d87800c3cf
Add latest changes from gitlab-org/gitlab@master
2023-06-16 12:07:11 +00:00
27715675e8
Add latest changes from gitlab-org/gitlab@master
2023-06-14 03:07:14 +00:00
02b949f3b6
Add latest changes from gitlab-org/gitlab@master
2023-06-07 06:08:42 +00:00
aad78b5789
Add latest changes from gitlab-org/gitlab@master
2023-05-30 15:09:38 +00:00
3612694ce3
Add latest changes from gitlab-org/gitlab@master
2023-03-14 06:13:49 +00:00
7b7bc31c5b
Add latest changes from gitlab-org/gitlab@master
2023-03-13 18:08:56 +00:00
ad2d90fb24
Add latest changes from gitlab-org/gitlab@master
2023-03-10 15:11:00 +00:00
fd8183c340
Add latest changes from gitlab-org/gitlab@master
2022-12-09 15:08:59 +00:00
76bbc06371
Add latest changes from gitlab-org/gitlab@master
2022-10-24 21:09:11 +00:00
6170bdc060
Add latest changes from gitlab-org/gitlab@master
2022-08-31 09:13:12 +00:00
dbfedde341
Add latest changes from gitlab-org/gitlab@master
2022-06-16 18:09:35 +00:00
6dd9e3644e
Add latest changes from gitlab-org/gitlab@master
2021-12-07 12:10:33 +00:00
3867f47265
Add latest changes from gitlab-org/gitlab@master
2021-08-20 21:10:36 +00:00
79f98200f8
Add latest changes from gitlab-org/gitlab@master
2021-06-07 15:09:56 +00:00
ea1dcaef18
Add latest changes from gitlab-org/gitlab@master
2021-03-31 12:08:55 +00:00
7b2635a55d
Add latest changes from gitlab-org/gitlab@master
2020-12-01 12:09:17 +00:00
0115b63f64
Add latest changes from gitlab-org/gitlab@master
2020-09-18 06:09:31 +00:00
c596046be9
Add latest changes from gitlab-org/gitlab@master
2020-09-10 18:08:54 +00:00
8e35232810
Add latest changes from gitlab-org/gitlab@master
2020-09-02 15:10:54 +00:00
0ca5c1a237
Add latest changes from gitlab-org/gitlab@master
2020-07-29 18:09:50 +00:00
8b0ef13236
Add latest changes from gitlab-org/gitlab@master
2020-06-03 18:08:28 +00:00
d7b136d547
Add latest changes from gitlab-org/gitlab@master
2020-05-28 21:08:22 +00:00
c4c1fc5fe7
Add latest changes from gitlab-org/gitlab@master
2020-05-15 15:08:04 +00:00
2fc7740f3c
Add latest changes from gitlab-org/gitlab@master
2020-05-13 03:08:26 +00:00
abae8f34f3
Add latest changes from gitlab-org/gitlab@master
2020-03-31 21:08:05 +00:00
22e9af3c8b
Add latest changes from gitlab-org/gitlab@master
2020-01-27 12:08:35 +00:00
73391dcc36
Add latest changes from gitlab-org/gitlab@master
2020-01-08 18:07:32 +00:00
b86f474bf5
Add latest changes from gitlab-org/gitlab@master
2019-12-11 12:08:10 +00:00
308146dc39
Add latest changes from gitlab-org/gitlab@master
2019-10-10 00:06:44 +00:00
3692e9f8a2
Validate that SAML requests are originated from gitlab
...
If the request wasn't initiated by gitlab we shouldn't add the new
identity to the user, and instead show that we weren't able to link
the identity to the user.
This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/56509
2019-09-30 14:22:06 +02:00
48bb855ece
Add checking for email_verified key
...
Fix rubocop offences and add changelog
Add email_verified key for feature specs
Add code review remarks
Add code review remarks
Fix specs
2019-09-30 14:22:05 +02:00
a16d7e414d
Revert Rails.application.env_config after using mock_auth_hash
...
Signed-off-by: Rémy Coutable <remy@rymai.me>
2019-04-23 21:11:08 +02:00
93a44e135b
Add some frozen string to spec/**/*.rb
...
Adds frozen string to the following:
* spec/bin/**/*.rb
* spec/config/**/*.rb
* spec/controllers/**/*.rb
xref https://gitlab.com/gitlab-org/gitlab-ce/issues/59758
2019-04-15 10:17:05 +00:00
4ec16912b8
Autocorrect with RSpec/ExampleWording cop
...
- rewords examples starting with 'should'
- rewords examples starting with 'it'
Note: I had to manually fixup "onlies" to "only"
2019-04-05 08:43:27 +00:00
8ee1927db9
Move out link\unlink ability checks to a policy
...
We can extend the policy in EE for additional behavior
2019-03-19 15:38:16 +03:00
040e6e72bf
Merge branch 'ce-security-jej/group-saml-link-origin-verification' into 'master'
...
Ensure request to link GroupSAML acount was GitLab initiated
See merge request gitlab/gitlabhq!2976
2019-03-04 18:36:26 +00:00
6548e01f18
Avoid CSRF check on SAML failure endpoint
...
SAML and OAuth failures should cause a message to be presented, as well
as logging that an attempt was made. These were incorrectly prevented by
the CSRF check on POST endpoints such as SAML.
In addition we were using a NullSession forgery protection, which made
testing more difficult and could have allowed account linking to take
place if a CSRF was ever needed but not present.
2019-02-04 10:10:51 +00:00
104c8b890d
Backport EE GroupSAML origin verification changes
2019-01-23 19:42:16 +00:00
4361c92b6a
Update gitlab-styles to 2.5.1
2019-01-11 23:59:35 +01:00
6540a9468a
Preserve URL fragment across sign-in and sign-up redirects
...
If window.location contains a URL fragment, append the fragment to all sign-in forms, the sign-up form, and all button based providers.
2019-01-10 00:00:38 -06:00
9606dbbb03
Whitelist existing destroy_all offenses
...
This whitelists all existing places where we use "destroy_all".
2018-08-16 17:29:37 +02:00
2efe27ba18
Honor saml assurance level to allow 2FA bypassing
2018-06-25 15:32:03 +00:00
161a05b963
Writes specs
2018-03-22 16:05:15 +00:00
140cb0c092
Merge branch 'fix/auth0-unsafe-login-10-6' into 'security-10-6'
...
[10.6] Fix GitLab Auth0 integration signs in the wrong user
See merge request gitlab/gitlabhq!2354
2018-03-21 14:43:47 +00:00
4493ec0880
Merge branch 'jej/fix-disabled-oauth-access-10-3' into 'security-10-3'
...
[10.3] Prevent login with disabled OAuth providers
See merge request gitlab/gitlabhq!2296
(cherry picked from commit 4936650427ffc88e6ee927aedbb2c724d24b094c)
a0f9d222 Prevents login with disabled OAuth providers
2018-01-16 17:05:01 -08:00
GitLab Bot
Sebastian Arcila Valenzuela
Małgorzata Ksionek
Rémy Coutable
gfyoung
Thong Kuah
Pavel Shutsin
Yorick Peterse
James Edwards-Jones
Jasper Maes
Scott Escue
Roger Rüttimann
Tiago Botelho
James Lopez
Robert Speicher