cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
13926 commits 4 branches 1 tag 499 MiB
Commit graph

99 commits

Author SHA1 Message Date
Tom Hughes
1874e5b1a2 Improve flash message handling in users#new 
Only show the duplicate email message if we actually have errors
logged against the email field, and then show it as a warning.

In all other cases we show the generic informational hint about
social logins and pre-existing accounts.
 2024-05-06 09:14:49 +01:00
Milan Cvetkovic
4965c19b7a Re-introduce additional round trip for verifying auth_provider 2024-04-29 11:32:54 +00:00
Milan Cvetkovic
c486dd5532 Rename verified_email to email_hmac parameter in /users/new 2024-04-29 11:32:54 +00:00
Milan Cvetkovic
9649b192c0 Add preferred provider social signup 
- Add preferred provider for authorization to login and signup pages.
  To use, the 3rd party application would have to add `preferred_provider=...`
  parameter to OAuth2 authorization request.
- Resize 3rd party provider icons
- Add "login to authorize" heading to login and signup screens
 2024-04-29 11:32:54 +00:00
Milan Cvetkovic
0c7c950149 Add social signin buttons to signup screen, avoid repeating round trip to auth provider. 2024-04-27 12:44:10 +01:00
Milan Cvetkovic
f8a606869e Remove email confirmation field in signup form 2024-04-27 12:44:09 +01:00
Milan Cvetkovic
1276fb944a Merge login and terms screens, assume TOU and contributor terms are accepted on /user/new form 
This eliminates the need for "terms" screen after /user/new form..
Terms screen is still required for legacy users who never accepted the terms.
 2024-04-27 12:44:09 +01:00
Anton Khorev
f0d05c20ae Add found users count to users page 2024-03-26 05:44:35 +03:00
Anton Khorev
9f8e4fd60a Use before/after pagination on users page 2024-03-26 05:44:35 +03:00
Andy Allan
52f755cb27
Merge pull request #4535 from tomhughes/rails-tokens 
Use rails generated tokens for emails
 2024-02-25 11:32:15 +01:00
Tom Hughes
1b5200b797 Treat github and wikipedia provided emails as confirmed 
Fixes #4270
 2024-02-25 10:04:18 +00:00
Tom Hughes
4dff06a629 Use rails tokens for signup confirmations 2024-02-24 13:53:05 +00:00
Tom Hughes
242a4a1aee Include both copies of the password in the saved user 
This allows is to go back to hashing passwords when the user is saved.

Fixes #4474
 2024-01-12 17:55:16 +00:00
Milan Cvetkovic
a4c23cd89f Implement allow list for account creation 2023-12-17 07:55:43 +00:00
Milan Cvetkovic
aeb4271a27 Do not merge zoom/lat/lon options with oauth_return_url 2023-11-21 13:01:52 +00:00
Milan Cvetkovic
1fbd1d11c4 Extract welcome_options function to simplify save function 2023-11-21 11:56:09 +00:00
Milan Cvetkovic
87a5a0844b Welcome screen works with confirmation email too 2023-11-21 11:56:09 +00:00
Milan Cvetkovic
60c885d071 Welcome screen displays 'Continue with authorization' 
do not hide notes
 2023-11-21 11:56:09 +00:00
Tom Hughes
aaed886890 Hash passwords as soon as a new user is created 2023-11-16 01:02:11 +00:00
Tom Hughes
b1553135fc Preserve pass_crypt_confirmation in the new user hash 2023-11-16 00:29:49 +00:00
Tom Hughes
898a3882c5 Avoid storing user records in the session during signup 
This works around an issue with rails failing to preserve attribute
change flags and is in line with upstream advice against storing models
in the session in this way.

https://github.com/rails/rails/issues/49826
https://github.com/rails/rails/issues/49827
 2023-10-29 10:13:28 +00:00
Anton Khorev
f5c20527aa Move email-related methods to mixin 2023-09-02 13:43:41 +03:00
Tom Hughes
63bf18a3c3 Add support for rate limiting signup requests 2023-08-22 18:45:17 +01:00
Milan Cvetkovic
ad164d384e Change provider name to "microsoft" 2023-08-20 10:19:30 +01:00
Milan Cvetkovic
568bf4939d Replace references to windowslive with microsoft_graph 2023-08-17 13:01:15 +00:00
Milan Cvetkovic
7428da74c2 Use omniauth-microsoft_graph instead of omniauth-windowslive 
Omniauth-microsoft_graph correctly populates 'email' and 'name' fields used by OpenStreetMap.
It also  uses updated endpoints for Microsoft identity provider.

Use email address returned by microsoft_graph provider as a verified address.

