kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/spec/requests
History
Timothy Andrew 34b71e734b Don't display the is_admin? flag for user API responses. 
- To prevent an attacker from enumerating the `/users` API to get a list of all
  the admins.

- Display the `is_admin?` flag wherever we display the `private_token` - at the
  moment, there are two instances:

  - When an admin uses `sudo` to view the `/user` endpoint
  - When logging in using the `/session` endpoint
2017-04-25 09:46:05 +00:00
..
api Don't display the is_admin? flag for user API responses. 2017-04-25 09:46:05 +00:00
ci/api Optimise trace handling code to use streaming instead of full read 2017-04-06 16:20:27 +00:00
projects Use :empty_project where possible in request specs 2017-01-26 18:52:10 -05:00
git_http_spec.rb Fix user activities HTTP clone spec 2017-04-17 14:23:39 +01:00
jwt_controller_spec.rb Merge branch 'unauthenticated-container-registry-access' into 'security' 2016-11-09 12:28:29 +01:00
lfs_http_spec.rb Enable Style/MultilineHashBraceLayout 2017-02-23 09:32:22 -06:00
openid_connect_spec.rb Implement OpenID Connect identity provider 2017-03-07 14:54:35 +01:00