginController.php
	index 219a9f3200..8591c63c1d 100644
	--- a/src/applications/auth/controller/PhabricatorOAuthLoginController.php
	+++ b/src/applications/auth/controller/PhabricatorOAuthLoginController.php
	@@ -1,352 +1,331 @@
	<?php

	/*
	* Copyright 2012 Facebook, Inc.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	final class PhabricatorOAuthLoginController
	extends PhabricatorAuthController {

	private $provider;
	private $userID;

	private $accessToken;
	private $tokenExpires;
	private $oauthState;

	public function shouldRequireLogin() {
	return false;
	}

	public function willProcessRequest(array $data) {
	$this->provider = PhabricatorOAuthProvider::newProvider($data['provider']);
	}

	public function processRequest() {
	$current_user = $this->getRequest()->getUser();

	$provider = $this->provider;
	if (!$provider->isProviderEnabled()) {
	return new Aphront400Response();
	}

	$provider_name = $provider->getProviderName();
	$provider_key = $provider->getProviderKey();

	$request = $this->getRequest();

	if ($request->getStr('error')) {
	$error_view = id(new PhabricatorOAuthFailureView())
	->setRequest($request);
	return $this->buildErrorResponse($error_view);
	}

	$error_response = $this->retrieveAccessToken($provider);
	if ($error_response) {
	return $error_response;
	}

	$userinfo_uri = new PhutilURI($provider->getUserInfoURI());
	$userinfo_uri->setQueryParam('access_token', $this->accessToken);
	$userinfo_uri = (string)$userinfo_uri;

	try {
	- $user_data = @file_get_contents($userinfo_uri);
	+ $user_data = HTTPSFuture::loadContent($userinfo_uri);
	if ($user_data === false) {
	throw new PhabricatorOAuthProviderException(
	"Request to '{$userinfo_uri}' failed!");
	}
	$provider->setUserData($user_data);
	} catch (PhabricatorOAuthProviderException $e) {
	return $this->buildErrorResponse(new PhabricatorOAuthFailureView());
	}
	$provider->setAccessToken($this->accessToken);

	$user_id = $provider->retrieveUserID();
	$provider_key = $provider->getProviderKey();

	$oauth_info = $this->retrieveOAuthInfo($provider);

	if ($current_user->getPHID()) {
	if ($oauth_info->getID()) {
	if ($oauth_info->getUserID() != $current_user->getID()) {
	$dialog = new AphrontDialogView();
	$dialog->setUser($current_user);
	$dialog->setTitle('Already Linked to Another Account');
	$dialog->appendChild(
	hsprintf(
	'<p>The %s account you just authorized is already linked to '.
	'another Phabricator account. Before you can associate your %s '.
	'account with this Phabriactor account, you must unlink it from '.
	'the Phabricator account it is currently linked to.</p>',
	$provider_name,
	$provider_name));
	$dialog->addCancelButton('/settings/page/'.$provider_key.'/');

	return id(new AphrontDialogResponse())->setDialog($dialog);
	} else {
	$this->saveOAuthInfo($oauth_info); // Refresh token.
	return id(new AphrontRedirectResponse())
	->setURI('/settings/page/'.$provider_key.'/');
	}
	}

	$existing_oauth = id(new PhabricatorUserOAuthInfo())->loadOneWhere(
	'userID = %d AND oauthProvider = %s',
	$current_user->getID(),
	$provider_key);

	if ($existing_oauth) {
	$dialog = new AphrontDialogView();
	$dialog->setUser($current_user);
	$dialog->setTitle('Already Linked to an Account From This Provider');
	$dialog->appendChild(
	hsprintf(
	'<p>The account you are logged in with is already linked to a %s '.
	'account. Before you can link it to a different %s account, you '.
	'must unlink the old account.</p>',
	$provider_name,
	$provider_name));
	$dialog->addCancelButton('/settings/page/'.$provider_key.'/');
	return id(new AphrontDialogResponse())->setDialog($dialog);
	}

	if (!$request->isDialogFormPost()) {
	$dialog = new AphrontDialogView();
	$dialog->setUser($current_user);
	$dialog->setTitle('Link '.$provider_name.' Account');
	$dialog->appendChild(
	hsprintf(
	'<p>Link your %s account to your Phabricator account?</p>',
	$provider_name));
	$dialog->addHiddenInput('confirm_token', $provider->getAccessToken());
	$dialog->addHiddenInput('expires', $oauth_info->getTokenExpires());
	$dialog->addHiddenInput('state', $this->oauthState);
	$dialog->addHiddenInput('scope', $oauth_info->getTokenScope());
	$dialog->addSubmitButton('Link Accounts');
	$dialog->addCancelButton('/settings/page/'.$provider_key.'/');

	return id(new AphrontDialogResponse())->setDialog($dialog);
	}

	$oauth_info->setUserID($current_user->getID());

	$this->saveOAuthInfo($oauth_info);

	return id(new AphrontRedirectResponse())
	->setURI('/settings/page/'.$provider_key.'/');
	}

	// Login with known auth.

	if ($oauth_info->getID()) {
	$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();

	$known_user = id(new PhabricatorUser())->load($oauth_info->getUserID());

	$request->getApplicationConfiguration()->willAuthenticateUserWithOAuth(
	$known_user,
	$oauth_info,
	$provider);

	$session_key = $known_user->establishSession('web');

	$this->saveOAuthInfo($oauth_info);

	$request->setCookie('phusr', $known_user->getUsername());
	$request->setCookie('phsid', $session_key);

	$uri = new PhutilURI('/login/validate/');
	$uri->setQueryParams(
	array(
	'phusr' => $known_user->getUsername(),
	));

	return id(new AphrontRedirectResponse())->setURI((string)$uri);
	}

	$oauth_email = $provider->retrieveUserEmail();
	if ($oauth_email) {
	$known_email = id(new PhabricatorUserEmail())
	->loadOneWhere('address = %s', $oauth_email);
	if ($known_email) {
	$dialog = new AphrontDialogView();
	$dialog->setUser($current_user);
	$dialog->setTitle('Already Linked to Another Account');
	$dialog->appendChild(
	hsprintf(
	'<p>The %s account you just authorized has an email address which '.
	'is already in use by another Phabricator account. To link the '.
	'accounts, log in to your Phabricator account and then go to '.
	'Settings.</p>',
	$provider_name));
	$dialog->addCancelButton('/login/');

	return id(new AphrontDialogResponse())->setDialog($dialog);
	}
	}

	if (!$provider->isProviderRegistrationEnabled()) {
	$dialog = new AphrontDialogView();
	$dialog->setUser($current_user);
	$dialog->setTitle('No Account Registration With '.$provider_name);
	$dialog->appendChild(
	hsprintf(
	'<p>You can not register a new account using %s; you can only use '.
	'your %s account to log into an existing Phabricator account which '.
	'you have registered through other means.</p>',
	$provider_name,
	$provider_name));
	$dialog->addCancelButton('/login/');

	return id(new AphrontDialogResponse())->setDialog($dialog);
	}

	$controller = PhabricatorEnv::newObjectFromConfig(
	'controller.oauth-registration',
	array($this->getRequest()));

	$controller->setOAuthProvider($provider);
	$controller->setOAuthInfo($oauth_info);
	$controller->setOAuthState($this->oauthState);

	return $this->delegateToController($controller);
	}

	private function buildErrorResponse(PhabricatorOAuthFailureView $view) {
	$provider = $this->provider;

	$provider_name = $provider->getProviderName();
	$view->setOAuthProvider($provider);

	return $this->buildStandardPageResponse(
	$view,
	array(
	'title' => $provider_name.' Auth Failed',
	));
	}

	private function retrieveAccessToken(PhabricatorOAuthProvider $provider) {
	$request = $this->getRequest();

	$token = $request->getStr('confirm_token');
	if ($token) {
	$this->tokenExpires = $request->getInt('expires');
	$this->accessToken = $token;
	$this->oauthState = $request->getStr('state');
	return null;
	}

	$client_id = $provider->getClientID();
	$client_secret = $provider->getClientSecret();
	$redirect_uri = $provider->getRedirectURI();
	$auth_uri = $provider->getTokenURI();

	$code = $request->getStr('code');
	$query_data = array(
	'client_id' => $client_id,
	'client_secret' => $client_secret,
	'redirect_uri' => $redirect_uri,
	'code' => $code,
	) + $provider->getExtraTokenParameters();

	- $post_data = http_build_query($query_data, '', '&');
	- $post_length = strlen($post_data);
	-
	- $stream_context = stream_context_create(
	- array(
	- 'http' => array(
	- 'method' => 'POST',
	- 'header' =>
	- "Content-Type: application/x-www-form-urlencoded\r\n".
	- "Content-Length: {$post_length}\r\n",
	- 'content' => $post_data,
	- ),
	- ));
	-
	- $stream = fopen($auth_uri, 'r', false, $stream_context);
	-
	- $response = false;
	- $meta = null;
	- if ($stream) {
	- $meta = stream_get_meta_data($stream);
	- $response = stream_get_contents($stream);
	- fclose($stream);
	- }
	-
	- if ($response === false) {
	+ $future = new HTTPSFuture($auth_uri, $query_data);
	+ $future->setMethod('POST');
	+ try {
	+ list($response) = $future->resolvex();
	+ } catch (Exception $ex) {
	return $this->buildErrorResponse(new PhabricatorOAuthFailureView());
	}
	-
	$data = $provider->decodeTokenResponse($response);

