Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add latest changes from gitlab-org/gitlab@15-3-stable-eev15.3.0-rc42 | GitLab Bot | 2022-08-18 | 1 | -1/+3 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@13-11-stable-eev13.11.0-rc43 | GitLab Bot | 2021-04-20 | 1 | -2/+2 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@13-8-stable-eev13.8.0-rc42 | Robert Speicher | 2021-01-20 | 1 | -4/+9 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@13-5-stable-eev13.5.0-rc42 | GitLab Bot | 2020-10-21 | 1 | -0/+39 |
| | |||||
* | Add latest changes from gitlab-org/security/gitlab@13-4-stable-ee | GitLab Bot | 2020-09-30 | 1 | -2/+4 |
| | |||||
* | Add latest changes from gitlab-org/security/gitlab@13-3-stable-ee | GitLab Bot | 2020-09-01 | 1 | -1/+20 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@13-3-stable-ee | GitLab Bot | 2020-08-20 | 1 | -4/+7 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@13-2-stable-ee | GitLab Bot | 2020-07-20 | 1 | -3/+9 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@13-0-stable-ee | GitLab Bot | 2020-05-20 | 1 | -2/+7 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | 2020-04-01 | 1 | -0/+4 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | 2020-03-02 | 1 | -19/+9 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | 2019-12-11 | 1 | -2/+4 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | 2019-12-10 | 1 | -1/+3 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | 2019-09-26 | 1 | -0/+24 |
| | |||||
* | Add latest changes from gitlab-org/gitlab@master | GitLab Bot | 2019-09-13 | 1 | -0/+1 |
| | |||||
* | Add config to disable impersonation | Imre Farkas | 2018-11-29 | 1 | -0/+6 |
| | | | | | | | | Adds gitlab.impersonation_enabled config option defaulting to true to keep the current default behaviour. Only the act of impersonation is modified, impersonation token management is not affected. | ||||
* | Enable frozen string in lib/api and lib/backup | gfyoung | 2018-09-29 | 1 | -0/+2 |
| | | | | | | | | | | Partially addresses #47424. Had to make changes to spec files because stubbing methods on frozen objects is a mess in RSpec and leads to failures: https://github.com/rspec/rspec-mocks/issues/1190 | ||||
* | Updates code using class_methods over module ClassMethods | Jacopo | 2018-08-29 | 1 | -1/+1 |
| | |||||
* | Block access to API & git when terms are enforced | Bob Van Landuyt | 2018-05-10 | 1 | -1/+11 |
| | | | | | | When terms are enforced, but the user has not accepted the terms access to the API & git is rejected with a message directing the user to the web app to accept the terms. | ||||
* | Make find_user_from_sources extensible for EE | Lin Jen-Shin | 2018-02-05 | 1 | -1/+5 |
| | |||||
* | Changes after rebase | Francisco Lopez | 2017-11-17 | 1 | -20/+1 |
| | |||||
* | Moved Exceptions to Gitlab::Auth | Francisco Lopez | 2017-11-17 | 1 | -10/+10 |
| | |||||
* | Moving exceptions to UserAuthFinders | Francisco Lopez | 2017-11-17 | 1 | -25/+10 |
| | |||||
* | Added some more comments | Francisco Lopez | 2017-11-17 | 1 | -7/+8 |
| | |||||
* | Homogenising the type of the request handled by UserAuthFinder. Also tests fixed | Francisco Lopez | 2017-11-17 | 1 | -3/+0 |
| | |||||
* | Applied some code review comments | Francisco Lopez | 2017-11-17 | 1 | -5/+0 |
| | |||||
* | Removing private token | Francisco Lopez | 2017-11-17 | 1 | -6/+1 |
| | |||||
* | Some fixes after rebase | Francisco Lopez | 2017-11-17 | 1 | -24/+7 |
| | |||||
* | Updated refactor and pushing to see if test fails | Francisco Lopez | 2017-11-17 | 1 | -2/+0 |
| | |||||
* | First refactor | Francisco Lopez | 2017-11-17 | 1 | -39/+19 |
| | |||||
* | Add Gitlab::Utils::StrongMemoize | Lin Jen-Shin (godfat) | 2017-11-13 | 1 | -3/+5 |
| | |||||
* | Add sudo API scope | Douwe Maan | 2017-11-02 | 1 | -66/+38 |
| | |||||
* | Remove authentication using user.private_token | Douwe Maan | 2017-11-02 | 1 | -16/+6 |
| | |||||
* | Move all API authentication code to APIGuard | Douwe Maan | 2017-10-12 | 1 | -41/+92 |
| | |||||
* | Make sure API responds with 401 when invalid authentication info is provideddm-api-unauthorized | Douwe Maan | 2017-09-28 | 1 | -6/+18 |
