Skip to content

GitLab

Switch branch/tag
  1. 10 Jan, 2023 1 commit
  3. 02 Jan, 2023 1 commit
  5. 30 Dec, 2022 1 commit
    • Lunny Xiao's avatar
      Remove ReverseProxy authentication from the API (#22219) (#22252) · 8cd6be17
      Lunny Xiao authored 
      
backport #22219

Since we changed the /api/v1/ routes to disallow session authentication
we also removed their reliance on CSRF. However, we left the
ReverseProxy authentication here - but this means that POSTs to the API
are no longer protected by CSRF.

Now, ReverseProxy authentication is a kind of session authentication,
and is therefore inconsistent with the removal of session from the API.

This PR proposes that we simply remove the ReverseProxy authentication
from the API and therefore users of the API must explicitly use tokens
or basic authentication.

Replace #22077
Close #22221 
Close #22077 
Signed-off-by: default avatarAndrew Thornton <art27@cantab.net>
Signed-off-by: default avatarAndrew Thornton <art27@cantab.net>
Co-authored-by: default avatarzeripath <art27@cantab.net>
      8cd6be17
  7. 28 Dec, 2022 2 commits
  9. 22 Dec, 2022 2 commits
  11. 21 Dec, 2022 3 commits
  13. 20 Dec, 2022 2 commits
  15. 19 Dec, 2022 1 commit
    • Christian Ullrich's avatar
      Do not list active repositories as unadopted (#22034) (#22167) · 068e96fb
      Christian Ullrich authored 
      
Backport #22034

This fixes a bug where, when searching unadopted repositories, active
repositories will be listed as well. This is because the size of the
array of repository names to check is larger by one than the
`IterateBufferSize`.

For an `IterateBufferSize` of 50, the original code will pass 51
repository names but set the query to `LIMIT 50`. If all repositories in
the query are active (i.e. not unadopted) one of them will be omitted
from the result. Due to the `ORDER BY` clause it will be the oldest (or
least recently modified) one.
Co-authored-by: default avatarChristian Ullrich <christian.ullrich@traditionsa.lu>
      068e96fb
  17. 15 Dec, 2022 1 commit
  19. 14 Dec, 2022 1 commit
  21. 13 Dec, 2022 2 commits
  23. 12 Dec, 2022 1 commit
  25. 10 Dec, 2022 1 commit
  27. 06 Dec, 2022 2 commits
    • Jason Song's avatar
      Fix issue/PR numbers (#22037) (#22045) · e93a4a01
      Jason Song authored 
      Backport #22037.

When deleting a closed issue, we should update both `NumIssues`and
`NumClosedIssues`, or `NumOpenIssues`(`= NumIssues -NumClosedIssues`)
will be wrong. It's the same for pull requests.

Releated to #21557.

Alse fixed two harmless problems:

- The SQL to check issue/PR total numbers is wrong, that means it will
update the numbers even if they are correct.
- Replace legacy `num_issues = num_issues + 1` operations with
`UpdateRepoIssueNumbers`.
      e93a4a01
    • zeripath's avatar
      Handle empty author names (#21902) (#22028) · 601766d1
      zeripath authored 
      
Backport #21902

Although git does expect that author names should be of the form: `NAME
<EMAIL>` some users have been able to create commits with: `<EMAIL>`

Fix #21900
Signed-off-by: default avatarAndrew Thornton <art27@cantab.net>
Co-authored-by: default avatarLauris BH <lauris@nix.lv>
      601766d1
  29. 05 Dec, 2022 1 commit
  31. 04 Dec, 2022 1 commit
  33. 24 Nov, 2022 2 commits
  35. 20 Nov, 2022 2 commits
  37. 18 Nov, 2022 1 commit
    • Gusted's avatar
      Prevent dangling user redirects (#21856) (#21859) · 56716f58
      Gusted authored 
      - Backport #21856
- It's possible that the `user_redirect` table contains a user id that
no longer exists.
  - Delete a user redirect upon deleting the user.
- Add a check for these dangling user redirects to check-db-consistency.
      56716f58
  39. 14 Nov, 2022 1 commit
  41. 13 Nov, 2022 3 commits
  43. 11 Nov, 2022 2 commits
  45. 10 Nov, 2022 3 commits
  47. 09 Nov, 2022 3 commits