summaryrefslogtreecommitdiff
path: root/spec/controllers
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'security-bypass-email-verification-using-salesforce' into ↵GitLab Release Tools Bot2019-09-261-9/+37
|\ | | | | | | | | | | | | '12-3-stable' Prevent Bypassing Email Verification using Salesforce See merge request gitlab/gitlabhq!3395
| * Add checking for email_verified keyMałgorzata Ksionek2019-09-231-9/+37
| | | | | | | | | | | | | | | | | | | | | | | | Fix rubocop offences and add changelog Add email_verified key for feature specs Add code review remarks Add code review remarks Fix specs
* | Merge branch 'security-sarcila-verify-saml-request-origin-12-3' into ↵GitLab Release Tools Bot2019-09-261-11/+47
|\ \ | | | | | | | | | | | | | | | | | | '12-3-stable' Check that SAML identity linking validates the origin of the request See merge request gitlab/gitlabhq!3396
| * | Validate that SAML requests are originated from gitlabSebastian Arcila Valenzuela2019-09-201-11/+47
| |/ | | | | | | | | | | | | | | If the request wasn't initiated by gitlab we shouldn't add the new identity to the user, and instead show that we weren't able to link the identity to the user. This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/56509
* | Merge branch ↵GitLab Release Tools Bot2019-09-261-0/+41
|\ \ | | | | | | | | | | | | | | | | | | 'security-12717-fix-confidential-issue-assignee-visible-to-guests-12-3' into '12-3-stable' Display only participants that user has permission to see See merge request gitlab/gitlabhq!3421
| * | Display only participants that user has permission to seeAlexandru Croitor2019-09-231-0/+41
| |/
* | Merge branch 'security-64938-dont-disclose-path-12-3-ce' into '12-3-stable'GitLab Release Tools Bot2019-09-261-0/+29
|\ \ | | | | | | | | | | | | Redirect user to root path after unsubscribing from private resource See merge request gitlab/gitlabhq!3423
| * | Redirect user to root path after unsubscribing from private resourceAlexandru Croitor2019-09-231-0/+29
| |/ | | | | | | | | | | | | | | If user unsubsrcribes from a resource that they no longer have access to they should not be revealed the resource path, but be redirected to app root instead. https://gitlab.com/gitlab-org/gitlab-ce/issues/64938
* | Merge branch ↵GitLab Release Tools Bot2019-09-261-2/+69
|\ \ | | | | | | | | | | | | | | | | | | 'security-12718-project-milestones-disclosed-via-groups-12-3-ce' into '12-3-stable' Hide disabled project milestones in project settings on group level See merge request gitlab/gitlabhq!3424
| * | Hide disabled project milestones in project settings on group levelAlexandru Croitor2019-09-231-2/+69
| |/
* | Add latest changes from gitlab-org/gitlab@12-3-stable-eeGitLab Bot2019-09-241-2/+2
|/
* Add latest changes from gitlab-org/gitlab@12-3-stableGitLab Bot2019-09-204-165/+10
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-09-191-6/+14
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-09-181-2/+109
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-09-181-2/+2
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-09-187-5/+73
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-09-173-3/+0
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-09-161-26/+1
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-09-161-3/+3
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-09-161-7/+31
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-09-161-0/+25
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-09-161-0/+34
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-09-131-3/+5
|
* Merge branch 'static-objects-external-storage' into 'master'Thong Kuah2019-09-112-0/+150
|\ | | | | | | | | Enable serving static objects from an external storage See merge request gitlab-org/gitlab-ce!31025
| * Enable serving static objects from an external storagestatic-objects-external-storageAhmad Sherif2019-09-102-0/+150
| | | | | | | | | | | | | | | | | | | | It consists of two parts: 1. Redirecting users to the configured external storage 1. Allowing the external storage to request the static object(s) on behalf of the user by means of specific tokens Part of https://gitlab.com/gitlab-com/gl-infra/infrastructure/issues/6829
* | Merge branch 'sh-fix-oauth-application-page' into 'master'Rémy Coutable2019-09-111-0/+10
|\ \ | | | | | | | | | | | | | | | | | | Optimize /admin/applications so that it does not timeout Closes #67228 See merge request gitlab-org/gitlab-ce!32852
| * | Optimize /admin/applications so that it does not timeoutsh-fix-oauth-application-pageStan Hu2019-09-091-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On our dev instance, /admin/applications as not loading because: 1. There was an unindexed query by `application_id`. 2. There was an expensive query that attempted to load 1 million unique entries via ActiveRecord just to find the unique count. We fix the first issue by adding an index for that column. We fix the second issue with a simple SELECT COUNT(DISTINCT resource_owner_id) SQL query. In addition, we add pagination to avoid loading more than 20 applications at once. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/67228
* | | Merge branch '65988-optimize-snippet-listings' into 'master'Thong Kuah2019-09-116-89/+66
|\ \ \ | | | | | | | | | | | | | | | | Optimize queries for snippet listings See merge request gitlab-org/gitlab-ce!32576
| * | | Add controller concern for paginated collections65988-optimize-snippet-listingsMarkus Koller2019-09-106-89/+66
| |/ / | | | | | | | | | | | | | | | We had similar code in a few places to redirect to the last page if the given page number is out of range. This unifies the handling in a new controller concern and adds usage of it in all snippet listings.
