| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2017-06-08 | Instruct user to use a personal access token for Git over HTTP | Robin Bobbitt | |
| If internal auth is disabled and LDAP is not configured on the instance, present the user with a message to create a personal access token if his Git over HTTP auth attempt fails. | |||
| 2017-06-06 | Fix test failures | Z.J. van de Weg | |
| 2017-06-05 | Create read_registry scope with JWT auth | Z.J. van de Weg | |
| This is the first commit doing mainly 3 things: 1. create a new scope and allow users to use it 2. Have the JWTController respond correctly on this 3. Updates documentation to suggest usage of PATs There is one gotcha, there will be no support for impersonation tokens, as this seems not needed. Fixes gitlab-org/gitlab-ce#19219 | |||
| 2017-05-10 | Enable the Style/TrailingCommaInArguments cop | Rémy Coutable | |
| Use the EnforcedStyleForMultiline: no_comma option. Signed-off-by: Rémy Coutable <remy@rymai.me> | |||
| 2017-04-13 | Allow OAuth clients to push code | Timothy Andrew | |
| - We currently support fetching code with username = 'oauth2' and password = <access_token>. - Trying to _push_ code with the same credentials fails with an authentication error. - There's no reason this shouldn't be enabled, especially since we allow the OAuth client to create deploy keys with push access: https://docs.gitlab.com/ce/api/deploy_keys.html#add-deploy-key | |||
| 2017-03-07 | Merge branch 'siemens/gitlab-ce-feature/openid-connect' | Sean McGivern | |
| 2017-03-07 | Merge remote-tracking branch ↵ | Douwe Maan | |
| 'origin/personal_access_token_api_and_impersonation_token' | |||
| 2017-03-07 | Only use API scopes for personal access tokens | Markus Koller | |
| 2017-03-07 | Don't allow blocked users to authenticate through other means | Markus Koller | |
| Gitlab::Auth.find_with_user_password is currently used in these places: - resource_owner_from_credentials in config/initializers/doorkeeper.rb, which is used for the OAuth Resource Owner Password Credentials flow - the /session API call in lib/api/session.rb, which is used to reveal the user's current authentication_token In both cases users should only be authenticated if they're in the active state. | |||
| 2017-03-06 | apply codestyle and implementation changes to the respective feature code | Tiago Botelho | |
| 2017-03-06 | Remove unecessary calls to limit_user!, UniqueIps Middleware, and address MR ↵ | Pawel Chojnacki | |
| review - cleanup formating in haml - clarify time window is in seconds - cleanup straneous chunks in db/schema - rename count_uniqe_ips to update_and_return_ips_count - other | |||
| 2017-03-06 | Cleanup RSpec tests | Pawel Chojnacki | |
| 2017-03-06 | Test various login scenarios if the limit gets enforced | Pawel Chojnacki | |
| 2017-03-01 | refactors finder and correlated code | Tiago Botelho | |
| 2017-03-01 | add impersonation token | Simon Vocella | |
| 2017-01-30 | Reduce hits to LDAP on Git HTTP auth by reordering auth mechanisms | Drew Blessing | |
| We accept half a dozen different authentication mechanisms for Git over HTTP. Fairly high in the list we were checking user password, which would also query LDAP. In the case of LFS, OAuth tokens or personal access tokens, we were unnecessarily hitting LDAP when the authentication will not succeed. This was causing some LDAP/AD systems to lock the account. Now, user password authentication is the last mechanism tried since it's the most expensive. | |||
| 2016-12-16 | View-related (and other minor) changes to !5951 based on @rymai's review. | Timothy Andrew | |
| - The `scopes_form` partial can be used in the `admin/applications` view as well - Don't allow partials to access instance variables directly. Instead, pass in the instance variables as local variables, and use `local_assigns.fetch` to assert that the variables are passed in as expected. - Change a few instances of `render :partial` to `render` - Remove an instance of `required: false` in a view, since this is the default - Inline many instances of a local variable (`ip = 'ip'`) in `auth_spec` | |||
