root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
102,733 Commits 9,131 Branches 1,640 Tags 2 GiB
Commit Graph

129 Commits

Author SHA1 Message Date
GitLab Bot 9763c08170 Add latest changes from gitlab-org/gitlab@master 2019-12-17 03:07:45 +00:00
GitLab Bot b86f474bf5 Add latest changes from gitlab-org/gitlab@master 2019-12-11 12:08:10 +00:00
GitLab Bot 115c8ea7af Add latest changes from gitlab-org/gitlab@master 2019-12-10 18:08:04 +00:00
GitLab Bot e1867c38fc Add latest changes from gitlab-org/gitlab@master 2019-12-06 18:07:44 +00:00
GitLab Bot 4529c19950 Add latest changes from gitlab-org/gitlab@master 2019-12-03 21:06:23 +00:00
GitLab Bot 18a102a5b9 Add latest changes from gitlab-org/gitlab@master 2019-11-08 03:06:48 +00:00
GitLab Bot 8078bd185f Add latest changes from gitlab-org/gitlab@master 2019-11-01 00:06:02 +00:00
GitLab Bot 308146dc39 Add latest changes from gitlab-org/gitlab@master 2019-10-10 00:06:44 +00:00
Sebastian Arcila Valenzuela 3692e9f8a2
Validate that SAML requests are originated from gitlab 
If the request wasn't initiated by gitlab we shouldn't add the new
identity to the user, and instead show that we weren't able to link
the identity to the user.

This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/56509
 2019-09-30 14:22:06 +02:00
GitLab Bot 4309992515 Add latest changes from gitlab-org/gitlab@master 2019-09-26 21:06:29 +00:00
GitLab Bot 5707f305f4 Add latest changes from gitlab-org/gitlab@master 2019-09-26 12:06:00 +00:00
GitLab Bot bd860c22f6 Add latest changes from gitlab-org/gitlab@master 2019-09-17 12:06:48 +00:00
GitLab Bot b7dfe2ae40 Add latest changes from gitlab-org/gitlab@master 2019-09-13 13:26:31 +00:00
Ahmad Sherif 3c2b4a1ced Enable serving static objects from an external storage 
It consists of two parts:

1. Redirecting users to the configured external storage
1. Allowing the external storage to request the static object(s)
   on behalf of the user by means of specific tokens

Part of https://gitlab.com/gitlab-com/gl-infra/infrastructure/issues/6829
 2019-09-10 13:43:11 +02:00
dineshpanda e908e11776 Avoid calling freeze on already frozen strings in lib/gitlab 2019-09-04 09:52:02 +05:30
dodocat 6e2032f24e Update docs and comments about saml with allow_bypass_two_factor 
allow_bypass_two_factor configration dose not work with saml provider
 2019-08-27 03:46:32 +00:00
Imre Farkas 929b403d21 Ensure Warden triggers after_authentication callback 
By not triggering the callback:
- ActiveSession lookup keys are not cleaned
- Devise also misses its hook related to session cleanup
 2019-07-26 07:05:50 +00:00
Thong Kuah d4ef3be35b Frozen string cannot change encoding 
This was shown in specs but surely this will be happening in application
code as well if this method is passes a frozen string.

We were also trying to force_encode a OmniAuth::AuthHash which had the
very confusing behaviour of returning nil when it was sent a method that
it did not define. Fix that by only force_encoding a String.
 2019-07-26 00:13:25 +12:00
Steve Abrams aba93fe2d5 OAuth2 support for GitLab personal access tokens 
PATs are accepted using the OAuth2 compliant header
"Authorization: Bearer {token}" in order to allow for
OAuth requests while 2FA is enabled.
 2019-07-22 08:50:25 +00:00
Mayra Cabrera 0ab89d8e36 Add a rubocop for Rails.logger 
Suggests to use a JSON structured log instead

Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/54102
 2019-07-10 19:26:47 +00:00
Stan Hu 82c31a9add Support CIDR notation in IP rate limiter 
This will make it possible to whitelist multiple IP addresses
(e.g. 192.168.0.1/24).
 2019-06-27 23:16:11 -07:00
Kartikey Tanna 53af3e6b9e #57815 Password authentication disabled for UltraAuth users 
Disabled password authentication for the users registered using
omniauth-ultraauth strategy
 2019-06-18 16:18:14 +00:00
Martin Wortschack 9c95200219 Add no-tabs class and externalize strings 
- Add .no-tabs to login-box
- Externalize strings in common signup box
- Leverage render_if_exists
- Update PO file
 2019-05-27 13:20:27 +00:00
Stan Hu f93b2e02a5 Run rubocop -a on CE files 2019-05-05 03:24:28 -07:00
Rémy Coutable 45da7dd306
Backport 'Update user name upon LDAP sync' from EE 
Signed-off-by: Rémy Coutable <remy@rymai.me>
 2019-03-25 11:16:01 +01:00
Rémy Coutable 8018bc96a3
Handle nil name in Gitlab::Auth::LDAP::Person#name 
Signed-off-by: Rémy Coutable <remy@rymai.me>
 2019-03-20 14:59:07 +01:00
Andrew Newdigate 3288e1a874 Adds the Rubocop ReturnNil cop 
This style change enforces `return if ...` instead of
`return nil if ...` to save maintainers a few minor review points
 2019-03-06 17:51:56 +02:00
Douwe Maan ed41f4e6ea Merge branch 'add_ldap_tls_options' into 'master' 
Allow raw `tls_options` to be passed in LDAP configuration

