cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
13077 commits 4 branches 1 tag 499 MiB
Commit graph

429 commits

Author SHA1 Message Date
Milan Cvetkovic
64bcf7652b Add openid connect support using doorkeeper-openid_connect gem 
... as discussed in [Issue 507](https://github.com/openstreetmap/operations/issues/507)
and described by @mmd-osm.

To activate, set the value of `doorkeeper_signing_key` to RSA private key.

Allows using openstreetmap as an identity provider.

Adds `openid` scope to OAuth2 authorizations, required to login to OSM.

Currently, the only claims returned are:
 - "openid" scope: "sub" and "preferred_username"
 - "read_email" scope: "email"
 2023-10-03 18:53:47 +01:00
Milan Cvetkovic
8a22bfb222 Add unconfigured doorkeeper-openid_connect 
After executing:
rails generate doorkeeper:openid_connect:install
rails generate doorkeeper:openid_connect:install

Split migration script to 2 to avoid deadlock.
 2023-10-03 18:53:09 +01:00
Anton Khorev
71654e563e Add show user block api endpoint 2023-09-09 15:53:22 +03:00
Tom Hughes
c909b29c35 Replace page numbers with ID based selection for trace indexes 2023-07-23 19:28:37 +01:00
Tom Hughes
8919c8c404 Use POST for geocoder backends 
The geocoder backend calls are a private implementation detail
and using POST enables request forgery checks and makes scraping
of nominatim via the backend calls harder.
 2023-03-07 17:24:48 +00:00
Andy Allan
9748ce301c Move browse#note to notes#show 
This allows a more resourceful routing approach.
 2023-02-01 17:13:41 +00:00
Andy Allan
b5046fdcd0 Move browse#new_note to notes#new 
This allows a more resourceful routing approach.
 2023-02-01 17:13:41 +00:00
Andy Allan
f7367baa6b Rename api_notes resource to avoid conflict with non-API resource 
This allows using e.g. note_path for notes#show in the future.
 2023-01-25 19:01:57 +00:00
Richard Fairhurst
b7887b049f Remove Geonames and geocoder.ca 2023-01-09 21:23:48 +00:00
Tom Hughes
27e9965dd2 Require integer IDs for diary_entries#show 
Fixes #3865
 2022-12-29 17:14:05 +00:00
Tom Hughes
8cef62cd2c Merge remote-tracking branch 'upstream/pull/3301' 2022-11-22 18:47:24 +00:00
Robbendebiene
ed1112bcef Allow setting HTTP ACCEPT header for notes API 
Previously the notes API return type could only be specified by appending the file extension like .json or .rss
 2022-09-23 11:40:19 +02:00
Adam Hoyle
7e5cbe87ed Merge branch 'master' into feature/add-communities-page 
# Conflicts:
#	Gemfile.lock
#	package.json
#	yarn.lock
 2022-09-10 16:13:17 +01:00
Andy Allan
6c1d73a509 Allow users to delete their own accounts 
This PR allows users to delete their own accounts. The logic implemented matches
that currently used by the admins when they manually close accounts, although
there is room to be more complex in future e.g. completely removing accounts
with no content.

The error handling has been slightly adapted for namespaced controllers, by
anchoring the controller name with a leading forward slash.
 2022-02-09 16:15:24 +00:00
Tom Hughes
b0288b83bb Allow PATCH for OmniAuth requests 
This is required to allow the account settings screen, which now
uses the PATCH verb, to redirect to OmniAuth when the external
authentication provider is changed.

