root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
88,090 Commits 9,131 Branches 1,640 Tags 2 GiB
Commit Graph

97 Commits

Author SHA1 Message Date
Imre Farkas 157b385411
Log admin status of user when OAuth::User is saved 2019-01-23 14:26:15 +01:00
Semyon Pupkov c379973bce chore(rubocop): fix Style/TrivialAccessors issues 2019-01-16 13:53:04 +05:00
Imre Farkas bd3a484032
Add config to disable impersonation 
Adds gitlab.impersonation_enabled config option defaulting to true to
keep the current default behaviour.

Only the act of impersonation is modified, impersonation token
management is not affected.
 2018-11-29 09:37:16 +01:00
Cindy Pallares fe5f75930e
Merge branch 'security-fix-pat-web-access' into 'master' 
[master] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request"

See merge request gitlab/gitlabhq!2583
 2018-11-28 19:13:59 -05:00
Douwe Maan 6f0ff56ef8 Merge branch 'fix/allow-saml2-for-2fa-bypass' into 'master' 
saml/auth_hash: Allow 2FA bypass for SAML 2.0 responses

See merge request gitlab-org/gitlab-ce!22568
 2018-11-20 11:07:59 +00:00
George Tsiolis 733ae94921 Fix typos in comments and specs 2018-11-01 08:59:20 +02:00
Imre Farkas b9652d8e4d [master] Persist only SHA digest of PersonalAccessToken#token 2018-10-29 16:06:45 +00:00
115100 2a8a4897ff
saml/auth_hash: Allow 2FA bypass for SAML 2.0 responses 
Closes gitlab-org/gitlab-ce/#53102.
 2018-10-25 12:08:07 +01:00
gfyoung e166e5747c Enable some frozen string in lib/gitlab 
Enable frozen string for the following files:

* lib/gitlab/auth/**/*.rb
* lib/gitlab/badge/**/*.rb
* lib/gitlab/bare_repository_import/**/*.rb
* lib/gitlab/bitbucket_import/**/*.rb
* lib/gitlab/bitbucket_server_import/**/*.rb
* lib/gitlab/cache/**/*.rb
* lib/gitlab/checks/**/*.rb

Partially addresses #47424.
 2018-10-13 02:31:31 -07:00
Marcel Amirault eb640eded7 Correct Gitlab Capitalization in code files 2018-09-21 12:05:37 +00:00
Yorick Peterse 2039c8280d
Disable existing offenses for the CodeReuse cops 
This whitelists all existing offenses for the various CodeReuse cops, of
which most are triggered by the CodeReuse/ActiveRecord cop.
 2018-09-11 17:32:00 +02:00
Douglas Barbosa Alexandre 5894dfabc5
Backport LDAP changes to CE 2018-08-23 15:46:45 +02:00
Stan Hu 7486d424b9 Fix broken Git over HTTP clones with LDAP users 
Due to a regression in !20608, the LDAP authenticator was not being used
unless OmniAuth was enabled. This change allows the LDAP provider to be used
if it is configured regardless of the OmniAuth setting.

Closes #50579
 2018-08-22 13:07:14 -07:00
Grzegorz Bizon 98e9f52cf4 Improve blocked user tracking code readability 2018-08-03 12:58:00 +02:00
Grzegorz Bizon 5bbd3a93e9 Remove an empty line from blocker user tracker class 2018-08-02 15:41:14 +02:00
Grzegorz Bizon c2a5bbc295 Remove an empty line from the end of blocked_user_tracker.rb 2018-08-02 07:04:12 +00:00
Grzegorz Bizon 9c6aa0a0a6 Improve authentication events-related code readability 2018-08-01 17:08:59 +02:00
Grzegorz Bizon 2b05562c5b Simplify blocked user tracking during authentication 2018-08-01 15:56:44 +02:00
Grzegorz Bizon 4bcf72e734 Improve blocked user tracking and fire some events only once 2018-08-01 14:23:06 +02:00
Sean McGivern e6dd3c5276 Merge branch 'feature/gb/login-activity-metrics' into 'master' 
Add user authentication activity metrics

