summaryrefslogtreecommitdiff
path: root/config/initializers
Commit message (Collapse)AuthorAgeFilesLines
* Merge commit 'dev/security' into 'master'Rémy Coutable2016-10-061-0/+2
|\ | | | | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
| * Don't send Private-Token headers to SentryJacob Vosmaer2016-10-041-0/+2
| | | | | | | | Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/22537
* | add configurable email subject suffixFu Xu2016-10-031-0/+1
| |
* | Merge branch 'initialize-redis' into 'master' Yorick Peterse2016-09-301-0/+3
|\ \ | | | | | | | | | | | | Initialize Redis pool in single-threaded context See merge request !6613
| * | Initialize Redis pool in single-threaded contextJacob Vosmaer2016-09-301-0/+3
| |/ | | | | | | This side-steps the need for mutexes and whatnot.
* | Use `Module#prepend` instead of `alias_method_chain`Andre Guedes2016-09-302-25/+27
| |
* | Update warn message for MySQL fixmrchrisw/mysql-connection-warnChris Wilson2016-09-281-1/+1
|/
* Gitlab::Checks is now instrumentedPaco Guzman2016-09-131-1/+2
| | | So we have a detailed view of what checks perform bad
* Merge branch 'rails-5-backports' into 'master' Robert Speicher2016-09-121-6/+2
|\ | | | | | | | | | | | | | | | | | | | | Fix two problematic bits of code that will be deprecated or broken in Rails 5. Found in the Rails 5 MR: !5555 These are safe to use in Rails 4.2.7 as well as Rails 5.0.0, so I figured I'd backport them for the sake of making that merge request smaller. The explanation for the mime_types.rb code is here: https://github.com/rails-api/active_model_serializers/issues/1027#issuecomment-126543577 See merge request !6214
| * No need for this variable.Connor Shea2016-09-121-6/+1
| |
| * Remove x-json mime_type, rename to json_mime_types.rails-5-backportsConnor Shea2016-09-111-3/+2
| |
| * Fix two problematic bits of code that will be deprecated or broken in Rails 5.Connor Shea2016-09-051-6/+8
| |
* | Merge branch 'gitlab-workhorse-safeties' into 'master' Jacob Vosmaer (GitLab)2016-09-091-0/+8
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Security and safety improvements for gitlab-workhorse integration Companion to https://gitlab.com/gitlab-org/gitlab-workhorse/merge_requests/60 - Use a custom content type when sending data to gitlab-workhorse - Verify (using JWT and a shared secret on disk) that internal API requests came from gitlab-workhorse This will allow us to build features in gitlab-workhorse that require more trust, and protect us against programming mistakes in the future. This is designed so that no action is required for installations from source. For omnibus-gitlab we need to add code that manages the shared secret. See merge request !5907
| * | Verify JWT messages from gitlab-workhorseJacob Vosmaer2016-09-051-0/+8
| |/
* | Limited amount of pruned Event rows per runOlaf Tomalka2016-09-071-1/+1
| | | | | | | | | | | | | | | | Old deployments of Gitlab might have a big number of old events to be deleted. Such numbers cause the worker to timeout. I've limited the amount of rows that should be destroyed at once to 10000, and increased how often pruning shall take place to 4 times a day.
* | Added cron to prune events older than 12 months.Olaf Tomalka2016-09-071-0/+3
|/ | | | | | | | Since contribution calendar shows only 12 months of activity, events older than that time are not visible anywhere and can be safely pruned saving big amount of database storage. Fixes #21164
* Fix Sentry not reporting right program for Sidekiq workersfix-sidekiq-sentry-contextStan Hu2016-08-251-0/+1
| | | | | | | Moves program tag into the global configuration since this doesn't change and since Sidekiq workers get a unique context for each event. Closes #21410
* Remove gitoriouszj-remove-gitoriousZ.J. van de Weg2016-08-251-1/+1
|
* Revert the revert of Optimistic Lockingrevert_revert_issuable_lockValery Sizov2016-08-221-0/+57
|
* Fix cron job keyexpiration-date-on-membershipsDouwe Maan2016-08-191-3/+3
|
* Merge branch 'master' into expiration-date-on-membershipsDouwe Maan2016-08-181-1/+2
|\
| * Small refactor and syntax fixes.2fa-api-checkPatricio Cano2016-08-181-1/+1
| |
| * Removed unnecessary service for user retrieval and improved API error message.Patricio Cano2016-08-181-1/+2
| |
| * Added checks for 2FA to the API `/sessions` endpoint and the Resource Owner ↵Patricio Cano2016-08-181-1/+1
| | | | | | | | Password Credentials flow.
* | Allow project group links to be expiredSean McGivern2016-08-181-0/+3
| |
* | Merge branch 'master' into expiration-date-on-membershipsSean McGivern2016-08-1810-49/+102
|\ \ | |/
| * Instrument Project.visible_to_userYorick Peterse2016-08-121-0/+3
| | | | | | | | | | | | Because this method is a Rails scope we have to instrument it manually as regular the instrumentation methods only instrument methods defined directly on a Class or Module.
