Age | Commit message (Collapse) | Author | |
---|---|---|---|
2018-04-08 | [Rails5] Add `safe_params` helper | blackst0ne | |
Rails 5.0 requires to explicitly permit attributes when building a URL using current `params` object. The `safe_params` helper allows developers to just call `safe_params.merge(...)` instead of manually adding `permit` to every call. https://github.com/rails/rails/pull/20868 | |||
2018-04-04 | Add better LDAP connection handling | Francisco Javier López | |
2018-02-28 | Moved o_auth/saml/ldap modules under gitlab/auth | Horatiu Eugen Vlad | |
2018-02-22 | Port `read_cross_project` ability from EE | Bob Van Landuyt | |
2018-02-02 | use Gitlab::UserSettings directly as a singleton instead of ↵ | Mario de la Ossa | |
including/extending it | |||
2018-01-24 | Return a blank JSON response for a missing .js file to prevent Rails CSRF errors | Stan Hu | |
The default 404 handler would return the Content-Type format based on the given format extension. This would cause the Rails CSRF protection to flag an error, since the .js extension gets mapped to text/javascript format. Closes #40771 | |||
2017-11-23 | Allow password authentication to be disabled entirely | Markus Koller | |
2017-11-20 | Impersonation no longer gets stuck on password change. | Tiago Botelho | |
2017-11-20 | Merge branch '18040-rubocop-line-break-after-guard-clause' into 'master' | Rémy Coutable | |
Adds Rubocop rule for line break after guard clause Closes #18040 See merge request gitlab-org/gitlab-ce!15188 | |||
2017-11-17 | Applied some code review comments | Francisco Lopez | |
2017-11-17 | Some fixes after rebase | Francisco Lopez | |
2017-11-17 | Fix OAuth API and RSS rate limiting | Michael Kozono | |
2017-11-17 | Add request throttles | Michael Kozono | |
2017-11-16 | Adds Rubocop rule for line break after guard clause | Jacopo | |
Adds a rubocop rule (with autocorrect) to ensure line break after guard clauses. | |||
2017-11-02 | Remove authentication using user.private_token | Douwe Maan | |
2017-10-20 | URI decode Page-Title header to preserve UTF-8 characters | Toon Claes | |
2017-10-04 | Fix username and ID not logging in production_json.log for Git activity | Stan Hu | |
Devise sets `current_user`, but not all controllers authenticate users by session tokens. Try to use the controller-defined `authenticated_user` if `current_user` is not available. Closes gitlab-org/gitlab-ee#3611 | |||
2017-09-26 | Encode Page-Title header as ISO-8859-1 | Douwe Maan | |
2017-09-26 | Add Page-Title header to tree and blob JSON endpoints | Douwe Maan | |
2017-09-01 | Rollsback changes made to signing_enabled. | Tiago Botelho | |
2017-08-09 | Enable the Layout/SpaceBeforeBlockBraces cop | Rémy Coutable | |
Signed-off-by: Rémy Coutable <remy@rymai.me> | |||
2017-08-07 | GRPC::Unavailable (< GRPC::BadStatus) is wrapped in a CommandError | Bob Van Landuyt | |
2017-08-04 | Add a Circuitbreaker for storage paths | Bob Van Landuyt | |
2017-07-28 | Add remote IP, user ID and username to JSON lograge output | Stan Hu | |
This makes the logs a bit more useful to search requests by users. | |||
2017-07-13 | Fixes needed when GitLab sign-in is not enabled | Robin Bobbitt | |
When sign-in is disabled: - skip password expiration checks - prevent password reset requests - don’t show Password tab in User Settings - don’t allow login with username/password for Git over HTTP requests - render 404 on requests to Profiles::PasswordsController | |||
2017-07-06 | Allow to enable the performance bar per user or Flipper group | Rémy Coutable | |
A `performance_team` Flipper group has been created. By default this group is nil but this can be customized in `gitlab.yml` via the performance_bar.allowed_group setting. Signed-off-by: Rémy Coutable <remy@rymai.me> | |||
2017-07-05 | Log rescued exceptions to Sentry | Stan Hu | |
Support noticed that a number of exceptions, such as "Encoding::CompatibilityError (incompatible character encodings: UTF-8 and ASCII-8BIT)", failed to report to Sentry. The `rescue_from` in the ApplicationController prevented these exceptions from being recorded. This change ensures that these exceptions are properly captured. | |||
2017-06-20 | Add rescue_from(ActionController::UnknownFormat) in Application Controller | Pawel Chojnacki | |
2017-06-09 | Fix linting, route, and specs | Rémy Coutable | |
Signed-off-by: Rémy Coutable <remy@rymai.me> | |||
2017-06-09 | Small adjustments | Rémy Coutable | |
Signed-off-by: Rémy Coutable <remy@rymai.me> | |||
2017-06-09 | Don't use Pygment,rb, use Rouge instead, and put peek-pg in the :postgres group | Rémy Coutable | |
Signed-off-by: Rémy Coutable <remy@rymai.me> | |||
2017-06-09 | New performance bar that can be enabled with the `p b` shortcut | Rémy Coutable | |
Signed-off-by: Rémy Coutable <remy@rymai.me> | |||
2017-05-25 | Merge branch '32748-emails-are-being-sent-with-the-wrong-language' into 'master' | Douwe Maan | |
Bugfix: Always use the default language when generating emails. Closes #32748 See merge request !11662 | |||
2017-05-25 | Bugfix: Always use the default language when generating emails. | Ruben Davila | |
There was a race condition issue when the application was generating an email and was using a language that was previously being used in other request. | |||
2017-05-24 | atom links with rss token instead of private token | Alexis Reigel | |
2017-05-09 | Merge request widget redesign | Fatih Acet | |
2017-05-05 | Redirect from redirect routes to canonical routes | Michael Kozono | |
2017-05-04 | More updates for translations plus some refactoring. | Ruben Davila | |
2017-05-03 | First round of updates from the code review. | Ruben Davila | |
2017-05-02 | Merge branch 'master' into 28433-internationalise-cycle-analytics-page | Ruben Davila | |
2017-04-28 | Resolve "Add more tests for spec/controllers/projects/builds_controller_spec.rb" | Dosuken shinya | |
2017-04-20 | Fix Rubocop complains plus some small refactor | Ruben Davila | |
2017-04-13 | Set locale through controller filter | Ruben Davila | |
2017-04-06 | Extract 2FA-related code from ApplicationController | Markus Koller | |
2017-04-06 | Support 2FA requirement per-group | Markus Koller | |
2017-04-06 | Move AuthHelper#two_factor_skippable? into ApplicationController | Markus Koller | |
2017-03-22 | Don't try to find a user by personal_access_token if the token is nil | Rémy Coutable | |
Signed-off-by: Rémy Coutable <remy@rymai.me> | |||
2017-03-09 | use the policy stack to protect logins | http://jneen.net/ | |
2017-03-09 | use a magic default :global symbol instead of nil | http://jneen.net/ | |
to make sure we mean the global permissions | |||
2017-03-06 | Make Warden set_user hook validate user ip uniquness | Pawel Chojnacki | |
+ rename shared context |