| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |
|
|
| |
existing SAML user.
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add padding to bottom of wiki page, fix #12921.
## What does this MR do?
Adds padding to the bottom of the wiki page so it's not right up against the edge of the browser window.
## What are the relevant issue numbers?
#12921
## Screenshots (if relevant)
Before:
After:
cc: @jschatz1
See merge request !4490
|
| | | |
|
| |\ \
| | |
| | |
| | |
| | | |
Remove duplicated notification settings and add unique index
See merge request !4472
|
| | | | |
|
| | | | |
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixed issue with activity links not being consistent
## What does this MR do?
Previously, links for opening an issue/merge request & commenting where different. Opening would only have a link on the number whereas commenting would have link on the text as well. This standardises it to include the type as well (ie. issue)
## What are the relevant issue numbers?
Closes #17621
## Screenshots (if relevant)
See merge request !4400
|
| | | | |
| | | |
| | | |
| | | | |
Closes #17621
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Shows the edit comment button on mobile
## What does this MR do?
Shows the edit comment button on mobile.
## What are the relevant issue numbers?
Closes #17214
## Screenshots (if relevant)
See merge request !4402
|
| | |/ / /
| | | |
| | | |
| | | | |
Closes #17214
|
| |\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
'18026-consider-removing-issue-merge-request-previous-next-buttons' into 'master'
Remove prev/next buttons on issues and merge requests
## What does this MR do?
Remove prev/next buttons on issues and merge requests sidebar
## Are there points in the code the reviewer needs to double check?
No
## Why was this MR needed?
The buttons were rarely used and added at least 1 query each on every page load which we could live without.
## What are the relevant issue numbers?
#18026
## Screenshots (if relevant)
Below is how it looks. Not sure if it's too much empty space. #17697 discusses a possible substitute for what to put there.
See merge request !4442
|
| | | | | |
| | | | |
| | | | |
| | | | | |
The buttons were rarely used and added at least 1 query each on every page load.
|
| |\ \ \ \ \
| |_|_|_|/
|/| | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add confidential issue notice in comment box.
## What does this MR do?
Adds a warning about confidential issues to the comment field when the issue is confidential.
## Are there points in the code the reviewer needs to double check?
I don't think so.
## Why was this MR needed?
It wasn't clear to users that they were commenting on a confidential issue, this makes it more explicit.
## What are the relevant issue numbers?
Fixes #15288
## Screenshots (if relevant)
This is what it looks like at various screen sizes:
cc: @jschatz1 @dzaporozhets
See merge request !4473
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| |\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Notes are awardables
## What does this MR do?
Makes sure we can :thunder_cloud_rain: comments/notes.
## What are the relevant issue numbers?
Follows up upon !2901, depends on !3785
Closes #3655
## Screenshots (if relevant)
TODO
See merge request !4291
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
It was named as $emojiBtn before I was using $emojiButton so updated them to be consistent.
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| |\ \ \ \ \ \
| |_|_|/ / /
|/| | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Extend specs for builds badge
## What does this MR do?
This MR extends specs for builds badge.
## Why was this MR needed?
We added an edge case to specs, while trying to reproduce problem described in #17549
## What are the relevant issue numbers?
#17549
See merge request !4401
|
| | | |_|/ /
| |/| | |
| | | | |
| | | | | |
Related to #17549
|
| |\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Upgraded jQuery to version 2
## What does this MR do?
Upgrades jQuery to 2.2.1.
Had to include the task_list JS file directly as it includes jQuery 1 directly https://github.com/github-archive/task_list/blob/master/app/assets/javascripts/task_list.coffee#L8 so when we change jQuery to `jquery2` it was including both jQuery 1 & 2.
## Are there points in the code the reviewer needs to double check?
For any JS errors
## What are the relevant issue numbers?
Closes #12440
See merge request !4384
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
CHANGELOG item
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Closes #12440
|
| |\ \ \ \ \ \ |
|
| | |\ \ \ \ \ \
| | |_|_|/ / /
| |/| | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Allow a U2F Device to be the Second Factor for Authentication
Parent Issue: #15337
## TODO
- [ ] #15337 (!3905) FIDO/U2F 2FA using Yubikey
- [x] Order a Yubikey?
- [x] Do some reading to figure out what all this stuff means
- [x] Look through the existing MR
- [x] Browser support?
- [x] Implementation
- [x] User can register 2FA using their U2H device instead of authenticator
- [x] Barebones flow
- [x] Save the registration in the database
- [x] Authentication flow
- [x] First try after login/server start doesn't work
- [x] User can log in using their U2F device
- [x] Allow setting up authenticator if U2F is already set up (or vice versa)
- [x] Change `two_factor_auths/new` to `show`
- [x] `sign_requests` during registration? (Registering a device that has already been registered)
- [x] 2FA skippable flow?
