An error occurred fetching the project authors.
  1. 02 Jun, 2017 1 commit
  2. 01 Jun, 2017 1 commit
  3. 31 May, 2017 3 commits
  4. 30 May, 2017 8 commits
  5. 29 May, 2017 1 commit
  6. 25 May, 2017 1 commit
  7. 23 May, 2017 2 commits
  8. 22 May, 2017 2 commits
  9. 17 May, 2017 3 commits
  10. 16 May, 2017 1 commit
  11. 15 May, 2017 2 commits
  12. 12 May, 2017 1 commit
  13. 10 May, 2017 2 commits
  14. 04 May, 2017 1 commit
  15. 26 Apr, 2017 1 commit
  16. 25 Apr, 2017 1 commit
    • Timothy Andrew's avatar
      Don't display the `is_admin?` flag for user API responses. · 34b71e73
      Timothy Andrew authored
      - To prevent an attacker from enumerating the `/users` API to get a list of all
        the admins.
      
      - Display the `is_admin?` flag wherever we display the `private_token` - at the
        moment, there are two instances:
      
        - When an admin uses `sudo` to view the `/user` endpoint
        - When logging in using the `/session` endpoint
      34b71e73
  17. 14 Apr, 2017 2 commits
  18. 09 Apr, 2017 2 commits
  19. 07 Apr, 2017 1 commit
  20. 06 Apr, 2017 1 commit
  21. 05 Apr, 2017 3 commits