1. 10 Dec, 2015 1 commit
    • Robert Speicher's avatar
      Merge branch 'devise_paranoid_mode' into 'master' · 0c0854c8
      Robert Speicher authored
      Enable Devise paranoid mode and ensure the returned message is the same
      every time. This will prevent user enumeration (low impact). 
      
      Prior to this change a user could type an email in the password reset
      field and if the email didn't exist it returned an error. If the email
      was valid it returned a message saying the forgot password link had been
      emailed. After this change the user will receive a message that if the
      email is in our database the reset link will be emailed. 
      
      I also changed the throttle mechanism so it still works the same but
      now returns the exact same message as above. Previously it would say
      'You've already sent a request. Wait a few minutes'. This also allows
      user enumeration, although it requires a double-check.
      
      Related to https://dev.gitlab.org/gitlab/gitlabhq/issues/2624
      
      See merge request !2044
      0c0854c8
  2. 09 Dec, 2015 1 commit
  3. 08 Dec, 2015 1 commit
  4. 07 Dec, 2015 4 commits
    • Robert Speicher's avatar
      Update CHANGELOG · 38397062
      Robert Speicher authored
      [ci skip]
      38397062
    • Grzegorz Bizon's avatar
      Merge branch 'fix/award-emoji-conflict-in-notes' into 'master' · 23975e09
      Grzegorz Bizon authored
      Fix problems with award-emoji-only comment
      
      This fixes a conflict between note with only a single emoji in content
      and award-emojis mechanisms.
      
      Closes #3734 
      
      cc @vsizov
      
      See merge request !1936
      23975e09
    • Valery Sizov's avatar
      Merge branch 'webhook_payload_with_changes' into 'master' · e70ac793
      Valery Sizov authored
      Add added, modified and removed properties to commit object in webhook
      
      https://gitlab.com/gitlab-org/gitlab-ee/issues/20
      
      See merge request !1988
      e70ac793
    • Douwe Maan's avatar
      Merge branch 'fix-global-milestones-error-500' into 'master' · 46d24898
      Douwe Maan authored
      Fix Error 500 when creating global milestones with Unicode characters
      
      Two issues:
      
      1. The constraints in the resources were incorrect. Here's what it was before:
      
      ```
      group_milestone  GET /groups/:group_id/milestones/:id(.:format)  groups/milestones#show {:id=>/[a-zA-Z.0-9_\-]+(?<!\.atom)/, :group_id=>/[a-zA-Z.0-9_\-]+(?<!\.atom)/}
      ```
      
      In this case, id is actually the title of the milestone, which can be anything at the moment.
      
      After:
      ```
      group_milestone  GET /groups/:group_id/milestones/:id(.:format)  groups/milestones#show {:id=>/[^\/]+/, :group_id=>/[a-zA-Z.0-9_\-]+(?<!\.atom)/}
      ```
      
      2. `parameterize` would strip all Unicode characters, leaving a blank string. Rails would report something like:
      
      ```
      ActionView::Template::Error (No route matches {:action=>"show", :controller=>"groups/milestones", :group_id=>#<Group id: 48, name: "ops-dev", path: "ops-dev", owner_id: nil, created_at: "2015-11-15 08:55:30", updated_at: "2015-12-02 06:23:26", type: "Group", description: "", avatar: "sha1.c71e73d51af1865c1bbbf6208e10044d46c9bb93.png", public: false>, :id=>"", :title=>"肯定不是中文的问题"} missing required keys: [:id]):
      ```
      
      This change uses the babosa library to create a better slug, which surprisingly
      isn't actually used by the global milestone controllers. Instead, they use the
      title passed as a query string for some reason.
      
      Closes https://github.com/gitlabhq/gitlabhq/issues/9881
      
      See merge request !1983
      46d24898
  5. 05 Dec, 2015 1 commit
  6. 04 Dec, 2015 1 commit
  7. 02 Dec, 2015 2 commits
  8. 01 Dec, 2015 1 commit
  9. 30 Nov, 2015 5 commits
  10. 27 Nov, 2015 3 commits
  11. 25 Nov, 2015 4 commits
  12. 24 Nov, 2015 1 commit
  13. 23 Nov, 2015 4 commits
  14. 22 Nov, 2015 5 commits
    • Robert Speicher's avatar
      Version 8.2.0 · d6bcf446
      Robert Speicher authored
      d6bcf446
    • Robert Speicher's avatar
      Merge branch 'award_fix' into 'master' · dbcd6462
      Robert Speicher authored
      Emoji bug: Invalid url to image
      
      Closes #3591
      
      See merge request !1868
      dbcd6462
    • Dmitriy Zaporozhets's avatar
      Merge branch 'fix-merge-requests-without-source-projects' into 'master' · aeaa5b50
      Dmitriy Zaporozhets authored
      Handle removed source projects in MR CI commits
      
      Fixes #3599 
      
      @dzaporozhets assigning this to you since you wrote the original code. Perhaps checking for the source project isn't the right way, but I'm not sure if there's a better way (e.g. somewhere earlier in the process) that we can detect this.
      
      See merge request !1859
      aeaa5b50
    • Robert Speicher's avatar
      Merge branch 'fix-award-emoji-api' into 'master' · 94b33caf
      Robert Speicher authored
      Add upvote/downvote fields to merge request and note API to preserve compatibility
      
      As discussed in !1825 we should not break the API compatibility.
      
      * This MR adds the fields `upvotes`/`downvotes` to the merge request API again, which always return `0`.
      * Add the fields `upvote`/`downvote` to the notes API, which always return `false`
      
      This behavior is documented in the API docs.
      
      See merge request !1867
      94b33caf
    • Stan Hu's avatar
      Merge branch 'consistent-tags-api' into 'master' · 27821ce0
      Stan Hu authored
      Make tag API for release feature consistent
      
      Make tags API consistent with other tags methods. This changes the endpoint from `PUT /projects/:id/repository/:tag/release` to `PUT /projects/:id/repository/tags/:tag_name/release`.
      
      On thing the API is still missing, is an error if the tag does not exist. Right now it returns 200 even the tag does not exist. I'll fix that such it returns 404.
      
      @stanhu Can you review?
      @rspeicher This MR should go into 8.2
      
      See merge request !1864
      27821ce0
  15. 21 Nov, 2015 6 commits