- [x] Enforced 2FA flow (grace period?)
- [x] Move the "Configure it Later" button to the right place
- [x] Don't allow registration when the yubikey isn't plugged in
- [x] Polish authentication flow
- [x] Login should only show the 2FA method that's enabled
- [x] Message to say that u2f only works on chrome, and it's recommended to enable otp as well.
- [x] Index for key_handle
- [x] Server-side errors while registering/logging in
- [x] Handle non-chrome browsers
- [x] Try to authenticate with a key that hasn't been registered (shouldn't work)
- [x] Try the same key for multiple user accounts (should work)
- [x] Fix existing tests
- [x] Make sure CI is green
- [x] Add tests
- [x] Figure out how to fake the Yubikey
- [x] Teaspoon tests for the React components
- [x] Each device can only be registered once per user
- [x] Feature specs
- [x] Regular flows
- [x] Test error cases
- [x] Refactoring
- [x] Refactor App ID
- [x] Clean up the `show` action
- [x] Annotate methods with definition of U2F
- [x] Changelog
- [x] Fix merge conflicts
- [x] Verify flows
- [x] Authenticator + no U2F
- [x] U2F + no authenticator
- [x] U2F + authenticator
- [x] U2F + authenticator -> disable 2FA
- [x] 2FA required with different grace periods
- [x] Screenshots for MR
- [x] Augment the [help docs](http://localhost:3000/help/profile/two_factor_authentication)
- [x] Assign to endboss
- [x] Ask for feedback on UI/UX
- [x] Ask for feedback on copy
- [x] Wait for review/merge
- [x] Fix merge conflicts
- [x] Wait for CI to pass
- [x] Implement review comments/suggestions
- [x] Move `TwoFactorAuthController#create_u2f` to a service
- [x] Extra space before `Base64` in `u2f_registration` model
- [x] Move `with/without_two_factor` scopes to class methods
- [x] In `profiles/accounts/show`, add spaces at `{` and `}`
- [x] Remove blank lines in `profiles/two_factor_auths/show`
- [x] Fix typo in doc. "(universal 2nd factor )"
- [x] Add "Added in 8.8" to doc
- [x] In the doc, use 'Enable 2FA via mobile application' instead of 'Via Mobile Application'
- [x] In the doc, use 'Enable 2FA via U2F device' instead of 'Via U2F Device
- [x] Use "Two-Factor Authentication" everywhere
- [x] Use `#icon` wrapper instead of `fa_stacked_icon`
- [x] Check if `string` is enough for `key_handle` and `public_key`
- [x] Separate `exercise` and `verify` phases of test (u2f_spec)
- [x] Assert that `user_without_2fa` is _not_ in results (with_two_factor)
- [x] Remove rubocop exception
- [x] Refactor call to `User.with_two_factor.count` to not include `.length`
- [x] Add a note that makes the "Disable" button/feature obvious
- [x] Remove i18n
- [x] Test in Firefox with addon (+ create new issue for support)
- [x] Remove React
- [x] Rewrite registration
- [x] Switch underscore template to default style
- [x] Rewrite authentication
- [x] Move `register` haml to `u2f` dir
- [x] Remove instance variables
- [x] Fix tests
- [x] Read SCSS guidelines
- [x] Address @connorshea's comments regarding text style
- [x] Make sure all classes and IDs are in line (add `js-` prefixes)
- [x] Register
- [x] Authenticate
- [x] Refactoring?
- [x] Include non-minifed version of bowser
- [x] Audit log
- [x] Look at the `browser` gem (and don't use bowser)
- [x] Error message when on HTTP?
- [x] Test on Mobile
- [x] Fix merge conflicts
- [x] Retest all flows
- [x] Back to Rémy for review
- [x] Make sure CI is green
- [x] Wait for merge / more feedback
- [x] Implement @rymai's changes
- [x] JS/Coffeescript variables should be lowerCamelCase
- [x] Spaces before/after `}` and `{` in HAML (and elsewhere)
- [x] Rails view helpers in u2f HAML
- [x] `%div.row.append-bottom-10`
- [x] Wrap line in `without_two_factor` scope
- [x] Exception-less flow in `U2F::CreateService`
- [x] Fix merge conflicts
- [x] Move service to model class method
- [x] Fix teaspoon specs
- [x] Address @rymai's suggestions about error handing
- [x] Javascript error constants
- [x] Fix merge conflicts
- [x] One final review
- [x] Test "registration with errors" flow
- [x] Assign to Remy
- [x] Wait for replies from @jschatz1
- [x] Address @rymai's comments
- [x] Omit `%div`
- [x] Scope `$.find` globally
- [x] Replace `find('#element-id).click` with `click_on('Element Text')
- [x] Rebase master + conflicts
- [x] Look at https://news.ycombinator.com/item?id=11690774
- [x] Address @connorshea's comment regarding HTTPS on localhost
- [x] Final sanity check
- [x] Wait for [CI to pass](https://gitlab.com/gitlab-org/gitlab-ce/commit/c84179ad233529c33ee6ba8491cfea862c6cd864/builds)
- [x] Address @rymai's next round of comments
- [x] Interpolate `true` and `false` in DB scopes
- [x] Why have `Gon::Base.render_data` thrice?
