kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
92,494 Commits 1 Branch 0 Tags 899 MiB
Commit Graph

13 Commits

Author SHA1 Message Date
gfyoung 93a44e135b Add some frozen string to spec/**/*.rb 
Adds frozen string to the following:

* spec/bin/**/*.rb
* spec/config/**/*.rb
* spec/controllers/**/*.rb

xref https://gitlab.com/gitlab-org/gitlab-ce/issues/59758
 2019-04-15 10:17:05 +00:00
Thong Kuah 4ec16912b8 Autocorrect with RSpec/ExampleWording cop 
- rewords examples starting with 'should'
- rewords examples starting with 'it'

Note: I had to manually fixup "onlies" to "only"
 2019-04-05 08:43:27 +00:00
Pavel Shutsin 8ee1927db9 Move out link\unlink ability checks to a policy 
We can extend the policy in EE for additional behavior
 2019-03-19 15:38:16 +03:00
Yorick Peterse 040e6e72bf Merge branch 'ce-security-jej/group-saml-link-origin-verification' into 'master' 
Ensure request to link GroupSAML acount was GitLab initiated

See merge request gitlab/gitlabhq!2976
 2019-03-04 18:36:26 +00:00
James Edwards-Jones 6548e01f18 Avoid CSRF check on SAML failure endpoint 
SAML and OAuth failures should cause a message to be presented, as well
as logging that an attempt was made. These were incorrectly prevented by
the CSRF check on POST endpoints such as SAML.

In addition we were using a NullSession forgery protection, which made
testing more difficult and could have allowed account linking to take
place if a CSRF was ever needed but not present.
 2019-02-04 10:10:51 +00:00
James Edwards-Jones 104c8b890d Backport EE GroupSAML origin verification changes 2019-01-23 19:42:16 +00:00
Jasper Maes 4361c92b6a Update gitlab-styles to 2.5.1 2019-01-11 23:59:35 +01:00
Scott Escue 6540a9468a
Preserve URL fragment across sign-in and sign-up redirects 
If window.location contains a URL fragment, append the fragment to all sign-in forms, the sign-up form, and all button based providers.
 2019-01-10 00:00:38 -06:00
Yorick Peterse 9606dbbb03
Whitelist existing destroy_all offenses 
This whitelists all existing places where we use "destroy_all".
 2018-08-16 17:29:37 +02:00
Roger Rüttimann 2efe27ba18 Honor saml assurance level to allow 2FA bypassing 2018-06-25 15:32:03 +00:00
Tiago Botelho 161a05b963 Writes specs 2018-03-22 16:05:15 +00:00
James Lopez 140cb0c092 Merge branch 'fix/auth0-unsafe-login-10-6' into 'security-10-6' 
[10.6] Fix GitLab Auth0 integration signs in the wrong user

See merge request gitlab/gitlabhq!2354
 2018-03-21 14:43:47 +00:00
Robert Speicher 4493ec0880 Merge branch 'jej/fix-disabled-oauth-access-10-3' into 'security-10-3' 
[10.3] Prevent login with disabled OAuth providers

See merge request gitlab/gitlabhq!2296

(cherry picked from commit 4936650427ffc88e6ee927aedbb2c724d24b094c)

a0f9d222 Prevents login with disabled OAuth providers
 2018-01-16 17:05:01 -08:00