root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
72,140 Commits 9,131 Branches 1,640 Tags 2 GiB
Commit Graph

317 Commits

Author SHA1 Message Date
Francisco Javier López ae84eaeba7 Add better LDAP connection handling 2018-04-04 09:07:28 +00:00
Horatiu Eugen Vlad 1ad5df49b1 Moved o_auth/saml/ldap modules under gitlab/auth 2018-02-28 16:53:02 +01:00
Bob Van Landuyt 148816cd67 Port `read_cross_project` ability from EE 2018-02-22 17:11:36 +01:00
Mario de la Ossa eaada9d706 use Gitlab::UserSettings directly as a singleton instead of including/extending it 2018-02-02 18:39:55 +00:00
Stan Hu 79a829a037 Return a blank JSON response for a missing .js file to prevent Rails CSRF errors 
The default 404 handler would return the Content-Type format based on the
given format extension. This would cause the Rails CSRF protection to flag an
error, since the .js extension gets mapped to text/javascript format.

Closes #40771
 2018-01-23 22:24:30 -08:00
Markus Koller 257fd57134 Allow password authentication to be disabled entirely 2017-11-23 13:16:14 +00:00
Tiago Botelho 053a198846 Impersonation no longer gets stuck on password change. 2017-11-20 18:02:41 +01:00
Rémy Coutable 4f09d099e9 Merge branch '18040-rubocop-line-break-after-guard-clause' into 'master' 
Adds Rubocop rule for line break after guard clause

Closes #18040

See merge request gitlab-org/gitlab-ce!15188
 2017-11-20 09:22:14 +00:00
Francisco Lopez aecc3eb080 Applied some code review comments 2017-11-17 10:02:10 +01:00
Francisco Lopez 41ebd06ddc Some fixes after rebase 2017-11-17 10:01:20 +01:00
Michael Kozono 43a682ccaa Fix OAuth API and RSS rate limiting 2017-11-17 09:58:18 +01:00
Michael Kozono dc9266fbea Add request throttles 2017-11-17 09:58:18 +01:00
Jacopo 181cd299f9 Adds Rubocop rule for line break after guard clause 
Adds a rubocop rule (with autocorrect) to ensure line break after guard clauses.
 2017-11-16 17:58:29 +01:00
Douwe Maan 294fa6fcdc Remove authentication using user.private_token 2017-11-02 11:39:02 +01:00
Toon Claes d8d7faf68c URI decode Page-Title header to preserve UTF-8 characters 2017-10-20 16:44:29 +00:00
Stan Hu 5d52bb59dc Fix username and ID not logging in production_json.log for Git activity 
Devise sets `current_user`, but not all controllers authenticate users by
session tokens. Try to use the controller-defined `authenticated_user` if
`current_user` is not available.

Closes gitlab-org/gitlab-ee#3611
 2017-10-04 11:47:36 -07:00
Douwe Maan 5adae3d85b Encode Page-Title header as ISO-8859-1 2017-09-26 18:05:19 +02:00
Douwe Maan 711bb28568 Add Page-Title header to tree and blob JSON endpoints 2017-09-26 17:31:47 +02:00
Tiago Botelho 37383d9a9d Rollsback changes made to signing_enabled. 2017-09-01 10:51:40 +01:00
Rémy Coutable c946ee1282
Enable the Layout/SpaceBeforeBlockBraces cop 
Signed-off-by: Rémy Coutable <remy@rymai.me>
 2017-08-09 11:52:22 +02:00
Bob Van Landuyt faabcbd3ae GRPC::Unavailable (< GRPC::BadStatus) is wrapped in a CommandError 2017-08-07 14:37:01 +02:00
Bob Van Landuyt 3598e60bf2 Add a Circuitbreaker for storage paths 2017-08-04 15:38:48 +02:00
Stan Hu 9bc176b2c3 Add remote IP, user ID and username to JSON lograge output 
This makes the logs a bit more useful to search requests by users.
 2017-07-28 00:48:03 -05:00
Robin Bobbitt 672a68d372 Fixes needed when GitLab sign-in is not enabled 
When sign-in is disabled:
 - skip password expiration checks
 - prevent password reset requests
 - don’t show Password tab in User Settings
 - don’t allow login with username/password for Git over HTTP requests
 - render 404 on requests to Profiles::PasswordsController
 2017-07-13 10:08:27 -04:00
Rémy Coutable 186048a404 Allow to enable the performance bar per user or Flipper group 
A `performance_team` Flipper group has been created. By default this
group is nil but this can be customized in `gitlab.yml` via the
performance_bar.allowed_group setting.