- [x] `user_spec` should have correct spacing
- [x] Use `arel_table[:id]` instead of `users.id`
- [x] URL helper in `app/views/profiles/two_factor_auths/show.html.haml`
- [x] Remove polyfill change
- [x] Wait for [CI to pass](https://gitlab.com/gitlab-org/gitlab-ce/commit/0123ab8/builds)
- [x] Address @jschatz1's comments
- [x] Use `on('click', ...)` instead of `click(...)`
- [x] Use `is` and `isnt` in coffeescript
- [x] Use `and` and `or` in coffeescript
- [x] Add `Gon::Base.render_data` to `devise_empty` (and other base layouts)
- [x] Wait for [CI to pass](https://gitlab.com/gitlab-org/gitlab-ce/commit/401916397336174c582be3d3004a072f845d4b5f/builds)
- [x] Wait for [build](https://gitlab.com/gitlab-org/gitlab-ce/commit/75955710ef9a5f0dcee04e8617028c0e3ea5bf50/builds) to pass
- [x] Fix merge conflicts
- [x] Inspect diff / workflow
- [x] Assign back to @rymai
- [x] Make sure [ci](https://gitlab.com/gitlab-org/gitlab-ce/commit/2c6316b29a9276ef44c7b4b39363a611bf5973a6/builds) has passed
- [x] Fix merge conflicts (probably introduced by [devise upgrade](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4216)
- [x] Wait for [CI](https://gitlab.com/gitlab-org/gitlab-ce/commit/a5ef48b7aa63d0d9e45b41643043b57208eaab9f/builds) to pass
- [x] Respond to @rymai's comments
- [x] Use `elsif`
- [x] Check if we need `and return`
- [x] Only fetch key handles from the DB
- [x] No annotations to models?
- [x] Align hash keys in model
- [x] Wait for [build](https://gitlab.com/gitlab-org/gitlab-ce/commit/e0ef504734e7f14813c73bbb79f5c5f6fae3248c/builds) to pass
- [ ] Wait for merge
## Screenshots
See merge request !3905
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
- "two-factor" for OTP-based 2FA
- "two-factor-via-u2f-device" for U2F-based 2FA
- "standard" for non-2FA login
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
- Move the `authenticate_with_two_factor` method from
`ApplicationController` to the `AuthenticatesWithTwoFactor` module,
where it should be.
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
- Move the `TwoFactorAuthsController`'s `new` action to `show`, since
the page is not used to create a single "two factor auth" anymore. We
can have a single 2FA authenticator app, along with any number of U2F
devices, in any combination, so the page will be accessed after the
first "two factor auth" is created.
- Add the `u2f` javascript library, which provides an API to the
browser's U2F implementation.
- Add tests for the JS components
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
- Turbolinks caches the `head`, so `gon` updates don't show up unless
the user navigates to page directly (by URL) or performs a refresh.
- The solution is to render `gon` in the body instead.
- Also update the syntax to the new Rails 4 (according to the gon
README) syntax.
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
- Need the `mobile?` detection (that the new version provides) for the
U2F registration/ authentication flow
|
| | |/ / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
- To hold registrations from U2F devices, and to authenticate them.
- Previously, `User#two_factor_enabled` was aliased to the
`otp_required_for_login` column on `users`.
- This commit changes things a bit:
- `User#two_factor_enabled` is not a method anymore
- `User#two_factor_enabled?` checks both the
`otp_required_for_login` column, as well as `U2fRegistration`s
- Change all instances of `User#two_factor_enabled` to
`User#two_factor_enabled?`
- Add the `u2f` gem, and implement registration/authentication at the
model level.
|
| |\ \ \ \ \ \
| |/ / / / /
|/| | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Remove 'unscoped' from project builds selection
This is a fix for this security bug: https://gitlab.com/gitlab-org/gitlab-ce/issues/18188
/cc @kamil @grzegorz @stanhu
See merge request !1968
|
| | | |_|/ /
| |/| | | |
|
