3c2b4a1ced
Enable serving static objects from an external storage
...
It consists of two parts:
1. Redirecting users to the configured external storage
1. Allowing the external storage to request the static object(s)
on behalf of the user by means of specific tokens
Part of https://gitlab.com/gitlab-com/gl-infra/infrastructure/issues/6829
2019-09-10 13:43:11 +02:00
e908e11776
Avoid calling freeze on already frozen strings in lib/gitlab
2019-09-04 09:52:02 +05:30
6e2032f24e
Update docs and comments about saml with allow_bypass_two_factor
...
allow_bypass_two_factor configration dose not work with saml provider
2019-08-27 03:46:32 +00:00
929b403d21
Ensure Warden triggers after_authentication callback
...
By not triggering the callback:
- ActiveSession lookup keys are not cleaned
- Devise also misses its hook related to session cleanup
2019-07-26 07:05:50 +00:00
d4ef3be35b
Frozen string cannot change encoding
...
This was shown in specs but surely this will be happening in application
code as well if this method is passes a frozen string.
We were also trying to force_encode a OmniAuth::AuthHash which had the
very confusing behaviour of returning nil when it was sent a method that
it did not define. Fix that by only force_encoding a String.
2019-07-26 00:13:25 +12:00
aba93fe2d5
OAuth2 support for GitLab personal access tokens
...
PATs are accepted using the OAuth2 compliant header
"Authorization: Bearer {token}" in order to allow for
OAuth requests while 2FA is enabled.
2019-07-22 08:50:25 +00:00
0ab89d8e36
Add a rubocop for Rails.logger
...
Suggests to use a JSON structured log instead
Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/54102
2019-07-10 19:26:47 +00:00
82c31a9add
Support CIDR notation in IP rate limiter
...
This will make it possible to whitelist multiple IP addresses
(e.g. 192.168.0.1/24).
2019-06-27 23:16:11 -07:00
53af3e6b9e
#57815 Password authentication disabled for UltraAuth users
...
Disabled password authentication for the users registered using
omniauth-ultraauth strategy
2019-06-18 16:18:14 +00:00
9c95200219
Add no-tabs class and externalize strings
...
- Add .no-tabs to login-box
- Externalize strings in common signup box
- Leverage render_if_exists
- Update PO file
2019-05-27 13:20:27 +00:00
f93b2e02a5
Run rubocop -a on CE files
2019-05-05 03:24:28 -07:00
45da7dd306
Backport 'Update user name upon LDAP sync' from EE
...
Signed-off-by: Rémy Coutable <remy@rymai.me>
2019-03-25 11:16:01 +01:00
8018bc96a3
Handle nil name in Gitlab::Auth::LDAP::Person#name
...
Signed-off-by: Rémy Coutable <remy@rymai.me>
2019-03-20 14:59:07 +01:00
3288e1a874
Adds the Rubocop ReturnNil cop
...
This style change enforces `return if ...` instead of
`return nil if ...` to save maintainers a few minor review points
2019-03-06 17:51:56 +02:00
ed41f4e6ea
Merge branch 'add_ldap_tls_options' into 'master'
...
Allow raw `tls_options` to be passed in LDAP configuration
Closes #46391
See merge request gitlab-org/gitlab-ce!20678
2019-03-05 13:17:23 +00:00
040e6e72bf
Merge branch 'ce-security-jej/group-saml-link-origin-verification' into 'master'
...
Ensure request to link GroupSAML acount was GitLab initiated
See merge request gitlab/gitlabhq!2976
2019-03-04 18:36:26 +00:00
f6350faca1
Allow raw `tls_options` to be passed in LDAP configuration
...
We've previously exposed ca_file and ssl_version but there are many
possible options that can be used inside tls_options. Instead of
exposing individual ones, simply expose the entire hash so it can
be passed in and we won't have to add things in the future.
2019-03-04 10:27:43 -06:00
b57cf4ae3f
Backport of ee/9235: Add LDAP integration to smartcard authentication
2019-01-27 22:26:32 +01:00
104c8b890d
Backport EE GroupSAML origin verification changes
2019-01-23 19:42:16 +00:00
157b385411
Log admin status of user when OAuth::User is saved
2019-01-23 14:26:15 +01:00
c379973bce
chore(rubocop): fix Style/TrivialAccessors issues
2019-01-16 13:53:04 +05:00
bd3a484032
Add config to disable impersonation
...
Adds gitlab.impersonation_enabled config option defaulting to true to
keep the current default behaviour.
Only the act of impersonation is modified, impersonation token
management is not affected.
2018-11-29 09:37:16 +01:00
fe5f75930e
Merge branch 'security-fix-pat-web-access' into 'master'
...
