| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| |
| | |
Link note avatar to user.
See merge request !446
|
| | |
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Reduce Rack Attack false positives causing 403 errors during HTTP authentication
### What does this MR do?
This MR reduces false positives causing `403 Forbidden` messages after HTTP authentication.
A Git client may attempt to access a repository without a password. If it receives a 401 error, the client often will try again, this time supplying a password. The problem is that `grack_auth.rb` considers a blank password an authentication failure and increases a Redis counter each time this happens. With enough requests, an IP can be banned temporarily even though previous attempts may have been successful. This leads users to see `403 Forbidden` errors until the ban times out (default: 1 hour).
To reduce the chance of a false positive, this MR resets the counter upon a successful authentication from an IP.
In addition, this MR logs when a user has been banned and introduces the ability to disable Rack Attack via a config variable.
### Are there points in the code the reviewer needs to double check?
rack-attack v4.2.0 doesn't support the ability to clear counters out of the box, so `rack_attack_helpers.rb` includes a number of monkey patches to make it work. It looks like this functionality may be added in v4.3.0. I've also sent pull requests to rack-attack to add the functionality necessary to delete a key.
Each time an authentication is successful, the Redis counter for that IP is cleared. I deemed it better to clear the counter than to allow for blank passwords, since the latter seems like a security risk.
### Why was this MR needed?
It was quite difficult to figure out why users were seeing `403 Forbidden`, which is why the log message was added. Users were getting a lot of false positives when accessing repositories with HTTPS. Including the username in the HTTPS URL (e.g. `https://username@mydomain.com/account/repo.git`) caused authentication failures because while the git client provided the username, it left the password blank, leading to an authentication failure.
### What are the relevant issue numbers / [Feature requests](http://feedback.gitlab.com/)?
See Issue #1171
https://github.com/kickstarter/rack-attack/issues/113
See merge request !392
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
successful Git over HTTP authentication.
Add logging when a ban goes into effect for debugging.
Issue #1171
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Remove duplicate CHANGELOG items for v7.8.0
[ci skip]
See merge request !447
|
| |/ /
| | |
| | |
| | | |
[ci skip]
|
|\ \ \
| |/ /
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fix nested task lists
When nesting task list items, the parent item is wrapped in a `<p>` tag. Update the task list parser to handle these paragraph wrappers.
cc @sytse
See merge request !413
|
| | | |
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Don't mark merge request as updated when merge status relative to target branch changes.
Addresses https://gitlab.com/gitlab-org/gitlab-ce/issues/1254 and private issue https://dev.gitlab.org/gitlab/gitlabhq/issues/2165.
See merge request !431
|
| | | |
| | | |
| | | |
| | | | |
branch changes.
|
|\ \ \ \
| |_|_|/
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Don't include system notes in issue/MR comment count.
Addresses private issue https://dev.gitlab.org/gitlab/gitlabhq/issues/2163.
See merge request !430
|
| |/ / |
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Send EmailsOnPush email when branch or tag is created or deleted.
Addresses #1951, #1957 and #1925.
![Screen_Shot_2015-03-17_at_13.58.15](https://dev.gitlab.org/gitlab/gitlabhq/uploads/16ff25adb4b4a7e1923612e0652442b4/Screen_Shot_2015-03-17_at_13.58.15.png)
![Screen_Shot_2015-03-17_at_13.58.22](https://dev.gitlab.org/gitlab/gitlabhq/uploads/e346c1d84aba3a093b722d0a4167e289/Screen_Shot_2015-03-17_at_13.58.22.png)
![Screen_Shot_2015-03-17_at_13.58.28](https://dev.gitlab.org/gitlab/gitlabhq/uploads/720437ecc13f317c6d20eff82ac60bd7/Screen_Shot_2015-03-17_at_13.58.28.png)
![Screen_Shot_2015-03-17_at_13.58.34](https://dev.gitlab.org/gitlab/gitlabhq/uploads/2b302bb6cdbe27c96a8dff1375236602/Screen_Shot_2015-03-17_at_13.58.34.png)
See merge request !1709
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Don't show commit comment button when user is not signed in.
Address private issue https://dev.gitlab.org/gitlab/gitlabhq/issues/2167.
