delta/gitlab/gitlab-ce.git/spec/controllers/graphql_controller_spec.rb, branch tracking-performance gitlab.com: gitlab-org/gitlab-ce.git Propagate argument errors as execution errors 2019-07-30T15:12:24+00:00 Alex Kalderimis alex.kalderimis@gmail.com 2019-07-29T18:36:35+00:00 8a1fc36e1d3df359c7ab87a5d3b40cf35b2a8604 






Add API access check to Graphql
2019-03-27T14:59:02+00:00

Felipe Artur
fcardozo@gitlab.com

2019-03-27T14:59:02+00:00

73b553a42a1dec7bd38e0aeeb5514c2a566a98c9

Check if user can access API on GraphqlController





Check if user can access API on GraphqlController







Allow GraphQL requests without CSRF token
2019-03-06T14:38:00+00:00

Bob Van Landuyt
bob@vanlanduyt.co

2019-03-03T12:53:03+00:00

b623932eb303921a721244c707f145e1baf29da0

With this we allow authentication using a session or using personal
access token.

Authentication using a session, and CSRF token makes it easy to play
with GraphQL from the Graphiql endpoint we expose.

But we cannot enforce CSRF validity, otherwise authentication for
regular API clients would fail when they use personal access tokens to
authenticate.





With this we allow authentication using a session or using personal
access token.

Authentication using a session, and CSRF token makes it easy to play
with GraphQL from the Graphiql endpoint we expose.

But we cannot enforce CSRF validity, otherwise authentication for
regular API clients would fail when they use personal access tokens to
authenticate.







Update specs to rails5 format
2018-12-18T23:04:31+00:00

blackst0ne
blackst0ne.ru@gmail.com

2018-12-17T22:52:17+00:00

b44a2c801a64fb282cea794871fcfcf81e4ec539

Updates specs to use new rails5 format.

The old format:
`get :show, { some: params }, { some: headers }`

The new format:
`get :show, params: { some: params }, headers: { some: headers }`





Updates specs to use new rails5 format.

The old format:
`get :show, { some: params }, { some: headers }`

The new format:
`get :show, params: { some: params }, headers: { some: headers }`







Merge branch 'security-fix-pat-web-access' into 'master'
2018-11-29T00:13:59+00:00

Cindy Pallares
cindy@gitlab.com

2018-11-28T19:06:02+00:00

fe5f75930e781ef854b458fafa307ebb90a8ed2e

[master] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request"

See merge request gitlab/gitlabhq!2583




[master] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request"

See merge request gitlab/gitlabhq!2583






Handle exceptions outside the GraphQL schema
2018-06-05T18:47:42+00:00

Bob Van Landuyt
bob@vanlanduyt.co

2018-05-21T11:42:07+00:00

c443133e779c4c508b9c6429dd4ba623d64f03f1

This allows us to report JSON parse exceptions to clients and ignore
them in sentry.





This allows us to report JSON parse exceptions to clients and ignore
them in sentry.







Add a minimal GraphQL API
2018-06-05T18:47:42+00:00

Nick Thomas
nick@gitlab.com

2017-08-16T13:04:41+00:00

9c6c17cbcdb8bf8185fc1b873dcfd08f723e4df5