	$token = idx($data, 'access_token');
	if (!$token) {
	return $this->buildErrorResponse(new PhabricatorOAuthFailureView());
	}

	$this->tokenExpires = $provider->getTokenExpiryFromArray($data);
	$this->accessToken = $token;
	$this->oauthState = $request->getStr('state');

	return null;
	}

	private function retrieveOAuthInfo(PhabricatorOAuthProvider $provider) {

	$oauth_info = id(new PhabricatorUserOAuthInfo())->loadOneWhere(
	'oauthProvider = %s and oauthUID = %s',
	$provider->getProviderKey(),
	$provider->retrieveUserID());

	$scope = $this->getRequest()->getStr('scope');

	if (!$oauth_info) {
	$oauth_info = new PhabricatorUserOAuthInfo();
	$oauth_info->setOAuthProvider($provider->getProviderKey());
	$oauth_info->setOAuthUID($provider->retrieveUserID());
	// some providers don't tell you what scope you got, so default
	// to the minimum Phabricator requires rather than assuming no scope
	if (!$scope) {
	$scope = $provider->getMinimumScope();
	}
	}

	$oauth_info->setAccountURI($provider->retrieveUserAccountURI());
	$oauth_info->setAccountName($provider->retrieveUserAccountName());
	$oauth_info->setToken($provider->getAccessToken());
	$oauth_info->setTokenStatus(PhabricatorUserOAuthInfo::TOKEN_STATUS_GOOD);
	$oauth_info->setTokenScope($scope);

	// If we have out-of-date expiration info, just clear it out. Then replace
	// it with good info if the provider gave it to us.
	$expires = $oauth_info->getTokenExpires();
	if ($expires <= time()) {
	$expires = null;
	}
	if ($this->tokenExpires) {
	$expires = $this->tokenExpires;
	}
	$oauth_info->setTokenExpires($expires);

	return $oauth_info;
	}

	private function saveOAuthInfo(PhabricatorUserOAuthInfo $info) {
	// UNGUARDED WRITES: Logging-in users don't have their CSRF set up yet.
	$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
	$info->save();
	}
	}
	diff --git a/src/applications/auth/oauth/provider/PhabricatorOAuthProviderDisqus.php b/src/applications/auth/oauth/provider/PhabricatorOAuthProviderDisqus.php
	index ad07d3cad0..126d463c43 100644
	--- a/src/applications/auth/oauth/provider/PhabricatorOAuthProviderDisqus.php
	+++ b/src/applications/auth/oauth/provider/PhabricatorOAuthProviderDisqus.php
	@@ -1,144 +1,144 @@
	<?php

	/*
	* Copyright 2012 Facebook, Inc.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	final class PhabricatorOAuthProviderDisqus extends PhabricatorOAuthProvider {

	private $userData;

	public function getProviderKey() {
	return self::PROVIDER_DISQUS;
	}

	public function getProviderName() {
	return 'Disqus';
	}

	public function isProviderEnabled() {
	return PhabricatorEnv::getEnvConfig('disqus.auth-enabled');
	}

	public function isProviderLinkPermanent() {
	return PhabricatorEnv::getEnvConfig('disqus.auth-permanent');
	}

	public function isProviderRegistrationEnabled() {
	return PhabricatorEnv::getEnvConfig('disqus.registration-enabled');
	}

	public function getClientID() {
	return PhabricatorEnv::getEnvConfig('disqus.application-id');
	}

	public function renderGetClientIDHelp() {
	return null;
	}

	public function getClientSecret() {
	return PhabricatorEnv::getEnvConfig('disqus.application-secret');
	}

	public function renderGetClientSecretHelp() {
	return null;
	}

	public function getAuthURI() {
	return 'https://disqus.com/api/oauth/2.0/authorize/';
	}

	public function getTokenURI() {
	return 'https://disqus.com/api/oauth/2.0/access_token/';
	}

	protected function getTokenExpiryKey() {
	return 'expires_in';
	}

	public function getExtraAuthParameters() {
	return array(
	'response_type' => 'code',
	);
	}

	public function getExtraTokenParameters() {
	return array(
	'grant_type' => 'authorization_code',
	);
	}

	public function decodeTokenResponse($response) {
	return json_decode($response, true);
	}

	public function getTestURIs() {
	return array(
	'http://disqus.com',
	$this->getUserInfoURI(),
	);
	}

	public function getUserInfoURI() {
	return 'https://disqus.com/api/3.0/users/details.json?'.
	'api_key='.$this->getClientID();
	}

	public function getMinimumScope() {
	return 'read';
	}

	public function setUserData($data) {
	$data = idx(json_decode($data, true), 'response');
	$this->validateUserData($data);
	$this->userData = $data;
	return $this;
	}

	public function retrieveUserID() {
	return $this->userData['id'];
	}

	public function retrieveUserEmail() {
	return idx($this->userData, 'email');
	}

	public function retrieveUserAccountName() {
	return $this->userData['username'];
	}

	public function retrieveUserProfileImage() {
	$avatar = idx($this->userData, 'avatar');
	if ($avatar) {
	$uri = idx($avatar, 'permalink');
	if ($uri) {
	- return @file_get_contents($uri);
	+ return HTTPSFuture::loadContent($uri);
	}
	}
	return null;
	}

	public function retrieveUserAccountURI() {
	return idx($this->userData, 'profileUrl');
	}

	public function retrieveUserRealName() {
	return idx($this->userData, 'name');
	}

	public function shouldDiagnoseAppLogin() {
	return true;
	}
	}
	diff --git a/src/applications/auth/oauth/provider/PhabricatorOAuthProviderFacebook.php b/src/applications/auth/oauth/provider/PhabricatorOAuthProviderFacebook.php
	index a8d16bd351..ec396d7145 100644
	--- a/src/applications/auth/oauth/provider/PhabricatorOAuthProviderFacebook.php
	+++ b/src/applications/auth/oauth/provider/PhabricatorOAuthProviderFacebook.php
	@@ -1,129 +1,129 @@
	<?php

	/*
	* Copyright 2012 Facebook, Inc.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	final class PhabricatorOAuthProviderFacebook extends PhabricatorOAuthProvider {

	private $userData;

	public function getProviderKey() {
	return self::PROVIDER_FACEBOOK;
	}

	public function getProviderName() {
	return 'Facebook';
	}

	public function isProviderEnabled() {
	return PhabricatorEnv::getEnvConfig('facebook.auth-enabled');
	}

	public function isProviderLinkPermanent() {
	return PhabricatorEnv::getEnvConfig('facebook.auth-permanent');
	}

	public function isProviderRegistrationEnabled() {
	return PhabricatorEnv::getEnvConfig('facebook.registration-enabled');
	}

	public function getClientID() {
	return PhabricatorEnv::getEnvConfig('facebook.application-id');
	}

	public function renderGetClientIDHelp() {
	return 'To generate an ID, sign into Facebook, install the "Developer"'.
	' application, and use it to create a new Facebook application.';
	}

	public function getClientSecret() {
	return PhabricatorEnv::getEnvConfig('facebook.application-secret');
	}

	public function renderGetClientSecretHelp() {
	return 'You can find the application secret in the Facebook'.
	' "Developer" application on Facebook.';
	}

	public function getAuthURI() {
	return 'https://www.facebook.com/dialog/oauth';
	}

	public function getTestURIs() {
	return array(
	'http://facebook.com',
	'https://graph.facebook.com/me'
	);
	}

	public function getTokenURI() {
	return 'https://graph.facebook.com/oauth/access_token';
	}

	protected function getTokenExpiryKey() {
	return 'expires';
	}

	public function getUserInfoURI() {
	return 'https://graph.facebook.com/me';
	}

	public function getMinimumScope() {
	return 'email';
	}

	public function setUserData($data) {
	$data = json_decode($data, true);
	$this->validateUserData($data);
	$this->userData = $data;
	return $this;
	}

	public function retrieveUserID() {
	return $this->userData['id'];
	}

	public function retrieveUserEmail() {
	return $this->userData['email'];
	}

	public function retrieveUserAccountName() {
	$matches = null;
	$link = $this->userData['link'];
	if (preg_match('@/([a-zA-Z0-9]+)$@', $link, $matches)) {
	return $matches[1];
	}
	return null;
	}

	public function retrieveUserProfileImage() {
	$uri = 'https://graph.facebook.com/me/picture?access_token=';
	- return @file_get_contents($uri.$this->getAccessToken());
	+ return HTTPSFuture::loadContent($uri.$this->getAccessToken());
	}

	public function retrieveUserAccountURI() {
	return $this->userData['link'];
	}

	public function retrieveUserRealName() {
	return $this->userData['name'];
	}

	public function shouldDiagnoseAppLogin() {
	return true;
	}

	}
	diff --git a/src/applications/auth/oauth/provider/PhabricatorOAuthProviderGitHub.php b/src/applications/auth/oauth/provider/PhabricatorOAuthProviderGitHub.php
	index ee8fb7e08f..c91b30a44f 100644
	--- a/src/applications/auth/oauth/provider/PhabricatorOAuthProviderGitHub.php
	+++ b/src/applications/auth/oauth/provider/PhabricatorOAuthProviderGitHub.php
	@@ -1,129 +1,129 @@
	<?php

