root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
91,154 Commits 9,131 Branches 1,640 Tags 2 GiB
Commit Graph

78 Commits

Author SHA1 Message Date
Pavel Shutsin 8ee1927db9 Move out link\unlink ability checks to a policy 
We can extend the policy in EE for additional behavior
 2019-03-19 15:38:16 +03:00
James Edwards-Jones 24f3f96004 Backport build_auth_user for GroupSAML callback 2019-02-06 17:28:35 +00:00
James Edwards-Jones 6548e01f18 Avoid CSRF check on SAML failure endpoint 
SAML and OAuth failures should cause a message to be presented, as well
as logging that an attempt was made. These were incorrectly prevented by
the CSRF check on POST endpoints such as SAML.

In addition we were using a NullSession forgery protection, which made
testing more difficult and could have allowed account linking to take
place if a CSRF was ever needed but not present.
 2019-02-04 10:10:51 +00:00
Scott Escue 4dcaa4df36
Addressing peer review feedback. 
Replacing inline JS with ES 2015 functions included in pages/sessions/new. Also applying suggested server-side syntax improvements to OmniAuthCallbacksController.
 2019-01-10 00:00:39 -06:00
Scott Escue 6540a9468a
Preserve URL fragment across sign-in and sign-up redirects 
If window.location contains a URL fragment, append the fragment to all sign-in forms, the sign-up form, and all button based providers.
 2019-01-10 00:00:38 -06:00
gfyoung 73322a0e55 Enable frozen string in app/controllers/**/*.rb 
Enables frozen string for the following:

* app/controllers/*.rb
* app/controllers/admin/**/*.rb
* app/controllers/boards/**/*.rb
* app/controllers/ci/**/*.rb
* app/controllers/concerns/**/*.rb

Partially addresses #47424.
 2018-09-18 21:22:45 -07:00
Roger Rüttimann 2efe27ba18 Honor saml assurance level to allow 2FA bypassing 2018-06-25 15:32:03 +00:00
blackst0ne 6fef87f17f [Rails5] Force the `protect_from_forgery` callback run first 
Since Rails 5.0 the `protect_from_forgery` callback doesn't run first by
default anymore. [1]

Instead it gets inserted into callbacks chain where callbacks get
called in order.

This commit forces the callback to run first.

[1]: 3979403781
 2018-06-21 21:44:31 +11:00
James Edwards-Jones b98a88cfe9 Backport helpers from GroupSAML failure messages 2018-05-21 16:43:12 +01:00
James Edwards-Jones 7425f2b322 Backport IdentityLinker#failed? from GroupSaml callback flow 2018-05-04 15:00:59 +01:00
James Edwards-Jones c741f95a3b Exclude LDAP from OmniauthCallbackController base methods 2018-04-30 17:32:23 +01:00
James Edwards-Jones 795cd7f952 Replace define_method with alias_method in Omniauth Controllers 2018-04-23 16:24:47 +01:00
James Edwards-Jones d3a8a07423 Unify Saml::IdentityLinker and OAuth::IdentityLinker 2018-04-23 13:53:32 +01:00
James Edwards-Jones f8d54913bb Show error on failed OAuth account link 2018-04-22 23:50:56 +01:00
James Edwards-Jones f10c999bca Refactor OmniauthCallbacksController to remove duplication 
Moves LDAP to its own controller with tests
Provides path forward for implementing GroupSaml
 2018-04-22 23:50:55 +01:00
Tiago Botelho 161a05b963 Writes specs 2018-03-22 16:05:15 +00:00
Tiago Botelho f742010257 Tracks the number of failed attempts made by a user trying to authenticate with any external authentication method 2018-03-22 15:39:54 +00:00
James Lopez 140cb0c092 Merge branch 'fix/auth0-unsafe-login-10-6' into 'security-10-6' 
[10.6] Fix GitLab Auth0 integration signs in the wrong user

See merge request gitlab/gitlabhq!2354
 2018-03-21 14:43:47 +00:00
Horatiu Eugen Vlad 1ad5df49b1 Moved o_auth/saml/ldap modules under gitlab/auth 2018-02-28 16:53:02 +01:00
Mario de la Ossa eaada9d706 use Gitlab::UserSettings directly as a singleton instead of including/extending it 2018-02-02 18:39:55 +00:00
Robert Speicher 4493ec0880 Merge branch 'jej/fix-disabled-oauth-access-10-3' into 'security-10-3' 
[10.3] Prevent login with disabled OAuth providers

