| Age | Commit message (Collapse) | Author |
|---|
|
|
|
- Move the `TwoFactorAuthsController`'s `new` action to `show`, since
the page is not used to create a single "two factor auth" anymore. We
can have a single 2FA authenticator app, along with any number of U2F
devices, in any combination, so the page will be accessed after the
first "two factor auth" is created.
- Add the `u2f` javascript library, which provides an API to the
browser's U2F implementation.
- Add tests for the JS components
|
|
- To hold registrations from U2F devices, and to authenticate them.
- Previously, `User#two_factor_enabled` was aliased to the
`otp_required_for_login` column on `users`.
- This commit changes things a bit:
- `User#two_factor_enabled` is not a method anymore
- `User#two_factor_enabled?` checks both the
`otp_required_for_login` column, as well as `U2fRegistration`s
- Change all instances of `User#two_factor_enabled` to
`User#two_factor_enabled?`
- Add the `u2f` gem, and implement registration/authentication at the
model level.
|
|
Upgrade devise, devise-two-factor, and attr_encrypted
Devise 4 includes support for Rails 5, working towards #14286. devise-async doesn't support Devise 4.0 and in 4.1 the bug that was blocking using Devise's built-in ActiveJob integration was fixed. So devise-async is removed. devise-two-factor 3.0.0 is required for Devise 4 support.
attr_encrypted and encryptor are optional but recommended upgrades for devise-two-factor 3.0.0. The mode and algorithm will need to be changed in order to update to attr_encrypted 4.x in the future.
See merge request !4216
|
|
|
|
Devise (3.5.4 => 4.1.1) Changelog:
https://github.com/plataformatec/devise/blob/master/CHANGELOG.md
devise-two-factor (2.0.1 => 3.0.0) Changelog:
https://github.com/tinfoil/devise-two-factor/blob/master/CHANGELOG.md
These are reliant on each other, so they have to be upgraded together.
devise-async is no longer necessary as Devise 4.1 fixes a bug with the
ActiveJob integration.
|
|
|
|
|
|
|
|
|
|
Closes #14370
Move gon function into its own helper
|
|
This will let us filter errors by the program environment in which they
were encountered.
Source: http://stackoverflow.com/a/28370539/223897
Closes #15092
|
|
# Conflicts:
# app/models/issue.rb
# app/views/projects/_home_panel.html.haml
# app/views/shared/projects/_project.html.haml
# db/schema.rb
# spec/models/project_spec.rb
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Prior, if the request format was, for example, .zip, we'd get an
`ActionView::MissingTemplate` error.
|
|
|
|
|
|
|
|
Currently there is no way to download a raw file without embedding
the token in the URL, which exposes the token in the URL. There
should be an way of sending this information via the header as the
API does.
Closes https://github.com/gitlabhq/gitlabhq/issues/8137
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Now we apply syntax highlighting to the whole old and new files.
This basically help us to highlight adequately multiline content.
|
|
Sorting by "id" has the same effect as sorting by created_at while
performing far better and without the need of an extra index (in case
one wanted to speed up sorting by "created_at").
Sorting by "Recently updated" still uses the physical "updated_at"
column as there's no way to use the "id" column for this instead.
|
|
|
|
simplified code and fixed stuffs
|
|
|
|
|
|
|
|
It was possible to create an infi redirect when the user set up the
`home_page_url` to redirect to the main URL of the gitlab instance.
This fix makes sure this redirect is not possible.
Fixes !1020
Signed-off-by: Jeroen van Baarsen <jeroenvanbaarsen@gmail.com>
|
|
Prefer project with exact path to differently cased one when both exist.
Fixes #3113.
See merge request !1649
|
|
|
|
Safari 9.0 does not yet honor the HTML5 `origin-when-cross-origin` mode,
and it's possible load balancers/proxies strip the HTTP_REFERER from
the request header. In these cases, default to some default path.
Closes #3122
Closes https://github.com/gitlabhq/gitlabhq/issues/9731
|
|
|
|
|
|
This allows us to give a nice 404 for e.g. archive.zip.
|
|
|
