cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
13965 commits 4 branches 1 tag 499 MiB
Commit graph

2039 commits

Author SHA1 Message Date
Tom Hughes
477f700cfa Logout while testing OAuth 1 token usage 
This ensures we're not accidentally inheriting any session permissions.
 2023-08-25 09:44:25 +01:00
Tom Hughes
b9f9c0f3cc Separate authenticating user from application owner in OAuth 1 tests 2023-08-25 08:51:41 +01:00
Tom Hughes
7054cea48e Merge remote-tracking branch 'upstream/pull/4190' 2023-08-20 18:49:32 +01:00
Tom Hughes
2a1689f962 Merge remote-tracking branch 'upstream/pull/4169' 2023-08-20 11:04:28 +01:00
Milan Cvetkovic
ad164d384e Change provider name to "microsoft" 2023-08-20 10:19:30 +01:00
Milan Cvetkovic
b3e13eb752 Update tests for microsoft_graph endpoints 2023-08-20 10:17:42 +01:00
Anton Khorev
0bd5838f51 Respond with plaintext when user not found in changeset query 
The response used to be of type xml with empty body, which is not valid xml.
 2023-08-19 20:26:13 +03:00
Anton Khorev
3f6e344e6a Expose note query limit values in api capabilities 2023-08-19 05:40:34 +03:00
Anton Khorev
a654071beb Add missing changeset query limit capabilities test 2023-08-19 05:40:05 +03:00
Anton Khorev
df60444d05 Use max note query limit setting in tests 2023-08-19 05:23:42 +03:00
Anton Khorev
5bdaf0b73b Add JSON output to /api/versions 2023-08-18 05:16:39 +03:00
Tom Hughes
54164f6cc6 Merge remote-tracking branch 'upstream/pull/4171' 2023-08-17 19:07:37 +01:00
Milan Cvetkovic
7428da74c2 Use omniauth-microsoft_graph instead of omniauth-windowslive 
Omniauth-microsoft_graph correctly populates 'email' and 'name' fields used by OpenStreetMap.
It also  uses updated endpoints for Microsoft identity provider.

Use email address returned by microsoft_graph provider as a verified address.

Upgrading exisiting users from windowslive to microsoft_graph:
 - upon next login existing `windowslive` users will have to authorizei
   OpenStreetMap application to "Read Your Profile," required for proper reading
   of display name field.

The name of the identity provider in OSM is kept to 'windowslive':
 - the entries in users table with `provider == 'windowslive'`
   can be reused for microsoft_graph provider, since
   the uid field is preserved. Users will not need to repeat the sign up process.
 - OAuth2 callback is still `/auth/windowslive`, no updates to Microsoft Identity Provider portal
   App registration are necessary.
 2023-08-17 13:01:15 +00:00
Tom Hughes
6982903ae7 Fix predicate method names in the user model 2023-08-15 18:53:14 +01:00
Anton Khorev
1e8cd9bedd Add tests for changeset order + from..to queries 2023-08-15 19:29:05 +03:00
Tom Hughes
e2cb2327f9 Merge remote-tracking branch 'upstream/pull/4144' 2023-08-13 10:50:33 +01:00
Tom Hughes
a1798fe6fb Merge remote-tracking branch 'upstream/pull/4159' 2023-08-13 10:38:58 +01:00
Tom Hughes
3539328d1c Check that the /api/0.6/capabilities.json route is recognised 2023-08-13 10:33:43 +01:00
Tom Hughes
6d74aa2873 Merge remote-tracking branch 'upstream/pull/4158' 2023-08-13 10:00:29 +01:00
Anton Khorev
8c42c39a67 Use Settings.generator string in tests 2023-08-12 19:07:36 +03:00
Anton Khorev
24d6b3c55f Add JSON output to /api/0.6/capabilities 2023-08-12 06:00:46 +03:00
Anton Khorev
0abab48f5d Add order parameter to changeset query api entry point 2023-08-12 03:57:48 +03:00
Anton Khorev
abdce62a03 Add ordered changeset test method 2023-08-12 03:40:52 +03:00
Anton Khorev
41f8607810 Use article html elements for diary posts 2023-08-12 01:40:34 +03:00
Anton Khorev
113c32f65e Remove custom css for OpenID logo 2023-08-10 19:43:54 +03:00
Anton Khorev
665bde6ccd Use max changeset query limit setting in tests 2023-08-08 03:43:35 +03:00
Andy Allan
aceef47cd8
Merge pull request #4106 from tomhughes/diary-paging 
Replace page numbers with ID based selection for diary indexes
 2023-08-02 16:57:26 +01:00
Andy Allan
a56cdd547e
Merge pull request #4125 from tomhughes/oauth-scopes 
Only show granted permissions in the authorized application list
 2023-08-02 15:52:41 +01:00
Andy Allan
9619e699e1
Merge pull request #4107 from tomhughes/diary-visibility 
Allow administrators to see deleted diary entries
 2023-08-02 14:47:05 +01:00
Tom Hughes
c376962c9c Only show granted permissions in the authorized application list 
Fixes #4124
 2023-07-30 20:35:13 +01:00
Tom Hughes
f29ba01eb9 Replace page numbers with ID based selection for diary indexes 2023-07-27 20:37:07 +01:00
Tom Hughes
b57ed0bf23 Improve testing of paged access to trace lists 2023-07-27 20:30:15 +01:00
Tom Hughes
7fb984f915 Allow moderator to unhide diary entries as well as hide them 2023-07-27 18:07:35 +01:00
Tom Hughes
6651d713d7 Allow administrators to see deleted diary entries 2023-07-27 18:03:58 +01:00
Andy Allan
925d12cc81
Merge pull request #3933 from AntonKhorev/api-changesets-limit 
Add limit parameter to api changesets query
 2023-07-26 16:45:00 +01:00
Tom Hughes
c909b29c35 Replace page numbers with ID based selection for trace indexes 2023-07-23 19:28:37 +01:00
Tom Hughes
ba3d3269e3 Fix new rubocop warnings 2023-07-18 18:27:06 +01:00
Tom Hughes
62c68b9f20 Merge remote-tracking branch 'upstream/pull/4077' 2023-07-05 15:10:12 +01:00
Andy Allan
d58cae6ff6 Avoid using the zero key for pluralisation in English 
This makes it impossible to translate to other languages that use the
`zero:` key, e.g. for other numbers that end in zero.

