summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'backup-chdir' into 'master'Dmitriy Zaporozhets2015-03-261-7/+8
|\ | | | | | | | | | | | | | | Change directory when removing old backups Fixes errors when deleting old backups in the `gitlab:backup:create` rake task. See #2177. See merge request !1740
| * Change directory when removing old backupsVinnie Okada2015-03-241-7/+8
| |
* | Merge branch 'master' into 'master'Dmitriy Zaporozhets2015-03-261-2/+2
|\ \ | | | | | | | | | | | | | | | | | | | | | Change ordering so that confirm is removed from attrs before attempting to User.build_user Possible fix gitlab-org/gitlab-ce#1296 See merge request !445
| * | Change ordering so that confirm is removed from attrs before attempting to ↵RICKETTM@uk.ibm.com2015-03-241-2/+2
| | | | | | | | | | | | User.build_user
* | | Merge pull request #9021 from nicklegr/faster_auto_mergeDmitriy Zaporozhets2015-03-251-5/+1
|\ \ \ | | | | | | | | Faster merge request processing for large repository
| * | | Reset parking branch to HEAD everytimenicklegr2015-03-251-5/+1
| | | | | | | | | | | | | | | | * Reduces overhead of git checkout
* | | | Merge pull request #8007 from mr-vinn/markdown-tagsDmitriy Zaporozhets2015-03-251-9/+25
|\ \ \ \ | | | | | | | | | | Allow HTML tags in user Markdown input
| * \ \ \ Merge branch 'master' into markdown-tagsVinnie Okada2015-03-248-60/+124
| |\ \ \ \ | | | |_|/ | | |/| |
| * | | | Merge branch 'master' into markdown-tagsVinnie Okada2015-03-226-24/+38
| |\ \ \ \
| * | | | | Fix SanitizationFilter bugsVinnie Okada2015-03-221-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Return a `SafeBuffer` instead of a `String` from the `#gfm_with_options` method so that Rails doesn't escape our markup. Also add `<span>` to the sanitization whitelist to avoid breaking syntax highlighting in code blocks.
| * | | | | Merge branch 'master' into markdown-tagsVinnie Okada2015-03-218-33/+37
| |\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | Merge updated CHANGELOG entries
| * | | | | | Don't allow style attributes in inline HTMLVinnie Okada2015-03-211-1/+1
| | | | | | |
| * | | | | | Change HTML sanitizationVinnie Okada2015-03-191-13/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use the `SanitizationFilter` class from the html-pipeline gem for inline HTML instead of calling the Rails `sanitize` method.
| * | | | | | Merge branch 'master' into markdown-tagsVinnie Okada2015-03-17111-786/+3129
| |\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Use the latest HTML pipeline gem
| * | | | | | | Allow HTML tags in user Markdown inputVinnie Okada2014-10-101-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow whitelisted tags to appear in rendered HTML output by disabling Redcarpet's `:filter_html` option.
* | | | | | | | Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ceDmitriy Zaporozhets2015-03-255-6/+6
|\ \ \ \ \ \ \ \ | |_|_|_|_|_|/ / |/| | | | | | |
| * | | | | | | Merge branch 'more-rubocop-styles' into 'master'Dmitriy Zaporozhets2015-03-255-6/+6
| |\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | More rubocop styles See merge request !449
| | * | | | | | | Style/RedundantReturn enabledmore-rubocop-stylesDmitriy Zaporozhets2015-03-243-4/+4
| | | | | | | | |
| | * | | | | | | Enable more rubocop style checksDmitriy Zaporozhets2015-03-242-3/+3
| | | |_|_|_|/ / | | |/| | | | |
* | | | | | | | Merge pull request #8988 from atomaka/atomaka/bugfix/gitlab-shell-taskRobert Schilling2015-03-251-0/+1
|\ \ \ \ \ \ \ \ | |/ / / / / / / |/| | | | | | | Fix GitLab shell setup spacing
| * | | | | | | Fix newline spacing after authorized_keys rebuildAndrew Tomaka2015-03-201-0/+1
| | |_|_|/ / / | |/| | | | |
* | | | | | | Merge branch 'api-internal-errors' into 'master'Dmitriy Zaporozhets2015-03-255-68/+105
|\ \ \ \ \ \ \ | |_|/ / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Respond with full GitAccess error if user has project read access. Should help with debugging #1236. cc @marin See merge request !437
| * | | | | | Respond with full GitAccess error if user has project read access.api-internal-errorsDouwe Maan2015-03-241-1/+1
| | | | | | |
| * | | | | | Refactor GitAccess to use instance variables.Douwe Maan2015-03-245-67/+104
| | | | | | |
* | | | | | | Merge pull request #9012 from dantudor/patch-1Dmitriy Zaporozhets2015-03-241-1/+2
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Unescape branch param to delete
| * | | | | | | Unescape branch param to deleteDan Tudor2015-03-241-1/+2
| | |_|_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | Branch names that contain `/` return a 405 error when being deleted because the slash is escaped to `%2F` This patch will unescape the param prior to executing the delete action.
