- 03 3月, 2017 1 次提交
-
-
由 Paweł Chojnacki 提交于
-
- 27 2月, 2017 1 次提交
-
-
由 Rémy Coutable 提交于
Signed-off-by: NRémy Coutable <remy@rymai.me>
-
- 23 2月, 2017 1 次提交
-
-
由 Douwe Maan 提交于
-
- 22 2月, 2017 1 次提交
-
-
由 Douwe Maan 提交于
-
- 11 2月, 2017 1 次提交
-
-
由 Robert Speicher 提交于
-
- 20 12月, 2016 2 次提交
-
-
由 Rémy Coutable 提交于
Signed-off-by: NRémy Coutable <remy@rymai.me>
-
由 Kim "BKC" Carlbäcker 提交于
-
- 23 11月, 2016 1 次提交
-
-
由 Dmitriy Zaporozhets 提交于
Signed-off-by: NDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-
- 22 11月, 2016 1 次提交
-
-
- 18 11月, 2016 1 次提交
-
-
由 Oren Kanner 提交于
Resolves #24576 Modify the guard clause of the `ApplicationController#require_email` before action to skip requests where an admin is impersonating the current user.
-
- 24 10月, 2016 1 次提交
-
-
由 Lin Jen-Shin 提交于
Closes #23615
-
- 15 10月, 2016 1 次提交
-
-
由 Dmitriy Zaporozhets 提交于
We need this to prevent routing error when user access URL like /123 when there is no resource located under such name Signed-off-by: NDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
-
- 14 10月, 2016 2 次提交
-
-
由 Sean McGivern 提交于
-
由 Sean McGivern 提交于
When reading conflicts: 1. Add a `type` field. `text` works as before, and has `sections`; `text-editor` is a file with ambiguous conflict markers that can only be resolved in an editor. 2. Add a `content_path` field pointing to a JSON representation of the file's content for a single file. 3. Hitting `content_path` returns a similar datastructure to the `file`, but without the `content_path` and `sections` fields, and with a `content` field containing the full contents of the file (with conflict markers). When writing conflicts: 1. Instead of `sections` being at the top level, they are now in a `files` array. This matches the read format better. 2. The `files` array contains file hashes, each of which must contain: a. `new_path` b. `old_path` c. EITHER `sections` (which works as before) or `content` (with the full content of the resolved file).
-
- 06 10月, 2016 1 次提交
-
-
由 Clement Ho 提交于
-
- 01 9月, 2016 2 次提交
-
-
由 Tomasz Maczukin 提交于
-
由 Tomasz Maczukin 提交于
-
- 31 8月, 2016 1 次提交
-
-
由 http://jneen.net/ 提交于
-
- 25 8月, 2016 2 次提交
-
-
由 Z.J. van de Weg 提交于
-
由 Stan Hu 提交于
Closes #21043
-
- 01 8月, 2016 1 次提交
-
-
由 zs 提交于
Provide more sensible default sort order for issues and merge requests based on the following table: | type | state | default sort order | |----------------|--------|--------------------| | issues | open | last created | | issues | closed | last updated | | issues | all | last created | | merge requests | open | last created | | merge requests | merged | last updated | | merge requests | closed | last updated | | merge requests | all | last created |
-
- 14 7月, 2016 1 次提交
-
-
由 Timothy Andrew 提交于
1. Only on supported Chrome versions 2. Mainly, this lets us simplify the javascript-based U2F check to `window.u2f`, where `window.u2f` can either be loaded from the GitLab server (for Chrome) or from the Firefox extension. 3. This is a better way to provide browser detection for U2F.
-
- 18 6月, 2016 1 次提交
-
-
由 Rémy Coutable 提交于
This is a try for a new approach to put the access checks at the service level. Signed-off-by: NRémy Coutable <remy@rymai.me>
-
- 16 6月, 2016 1 次提交
-
-
由 Timothy Andrew 提交于
- Extract a duplicated `redirect_to` - Fix a typo: "token", not "certificate" - Have the "Expires at" datepicker be attached to a text field, not inline - Have both private tokens and personal access tokens verified in a single "authenticate_from_private_token" method, both in the application and API. Move relevant logic to `User#find_by_personal_access_token` - Remove unnecessary constants relating to API auth. We don't need a separate constant for personal access tokens since the param is the same as for private tokens.
-
- 06 6月, 2016 3 次提交
-
-
由 Douwe Maan 提交于
-
由 Timothy Andrew 提交于
- Move the `TwoFactorAuthsController`'s `new` action to `show`, since the page is not used to create a single "two factor auth" anymore. We can have a single 2FA authenticator app, along with any number of U2F devices, in any combination, so the page will be accessed after the first "two factor auth" is created. - Add the `u2f` javascript library, which provides an API to the browser's U2F implementation. - Add tests for the JS components
-
由 Timothy Andrew 提交于
- To hold registrations from U2F devices, and to authenticate them. - Previously, `User#two_factor_enabled` was aliased to the `otp_required_for_login` column on `users`. - This commit changes things a bit: - `User#two_factor_enabled` is not a method anymore - `User#two_factor_enabled?` checks both the `otp_required_for_login` column, as well as `U2fRegistration`s - Change all instances of `User#two_factor_enabled` to `User#two_factor_enabled?` - Add the `u2f` gem, and implement registration/authentication at the model level.
-
- 03 6月, 2016 3 次提交
-
-
由 James Lopez 提交于
This reverts commit 3e991230.
-
由 James Lopez 提交于
# Conflicts: # app/models/project.rb
-
由 Timothy Andrew 提交于
-
- 01 6月, 2016 3 次提交
-
-
由 Timothy Andrew 提交于
-
由 Timothy Andrew 提交于
- So that the check for valid personal access tokens happens only if private token auth fails.
-
由 Felipe Artur 提交于
-
- 31 5月, 2016 1 次提交
-
-
由 Connor Shea 提交于
Devise (3.5.4 => 4.1.1) Changelog: https://github.com/plataformatec/devise/blob/master/CHANGELOG.md devise-two-factor (2.0.1 => 3.0.0) Changelog: https://github.com/tinfoil/devise-two-factor/blob/master/CHANGELOG.md These are reliant on each other, so they have to be upgraded together. devise-async is no longer necessary as Devise 4.1 fixes a bug with the ActiveJob integration.
-
- 13 5月, 2016 1 次提交
-
-
由 Gabriel Mazetto 提交于
-
- 11 5月, 2016 1 次提交
-
-
由 Timothy Andrew 提交于
- https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3749#note_11626427 - Personal access tokens are still a separate entity as far as the codebase is concerned - they just happen to use the same entry point as private tokens. - Update tests and documentation to reflect this change
-
- 04 5月, 2016 1 次提交
-
-
由 Artem Sidorenko 提交于
-
- 29 4月, 2016 3 次提交
-
-
由 Timothy Andrew 提交于
- Use `TokenAuthenticatable` to generate the personal access token - Remove a check for `authenticity_token` in application controller; this should've been `authentication_token`, maybe, and doesn't make any sense now. - Have the datepicker appear inline
-
由 Timothy Andrew 提交于
- No need to use `if`s when we have a `presence` check already.
-
由 Timothy Andrew 提交于
- Rename the `authenticate_user_from_token!` filter to `authenticate_user_from_private_token!` - Add a new `authenticate_user_from_personal_access_token!` filter - Add tests for both.
-