An error occurred fetching the project authors.
  1. 06 Aug, 2020 1 commit
  2. 02 Jul, 2020 1 commit
    • George Koltsov's avatar
      Fix Profile Applications page i18n · 2ddc9575
      George Koltsov authored
        - No matter which language was selected, Profile Applications
          page was always displaying the page in English. This change
          fixes i18n to make sure page is displayed in user's locale.
      2ddc9575
  3. 03 Jun, 2020 1 commit
  4. 22 May, 2020 1 commit
  5. 19 May, 2020 1 commit
  6. 15 May, 2020 2 commits
    • Bob Van Landuyt's avatar
      Log the context metadata for rails requests · 05b7fccd
      Bob Van Landuyt authored
      This logs the context for Rails-controller and Grape-API reqeusts
      similar to what we do for Sidekiq.
      
      The information comes from Labkit::Context.
      
      This also avoids logging information for unpersisted groups and
      projects in controllers. This was needed since the `#new` actions of
      controllers would assign those ivars but the information is not
      relevant for logs.
      05b7fccd
    • Tan Le's avatar
      Record impersonation information on audit event · 438dfad9
      Tan Le authored
      This commit attaches the `impersonator` attribute to the user when being
      under impersonation and later used by `AuditEventService` to write to
      audit log. From audit perspective, this helps us to achieve
      non-repudiation when actions are taken on behalf the user.
      438dfad9
  7. 11 May, 2020 1 commit
  8. 14 Apr, 2020 1 commit
  9. 05 Mar, 2020 2 commits
    • Craig Furman's avatar
      Remove 422 response body logging · a2694db3
      Craig Furman authored
      The inconsistent structure of these responses was causing mapping
      conflicts when these logs were sent to Elasticsearch. Apparently they
      are not actively used, so can be removed.
      a2694db3
    • Luke Duncalfe's avatar
      Serve resized Design Management design files · 5c68ab72
      Luke Duncalfe authored
      Previously, Design Management would only serve the full size designs
      that were uploaded, even when viewed as thumbnails.
      
      https://gitlab.com/gitlab-org/gitlab/-/merge_requests/22860
      introduced a change in the app to begin resizing designs down to a new
      "v432x230" version.
      
      This change refactors the existing Projects::DesignsController into a
      new base class DesignManagement::DesignsController. The old controller
      that served the full-size original design files is now
      DesignManagement::Designs::RawImageController, and there is an
      additional DesignManagement::Designs::ResizedImageController that can
      serve resized versions of the designs.
      
      This change represents a breaking change to the routes - however these
      routes were only ever used internally. The extenal-facing parts of the
      application (the GraphQL `DesignType`) has been updated with the new
      routes.
      
      https://gitlab.com/gitlab-org/gitlab/issues/12577
      https://gitlab.com/gitlab-org/gitlab/issues/13815
      5c68ab72
  10. 06 Feb, 2020 1 commit
    • Ryan Cobb's avatar
      Fix RSpec cop violations · 363e774d
      Ryan Cobb authored
      This fixes RSpec/ReceiveCounts and RSpec/ContextMethod violations in the
      existing codebase.
      363e774d
  11. 25 Jan, 2020 1 commit
  12. 22 Jan, 2020 1 commit
    • Oswaldo Ferreira's avatar
      Add subscription_plan and caller_id to ApplicationContext · 040a742e
      Oswaldo Ferreira authored
      It adds new attributes subscription_plan and caller_id.
      
      The subscription_plan can be "free", "bronze", "silver" or "gold",
      these are exclusively fetched from the given namespace (or the
      project if it's not given).
      
      The caller_id can be the controller action name if it's a regular
      Rails request, or the Grape route, when it's an API request.
      
      These new attributes will also be logged at Sidekiq logs, along
      the project, user and namespace.
      040a742e
  13. 03 Jan, 2020 1 commit
    • Bob Van Landuyt's avatar
      Wrap requests in an ApplicationContext · 3c5be56e
      Bob Van Landuyt authored
      This provides context to all requests made to Rails controllers or
      grape endpoints.
      
      Doing this starts a new `Labkit::Context`, to which we can provide a
      namespace, project and user.
      
      We're currently setting the following values:
      
      - Web requests: In the ApplicationController we wrap the entire
        request in a `with_context`.
        - user: based on the `auth_user` if there is one
        - project: We try to read the @project instance variable of the
          controller.
        - namespace: We try to read the @group instance variable of the
          controller. If there was none, but the project was set, we'll use
          that path to set the namespace
      
      - API requests: The application context is pushed in a before block
        setting the following values:
        - user: to `current_user` if there is one
        - project: to `@project`
        - namespace: to `@group`
      
      - Internal API requests: the application context is pushed in a before
        block:
        - user: When to the user set in `Api::Support::GitAccessActor`
        - project: to @project if it was available
      
      The 3 supported attributes for a context are read lazily when
      required.
      
