summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Prevent doubling AJAX request with each commit visit via Turbolinkfix-branch-containsDmitriy Zaporozhets2015-03-252-2/+2
|
* Merge pull request #9021 from nicklegr/faster_auto_mergeDmitriy Zaporozhets2015-03-252-5/+2
|\ | | | | Faster merge request processing for large repository
| * Update CHANGELOGnicklegr2015-03-251-0/+1
| | | | | | | | [ci skip]
| * Reset parking branch to HEAD everytimenicklegr2015-03-251-5/+1
| | | | | | | | * Reduces overhead of git checkout
* | Merge pull request #8007 from mr-vinn/markdown-tagsDmitriy Zaporozhets2015-03-255-10/+58
|\ \ | | | | | | Allow HTML tags in user Markdown input
| * \ Merge branch 'master' into markdown-tagsVinnie Okada2015-03-2485-530/+829
| |\ \
| * \ \ Merge branch 'master' into markdown-tagsVinnie Okada2015-03-2246-141/+466
| |\ \ \
| * | | | Fix SanitizationFilter bugsVinnie Okada2015-03-221-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Return a `SafeBuffer` instead of a `String` from the `#gfm_with_options` method so that Rails doesn't escape our markup. Also add `<span>` to the sanitization whitelist to avoid breaking syntax highlighting in code blocks.
| * | | | Merge branch 'master' into markdown-tagsVinnie Okada2015-03-21131-1414/+1117
| |\ \ \ \ | | | | | | | | | | | | | | | | | | Merge updated CHANGELOG entries
| * | | | | Don't allow style attributes in inline HTMLVinnie Okada2015-03-212-1/+2
| | | | | |
| * | | | | Change HTML sanitizationVinnie Okada2015-03-193-72/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use the `SanitizationFilter` class from the html-pipeline gem for inline HTML instead of calling the Rails `sanitize` method.
| * | | | | Merge branch 'master' into markdown-tagsVinnie Okada2015-03-171442-16375/+37368
| |\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | Use the latest HTML pipeline gem
| * | | | | | Document whitelisted HTML tags and attributesVinnie Okada2014-10-101-0/+59
| | | | | | |
| * | | | | | Allow HTML tags in user Markdown inputVinnie Okada2014-10-103-2/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow whitelisted tags to appear in rendered HTML output by disabling Redcarpet's `:filter_html` option.
* | | | | | | Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ceDmitriy Zaporozhets2015-03-2512-25/+29
|\ \ \ \ \ \ \ | |_|_|_|_|_|/ |/| | | | | |
| * | | | | | Merge branch 'more-rubocop-styles' into 'master'Dmitriy Zaporozhets2015-03-2511-22/+25
| |\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | More rubocop styles See merge request !449
| | * | | | | | Style/RedundantReturn enabledmore-rubocop-stylesDmitriy Zaporozhets2015-03-247-10/+13
| | | | | | | |
| | * | | | | | Enable more rubocop style checksDmitriy Zaporozhets2015-03-246-13/+13
| | | |_|_|_|/ | | |/| | | |
| * | | | | | Merge branch 'master' into 'master'Hannes Rosenögger2015-03-251-3/+4
| |\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Documentation - Markdown - added missing line-break info as promised, I updated the Markdown documentation with the line-breaks info See merge request !186
| | * | | | | | how to render line-breaksDmitri Goosens2014-09-171-3/+4
| | | | | | | |
* | | | | | | | Fix changelog for 7.9Robert Schilling2015-03-251-3/+1
| | | | | | | |
* | | | | | | | Merge pull request #8988 from atomaka/atomaka/bugfix/gitlab-shell-taskRobert Schilling2015-03-251-0/+1
|\ \ \ \ \ \ \ \ | |/ / / / / / / |/| | | | | | | Fix GitLab shell setup spacing
| * | | | | | | Fix newline spacing after authorized_keys rebuildAndrew Tomaka2015-03-201-0/+1
| | | | | | | |
* | | | | | | | Merge branch 'api-internal-errors' into 'master'Dmitriy Zaporozhets2015-03-2514-94/+134
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Respond with full GitAccess error if user has project read access. Should help with debugging #1236. cc @marin See merge request !437
