summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Fix Rubocop offensefix-static-analysisRémy Coutable2017-07-051-2/+2
| | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* Merge branch 'gitignore-.rspec' into 'master'Robert Speicher2017-07-052-2/+1
|\ | | | | | | | | Allow developers to have custom rspec output settings See merge request !12553
| * Allow developers to have custom rspec output settingsJacob Vosmaer2017-06-302-2/+1
| |
* | Merge branch 'enable-a-few-rubocop-rspec-cops' into 'master'Robert Speicher2017-07-055-20/+20
|\ \ | | | | | | | | | | | | Disable RSpec/BeforeAfterAll and enable RSpec/ImplicitExpect cops See merge request !12562
| * | Disable RSpec/BeforeAfterAll and enable RSpec/ImplicitExpect copsenable-a-few-rubocop-rspec-copsRémy Coutable2017-06-305-20/+20
| | | | | | | | | | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* | | Merge branch 'dm-project-path-helpers-try-2' into 'master'Sean McGivern2017-07-05669-2404/+2185
|\ \ \ | | | | | | | | | | | | | | | | Create and use project path helpers that only need a project, no namespace See merge request !12566
| * | | Add ProjectPathHelper copDouwe Maan2017-07-053-0/+93
| | | |
| * | | Create and use project path helpers that only need a project, no namespaceDouwe Maan2017-07-05666-2404/+2092
| | | |
* | | | Merge CHANGELOG.md updates from 9.3.5James Edwards-Jones2017-07-056-21/+8
|\ \ \ \
| * | | | Update CHANGELOG.md for 9.3.5James Edwards-Jones2017-07-056-21/+8
| | | | | | | | | | | | | | | [ci skip]
* | | | | Merge branch 'remove-more-iifes' into 'master'Clement Ho2017-07-0515-785/+763
|\ \ \ \ \ | |/ / / / |/| | | | | | | | | | | | | | Remove IIFEs around several javascript classes See merge request !12581
| * | | | Remove IIFEs around several javascript classesMike Greiling2017-07-0515-785/+763
|/ / / /
* | | | Merge branch 'sh-disable-flipper-midddlware-tests' into 'master'Rémy Coutable2017-07-051-2/+4
|\ \ \ \ | |/ / / |/| | | | | | | | | | | | | | | | | | | Disable Flipper memoizer in tests to avoid transient failures Closes #34278 See merge request !12656
| * | | Disable Flipper memoizer in tests to avoid transient failuressh-disable-flipper-midddlware-testsStan Hu2017-07-051-2/+4
| | | | | | | | | | | | | | | | Closes #34278
* | | | Merge branch 'environments-realtime' into 'master'Phil Hughes2017-07-054-34/+45
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | Handles realtime with 2 states for environments table See merge request !12634
| * | | | Handles realtime with 2 states for environments tableFilipa Lacerda2017-07-054-34/+45
|/ / / /
* | | | Merge branch 'revert-6df61942' into 'master'Douwe Maan2017-07-0512-258/+4
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | Revert "Merge branch '18000-remember-me-for-oauth-login' into 'master'" See merge request !12660
| * | | | Revert "Merge branch '18000-remember-me-for-oauth-login' into 'master'"revert-6df61942Sean McGivern2017-07-0512-258/+4
| | | | | | | | | | | | | | | This reverts merge request !11963
* | | | | Merge branch '34578-sidebar-padding' into 'master'Phil Hughes2017-07-053-2/+9
|\ \ \ \ \ | |/ / / / |/| | | | | | | | | | | | | | | | | | | | | | | | fix sidebar padding for full-width items (Time Tracking help) Closes #34578 See merge request !12650
| * | | | fix sidebar padding for full-width items (Time Tracking help)34578-sidebar-paddingSimon Knox2017-07-053-2/+9
| |/ / /
* | | | Merge branch '23036-replace-snippets-spinach' into 'master'Rémy Coutable2017-07-0511-207/+57
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | Replace 'snippets/snippets.feature' spinach with rspec See merge request !12385
| * | | | Replace 'snippets/snippets.feature' spinach with rspecAlexander Randa2017-07-0511-207/+57
| | | | |
* | | | | Merge branch '32838-admin-panel-spacing' into 'master'Annabel Dunstone Gray2017-07-053-161/+179
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 32838 Add wells to admin dashboard overview to fix spacing problems Closes #32838 See merge request !12467