	/*
	* Copyright 2012 Facebook, Inc.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	final class PhabricatorOAuthProviderGitHub extends PhabricatorOAuthProvider {

	private $userData;

	public function getProviderKey() {
	return self::PROVIDER_GITHUB;
	}

	public function getProviderName() {
	return 'GitHub';
	}

	public function isProviderEnabled() {
	return PhabricatorEnv::getEnvConfig('github.auth-enabled');
	}

	public function isProviderLinkPermanent() {
	return PhabricatorEnv::getEnvConfig('github.auth-permanent');
	}

	public function isProviderRegistrationEnabled() {
	return PhabricatorEnv::getEnvConfig('github.registration-enabled');
	}

	public function getClientID() {
	return PhabricatorEnv::getEnvConfig('github.application-id');
	}

	public function renderGetClientIDHelp() {
	return null;
	}

	public function getClientSecret() {
	return PhabricatorEnv::getEnvConfig('github.application-secret');
	}

	public function renderGetClientSecretHelp() {
	return null;
	}

	public function getAuthURI() {
	return 'https://github.com/login/oauth/authorize';
	}

	public function getTokenURI() {
	return 'https://github.com/login/oauth/access_token';
	}

	protected function getTokenExpiryKey() {
	// github access tokens do not have time-based expiry
	return null;
	}

	public function getTestURIs() {
	return array(
	'http://api.github.com',
	);
	}

	public function getUserInfoURI() {
	return 'https://api.github.com/user';
	}

	public function getMinimumScope() {
	return null;
	}

	public function setUserData($data) {
	$data = json_decode($data, true);
	$this->validateUserData($data);
	$this->userData = $data;
	return $this;
	}

	public function retrieveUserID() {
	return $this->userData['id'];
	}

	public function retrieveUserEmail() {
	return idx($this->userData, 'email');
	}

	public function retrieveUserAccountName() {
	return $this->userData['login'];
	}

	public function retrieveUserProfileImage() {
	$uri = idx($this->userData, 'avatar_url');
	if ($uri) {
	- return @file_get_contents($uri);
	+ return HTTPSFuture::loadContent($uri);
	}
	return null;
	}

	public function retrieveUserAccountURI() {
	$username = $this->retrieveUserAccountName();
	if ($username) {
	return 'https://github.com/'.$username;
	}
	return null;
	}

	public function retrieveUserRealName() {
	return idx($this->userData, 'name');
	}

	public function shouldDiagnoseAppLogin() {
	return true;
	}

	}
	diff --git a/src/applications/auth/oauth/provider/PhabricatorOAuthProviderPhabricator.php b/src/applications/auth/oauth/provider/PhabricatorOAuthProviderPhabricator.php
	index f299bd9e47..68096386cc 100644
	--- a/src/applications/auth/oauth/provider/PhabricatorOAuthProviderPhabricator.php
	+++ b/src/applications/auth/oauth/provider/PhabricatorOAuthProviderPhabricator.php
	@@ -1,145 +1,145 @@
	<?php

	/*
	* Copyright 2012 Facebook, Inc.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	final class PhabricatorOAuthProviderPhabricator
	extends PhabricatorOAuthProvider {
	private $userData;

	public function getExtraAuthParameters() {
	return array(
	'response_type' => 'code',
	);
	}

	public function getExtraTokenParameters() {
	return array(
	'grant_type' => 'authorization_code',
	);

	}
	public function decodeTokenResponse($response) {
	$decoded = json_decode($response, true);
	if (!is_array($decoded)) {
	throw new Exception('Invalid token response.');
	}
	return $decoded;
	}

	public function getProviderKey() {
	return self::PROVIDER_PHABRICATOR;
	}

	public function getProviderName() {
	return 'Phabricator';
	}

	public function isProviderEnabled() {
	return PhabricatorEnv::getEnvConfig('phabricator.auth-enabled');
	}

	public function isProviderLinkPermanent() {
	return PhabricatorEnv::getEnvConfig('phabricator.auth-permanent');
	}

	public function isProviderRegistrationEnabled() {
	return PhabricatorEnv::getEnvConfig('phabricator.registration-enabled');
	}

	public function getClientID() {
	return PhabricatorEnv::getEnvConfig('phabricator.application-id');
	}

	public function renderGetClientIDHelp() {
	return null;
	}

	public function getClientSecret() {
	return PhabricatorEnv::getEnvConfig('phabricator.application-secret');
	}

	public function renderGetClientSecretHelp() {
	return null;
	}

	public function getAuthURI() {
	return $this->getURI('/oauthserver/auth/');
	}

	public function getTestURIs() {
	return array(
	$this->getURI('/'),
	$this->getURI('/api/user.whoami/')
	);
	}

	public function getTokenURI() {
	return $this->getURI('/oauthserver/token/');
	}

	protected function getTokenExpiryKey() {
	return 'expires_in';
	}

	public function getUserInfoURI() {
	return $this->getURI('/api/user.whoami');
	}

	public function getMinimumScope() {
	return 'whoami';
	}

	public function setUserData($data) {
	// need to strip the javascript shield from conduit
	$data = substr($data, 8);
	$data = idx(json_decode($data, true), 'result');
	$this->validateUserData($data);
	$this->userData = $data;
	return $this;
	}

	public function retrieveUserID() {
	return $this->userData['phid'];
	}

	public function retrieveUserEmail() {
	return $this->userData['email'];
	}

	public function retrieveUserAccountName() {
	return $this->userData['userName'];
	}

	public function retrieveUserProfileImage() {
	$uri = $this->userData['image'];
	- return @file_get_contents($uri);
	+ return HTTPSFuture::loadContent($uri);
	}

	public function retrieveUserAccountURI() {
	return $this->userData['uri'];
	}

	public function retrieveUserRealName() {
	return $this->userData['realName'];
	}

	private function getURI($path) {
	return
	rtrim(PhabricatorEnv::getEnvConfig('phabricator.oauth-uri'), '/') .
	$path;
	}
	}
	diff --git a/src/applications/files/storage/PhabricatorFile.php b/src/applications/files/storage/PhabricatorFile.php
	index 08b091e05b..c0be163cbd 100644
	--- a/src/applications/files/storage/PhabricatorFile.php
	+++ b/src/applications/files/storage/PhabricatorFile.php
	@@ -1,388 +1,383 @@
	<?php

	/*
	* Copyright 2012 Facebook, Inc.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	final class PhabricatorFile extends PhabricatorFileDAO {

	const STORAGE_FORMAT_RAW = 'raw';

	protected $phid;
	protected $name;
	protected $mimeType;
	protected $byteSize;
	protected $authorPHID;
	protected $secretKey;
	protected $contentHash;

	protected $storageEngine;
	protected $storageFormat;
	protected $storageHandle;

	public function getConfiguration() {
	return array(
	self::CONFIG_AUX_PHID => true,
	) + parent::getConfiguration();
	}

	public function generatePHID() {
	return PhabricatorPHID::generateNewPHID(
	PhabricatorPHIDConstants::PHID_TYPE_FILE);
	}

	public static function readUploadedFileData($spec) {
	if (!$spec) {
	throw new Exception("No file was uploaded!");
	}

	$err = idx($spec, 'error');
	if ($err) {
	throw new PhabricatorFileUploadException($err);
	}

	$tmp_name = idx($spec, 'tmp_name');
	$is_valid = @is_uploaded_file($tmp_name);
	if (!$is_valid) {
	throw new Exception("File is not an uploaded file.");
	}

	$file_data = Filesystem::readFile($tmp_name);
	$file_size = idx($spec, 'size');

	if (strlen($file_data) != $file_size) {
	throw new Exception("File size disagrees with uploaded size.");
	}

	self::validateFileSize(strlen($file_data));

	return $file_data;
	}

	public static function newFromPHPUpload($spec, array $params = array()) {
	$file_data = self::readUploadedFileData($spec);

	$file_name = nonempty(
	idx($params, 'name'),
	idx($spec, 'name'));
	$params = array(
	'name' => $file_name,
	) + $params;

	return self::newFromFileData($file_data, $params);
	}

	public static function newFromXHRUpload($data, array $params = array()) {
	self::validateFileSize(strlen($data));
	return self::newFromFileData($data, $params);
	}

	private static function validateFileSize($size) {
	$limit = PhabricatorEnv::getEnvConfig('storage.upload-size-limit');
	if (!$limit) {
	return;
	}

	$limit = phabricator_parse_bytes($limit);
	if ($size > $limit) {
	throw new PhabricatorFileUploadException(-1000);
	}
	}

	public static function newFromFileData($data, array $params = array()) {
	$selector = PhabricatorEnv::newObjectFromConfig('storage.engine-selector');

	$engines = $selector->selectStorageEngines($data, $params);
	if (!$engines) {
	throw new Exception("No valid storage engines are available!");
	}

	$data_handle = null;
	$engine_identifier = null;
	$exceptions = array();
	foreach ($engines as $engine) {
	$engine_class = get_class($engine);
	try {
	// Perform the actual write.
	$data_handle = $engine->writeFile($data, $params);
	if (!$data_handle \|\| strlen($data_handle) > 255) {
	// This indicates an improperly implemented storage engine.
	throw new PhabricatorFileStorageConfigurationException(
	"Storage engine '{$engine_class}' executed writeFile() but did ".
	"not return a valid handle ('{$data_handle}') to the data: it ".
	"must be nonempty and no longer than 255 characters.");
	}

	$engine_identifier = $engine->getEngineIdentifier();
	if (!$engine_identifier \|\| strlen($engine_identifier) > 32) {
	throw new PhabricatorFileStorageConfigurationException(
	"Storage engine '{$engine_class}' returned an improper engine ".
	"identifier '{$engine_identifier}': it must be nonempty ".
	"and no longer than 32 characters.");
	}

