| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|\ |
|
| |\
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Don't use chmod_R for backup tars
When creating backup tar files, only change permissions on the `db`, `uploads`, and `repositories` directories, not their contents. See https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/1716#note_40472
See merge request !1744
|
| | |
| | |
| | |
| | |
| | | |
When creating backup tar files, only change permissions on the `db`,
`uploads`, and `repositories` directories, not their contents.
|
|\ \ \
| | | |
| | | |
| | | |
| | | | |
Conflicts:
lib/gitlab/markdown.rb
|
| |\ \ \
| | |/ /
| |/| |
| | | |
| | | |
| | | | |
Don't leak private group existence by redirecting from namespace controller to group controller.
See merge request !440
|
| | | |
| | | |
| | | |
| | | | |
to group controller.
|
| |\ \ \
| | | | |
| | | | | |
Allow ability to delete branches with '/` in name
|
| | | | | |
|
| | | | | |
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
|
| | |_|/
| |/| | |
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
API: Events paginate
Updated the api method for /project/:id/events, to use the paginate method instead of limiting and offsetting the recent events in the method itself.
This will also change the first page to be 1 instead of 0, but using 0 will still work and will give back the first page.
This also add's the link headers (next/first/last).
See merge request !267
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
self-implementation
Also updated example request url
Added changelog item
|
| | | | | |
|
| |/ / /
|/| | | |
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Change directory when removing old backups
Fixes errors when deleting old backups in the `gitlab:backup:create` rake task. See #2177.
See merge request !1740
|
| | | | | |
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Change ordering so that confirm is removed from attrs before attempting to User.build_user
Possible fix gitlab-org/gitlab-ce#1296
See merge request !445
|
| | |/ / /
| |/| | |
| | | | |
| | | | | |
User.build_user
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Faster merge request processing for large repository
|
| | |_|/ /
| |/| | |
| | | | |
| | | | | |
* Reduces overhead of git checkout
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Allow HTML tags in user Markdown input
|
| |\ \ \ \ \
| | | |_|/ /
| | |/| | | |
|
| |\ \ \ \ \ |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Return a `SafeBuffer` instead of a `String` from the `#gfm_with_options`
method so that Rails doesn't escape our markup.
Also add `<span>` to the sanitization whitelist to avoid breaking syntax
highlighting in code blocks.
|
| |\ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Merge updated CHANGELOG entries
|
| | | | | | | | |
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Use the `SanitizationFilter` class from the html-pipeline gem for inline
HTML instead of calling the Rails `sanitize` method.
|
| |\ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Use the latest HTML pipeline gem
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Allow whitelisted tags to appear in rendered HTML output by disabling
Redcarpet's `:filter_html` option.
|
|\ \ \ \ \ \ \ \ \
| |_|_|_|_|_|/ / /
|/| | | | | | | | |
|
| |\ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
More rubocop styles
See merge request !449
|
| | | | | | | | | | |
|
| | | |_|_|_|/ / /
| | |/| | | | | | |
|
|\ \ \ \ \ \ \ \ \
| |/ / / / / / / /
|/| | | | | | | | |
Fix GitLab shell setup spacing
|
| | |_|_|/ / / /
| |/| | | | | | |
|
|\ \ \ \ \ \ \ \
| |_|/ / / / / /
|/| | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Respond with full GitAccess error if user has project read access.
Should help with debugging #1236.
cc @marin
See merge request !437
|
| | | | | | | | |
|
| | |_|_|_|_|/
| |/| | | | | |
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Unescape branch param to delete
|
| | |_|_|_|_|/
| |/| | | | |
| | | | | | |
| | | | | | | |
Branch names that contain `/` return a 405 error when being deleted because the slash is escaped to `%2F`
This patch will unescape the param prior to executing the delete action.
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Reduce Rack Attack false positives causing 403 errors during HTTP authentication
### What does this MR do?
This MR reduces false positives causing `403 Forbidden` messages after HTTP authentication.
A Git client may attempt to access a repository without a password. If it receives a 401 error, the client often will try again, this time supplying a password. The problem is that `grack_auth.rb` considers a blank password an authentication failure and increases a Redis counter each time this happens. With enough requests, an IP can be banned temporarily even though previous attempts may have been successful. This leads users to see `403 Forbidden` errors until the ban times out (default: 1 hour).
To reduce the chance of a false positive, this MR resets the counter upon a successful authentication from an IP.
In addition, this MR logs when a user has been banned and introduces the ability to disable Rack Attack via a config variable.
### Are there points in the code the reviewer needs to double check?
rack-attack v4.2.0 doesn't support the ability to clear counters out of the box, so `rack_attack_helpers.rb` includes a number of monkey patches to make it work. It looks like this functionality may be added in v4.3.0. I've also sent pull requests to rack-attack to add the functionality necessary to delete a key.
Each time an authentication is successful, the Redis counter for that IP is cleared. I deemed it better to clear the counter than to allow for blank passwords, since the latter seems like a security risk.
### Why was this MR needed?
It was quite difficult to figure out why users were seeing `403 Forbidden`, which is why the log message was added. Users were getting a lot of false positives when accessing repositories with HTTPS. Including the username in the HTTPS URL (e.g. `https://username@mydomain.com/account/repo.git`) caused authentication failures because while the git client provided the username, it left the password blank, leading to an authentication failure.
### What are the relevant issue numbers / [Feature requests](http://feedback.gitlab.com/)?
See Issue #1171
https://github.com/kickstarter/rack-attack/issues/113
See merge request !392
|
| |/ / / / / /
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
successful Git over HTTP authentication.
Add logging when a ban goes into effect for debugging.
Issue #1171
|
|\ \ \ \ \ \ \
| |/ / / / / /
|/| | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Fix nested task lists
When nesting task list items, the parent item is wrapped in a `<p>` tag. Update the task list parser to handle these paragraph wrappers.
cc @sytse
See merge request !413
|
| | |/ / / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | | |
When nesting task list items, the parent item is wrapped in a `<p>` tag.
Update the task list parser to handle these paragraph wrappers.
|
|\ \ \ \ \ \
| |_|/ / / /
|/| | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Don't include system notes in issue/MR comment count.
Addresses private issue https://dev.gitlab.org/gitlab/gitlabhq/issues/2163.
See merge request !430
|
| | |_|_|/
| |/| | | |
|
|\ \ \ \ \ |
|
| |\ \ \ \ \
| | |/ / / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Replace commits calendar with contributions calendar
* count opening of issues and merge requests
* dont trigger git repository - use events from database
* count pushes instead of commits for faster and easier counting
* much-much faster since does not affected by repository size
See merge request !420
|