delta/gitlab/gitlab-ce.git/app/controllers/google_api, branch frozen_string_lib_2

Validate session key when authorizing with GCP to create a cluster

2019-02-19T06:21:08+00:00

It was previously possible to link a GCP account to another
user's GitLab account by having them visit the callback URL,
as there was no check that they were the initiator of the
request.

We now reject the callback unless the state parameter
matches the one added to the initiating user's session.

Enable more frozen string in app/controllers/

2018-09-23T19:48:02+00:00

Enables frozen string for the following:

* app/controllers/dashboard/**/*.rb
* app/controllers/explore/**/*.rb
* app/controllers/google_api/**/*.rb
* app/controllers/groups/**/*.rb
* app/controllers/import/**/*.rb
* app/controllers/instance_statistics/**/*.rb
* app/controllers/ldap/**/*.rb
* app/controllers/oauth/**/*.rb
* app/controllers/profiles/**/*.rb

Partially addresses #47424.

Improve redirect uri state and fix all remaining tests

2017-10-06T14:14:14+00:00

Security fix: redirection in google_api/authorizations_controller

2017-10-06T12:28:40+00:00

Change `/google_api/authorizations/` to `/google_api/auth/`.

2017-10-05T15:44:11+00:00

authorizations_controller_spec. cluster_policy_spec.

2017-10-05T12:29:22+00:00

Use expires_in for access_token validation

2017-10-02T08:13:46+00:00

Replace reactive_cache by multipel sidekiq workers

2017-09-30T15:54:22+00:00

Databse foreing key, index, encrypt password. Use short path. Improve error handling. Polish.

2017-09-28T15:08:11+00:00

ok

2017-09-25T17:11:26+00:00