Age | Commit message (Collapse) | Author | |
---|---|---|---|
2023-08-18 | Add latest changes from gitlab-org/gitlab@16-3-stable-eev16.3.0-rc42 | GitLab Bot | |
2023-06-20 | Add latest changes from gitlab-org/gitlab@16-1-stable-eev16.1.0-rc42 | GitLab Bot | |
2023-05-17 | Add latest changes from gitlab-org/gitlab@16-0-stable-eev16.0.0-rc42 | GitLab Bot | |
2023-02-20 | Add latest changes from gitlab-org/gitlab@15-9-stable-eev15.9.0-rc42 | GitLab Bot | |
2023-01-18 | Add latest changes from gitlab-org/gitlab@15-8-stable-eev15.8.0-rc42 | GitLab Bot | |
2022-12-20 | Add latest changes from gitlab-org/gitlab@15-7-stable-eev15.7.0-rc42 | GitLab Bot | |
2022-10-20 | Add latest changes from gitlab-org/gitlab@15-5-stable-eev15.5.0-rc42 | GitLab Bot | |
2022-08-18 | Add latest changes from gitlab-org/gitlab@15-3-stable-eev15.3.0-rc42 | GitLab Bot | |
2022-06-20 | Add latest changes from gitlab-org/gitlab@15-1-stable-eev15.1.0-rc42 | GitLab Bot | |
2022-05-19 | Add latest changes from gitlab-org/gitlab@15-0-stable-eev15.0.0-rc42 | GitLab Bot | |
2021-12-20 | Add latest changes from gitlab-org/gitlab@14-6-stable-eev14.6.0-rc42 | GitLab Bot | |
2021-06-16 | Add latest changes from gitlab-org/gitlab@14-0-stable-eev14.0.0-rc42 | GitLab Bot | |
2021-05-19 | Add latest changes from gitlab-org/gitlab@13-12-stable-eev13.12.0-rc42 | GitLab Bot | |
2021-04-21 | Add latest changes from gitlab-org/gitlab@13-11-stable-eev13.11.0-rc43 | GitLab Bot | |
2020-10-21 | Add latest changes from gitlab-org/gitlab@13-5-stable-eev13.5.0-rc42 | GitLab Bot | |
2020-09-19 | Add latest changes from gitlab-org/gitlab@13-4-stable-ee | GitLab Bot | |
2020-09-01 | Add latest changes from gitlab-org/security/gitlab@13-3-stable-ee | GitLab Bot | |
2020-08-20 | Add latest changes from gitlab-org/gitlab@13-3-stable-ee | GitLab Bot | |
2020-07-20 | Add latest changes from gitlab-org/gitlab@13-2-stable-ee | GitLab Bot | |
2020-05-20 | Add latest changes from gitlab-org/gitlab@13-0-stable-ee | GitLab Bot | |
2020-03-13 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2020-01-08 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-12-20 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-12-11 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-11-17 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-10 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-09-30 | Validate that SAML requests are originated from gitlab | Sebastian Arcila Valenzuela | |
If the request wasn't initiated by gitlab we shouldn't add the new identity to the user, and instead show that we weren't able to link the identity to the user. This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/56509 | |||
2019-09-30 | Add checking for email_verified key | Małgorzata Ksionek | |
Fix rubocop offences and add changelog Add email_verified key for feature specs Add code review remarks Add code review remarks Fix specs | |||
2019-09-13 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-07-26 | Ensure Warden triggers after_authentication callback | Imre Farkas | |
By not triggering the callback: - ActiveSession lookup keys are not cleaned - Devise also misses its hook related to session cleanup | |||
2019-05-06 | CE changes for SSO web enforcement | James Edwards-Jones | |
Adds two methods for us to extend in EE: - OmniauthCallbacksController#link_identity - GroupPolicy#lookup_access_level! | |||
2019-04-08 | Externalize strings in flash messages | Martin Wortschack | |
- Externalize strings in controllers - Update PO file | |||
2019-03-19 | Move out link\unlink ability checks to a policy | Pavel Shutsin | |
We can extend the policy in EE for additional behavior | |||
2019-02-06 | Backport build_auth_user for GroupSAML callback | James Edwards-Jones | |
2019-02-04 | Avoid CSRF check on SAML failure endpoint | James Edwards-Jones | |
SAML and OAuth failures should cause a message to be presented, as well as logging that an attempt was made. These were incorrectly prevented by the CSRF check on POST endpoints such as SAML. In addition we were using a NullSession forgery protection, which made testing more difficult and could have allowed account linking to take place if a CSRF was ever needed but not present. | |||
2019-01-10 | Addressing peer review feedback. | Scott Escue | |
Replacing inline JS with ES 2015 functions included in pages/sessions/new. Also applying suggested server-side syntax improvements to OmniAuthCallbacksController. | |||
2019-01-10 | Preserve URL fragment across sign-in and sign-up redirects | Scott Escue | |
If window.location contains a URL fragment, append the fragment to all sign-in forms, the sign-up form, and all button based providers. | |||
2018-09-19 | Enable frozen string in app/controllers/**/*.rb | gfyoung | |
Enables frozen string for the following: * app/controllers/*.rb * app/controllers/admin/**/*.rb * app/controllers/boards/**/*.rb * app/controllers/ci/**/*.rb * app/controllers/concerns/**/*.rb Partially addresses #47424. | |||
2018-06-25 | Honor saml assurance level to allow 2FA bypassing | Roger Rüttimann | |
2018-06-21 | [Rails5] Force the `protect_from_forgery` callback run first | blackst0ne | |
Since Rails 5.0 the `protect_from_forgery` callback doesn't run first by default anymore. [1] Instead it gets inserted into callbacks chain where callbacks get called in order. This commit forces the callback to run first. [1]: https://github.com/rails/rails/commit/39794037817703575c35a75f1961b01b83791191 | |||
2018-05-21 | Backport helpers from GroupSAML failure messages | James Edwards-Jones | |
2018-05-04 | Backport IdentityLinker#failed? from GroupSaml callback flow | James Edwards-Jones | |
2018-04-30 | Exclude LDAP from OmniauthCallbackController base methods | James Edwards-Jones | |
2018-04-23 | Replace define_method with alias_method in Omniauth Controllers | James Edwards-Jones | |
2018-04-23 | Unify Saml::IdentityLinker and OAuth::IdentityLinker | James Edwards-Jones | |
2018-04-23 | Show error on failed OAuth account link | James Edwards-Jones | |
2018-04-23 | Refactor OmniauthCallbacksController to remove duplication | James Edwards-Jones | |
Moves LDAP to its own controller with tests Provides path forward for implementing GroupSaml | |||
2018-03-22 | Writes specs | Tiago Botelho | |
2018-03-22 | Tracks the number of failed attempts made by a user trying to authenticate ↵ | Tiago Botelho | |
with any external authentication method | |||
2018-03-21 | Merge branch 'fix/auth0-unsafe-login-10-6' into 'security-10-6' | James Lopez | |
[10.6] Fix GitLab Auth0 integration signs in the wrong user See merge request gitlab/gitlabhq!2354 |