| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2019-12-04 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
| 2019-10-10 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
| 2019-09-28 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
| 2019-09-13 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
| 2019-09-03 | If user can push to docker then it can delete too | Giorgenes Gelatti | |
| Extends the permission of $CI_REGISTRY_USER to allow them to delete tags in addition to just pushing. https://gitlab.com/gitlab-org/gitlab-ce/issues/40096 | |||
| 2019-08-27 | Removed rubocop disable flags, updated changelog | Etienne Baqué | |
| 2019-08-27 | Updated call to find deploy token | Etienne Baqué | |
| 2019-08-23 | Exempt `jwt/auth` for user `gitlab-ci-token` from rate limiting | Marius Bobin | |
| 2019-07-10 | Add a rubocop for Rails.logger | Mayra Cabrera | |
| Suggests to use a JSON structured log instead Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/54102 | |||
| 2019-04-15 | Added write_repository scope for personal access token | Horatiu Eugen Vlad | |
| 2019-02-06 | Fix #44332 - Add support for profile and email | GotenXiao | |
| 2018-12-17 | Revert "Revert "LfsToken uses JSONWebToken::HMACToken by default"" | Ash McKenzie | |
| This reverts commit 00acef434031b5dc0bf39576a9e83802c7806842. | |||
| 2018-12-05 | Revert "LfsToken uses JSONWebToken::HMACToken by default" | 🤖 GitLab Bot 🤖 | |
| This reverts commit 22954f220231281360377922b709efb904559949 | |||
| 2018-12-05 | LfsToken uses JSONWebToken::HMACToken by default | Ash McKenzie | |
| LfsToken::HMACToken#token_valid?() will be examined and if false, look in redis via LfsToken::LegacyRedisDeviseToken#token_valid?(). | |||
| 2018-10-29 | Merge branch 'fix_pat_auth-11-4' into 'security-11-4' | Robert Speicher | |
| [11.4] Fix Token lookup for Git over HTTP and registry authentication See merge request gitlab/gitlabhq!2577 | |||
| 2018-10-22 | Enable frozen string for lib/gitlab/*.rb | gfyoung | |
| 2018-09-11 | Disable existing offenses for the CodeReuse cops | Yorick Peterse | |
| This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. | |||
| 2018-07-20 | Disable SAML if OmniAuth is disabled | Lin Jen-Shin | |
| We also try to unify the way we setup OmniAuth, and how we check if it's enabled or not. | |||
| 2018-06-04 | Bring back the EE changes to CE to authentication of builds | Kamil Trzciński | |
| 2018-06-01 | Introduce Gitlab::Auth.omniauth_setup_providers | Lin Jen-Shin | |
| Which could extend from EE | |||
| 2018-06-01 | Eliminate constants warnings by: | Lin Jen-Shin | |
| * Replace `require` or `require_relative` with `require_dependency` * Remove unneeded `autoload` | |||
| 2018-04-18 | Resolve "Make a Rubocop that forbids returning from a block" | 🙈 jacopo beschi 🙉 | |
| 2018-04-07 | Use proper auth_scope for deploy token | Kamil Trzciński | |
| 2018-04-07 | Increase test suite around deploy tokens behavior | Mayra Cabrera | |
| Also, fixes broken specs | |||
| 2018-04-07 | Fixes broken schema and minor changes | Mayra Cabrera | |
| 2018-04-07 | Include ProjectDeployTokens | Mayra Cabrera | |
| Also: - Changes scopes from serializer to use boolean columns - Fixes broken specs | |||
| 2018-04-07 | Support Deploy Tokens properly without hacking abilities | Kamil Trzciński | |
| 2018-04-07 | Addreses backend review suggestions | Mayra Cabrera | |
| - Remove extra method for authorize_admin_project - Ensure project presence - Rename 'read_repo' to 'read_repository' to be more verbose | |||
| 2018-04-07 | Removes logic from Jwt and handle different scenarios on Gitlab::Auth | Mayra Cabrera | |
| - When using 'read_repo' password and project are sent, so we used both of them to fetch for the token - When using 'read_registry' only the password is sent, so we only use that for fetching the token | |||
