delta/gitlab/gitlab-ce.git/lib/api/session.rb, branch docs/update-create-mr gitlab.com: gitlab-org/gitlab-ce.git Don't display the `is_admin?` flag for user API responses. 2017-04-25T09:46:05+00:00 Timothy Andrew mail@timothyandrew.net 2017-04-21T09:47:58+00:00 34b71e734b0b01dd28e18be4728f93fbd4d1a561 - To prevent an attacker from enumerating the `/users` API to get a list of all the admins. - Display the `is_admin?` flag wherever we display the `private_token` - at the moment, there are two instances: - When an admin uses `sudo` to view the `/user` endpoint - When logging in using the `/session` endpoint 
- To prevent an attacker from enumerating the `/users` API to get a list of all
  the admins.

- Display the `is_admin?` flag wherever we display the `private_token` - at the
  moment, there are two instances:

  - When an admin uses `sudo` to view the `/user` endpoint
  - When logging in using the `/session` endpoint
adds impersonator variable and makes sudo usage overall more clear 2016-12-07T14:42:51+00:00 tiagonbotelho tiagonbotelho@hotmail.com 2016-11-21T12:59:37+00:00 3ed96afc47c481db4f8c0a6581602abaee920808 






Grapify the session API
2016-11-09T16:36:35+00:00

Robert Schilling
rschilling@student.tugraz.at

2016-11-09T16:36:35+00:00

603ebe55f0232f16b5f1db95d2962a4cf5cdcc1b












Small refactor and syntax fixes.
2016-08-18T21:47:26+00:00

Patricio Cano
suprnova32@gmail.com

2016-08-17T22:39:20+00:00

a4137411c62d093a55dc171665dc90325182bb04












Added checks for 2FA to the API `/sessions` endpoint and the Resource Owner Password Credentials flow.
2016-08-18T21:47:26+00:00

Patricio Cano
suprnova32@gmail.com

2016-08-12T21:16:12+00:00

e2f9c87600e34a415d43c981e0182094b123771f












Improve Gitlab::Auth method names
2016-06-10T12:51:16+00:00

Jacob Vosmaer
jacob@gitlab.com

2016-06-10T12:51:16+00:00

0e896ffe4eebb8bcf04bc1327d498bb041faed56

Auth.find was a very generic name for a very specific method.
Auth.find_in_gitlab_or_ldap was inaccurate in GitLab EE where it also
looks in Kerberos.





Auth.find was a very generic name for a very specific method.
Auth.find_in_gitlab_or_ldap was inaccurate in GitLab EE where it also
looks in Kerberos.







Rename finder to find_in_gitlab_or_ldap
2016-06-02T11:42:18+00:00

Jacob Vosmaer
jacob@gitlab.com

2016-06-02T11:42:18+00:00

fea591e5c5796235d28eeec4d27759f87fa9d8e2












Use correct auth finder
2016-05-02T11:19:39+00:00

Jacob Vosmaer
contact@jacobvosmaer.nl

2016-05-02T11:19:39+00:00

d1f5019511a1dc630e97f99bdb1f6b9fe6b02bba












Make CI/Oauth/rate limiting reusable
2016-04-29T16:58:55+00:00

Jacob Vosmaer
contact@jacobvosmaer.nl

2016-04-29T16:58:55+00:00

b1ffc9f0fee16251899e5a2efbc78c4781ef4902












Add LDAP support to /api/session
2013-07-16T08:28:19+00:00

Dmitriy Zaporozhets
dmitriy.zaporozhets@gmail.com

2013-07-16T08:28:19+00:00

559e83d30004e0c41a30f4ce3463f695eb7e26a1