Age | Commit message (Collapse) | Author | |
---|---|---|---|
2019-12-04 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-10-10 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-09-28 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-09-13 | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | |
2019-09-03 | If user can push to docker then it can delete too | Giorgenes Gelatti | |
Extends the permission of $CI_REGISTRY_USER to allow them to delete tags in addition to just pushing. https://gitlab.com/gitlab-org/gitlab-ce/issues/40096 | |||
2019-08-27 | Removed rubocop disable flags, updated changelog | Etienne Baqué | |
2019-08-27 | Updated call to find deploy token | Etienne Baqué | |
2019-08-23 | Exempt `jwt/auth` for user `gitlab-ci-token` from rate limiting | Marius Bobin | |
2019-07-10 | Add a rubocop for Rails.logger | Mayra Cabrera | |
Suggests to use a JSON structured log instead Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/54102 | |||
2019-04-15 | Added write_repository scope for personal access token | Horatiu Eugen Vlad | |
2019-02-06 | Fix #44332 - Add support for profile and email | GotenXiao | |
2018-12-17 | Revert "Revert "LfsToken uses JSONWebToken::HMACToken by default"" | Ash McKenzie | |
This reverts commit 00acef434031b5dc0bf39576a9e83802c7806842. | |||
2018-12-05 | Revert "LfsToken uses JSONWebToken::HMACToken by default" | 🤖 GitLab Bot 🤖 | |
This reverts commit 22954f220231281360377922b709efb904559949 | |||
2018-12-05 | LfsToken uses JSONWebToken::HMACToken by default | Ash McKenzie | |
LfsToken::HMACToken#token_valid?() will be examined and if false, look in redis via LfsToken::LegacyRedisDeviseToken#token_valid?(). | |||
2018-10-29 | Merge branch 'fix_pat_auth-11-4' into 'security-11-4' | Robert Speicher | |
[11.4] Fix Token lookup for Git over HTTP and registry authentication See merge request gitlab/gitlabhq!2577 | |||
2018-10-22 | Enable frozen string for lib/gitlab/*.rb | gfyoung | |
2018-09-11 | Disable existing offenses for the CodeReuse cops | Yorick Peterse | |
This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. | |||
2018-07-20 | Disable SAML if OmniAuth is disabled | Lin Jen-Shin | |
We also try to unify the way we setup OmniAuth, and how we check if it's enabled or not. | |||
2018-06-04 | Bring back the EE changes to CE to authentication of builds | Kamil Trzciński | |
2018-06-01 | Introduce Gitlab::Auth.omniauth_setup_providers | Lin Jen-Shin | |
Which could extend from EE | |||
2018-06-01 | Eliminate constants warnings by: | Lin Jen-Shin | |
* Replace `require` or `require_relative` with `require_dependency` * Remove unneeded `autoload` | |||
2018-04-18 | Resolve "Make a Rubocop that forbids returning from a block" | 🙈 jacopo beschi 🙉 | |
2018-04-07 | Use proper auth_scope for deploy token | Kamil Trzciński | |
2018-04-07 | Increase test suite around deploy tokens behavior | Mayra Cabrera | |
Also, fixes broken specs | |||
2018-04-07 | Fixes broken schema and minor changes | Mayra Cabrera | |
2018-04-07 | Include ProjectDeployTokens | Mayra Cabrera | |
Also: - Changes scopes from serializer to use boolean columns - Fixes broken specs | |||
2018-04-07 | Support Deploy Tokens properly without hacking abilities | Kamil Trzciński | |
2018-04-07 | Addreses backend review suggestions | Mayra Cabrera | |
- Remove extra method for authorize_admin_project - Ensure project presence - Rename 'read_repo' to 'read_repository' to be more verbose | |||
2018-04-07 | Removes logic from Jwt and handle different scenarios on Gitlab::Auth | Mayra Cabrera | |
- When using 'read_repo' password and project are sent, so we used both of them to fetch for the token - When using 'read_registry' only the password is sent, so we only use that for fetching the token | |||
2018-04-07 | Implement 'read_repo' for DeployTokens | Mayra Cabrera | |
This will allow to download a repo using the token from the DeployToken | |||
2018-03-27 | Fix LDAP login without user in DB | Horatiu Eugen Vlad | |
2018-03-06 | Make oauth provider login generic | Horatiu Eugen Vlad | |
2018-02-28 | Moved o_auth/saml/ldap modules under gitlab/auth | Horatiu Eugen Vlad | |
2018-02-02 | use Gitlab::UserSettings directly as a singleton instead of ↵ | Mario de la Ossa | |
including/extending it | |||
2017-11-24 | Merge branch 'dm-fix-registry-with-sudo-token' into 'master' | Sean McGivern | |
Fix pulling and pushing using a personal access token with the sudo scope Closes #40466 See merge request gitlab-org/gitlab-ce!15571 | |||
2017-11-23 | Fix pulling and pushing using a personal access token with the sudo scope | Douwe Maan | |
2017-11-23 | Allow password authentication to be disabled entirely | Markus Koller | |
2017-11-08 | Fix Error 500 when pushing LFS objects with a write deploy key | Stan Hu | |
2017-11-02 | Add sudo API scope | Douwe Maan | |
2017-11-02 | Consistently use PersonalAccessToken instead of PersonalToken | Douwe Maan | |
2017-09-18 | Clean up read_registry scope changes | Robin Bobbitt | |
Closes #37789 | |||
2017-09-12 | Merge branch 'hide-read-registry-scope-when-registry-disabled' into 'master' | Kamil Trzciński | |
Hide read_registry scope when registry is disabled on instance See merge request !13314 | |||
2017-09-01 | Merge branch '37202-revert-changes-to-signing-enabled' into 'master' | Douwe Maan | |
Rollback changes made to signing_enabled. Closes #37202 See merge request !13956 | |||
2017-09-01 | Rollsback changes made to signing_enabled. | Tiago Botelho | |
2017-08-31 | `current_application_settings` belongs on `Gitlab::CurrentSettings` | Sean McGivern | |
The initializers including this were doing so at the top level, so every object loaded after them had a `current_application_settings` method. However, if someone had rack-attack enabled (which was loaded before these initializers), it would try to load the API, and fail, because `Gitlab::CurrentSettings` didn't have that method. To fix this: 1. Don't include `Gitlab::CurrentSettings` at the top level. We do not need `Object.new.current_application_settings` to work. 2. Make `Gitlab::CurrentSettings` explicitly `extend self`, as we already use it like that in several places. 3. Change the initializers to use that new form. | |||
2017-08-22 | Hide read_registry scope when registry is disabled on instance | Robin Bobbitt | |
2017-08-14 | Whitelist or fix additional `Gitlab/PublicSend` cop violations | Robert Speicher | |
An upcoming update to rubocop-gitlab-security added additional violations. | |||
2017-08-02 | Cleanup tests and add admin_container_image to | Lin Jen-Shin | |
full_authentication_abilities. This is fine because we're going to check with can?(..) anyway | |||
2017-07-13 | Fixes needed when GitLab sign-in is not enabled | Robin Bobbitt | |
When sign-in is disabled: - skip password expiration checks - prevent password reset requests - don’t show Password tab in User Settings - don’t allow login with username/password for Git over HTTP requests - render 404 on requests to Profiles::PasswordsController | |||
2017-06-30 | `AccessTokenValidationService` accepts `String` or `API::Scope` scopes. | Timothy Andrew | |
- There's no need to use `API::Scope` for scopes that don't have `if` conditions, such as in `lib/gitlab/auth.rb`. |