An alternative approach would be possible in future, when ruby-i18n
and rails and translatewiki all have full support for `0:` and `1:` keys.

Fixes #3997
 2023-07-05 14:47:39 +01:00
Andy Allan
22c137cc0c Expand raw html checks to all translation files 
This closes a potential security issue, where unreviewed html could
be added via translation files.
 2023-07-05 13:47:12 +01:00
Tom Hughes
0254f7ee09 Fix confirmation prompt when granting or revoking roles 2023-07-01 15:21:02 +01:00
Tom Hughes
772e480766 Merge remote-tracking branch 'upstream/pull/4063' 2023-06-14 17:08:59 +01:00
Andy Allan
73e0c4ed21 Use Time.utc for consistency with other tests 
This also allows times to be created in short form, e.g. Time.utc(2020)
 2023-06-14 16:46:27 +01:00
Andy Allan
2f7642aa03 Fix test to work in non-UK timezones 
Time.new(...).utc is not the same as Time.utc(...). The
first creates a given date in local time, and then converts that to
utc, whereas the second creates the given time in UTC.
 2023-06-14 16:46:06 +01:00
Andy Allan
e9e4b10473
Merge pull request #3907 from Dimitar5555/patch-1 
Facelift `offline.html` and use Bootstrap classes for "notifications" under the search bar
 2023-06-14 14:08:38 +01:00
Tom Hughes
52296d1cad Add rubocop-factory_bot and fix warnings 2023-05-16 18:44:14 +01:00
Andy Allan
387d130e87 Add some validations for i18n values 
These only apply to the en.yml file for now, but can be expanded
in due course.
 2023-04-12 13:58:55 +01:00
Andy Allan
fad3aedbbb Rework note events to avoid raw html in translations 2023-04-02 10:22:30 +01:00
Andy Allan
4ac0c9c1e8 Rework browse pages to avoid raw html in translations 2023-03-29 18:52:45 +01:00
Dimitar
318064b2a7 Facelift offline.html and use Bootstrap classes for "notifications" 
Update site_controller_test.rb

Update site_controller_test.rb

Remove whitespace

Reset Settings.status after test is done

Update test for offline page

Update site_controller.rb

Fix indentation

Update offline controller

Update offline.html.erb

Remove flash CSS classes and fix missed tests

Updated tests

Address most PR comments

Update _flash.html.erb

Update _flash.html.erb

Update edit.html.erb

Update offline.html.erb
 2023-03-26 13:57:51 +03:00