delta/gitlab/gitlab-ce.git/config/initializers/devise.rb, branch commit-description-border gitlab.com: gitlab-org/gitlab-ce.git Merge branch 'fix-shibboleth-auth-with-no-uid' into 'master' 2016-11-16T17:28:56+00:00 Rémy Coutable remy@rymai.me 2016-11-16T17:28:56+00:00 d1afb845b16b2a252f03e173fcdb0afa572c013a fix shibboleth misconfigurations resulting in authentication bypass This merge request fixes #22267 where a misconfigured Shibboleth `HTTP_UID` or `HTTP_EPPN` could result in users being logged into an account that did not belong to them. See merge request !7428 

fix shibboleth misconfigurations resulting in authentication bypass

This merge request fixes #22267 where a misconfigured Shibboleth `HTTP_UID` or `HTTP_EPPN` could result in users being logged into an account that did not belong to them.

See merge request !7428
 fix shibboleth misconfigurations resulting in authentication bypass 2016-11-14T22:10:20+00:00 Brian Neel brian@gitlab.com 2016-11-11T01:14:54+00:00 067da6224ef2cc53ae4ac38e3f3d1c99d1a97f96 






Centralize LDAP config/filter logic
2016-11-11T21:58:33+00:00

Drew Blessing
drew@gitlab.com

2016-11-11T20:44:08+00:00

c50b98da723dab9a35ddb2cde0258d141cf92495

Centralize all LDAP config logic in `GitLab::LDAP::Config`. Previously,
some logic was in the Devise initializer and it was not honoring the
`user_filter`. If a user outside the configured `user_filter` signed
in, an account would be created but they would then be denied access.
Now that logic is centralized, the filter is honored and users outside
the filter are never created.





Centralize all LDAP config logic in `GitLab::LDAP::Config`. Previously,
some logic was in the Devise initializer and it was not honoring the
`user_filter`. If a user outside the configured `user_filter` signed
in, an account would be created but they would then be denied access.
Now that logic is centralized, the filter is honored and users outside
the filter are never created.







Update to send changed password notification emails
2016-08-05T18:27:36+00:00

Tom Bell
tomb@tomb.io

2016-08-03T19:30:49+00:00

8720a6e4ef47675f5778b140b6b56615f808aff4

Add the devise initializer config setting to enable the sending of notification
emails when a user changes their password.





Add the devise initializer config setting to enable the sending of notification
emails when a user changes their password.







Enable Style/SpaceAfterComma Rubocop cop
2016-06-29T13:23:44+00:00

Grzegorz Bizon
grzesiek.bizon@gmail.com

2016-06-29T13:23:44+00:00

28bafd5354427d27cabe40966bd069a75984e2b1












Codestyle: make sure we have space around operators
2016-05-13T07:46:56+00:00

Gabriel Mazetto
gabriel@gitlab.com

2016-05-11T02:58:06+00:00

f5a0ac0fc197bae2eb5fe1045ed237cdbbaf6ea4












Use a custom Devise failure app to handle unauthenticated .zip requests
2016-03-09T04:49:30+00:00

Robert Speicher
rspeicher@gmail.com

2016-02-16T02:17:20+00:00

5844a21a0acae08a19fa82984dcc0feb1b8777c5

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/12944





Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/12944







Merge branch 'add_email_unlock' into 'master'

2015-12-21T17:53:20+00:00

Robert Speicher
robert@gitlab.com

2015-12-21T17:53:20+00:00

9570495e75f90d1011531753dd41f0c06e8fcf99


Allow account unlock via email

We see a lot of users get confused about what it means when your account gets
locked. Many try to reset their password and are still faced with a lockout.
With this change, users receive an email that allows them to unlock their
account immediately. The previous behavior where the account is auto-unlocked
after a time also still works.

See merge request !2049





Allow account unlock via email

We see a lot of users get confused about what it means when your account gets
locked. Many try to reset their password and are still faced with a lockout.
With this change, users receive an email that allows them to unlock their
account immediately. The previous behavior where the account is auto-unlocked
after a time also still works.

See merge request !2049






add CAS authentication support
2015-12-15T03:43:41+00:00

tduehr
tduehr@gmail.com

2015-11-12T04:25:31+00:00

8e3f1fa629a61741282214b293c1bc9438aada59












Allow account unlock via email
2015-12-14T21:35:02+00:00

Drew Blessing
drew@gitlab.com

2015-12-14T21:34:46+00:00

be41d84fb078667694ecbf5f2729175fbf8b0343