cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
15282 commits 4 branches 1 tag 499 MiB
Commit graph

244 commits

Author SHA1 Message Date
Anton Khorev
201796cced Fix options passed by allow_thirdparty_images 2025-01-04 18:47:51 +03:00
Andy Allan
83043d6f1c
Merge pull request #5362 from AntonKhorev/color-mode-preference-map 
Map color mode preference
 2024-12-11 16:53:15 +00:00
Tom Hughes
7b05c1c060 Merge remote-tracking branch 'upstream/pull/5375' 2024-12-08 14:55:55 +00:00
Anton Khorev
88d80018b5 Include data: when using allow_thirdparty_images CSP 2024-12-04 19:26:21 +03:00
Anton Khorev
821ebdd57b Use fetch() instead of iframe to make remote control requests 2024-12-04 12:30:19 +03:00
Anton Khorev
3d79f9fd88 Make a generic preferred color scheme method 2024-12-01 04:58:00 +03:00
Anton Khorev
2ca74ab3ef Add auto/manual color scheme stylesheets depending on user preferences 2024-12-01 03:55:19 +03:00
Tom Hughes
6789fc3081 Drop support for ruby 3.0 
Also add Ubuntu 24.04 and drop 20.04 as 24.04 is needed for
ruby 3.1 without rvm so we should test it.
 2024-09-17 20:39:22 +01:00
Anton Khorev
e272a384ce Respond to timeouts with a server error code 2024-09-09 19:13:29 +03:00
Anton Khorev
51e0cf85b0 Timeout instantly if web_timeout setting is negative 2024-09-09 18:16:16 +03:00
Tom Hughes
973d62a25e Drop support for basic authentication 2024-09-02 19:00:57 +01:00
Tom Hughes
17bc0853a0 Drop support for OAuth 1 2024-09-01 03:43:02 +03:00
Anton Khorev
a082caef3c Use casecmp?() instead of casecmp().zero? 2024-07-13 16:00:45 +03:00
Tom Hughes
20bdbb05c3 Switch to using rails builtin content security policy support 2024-05-22 16:38:59 +01:00
Andy Allan
ffda8d7ac5
Merge pull request #4680 from tomhughes/validate-page-numbers 
Add parameter validation to pagination
 2024-05-15 17:43:04 +01:00
Andy Allan
ad4ab4603b
Merge pull request #4496 from tomhughes/disabled-auth-error 
Return an error when a disabled authentication mechanism is used
 2024-05-15 16:33:33 +01:00
Tom Hughes
feff501b25 Add framework for parameter validation using rails_param gem 2024-04-11 10:08:20 +01:00
Tom Hughes
29cc21c599 Drop user tokens table 2024-02-28 21:02:54 +00:00
Tom Hughes
519c13d4cd Allow OAuth 1.0a to be disabled 2024-02-25 08:56:09 +00:00
Tom Hughes
24f579562f Attempt to make timeouts work properly 2024-01-29 19:37:59 +00:00
Andy Allan
1700c23dd1 Prefer find_by() instead of where().first 
These are very similar, differing only if we would expect multiple
results and the sorting is important. However, in all our cases
we're only expecting one result to be returned, and so find_by is
easier to read.
 2023-10-04 17:53:58 +01:00
Anton Khorev
4ceebefefa Move user lookup and error render to concerns 2023-08-21 17:29:55 +03:00
Andy Allan
68fa607811 Use hashes to define where..in sql queries 
This is preferable to using SQL statements.
 2023-08-03 11:04:28 +01:00
Andy Allan
4c564e5a32 Move more api-related helper methods to ApiController 
This prevents them from being inadvertently used in non-API controllers
 2023-01-11 15:28:59 +00:00
Christian Beiwinkel
85f627c5c2 added valhalla routing engine 2022-12-16 17:05:36 +01:00
Tom Hughes
09263bc4a1 Cancel running queries when a timeout occurs 2022-09-21 22:47:16 +01:00
Tom Hughes
5d67fa3908 Fix some Naming/AccessorMethodName rubocop warnings 2022-03-08 19:10:05 +00:00
Andy Allan
6c1d73a509 Allow users to delete their own accounts 
This PR allows users to delete their own accounts. The logic implemented matches
that currently used by the admins when they manually close accounts, although
there is room to be more complex in future e.g. completely removing accounts
with no content.

