BigW Consortium Gitlab

  1. 25 Apr, 2017 1 commit
    • Don't display the `is_admin?` flag for user API responses. · 34b71e73
      Timothy Andrew authored
      - To prevent an attacker from enumerating the `/users` API to get a list of all
        the admins.
      
      - Display the `is_admin?` flag wherever we display the `private_token` - at the
        moment, there are two instances:
      
        - When an admin uses `sudo` to view the `/user` endpoint
        - When logging in using the `/session` endpoint
  2. 21 Apr, 2017 1 commit
  3. 18 Apr, 2017 1 commit
  4. 14 Apr, 2017 2 commits
  5. 02 Apr, 2017 1 commit
  6. 06 Mar, 2017 2 commits
  7. 01 Mar, 2017 1 commit
  8. 28 Feb, 2017 5 commits
  9. 23 Feb, 2017 2 commits
  10. 20 Feb, 2017 2 commits
  11. 16 Feb, 2017 2 commits
  12. 09 Feb, 2017 1 commit
  13. 02 Feb, 2017 2 commits
  14. 11 Jan, 2017 1 commit
  15. 04 Jan, 2017 1 commit
  16. 03 Jan, 2017 1 commit
  17. 12 Dec, 2016 1 commit
  18. 07 Dec, 2016 1 commit
  19. 28 Nov, 2016 1 commit
  20. 21 Nov, 2016 1 commit
  21. 08 Nov, 2016 1 commit
  22. 24 Oct, 2016 3 commits
  23. 21 Oct, 2016 1 commit
  24. 11 Oct, 2016 2 commits
  25. 10 Oct, 2016 3 commits