- 22 Mar, 2022 40 commits
-
-
Stan Hu authored
Most controllers call `ApplicationController#auth_user` first, which ensures that the currently-logged in user will be memoized properly. However, controllers such as `GraphQlController` allows sessionless access via the `PRIVATE-TOKEN` header. They authenticate access via `authenticate_sessionless_user!`. Since `auth_user` is memoized before `authenticate_sessionless_user!` gets to run, `ApplicationController#context_user` relies on a stale `auth_user` value if a sessionless user is used. As a result, `GraphQlController` erroneously logs that an anonymous user accessed an endpoint when an actual user was responsible. To fix this, we need to update `authenticate_sessionless_user!` so that it flushes the memoization of `auth_user` if a sessionless user has logged in. Note that we have to be careful not to call `current_user` for anonymous users because each attempt will cause a Warden reauthentication attempt. Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/356213 Changelog: fixed
-
Peter Hegman authored
Use gl-drawer for pipeline editor help drawer See merge request gitlab-org/gitlab!83044
-
Mireya Andres authored
This aligns the behavior and styling of the drawer with GitLab's standards. The drawer can be opened using the help button in the pipeline editor. Changelog: changed
-
Jose Ivan Vargas authored
Add ability to enable SAST at project creation See merge request gitlab-org/gitlab!83138
-
Nick Gaskill authored
Edited for style and consistency See merge request gitlab-org/gitlab!83236
-
Suzanne Selhorn authored
Related to: https://gitlab.com/gitlab-org/technical-writing/-/issues/528
-
Alper Akgun authored
Change mp4 to image See merge request gitlab-org/gitlab!83435
-
Bob Van Landuyt authored
Update Editor team endpoint custom thresholds See merge request gitlab-org/gitlab!83425
-
David O'Regan authored
Set a low urgency for a selection of the editor team endpoints as per our new custom threshold guidelines.
-
Rémy Coutable authored
Remove review-cleanup manual job from MRs See merge request gitlab-org/gitlab!83273
-
Achilleas Pipinellis authored
Update view subscription instructions See merge request gitlab-org/gitlab!83403
-
Fiona Neill authored
-
Nick Gaskill authored
Doc: Replace explicit ~/.gradle/ mentions with configurable GRADLE_USER_HOME See merge request gitlab-org/gitlab!83092
-
Nick Gaskill authored
Add frontend docs for registry like apps See merge request gitlab-org/gitlab!78277
-
Nicolò Maria Mezzopera authored
-
release-tools approver bot authored
Update Gitaly version See merge request gitlab-org/gitlab!83436
-
Jose Ivan Vargas authored
Fix deletion of deprecated notes See merge request gitlab-org/gitlab!83089
-
Lukas 'Eipi' Eipert authored
Notes in Snippets / Commits are deleted from the DOM even before the user confirmed the deletion. With `bootstrap_confirmation_modals` enabled this actually caused a bug, because the element is progamatically clicked after confirmation. But as the element is removed from the DOM already, Rails/UJS didn't intercept the click properly. If we switch from a click handler to an ajax:success handler _and_ remove the note from the DOM after a successful deletion, this problem is resolved.
-
Jose Ivan Vargas authored
Build jobs filtered search See merge request gitlab-org/gitlab!82539
-
Payton Burdette authored
Add jobs filtered search feature to the jobs page.
-
Marcin Sedlak-Jakubowski authored
Update CRM docs around moving issues, projects and groups See merge request gitlab-org/gitlab!80407
-
Lee Tickett authored
-
Savas Vedova authored
Fix vulnerability report not showing for manually-added vulnerabilities See merge request gitlab-org/gitlab!82698
-
Daniel Tian authored
-
Fabio Pitino authored
Re-name "DevOps Report" as "DevOps Reports" See merge request gitlab-org/gitlab!81530
-
Jose Ivan Vargas authored
Migrate to shared alert component See merge request gitlab-org/gitlab!83300
-
GitLab Release Tools Bot authored
-
Tetiana Chupryna authored
View History of All Project Imports - Frontend See merge request gitlab-org/gitlab!83207
-
Achilleas Pipinellis authored
Added deprecation notice for user_email_lookup_limit See merge request gitlab-org/gitlab!83220
-
Fabian Zimmer authored
-
Brian Rhea authored
-
Paul Slaughter authored
Refetch runners list data after runner is updated/deleted See merge request gitlab-org/gitlab!82502
-
Jose Ivan Vargas authored
Add vulnerability training doc link See merge request gitlab-org/gitlab!82961
-
Jacques Erasmus authored
Add SVG blob viewer See merge request gitlab-org/gitlab!81567
-
Alper Akgun authored
What's New 14.9 See merge request gitlab-org/gitlab!83333
-
Brian Rhea authored
-
Furkan Ayhan authored
FF rollout issue for purge_stale_security_findings See merge request gitlab-org/gitlab!83346
-
Paul Slaughter authored
Remove releases_index_apollo_client Feature Flag See merge request gitlab-org/gitlab!82934
-
Brian Rhea authored
Deprecate `background upload` for object storage See merge request gitlab-org/gitlab!83396
-
Fabian Zimmer authored
-