fe25c98fa8
Add latest changes from gitlab-org/gitlab@master
2020-07-01 21:08:51 +00:00
8e812185dd
Add latest changes from gitlab-org/gitlab@master
2020-06-26 12:08:51 +00:00
e829ca213b
Add latest changes from gitlab-org/gitlab@master
2020-06-22 15:09:27 +00:00
6046a605fd
Add latest changes from gitlab-org/gitlab@master
2020-06-22 12:08:47 +00:00
ed16c9434e
Add latest changes from gitlab-org/gitlab@master
2020-06-18 18:08:58 +00:00
4774fa00b7
Add latest changes from gitlab-org/gitlab@master
2020-06-15 15:08:20 +00:00
0cc7fe66f5
Add latest changes from gitlab-org/gitlab@master
2020-06-11 18:08:28 +00:00
4cdbecb465
Add latest changes from gitlab-org/gitlab@master
2020-06-11 00:08:35 +00:00
340fd2966e
Add latest changes from gitlab-org/gitlab@master
2020-06-04 00:08:17 +00:00
a83a97f604
Add latest changes from gitlab-org/gitlab@master
2020-05-28 12:08:10 +00:00
4d5ee2b814
Add latest changes from gitlab-org/gitlab@master
2020-05-27 15:08:11 +00:00
d84f18d66c
Add latest changes from gitlab-org/gitlab@master
2020-05-19 18:08:11 +00:00
c4c1fc5fe7
Add latest changes from gitlab-org/gitlab@master
2020-05-15 15:08:04 +00:00
2fc7740f3c
Add latest changes from gitlab-org/gitlab@master
2020-05-13 03:08:26 +00:00
e33f87ac0f
Add latest changes from gitlab-org/gitlab@master
2020-04-21 15:21:10 +00:00
abae8f34f3
Add latest changes from gitlab-org/gitlab@master
2020-03-31 21:08:05 +00:00
580622bdb3
Add latest changes from gitlab-org/gitlab@master
2020-03-31 18:07:42 +00:00
2c72daf2f1
Add latest changes from gitlab-org/gitlab@master
2020-03-30 18:08:07 +00:00
dc003cd08b
Add latest changes from gitlab-org/gitlab@master
2020-03-26 18:08:03 +00:00
2fd92f2dc7
Add latest changes from gitlab-org/gitlab@master
2020-03-04 21:07:54 +00:00
1c8fa70f9d
Add latest changes from gitlab-org/gitlab@master
2020-02-28 18:09:07 +00:00
6b9d3a4e83
Add latest changes from gitlab-org/gitlab@master
2020-01-29 18:08:47 +00:00
2399724614
Add latest changes from gitlab-org/gitlab@master
2020-01-21 03:08:37 +00:00
2ee5991b42
Add latest changes from gitlab-org/gitlab@master
2020-01-20 09:08:32 +00:00
d95abc0bc9
Add latest changes from gitlab-org/gitlab@master
2020-01-07 00:07:50 +00:00
cfc792b9ca
Add latest changes from gitlab-org/gitlab@master
2019-12-10 07:53:40 +00:00
ab7cf450ba
Add latest changes from gitlab-org/gitlab@master
2019-12-03 18:06:49 +00:00
759bab0585
Add latest changes from gitlab-org/gitlab@master
2019-11-08 15:06:21 +00:00
d8ccc7a00b
Add latest changes from gitlab-org/gitlab@master
2019-11-07 18:06:21 +00:00
a7329f4372
Merge branch 'security-remove-leaky-401-responses-master' into 'master'
...
Private/internal repository enumeration via bruteforce on a vulnerable URL
See merge request gitlab/gitlabhq!3454
2019-10-29 15:58:14 +00:00
25989ab7ef
Add latest changes from gitlab-org/gitlab@master
2019-10-18 11:11:44 +00:00
8395032721
Avoid #authenticate_user! in #route_not_found
...
This method, #route_not_found, is executed as the final fallback for
unrecognized routes (as the name might imply.) We want to avoid
`#authenticate_user!` when calling `#route_not_found`;
`#authenticate_user!` can, depending on the request format, return a 401
instead of redirecting to a login page. This opens a subtle security
exploit where anonymous users will receive a 401 response when
attempting to access a private repo, while a recognized user will
receive a 404, exposing the existence of the private, hidden repo.
