| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Allow a user to sign out when on the terms page
Closes #46211
See merge request gitlab-org/gitlab-ce!18875
|
|
|
|
|
|
|
| |
Enforce terms acceptance before configuring 2FA
Closes #46256
See merge request gitlab-org/gitlab-ce!18896
|
|\
| |
| |
| |
| | |
Fix failed jobs tab
See merge request gitlab-org/gitlab-ce!18520
|
| | |
|
|\ \
| | |
| | |
| | |
| | | |
Backport 5480-epic-notifications from EE
See merge request gitlab-org/gitlab-ce!18724
|
| | | |
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
Backport of 1481-changing-weight-values-should-trigger-system-notes
See merge request gitlab-org/gitlab-ce!18699
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
Improve UX For Group Runners
See merge request gitlab-org/gitlab-ce!18649
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | | |
These were just shorthands for project_... and they will be confusing when introducing group runners so we should not have them (#10244)
|
| | | | | |
|
| |_|/ /
|/| | | |
|
| | | | |
|
|\ \ \ \
| |/ / /
|/| | |
| | | |
| | | |
| | | |
| | | | |
Resolve "CI retry/cancel job or pipeline redirect the user and can't be open in a new tab"
Closes #33697
See merge request gitlab-org/gitlab-ce!18451
|
| |\ \ \ |
|
| | | | | |
|
| | | | | |
|
| |\ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* master: (83 commits)
Broken link fix
Fix unassign slash command preview
Make /copy_metadata only handle the first issuable passed
Allow admins to push to empty repos
Only show push-to-master authorized users
Document externally hosted LFS objects
Add CHANGELOG entry
Show Runner's description on job's page
Fix an N+1 for MRs from forks on the MR index page
Improve documentation of SSRF protection
Replace find file project spinach tests with RSpec
Fix docs typo for ci/lint
[Backport] Burndown chart for group milestone
Bump lograge to 0.10.0 and remove monkey patch
Add Capybara debugging methods to docs
Update CHANGELOG.md for 10.7.1
Add missing changelog entry
Resolve "Avatar URLs are wrong when using a CDN path and Object Storage"
Fix users not seeing labels from private groups when being a member of a child project
Update doorkeeper for:
...
|
| |\ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
* master: (48 commits)
Get rid of config/initializers/2_app.rb and define Gitlab in lib/gitlab.rb
Fix eslint
Fix eslint
Address latest feedback
Moved committer and spec. Added some extra code to run hooks or not depending on the options
Fix minor typos
Fix disabled state while making a request
Move Settings to its own file, isolate it from Rails and introduce Gitlab.root
Document the new 'spec/fast_spec_helper.rb' file
Introduce spec/fast_spec_helper.rb to run spec files that don't rely on the whole Rails env
Move spec helpers/matchers/shared examples/contexts to their relevant folder
Use axios request to interact with API instead of UJS
Emit `toggleCollapse`, `onDropdownClose` on component
Add changelog for 2fa filter in users api
Add 2FA filter to users API for admins only
Emit `onValueClick` event on component when container is clicked
Fix project creation for user endpoint bug
Update repository storages documentation URL
Flowdock uses Gitaly, not Grit
fix revoke header on deploy token docs
...
|
| | | | | | | |
|
| | | | | | | |
|
|\ \ \ \ \ \ \
| |_|_|_|_|_|/
|/| | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
'44059-specify-variables-when-executing-a-manual-pipeline-from-the-ui' into 'master'
Resolve "Specify variables when executing a manual pipeline from the UI"
Closes #44059
See merge request gitlab-org/gitlab-ce!18440
|
| |\ \ \ \ \ \
| | | |_|_|/ /
| | |/| | | |
| | | | | | | |
44059-specify-variables-when-executing-a-manual-pipeline-from-the-ui
|
| |\ \ \ \ \ \
| | | |_|_|/ /
| | |/| | | |
| | | | | | | |
44059-specify-variables-when-executing-a-manual-pipeline-from-the-ui
|
| | | | | | | |
|
| | | | | | | |
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Enforce application wide terms
Closes #44798
See merge request gitlab-org/gitlab-ce!18570
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
`InternalRedirect` prevents Open redirect issues by only allowing
redirection to paths on the same host.
