diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-10-23 15:08:42 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-10-23 15:08:42 +0000 |
| commit | 9086e66ee72527839053ec6db19ed321a3b3a61b (patch) | |
| tree | f2904493d8539228823f15cf4126eb8c4ffa79e3 /doc/api | |
| parent | b17c74a7e2cf516ed189e525291cb096411b7ac5 (diff) | |
| download | gitlab-ce-9086e66ee72527839053ec6db19ed321a3b3a61b.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/api')
| -rw-r--r-- | doc/api/graphql/reference/gitlab_schema.graphql | 79 | ||||
| -rw-r--r-- | doc/api/graphql/reference/gitlab_schema.json | 220 | ||||
| -rw-r--r-- | doc/api/graphql/reference/index.md | 18 | ||||
| -rw-r--r-- | doc/api/oauth2.md | 31 |
4 files changed, 336 insertions, 12 deletions
diff --git a/doc/api/graphql/reference/gitlab_schema.graphql b/doc/api/graphql/reference/gitlab_schema.graphql index ff2bdd8b7b3..8c9d8713b27 100644 --- a/doc/api/graphql/reference/gitlab_schema.graphql +++ b/doc/api/graphql/reference/gitlab_schema.graphql @@ -4570,6 +4570,78 @@ Identifier of DastSiteToken scalar DastSiteTokenID """ +Autogenerated input type of DastSiteValidationCreate +""" +input DastSiteValidationCreateInput { + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + ID of the site token. + """ + dastSiteTokenId: DastSiteTokenID! + + """ + The project the site profile belongs to. + """ + fullPath: ID! + + """ + The validation strategy to be used. + """ + strategy: DastSiteValidationStrategyEnum + + """ + The path to be requested during validation. + """ + validationPath: String! +} + +""" +Autogenerated return type of DastSiteValidationCreate +""" +type DastSiteValidationCreatePayload { + """ + A unique identifier for the client performing the mutation. + """ + clientMutationId: String + + """ + Errors encountered during execution of the mutation. + """ + errors: [String!]! + + """ + ID of the site validation. + """ + id: DastSiteValidationID + + """ + The current validation status. + """ + status: DastSiteProfileValidationStatusEnum +} + +""" +Identifier of DastSiteValidation +""" +scalar DastSiteValidationID + +enum DastSiteValidationStrategyEnum { + """ + Header validation + """ + HEADER + + """ + Text file validation + """ + TEXT_FILE +} + +""" Date represented in ISO 8601 """ scalar Date @@ -12377,6 +12449,7 @@ type Mutation { dastSiteProfileDelete(input: DastSiteProfileDeleteInput!): DastSiteProfileDeletePayload dastSiteProfileUpdate(input: DastSiteProfileUpdateInput!): DastSiteProfileUpdatePayload dastSiteTokenCreate(input: DastSiteTokenCreateInput!): DastSiteTokenCreatePayload + dastSiteValidationCreate(input: DastSiteValidationCreateInput!): DastSiteValidationCreatePayload deleteAnnotation(input: DeleteAnnotationInput!): DeleteAnnotationPayload designManagementDelete(input: DesignManagementDeleteInput!): DesignManagementDeletePayload designManagementMove(input: DesignManagementMoveInput!): DesignManagementMovePayload @@ -13512,7 +13585,7 @@ type Project { iid: String """ - Search criteria for filtering alerts. This will search on title, description, service, monitoring_tool. + Search query for title, description, service, or monitoring_tool. """ search: String @@ -13537,7 +13610,7 @@ type Project { assigneeUsername: String """ - Search criteria for filtering alerts. This will search on title, description, service, monitoring_tool. + Search query for title, description, service, or monitoring_tool. """ search: String ): AlertManagementAlertStatusCountsType @@ -13577,7 +13650,7 @@ type Project { last: Int """ - Search criteria for filtering alerts. This will search on title, description, service, monitoring_tool. + Search query for title, description, service, or monitoring_tool. """ search: String diff --git a/doc/api/graphql/reference/gitlab_schema.json b/doc/api/graphql/reference/gitlab_schema.json index eb421067668..387463595ee 100644 --- a/doc/api/graphql/reference/gitlab_schema.json +++ b/doc/api/graphql/reference/gitlab_schema.json @@ -12361,6 +12361,193 @@ "possibleTypes": null }, { + "kind": "INPUT_OBJECT", + "name": "DastSiteValidationCreateInput", + "description": "Autogenerated input type of DastSiteValidationCreate", + "fields": null, + "inputFields": [ + { + "name": "fullPath", + "description": "The project the site profile belongs to.", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "SCALAR", + "name": "ID", + "ofType": null + } + }, + "defaultValue": null + }, + { + "name": "dastSiteTokenId", + "description": "ID of the site token.", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "SCALAR", + "name": "DastSiteTokenID", + "ofType": null + } + }, + "defaultValue": null + }, + { + "name": "validationPath", + "description": "The path to be requested during validation.", + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "SCALAR", + "name": "String", + "ofType": null + } + }, + "defaultValue": null + }, + { + "name": "strategy", + "description": "The validation strategy to be used.", + "type": { + "kind": "ENUM", + "name": "DastSiteValidationStrategyEnum", + "ofType": null + }, + "defaultValue": null + }, + { + "name": "clientMutationId", + "description": "A unique identifier for the client performing the mutation.", + "type": { + "kind": "SCALAR", + "name": "String", + "ofType": null + }, + "defaultValue": null + } + ], + "interfaces": null, + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "OBJECT", + "name": "DastSiteValidationCreatePayload", + "description": "Autogenerated return type of DastSiteValidationCreate", + "fields": [ + { + "name": "clientMutationId", + "description": "A unique identifier for the client performing the mutation.", + "args": [ + + ], + "type": { + "kind": "SCALAR", + "name": "String", + "ofType": null + }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "errors", + "description": "Errors encountered during execution of the mutation.", + "args": [ + + ], + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "LIST", + "name": null, + "ofType": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "SCALAR", + "name": "String", + "ofType": null + } + } + } + }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "id", + "description": "ID of the site validation.", + "args": [ + + ], + "type": { + "kind": "SCALAR", + "name": "DastSiteValidationID", + "ofType": null + }, + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "status", + "description": "The current validation status.", + "args": [ + + ], + "type": { + "kind": "ENUM", + "name": "DastSiteProfileValidationStatusEnum", + "ofType": null + }, + "isDeprecated": false, + "deprecationReason": null + } + ], + "inputFields": null, + "interfaces": [ + + ], + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "SCALAR", + "name": "DastSiteValidationID", + "description": "Identifier of DastSiteValidation", + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": null, + "possibleTypes": null + }, + { + "kind": "ENUM", + "name": "DastSiteValidationStrategyEnum", + "description": null, + "fields": null, + "inputFields": null, + "interfaces": null, + "enumValues": [ + { + "name": "TEXT_FILE", + "description": "Text file validation", + "isDeprecated": false, + "deprecationReason": null + }, + { + "name": "HEADER", + "description": "Header validation", + "isDeprecated": false, + "deprecationReason": null + } + ], + "possibleTypes": null + }, + { "kind": "SCALAR", "name": "Date", "description": "Date represented in ISO 8601", @@ -34884,6 +35071,33 @@ "deprecationReason": null }, { + "name": "dastSiteValidationCreate", + "description": null, + "args": [ + { + "name": "input", + "description": null, + "type": { + "kind": "NON_NULL", + "name": null, + "ofType": { + "kind": "INPUT_OBJECT", + "name": "DastSiteValidationCreateInput", + "ofType": null + } + }, + "defaultValue": null + } + ], + "type": { + "kind": "OBJECT", + "name": "DastSiteValidationCreatePayload", + "ofType": null + }, + "isDeprecated": false, + "deprecationReason": null + }, + { "name": "deleteAnnotation", "description": null, "args": [ @@ -39769,7 +39983,7 @@ }, { "name": "search", - "description": "Search criteria for filtering alerts. This will search on title, description, service, monitoring_tool.", + "description": "Search query for title, description, service, or monitoring_tool.", "type": { "kind": "SCALAR", "name": "String", @@ -39802,7 +40016,7 @@ "args": [ { "name": "search", - "description": "Search criteria for filtering