cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
8759 commits 4 branches 1 tag 499 MiB
Commit graph

312 commits

Author SHA1 Message Date
Andy Allan
3ec67ea2d3 Rename user_controller to users_controller 2018-10-03 15:31:10 +02:00
Tom Hughes
64146b4f36 Fix Style/SafeNavigation rubocop warnings 2018-09-22 17:21:06 +01:00
Tom Hughes
6c2093b29d Fix new rubocop warnings 2018-09-22 17:12:29 +01:00
Andy Allan
a3606e00b4 Rename user#list to user#index 2018-09-10 10:03:34 +08:00
Andy Allan
19c26e70a3 Rename user#view to user#show 2018-09-05 14:21:01 +08:00
Tom Hughes
b4106383d9 Add /api/0.6/users to fetch multiple users 
Fixes #1921
 2018-07-09 22:26:55 +01:00
J Guthrie
30756f72ca Change language immediately after updating settings 
Closes #1883
 2018-05-27 15:12:34 +01:00
Andy Allan
7b2af50f4a Refactor @this_user to @user 
Historically we used @user for the currently logged in user, but
this was changed to `current_user` in 2017.
 2018-04-11 11:42:33 +08:00
Tom Hughes
a83030dab7 Fix new rubocop warnings 2018-01-22 18:55:45 +00:00
Tom Hughes
986779966b Extend form-action policies for Chrome 
It seems that unlike other browsers Chrome requires that if a form
submission redirects that the redirected URL also match the form-action
policy rather than just requiring the original URL to match.
 2017-11-25 12:04:02 +00:00
Tom Hughes
bb116b85df Allow third party images in user content 2017-11-23 22:39:05 +00:00
Andy Allan
d581f17665 Avoid using or comparing explicit model ids 
The code is easier to read using higher-level concepts.
 2017-10-22 21:58:09 +01:00
Tom Hughes
8dae890a76 Fix rubocop warnings 2017-10-05 19:18:38 +01:00
Tom Hughes
24fc94944b Change user forms to use current user instead of @user 2017-07-27 19:40:20 +01:00
Tom Hughes
555a821c3e Merge remote-tracking branch 'upstream/pull/1595' 2017-07-27 19:18:31 +01:00
Andy Allan
41000078b9 Convert remaining controller code to use current_user 
The `self.current_user` is important when assigning to the current user,
to avoid creating a local variable called `current_user`
 2017-07-27 10:07:51 +01:00
Tom Hughes
4874219ab8 Mark account suspended flash message as HTML safe 
Fixes #1590
 2017-07-19 00:31:03 +01:00
Tom Hughes
3893fd72a9 Fix some tests for changes in rails 5 2017-06-27 08:26:44 +01:00
Tom Hughes
d85621c7ae Replace deprecated ActiveModel::Errors get/set methods 2017-06-05 22:41:23 +01:00
Tom Hughes
d4df87c1e1 Replace deprecated env method with request.env 2017-06-05 22:38:27 +01:00
Tom Hughes
80d27a7fae Sanitise parameters used in URL generation 2017-06-02 20:27:07 +01:00
Tom Hughes
ff97501ed0 Remove all use of the :text option to render 
It doesn't actually do what it says, as it sets the content type
to text/html not text/plain so is just confusing and as a result
has been deprecated in newer rails versions.
 2017-06-02 19:12:05 +01:00
Tom Hughes
9b89d4eefe Remove conditions from delete_all 
Passing conditions directory to delete_all is deprecated
in rails 5.0 so use a separate where instead.
 2017-06-02 16:33:48 +01:00
Tom Hughes
5b33f3f8e3 Fix rubocop warnings 2017-06-02 00:08:30 +01:00
Tom Hughes
e17b89e89f Fix rubocop warnings 2016-10-20 22:35:51 +01:00
Andy Allan
41e05f0929 Remove unnecessary controller references from the redirect hashes. 
Rails redirect_to uses the current controller by default, so there
is no need to re-iterate this in the code when the redirect targets
the current controller.

