- 25 Aug, 2016 1 commit
-
-
Z.J. van de Weg authored
-
- 24 Aug, 2016 1 commit
-
-
Stan Hu authored
Closes #21043
-
- 01 Aug, 2016 1 commit
-
-
zs authored
Provide more sensible default sort order for issues and merge requests based on the following table: | type | state | default sort order | |----------------|--------|--------------------| | issues | open | last created | | issues | closed | last updated | | issues | all | last created | | merge requests | open | last created | | merge requests | merged | last updated | | merge requests | closed | last updated | | merge requests | all | last created |
-
- 14 Jul, 2016 1 commit
-
-
Timothy Andrew authored
1. Only on supported Chrome versions 2. Mainly, this lets us simplify the javascript-based U2F check to `window.u2f`, where `window.u2f` can either be loaded from the GitLab server (for Chrome) or from the Firefox extension. 3. This is a better way to provide browser detection for U2F.
-
- 18 Jun, 2016 1 commit
-
-
Rémy Coutable authored
This is a try for a new approach to put the access checks at the service level. Signed-off-by: Rémy Coutable <remy@rymai.me>
-
- 16 Jun, 2016 1 commit
-
-
Timothy Andrew authored
- Extract a duplicated `redirect_to` - Fix a typo: "token", not "certificate" - Have the "Expires at" datepicker be attached to a text field, not inline - Have both private tokens and personal access tokens verified in a single "authenticate_from_private_token" method, both in the application and API. Move relevant logic to `User#find_by_personal_access_token` - Remove unnecessary constants relating to API auth. We don't need a separate constant for personal access tokens since the param is the same as for private tokens.
-
- 06 Jun, 2016 3 commits
-
-
Douwe Maan authored
-
Timothy Andrew authored
- Move the `TwoFactorAuthsController`'s `new` action to `show`, since the page is not used to create a single "two factor auth" anymore. We can have a single 2FA authenticator app, along with any number of U2F devices, in any combination, so the page will be accessed after the first "two factor auth" is created. - Add the `u2f` javascript library, which provides an API to the browser's U2F implementation. - Add tests for the JS components
-
Timothy Andrew authored
- To hold registrations from U2F devices, and to authenticate them. - Previously, `User#two_factor_enabled` was aliased to the `otp_required_for_login` column on `users`. - This commit changes things a bit: - `User#two_factor_enabled` is not a method anymore - `User#two_factor_enabled?` checks both the `otp_required_for_login` column, as well as `U2fRegistration`s - Change all instances of `User#two_factor_enabled` to `User#two_factor_enabled?` - Add the `u2f` gem, and implement registration/authentication at the model level.
-
- 03 Jun, 2016 3 commits
-
-
James Lopez authored
This reverts commit 3e991230.
-
James Lopez authored
# Conflicts: # app/models/project.rb
-
Timothy Andrew authored
-
- 01 Jun, 2016 2 commits
-
-
Timothy Andrew authored
-
Timothy Andrew authored
- So that the check for valid personal access tokens happens only if private token auth fails.
-
- 31 May, 2016 1 commit
-
-
Felipe Artur authored
-
- 30 May, 2016 1 commit
-
-
Connor Shea authored
Devise (3.5.4 => 4.1.1) Changelog: https://github.com/plataformatec/devise/blob/master/CHANGELOG.md devise-two-factor (2.0.1 => 3.0.0) Changelog: https://github.com/tinfoil/devise-two-factor/blob/master/CHANGELOG.md These are reliant on each other, so they have to be upgraded together. devise-async is no longer necessary as Devise 4.1 fixes a bug with the ActiveJob integration.
-
- 13 May, 2016 1 commit
-
-
Gabriel Mazetto authored
-
- 11 May, 2016 1 commit
-
-
Timothy Andrew authored
- https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3749#note_11626427 - Personal access tokens are still a separate entity as far as the codebase is concerned - they just happen to use the same entry point as private tokens. - Update tests and documentation to reflect this change
-
- 03 May, 2016 1 commit
-
-
Artem Sidorenko authored
-
- 28 Apr, 2016 3 commits
-
-
Timothy Andrew authored
- Use `TokenAuthenticatable` to generate the personal access token - Remove a check for `authenticity_token` in application controller; this should've been `authentication_token`, maybe, and doesn't make any sense now. - Have the datepicker appear inline
-
Timothy Andrew authored
- No need to use `if`s when we have a `presence` check already.
-
Timothy Andrew authored
- Rename the `authenticate_user_from_token!` filter to `authenticate_user_from_private_token!` - Add a new `authenticate_user_from_personal_access_token!` filter - Add tests for both.
-
- 22 Apr, 2016 1 commit
-
-
James Lopez authored
gitlab import UI - icon, file selector, etc... Also updated font-awesome and modified import source settings.
-
- 14 Apr, 2016 3 commits
-
-
Robert Speicher authored
-
Stan Hu authored
-
Stan Hu authored
Closes #14370 Move gon function into its own helper
-
- 09 Apr, 2016 1 commit
-
-
Robert Speicher authored
This will let us filter errors by the program environment in which they were encountered. Source: http://stackoverflow.com/a/28370539/223897 Closes #15092
-
- 20 Mar, 2016 1 commit
-
-
Douwe Maan authored
-
- 19 Mar, 2016 1 commit
-
-
Robert Speicher authored
-
- 11 Mar, 2016 2 commits
-
-
Phil Hughes authored
-
Phil Hughes authored
Added in disable button for 2fa
-
- 10 Mar, 2016 2 commits
-
-
Jacob Vosmaer authored
-
Jacob Vosmaer authored
-
- 09 Mar, 2016 1 commit
-
-
Jacob Vosmaer authored
-
- 19 Feb, 2016 1 commit
-
-
Rubén Dávila authored
-
- 15 Feb, 2016 2 commits
-
-
Robert Speicher authored
Prior, if the request format was, for example, .zip, we'd get an `ActionView::MissingTemplate` error.
-
Robert Speicher authored
-
- 04 Feb, 2016 2 commits
- 03 Feb, 2016 1 commit
-
-
Stan Hu authored
Currently there is no way to download a raw file without embedding the token in the URL, which exposes the token in the URL. There should be an way of sending this information via the header as the API does. Closes https://github.com/gitlabhq/gitlabhq/issues/8137
-