Andy Allan
1a11c4dc19
Use a state machine for user status
...
The user status is a bit complex, since there are various states and
not all transitions between them make sense.
Using AASM means that we can name and restrict the transitions, which
hopefully makes them easier to reason about.
2022-01-12 18:16:14 +00:00
Tom Hughes
fea1b5b88d
Fix new rubocop warnings
2021-12-28 19:47:51 +00:00
Tom Hughes
0ca2e10b1d
Merge remote-tracking branch 'upstream/pull/3404'
2021-12-22 15:36:25 +00:00
Tom Hughes
5a70476d38
Merge remote-tracking branch 'upstream/pull/3403'
2021-12-22 15:26:23 +00:00
Andy Allan
99a64ba8c1
Remove unused require statement
...
The corresponding code was removed in a65cb84288
2021-12-22 15:08:06 +00:00
Andy Allan
40e8482825
Alias the user creation_time column
...
This allows rails to set the created_at automatically, and so avoids
us from having to do so in a callback. It also hides the unusual
db column name from the rest of the app.
2021-12-22 14:48:07 +00:00
Andy Allan
a863be8831
Rename User#delete to User#destroy
...
"delete" is generally used for immediate SQL deletion without running
any callbacks or other ruby code, whereas "destroy" will trigger callbacks.
Although we don't currently use any callbacks, let's rename this method to
align better with the convention.
2021-12-22 11:32:33 +00:00
Tom Hughes
5966acc207
Merge remote-tracking branch 'upstream/pull/3300'
2021-10-07 17:45:07 +01:00
Tom Hughes
cb10c10ea3
Merge remote-tracking branch 'upstream/pull/3332'
2021-09-29 19:10:22 +01:00
Tom Hughes
22377cbdd4
Fix new rubocop warning
2021-09-29 18:54:56 +01:00
Andy Allan
9ab15f38ea
Move the tracepoint coordinate format test to the controller test
...
This allows us to remove the model method
2021-09-29 15:25:28 +01:00
Andy Allan
dfcecb0118
Remove the ObjectMetadata concern, since it's only used in tests now
2021-09-15 17:05:50 +01:00
Andy Allan
baea8dc10e
Remove unused to_xml and to_xml_node methods from models
2021-09-15 17:05:50 +01:00
Tom Hughes
6c6e8883f7
Introduce privileged scopes that only an administrator can enable
2021-08-26 17:22:24 +01:00
Tom Hughes
f1935b1c57
Merge remote-tracking branch 'upstream/pull/3257'
2021-07-21 19:24:31 +01:00
Tom Hughes
cd9a72e669
Merge remote-tracking branch 'upstream/pull/3263'
2021-07-21 12:16:08 +01:00
Tom Hughes
377f394a7c
Treat association between users and OAuth 2 applications as polymorphic
2021-07-21 11:52:10 +01:00
Andy Allan
37b03e47c6
Fix various code comments
...
These were found as part of #3233
2021-07-21 11:24:23 +01:00
Tom Hughes
4d47cff5e1
Merge remote-tracking branch 'upstream/pull/3237'
2021-07-21 11:24:17 +01:00
Andy Allan
9b8f2bbcbe
Remove code complexity around resetting language preferences
...
This was originally introduced since we saved the user and showed
the result on the same action. Now that the preferences controller
saves and redirects, the user model and associated language preferences
are reloaded between requests, and this code is no longer required.
2021-07-14 17:40:20 +01:00
Tom Hughes
da546af22e
Allow acls to match on parent domains
2021-07-06 10:13:33 +01:00
Tom Hughes
b4a1e41968
Switch web site to use OAuth 2
2021-06-27 19:00:36 +01:00
Tom Hughes
e222329d04
Add support for OAuth2 using doorkeeper
2021-05-18 12:05:32 +01:00
Tom Hughes
9603d718c2
Fix calculation of friendship rate limit
2021-05-11 15:49:48 +01:00
Tom Hughes
84c601460f
Add rate limiting to user friendships
2021-05-11 12:10:36 +01:00
Tom Hughes
25510b6616
Add additional limits on sending messages
...
Additional limits apply to new accounts and accounts with
unresolved issues reported against them.
Fixes #3135
2021-03-31 22:40:34 +01:00
Tom Hughes
2d50a84004
Fix new rubocop warnings
2021-02-16 21:14:54 +00:00
Tom Hughes
3c4f32a760
Validate avatar images
...
Closes #3097
2021-02-16 17:37:18 +00:00
Tom Hughes
0654be27f9
Fix new rubocop warnings
2021-01-11 19:17:31 +00:00
Tom Hughes
0ff89c31e4
Remove both Potlatch versions
...
Fixes #2622
2021-01-05 21:18:45 +00:00
Tom Hughes
384ac46102
Convert id column for oauth_nonces to bigint
2020-12-14 14:48:59 +00:00
Tom Hughes
88ba316abe
Merge remote-tracking branch 'upstream/pull/2999'
2020-12-09 14:51:04 +00:00
Tom Hughes
bfffe7ed96
Prefer string interpolation to concatenation
2020-11-13 11:32:28 +00:00
Tom Hughes
582402ba8f
Prefer keyword arguments when method has optional boolean arguments
2020-11-13 10:22:55 +00:00
Andy Allan
a65cb84288
Remove unused code
2020-11-11 16:43:58 +00:00
Tom Hughes
7db541d697
Invalidate existing sessions when changing email or password
...
As we don't have any way to actually find the active sessions for
an account we instead store a fingerprint in the session, and refuse
to use any session with a different fingerprint.
2020-09-29 14:34:08 +01:00
Tom Hughes
c694c78c9a
Delete any outstanding tokens when a user changes their email
...
This ensures that any tokens previously sent to the old email address
can no longer be used if somebody were able to access that address.
2020-09-29 13:47:40 +01:00
Tom Hughes
18b9b9f14c
Fix new rubocop warnings
2020-09-07 07:11:22 +01:00
Tom Hughes
c2af89c00e
Fix rubocop Style/SoleNestedConditional warnings
2020-09-02 18:54:55 +01:00
Tom Hughes
b7432e9432
Handle new rubocop warnings
2020-09-02 07:18:21 +01:00
Tom Hughes
ea59d95f4a
Fix some new rubocop warnings
2020-08-06 22:27:30 +01:00
Tom Hughes
0e2a66e8de
Fix new rubocop warnings
2020-08-06 18:42:16 +01:00
Tom Hughes
2d3972249c
Fix some rubocop todos
2020-08-02 19:38:58 +01:00
Tom Hughes
6c159b9673
Fix the Command Injection warnings from Brakeman
2020-07-31 15:54:06 +01:00
Tom Hughes
9f993fe8c8
Fix new rubocop warnings
2020-07-07 10:44:52 +01:00
Tom Hughes
3abeeb7f41
Require open3 before using it
2020-06-26 19:40:37 +01:00
Tom Hughes
39b60219fe
Fix new rubocop warnings
2020-06-11 19:21:41 +01:00
Andy Allan
0a33c66146
Convert lib files to model concerns
2020-06-03 16:44:26 +02:00
Tom Hughes
7e925c3c00
Look at all note comments to find the close event
...
Fixes #2612
2020-05-06 14:06:04 +01:00
Andy Allan
32e46ad4e3
Remove tempfile patch for trace data
...
Effectively reverts c0d2ad40c3
2020-04-22 15:16:46 +02:00
