1. 02 Aug, 2016 9 commits
    • Kirill Smelkov's avatar
      NXD Teach GitLab about patches · 1aafce0d
      Kirill Smelkov authored
      Teach GitLab not only to merge changes from a merge-request, but also to
      apply patches posted to merge-request in a way like `git am` would do -
      without merge commit and directly on top of current branch. Which way to
      go is selected by user in web UI, and apply patches is the first option.
      There are 3 cases:
      - only 1 commit is present in MR -> the only available option is to
        apply that single commit as one patch without a merge
        ( There is no need for merge commit in this case at all: information
          about user who applied the patch goes to "Committer" field in resultant
          commit. Avoiding 1 merge per 1 patch results in cleaner history )
        It is also possible to review patch description directly in web UI,
        before doing the actual application, and correct / amend it as needed.
      - several commits are present in MR:
        * it is possible to apply the patches directly on top of current
          branch. Again information about who applied what goes to "Committer"
        * it is possible to merge MR changes with making a merge commit.
          This variant is useful, when patches from a MR do several logical
          steps to reach one goal, and MR description contain cover letter for
          whole patch series.
          in this case original commits stay untouched and resulting merge
          will contain MR author as author, user who accepted MR as committer,
          and cover letter as merge commit message.
          NOTE we avoid useless "Merge branch X into Y" in merge message, and
              just put MR title into merge subject and MR description into merge
              This way it is more logical with more important information in
              merge subject and thus e.g. more handy to oversee what a merge brings,
              just by it subject, e.g. via looking at updates via
                  gitk --first-parent ...
              or via web.
      NOTE for pre-generated references to merge-request we now use full MR
          URL, instead of !<MR-n>. Full URLs work everywhere, not only on
          original site where MR was created, or even only in original repo
          and not its fork on the same site.
    • Kirill Smelkov's avatar
      NXD Show ICP on front page & on footer of every other pages · b1d03cd3
      Kirill Smelkov authored
      TODO detect whether request comes from China and only then show ICP (?).
    • Kirill Smelkov's avatar
      NXD Show "about" footer on every page · d1deef75
      Kirill Smelkov authored
      We show in small font size the same info that is shown on sign_in page:
          "GitLab Nexedi Edition", "About GitLab" and "About Nexedi"
      This is good to have and hereby-introduced about-footer area will be
      also used in the next patch for ICP too.
      XXX placement of .about-footer to be near bottom is done not very
    • Kirill Smelkov's avatar
      NXD gitlab:app:check : Don't check for init script · 0a1a6151
      Kirill Smelkov authored
      Like Omnibus, SlapOS version does not have init script - nothing to
      check here.
    • Kirill Smelkov's avatar
      NXD lib/tasks/gitlab/check: Exit with non-zero code, if something failed in a check task · 18ccaea7
      Kirill Smelkov authored
      This is handy for monitoring tools, which could e.g. periodically call check
      tasks and instead of parsing output, rely on exit code.
      The way we detect if something failed is via hooking into String#red, and if
      anything was ever printed in red - that's an error.
    • Kirill Smelkov's avatar
    • Kirill Smelkov's avatar
      NXD clone_panel: Remove SSH option completely · 6159ef3a
      Kirill Smelkov authored
      The default was switched to HTTP in the previous patch, but let's completely
      remove SSH option - we support only HTTP for git fetch/push.
    • Kirill Smelkov's avatar
      NXD Make HTTP to be the default clone protocol · 93a3eb7a
      Kirill Smelkov authored
      Both fetch and push are possible over https, which is selected by http if
      gitlab was configured to use https in external url.
      This way to reduce security vectors and possible ways to interact with gitlab
      we use https only without ssh at all.
    • Kirill Smelkov's avatar
      NXD GitLab Nexedi Edition · b47fd2bb
      Kirill Smelkov authored
      = GitLab Community Edition + Nexedi patches
  2. 15 Jun, 2016 1 commit
  3. 14 Jun, 2016 4 commits
  4. 27 Apr, 2016 1 commit
  5. 26 Apr, 2016 5 commits
  6. 25 Apr, 2016 6 commits
  7. 20 Apr, 2016 1 commit
  8. 19 Apr, 2016 4 commits
  9. 15 Apr, 2016 5 commits
  10. 07 Apr, 2016 4 commits
    • Robert Speicher's avatar
      Update VERSION to 8.6.5 · e63f120e
      Robert Speicher authored
    • Robert Speicher's avatar
      Merge branch 'patch/fix-ldap-unblock-user-logic' into 'master' · 0a3f3668
      Robert Speicher authored
      Unblocks user when active_directory is disabled and it can be found
      We implemented a specific block state to handle user blocking that originates from LDAP filtering rules / directory state in !2242.
      That introduced a regression in LDAP authentication when Active Directory support was disabled. You could have a scenario where the user would not be temporarily found (like a filtering rule), that would mark the user as `ldap_blocked`, but will never unblock it automatically when that state changed.
      Fixes #14253, #13179, #13259, #13959
      See merge request !3550
    • Yorick Peterse's avatar
      Merge branch 'reorder-language' into 'master' · 44c03542
      Yorick Peterse authored
      Update language after doing all other operations
      See merge request !3533
      Signed-off-by: default avatarRémy Coutable <remy@rymai.me>
    • Rémy Coutable's avatar
      Merge branch 'fix/2fa-authentication-spoofing' into 'master' · ea1b80ae
      Rémy Coutable authored
      Fix 2FA authentication spoofing
      ## Summary
      This is security fix for vulnerability described at
      Attacker was able to bypass password authentication of users that have 2FA enabled, and consequently sign is as a different user, without knowing his password, if he managed to guess 2FA One Time Password for that user.
      It was also possible to enumerate users and check if they have 2FA enabled, because GitLab responded with different error for each case.
      ## Fix
      This MR attempts to change default user search scope if `otp_user_id` session variable has been set. If it is present, it means that user has 2FA enabled, and has already been verified with login and password. In this case we should look for user with `otp_user_id` first, before picking it up by `login`.
      Both, 2FA authentication spoofing and 2FA discovery have been covered by specs.
      ## Further work
      Current 2FA code is a bit tricky, so it probably needs some refactoring.
      See merge request !1947
      Signed-off-by: default avatarRémy Coutable <remy@rymai.me>