root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
92,331 Commits 9,131 Branches 1,640 Tags 2 GiB
Commit Graph

90 Commits

Author SHA1 Message Date
Douglas Barbosa Alexandre 232b401429 Fix access to the wiki code via HTTP when repository feature disabled 2017-01-25 15:38:38 -02:00
Lin Jen-Shin 0f0738e788 Merge remote-tracking branch 'upstream/master' into feature/1376-allow-write-access-deploy-keys 
* upstream/master: (538 commits)
  Reject blank environment vcariables in Gitlab::Git::RevList
  Add online terminal documentation
  Add changelog entry
  Add terminal UI and controller actions
  Fix specs
  Even out padding on plus button in breadcrumb menu
  Update font size of detail page header to 14px
  Update CHANGELOG.md for 8.13.10
  Update CHANGELOG.md for 8.14.5
  Fix Route#rename_children behavior
  Remove inline-block styling from status
  Add terminals to the Kubernetes deployment service
  Add a ReactiveCaching concern for use in the KubernetesService
  Add xterm.js 2.1.0 and a wrapper class to the asset pipeline
  Remove unnecessary hidden svg elements for icons.
  Fix consistent typo in environment.js
  Use a block to insert extra check for authenticate_build!
  Align milestone column header with count number
  Add Wiki import to BB importer
  Make CI badge hitboxes better match container
  ...
 2016-12-20 20:54:40 +08:00
Timothy Andrew 36b3210b9e Validate access token scopes in `Gitlab::Auth` 
- This module is used for git-over-http, as well as JWT.

- The only valid scope here is `api`, currently.
 2016-12-16 16:29:31 +05:30
Lin Jen-Shin 6269f523f0 Fix tests and also add tests for non-existing repo 2016-12-10 03:46:50 +08:00
Douwe Maan b0bf92140f
Merge branch 'fix-unathorized-cloning' into 'security' 
Ensure external users are not able to clone disabled repositories.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/23788

See merge request !2017

Signed-off-by: Rémy Coutable <remy@rymai.me>
 2016-11-09 12:27:17 +01:00
Dmitriy Zaporozhets b0622d6578 Revert "Update git over http test to match new routing" 
This reverts commit 68ab7047da.
 2016-10-15 01:48:14 +03:00
Douwe Maan d1eab555b6 Merge branch '20708-new-branch-is-immediatelly-tagged-as-merged' into 'master' 
Removes inconsistency regarding tagging immediately as merged once you create a …

- [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [x] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [x] API support added
- Tests
  - [x] Added for this feature/bug
  - [x] All builds are passing
- [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

## What are the relevant issue numbers?


Closes #20708

See merge request !6408
 2016-10-12 10:17:35 +00:00
tiagonbotelho c90483406e refactors tests because of gitlab-test repository changes 2016-10-11 16:33:06 +01:00
Dmitriy Zaporozhets 68ab7047da Update git over http test to match new routing 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2016-10-10 16:32:32 +03:00
Horatiu Eugen Vlad dc15201c0b
Added git http requests tests for user with LDAP identity 
Signed-off-by: Rémy Coutable <remy@rymai.me>
 2016-09-28 08:43:21 +02:00
Kamil Trzcinski 0672c5a92e Post-merge improve of CI permissions 2016-09-20 15:41:41 +02:00
Kamil Trzcinski 2742f9fb98 Improve authentication_result usage 2016-09-16 16:07:21 +02:00
Kamil Trzcinski f7ae37c1d0 Simplify checking of allowed abilities in git_http_client_controller 2016-09-16 13:34:05 +02:00
Kamil Trzcinski ac6412d076 Added builds_spec and git_http_specs 2016-09-15 23:27:01 +02:00
Kamil Trzcinski 9d1ccd2ad3 Fix existing authorization specs 2016-09-15 13:49:11 +02:00
Jacob Vosmaer c87540ed46 Verify JWT messages from gitlab-workhorse 2016-09-05 15:05:31 +02:00
Felipe Artur 892dea6771 Project tools visibility level 2016-09-01 11:47:59 -03:00
Patricio Cano 2f86860a6d Refactor `find_for_git_client` method to not use assignment in conditionals and syntax fixes. 2016-08-17 17:21:18 -05:00
Patricio Cano 8bb1931ef2 Deny Git over HTTP access to users that have 2FA enabled, unless they use a Personal Access Token. 2016-08-16 11:19:00 -05:00
Robert Speicher 86c081f71f Merge branch 'git-http-push-check' into 'master' 
Stop 'git push' over HTTP early