It cleans up any unwanted strings from the path that could point to
another host (fe. //about.gitlab.com/hello). While preserving the
querystring and fragment of the uri.
It is already used by:
- `TermsController`
- `ContinueParams`
- `ImportsController`
- `ForksController`
- `SessionsController`: Only for verifying the host in CE. EE allows
redirecting to a different instance using Geo.
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
This enforces the terms in the web application. These cases are
specced:
- Logging in: When terms are enforced, and a user logs in that has not
accepted the terms, they are presented with the screen. They get
directed to their customized root path afterwards.
- Signing up: After signing up, the first screen the user is presented
with the screen to accept the terms. After they accept they are
directed to the dashboard.
- While a session is active:
- For a GET: The user will be directed to the terms page first,
after they accept the terms, they will be directed to the page
they were going to
- For any other request: They are directed to the terms, after they
accept the terms, they are directed back to the page they came
from to retry the request. Any information entered would be
persisted in localstorage and available on the page.
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
When a user accepts, we store this in the agreements to keep track of
which terms they accepted. We also update the flag on the user.
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
When terms are present, they can be viewed on `/-/users/terms`.
|
|/ / / / / / / |
|
| | | | | | | |
|
|\ \ \ \ \ \ \ |
|
| | |_|/ / / /
| |/| | | | | |
|
| | | | | | | |
|
| |\ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
'blackst0ne-rails5-use-safe-params-instead-of-params-in-url-for-helpers' into 'master'
[Rails5] Use `safe_params` instead of `params` in `url_for` helpers
See merge request gitlab-org/gitlab-ce!18637
|
| | | |/ / / /
| | |/| | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This commits replaces `params` with `safe_params` in `url_for` helpers
to resolve security issues [1] and failing specs with the
```
ArgumentError:
Attempting to generate a URL from non-sanitized request parameters!
An attacker can inject malicious data into the generated URL, such as
changing the host. Whitelist and sanitize passed parameters to be secure.
```
error.
[1]: https://gitlab.com/gitlab-org/gitlab-ce/issues/45168
|
| |\ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
into 'master'
[Rails5] Update `ApplicationController#log_exception` to fix `undefined method 'clean'` error
See merge request gitlab-org/gitlab-ce!18636
|
| | |/ / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
method 'clean'` error
This commit fixes the error:
```
1) Projects::TodosController Merge Requests POST create when not authorized for merge_request doesn't create todo
Failure/Error: application_trace = ActionDispatch::ExceptionWrapper.new(env, exception).application_trace
NoMethodError:
undefined method `clean' for #<Hash:0x000055be5bda35d0>
Did you mean? clear
# ./app/controllers/application_controller.rb:113:in `log_exception'
# ./app/controllers/application_controller.rb:40:in `block in <class:ApplicationController>'
# ./spec/controllers/projects/todos_controller_spec.rb:80:in `go'
# ./spec/controllers/projects/todos_controller_spec.rb:138:in `block (6 levels) in <top (required)>'
# ./spec/controllers/projects/todos_controller_spec.rb:138:in `block (5 levels) in <top (required)>'
# ------------------
# --- Caused by: ---
# ActiveRecord::RecordNotFound:
# Couldn't find MergeRequest
# ./app/finders/concerns/finder_methods.rb:19:in `raise_not_found_unless_authorized'
Finished in 7.53 seconds (files took 12.8 seconds to load)
1 example, 1 failure
```
Also see https://github.com/rails/rails/commit/6d85804bc6aeecce5669fb4b0d7b33c069deff3a
|
| |\ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Fix file_store for artifacts and lfs when saving
See merge request gitlab-org/gitlab-ce!18624
|
| | |/ / / / / |
|
| | | | | | | |
|
| |/ / / / / |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
runner.belonging_to_parent_group_of_project(project.id)`
|