	// We stored the file somewhere so stop trying to write it to other
	// places.
	break;
	} catch (Exception $ex) {
	if ($ex instanceof PhabricatorFileStorageConfigurationException) {
	// If an engine is outright misconfigured (or misimplemented), raise
	// that immediately since it probably needs attention.
	throw $ex;
	}

	// If an engine doesn't work, keep trying all the other valid engines
	// in case something else works.
	phlog($ex);

	$exceptions[] = $ex;
	}
	}

	if (!$data_handle) {
	throw new PhutilAggregateException(
	"All storage engines failed to write file:",
	$exceptions);
	}

	$file_name = idx($params, 'name');
	$file_name = self::normalizeFileName($file_name);

	// If for whatever reason, authorPHID isn't passed as a param
	// (always the case with newFromFileDownload()), store a ''
	$authorPHID = idx($params, 'authorPHID');

	$file = new PhabricatorFile();
	$file->setName($file_name);
	$file->setByteSize(strlen($data));
	$file->setAuthorPHID($authorPHID);
	$file->setContentHash(PhabricatorHash::digest($data));

	$file->setStorageEngine($engine_identifier);
	$file->setStorageHandle($data_handle);

	// TODO: This is probably YAGNI, but allows for us to do encryption or
	// compression later if we want.
	$file->setStorageFormat(self::STORAGE_FORMAT_RAW);

	if (isset($params['mime-type'])) {
	$file->setMimeType($params['mime-type']);
	} else {
	$tmp = new TempFile();
	Filesystem::writeFile($tmp, $data);
	$file->setMimeType(Filesystem::getMimeType($tmp));
	}

	$file->save();

	return $file;
	}

	public static function newFromFileDownload($uri, $name) {
	$uri = new PhutilURI($uri);

	$protocol = $uri->getProtocol();
	switch ($protocol) {
	case 'http':
	case 'https':
	break;
	default:
	// Make sure we are not accessing any file:// URIs or similar.
	return null;
	}

	- $timeout = stream_context_create(
	- array(
	- 'http' => array(
	- 'timeout' => 5,
	- ),
	- ));
	-
	- $file_data = @file_get_contents($uri, false, $timeout);
	+ $timeout = 5;
	+
	+ $file_data = HTTPSFuture::loadContent($uri, $timeout);
	if ($file_data === false) {
	return null;
	}

	return self::newFromFileData($file_data, array('name' => $name));
	}

	public static function normalizeFileName($file_name) {
	return preg_replace('/[^a-zA-Z0-9.~_-]/', '_', $file_name);
	}

	public function delete() {
	$engine = $this->instantiateStorageEngine();

	$ret = parent::delete();

	$engine->deleteFile($this->getStorageHandle());

	return $ret;
	}

	public function loadFileData() {

	$engine = $this->instantiateStorageEngine();
	$data = $engine->readFile($this->getStorageHandle());

	switch ($this->getStorageFormat()) {
	case self::STORAGE_FORMAT_RAW:
	$data = $data;
	break;
	default:
	throw new Exception("Unknown storage format.");
	}

	return $data;
	}

	public function getViewURI() {
	if (!$this->getPHID()) {
	throw new Exception(
	"You must save a file before you can generate a view URI.");
	}

	$name = phutil_escape_uri($this->getName());

	$path = '/file/data/'.$this->getSecretKey().'/'.$this->getPHID().'/'.$name;
	return PhabricatorEnv::getCDNURI($path);
	}

	public function getInfoURI() {
	return '/file/info/'.$this->getPHID().'/';
	}

	public function getBestURI() {
	if ($this->isViewableInBrowser()) {
	return $this->getViewURI();
	} else {
	return $this->getInfoURI();
	}
	}

	public function getThumb60x45URI() {
	return '/file/xform/thumb-60x45/'.$this->getPHID().'/';
	}

	public function getThumb160x120URI() {
	return '/file/xform/thumb-160x120/'.$this->getPHID().'/';
	}


	public function isViewableInBrowser() {
	return ($this->getViewableMimeType() !== null);
	}

	public function isViewableImage() {
	if (!$this->isViewableInBrowser()) {
	return false;
	}

	$mime_map = PhabricatorEnv::getEnvConfig('files.image-mime-types');
	$mime_type = $this->getMimeType();
	return idx($mime_map, $mime_type);
	}

	public function isTransformableImage() {

	// NOTE: The way the 'gd' extension works in PHP is that you can install it
	// with support for only some file types, so it might be able to handle
	// PNG but not JPEG. Try to generate thumbnails for whatever we can. Setup
	// warns you if you don't have complete support.

	$matches = null;
	$ok = preg_match(
	'@^image/(gif\|png\|jpe?g)@',
	$this->getViewableMimeType(),
	$matches);
	if (!$ok) {
	return false;
	}

	switch ($matches[1]) {
	case 'jpg';
	case 'jpeg':
	return function_exists('imagejpeg');
	break;
	case 'png':
	return function_exists('imagepng');
	break;
	case 'gif':
	return function_exists('imagegif');
	break;
	default:
	throw new Exception('Unknown type matched as image MIME type.');
	}
	}

	public static function getTransformableImageFormats() {
	$supported = array();

	if (function_exists('imagejpeg')) {
	$supported[] = 'jpg';
	}

	if (function_exists('imagepng')) {
	$supported[] = 'png';
	}

	if (function_exists('imagegif')) {
	$supported[] = 'gif';
	}

	return $supported;
	}

	protected function instantiateStorageEngine() {
	$engines = id(new PhutilSymbolLoader())
	->setType('class')
	->setAncestorClass('PhabricatorFileStorageEngine')
	->selectAndLoadSymbols();

	foreach ($engines as $engine_class) {
	$engine = newv($engine_class['name'], array());
	if ($engine->getEngineIdentifier() == $this->getStorageEngine()) {
	return $engine;
	}
	}

	throw new Exception("File's storage engine could be located!");
	}

	public function getViewableMimeType() {
	$mime_map = PhabricatorEnv::getEnvConfig('files.viewable-mime-types');

	$mime_type = $this->getMimeType();
	$mime_parts = explode(';', $mime_type);
	$mime_type = trim(reset($mime_parts));

	return idx($mime_map, $mime_type);
	}

	public function validateSecretKey($key) {
	return ($key == $this->getSecretKey());
	}

	public function save() {
	if (!$this->getSecretKey()) {
	$this->setSecretKey($this->generateSecretKey());
	}
	return parent::save();
	}

	public function generateSecretKey() {
	return Filesystem::readRandomCharacters(20);
	}
	}
	diff --git a/src/applications/people/controller/settings/panels/PhabricatorUserOAuthSettingsPanelController.php b/src/applications/people/controller/settings/panels/PhabricatorUserOAuthSettingsPanelController.php
	index 2c00bc441b..8f8dbf8fd4 100644
	--- a/src/applications/people/controller/settings/panels/PhabricatorUserOAuthSettingsPanelController.php
	+++ b/src/applications/people/controller/settings/panels/PhabricatorUserOAuthSettingsPanelController.php
	@@ -1,245 +1,245 @@
	<?php

	/*
	* Copyright 2012 Facebook, Inc.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	final class PhabricatorUserOAuthSettingsPanelController
	extends PhabricatorUserSettingsPanelController {

	private $provider;

	public function setOAuthProvider(PhabricatorOAuthProvider $oauth_provider) {
	$this->provider = $oauth_provider;
	return $this;
	}

	private function prepareAuthForm(AphrontFormView $form) {
	$provider = $this->provider;

	$auth_uri = $provider->getAuthURI();
	$client_id = $provider->getClientID();
	$redirect_uri = $provider->getRedirectURI();
	$minimum_scope = $provider->getMinimumScope();

	$form
	->setAction($auth_uri)
	->setMethod('GET')
	->addHiddenInput('redirect_uri', $redirect_uri)
	->addHiddenInput('client_id', $client_id)
	->addHiddenInput('scope', $minimum_scope);

	foreach ($provider->getExtraAuthParameters() as $key => $value) {
	$form->addHiddenInput($key, $value);
	}

	return $form;
	}

	public function processRequest() {
	$request = $this->getRequest();
	$user = $request->getUser();
	$provider = $this->provider;
	$notice = null;
	$provider_name = $provider->getProviderName();
	$provider_key = $provider->getProviderKey();

	$oauth_info = id(new PhabricatorUserOAuthInfo())->loadOneWhere(
	'userID = %d AND oauthProvider = %s',
	$user->getID(),
	$provider->getProviderKey());

	if ($request->isFormPost() && $oauth_info) {
	$notice = $this->refreshProfileImage($oauth_info);
	}

	$form = new AphrontFormView();
	$form->setUser($user);

	$forms = array();
	$forms[] = $form;
	if (!$oauth_info) {
	$form
	->appendChild(
	'<p class="aphront-form-instructions">There is currently no '.
	phutil_escape_html($provider_name).' account linked to your '.
	'Phabricator account. You can link an account, which will allow you '.
	'to use it to log into Phabricator.</p>');

	$this->prepareAuthForm($form);

	$form
	->appendChild(
	id(new AphrontFormSubmitControl())
	->setValue('Link '.$provider_name." Account \xC2\xBB"));
	} else {
	$expires = $oauth_info->getTokenExpires();

