| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |\
| |
| |
| |
| |
| |
| | |
32838 Add wells to admin dashboard overview to fix spacing problems
Closes #32838
See merge request !12467
|
| | | |
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Fix API Scoping
Closes #33580 and #33022
See merge request !12300
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- The `/users` and `/users/:id` APIs are now accessible without
authentication (!12445), and so scopes are not relevant for these endpoints.
- Previously, we were testing our scope declaration against these two methods.
This commit moves these tests to other `GET` user endpoints which still
require authentication.
|
| | |\ \
| | | |
| | | |
| | | | |
# Conflicts:
# lib/api/users.rb
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
- There's no need to use `API::Scope` for scopes that don't have `if`
conditions, such as in `lib/gitlab/auth.rb`.
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
- To represent an authorization scope, such as `api` or `read_user`
- This is a better abstraction than the hash we were previously using.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Use a struct for scopes, so we can call `scope.if` instead of `scope[:if]`
- Refactor the "remove scopes whose :if condition returns false" logic to use a
`select` rather than a `reject`.
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
1. Get the spec for `lib/gitlab/auth.rb` passing.
- Make the `request` argument to `AccessTokenValidationService` optional -
`auth.rb` doesn't need to pass in a request.
- Pass in scopes in the format `[{ name: 'api' }]` rather than `['api']`, which
is what `AccessTokenValidationService` now expects.
2. Get the spec for `API::V3::Users` passing
2. Get the spec for `AccessTokenValidationService` passing
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- They are not included automatically since `API::Users` does not inherit from
`API::API`, as I initially assumed.
- Scopes declared in `API::API` are considered global (to the API), and need to
be included in all cases.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Test `GET` endpoints to check that the scope is allowed.
- Test `POST` endpoints to check that the scope is disallowed.
- Test both `v3` and `v4` endpoints.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Scope declarations of the form:
allow_access_with_scope :read_user, if: -> (request) { request.get? }
will only apply for `GET` requests
- Add a negative test to a `POST` endpoint in the `users` API to test this. Also
test for this case in the `AccessTokenValidationService` unit tests.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Declaring an endpoint's scopes in a `before` block has proved to be
unreliable. For example, if we're accessing the `API::Users` endpoint - code
in a `before` block in `API::API` wouldn't be able to see the scopes set in
`API::Users` since the `API::API` `before` block runs first.
- This commit moves these declarations to the class level, since they don't need
to change once set.
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Honor the "Remember me" parameter for OAuth-based login
Closes #18000
See merge request !11963
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- Don't use `request.env['omniauth.params']` if it isn't present.
- Remove the `saml` section from the `gitlab.yml` test section. Some tests
depend on this section not being initially present, so it can be overridden
in the test. This MR doesn't add any tests for SAML, so we didn't really need
this in the first place anyway.
- Clean up the test -> omniauth section of `gitlab.yml`
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- Disable an ESLint check rather than work around it (by
converting `OAuthRememberMe` from a regular class to a
static class.
- Scope `$` calls inside `OAuthRememberMe`
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- Change double quotes to single quotes.
- Why is `OmniAuth.config.full_host` being reassigned in the integration test?
- Use `map` over `map!` to avoid `dup` in the `gitlab:info` rake task
- Other minor changes
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
providers.
- The test for `rake gitlab:env:info` executed the rake task, which mutated the
list of omniauth providers, breaking subsequent tests relying on this list.
- I've changed the rake task to duplicate the providers list before modifying it.
|
| | | | | | |
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- I tried to get this to work by stubbing out portions of the config within the
test. This didn't work as expected because Devise/Omniauth loaded before the
stub could run, and the stubbed config was ignored.
- I attempted to fix this by reloading Devise/Omniauth after stubbing the
config. This successfully got Devise to load the stubbed providers, but failed
while trying to access a route such as `user_gitlab_omniauth_authorize_path`.
- I spent a while trying to figure this out (even trying
`Rails.application.reload_routes!`), but nothing seemed to work.
- I settled for adding this config directly to `gitlab.yml` rather than go down
this path any further.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- Added saml, authentiq, cas3, and auth0
- Crowd seems to be a special case that will be handled separately.
|
| | | | | | |
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- There was previously a test for `saml` login in `login_spec`, but this didn't
seem to be passing. A lot of things didn't seem right here, and I suspect that
this test hasn't been running. I'll investigate this further.
- It took almost a whole working day to figure out this line:
OmniAuth.config.full_host = ->(request) { request['REQUEST_URI'].sub(request['REQUEST_PATH'], '') }
As always, it's obvious in retrospect, but it took some digging to figure out
tests were failing and returning 404s during the callback phase.
- Test all OAuth providers - github, twitter, bitbucket, gitlab, google, and facebook
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- Pass a `remember_me` query parameter along with the initial OAuth request, and
pick this parameter up during the omniauth callback from
request.env['omniauth.params']`
- For 2FA-based login, copy the `remember_me` param from `omniauth.params` to
`params`, which the 2FA process will pick up.
- For non-2FA-based login, simply call the `remember_me` devise method to set
the session cookie.
|
| |\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
'master'
Use stub_application_setting when testing ApplicationHelper#support_url
Closes #34648
See merge request !12627
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Fixes the column widths for the new navigation option
See merge request !12644
|
| | | | | | | | |
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Fix invalid Rails.logger call in lib/gitlab/health_checks/fs_shards_check.rb
See merge request !12641
|
| | | | | | | | | |
|
| |\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Log rescued exceptions to Sentry
See merge request !12638
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Support noticed that a number of exceptions, such as
"Encoding::CompatibilityError (incompatible character encodings: UTF-8 and
ASCII-8BIT)", failed to report to Sentry. The `rescue_from` in the
ApplicationController prevented these exceptions from being recorded.
This change ensures that these exceptions are properly captured.
|
| |\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
'master'
Add test example for external commit status retries
See merge request !12642
|
| | | | | | | | | | | |
|
| |\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
Improve stage_id foreign key migration
Closes #34495
See merge request !12617
|
| | |\ \ \ \ \ \ \ \ \ \
| | | |_|_|_|/ / / / /
| | |/| | | | | | | |
| | | | | | | | | | | |
# Conflicts:
# db/schema.rb
|
| | | | | | | | | | | | |
|