See merge request gitlab/gitlabhq!2296

(cherry picked from commit 4936650427ffc88e6ee927aedbb2c724d24b094c)

a0f9d222 Prevents login with disabled OAuth providers
 2018-01-16 17:05:01 -08:00
🙈 jacopo beschi 🙉 729f05f0e3 Adds Rubocop rule for line break around conditionals 2018-01-11 16:34:01 +00:00
Markus Koller 257fd57134 Allow password authentication to be disabled entirely 2017-11-23 13:16:14 +00:00
Francisco Javier López c7cf68bd6f Changing OAuth lookup to be case insensitive 2017-11-17 14:24:25 +00:00
Bob Van Landuyt f8865e9c13 Define ldap methods at runtime 
This avoids loading the `OmniAuthCallbacksController` at boot time so
it doesn't mess up the `before_action`-chain
 2017-08-24 17:33:53 +02:00
Robert Speicher 4edfad9678 Enable Layout/TrailingWhitespace cop and auto-correct offenses 2017-08-15 13:44:37 -04:00
James Lopez aa25db89c2 [EE Backport] Update log audit event in omniauth_callbacks_controller.rb 2017-08-07 20:10:24 +00:00
Timothy Andrew 7c2f5bb48d Fix build for !11963. 
- Don't use `request.env['omniauth.params']` if it isn't present.

- Remove the `saml` section from the `gitlab.yml` test section. Some tests
  depend on this section not being initially present, so it can be overridden
  in the test. This MR doesn't add any tests for SAML, so we didn't really need
  this in the first place anyway.

- Clean up the test -> omniauth section of `gitlab.yml`
 2017-07-06 06:30:07 +00:00
Timothy Andrew 633793cf47 Implement "remember me" for OAuth-based login. 
- Pass a `remember_me` query parameter along with the initial OAuth request, and
  pick this parameter up during the omniauth callback from
  request.env['omniauth.params']`.

- For 2FA-based login, copy the `remember_me` param from `omniauth.params` to
  `params`, which the 2FA process will pick up.

- For non-2FA-based login, simply call the `remember_me` devise method to set
  the session cookie.
 2017-07-06 06:29:58 +00:00
Grzegorz Bizon 0430b76441 Enable Style/DotPosition Rubocop 👮 2017-06-21 13:48:12 +00:00
Annabel Dunstone Gray 225662a708 Update design of auth error page 2017-05-05 08:33:04 +00:00
Douwe Maan f40716f48a No more and/or 2017-02-21 16:31:14 -06:00
Alexandros Keramidas beb887748e Added support for Authentiq Back-Channel Logout 2017-02-20 18:46:58 +02:00
Patricio Cano 5467260528 Added tests for 2FA check on OAuth request 2016-07-04 11:00:34 -05:00
Patricio Cano 54c514f24e Add 2FA check to the OAuth authentication mechanism 2016-06-29 11:55:23 -05:00
Grzegorz Bizon 9d5f80e00b Enable Style/MethodDefParentheses rubocop cop 
Use def with parentheses when there are parameters.

See #17478
 2016-05-30 12:08:53 +02:00
Patricio Cano 1d2429af9b Add missing proper nil and error handling to SAML login process. 2016-04-07 16:45:33 -05:00
Patricio Cano e99855bfe4 Avoid saving again if the user attributes haven't changed 2016-04-04 19:10:59 -05:00
Patricio Cano 06376be56a Decouple SAML authentication from the default Omniauth logic 2016-02-18 17:01:07 -05:00
Douwe Maan 873b0db220 Revert "Merge branch 'saml-decoupling' into 'master' " 
This reverts commit c04e22fba8, reversing
changes made to 0feab326d5.
 2016-02-18 22:14:53 +01:00
Patricio Cano f014127e17 Decouple SAML authentication from the default Omniauth logic 2016-02-18 13:22:19 -05:00
Robert Speicher d6ef6c634e Support Two-factor Authentication for LDAP users 
Closes #12653
 2016-02-03 13:31:12 -05:00
Robert Speicher 1e666ce695 Backport LDAP user assignment changes from EE 
See https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/146
 2016-01-28 13:31:48 -05:00
tduehr 8e3f1fa629 add CAS authentication support 2015-12-14 21:43:41 -06:00
Guilherme Garnier 2b075f16c7 Fix rubocop warnings in app 2015-10-03 00:56:37 -05:00
Douwe Maan 70a3c165a9 Allow custom label to be set for authentication providers. 2015-07-23 15:20:12 +02:00
Valery Sizov 411829fdb5 Audit log for user authentication 2015-07-06 12:36:08 +03:00
Douwe Maan 44458f3ca2 Add "Remember me" checkbox to LDAP signin form. 2015-06-05 14:37:01 +02:00
Alex Lossent 22de5443c5 Add SAML support via Omniauth 2015-05-27 16:38:10 +02:00
Douwe Maan 17a41547a0 Improve OAuth signup error message. 2015-05-13 09:41:56 +02:00