summaryrefslogtreecommitdiff
path: root/lib/gitlab/auth
Commit message (Collapse)AuthorAgeFilesLines
* Ensure Warden triggers after_authentication callbackImre Farkas2019-07-261-2/+5
| | | | | | By not triggering the callback: - ActiveSession lookup keys are not cleaned - Devise also misses its hook related to session cleanup
* Frozen string cannot change encodingfrozen_string_spec_supportThong Kuah2019-07-261-2/+1
| | | | | | | | | This was shown in specs but surely this will be happening in application code as well if this method is passes a frozen string. We were also trying to force_encode a OmniAuth::AuthHash which had the very confusing behaviour of returning nil when it was sent a method that it did not define. Fix that by only force_encoding a String.
* OAuth2 support for GitLab personal access tokensSteve Abrams2019-07-221-3/+14
| | | | | | PATs are accepted using the OAuth2 compliant header "Authorization: Bearer {token}" in order to allow for OAuth requests while 2FA is enabled.
* Add a rubocop for Rails.loggerMayra Cabrera2019-07-103-7/+7
| | | | | | Suggests to use a JSON structured log instead Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/54102
* Support CIDR notation in IP rate limitersh-support-subnets-ip-rate-limiterStan Hu2019-06-271-1/+16
| | | | | This will make it possible to whitelist multiple IP addresses (e.g. 192.168.0.1/24).
* #57815 Password authentication disabled for UltraAuth usersKartikey Tanna2019-06-181-0/+4
| | | | | Disabled password authentication for the users registered using omniauth-ultraauth strategy
* Add no-tabs class and externalize stringsMartin Wortschack2019-05-271-1/+1
| | | | | | | - Add .no-tabs to login-box - Externalize strings in common signup box - Leverage render_if_exists - Update PO file
* Run rubocop -a on CE filessh-upgrade-rubocop-0.68.0-ceStan Hu2019-05-051-1/+0
|
* Backport 'Update user name upon LDAP sync' from EERémy Coutable2019-03-251-10/+7
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Handle nil name in Gitlab::Auth::LDAP::Person#nameRémy Coutable2019-03-201-1/+1
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Adds the Rubocop ReturnNil copAndrew Newdigate2019-03-063-5/+5
| | | | | This style change enforces `return if ...` instead of `return nil if ...` to save maintainers a few minor review points
* Merge branch 'add_ldap_tls_options' into 'master'Douwe Maan2019-03-051-15/+42
|\ | | | | | | | | | | | | Allow raw `tls_options` to be passed in LDAP configuration Closes #46391 See merge request gitlab-org/gitlab-ce!20678
| * Allow raw `tls_options` to be passed in LDAP configurationDrew Blessing2019-03-041-15/+42
| | | | | | | | | | | | | | We've previously exposed ca_file and ssl_version but there are many possible options that can be used inside tls_options. Instead of exposing individual ones, simply expose the entire hash so it can be passed in and we won't have to add things in the future.
* | Merge branch 'ce-security-jej/group-saml-link-origin-verification' into 'master'Yorick Peterse2019-03-041-1/+5
|\ \ | |/ |/| | | | | Ensure request to link GroupSAML acount was GitLab initiated See merge request gitlab/gitlabhq!2976
| * Backport EE GroupSAML origin verification changesJames Edwards-Jones2019-01-231-1/+5
| |
* | Backport of ee/9235: Add LDAP integration to smartcard authenticationImre Farkas2019-01-271-8/+11
| |
* | Log admin status of user when OAuth::User is savedImre Farkas2019-01-231-1/+1
|/
* chore(rubocop): fix Style/TrivialAccessors issuesSemyon Pupkov2019-01-161-3/+1
|
* Add config to disable impersonationImre Farkas2018-11-291-0/+3
| | | | | | | | Adds gitlab.impersonation_enabled config option defaulting to true to keep the current default behaviour. Only the act of impersonation is modified, impersonation token management is not affected.
* Merge branch 'security-fix-pat-web-access' into 'master'Cindy Pallares2018-11-282-6/+47
| | | | | [master] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request" See merge request gitlab/gitlabhq!2583
* Merge branch 'fix/allow-saml2-for-2fa-bypass' into 'master'Douwe Maan2018-11-201-1/+1
|\ | | | | | | | | saml/auth_hash: Allow 2FA bypass for SAML 2.0 responses See merge request gitlab-org/gitlab-ce!22568
| * saml/auth_hash: Allow 2FA bypass for SAML 2.0 responses1151002018-10-251-1/+1
| | | | | | | | Closes gitlab-org/gitlab-ce/#53102.
