- 17 Apr, 2017 1 commit
-
-
Sean McGivern authored
-
- 14 Apr, 2017 4 commits
-
-
Rémy Coutable authored
Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Rémy Coutable authored
Signed-off-by: Rémy Coutable <remy@rymai.me>
-
Sean McGivern authored
-
James Lopez authored
It uses a user activity table instead of a column in users. Tested with mySQL and postgreSQL
-
- 13 Apr, 2017 1 commit
-
-
Timothy Andrew authored
- We currently support fetching code with username = 'oauth2' and password = <access_token>. - Trying to _push_ code with the same credentials fails with an authentication error. - There's no reason this shouldn't be enabled, especially since we allow the OAuth client to create deploy keys with push access: https://docs.gitlab.com/ce/api/deploy_keys.html#add-deploy-key
-
- 07 Mar, 2017 1 commit
-
-
Markus Koller authored
Gitlab::Auth.find_with_user_password is currently used in these places: - resource_owner_from_credentials in config/initializers/doorkeeper.rb, which is used for the OAuth Resource Owner Password Credentials flow - the /session API call in lib/api/session.rb, which is used to reveal the user's current authentication_token In both cases users should only be authenticated if they're in the active state.
-
- 23 Feb, 2017 2 commits
-
-
Douwe Maan authored
This reverts commit cb10b725c8929b8b4460f89c9d96c773af39ba6b.
-
Douwe Maan authored
-
- 05 Feb, 2017 1 commit
-
- 26 Jan, 2017 1 commit
-
-
Robert Speicher authored
-
- 25 Jan, 2017 1 commit
-
-
Douglas Barbosa Alexandre authored
-
- 16 Dec, 2016 1 commit
-
-
Timothy Andrew authored
- This module is used for git-over-http, as well as JWT. - The only valid scope here is `api`, currently.
-
- 09 Dec, 2016 1 commit
-
-
Lin Jen-Shin authored
-
- 09 Nov, 2016 1 commit
-
-
Douwe Maan authored
Ensure external users are not able to clone disabled repositories. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/23788 See merge request !2017 Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 14 Oct, 2016 1 commit
-
-
Dmitriy Zaporozhets authored
This reverts commit 68ab7047.
-
- 11 Oct, 2016 1 commit
-
-
tiagonbotelho authored
-
- 10 Oct, 2016 1 commit
-
-
Dmitriy Zaporozhets authored
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-
- 28 Sep, 2016 1 commit
-
-
Horatiu Eugen Vlad authored
Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 20 Sep, 2016 1 commit
-
-
Kamil Trzcinski authored
-
- 16 Sep, 2016 2 commits
-
-
Kamil Trzcinski authored
-
Kamil Trzcinski authored
-
- 15 Sep, 2016 2 commits
-
-
Kamil Trzcinski authored
-
Kamil Trzcinski authored
-
- 05 Sep, 2016 1 commit
-
-
Jacob Vosmaer authored
-
- 01 Sep, 2016 1 commit
-
-
Felipe Artur authored
-
- 17 Aug, 2016 1 commit
-
-
Patricio Cano authored
-
- 16 Aug, 2016 1 commit
-
-
Patricio Cano authored
-
- 06 Aug, 2016 1 commit
-
-
Gabriel Mazetto authored
-
- 03 Aug, 2016 1 commit
-
-
Jacob Vosmaer authored
Before this change we always let users push Git data over HTTP before deciding whether to accept to push. This was different from pushing over SSH where we terminate a 'git push' early if we already know the user is not allowed to push. This change let Git over HTTP follow the same behavior as Git over SSH. We also distinguish between HTTP 404 and 403 responses when denying Git requests, depending on whether the user is allowed to know the project exists.
-
- 01 Jul, 2016 1 commit
-
-
Jacob Vosmaer authored
-
- 27 Jun, 2016 1 commit
-
-
Z.J. van de Weg authored
-
- 16 Jun, 2016 2 commits
-
-
James Lopez authored
This reverts commit 13e37a3e.
-
James Lopez authored
-
- 14 Jun, 2016 1 commit
-
-
Sean McGivern authored
-
- 09 Jun, 2016 2 commits
-
-
Sean McGivern authored
-
Sean McGivern authored
It doesn't seem possible to set constraints based on format for project IDs ending in .git, so set the constraint on the ID and ensure the format is nil to avoid the case where the project ID is something like project.git.foo.
-
- 08 Jun, 2016 1 commit
-
-
Jacob Vosmaer authored
-
- 29 Apr, 2016 1 commit
-
-
Jacob Vosmaer authored
-
- 22 Apr, 2016 1 commit
-
-
Jacob Vosmaer authored
-