delta/gitlab/gitlab-ce.git/app/controllers/application_controller.rb, branch bootstrap-markdown-code-highlight gitlab.com: gitlab-org/gitlab-ce.git Update 404 and 403 pages 2018-05-31T21:28:19+00:00 Paul Slaughter pslaughter@gitlab.com 2018-05-31T21:28:19+00:00 bbff2d680d22051041be5fc5dd2e801fd1cc862d 






Allow a user to sign out when on the terms page
2018-05-11T06:27:43+00:00

Bob Van Landuyt
bob@vanlanduyt.co

2018-05-10T09:35:02+00:00

a5cb2fe2e09b9b758905693360ecc680ff4afe2a

Before we would block the `sign_out` request when the user did not
accept the terms, therefore redirecting them to the terms again.

By allowing all request to devise controllers, we avoid this problem.





Before we would block the `sign_out` request when the user did not
accept the terms, therefore redirecting them to the terms again.

By allowing all request to devise controllers, we avoid this problem.







Enforces terms in the web application
2018-05-04T11:54:43+00:00

Bob Van Landuyt
bob@vanlanduyt.co

2018-04-27T14:50:33+00:00

7684217d6806408cd338260119364419260d1720

This enforces the terms in the web application. These cases are
specced:

- Logging in: When terms are enforced, and a user logs in that has not
  accepted the terms, they are presented with the screen. They get
  directed to their customized root path afterwards.
- Signing up: After signing up, the first screen the user is presented
  with the screen to accept the terms. After they accept they are
  directed to the dashboard.
- While a session is active:
  - For a GET: The user will be directed to the terms page first,
    after they accept the terms, they will be directed to the page
    they were going to
  - For any other request: They are directed to the terms, after they
    accept the terms, they are directed back to the page they came
    from to retry the request. Any information entered would be
    persisted in localstorage and available on the page.





This enforces the terms in the web application. These cases are
specced:

- Logging in: When terms are enforced, and a user logs in that has not
  accepted the terms, they are presented with the screen. They get
  directed to their customized root path afterwards.
- Signing up: After signing up, the first screen the user is presented
  with the screen to accept the terms. After they accept they are
  directed to the dashboard.
- While a session is active:
  - For a GET: The user will be directed to the terms page first,
    after they accept the terms, they will be directed to the page
    they were going to
  - For any other request: They are directed to the terms, after they
    accept the terms, they are directed back to the page they came
    from to retry the request. Any information entered would be
    persisted in localstorage and available on the page.







[Rails5] Update `ApplicationController#log_exception` to fix `undefined method 'clean'` error
2018-04-28T09:01:31+00:00

blackst0ne
blackst0ne.ru@gmail.com

2018-04-28T09:01:31+00:00

991db50f883c14f7f1731f5d22713168320a0c76

This commit fixes the error:
```
  1) Projects::TodosController Merge Requests POST create when not authorized for merge_request doesn't create todo
     Failure/Error: application_trace = ActionDispatch::ExceptionWrapper.new(env, exception).application_trace

     NoMethodError:
       undefined method `clean' for #<Hash:0x000055be5bda35d0>
       Did you mean?  clear
     # ./app/controllers/application_controller.rb:113:in `log_exception'
     # ./app/controllers/application_controller.rb:40:in `block in <class:ApplicationController>'
     # ./spec/controllers/projects/todos_controller_spec.rb:80:in `go'
     # ./spec/controllers/projects/todos_controller_spec.rb:138:in `block (6 levels) in <top (required)>'
     # ./spec/controllers/projects/todos_controller_spec.rb:138:in `block (5 levels) in <top (required)>'
     # ------------------
     # --- Caused by: ---
     # ActiveRecord::RecordNotFound:
     #   Couldn't find MergeRequest
     #   ./app/finders/concerns/finder_methods.rb:19:in `raise_not_found_unless_authorized'

Finished in 7.53 seconds (files took 12.8 seconds to load)
1 example, 1 failure
```

