-[Block access to GitLab for users with expired password](gitlab-org/security/gitlab@f0a07ce8a596a4dd6f1311dff893c896b0cdf82f)([merge request](gitlab-org/security/gitlab!1446))
-[Adds redirect page to OAuth](gitlab-org/security/gitlab@6ed6dfc8f9ba785fd5337ee0f4701c983b6f07b0)([merge request](gitlab-org/security/gitlab!1441))
-[Update users two factor required from group](gitlab-org/security/gitlab@8c3fe378289d2dced2139c9db396b6270d3bc0ab)([merge request](gitlab-org/security/gitlab!1432))
-[Updates authorization for lint](gitlab-org/security/gitlab@be33caed9684af07ac715038d7a2865d9d0c7247)([merge request](gitlab-org/security/gitlab!1429))
-[Opt in to Atlassians new context qsh](gitlab-org/security/gitlab@f1d06250fbef6fa2af8a8c88d3b3f9391c332089)([merge request](gitlab-org/security/gitlab!1408))
-[Limit oncall projects shown to scope of source](gitlab-org/security/gitlab@a70859aaac44c9b3bd3cc673737e01e2a3aba99c)([merge request](gitlab-org/security/gitlab!1410)) **GitLab Enterprise Edition**
-[Only verify commit signatures if the user email is verified](gitlab-org/security/gitlab@9039fdffdf109cdf667be8db3d792a502aad8bb9)([merge request](gitlab-org/security/gitlab!1385))
-[Prevent XSS on notebooks](gitlab-org/security/gitlab@9a2dc30920c2a271257ccec92aebcfabec276096)([merge request](gitlab-org/security/gitlab!1421))
-[Truncate all non-blob markdown to 1MB by default](gitlab-org/security/gitlab@e9e6bc0450639ee25fd0ced983da231700a4d4f9)([merge request](gitlab-org/security/gitlab!1420))
-[Use xpath search of Nokogiri instead of css search](gitlab-org/security/gitlab@7e5c79021ab54ffc70d22bba3c663ce38ae83a88)([merge request](gitlab-org/security/gitlab!1416))
@@ -24646,6 +24646,8 @@ CREATE INDEX index_users_ops_dashboard_projects_on_project_id ON users_ops_dashb
...
@@ -24646,6 +24646,8 @@ CREATE INDEX index_users_ops_dashboard_projects_on_project_id ON users_ops_dashb
CREATE UNIQUE INDEX index_users_ops_dashboard_projects_on_user_id_and_project_id ON users_ops_dashboard_projects USING btree (user_id, project_id);
CREATE UNIQUE INDEX index_users_ops_dashboard_projects_on_user_id_and_project_id ON users_ops_dashboard_projects USING btree (user_id, project_id);
CREATE INDEX index_users_require_two_factor_authentication_from_group_false ON users USING btree (require_two_factor_authentication_from_group) WHERE (require_two_factor_authentication_from_group = false);
CREATE INDEX index_users_security_dashboard_projects_on_user_id ON users_security_dashboard_projects USING btree (user_id);
CREATE INDEX index_users_security_dashboard_projects_on_user_id ON users_security_dashboard_projects USING btree (user_id);
CREATE INDEX index_users_star_projects_on_project_id ON users_star_projects USING btree (project_id);
CREATE INDEX index_users_star_projects_on_project_id ON users_star_projects USING btree (project_id);
@@ -433,6 +433,13 @@ RSpec.describe Gitlab::GitAccess do
...
@@ -433,6 +433,13 @@ RSpec.describe Gitlab::GitAccess do
expect{pull_access_check}.toraise_forbidden("Your account has been deactivated by your administrator. Please log back in from a web browser to reactivate your account at #{Gitlab.config.gitlab.url}")
expect{pull_access_check}.toraise_forbidden("Your account has been deactivated by your administrator. Please log back in from a web browser to reactivate your account at #{Gitlab.config.gitlab.url}")
end
end
it'disallows users with expired password to pull'do
project.add_maintainer(user)
user.update!(password_expires_at: 2.minutes.ago)
expect{pull_access_check}.toraise_forbidden("Your password expired. Please access GitLab from a web browser to update your password.")
end
context'when the project repository does not exist'do
context'when the project repository does not exist'do
beforedo
beforedo
project.add_guest(user)
project.add_guest(user)
...
@@ -969,6 +976,13 @@ RSpec.describe Gitlab::GitAccess do
...
@@ -969,6 +976,13 @@ RSpec.describe Gitlab::GitAccess do
expect{push_access_check}.toraise_forbidden("Your account has been deactivated by your administrator. Please log back in from a web browser to reactivate your account at #{Gitlab.config.gitlab.url}")
expect{push_access_check}.toraise_forbidden("Your account has been deactivated by your administrator. Please log back in from a web browser to reactivate your account at #{Gitlab.config.gitlab.url}")
end
end
it'disallows users with expired password to push'do
project.add_maintainer(user)
user.update!(password_expires_at: 2.minutes.ago)
expect{push_access_check}.toraise_forbidden("Your password expired. Please access GitLab from a web browser to update your password.")
'pre:not([data-math-style]):not([data-mermaid-style]):not([data-kroki-style]) > code'|"descendant-or-self::pre[not(@data-math-style) and not(@data-mermaid-style) and not(@data-kroki-style)]/code"