	$form
	->appendChild(
	'<p class="aphront-form-instructions">Your account is linked with '.
	'a '.phutil_escape_html($provider_name).' account. You may use your '.
	phutil_escape_html($provider_name).' credentials to log into '.
	'Phabricator.</p>')
	->appendChild(
	id(new AphrontFormStaticControl())
	->setLabel($provider_name.' ID')
	->setValue($oauth_info->getOAuthUID())
	)
	->appendChild(
	id(new AphrontFormStaticControl())
	->setLabel($provider_name.' Name')
	->setValue($oauth_info->getAccountName())
	)
	->appendChild(
	id(new AphrontFormStaticControl())
	->setLabel($provider_name.' URI')
	->setValue($oauth_info->getAccountURI())
	);

	if (!$expires \|\| $expires > time()) {
	$form->appendChild(
	id(new AphrontFormSubmitControl())
	->setValue('Refresh Profile Image from '.$provider_name)
	);
	}

	if (!$provider->isProviderLinkPermanent()) {
	$unlink = 'Unlink '.$provider_name.' Account';
	$unlink_form = new AphrontFormView();
	$unlink_form
	->setUser($user)
	->appendChild(
	'<p class="aphront-form-instructions">You may unlink this account '.
	'from your '.phutil_escape_html($provider_name).' account. This '.
	'will prevent you from logging in with your '.
	phutil_escape_html($provider_name).' credentials.</p>')
	->appendChild(
	id(new AphrontFormSubmitControl())
	->addCancelButton('/oauth/'.$provider_key.'/unlink/', $unlink));
	$forms['Unlink Account'] = $unlink_form;
	}

	if ($expires) {
	if ($expires <= time()) {
	$expires_text = "Expired";
	} else {
	$expires_text = phabricator_datetime($expires, $user);
	}
	} else {
	$expires_text = 'No Information Available';
	}

	$scope = $oauth_info->getTokenScope();
	if (!$scope) {
	$scope = 'No Information Available';
	}

	$status = $oauth_info->getTokenStatus();
	$status = PhabricatorUserOAuthInfo::getReadableTokenStatus($status);

	$token_form = new AphrontFormView();
	$token_form
	->setUser($user)
	->appendChild(
	'<p class="aphront-from-instructions">insert rap about tokens</p>')
	->appendChild(
	id(new AphrontFormStaticControl())
	->setLabel('Token Status')
	->setValue($status))
	->appendChild(
	id(new AphrontFormStaticControl())
	->setLabel('Expires')
	->setValue($expires_text))
	->appendChild(
	id(new AphrontFormStaticControl())
	->setLabel('Scope')
	->setValue($scope));

	if ($expires <= time()) {
	$this->prepareAuthForm($token_form);
	$token_form
	->appendChild(
	id(new AphrontFormSubmitControl())
	->setValue('Refresh '.$provider_name.' Token')
	);
	}

	$forms['Account Token Information'] = $token_form;
	}

	$panel = new AphrontPanelView();
	$panel->setHeader($provider_name.' Account Settings');
	$panel->setWidth(AphrontPanelView::WIDTH_FORM);
	foreach ($forms as $name => $form) {
	if ($name) {
	$panel->appendChild('<br /><h1>'.$name.'</h1><br />');
	}
	$panel->appendChild($form);
	}

	return id(new AphrontNullView())
	->appendChild(
	array(
	$notice,
	$panel,
	));
	}

	private function refreshProfileImage(PhabricatorUserOAuthInfo $oauth_info) {
	$user = $this->getRequest()->getUser();
	$provider = $this->provider;
	$error = false;
	$userinfo_uri = new PhutilURI($provider->getUserInfoURI());
	$token = $oauth_info->getToken();
	try {
	$userinfo_uri->setQueryParam('access_token', $token);
	- $user_data = @file_get_contents($userinfo_uri);
	+ $user_data = HTTPSFuture::loadContent($userinfo_uri);
	$provider->setUserData($user_data);
	$provider->setAccessToken($token);
	$image = $provider->retrieveUserProfileImage();
	if ($image) {
	$file = PhabricatorFile::newFromFileData(
	$image,
	array(
	'name' => $provider->getProviderKey().'-profile.jpg',
	'authorPHID' => $user->getPHID(),
	));
	$user->setProfileImagePHID($file->getPHID());
	$user->save();
	} else {
	$error = 'Unable to retrieve image.';
	}
	} catch (Exception $e) {
	if ($e instanceof PhabricatorOAuthProviderException) {
	$error = sprintf('Unable to retrieve image from %s',
	$provider->getProviderName());
	} else {
	$error = 'Unable to save image.';
	}
	}
	$notice = new AphrontErrorView();
	if ($error) {
	$notice
	->setTitle('Error Refreshing Profile Picture')
	->setErrors(array($error));
	} else {
	$notice
	->setSeverity(AphrontErrorView::SEVERITY_NOTICE)
	->setTitle('Successfully Refreshed Profile Picture');
	}
	return $notice;
	}
	}
	diff --git a/src/infrastructure/PhabricatorSetup.php b/src/infrastructure/PhabricatorSetup.php
	index e42c96b471..e3fe9d618b 100644
	--- a/src/infrastructure/PhabricatorSetup.php
	+++ b/src/infrastructure/PhabricatorSetup.php
	@@ -1,816 +1,816 @@
	<?php

	/*
	* Copyright 2012 Facebook, Inc.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	final class PhabricatorSetup {

	public static function runSetup() {
	header("Content-Type: text/plain");
	self::write("PHABRICATOR SETUP\n\n");

	// Force browser to stop buffering.
	self::write(str_repeat(' ', 2048));
	usleep(250000);

	self::write("This setup mode will guide you through setting up your ".
	"Phabricator configuration.\n");

	self::writeHeader("CORE CONFIGURATION");

	// NOTE: Test this first since other tests depend on the ability to
	// execute system commands and will fail if safe_mode is enabled.
	$safe_mode = ini_get('safe_mode');
	if ($safe_mode) {
	self::writeFailure();
	self::write(
	"Setup failure! You have 'safe_mode' enabled. Phabricator will not ".
	"run in safe mode, and it has been deprecated in PHP 5.3 and removed ".
	"in PHP 5.4.\n");
	return;
	} else {
	self::write(" okay PHP's deprecated 'safe_mode' is disabled.\n");
	}

	// NOTE: Also test this early since we can't include files from other
	// libraries if this is set strictly.

	$open_basedir = ini_get('open_basedir');
	if ($open_basedir) {

	// 'open_basedir' restricts which files we're allowed to access with
	// file operations. This might be okay -- we don't need to write to
	// arbitrary places in the filesystem -- but we need to access certain
	// resources. This setting is unlikely to be providing any real measure
	// of security so warn even if things look OK.

	try {
	$open_libphutil = class_exists('Future');
	} catch (Exception $ex) {
	$message = $ex->getMessage();
	self::write("Unable to load modules from libphutil: {$message}\n");
	$open_libphutil = false;
	}

	try {
	$open_arcanist = class_exists('ArcanistDiffParser');
	} catch (Exception $ex) {
	$message = $ex->getMessage();
	self::write("Unable to load modules from Arcanist: {$message}\n");
	$open_arcanist = false;
	}

	$open_urandom = false;
	try {
	Filesystem::readRandomBytes(1);
	$open_urandom = true;
	} catch (FilesystemException $ex) {
	self::write($ex->getMessage()."\n");
	}

	try {
	$tmp = new TempFile();
	file_put_contents($tmp, '.');
	$open_tmp = @fopen((string)$tmp, 'r');
	} catch (Exception $ex) {
	$message = $ex->getMessage();
	$dir = sys_get_temp_dir();
	self::write("Unable to open temp files from '{$dir}': {$message}\n");
	$open_tmp = false;
	}

	if (!$open_urandom \|\| !$open_tmp \|\| !$open_libphutil \|\| !$open_arcanist) {
	self::writeFailure();
	self::write(
	"Setup failure! Your server is configured with 'open_basedir' in ".
	"php.ini which prevents Phabricator from opening files it needs to ".
	"access. Either make the setting more permissive or remove it. It ".
	"is unlikely you derive significant security benefits from having ".
	"this configured; files outside this directory can still be ".
	"accessed through system command execution.");
	return;
	} else {
	self::write(
	"[WARN] You have an 'open_basedir' configured in your php.ini. ".
	"Although the setting seems permissive enough that Phabricator ".
	"will run properly, you may run into problems because of it. It is ".
	"unlikely you gain much real security benefit from having it ".
	"configured, because the application can still access files outside ".
	"the 'open_basedir' by running system commands.\n");
	}
	} else {
	self::write(" okay 'open_basedir' is not set.\n");
	}

	if (!PhabricatorEnv::getEnvConfig('security.alternate-file-domain')) {
	self::write(
	"[WARN] You have not configured 'security.alternate-file-domain'. ".
	"This makes your installation vulnerable to attack. Make sure you ".
	"read the documentation for this parameter and understand the ".
	"consequences of leaving it unconfigured.\n");
	}

