1. 05 Oct, 2018 2 commits
    • Nick Thomas's avatar
      Release GitLab Pages v1.2.0 · 358fa12a
      Nick Thomas authored
    • Nick Thomas's avatar
      Merge branch 'auth' into 'master' · 86ad3207
      Nick Thomas authored
      Make GitLab pages support access control
      This change adds support for access controlled pages by configuration
      provided from GitLab to the `config.json`. When project is not public
      and access control is enabled for it, pages will require user to
      authenticate. This is done by redirecting user to GitLab authorize
      endpoint. If project visiblity is public, then access will not be checked.
      Pages will store the access token in a session cookie. When access token
      is invalid the authentication will be done again.
      This work is related to the feature request gitlab-ce#33422, check also
      MR gitlab-ce!18589 and omnibus-gitlab!2583.
      ## Changes
      * New fields in the `config.json`
      * Auth package for handling OAuth and checking access to a project when necessary
      * Test for auth and also acceptance tests
      See merge request !94
  2. 04 Oct, 2018 1 commit
  3. 02 Oct, 2018 1 commit
  4. 30 Sep, 2018 2 commits
  5. 27 Sep, 2018 2 commits
  6. 22 Sep, 2018 2 commits
  7. 12 Sep, 2018 1 commit
  8. 11 Sep, 2018 2 commits
  9. 10 Sep, 2018 5 commits
  10. 03 Sep, 2018 1 commit
  11. 30 Aug, 2018 2 commits
  12. 29 Aug, 2018 1 commit
  13. 27 Aug, 2018 1 commit
  14. 26 Aug, 2018 3 commits
    • Stan Hu's avatar
      Fix HTTP to HTTPS redirection not working for default domains · 7d8bfba8
      Stan Hu authored
      If a default domain is in use, the group domain will be passed into the
      IsHTTPSOnly() call, but this will always return false because the HTTPS-only
      flag can only be determined by looking at the HTTP request host rather than
      the URL.
      For example, for the project https://gitlab.com/tanukitalks/tanukitalks.gitlab.io,
      this is what happened previously:
      1. For a project in the default domain (e.g. `gitlab.io`), GitLab Pages loads
      `config.json` and sees the group is `tanukitalks` with the project name
      `tanuitalks.gitlab.io`. It stores the HTTPS-only flag inside the project
      2. Note that for projects in the default domain, the `domainConfig` is
      empty. This makes sense because there is no domain configuration specified
      since the default domain is being used, and we need to redirect on a
      project-by-project basis.
      3. User requests https://tanukitalks.gitlab.io.
      4. GitLab Pages looks up `tanukitalks.gitlab.io`, and it returns the domain
      `tanukitalks` with an empty `domainConfig` and project `tanukitalks.gitlab.io`.
      5. Since there is no `domainConfig`, `IsHTTPSOnly` attempts to resolve the
      project from the URL.
      6. However, since the URL is using the default domain, the path is `/`, which
      doesn't resolve to any project.
      In the new behavior, we check the hostname of the request to see if it matches
      any project before trying to parse the URL.
      Closes #162
    • Nick Thomas's avatar
      Merge branch 'sh-log-duplicate-domains' into 'master' · b1356f36
      Nick Thomas authored
      Log duplicate domain names
      Closes #160
      See merge request gitlab-org/gitlab-pages!107
    • Stan Hu's avatar
      Log duplicate domain names · 46c26d3b
      Stan Hu authored
      This will help make it easier to track stale `config.json` files on disk.
      Closes gitlab-org/gitlab-pages#160
  15. 23 Aug, 2018 5 commits
  16. 21 Aug, 2018 1 commit
  17. 20 Aug, 2018 2 commits
  18. 18 Aug, 2018 4 commits
  19. 15 Aug, 2018 2 commits