* | | Merge remote-tracking branch 'origin/master' into ↵Douglas Barbosa Alexandre2019-09-095-60/+151
|\ \ \ | |/ / | | | | | | camilstaps/gitlab-ce-new-66023-public-private-fork-counts
| * | Create new feature flagged UI for cloud providersEnrique Alcántara2019-09-093-6/+55
| | | | | | | | | | | | | | | | | | | | | - Create HAML UI select a cloud provider to create a cluster. - Add query param to :new cluster view to display a specific cluster provider form depending on the value of the provider query param. - Update unit tests and e2e tests to reflect these changes
| * | Expose update project service JSON endpointPeter Leitzen2019-09-091-42/+88
| | | | | | | | | | | | | | | Utilize `json_fields` to expose fields via `Service#as_json(only: json_fields)`.
| * | Merge branch 'sh-fix-captcha-state-pollution-spec' into 'master'Mayra Cabrera2019-09-061-7/+1
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | Fix order-dependent spec failures with reCAPTCHA Closes #67133 See merge request gitlab-org/gitlab-ce!32771
| | * | Fix order-dependent spec failures with reCAPTCHAsh-fix-captcha-state-pollution-specStan Hu2019-09-061-7/+1
| | |/ | | | | | | | | | | | | | | | | | | | | | spec/controllers/registrations_controller_spec.rb polluted the test environment by changing the Recaptcha configuration. We now stub the controller's `verify_recaptcha` method instead of doing that. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/67133
| * | Fix global state in registrations_controller_specfix-captcha-spec-stateYorick Peterse2019-09-051-5/+7
| |/ | | | | | | | | | | | | | | This spec would mess with global state used for captchas, but not reset the state in all cases. This would then lead to the spec spec/controllers/snippets_controller_spec.rb failing, but only on a fork of gitlab-ee. To fix this we ensure the state is properly reset after running the specs that change this state.
* | Fix public/private/internal fork countsCamil Staps2019-09-061-4/+57
|/
* Merge branch '66741-remove-spec-rails_helper-rb' into 'master'Grzegorz Bizon2019-09-032-2/+2
|\ | | | | | | | | | | | | Remove spec/rails_helper.rb Closes #66741 See merge request gitlab-org/gitlab-ce!32380
| * Replace rails_helper.rb with spec_helper.rb66741-remove-spec-rails_helper-rbAsh McKenzie2019-08-302-2/+2
| | | | | | | | | | rails_helper.rb's only logic was to require spec_helper.rb.
* | Creates Feature Flag for job logFilipa Lacerda2019-08-301-0/+1
| | | | | | | | | | Updates frontend code and specs to allow for the new feature flag
* | Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhqRobert Speicher2019-08-296-139/+598
|\ \
| * \ Merge branch 'security-2853-prevent-comments-on-private-mrs' into 'master'GitLab Release Tools Bot2019-08-291-71/+240
| |\ \ | | | | | | | | | | | | | | | | Ensure only authorised users can create notes on merge requests and issues See merge request gitlab/gitlabhq!3137
| | * | Prevent unauthorised comments on merge requestsAlex Kalderimis2019-08-071-71/+240
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Prevent creating notes on inaccessible MRs This applies the notes rules at the MR scope. Rather than adding extra rules to the Project level policy, preventing :create_note here is better since it only prevents creating notes on MRs. * Prevent creating notes in inaccessible Issues without this policy, non-team-members are allowed to comment on issues even when the project has the private-issues policy set. This means that without this change, users are allowed to comment on issues that they cannot read. * Add CHANGELOG entry
| * | | Merge branch 'security-personal-snippets' into 'master'GitLab Release Tools Bot2019-08-291-0/+18
| |\ \ \ | | | | | | | | | | | | | | | | | | | | Add direct upload support for personal snippets See merge request gitlab/gitlabhq!3226
| | * | | Add direct upload support for personal snippetsJan Provaznik2019-08-231-0/+18
| | | | |
| * | | | Merge branch 'security-fix_jira_ssrf_vulnerability' into 'master'GitLab Release Tools Bot2019-08-291-0/+5
| |\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Fix DNS rebind vulnerability for JIRA integration See merge request gitlab/gitlabhq!3266
| | * | | | Fix DNS rebind vulnerability for JIRA integrationFelipe Artur2019-08-081-0/+5
| | | |/ / | | |/| | | | | | | | | | | | | | | | | Uses Gitlab::HTTP for JIRA requests instead of Net::Http. Gitlab::Http comes with some built in SSRF protections.
| * | | | Merge branch 'security-59549-add-capcha-for-failed-logins' into 'master'GitLab Release Tools Bot2019-08-291-18/+90
| |\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Require a captcha after unique failed logins from the same IP See merge request gitlab/gitlabhq!3270
| | * | | | Add captcha if there are multiple failed login attemptsMałgorzata Ksionek2019-07-311-18/+90
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add method to store session ids by ip Add new specs for storing session ids Add cleaning up records after login Add retrieving anonymous sessions Add login recaptcha setting Add new setting to sessions controller Add conditions for showing captcha Add sessions controller specs Add admin settings specs for login protection Add new settings to api Add stub to devise spec Add new translation key Add cr remarks Rename class call Add cr remarks Change if-clause for consistency Add cr remarks Add code review remarks Refactor AnonymousSession class Add changelog entry Move AnonymousSession class to lib Move store unauthenticated sessions to sessions controller Move link to recaptcha info Regenerate text file Improve copy on the spam page Change action filter for storing anonymous sessions Fix rubocop offences Add code review remarks
| * | | | | Merge branch 'security-mr-head-pipeline-leak' into 'master'GitLab Release Tools Bot2019-08-291-4/+26
| |\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | Permission fix for MergeRequestsController#pipeline_status See merge request gitlab/gitlabhq!3274
| | * | | | | Permission fix for MergeRequestsController#pipeline_statusdrew cimino2019-08-121-4/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Use set_pipeline_variables to filter for visible pipelines - Mimic response of nonexistent pipeline if not found - Provide set_pipeline_variables as a before_filter for other actions
View Lorry Controller Status