Age | Commit message (Collapse) | Author | |
---|---|---|---|
2018-02-06 | Validate User username only on Namespace, and bubble up appropriately | Douwe Maan | |
2018-01-30 | Only new users get marked as external | Tiago Botelho | |
2018-01-17 | Merge branch 'jej/fix-disabled-oauth-access-10-3' into 'security-10-3' | Robert Speicher | |
[10.3] Prevent login with disabled OAuth providers See merge request gitlab/gitlabhq!2296 (cherry picked from commit 4936650427ffc88e6ee927aedbb2c724d24b094c) a0f9d222 Prevents login with disabled OAuth providers | |||
2017-12-15 | Make sure user email is read only when synced with LDAP | Douwe Maan | |
2017-11-17 | Changing OAuth lookup to be case insensitive | Francisco Javier López | |
2017-11-06 | Reallow project paths ending in periods | Douwe Maan | |
2017-10-05 | Only add identities to a user if we find one in Gitlab::OAuth::User. | Tiago Botelho | |
2017-10-02 | Merge branch '33493-attempt-to-link-saml-users-to-ldap-by-email' into 'master' | Douwe Maan | |
Attempt to link saml users to ldap by email Closes #33493 See merge request gitlab-org/gitlab-ce!14216 | |||
2017-10-02 | Refactors SAML identity creation in gl_user. | Tiago Botelho | |
2017-09-28 | refactor users update service | James Lopez | |
2017-09-28 | refactor services to match EE signature | James Lopez | |
2017-09-25 | Attempt to link saml users to ldap by email | Tiago Botelho | |
2017-09-14 | Don't force the encoding of the OAuth provider in ↵ | Rémy Coutable | |
Gitlab::OAuth::AuthHash#provider Some providers freeze their name (e.g. https://github.com/zquestz/omniauth-google-oauth2/blob/414c43ef3ffec37d473321f262e80f1e46dda89f/lib/omniauth/strategies/google_oauth2.rb#L1), so trying to modify the string would fail with a `can't modify frozen String` exception (see https://gitlab.com/gitlab-org/gitlab-ce/issues/37845#note_40308148). In this case, we can just stop trying to force the encoding of the provider name as they should always be in utf8 by default. Signed-off-by: Rémy Coutable <remy@rymai.me> | |||
2017-09-06 | Profile updates from providers | Alexander Keramidas | |
2017-08-11 | Better categorize test coverage results | Robert Speicher | |
Also marks a few things as uncovered, and removes an unused class. | |||
2017-08-02 | Uniquify reserved word usernames on OAuth user creation | Robin Bobbitt | |
2017-07-12 | Extract the finder portion of ldap_person so it can be overridden in EE | Nick Thomas | |
2017-06-23 | refactor update user service not to do auth checks | James Lopez | |
2017-06-23 | use update service on ldap call and updated specs and service | James Lopez | |
2017-06-07 | Sync email address from specified omniauth provider | Robin Bobbitt | |
2017-05-31 | Return nil when looking up config for unknown LDAP provider | Douwe Maan | |
2017-04-25 | Fix OAuth, LDAP and SAML SSO when regular sign-ups are disabled | Douwe Maan | |
2017-04-13 | Implement Users::BuildService | geoandri | |
2017-03-27 | Implement new service for creating user | George Andrinopoulos | |
2017-03-01 | Enable and autocorrect the CustomErrorClass cop | Sean McGivern | |
2017-02-23 | Fix OAuth/SAML user blocking behavior | Douwe Maan | |
2017-02-23 | Update rubocop and rubocop-rspec and regenerate .rubocop_todo.yml | Douwe Maan | |
2016-11-30 | Improve the `Gitlab::OAuth::User` error message | Drew Blessing | |
The error saving the user is logged to application.log. Previously, the entry had no context and was unusable - 'Error saving user: [Email address already taken]'. Adding the auth hash UID and email makes the error more helpful. | |||
2016-11-11 | Omniauth auto link LDAP user falls back to find by DN when user cannot be ↵ | Drew Blessing | |
found by uid | |||
2016-07-02 | Merge branch 'master' into dev-master | Tomasz Maczukin | |
* master: (98 commits) Enable Style/EmptyLines cop, remove redundant ones Update CHANGELOG Cache results from jQuery selectors to retrieve namespace name Fix import button when import fail due the namespace already been taken Fix snippets comments not displayed Fix emoji paths in relative root configurations Exclude requesters from Project#members, Group#members and User#members Upgrade Thin from 1.6.1 to 1.7.0. Many squashed commits Cache autocomplete results Upgrade Sidekiq from 4.1.2 to 4.1.4. Upgrade seed-fu from 2.3.5 to 2.3.6 use has_many relationship with events Support creating a todo on issuables via API Expose target, filter by state as string Add todos API documentation and changelog Improve the request / withdraw access button Metrics for Rouge::Plugins::Redcarpet and Rouge::Formatters::HTMLGitlab Groundwork for Kerberos SPNEGO (EE feature) Update CHANGELOG 8.9.5 for runners related fixes ... | |||
2016-06-29 | Fixed privilege escalation issue where manually set external users would be ↵ | Patricio Cano | |
reverted back to internal users if they logged in via OAuth and that provider was not in the `external_providers` list. | |||
2016-06-29 | Enable Style/SpaceAfterComma Rubocop cop | Grzegorz Bizon | |
2016-06-23 | Fix subsequent SAML sign ins | Drew Blessing | |
2016-06-09 | Syntax fixes and better logging around the `ldap_person` method. | Patricio Cano | |
2016-06-07 | Moved `find_or_create_ldap_user` method to parent class and added logging. | Patricio Cano | |
2016-06-07 | Adjust the SAML control flow to allow LDAP identities to be added to an ↵ | Patricio Cano | |
existing SAML user. | |||
2016-04-12 | Better control flow. | Patricio Cano | |
2016-04-11 | Allow `external_providers` for Omniauth to be defined to mark these users as ↵ | Patricio Cano | |
external | |||
2016-02-19 | Make new `allow_single_sign_on` feature backwards compatible | Patricio Cano | |
2016-02-19 | Decouple SAML authentication from the default Omniauth logic | Patricio Cano | |
2016-02-19 | Revert "Merge branch 'saml-decoupling' into 'master' " | Douwe Maan | |
This reverts commit c04e22fba8d130a58f498ff48127712d7dae17ee, reversing changes made to 0feab326d52222dc0ab5bd0a6b15dab297f44aa9. | |||
2016-02-18 | Decouple SAML authentication from the default Omniauth logic | Patricio Cano | |
2016-01-19 | Allow LDAP users to change their email if it was not set by the LDAP server | Douwe Maan | |
2016-01-15 | Fix signup for some OAuth providers | Steffen Köhler | |
some OAuth providers (kerberos for example) only provide a username and an email, but no name. Therefore a signup fails because the name is empty. Best guess for the name is probably the username, therefore use it as name. | |||
2015-12-22 | Fix identity and user retrieval when special characters are used | Patricio Cano | |
2015-12-15 | add CAS authentication support | tduehr | |
2015-12-11 | AuthHash should not parameterize email user | Corey Hinshaw | |
2015-11-03 | Use proper labels for OAuth providers | Douwe Maan | |
2015-09-09 | Shuffle config around a bit | Douwe Maan | |
2015-09-08 | Allow configuration of LDAP attributes GitLab will use for the new user account. | Douwe Maan | |