summaryrefslogtreecommitdiff
path: root/lib/gitlab
Commit message (Collapse)AuthorAgeFilesLines
* Import Google Code issue assignee when mapped.google-code-importDouwe Maan2015-04-141-0/+14
|
* Skip issue comment when its content, updates and attachments are empty.Douwe Maan2015-04-141-39/+61
|
* Allow user map to be specified.Douwe Maan2015-04-144-17/+56
|
* Add comment number to imported Google Code comments.Douwe Maan2015-04-141-3/+3
|
* Remove author link since all code.google.com links will be shut down.Douwe Maan2015-04-141-8/+6
|
* Show Google Code image attachments inline.Douwe Maan2015-04-041-2/+6
|
* Mask owner email when updated.Douwe Maan2015-04-031-14/+10
|
* Allow projects to be imported from Google Code.Douwe Maan2015-04-034-0/+429
|
* Merge branch 'configurable-attachment-size' into 'master'Douwe Maan2015-04-031-1/+2
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Support configurable attachment size in Application Settings page ### What does this MR do? This MR provides the ability to configure the maximum size of an attachment inside a note. A parameter has been added to the Application Settings page. ### Are there points in the code the reviewer needs to double check? What should be done with the legacy note attachment validation? I added code to make the validation work with the configurable setting. I could see an issue where an admin lowers the limit from 10 megabytes to 5 megabytes, which could cause an existing model to be invalid. ### Why was this MR needed? We often have attachments that exceed 10 MB, and it would be nice to be able to override the defaults. ### What are the relevant issue numbers / [Feature requests](http://feedback.gitlab.com/)? See Issue #1258 ### Screenshots Before: ![Screen_Shot_2015-03-29_at_3.06.53_PM](https://gitlab.com/gitlab-org/gitlab-ce/uploads/6013a1dbc8cf61a63e93744149937fa0/Screen_Shot_2015-03-29_at_3.06.53_PM.png) After: ![Screen_Shot_2015-03-29_at_3.12.34_PM](https://gitlab.com/gitlab-org/gitlab-ce/uploads/f3518af7e8653ba40f0a3579456da6ad/Screen_Shot_2015-03-29_at_3.12.34_PM.png) See merge request !407
| * Support configurable attachment size via Application SettingsStan Hu2015-04-021-1/+2
| | | | | | | | | | | | Fix bug where error messages from Dropzone would not be displayed on the issues page Closes #1258
* | Merge branch 'import-current-user' into 'master'Dmitriy Zaporozhets2015-04-021-0/+4
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | Import GitHub, Bitbucket or GitLab.com projects owned by authenticated user into current namespace. Addresses #1347. Untested since I'm in a bit of a hurry. Will definitely have time to test and add unit tests before the 7.10 release :) See merge request !481
| * | Import GitHub, Bitbucket or GitLab.com projects owned by authenticated user ↵Douwe Maan2015-03-311-0/+4
| | | | | | | | | | | | into current namespace.
* | | Merge branch 'username-period' into 'master'Dmitriy Zaporozhets2015-04-023-32/+38
|\ \ \ | |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | Don't allow username to end in period. The current behavior doesn't do username referencing and mentioning in sentences like "I discussed with with @douwe." since `douwe.` is matched as a username. Addresses private issue https://dev.gitlab.org/gitlab/gitlabhq/issues/2174. See merge request !438
| * | Don't allow username to end in period.Douwe Maan2015-03-272-3/+5
| | |
| * | Use more specific regexes.Douwe Maan2015-03-271-30/+34
| | |
| * | Move User.cleanup_username to Namespace.cleanup_path.Douwe Maan2015-03-271-1/+1
| |/
* | Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ceMarin Jankovski2015-03-311-13/+13
|\ \ | | | | | | | | | | | | Conflicts: lib/gitlab/markdown.rb
| * \ Merge branch 'group-information-leak' into 'master'Dmitriy Zaporozhets2015-04-011-1/+1
| |\ \ | | |/ | |/| | | | | | | | | | Don't leak private group existence by redirecting from namespace controller to group controller. See merge request !440
| | * Don't leak private group existence by redirecting from namespace controller ↵Douwe Maan2015-03-241-1/+1
| | | | | | | | | | | | to group controller.
