summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
...
| * | | | | | | | | Automatically link commit ranges to compare page.Douwe Maan2015-03-072-4/+40
| | |/ / / / / / / | |/| | | | | | |
* | | | | | | | | use constant-time string compare for internal api authenticationJörg Thalheim2015-03-061-1/+4
|/ / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ruby str_equal uses memcmp internally to compare String. Memcmp is vunerable to timing attacks because it returns early on mismatch (on most x32 platforms memcmp uses a bytewise comparision). Devise.secure_compare implements a constant time comparision instead.
* | | | | | | | Added comment notification events to HipChat and Slack services.Stan Hu2015-03-062-0/+106
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Supports four different event types all bundled under the "note" event type: - comments on a commit - comments on an issue - comments on a merge request - comments on a code snippet
* | | | | | | | Merge branch 'timeout' into 'master'Dmitriy Zaporozhets2015-03-051-0/+13
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Increase timeout for Git-over-HTTP requests. Fixes #2081 and https://gitlab.com/gitlab-org/gitlab-ce/issues/232. Normal web requests are bound by the `Rack::Timeout` timeout of 60 seconds, while Grack Git-over-HTTP requests are only bound by Unicorn's timeout which is now set to 1 hour, which should be plenty. The omnibus package should be updated to no longer use `unicorn['worker_timeout']` for the Unicorn timeout, but to set the `Slowpoke.timeout`. See merge request !1619
| * | | | | | | | Increase timeout for Git-over-HTTP requests.Douwe Maan2015-03-041-0/+13
| | | | | | | | |
* | | | | | | | | Merge branch 'add-more-slack-notifications' into 'master'Dmitriy Zaporozhets2015-03-041-0/+1
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add more Slack notifications for issue and merge request events From https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/237 by Stan Hu. See merge request !1556
| * | | | | | | | | Issue #595: Support Slack notifications upon issue and merge request eventsStan Hu2015-03-031-0/+1
| |/ / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1) Adds a DB migration for all services to toggle on push, issue, and merge events. 2) Upon an issue or merge request event, fire service hooks. 3) Slack service supports custom messages for each of these events. Other services not supported at the moment. 4) Label merge request hooks with their corresponding actions.
* | | | | | | | | Web Hook sends email of pusherValery Sizov2015-03-041-0/+2
| |/ / / / / / / |/| | | | | | |
* | | | | | | | Merge branch 'fix-namespace-merge-request-url' into 'master'Marin Jankovski2015-03-041-11/+7
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix namespace in merge request url building Changes in 42387b733b76dfc1f72585015910a50f094e264f now require namespace specification and broke abc69c890513fb58c1ceae7548f4fbcc221b7c34. There are additional helper functions in c530ca00b0f40ec0e0df4d1885ce55e47a59b70d, but this seemed easier not to rely on them. See merge request !363
| * | | | | | | | Fix URL builder to use GitlabRoutingHelperStan Hu2015-03-031-11/+7
| | | | | | | | |
* | | | | | | | | Merge branch 'project-existence-leak' into 'master'Dmitriy Zaporozhets2015-03-032-41/+50
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Don't leak information about private project existence via Git-over-SSH/HTTP. Fixes #2040 and https://gitlab.com/gitlab-org/gitlab-ce/issues/343. Both `Grack::Auth` (used by Git-over-HTTP) and `Api::Internal /allowed` (used by gitlab-shell/Git-over-SSH) now return a generic "Not Found" error when the project exists but the user doesn't have access to it. See merge request !1578
| * | | | | | | | | Don't leak information about private project existence via Git-over-SSH/HTTP.Douwe Maan2015-03-022-41/+50
| | | | | | | | | |
* | | | | | | | | | Merge branch 'go-import' into 'master'Marin Jankovski2015-03-032-20/+0
|\ \ \ \ \ \ \ \ \ \ | |_|/ / / / / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Render go-import meta tag for private repos. The previously solution (626f5bab3580926842aa6247e052008ddf1ca571) required a change to nginx config and broke visits from Googlebot and other clients including "go" in their user agent. See merge request !1587
| * | | | | | | | | Revert "Merge branch 'go-get-workaround-nginx' of ↵Douwe Maan2015-03-032-20/+0
| | |/ / / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://github.com/mattes/gitlabhq into mattes-go-get-workaround-nginx" This reverts commit 51349ca3c83c56e072f87253d375316f7164b49a, reversing changes made to b180476bd69bdf99b1727b041116fa8447c0201f.