| * Merge branch 'remove-grack-lfs' into 'master' Rémy Coutable2016-08-112-3/+7
| |\ | | | | | | | | | | | | | | | | | | | | | | | | Remove Grack::Auth: part 2 (LFS) Deprecate Grack::Auth and handle LFS in Rails controllers under the Project namespace. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/14501 See merge request !5369
| | * Merge branch 'master' of https://gitlab.com/gitlab-org/gitlab-ce into ↵Jacob Vosmaer2016-08-097-6/+37
| | |\ | | | | | | | | | | | | remove-grack-lfs
| | * | Handle custom Git LFS content typeJacob Vosmaer2016-07-221-0/+7
| | | |
| | * | Remove obsolete codeJacob Vosmaer2016-07-221-3/+0
| | | |
| * | | Merge branch 'decouple-secret-keys' into 'master' Douwe Maan2016-08-101-33/+70
| |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Store OTP secret key in secrets.yml ## What does this MR do? Migrate the value of `.secret` to `config/secrets.yml` if present, so that `.secret` can be rotated without preventing all users with 2FA from logging in. (On a clean setup, generate different keys for each.) ## Are there points in the code the reviewer needs to double check? I'm not sure we actually need `.secret` at all after this, but it seems safer not to touch it. ## Why was this MR needed? We have some DB encryption keys in `config/secrets.yml`, and one in `.secret`. They should all be in the same place. ## What are the relevant issue numbers? #3963, which isn't closed until I make the relevant changes in Omnibus too. ## Does this MR meet the acceptance criteria? - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - [x] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - ~~API support added~~ - Tests - [x] Added for this feature/bug - [x] All builds are passing - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) See merge request !5274
| | * | | Ignore Rails/Exit cop in initializerSean McGivern2016-08-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | We do not want to proceed with loading the app in this case, as it could lose a secret needed to decrypt values in the database.
| | * | | Clarify intentions of secret token initializerSean McGivern2016-08-031-35/+55
| | | | |
| | * | | Give priority to environment variablesSean McGivern2016-08-031-4/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If an environment variable exists for secret_key_base, use that - always. But don't save it to secrets.yml. Also ensure that we never write to secrets.yml if there's a non-blank value there.
| | * | | Store all secret keys in secrets.ymlSean McGivern2016-08-031-24/+16
| | | | | | | | | | | | | | | | | | | | | | | | | Move the last secret from .secret to config/secrets.yml, and delete .secret if it exists.
| | * | | Store OTP secret key in secrets.ymlSean McGivern2016-08-031-36/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | .secret stores the secret token used for both encrypting login cookies and for encrypting stored OTP secrets. We can't rotate this, because that would invalidate all existing OTP secrets. If the secret token is present in the .secret file or an environment variable, save it as otp_key_base in secrets.yml. Now .secret can be rotated without invalidating OTP secrets. If the secret token isn't present (initial setup), then just generate a separate otp_key_base and save in secrets.yml. Update the docs to reflect that secrets.yml needs to be retained past upgrades, but .secret doesn't.
| * | | | Merge branch 'brodock/gitlab-ce-feature/redis-sentinel'Douwe Maan2016-08-092-10/+8
| |\ \ \ \ | | |_|_|/ | |/| | | | | | | | | | | | | # Conflicts: # lib/gitlab/redis.rb
| | * | | Make sidekiq get config settings from Gitlab::RedisConfigGabriel Mazetto2016-08-041-8/+6
| | | | |
| | * | | Deduplicated resque.yml loading from several placesGabriel Mazetto2016-08-041-2/+2
| | | | | | | | | | | | | | | | | | | | We will trust redis configuration params loading to Gitlab::RedisConfig.
| * | | | Update to send changed password notification emailsTom Bell2016-08-051-0/+3
| |/ / / | | | | | | | | | | | | | | | | Add the devise initializer config setting to enable the sending of notification emails when a user changes their password.
| * | | Merge branch 'fix/ha-mode-import-issue' into 'master' Rémy Coutable2016-08-041-3/+3
| |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix Import/Export not working in HA mode Use a shared path instead of `Tempfile` default `/tmp` so the import file is accessible by any GitLab instance. Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/20506 - [x] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added - Tests - [x] All builds are passing - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if you do - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) See merge request !5618
| | * | | using shared path for project import uploads and refactored gitlab remove ↵James Lopez2016-08-041-3/+3
| | | | | | | | | | | | | | | | | | | | export worker
| * | | | Instrument Gitlab::Highlightinstrument-gitlab-highlightYorick Peterse2016-08-031-0/+3
| | |/ / | |/| | | | | | | | | | | | | | This class does quite a few interesting things so let's instrument it so we can see how much time is being spent in this class.
| * | | Instrument the Repository classinstrument-repository-classYorick Peterse2016-08-021-0/+1
| |/ / | | | | | | | | | | | | Since this isn't an ActiveRecord::Base descendant it wasn't instrumented.
| * | Fix RequestProfiler::Middleware error when code is reloaded in developmentfix/request-profiler-middleware-error-on-reloadAhmad Sherif2016-08-011-0/+2
| | | | | | | | | | | | Closes #20452
| * | Ignore invalid IPs in X-Forwarded-For when trusted proxies are configured.lookatmike2016-07-311-0/+2
| | |
* | | Add worker which removes expired members.Adam Niedzielski2016-08-041-0/+3
|/ /
* | Merge branch '20124-disable-repository-validation-during-precompile-step' ↵Stan Hu2016-07-271-1/+1
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | into 'master' Add ENV variable to skip repository storages validations Closes #20124 See merge request !5478
| * | Add ENV variable to skip repository storages validations20124-disable-repository-validation-during-precompile-stepAlejandro Rodríguez2016-07-251-1/+1
| | |
View Lorry Controller Status