cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
14368 commits 4 branches 1 tag 499 MiB
Commit graph

151 commits

Author SHA1 Message Date
Tom Hughes
3e77cae66c Clear current_user if we reject OAuth 1 
This ensures we don't try and do any further validation of the
user which might lead to trying to report additional errors.
 2024-07-07 19:40:28 +01:00
Andy Allan
c1cccd40fc Move check_api_readable to api_controller 
It's easier to skip the check in the two places that we need to, and
include it by default everywhere else.
 2024-05-29 14:54:16 +01:00
Andy Allan
ad4ab4603b
Merge pull request #4496 from tomhughes/disabled-auth-error 
Return an error when a disabled authentication mechanism is used
 2024-05-15 16:33:33 +01:00
Anton Khorev
604bba10ec Remove assert_method from api controllers 2024-03-25 07:15:16 +03:00
Tom Hughes
29cc21c599 Drop user tokens table 2024-02-28 21:02:54 +00:00
Tom Hughes
519c13d4cd Allow OAuth 1.0a to be disabled 2024-02-25 08:56:09 +00:00
Tom Hughes
1a684a7766 Return an error when basic authentication is used and is disabled 2024-02-25 08:53:44 +00:00
Tom Hughes
24f579562f Attempt to make timeouts work properly 2024-01-29 19:37:59 +00:00
Tom Hughes
ba503e02d2 Enforce rate limit for API calls which make changes 2023-11-02 08:59:57 +00:00
Tom Hughes
d1d3c2597e Handle timeouts inside a view for API calls 2023-09-07 00:32:11 +01:00
Andy Allan
4c564e5a32 Move more api-related helper methods to ApiController 
This prevents them from being inadvertently used in non-API controllers
 2023-01-11 15:28:59 +00:00
Tom Hughes
0ae438a5c1 Add a configuration option to disable HTTP basic authentication 2022-07-08 17:25:20 +01:00
Tom Hughes
0c524b2408 Log any use of basic authentication 2022-07-08 17:13:02 +01:00
Tom Hughes
5d67fa3908 Fix some Naming/AccessorMethodName rubocop warnings 2022-03-08 19:10:05 +00:00
Tom Hughes
cfb4a70129 Fix Lint/DuplicateBranch rubocop warnings 2022-03-08 19:05:37 +00:00
Tom Hughes
e222329d04 Add support for OAuth2 using doorkeeper 2021-05-18 12:05:32 +01:00
Tom Hughes
70c4a750d7 Fix new rubocop warnings 2020-09-16 08:28:25 +01:00
Tom Hughes
aaf9d15d56 Rework set_default_request_format ast set_request_formats 
Instead of trying to work out the exact format, just figure
out the list of allowed formats and let rails do the rest.
 2020-02-29 15:28:23 +00:00
mmd-osm
b556b054d1 JSON: added clarification for non-supported Accept header formats 2020-01-22 17:38:28 +01:00
mmd-osm
03ca0b2c69 Added Accept header unit tests 2020-01-12 17:46:11 +01:00
mmd-osm
97036c181e JSON output, handle Accept header 2020-01-02 15:17:11 +01:00
mmd-osm
45a1d298a9 Move default_format_xml to api_controller 2019-12-30 17:26:00 +01:00
Tom Hughes
57f5b7840e Fix rubocop warnings 2019-12-04 19:31:53 +00:00
Andy Allan
7b057545c0 Disentangle the api abilities from the web abilities 
This will allow us to rename api actions without causing permissions headaches. The choice of
abilities files is made by inheriting from either api_controller or application_controller.

Also rename capabilities to api_capabilites, for consistency.
 2019-03-27 18:07:29 +01:00
Tom Hughes
951564eed1 Merge remote-tracking branch 'upstream/pull/2186' 2019-03-23 12:01:05 +00:00
Andy Allan
19c2f6d485 Move more api-only methods into api_controller 2019-03-20 15:08:36 +01:00
Andy Allan
8d207e7de0 Mark all methods in api_controller and application_controller as private 
They aren't designed to be used as request endpoints, so there's no
need for them to be public.
 2019-03-20 15:08:36 +01:00
Andy Allan
94d19ae567 Move the authorize method to api_controller 2019-03-20 14:39:17 +01:00
Andy Allan
742291a840 Simplify deny_access handling 
Now that we have all api controllers inheriting from a common base,
it's easier to override the deny_access handler without having to
switch between both.

Fixes #2064
 2019-03-20 14:39:17 +01:00
Andy Allan
3bb07e29ec Refactor api controllers to inherit from a common ApiController 2019-03-20 14:16:15 +01:00
Andy Allan
f4e2990526 Move map method to its own controller 2019-02-24 11:44:10 +01:00
Andy Allan
d887252eeb Move the changes api to its own controller 2019-02-24 11:00:28 +01:00
Andy Allan
8383fd0928 Move the permissions call out of api_controller 2019-02-24 11:00:28 +01:00
Andy Allan
317b8f9d45 Move the trackpoints call into its own controller (and rename to tracepoints) 2019-02-24 11:00:28 +01:00
Andy Allan
6a4092bc16 Move the capabilities call out of api_controller 2019-02-24 11:00:20 +01:00
Andy Allan
e7f943c715 Use CanCanCan for nodes, ways, relations, old and api controllers 2019-01-16 10:12:19 +01:00
Andy Allan
58c101762e Use a builder view for the capabilities call 
This is easier to work with than building the XML document by hand
in the controller.
 2019-01-09 14:30:18 +01:00
Tom Hughes
cdb42d2a6c Avoid ordering points from public and private traces 
Closes #2046
 2018-11-07 08:57:14 +00:00
Andy Allan
16fef14b61 Rename traces#view to traces#show 2018-08-29 17:43:38 +08:00
Andy Allan
b446138aef Rename trace_controller to traces_controller 2018-05-09 12:38:09 +08:00
Tom Hughes
a83030dab7 Fix new rubocop warnings 2018-01-22 18:55:45 +00:00
Andy Allan
15b104f4ff Merge branch 'p' of https://github.com/jfirebaugh/openstreetmap-website into jfirebaugh-p 
Refs #139
 2017-11-22 10:47:18 +00:00
Andy Allan
6f89da05d1 Use current_user to represent the currently logged in user. 
This is already used by the oauth plugin, and is a general rails convention.
 2017-07-12 16:10:50 +01:00
Tom Hughes
ff97501ed0 Remove all use of the :text option to render 
It doesn't actually do what it says, as it sets the content type
to text/html not text/plain so is just confusing and as a result
has been deprecated in newer rails versions.
 2017-06-02 19:12:05 +01:00
Simon Poole
9606e440bc Return maximum size of bounding box for note retrieval 2017-03-13 08:53:49 +01:00
Tom Hughes
72e71b9972 Fix rubocop warnings 2016-06-09 22:18:28 +01:00
Tom Hughes
5d3ecffa28 Fix new rubocop warnings 2016-02-05 13:35:26 +00:00
Tom Hughes
8fe1899596 Fix rubocop warnings 2016-01-19 09:51:24 +00:00
Tom Hughes
c0e4394a48 Add extra tests for API and redaction controllers 2015-03-03 00:55:19 +00:00
Tom Hughes
9fb8f5a84b Drop the old output_compression plugin 
The production servers all have mod_deflate enabled anyway, which
almost certainly does a better job of compression than this.
 2015-03-01 10:52:28 +00:00