| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| |
| |
| |
| |
| | |
Remove changelog entry for new navigation sidebar.
See merge request !3608
|
| | |
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fix side-by-side code format & commit message wrap
![Screen_Shot_2016-04-07_at_1.31.28_PM](/uploads/bad00284e4dfbec1fdd75220c34f4a98/Screen_Shot_2016-04-07_at_1.31.28_PM.png)
![Screen_Shot_2016-04-07_at_1.32.23_PM](/uploads/7cd344765025e93d0035934a473b4bb3/Screen_Shot_2016-04-07_at_1.32.23_PM.png)
See merge request !3605
|
| | | |
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Revert "Merge branch 'new-navigation-prototype' into 'master'"
This reverts merge request !3494
See merge request !3607
|
| | |/
| |/|
| | | |
This reverts merge request !3494
|
|/ /
| |
| |
| | |
[ci skip]
|
|\ \
| |/
|/|
| |
| |
| |
| | |
Revert "Merge branch 'fix-sidebar-exapnd' into 'master'"
This reverts merge request !3520
See merge request !3606
|
|/
|
| |
This reverts merge request !3520
|
|\
| |
| |
| |
| |
| |
| | |
Preserve white space
See merge request !3602
|
| | |
|
| | |
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Update number of Todos in the sidebar when it's marked as "Done"
Closes #15002
See merge request !3600
|
| | | |
|
| |/ |
|
|\ \
| |/
|/|
| |
| |
| |
| | |
Fix problem when creating milestones in groups without projects
Fixes #14012
See merge request !3481
|
| | |
|
| | |
|
| | |
|
| | |
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Add optional colon.
See merge request !3591
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
Disable git gc --auto
See merge request !3572
|
| |\ \ \
| | |/ / |
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Hide "assign to me" link if not allowed
Fixes #14996
See merge request !3590
|
| | | | | |
|
| | | | | |
|
|\ \ \ \ \
| |_|_|/ /
|/| | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* 'master' of dev.gitlab.org:gitlab/gitlabhq:
Make sessions controller specs more explicit
Fix 2FA authentication spoofing vulnerability
Add specs for sessions controller including 2FA
|
| |\ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Fix 2FA authentication spoofing
## Summary
This is security fix for vulnerability described at
https://gitlab.com/gitlab-org/gitlab-ce/issues/14900.
Attacker was able to bypass password authentication of users that have 2FA enabled, and consequently sign is as a different user, without knowing his password, if he managed to guess 2FA One Time Password for that user.
It was also possible to enumerate users and check if they have 2FA enabled, because GitLab responded with different error for each case.
## Fix
This MR attempts to change default user search scope if `otp_user_id` session variable has been set. If it is present, it means that user has 2FA enabled, and has already been verified with login and password. In this case we should look for user with `otp_user_id` first, before picking it up by `login`.
Both, 2FA authentication spoofing and 2FA discovery have been covered by specs.
## Further work
Current 2FA code is a bit tricky, so it probably needs some refactoring.
See merge request !1947
|
| | | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This commit attempts to change default user search scope if otp_user_id
session variable has been set. If it is present, it means that user has
2FA enabled, and has already been verified with login and password. In
this case we should look for user with otp_user_id first, before picking
it up by login.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This also contains specs for a bug described in #14900
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Expire caches after project creation to ensure a consistent state
See merge request !3586
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Closes #14961
|
|\ \ \ \ \ \ \
| |_|/ / / / /
|/| | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Only update main language if it is not already set
Related to gitlab-org/gitlab-ce#14937 (but does not fully fix) This is a temporary fix so performance isn't affected so much.
cc @yorickpeterse @ayufan how does this look?
See merge request !3556
|
| | | | | | | |
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
API: Ability to filter milestones by state
Ability to filter milestones by `active` and `closed` state.
* Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/14931
See merge request !3566
|
| | | | | | | | |
|