| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|\ |
|
| | |
|
| | |
|
| |
| |
| |
| | |
Password Credentials flow.
|
| | |
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| | |
Because this method is a Rails scope we have to instrument it manually
as regular the instrumentation methods only instrument methods defined
directly on a Class or Module.
|
| |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Remove Grack::Auth: part 2 (LFS)
Deprecate Grack::Auth and handle LFS in Rails controllers under the Project namespace.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/14501
See merge request !5369
|
| | |\
| | | |
| | | |
| | | | |
remove-grack-lfs
|
| | | | |
|
| | | | |
|
| |\ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Store OTP secret key in secrets.yml
## What does this MR do?
Migrate the value of `.secret` to `config/secrets.yml` if present, so that `.secret` can be rotated without preventing all users with 2FA from logging in. (On a clean setup, generate different keys for each.)
## Are there points in the code the reviewer needs to double check?
I'm not sure we actually need `.secret` at all after this, but it seems safer not to touch it.
## Why was this MR needed?
We have some DB encryption keys in `config/secrets.yml`, and one in `.secret`. They should all be in the same place.
## What are the relevant issue numbers?
#3963, which isn't closed until I make the relevant changes in Omnibus too.
## Does this MR meet the acceptance criteria?
- [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [x] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- ~~API support added~~
- Tests
- [x] Added for this feature/bug
- [x] All builds are passing
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
See merge request !5274
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We do not want to proceed with loading the app in this case, as it could
lose a secret needed to decrypt values in the database.
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
If an environment variable exists for secret_key_base, use that -
always. But don't save it to secrets.yml.
Also ensure that we never write to secrets.yml if there's a non-blank
value there.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Move the last secret from .secret to config/secrets.yml, and delete
.secret if it exists.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
.secret stores the secret token used for both encrypting login cookies
and for encrypting stored OTP secrets. We can't rotate this, because
that would invalidate all existing OTP secrets.
If the secret token is present in the .secret file or an environment
variable, save it as otp_key_base in secrets.yml. Now .secret can be
rotated without invalidating OTP secrets.
If the secret token isn't present (initial setup), then just generate a
separate otp_key_base and save in secrets.yml.
Update the docs to reflect that secrets.yml needs to be retained past
upgrades, but .secret doesn't.
|
| |\ \ \ \
| | |_|_|/
| |/| | |
| | | | |
| | | | | |
# Conflicts:
# lib/gitlab/redis.rb
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | | |
We will trust redis configuration params loading to Gitlab::RedisConfig.
|
| |/ / /
| | | |
| | | |
| | | |
| | | | |
Add the devise initializer config setting to enable the sending of notification
emails when a user changes their password.
|
| |\ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Fix Import/Export not working in HA mode
Use a shared path instead of `Tempfile` default `/tmp` so the import file is accessible by any GitLab instance.
Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/20506
- [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- Tests
- [x] All builds are passing
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
See merge request !5618
|
| | | | |
| | | | |
| | | | |
| | | | | |
export worker
|
| | |/ /
| |/| |
| | | |
| | | |
| | | | |
This class does quite a few interesting things so let's instrument it so
we can see how much time is being spent in this class.
|
| |/ /
| | |
| | |
| | |
| | | |
Since this isn't an ActiveRecord::Base descendant it wasn't
instrumented.
|
| | |
| | |
| | |
| | | |
Closes #20452
|
| | | |
|
|/ / |
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
into 'master'
Add ENV variable to skip repository storages validations
Closes #20124
See merge request !5478
|
| | | |
|
| | | |
|
| | | |
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
SIDEKIQ_REQUEST_STORE env variable
This significantly reduces the DB churn in the PostReceive task when it
performs reference extraction.
See #18663
|
| |
| |
| |
| |
| | |
This allows us to see how much time is being spent in just parsing
HTML/XML documents.
|
|/
|
|
|
|
|
| |
Certain reverse proxies can send invalid IP addresses in the X-Forwarded-For header
For example, Apache can send (null).
Closes #20194
|
|
|
|
|
| |
Storage path are not created until `TestEnv.init`, so we must skip
their validation on initialization.
|
| |
|
| |
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add support for inline videos in issue, MR and notes (on issue, commit, MR, and MR diff)
## What does this MR do?
It adds support for inline videos in issue, MR and notes (on issue, commit, MR, and MR diff). Most of the work was done by @hayesr in !3508 but a few improvements were still missing.
## Why was this MR needed?
To be able to play uploaded videos in GitLab!
## What are the relevant issue numbers?
Closes #4142.
## Screenshots
### Video players
![Screen_Shot_2016-07-19_at_18.44.09](/uploads/e85e531b455a41c3e66b26b356abaafd/Screen_Shot_2016-07-19_at_18.44.09.png)
-----
![Screen_Shot_2016-07-19_at_18.44.29](/uploads/05f52a812760210d1eae86a7f8fc48bc/Screen_Shot_2016-07-19_at_18.44.29.png)
-----
## Does this MR meet the acceptance criteria?
- [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [x] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- Tests
- [x] Test `VideoLinkFilter`
- [x] Test in `spec/features/markdown_spec.rb`
- [x] Improve `spec/uploaders/file_uploader_spec.rb`
- [x] All builds are passing
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)
See merge request !5215
|
| |
| |
| |
| |
| |
| | |
`.ogg` is for music files.
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
| |
| |
| |
| | |
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
| |
| |
| |
| |
| | |
* Registered video MIME types
* Currently supporting browser-supported formats with extensions that match the mime type
|
| |
| |
| |
| |
| | |
This reverts commit 9065f9c5ff073d376eb6377ca63ead93623fc8a3, reversing
changes made to f0b446e55506b251e85afd4bb063586bccb52eb2.
|
| |
| |
| |
| |
| | |
This reverts commit 79b02e40e5842540ceff4454f6c2c51f13fc081c, reversing
changes made to f2cd21e8946dcef13e8be408b96b079b5ced682a.
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Added the ability to block sign ups using a domain blacklist.
As part of this MR, I restructured the Application Settings form to separate **Sign up** related settings from **Sign in** related settings and make everything cleaner and easier to read.
Fixes #19749
Related to #5573
See merge request !5259
|
| | |
| | |
| | |
| | | |
better conform to its behavior and newly introduced behavior.
|
| | | |
|
| |/
|/| |
|