summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* ability to skip some items in backupbackup_skip_optionValery Sizov2015-04-022-15/+60
|
* Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhqMarin Jankovski2015-03-311-1/+1
|\
| * Merge branch 'no-chmod-r' into 'master'Dmitriy Zaporozhets2015-04-011-1/+1
| |\ | | | | | | | | | | | | | | | | | | | | | Don't use chmod_R for backup tars When creating backup tar files, only change permissions on the `db`, `uploads`, and `repositories` directories, not their contents. See https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/1716#note_40472 See merge request !1744
| | * Don't use chmod_R for backup tarsVinnie Okada2015-03-281-1/+1
| | | | | | | | | | | | | | | When creating backup tar files, only change permissions on the `db`, `uploads`, and `repositories` directories, not their contents.
* | | Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ceMarin Jankovski2015-03-312-16/+16
|\ \ \ | | | | | | | | | | | | | | | | Conflicts: lib/gitlab/markdown.rb
| * \ \ Merge branch 'group-information-leak' into 'master'Dmitriy Zaporozhets2015-04-011-1/+1
| |\ \ \ | | |/ / | |/| | | | | | | | | | | | | | Don't leak private group existence by redirecting from namespace controller to group controller. See merge request !440
| | * | Don't leak private group existence by redirecting from namespace controller ↵Douwe Maan2015-03-241-1/+1
| | | | | | | | | | | | | | | | to group controller.
| * | | Merge pull request #9023 from dantudor/patch-1Dmitriy Zaporozhets2015-03-311-3/+3
| |\ \ \ | | | | | | | | | | Allow ability to delete branches with '/` in name
| | * | | Added the missing commaDan Tudor2015-03-311-1/+1
| | | | |
| | * | | Allow ability to delete branches with '/` in nameDan Tudor2015-03-251-3/+3
| | | | |
* | | | | Merge branch 'email-full-url'Marin Jankovski2015-03-311-37/+53
|\ \ \ \ \ | |/ / / / |/| | | |
| * | | | Use relative URL for Markdown references, except in mails.email-full-urlDouwe Maan2015-03-271-37/+53
| | |_|/ | |/| |
* | | | Merge branch 'events-paginate' into 'master'Douwe Maan2015-03-301-1/+1
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | API: Events paginate Updated the api method for /project/:id/events, to use the paginate method instead of limiting and offsetting the recent events in the method itself. This will also change the first page to be 1 instead of 0, but using 0 will still work and will give back the first page. This also add's the link headers (next/first/last). See merge request !267
| * | | | Updated api method GET /projects/:id/events to use paginate instead of a ↵Stephan van Leeuwen2015-03-241-5/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | self-implementation Also updated example request url Added changelog item
* | | | | Include brakeman in rake testDmitriy Zaporozhets2015-03-291-0/+1
| | | | |
* | | | | properly paginate project events in APINihad Abbasov2015-03-291-4/+1
| |/ / / |/| | |
* | | | Merge branch 'backup-chdir' into 'master'Dmitriy Zaporozhets2015-03-261-7/+8
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change directory when removing old backups Fixes errors when deleting old backups in the `gitlab:backup:create` rake task. See #2177. See merge request !1740
| * | | | Change directory when removing old backupsVinnie Okada2015-03-241-7/+8
| | | | |
* | | | | Merge branch 'master' into 'master'Dmitriy Zaporozhets2015-03-261-2/+2
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change ordering so that confirm is removed from attrs before attempting to User.build_user Possible fix gitlab-org/gitlab-ce#1296 See merge request !445
| * | | | | Change ordering so that confirm is removed from attrs before attempting to ↵RICKETTM@uk.ibm.com2015-03-241-2/+2
| | |/ / / | |/| | | | | | | | | | | | | User.build_user
* | | | | Merge pull request #9021 from nicklegr/faster_auto_mergeDmitriy Zaporozhets2015-03-251-5/+1
|\ \ \ \ \ | | | | | | | | | | | | Faster merge request processing for large repository
| * | | | | Reset parking branch to HEAD everytimenicklegr2015-03-251-5/+1
| | |_|/ / | |/| | | | | | | | | | | | | * Reduces overhead of git checkout
* | | | | Merge pull request #8007 from mr-vinn/markdown-tagsDmitriy Zaporozhets2015-03-251-9/+25
|\ \ \ \ \ | | | | | | | | | | | | Allow HTML tags in user Markdown input
| * \ \ \ \ Merge branch 'master' into markdown-tagsVinnie Okada2015-03-248-60/+124
| |\ \ \ \ \ | | | |_|/ / | | |/| | |
| * | | | | Merge branch 'master' into markdown-tagsVinnie Okada2015-03-226-24/+38
| |\ \ \ \ \
| * | | | | | Fix SanitizationFilter bugsVinnie Okada2015-03-221-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Return a `SafeBuffer` instead of a `String` from the `#gfm_with_options` method so that Rails doesn't escape our markup. Also add `<span>` to the sanitization whitelist to avoid breaking syntax highlighting in code blocks.
