- 07 Jun, 2016 1 commit
-
-
Robert Speicher authored
The OTP input form is shared by both LDAP and standard logins, but when coming from an LDAP-based form, the form parameters aren't nested in a Hash based on the `resource_name` value. Now we check for a nested `remember_me` parameter and use that if it exists, or fall back to the non-nested parameters if it doesn't. Somewhat confusingly, the OTP input form _does_ nest parameters under the `resource_name`, regardless of what type of login we're coming from, so that allows everything else to work as normal.
-
- 06 Jun, 2016 37 commits
-
-
Yorick Peterse authored
Remove duplicated notification settings and add unique index See merge request !4472
-
Jacob Schatz authored
Fixed issue with activity links not being consistent ## What does this MR do? Previously, links for opening an issue/merge request & commenting where different. Opening would only have a link on the number whereas commenting would have link on the text as well. This standardises it to include the type as well (ie. issue) ## What are the relevant issue numbers? Closes #17621 ## Screenshots (if relevant) ![Screen_Shot_2016-06-01_at_12.12.09](/uploads/c778b007e6b6c068fcae30e34409ce98/Screen_Shot_2016-06-01_at_12.12.09.png) See merge request !4400
-
Jacob Schatz authored
Shows the edit comment button on mobile ## What does this MR do? Shows the edit comment button on mobile. ## What are the relevant issue numbers? Closes #17214 ## Screenshots (if relevant) ![Screen_Shot_2016-06-01_at_12.33.13](/uploads/d46b800c175a53821ea8e8af49c07641/Screen_Shot_2016-06-01_at_12.33.13.png) See merge request !4402
-
Jacob Schatz authored
Remove prev/next buttons on issues and merge requests ## What does this MR do? Remove prev/next buttons on issues and merge requests sidebar ## Are there points in the code the reviewer needs to double check? No ## Why was this MR needed? The buttons were rarely used and added at least 1 query each on every page load which we could live without. ## What are the relevant issue numbers? #18026 ## Screenshots (if relevant) Below is how it looks. Not sure if it's too much empty space. #17697 discusses a possible substitute for what to put there. ![Captura_de_pantalla_2016-06-06_a_las_11.09.26_a.m.](/uploads/7b379327aa6c608775f99bf47a9c3352/Captura_de_pantalla_2016-06-06_a_las_11.09.26_a.m..png) ![Captura_de_pantalla_2016-06-06_a_las_11.09.38_a.m.](/uploads/68bcae6754ed5ac48f1a6925fdd17d3f/Captura_de_pantalla_2016-06-06_a_las_11.09.38_a.m..png) See merge request !4442
-
Jacob Schatz authored
Add confidential issue notice in comment box. ## What does this MR do? Adds a warning about confidential issues to the comment field when the issue is confidential. ## Are there points in the code the reviewer needs to double check? I don't think so. ## Why was this MR needed? It wasn't clear to users that they were commenting on a confidential issue, this makes it more explicit. ## What are the relevant issue numbers? Fixes #15288 ## Screenshots (if relevant) This is what it looks like at various screen sizes: ![Screen_Shot_2016-06-03_at_2.56.54_PM](/uploads/eb7f318bc19101f8514d7a4f10a77d73/Screen_Shot_2016-06-03_at_2.56.54_PM.png) ![Screen_Shot_2016-06-03_at_2.58.51_PM](/uploads/13674c3f1227b0d566b1d2aafc6712ed/Screen_Shot_2016-06-03_at_2.58.51_PM.png) ![Screen_Shot_2016-06-03_at_2.58.37_PM](/uploads/14ad419ed3ed86b7fbc080152e4030fa/Screen_Shot_2016-06-03_at_2.58.37_PM.png) cc: @jschatz1 @dzaporozhets See merge request !4473
-
Douwe Maan authored
Notes are awardables ## What does this MR do? Makes sure we can
⛈ comments/notes. ## What are the relevant issue numbers? Follows up upon !2901, depends on !3785 Closes #3655 ## Screenshots (if relevant) TODO See merge request !4291 -
Felipe Artur authored
-
Alejandro Rodríguez authored
The buttons were rarely used and added at least 1 query each on every page load.
