Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Ensure Warden triggers after_authentication callback | Imre Farkas | 2019-07-26 | 1 | -2/+5 |
| | | | | | | By not triggering the callback: - ActiveSession lookup keys are not cleaned - Devise also misses its hook related to session cleanup | ||||
* | Frozen string cannot change encodingfrozen_string_spec_support | Thong Kuah | 2019-07-26 | 1 | -2/+1 |
| | | | | | | | | | This was shown in specs but surely this will be happening in application code as well if this method is passes a frozen string. We were also trying to force_encode a OmniAuth::AuthHash which had the very confusing behaviour of returning nil when it was sent a method that it did not define. Fix that by only force_encoding a String. | ||||
* | OAuth2 support for GitLab personal access tokens | Steve Abrams | 2019-07-22 | 1 | -3/+14 |
| | | | | | | PATs are accepted using the OAuth2 compliant header "Authorization: Bearer {token}" in order to allow for OAuth requests while 2FA is enabled. | ||||
* | Add a rubocop for Rails.logger | Mayra Cabrera | 2019-07-10 | 3 | -7/+7 |
| | | | | | | Suggests to use a JSON structured log instead Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/54102 | ||||
* | Support CIDR notation in IP rate limitersh-support-subnets-ip-rate-limiter | Stan Hu | 2019-06-27 | 1 | -1/+16 |
| | | | | | This will make it possible to whitelist multiple IP addresses (e.g. 192.168.0.1/24). | ||||
* | #57815 Password authentication disabled for UltraAuth users | Kartikey Tanna | 2019-06-18 | 1 | -0/+4 |
| | | | | | Disabled password authentication for the users registered using omniauth-ultraauth strategy | ||||
* | Add no-tabs class and externalize strings | Martin Wortschack | 2019-05-27 | 1 | -1/+1 |
| | | | | | | | - Add .no-tabs to login-box - Externalize strings in common signup box - Leverage render_if_exists - Update PO file | ||||
* | Run rubocop -a on CE filessh-upgrade-rubocop-0.68.0-ce | Stan Hu | 2019-05-05 | 1 | -1/+0 |
| | |||||
* | Backport 'Update user name upon LDAP sync' from EE | Rémy Coutable | 2019-03-25 | 1 | -10/+7 |
| | | | | Signed-off-by: Rémy Coutable <remy@rymai.me> | ||||
* | Handle nil name in Gitlab::Auth::LDAP::Person#name | Rémy Coutable | 2019-03-20 | 1 | -1/+1 |
| | | | | Signed-off-by: Rémy Coutable <remy@rymai.me> | ||||
* | Adds the Rubocop ReturnNil cop | Andrew Newdigate | 2019-03-06 | 3 | -5/+5 |
| | | | | | This style change enforces `return if ...` instead of `return nil if ...` to save maintainers a few minor review points | ||||
* | Merge branch 'add_ldap_tls_options' into 'master' | Douwe Maan | 2019-03-05 | 1 | -15/+42 |
|\ | | | | | | | | | | | | | Allow raw `tls_options` to be passed in LDAP configuration Closes #46391 See merge request gitlab-org/gitlab-ce!20678 | ||||
| * | Allow raw `tls_options` to be passed in LDAP configuration | Drew Blessing | 2019-03-04 | 1 | -15/+42 |
| | | | | | | | | | | | | | | We've previously exposed ca_file and ssl_version but there are many possible options that can be used inside tls_options. Instead of exposing individual ones, simply expose the entire hash so it can be passed in and we won't have to add things in the future. | ||||
* | | Merge branch 'ce-security-jej/group-saml-link-origin-verification' into 'master' | Yorick Peterse | 2019-03-04 | 1 | -1/+5 |
|\ \ | |/ |/| | | | | | Ensure request to link GroupSAML acount was GitLab initiated See merge request gitlab/gitlabhq!2976 | ||||
| * | Backport EE GroupSAML origin verification changes | James Edwards-Jones | 2019-01-23 | 1 | -1/+5 |
| | | |||||
* | | Backport of ee/9235: Add LDAP integration to smartcard authentication | Imre Farkas | 2019-01-27 | 1 | -8/+11 |
| | | |||||
* | | Log admin status of user when OAuth::User is saved | Imre Farkas | 2019-01-23 | 1 | -1/+1 |
|/ | |||||
* | chore(rubocop): fix Style/TrivialAccessors issues | Semyon Pupkov | 2019-01-16 | 1 | -3/+1 |
| | |||||
* | Add config to disable impersonation | Imre Farkas | 2018-11-29 | 1 | -0/+3 |
| | | | | | | | | Adds gitlab.impersonation_enabled config option defaulting to true to keep the current default behaviour. Only the act of impersonation is modified, impersonation token management is not affected. | ||||
* | Merge branch 'security-fix-pat-web-access' into 'master' | Cindy Pallares | 2018-11-28 | 2 | -6/+47 |
| | | | | | [master] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request" See merge request gitlab/gitlabhq!2583 | ||||
