Age | Commit message (Collapse) | Author |
|
|
|
Add find key by base64 key or fingerprint to the internal API
See merge request !250
Squashed changes:
Add unique index to fingerprint
Add new index to schema
Add internal api to get ssh key by fingerprint
Change API endpoint to authorized_keys
Add InsecureKeyFingerprint that calculates the fingerprint without shelling out
Add require for gitlab key fingerprint
Remove uniqueness of fingerprint index
Remove unique option from migration
Fix spec style in fingerprint test
Fix rubocop complain
Extract insecure key fingerprint to separate file
Change migration to support building index concurrently
Remove those hideous tabs
|
|
On GitLab.com, there are write deploy keys with no associated users.
Pushes with these deploy keys end with an Error 500 since we attempt
to look up redirect message. If there is no user, don't attempt
to display a redirect message.
Closes #41466
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Somehow Rails.cache.fetch occasionally returns `nil` values, which causes
this endpoint to crash.
Closes #35094
|
|
- Make single gitaly payload
- Add feature-flag specs to verify payload
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
No external behavior change.
This allows `GitHttpController` to set the HTTP status based on the type of error. Alternatively, we could have added an attribute to GitAccessStatus, but this pattern seemed appropriate.
|
|
|
|
Use the EnforcedStyleForMultiline: no_comma option.
Signed-off-by: RĂ©my Coutable <remy@rymai.me>
|
|
|
|
This new param allows us to share project information between components
that don't share or don't have access to the same filesystem
mountpoints, for example between Gitaly and Rails or between Rails and
Gitlab-Shell hooks. The previous parameters are still supported, but if
found, gl_repository is prefered. The old parameters should be deprecated
once all components support the new format.
|
|
|
|
|
|
migration
It uses a user activity table instead of a column in users.
Tested with mySQL and postgreSQL
|
|
Signed-off-by: RĂ©my Coutable <remy@rymai.me>
|
|
|
|
|
|
|
|
|
|
Addresses: Issue #13810
1. Adds a last_used_at attribute to the Key table/model
2. Update a key's last_used_at whenever it gets used
3. Display how long ago an ssh key was last used
|
|
1. Starting version 2.11, git changed the way the pre-receive flow works.
- Previously, the new potential objects would be added to the main repo. If the
pre-receive passes, the new objects stay in the repo but are linked up. If
the pre-receive fails, the new objects stay orphaned in the repo, and are
cleaned up during the next `git gc`.
- In 2.11, the new potential objects are added to a temporary "alternate object
directory", that git creates for this purpose. If the pre-receive passes, the
objects from the alternate object directory are migrated to the main repo. If
the pre-receive fails the alternate object directory is simply deleted.
2. In our workflow, the pre-recieve script (in `gitlab-shell) calls the
`/allowed` endpoint, which calls out directly to git to perform
various checks. These direct calls to git do _not_ have the necessary
environment variables set which allow access to the "alternate object
directory" (explained above). Therefore these calls to git are not able to
access any of the new potential objects to be added during this push.
3. We fix this by accepting the relevant environment variables
(GIT_ALTERNATE_OBJECT_DIRECTORIES, GIT_OBJECT_DIRECTORY) on the
`/allowed` endpoint, and then include these environment variables while
calling out to git.
4. This commit includes (whitelisted) these environment variables while making
the "force push" check. A `Gitlab::Git::RevList` module is extracted to
prevent `ForcePush` from being littered with these checks.
|
|
gitlab-shell v3.6.6 would give project paths like so:
* namespace/project
gitlab-shell v4.0.0 can give project paths like so:
* /namespace1/namespace2/project
* /namespace/project
* /path/to/repository/storage/namespace1/namespace2/project
* /path/to/repository/storage/namespace/project
|
|
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
|
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
|
|
Redis connection.
Reset expiry time of token, if token is retrieved again before it expires.
|
|
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6043"
This reverts commit 6d43c95b7011ec7ec4600e00bdc8df76bb39813c.
|
|
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6043
|
|
|
|
# Conflicts:
# app/controllers/projects/git_http_client_controller.rb
# app/helpers/lfs_helper.rb
# lib/gitlab/auth.rb
# spec/requests/lfs_http_spec.rb
|
|
LFS Tokens
|
|
simplify external code.
|
|
`/lfs_authenticate` and added tests.
|
|
a 1 use only token.
|