Before this change we always let users push Git data over HTTP before
deciding whether to accept to push. This was different from pushing
over SSH where we terminate a 'git push' early if we already know the
user is not allowed to push.

This change let Git over HTTP follow the same behavior as Git over
SSH. We also distinguish between HTTP 404 and 403 responses when
denying Git requests, depending on whether the user is allowed to know
the project exists.


See merge request !5639
 2016-08-08 19:23:31 +00:00
Gabriel Mazetto c9aa19881c Enable Style/SpaceAroundEqualsInParameterDefault cop 2016-08-06 04:03:01 +02:00
Jacob Vosmaer b8f754dd0a Stop 'git push' over HTTP early 
Before this change we always let users push Git data over HTTP before
deciding whether to accept to push. This was different from pushing
over SSH where we terminate a 'git push' early if we already know the
user is not allowed to push.

This change let Git over HTTP follow the same behavior as Git over
SSH. We also distinguish between HTTP 404 and 403 responses when
denying Git requests, depending on whether the user is allowed to know
the project exists.
 2016-08-03 14:54:12 +02:00
Jacob Vosmaer 4bcad1cbdd Groundwork for Kerberos SPNEGO (EE feature) 2016-07-01 11:46:56 +02:00
Z.J. van de Weg abca19da8b Use HTTP matchers if possible 2016-06-27 20:10:42 +02:00
Sean McGivern d07426ac19 Fix spec description typo 2016-06-14 16:41:17 +01:00
Sean McGivern bf63964b4d Add test for getting info/refs from repo 2016-06-09 14:26:52 +01:00
Sean McGivern df5fb28a3a Ensure only IDs ending in .git perform git actions 
It doesn't seem possible to set constraints based on format for project
IDs ending in .git, so set the constraint on the ID and ensure the
format is nil to avoid the case where the project ID is something like
project.git.foo.
 2016-06-09 11:53:11 +01:00
Jacob Vosmaer df62cbd917 Add parentheses 2016-06-08 11:42:25 +02:00
Jacob Vosmaer 9ef50db627 Specify that oauth cannot push code 2016-04-29 18:56:53 +02:00
Jacob Vosmaer b64cbaccbe Remove trivial 'let' 2016-04-22 14:04:36 +02:00
Jacob Vosmaer ccb29955c9 More tests, better descriptions 2016-04-06 18:58:19 +02:00
Jacob Vosmaer ac4d3dc5cc Rubocop 2016-04-06 17:23:16 +02:00
Jacob Vosmaer 5fe06d7365 Add some upload specs 2016-03-24 18:58:29 +01:00
Jacob Vosmaer 5f3708418a Whitespace! 2016-03-24 17:44:13 +01:00
Jacob Vosmaer 57145483fc Spec Www-Authenticate 2016-03-24 17:44:10 +01:00
Jacob Vosmaer ccf5b21f28 Remove useless "describe" 2016-03-24 17:38:30 +01:00
Jacob Vosmaer aae577f921 Add test for gitlab_shell.upload_pack config setting 2016-03-24 17:34:56 +01:00
Jacob Vosmaer 0f8fe93c26 Whitespace, remove unused method 2016-03-24 16:21:19 +01:00
Jacob Vosmaer 31bc876b7b Test both GET and POST for git-upload-pack 2016-03-24 16:14:09 +01:00
Jacob Vosmaer 19a5e7c95e Test Grack::Auth via a request spec 2016-03-23 14:09:52 +01:00