| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
By not triggering the callback:
- ActiveSession lookup keys are not cleaned
- Devise also misses its hook related to session cleanup
|
| |
|
|
|
|
| |
Closes #55564
This is first discovered in #54739 (comment 122609857) that if both if: and only:
are used in a before_action or after_action or alike, if: is completely ignored.
|
| | |
|
| | |
|
| |
|
|
|
| |
- Externalize strings in controllers
- Update PO file
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Enables frozen string for the following:
* app/controllers/*.rb
* app/controllers/admin/**/*.rb
* app/controllers/boards/**/*.rb
* app/controllers/ci/**/*.rb
* app/controllers/concerns/**/*.rb
Partially addresses #47424.
|
| |
|
|
|
| |
This whitelists all existing offenses for the various CodeReuse cops, of
which most are triggered by the CodeReuse/ActiveRecord cop.
|
| |\
| |
| |
| |
| |
| |
| | |
Add user authentication activity metrics
Closes #47789
See merge request gitlab-org/gitlab-ce!20668
|
| | | |
|
| |/
|
|
|
| |
We also try to unify the way we setup OmniAuth, and how we check
if it's enabled or not.
|
| | |
|
| | |
|
| |
|
|
|
| |
This will only be displayed if `X-GitLab-Show-Login-Captcha` is set as an HTTP
header.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
`InternalRedirect` prevents Open redirect issues by only allowing
redirection to paths on the same host.
It cleans up any unwanted strings from the path that could point to
another host (fe. //about.gitlab.com/hello). While preserving the
querystring and fragment of the uri.
It is already used by:
- `TermsController`
- `ContinueParams`
- `ImportsController`
- `ForksController`
- `SessionsController`: Only for verifying the host in CE. EE allows
redirecting to a different instance using Geo.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In GitLab EE, a GitLab instance can be read-only (e.g. when it's a Geo
secondary node). But in GitLab CE it also might be useful to have the
"read-only" idea around. So port it back to GitLab CE.
Also having the principle of read-only in GitLab CE would hopefully
lead to less errors introduced, doing write operations when there
aren't allowed for read-only calls.
Closes gitlab-org/gitlab-ce#37534.
|
| | |
|
| |\
| |
| |
| |
| | |
Improved file logging for authentication events
See merge request gitlab-org/gitlab-ce!9196
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
# This is the 1st commit message:
Add logging for all web authentication events
# This is the commit message #2:
Re-add underscore to after_inactive_sign_up_path_for
# This is the commit message #3:
Standardize on username=
# This is the commit message #4:
after_filter -> after_action, _resource -> resource
# This is the commit message #5:
Add two-factor login failures and account lockouts
# This is the commit message #6:
Move logging from two-factor concern to user model
# This is the commit message #7:
Add spaces around default parameter assignments
# This is the commit message #8:
Move logs out of user model
# This is the commit message #9:
Replace filtered_params with user_params
# This is the commit message #10:
Standardize case
# This is the commit message #1:
Fixes for username and AppLogger.info
|
| | | |
|
| |/ |
|
| |
|
|
|
| |
This avoids loading the `OmniAuthCallbacksController` at boot time so
it doesn't mess up the `before_action`-chain
|
| | |
|
| |
|
|
|
| |
Otherwise the token might be cleared before authentication is
done, causing the authentication itself to fail
|
| |\
| |
| |
| |
| |
| |
| | |
Update metric names to match Prometheus guidelines.
Closes #35031
See merge request !12812
|
| | | |
|
| |/
|
|
|
|
|
|
|
| |
When sign-in is disabled:
- skip password expiration checks
- prevent password reset requests
- don’t show Password tab in User Settings
- don’t allow login with username/password for Git over HTTP requests
- render 404 on requests to Profiles::PasswordsController
|
| | |
|
| | |
|
| | |
|
| | |
|
| |\
| |
| |
| |
| | |
Add Prometheus metrics endpoint and basic infrastructure to meter code
See merge request !11553
|
| | |
| |
| |
| |
| |
| |
| |
| | |
+ Use NullMetrics to mock metrics when unused
+ Use method_missing in NullMetrics mocking
+ Update prometheus gem to version that correctly uses transitive dependencies
+ Ensure correct folders are used in Multiprocess prometheus client tests.
+ rename Sessions controller's metric
|
| | |
| |
| |
| |
| | |
+ remove unecessarey require
+ fix small formatiing issues
|
| | |
| |
| |
| |
| |
| | |
Prometheus requires a trailing newline in its response.
+ cleanup
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is a step for #29118.
Add a single metric to count successful logins.
Summary types are not supported so remove Collector. Either
we need to support the summary type or we need to create a
multiprocess-friendly Collector.
Add config to load prometheus and set up the Collector and the
Exporter.
Fix `Gemfile` as current prometheus-client gemspec is missing the
`mmap2` dependency.
|
| |/
|
|
|
|
|
|
|
| |
This commit lets a user bypass the automatic signin on the login form,
in order to login with a technical (admin, etc) account
Closes #3786
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
| |
|
|
|
|
|
| |
migration
It uses a user activity table instead of a column in users.
Tested with mySQL and postgreSQL
|
| | |
|
| | |
|
| |
|
|
| |
This reverts commit cb10b725c8929b8b4460f89c9d96c773af39ba6b.
|
| | |
|
| | |
|
| | |
|
| | |
|
