root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
104,463 Commits 9,131 Branches 1,640 Tags 2 GiB
Commit Graph

108 Commits

Author SHA1 Message Date
GitLab Bot 43a25d93eb Add latest changes from gitlab-org/gitlab@16-0-stable-ee 2023-05-17 16:05:49 +00:00
GitLab Bot 71786ddc8e Add latest changes from gitlab-org/gitlab@15-9-stable-ee 2023-02-20 13:49:51 +00:00
GitLab Bot 05f0ebba3a Add latest changes from gitlab-org/gitlab@15-8-stable-ee 2023-01-18 19:00:14 +00:00
GitLab Bot 0c872e02b2 Add latest changes from gitlab-org/gitlab@15-7-stable-ee 2022-12-20 14:22:11 +00:00
GitLab Bot ee664acb35 Add latest changes from gitlab-org/gitlab@15-5-stable-ee 2022-10-20 09:40:42 +00:00
GitLab Bot b39512ed75 Add latest changes from gitlab-org/gitlab@15-3-stable-ee 2022-08-18 08:17:02 +00:00
GitLab Bot 0ea3fcec39 Add latest changes from gitlab-org/gitlab@15-1-stable-ee 2022-06-20 11:10:13 +00:00
GitLab Bot 36a59d088e Add latest changes from gitlab-org/gitlab@15-0-stable-ee 2022-05-19 07:33:21 +00:00
GitLab Bot aee0a117a8 Add latest changes from gitlab-org/gitlab@14-6-stable-ee 2021-12-20 13:37:47 +00:00
GitLab Bot a5f4bba440 Add latest changes from gitlab-org/gitlab@14-0-stable-ee 2021-06-16 18:25:58 +00:00
GitLab Bot 4555e1b21c Add latest changes from gitlab-org/gitlab@13-12-stable-ee 2021-05-19 15:44:42 +00:00
GitLab Bot 9dc93a4519 Add latest changes from gitlab-org/gitlab@13-11-stable-ee 2021-04-20 23:50:22 +00:00
GitLab Bot 48aff82709 Add latest changes from gitlab-org/gitlab@13-5-stable-ee 2020-10-21 07:08:36 +00:00
GitLab Bot 85dc423f70 Add latest changes from gitlab-org/gitlab@13-4-stable-ee 2020-09-19 01:45:44 +00:00
GitLab Bot a986819a7b Add latest changes from gitlab-org/security/gitlab@13-3-stable-ee 2020-09-01 16:52:41 +00:00
GitLab Bot 6e4e1050d9 Add latest changes from gitlab-org/gitlab@13-3-stable-ee 2020-08-20 18:42:06 +00:00
GitLab Bot a09983ae35 Add latest changes from gitlab-org/gitlab@13-2-stable-ee 2020-07-20 12:26:25 +00:00
GitLab Bot 9f46488805 Add latest changes from gitlab-org/gitlab@13-0-stable-ee 2020-05-20 14:34:42 +00:00
GitLab Bot 286fe61013 Add latest changes from gitlab-org/gitlab@master 2020-03-13 12:09:22 +00:00
GitLab Bot 73391dcc36 Add latest changes from gitlab-org/gitlab@master 2020-01-08 18:07:32 +00:00
GitLab Bot 898e2cc1df Add latest changes from gitlab-org/gitlab@master 2019-12-20 09:24:38 +00:00
GitLab Bot b86f474bf5 Add latest changes from gitlab-org/gitlab@master 2019-12-11 12:08:10 +00:00
GitLab Bot 190e204dec Add latest changes from gitlab-org/gitlab@master 2019-11-17 12:06:19 +00:00
GitLab Bot 308146dc39 Add latest changes from gitlab-org/gitlab@master 2019-10-10 00:06:44 +00:00
Sebastian Arcila Valenzuela 3692e9f8a2
Validate that SAML requests are originated from gitlab 
If the request wasn't initiated by gitlab we shouldn't add the new
identity to the user, and instead show that we weren't able to link
the identity to the user.