| 2016-12-16 | Validate access token scopes in `Gitlab::Auth` | Timothy Andrew | |
| - This module is used for git-over-http, as well as JWT. - The only valid scope here is `api`, currently. | |||
| 2016-09-28 | Handle LFS token creation and retrieval in the same method, and in the same ↵ | Patricio Cano | |
| Redis connection. Reset expiry time of token, if token is retrieved again before it expires. | |||
| 2016-09-19 | Fix test failure | Kamil Trzcinski | |
| 2016-09-19 | Revert "Revert all changes introduced by ↵ | Kamil Trzcinski | |
| https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6043" This reverts commit 6d43c95b7011ec7ec4600e00bdc8df76bb39813c. | |||
| 2016-09-19 | Revert all changes introduced by ↵ | Kamil Trzcinski | |
| https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6043 | |||
| 2016-09-19 | Fix spec failures | Kamil Trzcinski | |
| 2016-09-16 | Fix specs for available statuses | Kamil Trzcinski | |
| 2016-09-16 | Fix specs after renaming authentication_capabilities | Kamil Trzcinski | |
| 2016-09-16 | Rename capabilities to authentication_abilities | Kamil Trzcinski | |
| 2016-09-15 | Fix specs after merging LFS changes | Kamil Trzcinski | |
| 2016-09-15 | Merge remote-tracking branch 'origin/lfs-support-for-ssh' into per-build-token | Kamil Trzcinski | |
| # Conflicts: # app/controllers/projects/git_http_client_controller.rb # app/helpers/lfs_helper.rb # lib/gitlab/auth.rb # spec/requests/lfs_http_spec.rb | |||
| 2016-09-15 | Refactored authentication code to make it a bit clearer, added test for ↵ | Patricio Cano | |
| wrong SSH key. | |||
| 2016-09-15 | Use special characters for `lfs+deploy-key` to prevent a someone from ↵ | Patricio Cano | |
| creating a user with this username, and method name refactoring. | |||
| 2016-09-15 | Refactored LFS auth logic when using SSH to use its own API endpoint ↵ | Patricio Cano | |
| `/lfs_authenticate` and added tests. | |||
| 2016-09-15 | Refactor LFS token logic to use a Redis key instead of a DB field, making it ↵ | Patricio Cano | |
| a 1 use only token. | |||
| 2016-09-15 | Added LFS support to SSH | Patricio Cano | |
| - Required on the GitLab Rails side is mostly authentication and API related. | |||
| 2016-09-15 | Add access specs | Kamil Trzcinski | |
| 2016-09-01 | Project tools visibility level | Felipe Artur | |
| 2016-08-09 | adds second batch of tests changed to active tense | tiagonbotelho | |
| 2016-06-13 | Also rename "find" in the specs | Jacob Vosmaer | |
| 2016-06-10 | Improve Gitlab::Auth method names | Jacob Vosmaer | |
| Auth.find was a very generic name for a very specific method. Auth.find_in_gitlab_or_ldap was inaccurate in GitLab EE where it also looks in Kerberos. | |||
| 2016-06-03 | Changes after more review from Rémy | Jacob Vosmaer | |
| 2016-06-02 | Rename finder to find_in_gitlab_or_ldap | Jacob Vosmaer | |
| 2016-05-02 | Rubocop and whitespace | Jacob Vosmaer | |
| 2016-04-29 | Make CI/Oauth/rate limiting reusable | Jacob Vosmaer | |
| 2015-12-09 | Tag lib specs | Douwe Maan | |
| 2015-06-22 | Change `to_not` calls to `not_to` | Robert Speicher | |
| Both work, but now we're consistent across the entire app. | |||
| 2015-06-22 | Update mock and stub syntax for specs | Robert Speicher | |
| 2014-10-30 | Session API: Use case-insensitive authentication like in UI | Andrey Krivko | |
| 2014-10-13 | Merge tests to support Multiple LDAP groups | Jan-Willem van der Meer | |
| 2014-09-08 | Ensure Gitlab::LDAP::authentication is tested | Jan-Willem van der Meer | |
| 2014-09-08 | Refactor gitlab auth tests | Jan-Willem van der Meer | |
| 2014-08-29 | Move and rename ldap / oauth specs | Jan-Willem van der Meer | |
Welcome to mirror list, hosted at ThFree Co, Russian Federation.
 |
index : gitlab.com/gitlab-org/gitlab-foss.git | |
| Unnamed repository; edit this file 'description' to name the repository. | root |
| summaryrefslogtreecommitdiff |