	$path = getenv('PATH');
	if (empty($path)) {
	self::writeFailure();
	self::write(
	"Setup failure! The environmental \$PATH variable is empty. ".
	"Phabricator needs to execute system commands like 'svn', 'git', ".
	"'hg', and 'diff'. Set up your webserver so that it passes a valid ".
	"\$PATH to the PHP process.\n\n");
	if (php_sapi_name() == 'fpm-fcgi') {
	self::write(
	"You're running php-fpm, so the easiest way to do this is to add ".
	"this line to your php-fpm.conf:\n\n".
	" env[PATH] = /usr/local/bin:/usr/bin:/bin\n\n".
	"Then restart php-fpm.\n");
	}
	return;
	} else {
	self::write(" okay \$PATH is nonempty.\n");
	}

	self::write("[OKAY] Core configuration OKAY.\n");

	self::writeHeader("REQUIRED PHP EXTENSIONS");
	$extensions = array(
	'mysql',
	'hash',
	'json',
	'openssl',
	'mbstring',
	'iconv',

	// There is a chance we might not need this, but some configurations (like
	- // Amazon SES) will require it. Just mark it 'required' since it's widely
	- // available and relatively core.
	+ // OAuth or Amazon SES) will require it. Just mark it 'required' since
	+ // it's widely available and relatively core.
	'curl',
	);
	foreach ($extensions as $extension) {
	$ok = self::requireExtension($extension);
	if (!$ok) {
	self::writeFailure();
	self::write("Setup failure! Install PHP extension '{$extension}'.");
	return;
	}
	}

	list($err, $stdout, $stderr) = exec_manual('which php');
	if ($err) {
	self::writeFailure();
	self::write("Unable to locate 'php' on the command line from the web ".
	"server. Verify that 'php' is in the webserver's PATH.\n".
	" err: {$err}\n".
	"stdout: {$stdout}\n".
	"stderr: {$stderr}\n");
	return;
	} else {
	self::write(" okay PHP binary found on the command line.\n");
	$php_bin = trim($stdout);
	}

	// NOTE: In cPanel + suphp installs, 'php' may be the PHP CGI SAPI, not the
	// PHP CLI SAPI. proc_open() will pass the environment to the child process,
	// which will re-execute the webpage (causing an infinite number of
	// processes to spawn). To test that the 'php' binary is safe to execute,
	// we call php_sapi_name() using "env -i" to wipe the environment so it
	// doesn't execute another reuqest if it's the wrong binary. We can't use
	// "-r" because php-cgi doesn't support that flag.

	$tmp_file = new TempFile('sapi.php');
	Filesystem::writeFile($tmp_file, '<?php echo php_sapi_name();');

	list($err, $stdout, $stderr) = exec_manual(
	'/usr/bin/env -i %s -f %s',
	$php_bin,
	$tmp_file);
	if ($err) {
	self::writeFailure();
	self::write("Unable to execute 'php' on the command line from the web ".
	"server.\n".
	" err: {$err}\n".
	"stdout: {$stdout}\n".
	"stderr: {$stderr}\n");
	return;
	} else {
	self::write(" okay PHP is available from the command line.\n");

	$sapi = trim($stdout);
	if ($sapi != 'cli') {
	self::writeFailure();
	self::write(
	"The 'php' binary on this system uses the '{$sapi}' SAPI, but the ".
	"'cli' SAPI is expected. Replace 'php' with the php-cli SAPI ".
	"binary, or edit your webserver configuration so the first 'php' ".
	"in PATH is the 'cli' SAPI.\n\n".
	"If you're running cPanel with suphp, the easiest way to fix this ".
	"is to add '/usr/local/bin' before '/usr/bin' for 'env_path' in ".
	"suconf.php:\n\n".
	' env_path="/bin:/usr/local/bin:/usr/bin"'.
	"\n\n");
	return;
	} else {
	self::write(" okay 'php' is CLI SAPI.\n");
	}
	}

	$root = dirname(phutil_get_library_root('phabricator'));

	// On RHEL6, doing a distro install of pcntl makes it available from the
	// CLI binary but not from the Apache module. This isn't entirely
	// unreasonable and we don't need it from Apache, so do an explicit test
	// for CLI availability.
	list($err, $stdout, $stderr) = exec_manual(
	'php %s',
	"{$root}/scripts/setup/pcntl_available.php");
	if ($err) {
	self::writeFailure();
	self::write("Unable to execute scripts/setup/pcntl_available.php to ".
	"test for the availability of pcntl from the CLI.\n".
	" err: {$err}\n".
	"stdout: {$stdout}\n".
	"stderr: {$stderr}\n");
	return;
	} else {
	if (trim($stdout) == 'YES') {
	self::write(" okay pcntl is available from the command line.\n");
	self::write("[OKAY] All extensions OKAY\n");
	} else {
	self::write(" warn pcntl is not available!\n");
	self::write("[WARN] * WARNING * pcntl extension not available. ".
	"You will not be able to run daemons.\n");
	}
	}

	self::writeHeader("GIT SUBMODULES");
	if (!Filesystem::pathExists($root.'/.git')) {
	self::write(" skip Not a git clone.\n\n");
	} else {
	list($info) = execx(
	'(cd %s && git submodule status)',
	$root);
	foreach (explode("\n", rtrim($info)) as $line) {
	$matches = null;
	if (!preg_match('/^(.)([0-9a-f]{40}) (\S+)(?: \|$)/', $line, $matches)) {
	self::writeFailure();
	self::write(
	"Setup failure! 'git submodule' produced unexpected output:\n".
	$line);
	return;
	}

	$status = $matches[1];
	$module = $matches[3];

	switch ($status) {
	case '-':
	case '+':
	case 'U':
	self::writeFailure();
	self::write(
	"Setup failure! Git submodule '{$module}' is not up to date. ".
	"Run:\n\n".
	" cd {$root} && git submodule update --init\n\n".
	"...to update submodules.");
	return;
	case ' ':
	self::write(" okay Git submodule '{$module}' up to date.\n");
	break;
	default:
	self::writeFailure();
	self::write(
	"Setup failure! 'git submodule' reported unknown status ".
	"'{$status}' for submodule '{$module}'. This is a bug; report ".
	"it to the Phabricator maintainers.");
	return;
	}
	}
	}
	self::write("[OKAY] All submodules OKAY.\n");

	self::writeHeader("BASIC CONFIGURATION");

	$env = PhabricatorEnv::getEnvConfig('phabricator.env');
	if ($env == 'production' \|\| $env == 'default' \|\| $env == 'development') {
	self::writeFailure();
	self::write(
	"Setup failure! Your PHABRICATOR_ENV is set to '{$env}', which is ".
	"a Phabricator environmental default. You should create a custom ".
	"environmental configuration instead of editing the defaults ".
	"directly. See this document for instructions:\n");
	self::writeDoc('article/Configuration_Guide.html');
	return;
	} else {
	$host = PhabricatorEnv::getEnvConfig('phabricator.base-uri');
	$host_uri = new PhutilURI($host);
	$protocol = $host_uri->getProtocol();
	$allowed_protocols = array(
	'http' => true,
	'https' => true,
	);
	if (empty($allowed_protocols[$protocol])) {
	self::writeFailure();
	self::write(
	"You must specify the protocol over which your host works (e.g.: ".
	"\"http:// or https://\")\nin your custom config file.\nRefer to ".
	"'default.conf.php' for documentation on configuration options.\n");
	return;
	}
	if (preg_match('/.*\/$/', $host)) {
	self::write(" okay phabricator.base-uri protocol\n");
	} else {
	self::writeFailure();
	self::write(
	"You must add a trailing slash at the end of the host\n(e.g.: ".
	"\"http://phabricator.example.com/ instead of ".
	"http://phabricator.example.com\")\nin your custom config file.".
	"\nRefer to 'default.conf.php' for documentation on configuration ".
	"options.\n");
	return;
	}

	$host_domain = $host_uri->getDomain();
	if (strpos($host_domain, '.') !== false) {
	self::write(" okay phabricator.base-uri domain\n");
	} else {
	self::writeFailure();
	self::write(
	"You must host Phabricator on a domain that contains a dot ('.'). ".
	"The current domain, '{$host_domain}', does not have a dot, so some ".
	"browsers will not set cookies on it. For instance, ".
	"'http://example.com/ is OK, but 'http://example/' won't work. ".
	"If you are using localhost, create an entry in the hosts file like ".
	"'127.0.0.1 example.com', and access the localhost with ".
	"'http://example.com/'.");
	return;
	}
	}

	$timezone = nonempty(
	PhabricatorEnv::getEnvConfig('phabricator.timezone'),
	ini_get('date.timezone'));
	if (!$timezone) {
	self::writeFailure();
	self::write(
	"Setup failure! Your configuration fails to specify a server ".
	"timezone. Either set 'date.timezone' in your php.ini or ".
	"'phabricator.timezone' in your Phabricator configuration. See the ".
	"PHP documentation for a list of supported timezones:\n\n".
	"http://us.php.net/manual/en/timezones.php\n");
	return;
	} else {
	self::write(" okay Timezone '{$timezone}' configured.\n");
	}

	self::write("[OKAY] Basic configuration OKAY\n");