-
Rémy Coutable authored
Extend specs for builds badge ## What does this MR do? This MR extends specs for builds badge. ## Why was this MR needed? We added an edge case to specs, while trying to reproduce problem described in #17549 ## What are the relevant issue numbers? #17549 See merge request !4401
-
Jacob Schatz authored
Upgraded jQuery to version 2 ## What does this MR do? Upgrades jQuery to 2.2.1. Had to include the task_list JS file directly as it includes jQuery 1 directly https://github.com/github-archive/task_list/blob/master/app/assets/javascripts/task_list.coffee#L8 so when we change jQuery to `jquery2` it was including both jQuery 1 & 2. ## Are there points in the code the reviewer needs to double check? For any JS errors ## What are the relevant issue numbers? Closes #12440 See merge request !4384
-
Fatih Acet authored
-
Dmitriy Zaporozhets authored
-
Rémy Coutable authored
Allow a U2F Device to be the Second Factor for Authentication Parent Issue: #15337 ## TODO - [ ] #15337 (!3905) FIDO/U2F 2FA using Yubikey - [x] Order a Yubikey? - [x] Do some reading to figure out what all this stuff means - [x] Look through the existing MR - [x] Browser support? - [x] Implementation - [x] User can register 2FA using their U2H device instead of authenticator - [x] Barebones flow - [x] Save the registration in the database - [x] Authentication flow - [x] First try after login/server start doesn't work - [x] User can log in using their U2F device - [x] Allow setting up authenticator if U2F is already set up (or vice versa) - [x] Change `two_factor_auths/new` to `show` - [x] `sign_requests` during registration? (Registering a device that has already been registered) - [x] 2FA skippable flow? - [x] Enforced 2FA flow (grace period?) - [x] Move the "Configure it Later" button to the right place - [x] Don't allow registration when the yubikey isn't plugged in - [x] Polish authentication flow - [x] Login should only show the 2FA method that's enabled - [x] Message to say that u2f only works on chrome, and it's recommended to enable otp as well. - [x] Index for key_handle - [x] Server-side errors while registering/logging in - [x] Handle non-chrome browsers - [x] Try to authenticate with a key that hasn't been registered (shouldn't work) - [x] Try the same key for multiple user accounts (should work) - [x] Fix existing tests - [x] Make sure CI is green - [x] Add tests - [x] Figure out how to fake the Yubikey - [x] Teaspoon tests for the React components - [x] Each device can only be registered once per user - [x] Feature specs - [x] Regular flows - [x] Test error cases - [x] Refactoring - [x] Refactor App ID - [x] Clean up the `show` action - [x] Annotate methods with definition of U2F - [x] Changelog - [x] Fix merge conflicts - [x] Verify flows - [x] Authenticator + no U2F - [x] U2F + no authenticator - [x] U2F + authenticator - [x] U2F + authenticator -> disable 2FA - [x] 2FA required with different grace periods - [x] Screenshots for MR - [x] Augment the [help docs](http://localhost:3000/help/profile/two_factor_authentication) - [x] Assign to endboss - [x] Ask for feedback on UI/UX - [x] Ask for feedback on copy - [x] Wait for review/merge - [x] Fix merge conflicts - [x] Wait for CI to pass - [x] Implement review comments/suggestions - [x] Move `TwoFactorAuthController#create_u2f` to a service - [x] Extra space before `Base64` in `u2f_registration` model - [x] Move `with/without_two_factor` scopes to class methods - [x] In `profiles/accounts/show`, add spaces at `{` and `}` - [x] Remove blank lines in `profiles/two_factor_auths/show` - [x] Fix typo in doc. "(universal 2nd factor )" - [x] Add "Added in 8.8" to doc - [x] In the doc, use 'Enable 2FA via mobile application' instead of 'Via Mobile Application' - [x] In the doc, use 'Enable 2FA via U2F device' instead of 'Via U2F Device - [x] Use "Two-Factor