This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/56509
 2019-09-30 14:22:06 +02:00
Małgorzata Ksionek 48bb855ece
Add checking for email_verified key 
Fix rubocop offences and add changelog

Add email_verified key for feature specs

Add code review remarks

Add code review remarks

Fix specs
 2019-09-30 14:22:05 +02:00
GitLab Bot b7dfe2ae40 Add latest changes from gitlab-org/gitlab@master 2019-09-13 13:26:31 +00:00
Imre Farkas 929b403d21 Ensure Warden triggers after_authentication callback 
By not triggering the callback:
- ActiveSession lookup keys are not cleaned
- Devise also misses its hook related to session cleanup
 2019-07-26 07:05:50 +00:00
James Edwards-Jones 651cfd08ab CE changes for SSO web enforcement 
Adds two methods for us to extend in EE:
- OmniauthCallbacksController#link_identity
- GroupPolicy#lookup_access_level!
 2019-05-06 23:28:27 +07:00
Martin Wortschack 76e8960f4a Externalize strings in flash messages 
- Externalize strings in controllers
- Update PO file
 2019-04-08 14:17:45 +00:00
Pavel Shutsin 8ee1927db9 Move out link\unlink ability checks to a policy 
We can extend the policy in EE for additional behavior
 2019-03-19 15:38:16 +03:00
James Edwards-Jones 24f3f96004 Backport build_auth_user for GroupSAML callback 2019-02-06 17:28:35 +00:00
James Edwards-Jones 6548e01f18 Avoid CSRF check on SAML failure endpoint 
SAML and OAuth failures should cause a message to be presented, as well
as logging that an attempt was made. These were incorrectly prevented by
the CSRF check on POST endpoints such as SAML.

In addition we were using a NullSession forgery protection, which made
testing more difficult and could have allowed account linking to take
place if a CSRF was ever needed but not present.
 2019-02-04 10:10:51 +00:00
Scott Escue 4dcaa4df36
Addressing peer review feedback. 
Replacing inline JS with ES 2015 functions included in pages/sessions/new. Also applying suggested server-side syntax improvements to OmniAuthCallbacksController.
 2019-01-10 00:00:39 -06:00
Scott Escue 6540a9468a
Preserve URL fragment across sign-in and sign-up redirects 
If window.location contains a URL fragment, append the fragment to all sign-in forms, the sign-up form, and all button based providers.
 2019-01-10 00:00:38 -06:00
gfyoung 73322a0e55 Enable frozen string in app/controllers/**/*.rb 
Enables frozen string for the following:

* app/controllers/*.rb
* app/controllers/admin/**/*.rb
* app/controllers/boards/**/*.rb
* app/controllers/ci/**/*.rb
* app/controllers/concerns/**/*.rb

Partially addresses #47424.
 2018-09-18 21:22:45 -07:00
Roger Rüttimann 2efe27ba18 Honor saml assurance level to allow 2FA bypassing 2018-06-25 15:32:03 +00:00
blackst0ne 6fef87f17f [Rails5] Force the `protect_from_forgery` callback run first 
Since Rails 5.0 the `protect_from_forgery` callback doesn't run first by
default anymore. [1]

Instead it gets inserted into callbacks chain where callbacks get
called in order.

This commit forces the callback to run first.

[1]: 3979403781
 2018-06-21 21:44:31 +11:00
James Edwards-Jones b98a88cfe9 Backport helpers from GroupSAML failure messages 2018-05-21 16:43:12 +01:00
James Edwards-Jones 7425f2b322 Backport IdentityLinker#failed? from GroupSaml callback flow 2018-05-04 15:00:59 +01:00
James Edwards-Jones c741f95a3b Exclude LDAP from OmniauthCallbackController base methods 2018-04-30 17:32:23 +01:00
James Edwards-Jones 795cd7f952 Replace define_method with alias_method in Omniauth Controllers 2018-04-23 16:24:47 +01:00
James Edwards-Jones d3a8a07423 Unify Saml::IdentityLinker and OAuth::IdentityLinker 2018-04-23 13:53:32 +01:00
James Edwards-Jones f8d54913bb Show error on failed OAuth account link 2018-04-22 23:50:56 +01:00
James Edwards-Jones f10c999bca Refactor OmniauthCallbacksController to remove duplication 
Moves LDAP to its own controller with tests
Provides path forward for implementing GroupSaml
 2018-04-22 23:50:55 +01:00
Tiago Botelho 161a05b963 Writes specs 2018-03-22 16:05:15 +00:00
Tiago Botelho f742010257 Tracks the number of failed attempts made by a user trying to authenticate with any external authentication method 2018-03-22 15:39:54 +00:00
James Lopez 140cb0c092 Merge branch 'fix/auth0-unsafe-login-10-6' into 'security-10-6' 
[10.6] Fix GitLab Auth0 integration signs in the wrong user

See merge request gitlab/gitlabhq!2354
 2018-03-21 14:43:47 +00:00
Horatiu Eugen Vlad 1ad5df49b1 Moved o_auth/saml/ldap modules under gitlab/auth 2018-02-28 16:53:02 +01:00
Mario de la Ossa eaada9d706 use Gitlab::UserSettings directly as a singleton instead of including/extending it 2018-02-02 18:39:55 +00:00