Commit graph

13 commits

Author SHA1 Message Date
GitLab Bot
1a9d9cc14e Add latest changes from gitlab-org/gitlab@master 2019-12-18 09:07:38 +00:00
Alex Kalderimis
8a1fc36e1d Propagate argument errors as execution errors 2019-07-30 11:12:24 -04:00
charlie ablett
639ab5214c Remove :graphql feature flag
- Remove `FeatureConstrainer` call wrapping api endpoint
- Remove `Feature.enabled?(:graphql)` conditionals in back and frontend
- Modify graphql test to be graphql flag agnostic
- Remove api routing spec
- Remove frontend feature flag via `gon`
2019-07-09 12:45:23 +00:00
Phil Hughes
301a7d32b4
Enable GraphQL batch requests 2019-05-29 10:31:16 +01:00
Phil Hughes
11f85ae8c3 Enables GraphQL batch requests
Enabling GraphQL batch requests allows for multiple queries
to be sent in 1 request reducing the amount of requests
we send to the server.

Responses come come back in the same order as the queries were
provided.
2019-05-28 10:22:02 +02:00
Felipe Artur
73b553a42a Add API access check to Graphql
Check if user can access API on GraphqlController
2019-03-27 14:59:02 +00:00
Bob Van Landuyt
b623932eb3 Allow GraphQL requests without CSRF token
With this we allow authentication using a session or using personal
access token.

Authentication using a session, and CSRF token makes it easy to play
with GraphQL from the Graphiql endpoint we expose.

But we cannot enforce CSRF validity, otherwise authentication for
regular API clients would fail when they use personal access tokens to
authenticate.
2019-03-06 15:38:00 +01:00
Phil Hughes
744f6ed12b
Enable GraphQL API endpoint 2018-12-13 10:12:13 +00:00
Phil Hughes
2bb468d6b9
Remove issue_suggestions feature flag
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/55166
2018-12-13 09:43:36 +00:00
Cindy Pallares
fe5f75930e
Merge branch 'security-fix-pat-web-access' into 'master'
[master] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request"

See merge request gitlab/gitlabhq!2583
2018-11-28 19:13:59 -05:00
gfyoung
73322a0e55 Enable frozen string in app/controllers/**/*.rb
Enables frozen string for the following:

* app/controllers/*.rb
* app/controllers/admin/**/*.rb
* app/controllers/boards/**/*.rb
* app/controllers/ci/**/*.rb
* app/controllers/concerns/**/*.rb

Partially addresses #47424.
2018-09-18 21:22:45 -07:00
Bob Van Landuyt
c443133e77 Handle exceptions outside the GraphQL schema
This allows us to report JSON parse exceptions to clients and ignore
them in sentry.
2018-06-05 20:47:42 +02:00
Nick Thomas
9c6c17cbcd Add a minimal GraphQL API 2018-06-05 20:47:42 +02:00