Upgrading exisiting users from windowslive to microsoft_graph:
 - upon next login existing `windowslive` users will have to authorizei
   OpenStreetMap application to "Read Your Profile," required for proper reading
   of display name field.

The name of the identity provider in OSM is kept to 'windowslive':
 - the entries in users table with `provider == 'windowslive'`
   can be reused for microsoft_graph provider, since
   the uid field is preserved. Users will not need to repeat the sign up process.
 - OAuth2 callback is still `/auth/windowslive`, no updates to Microsoft Identity Provider portal
   App registration are necessary.
 2023-08-17 13:01:15 +00:00
Tom Hughes
65d092a579 Fix new rubocop warnings 2023-08-15 18:22:45 +01:00
Andy Allan
ace8e9a9c3 Fix redirection to wiki when terms are declined 
Adds missing test to pick this up.

Fixes #3826.
 2022-12-21 15:39:23 +00:00
Tom Hughes
dc28f1dccc Fix new rubocop warnings 2022-11-22 18:32:02 +00:00
Andy Allan
972249ce9d Reconfigure the suspended flash message to avoid html_safe 
This also avoids having raw html in the translation strings
 2022-11-17 12:04:28 +00:00
Andy Allan
22946d703a Enable the ActionOrder cop for remaining controllers 
Where actions were reordered, the rails standard actions were
also moved to the top of each controller.
 2022-11-02 11:06:00 +00:00
Tom Hughes
e9f62a8c30 Rename piwik to matomo and merge configuration into settings 2022-08-01 22:42:04 +01:00
Tom Hughes
2cbf6062fc Don't try and write directly to the user status 
This causes an exception when processing the authentication callback for
providers like google where we treat the email address as verified.
 2022-07-26 00:52:22 +01:00
Tom Hughes
40ec4734fb Fix new rubocop warnings 2022-05-16 19:16:53 +01:00
Tom Hughes
b5f06e06c1 Fix rubocop Rails/TimeZone warnings 2022-03-01 22:55:10 +00:00
Andy Allan
2731e7244a Add extra user transitions needed by the administrators 2022-02-02 16:37:50 +00:00
Andy Allan
1a11c4dc19 Use a state machine for user status 
The user status is a bit complex, since there are various states and
not all transitions between them make sense.

Using AASM means that we can name and restrict the transitions, which
hopefully makes them easier to reason about.
 2022-01-12 18:16:14 +00:00
Andy Allan
a863be8831 Rename User#delete to User#destroy 
"delete" is generally used for immediate SQL deletion without running
any callbacks or other ruby code, whereas "destroy" will trigger callbacks.

Although we don't currently use any callbacks, let's rename this method to
align better with the convention.
 2021-12-22 11:32:33 +00:00
Andy Allan
a8e8ba1a64 Refactor the account edit/update pages out into a separate accounts controller 2021-12-08 15:17:50 +00:00
Tom Hughes
abbd5a30d4 Validate any origin passed the auth failure callback 
Fixes #3375
 2021-11-23 17:33:19 +00:00
Tom Hughes
407b61857e Improve fallback behaviour for unsafe referer redirects 2021-11-23 17:18:41 +00:00
Tom Hughes
31e638474a Handle authentication failure callbacks with no message 2021-11-23 17:01:06 +00:00
Tom Hughes
0b43f6b5a0 Drop duplicate unconfirmed_login definition 
This allows third party logins to use the common definition from
the SessionMethods concern which specifies the controller.
 2021-10-24 10:37:08 +01:00
Tom Hughes
7d46f5db60 Fix new rubocop warnings 2021-08-17 18:17:18 +01:00
Andy Allan
d797de4317 Use user_account_path for links to settings page 
Much easier to read than having to be explicit about controllers etc
 2021-08-12 17:09:07 +01:00
Andy Allan
36f6d8d85d Fix redirect to terms path when not logged in 
This was missed during #3147 since it wasn't covered by a test.
 2021-07-28 16:36:13 +01:00
Andy Allan
caf2e2a242 Move profile-related settings to their own form 
Refs #3167
 2021-07-14 17:45:19 +01:00
Andy Allan
2403630da8 Split user preferences into a separate page 
Refs #3167
 2021-07-14 17:40:20 +01:00
Tom Hughes
ef092045e0 Fix some broken translation lookups 2021-06-29 19:14:50 +01:00
Andy Allan
0876ea0bee Refactor terms declined flash message to use a partial 
This allows us to include a link in the flash message, without having
to use html_safe. Also refactor to avoid having html angle brackets in
the translation strings, while still allowing locale-specific urls.
 2021-06-23 20:11:19 +01:00