summaryrefslogtreecommitdiff
path: root/lib/api/users.rb
Commit message (Collapse)AuthorAgeFilesLines
* Make getting a user by the username case insensitiveWilliam George2018-10-181-8/+6
|
* Merge branch 'features/unauth-access-ssh-keys' into 'master'Douwe Maan2018-10-051-4/+2
|\ | | | | | | | | List public ssh keys by id or username without authentication See merge request gitlab-org/gitlab-ce!20118
| * List public ssh keys by id or username without authenticationRonald Claveau2018-10-031-4/+2
| |
* | Merge branch 'lib-api-frozen-string-enable' into 'master'Rémy Coutable2018-10-011-0/+2
|\ \ | | | | | | | | | | | | Enable frozen string in lib/api and lib/backup See merge request gitlab-org/gitlab-ce!22005
| * | Enable frozen string in lib/api and lib/backupgfyoung2018-09-291-0/+2
| |/ | | | | | | | | | | | | | | | | | | Partially addresses #47424. Had to make changes to spec files because stubbing methods on frozen objects is a mess in RSpec and leads to failures: https://github.com/rspec/rspec-mocks/issues/1190
* | allow users api to set public_emailAlexis Reigel2018-10-011-0/+1
| |
* | remove obsolete parameter from users apiAlexis Reigel2018-09-261-1/+0
|/
* Merge branch 'rubocop-code-reuse' into 'master'Robert Speicher2018-09-131-0/+56
|\ | | | | | | | | Add RuboCop cops to enforce code reusing rules See merge request gitlab-org/gitlab-ce!21391
| * Disable existing offenses for the CodeReuse copsYorick Peterse2018-09-111-0/+56
| | | | | | | | | | This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop.
* | Add ability to skip user email confirmation with APIStan Hu2018-09-101-0/+1
|/ | | | | | | | This gives admins the ability to send a `skip_confirmation` flag in the `POST /users/:id/email` API endpoint to skip the verification step and assume the given e-mail address is verified. Closes #50876
* Allow users to set a statusBob Van Landuyt2018-07-301-0/+35
| | | | | This can be done trough the API for the current user, or on the profile page.
* Add an option to have a private profile on GitLabJX Terry2018-07-241-5/+6
|
* Add min_access_level filter to projects APIMarko, Peter2018-07-231-0/+1
| | | | Signed-off-by: Marko, Peter <peter.marko@siemens.com>
* Updates from `rubocop -a`Lin Jen-Shin2018-07-091-1/+1
|
* Restoring user v3 endpointFrancisco Javier López2018-06-131-11/+15
|
* Add 2FA filter to users API for admins onlyDmitriy Zaporozhets2018-04-231-1/+1
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Allow including custom attributes in API responsesMarkus Koller2018-02-081-1/+8
|
* Add sorting options for /users API (admin only)42669-allow-order_by-users-in-gitlab-apiDmitriy Zaporozhets2018-02-061-1/+18
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Track and act upon the number of executed queriesquery-countsYorick Peterse2018-02-011-0/+2
| | | | | | | | | | | This ensures that we have more visibility in the number of SQL queries that are executed in web requests. The current threshold is hardcoded to 100 as we will rarely (maybe once or twice) change it. In production and development we use Sentry if enabled, in the test environment we raise an error. This feature is also only enabled in production/staging when running on GitLab.com as it's not very useful to other users.
