- 23 2月, 2017 1 次提交
-
-
由 Douwe Maan 提交于
-
- 31 1月, 2017 1 次提交
-
-
由 Drew Blessing 提交于
We accept half a dozen different authentication mechanisms for Git over HTTP. Fairly high in the list we were checking user password, which would also query LDAP. In the case of LFS, OAuth tokens or personal access tokens, we were unnecessarily hitting LDAP when the authentication will not succeed. This was causing some LDAP/AD systems to lock the account. Now, user password authentication is the last mechanism tried since it's the most expensive.
-
- 16 12月, 2016 6 次提交
-
-
由 Timothy Andrew 提交于
`valid_api_token?` is a better name. Scopes are just (potentially) one facet of a "valid" token.
-
由 Timothy Andrew 提交于
- Previously, AccessTokenValidationService was a module, and all its public methods accepted a token. It makes sense to convert it to a class which accepts a token during initialization. - Also rename the `sufficient_scope?` method to `include_any_scope?` - Based on feedback from @rymai
-
由 Timothy Andrew 提交于
- Based on @dbalexandre's review - Extract token validity conditions into two separate methods, for personal access tokens and OAuth tokens.
-
由 Timothy Andrew 提交于
- Mainly whitespace changes. - Require the migration adding the `scope` column to the `personal_access_tokens` table to have downtime, since API calls will fail if the new code is in place, but the migration hasn't run. - Minor refactoring - load `@scopes` in a `before_action`, since we're doing it in three different places.
-
由 Timothy Andrew 提交于
- This module is used for git-over-http, as well as JWT. - The only valid scope here is `api`, currently.
-
由 Timothy Andrew 提交于
- Move the `Oauth2::AccessTokenValidationService` class to `AccessTokenValidationService`, since it is now being used for personal access token validation as well. - Each API endpoint declares the scopes it accepts (if any). Currently, the top level API module declares the `api` scope, and the `Users` API module declares the `read_user` scope (for GET requests). - Move the `find_user_by_private_token` from the API `Helpers` module to the `APIGuard` module, to avoid littering `Helpers` with more auth-related methods to support `find_user_by_private_token`
-
- 29 9月, 2016 1 次提交
-
-
由 Patricio Cano 提交于
Reset expiry time of token, if token is retrieved again before it expires.
-
- 20 9月, 2016 1 次提交
-
-
由 Kamil Trzcinski 提交于
-
- 19 9月, 2016 6 次提交
-
-
由 Kamil Trzcinski 提交于
Revert "Revert all changes introduced by https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6043" This reverts commit 6d43c95b.
-
由 Kamil Trzcinski 提交于
-
由 Kamil Trzcinski 提交于
-
由 Kamil Trzcinski 提交于
-
由 Kamil Trzcinski 提交于
-
- 16 9月, 2016 12 次提交
-
-
由 Kamil Trzcinski 提交于
-
由 Kamil Trzcinski 提交于
-
由 Patricio Cano 提交于
-
由 Patricio Cano 提交于
-
由 Patricio Cano 提交于
-
由 Patricio Cano 提交于
Use special characters for `lfs+deploy-key` to prevent a someone from creating a user with this username, and method name refactoring.
-
由 Patricio Cano 提交于
-
由 Patricio Cano 提交于
-
由 Patricio Cano 提交于
-
由 Patricio Cano 提交于
Refactored LFS auth logic when using SSH to use its own API endpoint `/lfs_authenticate` and added tests.
-
由 Patricio Cano 提交于
-
由 Patricio Cano 提交于
- Required on the GitLab Rails side is mostly authentication and API related.
-
- 15 9月, 2016 4 次提交
-
-
由 Kamil Trzcinski 提交于
-
由 Kamil Trzcinski 提交于
-
由 Kamil Trzcinski 提交于
-
由 Kamil Trzcinski 提交于
-
- 14 9月, 2016 1 次提交
-
-
由 Kamil Trzcinski 提交于
-
- 13 9月, 2016 3 次提交
-
-
由 Kamil Trzcinski 提交于
-
由 Kamil Trzcinski 提交于
-
由 Kamil Trzcinski 提交于
Use a permissions of user to access all dependent projects from CI jobs (this also includes a container images, and in future LFS files)
-
- 19 8月, 2016 1 次提交
-
-
由 Patricio Cano 提交于
-
- 18 8月, 2016 1 次提交
-
-
由 Patricio Cano 提交于
-
- 17 8月, 2016 2 次提交
-
-
由 Patricio Cano 提交于
-
由 Patricio Cano 提交于
-