root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
36,067 Commits 9,131 Branches 1,640 Tags 2 GiB
Commit Graph

31 Commits

Author SHA1 Message Date
Kamil Trzcinski e941365f3b Rename capabilities to authentication_abilities 2016-09-16 11:12:21 +02:00
Kamil Trzcinski 571226f166 Make result to return project and capabilities granted 2016-09-13 15:27:05 +02:00
Kamil Trzcinski 505dc808b3 Use a permissions of user to access all dependent projects from CI jobs (this also includes a container images, and in future LFS files) 2016-09-13 13:30:26 +02:00
Jacob Vosmaer c87540ed46 Verify JWT messages from gitlab-workhorse 2016-09-05 15:05:31 +02:00
Jacob Vosmaer 7dff0946a7 Remove duplicate method reintroduced by merge 2016-08-09 12:35:36 +02:00
Jacob Vosmaer 7a99826694 Merge branch 'master' of https://gitlab.com/gitlab-org/gitlab-ce into remove-grack-lfs 2016-08-09 12:27:37 +02:00
Jacob Vosmaer b8f754dd0a Stop 'git push' over HTTP early 
Before this change we always let users push Git data over HTTP before
deciding whether to accept to push. This was different from pushing
over SSH where we terminate a 'git push' early if we already know the
user is not allowed to push.

This change let Git over HTTP follow the same behavior as Git over
SSH. We also distinguish between HTTP 404 and 403 responses when
denying Git requests, depending on whether the user is allowed to know
the project exists.
 2016-08-03 14:54:12 +02:00
Jacob Vosmaer 0d9752446d Add LFS controllers 2016-07-22 17:54:04 +02:00
Patricio Cano 9397ce9137 Correct access control flow for Git HTTP requests. 2016-07-05 16:54:22 -05:00
Patricio Cano da15471bb1 Clarify protocol access check, and make Git HTTP access call more specific. 2016-07-05 16:54:22 -05:00
Patricio Cano 0f54e2ae6c Render the status message with `plain:` so that the message gets passed to the Git client. 2016-07-05 16:54:22 -05:00
Patricio Cano 08018b7a7a Render :forbidden *only* if HTTP is disabled. 2016-07-05 16:54:22 -05:00
Patricio Cano 41c87b9a23 Return :forbidden if HTTP protocol access is not allowed 2016-07-05 16:54:22 -05:00
Patricio Cano c98f89eac7 Simplify access checks 2016-07-05 16:54:22 -05:00
Patricio Cano 7735ef86f0 Only allow Git Access on the allowed protocol 2016-07-05 16:54:22 -05:00
Jacob Vosmaer 4bcad1cbdd Groundwork for Kerberos SPNEGO (EE feature) 2016-07-01 11:46:56 +02:00
Jacob Vosmaer 0e896ffe4e Improve Gitlab::Auth method names 
Auth.find was a very generic name for a very specific method.
Auth.find_in_gitlab_or_ldap was inaccurate in GitLab EE where it also
looks in Kerberos.
 2016-06-10 14:51:16 +02:00
Jacob Vosmaer 63ed80321b Skip authenticity token checks for Git HTTP 2016-06-08 16:00:49 -04:00
Jacob Vosmaer 46d5760c76 Fewer silly instance variables 2016-06-03 16:04:59 +02:00
Jacob Vosmaer 50a357d7e8 Use #present? 2016-06-03 15:49:52 +02:00
Jacob Vosmaer 1564074648 Refactor _allowed? methods as Rémy asked 2016-06-03 15:28:35 +02:00
Jacob Vosmaer 3ffa494ffe Changes after more review from Rémy 2016-06-03 14:57:34 +02:00
Jacob Vosmaer b1ffc9f0fe Make CI/Oauth/rate limiting reusable 2016-04-29 18:58:55 +02:00
Jacob Vosmaer d698d3e846 More changes suggested by Rémy 2016-04-25 18:05:05 +02:00
Jacob Vosmaer c161065e78 Don't mess up our parent controller 2016-04-22 14:04:20 +02:00
Jacob Vosmaer 9add3fbb33 Some changes after review from Rémy and Valery 2016-04-22 13:24:53 +02:00
Jacob Vosmaer d3541da4ce Comment and whitespace 2016-04-15 12:40:43 +02:00
Jacob Vosmaer ab9dfa8fd6 Clarify intentions 2016-04-06 19:25:47 +02:00
Jacob Vosmaer 91226c2001 Move workhorse protocol code into lib 2016-04-06 17:52:12 +02:00
Jacob Vosmaer 5fe06d7365 Add some upload specs 2016-03-24 18:58:29 +01:00
Jacob Vosmaer 55f5a68f09 Get Grack::Auth tests to pass 2016-03-23 18:34:16 +01:00