      This also replaces the existing correlation middlewares with the new
      Labkit::Context middlewares.
      
      The rack middleware wraps each rack request in an overarching context
      that adds the correlation id. The context is cleaned up after the
      request, so we're sure all child contexts are cleaned up as well.
      
      The sidekiq client middleware will write the context into the job that
       goes into redis when a job is scheduled.
      
      The sidekiq server middleware will then re-instantiate this context so
      the job gets executed with the same context that was alive when it was
      scheduled. This means that any new job scheduled from sidekiq would
      also have this context.
      3c5be56e
  14. 11 Dec, 2019 1 commit
  15. 03 Dec, 2019 1 commit
    • Heinrich Lee Yu's avatar
      Only check for blacklisted IPs on Git requests · 34635146
      Heinrich Lee Yu authored
      We block IP addresses when failed Git auths reach a certain
      threshold.
      
      This block applied to all requests so for every request, we
      had to check Redis to see if the IP is blocked. This caused
      unnecessary Redis load.
      
      This MR changes the block to only apply to Git requests as
      it is described in the documentation
      34635146
  16. 28 Nov, 2019 1 commit
    • Sean McGivern's avatar
      Only inject gon variables and perform redirects for HTML · 39d06df4
      Sean McGivern authored
      Instead of excluding XHRs for these actions, we only want to perform
      them when we're serving an HTML page. If we're serving an image or an
      Atom feed, they are mostly useless:
      
      1. Gon variables can't be used by an image.
      2. Redirects won't be seen if an image is embedded in another page.
      39d06df4
  17. 18 Nov, 2019 1 commit
  18. 15 Nov, 2019 1 commit
  19. 13 Nov, 2019 1 commit
    • Miguel Rincon's avatar
      Only inject gon variables and perform redirects for HTML · 50839384
      Miguel Rincon authored
      Instead of excluding XHRs for these actions, we only want to perform
      them when we're serving an HTML page. If we're serving an image or an
      Atom feed, they are mostly useless:
      
      1. Gon variables can't be used by an image.
      2. Redirects won't be seen if an image is embedded in another page.
      50839384
  20. 12 Nov, 2019 1 commit
  21. 08 Nov, 2019 4 commits
  22. 07 Nov, 2019 3 commits
  23. 23 Oct, 2019 1 commit
  24. 21 Oct, 2019 2 commits
  25. 17 Oct, 2019 2 commits
    • Alex Buijs's avatar
      Implement feedback fixes BE · 63d389e9
      Alex Buijs authored
      - redirect users to almost there page after signing up when
      soft_email_confirmation is not enabled
      - remove enabled_since code for feature flags, since it is unreliable
      - add User#role_required? and User#set_role_required! methods to
      ‘abuse’ the role column in order to determine whether the role is
      required
      - store the requested url and redirect there after setting the role
      - add flash notice after successful signup
      - enable invisible captcha when signup_flow experiment is enabled
      - change `Welcome to GitLab.com` text to `Welcome to GitLab` in
      order to apply to Self hosted instances as well
      - cancel the signup_notice flash in the create action, where it is set
      63d389e9
    • Alex Buijs's avatar
      Only require role when appropriate · 8bb5373a
      Alex Buijs authored
      Only redirect to stage 2 of the new signup flow when
      appropriate:
      - a user’s role is missing
      - a user’s name is the same as it’s username
      - the experiment is enabled
      - the user is created after the experiment is enabled
      8bb5373a
  26. 09 Oct, 2019 1 commit
  27. 08 Oct, 2019 1 commit
    • Kerri Miller's avatar
      Avoid #authenticate_user! in #route_not_found · 00b3e372
      Kerri Miller authored
      This method, #route_not_found, is executed as the final fallback for
      unrecognized routes (as the name might imply.) We want to avoid
      `#authenticate_user!` when calling `#route_not_found`;
      `#authenticate_user!` can, depending on the request format, return a 401
      instead of redirecting to a login page. This opens a subtle security
      exploit where anonymous users will receive a 401 response when
      attempting to access a private repo, while a recognized user will
      receive a 404, exposing the existence of the private, hidden repo.
      00b3e372
  28. 26 Sep, 2019 2 commits
  29. 25 Sep, 2019 1 commit
  30. 24 Sep, 2019 1 commit