| * | | | | 32838 Add wells to admin dashboard overview to fix spacing problems32838-admin-panel-spacingtauriedavis2017-06-283-161/+179
| | | | | |
* | | | | | Merge branch '33580-fix-api-scoping' into 'master'Douwe Maan2017-07-0515-41/+291
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix API Scoping Closes #33580 and #33022 See merge request !12300
| * | | | | | Fix build for !12300.Timothy Andrew2017-07-051-14/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - The `/users` and `/users/:id` APIs are now accessible without authentication (!12445), and so scopes are not relevant for these endpoints. - Previously, we were testing our scope declaration against these two methods. This commit moves these tests to other `GET` user endpoints which still require authentication.
| * | | | | | Merge branch 'master' into '33580-fix-api-scoping'Douwe Maan2017-07-04522-5990/+16017
| |\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | # Conflicts: # lib/api/users.rb
| * | | | | | | `AccessTokenValidationService` accepts `String` or `API::Scope` scopes.Timothy Andrew2017-06-304-9/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - There's no need to use `API::Scope` for scopes that don't have `if` conditions, such as in `lib/gitlab/auth.rb`.
| * | | | | | | Extract a `Gitlab::Scope` class.Timothy Andrew2017-06-295-24/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - To represent an authorization scope, such as `api` or `read_user` - This is a better abstraction than the hash we were previously using.
| * | | | | | | Implement review comments from @DouweM for !12300.Timothy Andrew2017-06-284-14/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Use a struct for scopes, so we can call `scope.if` instead of `scope[:if]` - Refactor the "remove scopes whose :if condition returns false" logic to use a `select` rather than a `reject`.
| * | | | | | | Implement review comments from @dbalexandre for !12300.Timothy Andrew2017-06-283-22/+18
| | | | | | | |
| * | | | | | | Fix remaining spec failures for !12300.Timothy Andrew2017-06-286-16/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1. Get the spec for `lib/gitlab/auth.rb` passing. - Make the `request` argument to `AccessTokenValidationService` optional - `auth.rb` doesn't need to pass in a request. - Pass in scopes in the format `[{ name: 'api' }]` rather than `['api']`, which is what `AccessTokenValidationService` now expects. 2. Get the spec for `API::V3::Users` passing 2. Get the spec for `AccessTokenValidationService` passing
| * | | | | | | Add CHANGELOG entry for CE MR 12300Timothy Andrew2017-06-281-0/+4
| | | | | | | |
| * | | | | | | Test OAuth token scope verification in the `API::Users` endpointTimothy Andrew2017-06-283-14/+71
| | | | | | | |
| * | | | | | | When verifying scopes, manually include scopes from `API::API`.Timothy Andrew2017-06-282-10/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - They are not included automatically since `API::Users` does not inherit from `API::API`, as I initially assumed. - Scopes declared in `API::API` are considered global (to the API), and need to be included in all cases.
| * | | | | | | Test `/users` endpoints for the `read_user` scope.Timothy Andrew2017-06-284-34/+78
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Test `GET` endpoints to check that the scope is allowed. - Test `POST` endpoints to check that the scope is disallowed. - Test both `v3` and `v4` endpoints.
| * | | | | | | Allow API scope declarations to be applied conditionally.Timothy Andrew2017-06-286-16/+54
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Scope declarations of the form: allow_access_with_scope :read_user, if: -> (request) { request.get? } will only apply for `GET` requests - Add a negative test to a `POST` endpoint in the `users` API to test this. Also test for this case in the `AccessTokenValidationService` unit tests.
