root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
108,737 Commits 9,131 Branches 1,640 Tags 2 GiB
Commit Graph

107 Commits

Author SHA1 Message Date
GitLab Bot e8a7b1cd3f Add latest changes from gitlab-org/gitlab@master 2022-08-12 03:10:28 +00:00
GitLab Bot dbfedde341 Add latest changes from gitlab-org/gitlab@master 2022-06-16 18:09:35 +00:00
GitLab Bot 6f05d35c31 Add latest changes from gitlab-org/gitlab@master 2022-05-17 18:09:20 +00:00
GitLab Bot 988424215c Add latest changes from gitlab-org/gitlab@master 2022-05-13 12:08:49 +00:00
GitLab Bot 886ecba0bd Add latest changes from gitlab-org/gitlab@master 2021-12-08 12:13:04 +00:00
GitLab Bot 6dd9e3644e Add latest changes from gitlab-org/gitlab@master 2021-12-07 12:10:33 +00:00
GitLab Bot 79f98200f8 Add latest changes from gitlab-org/gitlab@master 2021-06-07 15:09:56 +00:00
GitLab Bot 0ae8428c8e Add latest changes from gitlab-org/gitlab@master 2021-05-11 21:10:21 +00:00
GitLab Bot 099333e261 Add latest changes from gitlab-org/gitlab@master 2021-03-18 00:08:58 +00:00
GitLab Bot 5460c19548 Add latest changes from gitlab-org/gitlab@master 2020-10-05 12:08:47 +00:00
GitLab Bot a17eb314cf Add latest changes from gitlab-org/gitlab@master 2020-09-24 15:09:51 +00:00
GitLab Bot c596046be9 Add latest changes from gitlab-org/gitlab@master 2020-09-10 18:08:54 +00:00
GitLab Bot 8e35232810 Add latest changes from gitlab-org/gitlab@master 2020-09-02 15:10:54 +00:00
GitLab Bot 9dde272671 Add latest changes from gitlab-org/gitlab@master 2020-08-11 15:10:08 +00:00
GitLab Bot 2f147005c5 Add latest changes from gitlab-org/gitlab@master 2020-07-11 00:09:17 +00:00
GitLab Bot 2fc7740f3c Add latest changes from gitlab-org/gitlab@master 2020-05-13 03:08:26 +00:00
GitLab Bot 8a840df2e4 Add latest changes from gitlab-org/gitlab@master 2020-04-24 15:09:37 +00:00
GitLab Bot 286fe61013 Add latest changes from gitlab-org/gitlab@master 2020-03-13 12:09:22 +00:00
GitLab Bot 73391dcc36 Add latest changes from gitlab-org/gitlab@master 2020-01-08 18:07:32 +00:00
GitLab Bot 898e2cc1df Add latest changes from gitlab-org/gitlab@master 2019-12-20 09:24:38 +00:00
GitLab Bot b86f474bf5 Add latest changes from gitlab-org/gitlab@master 2019-12-11 12:08:10 +00:00
GitLab Bot 190e204dec Add latest changes from gitlab-org/gitlab@master 2019-11-17 12:06:19 +00:00
GitLab Bot 308146dc39 Add latest changes from gitlab-org/gitlab@master 2019-10-10 00:06:44 +00:00
Sebastian Arcila Valenzuela 3692e9f8a2
Validate that SAML requests are originated from gitlab 
If the request wasn't initiated by gitlab we shouldn't add the new
identity to the user, and instead show that we weren't able to link
the identity to the user.

This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/56509
 2019-09-30 14:22:06 +02:00
Małgorzata Ksionek 48bb855ece
Add checking for email_verified key 
Fix rubocop offences and add changelog

Add email_verified key for feature specs

Add code review remarks

Add code review remarks

Fix specs
 2019-09-30 14:22:05 +02:00
GitLab Bot b7dfe2ae40 Add latest changes from gitlab-org/gitlab@master 2019-09-13 13:26:31 +00:00
Imre Farkas 929b403d21 Ensure Warden triggers after_authentication callback 
By not triggering the callback:
- ActiveSession lookup keys are not cleaned
- Devise also misses its hook related to session cleanup
 2019-07-26 07:05:50 +00:00
James Edwards-Jones 651cfd08ab CE changes for SSO web enforcement 
Adds two methods for us to extend in EE:
- OmniauthCallbacksController#link_identity
- GroupPolicy#lookup_access_level!
 2019-05-06 23:28:27 +07:00
Martin Wortschack 76e8960f4a Externalize strings in flash messages 
- Externalize strings in controllers
- Update PO file
 2019-04-08 14:17:45 +00:00
Pavel Shutsin 8ee1927db9 Move out link\unlink ability checks to a policy 
We can extend the policy in EE for additional behavior
 2019-03-19 15:38:16 +03:00
James Edwards-Jones 24f3f96004 Backport build_auth_user for GroupSAML callback 2019-02-06 17:28:35 +00:00
James Edwards-Jones 6548e01f18 Avoid CSRF check on SAML failure endpoint 
SAML and OAuth failures should cause a message to be presented, as well
as logging that an attempt was made. These were incorrectly prevented by
the CSRF check on POST endpoints such as SAML.