* | | | | | | | | Merge branch 'fix-merge-request-url-builder' into 'master'Jeroen van Baarsen2015-03-031-0/+9
|\ \ \ \ \ \ \ \ \ | |/ / / / / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix merge request URL passed to Webhooks If you look at the data structure passed to Webhooks, you will see: `"url"=>nil` I don't think any of the Webhooks or services are using this yet, so right now nothing so far depends upon this value being correct. See merge request !352
| * | | | | | | | Fix merge request URL passed to Webhooks.Stan Hu2015-02-241-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously the symbol "url" in the object_attributes hash would always be nil.
* | | | | | | | | Merge branch 'strict-rubocop-rules' into 'master'Dmitriy Zaporozhets2015-03-031-1/+1
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Enable ParenthesesAsGroupedExpression rule See merge request !1617
| * | | | | | | | | Enable ParenthesesAsGroupedExpression ruleDmitriy Zaporozhets2015-03-021-1/+1
| | | | | | | | | |
* | | | | | | | | | Add brakeman and jasmineDmitriy Zaporozhets2015-03-021-1/+1
| | | | | | | | | |
* | | | | | | | | | Add brakeman rake task and improve code securityDmitriy Zaporozhets2015-03-021-1/+1
| | | | | | | | | |
* | | | | | | | | | Add rake task for brakemanDmitriy Zaporozhets2015-03-021-0/+9
|/ / / / / / / / /
* | | | | | | | | Support names starting with a digit or _ for projects and usersNicolas Bouilleaud2015-03-021-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is what’s actually allowed when creating a user or a project in gitlab.
* | | | | | | | | Merge pull request #8890 from sue445/feature/project_api_avatar_urlJeroen van Baarsen2015-03-011-0/+1
|\ \ \ \ \ \ \ \ \ | |_|/ / / / / / / |/| | | | | | | | Expose avatar_url in projects API
| * | | | | | | | Expose avatar_url in projects APIsue4452015-03-011-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Impl Project#avatar_url * Refactor ApplicationHelper: Use Project#avatar_url * Update changelog
* | | | | | | | | Merge branch 'master' into mmonaco/gitlab-ce-api-user-noconfirmDmitriy Zaporozhets2015-02-2792-422/+2224
|\ \ \ \ \ \ \ \ \ | |/ / / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: lib/api/users.rb
| * | | | | | | | Merge branch 'bitbucket-import'Dmitriy Zaporozhets2015-02-2511-15/+249
| |\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: app/views/import/gitorious/status.html.haml db/schema.rb
| | * | | | | | | | Satisfy Rubocop.Douwe Maan2015-02-241-2/+2
| | | | | | | | | |
| | * | | | | | | | Delete deploy key from Bitbucket after importing.Douwe Maan2015-02-243-6/+38
| | | | | | | | | |
| | * | | | | | | | Fix specs.Douwe Maan2015-02-241-1/+1
| | | | | | | | | |
| | * | | | | | | | Load public key in initializer.Douwe Maan2015-02-242-3/+12
| | | | | | | | | |
| | * | | | | | | | Add Bitbucket importer.Douwe Maan2015-02-249-15/+208
| | |/ / / / / / /
| * | | | | | | | Web Editor: save to new branchValery Sizov2015-02-242-4/+12
| |/ / / / / / /
| * | | | | | | Merge branch 'api-empty-commit' into 'master'Dmitriy Zaporozhets2015-02-243-7/+28
| |\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Improve error messages when file editing fails Give more specific errors in API responses and web UI flash messages when a file update fails. See #1479. Instead of returning false from `Gitlab::Satellite::Files::EditFileAction#commit!` when a `Grit::Git::CommandFailed` error is raised, now `#commit!` raises a different error depending on whether the failure happened during checkout, commit, or push. @dzaporozhets Please let me know if you want to change the HTTP status codes or the error messages in `Files::UpdateService` cc @sytse See merge request !1569
| | * | | | | | | Improve error messages when file editing failsVinnie Okada2015-02-223-7/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Give more specific errors in API responses and web UI flash messages when a file update fails.