	$issue_gd_warning = false;
	self::writeHeader('GD LIBRARY');
	if (extension_loaded('gd')) {
	self::write(" okay Extension 'gd' is loaded.\n");
	$image_type_map = array(
	'imagepng' => 'PNG',
	'imagegif' => 'GIF',
	'imagejpeg' => 'JPEG',
	);
	foreach ($image_type_map as $function => $image_type) {
	if (function_exists($function)) {
	self::write(" okay Support for '{$image_type}' is available.\n");
	} else {
	self::write(" warn Support for '{$image_type}' is not available!\n");
	$issue_gd_warning = true;
	}
	}
	} else {
	self::write(" warn Extension 'gd' is not loaded.\n");
	$issue_gd_warning = true;
	}

	if ($issue_gd_warning) {
	self::write(
	"[WARN] The 'gd' library is missing or lacks full support. ".
	"Phabricator will not be able to generate image thumbnails without ".
	"gd.\n");
	} else {
	self::write("[OKAY] 'gd' loaded and has full image type support.\n");
	}


	self::writeHeader('FACEBOOK INTEGRATION');
	$fb_auth = PhabricatorEnv::getEnvConfig('facebook.auth-enabled');
	if (!$fb_auth) {
	self::write(" skip 'facebook.auth-enabled' not enabled.\n");
	} else {
	self::write(" okay 'facebook.auth-enabled' is enabled.\n");
	$app_id = PhabricatorEnv::getEnvConfig('facebook.application-id');
	$app_secret = PhabricatorEnv::getEnvConfig('facebook.application-secret');

	if (!$app_id) {
	self::writeFailure();
	self::write(
	"Setup failure! 'facebook.auth-enabled' is true but there is no ".
	"setting for 'facebook.application-id'.\n");
	return;
	} else {
	self::write(" okay 'facebook.application-id' is set.\n");
	}

	if (!is_string($app_id)) {
	self::writeFailure();
	self::write(
	"Setup failure! 'facebook.application-id' should be a string.");
	return;
	} else {
	self::write(" okay 'facebook.application-id' is string.\n");
	}

	if (!$app_secret) {
	self::writeFailure();
	self::write(
	"Setup failure! 'facebook.auth-enabled' is true but there is no ".
	"setting for 'facebook.application-secret'.");
	return;
	} else {
	self::write(" okay 'facebook.application-secret is set.\n");
	}

	self::write("[OKAY] Facebook integration OKAY\n");
	}

	self::writeHeader("MySQL DATABASE & STORAGE CONFIGURATION");

	$conf = PhabricatorEnv::newObjectFromConfig('mysql.configuration-provider');
	$conn_user = $conf->getUser();
	$conn_pass = $conf->getPassword();
	$conn_host = $conf->getHost();

	$timeout = ini_get('mysql.connect_timeout');
	if ($timeout > 5) {
	self::writeNote(
	"Your MySQL connect timeout is very high ({$timeout} seconds). ".
	"Consider reducing it to 5 or below by setting ".
	"'mysql.connect_timeout' in your php.ini.");
	}

	self::write(" okay Trying to connect to MySQL database ".
	"{$conn_user}@{$conn_host}...\n");

	ini_set('mysql.connect_timeout', 2);

	$conn_raw = PhabricatorEnv::newObjectFromConfig(
	'mysql.implementation',
	array(
	array(
	'user' => $conn_user,
	'pass' => $conn_pass,
	'host' => $conn_host,
	'database' => null,
	),
	));

	try {
	queryfx($conn_raw, 'SELECT 1');
	self::write(" okay Connection successful!\n");
	} catch (AphrontQueryConnectionException $ex) {
	$message = $ex->getMessage();
	self::writeFailure();
	self::write(
	"Setup failure! MySQL exception: {$message} \n".
	"Edit Phabricator configuration keys 'mysql.user', ".
	"'mysql.host' and 'mysql.pass' to enable Phabricator ".
	"to connect.");
	return;
	}

	$engines = queryfx_all($conn_raw, 'SHOW ENGINES');
	$engines = ipull($engines, 'Support', 'Engine');

	$innodb = idx($engines, 'InnoDB');
	if ($innodb != 'YES' && $innodb != 'DEFAULT') {
	self::writeFailure();
	self::write(
	"Setup failure! The 'InnoDB' engine is not available. Enable ".
	"InnoDB in your MySQL configuration. If you already created tables, ".
	"MySQL incorrectly used some other engine. You need to convert ".
	"them or drop and reinitialize them.");
	return;
	} else {
	self::write(" okay InnoDB is available.\n");
	}

	$databases = queryfx_all($conn_raw, 'SHOW DATABASES');
	$databases = ipull($databases, 'Database', 'Database');
	if (empty($databases['phabricator_meta_data'])) {
	self::writeFailure();
	self::write(
	"Setup failure! You haven't run 'bin/storage upgrade'. See this ".
	"article for instructions:\n");
	self::writeDoc('article/Configuration_Guide.html');
	return;
	} else {
	self::write(" okay Databases have been initialized.\n");
	}

	$index_min_length = queryfx_one(
	$conn_raw,
	'SHOW VARIABLES LIKE %s',
	'ft_min_word_len');
	$index_min_length = idx($index_min_length, 'Value', 4);
	if ($index_min_length >= 4) {
	self::writeNote(
	"MySQL is configured with a 'ft_min_word_len' of 4 or greater, which ".
	"means you will not be able to search for 3-letter terms. Consider ".
	"setting this in your configuration:\n".
	"\n".
	" [mysqld]\n".
	" ft_min_word_len=3\n".
	"\n".
	"Then optionally run:\n".
	"\n".
	" REPAIR TABLE phabricator_search.search_documentfield QUICK;\n".
	"\n".
	"...to reindex existing documents.");
	}

	$max_allowed_packet = queryfx_one(
	$conn_raw,
	'SHOW VARIABLES LIKE %s',
	'max_allowed_packet');
	$max_allowed_packet = idx($max_allowed_packet, 'Value', PHP_INT_MAX);

	$recommended_minimum = 1024 * 1024;
	if ($max_allowed_packet < $recommended_minimum) {
	self::writeNote(
	"MySQL is configured with a small 'max_allowed_packet' ".
	"('{$max_allowed_packet}'), which may cause some large writes to ".
	"fail. Consider raising this to at least {$recommended_minimum}.");
	} else {
	self::write(" okay max_allowed_packet = {$max_allowed_packet}.\n");
	}

	$mysql_key = 'storage.mysql-engine.max-size';
	$mysql_limit = PhabricatorEnv::getEnvConfig($mysql_key);

	if ($mysql_limit && ($mysql_limit + 8192) > $max_allowed_packet) {
	self::writeFailure();
	self::write(
	"Setup failure! Your Phabricator 'storage.mysql-engine.max-size' ".
	"configuration ('{$mysql_limit}') must be at least 8KB smaller ".
	"than your MySQL 'max_allowed_packet' configuration ".
	"('{$max_allowed_packet}'). Raise the 'max_allowed_packet' in your ".
	"MySQL configuration, or reduce the maximum file size allowed by ".
	"the Phabricator configuration.\n");
	return;
	} else if (!$mysql_limit) {
	self::write(" skip MySQL file storage engine not configured.\n");
	} else {
	self::write(" okay MySQL file storage engine configuration okay.\n");
	}

	$local_key = 'storage.local-disk.path';
	$local_path = PhabricatorEnv::getEnvConfig($local_key);
	if ($local_path) {
	if (!Filesystem::pathExists($local_path) \|\|
	!is_readable($local_path) \|\|
	!is_writable($local_path)) {
	self::writeFailure();
	self::write(
	"Setup failure! You have configured local disk storage but the ".
	"path you specified ('{$local_path}') does not exist or is not ".
	"readable or writable.\n");
	if ($open_basedir) {
	self::write(
	"You have an 'open_basedir' setting -- make sure Phabricator is ".
	"allowed to open files in the local storage directory.\n");
	}
	return;
	} else {
	self::write(" okay Local disk storage exists and is writable.\n");
	}
	} else {
	self::write(" skip Not configured for local disk storage.\n");
	}

	$selector = PhabricatorEnv::getEnvConfig('storage.engine-selector');

	try {
	$storage_selector_exists = class_exists($selector);
	} catch (Exception $ex) {
	$storage_selector_exists = false;
	}

	if ($storage_selector_exists) {
	self::write(" okay Using '{$selector}' as a storage engine selector.\n");
	} else {
	self::writeFailure();
	self::write(
	"Setup failure! You have configured '{$selector}' as a storage engine ".
	"selector but it does not exist or could not be loaded.\n");
	return;
	}

	self::write("[OKAY] Database and storage configuration OKAY\n");


	self::writeHeader("OUTBOUND EMAIL CONFIGURATION");

	$have_adapter = false;
	$is_ses = false;

	$adapter = PhabricatorEnv::getEnvConfig('metamta.mail-adapter');
	switch ($adapter) {
	case 'PhabricatorMailImplementationPHPMailerLiteAdapter':

	$have_adapter = true;

	if (!Filesystem::pathExists('/usr/bin/sendmail') &&
	!Filesystem::pathExists('/usr/sbin/sendmail')) {
	self::writeFailure();
	self::write(
	"Setup failure! You don't have a 'sendmail' binary on this system ".
	"but outbound email is configured to use sendmail. Install an MTA ".
	"(like sendmail, qmail or postfix) or use a different outbound ".
	"mail configuration. See this guide for configuring outbound ".
	"email:\n");
	self::writeDoc('article/Configuring_Outbound_Email.html');
	return;
	} else {
	self::write(" okay Sendmail is configured.\n");
	}

	break;
	case 'PhabricatorMailImplementationAmazonSESAdapter':