2019-10-09 10:47:45 -07:00
427b23c127
Add latest changes from gitlab-org/gitlab@master
2019-10-03 00:05:59 +00:00
ec60358d52
Add latest changes from gitlab-org/gitlab@master
2019-10-01 03:05:57 +00:00
274ea604fc
Add latest changes from gitlab-org/gitlab@master
2019-09-16 21:06:30 +00:00
f1926b321d
Add controller concern for paginated collections
...
We had similar code in a few places to redirect to the last page if
the given page number is out of range. This unifies the handling in a
new controller concern and adds usage of it in all snippet listings.
2019-09-10 15:24:29 +02:00
fc6f8a6a44
Rename shared examples according to our guidelines
...
Signed-off-by: Rémy Coutable <remy@rymai.me>
2019-09-02 10:58:00 +02:00
34c2b6adf9
Merge branch 'security-personal-snippets' into 'master'
...
Add direct upload support for personal snippets
See merge request gitlab/gitlabhq!3226
2019-08-29 21:34:22 +00:00
41d52bbfe9
Add direct upload support for personal snippets
2019-08-23 11:19:14 +02:00
8bcc47ac02
Add SortingPreference concern
...
Sorting preference functionality has been extracted
from `IssuableCollections` to a new `SortingPreference`
concern in order to reuse this functionality in projects
(and groups in the future).
2019-08-21 10:13:45 +00:00
6a6411938a
Change `be_success` to `be_successful` in specs
...
Fixes deprecation warning:
```
DEPRECATION WARNING: The success? predicate is deprecated and
will be removed in Rails 6.0.
Please use successful? as provided by Rack::Response::Helpers.
```
2019-08-19 14:40:56 +02:00
b689ddd9b6
Do not persist notes filter when auto-switching
...
Send a `persist_filter: false` param to backend when
opening links to notes and auto-switching to show
all notes
2019-08-07 15:45:23 +00:00
fe22704a20
Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhq
2019-07-29 13:19:50 -05:00
461101c3b5
Merge branch 'security-60551-fix-upload-scope' into 'master'
...
Queries for Upload should be scoped by model
See merge request gitlab/gitlabhq!3229
2019-07-26 13:40:54 +00:00
f0391c2517
Add frozen_string_literal to spec/support
...
Using the sed script from
https://gitlab.com/gitlab-org/gitlab-ce/issues/59758
2019-07-25 17:33:34 +12:00
7b87ed1499
Cleanup usages of `JSON.parse` in specs
...
Prefer `json_response` where applicable.
2019-07-16 08:03:49 +00:00
dfe906209e
Queries for Upload should be scoped by model
2019-07-11 15:52:55 +02:00
dcf811ba14
CE backport for changes in EE MR 14017
...
This backports to CE changes to allow the EE model
DesignManagement::Repository to override the #attributes_at method to
provide its own git attributes.
The #attributes_at method was freely available, as it's never called by
anything in the app. It looks like the code that called it got
refactored out of existence in ca66a04f85b29c1c2f/spec/services/files/create_service_spec.rb (L40)https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/14017
And these comment threads
https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/13894#note_178002089
https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/13894#note_178049984
2019-06-19 17:51:57 +00:00
c7dcbc03bb
CE backport for changes in EE MR 13389
...
This backports to ce a refactor of the shared example 'a controller that
can serve LFS files'.
The ee MR that contains the original refactor is
https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/13389
The reason for the refactor was mostly the removal of the outer context
as it didn't need to be there, and prevented let(:lfs_oid) from being
overwritten.
The shared example was also renamed to be more descriptive.
2019-06-06 14:22:41 +12:00
85609c117e
Implement support for CI variables of type file
...
Add env_var and file as supported types for CI variables. Variables of
type file expose to users existing gitlab-runner behaviour - save
variable value into a temp file and set the path to this file in an ENV
var named after the variable key.
Resolves https://gitlab.com/gitlab-org/gitlab-ce/issues/46806 .
2019-05-06 13:11:42 +00:00
9bc5ed14fe
Move Contribution Analytics related spec in spec/features/groups/group_page_with_external_authorization_service_spec to EE
2019-04-09 15:38:58 +00:00
46b1b9c1d6
Revert "Merge branch 'if-57131-external_auth_to_ce' into 'master'"
...
This reverts merge request !26823
2019-04-05 13:02:56 +00:00
d9d7237d2e
Move Contribution Analytics related spec in spec/features/groups/group_page_with_external_authorization_service_spec to EE
2019-04-05 11:45:47 +00:00
4ec16912b8
Autocorrect with RSpec/ExampleWording cop
...