* Added default order to UserFinderFrancisco Javier López2017-12-041-0/+2
|
* Skip confirmation user apiDaniel Juarez2017-11-211-1/+2
|
* Remove private_token from API user entityDouwe Maan2017-11-021-3/+1
|
* Merge branch 'master' into ↵Douwe Maan2017-10-051-11/+9
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | digitalmoksha/gitlab-ce-feature/verify_secondary_emails # Conflicts: # app/controllers/admin/users_controller.rb # app/controllers/confirmations_controller.rb # app/controllers/profiles/emails_controller.rb # app/models/user.rb # app/services/emails/base_service.rb # app/services/emails/destroy_service.rb # app/views/devise/mailer/confirmation_instructions.html.haml # lib/api/users.rb # spec/services/emails/destroy_service_spec.rb
| * Support custom attributes on usersMarkus Koller2017-09-281-0/+2
| |
| * refactor emails servicerefactor-servicesJames Lopez2017-09-281-4/+4
| |
| * refactor users update serviceJames Lopez2017-09-281-1/+1
| |
| * refactor services to match EE signatureJames Lopez2017-09-281-5/+5
| |
| * find_user users helper method no longer overrides find_user API helper method.37467-helper-method-from-users-endpoint-overrides-api-helper-methodTiago Botelho2017-09-261-2/+2
| |
* | fix calls to Emails::DestroyServiceBrett Walker2017-09-231-2/+2
| |
* | Send a confirmation email when the user adds a secondary email address. ↵Brett Walker2017-09-231-2/+0
|/ | | | Utilizes the Devise `confirmable` capabilities. Issue #37385
* Ensure we use `Entities::User` for non-admin `users/:id` API requestsRobert Speicher2017-09-151-1/+1
|
* API: Add GPG key management for adminsRobert Schilling2017-09-051-0/+80
|
* API: Add GPG key managementRobert Schilling2017-09-051-0/+70
|
* Update remaining endpointsRobert Schilling2017-08-281-2/+5
|
* Conditionally destroy a ressourceRobert Schilling2017-08-281-34/+13
|
* API: Respect the 'If-Unmodified-Since' for delete endpointsRobert Schilling2017-08-281-0/+28
|
* Include the `is_admin` field in the `GET /users/:id` API when current user ↵Rémy Coutable2017-08-111-9/+4
| | | | | | is an admin Signed-off-by: Rémy Coutable <remy@rymai.me>
* Update grape gemdz-update-grapeDmitriy Zaporozhets2017-07-201-0/+5
| | | | | | | | New version of the gem returns 200 status code on delete with content instead of 204 so we explicitly set status code to keep existing behavior Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Return `is_admin` attribute in the GET /user endpoint for adminsRémy Coutable2017-07-121-1/+10
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* fix specsJames Lopez2017-07-071-1/+1
|
* add created at filter logic to users finder and APIJames Lopez2017-07-071-0/+6
|
* Merge branch 'master' into '33580-fix-api-scoping'Douwe Maan2017-07-041-9/+20
|\ | | | | | | # Conflicts: # lib/api/users.rb
| * Simplify authentication logic in the v4 users API for !12445.Timothy Andrew2017-07-041-1/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | - Rather than using an explicit check to turn off authentication for the `/users` endpoint, simply call `authenticate_non_get!`. - All `GET` endpoints we wish to restrict already call `authenticated_as_admin!`, and so remain inacessible to anonymous users. - This _does_ open up the `/users/:id` endpoint to anonymous access. It contains the same access check that `/users` users, and so is safe for use here. - More context: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/12445#note_34031323
| * Merge remote-tracking branch 'origin/master' into ↵Timothy Andrew2017-06-301-10/+10
| |\ | | | | | | | | | | | | | | | | | | 34141-allow-unauthenticated-access-to-the-users-api - Modify policy code to work with the `DeclarativePolicy` refactor in 37c401433b76170f0150d70865f1f4584db01fa8.
| * | Implement review comments for !12445 from @godfat and @rymai.Timothy Andrew2017-06-301-15/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Use `GlobalPolicy` to authorize the users that a non-authenticated user can fetch from `/api/v4/users`. We allow access if the `Gitlab::VisibilityLevel::PUBLIC` visibility level is not restricted. - Further, as before, `/api/v4/users` is only accessible to unauthenticated users if the `username` parameter is passed. - Turn off `authenticate!` for the `/api/v4/users` endpoint by matching on the actual route + method, rather than the description. - Change the type of `current_user` check in `UsersFinder` to be more compatible with EE.
| * | Allow unauthenticated access to the `/api/v4/users` API.Timothy Andrew2017-06-261-6/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - The issue filtering frontend code needs access to this API for non-logged-in users + public projects. It uses the API to fetch information for a user by username. - We don't authenticate this API anymore, but instead - if the `current_user` is not present: - Verify that the `username` parameter has been passed. This disallows an unauthenticated user from grabbing a list of all users on the instance. The `UsersFinder` class performs an exact match on the `username`, so we are guaranteed to get 0 or 1 users. - Verify that the resulting user (if any) is accessible to be viewed publicly by calling `can?(current_user, :read_user, user)`
* | | Initial attempt at refactoring API scope declarations.Timothy Andrew2017-06-281-1/+3
| |/ |/| | | | | | | | | | | | | | | | | - Declaring an endpoint's scopes in a `before` block has proved to be unreliable. For example, if we're accessing the `API::Users` endpoint - code in a `before` block in `API::API` wouldn't be able to see the scopes set in `API::Users` since the `API::API` `before` block runs first. - This commit moves these declarations to the class level, since they don't need to change once set.
* | fix spec failuresJames Lopez2017-06-241-1/+1
| |
* | fix spec failuresJames Lopez2017-06-231-4/+4
| |
* | refactor update user service not to do auth checksJames Lopez2017-06-231-1/+1
| |
View Lorry Controller Status