BigW Consortium Gitlab

  1. 25 Apr, 2017 1 commit
    • Don't display the `is_admin?` flag for user API responses. · 34b71e73
      Timothy Andrew authored
      - To prevent an attacker from enumerating the `/users` API to get a list of all
        the admins.
      
      - Display the `is_admin?` flag wherever we display the `private_token` - at the
        moment, there are two instances:
      
        - When an admin uses `sudo` to view the `/user` endpoint
        - When logging in using the `/session` endpoint
  2. 24 Mar, 2017 1 commit
  3. 06 Mar, 2017 2 commits
  4. 28 Feb, 2017 1 commit
  5. 15 Feb, 2017 1 commit
  6. 03 Feb, 2017 2 commits
  7. 07 Dec, 2016 1 commit
  8. 19 Oct, 2016 1 commit
  9. 13 Oct, 2016 1 commit
  10. 11 Oct, 2016 2 commits
  11. 07 Oct, 2016 2 commits
  12. 31 Aug, 2016 1 commit
  13. 19 Aug, 2016 1 commit
  14. 17 Aug, 2016 7 commits