Commit graph

14 commits

Author SHA1 Message Date
Imre Farkas
b9652d8e4d [master] Persist only SHA digest of PersonalAccessToken#token 2018-10-29 16:06:45 +00:00
Eric Eastwood
116d8cfcfb Fix new personal access token showing up in a flash message 2017-12-07 16:22:37 -06:00
Robin Bobbitt
62ef67acc3 Hide read_registry scope when registry is disabled on instance 2017-08-21 18:13:32 -04:00
Rémy Coutable
ddccd24c13 Remove superfluous lib: true, type: redis, service: true, models: true, services: true, no_db: true, api: true
Signed-off-by: Rémy Coutable <remy@rymai.me>
2017-07-27 14:31:53 +02:00
Z.J. van de Weg
0b81b5ace0 Create read_registry scope with JWT auth
This is the first commit doing mainly 3 things:
1. create a new scope and allow users to use it
2. Have the JWTController respond correctly on this
3. Updates documentation to suggest usage of PATs

There is one gotcha, there will be no support for impersonation tokens, as this
seems not needed.

Fixes gitlab-org/gitlab-ce#19219
2017-06-05 12:26:49 +02:00
Sean McGivern
de37dcee90 Merge branch 'siemens/gitlab-ce-feature/openid-connect' 2017-03-07 16:16:08 +00:00
Markus Koller
8699c8338f Require explicit scopes on personal access tokens
Gitlab::Auth and API::APIGuard already check for at least one valid
scope on personal access tokens, so if the scopes are empty the token
will always fail validation.
2017-03-07 15:00:29 +01:00
Markus Koller
eefbc83730 Only use API scopes for personal access tokens 2017-03-07 15:00:29 +01:00
Tiago Botelho
005749a616 apply codestyle and implementation changes to the respective feature code 2017-03-06 19:18:26 +00:00
Tiago Botelho
2b474dc2b2 refactors finder and correlated code 2017-03-01 13:11:11 +00:00
Tiago Botelho
9f2e4742e3 applies relevant changes to the code and code structure 2017-02-28 22:15:40 +00:00
Simon Vocella
81246e5649 manage personal_access_tokens through api 2017-02-28 22:15:39 +00:00
Timothy Andrew
0dff6fd714 Fix rubocop spec. 2016-06-03 10:11:36 +05:30
Timothy Andrew
bafbf22c6a Address @DouweM's feedback on !3749.
- Use `TokenAuthenticatable` to generate the personal access token
- Remove a check for `authenticity_token` in application controller;
  this should've been `authentication_token`, maybe, and doesn't make
  any sense now.
- Have the datepicker appear inline
2016-04-28 22:28:36 +05:30