Commit graph

13 commits

Author SHA1 Message Date
GitLab Bot
c59765a50a Add latest changes from gitlab-org/gitlab@master 2020-06-24 18:09:03 +00:00
GitLab Bot
f2151c65d5 Add latest changes from gitlab-org/gitlab@master 2020-05-19 15:08:04 +00:00
GitLab Bot
0301a0cad0 Add latest changes from gitlab-org/gitlab@master 2020-03-13 06:09:37 +00:00
GitLab Bot
a89cb5cbdd Add latest changes from gitlab-org/gitlab@master 2020-02-06 21:08:48 +00:00
GitLab Bot
0282449e6e Add latest changes from gitlab-org/gitlab@master 2019-11-20 06:06:16 +00:00
GitLab Bot
38c79b697f Add latest changes from gitlab-org/gitlab@master 2019-11-04 12:06:19 +00:00
GitLab Bot
25989ab7ef Add latest changes from gitlab-org/gitlab@master 2019-10-18 11:11:44 +00:00
Sebastian Arcila Valenzuela
3692e9f8a2
Validate that SAML requests are originated from gitlab
If the request wasn't initiated by gitlab we shouldn't add the new
identity to the user, and instead show that we weren't able to link
the identity to the user.

This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/56509
2019-09-30 14:22:06 +02:00
Thong Kuah
8c42a0eac0 Add frozen_string_literal to lib part 2
Using the sed script from
https://gitlab.com/gitlab-org/gitlab-ce/issues/59758
2019-08-23 00:15:24 +12:00
Stan Hu
aff2b6e4eb Switch use of Rack::Request to ActionDispatch::Request
As mentioned in
https://gitlab.com/gitlab-org/gitlab-ee/issues/9035#note_129093444,
Rails 5 switched ActionDispatch::Request so that it no longer inherits
Rack::Request directly. A middleware that uses Rack::Request to
read the environment may see stale request parameters if
another middleware modifies the environment via ActionDispatch::Request.
To be safe, we should be using ActionDispatch::Request everywhere.
2019-01-07 00:35:53 -08:00
Michael Tsyganov
a009381380
Support RSA and ECDSA algorithms in Omniauth JWT
Signed-off-by: Rémy Coutable <remy@rymai.me>
2018-12-05 18:17:40 +01:00
Lin Jen-Shin
39b6f31c66 Eliminate constants warnings by:
* Replace `require` or `require_relative` with `require_dependency`
* Remove unneeded `autoload`
2018-06-01 13:46:46 +08:00
Tiago Botelho
772b876a93 Adds spec for omni_auth jwt strategy 2018-04-26 17:03:09 +01:00