| | |||||
* | Whitelist or fix additional `Gitlab/PublicSend` cop violationsrs-more-public-send-whitelists | Robert Speicher | 2017-08-14 | 1 | -1/+1 |
| | | | | | An upcoming update to rubocop-gitlab-security added additional violations. | ||||
* | Extract a `Gitlab::Scope` class. | Timothy Andrew | 2017-06-29 | 1 | -1/+1 |
| | | | | | - To represent an authorization scope, such as `api` or `read_user` - This is a better abstraction than the hash we were previously using. | ||||
* | Implement review comments from @DouweM for !12300. | Timothy Andrew | 2017-06-28 | 1 | -1/+1 |
| | | | | | | | - Use a struct for scopes, so we can call `scope.if` instead of `scope[:if]` - Refactor the "remove scopes whose :if condition returns false" logic to use a `select` rather than a `reject`. | ||||
* | Implement review comments from @dbalexandre for !12300. | Timothy Andrew | 2017-06-28 | 1 | -7/+5 |
| | |||||
* | Fix remaining spec failures for !12300. | Timothy Andrew | 2017-06-28 | 1 | -2/+2 |
| | | | | | | | | | | | | | | 1. Get the spec for `lib/gitlab/auth.rb` passing. - Make the `request` argument to `AccessTokenValidationService` optional - `auth.rb` doesn't need to pass in a request. - Pass in scopes in the format `[{ name: 'api' }]` rather than `['api']`, which is what `AccessTokenValidationService` now expects. 2. Get the spec for `API::V3::Users` passing 2. Get the spec for `AccessTokenValidationService` passing | ||||
* | When verifying scopes, manually include scopes from `API::API`. | Timothy Andrew | 2017-06-28 | 1 | -6/+4 |
| | | | | | | | | - They are not included automatically since `API::Users` does not inherit from `API::API`, as I initially assumed. - Scopes declared in `API::API` are considered global (to the API), and need to be included in all cases. | ||||
* | Allow API scope declarations to be applied conditionally. | Timothy Andrew | 2017-06-28 | 1 | -2/+2 |
| | | | | | | | | | | | - Scope declarations of the form: allow_access_with_scope :read_user, if: -> (request) { request.get? } will only apply for `GET` requests - Add a negative test to a `POST` endpoint in the `users` API to test this. Also test for this case in the `AccessTokenValidationService` unit tests. | ||||
* | Initial attempt at refactoring API scope declarations. | Timothy Andrew | 2017-06-28 | 1 | -12/+21 |
| | | | | | | | | | | - Declaring an endpoint's scopes in a `before` block has proved to be unreliable. For example, if we're accessing the `API::Users` endpoint - code in a `before` block in `API::API` wouldn't be able to see the scopes set in `API::Users` since the `API::API` `before` block runs first. - This commit moves these declarations to the class level, since they don't need to change once set. | ||||
* | Enable Style/Proc cop for rubocop | mhasbini | 2017-04-02 | 1 | -1/+1 |
| | |||||
* | Enable and autocorrect the CustomErrorClass cop | Sean McGivern | 2017-03-01 | 1 | -7/+4 |
| | |||||
* | Fix code for cops | Douwe Maan | 2017-02-23 | 1 | -1/+1 |
| | |||||
* | Enable Style/SpaceInsideBrackets | Douwe Maan | 2017-02-23 | 1 | -1/+1 |
| | |||||
* | Enable Style/MutableConstant | Douwe Maan | 2017-02-23 | 1 | -1/+1 |
| | |||||
* | Convert AccessTokenValidationService into a class. | Timothy Andrew | 2016-12-16 | 1 | -2/+2 |
| | | | | | | | | | | - Previously, AccessTokenValidationService was a module, and all its public methods accepted a token. It makes sense to convert it to a class which accepts a token during initialization. - Also rename the `sufficient_scope?` method to `include_any_scope?` - Based on feedback from @rymai | ||||
* | Implement minor changes from @dbalexandre's review. | Timothy Andrew | 2016-12-16 | 1 | -11/+15 |
| | | | | | | | | | | | - Mainly whitespace changes. - Require the migration adding the `scope` column to the `personal_access_tokens` table to have downtime, since API calls will fail if the new code is in place, but the migration hasn't run. - Minor refactoring - load `@scopes` in a `before_action`, since we're doing it in three different places. |