- 05 Jul, 2017 8 commits
-
-
Sean McGivern authored
Fix spec failure for squash in progress error handling See merge request !2343
-
Annabel Dunstone Gray authored
Fixed admin sidebar not showing all options in new navigation See merge request !2334
-
Annabel Dunstone Gray authored
Port of 32838-admin-panel-spacing to EE See merge request !2264
-
Annabel Dunstone Gray authored
Show loading icon when retrieving Geo node status Closes #1977 See merge request !2309
-
Douwe Maan authored
Resolve EE conflicts for "Fix API Scoping" See merge request !2338
-
Sean McGivern authored
EE Port: Honor the "Remember me" parameter for OAuth-based login See merge request !2175
-
James Edwards-Jones authored
-
Timothy Andrew authored
- There were conflicting changes in `master` that were fixed in 94258a65. This made rebasing the commits from gitlab-ce!12300 problematic, due to conflicts. - Instead, I squashed all !12300 commits into a single commit, and cherry-picked that onto 33580-fix-api-scoping-ee, which resulted in this commit. Original commit messages below ============================== Initial attempt at refactoring API scope declarations. - Declaring an endpoint's scopes in a `before` block has proved to be unreliable. For example, if we're accessing the `API::Users` endpoint - code in a `before` block in `API::API` wouldn't be able to see the scopes set in `API::Users` since the `API::API` `before` block runs first. - This commit moves these declarations to the class level, since they don't need to change once set. Allow API scope declarations to be applied conditionally. - Scope declarations of the form: allow_access_with_scope :read_user, if: -> (request) { request.get? } will only apply for `GET` requests - Add a negative test to a `POST` endpoint in the `users` API to test this. Also test for this case in the `AccessTokenValidationService` unit tests. Test `/users` endpoints for the `read_user` scope. - Test `GET` endpoints to check that the scope is allowed. - Test `POST` endpoints to check that the scope is disallowed. - Test both `v3` and `v4` endpoints. When verifying scopes, manually include scopes from `API::API`. - They are not included automatically since `API::Users` does not inherit from `API::API`, as I initially assumed. - Scopes declared in `API::API` are considered global (to the API), and need to be included in all cases. Test OAuth token scope verification in the `API::Users` endpoint Add CHANGELOG entry for CE MR 12300 Fix remaining spec failures for !12300. 1. Get the spec for `lib/gitlab/auth.rb` passing. - Make the `request` argument to `AccessTokenValidationService` optional - `auth.rb` doesn't need to pass in a request. - Pass in scopes in the format `[{ name: 'api' }]` rather than `['api']`, which is what `AccessTokenValidationService` now expects. 2. Get the spec for `API::V3::Users` passing 2. Get the spec for `AccessTokenValidationService` passing Implement review comments from @dbalexandre for !12300. Implement review comments from @DouweM for !12300. - Use a struct for scopes, so we can call `scope.if` instead of `scope[:if]` - Refactor the "remove scopes whose :if condition returns false" logic to use a `select` rather than a `reject`. Extract a `Gitlab::Scope` class. - To represent an authorization scope, such as `api` or `read_user` - This is a better abstraction than the hash we were previously using. `AccessTokenValidationService` accepts `String` or `API::Scope` scopes. - There's no need to use `API::Scope` for scopes that don't have `if` conditions, such as in `lib/gitlab/auth.rb`. Fix build for !12300. - The `/users` and `/users/:id` APIs are now accessible without authentication (!12445), and so scopes are not relevant for these endpoints. - Previously, we were testing our scope declaration against these two methods. This commit moves these tests to other `GET` user endpoints which still require authentication.
-
- 04 Jul, 2017 32 commits
-
-
Douwe Maan authored
Check license for milestones on issue boards Closes #2568 See merge request !2315
-
Douwe Maan authored
Introduce namespace license checks for Push Rules (EES) Closes #2573 See merge request !2335
-
Marcia Ramos authored
Clarify when Code Quality shows in MR widget Closes #2782 See merge request !2298
-
Douwe Maan authored
Namespace license checks Issue & MR template Closes #2580 See merge request !2321
-
Nick Thomas authored
-
Bob Van Landuyt authored
-
Bob Van Landuyt authored
And separate EE/CE for board.rb
-
Bob Van Landuyt authored
-
Bob Van Landuyt authored
-
Bob Van Landuyt authored
-
Bob Van Landuyt authored
-
Timothy Andrew authored
-
Nick Thomas authored
-
Nick Thomas authored
-
Douwe Maan authored
Introduce namespace license checks for merge request approvers (EES) Closes #2566 See merge request !2324
-
Douwe Maan authored
# Conflicts: # app/models/license.rb
-
Douwe Maan authored
Hide Focus mode button if feature not available in license Closes #2569 See merge request !2303
-
Douwe Maan authored
Namespace license checks for Contribution Analytics (EES) Closes #2579 See merge request !2302
-
Rémy Coutable authored
Fix EE conflicts for "Allow unauthenticated access to the `/api/v4/users` API" See merge request !2247
-
Timothy Andrew authored
-
Phil Hughes authored
-
Nick Thomas authored
-
Nick Thomas authored
-
Nick Thomas authored
-
Toon Claes authored
When the Issuable Default Template feature is not available, do not show the input form to configure the Issue & MR templates on the Settings page.
-
Toon Claes authored
Only when the Issuable Default Templates feature is available, fill in the description from settings when building a new MR.
-
Toon Claes authored
Only when the license allows Issuable Default Templates, set the issue description when building an Issue. Do this by splitting out EE-specific features into EE::Issues::BuildService. And also split up spec files.
-
Toon Claes authored
-
Timothy Andrew authored
- Don't use `request.env['omniauth.params']` if it isn't present. - Remove the `saml` section from the `gitlab.yml` test section. Some tests depend on this section not being initially present, so it can be overridden in the test. This MR doesn't add any tests for SAML, so we didn't really need this in the first place anyway. - Clean up the test -> omniauth section of `gitlab.yml`
-
Timothy Andrew authored
- Disable an ESLint check rather than work around it (by converting `OAuthRememberMe` from a regular class to a static class. - Scope `$` calls inside `OAuthRememberMe`
-
Timothy Andrew authored
- Change double quotes to single quotes. - Why is `OmniAuth.config.full_host` being reassigned in the integration test? - Use `map` over `map!` to avoid `dup` in the `gitlab:info` rake task - Other minor changes
-
Timothy Andrew authored
- The test for `rake gitlab:env:info` executed the rake task, which mutated the list of omniauth providers, breaking subsequent tests relying on this list. - I've changed the rake task to duplicate the providers list before modifying it.
-