Commit 6100ff28 authored by luci's avatar luci Committed by Kati Paizee

Revert "Merge branch 'master' of https://gitlab.com/gitlab-org/gitlab into...

Revert "Merge branch 'master' of https://gitlab.com/gitlab-org/gitlab into luciash-master-patch-01122"

This reverts commit ef65e01b2e39eb8b98caab90d55da6b6b99c2352
parent 48512927
......@@ -37,6 +37,9 @@ class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController
# limit scopes when signing in with GitLab
def downgrade_scopes!
return unless Feature.enabled?(:omniauth_login_minimal_scopes, current_user,
default_enabled: :yaml)
auth_type = params.delete('gl_auth_type')
return unless auth_type == 'login'
......
......@@ -83,9 +83,17 @@ module WebpackHelper
end
def webpack_public_host
# We proxy webpack output in 'test' and 'dev' environment, so we can just use asset_host
# We do not proxy the webpack output in the 'test' environment,
# so we must reference the webpack dev server directly.
if Rails.env.test? && Gitlab.config.webpack.dev_server.enabled
host = Gitlab.config.webpack.dev_server.host
port = Gitlab.config.webpack.dev_server.port
protocol = Gitlab.config.webpack.dev_server.https ? 'https' : 'http'
"#{protocol}://#{host}:#{port}"
else
ActionController::Base.asset_host.try(:chomp, '/')
end
end
def webpack_public_path
relative_path = Gitlab.config.gitlab.relative_url_root
......
---
name: omniauth_login_minimal_scopes
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/78556
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/351331
milestone: '14.8'
type: development
group: 'group::authentication and authorization'
default_enabled: false
......@@ -21,7 +21,7 @@ if app.config.public_file_server.enabled
# If webpack-dev-server is configured, proxy webpack's public directory
# instead of looking for static assets
if Gitlab.config.webpack.dev_server.enabled && Gitlab.dev_or_test_env?
if Gitlab.config.webpack.dev_server.enabled && Rails.env.development?
app.config.middleware.insert_before(
Gitlab::Middleware::Static,
Gitlab::Webpack::DevServerMiddleware,
......
......@@ -4,4 +4,4 @@
removal_milestone: "15.1"
removal_date: "2022-06-22"
body: |
Long term service and support (LTSS) for [Debian 9 Stretch ends in July 2022](https://wiki.debian.org/LTS). Therefore, we will longer support the Debian 9 distribution for the GitLab package. Users can upgrade to Debian 10 or Debian 11.
Long term service and support (LTSS) for [Debian 9 Stretch ends in July 2022](https://wiki.debian.org/LTS). Therefore, we will no longer support the Debian 9 distribution for the GitLab package. Users can upgrade to Debian 10 or Debian 11.
......@@ -117,9 +117,10 @@ signed in.
## Reduce access privileges on sign in
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/337663) in GitLab 14.8 [with a flag](../administration/feature_flags.md) named `omniauth_login_minimal_scopes`. Disabled by default.
> - [Enabled on GitLab.com](https://gitlab.com/gitlab-org/gitlab/-/issues/351331) in GitLab 14.9.
> - [Feature flag `omniauth_login_minimal_scopes`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/83453) removed in GitLab 14.10
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/337663) in GitLab 14.8 [with a flag](../administration/feature_flags.md) named `omniauth_login_minimal_scopes`. Disabled by default.
FLAG:
On self-managed GitLab, by default this feature is not available. To make it available, ask an administrator to [enable the feature flag](../administration/feature_flags.md) named `omniauth_login_minimal_scopes`. On GitLab.com, this feature is not available.
If you use a GitLab instance for authentication, you can reduce access rights when an OAuth application is used for sign in.
......
......@@ -65,7 +65,7 @@ GitLab will publish additional guidance to assist affected customers in migratin
### Deprecate support for Debian 9
Long term service and support (LTSS) for [Debian 9 Stretch ends in July 2022](https://wiki.debian.org/LTS). Therefore, we will longer support the Debian 9 distribution for the GitLab package. Users can upgrade to Debian 10 or Debian 11.
Long term service and support (LTSS) for [Debian 9 Stretch ends in July 2022](https://wiki.debian.org/LTS). Therefore, we will no longer support the Debian 9 distribution for the GitLab package. Users can upgrade to Debian 10 or Debian 11.
**Planned removal milestone: 15.1 (2022-06-22)**
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment