kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
103499 commits 1 branch 0 tags 899 MiB
Commit graph

12 commits

Author SHA1 Message Date
GitLab Bot
0301a0cad0 Add latest changes from gitlab-org/gitlab@master 2020-03-13 06:09:37 +00:00
Sebastian Arcila Valenzuela
3692e9f8a2
Validate that SAML requests are originated from gitlab 
If the request wasn't initiated by gitlab we shouldn't add the new
identity to the user, and instead show that we weren't able to link
the identity to the user.

This should fix: https://gitlab.com/gitlab-org/gitlab-ce/issues/56509
 2019-09-30 14:22:06 +02:00
Michael Tsyganov
a009381380
Support RSA and ECDSA algorithms in Omniauth JWT 
Signed-off-by: Rémy Coutable <remy@rymai.me>
 2018-12-05 18:17:40 +01:00
gfyoung
c8755543f0 Enable even more frozen string in lib/**/*.rb 
Enables frozen string for the following files:

* lib/generators/**/*.rb
* lib/gitaly/**/*.rb
* lib/google_api/**/*.rb
* lib/haml_lint/**/*.rb
* lib/json_web_token/**/*.rb
* lib/mattermost/**/*.rb
* lib/microsoft_teams/**/*.rb
* lib/object_storage/**/*.rb
* lib/omni_auth/**/*.rb
* lib/peek/**/*.rb
* lib/rouge/**/*.rb
* lib/rspec_flaky/**/*.rb
* lib/system_check/**/*.rb

Partially addresses #47424.
 2018-10-08 11:16:49 -07:00
Lin Jen-Shin
39b6f31c66 Eliminate constants warnings by: 
* Replace `require` or `require_relative` with `require_dependency`
* Remove unneeded `autoload`
 2018-06-01 13:46:46 +08:00
Tiago Botelho
699ecad78c Ports omniauth-jwt gem onto GitLab OmniAuth Strategies suite 2018-04-26 10:13:29 +01:00
Jarka Kadlecova
7d8eb4ddb0 Fix bitbucket login 2017-10-26 17:14:32 +03:00
blackst0ne
8ce8b21f67 Refactor CSRF protection 2017-07-26 11:05:44 +02:00
Rémy Coutable
c5e34da01d
Remove explicit require calls, and use require_dependency when needed 
See
http://guides.rubyonrails.org/autoloading_and_reloading_constants.html
for more info.

Signed-off-by: Rémy Coutable <remy@rymai.me>
 2017-03-13 14:29:55 +01:00
Douwe Maan
41a4785b85 Fix signin with OmniAuth providers 2015-12-08 14:58:15 +01:00
Douwe Maan
b17f36f040 Add reset_session for the :reset_session strategy. 2015-04-24 20:10:32 +02:00
Douwe Maan
571ba5a7fe Protect OmniAuth request phase against CSRF. 2015-04-24 17:03:18 +02:00