An error occurred fetching the project authors.
  1. 21 Jun, 2016 1 commit
  2. 20 Jun, 2016 1 commit
  3. 19 Jun, 2016 1 commit
  4. 18 Jun, 2016 1 commit
  5. 17 Jun, 2016 3 commits
  6. 16 Jun, 2016 3 commits
  7. 15 Jun, 2016 9 commits
  8. 09 Jun, 2016 1 commit
  9. 08 Jun, 2016 1 commit
  10. 06 Jun, 2016 1 commit
  11. 05 Jun, 2016 1 commit
  12. 03 Jun, 2016 1 commit
  13. 02 Jun, 2016 2 commits
  14. 01 Jun, 2016 1 commit
  15. 29 May, 2016 1 commit
  16. 26 May, 2016 1 commit
  17. 25 May, 2016 2 commits
  18. 24 May, 2016 1 commit
  19. 23 May, 2016 2 commits
  20. 21 May, 2016 2 commits
    • Yorick Peterse's avatar
      Removed "unreleased" from 8.8.0 EE · 72eb0030
      Yorick Peterse authored
      72eb0030
    • Gabriel Mazetto's avatar
      Merge branch 'feature/geo-single-signout' into 'master' · 031c003a
      Gabriel Mazetto authored
      Geo: Single Sign Out
      
      Implements Single Sign Out for Geo (#76).
      
      Initial proposal was to generate a hash based on the `access_token`, but that created a O(N) cost against a desirable O(1), as a new `access_token` is generated for each new login. To overcome that cost we would need to send a "public identifier" to help retrieve the correct `access_token` and provide that during login process.
      
      This is also how most Single Sign On implementations works (they provide some sort of session_id, that we notify every node to invalidate, during sign out process).
      
      As I don't want to modify our OAuth table (that is managed by doorkeeper) nor change the way our login process work, the solution is to encrypt the `access_token` using a symmetric key known by both nodes, and expire the `access_token` after the logout to prevent replay attacks (otherwise we would need to send a `nounce` and store that on primary). 
      
      The key is based on `Gitlab::Application.secrets.db_key_base` which we already use to encrypt database attributes and is synced between both nodes. We communicate sending a `state` parameter which is known terminology in OAuth protocol.
      
      Although this is implemented with Geo only in mind, we can backport to CE (with minimal changes) and provide as a "non-standard" way of single sign off for applications that integrate with GitLab.
      
      Fixes #522 
      
      See merge request !380
      031c003a
  21. 20 May, 2016 2 commits
  22. 18 May, 2016 2 commits