BigW Consortium Gitlab

  1. 07 Mar, 2017 4 commits
  2. 06 Mar, 2017 4 commits
  3. 01 Mar, 2017 2 commits
  4. 28 Feb, 2017 2 commits
  5. 23 Feb, 2017 1 commit
  6. 30 Jan, 2017 1 commit
    • Reduce hits to LDAP on Git HTTP auth by reordering auth mechanisms · 29414ab0
      Drew Blessing authored
      We accept half a dozen different authentication mechanisms for
      Git over HTTP. Fairly high in the list we were checking user
      password, which would also query LDAP. In the case of LFS,
      OAuth tokens or personal access tokens, we were unnecessarily
      hitting LDAP when the authentication will not succeed. This
      was causing some LDAP/AD systems to lock the account. Now,
      user password authentication is the last mechanism tried since
      it's the most expensive.
  7. 16 Dec, 2016 6 commits
    • Rename the `token_has_scope?` method. · 5becbe24
      Timothy Andrew authored
      `valid_api_token?` is a better name. Scopes are just (potentially) one facet of
      a "valid" token.
    • Convert AccessTokenValidationService into a class. · b303948f
      Timothy Andrew authored
      - Previously, AccessTokenValidationService was a module, and all its  public
      methods accepted a token. It makes sense to convert it to a class which accepts
      a token during initialization.
      
      - Also rename the `sufficient_scope?` method to `include_any_scope?`
      
      - Based on feedback from @rymai
    • Refactor access token validation in `Gitlab::Auth` · dc95bcbb
      Timothy Andrew authored
      - Based on @dbalexandre's review
      - Extract token validity conditions into two separate methods, for
        personal access tokens and OAuth tokens.
    • Implement minor changes from @dbalexandre's review. · 4d6da770
      Timothy Andrew authored
      - Mainly whitespace changes.
      
      - Require the migration adding the `scope` column to the
        `personal_access_tokens` table to have downtime, since API calls will
        fail if the new code is in place, but the migration hasn't run.
      
      - Minor refactoring - load `@scopes` in a `before_action`, since we're
        doing it in three different places.
    • Validate access token scopes in `Gitlab::Auth` · 36b3210b
      Timothy Andrew authored
      - This module is used for git-over-http, as well as JWT.
      
      - The only valid scope here is `api`, currently.
    • Calls to the API are checked for scope. · 7fa06ed5
      Timothy Andrew authored
      - Move the `Oauth2::AccessTokenValidationService` class to
        `AccessTokenValidationService`, since it is now being used for
        personal access token validation as well.
      
      - Each API endpoint declares the scopes it accepts (if any). Currently,
        the top level API module declares the `api` scope, and the `Users` API
        module declares the `read_user` scope (for GET requests).
      
      - Move the `find_user_by_private_token` from the API `Helpers` module to
        the `APIGuard` module, to avoid littering `Helpers` with more
        auth-related methods to support `find_user_by_private_token`
  8. 28 Sep, 2016 1 commit
  9. 20 Sep, 2016 1 commit
  10. 19 Sep, 2016 6 commits
  11. 16 Sep, 2016 2 commits
  12. 15 Sep, 2016 10 commits