An error occurred fetching the project authors.
- 06 Aug, 2020 1 commit
-
-
Nick Thomas authored
This reverts commit c6ed8073.
-
- 02 Jul, 2020 1 commit
-
-
George Koltsov authored
- No matter which language was selected, Profile Applications page was always displaying the page in English. This change fixes i18n to make sure page is displayed in user's locale.
-
- 03 Jun, 2020 1 commit
-
-
Arturo Herrero authored
The plan for RSpec 4.0 is to disable monkey patching: https://rspec.info/blog/2013/07/the-plan-for-rspec-3/#zero-monkey-patching-mode This commit stops using RSpec monkey patching: https://relishapp.com/rspec/rspec-core/docs/configuration/zero-monkey-patching-mode
-
- 22 May, 2020 1 commit
-
-
Kartikey Tanna authored
-
- 19 May, 2020 1 commit
-
-
Sean Arnold authored
Time.at => Time.zone.at Time.parse => Time.zone.parse Time.new => Time.zone.local
-
- 15 May, 2020 2 commits
-
-
Bob Van Landuyt authored
This logs the context for Rails-controller and Grape-API reqeusts similar to what we do for Sidekiq. The information comes from Labkit::Context. This also avoids logging information for unpersisted groups and projects in controllers. This was needed since the `#new` actions of controllers would assign those ivars but the information is not relevant for logs.
-
Tan Le authored
This commit attaches the `impersonator` attribute to the user when being under impersonation and later used by `AuditEventService` to write to audit log. From audit perspective, this helps us to achieve non-repudiation when actions are taken on behalf the user.
-
- 11 May, 2020 1 commit
-
-
Sean Arnold authored
- Update specs - CE and EE
-
- 14 Apr, 2020 1 commit
-
-
Diego Louzán authored
-
- 05 Mar, 2020 2 commits
-
-
Craig Furman authored
The inconsistent structure of these responses was causing mapping conflicts when these logs were sent to Elasticsearch. Apparently they are not actively used, so can be removed.
-
Luke Duncalfe authored
Previously, Design Management would only serve the full size designs that were uploaded, even when viewed as thumbnails. https://gitlab.com/gitlab-org/gitlab/-/merge_requests/22860 introduced a change in the app to begin resizing designs down to a new "v432x230" version. This change refactors the existing Projects::DesignsController into a new base class DesignManagement::DesignsController. The old controller that served the full-size original design files is now DesignManagement::Designs::RawImageController, and there is an additional DesignManagement::Designs::ResizedImageController that can serve resized versions of the designs. This change represents a breaking change to the routes - however these routes were only ever used internally. The extenal-facing parts of the application (the GraphQL `DesignType`) has been updated with the new routes. https://gitlab.com/gitlab-org/gitlab/issues/12577 https://gitlab.com/gitlab-org/gitlab/issues/13815
-
- 06 Feb, 2020 1 commit
-
-
Ryan Cobb authored
This fixes RSpec/ReceiveCounts and RSpec/ContextMethod violations in the existing codebase.
-
- 25 Jan, 2020 1 commit
-
-
Peter Leitzen authored
347 files inspected, 207 offenses detected, 207 offenses corrected
-
- 22 Jan, 2020 1 commit
-
-
Oswaldo Ferreira authored
It adds new attributes subscription_plan and caller_id. The subscription_plan can be "free", "bronze", "silver" or "gold", these are exclusively fetched from the given namespace (or the project if it's not given). The caller_id can be the controller action name if it's a regular Rails request, or the Grape route, when it's an API request. These new attributes will also be logged at Sidekiq logs, along the project, user and namespace.
-
- 03 Jan, 2020 1 commit
-
-
Bob Van Landuyt authored
This provides context to all requests made to Rails controllers or grape endpoints. Doing this starts a new `Labkit::Context`, to which we can provide a namespace, project and user. We're currently setting the following values: - Web requests: In the ApplicationController we wrap the entire request in a `with_context`. - user: based on the `auth_user` if there is one - project: We try to read the @project instance variable of the controller. - namespace: We try to read the @group instance variable of the controller. If there was none, but the project was set, we'll use that path to set the namespace - API requests: The application context is pushed in a before block setting the following values: - user: to `current_user` if there is one - project: to `@project` - namespace: to `@group` - Internal API requests: the application context is pushed in a before block: - user: When to the user set in `Api::Support::GitAccessActor` - project: to @project if it was available The 3 supported attributes for a context are read lazily when required. This also replaces the existing correlation middlewares with the new Labkit::Context middlewares. The rack middleware wraps each rack request in an overarching context that adds the correlation id. The context is cleaned up after the request, so we're sure all child contexts are cleaned up as well. The sidekiq client middleware will write the context into the job that goes into redis when a job is scheduled. The sidekiq server middleware will then re-instantiate this context so the job gets executed with the same context that was alive when it was scheduled. This means that any new job scheduled from sidekiq would also have this context.
