cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
11504 commits 4 branches 1 tag 499 MiB
Commit graph

11504 commits

This branch
This branch
All branches
Author SHA1 Message Date
Andy Allan
2d47d6b4f8 Ensure that deactivate isn't available in production 
It's only used as a workaround for factories not being able to create
pending users while keeping active as the default
 2022-02-02 17:48:17 +00:00
Andy Allan
2731e7244a Add extra user transitions needed by the administrators 2022-02-02 16:37:50 +00:00
Andy Allan
1a11c4dc19 Use a state machine for user status 
The user status is a bit complex, since there are various states and
not all transitions between them make sense.

Using AASM means that we can name and restrict the transitions, which
hopefully makes them easier to reason about.
 2022-01-12 18:16:14 +00:00
Tom Hughes
786f28993a Switch github URLs to use https 
Fixes #3415
 2022-01-11 21:16:11 +00:00
Tom Hughes
d6da1499fc Avoid putting ActionController::Parameters objects in the session 2022-01-11 19:43:43 +00:00
Tom Hughes
6be336db00 Update bundle 2022-01-11 19:43:36 +00:00
Tom Hughes
6403515897 Replace to_s on TimeWithZone objects with to_formatted_s 2022-01-10 18:59:22 +00:00
translatewiki.net
b676aa76c5 Localisation updates from https://translatewiki.net. 2022-01-10 13:09:11 +01:00
Tom Hughes
8dc5dfe00c Update bundle 2022-01-10 08:05:09 +00:00
Tom Hughes
24d605f567 Merge remote-tracking branch 'upstream/pull/3411' 2022-01-06 15:34:30 +00:00
Andy Allan
2f6a87e443 Use assert_link instead of assert page.has_link? 
This leads to better error messages if the test fails
 2022-01-06 15:04:03 +00:00
Tom Hughes
2927c6b6be Merge remote-tracking branch 'upstream/pull/3410' 2022-01-06 13:25:42 +00:00
Andy Allan
d257c21740 Use assert_content instead of assert page.has_content? 
The assert_content comes from capybara, and gives a much more helpful
error message if the test fails.
 2022-01-06 13:16:47 +00:00
translatewiki.net
89d9690982 Localisation updates from https://translatewiki.net. 2022-01-06 13:08:27 +01:00
Andy Allan
0100cfe304 Use factory_bot to build new model objects 2022-01-06 10:46:38 +00:00
Andy Allan
88cf03ff00 Use factorybot to build user objects 
This allows us to only specify attributes of interest in the test.
 2022-01-05 20:29:12 +00:00
Tom Hughes
dcaf21602c Merge remote-tracking branch 'upstream/pull/3409' 2022-01-05 18:40:13 +00:00
Tom Hughes
8e8f6ef990 Attempt to avoid polynomial time matches on user supplied data 2022-01-05 18:38:15 +00:00
Andy Allan
4bed9c12a0 Fix display of suspension message when a user is suspended mid-session 
Without the ability defined, the user is still logged out, but then
the deny_access check redirects to the login page. The re-login attempt
would then fail anyway, with an error message, but let's fix the abilities
and use the intended page.
 2022-01-05 18:21:42 +00:00
Tom Hughes
8dc91ce6a6 Re-enable the Performance/StringIdentifierArgument cop 2022-01-04 19:10:16 +00:00
Tom Hughes
351479ac90 Update bundle 2022-01-04 19:05:13 +00:00
Tom Hughes
b300c03b99 Merge remote-tracking branch 'upstream/pull/3408' 2022-01-04 12:02:16 +00:00
Tom Hughes
d2337810a3 Remove redundant OpenID URL expansion code 
It was only used for Google who have long since dropped OpenID support.
 2022-01-04 12:02:02 +00:00
dependabot[bot]
b39e75c303
Bump eslint from 8.5.0 to 8.6.0 
Bumps [eslint](https://github.com/eslint/eslint) from 8.5.0 to 8.6.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.5.0...v8.6.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-03 23:00:41 +00:00
translatewiki.net
059e3beb50 Localisation updates from https://translatewiki.net. 2022-01-03 13:08:20 +01:00
Tom Hughes
7de3143525 Switch to 6.1 defaults as everything has been enabled for some time 2021-12-30 19:55:13 +00:00
translatewiki.net
7ee496030b Localisation updates from https://translatewiki.net. 2021-12-30 13:09:01 +01:00
Tom Hughes
4549de5f32 Test redirect from settings page to OmniAuth 2021-12-29 18:29:38 +00:00
Tom Hughes
fea1b5b88d Fix new rubocop warnings 2021-12-28 19:47:51 +00:00
Tom Hughes
c6587706e6 Update bundle 2021-12-28 18:25:02 +00:00
translatewiki.net
905ac93427 Localisation updates from https://translatewiki.net. 2021-12-27 13:09:57 +01:00
Tom Hughes
b0288b83bb Allow PATCH for OmniAuth requests 
This is required to allow the account settings screen, which now
uses the PATCH verb, to redirect to OmniAuth when the external
authentication provider is changed.

