- 06 Jul, 2017 2 commits
-
-
Timothy Andrew authored
- There was previously a test for `saml` login in `login_spec`, but this didn't seem to be passing. A lot of things didn't seem right here, and I suspect that this test hasn't been running. I'll investigate this further. - It took almost a whole working day to figure out this line: OmniAuth.config.full_host = ->(request) { request['REQUEST_URI'].sub(request['REQUEST_PATH'], '') } As always, it's obvious in retrospect, but it took some digging to figure out tests were failing and returning 404s during the callback phase. - Test all OAuth providers - github, twitter, bitbucket, gitlab, google, and facebook
-
Timothy Andrew authored
- Pass a `remember_me` query parameter along with the initial OAuth request, and pick this parameter up during the omniauth callback from request.env['omniauth.params']`. - For 2FA-based login, copy the `remember_me` param from `omniauth.params` to `params`, which the 2FA process will pick up. - For non-2FA-based login, simply call the `remember_me` devise method to set the session cookie.
-
- 05 Jul, 2017 31 commits
-
-
Sean McGivern authored
[EE] Create and use project path helpers that only need a project, no namespace See merge request !2336
-
Robert Speicher authored
[EE] Disable RSpec/BeforeAfterAll and enable RSpec/ImplicitExpect cops See merge request !2305
-
Douwe Maan authored
-
Douwe Maan authored
-
Sean McGivern authored
Geo: Migrated checks to SystemChecks See merge request !2331
-
James Edwards-Jones authored
[ci skip]
-
James Edwards-Jones authored
[ci skip]
-
Sean McGivern authored
Use trigger(:click) instead of trigger to avoid a weird transient bug Closes #2843 See merge request !2340
-
Douwe Maan authored
Environment-specific variables Closes #2302 See merge request !2112
-
Douwe Maan authored
Revert "Merge branch '18000-remember-me-for-oauth-login-ee' into 'master'" See merge request !2345
-
Douwe Maan authored
Add a license check for group-webhooks Closes #2576 See merge request !2280
-
Sean McGivern authored
This reverts merge request !2175
-
Sean McGivern authored
Fix spec failure for squash in progress error handling See merge request !2343
-
Annabel Dunstone Gray authored
Fixed admin sidebar not showing all options in new navigation See merge request !2334
-
Annabel Dunstone Gray authored
Port of 32838-admin-panel-spacing to EE See merge request !2264
-
Gabriel Mazetto authored
-
Annabel Dunstone Gray authored
Show loading icon when retrieving Geo node status Closes #1977 See merge request !2309
-
Douwe Maan authored
Resolve EE conflicts for "Fix API Scoping" See merge request !2338
-
Toon Claes authored
-
Bob Van Landuyt authored
Similar to how we check project features.
-
Bob Van Landuyt authored
-
Bob Van Landuyt authored
- Hide the `webhooks` link from the group-settings page - All group-webhooks-pages render a 404 - Don't execute webhooks if the feature is disabled
-
Bob Van Landuyt authored
-
Sean McGivern authored
EE Port: Honor the "Remember me" parameter for OAuth-based login See merge request !2175
-
James Edwards-Jones authored
-
Rémy Coutable authored
Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Lin Jen-Shin authored
-
Lin Jen-Shin authored
-
Lin Jen-Shin authored
* ee/master: (25 commits) Introduce namespace license checks for Push Rules (EES) Use a named subject in `models/ee/board_spec.rb` Hide the milestone variable on board when the feature is disabled Hide the milestone in the API when the feature is not available Don't update milestones on boards if the feature is not available Hide editing/creating milestones from the board UI Add `issue_board_milestone` feature to license Split Projects:Settings::RepositoryController into CE and EE sections Refactor Projects::CreateService and specs to make EE-only code clearer Fix EE conflicts for "Allow unauthenticated access to the `/api/v4/users` API" Introduce namespace license checks for merge request approvers (EES) Remove an unnecessary "included do ... end" block in app/models/concerns/approvable.rb Raise an error if an unknown feature is passed to stub_licensed_features Don't show Issue/MR template Setting if feature not available Only set MR description from template when feature available Only set issues template from setting if feature available Add Issuable Default Template feature to License Update CHANGELOG.md for 9.3.4 Update CHANGELOG-EE.md for 9.3.4-ee Hide `Focus mode` on issue boards ...