The error handling has been slightly adapted for namespaced controllers, by
anchoring the controller name with a leading forward slash.
 2022-02-09 16:15:24 +00:00
Tom Hughes
407b61857e Improve fallback behaviour for unsafe referer redirects 2021-11-23 17:18:41 +00:00
Tom Hughes
d951621c44 Make safe_referer handle invalid URIs 2021-11-23 11:27:02 +00:00
Tom Hughes
f4d1d97848 Add a privileged scope that allows email addresses to be returned 2021-08-26 17:22:25 +01:00
Tom Hughes
f1935b1c57 Merge remote-tracking branch 'upstream/pull/3257' 2021-07-21 19:24:31 +01:00
Andy Allan
29efa4337c Remove incorrectly spelled helper_method 
The spelling of language is wrong here, and the correct version
is already there further down at the preferred_language method definition
 2021-07-21 17:28:23 +01:00
Andy Allan
9b8f2bbcbe Remove code complexity around resetting language preferences 
This was originally introduced since we saved the user and showed
the result on the same action. Now that the preferences controller
saves and redirects, the user model and associated language preferences
are reloaded between requests, and this code is no longer required.
 2021-07-14 17:40:20 +01:00
Tom Hughes
b4a1e41968 Switch web site to use OAuth 2 2021-06-27 19:00:36 +01:00
Tom Hughes
e222329d04 Add support for OAuth2 using doorkeeper 2021-05-18 12:05:32 +01:00
Tom Hughes
bf851691bf Fix deprecation warnings 2021-05-12 18:49:21 +01:00
Tom Hughes
93b8c47c8f Reject referers that do not include an absolute path 2021-03-16 11:07:34 +00:00
Andy Allan
38ad8fbc36 Use login_path instead of explicit controller and actions 
This makes future refactoring easier.
 2021-03-10 14:31:55 +00:00
Andy Allan
4f304e2301 Remove SystemTimer and use stdlib Timeout directly 
SystemTimer was only needed on ruby 1.8, and we dropped support for
that a long time ago.
 2020-12-23 14:25:58 +00:00
Andy Allan
78b9d92207 Prefer keyword arguments when method has optional boolean arguments 2020-11-12 11:24:44 +00:00
Tom Hughes
7db541d697 Invalidate existing sessions when changing email or password 
As we don't have any way to actually find the active sessions for
an account we instead store a fingerprint in the session, and refuse
to use any session with a different fingerprint.
 2020-09-29 14:34:08 +01:00
Tom Hughes
abca51e4d8 Fix some Style/StringConcatenation warnings 2020-08-09 19:48:16 +01:00
Tom Hughes
75e135869e Fix Style/ExplicitBlockArgument warnings 2020-08-09 19:06:04 +01:00
Tom Hughes
0e2a66e8de Fix new rubocop warnings 2020-08-06 18:42:16 +01:00
Tom Hughes
2d3972249c Fix some rubocop todos 2020-08-02 19:38:58 +01:00
Tom Hughes
f881a8c83c Register warning and error flash types 
Fixes #2743
 2020-08-02 15:53:13 +01:00
Tom Hughes
d4130bcac8 Fix the Redirect warnings from Brakeman 
Unfortunately I've had to leave the check disabed as Brakeman
can't see inside the safe_referer method so doesn't realise that
it is cleaning the referer.
 2020-07-22 19:23:46 +01:00
Tom Hughes
9f993fe8c8 Fix new rubocop warnings 2020-07-07 10:44:52 +01:00
Tom Hughes
d6f518f627 More improvements to locale selection for the data browser 
Use the browser language preferences for non-logged in users.
 2020-06-07 19:10:48 +01:00