Age | Commit message (Collapse) | Author |
|
|
|
|
|
Remove changelog entry for new navigation sidebar.
See merge request !3608
|
|
Fix side-by-side code format & commit message wrap
![Screen_Shot_2016-04-07_at_1.31.28_PM](/uploads/bad00284e4dfbec1fdd75220c34f4a98/Screen_Shot_2016-04-07_at_1.31.28_PM.png)
![Screen_Shot_2016-04-07_at_1.32.23_PM](/uploads/7cd344765025e93d0035934a473b4bb3/Screen_Shot_2016-04-07_at_1.32.23_PM.png)
See merge request !3605
|
|
Revert "Merge branch 'new-navigation-prototype' into 'master'"
This reverts merge request !3494
See merge request !3607
|
|
[ci skip]
|
|
|
|
This reverts merge request !3494
|
|
Revert "Merge branch 'fix-sidebar-exapnd' into 'master'"
This reverts merge request !3520
See merge request !3606
|
|
This reverts merge request !3520
|
|
|
|
Preserve white space
See merge request !3602
|
|
Update number of Todos in the sidebar when it's marked as "Done"
Closes #15002
See merge request !3600
|
|
|
|
|
|
|
|
|
|
Fix problem when creating milestones in groups without projects
Fixes #14012
See merge request !3481
|
|
Add optional colon.
See merge request !3591
|
|
Disable git gc --auto
See merge request !3572
|
|
Hide "assign to me" link if not allowed
Fixes #14996
See merge request !3590
|
|
|
|
|
|
|
|
|
|
|
|
* 'master' of dev.gitlab.org:gitlab/gitlabhq:
Make sessions controller specs more explicit
Fix 2FA authentication spoofing vulnerability
Add specs for sessions controller including 2FA
|
|
Fix 2FA authentication spoofing
## Summary
This is security fix for vulnerability described at
https://gitlab.com/gitlab-org/gitlab-ce/issues/14900.
Attacker was able to bypass password authentication of users that have 2FA enabled, and consequently sign is as a different user, without knowing his password, if he managed to guess 2FA One Time Password for that user.
It was also possible to enumerate users and check if they have 2FA enabled, because GitLab responded with different error for each case.
## Fix
This MR attempts to change default user search scope if `otp_user_id` session variable has been set. If it is present, it means that user has 2FA enabled, and has already been verified with login and password. In this case we should look for user with `otp_user_id` first, before picking it up by `login`.
Both, 2FA authentication spoofing and 2FA discovery have been covered by specs.
## Further work
Current 2FA code is a bit tricky, so it probably needs some refactoring.
See merge request !1947
|
|
|
|
|
|
|
|
Expire caches after project creation to ensure a consistent state
See merge request !3586
|
|
Only update main language if it is not already set
Related to gitlab-org/gitlab-ce#14937 (but does not fully fix) This is a temporary fix so performance isn't affected so much.
cc @yorickpeterse @ayufan how does this look?
See merge request !3556
|
|
This commit attempts to change default user search scope if otp_user_id
session variable has been set. If it is present, it means that user has
2FA enabled, and has already been verified with login and password. In
this case we should look for user with otp_user_id first, before picking
it up by login.
|
|
API: Ability to filter milestones by state
Ability to filter milestones by `active` and `closed` state.
* Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/14931
See merge request !3566
|
|
Expose badges
This MR exposes badge somewhere in visible place.
![expose_badges](/uploads/d2e290d3013d1ef2b1bdeebbbe2c5d8b/expose_badges.png)
Closes #13801
See merge request !3326
|
|
Fixes #14638.
The SQL query was ambiguous and in this case we want to filter projects.
See merge request !3462
|
|
Return status code 303 after a branch DELETE operation to avoid project deletion
Closes #14994
See merge request !3583
|
|
Closes #14961
|
|
Update coveralls from 0.8.9 to 0.8.13 and simplecov from 0.10.0 to 0.11.2
This removes a few dependencies! It was also rude to be using coveralls
0.8.9, considering 0.8.12 introduced support for GitLab CI :) Also
paves the way for updating mime-types to 3.0.
Coveralls Changelog:
https://github.com/lemurheavy/coveralls-ruby/releases
Simplecov Changelog:
https://github.com/colszowka/simplecov/blob/master/CHANGELOG.md
See merge request !3584
|
|
|
|
Fix typo in .gitlab-ci.yml doc. [ci skip]
See merge request !3581
|
|
This removes a few dependencies! It was also rude to be using coveralls
0.8.9, considering 0.8.12 introduced support for GitLab CI :) Also
paves the way for updating mime-types to 3.0.
Coveralls Changelog:
https://github.com/lemurheavy/coveralls-ruby/releases
Simplecov Changelog:
https://github.com/colszowka/simplecov/blob/master/CHANGELOG.md
|
|
Closes #14994
|
|
Reset merge request widget options
Fixes #14986
See merge request !3582
|
|
|
|
Allow SAML to identify external users and set them as such
Related to #4009
Fixes #14577
This allows SAML to retrieve group information form the `SAML Response`
and match that to a setting that will flag all matching users as external.
See merge request !3530
|
|
Wiki preview URL converting problem [via Markdown]
Current implementation when rendering the preview, thinks relative links are for project repository files.
We are creating a new preview route that will define correct context data to render for wikis instead.
Fixes #2380, #1184
See merge request !3461
|
|
|
|
|