See merge request !429
|
| | |/ /
| |/| | |
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
Conflicts:
app/controllers/users_controller.rb
|
| | | | | |
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Replace commits calendar with contributions calendar
* count opening of issues and merge requests
* dont trigger git repository - use events from database
* count pushes instead of commits for faster and easier counting
* much-much faster since does not affected by repository size
See merge request !420
|
| |/ / / / |
|
|\ \ \ \ \
| |_|/ / /
|/| | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Include missing events and fix save functionality in admin service template settings form
### What does this MR do?
This MR includes missing settings left out in the Admin -> Service Templates page and fixes the inability to save certain settings.
### Are there points in the code the reviewer needs to double check?
No.
### Why was this MR needed?
Because the service template form was broken and untested.
### What are the relevant issue numbers / [Feature requests](http://feedback.gitlab.com/)?
#1275
Before:
![Screen_Shot_2015-03-23_at_5.53.19_AM](https://gitlab.com/stanhu/gitlab-ce/uploads/e1bff75f30a3b6ecb174d3e25c722b7e/Screen_Shot_2015-03-23_at_5.53.19_AM.png)
After:
![Screen_Shot_2015-03-23_at_5.53.13_AM](https://gitlab.com/stanhu/gitlab-ce/uploads/8fada00128a3d0951b3230fefa64be92/Screen_Shot_2015-03-23_at_5.53.13_AM.png)
See merge request !427
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
settings form
Closes #1275
|
|\ \ \ \ \ |
|
| |/ / / /
| | | | |
| | | | |
| | | | | |
Closes #1268
|
| |\ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Disable reference generation in preformatted/code blocks
### Summary
If a user adds text in code or preformatted text via Markdown or HTML that contains `#XXX`, the system adds a note that issue `XXX` was mentioned. This is particularly annoying because we often list gdb backtrace dumps into our issues, and many issues get mentioned as a result. For example:
```
(gdb) bt
#0 0x00000000004004c4 in second () at main.cc:6
#1 0x00000000004004d2 in first () at main.cc:11
#2 0x00000000004004dd in main () at main.cc:17
(gdb)
```
### Steps to reproduce
1. In an issue, write the above text using Markdown or HTML tags (e.g. `<code>`, `<pre>`).
2. Observe that [issue 1](https://gitlab.com/gitlab-org/gitlab-ce/issues/1) and [issue 2](https://gitlab.com/gitlab-org/gitlab-ce/issues/2) have a note that says they were mentioned.
### Expected behavior
Everything enclosed in the code blocks should be ignored as references.
### Observed behavior
Issues get referenced unnecessarily.
### Fix
I've made `reference_extractor.rb` strip out HTML and Markdown blocks before processing. I considered running the raw text through the entire Markdown processor, but this seems overkill and perhaps could lead to some unintended side effects.
See merge request !365
|
| | | | | | |
|
| |\ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Fix dots in Wiki slug causing errors
### What does this MR do?
When a user enters in dots into the Wiki slug, an error occurs:
```
NoMethodError (undefined method `escaped_url_path' for nil:NilClass):
app/models/wiki_page.rb:172:in `set_attributes'
app/models/wiki_page.rb:191:in `save'
app/models/wiki_page.rb:155:in `update'
app/controllers/projects/wikis_controller.rb:49:in `update'
```
This MR fixes this problem.
### Are there points in the code the reviewer needs to double check?
See the problem below.
### Why was this MR needed?
The issue is that the `save` method gets called differently:
```ruby
def create(attr = {})
....
save :create_page, title, content, format, message
```
or
```ruby
def update(new_content = "", format = :markdown, message = nil)
...
save :update_page, @page, content, format, message
```
In the create case, title is the slug entered in by the user (e.g. `path/how-to-write-wiki-pages`).
In the update case, originally `@page.page` included the format extension (e.g.`path/how-to-write-wiki-pages.Markdown`). The method `page_title_and_dir` was trying to handle both cases and not doing the right thing. For example, calling `page_title_and_dir('test-1.2.3')` would result in:
```
path_title = test-1.2
path_dir = 3
```
### What are the relevant issue numbers / [Feature requests](http://feedback.gitlab.com/)?
Issues #1263, #431
This replaces !156
See merge request !419
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Closes #1263, #431
|
| | |_|/ / /
| |/| | | |
| | | | | |
| | | | | | |
Closes #1267
|
|/ / / / / |
|
|/ / / / |
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Change permissions on backup files - #2
Use more restrictive permissions for backup tar files and for the db, uploads, and repositories directories inside the tar files. See #1894. Now the backup task recursively `chmod`s the `db/`, `uploads/`, and `repositories/` folders with 0700 permissions, and the tar file is created as 0600.
