cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
13373 commits 4 branches 1 tag 499 MiB
Commit graph

229 commits

Author SHA1 Message Date
Andy Allan
f22ecd6309 Avoid running integration tests in every locale 
We have over 200 locales, and so this takes a long time. This reduces
time taken from around 200 seconds to 6 to run these tests.
 2023-12-20 11:45:08 +00:00
Tom Hughes
12b4d11d44 Use SecureRandom to generate user tokens 2023-12-04 17:25:57 +00:00
Tom Hughes
3e3873a7c2 Fix test as rails no longer seems to return a body for redirects 2023-10-18 18:26:14 +01:00
Milan Cvetkovic
408f2918d0 Load openid signing key from endpoint during openid connect test 2023-10-03 18:55:10 +01:00
Milan Cvetkovic
2d5acd199b Add test for openid discovery 2023-10-03 18:55:10 +01:00
Milan Cvetkovic
1f62a2b342 Add a test for openid connect support 2023-10-03 18:55:10 +01:00
Tom Hughes
6759130cb3 Test that suspended and deleted users can't use OAuth tokens 2023-08-25 12:10:32 +01:00
Tom Hughes
477f700cfa Logout while testing OAuth 1 token usage 
This ensures we're not accidentally inheriting any session permissions.
 2023-08-25 09:44:25 +01:00
Tom Hughes
b9f9c0f3cc Separate authenticating user from application owner in OAuth 1 tests 2023-08-25 08:51:41 +01:00
Milan Cvetkovic
ad164d384e Change provider name to "microsoft" 2023-08-20 10:19:30 +01:00
Milan Cvetkovic
b3e13eb752 Update tests for microsoft_graph endpoints 2023-08-20 10:17:42 +01:00
Milan Cvetkovic
7428da74c2 Use omniauth-microsoft_graph instead of omniauth-windowslive 
Omniauth-microsoft_graph correctly populates 'email' and 'name' fields used by OpenStreetMap.
It also  uses updated endpoints for Microsoft identity provider.

Use email address returned by microsoft_graph provider as a verified address.

Upgrading exisiting users from windowslive to microsoft_graph:
 - upon next login existing `windowslive` users will have to authorizei
   OpenStreetMap application to "Read Your Profile," required for proper reading
   of display name field.

The name of the identity provider in OSM is kept to 'windowslive':
 - the entries in users table with `provider == 'windowslive'`
   can be reused for microsoft_graph provider, since
   the uid field is preserved. Users will not need to repeat the sign up process.
 - OAuth2 callback is still `/auth/windowslive`, no updates to Microsoft Identity Provider portal
   App registration are necessary.
 2023-08-17 13:01:15 +00:00
Andy Allan
e9e4b10473
Merge pull request #3907 from Dimitar5555/patch-1 
Facelift `offline.html` and use Bootstrap classes for "notifications" under the search bar
 2023-06-14 14:08:38 +01:00
Dimitar
318064b2a7 Facelift offline.html and use Bootstrap classes for "notifications" 
Update site_controller_test.rb

Update site_controller_test.rb

Remove whitespace

Reset Settings.status after test is done

Update test for offline page

Update site_controller.rb

Fix indentation

Update offline controller

Update offline.html.erb

Remove flash CSS classes and fix missed tests

Updated tests

Address most PR comments

Update _flash.html.erb

Update _flash.html.erb

Update edit.html.erb

Update offline.html.erb
 2023-03-26 13:57:51 +03:00
Tom Hughes
2b3133d2e8 Fix new rubocop warnings 2023-02-28 15:20:33 +00:00
Andy Allan
415ac577f3 Remove some old debugging comments 2022-12-21 12:05:15 +00:00
Tom Hughes
f4749eccf1 Test that verified emails from OAuth signups are accepted automatically 2022-07-26 17:33:59 +01:00
Andy Allan
934d81aa55 Bootstrap 5: Replace all form-group classes with mb-3 2022-07-20 14:42:57 +01:00
Tom Hughes
03cad948e3 Fix new rubocop warnings 2022-03-15 19:24:09 +00:00
Harry Wood
02338a80e1 Make oauth register app link into button 
Cosmetic tweak. On the OAuth 1 setting tab, make "Register your app" into a button not a link