Signed-off-by: Rémy Coutable <remy@rymai.me>
 2017-07-06 11:18:25 +02:00
Stan Hu 73d019e11f Log rescued exceptions to Sentry 
Support noticed that a number of exceptions, such as
"Encoding::CompatibilityError (incompatible character encodings: UTF-8 and
ASCII-8BIT)", failed to report to Sentry. The `rescue_from` in the
ApplicationController prevented these exceptions from being recorded.
This change ensures that these exceptions are properly captured.
 2017-07-04 14:03:46 -07:00
Pawel Chojnacki 15b7b9ec41 Add rescue_from(ActionController::UnknownFormat) in Application Controller 2017-06-20 15:53:23 +02:00
Rémy Coutable b173ae6b48 Fix linting, route, and specs 
Signed-off-by: Rémy Coutable <remy@rymai.me>
 2017-06-09 17:21:39 +02:00
Rémy Coutable f45094a485 Small adjustments 
Signed-off-by: Rémy Coutable <remy@rymai.me>
 2017-06-09 17:21:39 +02:00
Rémy Coutable 47054451da Don't use Pygment,rb, use Rouge instead, and put peek-pg in the :postgres group 
Signed-off-by: Rémy Coutable <remy@rymai.me>
 2017-06-09 17:21:39 +02:00
Rémy Coutable d39ecf1ca7 New performance bar that can be enabled with the `p b` shortcut 
Signed-off-by: Rémy Coutable <remy@rymai.me>
 2017-06-09 17:21:39 +02:00
Douwe Maan b3b6c78112 Merge branch '32748-emails-are-being-sent-with-the-wrong-language' into 'master' 
Bugfix: Always use the default language when generating emails.

Closes #32748

See merge request !11662
 2017-05-25 18:05:06 +00:00
Ruben Davila 5c921809cd Bugfix: Always use the default language when generating emails. 
There was a race condition issue when the application was generating an
email and was using a language that was previously being used in other
request.
 2017-05-25 10:22:45 -05:00
Alexis Reigel 6efe9c2f14 atom links with rss token instead of private token 2017-05-24 22:29:59 +02:00
Fatih Acet 0151325dac Merge request widget redesign 2017-05-09 04:15:34 +00:00
Michael Kozono 7d02bcd2e0 Redirect from redirect routes to canonical routes 2017-05-05 12:11:57 -07:00
Ruben Davila dbd1bdaeed More updates for translations plus some refactoring. 2017-05-03 21:08:43 -05:00
Ruben Davila 6d5364cfb0 First round of updates from the code review. 2017-05-02 23:36:36 -05:00
Ruben Davila bbfbcebdf6 Merge branch 'master' into 28433-internationalise-cycle-analytics-page 2017-05-02 13:20:41 -05:00
Dosuken shinya 73ac7b2dd6 Resolve "Add more tests for spec/controllers/projects/builds_controller_spec.rb" 2017-04-28 09:38:32 +00:00
Ruben Davila 1de135bc04 Fix Rubocop complains plus some small refactor 2017-04-19 23:19:24 -05:00
Ruben Davila 73d0730d09 Set locale through controller filter 2017-04-13 01:03:47 -05:00
Markus Koller 7140e09e39 Extract 2FA-related code from ApplicationController 2017-04-06 10:01:13 +02:00
Markus Koller a3430f011f Support 2FA requirement per-group 2017-04-06 10:01:13 +02:00
Markus Koller 57374feabe Move AuthHelper#two_factor_skippable? into ApplicationController 2017-04-06 10:01:13 +02:00
Rémy Coutable 8b6041bce3 Don't try to find a user by personal_access_token if the token is nil 
Signed-off-by: Rémy Coutable <remy@rymai.me>
 2017-03-22 17:06:19 +01:00
http://jneen.net/ 0ea04cc5bf use the policy stack to protect logins 2017-03-09 11:49:52 -08:00
http://jneen.net/ 846e581732 use a magic default :global symbol instead of nil 
to make sure we mean the global permissions
 2017-03-09 11:49:52 -08:00
Pawel Chojnacki 2ff139ddee Make Warden set_user hook validate user ip uniquness 
+ rename shared context
 2017-03-06 15:41:25 +01:00
Pawel Chojnacki 0ef8a64348 Remove unecessary calls to limit_user!, UniqueIps Middleware, and address MR review 
- cleanup formating in haml
 - clarify time window is in seconds
 - cleanup straneous chunks in db/schema
 - rename count_uniqe_ips to update_and_return_ips_count
 - other
 2017-03-06 15:41:25 +01:00