369 Commits

Author	SHA1	Message	Date
Ben Bodenmiller	0f785bbc7e	ink to configured gravatar host on profile page	2015-08-05 00:48:16 -07:00
Dmitriy Zaporozhets	c1c89500f3	Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ce	2015-08-03 11:04:20 +02:00
Kamil Trzcinski	87df06171e	Bump redis-store to 1.1.6 and remove redid-store-fix-expiry	2015-07-31 15:53:58 +02:00
Jacob Vosmaer	0be6debb0b	Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhq into backup-archive-permissions	2015-07-27 11:22:35 +02:00
Marin Jankovski	8fa9da49c4	Merge branch 'set-omniauth-full-host' into 'master' ... Set OmniAuth full_host parameter to ensure redirect URIs are correct ### What does this MR do? This MR sets the OmniAuth `full_host` parameter to the configured GitLab URL to ensure the `redirect_uri` parameter is called with the right GitLab host. ### Why was this MR needed? [OmniAuth attempts to grab the request URI](http://awesomeprogrammer.com/blog/2012/12/09/dealing-with-omniauth-redirect-uri-mismatch-invalid-port-number-gotcha/) and use that. If you set up a reverse proxy that terminates SSL at the Web server layer (e.g. https://gitlab.domain.com), omniauth will use the internal URL (e.g. http://my-host:8080) in its redirect URI unless all the Web server headers are properly set (e.g. `X-Forwarded-Port`, etc.). This is easy to forget or mess up, and it's better to ensure that OmniAuth has the right value from the start. ### What are the relevant issue numbers? Closes #1967 See merge request !991	2015-07-20 08:45:58 +00:00
Stan Hu	19163f84fb	Fix OAuth provider bug where GitLab would not go return to the redirect_uri after sign-in ... Closes #1612	2015-07-18 15:57:11 -07:00
Stan Hu	5f4dcbf8be	Set OmniAuth full_host parameter to ensure redirect URIs are correct ... Closes #1967	2015-07-17 16:24:19 -07:00
Jacob Vosmaer	bb50b7fcd0	Allow custom backup archive permissions ... This change helps system administrators who want to replicate GitLab backup files without needing root permissions.	2015-07-06 18:43:17 +02:00
Dmitriy Zaporozhets	c83bbfa79e	Enable rack profiler by default ... Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2015-06-24 12:48:59 +02:00
Marin Jankovski	c6c3577bc6	Use explicit if.	2015-06-16 13:44:52 +02:00
Marin Jankovski	4c317531b4	If kerberos is enabled require it.	2015-06-15 18:04:30 +02:00
Robert Speicher	844d72716e	Add Gitlab::Themes module; remove Gitlab::Theme ... Now we can simply loop through all themes, among other things. This also removes the `dark_theme` / `light_theme` classes and the `theme_type` helper, since they weren't used anywhere.	2015-06-13 17:58:16 -04:00
Robert Speicher	567a25b630	Ensure `session_expire_delay` field exists before accessing it ... Closes #1798	2015-06-13 00:31:08 -04:00
Douwe Maan	9ea8dcb5e2	Merge branch 'feature-session-expire-seconds-ui' into 'master' ... Add session expiration delay configuration through UI application Setting is accessible by the administrator through the UI and defaults to 1 week (the current setting) Answers the following suggestions: * http://feedback.gitlab.com/forums/176466-general/suggestions/6210719-make-session-length-configurable * http://feedback.gitlab.com/forums/176466-general/suggestions/6730512-automatic-logout-after-a-time-being-idle See merge request !774	2015-06-12 13:50:40 +00:00
Marin Jankovski	df346e9507	Add a note that changing example configuration files requires changing omnibus-gitlab.	2015-06-11 15:11:37 +02:00
themaze75	1d080f5745	session_expire_seconds => session_expire_delay ... delay is in seconds more legible code in session_store Added `GitLab restart required` help block to session_expire_delay	2015-06-10 22:10:00 -04:00
Jeroen Nijhof	bf7315cb13	update fog to 1.25.0 and add multipart upload support	2015-06-09 17:56:37 +02:00
Eric Maziade	84a414fe53	Add session expiration delay configuration through UI application ... settings	2015-06-05 11:50:37 -04:00
Alex Lossent	dfcea8ed51	Add option to automatically link omniauth and LDAP identities ... Until now, a user needed to first sign in with his LDAP identity and then manually link his/her account with an omniauth identity from their profile. Only when this is done can the user authenticate with the omniauth provider and at the same time benefit from the LDAP integration (HTTPS authentication with LDAP username/password and in EE: LDAP groups, SSH keys etc.). This feature automates the process by looking up a corresponding LDAP person when a user connects with omniauth for the first time and then automatically linking the LDAP and omniauth identities (of course, like the existing allow_single_sign_on setting, this is meant to be used with trusted omniauth providers). The result is identical to a manual account link. Add config initializers for other omniauth settings.	2015-06-03 11:46:20 +02:00
