| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2018-11-29 | Add config to disable impersonation | Imre Farkas | |
| Adds gitlab.impersonation_enabled config option defaulting to true to keep the current default behaviour. Only the act of impersonation is modified, impersonation token management is not affected. | |||
| 2018-11-29 | Merge branch 'security-fix-pat-web-access' into 'master' | Cindy Pallares | |
| [master] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request" See merge request gitlab/gitlabhq!2583 | |||
| 2018-11-20 | Merge branch 'fix/allow-saml2-for-2fa-bypass' into 'master' | Douwe Maan | |
| saml/auth_hash: Allow 2FA bypass for SAML 2.0 responses See merge request gitlab-org/gitlab-ce!22568 | |||
| 2018-11-01 | Fix typos in comments and specs | George Tsiolis | |
| 2018-10-29 | [master] Persist only SHA digest of PersonalAccessToken#token | Imre Farkas | |
| 2018-10-25 | saml/auth_hash: Allow 2FA bypass for SAML 2.0 responses | 115100 | |
| Closes gitlab-org/gitlab-ce/#53102. | |||
| 2018-10-13 | Enable some frozen string in lib/gitlab | gfyoung | |
| Enable frozen string for the following files: * lib/gitlab/auth/**/*.rb * lib/gitlab/badge/**/*.rb * lib/gitlab/bare_repository_import/**/*.rb * lib/gitlab/bitbucket_import/**/*.rb * lib/gitlab/bitbucket_server_import/**/*.rb * lib/gitlab/cache/**/*.rb * lib/gitlab/checks/**/*.rb Partially addresses #47424. | |||
| 2018-09-21 | Correct Gitlab Capitalization in code files | Marcel Amirault | |
| 2018-09-11 | Disable existing offenses for the CodeReuse cops | Yorick Peterse | |
| This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. | |||
| 2018-08-23 | Backport LDAP changes to CE | Douglas Barbosa Alexandre | |
| 2018-08-22 | Fix broken Git over HTTP clones with LDAP users | Stan Hu | |
| Due to a regression in !20608, the LDAP authenticator was not being used unless OmniAuth was enabled. This change allows the LDAP provider to be used if it is configured regardless of the OmniAuth setting. Closes #50579 | |||
| 2018-08-03 | Improve blocked user tracking code readability | Grzegorz Bizon | |
| 2018-08-02 | Remove an empty line from blocker user tracker class | Grzegorz Bizon | |
| 2018-08-02 | Remove an empty line from the end of blocked_user_tracker.rb | Grzegorz Bizon | |
| 2018-08-01 | Improve authentication events-related code readability | Grzegorz Bizon | |
| 2018-08-01 | Simplify blocked user tracking during authentication | Grzegorz Bizon | |
| 2018-08-01 | Improve blocked user tracking and fire some events only once | Grzegorz Bizon | |
| 2018-07-31 | Merge branch 'feature/gb/login-activity-metrics' into 'master' | Sean McGivern | |
| Add user authentication activity metrics Closes #47789 See merge request gitlab-org/gitlab-ce!20668 | |||
| 2018-07-31 | Improve authentication activity code readability | Grzegorz Bizon | |
| 2018-07-27 | Improve specs for blocked user tracker class | Grzegorz Bizon | |
| 2018-07-27 | Add authentication metrics for sessionless sign in | Grzegorz Bizon | |
| 2018-07-27 | Improve readability and move custom matchers to better place | Grzegorz Bizon | |
| 2018-07-27 | Catch custom warden events too to increment metrics | Grzegorz Bizon | |
| 2018-07-26 | Make authentication metrics events explicit is specs | Grzegorz Bizon | |
| 2018-07-24 | Fix activity metric name that need to be symbols | Grzegorz Bizon | |
| 2018-07-23 | Make it easier to stub authentication metrics | Grzegorz Bizon | |
| 2018-07-23 | Track blocked users and two factor authentications | Grzegorz Bizon | |
| 2018-07-20 | Refactor blocked user tracker class | Grzegorz Bizon | |
| 2018-07-20 | Add custom expectations for authentication activity metrics | Grzegorz Bizon | |
| 2018-07-20 | Disable SAML if OmniAuth is disabled | Lin Jen-Shin | |
| We also try to unify the way we setup OmniAuth, and how we check if it's enabled or not. | |||
| 2018-07-19 | Rename authentication activity observer methods | Grzegorz Bizon | |
| 2018-07-17 | Implement scaffold of authentication activity metrics | Grzegorz Bizon | |
| 2018-07-09 | Updates from `rubocop -a` | Lin Jen-Shin | |
| 2018-06-25 | Honor saml assurance level to allow 2FA bypassing | Roger Rüttimann | |
| 2018-05-31 | Export assigned issues in iCalendar feed | Imre Farkas | |
| 2018-05-24 | Add username to terms message in git and API calls | Bob Van Landuyt | |
| This will make it clearer to users which account is being used to make the API/git call. So they know which account needs to be used to accept the terms. Closes #46649 | |||
| 2018-05-18 | Minimize CE/EE difference in Gitlab::Auth::LDAP::Config | Rémy Coutable | |
| Signed-off-by: Rémy Coutable <remy@rymai.me> | |||
| 2018-05-18 | Minimize CE/EE difference in Gitlab::Auth::LDAP::Access | Rémy Coutable | |
| Signed-off-by: Rémy Coutable <remy@rymai.me> | |||
| 2018-05-18 | Minimize CE/EE difference in Gitlab::Auth::UserAuthFinders | Rémy Coutable | |
| Signed-off-by: Rémy Coutable <remy@rymai.me> | |||
| 2018-05-18 | Minimize CE/EE difference in Gitlab::Auth::Saml::User | Rémy Coutable | |
| Signed-off-by: Rémy Coutable <remy@rymai.me> | |||
| 2018-05-18 | Minimize CE/EE difference in Gitlab::Auth::Saml::Config | Rémy Coutable | |
| Signed-off-by: Rémy Coutable <remy@rymai.me> | |||
| 2018-05-13 | Fix system hook not firing for blocked users when LDAP sign-in is used | Stan Hu | |
| An LDAP sign-in request results in a different request parameter than a standard GitLab sign-in. Since Warden doesn't pass us the user that was blocked, we first search for a `username` in the request parameters and then look for `user.login`. Closes #46307 | |||
| 2018-05-10 | Block access to API & git when terms are enforced | Bob Van Landuyt | |
| When terms are enforced, but the user has not accepted the terms access to the API & git is rejected with a message directing the user to the web app to accept the terms. | |||
| 2018-05-04 | Backport IdentityLinker#failed? from GroupSaml callback flow | James Edwards-Jones | |
| 2018-04-23 | Auth::User classes refactor adds should_save? | James Edwards-Jones | |
| 2018-04-23 | Replace define_method with alias_method in Omniauth Controllers | James Edwards-Jones | |
| 2018-04-23 | Unify Saml::IdentityLinker and OAuth::IdentityLinker | James Edwards-Jones | |
| 2018-04-23 | Show error on failed OAuth account link | James Edwards-Jones | |
| 2018-04-23 | Refactor OmniauthCallbacksController to remove duplication | James Edwards-Jones | |
| Moves LDAP to its own controller with tests Provides path forward for implementing GroupSaml | |||
| 2018-04-04 | Add better LDAP connection handling | Francisco Javier López | |
Welcome to mirror list, hosted at ThFree Co, Russian Federation.
 |
index : gitlab.com/gitlab-org/gitlab-foss.git | |
| Unnamed repository; edit this file 'description' to name the repository. | root |
| summaryrefslogtreecommitdiff |