| * | | | | | Merge branch 'master' into markdown-tagsVinnie Okada2015-03-218-33/+37
| |\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Merge updated CHANGELOG entries
| * | | | | | | Don't allow style attributes in inline HTMLVinnie Okada2015-03-211-1/+1
| | | | | | | |
| * | | | | | | Change HTML sanitizationVinnie Okada2015-03-191-13/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use the `SanitizationFilter` class from the html-pipeline gem for inline HTML instead of calling the Rails `sanitize` method.
| * | | | | | | Merge branch 'master' into markdown-tagsVinnie Okada2015-03-17111-786/+3129
| |\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | Use the latest HTML pipeline gem
| * | | | | | | | Allow HTML tags in user Markdown inputVinnie Okada2014-10-101-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow whitelisted tags to appear in rendered HTML output by disabling Redcarpet's `:filter_html` option.
* | | | | | | | | Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ceDmitriy Zaporozhets2015-03-255-6/+6
|\ \ \ \ \ \ \ \ \ | |_|_|_|_|_|/ / / |/| | | | | | | |
| * | | | | | | | Merge branch 'more-rubocop-styles' into 'master'Dmitriy Zaporozhets2015-03-255-6/+6
| |\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | More rubocop styles See merge request !449
| | * | | | | | | | Style/RedundantReturn enabledmore-rubocop-stylesDmitriy Zaporozhets2015-03-243-4/+4
| | | | | | | | | |
| | * | | | | | | | Enable more rubocop style checksDmitriy Zaporozhets2015-03-242-3/+3
| | | |_|_|_|/ / / | | |/| | | | | |
* | | | | | | | | Merge pull request #8988 from atomaka/atomaka/bugfix/gitlab-shell-taskRobert Schilling2015-03-251-0/+1
|\ \ \ \ \ \ \ \ \ | |/ / / / / / / / |/| | | | | | | | Fix GitLab shell setup spacing
| * | | | | | | | Fix newline spacing after authorized_keys rebuildAndrew Tomaka2015-03-201-0/+1
| | |_|_|/ / / / | |/| | | | | |
* | | | | | | | Merge branch 'api-internal-errors' into 'master'Dmitriy Zaporozhets2015-03-255-68/+105
|\ \ \ \ \ \ \ \ | |_|/ / / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Respond with full GitAccess error if user has project read access. Should help with debugging #1236. cc @marin See merge request !437
| * | | | | | | Respond with full GitAccess error if user has project read access.api-internal-errorsDouwe Maan2015-03-241-1/+1
| | | | | | | |
| * | | | | | | Refactor GitAccess to use instance variables.Douwe Maan2015-03-245-67/+104
| | |_|_|_|_|/ | |/| | | | |
* | | | | | | Merge pull request #9012 from dantudor/patch-1Dmitriy Zaporozhets2015-03-241-1/+2
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Unescape branch param to delete
| * | | | | | | Unescape branch param to deleteDan Tudor2015-03-241-1/+2
| | |_|_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | Branch names that contain `/` return a 405 error when being deleted because the slash is escaped to `%2F` This patch will unescape the param prior to executing the delete action.