The short-form is already used elsewhere, this just tidies up those
which were still using the long-form.
 2016-10-12 14:32:49 +01:00
Tom Hughes
b72bc8bf30 Improve code readability 2016-08-19 12:31:45 +01:00
Simon Poole
c6fe828286 Fix rubocop warnings 2016-08-19 09:31:47 +02:00
Simon Poole
0837205d02 Merge message when Gravatar status has changed with email confirmation 
Merge message when Gravatar status has changed with email confirmation and make messages more verbose and friendly.
 2016-08-19 08:59:40 +02:00
Simon Poole
90b7101cc3 Add tests for change of gravatar use depending on email 2016-08-16 22:09:11 +02:00
Simon Poole
05cd781b25 Remove default enabling of gravatar, check on initial confirmation of e-mail address and on any changes afterward if 
a gravatar exists and enable then if the user hasn't uploaded a picture.
 2016-08-16 21:42:02 +02:00
Tom Hughes
13c2ac5cdb Reorder auth_success handlers 
Only treat auth_success as a possible login attempt if we're not
in the middle of validating a new user, or a change to a user.

Also validate the uniqueness of external auth credentials at the
rails level rather than just at the database level, and make sure
any errors are properly reported.

Fixes #1265
 2016-08-14 18:30:13 +01:00
Tom Hughes
6be39fca2f Make support email address configurable 2016-03-20 18:58:50 +00:00
Tom Hughes
f0fa701563 Treeat user as logged in after a password reset 
Fixes #1160
 2016-02-26 16:30:32 +00:00
Tom Hughes
480c17be58 Preserve username and "remember me" when login fails 
Fixes #1159
 2016-02-26 15:32:40 +00:00
Tom Hughes
5d3ecffa28 Fix new rubocop warnings 2016-02-05 13:35:26 +00:00
Tom Hughes
8fe1899596 Fix rubocop warnings 2016-01-19 09:51:24 +00:00
Tom Hughes
67f3658431 Preserve URL fragments through external authentication 
Fixes #1102
 2015-12-12 16:08:09 +00:00
Ilya Zverev
988ee11fe4 Facebook emails are verified 
Per https://developers.facebook.com/docs/graph-api/reference/user the
offical description of the email field is:

> The person's primary email address listed on their profile. This
> field will not be returned if no valid email address is available

Therefore we can treat the fact that the email is returned as proof
that it has been verified.
 2015-12-07 14:23:23 +00:00
Tom Hughes
d218d5bf7d Fix display of raw HTML in flash message 
Fixes #1095
 2015-11-30 08:56:26 +00:00
Tom Hughes
e479a8297c Mark some flash messages as html safe 2015-08-27 20:43:50 +01:00
Tom Hughes
c9d35839be Fix new rubocopy warnings 2015-08-18 20:57:14 +01:00
Tom Hughes
629ae62b73 Require a valid session token to resend a confirmation 
Make user#confirm_resend require a valid token in the session
that matches the requested user, and ensure trying to login as
an unconfirmed user sets such a token.

Fixes #1010
 2015-07-20 21:32:34 +01:00
Tom Hughes
9fdea1c739 Temporary fix to avoid showing emails 2015-07-20 15:07:18 +01:00
Tom Hughes
dd4e766788 Redirect to the login page if auth failure has no origin 2015-04-16 11:16:18 +01:00
Tom Hughes
2111ace158 Prefer username/password to openid_url if both are set 2015-04-16 11:14:57 +01:00
Tom Hughes
eeb9866d50 Add support for Google OAuth2 authentication 
This replaces OpenID authentication, which is going away soon, but
provides an upgrade path where we can migrate users that already have
a Google OpenID setup to the new system transparently.
 2015-04-14 10:08:07 +01:00
Tom Hughes
2af0840ff3 Fix style issues found by new rubocop version 2015-04-14 09:38:24 +01:00
Tom Hughes
f8de0c1811 Ever more tests... 2015-03-08 16:47:35 +00:00
Tom Hughes
15b550182c Yet more tests... 2015-03-02 21:20:01 +00:00