Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Refactor `have_http_status` into `have_gitlab_http_status` in the specs | Jacopo | 2017-10-20 | 1 | -3/+3 |
| | |||||
* | Correct RSpec/SingleLineHook cop offenses | Robert Speicher | 2017-06-14 | 1 | -3/+1 |
| | |||||
* | Merge branch '29903-remove-user-is-admin-flag-from-api' into 'master' | Sean McGivern | 2017-04-25 | 1 | -0/+6 |
|\ | | | | | | | | | | | | | Don't display the `is_admin?` flag for user API responses Closes #29903 See merge request !10846 | ||||
| * | Don't display the `is_admin?` flag for user API responses. | Timothy Andrew | 2017-04-25 | 1 | -0/+6 |
| | | | | | | | | | | | | | | | | | | | | | | - To prevent an attacker from enumerating the `/users` API to get a list of all the admins. - Display the `is_admin?` flag wherever we display the `private_token` - at the moment, there are two instances: - When an admin uses `sudo` to view the `/user` endpoint - When logging in using the `/session` endpoint | ||||
* | | Unnecessary "include WaitForAjax" and "include ApiHelpers" | Jacopo | 2017-04-21 | 1 | -3/+1 |
|/ | | | | | Removed all the unnecessary include of `WaitForAjax` and `ApiHelpers` in the specs. Removed unnecessary usage of `api:true` | ||||
* | Changed API spec files to describe the correct class | Livier | 2016-11-28 | 1 | -1/+1 |
| | | | | | | | | Restore changes for api spec files Fix error in rspec Users Delete extra space Repositories-spec | ||||
* | adds second batch of tests changed to active tenseactive-tense-test-coverage | tiagonbotelho | 2016-08-09 | 1 | -3/+3 |
| | |||||
* | Use HTTP matchers if possible | Z.J. van de Weg | 2016-06-27 | 1 | -3/+3 |
| | |||||
* | Add API method for get user by ID of an SSH key | Artem V. Navrotskiy | 2015-09-03 | 1 | -0/+39 |