-
- 11 Dec, 2019 1 commit
-
-
Diego Louzán authored
- Extend admin mode support to OmniAuth authentication - Improve admin mode flow by adding a request step with a grace period
-
- 03 Dec, 2019 1 commit
-
-
Heinrich Lee Yu authored
We block IP addresses when failed Git auths reach a certain threshold. This block applied to all requests so for every request, we had to check Redis to see if the IP is blocked. This caused unnecessary Redis load. This MR changes the block to only apply to Git requests as it is described in the documentation
-
- 28 Nov, 2019 1 commit
-
-
Sean McGivern authored
Instead of excluding XHRs for these actions, we only want to perform them when we're serving an HTML page. If we're serving an image or an Atom feed, they are mostly useless: 1. Gon variables can't be used by an image. 2. Redirects won't be seen if an image is embedded in another page.
-
- 18 Nov, 2019 1 commit
-
-
Sean McGivern authored
This reverts commit 7f1d9323.
-
- 15 Nov, 2019 1 commit
-
-
Igor Drozdov authored
This commit removes Rails/HttpStatus cop out of todo and corrects the existing offenses
-
- 13 Nov, 2019 1 commit
-
-
Miguel Rincon authored
Instead of excluding XHRs for these actions, we only want to perform them when we're serving an HTML page. If we're serving an image or an Atom feed, they are mostly useless: 1. Gon variables can't be used by an image. 2. Redirects won't be seen if an image is embedded in another page.
-
- 12 Nov, 2019 1 commit
-
-
Sean McGivern authored
This reverts merge request !19822
-
- 08 Nov, 2019 4 commits
-
-
Sean McGivern authored
Instead of excluding XHRs for these actions, we only want to perform them when we're serving an HTML page. If we're serving an image or an Atom feed, they are mostly useless: 1. Gon variables can't be used by an image. 2. Redirects won't be seen if an image is embedded in another page.
-
Alex Buijs authored
- Simplify signup service - Retain submitted form information on error - Show full name when it has been filled in already - Move setup_for_company attribute to the user_preferences table - Used sass variable for padding - Updated specs to Four-Phase Test Pattern - Explicitly set layout - Fix redirect logic - Display all possible error messages
-
Alex Buijs authored
Ask if a user is setting up GitLab for a company or not during the signup process. This info is stored in the users table and later used for experiments by the growth team.
-
Heinrich Lee Yu authored
This reverts merge request !19412
-
- 07 Nov, 2019 3 commits
-
-
Lucas Charles authored
This reverts merge request !19383
-
Sean McGivern authored
Instead of excluding XHRs for these actions, we only want to perform them when we're serving an HTML page. If we're serving an image or an Atom feed, they are mostly useless: 1. Gon variables can't be used by an image. 2. Redirects won't be seen if an image is embedded in another page.
-
Heinrich Lee Yu authored
This reverts commit 00b3e372.
-
- 23 Oct, 2019 1 commit
-
-
Doug Stull authored
- Since we already have a terms of service that handles the privacy policy updates, this code can be removed.
-
- 21 Oct, 2019 2 commits
-
-
allison.browne authored
-
Alex Buijs authored
An event should not be tracked if an experiment is not enabled. It should be tracked when a user is not part of the experimental group.
-
- 17 Oct, 2019 2 commits
-
-
Alex Buijs authored
- redirect users to almost there page after signing up when soft_email_confirmation is not enabled - remove enabled_since code for feature flags, since it is unreliable - add User#role_required? and User#set_role_required! methods to ‘abuse’ the role column in order to determine whether the role is required - store the requested url and redirect there after setting the role - add flash notice after successful signup - enable invisible captcha when signup_flow experiment is enabled - change `Welcome to GitLab.com` text to `Welcome to GitLab` in order to apply to Self hosted instances as well - cancel the signup_notice flash in the create action, where it is set
-
Alex Buijs authored
Only redirect to stage 2 of the new signup flow when appropriate: - a user’s role is missing - a user’s name is the same as it’s username - the experiment is enabled - the user is created after the experiment is enabled
-
- 09 Oct, 2019 1 commit
-
-
Manoj MJ authored
This change adds the ability to deactivate a user that has no recent activity i in the last 14 days. A deactivated user can still login and this will reactivate the user.
-
- 08 Oct, 2019 1 commit
-
-
Kerri Miller authored
This method, #route_not_found, is executed as the final fallback for unrecognized routes (as the name might imply.) We want to avoid `#authenticate_user!` when calling `#route_not_found`; `#authenticate_user!` can, depending on the request format, return a 401 instead of redirecting to a login page. This opens a subtle security exploit where anonymous users will receive a 401 response when attempting to access a private repo, while a recognized user will receive a 404, exposing the existence of the private, hidden repo.
-
- 26 Sep, 2019 2 commits
-
-
Giorgenes Gelatti authored
Adds controller concern to track events inside controller. Allows to call #track_event() to track arbitrary events.
-
Diego Louzán authored
Require admins to enter admin-mode by re-authenticating before performing administrative operations
-
- 25 Sep, 2019 1 commit
-
-
Heinrich Lee Yu authored
-
- 24 Sep, 2019 1 commit
-
-
Kushal Pandya authored
Use feature flag check for showing Privacy Policy update callout on UI.
-