summaryrefslogtreecommitdiff
path: root/config
diff options
context:
space:
mode:
authorDouwe Maan <douwe@gitlab.com>2017-11-07 08:33:58 +0000
committerLin Jen-Shin <godfat@godfat.org>2017-11-10 16:26:53 +0800
commitab1f3b47a84b3d2944891216403b89042a8ab3a3 (patch)
tree11f0240c66d670916d0e793e6c653fe43b941a34 /config
parent304ceb144cca36dbcefcfb508b0dac220f76c9e1 (diff)
downloadgitlab-ce-ab1f3b47a84b3d2944891216403b89042a8ab3a3.tar.gz
Merge branch '32059-fix-oauth-phishing' into 'security-10-1'
Prevent OAuth phishing attack by presenting detailed wording about app to user during authorization See merge request gitlab/gitlabhq!2205
Diffstat (limited to 'config')
-rw-r--r--config/locales/doorkeeper.en.yml10
1 files changed, 9 insertions, 1 deletions
diff --git a/config/locales/doorkeeper.en.yml b/config/locales/doorkeeper.en.yml
index 0da6b14c29e..b1c71095d4f 100644
--- a/config/locales/doorkeeper.en.yml
+++ b/config/locales/doorkeeper.en.yml
@@ -62,7 +62,15 @@ en:
read_user: Read the authenticated user's personal information
openid: Authenticate using OpenID Connect
sudo: Perform API actions as any user in the system (if the authenticated user is an admin)
-
+ scope_desc:
+ api:
+ Full access to GitLab as the user, including read/write on all their groups and projects
+ read_user:
+ Read-only access to the user's profile information, like username, public email and full name
+ openid:
+ The ability to authenticate using GitLab, and read-only access to the user's profile information
+ sudo:
+ Access to the Sudo feature, to perform API actions as any user in the system (only available for admins)
flash:
applications:
create: