kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
33,948 Commits 1 Branch 0 Tags 899 MiB
Commit Graph

22 Commits

Author SHA1 Message Date
Patricio Cano 8bb1931ef2 Deny Git over HTTP access to users that have 2FA enabled, unless they use a Personal Access Token. 2016-08-16 11:19:00 -05:00
Robert Speicher 86c081f71f Merge branch 'git-http-push-check' into 'master' 
Stop 'git push' over HTTP early

Before this change we always let users push Git data over HTTP before
deciding whether to accept to push. This was different from pushing
over SSH where we terminate a 'git push' early if we already know the
user is not allowed to push.

This change let Git over HTTP follow the same behavior as Git over
SSH. We also distinguish between HTTP 404 and 403 responses when
denying Git requests, depending on whether the user is allowed to know
the project exists.


See merge request !5639
 2016-08-08 19:23:31 +00:00
Gabriel Mazetto c9aa19881c Enable Style/SpaceAroundEqualsInParameterDefault cop 2016-08-06 04:03:01 +02:00
Jacob Vosmaer b8f754dd0a Stop 'git push' over HTTP early 
Before this change we always let users push Git data over HTTP before
deciding whether to accept to push. This was different from pushing
over SSH where we terminate a 'git push' early if we already know the
user is not allowed to push.

This change let Git over HTTP follow the same behavior as Git over
SSH. We also distinguish between HTTP 404 and 403 responses when
denying Git requests, depending on whether the user is allowed to know
the project exists.
 2016-08-03 14:54:12 +02:00
Jacob Vosmaer 4bcad1cbdd Groundwork for Kerberos SPNEGO (EE feature) 2016-07-01 11:46:56 +02:00
Z.J. van de Weg abca19da8b Use HTTP matchers if possible 2016-06-27 20:10:42 +02:00
Sean McGivern d07426ac19 Fix spec description typo 2016-06-14 16:41:17 +01:00
Sean McGivern bf63964b4d Add test for getting info/refs from repo 2016-06-09 14:26:52 +01:00
Sean McGivern df5fb28a3a Ensure only IDs ending in .git perform git actions 
It doesn't seem possible to set constraints based on format for project
IDs ending in .git, so set the constraint on the ID and ensure the
format is nil to avoid the case where the project ID is something like
project.git.foo.
 2016-06-09 11:53:11 +01:00
Jacob Vosmaer df62cbd917 Add parentheses 2016-06-08 11:42:25 +02:00
Jacob Vosmaer 9ef50db627 Specify that oauth cannot push code 2016-04-29 18:56:53 +02:00
Jacob Vosmaer b64cbaccbe Remove trivial 'let' 2016-04-22 14:04:36 +02:00
Jacob Vosmaer ccb29955c9 More tests, better descriptions 2016-04-06 18:58:19 +02:00
Jacob Vosmaer ac4d3dc5cc Rubocop 2016-04-06 17:23:16 +02:00
Jacob Vosmaer 5fe06d7365 Add some upload specs 2016-03-24 18:58:29 +01:00
Jacob Vosmaer 5f3708418a Whitespace! 2016-03-24 17:44:13 +01:00
Jacob Vosmaer 57145483fc Spec Www-Authenticate 2016-03-24 17:44:10 +01:00
Jacob Vosmaer ccf5b21f28 Remove useless "describe" 2016-03-24 17:38:30 +01:00
Jacob Vosmaer aae577f921 Add test for gitlab_shell.upload_pack config setting 2016-03-24 17:34:56 +01:00
Jacob Vosmaer 0f8fe93c26 Whitespace, remove unused method 2016-03-24 16:21:19 +01:00
Jacob Vosmaer 31bc876b7b Test both GET and POST for git-upload-pack 2016-03-24 16:14:09 +01:00
Jacob Vosmaer 19a5e7c95e Test Grack::Auth via a request spec 2016-03-23 14:09:52 +01:00
Renamed from spec/lib/gitlab/backend/grack_auth_spec.rb (Browse further)