| * | | | | | | | Fix git-over-httpDmitriy Zaporozhets2015-02-231-0/+1
| |/ / / / / / /
| * | | | | | | Merge branch 'master' into rails-4.1.9Vinnie Okada2015-02-217-3/+184
| |\ \ \ \ \ \ \ | | |/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: app/views/projects/commits/_commit.html.haml app/views/projects/issues/_issue.html.haml app/views/projects/issues/_issue_context.html.haml app/views/projects/merge_requests/_merge_request.html.haml app/views/projects/merge_requests/show/_context.html.haml
| | * | | | | | Merge branch 'mr-commit-comment-diff-lines' into 'master'Dmitriy Zaporozhets2015-02-211-1/+1
| | |\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix commit comments on first line of diff not rendering in Merge Request Discussion view. Example can be seen near the bottom on this MR: !1533. Before: ![Screen Shot 2015-02-20 at 10.24.34](https://dev.gitlab.org/uploads/gitlab/gitlabhq/35600b98b5/Screen_Shot_2015-02-20_at_10.24.34.png) After: the [note](https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/1533/diffs#note_36449) is actually rendered. See merge request !1552
| | | * | | | | | Fix commit comments on first line of diff not rendering in Merge Request ↵Douwe Maan2015-02-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Discussion view.
| | * | | | | | | Merge branch 'go-get-workaround-nginx' of https://github.com/mattes/gitlabhq ↵Marin Jankovski2015-02-202-0/+20
| | |\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into mattes-go-get-workaround-nginx Conflicts: lib/support/nginx/gitlab lib/support/nginx/gitlab-ssl
| | | * | | | | | | remove optional html tagsmattes2014-12-312-12/+2
| | | | | | | | | |
| | | * | | | | | | allow for private repositoriesmattes2014-12-312-0/+30
| | | | | | | | | |
| | * | | | | | | | Merge branch 'upload-xss-access-control' into 'master'Marin Jankovski2015-02-203-2/+58
| | |\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix note attachments XSS and access control Replaces the reverted #1528, as proposed in https://gitlab.com/gitlab-org/omnibus-gitlab/issues/434, as discussed with @dzaporozhets and as summarized in #2032. @marin Could you take a look at the nginx config and apply it to Omnibus once this gets merged? See merge request !1553
| | | * | | | | | | | Restore nginx config a little more.Douwe Maan2015-02-202-0/+2
| | | | | | | | | | |
| | | * | | | | | | | Make changes to nginx config less likely to break something.Douwe Maan2015-02-202-35/+66
| | | | | | | | | | |
| | | * | | | | | | | Satisfy Rubocop.Douwe Maan2015-02-201-1/+1
| | | | | | | | | | |
| | | * | | | | | | | Use modified ActionDispatch::Static to let uploads go through to routes.Douwe Maan2015-02-201-0/+13
| | | | | | | | | | |
| | | * | | | | | | | Modify nginx config to let /uploads go through to unicorn.Douwe Maan2015-02-202-37/+47
| | | | |/ / / / / / | | | |/| | | | | |
| | * | | | | | | | Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ceDmitriy Zaporozhets2015-02-202-0/+102
| | |\ \ \ \ \ \ \ \
| | | * | | | | | | | Add gitorious.org importerMarcin Kulik2015-02-202-0/+102
| | | |/ / / / / / /
| | * | | | | | | | Extend project web hooks with more dataDmitriy Zaporozhets2015-02-201-0/+3
| | |/ / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * add git_http_url and git_ssh_url to project web hook * add visibility_level to project web hook * add documentation about project visibility_level in API
View Lorry Controller Status