* | | | | | | Merge branch 'git-auth-rack-attack-improvements' into 'master'Dmitriy Zaporozhets2015-03-242-14/+62
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reduce Rack Attack false positives causing 403 errors during HTTP authentication ### What does this MR do? This MR reduces false positives causing `403 Forbidden` messages after HTTP authentication. A Git client may attempt to access a repository without a password. If it receives a 401 error, the client often will try again, this time supplying a password. The problem is that `grack_auth.rb` considers a blank password an authentication failure and increases a Redis counter each time this happens. With enough requests, an IP can be banned temporarily even though previous attempts may have been successful. This leads users to see `403 Forbidden` errors until the ban times out (default: 1 hour). To reduce the chance of a false positive, this MR resets the counter upon a successful authentication from an IP. In addition, this MR logs when a user has been banned and introduces the ability to disable Rack Attack via a config variable. ### Are there points in the code the reviewer needs to double check? rack-attack v4.2.0 doesn't support the ability to clear counters out of the box, so `rack_attack_helpers.rb` includes a number of monkey patches to make it work. It looks like this functionality may be added in v4.3.0. I've also sent pull requests to rack-attack to add the functionality necessary to delete a key. Each time an authentication is successful, the Redis counter for that IP is cleared. I deemed it better to clear the counter than to allow for blank passwords, since the latter seems like a security risk. ### Why was this MR needed? It was quite difficult to figure out why users were seeing `403 Forbidden`, which is why the log message was added. Users were getting a lot of false positives when accessing repositories with HTTPS. Including the username in the HTTPS URL (e.g. `https://username@mydomain.com/account/repo.git`) caused authentication failures because while the git client provided the username, it left the password blank, leading to an authentication failure. ### What are the relevant issue numbers / [Feature requests](http://feedback.gitlab.com/)? See Issue #1171 https://github.com/kickstarter/rack-attack/issues/113 See merge request !392
| * | | | | | | Reduce Rack Attack false positives by clearing out auth failure count uponStan Hu2015-03-242-14/+62
| |/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | successful Git over HTTP authentication. Add logging when a ban goes into effect for debugging. Issue #1171
* | | | | | | Merge branch 'fix-nested-tasks' into 'master'Dmitriy Zaporozhets2015-03-241-2/+3
|\ \ \ \ \ \ \ | |/ / / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix nested task lists When nesting task list items, the parent item is wrapped in a `<p>` tag. Update the task list parser to handle these paragraph wrappers. cc @sytse See merge request !413
| * | | | | | Fix nested task listsVinnie Okada2015-03-211-2/+3
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | When nesting task list items, the parent item is wrapped in a `<p>` tag. Update the task list parser to handle these paragraph wrappers.