| * | | | | | | | Respond with full GitAccess error if user has project read access.api-internal-errorsDouwe Maan2015-03-242-1/+2
| | | | | | | | |
| * | | | | | | | Refactor GitAccess to use instance variables.Douwe Maan2015-03-2413-93/+132
| | | | | | | | |
* | | | | | | | | Merge branch 'fix-sticky-header' into 'master'Dmitriy Zaporozhets2015-03-252-7/+7
|\ \ \ \ \ \ \ \ \ | |_|_|_|/ / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Improve sticky headers in diffs * disable sticky headers in discussion * enable sticky header on mr page with you click changes tab See merge request !450
| * | | | | | | | Improve sticky headers in diffsfix-sticky-headerDmitriy Zaporozhets2015-03-242-7/+7
|/ / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * disable sticky headers in discussion * enable sticky header on mr page with you click changes tab
* | | | | | | | Merge branch 'milestone_and_labels_links' into 'master'Dmitriy Zaporozhets2015-03-252-6/+7
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Milestones and labels can be used even when issues are disabled. When Issues are disabled for a project Milestones and Labels can still be used for Merge Requests. See merge request !1739
| * | | | | | | | Milestones and labels can be used even when issues are disabled.Marin Jankovski2015-03-242-6/+7
| | | | | | | | |
* | | | | | | | | Merge branch 'mr-button-color' into 'master'Dmitriy Zaporozhets2015-03-242-18/+12
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change merge request button color based on CI status Green button looks confusing when CI fails Screenshots: ![ci-warn](https://gitlab.com/gitlab-org/gitlab-ce/uploads/f8166c9acf35f9d886f37f52f975acfb/ci-warn.png) ![ci-can](https://gitlab.com/gitlab-org/gitlab-ce/uploads/d7319c4c567c42a47d79953191384f96/ci-can.png) See merge request !448
| * | | | | | | | | Change merge request button color based on CI statusDmitriy Zaporozhets2015-03-242-18/+12
| | | | | | | | | |
* | | | | | | | | | Merge branch 'note-avatar-link' into 'master'Dmitriy Zaporozhets2015-03-243-3/+7
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Link note avatar to user. See merge request !446
| * | | | | | | | | | Link note avatar to user.note-avatar-linkDouwe Maan2015-03-243-3/+7
| | |_|/ / / / / / / | |/| | | | | | | |
* | | | | | | | | | Merge branch 'user-subscriptions-dependent' into 'master'Dmitriy Zaporozhets2015-03-241-0/+1
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Clean up subscriptions when user is deleted. cc @vsizov See merge request !439
| * | | | | | | | | | Clean up subscriptions when user is deleted.user-subscriptions-dependentDouwe Maan2015-03-241-0/+1
| |/ / / / / / / / /
* | | | | | | | | | Merge branch 'update-rugments' into 'master'Dmitriy Zaporozhets2015-03-241-1/+1
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update rugments to 1.0.0.beta6 to fix C# highlighting. Fixes #1259. See merge request !435
| * | | | | | | | | | Update rugments to 1.0.0.beta6 to fix C# highlighting.update-rugmentsDouwe Maan2015-03-241-1/+1
| |/ / / / / / / / /
* | | | | | | | | | Merge branch 'master' of github.com:gitlabhq/gitlabhqDmitriy Zaporozhets2015-03-241-1/+2
|\ \ \ \ \ \ \ \ \ \
| * \ \ \ \ \ \ \ \ \ Merge pull request #9012 from dantudor/patch-1Dmitriy Zaporozhets2015-03-241-1/+2
| |\ \ \ \ \ \ \ \ \ \ | | |_|/ / / / / / / / | |/| | | | | | | | | Unescape branch param to delete
| | * | | | | | | | | Unescape branch param to deleteDan Tudor2015-03-241-1/+2
| | | |/ / / / / / / | | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | Branch names that contain `/` return a 405 error when being deleted because the slash is escaped to `%2F` This patch will unescape the param prior to executing the delete action.