Also see https://github.com/rails/rails/commit/6d85804bc6aeecce5669fb4b0d7b33c069deff3a





This commit fixes the error:
```
  1) Projects::TodosController Merge Requests POST create when not authorized for merge_request doesn't create todo
     Failure/Error: application_trace = ActionDispatch::ExceptionWrapper.new(env, exception).application_trace

     NoMethodError:
       undefined method `clean' for #<Hash:0x000055be5bda35d0>
       Did you mean?  clear
     # ./app/controllers/application_controller.rb:113:in `log_exception'
     # ./app/controllers/application_controller.rb:40:in `block in <class:ApplicationController>'
     # ./spec/controllers/projects/todos_controller_spec.rb:80:in `go'
     # ./spec/controllers/projects/todos_controller_spec.rb:138:in `block (6 levels) in <top (required)>'
     # ./spec/controllers/projects/todos_controller_spec.rb:138:in `block (5 levels) in <top (required)>'
     # ------------------
     # --- Caused by: ---
     # ActiveRecord::RecordNotFound:
     #   Couldn't find MergeRequest
     #   ./app/finders/concerns/finder_methods.rb:19:in `raise_not_found_unless_authorized'

Finished in 7.53 seconds (files took 12.8 seconds to load)
1 example, 1 failure
```

Also see https://github.com/rails/rails/commit/6d85804bc6aeecce5669fb4b0d7b33c069deff3a







[Rails5] Add `safe_params` helper
2018-04-08T04:35:30+00:00

blackst0ne
blackst0ne.ru@gmail.com

2018-04-08T04:35:30+00:00

eddf3febd7e78a442a0b2fbd36d7b92ba769f4a5

Rails 5.0 requires to explicitly permit attributes when building a URL
using current `params` object.

The `safe_params` helper allows developers to just call `safe_params.merge(...)`
instead of manually adding `permit` to every call.

https://github.com/rails/rails/pull/20868





Rails 5.0 requires to explicitly permit attributes when building a URL
using current `params` object.

The `safe_params` helper allows developers to just call `safe_params.merge(...)`
instead of manually adding `permit` to every call.

https://github.com/rails/rails/pull/20868







Add better LDAP connection handling
2018-04-04T09:07:28+00:00

Francisco Javier López
fjlopez@gitlab.com

2018-04-04T09:07:28+00:00

ae84eaeba7d450953a9f20d7085541cd1ff4200b












Moved o_auth/saml/ldap modules under gitlab/auth
2018-02-28T15:53:02+00:00

Horatiu Eugen Vlad
horatiu@vlad.eu

2018-02-23T12:10:39+00:00

1ad5df49b1925f1865e99c3fd8576a762aea9cae












Port `read_cross_project` ability from EE
2018-02-22T16:11:36+00:00

Bob Van Landuyt
bob@vanlanduyt.co

2017-12-11T14:21:06+00:00

148816cd67a314f17e79c107270cc708501bdd39












use Gitlab::UserSettings directly as a singleton instead of including/extending it
2018-02-02T18:39:55+00:00

Mario de la Ossa
mdelaossa@gitlab.com

2018-02-02T18:39:55+00:00

eaada9d7066a20b5af815f723e09cde60a5c8c10












Return a blank JSON response for a missing .js file to prevent Rails CSRF errors
2018-01-24T06:24:30+00:00

Stan Hu
stanhu@gmail.com

2018-01-24T06:02:33+00:00

79a829a0372a974bb3d40e66ca3fdc213200db40

The default 404 handler would return the Content-Type format based on the
given format extension. This would cause the Rails CSRF protection to flag an
error, since the .js extension gets mapped to text/javascript format.

Closes #40771





The default 404 handler would return the Content-Type format based on the
given format extension. This would cause the Rails CSRF protection to flag an
error, since the .js extension gets mapped to text/javascript format.

Closes #40771