- 08 Apr, 2016 8 commits
-
-
Dmitriy Zaporozhets authored
Remove TODO for not documented stuff We should not put a `TODO` in a released product. See merge request !3553
-
Dmitriy Zaporozhets authored
First pass at a Testing styleguide Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/14121 [ci skip] See merge request !3465
-
Yorick Peterse authored
Use more accurate timestamps for InfluxDB. See merge request !3617
-
Yorick Peterse authored
Use gitlab-workhorse 0.7.2 See merge request !3570
-
Yorick Peterse authored
This changes the timestamp of metrics to be more accurate/unique by using Time#to_f combined with a small random jitter value. This combination hopefully reduces the amount of collisions, though there's no way to fully prevent any from occurring. Fixes gitlab-com/operations#175
-
Rémy Coutable authored
API: Expose subscribed? on issues and merge requests This is the first start for the new `subscribable` API. It exposes the `subscribed` field for issues and merge requests. Related to #6024 See merge request !3611
-
Robert Schilling authored
-
Robert Schilling authored
Fix Incorrect Quote In Docker Executor Example ## What does this MR do? The corrected line opened with a regular quote (') but closed with a back-tick (`) I believe this is invalid bash syntax ## Are there points in the code the reviewer needs to double check? Probably not ## Why was this MR needed? Fixes error when example is copied and pasted ## What are the relevant issue numbers? None ## Screenshots (if relevant) None See merge request !3604
-
- 07 Apr, 2016 32 commits
-
-
Jacob Schatz authored
Remove changelog entry for new navigation sidebar. See merge request !3608
-
Jacob Schatz authored
Fix side-by-side code format & commit message wrap ![Screen_Shot_2016-04-07_at_1.31.28_PM](/uploads/bad00284e4dfbec1fdd75220c34f4a98/Screen_Shot_2016-04-07_at_1.31.28_PM.png) ![Screen_Shot_2016-04-07_at_1.32.23_PM](/uploads/7cd344765025e93d0035934a473b4bb3/Screen_Shot_2016-04-07_at_1.32.23_PM.png) See merge request !3605
-
Jacob Schatz authored
Revert "Merge branch 'new-navigation-prototype' into 'master'" This reverts merge request !3494 See merge request !3607
-
Robert Speicher authored
[ci skip]
-
Jacob Schatz authored
-
Jacob Schatz authored
This reverts merge request !3494
-
Jacob Schatz authored
Revert "Merge branch 'fix-sidebar-exapnd' into 'master'" This reverts merge request !3520 See merge request !3606
-
Jacob Schatz authored
This reverts merge request !3520
-
Annabel Dunstone authored
-
Alex Mayer authored
-
Jacob Schatz authored
Preserve white space See merge request !3602
-
Jacob Schatz authored
Update number of Todos in the sidebar when it's marked as "Done" Closes #15002 See merge request !3600
-
Douglas Barbosa Alexandre authored
-
Annabel Dunstone authored
-
Annabel Dunstone authored
-
Douglas Barbosa Alexandre authored
-
Rémy Coutable authored
Fix problem when creating milestones in groups without projects Fixes #14012 See merge request !3481
-
Douwe Maan authored
Add optional colon. See merge request !3591
-
Yorick Peterse authored
Disable git gc --auto See merge request !3572
-
Rémy Coutable authored
Hide "assign to me" link if not allowed Fixes #14996 See merge request !3590
-
Felipe Artur authored
-
Jacob Schatz authored
-
Jacob Schatz authored
-
Jacob Schatz authored
-
Jacob Schatz authored
-
Grzegorz Bizon authored
* 'master' of dev.gitlab.org:gitlab/gitlabhq: Make sessions controller specs more explicit Fix 2FA authentication spoofing vulnerability Add specs for sessions controller including 2FA
-
Rémy Coutable authored
Fix 2FA authentication spoofing ## Summary This is security fix for vulnerability described at https://gitlab.com/gitlab-org/gitlab-ce/issues/14900. Attacker was able to bypass password authentication of users that have 2FA enabled, and consequently sign is as a different user, without knowing his password, if he managed to guess 2FA One Time Password for that user. It was also possible to enumerate users and check if they have 2FA enabled, because GitLab responded with different error for each case. ## Fix This MR attempts to change default user search scope if `otp_user_id` session variable has been set. If it is present, it means that user has 2FA enabled, and has already been verified with login and password. In this case we should look for user with `otp_user_id` first, before picking it up by `login`. Both, 2FA authentication spoofing and 2FA discovery have been covered by specs. ## Further work Current 2FA code is a bit tricky, so it probably needs some refactoring. See merge request !1947
-
Grzegorz Bizon authored
-
Jacob Schatz authored
-
Yorick Peterse authored
Expire caches after project creation to ensure a consistent state See merge request !3586
-