alerts. This will search on title, description, service, monitoring_tool.", + "description": "Search query for title, description, service, or monitoring_tool.", "type": { "kind": "SCALAR", "name": "String", @@ -39873,7 +40087,7 @@ }, { "name": "search", - "description": "Search criteria for filtering alerts. This will search on title, description, service, monitoring_tool.", + "description": "Search query for title, description, service, or monitoring_tool.", "type": { "kind": "SCALAR", "name": "String", diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md index 93bbcb18bf3..ee53ddac5d3 100644 --- a/doc/api/graphql/reference/index.md +++ b/doc/api/graphql/reference/index.md @@ -733,6 +733,17 @@ Autogenerated return type of DastSiteTokenCreate. | `status` | DastSiteProfileValidationStatusEnum | The current validation status of the target. | | `token` | String | Token string. | +### DastSiteValidationCreatePayload + +Autogenerated return type of DastSiteValidationCreate. + +| Field | Type | Description | +| ----- | ---- | ----------- | +| `clientMutationId` | String | A unique identifier for the client performing the mutation. | +| `errors` | String! => Array | Errors encountered during execution of the mutation. | +| `id` | DastSiteValidationID | ID of the site validation. | +| `status` | DastSiteProfileValidationStatusEnum | The current validation status. | + ### DeleteAnnotationPayload Autogenerated return type of DeleteAnnotation. @@ -3286,6 +3297,13 @@ Status of a container repository. | `PASSED_VALIDATION` | Site validation process finished successfully | | `PENDING_VALIDATION` | Site validation process has not started | +### DastSiteValidationStrategyEnum + +| Value | Description | +| ----- | ----------- | +| `HEADER` | Header validation | +| `TEXT_FILE` | Text file validation | + ### DesignCollectionCopyState Copy state of a DesignCollection. diff --git a/doc/api/oauth2.md b/doc/api/oauth2.md index 5fbb7913ff4..127d83b0730 100644 --- a/doc/api/oauth2.md +++ b/doc/api/oauth2.md @@ -1,3 +1,10 @@ +--- +type: reference, howto +stage: Manage +group: Access +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technica l-writing/#designated-technical-writers +--- + # GitLab as an OAuth2 provider This document covers using the [OAuth2](https://oauth.net/2/) protocol to allow @@ -28,12 +35,24 @@ During registration, by enabling proper scopes, you can limit the range of resources which the `application` can access. Upon creation, you'll obtain the `application` credentials: _Application ID_ and _Client Secret_ - **keep them secure**. -CAUTION: **Important:** -OAuth specification advises sending the `state` parameter with each request to -`/oauth/authorize`. We highly recommended sending a unique value with each request -and validate it against the one in the redirect request. This is important in -order to prevent [CSRF attacks](https://wiki.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)). -The `state` parameter really should have been a requirement in the standard! +### Prevent CSRF attacks + +To [protect redirect-based flows](https://tools.ietf.org/id/draft-ietf-oauth-security-topics-13.html#rec_redirect), +the OAuth specification recommends the use of "One-time use CSRF tokens carried in the state +parameter, which are securely bound to the user agent", with each request to the +`/oauth/authorize` endpoint. This can prevent +[CSRF attacks](https://wiki.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)). + +### Use HTTPS in production + +For production, please use HTTPS for your `redirect_uri`. +For development, GitLab allows insecure HTTP redirect URIs. + +As OAuth2 bases its security entirely on the transport layer, you should not use unprotected +URIs. For more information, see the [OAuth 2.0 RFC](https://tools.ietf.org/html/rfc6749#section-3.1.2.1) +and the [OAuth 2.0 Threat Model RFC](https://tools.ietf.org/html/rfc6819#section-4.4.2.1). +These factors are particularly important when using the +[Implicit grant flow](#implicit-grant-flow), where actual credentials are included in the `redirect_uri`. In the following sections you will find detailed instructions on how to obtain authorization with each flow. |