Closes #47789

See merge request gitlab-org/gitlab-ce!20668
 2018-07-31 10:44:22 +00:00
Grzegorz Bizon de8f8cdf06 Improve authentication activity code readability 2018-07-31 09:24:19 +02:00
Grzegorz Bizon 5f66d1de09 Improve specs for blocked user tracker class 2018-07-27 13:54:31 +02:00
Grzegorz Bizon 00e4d918a3 Add authentication metrics for sessionless sign in 2018-07-27 12:56:34 +02:00
Grzegorz Bizon c44541a506 Improve readability and move custom matchers to better place 2018-07-27 12:29:49 +02:00
Grzegorz Bizon ede8c0ced4 Catch custom warden events too to increment metrics 2018-07-27 12:19:34 +02:00
Grzegorz Bizon 656985bf75 Make authentication metrics events explicit is specs 2018-07-26 18:36:04 +02:00
Grzegorz Bizon 0da5c588b1 Fix activity metric name that need to be symbols 2018-07-24 08:20:48 +00:00
Grzegorz Bizon 01cac53d71 Make it easier to stub authentication metrics 2018-07-23 17:20:24 +02:00
Grzegorz Bizon 68547bc0e0 Track blocked users and two factor authentications 2018-07-23 15:13:11 +02:00
Grzegorz Bizon 1a39d24d20 Refactor blocked user tracker class 2018-07-20 16:00:28 +02:00
Grzegorz Bizon 33e11345e0 Add custom expectations for authentication activity metrics 2018-07-20 15:06:11 +02:00
Lin Jen-Shin d0afab482f Disable SAML if OmniAuth is disabled 
We also try to unify the way we setup OmniAuth, and how we check
if it's enabled or not.
 2018-07-20 18:54:46 +08:00
Grzegorz Bizon ac4b954c5f Rename authentication activity observer methods 2018-07-19 10:34:58 +02:00
Grzegorz Bizon 416076610e Implement scaffold of authentication activity metrics 2018-07-17 14:50:04 +02:00
Lin Jen-Shin 4ee08b77bc Updates from `rubocop -a` 2018-07-09 21:13:08 +08:00
Roger Rüttimann 2efe27ba18 Honor saml assurance level to allow 2FA bypassing 2018-06-25 15:32:03 +00:00
Imre Farkas 20dfe25c15 Export assigned issues in iCalendar feed 2018-05-31 14:01:04 +00:00
Bob Van Landuyt 7a139c1602 Add username to terms message in git and API calls 
This will make it clearer to users which account is being used to make
the API/git call. So they know which account needs to be used to
accept the terms.

Closes #46649
 2018-05-24 18:19:48 +02:00
Rémy Coutable 6226d19c71
Minimize CE/EE difference in Gitlab::Auth::LDAP::Config 
Signed-off-by: Rémy Coutable <remy@rymai.me>
 2018-05-18 16:30:53 +02:00
Rémy Coutable 8b287679a1
Minimize CE/EE difference in Gitlab::Auth::LDAP::Access 
Signed-off-by: Rémy Coutable <remy@rymai.me>
 2018-05-18 16:30:53 +02:00
Rémy Coutable dfdbf198b3
Minimize CE/EE difference in Gitlab::Auth::UserAuthFinders 
Signed-off-by: Rémy Coutable <remy@rymai.me>
 2018-05-18 16:30:53 +02:00
Rémy Coutable 37cd2b9b4d
Minimize CE/EE difference in Gitlab::Auth::Saml::User 
Signed-off-by: Rémy Coutable <remy@rymai.me>
 2018-05-18 16:30:53 +02:00
Rémy Coutable 0a581fcfa2
Minimize CE/EE difference in Gitlab::Auth::Saml::Config 
Signed-off-by: Rémy Coutable <remy@rymai.me>
 2018-05-18 16:30:53 +02:00
Stan Hu 1be2ec2d04 Fix system hook not firing for blocked users when LDAP sign-in is used 
An LDAP sign-in request results in a different request parameter than
a standard GitLab sign-in. Since Warden doesn't pass us the user that
was blocked, we first search for a `username` in the request parameters
and then look for `user.login`.

Closes #46307
 2018-05-12 22:33:29 -07:00
Bob Van Landuyt f7f13f9db0 Block access to API & git when terms are enforced 
When terms are enforced, but the user has not accepted the terms
access to the API & git is rejected with a message directing the user
to the web app to accept the terms.
 2018-05-10 17:02:27 +02:00
James Edwards-Jones 7425f2b322 Backport IdentityLinker#failed? from GroupSaml callback flow 2018-05-04 15:00:59 +01:00
James Edwards-Jones dd09a19ad6 Auth::User classes refactor adds should_save? 2018-04-23 16:24:56 +01:00
James Edwards-Jones 795cd7f952 Replace define_method with alias_method in Omniauth Controllers 2018-04-23 16:24:47 +01:00
James Edwards-Jones d3a8a07423 Unify Saml::IdentityLinker and OAuth::IdentityLinker 2018-04-23 13:53:32 +01:00
James Edwards-Jones f8d54913bb Show error on failed OAuth account link 2018-04-22 23:50:56 +01:00