kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
100715 commits 1 branch 0 tags 899 MiB
Commit graph

7 commits

Author SHA1 Message Date
Alex Kalderimis
8a1fc36e1d Propagate argument errors as execution errors 2019-07-30 11:12:24 -04:00
Felipe Artur
73b553a42a Add API access check to Graphql 
Check if user can access API on GraphqlController
 2019-03-27 14:59:02 +00:00
Bob Van Landuyt
b623932eb3 Allow GraphQL requests without CSRF token 
With this we allow authentication using a session or using personal
access token.

Authentication using a session, and CSRF token makes it easy to play
with GraphQL from the Graphiql endpoint we expose.

But we cannot enforce CSRF validity, otherwise authentication for
regular API clients would fail when they use personal access tokens to
authenticate.
 2019-03-06 15:38:00 +01:00
blackst0ne
b44a2c801a Update specs to rails5 format 
Updates specs to use new rails5 format.

The old format:
`get :show, { some: params }, { some: headers }`

The new format:
`get :show, params: { some: params }, headers: { some: headers }`
 2018-12-19 10:04:31 +11:00
Cindy Pallares
fe5f75930e
Merge branch 'security-fix-pat-web-access' into 'master' 
[master] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request"

See merge request gitlab/gitlabhq!2583
 2018-11-28 19:13:59 -05:00
Bob Van Landuyt
c443133e77 Handle exceptions outside the GraphQL schema 
This allows us to report JSON parse exceptions to clients and ignore
them in sentry.
 2018-06-05 20:47:42 +02:00
Nick Thomas
9c6c17cbcd Add a minimal GraphQL API 2018-06-05 20:47:42 +02:00