| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|\
| |
| | |
Faster merge request processing for large repository
|
| |
| |
| |
| | |
[ci skip]
|
| |
| |
| |
| | |
* Reduces overhead of git checkout
|
|\ \
| | |
| | | |
Allow HTML tags in user Markdown input
|
| |\ \ |
|
| |\ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Return a `SafeBuffer` instead of a `String` from the `#gfm_with_options`
method so that Rails doesn't escape our markup.
Also add `<span>` to the sanitization whitelist to avoid breaking syntax
highlighting in code blocks.
|
| |\ \ \ \
| | | | | |
| | | | | |
| | | | | | |
Merge updated CHANGELOG entries
|
| | | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Use the `SanitizationFilter` class from the html-pipeline gem for inline
HTML instead of calling the Rails `sanitize` method.
|
| |\ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | | |
Use the latest HTML pipeline gem
|
| | | | | | | |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Allow whitelisted tags to appear in rendered HTML output by disabling
Redcarpet's `:filter_html` option.
|
|\ \ \ \ \ \ \
| |_|_|_|_|_|/
|/| | | | | | |
|
| |\ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
More rubocop styles
See merge request !449
|
| | | | | | | | |
|
| | | |_|_|_|/
| | |/| | | | |
|
| |\ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Documentation - Markdown - added missing line-break info
as promised, I updated the Markdown documentation with the line-breaks info
See merge request !186
|
| | | | | | | | |
|
| | | | | | | | |
|
|\ \ \ \ \ \ \ \
| |/ / / / / / /
|/| | | | | | | |
Fix GitLab shell setup spacing
|
| | | | | | | | |
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Respond with full GitAccess error if user has project read access.
Should help with debugging #1236.
cc @marin
See merge request !437
|
| | | | | | | | | |
|
| | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \
| |_|_|_|/ / / / /
|/| | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Improve sticky headers in diffs
* disable sticky headers in discussion
* enable sticky header on mr page with you click changes tab
See merge request !450
|
|/ / / / / / / /
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
* disable sticky headers in discussion
* enable sticky header on mr page with you click changes tab
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Milestones and labels can be used even when issues are disabled.
When Issues are disabled for a project Milestones and Labels can still be used for Merge Requests.
See merge request !1739
|
| | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Change merge request button color based on CI status
Green button looks confusing when CI fails
Screenshots:
![ci-warn](https://gitlab.com/gitlab-org/gitlab-ce/uploads/f8166c9acf35f9d886f37f52f975acfb/ci-warn.png)
![ci-can](https://gitlab.com/gitlab-org/gitlab-ce/uploads/d7319c4c567c42a47d79953191384f96/ci-can.png)
See merge request !448
|
| | | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
Link note avatar to user.
See merge request !446
|
| | |_|/ / / / / / /
| |/| | | | | | | | |
|
|\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
Clean up subscriptions when user is deleted.
cc @vsizov
See merge request !439
|
| |/ / / / / / / / / |
|
|\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
Update rugments to 1.0.0.beta6 to fix C# highlighting.
Fixes #1259.
See merge request !435
|
| |/ / / / / / / / / |
|
|\ \ \ \ \ \ \ \ \ \ |
|
| |\ \ \ \ \ \ \ \ \ \
| | |_|/ / / / / / / /
| |/| | | | | | | | | |
Unescape branch param to delete
|
| | | |/ / / / / / /
| | |/| | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Branch names that contain `/` return a 405 error when being deleted because the slash is escaped to `%2F`
This patch will unescape the param prior to executing the delete action.
|
|/ / / / / / / / / |
|
|\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | | |
Complete transition to using color_field for selecting colors
|
| | | | | | | | | | |
|
| | | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
Reduce Rack Attack false positives causing 403 errors during HTTP authentication
### What does this MR do?
This MR reduces false positives causing `403 Forbidden` messages after HTTP authentication.
A Git client may attempt to access a repository without a password. If it receives a 401 error, the client often will try again, this time supplying a password. The problem is that `grack_auth.rb` considers a blank password an authentication failure and increases a Redis counter each time this happens. With enough requests, an IP can be banned temporarily even though previous attempts may have been successful. This leads users to see `403 Forbidden` errors until the ban times out (default: 1 hour).
To reduce the chance of a false positive, this MR resets the counter upon a successful authentication from an IP.
In addition, this MR logs when a user has been banned and introduces the ability to disable Rack Attack via a config variable.
### Are there points in the code the reviewer needs to double check?
rack-attack v4.2.0 doesn't support the ability to clear counters out of the box, so `rack_attack_helpers.rb` includes a number of monkey patches to make it work. It looks like this functionality may be added in v4.3.0. I've also sent pull requests to rack-attack to add the functionality necessary to delete a key.
Each time an authentication is successful, the Redis counter for that IP is cleared. I deemed it better to clear the counter than to allow for blank passwords, since the latter seems like a security risk.
### Why was this MR needed?
It was quite difficult to figure out why users were seeing `403 Forbidden`, which is why the log message was added. Users were getting a lot of false positives when accessing repositories with HTTPS. Including the username in the HTTPS URL (e.g. `https://username@mydomain.com/account/repo.git`) caused authentication failures because while the git client provided the username, it left the password blank, leading to an authentication failure.
### What are the relevant issue numbers / [Feature requests](http://feedback.gitlab.com/)?
See Issue #1171
https://github.com/kickstarter/rack-attack/issues/113
See merge request !392
|
| | |/ / / / / / / /
| |/| | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
successful Git over HTTP authentication.
Add logging when a ban goes into effect for debugging.
Issue #1171
|
|\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
Make sure issue assignee is properly reset.
Previously, when the assignee was reset via the sidebar or bulk edit, `assignee_id` was set to `-1` rather than `null`, which caused the two issues shown below:
![Screen_Shot_2015-03-24_at_16.52.13](https://gitlab.com/gitlab-org/gitlab-ce/uploads/3c937795c45031c3c72c124ced866598/Screen_Shot_2015-03-24_at_16.52.13.png)
- A "(deleted)" participant
- An empty selectbox in the sidebar, instead of "Select assignee"
See merge request !443
|
| | | | | | | | | | | |
|
| | |_|/ / / / / / /
| |/| | | | | | | | |
|