* | | Use relative URL for Markdown references, except in mails.email-full-urlDouwe Maan2015-03-271-37/+53
|/ /
* | Merge pull request #9021 from nicklegr/faster_auto_mergeDmitriy Zaporozhets2015-03-251-5/+1
|\ \ | | | | | | Faster merge request processing for large repository
| * | Reset parking branch to HEAD everytimenicklegr2015-03-251-5/+1
| | | | | | | | | | | | * Reduces overhead of git checkout
* | | Merge pull request #8007 from mr-vinn/markdown-tagsDmitriy Zaporozhets2015-03-251-9/+25
|\ \ \ | | | | | | | | Allow HTML tags in user Markdown input
| * \ \ Merge branch 'master' into markdown-tagsVinnie Okada2015-03-247-59/+122
| |\ \ \
| * \ \ \ Merge branch 'master' into markdown-tagsVinnie Okada2015-03-225-6/+13
| |\ \ \ \
| * | | | | Fix SanitizationFilter bugsVinnie Okada2015-03-221-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Return a `SafeBuffer` instead of a `String` from the `#gfm_with_options` method so that Rails doesn't escape our markup. Also add `<span>` to the sanitization whitelist to avoid breaking syntax highlighting in code blocks.
| * | | | | Merge branch 'master' into markdown-tagsVinnie Okada2015-03-215-26/+28
| |\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | Merge updated CHANGELOG entries
| * | | | | | Don't allow style attributes in inline HTMLVinnie Okada2015-03-211-1/+1
| | | | | | |
| * | | | | | Change HTML sanitizationVinnie Okada2015-03-191-13/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use the `SanitizationFilter` class from the html-pipeline gem for inline HTML instead of calling the Rails `sanitize` method.
| * | | | | | Merge branch 'master' into markdown-tagsVinnie Okada2015-03-1764-369/+1905
| |\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Use the latest HTML pipeline gem
| * | | | | | | Allow HTML tags in user Markdown inputVinnie Okada2014-10-101-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow whitelisted tags to appear in rendered HTML output by disabling Redcarpet's `:filter_html` option.
* | | | | | | | Merge branch 'more-rubocop-styles' into 'master'Dmitriy Zaporozhets2015-03-254-4/+4
|\ \ \ \ \ \ \ \ | |_|_|_|_|_|/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | More rubocop styles See merge request !449
| * | | | | | | Style/RedundantReturn enabledmore-rubocop-stylesDmitriy Zaporozhets2015-03-243-4/+4
| | | | | | | |
| * | | | | | | Enable more rubocop style checksDmitriy Zaporozhets2015-03-241-1/+1
| | |_|_|_|/ / | |/| | | | |
* | | | | | | Merge branch 'api-internal-errors' into 'master'Dmitriy Zaporozhets2015-03-253-47/+85
|\ \ \ \ \ \ \ | |/ / / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Respond with full GitAccess error if user has project read access. Should help with debugging #1236. cc @marin See merge request !437
| * | | | | | Refactor GitAccess to use instance variables.Douwe Maan2015-03-243-47/+85
| | |_|_|_|/ | |/| | | |
* | | | | | Merge branch 'git-auth-rack-attack-improvements' into 'master'Dmitriy Zaporozhets2015-03-242-14/+62
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reduce Rack Attack false positives causing 403 errors during HTTP authentication ### What does this MR do? This MR reduces false positives causing `403 Forbidden` messages after HTTP authentication. A Git client may attempt to access a repository without a password. If it receives a 401 error, the client often will try again, this time supplying a password. The problem is that `grack_auth.rb` considers a blank password an authentication failure and increases a Redis counter each time this happens. With enough requests, an IP can be banned temporarily even though previous attempts may have been successful. This leads users to see `403 Forbidden` errors until the ban times out (default: 1 hour). To reduce the chance of a false positive, this MR resets the counter upon a successful authentication from an IP. In addition, this MR logs when a user has been banned and introduces the ability to disable Rack Attack via a config variable. ### Are there points in the code the reviewer needs to double check? rack-attack v4.2.0 doesn't support the ability to clear counters out of the box, so `rack_attack_helpers.rb` includes a number of monkey patches to make it work. It looks like this functionality may be added in v4.3.0. I've also