- 25 Mar, 2015 7 commits
-
-
Dan Tudor authored
-
Robert Schilling authored
-
Robert Schilling authored
Fix GitLab shell setup spacing
-
Dmitriy Zaporozhets authored
Respond with full GitAccess error if user has project read access. Should help with debugging #1236. cc @marin See merge request !437
-
Dmitriy Zaporozhets authored
Improve sticky headers in diffs * disable sticky headers in discussion * enable sticky header on mr page with you click changes tab See merge request !450
-
Dmitriy Zaporozhets authored
* disable sticky headers in discussion * enable sticky header on mr page with you click changes tab
-
Dmitriy Zaporozhets authored
Milestones and labels can be used even when issues are disabled. When Issues are disabled for a project Milestones and Labels can still be used for Merge Requests. See merge request !1739
-
- 24 Mar, 2015 30 commits
-
-
Dmitriy Zaporozhets authored
Change merge request button color based on CI status Green button looks confusing when CI fails Screenshots: ![ci-warn](https://gitlab.com/gitlab-org/gitlab-ce/uploads/f8166c9acf35f9d886f37f52f975acfb/ci-warn.png) ![ci-can](https://gitlab.com/gitlab-org/gitlab-ce/uploads/d7319c4c567c42a47d79953191384f96/ci-can.png) See merge request !448
-
Dmitriy Zaporozhets authored
Link note avatar to user. See merge request !446
-
Dmitriy Zaporozhets authored
Clean up subscriptions when user is deleted. cc @vsizov See merge request !439
-
Dmitriy Zaporozhets authored
Update rugments to 1.0.0.beta6 to fix C# highlighting. Fixes #1259. See merge request !435
-
Dmitriy Zaporozhets authored
-
Dmitriy Zaporozhets authored
-
Dmitriy Zaporozhets authored
-
Dmitriy Zaporozhets authored
Unescape branch param to delete
-
Dmitriy Zaporozhets authored
Complete transition to using color_field for selecting colors
-
Marin Jankovski authored
-
Dmitriy Zaporozhets authored
Reduce Rack Attack false positives causing 403 errors during HTTP authentication ### What does this MR do? This MR reduces false positives causing `403 Forbidden` messages after HTTP authentication. A Git client may attempt to access a repository without a password. If it receives a 401 error, the client often will try again, this time supplying a password. The problem is that `grack_auth.rb` considers a blank password an authentication failure and increases a Redis counter each time this happens. With enough requests, an IP can be banned temporarily even though previous attempts may have been successful. This leads users to see `403 Forbidden` errors until the ban times out (default: 1 hour). To reduce the chance of a false positive, this MR resets the counter upon a successful authentication from an IP. In addition, this MR logs when a user has been banned and introduces the ability to disable Rack Attack via a config variable. ### Are there points in the code the reviewer needs to double check? rack-attack v4.2.0 doesn't support the ability to clear counters out of the box, so `rack_attack_helpers.rb` includes a number of monkey patches to make it work. It looks like this functionality may be added in v4.3.0. I've also sent pull requests to rack-attack to add the functionality necessary to delete a key. Each time an authentication is successful, the Redis counter for that IP is cleared. I deemed it better to clear the counter than to allow for blank passwords, since the latter seems like a security risk. ### Why was this MR needed? It was quite difficult to figure out why users were seeing `403 Forbidden`, which is why the log message was added. Users were getting a lot of false positives when accessing repositories with HTTPS. Including the username in the HTTPS URL (e.g. `https://username@mydomain.com/account/repo.git`) caused authentication failures because while the git client provided the username, it left the password blank, leading to an authentication failure. ### What are the relevant issue numbers / [Feature requests](http://feedback.gitlab.com/)? See Issue #1171 https://github.com/kickstarter/rack-attack/issues/113 See merge request !392
-
Dmitriy Zaporozhets authored
Make sure issue assignee is properly reset. Previously, when the assignee was reset via the sidebar or bulk edit, `assignee_id` was set to `-1` rather than `null`, which caused the two issues shown below: ![Screen_Shot_2015-03-24_at_16.52.13](https://gitlab.com/gitlab-org/gitlab-ce/uploads/3c937795c45031c3c72c124ced866598/Screen_Shot_2015-03-24_at_16.52.13.png) - A "(deleted)" participant - An empty selectbox in the sidebar, instead of "Select assignee" See merge request !443
-
Robert Schilling authored
Remove duplicate CHANGELOG items for v7.8.0 [ci skip] See merge request !447
-
Dmitriy Zaporozhets authored
Fix nested task lists When nesting task list items, the parent item is wrapped in a `<p>` tag. Update the task list parser to handle these paragraph wrappers. cc @sytse See merge request !413
-
Aurelio Jargas authored
[ci skip]
-
Douwe Maan authored
-
Andrew Tomaka authored
-
Douwe Maan authored
-
Douwe Maan authored
-
Douwe Maan authored
-
Douwe Maan authored
-
Douwe Maan authored
-
Dan Tudor authored
Branch names that contain `/` return a 405 error when being deleted because the slash is escaped to `%2F` This patch will unescape the param prior to executing the delete action.
-
Douwe Maan authored
-
Stan Hu authored
successful Git over HTTP authentication. Add logging when a ban goes into effect for debugging. Issue #1171
-
Dmitriy Zaporozhets authored
-
Dmitriy Zaporozhets authored
Don't mark merge request as updated when merge status relative to target branch changes. Addresses https://gitlab.com/gitlab-org/gitlab-ce/issues/1254 and private issue https://dev.gitlab.org/gitlab/gitlabhq/issues/2165. See merge request !431
-
Dmitriy Zaporozhets authored
-
Dmitriy Zaporozhets authored
Don't include system notes in issue/MR comment count. Addresses private issue https://dev.gitlab.org/gitlab/gitlabhq/issues/2163. See merge request !430
-
Dmitriy Zaporozhets authored
Fix file mode going to next line in diff header See merge request !432
-
- 23 Mar, 2015 3 commits
-
-
Andrew Tomaka authored
-
Douwe Maan authored
Don't use required keyword arguments to maintain support for Ruby 2.0. See merge request !433
-
Douwe Maan authored
This reverts commit af522ede.
-