* | | | | | | Merge branch 'git-auth-rack-attack-improvements' into 'master'Dmitriy Zaporozhets2015-03-242-14/+62
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reduce Rack Attack false positives causing 403 errors during HTTP authentication ### What does this MR do? This MR reduces false positives causing `403 Forbidden` messages after HTTP authentication. A Git client may attempt to access a repository without a password. If it receives a 401 error, the client often will try again, this time supplying a password. The problem is that `grack_auth.rb` considers a blank password an authentication failure and increases a Redis counter each time this happens. With enough requests, an IP can be banned temporarily even though previous attempts may have been successful. This leads users to see `403 Forbidden` errors until the ban times out (default: 1 hour). To reduce the chance of a false positive, this MR resets the counter upon a successful authentication from an IP. In addition, this MR logs when a user has been banned and introduces the ability to disable Rack Attack via a config variable. ### Are there points in the code the reviewer needs to double check? rack-attack v4.2.0 doesn't support the ability to clear counters out of the box, so `rack_attack_helpers.rb` includes a number of monkey patches to make it work. It looks like this functionality may be added in v4.3.0. I've also sent pull requests to rack-attack to add the functionality necessary to delete a key. Each time an authentication is successful, the Redis counter for that IP is cleared. I deemed it better to clear the counter than to allow for blank passwords, since the latter seems like a security risk. ### Why was this MR needed? It was quite difficult to figure out why users were seeing `403 Forbidden`, which is why the log message was added. Users were getting a lot of false positives when accessing repositories with HTTPS. Including the username in the HTTPS URL (e.g. `https://username@mydomain.com/account/repo.git`) caused authentication failures because while the git client provided the username, it left the password blank, leading to an authentication failure. ### What are the relevant issue numbers / [Feature requests](http://feedback.gitlab.com/)? See Issue #1171 https://github.com/kickstarter/rack-attack/issues/113 See merge request !392
| * | | | | | | Reduce Rack Attack false positives by clearing out auth failure count uponStan Hu2015-03-242-14/+62
| |/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | successful Git over HTTP authentication. Add logging when a ban goes into effect for debugging. Issue #1171
* | | | | | | Merge branch 'fix-nested-tasks' into 'master'Dmitriy Zaporozhets2015-03-241-2/+3
|\ \ \ \ \ \ \ | |/ / / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix nested task lists When nesting task list items, the parent item is wrapped in a `<p>` tag. Update the task list parser to handle these paragraph wrappers. cc @sytse See merge request !413
| * | | | | | Fix nested task listsVinnie Okada2015-03-211-2/+3
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | When nesting task list items, the parent item is wrapped in a `<p>` tag. Update the task list parser to handle these paragraph wrappers.
* | | | | | Merge branch 'notes-count-without-system' into 'master'Dmitriy Zaporozhets2015-03-241-1/+1
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Don't include system notes in issue/MR comment count. Addresses private issue https://dev.gitlab.org/gitlab/gitlabhq/issues/2163. See merge request !430
| * | | | | Don't include system notes in issue/MR comment count.notes-count-without-systemDouwe Maan2015-03-231-1/+1
| | |_|_|/ | |/| | |
* | | | | Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ceDmitriy Zaporozhets2015-03-232-41/+56
|\ \ \ \ \
| * \ \ \ \ Merge branch 'improve-contributions-calendar' into 'master'Dmitriy Zaporozhets2015-03-232-41/+56
| |\ \ \ \ \ | | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Replace commits calendar with contributions calendar * count opening of issues and merge requests * dont trigger git repository - use events from database * count pushes instead of commits for faster and easier counting * much-much faster since does not affected by repository size See merge request !420
View Lorry Controller Status