- rewords examples starting with 'should'
- rewords examples starting with 'it'
Note: I had to manually fixup "onlies" to "only"
2019-04-05 08:43:27 +00:00
41b51c0656
Encode Content-Disposition filenames
...
Users downloading non-ASCII attachments would see garbled characters.
When used with object storage, AWS S3 would return an InvalidArgument
error: Header value cannot be represented using ISO-8859-1.
Per RFC 5987 and RFC 6266, Content-Disposition should be encoded
properly. This commit takes the Rails 6 implementation of
ActiveSuppport::Http::ContentDisposition
(https://github.com/rails/rails/pull/33829 ) and ports it here.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/47673
2019-02-04 23:12:44 -08:00
49c74068ae
Save sorting preference for Issues/MRs in BE
...
In order to let users' sorting preferences transfer between devices, we
save the preference for issues and MRs (one preference for issues, one
for MRs) in the backend inside the UserPreference object
2019-01-28 12:48:05 -06:00
d99d6494f9
[EE Backport] Add notes filters for epics
2019-01-14 17:20:11 -02:00
bf73520079
convert specs in javascripts/ and support/ to new syntax
2018-12-21 10:10:26 +01:00
b44a2c801a
Update specs to rails5 format
...
Updates specs to use new rails5 format.
The old format:
`get :show, { some: params }, { some: headers }`
The new format:
`get :show, params: { some: params }, headers: { some: headers }`
2018-12-19 10:04:31 +11:00
b80dca82f5
Do not save user preferences on read-only mode
2018-12-12 16:15:58 +00:00
b4d005eb7b
Add 'only history' option to notes filter
2018-11-05 12:30:14 +00:00
86ead874e2
Resolve "Filter discussion (tab) by comments or activity in issues and merge requests"
2018-10-23 09:49:45 +00:00
edb5759caf
Fixed project logo when it is LFS tracked
2018-08-30 12:34:41 +00:00
15179878d5
Revert "Revert "Merge branch 'ee-5481-epic-todos' into 'master'""
...
This reverts commit 8717c7dad9
2018-08-02 10:42:45 +02:00
8717c7dad9
Revert "Merge branch 'ee-5481-epic-todos' into 'master'"
...
This reverts commit 4d9a3f42f1ecf9c145f6
2018-07-11 18:33:24 +02:00
4d9a3f42f1
Merge branch 'ee-5481-epic-todos' into 'master'
...
Port of Todos for epics
See merge request gitlab-org/gitlab-ce!19908
2018-07-04 12:57:37 +00:00
7458ca8ebb
[backend] Addressed review comments
...
* Group filtering now includes also issues/MRs from
subgroups/subprojects
* fixed due_date
* Also DRYed todo controller specs
2018-07-03 09:34:44 +02:00
656d4ebf67
Add workhorse authorize method for project/group uploads
...
This method can be used by workhorse to get presigned
URLs used for direct upload of files.
2018-06-18 09:11:02 +02:00
6d165c740c
Make all uses of `fixture_file_upload` use relative paths
2018-06-07 09:54:41 -05:00
05103f080c
Make Variable key not secret
2018-03-22 12:08:16 +01:00
28a5f8c60a
Use secret_key and secret_value in Variables controller
2018-03-16 16:56:42 +01:00
028562a049
Fix 500 error when loading an invalid upload URL
2018-02-22 14:32:01 +00:00
79570ce24f
Fix validation of duplicate new variables
2018-02-05 18:58:21 +01:00
f7ed096455
Extract Variables controllers specs to shared_examples
2018-02-05 18:58:21 +01:00
2057a6acde
port of 594e6a0a625^..f74c90f68c6
2018-02-01 12:14:46 -05:00
f7c18ca314
Support uploads for groups
2017-12-07 12:27:52 +01:00
GitLab Bot
GitLab Release Tools Bot
Kerri Miller
Markus Koller
Rémy Coutable
Jan Provaznik
George Koltsov
Vitali Tatarintev
Heinrich Lee Yu
Robert Speicher
Thong Kuah
Peter Leitzen
Adam Hegyi
Luke Duncalfe
Luke Duncalfe
Krasimir Angelov
Imre Farkas
Andreas Brandl
Stan Hu
Mario de la Ossa
Felipe Artur
Jasper Maes
blackst0ne
Felipe Artur
Oswaldo Ferreira
Francisco Javier López
Jarka Kadlecová
Sean McGivern
Matija Čupić
Sean McGivern
Micaël Bergeron