[master] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request"
See merge request gitlab/gitlabhq!2583
2018-11-28 19:13:59 -05:00
6f0ff56ef8
Merge branch 'fix/allow-saml2-for-2fa-bypass' into 'master'
...
saml/auth_hash: Allow 2FA bypass for SAML 2.0 responses
See merge request gitlab-org/gitlab-ce!22568
2018-11-20 11:07:59 +00:00
733ae94921
Fix typos in comments and specs
2018-11-01 08:59:20 +02:00
b9652d8e4d
[master] Persist only SHA digest of PersonalAccessToken#token
2018-10-29 16:06:45 +00:00
2a8a4897ff
saml/auth_hash: Allow 2FA bypass for SAML 2.0 responses
...
Closes gitlab-org/gitlab-ce/#53102.
2018-10-25 12:08:07 +01:00
e166e5747c
Enable some frozen string in lib/gitlab
...
Enable frozen string for the following files:
* lib/gitlab/auth/**/*.rb
* lib/gitlab/badge/**/*.rb
* lib/gitlab/bare_repository_import/**/*.rb
* lib/gitlab/bitbucket_import/**/*.rb
* lib/gitlab/bitbucket_server_import/**/*.rb
* lib/gitlab/cache/**/*.rb
* lib/gitlab/checks/**/*.rb
Partially addresses #47424 .
2018-10-13 02:31:31 -07:00
eb640eded7
Correct Gitlab Capitalization in code files
2018-09-21 12:05:37 +00:00
2039c8280d
Disable existing offenses for the CodeReuse cops
...
This whitelists all existing offenses for the various CodeReuse cops, of
which most are triggered by the CodeReuse/ActiveRecord cop.
2018-09-11 17:32:00 +02:00
5894dfabc5
Backport LDAP changes to CE
2018-08-23 15:46:45 +02:00
7486d424b9
Fix broken Git over HTTP clones with LDAP users
...
Due to a regression in !20608 , the LDAP authenticator was not being used
unless OmniAuth was enabled. This change allows the LDAP provider to be used
if it is configured regardless of the OmniAuth setting.
Closes #50579
2018-08-22 13:07:14 -07:00
98e9f52cf4
Improve blocked user tracking code readability
2018-08-03 12:58:00 +02:00
5bbd3a93e9
Remove an empty line from blocker user tracker class
2018-08-02 15:41:14 +02:00
c2a5bbc295
Remove an empty line from the end of blocked_user_tracker.rb
2018-08-02 07:04:12 +00:00
9c6aa0a0a6
Improve authentication events-related code readability
2018-08-01 17:08:59 +02:00
2b05562c5b
Simplify blocked user tracking during authentication
2018-08-01 15:56:44 +02:00
4bcf72e734
Improve blocked user tracking and fire some events only once
2018-08-01 14:23:06 +02:00
e6dd3c5276
Merge branch 'feature/gb/login-activity-metrics' into 'master'
...
Add user authentication activity metrics
Closes #47789
See merge request gitlab-org/gitlab-ce!20668
2018-07-31 10:44:22 +00:00
de8f8cdf06
Improve authentication activity code readability
2018-07-31 09:24:19 +02:00
5f66d1de09
Improve specs for blocked user tracker class
2018-07-27 13:54:31 +02:00
00e4d918a3
Add authentication metrics for sessionless sign in
2018-07-27 12:56:34 +02:00
c44541a506
Improve readability and move custom matchers to better place
2018-07-27 12:29:49 +02:00
ede8c0ced4
Catch custom warden events too to increment metrics
2018-07-27 12:19:34 +02:00
656985bf75
Make authentication metrics events explicit is specs
2018-07-26 18:36:04 +02:00
0da5c588b1
Fix activity metric name that need to be symbols
2018-07-24 08:20:48 +00:00
01cac53d71
Make it easier to stub authentication metrics
2018-07-23 17:20:24 +02:00
68547bc0e0
Track blocked users and two factor authentications
2018-07-23 15:13:11 +02:00
1a39d24d20
Refactor blocked user tracker class
2018-07-20 16:00:28 +02:00
33e11345e0
Add custom expectations for authentication activity metrics
2018-07-20 15:06:11 +02:00
Ahmad Sherif
dineshpanda
dodocat
Imre Farkas
Thong Kuah
Steve Abrams
Mayra Cabrera
Stan Hu
Kartikey Tanna
Martin Wortschack
Rémy Coutable
Andrew Newdigate
Douwe Maan
Yorick Peterse
Drew Blessing
James Edwards-Jones
Semyon Pupkov
Cindy Pallares
George Tsiolis
115100
gfyoung
Marcel Amirault
Douglas Barbosa Alexandre
Grzegorz Bizon
Grzegorz Bizon
Sean McGivern