* | | | | | | | | | Fix diff header in discussion blocksDmitriy Zaporozhets2015-03-241-7/+7
|/ / / / / / / / /
* | | | | | | | | Merge pull request #9007 from atomaka/atomaka/feature/broadcast-message-colorsDmitriy Zaporozhets2015-03-242-6/+4
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | Complete transition to using color_field for selecting colors
| * | | | | | | | | Update help texts and default value settingAndrew Tomaka2015-03-242-6/+4
| | | | | | | | | |
| * | | | | | | | | Update broadcast messages to use color_fieldAndrew Tomaka2015-03-231-2/+2
| | | | | | | | | |
* | | | | | | | | | Merge branch 'git-auth-rack-attack-improvements' into 'master'Dmitriy Zaporozhets2015-03-247-15/+153
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reduce Rack Attack false positives causing 403 errors during HTTP authentication ### What does this MR do? This MR reduces false positives causing `403 Forbidden` messages after HTTP authentication. A Git client may attempt to access a repository without a password. If it receives a 401 error, the client often will try again, this time supplying a password. The problem is that `grack_auth.rb` considers a blank password an authentication failure and increases a Redis counter each time this happens. With enough requests, an IP can be banned temporarily even though previous attempts may have been successful. This leads users to see `403 Forbidden` errors until the ban times out (default: 1 hour). To reduce the chance of a false positive, this MR resets the counter upon a successful authentication from an IP. In addition, this MR logs when a user has been banned and introduces the ability to disable Rack Attack via a config variable. ### Are there points in the code the reviewer needs to double check? rack-attack v4.2.0 doesn't support the ability to clear counters out of the box, so `rack_attack_helpers.rb` includes a number of monkey patches to make it work. It looks like this functionality may be added in v4.3.0. I've also sent pull requests to rack-attack to add the functionality necessary to delete a key. Each time an authentication is successful, the Redis counter for that IP is cleared. I deemed it better to clear the counter than to allow for blank passwords, since the latter seems like a security risk. ### Why was this MR needed? It was quite difficult to figure out why users were seeing `403 Forbidden`, which is why the log message was added. Users were getting a lot of false positives when accessing repositories with HTTPS. Including the username in the HTTPS URL (e.g. `https://username@mydomain.com/account/repo.git`) caused authentication failures because while the git client provided the username, it left the password blank, leading to an authentication failure. ### What are the relevant issue numbers / [Feature requests](http://feedback.gitlab.com/)? See Issue #1171 https://github.com/kickstarter/rack-attack/issues/113 See merge request !392
| * | | | | | | | | | Reduce Rack Attack false positives by clearing out auth failure count uponStan Hu2015-03-247-15/+153
| | |/ / / / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | successful Git over HTTP authentication. Add logging when a ban goes into effect for debugging. Issue #1171
* | | | | | | | | | Merge branch 'unset-assignee' into 'master'Dmitriy Zaporozhets2015-03-247-21/+19
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure issue assignee is properly reset. Previously, when the assignee was reset via the sidebar or bulk edit, `assignee_id` was set to `-1` rather than `null`, which caused the two issues shown below: ![Screen_Shot_2015-03-24_at_16.52.13](https://gitlab.com/gitlab-org/gitlab-ce/uploads/3c937795c45031c3c72c124ced866598/Screen_Shot_2015-03-24_at_16.52.13.png) - A "(deleted)" participant - An empty selectbox in the sidebar, instead of "Select assignee" See merge request !443
| * | | | | | | | | | Add migration.unset-assigneeDouwe Maan2015-03-242-1/+7
| | | | | | | | | | |
| * | | | | | | | | | Make sure issue assignee is properly reset.Douwe Maan2015-03-245-20/+12
| | |_|/ / / / / / / | |/| | | | | | | |
View Lorry Controller Status