fe5f75930e
Merge branch 'security-fix-pat-web-access' into 'master'
...
[master] Resolve "Personal access token with only `read_user` scope can be used to authenticate any web request"
See merge request gitlab/gitlabhq!2583
2018-11-28 19:13:59 -05:00
e166e5747c
Enable some frozen string in lib/gitlab
...
Enable frozen string for the following files:
* lib/gitlab/auth/**/*.rb
* lib/gitlab/badge/**/*.rb
* lib/gitlab/bare_repository_import/**/*.rb
* lib/gitlab/bitbucket_import/**/*.rb
* lib/gitlab/bitbucket_server_import/**/*.rb
* lib/gitlab/cache/**/*.rb
* lib/gitlab/checks/**/*.rb
Partially addresses #47424 .
2018-10-13 02:31:31 -07:00
20dfe25c15
Export assigned issues in iCalendar feed
2018-05-31 14:01:04 +00:00
7a6c7bd66b
Allow token authentication on go-get request
2018-02-23 10:33:46 +00:00
4188c10c07
Renaming AuthenticationException to AuthenticationError
2017-11-17 13:33:21 +01:00
1436598e49
Moved Exceptions to Gitlab::Auth
2017-11-17 10:02:11 +01:00
f189657523
Added some more comments
2017-11-17 10:02:11 +01:00
21153a4f47
Homogenising the type of the request handled by UserAuthFinder. Also tests fixed
2017-11-17 10:02:11 +01:00
aecc3eb080
Applied some code review comments
2017-11-17 10:02:10 +01:00
41ebd06ddc
Some fixes after rebase
2017-11-17 10:01:20 +01:00
d948e67913
First refactor
2017-11-17 10:00:08 +01:00
4e5a97d4f3
Refactor with ActionDispatch::Request
2017-11-17 09:58:18 +01:00
43a682ccaa
Fix OAuth API and RSS rate limiting
2017-11-17 09:58:18 +01:00
Cindy Pallares