| * | | | | | | Initial attempt at refactoring API scope declarations.Timothy Andrew2017-06-288-20/+63
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Declaring an endpoint's scopes in a `before` block has proved to be unreliable. For example, if we're accessing the `API::Users` endpoint - code in a `before` block in `API::API` wouldn't be able to see the scopes set in `API::Users` since the `API::API` `before` block runs first. - This commit moves these declarations to the class level, since they don't need to change once set.
* | | | | | | | Merge branch '18000-remember-me-for-oauth-login' into 'master'Sean McGivern2017-07-0512-4/+258
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Honor the "Remember me" parameter for OAuth-based login Closes #18000 See merge request !11963
| * | | | | | | | Add Jasmine tests for `OAuthRememberMe`Timothy Andrew2017-07-042-0/+31
| | | | | | | | |
| * | | | | | | | Fix build for !11963.Timothy Andrew2017-07-033-24/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Don't use `request.env['omniauth.params']` if it isn't present. - Remove the `saml` section from the `gitlab.yml` test section. Some tests depend on this section not being initially present, so it can be overridden in the test. This MR doesn't add any tests for SAML, so we didn't really need this in the first place anyway. - Clean up the test -> omniauth section of `gitlab.yml`
| * | | | | | | | Implement review comments for !11963 from @filipa.Timothy Andrew2017-07-032-4/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Disable an ESLint check rather than work around it (by converting `OAuthRememberMe` from a regular class to a static class. - Scope `$` calls inside `OAuthRememberMe`
| * | | | | | | | Implement review comments for !11963 from @adamniedzielski.Timothy Andrew2017-07-035-19/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Change double quotes to single quotes. - Why is `OmniAuth.config.full_host` being reassigned in the integration test? - Use `map` over `map!` to avoid `dup` in the `gitlab:info` rake task - Other minor changes
| * | | | | | | | Don't allow the `gitlab:env:info` rake task to mutate the list of omniauth ↵Timothy Andrew2017-07-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | providers. - The test for `rake gitlab:env:info` executed the rake task, which mutated the list of omniauth providers, breaking subsequent tests relying on this list. - I've changed the rake task to duplicate the providers list before modifying it.
| * | | | | | | | Add CHANGELOG entry for CE MR 11963Timothy Andrew2017-07-031-0/+4
| | | | | | | | |
| * | | | | | | | Get ESLint spec passing for the `OAuthRememberMe` class.Timothy Andrew2017-07-031-6/+6
| | | | | | | | |
| * | | | | | | | Add Omniauth OAuth config to the test section of `gitlab.yml`Timothy Andrew2017-07-032-51/+67
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - I tried to get this to work by stubbing out portions of the config within the test. This didn't work as expected because Devise/Omniauth loaded before the stub could run, and the stubbed config was ignored. - I attempted to fix this by reloading Devise/Omniauth after stubbing the config. This successfully got Devise to load the stubbed providers, but failed while trying to access a route such as `user_gitlab_omniauth_authorize_path`. - I spent a while trying to figure this out (even trying `Rails.application.reload_routes!`), but nothing seemed to work. - I settled for adding this config directly to `gitlab.yml` rather than go down this path any further.
| * | | | | | | | Add more providers to the OAuth login integration tests.Timothy Andrew2017-07-031-2/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Added saml, authentiq, cas3, and auth0 - Crowd seems to be a special case that will be handled separately.
| * | | | | | | | Move OAuth "remember me" javascript logic into a class.Timothy Andrew2017-07-033-14/+33
| | | | | | | | |
| * | | | | | | | Test the "Remember Me" flow for OAuth-based login.Timothy Andrew2017-07-033-3/+68
| | | | | | | | |
View Lorry Controller Status