	$is_ses = true;
	$have_adapter = true;

	if (PhabricatorEnv::getEnvConfig('metamta.can-send-as-user')) {
	self::writeFailure();
	self::write(
	"Setup failure! 'metamta.can-send-as-user' must be false when ".
	"configured with Amazon SES.");
	return;
	} else {
	self::write(" okay Sender config looks okay.\n");
	}

	if (!PhabricatorEnv::getEnvConfig('amazon-ses.access-key')) {
	self::writeFailure();
	self::write(
	"Setup failure! 'amazon-ses.access-key' is not set, but ".
	"outbound mail is configured to deliver via Amazon SES.");
	return;
	} else {
	self::write(" okay Amazon SES access key is set.\n");
	}

	if (!PhabricatorEnv::getEnvConfig('amazon-ses.secret-key')) {
	self::writeFailure();
	self::write(
	"Setup failure! 'amazon-ses.secret-key' is not set, but ".
	"outbound mail is configured to deliver via Amazon SES.");
	return;
	} else {
	self::write(" okay Amazon SES secret key is set.\n");
	}

	if (PhabricatorEnv::getEnvConfig('metamta.send-immediately')) {
	self::writeNote(
	"Your configuration uses Amazon SES to deliver email but tries ".
	"to send it immediately. This will work, but it's slow. ".
	"Consider configuring the MetaMTA daemon.");
	}
	break;
	case 'PhabricatorMailImplementationTestAdapter':
	self::write(" skip You have disabled outbound email.\n");
	break;
	default:
	self::write(" skip Configured with a custom adapter.\n");
	break;
	}

	if ($have_adapter) {
	$default = PhabricatorEnv::getEnvConfig('metamta.default-address');
	if (!$default \|\| $default == 'noreply@example.com') {
	self::writeFailure();
	self::write(
	"Setup failure! You have not set 'metamta.default-address'.");
	return;
	} else {
	self::write(" okay metamta.default-address is set.\n");
	}

	if ($is_ses) {
	self::writeNote(
	"Make sure you've verified your 'from' address ('{$default}') with ".
	"Amazon SES. Until you verify it, you will be unable to send mail ".
	"using Amazon SES.");
	}

	$domain = PhabricatorEnv::getEnvConfig('metamta.domain');
	if (!$domain \|\| $domain == 'example.com') {
	self::writeFailure();
	self::write(
	"Setup failure! You have not set 'metamta.domain'.");
	return;
	} else {
	self::write(" okay metamta.domain is set.\n");
	}

	self::write("[OKAY] Mail configuration OKAY\n");
	}

	self::writeHeader('CONFIG CLASSES');
	foreach (PhabricatorEnv::getRequiredClasses() as $key => $instanceof) {
	$config = PhabricatorEnv::getEnvConfig($key);
	if (!$config) {
	self::writeNote("'$key' is not set.");
	} else {
	try {
	$r = new ReflectionClass($config);
	if (!$r->isSubclassOf($instanceof)) {
	throw new Exception(
	"Config setting '$key' must be an instance of '$instanceof'.");
	} else if (!$r->isInstantiable()) {
	throw new Exception("Config setting '$key' must be instantiable.");
	}
	} catch (Exception $ex) {
	self::writeFailure();
	self::write("Setup failure! ".$ex->getMessage());
	return;
	}
	}
	}
	self::write("[OKAY] Config classes OKAY\n");

	self::writeHeader('SUCCESS!');
	self::write(
	"Congratulations! Your setup seems mostly correct, or at least fairly ".
	"reasonable.\n\n".
	"* NEXT STEP *\n".
	"Edit your configuration file (conf/{$env}.conf.php) and remove the ".
	"'phabricator.setup' line to finish installation.");

	}

	public static function requireExtension($extension) {
	if (extension_loaded($extension)) {
	self::write(" okay Extension '{$extension}' installed.\n");
	return true;
	} else {
	self::write("[FAIL] Extension '{$extension}' is NOT INSTALLED!\n");
	return false;
	}
	}

	private static function writeFailure() {
	self::write("\n\n<<< * FAILURE! * >>>\n");
	}

	private static function write($str) {
	echo $str;
	ob_flush();
	flush();

	// This, uh, makes it look cool. -_-
	usleep(20000);
	}

	private static function writeNote($note) {
	$note = "*** NOTE: ".wordwrap($note, 75, "\n", true);
	$note = "\n".str_replace("\n", "\n ", $note)."\n\n";
	self::write($note);
	}

	public static function writeHeader($header) {
	$template = '>>>'.str_repeat('-', 77);
	$template = substr_replace(
	$template,
	' '.$header.' ',
	3,
	strlen($header) + 4);
	self::write("\n\n{$template}\n\n");
	}

	public static function writeDoc($doc) {
	self::write(
	"\n".
	' http://www.phabricator.com/docs/phabricator/'.$doc.
	"\n\n");
	}

	}
	diff --git a/src/infrastructure/daemon/irc/handler/PhabricatorIRCMacroHandler.php b/src/infrastructure/daemon/irc/handler/PhabricatorIRCMacroHandler.php
	index f5008689f0..63ff2879b8 100644
	--- a/src/infrastructure/daemon/irc/handler/PhabricatorIRCMacroHandler.php
	+++ b/src/infrastructure/daemon/irc/handler/PhabricatorIRCMacroHandler.php
	@@ -1,203 +1,203 @@
	<?php

	/*
	* Copyright 2012 Facebook, Inc.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	/**
	* @group irc
	*/
	final class PhabricatorIRCMacroHandler extends PhabricatorIRCHandler {

	private $macros;
	private $regexp;

	private $buffer = array();
	private $next = 0;

	private function init() {
	if ($this->macros === false) {
	return false;
	}

	if ($this->macros !== null) {
	return true;
	}

	$macros = $this->getConduit()->callMethodSynchronous(
	'macro.query',
	array());
	// bail if we have no macros
	if (empty($macros)) {
	return false;
	}
	$this->macros = $macros;

	$regexp = array();
	foreach ($this->macros as $macro_name => $macro) {
	$regexp[] = preg_quote($macro_name, '/');
	}
	$regexp = '/('.implode('\|', $regexp).')/';

	$this->regexp = $regexp;

	return true;
	}

	public function receiveMessage(PhabricatorIRCMessage $message) {
	if (!$this->init()) {
	return;
	}

	switch ($message->getCommand()) {
	case 'PRIVMSG':
	$reply_to = $message->getReplyTo();
	if (!$reply_to) {
	break;
	}

	$message = $message->getMessageText();

	$matches = null;
	if (!preg_match($this->regexp, $message, $matches)) {
	return;
	}

	$macro = $matches[1];

	$ascii = idx($this->macros[$macro], 'ascii');
	if ($ascii === false) {
	return;
	}

	if (!$ascii) {
	$this->macros[$macro]['ascii'] = $this->rasterize(
	$this->macros[$macro],
	$this->getConfig('macro.size', 48),
	$this->getConfig('macro.aspect', 0.66));
	$ascii = $this->macros[$macro]['ascii'];
	}

	foreach ($ascii as $line) {
	$this->buffer[$reply_to][] = $line;
	}
	break;
	}
	}

	public function runBackgroundTasks() {
	if (microtime(true) < $this->next) {
	return;
	}

	foreach ($this->buffer as $channel => $lines) {
	if (empty($lines)) {
	unset($this->buffer[$channel]);
	continue;
	}
	foreach ($lines as $key => $line) {
	$this->write('PRIVMSG', "{$channel} :{$line}");
	unset($this->buffer[$channel][$key]);
	break 2;
	}
	}

	$sleep = $this->getConfig('macro.sleep', 0.25);
	$this->next = microtime(true) + ((mt_rand(75, 150) / 100) * $sleep);
	}

	public function rasterize($macro, $size, $aspect) {
	- $image = @file_get_contents($macro['uri']);
	+ $image = HTTPSFuture::loadContent($macro['uri']);
	if (!$image) {
	return false;
	}

	$img = @imagecreatefromstring($image);
	if (!$img) {
	return false;
	}

	$sx = imagesx($img);
	$sy = imagesy($img);

	if ($sx > $size \|\| $sy > $size) {
	$scale = max($sx, $sy) / $size;
	$dx = floor($sx / $scale);
	$dy = floor($sy / $scale);
	} else {
	$dx = $sx;
	$dy = $sy;
	}

	$dy = floor($dy * $aspect);

	$dst = imagecreatetruecolor($dx, $dy);
	if (!$dst) {
	return false;
	}
	imagealphablending($dst, false);

	$ok = imagecopyresampled(
	$dst, $img,
	0, 0,
	0, 0,
	$dx, $dy,
	$sx, $sy);

	if (!$ok) {
	return false;
	}

	$map = array(
	' ',
	'.',
	',',
	':',
	';',
	'!',
	'\|',
	'*',
	'=',
	'@',
	'$',
	'#',
	);

	$lines = array();

	for ($ii = 0; $ii < $dy; $ii++) {
	$buf = '';
	for ($jj = 0; $jj < $dx; $jj++) {
	$c = imagecolorat($dst, $jj, $ii);

	$a = ($c >> 24) & 0xFF;
	$r = ($c >> 16) & 0xFF;
	$g = ($c >> 8) & 0xFF;
	$b = ($c) & 0xFF;

	$luma = (255 - ((0.30 * $r) + (0.59 * $g) + (0.11 * $b))) / 256;
	$luma *= ((127 - $a) / 127);

	$char = $map[max(0, floor($luma * count($map)))];
	$buf .= $char;
	}

	$lines[] = $buf;
	}

	return $lines;
	}

	}

File Metadata

Mime Type: text/x-diff
Expires: Mon, Mar 16, 10:07 AM (6 h, 56 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 961722
Default Alt Text: (90 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions