An error occurred fetching the project authors.
  1. 08 Jun, 2016 1 commit
  2. 21 May, 2016 1 commit
    • Gabriel Mazetto's avatar
      Merge branch 'feature/geo-single-signout' into 'master' · 031c003a
      Gabriel Mazetto authored
      Geo: Single Sign Out
      
      Implements Single Sign Out for Geo (#76).
      
      Initial proposal was to generate a hash based on the `access_token`, but that created a O(N) cost against a desirable O(1), as a new `access_token` is generated for each new login. To overcome that cost we would need to send a "public identifier" to help retrieve the correct `access_token` and provide that during login process.
      
      This is also how most Single Sign On implementations works (they provide some sort of session_id, that we notify every node to invalidate, during sign out process).
      
      As I don't want to modify our OAuth table (that is managed by doorkeeper) nor change the way our login process work, the solution is to encrypt the `access_token` using a symmetric key known by both nodes, and expire the `access_token` after the logout to prevent replay attacks (otherwise we would need to send a `nounce` and store that on primary). 
      
      The key is based on `Gitlab::Application.secrets.db_key_base` which we already use to encrypt database attributes and is synced between both nodes. We communicate sending a `state` parameter which is known terminology in OAuth protocol.
      
      Although this is implemented with Geo only in mind, we can backport to CE (with minimal changes) and provide as a "non-standard" way of single sign off for applications that integrate with GitLab.
      
      Fixes #522 
      
      See merge request !380
      031c003a
  3. 13 May, 2016 4 commits
  4. 19 Apr, 2016 1 commit
  5. 14 Apr, 2016 4 commits
  6. 21 Mar, 2016 1 commit
  7. 16 Mar, 2016 1 commit
  8. 12 Mar, 2016 2 commits
  9. 11 Mar, 2016 5 commits
  10. 10 Mar, 2016 1 commit
  11. 07 Mar, 2016 17 commits
  12. 27 Jan, 2016 2 commits