As PATCH still uses CSRF this doesn't impact CVE-2015-9284 which
is the reason for requiring POST and most importantly got not
allowing GET requests to OmniAuth.
 2021-12-27 10:34:24 +00:00
Andy Allan
a8e8ba1a64 Refactor the account edit/update pages out into a separate accounts controller 2021-12-08 15:17:50 +00:00
Adam Hoyle
dd1f997033 Remove redundant route 2021-10-17 22:33:54 +01:00
Adam Hoyle
06c2db433d Merge branch 'master' into feature/add-communities-page 2021-09-27 19:30:25 +01:00
Andy Allan
cb7b79a58f Split the non-public information off of the profile page 
This opens up many possibilities for more interesting things to be
shown on the dashboard, as well as making it easier to find if
you have lots of content in your profile.
 2021-08-18 13:32:36 +01:00
Adam Hoyle
26aecfb2bf add route to pass locale 2021-08-10 10:13:24 +01:00
Adam Hoyle
d8d1ab1776 add route for communities 2021-08-07 15:46:39 +01:00
Andy Allan
caf2e2a242 Move profile-related settings to their own form 
Refs #3167
 2021-07-14 17:45:19 +01:00
Andy Allan
2403630da8 Split user preferences into a separate page 
Refs #3167
 2021-07-14 17:40:20 +01:00
Tom Hughes
e222329d04 Add support for OAuth2 using doorkeeper 2021-05-18 12:05:32 +01:00
Andy Allan
094d6c8bb9 Move confirmation methods into ConfirmationsController 2021-04-07 16:05:32 +01:00
Andy Allan
7a66c6d4eb Split password reset functionality into PasswordsController 2021-04-07 16:05:28 +01:00
Andy Allan
f18baae22e Refactor login/logout into sessions controller 
Certain controller methods are shared with oauth-based logins, and these have been
moved to a concern.
 2021-03-24 11:32:46 +00:00
Tom Hughes
66b5e85845 Merge remote-tracking branch 'upstream/pull/3078' 2021-02-03 14:48:24 +00:00
mmd-osm
4e6d729529 Remove /api/0.6/changes endpoint 
Also removes sql functions which are only used by this endpoint
 2021-02-03 14:06:34 +00:00
Tom Hughes
5912a8011b Update to Omniauth 2.x 
This requires converting all use of the /auth endpoints
to use the POST method as GET is no longer supported.
 2021-02-02 19:49:03 +00:00
Tom Hughes
0ff89c31e4 Remove both Potlatch versions 
Fixes #2622
 2021-01-05 21:18:45 +00:00
Andy Allan
41d6f19a6b Rename the notes#mine action to index 2020-07-08 18:43:30 +02:00
Andy Allan
600812f6ad Rework user#set_status and #delete to avoid GET requests 
This renames the delete action to destroy, and starts using resourceful
routing for user actions.
 2020-06-10 11:49:18 +02:00
Andy Allan
8ebfdbc1ff Move make_friend and remove_friend to friendships controller 2020-06-03 18:23:07 +02:00
Andy Allan
3a16c465f7 Refactor user controller tests 
Because we don't have direct access to the session and cookies, some
of the tests need more setup e.g. by moving through the signup process
to get the session tokens into the right place for the confirmation
steps to work.
 2020-05-13 18:08:22 +02:00
Andy Allan
36a1f38109 Refactor api traces_controller tests 2020-05-13 18:08:07 +02:00
Tom Hughes
7ffa2e96be Refactor users_controller_test and user_preferences_controller_test 2020-05-07 19:34:48 +01:00
Andy Allan
f84980f183 More controller test refactoring 2020-05-06 16:51:04 +02:00
Andy Allan
2e3522a2f6 Refactor changesets_controller_test 
Introduces some route names which need to be unique from the non-api versions
 2020-04-29 17:42:08 +02:00
Tom Hughes
f7d95e2ef9 Refactor traces controller tests 2020-04-28 19:44:00 +01:00
Tom Hughes
f75eb6fe9e Refactor more controller tests 2020-04-27 22:24:28 +01:00
Tom Hughes
8979c597e3 Refactor more controller tests 2020-04-26 22:56:18 +01:00
Andy Allan
1aa5a54419 Refactor site controller tests to inherit from ActionDispatch::IntegrationTest 
This is the modern way of writing controller tests, since it uses the
rails middleware (among other things) and leads to more realistic tests.

Refs #2563
 2020-04-22 11:09:13 +02:00
Tom Hughes
3426976606 Merge remote-tracking branch 'upstream/pull/2444' 2019-12-30 22:34:24 +00:00
Andy Allan
f1c6a87aa1
Merge pull request #2427 from mmd-osm/patch/remove_expand_bbox 
Remove expand_bbox endpoint
 2019-12-04 12:48:34 +01:00
Andy Allan
44c6fdc273 Use the conventional 'destroy' method name for destroying traces 2019-12-04 11:59:18 +01:00
Mayank Tankhiwale
11cd1c9fc1 Merge branch 'master' of https://github.com/tankhiwale/openstreetmap-website 2019-11-23 20:32:47 +05:30
Mayank Tankhiwale
9f7ec064e4 Fix #2402 
1. Modified about routes
2. Accept the new params in site#about
3. Update about.html.erb
 2019-11-23 20:26:19 +05:30
Andy Allan
25ebf87e5a Rename UserPreference controller methods to follow rails conventions more closely 2019-11-20 16:09:48 +01:00
mmd-osm
fc8923c305 Remove expand_bbox endpoint 2019-11-09 21:08:40 +01:00