-
Lin Jen-Shin authored
-
Timothy Andrew authored
- There were conflicting changes in `master` that were fixed in 94258a65. This made rebasing the commits from gitlab-ce!12300 problematic, due to conflicts. - Instead, I squashed all !12300 commits into a single commit, and cherry-picked that onto 33580-fix-api-scoping-ee, which resulted in this commit. Original commit messages below ============================== Initial attempt at refactoring API scope declarations. - Declaring an endpoint's scopes in a `before` block has proved to be unreliable. For example, if we're accessing the `API::Users` endpoint - code in a `before` block in `API::API` wouldn't be able to see the scopes set in `API::Users` since the `API::API` `before` block runs first. - This commit moves these declarations to the class level, since they don't need to change once set. Allow API scope declarations to be applied conditionally. - Scope declarations of the form: allow_access_with_scope :read_user, if: -> (request) { request.get? } will only apply for `GET` requests - Add a negative test to a `POST` endpoint in the `users` API to test this. Also test for this case in the `AccessTokenValidationService` unit tests. Test `/users` endpoints for the `read_user` scope. - Test `GET` endpoints to check that the scope is allowed. - Test `POST` endpoints to check that the scope is disallowed. - Test both `v3` and `v4` endpoints. When verifying scopes, manually include scopes from `API::API`. - They are not included automatically since `API::Users` does not inherit from `API::API`, as I initially assumed. - Scopes declared in `API::API` are considered global (to the API), and need to be included in all cases. Test OAuth token scope verification in the `API::Users` endpoint Add CHANGELOG entry for CE MR 12300 Fix remaining spec failures for !12300. 1. Get the spec for `lib/gitlab/auth.rb` passing. - Make the `request` argument to `AccessTokenValidationService` optional - `auth.rb` doesn't need to pass in a request. - Pass in scopes in the format `[{ name: 'api' }]` rather than `['api']`, which is what `AccessTokenValidationService` now expects. 2. Get the spec for `API::V3::Users` passing 2. Get the spec for `AccessTokenValidationService` passing Implement review comments from @dbalexandre for !12300. Implement review comments from @DouweM for !12300. - Use a struct for scopes, so we can call `scope.if` instead of `scope[:if]` - Refactor the "remove scopes whose :if condition returns false" logic to use a `select` rather than a `reject`. Extract a `Gitlab::Scope` class. - To represent an authorization scope, such as `api` or `read_user` - This is a better abstraction than the hash we were previously using. `AccessTokenValidationService` accepts `String` or `API::Scope` scopes. - There's no need to use `API::Scope` for scopes that don't have `if` conditions, such as in `lib/gitlab/auth.rb`. Fix build for !12300. - The `/users` and `/users/:id` APIs are now accessible without authentication (!12445), and so scopes are not relevant for these endpoints. - Previously, we were testing our scope declaration against these two methods. This commit moves these tests to other `GET` user endpoints which still require authentication.
-
- 04 Jul, 2017 7 commits
-
-
Douwe Maan authored
Check license for milestones on issue boards Closes #2568 See merge request !2315
-
Douwe Maan authored
Introduce namespace license checks for Push Rules (EES) Closes #2573 See merge request !2335
-
Marcia Ramos authored
Clarify when Code Quality shows in MR widget Closes #2782 See merge request !2298
-
Douwe Maan authored
Namespace license checks Issue & MR template Closes #2580 See merge request !2321
-
Nick Thomas authored
-
Bob Van Landuyt authored
-
Bob Van Landuyt authored
And separate EE/CE for board.rb
-