Also put the applications in a <ul>
 2022-03-08 15:18:53 +00:00
Tom Hughes
b5f06e06c1 Fix rubocop Rails/TimeZone warnings 2022-03-01 22:55:10 +00:00
Andy Allan
a8e8ba1a64 Refactor the account edit/update pages out into a separate accounts controller 2021-12-08 15:17:50 +00:00
Andy Allan
2b84452222 Remove custom margins on sidebar headings 
Margin-top in particular is best avoided. The removal of some top
margins required a few corresponding changes to add bottom margins
to other features, mostly done by converting bare text strings to
live within paragraphs.
 2021-11-03 18:16:38 +00:00
Tom Hughes
94b327ddfc Test third party logins to pending/suspended/blocked accounts 2021-10-24 10:36:30 +01:00
Andy Allan
6ab522b2b3 Convert account setting menu to tabs, and include on other pages 
This makes it easier to navigate around these pages. Since each tab
corresponds to a given controller, this makes the selection of active
tabs straightforward.
 2021-08-18 14:30:35 +01:00
Tom Hughes
e4ce1c5f2f Check that the permission is non-zero 
Fixes #3241
 2021-07-01 16:35:29 +01:00
Tom Hughes
a32b751fed Remove some references to webmaster 2021-06-29 19:22:31 +01:00
Tom Hughes
8d76be71bb Merge remote-tracking branch 'upstream/pull/3177' 2021-06-24 08:43:18 +01:00
Tom Hughes
f6818bb2ed Avoid accidental locale changes in tests 2021-06-22 19:05:55 +01:00
Tom Hughes
63e4a89323 Fix new ruboop warnings 2021-06-22 18:34:15 +01:00
Andy Allan
c8f0a81eb7 Rework sidebar to use padding on the sidebar_content div 
This saves every header, list, paragraph etc having to sort out their own padding. The couple of instances where we want edge-to-edge can be acheived using the negative margin spacing utilities.

The padding is based on $spacer so that it can be adjusted automatically via bootstrap configuration.

This also means that we can remove many (mis-)uses of the browse-section class, which is only supposed to be for cases where there are multiple browse-sections in sequence (e.g. multiple nodes in the node history browse pages).
 2021-06-16 15:45:58 +01:00
Tom Hughes
f064a18a16 Add tests for OAuth2 2021-05-18 12:05:33 +01:00
Andy Allan
094d6c8bb9 Move confirmation methods into ConfirmationsController 2021-04-07 16:05:32 +01:00
Andy Allan
f18baae22e Refactor login/logout into sessions controller 
Certain controller methods are shared with oauth-based logins, and these have been
moved to a concern.
 2021-03-24 11:32:46 +00:00
Tom Hughes
3512d6303c Fix new rubocop warnings 2021-03-23 19:48:13 +00:00
Andy Allan
38ad8fbc36 Use login_path instead of explicit controller and actions 
This makes future refactoring easier.
 2021-03-10 14:31:55 +00:00
Tom Hughes
1f136a84a6 Prevent CSRF bypass with login form 2021-02-10 20:39:23 +00:00
Tom Hughes
5912a8011b Update to Omniauth 2.x 
This requires converting all use of the /auth endpoints
to use the POST method as GET is no longer supported.
 2021-02-02 19:49:03 +00:00
Andy Allan
cc8bb7c6a5 Refactor user registration form to use bootstrap 2021-01-20 15:38:10 +00:00
Andy Allan
da2277505f Ensure that test utility methods are marked as private 
This allows us to enable the check for test method names.
 2020-10-28 11:49:01 +01:00
Andy Allan
86a5e198f7 Refactor test to use general basic_authorization_header method 
There's no need for this test to have its own version of the method.
 2020-10-28 11:33:51 +01:00
Tom Hughes
abca51e4d8 Fix some Style/StringConcatenation warnings 2020-08-09 19:48:16 +01:00
Tom Hughes
75e135869e Fix Style/ExplicitBlockArgument warnings 2020-08-09 19:06:04 +01:00
Tom Hughes
2d3972249c Fix some rubocop todos 2020-08-02 19:38:58 +01:00
Tom Hughes
bf22c69286 Improve locale selection algorithm 
Don't include locales which only have rails translations in
the candidates, and ensure that user specified options take
priority over less specific variants of earlier choices.
 2020-06-04 17:33:11 +01:00
Tom Hughes
6f342c7616 Switch oauth integration tests to use new shared helper 2020-05-05 18:04:48 +01:00
Andy Allan
f885cfe0f5 Rename form-row to standard-form-row to avoid clashing with a bootstrap class 2020-01-15 17:16:11 +01:00
Tom Hughes
473da378b7 Remove fallback to hostip.info 
We haven't used hostip.info in production for years, except
for when we did so by accident, leading to a two hour partial
outage when it went down.
 2020-01-06 19:14:12 +00:00
Andy Allan
c4c1f8ded3 Reformat params hashes to avoid super-long lines 2019-12-18 15:58:37 +01:00
Andy Allan
7595e5a4dd Use squiggly heredocs instead of rails strip_heredoc 
Squiggly heredocs were introduced in ruby 2.3 and I prefer the ability
to indent the closing heredoc marker.
 2019-12-11 10:54:19 +01:00