Authentication" everywhere - [x] Use `#icon` wrapper instead of `fa_stacked_icon` - [x] Check if `string` is enough for `key_handle` and `public_key` - [x] Separate `exercise` and `verify` phases of test (u2f_spec) - [x] Assert that `user_without_2fa` is _not_ in results (with_two_factor) - [x] Remove rubocop exception - [x] Refactor call to `User.with_two_factor.count` to not include `.length` - [x] Add a note that makes the "Disable" button/feature obvious - [x] Remove i18n - [x] Test in Firefox with addon (+ create new issue for support) - [x] Remove React - [x] Rewrite registration - [x] Switch underscore template to default style - [x] Rewrite authentication - [x] Move `register` haml to `u2f` dir - [x] Remove instance variables - [x] Fix tests - [x] Read SCSS guidelines - [x] Address @connorshea's comments regarding text style - [x] Make sure all classes and IDs are in line (add `js-` prefixes) - [x] Register - [x] Authenticate - [x] Refactoring? - [x] Include non-minifed version of bowser - [x] Audit log - [x] Look at the `browser` gem (and don't use bowser) - [x] Error message when on HTTP? - [x] Test on Mobile - [x] Fix merge conflicts - [x] Retest all flows - [x] Back to Rémy for review - [x] Make sure CI is green - [x] Wait for merge / more feedback - [x] Implement @rymai's changes - [x] JS/Coffeescript variables should be lowerCamelCase - [x] Spaces before/after `}` and `{` in HAML (and elsewhere) - [x] Rails view helpers in u2f HAML - [x] `%div.row.append-bottom-10` - [x] Wrap line in `without_two_factor` scope - [x] Exception-less flow in `U2F::CreateService` - [x] Fix merge conflicts - [x] Move service to model class method - [x] Fix teaspoon specs - [x] Address @rymai's suggestions about error handing - [x] Javascript error constants - [x] Fix merge conflicts - [x] One final review - [x] Test "registration with errors" flow - [x] Assign to Remy - [x] Wait for replies from @jschatz1 - [x] Address @rymai's comments - [x] Omit `%div` - [x] Scope `$.find` globally - [x] Replace `find('#element-id).click` with `click_on('Element Text') - [x] Rebase master + conflicts - [x] Look at https://news.ycombinator.com/item?id=11690774 - [x] Address @connorshea's comment regarding HTTPS on localhost - [x] Final sanity check - [x] Wait for [CI to pass](https://gitlab.com/gitlab-org/gitlab-ce/commit/c84179ad233529c33ee6ba8491cfea862c6cd864/builds) - [x] Address @rymai's next round of comments - [x] Interpolate `true` and `false` in DB scopes - [x] Why have `Gon::Base.render_data` thrice? - [x] `user_spec` should have correct spacing - [x] Use `arel_table[:id]` instead of `users.id` - [x] URL helper in `app/views/profiles/two_factor_auths/show.html.haml` - [x] Remove polyfill change - [x] Wait for [CI to pass](https://gitlab.com/gitlab-org/gitlab-ce/commit/0123ab8/builds) - [x] Address @jschatz1's comments - [x] Use `on('click', ...)` instead of `click(...)` - [x] Use `is` and `isnt` in coffeescript - [x] Use `and` and `or` in coffeescript - [x] Add `Gon::Base.render_data` to `devise_empty` (and other base layouts) - [x] Wait for [CI to pass](https://gitlab.com/gitlab-org/gitlab-ce/commit/401916397336174c582be3d3004a072f845d4b5f/builds) - [x] Wait for [build](https://gitlab.com/gitlab-org/gitlab-ce/commit/75955710ef9a5f0dcee04e8617028c0e3ea5bf50/builds) to pass - [x] Fix merge conflicts - [x] Inspect diff / workflow - [x] Assign back to @rymai - [x] Make sure [ci](https://gitlab.com/gitlab-org/gitlab-ce/commit/2c6316b29a9276ef44c7b4b39363a611bf5973a6/builds) has passed - [x] Fix merge conflicts (probably introduced by [devise upgrade](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4216) - [x] Wait for [CI](https://gitlab.com/gitlab-org/gitlab-ce/commit/a5ef48b7aa63d0d9e45b41643043b57208eaab9f/builds) to pass - [x] Respond to @rymai's comments - [x] Use `elsif` - [x] Check if we need `and