summaryrefslogtreecommitdiff
path: root/lib/api/session.rb
Commit message (Collapse)AuthorAgeFilesLines
* Remove Session APIDouwe Maan2017-11-021-20/+0
|
* Don't display the `is_admin?` flag for user API responses.Timothy Andrew2017-04-251-2/+2
| | | | | | | | | | | - To prevent an attacker from enumerating the `/users` API to get a list of all the admins. - Display the `is_admin?` flag wherever we display the `private_token` - at the moment, there are two instances: - When an admin uses `sudo` to view the `/user` endpoint - When logging in using the `/session` endpoint
* adds impersonator variable and makes sudo usage overall more clear24537-reenable-private-token-with-sudotiagonbotelho2016-12-071-2/+2
|
* Grapify the session APIgrapify-session-apiRobert Schilling2016-11-091-10/+9
|
* Small refactor and syntax fixes.2fa-api-checkPatricio Cano2016-08-181-1/+1
|
* Added checks for 2FA to the API `/sessions` endpoint and the Resource Owner ↵Patricio Cano2016-08-181-0/+1
| | | | Password Credentials flow.
* Improve Gitlab::Auth method namesJacob Vosmaer2016-06-101-1/+1
| | | | | | Auth.find was a very generic name for a very specific method. Auth.find_in_gitlab_or_ldap was inaccurate in GitLab EE where it also looks in Kerberos.
* Rename finder to find_in_gitlab_or_ldapJacob Vosmaer2016-06-021-1/+1
|
* Use correct auth finderJacob Vosmaer2016-05-021-6/+1
|
* Make CI/Oauth/rate limiting reusableJacob Vosmaer2016-04-291-2/+6
|
* Add LDAP support to /api/sessionDmitriy Zaporozhets2013-07-161-8/+9
|
* Refactor API classes. So api classes like Gitlab::Issues become API::IssuesDmitriy Zaporozhets2013-05-141-1/+1
|
* API: return 401 for invalid sessionNihad Abbasov2012-09-201-3/+2
|
* I want be able to get token via api. Used for mobile applicationsDmitriy Zaporozhets2012-09-201-0/+21
View Lorry Controller Status