Add Gitlab integration

[jgadsden]

This issue has been migrated from :
mike-goodwin/owasp-threat-dragon#122
and was opened by @micheelengronne :

Is it possible to add Gitlab integration ?

Thanks.

[jgadsden]

This is linked to issue "Request to relax test case requirements #4", where @subashsn
implements gitlab integration at https://github.com/appsecco/owasp-threat-dragon-gitlab

[jgadsden]

Most likely @subashsn forked threat dragon from commit: mike-goodwin/owasp-threat-dragon@782b3c2#diff-b9cfc7f2cdf78a7f4b91a753d10865a2

and the main patch to provide gitlab integration would come from the diff between this and commit :
appsecco/owasp-threat-dragon-gitlab@31799cf

[TheSecMaven]

looking forward to this one!

[jgadsden]

yes, agreed, and gitlab support is planned for version 2.0 which we hope is later this year

[TheSecMaven]

Is it possible to still see this land this year?

[jgadsden]

Hello @mkkeffeler - version 2.0 of Threat Dragon is looking unlikely for this year.

It could be brought into version 1.x Threat Dragon. Are you able to help with the coding? I think it would be a case of porting the work @subashsn has done back into Threat Dragon

@lreading is busy with version 2.0, and I am working on the JointJS upversion for version 1.x, so between us we are unlikely to find the time to do the gitlab integration soon

It would still be great to have though

[iman4000]

will threat dragon 2.0 release this year? and does it have gitlab integration? :)

[jgadsden]

Thanks for looking at this @kuwv , and I have assigned this issue to if that is OK
I am not sure where we use passport / passport-local , I know it is in the dev dependencies but we do not seem to actually use it during testing

@iman4000 apologies for not responding to your message from last year - you have probably already found that version 2.1.1 was released this month but still without gitlab integration

[kuwv]

@jgadsden what are your thoughts about me implementing passport for each?

[jgadsden]

sounds good to me - do you want to try an implementation?

[kuwv]

@jgadsden I see that bitbucket and this #805 is continuing with the existing auth so I'm going to step away from this instead.

[steve-winter]

I would also agree migrating to passport (or similar) would simplify things. Perhaps worth implementing for a single provider first?

[threatdragon]

Gitlab creating a group-owned application for OAuth
possibly use gitlab-restapi

[vineetpandey]

@threatdragon @jgadsden : are we having this issue in priority? It's a long awaited feature.

[steve-winter]

It's a relatively simple addition based on the previous Bitbucket integration I added. I have been busy elsewhere but can probably pick this up in next 2 weeks.

@jgadsden assuming we do want this feature?

[jgadsden]

agreed @vineetpandey , we would like this feature but it has been a case of finding a volunteer with engineering time to do it - as is the case with most open source projects :)

Yes, absolutely @steve-winter , if you can implement this that would be great, thank you

[steve-winter]

Draft can be seen here: https://github.com/steve-winter/threat-dragon/tree/%239-Gitlab

Not implemented testing yet, will add before PR. Have added #860 for a refactor of this part of the codebase.

[jgadsden]

closed via pull request #870