* | | | | | Merge branch 'notes-count-without-system' into 'master'Dmitriy Zaporozhets2015-03-241-1/+1
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Don't include system notes in issue/MR comment count. Addresses private issue https://dev.gitlab.org/gitlab/gitlabhq/issues/2163. See merge request !430
| * | | | | Don't include system notes in issue/MR comment count.notes-count-without-systemDouwe Maan2015-03-231-1/+1
| | |_|_|/ | |/| | |
* | | | | Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ceDmitriy Zaporozhets2015-03-232-41/+56
|\ \ \ \ \
| * \ \ \ \ Merge branch 'improve-contributions-calendar' into 'master'Dmitriy Zaporozhets2015-03-232-41/+56
| |\ \ \ \ \ | | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Replace commits calendar with contributions calendar * count opening of issues and merge requests * dont trigger git repository - use events from database * count pushes instead of commits for faster and easier counting * much-much faster since does not affected by repository size See merge request !420
| | * | | | Improve contribution calendar per day infoDmitriy Zaporozhets2015-03-221-2/+2
| | | | | |
| | * | | | Contribution calendar will use events instead of commits to count contributionsDmitriy Zaporozhets2015-03-221-12/+7
| | | | | |
| | * | | | Refactor contributions events and write tests for calendarDmitriy Zaporozhets2015-03-221-6/+2
| | | | | |
| | * | | | Replace commits calendar with contributions calendarDmitriy Zaporozhets2015-03-212-41/+65
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * count opening of issues and merge requests * dont trigger git repository - use events from database * much-much faster since does not affected by repository size
* | | | | | Merge pull request #8995 from MichaelAlt/patch-1Douwe Maan2015-03-231-1/+0
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Faulty LDAP DN name escaping removed
| * | | | | Faulty LDAP DN name escaping removedMichael Alt2015-03-211-1/+0
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Net::LDAP::Filter.escape function can not be used to escape the DN name because the backslash is required to escape special chars in the DN name. This leads to the error message "Access denied for your LDAP account." and prevents the user from logging in to gitlab. Example DN: CN=Test\, User,OU=Organization,DC=Company CN=Test User,OU=Organization,DC=Company http://www.ietf.org/rfc/rfc4514.txt
* | | | | Fix OAuth2 issue importing a new project from GitHub and GitLabStan Hu2015-03-223-4/+4
| | | | | | | | | | | | | | | | | | | | Closes #1268
* | | | | Merge branch 'disable-ref-generation-in-code-blocks' into 'master'Dmitriy Zaporozhets2015-03-221-1/+7
|\ \ \ \ \ | |_|/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Disable reference generation in preformatted/code blocks ### Summary If a user adds text in code or preformatted text via Markdown or HTML that contains `#XXX`, the system adds a note that issue `XXX` was mentioned. This is particularly annoying because we often list gdb backtrace dumps into our issues, and many issues get mentioned as a result. For example: ``` (gdb) bt #0 0x00000000004004c4 in second () at main.cc:6 #1 0x00000000004004d2 in first () at main.cc:11 #2 0x00000000004004dd in main () at main.cc:17 (gdb) ``` ### Steps to reproduce 1. In an issue, write the above text using Markdown or HTML tags (e.g. `<code>`, `<pre>`). 2. Observe that [issue 1](https://gitlab.com/gitlab-org/gitlab-ce/issues/1) and [issue 2](https://gitlab.com/gitlab-org/gitlab-ce/issues/2) have a note that says they were mentioned. ### Expected behavior Everything enclosed in the code blocks should be ignored as references. ### Observed behavior Issues get referenced unnecessarily. ### Fix I've made `reference_extractor.rb` strip out HTML and Markdown blocks before processing. I considered running the raw text through the entire Markdown processor, but this seems overkill and perhaps could lead to some unintended side effects. See merge request !365
| * | | | Disable reference creation for comments surrounded by code/preformatted blocksStan Hu2015-03-191-1/+7
| | | | |
* | | | | Merge branch 'backup-permissions' into 'master'Dmitriy Zaporozhets2015-03-211-18/+25
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change permissions on backup files - #2 Use more restrictive permissions for backup tar files and for the db, uploads, and repositories directories inside the tar files. See #1894. Now the backup task recursively `chmod`s the `db/`, `uploads/`, and `repositories/` folders with 0700 permissions, and the tar file is created as 0600. This is a followup to !1703, which was reverted because it broke Rspec tests. The test failures were due to the rake task changing directories and not changing back, which I fixed with this commit. cc @sytse See merge request !1716
| * | | | | Call chdir() with a blockVinnie Okada2015-03-191-18/+17
| | | | | |
| * | | | | Change permissions on backup filesVinnie Okada2015-03-171-5/+13
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | Use more restrictive permissions for backup tar files and for the db, uploads, and repositories directories inside the tar files.
* | | | | Extend push_tag event to include tag message and last commitKamil Trzcinski2015-03-211-1/+2
| |_|/ / |/| | |
* | | | Revert "Increase timeout for Git-over-HTTP requests."Dmitriy Zaporozhets2015-03-191-13/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 516bcabbf42d60db2ac989dce4c7187b2a1e5de9. Conflicts: Gemfile
* | | | Merge branch 'bugfix/block_ldap_users_cronjob' into 'master'Dmitriy Zaporozhets2015-03-191-4/+5
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixed rake task gitlab:cleanup:block_removed_ldap_users Maybe not the most elegant solution, but it works for us. This closes issue gitlab-org/gitlab-ce#955. See merge request !338
| * | | | fixed rake task to block removed ldap usersDaniel Steinborn2015-02-161-4/+5
| | | | |
View Lorry Controller Status