As PATCH still uses CSRF this doesn't impact CVE-2015-9284 which
is the reason for requiring POST and most importantly got not
allowing GET requests to OmniAuth.
 2021-12-27 10:34:24 +00:00
translatewiki.net
f1e0212af3 Localisation updates from https://translatewiki.net. 2021-12-23 13:09:28 +01:00
Tom Hughes
0ca2e10b1d Merge remote-tracking branch 'upstream/pull/3404' 2021-12-22 15:36:25 +00:00
Tom Hughes
5a70476d38 Merge remote-tracking branch 'upstream/pull/3403' 2021-12-22 15:26:23 +00:00
Tom Hughes
88cf87c910 Merge remote-tracking branch 'upstream/pull/3402' 2021-12-22 15:21:22 +00:00
Andy Allan
99a64ba8c1 Remove unused require statement 
The corresponding code was removed in a65cb84288
 2021-12-22 15:08:06 +00:00
Andy Allan
40e8482825 Alias the user creation_time column 
This allows rails to set the created_at automatically, and so avoids
us from having to do so in a callback. It also hides the unusual
db column name from the rest of the app.
 2021-12-22 14:48:07 +00:00
Andy Allan
a863be8831 Rename User#delete to User#destroy 
"delete" is generally used for immediate SQL deletion without running
any callbacks or other ruby code, whereas "destroy" will trigger callbacks.

Although we don't currently use any callbacks, let's rename this method to
align better with the convention.
 2021-12-22 11:32:33 +00:00
Tom Hughes
bf5f2890ac Update bundle 2021-12-21 18:34:35 +00:00
translatewiki.net
bb30a3d64b Localisation updates from https://translatewiki.net. 2021-12-20 13:11:17 +01:00
Tom Hughes
d7f7b0c46a Merge remote-tracking branch 'upstream/pull/3399' 2021-12-18 00:04:42 +00:00
dependabot[bot]
ff56828b4a
Bump eslint from 8.4.1 to 8.5.0 
Bumps [eslint](https://github.com/eslint/eslint) from 8.4.1 to 8.5.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.4.1...v8.5.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-12-17 23:00:40 +00:00
Tom Hughes
767051451c Update to rails 6.1.4.4 2021-12-16 18:33:53 +00:00
translatewiki.net
d4dadf1fe2 Localisation updates from https://translatewiki.net. 2021-12-16 13:11:53 +01:00
Tom Hughes
c34ed1e370 Merge remote-tracking branch 'upstream/pull/3397' 2021-12-15 18:28:18 +00:00
Tom Hughes
34fe4c2ac4 Merge remote-tracking branch 'upstream/pull/3394' 2021-12-15 18:21:38 +00:00
Tom Hughes
6609047fdb Update to rails 6.1.4.3 2021-12-15 18:13:00 +00:00
Tom Hughes
8adb486130 Update to rails 6.1.4.2 2021-12-14 22:16:49 +00:00
Tom Hughes
6196b6f729 Update bundle 2021-12-14 22:13:25 +00:00