Alex Lossent	5491f6fbde	Add an option to automatically sign-in with an Omniauth provider without showing the GitLab sign-in page ... This is useful when integrating with existing SSO environments and we want to use a single Omniauth provider for all user authentication.	2015-05-29 18:15:03 +02:00
Robert Speicher	bd12ca5eb3	Disable Rack::MiniProfiler for /teaspoon path	2015-05-28 18:22:33 -04:00
Robert Speicher	05aa71ccd9	Remove jasmine-rails; add teaspoon	2015-05-28 18:22:32 -04:00
Jakub Jirutka	ed3298fc01	Allow to configure gitlab_shell_secret location	2015-05-16 21:46:06 +02:00
Douwe Maan	61ceb45088	Fix.	2015-05-15 15:32:49 +02:00
Douwe Maan	ba07c9f7f5	Improve fix.	2015-05-15 14:56:04 +02:00
Douwe Maan	b77e1ae6f7	Don't require DB conncetion in AttrEncrypted.	2015-05-15 14:34:22 +02:00
Dmitriy Zaporozhets	c2ee828c19	Merge branch 'omniauth-csrf' into 'master' ... Protect OmniAuth request phase against CSRF. Addresses #2268. See merge request !1793	2015-05-14 14:22:26 +00:00
Dmitriy Zaporozhets	802fcd051f	Add support for backup codes	2015-05-09 17:31:37 -04:00
Dmitriy Zaporozhets	50a2a229e7	Fix rubocop complain	2015-05-09 17:31:10 -04:00
Dmitriy Zaporozhets	7302395142	Init 2 factor authentication for user model	2015-05-09 17:31:07 -04:00
Dmitriy Zaporozhets	6c32abc5f7	Merge branch 'rs-task_list' into 'master' ... Use task_list gem for task lists Task Lists can now be used in comments, and they'll render in previews. 👏 Closes internal https://dev.gitlab.org/gitlab/gitlabhq/issues/2271 See merge request !599	2015-05-08 09:39:48 +00:00
Robert Speicher	b519e2312f	Disable Rack::MiniProfiler for Jasmine's specs route	2015-05-06 15:13:17 -04:00
Dmitriy Zaporozhets	317ed1fa90	Revert "Allow to configure smtp and sendmail in gitlab.yml"	2015-05-06 17:39:18 +03:00
Jakub Jirutka	b4be7aed77	Allow to configure smtp and sendmail in gitlab.yml	2015-05-06 13:15:33 +02:00
Dmitriy Zaporozhets	0df317f729	Merge branch 'restrict-signups-to-domains' into 'master' ... Add application setting to restrict user signups to e-mail domains This feature was requested long ago: http://feedback.gitlab.com/forums/176466-general/suggestions/4118466-ability-to-register-only-from-ceratain-domains This MR is based off !253 but changed to use application settings and use wildcard strings to give more flexibility in pattern matching. Regexps seemed overkill and prone to mistakes. Also note that validation is ONLY done on creation to prevent breaking existing users who do not have a whitelisted domain. However, this allows a user to sign-up and change his/her email to a non-whitelisted domain. Screenshots:   See merge request !598	2015-05-03 10:02:45 +00:00
Stan Hu	eb4f1eb5f5	Add application setting to restrict user signups to e-mail domains ... This feature was requested long ago: http://feedback.gitlab.com/forums/176466-general/suggestions/4118466-ability-to-register-only-from-ceratain-domains This MR is based off !253 but changed to use application settings and use wildcard strings to give more flexibility in pattern matching. Regexps seemed overkill and easy to get wrong. Only restrict e-mail addresses upon creation	2015-05-02 09:36:52 -07:00
Stan Hu	4dda17a5bf	Make Reply-To config apply to change e-mail confirmation and other notifications ... sent through Devise Fix test case that was passing due to a broken `around` statement. Closes #1556	2015-05-01 22:57:10 -07:00
Robert Speicher	2c90579749	Set default_url_options in test environments too	2015-04-25 19:46:05 -04:00
Douwe Maan	571ba5a7fe	Protect OmniAuth request phase against CSRF.	2015-04-24 17:03:18 +02:00
Robert Speicher	b71e5a17e9	Add default_url_options initializer ... Fixes #2266	2015-04-23 12:58:11 -04:00
Robert Speicher	6c3591279f	Fix two places where we should be using `Rails.env.development?`	2015-04-20 18:28:19 -04:00
Marin Jankovski	225b43de22	Merge branch 'master' of github.com:gitlabhq/gitlabhq	2015-04-20 09:43:28 +02:00
Roshan Gautam	984f8077b3	Fix Resource Owner Password Authentication Flow	2015-04-17 11:47:02 -05:00
Robert Speicher	1e27b68b36	Add Markdown to Mime types	2015-04-15 12:25:24 -04:00
Robert Speicher	ef47ea3d39	Revert "Fix and improve help rendering" ... This reverts commit d365004e68.	2015-04-15 12:24:44 -04:00
Douwe Maan	238e4f0295	Add config var to block auto-created LDAP users.	2015-04-14 17:09:05 +02:00
Dmitriy Zaporozhets	4ab717ea6a	Merge branch 'ldap_migration' ... Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> Conflicts: db/schema.rb	2015-04-13 17:18:02 +03:00
Jacob Vosmaer	f39b150a02	Call your existing LDAP server 'main' ... By imposing this rule we avoid having to demand that 'ldapmain' exists in the settings initializer.	2015-04-13 15:45:19 +02:00
Dmitriy Zaporozhets	7f04a4174e	Merge branch 'shell-version-warning' into 'master' ... Warn when gitlab-shell version doesn't match requirement. Addresses private issue https://dev.gitlab.org/gitlab/gitlabhq/issues/1791. See merge request !495	2015-04-13 13:05:47 +00:00
Jacob Vosmaer	ec7a68a1a5	Simplify legacy LDAP config interpretation	2015-04-13 11:50:44 +02:00