* | Fix typos in comments and specsGeorge Tsiolis2018-11-011-1/+1
| |
* | [master] Persist only SHA digest of PersonalAccessToken#tokenImre Farkas2018-10-291-3/+1
|/
* Enable some frozen string in lib/gitlabgfyoung2018-10-1329-1/+59
| | | | | | | | | | | | | | Enable frozen string for the following files: * lib/gitlab/auth/**/*.rb * lib/gitlab/badge/**/*.rb * lib/gitlab/bare_repository_import/**/*.rb * lib/gitlab/bitbucket_import/**/*.rb * lib/gitlab/bitbucket_server_import/**/*.rb * lib/gitlab/cache/**/*.rb * lib/gitlab/checks/**/*.rb Partially addresses #47424.
* Correct Gitlab Capitalization in code filesMarcel Amirault2018-09-211-3/+3
|
* Disable existing offenses for the CodeReuse copsYorick Peterse2018-09-114-0/+10
| | | | | This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop.
* Backport LDAP changes to CEDouglas Barbosa Alexandre2018-08-231-10/+14
|
* Fix broken Git over HTTP clones with LDAP usersStan Hu2018-08-221-0/+1
| | | | | | | | Due to a regression in !20608, the LDAP authenticator was not being used unless OmniAuth was enabled. This change allows the LDAP provider to be used if it is configured regardless of the OmniAuth setting. Closes #50579
* Improve blocked user tracking code readabilityGrzegorz Bizon2018-08-031-1/+1
|
* Remove an empty line from blocker user tracker classGrzegorz Bizon2018-08-021-1/+0
|
* Remove an empty line from the end of blocked_user_tracker.rbGrzegorz Bizon2018-08-021-1/+1
|
* Improve authentication events-related code readabilityGrzegorz Bizon2018-08-011-1/+1
|
* Simplify blocked user tracking during authenticationGrzegorz Bizon2018-08-012-47/+10
|
* Improve blocked user tracking and fire some events only onceGrzegorz Bizon2018-08-011-2/+4
|
* Merge branch 'feature/gb/login-activity-metrics' into 'master'Sean McGivern2018-07-312-19/+117
|\ | | | | | | | | | | | | Add user authentication activity metrics Closes #47789 See merge request gitlab-org/gitlab-ce!20668
| * Improve authentication activity code readabilityGrzegorz Bizon2018-07-311-5/+5
| |
| * Improve specs for blocked user tracker classGrzegorz Bizon2018-07-271-19/+22
| |
| * Add authentication metrics for sessionless sign inGrzegorz Bizon2018-07-271-1/+5
| |
| * Improve readability and move custom matchers to better placeGrzegorz Bizon2018-07-271-3/+1
| |
| * Catch custom warden events too to increment metricsGrzegorz Bizon2018-07-271-1/+0
| |
| * Make authentication metrics events explicit is specsGrzegorz Bizon2018-07-261-4/+4
| |
| * Fix activity metric name that need to be symbolsfeature/gb/login-activity-metricsGrzegorz Bizon2018-07-241-1/+1
| |
| * Make it easier to stub authentication metricsGrzegorz Bizon2018-07-231-11/+15
| |
| * Track blocked users and two factor authenticationsGrzegorz Bizon2018-07-231-6/+10
| |
| * Refactor blocked user tracker classGrzegorz Bizon2018-07-202-20/+41
| |
| * Add custom expectations for authentication activity metricsGrzegorz Bizon2018-07-201-2/+8
| |
| * Rename authentication activity observer methodsGrzegorz Bizon2018-07-191-13/+3
| |
| * Implement scaffold of authentication activity metricsGrzegorz Bizon2018-07-171-0/+69
| |
* | Disable SAML if OmniAuth is disabled48932-disable-saml-if-omniauth-is-disabledLin Jen-Shin2018-07-201-1/+1
|/ | | | | We also try to unify the way we setup OmniAuth, and how we check if it's enabled or not.
View Lorry Controller Status