return` - [x] Only fetch key handles from the DB - [x] No annotations to models? - [x] Align hash keys in model - [x] Wait for [build](https://gitlab.com/gitlab-org/gitlab-ce/commit/e0ef504734e7f14813c73bbb79f5c5f6fae3248c/builds) to pass - [ ] Wait for merge ## Screenshots ![Screenshot_2016-05-03_09.53.04](/uploads/1af3f277efa488dc107d36e6b4b07ca4/Screenshot_2016-05-03_09.53.04.png) ![Screenshot_2016-05-03_10.19.53](/uploads/2bfc67dfb96c0e005cce033d8b456813/Screenshot_2016-05-03_10.19.53.png) ![Screenshot_2016-05-03_10.19.56](/uploads/e912abedd5b1d07d7185cee9f204c5ff/Screenshot_2016-05-03_10.19.56.png) ![Screenshot_2016-05-03_10.20.04](/uploads/9350d5c98823d1f3d4e59517dfb8910a/Screenshot_2016-05-03_10.20.04.png) ![Screenshot_2016-05-03_10.31.15](/uploads/84473dc263e0643311a39006e649035f/Screenshot_2016-05-03_10.31.15.png) ![Screenshot_2016-05-03_10.31.22](/uploads/13ce43e0d7a565000af29984667eeb08/Screenshot_2016-05-03_10.31.22.png) ![Screenshot_2016-05-03_10.31.37](/uploads/b90fbb40dbf9bbd73af324f48ffdc948/Screenshot_2016-05-03_10.31.37.png) ![Screenshot_2016-05-03_10.36.48](/uploads/41a0fbc493c6fefeafd922b3ddf2a25e/Screenshot_2016-05-03_10.36.48.png) See merge request !3905
-
Z.J. van de Weg authored
-
Fatih Acet authored
-
Fatih Acet authored
-
Fatih Acet authored
-
Fatih Acet authored
-
Fatih Acet authored
It was named as $emojiBtn before I was using $emojiButton so updated them to be consistent.
-
Fatih Acet authored
-
Fatih Acet authored
-
Fatih Acet authored
-
Fatih Acet authored
-
Fatih Acet authored
-
ZJ van de Weg authored
-
Douwe Maan authored
Remove 'unscoped' from project builds selection This is a fix for this security bug: https://gitlab.com/gitlab-org/gitlab-ce/issues/18188 /cc @kamil @grzegorz @stanhu See merge request !1968
-
Timothy Andrew authored
-
Timothy Andrew authored
-
Timothy Andrew authored
-
Timothy Andrew authored
- "two-factor" for OTP-based 2FA - "two-factor-via-u2f-device" for U2F-based 2FA - "standard" for non-2FA login
-
Timothy Andrew authored
- Move the `authenticate_with_two_factor` method from `ApplicationController` to the `AuthenticatesWithTwoFactor` module, where it should be.
-
Timothy Andrew authored
- Move the `TwoFactorAuthsController`'s `new` action to `show`, since the page is not used to create a single "two factor auth" anymore. We can have a single 2FA authenticator app, along with any number of U2F devices, in any combination, so the page will be accessed after the first "two factor auth" is created. - Add the `u2f` javascript library, which provides an API to the browser's U2F implementation. - Add tests for the JS components
-
Timothy Andrew authored
- Turbolinks caches the `head`, so `gon` updates don't show up unless the user navigates to page directly (by URL) or performs a refresh. - The solution is to render `gon` in the body instead. - Also update the syntax to the new Rails 4 (according to the gon README) syntax.
-
Timothy Andrew authored
- Need the `mobile?` detection (that the new version provides) for the U2F registration/ authentication flow
-
Timothy Andrew authored
- To hold registrations from U2F devices, and to authenticate them. - Previously, `User#two_factor_enabled` was aliased to the `otp_required_for_login` column on `users`. - This commit changes things a bit: - `User#two_factor_enabled` is not a method anymore - `User#two_factor_enabled?` checks both the `otp_required_for_login` column, as well as `U2fRegistration`s - Change all instances of `User#two_factor_enabled` to `User#two_factor_enabled?` - Add the `u2f` gem, and implement registration/authentication at the model level.
-
Grzegorz Bizon authored
Fix rubocop offense in awardable specs Fixes failing tests on master. See merge request !4481
-
Grzegorz Bizon authored
-
- 05 Jun, 2016 2 commits
-
-
Phil Hughes authored
CHANGELOG item
-
Phil Hughes authored
Closes #12440
-