Closes #46391

See merge request gitlab-org/gitlab-ce!20678
 2019-03-05 13:17:23 +00:00
Yorick Peterse 040e6e72bf Merge branch 'ce-security-jej/group-saml-link-origin-verification' into 'master' 
Ensure request to link GroupSAML acount was GitLab initiated

See merge request gitlab/gitlabhq!2976
 2019-03-04 18:36:26 +00:00
Drew Blessing f6350faca1 Allow raw `tls_options` to be passed in LDAP configuration 
We've previously exposed ca_file and ssl_version but there are many
possible options that can be used inside tls_options. Instead of
exposing individual ones, simply expose the entire hash so it can
be passed in and we won't have to add things in the future.
 2019-03-04 10:27:43 -06:00
Imre Farkas b57cf4ae3f
Backport of ee/9235: Add LDAP integration to smartcard authentication 2019-01-27 22:26:32 +01:00
James Edwards-Jones 104c8b890d Backport EE GroupSAML origin verification changes 2019-01-23 19:42:16 +00:00
Imre Farkas 157b385411
Log admin status of user when OAuth::User is saved 2019-01-23 14:26:15 +01:00
Semyon Pupkov c379973bce chore(rubocop): fix Style/TrivialAccessors issues 2019-01-16 13:53:04 +05:00
Imre Farkas bd3a484032
Add config to disable impersonation 
Adds gitlab.impersonation_enabled config option defaulting to true to
keep the current default behaviour.

Only the act of impersonation is modified, impersonation token
management is not affected.
 2018-11-29 09:37:16 +01:00
Cindy Pallares fe5f75930e
Merge branch 'security-fix-pat-web-access' into 'master' 
[master] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request"

See merge request gitlab/gitlabhq!2583
 2018-11-28 19:13:59 -05:00
Douwe Maan 6f0ff56ef8 Merge branch 'fix/allow-saml2-for-2fa-bypass' into 'master' 
saml/auth_hash: Allow 2FA bypass for SAML 2.0 responses

See merge request gitlab-org/gitlab-ce!22568
 2018-11-20 11:07:59 +00:00
George Tsiolis 733ae94921 Fix typos in comments and specs 2018-11-01 08:59:20 +02:00
Imre Farkas b9652d8e4d [master] Persist only SHA digest of PersonalAccessToken#token 2018-10-29 16:06:45 +00:00
115100 2a8a4897ff
saml/auth_hash: Allow 2FA bypass for SAML 2.0 responses 
Closes gitlab-org/gitlab-ce/#53102.
 2018-10-25 12:08:07 +01:00
gfyoung e166e5747c Enable some frozen string in lib/gitlab 
Enable frozen string for the following files:

* lib/gitlab/auth/**/*.rb
* lib/gitlab/badge/**/*.rb
* lib/gitlab/bare_repository_import/**/*.rb
* lib/gitlab/bitbucket_import/**/*.rb
* lib/gitlab/bitbucket_server_import/**/*.rb
* lib/gitlab/cache/**/*.rb
* lib/gitlab/checks/**/*.rb

Partially addresses #47424.
 2018-10-13 02:31:31 -07:00
Marcel Amirault eb640eded7 Correct Gitlab Capitalization in code files 2018-09-21 12:05:37 +00:00
Yorick Peterse 2039c8280d
Disable existing offenses for the CodeReuse cops 
This whitelists all existing offenses for the various CodeReuse cops, of
which most are triggered by the CodeReuse/ActiveRecord cop.
 2018-09-11 17:32:00 +02:00
Douglas Barbosa Alexandre 5894dfabc5
Backport LDAP changes to CE 2018-08-23 15:46:45 +02:00
Stan Hu 7486d424b9 Fix broken Git over HTTP clones with LDAP users 
Due to a regression in !20608, the LDAP authenticator was not being used
unless OmniAuth was enabled. This change allows the LDAP provider to be used
if it is configured regardless of the OmniAuth setting.

Closes #50579
 2018-08-22 13:07:14 -07:00
Grzegorz Bizon 98e9f52cf4 Improve blocked user tracking code readability 2018-08-03 12:58:00 +02:00
Grzegorz Bizon 5bbd3a93e9 Remove an empty line from blocker user tracker class 2018-08-02 15:41:14 +02:00
Grzegorz Bizon c2a5bbc295 Remove an empty line from the end of blocked_user_tracker.rb 2018-08-02 07:04:12 +00:00
Grzegorz Bizon 9c6aa0a0a6 Improve authentication events-related code readability 2018-08-01 17:08:59 +02:00
Grzegorz Bizon 2b05562c5b Simplify blocked user tracking during authentication 2018-08-01 15:56:44 +02:00