| 2018-04-07 | Implement 'read_repo' for DeployTokens | Mayra Cabrera | |
| This will allow to download a repo using the token from the DeployToken | |||
| 2018-03-27 | Fix LDAP login without user in DB | Horatiu Eugen Vlad | |
| 2018-03-06 | Make oauth provider login generic | Horatiu Eugen Vlad | |
| 2018-02-28 | Moved o_auth/saml/ldap modules under gitlab/auth | Horatiu Eugen Vlad | |
| 2018-02-02 | use Gitlab::UserSettings directly as a singleton instead of ↵ | Mario de la Ossa | |
| including/extending it | |||
| 2017-11-24 | Merge branch 'dm-fix-registry-with-sudo-token' into 'master' | Sean McGivern | |
| Fix pulling and pushing using a personal access token with the sudo scope Closes #40466 See merge request gitlab-org/gitlab-ce!15571 | |||
| 2017-11-23 | Fix pulling and pushing using a personal access token with the sudo scope | Douwe Maan | |
| 2017-11-23 | Allow password authentication to be disabled entirely | Markus Koller | |
| 2017-11-08 | Fix Error 500 when pushing LFS objects with a write deploy key | Stan Hu | |
| 2017-11-02 | Add sudo API scope | Douwe Maan | |
| 2017-11-02 | Consistently use PersonalAccessToken instead of PersonalToken | Douwe Maan | |
| 2017-09-18 | Clean up read_registry scope changes | Robin Bobbitt | |
| Closes #37789 | |||
| 2017-09-12 | Merge branch 'hide-read-registry-scope-when-registry-disabled' into 'master' | Kamil Trzciński | |
| Hide read_registry scope when registry is disabled on instance See merge request !13314 | |||
| 2017-09-01 | Merge branch '37202-revert-changes-to-signing-enabled' into 'master' | Douwe Maan | |
| Rollback changes made to signing_enabled. Closes #37202 See merge request !13956 | |||
| 2017-09-01 | Rollsback changes made to signing_enabled. | Tiago Botelho | |
| 2017-08-31 | `current_application_settings` belongs on `Gitlab::CurrentSettings` | Sean McGivern | |
| The initializers including this were doing so at the top level, so every object loaded after them had a `current_application_settings` method. However, if someone had rack-attack enabled (which was loaded before these initializers), it would try to load the API, and fail, because `Gitlab::CurrentSettings` didn't have that method. To fix this: 1. Don't include `Gitlab::CurrentSettings` at the top level. We do not need `Object.new.current_application_settings` to work. 2. Make `Gitlab::CurrentSettings` explicitly `extend self`, as we already use it like that in several places. 3. Change the initializers to use that new form. | |||
| 2017-08-22 | Hide read_registry scope when registry is disabled on instance | Robin Bobbitt | |
| 2017-08-14 | Whitelist or fix additional `Gitlab/PublicSend` cop violations | Robert Speicher | |
| An upcoming update to rubocop-gitlab-security added additional violations. | |||
| 2017-08-02 | Cleanup tests and add admin_container_image to | Lin Jen-Shin | |
| full_authentication_abilities. This is fine because we're going to check with can?(..) anyway | |||
| 2017-07-13 | Fixes needed when GitLab sign-in is not enabled | Robin Bobbitt | |
| When sign-in is disabled: - skip password expiration checks - prevent password reset requests - don’t show Password tab in User Settings - don’t allow login with username/password for Git over HTTP requests - render 404 on requests to Profiles::PasswordsController | |||
| 2017-06-30 | `AccessTokenValidationService` accepts `String` or `API::Scope` scopes. | Timothy Andrew | |
| - There's no need to use `API::Scope` for scopes that don't have `if` conditions, such as in `lib/gitlab/auth.rb`. | |||
Welcome to mirror list, hosted at ThFree Co, Russian Federation.
 |
index : gitlab.com/gitlab-org/gitlab-foss.git | |
| Unnamed repository; edit this file 'description' to name the repository. | root |
| summaryrefslogtreecommitdiff |