This is a followup to !1703, which was reverted because it broke Rspec tests. The test failures were due to the rake task changing directories and not changing back, which I fixed with this commit.
cc @sytse
See merge request !1716
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Use more restrictive permissions for backup tar files and for the db,
uploads, and repositories directories inside the tar files.
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Add sidetiq dependency
Add the sidetiq gem to the Gemfile to match EE. See #2159.
cc @sytse
See merge request !1734
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Add the sidetiq gem to the Gemfile to match EE.
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | | |
https://github.com/ayufan/gitlabhq into ayufan-topic/push_tag_events_for_ci
|
| |/ / / / / |
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Performance improvements
* Cache project branches and tags into variables
* Cache lookup results into hash to prevent repeating same requests to git repo
* Cache head commit and head tree
See merge request !417
|
| |/ / / / / |
|
| | | | | | |
|
|/ / / / / |
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Location field in user profile
Twitter allows you to set string with location information.
I find it very useful in work to know where user from. It allows to communicate with knowing time difference and cultural things.
See merge request !411
|
| | | | | | |
|
| |_|_|_|/
|/| | | | |
|
| | | | | |
|
|\ \ \ \ \ |
|
| |\ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Fix cross-references that contain underscores
### What does this MR do?
Cross-references that contain underscores confuse the Markdown renderer and don't work properly. For example:
1. In `myacct/project_one#456`, add a comment that includes a reference to `myacct/project_two#123`.
2. The comment in `myacct/project_one#456` links correctly.
3. The system note in `myacct/project_two#123` is incorrectly linked as:
`mentioned in issue myacct/projectone#456_`
This MR removes the use of the `_` character in the system notes to prevent Markdown confusion.
See a full discussion in #1160.
### Are there points in the code the reviewer needs to double check?
To preserve backwards compatibility with existing system notes, there is a SQL wildcard match for notes having underscores. This seemed safer than migrating all notes.
### Why was this MR needed?
In an ideal world, the Markdown parser would be able to handle references containing underscores with or without escape sequences. However, there are a number of issues:
1. RedCarpet's parser for emphasis block is pretty dumb: it treats `#` as a word break and thus even the `intra_word_emphasis` flag has no effect.
2. The parser is in C and can't be changed easily.
3. There is no way to insert an escape sequence for emphasis blocks.
The only way around this is to switch to something like CommonMark, which does support escape sequences.
### What are the relevant issue numbers / [Feature requests](http://feedback.gitlab.com/)?
Issue #1160
### Screenshots
Before:
![Screen_Shot_2015-03-19_at_1.39.29_AM](https://gitlab.com/gitlab-org/gitlab-ce/uploads/a1db4b96c0df2f10d9855ed5abe976ca/Screen_Shot_2015-03-19_at_1.39.29_AM.png)
After:
![Screen_Shot_2015-03-19_at_1.39.35_AM](https://gitlab.com/gitlab-org/gitlab-ce/uploads/189a062c2d19645eec1782ac1f0d4f2f/Screen_Shot_2015-03-19_at_1.39.35_AM.png)
See merge request !385
|
| | | |_|/ /
| | |/| | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
underscores.
Remove emphasis from system notes to avoid Markdown conflicts in names.
|
| |\ \ \ \ \
| | |_|/ / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Update poltergeist to support phantomjs 2.0
In response to [my issue](https://gitlab.com/gitlab-org/gitlab-development-kit/issues/36) on the GDK.
PhantomJS 1.8 was not in the repo's anymore. Only poltergeist needed it, but they support PhantomJS 2.0 since 1.6.0. (next release since 1.5.1) [Their CHANGELOG](https://github.com/teampoltergeist/poltergeist/blob/master/CHANGELOG.md).
Tested locally with Ruby 2.1.5. As this took ages, I haven't tested further.
See merge request !403
|