Commit graph

10 commits

Author SHA1 Message Date
GitLab Bot
c8f773a859 Add latest changes from gitlab-org/gitlab@master 2020-01-30 21:08:47 +00:00
GitLab Bot
abfafe3c57 Add latest changes from gitlab-org/gitlab@master 2019-10-29 00:06:10 +00:00
blackst0ne
b44a2c801a Update specs to rails5 format
Updates specs to use new rails5 format.

The old format:
`get :show, { some: params }, { some: headers }`

The new format:
`get :show, params: { some: params }, headers: { some: headers }`
2018-12-19 10:04:31 +11:00
Jacopo
2f40dac352 Refactor have_http_status into have_gitlab_http_status in the specs 2017-10-20 10:13:18 +02:00
Sean McGivern
5069682d8e Enable RSpec/FilePath cop
- Ignore JS fixtures
- Ignore qa directory
- Rewrite concern specs to put concern name first
2017-04-26 12:50:32 +01:00
Jacopo
ff76adb547 Unnecessary "include WaitForAjax" and "include ApiHelpers"
Removed all the unnecessary include of `WaitForAjax` and `ApiHelpers` in the specs.
Removed unnecessary usage of `api:true`
2017-04-21 22:32:02 +02:00
Markus Koller
93daeee164 Don't allow blocked users to authenticate through other means
Gitlab::Auth.find_with_user_password is currently used in these places:

- resource_owner_from_credentials in config/initializers/doorkeeper.rb,
  which is used for the OAuth Resource Owner Password Credentials flow

- the /session API call in lib/api/session.rb, which is used to reveal
  the user's current authentication_token

In both cases users should only be authenticated if they're in the
active state.
2017-03-07 15:00:29 +01:00
Patricio Cano
a4137411c6 Small refactor and syntax fixes. 2016-08-18 16:47:26 -05:00
Patricio Cano
ff6f0ada3f Added documentation and CHANGELOG item 2016-08-18 16:47:26 -05:00
Patricio Cano
e2f9c87600 Added checks for 2FA to the API /sessions endpoint and the Resource Owner Password Credentials flow. 2016-08-18 16:47:26 -05:00