* | Merge branch 'fix/allow-saml2-for-2fa-bypass' into 'master' | Douwe Maan | 2018-11-20 | 1 | -1/+1 |
|\ | | | | | | | | | saml/auth_hash: Allow 2FA bypass for SAML 2.0 responses See merge request gitlab-org/gitlab-ce!22568 | ||||
| * | saml/auth_hash: Allow 2FA bypass for SAML 2.0 responses | 115100 | 2018-10-25 | 1 | -1/+1 |
| | | | | | | | | Closes gitlab-org/gitlab-ce/#53102. | ||||
* | | Fix typos in comments and specs | George Tsiolis | 2018-11-01 | 1 | -1/+1 |
| | | |||||
* | | [master] Persist only SHA digest of PersonalAccessToken#token | Imre Farkas | 2018-10-29 | 1 | -3/+1 |
|/ | |||||
* | Enable some frozen string in lib/gitlab | gfyoung | 2018-10-13 | 29 | -1/+59 |
| | | | | | | | | | | | | | | Enable frozen string for the following files: * lib/gitlab/auth/**/*.rb * lib/gitlab/badge/**/*.rb * lib/gitlab/bare_repository_import/**/*.rb * lib/gitlab/bitbucket_import/**/*.rb * lib/gitlab/bitbucket_server_import/**/*.rb * lib/gitlab/cache/**/*.rb * lib/gitlab/checks/**/*.rb Partially addresses #47424. | ||||
* | Correct Gitlab Capitalization in code files | Marcel Amirault | 2018-09-21 | 1 | -3/+3 |
| | |||||
* | Disable existing offenses for the CodeReuse cops | Yorick Peterse | 2018-09-11 | 4 | -0/+10 |
| | | | | | This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. | ||||
* | Backport LDAP changes to CE | Douglas Barbosa Alexandre | 2018-08-23 | 1 | -10/+14 |
| | |||||
* | Fix broken Git over HTTP clones with LDAP users | Stan Hu | 2018-08-22 | 1 | -0/+1 |
| | | | | | | | | Due to a regression in !20608, the LDAP authenticator was not being used unless OmniAuth was enabled. This change allows the LDAP provider to be used if it is configured regardless of the OmniAuth setting. Closes #50579 | ||||
* | Improve blocked user tracking code readability | Grzegorz Bizon | 2018-08-03 | 1 | -1/+1 |
| | |||||
* | Remove an empty line from blocker user tracker class | Grzegorz Bizon | 2018-08-02 | 1 | -1/+0 |
| | |||||
* | Remove an empty line from the end of blocked_user_tracker.rb | Grzegorz Bizon | 2018-08-02 | 1 | -1/+1 |
| | |||||
* | Improve authentication events-related code readability | Grzegorz Bizon | 2018-08-01 | 1 | -1/+1 |
| | |||||
* | Simplify blocked user tracking during authentication | Grzegorz Bizon | 2018-08-01 | 2 | -47/+10 |
| | |||||
* | Improve blocked user tracking and fire some events only once | Grzegorz Bizon | 2018-08-01 | 1 | -2/+4 |
| | |||||
* | Merge branch 'feature/gb/login-activity-metrics' into 'master' | Sean McGivern | 2018-07-31 | 2 | -19/+117 |
|\ | | | | | | | | | | | | | Add user authentication activity metrics Closes #47789 See merge request gitlab-org/gitlab-ce!20668 | ||||
| * | Improve authentication activity code readability | Grzegorz Bizon | 2018-07-31 | 1 | -5/+5 |
| | | |||||
| * | Improve specs for blocked user tracker class | Grzegorz Bizon | 2018-07-27 | 1 | -19/+22 |
| | | |||||
| * | Add authentication metrics for sessionless sign in | Grzegorz Bizon | 2018-07-27 | 1 | -1/+5 |
| | | |||||
| * | Improve readability and move custom matchers to better place | Grzegorz Bizon | 2018-07-27 | 1 | -3/+1 |
| | | |||||
| * | Catch custom warden events too to increment metrics | Grzegorz Bizon | 2018-07-27 | 1 | -1/+0 |
| | | |||||
| * | Make authentication metrics events explicit is specs | Grzegorz Bizon | 2018-07-26 | 1 | -4/+4 |
| | | |||||
| * | Fix activity metric name that need to be symbolsfeature/gb/login-activity-metrics | Grzegorz Bizon | 2018-07-24 | 1 | -1/+1 |
| | | |||||
| * | Make it easier to stub authentication metrics | Grzegorz Bizon | 2018-07-23 | 1 | -11/+15 |
| | | |||||
| * | Track blocked users and two factor authentications | Grzegorz Bizon | 2018-07-23 | 1 | -6/+10 |
| | | |||||
| * | Refactor blocked user tracker class | Grzegorz Bizon | 2018-07-20 | 2 | -20/+41 |
| | | |||||
| * | Add custom expectations for authentication activity metrics | Grzegorz Bizon | 2018-07-20 | 1 | -2/+8 |
| | | |||||
| * | Rename authentication activity observer methods | Grzegorz Bizon | 2018-07-19 | 1 | -13/+3 |
| | | |||||
| * | Implement scaffold of authentication activity metrics | Grzegorz Bizon | 2018-07-17 | 1 | -0/+69 |
| | | |||||
* | | Disable SAML if OmniAuth is disabled48932-disable-saml-if-omniauth-is-disabled | Lin Jen-Shin | 2018-07-20 | 1 | -1/+1 |
|/ | | | | | We also try to unify the way we setup OmniAuth, and how we check if it's enabled or not. |