In addition we were using a NullSession forgery protection, which made
testing more difficult and could have allowed account linking to take
place if a CSRF was ever needed but not present.
 2019-02-04 10:10:51 +00:00
Scott Escue 4dcaa4df36
Addressing peer review feedback. 
Replacing inline JS with ES 2015 functions included in pages/sessions/new. Also applying suggested server-side syntax improvements to OmniAuthCallbacksController.
 2019-01-10 00:00:39 -06:00
Scott Escue 6540a9468a
Preserve URL fragment across sign-in and sign-up redirects 
If window.location contains a URL fragment, append the fragment to all sign-in forms, the sign-up form, and all button based providers.
 2019-01-10 00:00:38 -06:00
gfyoung 73322a0e55 Enable frozen string in app/controllers/**/*.rb 
Enables frozen string for the following:

* app/controllers/*.rb
* app/controllers/admin/**/*.rb
* app/controllers/boards/**/*.rb
* app/controllers/ci/**/*.rb
* app/controllers/concerns/**/*.rb

Partially addresses #47424.
 2018-09-18 21:22:45 -07:00
Roger Rüttimann 2efe27ba18 Honor saml assurance level to allow 2FA bypassing 2018-06-25 15:32:03 +00:00
blackst0ne 6fef87f17f [Rails5] Force the `protect_from_forgery` callback run first 
Since Rails 5.0 the `protect_from_forgery` callback doesn't run first by
default anymore. [1]

Instead it gets inserted into callbacks chain where callbacks get
called in order.

This commit forces the callback to run first.

[1]: 3979403781
 2018-06-21 21:44:31 +11:00
James Edwards-Jones b98a88cfe9 Backport helpers from GroupSAML failure messages 2018-05-21 16:43:12 +01:00
James Edwards-Jones 7425f2b322 Backport IdentityLinker#failed? from GroupSaml callback flow 2018-05-04 15:00:59 +01:00
James Edwards-Jones c741f95a3b Exclude LDAP from OmniauthCallbackController base methods 2018-04-30 17:32:23 +01:00
James Edwards-Jones 795cd7f952 Replace define_method with alias_method in Omniauth Controllers 2018-04-23 16:24:47 +01:00
James Edwards-Jones d3a8a07423 Unify Saml::IdentityLinker and OAuth::IdentityLinker 2018-04-23 13:53:32 +01:00
James Edwards-Jones f8d54913bb Show error on failed OAuth account link 2018-04-22 23:50:56 +01:00
James Edwards-Jones f10c999bca Refactor OmniauthCallbacksController to remove duplication 
Moves LDAP to its own controller with tests
Provides path forward for implementing GroupSaml
 2018-04-22 23:50:55 +01:00
Tiago Botelho 161a05b963 Writes specs 2018-03-22 16:05:15 +00:00
Tiago Botelho f742010257 Tracks the number of failed attempts made by a user trying to authenticate with any external authentication method 2018-03-22 15:39:54 +00:00
James Lopez 140cb0c092 Merge branch 'fix/auth0-unsafe-login-10-6' into 'security-10-6' 
[10.6] Fix GitLab Auth0 integration signs in the wrong user

See merge request gitlab/gitlabhq!2354
 2018-03-21 14:43:47 +00:00
Horatiu Eugen Vlad 1ad5df49b1 Moved o_auth/saml/ldap modules under gitlab/auth 2018-02-28 16:53:02 +01:00
Mario de la Ossa eaada9d706 use Gitlab::UserSettings directly as a singleton instead of including/extending it 2018-02-02 18:39:55 +00:00
Robert Speicher 4493ec0880 Merge branch 'jej/fix-disabled-oauth-access-10-3' into 'security-10-3' 
[10.3] Prevent login with disabled OAuth providers

See merge request gitlab/gitlabhq!2296

(cherry picked from commit 4936650427ffc88e6ee927aedbb2c724d24b094c)

a0f9d222 Prevents login with disabled OAuth providers
 2018-01-16 17:05:01 -08:00