sent pull requests to rack-attack to add the functionality necessary to delete a key. Each time an authentication is successful, the Redis counter for that IP is cleared. I deemed it better to clear the counter than to allow for blank passwords, since the latter seems like a security risk. ### Why was this MR needed? It was quite difficult to figure out why users were seeing `403 Forbidden`, which is why the log message was added. Users were getting a lot of false positives when accessing repositories with HTTPS. Including the username in the HTTPS URL (e.g. `https://username@mydomain.com/account/repo.git`) caused authentication failures because while the git client provided the username, it left the password blank, leading to an authentication failure. ### What are the relevant issue numbers / [Feature requests](http://feedback.gitlab.com/)? See Issue #1171 https://github.com/kickstarter/rack-attack/issues/113 See merge request !392
| * | | | | | Reduce Rack Attack false positives by clearing out auth failure count uponStan Hu2015-03-242-14/+62
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | successful Git over HTTP authentication. Add logging when a ban goes into effect for debugging. Issue #1171
* | | | | | | Merge branch 'fix-nested-tasks' into 'master'Dmitriy Zaporozhets2015-03-241-2/+3
|\ \ \ \ \ \ \ | |/ / / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix nested task lists When nesting task list items, the parent item is wrapped in a `<p>` tag. Update the task list parser to handle these paragraph wrappers. cc @sytse See merge request !413
| * | | | | | Fix nested task listsVinnie Okada2015-03-211-2/+3
| | |_|_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | When nesting task list items, the parent item is wrapped in a `<p>` tag. Update the task list parser to handle these paragraph wrappers.
* | | | | | Merge branch 'notes-count-without-system' into 'master'Dmitriy Zaporozhets2015-03-241-1/+1
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Don't include system notes in issue/MR comment count. Addresses private issue https://dev.gitlab.org/gitlab/gitlabhq/issues/2163. See merge request !430
| * | | | | Don't include system notes in issue/MR comment count.notes-count-without-systemDouwe Maan2015-03-231-1/+1
| | |_|_|/ | |/| | |
* | | | | Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ceDmitriy Zaporozhets2015-03-232-41/+56
|\ \ \ \ \
| * \ \ \ \ Merge branch 'improve-contributions-calendar' into 'master'Dmitriy Zaporozhets2015-03-232-41/+56
| |\ \ \ \ \ | | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Replace commits calendar with contributions calendar * count opening of issues and merge requests * dont trigger git repository - use events from database * count pushes instead of commits for faster and easier counting * much-much faster since does not affected by repository size See merge request !420
| | * | | | Improve contribution calendar per day infoDmitriy Zaporozhets2015-03-221-2/+2
| | | | | |
| | * | | | Contribution calendar will use events instead of commits to count contributionsDmitriy Zaporozhets2015-03-221-12/+7
| | | | | |
| | * | | | Refactor contributions events and write tests for calendarDmitriy Zaporozhets2015-03-221-6/+2
| | | | | |
| | * | | | Replace commits calendar with contributions calendarDmitriy Zaporozhets2015-03-212-41/+65
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * count opening of issues and merge requests * dont trigger git repository - use events from database * much-much faster since does not affected by repository size
* | | | | | Merge pull request #8995 from MichaelAlt/patch-1Douwe Maan2015-03-231-1/+0
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Faulty LDAP DN name escaping removed
| * | | | | Faulty LDAP DN name escaping removedMichael Alt2015-03-211-1/+0
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Net::LDAP::Filter.escape function can not be used to escape the DN name because the backslash is required to escape special chars in the DN name. This leads to the error message "Access denied for your LDAP account." and prevents the user from logging in to gitlab. Example DN: CN=Test\, User,OU=Organization,DC=Company CN=Test User,OU=Organization,DC=Company http://www.ietf.org/rfc/rfc4514.txt
View Lorry Controller Status